From 7c229742d39b667b5efa886bd92f486c66f94219 Mon Sep 17 00:00:00 2001 From: Petenerd Date: Fri, 4 Mar 2022 12:24:23 -0500 Subject: [PATCH 001/785] Update install.mdx missing a quote escape --- website/content/docs/ecs/manual/install.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/content/docs/ecs/manual/install.mdx b/website/content/docs/ecs/manual/install.mdx index 88403851e..1f6f5239f 100644 --- a/website/content/docs/ecs/manual/install.mdx +++ b/website/content/docs/ecs/manual/install.mdx @@ -229,7 +229,7 @@ Each task must include a Consul client container in order for the task to join y ], "entryPoint": ["/bin/sh", "-ec"], "command": [ - "cp /bin/consul /bin/consul-inject/consul\n\nECS_IPV4=$(curl -s $ECS_CONTAINER_METADATA_URI_V4 | jq -r '.Networks[0].IPv4Addresses[0]')\n\n\ncat << EOF > /consul/agent-defaults.hcl\naddresses = {\n dns = \"127.0.0.1\"\n grpc = \"127.0.0.1\"\n http = \"127.0.0.1\"\n}\nadvertise_addr = \"$ECS_IPV4\"\nadvertise_reconnect_timeout = \"15m\"\nclient_addr = \"0.0.0.0\"\ndatacenter = \"dc1\"\nenable_central_service_config = true\nleave_on_terminate = true\nports {\n grpc = 8502\n}\nretry_join = [\n \"",\n]\ntelemetry {\n disable_compat_1.9 = true\n}\n\nEOF\n\ncat << EOF > /consul/agent-extra.hcl\naddresses = {\n dns = \"0.0.0.0\"\n}\nlog_level = \"debug\"\n\nEOF\n\nexec consul agent \\\n -data-dir /consul/data \\\n -config-file /consul/agent-defaults.hcl \\\n -config-file /consul/agent-extra.hcl\n" + "cp /bin/consul /bin/consul-inject/consul\n\nECS_IPV4=$(curl -s $ECS_CONTAINER_METADATA_URI_V4 | jq -r '.Networks[0].IPv4Addresses[0]')\n\n\ncat << EOF > /consul/agent-defaults.hcl\naddresses = {\n dns = \"127.0.0.1\"\n grpc = \"127.0.0.1\"\n http = \"127.0.0.1\"\n}\nadvertise_addr = \"$ECS_IPV4\"\nadvertise_reconnect_timeout = \"15m\"\nclient_addr = \"0.0.0.0\"\ndatacenter = \"dc1\"\nenable_central_service_config = true\nleave_on_terminate = true\nports {\n grpc = 8502\n}\nretry_join = [\n \"\",\n]\ntelemetry {\n disable_compat_1.9 = true\n}\n\nEOF\n\ncat << EOF > /consul/agent-extra.hcl\naddresses = {\n dns = \"0.0.0.0\"\n}\nlog_level = \"debug\"\n\nEOF\n\nexec consul agent \\\n -data-dir /consul/data \\\n -config-file /consul/agent-defaults.hcl \\\n -config-file /consul/agent-extra.hcl\n" ] } ] From 5cb24b9bf84c5b68d1d01c6ddf6b5fbf3ecba426 Mon Sep 17 00:00:00 2001 From: Dhia Ayachi Date: Tue, 22 Mar 2022 16:30:00 -0400 Subject: [PATCH 002/785] split `pbcommon` to `pbcommon` and `pbcommongogo` (#12587) * mogify needed pbcommon structs * mogify needed pbconnect structs * fix compilation errors and make config_translate_test pass * add missing file * remove redundant oss func declaration * fix EnterpriseMeta to copy the right data for enterprise * rename pbcommon package to pbcommongogo * regenerate proto and mog files * add missing mog files * add pbcommon package * pbcommon no mog * fix enterprise meta code generation * fix enterprise meta code generation (pbcommongogo) * fix mog generation for gogo * use `protoc-go-inject-tag` to inject tags * rename proto package * pbcommon no mog * use `protoc-go-inject-tag` to inject tags * add non gogo proto to make file * fix proto get --- GNUmakefile | 5 +- agent/auto-config/config_translate_test.go | 2 +- agent/connect/testing_ca.go | 1 + .../services/subscribe/subscribe_test.go | 28 +- agent/http.go | 4 +- agent/rpcclient/health/view_test.go | 10 +- agent/structs/protobuf_compat.go | 62 +- agent/structs/structs.go | 43 + agent/submatview/store_test.go | 12 +- agent/submatview/streaming_test.go | 8 +- build-support/scripts/proto-gen-entry.sh | 11 + build-support/scripts/proto-gen-no-gogo.sh | 142 ++ proto/pbcommon/common.gen.go | 56 + proto/pbcommon/common.go | 187 +- proto/pbcommon/common.pb.go | 2017 +++------------- proto/pbcommon/common.proto | 49 +- proto/pbcommon/common_oss.go | 14 +- proto/pbcommongogo/common.gen.go | 70 + proto/pbcommongogo/common.go | 303 +++ proto/pbcommongogo/common.pb.binary.go | 78 + proto/pbcommongogo/common.pb.go | 2036 +++++++++++++++++ proto/pbcommongogo/common.proto | 182 ++ proto/pbcommongogo/common_oss.go | 25 + proto/pbconnect/connect.gen.go | 116 + proto/pbconnect/connect.go | 229 +- proto/pbconnect/connect.pb.go | 165 +- proto/pbconnect/connect.proto | 41 +- proto/pbservice/convert.go | 8 +- proto/pbservice/convert_oss.go | 8 +- proto/pbservice/healthcheck.pb.go | 146 +- proto/pbservice/healthcheck.proto | 6 +- proto/pbservice/ids_test.go | 6 +- proto/pbservice/node.pb.go | 104 +- proto/pbservice/node.proto | 8 +- proto/pbservice/service.pb.go | 158 +- proto/pbservice/service.proto | 4 +- 36 files changed, 3879 insertions(+), 2465 deletions(-) create mode 100644 build-support/scripts/proto-gen-entry.sh create mode 100755 build-support/scripts/proto-gen-no-gogo.sh create mode 100644 proto/pbcommon/common.gen.go create mode 100644 proto/pbcommongogo/common.gen.go create mode 100644 proto/pbcommongogo/common.go create mode 100644 proto/pbcommongogo/common.pb.binary.go create mode 100644 proto/pbcommongogo/common.pb.go create mode 100644 proto/pbcommongogo/common.proto create mode 100644 proto/pbcommongogo/common_oss.go create mode 100644 proto/pbconnect/connect.gen.go diff --git a/GNUmakefile b/GNUmakefile index 7737f978d..578e826c5 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -12,7 +12,8 @@ GOTOOLS = \ github.com/hashicorp/protoc-gen-go-binary@master \ github.com/vektra/mockery/cmd/mockery@master \ github.com/golangci/golangci-lint/cmd/golangci-lint@v1.40.1 \ - github.com/hashicorp/lint-consul-retry@master + github.com/hashicorp/lint-consul-retry@master \ + github.com/favadi/protoc-go-inject-tag@v1.3.0 GOTAGS ?= GOPATH=$(shell go env GOPATH) @@ -346,7 +347,7 @@ proto: $(PROTOGOFILES) $(PROTOGOBINFILES) %.pb.go %.pb.binary.go: %.proto - @$(SHELL) $(CURDIR)/build-support/scripts/proto-gen.sh --grpc --import-replace "$<" + @$(SHELL) $(CURDIR)/build-support/scripts/proto-gen-entry.sh --grpc --import-replace "$<" .PHONY: module-versions # Print a list of modules which can be updated. diff --git a/agent/auto-config/config_translate_test.go b/agent/auto-config/config_translate_test.go index c60b84a9c..ed605672d 100644 --- a/agent/auto-config/config_translate_test.go +++ b/agent/auto-config/config_translate_test.go @@ -38,7 +38,7 @@ func mustTranslateCARootsToProtobuf(t *testing.T, in *structs.IndexedCARoots) *p } func mustTranslateIssuedCertToProtobuf(t *testing.T, in *structs.IssuedCert) *pbconnect.IssuedCert { - out, err := pbconnect.NewIssuedCertFromStructs(in) + var out, err = pbconnect.NewIssuedCertFromStructs(in) require.NoError(t, err) return out } diff --git a/agent/connect/testing_ca.go b/agent/connect/testing_ca.go index 1bbfdc18c..16ffb6536 100644 --- a/agent/connect/testing_ca.go +++ b/agent/connect/testing_ca.go @@ -118,6 +118,7 @@ func testCA(t testing.T, xc *structs.CARoot, keyType string, keyBits int, ttl ti result.NotAfter = template.NotAfter.UTC() result.PrivateKeyType = keyType result.PrivateKeyBits = keyBits + result.IntermediateCerts = []string{} // If there is a prior CA to cross-sign with, then we need to create that // and set it as the signing cert. diff --git a/agent/grpc/private/services/subscribe/subscribe_test.go b/agent/grpc/private/services/subscribe/subscribe_test.go index b11438d7e..a084b6f55 100644 --- a/agent/grpc/private/services/subscribe/subscribe_test.go +++ b/agent/grpc/private/services/subscribe/subscribe_test.go @@ -24,7 +24,7 @@ import ( grpc "github.com/hashicorp/consul/agent/grpc/private" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" - "github.com/hashicorp/consul/proto/pbcommon" + "github.com/hashicorp/consul/proto/pbcommongogo" "github.com/hashicorp/consul/proto/pbservice" "github.com/hashicorp/consul/proto/pbsubscribe" "github.com/hashicorp/consul/types" @@ -122,7 +122,7 @@ func TestServer_Subscribe_IntegrationWithBackend(t *testing.T) { streamHandle, err := streamClient.Subscribe(ctx, &pbsubscribe.SubscribeRequest{ Topic: pbsubscribe.Topic_ServiceHealth, Key: "redis", - Namespace: pbcommon.DefaultEnterpriseMeta.Namespace, + Namespace: pbcommongogo.DefaultEnterpriseMeta.Namespace, }) require.NoError(t, err) @@ -159,7 +159,7 @@ func TestServer_Subscribe_IntegrationWithBackend(t *testing.T) { Expose: pbservice.ExposeConfig{}, }, RaftIndex: raftIndex(ids, "reg2", "reg2"), - EnterpriseMeta: pbcommon.DefaultEnterpriseMeta, + EnterpriseMeta: pbcommongogo.DefaultEnterpriseMeta, }, }, }, @@ -190,7 +190,7 @@ func TestServer_Subscribe_IntegrationWithBackend(t *testing.T) { Expose: pbservice.ExposeConfig{}, }, RaftIndex: raftIndex(ids, "reg3", "reg3"), - EnterpriseMeta: pbcommon.DefaultEnterpriseMeta, + EnterpriseMeta: pbcommongogo.DefaultEnterpriseMeta, }, }, }, @@ -240,7 +240,7 @@ func TestServer_Subscribe_IntegrationWithBackend(t *testing.T) { Expose: pbservice.ExposeConfig{}, }, RaftIndex: raftIndex(ids, "reg3", "reg3"), - EnterpriseMeta: pbcommon.DefaultEnterpriseMeta, + EnterpriseMeta: pbcommongogo.DefaultEnterpriseMeta, }, Checks: []*pbservice.HealthCheck{ { @@ -251,7 +251,7 @@ func TestServer_Subscribe_IntegrationWithBackend(t *testing.T) { ServiceID: "redis1", ServiceName: "redis", RaftIndex: raftIndex(ids, "update", "update"), - EnterpriseMeta: pbcommon.DefaultEnterpriseMeta, + EnterpriseMeta: pbcommongogo.DefaultEnterpriseMeta, }, }, }, @@ -395,8 +395,8 @@ func newCounter() *counter { return &counter{labels: make(map[string]uint64)} } -func raftIndex(ids *counter, created, modified string) pbcommon.RaftIndex { - return pbcommon.RaftIndex{ +func raftIndex(ids *counter, created, modified string) pbcommongogo.RaftIndex { + return pbcommongogo.RaftIndex{ CreateIndex: ids.For(created), ModifyIndex: ids.For(modified), } @@ -475,7 +475,7 @@ func TestServer_Subscribe_IntegrationWithBackend_ForwardToDC(t *testing.T) { Topic: pbsubscribe.Topic_ServiceHealth, Key: "redis", Datacenter: "dc2", - Namespace: pbcommon.DefaultEnterpriseMeta.Namespace, + Namespace: pbcommongogo.DefaultEnterpriseMeta.Namespace, }) require.NoError(t, err) go recvEvents(chEvents, streamHandle) @@ -511,7 +511,7 @@ func TestServer_Subscribe_IntegrationWithBackend_ForwardToDC(t *testing.T) { MeshGateway: pbservice.MeshGatewayConfig{}, Expose: pbservice.ExposeConfig{}, }, - EnterpriseMeta: pbcommon.DefaultEnterpriseMeta, + EnterpriseMeta: pbcommongogo.DefaultEnterpriseMeta, RaftIndex: raftIndex(ids, "reg2", "reg2"), }, }, @@ -542,7 +542,7 @@ func TestServer_Subscribe_IntegrationWithBackend_ForwardToDC(t *testing.T) { MeshGateway: pbservice.MeshGatewayConfig{}, Expose: pbservice.ExposeConfig{}, }, - EnterpriseMeta: pbcommon.DefaultEnterpriseMeta, + EnterpriseMeta: pbcommongogo.DefaultEnterpriseMeta, RaftIndex: raftIndex(ids, "reg3", "reg3"), }, }, @@ -593,7 +593,7 @@ func TestServer_Subscribe_IntegrationWithBackend_ForwardToDC(t *testing.T) { MeshGateway: pbservice.MeshGatewayConfig{}, Expose: pbservice.ExposeConfig{}, }, - EnterpriseMeta: pbcommon.DefaultEnterpriseMeta, + EnterpriseMeta: pbcommongogo.DefaultEnterpriseMeta, }, Checks: []*pbservice.HealthCheck{ { @@ -604,7 +604,7 @@ func TestServer_Subscribe_IntegrationWithBackend_ForwardToDC(t *testing.T) { ServiceID: "redis1", ServiceName: "redis", RaftIndex: raftIndex(ids, "update", "update"), - EnterpriseMeta: pbcommon.DefaultEnterpriseMeta, + EnterpriseMeta: pbcommongogo.DefaultEnterpriseMeta, }, }, }, @@ -720,7 +720,7 @@ node "node1" { Topic: pbsubscribe.Topic_ServiceHealth, Key: "foo", Token: token, - Namespace: pbcommon.DefaultEnterpriseMeta.Namespace, + Namespace: pbcommongogo.DefaultEnterpriseMeta.Namespace, }) require.NoError(t, err) diff --git a/agent/http.go b/agent/http.go index e899d2420..90885bc3f 100644 --- a/agent/http.go +++ b/agent/http.go @@ -31,7 +31,7 @@ import ( "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/lib" "github.com/hashicorp/consul/logging" - "github.com/hashicorp/consul/proto/pbcommon" + "github.com/hashicorp/consul/proto/pbcommongogo" ) var HTTPSummaries = []prometheus.SummaryDefinition{ @@ -981,7 +981,7 @@ func (s *HTTPHandlers) parseConsistency(resp http.ResponseWriter, req *http.Requ } // parseConsistencyReadRequest is used to parse the ?consistent query param. -func parseConsistencyReadRequest(resp http.ResponseWriter, req *http.Request, b *pbcommon.ReadRequest) { +func parseConsistencyReadRequest(resp http.ResponseWriter, req *http.Request, b *pbcommongogo.ReadRequest) { query := req.URL.Query() if _, ok := query["consistent"]; ok { b.RequireConsistent = true diff --git a/agent/rpcclient/health/view_test.go b/agent/rpcclient/health/view_test.go index 841669858..bc5795c05 100644 --- a/agent/rpcclient/health/view_test.go +++ b/agent/rpcclient/health/view_test.go @@ -17,7 +17,7 @@ import ( "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/agent/submatview" - "github.com/hashicorp/consul/proto/pbcommon" + "github.com/hashicorp/consul/proto/pbcommongogo" "github.com/hashicorp/consul/proto/pbservice" "github.com/hashicorp/consul/proto/pbsubscribe" "github.com/hashicorp/consul/types" @@ -74,7 +74,7 @@ func TestHealthView_IntegrationWithStore_WithEmptySnapshot(t *testing.T) { t.Skip("too slow for testing.Short") } - namespace := getNamespace(pbcommon.DefaultEnterpriseMeta.Namespace) + namespace := getNamespace(pbcommongogo.DefaultEnterpriseMeta.Namespace) streamClient := newStreamClient(validateNamespace(namespace)) ctx, cancel := context.WithCancel(context.Background()) @@ -572,7 +572,7 @@ func newEventServiceHealthRegister(index uint64, nodeNum int, svc string) *pbsub Node: node, Address: addr, Datacenter: "dc1", - RaftIndex: pbcommon.RaftIndex{ + RaftIndex: pbcommongogo.RaftIndex{ CreateIndex: index, ModifyIndex: index, }, @@ -581,7 +581,7 @@ func newEventServiceHealthRegister(index uint64, nodeNum int, svc string) *pbsub ID: svc, Service: svc, Port: 8080, - RaftIndex: pbcommon.RaftIndex{ + RaftIndex: pbcommongogo.RaftIndex{ CreateIndex: index, ModifyIndex: index, }, @@ -612,7 +612,7 @@ func newEventServiceHealthDeregister(index uint64, nodeNum int, svc string) *pbs Passing: 1, Warning: 1, }, - RaftIndex: pbcommon.RaftIndex{ + RaftIndex: pbcommongogo.RaftIndex{ // The original insertion index since a delete doesn't update // this. This magic value came from state store tests where we // setup at index 10 and then mutate at index 100. It can be diff --git a/agent/structs/protobuf_compat.go b/agent/structs/protobuf_compat.go index 1517b03cf..93358e8e3 100644 --- a/agent/structs/protobuf_compat.go +++ b/agent/structs/protobuf_compat.go @@ -5,7 +5,7 @@ import ( ) // QueryOptionsCompat is the interface that both the structs.QueryOptions -// and the proto/pbcommon.QueryOptions structs need to implement so that they +// and the proto/pbcommongogo.QueryOptions structs need to implement so that they // can be operated on interchangeably type QueryOptionsCompat interface { GetToken() string @@ -33,7 +33,7 @@ type QueryOptionsCompat interface { } // QueryMetaCompat is the interface that both the structs.QueryMeta -// and the proto/pbcommon.QueryMeta structs need to implement so that they +// and the proto/pbcommongogo.QueryMeta structs need to implement so that they // can be operated on interchangeably type QueryMetaCompat interface { GetLastContact() (time.Duration, error) @@ -50,7 +50,7 @@ type QueryMetaCompat interface { } // GetToken helps implement the QueryOptionsCompat interface -// Copied from proto/pbcommon/common.pb.go +// Copied from proto/pbcommongogo/common.pb.go func (m *QueryOptions) GetToken() string { if m != nil { return m.Token @@ -59,7 +59,7 @@ func (m *QueryOptions) GetToken() string { } // GetMinQueryIndex helps implement the QueryOptionsCompat interface -// Copied from proto/pbcommon/common.pb.go +// Copied from proto/pbcommongogo/common.pb.go func (m *QueryOptions) GetMinQueryIndex() uint64 { if m != nil { return m.MinQueryIndex @@ -68,7 +68,7 @@ func (m *QueryOptions) GetMinQueryIndex() uint64 { } // GetMaxQueryTime helps implement the QueryOptionsCompat interface -// Copied from proto/pbcommon/common.pb.go +// Copied from proto/pbcommongogo/common.pb.go func (m *QueryOptions) GetMaxQueryTime() (time.Duration, error) { if m != nil { return m.MaxQueryTime, nil @@ -77,7 +77,7 @@ func (m *QueryOptions) GetMaxQueryTime() (time.Duration, error) { } // GetAllowStale helps implement the QueryOptionsCompat interface -// Copied from proto/pbcommon/common.pb.go +// Copied from proto/pbcommongogo/common.pb.go func (m *QueryOptions) GetAllowStale() bool { if m != nil { return m.AllowStale @@ -86,7 +86,7 @@ func (m *QueryOptions) GetAllowStale() bool { } // GetRequireConsistent helps implement the QueryOptionsCompat interface -// Copied from proto/pbcommon/common.pb.go +// Copied from proto/pbcommongogo/common.pb.go func (m *QueryOptions) GetRequireConsistent() bool { if m != nil { return m.RequireConsistent @@ -95,7 +95,7 @@ func (m *QueryOptions) GetRequireConsistent() bool { } // GetUseCache helps implement the QueryOptionsCompat interface -// Copied from proto/pbcommon/common.pb.go +// Copied from proto/pbcommongogo/common.pb.go func (m *QueryOptions) GetUseCache() bool { if m != nil { return m.UseCache @@ -104,7 +104,7 @@ func (m *QueryOptions) GetUseCache() bool { } // GetMaxStaleDuration helps implement the QueryOptionsCompat interface -// Copied from proto/pbcommon/common.pb.go +// Copied from proto/pbcommongogo/common.pb.go func (m *QueryOptions) GetMaxStaleDuration() (time.Duration, error) { if m != nil { return m.MaxStaleDuration, nil @@ -113,7 +113,7 @@ func (m *QueryOptions) GetMaxStaleDuration() (time.Duration, error) { } // GetMaxAge helps implement the QueryOptionsCompat interface -// Copied from proto/pbcommon/common.pb.go +// Copied from proto/pbcommongogo/common.pb.go func (m *QueryOptions) GetMaxAge() (time.Duration, error) { if m != nil { return m.MaxAge, nil @@ -122,7 +122,7 @@ func (m *QueryOptions) GetMaxAge() (time.Duration, error) { } // GetMustRevalidate helps implement the QueryOptionsCompat interface -// Copied from proto/pbcommon/common.pb.go +// Copied from proto/pbcommongogo/common.pb.go func (m *QueryOptions) GetMustRevalidate() bool { if m != nil { return m.MustRevalidate @@ -131,7 +131,7 @@ func (m *QueryOptions) GetMustRevalidate() bool { } // GetStaleIfError helps implement the QueryOptionsCompat interface -// Copied from proto/pbcommon/common.pb.go +// Copied from proto/pbcommongogo/common.pb.go func (m *QueryOptions) GetStaleIfError() (time.Duration, error) { if m != nil { return m.StaleIfError, nil @@ -140,7 +140,7 @@ func (m *QueryOptions) GetStaleIfError() (time.Duration, error) { } // GetFilter helps implement the QueryOptionsCompat interface -// Copied from proto/pbcommon/common.pb.go +// Copied from proto/pbcommongogo/common.pb.go func (m *QueryOptions) GetFilter() string { if m != nil { return m.Filter @@ -149,67 +149,67 @@ func (m *QueryOptions) GetFilter() string { } // SetToken is needed to implement the structs.QueryOptionsCompat interface -// Copied from proto/pbcommon/common.go +// Copied from proto/pbcommongogo/common.go func (q *QueryOptions) SetToken(token string) { q.Token = token } // SetMinQueryIndex is needed to implement the structs.QueryOptionsCompat interface -// Copied from proto/pbcommon/common.go +// Copied from proto/pbcommongogo/common.go func (q *QueryOptions) SetMinQueryIndex(minQueryIndex uint64) { q.MinQueryIndex = minQueryIndex } // SetMaxQueryTime is needed to implement the structs.QueryOptionsCompat interface -// Copied from proto/pbcommon/common.go +// Copied from proto/pbcommongogo/common.go func (q *QueryOptions) SetMaxQueryTime(maxQueryTime time.Duration) { q.MaxQueryTime = maxQueryTime } // SetAllowStale is needed to implement the structs.QueryOptionsCompat interface -// Copied from proto/pbcommon/common.go +// Copied from proto/pbcommongogo/common.go func (q *QueryOptions) SetAllowStale(allowStale bool) { q.AllowStale = allowStale } // SetRequireConsistent is needed to implement the structs.QueryOptionsCompat interface -// Copied from proto/pbcommon/common.go +// Copied from proto/pbcommongogo/common.go func (q *QueryOptions) SetRequireConsistent(requireConsistent bool) { q.RequireConsistent = requireConsistent } // SetUseCache is needed to implement the structs.QueryOptionsCompat interface -// Copied from proto/pbcommon/common.go +// Copied from proto/pbcommongogo/common.go func (q *QueryOptions) SetUseCache(useCache bool) { q.UseCache = useCache } // SetMaxStaleDuration is needed to implement the structs.QueryOptionsCompat interface -// Copied from proto/pbcommon/common.go +// Copied from proto/pbcommongogo/common.go func (q *QueryOptions) SetMaxStaleDuration(maxStaleDuration time.Duration) { q.MaxStaleDuration = maxStaleDuration } // SetMaxAge is needed to implement the structs.QueryOptionsCompat interface -// Copied from proto/pbcommon/common.go +// Copied from proto/pbcommongogo/common.go func (q *QueryOptions) SetMaxAge(maxAge time.Duration) { q.MaxAge = maxAge } // SetMustRevalidate is needed to implement the structs.QueryOptionsCompat interface -// Copied from proto/pbcommon/common.go +// Copied from proto/pbcommongogo/common.go func (q *QueryOptions) SetMustRevalidate(mustRevalidate bool) { q.MustRevalidate = mustRevalidate } // SetStaleIfError is needed to implement the structs.QueryOptionsCompat interface -// Copied from proto/pbcommon/common.go +// Copied from proto/pbcommongogo/common.go func (q *QueryOptions) SetStaleIfError(staleIfError time.Duration) { q.StaleIfError = staleIfError } // SetFilter is needed to implement the structs.QueryOptionsCompat interface -// Copied from proto/pbcommon/common.go +// Copied from proto/pbcommongogo/common.go func (q *QueryOptions) SetFilter(filter string) { q.Filter = filter } @@ -223,7 +223,7 @@ func (m *QueryMeta) GetIndex() uint64 { } // GetLastContact helps implement the QueryMetaCompat interface -// Copied from proto/pbcommon/common.pb.go +// Copied from proto/pbcommongogo/common.pb.go func (m *QueryMeta) GetLastContact() (time.Duration, error) { if m != nil { return m.LastContact, nil @@ -232,7 +232,7 @@ func (m *QueryMeta) GetLastContact() (time.Duration, error) { } // GetKnownLeader helps implement the QueryMetaCompat interface -// Copied from proto/pbcommon/common.pb.go +// Copied from proto/pbcommongogo/common.pb.go func (m *QueryMeta) GetKnownLeader() bool { if m != nil { return m.KnownLeader @@ -241,7 +241,7 @@ func (m *QueryMeta) GetKnownLeader() bool { } // GetConsistencyLevel helps implement the QueryMetaCompat interface -// Copied from proto/pbcommon/common.pb.go +// Copied from proto/pbcommongogo/common.pb.go func (m *QueryMeta) GetConsistencyLevel() string { if m != nil { return m.ConsistencyLevel @@ -250,25 +250,25 @@ func (m *QueryMeta) GetConsistencyLevel() string { } // SetLastContact is needed to implement the structs.QueryMetaCompat interface -// Copied from proto/pbcommon/common.go +// Copied from proto/pbcommongogo/common.go func (q *QueryMeta) SetLastContact(lastContact time.Duration) { q.LastContact = lastContact } // SetKnownLeader is needed to implement the structs.QueryMetaCompat interface -// Copied from proto/pbcommon/common.go +// Copied from proto/pbcommongogo/common.go func (q *QueryMeta) SetKnownLeader(knownLeader bool) { q.KnownLeader = knownLeader } // SetIndex is needed to implement the structs.QueryMetaCompat interface -// Copied from proto/pbcommon/common.go +// Copied from proto/pbcommongogo/common.go func (q *QueryMeta) SetIndex(index uint64) { q.Index = index } // SetConsistencyLevel is needed to implement the structs.QueryMetaCompat interface -// Copied from proto/pbcommon/common.go +// Copied from proto/pbcommongogo/common.go func (q *QueryMeta) SetConsistencyLevel(consistencyLevel string) { q.ConsistencyLevel = consistencyLevel } diff --git a/agent/structs/structs.go b/agent/structs/structs.go index 9a6d69f47..9efd02c9b 100644 --- a/agent/structs/structs.go +++ b/agent/structs/structs.go @@ -6,6 +6,8 @@ import ( "crypto/sha256" "encoding/json" "fmt" + "github.com/golang/protobuf/ptypes/duration" + "github.com/golang/protobuf/ptypes/timestamp" "math/rand" "reflect" "regexp" @@ -19,6 +21,8 @@ import ( "github.com/hashicorp/serf/coordinate" "github.com/mitchellh/hashstructure" + gtype "github.com/gogo/protobuf/types" + ptypes "github.com/golang/protobuf/ptypes" "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/cache" "github.com/hashicorp/consul/api" @@ -2677,3 +2681,42 @@ func (m MessageType) String() string { return "Unknown(" + strconv.Itoa(int(m)) + ")" } + +func DurationToProtoGogo(d time.Duration) gtype.Duration { + return *gtype.DurationProto(d) +} + +func DurationFromProtoGogo(d gtype.Duration) time.Duration { + duration, _ := gtype.DurationFromProto(&d) + return duration +} + +func TimeFromProtoGogo(s *gtype.Timestamp) time.Time { + time, _ := gtype.TimestampFromProto(s) + return time +} + +func TimeToProtoGogo(s time.Time) *gtype.Timestamp { + proto, _ := gtype.TimestampProto(s) + return proto +} + +func DurationToProto(d time.Duration) *duration.Duration { + return ptypes.DurationProto(d) +} + +func DurationFromProto(d *duration.Duration) time.Duration { + ret, _ := ptypes.Duration(d) + return ret + +} + +func TimeFromProto(s *timestamp.Timestamp) time.Time { + ret, _ := ptypes.Timestamp(s) + return ret +} + +func TimeToProto(s time.Time) *timestamp.Timestamp { + ret, _ := ptypes.TimestampProto(s) + return ret +} diff --git a/agent/submatview/store_test.go b/agent/submatview/store_test.go index 93b04d1e8..2055cf911 100644 --- a/agent/submatview/store_test.go +++ b/agent/submatview/store_test.go @@ -11,7 +11,7 @@ import ( "github.com/hashicorp/consul/agent/cache" "github.com/hashicorp/consul/lib/ttlcache" - "github.com/hashicorp/consul/proto/pbcommon" + "github.com/hashicorp/consul/proto/pbcommongogo" "github.com/hashicorp/consul/proto/pbservice" "github.com/hashicorp/consul/proto/pbsubscribe" "github.com/hashicorp/consul/sdk/testutil/retry" @@ -25,7 +25,7 @@ func TestStore_Get(t *testing.T) { go store.Run(ctx) req := &fakeRequest{ - client: NewTestStreamingClient(pbcommon.DefaultEnterpriseMeta.Namespace), + client: NewTestStreamingClient(pbcommongogo.DefaultEnterpriseMeta.Namespace), } req.client.QueueEvents( newEndOfSnapshotEvent(2), @@ -232,7 +232,7 @@ func (r *fakeRequest) NewMaterializer() (*Materializer, error) { Token: "abcd", Datacenter: "dc1", Index: index, - Namespace: pbcommon.DefaultEnterpriseMeta.Namespace, + Namespace: pbcommongogo.DefaultEnterpriseMeta.Namespace, } return req }, @@ -292,7 +292,7 @@ func TestStore_Notify(t *testing.T) { go store.Run(ctx) req := &fakeRequest{ - client: NewTestStreamingClient(pbcommon.DefaultEnterpriseMeta.Namespace), + client: NewTestStreamingClient(pbcommongogo.DefaultEnterpriseMeta.Namespace), } req.client.QueueEvents( newEndOfSnapshotEvent(2), @@ -361,7 +361,7 @@ func TestStore_Notify_ManyRequests(t *testing.T) { go store.Run(ctx) req := &fakeRequest{ - client: NewTestStreamingClient(pbcommon.DefaultEnterpriseMeta.Namespace), + client: NewTestStreamingClient(pbcommongogo.DefaultEnterpriseMeta.Namespace), } req.client.QueueEvents(newEndOfSnapshotEvent(2)) @@ -473,7 +473,7 @@ func TestStore_Run_ExpiresEntries(t *testing.T) { go store.Run(ctx) req := &fakeRequest{ - client: NewTestStreamingClient(pbcommon.DefaultEnterpriseMeta.Namespace), + client: NewTestStreamingClient(pbcommongogo.DefaultEnterpriseMeta.Namespace), } req.client.QueueEvents(newEndOfSnapshotEvent(2)) diff --git a/agent/submatview/streaming_test.go b/agent/submatview/streaming_test.go index 80fec094f..be484cac6 100644 --- a/agent/submatview/streaming_test.go +++ b/agent/submatview/streaming_test.go @@ -7,7 +7,7 @@ import ( "google.golang.org/grpc" - "github.com/hashicorp/consul/proto/pbcommon" + "github.com/hashicorp/consul/proto/pbcommongogo" "github.com/hashicorp/consul/proto/pbservice" "github.com/hashicorp/consul/proto/pbsubscribe" "github.com/hashicorp/consul/types" @@ -120,7 +120,7 @@ func newEventServiceHealthRegister(index uint64, nodeNum int, svc string) *pbsub Node: node, Address: addr, Datacenter: "dc1", - RaftIndex: pbcommon.RaftIndex{ + RaftIndex: pbcommongogo.RaftIndex{ CreateIndex: index, ModifyIndex: index, }, @@ -129,7 +129,7 @@ func newEventServiceHealthRegister(index uint64, nodeNum int, svc string) *pbsub ID: svc, Service: svc, Port: 8080, - RaftIndex: pbcommon.RaftIndex{ + RaftIndex: pbcommongogo.RaftIndex{ CreateIndex: index, ModifyIndex: index, }, @@ -160,7 +160,7 @@ func newEventServiceHealthDeregister(index uint64, nodeNum int, svc string) *pbs Passing: 1, Warning: 1, }, - RaftIndex: pbcommon.RaftIndex{ + RaftIndex: pbcommongogo.RaftIndex{ // The original insertion index since a delete doesn't update // this. This magic value came from state store tests where we // setup at index 10 and then mutate at index 100. It can be diff --git a/build-support/scripts/proto-gen-entry.sh b/build-support/scripts/proto-gen-entry.sh new file mode 100644 index 000000000..c02df1b5a --- /dev/null +++ b/build-support/scripts/proto-gen-entry.sh @@ -0,0 +1,11 @@ +#!/usr/bin/env bash + +FILENAME=$3 +echo $PWD +if [[ "$FILENAME" =~ .*pbcommon/.* ]]; then + echo "$FILENAME no gogo" + ./build-support/scripts/proto-gen-no-gogo.sh $1 $2 $3 +else + echo "$FILENAME gogo" + ./build-support/scripts/proto-gen.sh $1 $2 $3 +fi \ No newline at end of file diff --git a/build-support/scripts/proto-gen-no-gogo.sh b/build-support/scripts/proto-gen-no-gogo.sh new file mode 100755 index 000000000..c736d49de --- /dev/null +++ b/build-support/scripts/proto-gen-no-gogo.sh @@ -0,0 +1,142 @@ +#!/usr/bin/env bash + +SCRIPT_NAME="$(basename ${BASH_SOURCE[0]})" +pushd $(dirname ${BASH_SOURCE[0]}) > /dev/null +SCRIPT_DIR=$(pwd) +pushd ../.. > /dev/null +SOURCE_DIR=$(pwd) +popd > /dev/null +pushd ../functions > /dev/null +FN_DIR=$(pwd) +popd > /dev/null +popd > /dev/null + +source "${SCRIPT_DIR}/functions.sh" + +function usage { +cat <<-EOF +Usage: ${SCRIPT_NAME} [] + +Description: + Generate the Go files from protobuf definitions. In addition to + running the protoc generator it will also fixup build tags in the + generated code. + +Options: + --import-replace Replace imports of google types with those from the protobuf repo. + --grpc Enable the gRPC plugin + -h | --help Print this help text. +EOF +} + +function err_usage { + err "$1" + err "" + err "$(usage)" +} + +function main { + local -i grpc=0 + local -i imp_replace=0 + local proto_path= + + while test $# -gt 0 + do + case "$1" in + -h | --help ) + usage + return 0 + ;; + --grpc ) + grpc=1 + shift + ;; + --import-replace ) + imp_replace=1 + shift + ;; + * ) + proto_path="$1" + shift + ;; + esac + done + + if test -z "${proto_path}" + then + err_usage "ERROR: No proto file specified" + return 1 + fi + + local golang_proto_path=$(go list -f '{{ .Dir }}' -m github.com/golang/protobuf) + local golang_proto_mod_path=$(sed -e 's,\(.*\)github.com.*,\1,' <<< "${golang_proto_path}") + + + local golang_proto_imp_replace="Mgoogle/protobuf/timestamp.proto=github.com/golang/protobuf/ptypes/timestamp" + golang_proto_imp_replace="${golang_proto_imp_replace},Mgoogle/protobuf/duration.proto=github.com/golang/protobuf/ptypes/duration" + + local proto_go_path=${proto_path%%.proto}.pb.go + local proto_go_bin_path=${proto_path%%.proto}.pb.binary.go + + local go_proto_out="paths=source_relative" + if is_set "${grpc}" + then + go_proto_out="${go_proto_out},plugins=grpc" + fi + + if is_set "${imp_replace}" + then + go_proto_out="${go_proto_out},${golang_proto_imp_replace}" + fi + + if test -n "${go_proto_out}" + then + go_proto_out="${go_proto_out}:" + fi + + # How we run protoc probably needs some documentation. + # + # This is the path to where + # -I="${golang_proto_path}/protobuf" \ + local -i ret=0 + status_stage "Generating ${proto_path} into ${proto_go_path} and ${proto_go_bin_path} (NO GOGO)" + debug_run protoc \ + -I="${golang_proto_path}" \ + -I="${golang_proto_mod_path}" \ + -I="${SOURCE_DIR}" \ + --go_out="${go_proto_out}${SOURCE_DIR}" \ + --go-binary_out="${SOURCE_DIR}" \ + "${proto_path}" + debug_run protoc-go-inject-tag \ + -input="${proto_go_path}" + + echo "debug_run protoc \ + -I=\"${golang_proto_path}\" \ + -I=\"${golang_proto_mod_path}\" \ + -I=\"${SOURCE_DIR}\" \ + --go_out=\"${go_proto_out}${SOURCE_DIR}\" \ + --go-binary_out=\"${SOURCE_DIR}\" \ + \"${proto_path}\"" + if test $? -ne 0 + then + err "Failed to generate outputs from ${proto_path}" + return 1 + fi + + BUILD_TAGS=$(sed -e '/^[[:space:]]*$/,$d' < "${proto_path}" | grep '// +build') + if test -n "${BUILD_TAGS}" + then + echo -e "${BUILD_TAGS}\n" >> "${proto_go_path}.new" + cat "${proto_go_path}" >> "${proto_go_path}.new" + mv "${proto_go_path}.new" "${proto_go_path}" + + echo -e "${BUILD_TAGS}\n" >> "${proto_go_bin_path}.new" + cat "${proto_go_bin_path}" >> "${proto_go_bin_path}.new" + mv "${proto_go_bin_path}.new" "${proto_go_bin_path}" + fi + + return 0 +} + +main "$@" +exit $? diff --git a/proto/pbcommon/common.gen.go b/proto/pbcommon/common.gen.go new file mode 100644 index 000000000..14aa7128b --- /dev/null +++ b/proto/pbcommon/common.gen.go @@ -0,0 +1,56 @@ +// Code generated by mog. DO NOT EDIT. + +package pbcommon + +import "github.com/hashicorp/consul/agent/structs" + +func QueryMetaToStructs(s *QueryMeta, t *structs.QueryMeta) { + if s == nil { + return + } + t.Index = s.Index + t.LastContact = structs.DurationFromProto(s.LastContact) + t.KnownLeader = s.KnownLeader + t.ConsistencyLevel = s.ConsistencyLevel + t.ResultsFilteredByACLs = s.ResultsFilteredByACLs +} +func QueryMetaFromStructs(t *structs.QueryMeta, s *QueryMeta) { + if s == nil { + return + } + s.Index = t.Index + s.LastContact = structs.DurationToProto(t.LastContact) + s.KnownLeader = t.KnownLeader + s.ConsistencyLevel = t.ConsistencyLevel + s.ResultsFilteredByACLs = t.ResultsFilteredByACLs +} +func QueryOptionsToStructs(s *QueryOptions, t *structs.QueryOptions) { + if s == nil { + return + } + t.Token = s.Token + t.MinQueryIndex = s.MinQueryIndex + t.MaxQueryTime = structs.DurationFromProto(s.MaxQueryTime) + t.AllowStale = s.AllowStale + t.RequireConsistent = s.RequireConsistent + t.UseCache = s.UseCache + t.MaxStaleDuration = structs.DurationFromProto(s.MaxStaleDuration) + t.MaxAge = structs.DurationFromProto(s.MaxAge) + t.MustRevalidate = s.MustRevalidate + t.Filter = s.Filter +} +func QueryOptionsFromStructs(t *structs.QueryOptions, s *QueryOptions) { + if s == nil { + return + } + s.Token = t.Token + s.MinQueryIndex = t.MinQueryIndex + s.MaxQueryTime = structs.DurationToProto(t.MaxQueryTime) + s.AllowStale = t.AllowStale + s.RequireConsistent = t.RequireConsistent + s.UseCache = t.UseCache + s.MaxStaleDuration = structs.DurationToProto(t.MaxStaleDuration) + s.MaxAge = structs.DurationToProto(t.MaxAge) + s.MustRevalidate = t.MustRevalidate + s.Filter = t.Filter +} diff --git a/proto/pbcommon/common.go b/proto/pbcommon/common.go index 1925aedda..fbff7e4ae 100644 --- a/proto/pbcommon/common.go +++ b/proto/pbcommon/common.go @@ -4,7 +4,6 @@ import ( "time" "github.com/hashicorp/consul/agent/structs" - "github.com/hashicorp/consul/proto/pbutil" ) // IsRead is always true for QueryOption @@ -37,7 +36,7 @@ func (q *QueryOptions) SetMinQueryIndex(minQueryIndex uint64) { // SetMaxQueryTime is needed to implement the structs.QueryOptionsCompat interface func (q *QueryOptions) SetMaxQueryTime(maxQueryTime time.Duration) { - q.MaxQueryTime = *pbutil.DurationToProto(maxQueryTime) + q.MaxQueryTime = structs.DurationToProto(maxQueryTime) } // SetAllowStale is needed to implement the structs.QueryOptionsCompat interface @@ -57,12 +56,12 @@ func (q *QueryOptions) SetUseCache(useCache bool) { // SetMaxStaleDuration is needed to implement the structs.QueryOptionsCompat interface func (q *QueryOptions) SetMaxStaleDuration(maxStaleDuration time.Duration) { - q.MaxStaleDuration = *pbutil.DurationToProto(maxStaleDuration) + q.MaxStaleDuration = structs.DurationToProto(maxStaleDuration) } // SetMaxAge is needed to implement the structs.QueryOptionsCompat interface func (q *QueryOptions) SetMaxAge(maxAge time.Duration) { - q.MaxAge = *pbutil.DurationToProto(maxAge) + q.MaxAge = structs.DurationToProto(maxAge) } // SetMustRevalidate is needed to implement the structs.QueryOptionsCompat interface @@ -72,15 +71,11 @@ func (q *QueryOptions) SetMustRevalidate(mustRevalidate bool) { // SetStaleIfError is needed to implement the structs.QueryOptionsCompat interface func (q *QueryOptions) SetStaleIfError(staleIfError time.Duration) { - q.StaleIfError = *pbutil.DurationToProto(staleIfError) + q.StaleIfError = structs.DurationToProto(staleIfError) } func (q QueryOptions) HasTimedOut(start time.Time, rpcHoldTimeout, maxQueryTime, defaultQueryTime time.Duration) (bool, error) { - maxTime, err := pbutil.DurationFromProto(&q.MaxQueryTime) - if err != nil { - return false, err - } - + maxTime := structs.DurationFromProto(q.MaxQueryTime) o := structs.QueryOptions{ MaxQueryTime: maxTime, MinQueryIndex: q.MinQueryIndex, @@ -93,97 +88,9 @@ func (q *QueryOptions) SetFilter(filter string) { q.Filter = filter } -// GetMaxQueryTime is required to implement blockingQueryOptions -func (q *QueryOptions) GetMaxQueryTime() (time.Duration, error) { - if q != nil { - return pbutil.DurationFromProto(&q.MaxQueryTime) - } - return 0, nil -} - -// GetMinQueryIndex is required to implement blockingQueryOptions -func (q *QueryOptions) GetMinQueryIndex() uint64 { - if q != nil { - return q.MinQueryIndex - } - return 0 -} - -// GetRequireConsistent is required to implement blockingQueryOptions -func (q *QueryOptions) GetRequireConsistent() bool { - if q != nil { - return q.RequireConsistent - } - return false -} - -// GetToken is required to implement blockingQueryOptions -func (q *QueryOptions) GetToken() string { - if q != nil { - return q.Token - } - return "" -} - -// GetAllowStale is required to implement structs.QueryOptionsCompat -func (q *QueryOptions) GetAllowStale() bool { - if q != nil { - return q.AllowStale - } - return false -} - -// GetFilter is required to implement structs.QueryOptionsCompat -func (q *QueryOptions) GetFilter() string { - if q != nil { - return q.Filter - } - return "" -} - -// GetMaxAge is required to implement structs.QueryOptionsCompat -func (q *QueryOptions) GetMaxAge() (time.Duration, error) { - if q != nil { - return pbutil.DurationFromProto(&q.MaxAge) - } - return 0, nil -} - -// GetMaxStaleDuration is required to implement structs.QueryOptionsCompat -func (q *QueryOptions) GetMaxStaleDuration() (time.Duration, error) { - if q != nil { - return pbutil.DurationFromProto(&q.MaxStaleDuration) - } - return 0, nil -} - -// GetMustRevalidate is required to implement structs.QueryOptionsCompat -func (q *QueryOptions) GetMustRevalidate() bool { - if q != nil { - return q.MustRevalidate - } - return false -} - -// GetStaleIfError is required to implement structs.QueryOptionsCompat -func (q *QueryOptions) GetStaleIfError() (time.Duration, error) { - if q != nil { - return pbutil.DurationFromProto(&q.StaleIfError) - } - return 0, nil -} - -// GetUseCache is required to implement structs.QueryOptionsCompat -func (q *QueryOptions) GetUseCache() bool { - if q != nil { - return q.UseCache - } - return false -} - // SetLastContact is needed to implement the structs.QueryMetaCompat interface func (q *QueryMeta) SetLastContact(lastContact time.Duration) { - q.LastContact = *pbutil.DurationToProto(lastContact) + q.LastContact = structs.DurationToProto(lastContact) } // SetKnownLeader is needed to implement the structs.QueryMetaCompat interface @@ -210,46 +117,6 @@ func (q *QueryMeta) SetResultsFilteredByACLs(v bool) { q.ResultsFilteredByACLs = v } -// GetIndex is required to implement blockingQueryResponseMeta -func (q *QueryMeta) GetIndex() uint64 { - if q != nil { - return q.Index - } - return 0 -} - -// GetConsistencyLevel is required to implement structs.QueryMetaCompat -func (q *QueryMeta) GetConsistencyLevel() string { - if q != nil { - return q.ConsistencyLevel - } - return "" -} - -// GetKnownLeader is required to implement structs.QueryMetaCompat -func (q *QueryMeta) GetKnownLeader() bool { - if q != nil { - return q.KnownLeader - } - return false -} - -// GetLastContact is required to implement structs.QueryMetaCompat -func (q *QueryMeta) GetLastContact() (time.Duration, error) { - if q != nil { - return pbutil.DurationFromProto(&q.LastContact) - } - return 0, nil -} - -// GetResultsFilteredByACLs is required to implement structs.QueryMetaCompat -func (q *QueryMeta) GetResultsFilteredByACLs() bool { - if q != nil { - return q.ResultsFilteredByACLs - } - return false -} - // WriteRequest only applies to writes, always false // // IsRead implements structs.RPCInfo @@ -309,45 +176,3 @@ func (r *ReadRequest) HasTimedOut(start time.Time, rpcHoldTimeout, maxQueryTime, func (td TargetDatacenter) RequestDatacenter() string { return td.Datacenter } - -func QueryMetaToStructs(s *QueryMeta) (structs.QueryMeta, error) { - var t structs.QueryMeta - if s == nil { - return t, nil - } - t.Index = s.Index - lastContact, err := pbutil.DurationFromProto(&s.LastContact) - if err != nil { - return t, err - } - t.LastContact = lastContact - t.KnownLeader = s.KnownLeader - t.ConsistencyLevel = s.ConsistencyLevel - return t, nil -} - -func NewQueryMetaFromStructs(s structs.QueryMeta) (*QueryMeta, error) { - var t QueryMeta - t.Index = s.Index - t.LastContact = *pbutil.DurationToProto(s.LastContact) - t.KnownLeader = s.KnownLeader - t.ConsistencyLevel = s.ConsistencyLevel - return &t, nil -} - -func RaftIndexToStructs(s *RaftIndex) structs.RaftIndex { - if s == nil { - return structs.RaftIndex{} - } - return structs.RaftIndex{ - CreateIndex: s.CreateIndex, - ModifyIndex: s.ModifyIndex, - } -} - -func NewRaftIndexFromStructs(s structs.RaftIndex) *RaftIndex { - return &RaftIndex{ - CreateIndex: s.CreateIndex, - ModifyIndex: s.ModifyIndex, - } -} diff --git a/proto/pbcommon/common.pb.go b/proto/pbcommon/common.pb.go index 11441c577..21f3b1dee 100644 --- a/proto/pbcommon/common.pb.go +++ b/proto/pbcommon/common.pb.go @@ -1,16 +1,13 @@ -// Code generated by protoc-gen-gogo. DO NOT EDIT. +// Code generated by protoc-gen-go. DO NOT EDIT. // source: proto/pbcommon/common.proto package pbcommon import ( fmt "fmt" - _ "github.com/gogo/protobuf/gogoproto" - types "github.com/gogo/protobuf/types" proto "github.com/golang/protobuf/proto" - io "io" + duration "github.com/golang/protobuf/ptypes/duration" math "math" - math_bits "math/bits" ) // Reference imports to suppress errors if they are not otherwise used. @@ -27,8 +24,13 @@ const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package // RaftIndex is used to track the index used while creating // or modifying a given struct type. type RaftIndex struct { + // @gotags: bexpr:"-" CreateIndex uint64 `protobuf:"varint,1,opt,name=CreateIndex,proto3" json:"CreateIndex,omitempty" bexpr:"-"` - ModifyIndex uint64 `protobuf:"varint,2,opt,name=ModifyIndex,proto3" json:"ModifyIndex,omitempty" bexpr:"-"` + // @gotags: bexpr:"-" + ModifyIndex uint64 `protobuf:"varint,2,opt,name=ModifyIndex,proto3" json:"ModifyIndex,omitempty" bexpr:"-"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *RaftIndex) Reset() { *m = RaftIndex{} } @@ -37,26 +39,18 @@ func (*RaftIndex) ProtoMessage() {} func (*RaftIndex) Descriptor() ([]byte, []int) { return fileDescriptor_a6f5ac44994d718c, []int{0} } + func (m *RaftIndex) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) + return xxx_messageInfo_RaftIndex.Unmarshal(m, b) } func (m *RaftIndex) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_RaftIndex.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil - } + return xxx_messageInfo_RaftIndex.Marshal(b, m, deterministic) } func (m *RaftIndex) XXX_Merge(src proto.Message) { xxx_messageInfo_RaftIndex.Merge(m, src) } func (m *RaftIndex) XXX_Size() int { - return m.Size() + return xxx_messageInfo_RaftIndex.Size(m) } func (m *RaftIndex) XXX_DiscardUnknown() { xxx_messageInfo_RaftIndex.DiscardUnknown(m) @@ -64,10 +58,27 @@ func (m *RaftIndex) XXX_DiscardUnknown() { var xxx_messageInfo_RaftIndex proto.InternalMessageInfo +func (m *RaftIndex) GetCreateIndex() uint64 { + if m != nil { + return m.CreateIndex + } + return 0 +} + +func (m *RaftIndex) GetModifyIndex() uint64 { + if m != nil { + return m.ModifyIndex + } + return 0 +} + // TargetDatacenter is intended to be used within other messages used for RPC routing // amongst the various Consul datacenters type TargetDatacenter struct { - Datacenter string `protobuf:"bytes,1,opt,name=Datacenter,proto3" json:"Datacenter,omitempty"` + Datacenter string `protobuf:"bytes,1,opt,name=Datacenter,proto3" json:"Datacenter,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *TargetDatacenter) Reset() { *m = TargetDatacenter{} } @@ -76,26 +87,18 @@ func (*TargetDatacenter) ProtoMessage() {} func (*TargetDatacenter) Descriptor() ([]byte, []int) { return fileDescriptor_a6f5ac44994d718c, []int{1} } + func (m *TargetDatacenter) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) + return xxx_messageInfo_TargetDatacenter.Unmarshal(m, b) } func (m *TargetDatacenter) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_TargetDatacenter.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil - } + return xxx_messageInfo_TargetDatacenter.Marshal(b, m, deterministic) } func (m *TargetDatacenter) XXX_Merge(src proto.Message) { xxx_messageInfo_TargetDatacenter.Merge(m, src) } func (m *TargetDatacenter) XXX_Size() int { - return m.Size() + return xxx_messageInfo_TargetDatacenter.Size(m) } func (m *TargetDatacenter) XXX_DiscardUnknown() { xxx_messageInfo_TargetDatacenter.DiscardUnknown(m) @@ -103,10 +106,20 @@ func (m *TargetDatacenter) XXX_DiscardUnknown() { var xxx_messageInfo_TargetDatacenter proto.InternalMessageInfo +func (m *TargetDatacenter) GetDatacenter() string { + if m != nil { + return m.Datacenter + } + return "" +} + type WriteRequest struct { // Token is the ACL token ID. If not provided, the 'anonymous' // token is assumed for backwards compatibility. - Token string `protobuf:"bytes,1,opt,name=Token,proto3" json:"Token,omitempty"` + Token string `protobuf:"bytes,1,opt,name=Token,proto3" json:"Token,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *WriteRequest) Reset() { *m = WriteRequest{} } @@ -115,26 +128,18 @@ func (*WriteRequest) ProtoMessage() {} func (*WriteRequest) Descriptor() ([]byte, []int) { return fileDescriptor_a6f5ac44994d718c, []int{2} } + func (m *WriteRequest) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) + return xxx_messageInfo_WriteRequest.Unmarshal(m, b) } func (m *WriteRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_WriteRequest.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil - } + return xxx_messageInfo_WriteRequest.Marshal(b, m, deterministic) } func (m *WriteRequest) XXX_Merge(src proto.Message) { xxx_messageInfo_WriteRequest.Merge(m, src) } func (m *WriteRequest) XXX_Size() int { - return m.Size() + return xxx_messageInfo_WriteRequest.Size(m) } func (m *WriteRequest) XXX_DiscardUnknown() { xxx_messageInfo_WriteRequest.DiscardUnknown(m) @@ -142,6 +147,13 @@ func (m *WriteRequest) XXX_DiscardUnknown() { var xxx_messageInfo_WriteRequest proto.InternalMessageInfo +func (m *WriteRequest) GetToken() string { + if m != nil { + return m.Token + } + return "" +} + // ReadRequest is a type that may be embedded into any requests for read // operations. // It is a replacement for QueryOptions now that we no longer need any of those @@ -153,7 +165,10 @@ type ReadRequest struct { // token is assumed for backwards compatibility. Token string `protobuf:"bytes,1,opt,name=Token,proto3" json:"Token,omitempty"` // RequireConsistent indicates that the request must be sent to the leader. - RequireConsistent bool `protobuf:"varint,2,opt,name=RequireConsistent,proto3" json:"RequireConsistent,omitempty"` + RequireConsistent bool `protobuf:"varint,2,opt,name=RequireConsistent,proto3" json:"RequireConsistent,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *ReadRequest) Reset() { *m = ReadRequest{} } @@ -162,26 +177,18 @@ func (*ReadRequest) ProtoMessage() {} func (*ReadRequest) Descriptor() ([]byte, []int) { return fileDescriptor_a6f5ac44994d718c, []int{3} } + func (m *ReadRequest) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) + return xxx_messageInfo_ReadRequest.Unmarshal(m, b) } func (m *ReadRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_ReadRequest.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil - } + return xxx_messageInfo_ReadRequest.Marshal(b, m, deterministic) } func (m *ReadRequest) XXX_Merge(src proto.Message) { xxx_messageInfo_ReadRequest.Merge(m, src) } func (m *ReadRequest) XXX_Size() int { - return m.Size() + return xxx_messageInfo_ReadRequest.Size(m) } func (m *ReadRequest) XXX_DiscardUnknown() { xxx_messageInfo_ReadRequest.DiscardUnknown(m) @@ -189,7 +196,28 @@ func (m *ReadRequest) XXX_DiscardUnknown() { var xxx_messageInfo_ReadRequest proto.InternalMessageInfo +func (m *ReadRequest) GetToken() string { + if m != nil { + return m.Token + } + return "" +} + +func (m *ReadRequest) GetRequireConsistent() bool { + if m != nil { + return m.RequireConsistent + } + return false +} + // QueryOptions is used to specify various flags for read queries +// +// mog annotation: +// +// target=github.com/hashicorp/consul/agent/structs.QueryOptions +// output=common.gen.go +// name=Structs +// ignore-fields=StaleIfError,AllowNotModifiedResponse,state,sizeCache,unknownFields type QueryOptions struct { // Token is the ACL token ID. If not provided, the 'anonymous' // token is assumed for backwards compatibility. @@ -198,7 +226,8 @@ type QueryOptions struct { // with MaxQueryTime. MinQueryIndex uint64 `protobuf:"varint,2,opt,name=MinQueryIndex,proto3" json:"MinQueryIndex,omitempty"` // Provided with MinQueryIndex to wait for change. - MaxQueryTime types.Duration `protobuf:"bytes,3,opt,name=MaxQueryTime,proto3" json:"MaxQueryTime"` + // mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto + MaxQueryTime *duration.Duration `protobuf:"bytes,3,opt,name=MaxQueryTime,proto3" json:"MaxQueryTime,omitempty"` // If set, any follower can service the request. Results // may be arbitrarily stale. AllowStale bool `protobuf:"varint,4,opt,name=AllowStale,proto3" json:"AllowStale,omitempty"` @@ -216,7 +245,8 @@ type QueryOptions struct { // If set and AllowStale is true, will try first a stale // read, and then will perform a consistent read if stale // read is older than value. - MaxStaleDuration types.Duration `protobuf:"bytes,7,opt,name=MaxStaleDuration,proto3" json:"MaxStaleDuration"` + // mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto + MaxStaleDuration *duration.Duration `protobuf:"bytes,7,opt,name=MaxStaleDuration,proto3" json:"MaxStaleDuration,omitempty"` // MaxAge limits how old a cached value will be returned if UseCache is true. // If there is a cached response that is older than the MaxAge, it is treated // as a cache miss and a new fetch invoked. If the fetch fails, the error is @@ -224,7 +254,8 @@ type QueryOptions struct { // StaleIfError to a longer duration to change this behavior. It is ignored // if the endpoint supports background refresh caching. See // https://www.consul.io/api/index.html#agent-caching for more details. - MaxAge types.Duration `protobuf:"bytes,8,opt,name=MaxAge,proto3" json:"MaxAge"` + // mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto + MaxAge *duration.Duration `protobuf:"bytes,8,opt,name=MaxAge,proto3" json:"MaxAge,omitempty"` // MustRevalidate forces the agent to fetch a fresh version of a cached // resource or at least validate that the cached version is still fresh. It is // implied by either max-age=0 or must-revalidate Cache-Control headers. It @@ -236,10 +267,13 @@ type QueryOptions struct { // UseCache is true and MaxAge is set to a lower, non-zero value. It is // ignored if the endpoint supports background refresh caching. See // https://www.consul.io/api/index.html#agent-caching for more details. - StaleIfError types.Duration `protobuf:"bytes,10,opt,name=StaleIfError,proto3" json:"StaleIfError"` + StaleIfError *duration.Duration `protobuf:"bytes,10,opt,name=StaleIfError,proto3" json:"StaleIfError,omitempty"` // Filter specifies the go-bexpr filter expression to be used for // filtering the data prior to returning a response - Filter string `protobuf:"bytes,11,opt,name=Filter,proto3" json:"Filter,omitempty"` + Filter string `protobuf:"bytes,11,opt,name=Filter,proto3" json:"Filter,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *QueryOptions) Reset() { *m = QueryOptions{} } @@ -248,26 +282,18 @@ func (*QueryOptions) ProtoMessage() {} func (*QueryOptions) Descriptor() ([]byte, []int) { return fileDescriptor_a6f5ac44994d718c, []int{4} } + func (m *QueryOptions) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) + return xxx_messageInfo_QueryOptions.Unmarshal(m, b) } func (m *QueryOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_QueryOptions.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil - } + return xxx_messageInfo_QueryOptions.Marshal(b, m, deterministic) } func (m *QueryOptions) XXX_Merge(src proto.Message) { xxx_messageInfo_QueryOptions.Merge(m, src) } func (m *QueryOptions) XXX_Size() int { - return m.Size() + return xxx_messageInfo_QueryOptions.Size(m) } func (m *QueryOptions) XXX_DiscardUnknown() { xxx_messageInfo_QueryOptions.DiscardUnknown(m) @@ -275,15 +301,100 @@ func (m *QueryOptions) XXX_DiscardUnknown() { var xxx_messageInfo_QueryOptions proto.InternalMessageInfo +func (m *QueryOptions) GetToken() string { + if m != nil { + return m.Token + } + return "" +} + +func (m *QueryOptions) GetMinQueryIndex() uint64 { + if m != nil { + return m.MinQueryIndex + } + return 0 +} + +func (m *QueryOptions) GetMaxQueryTime() *duration.Duration { + if m != nil { + return m.MaxQueryTime + } + return nil +} + +func (m *QueryOptions) GetAllowStale() bool { + if m != nil { + return m.AllowStale + } + return false +} + +func (m *QueryOptions) GetRequireConsistent() bool { + if m != nil { + return m.RequireConsistent + } + return false +} + +func (m *QueryOptions) GetUseCache() bool { + if m != nil { + return m.UseCache + } + return false +} + +func (m *QueryOptions) GetMaxStaleDuration() *duration.Duration { + if m != nil { + return m.MaxStaleDuration + } + return nil +} + +func (m *QueryOptions) GetMaxAge() *duration.Duration { + if m != nil { + return m.MaxAge + } + return nil +} + +func (m *QueryOptions) GetMustRevalidate() bool { + if m != nil { + return m.MustRevalidate + } + return false +} + +func (m *QueryOptions) GetStaleIfError() *duration.Duration { + if m != nil { + return m.StaleIfError + } + return nil +} + +func (m *QueryOptions) GetFilter() string { + if m != nil { + return m.Filter + } + return "" +} + // QueryMeta allows a query response to include potentially // useful metadata about a query +// +// mog annotation: +// +// target=github.com/hashicorp/consul/agent/structs.QueryMeta +// output=common.gen.go +// name=Structs +// ignore-fields=NotModified,Backend,state,sizeCache,unknownFields type QueryMeta struct { // This is the index associated with the read Index uint64 `protobuf:"varint,1,opt,name=Index,proto3" json:"Index,omitempty"` // If AllowStale is used, this is time elapsed since // last contact between the follower and leader. This // can be used to gauge staleness. - LastContact types.Duration `protobuf:"bytes,2,opt,name=LastContact,proto3" json:"LastContact"` + // mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto + LastContact *duration.Duration `protobuf:"bytes,2,opt,name=LastContact,proto3" json:"LastContact,omitempty"` // Used to indicate if there is a known leader node KnownLeader bool `protobuf:"varint,3,opt,name=KnownLeader,proto3" json:"KnownLeader,omitempty"` // Consistencylevel returns the consistency used to serve the query @@ -293,7 +404,10 @@ type QueryMeta struct { // ResultsFilteredByACLs is true when some of the query's results were // filtered out by enforcing ACLs. It may be false because nothing was // removed, or because the endpoint does not yet support this flag. - ResultsFilteredByACLs bool `protobuf:"varint,7,opt,name=ResultsFilteredByACLs,proto3" json:"ResultsFilteredByACLs,omitempty"` + ResultsFilteredByACLs bool `protobuf:"varint,7,opt,name=ResultsFilteredByACLs,proto3" json:"ResultsFilteredByACLs,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *QueryMeta) Reset() { *m = QueryMeta{} } @@ -302,26 +416,18 @@ func (*QueryMeta) ProtoMessage() {} func (*QueryMeta) Descriptor() ([]byte, []int) { return fileDescriptor_a6f5ac44994d718c, []int{5} } + func (m *QueryMeta) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) + return xxx_messageInfo_QueryMeta.Unmarshal(m, b) } func (m *QueryMeta) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_QueryMeta.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil - } + return xxx_messageInfo_QueryMeta.Marshal(b, m, deterministic) } func (m *QueryMeta) XXX_Merge(src proto.Message) { xxx_messageInfo_QueryMeta.Merge(m, src) } func (m *QueryMeta) XXX_Size() int { - return m.Size() + return xxx_messageInfo_QueryMeta.Size(m) } func (m *QueryMeta) XXX_DiscardUnknown() { xxx_messageInfo_QueryMeta.DiscardUnknown(m) @@ -329,13 +435,51 @@ func (m *QueryMeta) XXX_DiscardUnknown() { var xxx_messageInfo_QueryMeta proto.InternalMessageInfo +func (m *QueryMeta) GetIndex() uint64 { + if m != nil { + return m.Index + } + return 0 +} + +func (m *QueryMeta) GetLastContact() *duration.Duration { + if m != nil { + return m.LastContact + } + return nil +} + +func (m *QueryMeta) GetKnownLeader() bool { + if m != nil { + return m.KnownLeader + } + return false +} + +func (m *QueryMeta) GetConsistencyLevel() string { + if m != nil { + return m.ConsistencyLevel + } + return "" +} + +func (m *QueryMeta) GetResultsFilteredByACLs() bool { + if m != nil { + return m.ResultsFilteredByACLs + } + return false +} + // EnterpriseMeta contains metadata that is only used by the Enterprise version // of Consul. type EnterpriseMeta struct { // Namespace in which the entity exists. Namespace string `protobuf:"bytes,1,opt,name=Namespace,proto3" json:"Namespace,omitempty"` // Partition in which the entity exists. - Partition string `protobuf:"bytes,2,opt,name=Partition,proto3" json:"Partition,omitempty"` + Partition string `protobuf:"bytes,2,opt,name=Partition,proto3" json:"Partition,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *EnterpriseMeta) Reset() { *m = EnterpriseMeta{} } @@ -344,26 +488,18 @@ func (*EnterpriseMeta) ProtoMessage() {} func (*EnterpriseMeta) Descriptor() ([]byte, []int) { return fileDescriptor_a6f5ac44994d718c, []int{6} } + func (m *EnterpriseMeta) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) + return xxx_messageInfo_EnterpriseMeta.Unmarshal(m, b) } func (m *EnterpriseMeta) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_EnterpriseMeta.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil - } + return xxx_messageInfo_EnterpriseMeta.Marshal(b, m, deterministic) } func (m *EnterpriseMeta) XXX_Merge(src proto.Message) { xxx_messageInfo_EnterpriseMeta.Merge(m, src) } func (m *EnterpriseMeta) XXX_Size() int { - return m.Size() + return xxx_messageInfo_EnterpriseMeta.Size(m) } func (m *EnterpriseMeta) XXX_DiscardUnknown() { xxx_messageInfo_EnterpriseMeta.DiscardUnknown(m) @@ -371,6 +507,20 @@ func (m *EnterpriseMeta) XXX_DiscardUnknown() { var xxx_messageInfo_EnterpriseMeta proto.InternalMessageInfo +func (m *EnterpriseMeta) GetNamespace() string { + if m != nil { + return m.Namespace + } + return "" +} + +func (m *EnterpriseMeta) GetPartition() string { + if m != nil { + return m.Partition + } + return "" +} + func init() { proto.RegisterType((*RaftIndex)(nil), "common.RaftIndex") proto.RegisterType((*TargetDatacenter)(nil), "common.TargetDatacenter") @@ -381,1632 +531,45 @@ func init() { proto.RegisterType((*EnterpriseMeta)(nil), "common.EnterpriseMeta") } -func init() { proto.RegisterFile("proto/pbcommon/common.proto", fileDescriptor_a6f5ac44994d718c) } +func init() { + proto.RegisterFile("proto/pbcommon/common.proto", fileDescriptor_a6f5ac44994d718c) +} var fileDescriptor_a6f5ac44994d718c = []byte{ - // 639 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x8c, 0x54, 0xc1, 0x6e, 0xd3, 0x4c, - 0x10, 0x8e, 0xfb, 0xa7, 0xae, 0xbd, 0x69, 0xab, 0xfc, 0xab, 0x82, 0x4c, 0x41, 0x6e, 0x65, 0x55, - 0xa8, 0xaa, 0x20, 0x96, 0x0a, 0x12, 0x12, 0xb7, 0x24, 0x2d, 0x52, 0xdb, 0x18, 0xe8, 0x52, 0x84, - 0xc4, 0x6d, 0x63, 0x4f, 0x1c, 0x0b, 0xc7, 0x6b, 0x76, 0xd7, 0x6d, 0x72, 0xe7, 0x01, 0x38, 0xf2, - 0x48, 0x3d, 0xf6, 0xc8, 0xa9, 0x82, 0xe6, 0x0d, 0x10, 0x0f, 0x80, 0xbc, 0x4e, 0x5b, 0x97, 0xa6, - 0x28, 0xa7, 0xe4, 0xfb, 0xf6, 0x9b, 0xd9, 0x99, 0xf9, 0x66, 0x8d, 0x1e, 0xa6, 0x9c, 0x49, 0xe6, - 0xa6, 0x5d, 0x9f, 0x0d, 0x06, 0x2c, 0x71, 0x8b, 0x9f, 0x86, 0x62, 0xb1, 0x5e, 0xa0, 0x55, 0x3b, - 0x64, 0x2c, 0x8c, 0xc1, 0x55, 0x6c, 0x37, 0xeb, 0xb9, 0x41, 0xc6, 0xa9, 0x8c, 0x2e, 0x75, 0xab, - 0x2b, 0x21, 0x0b, 0x59, 0x91, 0x28, 0xff, 0x57, 0xb0, 0xce, 0x00, 0x99, 0x84, 0xf6, 0xe4, 0x5e, - 0x12, 0xc0, 0x10, 0xbb, 0xa8, 0xd6, 0xe6, 0x40, 0x25, 0x28, 0x68, 0x69, 0xeb, 0xda, 0x66, 0xb5, - 0xb5, 0xf4, 0xeb, 0x7c, 0xcd, 0xec, 0xc2, 0x30, 0xe5, 0x2f, 0x9d, 0xa7, 0x0e, 0x29, 0x2b, 0xf2, - 0x00, 0x8f, 0x05, 0x51, 0x6f, 0x54, 0x04, 0xcc, 0x4d, 0x0d, 0x28, 0x29, 0x9c, 0x6d, 0x54, 0x3f, - 0xa2, 0x3c, 0x04, 0xb9, 0x43, 0x25, 0xf5, 0x21, 0x91, 0xc0, 0xb1, 0x8d, 0xd0, 0x35, 0x52, 0x97, - 0x9a, 0xa4, 0xc4, 0x38, 0x1b, 0x68, 0xf1, 0x03, 0x8f, 0x24, 0x10, 0xf8, 0x9c, 0x81, 0x90, 0x78, - 0x05, 0xcd, 0x1f, 0xb1, 0x4f, 0x90, 0x4c, 0xa4, 0x05, 0x70, 0x0e, 0x51, 0x8d, 0x00, 0x0d, 0xfe, - 0x29, 0xc2, 0x4f, 0xd0, 0xff, 0xb9, 0x20, 0xe2, 0xd0, 0x66, 0x89, 0x88, 0x84, 0x84, 0x44, 0xaa, - 0xaa, 0x0d, 0x72, 0xfb, 0xc0, 0xf9, 0x52, 0x45, 0x8b, 0x87, 0x19, 0xf0, 0xd1, 0x9b, 0x34, 0x9f, - 0xa3, 0xb8, 0x23, 0xe9, 0x06, 0x5a, 0xf2, 0xa2, 0x44, 0x09, 0x4b, 0x63, 0x20, 0x37, 0x49, 0xdc, - 0x46, 0x8b, 0x1e, 0x1d, 0x2a, 0xe2, 0x28, 0x1a, 0x80, 0xf5, 0xdf, 0xba, 0xb6, 0x59, 0xdb, 0x7e, - 0xd0, 0x28, 0x5c, 0x6b, 0x5c, 0xba, 0xd6, 0xd8, 0x99, 0xb8, 0xd6, 0xaa, 0x9e, 0x9e, 0xaf, 0x55, - 0xc8, 0x8d, 0xa0, 0x7c, 0x54, 0xcd, 0x38, 0x66, 0x27, 0xef, 0x24, 0x8d, 0xc1, 0xaa, 0xaa, 0xc2, - 0x4b, 0xcc, 0xf4, 0xfe, 0xe6, 0xef, 0xe8, 0x0f, 0xaf, 0x22, 0xe3, 0xbd, 0x80, 0x36, 0xf5, 0xfb, - 0x60, 0xe9, 0x4a, 0x74, 0x85, 0xf1, 0x01, 0xaa, 0x7b, 0x74, 0xa8, 0xb2, 0x5e, 0x56, 0x64, 0x2d, - 0xcc, 0x56, 0xf2, 0xad, 0x40, 0xfc, 0x02, 0xe9, 0x1e, 0x1d, 0x36, 0x43, 0xb0, 0x8c, 0xd9, 0x52, - 0x4c, 0xe4, 0xf8, 0x31, 0x5a, 0xf6, 0x32, 0x21, 0x09, 0x1c, 0xd3, 0x38, 0x0a, 0xa8, 0x04, 0xcb, - 0x54, 0x75, 0xfe, 0xc5, 0xe6, 0xc3, 0x55, 0x37, 0xee, 0xf5, 0x76, 0x39, 0x67, 0xdc, 0x42, 0x33, - 0x0e, 0xb7, 0x1c, 0x84, 0xef, 0x23, 0xfd, 0x55, 0x14, 0xe7, 0x3b, 0x58, 0x53, 0xf6, 0x4e, 0x90, - 0xf3, 0x5b, 0x43, 0xa6, 0xb2, 0xc0, 0x03, 0x49, 0xf3, 0x1d, 0x28, 0xbd, 0x0e, 0x52, 0x00, 0xdc, - 0x44, 0xb5, 0x0e, 0x15, 0xb2, 0xcd, 0x12, 0x49, 0xfd, 0x62, 0xa5, 0x66, 0xb8, 0xbf, 0x1c, 0x83, - 0xd7, 0x51, 0xed, 0x20, 0x61, 0x27, 0x49, 0x07, 0x68, 0x00, 0x5c, 0xed, 0x87, 0x41, 0xca, 0x14, - 0xde, 0x42, 0xf5, 0x2b, 0xf7, 0xfc, 0x51, 0x07, 0x8e, 0x21, 0x56, 0x3b, 0x60, 0x92, 0x5b, 0x3c, - 0x7e, 0x8e, 0xee, 0x11, 0x10, 0x59, 0x2c, 0x45, 0xd1, 0x05, 0x04, 0xad, 0x51, 0xb3, 0xdd, 0x11, - 0xca, 0x44, 0x83, 0x4c, 0x3f, 0xdc, 0xaf, 0x1a, 0xf3, 0x75, 0x7d, 0xbf, 0x6a, 0xe8, 0xf5, 0x05, - 0xa7, 0x83, 0x96, 0x77, 0xf3, 0xf7, 0x97, 0xf2, 0x48, 0x80, 0x6a, 0xfd, 0x11, 0x32, 0x5f, 0xd3, - 0x01, 0x88, 0x94, 0xfa, 0x30, 0x79, 0x02, 0xd7, 0x44, 0x7e, 0xfa, 0x96, 0x72, 0x19, 0xa9, 0x55, - 0x99, 0x2b, 0x4e, 0xaf, 0x88, 0x56, 0xe7, 0xf4, 0xa7, 0x5d, 0x39, 0xbd, 0xb0, 0xb5, 0xb3, 0x0b, - 0x5b, 0xfb, 0x71, 0x61, 0x6b, 0x5f, 0xc7, 0x76, 0xe5, 0xdb, 0xd8, 0xae, 0x9c, 0x8d, 0xed, 0xca, - 0xf7, 0xb1, 0x5d, 0xf9, 0xb8, 0x15, 0x46, 0xb2, 0x9f, 0x75, 0x1b, 0x3e, 0x1b, 0xb8, 0x7d, 0x2a, - 0xfa, 0x91, 0xcf, 0x78, 0xea, 0xfa, 0x2c, 0x11, 0x59, 0xec, 0xde, 0xfc, 0x00, 0x76, 0x75, 0x85, - 0x9f, 0xfd, 0x09, 0x00, 0x00, 0xff, 0xff, 0xa8, 0x69, 0xe7, 0xf4, 0x19, 0x05, 0x00, 0x00, + // 558 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x84, 0x54, 0x51, 0x6f, 0xd3, 0x30, + 0x10, 0x56, 0xb7, 0x2e, 0x4b, 0xae, 0x65, 0x2a, 0x16, 0xa0, 0x30, 0xd0, 0x54, 0x45, 0x13, 0x9a, + 0xa6, 0xa9, 0x11, 0x83, 0x37, 0xc4, 0x43, 0xd7, 0x15, 0x69, 0xa3, 0x61, 0xcc, 0x14, 0x21, 0xf1, + 0xe6, 0x26, 0xd7, 0xd6, 0x22, 0x8d, 0x83, 0xed, 0x6c, 0xed, 0x7f, 0x46, 0xfc, 0x06, 0x14, 0xa7, + 0xed, 0x52, 0xba, 0xad, 0x4f, 0xd1, 0xf7, 0xdd, 0xe7, 0xf3, 0xdd, 0x7d, 0xe7, 0xc0, 0xab, 0x54, + 0x0a, 0x2d, 0xfc, 0x74, 0x10, 0x8a, 0xc9, 0x44, 0x24, 0x7e, 0xf1, 0x69, 0x19, 0x96, 0x58, 0x05, + 0xda, 0x3f, 0x18, 0x09, 0x31, 0x8a, 0xd1, 0x37, 0xec, 0x20, 0x1b, 0xfa, 0x51, 0x26, 0x99, 0xe6, + 0x0b, 0x9d, 0x77, 0x05, 0x0e, 0x65, 0x43, 0x7d, 0x91, 0x44, 0x38, 0x25, 0x4d, 0xa8, 0x75, 0x24, + 0x32, 0x8d, 0x06, 0xba, 0x95, 0x66, 0xe5, 0xa8, 0x4a, 0xcb, 0x54, 0xae, 0x08, 0x44, 0xc4, 0x87, + 0xb3, 0x42, 0xb1, 0x55, 0x28, 0x4a, 0x94, 0x77, 0x0a, 0x8d, 0x3e, 0x93, 0x23, 0xd4, 0xe7, 0x4c, + 0xb3, 0x10, 0x13, 0x8d, 0x92, 0x1c, 0x00, 0xdc, 0x21, 0x93, 0xd6, 0xa1, 0x25, 0xc6, 0x3b, 0x84, + 0xfa, 0x0f, 0xc9, 0x35, 0x52, 0xfc, 0x9d, 0xa1, 0xd2, 0xe4, 0x19, 0xec, 0xf4, 0xc5, 0x2f, 0x4c, + 0xe6, 0xd2, 0x02, 0x78, 0xd7, 0x50, 0xa3, 0xc8, 0xa2, 0x47, 0x45, 0xe4, 0x04, 0x9e, 0xe6, 0x02, + 0x2e, 0xb1, 0x23, 0x12, 0xc5, 0x95, 0xc6, 0x44, 0x9b, 0x32, 0x6d, 0xba, 0x1e, 0xf0, 0xfe, 0x6c, + 0x43, 0xfd, 0x3a, 0x43, 0x39, 0xbb, 0x4a, 0xf3, 0x99, 0xa8, 0x07, 0x92, 0x1e, 0xc2, 0x93, 0x80, + 0x27, 0x46, 0x58, 0xee, 0x7b, 0x95, 0x24, 0x1f, 0xa1, 0x1e, 0xb0, 0xa9, 0x21, 0xfa, 0x7c, 0x82, + 0xee, 0x76, 0xb3, 0x72, 0x54, 0x3b, 0x7d, 0xd9, 0x2a, 0x1c, 0x68, 0x2d, 0x1c, 0x68, 0x9d, 0xcf, + 0x1d, 0xa0, 0x2b, 0xf2, 0x7c, 0x48, 0xed, 0x38, 0x16, 0xb7, 0xdf, 0x34, 0x8b, 0xd1, 0xad, 0x9a, + 0x92, 0x4b, 0xcc, 0xfd, 0x9d, 0xed, 0x3c, 0xd0, 0x19, 0xd9, 0x07, 0xfb, 0xbb, 0xc2, 0x0e, 0x0b, + 0xc7, 0xe8, 0x5a, 0x46, 0xb4, 0xc4, 0xa4, 0x0b, 0x8d, 0x80, 0x4d, 0x4d, 0xd6, 0x45, 0x2d, 0xee, + 0xee, 0xa6, 0x62, 0xd7, 0x8e, 0x90, 0xb7, 0x60, 0x05, 0x6c, 0xda, 0x1e, 0xa1, 0x6b, 0x6f, 0x3a, + 0x3c, 0x17, 0x92, 0x37, 0xb0, 0x17, 0x64, 0x4a, 0x53, 0xbc, 0x61, 0x31, 0x8f, 0x98, 0x46, 0xd7, + 0x31, 0xb5, 0xfd, 0xc7, 0xe6, 0xa3, 0x34, 0x77, 0x5d, 0x0c, 0xbb, 0x52, 0x0a, 0xe9, 0xc2, 0xc6, + 0x51, 0x96, 0xe5, 0xe4, 0x05, 0x58, 0x9f, 0x78, 0x9c, 0xef, 0x5a, 0xcd, 0xd8, 0x38, 0x47, 0xde, + 0xdf, 0x0a, 0x38, 0x66, 0xe0, 0x01, 0x6a, 0x96, 0x7b, 0x5d, 0xde, 0xf3, 0x02, 0x90, 0x0f, 0x50, + 0xeb, 0x31, 0xa5, 0x3b, 0x22, 0xd1, 0x2c, 0x2c, 0x56, 0xe7, 0xd1, 0x9b, 0xcb, 0xea, 0xfc, 0x79, + 0x7c, 0x4e, 0xc4, 0x6d, 0xd2, 0x43, 0x16, 0xa1, 0x34, 0x1b, 0x60, 0xd3, 0x32, 0x45, 0x8e, 0xa1, + 0xb1, 0x74, 0x29, 0x9c, 0xf5, 0xf0, 0x06, 0x63, 0xe3, 0xb5, 0x43, 0xd7, 0x78, 0xf2, 0x1e, 0x9e, + 0x53, 0x54, 0x59, 0xac, 0x55, 0x51, 0x3f, 0x46, 0x67, 0xb3, 0x76, 0xa7, 0xa7, 0x8c, 0x59, 0x36, + 0xbd, 0x3f, 0x78, 0x59, 0xb5, 0x77, 0x1a, 0xd6, 0x65, 0xd5, 0xb6, 0x1a, 0xbb, 0x5e, 0x0f, 0xf6, + 0xba, 0xf9, 0x0b, 0x4b, 0x25, 0x57, 0x68, 0x9a, 0x7e, 0x0d, 0xce, 0x17, 0x36, 0x41, 0x95, 0xb2, + 0x10, 0xe7, 0x4b, 0x7e, 0x47, 0xe4, 0xd1, 0xaf, 0x4c, 0x6a, 0x6e, 0x56, 0x62, 0xab, 0x88, 0x2e, + 0x89, 0xb3, 0x93, 0x9f, 0xc7, 0x23, 0xae, 0xc7, 0xd9, 0xa0, 0x15, 0x8a, 0x89, 0x3f, 0x66, 0x6a, + 0xcc, 0x43, 0x21, 0x53, 0x3f, 0x14, 0x89, 0xca, 0x62, 0x7f, 0xf5, 0x77, 0x34, 0xb0, 0x0c, 0x7e, + 0xf7, 0x2f, 0x00, 0x00, 0xff, 0xff, 0x35, 0xe5, 0x62, 0x05, 0xa7, 0x04, 0x00, 0x00, } - -func (m *RaftIndex) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *RaftIndex) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *RaftIndex) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if m.ModifyIndex != 0 { - i = encodeVarintCommon(dAtA, i, uint64(m.ModifyIndex)) - i-- - dAtA[i] = 0x10 - } - if m.CreateIndex != 0 { - i = encodeVarintCommon(dAtA, i, uint64(m.CreateIndex)) - i-- - dAtA[i] = 0x8 - } - return len(dAtA) - i, nil -} - -func (m *TargetDatacenter) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *TargetDatacenter) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *TargetDatacenter) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if len(m.Datacenter) > 0 { - i -= len(m.Datacenter) - copy(dAtA[i:], m.Datacenter) - i = encodeVarintCommon(dAtA, i, uint64(len(m.Datacenter))) - i-- - dAtA[i] = 0xa - } - return len(dAtA) - i, nil -} - -func (m *WriteRequest) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *WriteRequest) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *WriteRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if len(m.Token) > 0 { - i -= len(m.Token) - copy(dAtA[i:], m.Token) - i = encodeVarintCommon(dAtA, i, uint64(len(m.Token))) - i-- - dAtA[i] = 0xa - } - return len(dAtA) - i, nil -} - -func (m *ReadRequest) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *ReadRequest) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *ReadRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if m.RequireConsistent { - i-- - if m.RequireConsistent { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x10 - } - if len(m.Token) > 0 { - i -= len(m.Token) - copy(dAtA[i:], m.Token) - i = encodeVarintCommon(dAtA, i, uint64(len(m.Token))) - i-- - dAtA[i] = 0xa - } - return len(dAtA) - i, nil -} - -func (m *QueryOptions) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *QueryOptions) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *QueryOptions) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if len(m.Filter) > 0 { - i -= len(m.Filter) - copy(dAtA[i:], m.Filter) - i = encodeVarintCommon(dAtA, i, uint64(len(m.Filter))) - i-- - dAtA[i] = 0x5a - } - { - size, err := m.StaleIfError.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintCommon(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x52 - if m.MustRevalidate { - i-- - if m.MustRevalidate { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x48 - } - { - size, err := m.MaxAge.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintCommon(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x42 - { - size, err := m.MaxStaleDuration.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintCommon(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x3a - if m.UseCache { - i-- - if m.UseCache { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x30 - } - if m.RequireConsistent { - i-- - if m.RequireConsistent { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x28 - } - if m.AllowStale { - i-- - if m.AllowStale { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x20 - } - { - size, err := m.MaxQueryTime.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintCommon(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x1a - if m.MinQueryIndex != 0 { - i = encodeVarintCommon(dAtA, i, uint64(m.MinQueryIndex)) - i-- - dAtA[i] = 0x10 - } - if len(m.Token) > 0 { - i -= len(m.Token) - copy(dAtA[i:], m.Token) - i = encodeVarintCommon(dAtA, i, uint64(len(m.Token))) - i-- - dAtA[i] = 0xa - } - return len(dAtA) - i, nil -} - -func (m *QueryMeta) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *QueryMeta) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *QueryMeta) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if m.ResultsFilteredByACLs { - i-- - if m.ResultsFilteredByACLs { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x38 - } - if len(m.ConsistencyLevel) > 0 { - i -= len(m.ConsistencyLevel) - copy(dAtA[i:], m.ConsistencyLevel) - i = encodeVarintCommon(dAtA, i, uint64(len(m.ConsistencyLevel))) - i-- - dAtA[i] = 0x22 - } - if m.KnownLeader { - i-- - if m.KnownLeader { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x18 - } - { - size, err := m.LastContact.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintCommon(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x12 - if m.Index != 0 { - i = encodeVarintCommon(dAtA, i, uint64(m.Index)) - i-- - dAtA[i] = 0x8 - } - return len(dAtA) - i, nil -} - -func (m *EnterpriseMeta) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *EnterpriseMeta) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *EnterpriseMeta) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if len(m.Partition) > 0 { - i -= len(m.Partition) - copy(dAtA[i:], m.Partition) - i = encodeVarintCommon(dAtA, i, uint64(len(m.Partition))) - i-- - dAtA[i] = 0x12 - } - if len(m.Namespace) > 0 { - i -= len(m.Namespace) - copy(dAtA[i:], m.Namespace) - i = encodeVarintCommon(dAtA, i, uint64(len(m.Namespace))) - i-- - dAtA[i] = 0xa - } - return len(dAtA) - i, nil -} - -func encodeVarintCommon(dAtA []byte, offset int, v uint64) int { - offset -= sovCommon(v) - base := offset - for v >= 1<<7 { - dAtA[offset] = uint8(v&0x7f | 0x80) - v >>= 7 - offset++ - } - dAtA[offset] = uint8(v) - return base -} -func (m *RaftIndex) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - if m.CreateIndex != 0 { - n += 1 + sovCommon(uint64(m.CreateIndex)) - } - if m.ModifyIndex != 0 { - n += 1 + sovCommon(uint64(m.ModifyIndex)) - } - return n -} - -func (m *TargetDatacenter) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.Datacenter) - if l > 0 { - n += 1 + l + sovCommon(uint64(l)) - } - return n -} - -func (m *WriteRequest) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.Token) - if l > 0 { - n += 1 + l + sovCommon(uint64(l)) - } - return n -} - -func (m *ReadRequest) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.Token) - if l > 0 { - n += 1 + l + sovCommon(uint64(l)) - } - if m.RequireConsistent { - n += 2 - } - return n -} - -func (m *QueryOptions) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.Token) - if l > 0 { - n += 1 + l + sovCommon(uint64(l)) - } - if m.MinQueryIndex != 0 { - n += 1 + sovCommon(uint64(m.MinQueryIndex)) - } - l = m.MaxQueryTime.Size() - n += 1 + l + sovCommon(uint64(l)) - if m.AllowStale { - n += 2 - } - if m.RequireConsistent { - n += 2 - } - if m.UseCache { - n += 2 - } - l = m.MaxStaleDuration.Size() - n += 1 + l + sovCommon(uint64(l)) - l = m.MaxAge.Size() - n += 1 + l + sovCommon(uint64(l)) - if m.MustRevalidate { - n += 2 - } - l = m.StaleIfError.Size() - n += 1 + l + sovCommon(uint64(l)) - l = len(m.Filter) - if l > 0 { - n += 1 + l + sovCommon(uint64(l)) - } - return n -} - -func (m *QueryMeta) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - if m.Index != 0 { - n += 1 + sovCommon(uint64(m.Index)) - } - l = m.LastContact.Size() - n += 1 + l + sovCommon(uint64(l)) - if m.KnownLeader { - n += 2 - } - l = len(m.ConsistencyLevel) - if l > 0 { - n += 1 + l + sovCommon(uint64(l)) - } - if m.ResultsFilteredByACLs { - n += 2 - } - return n -} - -func (m *EnterpriseMeta) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.Namespace) - if l > 0 { - n += 1 + l + sovCommon(uint64(l)) - } - l = len(m.Partition) - if l > 0 { - n += 1 + l + sovCommon(uint64(l)) - } - return n -} - -func sovCommon(x uint64) (n int) { - return (math_bits.Len64(x|1) + 6) / 7 -} -func sozCommon(x uint64) (n int) { - return sovCommon(uint64((x << 1) ^ uint64((int64(x) >> 63)))) -} -func (m *RaftIndex) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: RaftIndex: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: RaftIndex: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field CreateIndex", wireType) - } - m.CreateIndex = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.CreateIndex |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - case 2: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field ModifyIndex", wireType) - } - m.ModifyIndex = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.ModifyIndex |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - default: - iNdEx = preIndex - skippy, err := skipCommon(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthCommon - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *TargetDatacenter) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: TargetDatacenter: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: TargetDatacenter: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Datacenter", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthCommon - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthCommon - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Datacenter = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipCommon(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthCommon - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *WriteRequest) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: WriteRequest: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: WriteRequest: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Token", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthCommon - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthCommon - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Token = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipCommon(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthCommon - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *ReadRequest) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: ReadRequest: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: ReadRequest: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Token", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthCommon - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthCommon - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Token = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 2: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field RequireConsistent", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.RequireConsistent = bool(v != 0) - default: - iNdEx = preIndex - skippy, err := skipCommon(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthCommon - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *QueryOptions) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: QueryOptions: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: QueryOptions: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Token", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthCommon - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthCommon - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Token = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 2: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field MinQueryIndex", wireType) - } - m.MinQueryIndex = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.MinQueryIndex |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field MaxQueryTime", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthCommon - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthCommon - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.MaxQueryTime.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 4: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field AllowStale", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.AllowStale = bool(v != 0) - case 5: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field RequireConsistent", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.RequireConsistent = bool(v != 0) - case 6: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field UseCache", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.UseCache = bool(v != 0) - case 7: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field MaxStaleDuration", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthCommon - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthCommon - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.MaxStaleDuration.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 8: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field MaxAge", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthCommon - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthCommon - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.MaxAge.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 9: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field MustRevalidate", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.MustRevalidate = bool(v != 0) - case 10: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field StaleIfError", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthCommon - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthCommon - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.StaleIfError.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 11: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Filter", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthCommon - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthCommon - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Filter = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipCommon(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthCommon - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *QueryMeta) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: QueryMeta: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: QueryMeta: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field Index", wireType) - } - m.Index = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.Index |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field LastContact", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthCommon - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthCommon - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.LastContact.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 3: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field KnownLeader", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.KnownLeader = bool(v != 0) - case 4: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ConsistencyLevel", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthCommon - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthCommon - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.ConsistencyLevel = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 7: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field ResultsFilteredByACLs", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.ResultsFilteredByACLs = bool(v != 0) - default: - iNdEx = preIndex - skippy, err := skipCommon(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthCommon - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *EnterpriseMeta) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: EnterpriseMeta: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: EnterpriseMeta: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Namespace", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthCommon - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthCommon - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Namespace = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Partition", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthCommon - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthCommon - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Partition = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipCommon(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthCommon - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func skipCommon(dAtA []byte) (n int, err error) { - l := len(dAtA) - iNdEx := 0 - depth := 0 - for iNdEx < l { - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowCommon - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - wireType := int(wire & 0x7) - switch wireType { - case 0: - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowCommon - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - iNdEx++ - if dAtA[iNdEx-1] < 0x80 { - break - } - } - case 1: - iNdEx += 8 - case 2: - var length int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowCommon - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - length |= (int(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - if length < 0 { - return 0, ErrInvalidLengthCommon - } - iNdEx += length - case 3: - depth++ - case 4: - if depth == 0 { - return 0, ErrUnexpectedEndOfGroupCommon - } - depth-- - case 5: - iNdEx += 4 - default: - return 0, fmt.Errorf("proto: illegal wireType %d", wireType) - } - if iNdEx < 0 { - return 0, ErrInvalidLengthCommon - } - if depth == 0 { - return iNdEx, nil - } - } - return 0, io.ErrUnexpectedEOF -} - -var ( - ErrInvalidLengthCommon = fmt.Errorf("proto: negative length found during unmarshaling") - ErrIntOverflowCommon = fmt.Errorf("proto: integer overflow") - ErrUnexpectedEndOfGroupCommon = fmt.Errorf("proto: unexpected end of group") -) diff --git a/proto/pbcommon/common.proto b/proto/pbcommon/common.proto index a3ec852b6..b38e77fda 100644 --- a/proto/pbcommon/common.proto +++ b/proto/pbcommon/common.proto @@ -5,23 +5,15 @@ package common; option go_package = "github.com/hashicorp/consul/proto/pbcommon"; import "google/protobuf/duration.proto"; -// Go Modules now includes the version in the filepath for packages within GOPATH/pkg/mode -// Therefore unless we want to hardcode a version here like -// github.com/gogo/protobuf@v1.3.0/gogoproto/gogo.proto then the only other choice is to -// have a more relative import and pass the right import path to protoc. I don't like it -// but its necessary. -import "gogoproto/gogo.proto"; -option (gogoproto.goproto_unkeyed_all) = false; -option (gogoproto.goproto_unrecognized_all) = false; -option (gogoproto.goproto_getters_all) = false; -option (gogoproto.goproto_sizecache_all) = false; // RaftIndex is used to track the index used while creating // or modifying a given struct type. message RaftIndex { - uint64 CreateIndex = 1 [(gogoproto.moretags) = "bexpr:\"-\""]; - uint64 ModifyIndex = 2 [(gogoproto.moretags) = "bexpr:\"-\""]; + // @gotags: bexpr:"-" + uint64 CreateIndex = 1; + // @gotags: bexpr:"-" + uint64 ModifyIndex = 2; } // TargetDatacenter is intended to be used within other messages used for RPC routing @@ -53,6 +45,13 @@ message ReadRequest { // QueryOptions is used to specify various flags for read queries +// +// mog annotation: +// +// target=github.com/hashicorp/consul/agent/structs.QueryOptions +// output=common.gen.go +// name=Structs +// ignore-fields=StaleIfError,AllowNotModifiedResponse,state,sizeCache,unknownFields message QueryOptions { // Token is the ACL token ID. If not provided, the 'anonymous' // token is assumed for backwards compatibility. @@ -63,8 +62,8 @@ message QueryOptions { uint64 MinQueryIndex = 2; // Provided with MinQueryIndex to wait for change. - google.protobuf.Duration MaxQueryTime = 3 - [(gogoproto.nullable) = false]; + // mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto + google.protobuf.Duration MaxQueryTime = 3; // If set, any follower can service the request. Results // may be arbitrarily stale. @@ -86,8 +85,8 @@ message QueryOptions { // If set and AllowStale is true, will try first a stale // read, and then will perform a consistent read if stale // read is older than value. - google.protobuf.Duration MaxStaleDuration = 7 - [(gogoproto.nullable) = false]; + // mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto + google.protobuf.Duration MaxStaleDuration = 7; // MaxAge limits how old a cached value will be returned if UseCache is true. // If there is a cached response that is older than the MaxAge, it is treated @@ -96,8 +95,8 @@ message QueryOptions { // StaleIfError to a longer duration to change this behavior. It is ignored // if the endpoint supports background refresh caching. See // https://www.consul.io/api/index.html#agent-caching for more details. - google.protobuf.Duration MaxAge = 8 - [(gogoproto.nullable) = false]; + // mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto + google.protobuf.Duration MaxAge = 8; // MustRevalidate forces the agent to fetch a fresh version of a cached // resource or at least validate that the cached version is still fresh. It is @@ -111,8 +110,7 @@ message QueryOptions { // UseCache is true and MaxAge is set to a lower, non-zero value. It is // ignored if the endpoint supports background refresh caching. See // https://www.consul.io/api/index.html#agent-caching for more details. - google.protobuf.Duration StaleIfError = 10 - [(gogoproto.nullable) = false]; + google.protobuf.Duration StaleIfError = 10; // Filter specifies the go-bexpr filter expression to be used for // filtering the data prior to returning a response @@ -121,6 +119,13 @@ message QueryOptions { // QueryMeta allows a query response to include potentially // useful metadata about a query +// +// mog annotation: +// +// target=github.com/hashicorp/consul/agent/structs.QueryMeta +// output=common.gen.go +// name=Structs +// ignore-fields=NotModified,Backend,state,sizeCache,unknownFields message QueryMeta { // This is the index associated with the read uint64 Index = 1; @@ -128,8 +133,8 @@ message QueryMeta { // If AllowStale is used, this is time elapsed since // last contact between the follower and leader. This // can be used to gauge staleness. - google.protobuf.Duration LastContact = 2 - [(gogoproto.nullable) = false]; + // mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto + google.protobuf.Duration LastContact = 2; // Used to indicate if there is a known leader node bool KnownLeader = 3; diff --git a/proto/pbcommon/common_oss.go b/proto/pbcommon/common_oss.go index 06c9dbdd3..e96c1a4b3 100644 --- a/proto/pbcommon/common_oss.go +++ b/proto/pbcommon/common_oss.go @@ -9,10 +9,16 @@ import ( var DefaultEnterpriseMeta = EnterpriseMeta{} -func EnterpriseMetaToStructs(_ *EnterpriseMeta) structs.EnterpriseMeta { - return *structs.DefaultEnterpriseMetaInDefaultPartition() -} - func NewEnterpriseMetaFromStructs(_ structs.EnterpriseMeta) *EnterpriseMeta { return &EnterpriseMeta{} } +func EnterpriseMetaToStructs(s *EnterpriseMeta, t *structs.EnterpriseMeta) { + if s == nil { + return + } +} +func EnterpriseMetaFromStructs(t *structs.EnterpriseMeta, s *EnterpriseMeta) { + if s == nil { + return + } +} diff --git a/proto/pbcommongogo/common.gen.go b/proto/pbcommongogo/common.gen.go new file mode 100644 index 000000000..925ebb70d --- /dev/null +++ b/proto/pbcommongogo/common.gen.go @@ -0,0 +1,70 @@ +// Code generated by mog. DO NOT EDIT. + +package pbcommongogo + +import "github.com/hashicorp/consul/agent/structs" + +func QueryMetaToStructs(s *QueryMeta, t *structs.QueryMeta) { + if s == nil { + return + } + t.Index = s.Index + t.LastContact = structs.DurationFromProtoGogo(s.LastContact) + t.KnownLeader = s.KnownLeader + t.ConsistencyLevel = s.ConsistencyLevel + t.ResultsFilteredByACLs = s.ResultsFilteredByACLs +} +func QueryMetaFromStructs(t *structs.QueryMeta, s *QueryMeta) { + if s == nil { + return + } + s.Index = t.Index + s.LastContact = structs.DurationToProtoGogo(t.LastContact) + s.KnownLeader = t.KnownLeader + s.ConsistencyLevel = t.ConsistencyLevel + s.ResultsFilteredByACLs = t.ResultsFilteredByACLs +} +func QueryOptionsToStructs(s *QueryOptions, t *structs.QueryOptions) { + if s == nil { + return + } + t.Token = s.Token + t.MinQueryIndex = s.MinQueryIndex + t.MaxQueryTime = structs.DurationFromProtoGogo(s.MaxQueryTime) + t.AllowStale = s.AllowStale + t.RequireConsistent = s.RequireConsistent + t.UseCache = s.UseCache + t.MaxStaleDuration = structs.DurationFromProtoGogo(s.MaxStaleDuration) + t.MaxAge = structs.DurationFromProtoGogo(s.MaxAge) + t.MustRevalidate = s.MustRevalidate + t.Filter = s.Filter +} +func QueryOptionsFromStructs(t *structs.QueryOptions, s *QueryOptions) { + if s == nil { + return + } + s.Token = t.Token + s.MinQueryIndex = t.MinQueryIndex + s.MaxQueryTime = structs.DurationToProtoGogo(t.MaxQueryTime) + s.AllowStale = t.AllowStale + s.RequireConsistent = t.RequireConsistent + s.UseCache = t.UseCache + s.MaxStaleDuration = structs.DurationToProtoGogo(t.MaxStaleDuration) + s.MaxAge = structs.DurationToProtoGogo(t.MaxAge) + s.MustRevalidate = t.MustRevalidate + s.Filter = t.Filter +} +func RaftIndexToStructs(s *RaftIndex, t *structs.RaftIndex) { + if s == nil { + return + } + t.CreateIndex = s.CreateIndex + t.ModifyIndex = s.ModifyIndex +} +func RaftIndexFromStructs(t *structs.RaftIndex, s *RaftIndex) { + if s == nil { + return + } + s.CreateIndex = t.CreateIndex + s.ModifyIndex = t.ModifyIndex +} diff --git a/proto/pbcommongogo/common.go b/proto/pbcommongogo/common.go new file mode 100644 index 000000000..5cd6d4d64 --- /dev/null +++ b/proto/pbcommongogo/common.go @@ -0,0 +1,303 @@ +package pbcommongogo + +import ( + "time" + + "github.com/hashicorp/consul/agent/structs" +) + +// IsRead is always true for QueryOption +func (q *QueryOptions) IsRead() bool { + return true +} + +// AllowStaleRead returns whether a stale read should be allowed +func (q *QueryOptions) AllowStaleRead() bool { + return q.AllowStale +} + +func (q *QueryOptions) TokenSecret() string { + return q.Token +} + +func (q *QueryOptions) SetTokenSecret(s string) { + q.Token = s +} + +// SetToken is needed to implement the structs.QueryOptionsCompat interface +func (q *QueryOptions) SetToken(token string) { + q.Token = token +} + +// SetMinQueryIndex is needed to implement the structs.QueryOptionsCompat interface +func (q *QueryOptions) SetMinQueryIndex(minQueryIndex uint64) { + q.MinQueryIndex = minQueryIndex +} + +// SetMaxQueryTime is needed to implement the structs.QueryOptionsCompat interface +func (q *QueryOptions) SetMaxQueryTime(maxQueryTime time.Duration) { + q.MaxQueryTime = structs.DurationToProtoGogo(maxQueryTime) +} + +// SetAllowStale is needed to implement the structs.QueryOptionsCompat interface +func (q *QueryOptions) SetAllowStale(allowStale bool) { + q.AllowStale = allowStale +} + +// SetRequireConsistent is needed to implement the structs.QueryOptionsCompat interface +func (q *QueryOptions) SetRequireConsistent(requireConsistent bool) { + q.RequireConsistent = requireConsistent +} + +// SetUseCache is needed to implement the structs.QueryOptionsCompat interface +func (q *QueryOptions) SetUseCache(useCache bool) { + q.UseCache = useCache +} + +// SetMaxStaleDuration is needed to implement the structs.QueryOptionsCompat interface +func (q *QueryOptions) SetMaxStaleDuration(maxStaleDuration time.Duration) { + q.MaxStaleDuration = structs.DurationToProtoGogo(maxStaleDuration) +} + +// SetMaxAge is needed to implement the structs.QueryOptionsCompat interface +func (q *QueryOptions) SetMaxAge(maxAge time.Duration) { + q.MaxAge = structs.DurationToProtoGogo(maxAge) +} + +// SetMustRevalidate is needed to implement the structs.QueryOptionsCompat interface +func (q *QueryOptions) SetMustRevalidate(mustRevalidate bool) { + q.MustRevalidate = mustRevalidate +} + +// SetStaleIfError is needed to implement the structs.QueryOptionsCompat interface +func (q *QueryOptions) SetStaleIfError(staleIfError time.Duration) { + q.StaleIfError = structs.DurationToProtoGogo(staleIfError) +} + +func (q QueryOptions) HasTimedOut(start time.Time, rpcHoldTimeout, maxQueryTime, defaultQueryTime time.Duration) (bool, error) { + maxTime := structs.DurationFromProtoGogo(q.MaxQueryTime) + o := structs.QueryOptions{ + MaxQueryTime: maxTime, + MinQueryIndex: q.MinQueryIndex, + } + return o.HasTimedOut(start, rpcHoldTimeout, maxQueryTime, defaultQueryTime) +} + +// SetFilter is needed to implement the structs.QueryOptionsCompat interface +func (q *QueryOptions) SetFilter(filter string) { + q.Filter = filter +} + +// GetMaxQueryTime is required to implement blockingQueryOptions +func (q *QueryOptions) GetMaxQueryTime() (time.Duration, error) { + return structs.DurationFromProtoGogo(q.MaxQueryTime), nil +} + +// GetMinQueryIndex is required to implement blockingQueryOptions +func (q *QueryOptions) GetMinQueryIndex() uint64 { + if q != nil { + return q.MinQueryIndex + } + return 0 +} + +// GetRequireConsistent is required to implement blockingQueryOptions +func (q *QueryOptions) GetRequireConsistent() bool { + if q != nil { + return q.RequireConsistent + } + return false +} + +// GetToken is required to implement blockingQueryOptions +func (q *QueryOptions) GetToken() string { + if q != nil { + return q.Token + } + return "" +} + +// GetAllowStale is required to implement structs.QueryOptionsCompat +func (q *QueryOptions) GetAllowStale() bool { + if q != nil { + return q.AllowStale + } + return false +} + +// GetFilter is required to implement structs.QueryOptionsCompat +func (q *QueryOptions) GetFilter() string { + if q != nil { + return q.Filter + } + return "" +} + +// GetMaxAge is required to implement structs.QueryOptionsCompat +func (q *QueryOptions) GetMaxAge() (time.Duration, error) { + if q != nil { + return structs.DurationFromProtoGogo(q.MaxAge), nil + } + return 0, nil +} + +// GetMaxStaleDuration is required to implement structs.QueryOptionsCompat +func (q *QueryOptions) GetMaxStaleDuration() (time.Duration, error) { + if q != nil { + return structs.DurationFromProtoGogo(q.MaxStaleDuration), nil + } + return 0, nil +} + +// GetMustRevalidate is required to implement structs.QueryOptionsCompat +func (q *QueryOptions) GetMustRevalidate() bool { + if q != nil { + return q.MustRevalidate + } + return false +} + +// GetStaleIfError is required to implement structs.QueryOptionsCompat +func (q *QueryOptions) GetStaleIfError() (time.Duration, error) { + if q != nil { + return structs.DurationFromProtoGogo(q.StaleIfError), nil + } + return 0, nil +} + +// GetUseCache is required to implement structs.QueryOptionsCompat +func (q *QueryOptions) GetUseCache() bool { + if q != nil { + return q.UseCache + } + return false +} + +// SetLastContact is needed to implement the structs.QueryMetaCompat interface +func (q *QueryMeta) SetLastContact(lastContact time.Duration) { + q.LastContact = structs.DurationToProtoGogo(lastContact) +} + +// SetKnownLeader is needed to implement the structs.QueryMetaCompat interface +func (q *QueryMeta) SetKnownLeader(knownLeader bool) { + q.KnownLeader = knownLeader +} + +// SetIndex is needed to implement the structs.QueryMetaCompat interface +func (q *QueryMeta) SetIndex(index uint64) { + q.Index = index +} + +// SetConsistencyLevel is needed to implement the structs.QueryMetaCompat interface +func (q *QueryMeta) SetConsistencyLevel(consistencyLevel string) { + q.ConsistencyLevel = consistencyLevel +} + +func (q *QueryMeta) GetBackend() structs.QueryBackend { + return structs.QueryBackend(0) +} + +// SetResultsFilteredByACLs is needed to implement the structs.QueryMetaCompat interface +func (q *QueryMeta) SetResultsFilteredByACLs(v bool) { + q.ResultsFilteredByACLs = v +} + +// GetIndex is required to implement blockingQueryResponseMeta +func (q *QueryMeta) GetIndex() uint64 { + if q != nil { + return q.Index + } + return 0 +} + +// GetConsistencyLevel is required to implement structs.QueryMetaCompat +func (q *QueryMeta) GetConsistencyLevel() string { + if q != nil { + return q.ConsistencyLevel + } + return "" +} + +// GetKnownLeader is required to implement structs.QueryMetaCompat +func (q *QueryMeta) GetKnownLeader() bool { + if q != nil { + return q.KnownLeader + } + return false +} + +// GetLastContact is required to implement structs.QueryMetaCompat +func (q *QueryMeta) GetLastContact() (time.Duration, error) { + if q != nil { + return structs.DurationFromProtoGogo(q.LastContact), nil + } + return 0, nil +} + +// GetResultsFilteredByACLs is required to implement structs.QueryMetaCompat +func (q *QueryMeta) GetResultsFilteredByACLs() bool { + if q != nil { + return q.ResultsFilteredByACLs + } + return false +} + +// WriteRequest only applies to writes, always false +// +// IsRead implements structs.RPCInfo +func (w WriteRequest) IsRead() bool { + return false +} + +// SetTokenSecret implements structs.RPCInfo +func (w WriteRequest) TokenSecret() string { + return w.Token +} + +// SetTokenSecret implements structs.RPCInfo +func (w *WriteRequest) SetTokenSecret(s string) { + w.Token = s +} + +// AllowStaleRead returns whether a stale read should be allowed +// +// AllowStaleRead implements structs.RPCInfo +func (w WriteRequest) AllowStaleRead() bool { + return false +} + +// HasTimedOut implements structs.RPCInfo +func (w WriteRequest) HasTimedOut(start time.Time, rpcHoldTimeout, _, _ time.Duration) (bool, error) { + return time.Since(start) > rpcHoldTimeout, nil +} + +// IsRead implements structs.RPCInfo +func (r *ReadRequest) IsRead() bool { + return true +} + +// AllowStaleRead implements structs.RPCInfo +func (r *ReadRequest) AllowStaleRead() bool { + // TODO(partitions): plumb this? + return false +} + +// TokenSecret implements structs.RPCInfo +func (r *ReadRequest) TokenSecret() string { + return r.Token +} + +// SetTokenSecret implements structs.RPCInfo +func (r *ReadRequest) SetTokenSecret(token string) { + r.Token = token +} + +// HasTimedOut implements structs.RPCInfo +func (r *ReadRequest) HasTimedOut(start time.Time, rpcHoldTimeout, maxQueryTime, defaultQueryTime time.Duration) (bool, error) { + return time.Since(start) > rpcHoldTimeout, nil +} + +// RequestDatacenter implements structs.RPCInfo +func (td TargetDatacenter) RequestDatacenter() string { + return td.Datacenter +} diff --git a/proto/pbcommongogo/common.pb.binary.go b/proto/pbcommongogo/common.pb.binary.go new file mode 100644 index 000000000..2e6b57496 --- /dev/null +++ b/proto/pbcommongogo/common.pb.binary.go @@ -0,0 +1,78 @@ +// Code generated by protoc-gen-go-binary. DO NOT EDIT. +// source: proto/pbcommongogo/common.proto + +package pbcommongogo + +import ( + "github.com/golang/protobuf/proto" +) + +// MarshalBinary implements encoding.BinaryMarshaler +func (msg *RaftIndex) MarshalBinary() ([]byte, error) { + return proto.Marshal(msg) +} + +// UnmarshalBinary implements encoding.BinaryUnmarshaler +func (msg *RaftIndex) UnmarshalBinary(b []byte) error { + return proto.Unmarshal(b, msg) +} + +// MarshalBinary implements encoding.BinaryMarshaler +func (msg *TargetDatacenter) MarshalBinary() ([]byte, error) { + return proto.Marshal(msg) +} + +// UnmarshalBinary implements encoding.BinaryUnmarshaler +func (msg *TargetDatacenter) UnmarshalBinary(b []byte) error { + return proto.Unmarshal(b, msg) +} + +// MarshalBinary implements encoding.BinaryMarshaler +func (msg *WriteRequest) MarshalBinary() ([]byte, error) { + return proto.Marshal(msg) +} + +// UnmarshalBinary implements encoding.BinaryUnmarshaler +func (msg *WriteRequest) UnmarshalBinary(b []byte) error { + return proto.Unmarshal(b, msg) +} + +// MarshalBinary implements encoding.BinaryMarshaler +func (msg *ReadRequest) MarshalBinary() ([]byte, error) { + return proto.Marshal(msg) +} + +// UnmarshalBinary implements encoding.BinaryUnmarshaler +func (msg *ReadRequest) UnmarshalBinary(b []byte) error { + return proto.Unmarshal(b, msg) +} + +// MarshalBinary implements encoding.BinaryMarshaler +func (msg *QueryOptions) MarshalBinary() ([]byte, error) { + return proto.Marshal(msg) +} + +// UnmarshalBinary implements encoding.BinaryUnmarshaler +func (msg *QueryOptions) UnmarshalBinary(b []byte) error { + return proto.Unmarshal(b, msg) +} + +// MarshalBinary implements encoding.BinaryMarshaler +func (msg *QueryMeta) MarshalBinary() ([]byte, error) { + return proto.Marshal(msg) +} + +// UnmarshalBinary implements encoding.BinaryUnmarshaler +func (msg *QueryMeta) UnmarshalBinary(b []byte) error { + return proto.Unmarshal(b, msg) +} + +// MarshalBinary implements encoding.BinaryMarshaler +func (msg *EnterpriseMeta) MarshalBinary() ([]byte, error) { + return proto.Marshal(msg) +} + +// UnmarshalBinary implements encoding.BinaryUnmarshaler +func (msg *EnterpriseMeta) UnmarshalBinary(b []byte) error { + return proto.Unmarshal(b, msg) +} diff --git a/proto/pbcommongogo/common.pb.go b/proto/pbcommongogo/common.pb.go new file mode 100644 index 000000000..07db0feaa --- /dev/null +++ b/proto/pbcommongogo/common.pb.go @@ -0,0 +1,2036 @@ +// Code generated by protoc-gen-gogo. DO NOT EDIT. +// source: proto/pbcommongogo/common.proto + +package pbcommongogo + +import ( + fmt "fmt" + _ "github.com/gogo/protobuf/gogoproto" + types "github.com/gogo/protobuf/types" + proto "github.com/golang/protobuf/proto" + io "io" + math "math" + math_bits "math/bits" +) + +// Reference imports to suppress errors if they are not otherwise used. +var _ = proto.Marshal +var _ = fmt.Errorf +var _ = math.Inf + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the proto package it is being compiled against. +// A compilation error at this line likely means your copy of the +// proto package needs to be updated. +const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package + +// RaftIndex is used to track the index used while creating +// or modifying a given struct type. +// +// mog annotation: +// +// target=github.com/hashicorp/consul/agent/structs.RaftIndex +// output=common.gen.go +// name=Structs +type RaftIndex struct { + CreateIndex uint64 `protobuf:"varint,1,opt,name=CreateIndex,proto3" json:"CreateIndex,omitempty" bexpr:"-"` + ModifyIndex uint64 `protobuf:"varint,2,opt,name=ModifyIndex,proto3" json:"ModifyIndex,omitempty" bexpr:"-"` +} + +func (m *RaftIndex) Reset() { *m = RaftIndex{} } +func (m *RaftIndex) String() string { return proto.CompactTextString(m) } +func (*RaftIndex) ProtoMessage() {} +func (*RaftIndex) Descriptor() ([]byte, []int) { + return fileDescriptor_a834024536145257, []int{0} +} +func (m *RaftIndex) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *RaftIndex) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_RaftIndex.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *RaftIndex) XXX_Merge(src proto.Message) { + xxx_messageInfo_RaftIndex.Merge(m, src) +} +func (m *RaftIndex) XXX_Size() int { + return m.Size() +} +func (m *RaftIndex) XXX_DiscardUnknown() { + xxx_messageInfo_RaftIndex.DiscardUnknown(m) +} + +var xxx_messageInfo_RaftIndex proto.InternalMessageInfo + +// TargetDatacenter is intended to be used within other messages used for RPC routing +// amongst the various Consul datacenters +type TargetDatacenter struct { + Datacenter string `protobuf:"bytes,1,opt,name=Datacenter,proto3" json:"Datacenter,omitempty"` +} + +func (m *TargetDatacenter) Reset() { *m = TargetDatacenter{} } +func (m *TargetDatacenter) String() string { return proto.CompactTextString(m) } +func (*TargetDatacenter) ProtoMessage() {} +func (*TargetDatacenter) Descriptor() ([]byte, []int) { + return fileDescriptor_a834024536145257, []int{1} +} +func (m *TargetDatacenter) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *TargetDatacenter) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_TargetDatacenter.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *TargetDatacenter) XXX_Merge(src proto.Message) { + xxx_messageInfo_TargetDatacenter.Merge(m, src) +} +func (m *TargetDatacenter) XXX_Size() int { + return m.Size() +} +func (m *TargetDatacenter) XXX_DiscardUnknown() { + xxx_messageInfo_TargetDatacenter.DiscardUnknown(m) +} + +var xxx_messageInfo_TargetDatacenter proto.InternalMessageInfo + +type WriteRequest struct { + // Token is the ACL token ID. If not provided, the 'anonymous' + // token is assumed for backwards compatibility. + Token string `protobuf:"bytes,1,opt,name=Token,proto3" json:"Token,omitempty"` +} + +func (m *WriteRequest) Reset() { *m = WriteRequest{} } +func (m *WriteRequest) String() string { return proto.CompactTextString(m) } +func (*WriteRequest) ProtoMessage() {} +func (*WriteRequest) Descriptor() ([]byte, []int) { + return fileDescriptor_a834024536145257, []int{2} +} +func (m *WriteRequest) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *WriteRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_WriteRequest.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *WriteRequest) XXX_Merge(src proto.Message) { + xxx_messageInfo_WriteRequest.Merge(m, src) +} +func (m *WriteRequest) XXX_Size() int { + return m.Size() +} +func (m *WriteRequest) XXX_DiscardUnknown() { + xxx_messageInfo_WriteRequest.DiscardUnknown(m) +} + +var xxx_messageInfo_WriteRequest proto.InternalMessageInfo + +// ReadRequest is a type that may be embedded into any requests for read +// operations. +// It is a replacement for QueryOptions now that we no longer need any of those +// fields because we are moving away from using blocking queries. +// It is also similar to WriteRequest. It is a separate type so that in the +// future we can introduce fields that may only be relevant for reads. +type ReadRequest struct { + // Token is the ACL token ID. If not provided, the 'anonymous' + // token is assumed for backwards compatibility. + Token string `protobuf:"bytes,1,opt,name=Token,proto3" json:"Token,omitempty"` + // RequireConsistent indicates that the request must be sent to the leader. + RequireConsistent bool `protobuf:"varint,2,opt,name=RequireConsistent,proto3" json:"RequireConsistent,omitempty"` +} + +func (m *ReadRequest) Reset() { *m = ReadRequest{} } +func (m *ReadRequest) String() string { return proto.CompactTextString(m) } +func (*ReadRequest) ProtoMessage() {} +func (*ReadRequest) Descriptor() ([]byte, []int) { + return fileDescriptor_a834024536145257, []int{3} +} +func (m *ReadRequest) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *ReadRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_ReadRequest.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *ReadRequest) XXX_Merge(src proto.Message) { + xxx_messageInfo_ReadRequest.Merge(m, src) +} +func (m *ReadRequest) XXX_Size() int { + return m.Size() +} +func (m *ReadRequest) XXX_DiscardUnknown() { + xxx_messageInfo_ReadRequest.DiscardUnknown(m) +} + +var xxx_messageInfo_ReadRequest proto.InternalMessageInfo + +// QueryOptions is used to specify various flags for read queries +// +// mog annotation: +// +// target=github.com/hashicorp/consul/agent/structs.QueryOptions +// output=common.gen.go +// name=Structs +// ignore-fields=StaleIfError,AllowNotModifiedResponse +type QueryOptions struct { + // Token is the ACL token ID. If not provided, the 'anonymous' + // token is assumed for backwards compatibility. + Token string `protobuf:"bytes,1,opt,name=Token,proto3" json:"Token,omitempty"` + // If set, wait until query exceeds given index. Must be provided + // with MaxQueryTime. + MinQueryIndex uint64 `protobuf:"varint,2,opt,name=MinQueryIndex,proto3" json:"MinQueryIndex,omitempty"` + // Provided with MinQueryIndex to wait for change. + // mog: func-to=structs.DurationFromProtoGogo func-from=structs.DurationToProtoGogo + MaxQueryTime types.Duration `protobuf:"bytes,3,opt,name=MaxQueryTime,proto3" json:"MaxQueryTime"` + // If set, any follower can service the request. Results + // may be arbitrarily stale. + AllowStale bool `protobuf:"varint,4,opt,name=AllowStale,proto3" json:"AllowStale,omitempty"` + // If set, the leader must verify leadership prior to + // servicing the request. Prevents a stale read. + RequireConsistent bool `protobuf:"varint,5,opt,name=RequireConsistent,proto3" json:"RequireConsistent,omitempty"` + // If set, the local agent may respond with an arbitrarily stale locally + // cached response. The semantics differ from AllowStale since the agent may + // be entirely partitioned from the servers and still considered "healthy" by + // operators. Stale responses from Servers are also arbitrarily stale, but can + // provide additional bounds on the last contact time from the leader. It's + // expected that servers that are partitioned are noticed and replaced in a + // timely way by operators while the same may not be true for client agents. + UseCache bool `protobuf:"varint,6,opt,name=UseCache,proto3" json:"UseCache,omitempty"` + // If set and AllowStale is true, will try first a stale + // read, and then will perform a consistent read if stale + // read is older than value. + // mog: func-to=structs.DurationFromProtoGogo func-from=structs.DurationToProtoGogo + MaxStaleDuration types.Duration `protobuf:"bytes,7,opt,name=MaxStaleDuration,proto3" json:"MaxStaleDuration"` + // MaxAge limits how old a cached value will be returned if UseCache is true. + // If there is a cached response that is older than the MaxAge, it is treated + // as a cache miss and a new fetch invoked. If the fetch fails, the error is + // returned. Clients that wish to allow for stale results on error can set + // StaleIfError to a longer duration to change this behavior. It is ignored + // if the endpoint supports background refresh caching. See + // https://www.consul.io/api/index.html#agent-caching for more details. + // mog: func-to=structs.DurationFromProtoGogo func-from=structs.DurationToProtoGogo + MaxAge types.Duration `protobuf:"bytes,8,opt,name=MaxAge,proto3" json:"MaxAge"` + // MustRevalidate forces the agent to fetch a fresh version of a cached + // resource or at least validate that the cached version is still fresh. It is + // implied by either max-age=0 or must-revalidate Cache-Control headers. It + // only makes sense when UseCache is true. We store it since MaxAge = 0 is the + // default unset value. + MustRevalidate bool `protobuf:"varint,9,opt,name=MustRevalidate,proto3" json:"MustRevalidate,omitempty"` + // StaleIfError specifies how stale the client will accept a cached response + // if the servers are unavailable to fetch a fresh one. Only makes sense when + // UseCache is true and MaxAge is set to a lower, non-zero value. It is + // ignored if the endpoint supports background refresh caching. See + // https://www.consul.io/api/index.html#agent-caching for more details. + StaleIfError types.Duration `protobuf:"bytes,10,opt,name=StaleIfError,proto3" json:"StaleIfError"` + // Filter specifies the go-bexpr filter expression to be used for + // filtering the data prior to returning a response + Filter string `protobuf:"bytes,11,opt,name=Filter,proto3" json:"Filter,omitempty"` +} + +func (m *QueryOptions) Reset() { *m = QueryOptions{} } +func (m *QueryOptions) String() string { return proto.CompactTextString(m) } +func (*QueryOptions) ProtoMessage() {} +func (*QueryOptions) Descriptor() ([]byte, []int) { + return fileDescriptor_a834024536145257, []int{4} +} +func (m *QueryOptions) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *QueryOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_QueryOptions.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *QueryOptions) XXX_Merge(src proto.Message) { + xxx_messageInfo_QueryOptions.Merge(m, src) +} +func (m *QueryOptions) XXX_Size() int { + return m.Size() +} +func (m *QueryOptions) XXX_DiscardUnknown() { + xxx_messageInfo_QueryOptions.DiscardUnknown(m) +} + +var xxx_messageInfo_QueryOptions proto.InternalMessageInfo + +// QueryMeta allows a query response to include potentially +// useful metadata about a query +// +// mog annotation: +// +// target=github.com/hashicorp/consul/agent/structs.QueryMeta +// output=common.gen.go +// name=Structs +// ignore-fields=NotModified,Backend +type QueryMeta struct { + // This is the index associated with the read + Index uint64 `protobuf:"varint,1,opt,name=Index,proto3" json:"Index,omitempty"` + // If AllowStale is used, this is time elapsed since + // last contact between the follower and leader. This + // can be used to gauge staleness. + // mog: func-to=structs.DurationFromProtoGogo func-from=structs.DurationToProtoGogo + LastContact types.Duration `protobuf:"bytes,2,opt,name=LastContact,proto3" json:"LastContact"` + // Used to indicate if there is a known leader node + KnownLeader bool `protobuf:"varint,3,opt,name=KnownLeader,proto3" json:"KnownLeader,omitempty"` + // Consistencylevel returns the consistency used to serve the query + // Having `discovery_max_stale` on the agent can affect whether + // the request was served by a leader. + ConsistencyLevel string `protobuf:"bytes,4,opt,name=ConsistencyLevel,proto3" json:"ConsistencyLevel,omitempty"` + // ResultsFilteredByACLs is true when some of the query's results were + // filtered out by enforcing ACLs. It may be false because nothing was + // removed, or because the endpoint does not yet support this flag. + ResultsFilteredByACLs bool `protobuf:"varint,7,opt,name=ResultsFilteredByACLs,proto3" json:"ResultsFilteredByACLs,omitempty"` +} + +func (m *QueryMeta) Reset() { *m = QueryMeta{} } +func (m *QueryMeta) String() string { return proto.CompactTextString(m) } +func (*QueryMeta) ProtoMessage() {} +func (*QueryMeta) Descriptor() ([]byte, []int) { + return fileDescriptor_a834024536145257, []int{5} +} +func (m *QueryMeta) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *QueryMeta) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_QueryMeta.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *QueryMeta) XXX_Merge(src proto.Message) { + xxx_messageInfo_QueryMeta.Merge(m, src) +} +func (m *QueryMeta) XXX_Size() int { + return m.Size() +} +func (m *QueryMeta) XXX_DiscardUnknown() { + xxx_messageInfo_QueryMeta.DiscardUnknown(m) +} + +var xxx_messageInfo_QueryMeta proto.InternalMessageInfo + +// EnterpriseMeta contains metadata that is only used by the Enterprise version +// of Consul. +type EnterpriseMeta struct { + // Namespace in which the entity exists. + Namespace string `protobuf:"bytes,1,opt,name=Namespace,proto3" json:"Namespace,omitempty"` + // Partition in which the entity exists. + Partition string `protobuf:"bytes,2,opt,name=Partition,proto3" json:"Partition,omitempty"` +} + +func (m *EnterpriseMeta) Reset() { *m = EnterpriseMeta{} } +func (m *EnterpriseMeta) String() string { return proto.CompactTextString(m) } +func (*EnterpriseMeta) ProtoMessage() {} +func (*EnterpriseMeta) Descriptor() ([]byte, []int) { + return fileDescriptor_a834024536145257, []int{6} +} +func (m *EnterpriseMeta) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *EnterpriseMeta) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_EnterpriseMeta.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *EnterpriseMeta) XXX_Merge(src proto.Message) { + xxx_messageInfo_EnterpriseMeta.Merge(m, src) +} +func (m *EnterpriseMeta) XXX_Size() int { + return m.Size() +} +func (m *EnterpriseMeta) XXX_DiscardUnknown() { + xxx_messageInfo_EnterpriseMeta.DiscardUnknown(m) +} + +var xxx_messageInfo_EnterpriseMeta proto.InternalMessageInfo + +func init() { + proto.RegisterType((*RaftIndex)(nil), "commongogo.RaftIndex") + proto.RegisterType((*TargetDatacenter)(nil), "commongogo.TargetDatacenter") + proto.RegisterType((*WriteRequest)(nil), "commongogo.WriteRequest") + proto.RegisterType((*ReadRequest)(nil), "commongogo.ReadRequest") + proto.RegisterType((*QueryOptions)(nil), "commongogo.QueryOptions") + proto.RegisterType((*QueryMeta)(nil), "commongogo.QueryMeta") + proto.RegisterType((*EnterpriseMeta)(nil), "commongogo.EnterpriseMeta") +} + +func init() { proto.RegisterFile("proto/pbcommongogo/common.proto", fileDescriptor_a834024536145257) } + +var fileDescriptor_a834024536145257 = []byte{ + // 639 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x8c, 0x54, 0xc1, 0x6e, 0xd3, 0x40, + 0x10, 0x4d, 0x4a, 0x9a, 0x26, 0x93, 0xb6, 0x0a, 0xab, 0x82, 0x4c, 0x85, 0xdc, 0xca, 0xaa, 0x50, + 0x85, 0x20, 0x96, 0x0a, 0x12, 0x12, 0xb7, 0x24, 0x2d, 0x52, 0xdb, 0x18, 0xda, 0xa5, 0x08, 0x89, + 0xdb, 0xc6, 0x9e, 0x38, 0x16, 0x8e, 0xd7, 0xec, 0xae, 0xdb, 0xe4, 0xce, 0x07, 0x70, 0xe4, 0x93, + 0x7a, 0xec, 0x91, 0x53, 0x05, 0xcd, 0x1f, 0x20, 0x3e, 0x00, 0x79, 0x9d, 0xb6, 0x2e, 0x69, 0x51, + 0x6e, 0x9e, 0x37, 0xef, 0xed, 0xce, 0xcc, 0x9b, 0x35, 0xac, 0xc5, 0x82, 0x2b, 0x6e, 0xc7, 0x5d, + 0x97, 0x0f, 0x06, 0x3c, 0xf2, 0xb9, 0xcf, 0xed, 0xec, 0xb3, 0xa1, 0x33, 0x04, 0xae, 0x13, 0xab, + 0xa6, 0xcf, 0xb9, 0x1f, 0xa2, 0xad, 0x33, 0xdd, 0xa4, 0x67, 0x7b, 0x89, 0x60, 0x2a, 0xb8, 0xe4, + 0xae, 0xae, 0xa4, 0xac, 0xec, 0xc0, 0xf4, 0x2b, 0x43, 0xad, 0x01, 0x54, 0x29, 0xeb, 0xa9, 0xdd, + 0xc8, 0xc3, 0x21, 0xb1, 0xa1, 0xd6, 0x16, 0xc8, 0x14, 0xea, 0xd0, 0x28, 0xae, 0x17, 0x37, 0x4b, + 0xad, 0xa5, 0xdf, 0xe7, 0x6b, 0xd5, 0x2e, 0x0e, 0x63, 0xf1, 0xda, 0x7a, 0x6e, 0xd1, 0x3c, 0x23, + 0x15, 0x38, 0xdc, 0x0b, 0x7a, 0xa3, 0x4c, 0x30, 0x77, 0xab, 0x20, 0xc7, 0xb0, 0xb6, 0xa0, 0x7e, + 0xc4, 0x84, 0x8f, 0x6a, 0x9b, 0x29, 0xe6, 0x62, 0xa4, 0x50, 0x10, 0x13, 0xe0, 0x3a, 0xd2, 0x97, + 0x56, 0x69, 0x0e, 0xb1, 0x36, 0x60, 0xf1, 0xa3, 0x08, 0x14, 0x52, 0xfc, 0x92, 0xa0, 0x54, 0x64, + 0x05, 0xe6, 0x8f, 0xf8, 0x67, 0x8c, 0x26, 0xd4, 0x2c, 0xb0, 0x0e, 0xa1, 0x46, 0x91, 0x79, 0xff, + 0x25, 0x91, 0x67, 0x70, 0x3f, 0x25, 0x04, 0x02, 0xdb, 0x3c, 0x92, 0x81, 0x54, 0x18, 0x29, 0x5d, + 0x75, 0x85, 0x4e, 0x27, 0xac, 0xaf, 0x25, 0x58, 0x3c, 0x4c, 0x50, 0x8c, 0xde, 0xc5, 0xe9, 0x1c, + 0xe5, 0x1d, 0x87, 0x6e, 0xc0, 0x92, 0x13, 0x44, 0x9a, 0x98, 0x1b, 0x03, 0xbd, 0x09, 0x92, 0x36, + 0x2c, 0x3a, 0x6c, 0xa8, 0x81, 0xa3, 0x60, 0x80, 0xc6, 0xbd, 0xf5, 0xe2, 0x66, 0x6d, 0xeb, 0x51, + 0x23, 0x73, 0xad, 0x71, 0xe9, 0x5a, 0x63, 0x7b, 0xe2, 0x5a, 0xab, 0x74, 0x7a, 0xbe, 0x56, 0xa0, + 0x37, 0x44, 0xe9, 0xa8, 0x9a, 0x61, 0xc8, 0x4f, 0xde, 0x2b, 0x16, 0xa2, 0x51, 0xd2, 0x85, 0xe7, + 0x90, 0xdb, 0xfb, 0x9b, 0xbf, 0xa3, 0x3f, 0xb2, 0x0a, 0x95, 0x0f, 0x12, 0xdb, 0xcc, 0xed, 0xa3, + 0x51, 0xd6, 0xa4, 0xab, 0x98, 0xec, 0x43, 0xdd, 0x61, 0x43, 0x7d, 0xea, 0x65, 0x45, 0xc6, 0xc2, + 0x6c, 0x25, 0x4f, 0x09, 0xc9, 0x2b, 0x28, 0x3b, 0x6c, 0xd8, 0xf4, 0xd1, 0xa8, 0xcc, 0x76, 0xc4, + 0x84, 0x4e, 0x9e, 0xc0, 0xb2, 0x93, 0x48, 0x45, 0xf1, 0x98, 0x85, 0x81, 0xc7, 0x14, 0x1a, 0x55, + 0x5d, 0xe7, 0x3f, 0x68, 0x3a, 0x5c, 0x7d, 0xe3, 0x6e, 0x6f, 0x47, 0x08, 0x2e, 0x0c, 0x98, 0x71, + 0xb8, 0x79, 0x11, 0x79, 0x08, 0xe5, 0x37, 0x41, 0x98, 0xee, 0x60, 0x4d, 0xdb, 0x3b, 0x89, 0xac, + 0x3f, 0x45, 0xa8, 0x6a, 0x0b, 0x1c, 0x54, 0x2c, 0xdd, 0x81, 0xdc, 0xeb, 0xa0, 0x59, 0x40, 0x9a, + 0x50, 0xeb, 0x30, 0xa9, 0xda, 0x3c, 0x52, 0xcc, 0xcd, 0x56, 0x6a, 0x86, 0xfb, 0xf3, 0x1a, 0xb2, + 0x0e, 0xb5, 0xfd, 0x88, 0x9f, 0x44, 0x1d, 0x64, 0x1e, 0x0a, 0xbd, 0x1f, 0x15, 0x9a, 0x87, 0xc8, + 0x53, 0xa8, 0x5f, 0xb9, 0xe7, 0x8e, 0x3a, 0x78, 0x8c, 0xa1, 0xde, 0x81, 0x2a, 0x9d, 0xc2, 0xc9, + 0x4b, 0x78, 0x40, 0x51, 0x26, 0xa1, 0x92, 0x59, 0x17, 0xe8, 0xb5, 0x46, 0xcd, 0x76, 0x47, 0x6a, + 0x13, 0x2b, 0xf4, 0xf6, 0xe4, 0x5e, 0xa9, 0x32, 0x5f, 0x2f, 0xef, 0x95, 0x2a, 0xe5, 0xfa, 0x82, + 0xd5, 0x81, 0xe5, 0x9d, 0xf4, 0xfd, 0xc5, 0x22, 0x90, 0xa8, 0x5b, 0x7f, 0x0c, 0xd5, 0xb7, 0x6c, + 0x80, 0x32, 0x66, 0x2e, 0x4e, 0x9e, 0xc0, 0x35, 0x90, 0x66, 0x0f, 0x98, 0x50, 0x81, 0x5e, 0x95, + 0xb9, 0x2c, 0x7b, 0x05, 0xb4, 0x0e, 0x4e, 0x7f, 0x99, 0x85, 0xd3, 0x0b, 0xb3, 0x78, 0x76, 0x61, + 0x16, 0x7f, 0x5e, 0x98, 0xc5, 0x6f, 0x63, 0xb3, 0xf0, 0x7d, 0x6c, 0x16, 0xce, 0xc6, 0x66, 0xe1, + 0xc7, 0xd8, 0x2c, 0x7c, 0x6a, 0xf8, 0x81, 0xea, 0x27, 0xdd, 0x86, 0xcb, 0x07, 0x76, 0x9f, 0xc9, + 0x7e, 0xe0, 0x72, 0x11, 0xdb, 0x2e, 0x8f, 0x64, 0x12, 0xda, 0xd3, 0x3f, 0xc2, 0x6e, 0x59, 0x63, + 0x2f, 0xfe, 0x06, 0x00, 0x00, 0xff, 0xff, 0x17, 0x8b, 0xc5, 0x82, 0x25, 0x05, 0x00, 0x00, +} + +func (m *RaftIndex) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *RaftIndex) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *RaftIndex) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.ModifyIndex != 0 { + i = encodeVarintCommon(dAtA, i, uint64(m.ModifyIndex)) + i-- + dAtA[i] = 0x10 + } + if m.CreateIndex != 0 { + i = encodeVarintCommon(dAtA, i, uint64(m.CreateIndex)) + i-- + dAtA[i] = 0x8 + } + return len(dAtA) - i, nil +} + +func (m *TargetDatacenter) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *TargetDatacenter) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *TargetDatacenter) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if len(m.Datacenter) > 0 { + i -= len(m.Datacenter) + copy(dAtA[i:], m.Datacenter) + i = encodeVarintCommon(dAtA, i, uint64(len(m.Datacenter))) + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} + +func (m *WriteRequest) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *WriteRequest) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *WriteRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if len(m.Token) > 0 { + i -= len(m.Token) + copy(dAtA[i:], m.Token) + i = encodeVarintCommon(dAtA, i, uint64(len(m.Token))) + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} + +func (m *ReadRequest) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *ReadRequest) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *ReadRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.RequireConsistent { + i-- + if m.RequireConsistent { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x10 + } + if len(m.Token) > 0 { + i -= len(m.Token) + copy(dAtA[i:], m.Token) + i = encodeVarintCommon(dAtA, i, uint64(len(m.Token))) + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} + +func (m *QueryOptions) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *QueryOptions) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *QueryOptions) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if len(m.Filter) > 0 { + i -= len(m.Filter) + copy(dAtA[i:], m.Filter) + i = encodeVarintCommon(dAtA, i, uint64(len(m.Filter))) + i-- + dAtA[i] = 0x5a + } + { + size, err := m.StaleIfError.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintCommon(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x52 + if m.MustRevalidate { + i-- + if m.MustRevalidate { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x48 + } + { + size, err := m.MaxAge.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintCommon(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x42 + { + size, err := m.MaxStaleDuration.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintCommon(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x3a + if m.UseCache { + i-- + if m.UseCache { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x30 + } + if m.RequireConsistent { + i-- + if m.RequireConsistent { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x28 + } + if m.AllowStale { + i-- + if m.AllowStale { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x20 + } + { + size, err := m.MaxQueryTime.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintCommon(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x1a + if m.MinQueryIndex != 0 { + i = encodeVarintCommon(dAtA, i, uint64(m.MinQueryIndex)) + i-- + dAtA[i] = 0x10 + } + if len(m.Token) > 0 { + i -= len(m.Token) + copy(dAtA[i:], m.Token) + i = encodeVarintCommon(dAtA, i, uint64(len(m.Token))) + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} + +func (m *QueryMeta) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *QueryMeta) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *QueryMeta) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.ResultsFilteredByACLs { + i-- + if m.ResultsFilteredByACLs { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x38 + } + if len(m.ConsistencyLevel) > 0 { + i -= len(m.ConsistencyLevel) + copy(dAtA[i:], m.ConsistencyLevel) + i = encodeVarintCommon(dAtA, i, uint64(len(m.ConsistencyLevel))) + i-- + dAtA[i] = 0x22 + } + if m.KnownLeader { + i-- + if m.KnownLeader { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x18 + } + { + size, err := m.LastContact.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintCommon(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + if m.Index != 0 { + i = encodeVarintCommon(dAtA, i, uint64(m.Index)) + i-- + dAtA[i] = 0x8 + } + return len(dAtA) - i, nil +} + +func (m *EnterpriseMeta) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *EnterpriseMeta) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *EnterpriseMeta) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if len(m.Partition) > 0 { + i -= len(m.Partition) + copy(dAtA[i:], m.Partition) + i = encodeVarintCommon(dAtA, i, uint64(len(m.Partition))) + i-- + dAtA[i] = 0x12 + } + if len(m.Namespace) > 0 { + i -= len(m.Namespace) + copy(dAtA[i:], m.Namespace) + i = encodeVarintCommon(dAtA, i, uint64(len(m.Namespace))) + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} + +func encodeVarintCommon(dAtA []byte, offset int, v uint64) int { + offset -= sovCommon(v) + base := offset + for v >= 1<<7 { + dAtA[offset] = uint8(v&0x7f | 0x80) + v >>= 7 + offset++ + } + dAtA[offset] = uint8(v) + return base +} +func (m *RaftIndex) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.CreateIndex != 0 { + n += 1 + sovCommon(uint64(m.CreateIndex)) + } + if m.ModifyIndex != 0 { + n += 1 + sovCommon(uint64(m.ModifyIndex)) + } + return n +} + +func (m *TargetDatacenter) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Datacenter) + if l > 0 { + n += 1 + l + sovCommon(uint64(l)) + } + return n +} + +func (m *WriteRequest) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Token) + if l > 0 { + n += 1 + l + sovCommon(uint64(l)) + } + return n +} + +func (m *ReadRequest) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Token) + if l > 0 { + n += 1 + l + sovCommon(uint64(l)) + } + if m.RequireConsistent { + n += 2 + } + return n +} + +func (m *QueryOptions) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Token) + if l > 0 { + n += 1 + l + sovCommon(uint64(l)) + } + if m.MinQueryIndex != 0 { + n += 1 + sovCommon(uint64(m.MinQueryIndex)) + } + l = m.MaxQueryTime.Size() + n += 1 + l + sovCommon(uint64(l)) + if m.AllowStale { + n += 2 + } + if m.RequireConsistent { + n += 2 + } + if m.UseCache { + n += 2 + } + l = m.MaxStaleDuration.Size() + n += 1 + l + sovCommon(uint64(l)) + l = m.MaxAge.Size() + n += 1 + l + sovCommon(uint64(l)) + if m.MustRevalidate { + n += 2 + } + l = m.StaleIfError.Size() + n += 1 + l + sovCommon(uint64(l)) + l = len(m.Filter) + if l > 0 { + n += 1 + l + sovCommon(uint64(l)) + } + return n +} + +func (m *QueryMeta) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.Index != 0 { + n += 1 + sovCommon(uint64(m.Index)) + } + l = m.LastContact.Size() + n += 1 + l + sovCommon(uint64(l)) + if m.KnownLeader { + n += 2 + } + l = len(m.ConsistencyLevel) + if l > 0 { + n += 1 + l + sovCommon(uint64(l)) + } + if m.ResultsFilteredByACLs { + n += 2 + } + return n +} + +func (m *EnterpriseMeta) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Namespace) + if l > 0 { + n += 1 + l + sovCommon(uint64(l)) + } + l = len(m.Partition) + if l > 0 { + n += 1 + l + sovCommon(uint64(l)) + } + return n +} + +func sovCommon(x uint64) (n int) { + return (math_bits.Len64(x|1) + 6) / 7 +} +func sozCommon(x uint64) (n int) { + return sovCommon(uint64((x << 1) ^ uint64((int64(x) >> 63)))) +} +func (m *RaftIndex) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowCommon + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: RaftIndex: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: RaftIndex: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field CreateIndex", wireType) + } + m.CreateIndex = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowCommon + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.CreateIndex |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + case 2: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field ModifyIndex", wireType) + } + m.ModifyIndex = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowCommon + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.ModifyIndex |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + default: + iNdEx = preIndex + skippy, err := skipCommon(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthCommon + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *TargetDatacenter) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowCommon + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: TargetDatacenter: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: TargetDatacenter: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Datacenter", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowCommon + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthCommon + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthCommon + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Datacenter = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipCommon(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthCommon + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *WriteRequest) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowCommon + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: WriteRequest: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: WriteRequest: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Token", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowCommon + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthCommon + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthCommon + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Token = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipCommon(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthCommon + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *ReadRequest) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowCommon + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: ReadRequest: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: ReadRequest: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Token", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowCommon + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthCommon + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthCommon + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Token = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field RequireConsistent", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowCommon + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.RequireConsistent = bool(v != 0) + default: + iNdEx = preIndex + skippy, err := skipCommon(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthCommon + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *QueryOptions) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowCommon + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: QueryOptions: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: QueryOptions: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Token", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowCommon + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthCommon + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthCommon + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Token = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field MinQueryIndex", wireType) + } + m.MinQueryIndex = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowCommon + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.MinQueryIndex |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field MaxQueryTime", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowCommon + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthCommon + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthCommon + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.MaxQueryTime.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 4: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field AllowStale", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowCommon + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.AllowStale = bool(v != 0) + case 5: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field RequireConsistent", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowCommon + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.RequireConsistent = bool(v != 0) + case 6: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field UseCache", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowCommon + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.UseCache = bool(v != 0) + case 7: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field MaxStaleDuration", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowCommon + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthCommon + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthCommon + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.MaxStaleDuration.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 8: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field MaxAge", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowCommon + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthCommon + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthCommon + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.MaxAge.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 9: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field MustRevalidate", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowCommon + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.MustRevalidate = bool(v != 0) + case 10: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field StaleIfError", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowCommon + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthCommon + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthCommon + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.StaleIfError.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 11: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Filter", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowCommon + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthCommon + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthCommon + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Filter = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipCommon(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthCommon + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *QueryMeta) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowCommon + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: QueryMeta: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: QueryMeta: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field Index", wireType) + } + m.Index = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowCommon + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.Index |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field LastContact", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowCommon + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthCommon + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthCommon + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.LastContact.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 3: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field KnownLeader", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowCommon + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.KnownLeader = bool(v != 0) + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ConsistencyLevel", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowCommon + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthCommon + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthCommon + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.ConsistencyLevel = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 7: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field ResultsFilteredByACLs", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowCommon + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.ResultsFilteredByACLs = bool(v != 0) + default: + iNdEx = preIndex + skippy, err := skipCommon(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthCommon + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *EnterpriseMeta) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowCommon + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: EnterpriseMeta: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: EnterpriseMeta: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Namespace", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowCommon + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthCommon + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthCommon + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Namespace = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Partition", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowCommon + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthCommon + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthCommon + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Partition = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipCommon(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthCommon + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func skipCommon(dAtA []byte) (n int, err error) { + l := len(dAtA) + iNdEx := 0 + depth := 0 + for iNdEx < l { + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return 0, ErrIntOverflowCommon + } + if iNdEx >= l { + return 0, io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + wireType := int(wire & 0x7) + switch wireType { + case 0: + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return 0, ErrIntOverflowCommon + } + if iNdEx >= l { + return 0, io.ErrUnexpectedEOF + } + iNdEx++ + if dAtA[iNdEx-1] < 0x80 { + break + } + } + case 1: + iNdEx += 8 + case 2: + var length int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return 0, ErrIntOverflowCommon + } + if iNdEx >= l { + return 0, io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + length |= (int(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + if length < 0 { + return 0, ErrInvalidLengthCommon + } + iNdEx += length + case 3: + depth++ + case 4: + if depth == 0 { + return 0, ErrUnexpectedEndOfGroupCommon + } + depth-- + case 5: + iNdEx += 4 + default: + return 0, fmt.Errorf("proto: illegal wireType %d", wireType) + } + if iNdEx < 0 { + return 0, ErrInvalidLengthCommon + } + if depth == 0 { + return iNdEx, nil + } + } + return 0, io.ErrUnexpectedEOF +} + +var ( + ErrInvalidLengthCommon = fmt.Errorf("proto: negative length found during unmarshaling") + ErrIntOverflowCommon = fmt.Errorf("proto: integer overflow") + ErrUnexpectedEndOfGroupCommon = fmt.Errorf("proto: unexpected end of group") +) diff --git a/proto/pbcommongogo/common.proto b/proto/pbcommongogo/common.proto new file mode 100644 index 000000000..30cd847f3 --- /dev/null +++ b/proto/pbcommongogo/common.proto @@ -0,0 +1,182 @@ +syntax = "proto3"; + +package commongogo; + +option go_package = "github.com/hashicorp/consul/proto/pbcommongogo"; + +import "google/protobuf/duration.proto"; +// Go Modules now includes the version in the filepath for packages within GOPATH/pkg/mode +// Therefore unless we want to hardcode a version here like +// github.com/gogo/protobuf@v1.3.0/gogoproto/gogo.proto then the only other choice is to +// have a more relative import and pass the right import path to protoc. I don't like it +// but its necessary. +import "gogoproto/gogo.proto"; + +option (gogoproto.goproto_unkeyed_all) = false; +option (gogoproto.goproto_unrecognized_all) = false; +option (gogoproto.goproto_getters_all) = false; +option (gogoproto.goproto_sizecache_all) = false; + +// RaftIndex is used to track the index used while creating +// or modifying a given struct type. +// +// mog annotation: +// +// target=github.com/hashicorp/consul/agent/structs.RaftIndex +// output=common.gen.go +// name=Structs +message RaftIndex { + uint64 CreateIndex = 1 [(gogoproto.moretags) = "bexpr:\"-\""]; + uint64 ModifyIndex = 2 [(gogoproto.moretags) = "bexpr:\"-\""]; +} + +// TargetDatacenter is intended to be used within other messages used for RPC routing +// amongst the various Consul datacenters +message TargetDatacenter { + string Datacenter = 1; +} + +message WriteRequest { + // Token is the ACL token ID. If not provided, the 'anonymous' + // token is assumed for backwards compatibility. + string Token = 1; +} + +// ReadRequest is a type that may be embedded into any requests for read +// operations. +// It is a replacement for QueryOptions now that we no longer need any of those +// fields because we are moving away from using blocking queries. +// It is also similar to WriteRequest. It is a separate type so that in the +// future we can introduce fields that may only be relevant for reads. +message ReadRequest { + // Token is the ACL token ID. If not provided, the 'anonymous' + // token is assumed for backwards compatibility. + string Token = 1; + + // RequireConsistent indicates that the request must be sent to the leader. + bool RequireConsistent = 2; +} + + +// QueryOptions is used to specify various flags for read queries +// +// mog annotation: +// +// target=github.com/hashicorp/consul/agent/structs.QueryOptions +// output=common.gen.go +// name=Structs +// ignore-fields=StaleIfError,AllowNotModifiedResponse +message QueryOptions { + // Token is the ACL token ID. If not provided, the 'anonymous' + // token is assumed for backwards compatibility. + string Token = 1; + + // If set, wait until query exceeds given index. Must be provided + // with MaxQueryTime. + uint64 MinQueryIndex = 2; + + // Provided with MinQueryIndex to wait for change. + // mog: func-to=structs.DurationFromProtoGogo func-from=structs.DurationToProtoGogo + google.protobuf.Duration MaxQueryTime = 3 + [(gogoproto.nullable) = false]; + + // If set, any follower can service the request. Results + // may be arbitrarily stale. + bool AllowStale = 4; + + // If set, the leader must verify leadership prior to + // servicing the request. Prevents a stale read. + bool RequireConsistent = 5; + + // If set, the local agent may respond with an arbitrarily stale locally + // cached response. The semantics differ from AllowStale since the agent may + // be entirely partitioned from the servers and still considered "healthy" by + // operators. Stale responses from Servers are also arbitrarily stale, but can + // provide additional bounds on the last contact time from the leader. It's + // expected that servers that are partitioned are noticed and replaced in a + // timely way by operators while the same may not be true for client agents. + bool UseCache = 6; + + // If set and AllowStale is true, will try first a stale + // read, and then will perform a consistent read if stale + // read is older than value. + // mog: func-to=structs.DurationFromProtoGogo func-from=structs.DurationToProtoGogo + google.protobuf.Duration MaxStaleDuration = 7 + [(gogoproto.nullable) = false]; + + // MaxAge limits how old a cached value will be returned if UseCache is true. + // If there is a cached response that is older than the MaxAge, it is treated + // as a cache miss and a new fetch invoked. If the fetch fails, the error is + // returned. Clients that wish to allow for stale results on error can set + // StaleIfError to a longer duration to change this behavior. It is ignored + // if the endpoint supports background refresh caching. See + // https://www.consul.io/api/index.html#agent-caching for more details. + // mog: func-to=structs.DurationFromProtoGogo func-from=structs.DurationToProtoGogo + google.protobuf.Duration MaxAge = 8 + [(gogoproto.nullable) = false]; + + // MustRevalidate forces the agent to fetch a fresh version of a cached + // resource or at least validate that the cached version is still fresh. It is + // implied by either max-age=0 or must-revalidate Cache-Control headers. It + // only makes sense when UseCache is true. We store it since MaxAge = 0 is the + // default unset value. + bool MustRevalidate = 9; + + // StaleIfError specifies how stale the client will accept a cached response + // if the servers are unavailable to fetch a fresh one. Only makes sense when + // UseCache is true and MaxAge is set to a lower, non-zero value. It is + // ignored if the endpoint supports background refresh caching. See + // https://www.consul.io/api/index.html#agent-caching for more details. + google.protobuf.Duration StaleIfError = 10 + [(gogoproto.nullable) = false]; + + // Filter specifies the go-bexpr filter expression to be used for + // filtering the data prior to returning a response + string Filter = 11; +} + +// QueryMeta allows a query response to include potentially +// useful metadata about a query +// +// mog annotation: +// +// target=github.com/hashicorp/consul/agent/structs.QueryMeta +// output=common.gen.go +// name=Structs +// ignore-fields=NotModified,Backend +message QueryMeta { + // This is the index associated with the read + uint64 Index = 1; + + // If AllowStale is used, this is time elapsed since + // last contact between the follower and leader. This + // can be used to gauge staleness. + // mog: func-to=structs.DurationFromProtoGogo func-from=structs.DurationToProtoGogo + google.protobuf.Duration LastContact = 2 + [(gogoproto.nullable) = false]; + + // Used to indicate if there is a known leader node + bool KnownLeader = 3; + + // Consistencylevel returns the consistency used to serve the query + // Having `discovery_max_stale` on the agent can affect whether + // the request was served by a leader. + string ConsistencyLevel = 4; + + // Reserved for NotModified and Backend. + reserved 5, 6; + + // ResultsFilteredByACLs is true when some of the query's results were + // filtered out by enforcing ACLs. It may be false because nothing was + // removed, or because the endpoint does not yet support this flag. + bool ResultsFilteredByACLs = 7; +} + +// EnterpriseMeta contains metadata that is only used by the Enterprise version +// of Consul. +message EnterpriseMeta { + // Namespace in which the entity exists. + string Namespace = 1; + // Partition in which the entity exists. + string Partition = 2; +} diff --git a/proto/pbcommongogo/common_oss.go b/proto/pbcommongogo/common_oss.go new file mode 100644 index 000000000..d24b27b69 --- /dev/null +++ b/proto/pbcommongogo/common_oss.go @@ -0,0 +1,25 @@ +//go:build !consulent +// +build !consulent + +package pbcommongogo + +import ( + "github.com/hashicorp/consul/agent/structs" +) + +var DefaultEnterpriseMeta = EnterpriseMeta{} + +func NewEnterpriseMetaFromStructs(_ structs.EnterpriseMeta) *EnterpriseMeta { + return &EnterpriseMeta{} +} + +func EnterpriseMetaToStructs(s *EnterpriseMeta, t *structs.EnterpriseMeta) { + if s == nil { + return + } +} +func EnterpriseMetaFromStructs(t *structs.EnterpriseMeta, s *EnterpriseMeta) { + if s == nil { + return + } +} diff --git a/proto/pbconnect/connect.gen.go b/proto/pbconnect/connect.gen.go new file mode 100644 index 000000000..433a065b7 --- /dev/null +++ b/proto/pbconnect/connect.gen.go @@ -0,0 +1,116 @@ +// Code generated by mog. DO NOT EDIT. + +package pbconnect + +import "github.com/hashicorp/consul/agent/structs" + +func CARootToStructsCARoot(s *CARoot, t *structs.CARoot) { + if s == nil { + return + } + t.ID = s.ID + t.Name = s.Name + t.SerialNumber = s.SerialNumber + t.SigningKeyID = s.SigningKeyID + t.ExternalTrustDomain = s.ExternalTrustDomain + t.NotBefore = structs.TimeFromProtoGogo(s.NotBefore) + t.NotAfter = structs.TimeFromProtoGogo(s.NotAfter) + t.RootCert = s.RootCert + t.IntermediateCerts = s.IntermediateCerts + t.SigningCert = s.SigningCert + t.SigningKey = s.SigningKey + t.Active = s.Active + t.RotatedOutAt = structs.TimeFromProtoGogo(s.RotatedOutAt) + t.PrivateKeyType = s.PrivateKeyType + t.PrivateKeyBits = int(s.PrivateKeyBits) + t.RaftIndex = RaftIndexTo(s.RaftIndex) +} +func CARootFromStructsCARoot(t *structs.CARoot, s *CARoot) { + if s == nil { + return + } + s.ID = t.ID + s.Name = t.Name + s.SerialNumber = t.SerialNumber + s.SigningKeyID = t.SigningKeyID + s.ExternalTrustDomain = t.ExternalTrustDomain + s.NotBefore = structs.TimeToProtoGogo(t.NotBefore) + s.NotAfter = structs.TimeToProtoGogo(t.NotAfter) + s.RootCert = t.RootCert + s.IntermediateCerts = t.IntermediateCerts + s.SigningCert = t.SigningCert + s.SigningKey = t.SigningKey + s.Active = t.Active + s.RotatedOutAt = structs.TimeToProtoGogo(t.RotatedOutAt) + s.PrivateKeyType = t.PrivateKeyType + s.PrivateKeyBits = int32(t.PrivateKeyBits) + s.RaftIndex = RaftIndexFrom(t.RaftIndex) +} +func CARootsToStructsIndexedCARoots(s *CARoots, t *structs.IndexedCARoots) { + if s == nil { + return + } + t.ActiveRootID = s.ActiveRootID + t.TrustDomain = s.TrustDomain + { + t.Roots = make([]*structs.CARoot, len(s.Roots)) + for i := range s.Roots { + if s.Roots[i] != nil { + var x structs.CARoot + CARootToStructsCARoot(s.Roots[i], &x) + t.Roots[i] = &x + } + } + } + t.QueryMeta = QueryMetaTo(s.QueryMeta) +} +func CARootsFromStructsIndexedCARoots(t *structs.IndexedCARoots, s *CARoots) { + if s == nil { + return + } + s.ActiveRootID = t.ActiveRootID + s.TrustDomain = t.TrustDomain + { + s.Roots = make([]*CARoot, len(t.Roots)) + for i := range t.Roots { + if t.Roots[i] != nil { + var x CARoot + CARootFromStructsCARoot(t.Roots[i], &x) + s.Roots[i] = &x + } + } + } + s.QueryMeta = QueryMetaFrom(t.QueryMeta) +} +func IssuedCertToStructsIssuedCert(s *IssuedCert, t *structs.IssuedCert) { + if s == nil { + return + } + t.SerialNumber = s.SerialNumber + t.CertPEM = s.CertPEM + t.PrivateKeyPEM = s.PrivateKeyPEM + t.Service = s.Service + t.ServiceURI = s.ServiceURI + t.Agent = s.Agent + t.AgentURI = s.AgentURI + t.ValidAfter = structs.TimeFromProtoGogo(s.ValidAfter) + t.ValidBefore = structs.TimeFromProtoGogo(s.ValidBefore) + t.EnterpriseMeta = EnterpriseMetaTo(s.EnterpriseMeta) + t.RaftIndex = RaftIndexTo(s.RaftIndex) +} +func IssuedCertFromStructsIssuedCert(t *structs.IssuedCert, s *IssuedCert) { + if s == nil { + return + } + s.SerialNumber = t.SerialNumber + s.CertPEM = t.CertPEM + s.PrivateKeyPEM = t.PrivateKeyPEM + s.Service = t.Service + s.ServiceURI = t.ServiceURI + s.Agent = t.Agent + s.AgentURI = t.AgentURI + s.ValidAfter = structs.TimeToProtoGogo(t.ValidAfter) + s.ValidBefore = structs.TimeToProtoGogo(t.ValidBefore) + s.EnterpriseMeta = EnterpriseMetaFrom(t.EnterpriseMeta) + s.RaftIndex = RaftIndexFrom(t.RaftIndex) +} diff --git a/proto/pbconnect/connect.go b/proto/pbconnect/connect.go index f499ecc31..c61ca7c8a 100644 --- a/proto/pbconnect/connect.go +++ b/proto/pbconnect/connect.go @@ -2,184 +2,77 @@ package pbconnect import ( "github.com/hashicorp/consul/agent/structs" - "github.com/hashicorp/consul/proto/pbcommon" - "github.com/hashicorp/consul/proto/pbutil" + "github.com/hashicorp/consul/proto/pbcommongogo" ) -func CARootsToStructs(s *CARoots) (*structs.IndexedCARoots, error) { - if s == nil { - return nil, nil - } - var t structs.IndexedCARoots - t.ActiveRootID = s.ActiveRootID - t.TrustDomain = s.TrustDomain - t.Roots = make([]*structs.CARoot, len(s.Roots)) - for i := range s.Roots { - root, err := CARootToStructs(s.Roots[i]) - if err != nil { - return &t, err - } - t.Roots[i] = root - } - queryMeta, err := pbcommon.QueryMetaToStructs(s.QueryMeta) - if err != nil { - return &t, nil - } - t.QueryMeta = queryMeta - return &t, nil +func QueryMetaFrom(f structs.QueryMeta) *pbcommongogo.QueryMeta { + t := new(pbcommongogo.QueryMeta) + pbcommongogo.QueryMetaFromStructs(&f, t) + return t } -func NewCARootsFromStructs(s *structs.IndexedCARoots) (*CARoots, error) { - if s == nil { - return nil, nil - } - var t CARoots - t.ActiveRootID = s.ActiveRootID - t.TrustDomain = s.TrustDomain - t.Roots = make([]*CARoot, len(s.Roots)) - for i := range s.Roots { - root, err := NewCARootFromStructs(s.Roots[i]) - if err != nil { - return &t, err - } - t.Roots[i] = root - } - queryMeta, err := pbcommon.NewQueryMetaFromStructs(s.QueryMeta) - if err != nil { - return &t, nil - } - t.QueryMeta = queryMeta - return &t, nil +func QueryMetaTo(f *pbcommongogo.QueryMeta) structs.QueryMeta { + t := new(structs.QueryMeta) + pbcommongogo.QueryMetaToStructs(f, t) + return *t } -func CARootToStructs(s *CARoot) (*structs.CARoot, error) { - if s == nil { - return nil, nil - } - var t structs.CARoot - t.ID = s.ID - t.Name = s.Name - t.SerialNumber = s.SerialNumber - t.SigningKeyID = s.SigningKeyID - t.ExternalTrustDomain = s.ExternalTrustDomain - notBefore, err := pbutil.TimeFromProto(s.NotBefore) - if err != nil { - return &t, nil - } - t.NotBefore = notBefore - notAfter, err := pbutil.TimeFromProto(s.NotAfter) - if err != nil { - return &t, nil - } - t.NotAfter = notAfter - t.RootCert = s.RootCert - if len(s.IntermediateCerts) > 0 { - t.IntermediateCerts = make([]string, len(s.IntermediateCerts)) - copy(t.IntermediateCerts, s.IntermediateCerts) - } - t.SigningCert = s.SigningCert - t.SigningKey = s.SigningKey - t.Active = s.Active - rotatedOutAt, err := pbutil.TimeFromProto(s.RotatedOutAt) - if err != nil { - return &t, nil - } - t.RotatedOutAt = rotatedOutAt - t.PrivateKeyType = s.PrivateKeyType - t.PrivateKeyBits = int(s.PrivateKeyBits) - t.RaftIndex = pbcommon.RaftIndexToStructs(s.RaftIndex) - return &t, nil +func RaftIndexFrom(f structs.RaftIndex) *pbcommongogo.RaftIndex { + t := new(pbcommongogo.RaftIndex) + pbcommongogo.RaftIndexFromStructs(&f, t) + return t } -func NewCARootFromStructs(s *structs.CARoot) (*CARoot, error) { - if s == nil { - return nil, nil - } - var t CARoot - t.ID = s.ID - t.Name = s.Name - t.SerialNumber = s.SerialNumber - t.SigningKeyID = s.SigningKeyID - t.ExternalTrustDomain = s.ExternalTrustDomain - notBefore, err := pbutil.TimeToProto(s.NotBefore) - if err != nil { - return &t, err - } - t.NotBefore = notBefore - notAfter, err := pbutil.TimeToProto(s.NotAfter) - if err != nil { - return &t, err - } - t.NotAfter = notAfter - t.RootCert = s.RootCert - if len(s.IntermediateCerts) > 0 { - t.IntermediateCerts = make([]string, len(s.IntermediateCerts)) - copy(t.IntermediateCerts, s.IntermediateCerts) - } - t.SigningCert = s.SigningCert - t.SigningKey = s.SigningKey - t.Active = s.Active - rotatedOutAt, err := pbutil.TimeToProto(s.RotatedOutAt) - if err != nil { - return &t, err - } - t.RotatedOutAt = rotatedOutAt - t.PrivateKeyType = s.PrivateKeyType - t.PrivateKeyBits = int32(s.PrivateKeyBits) - t.RaftIndex = pbcommon.NewRaftIndexFromStructs(s.RaftIndex) - return &t, nil +func RaftIndexTo(f *pbcommongogo.RaftIndex) structs.RaftIndex { + t := new(structs.RaftIndex) + pbcommongogo.RaftIndexToStructs(f, t) + return *t } -func IssuedCertToStructs(s *IssuedCert) (*structs.IssuedCert, error) { - if s == nil { - return nil, nil - } - var t structs.IssuedCert - t.SerialNumber = s.SerialNumber - t.CertPEM = s.CertPEM - t.PrivateKeyPEM = s.PrivateKeyPEM - t.Service = s.Service - t.ServiceURI = s.ServiceURI - t.Agent = s.Agent - t.AgentURI = s.AgentURI - validAfter, err := pbutil.TimeFromProto(s.ValidAfter) - if err != nil { - return &t, err - } - t.ValidAfter = validAfter - validBefore, err := pbutil.TimeFromProto(s.ValidBefore) - if err != nil { - return &t, err - } - t.ValidBefore = validBefore - t.EnterpriseMeta = pbcommon.EnterpriseMetaToStructs(s.EnterpriseMeta) - t.RaftIndex = pbcommon.RaftIndexToStructs(s.RaftIndex) - return &t, nil +func EnterpriseMetaFrom(f structs.EnterpriseMeta) *pbcommongogo.EnterpriseMeta { + t := new(pbcommongogo.EnterpriseMeta) + pbcommongogo.EnterpriseMetaFromStructs(&f, t) + return t } -func NewIssuedCertFromStructs(s *structs.IssuedCert) (*IssuedCert, error) { - if s == nil { - return nil, nil - } - var t IssuedCert - t.SerialNumber = s.SerialNumber - t.CertPEM = s.CertPEM - t.PrivateKeyPEM = s.PrivateKeyPEM - t.Service = s.Service - t.ServiceURI = s.ServiceURI - t.Agent = s.Agent - t.AgentURI = s.AgentURI - validAfter, err := pbutil.TimeToProto(s.ValidAfter) - if err != nil { - return &t, err - } - t.ValidAfter = validAfter - validBefore, err := pbutil.TimeToProto(s.ValidBefore) - if err != nil { - return &t, err - } - t.ValidBefore = validBefore - t.EnterpriseMeta = pbcommon.NewEnterpriseMetaFromStructs(s.EnterpriseMeta) - t.RaftIndex = pbcommon.NewRaftIndexFromStructs(s.RaftIndex) - return &t, nil +func EnterpriseMetaTo(f *pbcommongogo.EnterpriseMeta) structs.EnterpriseMeta { + t := new(structs.EnterpriseMeta) + pbcommongogo.EnterpriseMetaToStructs(f, t) + return *t +} + +func NewIssuedCertFromStructs(in *structs.IssuedCert) (*IssuedCert, error) { + t := new(IssuedCert) + IssuedCertFromStructsIssuedCert(in, t) + return t, nil +} + +func NewCARootsFromStructs(in *structs.IndexedCARoots) (*CARoots, error) { + t := new(CARoots) + CARootsFromStructsIndexedCARoots(in, t) + return t, nil +} + +func CARootsToStructs(in *CARoots) (*structs.IndexedCARoots, error) { + t := new(structs.IndexedCARoots) + CARootsToStructsIndexedCARoots(in, t) + return t, nil +} + +func NewCARootFromStructs(in *structs.CARoot) (*CARoot, error) { + t := new(CARoot) + CARootFromStructsCARoot(in, t) + return t, nil +} + +func CARootToStructs(in *CARoot) (*structs.CARoot, error) { + t := new(structs.CARoot) + CARootToStructsCARoot(in, t) + return t, nil +} + +func IssuedCertToStructs(in *IssuedCert) (*structs.IssuedCert, error) { + t := new(structs.IssuedCert) + IssuedCertToStructsIssuedCert(in, t) + return t, nil } diff --git a/proto/pbconnect/connect.pb.go b/proto/pbconnect/connect.pb.go index 73081a696..64a6738f9 100644 --- a/proto/pbconnect/connect.pb.go +++ b/proto/pbconnect/connect.pb.go @@ -7,7 +7,7 @@ import ( fmt "fmt" types "github.com/gogo/protobuf/types" proto "github.com/golang/protobuf/proto" - pbcommon "github.com/hashicorp/consul/proto/pbcommon" + pbcommongogo "github.com/hashicorp/consul/proto/pbcommongogo" io "io" math "math" math_bits "math/bits" @@ -25,6 +25,12 @@ var _ = math.Inf const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package // CARoots is the list of all currently trusted CA Roots. +// +// mog annotation: +// +// target=github.com/hashicorp/consul/agent/structs.IndexedCARoots +// output=connect.gen.go +// name=StructsIndexedCARoots type CARoots struct { // ActiveRootID is the ID of a root in Roots that is the active CA root. // Other roots are still valid if they're in the Roots list but are in @@ -57,10 +63,11 @@ type CARoots struct { Roots []*CARoot `protobuf:"bytes,3,rep,name=Roots,proto3" json:"Roots,omitempty"` // QueryMeta here is mainly used to contain the latest Raft Index that could // be used to perform a blocking query. - QueryMeta *pbcommon.QueryMeta `protobuf:"bytes,4,opt,name=QueryMeta,proto3" json:"QueryMeta,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + // mog: func-to=QueryMetaTo func-from=QueryMetaFrom + QueryMeta *pbcommongogo.QueryMeta `protobuf:"bytes,4,opt,name=QueryMeta,proto3" json:"QueryMeta,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *CARoots) Reset() { *m = CARoots{} } @@ -117,13 +124,20 @@ func (m *CARoots) GetRoots() []*CARoot { return nil } -func (m *CARoots) GetQueryMeta() *pbcommon.QueryMeta { +func (m *CARoots) GetQueryMeta() *pbcommongogo.QueryMeta { if m != nil { return m.QueryMeta } return nil } +// CARoot is the trusted CA Root. +// +// mog annotation: +// +// target=github.com/hashicorp/consul/agent/structs.CARoot +// output=connect.gen.go +// name=StructsCARoot type CARoot struct { // ID is a globally unique ID (UUID) representing this CA root. ID string `protobuf:"bytes,1,opt,name=ID,proto3" json:"ID,omitempty"` @@ -146,8 +160,10 @@ type CARoot struct { // future flexibility. ExternalTrustDomain string `protobuf:"bytes,5,opt,name=ExternalTrustDomain,proto3" json:"ExternalTrustDomain,omitempty"` // Time validity bounds. + // mog: func-to=structs.TimeFromProtoGogo func-from=structs.TimeToProtoGogo NotBefore *types.Timestamp `protobuf:"bytes,6,opt,name=NotBefore,proto3" json:"NotBefore,omitempty"` - NotAfter *types.Timestamp `protobuf:"bytes,7,opt,name=NotAfter,proto3" json:"NotAfter,omitempty"` + // mog: func-to=structs.TimeFromProtoGogo func-from=structs.TimeToProtoGogo + NotAfter *types.Timestamp `protobuf:"bytes,7,opt,name=NotAfter,proto3" json:"NotAfter,omitempty"` // RootCert is the PEM-encoded public certificate. RootCert string `protobuf:"bytes,8,opt,name=RootCert,proto3" json:"RootCert,omitempty"` // IntermediateCerts is a list of PEM-encoded intermediate certs to @@ -166,6 +182,7 @@ type CARoot struct { // RotatedOutAt is the time at which this CA was removed from the state. // This will only be set on roots that have been rotated out from being the // active root. + // mog: func-to=structs.TimeFromProtoGogo func-from=structs.TimeToProtoGogo RotatedOutAt *types.Timestamp `protobuf:"bytes,13,opt,name=RotatedOutAt,proto3" json:"RotatedOutAt,omitempty"` // PrivateKeyType is the type of the private key used to sign certificates. It // may be "rsa" or "ec". This is provided as a convenience to avoid parsing @@ -174,11 +191,13 @@ type CARoot struct { // PrivateKeyBits is the length of the private key used to sign certificates. // This is provided as a convenience to avoid parsing the public key from the // certificate to infer the type. - PrivateKeyBits int32 `protobuf:"varint,15,opt,name=PrivateKeyBits,proto3" json:"PrivateKeyBits,omitempty"` - RaftIndex *pbcommon.RaftIndex `protobuf:"bytes,16,opt,name=RaftIndex,proto3" json:"RaftIndex,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + // mog: func-to=int func-from=int32 + PrivateKeyBits int32 `protobuf:"varint,15,opt,name=PrivateKeyBits,proto3" json:"PrivateKeyBits,omitempty"` + // mog: func-to=RaftIndexTo func-from=RaftIndexFrom + RaftIndex *pbcommongogo.RaftIndex `protobuf:"bytes,16,opt,name=RaftIndex,proto3" json:"RaftIndex,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *CARoot) Reset() { *m = CARoot{} } @@ -319,13 +338,19 @@ func (m *CARoot) GetPrivateKeyBits() int32 { return 0 } -func (m *CARoot) GetRaftIndex() *pbcommon.RaftIndex { +func (m *CARoot) GetRaftIndex() *pbcommongogo.RaftIndex { if m != nil { return m.RaftIndex } return nil } +// +// mog annotation: +// +// target=github.com/hashicorp/consul/agent/structs.IssuedCert +// output=connect.gen.go +// name=StructsIssuedCert type IssuedCert struct { // SerialNumber is the unique serial number for this certificate. // This is encoded in standard hex separated by :. @@ -345,14 +370,18 @@ type IssuedCert struct { AgentURI string `protobuf:"bytes,7,opt,name=AgentURI,proto3" json:"AgentURI,omitempty"` // ValidAfter and ValidBefore are the validity periods for the // certificate. - ValidAfter *types.Timestamp `protobuf:"bytes,8,opt,name=ValidAfter,proto3" json:"ValidAfter,omitempty"` + // mog: func-to=structs.TimeFromProtoGogo func-from=structs.TimeToProtoGogo + ValidAfter *types.Timestamp `protobuf:"bytes,8,opt,name=ValidAfter,proto3" json:"ValidAfter,omitempty"` + // mog: func-to=structs.TimeFromProtoGogo func-from=structs.TimeToProtoGogo ValidBefore *types.Timestamp `protobuf:"bytes,9,opt,name=ValidBefore,proto3" json:"ValidBefore,omitempty"` // EnterpriseMeta is the Consul Enterprise specific metadata - EnterpriseMeta *pbcommon.EnterpriseMeta `protobuf:"bytes,10,opt,name=EnterpriseMeta,proto3" json:"EnterpriseMeta,omitempty"` - RaftIndex *pbcommon.RaftIndex `protobuf:"bytes,11,opt,name=RaftIndex,proto3" json:"RaftIndex,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + // mog: func-to=EnterpriseMetaTo func-from=EnterpriseMetaFrom + EnterpriseMeta *pbcommongogo.EnterpriseMeta `protobuf:"bytes,10,opt,name=EnterpriseMeta,proto3" json:"EnterpriseMeta,omitempty"` + // mog: func-to=RaftIndexTo func-from=RaftIndexFrom + RaftIndex *pbcommongogo.RaftIndex `protobuf:"bytes,11,opt,name=RaftIndex,proto3" json:"RaftIndex,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *IssuedCert) Reset() { *m = IssuedCert{} } @@ -451,14 +480,14 @@ func (m *IssuedCert) GetValidBefore() *types.Timestamp { return nil } -func (m *IssuedCert) GetEnterpriseMeta() *pbcommon.EnterpriseMeta { +func (m *IssuedCert) GetEnterpriseMeta() *pbcommongogo.EnterpriseMeta { if m != nil { return m.EnterpriseMeta } return nil } -func (m *IssuedCert) GetRaftIndex() *pbcommon.RaftIndex { +func (m *IssuedCert) GetRaftIndex() *pbcommongogo.RaftIndex { if m != nil { return m.RaftIndex } @@ -474,49 +503,49 @@ func init() { func init() { proto.RegisterFile("proto/pbconnect/connect.proto", fileDescriptor_80627e709958eb04) } var fileDescriptor_80627e709958eb04 = []byte{ - // 659 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x84, 0x54, 0xdd, 0x6a, 0xdb, 0x4a, - 0x10, 0x3e, 0x8a, 0x7f, 0x35, 0x4e, 0x9c, 0x93, 0x3d, 0x87, 0xb0, 0xf8, 0x70, 0x5c, 0x61, 0xda, - 0x62, 0x68, 0xb1, 0x4a, 0x0a, 0xa5, 0x94, 0x36, 0xe0, 0xc4, 0xb9, 0x10, 0x21, 0x6e, 0xba, 0x49, - 0x7b, 0xd1, 0x3b, 0xd9, 0x1e, 0x3b, 0x0b, 0x96, 0xd6, 0xac, 0x56, 0x21, 0x7e, 0x93, 0xbe, 0x41, - 0x1f, 0xa5, 0xbd, 0xec, 0x23, 0x94, 0xf4, 0x39, 0x0a, 0x65, 0x57, 0x92, 0x2d, 0xb9, 0x05, 0x5f, - 0x79, 0xe7, 0x9b, 0x6f, 0x46, 0x33, 0xfb, 0x7d, 0x5e, 0xf8, 0x7f, 0x21, 0x85, 0x12, 0xee, 0x62, - 0x34, 0x16, 0x61, 0x88, 0x63, 0xe5, 0xa6, 0xbf, 0x3d, 0x83, 0x93, 0x5a, 0x1a, 0xb6, 0x1e, 0xcc, - 0x84, 0x98, 0xcd, 0xd1, 0x35, 0xf0, 0x28, 0x9e, 0xba, 0x8a, 0x07, 0x18, 0x29, 0x3f, 0x58, 0x24, - 0xcc, 0xd6, 0x7f, 0xeb, 0x46, 0x41, 0x20, 0x42, 0x37, 0xf9, 0x49, 0x92, 0x9d, 0xcf, 0x16, 0xd4, - 0x4e, 0xfb, 0x4c, 0x08, 0x15, 0x91, 0x0e, 0xec, 0xf6, 0xc7, 0x8a, 0xdf, 0xa2, 0x0e, 0xbd, 0x01, - 0xb5, 0x1c, 0xab, 0x6b, 0xb3, 0x02, 0x46, 0x1c, 0x68, 0x5c, 0xcb, 0x38, 0x52, 0x03, 0x11, 0xf8, - 0x3c, 0xa4, 0x3b, 0x86, 0x92, 0x87, 0xc8, 0x23, 0xa8, 0x98, 0x76, 0xb4, 0xe4, 0x94, 0xba, 0x8d, - 0xa3, 0xfd, 0x5e, 0x36, 0x77, 0xf2, 0x19, 0x96, 0x64, 0x89, 0x0b, 0xf6, 0xbb, 0x18, 0xe5, 0xf2, - 0x02, 0x95, 0x4f, 0xcb, 0x8e, 0xd5, 0x6d, 0x1c, 0x1d, 0xf4, 0xd2, 0xd1, 0x56, 0x09, 0xb6, 0xe6, - 0x74, 0x7e, 0x96, 0xa1, 0x9a, 0xb4, 0x20, 0x4d, 0xd8, 0x59, 0x8d, 0xb7, 0xe3, 0x0d, 0x08, 0x81, - 0xf2, 0xd0, 0x0f, 0x30, 0x9d, 0xc6, 0x9c, 0xf5, 0x32, 0x57, 0x28, 0xb9, 0x3f, 0x1f, 0xc6, 0xc1, - 0x08, 0x25, 0x2d, 0x39, 0x56, 0xb7, 0xcc, 0x0a, 0x98, 0xe1, 0xf0, 0x59, 0xc8, 0xc3, 0xd9, 0x39, - 0x2e, 0xbd, 0x81, 0x19, 0xc3, 0x66, 0x05, 0x8c, 0x3c, 0x83, 0x7f, 0xce, 0xee, 0x14, 0xca, 0xd0, - 0x9f, 0xe7, 0x17, 0xaf, 0x18, 0xea, 0x9f, 0x52, 0xe4, 0x25, 0xd8, 0x43, 0xa1, 0x4e, 0x70, 0x2a, - 0x24, 0xd2, 0xaa, 0xd9, 0xac, 0xd5, 0x4b, 0x44, 0xea, 0x65, 0x22, 0xf5, 0xae, 0x33, 0x91, 0xd8, - 0x9a, 0x4c, 0x5e, 0x40, 0x7d, 0x28, 0x54, 0x7f, 0xaa, 0x50, 0xd2, 0xda, 0xd6, 0xc2, 0x15, 0x97, - 0xb4, 0xa0, 0xae, 0xef, 0xe5, 0x14, 0xa5, 0xa2, 0x75, 0x33, 0xd8, 0x2a, 0x26, 0x4f, 0xe1, 0xc0, - 0x0b, 0x15, 0xca, 0x00, 0x27, 0xdc, 0x57, 0xa8, 0xb1, 0x88, 0xda, 0x4e, 0xa9, 0x6b, 0xb3, 0xdf, - 0x13, 0x5a, 0xde, 0x74, 0x7b, 0xd3, 0x0c, 0x12, 0x79, 0x73, 0x10, 0x69, 0x03, 0xac, 0xef, 0x87, - 0x36, 0x0c, 0x21, 0x87, 0x90, 0x43, 0xa8, 0x26, 0x86, 0xa1, 0xbb, 0x8e, 0xd5, 0xad, 0xb3, 0x34, - 0x22, 0xc7, 0xb0, 0xcb, 0x84, 0xf2, 0x15, 0x4e, 0xde, 0xc6, 0xaa, 0xaf, 0xe8, 0xde, 0xd6, 0xfd, - 0x0a, 0x7c, 0xf2, 0x18, 0x9a, 0x97, 0x92, 0xdf, 0xfa, 0x0a, 0xcf, 0x71, 0x79, 0xbd, 0x5c, 0x20, - 0x6d, 0x9a, 0x6f, 0x6f, 0xa0, 0x45, 0xde, 0x09, 0x57, 0x11, 0xdd, 0x77, 0xac, 0x6e, 0x85, 0x6d, - 0xa0, 0xda, 0x7f, 0xcc, 0x9f, 0x2a, 0x2f, 0x9c, 0xe0, 0x1d, 0xfd, 0xbb, 0xe8, 0xbf, 0x55, 0x82, - 0xad, 0x39, 0x9d, 0x2f, 0x25, 0x00, 0x2f, 0x8a, 0x62, 0x9c, 0x98, 0x7b, 0xd8, 0xf4, 0x57, 0xfa, - 0x67, 0x29, 0xf8, 0x8b, 0x42, 0x4d, 0x73, 0x2f, 0xcf, 0x2e, 0x52, 0x6b, 0x66, 0x21, 0x79, 0x08, - 0x7b, 0xeb, 0x79, 0x74, 0xbe, 0x64, 0xf2, 0x45, 0x50, 0xd7, 0x5f, 0xa1, 0xbc, 0xe5, 0x63, 0x4c, - 0xad, 0x99, 0x85, 0x46, 0x85, 0xe4, 0xf8, 0x9e, 0x79, 0xa9, 0x19, 0x73, 0x08, 0xf9, 0x17, 0x2a, - 0xfd, 0x19, 0x86, 0xca, 0xf8, 0xcf, 0x66, 0x49, 0xa0, 0x7d, 0x62, 0x0e, 0xba, 0xa6, 0x96, 0xf8, - 0x24, 0x8b, 0xc9, 0x2b, 0x80, 0x0f, 0xfe, 0x9c, 0x4f, 0x12, 0xf7, 0xd5, 0xb7, 0xaa, 0x93, 0x63, - 0x93, 0xd7, 0xd0, 0x30, 0x51, 0xea, 0x79, 0x7b, 0x6b, 0x71, 0x9e, 0x4e, 0x8e, 0xa1, 0x79, 0xa6, - 0x8d, 0xb8, 0x90, 0x3c, 0x42, 0xf3, 0x1c, 0x80, 0x69, 0x70, 0x98, 0xc9, 0x51, 0xcc, 0xb2, 0x0d, - 0x76, 0x51, 0xc9, 0xc6, 0x76, 0x25, 0x4f, 0xde, 0x7c, 0xbd, 0x6f, 0x5b, 0xdf, 0xee, 0xdb, 0xd6, - 0xf7, 0xfb, 0xb6, 0xf5, 0xe9, 0x47, 0xfb, 0xaf, 0x8f, 0x4f, 0x66, 0x5c, 0xdd, 0xc4, 0x23, 0x5d, - 0xe5, 0xde, 0xf8, 0xd1, 0x0d, 0x1f, 0x0b, 0xb9, 0xd0, 0x0f, 0x6e, 0x14, 0xcf, 0xdd, 0x8d, 0x77, - 0x78, 0x54, 0x35, 0xc0, 0xf3, 0x5f, 0x01, 0x00, 0x00, 0xff, 0xff, 0xa9, 0x98, 0x92, 0x5c, 0xa1, - 0x05, 0x00, 0x00, + // 661 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x8c, 0x54, 0xcd, 0x6e, 0xd3, 0x40, + 0x10, 0xc6, 0x4d, 0xf3, 0xe3, 0x49, 0x9b, 0xc2, 0xf2, 0xa3, 0x55, 0x24, 0x52, 0x2b, 0x02, 0x14, + 0x09, 0x94, 0xa0, 0x56, 0x42, 0x08, 0x01, 0x52, 0xd2, 0xf4, 0x10, 0x55, 0x0d, 0x65, 0x5b, 0x38, + 0x70, 0x73, 0x92, 0x89, 0xbb, 0x52, 0xec, 0x8d, 0xd6, 0xeb, 0xaa, 0x39, 0xf2, 0x16, 0xbc, 0x03, + 0x2f, 0xc2, 0x0d, 0x1e, 0x01, 0x95, 0x17, 0x41, 0xbb, 0x76, 0x62, 0x3b, 0x45, 0x0a, 0xa7, 0xec, + 0x7c, 0xf3, 0xcd, 0x78, 0x66, 0xbf, 0x2f, 0x0b, 0x8f, 0xe7, 0x52, 0x28, 0xd1, 0x99, 0x8f, 0xc6, + 0x22, 0x08, 0x70, 0xac, 0x3a, 0xc9, 0x6f, 0xdb, 0xe0, 0xa4, 0x9c, 0x84, 0xf5, 0x7d, 0x4f, 0x08, + 0x6f, 0x86, 0x1d, 0x03, 0x8f, 0xa2, 0x69, 0x47, 0x71, 0x1f, 0x43, 0xe5, 0xfa, 0xf3, 0x98, 0x59, + 0xdf, 0x4f, 0x1b, 0xf9, 0xbe, 0x08, 0x3c, 0xe1, 0x89, 0x4e, 0x7c, 0x8c, 0x09, 0xcd, 0xef, 0x16, + 0x94, 0x8f, 0xba, 0x4c, 0x08, 0x15, 0x92, 0x26, 0xec, 0x74, 0xc7, 0x8a, 0x5f, 0xa1, 0x0e, 0x07, + 0x7d, 0x6a, 0x39, 0x56, 0xcb, 0x66, 0x39, 0x8c, 0x38, 0x50, 0xbd, 0x90, 0x51, 0xa8, 0xfa, 0xc2, + 0x77, 0x79, 0x40, 0xb7, 0x0c, 0x25, 0x0b, 0x91, 0xa7, 0x50, 0x34, 0xed, 0x68, 0xc1, 0x29, 0xb4, + 0xaa, 0x07, 0x7b, 0xed, 0xe5, 0xec, 0xf1, 0x67, 0x58, 0x9c, 0x25, 0x87, 0x60, 0x7f, 0x8c, 0x50, + 0x2e, 0x4e, 0x51, 0xb9, 0x74, 0xdb, 0xb1, 0x5a, 0xd5, 0x83, 0x87, 0xed, 0x74, 0xca, 0xf6, 0x2a, + 0xc9, 0x52, 0x5e, 0xf3, 0x6b, 0x11, 0x4a, 0x71, 0x1b, 0x52, 0x83, 0xad, 0xd5, 0x88, 0x5b, 0x83, + 0x3e, 0x21, 0xb0, 0x3d, 0x74, 0x7d, 0x4c, 0x26, 0x32, 0x67, 0xbd, 0xd0, 0x39, 0x4a, 0xee, 0xce, + 0x86, 0x91, 0x3f, 0x42, 0x49, 0x0b, 0x8e, 0xd5, 0xda, 0x66, 0x39, 0xcc, 0x70, 0xb8, 0x17, 0xf0, + 0xc0, 0x3b, 0xc1, 0xc5, 0xa0, 0x6f, 0x46, 0xb1, 0x59, 0x0e, 0x23, 0x2f, 0xe1, 0xfe, 0xf1, 0xb5, + 0x42, 0x19, 0xb8, 0xb3, 0xec, 0xf2, 0x45, 0x43, 0xfd, 0x57, 0x8a, 0xbc, 0x06, 0x7b, 0x28, 0x54, + 0x0f, 0xa7, 0x42, 0x22, 0x2d, 0x99, 0xed, 0xea, 0xed, 0x58, 0xac, 0xf6, 0x52, 0xac, 0xf6, 0xc5, + 0x52, 0x2c, 0x96, 0x92, 0xc9, 0x2b, 0xa8, 0x0c, 0x85, 0xea, 0x4e, 0x15, 0x4a, 0x5a, 0xde, 0x58, + 0xb8, 0xe2, 0x92, 0x3a, 0x54, 0xf4, 0xbd, 0x1c, 0xa1, 0x54, 0xb4, 0x62, 0x06, 0x5b, 0xc5, 0xe4, + 0x05, 0xdc, 0x1b, 0x04, 0x0a, 0xa5, 0x8f, 0x13, 0xee, 0x2a, 0xd4, 0x58, 0x48, 0x6d, 0xa7, 0xd0, + 0xb2, 0xd9, 0xed, 0x84, 0x96, 0x38, 0xd9, 0xde, 0x34, 0x83, 0x58, 0xe2, 0x0c, 0x44, 0x1a, 0x00, + 0xe9, 0xfd, 0xd0, 0xaa, 0x21, 0x64, 0x10, 0xf2, 0x08, 0x4a, 0xb1, 0x69, 0xe8, 0x8e, 0x63, 0xb5, + 0x2a, 0x2c, 0x89, 0xc8, 0x7b, 0xd8, 0x61, 0x42, 0xb9, 0x0a, 0x27, 0x1f, 0x22, 0xd5, 0x55, 0x74, + 0x77, 0xe3, 0x7e, 0x39, 0x3e, 0x79, 0x06, 0xb5, 0x33, 0xc9, 0xaf, 0x5c, 0x85, 0x27, 0xb8, 0xb8, + 0x58, 0xcc, 0x91, 0xd6, 0xcc, 0xb7, 0xd7, 0xd0, 0x3c, 0xaf, 0xc7, 0x55, 0x48, 0xf7, 0x1c, 0xab, + 0x55, 0x64, 0x6b, 0xa8, 0xf6, 0x20, 0x73, 0xa7, 0x6a, 0x10, 0x4c, 0xf0, 0x9a, 0xde, 0xbd, 0xed, + 0xc1, 0x55, 0x92, 0xa5, 0xbc, 0xe6, 0xcf, 0x02, 0xc0, 0x20, 0x0c, 0x23, 0x9c, 0x98, 0xbb, 0x58, + 0xf7, 0x58, 0xf2, 0xa7, 0xc9, 0x79, 0x8c, 0x42, 0x59, 0x73, 0xcf, 0x8e, 0x4f, 0x13, 0x7b, 0x2e, + 0x43, 0xf2, 0x04, 0x76, 0xd3, 0x99, 0x74, 0xbe, 0x60, 0xf2, 0x79, 0x50, 0xd7, 0x9f, 0xa3, 0xbc, + 0xe2, 0x63, 0x4c, 0xec, 0xb9, 0x0c, 0x8d, 0x12, 0xf1, 0xf1, 0x13, 0x1b, 0x24, 0x86, 0xcc, 0x20, + 0xe4, 0x01, 0x14, 0xbb, 0x1e, 0x06, 0xca, 0x78, 0xd0, 0x66, 0x71, 0xa0, 0xbd, 0x62, 0x0e, 0xba, + 0xa6, 0x1c, 0x7b, 0x65, 0x19, 0x93, 0x37, 0x00, 0x9f, 0xdd, 0x19, 0x9f, 0xc4, 0x0e, 0xac, 0x6c, + 0x54, 0x28, 0xc3, 0x26, 0x6f, 0xa1, 0x6a, 0xa2, 0xc4, 0xf7, 0xf6, 0xc6, 0xe2, 0x2c, 0x9d, 0xf4, + 0xa0, 0x76, 0xac, 0xcd, 0x38, 0x97, 0x3c, 0x44, 0xf3, 0x2c, 0x40, 0xd2, 0x20, 0x23, 0x49, 0x9e, + 0xc1, 0xd6, 0x2a, 0xf2, 0x8a, 0x56, 0xff, 0x4f, 0xd1, 0xde, 0xbb, 0x1f, 0x37, 0x0d, 0xeb, 0xd7, + 0x4d, 0xc3, 0xfa, 0x7d, 0xd3, 0xb0, 0xbe, 0xfd, 0x69, 0xdc, 0xf9, 0xf2, 0xdc, 0xe3, 0xea, 0x32, + 0x1a, 0xe9, 0xca, 0xce, 0xa5, 0x1b, 0x5e, 0xf2, 0xb1, 0x90, 0x73, 0xfd, 0x08, 0x87, 0xd1, 0xac, + 0xb3, 0xf6, 0x36, 0x8f, 0x4a, 0x06, 0x38, 0xfc, 0x1b, 0x00, 0x00, 0xff, 0xff, 0xda, 0x8a, 0x91, + 0x6e, 0xb5, 0x05, 0x00, 0x00, } func (m *CARoots) Marshal() (dAtA []byte, err error) { @@ -1207,7 +1236,7 @@ func (m *CARoots) Unmarshal(dAtA []byte) error { return io.ErrUnexpectedEOF } if m.QueryMeta == nil { - m.QueryMeta = &pbcommon.QueryMeta{} + m.QueryMeta = &pbcommongogo.QueryMeta{} } if err := m.QueryMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err @@ -1748,7 +1777,7 @@ func (m *CARoot) Unmarshal(dAtA []byte) error { return io.ErrUnexpectedEOF } if m.RaftIndex == nil { - m.RaftIndex = &pbcommon.RaftIndex{} + m.RaftIndex = &pbcommongogo.RaftIndex{} } if err := m.RaftIndex.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err @@ -2131,7 +2160,7 @@ func (m *IssuedCert) Unmarshal(dAtA []byte) error { return io.ErrUnexpectedEOF } if m.EnterpriseMeta == nil { - m.EnterpriseMeta = &pbcommon.EnterpriseMeta{} + m.EnterpriseMeta = &pbcommongogo.EnterpriseMeta{} } if err := m.EnterpriseMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err @@ -2167,7 +2196,7 @@ func (m *IssuedCert) Unmarshal(dAtA []byte) error { return io.ErrUnexpectedEOF } if m.RaftIndex == nil { - m.RaftIndex = &pbcommon.RaftIndex{} + m.RaftIndex = &pbcommongogo.RaftIndex{} } if err := m.RaftIndex.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err diff --git a/proto/pbconnect/connect.proto b/proto/pbconnect/connect.proto index 0b2d10b46..129fa5385 100644 --- a/proto/pbconnect/connect.proto +++ b/proto/pbconnect/connect.proto @@ -5,9 +5,15 @@ package connect; option go_package = "github.com/hashicorp/consul/proto/pbconnect"; import "google/protobuf/timestamp.proto"; -import "proto/pbcommon/common.proto"; +import "proto/pbcommongogo/common.proto"; // CARoots is the list of all currently trusted CA Roots. +// +// mog annotation: +// +// target=github.com/hashicorp/consul/agent/structs.IndexedCARoots +// output=connect.gen.go +// name=StructsIndexedCARoots message CARoots { // ActiveRootID is the ID of a root in Roots that is the active CA root. // Other roots are still valid if they're in the Roots list but are in @@ -43,9 +49,17 @@ message CARoots { // QueryMeta here is mainly used to contain the latest Raft Index that could // be used to perform a blocking query. - common.QueryMeta QueryMeta = 4; + // mog: func-to=QueryMetaTo func-from=QueryMetaFrom + commongogo.QueryMeta QueryMeta = 4; } +// CARoot is the trusted CA Root. +// +// mog annotation: +// +// target=github.com/hashicorp/consul/agent/structs.CARoot +// output=connect.gen.go +// name=StructsCARoot message CARoot { // ID is a globally unique ID (UUID) representing this CA root. string ID = 1; @@ -73,7 +87,9 @@ message CARoot { string ExternalTrustDomain = 5; // Time validity bounds. + // mog: func-to=structs.TimeFromProtoGogo func-from=structs.TimeToProtoGogo google.protobuf.Timestamp NotBefore = 6; + // mog: func-to=structs.TimeFromProtoGogo func-from=structs.TimeToProtoGogo google.protobuf.Timestamp NotAfter = 7; // RootCert is the PEM-encoded public certificate. @@ -98,6 +114,7 @@ message CARoot { // RotatedOutAt is the time at which this CA was removed from the state. // This will only be set on roots that have been rotated out from being the // active root. + // mog: func-to=structs.TimeFromProtoGogo func-from=structs.TimeToProtoGogo google.protobuf.Timestamp RotatedOutAt = 13; // PrivateKeyType is the type of the private key used to sign certificates. It @@ -108,11 +125,19 @@ message CARoot { // PrivateKeyBits is the length of the private key used to sign certificates. // This is provided as a convenience to avoid parsing the public key from the // certificate to infer the type. + // mog: func-to=int func-from=int32 int32 PrivateKeyBits = 15; - - common.RaftIndex RaftIndex = 16; + + // mog: func-to=RaftIndexTo func-from=RaftIndexFrom + commongogo.RaftIndex RaftIndex = 16; } +// +// mog annotation: +// +// target=github.com/hashicorp/consul/agent/structs.IssuedCert +// output=connect.gen.go +// name=StructsIssuedCert message IssuedCert { // SerialNumber is the unique serial number for this certificate. // This is encoded in standard hex separated by :. @@ -136,11 +161,15 @@ message IssuedCert { // ValidAfter and ValidBefore are the validity periods for the // certificate. + // mog: func-to=structs.TimeFromProtoGogo func-from=structs.TimeToProtoGogo google.protobuf.Timestamp ValidAfter = 8; + // mog: func-to=structs.TimeFromProtoGogo func-from=structs.TimeToProtoGogo google.protobuf.Timestamp ValidBefore = 9; // EnterpriseMeta is the Consul Enterprise specific metadata - common.EnterpriseMeta EnterpriseMeta = 10; + // mog: func-to=EnterpriseMetaTo func-from=EnterpriseMetaFrom + commongogo.EnterpriseMeta EnterpriseMeta = 10; - common.RaftIndex RaftIndex = 11; + // mog: func-to=RaftIndexTo func-from=RaftIndexFrom + commongogo.RaftIndex RaftIndex = 11; } \ No newline at end of file diff --git a/proto/pbservice/convert.go b/proto/pbservice/convert.go index 6f679d237..a68c22b8f 100644 --- a/proto/pbservice/convert.go +++ b/proto/pbservice/convert.go @@ -2,18 +2,18 @@ package pbservice import ( "github.com/hashicorp/consul/agent/structs" - "github.com/hashicorp/consul/proto/pbcommon" + "github.com/hashicorp/consul/proto/pbcommongogo" ) -func RaftIndexToStructs(s pbcommon.RaftIndex) structs.RaftIndex { +func RaftIndexToStructs(s pbcommongogo.RaftIndex) structs.RaftIndex { return structs.RaftIndex{ CreateIndex: s.CreateIndex, ModifyIndex: s.ModifyIndex, } } -func NewRaftIndexFromStructs(s structs.RaftIndex) pbcommon.RaftIndex { - return pbcommon.RaftIndex{ +func NewRaftIndexFromStructs(s structs.RaftIndex) pbcommongogo.RaftIndex { + return pbcommongogo.RaftIndex{ CreateIndex: s.CreateIndex, ModifyIndex: s.ModifyIndex, } diff --git a/proto/pbservice/convert_oss.go b/proto/pbservice/convert_oss.go index 215a2dc5f..214cf69ad 100644 --- a/proto/pbservice/convert_oss.go +++ b/proto/pbservice/convert_oss.go @@ -5,13 +5,13 @@ package pbservice import ( "github.com/hashicorp/consul/agent/structs" - "github.com/hashicorp/consul/proto/pbcommon" + "github.com/hashicorp/consul/proto/pbcommongogo" ) -func EnterpriseMetaToStructs(_ pbcommon.EnterpriseMeta) structs.EnterpriseMeta { +func EnterpriseMetaToStructs(_ pbcommongogo.EnterpriseMeta) structs.EnterpriseMeta { return structs.EnterpriseMeta{} } -func NewEnterpriseMetaFromStructs(_ structs.EnterpriseMeta) pbcommon.EnterpriseMeta { - return pbcommon.EnterpriseMeta{} +func NewEnterpriseMetaFromStructs(_ structs.EnterpriseMeta) pbcommongogo.EnterpriseMeta { + return pbcommongogo.EnterpriseMeta{} } diff --git a/proto/pbservice/healthcheck.pb.go b/proto/pbservice/healthcheck.pb.go index cd06be937..cb9eed6f8 100644 --- a/proto/pbservice/healthcheck.pb.go +++ b/proto/pbservice/healthcheck.pb.go @@ -8,7 +8,7 @@ import ( _ "github.com/gogo/protobuf/gogoproto" types "github.com/gogo/protobuf/types" proto "github.com/golang/protobuf/proto" - pbcommon "github.com/hashicorp/consul/proto/pbcommon" + pbcommongogo "github.com/hashicorp/consul/proto/pbcommongogo" github_com_hashicorp_consul_types "github.com/hashicorp/consul/types" io "io" math "math" @@ -46,9 +46,9 @@ type HealthCheck struct { Type string `protobuf:"bytes,12,opt,name=Type,proto3" json:"Type,omitempty"` Definition HealthCheckDefinition `protobuf:"bytes,10,opt,name=Definition,proto3" json:"Definition"` // mog: func-to=RaftIndexToStructs func-from=NewRaftIndexFromStructs - pbcommon.RaftIndex `protobuf:"bytes,11,opt,name=RaftIndex,proto3,embedded=RaftIndex" json:"RaftIndex"` + pbcommongogo.RaftIndex `protobuf:"bytes,11,opt,name=RaftIndex,proto3,embedded=RaftIndex" json:"RaftIndex"` // mog: func-to=EnterpriseMetaToStructs func-from=NewEnterpriseMetaFromStructs - EnterpriseMeta pbcommon.EnterpriseMeta `protobuf:"bytes,13,opt,name=EnterpriseMeta,proto3" json:"EnterpriseMeta"` + EnterpriseMeta pbcommongogo.EnterpriseMeta `protobuf:"bytes,13,opt,name=EnterpriseMeta,proto3" json:"EnterpriseMeta"` // mog: func-to=int func-from=int32 ExposedPort int32 `protobuf:"varint,14,opt,name=ExposedPort,proto3" json:"ExposedPort,omitempty"` Interval string `protobuf:"bytes,15,opt,name=Interval,proto3" json:"Interval,omitempty"` @@ -290,76 +290,76 @@ func init() { func init() { proto.RegisterFile("proto/pbservice/healthcheck.proto", fileDescriptor_8a6f7448747c9fbe) } var fileDescriptor_8a6f7448747c9fbe = []byte{ - // 1092 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x56, 0x41, 0x4f, 0xe3, 0x46, - 0x14, 0x8e, 0x09, 0x49, 0xf0, 0x04, 0x58, 0x98, 0x05, 0x3a, 0xcb, 0x6e, 0x4d, 0x4a, 0xf7, 0x40, - 0x55, 0x9a, 0xa8, 0xb4, 0xaa, 0xba, 0xad, 0x54, 0x89, 0x10, 0x16, 0x52, 0x01, 0x4d, 0x9d, 0x74, - 0x2b, 0xf5, 0x66, 0x9c, 0x89, 0x63, 0x91, 0x78, 0xa2, 0xf1, 0x18, 0x91, 0xfe, 0x8a, 0x1e, 0xfb, - 0x03, 0xfa, 0x63, 0x38, 0x72, 0xac, 0x54, 0x09, 0xb5, 0xf0, 0x1b, 0x7a, 0xe9, 0xa9, 0x9a, 0x37, - 0x76, 0x62, 0x6f, 0xbc, 0x24, 0x2b, 0xed, 0x9e, 0x32, 0xef, 0x7d, 0xef, 0xcd, 0x78, 0xde, 0xfb, - 0xbe, 0x37, 0x41, 0x1f, 0x0d, 0x38, 0x13, 0xac, 0x32, 0x38, 0xf7, 0x29, 0xbf, 0x74, 0x6d, 0x5a, - 0xe9, 0x52, 0xab, 0x27, 0xba, 0x76, 0x97, 0xda, 0x17, 0x65, 0xc0, 0xb0, 0x3e, 0x02, 0x37, 0x0d, - 0x87, 0x31, 0xa7, 0x47, 0x2b, 0x00, 0x9c, 0x07, 0x9d, 0x4a, 0x3b, 0xe0, 0x96, 0x70, 0x99, 0xa7, - 0x42, 0x37, 0x9f, 0x46, 0xbb, 0xd9, 0xac, 0xdf, 0x67, 0x5e, 0x45, 0xfd, 0x84, 0xe0, 0x9a, 0xc3, - 0x1c, 0xa6, 0x02, 0xe4, 0x4a, 0x79, 0xb7, 0xff, 0x9a, 0x47, 0xc5, 0x63, 0x38, 0xf3, 0x40, 0x9e, - 0x89, 0x31, 0x9a, 0x3f, 0x63, 0x6d, 0x4a, 0xb4, 0x92, 0xb6, 0xa3, 0x9b, 0xb0, 0xc6, 0x47, 0xa8, - 0x00, 0x60, 0xbd, 0x46, 0xe6, 0xa4, 0xbb, 0xfa, 0xd9, 0x7f, 0xb7, 0x5b, 0x9f, 0x38, 0xae, 0xe8, - 0x06, 0xe7, 0x65, 0x9b, 0xf5, 0x2b, 0x5d, 0xcb, 0xef, 0xba, 0x36, 0xe3, 0x83, 0x8a, 0xcd, 0x3c, - 0x3f, 0xe8, 0x55, 0xc4, 0x70, 0x40, 0xfd, 0x72, 0x98, 0x64, 0x46, 0xd9, 0xb0, 0xb9, 0xd5, 0xa7, - 0x24, 0x1b, 0x6e, 0x6e, 0xf5, 0x29, 0xde, 0x40, 0xf9, 0xa6, 0xb0, 0x44, 0xe0, 0x93, 0x79, 0xf0, - 0x86, 0x16, 0x5e, 0x43, 0xb9, 0x33, 0x26, 0xa8, 0x4f, 0x72, 0xe0, 0x56, 0x86, 0x8c, 0xfe, 0x21, - 0x10, 0x83, 0x40, 0x90, 0xbc, 0x8a, 0x56, 0x16, 0x7e, 0x86, 0xf4, 0xa6, 0x2a, 0x52, 0xbd, 0x46, - 0x0a, 0x00, 0x8d, 0x1d, 0xb8, 0x84, 0x8a, 0xa1, 0x01, 0xc7, 0x2f, 0x00, 0x1e, 0x77, 0xc5, 0x22, - 0x5a, 0x96, 0xe3, 0x13, 0xbd, 0x94, 0x8d, 0x45, 0x48, 0x97, 0xfc, 0xf6, 0xd6, 0x70, 0x40, 0xc9, - 0xa2, 0xfa, 0x76, 0xb9, 0xc6, 0x2f, 0x11, 0xaa, 0xd1, 0x8e, 0xeb, 0xb9, 0xb2, 0x07, 0x04, 0x95, - 0xb4, 0x9d, 0xe2, 0x5e, 0xa9, 0x3c, 0xea, 0x57, 0x39, 0x56, 0xd8, 0x71, 0x5c, 0x75, 0xfe, 0xfa, - 0x76, 0x2b, 0x63, 0xc6, 0x32, 0xf1, 0x0b, 0xa4, 0x9b, 0x56, 0x47, 0xd4, 0xbd, 0x36, 0xbd, 0x22, - 0x45, 0xd8, 0x66, 0xb5, 0x1c, 0x36, 0x6f, 0x04, 0x54, 0x17, 0x64, 0xde, 0xcd, 0xed, 0x96, 0x66, - 0x8e, 0xa3, 0x71, 0x0d, 0x2d, 0x1f, 0x7a, 0x82, 0xf2, 0x01, 0x77, 0x7d, 0x7a, 0x4a, 0x85, 0x45, - 0x96, 0x20, 0x7f, 0x23, 0xca, 0x4f, 0xa2, 0xe1, 0xe1, 0xaf, 0xe5, 0xc8, 0xeb, 0x1f, 0x5e, 0x0d, - 0x98, 0x4f, 0xdb, 0x0d, 0xc6, 0x05, 0x59, 0x2e, 0x69, 0x3b, 0x39, 0x33, 0xee, 0xc2, 0x9b, 0x68, - 0xa1, 0x2e, 0x73, 0x2e, 0xad, 0x1e, 0x79, 0x04, 0x25, 0x18, 0xd9, 0x98, 0xa0, 0x42, 0xcb, 0xed, - 0x53, 0x16, 0x08, 0xb2, 0x02, 0x50, 0x64, 0x6e, 0x7f, 0x0c, 0xe4, 0x6a, 0x53, 0xfe, 0xca, 0xea, - 0x05, 0x54, 0xf6, 0x14, 0x16, 0x44, 0x83, 0xfa, 0x2a, 0x63, 0xfb, 0x8f, 0x02, 0x5a, 0x4f, 0xad, - 0x94, 0xac, 0xf9, 0x71, 0xab, 0xd5, 0x88, 0xc8, 0x28, 0xd7, 0xf8, 0x39, 0x5a, 0x6a, 0x9d, 0x34, - 0x65, 0x67, 0x28, 0x87, 0x6e, 0x3e, 0x06, 0x30, 0xe9, 0x8c, 0xa2, 0x2e, 0xdc, 0xc1, 0x2b, 0xca, - 0xdd, 0xce, 0x10, 0x88, 0xbb, 0x60, 0x26, 0x9d, 0xf8, 0x7b, 0x94, 0x57, 0x9f, 0x47, 0xb2, 0xa5, - 0xec, 0x4e, 0x71, 0x6f, 0x77, 0x5a, 0xef, 0xca, 0x2a, 0xfc, 0xd0, 0x13, 0x7c, 0x18, 0x96, 0x32, - 0xdc, 0x41, 0x32, 0xf3, 0x94, 0x8a, 0x2e, 0x6b, 0x47, 0x3c, 0x56, 0x96, 0xbc, 0x43, 0x95, 0xb5, - 0x87, 0x04, 0xab, 0x3b, 0xc8, 0x35, 0x5e, 0x41, 0xd9, 0xd6, 0x41, 0x23, 0x64, 0xb6, 0x5c, 0xe2, - 0x6f, 0x63, 0xe5, 0xcd, 0x43, 0x03, 0x9f, 0x94, 0x95, 0xd8, 0xcb, 0x91, 0xd8, 0xcb, 0xb5, 0x50, - 0xec, 0xe1, 0xc1, 0xe3, 0xfa, 0x3f, 0x47, 0x4b, 0x4a, 0x06, 0xa7, 0xd6, 0x55, 0xd3, 0xfd, 0x95, - 0x12, 0xbd, 0xa4, 0xed, 0x2c, 0x99, 0x49, 0x27, 0x7e, 0x31, 0xee, 0x52, 0x61, 0xb6, 0x13, 0xa2, - 0x78, 0xec, 0x20, 0xa3, 0x46, 0x39, 0x75, 0x5c, 0x5f, 0x50, 0x7e, 0xc0, 0x5d, 0xe1, 0xda, 0x56, - 0x2f, 0x14, 0xc7, 0x7e, 0x47, 0x50, 0x0e, 0x92, 0x9a, 0x61, 0xc7, 0x29, 0xdb, 0x60, 0x03, 0xa1, - 0xa6, 0xcd, 0xdd, 0x81, 0xd8, 0xe7, 0x8e, 0x4f, 0x10, 0xb0, 0x24, 0xe6, 0xc1, 0xbb, 0x68, 0xb5, - 0xc6, 0xec, 0x0b, 0xca, 0x0f, 0x98, 0x27, 0x2c, 0xd7, 0xa3, 0xbc, 0x5e, 0x03, 0xc1, 0xe8, 0xe6, - 0x24, 0x20, 0xe9, 0xd6, 0xec, 0xd2, 0x5e, 0x2f, 0xd4, 0xac, 0x32, 0x64, 0xa3, 0x8e, 0xf7, 0x1a, - 0xf5, 0xb3, 0x23, 0xb2, 0xa6, 0x1a, 0xa5, 0x2c, 0xbc, 0x8d, 0x16, 0x8f, 0xf7, 0x1a, 0xae, 0xe7, - 0xfc, 0xe4, 0xd3, 0xd6, 0x49, 0x93, 0xac, 0x03, 0x63, 0x12, 0x3e, 0xd9, 0xcc, 0x23, 0xb3, 0x71, - 0x00, 0x1a, 0xd3, 0x4d, 0x58, 0xcb, 0x6f, 0x96, 0xbf, 0x61, 0xd6, 0x32, 0x64, 0xc5, 0x3c, 0x72, - 0x34, 0xed, 0xf7, 0x5c, 0xcb, 0x87, 0xb1, 0xaa, 0xa4, 0x33, 0x76, 0xc8, 0x53, 0xc1, 0x08, 0xcb, - 0x10, 0x0a, 0x28, 0xe1, 0xc3, 0x9f, 0xa3, 0x6c, 0xab, 0x75, 0x42, 0x56, 0x67, 0xab, 0xb1, 0x8c, - 0xdd, 0xfc, 0x31, 0x12, 0x1e, 0x50, 0x55, 0x12, 0xee, 0x82, 0x0e, 0x43, 0x1d, 0xc9, 0x25, 0xde, - 0x45, 0xb9, 0x4b, 0x90, 0xe2, 0x5c, 0x38, 0x2e, 0x12, 0xcc, 0x8f, 0x14, 0x6b, 0xaa, 0xa0, 0x6f, - 0xe6, 0xbe, 0xd6, 0xb6, 0xff, 0xd5, 0x91, 0x0e, 0x72, 0x80, 0xd1, 0x17, 0x7b, 0x13, 0xb4, 0x77, - 0xf2, 0x26, 0xcc, 0xa5, 0xbe, 0x09, 0xd9, 0xf4, 0x37, 0x61, 0x3e, 0xfe, 0x26, 0x24, 0x49, 0x93, - 0x9b, 0x20, 0x4d, 0x34, 0x45, 0xf2, 0xb1, 0x29, 0xf2, 0xdd, 0x48, 0xf9, 0x6b, 0xa0, 0xfc, 0xf8, - 0xd4, 0x1e, 0x5d, 0x72, 0x26, 0xb5, 0x17, 0x52, 0xd5, 0xbe, 0x39, 0xa9, 0xf6, 0x85, 0x74, 0xb5, - 0xeb, 0x6f, 0xab, 0xf6, 0x04, 0x9f, 0xd0, 0x34, 0x3e, 0x15, 0x53, 0xf8, 0x94, 0xaa, 0xa2, 0xc5, - 0xa9, 0x2a, 0x5a, 0x4a, 0x57, 0xd1, 0xb3, 0x07, 0x55, 0x64, 0x3c, 0xa0, 0xa2, 0xe5, 0x37, 0xaa, - 0xe8, 0xd1, 0x84, 0x8a, 0x26, 0xc6, 0xfe, 0xd3, 0x99, 0xc6, 0xfe, 0x4a, 0xda, 0xd8, 0x8f, 0x4d, - 0xc2, 0xd5, 0xb7, 0x9c, 0x84, 0xa1, 0x14, 0xf1, 0xec, 0x52, 0xc4, 0x7b, 0x68, 0xad, 0x19, 0xd8, - 0x36, 0xf5, 0xfd, 0x2a, 0xed, 0x30, 0x4e, 0x1b, 0x96, 0xef, 0xbb, 0x9e, 0x03, 0xf3, 0x25, 0x67, - 0xa6, 0x62, 0xf8, 0x4b, 0xb4, 0xfe, 0xd2, 0x72, 0x7b, 0x01, 0xa7, 0x21, 0xf0, 0xb3, 0xc5, 0x3d, - 0x99, 0xf4, 0x21, 0x24, 0xa5, 0x83, 0xf8, 0x2b, 0xb4, 0x91, 0x04, 0xa2, 0x19, 0x4b, 0x36, 0x20, - 0xed, 0x0d, 0xa8, 0x64, 0x54, 0x83, 0xb3, 0xab, 0x21, 0xa8, 0xe4, 0x03, 0xc5, 0xa8, 0x91, 0x63, - 0x84, 0x42, 0xcb, 0x48, 0x0c, 0x85, 0xbe, 0x4d, 0x7f, 0x1a, 0x1e, 0xbf, 0x9b, 0xa7, 0x61, 0xe2, - 0x91, 0x7b, 0x02, 0x77, 0x4a, 0x3a, 0xdf, 0xc3, 0xdc, 0xab, 0x9e, 0x5e, 0xff, 0x63, 0x64, 0xae, - 0xef, 0x0c, 0xed, 0xe6, 0xce, 0xd0, 0xfe, 0xbe, 0x33, 0xb4, 0xdf, 0xee, 0x8d, 0xcc, 0xef, 0xf7, - 0x46, 0xe6, 0xe6, 0xde, 0xc8, 0xfc, 0x79, 0x6f, 0x64, 0x7e, 0xf9, 0xf4, 0xa1, 0xb1, 0xf7, 0xda, - 0x1f, 0xfc, 0xf3, 0x3c, 0x38, 0xbe, 0xf8, 0x3f, 0x00, 0x00, 0xff, 0xff, 0x8a, 0x43, 0x4c, 0xaf, - 0xfa, 0x0b, 0x00, 0x00, + // 1096 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x56, 0xdd, 0x4e, 0xe3, 0xc6, + 0x17, 0x8f, 0x09, 0x49, 0xf0, 0x64, 0x61, 0x97, 0x59, 0xe0, 0x3f, 0x9b, 0xff, 0xd6, 0xa4, 0x74, + 0x2f, 0xa8, 0x4a, 0x1d, 0x95, 0x56, 0x55, 0x3f, 0xd4, 0x4a, 0x84, 0xb0, 0x90, 0x0a, 0x68, 0xea, + 0xa4, 0x5b, 0xa9, 0x77, 0xc6, 0x99, 0x38, 0x16, 0x89, 0x27, 0x1a, 0x8f, 0x11, 0xe9, 0x53, 0xf4, + 0xb2, 0x0f, 0xd0, 0x87, 0xe1, 0x92, 0xcb, 0x5e, 0xa1, 0x16, 0x9e, 0xa1, 0x37, 0xbd, 0xaa, 0xe6, + 0x8c, 0x9d, 0xd8, 0x1b, 0x2f, 0x64, 0xa5, 0xed, 0x55, 0xce, 0xf9, 0x9d, 0x8f, 0x19, 0x9f, 0x73, + 0x7e, 0x67, 0x82, 0xde, 0x1f, 0x71, 0x26, 0x58, 0x6d, 0x74, 0x16, 0x50, 0x7e, 0xe1, 0x39, 0xb4, + 0xd6, 0xa7, 0xf6, 0x40, 0xf4, 0x9d, 0x3e, 0x75, 0xce, 0x4d, 0xb0, 0x61, 0x7d, 0x62, 0xac, 0x18, + 0x2e, 0x63, 0xee, 0x80, 0xd6, 0xc0, 0x70, 0x16, 0xf6, 0x6a, 0xdd, 0x90, 0xdb, 0xc2, 0x63, 0xbe, + 0x72, 0xad, 0x6c, 0xc6, 0xd9, 0x1c, 0x36, 0x1c, 0x32, 0xdf, 0x65, 0x2e, 0xab, 0x29, 0x31, 0x72, + 0x58, 0x93, 0x90, 0x72, 0x92, 0x92, 0x42, 0xb7, 0xee, 0x16, 0x51, 0xf9, 0x08, 0xce, 0xdd, 0x97, + 0xe7, 0x62, 0x8c, 0x16, 0x4f, 0x59, 0x97, 0x12, 0xad, 0xaa, 0x6d, 0xeb, 0x16, 0xc8, 0xf8, 0x10, + 0x95, 0xc0, 0xd8, 0x6c, 0x90, 0x05, 0x09, 0xd7, 0x3f, 0xfe, 0xe7, 0x66, 0xf3, 0x43, 0xd7, 0x13, + 0xfd, 0xf0, 0xcc, 0x74, 0xd8, 0xb0, 0xd6, 0xb7, 0x83, 0xbe, 0xe7, 0x30, 0x3e, 0xaa, 0x39, 0xcc, + 0x0f, 0xc2, 0x41, 0x4d, 0x8c, 0x47, 0x34, 0x30, 0xa3, 0x20, 0x2b, 0x8e, 0x86, 0xe4, 0xf6, 0x90, + 0x92, 0x7c, 0x94, 0xdc, 0x1e, 0x52, 0xbc, 0x81, 0x8a, 0x6d, 0x61, 0x8b, 0x30, 0x20, 0x8b, 0x80, + 0x46, 0x1a, 0x5e, 0x43, 0x85, 0x53, 0x26, 0x68, 0x40, 0x0a, 0x00, 0x2b, 0x45, 0x7a, 0x7f, 0x1f, + 0x8a, 0x51, 0x28, 0x48, 0x51, 0x79, 0x2b, 0x0d, 0x3f, 0x47, 0x7a, 0x5b, 0x15, 0xaa, 0xd9, 0x20, + 0x25, 0x30, 0x4d, 0x01, 0x5c, 0x45, 0xe5, 0x48, 0x81, 0xe3, 0x97, 0xc0, 0x9e, 0x84, 0x12, 0x1e, + 0x1d, 0xdb, 0x0d, 0x88, 0x5e, 0xcd, 0x27, 0x3c, 0x24, 0x24, 0xef, 0xde, 0x19, 0x8f, 0x28, 0x79, + 0xa4, 0xee, 0x2e, 0x65, 0xfc, 0x12, 0xa1, 0x06, 0xed, 0x79, 0xbe, 0x27, 0xfb, 0x40, 0x50, 0x55, + 0xdb, 0x2e, 0xef, 0x56, 0xcd, 0x49, 0xcf, 0xcc, 0x44, 0x61, 0xa7, 0x7e, 0xf5, 0xc5, 0xab, 0x9b, + 0xcd, 0x9c, 0x95, 0x88, 0xc4, 0xdf, 0x20, 0xdd, 0xb2, 0x7b, 0xa2, 0xe9, 0x77, 0xe9, 0x25, 0x29, + 0x43, 0x9a, 0x75, 0x73, 0xda, 0x47, 0x73, 0x62, 0xac, 0x2f, 0xc9, 0xd8, 0xeb, 0x9b, 0x4d, 0xcd, + 0x9a, 0x46, 0xe0, 0x23, 0xb4, 0x72, 0xe0, 0x0b, 0xca, 0x47, 0xdc, 0x0b, 0xe8, 0x09, 0x15, 0x36, + 0x59, 0x86, 0x1c, 0x95, 0x64, 0x8e, 0xb4, 0x47, 0x74, 0x89, 0xd7, 0xe2, 0x64, 0x19, 0x0e, 0x2e, + 0x47, 0x2c, 0xa0, 0xdd, 0x16, 0xe3, 0x82, 0xac, 0x54, 0xb5, 0xed, 0x82, 0x95, 0x84, 0x70, 0x05, + 0x2d, 0x35, 0x65, 0xcc, 0x85, 0x3d, 0x20, 0x8f, 0xa1, 0x14, 0x13, 0x1d, 0x13, 0x54, 0xea, 0x78, + 0x43, 0xca, 0x42, 0x41, 0x9e, 0x80, 0x29, 0x56, 0xb7, 0x3e, 0x80, 0x21, 0xeb, 0x52, 0xfe, 0xca, + 0x1e, 0x84, 0x54, 0xf6, 0x16, 0x04, 0xa2, 0x41, 0x9d, 0x95, 0xb2, 0xf5, 0x7b, 0x09, 0xad, 0x67, + 0x56, 0x4c, 0xd6, 0xfe, 0xa8, 0xd3, 0x69, 0xc5, 0x43, 0x29, 0x65, 0xfc, 0x02, 0x2d, 0x77, 0x8e, + 0xdb, 0xb2, 0x43, 0x94, 0x43, 0x57, 0x9f, 0x82, 0x31, 0x0d, 0xc6, 0x5e, 0xe7, 0xde, 0xe8, 0x15, + 0xe5, 0x5e, 0x6f, 0x0c, 0x03, 0xbc, 0x64, 0xa5, 0x41, 0xfc, 0x1d, 0x2a, 0xaa, 0xeb, 0x91, 0x7c, + 0x35, 0xbf, 0x5d, 0xde, 0xdd, 0x79, 0xa8, 0x87, 0xa6, 0x72, 0x3f, 0xf0, 0x05, 0x1f, 0x47, 0xa5, + 0x8c, 0x32, 0xc8, 0x09, 0x3d, 0xa1, 0xa2, 0xcf, 0xba, 0xf1, 0x3c, 0x2b, 0x4d, 0x7e, 0x43, 0x9d, + 0x75, 0xc7, 0x04, 0xab, 0x6f, 0x90, 0x32, 0x7e, 0x82, 0xf2, 0x9d, 0xfd, 0x56, 0x34, 0xe1, 0x52, + 0xc4, 0x5f, 0x27, 0xca, 0x5b, 0x84, 0x26, 0x3e, 0x33, 0x15, 0xf1, 0xcd, 0x98, 0xf8, 0x66, 0x23, + 0x22, 0x7e, 0x74, 0xf0, 0xb4, 0xfe, 0x2f, 0xd0, 0xb2, 0xa2, 0xc3, 0x89, 0x7d, 0xd9, 0xf6, 0x7e, + 0xa1, 0x44, 0xaf, 0x6a, 0xdb, 0xcb, 0x56, 0x1a, 0xc4, 0x5f, 0x4e, 0xbb, 0x54, 0x9a, 0xef, 0x84, + 0xd8, 0x1f, 0xbb, 0xc8, 0x68, 0x50, 0x4e, 0x5d, 0x2f, 0x10, 0x94, 0xef, 0x73, 0x4f, 0x78, 0x8e, + 0x3d, 0x88, 0x48, 0xb2, 0xd7, 0x13, 0x94, 0x03, 0xb5, 0xe6, 0xc8, 0xf8, 0x40, 0x1a, 0x6c, 0x20, + 0xd4, 0x76, 0xb8, 0x37, 0x12, 0x7b, 0xdc, 0x0d, 0x08, 0x82, 0x29, 0x49, 0x20, 0x78, 0x07, 0xad, + 0x36, 0x98, 0x73, 0x4e, 0xf9, 0x3e, 0xf3, 0x85, 0xed, 0xf9, 0x94, 0x37, 0x1b, 0x40, 0x1c, 0xdd, + 0x9a, 0x35, 0xc8, 0x71, 0x6b, 0xf7, 0xe9, 0x60, 0x10, 0x71, 0x57, 0x29, 0xb2, 0x51, 0x47, 0xbb, + 0xad, 0xe6, 0xe9, 0x21, 0x59, 0x53, 0x8d, 0x52, 0x1a, 0xde, 0x42, 0x8f, 0x8e, 0x76, 0x5b, 0x9e, + 0xef, 0xfe, 0x18, 0xd0, 0xce, 0x71, 0x9b, 0xac, 0xc3, 0xc4, 0xa4, 0x30, 0xd9, 0xcc, 0x43, 0xab, + 0xb5, 0x0f, 0x3c, 0xd3, 0x2d, 0x90, 0xe5, 0x9d, 0xe5, 0x6f, 0x14, 0xb5, 0x02, 0x51, 0x09, 0x44, + 0xae, 0xa8, 0xbd, 0x81, 0x67, 0x07, 0xb0, 0x5e, 0x15, 0x75, 0xa6, 0x80, 0x3c, 0x15, 0x94, 0xa8, + 0x0c, 0x11, 0x81, 0x52, 0x18, 0xfe, 0x04, 0xe5, 0x3b, 0x9d, 0x63, 0xb2, 0x3a, 0x5f, 0x8d, 0xa5, + 0x6f, 0xe5, 0x87, 0x98, 0x78, 0x30, 0xaa, 0x72, 0xe0, 0xce, 0xe9, 0x38, 0xe2, 0x91, 0x14, 0xf1, + 0x0e, 0x2a, 0x5c, 0x00, 0x15, 0x17, 0x20, 0xeb, 0x46, 0x7a, 0xf2, 0x63, 0xc6, 0x5a, 0xca, 0xe9, + 0xab, 0x85, 0x2f, 0xb4, 0xad, 0xbf, 0x75, 0xa4, 0x03, 0x1d, 0x60, 0x05, 0x26, 0xde, 0x06, 0xed, + 0x9d, 0xbc, 0x0d, 0x0b, 0x99, 0x6f, 0x43, 0x3e, 0xfb, 0x6d, 0x58, 0x4c, 0xbe, 0x0d, 0xe9, 0xa1, + 0x29, 0xcc, 0x0c, 0x4d, 0xbc, 0x45, 0x8a, 0x89, 0x2d, 0xf2, 0xed, 0x84, 0xf9, 0x6b, 0xc0, 0xfc, + 0xe4, 0xf6, 0x9e, 0x7c, 0xe4, 0x5c, 0x6c, 0x2f, 0x65, 0xb2, 0xbd, 0x32, 0xcb, 0xf6, 0xa5, 0x6c, + 0xb6, 0xeb, 0x6f, 0xcb, 0xf6, 0xd4, 0x3c, 0xa1, 0x87, 0xe6, 0xa9, 0x9c, 0x31, 0x4f, 0x99, 0x2c, + 0x7a, 0xf4, 0x20, 0x8b, 0x96, 0xb3, 0x59, 0xf4, 0xfc, 0x5e, 0x16, 0x19, 0xf7, 0xb0, 0x68, 0xe5, + 0x8d, 0x2c, 0x7a, 0x3c, 0xc3, 0xa2, 0x99, 0xb5, 0xff, 0xff, 0xb9, 0xd6, 0xfe, 0x93, 0xac, 0xb5, + 0x9f, 0xd8, 0x84, 0xab, 0x6f, 0xb9, 0x09, 0x23, 0x2a, 0xe2, 0xf9, 0xa9, 0x88, 0x77, 0xd1, 0x5a, + 0x3b, 0x74, 0x1c, 0x1a, 0x04, 0x75, 0xda, 0x63, 0x9c, 0xb6, 0xec, 0x20, 0xf0, 0x7c, 0x17, 0xf6, + 0x4b, 0xc1, 0xca, 0xb4, 0xe1, 0xcf, 0xd0, 0xfa, 0x4b, 0xdb, 0x1b, 0x84, 0x9c, 0x46, 0x86, 0x9f, + 0x6c, 0xee, 0xcb, 0xa0, 0xf7, 0x20, 0x28, 0xdb, 0x88, 0x3f, 0x47, 0x1b, 0x69, 0x43, 0xbc, 0x63, + 0xc9, 0x06, 0x84, 0xbd, 0xc1, 0x2a, 0x27, 0xaa, 0xc5, 0xd9, 0xe5, 0x18, 0x58, 0xf2, 0x3f, 0x35, + 0x51, 0x13, 0x60, 0x62, 0x85, 0x96, 0x91, 0x84, 0x15, 0xfa, 0xf6, 0xf0, 0xd3, 0xf0, 0xf4, 0xdd, + 0x3c, 0x0d, 0x33, 0x8f, 0xdc, 0x33, 0xf8, 0xa6, 0x34, 0xf8, 0x1f, 0xec, 0xbd, 0xfa, 0xc9, 0xd5, + 0x5f, 0x46, 0xee, 0xea, 0xd6, 0xd0, 0xae, 0x6f, 0x0d, 0xed, 0xcf, 0x5b, 0x43, 0xfb, 0xf5, 0xce, + 0xc8, 0xfd, 0x76, 0x67, 0xe4, 0xae, 0xef, 0x8c, 0xdc, 0x1f, 0x77, 0x46, 0xee, 0xe7, 0x8f, 0xee, + 0x5b, 0x7b, 0xaf, 0xfd, 0xd9, 0x3f, 0x2b, 0x02, 0xf0, 0xe9, 0xbf, 0x01, 0x00, 0x00, 0xff, 0xff, + 0x87, 0x18, 0xc2, 0xd7, 0x06, 0x0c, 0x00, 0x00, } func (m *HealthCheck) Marshal() (dAtA []byte, err error) { diff --git a/proto/pbservice/healthcheck.proto b/proto/pbservice/healthcheck.proto index 6a8fb5906..15a5d3dce 100644 --- a/proto/pbservice/healthcheck.proto +++ b/proto/pbservice/healthcheck.proto @@ -5,7 +5,7 @@ package pbservice; option go_package = "github.com/hashicorp/consul/proto/pbservice"; import "google/protobuf/duration.proto"; -import "proto/pbcommon/common.proto"; +import "proto/pbcommongogo/common.proto"; // This fake import path is replaced by the build script with a versioned path import "gogoproto/gogo.proto"; @@ -37,10 +37,10 @@ message HealthCheck { HealthCheckDefinition Definition = 10 [(gogoproto.nullable) = false]; // mog: func-to=RaftIndexToStructs func-from=NewRaftIndexFromStructs - common.RaftIndex RaftIndex = 11 [(gogoproto.embed) = true, (gogoproto.nullable) = false]; + commongogo.RaftIndex RaftIndex = 11 [(gogoproto.embed) = true, (gogoproto.nullable) = false]; // mog: func-to=EnterpriseMetaToStructs func-from=NewEnterpriseMetaFromStructs - common.EnterpriseMeta EnterpriseMeta = 13 [(gogoproto.nullable) = false]; + commongogo.EnterpriseMeta EnterpriseMeta = 13 [(gogoproto.nullable) = false]; // mog: func-to=int func-from=int32 int32 ExposedPort = 14; diff --git a/proto/pbservice/ids_test.go b/proto/pbservice/ids_test.go index ae425e05c..2856aa70a 100644 --- a/proto/pbservice/ids_test.go +++ b/proto/pbservice/ids_test.go @@ -5,7 +5,7 @@ import ( "github.com/stretchr/testify/require" - "github.com/hashicorp/consul/proto/pbcommon" + "github.com/hashicorp/consul/proto/pbcommongogo" ) func TestCheckServiceNode_UniqueID(t *testing.T) { @@ -25,7 +25,7 @@ func TestCheckServiceNode_UniqueID(t *testing.T) { Node: &Node{Node: "the-node-name"}, Service: &NodeService{ ID: "the-service-id", - EnterpriseMeta: pbcommon.EnterpriseMeta{Namespace: "the-namespace"}, + EnterpriseMeta: pbcommongogo.EnterpriseMeta{Namespace: "the-namespace"}, }, }, expected: "/the-node-name/the-namespace/the-service-id", @@ -35,7 +35,7 @@ func TestCheckServiceNode_UniqueID(t *testing.T) { csn: CheckServiceNode{ Service: &NodeService{ ID: "the-service-id", - EnterpriseMeta: pbcommon.EnterpriseMeta{Namespace: "the-namespace"}, + EnterpriseMeta: pbcommongogo.EnterpriseMeta{Namespace: "the-namespace"}, }, }, expected: "/the-namespace/the-service-id", diff --git a/proto/pbservice/node.pb.go b/proto/pbservice/node.pb.go index 98f1e4732..a93dc6da1 100644 --- a/proto/pbservice/node.pb.go +++ b/proto/pbservice/node.pb.go @@ -8,7 +8,7 @@ import ( _ "github.com/gogo/protobuf/gogoproto" proto "github.com/golang/protobuf/proto" github_com_hashicorp_consul_agent_structs "github.com/hashicorp/consul/agent/structs" - pbcommon "github.com/hashicorp/consul/proto/pbcommon" + pbcommongogo "github.com/hashicorp/consul/proto/pbcommongogo" github_com_hashicorp_consul_types "github.com/hashicorp/consul/types" io "io" math "math" @@ -83,7 +83,7 @@ type Node struct { TaggedAddresses map[string]string `protobuf:"bytes,5,rep,name=TaggedAddresses,proto3" json:"TaggedAddresses,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` Meta map[string]string `protobuf:"bytes,6,rep,name=Meta,proto3" json:"Meta,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` // mog: func-to=RaftIndexToStructs func-from=NewRaftIndexFromStructs - pbcommon.RaftIndex `protobuf:"bytes,7,opt,name=RaftIndex,proto3,embedded=RaftIndex" json:"RaftIndex"` + pbcommongogo.RaftIndex `protobuf:"bytes,7,opt,name=RaftIndex,proto3,embedded=RaftIndex" json:"RaftIndex"` } func (m *Node) Reset() { *m = Node{} } @@ -177,9 +177,9 @@ type NodeService struct { // somewhere this is used in API output. LocallyRegisteredAsSidecar bool `protobuf:"varint,13,opt,name=LocallyRegisteredAsSidecar,proto3" json:"LocallyRegisteredAsSidecar,omitempty"` // mog: func-to=EnterpriseMetaToStructs func-from=NewEnterpriseMetaFromStructs - EnterpriseMeta pbcommon.EnterpriseMeta `protobuf:"bytes,16,opt,name=EnterpriseMeta,proto3" json:"EnterpriseMeta"` + EnterpriseMeta pbcommongogo.EnterpriseMeta `protobuf:"bytes,16,opt,name=EnterpriseMeta,proto3" json:"EnterpriseMeta"` // mog: func-to=RaftIndexToStructs func-from=NewRaftIndexFromStructs - pbcommon.RaftIndex `protobuf:"bytes,14,opt,name=RaftIndex,proto3,embedded=RaftIndex" json:"RaftIndex"` + pbcommongogo.RaftIndex `protobuf:"bytes,14,opt,name=RaftIndex,proto3,embedded=RaftIndex" json:"RaftIndex"` } func (m *NodeService) Reset() { *m = NodeService{} } @@ -228,56 +228,56 @@ func init() { func init() { proto.RegisterFile("proto/pbservice/node.proto", fileDescriptor_bbc215b78fa95fe5) } var fileDescriptor_bbc215b78fa95fe5 = []byte{ - // 773 bytes of a gzipped FileDescriptorProto + // 777 bytes of a gzipped FileDescriptorProto 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x55, 0xcd, 0x6e, 0xd3, 0x4a, - 0x14, 0x8e, 0x13, 0xa7, 0x69, 0x26, 0xf7, 0xf6, 0x67, 0x54, 0x5d, 0xcd, 0xcd, 0xbd, 0x75, 0x42, - 0x61, 0x51, 0xa9, 0xc5, 0x46, 0x05, 0x04, 0x41, 0x08, 0xa9, 0x69, 0x2a, 0x11, 0x41, 0x4b, 0xe4, + 0x14, 0x8e, 0x13, 0xa7, 0x69, 0x26, 0xf7, 0xf6, 0x67, 0xd4, 0x7b, 0x35, 0x37, 0xba, 0x75, 0x42, + 0x61, 0x51, 0xa9, 0xc5, 0x46, 0x05, 0x04, 0x45, 0x80, 0xd4, 0x34, 0x95, 0x1a, 0x41, 0x4b, 0xe4, 0x56, 0x42, 0x02, 0xb1, 0x98, 0xd8, 0x53, 0xdb, 0x6a, 0xea, 0x89, 0xc6, 0x93, 0xaa, 0x79, 0x0b, - 0x96, 0xf0, 0x02, 0x3c, 0x4b, 0x97, 0x5d, 0xb2, 0x8a, 0xa0, 0x59, 0xf0, 0x0e, 0x5d, 0xa1, 0x19, - 0x4f, 0x12, 0xc7, 0x0d, 0x15, 0x95, 0x58, 0xcd, 0xf8, 0x7c, 0xdf, 0x39, 0x73, 0x66, 0xbe, 0xef, - 0x24, 0xa0, 0xdc, 0x65, 0x94, 0x53, 0xab, 0xdb, 0x8e, 0x08, 0x3b, 0x0d, 0x1c, 0x62, 0x85, 0xd4, - 0x25, 0xa6, 0x0c, 0xc2, 0xe2, 0x38, 0x5a, 0xfe, 0x6f, 0x44, 0x73, 0xe8, 0xc9, 0x09, 0x0d, 0xad, - 0x78, 0x89, 0x79, 0xe5, 0x3b, 0xe9, 0x1a, 0x3e, 0xc1, 0x1d, 0xee, 0x3b, 0x3e, 0x71, 0x8e, 0x15, - 0x65, 0x35, 0x4d, 0x51, 0xab, 0x82, 0x57, 0x3c, 0xea, 0xd1, 0x98, 0x22, 0x76, 0x71, 0x74, 0xed, - 0xb3, 0x06, 0x96, 0x76, 0x44, 0x91, 0x83, 0x98, 0xbc, 0x4f, 0x5d, 0x02, 0xef, 0x02, 0x5d, 0xac, - 0x48, 0xab, 0x6a, 0xeb, 0xa5, 0xad, 0x45, 0x73, 0x5c, 0xd2, 0x14, 0x61, 0x5b, 0x82, 0xf0, 0x01, - 0x28, 0xa8, 0x1c, 0x94, 0x95, 0xbc, 0x7f, 0x52, 0x3c, 0x85, 0xda, 0x23, 0x1a, 0x34, 0xc1, 0x9c, - 0x3c, 0x2a, 0x42, 0xb9, 0x6a, 0x2e, 0x95, 0xf0, 0x52, 0x5e, 0x47, 0xc2, 0xb6, 0x62, 0xad, 0xfd, - 0xc8, 0xc5, 0x7d, 0xc0, 0xe7, 0x20, 0xdb, 0x6c, 0xc8, 0x6e, 0x8a, 0xf5, 0xcd, 0xab, 0x41, 0x65, - 0xdd, 0x0b, 0xb8, 0xdf, 0x6b, 0x9b, 0x0e, 0x3d, 0xb1, 0x7c, 0x1c, 0xf9, 0x81, 0x43, 0x59, 0xd7, - 0x72, 0x68, 0x18, 0xf5, 0x3a, 0x16, 0xef, 0x77, 0x49, 0x24, 0x1b, 0x68, 0x36, 0xec, 0x6c, 0xb3, - 0x01, 0xa1, 0xba, 0x8d, 0xe8, 0xb2, 0xa8, 0x9a, 0xff, 0x1f, 0x14, 0x5b, 0x98, 0xf1, 0x80, 0x07, - 0x34, 0x44, 0xf3, 0x12, 0x98, 0x04, 0x20, 0x02, 0x85, 0x6d, 0xd7, 0x65, 0x24, 0x12, 0x9d, 0x0a, - 0x6c, 0xf4, 0x09, 0x0d, 0x00, 0x1a, 0x98, 0x63, 0x87, 0x84, 0x9c, 0x30, 0xa4, 0x4b, 0x30, 0x11, - 0x81, 0xfb, 0x60, 0xf1, 0x10, 0x7b, 0x1e, 0x71, 0x55, 0x02, 0x89, 0x50, 0x5e, 0xde, 0xf5, 0x5e, - 0xea, 0x71, 0xcc, 0x14, 0x6d, 0x37, 0xe4, 0xac, 0x6f, 0xa7, 0x93, 0xe1, 0x7d, 0xa0, 0xef, 0x11, - 0x8e, 0xd1, 0x9c, 0x2c, 0xf2, 0x6f, 0xba, 0x88, 0xc0, 0xe2, 0x4c, 0x49, 0x83, 0x35, 0x50, 0xb4, - 0xf1, 0x11, 0x6f, 0x86, 0x2e, 0x39, 0x43, 0x05, 0xa9, 0xca, 0xb2, 0xa9, 0x7c, 0x34, 0x06, 0xea, - 0xf3, 0xe7, 0x83, 0x4a, 0xe6, 0x62, 0x50, 0xd1, 0xec, 0x09, 0xbb, 0x5c, 0x07, 0x2b, 0xb3, 0x5a, - 0x82, 0x4b, 0x20, 0x77, 0x4c, 0xfa, 0xf1, 0xe3, 0xdb, 0x62, 0x0b, 0x57, 0x40, 0xfe, 0x14, 0x77, - 0x7a, 0xa3, 0x07, 0x8d, 0x3f, 0x9e, 0x65, 0x9f, 0x6a, 0xe5, 0x27, 0xa0, 0x38, 0xee, 0xe8, 0x36, - 0x89, 0x6b, 0x5f, 0x0a, 0xa0, 0x94, 0xb0, 0x0c, 0xdc, 0x03, 0xfa, 0xab, 0x20, 0x74, 0x95, 0xe4, - 0xb5, 0xab, 0x41, 0xe5, 0xf1, 0x4d, 0x92, 0x63, 0x8f, 0x84, 0xdc, 0x8a, 0x38, 0xeb, 0x39, 0x3c, - 0x32, 0x55, 0x11, 0x51, 0xc0, 0x96, 0x65, 0xe0, 0x82, 0xf4, 0x4f, 0x7c, 0xaa, 0x70, 0x04, 0x9a, - 0x58, 0x57, 0xe9, 0x3b, 0x3a, 0x18, 0x02, 0xfd, 0x10, 0x7b, 0x11, 0xd2, 0xab, 0x39, 0xe1, 0x15, - 0xb1, 0x4f, 0xba, 0x21, 0x3f, 0xed, 0x86, 0xf7, 0xd7, 0xd5, 0x5e, 0x94, 0x42, 0x6d, 0xcc, 0x1e, - 0x85, 0x99, 0xa2, 0xd7, 0x75, 0x21, 0xc7, 0x75, 0xe9, 0x1f, 0x4d, 0x49, 0x5f, 0xfd, 0x45, 0xc5, - 0xb4, 0x03, 0x20, 0xd0, 0x5b, 0x94, 0x71, 0x29, 0x7e, 0xde, 0x96, 0x7b, 0x61, 0xda, 0x03, 0xea, - 0x1c, 0x13, 0xde, 0xc2, 0xdc, 0x47, 0xcb, 0xb1, 0x69, 0x27, 0x11, 0xb8, 0x09, 0x0a, 0x6f, 0x49, - 0xe0, 0xf9, 0x3c, 0x92, 0xa3, 0x50, 0xda, 0x82, 0x89, 0xc3, 0x14, 0x62, 0x8f, 0x28, 0x70, 0x13, - 0x2c, 0xef, 0x86, 0xb8, 0xdd, 0x21, 0x87, 0xd8, 0x7b, 0x73, 0x4a, 0x18, 0x0b, 0x5c, 0x82, 0x8a, - 0x55, 0x6d, 0x7d, 0xde, 0xbe, 0x0e, 0xc0, 0x1a, 0xc8, 0xb7, 0x18, 0x3d, 0xeb, 0xa3, 0x92, 0xac, - 0xbc, 0x9a, 0xa8, 0xbc, 0x43, 0xc3, 0x90, 0x38, 0x5c, 0xc2, 0x3b, 0x34, 0x3c, 0x0a, 0x3c, 0xf5, - 0x14, 0x71, 0x06, 0xac, 0x81, 0x82, 0xa2, 0xa0, 0xbf, 0x64, 0x72, 0xd2, 0xfe, 0xea, 0xfe, 0x8a, - 0xa0, 0x12, 0x47, 0x7c, 0xf8, 0x02, 0x94, 0x5f, 0x53, 0x07, 0x77, 0x3a, 0x7d, 0x9b, 0x78, 0x41, - 0xc4, 0x09, 0x23, 0xee, 0x76, 0x74, 0x10, 0xb8, 0xc4, 0xc1, 0x0c, 0xfd, 0x2d, 0x9b, 0xbd, 0x81, - 0x01, 0x1b, 0x60, 0x61, 0x57, 0xcc, 0x73, 0x97, 0x05, 0x11, 0x91, 0x2a, 0x2c, 0xa9, 0x9f, 0x38, - 0x35, 0x4c, 0xd3, 0xa8, 0x3a, 0x3e, 0x95, 0x33, 0x3d, 0x8d, 0x0b, 0xb7, 0x9a, 0xc6, 0x0f, 0xbf, - 0x3d, 0x8d, 0x56, 0x72, 0xa8, 0x66, 0xbe, 0x91, 0x2a, 0xf1, 0x27, 0x06, 0xb5, 0xbe, 0x77, 0xfe, - 0xdd, 0xc8, 0x9c, 0x5f, 0x1a, 0xda, 0xc5, 0xa5, 0xa1, 0x7d, 0xbb, 0x34, 0xb4, 0x8f, 0x43, 0x23, - 0xf3, 0x69, 0x68, 0x64, 0x2e, 0x86, 0x46, 0xe6, 0xeb, 0xd0, 0xc8, 0xbc, 0xdb, 0xb8, 0x69, 0x50, - 0x53, 0xff, 0x50, 0xed, 0x39, 0x19, 0x78, 0xf8, 0x33, 0x00, 0x00, 0xff, 0xff, 0x3d, 0x3e, 0x64, - 0x61, 0x22, 0x07, 0x00, 0x00, + 0x96, 0xf0, 0x12, 0x3c, 0x47, 0x97, 0x5d, 0xb2, 0x8a, 0xa0, 0x59, 0xf2, 0x06, 0x5d, 0xa1, 0x19, + 0x4f, 0x12, 0xc7, 0x0d, 0x15, 0x95, 0x58, 0xe5, 0xf8, 0x9c, 0xef, 0x7c, 0x73, 0x66, 0xbe, 0xef, + 0x28, 0xa0, 0xdc, 0x61, 0x94, 0x53, 0xab, 0xd3, 0x8a, 0x08, 0x3b, 0x0d, 0x1c, 0x62, 0x85, 0xd4, + 0x25, 0xa6, 0x4c, 0xc2, 0xe2, 0x28, 0x5b, 0xae, 0x0c, 0x61, 0x0e, 0x3d, 0x39, 0xa1, 0xa1, 0x47, + 0x3d, 0x6a, 0xc5, 0x61, 0x8c, 0x2d, 0xdf, 0x49, 0xf3, 0xf8, 0x04, 0xb7, 0xb9, 0xef, 0xf8, 0xc4, + 0x39, 0x56, 0x90, 0xe5, 0x34, 0x44, 0xfd, 0xaa, 0xf2, 0x92, 0x20, 0x8d, 0x21, 0x22, 0x8a, 0xb3, + 0x2b, 0x9f, 0x35, 0xb0, 0xb0, 0x2d, 0x48, 0x0e, 0x62, 0xf0, 0x3e, 0x75, 0x09, 0xbc, 0x0b, 0x74, + 0xf1, 0x8b, 0xb4, 0xaa, 0xb6, 0x5a, 0xda, 0x98, 0x37, 0x47, 0x94, 0xa6, 0x48, 0xdb, 0xb2, 0x08, + 0x1f, 0x80, 0x82, 0xea, 0x41, 0x59, 0x89, 0xfb, 0x37, 0x85, 0x53, 0x55, 0x7b, 0x08, 0x83, 0x26, + 0x98, 0x91, 0x47, 0x45, 0x28, 0x57, 0xcd, 0xa5, 0x1a, 0x76, 0xe5, 0x75, 0x64, 0xd9, 0x56, 0xa8, + 0x95, 0x1f, 0xb9, 0x78, 0x0e, 0xf8, 0x1c, 0x64, 0x1b, 0x75, 0x39, 0x4d, 0xb1, 0xb6, 0x7e, 0xd5, + 0xaf, 0xac, 0x7a, 0x01, 0xf7, 0xbb, 0x2d, 0xd3, 0xa1, 0x27, 0x96, 0x8f, 0x23, 0x3f, 0x70, 0x28, + 0xeb, 0x58, 0x0e, 0x0d, 0xa3, 0x6e, 0xdb, 0xe2, 0xbd, 0x0e, 0x89, 0xe4, 0x00, 0x8d, 0xba, 0x9d, + 0x6d, 0xd4, 0x21, 0x54, 0xb7, 0x11, 0x53, 0x16, 0xd5, 0xf0, 0xff, 0x83, 0x62, 0x13, 0x33, 0x1e, + 0xf0, 0x80, 0x86, 0x68, 0x56, 0x16, 0xc6, 0x09, 0x88, 0x40, 0x61, 0xcb, 0x75, 0x19, 0x89, 0xc4, + 0xa4, 0xa2, 0x36, 0xfc, 0x84, 0x06, 0x00, 0x75, 0xcc, 0xb1, 0x43, 0x42, 0x4e, 0x18, 0xd2, 0x65, + 0x31, 0x91, 0x81, 0xfb, 0x60, 0xfe, 0x10, 0x7b, 0x1e, 0x71, 0x55, 0x03, 0x89, 0x50, 0x5e, 0xde, + 0xf5, 0x5e, 0xea, 0x71, 0xcc, 0x14, 0x6c, 0x27, 0xe4, 0xac, 0x67, 0xa7, 0x9b, 0xe1, 0x7d, 0xa0, + 0xef, 0x11, 0x8e, 0xd1, 0x8c, 0x24, 0xf9, 0x2f, 0x4d, 0x22, 0x6a, 0x71, 0xa7, 0x84, 0xc1, 0x17, + 0xa0, 0x68, 0xe3, 0x23, 0xde, 0x08, 0x5d, 0x72, 0x86, 0x0a, 0x52, 0x95, 0x7f, 0xcc, 0xb1, 0xa5, + 0xcc, 0x51, 0xb1, 0x36, 0x7b, 0xde, 0xaf, 0x64, 0x2e, 0xfa, 0x15, 0xcd, 0x1e, 0x77, 0x94, 0x6b, + 0x60, 0x69, 0xda, 0x58, 0x70, 0x01, 0xe4, 0x8e, 0x49, 0x2f, 0x16, 0xc0, 0x16, 0x21, 0x5c, 0x02, + 0xf9, 0x53, 0xdc, 0xee, 0x0e, 0x1f, 0x35, 0xfe, 0x78, 0x96, 0x7d, 0xaa, 0x95, 0x9f, 0x80, 0xe2, + 0x68, 0xaa, 0xdb, 0x34, 0xae, 0x7c, 0x29, 0x80, 0x52, 0xc2, 0x36, 0x70, 0x0f, 0xe8, 0xaf, 0x82, + 0xd0, 0x55, 0xb2, 0x6f, 0x5e, 0xf5, 0x2b, 0x8f, 0x6f, 0x92, 0x1d, 0x7b, 0x24, 0xe4, 0x56, 0xc4, + 0x59, 0xd7, 0xe1, 0x91, 0xa9, 0x48, 0x04, 0x81, 0x2d, 0x69, 0xe0, 0x9c, 0xf4, 0x50, 0x7c, 0xaa, + 0x70, 0x05, 0x1a, 0xdb, 0x57, 0x69, 0x3c, 0x3c, 0x18, 0x02, 0xfd, 0x10, 0x7b, 0x11, 0xd2, 0xab, + 0x39, 0xe1, 0x17, 0x11, 0x27, 0x1d, 0x91, 0x9f, 0x74, 0xc4, 0xfb, 0xeb, 0x8a, 0xcf, 0x4b, 0xb1, + 0xd6, 0xa6, 0xaf, 0xc3, 0x54, 0xe1, 0x6b, 0xba, 0x90, 0xe3, 0xba, 0xfc, 0x8f, 0x26, 0xe4, 0xaf, + 0xfe, 0x82, 0x31, 0xed, 0x02, 0x08, 0xf4, 0x26, 0x65, 0x5c, 0x1a, 0x20, 0x6f, 0xcb, 0x58, 0x18, + 0xf7, 0x80, 0x3a, 0xc7, 0x84, 0x37, 0x31, 0xf7, 0xd1, 0x62, 0x6c, 0xdc, 0x71, 0x06, 0xae, 0x83, + 0xc2, 0x5b, 0x12, 0x78, 0x3e, 0x8f, 0xe4, 0x3a, 0x94, 0x36, 0x60, 0xe2, 0x30, 0x55, 0xb1, 0x87, + 0x10, 0xb8, 0x0e, 0x16, 0x77, 0x42, 0xdc, 0x6a, 0x93, 0x43, 0xec, 0xbd, 0x39, 0x25, 0x8c, 0x05, + 0x2e, 0x41, 0xc5, 0xaa, 0xb6, 0x3a, 0x6b, 0x5f, 0x2f, 0xc0, 0x4d, 0x90, 0x6f, 0x32, 0x7a, 0xd6, + 0x43, 0x25, 0xc9, 0xbc, 0x9c, 0x60, 0xde, 0xa6, 0x61, 0x48, 0x1c, 0x2e, 0xcb, 0xdb, 0x34, 0x3c, + 0x0a, 0x3c, 0xf5, 0x14, 0x71, 0x07, 0xdc, 0x04, 0x05, 0x05, 0x41, 0x7f, 0xc9, 0xe6, 0xe4, 0x0a, + 0xa8, 0xfb, 0x2b, 0x80, 0x6a, 0x1c, 0xe2, 0xe1, 0x4b, 0x50, 0x7e, 0x4d, 0x1d, 0xdc, 0x6e, 0xf7, + 0x6c, 0xe2, 0x05, 0x11, 0x27, 0x8c, 0xb8, 0x5b, 0xd1, 0x41, 0xe0, 0x12, 0x07, 0x33, 0xf4, 0xb7, + 0x1c, 0xf6, 0x06, 0x04, 0xdc, 0x05, 0x73, 0x3b, 0x62, 0xa7, 0x3b, 0x2c, 0x88, 0x88, 0x54, 0x61, + 0x41, 0x4e, 0x50, 0x4e, 0x2e, 0xd4, 0x24, 0x42, 0x8d, 0x90, 0xea, 0x9b, 0xdc, 0xca, 0xb9, 0x5b, + 0x6f, 0xe5, 0x87, 0xdf, 0xde, 0x4a, 0x2b, 0xb9, 0x5c, 0x53, 0xdf, 0x4a, 0x51, 0xfc, 0x89, 0x85, + 0xad, 0xed, 0x9d, 0x7f, 0x37, 0x32, 0xe7, 0x97, 0x86, 0x76, 0x71, 0x69, 0x68, 0xdf, 0x2e, 0x0d, + 0xed, 0xe3, 0xc0, 0xc8, 0x7c, 0x1a, 0x18, 0x99, 0x8b, 0x81, 0x91, 0xf9, 0x3a, 0x30, 0x32, 0xef, + 0xd6, 0x6e, 0x5a, 0xd8, 0xd4, 0xbf, 0x55, 0x6b, 0x46, 0x26, 0x1e, 0xfe, 0x0c, 0x00, 0x00, 0xff, + 0xff, 0xf9, 0x3e, 0x1b, 0x2c, 0x32, 0x07, 0x00, 0x00, } func (m *CheckServiceNode) Marshal() (dAtA []byte, err error) { diff --git a/proto/pbservice/node.proto b/proto/pbservice/node.proto index 2600e7b14..c07e809a8 100644 --- a/proto/pbservice/node.proto +++ b/proto/pbservice/node.proto @@ -4,7 +4,7 @@ package pbservice; option go_package = "github.com/hashicorp/consul/proto/pbservice"; -import "proto/pbcommon/common.proto"; +import "proto/pbcommongogo/common.proto"; import "proto/pbservice/healthcheck.proto"; import "proto/pbservice/service.proto"; @@ -42,7 +42,7 @@ message Node { map Meta = 6; // mog: func-to=RaftIndexToStructs func-from=NewRaftIndexFromStructs - common.RaftIndex RaftIndex = 7 [(gogoproto.embed) = true, (gogoproto.nullable) = false]; + commongogo.RaftIndex RaftIndex = 7 [(gogoproto.embed) = true, (gogoproto.nullable) = false]; } // NodeService is a service provided by a node @@ -109,8 +109,8 @@ message NodeService { bool LocallyRegisteredAsSidecar = 13; // mog: func-to=EnterpriseMetaToStructs func-from=NewEnterpriseMetaFromStructs - common.EnterpriseMeta EnterpriseMeta = 16 [(gogoproto.nullable) = false]; + commongogo.EnterpriseMeta EnterpriseMeta = 16 [(gogoproto.nullable) = false]; // mog: func-to=RaftIndexToStructs func-from=NewRaftIndexFromStructs - common.RaftIndex RaftIndex = 14 [(gogoproto.embed) = true, (gogoproto.nullable) = false]; + commongogo.RaftIndex RaftIndex = 14 [(gogoproto.embed) = true, (gogoproto.nullable) = false]; } diff --git a/proto/pbservice/service.pb.go b/proto/pbservice/service.pb.go index 9bd4b381c..ca5761fdc 100644 --- a/proto/pbservice/service.pb.go +++ b/proto/pbservice/service.pb.go @@ -9,7 +9,7 @@ import ( types "github.com/gogo/protobuf/types" proto "github.com/golang/protobuf/proto" github_com_hashicorp_consul_agent_structs "github.com/hashicorp/consul/agent/structs" - pbcommon "github.com/hashicorp/consul/proto/pbcommon" + pbcommongogo "github.com/hashicorp/consul/proto/pbcommongogo" io "io" math "math" math_bits "math/bits" @@ -483,7 +483,7 @@ type ServiceDefinition struct { // mog: func-to=ConnectProxyConfigPtrToStructs func-from=NewConnectProxyConfigPtrFromStructs Proxy *ConnectProxyConfig `protobuf:"bytes,14,opt,name=Proxy,proto3" json:"Proxy,omitempty"` // mog: func-to=EnterpriseMetaToStructs func-from=NewEnterpriseMetaFromStructs - EnterpriseMeta pbcommon.EnterpriseMeta `protobuf:"bytes,17,opt,name=EnterpriseMeta,proto3" json:"EnterpriseMeta"` + EnterpriseMeta pbcommongogo.EnterpriseMeta `protobuf:"bytes,17,opt,name=EnterpriseMeta,proto3" json:"EnterpriseMeta"` // mog: func-to=ServiceConnectPtrToStructs func-from=NewServiceConnectPtrFromStructs Connect *ServiceConnect `protobuf:"bytes,15,opt,name=Connect,proto3" json:"Connect,omitempty"` } @@ -620,83 +620,83 @@ func init() { func init() { proto.RegisterFile("proto/pbservice/service.proto", fileDescriptor_cbb99233b75fb80b) } var fileDescriptor_cbb99233b75fb80b = []byte{ - // 1212 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x96, 0xcd, 0x6e, 0x1b, 0x37, - 0x10, 0xc7, 0xb5, 0xfa, 0xb0, 0x24, 0xda, 0xf5, 0x07, 0xad, 0xba, 0x5b, 0x37, 0x91, 0x1d, 0xa1, - 0x08, 0x8c, 0xd6, 0x90, 0x12, 0x1b, 0xa9, 0x9b, 0x00, 0x29, 0x50, 0x5b, 0x6e, 0x11, 0x24, 0x4e, - 0xd4, 0xb5, 0x8a, 0xa0, 0x05, 0x7a, 0xa0, 0x56, 0xf4, 0x6a, 0x61, 0x69, 0x29, 0x90, 0x94, 0x1b, - 0xbd, 0x45, 0x8f, 0xbd, 0xf6, 0xd0, 0x7b, 0x1f, 0xc3, 0x40, 0x2f, 0x39, 0xf6, 0x64, 0xb4, 0xf6, - 0x5b, 0xf8, 0x54, 0x70, 0xc8, 0x5d, 0xaf, 0x76, 0xb7, 0x46, 0x9a, 0x93, 0xc8, 0xf9, 0xcf, 0x0c, - 0xb9, 0x9c, 0x1f, 0x87, 0x42, 0x77, 0xc7, 0x9c, 0x49, 0xd6, 0x1a, 0xf7, 0x04, 0xe5, 0x67, 0xbe, - 0x4b, 0x5b, 0xe6, 0xb7, 0x09, 0x76, 0x5c, 0x8d, 0x84, 0xf5, 0x3b, 0x1e, 0x63, 0xde, 0x90, 0xb6, - 0x40, 0xe8, 0x4d, 0x4e, 0x5a, 0x42, 0xf2, 0x89, 0x2b, 0xb5, 0xe3, 0xfa, 0x27, 0x61, 0x1e, 0x97, - 0x8d, 0x46, 0x2c, 0x68, 0xe9, 0x1f, 0x23, 0xde, 0x4b, 0x2e, 0x32, 0xa0, 0x64, 0x28, 0x07, 0xee, - 0x80, 0xba, 0xa7, 0xc6, 0xa5, 0xe6, 0x31, 0x8f, 0x69, 0x37, 0x35, 0xd2, 0xd6, 0xc6, 0xef, 0x25, - 0x84, 0x0f, 0x58, 0x10, 0x50, 0x57, 0x76, 0x38, 0x7b, 0x33, 0x3d, 0x60, 0xc1, 0x89, 0xef, 0xe1, - 0x2f, 0xd0, 0x5a, 0x9b, 0x0a, 0xe9, 0x07, 0x44, 0xfa, 0x2c, 0x38, 0xd6, 0x49, 0x5f, 0x92, 0x11, - 0xb5, 0xad, 0x4d, 0x6b, 0xab, 0xea, 0xfc, 0x87, 0x8a, 0x77, 0x50, 0x2d, 0xad, 0x3c, 0x6b, 0xdb, - 0x79, 0x88, 0xca, 0xd4, 0xf0, 0x03, 0xb4, 0xfa, 0x82, 0xb9, 0x64, 0x68, 0x2c, 0x5f, 0xf7, 0xfb, - 0x9c, 0x0a, 0x61, 0x17, 0x20, 0x24, 0x4b, 0xc2, 0x9f, 0xa1, 0xe5, 0xb8, 0xb9, 0xc3, 0xb8, 0xb4, - 0x8b, 0x9b, 0xd6, 0x56, 0xc9, 0x49, 0xd9, 0xf1, 0x23, 0x34, 0xa7, 0xbf, 0xc9, 0x2e, 0x6d, 0x5a, - 0x5b, 0xf3, 0x3b, 0x1f, 0x35, 0xf5, 0x29, 0x37, 0xc3, 0x53, 0x6e, 0x1e, 0xc3, 0x29, 0xef, 0x17, - 0xcf, 0x2f, 0x36, 0x2c, 0xc7, 0x38, 0xe3, 0x3d, 0x54, 0xfd, 0x7e, 0x2c, 0x24, 0xa7, 0x64, 0x24, - 0xec, 0xb9, 0xcd, 0xc2, 0xd6, 0xfc, 0xce, 0x6a, 0x33, 0x3a, 0xde, 0x66, 0xa8, 0x41, 0x54, 0xce, - 0xb9, 0xf1, 0xc5, 0x6d, 0x34, 0x7f, 0x44, 0xc5, 0xe0, 0x5b, 0x22, 0xe9, 0xcf, 0x64, 0x6a, 0x97, - 0x61, 0xd1, 0x3b, 0xb1, 0xd0, 0x98, 0xaa, 0xd7, 0x32, 0x39, 0xe2, 0x61, 0x6a, 0xd7, 0x87, 0x6f, - 0xc6, 0x4c, 0x50, 0xbb, 0x62, 0x76, 0x7d, 0x93, 0x40, 0x0b, 0x33, 0xb1, 0xc6, 0x19, 0x3f, 0x47, - 0xc5, 0x23, 0xd6, 0xa7, 0x76, 0x55, 0x9d, 0xdd, 0xfe, 0xde, 0xf5, 0xc5, 0xc6, 0xae, 0xe7, 0xcb, - 0xc1, 0xa4, 0xd7, 0x74, 0xd9, 0xa8, 0x35, 0x20, 0x62, 0xe0, 0xbb, 0x8c, 0x8f, 0x5b, 0x2e, 0x0b, - 0xc4, 0x64, 0xd8, 0x22, 0x1e, 0x0d, 0xa4, 0xa1, 0x4c, 0x34, 0xa1, 0xfe, 0x2a, 0xdc, 0x81, 0x24, - 0xf8, 0x18, 0x2d, 0x77, 0x39, 0x09, 0xc4, 0x98, 0x70, 0x1a, 0x68, 0x3a, 0x6c, 0x04, 0xbb, 0xb9, - 0x17, 0xdb, 0x4d, 0xd2, 0x65, 0x66, 0x5f, 0xa9, 0x04, 0x0a, 0xac, 0x78, 0x89, 0x8e, 0x99, 0x7b, - 0x4a, 0x65, 0x87, 0xc8, 0x81, 0x3d, 0xaf, 0xc1, 0xca, 0x56, 0x1b, 0x7f, 0x16, 0x51, 0x25, 0x3c, - 0x64, 0xbc, 0x85, 0x96, 0x62, 0x24, 0x75, 0xa7, 0xe3, 0x10, 0xcb, 0xa4, 0x39, 0xc1, 0xa3, 0x42, - 0x54, 0x8c, 0x89, 0x4b, 0x33, 0x78, 0x8c, 0xb4, 0x44, 0x76, 0x80, 0xbe, 0x90, 0xca, 0x0e, 0xb4, - 0xd7, 0x11, 0x6a, 0x13, 0x49, 0x5c, 0x1a, 0x48, 0xca, 0x81, 0xc0, 0xaa, 0x13, 0xb3, 0x44, 0x9c, - 0xee, 0xfb, 0x41, 0x3f, 0xc4, 0xba, 0x04, 0x5e, 0x29, 0x3b, 0xfe, 0x14, 0x7d, 0x10, 0xd9, 0x00, - 0xe8, 0x39, 0x00, 0x7a, 0xd6, 0x18, 0xa3, 0xb9, 0xfc, 0x7f, 0x68, 0x4e, 0x40, 0x59, 0x79, 0x3f, - 0x28, 0x1f, 0xa0, 0xd5, 0x03, 0x1a, 0x48, 0x4e, 0x86, 0x43, 0xe3, 0x35, 0xe1, 0xb4, 0x0f, 0xb0, - 0x55, 0x9c, 0x2c, 0x29, 0xba, 0xda, 0x6a, 0xff, 0xb1, 0x52, 0xa3, 0xd8, 0xd5, 0x9e, 0x95, 0x32, - 0x22, 0x00, 0xe8, 0xf9, 0xcc, 0x08, 0xc0, 0x74, 0xb6, 0xc4, 0x1d, 0xc2, 0xa5, 0xaf, 0x06, 0xf6, - 0x42, 0xaa, 0xc4, 0x91, 0xd6, 0x08, 0xd0, 0xa2, 0x41, 0xcc, 0xf4, 0x3e, 0xbc, 0x86, 0xe6, 0x5e, - 0x12, 0xe9, 0x9f, 0x69, 0x92, 0x2a, 0x8e, 0x99, 0xe1, 0x36, 0x5a, 0x3c, 0xf6, 0xfb, 0xd4, 0x25, - 0xdc, 0x04, 0x00, 0x0b, 0xb3, 0x87, 0x67, 0x94, 0x36, 0x3d, 0xf1, 0x03, 0xc8, 0xef, 0x24, 0x62, - 0x1a, 0x3f, 0xa0, 0x85, 0xf8, 0xad, 0x55, 0xab, 0x1d, 0xa8, 0xd6, 0x2c, 0xc2, 0xd5, 0xf4, 0x0c, - 0x3f, 0x44, 0x25, 0x75, 0x0a, 0xc2, 0xce, 0x43, 0xc7, 0xf9, 0x30, 0x75, 0xeb, 0x95, 0x6a, 0x4a, - 0xa3, 0x3d, 0x1b, 0x7f, 0x58, 0x08, 0xdd, 0x68, 0xb8, 0x81, 0x16, 0x5e, 0xf8, 0x42, 0xd2, 0x80, - 0x72, 0xa0, 0xc8, 0x02, 0x8a, 0x66, 0x6c, 0x18, 0xa3, 0x22, 0x94, 0x41, 0x5f, 0x02, 0x18, 0x47, - 0xf8, 0xa9, 0x09, 0x04, 0x16, 0x62, 0xf8, 0x85, 0x46, 0xbc, 0x8e, 0x2a, 0x1d, 0x05, 0x9a, 0xcb, - 0x86, 0x06, 0xf7, 0x68, 0xae, 0xae, 0x4d, 0x87, 0x70, 0x41, 0xfb, 0xdf, 0x70, 0x36, 0x82, 0xef, - 0x01, 0xd6, 0x2b, 0x4e, 0xd2, 0xdc, 0x38, 0x41, 0x2b, 0x29, 0xde, 0xf0, 0x77, 0xa6, 0x75, 0xc1, - 0x45, 0xde, 0x7f, 0x7a, 0x7d, 0xb1, 0xf1, 0xf8, 0xdd, 0x5b, 0x57, 0x2c, 0xdd, 0x4d, 0x03, 0x6b, - 0x48, 0xb4, 0x96, 0xdd, 0x9d, 0x14, 0x33, 0xaf, 0x26, 0xb2, 0xc7, 0x26, 0x41, 0x3f, 0xe3, 0xb4, - 0x32, 0x35, 0x7c, 0x1f, 0x2d, 0xb6, 0x7d, 0x32, 0xa4, 0xfd, 0xb6, 0xcf, 0xa9, 0x2b, 0x87, 0x53, - 0x38, 0xbf, 0x8a, 0x93, 0xb0, 0x36, 0x7e, 0x2b, 0xa3, 0x95, 0x14, 0x11, 0xf8, 0x08, 0x15, 0x9f, - 0xfb, 0x41, 0xdf, 0x7c, 0xde, 0xe3, 0xeb, 0x8b, 0x8d, 0x47, 0xef, 0xfe, 0x79, 0x26, 0x9d, 0x4a, - 0xe0, 0x40, 0x1a, 0xbc, 0x88, 0xf2, 0xd1, 0xab, 0x9a, 0x7f, 0xd6, 0x56, 0x25, 0x8d, 0x35, 0x2a, - 0x18, 0x2b, 0x5b, 0x97, 0x78, 0xc2, 0x2e, 0x6e, 0x16, 0x94, 0x4d, 0x8d, 0xb1, 0x8d, 0xca, 0xb3, - 0x8d, 0x28, 0x9c, 0x62, 0x82, 0x96, 0xba, 0xc4, 0xf3, 0x68, 0xd8, 0x90, 0xa8, 0xb0, 0x97, 0x01, - 0xc2, 0x87, 0xb7, 0x91, 0xde, 0x4c, 0xc4, 0x1c, 0x06, 0x92, 0x4f, 0x0d, 0xa0, 0xc9, 0x7c, 0xf8, - 0x09, 0x2a, 0x1e, 0x51, 0x49, 0xcc, 0x73, 0x7a, 0xff, 0xd6, 0xbc, 0xca, 0x11, 0x92, 0x39, 0x10, - 0x03, 0xcc, 0xaa, 0x0a, 0x95, 0xa1, 0x42, 0x30, 0x56, 0xed, 0x37, 0xd6, 0x54, 0xb0, 0x6e, 0xbf, - 0x33, 0xbd, 0xa4, 0xa4, 0x39, 0xd4, 0xfd, 0xae, 0x16, 0x5b, 0x10, 0xec, 0xea, 0x85, 0x08, 0x2f, - 0x13, 0x18, 0xf0, 0x76, 0x74, 0x2f, 0xab, 0xb0, 0xc7, 0xcc, 0x90, 0xe8, 0xb6, 0x6e, 0xa3, 0xf2, - 0x6b, 0xea, 0x7b, 0x03, 0x29, 0xcc, 0xbb, 0x88, 0x63, 0xee, 0x46, 0x71, 0x42, 0x17, 0x5c, 0x43, - 0xa5, 0x2e, 0x3b, 0xa5, 0x81, 0xe9, 0x65, 0x7a, 0x82, 0xb7, 0xd1, 0xca, 0x61, 0x40, 0x7a, 0x43, - 0xda, 0x25, 0xde, 0xab, 0x33, 0xca, 0xb9, 0xdf, 0xa7, 0xd0, 0xba, 0x2a, 0x4e, 0x5a, 0xc0, 0xbb, - 0xa8, 0xa4, 0xdf, 0xe1, 0x45, 0x58, 0xef, 0x6e, 0x7c, 0x7b, 0xa9, 0x3f, 0x71, 0x8e, 0xf6, 0x55, - 0x2d, 0xec, 0x50, 0x3d, 0x47, 0x63, 0xee, 0x0b, 0x0a, 0x05, 0x58, 0x81, 0xe8, 0xb5, 0xa6, 0xf9, - 0x0b, 0x39, 0xab, 0x9a, 0x13, 0x49, 0xc4, 0xe0, 0x5d, 0x54, 0x36, 0x4b, 0xd8, 0x4b, 0x10, 0xfe, - 0x71, 0xba, 0x7e, 0xc6, 0xc1, 0x09, 0x3d, 0xd7, 0x7f, 0x42, 0xb5, 0x2c, 0x40, 0xf0, 0x32, 0x2a, - 0x9c, 0xd2, 0xa9, 0x79, 0xb4, 0xd5, 0x10, 0xb7, 0x50, 0xe9, 0x8c, 0x0c, 0x27, 0xfa, 0x65, 0xce, - 0x4c, 0x6e, 0x52, 0x38, 0xda, 0xef, 0x49, 0xfe, 0x4b, 0x6b, 0x7d, 0x0f, 0x55, 0x23, 0x4e, 0x32, - 0x72, 0xd6, 0xe2, 0x39, 0xab, 0xb1, 0xc0, 0xc6, 0x57, 0x51, 0xff, 0x0f, 0xf1, 0x8f, 0x5d, 0x0c, - 0x6b, 0xf6, 0x62, 0x84, 0xe4, 0xe5, 0x6f, 0xc8, 0x6b, 0x3c, 0x8d, 0x2a, 0xaf, 0x02, 0x3b, 0x44, - 0x08, 0x3f, 0xf0, 0x4c, 0xf7, 0x08, 0xa7, 0x4a, 0x79, 0x4d, 0x78, 0xa0, 0x14, 0x1d, 0x1b, 0x4e, - 0xf7, 0x8f, 0xce, 0xff, 0xa9, 0xe7, 0xce, 0x2f, 0xeb, 0xd6, 0xdb, 0xcb, 0xba, 0xf5, 0xf7, 0x65, - 0xdd, 0xfa, 0xe5, 0xaa, 0x9e, 0xfb, 0xf5, 0xaa, 0x9e, 0x7b, 0x7b, 0x55, 0xcf, 0xfd, 0x75, 0x55, - 0xcf, 0xfd, 0xf8, 0xf9, 0x6d, 0xcd, 0x21, 0xf1, 0x5f, 0xbf, 0x37, 0x07, 0x86, 0xdd, 0x7f, 0x03, - 0x00, 0x00, 0xff, 0xff, 0x93, 0xfb, 0xcc, 0xfb, 0x6a, 0x0c, 0x00, 0x00, + // 1216 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x96, 0xdf, 0x6e, 0x13, 0x47, + 0x17, 0xc0, 0xb3, 0x89, 0x1d, 0xdb, 0x27, 0x7c, 0x21, 0x19, 0xf2, 0xd1, 0xad, 0x05, 0x4e, 0xb0, + 0x2a, 0x14, 0xb5, 0xc8, 0x06, 0x22, 0x4a, 0x41, 0xa2, 0x52, 0x13, 0xa7, 0x2d, 0x82, 0x80, 0xbb, + 0x71, 0x85, 0x5a, 0xa9, 0x17, 0xe3, 0xf5, 0x64, 0xbd, 0x8a, 0xbd, 0x63, 0xcd, 0x8c, 0x53, 0xfc, + 0x16, 0xbd, 0xec, 0x0b, 0x70, 0xdf, 0xc7, 0x40, 0xea, 0x0d, 0x97, 0xbd, 0x8a, 0x5a, 0xf2, 0x16, + 0x5c, 0x55, 0x73, 0x66, 0x76, 0xbd, 0xde, 0xdd, 0x22, 0xda, 0x2b, 0xcf, 0x9c, 0x7f, 0x33, 0x7b, + 0xce, 0xef, 0x9c, 0x31, 0x5c, 0x9f, 0x08, 0xae, 0x78, 0x7b, 0xd2, 0x97, 0x4c, 0x9c, 0x85, 0x3e, + 0x6b, 0xdb, 0xdf, 0x16, 0xca, 0x49, 0x2d, 0x51, 0xd4, 0xaf, 0x05, 0x9c, 0x07, 0x23, 0xd6, 0x46, + 0x45, 0x7f, 0x7a, 0xd2, 0x96, 0x4a, 0x4c, 0x7d, 0x65, 0x0c, 0xeb, 0xdb, 0x71, 0x1c, 0x9f, 0x8f, + 0xc7, 0x3c, 0x0a, 0x78, 0xc0, 0xdb, 0x66, 0x69, 0x0d, 0x6e, 0x64, 0x0f, 0x1a, 0x32, 0x3a, 0x52, + 0x43, 0x7f, 0xc8, 0xfc, 0x53, 0x6b, 0xb2, 0xa5, 0xbd, 0x8c, 0x99, 0x5e, 0x19, 0x69, 0xf3, 0x55, + 0x19, 0xc8, 0x01, 0x8f, 0x22, 0xe6, 0xab, 0xae, 0xe0, 0x2f, 0x67, 0x07, 0x3c, 0x3a, 0x09, 0x03, + 0xf2, 0x39, 0x5c, 0xed, 0x30, 0xa9, 0xc2, 0x88, 0xaa, 0x90, 0x47, 0xc7, 0x26, 0xe8, 0x33, 0x3a, + 0x66, 0xae, 0xb3, 0xe3, 0xec, 0xd6, 0xbc, 0x7f, 0xd0, 0x92, 0xbb, 0xb0, 0x95, 0xd7, 0x3c, 0xee, + 0xb8, 0xcb, 0xe8, 0x55, 0xa8, 0x23, 0xb7, 0xe1, 0xca, 0x53, 0xee, 0xd3, 0x91, 0x95, 0x7c, 0x35, + 0x18, 0x08, 0x26, 0xa5, 0xbb, 0x82, 0x2e, 0x45, 0x2a, 0xf2, 0x29, 0x6c, 0xa4, 0xc5, 0x5d, 0x2e, + 0x94, 0x5b, 0xda, 0x71, 0x76, 0xcb, 0x5e, 0x4e, 0x4e, 0xee, 0xc1, 0xaa, 0xf9, 0x26, 0xb7, 0xbc, + 0xe3, 0xec, 0xae, 0xdd, 0xfd, 0xa8, 0x65, 0x32, 0xdd, 0x8a, 0x33, 0xdd, 0x3a, 0xc6, 0x4c, 0xef, + 0x97, 0x5e, 0x9f, 0x6f, 0x3b, 0x9e, 0x35, 0x26, 0xf7, 0xa1, 0xf6, 0xfd, 0x44, 0x2a, 0xc1, 0xe8, + 0x58, 0xba, 0xab, 0x3b, 0x2b, 0xbb, 0x6b, 0x77, 0xaf, 0xb4, 0x92, 0xf4, 0xb6, 0x62, 0x1d, 0x7a, + 0x2d, 0x79, 0x73, 0x5b, 0xd2, 0x81, 0xb5, 0x23, 0x26, 0x87, 0xdf, 0x50, 0xc5, 0x7e, 0xa6, 0x33, + 0xb7, 0x82, 0x87, 0x5e, 0x4b, 0xb9, 0xa6, 0xb4, 0xe6, 0x2c, 0x1b, 0x23, 0xed, 0xa6, 0x6f, 0x7d, + 0xf8, 0x72, 0xc2, 0x25, 0x73, 0xab, 0xf6, 0xd6, 0xf3, 0x00, 0x46, 0xb1, 0xe0, 0x6b, 0x8d, 0xc9, + 0x13, 0x28, 0x1d, 0xf1, 0x01, 0x73, 0x6b, 0x3a, 0x77, 0xfb, 0xf7, 0xdf, 0x9d, 0x6f, 0xef, 0x05, + 0xa1, 0x1a, 0x4e, 0xfb, 0x2d, 0x9f, 0x8f, 0xdb, 0x43, 0x2a, 0x87, 0xa1, 0xcf, 0xc5, 0xa4, 0xed, + 0xf3, 0x48, 0x4e, 0x47, 0x6d, 0x1a, 0xb0, 0x48, 0x59, 0xd2, 0x64, 0x0b, 0xeb, 0xaf, 0xdd, 0x3d, + 0x0c, 0x42, 0x8e, 0x61, 0xa3, 0x27, 0x68, 0x24, 0x27, 0x54, 0xb0, 0xc8, 0xd0, 0xe1, 0x02, 0xde, + 0xe6, 0x46, 0xea, 0x36, 0x59, 0x93, 0x85, 0x7b, 0xe5, 0x02, 0x68, 0xb0, 0xd2, 0x25, 0x3a, 0xe6, + 0xfe, 0x29, 0x53, 0x5d, 0xaa, 0x86, 0xee, 0x9a, 0x01, 0xab, 0x58, 0xdb, 0xfc, 0xbd, 0x04, 0xd5, + 0x38, 0xc9, 0x64, 0x17, 0x2e, 0xa7, 0x48, 0xea, 0xcd, 0x26, 0x31, 0x96, 0x59, 0x71, 0x86, 0x47, + 0x8d, 0xa8, 0x9c, 0x50, 0x9f, 0x15, 0xf0, 0x98, 0xe8, 0x32, 0xd1, 0x11, 0xfa, 0x95, 0x5c, 0x74, + 0xa4, 0xbd, 0x01, 0xd0, 0xa1, 0x8a, 0xfa, 0x2c, 0x52, 0x4c, 0x20, 0x81, 0x35, 0x2f, 0x25, 0x49, + 0x38, 0xdd, 0x0f, 0xa3, 0x41, 0x8c, 0x75, 0x19, 0xad, 0x72, 0x72, 0xf2, 0x09, 0xfc, 0x2f, 0x91, + 0x21, 0xd0, 0xab, 0x08, 0xf4, 0xa2, 0x30, 0x45, 0x73, 0xe5, 0xdf, 0xd0, 0x9c, 0x81, 0xb2, 0xfa, + 0xdf, 0xa0, 0xbc, 0x0d, 0x57, 0x0e, 0x58, 0xa4, 0x04, 0x1d, 0x8d, 0xac, 0xd5, 0x54, 0xb0, 0x01, + 0xc2, 0x56, 0xf5, 0x8a, 0x54, 0x49, 0x6b, 0xeb, 0xfb, 0xa7, 0x4a, 0x0d, 0xa9, 0xd6, 0x5e, 0x54, + 0x15, 0x78, 0x20, 0xd0, 0x6b, 0x85, 0x1e, 0x88, 0xe9, 0x62, 0x89, 0xbb, 0x54, 0xa8, 0x50, 0x2f, + 0xdc, 0x4b, 0xb9, 0x12, 0x27, 0xba, 0x66, 0x04, 0xeb, 0x16, 0x31, 0x3b, 0xfb, 0xc8, 0x55, 0x58, + 0x7d, 0x46, 0x55, 0x78, 0x66, 0x48, 0xaa, 0x7a, 0x76, 0x47, 0x3a, 0xb0, 0x7e, 0x1c, 0x0e, 0x98, + 0x4f, 0x85, 0x75, 0x40, 0x16, 0x16, 0x93, 0x67, 0x35, 0x1d, 0x76, 0x12, 0x46, 0x18, 0xdf, 0xcb, + 0xf8, 0x34, 0x7f, 0x80, 0x4b, 0xe9, 0xae, 0xd5, 0xa7, 0x1d, 0xe8, 0xd1, 0x2c, 0xe3, 0xd3, 0xcc, + 0x8e, 0xdc, 0x81, 0xb2, 0xce, 0x82, 0x74, 0x97, 0x71, 0xe2, 0xfc, 0x3f, 0xd7, 0xf5, 0x5a, 0x6b, + 0x4b, 0x63, 0x2c, 0x9b, 0xbf, 0x39, 0x00, 0x73, 0x1d, 0x69, 0xc2, 0xa5, 0xa7, 0xa1, 0x54, 0x2c, + 0x62, 0x02, 0x29, 0x72, 0x90, 0xa2, 0x05, 0x19, 0x21, 0x50, 0xc2, 0x32, 0x98, 0x26, 0xc0, 0x75, + 0x82, 0x9f, 0xde, 0xa0, 0xe3, 0x4a, 0x0a, 0xbf, 0x58, 0x48, 0xea, 0x50, 0xed, 0x6a, 0xd0, 0x7c, + 0x3e, 0xb2, 0xb8, 0x27, 0x7b, 0xdd, 0x36, 0x5d, 0x2a, 0x24, 0x1b, 0x7c, 0x2d, 0xf8, 0x18, 0xbf, + 0x07, 0x59, 0xaf, 0x7a, 0x59, 0x71, 0xf3, 0x04, 0x36, 0x73, 0xbc, 0x91, 0xef, 0xec, 0xe8, 0xc2, + 0x46, 0xde, 0x7f, 0xf4, 0xee, 0x7c, 0xfb, 0xc1, 0x87, 0x8f, 0xae, 0x54, 0xb8, 0xf9, 0x00, 0x6b, + 0x2a, 0xb8, 0x5a, 0x3c, 0x9d, 0x34, 0x33, 0xcf, 0xa7, 0xaa, 0xcf, 0xa7, 0xd1, 0xa0, 0x20, 0x5b, + 0x85, 0x3a, 0x72, 0x13, 0xd6, 0x3b, 0x21, 0x1d, 0xb1, 0x41, 0x27, 0x14, 0xcc, 0x57, 0xa3, 0x19, + 0xe6, 0xaf, 0xea, 0x65, 0xa4, 0xcd, 0x57, 0x15, 0xd8, 0xcc, 0x11, 0x41, 0x8e, 0xa0, 0xf4, 0x24, + 0x8c, 0x06, 0xf6, 0xf3, 0x1e, 0xbc, 0x3b, 0xdf, 0xbe, 0xf7, 0xe1, 0x9f, 0x67, 0xc3, 0xe9, 0x00, + 0x1e, 0x86, 0x21, 0xeb, 0xb0, 0x9c, 0xbc, 0xaa, 0xcb, 0x8f, 0x3b, 0xba, 0xa4, 0xa9, 0x41, 0x85, + 0x6b, 0x2d, 0xeb, 0xd1, 0x40, 0xba, 0xa5, 0x9d, 0x15, 0x2d, 0xd3, 0x6b, 0xe2, 0x42, 0x65, 0x71, + 0x10, 0xc5, 0x5b, 0x42, 0xe1, 0x72, 0x8f, 0x06, 0x01, 0x8b, 0x07, 0x12, 0x93, 0xee, 0x06, 0x42, + 0x78, 0xe7, 0x7d, 0xa4, 0xb7, 0x32, 0x3e, 0x87, 0x91, 0x12, 0x33, 0x0b, 0x68, 0x36, 0x1e, 0x79, + 0x08, 0xa5, 0x23, 0xa6, 0xa8, 0x7d, 0x4e, 0x6f, 0xbe, 0x37, 0xae, 0x36, 0xc4, 0x60, 0x1e, 0xfa, + 0x20, 0xb3, 0xba, 0x42, 0x15, 0xac, 0x10, 0xae, 0xf5, 0xf8, 0x4d, 0x0d, 0x15, 0x62, 0xc6, 0xef, + 0xc2, 0x2c, 0x29, 0x1b, 0x0e, 0xcd, 0xbc, 0xdb, 0x4a, 0x1d, 0x88, 0x72, 0xfd, 0x42, 0xc4, 0xcd, + 0x84, 0x02, 0x72, 0x2b, 0xe9, 0xcb, 0x1a, 0xde, 0xb1, 0xd0, 0x25, 0xe9, 0xd6, 0x5b, 0x50, 0x79, + 0xc1, 0xc2, 0x60, 0xa8, 0xa4, 0x7d, 0x17, 0x49, 0xca, 0xdc, 0x6a, 0xbc, 0xd8, 0x84, 0x6c, 0x41, + 0xb9, 0xc7, 0x4f, 0x59, 0x64, 0x67, 0x99, 0xd9, 0x90, 0x5b, 0xb0, 0x79, 0x18, 0xd1, 0xfe, 0x88, + 0xf5, 0x68, 0xf0, 0xfc, 0x8c, 0x09, 0x11, 0x0e, 0x18, 0x8e, 0xae, 0xaa, 0x97, 0x57, 0x90, 0x3d, + 0x28, 0x9b, 0x77, 0x78, 0x1d, 0xcf, 0xbb, 0x9e, 0xbe, 0x5e, 0xee, 0x4f, 0x9c, 0x67, 0x6c, 0xc9, + 0xb7, 0xb0, 0x7e, 0xa8, 0x9f, 0xa3, 0x89, 0x08, 0x25, 0xc3, 0x02, 0x6c, 0xa2, 0x77, 0xbd, 0x35, + 0xff, 0x37, 0xd9, 0x5a, 0xb4, 0xb0, 0x59, 0xc9, 0xf8, 0x91, 0x3d, 0xa8, 0xd8, 0x63, 0xdc, 0xcb, + 0x18, 0xe2, 0xe3, 0x7c, 0x0d, 0xad, 0x81, 0x17, 0x5b, 0xd6, 0x7f, 0x82, 0xad, 0x22, 0x48, 0xc8, + 0x06, 0xac, 0x9c, 0xb2, 0x99, 0x7d, 0xb8, 0xf5, 0x92, 0xb4, 0xa1, 0x7c, 0x46, 0x47, 0x53, 0xf3, + 0x3a, 0x17, 0x06, 0xb7, 0x21, 0x3c, 0x63, 0xf7, 0x70, 0xf9, 0x0b, 0xa7, 0x7e, 0x1f, 0x6a, 0x09, + 0x2b, 0x05, 0x31, 0xb7, 0xd2, 0x31, 0x6b, 0x29, 0xc7, 0xe6, 0x97, 0xc9, 0x1b, 0x10, 0xb7, 0x40, + 0xaa, 0x39, 0x9c, 0xc5, 0xe6, 0x88, 0xe9, 0x5b, 0x9e, 0xd3, 0xd7, 0x7c, 0x94, 0x54, 0x5f, 0x3b, + 0x76, 0xa9, 0x94, 0x61, 0x14, 0xd8, 0x09, 0x12, 0x6f, 0xb5, 0xe6, 0x05, 0x15, 0x91, 0xd6, 0x18, + 0xdf, 0x78, 0xbb, 0x7f, 0xf4, 0xfa, 0xaf, 0xc6, 0xd2, 0xeb, 0xb7, 0x0d, 0xe7, 0xcd, 0xdb, 0x86, + 0xf3, 0xe7, 0xdb, 0x86, 0xf3, 0xcb, 0x45, 0x63, 0xe9, 0xd7, 0x8b, 0xc6, 0xd2, 0x9b, 0x8b, 0xc6, + 0xd2, 0x1f, 0x17, 0x8d, 0xa5, 0x1f, 0x3f, 0x7b, 0xdf, 0x80, 0xc8, 0xfc, 0xdf, 0xef, 0xaf, 0xa2, + 0x60, 0xef, 0xef, 0x00, 0x00, 0x00, 0xff, 0xff, 0x6d, 0x83, 0xcc, 0x12, 0x72, 0x0c, 0x00, 0x00, } func (m *ConnectProxyConfig) Marshal() (dAtA []byte, err error) { diff --git a/proto/pbservice/service.proto b/proto/pbservice/service.proto index 5faf9fe92..360e3e3ff 100644 --- a/proto/pbservice/service.proto +++ b/proto/pbservice/service.proto @@ -5,7 +5,7 @@ package pbservice; option go_package = "github.com/hashicorp/consul/proto/pbservice"; import "google/protobuf/struct.proto"; -import "proto/pbcommon/common.proto"; +import "proto/pbcommongogo/common.proto"; import "proto/pbservice/healthcheck.proto"; // This fake import path is replaced by the build script with a versioned path @@ -269,7 +269,7 @@ message ServiceDefinition { ConnectProxyConfig Proxy = 14; // mog: func-to=EnterpriseMetaToStructs func-from=NewEnterpriseMetaFromStructs - common.EnterpriseMeta EnterpriseMeta = 17 [(gogoproto.nullable) = false]; + commongogo.EnterpriseMeta EnterpriseMeta = 17 [(gogoproto.nullable) = false]; // mog: func-to=ServiceConnectPtrToStructs func-from=NewServiceConnectPtrFromStructs ServiceConnect Connect = 15; From 1bf4571c8eedbc4524f1cac410ee7e9e0a5dfc81 Mon Sep 17 00:00:00 2001 From: Karl Cardenas Date: Tue, 22 Mar 2022 15:40:53 -0700 Subject: [PATCH 003/785] docs: add link to k8s cli install page --- website/content/docs/k8s/k8s-cli.mdx | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/website/content/docs/k8s/k8s-cli.mdx b/website/content/docs/k8s/k8s-cli.mdx index a5ae845db..186fde137 100644 --- a/website/content/docs/k8s/k8s-cli.mdx +++ b/website/content/docs/k8s/k8s-cli.mdx @@ -9,7 +9,9 @@ description: >- Consul K8s CLI is a tool for quickly installing and interacting with Consul on Kubernetes. The Consul K8s CLI allows you to manage the lifecycle of Consul without requiring the usage of `Helm`, [Consul CLI](/commands/index), and `kubectl`. -The Consul K8s CLI offers a Kubernetes native experience for managing Consul. +The Consul K8s CLI offers a Kubernetes native experience for managing Consul. + +-> **Note**: For guidance on how to install the Consul K8s CLI, visit the [Installing the Consul K8s CLI](/docs/k8s/installation/install-cli) documentation page. This topic describes the subcommands and available options for using Consul K8s CLI. From 626fe75167aa8e21a17a8c5903856e714f7345ee Mon Sep 17 00:00:00 2001 From: Karl Cardenas Date: Tue, 22 Mar 2022 15:51:04 -0700 Subject: [PATCH 004/785] docs: removed the word page --- website/content/docs/k8s/k8s-cli.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/content/docs/k8s/k8s-cli.mdx b/website/content/docs/k8s/k8s-cli.mdx index 186fde137..f3757748b 100644 --- a/website/content/docs/k8s/k8s-cli.mdx +++ b/website/content/docs/k8s/k8s-cli.mdx @@ -11,7 +11,7 @@ Consul K8s CLI is a tool for quickly installing and interacting with Consul on K The Consul K8s CLI allows you to manage the lifecycle of Consul without requiring the usage of `Helm`, [Consul CLI](/commands/index), and `kubectl`. The Consul K8s CLI offers a Kubernetes native experience for managing Consul. --> **Note**: For guidance on how to install the Consul K8s CLI, visit the [Installing the Consul K8s CLI](/docs/k8s/installation/install-cli) documentation page. +-> **Note**: For guidance on how to install the Consul K8s CLI, visit the [Installing the Consul K8s CLI](/docs/k8s/installation/install-cli) documentation. This topic describes the subcommands and available options for using Consul K8s CLI. From 04f1d9bcc9dc69d42e8e3a6fc7d000fa856aecf1 Mon Sep 17 00:00:00 2001 From: Kyle Havlovitz Date: Tue, 22 Mar 2022 16:58:41 -0700 Subject: [PATCH 005/785] oss: Add overview UI internal endpoint --- agent/consul/internal_endpoint.go | 22 +++ agent/consul/internal_endpoint_test.go | 91 +++++++++++++ agent/consul/server.go | 7 + agent/consul/server_overview.go | 182 +++++++++++++++++++++++++ agent/consul/server_overview_test.go | 166 ++++++++++++++++++++++ agent/consul/state/catalog.go | 36 +++++ agent/http_register.go | 1 + agent/structs/catalog.go | 36 +++++ agent/structs/structs_oss.go | 4 + agent/ui_endpoint.go | 18 +++ 10 files changed, 563 insertions(+) create mode 100644 agent/consul/server_overview.go create mode 100644 agent/consul/server_overview_test.go diff --git a/agent/consul/internal_endpoint.go b/agent/consul/internal_endpoint.go index 62fb667b1..9c2f2c75d 100644 --- a/agent/consul/internal_endpoint.go +++ b/agent/consul/internal_endpoint.go @@ -147,6 +147,28 @@ func (m *Internal) ServiceDump(args *structs.ServiceDumpRequest, reply *structs. }) } +func (m *Internal) CatalogOverview(args *structs.DCSpecificRequest, reply *structs.CatalogSummary) error { + if done, err := m.srv.ForwardRPC("Internal.CatalogOverview", args, reply); done { + return err + } + + authz, err := m.srv.ResolveTokenAndDefaultMeta(args.Token, &args.EnterpriseMeta, nil) + if err != nil { + return err + } + + if authz.OperatorRead(nil) != acl.Allow { + return acl.PermissionDeniedByACLUnnamed(authz, nil, acl.ResourceOperator, acl.AccessRead) + } + + summary := m.srv.overviewManager.GetCurrentSummary() + if summary != nil { + *reply = *summary + } + + return nil +} + func (m *Internal) ServiceTopology(args *structs.ServiceSpecificRequest, reply *structs.IndexedServiceTopology) error { if done, err := m.srv.ForwardRPC("Internal.ServiceTopology", args, reply); done { return err diff --git a/agent/consul/internal_endpoint_test.go b/agent/consul/internal_endpoint_test.go index 601eb7cc4..25c9c75f4 100644 --- a/agent/consul/internal_endpoint_test.go +++ b/agent/consul/internal_endpoint_test.go @@ -6,6 +6,7 @@ import ( "os" "strings" "testing" + "time" msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" "github.com/stretchr/testify/assert" @@ -2477,3 +2478,93 @@ service_prefix "mongo" { policy = "read" } }) }) } + +func TestInternal_CatalogOverview(t *testing.T) { + if testing.Short() { + t.Skip("too slow for testing.Short") + } + + t.Parallel() + dir1, s1 := testServerWithConfig(t, func(c *Config) { + c.MetricsReportingInterval = 100 * time.Millisecond + }) + defer os.RemoveAll(dir1) + defer s1.Shutdown() + codec := rpcClient(t, s1) + defer codec.Close() + + testrpc.WaitForLeader(t, s1.RPC, "dc1") + + arg := structs.DCSpecificRequest{ + Datacenter: "dc1", + } + retry.Run(t, func(r *retry.R) { + var out structs.CatalogSummary + if err := msgpackrpc.CallWithCodec(codec, "Internal.CatalogOverview", &arg, &out); err != nil { + r.Fatalf("err: %v", err) + } + + expected := structs.CatalogSummary{ + Nodes: []structs.HealthSummary{ + { + Total: 1, + Passing: 1, + EnterpriseMeta: *structs.NodeEnterpriseMetaInDefaultPartition(), + }, + }, + Services: []structs.HealthSummary{ + { + Name: "consul", + Total: 1, + Passing: 1, + EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(), + }, + }, + Checks: []structs.HealthSummary{ + { + Name: "Serf Health Status", + Total: 1, + Passing: 1, + EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(), + }, + }, + } + require.Equal(r, expected, out) + }) +} + +func TestInternal_CatalogOverview_ACLDeny(t *testing.T) { + if testing.Short() { + t.Skip("too slow for testing.Short") + } + + t.Parallel() + + dir1, s1 := testServerWithConfig(t, func(c *Config) { + c.PrimaryDatacenter = "dc1" + c.ACLsEnabled = true + c.ACLInitialManagementToken = TestDefaultInitialManagementToken + c.ACLResolverSettings.ACLDefaultPolicy = "deny" + }) + defer os.RemoveAll(dir1) + defer s1.Shutdown() + + codec := rpcClient(t, s1) + defer codec.Close() + + testrpc.WaitForLeader(t, s1.RPC, "dc1") + + arg := structs.DCSpecificRequest{ + Datacenter: "dc1", + } + var out structs.CatalogSummary + err := msgpackrpc.CallWithCodec(codec, "Internal.CatalogOverview", &arg, &out) + require.True(t, acl.IsErrPermissionDenied(err)) + + opReadToken, err := upsertTestTokenWithPolicyRules( + codec, TestDefaultInitialManagementToken, "dc1", `operator = "read"`) + require.NoError(t, err) + + arg.Token = opReadToken.SecretID + require.NoError(t, msgpackrpc.CallWithCodec(codec, "Internal.CatalogOverview", &arg, &out)) +} diff --git a/agent/consul/server.go b/agent/consul/server.go index ba77c4517..da821ebc8 100644 --- a/agent/consul/server.go +++ b/agent/consul/server.go @@ -308,6 +308,10 @@ type Server struct { // Consul router. statsFetcher *StatsFetcher + // overviewManager is used to periodically update the cluster overview + // and emit node/service/check health metrics. + overviewManager *OverviewManager + // reassertLeaderCh is used to signal the leader loop should re-run // leadership actions after a snapshot restore. reassertLeaderCh chan chan error @@ -613,6 +617,9 @@ func NewServer(config *Config, flat Deps, publicGRPCServer *grpc.Server) (*Serve } go reporter.Run(&lib.StopChannelContext{StopCh: s.shutdownCh}) + s.overviewManager = NewOverviewManager(s.logger, s.fsm, s.config.MetricsReportingInterval) + go s.overviewManager.Run(&lib.StopChannelContext{StopCh: s.shutdownCh}) + s.grpcHandler = newGRPCHandlerFromConfig(flat, config, s) s.grpcLeaderForwarder = flat.LeaderForwarder go s.trackLeaderChanges() diff --git a/agent/consul/server_overview.go b/agent/consul/server_overview.go new file mode 100644 index 000000000..149743d3f --- /dev/null +++ b/agent/consul/server_overview.go @@ -0,0 +1,182 @@ +package consul + +import ( + "context" + "fmt" + "sort" + "sync" + "time" + + "github.com/hashicorp/consul/agent/consul/usagemetrics" + "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/api" + "github.com/hashicorp/go-hclog" +) + +type OverviewManager struct { + stateProvider usagemetrics.StateProvider + logger hclog.Logger + interval time.Duration + + currentSummary *structs.CatalogSummary + sync.RWMutex +} + +func NewOverviewManager(logger hclog.Logger, sp usagemetrics.StateProvider, interval time.Duration) *OverviewManager { + return &OverviewManager{ + stateProvider: sp, + logger: logger.Named("catalog-overview"), + interval: interval, + currentSummary: &structs.CatalogSummary{}, + } +} + +func (m *OverviewManager) GetCurrentSummary() *structs.CatalogSummary { + m.RLock() + defer m.RUnlock() + return m.currentSummary +} + +func (m *OverviewManager) Run(ctx context.Context) { + ticker := time.NewTicker(m.interval) + defer ticker.Stop() + + for { + select { + case <-ctx.Done(): + return + case <-ticker.C: + state := m.stateProvider.State() + catalog, err := state.CatalogDump() + if err != nil { + m.logger.Error("failed to update overview", "error", err) + continue + } + + summary := getCatalogOverview(catalog) + m.Lock() + m.currentSummary = summary + m.Unlock() + } + } +} + +// getCatalogOverview returns a breakdown of the number of nodes, services, and checks +// in the passing/warning/critical states. In Enterprise, it will also return this +// breakdown for each partition and namespace. +func getCatalogOverview(catalog *structs.CatalogContents) *structs.CatalogSummary { + nodeChecks := make(map[string][]*structs.HealthCheck) + serviceInstanceChecks := make(map[string][]*structs.HealthCheck) + checkSummaries := make(map[string]structs.HealthSummary) + + // Compute the health check summaries by taking the pass/warn/fail counts + // of each unique part/ns/checkname combo and storing them. Also store the + // per-node and per-service instance checks for their respective summaries below. + for _, check := range catalog.Checks { + checkID := fmt.Sprintf("%s/%s", check.EnterpriseMeta.String(), check.Name) + summary, ok := checkSummaries[checkID] + if !ok { + summary = structs.HealthSummary{ + Name: check.Name, + EnterpriseMeta: check.EnterpriseMeta, + } + } + + summary.Add(check.Status) + checkSummaries[checkID] = summary + + if check.ServiceID != "" { + serviceInstanceID := fmt.Sprintf("%s/%s/%s", check.EnterpriseMeta.String(), check.Node, check.ServiceID) + serviceInstanceChecks[serviceInstanceID] = append(serviceInstanceChecks[serviceInstanceID], check) + } else { + nodeMeta := check.NodeIdentity().EnterpriseMeta + nodeID := fmt.Sprintf("%s/%s", nodeMeta.String(), check.Node) + nodeChecks[nodeID] = append(nodeChecks[nodeID], check) + } + } + + // Compute the service instance summaries by taking the unhealthiest check for + // a given service instance as its health status and totaling the counts for each + // partition/ns/service combination. + serviceSummaries := make(map[string]structs.HealthSummary) + for _, svc := range catalog.Services { + sid := structs.NewServiceID(svc.ServiceName, &svc.EnterpriseMeta) + summary, ok := serviceSummaries[sid.String()] + if !ok { + summary = structs.HealthSummary{ + Name: svc.ServiceName, + EnterpriseMeta: svc.EnterpriseMeta, + } + } + + // Compute whether this service instance is healthy based on its associated checks. + serviceInstanceID := fmt.Sprintf("%s/%s/%s", svc.EnterpriseMeta.String(), svc.Node, svc.ServiceID) + status := api.HealthPassing + for _, checks := range serviceInstanceChecks[serviceInstanceID] { + if checks.Status == api.HealthWarning && status == api.HealthPassing { + status = api.HealthWarning + } + if checks.Status == api.HealthCritical { + status = api.HealthCritical + } + } + + summary.Add(status) + serviceSummaries[sid.String()] = summary + } + + // Compute the node summaries by taking the unhealthiest check for each node + // as its health status and totaling the passing/warning/critical counts for + // each partition. + nodeSummaries := make(map[string]structs.HealthSummary) + for _, node := range catalog.Nodes { + nodeMeta := structs.NodeEnterpriseMetaInPartition(node.Partition) + summary, ok := nodeSummaries[nodeMeta.String()] + if !ok { + summary = structs.HealthSummary{ + EnterpriseMeta: *structs.NodeEnterpriseMetaInPartition(node.Partition), + } + } + + // Compute whether this node is healthy based on its associated checks. + status := api.HealthPassing + nodeID := fmt.Sprintf("%s/%s", nodeMeta.String(), node.Node) + for _, checks := range nodeChecks[nodeID] { + if checks.Status == api.HealthWarning && status == api.HealthPassing { + status = api.HealthWarning + } + if checks.Status == api.HealthCritical { + status = api.HealthCritical + } + } + + summary.Add(status) + nodeSummaries[nodeMeta.String()] = summary + } + + // Construct the summary. + summary := &structs.CatalogSummary{} + for _, healthSummary := range nodeSummaries { + summary.Nodes = append(summary.Nodes, healthSummary) + } + for _, healthSummary := range serviceSummaries { + summary.Services = append(summary.Services, healthSummary) + } + for _, healthSummary := range checkSummaries { + summary.Checks = append(summary.Checks, healthSummary) + } + + summarySort := func(slice []structs.HealthSummary) func(int, int) bool { + return func(i, j int) bool { + if slice[i].Name < slice[j].Name { + return true + } + return slice[i].EnterpriseMeta.String() < slice[j].EnterpriseMeta.String() + } + } + sort.Slice(summary.Nodes, summarySort(summary.Nodes)) + sort.Slice(summary.Services, summarySort(summary.Services)) + sort.Slice(summary.Checks, summarySort(summary.Checks)) + + return summary +} diff --git a/agent/consul/server_overview_test.go b/agent/consul/server_overview_test.go new file mode 100644 index 000000000..dc2d439e0 --- /dev/null +++ b/agent/consul/server_overview_test.go @@ -0,0 +1,166 @@ +package consul + +import ( + "testing" + + "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/api" + "github.com/stretchr/testify/require" +) + +func TestCatalogOverview(t *testing.T) { + cases := []struct { + name string + nodes []*structs.Node + services []*structs.ServiceNode + checks []*structs.HealthCheck + expected structs.CatalogSummary + }{ + { + name: "empty", + expected: structs.CatalogSummary{}, + }, + { + name: "one node with no checks", + nodes: []*structs.Node{ + {Node: "node1"}, + }, + expected: structs.CatalogSummary{ + Nodes: []structs.HealthSummary{ + {Total: 1, Passing: 1}, + }, + }, + }, + { + name: "one service with no checks", + services: []*structs.ServiceNode{ + {Node: "node1", ServiceName: "service1"}, + }, + expected: structs.CatalogSummary{ + Services: []structs.HealthSummary{ + {Name: "service1", Total: 1, Passing: 1}, + }, + }, + }, + { + name: "three nodes with node checks", + nodes: []*structs.Node{ + {Node: "node1"}, + {Node: "node2"}, + {Node: "node3"}, + }, + checks: []*structs.HealthCheck{ + {Node: "node1", Name: "check1", CheckID: "check1", Status: api.HealthPassing}, + {Node: "node2", Name: "check1", CheckID: "check1", Status: api.HealthWarning}, + {Node: "node3", Name: "check1", CheckID: "check1", Status: api.HealthCritical}, + }, + expected: structs.CatalogSummary{ + Nodes: []structs.HealthSummary{ + {Total: 3, Passing: 1, Warning: 1, Critical: 1}, + }, + Checks: []structs.HealthSummary{ + {Name: "check1", Total: 3, Passing: 1, Warning: 1, Critical: 1}, + }, + }, + }, + { + name: "three instances of one service with checks", + nodes: []*structs.Node{ + {Node: "node1"}, + }, + services: []*structs.ServiceNode{ + {Node: "node1", ServiceName: "service1", ServiceID: "id1"}, + {Node: "node1", ServiceName: "service1", ServiceID: "id2"}, + {Node: "node1", ServiceName: "service1", ServiceID: "id3"}, + }, + checks: []*structs.HealthCheck{ + {Node: "node1", Name: "check1", CheckID: "check1", ServiceID: "id1", Status: api.HealthPassing}, + {Node: "node1", Name: "check1", CheckID: "check2", ServiceID: "id2", Status: api.HealthWarning}, + {Node: "node1", Name: "check1", CheckID: "check3", ServiceID: "id3", Status: api.HealthCritical}, + }, + expected: structs.CatalogSummary{ + Nodes: []structs.HealthSummary{ + {Total: 1, Passing: 1}, + }, + Services: []structs.HealthSummary{ + {Name: "service1", Total: 3, Passing: 1, Warning: 1, Critical: 1}, + }, + Checks: []structs.HealthSummary{ + {Name: "check1", Total: 3, Passing: 1, Warning: 1, Critical: 1}, + }, + }, + }, + { + name: "three instances of different services with checks", + nodes: []*structs.Node{ + {Node: "node1"}, + }, + services: []*structs.ServiceNode{ + {Node: "node1", ServiceName: "service1", ServiceID: "id1"}, + {Node: "node1", ServiceName: "service2", ServiceID: "id2"}, + {Node: "node1", ServiceName: "service3", ServiceID: "id3"}, + }, + checks: []*structs.HealthCheck{ + {Node: "node1", Name: "check1", CheckID: "check1", ServiceID: "id1", Status: api.HealthPassing}, + {Node: "node1", Name: "check1", CheckID: "check2", ServiceID: "id2", Status: api.HealthWarning}, + {Node: "node1", Name: "check1", CheckID: "check3", ServiceID: "id3", Status: api.HealthCritical}, + }, + expected: structs.CatalogSummary{ + Nodes: []structs.HealthSummary{ + {Total: 1, Passing: 1}, + }, + Services: []structs.HealthSummary{ + {Name: "service1", Total: 1, Passing: 1}, + {Name: "service2", Total: 1, Warning: 1}, + {Name: "service3", Total: 1, Critical: 1}, + }, + Checks: []structs.HealthSummary{ + {Name: "check1", Total: 3, Passing: 1, Warning: 1, Critical: 1}, + }, + }, + }, + { + name: "many instances of the same check", + checks: []*structs.HealthCheck{ + {Name: "check1", CheckID: "check1", Status: api.HealthPassing}, + {Name: "check1", CheckID: "check2", Status: api.HealthWarning}, + {Name: "check1", CheckID: "check3", Status: api.HealthCritical}, + {Name: "check1", CheckID: "check4", Status: api.HealthPassing}, + {Name: "check1", CheckID: "check5", Status: api.HealthCritical}, + }, + expected: structs.CatalogSummary{ + Checks: []structs.HealthSummary{ + {Name: "check1", Total: 5, Passing: 2, Warning: 1, Critical: 2}, + }, + }, + }, + { + name: "three different checks", + checks: []*structs.HealthCheck{ + {Name: "check1", CheckID: "check1", Status: api.HealthPassing}, + {Name: "check2", CheckID: "check2", Status: api.HealthWarning}, + {Name: "check3", CheckID: "check3", Status: api.HealthCritical}, + }, + expected: structs.CatalogSummary{ + Checks: []structs.HealthSummary{ + {Name: "check1", Total: 1, Passing: 1}, + {Name: "check2", Total: 1, Warning: 1}, + {Name: "check3", Total: 1, Critical: 1}, + }, + }, + }, + } + + for _, tc := range cases { + t.Run(tc.name, func(t *testing.T) { + summary := getCatalogOverview(&structs.CatalogContents{ + Nodes: tc.nodes, + Services: tc.services, + Checks: tc.checks, + }) + require.ElementsMatch(t, tc.expected.Nodes, summary.Nodes) + require.ElementsMatch(t, tc.expected.Services, summary.Services) + require.ElementsMatch(t, tc.expected.Checks, summary.Checks) + }) + } +} diff --git a/agent/consul/state/catalog.go b/agent/consul/state/catalog.go index d8284d427..b882931d6 100644 --- a/agent/consul/state/catalog.go +++ b/agent/consul/state/catalog.go @@ -4106,3 +4106,39 @@ func cleanupKindServiceName(tx WriteTxn, idx uint64, name structs.ServiceName, k } return nil } + +// CatalogDump returns all the contents of the node, service and check tables. +// In Enterprise, this will return entries across all partitions and namespaces. +func (s *Store) CatalogDump() (*structs.CatalogContents, error) { + tx := s.db.Txn(false) + contents := &structs.CatalogContents{} + + nodes, err := tx.Get(tableNodes, indexID) + if err != nil { + return nil, fmt.Errorf("failed nodes lookup: %s", err) + } + for node := nodes.Next(); node != nil; node = nodes.Next() { + n := node.(*structs.Node) + contents.Nodes = append(contents.Nodes, n) + } + + services, err := tx.Get(tableServices, indexID) + if err != nil { + return nil, fmt.Errorf("failed services lookup: %s", err) + } + for service := services.Next(); service != nil; service = services.Next() { + svc := service.(*structs.ServiceNode) + contents.Services = append(contents.Services, svc) + } + + checks, err := tx.Get(tableChecks, indexID) + if err != nil { + return nil, fmt.Errorf("failed checks lookup: %s", err) + } + for check := checks.Next(); check != nil; check = checks.Next() { + c := check.(*structs.HealthCheck) + contents.Checks = append(contents.Checks, c) + } + + return contents, nil +} diff --git a/agent/http_register.go b/agent/http_register.go index df20cdfe3..47cdfcf1f 100644 --- a/agent/http_register.go +++ b/agent/http_register.go @@ -91,6 +91,7 @@ func init() { registerEndpoint("/v1/internal/ui/nodes", []string{"GET"}, (*HTTPHandlers).UINodes) registerEndpoint("/v1/internal/ui/node/", []string{"GET"}, (*HTTPHandlers).UINodeInfo) registerEndpoint("/v1/internal/ui/services", []string{"GET"}, (*HTTPHandlers).UIServices) + registerEndpoint("/v1/internal/ui/catalog-overview", []string{"GET"}, (*HTTPHandlers).UICatalogOverview) registerEndpoint("/v1/internal/ui/gateway-services-nodes/", []string{"GET"}, (*HTTPHandlers).UIGatewayServicesNodes) registerEndpoint("/v1/internal/ui/gateway-intentions/", []string{"GET"}, (*HTTPHandlers).UIGatewayIntentions) registerEndpoint("/v1/internal/ui/service-topology/", []string{"GET"}, (*HTTPHandlers).UIServiceTopology) diff --git a/agent/structs/catalog.go b/agent/structs/catalog.go index b118b9935..73cd0264f 100644 --- a/agent/structs/catalog.go +++ b/agent/structs/catalog.go @@ -1,6 +1,7 @@ package structs import ( + "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/types" ) @@ -19,3 +20,38 @@ const ( ConsulServiceID = "consul" ConsulServiceName = "consul" ) + +type CatalogContents struct { + Nodes []*Node + Services []*ServiceNode + Checks []*HealthCheck +} + +type CatalogSummary struct { + Nodes []HealthSummary + Services []HealthSummary + Checks []HealthSummary +} + +type HealthSummary struct { + Name string `json:",omitempty"` + + Total int + Passing int + Warning int + Critical int + + EnterpriseMeta +} + +func (h *HealthSummary) Add(status string) { + h.Total++ + switch status { + case api.HealthPassing: + h.Passing++ + case api.HealthWarning: + h.Warning++ + case api.HealthCritical: + h.Critical++ + } +} diff --git a/agent/structs/structs_oss.go b/agent/structs/structs_oss.go index 669361802..7f56c4355 100644 --- a/agent/structs/structs_oss.go +++ b/agent/structs/structs_oss.go @@ -15,6 +15,10 @@ var emptyEnterpriseMeta = EnterpriseMeta{} // EnterpriseMeta stub type EnterpriseMeta struct{} +func (m *EnterpriseMeta) String() string { + return "" +} + func (m *EnterpriseMeta) ToEnterprisePolicyMeta() *acl.EnterprisePolicyMeta { return nil } diff --git a/agent/ui_endpoint.go b/agent/ui_endpoint.go index f794f2f66..1defb241b 100644 --- a/agent/ui_endpoint.go +++ b/agent/ui_endpoint.go @@ -172,6 +172,24 @@ RPC: return nil, nil } +// UICatalogOverview is used to get a high-level overview of the health of nodes, services, +// and checks in the datacenter. +func (s *HTTPHandlers) UICatalogOverview(resp http.ResponseWriter, req *http.Request) (interface{}, error) { + // Parse arguments + args := structs.DCSpecificRequest{} + if done := s.parse(resp, req, &args.Datacenter, &args.QueryOptions); done { + return nil, nil + } + + // Make the RPC request + var out structs.CatalogSummary + if err := s.agent.RPC("Internal.CatalogOverview", &args, &out); err != nil { + return nil, err + } + + return out, nil +} + // UIServices is used to list the services in a given datacenter. We return a // ServiceSummary which provides overview information for the service func (s *HTTPHandlers) UIServices(resp http.ResponseWriter, req *http.Request) (interface{}, error) { From 28c925f6d04a26cb2a54928e28d39fc53b6847b0 Mon Sep 17 00:00:00 2001 From: Mark Anderson Date: Tue, 22 Mar 2022 20:41:13 -0700 Subject: [PATCH 006/785] Fixup dropped SecretID usage Looks like something got munged at some point. Not sure how it slipped in, but my best guess is that because TestTxn_Apply_ACLDeny is marked flaky we didn't block merge because it failed. Signed-off-by: Mark Anderson --- agent/consul/txn_endpoint_test.go | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/agent/consul/txn_endpoint_test.go b/agent/consul/txn_endpoint_test.go index c48d1a035..4f82c98d6 100644 --- a/agent/consul/txn_endpoint_test.go +++ b/agent/consul/txn_endpoint_test.go @@ -875,12 +875,11 @@ func TestTxn_Read_ACLDeny(t *testing.T) { state.EnsureCheck(4, &check) token := createTokenFull(t, codec, testTxnRules) - id := token.AccessorID t.Run("simple read operations (results get filtered out)", func(t *testing.T) { arg := structs.TxnReadRequest{ Datacenter: "dc1", - QueryOptions: structs.QueryOptions{Token: id}, + QueryOptions: structs.QueryOptions{Token: token.SecretID}, Ops: structs.TxnOps{ { KV: &structs.TxnKVOp{ @@ -912,7 +911,7 @@ func TestTxn_Read_ACLDeny(t *testing.T) { t.Run("complex operations (return permission denied errors)", func(t *testing.T) { arg := structs.TxnReadRequest{ Datacenter: "dc1", - QueryOptions: structs.QueryOptions{Token: id}, + QueryOptions: structs.QueryOptions{Token: token.SecretID}, Ops: structs.TxnOps{ { KV: &structs.TxnKVOp{ From 13c6959b2b933b211f6a437ed12a2324e7fca441 Mon Sep 17 00:00:00 2001 From: John Cowen Date: Wed, 23 Mar 2022 10:34:26 +0000 Subject: [PATCH 007/785] ui: Tile CSS component (#12570) * ui: Tile CSS component * ui: Consul ServerCard component (#12576) --- .../components/consul/server/card/README.mdx | 118 ++++++++++++++++++ .../components/consul/server/card/index.hbs | 41 ++++++ .../components/consul/server/card/index.scss | 5 + .../components/consul/server/card/layout.scss | 24 ++++ .../components/consul/server/card/skin.scss | 40 ++++++ .../components/consul/server/list/index.hbs | 17 +++ .../components/consul/server/list/index.scss | 9 ++ .../consul-ui/app/components/tile/README.mdx | 20 +++ .../consul-ui/app/components/tile/debug.scss | 6 + .../consul-ui/app/components/tile/index.scss | 37 ++++++ .../app/styles/base/component/index.scss | 6 + .../base/decoration/base-variables.scss | 1 + .../app/styles/base/icons/icons/index.scss | 12 +- .../consul-ui/app/styles/base/index.scss | 1 + .../base/typography/base-keyframes.scss | 7 ++ .../base/typography/base-variables.scss | 1 + .../app/styles/base/typography/index.scss | 1 + .../consul-ui/app/styles/components.scss | 3 + ui/packages/consul-ui/app/styles/debug.scss | 1 + 19 files changed, 344 insertions(+), 6 deletions(-) create mode 100644 ui/packages/consul-ui/app/components/consul/server/card/README.mdx create mode 100644 ui/packages/consul-ui/app/components/consul/server/card/index.hbs create mode 100644 ui/packages/consul-ui/app/components/consul/server/card/index.scss create mode 100644 ui/packages/consul-ui/app/components/consul/server/card/layout.scss create mode 100644 ui/packages/consul-ui/app/components/consul/server/card/skin.scss create mode 100644 ui/packages/consul-ui/app/components/consul/server/list/index.hbs create mode 100644 ui/packages/consul-ui/app/components/consul/server/list/index.scss create mode 100644 ui/packages/consul-ui/app/components/tile/README.mdx create mode 100644 ui/packages/consul-ui/app/components/tile/debug.scss create mode 100644 ui/packages/consul-ui/app/components/tile/index.scss create mode 100644 ui/packages/consul-ui/app/styles/base/component/index.scss create mode 100644 ui/packages/consul-ui/app/styles/base/typography/base-keyframes.scss diff --git a/ui/packages/consul-ui/app/components/consul/server/card/README.mdx b/ui/packages/consul-ui/app/components/consul/server/card/README.mdx new file mode 100644 index 000000000..a4b2ebc7d --- /dev/null +++ b/ui/packages/consul-ui/app/components/consul/server/card/README.mdx @@ -0,0 +1,118 @@ + +# Consul::Server::Card + + + +A presentational component representing a Consul Server + + +```hbs preview-template +
+
+ Read Replicas just show the name of the Server +
+ + +
+ +
+
+ Leaders have a special icon-tile +
+ + +
+ +
+
+ Unhealthy voters have a differently colored badge +
+ + +
+ +
+
+ Non-voters have different text and coloring +
+ + +
+
+ + +
+``` + +## Attributes + + + + +## Arguments + + + +| Argument | Type | Default | Description | +| :------- | :----- | :------ | :----------------------------------------- | +| item | object | | Consul Server shaped object | + + + +## Slots + + + + +## CSS Parts + + + + +## CSS Properties + + + + +## Contextual Components + + + diff --git a/ui/packages/consul-ui/app/components/consul/server/card/index.hbs b/ui/packages/consul-ui/app/components/consul/server/card/index.hbs new file mode 100644 index 000000000..333ebd667 --- /dev/null +++ b/ui/packages/consul-ui/app/components/consul/server/card/index.hbs @@ -0,0 +1,41 @@ +
+
+ +
+
+
+ {{@item.Name}} +
+ +{{#if (not @item.ReadReplica)}} +
+ Status +
+
+ {{if (contains @item.Status (array 'leader' 'voter')) 'Active voter' 'Backup voter'}} +
+{{/if}} + +
+
+ diff --git a/ui/packages/consul-ui/app/components/consul/server/card/index.scss b/ui/packages/consul-ui/app/components/consul/server/card/index.scss new file mode 100644 index 000000000..284860e70 --- /dev/null +++ b/ui/packages/consul-ui/app/components/consul/server/card/index.scss @@ -0,0 +1,5 @@ +@import './skin'; +@import './layout'; +.consul-server-card { + @extend %consul-server-card; +} diff --git a/ui/packages/consul-ui/app/components/consul/server/card/layout.scss b/ui/packages/consul-ui/app/components/consul/server/card/layout.scss new file mode 100644 index 000000000..8ca116a8f --- /dev/null +++ b/ui/packages/consul-ui/app/components/consul/server/card/layout.scss @@ -0,0 +1,24 @@ +%consul-server-card { + position: relative; + overflow: hidden; + + @extend %panel; + --padding-x: 24px; + --padding-y: 24px; + padding: var(--padding-y) var(--padding-x); + + --tile-size: 3rem; /* 48px */ +} +%consul-server-card.voting-status-leader .name { + position: absolute !important; +} +%consul-server-card dd:not(:last-of-type) { + margin-bottom: calc(var(--padding-y) / 2); +} +%consul-server-card.voting-status-leader dd { + margin-left: calc(var(--tile-size) + var(--padding-x)); +} + + + + diff --git a/ui/packages/consul-ui/app/components/consul/server/card/skin.scss b/ui/packages/consul-ui/app/components/consul/server/card/skin.scss new file mode 100644 index 000000000..1478ac3fa --- /dev/null +++ b/ui/packages/consul-ui/app/components/consul/server/card/skin.scss @@ -0,0 +1,40 @@ +%consul-server-card dt:not(.name) { + @extend %visually-hidden; +} +%consul-server-card.voting-status-leader .name { + @extend %with-leader-tile; +} +%consul-server-card .name + dd { + @extend %h300; + color: rgb(var(--tone-gray-999)); + animation-name: typo-truncate; +} +%consul-server-card .health-status + dd { + @extend %pill-200; + font-size: var(--typo-size-700); +} +%consul-server-card.voting-status-non-voter .health-status + dd { + background-color: rgb(var(--tone-gray-100)); + color: rgb(var(--tone-gray-600)); +} +%consul-server-card:not(.voting-status-non-voter) .health-status.healthy + dd { + background-color: rgb(var(--tone-green-050)); + color: rgb(var(--tone-green-800)); +} +%consul-server-card:not(.voting-status-non-voter) .health-status:not(.healthy) + dd { + background-color: rgb(var(--tone-red-050)); + color: rgb(var(--tone-red-500)); +} +%consul-server-card .health-status + dd::before { + --icon-size: icon-000; + content: ''; +} +%consul-server-card .health-status.healthy + dd::before { + --icon-name: icon-check; + --icon-color: rgb(var(--tone-green-800)); +} +%consul-server-card .health-status:not(.healthy) + dd::before { + --icon-name: icon-x; + --icon-color: rgb(var(--tone-red-500)); +} + diff --git a/ui/packages/consul-ui/app/components/consul/server/list/index.hbs b/ui/packages/consul-ui/app/components/consul/server/list/index.hbs new file mode 100644 index 000000000..4f9d1b50a --- /dev/null +++ b/ui/packages/consul-ui/app/components/consul/server/list/index.hbs @@ -0,0 +1,17 @@ +
+
    +{{#each @items as |item|}} +
  • + +
    • +{{/each}} +
+
+ diff --git a/ui/packages/consul-ui/app/components/consul/server/list/index.scss b/ui/packages/consul-ui/app/components/consul/server/list/index.scss new file mode 100644 index 000000000..4f8256b91 --- /dev/null +++ b/ui/packages/consul-ui/app/components/consul/server/list/index.scss @@ -0,0 +1,9 @@ +%consul-server-list ul { + display: grid; + grid-template-columns: repeat(4, minmax(215px, 25%)); + gap: 12px; +} + +.consul-server-list { + @extend %consul-server-list; +} diff --git a/ui/packages/consul-ui/app/components/tile/README.mdx b/ui/packages/consul-ui/app/components/tile/README.mdx new file mode 100644 index 000000000..be1361183 --- /dev/null +++ b/ui/packages/consul-ui/app/components/tile/README.mdx @@ -0,0 +1,20 @@ +# tile + + +```hbs preview-template +
+
+ Leader tile +
+
+ +
+
+ +``` + +```css +.tile { + @extend %with-tile, %with-leader-tile; +} +``` diff --git a/ui/packages/consul-ui/app/components/tile/debug.scss b/ui/packages/consul-ui/app/components/tile/debug.scss new file mode 100644 index 000000000..8b3e0797d --- /dev/null +++ b/ui/packages/consul-ui/app/components/tile/debug.scss @@ -0,0 +1,6 @@ +#docfy-demo-preview-tile { + .tile { + @extend %with-tile, %with-leader-tile; + } +} + diff --git a/ui/packages/consul-ui/app/components/tile/index.scss b/ui/packages/consul-ui/app/components/tile/index.scss new file mode 100644 index 000000000..7754657eb --- /dev/null +++ b/ui/packages/consul-ui/app/components/tile/index.scss @@ -0,0 +1,37 @@ + +%with-tile { + position: relative; + width: var(--tile-size, 3rem); + height: var(--tile-size, 3rem); +} +%with-tile::before { + display: block; + content: ''; + width: 100%; + height: 100%; + border-radius: var(--decor-radius-250); + border: var(--decor-border-100); +} +%with-tile::after { + content: ''; + position: absolute; + top: calc(var(--tile-size, 3rem) / 4); + left: calc(var(--tile-size, 3rem) / 4); +} + +%with-leader-tile { + @extend %with-tile; +} +%with-leader-tile::before { + background-image: linear-gradient(135deg, + rgb(var(--strawberry-010)) 0%, + rgb(var(--strawberry-200)) 100% + ); + border-color: rgb(var(--tone-gray-999) / 10%); +} +%with-leader-tile::after { + --icon-name: icon-star-circle; + --icon-size: icon-700; + color: rgb(var(--strawberry-500)); +} + diff --git a/ui/packages/consul-ui/app/styles/base/component/index.scss b/ui/packages/consul-ui/app/styles/base/component/index.scss new file mode 100644 index 000000000..821ce98da --- /dev/null +++ b/ui/packages/consul-ui/app/styles/base/component/index.scss @@ -0,0 +1,6 @@ +/* allows easy application of animation-name based composition */ +*, *::before, *::after { + animation-play-state: paused; + animation-fill-mode: forwards; +} + diff --git a/ui/packages/consul-ui/app/styles/base/decoration/base-variables.scss b/ui/packages/consul-ui/app/styles/base/decoration/base-variables.scss index 1aff329e2..e97f8df12 100644 --- a/ui/packages/consul-ui/app/styles/base/decoration/base-variables.scss +++ b/ui/packages/consul-ui/app/styles/base/decoration/base-variables.scss @@ -3,6 +3,7 @@ --decor-radius-000: 0; --decor-radius-100: 2px; --decor-radius-200: 4px; + --decor-radius-250: 6px; --decor-radius-300: 7px; --decor-radius-999: 9999px; --decor-radius-full: 100%; diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/index.scss index fc3360b03..8eb65d292 100644 --- a/ui/packages/consul-ui/app/styles/base/icons/icons/index.scss +++ b/ui/packages/consul-ui/app/styles/base/icons/icons/index.scss @@ -236,8 +236,8 @@ // @import './change/index.scss'; // @import './change-circle/index.scss'; // @import './change-square/index.scss'; -// @import './check/index.scss'; -// @import './check-circle/index.scss'; +@import './check/index.scss'; +@import './check-circle/index.scss'; @import './check-circle-fill/index.scss'; // @import './check-diamond/index.scss'; // @import './check-diamond-fill/index.scss'; @@ -392,7 +392,7 @@ // @import './identity-user/index.scss'; // @import './image/index.scss'; // @import './inbox/index.scss'; -// @import './info/index.scss'; +@import './info/index.scss'; // @import './jump-link/index.scss'; // @import './key/index.scss'; // @import './key-values/index.scss'; @@ -542,7 +542,7 @@ // @import './square/index.scss'; // @import './square-fill/index.scss'; // @import './star/index.scss'; -// @import './star-circle/index.scss'; +@import './star-circle/index.scss'; @import './star-fill/index.scss'; // @import './star-off/index.scss'; // @import './stop-circle/index.scss'; @@ -614,8 +614,8 @@ // @import './wifi/index.scss'; // @import './wifi-off/index.scss'; // @import './wrench/index.scss'; -// @import './x/index.scss'; -// @import './x-circle/index.scss'; +@import './x/index.scss'; +@import './x-circle/index.scss'; // @import './x-circle-fill/index.scss'; // @import './x-diamond/index.scss'; // @import './x-diamond-fill/index.scss'; diff --git a/ui/packages/consul-ui/app/styles/base/index.scss b/ui/packages/consul-ui/app/styles/base/index.scss index 8fed6a285..c352c682e 100644 --- a/ui/packages/consul-ui/app/styles/base/index.scss +++ b/ui/packages/consul-ui/app/styles/base/index.scss @@ -1,3 +1,4 @@ +@import './component/index'; @import './decoration/index'; @import './color/index'; @import './animation/index'; diff --git a/ui/packages/consul-ui/app/styles/base/typography/base-keyframes.scss b/ui/packages/consul-ui/app/styles/base/typography/base-keyframes.scss new file mode 100644 index 000000000..7f29930eb --- /dev/null +++ b/ui/packages/consul-ui/app/styles/base/typography/base-keyframes.scss @@ -0,0 +1,7 @@ +@keyframes typo-truncate { + 100% { + white-space: nowrap; + overflow: hidden; + text-overflow: ellipsis; + } +} diff --git a/ui/packages/consul-ui/app/styles/base/typography/base-variables.scss b/ui/packages/consul-ui/app/styles/base/typography/base-variables.scss index 0c271067e..0d4294737 100644 --- a/ui/packages/consul-ui/app/styles/base/typography/base-variables.scss +++ b/ui/packages/consul-ui/app/styles/base/typography/base-variables.scss @@ -11,6 +11,7 @@ /* also maybe use 100, 200 etc like colors */ --typo-size-100: 3.5rem; --typo-size-200: 1.8rem; + --typo-size-250: 1.750rem; /* 28px */ --typo-size-300: 1.3rem; /* mktg only ^ */ --typo-size-400: 1.2rem; /* $size-large? 24 */ diff --git a/ui/packages/consul-ui/app/styles/base/typography/index.scss b/ui/packages/consul-ui/app/styles/base/typography/index.scss index 3fe0d277f..72abf8e5a 100644 --- a/ui/packages/consul-ui/app/styles/base/typography/index.scss +++ b/ui/packages/consul-ui/app/styles/base/typography/index.scss @@ -1,2 +1,3 @@ @import './base-variables'; +@import './base-keyframes'; @import './base-placeholders'; diff --git a/ui/packages/consul-ui/app/styles/components.scss b/ui/packages/consul-ui/app/styles/components.scss index 143c305e6..875e3a142 100644 --- a/ui/packages/consul-ui/app/styles/components.scss +++ b/ui/packages/consul-ui/app/styles/components.scss @@ -36,6 +36,7 @@ @import 'consul-ui/components/secret-button'; @import 'consul-ui/components/sliding-toggle'; @import 'consul-ui/components/table'; +@import 'consul-ui/components/tile'; @import 'consul-ui/components/toggle-button'; @import 'consul-ui/components/tabular-collection'; @import 'consul-ui/components/tabular-details'; @@ -91,6 +92,8 @@ @import 'consul-ui/components/consul/intention'; @import 'consul-ui/components/consul/lock-session/list'; @import 'consul-ui/components/consul/lock-session/form'; +@import 'consul-ui/components/consul/server/list'; +@import 'consul-ui/components/consul/server/card'; @import 'consul-ui/components/consul/auth-method'; @import 'consul-ui/components/role-selector'; diff --git a/ui/packages/consul-ui/app/styles/debug.scss b/ui/packages/consul-ui/app/styles/debug.scss index f99e263a2..8209e6ac4 100644 --- a/ui/packages/consul-ui/app/styles/debug.scss +++ b/ui/packages/consul-ui/app/styles/debug.scss @@ -4,6 +4,7 @@ @import 'consul-ui/components/main-nav-vertical/debug'; @import 'consul-ui/components/badge/debug'; @import 'consul-ui/components/panel/debug'; +@import 'consul-ui/components/tile/debug'; @import 'consul-ui/components/shadow-template/debug'; @import 'consul-ui/components/csv-list/debug'; @import 'consul-ui/components/horizontal-kv-list/debug'; From 467f771d74b06e76ea5b78fc1212b9152df9a323 Mon Sep 17 00:00:00 2001 From: Eric Date: Wed, 23 Mar 2022 09:25:56 -0400 Subject: [PATCH 008/785] remove gogo pbconnect, pbconfig and pbautoconf --- build-support/scripts/proto-gen-entry.sh | 9 + proto/pbautoconf/auto_config.pb.go | 869 +------ proto/pbcommon/common.gen.go | 14 + proto/pbcommon/common.pb.go | 7 + proto/pbcommon/common.proto | 7 + proto/pbconfig/config.pb.go | 2836 +--------------------- proto/pbconnect/connect.gen.go | 20 +- proto/pbconnect/connect.go | 32 +- proto/pbconnect/connect.pb.go | 1971 +-------------- proto/pbconnect/connect.proto | 22 +- 10 files changed, 288 insertions(+), 5499 deletions(-) diff --git a/build-support/scripts/proto-gen-entry.sh b/build-support/scripts/proto-gen-entry.sh index c02df1b5a..4deb2bf29 100644 --- a/build-support/scripts/proto-gen-entry.sh +++ b/build-support/scripts/proto-gen-entry.sh @@ -5,6 +5,15 @@ echo $PWD if [[ "$FILENAME" =~ .*pbcommon/.* ]]; then echo "$FILENAME no gogo" ./build-support/scripts/proto-gen-no-gogo.sh $1 $2 $3 +elif [[ "$FILENAME" =~ .*pbconnect/.* ]]; then + echo "$FILENAME no gogo" + ./build-support/scripts/proto-gen-no-gogo.sh $1 $2 $3 +elif [[ "$FILENAME" =~ .*pbconfig/.* ]]; then + echo "$FILENAME no gogo" + ./build-support/scripts/proto-gen-no-gogo.sh $1 $2 $3 +elif [[ "$FILENAME" =~ .*pbautoconf/.* ]]; then + echo "$FILENAME no gogo" + ./build-support/scripts/proto-gen-no-gogo.sh $1 $2 $3 else echo "$FILENAME gogo" ./build-support/scripts/proto-gen.sh $1 $2 $3 diff --git a/proto/pbautoconf/auto_config.pb.go b/proto/pbautoconf/auto_config.pb.go index 8a4c25b5d..0f64d9688 100644 --- a/proto/pbautoconf/auto_config.pb.go +++ b/proto/pbautoconf/auto_config.pb.go @@ -1,4 +1,4 @@ -// Code generated by protoc-gen-gogo. DO NOT EDIT. +// Code generated by protoc-gen-go. DO NOT EDIT. // source: proto/pbautoconf/auto_config.proto package pbautoconf @@ -8,9 +8,7 @@ import ( proto "github.com/golang/protobuf/proto" pbconfig "github.com/hashicorp/consul/proto/pbconfig" pbconnect "github.com/hashicorp/consul/proto/pbconnect" - io "io" math "math" - math_bits "math/bits" ) // Reference imports to suppress errors if they are not otherwise used. @@ -58,26 +56,18 @@ func (*AutoConfigRequest) ProtoMessage() {} func (*AutoConfigRequest) Descriptor() ([]byte, []int) { return fileDescriptor_ccc5af992e5daf69, []int{0} } + func (m *AutoConfigRequest) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) + return xxx_messageInfo_AutoConfigRequest.Unmarshal(m, b) } func (m *AutoConfigRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_AutoConfigRequest.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil - } + return xxx_messageInfo_AutoConfigRequest.Marshal(b, m, deterministic) } func (m *AutoConfigRequest) XXX_Merge(src proto.Message) { xxx_messageInfo_AutoConfigRequest.Merge(m, src) } func (m *AutoConfigRequest) XXX_Size() int { - return m.Size() + return xxx_messageInfo_AutoConfigRequest.Size(m) } func (m *AutoConfigRequest) XXX_DiscardUnknown() { xxx_messageInfo_AutoConfigRequest.DiscardUnknown(m) @@ -156,26 +146,18 @@ func (*AutoConfigResponse) ProtoMessage() {} func (*AutoConfigResponse) Descriptor() ([]byte, []int) { return fileDescriptor_ccc5af992e5daf69, []int{1} } + func (m *AutoConfigResponse) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) + return xxx_messageInfo_AutoConfigResponse.Unmarshal(m, b) } func (m *AutoConfigResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_AutoConfigResponse.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil - } + return xxx_messageInfo_AutoConfigResponse.Marshal(b, m, deterministic) } func (m *AutoConfigResponse) XXX_Merge(src proto.Message) { xxx_messageInfo_AutoConfigResponse.Merge(m, src) } func (m *AutoConfigResponse) XXX_Size() int { - return m.Size() + return xxx_messageInfo_AutoConfigResponse.Size(m) } func (m *AutoConfigResponse) XXX_DiscardUnknown() { xxx_messageInfo_AutoConfigResponse.DiscardUnknown(m) @@ -221,814 +203,27 @@ func init() { } var fileDescriptor_ccc5af992e5daf69 = []byte{ - // 361 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x6c, 0x92, 0xcf, 0x4a, 0xc3, 0x40, - 0x10, 0xc6, 0x8d, 0xad, 0xfd, 0xb3, 0x01, 0xa9, 0xdb, 0xcb, 0x52, 0x35, 0x94, 0x1e, 0xa4, 0x88, - 0x24, 0x52, 0xf1, 0x2a, 0xd4, 0xe8, 0x41, 0x0f, 0x22, 0xdb, 0x82, 0xe0, 0x45, 0xd2, 0x74, 0xdb, - 0x06, 0xdb, 0x9d, 0x98, 0x9d, 0x80, 0x8f, 0xe2, 0x0b, 0x09, 0x1e, 0xf5, 0x0d, 0xa4, 0xbe, 0x88, - 0x64, 0x93, 0xe8, 0x22, 0x9e, 0xf2, 0xe5, 0xf7, 0xfb, 0xe6, 0x30, 0x93, 0x90, 0x5e, 0x9c, 0x00, - 0x82, 0x17, 0x4f, 0x82, 0x14, 0x21, 0x04, 0x39, 0xf3, 0xb2, 0xf0, 0x90, 0xa5, 0x68, 0xee, 0x6a, - 0x49, 0x1b, 0xa5, 0xeb, 0xec, 0x96, 0xed, 0xdc, 0x7b, 0x66, 0xad, 0xb3, 0x6f, 0x48, 0x29, 0x42, - 0xf4, 0x8a, 0x67, 0xae, 0x7b, 0xaf, 0x16, 0xd9, 0x19, 0xa6, 0x08, 0xbe, 0x9e, 0xe1, 0xe2, 0x29, - 0x15, 0x0a, 0xa9, 0x43, 0xc8, 0x45, 0x80, 0x41, 0x28, 0x24, 0x8a, 0x84, 0x59, 0x5d, 0xab, 0xdf, - 0xe4, 0x06, 0xa1, 0x94, 0x54, 0x6f, 0x60, 0x2a, 0xd8, 0xa6, 0x36, 0x3a, 0x53, 0x46, 0xea, 0x23, - 0x31, 0x5f, 0x09, 0x89, 0xac, 0xaa, 0x71, 0xf9, 0x4a, 0xf7, 0x48, 0xf3, 0x36, 0x48, 0x30, 0xc2, - 0x08, 0x24, 0x6b, 0x68, 0xf7, 0x0b, 0x68, 0x8b, 0x54, 0xae, 0xef, 0xc6, 0x6c, 0x4b, 0xf3, 0x2c, - 0xd2, 0x2e, 0xb1, 0x7d, 0x90, 0x2a, 0x5d, 0x8e, 0xe1, 0x51, 0x48, 0x56, 0xd3, 0xc6, 0x44, 0xd9, - 0x8c, 0x3f, 0xe2, 0xac, 0x9e, 0xcf, 0xf8, 0x23, 0xde, 0xfb, 0xb0, 0x08, 0x35, 0xf7, 0x50, 0x31, - 0x48, 0x25, 0xe8, 0x01, 0xa9, 0xe5, 0x44, 0x2f, 0x61, 0x0f, 0xb6, 0xdd, 0xe2, 0x38, 0x45, 0xaf, - 0xb0, 0xf4, 0x90, 0xd4, 0xfd, 0x21, 0x07, 0x40, 0xa5, 0x77, 0xb2, 0x07, 0x2d, 0xb7, 0xbc, 0x53, - 0xc1, 0x79, 0x59, 0xa0, 0xa7, 0xc4, 0xf6, 0x45, 0x82, 0xd1, 0x2c, 0x0a, 0x03, 0x14, 0xac, 0xa2, - 0xfb, 0xed, 0x9f, 0xfe, 0x95, 0x52, 0xa9, 0x98, 0x66, 0x0d, 0x6e, 0xf6, 0xe8, 0x31, 0x69, 0x5f, - 0x3e, 0x63, 0x12, 0xf8, 0x43, 0x83, 0x2a, 0x56, 0xed, 0x56, 0xfa, 0x4d, 0xfe, 0x9f, 0x3a, 0x3f, - 0x7b, 0x5b, 0x3b, 0xd6, 0xfb, 0xda, 0xb1, 0x3e, 0xd7, 0x8e, 0xf5, 0xf2, 0xe5, 0x6c, 0xdc, 0x1f, - 0xcd, 0x23, 0x5c, 0xa4, 0x13, 0x37, 0x84, 0x95, 0xb7, 0x08, 0xd4, 0x22, 0x0a, 0x21, 0x89, 0xb3, - 0x2f, 0xaa, 0xd2, 0xa5, 0xf7, 0xf7, 0x9f, 0x99, 0xd4, 0x34, 0x39, 0xf9, 0x0e, 0x00, 0x00, 0xff, - 0xff, 0x65, 0x57, 0x2e, 0x30, 0x4e, 0x02, 0x00, 0x00, + // 340 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x6c, 0x92, 0xcd, 0x4a, 0xc3, 0x40, + 0x10, 0xc7, 0x89, 0xad, 0xfd, 0x98, 0x80, 0xd4, 0xed, 0x65, 0xa9, 0x1f, 0x94, 0x1e, 0xa4, 0x88, + 0x24, 0x52, 0xf1, 0x01, 0x6a, 0xf4, 0xa0, 0x07, 0x91, 0x6d, 0x41, 0xf0, 0x22, 0x69, 0xba, 0x6d, + 0x83, 0xed, 0x4e, 0xcc, 0xce, 0x82, 0x2f, 0xe8, 0x03, 0xf8, 0x46, 0x92, 0x4d, 0xa2, 0x8b, 0x78, + 0xca, 0x3f, 0xbf, 0xdf, 0x7f, 0x0e, 0x33, 0x09, 0x8c, 0xb2, 0x1c, 0x09, 0xc3, 0x6c, 0x11, 0x1b, + 0xc2, 0x04, 0xd5, 0x2a, 0x2c, 0xc2, 0x6b, 0x91, 0xd2, 0x75, 0x60, 0x25, 0xeb, 0xd4, 0x6e, 0x70, + 0x54, 0xb7, 0x4b, 0x1f, 0xba, 0xb5, 0xc1, 0x89, 0x23, 0x95, 0x4c, 0x28, 0xac, 0x9e, 0xa5, 0x1e, + 0x7d, 0x7a, 0x70, 0x38, 0x35, 0x84, 0x91, 0x9d, 0x11, 0xf2, 0xdd, 0x48, 0x4d, 0xec, 0x14, 0xe0, + 0x36, 0xa6, 0x38, 0x91, 0x8a, 0x64, 0xce, 0xbd, 0xa1, 0x37, 0xee, 0x0a, 0x87, 0x30, 0x06, 0xcd, + 0x47, 0x5c, 0x4a, 0xbe, 0x67, 0x8d, 0xcd, 0x8c, 0x43, 0x7b, 0x26, 0xd7, 0x3b, 0xa9, 0x88, 0x37, + 0x2d, 0xae, 0x5f, 0xd9, 0x31, 0x74, 0x9f, 0xe2, 0x9c, 0x52, 0x4a, 0x51, 0xf1, 0x8e, 0x75, 0xbf, + 0x80, 0xf5, 0xa0, 0xf1, 0xf0, 0x3c, 0xe7, 0xfb, 0x96, 0x17, 0x91, 0x0d, 0xc1, 0x8f, 0x50, 0x69, + 0xb3, 0x9d, 0xe3, 0x9b, 0x54, 0xbc, 0x65, 0x8d, 0x8b, 0x8a, 0x99, 0x68, 0x26, 0x78, 0xbb, 0x9c, + 0x89, 0x66, 0x62, 0xf4, 0xe5, 0x01, 0x73, 0xf7, 0xd0, 0x19, 0x2a, 0x2d, 0xd9, 0x19, 0xb4, 0x4a, + 0x62, 0x97, 0xf0, 0x27, 0x07, 0x41, 0x75, 0x9c, 0xaa, 0x57, 0x59, 0x76, 0x0e, 0xed, 0x68, 0x2a, + 0x10, 0x49, 0xdb, 0x9d, 0xfc, 0x49, 0x2f, 0xa8, 0xef, 0x54, 0x71, 0x51, 0x17, 0xd8, 0x35, 0xf8, + 0x91, 0xcc, 0x29, 0x5d, 0xa5, 0x49, 0x4c, 0x92, 0x37, 0x6c, 0xbf, 0xff, 0xd3, 0xbf, 0xd7, 0xda, + 0xc8, 0x65, 0xd1, 0x10, 0x6e, 0x8f, 0x5d, 0x42, 0xff, 0xee, 0x83, 0xf2, 0x38, 0x9a, 0x3a, 0x54, + 0xf3, 0xe6, 0xb0, 0x31, 0xee, 0x8a, 0xff, 0xd4, 0x4d, 0xf0, 0x72, 0xb1, 0x4e, 0x69, 0x63, 0x16, + 0x41, 0x82, 0xbb, 0x70, 0x13, 0xeb, 0x4d, 0x9a, 0x60, 0x9e, 0x15, 0x5f, 0x50, 0x9b, 0x6d, 0xf8, + 0xf7, 0x1f, 0x59, 0xb4, 0x2c, 0xb9, 0xfa, 0x0e, 0x00, 0x00, 0xff, 0xff, 0x29, 0xae, 0x66, 0x30, + 0x3e, 0x02, 0x00, 0x00, } - -func (m *AutoConfigRequest) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *AutoConfigRequest) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *AutoConfigRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if m.XXX_unrecognized != nil { - i -= len(m.XXX_unrecognized) - copy(dAtA[i:], m.XXX_unrecognized) - } - if len(m.Partition) > 0 { - i -= len(m.Partition) - copy(dAtA[i:], m.Partition) - i = encodeVarintAutoConfig(dAtA, i, uint64(len(m.Partition))) - i-- - dAtA[i] = 0x42 - } - if len(m.CSR) > 0 { - i -= len(m.CSR) - copy(dAtA[i:], m.CSR) - i = encodeVarintAutoConfig(dAtA, i, uint64(len(m.CSR))) - i-- - dAtA[i] = 0x3a - } - if len(m.ConsulToken) > 0 { - i -= len(m.ConsulToken) - copy(dAtA[i:], m.ConsulToken) - i = encodeVarintAutoConfig(dAtA, i, uint64(len(m.ConsulToken))) - i-- - dAtA[i] = 0x32 - } - if len(m.JWT) > 0 { - i -= len(m.JWT) - copy(dAtA[i:], m.JWT) - i = encodeVarintAutoConfig(dAtA, i, uint64(len(m.JWT))) - i-- - dAtA[i] = 0x2a - } - if len(m.Segment) > 0 { - i -= len(m.Segment) - copy(dAtA[i:], m.Segment) - i = encodeVarintAutoConfig(dAtA, i, uint64(len(m.Segment))) - i-- - dAtA[i] = 0x22 - } - if len(m.Node) > 0 { - i -= len(m.Node) - copy(dAtA[i:], m.Node) - i = encodeVarintAutoConfig(dAtA, i, uint64(len(m.Node))) - i-- - dAtA[i] = 0x12 - } - if len(m.Datacenter) > 0 { - i -= len(m.Datacenter) - copy(dAtA[i:], m.Datacenter) - i = encodeVarintAutoConfig(dAtA, i, uint64(len(m.Datacenter))) - i-- - dAtA[i] = 0xa - } - return len(dAtA) - i, nil -} - -func (m *AutoConfigResponse) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *AutoConfigResponse) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *AutoConfigResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if m.XXX_unrecognized != nil { - i -= len(m.XXX_unrecognized) - copy(dAtA[i:], m.XXX_unrecognized) - } - if len(m.ExtraCACertificates) > 0 { - for iNdEx := len(m.ExtraCACertificates) - 1; iNdEx >= 0; iNdEx-- { - i -= len(m.ExtraCACertificates[iNdEx]) - copy(dAtA[i:], m.ExtraCACertificates[iNdEx]) - i = encodeVarintAutoConfig(dAtA, i, uint64(len(m.ExtraCACertificates[iNdEx]))) - i-- - dAtA[i] = 0x22 - } - } - if m.Certificate != nil { - { - size, err := m.Certificate.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintAutoConfig(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x1a - } - if m.CARoots != nil { - { - size, err := m.CARoots.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintAutoConfig(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x12 - } - if m.Config != nil { - { - size, err := m.Config.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintAutoConfig(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0xa - } - return len(dAtA) - i, nil -} - -func encodeVarintAutoConfig(dAtA []byte, offset int, v uint64) int { - offset -= sovAutoConfig(v) - base := offset - for v >= 1<<7 { - dAtA[offset] = uint8(v&0x7f | 0x80) - v >>= 7 - offset++ - } - dAtA[offset] = uint8(v) - return base -} -func (m *AutoConfigRequest) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.Datacenter) - if l > 0 { - n += 1 + l + sovAutoConfig(uint64(l)) - } - l = len(m.Node) - if l > 0 { - n += 1 + l + sovAutoConfig(uint64(l)) - } - l = len(m.Segment) - if l > 0 { - n += 1 + l + sovAutoConfig(uint64(l)) - } - l = len(m.JWT) - if l > 0 { - n += 1 + l + sovAutoConfig(uint64(l)) - } - l = len(m.ConsulToken) - if l > 0 { - n += 1 + l + sovAutoConfig(uint64(l)) - } - l = len(m.CSR) - if l > 0 { - n += 1 + l + sovAutoConfig(uint64(l)) - } - l = len(m.Partition) - if l > 0 { - n += 1 + l + sovAutoConfig(uint64(l)) - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - -func (m *AutoConfigResponse) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - if m.Config != nil { - l = m.Config.Size() - n += 1 + l + sovAutoConfig(uint64(l)) - } - if m.CARoots != nil { - l = m.CARoots.Size() - n += 1 + l + sovAutoConfig(uint64(l)) - } - if m.Certificate != nil { - l = m.Certificate.Size() - n += 1 + l + sovAutoConfig(uint64(l)) - } - if len(m.ExtraCACertificates) > 0 { - for _, s := range m.ExtraCACertificates { - l = len(s) - n += 1 + l + sovAutoConfig(uint64(l)) - } - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - -func sovAutoConfig(x uint64) (n int) { - return (math_bits.Len64(x|1) + 6) / 7 -} -func sozAutoConfig(x uint64) (n int) { - return sovAutoConfig(uint64((x << 1) ^ uint64((int64(x) >> 63)))) -} -func (m *AutoConfigRequest) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAutoConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: AutoConfigRequest: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: AutoConfigRequest: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Datacenter", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAutoConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthAutoConfig - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthAutoConfig - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Datacenter = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Node", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAutoConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthAutoConfig - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthAutoConfig - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Node = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 4: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Segment", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAutoConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthAutoConfig - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthAutoConfig - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Segment = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 5: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field JWT", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAutoConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthAutoConfig - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthAutoConfig - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.JWT = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 6: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ConsulToken", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAutoConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthAutoConfig - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthAutoConfig - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.ConsulToken = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 7: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field CSR", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAutoConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthAutoConfig - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthAutoConfig - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.CSR = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 8: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Partition", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAutoConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthAutoConfig - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthAutoConfig - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Partition = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipAutoConfig(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthAutoConfig - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *AutoConfigResponse) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAutoConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: AutoConfigResponse: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: AutoConfigResponse: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Config", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAutoConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthAutoConfig - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthAutoConfig - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.Config == nil { - m.Config = &pbconfig.Config{} - } - if err := m.Config.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field CARoots", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAutoConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthAutoConfig - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthAutoConfig - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.CARoots == nil { - m.CARoots = &pbconnect.CARoots{} - } - if err := m.CARoots.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Certificate", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAutoConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthAutoConfig - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthAutoConfig - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.Certificate == nil { - m.Certificate = &pbconnect.IssuedCert{} - } - if err := m.Certificate.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 4: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ExtraCACertificates", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAutoConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthAutoConfig - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthAutoConfig - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.ExtraCACertificates = append(m.ExtraCACertificates, string(dAtA[iNdEx:postIndex])) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipAutoConfig(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthAutoConfig - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func skipAutoConfig(dAtA []byte) (n int, err error) { - l := len(dAtA) - iNdEx := 0 - depth := 0 - for iNdEx < l { - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowAutoConfig - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - wireType := int(wire & 0x7) - switch wireType { - case 0: - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowAutoConfig - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - iNdEx++ - if dAtA[iNdEx-1] < 0x80 { - break - } - } - case 1: - iNdEx += 8 - case 2: - var length int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowAutoConfig - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - length |= (int(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - if length < 0 { - return 0, ErrInvalidLengthAutoConfig - } - iNdEx += length - case 3: - depth++ - case 4: - if depth == 0 { - return 0, ErrUnexpectedEndOfGroupAutoConfig - } - depth-- - case 5: - iNdEx += 4 - default: - return 0, fmt.Errorf("proto: illegal wireType %d", wireType) - } - if iNdEx < 0 { - return 0, ErrInvalidLengthAutoConfig - } - if depth == 0 { - return iNdEx, nil - } - } - return 0, io.ErrUnexpectedEOF -} - -var ( - ErrInvalidLengthAutoConfig = fmt.Errorf("proto: negative length found during unmarshaling") - ErrIntOverflowAutoConfig = fmt.Errorf("proto: integer overflow") - ErrUnexpectedEndOfGroupAutoConfig = fmt.Errorf("proto: unexpected end of group") -) diff --git a/proto/pbcommon/common.gen.go b/proto/pbcommon/common.gen.go index 14aa7128b..867e8089c 100644 --- a/proto/pbcommon/common.gen.go +++ b/proto/pbcommon/common.gen.go @@ -54,3 +54,17 @@ func QueryOptionsFromStructs(t *structs.QueryOptions, s *QueryOptions) { s.MustRevalidate = t.MustRevalidate s.Filter = t.Filter } +func RaftIndexToStructs(s *RaftIndex, t *structs.RaftIndex) { + if s == nil { + return + } + t.CreateIndex = s.CreateIndex + t.ModifyIndex = s.ModifyIndex +} +func RaftIndexFromStructs(t *structs.RaftIndex, s *RaftIndex) { + if s == nil { + return + } + s.CreateIndex = t.CreateIndex + s.ModifyIndex = t.ModifyIndex +} diff --git a/proto/pbcommon/common.pb.go b/proto/pbcommon/common.pb.go index 21f3b1dee..88a2d55b6 100644 --- a/proto/pbcommon/common.pb.go +++ b/proto/pbcommon/common.pb.go @@ -23,6 +23,13 @@ const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package // RaftIndex is used to track the index used while creating // or modifying a given struct type. +// +// mog annotation: +// +// target=github.com/hashicorp/consul/agent/structs.RaftIndex +// output=common.gen.go +// name=Structs +// ignore-fields=state,sizeCache,unknownFields type RaftIndex struct { // @gotags: bexpr:"-" CreateIndex uint64 `protobuf:"varint,1,opt,name=CreateIndex,proto3" json:"CreateIndex,omitempty" bexpr:"-"` diff --git a/proto/pbcommon/common.proto b/proto/pbcommon/common.proto index b38e77fda..19efd232b 100644 --- a/proto/pbcommon/common.proto +++ b/proto/pbcommon/common.proto @@ -9,6 +9,13 @@ import "google/protobuf/duration.proto"; // RaftIndex is used to track the index used while creating // or modifying a given struct type. +// +// mog annotation: +// +// target=github.com/hashicorp/consul/agent/structs.RaftIndex +// output=common.gen.go +// name=Structs +// ignore-fields=state,sizeCache,unknownFields message RaftIndex { // @gotags: bexpr:"-" uint64 CreateIndex = 1; diff --git a/proto/pbconfig/config.pb.go b/proto/pbconfig/config.pb.go index 5828b88ac..a3dfa4c81 100644 --- a/proto/pbconfig/config.pb.go +++ b/proto/pbconfig/config.pb.go @@ -1,4 +1,4 @@ -// Code generated by protoc-gen-gogo. DO NOT EDIT. +// Code generated by protoc-gen-go. DO NOT EDIT. // source: proto/pbconfig/config.proto package pbconfig @@ -6,9 +6,7 @@ package pbconfig import ( fmt "fmt" proto "github.com/golang/protobuf/proto" - io "io" math "math" - math_bits "math/bits" ) // Reference imports to suppress errors if they are not otherwise used. @@ -43,26 +41,18 @@ func (*Config) ProtoMessage() {} func (*Config) Descriptor() ([]byte, []int) { return fileDescriptor_aefa824db7b74d77, []int{0} } + func (m *Config) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) + return xxx_messageInfo_Config.Unmarshal(m, b) } func (m *Config) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_Config.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil - } + return xxx_messageInfo_Config.Marshal(b, m, deterministic) } func (m *Config) XXX_Merge(src proto.Message) { xxx_messageInfo_Config.Merge(m, src) } func (m *Config) XXX_Size() int { - return m.Size() + return xxx_messageInfo_Config.Size(m) } func (m *Config) XXX_DiscardUnknown() { xxx_messageInfo_Config.DiscardUnknown(m) @@ -147,26 +137,18 @@ func (*Gossip) ProtoMessage() {} func (*Gossip) Descriptor() ([]byte, []int) { return fileDescriptor_aefa824db7b74d77, []int{1} } + func (m *Gossip) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) + return xxx_messageInfo_Gossip.Unmarshal(m, b) } func (m *Gossip) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_Gossip.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil - } + return xxx_messageInfo_Gossip.Marshal(b, m, deterministic) } func (m *Gossip) XXX_Merge(src proto.Message) { xxx_messageInfo_Gossip.Merge(m, src) } func (m *Gossip) XXX_Size() int { - return m.Size() + return xxx_messageInfo_Gossip.Size(m) } func (m *Gossip) XXX_DiscardUnknown() { xxx_messageInfo_Gossip.DiscardUnknown(m) @@ -203,26 +185,18 @@ func (*GossipEncryption) ProtoMessage() {} func (*GossipEncryption) Descriptor() ([]byte, []int) { return fileDescriptor_aefa824db7b74d77, []int{2} } + func (m *GossipEncryption) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) + return xxx_messageInfo_GossipEncryption.Unmarshal(m, b) } func (m *GossipEncryption) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_GossipEncryption.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil - } + return xxx_messageInfo_GossipEncryption.Marshal(b, m, deterministic) } func (m *GossipEncryption) XXX_Merge(src proto.Message) { xxx_messageInfo_GossipEncryption.Merge(m, src) } func (m *GossipEncryption) XXX_Size() int { - return m.Size() + return xxx_messageInfo_GossipEncryption.Size(m) } func (m *GossipEncryption) XXX_DiscardUnknown() { xxx_messageInfo_GossipEncryption.DiscardUnknown(m) @@ -270,26 +244,18 @@ func (*TLS) ProtoMessage() {} func (*TLS) Descriptor() ([]byte, []int) { return fileDescriptor_aefa824db7b74d77, []int{3} } + func (m *TLS) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) + return xxx_messageInfo_TLS.Unmarshal(m, b) } func (m *TLS) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_TLS.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil - } + return xxx_messageInfo_TLS.Marshal(b, m, deterministic) } func (m *TLS) XXX_Merge(src proto.Message) { xxx_messageInfo_TLS.Merge(m, src) } func (m *TLS) XXX_Size() int { - return m.Size() + return xxx_messageInfo_TLS.Size(m) } func (m *TLS) XXX_DiscardUnknown() { xxx_messageInfo_TLS.DiscardUnknown(m) @@ -358,26 +324,18 @@ func (*ACL) ProtoMessage() {} func (*ACL) Descriptor() ([]byte, []int) { return fileDescriptor_aefa824db7b74d77, []int{4} } + func (m *ACL) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) + return xxx_messageInfo_ACL.Unmarshal(m, b) } func (m *ACL) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_ACL.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil - } + return xxx_messageInfo_ACL.Marshal(b, m, deterministic) } func (m *ACL) XXX_Merge(src proto.Message) { xxx_messageInfo_ACL.Merge(m, src) } func (m *ACL) XXX_Size() int { - return m.Size() + return xxx_messageInfo_ACL.Size(m) } func (m *ACL) XXX_DiscardUnknown() { xxx_messageInfo_ACL.DiscardUnknown(m) @@ -481,26 +439,18 @@ func (*ACLTokens) ProtoMessage() {} func (*ACLTokens) Descriptor() ([]byte, []int) { return fileDescriptor_aefa824db7b74d77, []int{5} } + func (m *ACLTokens) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) + return xxx_messageInfo_ACLTokens.Unmarshal(m, b) } func (m *ACLTokens) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_ACLTokens.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil - } + return xxx_messageInfo_ACLTokens.Marshal(b, m, deterministic) } func (m *ACLTokens) XXX_Merge(src proto.Message) { xxx_messageInfo_ACLTokens.Merge(m, src) } func (m *ACLTokens) XXX_Size() int { - return m.Size() + return xxx_messageInfo_ACLTokens.Size(m) } func (m *ACLTokens) XXX_DiscardUnknown() { xxx_messageInfo_ACLTokens.DiscardUnknown(m) @@ -564,26 +514,18 @@ func (*ACLServiceProviderToken) ProtoMessage() {} func (*ACLServiceProviderToken) Descriptor() ([]byte, []int) { return fileDescriptor_aefa824db7b74d77, []int{6} } + func (m *ACLServiceProviderToken) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) + return xxx_messageInfo_ACLServiceProviderToken.Unmarshal(m, b) } func (m *ACLServiceProviderToken) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_ACLServiceProviderToken.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil - } + return xxx_messageInfo_ACLServiceProviderToken.Marshal(b, m, deterministic) } func (m *ACLServiceProviderToken) XXX_Merge(src proto.Message) { xxx_messageInfo_ACLServiceProviderToken.Merge(m, src) } func (m *ACLServiceProviderToken) XXX_Size() int { - return m.Size() + return xxx_messageInfo_ACLServiceProviderToken.Size(m) } func (m *ACLServiceProviderToken) XXX_DiscardUnknown() { xxx_messageInfo_ACLServiceProviderToken.DiscardUnknown(m) @@ -621,26 +563,18 @@ func (*AutoEncrypt) ProtoMessage() {} func (*AutoEncrypt) Descriptor() ([]byte, []int) { return fileDescriptor_aefa824db7b74d77, []int{7} } + func (m *AutoEncrypt) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) + return xxx_messageInfo_AutoEncrypt.Unmarshal(m, b) } func (m *AutoEncrypt) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_AutoEncrypt.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil - } + return xxx_messageInfo_AutoEncrypt.Marshal(b, m, deterministic) } func (m *AutoEncrypt) XXX_Merge(src proto.Message) { xxx_messageInfo_AutoEncrypt.Merge(m, src) } func (m *AutoEncrypt) XXX_Size() int { - return m.Size() + return xxx_messageInfo_AutoEncrypt.Size(m) } func (m *AutoEncrypt) XXX_DiscardUnknown() { xxx_messageInfo_AutoEncrypt.DiscardUnknown(m) @@ -687,2655 +621,61 @@ func init() { proto.RegisterType((*AutoEncrypt)(nil), "config.AutoEncrypt") } -func init() { proto.RegisterFile("proto/pbconfig/config.proto", fileDescriptor_aefa824db7b74d77) } +func init() { + proto.RegisterFile("proto/pbconfig/config.proto", fileDescriptor_aefa824db7b74d77) +} var fileDescriptor_aefa824db7b74d77 = []byte{ - // 831 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x74, 0x55, 0xdd, 0x8e, 0xdb, 0x44, - 0x14, 0xc6, 0x71, 0xeb, 0xdd, 0x4c, 0xa0, 0x6a, 0xa7, 0x65, 0xb1, 0xf8, 0x09, 0x91, 0x41, 0xd5, - 0x82, 0xd0, 0x2e, 0x5a, 0x04, 0x02, 0x89, 0x9b, 0xec, 0xa6, 0x82, 0xd0, 0x6c, 0x88, 0xec, 0x50, - 0x24, 0x6e, 0x90, 0xe3, 0x9c, 0x24, 0x23, 0x9c, 0x19, 0x6b, 0x3c, 0xd9, 0xca, 0xaf, 0xc0, 0x13, - 0xf0, 0x2e, 0xbc, 0x00, 0x77, 0xf0, 0x08, 0x68, 0x79, 0x0b, 0xae, 0xaa, 0x33, 0x33, 0xfe, 0xdb, - 0x26, 0x57, 0xc9, 0xf9, 0xbe, 0x6f, 0xce, 0x9c, 0x33, 0xe7, 0xc7, 0xe4, 0xbd, 0x4c, 0x0a, 0x25, - 0xce, 0xb3, 0x45, 0x22, 0xf8, 0x8a, 0xad, 0xcf, 0xcd, 0xcf, 0x99, 0x46, 0xa9, 0x67, 0xac, 0xe0, - 0xef, 0x0e, 0xf1, 0xae, 0xf4, 0x5f, 0xda, 0x27, 0x64, 0x14, 0xab, 0x38, 0x01, 0xae, 0x40, 0xfa, - 0xce, 0xc0, 0x39, 0xed, 0x86, 0x0d, 0x84, 0x7e, 0x46, 0x1e, 0xcd, 0x24, 0xdb, 0xc6, 0xb2, 0x68, - 0xc8, 0x3a, 0x5a, 0xf6, 0x3a, 0x41, 0xdf, 0x25, 0xc7, 0x53, 0xb1, 0x84, 0x69, 0xbc, 0x05, 0xdf, - 0xd5, 0xa2, 0xca, 0xa6, 0x03, 0xd2, 0x8b, 0x60, 0xbd, 0x05, 0xae, 0x34, 0x7d, 0x4f, 0xd3, 0x4d, - 0x88, 0xbe, 0x4f, 0xba, 0xb3, 0x58, 0x2a, 0xa6, 0x98, 0xe0, 0x7e, 0x57, 0xf3, 0x35, 0x40, 0x3f, - 0x20, 0xee, 0xf0, 0x6a, 0xe2, 0xdf, 0x1f, 0x38, 0xa7, 0xbd, 0x8b, 0xde, 0x99, 0x4d, 0x6c, 0x78, - 0x35, 0x09, 0x11, 0xa7, 0x5f, 0x92, 0xde, 0x70, 0xa7, 0xc4, 0x33, 0x9e, 0xc8, 0x22, 0x53, 0xbe, - 0xa7, 0x65, 0x8f, 0x2b, 0x59, 0x4d, 0x85, 0x4d, 0x1d, 0x7d, 0x4a, 0xbc, 0xef, 0x44, 0x9e, 0xb3, - 0xcc, 0x3f, 0xd2, 0x27, 0x1e, 0x94, 0x27, 0x0c, 0x1a, 0x5a, 0x16, 0x6f, 0x9f, 0x4f, 0x22, 0xff, - 0xb8, 0x7d, 0xfb, 0x7c, 0x12, 0x85, 0x88, 0x07, 0xab, 0xd2, 0x0d, 0xfd, 0x9a, 0x10, 0xeb, 0x1b, - 0xb3, 0x70, 0xb4, 0xde, 0x6f, 0x3b, 0xad, 0xf9, 0xb0, 0xa1, 0xa5, 0x01, 0x79, 0x33, 0x04, 0x25, - 0x8b, 0x1f, 0x04, 0xe3, 0x93, 0xe1, 0xd4, 0xef, 0x0c, 0xdc, 0xd3, 0x6e, 0xd8, 0xc2, 0x02, 0x45, - 0x1e, 0xde, 0xf5, 0x41, 0x1f, 0x12, 0xf7, 0x39, 0x14, 0xb6, 0x76, 0xf8, 0x97, 0x3e, 0x25, 0x0f, - 0x5e, 0x80, 0x64, 0xab, 0x62, 0xcc, 0x13, 0xb1, 0x65, 0x7c, 0xad, 0x2b, 0x76, 0x1c, 0xde, 0x41, - 0x6b, 0xdd, 0x8f, 0x3b, 0xb5, 0x16, 0xa8, 0x73, 0x9b, 0xba, 0x12, 0x0d, 0xfe, 0x77, 0x74, 0xf6, - 0x7b, 0xf4, 0xce, 0x3e, 0x3d, 0xbd, 0x20, 0x4f, 0x0c, 0x12, 0x81, 0xbc, 0x01, 0xf9, 0xbd, 0xc8, - 0x15, 0xc7, 0x9a, 0x9b, 0x28, 0xf6, 0x72, 0x98, 0xfd, 0x15, 0xcb, 0x36, 0x20, 0xa3, 0x1d, 0x53, - 0x90, 0xdb, 0xf6, 0x69, 0x61, 0xd8, 0xac, 0xd7, 0x8c, 0xbf, 0x00, 0x99, 0xe3, 0xdb, 0x9a, 0x0e, - 0x6a, 0x20, 0x34, 0x22, 0x1f, 0x8d, 0x20, 0x93, 0x90, 0xc4, 0x0a, 0x96, 0xbf, 0xce, 0x24, 0xac, - 0x40, 0x9a, 0x6b, 0x5a, 0xae, 0xb1, 0x85, 0x8e, 0x2f, 0x3b, 0xbe, 0x13, 0x06, 0xb5, 0xfc, 0x90, - 0x3a, 0xf8, 0xd3, 0xd5, 0x8d, 0x47, 0x7d, 0x72, 0xf4, 0x8c, 0xc7, 0x8b, 0x14, 0x96, 0x36, 0xeb, - 0xd2, 0xd4, 0x7d, 0x2b, 0x52, 0x96, 0x14, 0xf3, 0xf9, 0xc4, 0xce, 0x46, 0x0d, 0xe0, 0xb9, 0x50, - 0xa4, 0x80, 0x9c, 0xc9, 0xa9, 0x34, 0x71, 0x5a, 0xe6, 0xe2, 0x37, 0xe0, 0x48, 0x99, 0x64, 0x2a, - 0x5b, 0xcf, 0xa5, 0x78, 0xc9, 0x8d, 0x1b, 0x1d, 0x31, 0xce, 0x65, 0x85, 0xd0, 0x8f, 0xc9, 0x5b, - 0x23, 0x58, 0xc5, 0xbb, 0x54, 0x59, 0x89, 0xa7, 0x25, 0x6d, 0x90, 0x7e, 0x4e, 0x1e, 0x9b, 0x20, - 0x9f, 0x43, 0x31, 0x61, 0x79, 0xa9, 0x3d, 0xd2, 0xf1, 0xef, 0xa3, 0xe8, 0x27, 0xc4, 0xd3, 0x31, - 0xe4, 0xb6, 0xd5, 0x1f, 0x35, 0x06, 0xcd, 0x10, 0xa1, 0x15, 0xd0, 0x6f, 0xc8, 0x49, 0xe3, 0xb5, - 0x47, 0x2c, 0xd7, 0xaf, 0x81, 0xc9, 0xe8, 0xd9, 0xd5, 0x0f, 0xfc, 0x76, 0xad, 0x68, 0x08, 0xe8, - 0x57, 0xe4, 0xc4, 0x5c, 0xae, 0x5d, 0xcd, 0xb0, 0x7c, 0xb9, 0x02, 0x9e, 0x80, 0x4f, 0x74, 0x68, - 0x07, 0x58, 0xcc, 0xe7, 0x3a, 0x9a, 0x59, 0x4f, 0x97, 0x42, 0xa8, 0x5c, 0xc9, 0x38, 0xf3, 0x7b, - 0x26, 0x9f, 0x3d, 0x54, 0xf0, 0x7b, 0x87, 0x74, 0xab, 0xd0, 0x71, 0x9b, 0x8d, 0x39, 0x53, 0x2c, - 0x4e, 0xaf, 0x63, 0x1e, 0xaf, 0x01, 0x57, 0x8f, 0x1d, 0x9c, 0xd7, 0x09, 0xdc, 0x58, 0x21, 0x64, - 0x29, 0x4b, 0x62, 0x3d, 0xcb, 0xa6, 0xb2, 0x4d, 0x08, 0xab, 0x30, 0x5c, 0x03, 0x57, 0x21, 0x24, - 0xe2, 0x06, 0x64, 0x61, 0x2b, 0xdc, 0x06, 0xb1, 0x03, 0x6c, 0x59, 0x6c, 0x99, 0x4b, 0x93, 0x3e, - 0x21, 0xf7, 0xb5, 0xd4, 0x16, 0xd8, 0x18, 0xf4, 0x67, 0x72, 0x62, 0xa2, 0x58, 0x62, 0x3b, 0xb2, - 0x04, 0x66, 0x52, 0xdc, 0xb0, 0x25, 0x48, 0xdf, 0x1b, 0xb8, 0xa7, 0xbd, 0x8b, 0x0f, 0x1b, 0x35, - 0xb9, 0xa3, 0xd0, 0x79, 0x86, 0x07, 0x8e, 0x07, 0x3f, 0x91, 0x77, 0x0e, 0x1c, 0xc1, 0x7e, 0x1b, - 0x26, 0x09, 0xe4, 0xb9, 0x90, 0xe3, 0x51, 0xf9, 0x1d, 0xa8, 0x11, 0xec, 0xd5, 0x08, 0x12, 0x09, - 0x6a, 0x3c, 0xb2, 0x0f, 0x51, 0xd9, 0x01, 0x6b, 0xad, 0x5e, 0xdc, 0x47, 0xb8, 0x2a, 0xcd, 0x90, - 0xe8, 0xbd, 0x71, 0x42, 0xbc, 0xd1, 0x34, 0x8a, 0xaa, 0x9d, 0x66, 0x2d, 0x4c, 0x7f, 0x3c, 0x43, - 0xd8, 0xd5, 0xb0, 0x31, 0xf0, 0xaa, 0x61, 0x9a, 0x8a, 0x97, 0xe8, 0xe4, 0x9e, 0x76, 0x52, 0xd9, - 0x97, 0xdf, 0xfe, 0x75, 0xdb, 0x77, 0xfe, 0xb9, 0xed, 0x3b, 0xff, 0xde, 0xf6, 0x9d, 0x3f, 0xfe, - 0xeb, 0xbf, 0xf1, 0xcb, 0xa7, 0x6b, 0xa6, 0x36, 0xbb, 0xc5, 0x59, 0x22, 0xb6, 0xe7, 0x9b, 0x38, - 0xdf, 0xb0, 0x44, 0xc8, 0x0c, 0x3f, 0x7b, 0xf9, 0x2e, 0x3d, 0x6f, 0x7f, 0x0c, 0x17, 0x9e, 0xb6, - 0xbf, 0x78, 0x15, 0x00, 0x00, 0xff, 0xff, 0x4f, 0xaf, 0xda, 0x68, 0x25, 0x07, 0x00, 0x00, + // 805 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x74, 0x55, 0xdd, 0x8e, 0x22, 0x45, + 0x14, 0x0e, 0xf4, 0x6e, 0x0f, 0x14, 0xba, 0xd9, 0xad, 0x5d, 0xb1, 0xe3, 0x2f, 0x69, 0xcd, 0x06, + 0xcd, 0x66, 0x30, 0x63, 0x34, 0x7a, 0xc9, 0xc0, 0x46, 0x71, 0x19, 0x24, 0xdd, 0x38, 0x26, 0xde, + 0x98, 0xa6, 0x39, 0x40, 0xc5, 0xa6, 0xaa, 0x53, 0x5d, 0xcc, 0xa4, 0x5f, 0xc1, 0x57, 0xf2, 0x21, + 0x7c, 0x1f, 0xaf, 0xcc, 0xa9, 0xaa, 0xfe, 0x9b, 0x81, 0x2b, 0x38, 0xdf, 0xf7, 0xd5, 0xa9, 0x73, + 0xea, 0xfc, 0x34, 0xf9, 0x38, 0x95, 0x42, 0x89, 0x51, 0xba, 0x8e, 0x05, 0xdf, 0xb2, 0xdd, 0xc8, + 0xfc, 0x5c, 0x6a, 0x94, 0xba, 0xc6, 0xf2, 0xff, 0x6d, 0x13, 0x77, 0xa2, 0xff, 0xd2, 0xcf, 0x08, + 0x99, 0x46, 0x2a, 0x8a, 0x81, 0x2b, 0x90, 0x5e, 0x6b, 0xd0, 0x1a, 0x76, 0x83, 0x1a, 0x42, 0xdf, + 0x90, 0x17, 0x4b, 0xc9, 0x0e, 0x91, 0xcc, 0x6b, 0xb2, 0xb6, 0x96, 0x3d, 0x26, 0xe8, 0x47, 0xa4, + 0xb3, 0x10, 0x1b, 0x58, 0x44, 0x07, 0xf0, 0x1c, 0x2d, 0x2a, 0x6d, 0x3a, 0x20, 0xbd, 0x10, 0x76, + 0x07, 0xe0, 0x4a, 0xd3, 0x4f, 0x34, 0x5d, 0x87, 0xe8, 0x27, 0xa4, 0xbb, 0x8c, 0xa4, 0x62, 0x8a, + 0x09, 0xee, 0x75, 0x35, 0x5f, 0x01, 0xf4, 0x53, 0xe2, 0x8c, 0x27, 0x73, 0xef, 0xe9, 0xa0, 0x35, + 0xec, 0x5d, 0xf5, 0x2e, 0x6d, 0x62, 0xe3, 0xc9, 0x3c, 0x40, 0x9c, 0x7e, 0x47, 0x7a, 0xe3, 0xa3, + 0x12, 0x6f, 0x79, 0x2c, 0xf3, 0x54, 0x79, 0xae, 0x96, 0xbd, 0x2c, 0x65, 0x15, 0x15, 0xd4, 0x75, + 0xf4, 0x35, 0x71, 0x7f, 0x12, 0x59, 0xc6, 0x52, 0xef, 0x42, 0x9f, 0x78, 0x56, 0x9c, 0x30, 0x68, + 0x60, 0x59, 0xbc, 0x7d, 0x35, 0x0f, 0xbd, 0x4e, 0xf3, 0xf6, 0xd5, 0x3c, 0x0c, 0x10, 0xf7, 0xb7, + 0x85, 0x1b, 0xfa, 0x03, 0x21, 0xd6, 0x37, 0x66, 0xd1, 0xd2, 0x7a, 0xaf, 0xe9, 0xb4, 0xe2, 0x83, + 0x9a, 0x96, 0xfa, 0xe4, 0xbd, 0x00, 0x94, 0xcc, 0x7f, 0x11, 0x8c, 0xcf, 0xc7, 0x0b, 0xaf, 0x3d, + 0x70, 0x86, 0xdd, 0xa0, 0x81, 0xf9, 0x8a, 0x3c, 0x7f, 0xe8, 0x83, 0x3e, 0x27, 0xce, 0x3b, 0xc8, + 0x6d, 0xed, 0xf0, 0x2f, 0x7d, 0x4d, 0x9e, 0xdd, 0x82, 0x64, 0xdb, 0x7c, 0xc6, 0x63, 0x71, 0x60, + 0x7c, 0xa7, 0x2b, 0xd6, 0x09, 0x1e, 0xa0, 0x95, 0xee, 0xd7, 0xa3, 0xda, 0x09, 0xd4, 0x39, 0x75, + 0x5d, 0x81, 0xfa, 0xff, 0xb5, 0x74, 0xf6, 0x27, 0xf4, 0xad, 0x53, 0x7a, 0x7a, 0x45, 0x5e, 0x19, + 0x24, 0x04, 0x79, 0x07, 0xf2, 0x67, 0x91, 0x29, 0x8e, 0x35, 0x37, 0x51, 0x9c, 0xe4, 0x30, 0xfb, + 0x09, 0x4b, 0xf7, 0x20, 0xc3, 0x23, 0x53, 0x90, 0xd9, 0xf6, 0x69, 0x60, 0xd8, 0xac, 0x37, 0x8c, + 0xdf, 0x82, 0xcc, 0xf0, 0x6d, 0x4d, 0x07, 0xd5, 0x10, 0x1a, 0x92, 0x2f, 0xa6, 0x90, 0x4a, 0x88, + 0x23, 0x05, 0x9b, 0x3f, 0x97, 0x12, 0xb6, 0x20, 0xcd, 0x35, 0x0d, 0xd7, 0xd8, 0x42, 0x9d, 0xeb, + 0xb6, 0xd7, 0x0a, 0xfc, 0x4a, 0x7e, 0x4e, 0xed, 0xff, 0xe3, 0xe8, 0xc6, 0xa3, 0x1e, 0xb9, 0x78, + 0xcb, 0xa3, 0x75, 0x02, 0x1b, 0x9b, 0x75, 0x61, 0xea, 0xbe, 0x15, 0x09, 0x8b, 0xf3, 0xd5, 0x6a, + 0x6e, 0x67, 0xa3, 0x02, 0xf0, 0x5c, 0x20, 0x12, 0x40, 0xce, 0xe4, 0x54, 0x98, 0x38, 0x2d, 0x2b, + 0xf1, 0x17, 0x70, 0xa4, 0x4c, 0x32, 0xa5, 0xad, 0xe7, 0x52, 0xdc, 0x73, 0xe3, 0x46, 0x47, 0x8c, + 0x73, 0x59, 0x22, 0xf4, 0x4b, 0xf2, 0xfe, 0x14, 0xb6, 0xd1, 0x31, 0x51, 0x56, 0xe2, 0x6a, 0x49, + 0x13, 0xa4, 0xdf, 0x90, 0x97, 0x26, 0xc8, 0x77, 0x90, 0xcf, 0x59, 0x56, 0x68, 0x2f, 0x74, 0xfc, + 0xa7, 0x28, 0xfa, 0x15, 0x71, 0x75, 0x0c, 0x99, 0x6d, 0xf5, 0x17, 0xb5, 0x41, 0x33, 0x44, 0x60, + 0x05, 0xf4, 0x47, 0xd2, 0xaf, 0xbd, 0xf6, 0x94, 0x65, 0xfa, 0x35, 0x30, 0x19, 0x3d, 0xbb, 0xfa, + 0x81, 0x3f, 0xa8, 0x14, 0x35, 0x01, 0xfd, 0x9e, 0xf4, 0xcd, 0xe5, 0xda, 0xd5, 0x12, 0xcb, 0x97, + 0x29, 0xe0, 0x31, 0x78, 0x44, 0x87, 0x76, 0x86, 0xc5, 0x7c, 0x6e, 0xc2, 0xa5, 0xf5, 0x74, 0x2d, + 0x84, 0xca, 0x94, 0x8c, 0x52, 0xaf, 0x67, 0xf2, 0x39, 0x41, 0xf9, 0x7f, 0xb7, 0x49, 0xb7, 0x0c, + 0x1d, 0xb7, 0xd9, 0x8c, 0x33, 0xc5, 0xa2, 0xe4, 0x26, 0xe2, 0xd1, 0x0e, 0x70, 0xf5, 0xd8, 0xc1, + 0x79, 0x4c, 0xe0, 0xc6, 0x0a, 0x20, 0x4d, 0x58, 0x1c, 0xe9, 0x59, 0x36, 0x95, 0xad, 0x43, 0x58, + 0x85, 0xf1, 0x0e, 0xb8, 0x0a, 0x20, 0x16, 0x77, 0x20, 0x73, 0x5b, 0xe1, 0x26, 0x88, 0x1d, 0x60, + 0xcb, 0x62, 0xcb, 0x5c, 0x98, 0xf4, 0x15, 0x79, 0xaa, 0xa5, 0xb6, 0xc0, 0xc6, 0xa0, 0xbf, 0x93, + 0xbe, 0x89, 0x62, 0x83, 0xed, 0xc8, 0x62, 0x58, 0x4a, 0x71, 0xc7, 0x36, 0x20, 0x3d, 0x77, 0xe0, + 0x0c, 0x7b, 0x57, 0x9f, 0xd7, 0x6a, 0xf2, 0x40, 0xa1, 0xf3, 0x0c, 0xce, 0x1c, 0xf7, 0x7f, 0x23, + 0x1f, 0x9e, 0x39, 0x82, 0xfd, 0x36, 0x8e, 0x63, 0xc8, 0x32, 0x21, 0x67, 0xd3, 0xe2, 0x3b, 0x50, + 0x21, 0xd8, 0xab, 0x21, 0xc4, 0x12, 0xd4, 0x6c, 0x6a, 0x1f, 0xa2, 0xb4, 0x7d, 0xd6, 0x58, 0xbd, + 0xb8, 0x8f, 0x70, 0x55, 0x9a, 0x21, 0xd1, 0x7b, 0xa3, 0x4f, 0xdc, 0xe9, 0x22, 0x0c, 0xcb, 0x9d, + 0x66, 0x2d, 0x4c, 0x7f, 0xb6, 0x44, 0xd8, 0xd1, 0xb0, 0x31, 0xf0, 0xaa, 0x71, 0x92, 0x88, 0x7b, + 0x74, 0xf2, 0x44, 0x3b, 0x29, 0xed, 0xeb, 0x37, 0x7f, 0x7c, 0xbd, 0x63, 0x6a, 0x7f, 0x5c, 0x5f, + 0xc6, 0xe2, 0x30, 0xda, 0x47, 0xd9, 0x9e, 0xc5, 0x42, 0xa6, 0xf8, 0x99, 0xcb, 0x8e, 0xc9, 0xa8, + 0xf9, 0xf1, 0x5b, 0xbb, 0xda, 0xfe, 0xf6, 0xff, 0x00, 0x00, 0x00, 0xff, 0xff, 0xa0, 0x97, 0xb9, + 0xb8, 0x15, 0x07, 0x00, 0x00, } - -func (m *Config) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *Config) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *Config) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if m.XXX_unrecognized != nil { - i -= len(m.XXX_unrecognized) - copy(dAtA[i:], m.XXX_unrecognized) - } - if len(m.Partition) > 0 { - i -= len(m.Partition) - copy(dAtA[i:], m.Partition) - i = encodeVarintConfig(dAtA, i, uint64(len(m.Partition))) - i-- - dAtA[i] = 0x4a - } - if m.TLS != nil { - { - size, err := m.TLS.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintConfig(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x42 - } - if m.Gossip != nil { - { - size, err := m.Gossip.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintConfig(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x3a - } - if m.AutoEncrypt != nil { - { - size, err := m.AutoEncrypt.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintConfig(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x32 - } - if m.ACL != nil { - { - size, err := m.ACL.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintConfig(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x2a - } - if len(m.SegmentName) > 0 { - i -= len(m.SegmentName) - copy(dAtA[i:], m.SegmentName) - i = encodeVarintConfig(dAtA, i, uint64(len(m.SegmentName))) - i-- - dAtA[i] = 0x22 - } - if len(m.NodeName) > 0 { - i -= len(m.NodeName) - copy(dAtA[i:], m.NodeName) - i = encodeVarintConfig(dAtA, i, uint64(len(m.NodeName))) - i-- - dAtA[i] = 0x1a - } - if len(m.PrimaryDatacenter) > 0 { - i -= len(m.PrimaryDatacenter) - copy(dAtA[i:], m.PrimaryDatacenter) - i = encodeVarintConfig(dAtA, i, uint64(len(m.PrimaryDatacenter))) - i-- - dAtA[i] = 0x12 - } - if len(m.Datacenter) > 0 { - i -= len(m.Datacenter) - copy(dAtA[i:], m.Datacenter) - i = encodeVarintConfig(dAtA, i, uint64(len(m.Datacenter))) - i-- - dAtA[i] = 0xa - } - return len(dAtA) - i, nil -} - -func (m *Gossip) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *Gossip) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *Gossip) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if m.XXX_unrecognized != nil { - i -= len(m.XXX_unrecognized) - copy(dAtA[i:], m.XXX_unrecognized) - } - if len(m.RetryJoinLAN) > 0 { - for iNdEx := len(m.RetryJoinLAN) - 1; iNdEx >= 0; iNdEx-- { - i -= len(m.RetryJoinLAN[iNdEx]) - copy(dAtA[i:], m.RetryJoinLAN[iNdEx]) - i = encodeVarintConfig(dAtA, i, uint64(len(m.RetryJoinLAN[iNdEx]))) - i-- - dAtA[i] = 0x12 - } - } - if m.Encryption != nil { - { - size, err := m.Encryption.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintConfig(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0xa - } - return len(dAtA) - i, nil -} - -func (m *GossipEncryption) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *GossipEncryption) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *GossipEncryption) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if m.XXX_unrecognized != nil { - i -= len(m.XXX_unrecognized) - copy(dAtA[i:], m.XXX_unrecognized) - } - if m.VerifyOutgoing { - i-- - if m.VerifyOutgoing { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x18 - } - if m.VerifyIncoming { - i-- - if m.VerifyIncoming { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x10 - } - if len(m.Key) > 0 { - i -= len(m.Key) - copy(dAtA[i:], m.Key) - i = encodeVarintConfig(dAtA, i, uint64(len(m.Key))) - i-- - dAtA[i] = 0xa - } - return len(dAtA) - i, nil -} - -func (m *TLS) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *TLS) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *TLS) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if m.XXX_unrecognized != nil { - i -= len(m.XXX_unrecognized) - copy(dAtA[i:], m.XXX_unrecognized) - } - if m.Deprecated_PreferServerCipherSuites { - i-- - if m.Deprecated_PreferServerCipherSuites { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x28 - } - if len(m.MinVersion) > 0 { - i -= len(m.MinVersion) - copy(dAtA[i:], m.MinVersion) - i = encodeVarintConfig(dAtA, i, uint64(len(m.MinVersion))) - i-- - dAtA[i] = 0x22 - } - if len(m.CipherSuites) > 0 { - i -= len(m.CipherSuites) - copy(dAtA[i:], m.CipherSuites) - i = encodeVarintConfig(dAtA, i, uint64(len(m.CipherSuites))) - i-- - dAtA[i] = 0x1a - } - if m.VerifyServerHostname { - i-- - if m.VerifyServerHostname { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x10 - } - if m.VerifyOutgoing { - i-- - if m.VerifyOutgoing { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x8 - } - return len(dAtA) - i, nil -} - -func (m *ACL) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *ACL) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *ACL) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if m.XXX_unrecognized != nil { - i -= len(m.XXX_unrecognized) - copy(dAtA[i:], m.XXX_unrecognized) - } - if m.MSPDisableBootstrap { - i-- - if m.MSPDisableBootstrap { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x58 - } - if m.EnableTokenPersistence { - i-- - if m.EnableTokenPersistence { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x50 - } - if len(m.Deprecated_DisabledTTL) > 0 { - i -= len(m.Deprecated_DisabledTTL) - copy(dAtA[i:], m.Deprecated_DisabledTTL) - i = encodeVarintConfig(dAtA, i, uint64(len(m.Deprecated_DisabledTTL))) - i-- - dAtA[i] = 0x4a - } - if m.Tokens != nil { - { - size, err := m.Tokens.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintConfig(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x42 - } - if m.EnableKeyListPolicy { - i-- - if m.EnableKeyListPolicy { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x38 - } - if len(m.DefaultPolicy) > 0 { - i -= len(m.DefaultPolicy) - copy(dAtA[i:], m.DefaultPolicy) - i = encodeVarintConfig(dAtA, i, uint64(len(m.DefaultPolicy))) - i-- - dAtA[i] = 0x32 - } - if len(m.DownPolicy) > 0 { - i -= len(m.DownPolicy) - copy(dAtA[i:], m.DownPolicy) - i = encodeVarintConfig(dAtA, i, uint64(len(m.DownPolicy))) - i-- - dAtA[i] = 0x2a - } - if len(m.TokenTTL) > 0 { - i -= len(m.TokenTTL) - copy(dAtA[i:], m.TokenTTL) - i = encodeVarintConfig(dAtA, i, uint64(len(m.TokenTTL))) - i-- - dAtA[i] = 0x22 - } - if len(m.RoleTTL) > 0 { - i -= len(m.RoleTTL) - copy(dAtA[i:], m.RoleTTL) - i = encodeVarintConfig(dAtA, i, uint64(len(m.RoleTTL))) - i-- - dAtA[i] = 0x1a - } - if len(m.PolicyTTL) > 0 { - i -= len(m.PolicyTTL) - copy(dAtA[i:], m.PolicyTTL) - i = encodeVarintConfig(dAtA, i, uint64(len(m.PolicyTTL))) - i-- - dAtA[i] = 0x12 - } - if m.Enabled { - i-- - if m.Enabled { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x8 - } - return len(dAtA) - i, nil -} - -func (m *ACLTokens) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *ACLTokens) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *ACLTokens) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if m.XXX_unrecognized != nil { - i -= len(m.XXX_unrecognized) - copy(dAtA[i:], m.XXX_unrecognized) - } - if len(m.ManagedServiceProvider) > 0 { - for iNdEx := len(m.ManagedServiceProvider) - 1; iNdEx >= 0; iNdEx-- { - { - size, err := m.ManagedServiceProvider[iNdEx].MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintConfig(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x32 - } - } - if len(m.Agent) > 0 { - i -= len(m.Agent) - copy(dAtA[i:], m.Agent) - i = encodeVarintConfig(dAtA, i, uint64(len(m.Agent))) - i-- - dAtA[i] = 0x2a - } - if len(m.Default) > 0 { - i -= len(m.Default) - copy(dAtA[i:], m.Default) - i = encodeVarintConfig(dAtA, i, uint64(len(m.Default))) - i-- - dAtA[i] = 0x22 - } - if len(m.AgentRecovery) > 0 { - i -= len(m.AgentRecovery) - copy(dAtA[i:], m.AgentRecovery) - i = encodeVarintConfig(dAtA, i, uint64(len(m.AgentRecovery))) - i-- - dAtA[i] = 0x1a - } - if len(m.Replication) > 0 { - i -= len(m.Replication) - copy(dAtA[i:], m.Replication) - i = encodeVarintConfig(dAtA, i, uint64(len(m.Replication))) - i-- - dAtA[i] = 0x12 - } - if len(m.InitialManagement) > 0 { - i -= len(m.InitialManagement) - copy(dAtA[i:], m.InitialManagement) - i = encodeVarintConfig(dAtA, i, uint64(len(m.InitialManagement))) - i-- - dAtA[i] = 0xa - } - return len(dAtA) - i, nil -} - -func (m *ACLServiceProviderToken) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *ACLServiceProviderToken) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *ACLServiceProviderToken) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if m.XXX_unrecognized != nil { - i -= len(m.XXX_unrecognized) - copy(dAtA[i:], m.XXX_unrecognized) - } - if len(m.SecretID) > 0 { - i -= len(m.SecretID) - copy(dAtA[i:], m.SecretID) - i = encodeVarintConfig(dAtA, i, uint64(len(m.SecretID))) - i-- - dAtA[i] = 0x12 - } - if len(m.AccessorID) > 0 { - i -= len(m.AccessorID) - copy(dAtA[i:], m.AccessorID) - i = encodeVarintConfig(dAtA, i, uint64(len(m.AccessorID))) - i-- - dAtA[i] = 0xa - } - return len(dAtA) - i, nil -} - -func (m *AutoEncrypt) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *AutoEncrypt) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *AutoEncrypt) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if m.XXX_unrecognized != nil { - i -= len(m.XXX_unrecognized) - copy(dAtA[i:], m.XXX_unrecognized) - } - if m.AllowTLS { - i-- - if m.AllowTLS { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x20 - } - if len(m.IPSAN) > 0 { - for iNdEx := len(m.IPSAN) - 1; iNdEx >= 0; iNdEx-- { - i -= len(m.IPSAN[iNdEx]) - copy(dAtA[i:], m.IPSAN[iNdEx]) - i = encodeVarintConfig(dAtA, i, uint64(len(m.IPSAN[iNdEx]))) - i-- - dAtA[i] = 0x1a - } - } - if len(m.DNSSAN) > 0 { - for iNdEx := len(m.DNSSAN) - 1; iNdEx >= 0; iNdEx-- { - i -= len(m.DNSSAN[iNdEx]) - copy(dAtA[i:], m.DNSSAN[iNdEx]) - i = encodeVarintConfig(dAtA, i, uint64(len(m.DNSSAN[iNdEx]))) - i-- - dAtA[i] = 0x12 - } - } - if m.TLS { - i-- - if m.TLS { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x8 - } - return len(dAtA) - i, nil -} - -func encodeVarintConfig(dAtA []byte, offset int, v uint64) int { - offset -= sovConfig(v) - base := offset - for v >= 1<<7 { - dAtA[offset] = uint8(v&0x7f | 0x80) - v >>= 7 - offset++ - } - dAtA[offset] = uint8(v) - return base -} -func (m *Config) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.Datacenter) - if l > 0 { - n += 1 + l + sovConfig(uint64(l)) - } - l = len(m.PrimaryDatacenter) - if l > 0 { - n += 1 + l + sovConfig(uint64(l)) - } - l = len(m.NodeName) - if l > 0 { - n += 1 + l + sovConfig(uint64(l)) - } - l = len(m.SegmentName) - if l > 0 { - n += 1 + l + sovConfig(uint64(l)) - } - if m.ACL != nil { - l = m.ACL.Size() - n += 1 + l + sovConfig(uint64(l)) - } - if m.AutoEncrypt != nil { - l = m.AutoEncrypt.Size() - n += 1 + l + sovConfig(uint64(l)) - } - if m.Gossip != nil { - l = m.Gossip.Size() - n += 1 + l + sovConfig(uint64(l)) - } - if m.TLS != nil { - l = m.TLS.Size() - n += 1 + l + sovConfig(uint64(l)) - } - l = len(m.Partition) - if l > 0 { - n += 1 + l + sovConfig(uint64(l)) - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - -func (m *Gossip) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - if m.Encryption != nil { - l = m.Encryption.Size() - n += 1 + l + sovConfig(uint64(l)) - } - if len(m.RetryJoinLAN) > 0 { - for _, s := range m.RetryJoinLAN { - l = len(s) - n += 1 + l + sovConfig(uint64(l)) - } - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - -func (m *GossipEncryption) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.Key) - if l > 0 { - n += 1 + l + sovConfig(uint64(l)) - } - if m.VerifyIncoming { - n += 2 - } - if m.VerifyOutgoing { - n += 2 - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - -func (m *TLS) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - if m.VerifyOutgoing { - n += 2 - } - if m.VerifyServerHostname { - n += 2 - } - l = len(m.CipherSuites) - if l > 0 { - n += 1 + l + sovConfig(uint64(l)) - } - l = len(m.MinVersion) - if l > 0 { - n += 1 + l + sovConfig(uint64(l)) - } - if m.Deprecated_PreferServerCipherSuites { - n += 2 - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - -func (m *ACL) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - if m.Enabled { - n += 2 - } - l = len(m.PolicyTTL) - if l > 0 { - n += 1 + l + sovConfig(uint64(l)) - } - l = len(m.RoleTTL) - if l > 0 { - n += 1 + l + sovConfig(uint64(l)) - } - l = len(m.TokenTTL) - if l > 0 { - n += 1 + l + sovConfig(uint64(l)) - } - l = len(m.DownPolicy) - if l > 0 { - n += 1 + l + sovConfig(uint64(l)) - } - l = len(m.DefaultPolicy) - if l > 0 { - n += 1 + l + sovConfig(uint64(l)) - } - if m.EnableKeyListPolicy { - n += 2 - } - if m.Tokens != nil { - l = m.Tokens.Size() - n += 1 + l + sovConfig(uint64(l)) - } - l = len(m.Deprecated_DisabledTTL) - if l > 0 { - n += 1 + l + sovConfig(uint64(l)) - } - if m.EnableTokenPersistence { - n += 2 - } - if m.MSPDisableBootstrap { - n += 2 - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - -func (m *ACLTokens) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.InitialManagement) - if l > 0 { - n += 1 + l + sovConfig(uint64(l)) - } - l = len(m.Replication) - if l > 0 { - n += 1 + l + sovConfig(uint64(l)) - } - l = len(m.AgentRecovery) - if l > 0 { - n += 1 + l + sovConfig(uint64(l)) - } - l = len(m.Default) - if l > 0 { - n += 1 + l + sovConfig(uint64(l)) - } - l = len(m.Agent) - if l > 0 { - n += 1 + l + sovConfig(uint64(l)) - } - if len(m.ManagedServiceProvider) > 0 { - for _, e := range m.ManagedServiceProvider { - l = e.Size() - n += 1 + l + sovConfig(uint64(l)) - } - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - -func (m *ACLServiceProviderToken) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.AccessorID) - if l > 0 { - n += 1 + l + sovConfig(uint64(l)) - } - l = len(m.SecretID) - if l > 0 { - n += 1 + l + sovConfig(uint64(l)) - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - -func (m *AutoEncrypt) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - if m.TLS { - n += 2 - } - if len(m.DNSSAN) > 0 { - for _, s := range m.DNSSAN { - l = len(s) - n += 1 + l + sovConfig(uint64(l)) - } - } - if len(m.IPSAN) > 0 { - for _, s := range m.IPSAN { - l = len(s) - n += 1 + l + sovConfig(uint64(l)) - } - } - if m.AllowTLS { - n += 2 - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - -func sovConfig(x uint64) (n int) { - return (math_bits.Len64(x|1) + 6) / 7 -} -func sozConfig(x uint64) (n int) { - return sovConfig(uint64((x << 1) ^ uint64((int64(x) >> 63)))) -} -func (m *Config) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: Config: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: Config: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Datacenter", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthConfig - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthConfig - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Datacenter = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field PrimaryDatacenter", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthConfig - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthConfig - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.PrimaryDatacenter = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field NodeName", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthConfig - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthConfig - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.NodeName = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 4: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SegmentName", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthConfig - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthConfig - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.SegmentName = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 5: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ACL", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthConfig - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthConfig - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.ACL == nil { - m.ACL = &ACL{} - } - if err := m.ACL.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 6: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field AutoEncrypt", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthConfig - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthConfig - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.AutoEncrypt == nil { - m.AutoEncrypt = &AutoEncrypt{} - } - if err := m.AutoEncrypt.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 7: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Gossip", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthConfig - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthConfig - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.Gossip == nil { - m.Gossip = &Gossip{} - } - if err := m.Gossip.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 8: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field TLS", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthConfig - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthConfig - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.TLS == nil { - m.TLS = &TLS{} - } - if err := m.TLS.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 9: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Partition", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthConfig - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthConfig - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Partition = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipConfig(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthConfig - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *Gossip) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: Gossip: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: Gossip: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Encryption", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthConfig - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthConfig - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.Encryption == nil { - m.Encryption = &GossipEncryption{} - } - if err := m.Encryption.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field RetryJoinLAN", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthConfig - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthConfig - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.RetryJoinLAN = append(m.RetryJoinLAN, string(dAtA[iNdEx:postIndex])) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipConfig(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthConfig - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *GossipEncryption) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: GossipEncryption: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: GossipEncryption: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Key", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthConfig - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthConfig - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Key = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 2: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field VerifyIncoming", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.VerifyIncoming = bool(v != 0) - case 3: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field VerifyOutgoing", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.VerifyOutgoing = bool(v != 0) - default: - iNdEx = preIndex - skippy, err := skipConfig(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthConfig - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *TLS) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: TLS: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: TLS: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field VerifyOutgoing", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.VerifyOutgoing = bool(v != 0) - case 2: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field VerifyServerHostname", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.VerifyServerHostname = bool(v != 0) - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field CipherSuites", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthConfig - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthConfig - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.CipherSuites = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 4: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field MinVersion", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthConfig - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthConfig - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.MinVersion = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 5: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field Deprecated_PreferServerCipherSuites", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.Deprecated_PreferServerCipherSuites = bool(v != 0) - default: - iNdEx = preIndex - skippy, err := skipConfig(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthConfig - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *ACL) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: ACL: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: ACL: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field Enabled", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.Enabled = bool(v != 0) - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field PolicyTTL", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthConfig - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthConfig - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.PolicyTTL = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field RoleTTL", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthConfig - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthConfig - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.RoleTTL = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 4: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field TokenTTL", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthConfig - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthConfig - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.TokenTTL = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 5: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DownPolicy", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthConfig - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthConfig - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.DownPolicy = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 6: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DefaultPolicy", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthConfig - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthConfig - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.DefaultPolicy = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 7: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field EnableKeyListPolicy", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.EnableKeyListPolicy = bool(v != 0) - case 8: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Tokens", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthConfig - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthConfig - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.Tokens == nil { - m.Tokens = &ACLTokens{} - } - if err := m.Tokens.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 9: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Deprecated_DisabledTTL", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthConfig - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthConfig - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Deprecated_DisabledTTL = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 10: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field EnableTokenPersistence", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.EnableTokenPersistence = bool(v != 0) - case 11: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field MSPDisableBootstrap", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.MSPDisableBootstrap = bool(v != 0) - default: - iNdEx = preIndex - skippy, err := skipConfig(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthConfig - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *ACLTokens) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: ACLTokens: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: ACLTokens: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field InitialManagement", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthConfig - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthConfig - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.InitialManagement = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Replication", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthConfig - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthConfig - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Replication = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field AgentRecovery", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthConfig - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthConfig - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.AgentRecovery = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 4: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Default", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthConfig - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthConfig - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Default = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 5: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Agent", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthConfig - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthConfig - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Agent = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 6: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ManagedServiceProvider", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthConfig - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthConfig - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.ManagedServiceProvider = append(m.ManagedServiceProvider, &ACLServiceProviderToken{}) - if err := m.ManagedServiceProvider[len(m.ManagedServiceProvider)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipConfig(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthConfig - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *ACLServiceProviderToken) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: ACLServiceProviderToken: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: ACLServiceProviderToken: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field AccessorID", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthConfig - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthConfig - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.AccessorID = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SecretID", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthConfig - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthConfig - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.SecretID = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipConfig(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthConfig - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *AutoEncrypt) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: AutoEncrypt: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: AutoEncrypt: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field TLS", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.TLS = bool(v != 0) - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DNSSAN", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthConfig - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthConfig - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.DNSSAN = append(m.DNSSAN, string(dAtA[iNdEx:postIndex])) - iNdEx = postIndex - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field IPSAN", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthConfig - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthConfig - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.IPSAN = append(m.IPSAN, string(dAtA[iNdEx:postIndex])) - iNdEx = postIndex - case 4: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field AllowTLS", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConfig - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.AllowTLS = bool(v != 0) - default: - iNdEx = preIndex - skippy, err := skipConfig(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthConfig - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func skipConfig(dAtA []byte) (n int, err error) { - l := len(dAtA) - iNdEx := 0 - depth := 0 - for iNdEx < l { - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowConfig - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - wireType := int(wire & 0x7) - switch wireType { - case 0: - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowConfig - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - iNdEx++ - if dAtA[iNdEx-1] < 0x80 { - break - } - } - case 1: - iNdEx += 8 - case 2: - var length int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowConfig - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - length |= (int(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - if length < 0 { - return 0, ErrInvalidLengthConfig - } - iNdEx += length - case 3: - depth++ - case 4: - if depth == 0 { - return 0, ErrUnexpectedEndOfGroupConfig - } - depth-- - case 5: - iNdEx += 4 - default: - return 0, fmt.Errorf("proto: illegal wireType %d", wireType) - } - if iNdEx < 0 { - return 0, ErrInvalidLengthConfig - } - if depth == 0 { - return iNdEx, nil - } - } - return 0, io.ErrUnexpectedEOF -} - -var ( - ErrInvalidLengthConfig = fmt.Errorf("proto: negative length found during unmarshaling") - ErrIntOverflowConfig = fmt.Errorf("proto: integer overflow") - ErrUnexpectedEndOfGroupConfig = fmt.Errorf("proto: unexpected end of group") -) diff --git a/proto/pbconnect/connect.gen.go b/proto/pbconnect/connect.gen.go index 433a065b7..a9fbdfe24 100644 --- a/proto/pbconnect/connect.gen.go +++ b/proto/pbconnect/connect.gen.go @@ -13,14 +13,14 @@ func CARootToStructsCARoot(s *CARoot, t *structs.CARoot) { t.SerialNumber = s.SerialNumber t.SigningKeyID = s.SigningKeyID t.ExternalTrustDomain = s.ExternalTrustDomain - t.NotBefore = structs.TimeFromProtoGogo(s.NotBefore) - t.NotAfter = structs.TimeFromProtoGogo(s.NotAfter) + t.NotBefore = structs.TimeFromProto(s.NotBefore) + t.NotAfter = structs.TimeFromProto(s.NotAfter) t.RootCert = s.RootCert t.IntermediateCerts = s.IntermediateCerts t.SigningCert = s.SigningCert t.SigningKey = s.SigningKey t.Active = s.Active - t.RotatedOutAt = structs.TimeFromProtoGogo(s.RotatedOutAt) + t.RotatedOutAt = structs.TimeFromProto(s.RotatedOutAt) t.PrivateKeyType = s.PrivateKeyType t.PrivateKeyBits = int(s.PrivateKeyBits) t.RaftIndex = RaftIndexTo(s.RaftIndex) @@ -34,14 +34,14 @@ func CARootFromStructsCARoot(t *structs.CARoot, s *CARoot) { s.SerialNumber = t.SerialNumber s.SigningKeyID = t.SigningKeyID s.ExternalTrustDomain = t.ExternalTrustDomain - s.NotBefore = structs.TimeToProtoGogo(t.NotBefore) - s.NotAfter = structs.TimeToProtoGogo(t.NotAfter) + s.NotBefore = structs.TimeToProto(t.NotBefore) + s.NotAfter = structs.TimeToProto(t.NotAfter) s.RootCert = t.RootCert s.IntermediateCerts = t.IntermediateCerts s.SigningCert = t.SigningCert s.SigningKey = t.SigningKey s.Active = t.Active - s.RotatedOutAt = structs.TimeToProtoGogo(t.RotatedOutAt) + s.RotatedOutAt = structs.TimeToProto(t.RotatedOutAt) s.PrivateKeyType = t.PrivateKeyType s.PrivateKeyBits = int32(t.PrivateKeyBits) s.RaftIndex = RaftIndexFrom(t.RaftIndex) @@ -93,8 +93,8 @@ func IssuedCertToStructsIssuedCert(s *IssuedCert, t *structs.IssuedCert) { t.ServiceURI = s.ServiceURI t.Agent = s.Agent t.AgentURI = s.AgentURI - t.ValidAfter = structs.TimeFromProtoGogo(s.ValidAfter) - t.ValidBefore = structs.TimeFromProtoGogo(s.ValidBefore) + t.ValidAfter = structs.TimeFromProto(s.ValidAfter) + t.ValidBefore = structs.TimeFromProto(s.ValidBefore) t.EnterpriseMeta = EnterpriseMetaTo(s.EnterpriseMeta) t.RaftIndex = RaftIndexTo(s.RaftIndex) } @@ -109,8 +109,8 @@ func IssuedCertFromStructsIssuedCert(t *structs.IssuedCert, s *IssuedCert) { s.ServiceURI = t.ServiceURI s.Agent = t.Agent s.AgentURI = t.AgentURI - s.ValidAfter = structs.TimeToProtoGogo(t.ValidAfter) - s.ValidBefore = structs.TimeToProtoGogo(t.ValidBefore) + s.ValidAfter = structs.TimeToProto(t.ValidAfter) + s.ValidBefore = structs.TimeToProto(t.ValidBefore) s.EnterpriseMeta = EnterpriseMetaFrom(t.EnterpriseMeta) s.RaftIndex = RaftIndexFrom(t.RaftIndex) } diff --git a/proto/pbconnect/connect.go b/proto/pbconnect/connect.go index c61ca7c8a..2b13a12b3 100644 --- a/proto/pbconnect/connect.go +++ b/proto/pbconnect/connect.go @@ -2,42 +2,42 @@ package pbconnect import ( "github.com/hashicorp/consul/agent/structs" - "github.com/hashicorp/consul/proto/pbcommongogo" + "github.com/hashicorp/consul/proto/pbcommon" ) -func QueryMetaFrom(f structs.QueryMeta) *pbcommongogo.QueryMeta { - t := new(pbcommongogo.QueryMeta) - pbcommongogo.QueryMetaFromStructs(&f, t) +func QueryMetaFrom(f structs.QueryMeta) *pbcommon.QueryMeta { + t := new(pbcommon.QueryMeta) + pbcommon.QueryMetaFromStructs(&f, t) return t } -func QueryMetaTo(f *pbcommongogo.QueryMeta) structs.QueryMeta { +func QueryMetaTo(f *pbcommon.QueryMeta) structs.QueryMeta { t := new(structs.QueryMeta) - pbcommongogo.QueryMetaToStructs(f, t) + pbcommon.QueryMetaToStructs(f, t) return *t } -func RaftIndexFrom(f structs.RaftIndex) *pbcommongogo.RaftIndex { - t := new(pbcommongogo.RaftIndex) - pbcommongogo.RaftIndexFromStructs(&f, t) +func RaftIndexFrom(f structs.RaftIndex) *pbcommon.RaftIndex { + t := new(pbcommon.RaftIndex) + pbcommon.RaftIndexFromStructs(&f, t) return t } -func RaftIndexTo(f *pbcommongogo.RaftIndex) structs.RaftIndex { +func RaftIndexTo(f *pbcommon.RaftIndex) structs.RaftIndex { t := new(structs.RaftIndex) - pbcommongogo.RaftIndexToStructs(f, t) + pbcommon.RaftIndexToStructs(f, t) return *t } -func EnterpriseMetaFrom(f structs.EnterpriseMeta) *pbcommongogo.EnterpriseMeta { - t := new(pbcommongogo.EnterpriseMeta) - pbcommongogo.EnterpriseMetaFromStructs(&f, t) +func EnterpriseMetaFrom(f structs.EnterpriseMeta) *pbcommon.EnterpriseMeta { + t := new(pbcommon.EnterpriseMeta) + pbcommon.EnterpriseMetaFromStructs(&f, t) return t } -func EnterpriseMetaTo(f *pbcommongogo.EnterpriseMeta) structs.EnterpriseMeta { +func EnterpriseMetaTo(f *pbcommon.EnterpriseMeta) structs.EnterpriseMeta { t := new(structs.EnterpriseMeta) - pbcommongogo.EnterpriseMetaToStructs(f, t) + pbcommon.EnterpriseMetaToStructs(f, t) return *t } diff --git a/proto/pbconnect/connect.pb.go b/proto/pbconnect/connect.pb.go index 64a6738f9..97ce17def 100644 --- a/proto/pbconnect/connect.pb.go +++ b/proto/pbconnect/connect.pb.go @@ -1,16 +1,14 @@ -// Code generated by protoc-gen-gogo. DO NOT EDIT. +// Code generated by protoc-gen-go. DO NOT EDIT. // source: proto/pbconnect/connect.proto package pbconnect import ( fmt "fmt" - types "github.com/gogo/protobuf/types" proto "github.com/golang/protobuf/proto" - pbcommongogo "github.com/hashicorp/consul/proto/pbcommongogo" - io "io" + timestamp "github.com/golang/protobuf/ptypes/timestamp" + pbcommon "github.com/hashicorp/consul/proto/pbcommon" math "math" - math_bits "math/bits" ) // Reference imports to suppress errors if they are not otherwise used. @@ -64,10 +62,10 @@ type CARoots struct { // QueryMeta here is mainly used to contain the latest Raft Index that could // be used to perform a blocking query. // mog: func-to=QueryMetaTo func-from=QueryMetaFrom - QueryMeta *pbcommongogo.QueryMeta `protobuf:"bytes,4,opt,name=QueryMeta,proto3" json:"QueryMeta,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + QueryMeta *pbcommon.QueryMeta `protobuf:"bytes,4,opt,name=QueryMeta,proto3" json:"QueryMeta,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *CARoots) Reset() { *m = CARoots{} } @@ -76,26 +74,18 @@ func (*CARoots) ProtoMessage() {} func (*CARoots) Descriptor() ([]byte, []int) { return fileDescriptor_80627e709958eb04, []int{0} } + func (m *CARoots) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) + return xxx_messageInfo_CARoots.Unmarshal(m, b) } func (m *CARoots) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_CARoots.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil - } + return xxx_messageInfo_CARoots.Marshal(b, m, deterministic) } func (m *CARoots) XXX_Merge(src proto.Message) { xxx_messageInfo_CARoots.Merge(m, src) } func (m *CARoots) XXX_Size() int { - return m.Size() + return xxx_messageInfo_CARoots.Size(m) } func (m *CARoots) XXX_DiscardUnknown() { xxx_messageInfo_CARoots.DiscardUnknown(m) @@ -124,7 +114,7 @@ func (m *CARoots) GetRoots() []*CARoot { return nil } -func (m *CARoots) GetQueryMeta() *pbcommongogo.QueryMeta { +func (m *CARoots) GetQueryMeta() *pbcommon.QueryMeta { if m != nil { return m.QueryMeta } @@ -160,10 +150,10 @@ type CARoot struct { // future flexibility. ExternalTrustDomain string `protobuf:"bytes,5,opt,name=ExternalTrustDomain,proto3" json:"ExternalTrustDomain,omitempty"` // Time validity bounds. - // mog: func-to=structs.TimeFromProtoGogo func-from=structs.TimeToProtoGogo - NotBefore *types.Timestamp `protobuf:"bytes,6,opt,name=NotBefore,proto3" json:"NotBefore,omitempty"` - // mog: func-to=structs.TimeFromProtoGogo func-from=structs.TimeToProtoGogo - NotAfter *types.Timestamp `protobuf:"bytes,7,opt,name=NotAfter,proto3" json:"NotAfter,omitempty"` + // mog: func-to=structs.TimeFromProto func-from=structs.TimeToProto + NotBefore *timestamp.Timestamp `protobuf:"bytes,6,opt,name=NotBefore,proto3" json:"NotBefore,omitempty"` + // mog: func-to=structs.TimeFromProto func-from=structs.TimeToProto + NotAfter *timestamp.Timestamp `protobuf:"bytes,7,opt,name=NotAfter,proto3" json:"NotAfter,omitempty"` // RootCert is the PEM-encoded public certificate. RootCert string `protobuf:"bytes,8,opt,name=RootCert,proto3" json:"RootCert,omitempty"` // IntermediateCerts is a list of PEM-encoded intermediate certs to @@ -182,8 +172,8 @@ type CARoot struct { // RotatedOutAt is the time at which this CA was removed from the state. // This will only be set on roots that have been rotated out from being the // active root. - // mog: func-to=structs.TimeFromProtoGogo func-from=structs.TimeToProtoGogo - RotatedOutAt *types.Timestamp `protobuf:"bytes,13,opt,name=RotatedOutAt,proto3" json:"RotatedOutAt,omitempty"` + // mog: func-to=structs.TimeFromProto func-from=structs.TimeToProto + RotatedOutAt *timestamp.Timestamp `protobuf:"bytes,13,opt,name=RotatedOutAt,proto3" json:"RotatedOutAt,omitempty"` // PrivateKeyType is the type of the private key used to sign certificates. It // may be "rsa" or "ec". This is provided as a convenience to avoid parsing // the public key to from the certificate to infer the type. @@ -194,10 +184,10 @@ type CARoot struct { // mog: func-to=int func-from=int32 PrivateKeyBits int32 `protobuf:"varint,15,opt,name=PrivateKeyBits,proto3" json:"PrivateKeyBits,omitempty"` // mog: func-to=RaftIndexTo func-from=RaftIndexFrom - RaftIndex *pbcommongogo.RaftIndex `protobuf:"bytes,16,opt,name=RaftIndex,proto3" json:"RaftIndex,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + RaftIndex *pbcommon.RaftIndex `protobuf:"bytes,16,opt,name=RaftIndex,proto3" json:"RaftIndex,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *CARoot) Reset() { *m = CARoot{} } @@ -206,26 +196,18 @@ func (*CARoot) ProtoMessage() {} func (*CARoot) Descriptor() ([]byte, []int) { return fileDescriptor_80627e709958eb04, []int{1} } + func (m *CARoot) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) + return xxx_messageInfo_CARoot.Unmarshal(m, b) } func (m *CARoot) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_CARoot.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil - } + return xxx_messageInfo_CARoot.Marshal(b, m, deterministic) } func (m *CARoot) XXX_Merge(src proto.Message) { xxx_messageInfo_CARoot.Merge(m, src) } func (m *CARoot) XXX_Size() int { - return m.Size() + return xxx_messageInfo_CARoot.Size(m) } func (m *CARoot) XXX_DiscardUnknown() { xxx_messageInfo_CARoot.DiscardUnknown(m) @@ -268,14 +250,14 @@ func (m *CARoot) GetExternalTrustDomain() string { return "" } -func (m *CARoot) GetNotBefore() *types.Timestamp { +func (m *CARoot) GetNotBefore() *timestamp.Timestamp { if m != nil { return m.NotBefore } return nil } -func (m *CARoot) GetNotAfter() *types.Timestamp { +func (m *CARoot) GetNotAfter() *timestamp.Timestamp { if m != nil { return m.NotAfter } @@ -317,7 +299,7 @@ func (m *CARoot) GetActive() bool { return false } -func (m *CARoot) GetRotatedOutAt() *types.Timestamp { +func (m *CARoot) GetRotatedOutAt() *timestamp.Timestamp { if m != nil { return m.RotatedOutAt } @@ -338,13 +320,15 @@ func (m *CARoot) GetPrivateKeyBits() int32 { return 0 } -func (m *CARoot) GetRaftIndex() *pbcommongogo.RaftIndex { +func (m *CARoot) GetRaftIndex() *pbcommon.RaftIndex { if m != nil { return m.RaftIndex } return nil } +// RaftIndex is used to track the index used while creating +// or modifying a given struct type. // // mog annotation: // @@ -370,18 +354,18 @@ type IssuedCert struct { AgentURI string `protobuf:"bytes,7,opt,name=AgentURI,proto3" json:"AgentURI,omitempty"` // ValidAfter and ValidBefore are the validity periods for the // certificate. - // mog: func-to=structs.TimeFromProtoGogo func-from=structs.TimeToProtoGogo - ValidAfter *types.Timestamp `protobuf:"bytes,8,opt,name=ValidAfter,proto3" json:"ValidAfter,omitempty"` - // mog: func-to=structs.TimeFromProtoGogo func-from=structs.TimeToProtoGogo - ValidBefore *types.Timestamp `protobuf:"bytes,9,opt,name=ValidBefore,proto3" json:"ValidBefore,omitempty"` + // mog: func-to=structs.TimeFromProto func-from=structs.TimeToProto + ValidAfter *timestamp.Timestamp `protobuf:"bytes,8,opt,name=ValidAfter,proto3" json:"ValidAfter,omitempty"` + // mog: func-to=structs.TimeFromProto func-from=structs.TimeToProto + ValidBefore *timestamp.Timestamp `protobuf:"bytes,9,opt,name=ValidBefore,proto3" json:"ValidBefore,omitempty"` // EnterpriseMeta is the Consul Enterprise specific metadata // mog: func-to=EnterpriseMetaTo func-from=EnterpriseMetaFrom - EnterpriseMeta *pbcommongogo.EnterpriseMeta `protobuf:"bytes,10,opt,name=EnterpriseMeta,proto3" json:"EnterpriseMeta,omitempty"` + EnterpriseMeta *pbcommon.EnterpriseMeta `protobuf:"bytes,10,opt,name=EnterpriseMeta,proto3" json:"EnterpriseMeta,omitempty"` // mog: func-to=RaftIndexTo func-from=RaftIndexFrom - RaftIndex *pbcommongogo.RaftIndex `protobuf:"bytes,11,opt,name=RaftIndex,proto3" json:"RaftIndex,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + RaftIndex *pbcommon.RaftIndex `protobuf:"bytes,11,opt,name=RaftIndex,proto3" json:"RaftIndex,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *IssuedCert) Reset() { *m = IssuedCert{} } @@ -390,26 +374,18 @@ func (*IssuedCert) ProtoMessage() {} func (*IssuedCert) Descriptor() ([]byte, []int) { return fileDescriptor_80627e709958eb04, []int{2} } + func (m *IssuedCert) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) + return xxx_messageInfo_IssuedCert.Unmarshal(m, b) } func (m *IssuedCert) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_IssuedCert.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil - } + return xxx_messageInfo_IssuedCert.Marshal(b, m, deterministic) } func (m *IssuedCert) XXX_Merge(src proto.Message) { xxx_messageInfo_IssuedCert.Merge(m, src) } func (m *IssuedCert) XXX_Size() int { - return m.Size() + return xxx_messageInfo_IssuedCert.Size(m) } func (m *IssuedCert) XXX_DiscardUnknown() { xxx_messageInfo_IssuedCert.DiscardUnknown(m) @@ -466,28 +442,28 @@ func (m *IssuedCert) GetAgentURI() string { return "" } -func (m *IssuedCert) GetValidAfter() *types.Timestamp { +func (m *IssuedCert) GetValidAfter() *timestamp.Timestamp { if m != nil { return m.ValidAfter } return nil } -func (m *IssuedCert) GetValidBefore() *types.Timestamp { +func (m *IssuedCert) GetValidBefore() *timestamp.Timestamp { if m != nil { return m.ValidBefore } return nil } -func (m *IssuedCert) GetEnterpriseMeta() *pbcommongogo.EnterpriseMeta { +func (m *IssuedCert) GetEnterpriseMeta() *pbcommon.EnterpriseMeta { if m != nil { return m.EnterpriseMeta } return nil } -func (m *IssuedCert) GetRaftIndex() *pbcommongogo.RaftIndex { +func (m *IssuedCert) GetRaftIndex() *pbcommon.RaftIndex { if m != nil { return m.RaftIndex } @@ -500,1811 +476,50 @@ func init() { proto.RegisterType((*IssuedCert)(nil), "connect.IssuedCert") } -func init() { proto.RegisterFile("proto/pbconnect/connect.proto", fileDescriptor_80627e709958eb04) } +func init() { + proto.RegisterFile("proto/pbconnect/connect.proto", fileDescriptor_80627e709958eb04) +} var fileDescriptor_80627e709958eb04 = []byte{ - // 661 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x8c, 0x54, 0xcd, 0x6e, 0xd3, 0x40, - 0x10, 0xc6, 0x4d, 0xf3, 0xe3, 0x49, 0x9b, 0xc2, 0xf2, 0xa3, 0x55, 0x24, 0x52, 0x2b, 0x02, 0x14, - 0x09, 0x94, 0xa0, 0x56, 0x42, 0x08, 0x01, 0x52, 0xd2, 0xf4, 0x10, 0x55, 0x0d, 0x65, 0x5b, 0x38, - 0x70, 0x73, 0x92, 0x89, 0xbb, 0x52, 0xec, 0x8d, 0xd6, 0xeb, 0xaa, 0x39, 0xf2, 0x16, 0xbc, 0x03, - 0x2f, 0xc2, 0x0d, 0x1e, 0x01, 0x95, 0x17, 0x41, 0xbb, 0x76, 0x62, 0x3b, 0x45, 0x0a, 0xa7, 0xec, - 0x7c, 0xf3, 0xcd, 0x78, 0x66, 0xbf, 0x2f, 0x0b, 0x8f, 0xe7, 0x52, 0x28, 0xd1, 0x99, 0x8f, 0xc6, - 0x22, 0x08, 0x70, 0xac, 0x3a, 0xc9, 0x6f, 0xdb, 0xe0, 0xa4, 0x9c, 0x84, 0xf5, 0x7d, 0x4f, 0x08, - 0x6f, 0x86, 0x1d, 0x03, 0x8f, 0xa2, 0x69, 0x47, 0x71, 0x1f, 0x43, 0xe5, 0xfa, 0xf3, 0x98, 0x59, - 0xdf, 0x4f, 0x1b, 0xf9, 0xbe, 0x08, 0x3c, 0xe1, 0x89, 0x4e, 0x7c, 0x8c, 0x09, 0xcd, 0xef, 0x16, - 0x94, 0x8f, 0xba, 0x4c, 0x08, 0x15, 0x92, 0x26, 0xec, 0x74, 0xc7, 0x8a, 0x5f, 0xa1, 0x0e, 0x07, - 0x7d, 0x6a, 0x39, 0x56, 0xcb, 0x66, 0x39, 0x8c, 0x38, 0x50, 0xbd, 0x90, 0x51, 0xa8, 0xfa, 0xc2, - 0x77, 0x79, 0x40, 0xb7, 0x0c, 0x25, 0x0b, 0x91, 0xa7, 0x50, 0x34, 0xed, 0x68, 0xc1, 0x29, 0xb4, - 0xaa, 0x07, 0x7b, 0xed, 0xe5, 0xec, 0xf1, 0x67, 0x58, 0x9c, 0x25, 0x87, 0x60, 0x7f, 0x8c, 0x50, - 0x2e, 0x4e, 0x51, 0xb9, 0x74, 0xdb, 0xb1, 0x5a, 0xd5, 0x83, 0x87, 0xed, 0x74, 0xca, 0xf6, 0x2a, - 0xc9, 0x52, 0x5e, 0xf3, 0x6b, 0x11, 0x4a, 0x71, 0x1b, 0x52, 0x83, 0xad, 0xd5, 0x88, 0x5b, 0x83, - 0x3e, 0x21, 0xb0, 0x3d, 0x74, 0x7d, 0x4c, 0x26, 0x32, 0x67, 0xbd, 0xd0, 0x39, 0x4a, 0xee, 0xce, - 0x86, 0x91, 0x3f, 0x42, 0x49, 0x0b, 0x8e, 0xd5, 0xda, 0x66, 0x39, 0xcc, 0x70, 0xb8, 0x17, 0xf0, - 0xc0, 0x3b, 0xc1, 0xc5, 0xa0, 0x6f, 0x46, 0xb1, 0x59, 0x0e, 0x23, 0x2f, 0xe1, 0xfe, 0xf1, 0xb5, - 0x42, 0x19, 0xb8, 0xb3, 0xec, 0xf2, 0x45, 0x43, 0xfd, 0x57, 0x8a, 0xbc, 0x06, 0x7b, 0x28, 0x54, - 0x0f, 0xa7, 0x42, 0x22, 0x2d, 0x99, 0xed, 0xea, 0xed, 0x58, 0xac, 0xf6, 0x52, 0xac, 0xf6, 0xc5, - 0x52, 0x2c, 0x96, 0x92, 0xc9, 0x2b, 0xa8, 0x0c, 0x85, 0xea, 0x4e, 0x15, 0x4a, 0x5a, 0xde, 0x58, - 0xb8, 0xe2, 0x92, 0x3a, 0x54, 0xf4, 0xbd, 0x1c, 0xa1, 0x54, 0xb4, 0x62, 0x06, 0x5b, 0xc5, 0xe4, - 0x05, 0xdc, 0x1b, 0x04, 0x0a, 0xa5, 0x8f, 0x13, 0xee, 0x2a, 0xd4, 0x58, 0x48, 0x6d, 0xa7, 0xd0, - 0xb2, 0xd9, 0xed, 0x84, 0x96, 0x38, 0xd9, 0xde, 0x34, 0x83, 0x58, 0xe2, 0x0c, 0x44, 0x1a, 0x00, - 0xe9, 0xfd, 0xd0, 0xaa, 0x21, 0x64, 0x10, 0xf2, 0x08, 0x4a, 0xb1, 0x69, 0xe8, 0x8e, 0x63, 0xb5, - 0x2a, 0x2c, 0x89, 0xc8, 0x7b, 0xd8, 0x61, 0x42, 0xb9, 0x0a, 0x27, 0x1f, 0x22, 0xd5, 0x55, 0x74, - 0x77, 0xe3, 0x7e, 0x39, 0x3e, 0x79, 0x06, 0xb5, 0x33, 0xc9, 0xaf, 0x5c, 0x85, 0x27, 0xb8, 0xb8, - 0x58, 0xcc, 0x91, 0xd6, 0xcc, 0xb7, 0xd7, 0xd0, 0x3c, 0xaf, 0xc7, 0x55, 0x48, 0xf7, 0x1c, 0xab, - 0x55, 0x64, 0x6b, 0xa8, 0xf6, 0x20, 0x73, 0xa7, 0x6a, 0x10, 0x4c, 0xf0, 0x9a, 0xde, 0xbd, 0xed, - 0xc1, 0x55, 0x92, 0xa5, 0xbc, 0xe6, 0xcf, 0x02, 0xc0, 0x20, 0x0c, 0x23, 0x9c, 0x98, 0xbb, 0x58, - 0xf7, 0x58, 0xf2, 0xa7, 0xc9, 0x79, 0x8c, 0x42, 0x59, 0x73, 0xcf, 0x8e, 0x4f, 0x13, 0x7b, 0x2e, - 0x43, 0xf2, 0x04, 0x76, 0xd3, 0x99, 0x74, 0xbe, 0x60, 0xf2, 0x79, 0x50, 0xd7, 0x9f, 0xa3, 0xbc, - 0xe2, 0x63, 0x4c, 0xec, 0xb9, 0x0c, 0x8d, 0x12, 0xf1, 0xf1, 0x13, 0x1b, 0x24, 0x86, 0xcc, 0x20, - 0xe4, 0x01, 0x14, 0xbb, 0x1e, 0x06, 0xca, 0x78, 0xd0, 0x66, 0x71, 0xa0, 0xbd, 0x62, 0x0e, 0xba, - 0xa6, 0x1c, 0x7b, 0x65, 0x19, 0x93, 0x37, 0x00, 0x9f, 0xdd, 0x19, 0x9f, 0xc4, 0x0e, 0xac, 0x6c, - 0x54, 0x28, 0xc3, 0x26, 0x6f, 0xa1, 0x6a, 0xa2, 0xc4, 0xf7, 0xf6, 0xc6, 0xe2, 0x2c, 0x9d, 0xf4, - 0xa0, 0x76, 0xac, 0xcd, 0x38, 0x97, 0x3c, 0x44, 0xf3, 0x2c, 0x40, 0xd2, 0x20, 0x23, 0x49, 0x9e, - 0xc1, 0xd6, 0x2a, 0xf2, 0x8a, 0x56, 0xff, 0x4f, 0xd1, 0xde, 0xbb, 0x1f, 0x37, 0x0d, 0xeb, 0xd7, - 0x4d, 0xc3, 0xfa, 0x7d, 0xd3, 0xb0, 0xbe, 0xfd, 0x69, 0xdc, 0xf9, 0xf2, 0xdc, 0xe3, 0xea, 0x32, - 0x1a, 0xe9, 0xca, 0xce, 0xa5, 0x1b, 0x5e, 0xf2, 0xb1, 0x90, 0x73, 0xfd, 0x08, 0x87, 0xd1, 0xac, - 0xb3, 0xf6, 0x36, 0x8f, 0x4a, 0x06, 0x38, 0xfc, 0x1b, 0x00, 0x00, 0xff, 0xff, 0xda, 0x8a, 0x91, - 0x6e, 0xb5, 0x05, 0x00, 0x00, + // 632 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x84, 0x54, 0x5d, 0x6f, 0xd3, 0x30, + 0x14, 0x55, 0xd7, 0xcf, 0xdc, 0x6e, 0x1d, 0x33, 0x68, 0xb2, 0x8a, 0x80, 0xa8, 0x02, 0x14, 0x09, + 0x68, 0xd0, 0x90, 0x10, 0x42, 0x68, 0x52, 0xb7, 0xee, 0x21, 0x9a, 0x56, 0x86, 0x37, 0x78, 0xe0, + 0x2d, 0x6d, 0x6f, 0x3b, 0x4b, 0x4d, 0x5c, 0x39, 0xce, 0xb4, 0xfe, 0x22, 0x7e, 0x0a, 0xbf, 0x0a, + 0x09, 0xd9, 0x4e, 0xda, 0xa4, 0x20, 0xf5, 0x29, 0xbe, 0xe7, 0x1e, 0x5f, 0xdf, 0xeb, 0x73, 0x62, + 0x78, 0xb6, 0x94, 0x42, 0x09, 0x7f, 0x39, 0x9e, 0x88, 0x38, 0xc6, 0x89, 0xf2, 0xb3, 0x6f, 0xdf, + 0xe0, 0xa4, 0x99, 0x85, 0xdd, 0x17, 0x73, 0x21, 0xe6, 0x0b, 0xf4, 0x0d, 0x3c, 0x4e, 0x67, 0xbe, + 0xe2, 0x11, 0x26, 0x2a, 0x8c, 0x96, 0x96, 0xd9, 0x7d, 0xba, 0x29, 0x14, 0x45, 0x22, 0xf6, 0xed, + 0xc7, 0x26, 0x7b, 0xbf, 0x2a, 0xd0, 0x3c, 0x1f, 0x30, 0x21, 0x54, 0x42, 0x7a, 0xb0, 0x3f, 0x98, + 0x28, 0x7e, 0x8f, 0x3a, 0x0c, 0x86, 0xb4, 0xe2, 0x56, 0x3c, 0x87, 0x95, 0x30, 0xe2, 0x42, 0xfb, + 0x56, 0xa6, 0x89, 0x1a, 0x8a, 0x28, 0xe4, 0x31, 0xdd, 0x33, 0x94, 0x22, 0x44, 0x5e, 0x41, 0xdd, + 0x94, 0xa3, 0x55, 0xb7, 0xea, 0xb5, 0x4f, 0x0e, 0xfb, 0x79, 0xdf, 0xf6, 0x18, 0x66, 0xb3, 0xc4, + 0x07, 0xe7, 0x5b, 0x8a, 0x72, 0x75, 0x85, 0x2a, 0xa4, 0x35, 0xb7, 0xe2, 0xb5, 0x4f, 0x8e, 0xfa, + 0x59, 0x6b, 0xeb, 0x04, 0xdb, 0x70, 0x7a, 0x7f, 0x6a, 0xd0, 0xb0, 0x25, 0x48, 0x07, 0xf6, 0xd6, + 0xed, 0xed, 0x05, 0x43, 0x42, 0xa0, 0x36, 0x0a, 0x23, 0xcc, 0xba, 0x31, 0x6b, 0x3d, 0xcc, 0x0d, + 0x4a, 0x1e, 0x2e, 0x46, 0x69, 0x34, 0x46, 0x49, 0xab, 0x6e, 0xc5, 0xab, 0xb1, 0x12, 0x66, 0x38, + 0x7c, 0x1e, 0xf3, 0x78, 0x7e, 0x89, 0xab, 0x60, 0x68, 0xda, 0x70, 0x58, 0x09, 0x23, 0xef, 0xe1, + 0xf1, 0xc5, 0x83, 0x42, 0x19, 0x87, 0x8b, 0xe2, 0xe0, 0x75, 0x43, 0xfd, 0x5f, 0x8a, 0x7c, 0x02, + 0x67, 0x24, 0xd4, 0x19, 0xce, 0x84, 0x44, 0xda, 0x30, 0x93, 0x75, 0xfb, 0x56, 0xa4, 0x7e, 0x2e, + 0x52, 0xff, 0x36, 0x17, 0x89, 0x6d, 0xc8, 0xe4, 0x23, 0xb4, 0x46, 0x42, 0x0d, 0x66, 0x0a, 0x25, + 0x6d, 0xee, 0xdc, 0xb8, 0xe6, 0x92, 0x2e, 0xb4, 0xf4, 0xbd, 0x9c, 0xa3, 0x54, 0xb4, 0x65, 0x1a, + 0x5b, 0xc7, 0xe4, 0x2d, 0x1c, 0x05, 0xb1, 0x42, 0x19, 0xe1, 0x94, 0x87, 0x0a, 0x35, 0x96, 0x50, + 0xc7, 0xad, 0x7a, 0x0e, 0xfb, 0x37, 0xa1, 0xe5, 0xcd, 0xa6, 0x37, 0xc5, 0xc0, 0xca, 0x5b, 0x80, + 0xc8, 0x73, 0x80, 0xcd, 0xfd, 0xd0, 0xb6, 0x21, 0x14, 0x10, 0x72, 0x0c, 0x0d, 0x6b, 0x18, 0xba, + 0xef, 0x56, 0xbc, 0x16, 0xcb, 0x22, 0x72, 0x0a, 0xfb, 0x4c, 0xa8, 0x50, 0xe1, 0xf4, 0x6b, 0xaa, + 0x06, 0x8a, 0x1e, 0xec, 0x9c, 0xaf, 0xc4, 0x27, 0xaf, 0xa1, 0x73, 0x2d, 0xf9, 0x7d, 0xa8, 0xf0, + 0x12, 0x57, 0xb7, 0xab, 0x25, 0xd2, 0x8e, 0x39, 0x7b, 0x0b, 0x2d, 0xf3, 0xce, 0xb8, 0x4a, 0xe8, + 0xa1, 0x5b, 0xf1, 0xea, 0x6c, 0x0b, 0xd5, 0xfe, 0x63, 0xe1, 0x4c, 0x05, 0xf1, 0x14, 0x1f, 0xe8, + 0xa3, 0xb2, 0xff, 0xd6, 0x09, 0xb6, 0xe1, 0xf4, 0x7e, 0x57, 0x01, 0x82, 0x24, 0x49, 0x71, 0x6a, + 0xee, 0x61, 0xdb, 0x5f, 0xd9, 0xcf, 0x52, 0xf2, 0x17, 0x85, 0xa6, 0xe6, 0x5e, 0x5f, 0x5c, 0x65, + 0xd6, 0xcc, 0x43, 0xf2, 0x12, 0x0e, 0x36, 0xfd, 0xe8, 0x7c, 0xd5, 0xe4, 0xcb, 0xa0, 0xde, 0x7f, + 0x83, 0xf2, 0x9e, 0x4f, 0x30, 0xb3, 0x66, 0x1e, 0x1a, 0x15, 0xec, 0xf2, 0x3b, 0x0b, 0x32, 0x33, + 0x16, 0x10, 0xf2, 0x04, 0xea, 0x83, 0x39, 0xc6, 0xca, 0xf8, 0xcf, 0x61, 0x36, 0xd0, 0x3e, 0x31, + 0x0b, 0xbd, 0xa7, 0x69, 0x7d, 0x92, 0xc7, 0xe4, 0x33, 0xc0, 0x8f, 0x70, 0xc1, 0xa7, 0xd6, 0x7d, + 0xad, 0x9d, 0xea, 0x14, 0xd8, 0xe4, 0x0b, 0xb4, 0x4d, 0x94, 0x79, 0xde, 0xd9, 0xb9, 0xb9, 0x48, + 0x27, 0xa7, 0xd0, 0xb9, 0xd0, 0x46, 0x5c, 0x4a, 0x9e, 0xa0, 0x79, 0x0e, 0xc0, 0x14, 0x38, 0xce, + 0xe5, 0x28, 0x67, 0xd9, 0x16, 0xbb, 0xac, 0x64, 0x7b, 0xb7, 0x92, 0x67, 0xef, 0x7e, 0xbe, 0x99, + 0x73, 0x75, 0x97, 0x8e, 0x35, 0xcb, 0xbf, 0x0b, 0x93, 0x3b, 0x3e, 0x11, 0x72, 0xa9, 0x1f, 0xd8, + 0x24, 0x5d, 0xf8, 0x5b, 0xef, 0xee, 0xb8, 0x61, 0x80, 0x0f, 0x7f, 0x03, 0x00, 0x00, 0xff, 0xff, + 0x77, 0x18, 0x20, 0xcd, 0x91, 0x05, 0x00, 0x00, } - -func (m *CARoots) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *CARoots) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *CARoots) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if m.XXX_unrecognized != nil { - i -= len(m.XXX_unrecognized) - copy(dAtA[i:], m.XXX_unrecognized) - } - if m.QueryMeta != nil { - { - size, err := m.QueryMeta.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintConnect(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x22 - } - if len(m.Roots) > 0 { - for iNdEx := len(m.Roots) - 1; iNdEx >= 0; iNdEx-- { - { - size, err := m.Roots[iNdEx].MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintConnect(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x1a - } - } - if len(m.TrustDomain) > 0 { - i -= len(m.TrustDomain) - copy(dAtA[i:], m.TrustDomain) - i = encodeVarintConnect(dAtA, i, uint64(len(m.TrustDomain))) - i-- - dAtA[i] = 0x12 - } - if len(m.ActiveRootID) > 0 { - i -= len(m.ActiveRootID) - copy(dAtA[i:], m.ActiveRootID) - i = encodeVarintConnect(dAtA, i, uint64(len(m.ActiveRootID))) - i-- - dAtA[i] = 0xa - } - return len(dAtA) - i, nil -} - -func (m *CARoot) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *CARoot) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *CARoot) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if m.XXX_unrecognized != nil { - i -= len(m.XXX_unrecognized) - copy(dAtA[i:], m.XXX_unrecognized) - } - if m.RaftIndex != nil { - { - size, err := m.RaftIndex.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintConnect(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x1 - i-- - dAtA[i] = 0x82 - } - if m.PrivateKeyBits != 0 { - i = encodeVarintConnect(dAtA, i, uint64(m.PrivateKeyBits)) - i-- - dAtA[i] = 0x78 - } - if len(m.PrivateKeyType) > 0 { - i -= len(m.PrivateKeyType) - copy(dAtA[i:], m.PrivateKeyType) - i = encodeVarintConnect(dAtA, i, uint64(len(m.PrivateKeyType))) - i-- - dAtA[i] = 0x72 - } - if m.RotatedOutAt != nil { - { - size, err := m.RotatedOutAt.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintConnect(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x6a - } - if m.Active { - i-- - if m.Active { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x60 - } - if len(m.SigningKey) > 0 { - i -= len(m.SigningKey) - copy(dAtA[i:], m.SigningKey) - i = encodeVarintConnect(dAtA, i, uint64(len(m.SigningKey))) - i-- - dAtA[i] = 0x5a - } - if len(m.SigningCert) > 0 { - i -= len(m.SigningCert) - copy(dAtA[i:], m.SigningCert) - i = encodeVarintConnect(dAtA, i, uint64(len(m.SigningCert))) - i-- - dAtA[i] = 0x52 - } - if len(m.IntermediateCerts) > 0 { - for iNdEx := len(m.IntermediateCerts) - 1; iNdEx >= 0; iNdEx-- { - i -= len(m.IntermediateCerts[iNdEx]) - copy(dAtA[i:], m.IntermediateCerts[iNdEx]) - i = encodeVarintConnect(dAtA, i, uint64(len(m.IntermediateCerts[iNdEx]))) - i-- - dAtA[i] = 0x4a - } - } - if len(m.RootCert) > 0 { - i -= len(m.RootCert) - copy(dAtA[i:], m.RootCert) - i = encodeVarintConnect(dAtA, i, uint64(len(m.RootCert))) - i-- - dAtA[i] = 0x42 - } - if m.NotAfter != nil { - { - size, err := m.NotAfter.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintConnect(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x3a - } - if m.NotBefore != nil { - { - size, err := m.NotBefore.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintConnect(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x32 - } - if len(m.ExternalTrustDomain) > 0 { - i -= len(m.ExternalTrustDomain) - copy(dAtA[i:], m.ExternalTrustDomain) - i = encodeVarintConnect(dAtA, i, uint64(len(m.ExternalTrustDomain))) - i-- - dAtA[i] = 0x2a - } - if len(m.SigningKeyID) > 0 { - i -= len(m.SigningKeyID) - copy(dAtA[i:], m.SigningKeyID) - i = encodeVarintConnect(dAtA, i, uint64(len(m.SigningKeyID))) - i-- - dAtA[i] = 0x22 - } - if m.SerialNumber != 0 { - i = encodeVarintConnect(dAtA, i, uint64(m.SerialNumber)) - i-- - dAtA[i] = 0x18 - } - if len(m.Name) > 0 { - i -= len(m.Name) - copy(dAtA[i:], m.Name) - i = encodeVarintConnect(dAtA, i, uint64(len(m.Name))) - i-- - dAtA[i] = 0x12 - } - if len(m.ID) > 0 { - i -= len(m.ID) - copy(dAtA[i:], m.ID) - i = encodeVarintConnect(dAtA, i, uint64(len(m.ID))) - i-- - dAtA[i] = 0xa - } - return len(dAtA) - i, nil -} - -func (m *IssuedCert) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *IssuedCert) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *IssuedCert) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if m.XXX_unrecognized != nil { - i -= len(m.XXX_unrecognized) - copy(dAtA[i:], m.XXX_unrecognized) - } - if m.RaftIndex != nil { - { - size, err := m.RaftIndex.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintConnect(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x5a - } - if m.EnterpriseMeta != nil { - { - size, err := m.EnterpriseMeta.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintConnect(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x52 - } - if m.ValidBefore != nil { - { - size, err := m.ValidBefore.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintConnect(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x4a - } - if m.ValidAfter != nil { - { - size, err := m.ValidAfter.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintConnect(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x42 - } - if len(m.AgentURI) > 0 { - i -= len(m.AgentURI) - copy(dAtA[i:], m.AgentURI) - i = encodeVarintConnect(dAtA, i, uint64(len(m.AgentURI))) - i-- - dAtA[i] = 0x3a - } - if len(m.Agent) > 0 { - i -= len(m.Agent) - copy(dAtA[i:], m.Agent) - i = encodeVarintConnect(dAtA, i, uint64(len(m.Agent))) - i-- - dAtA[i] = 0x32 - } - if len(m.ServiceURI) > 0 { - i -= len(m.ServiceURI) - copy(dAtA[i:], m.ServiceURI) - i = encodeVarintConnect(dAtA, i, uint64(len(m.ServiceURI))) - i-- - dAtA[i] = 0x2a - } - if len(m.Service) > 0 { - i -= len(m.Service) - copy(dAtA[i:], m.Service) - i = encodeVarintConnect(dAtA, i, uint64(len(m.Service))) - i-- - dAtA[i] = 0x22 - } - if len(m.PrivateKeyPEM) > 0 { - i -= len(m.PrivateKeyPEM) - copy(dAtA[i:], m.PrivateKeyPEM) - i = encodeVarintConnect(dAtA, i, uint64(len(m.PrivateKeyPEM))) - i-- - dAtA[i] = 0x1a - } - if len(m.CertPEM) > 0 { - i -= len(m.CertPEM) - copy(dAtA[i:], m.CertPEM) - i = encodeVarintConnect(dAtA, i, uint64(len(m.CertPEM))) - i-- - dAtA[i] = 0x12 - } - if len(m.SerialNumber) > 0 { - i -= len(m.SerialNumber) - copy(dAtA[i:], m.SerialNumber) - i = encodeVarintConnect(dAtA, i, uint64(len(m.SerialNumber))) - i-- - dAtA[i] = 0xa - } - return len(dAtA) - i, nil -} - -func encodeVarintConnect(dAtA []byte, offset int, v uint64) int { - offset -= sovConnect(v) - base := offset - for v >= 1<<7 { - dAtA[offset] = uint8(v&0x7f | 0x80) - v >>= 7 - offset++ - } - dAtA[offset] = uint8(v) - return base -} -func (m *CARoots) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.ActiveRootID) - if l > 0 { - n += 1 + l + sovConnect(uint64(l)) - } - l = len(m.TrustDomain) - if l > 0 { - n += 1 + l + sovConnect(uint64(l)) - } - if len(m.Roots) > 0 { - for _, e := range m.Roots { - l = e.Size() - n += 1 + l + sovConnect(uint64(l)) - } - } - if m.QueryMeta != nil { - l = m.QueryMeta.Size() - n += 1 + l + sovConnect(uint64(l)) - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - -func (m *CARoot) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.ID) - if l > 0 { - n += 1 + l + sovConnect(uint64(l)) - } - l = len(m.Name) - if l > 0 { - n += 1 + l + sovConnect(uint64(l)) - } - if m.SerialNumber != 0 { - n += 1 + sovConnect(uint64(m.SerialNumber)) - } - l = len(m.SigningKeyID) - if l > 0 { - n += 1 + l + sovConnect(uint64(l)) - } - l = len(m.ExternalTrustDomain) - if l > 0 { - n += 1 + l + sovConnect(uint64(l)) - } - if m.NotBefore != nil { - l = m.NotBefore.Size() - n += 1 + l + sovConnect(uint64(l)) - } - if m.NotAfter != nil { - l = m.NotAfter.Size() - n += 1 + l + sovConnect(uint64(l)) - } - l = len(m.RootCert) - if l > 0 { - n += 1 + l + sovConnect(uint64(l)) - } - if len(m.IntermediateCerts) > 0 { - for _, s := range m.IntermediateCerts { - l = len(s) - n += 1 + l + sovConnect(uint64(l)) - } - } - l = len(m.SigningCert) - if l > 0 { - n += 1 + l + sovConnect(uint64(l)) - } - l = len(m.SigningKey) - if l > 0 { - n += 1 + l + sovConnect(uint64(l)) - } - if m.Active { - n += 2 - } - if m.RotatedOutAt != nil { - l = m.RotatedOutAt.Size() - n += 1 + l + sovConnect(uint64(l)) - } - l = len(m.PrivateKeyType) - if l > 0 { - n += 1 + l + sovConnect(uint64(l)) - } - if m.PrivateKeyBits != 0 { - n += 1 + sovConnect(uint64(m.PrivateKeyBits)) - } - if m.RaftIndex != nil { - l = m.RaftIndex.Size() - n += 2 + l + sovConnect(uint64(l)) - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - -func (m *IssuedCert) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.SerialNumber) - if l > 0 { - n += 1 + l + sovConnect(uint64(l)) - } - l = len(m.CertPEM) - if l > 0 { - n += 1 + l + sovConnect(uint64(l)) - } - l = len(m.PrivateKeyPEM) - if l > 0 { - n += 1 + l + sovConnect(uint64(l)) - } - l = len(m.Service) - if l > 0 { - n += 1 + l + sovConnect(uint64(l)) - } - l = len(m.ServiceURI) - if l > 0 { - n += 1 + l + sovConnect(uint64(l)) - } - l = len(m.Agent) - if l > 0 { - n += 1 + l + sovConnect(uint64(l)) - } - l = len(m.AgentURI) - if l > 0 { - n += 1 + l + sovConnect(uint64(l)) - } - if m.ValidAfter != nil { - l = m.ValidAfter.Size() - n += 1 + l + sovConnect(uint64(l)) - } - if m.ValidBefore != nil { - l = m.ValidBefore.Size() - n += 1 + l + sovConnect(uint64(l)) - } - if m.EnterpriseMeta != nil { - l = m.EnterpriseMeta.Size() - n += 1 + l + sovConnect(uint64(l)) - } - if m.RaftIndex != nil { - l = m.RaftIndex.Size() - n += 1 + l + sovConnect(uint64(l)) - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - -func sovConnect(x uint64) (n int) { - return (math_bits.Len64(x|1) + 6) / 7 -} -func sozConnect(x uint64) (n int) { - return sovConnect(uint64((x << 1) ^ uint64((int64(x) >> 63)))) -} -func (m *CARoots) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConnect - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: CARoots: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: CARoots: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ActiveRootID", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConnect - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthConnect - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthConnect - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.ActiveRootID = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field TrustDomain", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConnect - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthConnect - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthConnect - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.TrustDomain = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Roots", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConnect - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthConnect - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthConnect - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Roots = append(m.Roots, &CARoot{}) - if err := m.Roots[len(m.Roots)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 4: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field QueryMeta", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConnect - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthConnect - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthConnect - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.QueryMeta == nil { - m.QueryMeta = &pbcommongogo.QueryMeta{} - } - if err := m.QueryMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipConnect(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthConnect - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *CARoot) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConnect - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: CARoot: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: CARoot: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ID", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConnect - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthConnect - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthConnect - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.ID = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConnect - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthConnect - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthConnect - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Name = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 3: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field SerialNumber", wireType) - } - m.SerialNumber = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConnect - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.SerialNumber |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - case 4: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SigningKeyID", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConnect - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthConnect - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthConnect - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.SigningKeyID = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 5: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ExternalTrustDomain", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConnect - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthConnect - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthConnect - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.ExternalTrustDomain = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 6: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field NotBefore", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConnect - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthConnect - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthConnect - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.NotBefore == nil { - m.NotBefore = &types.Timestamp{} - } - if err := m.NotBefore.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 7: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field NotAfter", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConnect - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthConnect - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthConnect - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.NotAfter == nil { - m.NotAfter = &types.Timestamp{} - } - if err := m.NotAfter.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 8: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field RootCert", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConnect - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthConnect - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthConnect - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.RootCert = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 9: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field IntermediateCerts", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConnect - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthConnect - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthConnect - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.IntermediateCerts = append(m.IntermediateCerts, string(dAtA[iNdEx:postIndex])) - iNdEx = postIndex - case 10: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SigningCert", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConnect - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthConnect - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthConnect - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.SigningCert = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 11: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SigningKey", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConnect - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthConnect - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthConnect - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.SigningKey = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 12: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field Active", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConnect - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.Active = bool(v != 0) - case 13: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field RotatedOutAt", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConnect - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthConnect - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthConnect - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.RotatedOutAt == nil { - m.RotatedOutAt = &types.Timestamp{} - } - if err := m.RotatedOutAt.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 14: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field PrivateKeyType", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConnect - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthConnect - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthConnect - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.PrivateKeyType = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 15: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field PrivateKeyBits", wireType) - } - m.PrivateKeyBits = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConnect - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.PrivateKeyBits |= int32(b&0x7F) << shift - if b < 0x80 { - break - } - } - case 16: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field RaftIndex", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConnect - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthConnect - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthConnect - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.RaftIndex == nil { - m.RaftIndex = &pbcommongogo.RaftIndex{} - } - if err := m.RaftIndex.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipConnect(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthConnect - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *IssuedCert) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConnect - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: IssuedCert: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: IssuedCert: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SerialNumber", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConnect - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthConnect - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthConnect - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.SerialNumber = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field CertPEM", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConnect - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthConnect - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthConnect - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.CertPEM = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field PrivateKeyPEM", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConnect - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthConnect - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthConnect - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.PrivateKeyPEM = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 4: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Service", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConnect - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthConnect - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthConnect - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Service = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 5: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ServiceURI", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConnect - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthConnect - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthConnect - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.ServiceURI = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 6: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Agent", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConnect - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthConnect - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthConnect - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Agent = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 7: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field AgentURI", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConnect - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthConnect - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthConnect - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.AgentURI = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 8: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ValidAfter", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConnect - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthConnect - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthConnect - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.ValidAfter == nil { - m.ValidAfter = &types.Timestamp{} - } - if err := m.ValidAfter.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 9: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ValidBefore", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConnect - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthConnect - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthConnect - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.ValidBefore == nil { - m.ValidBefore = &types.Timestamp{} - } - if err := m.ValidBefore.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 10: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field EnterpriseMeta", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConnect - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthConnect - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthConnect - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.EnterpriseMeta == nil { - m.EnterpriseMeta = &pbcommongogo.EnterpriseMeta{} - } - if err := m.EnterpriseMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 11: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field RaftIndex", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowConnect - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthConnect - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthConnect - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.RaftIndex == nil { - m.RaftIndex = &pbcommongogo.RaftIndex{} - } - if err := m.RaftIndex.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipConnect(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthConnect - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func skipConnect(dAtA []byte) (n int, err error) { - l := len(dAtA) - iNdEx := 0 - depth := 0 - for iNdEx < l { - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowConnect - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - wireType := int(wire & 0x7) - switch wireType { - case 0: - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowConnect - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - iNdEx++ - if dAtA[iNdEx-1] < 0x80 { - break - } - } - case 1: - iNdEx += 8 - case 2: - var length int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowConnect - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - length |= (int(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - if length < 0 { - return 0, ErrInvalidLengthConnect - } - iNdEx += length - case 3: - depth++ - case 4: - if depth == 0 { - return 0, ErrUnexpectedEndOfGroupConnect - } - depth-- - case 5: - iNdEx += 4 - default: - return 0, fmt.Errorf("proto: illegal wireType %d", wireType) - } - if iNdEx < 0 { - return 0, ErrInvalidLengthConnect - } - if depth == 0 { - return iNdEx, nil - } - } - return 0, io.ErrUnexpectedEOF -} - -var ( - ErrInvalidLengthConnect = fmt.Errorf("proto: negative length found during unmarshaling") - ErrIntOverflowConnect = fmt.Errorf("proto: integer overflow") - ErrUnexpectedEndOfGroupConnect = fmt.Errorf("proto: unexpected end of group") -) diff --git a/proto/pbconnect/connect.proto b/proto/pbconnect/connect.proto index 129fa5385..37ba5bcc9 100644 --- a/proto/pbconnect/connect.proto +++ b/proto/pbconnect/connect.proto @@ -5,7 +5,7 @@ package connect; option go_package = "github.com/hashicorp/consul/proto/pbconnect"; import "google/protobuf/timestamp.proto"; -import "proto/pbcommongogo/common.proto"; +import "proto/pbcommon/common.proto"; // CARoots is the list of all currently trusted CA Roots. // @@ -50,7 +50,7 @@ message CARoots { // QueryMeta here is mainly used to contain the latest Raft Index that could // be used to perform a blocking query. // mog: func-to=QueryMetaTo func-from=QueryMetaFrom - commongogo.QueryMeta QueryMeta = 4; + common.QueryMeta QueryMeta = 4; } // CARoot is the trusted CA Root. @@ -87,9 +87,9 @@ message CARoot { string ExternalTrustDomain = 5; // Time validity bounds. - // mog: func-to=structs.TimeFromProtoGogo func-from=structs.TimeToProtoGogo + // mog: func-to=structs.TimeFromProto func-from=structs.TimeToProto google.protobuf.Timestamp NotBefore = 6; - // mog: func-to=structs.TimeFromProtoGogo func-from=structs.TimeToProtoGogo + // mog: func-to=structs.TimeFromProto func-from=structs.TimeToProto google.protobuf.Timestamp NotAfter = 7; // RootCert is the PEM-encoded public certificate. @@ -114,7 +114,7 @@ message CARoot { // RotatedOutAt is the time at which this CA was removed from the state. // This will only be set on roots that have been rotated out from being the // active root. - // mog: func-to=structs.TimeFromProtoGogo func-from=structs.TimeToProtoGogo + // mog: func-to=structs.TimeFromProto func-from=structs.TimeToProto google.protobuf.Timestamp RotatedOutAt = 13; // PrivateKeyType is the type of the private key used to sign certificates. It @@ -129,9 +129,11 @@ message CARoot { int32 PrivateKeyBits = 15; // mog: func-to=RaftIndexTo func-from=RaftIndexFrom - commongogo.RaftIndex RaftIndex = 16; + common.RaftIndex RaftIndex = 16; } +// RaftIndex is used to track the index used while creating +// or modifying a given struct type. // // mog annotation: // @@ -161,15 +163,15 @@ message IssuedCert { // ValidAfter and ValidBefore are the validity periods for the // certificate. - // mog: func-to=structs.TimeFromProtoGogo func-from=structs.TimeToProtoGogo + // mog: func-to=structs.TimeFromProto func-from=structs.TimeToProto google.protobuf.Timestamp ValidAfter = 8; - // mog: func-to=structs.TimeFromProtoGogo func-from=structs.TimeToProtoGogo + // mog: func-to=structs.TimeFromProto func-from=structs.TimeToProto google.protobuf.Timestamp ValidBefore = 9; // EnterpriseMeta is the Consul Enterprise specific metadata // mog: func-to=EnterpriseMetaTo func-from=EnterpriseMetaFrom - commongogo.EnterpriseMeta EnterpriseMeta = 10; + common.EnterpriseMeta EnterpriseMeta = 10; // mog: func-to=RaftIndexTo func-from=RaftIndexFrom - commongogo.RaftIndex RaftIndex = 11; + common.RaftIndex RaftIndex = 11; } \ No newline at end of file From 31baed248decd708e4a12978d5bee4f22c3a7a3c Mon Sep 17 00:00:00 2001 From: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com> Date: Wed, 23 Mar 2022 11:46:56 -0400 Subject: [PATCH 009/785] docs: make gossip threat model more visible --- website/content/docs/security/security-models/core.mdx | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/website/content/docs/security/security-models/core.mdx b/website/content/docs/security/security-models/core.mdx index b11f5da30..f408a57f6 100644 --- a/website/content/docs/security/security-models/core.mdx +++ b/website/content/docs/security/security-models/core.mdx @@ -407,7 +407,9 @@ The following are not part of the threat model for client agents: configured identity, and extract information from Consul when ACLs are disabled. - **DNS** - Malicious actors with access to a Consul agent DNS endpoint may be able to extract service catalog - information. Gossip - Malicious actors with access to a Consul agent Serf gossip endpoint may be able to impersonate + information. + +- **Gossip** - Malicious actors with access to a Consul agent Serf gossip endpoint may be able to impersonate agents within a datacenter. Gossip encryption should be enabled, with a regularly rotated gossip key. - **Proxy (xDS)** - Malicious actors with access to a Consul agent xDS endpoint may be able to extract Envoy service From 98b733e41aab25e2eb7a56dffe132e5be5a0b81c Mon Sep 17 00:00:00 2001 From: Eric Date: Wed, 23 Mar 2022 12:10:03 -0400 Subject: [PATCH 010/785] remove gogo from pbservice --- agent/grpc/private/resolver/registry.go | 2 +- agent/grpc/private/resolver/resolver.go | 8 +- .../services/subscribe/subscribe_test.go | 124 +- agent/rpcclient/health/view_test.go | 9 +- agent/submatview/streaming_test.go | 10 +- build-support/scripts/proto-gen-entry.sh | 6 + go.mod | 2 +- go.sum | 4 +- proto/pbcommon/common_oss.go | 2 +- proto/pbservice/convert.go | 139 +- proto/pbservice/convert_oss.go | 8 +- proto/pbservice/convert_pbstruct.go | 3 +- proto/pbservice/healthcheck.gen.go | 150 +- proto/pbservice/healthcheck.pb.go | 4352 +++-------------- proto/pbservice/healthcheck.proto | 58 +- proto/pbservice/ids.go | 12 +- proto/pbservice/ids_test.go | 6 +- proto/pbservice/node.gen.go | 58 +- proto/pbservice/node.pb.go | 2380 ++------- proto/pbservice/node.proto | 28 +- proto/pbservice/service.gen.go | 184 +- proto/pbservice/service.pb.go | 4272 +++------------- proto/pbservice/service.proto | 41 +- proto/pbsubscribe/subscribe.pb.go | 1331 +---- 24 files changed, 2059 insertions(+), 11130 deletions(-) diff --git a/agent/grpc/private/resolver/registry.go b/agent/grpc/private/resolver/registry.go index d305b607d..14c93af2d 100644 --- a/agent/grpc/private/resolver/registry.go +++ b/agent/grpc/private/resolver/registry.go @@ -16,7 +16,7 @@ type registry struct { byAuthority map[string]*ServerResolverBuilder } -func (r *registry) Build(target resolver.Target, cc resolver.ClientConn, opts resolver.BuildOption) (resolver.Resolver, error) { +func (r *registry) Build(target resolver.Target, cc resolver.ClientConn, opts resolver.BuildOptions) (resolver.Resolver, error) { r.lock.RLock() defer r.lock.RUnlock() res, ok := r.byAuthority[target.Authority] diff --git a/agent/grpc/private/resolver/resolver.go b/agent/grpc/private/resolver/resolver.go index e77ee568d..c0c3b8938 100644 --- a/agent/grpc/private/resolver/resolver.go +++ b/agent/grpc/private/resolver/resolver.go @@ -85,7 +85,7 @@ func (s *ServerResolverBuilder) ServerForGlobalAddr(globalAddr string) (*metadat // Build returns a new serverResolver for the given ClientConn. The resolver // will keep the ClientConn's state updated based on updates from Serf. -func (s *ServerResolverBuilder) Build(target resolver.Target, cc resolver.ClientConn, _ resolver.BuildOption) (resolver.Resolver, error) { +func (s *ServerResolverBuilder) Build(target resolver.Target, cc resolver.ClientConn, _ resolver.BuildOptions) (resolver.Resolver, error) { s.lock.Lock() defer s.lock.Unlock() @@ -221,7 +221,6 @@ func (s *ServerResolverBuilder) getDCAddrs(dc string) []resolver.Address { addrs = append(addrs, resolver.Address{ // NOTE: the address persisted here is only dialable using our custom dialer Addr: DCPrefix(server.Datacenter, server.Addr.String()), - Type: resolver.Backend, ServerName: server.Name, }) } @@ -294,14 +293,14 @@ func (r *serverResolver) Close() { } // ResolveNow is not used -func (*serverResolver) ResolveNow(resolver.ResolveNowOption) {} +func (*serverResolver) ResolveNow(options resolver.ResolveNowOptions) {} type leaderResolver struct { globalAddr string clientConn resolver.ClientConn } -func (l leaderResolver) ResolveNow(resolver.ResolveNowOption) {} +func (l leaderResolver) ResolveNow(resolver.ResolveNowOptions) {} func (l leaderResolver) Close() {} @@ -313,7 +312,6 @@ func (l leaderResolver) updateClientConn() { { // NOTE: the address persisted here is only dialable using our custom dialer Addr: l.globalAddr, - Type: resolver.Backend, ServerName: "leader", }, } diff --git a/agent/grpc/private/services/subscribe/subscribe_test.go b/agent/grpc/private/services/subscribe/subscribe_test.go index a084b6f55..0a52c0f49 100644 --- a/agent/grpc/private/services/subscribe/subscribe_test.go +++ b/agent/grpc/private/services/subscribe/subscribe_test.go @@ -3,6 +3,8 @@ package subscribe import ( "context" "errors" + "github.com/golang/protobuf/ptypes/duration" + "github.com/hashicorp/consul/proto/pbcommon" "io" "net" "testing" @@ -154,12 +156,14 @@ func TestServer_Subscribe_IntegrationWithBackend(t *testing.T) { Port: 8080, Weights: &pbservice.Weights{Passing: 1, Warning: 1}, // Sad empty state - Proxy: pbservice.ConnectProxyConfig{ - MeshGateway: pbservice.MeshGatewayConfig{}, - Expose: pbservice.ExposeConfig{}, + Proxy: &pbservice.ConnectProxyConfig{ + MeshGateway: &pbservice.MeshGatewayConfig{}, + Expose: &pbservice.ExposeConfig{}, + TransparentProxy: &pbservice.TransparentProxyConfig{}, }, + Connect: &pbservice.ServiceConnect{}, RaftIndex: raftIndex(ids, "reg2", "reg2"), - EnterpriseMeta: pbcommongogo.DefaultEnterpriseMeta, + EnterpriseMeta: pbcommon.DefaultEnterpriseMeta, }, }, }, @@ -185,12 +189,14 @@ func TestServer_Subscribe_IntegrationWithBackend(t *testing.T) { Port: 8080, Weights: &pbservice.Weights{Passing: 1, Warning: 1}, // Sad empty state - Proxy: pbservice.ConnectProxyConfig{ - MeshGateway: pbservice.MeshGatewayConfig{}, - Expose: pbservice.ExposeConfig{}, + Proxy: &pbservice.ConnectProxyConfig{ + MeshGateway: &pbservice.MeshGatewayConfig{}, + Expose: &pbservice.ExposeConfig{}, + TransparentProxy: &pbservice.TransparentProxyConfig{}, }, + Connect: &pbservice.ServiceConnect{}, RaftIndex: raftIndex(ids, "reg3", "reg3"), - EnterpriseMeta: pbcommongogo.DefaultEnterpriseMeta, + EnterpriseMeta: pbcommon.DefaultEnterpriseMeta, }, }, }, @@ -235,12 +241,14 @@ func TestServer_Subscribe_IntegrationWithBackend(t *testing.T) { Port: 8080, Weights: &pbservice.Weights{Passing: 1, Warning: 1}, // Sad empty state - Proxy: pbservice.ConnectProxyConfig{ - MeshGateway: pbservice.MeshGatewayConfig{}, - Expose: pbservice.ExposeConfig{}, + Proxy: &pbservice.ConnectProxyConfig{ + MeshGateway: &pbservice.MeshGatewayConfig{}, + Expose: &pbservice.ExposeConfig{}, + TransparentProxy: &pbservice.TransparentProxyConfig{}, }, + Connect: &pbservice.ServiceConnect{}, RaftIndex: raftIndex(ids, "reg3", "reg3"), - EnterpriseMeta: pbcommongogo.DefaultEnterpriseMeta, + EnterpriseMeta: pbcommon.DefaultEnterpriseMeta, }, Checks: []*pbservice.HealthCheck{ { @@ -251,7 +259,13 @@ func TestServer_Subscribe_IntegrationWithBackend(t *testing.T) { ServiceID: "redis1", ServiceName: "redis", RaftIndex: raftIndex(ids, "update", "update"), - EnterpriseMeta: pbcommongogo.DefaultEnterpriseMeta, + EnterpriseMeta: pbcommon.DefaultEnterpriseMeta, + Definition: &pbservice.HealthCheckDefinition{ + Interval: &duration.Duration{}, + Timeout: &duration.Duration{}, + DeregisterCriticalServiceAfter: &duration.Duration{}, + TTL: &duration.Duration{}, + }, }, }, }, @@ -395,8 +409,8 @@ func newCounter() *counter { return &counter{labels: make(map[string]uint64)} } -func raftIndex(ids *counter, created, modified string) pbcommongogo.RaftIndex { - return pbcommongogo.RaftIndex{ +func raftIndex(ids *counter, created, modified string) *pbcommon.RaftIndex { + return &pbcommon.RaftIndex{ CreateIndex: ids.For(created), ModifyIndex: ids.For(modified), } @@ -507,11 +521,13 @@ func TestServer_Subscribe_IntegrationWithBackend_ForwardToDC(t *testing.T) { Port: 8080, Weights: &pbservice.Weights{Passing: 1, Warning: 1}, // Sad empty state - Proxy: pbservice.ConnectProxyConfig{ - MeshGateway: pbservice.MeshGatewayConfig{}, - Expose: pbservice.ExposeConfig{}, + Proxy: &pbservice.ConnectProxyConfig{ + MeshGateway: &pbservice.MeshGatewayConfig{}, + Expose: &pbservice.ExposeConfig{}, + TransparentProxy: &pbservice.TransparentProxyConfig{}, }, - EnterpriseMeta: pbcommongogo.DefaultEnterpriseMeta, + Connect: &pbservice.ServiceConnect{}, + EnterpriseMeta: pbcommon.DefaultEnterpriseMeta, RaftIndex: raftIndex(ids, "reg2", "reg2"), }, }, @@ -538,11 +554,13 @@ func TestServer_Subscribe_IntegrationWithBackend_ForwardToDC(t *testing.T) { Port: 8080, Weights: &pbservice.Weights{Passing: 1, Warning: 1}, // Sad empty state - Proxy: pbservice.ConnectProxyConfig{ - MeshGateway: pbservice.MeshGatewayConfig{}, - Expose: pbservice.ExposeConfig{}, + Proxy: &pbservice.ConnectProxyConfig{ + MeshGateway: &pbservice.MeshGatewayConfig{}, + Expose: &pbservice.ExposeConfig{}, + TransparentProxy: &pbservice.TransparentProxyConfig{}, }, - EnterpriseMeta: pbcommongogo.DefaultEnterpriseMeta, + Connect: &pbservice.ServiceConnect{}, + EnterpriseMeta: pbcommon.DefaultEnterpriseMeta, RaftIndex: raftIndex(ids, "reg3", "reg3"), }, }, @@ -589,11 +607,13 @@ func TestServer_Subscribe_IntegrationWithBackend_ForwardToDC(t *testing.T) { RaftIndex: raftIndex(ids, "reg3", "reg3"), Weights: &pbservice.Weights{Passing: 1, Warning: 1}, // Sad empty state - Proxy: pbservice.ConnectProxyConfig{ - MeshGateway: pbservice.MeshGatewayConfig{}, - Expose: pbservice.ExposeConfig{}, + Proxy: &pbservice.ConnectProxyConfig{ + MeshGateway: &pbservice.MeshGatewayConfig{}, + Expose: &pbservice.ExposeConfig{}, + TransparentProxy: &pbservice.TransparentProxyConfig{}, }, - EnterpriseMeta: pbcommongogo.DefaultEnterpriseMeta, + Connect: &pbservice.ServiceConnect{}, + EnterpriseMeta: pbcommon.DefaultEnterpriseMeta, }, Checks: []*pbservice.HealthCheck{ { @@ -604,7 +624,13 @@ func TestServer_Subscribe_IntegrationWithBackend_ForwardToDC(t *testing.T) { ServiceID: "redis1", ServiceName: "redis", RaftIndex: raftIndex(ids, "update", "update"), - EnterpriseMeta: pbcommongogo.DefaultEnterpriseMeta, + EnterpriseMeta: pbcommon.DefaultEnterpriseMeta, + Definition: &pbservice.HealthCheckDefinition{ + Interval: &duration.Duration{}, + Timeout: &duration.Duration{}, + DeregisterCriticalServiceAfter: &duration.Duration{}, + TTL: &duration.Duration{}, + }, }, }, }, @@ -986,8 +1012,18 @@ func TestNewEventFromSteamEvent(t *testing.T) { ServiceHealth: &pbsubscribe.ServiceHealthUpdate{ Op: pbsubscribe.CatalogOp_Register, CheckServiceNode: &pbservice.CheckServiceNode{ - Node: &pbservice.Node{Node: "node1"}, - Service: &pbservice.NodeService{Service: "web1"}, + Node: &pbservice.Node{Node: "node1", RaftIndex: &pbcommon.RaftIndex{}}, + Service: &pbservice.NodeService{ + Service: "web1", + Proxy: &pbservice.ConnectProxyConfig{ + MeshGateway: &pbservice.MeshGatewayConfig{}, + Expose: &pbservice.ExposeConfig{}, + TransparentProxy: &pbservice.TransparentProxyConfig{}, + }, + Connect: &pbservice.ServiceConnect{}, + EnterpriseMeta: &pbcommon.EnterpriseMeta{}, + RaftIndex: &pbcommon.RaftIndex{}, + }, }, }, }, @@ -998,8 +1034,18 @@ func TestNewEventFromSteamEvent(t *testing.T) { ServiceHealth: &pbsubscribe.ServiceHealthUpdate{ Op: pbsubscribe.CatalogOp_Deregister, CheckServiceNode: &pbservice.CheckServiceNode{ - Node: &pbservice.Node{Node: "node2"}, - Service: &pbservice.NodeService{Service: "web1"}, + Node: &pbservice.Node{Node: "node2", RaftIndex: &pbcommon.RaftIndex{}}, + Service: &pbservice.NodeService{ + Service: "web1", + Proxy: &pbservice.ConnectProxyConfig{ + MeshGateway: &pbservice.MeshGatewayConfig{}, + Expose: &pbservice.ExposeConfig{}, + TransparentProxy: &pbservice.TransparentProxyConfig{}, + }, + Connect: &pbservice.ServiceConnect{}, + EnterpriseMeta: &pbcommon.EnterpriseMeta{}, + RaftIndex: &pbcommon.RaftIndex{}, + }, }, }, }, @@ -1027,8 +1073,18 @@ func TestNewEventFromSteamEvent(t *testing.T) { ServiceHealth: &pbsubscribe.ServiceHealthUpdate{ Op: pbsubscribe.CatalogOp_Register, CheckServiceNode: &pbservice.CheckServiceNode{ - Node: &pbservice.Node{Node: "node1"}, - Service: &pbservice.NodeService{Service: "web1"}, + Node: &pbservice.Node{Node: "node1", RaftIndex: &pbcommon.RaftIndex{}}, + Service: &pbservice.NodeService{ + Service: "web1", + Proxy: &pbservice.ConnectProxyConfig{ + MeshGateway: &pbservice.MeshGatewayConfig{}, + Expose: &pbservice.ExposeConfig{}, + TransparentProxy: &pbservice.TransparentProxyConfig{}, + }, + Connect: &pbservice.ServiceConnect{}, + EnterpriseMeta: &pbcommon.EnterpriseMeta{}, + RaftIndex: &pbcommon.RaftIndex{}, + }, }, }, }, diff --git a/agent/rpcclient/health/view_test.go b/agent/rpcclient/health/view_test.go index bc5795c05..9dc00150f 100644 --- a/agent/rpcclient/health/view_test.go +++ b/agent/rpcclient/health/view_test.go @@ -4,6 +4,7 @@ import ( "context" "errors" "fmt" + "github.com/hashicorp/consul/proto/pbcommon" "strings" "testing" "time" @@ -568,11 +569,11 @@ func newEventServiceHealthRegister(index uint64, nodeNum int, svc string) *pbsub Op: pbsubscribe.CatalogOp_Register, CheckServiceNode: &pbservice.CheckServiceNode{ Node: &pbservice.Node{ - ID: nodeID, + ID: string(nodeID), Node: node, Address: addr, Datacenter: "dc1", - RaftIndex: pbcommongogo.RaftIndex{ + RaftIndex: &pbcommon.RaftIndex{ CreateIndex: index, ModifyIndex: index, }, @@ -581,7 +582,7 @@ func newEventServiceHealthRegister(index uint64, nodeNum int, svc string) *pbsub ID: svc, Service: svc, Port: 8080, - RaftIndex: pbcommongogo.RaftIndex{ + RaftIndex: &pbcommon.RaftIndex{ CreateIndex: index, ModifyIndex: index, }, @@ -612,7 +613,7 @@ func newEventServiceHealthDeregister(index uint64, nodeNum int, svc string) *pbs Passing: 1, Warning: 1, }, - RaftIndex: pbcommongogo.RaftIndex{ + RaftIndex: &pbcommon.RaftIndex{ // The original insertion index since a delete doesn't update // this. This magic value came from state store tests where we // setup at index 10 and then mutate at index 100. It can be diff --git a/agent/submatview/streaming_test.go b/agent/submatview/streaming_test.go index be484cac6..764cd47dc 100644 --- a/agent/submatview/streaming_test.go +++ b/agent/submatview/streaming_test.go @@ -3,11 +3,11 @@ package submatview import ( "context" "fmt" + "github.com/hashicorp/consul/proto/pbcommon" "sync" "google.golang.org/grpc" - "github.com/hashicorp/consul/proto/pbcommongogo" "github.com/hashicorp/consul/proto/pbservice" "github.com/hashicorp/consul/proto/pbsubscribe" "github.com/hashicorp/consul/types" @@ -116,11 +116,11 @@ func newEventServiceHealthRegister(index uint64, nodeNum int, svc string) *pbsub Op: pbsubscribe.CatalogOp_Register, CheckServiceNode: &pbservice.CheckServiceNode{ Node: &pbservice.Node{ - ID: nodeID, + ID: string(nodeID), Node: node, Address: addr, Datacenter: "dc1", - RaftIndex: pbcommongogo.RaftIndex{ + RaftIndex: &pbcommon.RaftIndex{ CreateIndex: index, ModifyIndex: index, }, @@ -129,7 +129,7 @@ func newEventServiceHealthRegister(index uint64, nodeNum int, svc string) *pbsub ID: svc, Service: svc, Port: 8080, - RaftIndex: pbcommongogo.RaftIndex{ + RaftIndex: &pbcommon.RaftIndex{ CreateIndex: index, ModifyIndex: index, }, @@ -160,7 +160,7 @@ func newEventServiceHealthDeregister(index uint64, nodeNum int, svc string) *pbs Passing: 1, Warning: 1, }, - RaftIndex: pbcommongogo.RaftIndex{ + RaftIndex: &pbcommon.RaftIndex{ // The original insertion index since a delete doesn't update // this. This magic value came from state store tests where we // setup at index 10 and then mutate at index 100. It can be diff --git a/build-support/scripts/proto-gen-entry.sh b/build-support/scripts/proto-gen-entry.sh index 4deb2bf29..639f725cc 100644 --- a/build-support/scripts/proto-gen-entry.sh +++ b/build-support/scripts/proto-gen-entry.sh @@ -14,6 +14,12 @@ elif [[ "$FILENAME" =~ .*pbconfig/.* ]]; then elif [[ "$FILENAME" =~ .*pbautoconf/.* ]]; then echo "$FILENAME no gogo" ./build-support/scripts/proto-gen-no-gogo.sh $1 $2 $3 +elif [[ "$FILENAME" =~ .*pbservice/.* ]]; then + echo "$FILENAME no gogo" + ./build-support/scripts/proto-gen-no-gogo.sh $1 $2 $3 +elif [[ "$FILENAME" =~ .*pbsubscribe/.* ]]; then + echo "$FILENAME no gogo" + ./build-support/scripts/proto-gen-no-gogo.sh $1 $2 $3 else echo "$FILENAME gogo" ./build-support/scripts/proto-gen.sh $1 $2 $3 diff --git a/go.mod b/go.mod index 17fe9d28d..628a30202 100644 --- a/go.mod +++ b/go.mod @@ -94,7 +94,7 @@ require ( google.golang.org/api v0.9.0 // indirect google.golang.org/appengine v1.6.0 // indirect google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55 - google.golang.org/grpc v1.25.1 + google.golang.org/grpc v1.27.1 gopkg.in/square/go-jose.v2 v2.5.1 gotest.tools/v3 v3.0.3 k8s.io/api v0.18.2 diff --git a/go.sum b/go.sum index 085684975..688dd2b8f 100644 --- a/go.sum +++ b/go.sum @@ -130,6 +130,7 @@ github.com/elazarl/go-bindata-assetfs v0.0.0-20160803192304-e1a2a7ec64b0/go.mod github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= +github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.5 h1:lRJIqDD8yjV1YyPRqecMdytjDLs2fTXq363aCib5xPU= github.com/envoyproxy/go-control-plane v0.9.5/go.mod h1:OXl5to++W0ctG+EHWTFUjiypVxC/Y4VLc/KFU+al13s= github.com/envoyproxy/protoc-gen-validate v0.1.0 h1:EQciDnbrYxy13PgWoY8AqoxGiPrpgBZ1R8UNe3ddc+A= @@ -714,8 +715,9 @@ google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiq google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= google.golang.org/grpc v1.22.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= -google.golang.org/grpc v1.25.1 h1:wdKvqQk7IttEw92GoRyKG2IDrUIpgpj6H6m81yfeMW0= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= +google.golang.org/grpc v1.27.1 h1:zvIju4sqAGvwKspUQOhwnpcqSbzi7/H6QomNNjTL4sk= +google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/proto/pbcommon/common_oss.go b/proto/pbcommon/common_oss.go index e96c1a4b3..2dc2026e8 100644 --- a/proto/pbcommon/common_oss.go +++ b/proto/pbcommon/common_oss.go @@ -7,7 +7,7 @@ import ( "github.com/hashicorp/consul/agent/structs" ) -var DefaultEnterpriseMeta = EnterpriseMeta{} +var DefaultEnterpriseMeta = &EnterpriseMeta{} func NewEnterpriseMetaFromStructs(_ structs.EnterpriseMeta) *EnterpriseMeta { return &EnterpriseMeta{} diff --git a/proto/pbservice/convert.go b/proto/pbservice/convert.go index a68c22b8f..c981d1cb3 100644 --- a/proto/pbservice/convert.go +++ b/proto/pbservice/convert.go @@ -2,24 +2,28 @@ package pbservice import ( "github.com/hashicorp/consul/agent/structs" - "github.com/hashicorp/consul/proto/pbcommongogo" + "github.com/hashicorp/consul/proto/pbcommon" + "github.com/hashicorp/consul/types" ) -func RaftIndexToStructs(s pbcommongogo.RaftIndex) structs.RaftIndex { +type CheckIDType = types.CheckID +type NodeIDType = types.NodeID + +func RaftIndexToStructs(s *pbcommon.RaftIndex) structs.RaftIndex { return structs.RaftIndex{ CreateIndex: s.CreateIndex, ModifyIndex: s.ModifyIndex, } } -func NewRaftIndexFromStructs(s structs.RaftIndex) pbcommongogo.RaftIndex { - return pbcommongogo.RaftIndex{ +func NewRaftIndexFromStructs(s structs.RaftIndex) *pbcommon.RaftIndex { + return &pbcommon.RaftIndex{ CreateIndex: s.CreateIndex, ModifyIndex: s.ModifyIndex, } } -func MapHeadersToStructs(s map[string]HeaderValue) map[string][]string { +func MapHeadersToStructs(s map[string]*HeaderValue) map[string][]string { t := make(map[string][]string, len(s)) for k, v := range s { t[k] = v.Value @@ -27,10 +31,10 @@ func MapHeadersToStructs(s map[string]HeaderValue) map[string][]string { return t } -func NewMapHeadersFromStructs(t map[string][]string) map[string]HeaderValue { - s := make(map[string]HeaderValue, len(t)) +func NewMapHeadersFromStructs(t map[string][]string) map[string]*HeaderValue { + s := make(map[string]*HeaderValue, len(t)) for k, v := range t { - s[k] = HeaderValue{Value: v} + s[k] = &HeaderValue{Value: v} } return s } @@ -42,23 +46,23 @@ func CheckServiceNodeToStructs(s *CheckServiceNode) (*structs.CheckServiceNode, } var t structs.CheckServiceNode if s.Node != nil { - n := NodeToStructs(*s.Node) - t.Node = &n + n := new(structs.Node) + NodeToStructs(s.Node, n) + t.Node = n } if s.Service != nil { - r := NodeServiceToStructs(*s.Service) - t.Service = &r + r := new(structs.NodeService) + NodeServiceToStructs(s.Service, r) + t.Service = r } t.Checks = make(structs.HealthChecks, len(s.Checks)) for i, c := range s.Checks { if c == nil { continue } - h, err := HealthCheckToStructs(*c) - if err != nil { - return &t, err - } - t.Checks[i] = &h + h := new(structs.HealthCheck) + HealthCheckToStructs(c, h) + t.Checks[i] = h } return &t, nil } @@ -70,20 +74,23 @@ func NewCheckServiceNodeFromStructs(t *structs.CheckServiceNode) *CheckServiceNo } var s CheckServiceNode if t.Node != nil { - n := NewNodeFromStructs(*t.Node) - s.Node = &n + n := new(Node) + NodeFromStructs(t.Node, n) + s.Node = n } if t.Service != nil { - r := NewNodeServiceFromStructs(*t.Service) - s.Service = &r + r := new(NodeService) + NodeServiceFromStructs(t.Service, r) + s.Service = r } s.Checks = make([]*HealthCheck, len(t.Checks)) for i, c := range t.Checks { if c == nil { continue } - h := NewHealthCheckFromStructs(*c) - s.Checks[i] = &h + h := new(HealthCheck) + HealthCheckFromStructs(c, h) + s.Checks[i] = h } return &s } @@ -111,7 +118,7 @@ func NewWeightsPtrFromStructs(t *structs.Weights) *Weights { } // TODO: handle this with mog -func MapStringServiceAddressToStructs(s map[string]ServiceAddress) map[string]structs.ServiceAddress { +func MapStringServiceAddressToStructs(s map[string]*ServiceAddress) map[string]structs.ServiceAddress { t := make(map[string]structs.ServiceAddress, len(s)) for k, v := range s { t[k] = structs.ServiceAddress{Address: v.Address, Port: int(v.Port)} @@ -120,64 +127,70 @@ func MapStringServiceAddressToStructs(s map[string]ServiceAddress) map[string]st } // TODO: handle this with mog -func NewMapStringServiceAddressFromStructs(t map[string]structs.ServiceAddress) map[string]ServiceAddress { - s := make(map[string]ServiceAddress, len(t)) +func NewMapStringServiceAddressFromStructs(t map[string]structs.ServiceAddress) map[string]*ServiceAddress { + s := make(map[string]*ServiceAddress, len(t)) for k, v := range t { - s[k] = ServiceAddress{Address: v.Address, Port: int32(v.Port)} + s[k] = &ServiceAddress{Address: v.Address, Port: int32(v.Port)} } return s } // TODO: handle this with mog -func ExposePathSliceToStructs(s []ExposePath) []structs.ExposePath { +func ExposePathSliceToStructs(s []*ExposePath) []structs.ExposePath { t := make([]structs.ExposePath, len(s)) for i, v := range s { - t[i] = ExposePathToStructs(v) + e := new(structs.ExposePath) + ExposePathToStructs(v, e) + t[i] = *e } return t } // TODO: handle this with mog -func NewExposePathSliceFromStructs(t []structs.ExposePath) []ExposePath { - s := make([]ExposePath, len(t)) +func NewExposePathSliceFromStructs(t []structs.ExposePath) []*ExposePath { + s := make([]*ExposePath, len(t)) for i, v := range t { - s[i] = NewExposePathFromStructs(v) + ep := new(ExposePath) + ExposePathFromStructs(&v, ep) + s[i] = ep } return s } // TODO: handle this with mog -func UpstreamsToStructs(s []Upstream) structs.Upstreams { +func UpstreamsToStructs(s []*Upstream) structs.Upstreams { t := make(structs.Upstreams, len(s)) for i, v := range s { - t[i] = UpstreamToStructs(v) + u := new(structs.Upstream) + UpstreamToStructs(v, u) + t[i] = *u } return t } // TODO: handle this with mog -func NewUpstreamsFromStructs(t structs.Upstreams) []Upstream { - s := make([]Upstream, len(t)) +func NewUpstreamsFromStructs(t structs.Upstreams) []*Upstream { + s := make([]*Upstream, len(t)) for i, v := range t { - s[i] = NewUpstreamFromStructs(v) + u := new(Upstream) + UpstreamFromStructs(&v, u) + s[i] = u } return s } // TODO: handle this with mog -func CheckTypesToStructs(s []*CheckType) (structs.CheckTypes, error) { +func CheckTypesToStructs(s []*CheckType) structs.CheckTypes { t := make(structs.CheckTypes, len(s)) for i, v := range s { if v == nil { continue } - newV, err := CheckTypeToStructs(*v) - if err != nil { - return t, err - } - t[i] = &newV + c := new(structs.CheckType) + CheckTypeToStructs(v, c) + t[i] = c } - return t, nil + return t } // TODO: handle this with mog @@ -187,8 +200,9 @@ func NewCheckTypesFromStructs(t structs.CheckTypes) []*CheckType { if v == nil { continue } - newV := NewCheckTypeFromStructs(*v) - s[i] = &newV + newV := new(CheckType) + CheckTypeFromStructs(v, newV) + s[i] = newV } return s } @@ -198,8 +212,9 @@ func ConnectProxyConfigPtrToStructs(s *ConnectProxyConfig) *structs.ConnectProxy if s == nil { return nil } - t := ConnectProxyConfigToStructs(*s) - return &t + c := new(structs.ConnectProxyConfig) + ConnectProxyConfigToStructs(s, c) + return c } // TODO: handle this with mog @@ -207,8 +222,9 @@ func NewConnectProxyConfigPtrFromStructs(t *structs.ConnectProxyConfig) *Connect if t == nil { return nil } - s := NewConnectProxyConfigFromStructs(*t) - return &s + cp := new(ConnectProxyConfig) + ConnectProxyConfigFromStructs(t, cp) + return cp } // TODO: handle this with mog @@ -216,8 +232,9 @@ func ServiceConnectPtrToStructs(s *ServiceConnect) *structs.ServiceConnect { if s == nil { return nil } - t := ServiceConnectToStructs(*s) - return &t + sc := new(structs.ServiceConnect) + ServiceConnectToStructs(s, sc) + return sc } // TODO: handle this with mog @@ -225,8 +242,9 @@ func NewServiceConnectPtrFromStructs(t *structs.ServiceConnect) *ServiceConnect if t == nil { return nil } - s := NewServiceConnectFromStructs(*t) - return &s + sc := new(ServiceConnect) + ServiceConnectFromStructs(t, sc) + return sc } // TODO: handle this with mog @@ -234,11 +252,9 @@ func ServiceDefinitionPtrToStructs(s *ServiceDefinition) *structs.ServiceDefinit if s == nil { return nil } - t, err := ServiceDefinitionToStructs(*s) - if err != nil { - return nil - } - return &t + sd := new(structs.ServiceDefinition) + ServiceDefinitionToStructs(s, sd) + return sd } // TODO: handle this with mog @@ -246,6 +262,7 @@ func NewServiceDefinitionPtrFromStructs(t *structs.ServiceDefinition) *ServiceDe if t == nil { return nil } - s := NewServiceDefinitionFromStructs(*t) - return &s + sd := new(ServiceDefinition) + ServiceDefinitionFromStructs(t, sd) + return sd } diff --git a/proto/pbservice/convert_oss.go b/proto/pbservice/convert_oss.go index 214cf69ad..4efb78bef 100644 --- a/proto/pbservice/convert_oss.go +++ b/proto/pbservice/convert_oss.go @@ -5,13 +5,13 @@ package pbservice import ( "github.com/hashicorp/consul/agent/structs" - "github.com/hashicorp/consul/proto/pbcommongogo" + "github.com/hashicorp/consul/proto/pbcommon" ) -func EnterpriseMetaToStructs(_ pbcommongogo.EnterpriseMeta) structs.EnterpriseMeta { +func EnterpriseMetaToStructs(_ *pbcommon.EnterpriseMeta) structs.EnterpriseMeta { return structs.EnterpriseMeta{} } -func NewEnterpriseMetaFromStructs(_ structs.EnterpriseMeta) pbcommongogo.EnterpriseMeta { - return pbcommongogo.EnterpriseMeta{} +func NewEnterpriseMetaFromStructs(_ structs.EnterpriseMeta) *pbcommon.EnterpriseMeta { + return &pbcommon.EnterpriseMeta{} } diff --git a/proto/pbservice/convert_pbstruct.go b/proto/pbservice/convert_pbstruct.go index dbb0ea5a1..1a09d81ef 100644 --- a/proto/pbservice/convert_pbstruct.go +++ b/proto/pbservice/convert_pbstruct.go @@ -4,7 +4,8 @@ import ( fmt "fmt" "reflect" - types "github.com/gogo/protobuf/types" + //TODO(gogo-remove): remove the types alias + types "github.com/golang/protobuf/ptypes/struct" ) // ProtobufTypesStructToMapStringInterface converts a protobuf/types.Struct into a diff --git a/proto/pbservice/healthcheck.gen.go b/proto/pbservice/healthcheck.gen.go index 345b13719..6bdb63b4b 100644 --- a/proto/pbservice/healthcheck.gen.go +++ b/proto/pbservice/healthcheck.gen.go @@ -2,14 +2,13 @@ package pbservice -import ( - "github.com/hashicorp/consul/agent/structs" - "github.com/hashicorp/consul/proto/pbutil" -) +import "github.com/hashicorp/consul/agent/structs" -func CheckTypeToStructs(s CheckType) (structs.CheckType, error) { - var t structs.CheckType - t.CheckID = s.CheckID +func CheckTypeToStructs(s *CheckType, t *structs.CheckType) { + if s == nil { + return + } + t.CheckID = CheckIDType(s.CheckID) t.Name = s.Name t.Status = s.Status t.Notes = s.Notes @@ -21,12 +20,7 @@ func CheckTypeToStructs(s CheckType) (structs.CheckType, error) { t.Method = s.Method t.Body = s.Body t.TCP = s.TCP - interval, err := pbutil.DurationFromProto(&s.Interval) - if err != nil { - return t, err - } - t.Interval = interval - + t.Interval = structs.DurationFromProto(s.Interval) t.AliasNode = s.AliasNode t.AliasService = s.AliasService t.DockerContainerID = s.DockerContainerID @@ -35,32 +29,21 @@ func CheckTypeToStructs(s CheckType) (structs.CheckType, error) { t.GRPCUseTLS = s.GRPCUseTLS t.TLSServerName = s.TLSServerName t.TLSSkipVerify = s.TLSSkipVerify - timeout, err := pbutil.DurationFromProto(&s.Timeout) - if err != nil { - return t, err - } - t.Timeout = timeout - ttl, err := pbutil.DurationFromProto(&s.TTL) - if err != nil { - return t, err - } - t.TTL = ttl + t.Timeout = structs.DurationFromProto(s.Timeout) + t.TTL = structs.DurationFromProto(s.TTL) t.SuccessBeforePassing = int(s.SuccessBeforePassing) - t.FailuresBeforeCritical = int(s.FailuresBeforeCritical) t.FailuresBeforeWarning = int(s.FailuresBeforeWarning) + t.FailuresBeforeCritical = int(s.FailuresBeforeCritical) t.ProxyHTTP = s.ProxyHTTP t.ProxyGRPC = s.ProxyGRPC - deregisterCriticalServiceAfter, err := pbutil.DurationFromProto(&s.DeregisterCriticalServiceAfter) - if err != nil { - return t, err - } - t.DeregisterCriticalServiceAfter = deregisterCriticalServiceAfter + t.DeregisterCriticalServiceAfter = structs.DurationFromProto(s.DeregisterCriticalServiceAfter) t.OutputMaxSize = int(s.OutputMaxSize) - return t, nil } -func NewCheckTypeFromStructs(t structs.CheckType) CheckType { - var s CheckType - s.CheckID = t.CheckID +func CheckTypeFromStructs(t *structs.CheckType, s *CheckType) { + if s == nil { + return + } + s.CheckID = string(t.CheckID) s.Name = t.Name s.Status = t.Status s.Notes = t.Notes @@ -72,7 +55,7 @@ func NewCheckTypeFromStructs(t structs.CheckType) CheckType { s.Method = t.Method s.Body = t.Body s.TCP = t.TCP - s.Interval = *pbutil.DurationToProto(t.Interval) + s.Interval = structs.DurationToProto(t.Interval) s.AliasNode = t.AliasNode s.AliasService = t.AliasService s.DockerContainerID = t.DockerContainerID @@ -81,21 +64,22 @@ func NewCheckTypeFromStructs(t structs.CheckType) CheckType { s.GRPCUseTLS = t.GRPCUseTLS s.TLSServerName = t.TLSServerName s.TLSSkipVerify = t.TLSSkipVerify - s.Timeout = *pbutil.DurationToProto(t.Timeout) - s.TTL = *pbutil.DurationToProto(t.TTL) + s.Timeout = structs.DurationToProto(t.Timeout) + s.TTL = structs.DurationToProto(t.TTL) s.SuccessBeforePassing = int32(t.SuccessBeforePassing) - s.FailuresBeforeCritical = int32(t.FailuresBeforeCritical) s.FailuresBeforeWarning = int32(t.FailuresBeforeWarning) + s.FailuresBeforeCritical = int32(t.FailuresBeforeCritical) s.ProxyHTTP = t.ProxyHTTP s.ProxyGRPC = t.ProxyGRPC - s.DeregisterCriticalServiceAfter = *pbutil.DurationToProto(t.DeregisterCriticalServiceAfter) + s.DeregisterCriticalServiceAfter = structs.DurationToProto(t.DeregisterCriticalServiceAfter) s.OutputMaxSize = int32(t.OutputMaxSize) - return s } -func HealthCheckToStructs(s HealthCheck) (structs.HealthCheck, error) { - var t structs.HealthCheck +func HealthCheckToStructs(s *HealthCheck, t *structs.HealthCheck) { + if s == nil { + return + } t.Node = s.Node - t.CheckID = s.CheckID + t.CheckID = CheckIDType(s.CheckID) t.Name = s.Name t.Status = s.Status t.Notes = s.Notes @@ -104,22 +88,21 @@ func HealthCheckToStructs(s HealthCheck) (structs.HealthCheck, error) { t.ServiceName = s.ServiceName t.ServiceTags = s.ServiceTags t.Type = s.Type - t.ExposedPort = int(s.ExposedPort) - definition, err := HealthCheckDefinitionToStructs(s.Definition) - if err != nil { - return t, err - } - t.Definition = definition - t.EnterpriseMeta = EnterpriseMetaToStructs(s.EnterpriseMeta) - t.RaftIndex = RaftIndexToStructs(s.RaftIndex) t.Interval = s.Interval t.Timeout = s.Timeout - return t, nil + t.ExposedPort = int(s.ExposedPort) + if s.Definition != nil { + HealthCheckDefinitionToStructs(s.Definition, &t.Definition) + } + t.EnterpriseMeta = EnterpriseMetaToStructs(s.EnterpriseMeta) + t.RaftIndex = RaftIndexToStructs(s.RaftIndex) } -func NewHealthCheckFromStructs(t structs.HealthCheck) HealthCheck { - var s HealthCheck +func HealthCheckFromStructs(t *structs.HealthCheck, s *HealthCheck) { + if s == nil { + return + } s.Node = t.Node - s.CheckID = t.CheckID + s.CheckID = string(t.CheckID) s.Name = t.Name s.Status = t.Status s.Notes = t.Notes @@ -128,16 +111,21 @@ func NewHealthCheckFromStructs(t structs.HealthCheck) HealthCheck { s.ServiceName = t.ServiceName s.ServiceTags = t.ServiceTags s.Type = t.Type - s.ExposedPort = int32(t.ExposedPort) - s.Definition = NewHealthCheckDefinitionFromStructs(t.Definition) - s.EnterpriseMeta = NewEnterpriseMetaFromStructs(t.EnterpriseMeta) - s.RaftIndex = NewRaftIndexFromStructs(t.RaftIndex) s.Interval = t.Interval s.Timeout = t.Timeout - return s + s.ExposedPort = int32(t.ExposedPort) + { + var x HealthCheckDefinition + HealthCheckDefinitionFromStructs(&t.Definition, &x) + s.Definition = &x + } + s.EnterpriseMeta = NewEnterpriseMetaFromStructs(t.EnterpriseMeta) + s.RaftIndex = NewRaftIndexFromStructs(t.RaftIndex) } -func HealthCheckDefinitionToStructs(s HealthCheckDefinition) (structs.HealthCheckDefinition, error) { - var t structs.HealthCheckDefinition +func HealthCheckDefinitionToStructs(s *HealthCheckDefinition, t *structs.HealthCheckDefinition) { + if s == nil { + return + } t.HTTP = s.HTTP t.TLSServerName = s.TLSServerName t.TLSSkipVerify = s.TLSSkipVerify @@ -147,22 +135,10 @@ func HealthCheckDefinitionToStructs(s HealthCheckDefinition) (structs.HealthChec t.TCP = s.TCP t.H2PING = s.H2PING t.H2PingUseTLS = s.H2PingUseTLS - interval, err := pbutil.DurationFromProto(&s.Interval) - if err != nil { - return t, err - } - t.Interval = interval + t.Interval = structs.DurationFromProto(s.Interval) t.OutputMaxSize = uint(s.OutputMaxSize) - timeout, err := pbutil.DurationFromProto(&s.Timeout) - if err != nil { - return t, err - } - t.Timeout = timeout - deregisterCriticalServiceAfter, err := pbutil.DurationFromProto(&s.DeregisterCriticalServiceAfter) - if err != nil { - return t, err - } - t.DeregisterCriticalServiceAfter = deregisterCriticalServiceAfter + t.Timeout = structs.DurationFromProto(s.Timeout) + t.DeregisterCriticalServiceAfter = structs.DurationFromProto(s.DeregisterCriticalServiceAfter) t.ScriptArgs = s.ScriptArgs t.DockerContainerID = s.DockerContainerID t.Shell = s.Shell @@ -170,15 +146,12 @@ func HealthCheckDefinitionToStructs(s HealthCheckDefinition) (structs.HealthChec t.GRPCUseTLS = s.GRPCUseTLS t.AliasNode = s.AliasNode t.AliasService = s.AliasService - ttl, err := pbutil.DurationFromProto(&s.TTL) - if err != nil { - return t, err - } - t.TTL = ttl - return t, nil + t.TTL = structs.DurationFromProto(s.TTL) } -func NewHealthCheckDefinitionFromStructs(t structs.HealthCheckDefinition) HealthCheckDefinition { - var s HealthCheckDefinition +func HealthCheckDefinitionFromStructs(t *structs.HealthCheckDefinition, s *HealthCheckDefinition) { + if s == nil { + return + } s.HTTP = t.HTTP s.TLSServerName = t.TLSServerName s.TLSSkipVerify = t.TLSSkipVerify @@ -188,10 +161,10 @@ func NewHealthCheckDefinitionFromStructs(t structs.HealthCheckDefinition) Health s.TCP = t.TCP s.H2PING = t.H2PING s.H2PingUseTLS = t.H2PingUseTLS - s.Interval = *pbutil.DurationToProto(t.Interval) + s.Interval = structs.DurationToProto(t.Interval) s.OutputMaxSize = uint32(t.OutputMaxSize) - s.Timeout = *pbutil.DurationToProto(t.Timeout) - s.DeregisterCriticalServiceAfter = *pbutil.DurationToProto(t.DeregisterCriticalServiceAfter) + s.Timeout = structs.DurationToProto(t.Timeout) + s.DeregisterCriticalServiceAfter = structs.DurationToProto(t.DeregisterCriticalServiceAfter) s.ScriptArgs = t.ScriptArgs s.DockerContainerID = t.DockerContainerID s.Shell = t.Shell @@ -199,6 +172,5 @@ func NewHealthCheckDefinitionFromStructs(t structs.HealthCheckDefinition) Health s.GRPCUseTLS = t.GRPCUseTLS s.AliasNode = t.AliasNode s.AliasService = t.AliasService - s.TTL = *pbutil.DurationToProto(t.TTL) - return s + s.TTL = structs.DurationToProto(t.TTL) } diff --git a/proto/pbservice/healthcheck.pb.go b/proto/pbservice/healthcheck.pb.go index cb9eed6f8..3f5fe637b 100644 --- a/proto/pbservice/healthcheck.pb.go +++ b/proto/pbservice/healthcheck.pb.go @@ -1,18 +1,14 @@ -// Code generated by protoc-gen-gogo. DO NOT EDIT. +// Code generated by protoc-gen-go. DO NOT EDIT. // source: proto/pbservice/healthcheck.proto package pbservice import ( fmt "fmt" - _ "github.com/gogo/protobuf/gogoproto" - types "github.com/gogo/protobuf/types" proto "github.com/golang/protobuf/proto" - pbcommongogo "github.com/hashicorp/consul/proto/pbcommongogo" - github_com_hashicorp_consul_types "github.com/hashicorp/consul/types" - io "io" + duration "github.com/golang/protobuf/ptypes/duration" + pbcommon "github.com/hashicorp/consul/proto/pbcommon" math "math" - math_bits "math/bits" ) // Reference imports to suppress errors if they are not otherwise used. @@ -34,25 +30,29 @@ const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package // output=healthcheck.gen.go // name=Structs type HealthCheck struct { - Node string `protobuf:"bytes,1,opt,name=Node,proto3" json:"Node,omitempty"` - CheckID github_com_hashicorp_consul_types.CheckID `protobuf:"bytes,2,opt,name=CheckID,proto3,casttype=github.com/hashicorp/consul/types.CheckID" json:"CheckID,omitempty"` - Name string `protobuf:"bytes,3,opt,name=Name,proto3" json:"Name,omitempty"` - Status string `protobuf:"bytes,4,opt,name=Status,proto3" json:"Status,omitempty"` - Notes string `protobuf:"bytes,5,opt,name=Notes,proto3" json:"Notes,omitempty"` - Output string `protobuf:"bytes,6,opt,name=Output,proto3" json:"Output,omitempty"` - ServiceID string `protobuf:"bytes,7,opt,name=ServiceID,proto3" json:"ServiceID,omitempty"` - ServiceName string `protobuf:"bytes,8,opt,name=ServiceName,proto3" json:"ServiceName,omitempty"` - ServiceTags []string `protobuf:"bytes,9,rep,name=ServiceTags,proto3" json:"ServiceTags,omitempty"` - Type string `protobuf:"bytes,12,opt,name=Type,proto3" json:"Type,omitempty"` - Definition HealthCheckDefinition `protobuf:"bytes,10,opt,name=Definition,proto3" json:"Definition"` + Node string `protobuf:"bytes,1,opt,name=Node,proto3" json:"Node,omitempty"` + // mog: func-to=CheckIDType func-from=string + CheckID string `protobuf:"bytes,2,opt,name=CheckID,proto3" json:"CheckID,omitempty"` + Name string `protobuf:"bytes,3,opt,name=Name,proto3" json:"Name,omitempty"` + Status string `protobuf:"bytes,4,opt,name=Status,proto3" json:"Status,omitempty"` + Notes string `protobuf:"bytes,5,opt,name=Notes,proto3" json:"Notes,omitempty"` + Output string `protobuf:"bytes,6,opt,name=Output,proto3" json:"Output,omitempty"` + ServiceID string `protobuf:"bytes,7,opt,name=ServiceID,proto3" json:"ServiceID,omitempty"` + ServiceName string `protobuf:"bytes,8,opt,name=ServiceName,proto3" json:"ServiceName,omitempty"` + ServiceTags []string `protobuf:"bytes,9,rep,name=ServiceTags,proto3" json:"ServiceTags,omitempty"` + Type string `protobuf:"bytes,12,opt,name=Type,proto3" json:"Type,omitempty"` + Definition *HealthCheckDefinition `protobuf:"bytes,10,opt,name=Definition,proto3" json:"Definition,omitempty"` // mog: func-to=RaftIndexToStructs func-from=NewRaftIndexFromStructs - pbcommongogo.RaftIndex `protobuf:"bytes,11,opt,name=RaftIndex,proto3,embedded=RaftIndex" json:"RaftIndex"` + RaftIndex *pbcommon.RaftIndex `protobuf:"bytes,11,opt,name=RaftIndex,proto3" json:"RaftIndex,omitempty"` // mog: func-to=EnterpriseMetaToStructs func-from=NewEnterpriseMetaFromStructs - EnterpriseMeta pbcommongogo.EnterpriseMeta `protobuf:"bytes,13,opt,name=EnterpriseMeta,proto3" json:"EnterpriseMeta"` + EnterpriseMeta *pbcommon.EnterpriseMeta `protobuf:"bytes,13,opt,name=EnterpriseMeta,proto3" json:"EnterpriseMeta,omitempty"` // mog: func-to=int func-from=int32 - ExposedPort int32 `protobuf:"varint,14,opt,name=ExposedPort,proto3" json:"ExposedPort,omitempty"` - Interval string `protobuf:"bytes,15,opt,name=Interval,proto3" json:"Interval,omitempty"` - Timeout string `protobuf:"bytes,16,opt,name=Timeout,proto3" json:"Timeout,omitempty"` + ExposedPort int32 `protobuf:"varint,14,opt,name=ExposedPort,proto3" json:"ExposedPort,omitempty"` + Interval string `protobuf:"bytes,15,opt,name=Interval,proto3" json:"Interval,omitempty"` + Timeout string `protobuf:"bytes,16,opt,name=Timeout,proto3" json:"Timeout,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *HealthCheck) Reset() { *m = HealthCheck{} } @@ -61,26 +61,18 @@ func (*HealthCheck) ProtoMessage() {} func (*HealthCheck) Descriptor() ([]byte, []int) { return fileDescriptor_8a6f7448747c9fbe, []int{0} } + func (m *HealthCheck) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) + return xxx_messageInfo_HealthCheck.Unmarshal(m, b) } func (m *HealthCheck) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_HealthCheck.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil - } + return xxx_messageInfo_HealthCheck.Marshal(b, m, deterministic) } func (m *HealthCheck) XXX_Merge(src proto.Message) { xxx_messageInfo_HealthCheck.Merge(m, src) } func (m *HealthCheck) XXX_Size() int { - return m.Size() + return xxx_messageInfo_HealthCheck.Size(m) } func (m *HealthCheck) XXX_DiscardUnknown() { xxx_messageInfo_HealthCheck.DiscardUnknown(m) @@ -88,8 +80,123 @@ func (m *HealthCheck) XXX_DiscardUnknown() { var xxx_messageInfo_HealthCheck proto.InternalMessageInfo +func (m *HealthCheck) GetNode() string { + if m != nil { + return m.Node + } + return "" +} + +func (m *HealthCheck) GetCheckID() string { + if m != nil { + return m.CheckID + } + return "" +} + +func (m *HealthCheck) GetName() string { + if m != nil { + return m.Name + } + return "" +} + +func (m *HealthCheck) GetStatus() string { + if m != nil { + return m.Status + } + return "" +} + +func (m *HealthCheck) GetNotes() string { + if m != nil { + return m.Notes + } + return "" +} + +func (m *HealthCheck) GetOutput() string { + if m != nil { + return m.Output + } + return "" +} + +func (m *HealthCheck) GetServiceID() string { + if m != nil { + return m.ServiceID + } + return "" +} + +func (m *HealthCheck) GetServiceName() string { + if m != nil { + return m.ServiceName + } + return "" +} + +func (m *HealthCheck) GetServiceTags() []string { + if m != nil { + return m.ServiceTags + } + return nil +} + +func (m *HealthCheck) GetType() string { + if m != nil { + return m.Type + } + return "" +} + +func (m *HealthCheck) GetDefinition() *HealthCheckDefinition { + if m != nil { + return m.Definition + } + return nil +} + +func (m *HealthCheck) GetRaftIndex() *pbcommon.RaftIndex { + if m != nil { + return m.RaftIndex + } + return nil +} + +func (m *HealthCheck) GetEnterpriseMeta() *pbcommon.EnterpriseMeta { + if m != nil { + return m.EnterpriseMeta + } + return nil +} + +func (m *HealthCheck) GetExposedPort() int32 { + if m != nil { + return m.ExposedPort + } + return 0 +} + +func (m *HealthCheck) GetInterval() string { + if m != nil { + return m.Interval + } + return "" +} + +func (m *HealthCheck) GetTimeout() string { + if m != nil { + return m.Timeout + } + return "" +} + type HeaderValue struct { - Value []string `protobuf:"bytes,1,rep,name=Value,proto3" json:"Value,omitempty"` + Value []string `protobuf:"bytes,1,rep,name=Value,proto3" json:"Value,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *HeaderValue) Reset() { *m = HeaderValue{} } @@ -98,26 +205,18 @@ func (*HeaderValue) ProtoMessage() {} func (*HeaderValue) Descriptor() ([]byte, []int) { return fileDescriptor_8a6f7448747c9fbe, []int{1} } + func (m *HeaderValue) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) + return xxx_messageInfo_HeaderValue.Unmarshal(m, b) } func (m *HeaderValue) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_HeaderValue.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil - } + return xxx_messageInfo_HeaderValue.Marshal(b, m, deterministic) } func (m *HeaderValue) XXX_Merge(src proto.Message) { xxx_messageInfo_HeaderValue.Merge(m, src) } func (m *HeaderValue) XXX_Size() int { - return m.Size() + return xxx_messageInfo_HeaderValue.Size(m) } func (m *HeaderValue) XXX_DiscardUnknown() { xxx_messageInfo_HeaderValue.DiscardUnknown(m) @@ -125,6 +224,13 @@ func (m *HeaderValue) XXX_DiscardUnknown() { var xxx_messageInfo_HeaderValue proto.InternalMessageInfo +func (m *HeaderValue) GetValue() []string { + if m != nil { + return m.Value + } + return nil +} + // HealthCheckDefinition of a single HealthCheck. // // mog annotation: @@ -137,25 +243,32 @@ type HealthCheckDefinition struct { TLSServerName string `protobuf:"bytes,19,opt,name=TLSServerName,proto3" json:"TLSServerName,omitempty"` TLSSkipVerify bool `protobuf:"varint,2,opt,name=TLSSkipVerify,proto3" json:"TLSSkipVerify,omitempty"` // mog: func-to=MapHeadersToStructs func-from=NewMapHeadersFromStructs - Header map[string]HeaderValue `protobuf:"bytes,3,rep,name=Header,proto3" json:"Header" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - Method string `protobuf:"bytes,4,opt,name=Method,proto3" json:"Method,omitempty"` - Body string `protobuf:"bytes,18,opt,name=Body,proto3" json:"Body,omitempty"` - TCP string `protobuf:"bytes,5,opt,name=TCP,proto3" json:"TCP,omitempty"` - Interval types.Duration `protobuf:"bytes,6,opt,name=Interval,proto3" json:"Interval"` + Header map[string]*HeaderValue `protobuf:"bytes,3,rep,name=Header,proto3" json:"Header,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + Method string `protobuf:"bytes,4,opt,name=Method,proto3" json:"Method,omitempty"` + Body string `protobuf:"bytes,18,opt,name=Body,proto3" json:"Body,omitempty"` + TCP string `protobuf:"bytes,5,opt,name=TCP,proto3" json:"TCP,omitempty"` + // mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto + Interval *duration.Duration `protobuf:"bytes,6,opt,name=Interval,proto3" json:"Interval,omitempty"` // mog: func-to=uint func-from=uint32 - OutputMaxSize uint32 `protobuf:"varint,9,opt,name=OutputMaxSize,proto3" json:"OutputMaxSize,omitempty"` - Timeout types.Duration `protobuf:"bytes,7,opt,name=Timeout,proto3" json:"Timeout"` - DeregisterCriticalServiceAfter types.Duration `protobuf:"bytes,8,opt,name=DeregisterCriticalServiceAfter,proto3" json:"DeregisterCriticalServiceAfter"` - ScriptArgs []string `protobuf:"bytes,10,rep,name=ScriptArgs,proto3" json:"ScriptArgs,omitempty"` - DockerContainerID string `protobuf:"bytes,11,opt,name=DockerContainerID,proto3" json:"DockerContainerID,omitempty"` - Shell string `protobuf:"bytes,12,opt,name=Shell,proto3" json:"Shell,omitempty"` - H2PING string `protobuf:"bytes,20,opt,name=H2PING,proto3" json:"H2PING,omitempty"` - H2PingUseTLS bool `protobuf:"varint,21,opt,name=H2PingUseTLS,proto3" json:"H2PingUseTLS,omitempty"` - GRPC string `protobuf:"bytes,13,opt,name=GRPC,proto3" json:"GRPC,omitempty"` - GRPCUseTLS bool `protobuf:"varint,14,opt,name=GRPCUseTLS,proto3" json:"GRPCUseTLS,omitempty"` - AliasNode string `protobuf:"bytes,15,opt,name=AliasNode,proto3" json:"AliasNode,omitempty"` - AliasService string `protobuf:"bytes,16,opt,name=AliasService,proto3" json:"AliasService,omitempty"` - TTL types.Duration `protobuf:"bytes,17,opt,name=TTL,proto3" json:"TTL"` + OutputMaxSize uint32 `protobuf:"varint,9,opt,name=OutputMaxSize,proto3" json:"OutputMaxSize,omitempty"` + // mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto + Timeout *duration.Duration `protobuf:"bytes,7,opt,name=Timeout,proto3" json:"Timeout,omitempty"` + // mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto + DeregisterCriticalServiceAfter *duration.Duration `protobuf:"bytes,8,opt,name=DeregisterCriticalServiceAfter,proto3" json:"DeregisterCriticalServiceAfter,omitempty"` + ScriptArgs []string `protobuf:"bytes,10,rep,name=ScriptArgs,proto3" json:"ScriptArgs,omitempty"` + DockerContainerID string `protobuf:"bytes,11,opt,name=DockerContainerID,proto3" json:"DockerContainerID,omitempty"` + Shell string `protobuf:"bytes,12,opt,name=Shell,proto3" json:"Shell,omitempty"` + H2PING string `protobuf:"bytes,20,opt,name=H2PING,proto3" json:"H2PING,omitempty"` + H2PingUseTLS bool `protobuf:"varint,21,opt,name=H2PingUseTLS,proto3" json:"H2PingUseTLS,omitempty"` + GRPC string `protobuf:"bytes,13,opt,name=GRPC,proto3" json:"GRPC,omitempty"` + GRPCUseTLS bool `protobuf:"varint,14,opt,name=GRPCUseTLS,proto3" json:"GRPCUseTLS,omitempty"` + AliasNode string `protobuf:"bytes,15,opt,name=AliasNode,proto3" json:"AliasNode,omitempty"` + AliasService string `protobuf:"bytes,16,opt,name=AliasService,proto3" json:"AliasService,omitempty"` + // mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto + TTL *duration.Duration `protobuf:"bytes,17,opt,name=TTL,proto3" json:"TTL,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *HealthCheckDefinition) Reset() { *m = HealthCheckDefinition{} } @@ -164,26 +277,18 @@ func (*HealthCheckDefinition) ProtoMessage() {} func (*HealthCheckDefinition) Descriptor() ([]byte, []int) { return fileDescriptor_8a6f7448747c9fbe, []int{2} } + func (m *HealthCheckDefinition) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) + return xxx_messageInfo_HealthCheckDefinition.Unmarshal(m, b) } func (m *HealthCheckDefinition) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_HealthCheckDefinition.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil - } + return xxx_messageInfo_HealthCheckDefinition.Marshal(b, m, deterministic) } func (m *HealthCheckDefinition) XXX_Merge(src proto.Message) { xxx_messageInfo_HealthCheckDefinition.Merge(m, src) } func (m *HealthCheckDefinition) XXX_Size() int { - return m.Size() + return xxx_messageInfo_HealthCheckDefinition.Size(m) } func (m *HealthCheckDefinition) XXX_DiscardUnknown() { xxx_messageInfo_HealthCheckDefinition.DiscardUnknown(m) @@ -191,6 +296,153 @@ func (m *HealthCheckDefinition) XXX_DiscardUnknown() { var xxx_messageInfo_HealthCheckDefinition proto.InternalMessageInfo +func (m *HealthCheckDefinition) GetHTTP() string { + if m != nil { + return m.HTTP + } + return "" +} + +func (m *HealthCheckDefinition) GetTLSServerName() string { + if m != nil { + return m.TLSServerName + } + return "" +} + +func (m *HealthCheckDefinition) GetTLSSkipVerify() bool { + if m != nil { + return m.TLSSkipVerify + } + return false +} + +func (m *HealthCheckDefinition) GetHeader() map[string]*HeaderValue { + if m != nil { + return m.Header + } + return nil +} + +func (m *HealthCheckDefinition) GetMethod() string { + if m != nil { + return m.Method + } + return "" +} + +func (m *HealthCheckDefinition) GetBody() string { + if m != nil { + return m.Body + } + return "" +} + +func (m *HealthCheckDefinition) GetTCP() string { + if m != nil { + return m.TCP + } + return "" +} + +func (m *HealthCheckDefinition) GetInterval() *duration.Duration { + if m != nil { + return m.Interval + } + return nil +} + +func (m *HealthCheckDefinition) GetOutputMaxSize() uint32 { + if m != nil { + return m.OutputMaxSize + } + return 0 +} + +func (m *HealthCheckDefinition) GetTimeout() *duration.Duration { + if m != nil { + return m.Timeout + } + return nil +} + +func (m *HealthCheckDefinition) GetDeregisterCriticalServiceAfter() *duration.Duration { + if m != nil { + return m.DeregisterCriticalServiceAfter + } + return nil +} + +func (m *HealthCheckDefinition) GetScriptArgs() []string { + if m != nil { + return m.ScriptArgs + } + return nil +} + +func (m *HealthCheckDefinition) GetDockerContainerID() string { + if m != nil { + return m.DockerContainerID + } + return "" +} + +func (m *HealthCheckDefinition) GetShell() string { + if m != nil { + return m.Shell + } + return "" +} + +func (m *HealthCheckDefinition) GetH2PING() string { + if m != nil { + return m.H2PING + } + return "" +} + +func (m *HealthCheckDefinition) GetH2PingUseTLS() bool { + if m != nil { + return m.H2PingUseTLS + } + return false +} + +func (m *HealthCheckDefinition) GetGRPC() string { + if m != nil { + return m.GRPC + } + return "" +} + +func (m *HealthCheckDefinition) GetGRPCUseTLS() bool { + if m != nil { + return m.GRPCUseTLS + } + return false +} + +func (m *HealthCheckDefinition) GetAliasNode() string { + if m != nil { + return m.AliasNode + } + return "" +} + +func (m *HealthCheckDefinition) GetAliasService() string { + if m != nil { + return m.AliasService + } + return "" +} + +func (m *HealthCheckDefinition) GetTTL() *duration.Duration { + if m != nil { + return m.TTL + } + return nil +} + // CheckType is used to create either the CheckMonitor or the CheckTTL. // The following types are supported: Script, HTTP, TCP, Docker, TTL, GRPC, // Alias. Script, H2PING, @@ -204,30 +456,34 @@ var xxx_messageInfo_HealthCheckDefinition proto.InternalMessageInfo // output=healthcheck.gen.go // name=Structs type CheckType struct { - CheckID github_com_hashicorp_consul_types.CheckID `protobuf:"bytes,1,opt,name=CheckID,proto3,casttype=github.com/hashicorp/consul/types.CheckID" json:"CheckID,omitempty"` - Name string `protobuf:"bytes,2,opt,name=Name,proto3" json:"Name,omitempty"` - Status string `protobuf:"bytes,3,opt,name=Status,proto3" json:"Status,omitempty"` - Notes string `protobuf:"bytes,4,opt,name=Notes,proto3" json:"Notes,omitempty"` - ScriptArgs []string `protobuf:"bytes,5,rep,name=ScriptArgs,proto3" json:"ScriptArgs,omitempty"` - HTTP string `protobuf:"bytes,6,opt,name=HTTP,proto3" json:"HTTP,omitempty"` + // mog: func-to=CheckIDType func-from=string + CheckID string `protobuf:"bytes,1,opt,name=CheckID,proto3" json:"CheckID,omitempty"` + Name string `protobuf:"bytes,2,opt,name=Name,proto3" json:"Name,omitempty"` + Status string `protobuf:"bytes,3,opt,name=Status,proto3" json:"Status,omitempty"` + Notes string `protobuf:"bytes,4,opt,name=Notes,proto3" json:"Notes,omitempty"` + ScriptArgs []string `protobuf:"bytes,5,rep,name=ScriptArgs,proto3" json:"ScriptArgs,omitempty"` + HTTP string `protobuf:"bytes,6,opt,name=HTTP,proto3" json:"HTTP,omitempty"` // mog: func-to=MapHeadersToStructs func-from=NewMapHeadersFromStructs - Header map[string]HeaderValue `protobuf:"bytes,20,rep,name=Header,proto3" json:"Header" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - Method string `protobuf:"bytes,7,opt,name=Method,proto3" json:"Method,omitempty"` - Body string `protobuf:"bytes,26,opt,name=Body,proto3" json:"Body,omitempty"` - TCP string `protobuf:"bytes,8,opt,name=TCP,proto3" json:"TCP,omitempty"` - Interval types.Duration `protobuf:"bytes,9,opt,name=Interval,proto3" json:"Interval"` - AliasNode string `protobuf:"bytes,10,opt,name=AliasNode,proto3" json:"AliasNode,omitempty"` - AliasService string `protobuf:"bytes,11,opt,name=AliasService,proto3" json:"AliasService,omitempty"` - DockerContainerID string `protobuf:"bytes,12,opt,name=DockerContainerID,proto3" json:"DockerContainerID,omitempty"` - Shell string `protobuf:"bytes,13,opt,name=Shell,proto3" json:"Shell,omitempty"` - H2PING string `protobuf:"bytes,28,opt,name=H2PING,proto3" json:"H2PING,omitempty"` - H2PingUseTLS bool `protobuf:"varint,30,opt,name=H2PingUseTLS,proto3" json:"H2PingUseTLS,omitempty"` - GRPC string `protobuf:"bytes,14,opt,name=GRPC,proto3" json:"GRPC,omitempty"` - GRPCUseTLS bool `protobuf:"varint,15,opt,name=GRPCUseTLS,proto3" json:"GRPCUseTLS,omitempty"` - TLSServerName string `protobuf:"bytes,27,opt,name=TLSServerName,proto3" json:"TLSServerName,omitempty"` - TLSSkipVerify bool `protobuf:"varint,16,opt,name=TLSSkipVerify,proto3" json:"TLSSkipVerify,omitempty"` - Timeout types.Duration `protobuf:"bytes,17,opt,name=Timeout,proto3" json:"Timeout"` - TTL types.Duration `protobuf:"bytes,18,opt,name=TTL,proto3" json:"TTL"` + Header map[string]*HeaderValue `protobuf:"bytes,20,rep,name=Header,proto3" json:"Header,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + Method string `protobuf:"bytes,7,opt,name=Method,proto3" json:"Method,omitempty"` + Body string `protobuf:"bytes,26,opt,name=Body,proto3" json:"Body,omitempty"` + TCP string `protobuf:"bytes,8,opt,name=TCP,proto3" json:"TCP,omitempty"` + // mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto + Interval *duration.Duration `protobuf:"bytes,9,opt,name=Interval,proto3" json:"Interval,omitempty"` + AliasNode string `protobuf:"bytes,10,opt,name=AliasNode,proto3" json:"AliasNode,omitempty"` + AliasService string `protobuf:"bytes,11,opt,name=AliasService,proto3" json:"AliasService,omitempty"` + DockerContainerID string `protobuf:"bytes,12,opt,name=DockerContainerID,proto3" json:"DockerContainerID,omitempty"` + Shell string `protobuf:"bytes,13,opt,name=Shell,proto3" json:"Shell,omitempty"` + H2PING string `protobuf:"bytes,28,opt,name=H2PING,proto3" json:"H2PING,omitempty"` + H2PingUseTLS bool `protobuf:"varint,30,opt,name=H2PingUseTLS,proto3" json:"H2PingUseTLS,omitempty"` + GRPC string `protobuf:"bytes,14,opt,name=GRPC,proto3" json:"GRPC,omitempty"` + GRPCUseTLS bool `protobuf:"varint,15,opt,name=GRPCUseTLS,proto3" json:"GRPCUseTLS,omitempty"` + TLSServerName string `protobuf:"bytes,27,opt,name=TLSServerName,proto3" json:"TLSServerName,omitempty"` + TLSSkipVerify bool `protobuf:"varint,16,opt,name=TLSSkipVerify,proto3" json:"TLSSkipVerify,omitempty"` + // mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto + Timeout *duration.Duration `protobuf:"bytes,17,opt,name=Timeout,proto3" json:"Timeout,omitempty"` + // mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto + TTL *duration.Duration `protobuf:"bytes,18,opt,name=TTL,proto3" json:"TTL,omitempty"` // mog: func-to=int func-from=int32 SuccessBeforePassing int32 `protobuf:"varint,21,opt,name=SuccessBeforePassing,proto3" json:"SuccessBeforePassing,omitempty"` // mog: func-to=int func-from=int32 @@ -240,9 +496,13 @@ type CheckType struct { // DeregisterCriticalServiceAfter, if >0, will cause the associated // service, if any, to be deregistered if this check is critical for // longer than this duration. - DeregisterCriticalServiceAfter types.Duration `protobuf:"bytes,19,opt,name=DeregisterCriticalServiceAfter,proto3" json:"DeregisterCriticalServiceAfter"` + // mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto + DeregisterCriticalServiceAfter *duration.Duration `protobuf:"bytes,19,opt,name=DeregisterCriticalServiceAfter,proto3" json:"DeregisterCriticalServiceAfter,omitempty"` // mog: func-to=int func-from=int32 - OutputMaxSize int32 `protobuf:"varint,25,opt,name=OutputMaxSize,proto3" json:"OutputMaxSize,omitempty"` + OutputMaxSize int32 `protobuf:"varint,25,opt,name=OutputMaxSize,proto3" json:"OutputMaxSize,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *CheckType) Reset() { *m = CheckType{} } @@ -251,26 +511,18 @@ func (*CheckType) ProtoMessage() {} func (*CheckType) Descriptor() ([]byte, []int) { return fileDescriptor_8a6f7448747c9fbe, []int{3} } + func (m *CheckType) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) + return xxx_messageInfo_CheckType.Unmarshal(m, b) } func (m *CheckType) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_CheckType.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil - } + return xxx_messageInfo_CheckType.Marshal(b, m, deterministic) } func (m *CheckType) XXX_Merge(src proto.Message) { xxx_messageInfo_CheckType.Merge(m, src) } func (m *CheckType) XXX_Size() int { - return m.Size() + return xxx_messageInfo_CheckType.Size(m) } func (m *CheckType) XXX_DiscardUnknown() { xxx_messageInfo_CheckType.DiscardUnknown(m) @@ -278,3604 +530,292 @@ func (m *CheckType) XXX_DiscardUnknown() { var xxx_messageInfo_CheckType proto.InternalMessageInfo +func (m *CheckType) GetCheckID() string { + if m != nil { + return m.CheckID + } + return "" +} + +func (m *CheckType) GetName() string { + if m != nil { + return m.Name + } + return "" +} + +func (m *CheckType) GetStatus() string { + if m != nil { + return m.Status + } + return "" +} + +func (m *CheckType) GetNotes() string { + if m != nil { + return m.Notes + } + return "" +} + +func (m *CheckType) GetScriptArgs() []string { + if m != nil { + return m.ScriptArgs + } + return nil +} + +func (m *CheckType) GetHTTP() string { + if m != nil { + return m.HTTP + } + return "" +} + +func (m *CheckType) GetHeader() map[string]*HeaderValue { + if m != nil { + return m.Header + } + return nil +} + +func (m *CheckType) GetMethod() string { + if m != nil { + return m.Method + } + return "" +} + +func (m *CheckType) GetBody() string { + if m != nil { + return m.Body + } + return "" +} + +func (m *CheckType) GetTCP() string { + if m != nil { + return m.TCP + } + return "" +} + +func (m *CheckType) GetInterval() *duration.Duration { + if m != nil { + return m.Interval + } + return nil +} + +func (m *CheckType) GetAliasNode() string { + if m != nil { + return m.AliasNode + } + return "" +} + +func (m *CheckType) GetAliasService() string { + if m != nil { + return m.AliasService + } + return "" +} + +func (m *CheckType) GetDockerContainerID() string { + if m != nil { + return m.DockerContainerID + } + return "" +} + +func (m *CheckType) GetShell() string { + if m != nil { + return m.Shell + } + return "" +} + +func (m *CheckType) GetH2PING() string { + if m != nil { + return m.H2PING + } + return "" +} + +func (m *CheckType) GetH2PingUseTLS() bool { + if m != nil { + return m.H2PingUseTLS + } + return false +} + +func (m *CheckType) GetGRPC() string { + if m != nil { + return m.GRPC + } + return "" +} + +func (m *CheckType) GetGRPCUseTLS() bool { + if m != nil { + return m.GRPCUseTLS + } + return false +} + +func (m *CheckType) GetTLSServerName() string { + if m != nil { + return m.TLSServerName + } + return "" +} + +func (m *CheckType) GetTLSSkipVerify() bool { + if m != nil { + return m.TLSSkipVerify + } + return false +} + +func (m *CheckType) GetTimeout() *duration.Duration { + if m != nil { + return m.Timeout + } + return nil +} + +func (m *CheckType) GetTTL() *duration.Duration { + if m != nil { + return m.TTL + } + return nil +} + +func (m *CheckType) GetSuccessBeforePassing() int32 { + if m != nil { + return m.SuccessBeforePassing + } + return 0 +} + +func (m *CheckType) GetFailuresBeforeWarning() int32 { + if m != nil { + return m.FailuresBeforeWarning + } + return 0 +} + +func (m *CheckType) GetFailuresBeforeCritical() int32 { + if m != nil { + return m.FailuresBeforeCritical + } + return 0 +} + +func (m *CheckType) GetProxyHTTP() string { + if m != nil { + return m.ProxyHTTP + } + return "" +} + +func (m *CheckType) GetProxyGRPC() string { + if m != nil { + return m.ProxyGRPC + } + return "" +} + +func (m *CheckType) GetDeregisterCriticalServiceAfter() *duration.Duration { + if m != nil { + return m.DeregisterCriticalServiceAfter + } + return nil +} + +func (m *CheckType) GetOutputMaxSize() int32 { + if m != nil { + return m.OutputMaxSize + } + return 0 +} + func init() { proto.RegisterType((*HealthCheck)(nil), "pbservice.HealthCheck") proto.RegisterType((*HeaderValue)(nil), "pbservice.HeaderValue") proto.RegisterType((*HealthCheckDefinition)(nil), "pbservice.HealthCheckDefinition") - proto.RegisterMapType((map[string]HeaderValue)(nil), "pbservice.HealthCheckDefinition.HeaderEntry") + proto.RegisterMapType((map[string]*HeaderValue)(nil), "pbservice.HealthCheckDefinition.HeaderEntry") proto.RegisterType((*CheckType)(nil), "pbservice.CheckType") - proto.RegisterMapType((map[string]HeaderValue)(nil), "pbservice.CheckType.HeaderEntry") + proto.RegisterMapType((map[string]*HeaderValue)(nil), "pbservice.CheckType.HeaderEntry") } -func init() { proto.RegisterFile("proto/pbservice/healthcheck.proto", fileDescriptor_8a6f7448747c9fbe) } +func init() { + proto.RegisterFile("proto/pbservice/healthcheck.proto", fileDescriptor_8a6f7448747c9fbe) +} var fileDescriptor_8a6f7448747c9fbe = []byte{ - // 1096 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x56, 0xdd, 0x4e, 0xe3, 0xc6, - 0x17, 0x8f, 0x09, 0x49, 0xf0, 0x64, 0x61, 0x97, 0x59, 0xe0, 0x3f, 0x9b, 0xff, 0xd6, 0xa4, 0x74, - 0x2f, 0xa8, 0x4a, 0x1d, 0x95, 0x56, 0x55, 0x3f, 0xd4, 0x4a, 0x84, 0xb0, 0x90, 0x0a, 0x68, 0xea, - 0xa4, 0x5b, 0xa9, 0x77, 0xc6, 0x99, 0x38, 0x16, 0x89, 0x27, 0x1a, 0x8f, 0x11, 0xe9, 0x53, 0xf4, - 0xb2, 0x0f, 0xd0, 0x87, 0xe1, 0x92, 0xcb, 0x5e, 0xa1, 0x16, 0x9e, 0xa1, 0x37, 0xbd, 0xaa, 0xe6, - 0x8c, 0x9d, 0xd8, 0x1b, 0x2f, 0x64, 0xa5, 0xed, 0x55, 0xce, 0xf9, 0x9d, 0x8f, 0x19, 0x9f, 0x73, - 0x7e, 0x67, 0x82, 0xde, 0x1f, 0x71, 0x26, 0x58, 0x6d, 0x74, 0x16, 0x50, 0x7e, 0xe1, 0x39, 0xb4, - 0xd6, 0xa7, 0xf6, 0x40, 0xf4, 0x9d, 0x3e, 0x75, 0xce, 0x4d, 0xb0, 0x61, 0x7d, 0x62, 0xac, 0x18, - 0x2e, 0x63, 0xee, 0x80, 0xd6, 0xc0, 0x70, 0x16, 0xf6, 0x6a, 0xdd, 0x90, 0xdb, 0xc2, 0x63, 0xbe, - 0x72, 0xad, 0x6c, 0xc6, 0xd9, 0x1c, 0x36, 0x1c, 0x32, 0xdf, 0x65, 0x2e, 0xab, 0x29, 0x31, 0x72, - 0x58, 0x93, 0x90, 0x72, 0x92, 0x92, 0x42, 0xb7, 0xee, 0x16, 0x51, 0xf9, 0x08, 0xce, 0xdd, 0x97, - 0xe7, 0x62, 0x8c, 0x16, 0x4f, 0x59, 0x97, 0x12, 0xad, 0xaa, 0x6d, 0xeb, 0x16, 0xc8, 0xf8, 0x10, - 0x95, 0xc0, 0xd8, 0x6c, 0x90, 0x05, 0x09, 0xd7, 0x3f, 0xfe, 0xe7, 0x66, 0xf3, 0x43, 0xd7, 0x13, - 0xfd, 0xf0, 0xcc, 0x74, 0xd8, 0xb0, 0xd6, 0xb7, 0x83, 0xbe, 0xe7, 0x30, 0x3e, 0xaa, 0x39, 0xcc, - 0x0f, 0xc2, 0x41, 0x4d, 0x8c, 0x47, 0x34, 0x30, 0xa3, 0x20, 0x2b, 0x8e, 0x86, 0xe4, 0xf6, 0x90, - 0x92, 0x7c, 0x94, 0xdc, 0x1e, 0x52, 0xbc, 0x81, 0x8a, 0x6d, 0x61, 0x8b, 0x30, 0x20, 0x8b, 0x80, - 0x46, 0x1a, 0x5e, 0x43, 0x85, 0x53, 0x26, 0x68, 0x40, 0x0a, 0x00, 0x2b, 0x45, 0x7a, 0x7f, 0x1f, - 0x8a, 0x51, 0x28, 0x48, 0x51, 0x79, 0x2b, 0x0d, 0x3f, 0x47, 0x7a, 0x5b, 0x15, 0xaa, 0xd9, 0x20, - 0x25, 0x30, 0x4d, 0x01, 0x5c, 0x45, 0xe5, 0x48, 0x81, 0xe3, 0x97, 0xc0, 0x9e, 0x84, 0x12, 0x1e, - 0x1d, 0xdb, 0x0d, 0x88, 0x5e, 0xcd, 0x27, 0x3c, 0x24, 0x24, 0xef, 0xde, 0x19, 0x8f, 0x28, 0x79, - 0xa4, 0xee, 0x2e, 0x65, 0xfc, 0x12, 0xa1, 0x06, 0xed, 0x79, 0xbe, 0x27, 0xfb, 0x40, 0x50, 0x55, - 0xdb, 0x2e, 0xef, 0x56, 0xcd, 0x49, 0xcf, 0xcc, 0x44, 0x61, 0xa7, 0x7e, 0xf5, 0xc5, 0xab, 0x9b, - 0xcd, 0x9c, 0x95, 0x88, 0xc4, 0xdf, 0x20, 0xdd, 0xb2, 0x7b, 0xa2, 0xe9, 0x77, 0xe9, 0x25, 0x29, - 0x43, 0x9a, 0x75, 0x73, 0xda, 0x47, 0x73, 0x62, 0xac, 0x2f, 0xc9, 0xd8, 0xeb, 0x9b, 0x4d, 0xcd, - 0x9a, 0x46, 0xe0, 0x23, 0xb4, 0x72, 0xe0, 0x0b, 0xca, 0x47, 0xdc, 0x0b, 0xe8, 0x09, 0x15, 0x36, - 0x59, 0x86, 0x1c, 0x95, 0x64, 0x8e, 0xb4, 0x47, 0x74, 0x89, 0xd7, 0xe2, 0x64, 0x19, 0x0e, 0x2e, - 0x47, 0x2c, 0xa0, 0xdd, 0x16, 0xe3, 0x82, 0xac, 0x54, 0xb5, 0xed, 0x82, 0x95, 0x84, 0x70, 0x05, - 0x2d, 0x35, 0x65, 0xcc, 0x85, 0x3d, 0x20, 0x8f, 0xa1, 0x14, 0x13, 0x1d, 0x13, 0x54, 0xea, 0x78, - 0x43, 0xca, 0x42, 0x41, 0x9e, 0x80, 0x29, 0x56, 0xb7, 0x3e, 0x80, 0x21, 0xeb, 0x52, 0xfe, 0xca, - 0x1e, 0x84, 0x54, 0xf6, 0x16, 0x04, 0xa2, 0x41, 0x9d, 0x95, 0xb2, 0xf5, 0x7b, 0x09, 0xad, 0x67, - 0x56, 0x4c, 0xd6, 0xfe, 0xa8, 0xd3, 0x69, 0xc5, 0x43, 0x29, 0x65, 0xfc, 0x02, 0x2d, 0x77, 0x8e, - 0xdb, 0xb2, 0x43, 0x94, 0x43, 0x57, 0x9f, 0x82, 0x31, 0x0d, 0xc6, 0x5e, 0xe7, 0xde, 0xe8, 0x15, - 0xe5, 0x5e, 0x6f, 0x0c, 0x03, 0xbc, 0x64, 0xa5, 0x41, 0xfc, 0x1d, 0x2a, 0xaa, 0xeb, 0x91, 0x7c, - 0x35, 0xbf, 0x5d, 0xde, 0xdd, 0x79, 0xa8, 0x87, 0xa6, 0x72, 0x3f, 0xf0, 0x05, 0x1f, 0x47, 0xa5, - 0x8c, 0x32, 0xc8, 0x09, 0x3d, 0xa1, 0xa2, 0xcf, 0xba, 0xf1, 0x3c, 0x2b, 0x4d, 0x7e, 0x43, 0x9d, - 0x75, 0xc7, 0x04, 0xab, 0x6f, 0x90, 0x32, 0x7e, 0x82, 0xf2, 0x9d, 0xfd, 0x56, 0x34, 0xe1, 0x52, - 0xc4, 0x5f, 0x27, 0xca, 0x5b, 0x84, 0x26, 0x3e, 0x33, 0x15, 0xf1, 0xcd, 0x98, 0xf8, 0x66, 0x23, - 0x22, 0x7e, 0x74, 0xf0, 0xb4, 0xfe, 0x2f, 0xd0, 0xb2, 0xa2, 0xc3, 0x89, 0x7d, 0xd9, 0xf6, 0x7e, - 0xa1, 0x44, 0xaf, 0x6a, 0xdb, 0xcb, 0x56, 0x1a, 0xc4, 0x5f, 0x4e, 0xbb, 0x54, 0x9a, 0xef, 0x84, - 0xd8, 0x1f, 0xbb, 0xc8, 0x68, 0x50, 0x4e, 0x5d, 0x2f, 0x10, 0x94, 0xef, 0x73, 0x4f, 0x78, 0x8e, - 0x3d, 0x88, 0x48, 0xb2, 0xd7, 0x13, 0x94, 0x03, 0xb5, 0xe6, 0xc8, 0xf8, 0x40, 0x1a, 0x6c, 0x20, - 0xd4, 0x76, 0xb8, 0x37, 0x12, 0x7b, 0xdc, 0x0d, 0x08, 0x82, 0x29, 0x49, 0x20, 0x78, 0x07, 0xad, - 0x36, 0x98, 0x73, 0x4e, 0xf9, 0x3e, 0xf3, 0x85, 0xed, 0xf9, 0x94, 0x37, 0x1b, 0x40, 0x1c, 0xdd, - 0x9a, 0x35, 0xc8, 0x71, 0x6b, 0xf7, 0xe9, 0x60, 0x10, 0x71, 0x57, 0x29, 0xb2, 0x51, 0x47, 0xbb, - 0xad, 0xe6, 0xe9, 0x21, 0x59, 0x53, 0x8d, 0x52, 0x1a, 0xde, 0x42, 0x8f, 0x8e, 0x76, 0x5b, 0x9e, - 0xef, 0xfe, 0x18, 0xd0, 0xce, 0x71, 0x9b, 0xac, 0xc3, 0xc4, 0xa4, 0x30, 0xd9, 0xcc, 0x43, 0xab, - 0xb5, 0x0f, 0x3c, 0xd3, 0x2d, 0x90, 0xe5, 0x9d, 0xe5, 0x6f, 0x14, 0xb5, 0x02, 0x51, 0x09, 0x44, - 0xae, 0xa8, 0xbd, 0x81, 0x67, 0x07, 0xb0, 0x5e, 0x15, 0x75, 0xa6, 0x80, 0x3c, 0x15, 0x94, 0xa8, - 0x0c, 0x11, 0x81, 0x52, 0x18, 0xfe, 0x04, 0xe5, 0x3b, 0x9d, 0x63, 0xb2, 0x3a, 0x5f, 0x8d, 0xa5, - 0x6f, 0xe5, 0x87, 0x98, 0x78, 0x30, 0xaa, 0x72, 0xe0, 0xce, 0xe9, 0x38, 0xe2, 0x91, 0x14, 0xf1, - 0x0e, 0x2a, 0x5c, 0x00, 0x15, 0x17, 0x20, 0xeb, 0x46, 0x7a, 0xf2, 0x63, 0xc6, 0x5a, 0xca, 0xe9, - 0xab, 0x85, 0x2f, 0xb4, 0xad, 0xbf, 0x75, 0xa4, 0x03, 0x1d, 0x60, 0x05, 0x26, 0xde, 0x06, 0xed, - 0x9d, 0xbc, 0x0d, 0x0b, 0x99, 0x6f, 0x43, 0x3e, 0xfb, 0x6d, 0x58, 0x4c, 0xbe, 0x0d, 0xe9, 0xa1, - 0x29, 0xcc, 0x0c, 0x4d, 0xbc, 0x45, 0x8a, 0x89, 0x2d, 0xf2, 0xed, 0x84, 0xf9, 0x6b, 0xc0, 0xfc, - 0xe4, 0xf6, 0x9e, 0x7c, 0xe4, 0x5c, 0x6c, 0x2f, 0x65, 0xb2, 0xbd, 0x32, 0xcb, 0xf6, 0xa5, 0x6c, - 0xb6, 0xeb, 0x6f, 0xcb, 0xf6, 0xd4, 0x3c, 0xa1, 0x87, 0xe6, 0xa9, 0x9c, 0x31, 0x4f, 0x99, 0x2c, - 0x7a, 0xf4, 0x20, 0x8b, 0x96, 0xb3, 0x59, 0xf4, 0xfc, 0x5e, 0x16, 0x19, 0xf7, 0xb0, 0x68, 0xe5, - 0x8d, 0x2c, 0x7a, 0x3c, 0xc3, 0xa2, 0x99, 0xb5, 0xff, 0xff, 0xb9, 0xd6, 0xfe, 0x93, 0xac, 0xb5, - 0x9f, 0xd8, 0x84, 0xab, 0x6f, 0xb9, 0x09, 0x23, 0x2a, 0xe2, 0xf9, 0xa9, 0x88, 0x77, 0xd1, 0x5a, - 0x3b, 0x74, 0x1c, 0x1a, 0x04, 0x75, 0xda, 0x63, 0x9c, 0xb6, 0xec, 0x20, 0xf0, 0x7c, 0x17, 0xf6, - 0x4b, 0xc1, 0xca, 0xb4, 0xe1, 0xcf, 0xd0, 0xfa, 0x4b, 0xdb, 0x1b, 0x84, 0x9c, 0x46, 0x86, 0x9f, - 0x6c, 0xee, 0xcb, 0xa0, 0xf7, 0x20, 0x28, 0xdb, 0x88, 0x3f, 0x47, 0x1b, 0x69, 0x43, 0xbc, 0x63, - 0xc9, 0x06, 0x84, 0xbd, 0xc1, 0x2a, 0x27, 0xaa, 0xc5, 0xd9, 0xe5, 0x18, 0x58, 0xf2, 0x3f, 0x35, - 0x51, 0x13, 0x60, 0x62, 0x85, 0x96, 0x91, 0x84, 0x15, 0xfa, 0xf6, 0xf0, 0xd3, 0xf0, 0xf4, 0xdd, - 0x3c, 0x0d, 0x33, 0x8f, 0xdc, 0x33, 0xf8, 0xa6, 0x34, 0xf8, 0x1f, 0xec, 0xbd, 0xfa, 0xc9, 0xd5, - 0x5f, 0x46, 0xee, 0xea, 0xd6, 0xd0, 0xae, 0x6f, 0x0d, 0xed, 0xcf, 0x5b, 0x43, 0xfb, 0xf5, 0xce, - 0xc8, 0xfd, 0x76, 0x67, 0xe4, 0xae, 0xef, 0x8c, 0xdc, 0x1f, 0x77, 0x46, 0xee, 0xe7, 0x8f, 0xee, - 0x5b, 0x7b, 0xaf, 0xfd, 0xd9, 0x3f, 0x2b, 0x02, 0xf0, 0xe9, 0xbf, 0x01, 0x00, 0x00, 0xff, 0xff, - 0x87, 0x18, 0xc2, 0xd7, 0x06, 0x0c, 0x00, 0x00, + // 994 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x56, 0xd1, 0x6e, 0x22, 0x37, + 0x14, 0x15, 0x21, 0x40, 0xc6, 0x84, 0x6c, 0xe2, 0x4d, 0x52, 0x2f, 0xbb, 0x8d, 0x28, 0xdd, 0x07, + 0xa4, 0x4d, 0x41, 0x62, 0xdb, 0x6a, 0xd5, 0x87, 0xaa, 0x09, 0xa4, 0x1b, 0xa4, 0x24, 0xa5, 0xc3, + 0x74, 0x2b, 0xf5, 0xcd, 0x19, 0x0c, 0x58, 0x19, 0xc6, 0x23, 0x8f, 0x27, 0x0a, 0xfd, 0x80, 0x7e, + 0x42, 0xbf, 0xa1, 0x9f, 0x59, 0xf9, 0x7a, 0x06, 0x66, 0x96, 0x49, 0x88, 0x54, 0xf5, 0x09, 0xdf, + 0x7b, 0xae, 0x8d, 0x7d, 0xef, 0x39, 0x07, 0xd0, 0x57, 0x81, 0x14, 0x4a, 0x74, 0x82, 0xdb, 0x90, + 0xc9, 0x7b, 0xee, 0xb2, 0xce, 0x8c, 0x51, 0x4f, 0xcd, 0xdc, 0x19, 0x73, 0xef, 0xda, 0x80, 0x61, + 0x6b, 0x09, 0xd6, 0x4f, 0xa6, 0x42, 0x4c, 0x3d, 0xd6, 0x01, 0xe0, 0x36, 0x9a, 0x74, 0xc6, 0x91, + 0xa4, 0x8a, 0x0b, 0xdf, 0x94, 0xd6, 0x5f, 0x27, 0xa7, 0xb9, 0x62, 0x3e, 0x17, 0x7e, 0xc7, 0x7c, + 0x18, 0xb0, 0xf9, 0xf7, 0x36, 0xaa, 0x5e, 0xc2, 0xe9, 0x3d, 0x7d, 0x3a, 0xc6, 0x68, 0xfb, 0x46, + 0x8c, 0x19, 0x29, 0x34, 0x0a, 0x2d, 0xcb, 0x86, 0x35, 0x26, 0xa8, 0x02, 0xe0, 0xa0, 0x4f, 0xb6, + 0x20, 0x9d, 0x84, 0x50, 0x4d, 0xe7, 0x8c, 0x14, 0xe3, 0x6a, 0x3a, 0x67, 0xf8, 0x18, 0x95, 0x47, + 0x8a, 0xaa, 0x28, 0x24, 0xdb, 0x90, 0x8d, 0x23, 0x7c, 0x88, 0x4a, 0x37, 0x42, 0xb1, 0x90, 0x94, + 0x20, 0x6d, 0x02, 0x5d, 0xfd, 0x4b, 0xa4, 0x82, 0x48, 0x91, 0xb2, 0xa9, 0x36, 0x11, 0x7e, 0x83, + 0xac, 0x91, 0x79, 0xdf, 0xa0, 0x4f, 0x2a, 0x00, 0xad, 0x12, 0xb8, 0x81, 0xaa, 0x71, 0x00, 0x5f, + 0xbf, 0x03, 0x78, 0x3a, 0x95, 0xaa, 0x70, 0xe8, 0x34, 0x24, 0x56, 0xa3, 0x98, 0xaa, 0xd0, 0x29, + 0x7d, 0x77, 0x67, 0x11, 0x30, 0xb2, 0x6b, 0xee, 0xae, 0xd7, 0xf8, 0x27, 0x84, 0xfa, 0x6c, 0xc2, + 0x7d, 0xae, 0xdb, 0x47, 0x50, 0xa3, 0xd0, 0xaa, 0x76, 0x1b, 0xed, 0x65, 0xab, 0xdb, 0xa9, 0x4e, + 0xad, 0xea, 0xec, 0xd4, 0x1e, 0xdc, 0x41, 0x96, 0x4d, 0x27, 0x6a, 0xe0, 0x8f, 0xd9, 0x03, 0xa9, + 0xc2, 0x01, 0x07, 0xed, 0xb8, 0xe3, 0x4b, 0xc0, 0x5e, 0xd5, 0xe0, 0x1f, 0xd1, 0xde, 0x85, 0xaf, + 0x98, 0x0c, 0x24, 0x0f, 0xd9, 0x35, 0x53, 0x94, 0xd4, 0x60, 0xd7, 0x71, 0xb2, 0x2b, 0x8b, 0xda, + 0x9f, 0x55, 0xeb, 0x87, 0x5e, 0x3c, 0x04, 0x22, 0x64, 0xe3, 0xa1, 0x90, 0x8a, 0xec, 0x35, 0x0a, + 0xad, 0x92, 0x9d, 0x4e, 0xe1, 0x3a, 0xda, 0x19, 0xe8, 0x3d, 0xf7, 0xd4, 0x23, 0x2f, 0xe0, 0xb1, + 0xcb, 0x58, 0x8f, 0xd6, 0xe1, 0x73, 0x26, 0x22, 0x45, 0xf6, 0xcd, 0x68, 0xe3, 0xb0, 0xf9, 0x35, + 0xf0, 0x62, 0xcc, 0xe4, 0x27, 0xea, 0x45, 0x4c, 0x4f, 0x0f, 0x16, 0xa4, 0x00, 0x9d, 0x34, 0x41, + 0xf3, 0xaf, 0x0a, 0x3a, 0xca, 0xed, 0x89, 0xee, 0xee, 0xa5, 0xe3, 0x0c, 0x13, 0x1e, 0xe9, 0x35, + 0x7e, 0x8b, 0x6a, 0xce, 0xd5, 0x48, 0xcf, 0x80, 0x49, 0x98, 0xdb, 0x4b, 0x00, 0xb3, 0xc9, 0xa4, + 0xea, 0x8e, 0x07, 0x9f, 0x98, 0xe4, 0x93, 0x05, 0x70, 0x6e, 0xc7, 0xce, 0x26, 0x71, 0x1f, 0x95, + 0xcd, 0xf5, 0x48, 0xb1, 0x51, 0x6c, 0x55, 0xbb, 0xa7, 0x9b, 0xa6, 0xd4, 0x36, 0xe5, 0x17, 0xbe, + 0x92, 0x0b, 0x3b, 0xde, 0xab, 0xd9, 0x77, 0xcd, 0xd4, 0x4c, 0x8c, 0x13, 0xae, 0x9a, 0x48, 0xdf, + 0xfe, 0x5c, 0x8c, 0x17, 0x04, 0x9b, 0xdb, 0xeb, 0x35, 0xde, 0x47, 0x45, 0xa7, 0x37, 0x8c, 0xd9, + 0xab, 0x97, 0xf8, 0xbb, 0x54, 0x63, 0xcb, 0x30, 0xb4, 0x57, 0x6d, 0xa3, 0xc5, 0x76, 0xa2, 0xc5, + 0x76, 0x3f, 0xd6, 0x62, 0xaa, 0xe7, 0x6f, 0x51, 0xcd, 0x90, 0xfc, 0x9a, 0x3e, 0x8c, 0xf8, 0x9f, + 0x8c, 0x58, 0x8d, 0x42, 0xab, 0x66, 0x67, 0x93, 0xf8, 0xfd, 0x6a, 0x32, 0x95, 0x4d, 0x67, 0x27, + 0x95, 0x98, 0xa2, 0x93, 0x3e, 0x93, 0x6c, 0xca, 0x43, 0xc5, 0x64, 0x4f, 0x72, 0xc5, 0x5d, 0xea, + 0xc5, 0xa4, 0x3f, 0x9b, 0x28, 0x26, 0x41, 0x2a, 0x4f, 0x9e, 0xb5, 0xe1, 0x00, 0x7c, 0x82, 0xd0, + 0xc8, 0x95, 0x3c, 0x50, 0x67, 0x72, 0x1a, 0x12, 0x04, 0x6c, 0x48, 0x65, 0xf0, 0x29, 0x3a, 0xe8, + 0x0b, 0xf7, 0x8e, 0xc9, 0x9e, 0xf0, 0x15, 0xe5, 0x3e, 0x93, 0x83, 0x3e, 0x08, 0xc1, 0xb2, 0xd7, + 0x01, 0x4d, 0xab, 0xd1, 0x8c, 0x79, 0x5e, 0xac, 0x42, 0x13, 0xe8, 0xb1, 0x5c, 0x76, 0x87, 0x83, + 0x9b, 0x8f, 0xe4, 0xd0, 0x8c, 0xc5, 0x44, 0xb8, 0x89, 0x76, 0x2f, 0xbb, 0x43, 0xee, 0x4f, 0x7f, + 0x0b, 0x99, 0x73, 0x35, 0x22, 0x47, 0xc0, 0x8c, 0x4c, 0x4e, 0x8f, 0xee, 0xa3, 0x3d, 0xec, 0x81, + 0x8a, 0x2c, 0x1b, 0xd6, 0xfa, 0xce, 0xfa, 0x33, 0xde, 0xb5, 0x07, 0xbb, 0x52, 0x19, 0x6d, 0x36, + 0x67, 0x1e, 0xa7, 0x21, 0x38, 0x9f, 0x91, 0xc8, 0x2a, 0xa1, 0xbf, 0x15, 0x82, 0xb8, 0x0d, 0xb1, + 0x50, 0x32, 0x39, 0xfc, 0x0e, 0x15, 0x1d, 0xe7, 0x8a, 0x1c, 0x6c, 0xea, 0xae, 0xae, 0xaa, 0xff, + 0x9a, 0x48, 0x0b, 0xc8, 0xa8, 0x89, 0x75, 0xc7, 0x16, 0xb1, 0x52, 0xf4, 0x12, 0x9f, 0xa2, 0xd2, + 0x3d, 0x88, 0x6d, 0x2b, 0xb6, 0x82, 0x0c, 0xb7, 0x13, 0x4d, 0xda, 0xa6, 0xe8, 0x87, 0xad, 0x0f, + 0x85, 0xe6, 0x3f, 0x16, 0xb2, 0x80, 0xf0, 0x60, 0x63, 0x29, 0xc3, 0x2e, 0xe4, 0x1b, 0xf6, 0x56, + 0xae, 0x61, 0x17, 0xf3, 0x0d, 0x7b, 0x3b, 0x6d, 0xd8, 0xd9, 0xf9, 0x97, 0xd6, 0xe6, 0x9f, 0x08, + 0xbf, 0x9c, 0x12, 0xfe, 0x87, 0xa5, 0x58, 0x0f, 0x41, 0xac, 0x69, 0x4b, 0x5d, 0xde, 0x7a, 0x83, + 0x40, 0x2b, 0xb9, 0x02, 0xad, 0xaf, 0x0b, 0x74, 0x27, 0x5f, 0xa0, 0xd6, 0xf3, 0x05, 0x9a, 0xa1, + 0x03, 0xda, 0x44, 0x87, 0x6a, 0x0e, 0x1d, 0x72, 0x45, 0xb0, 0xbb, 0x51, 0x04, 0xb5, 0x7c, 0x11, + 0xbc, 0x79, 0x52, 0x04, 0x27, 0x4f, 0x88, 0x60, 0xef, 0x51, 0x11, 0xbc, 0x58, 0x13, 0xc1, 0x9a, + 0x3b, 0xbf, 0x7e, 0x96, 0x3b, 0xef, 0xe7, 0xb9, 0x73, 0xca, 0xbc, 0x0e, 0x9e, 0x6d, 0x5e, 0xb1, + 0x86, 0xf0, 0x73, 0x34, 0x84, 0xbb, 0xe8, 0x70, 0x14, 0xb9, 0x2e, 0x0b, 0xc3, 0x73, 0x36, 0x11, + 0x92, 0x0d, 0x69, 0x18, 0x72, 0x7f, 0x0a, 0x96, 0x50, 0xb2, 0x73, 0x31, 0xfc, 0x2d, 0x3a, 0xfa, + 0x99, 0x72, 0x2f, 0x92, 0x2c, 0x06, 0x7e, 0xa7, 0xd2, 0xd7, 0x9b, 0xbe, 0x84, 0x4d, 0xf9, 0x20, + 0xfe, 0x1e, 0x1d, 0x67, 0x81, 0xc4, 0x16, 0xc9, 0x31, 0x6c, 0x7b, 0x04, 0xd5, 0x2c, 0x1a, 0x4a, + 0xf1, 0xb0, 0x00, 0x35, 0x7c, 0x61, 0x58, 0xb4, 0x4c, 0x2c, 0x51, 0x18, 0x13, 0x49, 0xa1, 0x30, + 0xab, 0xcd, 0x3e, 0xfe, 0xf2, 0xbf, 0xfa, 0xf8, 0xda, 0xaf, 0xd0, 0x2b, 0x78, 0x4d, 0x36, 0xf9, + 0x3f, 0x58, 0xd5, 0xf9, 0x37, 0x7f, 0xbc, 0x9b, 0x72, 0x35, 0x8b, 0x6e, 0xf5, 0x1f, 0x9c, 0xce, + 0x8c, 0x86, 0x33, 0xee, 0x0a, 0x19, 0x74, 0x5c, 0xe1, 0x87, 0x91, 0xd7, 0xf9, 0xec, 0xaf, 0xef, + 0x6d, 0x19, 0x12, 0xef, 0xff, 0x0d, 0x00, 0x00, 0xff, 0xff, 0x33, 0x6c, 0x46, 0x9d, 0x14, 0x0b, + 0x00, 0x00, } - -func (m *HealthCheck) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *HealthCheck) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *HealthCheck) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if len(m.Timeout) > 0 { - i -= len(m.Timeout) - copy(dAtA[i:], m.Timeout) - i = encodeVarintHealthcheck(dAtA, i, uint64(len(m.Timeout))) - i-- - dAtA[i] = 0x1 - i-- - dAtA[i] = 0x82 - } - if len(m.Interval) > 0 { - i -= len(m.Interval) - copy(dAtA[i:], m.Interval) - i = encodeVarintHealthcheck(dAtA, i, uint64(len(m.Interval))) - i-- - dAtA[i] = 0x7a - } - if m.ExposedPort != 0 { - i = encodeVarintHealthcheck(dAtA, i, uint64(m.ExposedPort)) - i-- - dAtA[i] = 0x70 - } - { - size, err := m.EnterpriseMeta.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintHealthcheck(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x6a - if len(m.Type) > 0 { - i -= len(m.Type) - copy(dAtA[i:], m.Type) - i = encodeVarintHealthcheck(dAtA, i, uint64(len(m.Type))) - i-- - dAtA[i] = 0x62 - } - { - size, err := m.RaftIndex.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintHealthcheck(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x5a - { - size, err := m.Definition.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintHealthcheck(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x52 - if len(m.ServiceTags) > 0 { - for iNdEx := len(m.ServiceTags) - 1; iNdEx >= 0; iNdEx-- { - i -= len(m.ServiceTags[iNdEx]) - copy(dAtA[i:], m.ServiceTags[iNdEx]) - i = encodeVarintHealthcheck(dAtA, i, uint64(len(m.ServiceTags[iNdEx]))) - i-- - dAtA[i] = 0x4a - } - } - if len(m.ServiceName) > 0 { - i -= len(m.ServiceName) - copy(dAtA[i:], m.ServiceName) - i = encodeVarintHealthcheck(dAtA, i, uint64(len(m.ServiceName))) - i-- - dAtA[i] = 0x42 - } - if len(m.ServiceID) > 0 { - i -= len(m.ServiceID) - copy(dAtA[i:], m.ServiceID) - i = encodeVarintHealthcheck(dAtA, i, uint64(len(m.ServiceID))) - i-- - dAtA[i] = 0x3a - } - if len(m.Output) > 0 { - i -= len(m.Output) - copy(dAtA[i:], m.Output) - i = encodeVarintHealthcheck(dAtA, i, uint64(len(m.Output))) - i-- - dAtA[i] = 0x32 - } - if len(m.Notes) > 0 { - i -= len(m.Notes) - copy(dAtA[i:], m.Notes) - i = encodeVarintHealthcheck(dAtA, i, uint64(len(m.Notes))) - i-- - dAtA[i] = 0x2a - } - if len(m.Status) > 0 { - i -= len(m.Status) - copy(dAtA[i:], m.Status) - i = encodeVarintHealthcheck(dAtA, i, uint64(len(m.Status))) - i-- - dAtA[i] = 0x22 - } - if len(m.Name) > 0 { - i -= len(m.Name) - copy(dAtA[i:], m.Name) - i = encodeVarintHealthcheck(dAtA, i, uint64(len(m.Name))) - i-- - dAtA[i] = 0x1a - } - if len(m.CheckID) > 0 { - i -= len(m.CheckID) - copy(dAtA[i:], m.CheckID) - i = encodeVarintHealthcheck(dAtA, i, uint64(len(m.CheckID))) - i-- - dAtA[i] = 0x12 - } - if len(m.Node) > 0 { - i -= len(m.Node) - copy(dAtA[i:], m.Node) - i = encodeVarintHealthcheck(dAtA, i, uint64(len(m.Node))) - i-- - dAtA[i] = 0xa - } - return len(dAtA) - i, nil -} - -func (m *HeaderValue) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *HeaderValue) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *HeaderValue) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if len(m.Value) > 0 { - for iNdEx := len(m.Value) - 1; iNdEx >= 0; iNdEx-- { - i -= len(m.Value[iNdEx]) - copy(dAtA[i:], m.Value[iNdEx]) - i = encodeVarintHealthcheck(dAtA, i, uint64(len(m.Value[iNdEx]))) - i-- - dAtA[i] = 0xa - } - } - return len(dAtA) - i, nil -} - -func (m *HealthCheckDefinition) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *HealthCheckDefinition) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *HealthCheckDefinition) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if m.H2PingUseTLS { - i-- - if m.H2PingUseTLS { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x1 - i-- - dAtA[i] = 0xa8 - } - if len(m.H2PING) > 0 { - i -= len(m.H2PING) - copy(dAtA[i:], m.H2PING) - i = encodeVarintHealthcheck(dAtA, i, uint64(len(m.H2PING))) - i-- - dAtA[i] = 0x1 - i-- - dAtA[i] = 0xa2 - } - if len(m.TLSServerName) > 0 { - i -= len(m.TLSServerName) - copy(dAtA[i:], m.TLSServerName) - i = encodeVarintHealthcheck(dAtA, i, uint64(len(m.TLSServerName))) - i-- - dAtA[i] = 0x1 - i-- - dAtA[i] = 0x9a - } - if len(m.Body) > 0 { - i -= len(m.Body) - copy(dAtA[i:], m.Body) - i = encodeVarintHealthcheck(dAtA, i, uint64(len(m.Body))) - i-- - dAtA[i] = 0x1 - i-- - dAtA[i] = 0x92 - } - { - size, err := m.TTL.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintHealthcheck(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x1 - i-- - dAtA[i] = 0x8a - if len(m.AliasService) > 0 { - i -= len(m.AliasService) - copy(dAtA[i:], m.AliasService) - i = encodeVarintHealthcheck(dAtA, i, uint64(len(m.AliasService))) - i-- - dAtA[i] = 0x1 - i-- - dAtA[i] = 0x82 - } - if len(m.AliasNode) > 0 { - i -= len(m.AliasNode) - copy(dAtA[i:], m.AliasNode) - i = encodeVarintHealthcheck(dAtA, i, uint64(len(m.AliasNode))) - i-- - dAtA[i] = 0x7a - } - if m.GRPCUseTLS { - i-- - if m.GRPCUseTLS { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x70 - } - if len(m.GRPC) > 0 { - i -= len(m.GRPC) - copy(dAtA[i:], m.GRPC) - i = encodeVarintHealthcheck(dAtA, i, uint64(len(m.GRPC))) - i-- - dAtA[i] = 0x6a - } - if len(m.Shell) > 0 { - i -= len(m.Shell) - copy(dAtA[i:], m.Shell) - i = encodeVarintHealthcheck(dAtA, i, uint64(len(m.Shell))) - i-- - dAtA[i] = 0x62 - } - if len(m.DockerContainerID) > 0 { - i -= len(m.DockerContainerID) - copy(dAtA[i:], m.DockerContainerID) - i = encodeVarintHealthcheck(dAtA, i, uint64(len(m.DockerContainerID))) - i-- - dAtA[i] = 0x5a - } - if len(m.ScriptArgs) > 0 { - for iNdEx := len(m.ScriptArgs) - 1; iNdEx >= 0; iNdEx-- { - i -= len(m.ScriptArgs[iNdEx]) - copy(dAtA[i:], m.ScriptArgs[iNdEx]) - i = encodeVarintHealthcheck(dAtA, i, uint64(len(m.ScriptArgs[iNdEx]))) - i-- - dAtA[i] = 0x52 - } - } - if m.OutputMaxSize != 0 { - i = encodeVarintHealthcheck(dAtA, i, uint64(m.OutputMaxSize)) - i-- - dAtA[i] = 0x48 - } - { - size, err := m.DeregisterCriticalServiceAfter.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintHealthcheck(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x42 - { - size, err := m.Timeout.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintHealthcheck(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x3a - { - size, err := m.Interval.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintHealthcheck(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x32 - if len(m.TCP) > 0 { - i -= len(m.TCP) - copy(dAtA[i:], m.TCP) - i = encodeVarintHealthcheck(dAtA, i, uint64(len(m.TCP))) - i-- - dAtA[i] = 0x2a - } - if len(m.Method) > 0 { - i -= len(m.Method) - copy(dAtA[i:], m.Method) - i = encodeVarintHealthcheck(dAtA, i, uint64(len(m.Method))) - i-- - dAtA[i] = 0x22 - } - if len(m.Header) > 0 { - for k := range m.Header { - v := m.Header[k] - baseI := i - { - size, err := (&v).MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintHealthcheck(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x12 - i -= len(k) - copy(dAtA[i:], k) - i = encodeVarintHealthcheck(dAtA, i, uint64(len(k))) - i-- - dAtA[i] = 0xa - i = encodeVarintHealthcheck(dAtA, i, uint64(baseI-i)) - i-- - dAtA[i] = 0x1a - } - } - if m.TLSSkipVerify { - i-- - if m.TLSSkipVerify { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x10 - } - if len(m.HTTP) > 0 { - i -= len(m.HTTP) - copy(dAtA[i:], m.HTTP) - i = encodeVarintHealthcheck(dAtA, i, uint64(len(m.HTTP))) - i-- - dAtA[i] = 0xa - } - return len(dAtA) - i, nil -} - -func (m *CheckType) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *CheckType) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *CheckType) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if m.H2PingUseTLS { - i-- - if m.H2PingUseTLS { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x1 - i-- - dAtA[i] = 0xf0 - } - if m.FailuresBeforeWarning != 0 { - i = encodeVarintHealthcheck(dAtA, i, uint64(m.FailuresBeforeWarning)) - i-- - dAtA[i] = 0x1 - i-- - dAtA[i] = 0xe8 - } - if len(m.H2PING) > 0 { - i -= len(m.H2PING) - copy(dAtA[i:], m.H2PING) - i = encodeVarintHealthcheck(dAtA, i, uint64(len(m.H2PING))) - i-- - dAtA[i] = 0x1 - i-- - dAtA[i] = 0xe2 - } - if len(m.TLSServerName) > 0 { - i -= len(m.TLSServerName) - copy(dAtA[i:], m.TLSServerName) - i = encodeVarintHealthcheck(dAtA, i, uint64(len(m.TLSServerName))) - i-- - dAtA[i] = 0x1 - i-- - dAtA[i] = 0xda - } - if len(m.Body) > 0 { - i -= len(m.Body) - copy(dAtA[i:], m.Body) - i = encodeVarintHealthcheck(dAtA, i, uint64(len(m.Body))) - i-- - dAtA[i] = 0x1 - i-- - dAtA[i] = 0xd2 - } - if m.OutputMaxSize != 0 { - i = encodeVarintHealthcheck(dAtA, i, uint64(m.OutputMaxSize)) - i-- - dAtA[i] = 0x1 - i-- - dAtA[i] = 0xc8 - } - if len(m.ProxyGRPC) > 0 { - i -= len(m.ProxyGRPC) - copy(dAtA[i:], m.ProxyGRPC) - i = encodeVarintHealthcheck(dAtA, i, uint64(len(m.ProxyGRPC))) - i-- - dAtA[i] = 0x1 - i-- - dAtA[i] = 0xc2 - } - if len(m.ProxyHTTP) > 0 { - i -= len(m.ProxyHTTP) - copy(dAtA[i:], m.ProxyHTTP) - i = encodeVarintHealthcheck(dAtA, i, uint64(len(m.ProxyHTTP))) - i-- - dAtA[i] = 0x1 - i-- - dAtA[i] = 0xba - } - if m.FailuresBeforeCritical != 0 { - i = encodeVarintHealthcheck(dAtA, i, uint64(m.FailuresBeforeCritical)) - i-- - dAtA[i] = 0x1 - i-- - dAtA[i] = 0xb0 - } - if m.SuccessBeforePassing != 0 { - i = encodeVarintHealthcheck(dAtA, i, uint64(m.SuccessBeforePassing)) - i-- - dAtA[i] = 0x1 - i-- - dAtA[i] = 0xa8 - } - if len(m.Header) > 0 { - for k := range m.Header { - v := m.Header[k] - baseI := i - { - size, err := (&v).MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintHealthcheck(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x12 - i -= len(k) - copy(dAtA[i:], k) - i = encodeVarintHealthcheck(dAtA, i, uint64(len(k))) - i-- - dAtA[i] = 0xa - i = encodeVarintHealthcheck(dAtA, i, uint64(baseI-i)) - i-- - dAtA[i] = 0x1 - i-- - dAtA[i] = 0xa2 - } - } - { - size, err := m.DeregisterCriticalServiceAfter.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintHealthcheck(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x1 - i-- - dAtA[i] = 0x9a - { - size, err := m.TTL.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintHealthcheck(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x1 - i-- - dAtA[i] = 0x92 - { - size, err := m.Timeout.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintHealthcheck(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x1 - i-- - dAtA[i] = 0x8a - if m.TLSSkipVerify { - i-- - if m.TLSSkipVerify { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x1 - i-- - dAtA[i] = 0x80 - } - if m.GRPCUseTLS { - i-- - if m.GRPCUseTLS { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x78 - } - if len(m.GRPC) > 0 { - i -= len(m.GRPC) - copy(dAtA[i:], m.GRPC) - i = encodeVarintHealthcheck(dAtA, i, uint64(len(m.GRPC))) - i-- - dAtA[i] = 0x72 - } - if len(m.Shell) > 0 { - i -= len(m.Shell) - copy(dAtA[i:], m.Shell) - i = encodeVarintHealthcheck(dAtA, i, uint64(len(m.Shell))) - i-- - dAtA[i] = 0x6a - } - if len(m.DockerContainerID) > 0 { - i -= len(m.DockerContainerID) - copy(dAtA[i:], m.DockerContainerID) - i = encodeVarintHealthcheck(dAtA, i, uint64(len(m.DockerContainerID))) - i-- - dAtA[i] = 0x62 - } - if len(m.AliasService) > 0 { - i -= len(m.AliasService) - copy(dAtA[i:], m.AliasService) - i = encodeVarintHealthcheck(dAtA, i, uint64(len(m.AliasService))) - i-- - dAtA[i] = 0x5a - } - if len(m.AliasNode) > 0 { - i -= len(m.AliasNode) - copy(dAtA[i:], m.AliasNode) - i = encodeVarintHealthcheck(dAtA, i, uint64(len(m.AliasNode))) - i-- - dAtA[i] = 0x52 - } - { - size, err := m.Interval.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintHealthcheck(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x4a - if len(m.TCP) > 0 { - i -= len(m.TCP) - copy(dAtA[i:], m.TCP) - i = encodeVarintHealthcheck(dAtA, i, uint64(len(m.TCP))) - i-- - dAtA[i] = 0x42 - } - if len(m.Method) > 0 { - i -= len(m.Method) - copy(dAtA[i:], m.Method) - i = encodeVarintHealthcheck(dAtA, i, uint64(len(m.Method))) - i-- - dAtA[i] = 0x3a - } - if len(m.HTTP) > 0 { - i -= len(m.HTTP) - copy(dAtA[i:], m.HTTP) - i = encodeVarintHealthcheck(dAtA, i, uint64(len(m.HTTP))) - i-- - dAtA[i] = 0x32 - } - if len(m.ScriptArgs) > 0 { - for iNdEx := len(m.ScriptArgs) - 1; iNdEx >= 0; iNdEx-- { - i -= len(m.ScriptArgs[iNdEx]) - copy(dAtA[i:], m.ScriptArgs[iNdEx]) - i = encodeVarintHealthcheck(dAtA, i, uint64(len(m.ScriptArgs[iNdEx]))) - i-- - dAtA[i] = 0x2a - } - } - if len(m.Notes) > 0 { - i -= len(m.Notes) - copy(dAtA[i:], m.Notes) - i = encodeVarintHealthcheck(dAtA, i, uint64(len(m.Notes))) - i-- - dAtA[i] = 0x22 - } - if len(m.Status) > 0 { - i -= len(m.Status) - copy(dAtA[i:], m.Status) - i = encodeVarintHealthcheck(dAtA, i, uint64(len(m.Status))) - i-- - dAtA[i] = 0x1a - } - if len(m.Name) > 0 { - i -= len(m.Name) - copy(dAtA[i:], m.Name) - i = encodeVarintHealthcheck(dAtA, i, uint64(len(m.Name))) - i-- - dAtA[i] = 0x12 - } - if len(m.CheckID) > 0 { - i -= len(m.CheckID) - copy(dAtA[i:], m.CheckID) - i = encodeVarintHealthcheck(dAtA, i, uint64(len(m.CheckID))) - i-- - dAtA[i] = 0xa - } - return len(dAtA) - i, nil -} - -func encodeVarintHealthcheck(dAtA []byte, offset int, v uint64) int { - offset -= sovHealthcheck(v) - base := offset - for v >= 1<<7 { - dAtA[offset] = uint8(v&0x7f | 0x80) - v >>= 7 - offset++ - } - dAtA[offset] = uint8(v) - return base -} -func (m *HealthCheck) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.Node) - if l > 0 { - n += 1 + l + sovHealthcheck(uint64(l)) - } - l = len(m.CheckID) - if l > 0 { - n += 1 + l + sovHealthcheck(uint64(l)) - } - l = len(m.Name) - if l > 0 { - n += 1 + l + sovHealthcheck(uint64(l)) - } - l = len(m.Status) - if l > 0 { - n += 1 + l + sovHealthcheck(uint64(l)) - } - l = len(m.Notes) - if l > 0 { - n += 1 + l + sovHealthcheck(uint64(l)) - } - l = len(m.Output) - if l > 0 { - n += 1 + l + sovHealthcheck(uint64(l)) - } - l = len(m.ServiceID) - if l > 0 { - n += 1 + l + sovHealthcheck(uint64(l)) - } - l = len(m.ServiceName) - if l > 0 { - n += 1 + l + sovHealthcheck(uint64(l)) - } - if len(m.ServiceTags) > 0 { - for _, s := range m.ServiceTags { - l = len(s) - n += 1 + l + sovHealthcheck(uint64(l)) - } - } - l = m.Definition.Size() - n += 1 + l + sovHealthcheck(uint64(l)) - l = m.RaftIndex.Size() - n += 1 + l + sovHealthcheck(uint64(l)) - l = len(m.Type) - if l > 0 { - n += 1 + l + sovHealthcheck(uint64(l)) - } - l = m.EnterpriseMeta.Size() - n += 1 + l + sovHealthcheck(uint64(l)) - if m.ExposedPort != 0 { - n += 1 + sovHealthcheck(uint64(m.ExposedPort)) - } - l = len(m.Interval) - if l > 0 { - n += 1 + l + sovHealthcheck(uint64(l)) - } - l = len(m.Timeout) - if l > 0 { - n += 2 + l + sovHealthcheck(uint64(l)) - } - return n -} - -func (m *HeaderValue) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - if len(m.Value) > 0 { - for _, s := range m.Value { - l = len(s) - n += 1 + l + sovHealthcheck(uint64(l)) - } - } - return n -} - -func (m *HealthCheckDefinition) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.HTTP) - if l > 0 { - n += 1 + l + sovHealthcheck(uint64(l)) - } - if m.TLSSkipVerify { - n += 2 - } - if len(m.Header) > 0 { - for k, v := range m.Header { - _ = k - _ = v - l = v.Size() - mapEntrySize := 1 + len(k) + sovHealthcheck(uint64(len(k))) + 1 + l + sovHealthcheck(uint64(l)) - n += mapEntrySize + 1 + sovHealthcheck(uint64(mapEntrySize)) - } - } - l = len(m.Method) - if l > 0 { - n += 1 + l + sovHealthcheck(uint64(l)) - } - l = len(m.TCP) - if l > 0 { - n += 1 + l + sovHealthcheck(uint64(l)) - } - l = m.Interval.Size() - n += 1 + l + sovHealthcheck(uint64(l)) - l = m.Timeout.Size() - n += 1 + l + sovHealthcheck(uint64(l)) - l = m.DeregisterCriticalServiceAfter.Size() - n += 1 + l + sovHealthcheck(uint64(l)) - if m.OutputMaxSize != 0 { - n += 1 + sovHealthcheck(uint64(m.OutputMaxSize)) - } - if len(m.ScriptArgs) > 0 { - for _, s := range m.ScriptArgs { - l = len(s) - n += 1 + l + sovHealthcheck(uint64(l)) - } - } - l = len(m.DockerContainerID) - if l > 0 { - n += 1 + l + sovHealthcheck(uint64(l)) - } - l = len(m.Shell) - if l > 0 { - n += 1 + l + sovHealthcheck(uint64(l)) - } - l = len(m.GRPC) - if l > 0 { - n += 1 + l + sovHealthcheck(uint64(l)) - } - if m.GRPCUseTLS { - n += 2 - } - l = len(m.AliasNode) - if l > 0 { - n += 1 + l + sovHealthcheck(uint64(l)) - } - l = len(m.AliasService) - if l > 0 { - n += 2 + l + sovHealthcheck(uint64(l)) - } - l = m.TTL.Size() - n += 2 + l + sovHealthcheck(uint64(l)) - l = len(m.Body) - if l > 0 { - n += 2 + l + sovHealthcheck(uint64(l)) - } - l = len(m.TLSServerName) - if l > 0 { - n += 2 + l + sovHealthcheck(uint64(l)) - } - l = len(m.H2PING) - if l > 0 { - n += 2 + l + sovHealthcheck(uint64(l)) - } - if m.H2PingUseTLS { - n += 3 - } - return n -} - -func (m *CheckType) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.CheckID) - if l > 0 { - n += 1 + l + sovHealthcheck(uint64(l)) - } - l = len(m.Name) - if l > 0 { - n += 1 + l + sovHealthcheck(uint64(l)) - } - l = len(m.Status) - if l > 0 { - n += 1 + l + sovHealthcheck(uint64(l)) - } - l = len(m.Notes) - if l > 0 { - n += 1 + l + sovHealthcheck(uint64(l)) - } - if len(m.ScriptArgs) > 0 { - for _, s := range m.ScriptArgs { - l = len(s) - n += 1 + l + sovHealthcheck(uint64(l)) - } - } - l = len(m.HTTP) - if l > 0 { - n += 1 + l + sovHealthcheck(uint64(l)) - } - l = len(m.Method) - if l > 0 { - n += 1 + l + sovHealthcheck(uint64(l)) - } - l = len(m.TCP) - if l > 0 { - n += 1 + l + sovHealthcheck(uint64(l)) - } - l = m.Interval.Size() - n += 1 + l + sovHealthcheck(uint64(l)) - l = len(m.AliasNode) - if l > 0 { - n += 1 + l + sovHealthcheck(uint64(l)) - } - l = len(m.AliasService) - if l > 0 { - n += 1 + l + sovHealthcheck(uint64(l)) - } - l = len(m.DockerContainerID) - if l > 0 { - n += 1 + l + sovHealthcheck(uint64(l)) - } - l = len(m.Shell) - if l > 0 { - n += 1 + l + sovHealthcheck(uint64(l)) - } - l = len(m.GRPC) - if l > 0 { - n += 1 + l + sovHealthcheck(uint64(l)) - } - if m.GRPCUseTLS { - n += 2 - } - if m.TLSSkipVerify { - n += 3 - } - l = m.Timeout.Size() - n += 2 + l + sovHealthcheck(uint64(l)) - l = m.TTL.Size() - n += 2 + l + sovHealthcheck(uint64(l)) - l = m.DeregisterCriticalServiceAfter.Size() - n += 2 + l + sovHealthcheck(uint64(l)) - if len(m.Header) > 0 { - for k, v := range m.Header { - _ = k - _ = v - l = v.Size() - mapEntrySize := 1 + len(k) + sovHealthcheck(uint64(len(k))) + 1 + l + sovHealthcheck(uint64(l)) - n += mapEntrySize + 2 + sovHealthcheck(uint64(mapEntrySize)) - } - } - if m.SuccessBeforePassing != 0 { - n += 2 + sovHealthcheck(uint64(m.SuccessBeforePassing)) - } - if m.FailuresBeforeCritical != 0 { - n += 2 + sovHealthcheck(uint64(m.FailuresBeforeCritical)) - } - l = len(m.ProxyHTTP) - if l > 0 { - n += 2 + l + sovHealthcheck(uint64(l)) - } - l = len(m.ProxyGRPC) - if l > 0 { - n += 2 + l + sovHealthcheck(uint64(l)) - } - if m.OutputMaxSize != 0 { - n += 2 + sovHealthcheck(uint64(m.OutputMaxSize)) - } - l = len(m.Body) - if l > 0 { - n += 2 + l + sovHealthcheck(uint64(l)) - } - l = len(m.TLSServerName) - if l > 0 { - n += 2 + l + sovHealthcheck(uint64(l)) - } - l = len(m.H2PING) - if l > 0 { - n += 2 + l + sovHealthcheck(uint64(l)) - } - if m.FailuresBeforeWarning != 0 { - n += 2 + sovHealthcheck(uint64(m.FailuresBeforeWarning)) - } - if m.H2PingUseTLS { - n += 3 - } - return n -} - -func sovHealthcheck(x uint64) (n int) { - return (math_bits.Len64(x|1) + 6) / 7 -} -func sozHealthcheck(x uint64) (n int) { - return sovHealthcheck(uint64((x << 1) ^ uint64((int64(x) >> 63)))) -} -func (m *HealthCheck) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: HealthCheck: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: HealthCheck: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Node", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthHealthcheck - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthHealthcheck - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Node = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field CheckID", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthHealthcheck - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthHealthcheck - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.CheckID = github_com_hashicorp_consul_types.CheckID(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthHealthcheck - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthHealthcheck - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Name = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 4: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Status", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthHealthcheck - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthHealthcheck - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Status = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 5: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Notes", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthHealthcheck - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthHealthcheck - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Notes = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 6: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Output", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthHealthcheck - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthHealthcheck - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Output = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 7: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ServiceID", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthHealthcheck - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthHealthcheck - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.ServiceID = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 8: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ServiceName", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthHealthcheck - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthHealthcheck - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.ServiceName = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 9: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ServiceTags", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthHealthcheck - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthHealthcheck - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.ServiceTags = append(m.ServiceTags, string(dAtA[iNdEx:postIndex])) - iNdEx = postIndex - case 10: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Definition", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthHealthcheck - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthHealthcheck - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.Definition.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 11: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field RaftIndex", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthHealthcheck - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthHealthcheck - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.RaftIndex.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 12: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Type", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthHealthcheck - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthHealthcheck - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Type = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 13: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field EnterpriseMeta", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthHealthcheck - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthHealthcheck - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.EnterpriseMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 14: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field ExposedPort", wireType) - } - m.ExposedPort = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.ExposedPort |= int32(b&0x7F) << shift - if b < 0x80 { - break - } - } - case 15: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Interval", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthHealthcheck - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthHealthcheck - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Interval = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 16: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Timeout", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthHealthcheck - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthHealthcheck - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Timeout = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipHealthcheck(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthHealthcheck - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *HeaderValue) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: HeaderValue: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: HeaderValue: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Value", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthHealthcheck - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthHealthcheck - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Value = append(m.Value, string(dAtA[iNdEx:postIndex])) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipHealthcheck(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthHealthcheck - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *HealthCheckDefinition) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: HealthCheckDefinition: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: HealthCheckDefinition: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field HTTP", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthHealthcheck - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthHealthcheck - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.HTTP = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 2: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field TLSSkipVerify", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.TLSSkipVerify = bool(v != 0) - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Header", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthHealthcheck - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthHealthcheck - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.Header == nil { - m.Header = make(map[string]HeaderValue) - } - var mapkey string - mapvalue := &HeaderValue{} - for iNdEx < postIndex { - entryPreIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - if fieldNum == 1 { - var stringLenmapkey uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLenmapkey |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLenmapkey := int(stringLenmapkey) - if intStringLenmapkey < 0 { - return ErrInvalidLengthHealthcheck - } - postStringIndexmapkey := iNdEx + intStringLenmapkey - if postStringIndexmapkey < 0 { - return ErrInvalidLengthHealthcheck - } - if postStringIndexmapkey > l { - return io.ErrUnexpectedEOF - } - mapkey = string(dAtA[iNdEx:postStringIndexmapkey]) - iNdEx = postStringIndexmapkey - } else if fieldNum == 2 { - var mapmsglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - mapmsglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if mapmsglen < 0 { - return ErrInvalidLengthHealthcheck - } - postmsgIndex := iNdEx + mapmsglen - if postmsgIndex < 0 { - return ErrInvalidLengthHealthcheck - } - if postmsgIndex > l { - return io.ErrUnexpectedEOF - } - mapvalue = &HeaderValue{} - if err := mapvalue.Unmarshal(dAtA[iNdEx:postmsgIndex]); err != nil { - return err - } - iNdEx = postmsgIndex - } else { - iNdEx = entryPreIndex - skippy, err := skipHealthcheck(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthHealthcheck - } - if (iNdEx + skippy) > postIndex { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - m.Header[mapkey] = *mapvalue - iNdEx = postIndex - case 4: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Method", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthHealthcheck - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthHealthcheck - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Method = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 5: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field TCP", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthHealthcheck - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthHealthcheck - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.TCP = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 6: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Interval", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthHealthcheck - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthHealthcheck - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.Interval.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 7: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Timeout", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthHealthcheck - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthHealthcheck - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.Timeout.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 8: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DeregisterCriticalServiceAfter", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthHealthcheck - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthHealthcheck - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.DeregisterCriticalServiceAfter.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 9: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field OutputMaxSize", wireType) - } - m.OutputMaxSize = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.OutputMaxSize |= uint32(b&0x7F) << shift - if b < 0x80 { - break - } - } - case 10: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ScriptArgs", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthHealthcheck - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthHealthcheck - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.ScriptArgs = append(m.ScriptArgs, string(dAtA[iNdEx:postIndex])) - iNdEx = postIndex - case 11: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DockerContainerID", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthHealthcheck - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthHealthcheck - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.DockerContainerID = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 12: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Shell", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthHealthcheck - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthHealthcheck - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Shell = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 13: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field GRPC", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthHealthcheck - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthHealthcheck - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.GRPC = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 14: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field GRPCUseTLS", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.GRPCUseTLS = bool(v != 0) - case 15: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field AliasNode", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthHealthcheck - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthHealthcheck - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.AliasNode = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 16: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field AliasService", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthHealthcheck - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthHealthcheck - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.AliasService = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 17: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field TTL", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthHealthcheck - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthHealthcheck - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.TTL.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 18: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Body", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthHealthcheck - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthHealthcheck - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Body = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 19: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field TLSServerName", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthHealthcheck - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthHealthcheck - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.TLSServerName = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 20: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field H2PING", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthHealthcheck - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthHealthcheck - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.H2PING = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 21: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field H2PingUseTLS", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.H2PingUseTLS = bool(v != 0) - default: - iNdEx = preIndex - skippy, err := skipHealthcheck(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthHealthcheck - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *CheckType) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: CheckType: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: CheckType: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field CheckID", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthHealthcheck - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthHealthcheck - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.CheckID = github_com_hashicorp_consul_types.CheckID(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthHealthcheck - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthHealthcheck - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Name = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Status", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthHealthcheck - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthHealthcheck - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Status = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 4: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Notes", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthHealthcheck - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthHealthcheck - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Notes = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 5: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ScriptArgs", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthHealthcheck - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthHealthcheck - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.ScriptArgs = append(m.ScriptArgs, string(dAtA[iNdEx:postIndex])) - iNdEx = postIndex - case 6: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field HTTP", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthHealthcheck - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthHealthcheck - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.HTTP = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 7: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Method", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthHealthcheck - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthHealthcheck - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Method = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 8: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field TCP", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthHealthcheck - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthHealthcheck - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.TCP = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 9: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Interval", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthHealthcheck - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthHealthcheck - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.Interval.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 10: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field AliasNode", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthHealthcheck - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthHealthcheck - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.AliasNode = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 11: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field AliasService", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthHealthcheck - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthHealthcheck - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.AliasService = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 12: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DockerContainerID", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthHealthcheck - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthHealthcheck - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.DockerContainerID = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 13: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Shell", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthHealthcheck - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthHealthcheck - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Shell = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 14: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field GRPC", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthHealthcheck - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthHealthcheck - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.GRPC = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 15: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field GRPCUseTLS", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.GRPCUseTLS = bool(v != 0) - case 16: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field TLSSkipVerify", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.TLSSkipVerify = bool(v != 0) - case 17: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Timeout", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthHealthcheck - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthHealthcheck - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.Timeout.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 18: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field TTL", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthHealthcheck - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthHealthcheck - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.TTL.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 19: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DeregisterCriticalServiceAfter", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthHealthcheck - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthHealthcheck - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.DeregisterCriticalServiceAfter.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 20: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Header", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthHealthcheck - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthHealthcheck - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.Header == nil { - m.Header = make(map[string]HeaderValue) - } - var mapkey string - mapvalue := &HeaderValue{} - for iNdEx < postIndex { - entryPreIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - if fieldNum == 1 { - var stringLenmapkey uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLenmapkey |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLenmapkey := int(stringLenmapkey) - if intStringLenmapkey < 0 { - return ErrInvalidLengthHealthcheck - } - postStringIndexmapkey := iNdEx + intStringLenmapkey - if postStringIndexmapkey < 0 { - return ErrInvalidLengthHealthcheck - } - if postStringIndexmapkey > l { - return io.ErrUnexpectedEOF - } - mapkey = string(dAtA[iNdEx:postStringIndexmapkey]) - iNdEx = postStringIndexmapkey - } else if fieldNum == 2 { - var mapmsglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - mapmsglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if mapmsglen < 0 { - return ErrInvalidLengthHealthcheck - } - postmsgIndex := iNdEx + mapmsglen - if postmsgIndex < 0 { - return ErrInvalidLengthHealthcheck - } - if postmsgIndex > l { - return io.ErrUnexpectedEOF - } - mapvalue = &HeaderValue{} - if err := mapvalue.Unmarshal(dAtA[iNdEx:postmsgIndex]); err != nil { - return err - } - iNdEx = postmsgIndex - } else { - iNdEx = entryPreIndex - skippy, err := skipHealthcheck(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthHealthcheck - } - if (iNdEx + skippy) > postIndex { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - m.Header[mapkey] = *mapvalue - iNdEx = postIndex - case 21: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field SuccessBeforePassing", wireType) - } - m.SuccessBeforePassing = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.SuccessBeforePassing |= int32(b&0x7F) << shift - if b < 0x80 { - break - } - } - case 22: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field FailuresBeforeCritical", wireType) - } - m.FailuresBeforeCritical = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.FailuresBeforeCritical |= int32(b&0x7F) << shift - if b < 0x80 { - break - } - } - case 23: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ProxyHTTP", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthHealthcheck - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthHealthcheck - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.ProxyHTTP = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 24: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ProxyGRPC", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthHealthcheck - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthHealthcheck - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.ProxyGRPC = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 25: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field OutputMaxSize", wireType) - } - m.OutputMaxSize = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.OutputMaxSize |= int32(b&0x7F) << shift - if b < 0x80 { - break - } - } - case 26: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Body", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthHealthcheck - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthHealthcheck - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Body = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 27: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field TLSServerName", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthHealthcheck - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthHealthcheck - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.TLSServerName = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 28: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field H2PING", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthHealthcheck - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthHealthcheck - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.H2PING = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 29: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field FailuresBeforeWarning", wireType) - } - m.FailuresBeforeWarning = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.FailuresBeforeWarning |= int32(b&0x7F) << shift - if b < 0x80 { - break - } - } - case 30: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field H2PingUseTLS", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.H2PingUseTLS = bool(v != 0) - default: - iNdEx = preIndex - skippy, err := skipHealthcheck(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthHealthcheck - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func skipHealthcheck(dAtA []byte) (n int, err error) { - l := len(dAtA) - iNdEx := 0 - depth := 0 - for iNdEx < l { - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - wireType := int(wire & 0x7) - switch wireType { - case 0: - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - iNdEx++ - if dAtA[iNdEx-1] < 0x80 { - break - } - } - case 1: - iNdEx += 8 - case 2: - var length int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowHealthcheck - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - length |= (int(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - if length < 0 { - return 0, ErrInvalidLengthHealthcheck - } - iNdEx += length - case 3: - depth++ - case 4: - if depth == 0 { - return 0, ErrUnexpectedEndOfGroupHealthcheck - } - depth-- - case 5: - iNdEx += 4 - default: - return 0, fmt.Errorf("proto: illegal wireType %d", wireType) - } - if iNdEx < 0 { - return 0, ErrInvalidLengthHealthcheck - } - if depth == 0 { - return iNdEx, nil - } - } - return 0, io.ErrUnexpectedEOF -} - -var ( - ErrInvalidLengthHealthcheck = fmt.Errorf("proto: negative length found during unmarshaling") - ErrIntOverflowHealthcheck = fmt.Errorf("proto: integer overflow") - ErrUnexpectedEndOfGroupHealthcheck = fmt.Errorf("proto: unexpected end of group") -) diff --git a/proto/pbservice/healthcheck.proto b/proto/pbservice/healthcheck.proto index 15a5d3dce..6d709d874 100644 --- a/proto/pbservice/healthcheck.proto +++ b/proto/pbservice/healthcheck.proto @@ -5,15 +5,7 @@ package pbservice; option go_package = "github.com/hashicorp/consul/proto/pbservice"; import "google/protobuf/duration.proto"; -import "proto/pbcommongogo/common.proto"; - -// This fake import path is replaced by the build script with a versioned path -import "gogoproto/gogo.proto"; - -option (gogoproto.goproto_unkeyed_all) = false; -option (gogoproto.goproto_unrecognized_all) = false; -option (gogoproto.goproto_getters_all) = false; -option (gogoproto.goproto_sizecache_all) = false; +import "proto/pbcommon/common.proto"; // HealthCheck represents a single check on a given node // @@ -24,7 +16,8 @@ option (gogoproto.goproto_sizecache_all) = false; // name=Structs message HealthCheck { string Node = 1; - string CheckID = 2 [(gogoproto.casttype) = "github.com/hashicorp/consul/types.CheckID"]; + // mog: func-to=CheckIDType func-from=string + string CheckID = 2; string Name = 3; string Status = 4; // The current check status string Notes = 5; // Additional notes with the status @@ -34,13 +27,13 @@ message HealthCheck { repeated string ServiceTags = 9; // optional service tags string Type = 12; // Check type: http/ttl/tcp/etc - HealthCheckDefinition Definition = 10 [(gogoproto.nullable) = false]; + HealthCheckDefinition Definition = 10; // mog: func-to=RaftIndexToStructs func-from=NewRaftIndexFromStructs - commongogo.RaftIndex RaftIndex = 11 [(gogoproto.embed) = true, (gogoproto.nullable) = false]; + common.RaftIndex RaftIndex = 11; // mog: func-to=EnterpriseMetaToStructs func-from=NewEnterpriseMetaFromStructs - commongogo.EnterpriseMeta EnterpriseMeta = 13 [(gogoproto.nullable) = false]; + common.EnterpriseMeta EnterpriseMeta = 13; // mog: func-to=int func-from=int32 int32 ExposedPort = 14; @@ -66,19 +59,19 @@ message HealthCheckDefinition { bool TLSSkipVerify = 2; // mog: func-to=MapHeadersToStructs func-from=NewMapHeadersFromStructs - map Header = 3 [(gogoproto.nullable) = false]; + map Header = 3; string Method = 4; string Body = 18; string TCP = 5; - google.protobuf.Duration Interval = 6 - [(gogoproto.nullable) = false]; + // mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto + google.protobuf.Duration Interval = 6; // mog: func-to=uint func-from=uint32 uint32 OutputMaxSize = 9; - google.protobuf.Duration Timeout = 7 - [(gogoproto.nullable) = false]; - google.protobuf.Duration DeregisterCriticalServiceAfter = 8 - [(gogoproto.nullable) = false]; + // mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto + google.protobuf.Duration Timeout = 7; + // mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto + google.protobuf.Duration DeregisterCriticalServiceAfter = 8; repeated string ScriptArgs = 10; string DockerContainerID = 11; string Shell = 12; @@ -88,8 +81,8 @@ message HealthCheckDefinition { bool GRPCUseTLS = 14; string AliasNode = 15; string AliasService = 16; - google.protobuf.Duration TTL = 17 - [(gogoproto.nullable) = false]; + // mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto + google.protobuf.Duration TTL = 17; } // CheckType is used to create either the CheckMonitor or the CheckTTL. @@ -105,7 +98,8 @@ message HealthCheckDefinition { // output=healthcheck.gen.go // name=Structs message CheckType { - string CheckID = 1 [(gogoproto.casttype) = "github.com/hashicorp/consul/types.CheckID"]; + // mog: func-to=CheckIDType func-from=string + string CheckID = 1; string Name = 2; string Status = 3; string Notes = 4; @@ -113,12 +107,12 @@ message CheckType { repeated string ScriptArgs = 5; string HTTP = 6; // mog: func-to=MapHeadersToStructs func-from=NewMapHeadersFromStructs - map Header = 20 [(gogoproto.nullable) = false]; + map Header = 20; string Method = 7; string Body = 26; string TCP = 8; - google.protobuf.Duration Interval = 9 - [(gogoproto.nullable) = false]; + // mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto + google.protobuf.Duration Interval = 9; string AliasNode = 10; string AliasService = 11; @@ -130,10 +124,10 @@ message CheckType { bool GRPCUseTLS = 15; string TLSServerName = 27; bool TLSSkipVerify = 16; - google.protobuf.Duration Timeout = 17 - [(gogoproto.nullable) = false]; - google.protobuf.Duration TTL = 18 - [(gogoproto.nullable) = false]; + // mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto + google.protobuf.Duration Timeout = 17; + // mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto + google.protobuf.Duration TTL = 18; // mog: func-to=int func-from=int32 int32 SuccessBeforePassing = 21; @@ -149,8 +143,8 @@ message CheckType { // DeregisterCriticalServiceAfter, if >0, will cause the associated // service, if any, to be deregistered if this check is critical for // longer than this duration. - google.protobuf.Duration DeregisterCriticalServiceAfter = 19 - [(gogoproto.nullable) = false]; + // mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto + google.protobuf.Duration DeregisterCriticalServiceAfter = 19; // mog: func-to=int func-from=int32 int32 OutputMaxSize = 25; diff --git a/proto/pbservice/ids.go b/proto/pbservice/ids.go index 7fac22f42..ef46d3eaa 100644 --- a/proto/pbservice/ids.go +++ b/proto/pbservice/ids.go @@ -23,14 +23,22 @@ func (m *CheckServiceNode) UniqueID() string { case m.Node != nil: builder.WriteString(m.Node.Partition + "/") case m.Service != nil: - builder.WriteString(m.Service.EnterpriseMeta.Partition + "/") + partition := "" + if m.Service.EnterpriseMeta != nil { + partition = m.Service.EnterpriseMeta.Partition + } + builder.WriteString(partition + "/") } if m.Node != nil { builder.WriteString(m.Node.Node + "/") } if m.Service != nil { - builder.WriteString(m.Service.EnterpriseMeta.Namespace + "/") + namespace := "" + if m.Service.EnterpriseMeta != nil { + namespace = m.Service.EnterpriseMeta.Namespace + } + builder.WriteString(namespace + "/") builder.WriteString(m.Service.ID) } return builder.String() diff --git a/proto/pbservice/ids_test.go b/proto/pbservice/ids_test.go index 2856aa70a..2d534e902 100644 --- a/proto/pbservice/ids_test.go +++ b/proto/pbservice/ids_test.go @@ -5,7 +5,7 @@ import ( "github.com/stretchr/testify/require" - "github.com/hashicorp/consul/proto/pbcommongogo" + "github.com/hashicorp/consul/proto/pbcommon" ) func TestCheckServiceNode_UniqueID(t *testing.T) { @@ -25,7 +25,7 @@ func TestCheckServiceNode_UniqueID(t *testing.T) { Node: &Node{Node: "the-node-name"}, Service: &NodeService{ ID: "the-service-id", - EnterpriseMeta: pbcommongogo.EnterpriseMeta{Namespace: "the-namespace"}, + EnterpriseMeta: &pbcommon.EnterpriseMeta{Namespace: "the-namespace"}, }, }, expected: "/the-node-name/the-namespace/the-service-id", @@ -35,7 +35,7 @@ func TestCheckServiceNode_UniqueID(t *testing.T) { csn: CheckServiceNode{ Service: &NodeService{ ID: "the-service-id", - EnterpriseMeta: pbcommongogo.EnterpriseMeta{Namespace: "the-namespace"}, + EnterpriseMeta: &pbcommon.EnterpriseMeta{Namespace: "the-namespace"}, }, }, expected: "/the-namespace/the-service-id", diff --git a/proto/pbservice/node.gen.go b/proto/pbservice/node.gen.go index 0d9b1f641..cadf2c7e9 100644 --- a/proto/pbservice/node.gen.go +++ b/proto/pbservice/node.gen.go @@ -2,11 +2,13 @@ package pbservice -import structs "github.com/hashicorp/consul/agent/structs" +import "github.com/hashicorp/consul/agent/structs" -func NodeToStructs(s Node) structs.Node { - var t structs.Node - t.ID = s.ID +func NodeToStructs(s *Node, t *structs.Node) { + if s == nil { + return + } + t.ID = NodeIDType(s.ID) t.Node = s.Node t.Address = s.Address t.Datacenter = s.Datacenter @@ -14,11 +16,12 @@ func NodeToStructs(s Node) structs.Node { t.TaggedAddresses = s.TaggedAddresses t.Meta = s.Meta t.RaftIndex = RaftIndexToStructs(s.RaftIndex) - return t } -func NewNodeFromStructs(t structs.Node) Node { - var s Node - s.ID = t.ID +func NodeFromStructs(t *structs.Node, s *Node) { + if s == nil { + return + } + s.ID = string(t.ID) s.Node = t.Node s.Address = t.Address s.Datacenter = t.Datacenter @@ -26,11 +29,12 @@ func NewNodeFromStructs(t structs.Node) Node { s.TaggedAddresses = t.TaggedAddresses s.Meta = t.Meta s.RaftIndex = NewRaftIndexFromStructs(t.RaftIndex) - return s } -func NodeServiceToStructs(s NodeService) structs.NodeService { - var t structs.NodeService - t.Kind = s.Kind +func NodeServiceToStructs(s *NodeService, t *structs.NodeService) { + if s == nil { + return + } + t.Kind = structs.ServiceKind(s.Kind) t.ID = s.ID t.Service = s.Service t.Tags = s.Tags @@ -41,16 +45,21 @@ func NodeServiceToStructs(s NodeService) structs.NodeService { t.SocketPath = s.SocketPath t.Weights = WeightsPtrToStructs(s.Weights) t.EnableTagOverride = s.EnableTagOverride - t.Proxy = ConnectProxyConfigToStructs(s.Proxy) - t.Connect = ServiceConnectToStructs(s.Connect) + if s.Proxy != nil { + ConnectProxyConfigToStructs(s.Proxy, &t.Proxy) + } + if s.Connect != nil { + ServiceConnectToStructs(s.Connect, &t.Connect) + } t.LocallyRegisteredAsSidecar = s.LocallyRegisteredAsSidecar t.EnterpriseMeta = EnterpriseMetaToStructs(s.EnterpriseMeta) t.RaftIndex = RaftIndexToStructs(s.RaftIndex) - return t } -func NewNodeServiceFromStructs(t structs.NodeService) NodeService { - var s NodeService - s.Kind = t.Kind +func NodeServiceFromStructs(t *structs.NodeService, s *NodeService) { + if s == nil { + return + } + s.Kind = string(t.Kind) s.ID = t.ID s.Service = t.Service s.Tags = t.Tags @@ -61,10 +70,17 @@ func NewNodeServiceFromStructs(t structs.NodeService) NodeService { s.SocketPath = t.SocketPath s.Weights = NewWeightsPtrFromStructs(t.Weights) s.EnableTagOverride = t.EnableTagOverride - s.Proxy = NewConnectProxyConfigFromStructs(t.Proxy) - s.Connect = NewServiceConnectFromStructs(t.Connect) + { + var x ConnectProxyConfig + ConnectProxyConfigFromStructs(&t.Proxy, &x) + s.Proxy = &x + } + { + var x ServiceConnect + ServiceConnectFromStructs(&t.Connect, &x) + s.Connect = &x + } s.LocallyRegisteredAsSidecar = t.LocallyRegisteredAsSidecar s.EnterpriseMeta = NewEnterpriseMetaFromStructs(t.EnterpriseMeta) s.RaftIndex = NewRaftIndexFromStructs(t.RaftIndex) - return s } diff --git a/proto/pbservice/node.pb.go b/proto/pbservice/node.pb.go index a93dc6da1..556f37d57 100644 --- a/proto/pbservice/node.pb.go +++ b/proto/pbservice/node.pb.go @@ -1,18 +1,13 @@ -// Code generated by protoc-gen-gogo. DO NOT EDIT. +// Code generated by protoc-gen-go. DO NOT EDIT. // source: proto/pbservice/node.proto package pbservice import ( fmt "fmt" - _ "github.com/gogo/protobuf/gogoproto" proto "github.com/golang/protobuf/proto" - github_com_hashicorp_consul_agent_structs "github.com/hashicorp/consul/agent/structs" - pbcommongogo "github.com/hashicorp/consul/proto/pbcommongogo" - github_com_hashicorp_consul_types "github.com/hashicorp/consul/types" - io "io" + pbcommon "github.com/hashicorp/consul/proto/pbcommon" math "math" - math_bits "math/bits" ) // Reference imports to suppress errors if they are not otherwise used. @@ -29,9 +24,12 @@ const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package // CheckServiceNode is used to provide the node, its service // definition, as well as a HealthCheck that is associated. type CheckServiceNode struct { - Node *Node `protobuf:"bytes,1,opt,name=Node,proto3" json:"Node,omitempty"` - Service *NodeService `protobuf:"bytes,2,opt,name=Service,proto3" json:"Service,omitempty"` - Checks []*HealthCheck `protobuf:"bytes,3,rep,name=Checks,proto3" json:"Checks,omitempty"` + Node *Node `protobuf:"bytes,1,opt,name=Node,proto3" json:"Node,omitempty"` + Service *NodeService `protobuf:"bytes,2,opt,name=Service,proto3" json:"Service,omitempty"` + Checks []*HealthCheck `protobuf:"bytes,3,rep,name=Checks,proto3" json:"Checks,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *CheckServiceNode) Reset() { *m = CheckServiceNode{} } @@ -40,26 +38,18 @@ func (*CheckServiceNode) ProtoMessage() {} func (*CheckServiceNode) Descriptor() ([]byte, []int) { return fileDescriptor_bbc215b78fa95fe5, []int{0} } + func (m *CheckServiceNode) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) + return xxx_messageInfo_CheckServiceNode.Unmarshal(m, b) } func (m *CheckServiceNode) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_CheckServiceNode.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil - } + return xxx_messageInfo_CheckServiceNode.Marshal(b, m, deterministic) } func (m *CheckServiceNode) XXX_Merge(src proto.Message) { xxx_messageInfo_CheckServiceNode.Merge(m, src) } func (m *CheckServiceNode) XXX_Size() int { - return m.Size() + return xxx_messageInfo_CheckServiceNode.Size(m) } func (m *CheckServiceNode) XXX_DiscardUnknown() { xxx_messageInfo_CheckServiceNode.DiscardUnknown(m) @@ -67,6 +57,27 @@ func (m *CheckServiceNode) XXX_DiscardUnknown() { var xxx_messageInfo_CheckServiceNode proto.InternalMessageInfo +func (m *CheckServiceNode) GetNode() *Node { + if m != nil { + return m.Node + } + return nil +} + +func (m *CheckServiceNode) GetService() *NodeService { + if m != nil { + return m.Service + } + return nil +} + +func (m *CheckServiceNode) GetChecks() []*HealthCheck { + if m != nil { + return m.Checks + } + return nil +} + // Node contains information about a node. // // mog annotation: @@ -75,15 +86,19 @@ var xxx_messageInfo_CheckServiceNode proto.InternalMessageInfo // output=node.gen.go // name=Structs type Node struct { - ID github_com_hashicorp_consul_types.NodeID `protobuf:"bytes,1,opt,name=ID,proto3,casttype=github.com/hashicorp/consul/types.NodeID" json:"ID,omitempty"` - Node string `protobuf:"bytes,2,opt,name=Node,proto3" json:"Node,omitempty"` - Partition string `protobuf:"bytes,8,opt,name=Partition,proto3" json:"Partition,omitempty"` - Address string `protobuf:"bytes,3,opt,name=Address,proto3" json:"Address,omitempty"` - Datacenter string `protobuf:"bytes,4,opt,name=Datacenter,proto3" json:"Datacenter,omitempty"` - TaggedAddresses map[string]string `protobuf:"bytes,5,rep,name=TaggedAddresses,proto3" json:"TaggedAddresses,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - Meta map[string]string `protobuf:"bytes,6,rep,name=Meta,proto3" json:"Meta,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + // mog: func-to=NodeIDType func-from=string + ID string `protobuf:"bytes,1,opt,name=ID,proto3" json:"ID,omitempty"` + Node string `protobuf:"bytes,2,opt,name=Node,proto3" json:"Node,omitempty"` + Partition string `protobuf:"bytes,8,opt,name=Partition,proto3" json:"Partition,omitempty"` + Address string `protobuf:"bytes,3,opt,name=Address,proto3" json:"Address,omitempty"` + Datacenter string `protobuf:"bytes,4,opt,name=Datacenter,proto3" json:"Datacenter,omitempty"` + TaggedAddresses map[string]string `protobuf:"bytes,5,rep,name=TaggedAddresses,proto3" json:"TaggedAddresses,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + Meta map[string]string `protobuf:"bytes,6,rep,name=Meta,proto3" json:"Meta,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` // mog: func-to=RaftIndexToStructs func-from=NewRaftIndexFromStructs - pbcommongogo.RaftIndex `protobuf:"bytes,7,opt,name=RaftIndex,proto3,embedded=RaftIndex" json:"RaftIndex"` + RaftIndex *pbcommon.RaftIndex `protobuf:"bytes,7,opt,name=RaftIndex,proto3" json:"RaftIndex,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *Node) Reset() { *m = Node{} } @@ -92,26 +107,18 @@ func (*Node) ProtoMessage() {} func (*Node) Descriptor() ([]byte, []int) { return fileDescriptor_bbc215b78fa95fe5, []int{1} } + func (m *Node) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) + return xxx_messageInfo_Node.Unmarshal(m, b) } func (m *Node) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_Node.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil - } + return xxx_messageInfo_Node.Marshal(b, m, deterministic) } func (m *Node) XXX_Merge(src proto.Message) { xxx_messageInfo_Node.Merge(m, src) } func (m *Node) XXX_Size() int { - return m.Size() + return xxx_messageInfo_Node.Size(m) } func (m *Node) XXX_DiscardUnknown() { xxx_messageInfo_Node.DiscardUnknown(m) @@ -119,6 +126,62 @@ func (m *Node) XXX_DiscardUnknown() { var xxx_messageInfo_Node proto.InternalMessageInfo +func (m *Node) GetID() string { + if m != nil { + return m.ID + } + return "" +} + +func (m *Node) GetNode() string { + if m != nil { + return m.Node + } + return "" +} + +func (m *Node) GetPartition() string { + if m != nil { + return m.Partition + } + return "" +} + +func (m *Node) GetAddress() string { + if m != nil { + return m.Address + } + return "" +} + +func (m *Node) GetDatacenter() string { + if m != nil { + return m.Datacenter + } + return "" +} + +func (m *Node) GetTaggedAddresses() map[string]string { + if m != nil { + return m.TaggedAddresses + } + return nil +} + +func (m *Node) GetMeta() map[string]string { + if m != nil { + return m.Meta + } + return nil +} + +func (m *Node) GetRaftIndex() *pbcommon.RaftIndex { + if m != nil { + return m.RaftIndex + } + return nil +} + // NodeService is a service provided by a node // // mog annotation: @@ -130,14 +193,15 @@ type NodeService struct { // Kind is the kind of service this is. Different kinds of services may // have differing validation, DNS behavior, etc. An empty kind will default // to the Default kind. See ServiceKind for the full list of kinds. - Kind github_com_hashicorp_consul_agent_structs.ServiceKind `protobuf:"bytes,1,opt,name=Kind,proto3,casttype=github.com/hashicorp/consul/agent/structs.ServiceKind" json:"Kind,omitempty"` - ID string `protobuf:"bytes,2,opt,name=ID,proto3" json:"ID,omitempty"` - Service string `protobuf:"bytes,3,opt,name=Service,proto3" json:"Service,omitempty"` - Tags []string `protobuf:"bytes,4,rep,name=Tags,proto3" json:"Tags,omitempty"` - Address string `protobuf:"bytes,5,opt,name=Address,proto3" json:"Address,omitempty"` + // mog: func-to=structs.ServiceKind func-from=string + Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"Kind,omitempty"` + ID string `protobuf:"bytes,2,opt,name=ID,proto3" json:"ID,omitempty"` + Service string `protobuf:"bytes,3,opt,name=Service,proto3" json:"Service,omitempty"` + Tags []string `protobuf:"bytes,4,rep,name=Tags,proto3" json:"Tags,omitempty"` + Address string `protobuf:"bytes,5,opt,name=Address,proto3" json:"Address,omitempty"` // mog: func-to=MapStringServiceAddressToStructs func-from=NewMapStringServiceAddressFromStructs - TaggedAddresses map[string]ServiceAddress `protobuf:"bytes,15,rep,name=TaggedAddresses,proto3" json:"TaggedAddresses" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - Meta map[string]string `protobuf:"bytes,6,rep,name=Meta,proto3" json:"Meta,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + TaggedAddresses map[string]*ServiceAddress `protobuf:"bytes,15,rep,name=TaggedAddresses,proto3" json:"TaggedAddresses,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + Meta map[string]string `protobuf:"bytes,6,rep,name=Meta,proto3" json:"Meta,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` // mog: func-to=int func-from=int32 Port int32 `protobuf:"varint,7,opt,name=Port,proto3" json:"Port,omitempty"` SocketPath string `protobuf:"bytes,17,opt,name=SocketPath,proto3" json:"SocketPath,omitempty"` @@ -154,10 +218,10 @@ type NodeService struct { // in the other case. ProxyConfig may be a more natural name here, but it's // confusing for the UX because one of the fields in ConnectProxyConfig is // also called just "Config" - Proxy ConnectProxyConfig `protobuf:"bytes,11,opt,name=Proxy,proto3" json:"Proxy"` + Proxy *ConnectProxyConfig `protobuf:"bytes,11,opt,name=Proxy,proto3" json:"Proxy,omitempty"` // Connect are the Connect settings for a service. This is purposely NOT // a pointer so that we never have to nil-check this. - Connect ServiceConnect `protobuf:"bytes,12,opt,name=Connect,proto3" json:"Connect"` + Connect *ServiceConnect `protobuf:"bytes,12,opt,name=Connect,proto3" json:"Connect,omitempty"` // LocallyRegisteredAsSidecar is private as it is only used by a local agent // state to track if the service was registered from a nested sidecar_service // block. We need to track that so we can know whether we need to deregister @@ -177,9 +241,12 @@ type NodeService struct { // somewhere this is used in API output. LocallyRegisteredAsSidecar bool `protobuf:"varint,13,opt,name=LocallyRegisteredAsSidecar,proto3" json:"LocallyRegisteredAsSidecar,omitempty"` // mog: func-to=EnterpriseMetaToStructs func-from=NewEnterpriseMetaFromStructs - EnterpriseMeta pbcommongogo.EnterpriseMeta `protobuf:"bytes,16,opt,name=EnterpriseMeta,proto3" json:"EnterpriseMeta"` + EnterpriseMeta *pbcommon.EnterpriseMeta `protobuf:"bytes,16,opt,name=EnterpriseMeta,proto3" json:"EnterpriseMeta,omitempty"` // mog: func-to=RaftIndexToStructs func-from=NewRaftIndexFromStructs - pbcommongogo.RaftIndex `protobuf:"bytes,14,opt,name=RaftIndex,proto3,embedded=RaftIndex" json:"RaftIndex"` + RaftIndex *pbcommon.RaftIndex `protobuf:"bytes,14,opt,name=RaftIndex,proto3" json:"RaftIndex,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *NodeService) Reset() { *m = NodeService{} } @@ -188,26 +255,18 @@ func (*NodeService) ProtoMessage() {} func (*NodeService) Descriptor() ([]byte, []int) { return fileDescriptor_bbc215b78fa95fe5, []int{2} } + func (m *NodeService) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) + return xxx_messageInfo_NodeService.Unmarshal(m, b) } func (m *NodeService) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_NodeService.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil - } + return xxx_messageInfo_NodeService.Marshal(b, m, deterministic) } func (m *NodeService) XXX_Merge(src proto.Message) { xxx_messageInfo_NodeService.Merge(m, src) } func (m *NodeService) XXX_Size() int { - return m.Size() + return xxx_messageInfo_NodeService.Size(m) } func (m *NodeService) XXX_DiscardUnknown() { xxx_messageInfo_NodeService.DiscardUnknown(m) @@ -215,6 +274,118 @@ func (m *NodeService) XXX_DiscardUnknown() { var xxx_messageInfo_NodeService proto.InternalMessageInfo +func (m *NodeService) GetKind() string { + if m != nil { + return m.Kind + } + return "" +} + +func (m *NodeService) GetID() string { + if m != nil { + return m.ID + } + return "" +} + +func (m *NodeService) GetService() string { + if m != nil { + return m.Service + } + return "" +} + +func (m *NodeService) GetTags() []string { + if m != nil { + return m.Tags + } + return nil +} + +func (m *NodeService) GetAddress() string { + if m != nil { + return m.Address + } + return "" +} + +func (m *NodeService) GetTaggedAddresses() map[string]*ServiceAddress { + if m != nil { + return m.TaggedAddresses + } + return nil +} + +func (m *NodeService) GetMeta() map[string]string { + if m != nil { + return m.Meta + } + return nil +} + +func (m *NodeService) GetPort() int32 { + if m != nil { + return m.Port + } + return 0 +} + +func (m *NodeService) GetSocketPath() string { + if m != nil { + return m.SocketPath + } + return "" +} + +func (m *NodeService) GetWeights() *Weights { + if m != nil { + return m.Weights + } + return nil +} + +func (m *NodeService) GetEnableTagOverride() bool { + if m != nil { + return m.EnableTagOverride + } + return false +} + +func (m *NodeService) GetProxy() *ConnectProxyConfig { + if m != nil { + return m.Proxy + } + return nil +} + +func (m *NodeService) GetConnect() *ServiceConnect { + if m != nil { + return m.Connect + } + return nil +} + +func (m *NodeService) GetLocallyRegisteredAsSidecar() bool { + if m != nil { + return m.LocallyRegisteredAsSidecar + } + return false +} + +func (m *NodeService) GetEnterpriseMeta() *pbcommon.EnterpriseMeta { + if m != nil { + return m.EnterpriseMeta + } + return nil +} + +func (m *NodeService) GetRaftIndex() *pbcommon.RaftIndex { + if m != nil { + return m.RaftIndex + } + return nil +} + func init() { proto.RegisterType((*CheckServiceNode)(nil), "pbservice.CheckServiceNode") proto.RegisterType((*Node)(nil), "pbservice.Node") @@ -222,2041 +393,54 @@ func init() { proto.RegisterMapType((map[string]string)(nil), "pbservice.Node.TaggedAddressesEntry") proto.RegisterType((*NodeService)(nil), "pbservice.NodeService") proto.RegisterMapType((map[string]string)(nil), "pbservice.NodeService.MetaEntry") - proto.RegisterMapType((map[string]ServiceAddress)(nil), "pbservice.NodeService.TaggedAddressesEntry") + proto.RegisterMapType((map[string]*ServiceAddress)(nil), "pbservice.NodeService.TaggedAddressesEntry") } -func init() { proto.RegisterFile("proto/pbservice/node.proto", fileDescriptor_bbc215b78fa95fe5) } +func init() { + proto.RegisterFile("proto/pbservice/node.proto", fileDescriptor_bbc215b78fa95fe5) +} var fileDescriptor_bbc215b78fa95fe5 = []byte{ - // 777 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x55, 0xcd, 0x6e, 0xd3, 0x4a, - 0x14, 0x8e, 0x13, 0xa7, 0x69, 0x26, 0xf7, 0xf6, 0x67, 0xd4, 0x7b, 0x35, 0x37, 0xba, 0x75, 0x42, - 0x61, 0x51, 0xa9, 0xc5, 0x46, 0x05, 0x04, 0x45, 0x80, 0xd4, 0x34, 0x95, 0x1a, 0x41, 0x4b, 0xe4, - 0x56, 0x42, 0x02, 0xb1, 0x98, 0xd8, 0x53, 0xdb, 0x6a, 0xea, 0x89, 0xc6, 0x93, 0xaa, 0x79, 0x0b, - 0x96, 0xf0, 0x12, 0x3c, 0x47, 0x97, 0x5d, 0xb2, 0x8a, 0xa0, 0x59, 0xf2, 0x06, 0x5d, 0xa1, 0x19, - 0x4f, 0x12, 0xc7, 0x0d, 0x15, 0x95, 0x58, 0xe5, 0xf8, 0x9c, 0xef, 0x7c, 0x73, 0x66, 0xbe, 0xef, - 0x28, 0xa0, 0xdc, 0x61, 0x94, 0x53, 0xab, 0xd3, 0x8a, 0x08, 0x3b, 0x0d, 0x1c, 0x62, 0x85, 0xd4, - 0x25, 0xa6, 0x4c, 0xc2, 0xe2, 0x28, 0x5b, 0xae, 0x0c, 0x61, 0x0e, 0x3d, 0x39, 0xa1, 0xa1, 0x47, - 0x3d, 0x6a, 0xc5, 0x61, 0x8c, 0x2d, 0xdf, 0x49, 0xf3, 0xf8, 0x04, 0xb7, 0xb9, 0xef, 0xf8, 0xc4, - 0x39, 0x56, 0x90, 0xe5, 0x34, 0x44, 0xfd, 0xaa, 0xf2, 0x92, 0x20, 0x8d, 0x21, 0x22, 0x8a, 0xb3, - 0x2b, 0x9f, 0x35, 0xb0, 0xb0, 0x2d, 0x48, 0x0e, 0x62, 0xf0, 0x3e, 0x75, 0x09, 0xbc, 0x0b, 0x74, - 0xf1, 0x8b, 0xb4, 0xaa, 0xb6, 0x5a, 0xda, 0x98, 0x37, 0x47, 0x94, 0xa6, 0x48, 0xdb, 0xb2, 0x08, - 0x1f, 0x80, 0x82, 0xea, 0x41, 0x59, 0x89, 0xfb, 0x37, 0x85, 0x53, 0x55, 0x7b, 0x08, 0x83, 0x26, - 0x98, 0x91, 0x47, 0x45, 0x28, 0x57, 0xcd, 0xa5, 0x1a, 0x76, 0xe5, 0x75, 0x64, 0xd9, 0x56, 0xa8, - 0x95, 0x1f, 0xb9, 0x78, 0x0e, 0xf8, 0x1c, 0x64, 0x1b, 0x75, 0x39, 0x4d, 0xb1, 0xb6, 0x7e, 0xd5, - 0xaf, 0xac, 0x7a, 0x01, 0xf7, 0xbb, 0x2d, 0xd3, 0xa1, 0x27, 0x96, 0x8f, 0x23, 0x3f, 0x70, 0x28, - 0xeb, 0x58, 0x0e, 0x0d, 0xa3, 0x6e, 0xdb, 0xe2, 0xbd, 0x0e, 0x89, 0xe4, 0x00, 0x8d, 0xba, 0x9d, - 0x6d, 0xd4, 0x21, 0x54, 0xb7, 0x11, 0x53, 0x16, 0xd5, 0xf0, 0xff, 0x83, 0x62, 0x13, 0x33, 0x1e, - 0xf0, 0x80, 0x86, 0x68, 0x56, 0x16, 0xc6, 0x09, 0x88, 0x40, 0x61, 0xcb, 0x75, 0x19, 0x89, 0xc4, - 0xa4, 0xa2, 0x36, 0xfc, 0x84, 0x06, 0x00, 0x75, 0xcc, 0xb1, 0x43, 0x42, 0x4e, 0x18, 0xd2, 0x65, - 0x31, 0x91, 0x81, 0xfb, 0x60, 0xfe, 0x10, 0x7b, 0x1e, 0x71, 0x55, 0x03, 0x89, 0x50, 0x5e, 0xde, - 0xf5, 0x5e, 0xea, 0x71, 0xcc, 0x14, 0x6c, 0x27, 0xe4, 0xac, 0x67, 0xa7, 0x9b, 0xe1, 0x7d, 0xa0, - 0xef, 0x11, 0x8e, 0xd1, 0x8c, 0x24, 0xf9, 0x2f, 0x4d, 0x22, 0x6a, 0x71, 0xa7, 0x84, 0xc1, 0x17, - 0xa0, 0x68, 0xe3, 0x23, 0xde, 0x08, 0x5d, 0x72, 0x86, 0x0a, 0x52, 0x95, 0x7f, 0xcc, 0xb1, 0xa5, - 0xcc, 0x51, 0xb1, 0x36, 0x7b, 0xde, 0xaf, 0x64, 0x2e, 0xfa, 0x15, 0xcd, 0x1e, 0x77, 0x94, 0x6b, - 0x60, 0x69, 0xda, 0x58, 0x70, 0x01, 0xe4, 0x8e, 0x49, 0x2f, 0x16, 0xc0, 0x16, 0x21, 0x5c, 0x02, - 0xf9, 0x53, 0xdc, 0xee, 0x0e, 0x1f, 0x35, 0xfe, 0x78, 0x96, 0x7d, 0xaa, 0x95, 0x9f, 0x80, 0xe2, - 0x68, 0xaa, 0xdb, 0x34, 0xae, 0x7c, 0x29, 0x80, 0x52, 0xc2, 0x36, 0x70, 0x0f, 0xe8, 0xaf, 0x82, - 0xd0, 0x55, 0xb2, 0x6f, 0x5e, 0xf5, 0x2b, 0x8f, 0x6f, 0x92, 0x1d, 0x7b, 0x24, 0xe4, 0x56, 0xc4, - 0x59, 0xd7, 0xe1, 0x91, 0xa9, 0x48, 0x04, 0x81, 0x2d, 0x69, 0xe0, 0x9c, 0xf4, 0x50, 0x7c, 0xaa, - 0x70, 0x05, 0x1a, 0xdb, 0x57, 0x69, 0x3c, 0x3c, 0x18, 0x02, 0xfd, 0x10, 0x7b, 0x11, 0xd2, 0xab, - 0x39, 0xe1, 0x17, 0x11, 0x27, 0x1d, 0x91, 0x9f, 0x74, 0xc4, 0xfb, 0xeb, 0x8a, 0xcf, 0x4b, 0xb1, - 0xd6, 0xa6, 0xaf, 0xc3, 0x54, 0xe1, 0x6b, 0xba, 0x90, 0xe3, 0xba, 0xfc, 0x8f, 0x26, 0xe4, 0xaf, - 0xfe, 0x82, 0x31, 0xed, 0x02, 0x08, 0xf4, 0x26, 0x65, 0x5c, 0x1a, 0x20, 0x6f, 0xcb, 0x58, 0x18, - 0xf7, 0x80, 0x3a, 0xc7, 0x84, 0x37, 0x31, 0xf7, 0xd1, 0x62, 0x6c, 0xdc, 0x71, 0x06, 0xae, 0x83, - 0xc2, 0x5b, 0x12, 0x78, 0x3e, 0x8f, 0xe4, 0x3a, 0x94, 0x36, 0x60, 0xe2, 0x30, 0x55, 0xb1, 0x87, - 0x10, 0xb8, 0x0e, 0x16, 0x77, 0x42, 0xdc, 0x6a, 0x93, 0x43, 0xec, 0xbd, 0x39, 0x25, 0x8c, 0x05, - 0x2e, 0x41, 0xc5, 0xaa, 0xb6, 0x3a, 0x6b, 0x5f, 0x2f, 0xc0, 0x4d, 0x90, 0x6f, 0x32, 0x7a, 0xd6, - 0x43, 0x25, 0xc9, 0xbc, 0x9c, 0x60, 0xde, 0xa6, 0x61, 0x48, 0x1c, 0x2e, 0xcb, 0xdb, 0x34, 0x3c, - 0x0a, 0x3c, 0xf5, 0x14, 0x71, 0x07, 0xdc, 0x04, 0x05, 0x05, 0x41, 0x7f, 0xc9, 0xe6, 0xe4, 0x0a, - 0xa8, 0xfb, 0x2b, 0x80, 0x6a, 0x1c, 0xe2, 0xe1, 0x4b, 0x50, 0x7e, 0x4d, 0x1d, 0xdc, 0x6e, 0xf7, - 0x6c, 0xe2, 0x05, 0x11, 0x27, 0x8c, 0xb8, 0x5b, 0xd1, 0x41, 0xe0, 0x12, 0x07, 0x33, 0xf4, 0xb7, - 0x1c, 0xf6, 0x06, 0x04, 0xdc, 0x05, 0x73, 0x3b, 0x62, 0xa7, 0x3b, 0x2c, 0x88, 0x88, 0x54, 0x61, - 0x41, 0x4e, 0x50, 0x4e, 0x2e, 0xd4, 0x24, 0x42, 0x8d, 0x90, 0xea, 0x9b, 0xdc, 0xca, 0xb9, 0x5b, - 0x6f, 0xe5, 0x87, 0xdf, 0xde, 0x4a, 0x2b, 0xb9, 0x5c, 0x53, 0xdf, 0x4a, 0x51, 0xfc, 0x89, 0x85, - 0xad, 0xed, 0x9d, 0x7f, 0x37, 0x32, 0xe7, 0x97, 0x86, 0x76, 0x71, 0x69, 0x68, 0xdf, 0x2e, 0x0d, - 0xed, 0xe3, 0xc0, 0xc8, 0x7c, 0x1a, 0x18, 0x99, 0x8b, 0x81, 0x91, 0xf9, 0x3a, 0x30, 0x32, 0xef, - 0xd6, 0x6e, 0x5a, 0xd8, 0xd4, 0xbf, 0x55, 0x6b, 0x46, 0x26, 0x1e, 0xfe, 0x0c, 0x00, 0x00, 0xff, - 0xff, 0xf9, 0x3e, 0x1b, 0x2c, 0x32, 0x07, 0x00, 0x00, + // 646 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x54, 0xdb, 0x6e, 0xd3, 0x40, + 0x10, 0x55, 0xee, 0xcd, 0x04, 0x7a, 0x59, 0x55, 0x68, 0x09, 0x14, 0x85, 0xc2, 0x43, 0xa5, 0xb6, + 0x31, 0x6a, 0x91, 0x40, 0x3c, 0x54, 0xea, 0x4d, 0xa2, 0x02, 0x4a, 0xb4, 0x2d, 0x42, 0x42, 0xe2, + 0x61, 0x63, 0x4f, 0x6d, 0xab, 0xa9, 0x37, 0x5a, 0x6f, 0xab, 0xe6, 0x53, 0xf8, 0x0a, 0xbe, 0x83, + 0xbf, 0x42, 0x3b, 0xde, 0x24, 0x8e, 0x5b, 0x50, 0x90, 0x78, 0xf2, 0x7a, 0xce, 0x39, 0xb3, 0xe3, + 0x39, 0x33, 0x86, 0xf6, 0x50, 0x2b, 0xa3, 0xbc, 0x61, 0x3f, 0x45, 0x7d, 0x13, 0xfb, 0xe8, 0x25, + 0x2a, 0xc0, 0x2e, 0x05, 0x59, 0x73, 0x12, 0x6d, 0x3f, 0x19, 0xd3, 0x7c, 0x75, 0x75, 0xa5, 0x12, + 0x2f, 0x7b, 0x64, 0xbc, 0xf6, 0xf3, 0x62, 0x8e, 0x08, 0xe5, 0xc0, 0x44, 0x7e, 0x84, 0xfe, 0xa5, + 0xa3, 0xac, 0x15, 0x29, 0xee, 0x99, 0xc1, 0xeb, 0x3f, 0x4a, 0xb0, 0x7c, 0x68, 0xe9, 0x67, 0x59, + 0xf8, 0x54, 0x05, 0xc8, 0x5e, 0x40, 0xd5, 0x3e, 0x79, 0xa9, 0x53, 0xda, 0x68, 0xed, 0x2c, 0x75, + 0x27, 0xe2, 0xae, 0x0d, 0x0b, 0x02, 0xd9, 0x2b, 0x68, 0x38, 0x0d, 0x2f, 0x13, 0xef, 0x51, 0x81, + 0xe7, 0x50, 0x31, 0xa6, 0xb1, 0x2e, 0xd4, 0xe9, 0xaa, 0x94, 0x57, 0x3a, 0x95, 0x82, 0xe0, 0x3d, + 0x15, 0x4e, 0xb0, 0x70, 0xac, 0xf5, 0x9f, 0x95, 0xac, 0x0e, 0xb6, 0x08, 0xe5, 0x93, 0x23, 0xaa, + 0xa6, 0x29, 0xca, 0x27, 0x47, 0x8c, 0xb9, 0xfa, 0xca, 0x14, 0xc9, 0x38, 0x4f, 0xa1, 0xd9, 0x93, + 0xda, 0xc4, 0x26, 0x56, 0x09, 0x5f, 0x20, 0x60, 0x1a, 0x60, 0x1c, 0x1a, 0xfb, 0x41, 0xa0, 0x31, + 0xb5, 0x77, 0x5b, 0x6c, 0xfc, 0xca, 0x9e, 0x01, 0x1c, 0x49, 0x23, 0x7d, 0x4c, 0x0c, 0x6a, 0x5e, + 0x25, 0x30, 0x17, 0x61, 0xa7, 0xb0, 0x74, 0x2e, 0xc3, 0x10, 0x03, 0x27, 0xc0, 0x94, 0xd7, 0xa8, + 0xfa, 0x97, 0x85, 0xcf, 0xed, 0x16, 0x68, 0xc7, 0x89, 0xd1, 0x23, 0x51, 0x14, 0xb3, 0x6d, 0xa8, + 0x7e, 0x42, 0x23, 0x79, 0x9d, 0x92, 0x3c, 0x2e, 0x26, 0xb1, 0x58, 0xa6, 0x24, 0x1a, 0xf3, 0xa0, + 0x29, 0xe4, 0x85, 0x39, 0x49, 0x02, 0xbc, 0xe5, 0x0d, 0xea, 0xf3, 0x4a, 0xd7, 0xcd, 0xc0, 0x04, + 0x10, 0x53, 0x4e, 0xfb, 0x00, 0x56, 0xef, 0x2b, 0x84, 0x2d, 0x43, 0xe5, 0x12, 0x47, 0xae, 0x89, + 0xf6, 0xc8, 0x56, 0xa1, 0x76, 0x23, 0x07, 0xd7, 0xe3, 0x36, 0x66, 0x2f, 0xef, 0xca, 0x6f, 0x4b, + 0xed, 0x37, 0xd0, 0x9c, 0xd4, 0xf1, 0x2f, 0xc2, 0xf5, 0x5f, 0x75, 0x68, 0xe5, 0xac, 0xb7, 0x46, + 0x7d, 0x88, 0x93, 0xc0, 0x89, 0xe9, 0xec, 0xcc, 0x2c, 0x4f, 0xcc, 0xe4, 0xd3, 0x39, 0x72, 0xd6, + 0xe4, 0xd4, 0xe7, 0x32, 0x4c, 0x79, 0xb5, 0x53, 0xb1, 0x6a, 0x7b, 0xce, 0x1b, 0x59, 0x9b, 0x35, + 0xf2, 0xcb, 0x5d, 0xa3, 0x96, 0xa8, 0xc7, 0x9b, 0xf7, 0xcf, 0xe5, 0x9c, 0x7e, 0xbd, 0x9e, 0xf1, + 0xab, 0xf3, 0x87, 0x5c, 0x45, 0xdb, 0x18, 0x54, 0x7b, 0x4a, 0x1b, 0x72, 0xac, 0x26, 0xe8, 0x6c, + 0x27, 0xed, 0x4c, 0xf9, 0x97, 0x68, 0x7a, 0xd2, 0x44, 0x7c, 0x25, 0x9b, 0xb4, 0x69, 0x84, 0x6d, + 0x41, 0xe3, 0x2b, 0xc6, 0x61, 0x64, 0x52, 0x9a, 0xdf, 0xd6, 0x0e, 0xcb, 0x5d, 0xe6, 0x10, 0x31, + 0xa6, 0xb0, 0x2d, 0x58, 0x39, 0x4e, 0x64, 0x7f, 0x80, 0xe7, 0x32, 0xfc, 0x7c, 0x83, 0x5a, 0xc7, + 0x01, 0xf2, 0x66, 0xa7, 0xb4, 0xb1, 0x20, 0xee, 0x02, 0x6c, 0x17, 0x6a, 0x3d, 0xad, 0x6e, 0x47, + 0xbc, 0x45, 0x99, 0xd7, 0x72, 0x99, 0x0f, 0x55, 0x92, 0xa0, 0x6f, 0x08, 0x3e, 0x54, 0xc9, 0x45, + 0x1c, 0x8a, 0x8c, 0xcb, 0x76, 0xa1, 0xe1, 0x40, 0xfe, 0x80, 0x64, 0xf9, 0x69, 0x75, 0x5f, 0xee, + 0x08, 0x62, 0xcc, 0x64, 0x7b, 0xd0, 0xfe, 0xa8, 0x7c, 0x39, 0x18, 0x8c, 0x04, 0x86, 0x71, 0x6a, + 0x50, 0x63, 0xb0, 0x9f, 0x9e, 0xc5, 0x01, 0xfa, 0x52, 0xf3, 0x87, 0x54, 0xe0, 0x5f, 0x18, 0x6c, + 0x0f, 0x16, 0x8f, 0xed, 0xe2, 0x0d, 0x75, 0x9c, 0x22, 0x75, 0x7e, 0xd9, 0xfd, 0x5d, 0xdc, 0xd4, + 0xcf, 0xa2, 0xa2, 0xc0, 0x9e, 0x5d, 0x98, 0xc5, 0x39, 0x16, 0xe6, 0xfb, 0xdc, 0x0b, 0xe3, 0xe5, + 0xe7, 0xfe, 0xde, 0x6e, 0xb8, 0x14, 0xff, 0x63, 0x97, 0x0e, 0xb6, 0xbf, 0x6d, 0x86, 0xb1, 0x89, + 0xae, 0xfb, 0xb6, 0x7a, 0x2f, 0x92, 0x69, 0x14, 0xfb, 0x4a, 0x0f, 0x3d, 0x5f, 0x25, 0xe9, 0xf5, + 0xc0, 0x2b, 0xfc, 0xd6, 0xfb, 0x75, 0x0a, 0xec, 0xfe, 0x0e, 0x00, 0x00, 0xff, 0xff, 0xf7, 0x69, + 0xf0, 0xb9, 0x57, 0x06, 0x00, 0x00, } - -func (m *CheckServiceNode) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *CheckServiceNode) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *CheckServiceNode) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if len(m.Checks) > 0 { - for iNdEx := len(m.Checks) - 1; iNdEx >= 0; iNdEx-- { - { - size, err := m.Checks[iNdEx].MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintNode(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x1a - } - } - if m.Service != nil { - { - size, err := m.Service.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintNode(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x12 - } - if m.Node != nil { - { - size, err := m.Node.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintNode(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0xa - } - return len(dAtA) - i, nil -} - -func (m *Node) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *Node) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *Node) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if len(m.Partition) > 0 { - i -= len(m.Partition) - copy(dAtA[i:], m.Partition) - i = encodeVarintNode(dAtA, i, uint64(len(m.Partition))) - i-- - dAtA[i] = 0x42 - } - { - size, err := m.RaftIndex.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintNode(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x3a - if len(m.Meta) > 0 { - for k := range m.Meta { - v := m.Meta[k] - baseI := i - i -= len(v) - copy(dAtA[i:], v) - i = encodeVarintNode(dAtA, i, uint64(len(v))) - i-- - dAtA[i] = 0x12 - i -= len(k) - copy(dAtA[i:], k) - i = encodeVarintNode(dAtA, i, uint64(len(k))) - i-- - dAtA[i] = 0xa - i = encodeVarintNode(dAtA, i, uint64(baseI-i)) - i-- - dAtA[i] = 0x32 - } - } - if len(m.TaggedAddresses) > 0 { - for k := range m.TaggedAddresses { - v := m.TaggedAddresses[k] - baseI := i - i -= len(v) - copy(dAtA[i:], v) - i = encodeVarintNode(dAtA, i, uint64(len(v))) - i-- - dAtA[i] = 0x12 - i -= len(k) - copy(dAtA[i:], k) - i = encodeVarintNode(dAtA, i, uint64(len(k))) - i-- - dAtA[i] = 0xa - i = encodeVarintNode(dAtA, i, uint64(baseI-i)) - i-- - dAtA[i] = 0x2a - } - } - if len(m.Datacenter) > 0 { - i -= len(m.Datacenter) - copy(dAtA[i:], m.Datacenter) - i = encodeVarintNode(dAtA, i, uint64(len(m.Datacenter))) - i-- - dAtA[i] = 0x22 - } - if len(m.Address) > 0 { - i -= len(m.Address) - copy(dAtA[i:], m.Address) - i = encodeVarintNode(dAtA, i, uint64(len(m.Address))) - i-- - dAtA[i] = 0x1a - } - if len(m.Node) > 0 { - i -= len(m.Node) - copy(dAtA[i:], m.Node) - i = encodeVarintNode(dAtA, i, uint64(len(m.Node))) - i-- - dAtA[i] = 0x12 - } - if len(m.ID) > 0 { - i -= len(m.ID) - copy(dAtA[i:], m.ID) - i = encodeVarintNode(dAtA, i, uint64(len(m.ID))) - i-- - dAtA[i] = 0xa - } - return len(dAtA) - i, nil -} - -func (m *NodeService) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *NodeService) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *NodeService) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if len(m.SocketPath) > 0 { - i -= len(m.SocketPath) - copy(dAtA[i:], m.SocketPath) - i = encodeVarintNode(dAtA, i, uint64(len(m.SocketPath))) - i-- - dAtA[i] = 0x1 - i-- - dAtA[i] = 0x8a - } - { - size, err := m.EnterpriseMeta.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintNode(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x1 - i-- - dAtA[i] = 0x82 - if len(m.TaggedAddresses) > 0 { - for k := range m.TaggedAddresses { - v := m.TaggedAddresses[k] - baseI := i - { - size, err := (&v).MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintNode(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x12 - i -= len(k) - copy(dAtA[i:], k) - i = encodeVarintNode(dAtA, i, uint64(len(k))) - i-- - dAtA[i] = 0xa - i = encodeVarintNode(dAtA, i, uint64(baseI-i)) - i-- - dAtA[i] = 0x7a - } - } - { - size, err := m.RaftIndex.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintNode(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x72 - if m.LocallyRegisteredAsSidecar { - i-- - if m.LocallyRegisteredAsSidecar { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x68 - } - { - size, err := m.Connect.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintNode(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x62 - { - size, err := m.Proxy.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintNode(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x5a - if m.EnableTagOverride { - i-- - if m.EnableTagOverride { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x48 - } - if m.Weights != nil { - { - size, err := m.Weights.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintNode(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x42 - } - if m.Port != 0 { - i = encodeVarintNode(dAtA, i, uint64(m.Port)) - i-- - dAtA[i] = 0x38 - } - if len(m.Meta) > 0 { - for k := range m.Meta { - v := m.Meta[k] - baseI := i - i -= len(v) - copy(dAtA[i:], v) - i = encodeVarintNode(dAtA, i, uint64(len(v))) - i-- - dAtA[i] = 0x12 - i -= len(k) - copy(dAtA[i:], k) - i = encodeVarintNode(dAtA, i, uint64(len(k))) - i-- - dAtA[i] = 0xa - i = encodeVarintNode(dAtA, i, uint64(baseI-i)) - i-- - dAtA[i] = 0x32 - } - } - if len(m.Address) > 0 { - i -= len(m.Address) - copy(dAtA[i:], m.Address) - i = encodeVarintNode(dAtA, i, uint64(len(m.Address))) - i-- - dAtA[i] = 0x2a - } - if len(m.Tags) > 0 { - for iNdEx := len(m.Tags) - 1; iNdEx >= 0; iNdEx-- { - i -= len(m.Tags[iNdEx]) - copy(dAtA[i:], m.Tags[iNdEx]) - i = encodeVarintNode(dAtA, i, uint64(len(m.Tags[iNdEx]))) - i-- - dAtA[i] = 0x22 - } - } - if len(m.Service) > 0 { - i -= len(m.Service) - copy(dAtA[i:], m.Service) - i = encodeVarintNode(dAtA, i, uint64(len(m.Service))) - i-- - dAtA[i] = 0x1a - } - if len(m.ID) > 0 { - i -= len(m.ID) - copy(dAtA[i:], m.ID) - i = encodeVarintNode(dAtA, i, uint64(len(m.ID))) - i-- - dAtA[i] = 0x12 - } - if len(m.Kind) > 0 { - i -= len(m.Kind) - copy(dAtA[i:], m.Kind) - i = encodeVarintNode(dAtA, i, uint64(len(m.Kind))) - i-- - dAtA[i] = 0xa - } - return len(dAtA) - i, nil -} - -func encodeVarintNode(dAtA []byte, offset int, v uint64) int { - offset -= sovNode(v) - base := offset - for v >= 1<<7 { - dAtA[offset] = uint8(v&0x7f | 0x80) - v >>= 7 - offset++ - } - dAtA[offset] = uint8(v) - return base -} -func (m *CheckServiceNode) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - if m.Node != nil { - l = m.Node.Size() - n += 1 + l + sovNode(uint64(l)) - } - if m.Service != nil { - l = m.Service.Size() - n += 1 + l + sovNode(uint64(l)) - } - if len(m.Checks) > 0 { - for _, e := range m.Checks { - l = e.Size() - n += 1 + l + sovNode(uint64(l)) - } - } - return n -} - -func (m *Node) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.ID) - if l > 0 { - n += 1 + l + sovNode(uint64(l)) - } - l = len(m.Node) - if l > 0 { - n += 1 + l + sovNode(uint64(l)) - } - l = len(m.Address) - if l > 0 { - n += 1 + l + sovNode(uint64(l)) - } - l = len(m.Datacenter) - if l > 0 { - n += 1 + l + sovNode(uint64(l)) - } - if len(m.TaggedAddresses) > 0 { - for k, v := range m.TaggedAddresses { - _ = k - _ = v - mapEntrySize := 1 + len(k) + sovNode(uint64(len(k))) + 1 + len(v) + sovNode(uint64(len(v))) - n += mapEntrySize + 1 + sovNode(uint64(mapEntrySize)) - } - } - if len(m.Meta) > 0 { - for k, v := range m.Meta { - _ = k - _ = v - mapEntrySize := 1 + len(k) + sovNode(uint64(len(k))) + 1 + len(v) + sovNode(uint64(len(v))) - n += mapEntrySize + 1 + sovNode(uint64(mapEntrySize)) - } - } - l = m.RaftIndex.Size() - n += 1 + l + sovNode(uint64(l)) - l = len(m.Partition) - if l > 0 { - n += 1 + l + sovNode(uint64(l)) - } - return n -} - -func (m *NodeService) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.Kind) - if l > 0 { - n += 1 + l + sovNode(uint64(l)) - } - l = len(m.ID) - if l > 0 { - n += 1 + l + sovNode(uint64(l)) - } - l = len(m.Service) - if l > 0 { - n += 1 + l + sovNode(uint64(l)) - } - if len(m.Tags) > 0 { - for _, s := range m.Tags { - l = len(s) - n += 1 + l + sovNode(uint64(l)) - } - } - l = len(m.Address) - if l > 0 { - n += 1 + l + sovNode(uint64(l)) - } - if len(m.Meta) > 0 { - for k, v := range m.Meta { - _ = k - _ = v - mapEntrySize := 1 + len(k) + sovNode(uint64(len(k))) + 1 + len(v) + sovNode(uint64(len(v))) - n += mapEntrySize + 1 + sovNode(uint64(mapEntrySize)) - } - } - if m.Port != 0 { - n += 1 + sovNode(uint64(m.Port)) - } - if m.Weights != nil { - l = m.Weights.Size() - n += 1 + l + sovNode(uint64(l)) - } - if m.EnableTagOverride { - n += 2 - } - l = m.Proxy.Size() - n += 1 + l + sovNode(uint64(l)) - l = m.Connect.Size() - n += 1 + l + sovNode(uint64(l)) - if m.LocallyRegisteredAsSidecar { - n += 2 - } - l = m.RaftIndex.Size() - n += 1 + l + sovNode(uint64(l)) - if len(m.TaggedAddresses) > 0 { - for k, v := range m.TaggedAddresses { - _ = k - _ = v - l = v.Size() - mapEntrySize := 1 + len(k) + sovNode(uint64(len(k))) + 1 + l + sovNode(uint64(l)) - n += mapEntrySize + 1 + sovNode(uint64(mapEntrySize)) - } - } - l = m.EnterpriseMeta.Size() - n += 2 + l + sovNode(uint64(l)) - l = len(m.SocketPath) - if l > 0 { - n += 2 + l + sovNode(uint64(l)) - } - return n -} - -func sovNode(x uint64) (n int) { - return (math_bits.Len64(x|1) + 6) / 7 -} -func sozNode(x uint64) (n int) { - return sovNode(uint64((x << 1) ^ uint64((int64(x) >> 63)))) -} -func (m *CheckServiceNode) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowNode - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: CheckServiceNode: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: CheckServiceNode: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Node", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowNode - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthNode - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthNode - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.Node == nil { - m.Node = &Node{} - } - if err := m.Node.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Service", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowNode - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthNode - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthNode - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.Service == nil { - m.Service = &NodeService{} - } - if err := m.Service.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Checks", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowNode - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthNode - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthNode - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Checks = append(m.Checks, &HealthCheck{}) - if err := m.Checks[len(m.Checks)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipNode(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthNode - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *Node) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowNode - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: Node: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: Node: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ID", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowNode - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthNode - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthNode - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.ID = github_com_hashicorp_consul_types.NodeID(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Node", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowNode - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthNode - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthNode - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Node = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Address", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowNode - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthNode - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthNode - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Address = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 4: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Datacenter", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowNode - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthNode - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthNode - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Datacenter = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 5: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field TaggedAddresses", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowNode - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthNode - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthNode - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.TaggedAddresses == nil { - m.TaggedAddresses = make(map[string]string) - } - var mapkey string - var mapvalue string - for iNdEx < postIndex { - entryPreIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowNode - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - if fieldNum == 1 { - var stringLenmapkey uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowNode - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLenmapkey |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLenmapkey := int(stringLenmapkey) - if intStringLenmapkey < 0 { - return ErrInvalidLengthNode - } - postStringIndexmapkey := iNdEx + intStringLenmapkey - if postStringIndexmapkey < 0 { - return ErrInvalidLengthNode - } - if postStringIndexmapkey > l { - return io.ErrUnexpectedEOF - } - mapkey = string(dAtA[iNdEx:postStringIndexmapkey]) - iNdEx = postStringIndexmapkey - } else if fieldNum == 2 { - var stringLenmapvalue uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowNode - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLenmapvalue |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLenmapvalue := int(stringLenmapvalue) - if intStringLenmapvalue < 0 { - return ErrInvalidLengthNode - } - postStringIndexmapvalue := iNdEx + intStringLenmapvalue - if postStringIndexmapvalue < 0 { - return ErrInvalidLengthNode - } - if postStringIndexmapvalue > l { - return io.ErrUnexpectedEOF - } - mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue]) - iNdEx = postStringIndexmapvalue - } else { - iNdEx = entryPreIndex - skippy, err := skipNode(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthNode - } - if (iNdEx + skippy) > postIndex { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - m.TaggedAddresses[mapkey] = mapvalue - iNdEx = postIndex - case 6: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Meta", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowNode - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthNode - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthNode - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.Meta == nil { - m.Meta = make(map[string]string) - } - var mapkey string - var mapvalue string - for iNdEx < postIndex { - entryPreIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowNode - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - if fieldNum == 1 { - var stringLenmapkey uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowNode - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLenmapkey |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLenmapkey := int(stringLenmapkey) - if intStringLenmapkey < 0 { - return ErrInvalidLengthNode - } - postStringIndexmapkey := iNdEx + intStringLenmapkey - if postStringIndexmapkey < 0 { - return ErrInvalidLengthNode - } - if postStringIndexmapkey > l { - return io.ErrUnexpectedEOF - } - mapkey = string(dAtA[iNdEx:postStringIndexmapkey]) - iNdEx = postStringIndexmapkey - } else if fieldNum == 2 { - var stringLenmapvalue uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowNode - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLenmapvalue |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLenmapvalue := int(stringLenmapvalue) - if intStringLenmapvalue < 0 { - return ErrInvalidLengthNode - } - postStringIndexmapvalue := iNdEx + intStringLenmapvalue - if postStringIndexmapvalue < 0 { - return ErrInvalidLengthNode - } - if postStringIndexmapvalue > l { - return io.ErrUnexpectedEOF - } - mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue]) - iNdEx = postStringIndexmapvalue - } else { - iNdEx = entryPreIndex - skippy, err := skipNode(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthNode - } - if (iNdEx + skippy) > postIndex { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - m.Meta[mapkey] = mapvalue - iNdEx = postIndex - case 7: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field RaftIndex", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowNode - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthNode - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthNode - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.RaftIndex.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 8: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Partition", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowNode - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthNode - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthNode - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Partition = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipNode(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthNode - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *NodeService) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowNode - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: NodeService: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: NodeService: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Kind", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowNode - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthNode - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthNode - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Kind = github_com_hashicorp_consul_agent_structs.ServiceKind(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ID", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowNode - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthNode - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthNode - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.ID = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Service", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowNode - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthNode - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthNode - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Service = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 4: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Tags", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowNode - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthNode - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthNode - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Tags = append(m.Tags, string(dAtA[iNdEx:postIndex])) - iNdEx = postIndex - case 5: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Address", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowNode - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthNode - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthNode - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Address = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 6: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Meta", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowNode - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthNode - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthNode - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.Meta == nil { - m.Meta = make(map[string]string) - } - var mapkey string - var mapvalue string - for iNdEx < postIndex { - entryPreIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowNode - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - if fieldNum == 1 { - var stringLenmapkey uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowNode - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLenmapkey |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLenmapkey := int(stringLenmapkey) - if intStringLenmapkey < 0 { - return ErrInvalidLengthNode - } - postStringIndexmapkey := iNdEx + intStringLenmapkey - if postStringIndexmapkey < 0 { - return ErrInvalidLengthNode - } - if postStringIndexmapkey > l { - return io.ErrUnexpectedEOF - } - mapkey = string(dAtA[iNdEx:postStringIndexmapkey]) - iNdEx = postStringIndexmapkey - } else if fieldNum == 2 { - var stringLenmapvalue uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowNode - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLenmapvalue |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLenmapvalue := int(stringLenmapvalue) - if intStringLenmapvalue < 0 { - return ErrInvalidLengthNode - } - postStringIndexmapvalue := iNdEx + intStringLenmapvalue - if postStringIndexmapvalue < 0 { - return ErrInvalidLengthNode - } - if postStringIndexmapvalue > l { - return io.ErrUnexpectedEOF - } - mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue]) - iNdEx = postStringIndexmapvalue - } else { - iNdEx = entryPreIndex - skippy, err := skipNode(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthNode - } - if (iNdEx + skippy) > postIndex { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - m.Meta[mapkey] = mapvalue - iNdEx = postIndex - case 7: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field Port", wireType) - } - m.Port = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowNode - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.Port |= int32(b&0x7F) << shift - if b < 0x80 { - break - } - } - case 8: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Weights", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowNode - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthNode - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthNode - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.Weights == nil { - m.Weights = &Weights{} - } - if err := m.Weights.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 9: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field EnableTagOverride", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowNode - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.EnableTagOverride = bool(v != 0) - case 11: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Proxy", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowNode - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthNode - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthNode - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.Proxy.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 12: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Connect", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowNode - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthNode - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthNode - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.Connect.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 13: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field LocallyRegisteredAsSidecar", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowNode - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.LocallyRegisteredAsSidecar = bool(v != 0) - case 14: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field RaftIndex", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowNode - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthNode - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthNode - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.RaftIndex.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 15: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field TaggedAddresses", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowNode - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthNode - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthNode - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.TaggedAddresses == nil { - m.TaggedAddresses = make(map[string]ServiceAddress) - } - var mapkey string - mapvalue := &ServiceAddress{} - for iNdEx < postIndex { - entryPreIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowNode - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - if fieldNum == 1 { - var stringLenmapkey uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowNode - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLenmapkey |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLenmapkey := int(stringLenmapkey) - if intStringLenmapkey < 0 { - return ErrInvalidLengthNode - } - postStringIndexmapkey := iNdEx + intStringLenmapkey - if postStringIndexmapkey < 0 { - return ErrInvalidLengthNode - } - if postStringIndexmapkey > l { - return io.ErrUnexpectedEOF - } - mapkey = string(dAtA[iNdEx:postStringIndexmapkey]) - iNdEx = postStringIndexmapkey - } else if fieldNum == 2 { - var mapmsglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowNode - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - mapmsglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if mapmsglen < 0 { - return ErrInvalidLengthNode - } - postmsgIndex := iNdEx + mapmsglen - if postmsgIndex < 0 { - return ErrInvalidLengthNode - } - if postmsgIndex > l { - return io.ErrUnexpectedEOF - } - mapvalue = &ServiceAddress{} - if err := mapvalue.Unmarshal(dAtA[iNdEx:postmsgIndex]); err != nil { - return err - } - iNdEx = postmsgIndex - } else { - iNdEx = entryPreIndex - skippy, err := skipNode(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthNode - } - if (iNdEx + skippy) > postIndex { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - m.TaggedAddresses[mapkey] = *mapvalue - iNdEx = postIndex - case 16: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field EnterpriseMeta", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowNode - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthNode - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthNode - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.EnterpriseMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 17: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SocketPath", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowNode - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthNode - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthNode - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.SocketPath = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipNode(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthNode - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func skipNode(dAtA []byte) (n int, err error) { - l := len(dAtA) - iNdEx := 0 - depth := 0 - for iNdEx < l { - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowNode - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - wireType := int(wire & 0x7) - switch wireType { - case 0: - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowNode - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - iNdEx++ - if dAtA[iNdEx-1] < 0x80 { - break - } - } - case 1: - iNdEx += 8 - case 2: - var length int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowNode - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - length |= (int(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - if length < 0 { - return 0, ErrInvalidLengthNode - } - iNdEx += length - case 3: - depth++ - case 4: - if depth == 0 { - return 0, ErrUnexpectedEndOfGroupNode - } - depth-- - case 5: - iNdEx += 4 - default: - return 0, fmt.Errorf("proto: illegal wireType %d", wireType) - } - if iNdEx < 0 { - return 0, ErrInvalidLengthNode - } - if depth == 0 { - return iNdEx, nil - } - } - return 0, io.ErrUnexpectedEOF -} - -var ( - ErrInvalidLengthNode = fmt.Errorf("proto: negative length found during unmarshaling") - ErrIntOverflowNode = fmt.Errorf("proto: integer overflow") - ErrUnexpectedEndOfGroupNode = fmt.Errorf("proto: unexpected end of group") -) diff --git a/proto/pbservice/node.proto b/proto/pbservice/node.proto index c07e809a8..4b8389352 100644 --- a/proto/pbservice/node.proto +++ b/proto/pbservice/node.proto @@ -4,18 +4,10 @@ package pbservice; option go_package = "github.com/hashicorp/consul/proto/pbservice"; -import "proto/pbcommongogo/common.proto"; +import "proto/pbcommon/common.proto"; import "proto/pbservice/healthcheck.proto"; import "proto/pbservice/service.proto"; -// This fake import path is replaced by the build script with a versioned path -import "gogoproto/gogo.proto"; - -option (gogoproto.goproto_unkeyed_all) = false; -option (gogoproto.goproto_unrecognized_all) = false; -option (gogoproto.goproto_getters_all) = false; -option (gogoproto.goproto_sizecache_all) = false; - // CheckServiceNode is used to provide the node, its service // definition, as well as a HealthCheck that is associated. message CheckServiceNode { @@ -32,7 +24,8 @@ message CheckServiceNode { // output=node.gen.go // name=Structs message Node { - string ID = 1 [(gogoproto.casttype) = "github.com/hashicorp/consul/types.NodeID"]; + // mog: func-to=NodeIDType func-from=string + string ID = 1; string Node = 2; string Partition = 8; @@ -42,7 +35,7 @@ message Node { map Meta = 6; // mog: func-to=RaftIndexToStructs func-from=NewRaftIndexFromStructs - commongogo.RaftIndex RaftIndex = 7 [(gogoproto.embed) = true, (gogoproto.nullable) = false]; + common.RaftIndex RaftIndex = 7; } // NodeService is a service provided by a node @@ -56,14 +49,15 @@ message NodeService { // Kind is the kind of service this is. Different kinds of services may // have differing validation, DNS behavior, etc. An empty kind will default // to the Default kind. See ServiceKind for the full list of kinds. - string Kind = 1 [(gogoproto.casttype) = "github.com/hashicorp/consul/agent/structs.ServiceKind"]; + // mog: func-to=structs.ServiceKind func-from=string + string Kind = 1; string ID = 2; string Service = 3; repeated string Tags = 4; string Address = 5; // mog: func-to=MapStringServiceAddressToStructs func-from=NewMapStringServiceAddressFromStructs - map TaggedAddresses = 15 [(gogoproto.nullable) = false]; + map TaggedAddresses = 15; map Meta = 6; // mog: func-to=int func-from=int32 int32 Port = 7; @@ -83,11 +77,11 @@ message NodeService { // in the other case. ProxyConfig may be a more natural name here, but it's // confusing for the UX because one of the fields in ConnectProxyConfig is // also called just "Config" - ConnectProxyConfig Proxy = 11 [(gogoproto.nullable) = false]; + ConnectProxyConfig Proxy = 11; // Connect are the Connect settings for a service. This is purposely NOT // a pointer so that we never have to nil-check this. - ServiceConnect Connect = 12 [(gogoproto.nullable) = false]; + ServiceConnect Connect = 12; // LocallyRegisteredAsSidecar is private as it is only used by a local agent // state to track if the service was registered from a nested sidecar_service @@ -109,8 +103,8 @@ message NodeService { bool LocallyRegisteredAsSidecar = 13; // mog: func-to=EnterpriseMetaToStructs func-from=NewEnterpriseMetaFromStructs - commongogo.EnterpriseMeta EnterpriseMeta = 16 [(gogoproto.nullable) = false]; + common.EnterpriseMeta EnterpriseMeta = 16; // mog: func-to=RaftIndexToStructs func-from=NewRaftIndexFromStructs - commongogo.RaftIndex RaftIndex = 14 [(gogoproto.embed) = true, (gogoproto.nullable) = false]; + common.RaftIndex RaftIndex = 14; } diff --git a/proto/pbservice/service.gen.go b/proto/pbservice/service.gen.go index 88dfe596d..9644f7c87 100644 --- a/proto/pbservice/service.gen.go +++ b/proto/pbservice/service.gen.go @@ -2,93 +2,123 @@ package pbservice -import structs "github.com/hashicorp/consul/agent/structs" +import "github.com/hashicorp/consul/agent/structs" -func ConnectProxyConfigToStructs(s ConnectProxyConfig) structs.ConnectProxyConfig { - var t structs.ConnectProxyConfig +func ConnectProxyConfigToStructs(s *ConnectProxyConfig, t *structs.ConnectProxyConfig) { + if s == nil { + return + } t.DestinationServiceName = s.DestinationServiceName t.DestinationServiceID = s.DestinationServiceID t.LocalServiceAddress = s.LocalServiceAddress t.LocalServicePort = int(s.LocalServicePort) t.LocalServiceSocketPath = s.LocalServiceSocketPath - t.Mode = s.Mode + t.Mode = structs.ProxyMode(s.Mode) t.Config = ProtobufTypesStructToMapStringInterface(s.Config) t.Upstreams = UpstreamsToStructs(s.Upstreams) - t.MeshGateway = MeshGatewayConfigToStructs(s.MeshGateway) - t.Expose = ExposeConfigToStructs(s.Expose) - t.TransparentProxy = TransparentProxyConfigToStructs(s.TransparentProxy) - return t + if s.MeshGateway != nil { + MeshGatewayConfigToStructs(s.MeshGateway, &t.MeshGateway) + } + if s.Expose != nil { + ExposeConfigToStructs(s.Expose, &t.Expose) + } + if s.TransparentProxy != nil { + TransparentProxyConfigToStructs(s.TransparentProxy, &t.TransparentProxy) + } } -func NewConnectProxyConfigFromStructs(t structs.ConnectProxyConfig) ConnectProxyConfig { - var s ConnectProxyConfig +func ConnectProxyConfigFromStructs(t *structs.ConnectProxyConfig, s *ConnectProxyConfig) { + if s == nil { + return + } s.DestinationServiceName = t.DestinationServiceName s.DestinationServiceID = t.DestinationServiceID s.LocalServiceAddress = t.LocalServiceAddress s.LocalServicePort = int32(t.LocalServicePort) s.LocalServiceSocketPath = t.LocalServiceSocketPath - s.Mode = t.Mode + s.Mode = string(t.Mode) s.Config = MapStringInterfaceToProtobufTypesStruct(t.Config) s.Upstreams = NewUpstreamsFromStructs(t.Upstreams) - s.MeshGateway = NewMeshGatewayConfigFromStructs(t.MeshGateway) - s.Expose = NewExposeConfigFromStructs(t.Expose) - s.TransparentProxy = NewTransparentProxyConfigFromStructs(t.TransparentProxy) - return s + { + var x MeshGatewayConfig + MeshGatewayConfigFromStructs(&t.MeshGateway, &x) + s.MeshGateway = &x + } + { + var x ExposeConfig + ExposeConfigFromStructs(&t.Expose, &x) + s.Expose = &x + } + { + var x TransparentProxyConfig + TransparentProxyConfigFromStructs(&t.TransparentProxy, &x) + s.TransparentProxy = &x + } } -func ExposeConfigToStructs(s ExposeConfig) structs.ExposeConfig { - var t structs.ExposeConfig +func ExposeConfigToStructs(s *ExposeConfig, t *structs.ExposeConfig) { + if s == nil { + return + } t.Checks = s.Checks t.Paths = ExposePathSliceToStructs(s.Paths) - return t } -func NewExposeConfigFromStructs(t structs.ExposeConfig) ExposeConfig { - var s ExposeConfig +func ExposeConfigFromStructs(t *structs.ExposeConfig, s *ExposeConfig) { + if s == nil { + return + } s.Checks = t.Checks s.Paths = NewExposePathSliceFromStructs(t.Paths) - return s } -func ExposePathToStructs(s ExposePath) structs.ExposePath { - var t structs.ExposePath +func ExposePathToStructs(s *ExposePath, t *structs.ExposePath) { + if s == nil { + return + } t.ListenerPort = int(s.ListenerPort) t.Path = s.Path t.LocalPathPort = int(s.LocalPathPort) t.Protocol = s.Protocol t.ParsedFromCheck = s.ParsedFromCheck - return t } -func NewExposePathFromStructs(t structs.ExposePath) ExposePath { - var s ExposePath +func ExposePathFromStructs(t *structs.ExposePath, s *ExposePath) { + if s == nil { + return + } s.ListenerPort = int32(t.ListenerPort) s.Path = t.Path s.LocalPathPort = int32(t.LocalPathPort) s.Protocol = t.Protocol s.ParsedFromCheck = t.ParsedFromCheck - return s } -func MeshGatewayConfigToStructs(s MeshGatewayConfig) structs.MeshGatewayConfig { - var t structs.MeshGatewayConfig - t.Mode = s.Mode - return t +func MeshGatewayConfigToStructs(s *MeshGatewayConfig, t *structs.MeshGatewayConfig) { + if s == nil { + return + } + t.Mode = structs.MeshGatewayMode(s.Mode) } -func NewMeshGatewayConfigFromStructs(t structs.MeshGatewayConfig) MeshGatewayConfig { - var s MeshGatewayConfig - s.Mode = t.Mode - return s +func MeshGatewayConfigFromStructs(t *structs.MeshGatewayConfig, s *MeshGatewayConfig) { + if s == nil { + return + } + s.Mode = string(t.Mode) } -func ServiceConnectToStructs(s ServiceConnect) structs.ServiceConnect { - var t structs.ServiceConnect +func ServiceConnectToStructs(s *ServiceConnect, t *structs.ServiceConnect) { + if s == nil { + return + } t.Native = s.Native t.SidecarService = ServiceDefinitionPtrToStructs(s.SidecarService) - return t } -func NewServiceConnectFromStructs(t structs.ServiceConnect) ServiceConnect { - var s ServiceConnect +func ServiceConnectFromStructs(t *structs.ServiceConnect, s *ServiceConnect) { + if s == nil { + return + } s.Native = t.Native s.SidecarService = NewServiceDefinitionPtrFromStructs(t.SidecarService) - return s } -func ServiceDefinitionToStructs(s ServiceDefinition) (structs.ServiceDefinition, error) { - var t structs.ServiceDefinition - t.Kind = s.Kind +func ServiceDefinitionToStructs(s *ServiceDefinition, t *structs.ServiceDefinition) { + if s == nil { + return + } + t.Kind = structs.ServiceKind(s.Kind) t.ID = s.ID t.Name = s.Name t.Tags = s.Tags @@ -97,27 +127,22 @@ func ServiceDefinitionToStructs(s ServiceDefinition) (structs.ServiceDefinition, t.Meta = s.Meta t.Port = int(s.Port) t.SocketPath = s.SocketPath - check, err := CheckTypeToStructs(s.Check) - if err != nil { - return t, err + if s.Check != nil { + CheckTypeToStructs(s.Check, &t.Check) } - t.Check = check - checks, err := CheckTypesToStructs(s.Checks) - if err != nil { - return t, err - } - t.Checks = checks + t.Checks = CheckTypesToStructs(s.Checks) t.Weights = WeightsPtrToStructs(s.Weights) t.Token = s.Token t.EnableTagOverride = s.EnableTagOverride t.Proxy = ConnectProxyConfigPtrToStructs(s.Proxy) t.EnterpriseMeta = EnterpriseMetaToStructs(s.EnterpriseMeta) t.Connect = ServiceConnectPtrToStructs(s.Connect) - return t, nil } -func NewServiceDefinitionFromStructs(t structs.ServiceDefinition) ServiceDefinition { - var s ServiceDefinition - s.Kind = t.Kind +func ServiceDefinitionFromStructs(t *structs.ServiceDefinition, s *ServiceDefinition) { + if s == nil { + return + } + s.Kind = string(t.Kind) s.ID = t.ID s.Name = t.Name s.Tags = t.Tags @@ -126,7 +151,11 @@ func NewServiceDefinitionFromStructs(t structs.ServiceDefinition) ServiceDefinit s.Meta = t.Meta s.Port = int32(t.Port) s.SocketPath = t.SocketPath - s.Check = NewCheckTypeFromStructs(t.Check) + { + var x CheckType + CheckTypeFromStructs(&t.Check, &x) + s.Check = &x + } s.Checks = NewCheckTypesFromStructs(t.Checks) s.Weights = NewWeightsPtrFromStructs(t.Weights) s.Token = t.Token @@ -134,22 +163,25 @@ func NewServiceDefinitionFromStructs(t structs.ServiceDefinition) ServiceDefinit s.Proxy = NewConnectProxyConfigPtrFromStructs(t.Proxy) s.EnterpriseMeta = NewEnterpriseMetaFromStructs(t.EnterpriseMeta) s.Connect = NewServiceConnectPtrFromStructs(t.Connect) - return s } -func TransparentProxyConfigToStructs(s TransparentProxyConfig) structs.TransparentProxyConfig { - var t structs.TransparentProxyConfig +func TransparentProxyConfigToStructs(s *TransparentProxyConfig, t *structs.TransparentProxyConfig) { + if s == nil { + return + } t.OutboundListenerPort = int(s.OutboundListenerPort) t.DialedDirectly = s.DialedDirectly - return t } -func NewTransparentProxyConfigFromStructs(t structs.TransparentProxyConfig) TransparentProxyConfig { - var s TransparentProxyConfig +func TransparentProxyConfigFromStructs(t *structs.TransparentProxyConfig, s *TransparentProxyConfig) { + if s == nil { + return + } s.OutboundListenerPort = int32(t.OutboundListenerPort) s.DialedDirectly = t.DialedDirectly - return s } -func UpstreamToStructs(s Upstream) structs.Upstream { - var t structs.Upstream +func UpstreamToStructs(s *Upstream, t *structs.Upstream) { + if s == nil { + return + } t.DestinationType = s.DestinationType t.DestinationNamespace = s.DestinationNamespace t.DestinationPartition = s.DestinationPartition @@ -160,12 +192,15 @@ func UpstreamToStructs(s Upstream) structs.Upstream { t.LocalBindSocketPath = s.LocalBindSocketPath t.LocalBindSocketMode = s.LocalBindSocketMode t.Config = ProtobufTypesStructToMapStringInterface(s.Config) - t.MeshGateway = MeshGatewayConfigToStructs(s.MeshGateway) + if s.MeshGateway != nil { + MeshGatewayConfigToStructs(s.MeshGateway, &t.MeshGateway) + } t.CentrallyConfigured = s.CentrallyConfigured - return t } -func NewUpstreamFromStructs(t structs.Upstream) Upstream { - var s Upstream +func UpstreamFromStructs(t *structs.Upstream, s *Upstream) { + if s == nil { + return + } s.DestinationType = t.DestinationType s.DestinationNamespace = t.DestinationNamespace s.DestinationPartition = t.DestinationPartition @@ -176,7 +211,10 @@ func NewUpstreamFromStructs(t structs.Upstream) Upstream { s.LocalBindSocketPath = t.LocalBindSocketPath s.LocalBindSocketMode = t.LocalBindSocketMode s.Config = MapStringInterfaceToProtobufTypesStruct(t.Config) - s.MeshGateway = NewMeshGatewayConfigFromStructs(t.MeshGateway) + { + var x MeshGatewayConfig + MeshGatewayConfigFromStructs(&t.MeshGateway, &x) + s.MeshGateway = &x + } s.CentrallyConfigured = t.CentrallyConfigured - return s } diff --git a/proto/pbservice/service.pb.go b/proto/pbservice/service.pb.go index ca5761fdc..b71a0a387 100644 --- a/proto/pbservice/service.pb.go +++ b/proto/pbservice/service.pb.go @@ -1,18 +1,14 @@ -// Code generated by protoc-gen-gogo. DO NOT EDIT. +// Code generated by protoc-gen-go. DO NOT EDIT. // source: proto/pbservice/service.proto package pbservice import ( fmt "fmt" - _ "github.com/gogo/protobuf/gogoproto" - types "github.com/gogo/protobuf/types" proto "github.com/golang/protobuf/proto" - github_com_hashicorp_consul_agent_structs "github.com/hashicorp/consul/agent/structs" - pbcommongogo "github.com/hashicorp/consul/proto/pbcommongogo" - io "io" + _struct "github.com/golang/protobuf/ptypes/struct" + pbcommon "github.com/hashicorp/consul/proto/pbcommon" math "math" - math_bits "math/bits" ) // Reference imports to suppress errors if they are not otherwise used. @@ -62,22 +58,26 @@ type ConnectProxyConfig struct { // Config is the arbitrary configuration data provided with the proxy // registration. // mog: func-to=ProtobufTypesStructToMapStringInterface func-from=MapStringInterfaceToProtobufTypesStruct - Config *types.Struct `protobuf:"bytes,5,opt,name=Config,proto3" json:"Config,omitempty"` + Config *_struct.Struct `protobuf:"bytes,5,opt,name=Config,proto3" json:"Config,omitempty"` // Upstreams describes any upstream dependencies the proxy instance should // setup. // mog: func-to=UpstreamsToStructs func-from=NewUpstreamsFromStructs - Upstreams []Upstream `protobuf:"bytes,6,rep,name=Upstreams,proto3" json:"Upstreams"` + Upstreams []*Upstream `protobuf:"bytes,6,rep,name=Upstreams,proto3" json:"Upstreams,omitempty"` // MeshGateway defines the mesh gateway configuration for upstreams - MeshGateway MeshGatewayConfig `protobuf:"bytes,7,opt,name=MeshGateway,proto3" json:"MeshGateway"` + MeshGateway *MeshGatewayConfig `protobuf:"bytes,7,opt,name=MeshGateway,proto3" json:"MeshGateway,omitempty"` // Expose defines whether checks or paths are exposed through the proxy - Expose ExposeConfig `protobuf:"bytes,8,opt,name=Expose,proto3" json:"Expose"` + Expose *ExposeConfig `protobuf:"bytes,8,opt,name=Expose,proto3" json:"Expose,omitempty"` // Mode represents how the proxy's inbound and upstream listeners are dialed. - Mode github_com_hashicorp_consul_agent_structs.ProxyMode `protobuf:"bytes,9,opt,name=Mode,proto3,casttype=github.com/hashicorp/consul/agent/structs.ProxyMode" json:"Mode,omitempty"` + // mog: func-to=structs.ProxyMode func-from=string + Mode string `protobuf:"bytes,9,opt,name=Mode,proto3" json:"Mode,omitempty"` // TransparentProxy defines configuration for when the proxy is in // transparent mode. - TransparentProxy TransparentProxyConfig `protobuf:"bytes,10,opt,name=TransparentProxy,proto3" json:"TransparentProxy"` + TransparentProxy *TransparentProxyConfig `protobuf:"bytes,10,opt,name=TransparentProxy,proto3" json:"TransparentProxy,omitempty"` // LocalServiceSocketPath is the path to the unix domain socket for the local service instance - LocalServiceSocketPath string `protobuf:"bytes,11,opt,name=LocalServiceSocketPath,proto3" json:"LocalServiceSocketPath,omitempty"` + LocalServiceSocketPath string `protobuf:"bytes,11,opt,name=LocalServiceSocketPath,proto3" json:"LocalServiceSocketPath,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *ConnectProxyConfig) Reset() { *m = ConnectProxyConfig{} } @@ -86,26 +86,18 @@ func (*ConnectProxyConfig) ProtoMessage() {} func (*ConnectProxyConfig) Descriptor() ([]byte, []int) { return fileDescriptor_cbb99233b75fb80b, []int{0} } + func (m *ConnectProxyConfig) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) + return xxx_messageInfo_ConnectProxyConfig.Unmarshal(m, b) } func (m *ConnectProxyConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_ConnectProxyConfig.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil - } + return xxx_messageInfo_ConnectProxyConfig.Marshal(b, m, deterministic) } func (m *ConnectProxyConfig) XXX_Merge(src proto.Message) { xxx_messageInfo_ConnectProxyConfig.Merge(m, src) } func (m *ConnectProxyConfig) XXX_Size() int { - return m.Size() + return xxx_messageInfo_ConnectProxyConfig.Size(m) } func (m *ConnectProxyConfig) XXX_DiscardUnknown() { xxx_messageInfo_ConnectProxyConfig.DiscardUnknown(m) @@ -113,6 +105,83 @@ func (m *ConnectProxyConfig) XXX_DiscardUnknown() { var xxx_messageInfo_ConnectProxyConfig proto.InternalMessageInfo +func (m *ConnectProxyConfig) GetDestinationServiceName() string { + if m != nil { + return m.DestinationServiceName + } + return "" +} + +func (m *ConnectProxyConfig) GetDestinationServiceID() string { + if m != nil { + return m.DestinationServiceID + } + return "" +} + +func (m *ConnectProxyConfig) GetLocalServiceAddress() string { + if m != nil { + return m.LocalServiceAddress + } + return "" +} + +func (m *ConnectProxyConfig) GetLocalServicePort() int32 { + if m != nil { + return m.LocalServicePort + } + return 0 +} + +func (m *ConnectProxyConfig) GetConfig() *_struct.Struct { + if m != nil { + return m.Config + } + return nil +} + +func (m *ConnectProxyConfig) GetUpstreams() []*Upstream { + if m != nil { + return m.Upstreams + } + return nil +} + +func (m *ConnectProxyConfig) GetMeshGateway() *MeshGatewayConfig { + if m != nil { + return m.MeshGateway + } + return nil +} + +func (m *ConnectProxyConfig) GetExpose() *ExposeConfig { + if m != nil { + return m.Expose + } + return nil +} + +func (m *ConnectProxyConfig) GetMode() string { + if m != nil { + return m.Mode + } + return "" +} + +func (m *ConnectProxyConfig) GetTransparentProxy() *TransparentProxyConfig { + if m != nil { + return m.TransparentProxy + } + return nil +} + +func (m *ConnectProxyConfig) GetLocalServiceSocketPath() string { + if m != nil { + return m.LocalServiceSocketPath + } + return "" +} + // Upstream represents a single upstream dependency for a service or proxy. It // describes the mechanism used to discover instances to communicate with (the // Target) as well as any potential client configuration that may be useful such @@ -150,16 +219,19 @@ type Upstream struct { // It can be used to pass arbitrary configuration for this specific upstream // to the proxy. // mog: func-to=ProtobufTypesStructToMapStringInterface func-from=MapStringInterfaceToProtobufTypesStruct - Config *types.Struct `protobuf:"bytes,7,opt,name=Config,proto3" json:"Config,omitempty"` + Config *_struct.Struct `protobuf:"bytes,7,opt,name=Config,proto3" json:"Config,omitempty"` // MeshGateway is the configuration for mesh gateway usage of this upstream - MeshGateway MeshGatewayConfig `protobuf:"bytes,8,opt,name=MeshGateway,proto3" json:"MeshGateway"` + MeshGateway *MeshGatewayConfig `protobuf:"bytes,8,opt,name=MeshGateway,proto3" json:"MeshGateway,omitempty"` // CentrallyConfigured indicates whether the upstream was defined in a proxy // instance registration or whether it was generated from a config entry. CentrallyConfigured bool `protobuf:"varint,9,opt,name=CentrallyConfigured,proto3" json:"CentrallyConfigured,omitempty"` // LocalBindSocketPath is the socket to create to connect to the upstream service - LocalBindSocketPath string `protobuf:"bytes,10,opt,name=LocalBindSocketPath,proto3" json:"LocalBindSocketPath,omitempty"` - LocalBindSocketMode string `protobuf:"bytes,11,opt,name=LocalBindSocketMode,proto3" json:"LocalBindSocketMode,omitempty"` - DestinationPartition string `protobuf:"bytes,12,opt,name=DestinationPartition,proto3" json:"DestinationPartition,omitempty"` + LocalBindSocketPath string `protobuf:"bytes,10,opt,name=LocalBindSocketPath,proto3" json:"LocalBindSocketPath,omitempty"` + LocalBindSocketMode string `protobuf:"bytes,11,opt,name=LocalBindSocketMode,proto3" json:"LocalBindSocketMode,omitempty"` + DestinationPartition string `protobuf:"bytes,12,opt,name=DestinationPartition,proto3" json:"DestinationPartition,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *Upstream) Reset() { *m = Upstream{} } @@ -168,26 +240,18 @@ func (*Upstream) ProtoMessage() {} func (*Upstream) Descriptor() ([]byte, []int) { return fileDescriptor_cbb99233b75fb80b, []int{1} } + func (m *Upstream) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) + return xxx_messageInfo_Upstream.Unmarshal(m, b) } func (m *Upstream) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_Upstream.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil - } + return xxx_messageInfo_Upstream.Marshal(b, m, deterministic) } func (m *Upstream) XXX_Merge(src proto.Message) { xxx_messageInfo_Upstream.Merge(m, src) } func (m *Upstream) XXX_Size() int { - return m.Size() + return xxx_messageInfo_Upstream.Size(m) } func (m *Upstream) XXX_DiscardUnknown() { xxx_messageInfo_Upstream.DiscardUnknown(m) @@ -195,6 +259,90 @@ func (m *Upstream) XXX_DiscardUnknown() { var xxx_messageInfo_Upstream proto.InternalMessageInfo +func (m *Upstream) GetDestinationType() string { + if m != nil { + return m.DestinationType + } + return "" +} + +func (m *Upstream) GetDestinationNamespace() string { + if m != nil { + return m.DestinationNamespace + } + return "" +} + +func (m *Upstream) GetDestinationName() string { + if m != nil { + return m.DestinationName + } + return "" +} + +func (m *Upstream) GetDatacenter() string { + if m != nil { + return m.Datacenter + } + return "" +} + +func (m *Upstream) GetLocalBindAddress() string { + if m != nil { + return m.LocalBindAddress + } + return "" +} + +func (m *Upstream) GetLocalBindPort() int32 { + if m != nil { + return m.LocalBindPort + } + return 0 +} + +func (m *Upstream) GetConfig() *_struct.Struct { + if m != nil { + return m.Config + } + return nil +} + +func (m *Upstream) GetMeshGateway() *MeshGatewayConfig { + if m != nil { + return m.MeshGateway + } + return nil +} + +func (m *Upstream) GetCentrallyConfigured() bool { + if m != nil { + return m.CentrallyConfigured + } + return false +} + +func (m *Upstream) GetLocalBindSocketPath() string { + if m != nil { + return m.LocalBindSocketPath + } + return "" +} + +func (m *Upstream) GetLocalBindSocketMode() string { + if m != nil { + return m.LocalBindSocketMode + } + return "" +} + +func (m *Upstream) GetDestinationPartition() string { + if m != nil { + return m.DestinationPartition + } + return "" +} + // ServiceConnect are the shared Connect settings between all service // definitions from the agent to the state store. // mog annotation: @@ -213,7 +361,10 @@ type ServiceConnect struct { // result is identical to just making a second service registration via any // other means. // mog: func-to=ServiceDefinitionPtrToStructs func-from=NewServiceDefinitionPtrFromStructs - SidecarService *ServiceDefinition `protobuf:"bytes,3,opt,name=SidecarService,proto3" json:"SidecarService,omitempty"` + SidecarService *ServiceDefinition `protobuf:"bytes,3,opt,name=SidecarService,proto3" json:"SidecarService,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *ServiceConnect) Reset() { *m = ServiceConnect{} } @@ -222,26 +373,18 @@ func (*ServiceConnect) ProtoMessage() {} func (*ServiceConnect) Descriptor() ([]byte, []int) { return fileDescriptor_cbb99233b75fb80b, []int{2} } + func (m *ServiceConnect) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) + return xxx_messageInfo_ServiceConnect.Unmarshal(m, b) } func (m *ServiceConnect) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_ServiceConnect.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil - } + return xxx_messageInfo_ServiceConnect.Marshal(b, m, deterministic) } func (m *ServiceConnect) XXX_Merge(src proto.Message) { xxx_messageInfo_ServiceConnect.Merge(m, src) } func (m *ServiceConnect) XXX_Size() int { - return m.Size() + return xxx_messageInfo_ServiceConnect.Size(m) } func (m *ServiceConnect) XXX_DiscardUnknown() { xxx_messageInfo_ServiceConnect.DiscardUnknown(m) @@ -249,6 +392,20 @@ func (m *ServiceConnect) XXX_DiscardUnknown() { var xxx_messageInfo_ServiceConnect proto.InternalMessageInfo +func (m *ServiceConnect) GetNative() bool { + if m != nil { + return m.Native + } + return false +} + +func (m *ServiceConnect) GetSidecarService() *ServiceDefinition { + if m != nil { + return m.SidecarService + } + return nil +} + // ExposeConfig describes HTTP paths to expose through Envoy outside of Connect. // Users can expose individual paths and/or all HTTP/GRPC paths for checks. // @@ -263,7 +420,10 @@ type ExposeConfig struct { Checks bool `protobuf:"varint,1,opt,name=Checks,proto3" json:"Checks,omitempty"` // Paths is the list of paths exposed through the proxy. // mog: func-to=ExposePathSliceToStructs func-from=NewExposePathSliceFromStructs - Paths []ExposePath `protobuf:"bytes,2,rep,name=Paths,proto3" json:"Paths"` + Paths []*ExposePath `protobuf:"bytes,2,rep,name=Paths,proto3" json:"Paths,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *ExposeConfig) Reset() { *m = ExposeConfig{} } @@ -272,26 +432,18 @@ func (*ExposeConfig) ProtoMessage() {} func (*ExposeConfig) Descriptor() ([]byte, []int) { return fileDescriptor_cbb99233b75fb80b, []int{3} } + func (m *ExposeConfig) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) + return xxx_messageInfo_ExposeConfig.Unmarshal(m, b) } func (m *ExposeConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_ExposeConfig.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil - } + return xxx_messageInfo_ExposeConfig.Marshal(b, m, deterministic) } func (m *ExposeConfig) XXX_Merge(src proto.Message) { xxx_messageInfo_ExposeConfig.Merge(m, src) } func (m *ExposeConfig) XXX_Size() int { - return m.Size() + return xxx_messageInfo_ExposeConfig.Size(m) } func (m *ExposeConfig) XXX_DiscardUnknown() { xxx_messageInfo_ExposeConfig.DiscardUnknown(m) @@ -299,6 +451,20 @@ func (m *ExposeConfig) XXX_DiscardUnknown() { var xxx_messageInfo_ExposeConfig proto.InternalMessageInfo +func (m *ExposeConfig) GetChecks() bool { + if m != nil { + return m.Checks + } + return false +} + +func (m *ExposeConfig) GetPaths() []*ExposePath { + if m != nil { + return m.Paths + } + return nil +} + // mog annotation: // // target=github.com/hashicorp/consul/agent/structs.ExposePath @@ -317,7 +483,10 @@ type ExposePath struct { // Valid values are "http" and "http2", defaults to "http" Protocol string `protobuf:"bytes,4,opt,name=Protocol,proto3" json:"Protocol,omitempty"` // ParsedFromCheck is set if this path was parsed from a registered check - ParsedFromCheck bool `protobuf:"varint,5,opt,name=ParsedFromCheck,proto3" json:"ParsedFromCheck,omitempty"` + ParsedFromCheck bool `protobuf:"varint,5,opt,name=ParsedFromCheck,proto3" json:"ParsedFromCheck,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *ExposePath) Reset() { *m = ExposePath{} } @@ -326,26 +495,18 @@ func (*ExposePath) ProtoMessage() {} func (*ExposePath) Descriptor() ([]byte, []int) { return fileDescriptor_cbb99233b75fb80b, []int{4} } + func (m *ExposePath) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) + return xxx_messageInfo_ExposePath.Unmarshal(m, b) } func (m *ExposePath) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_ExposePath.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil - } + return xxx_messageInfo_ExposePath.Marshal(b, m, deterministic) } func (m *ExposePath) XXX_Merge(src proto.Message) { xxx_messageInfo_ExposePath.Merge(m, src) } func (m *ExposePath) XXX_Size() int { - return m.Size() + return xxx_messageInfo_ExposePath.Size(m) } func (m *ExposePath) XXX_DiscardUnknown() { xxx_messageInfo_ExposePath.DiscardUnknown(m) @@ -353,13 +514,52 @@ func (m *ExposePath) XXX_DiscardUnknown() { var xxx_messageInfo_ExposePath proto.InternalMessageInfo +func (m *ExposePath) GetListenerPort() int32 { + if m != nil { + return m.ListenerPort + } + return 0 +} + +func (m *ExposePath) GetPath() string { + if m != nil { + return m.Path + } + return "" +} + +func (m *ExposePath) GetLocalPathPort() int32 { + if m != nil { + return m.LocalPathPort + } + return 0 +} + +func (m *ExposePath) GetProtocol() string { + if m != nil { + return m.Protocol + } + return "" +} + +func (m *ExposePath) GetParsedFromCheck() bool { + if m != nil { + return m.ParsedFromCheck + } + return false +} + // mog annotation: // // target=github.com/hashicorp/consul/agent/structs.MeshGatewayConfig // output=service.gen.go // name=Structs type MeshGatewayConfig struct { - Mode github_com_hashicorp_consul_agent_structs.MeshGatewayMode `protobuf:"bytes,1,opt,name=Mode,proto3,casttype=github.com/hashicorp/consul/agent/structs.MeshGatewayMode" json:"Mode,omitempty"` + // mog: func-to=structs.MeshGatewayMode func-from=string + Mode string `protobuf:"bytes,1,opt,name=Mode,proto3" json:"Mode,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *MeshGatewayConfig) Reset() { *m = MeshGatewayConfig{} } @@ -368,26 +568,18 @@ func (*MeshGatewayConfig) ProtoMessage() {} func (*MeshGatewayConfig) Descriptor() ([]byte, []int) { return fileDescriptor_cbb99233b75fb80b, []int{5} } + func (m *MeshGatewayConfig) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) + return xxx_messageInfo_MeshGatewayConfig.Unmarshal(m, b) } func (m *MeshGatewayConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_MeshGatewayConfig.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil - } + return xxx_messageInfo_MeshGatewayConfig.Marshal(b, m, deterministic) } func (m *MeshGatewayConfig) XXX_Merge(src proto.Message) { xxx_messageInfo_MeshGatewayConfig.Merge(m, src) } func (m *MeshGatewayConfig) XXX_Size() int { - return m.Size() + return xxx_messageInfo_MeshGatewayConfig.Size(m) } func (m *MeshGatewayConfig) XXX_DiscardUnknown() { xxx_messageInfo_MeshGatewayConfig.DiscardUnknown(m) @@ -395,6 +587,13 @@ func (m *MeshGatewayConfig) XXX_DiscardUnknown() { var xxx_messageInfo_MeshGatewayConfig proto.InternalMessageInfo +func (m *MeshGatewayConfig) GetMode() string { + if m != nil { + return m.Mode + } + return "" +} + // mog annotation: // // target=github.com/hashicorp/consul/agent/structs.TransparentProxyConfig @@ -406,7 +605,10 @@ type TransparentProxyConfig struct { // DialedDirectly indicates whether transparent proxies can dial this proxy instance directly. // The discovery chain is not considered when dialing a service instance directly. // This setting is useful when addressing stateful services, such as a database cluster with a leader node. - DialedDirectly bool `protobuf:"varint,2,opt,name=DialedDirectly,proto3" json:"DialedDirectly,omitempty"` + DialedDirectly bool `protobuf:"varint,2,opt,name=DialedDirectly,proto3" json:"DialedDirectly,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *TransparentProxyConfig) Reset() { *m = TransparentProxyConfig{} } @@ -415,26 +617,18 @@ func (*TransparentProxyConfig) ProtoMessage() {} func (*TransparentProxyConfig) Descriptor() ([]byte, []int) { return fileDescriptor_cbb99233b75fb80b, []int{6} } + func (m *TransparentProxyConfig) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) + return xxx_messageInfo_TransparentProxyConfig.Unmarshal(m, b) } func (m *TransparentProxyConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_TransparentProxyConfig.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil - } + return xxx_messageInfo_TransparentProxyConfig.Marshal(b, m, deterministic) } func (m *TransparentProxyConfig) XXX_Merge(src proto.Message) { xxx_messageInfo_TransparentProxyConfig.Merge(m, src) } func (m *TransparentProxyConfig) XXX_Size() int { - return m.Size() + return xxx_messageInfo_TransparentProxyConfig.Size(m) } func (m *TransparentProxyConfig) XXX_DiscardUnknown() { xxx_messageInfo_TransparentProxyConfig.DiscardUnknown(m) @@ -442,6 +636,20 @@ func (m *TransparentProxyConfig) XXX_DiscardUnknown() { var xxx_messageInfo_TransparentProxyConfig proto.InternalMessageInfo +func (m *TransparentProxyConfig) GetOutboundListenerPort() int32 { + if m != nil { + return m.OutboundListenerPort + } + return 0 +} + +func (m *TransparentProxyConfig) GetDialedDirectly() bool { + if m != nil { + return m.DialedDirectly + } + return false +} + // ServiceDefinition is used to JSON decode the Service definitions. For // documentation on specific fields see NodeService which is better documented. // @@ -451,19 +659,20 @@ var xxx_messageInfo_TransparentProxyConfig proto.InternalMessageInfo // output=service.gen.go // name=Structs type ServiceDefinition struct { - Kind github_com_hashicorp_consul_agent_structs.ServiceKind `protobuf:"bytes,1,opt,name=Kind,proto3,casttype=github.com/hashicorp/consul/agent/structs.ServiceKind" json:"Kind,omitempty"` - ID string `protobuf:"bytes,2,opt,name=ID,proto3" json:"ID,omitempty"` - Name string `protobuf:"bytes,3,opt,name=Name,proto3" json:"Name,omitempty"` - Tags []string `protobuf:"bytes,4,rep,name=Tags,proto3" json:"Tags,omitempty"` - Address string `protobuf:"bytes,5,opt,name=Address,proto3" json:"Address,omitempty"` + // mog: func-to=structs.ServiceKind func-from=string + Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"Kind,omitempty"` + ID string `protobuf:"bytes,2,opt,name=ID,proto3" json:"ID,omitempty"` + Name string `protobuf:"bytes,3,opt,name=Name,proto3" json:"Name,omitempty"` + Tags []string `protobuf:"bytes,4,rep,name=Tags,proto3" json:"Tags,omitempty"` + Address string `protobuf:"bytes,5,opt,name=Address,proto3" json:"Address,omitempty"` // mog: func-to=MapStringServiceAddressToStructs func-from=NewMapStringServiceAddressFromStructs - TaggedAddresses map[string]ServiceAddress `protobuf:"bytes,16,rep,name=TaggedAddresses,proto3" json:"TaggedAddresses" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - Meta map[string]string `protobuf:"bytes,6,rep,name=Meta,proto3" json:"Meta,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + TaggedAddresses map[string]*ServiceAddress `protobuf:"bytes,16,rep,name=TaggedAddresses,proto3" json:"TaggedAddresses,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + Meta map[string]string `protobuf:"bytes,6,rep,name=Meta,proto3" json:"Meta,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` // mog: func-to=int func-from=int32 Port int32 `protobuf:"varint,7,opt,name=Port,proto3" json:"Port,omitempty"` // Path for socket - SocketPath string `protobuf:"bytes,18,opt,name=SocketPath,proto3" json:"SocketPath,omitempty"` - Check CheckType `protobuf:"bytes,8,opt,name=Check,proto3" json:"Check"` + SocketPath string `protobuf:"bytes,18,opt,name=SocketPath,proto3" json:"SocketPath,omitempty"` + Check *CheckType `protobuf:"bytes,8,opt,name=Check,proto3" json:"Check,omitempty"` // mog: func-to=CheckTypesToStructs func-from=NewCheckTypesFromStructs Checks []*CheckType `protobuf:"bytes,9,rep,name=Checks,proto3" json:"Checks,omitempty"` // mog: func-to=WeightsPtrToStructs func-from=NewWeightsPtrFromStructs @@ -483,9 +692,12 @@ type ServiceDefinition struct { // mog: func-to=ConnectProxyConfigPtrToStructs func-from=NewConnectProxyConfigPtrFromStructs Proxy *ConnectProxyConfig `protobuf:"bytes,14,opt,name=Proxy,proto3" json:"Proxy,omitempty"` // mog: func-to=EnterpriseMetaToStructs func-from=NewEnterpriseMetaFromStructs - EnterpriseMeta pbcommongogo.EnterpriseMeta `protobuf:"bytes,17,opt,name=EnterpriseMeta,proto3" json:"EnterpriseMeta"` + EnterpriseMeta *pbcommon.EnterpriseMeta `protobuf:"bytes,17,opt,name=EnterpriseMeta,proto3" json:"EnterpriseMeta,omitempty"` // mog: func-to=ServiceConnectPtrToStructs func-from=NewServiceConnectPtrFromStructs - Connect *ServiceConnect `protobuf:"bytes,15,opt,name=Connect,proto3" json:"Connect,omitempty"` + Connect *ServiceConnect `protobuf:"bytes,15,opt,name=Connect,proto3" json:"Connect,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *ServiceDefinition) Reset() { *m = ServiceDefinition{} } @@ -494,26 +706,18 @@ func (*ServiceDefinition) ProtoMessage() {} func (*ServiceDefinition) Descriptor() ([]byte, []int) { return fileDescriptor_cbb99233b75fb80b, []int{7} } + func (m *ServiceDefinition) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) + return xxx_messageInfo_ServiceDefinition.Unmarshal(m, b) } func (m *ServiceDefinition) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_ServiceDefinition.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil - } + return xxx_messageInfo_ServiceDefinition.Marshal(b, m, deterministic) } func (m *ServiceDefinition) XXX_Merge(src proto.Message) { xxx_messageInfo_ServiceDefinition.Merge(m, src) } func (m *ServiceDefinition) XXX_Size() int { - return m.Size() + return xxx_messageInfo_ServiceDefinition.Size(m) } func (m *ServiceDefinition) XXX_DiscardUnknown() { xxx_messageInfo_ServiceDefinition.DiscardUnknown(m) @@ -521,11 +725,133 @@ func (m *ServiceDefinition) XXX_DiscardUnknown() { var xxx_messageInfo_ServiceDefinition proto.InternalMessageInfo +func (m *ServiceDefinition) GetKind() string { + if m != nil { + return m.Kind + } + return "" +} + +func (m *ServiceDefinition) GetID() string { + if m != nil { + return m.ID + } + return "" +} + +func (m *ServiceDefinition) GetName() string { + if m != nil { + return m.Name + } + return "" +} + +func (m *ServiceDefinition) GetTags() []string { + if m != nil { + return m.Tags + } + return nil +} + +func (m *ServiceDefinition) GetAddress() string { + if m != nil { + return m.Address + } + return "" +} + +func (m *ServiceDefinition) GetTaggedAddresses() map[string]*ServiceAddress { + if m != nil { + return m.TaggedAddresses + } + return nil +} + +func (m *ServiceDefinition) GetMeta() map[string]string { + if m != nil { + return m.Meta + } + return nil +} + +func (m *ServiceDefinition) GetPort() int32 { + if m != nil { + return m.Port + } + return 0 +} + +func (m *ServiceDefinition) GetSocketPath() string { + if m != nil { + return m.SocketPath + } + return "" +} + +func (m *ServiceDefinition) GetCheck() *CheckType { + if m != nil { + return m.Check + } + return nil +} + +func (m *ServiceDefinition) GetChecks() []*CheckType { + if m != nil { + return m.Checks + } + return nil +} + +func (m *ServiceDefinition) GetWeights() *Weights { + if m != nil { + return m.Weights + } + return nil +} + +func (m *ServiceDefinition) GetToken() string { + if m != nil { + return m.Token + } + return "" +} + +func (m *ServiceDefinition) GetEnableTagOverride() bool { + if m != nil { + return m.EnableTagOverride + } + return false +} + +func (m *ServiceDefinition) GetProxy() *ConnectProxyConfig { + if m != nil { + return m.Proxy + } + return nil +} + +func (m *ServiceDefinition) GetEnterpriseMeta() *pbcommon.EnterpriseMeta { + if m != nil { + return m.EnterpriseMeta + } + return nil +} + +func (m *ServiceDefinition) GetConnect() *ServiceConnect { + if m != nil { + return m.Connect + } + return nil +} + // Type to hold an address and port of a service type ServiceAddress struct { Address string `protobuf:"bytes,1,opt,name=Address,proto3" json:"Address,omitempty"` // mog: func-to=int func-from=int32 - Port int32 `protobuf:"varint,2,opt,name=Port,proto3" json:"Port,omitempty"` + Port int32 `protobuf:"varint,2,opt,name=Port,proto3" json:"Port,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *ServiceAddress) Reset() { *m = ServiceAddress{} } @@ -534,26 +860,18 @@ func (*ServiceAddress) ProtoMessage() {} func (*ServiceAddress) Descriptor() ([]byte, []int) { return fileDescriptor_cbb99233b75fb80b, []int{8} } + func (m *ServiceAddress) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) + return xxx_messageInfo_ServiceAddress.Unmarshal(m, b) } func (m *ServiceAddress) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_ServiceAddress.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil - } + return xxx_messageInfo_ServiceAddress.Marshal(b, m, deterministic) } func (m *ServiceAddress) XXX_Merge(src proto.Message) { xxx_messageInfo_ServiceAddress.Merge(m, src) } func (m *ServiceAddress) XXX_Size() int { - return m.Size() + return xxx_messageInfo_ServiceAddress.Size(m) } func (m *ServiceAddress) XXX_DiscardUnknown() { xxx_messageInfo_ServiceAddress.DiscardUnknown(m) @@ -561,12 +879,29 @@ func (m *ServiceAddress) XXX_DiscardUnknown() { var xxx_messageInfo_ServiceAddress proto.InternalMessageInfo +func (m *ServiceAddress) GetAddress() string { + if m != nil { + return m.Address + } + return "" +} + +func (m *ServiceAddress) GetPort() int32 { + if m != nil { + return m.Port + } + return 0 +} + // Weights represent the weight used by DNS for a given status type Weights struct { // mog: func-to=int func-from=int32 Passing int32 `protobuf:"varint,1,opt,name=Passing,proto3" json:"Passing,omitempty"` // mog: func-to=int func-from=int32 - Warning int32 `protobuf:"varint,2,opt,name=Warning,proto3" json:"Warning,omitempty"` + Warning int32 `protobuf:"varint,2,opt,name=Warning,proto3" json:"Warning,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *Weights) Reset() { *m = Weights{} } @@ -575,26 +910,18 @@ func (*Weights) ProtoMessage() {} func (*Weights) Descriptor() ([]byte, []int) { return fileDescriptor_cbb99233b75fb80b, []int{9} } + func (m *Weights) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) + return xxx_messageInfo_Weights.Unmarshal(m, b) } func (m *Weights) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_Weights.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil - } + return xxx_messageInfo_Weights.Marshal(b, m, deterministic) } func (m *Weights) XXX_Merge(src proto.Message) { xxx_messageInfo_Weights.Merge(m, src) } func (m *Weights) XXX_Size() int { - return m.Size() + return xxx_messageInfo_Weights.Size(m) } func (m *Weights) XXX_DiscardUnknown() { xxx_messageInfo_Weights.DiscardUnknown(m) @@ -602,6 +929,20 @@ func (m *Weights) XXX_DiscardUnknown() { var xxx_messageInfo_Weights proto.InternalMessageInfo +func (m *Weights) GetPassing() int32 { + if m != nil { + return m.Passing + } + return 0 +} + +func (m *Weights) GetWarning() int32 { + if m != nil { + return m.Warning + } + return 0 +} + func init() { proto.RegisterType((*ConnectProxyConfig)(nil), "pbservice.ConnectProxyConfig") proto.RegisterType((*Upstream)(nil), "pbservice.Upstream") @@ -612,3554 +953,83 @@ func init() { proto.RegisterType((*TransparentProxyConfig)(nil), "pbservice.TransparentProxyConfig") proto.RegisterType((*ServiceDefinition)(nil), "pbservice.ServiceDefinition") proto.RegisterMapType((map[string]string)(nil), "pbservice.ServiceDefinition.MetaEntry") - proto.RegisterMapType((map[string]ServiceAddress)(nil), "pbservice.ServiceDefinition.TaggedAddressesEntry") + proto.RegisterMapType((map[string]*ServiceAddress)(nil), "pbservice.ServiceDefinition.TaggedAddressesEntry") proto.RegisterType((*ServiceAddress)(nil), "pbservice.ServiceAddress") proto.RegisterType((*Weights)(nil), "pbservice.Weights") } -func init() { proto.RegisterFile("proto/pbservice/service.proto", fileDescriptor_cbb99233b75fb80b) } +func init() { + proto.RegisterFile("proto/pbservice/service.proto", fileDescriptor_cbb99233b75fb80b) +} var fileDescriptor_cbb99233b75fb80b = []byte{ - // 1216 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x96, 0xdf, 0x6e, 0x13, 0x47, - 0x17, 0xc0, 0xb3, 0x89, 0x1d, 0xdb, 0x27, 0x7c, 0x21, 0x19, 0xf2, 0xd1, 0xad, 0x05, 0x4e, 0xb0, - 0x2a, 0x14, 0xb5, 0xc8, 0x06, 0x22, 0x4a, 0x41, 0xa2, 0x52, 0x13, 0xa7, 0x2d, 0x82, 0x80, 0xbb, - 0x71, 0x85, 0x5a, 0xa9, 0x17, 0xe3, 0xf5, 0x64, 0xbd, 0x8a, 0xbd, 0x63, 0xcd, 0x8c, 0x53, 0xfc, - 0x16, 0xbd, 0xec, 0x0b, 0x70, 0xdf, 0xc7, 0x40, 0xea, 0x0d, 0x97, 0xbd, 0x8a, 0x5a, 0xf2, 0x16, - 0x5c, 0x55, 0x73, 0x66, 0x76, 0xbd, 0xde, 0xdd, 0x22, 0xda, 0x2b, 0xcf, 0x9c, 0x7f, 0x33, 0x7b, - 0xce, 0xef, 0x9c, 0x31, 0x5c, 0x9f, 0x08, 0xae, 0x78, 0x7b, 0xd2, 0x97, 0x4c, 0x9c, 0x85, 0x3e, - 0x6b, 0xdb, 0xdf, 0x16, 0xca, 0x49, 0x2d, 0x51, 0xd4, 0xaf, 0x05, 0x9c, 0x07, 0x23, 0xd6, 0x46, - 0x45, 0x7f, 0x7a, 0xd2, 0x96, 0x4a, 0x4c, 0x7d, 0x65, 0x0c, 0xeb, 0xdb, 0x71, 0x1c, 0x9f, 0x8f, - 0xc7, 0x3c, 0x0a, 0x78, 0xc0, 0xdb, 0x66, 0x69, 0x0d, 0x6e, 0x64, 0x0f, 0x1a, 0x32, 0x3a, 0x52, - 0x43, 0x7f, 0xc8, 0xfc, 0x53, 0x6b, 0xb2, 0xa5, 0xbd, 0x8c, 0x99, 0x5e, 0x19, 0x69, 0xf3, 0x55, - 0x19, 0xc8, 0x01, 0x8f, 0x22, 0xe6, 0xab, 0xae, 0xe0, 0x2f, 0x67, 0x07, 0x3c, 0x3a, 0x09, 0x03, - 0xf2, 0x39, 0x5c, 0xed, 0x30, 0xa9, 0xc2, 0x88, 0xaa, 0x90, 0x47, 0xc7, 0x26, 0xe8, 0x33, 0x3a, - 0x66, 0xae, 0xb3, 0xe3, 0xec, 0xd6, 0xbc, 0x7f, 0xd0, 0x92, 0xbb, 0xb0, 0x95, 0xd7, 0x3c, 0xee, - 0xb8, 0xcb, 0xe8, 0x55, 0xa8, 0x23, 0xb7, 0xe1, 0xca, 0x53, 0xee, 0xd3, 0x91, 0x95, 0x7c, 0x35, - 0x18, 0x08, 0x26, 0xa5, 0xbb, 0x82, 0x2e, 0x45, 0x2a, 0xf2, 0x29, 0x6c, 0xa4, 0xc5, 0x5d, 0x2e, - 0x94, 0x5b, 0xda, 0x71, 0x76, 0xcb, 0x5e, 0x4e, 0x4e, 0xee, 0xc1, 0xaa, 0xf9, 0x26, 0xb7, 0xbc, - 0xe3, 0xec, 0xae, 0xdd, 0xfd, 0xa8, 0x65, 0x32, 0xdd, 0x8a, 0x33, 0xdd, 0x3a, 0xc6, 0x4c, 0xef, - 0x97, 0x5e, 0x9f, 0x6f, 0x3b, 0x9e, 0x35, 0x26, 0xf7, 0xa1, 0xf6, 0xfd, 0x44, 0x2a, 0xc1, 0xe8, - 0x58, 0xba, 0xab, 0x3b, 0x2b, 0xbb, 0x6b, 0x77, 0xaf, 0xb4, 0x92, 0xf4, 0xb6, 0x62, 0x1d, 0x7a, - 0x2d, 0x79, 0x73, 0x5b, 0xd2, 0x81, 0xb5, 0x23, 0x26, 0x87, 0xdf, 0x50, 0xc5, 0x7e, 0xa6, 0x33, - 0xb7, 0x82, 0x87, 0x5e, 0x4b, 0xb9, 0xa6, 0xb4, 0xe6, 0x2c, 0x1b, 0x23, 0xed, 0xa6, 0x6f, 0x7d, - 0xf8, 0x72, 0xc2, 0x25, 0x73, 0xab, 0xf6, 0xd6, 0xf3, 0x00, 0x46, 0xb1, 0xe0, 0x6b, 0x8d, 0xc9, - 0x13, 0x28, 0x1d, 0xf1, 0x01, 0x73, 0x6b, 0x3a, 0x77, 0xfb, 0xf7, 0xdf, 0x9d, 0x6f, 0xef, 0x05, - 0xa1, 0x1a, 0x4e, 0xfb, 0x2d, 0x9f, 0x8f, 0xdb, 0x43, 0x2a, 0x87, 0xa1, 0xcf, 0xc5, 0xa4, 0xed, - 0xf3, 0x48, 0x4e, 0x47, 0x6d, 0x1a, 0xb0, 0x48, 0x59, 0xd2, 0x64, 0x0b, 0xeb, 0xaf, 0xdd, 0x3d, - 0x0c, 0x42, 0x8e, 0x61, 0xa3, 0x27, 0x68, 0x24, 0x27, 0x54, 0xb0, 0xc8, 0xd0, 0xe1, 0x02, 0xde, - 0xe6, 0x46, 0xea, 0x36, 0x59, 0x93, 0x85, 0x7b, 0xe5, 0x02, 0x68, 0xb0, 0xd2, 0x25, 0x3a, 0xe6, - 0xfe, 0x29, 0x53, 0x5d, 0xaa, 0x86, 0xee, 0x9a, 0x01, 0xab, 0x58, 0xdb, 0xfc, 0xbd, 0x04, 0xd5, - 0x38, 0xc9, 0x64, 0x17, 0x2e, 0xa7, 0x48, 0xea, 0xcd, 0x26, 0x31, 0x96, 0x59, 0x71, 0x86, 0x47, - 0x8d, 0xa8, 0x9c, 0x50, 0x9f, 0x15, 0xf0, 0x98, 0xe8, 0x32, 0xd1, 0x11, 0xfa, 0x95, 0x5c, 0x74, - 0xa4, 0xbd, 0x01, 0xd0, 0xa1, 0x8a, 0xfa, 0x2c, 0x52, 0x4c, 0x20, 0x81, 0x35, 0x2f, 0x25, 0x49, - 0x38, 0xdd, 0x0f, 0xa3, 0x41, 0x8c, 0x75, 0x19, 0xad, 0x72, 0x72, 0xf2, 0x09, 0xfc, 0x2f, 0x91, - 0x21, 0xd0, 0xab, 0x08, 0xf4, 0xa2, 0x30, 0x45, 0x73, 0xe5, 0xdf, 0xd0, 0x9c, 0x81, 0xb2, 0xfa, - 0xdf, 0xa0, 0xbc, 0x0d, 0x57, 0x0e, 0x58, 0xa4, 0x04, 0x1d, 0x8d, 0xac, 0xd5, 0x54, 0xb0, 0x01, - 0xc2, 0x56, 0xf5, 0x8a, 0x54, 0x49, 0x6b, 0xeb, 0xfb, 0xa7, 0x4a, 0x0d, 0xa9, 0xd6, 0x5e, 0x54, - 0x15, 0x78, 0x20, 0xd0, 0x6b, 0x85, 0x1e, 0x88, 0xe9, 0x62, 0x89, 0xbb, 0x54, 0xa8, 0x50, 0x2f, - 0xdc, 0x4b, 0xb9, 0x12, 0x27, 0xba, 0x66, 0x04, 0xeb, 0x16, 0x31, 0x3b, 0xfb, 0xc8, 0x55, 0x58, - 0x7d, 0x46, 0x55, 0x78, 0x66, 0x48, 0xaa, 0x7a, 0x76, 0x47, 0x3a, 0xb0, 0x7e, 0x1c, 0x0e, 0x98, - 0x4f, 0x85, 0x75, 0x40, 0x16, 0x16, 0x93, 0x67, 0x35, 0x1d, 0x76, 0x12, 0x46, 0x18, 0xdf, 0xcb, - 0xf8, 0x34, 0x7f, 0x80, 0x4b, 0xe9, 0xae, 0xd5, 0xa7, 0x1d, 0xe8, 0xd1, 0x2c, 0xe3, 0xd3, 0xcc, - 0x8e, 0xdc, 0x81, 0xb2, 0xce, 0x82, 0x74, 0x97, 0x71, 0xe2, 0xfc, 0x3f, 0xd7, 0xf5, 0x5a, 0x6b, - 0x4b, 0x63, 0x2c, 0x9b, 0xbf, 0x39, 0x00, 0x73, 0x1d, 0x69, 0xc2, 0xa5, 0xa7, 0xa1, 0x54, 0x2c, - 0x62, 0x02, 0x29, 0x72, 0x90, 0xa2, 0x05, 0x19, 0x21, 0x50, 0xc2, 0x32, 0x98, 0x26, 0xc0, 0x75, - 0x82, 0x9f, 0xde, 0xa0, 0xe3, 0x4a, 0x0a, 0xbf, 0x58, 0x48, 0xea, 0x50, 0xed, 0x6a, 0xd0, 0x7c, - 0x3e, 0xb2, 0xb8, 0x27, 0x7b, 0xdd, 0x36, 0x5d, 0x2a, 0x24, 0x1b, 0x7c, 0x2d, 0xf8, 0x18, 0xbf, - 0x07, 0x59, 0xaf, 0x7a, 0x59, 0x71, 0xf3, 0x04, 0x36, 0x73, 0xbc, 0x91, 0xef, 0xec, 0xe8, 0xc2, - 0x46, 0xde, 0x7f, 0xf4, 0xee, 0x7c, 0xfb, 0xc1, 0x87, 0x8f, 0xae, 0x54, 0xb8, 0xf9, 0x00, 0x6b, - 0x2a, 0xb8, 0x5a, 0x3c, 0x9d, 0x34, 0x33, 0xcf, 0xa7, 0xaa, 0xcf, 0xa7, 0xd1, 0xa0, 0x20, 0x5b, - 0x85, 0x3a, 0x72, 0x13, 0xd6, 0x3b, 0x21, 0x1d, 0xb1, 0x41, 0x27, 0x14, 0xcc, 0x57, 0xa3, 0x19, - 0xe6, 0xaf, 0xea, 0x65, 0xa4, 0xcd, 0x57, 0x15, 0xd8, 0xcc, 0x11, 0x41, 0x8e, 0xa0, 0xf4, 0x24, - 0x8c, 0x06, 0xf6, 0xf3, 0x1e, 0xbc, 0x3b, 0xdf, 0xbe, 0xf7, 0xe1, 0x9f, 0x67, 0xc3, 0xe9, 0x00, - 0x1e, 0x86, 0x21, 0xeb, 0xb0, 0x9c, 0xbc, 0xaa, 0xcb, 0x8f, 0x3b, 0xba, 0xa4, 0xa9, 0x41, 0x85, - 0x6b, 0x2d, 0xeb, 0xd1, 0x40, 0xba, 0xa5, 0x9d, 0x15, 0x2d, 0xd3, 0x6b, 0xe2, 0x42, 0x65, 0x71, - 0x10, 0xc5, 0x5b, 0x42, 0xe1, 0x72, 0x8f, 0x06, 0x01, 0x8b, 0x07, 0x12, 0x93, 0xee, 0x06, 0x42, - 0x78, 0xe7, 0x7d, 0xa4, 0xb7, 0x32, 0x3e, 0x87, 0x91, 0x12, 0x33, 0x0b, 0x68, 0x36, 0x1e, 0x79, - 0x08, 0xa5, 0x23, 0xa6, 0xa8, 0x7d, 0x4e, 0x6f, 0xbe, 0x37, 0xae, 0x36, 0xc4, 0x60, 0x1e, 0xfa, - 0x20, 0xb3, 0xba, 0x42, 0x15, 0xac, 0x10, 0xae, 0xf5, 0xf8, 0x4d, 0x0d, 0x15, 0x62, 0xc6, 0xef, - 0xc2, 0x2c, 0x29, 0x1b, 0x0e, 0xcd, 0xbc, 0xdb, 0x4a, 0x1d, 0x88, 0x72, 0xfd, 0x42, 0xc4, 0xcd, - 0x84, 0x02, 0x72, 0x2b, 0xe9, 0xcb, 0x1a, 0xde, 0xb1, 0xd0, 0x25, 0xe9, 0xd6, 0x5b, 0x50, 0x79, - 0xc1, 0xc2, 0x60, 0xa8, 0xa4, 0x7d, 0x17, 0x49, 0xca, 0xdc, 0x6a, 0xbc, 0xd8, 0x84, 0x6c, 0x41, - 0xb9, 0xc7, 0x4f, 0x59, 0x64, 0x67, 0x99, 0xd9, 0x90, 0x5b, 0xb0, 0x79, 0x18, 0xd1, 0xfe, 0x88, - 0xf5, 0x68, 0xf0, 0xfc, 0x8c, 0x09, 0x11, 0x0e, 0x18, 0x8e, 0xae, 0xaa, 0x97, 0x57, 0x90, 0x3d, - 0x28, 0x9b, 0x77, 0x78, 0x1d, 0xcf, 0xbb, 0x9e, 0xbe, 0x5e, 0xee, 0x4f, 0x9c, 0x67, 0x6c, 0xc9, - 0xb7, 0xb0, 0x7e, 0xa8, 0x9f, 0xa3, 0x89, 0x08, 0x25, 0xc3, 0x02, 0x6c, 0xa2, 0x77, 0xbd, 0x35, - 0xff, 0x37, 0xd9, 0x5a, 0xb4, 0xb0, 0x59, 0xc9, 0xf8, 0x91, 0x3d, 0xa8, 0xd8, 0x63, 0xdc, 0xcb, - 0x18, 0xe2, 0xe3, 0x7c, 0x0d, 0xad, 0x81, 0x17, 0x5b, 0xd6, 0x7f, 0x82, 0xad, 0x22, 0x48, 0xc8, - 0x06, 0xac, 0x9c, 0xb2, 0x99, 0x7d, 0xb8, 0xf5, 0x92, 0xb4, 0xa1, 0x7c, 0x46, 0x47, 0x53, 0xf3, - 0x3a, 0x17, 0x06, 0xb7, 0x21, 0x3c, 0x63, 0xf7, 0x70, 0xf9, 0x0b, 0xa7, 0x7e, 0x1f, 0x6a, 0x09, - 0x2b, 0x05, 0x31, 0xb7, 0xd2, 0x31, 0x6b, 0x29, 0xc7, 0xe6, 0x97, 0xc9, 0x1b, 0x10, 0xb7, 0x40, - 0xaa, 0x39, 0x9c, 0xc5, 0xe6, 0x88, 0xe9, 0x5b, 0x9e, 0xd3, 0xd7, 0x7c, 0x94, 0x54, 0x5f, 0x3b, - 0x76, 0xa9, 0x94, 0x61, 0x14, 0xd8, 0x09, 0x12, 0x6f, 0xb5, 0xe6, 0x05, 0x15, 0x91, 0xd6, 0x18, - 0xdf, 0x78, 0xbb, 0x7f, 0xf4, 0xfa, 0xaf, 0xc6, 0xd2, 0xeb, 0xb7, 0x0d, 0xe7, 0xcd, 0xdb, 0x86, - 0xf3, 0xe7, 0xdb, 0x86, 0xf3, 0xcb, 0x45, 0x63, 0xe9, 0xd7, 0x8b, 0xc6, 0xd2, 0x9b, 0x8b, 0xc6, - 0xd2, 0x1f, 0x17, 0x8d, 0xa5, 0x1f, 0x3f, 0x7b, 0xdf, 0x80, 0xc8, 0xfc, 0xdf, 0xef, 0xaf, 0xa2, - 0x60, 0xef, 0xef, 0x00, 0x00, 0x00, 0xff, 0xff, 0x6d, 0x83, 0xcc, 0x12, 0x72, 0x0c, 0x00, 0x00, + // 1086 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x56, 0xef, 0x6e, 0x1b, 0x45, + 0x10, 0x97, 0xff, 0xdb, 0x93, 0xe0, 0x24, 0x9b, 0x10, 0x8e, 0xd0, 0xa2, 0xf4, 0x84, 0x4a, 0xd4, + 0x06, 0xbb, 0x4d, 0x24, 0x40, 0x95, 0x88, 0x44, 0xe3, 0x80, 0x2a, 0x9a, 0xd6, 0xba, 0x18, 0x55, + 0x02, 0xf1, 0x61, 0x7d, 0xb7, 0xb1, 0x4f, 0xb9, 0xec, 0x59, 0xbb, 0xeb, 0x50, 0xbf, 0x15, 0x6f, + 0xc0, 0x1b, 0xf0, 0x89, 0x07, 0x42, 0x3b, 0xbb, 0x77, 0x59, 0xdf, 0x1d, 0x15, 0x7c, 0xf2, 0xee, + 0xfc, 0xe6, 0x37, 0xbb, 0x9e, 0xf9, 0xcd, 0xec, 0xc1, 0xc3, 0x85, 0x48, 0x55, 0x3a, 0x5c, 0x4c, + 0x25, 0x13, 0x77, 0x71, 0xc8, 0x86, 0xf6, 0x77, 0x80, 0x76, 0xd2, 0xcb, 0x81, 0x83, 0x07, 0xb3, + 0x34, 0x9d, 0x25, 0x6c, 0x88, 0xc0, 0x74, 0x79, 0x3d, 0x94, 0x4a, 0x2c, 0x43, 0x65, 0x1c, 0x0f, + 0x3e, 0xcb, 0xe2, 0x84, 0xe9, 0xed, 0x6d, 0xca, 0x87, 0xe6, 0xc7, 0x82, 0x8f, 0x8a, 0x87, 0xcc, + 0x19, 0x4d, 0xd4, 0x3c, 0x9c, 0xb3, 0xf0, 0xc6, 0xb8, 0xf8, 0x7f, 0x35, 0x81, 0x9c, 0xa7, 0x9c, + 0xb3, 0x50, 0x8d, 0x45, 0xfa, 0x7e, 0x75, 0x9e, 0xf2, 0xeb, 0x78, 0x46, 0xbe, 0x86, 0xfd, 0x11, + 0x93, 0x2a, 0xe6, 0x54, 0xc5, 0x29, 0xbf, 0x32, 0xf4, 0x37, 0xf4, 0x96, 0x79, 0xb5, 0xc3, 0xda, + 0x51, 0x2f, 0xf8, 0x17, 0x94, 0x9c, 0xc0, 0x5e, 0x19, 0x79, 0x35, 0xf2, 0xea, 0xc8, 0xaa, 0xc4, + 0xc8, 0x33, 0xd8, 0x7d, 0x9d, 0x86, 0x34, 0xb1, 0x96, 0xef, 0xa3, 0x48, 0x30, 0x29, 0xbd, 0x06, + 0x52, 0xaa, 0x20, 0xf2, 0x04, 0xb6, 0x5d, 0xf3, 0x38, 0x15, 0xca, 0x6b, 0x1e, 0xd6, 0x8e, 0x5a, + 0x41, 0xc9, 0x4e, 0x86, 0xd0, 0x36, 0xff, 0xc9, 0x6b, 0x1d, 0xd6, 0x8e, 0x36, 0x4e, 0x3e, 0x19, + 0x98, 0x7c, 0x0e, 0xb2, 0x7c, 0x0e, 0xae, 0x30, 0x9f, 0x81, 0x75, 0x23, 0xcf, 0xa1, 0xf7, 0xf3, + 0x42, 0x2a, 0xc1, 0xe8, 0xad, 0xf4, 0xda, 0x87, 0x8d, 0xa3, 0x8d, 0x93, 0xdd, 0x41, 0x9e, 0xc2, + 0x41, 0x86, 0x05, 0xf7, 0x5e, 0xe4, 0x0c, 0x36, 0x2e, 0x99, 0x9c, 0xff, 0x48, 0x15, 0xfb, 0x9d, + 0xae, 0xbc, 0x0e, 0x1e, 0xf4, 0xc0, 0x21, 0x39, 0xa8, 0x39, 0x25, 0x70, 0x09, 0xfa, 0x8e, 0x17, + 0xef, 0x17, 0xa9, 0x64, 0x5e, 0xd7, 0xde, 0xf1, 0x9e, 0x6a, 0x00, 0xcb, 0xb2, 0x6e, 0x84, 0x40, + 0xf3, 0x32, 0x8d, 0x98, 0xd7, 0xc3, 0x1c, 0xe1, 0x9a, 0x5c, 0xc2, 0xf6, 0x44, 0x50, 0x2e, 0x17, + 0x54, 0x30, 0x6e, 0x8a, 0xe9, 0x01, 0x86, 0x7b, 0xe4, 0x84, 0x2b, 0xba, 0xd8, 0xc0, 0x25, 0xaa, + 0x56, 0x80, 0x9b, 0xcb, 0xab, 0x34, 0xbc, 0x61, 0x6a, 0x4c, 0xd5, 0xdc, 0xdb, 0x30, 0x0a, 0xa8, + 0x46, 0xfd, 0x3f, 0x9b, 0xd0, 0xcd, 0x32, 0x43, 0x8e, 0x60, 0xcb, 0x29, 0xf9, 0x64, 0xb5, 0xc8, + 0xf4, 0x53, 0x34, 0x17, 0x84, 0xa3, 0xb5, 0x24, 0x17, 0x34, 0x64, 0x15, 0xc2, 0xc9, 0xb1, 0x42, + 0x74, 0x54, 0x67, 0xa3, 0x14, 0x1d, 0x65, 0xf9, 0x39, 0xc0, 0x88, 0x2a, 0x1a, 0x32, 0xae, 0x98, + 0x40, 0xa9, 0xf4, 0x02, 0xc7, 0x92, 0x0b, 0xea, 0x65, 0xcc, 0xa3, 0x4c, 0x7f, 0x2d, 0xf4, 0x2a, + 0xd9, 0xc9, 0x17, 0xf0, 0x51, 0x6e, 0x43, 0xe5, 0xb5, 0x51, 0x79, 0xeb, 0x46, 0x47, 0x76, 0x9d, + 0xff, 0x26, 0xbb, 0x82, 0x86, 0xba, 0xff, 0x57, 0x43, 0xcf, 0x60, 0xf7, 0x9c, 0x71, 0x25, 0x68, + 0x92, 0x58, 0x7c, 0x29, 0x58, 0x84, 0x0a, 0xe9, 0x06, 0x55, 0x50, 0xde, 0x77, 0xfa, 0xce, 0x4e, + 0x79, 0xc1, 0xe9, 0xbb, 0x75, 0xa8, 0x82, 0x81, 0x2a, 0xdc, 0xa8, 0x64, 0xa0, 0x28, 0xd7, 0xcb, + 0x3a, 0xa6, 0x42, 0xc5, 0x7a, 0xe1, 0x6d, 0x96, 0xca, 0x9a, 0x63, 0x3e, 0x87, 0xbe, 0x95, 0x95, + 0x1d, 0x4c, 0x64, 0x1f, 0xda, 0x6f, 0xa8, 0x8a, 0xef, 0x8c, 0x7a, 0xba, 0x81, 0xdd, 0x91, 0x11, + 0xf4, 0xaf, 0xe2, 0x88, 0x85, 0x54, 0x58, 0x02, 0xd6, 0x7f, 0x3d, 0x6d, 0x16, 0x19, 0xb1, 0xeb, + 0x98, 0x63, 0xfc, 0xa0, 0xc0, 0xf1, 0xaf, 0x60, 0xd3, 0x6d, 0x32, 0x7d, 0xda, 0xb9, 0x9e, 0x90, + 0x32, 0x3b, 0xcd, 0xec, 0xc8, 0x53, 0x68, 0xe9, 0x2c, 0x48, 0xaf, 0x8e, 0x43, 0xe1, 0xe3, 0x52, + 0x93, 0x6a, 0x34, 0x30, 0x3e, 0xfe, 0x1f, 0x35, 0x80, 0x7b, 0x2b, 0xf1, 0x61, 0xf3, 0x75, 0x2c, + 0x15, 0xe3, 0x4c, 0xa0, 0x66, 0x6a, 0xa8, 0x99, 0x35, 0x9b, 0x6e, 0x6a, 0x2c, 0x80, 0x91, 0x3c, + 0xae, 0x73, 0xb1, 0xe9, 0x0d, 0x12, 0x1b, 0x8e, 0xd8, 0x32, 0x23, 0x39, 0x80, 0xee, 0x58, 0xcb, + 0x2a, 0x4c, 0x13, 0x2b, 0xee, 0x7c, 0xaf, 0x9b, 0x64, 0x4c, 0x85, 0x64, 0xd1, 0x0f, 0x22, 0xbd, + 0xc5, 0x7f, 0x82, 0xca, 0xee, 0x06, 0x45, 0xb3, 0xff, 0x25, 0xec, 0x94, 0x34, 0x96, 0x4f, 0x9a, + 0xda, 0xfd, 0xa4, 0xf1, 0x15, 0xec, 0x57, 0x8f, 0x11, 0x5d, 0xee, 0xb7, 0x4b, 0x35, 0x4d, 0x97, + 0x3c, 0xaa, 0xf8, 0xbb, 0x95, 0x18, 0x79, 0x0c, 0xfd, 0x51, 0x4c, 0x13, 0x16, 0x8d, 0x62, 0xc1, + 0x42, 0x95, 0xac, 0x30, 0x01, 0xdd, 0xa0, 0x60, 0xf5, 0xff, 0x6e, 0xc3, 0x4e, 0xa9, 0x98, 0xfa, + 0x7e, 0x3f, 0xc5, 0x3c, 0xca, 0xee, 0xa7, 0xd7, 0xa4, 0x0f, 0xf5, 0xfc, 0xc9, 0xa9, 0xbf, 0x1a, + 0x69, 0x1f, 0x67, 0x38, 0xe0, 0x5a, 0xdb, 0x26, 0x74, 0x26, 0xbd, 0xe6, 0x61, 0x43, 0xdb, 0xf4, + 0x9a, 0x78, 0xd0, 0x59, 0x6f, 0xfe, 0x6c, 0x4b, 0x7e, 0x85, 0xad, 0x09, 0x9d, 0xcd, 0x58, 0x36, + 0x04, 0x98, 0xf4, 0xb6, 0x51, 0x04, 0xcf, 0x3f, 0xa4, 0xb4, 0x41, 0x81, 0x73, 0xc1, 0x95, 0x58, + 0x05, 0xc5, 0x48, 0xe4, 0x05, 0x34, 0x2f, 0x99, 0xa2, 0xf6, 0xad, 0x79, 0xfc, 0xc1, 0x88, 0xda, + 0xd1, 0x84, 0x41, 0x0e, 0x6a, 0x46, 0x27, 0xb8, 0x83, 0x09, 0xc6, 0xb5, 0x1e, 0x76, 0x4e, 0x3b, + 0x13, 0x33, 0xec, 0x9c, 0x2e, 0x7e, 0x02, 0x2d, 0xa3, 0x03, 0x33, 0x63, 0xf6, 0x9c, 0x03, 0xd1, + 0xae, 0xe7, 0x71, 0x60, 0x5c, 0xc8, 0x71, 0xde, 0x0b, 0x3d, 0xbc, 0x5d, 0xb5, 0x73, 0xd6, 0x21, + 0xc7, 0xd0, 0x79, 0xc7, 0xe2, 0xd9, 0x5c, 0x49, 0xfb, 0xf2, 0x10, 0xc7, 0xdd, 0x22, 0x41, 0xe6, + 0x42, 0xf6, 0xa0, 0x35, 0x49, 0x6f, 0x18, 0xb7, 0xf3, 0xc3, 0x6c, 0xc8, 0x31, 0xec, 0x5c, 0x70, + 0x3a, 0x4d, 0xd8, 0x84, 0xce, 0xde, 0xde, 0x31, 0x21, 0xe2, 0x88, 0xe1, 0xb8, 0xe8, 0x06, 0x65, + 0x80, 0x9c, 0x42, 0xcb, 0xbc, 0x74, 0x7d, 0x3c, 0xef, 0xa1, 0x7b, 0xbd, 0xd2, 0x57, 0x4d, 0x60, + 0x7c, 0xc9, 0x19, 0xf4, 0x2f, 0xf4, 0xd8, 0x5f, 0x88, 0x58, 0x32, 0x4c, 0xfd, 0x0e, 0xb2, 0xf7, + 0x07, 0xf6, 0xeb, 0x69, 0x1d, 0x0d, 0x0a, 0xde, 0xe4, 0x14, 0x3a, 0x36, 0xb8, 0xb7, 0x85, 0xc4, + 0x4f, 0xcb, 0x35, 0xb3, 0x0e, 0x41, 0xe6, 0x79, 0xf0, 0x1b, 0xec, 0x55, 0xc9, 0x81, 0x6c, 0x43, + 0xe3, 0x86, 0xad, 0xac, 0x7e, 0xf5, 0x92, 0x0c, 0xa1, 0x75, 0x47, 0x93, 0xa5, 0x79, 0xfb, 0x2a, + 0x83, 0xdb, 0x10, 0x81, 0xf1, 0x7b, 0x51, 0xff, 0xb6, 0x76, 0xf0, 0x0d, 0xf4, 0x72, 0x6d, 0x54, + 0xc4, 0xdc, 0x73, 0x63, 0xf6, 0x1c, 0xa2, 0x7f, 0x96, 0x4f, 0xdb, 0x4c, 0xec, 0x4e, 0x1b, 0xd4, + 0xd6, 0xdb, 0x20, 0x53, 0x5b, 0xfd, 0x5e, 0x6d, 0xfe, 0x77, 0x79, 0xcd, 0x35, 0x71, 0x4c, 0xa5, + 0x8c, 0xf9, 0xcc, 0x36, 0x7c, 0xb6, 0xd5, 0xc8, 0x3b, 0x2a, 0xb8, 0x46, 0x0c, 0x37, 0xdb, 0xbe, + 0xfc, 0xea, 0x97, 0xa7, 0xb3, 0x58, 0xcd, 0x97, 0x53, 0x9d, 0xfb, 0xe1, 0x9c, 0xca, 0x79, 0x1c, + 0xa6, 0x62, 0x31, 0x0c, 0x53, 0x2e, 0x97, 0xc9, 0xb0, 0xf0, 0x01, 0x3b, 0x6d, 0xa3, 0xe1, 0xf4, + 0x9f, 0x00, 0x00, 0x00, 0xff, 0xff, 0xba, 0x23, 0xd7, 0x20, 0x3f, 0x0b, 0x00, 0x00, } - -func (m *ConnectProxyConfig) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *ConnectProxyConfig) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *ConnectProxyConfig) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if len(m.LocalServiceSocketPath) > 0 { - i -= len(m.LocalServiceSocketPath) - copy(dAtA[i:], m.LocalServiceSocketPath) - i = encodeVarintService(dAtA, i, uint64(len(m.LocalServiceSocketPath))) - i-- - dAtA[i] = 0x5a - } - { - size, err := m.TransparentProxy.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintService(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x52 - if len(m.Mode) > 0 { - i -= len(m.Mode) - copy(dAtA[i:], m.Mode) - i = encodeVarintService(dAtA, i, uint64(len(m.Mode))) - i-- - dAtA[i] = 0x4a - } - { - size, err := m.Expose.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintService(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x42 - { - size, err := m.MeshGateway.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintService(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x3a - if len(m.Upstreams) > 0 { - for iNdEx := len(m.Upstreams) - 1; iNdEx >= 0; iNdEx-- { - { - size, err := m.Upstreams[iNdEx].MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintService(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x32 - } - } - if m.Config != nil { - { - size, err := m.Config.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintService(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x2a - } - if m.LocalServicePort != 0 { - i = encodeVarintService(dAtA, i, uint64(m.LocalServicePort)) - i-- - dAtA[i] = 0x20 - } - if len(m.LocalServiceAddress) > 0 { - i -= len(m.LocalServiceAddress) - copy(dAtA[i:], m.LocalServiceAddress) - i = encodeVarintService(dAtA, i, uint64(len(m.LocalServiceAddress))) - i-- - dAtA[i] = 0x1a - } - if len(m.DestinationServiceID) > 0 { - i -= len(m.DestinationServiceID) - copy(dAtA[i:], m.DestinationServiceID) - i = encodeVarintService(dAtA, i, uint64(len(m.DestinationServiceID))) - i-- - dAtA[i] = 0x12 - } - if len(m.DestinationServiceName) > 0 { - i -= len(m.DestinationServiceName) - copy(dAtA[i:], m.DestinationServiceName) - i = encodeVarintService(dAtA, i, uint64(len(m.DestinationServiceName))) - i-- - dAtA[i] = 0xa - } - return len(dAtA) - i, nil -} - -func (m *Upstream) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *Upstream) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *Upstream) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if len(m.DestinationPartition) > 0 { - i -= len(m.DestinationPartition) - copy(dAtA[i:], m.DestinationPartition) - i = encodeVarintService(dAtA, i, uint64(len(m.DestinationPartition))) - i-- - dAtA[i] = 0x62 - } - if len(m.LocalBindSocketMode) > 0 { - i -= len(m.LocalBindSocketMode) - copy(dAtA[i:], m.LocalBindSocketMode) - i = encodeVarintService(dAtA, i, uint64(len(m.LocalBindSocketMode))) - i-- - dAtA[i] = 0x5a - } - if len(m.LocalBindSocketPath) > 0 { - i -= len(m.LocalBindSocketPath) - copy(dAtA[i:], m.LocalBindSocketPath) - i = encodeVarintService(dAtA, i, uint64(len(m.LocalBindSocketPath))) - i-- - dAtA[i] = 0x52 - } - if m.CentrallyConfigured { - i-- - if m.CentrallyConfigured { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x48 - } - { - size, err := m.MeshGateway.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintService(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x42 - if m.Config != nil { - { - size, err := m.Config.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintService(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x3a - } - if m.LocalBindPort != 0 { - i = encodeVarintService(dAtA, i, uint64(m.LocalBindPort)) - i-- - dAtA[i] = 0x30 - } - if len(m.LocalBindAddress) > 0 { - i -= len(m.LocalBindAddress) - copy(dAtA[i:], m.LocalBindAddress) - i = encodeVarintService(dAtA, i, uint64(len(m.LocalBindAddress))) - i-- - dAtA[i] = 0x2a - } - if len(m.Datacenter) > 0 { - i -= len(m.Datacenter) - copy(dAtA[i:], m.Datacenter) - i = encodeVarintService(dAtA, i, uint64(len(m.Datacenter))) - i-- - dAtA[i] = 0x22 - } - if len(m.DestinationName) > 0 { - i -= len(m.DestinationName) - copy(dAtA[i:], m.DestinationName) - i = encodeVarintService(dAtA, i, uint64(len(m.DestinationName))) - i-- - dAtA[i] = 0x1a - } - if len(m.DestinationNamespace) > 0 { - i -= len(m.DestinationNamespace) - copy(dAtA[i:], m.DestinationNamespace) - i = encodeVarintService(dAtA, i, uint64(len(m.DestinationNamespace))) - i-- - dAtA[i] = 0x12 - } - if len(m.DestinationType) > 0 { - i -= len(m.DestinationType) - copy(dAtA[i:], m.DestinationType) - i = encodeVarintService(dAtA, i, uint64(len(m.DestinationType))) - i-- - dAtA[i] = 0xa - } - return len(dAtA) - i, nil -} - -func (m *ServiceConnect) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *ServiceConnect) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *ServiceConnect) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if m.SidecarService != nil { - { - size, err := m.SidecarService.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintService(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x1a - } - if m.Native { - i-- - if m.Native { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x8 - } - return len(dAtA) - i, nil -} - -func (m *ExposeConfig) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *ExposeConfig) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *ExposeConfig) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if len(m.Paths) > 0 { - for iNdEx := len(m.Paths) - 1; iNdEx >= 0; iNdEx-- { - { - size, err := m.Paths[iNdEx].MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintService(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x12 - } - } - if m.Checks { - i-- - if m.Checks { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x8 - } - return len(dAtA) - i, nil -} - -func (m *ExposePath) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *ExposePath) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *ExposePath) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if m.ParsedFromCheck { - i-- - if m.ParsedFromCheck { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x28 - } - if len(m.Protocol) > 0 { - i -= len(m.Protocol) - copy(dAtA[i:], m.Protocol) - i = encodeVarintService(dAtA, i, uint64(len(m.Protocol))) - i-- - dAtA[i] = 0x22 - } - if m.LocalPathPort != 0 { - i = encodeVarintService(dAtA, i, uint64(m.LocalPathPort)) - i-- - dAtA[i] = 0x18 - } - if len(m.Path) > 0 { - i -= len(m.Path) - copy(dAtA[i:], m.Path) - i = encodeVarintService(dAtA, i, uint64(len(m.Path))) - i-- - dAtA[i] = 0x12 - } - if m.ListenerPort != 0 { - i = encodeVarintService(dAtA, i, uint64(m.ListenerPort)) - i-- - dAtA[i] = 0x8 - } - return len(dAtA) - i, nil -} - -func (m *MeshGatewayConfig) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *MeshGatewayConfig) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *MeshGatewayConfig) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if len(m.Mode) > 0 { - i -= len(m.Mode) - copy(dAtA[i:], m.Mode) - i = encodeVarintService(dAtA, i, uint64(len(m.Mode))) - i-- - dAtA[i] = 0xa - } - return len(dAtA) - i, nil -} - -func (m *TransparentProxyConfig) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *TransparentProxyConfig) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *TransparentProxyConfig) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if m.DialedDirectly { - i-- - if m.DialedDirectly { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x10 - } - if m.OutboundListenerPort != 0 { - i = encodeVarintService(dAtA, i, uint64(m.OutboundListenerPort)) - i-- - dAtA[i] = 0x8 - } - return len(dAtA) - i, nil -} - -func (m *ServiceDefinition) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *ServiceDefinition) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *ServiceDefinition) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if len(m.SocketPath) > 0 { - i -= len(m.SocketPath) - copy(dAtA[i:], m.SocketPath) - i = encodeVarintService(dAtA, i, uint64(len(m.SocketPath))) - i-- - dAtA[i] = 0x1 - i-- - dAtA[i] = 0x92 - } - { - size, err := m.EnterpriseMeta.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintService(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x1 - i-- - dAtA[i] = 0x8a - if len(m.TaggedAddresses) > 0 { - for k := range m.TaggedAddresses { - v := m.TaggedAddresses[k] - baseI := i - { - size, err := (&v).MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintService(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x12 - i -= len(k) - copy(dAtA[i:], k) - i = encodeVarintService(dAtA, i, uint64(len(k))) - i-- - dAtA[i] = 0xa - i = encodeVarintService(dAtA, i, uint64(baseI-i)) - i-- - dAtA[i] = 0x1 - i-- - dAtA[i] = 0x82 - } - } - if m.Connect != nil { - { - size, err := m.Connect.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintService(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x7a - } - if m.Proxy != nil { - { - size, err := m.Proxy.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintService(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x72 - } - if m.EnableTagOverride { - i-- - if m.EnableTagOverride { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x60 - } - if len(m.Token) > 0 { - i -= len(m.Token) - copy(dAtA[i:], m.Token) - i = encodeVarintService(dAtA, i, uint64(len(m.Token))) - i-- - dAtA[i] = 0x5a - } - if m.Weights != nil { - { - size, err := m.Weights.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintService(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x52 - } - if len(m.Checks) > 0 { - for iNdEx := len(m.Checks) - 1; iNdEx >= 0; iNdEx-- { - { - size, err := m.Checks[iNdEx].MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintService(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x4a - } - } - { - size, err := m.Check.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintService(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x42 - if m.Port != 0 { - i = encodeVarintService(dAtA, i, uint64(m.Port)) - i-- - dAtA[i] = 0x38 - } - if len(m.Meta) > 0 { - for k := range m.Meta { - v := m.Meta[k] - baseI := i - i -= len(v) - copy(dAtA[i:], v) - i = encodeVarintService(dAtA, i, uint64(len(v))) - i-- - dAtA[i] = 0x12 - i -= len(k) - copy(dAtA[i:], k) - i = encodeVarintService(dAtA, i, uint64(len(k))) - i-- - dAtA[i] = 0xa - i = encodeVarintService(dAtA, i, uint64(baseI-i)) - i-- - dAtA[i] = 0x32 - } - } - if len(m.Address) > 0 { - i -= len(m.Address) - copy(dAtA[i:], m.Address) - i = encodeVarintService(dAtA, i, uint64(len(m.Address))) - i-- - dAtA[i] = 0x2a - } - if len(m.Tags) > 0 { - for iNdEx := len(m.Tags) - 1; iNdEx >= 0; iNdEx-- { - i -= len(m.Tags[iNdEx]) - copy(dAtA[i:], m.Tags[iNdEx]) - i = encodeVarintService(dAtA, i, uint64(len(m.Tags[iNdEx]))) - i-- - dAtA[i] = 0x22 - } - } - if len(m.Name) > 0 { - i -= len(m.Name) - copy(dAtA[i:], m.Name) - i = encodeVarintService(dAtA, i, uint64(len(m.Name))) - i-- - dAtA[i] = 0x1a - } - if len(m.ID) > 0 { - i -= len(m.ID) - copy(dAtA[i:], m.ID) - i = encodeVarintService(dAtA, i, uint64(len(m.ID))) - i-- - dAtA[i] = 0x12 - } - if len(m.Kind) > 0 { - i -= len(m.Kind) - copy(dAtA[i:], m.Kind) - i = encodeVarintService(dAtA, i, uint64(len(m.Kind))) - i-- - dAtA[i] = 0xa - } - return len(dAtA) - i, nil -} - -func (m *ServiceAddress) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *ServiceAddress) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *ServiceAddress) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if m.Port != 0 { - i = encodeVarintService(dAtA, i, uint64(m.Port)) - i-- - dAtA[i] = 0x10 - } - if len(m.Address) > 0 { - i -= len(m.Address) - copy(dAtA[i:], m.Address) - i = encodeVarintService(dAtA, i, uint64(len(m.Address))) - i-- - dAtA[i] = 0xa - } - return len(dAtA) - i, nil -} - -func (m *Weights) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *Weights) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *Weights) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if m.Warning != 0 { - i = encodeVarintService(dAtA, i, uint64(m.Warning)) - i-- - dAtA[i] = 0x10 - } - if m.Passing != 0 { - i = encodeVarintService(dAtA, i, uint64(m.Passing)) - i-- - dAtA[i] = 0x8 - } - return len(dAtA) - i, nil -} - -func encodeVarintService(dAtA []byte, offset int, v uint64) int { - offset -= sovService(v) - base := offset - for v >= 1<<7 { - dAtA[offset] = uint8(v&0x7f | 0x80) - v >>= 7 - offset++ - } - dAtA[offset] = uint8(v) - return base -} -func (m *ConnectProxyConfig) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.DestinationServiceName) - if l > 0 { - n += 1 + l + sovService(uint64(l)) - } - l = len(m.DestinationServiceID) - if l > 0 { - n += 1 + l + sovService(uint64(l)) - } - l = len(m.LocalServiceAddress) - if l > 0 { - n += 1 + l + sovService(uint64(l)) - } - if m.LocalServicePort != 0 { - n += 1 + sovService(uint64(m.LocalServicePort)) - } - if m.Config != nil { - l = m.Config.Size() - n += 1 + l + sovService(uint64(l)) - } - if len(m.Upstreams) > 0 { - for _, e := range m.Upstreams { - l = e.Size() - n += 1 + l + sovService(uint64(l)) - } - } - l = m.MeshGateway.Size() - n += 1 + l + sovService(uint64(l)) - l = m.Expose.Size() - n += 1 + l + sovService(uint64(l)) - l = len(m.Mode) - if l > 0 { - n += 1 + l + sovService(uint64(l)) - } - l = m.TransparentProxy.Size() - n += 1 + l + sovService(uint64(l)) - l = len(m.LocalServiceSocketPath) - if l > 0 { - n += 1 + l + sovService(uint64(l)) - } - return n -} - -func (m *Upstream) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.DestinationType) - if l > 0 { - n += 1 + l + sovService(uint64(l)) - } - l = len(m.DestinationNamespace) - if l > 0 { - n += 1 + l + sovService(uint64(l)) - } - l = len(m.DestinationName) - if l > 0 { - n += 1 + l + sovService(uint64(l)) - } - l = len(m.Datacenter) - if l > 0 { - n += 1 + l + sovService(uint64(l)) - } - l = len(m.LocalBindAddress) - if l > 0 { - n += 1 + l + sovService(uint64(l)) - } - if m.LocalBindPort != 0 { - n += 1 + sovService(uint64(m.LocalBindPort)) - } - if m.Config != nil { - l = m.Config.Size() - n += 1 + l + sovService(uint64(l)) - } - l = m.MeshGateway.Size() - n += 1 + l + sovService(uint64(l)) - if m.CentrallyConfigured { - n += 2 - } - l = len(m.LocalBindSocketPath) - if l > 0 { - n += 1 + l + sovService(uint64(l)) - } - l = len(m.LocalBindSocketMode) - if l > 0 { - n += 1 + l + sovService(uint64(l)) - } - l = len(m.DestinationPartition) - if l > 0 { - n += 1 + l + sovService(uint64(l)) - } - return n -} - -func (m *ServiceConnect) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - if m.Native { - n += 2 - } - if m.SidecarService != nil { - l = m.SidecarService.Size() - n += 1 + l + sovService(uint64(l)) - } - return n -} - -func (m *ExposeConfig) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - if m.Checks { - n += 2 - } - if len(m.Paths) > 0 { - for _, e := range m.Paths { - l = e.Size() - n += 1 + l + sovService(uint64(l)) - } - } - return n -} - -func (m *ExposePath) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - if m.ListenerPort != 0 { - n += 1 + sovService(uint64(m.ListenerPort)) - } - l = len(m.Path) - if l > 0 { - n += 1 + l + sovService(uint64(l)) - } - if m.LocalPathPort != 0 { - n += 1 + sovService(uint64(m.LocalPathPort)) - } - l = len(m.Protocol) - if l > 0 { - n += 1 + l + sovService(uint64(l)) - } - if m.ParsedFromCheck { - n += 2 - } - return n -} - -func (m *MeshGatewayConfig) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.Mode) - if l > 0 { - n += 1 + l + sovService(uint64(l)) - } - return n -} - -func (m *TransparentProxyConfig) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - if m.OutboundListenerPort != 0 { - n += 1 + sovService(uint64(m.OutboundListenerPort)) - } - if m.DialedDirectly { - n += 2 - } - return n -} - -func (m *ServiceDefinition) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.Kind) - if l > 0 { - n += 1 + l + sovService(uint64(l)) - } - l = len(m.ID) - if l > 0 { - n += 1 + l + sovService(uint64(l)) - } - l = len(m.Name) - if l > 0 { - n += 1 + l + sovService(uint64(l)) - } - if len(m.Tags) > 0 { - for _, s := range m.Tags { - l = len(s) - n += 1 + l + sovService(uint64(l)) - } - } - l = len(m.Address) - if l > 0 { - n += 1 + l + sovService(uint64(l)) - } - if len(m.Meta) > 0 { - for k, v := range m.Meta { - _ = k - _ = v - mapEntrySize := 1 + len(k) + sovService(uint64(len(k))) + 1 + len(v) + sovService(uint64(len(v))) - n += mapEntrySize + 1 + sovService(uint64(mapEntrySize)) - } - } - if m.Port != 0 { - n += 1 + sovService(uint64(m.Port)) - } - l = m.Check.Size() - n += 1 + l + sovService(uint64(l)) - if len(m.Checks) > 0 { - for _, e := range m.Checks { - l = e.Size() - n += 1 + l + sovService(uint64(l)) - } - } - if m.Weights != nil { - l = m.Weights.Size() - n += 1 + l + sovService(uint64(l)) - } - l = len(m.Token) - if l > 0 { - n += 1 + l + sovService(uint64(l)) - } - if m.EnableTagOverride { - n += 2 - } - if m.Proxy != nil { - l = m.Proxy.Size() - n += 1 + l + sovService(uint64(l)) - } - if m.Connect != nil { - l = m.Connect.Size() - n += 1 + l + sovService(uint64(l)) - } - if len(m.TaggedAddresses) > 0 { - for k, v := range m.TaggedAddresses { - _ = k - _ = v - l = v.Size() - mapEntrySize := 1 + len(k) + sovService(uint64(len(k))) + 1 + l + sovService(uint64(l)) - n += mapEntrySize + 2 + sovService(uint64(mapEntrySize)) - } - } - l = m.EnterpriseMeta.Size() - n += 2 + l + sovService(uint64(l)) - l = len(m.SocketPath) - if l > 0 { - n += 2 + l + sovService(uint64(l)) - } - return n -} - -func (m *ServiceAddress) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.Address) - if l > 0 { - n += 1 + l + sovService(uint64(l)) - } - if m.Port != 0 { - n += 1 + sovService(uint64(m.Port)) - } - return n -} - -func (m *Weights) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - if m.Passing != 0 { - n += 1 + sovService(uint64(m.Passing)) - } - if m.Warning != 0 { - n += 1 + sovService(uint64(m.Warning)) - } - return n -} - -func sovService(x uint64) (n int) { - return (math_bits.Len64(x|1) + 6) / 7 -} -func sozService(x uint64) (n int) { - return sovService(uint64((x << 1) ^ uint64((int64(x) >> 63)))) -} -func (m *ConnectProxyConfig) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: ConnectProxyConfig: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: ConnectProxyConfig: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DestinationServiceName", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthService - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthService - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.DestinationServiceName = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DestinationServiceID", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthService - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthService - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.DestinationServiceID = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field LocalServiceAddress", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthService - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthService - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.LocalServiceAddress = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 4: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field LocalServicePort", wireType) - } - m.LocalServicePort = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.LocalServicePort |= int32(b&0x7F) << shift - if b < 0x80 { - break - } - } - case 5: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Config", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthService - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthService - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.Config == nil { - m.Config = &types.Struct{} - } - if err := m.Config.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 6: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Upstreams", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthService - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthService - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Upstreams = append(m.Upstreams, Upstream{}) - if err := m.Upstreams[len(m.Upstreams)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 7: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field MeshGateway", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthService - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthService - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.MeshGateway.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 8: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Expose", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthService - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthService - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.Expose.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 9: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Mode", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthService - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthService - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Mode = github_com_hashicorp_consul_agent_structs.ProxyMode(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 10: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field TransparentProxy", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthService - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthService - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.TransparentProxy.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 11: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field LocalServiceSocketPath", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthService - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthService - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.LocalServiceSocketPath = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipService(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthService - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *Upstream) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: Upstream: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: Upstream: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DestinationType", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthService - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthService - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.DestinationType = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DestinationNamespace", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthService - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthService - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.DestinationNamespace = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DestinationName", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthService - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthService - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.DestinationName = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 4: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Datacenter", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthService - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthService - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Datacenter = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 5: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field LocalBindAddress", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthService - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthService - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.LocalBindAddress = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 6: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field LocalBindPort", wireType) - } - m.LocalBindPort = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.LocalBindPort |= int32(b&0x7F) << shift - if b < 0x80 { - break - } - } - case 7: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Config", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthService - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthService - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.Config == nil { - m.Config = &types.Struct{} - } - if err := m.Config.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 8: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field MeshGateway", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthService - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthService - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.MeshGateway.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 9: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field CentrallyConfigured", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.CentrallyConfigured = bool(v != 0) - case 10: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field LocalBindSocketPath", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthService - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthService - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.LocalBindSocketPath = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 11: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field LocalBindSocketMode", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthService - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthService - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.LocalBindSocketMode = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 12: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DestinationPartition", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthService - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthService - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.DestinationPartition = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipService(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthService - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *ServiceConnect) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: ServiceConnect: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: ServiceConnect: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field Native", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.Native = bool(v != 0) - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SidecarService", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthService - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthService - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.SidecarService == nil { - m.SidecarService = &ServiceDefinition{} - } - if err := m.SidecarService.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipService(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthService - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *ExposeConfig) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: ExposeConfig: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: ExposeConfig: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field Checks", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.Checks = bool(v != 0) - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Paths", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthService - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthService - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Paths = append(m.Paths, ExposePath{}) - if err := m.Paths[len(m.Paths)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipService(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthService - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *ExposePath) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: ExposePath: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: ExposePath: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field ListenerPort", wireType) - } - m.ListenerPort = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.ListenerPort |= int32(b&0x7F) << shift - if b < 0x80 { - break - } - } - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Path", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthService - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthService - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Path = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 3: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field LocalPathPort", wireType) - } - m.LocalPathPort = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.LocalPathPort |= int32(b&0x7F) << shift - if b < 0x80 { - break - } - } - case 4: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Protocol", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthService - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthService - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Protocol = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 5: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field ParsedFromCheck", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.ParsedFromCheck = bool(v != 0) - default: - iNdEx = preIndex - skippy, err := skipService(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthService - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *MeshGatewayConfig) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: MeshGatewayConfig: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: MeshGatewayConfig: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Mode", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthService - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthService - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Mode = github_com_hashicorp_consul_agent_structs.MeshGatewayMode(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipService(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthService - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *TransparentProxyConfig) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: TransparentProxyConfig: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: TransparentProxyConfig: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field OutboundListenerPort", wireType) - } - m.OutboundListenerPort = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.OutboundListenerPort |= int32(b&0x7F) << shift - if b < 0x80 { - break - } - } - case 2: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field DialedDirectly", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.DialedDirectly = bool(v != 0) - default: - iNdEx = preIndex - skippy, err := skipService(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthService - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *ServiceDefinition) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: ServiceDefinition: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: ServiceDefinition: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Kind", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthService - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthService - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Kind = github_com_hashicorp_consul_agent_structs.ServiceKind(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ID", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthService - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthService - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.ID = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthService - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthService - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Name = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 4: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Tags", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthService - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthService - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Tags = append(m.Tags, string(dAtA[iNdEx:postIndex])) - iNdEx = postIndex - case 5: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Address", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthService - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthService - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Address = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 6: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Meta", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthService - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthService - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.Meta == nil { - m.Meta = make(map[string]string) - } - var mapkey string - var mapvalue string - for iNdEx < postIndex { - entryPreIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - if fieldNum == 1 { - var stringLenmapkey uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLenmapkey |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLenmapkey := int(stringLenmapkey) - if intStringLenmapkey < 0 { - return ErrInvalidLengthService - } - postStringIndexmapkey := iNdEx + intStringLenmapkey - if postStringIndexmapkey < 0 { - return ErrInvalidLengthService - } - if postStringIndexmapkey > l { - return io.ErrUnexpectedEOF - } - mapkey = string(dAtA[iNdEx:postStringIndexmapkey]) - iNdEx = postStringIndexmapkey - } else if fieldNum == 2 { - var stringLenmapvalue uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLenmapvalue |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLenmapvalue := int(stringLenmapvalue) - if intStringLenmapvalue < 0 { - return ErrInvalidLengthService - } - postStringIndexmapvalue := iNdEx + intStringLenmapvalue - if postStringIndexmapvalue < 0 { - return ErrInvalidLengthService - } - if postStringIndexmapvalue > l { - return io.ErrUnexpectedEOF - } - mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue]) - iNdEx = postStringIndexmapvalue - } else { - iNdEx = entryPreIndex - skippy, err := skipService(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthService - } - if (iNdEx + skippy) > postIndex { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - m.Meta[mapkey] = mapvalue - iNdEx = postIndex - case 7: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field Port", wireType) - } - m.Port = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.Port |= int32(b&0x7F) << shift - if b < 0x80 { - break - } - } - case 8: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Check", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthService - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthService - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.Check.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 9: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Checks", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthService - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthService - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Checks = append(m.Checks, &CheckType{}) - if err := m.Checks[len(m.Checks)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 10: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Weights", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthService - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthService - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.Weights == nil { - m.Weights = &Weights{} - } - if err := m.Weights.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 11: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Token", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthService - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthService - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Token = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 12: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field EnableTagOverride", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.EnableTagOverride = bool(v != 0) - case 14: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Proxy", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthService - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthService - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.Proxy == nil { - m.Proxy = &ConnectProxyConfig{} - } - if err := m.Proxy.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 15: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Connect", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthService - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthService - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.Connect == nil { - m.Connect = &ServiceConnect{} - } - if err := m.Connect.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 16: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field TaggedAddresses", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthService - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthService - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.TaggedAddresses == nil { - m.TaggedAddresses = make(map[string]ServiceAddress) - } - var mapkey string - mapvalue := &ServiceAddress{} - for iNdEx < postIndex { - entryPreIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - if fieldNum == 1 { - var stringLenmapkey uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLenmapkey |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLenmapkey := int(stringLenmapkey) - if intStringLenmapkey < 0 { - return ErrInvalidLengthService - } - postStringIndexmapkey := iNdEx + intStringLenmapkey - if postStringIndexmapkey < 0 { - return ErrInvalidLengthService - } - if postStringIndexmapkey > l { - return io.ErrUnexpectedEOF - } - mapkey = string(dAtA[iNdEx:postStringIndexmapkey]) - iNdEx = postStringIndexmapkey - } else if fieldNum == 2 { - var mapmsglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - mapmsglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if mapmsglen < 0 { - return ErrInvalidLengthService - } - postmsgIndex := iNdEx + mapmsglen - if postmsgIndex < 0 { - return ErrInvalidLengthService - } - if postmsgIndex > l { - return io.ErrUnexpectedEOF - } - mapvalue = &ServiceAddress{} - if err := mapvalue.Unmarshal(dAtA[iNdEx:postmsgIndex]); err != nil { - return err - } - iNdEx = postmsgIndex - } else { - iNdEx = entryPreIndex - skippy, err := skipService(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthService - } - if (iNdEx + skippy) > postIndex { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - m.TaggedAddresses[mapkey] = *mapvalue - iNdEx = postIndex - case 17: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field EnterpriseMeta", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthService - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthService - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.EnterpriseMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 18: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SocketPath", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthService - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthService - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.SocketPath = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipService(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthService - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *ServiceAddress) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: ServiceAddress: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: ServiceAddress: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Address", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthService - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthService - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Address = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 2: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field Port", wireType) - } - m.Port = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.Port |= int32(b&0x7F) << shift - if b < 0x80 { - break - } - } - default: - iNdEx = preIndex - skippy, err := skipService(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthService - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *Weights) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: Weights: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: Weights: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field Passing", wireType) - } - m.Passing = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.Passing |= int32(b&0x7F) << shift - if b < 0x80 { - break - } - } - case 2: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field Warning", wireType) - } - m.Warning = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.Warning |= int32(b&0x7F) << shift - if b < 0x80 { - break - } - } - default: - iNdEx = preIndex - skippy, err := skipService(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthService - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func skipService(dAtA []byte) (n int, err error) { - l := len(dAtA) - iNdEx := 0 - depth := 0 - for iNdEx < l { - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowService - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - wireType := int(wire & 0x7) - switch wireType { - case 0: - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowService - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - iNdEx++ - if dAtA[iNdEx-1] < 0x80 { - break - } - } - case 1: - iNdEx += 8 - case 2: - var length int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowService - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - length |= (int(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - if length < 0 { - return 0, ErrInvalidLengthService - } - iNdEx += length - case 3: - depth++ - case 4: - if depth == 0 { - return 0, ErrUnexpectedEndOfGroupService - } - depth-- - case 5: - iNdEx += 4 - default: - return 0, fmt.Errorf("proto: illegal wireType %d", wireType) - } - if iNdEx < 0 { - return 0, ErrInvalidLengthService - } - if depth == 0 { - return iNdEx, nil - } - } - return 0, io.ErrUnexpectedEOF -} - -var ( - ErrInvalidLengthService = fmt.Errorf("proto: negative length found during unmarshaling") - ErrIntOverflowService = fmt.Errorf("proto: integer overflow") - ErrUnexpectedEndOfGroupService = fmt.Errorf("proto: unexpected end of group") -) diff --git a/proto/pbservice/service.proto b/proto/pbservice/service.proto index 360e3e3ff..64860625b 100644 --- a/proto/pbservice/service.proto +++ b/proto/pbservice/service.proto @@ -5,17 +5,9 @@ package pbservice; option go_package = "github.com/hashicorp/consul/proto/pbservice"; import "google/protobuf/struct.proto"; -import "proto/pbcommongogo/common.proto"; +import "proto/pbcommon/common.proto"; import "proto/pbservice/healthcheck.proto"; -// This fake import path is replaced by the build script with a versioned path -import "gogoproto/gogo.proto"; - -option (gogoproto.goproto_unkeyed_all) = false; -option (gogoproto.goproto_unrecognized_all) = false; -option (gogoproto.goproto_getters_all) = false; -option (gogoproto.goproto_sizecache_all) = false; - // ConnectProxyConfig describes the configuration needed for any proxy managed // or unmanaged. It describes a single logical service's listener and optionally @@ -57,25 +49,26 @@ message ConnectProxyConfig { // Config is the arbitrary configuration data provided with the proxy // registration. // mog: func-to=ProtobufTypesStructToMapStringInterface func-from=MapStringInterfaceToProtobufTypesStruct - google.protobuf.Struct Config = 5 [(gogoproto.nullable) = true]; + google.protobuf.Struct Config = 5; // Upstreams describes any upstream dependencies the proxy instance should // setup. // mog: func-to=UpstreamsToStructs func-from=NewUpstreamsFromStructs - repeated Upstream Upstreams = 6 [(gogoproto.nullable) = false]; + repeated Upstream Upstreams = 6; // MeshGateway defines the mesh gateway configuration for upstreams - MeshGatewayConfig MeshGateway = 7 [(gogoproto.nullable) = false]; + MeshGatewayConfig MeshGateway = 7; // Expose defines whether checks or paths are exposed through the proxy - ExposeConfig Expose = 8 [(gogoproto.nullable) = false]; + ExposeConfig Expose = 8; // Mode represents how the proxy's inbound and upstream listeners are dialed. - string Mode = 9 [(gogoproto.casttype) = "github.com/hashicorp/consul/agent/structs.ProxyMode"]; + // mog: func-to=structs.ProxyMode func-from=string + string Mode = 9; // TransparentProxy defines configuration for when the proxy is in // transparent mode. - TransparentProxyConfig TransparentProxy = 10 [(gogoproto.nullable) = false]; + TransparentProxyConfig TransparentProxy = 10; // LocalServiceSocketPath is the path to the unix domain socket for the local service instance string LocalServiceSocketPath = 11; @@ -122,10 +115,10 @@ message Upstream { // It can be used to pass arbitrary configuration for this specific upstream // to the proxy. // mog: func-to=ProtobufTypesStructToMapStringInterface func-from=MapStringInterfaceToProtobufTypesStruct - google.protobuf.Struct Config = 7 [(gogoproto.nullable) = true]; + google.protobuf.Struct Config = 7; // MeshGateway is the configuration for mesh gateway usage of this upstream - MeshGatewayConfig MeshGateway = 8 [(gogoproto.nullable) = false]; + MeshGatewayConfig MeshGateway = 8; // CentrallyConfigured indicates whether the upstream was defined in a proxy // instance registration or whether it was generated from a config entry. @@ -174,7 +167,7 @@ message ExposeConfig { // Paths is the list of paths exposed through the proxy. // mog: func-to=ExposePathSliceToStructs func-from=NewExposePathSliceFromStructs - repeated ExposePath Paths = 2 [(gogoproto.nullable) = false]; + repeated ExposePath Paths = 2; } // mog annotation: @@ -208,7 +201,8 @@ message ExposePath { // output=service.gen.go // name=Structs message MeshGatewayConfig { - string Mode = 1 [(gogoproto.casttype) = "github.com/hashicorp/consul/agent/structs.MeshGatewayMode"]; + // mog: func-to=structs.MeshGatewayMode func-from=string + string Mode = 1; } // mog annotation: @@ -235,19 +229,20 @@ message TransparentProxyConfig { // output=service.gen.go // name=Structs message ServiceDefinition { - string Kind = 1 [(gogoproto.casttype) = "github.com/hashicorp/consul/agent/structs.ServiceKind"]; + // mog: func-to=structs.ServiceKind func-from=string + string Kind = 1; string ID = 2; string Name = 3; repeated string Tags = 4; string Address = 5; // mog: func-to=MapStringServiceAddressToStructs func-from=NewMapStringServiceAddressFromStructs - map TaggedAddresses = 16 [(gogoproto.nullable) = false]; + map TaggedAddresses = 16; map Meta = 6; // mog: func-to=int func-from=int32 int32 Port = 7; // Path for socket string SocketPath = 18; - CheckType Check = 8 [(gogoproto.nullable) = false]; + CheckType Check = 8; // mog: func-to=CheckTypesToStructs func-from=NewCheckTypesFromStructs repeated CheckType Checks = 9; // mog: func-to=WeightsPtrToStructs func-from=NewWeightsPtrFromStructs @@ -269,7 +264,7 @@ message ServiceDefinition { ConnectProxyConfig Proxy = 14; // mog: func-to=EnterpriseMetaToStructs func-from=NewEnterpriseMetaFromStructs - commongogo.EnterpriseMeta EnterpriseMeta = 17 [(gogoproto.nullable) = false]; + common.EnterpriseMeta EnterpriseMeta = 17; // mog: func-to=ServiceConnectPtrToStructs func-from=NewServiceConnectPtrFromStructs ServiceConnect Connect = 15; diff --git a/proto/pbsubscribe/subscribe.pb.go b/proto/pbsubscribe/subscribe.pb.go index 98ad79087..9df5bba25 100644 --- a/proto/pbsubscribe/subscribe.pb.go +++ b/proto/pbsubscribe/subscribe.pb.go @@ -1,4 +1,4 @@ -// Code generated by protoc-gen-gogo. DO NOT EDIT. +// Code generated by protoc-gen-go. DO NOT EDIT. // source: proto/pbsubscribe/subscribe.proto package pbsubscribe @@ -11,9 +11,7 @@ import ( grpc "google.golang.org/grpc" codes "google.golang.org/grpc/codes" status "google.golang.org/grpc/status" - io "io" math "math" - math_bits "math/bits" ) // Reference imports to suppress errors if they are not otherwise used. @@ -129,26 +127,18 @@ func (*SubscribeRequest) ProtoMessage() {} func (*SubscribeRequest) Descriptor() ([]byte, []int) { return fileDescriptor_ab3eb8c810e315fb, []int{0} } + func (m *SubscribeRequest) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) + return xxx_messageInfo_SubscribeRequest.Unmarshal(m, b) } func (m *SubscribeRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_SubscribeRequest.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil - } + return xxx_messageInfo_SubscribeRequest.Marshal(b, m, deterministic) } func (m *SubscribeRequest) XXX_Merge(src proto.Message) { xxx_messageInfo_SubscribeRequest.Merge(m, src) } func (m *SubscribeRequest) XXX_Size() int { - return m.Size() + return xxx_messageInfo_SubscribeRequest.Size(m) } func (m *SubscribeRequest) XXX_DiscardUnknown() { xxx_messageInfo_SubscribeRequest.DiscardUnknown(m) @@ -234,26 +224,18 @@ func (*Event) ProtoMessage() {} func (*Event) Descriptor() ([]byte, []int) { return fileDescriptor_ab3eb8c810e315fb, []int{1} } + func (m *Event) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) + return xxx_messageInfo_Event.Unmarshal(m, b) } func (m *Event) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_Event.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil - } + return xxx_messageInfo_Event.Marshal(b, m, deterministic) } func (m *Event) XXX_Merge(src proto.Message) { xxx_messageInfo_Event.Merge(m, src) } func (m *Event) XXX_Size() int { - return m.Size() + return xxx_messageInfo_Event.Size(m) } func (m *Event) XXX_DiscardUnknown() { xxx_messageInfo_Event.DiscardUnknown(m) @@ -261,29 +243,40 @@ func (m *Event) XXX_DiscardUnknown() { var xxx_messageInfo_Event proto.InternalMessageInfo +func (m *Event) GetIndex() uint64 { + if m != nil { + return m.Index + } + return 0 +} + type isEvent_Payload interface { isEvent_Payload() - MarshalTo([]byte) (int, error) - Size() int } type Event_EndOfSnapshot struct { - EndOfSnapshot bool `protobuf:"varint,2,opt,name=EndOfSnapshot,proto3,oneof" json:"EndOfSnapshot,omitempty"` -} -type Event_NewSnapshotToFollow struct { - NewSnapshotToFollow bool `protobuf:"varint,3,opt,name=NewSnapshotToFollow,proto3,oneof" json:"NewSnapshotToFollow,omitempty"` -} -type Event_EventBatch struct { - EventBatch *EventBatch `protobuf:"bytes,4,opt,name=EventBatch,proto3,oneof" json:"EventBatch,omitempty"` -} -type Event_ServiceHealth struct { - ServiceHealth *ServiceHealthUpdate `protobuf:"bytes,10,opt,name=ServiceHealth,proto3,oneof" json:"ServiceHealth,omitempty"` + EndOfSnapshot bool `protobuf:"varint,2,opt,name=EndOfSnapshot,proto3,oneof"` } -func (*Event_EndOfSnapshot) isEvent_Payload() {} +type Event_NewSnapshotToFollow struct { + NewSnapshotToFollow bool `protobuf:"varint,3,opt,name=NewSnapshotToFollow,proto3,oneof"` +} + +type Event_EventBatch struct { + EventBatch *EventBatch `protobuf:"bytes,4,opt,name=EventBatch,proto3,oneof"` +} + +type Event_ServiceHealth struct { + ServiceHealth *ServiceHealthUpdate `protobuf:"bytes,10,opt,name=ServiceHealth,proto3,oneof"` +} + +func (*Event_EndOfSnapshot) isEvent_Payload() {} + func (*Event_NewSnapshotToFollow) isEvent_Payload() {} -func (*Event_EventBatch) isEvent_Payload() {} -func (*Event_ServiceHealth) isEvent_Payload() {} + +func (*Event_EventBatch) isEvent_Payload() {} + +func (*Event_ServiceHealth) isEvent_Payload() {} func (m *Event) GetPayload() isEvent_Payload { if m != nil { @@ -292,13 +285,6 @@ func (m *Event) GetPayload() isEvent_Payload { return nil } -func (m *Event) GetIndex() uint64 { - if m != nil { - return m.Index - } - return 0 -} - func (m *Event) GetEndOfSnapshot() bool { if x, ok := m.GetPayload().(*Event_EndOfSnapshot); ok { return x.EndOfSnapshot @@ -350,26 +336,18 @@ func (*EventBatch) ProtoMessage() {} func (*EventBatch) Descriptor() ([]byte, []int) { return fileDescriptor_ab3eb8c810e315fb, []int{2} } + func (m *EventBatch) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) + return xxx_messageInfo_EventBatch.Unmarshal(m, b) } func (m *EventBatch) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_EventBatch.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil - } + return xxx_messageInfo_EventBatch.Marshal(b, m, deterministic) } func (m *EventBatch) XXX_Merge(src proto.Message) { xxx_messageInfo_EventBatch.Merge(m, src) } func (m *EventBatch) XXX_Size() int { - return m.Size() + return xxx_messageInfo_EventBatch.Size(m) } func (m *EventBatch) XXX_DiscardUnknown() { xxx_messageInfo_EventBatch.DiscardUnknown(m) @@ -398,26 +376,18 @@ func (*ServiceHealthUpdate) ProtoMessage() {} func (*ServiceHealthUpdate) Descriptor() ([]byte, []int) { return fileDescriptor_ab3eb8c810e315fb, []int{3} } + func (m *ServiceHealthUpdate) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) + return xxx_messageInfo_ServiceHealthUpdate.Unmarshal(m, b) } func (m *ServiceHealthUpdate) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_ServiceHealthUpdate.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil - } + return xxx_messageInfo_ServiceHealthUpdate.Marshal(b, m, deterministic) } func (m *ServiceHealthUpdate) XXX_Merge(src proto.Message) { xxx_messageInfo_ServiceHealthUpdate.Merge(m, src) } func (m *ServiceHealthUpdate) XXX_Size() int { - return m.Size() + return xxx_messageInfo_ServiceHealthUpdate.Size(m) } func (m *ServiceHealthUpdate) XXX_DiscardUnknown() { xxx_messageInfo_ServiceHealthUpdate.DiscardUnknown(m) @@ -448,54 +418,54 @@ func init() { proto.RegisterType((*ServiceHealthUpdate)(nil), "subscribe.ServiceHealthUpdate") } -func init() { proto.RegisterFile("proto/pbsubscribe/subscribe.proto", fileDescriptor_ab3eb8c810e315fb) } +func init() { + proto.RegisterFile("proto/pbsubscribe/subscribe.proto", fileDescriptor_ab3eb8c810e315fb) +} var fileDescriptor_ab3eb8c810e315fb = []byte{ - // 550 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x6c, 0x53, 0xcb, 0x6e, 0xd3, 0x4c, - 0x14, 0xf6, 0xa4, 0x57, 0x9f, 0xfc, 0xad, 0xfc, 0x4f, 0x83, 0xb0, 0x52, 0x64, 0x85, 0x08, 0x55, - 0xa1, 0x12, 0x31, 0x0a, 0x12, 0xec, 0x40, 0x24, 0x6d, 0x09, 0x42, 0x4a, 0x2a, 0xa7, 0x5d, 0xc0, - 0x6e, 0x62, 0x1f, 0x62, 0x2b, 0xee, 0x8c, 0xb1, 0x27, 0x0d, 0xdd, 0xc3, 0x3b, 0xf0, 0x48, 0x2c, - 0x59, 0xf0, 0x00, 0x28, 0xbc, 0x08, 0xf2, 0xc4, 0x71, 0x9c, 0xa4, 0xbb, 0x39, 0xdf, 0x65, 0xce, - 0xcc, 0xb9, 0xc0, 0xe3, 0x28, 0x16, 0x52, 0xd8, 0xd1, 0x30, 0x99, 0x0c, 0x13, 0x37, 0x0e, 0x86, - 0x68, 0xe7, 0xa7, 0xa6, 0xe2, 0xa8, 0x9e, 0x03, 0xd5, 0x6a, 0xae, 0xc6, 0xf8, 0x36, 0x70, 0xd1, - 0xe6, 0xc2, 0xcb, 0x64, 0xf5, 0xdf, 0x04, 0x8c, 0xc1, 0x42, 0xe9, 0xe0, 0x97, 0x09, 0x26, 0x92, - 0x9e, 0xc0, 0xce, 0x95, 0x88, 0x02, 0xd7, 0x24, 0x35, 0xd2, 0x38, 0x6c, 0x19, 0xcd, 0xe5, 0xe5, - 0x0a, 0x77, 0xe6, 0x34, 0x35, 0x60, 0xeb, 0x03, 0xde, 0x99, 0xa5, 0x1a, 0x69, 0xe8, 0x4e, 0x7a, - 0xa4, 0x95, 0xd4, 0x39, 0x46, 0x6e, 0x6e, 0x29, 0x6c, 0x1e, 0xa4, 0xe8, 0x7b, 0xee, 0xe1, 0x57, - 0x73, 0xbb, 0x46, 0x1a, 0xdb, 0xce, 0x3c, 0xa0, 0x16, 0xc0, 0x19, 0x93, 0xcc, 0x45, 0x2e, 0x31, - 0x36, 0x77, 0x94, 0xa1, 0x80, 0xd0, 0x47, 0xa0, 0xf7, 0xd8, 0x0d, 0x26, 0x11, 0x73, 0xd1, 0xdc, - 0x55, 0xf4, 0x12, 0x48, 0xd9, 0x4b, 0x16, 0xcb, 0x40, 0x06, 0x82, 0x9b, 0x7b, 0x73, 0x36, 0x07, - 0xea, 0xdf, 0x4b, 0xb0, 0x73, 0x7e, 0x8b, 0x5c, 0x2e, 0x73, 0x93, 0x62, 0xee, 0x13, 0x38, 0x38, - 0xe7, 0x5e, 0xff, 0xf3, 0x80, 0xb3, 0x28, 0xf1, 0x85, 0x54, 0x7f, 0xd8, 0xef, 0x6a, 0xce, 0x2a, - 0x4c, 0x5b, 0x70, 0xd4, 0xc3, 0xe9, 0x22, 0xbc, 0x12, 0x17, 0x22, 0x0c, 0xc5, 0x54, 0xfd, 0x2e, - 0x55, 0xdf, 0x47, 0xd2, 0x57, 0x00, 0x2a, 0x75, 0x9b, 0x49, 0xd7, 0x57, 0x5f, 0x2e, 0xb7, 0x1e, - 0x14, 0x4a, 0xb8, 0x24, 0xbb, 0x9a, 0x53, 0x90, 0xd2, 0x0b, 0x38, 0x18, 0xcc, 0x3b, 0xd4, 0x45, - 0x16, 0x4a, 0xdf, 0x04, 0xe5, 0xb5, 0x0a, 0xde, 0x15, 0xfe, 0x3a, 0xf2, 0x98, 0xc4, 0xf4, 0xd1, - 0x2b, 0x70, 0x5b, 0x87, 0xbd, 0x4b, 0x76, 0x17, 0x0a, 0xe6, 0xd5, 0x5f, 0x16, 0xdf, 0x42, 0x1b, - 0xb0, 0xab, 0xa2, 0xc4, 0x24, 0xb5, 0xad, 0x46, 0x79, 0xa5, 0xb1, 0x8a, 0x70, 0x32, 0xbe, 0xfe, - 0x8d, 0xc0, 0xd1, 0x3d, 0xb9, 0xe8, 0x13, 0x28, 0xf5, 0xa3, 0x6c, 0x2c, 0x2a, 0x05, 0x77, 0x87, - 0x49, 0x16, 0x8a, 0x51, 0x3f, 0x72, 0x4a, 0xfd, 0x88, 0xbe, 0x03, 0xa3, 0xe3, 0xa3, 0x3b, 0xce, - 0x6e, 0xe8, 0x09, 0x0f, 0x55, 0x81, 0xcb, 0xad, 0xe3, 0x66, 0x3e, 0x85, 0xcd, 0x75, 0x89, 0xb3, - 0x61, 0x3a, 0x7d, 0x9b, 0x0d, 0x22, 0x2d, 0xc3, 0xde, 0x35, 0x1f, 0x73, 0x31, 0xe5, 0x86, 0x46, - 0xff, 0x5f, 0xab, 0x93, 0x41, 0xa8, 0x09, 0x95, 0x15, 0xa8, 0x23, 0x38, 0x47, 0x57, 0x1a, 0xa5, - 0xd3, 0xa7, 0xa0, 0xe7, 0x8f, 0xa3, 0xff, 0xc1, 0xbe, 0x83, 0xa3, 0x20, 0x91, 0x18, 0x1b, 0x1a, - 0x3d, 0x04, 0x38, 0xc3, 0x78, 0x11, 0x93, 0xd6, 0x47, 0x78, 0x38, 0x90, 0x4c, 0x62, 0xc7, 0x67, - 0x7c, 0x84, 0xd9, 0x56, 0x44, 0xe9, 0x3c, 0xd1, 0xd7, 0xa0, 0xe7, 0x5b, 0x42, 0x8f, 0x8b, 0x0d, - 0x59, 0xdb, 0x9d, 0xea, 0x46, 0x4d, 0xeb, 0xda, 0x73, 0xd2, 0x7e, 0xf3, 0x73, 0x66, 0x91, 0x5f, - 0x33, 0x8b, 0xfc, 0x99, 0x59, 0xe4, 0xc7, 0x5f, 0x4b, 0xfb, 0xf4, 0x6c, 0x14, 0x48, 0x7f, 0x32, - 0x6c, 0xba, 0xe2, 0xc6, 0xf6, 0x59, 0xe2, 0x07, 0xae, 0x88, 0x23, 0xdb, 0x15, 0x3c, 0x99, 0x84, - 0xf6, 0xc6, 0x7a, 0x0f, 0x77, 0x15, 0xf4, 0xe2, 0x5f, 0x00, 0x00, 0x00, 0xff, 0xff, 0xc9, 0xb6, - 0x48, 0xa0, 0xfa, 0x03, 0x00, 0x00, + // 527 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x6c, 0x53, 0x5d, 0x6f, 0xda, 0x3c, + 0x14, 0xc6, 0xb4, 0x85, 0xe6, 0xf0, 0xb6, 0xca, 0xeb, 0x32, 0x2d, 0xa2, 0x53, 0xc5, 0xd0, 0x54, + 0xb1, 0x4a, 0x23, 0x13, 0x93, 0xb6, 0xbb, 0x49, 0x83, 0xb6, 0x63, 0x9a, 0x04, 0x55, 0x68, 0x2f, + 0xb6, 0x3b, 0xe3, 0x9c, 0x91, 0x88, 0xd4, 0xf6, 0x12, 0x53, 0xd6, 0xfb, 0xed, 0x1f, 0xee, 0x07, + 0x4d, 0x31, 0x21, 0x04, 0xe8, 0x9d, 0xcf, 0xf3, 0xe1, 0x63, 0x9f, 0x0f, 0x78, 0xa9, 0x62, 0xa9, + 0xa5, 0xab, 0x26, 0xc9, 0x7c, 0x92, 0xf0, 0x38, 0x9c, 0xa0, 0x9b, 0x9f, 0x3a, 0x86, 0xa3, 0x56, + 0x0e, 0x34, 0x1a, 0xb9, 0x1a, 0xe3, 0x87, 0x90, 0xa3, 0x2b, 0xa4, 0x9f, 0xc9, 0x5a, 0x7f, 0x09, + 0xd8, 0xe3, 0x95, 0xd2, 0xc3, 0x9f, 0x73, 0x4c, 0x34, 0x3d, 0x87, 0x83, 0x5b, 0xa9, 0x42, 0xee, + 0x90, 0x26, 0x69, 0x1f, 0x77, 0xed, 0xce, 0xfa, 0x72, 0x83, 0x7b, 0x4b, 0x9a, 0xda, 0xb0, 0xf7, + 0x15, 0x1f, 0x9d, 0x72, 0x93, 0xb4, 0x2d, 0x2f, 0x3d, 0xd2, 0x7a, 0xea, 0x9c, 0xa1, 0x70, 0xf6, + 0x0c, 0xb6, 0x0c, 0x52, 0xf4, 0x8b, 0xf0, 0xf1, 0x97, 0xb3, 0xdf, 0x24, 0xed, 0x7d, 0x6f, 0x19, + 0xd0, 0x33, 0x80, 0x4b, 0xa6, 0x19, 0x47, 0xa1, 0x31, 0x76, 0x0e, 0x8c, 0xa1, 0x80, 0xd0, 0x17, + 0x60, 0x0d, 0xd9, 0x3d, 0x26, 0x8a, 0x71, 0x74, 0x2a, 0x86, 0x5e, 0x03, 0x29, 0x7b, 0xc3, 0x62, + 0x1d, 0xea, 0x50, 0x0a, 0xa7, 0xba, 0x64, 0x73, 0xa0, 0xf5, 0xa7, 0x0c, 0x07, 0x57, 0x0f, 0x28, + 0xf4, 0x3a, 0x37, 0x29, 0xe6, 0x3e, 0x87, 0xa3, 0x2b, 0xe1, 0x8f, 0x7e, 0x8c, 0x05, 0x53, 0x49, + 0x20, 0xb5, 0xf9, 0xc3, 0xe1, 0xa0, 0xe4, 0x6d, 0xc2, 0xb4, 0x0b, 0x27, 0x43, 0x5c, 0xac, 0xc2, + 0x5b, 0x79, 0x2d, 0xa3, 0x48, 0x2e, 0xcc, 0xef, 0x52, 0xf5, 0x53, 0x24, 0xfd, 0x00, 0x60, 0x52, + 0xf7, 0x98, 0xe6, 0x81, 0xf9, 0x72, 0xad, 0xfb, 0xac, 0x50, 0xc2, 0x35, 0x39, 0x28, 0x79, 0x05, + 0x29, 0xbd, 0x86, 0xa3, 0xf1, 0xb2, 0x43, 0x03, 0x64, 0x91, 0x0e, 0x1c, 0x30, 0xde, 0xb3, 0x82, + 0x77, 0x83, 0xbf, 0x53, 0x3e, 0xd3, 0x98, 0x3e, 0x7a, 0x03, 0xee, 0x59, 0x50, 0xbd, 0x61, 0x8f, + 0x91, 0x64, 0x7e, 0xeb, 0x7d, 0xf1, 0x2d, 0xb4, 0x0d, 0x15, 0x13, 0x25, 0x0e, 0x69, 0xee, 0xb5, + 0x6b, 0x1b, 0x8d, 0x35, 0x84, 0x97, 0xf1, 0xad, 0xdf, 0x04, 0x4e, 0x9e, 0xc8, 0x45, 0x5f, 0x41, + 0x79, 0xa4, 0xb2, 0xb1, 0xa8, 0x17, 0xdc, 0x7d, 0xa6, 0x59, 0x24, 0xa7, 0x23, 0xe5, 0x95, 0x47, + 0x8a, 0x7e, 0x06, 0xbb, 0x1f, 0x20, 0x9f, 0x65, 0x37, 0x0c, 0xa5, 0x8f, 0xa6, 0xc0, 0xb5, 0xee, + 0x69, 0x27, 0x9f, 0xc2, 0xce, 0xb6, 0xc4, 0xdb, 0x31, 0x5d, 0x7c, 0xca, 0x06, 0x91, 0xd6, 0xa0, + 0x7a, 0x27, 0x66, 0x42, 0x2e, 0x84, 0x5d, 0xa2, 0xff, 0x6f, 0xd5, 0xc9, 0x26, 0xd4, 0x81, 0xfa, + 0x06, 0xd4, 0x97, 0x42, 0x20, 0xd7, 0x76, 0xf9, 0xe2, 0x35, 0x58, 0xf9, 0xe3, 0xe8, 0x7f, 0x70, + 0xe8, 0xe1, 0x34, 0x4c, 0x34, 0xc6, 0x76, 0x89, 0x1e, 0x03, 0x5c, 0x62, 0xbc, 0x8a, 0x49, 0xf7, + 0x1b, 0x3c, 0x1f, 0x6b, 0xa6, 0xb1, 0x1f, 0x30, 0x31, 0xc5, 0x6c, 0x2b, 0x54, 0x3a, 0x4f, 0xf4, + 0x23, 0x58, 0xf9, 0x96, 0xd0, 0xd3, 0x62, 0x43, 0xb6, 0x76, 0xa7, 0xb1, 0x53, 0xd3, 0x56, 0xe9, + 0x2d, 0xe9, 0xb9, 0xdf, 0xdf, 0x4c, 0x43, 0x1d, 0xcc, 0x27, 0x1d, 0x2e, 0xef, 0xdd, 0x80, 0x25, + 0x41, 0xc8, 0x65, 0xac, 0x5c, 0x2e, 0x45, 0x32, 0x8f, 0xdc, 0x9d, 0x75, 0x9e, 0x54, 0x0c, 0xf4, + 0xee, 0x5f, 0x00, 0x00, 0x00, 0xff, 0xff, 0xa0, 0xb3, 0x69, 0x51, 0xea, 0x03, 0x00, 0x00, } // Reference imports to suppress errors if they are not otherwise used. var _ context.Context -var _ grpc.ClientConn +var _ grpc.ClientConnInterface // This is a compile-time assertion to ensure that this generated file // is compatible with the grpc package it is being compiled against. -const _ = grpc.SupportPackageIsVersion4 +const _ = grpc.SupportPackageIsVersion6 // StateChangeSubscriptionClient is the client API for StateChangeSubscription service. // @@ -524,10 +494,10 @@ type StateChangeSubscriptionClient interface { } type stateChangeSubscriptionClient struct { - cc *grpc.ClientConn + cc grpc.ClientConnInterface } -func NewStateChangeSubscriptionClient(cc *grpc.ClientConn) StateChangeSubscriptionClient { +func NewStateChangeSubscriptionClient(cc grpc.ClientConnInterface) StateChangeSubscriptionClient { return &stateChangeSubscriptionClient{cc} } @@ -633,1136 +603,3 @@ var _StateChangeSubscription_serviceDesc = grpc.ServiceDesc{ }, Metadata: "proto/pbsubscribe/subscribe.proto", } - -func (m *SubscribeRequest) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *SubscribeRequest) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *SubscribeRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if m.XXX_unrecognized != nil { - i -= len(m.XXX_unrecognized) - copy(dAtA[i:], m.XXX_unrecognized) - } - if len(m.Partition) > 0 { - i -= len(m.Partition) - copy(dAtA[i:], m.Partition) - i = encodeVarintSubscribe(dAtA, i, uint64(len(m.Partition))) - i-- - dAtA[i] = 0x3a - } - if len(m.Namespace) > 0 { - i -= len(m.Namespace) - copy(dAtA[i:], m.Namespace) - i = encodeVarintSubscribe(dAtA, i, uint64(len(m.Namespace))) - i-- - dAtA[i] = 0x32 - } - if len(m.Datacenter) > 0 { - i -= len(m.Datacenter) - copy(dAtA[i:], m.Datacenter) - i = encodeVarintSubscribe(dAtA, i, uint64(len(m.Datacenter))) - i-- - dAtA[i] = 0x2a - } - if m.Index != 0 { - i = encodeVarintSubscribe(dAtA, i, uint64(m.Index)) - i-- - dAtA[i] = 0x20 - } - if len(m.Token) > 0 { - i -= len(m.Token) - copy(dAtA[i:], m.Token) - i = encodeVarintSubscribe(dAtA, i, uint64(len(m.Token))) - i-- - dAtA[i] = 0x1a - } - if len(m.Key) > 0 { - i -= len(m.Key) - copy(dAtA[i:], m.Key) - i = encodeVarintSubscribe(dAtA, i, uint64(len(m.Key))) - i-- - dAtA[i] = 0x12 - } - if m.Topic != 0 { - i = encodeVarintSubscribe(dAtA, i, uint64(m.Topic)) - i-- - dAtA[i] = 0x8 - } - return len(dAtA) - i, nil -} - -func (m *Event) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *Event) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *Event) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if m.XXX_unrecognized != nil { - i -= len(m.XXX_unrecognized) - copy(dAtA[i:], m.XXX_unrecognized) - } - if m.Payload != nil { - { - size := m.Payload.Size() - i -= size - if _, err := m.Payload.MarshalTo(dAtA[i:]); err != nil { - return 0, err - } - } - } - if m.Index != 0 { - i = encodeVarintSubscribe(dAtA, i, uint64(m.Index)) - i-- - dAtA[i] = 0x8 - } - return len(dAtA) - i, nil -} - -func (m *Event_EndOfSnapshot) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *Event_EndOfSnapshot) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - i-- - if m.EndOfSnapshot { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x10 - return len(dAtA) - i, nil -} -func (m *Event_NewSnapshotToFollow) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *Event_NewSnapshotToFollow) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - i-- - if m.NewSnapshotToFollow { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x18 - return len(dAtA) - i, nil -} -func (m *Event_EventBatch) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *Event_EventBatch) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - if m.EventBatch != nil { - { - size, err := m.EventBatch.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintSubscribe(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x22 - } - return len(dAtA) - i, nil -} -func (m *Event_ServiceHealth) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *Event_ServiceHealth) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - if m.ServiceHealth != nil { - { - size, err := m.ServiceHealth.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintSubscribe(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x52 - } - return len(dAtA) - i, nil -} -func (m *EventBatch) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *EventBatch) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *EventBatch) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if m.XXX_unrecognized != nil { - i -= len(m.XXX_unrecognized) - copy(dAtA[i:], m.XXX_unrecognized) - } - if len(m.Events) > 0 { - for iNdEx := len(m.Events) - 1; iNdEx >= 0; iNdEx-- { - { - size, err := m.Events[iNdEx].MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintSubscribe(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0xa - } - } - return len(dAtA) - i, nil -} - -func (m *ServiceHealthUpdate) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *ServiceHealthUpdate) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *ServiceHealthUpdate) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if m.XXX_unrecognized != nil { - i -= len(m.XXX_unrecognized) - copy(dAtA[i:], m.XXX_unrecognized) - } - if m.CheckServiceNode != nil { - { - size, err := m.CheckServiceNode.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintSubscribe(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x12 - } - if m.Op != 0 { - i = encodeVarintSubscribe(dAtA, i, uint64(m.Op)) - i-- - dAtA[i] = 0x8 - } - return len(dAtA) - i, nil -} - -func encodeVarintSubscribe(dAtA []byte, offset int, v uint64) int { - offset -= sovSubscribe(v) - base := offset - for v >= 1<<7 { - dAtA[offset] = uint8(v&0x7f | 0x80) - v >>= 7 - offset++ - } - dAtA[offset] = uint8(v) - return base -} -func (m *SubscribeRequest) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - if m.Topic != 0 { - n += 1 + sovSubscribe(uint64(m.Topic)) - } - l = len(m.Key) - if l > 0 { - n += 1 + l + sovSubscribe(uint64(l)) - } - l = len(m.Token) - if l > 0 { - n += 1 + l + sovSubscribe(uint64(l)) - } - if m.Index != 0 { - n += 1 + sovSubscribe(uint64(m.Index)) - } - l = len(m.Datacenter) - if l > 0 { - n += 1 + l + sovSubscribe(uint64(l)) - } - l = len(m.Namespace) - if l > 0 { - n += 1 + l + sovSubscribe(uint64(l)) - } - l = len(m.Partition) - if l > 0 { - n += 1 + l + sovSubscribe(uint64(l)) - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - -func (m *Event) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - if m.Index != 0 { - n += 1 + sovSubscribe(uint64(m.Index)) - } - if m.Payload != nil { - n += m.Payload.Size() - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - -func (m *Event_EndOfSnapshot) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - n += 2 - return n -} -func (m *Event_NewSnapshotToFollow) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - n += 2 - return n -} -func (m *Event_EventBatch) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - if m.EventBatch != nil { - l = m.EventBatch.Size() - n += 1 + l + sovSubscribe(uint64(l)) - } - return n -} -func (m *Event_ServiceHealth) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - if m.ServiceHealth != nil { - l = m.ServiceHealth.Size() - n += 1 + l + sovSubscribe(uint64(l)) - } - return n -} -func (m *EventBatch) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - if len(m.Events) > 0 { - for _, e := range m.Events { - l = e.Size() - n += 1 + l + sovSubscribe(uint64(l)) - } - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - -func (m *ServiceHealthUpdate) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - if m.Op != 0 { - n += 1 + sovSubscribe(uint64(m.Op)) - } - if m.CheckServiceNode != nil { - l = m.CheckServiceNode.Size() - n += 1 + l + sovSubscribe(uint64(l)) - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - -func sovSubscribe(x uint64) (n int) { - return (math_bits.Len64(x|1) + 6) / 7 -} -func sozSubscribe(x uint64) (n int) { - return sovSubscribe(uint64((x << 1) ^ uint64((int64(x) >> 63)))) -} -func (m *SubscribeRequest) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowSubscribe - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: SubscribeRequest: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: SubscribeRequest: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field Topic", wireType) - } - m.Topic = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowSubscribe - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.Topic |= Topic(b&0x7F) << shift - if b < 0x80 { - break - } - } - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Key", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowSubscribe - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthSubscribe - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthSubscribe - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Key = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Token", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowSubscribe - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthSubscribe - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthSubscribe - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Token = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 4: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field Index", wireType) - } - m.Index = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowSubscribe - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.Index |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - case 5: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Datacenter", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowSubscribe - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthSubscribe - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthSubscribe - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Datacenter = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 6: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Namespace", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowSubscribe - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthSubscribe - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthSubscribe - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Namespace = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 7: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Partition", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowSubscribe - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthSubscribe - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthSubscribe - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Partition = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipSubscribe(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthSubscribe - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *Event) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowSubscribe - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: Event: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: Event: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field Index", wireType) - } - m.Index = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowSubscribe - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.Index |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - case 2: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field EndOfSnapshot", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowSubscribe - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - b := bool(v != 0) - m.Payload = &Event_EndOfSnapshot{b} - case 3: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field NewSnapshotToFollow", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowSubscribe - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - b := bool(v != 0) - m.Payload = &Event_NewSnapshotToFollow{b} - case 4: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field EventBatch", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowSubscribe - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthSubscribe - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthSubscribe - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - v := &EventBatch{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.Payload = &Event_EventBatch{v} - iNdEx = postIndex - case 10: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ServiceHealth", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowSubscribe - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthSubscribe - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthSubscribe - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - v := &ServiceHealthUpdate{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.Payload = &Event_ServiceHealth{v} - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipSubscribe(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthSubscribe - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *EventBatch) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowSubscribe - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: EventBatch: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: EventBatch: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Events", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowSubscribe - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthSubscribe - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthSubscribe - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Events = append(m.Events, &Event{}) - if err := m.Events[len(m.Events)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipSubscribe(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthSubscribe - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *ServiceHealthUpdate) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowSubscribe - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: ServiceHealthUpdate: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: ServiceHealthUpdate: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field Op", wireType) - } - m.Op = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowSubscribe - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.Op |= CatalogOp(b&0x7F) << shift - if b < 0x80 { - break - } - } - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field CheckServiceNode", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowSubscribe - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthSubscribe - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthSubscribe - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.CheckServiceNode == nil { - m.CheckServiceNode = &pbservice.CheckServiceNode{} - } - if err := m.CheckServiceNode.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipSubscribe(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthSubscribe - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func skipSubscribe(dAtA []byte) (n int, err error) { - l := len(dAtA) - iNdEx := 0 - depth := 0 - for iNdEx < l { - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowSubscribe - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - wireType := int(wire & 0x7) - switch wireType { - case 0: - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowSubscribe - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - iNdEx++ - if dAtA[iNdEx-1] < 0x80 { - break - } - } - case 1: - iNdEx += 8 - case 2: - var length int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowSubscribe - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - length |= (int(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - if length < 0 { - return 0, ErrInvalidLengthSubscribe - } - iNdEx += length - case 3: - depth++ - case 4: - if depth == 0 { - return 0, ErrUnexpectedEndOfGroupSubscribe - } - depth-- - case 5: - iNdEx += 4 - default: - return 0, fmt.Errorf("proto: illegal wireType %d", wireType) - } - if iNdEx < 0 { - return 0, ErrInvalidLengthSubscribe - } - if depth == 0 { - return iNdEx, nil - } - } - return 0, io.ErrUnexpectedEOF -} - -var ( - ErrInvalidLengthSubscribe = fmt.Errorf("proto: negative length found during unmarshaling") - ErrIntOverflowSubscribe = fmt.Errorf("proto: integer overflow") - ErrUnexpectedEndOfGroupSubscribe = fmt.Errorf("proto: unexpected end of group") -) From 6553bf4a2a0fdc93953cfe6dcc5abbbfe999b68f Mon Sep 17 00:00:00 2001 From: Luke Kysow <1034429+lkysow@users.noreply.github.com> Date: Wed, 23 Mar 2022 10:22:08 -0700 Subject: [PATCH 011/785] Lkysow/docs updates 2 (#12604) * Document intermediate_cert_ttl --- website/content/docs/agent/options.mdx | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/website/content/docs/agent/options.mdx b/website/content/docs/agent/options.mdx index 452b2e51c..11eae98ae 100644 --- a/website/content/docs/agent/options.mdx +++ b/website/content/docs/agent/options.mdx @@ -1408,19 +1408,25 @@ There are also a number of common configuration options supported by all provide if servers have more than one CPU core. Setting this to zero disables rate limiting. Added in 1.4.1. - - `leaf_cert_ttl` ((#ca_leaf_cert_ttl)) The upper bound on the lease - duration of a leaf certificate issued for a service. In most cases a new leaf + - `leaf_cert_ttl` ((#ca_leaf_cert_ttl)) Specifies the upper bound on the expiry + of a leaf certificate issued for a service. In most cases a new leaf certificate will be requested by a proxy before this limit is reached. This is also the effective limit on how long a server outage can last (with no leader) before network connections will start being rejected. Defaults to `72h`. - This value cannot be lower than 1 hour or higher than 1 year. + + You can specify a range from one hour (minimum) up to one year (maximum) using + the following units: `h`, `m`, `s`, `ms`, `us` (or `µs`), `ns`, or a combination + of those units, e.g. `1h5m`. This value is also used when rotating out old root certificates from the cluster. When a root certificate has been inactive (rotated out) for more than twice the _current_ `leaf_cert_ttl`, it will be removed from the trusted list. - - `root_cert_ttl` ((#ca_root_cert_ttl)) The time to live (TTL) for a root certificate. + - `intermediate_cert_ttl` ((#ca_intermediate_cert_ttl)) Specifies the expiry for the + intermediate certificates. Defaults to `8760h` (1 year). Must be at least 3 times `leaf_cert_ttl`. + + - `root_cert_ttl` ((#ca_root_cert_ttl)) Specifies the expiry for a root certificate. Defaults to 10 years as `87600h`. This value, if provided, needs to be higher than the intermediate certificate TTL. @@ -2212,7 +2218,11 @@ There are also a number of common configuration options supported by all provide ```json { "telemetry": { - "prefix_filter": ["+consul.raft.apply", "-consul.http", "+consul.http.GET"] + "prefix_filter": [ + "+consul.raft.apply", + "-consul.http", + "+consul.http.GET" + ] } } ``` From 1b654c98071ba84e392a6ea4fb154a06779eb15e Mon Sep 17 00:00:00 2001 From: Kyle Havlovitz Date: Wed, 23 Mar 2022 12:47:12 -0700 Subject: [PATCH 012/785] Clean up ent meta id usage in overview summary --- agent/consul/internal_endpoint_test.go | 11 ++--------- agent/consul/server_overview.go | 25 +++++++++++++++---------- agent/structs/structs_oss.go | 4 ---- 3 files changed, 17 insertions(+), 23 deletions(-) diff --git a/agent/consul/internal_endpoint_test.go b/agent/consul/internal_endpoint_test.go index 25c9c75f4..e639c003f 100644 --- a/agent/consul/internal_endpoint_test.go +++ b/agent/consul/internal_endpoint_test.go @@ -2485,13 +2485,10 @@ func TestInternal_CatalogOverview(t *testing.T) { } t.Parallel() - dir1, s1 := testServerWithConfig(t, func(c *Config) { + _, s1 := testServerWithConfig(t, func(c *Config) { c.MetricsReportingInterval = 100 * time.Millisecond }) - defer os.RemoveAll(dir1) - defer s1.Shutdown() codec := rpcClient(t, s1) - defer codec.Close() testrpc.WaitForLeader(t, s1.RPC, "dc1") @@ -2540,17 +2537,13 @@ func TestInternal_CatalogOverview_ACLDeny(t *testing.T) { t.Parallel() - dir1, s1 := testServerWithConfig(t, func(c *Config) { + _, s1 := testServerWithConfig(t, func(c *Config) { c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLInitialManagementToken = TestDefaultInitialManagementToken c.ACLResolverSettings.ACLDefaultPolicy = "deny" }) - defer os.RemoveAll(dir1) - defer s1.Shutdown() - codec := rpcClient(t, s1) - defer codec.Close() testrpc.WaitForLeader(t, s1.RPC, "dc1") diff --git a/agent/consul/server_overview.go b/agent/consul/server_overview.go index 149743d3f..7417f8032 100644 --- a/agent/consul/server_overview.go +++ b/agent/consul/server_overview.go @@ -69,11 +69,15 @@ func getCatalogOverview(catalog *structs.CatalogContents) *structs.CatalogSummar serviceInstanceChecks := make(map[string][]*structs.HealthCheck) checkSummaries := make(map[string]structs.HealthSummary) + entMetaIDString := func(id string, entMeta structs.EnterpriseMeta) string { + return fmt.Sprintf("%s/%s/%s", id, entMeta.PartitionOrEmpty(), entMeta.NamespaceOrEmpty()) + } + // Compute the health check summaries by taking the pass/warn/fail counts // of each unique part/ns/checkname combo and storing them. Also store the // per-node and per-service instance checks for their respective summaries below. for _, check := range catalog.Checks { - checkID := fmt.Sprintf("%s/%s", check.EnterpriseMeta.String(), check.Name) + checkID := entMetaIDString(check.Name, check.EnterpriseMeta) summary, ok := checkSummaries[checkID] if !ok { summary = structs.HealthSummary{ @@ -86,11 +90,10 @@ func getCatalogOverview(catalog *structs.CatalogContents) *structs.CatalogSummar checkSummaries[checkID] = summary if check.ServiceID != "" { - serviceInstanceID := fmt.Sprintf("%s/%s/%s", check.EnterpriseMeta.String(), check.Node, check.ServiceID) + serviceInstanceID := entMetaIDString(fmt.Sprintf("%s/%s", check.Node, check.ServiceID), check.EnterpriseMeta) serviceInstanceChecks[serviceInstanceID] = append(serviceInstanceChecks[serviceInstanceID], check) } else { - nodeMeta := check.NodeIdentity().EnterpriseMeta - nodeID := fmt.Sprintf("%s/%s", nodeMeta.String(), check.Node) + nodeID := structs.NodeNameString(check.Node, &check.EnterpriseMeta) nodeChecks[nodeID] = append(nodeChecks[nodeID], check) } } @@ -110,7 +113,7 @@ func getCatalogOverview(catalog *structs.CatalogContents) *structs.CatalogSummar } // Compute whether this service instance is healthy based on its associated checks. - serviceInstanceID := fmt.Sprintf("%s/%s/%s", svc.EnterpriseMeta.String(), svc.Node, svc.ServiceID) + serviceInstanceID := entMetaIDString(fmt.Sprintf("%s/%s", svc.Node, svc.ServiceID), svc.EnterpriseMeta) status := api.HealthPassing for _, checks := range serviceInstanceChecks[serviceInstanceID] { if checks.Status == api.HealthWarning && status == api.HealthPassing { @@ -130,8 +133,7 @@ func getCatalogOverview(catalog *structs.CatalogContents) *structs.CatalogSummar // each partition. nodeSummaries := make(map[string]structs.HealthSummary) for _, node := range catalog.Nodes { - nodeMeta := structs.NodeEnterpriseMetaInPartition(node.Partition) - summary, ok := nodeSummaries[nodeMeta.String()] + summary, ok := nodeSummaries[node.Partition] if !ok { summary = structs.HealthSummary{ EnterpriseMeta: *structs.NodeEnterpriseMetaInPartition(node.Partition), @@ -140,7 +142,7 @@ func getCatalogOverview(catalog *structs.CatalogContents) *structs.CatalogSummar // Compute whether this node is healthy based on its associated checks. status := api.HealthPassing - nodeID := fmt.Sprintf("%s/%s", nodeMeta.String(), node.Node) + nodeID := structs.NodeNameString(node.Node, structs.NodeEnterpriseMetaInPartition(node.Partition)) for _, checks := range nodeChecks[nodeID] { if checks.Status == api.HealthWarning && status == api.HealthPassing { status = api.HealthWarning @@ -151,7 +153,7 @@ func getCatalogOverview(catalog *structs.CatalogContents) *structs.CatalogSummar } summary.Add(status) - nodeSummaries[nodeMeta.String()] = summary + nodeSummaries[node.Partition] = summary } // Construct the summary. @@ -171,7 +173,10 @@ func getCatalogOverview(catalog *structs.CatalogContents) *structs.CatalogSummar if slice[i].Name < slice[j].Name { return true } - return slice[i].EnterpriseMeta.String() < slice[j].EnterpriseMeta.String() + if slice[i].NamespaceOrEmpty() < slice[j].NamespaceOrEmpty() { + return true + } + return slice[i].PartitionOrEmpty() < slice[j].PartitionOrEmpty() } } sort.Slice(summary.Nodes, summarySort(summary.Nodes)) diff --git a/agent/structs/structs_oss.go b/agent/structs/structs_oss.go index 7f56c4355..669361802 100644 --- a/agent/structs/structs_oss.go +++ b/agent/structs/structs_oss.go @@ -15,10 +15,6 @@ var emptyEnterpriseMeta = EnterpriseMeta{} // EnterpriseMeta stub type EnterpriseMeta struct{} -func (m *EnterpriseMeta) String() string { - return "" -} - func (m *EnterpriseMeta) ToEnterprisePolicyMeta() *acl.EnterprisePolicyMeta { return nil } From 8f98bbda752a434b541dd2524aa4c9bd76b858e6 Mon Sep 17 00:00:00 2001 From: FFMMM Date: Wed, 23 Mar 2022 13:29:12 -0700 Subject: [PATCH 013/785] [metrics][rpc]: add basic prefix filter test for new rpc metric (#12598) Signed-off-by: FFMMM --- agent/metrics_test.go | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/agent/metrics_test.go b/agent/metrics_test.go index 9b5e84500..e0d088cfa 100644 --- a/agent/metrics_test.go +++ b/agent/metrics_test.go @@ -66,7 +66,7 @@ func assertMetricNotExists(t *testing.T, respRec *httptest.ResponseRecorder, met } } -// TestAgent_NewRPCMetrics test for the new RPC metrics presence. These are the labeled metrics coming from +// TestAgent_NewRPCMetrics test for the new RPC metrics. These are the labeled metrics coming from // agent.rpc.middleware.interceptors package. func TestAgent_NewRPCMetrics(t *testing.T) { skipIfShortTesting(t) @@ -94,6 +94,30 @@ func TestAgent_NewRPCMetrics(t *testing.T) { assertMetricExists(t, respRec, metricsPrefix+"_rpc_server_call") }) + + t.Run("Check that new rpc metrics can be filtered out", func(t *testing.T) { + metricsPrefix := "new_rpc_metrics_2" + hcl := fmt.Sprintf(` + telemetry = { + prometheus_retention_time = "5s" + disable_hostname = true + metrics_prefix = "%s" + prefix_filter = ["-%s.rpc.server.call"] + } + `, metricsPrefix, metricsPrefix) + + a := StartTestAgent(t, TestAgent{HCL: hcl}) + defer a.Shutdown() + + var out struct{} + err := a.RPC("Status.Ping", struct{}{}, &out) + require.NoError(t, err) + + respRec := httptest.NewRecorder() + recordPromMetrics(t, a, respRec) + + assertMetricNotExists(t, respRec, metricsPrefix+"_rpc_server_call") + }) } // TestHTTPHandlers_AgentMetrics_ConsulAutopilot_Prometheus adds testing around From 96e0d8fd0d8e987043707d8f556aff2203bf2ee6 Mon Sep 17 00:00:00 2001 From: Riddhi Shah Date: Thu, 24 Mar 2022 16:55:05 +0530 Subject: [PATCH 014/785] ACL pkg updates to support Agentless RPCs For many of the new RPCs that will be added in Consul servers for Agentless work, the ACL token will need to be authorized for service:write on any service in any namespace in any partition. The ACL package updates are to make ServiceWriteAny related helpers available on the different authorizers. --- acl/acl_test.go | 12 ++++++++++++ acl/authorizer.go | 11 +++++++++++ acl/authorizer_test.go | 6 ++++++ acl/chained_authorizer.go | 7 +++++++ acl/chained_authorizer_test.go | 3 +++ acl/policy_authorizer.go | 2 +- acl/policy_authorizer_test.go | 2 ++ acl/static_authorizer.go | 7 +++++++ 8 files changed, 49 insertions(+), 1 deletion(-) diff --git a/acl/acl_test.go b/acl/acl_test.go index 3bbfed25e..3ce0fa59b 100644 --- a/acl/acl_test.go +++ b/acl/acl_test.go @@ -145,6 +145,10 @@ func checkAllowServiceWrite(t *testing.T, authz Authorizer, prefix string, entCt require.Equal(t, Allow, authz.ServiceWrite(prefix, entCtx)) } +func checkAllowServiceWriteAny(t *testing.T, authz Authorizer, _ string, entCtx *AuthorizerContext) { + require.Equal(t, Allow, authz.ServiceWriteAny(entCtx)) +} + func checkAllowSessionRead(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) { require.Equal(t, Allow, authz.SessionRead(prefix, entCtx)) } @@ -265,6 +269,10 @@ func checkDenyServiceWrite(t *testing.T, authz Authorizer, prefix string, entCtx require.Equal(t, Deny, authz.ServiceWrite(prefix, entCtx)) } +func checkDenyServiceWriteAny(t *testing.T, authz Authorizer, _ string, entCtx *AuthorizerContext) { + require.Equal(t, Deny, authz.ServiceWriteAny(entCtx)) +} + func checkDenySessionRead(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) { require.Equal(t, Deny, authz.SessionRead(prefix, entCtx)) } @@ -385,6 +393,10 @@ func checkDefaultServiceWrite(t *testing.T, authz Authorizer, prefix string, ent require.Equal(t, Default, authz.ServiceWrite(prefix, entCtx)) } +func checkDefaultServiceWriteAny(t *testing.T, authz Authorizer, _ string, entCtx *AuthorizerContext) { + require.Equal(t, Default, authz.ServiceWriteAny(entCtx)) +} + func checkDefaultSessionRead(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) { require.Equal(t, Default, authz.SessionRead(prefix, entCtx)) } diff --git a/acl/authorizer.go b/acl/authorizer.go index 7dc961c57..dfe2eda1d 100644 --- a/acl/authorizer.go +++ b/acl/authorizer.go @@ -149,6 +149,9 @@ type Authorizer interface { // service ServiceWrite(string, *AuthorizerContext) EnforcementDecision + // ServiceWriteAny checks for write permission on any service + ServiceWriteAny(*AuthorizerContext) EnforcementDecision + // SessionRead checks for permission to read sessions for a given node. SessionRead(string, *AuthorizerContext) EnforcementDecision @@ -411,6 +414,14 @@ func (a AllowAuthorizer) ServiceWriteAllowed(name string, ctx *AuthorizerContext return nil } +// ServiceWriteAnyAllowed checks for write permission on any service +func (a AllowAuthorizer) ServiceWriteAnyAllowed(ctx *AuthorizerContext) error { + if a.Authorizer.ServiceWriteAny(ctx) != Allow { + return PermissionDeniedByACL(a, ctx, ResourceService, AccessWrite, "any service") + } + return nil +} + // SessionReadAllowed checks for permission to read sessions for a given node. func (a AllowAuthorizer) SessionReadAllowed(name string, ctx *AuthorizerContext) error { if a.Authorizer.SessionRead(name, ctx) != Allow { diff --git a/acl/authorizer_test.go b/acl/authorizer_test.go index 63eb57fd7..b8f4d21c1 100644 --- a/acl/authorizer_test.go +++ b/acl/authorizer_test.go @@ -185,6 +185,12 @@ func (m *mockAuthorizer) ServiceWrite(segment string, ctx *AuthorizerContext) En return ret.Get(0).(EnforcementDecision) } +// ServiceWriteAny checks for service:write on any service +func (m *mockAuthorizer) ServiceWriteAny(ctx *AuthorizerContext) EnforcementDecision { + ret := m.Called(ctx) + return ret.Get(0).(EnforcementDecision) +} + // SessionRead checks for permission to read sessions for a given node. func (m *mockAuthorizer) SessionRead(segment string, ctx *AuthorizerContext) EnforcementDecision { ret := m.Called(segment, ctx) diff --git a/acl/chained_authorizer.go b/acl/chained_authorizer.go index f0d7fc329..77df69a3e 100644 --- a/acl/chained_authorizer.go +++ b/acl/chained_authorizer.go @@ -235,6 +235,13 @@ func (c *ChainedAuthorizer) ServiceWrite(name string, entCtx *AuthorizerContext) }) } +// ServiceWriteAny checks for write permission on any service +func (c *ChainedAuthorizer) ServiceWriteAny(entCtx *AuthorizerContext) EnforcementDecision { + return c.executeChain(func(authz Authorizer) EnforcementDecision { + return authz.ServiceWriteAny(entCtx) + }) +} + // SessionRead checks for permission to read sessions for a given node. func (c *ChainedAuthorizer) SessionRead(node string, entCtx *AuthorizerContext) EnforcementDecision { return c.executeChain(func(authz Authorizer) EnforcementDecision { diff --git a/acl/chained_authorizer_test.go b/acl/chained_authorizer_test.go index f6ca7184d..5f33d0166 100644 --- a/acl/chained_authorizer_test.go +++ b/acl/chained_authorizer_test.go @@ -89,6 +89,9 @@ func (authz testAuthorizer) ServiceReadAll(*AuthorizerContext) EnforcementDecisi func (authz testAuthorizer) ServiceWrite(string, *AuthorizerContext) EnforcementDecision { return EnforcementDecision(authz) } +func (authz testAuthorizer) ServiceWriteAny(*AuthorizerContext) EnforcementDecision { + return EnforcementDecision(authz) +} func (authz testAuthorizer) SessionRead(string, *AuthorizerContext) EnforcementDecision { return EnforcementDecision(authz) } diff --git a/acl/policy_authorizer.go b/acl/policy_authorizer.go index 1fdf44543..3b79a6316 100644 --- a/acl/policy_authorizer.go +++ b/acl/policy_authorizer.go @@ -767,7 +767,7 @@ func (p *policyAuthorizer) ServiceWrite(name string, _ *AuthorizerContext) Enfor return Default } -func (p *policyAuthorizer) serviceWriteAny(_ *AuthorizerContext) EnforcementDecision { +func (p *policyAuthorizer) ServiceWriteAny(_ *AuthorizerContext) EnforcementDecision { return p.anyAllowed(p.serviceRules, AccessWrite) } diff --git a/acl/policy_authorizer_test.go b/acl/policy_authorizer_test.go index f87326032..d2f69a4eb 100644 --- a/acl/policy_authorizer_test.go +++ b/acl/policy_authorizer_test.go @@ -56,6 +56,7 @@ func TestPolicyAuthorizer(t *testing.T) { {name: "DefaultPreparedQueryWrite", prefix: "foo", check: checkDefaultPreparedQueryWrite}, {name: "DefaultServiceRead", prefix: "foo", check: checkDefaultServiceRead}, {name: "DefaultServiceWrite", prefix: "foo", check: checkDefaultServiceWrite}, + {name: "DefaultServiceWriteAny", prefix: "", check: checkDefaultServiceWriteAny}, {name: "DefaultSessionRead", prefix: "foo", check: checkDefaultSessionRead}, {name: "DefaultSessionWrite", prefix: "foo", check: checkDefaultSessionWrite}, {name: "DefaultSnapshot", prefix: "foo", check: checkDefaultSnapshot}, @@ -267,6 +268,7 @@ func TestPolicyAuthorizer(t *testing.T) { {name: "ServiceWritePrefixDenied", prefix: "food", check: checkDenyServiceWrite}, {name: "ServiceReadDenied", prefix: "football", check: checkDenyServiceRead}, {name: "ServiceWriteDenied", prefix: "football", check: checkDenyServiceWrite}, + {name: "ServiceWriteAnyAllowed", prefix: "", check: checkAllowServiceWriteAny}, {name: "NodeReadPrefixAllowed", prefix: "fo", check: checkAllowNodeRead}, {name: "NodeWritePrefixDenied", prefix: "fo", check: checkDenyNodeWrite}, diff --git a/acl/static_authorizer.go b/acl/static_authorizer.go index 1807d0684..951b026f3 100644 --- a/acl/static_authorizer.go +++ b/acl/static_authorizer.go @@ -219,6 +219,13 @@ func (s *staticAuthorizer) ServiceWrite(string, *AuthorizerContext) EnforcementD return Deny } +func (s *staticAuthorizer) ServiceWriteAny(*AuthorizerContext) EnforcementDecision { + if s.defaultAllow { + return Allow + } + return Deny +} + func (s *staticAuthorizer) SessionRead(string, *AuthorizerContext) EnforcementDecision { if s.defaultAllow { return Allow From 4d6229a3abe6cabd9c00ff0c9f7f8c274aff9d7c Mon Sep 17 00:00:00 2001 From: FFMMM Date: Thu, 24 Mar 2022 10:37:04 -0700 Subject: [PATCH 015/785] remove Telemetry.MergeDefaults (#12606) Signed-off-by: FFMMM --- lib/telemetry.go | 52 ----------------------- lib/telemetry_test.go | 99 ------------------------------------------- 2 files changed, 151 deletions(-) delete mode 100644 lib/telemetry_test.go diff --git a/lib/telemetry.go b/lib/telemetry.go index d85e51d45..d74edb37c 100644 --- a/lib/telemetry.go +++ b/lib/telemetry.go @@ -1,7 +1,6 @@ package lib import ( - "reflect" "time" "github.com/armon/go-metrics" @@ -200,57 +199,6 @@ type TelemetryConfig struct { PrometheusOpts prometheus.PrometheusOpts } -// MergeDefaults copies any non-zero field from defaults into the current -// config. -// TODO(kit): We no longer use this function and can probably delete it -func (c *TelemetryConfig) MergeDefaults(defaults *TelemetryConfig) { - if defaults == nil { - return - } - cfgPtrVal := reflect.ValueOf(c) - cfgVal := cfgPtrVal.Elem() - otherVal := reflect.ValueOf(*defaults) - for i := 0; i < cfgVal.NumField(); i++ { - f := cfgVal.Field(i) - if !f.IsValid() || !f.CanSet() { - continue - } - // See if the current value is a zero-value, if _not_ skip it - // - // No built in way to check for zero-values for all types so only - // implementing this for the types we actually have for now. Test failure - // should catch the case where we add new types later. - switch f.Kind() { - case reflect.Struct: - if f.Type() == reflect.TypeOf(prometheus.PrometheusOpts{}) { - continue - } - case reflect.Slice: - if !f.IsNil() { - continue - } - case reflect.Int, reflect.Int64: // time.Duration == int64 - if f.Int() != 0 { - continue - } - case reflect.String: - if f.String() != "" { - continue - } - case reflect.Bool: - if f.Bool() { - continue - } - default: - // Needs implementing, should be caught by tests. - continue - } - - // It's zero, copy it from defaults - f.Set(otherVal.Field(i)) - } -} - func statsiteSink(cfg TelemetryConfig, hostname string) (metrics.MetricSink, error) { addr := cfg.StatsiteAddr if addr == "" { diff --git a/lib/telemetry_test.go b/lib/telemetry_test.go deleted file mode 100644 index 4ee012f1e..000000000 --- a/lib/telemetry_test.go +++ /dev/null @@ -1,99 +0,0 @@ -package lib - -import ( - "reflect" - "testing" - "time" - - "github.com/armon/go-metrics/prometheus" - - "github.com/stretchr/testify/require" -) - -func makeFullTelemetryConfig(t *testing.T) TelemetryConfig { - var ( - promOpts = prometheus.PrometheusOpts{} - strSliceVal = []string{"foo"} - strVal = "foo" - intVal = int64(1 * time.Second) - ) - - cfg := TelemetryConfig{} - cfgP := reflect.ValueOf(&cfg) - cfgV := cfgP.Elem() - for i := 0; i < cfgV.NumField(); i++ { - f := cfgV.Field(i) - if !f.IsValid() || !f.CanSet() { - continue - } - // Set non-zero values for all fields. We only implement kinds that exist - // now for brevity but will fail the test if a new field type is added since - // this is likely not implemented in MergeDefaults either. - switch f.Kind() { - case reflect.Struct: - if f.Type() != reflect.TypeOf(promOpts) { - t.Fatalf("unknown struct type in TelemetryConfig: actual %v, expected: %v", f.Type(), reflect.TypeOf(promOpts)) - } - // TODO(kit): This should delve into the fields and set them individually rather than using an empty struct - f.Set(reflect.ValueOf(promOpts)) - case reflect.Slice: - if f.Type() != reflect.TypeOf(strSliceVal) { - t.Fatalf("unknown slice type in TelemetryConfig." + - " You need to update MergeDefaults and this test code.") - } - f.Set(reflect.ValueOf(strSliceVal)) - case reflect.Int, reflect.Int64: // time.Duration == int64 - f.SetInt(intVal) - case reflect.String: - f.SetString(strVal) - case reflect.Bool: - f.SetBool(true) - default: - t.Fatalf("unknown field type in TelemetryConfig" + - " You need to update MergeDefaults and this test code.") - } - } - return cfg -} - -func TestTelemetryConfig_MergeDefaults(t *testing.T) { - tests := []struct { - name string - cfg TelemetryConfig - defaults TelemetryConfig - want TelemetryConfig - }{ - { - name: "basic merge", - cfg: TelemetryConfig{ - StatsiteAddr: "stats.it:4321", - }, - defaults: TelemetryConfig{ - StatsdAddr: "localhost:5678", - StatsiteAddr: "localhost:1234", - }, - want: TelemetryConfig{ - StatsdAddr: "localhost:5678", - StatsiteAddr: "stats.it:4321", - }, - }, - { - // This test uses reflect to build a TelemetryConfig with every value set - // to ensure that we exercise every possible field type. This means that - // if new fields are added that are not supported types in the code, this - // test should either ensure they work or fail to build the test case and - // fail the test. - name: "exhaustive", - cfg: TelemetryConfig{}, - defaults: makeFullTelemetryConfig(t), - want: makeFullTelemetryConfig(t), - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - c := tt.cfg - c.MergeDefaults(&tt.defaults) - require.Equal(t, tt.want, c) - }) - } -} From 0d5cbf6f301ef73ed3d0be2089a138680f94b47d Mon Sep 17 00:00:00 2001 From: Kyle Havlovitz Date: Thu, 24 Mar 2022 12:16:05 -0700 Subject: [PATCH 016/785] Sort by partition/ns/servicename instead of the reverse --- agent/consul/server_overview.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/agent/consul/server_overview.go b/agent/consul/server_overview.go index 7417f8032..b75ffed5d 100644 --- a/agent/consul/server_overview.go +++ b/agent/consul/server_overview.go @@ -170,13 +170,13 @@ func getCatalogOverview(catalog *structs.CatalogContents) *structs.CatalogSummar summarySort := func(slice []structs.HealthSummary) func(int, int) bool { return func(i, j int) bool { - if slice[i].Name < slice[j].Name { + if slice[i].PartitionOrEmpty() < slice[j].PartitionOrEmpty() { return true } if slice[i].NamespaceOrEmpty() < slice[j].NamespaceOrEmpty() { return true } - return slice[i].PartitionOrEmpty() < slice[j].PartitionOrEmpty() + return slice[i].Name < slice[j].Name } } sort.Slice(summary.Nodes, summarySort(summary.Nodes)) From 8020fb2098f7eeed58a84f2f8369ced2bf5396bb Mon Sep 17 00:00:00 2001 From: Mike Morris Date: Thu, 24 Mar 2022 15:32:25 -0400 Subject: [PATCH 017/785] agent: convert listener config to TLS types (#12522) * tlsutil: initial implementation of types/TLSVersion tlsutil: add test for parsing deprecated agent TLS version strings tlsutil: return TLSVersionInvalid with error tlsutil: start moving tlsutil cipher suite lookups over to types/tls tlsutil: rename tlsLookup to ParseTLSVersion, add cipherSuiteLookup agent: attempt to use types in runtime config agent: implement b.tlsVersion validation in config builder agent: fix tlsVersion nil check in builder tlsutil: update to renamed ParseTLSVersion and goTLSVersions tlsutil: fixup TestConfigurator_CommonTLSConfigTLSMinVersion tlsutil: disable invalid config parsing tests tlsutil: update tests auto_config: lookup old config strings from base.TLSMinVersion auto_config: update endpoint tests to use TLS types agent: update runtime_test to use TLS types agent: update TestRuntimeCinfig_Sanitize.golden agent: update config runtime tests to expect TLS types * website: update Consul agent tls_min_version values * agent: fixup TLS parsing and compilation errors * test: fixup lint issues in agent/config_runtime_test and tlsutil/config_test * tlsutil: add CHACHA20_POLY1305 cipher suites to goTLSCipherSuites * test: revert autoconfig tls min version fixtures to old format * types: add TLSVersions public function * agent: add warning for deprecated TLS version strings * agent: move agent config specific logic from tlsutil.ParseTLSVersion into agent config builder * tlsutil(BREAKING): change default TLS min version to TLS 1.2 * agent: move ParseCiphers logic from tlsutil into agent config builder * tlsutil: remove unused CipherString function * agent: fixup import for types package * Revert "tlsutil: remove unused CipherString function" This reverts commit 6ca7f6f58d268e617501b7db9500113c13bae70c. * agent: fixup config builder and runtime tests * tlsutil: fixup one remaining ListenerConfig -> ProtocolConfig * test: move TLS cipher suites parsing test from tlsutil into agent config builder tests * agent: remove parseCiphers helper from auto_config_endpoint_test * test: remove unused imports from tlsutil * agent: remove resolved FIXME comment * tlsutil: remove TODO and FIXME in cipher suite validation * agent: prevent setting inherited cipher suite config when TLS 1.3 is specified * changelog: add entry for converting agent config to TLS types * agent: remove FIXME in runtime test, this is covered in builder tests with invalid tls9 value now * tlsutil: remove config tests for values checked at agent config builder boundary * tlsutil: remove tls version check from loadProtocolConfig * tlsutil: remove tests and TODOs for logic checked in TestBuilder_tlsVersion and TestBuilder_tlsCipherSuites * website: update search link for supported Consul agent cipher suites * website: apply review suggestions for tls_min_version description * website: attempt to clean up markdown list formatting for tls_min_version * website: moar linebreaks to fix tls_min_version formatting * Revert "website: moar linebreaks to fix tls_min_version formatting" This reverts commit 38585927422f73ebf838a7663e566ac245f2a75c. * autoconfig: translate old values for TLSMinVersion * agent: rename var for translated value of deprecated TLS version value * Update agent/config/deprecated.go Co-authored-by: Dan Upton * agent: fix lint issue * agent: fixup deprecated config test assertions for updated warning Co-authored-by: Dan Upton --- .changelog/12522.txt | 15 ++ agent/auto-config/config_translate.go | 13 +- agent/auto-config/config_translate_test.go | 2 +- agent/config/builder.go | 76 ++++++++- agent/config/builder_test.go | 57 +++++++ agent/config/default.go | 2 +- agent/config/deprecated.go | 13 +- agent/config/deprecated_test.go | 12 +- agent/config/runtime_test.go | 35 ++-- .../TestRuntimeConfig_Sanitize.golden | 2 +- agent/config/testdata/full-config.hcl | 19 ++- agent/config/testdata/full-config.json | 19 ++- agent/consul/auto_config_endpoint.go | 1 + agent/consul/auto_config_endpoint_test.go | 26 ++- tlsutil/config.go | 151 +++++++----------- tlsutil/config_test.go | 79 ++------- types/tls.go | 13 +- website/content/docs/agent/options.mdx | 25 ++- 18 files changed, 318 insertions(+), 242 deletions(-) create mode 100644 .changelog/12522.txt diff --git a/.changelog/12522.txt b/.changelog/12522.txt new file mode 100644 index 000000000..a9d8ec5fc --- /dev/null +++ b/.changelog/12522.txt @@ -0,0 +1,15 @@ +```release-note:deprecation +agent: deprecate older syntax for specifying TLS min version values +``` +```release-note:deprecation +agent: remove support for specifying insecure TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 and TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 cipher suites +``` +```release-note:enhancement +agent: add additional validation to TLS config +``` +```release-note:enhancement +agent: bump default min version for connections to TLS 1.2 +``` +```release-note:enhancement +agent: add support for specifying TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 and TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 cipher suites +``` diff --git a/agent/auto-config/config_translate.go b/agent/auto-config/config_translate.go index 4b7f7e663..c5c3606a9 100644 --- a/agent/auto-config/config_translate.go +++ b/agent/auto-config/config_translate.go @@ -6,6 +6,7 @@ import ( "github.com/hashicorp/consul/proto/pbautoconf" "github.com/hashicorp/consul/proto/pbconfig" "github.com/hashicorp/consul/proto/pbconnect" + "github.com/hashicorp/consul/types" ) // translateAgentConfig is meant to take in a proto/pbconfig.Config type @@ -83,9 +84,19 @@ func translateConfig(c *pbconfig.Config) config.Config { if t := c.TLS; t != nil { result.TLS.Defaults = config.TLSProtocolConfig{ VerifyOutgoing: &t.VerifyOutgoing, - TLSMinVersion: stringPtrOrNil(t.MinVersion), TLSCipherSuites: stringPtrOrNil(t.CipherSuites), } + + // NOTE: This inner check for deprecated values should eventually be + // removed, and possibly replaced with a versioning scheme for autoconfig + // or a proper integration with the deprecated config handling in + // agent/config/deprecated.go + if v, ok := types.DeprecatedConsulAgentTLSVersions[t.MinVersion]; ok { + result.TLS.Defaults.TLSMinVersion = stringPtrOrNil(v.String()) + } else { + result.TLS.Defaults.TLSMinVersion = stringPtrOrNil(t.MinVersion) + } + result.TLS.InternalRPC.VerifyServerHostname = &t.VerifyServerHostname } diff --git a/agent/auto-config/config_translate_test.go b/agent/auto-config/config_translate_test.go index ed605672d..e48eebf31 100644 --- a/agent/auto-config/config_translate_test.go +++ b/agent/auto-config/config_translate_test.go @@ -108,7 +108,7 @@ func TestTranslateConfig(t *testing.T) { Defaults: config.TLSProtocolConfig{ VerifyOutgoing: boolPointer(true), TLSCipherSuites: stringPointer("stuff"), - TLSMinVersion: stringPointer("tls13"), + TLSMinVersion: stringPointer("TLSv1_3"), }, InternalRPC: config.TLSProtocolConfig{ VerifyServerHostname: boolPointer(true), diff --git a/agent/config/builder.go b/agent/config/builder.go index 478540db8..d9686254b 100644 --- a/agent/config/builder.go +++ b/agent/config/builder.go @@ -1971,15 +1971,63 @@ func (b *builder) cidrsVal(name string, v []string) (nets []*net.IPNet) { return } -func (b *builder) tlsCipherSuites(name string, v *string) []uint16 { +func (b *builder) tlsVersion(name string, v *string) types.TLSVersion { + // Handles unspecified config and empty string case. + // + // This check is not inside types.ValidateTLSVersionString because Envoy config + // distinguishes between an unset empty string which inherits parent config and + // an explicit TLS_AUTO which allows overriding parent config with the proxy + // defaults. + if v == nil || *v == "" { + return types.TLSVersionAuto + } + + a := types.TLSVersion(*v) + + err := types.ValidateTLSVersion(a) + if err != nil { + b.err = multierror.Append(b.err, fmt.Errorf("%s: invalid TLS version: %s", name, err)) + return types.TLSVersionInvalid + } + return a +} + +// validateTLSVersionCipherSuitesCompat checks that the specified TLS version supports +// specifying cipher suites +func validateTLSVersionCipherSuitesCompat(tlsMinVersion types.TLSVersion) error { + if tlsMinVersion == types.TLSv1_3 { + return fmt.Errorf("TLS 1.3 cipher suites are not configurable") + } + return nil +} + +// tlsCipherSuites parses cipher suites from a comma-separated string into a +// recognized slice +func (b *builder) tlsCipherSuites(name string, v *string, tlsMinVersion types.TLSVersion) []types.TLSCipherSuite { if v == nil { return nil } - var a []uint16 - a, err := tlsutil.ParseCiphers(*v) + if err := validateTLSVersionCipherSuitesCompat(tlsMinVersion); err != nil { + b.err = multierror.Append(b.err, fmt.Errorf("%s: %s", name, err)) + return nil + } + + *v = strings.TrimSpace(*v) + if *v == "" { + return []types.TLSCipherSuite{} + } + ciphers := strings.Split(*v, ",") + + a := make([]types.TLSCipherSuite, len(ciphers)) + for i, cipher := range ciphers { + a[i] = types.TLSCipherSuite(cipher) + } + + err := types.ValidateConsulAgentCipherSuites(a) if err != nil { - b.err = multierror.Append(b.err, fmt.Errorf("%s: invalid tls cipher suites: %s", name, err)) + b.err = multierror.Append(b.err, fmt.Errorf("%s: invalid TLS cipher suites: %s", name, err)) + return []types.TLSCipherSuite{} } return a } @@ -2477,14 +2525,14 @@ func (b *builder) buildTLSConfig(rt RuntimeConfig, t TLS) (tlsutil.Config, error b.warn("tls.grpc was provided but TLS will NOT be enabled on the gRPC listener without an HTTPS listener configured (e.g. via ports.https)") } - defaultCipherSuites := b.tlsCipherSuites("tls.defaults.tls_cipher_suites", t.Defaults.TLSCipherSuites) + defaultTLSMinVersion := b.tlsVersion("tls.defaults.tls_min_version", t.Defaults.TLSMinVersion) + defaultCipherSuites := b.tlsCipherSuites("tls.defaults.tls_cipher_suites", t.Defaults.TLSCipherSuites, defaultTLSMinVersion) mapCommon := func(name string, src TLSProtocolConfig, dst *tlsutil.ProtocolConfig) { dst.CAPath = stringValWithDefault(src.CAPath, stringVal(t.Defaults.CAPath)) dst.CAFile = stringValWithDefault(src.CAFile, stringVal(t.Defaults.CAFile)) dst.CertFile = stringValWithDefault(src.CertFile, stringVal(t.Defaults.CertFile)) dst.KeyFile = stringValWithDefault(src.KeyFile, stringVal(t.Defaults.KeyFile)) - dst.TLSMinVersion = stringValWithDefault(src.TLSMinVersion, stringVal(t.Defaults.TLSMinVersion)) dst.VerifyIncoming = boolValWithDefault(src.VerifyIncoming, boolVal(t.Defaults.VerifyIncoming)) // We prevent this from being set explicity in the tls.grpc stanza above, but @@ -2494,12 +2542,26 @@ func (b *builder) buildTLSConfig(rt RuntimeConfig, t TLS) (tlsutil.Config, error dst.VerifyOutgoing = boolValWithDefault(src.VerifyOutgoing, boolVal(t.Defaults.VerifyOutgoing)) } + if src.TLSMinVersion == nil { + dst.TLSMinVersion = defaultTLSMinVersion + } else { + dst.TLSMinVersion = b.tlsVersion( + fmt.Sprintf("tls.%s.tls_min_version", name), + src.TLSMinVersion, + ) + } + if src.TLSCipherSuites == nil { - dst.CipherSuites = defaultCipherSuites + // If cipher suite config incompatible with a specified TLS min version + // would be inherited, omit it but don't return an error in the builder. + if validateTLSVersionCipherSuitesCompat(dst.TLSMinVersion) == nil { + dst.CipherSuites = defaultCipherSuites + } } else { dst.CipherSuites = b.tlsCipherSuites( fmt.Sprintf("tls.%s.tls_cipher_suites", name), src.TLSCipherSuites, + dst.TLSMinVersion, ) } } diff --git a/agent/config/builder_test.go b/agent/config/builder_test.go index 80ad7b368..58fd922fc 100644 --- a/agent/config/builder_test.go +++ b/agent/config/builder_test.go @@ -12,6 +12,8 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + + "github.com/hashicorp/consul/types" ) func TestLoad(t *testing.T) { @@ -327,3 +329,58 @@ func TestBuilder_ServiceVal_MultiError(t *testing.T) { func intPtr(v int) *int { return &v } + +func TestBuilder_tlsVersion(t *testing.T) { + b := builder{} + + validTLSVersion := "TLSv1_3" + b.tlsVersion("tls.defaults.tls_min_version", &validTLSVersion) + + deprecatedTLSVersion := "tls11" + b.tlsVersion("tls.defaults.tls_min_version", &deprecatedTLSVersion) + + invalidTLSVersion := "tls9" + b.tlsVersion("tls.defaults.tls_min_version", &invalidTLSVersion) + + require.Error(t, b.err) + require.Contains(t, b.err.Error(), "2 errors") + require.Contains(t, b.err.Error(), deprecatedTLSVersion) + require.Contains(t, b.err.Error(), invalidTLSVersion) +} + +func TestBuilder_tlsCipherSuites(t *testing.T) { + b := builder{} + + validCipherSuites := strings.Join([]string{ + "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", + "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", + "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", + "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", + "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", + "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", + }, ",") + b.tlsCipherSuites("tls.defaults.tls_cipher_suites", &validCipherSuites, types.TLSv1_2) + require.NoError(t, b.err) + + unsupportedCipherSuites := strings.Join([]string{ + "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", + }, ",") + b.tlsCipherSuites("tls.defaults.tls_cipher_suites", &unsupportedCipherSuites, types.TLSv1_2) + + invalidCipherSuites := strings.Join([]string{ + "cipherX", + }, ",") + b.tlsCipherSuites("tls.defaults.tls_cipher_suites", &invalidCipherSuites, types.TLSv1_2) + + b.tlsCipherSuites("tls.defaults.tls_cipher_suites", &validCipherSuites, types.TLSv1_3) + + require.Error(t, b.err) + require.Contains(t, b.err.Error(), "3 errors") + require.Contains(t, b.err.Error(), unsupportedCipherSuites) + require.Contains(t, b.err.Error(), invalidCipherSuites) + require.Contains(t, b.err.Error(), "cipher suites are not configurable") +} diff --git a/agent/config/default.go b/agent/config/default.go index 3f40766ff..c0c1bd9b9 100644 --- a/agent/config/default.go +++ b/agent/config/default.go @@ -58,7 +58,7 @@ func DefaultSource() Source { tls = { defaults = { - tls_min_version = "tls12" + tls_min_version = "TLSv1_2" } } diff --git a/agent/config/deprecated.go b/agent/config/deprecated.go index d2649d61d..b27150b51 100644 --- a/agent/config/deprecated.go +++ b/agent/config/deprecated.go @@ -2,6 +2,8 @@ package config import ( "fmt" + + "github.com/hashicorp/consul/types" ) type DeprecatedConfig struct { @@ -219,7 +221,16 @@ func applyDeprecatedTLSConfig(dep DeprecatedConfig, cfg *Config) []string { if v := dep.TLSMinVersion; v != nil { if defaults.TLSMinVersion == nil { - defaults.TLSMinVersion = v + // NOTE: This inner check for deprecated values should eventually be + // removed + if version, ok := types.DeprecatedConsulAgentTLSVersions[*v]; ok { + // Log warning about deprecated config values + warns = append(warns, fmt.Sprintf("'tls_min_version' value '%s' is deprecated, please specify '%s' instead", *v, version)) + versionString := version.String() + defaults.TLSMinVersion = &versionString + } else { + defaults.TLSMinVersion = v + } } warns = append(warns, deprecationWarning("tls_min_version", "tls.defaults.tls_min_version")) } diff --git a/agent/config/deprecated_test.go b/agent/config/deprecated_test.go index ce32a3ccd..36dd86907 100644 --- a/agent/config/deprecated_test.go +++ b/agent/config/deprecated_test.go @@ -1,7 +1,7 @@ package config import ( - "crypto/tls" + "fmt" "sort" "testing" "time" @@ -9,6 +9,7 @@ import ( "github.com/stretchr/testify/require" "github.com/hashicorp/consul/tlsutil" + "github.com/hashicorp/consul/types" ) func TestLoad_DeprecatedConfig(t *testing.T) { @@ -33,8 +34,8 @@ ca_file = "some-ca-file" ca_path = "some-ca-path" cert_file = "some-cert-file" key_file = "some-key-file" -tls_cipher_suites = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" -tls_min_version = "some-tls-version" +tls_cipher_suites = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" +tls_min_version = "tls11" verify_incoming = true verify_incoming_https = false verify_incoming_rpc = false @@ -61,6 +62,7 @@ tls_prefer_server_cipher_suites = true deprecationWarning("cert_file", "tls.defaults.cert_file"), deprecationWarning("key_file", "tls.defaults.key_file"), deprecationWarning("tls_cipher_suites", "tls.defaults.tls_cipher_suites"), + fmt.Sprintf("'tls_min_version' value 'tls11' is deprecated, please specify 'TLSv1_1' instead"), deprecationWarning("tls_min_version", "tls.defaults.tls_min_version"), deprecationWarning("verify_incoming", "tls.defaults.verify_incoming"), deprecationWarning("verify_incoming_https", "tls.https.verify_incoming"), @@ -90,8 +92,8 @@ tls_prefer_server_cipher_suites = true require.Equal(t, "some-ca-path", l.CAPath) require.Equal(t, "some-cert-file", l.CertFile) require.Equal(t, "some-key-file", l.KeyFile) - require.Equal(t, "some-tls-version", l.TLSMinVersion) - require.Equal(t, []uint16{tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256}, l.CipherSuites) + require.Equal(t, types.TLSVersion("TLSv1_1"), l.TLSMinVersion) + require.Equal(t, []types.TLSCipherSuite{types.TLSCipherSuite("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA")}, l.CipherSuites) } require.False(t, rt.TLS.InternalRPC.VerifyIncoming) diff --git a/agent/config/runtime_test.go b/agent/config/runtime_test.go index 7c24e71d3..b239b1ed4 100644 --- a/agent/config/runtime_test.go +++ b/agent/config/runtime_test.go @@ -2,7 +2,6 @@ package config import ( "bytes" - "crypto/tls" "encoding/base64" "encoding/json" "errors" @@ -5395,8 +5394,8 @@ func TestLoad_IntegrationWithFlags(t *testing.T) { ca_file = "default_ca_file" ca_path = "default_ca_path" cert_file = "default_cert_file" - tls_min_version = "tls12" - tls_cipher_suites = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" + tls_min_version = "TLSv1_2" + tls_cipher_suites = "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" verify_incoming = true } @@ -5406,7 +5405,7 @@ func TestLoad_IntegrationWithFlags(t *testing.T) { https { cert_file = "https_cert_file" - tls_min_version = "tls13" + tls_min_version = "TLSv1_3" } grpc { @@ -5425,8 +5424,8 @@ func TestLoad_IntegrationWithFlags(t *testing.T) { "ca_file": "default_ca_file", "ca_path": "default_ca_path", "cert_file": "default_cert_file", - "tls_min_version": "tls12", - "tls_cipher_suites": "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", + "tls_min_version": "TLSv1_2", + "tls_cipher_suites": "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", "verify_incoming": true }, "internal_rpc": { @@ -5434,7 +5433,7 @@ func TestLoad_IntegrationWithFlags(t *testing.T) { }, "https": { "cert_file": "https_cert_file", - "tls_min_version": "tls13" + "tls_min_version": "TLSv1_3" }, "grpc": { "verify_incoming": false, @@ -5455,22 +5454,21 @@ func TestLoad_IntegrationWithFlags(t *testing.T) { rt.TLS.InternalRPC.CAFile = "internal_rpc_ca_file" rt.TLS.InternalRPC.CAPath = "default_ca_path" rt.TLS.InternalRPC.CertFile = "default_cert_file" - rt.TLS.InternalRPC.TLSMinVersion = "tls12" - rt.TLS.InternalRPC.CipherSuites = []uint16{tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256} + rt.TLS.InternalRPC.TLSMinVersion = "TLSv1_2" + rt.TLS.InternalRPC.CipherSuites = []types.TLSCipherSuite{types.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256} rt.TLS.InternalRPC.VerifyIncoming = true rt.TLS.HTTPS.CAFile = "default_ca_file" rt.TLS.HTTPS.CAPath = "default_ca_path" rt.TLS.HTTPS.CertFile = "https_cert_file" - rt.TLS.HTTPS.TLSMinVersion = "tls13" - rt.TLS.HTTPS.CipherSuites = []uint16{tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256} + rt.TLS.HTTPS.TLSMinVersion = "TLSv1_3" rt.TLS.HTTPS.VerifyIncoming = true rt.TLS.GRPC.CAFile = "default_ca_file" rt.TLS.GRPC.CAPath = "default_ca_path" rt.TLS.GRPC.CertFile = "default_cert_file" - rt.TLS.GRPC.TLSMinVersion = "tls12" - rt.TLS.GRPC.CipherSuites = []uint16{tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA} + rt.TLS.GRPC.TLSMinVersion = "TLSv1_2" + rt.TLS.GRPC.CipherSuites = []types.TLSCipherSuite{types.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA} rt.TLS.GRPC.VerifyIncoming = false }, }) @@ -6310,8 +6308,8 @@ func TestLoad_FullConfig(t *testing.T) { CAPath: "lOp1nhPa", CertFile: "dfJ4oPln", KeyFile: "aL1Knkpo", - TLSMinVersion: "lPo1MklP", - CipherSuites: []uint16{tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256}, + TLSMinVersion: types.TLSv1_1, + CipherSuites: []types.TLSCipherSuite{types.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, types.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA}, VerifyOutgoing: true, VerifyServerHostname: true, }, @@ -6321,8 +6319,8 @@ func TestLoad_FullConfig(t *testing.T) { CAPath: "fLponKpl", CertFile: "a674klPn", KeyFile: "1y4prKjl", - TLSMinVersion: "lPo4fNkl", - CipherSuites: []uint16{tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256}, + TLSMinVersion: types.TLSv1_0, + CipherSuites: []types.TLSCipherSuite{types.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, types.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA}, VerifyOutgoing: false, }, HTTPS: tlsutil.ProtocolConfig{ @@ -6331,8 +6329,7 @@ func TestLoad_FullConfig(t *testing.T) { CAPath: "nu4PlHzn", CertFile: "1yrhPlMk", KeyFile: "1bHapOkL", - TLSMinVersion: "mK14iOpz", - CipherSuites: []uint16{tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256}, + TLSMinVersion: types.TLSv1_3, VerifyOutgoing: true, }, NodeName: "otlLxGaI", diff --git a/agent/config/testdata/TestRuntimeConfig_Sanitize.golden b/agent/config/testdata/TestRuntimeConfig_Sanitize.golden index 0f8d66b8b..a8e2f46ee 100644 --- a/agent/config/testdata/TestRuntimeConfig_Sanitize.golden +++ b/agent/config/testdata/TestRuntimeConfig_Sanitize.golden @@ -453,4 +453,4 @@ "Version": "", "VersionPrerelease": "", "Watches": [] -} \ No newline at end of file +} diff --git a/agent/config/testdata/full-config.hcl b/agent/config/testdata/full-config.hcl index bb68055cf..48b6e9a1a 100644 --- a/agent/config/testdata/full-config.hcl +++ b/agent/config/testdata/full-config.hcl @@ -653,8 +653,8 @@ tls { ca_path = "bN63LpXu" cert_file = "hB4PoxkL" key_file = "Po0hB1tY" - tls_cipher_suites = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" - tls_min_version = "yU0uIp1A" + tls_cipher_suites = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" + tls_min_version = "TLSv1_2" verify_incoming = true verify_outgoing = true } @@ -663,8 +663,8 @@ tls { ca_path = "lOp1nhPa" cert_file = "dfJ4oPln" key_file = "aL1Knkpo" - tls_cipher_suites = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" - tls_min_version = "lPo1MklP" + tls_cipher_suites = "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" + tls_min_version = "TLSv1_1" verify_incoming = true verify_outgoing = true verify_server_hostname = true @@ -674,8 +674,7 @@ tls { ca_path = "nu4PlHzn" cert_file = "1yrhPlMk" key_file = "1bHapOkL" - tls_cipher_suites = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" - tls_min_version = "mK14iOpz" + tls_min_version = "TLSv1_3" verify_incoming = true verify_outgoing = true } @@ -684,13 +683,13 @@ tls { ca_path = "fLponKpl" cert_file = "a674klPn" key_file = "1y4prKjl" - tls_cipher_suites = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" - tls_min_version = "lPo4fNkl" + tls_cipher_suites = "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" + tls_min_version = "TLSv1_0" verify_incoming = true } } -tls_cipher_suites = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" -tls_min_version = "pAOWafkR" +tls_cipher_suites = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" +tls_min_version = "tls11" tls_prefer_server_cipher_suites = true translate_wan_addrs = true ui_config { diff --git a/agent/config/testdata/full-config.json b/agent/config/testdata/full-config.json index 574c715f4..1c92d6d02 100644 --- a/agent/config/testdata/full-config.json +++ b/agent/config/testdata/full-config.json @@ -650,8 +650,8 @@ "ca_path": "bN63LpXu", "cert_file": "hB4PoxkL", "key_file": "Po0hB1tY", - "tls_cipher_suites": "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", - "tls_min_version": "yU0uIp1A", + "tls_cipher_suites": "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "tls_min_version": "TLSv1_2", "verify_incoming": true, "verify_outgoing": true }, @@ -660,8 +660,8 @@ "ca_path": "lOp1nhPa", "cert_file": "dfJ4oPln", "key_file": "aL1Knkpo", - "tls_cipher_suites": "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", - "tls_min_version": "lPo1MklP", + "tls_cipher_suites": "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", + "tls_min_version": "TLSv1_1", "verify_incoming": true, "verify_outgoing": true }, @@ -670,8 +670,7 @@ "ca_path": "nu4PlHzn", "cert_file": "1yrhPlMk", "key_file": "1bHapOkL", - "tls_cipher_suites": "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", - "tls_min_version": "mK14iOpz", + "tls_min_version": "TLSv1_3", "verify_incoming": true, "verify_outgoing": true }, @@ -680,13 +679,13 @@ "ca_path": "fLponKpl", "cert_file": "a674klPn", "key_file": "1y4prKjl", - "tls_cipher_suites": "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", - "tls_min_version": "lPo4fNkl", + "tls_cipher_suites": "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", + "tls_min_version": "TLSv1_0", "verify_incoming": true } }, - "tls_cipher_suites": "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", - "tls_min_version": "pAOWafkR", + "tls_cipher_suites": "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "tls_min_version": "tls11", "tls_prefer_server_cipher_suites": true, "translate_wan_addrs": true, "ui_config": { diff --git a/agent/consul/auto_config_endpoint.go b/agent/consul/auto_config_endpoint.go index 781192d6e..5ca15f33b 100644 --- a/agent/consul/auto_config_endpoint.go +++ b/agent/consul/auto_config_endpoint.go @@ -281,6 +281,7 @@ func (ac *AutoConfig) updateTLSSettingsInConfig(_ AutoConfigOptions, resp *pbaut } var err error + resp.Config.TLS, err = ac.tlsConfigurator.AutoConfigTLSSettings() return err } diff --git a/agent/consul/auto_config_endpoint_test.go b/agent/consul/auto_config_endpoint_test.go index 00873b615..f81461bbb 100644 --- a/agent/consul/auto_config_endpoint_test.go +++ b/agent/consul/auto_config_endpoint_test.go @@ -25,6 +25,7 @@ import ( "github.com/hashicorp/consul/proto/pbconnect" "github.com/hashicorp/consul/sdk/testutil" "github.com/hashicorp/consul/tlsutil" + "github.com/hashicorp/consul/types" "gopkg.in/square/go-jose.v2/jwt" ) @@ -173,7 +174,7 @@ func TestAutoConfigInitialConfiguration(t *testing.T) { c.TLSConfig.InternalRPC.VerifyOutgoing = true c.TLSConfig.InternalRPC.VerifyIncoming = true c.TLSConfig.InternalRPC.VerifyServerHostname = true - c.TLSConfig.InternalRPC.TLSMinVersion = "tls12" + c.TLSConfig.InternalRPC.TLSMinVersion = types.TLSv1_2 c.ConnectEnabled = true c.AutoEncryptAllowTLS = true @@ -391,13 +392,6 @@ func TestAutoConfig_baseConfig(t *testing.T) { } } -func parseCiphers(t *testing.T, cipherStr string) []uint16 { - t.Helper() - ciphers, err := tlsutil.ParseCiphers(cipherStr) - require.NoError(t, err) - return ciphers -} - func TestAutoConfig_updateTLSSettingsInConfig(t *testing.T) { _, _, cacert, err := testTLSCertificates("server.dc1.consul") require.NoError(t, err) @@ -418,9 +412,9 @@ func TestAutoConfig_updateTLSSettingsInConfig(t *testing.T) { InternalRPC: tlsutil.ProtocolConfig{ VerifyServerHostname: true, VerifyOutgoing: true, - TLSMinVersion: "tls12", + TLSMinVersion: types.TLSv1_2, CAFile: cafile, - CipherSuites: parseCiphers(t, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"), + CipherSuites: []types.TLSCipherSuite{"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}, }, }, expected: pbautoconf.AutoConfigResponse{ @@ -439,9 +433,9 @@ func TestAutoConfig_updateTLSSettingsInConfig(t *testing.T) { InternalRPC: tlsutil.ProtocolConfig{ VerifyServerHostname: false, VerifyOutgoing: true, - TLSMinVersion: "tls10", + TLSMinVersion: types.TLSv1_0, CAFile: cafile, - CipherSuites: parseCiphers(t, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"), + CipherSuites: []types.TLSCipherSuite{"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}, }, }, expected: pbautoconf.AutoConfigResponse{ @@ -635,9 +629,9 @@ func TestAutoConfig_updateTLSCertificatesInConfig(t *testing.T) { InternalRPC: tlsutil.ProtocolConfig{ VerifyServerHostname: true, VerifyOutgoing: true, - TLSMinVersion: "tls12", + TLSMinVersion: types.TLSv1_2, CAFile: cafile, - CipherSuites: parseCiphers(t, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"), + CipherSuites: []types.TLSCipherSuite{"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}, }, }, expected: pbautoconf.AutoConfigResponse{ @@ -654,9 +648,9 @@ func TestAutoConfig_updateTLSCertificatesInConfig(t *testing.T) { InternalRPC: tlsutil.ProtocolConfig{ VerifyServerHostname: true, VerifyOutgoing: true, - TLSMinVersion: "tls12", + TLSMinVersion: types.TLSv1_2, CAFile: cafile, - CipherSuites: parseCiphers(t, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"), + CipherSuites: []types.TLSCipherSuite{"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}, }, }, opts: AutoConfigOptions{ diff --git a/tlsutil/config.go b/tlsutil/config.go index c6157da93..bf4e9f6c6 100644 --- a/tlsutil/config.go +++ b/tlsutil/config.go @@ -8,7 +8,6 @@ import ( "net" "os" "path/filepath" - "sort" "strings" "sync" "sync/atomic" @@ -19,6 +18,7 @@ import ( "github.com/hashicorp/consul/logging" "github.com/hashicorp/consul/proto/pbconfig" + "github.com/hashicorp/consul/types" ) // ALPNWrapper is a function that is used to wrap a non-TLS connection and @@ -36,13 +36,13 @@ type DCWrapper func(dc string, conn net.Conn) (net.Conn, error) // a constant value. This is usually done by currying DCWrapper. type Wrapper func(conn net.Conn) (net.Conn, error) -// tlsLookup maps the tls_min_version configuration to the internal value -var tlsLookup = map[string]uint16{ - "": tls.VersionTLS10, // default in golang - "tls10": tls.VersionTLS10, - "tls11": tls.VersionTLS11, - "tls12": tls.VersionTLS12, - "tls13": tls.VersionTLS13, +// goTLSVersions maps types.TLSVersion to the Go internal value +var goTLSVersions = map[types.TLSVersion]uint16{ + types.TLSVersionAuto: tls.VersionTLS12, + types.TLSv1_0: tls.VersionTLS10, + types.TLSv1_1: tls.VersionTLS11, + types.TLSv1_2: tls.VersionTLS12, + types.TLSv1_3: tls.VersionTLS13, } // ProtocolConfig contains configuration for a given protocol. @@ -71,27 +71,16 @@ type ProtocolConfig struct { KeyFile string // TLSMinVersion is the minimum accepted TLS version that can be used. - TLSMinVersion string + + TLSMinVersion types.TLSVersion // CipherSuites is the list of TLS cipher suites to use. // - // The values should be a list of the following values: - // - // TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - // TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - // TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - // TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - // TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - // TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - // TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - // TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - // TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - // - // todo(fs): IMHO, we should also support the raw 0xNNNN values from - // todo(fs): https://golang.org/pkg/crypto/tls/#pkg-constants - // todo(fs): since they are standardized by IANA. - CipherSuites []uint16 + // We don't support the raw 0xNNNN values from + // https://golang.org/pkg/crypto/tls/#pkg-constants + // even though they are standardized by IANA because it would increase + // the likelihood of an operator inadvertently setting an insecure configuration + CipherSuites []types.TLSCipherSuite // VerifyOutgoing is used to verify the authenticity of outgoing // connections. This means that TLS requests are used, and TCP @@ -148,17 +137,6 @@ type Config struct { AutoTLS bool } -func tlsVersions() []string { - versions := []string{} - for v := range tlsLookup { - if v != "" { - versions = append(versions, v) - } - } - sort.Strings(versions) - return versions -} - // SpecificDC is used to invoke a static datacenter // and turns a DCWrapper into a Wrapper type. func SpecificDC(dc string, tlsWrap DCWrapper) Wrapper { @@ -289,19 +267,12 @@ func (c *Configurator) Update(config Config) error { // loadProtocolConfig loads the certificates etc. for a given ProtocolConfig // and performs validation. -func (c *Configurator) loadProtocolConfig(base Config, lc ProtocolConfig) (*protocolConfig, error) { - if min := lc.TLSMinVersion; min != "" { - if _, ok := tlsLookup[min]; !ok { - versions := strings.Join(tlsVersions(), ", ") - return nil, fmt.Errorf("TLSMinVersion: value %s not supported, please specify one of [%s]", min, versions) - } - } - - cert, err := loadKeyPair(lc.CertFile, lc.KeyFile) +func (c *Configurator) loadProtocolConfig(base Config, pc ProtocolConfig) (*protocolConfig, error) { + cert, err := loadKeyPair(pc.CertFile, pc.KeyFile) if err != nil { return nil, err } - pems, err := LoadCAs(lc.CAFile, lc.CAPath) + pems, err := LoadCAs(pc.CAFile, pc.CAPath) if err != nil { return nil, err } @@ -314,7 +285,7 @@ func (c *Configurator) loadProtocolConfig(base Config, lc ProtocolConfig) (*prot return nil, err } - if lc.VerifyIncoming { + if pc.VerifyIncoming { // Both auto-config and auto-encrypt require verifying the connection from the // client to the server for secure operation. In order to be able to verify the // server's certificate we must have some CA certs already provided. Therefore, @@ -336,7 +307,7 @@ func (c *Configurator) loadProtocolConfig(base Config, lc ProtocolConfig) (*prot } // Ensure we have a CA if VerifyOutgoing is set. - if lc.VerifyOutgoing && combinedPool == nil { + if pc.VerifyOutgoing && combinedPool == nil { return nil, fmt.Errorf("VerifyOutgoing set but no CA certificates were provided") } @@ -572,7 +543,11 @@ func (c *Configurator) commonTLSConfig(state protocolConfig, cfg ProtocolConfig, // Set the cipher suites if len(cfg.CipherSuites) != 0 { - tlsConfig.CipherSuites = cfg.CipherSuites + // TLS cipher suites are validated on input in agent config builder, + // so it's safe to ignore the error case here. + + cipherSuites, _ := cipherSuiteLookup(cfg.CipherSuites) + tlsConfig.CipherSuites = cipherSuites } // GetCertificate is used when acting as a server and responding to @@ -607,10 +582,11 @@ func (c *Configurator) commonTLSConfig(state protocolConfig, cfg ProtocolConfig, tlsConfig.ClientCAs = state.combinedCAPool tlsConfig.RootCAs = state.combinedCAPool - // This is possible because tlsLookup also contains "" with golang's - // default (tls10). And because the initial check makes sure the - // version correctly matches. - tlsConfig.MinVersion = tlsLookup[cfg.TLSMinVersion] + // Error handling is not needed here because agent config builder handles "" + // or a nil value as TLSVersionAuto with goTLSVersions mapping TLSVersionAuto + // to TLS 1.2 and because the initial check makes sure a specified version is + // not invalid. + tlsConfig.MinVersion = goTLSVersions[cfg.TLSMinVersion] // Set ClientAuth if necessary if verifyIncoming { @@ -736,7 +712,7 @@ func (c *Configurator) AutoConfigTLSSettings() (*pbconfig.TLS, error) { return &pbconfig.TLS{ VerifyOutgoing: cfg.VerifyOutgoing, VerifyServerHostname: cfg.VerifyServerHostname || c.autoTLS.verifyServerHostname, - MinVersion: cfg.TLSMinVersion, + MinVersion: types.ConsulAutoConfigTLSVersionStrings[cfg.TLSMinVersion], CipherSuites: cipherString, }, nil } @@ -1080,32 +1056,32 @@ func (c *Configurator) AuthorizeServerConn(dc string, conn TLSConn) error { } -// ParseCiphers parse ciphersuites from the comma-separated string into -// recognized slice -func ParseCiphers(cipherStr string) ([]uint16, error) { +// NOTE: any new cipher suites will also need to be added in types/tls.go +// TODO: should this be moved into types/tls.go? Would importing Go's tls +// package in there be acceptable? +var goTLSCipherSuites = map[types.TLSCipherSuite]uint16{ + types.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, + types.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + types.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + types.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + types.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + + types.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, + types.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + types.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + types.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, + types.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, +} + +func cipherSuiteLookup(ciphers []types.TLSCipherSuite) ([]uint16, error) { suites := []uint16{} - cipherStr = strings.TrimSpace(cipherStr) - if cipherStr == "" { + if len(ciphers) == 0 { return []uint16{}, nil } - ciphers := strings.Split(cipherStr, ",") - // Note: this needs to be kept up to date with the cipherMap in CipherString - cipherMap := map[string]uint16{ - "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA": tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, - "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256": tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, - "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256": tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA": tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, - "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384": tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, - "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA": tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, - "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256": tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256": tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA": tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, - "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384": tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, - } for _, cipher := range ciphers { - if v, ok := cipherMap[cipher]; ok { + if v, ok := goTLSCipherSuites[cipher]; ok { suites = append(suites, v) } else { return suites, fmt.Errorf("unsupported cipher %q", cipher) @@ -1115,29 +1091,16 @@ func ParseCiphers(cipherStr string) ([]uint16, error) { return suites, nil } -// CipherString performs the inverse operation of ParseCiphers -func CipherString(ciphers []uint16) (string, error) { - // Note: this needs to be kept up to date with the cipherMap in ParseCiphers - cipherMap := map[uint16]string{ - tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", - tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", - tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", - tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", - tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", - tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", - tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", - tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", - tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", - tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", +// CipherString performs the inverse operation of types.ParseCiphers +func CipherString(ciphers []types.TLSCipherSuite) (string, error) { + err := types.ValidateConsulAgentCipherSuites(ciphers) + if err != nil { + return "", err } cipherStrings := make([]string, len(ciphers)) for i, cipher := range ciphers { - if v, ok := cipherMap[cipher]; ok { - cipherStrings[i] = v - } else { - return "", fmt.Errorf("unsupported cipher %d", cipher) - } + cipherStrings[i] = string(cipher) } return strings.Join(cipherStrings, ","), nil diff --git a/tlsutil/config_test.go b/tlsutil/config_test.go index abcade402..b49bd66bc 100644 --- a/tlsutil/config_test.go +++ b/tlsutil/config_test.go @@ -8,8 +8,6 @@ import ( "io/ioutil" "net" "path/filepath" - "reflect" - "strings" "testing" "github.com/google/go-cmp/cmp" @@ -19,6 +17,7 @@ import ( "github.com/stretchr/testify/require" "github.com/hashicorp/consul/sdk/testutil" + "github.com/hashicorp/consul/types" ) func TestConfigurator_IncomingConfig_Common(t *testing.T) { @@ -46,7 +45,7 @@ func TestConfigurator_IncomingConfig_Common(t *testing.T) { t.Run(desc, func(t *testing.T) { t.Run("MinTLSVersion", func(t *testing.T) { cfg := ProtocolConfig{ - TLSMinVersion: "tls13", + TLSMinVersion: "TLSv1_3", CertFile: "../test/hostname/Alice.crt", KeyFile: "../test/hostname/Alice.key", } @@ -69,7 +68,7 @@ func TestConfigurator_IncomingConfig_Common(t *testing.T) { t.Run("CipherSuites", func(t *testing.T) { cfg := ProtocolConfig{ - CipherSuites: []uint16{tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384}, + CipherSuites: []types.TLSCipherSuite{types.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384}, CertFile: "../test/hostname/Alice.crt", KeyFile: "../test/hostname/Alice.key", } @@ -760,45 +759,6 @@ func TestConfigurator_outgoingWrapperALPN_serverHasNoNodeNameInSAN(t *testing.T) <-errc } -func TestConfig_ParseCiphers(t *testing.T) { - testOk := strings.Join([]string{ - "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", - "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", - "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", - "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", - "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", - "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", - "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", - "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", - "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", - }, ",") - ciphers := []uint16{ - tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, - tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, - tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, - tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, - tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, - tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, - tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, - tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, - } - v, err := ParseCiphers(testOk) - require.NoError(t, err) - if got, want := v, ciphers; !reflect.DeepEqual(got, want) { - t.Fatalf("got ciphers %#v want %#v", got, want) - } - - _, err = ParseCiphers("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,cipherX") - require.Error(t, err) - - v, err = ParseCiphers("") - require.NoError(t, err) - require.Equal(t, []uint16{}, v) -} - func TestLoadKeyPair(t *testing.T) { type variant struct { cert, key string @@ -866,14 +826,6 @@ func TestConfigurator_Validation(t *testing.T) { } testCases := map[string]testCase{ - "invalid TLSMinVersion": { - ProtocolConfig{TLSMinVersion: "tls9"}, - false, - }, - "default TLSMinVersion": { - ProtocolConfig{TLSMinVersion: ""}, - true, - }, "invalid CAFile": { ProtocolConfig{CAFile: "bogus"}, false, @@ -986,13 +938,6 @@ func TestConfigurator_Validation(t *testing.T) { }, } - for _, v := range tlsVersions() { - testCases[fmt.Sprintf("MinTLSVersion(%s)", v)] = testCase{ - ProtocolConfig{TLSMinVersion: v}, - true, - } - } - for desc, tc := range testCases { for _, p := range []string{"internal", "grpc", "https"} { info := fmt.Sprintf("%s => %s", p, desc) @@ -1229,7 +1174,7 @@ func TestConfigurator_OutgoingTLSConfigForCheck(t *testing.T) { conf: func() (*Configurator, error) { return NewConfigurator(Config{ InternalRPC: ProtocolConfig{ - TLSMinVersion: "tls12", + TLSMinVersion: types.TLSv1_2, }, EnableAgentTLSForChecks: false, }, nil) @@ -1242,7 +1187,7 @@ func TestConfigurator_OutgoingTLSConfigForCheck(t *testing.T) { conf: func() (*Configurator, error) { return NewConfigurator(Config{ InternalRPC: ProtocolConfig{ - TLSMinVersion: "tls12", + TLSMinVersion: types.TLSv1_2, }, EnableAgentTLSForChecks: false, ServerName: "servername", @@ -1257,7 +1202,7 @@ func TestConfigurator_OutgoingTLSConfigForCheck(t *testing.T) { conf: func() (*Configurator, error) { return NewConfigurator(Config{ InternalRPC: ProtocolConfig{ - TLSMinVersion: "tls12", + TLSMinVersion: types.TLSv1_2, }, EnableAgentTLSForChecks: false, ServerName: "servername", @@ -1275,7 +1220,7 @@ func TestConfigurator_OutgoingTLSConfigForCheck(t *testing.T) { conf: func() (*Configurator, error) { return NewConfigurator(Config{ InternalRPC: ProtocolConfig{ - TLSMinVersion: "tls12", + TLSMinVersion: types.TLSv1_2, }, EnableAgentTLSForChecks: true, NodeName: "nodename", @@ -1292,7 +1237,7 @@ func TestConfigurator_OutgoingTLSConfigForCheck(t *testing.T) { conf: func() (*Configurator, error) { return NewConfigurator(Config{ InternalRPC: ProtocolConfig{ - TLSMinVersion: "tls12", + TLSMinVersion: types.TLSv1_2, }, EnableAgentTLSForChecks: true, NodeName: "nodename", @@ -1310,7 +1255,7 @@ func TestConfigurator_OutgoingTLSConfigForCheck(t *testing.T) { conf: func() (*Configurator, error) { return NewConfigurator(Config{ InternalRPC: ProtocolConfig{ - TLSMinVersion: "tls12", + TLSMinVersion: types.TLSv1_2, }, EnableAgentTLSForChecks: true, ServerName: "servername", @@ -1517,12 +1462,6 @@ func TestConfigurator_AuthorizeInternalRPCServerConn(t *testing.T) { }) } -func TestConfig_tlsVersions(t *testing.T) { - require.Equal(t, []string{"tls10", "tls11", "tls12", "tls13"}, tlsVersions()) - expected := "tls10, tls11, tls12, tls13" - require.Equal(t, expected, strings.Join(tlsVersions(), ", ")) -} - func TestConfigurator_GRPCTLSConfigured(t *testing.T) { t.Run("certificate manually configured", func(t *testing.T) { c := makeConfigurator(t, Config{ diff --git a/types/tls.go b/types/tls.go index 9c50f498b..198d4052d 100644 --- a/types/tls.go +++ b/types/tls.go @@ -2,6 +2,7 @@ package types import ( "fmt" + "sort" "strings" ) @@ -92,9 +93,19 @@ func (a TLSVersion) LessThan(b TLSVersion) (error, bool) { return nil, tlsVersionComparison[a] < tlsVersionComparison[b] } +func TLSVersions() string { + versions := []string{} + for v := range tlsVersions { + versions = append(versions, string(v)) + } + sort.Strings(versions) + + return strings.Join(versions, ", ") +} + func ValidateTLSVersion(v TLSVersion) error { if _, ok := tlsVersions[v]; !ok { - return fmt.Errorf("no matching TLS version found for %s", v.String()) + return fmt.Errorf("no matching TLS version found for %s, please specify one of [%s]", v.String(), TLSVersions()) } return nil diff --git a/website/content/docs/agent/options.mdx b/website/content/docs/agent/options.mdx index 11eae98ae..b35e964ff 100644 --- a/website/content/docs/agent/options.mdx +++ b/website/content/docs/agent/options.mdx @@ -2495,15 +2495,30 @@ specially crafted certificate signed by the CA can be used to gain full access t [`cert_file`](#tls_defaults_cert_file). - `tls_min_version` ((#tls_defaults_tls_min_version)) This specifies the - minimum supported version of TLS. Accepted values are "tls10", "tls11", - "tls12", or "tls13". This defaults to "tls12". **WARNING: TLS 1.1 and - lower are generally considered less secure; avoid using these if - possible.** + minimum supported version of TLS. The following values are accepted: + * `TLSv1_0` + * `TLSv1_1` + * `TLSv1_2` (default) + * `TLSv1_3` + + **WARNING: TLS 1.1 and lower are generally considered less secure and + should not be used if possible.** + + The following values are also valid, but only when using the + [deprecated top-level `tls_min_version` config](#tls_deprecated_options), + and will be removed in a future release: + + * `tls10` + * `tls11` + * `tls12` + * `tls13` + + A warning message will appear if a deprecated value is specified. - `tls_cipher_suites` ((#tls_defaults_tls_cipher_suites)) This specifies the list of supported ciphersuites as a comma-separated-list. Applicable to TLS 1.2 and below only. The list of all supported ciphersuites is - available through [this search](https://github.com/hashicorp/consul/search?q=cipherMap+%3A%3D+map&unscoped_q=cipherMap+%3A%3D+map). + available through [this search](https://github.com/hashicorp/consul/search?q=goTLSCipherSuites+%3D+map). ~> **Note:** The ordering of cipher suites will not be guaranteed from Consul 1.11 onwards. See this [post](https://go.dev/blog/tls-cipher-suites) From 560f8cbc8953ff42db7717e48e2747c80ca016f2 Mon Sep 17 00:00:00 2001 From: FFMMM Date: Thu, 24 Mar 2022 14:41:30 -0700 Subject: [PATCH 018/785] fix bad oss sync, use gauges not counters (#12611) --- agent/metrics_test.go | 24 ------------------------ agent/rpc/middleware/interceptors.go | 2 +- agent/setup.go | 2 ++ 3 files changed, 3 insertions(+), 25 deletions(-) diff --git a/agent/metrics_test.go b/agent/metrics_test.go index e0d088cfa..b530eda25 100644 --- a/agent/metrics_test.go +++ b/agent/metrics_test.go @@ -94,30 +94,6 @@ func TestAgent_NewRPCMetrics(t *testing.T) { assertMetricExists(t, respRec, metricsPrefix+"_rpc_server_call") }) - - t.Run("Check that new rpc metrics can be filtered out", func(t *testing.T) { - metricsPrefix := "new_rpc_metrics_2" - hcl := fmt.Sprintf(` - telemetry = { - prometheus_retention_time = "5s" - disable_hostname = true - metrics_prefix = "%s" - prefix_filter = ["-%s.rpc.server.call"] - } - `, metricsPrefix, metricsPrefix) - - a := StartTestAgent(t, TestAgent{HCL: hcl}) - defer a.Shutdown() - - var out struct{} - err := a.RPC("Status.Ping", struct{}{}, &out) - require.NoError(t, err) - - respRec := httptest.NewRecorder() - recordPromMetrics(t, a, respRec) - - assertMetricNotExists(t, respRec, metricsPrefix+"_rpc_server_call") - }) } // TestHTTPHandlers_AgentMetrics_ConsulAutopilot_Prometheus adds testing around diff --git a/agent/rpc/middleware/interceptors.go b/agent/rpc/middleware/interceptors.go index d52999e76..a5ee26f4e 100644 --- a/agent/rpc/middleware/interceptors.go +++ b/agent/rpc/middleware/interceptors.go @@ -24,7 +24,7 @@ const RPCTypeNetRPC = "net/rpc" var metricRPCRequest = []string{"rpc", "server", "call"} var requestLogName = "rpc.server.request" -var NewRPCCounters = []prometheus.CounterDefinition{ +var NewRPCGauges = []prometheus.GaugeDefinition{ { Name: metricRPCRequest, Help: "Increments when a server makes an RPC service call. The labels on the metric have more information", diff --git a/agent/setup.go b/agent/setup.go index bf67c0360..4921a42d8 100644 --- a/agent/setup.go +++ b/agent/setup.go @@ -25,6 +25,7 @@ import ( "github.com/hashicorp/consul/agent/local" "github.com/hashicorp/consul/agent/pool" "github.com/hashicorp/consul/agent/router" + "github.com/hashicorp/consul/agent/rpc/middleware" "github.com/hashicorp/consul/agent/submatview" "github.com/hashicorp/consul/agent/token" "github.com/hashicorp/consul/agent/xds" @@ -214,6 +215,7 @@ func getPrometheusDefs(cfg lib.TelemetryConfig, isServer bool) ([]prometheus.Gau CertExpirationGauges, Gauges, raftGauges, + middleware.NewRPCGauges, } // TODO(ffmmm): conditionally add only leader specific metrics to gauges, counters, summaries, etc From 523e054c81368634f95452589accb357b7f09cc4 Mon Sep 17 00:00:00 2001 From: Eric Date: Fri, 25 Mar 2022 09:30:30 -0400 Subject: [PATCH 019/785] assorted changes required to remove gogo --- .circleci/config.yml | 13 +++++---- agent/http.go | 6 ++-- agent/structs/protobuf_compat.go | 17 ----------- agent/structs/structs.go | 32 +++++++++++++++++++-- build-support/scripts/proto-gen-no-gogo.sh | 33 ++++++++++++++++------ proto/pbcommon/common.gen.go | 12 ++++++++ proto/pbcommon/common.go | 29 ------------------- proto/pbcommon/common.pb.go | 6 ++++ proto/pbcommon/common.proto | 6 ++++ 9 files changed, 90 insertions(+), 64 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 64395e67b..e637d0d08 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -232,6 +232,7 @@ jobs: wget https://github.com/protocolbuffers/protobuf/releases/download/v3.12.3/protoc-3.12.3-linux-x86_64.zip sudo unzip -d /usr/local protoc-*.zip sudo chmod +x /usr/local/bin/protoc + sudo chmod -R a+Xr /usr/local/include/google/ rm protoc-*.zip - run: name: Install gogo/protobuf @@ -239,6 +240,8 @@ jobs: gogo_version=$(go list -m github.com/gogo/protobuf | awk '{print $2}') go install -v github.com/hashicorp/protoc-gen-go-binary@master go install -v github.com/gogo/protobuf/protoc-gen-gofast@${gogo_version} + go install -v github.com/favadi/protoc-go-inject-tag@v1.3.0 + go install -v github.com/golang/protobuf/protoc-gen-go@v1.3.5 - run: command: make --always-make proto @@ -278,7 +281,7 @@ jobs: fi - run-go-test-full: go_test_flags: 'if ! [[ "$CIRCLE_BRANCH" =~ ^main$|^release/ ]]; then export GO_TEST_FLAGS="-short"; fi' - + go-test: docker: - image: *GOLANG_IMAGE @@ -330,9 +333,9 @@ jobs: path: /tmp/jsonfile - run: *notify-slack-failure - # go-test-32bit is to catch problems where 64-bit ints must be 64-bit aligned + # go-test-32bit is to catch problems where 64-bit ints must be 64-bit aligned # to use them with sync/atomic. See https://golang.org/pkg/sync/atomic/#pkg-note-BUG. - # Running tests with GOARCH=386 seems to be the best way to detect this + # Running tests with GOARCH=386 seems to be the best way to detect this # problem. Only runs tests that are -short to limit the time we spend checking # for these bugs. go-test-32bit: @@ -747,11 +750,11 @@ jobs: if ! git diff --quiet --exit-code HEAD^! ui/; then git config --local user.email "github-team-consul-core@hashicorp.com" git config --local user.name "hc-github-team-consul-core" - + # -B resets the CI branch to main which may diverge history # but we will force push anyways. git checkout -B ci/main-assetfs-build main - + short_sha=$(git rev-parse --short HEAD) git add agent/uiserver/bindata_assetfs.go git commit -m "auto-updated agent/uiserver/bindata_assetfs.go from commit ${short_sha}" diff --git a/agent/http.go b/agent/http.go index 90885bc3f..e039c2c7c 100644 --- a/agent/http.go +++ b/agent/http.go @@ -31,7 +31,7 @@ import ( "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/lib" "github.com/hashicorp/consul/logging" - "github.com/hashicorp/consul/proto/pbcommongogo" + "github.com/hashicorp/consul/proto/pbcommon" ) var HTTPSummaries = []prometheus.SummaryDefinition{ @@ -781,7 +781,7 @@ func setLastContact(resp http.ResponseWriter, last time.Duration) { } // setMeta is used to set the query response meta data -func setMeta(resp http.ResponseWriter, m structs.QueryMetaCompat) error { +func setMeta(resp http.ResponseWriter, m *structs.QueryMeta) error { lastContact, err := m.GetLastContact() if err != nil { return err @@ -981,7 +981,7 @@ func (s *HTTPHandlers) parseConsistency(resp http.ResponseWriter, req *http.Requ } // parseConsistencyReadRequest is used to parse the ?consistent query param. -func parseConsistencyReadRequest(resp http.ResponseWriter, req *http.Request, b *pbcommongogo.ReadRequest) { +func parseConsistencyReadRequest(resp http.ResponseWriter, req *http.Request, b *pbcommon.ReadRequest) { query := req.URL.Query() if _, ok := query["consistent"]; ok { b.RequireConsistent = true diff --git a/agent/structs/protobuf_compat.go b/agent/structs/protobuf_compat.go index 93358e8e3..143bd97e3 100644 --- a/agent/structs/protobuf_compat.go +++ b/agent/structs/protobuf_compat.go @@ -32,23 +32,6 @@ type QueryOptionsCompat interface { SetFilter(string) } -// QueryMetaCompat is the interface that both the structs.QueryMeta -// and the proto/pbcommongogo.QueryMeta structs need to implement so that they -// can be operated on interchangeably -type QueryMetaCompat interface { - GetLastContact() (time.Duration, error) - SetLastContact(time.Duration) - GetKnownLeader() bool - SetKnownLeader(bool) - GetIndex() uint64 - SetIndex(uint64) - GetConsistencyLevel() string - SetConsistencyLevel(string) - GetBackend() QueryBackend - GetResultsFilteredByACLs() bool - SetResultsFilteredByACLs(bool) -} - // GetToken helps implement the QueryOptionsCompat interface // Copied from proto/pbcommongogo/common.pb.go func (m *QueryOptions) GetToken() string { diff --git a/agent/structs/structs.go b/agent/structs/structs.go index 9efd02c9b..ca4a7c849 100644 --- a/agent/structs/structs.go +++ b/agent/structs/structs.go @@ -16,6 +16,7 @@ import ( "strings" "time" + "github.com/golang/protobuf/proto" "github.com/hashicorp/consul-net-rpc/go-msgpack/codec" "github.com/hashicorp/go-multierror" "github.com/hashicorp/serf/coordinate" @@ -2575,13 +2576,17 @@ type ProtoMarshaller interface { func EncodeProtoInterface(t MessageType, message interface{}) ([]byte, error) { if marshaller, ok := message.(ProtoMarshaller); ok { + return EncodeProtoGogo(t, marshaller) + } + + if marshaller, ok := message.(proto.Message); ok { return EncodeProto(t, marshaller) } return nil, fmt.Errorf("message does not implement the ProtoMarshaller interface: %T", message) } -func EncodeProto(t MessageType, message ProtoMarshaller) ([]byte, error) { +func EncodeProtoGogo(t MessageType, message ProtoMarshaller) ([]byte, error) { data := make([]byte, message.Size()+1) data[0] = uint8(t) if _, err := message.MarshalTo(data[1:]); err != nil { @@ -2590,7 +2595,24 @@ func EncodeProto(t MessageType, message ProtoMarshaller) ([]byte, error) { return data, nil } -func DecodeProto(buf []byte, out ProtoMarshaller) error { +func EncodeProto(t MessageType, pb proto.Message) ([]byte, error) { + data := make([]byte, proto.Size(pb)+1) + data[0] = uint8(t) + + buf := proto.NewBuffer(data[1:1]) + if err := buf.Marshal(pb); err != nil { + return nil, err + } + + return data, nil +} + +func DecodeProto(buf []byte, pb proto.Message) error { + // Note that this assumes the leading byte indicating the type as already been stripped off. + return proto.Unmarshal(buf, pb) +} + +func DecodeProtoGogo(buf []byte, out ProtoMarshaller) error { // Note that this assumes the leading byte indicating the type as already been stripped off. return out.Unmarshal(buf) } @@ -2720,3 +2742,9 @@ func TimeToProto(s time.Time) *timestamp.Timestamp { ret, _ := ptypes.TimestampProto(s) return ret } + +// IsZeroProtoTime returns true if the time is the minimum protobuf timestamp +// (the Unix epoch). +func IsZeroProtoTime(t *timestamp.Timestamp) bool { + return t.Seconds == 0 && t.Nanos == 0 +} diff --git a/build-support/scripts/proto-gen-no-gogo.sh b/build-support/scripts/proto-gen-no-gogo.sh index c736d49de..0585a02d7 100755 --- a/build-support/scripts/proto-gen-no-gogo.sh +++ b/build-support/scripts/proto-gen-no-gogo.sh @@ -68,6 +68,8 @@ function main { return 1 fi + go mod download + local golang_proto_path=$(go list -f '{{ .Dir }}' -m github.com/golang/protobuf) local golang_proto_mod_path=$(sed -e 's,\(.*\)github.com.*,\1,' <<< "${golang_proto_path}") @@ -77,7 +79,7 @@ function main { local proto_go_path=${proto_path%%.proto}.pb.go local proto_go_bin_path=${proto_path%%.proto}.pb.binary.go - + local go_proto_out="paths=source_relative" if is_set "${grpc}" then @@ -96,10 +98,17 @@ function main { # How we run protoc probably needs some documentation. # - # This is the path to where + # This is the path to where # -I="${golang_proto_path}/protobuf" \ local -i ret=0 status_stage "Generating ${proto_path} into ${proto_go_path} and ${proto_go_bin_path} (NO GOGO)" + echo "debug_run protoc \ + -I=\"${golang_proto_path}\" \ + -I=\"${golang_proto_mod_path}\" \ + -I=\"${SOURCE_DIR}\" \ + --go_out=\"${go_proto_out}${SOURCE_DIR}\" \ + --go-binary_out=\"${SOURCE_DIR}\" \ + \"${proto_path}\"" debug_run protoc \ -I="${golang_proto_path}" \ -I="${golang_proto_mod_path}" \ @@ -107,9 +116,22 @@ function main { --go_out="${go_proto_out}${SOURCE_DIR}" \ --go-binary_out="${SOURCE_DIR}" \ "${proto_path}" + + if test $? -ne 0 + then + err "Failed to run protoc for ${proto_path}" + return 1 + fi + debug_run protoc-go-inject-tag \ -input="${proto_go_path}" + if test $? -ne 0 + then + err "Failed to run protoc-go-inject-tag for ${proto_path}" + return 1 + fi + echo "debug_run protoc \ -I=\"${golang_proto_path}\" \ -I=\"${golang_proto_mod_path}\" \ @@ -117,11 +139,6 @@ function main { --go_out=\"${go_proto_out}${SOURCE_DIR}\" \ --go-binary_out=\"${SOURCE_DIR}\" \ \"${proto_path}\"" - if test $? -ne 0 - then - err "Failed to generate outputs from ${proto_path}" - return 1 - fi BUILD_TAGS=$(sed -e '/^[[:space:]]*$/,$d' < "${proto_path}" | grep '// +build') if test -n "${BUILD_TAGS}" @@ -129,7 +146,7 @@ function main { echo -e "${BUILD_TAGS}\n" >> "${proto_go_path}.new" cat "${proto_go_path}" >> "${proto_go_path}.new" mv "${proto_go_path}.new" "${proto_go_path}" - + echo -e "${BUILD_TAGS}\n" >> "${proto_go_bin_path}.new" cat "${proto_go_bin_path}" >> "${proto_go_bin_path}.new" mv "${proto_go_bin_path}.new" "${proto_go_bin_path}" diff --git a/proto/pbcommon/common.gen.go b/proto/pbcommon/common.gen.go index 867e8089c..636931f81 100644 --- a/proto/pbcommon/common.gen.go +++ b/proto/pbcommon/common.gen.go @@ -68,3 +68,15 @@ func RaftIndexFromStructs(t *structs.RaftIndex, s *RaftIndex) { s.CreateIndex = t.CreateIndex s.ModifyIndex = t.ModifyIndex } +func WriteRequestToStructs(s *WriteRequest, t *structs.WriteRequest) { + if s == nil { + return + } + t.Token = s.Token +} +func WriteRequestFromStructs(t *structs.WriteRequest, s *WriteRequest) { + if s == nil { + return + } + s.Token = t.Token +} diff --git a/proto/pbcommon/common.go b/proto/pbcommon/common.go index fbff7e4ae..713089e48 100644 --- a/proto/pbcommon/common.go +++ b/proto/pbcommon/common.go @@ -88,35 +88,6 @@ func (q *QueryOptions) SetFilter(filter string) { q.Filter = filter } -// SetLastContact is needed to implement the structs.QueryMetaCompat interface -func (q *QueryMeta) SetLastContact(lastContact time.Duration) { - q.LastContact = structs.DurationToProto(lastContact) -} - -// SetKnownLeader is needed to implement the structs.QueryMetaCompat interface -func (q *QueryMeta) SetKnownLeader(knownLeader bool) { - q.KnownLeader = knownLeader -} - -// SetIndex is needed to implement the structs.QueryMetaCompat interface -func (q *QueryMeta) SetIndex(index uint64) { - q.Index = index -} - -// SetConsistencyLevel is needed to implement the structs.QueryMetaCompat interface -func (q *QueryMeta) SetConsistencyLevel(consistencyLevel string) { - q.ConsistencyLevel = consistencyLevel -} - -func (q *QueryMeta) GetBackend() structs.QueryBackend { - return structs.QueryBackend(0) -} - -// SetResultsFilteredByACLs is needed to implement the structs.QueryMetaCompat interface -func (q *QueryMeta) SetResultsFilteredByACLs(v bool) { - q.ResultsFilteredByACLs = v -} - // WriteRequest only applies to writes, always false // // IsRead implements structs.RPCInfo diff --git a/proto/pbcommon/common.pb.go b/proto/pbcommon/common.pb.go index 88a2d55b6..a04042cac 100644 --- a/proto/pbcommon/common.pb.go +++ b/proto/pbcommon/common.pb.go @@ -120,6 +120,12 @@ func (m *TargetDatacenter) GetDatacenter() string { return "" } +// mog annotation: +// +// target=github.com/hashicorp/consul/agent/structs.WriteRequest +// output=common.gen.go +// name=Structs +// ignore-fields=state,sizeCache,unknownFields type WriteRequest struct { // Token is the ACL token ID. If not provided, the 'anonymous' // token is assumed for backwards compatibility. diff --git a/proto/pbcommon/common.proto b/proto/pbcommon/common.proto index 19efd232b..e21b677f5 100644 --- a/proto/pbcommon/common.proto +++ b/proto/pbcommon/common.proto @@ -29,6 +29,12 @@ message TargetDatacenter { string Datacenter = 1; } +// mog annotation: +// +// target=github.com/hashicorp/consul/agent/structs.WriteRequest +// output=common.gen.go +// name=Structs +// ignore-fields=state,sizeCache,unknownFields message WriteRequest { // Token is the ACL token ID. If not provided, the 'anonymous' // token is assumed for backwards compatibility. From 906ac6576bf8ea01c84cd8b08cce46944ef90f74 Mon Sep 17 00:00:00 2001 From: Mark Anderson Date: Fri, 25 Mar 2022 12:34:59 -0700 Subject: [PATCH 020/785] Fixups for error messages from ACL Errors (#12620) Fixups for error messages from ACL Errors Alter error messages to be more verbose and explanatory, something like: Permission denied: token with AccessorID '8a2d52a0-6b41-7077-8374-09d4fafa2d30 ' lacks permission 'service:read' on "foobar" on "foobar" in partition "foo" in namespace "bar" Signed-off-by: Mark Anderson --- acl/errors.go | 4 ++-- acl/errors_oss.go | 2 +- acl/errors_test.go | 4 ++-- acl/testing.go | 9 +++++++-- 4 files changed, 12 insertions(+), 7 deletions(-) diff --git a/acl/errors.go b/acl/errors.go index c2363e2a1..7c88704b3 100644 --- a/acl/errors.go +++ b/acl/errors.go @@ -98,9 +98,9 @@ func (e PermissionDeniedError) Error() string { } if e.Accessor == "" { - message.WriteString(": provided accessor") + message.WriteString(": provided token") } else { - fmt.Fprintf(&message, ": accessor '%s'", e.Accessor) + fmt.Fprintf(&message, ": token with AccessorID '%s'", e.Accessor) } fmt.Fprintf(&message, " lacks permission '%s:%s'", e.Resource, e.AccessLevel.String()) diff --git a/acl/errors_oss.go b/acl/errors_oss.go index 9d605b34e..ef8dc993c 100644 --- a/acl/errors_oss.go +++ b/acl/errors_oss.go @@ -14,5 +14,5 @@ func NewResourceDescriptor(name string, _ *AuthorizerContext) ResourceDescriptor } func (od *ResourceDescriptor) ToString() string { - return od.Name + return "\"" + od.Name + "\"" } diff --git a/acl/errors_test.go b/acl/errors_test.go index 5b73a156e..7c651f1ec 100644 --- a/acl/errors_test.go +++ b/acl/errors_test.go @@ -29,11 +29,11 @@ func TestPermissionDeniedError(t *testing.T) { }, { err: PermissionDeniedByACL(&auth1, nil, ResourceService, AccessRead, "foobar"), - expected: "Permission denied: provided accessor lacks permission 'service:read' on foobar", + expected: "Permission denied: provided token lacks permission 'service:read' on \"foobar\"", }, { err: PermissionDeniedByACLUnnamed(&auth1, nil, ResourceService, AccessRead), - expected: "Permission denied: provided accessor lacks permission 'service:read'", + expected: "Permission denied: provided token lacks permission 'service:read'", }, } diff --git a/acl/testing.go b/acl/testing.go index 01399c630..303bd1de6 100644 --- a/acl/testing.go +++ b/acl/testing.go @@ -1,6 +1,7 @@ package acl import ( + "fmt" "github.com/stretchr/testify/require" "regexp" "testing" @@ -23,20 +24,24 @@ func RequirePermissionDeniedError(t testing.TB, err error, authz Authorizer, _ * func RequirePermissionDeniedMessage(t testing.TB, msg string, authz interface{}, _ *AuthorizerContext, resource Resource, accessLevel AccessLevel, resourceID string) { require.NotEmpty(t, msg, "expected non-empty error message") + baseRegex := ` lacks permission '(\S*):(\S*)' on \"([^\"]*)\"(?: in partition \"([^\"]*)\" in namespace \"([^\"]*)\")?\s*$` + var resourceIDFound string if authz == nil { - expr := "^Permission denied" + `: provided accessor lacks permission '(\S*):(\S*)' on (.*)\s*$` + expr := "^Permission denied" + `: provided token` + baseRegex re, _ := regexp.Compile(expr) matched := re.FindStringSubmatch(msg) + require.NotNil(t, matched, fmt.Sprintf("RE %q didn't match %q", expr, msg)) require.Equal(t, string(resource), matched[1], "resource") require.Equal(t, accessLevel.String(), matched[2], "access level") resourceIDFound = matched[3] } else { - expr := "^Permission denied" + `: accessor '(\S*)' lacks permission '(\S*):(\S*)' on (.*)\s*$` + expr := "^Permission denied" + `: token with AccessorID '(\S*)'` + baseRegex re, _ := regexp.Compile(expr) matched := re.FindStringSubmatch(msg) + require.NotNil(t, matched, fmt.Sprintf("RE %q didn't match %q", expr, msg)) require.Equal(t, extractAccessorID(authz), matched[1], "auth") require.Equal(t, string(resource), matched[2], "resource") require.Equal(t, accessLevel.String(), matched[3], "access level") From 9d3df6b08bd8b18e6a27a69e057c7cf87ad1f951 Mon Sep 17 00:00:00 2001 From: Luke Kysow <1034429+lkysow@users.noreply.github.com> Date: Fri, 25 Mar 2022 13:00:14 -0700 Subject: [PATCH 021/785] Update consul-enterprise.mdx (#12622) --- .../deployment-configurations/consul-enterprise.mdx | 2 -- 1 file changed, 2 deletions(-) diff --git a/website/content/docs/k8s/installation/deployment-configurations/consul-enterprise.mdx b/website/content/docs/k8s/installation/deployment-configurations/consul-enterprise.mdx index f27bf3baf..cd49cd238 100644 --- a/website/content/docs/k8s/installation/deployment-configurations/consul-enterprise.mdx +++ b/website/content/docs/k8s/installation/deployment-configurations/consul-enterprise.mdx @@ -39,7 +39,6 @@ Add the name and key of the secret you just created to `server.enterpriseLicense ```yaml global: image: 'hashicorp/consul-enterprise:1.10.0-ent' -server: enterpriseLicense: secretName: 'consul-ent-license' secretKey: 'key' @@ -57,7 +56,6 @@ If the version of Consul is < 1.10, use the following config with the name and k ```yaml global: image: 'hashicorp/consul-enterprise:1.8.3-ent' -server: enterpriseLicense: secretName: 'consul-ent-license' secretKey: 'key' From f531f1e87de4f72d85e9b21614046e41994285f7 Mon Sep 17 00:00:00 2001 From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com> Date: Fri, 25 Mar 2022 15:55:40 -0500 Subject: [PATCH 022/785] regenerate rpc glue stubs in protobuf files using comments (#12625) --- build-support/scripts/proto-gen-no-gogo.sh | 24 +- internal/tools/proto-gen-rpc-glue/go.mod | 3 + internal/tools/proto-gen-rpc-glue/go.sum | 0 internal/tools/proto-gen-rpc-glue/main.go | 375 +++++++++++++++++++++ 4 files changed, 395 insertions(+), 7 deletions(-) create mode 100644 internal/tools/proto-gen-rpc-glue/go.mod create mode 100644 internal/tools/proto-gen-rpc-glue/go.sum create mode 100644 internal/tools/proto-gen-rpc-glue/main.go diff --git a/build-support/scripts/proto-gen-no-gogo.sh b/build-support/scripts/proto-gen-no-gogo.sh index 0585a02d7..50d51be0d 100755 --- a/build-support/scripts/proto-gen-no-gogo.sh +++ b/build-support/scripts/proto-gen-no-gogo.sh @@ -79,6 +79,7 @@ function main { local proto_go_path=${proto_path%%.proto}.pb.go local proto_go_bin_path=${proto_path%%.proto}.pb.binary.go + local proto_go_rpcglue_path=${proto_path%%.proto}.rpcglue.pb.go local go_proto_out="paths=source_relative" if is_set "${grpc}" @@ -132,13 +133,13 @@ function main { return 1 fi - echo "debug_run protoc \ - -I=\"${golang_proto_path}\" \ - -I=\"${golang_proto_mod_path}\" \ - -I=\"${SOURCE_DIR}\" \ - --go_out=\"${go_proto_out}${SOURCE_DIR}\" \ - --go-binary_out=\"${SOURCE_DIR}\" \ - \"${proto_path}\"" + echo "debug_run protoc \ + -I=\"${golang_proto_path}\" \ + -I=\"${golang_proto_mod_path}\" \ + -I=\"${SOURCE_DIR}\" \ + --go_out=\"${go_proto_out}${SOURCE_DIR}\" \ + --go-binary_out=\"${SOURCE_DIR}\" \ + \"${proto_path}\"" BUILD_TAGS=$(sed -e '/^[[:space:]]*$/,$d' < "${proto_path}" | grep '// +build') if test -n "${BUILD_TAGS}" @@ -152,6 +153,15 @@ function main { mv "${proto_go_bin_path}.new" "${proto_go_bin_path}" fi + # note: this has to run after we fix up the build tags above + rm -f "${proto_go_rpcglue_path}" + debug_run go run ./internal/tools/proto-gen-rpc-glue/main.go -path "${proto_go_path}" + if test $? -ne 0 + then + err "Failed to generate consul rpc glue outputs from ${proto_path}" + return 1 + fi + return 0 } diff --git a/internal/tools/proto-gen-rpc-glue/go.mod b/internal/tools/proto-gen-rpc-glue/go.mod new file mode 100644 index 000000000..26535c929 --- /dev/null +++ b/internal/tools/proto-gen-rpc-glue/go.mod @@ -0,0 +1,3 @@ +module github.com/hashicorp/consul/internal/tools/proto-gen-rpc-glue + +go 1.17 diff --git a/internal/tools/proto-gen-rpc-glue/go.sum b/internal/tools/proto-gen-rpc-glue/go.sum new file mode 100644 index 000000000..e69de29bb diff --git a/internal/tools/proto-gen-rpc-glue/main.go b/internal/tools/proto-gen-rpc-glue/main.go new file mode 100644 index 000000000..a666c9fa6 --- /dev/null +++ b/internal/tools/proto-gen-rpc-glue/main.go @@ -0,0 +1,375 @@ +package main + +import ( + "bytes" + "errors" + "flag" + "fmt" + "go/ast" + "go/parser" + "go/token" + "log" + "os" + "os/exec" + "strings" +) + +var ( + flagPath = flag.String("path", "", "path of file to load") + verbose = flag.Bool("v", false, "verbose output") +) + +const ( + annotationPrefix = "@consul-rpc-glue:" + outputFileSuffix = ".rpcglue.pb.go" +) + +func main() { + flag.Parse() + + log.SetFlags(0) + + if *flagPath == "" { + log.Fatal("missing required -path argument") + } + + if err := run(*flagPath); err != nil { + log.Fatal(err) + } +} + +func run(path string) error { + fi, err := os.Stat(path) + if err != nil { + return err + } + + if fi.IsDir() { + return fmt.Errorf("argument must be a file: %s", path) + } + + if !strings.HasSuffix(path, ".pb.go") { + return fmt.Errorf("file must end with .pb.go: %s", path) + } + + if err := processFile(path); err != nil { + return fmt.Errorf("error processing file %q: %v", path, err) + } + + return nil +} + +func processFile(path string) error { + if *verbose { + log.Printf("visiting file %q", path) + } + + fset := token.NewFileSet() + tree, err := parser.ParseFile(fset, path, nil, parser.ParseComments) + if err != nil { + return err + } + + v := visitor{} + ast.Walk(&v, tree) + if err := v.Err(); err != nil { + return err + } + + if len(v.Types) == 0 { + return nil + } + + if *verbose { + log.Printf("Package: %s", v.Package) + log.Printf("BuildTags: %v", v.BuildTags) + log.Println() + for _, typ := range v.Types { + log.Printf("Type: %s", typ.Name) + ann := typ.Annotation + if ann.ReadRequest != "" { + log.Printf(" ReadRequest from %s", ann.ReadRequest) + } + if ann.WriteRequest != "" { + log.Printf(" WriteRequest from %s", ann.WriteRequest) + } + if ann.TargetDatacenter != "" { + log.Printf(" TargetDatacenter from %s", ann.TargetDatacenter) + } + } + } + + // generate output + + var buf bytes.Buffer + + if len(v.BuildTags) > 0 { + for _, line := range v.BuildTags { + buf.WriteString(line + "\n") + } + buf.WriteString("\n") + } + buf.WriteString("// Code generated by proto-gen-rpc-glue. DO NOT EDIT.\n\n") + buf.WriteString("package " + v.Package + "\n") + buf.WriteString(` +import ( + "time" +) + +`) + for _, typ := range v.Types { + if typ.Annotation.WriteRequest != "" { + buf.WriteString(fmt.Sprintf(` +func (msg *%[1]s) AllowStaleRead() bool { + return false +} + +func (msg *%[1]s) HasTimedOut(start time.Time, rpcHoldTimeout time.Duration, a time.Duration, b time.Duration) (bool, error) { + if msg == nil || msg.%[2]s == nil { + return false, nil + } + return msg.%[2]s.HasTimedOut(start, rpcHoldTimeout, a, b) +} + +func (msg *%[1]s) IsRead() bool { + return false +} + +func (msg *%[1]s) SetTokenSecret(s string) { + msg.%[2]s.SetTokenSecret(s) +} + +func (msg *%[1]s) TokenSecret() string { + if msg == nil || msg.%[2]s == nil { + return "" + } + return msg.%[2]s.TokenSecret() +} + +func (msg *%[1]s) Token() string { + if msg.%[2]s == nil { + return "" + } + return msg.%[2]s.Token +} +`, typ.Name, typ.Annotation.WriteRequest)) + } + if typ.Annotation.ReadRequest != "" { + buf.WriteString(fmt.Sprintf(` +func (msg *%[1]s) IsRead() bool { + return true +} + +func (msg *%[1]s) AllowStaleRead() bool { + return msg.%[2]s.AllowStaleRead() +} + +func (msg *%[1]s) HasTimedOut(start time.Time, rpcHoldTimeout time.Duration, a time.Duration, b time.Duration) (bool, error) { + if msg == nil || msg.%[2]s == nil { + return false, nil + } + return msg.%[2]s.HasTimedOut(start, rpcHoldTimeout, a, b) +} + +func (msg *%[1]s) SetTokenSecret(s string) { + msg.%[2]s.SetTokenSecret(s) +} + +func (msg *%[1]s) TokenSecret() string { + if msg == nil || msg.%[2]s == nil { + return "" + } + return msg.%[2]s.TokenSecret() +} + +func (msg *%[1]s) Token() string { + if msg.%[2]s == nil { + return "" + } + return msg.%[2]s.Token +} +`, typ.Name, typ.Annotation.ReadRequest)) + } + if typ.Annotation.TargetDatacenter != "" { + buf.WriteString(fmt.Sprintf(` +func (msg *%[1]s) RequestDatacenter() string { + if msg == nil || msg.%[2]s == nil { + return "" + } + return msg.%[2]s.GetDatacenter() +} +`, typ.Name, typ.Annotation.TargetDatacenter)) + } + } + + // write to disk + outFile := strings.TrimSuffix(path, ".pb.go") + outputFileSuffix + if err := os.WriteFile(outFile, buf.Bytes(), 0644); err != nil { + return err + } + + // clean up + cmd := exec.Command("gofmt", "-s", "-w", outFile) + cmd.Stdout = nil + cmd.Stderr = os.Stderr + cmd.Stdin = nil + if err := cmd.Run(); err != nil { + return fmt.Errorf("error running 'gofmt -s -w %q': %v", outFile, err) + } + + return nil +} + +type TypeInfo struct { + Name string + Annotation Annotation +} + +type visitor struct { + Package string + BuildTags []string + Types []TypeInfo + Errs []error +} + +func (v *visitor) Err() error { + switch len(v.Errs) { + case 0: + return nil + case 1: + return v.Errs[0] + default: + // + var s []string + for _, e := range v.Errs { + s = append(s, e.Error()) + } + return errors.New(strings.Join(s, "; ")) + } +} + +var _ ast.Visitor = (*visitor)(nil) + +func (v *visitor) Visit(node ast.Node) ast.Visitor { + if node == nil { + return v + } + + switch x := node.(type) { + case *ast.File: + v.Package = x.Name.Name + v.BuildTags = getRawBuildTags(x) + for _, d := range x.Decls { + gd, ok := d.(*ast.GenDecl) + if !ok { + continue + } + + if gd.Doc == nil { + continue + } else if len(gd.Specs) != 1 { + continue + } + spec := gd.Specs[0] + + typeSpec, ok := spec.(*ast.TypeSpec) + if !ok { + continue + } + + ann, err := getAnnotation(gd.Doc.List) + if err != nil { + v.Errs = append(v.Errs, err) + continue + } else if ann.IsZero() { + continue + } + + v.Types = append(v.Types, TypeInfo{ + Name: typeSpec.Name.Name, + Annotation: ann, + }) + + } + } + return v +} + +type Annotation struct { + ReadRequest string + WriteRequest string + TargetDatacenter string +} + +func (a Annotation) IsZero() bool { + return a == Annotation{} +} + +func getAnnotation(doc []*ast.Comment) (Annotation, error) { + raw, ok := getRawStructAnnotation(doc) + if !ok { + return Annotation{}, nil + } + + var ann Annotation + + parts := strings.Split(raw, ",") + for _, part := range parts { + part = strings.TrimSpace(part) + switch { + case part == "ReadRequest": + ann.ReadRequest = "ReadRequest" + case strings.HasPrefix(part, "ReadRequest"): + ann.TargetDatacenter = strings.TrimPrefix(part, "ReadRequest") + + case part == "WriteRequest": + ann.WriteRequest = "WriteRequest" + case strings.HasPrefix(part, "WriteRequest"): + ann.TargetDatacenter = strings.TrimPrefix(part, "WriteRequest") + + case part == "TargetDatacenter": + ann.TargetDatacenter = "TargetDatacenter" + case strings.HasPrefix(part, "TargetDatacenter"): + ann.TargetDatacenter = strings.TrimPrefix(part, "TargetDatacenter") + + default: + return Annotation{}, fmt.Errorf("unexpected annotation part: %s", part) + } + } + + return ann, nil +} + +func getRawStructAnnotation(doc []*ast.Comment) (string, bool) { + for _, line := range doc { + text := strings.TrimSpace(strings.TrimLeft(line.Text, "/")) + + ann := strings.TrimSpace(strings.TrimPrefix(text, annotationPrefix)) + + if text != ann { + return ann, true + } + } + return "", false +} + +func getRawBuildTags(file *ast.File) []string { + // build tags are always the first group, at the very top + if len(file.Comments) == 0 { + return nil + } + cg := file.Comments[0] + + var out []string + for _, line := range cg.List { + text := strings.TrimSpace(strings.TrimLeft(line.Text, "/")) + + if !strings.HasPrefix(text, "go:build ") && !strings.HasPrefix(text, "+build") { + break // stop at first non-build-tag + } + + out = append(out, line.Text) + } + + return out +} From 8bd05b1fb0908fa9c61f31546b8ba132cebf02f7 Mon Sep 17 00:00:00 2001 From: Luke Kysow <1034429+lkysow@users.noreply.github.com> Date: Fri, 25 Mar 2022 18:40:51 -0700 Subject: [PATCH 023/785] Fix logic for website checker (#12627) Workflow should run when no docs/cherry-pick label && no pr/docs-label --- .github/workflows/website-checker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/website-checker.yml b/.github/workflows/website-checker.yml index 8e4360b96..17d69dc8c 100644 --- a/.github/workflows/website-checker.yml +++ b/.github/workflows/website-checker.yml @@ -23,7 +23,7 @@ jobs: website-check: # If there's already a `type/docs-cherrypick` label or an explicit `pr/no-docs` label, we ignore this check if: >- - !contains(github.event.pull_request.labels.*.name, 'type/docs-cherrypick') || + !contains(github.event.pull_request.labels.*.name, 'type/docs-cherrypick') && !contains(github.event.pull_request.labels.*.name, 'pr/no-docs') runs-on: ubuntu-latest From 7010948f3111abf14988b291fceca2fcb32f90e1 Mon Sep 17 00:00:00 2001 From: driesgroblerw <52571246+driesgroblerw@users.noreply.github.com> Date: Mon, 28 Mar 2022 14:43:25 +0200 Subject: [PATCH 024/785] Updated the link to acl-policies https://www.consul.io/docs/security/acl was pointing to https://www.consul.io/docs/security/acl/policies (broken) and is now pointing to https://www.consul.io/docs/security/acl/acl-policies (working) --- website/content/docs/security/acl/index.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/content/docs/security/acl/index.mdx b/website/content/docs/security/acl/index.mdx index 197d63250..2c05964a8 100644 --- a/website/content/docs/security/acl/index.mdx +++ b/website/content/docs/security/acl/index.mdx @@ -54,7 +54,7 @@ In addition to the rules that authenticate access to services, several attribute Refer to the following topics for details about policies: -- [Policies](/docs/security/acl/policies) +- [Policies](/docs/security/acl/acl-policies) - [ACL policy command line](/commands/acl/policy) - [ACL policy API](/api-docs/acl/policies) From 8b9387404d4ab157aef7fc66d5fce737484c4c3d Mon Sep 17 00:00:00 2001 From: "Chris S. Kim" Date: Mon, 28 Mar 2022 10:10:52 -0400 Subject: [PATCH 025/785] Add example of goimports -local --- .github/CONTRIBUTING.md | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md index a2e713e00..c2b2b9b05 100644 --- a/.github/CONTRIBUTING.md +++ b/.github/CONTRIBUTING.md @@ -85,6 +85,25 @@ To build Consul, run `make dev`. In a few moments, you'll have a working Go provides [tooling to apply consistent code formatting](https://golang.org/doc/effective_go#formatting). If you make any changes to the code, run `gofmt -s -w` to automatically format the code according to Go standards. +##### Organizing Imports + +Group imports using `goimports -local github.com/hashicorp/consul/` to keep [local packages](https://github.com/golang/tools/commit/ed69e84b1518b5857a9f4e01d1f9cefdcc45246e) in their own section. + +Example: +``` +import ( + "context" + "fmt" + "net/http" + + "github.com/hashicorp/go-cleanhttp" + "github.com/mitchellh/mapstructure" + + "github.com/hashicorp/consul/api" + "github.com/hashicorp/consul/lib" +) +``` + #### Updating Go Module Dependencies If a dependency is added or change, run `go mod tidy` to update `go.mod` and `go.sum`. @@ -148,4 +167,4 @@ When you're ready to submit a pull request: Some common changes that many PRs require are documented through checklists as `checklist-*.md` files in [docs/](../docs/), including: -- [Adding config fields](../docs/config/checklist-adding-config-fields.md) \ No newline at end of file +- [Adding config fields](../docs/config/checklist-adding-config-fields.md) From c7f4c48be57ab8e8deeda3635e5a9b5b4944c13f Mon Sep 17 00:00:00 2001 From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com> Date: Mon, 28 Mar 2022 09:40:56 -0500 Subject: [PATCH 026/785] proto-gen-rpc-glue: fix behavior of renamed fields (#12633) --- internal/tools/proto-gen-rpc-glue/.gitignore | 1 + internal/tools/proto-gen-rpc-glue/e2e/go.mod | 11 + internal/tools/proto-gen-rpc-glue/e2e/go.sum | 657 ++++++++++++++++++ .../tools/proto-gen-rpc-glue/e2e/source.pb.go | 32 + .../e2e/source.rpcglue.pb.go.golden | 156 +++++ internal/tools/proto-gen-rpc-glue/go.mod | 8 + internal/tools/proto-gen-rpc-glue/go.sum | 11 + internal/tools/proto-gen-rpc-glue/main.go | 12 +- .../tools/proto-gen-rpc-glue/main_test.go | 49 ++ 9 files changed, 931 insertions(+), 6 deletions(-) create mode 100644 internal/tools/proto-gen-rpc-glue/.gitignore create mode 100644 internal/tools/proto-gen-rpc-glue/e2e/go.mod create mode 100644 internal/tools/proto-gen-rpc-glue/e2e/go.sum create mode 100644 internal/tools/proto-gen-rpc-glue/e2e/source.pb.go create mode 100644 internal/tools/proto-gen-rpc-glue/e2e/source.rpcglue.pb.go.golden create mode 100644 internal/tools/proto-gen-rpc-glue/main_test.go diff --git a/internal/tools/proto-gen-rpc-glue/.gitignore b/internal/tools/proto-gen-rpc-glue/.gitignore new file mode 100644 index 000000000..14130d475 --- /dev/null +++ b/internal/tools/proto-gen-rpc-glue/.gitignore @@ -0,0 +1 @@ +./e2e/source.rpcglue.pb.go diff --git a/internal/tools/proto-gen-rpc-glue/e2e/go.mod b/internal/tools/proto-gen-rpc-glue/e2e/go.mod new file mode 100644 index 000000000..b4b31db76 --- /dev/null +++ b/internal/tools/proto-gen-rpc-glue/e2e/go.mod @@ -0,0 +1,11 @@ +module github.com/hashicorp/consul/internal/tools/proto-gen-rpc-glue/e2e + +go 1.13 + +replace github.com/hashicorp/consul => ../../../.. + +replace github.com/hashicorp/consul/api => ../../../../api + +replace github.com/hashicorp/consul/sdk => ../../../../sdk + +require github.com/hashicorp/consul v1.11.4 diff --git a/internal/tools/proto-gen-rpc-glue/e2e/go.sum b/internal/tools/proto-gen-rpc-glue/e2e/go.sum new file mode 100644 index 000000000..a0f384377 --- /dev/null +++ b/internal/tools/proto-gen-rpc-glue/e2e/go.sum @@ -0,0 +1,657 @@ +cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= +cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= +cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= +github.com/Azure/azure-sdk-for-go v44.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= +github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= +github.com/Azure/go-autorest/autorest v0.9.0/go.mod h1:xyHB1BMZT0cuDHU7I0+g046+BFDTQ8rEZB0s4Yfa6bI= +github.com/Azure/go-autorest/autorest v0.11.0/go.mod h1:JFgpikqFJ/MleTTxwepExTKnFUKKszPS8UavbQYUMuw= +github.com/Azure/go-autorest/autorest/adal v0.5.0/go.mod h1:8Z9fGy2MpX0PvDjB1pEgQTmVqjGhiHBW7RJJEciWzS0= +github.com/Azure/go-autorest/autorest/adal v0.9.0/go.mod h1:/c022QCutn2P7uY+/oQWWNcK9YU+MH96NgK+jErpbcg= +github.com/Azure/go-autorest/autorest/azure/auth v0.5.0/go.mod h1:QRTvSZQpxqm8mSErhnbI+tANIBAKP7B+UIE2z4ypUO0= +github.com/Azure/go-autorest/autorest/azure/cli v0.4.0/go.mod h1:JljT387FplPzBA31vUcvsetLKF3pec5bdAxjVU4kI2s= +github.com/Azure/go-autorest/autorest/date v0.1.0/go.mod h1:plvfp3oPSKwf2DNjlBjWF/7vwR+cUD/ELuzDCXwHUVA= +github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74= +github.com/Azure/go-autorest/autorest/mocks v0.1.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0= +github.com/Azure/go-autorest/autorest/mocks v0.2.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0= +github.com/Azure/go-autorest/autorest/mocks v0.4.0/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= +github.com/Azure/go-autorest/autorest/to v0.4.0/go.mod h1:fE8iZBn7LQR7zH/9XU2NcPR4o9jEImooCeWJcYV/zLE= +github.com/Azure/go-autorest/autorest/validation v0.3.0/go.mod h1:yhLgjC0Wda5DYXl6JAsWyUe4KVNffhoDhG0zVzUMo3E= +github.com/Azure/go-autorest/logger v0.1.0/go.mod h1:oExouG+K6PryycPJfVSxi/koC6LSNgds39diKLz7Vrc= +github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= +github.com/Azure/go-autorest/tracing v0.5.0/go.mod h1:r/s2XiOKccPW3HrqB+W0TQzfbtp2fGCgRFtBroKn4Dk= +github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= +github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= +github.com/DataDog/datadog-go v2.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= +github.com/DataDog/datadog-go v3.2.0+incompatible h1:qSG2N4FghB1He/r2mFrWKCaL7dXCilEuNEeAn20fdD4= +github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= +github.com/Microsoft/go-winio v0.4.3/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA= +github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= +github.com/NYTimes/gziphandler v1.0.1/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= +github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= +github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= +github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= +github.com/StackExchange/wmi v1.2.1/go.mod h1:rcmrprowKIVzvc+NUiLncP2uuArMWLCbu9SBzvHz7e8= +github.com/abdullin/seq v0.0.0-20160510034733-d5467c17e7af/go.mod h1:5Jv4cbFiHJMsVxt52+i0Ha45fjshj6wxYr1r19tB9bw= +github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= +github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= +github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= +github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= +github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= +github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= +github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= +github.com/armon/go-metrics v0.0.0-20190430140413-ec5e00d3c878/go.mod h1:3AMJUQhVx52RsWOnlkpikZr01T/yAVN2gn0861vByNg= +github.com/armon/go-metrics v0.3.0/go.mod h1:zXjbSimjXTd7vOpY8B0/2LpvNvDoXBuplAD+gJD3GYs= +github.com/armon/go-metrics v0.3.8/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc= +github.com/armon/go-metrics v0.3.10 h1:FR+drcQStOe+32sYyJYyZ7FIdgoGGBnwLl+flodp8Uo= +github.com/armon/go-metrics v0.3.10/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc= +github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= +github.com/armon/go-radix v1.0.0 h1:F4z6KzEeeQIMeLFa97iZU6vupzoecKdU5TX24SNppXI= +github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= +github.com/aws/aws-sdk-go v1.25.37/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= +github.com/aws/aws-sdk-go v1.25.41/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= +github.com/aws/aws-sdk-go v1.42.34/go.mod h1:OGr6lGMAKGlG9CVrYnWYDKIyb829c6EVBRjxqjmPepc= +github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= +github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= +github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= +github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= +github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= +github.com/boltdb/bolt v1.3.1/go.mod h1:clJnj/oiGkjum5o1McbSZDSLxVThjynRyGBgiAx27Ps= +github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= +github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko= +github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= +github.com/cespare/xxhash/v2 v2.1.1 h1:6MnRN8NT7+YBpUIWxHtefFZOKTAPgGjpQSxqLNn0+qY= +github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= +github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= +github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= +github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible h1:C29Ae4G5GtYyYMm1aztcyj/J5ckgJm2zwdDajFbx1NY= +github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6Dob7S7YxXgwXpfOuvO54S+tGdZdw9fuRZt25Ag= +github.com/circonus-labs/circonusllhist v0.1.3 h1:TJH+oke8D16535+jHExHj4nQvzlZrj7ug5D7I/orNUA= +github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I= +github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= +github.com/cncf/udpa/go v0.0.0-20200313221541-5f7e5dd04533/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= +github.com/cockroachdb/apd v1.1.0/go.mod h1:8Sl8LxpKi29FqWXR16WEFZRNSz3SoPzUzeMeY4+DwBQ= +github.com/coredns/coredns v1.1.2/go.mod h1:zASH/MVDgR6XZTbxvOnsZfffS+31vg6Ackf/wo1+AM0= +github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= +github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= +github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk= +github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= +github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= +github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= +github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= +github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE= +github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/denverdino/aliyungo v0.0.0-20170926055100-d3308649c661/go.mod h1:dV8lFg6daOBZbT6/BDGIz6Y3WFGn8juu6G+CQ6LHtl0= +github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= +github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= +github.com/digitalocean/godo v1.7.5/go.mod h1:h6faOIcZ8lWIwNQ+DN7b3CgX4Kwby5T+nbpNqkUIozU= +github.com/digitalocean/godo v1.10.0/go.mod h1:h6faOIcZ8lWIwNQ+DN7b3CgX4Kwby5T+nbpNqkUIozU= +github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8= +github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E= +github.com/docker/go-connections v0.3.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec= +github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM= +github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= +github.com/elazarl/go-bindata-assetfs v0.0.0-20160803192304-e1a2a7ec64b0/go.mod h1:v+YaWX3bdea5J/mo8dSETolEo7R71Vk1u8bnjau5yw4= +github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= +github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= +github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= +github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= +github.com/envoyproxy/go-control-plane v0.9.5/go.mod h1:OXl5to++W0ctG+EHWTFUjiypVxC/Y4VLc/KFU+al13s= +github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= +github.com/evanphx/json-patch v4.2.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= +github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= +github.com/fatih/color v1.9.0 h1:8xPHl4/q1VyqGIPif1F+1V3Y3lSmrq01EabUW3CoW5s= +github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= +github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M= +github.com/frankban/quicktest v1.11.0/go.mod h1:K+q6oSqb0W0Ininfk863uOk1lMy69l/P6txr3mVT54s= +github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= +github.com/fsnotify/fsnotify v1.5.1/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5Ai1i3InKU= +github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= +github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= +github.com/go-asn1-ber/asn1-ber v1.3.1/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0= +github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= +github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= +github.com/go-ldap/ldap/v3 v3.1.3/go.mod h1:3rbOH3jRS2u6jg2rJnKAMLE/xQyCKIveG2Sa/Cohzb8= +github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= +github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= +github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= +github.com/go-ole/go-ole v1.2.5/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0= +github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0= +github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0= +github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9/go.mod h1:W3Z9FmVs9qj+KR4zFKmDPGiLdk1D9Rlm7cyMvf57TTg= +github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501/go.mod h1:J8+jY1nAiCcj+friV/PDoE1/3eeccG9LYBs0tYvLOWc= +github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dpr1UfpPtxFw+EFuQ41HhCWZfha5jSVRG7C7I= +github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= +github.com/go-test/deep v1.0.2-0.20181118220953-042da051cf31/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= +github.com/go-test/deep v1.0.2/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= +github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= +github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= +github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= +github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= +github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= +github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= +github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= +github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= +github.com/golang/protobuf v0.0.0-20161109072736-4bd1920723d7/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.5 h1:F768QJ1E9tib+q5Sc8MkdJi1RxLTbRcTf8LJV56aRls= +github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk= +github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= +github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= +github.com/google/btree v1.0.0 h1:0udJVsspx3VBr5FwtLhQQtuAsVc79tTq0ocGIPAU6qo= +github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= +github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= +github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ= +github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-querystring v0.0.0-20170111101155-53e6ce116135/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= +github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= +github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= +github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= +github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= +github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/tcpproxy v0.0.0-20180808230851-dfa16c61dad2/go.mod h1:DavVbd41y+b7ukKDmlnPR4nGYmkWXR6vHUkjQNiHPBs= +github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= +github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= +github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= +github.com/googleapis/gnostic v0.1.0/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= +github.com/googleapis/gnostic v0.2.0/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= +github.com/gophercloud/gophercloud v0.1.0/go.mod h1:vxM41WHh5uqHVBMZHzuwNOHh8XEoIEcSTewFxm1c5g8= +github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= +github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= +github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= +github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= +github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= +github.com/hashicorp/consul-net-rpc v0.0.0-20220307172752-3602954411b4 h1:Com/5n/omNSBusX11zdyIYtidiqewLIanchbm//McZA= +github.com/hashicorp/consul-net-rpc v0.0.0-20220307172752-3602954411b4/go.mod h1:vWEAHAeAqfOwB3pSgHMQpIu8VH1jL+Ltg54Tw0wt/NI= +github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA= +github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= +github.com/hashicorp/go-bexpr v0.1.2 h1:ijMXI4qERbzxbCnkxmfUtwMyjrrk3y+Vt0MxojNCbBs= +github.com/hashicorp/go-bexpr v0.1.2/go.mod h1:ANbpTX1oAql27TZkKVeW8p1w8NTdnyzPe/0qqPCKohU= +github.com/hashicorp/go-checkpoint v0.5.0/go.mod h1:7nfLNL10NsxqO4iWuW6tWW0HjZuDrwkBuEQsVcpCOgg= +github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= +github.com/hashicorp/go-cleanhttp v0.5.1 h1:dH3aiDG9Jvb5r5+bYHsikaOUIpcM0xvgMXVoDkXMzJM= +github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= +github.com/hashicorp/go-connlimit v0.3.0/go.mod h1:OUj9FGL1tPIhl/2RCfzYHrIiWj+VVPGNyVPnUX8AqS0= +github.com/hashicorp/go-discover v0.0.0-20210818145131-c573d69da192/go.mod h1:3/4dzY4lR1Hzt9bBqMhBzG7lngZ0GKx/nL6G/ad62wE= +github.com/hashicorp/go-hclog v0.0.0-20180709165350-ff2cf002a8dd/go.mod h1:9bjs9uLqI8l75knNv3lV1kA55veR+WUPSiKIWcQHudI= +github.com/hashicorp/go-hclog v0.9.1/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= +github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= +github.com/hashicorp/go-hclog v0.12.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= +github.com/hashicorp/go-hclog v0.14.1 h1:nQcJDQwIAGnmoUWp8ubocEX40cCml/17YkF6csQLReU= +github.com/hashicorp/go-hclog v0.14.1/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= +github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= +github.com/hashicorp/go-immutable-radix v1.3.0 h1:8exGP7ego3OmkfksihtSouGMZ+hQrhxx+FVELeXpVPE= +github.com/hashicorp/go-immutable-radix v1.3.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= +github.com/hashicorp/go-kms-wrapping/entropy v0.1.0/go.mod h1:d1g9WGtAunDNpek8jUIEJnBlbgKS1N2Q61QkHiZyR1g= +github.com/hashicorp/go-memdb v1.3.2/go.mod h1:Mluclgwib3R93Hk5fxEfiRhB+6Dar64wWh71LpNSe3g= +github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= +github.com/hashicorp/go-msgpack v0.5.5 h1:i9R9JSrqIz0QVLz3sz+i3YJdT7TTSLcfLLzJi9aZTuI= +github.com/hashicorp/go-msgpack v0.5.5/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= +github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= +github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA= +github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= +github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= +github.com/hashicorp/go-plugin v1.0.1/go.mod h1:++UyYGoz3o5w9ZzAdZxtQKrWWP+iqPBn3cQptSMzBuY= +github.com/hashicorp/go-raftchunking v0.6.2/go.mod h1:cGlg3JtDy7qy6c/3Bu660Mic1JF+7lWqIwCFSb08fX0= +github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs= +github.com/hashicorp/go-retryablehttp v0.6.6/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= +github.com/hashicorp/go-retryablehttp v0.6.7 h1:8/CAEZt/+F7kR7GevNHulKkUjLht3CPmn7egmhieNKo= +github.com/hashicorp/go-retryablehttp v0.6.7/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= +github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc= +github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= +github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU= +github.com/hashicorp/go-sockaddr v1.0.2 h1:ztczhD1jLxIRjVejw8gFomI1BQZOe2WoVOu0SyteCQc= +github.com/hashicorp/go-sockaddr v1.0.2/go.mod h1:rB4wwRAUzs07qva3c5SdrY/NEtAUjGlgmH/UkBUC97A= +github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4= +github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= +github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= +github.com/hashicorp/go-uuid v1.0.2 h1:cfejS+Tpcp13yd5nYHWDI6qVCny6wyX2Mt5SGur2IGE= +github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= +github.com/hashicorp/go-version v1.1.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= +github.com/hashicorp/go-version v1.2.1/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= +github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= +github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= +github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc= +github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= +github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= +github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= +github.com/hashicorp/hil v0.0.0-20200423225030-a18a1cd20038/go.mod h1:n2TSygSNwsLJ76m8qFXTSc7beTb+auJxYdqrnoqwZWE= +github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= +github.com/hashicorp/mdns v1.0.1/go.mod h1:4gW7WsVCke5TE7EPeYliwHlRUyBtfCwuFwuMg2DmyNY= +github.com/hashicorp/mdns v1.0.4/go.mod h1:mtBihi+LeNXGtG8L9dX59gAEa12BDtBQSp4v/YAJqrc= +github.com/hashicorp/memberlist v0.3.0/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOnAH9VT3Sh9MUE= +github.com/hashicorp/memberlist v0.3.1 h1:MXgUXLqva1QvpVEDQW1IQLG0wivQAtmFlHRQ+1vWZfM= +github.com/hashicorp/memberlist v0.3.1/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOnAH9VT3Sh9MUE= +github.com/hashicorp/raft v1.1.0/go.mod h1:4Ak7FSPnuvmb0GV6vgIAJ4vYT4bek9bb6Q+7HVbyzqM= +github.com/hashicorp/raft v1.1.1/go.mod h1:vPAJM8Asw6u8LxC3eJCUZmRP/E4QmUGE1R7g7k8sG/8= +github.com/hashicorp/raft v1.2.0/go.mod h1:vPAJM8Asw6u8LxC3eJCUZmRP/E4QmUGE1R7g7k8sG/8= +github.com/hashicorp/raft v1.3.6 h1:v5xW5KzByoerQlN/o31VJrFNiozgzGyDoMgDJgXpsto= +github.com/hashicorp/raft v1.3.6/go.mod h1:4Ak7FSPnuvmb0GV6vgIAJ4vYT4bek9bb6Q+7HVbyzqM= +github.com/hashicorp/raft-autopilot v0.1.5 h1:onEfMH5uHVdXQqtas36zXUHEZxLdsJVu/nXHLcLdL1I= +github.com/hashicorp/raft-autopilot v0.1.5/go.mod h1:Af4jZBwaNOI+tXfIqIdbcAnh/UyyqIMj/pOISIfhArw= +github.com/hashicorp/raft-boltdb v0.0.0-20171010151810-6e5ba93211ea/go.mod h1:pNv7Wc3ycL6F5oOWn+tPGo2gWD4a5X+yp/ntwdKLjRk= +github.com/hashicorp/raft-boltdb v0.0.0-20210409134258-03c10cc3d4ea/go.mod h1:qRd6nFJYYS6Iqnc/8HcUmko2/2Gw8qTFEmxDLii6W5I= +github.com/hashicorp/raft-boltdb v0.0.0-20211202195631-7d34b9fb3f42/go.mod h1:wcXL8otVu5cpJVLjcmq7pmfdRCdaP+xnvu7WQcKJAhs= +github.com/hashicorp/raft-boltdb/v2 v2.2.0/go.mod h1:SgPUD5TP20z/bswEr210SnkUFvQP/YjKV95aaiTbeMQ= +github.com/hashicorp/serf v0.9.6/go.mod h1:TXZNMjZQijwlDvp+r0b63xZ45H7JmCmgg4gpTwn9UV4= +github.com/hashicorp/serf v0.9.7 h1:hkdgbqizGQHuU5IPqYM1JdSMV8nKfpuOnZYXssk9muY= +github.com/hashicorp/serf v0.9.7/go.mod h1:TXZNMjZQijwlDvp+r0b63xZ45H7JmCmgg4gpTwn9UV4= +github.com/hashicorp/vault/api v1.0.5-0.20200717191844-f687267c8086/go.mod h1:R3Umvhlxi2TN7Ex2hzOowyeNb+SfbVWI973N+ctaFMk= +github.com/hashicorp/vault/sdk v0.1.14-0.20200519221838-e0cfd64bc267/go.mod h1:WX57W2PwkrOPQ6rVQk+dy5/htHIaB4aBM70EwKThu10= +github.com/hashicorp/vic v1.5.1-0.20190403131502-bbfe86ec9443/go.mod h1:bEpDU35nTu0ey1EXjwNwPjI9xErAsoOCmcMb9GKvyxo= +github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM= +github.com/hashicorp/yamux v0.0.0-20210826001029-26ff87cf9493 h1:brI5vBRUlAlM34VFmnLPwjnCL/FxAJp9XvOdX6Zt+XE= +github.com/hashicorp/yamux v0.0.0-20210826001029-26ff87cf9493/go.mod h1:CtWFDAQgb7dxtzFs4tWbplKIe2jSi3+5vKbgIO0SLnQ= +github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= +github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= +github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= +github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= +github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= +github.com/jackc/fake v0.0.0-20150926172116-812a484cc733/go.mod h1:WrMFNQdiFJ80sQsxDoMokWK1W5TQtxBFNpzWTD84ibQ= +github.com/jackc/pgx v3.3.0+incompatible/go.mod h1:0ZGrqGqkRlliWnWB4zKnWtjbSWbGkVEFm4TeybAXq+I= +github.com/jarcoal/httpmock v0.0.0-20180424175123-9c70cfe4a1da/go.mod h1:ks+b9deReOc7jgqp+e7LuFiCBH6Rm5hL32cLcEAArb4= +github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= +github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= +github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= +github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= +github.com/joyent/triton-go v0.0.0-20180628001255-830d2b111e62/go.mod h1:U+RSyWxWd04xTqnuOQxnai7XGS2PrPY2cfGoDKtMHjA= +github.com/joyent/triton-go v1.7.1-0.20200416154420-6801d15b779f/go.mod h1:KDSfL7qe5ZfQqvlDMkVjCztbmcpp/c8M77vhQP8ZPvk= +github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= +github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= +github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= +github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= +github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= +github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= +github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= +github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= +github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= +github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= +github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= +github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= +github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= +github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI= +github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= +github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= +github.com/linode/linodego v0.7.1/go.mod h1:ga11n3ivecUrPCHN0rANxKmfWBJVkOXfLMZinAbj2sY= +github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0/go.mod h1:zJYVVT2jmtg6P3p1VtQj7WsuWi/y4VnjVBn7F8KPB3I= +github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= +github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= +github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= +github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= +github.com/mattn/go-colorable v0.1.6 h1:6Su7aK7lXmJ/U79bYtBjLNaha4Fs1Rg9plHpcH+vvnE= +github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= +github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= +github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= +github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84= +github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= +github.com/mattn/go-isatty v0.0.12 h1:wuysRhFDzyxgEmMf5xjvJ2M9dZoWAXNNr5LSBS7uHXY= +github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= +github.com/mattn/go-runewidth v0.0.3/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= +github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU= +github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= +github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= +github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso= +github.com/miekg/dns v1.1.41 h1:WMszZWJG0XmzbK9FEmzH2TVcqYzFesusSIB41b8KHxY= +github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI= +github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= +github.com/mitchellh/cli v1.1.0/go.mod h1:xcISNoH86gajksDmfB23e/pu+B+GeFRMYmoHXxx3xhI= +github.com/mitchellh/copystructure v1.0.0 h1:Laisrj+bAB6b/yJwB5Bt3ITZhGJdqmxquMKeZ+mmkFQ= +github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= +github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= +github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= +github.com/mitchellh/go-testing-interface v0.0.0-20171004221916-a61a99592b77/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= +github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= +github.com/mitchellh/go-testing-interface v1.14.0 h1:/x0XQ6h+3U3nAyk1yx+bHPURrKa9sVVvYbuqZ7pIAtI= +github.com/mitchellh/go-testing-interface v1.14.0/go.mod h1:gfgS7OtZj6MA4U1UrDRp04twqAjfvlZyCfX3sDjEym8= +github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo= +github.com/mitchellh/hashstructure v0.0.0-20170609045927-2bca23e0e452 h1:hOY53G+kBFhbYFpRVxHl5eS7laP6B1+Cq+Z9Dry1iMU= +github.com/mitchellh/hashstructure v0.0.0-20170609045927-2bca23e0e452/go.mod h1:QjSHrPWS+BGUVBYkbTZWEnOh3G1DutKwClXU/ABz6AQ= +github.com/mitchellh/hashstructure/v2 v2.0.2/go.mod h1:MG3aRVU/N29oo/V/IhBX8GR/zz4kQkprJgF2EVszyDE= +github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= +github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= +github.com/mitchellh/mapstructure v1.3.2/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= +github.com/mitchellh/mapstructure v1.4.1 h1:CpVNEelQCZBooIPDn+AR3NpivK/TIKU8bDxdASFVQag= +github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= +github.com/mitchellh/pointerstructure v1.2.1 h1:ZhBBeX8tSlRpu/FFhXH4RC4OJzFlqsQhoHZAz4x7TIw= +github.com/mitchellh/pointerstructure v1.2.1/go.mod h1:BRAsLI5zgXmw97Lf6s25bs8ohIXc3tViBH44KcwB2g4= +github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= +github.com/mitchellh/reflectwalk v1.0.1 h1:FVzMWA5RllMAKIdUSC8mdWo3XtwoecrH79BY70sEEpE= +github.com/mitchellh/reflectwalk v1.0.1/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= +github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= +github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= +github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= +github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= +github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= +github.com/nicolai86/scaleway-sdk v1.10.2-0.20180628010248-798f60e20bb2/go.mod h1:TLb2Sg7HQcgGdloNxkrmtgDNR9uVYF3lfdFIN4Ro6Sk= +github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA= +github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= +github.com/olekukonko/tablewriter v0.0.0-20180130162743-b8a9be070da4/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo= +github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= +github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= +github.com/packethost/packngo v0.1.1-0.20180711074735-b9cb5096f54c/go.mod h1:otzZQXgoO96RTzDB/Hycg0qZcXZsWJGJRSXbmEIJ+4M= +github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= +github.com/pascaldekloe/goe v0.1.0 h1:cBOtyMzM9HTpWjXfbbunk26uA6nG3a8n06Wieeh0MwY= +github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= +github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ= +github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= +github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= +github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= +github.com/pierrec/lz4 v2.5.2+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= +github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= +github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= +github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s= +github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA= +github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= +github.com/prometheus/client_golang v0.9.2/go.mod h1:OsXs2jCmiKlQ1lTBmv21f2mNfw4xf/QclQDMrYNZzcM= +github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso= +github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= +github.com/prometheus/client_golang v1.4.0 h1:YVIb/fVcOTMSqtqZWSKnHpSLBxu8DKgxq8z6RuBZwqI= +github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU= +github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= +github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/prometheus/client_model v0.2.0 h1:uq5h0d+GuxiXLJLNABMgp2qUWDPiLvgCzz2dUR+/W/M= +github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= +github.com/prometheus/common v0.0.0-20181126121408-4724e9255275/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= +github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= +github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= +github.com/prometheus/common v0.9.1 h1:KOMtN28tlbam3/7ZKEYKHhKoJZYYj3gMH4uc62x7X7U= +github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4= +github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= +github.com/prometheus/procfs v0.0.0-20181204211112-1dc9a6cbc91a/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= +github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= +github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= +github.com/prometheus/procfs v0.0.8 h1:+fpWZdT24pJBiqJdAwYBjPSk+5YmQzYNPYzQsdzLkt8= +github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= +github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= +github.com/rboyer/safeio v0.2.1/go.mod h1:Cq/cEPK+YXFn622lsQ0K4KsPZSPtaptHHEldsy7Fmig= +github.com/renier/xmlrpc v0.0.0-20170708154548-ce4a1a486c03/go.mod h1:gRAiPF5C5Nd0eyyRdqIu9qTiFSoZzpTq727b5B8fkkU= +github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= +github.com/rs/zerolog v1.4.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU= +github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= +github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= +github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= +github.com/ryanuber/columnize v2.1.2+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= +github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc= +github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= +github.com/sean-/conswriter v0.0.0-20180208195008-f5ae3917a627/go.mod h1:7zjs06qF79/FKAJpBvFx3P8Ww4UTIMAe+lpNXDHziac= +github.com/sean-/pager v0.0.0-20180208200047-666be9bf53b5/go.mod h1:BeybITEsBEg6qbIiqJ6/Bqeq25bCLbL7YFmpaFfJDuM= +github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 h1:nn5Wsu0esKSJiIVhscUtVbo7ada43DJhG55ua/hjS5I= +github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= +github.com/shirou/gopsutil/v3 v3.21.10/go.mod h1:t75NhzCZ/dYyPQjyQmrAYP6c8+LCdFANeBMdLPCNnew= +github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24/go.mod h1:M+9NzErvs504Cn4c5DxATwIqPbtswREoFCre64PpcG4= +github.com/sirupsen/logrus v1.0.6/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc= +github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= +github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= +github.com/softlayer/softlayer-go v0.0.0-20180806151055-260589d94c7d/go.mod h1:Cw4GTlQccdRGSEf6KiMju767x0NEHE0YIVPJSaXjlsw= +github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= +github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= +github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= +github.com/spf13/afero v1.2.1/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= +github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= +github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= +github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU= +github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= +github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= +github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= +github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s= +github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.1.1 h1:2vfRuCMp5sSVIDSqO8oNnWJq7mPa6KVP3iPIwFBuy8A= +github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= +github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= +github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= +github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/tencentcloud/tencentcloud-sdk-go v1.0.162/go.mod h1:asUz5BPXxgoPGaRgZaVm1iGcUAuHyYUo1nXqKa83cvI= +github.com/tklauser/go-sysconf v0.3.9/go.mod h1:11DU/5sG7UexIrp/O6g35hrWzu0JxlwQ3LSFUzyeuhs= +github.com/tklauser/numcpus v0.3.0/go.mod h1:yFGUr7TUHQRAhyqBcEg0Ge34zDBAsIvJJcyE6boqnA8= +github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= +github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926 h1:G3dpKMzFDjgEh2q1Z7zUUtKa8ViPtH+ocF0bE0g00O8= +github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM= +github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= +github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= +github.com/vmware/govmomi v0.18.0/go.mod h1:URlwyTFZX72RmxtxuaFL2Uj3fD1JTvZdx59bHWk6aFU= +github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= +github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= +github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= +go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ= +go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= +go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= +go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= +go.uber.org/goleak v1.1.10 h1:z+mqJhf6ss6BSfSM671tgKyZBFPTTJM+HLxnhPC3wu0= +go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= +go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= +go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= +golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/crypto v0.0.0-20190211182817-74369b46fc67/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20190418165655-df01cb2cc480/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE= +golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY= +golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a h1:kr2P4QFmQr29mSLA43kwrOcgcReGTfbE9N577tCTuBc= +golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8= +golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= +golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= +golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= +golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= +golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/lint v0.0.0-20190930215403-16217165b5de h1:5hukYrvBGR8/eNkX5mdUezrA6JiaEZDtJb9Ei+1LlBs= +golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.3.0 h1:RM4zey1++hCTbCVQfnWeKs9/IEsaBLA8vTkd0WVtmH4= +golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= +golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200602114024-627f9648deb9/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8= +golang.org/x/net v0.0.0-20211216030914-fe4d6282115f h1:hEYJvxw1lSnWIl8X9ofsYMklzaDs90JI2az5YMd4fPM= +golang.org/x/net v0.0.0-20211216030914-fe4d6282115f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= +golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ= +golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190129075346-302c3dd5f1cc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190209173611-3b5209105503/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190403152447-81d4e9dc473e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190515120540-06a5c4944438/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190523142557-0e01d883c5c5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191022100944-742c48ecaeb7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200124204421-9fbb57f87de9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210816074244-15123e1e1f71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211013075003-97ac67df715c h1:taxlMj0D/1sOAuv/CbSD+MMDof2vbyPTqz5FNYKpXt8= +golang.org/x/sys v0.0.0-20211013075003-97ac67df715c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20200416051211-89c76fbcd5d1/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e h1:EHBhcS0mlXEAVwNyO2dLfjToGsyY4j24pTs2ScHnX7s= +golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= +golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= +golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= +golang.org/x/tools v0.0.0-20190624222133-a101b041ded4/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= +golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20210106214847-113979e3529a h1:CB3a9Nez8M13wwlr/E2YtwoU+qYHKfC+JrDa45RXXoQ= +golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE= +golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= +google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= +google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= +google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= +google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= +google.golang.org/appengine v1.6.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= +google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= +google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= +google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= +google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= +google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= +google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= +google.golang.org/grpc v1.22.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= +google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= +google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= +google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= +gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U= +gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo= +gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= +gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo= +gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= +gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= +gopkg.in/square/go-jose.v2 v2.5.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= +gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= +gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= +gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8= +honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +k8s.io/api v0.18.2/go.mod h1:SJCWI7OLzhZSvbY7U8zwNl9UA4o1fizoug34OV/2r78= +k8s.io/apimachinery v0.18.2/go.mod h1:9SnR/e11v5IbyPCGbvJViimtJ0SwHG4nfZFjU77ftcA= +k8s.io/client-go v0.18.2/go.mod h1:Xcm5wVGXX9HAA2JJ2sSBUn3tCJ+4SVlCbl2MNNv+CIU= +k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= +k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= +k8s.io/klog v0.3.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= +k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= +k8s.io/kube-openapi v0.0.0-20200121204235-bf4fb3bd569c/go.mod h1:GRQhZsXIAJ1xR0C9bd8UpWHZ5plfAS9fzPjJuQ6JL3E= +k8s.io/utils v0.0.0-20200324210504-a9aa75ae1b89/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew= +sigs.k8s.io/structured-merge-diff/v3 v3.0.0-20200116222232-67a7b8c61874/go.mod h1:PlARxl6Hbt/+BC80dRLi1qAmnMqwqDg62YvvVkZjemw= +sigs.k8s.io/structured-merge-diff/v3 v3.0.0/go.mod h1:PlARxl6Hbt/+BC80dRLi1qAmnMqwqDg62YvvVkZjemw= +sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= +sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= diff --git a/internal/tools/proto-gen-rpc-glue/e2e/source.pb.go b/internal/tools/proto-gen-rpc-glue/e2e/source.pb.go new file mode 100644 index 000000000..ed47e1d09 --- /dev/null +++ b/internal/tools/proto-gen-rpc-glue/e2e/source.pb.go @@ -0,0 +1,32 @@ +//go:build example +// +build example + +package e2e + +import "github.com/hashicorp/consul/proto/pbcommon" + +// @consul-rpc-glue: WriteRequest,TargetDatacenter +type ExampleWriteRequest struct { + Value string + WriteRequest *pbcommon.WriteRequest + TargetDatacenter *pbcommon.TargetDatacenter +} + +// @consul-rpc-glue: ReadRequest,TargetDatacenter +type ExampleReadRequest struct { + Value string + ReadRequest *pbcommon.ReadRequest + TargetDatacenter *pbcommon.TargetDatacenter +} + +// @consul-rpc-glue: WriteRequest=AltWriteRequest +type AltExampleWriteRequest struct { + Value int + AltWriteRequest *pbcommon.WriteRequest +} + +// @consul-rpc-glue: ReadRequest=AltReadRequest +type AltExampleReadRequest struct { + Value int + AltReadRequest *pbcommon.ReadRequest +} diff --git a/internal/tools/proto-gen-rpc-glue/e2e/source.rpcglue.pb.go.golden b/internal/tools/proto-gen-rpc-glue/e2e/source.rpcglue.pb.go.golden new file mode 100644 index 000000000..7f87f5477 --- /dev/null +++ b/internal/tools/proto-gen-rpc-glue/e2e/source.rpcglue.pb.go.golden @@ -0,0 +1,156 @@ +//go:build example +// +build example + +// Code generated by proto-gen-rpc-glue. DO NOT EDIT. + +package e2e + +import ( + "time" +) + +func (msg *ExampleWriteRequest) AllowStaleRead() bool { + return false +} + +func (msg *ExampleWriteRequest) HasTimedOut(start time.Time, rpcHoldTimeout time.Duration, a time.Duration, b time.Duration) (bool, error) { + if msg == nil || msg.WriteRequest == nil { + return false, nil + } + return msg.WriteRequest.HasTimedOut(start, rpcHoldTimeout, a, b) +} + +func (msg *ExampleWriteRequest) IsRead() bool { + return false +} + +func (msg *ExampleWriteRequest) SetTokenSecret(s string) { + msg.WriteRequest.SetTokenSecret(s) +} + +func (msg *ExampleWriteRequest) TokenSecret() string { + if msg == nil || msg.WriteRequest == nil { + return "" + } + return msg.WriteRequest.TokenSecret() +} + +func (msg *ExampleWriteRequest) Token() string { + if msg.WriteRequest == nil { + return "" + } + return msg.WriteRequest.Token +} + +func (msg *ExampleWriteRequest) RequestDatacenter() string { + if msg == nil || msg.TargetDatacenter == nil { + return "" + } + return msg.TargetDatacenter.GetDatacenter() +} + +func (msg *ExampleReadRequest) IsRead() bool { + return true +} + +func (msg *ExampleReadRequest) AllowStaleRead() bool { + return msg.ReadRequest.AllowStaleRead() +} + +func (msg *ExampleReadRequest) HasTimedOut(start time.Time, rpcHoldTimeout time.Duration, a time.Duration, b time.Duration) (bool, error) { + if msg == nil || msg.ReadRequest == nil { + return false, nil + } + return msg.ReadRequest.HasTimedOut(start, rpcHoldTimeout, a, b) +} + +func (msg *ExampleReadRequest) SetTokenSecret(s string) { + msg.ReadRequest.SetTokenSecret(s) +} + +func (msg *ExampleReadRequest) TokenSecret() string { + if msg == nil || msg.ReadRequest == nil { + return "" + } + return msg.ReadRequest.TokenSecret() +} + +func (msg *ExampleReadRequest) Token() string { + if msg.ReadRequest == nil { + return "" + } + return msg.ReadRequest.Token +} + +func (msg *ExampleReadRequest) RequestDatacenter() string { + if msg == nil || msg.TargetDatacenter == nil { + return "" + } + return msg.TargetDatacenter.GetDatacenter() +} + +func (msg *AltExampleWriteRequest) AllowStaleRead() bool { + return false +} + +func (msg *AltExampleWriteRequest) HasTimedOut(start time.Time, rpcHoldTimeout time.Duration, a time.Duration, b time.Duration) (bool, error) { + if msg == nil || msg.AltWriteRequest == nil { + return false, nil + } + return msg.AltWriteRequest.HasTimedOut(start, rpcHoldTimeout, a, b) +} + +func (msg *AltExampleWriteRequest) IsRead() bool { + return false +} + +func (msg *AltExampleWriteRequest) SetTokenSecret(s string) { + msg.AltWriteRequest.SetTokenSecret(s) +} + +func (msg *AltExampleWriteRequest) TokenSecret() string { + if msg == nil || msg.AltWriteRequest == nil { + return "" + } + return msg.AltWriteRequest.TokenSecret() +} + +func (msg *AltExampleWriteRequest) Token() string { + if msg.AltWriteRequest == nil { + return "" + } + return msg.AltWriteRequest.Token +} + +func (msg *AltExampleReadRequest) IsRead() bool { + return true +} + +func (msg *AltExampleReadRequest) AllowStaleRead() bool { + return msg.AltReadRequest.AllowStaleRead() +} + +func (msg *AltExampleReadRequest) HasTimedOut(start time.Time, rpcHoldTimeout time.Duration, a time.Duration, b time.Duration) (bool, error) { + if msg == nil || msg.AltReadRequest == nil { + return false, nil + } + return msg.AltReadRequest.HasTimedOut(start, rpcHoldTimeout, a, b) +} + +func (msg *AltExampleReadRequest) SetTokenSecret(s string) { + msg.AltReadRequest.SetTokenSecret(s) +} + +func (msg *AltExampleReadRequest) TokenSecret() string { + if msg == nil || msg.AltReadRequest == nil { + return "" + } + return msg.AltReadRequest.TokenSecret() +} + +func (msg *AltExampleReadRequest) Token() string { + if msg.AltReadRequest == nil { + return "" + } + return msg.AltReadRequest.Token +} diff --git a/internal/tools/proto-gen-rpc-glue/go.mod b/internal/tools/proto-gen-rpc-glue/go.mod index 26535c929..1ae6e1d99 100644 --- a/internal/tools/proto-gen-rpc-glue/go.mod +++ b/internal/tools/proto-gen-rpc-glue/go.mod @@ -1,3 +1,11 @@ module github.com/hashicorp/consul/internal/tools/proto-gen-rpc-glue go 1.17 + +require github.com/stretchr/testify v1.7.1 + +require ( + github.com/davecgh/go-spew v1.1.0 // indirect + github.com/pmezard/go-difflib v1.0.0 // indirect + gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c // indirect +) diff --git a/internal/tools/proto-gen-rpc-glue/go.sum b/internal/tools/proto-gen-rpc-glue/go.sum index e69de29bb..2dca7c9c6 100644 --- a/internal/tools/proto-gen-rpc-glue/go.sum +++ b/internal/tools/proto-gen-rpc-glue/go.sum @@ -0,0 +1,11 @@ +github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/testify v1.7.1 h1:5TQK59W5E3v0r2duFAb7P95B6hEeOyEnHRa8MjYSMTY= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/internal/tools/proto-gen-rpc-glue/main.go b/internal/tools/proto-gen-rpc-glue/main.go index a666c9fa6..dd4956912 100644 --- a/internal/tools/proto-gen-rpc-glue/main.go +++ b/internal/tools/proto-gen-rpc-glue/main.go @@ -319,18 +319,18 @@ func getAnnotation(doc []*ast.Comment) (Annotation, error) { switch { case part == "ReadRequest": ann.ReadRequest = "ReadRequest" - case strings.HasPrefix(part, "ReadRequest"): - ann.TargetDatacenter = strings.TrimPrefix(part, "ReadRequest") + case strings.HasPrefix(part, "ReadRequest="): + ann.ReadRequest = strings.TrimPrefix(part, "ReadRequest=") case part == "WriteRequest": ann.WriteRequest = "WriteRequest" - case strings.HasPrefix(part, "WriteRequest"): - ann.TargetDatacenter = strings.TrimPrefix(part, "WriteRequest") + case strings.HasPrefix(part, "WriteRequest="): + ann.WriteRequest = strings.TrimPrefix(part, "WriteRequest=") case part == "TargetDatacenter": ann.TargetDatacenter = "TargetDatacenter" - case strings.HasPrefix(part, "TargetDatacenter"): - ann.TargetDatacenter = strings.TrimPrefix(part, "TargetDatacenter") + case strings.HasPrefix(part, "TargetDatacenter="): + ann.TargetDatacenter = strings.TrimPrefix(part, "TargetDatacenter=") default: return Annotation{}, fmt.Errorf("unexpected annotation part: %s", part) diff --git a/internal/tools/proto-gen-rpc-glue/main_test.go b/internal/tools/proto-gen-rpc-glue/main_test.go new file mode 100644 index 000000000..77ded532a --- /dev/null +++ b/internal/tools/proto-gen-rpc-glue/main_test.go @@ -0,0 +1,49 @@ +package main + +import ( + "flag" + "io/ioutil" + "os" + "path/filepath" + "testing" + + "github.com/stretchr/testify/require" +) + +// update allows golden files to be updated based on the current output. +var update = flag.Bool("update", false, "update golden files") + +func TestE2E(t *testing.T) { + // Generate new output + *flagPath = "./e2e/source.pb.go" + require.NoError(t, run(*flagPath)) + + raw, err := os.ReadFile("./e2e/source.rpcglue.pb.go") + require.NoError(t, err) + + got := string(raw) + + golden(t, got, "./e2e/source.rpcglue.pb.go") +} + +// golden reads the expected value from the file at path and returns the +// value. +// +// If the `-update` flag is used with `go test`, the golden file will be +// updated to the value of actual. +func golden(t *testing.T, actual, path string) string { + t.Helper() + + path += ".golden" + if *update { + if dir := filepath.Dir(path); dir != "." { + require.NoError(t, os.MkdirAll(dir, 0755)) + } + err := ioutil.WriteFile(path, []byte(actual), 0644) + require.NoError(t, err) + } + + expected, err := ioutil.ReadFile(path) + require.NoError(t, err) + return string(expected) +} From f8fc317731c339c6d9400a0c2d0da744dad1d857 Mon Sep 17 00:00:00 2001 From: Connor Date: Mon, 28 Mar 2022 09:58:16 -0500 Subject: [PATCH 027/785] Fix leaked Vault LifetimeRenewers (#12607) * Fix leaked Vault LifetimeRenewers When the Vault CA Provider is reconfigured we do not stop the LifetimeRenewers which can cause them to leak until the Consul processes recycles. On Configure execute stopWatcher if it exists and is not nil before starting a new renewal * Add jitter before restarting the LifetimeWatcher If we fail to login to Vault or our token is no longer valid we can overwhelm a Vault instance with many requests very quickly by restarting the LifetimeWatcher. Before restarting the LifetimeWatcher provide a backoff time of 1 second or less. * Use a retry.Waiter instead of RandomStagger * changelog * gofmt'd * Swap out bool for atomic.Unit32 in test * Provide some extra clarification in comment and changelog --- .changelog/12607.txt | 3 + agent/connect/ca/provider_vault.go | 42 +++++++++--- agent/connect/ca/provider_vault_test.go | 89 ++++++++++++++++++++----- 3 files changed, 108 insertions(+), 26 deletions(-) create mode 100644 .changelog/12607.txt diff --git a/.changelog/12607.txt b/.changelog/12607.txt new file mode 100644 index 000000000..65577d1a1 --- /dev/null +++ b/.changelog/12607.txt @@ -0,0 +1,3 @@ +```release-note:bug +connect/ca: cancel old Vault renewal on CA configuration. Provide a 1 - 6 second backoff on repeated token renewal requests to prevent overwhelming Vault. +``` \ No newline at end of file diff --git a/agent/connect/ca/provider_vault.go b/agent/connect/ca/provider_vault.go index 91b92528c..beec649c3 100644 --- a/agent/connect/ca/provider_vault.go +++ b/agent/connect/ca/provider_vault.go @@ -12,13 +12,14 @@ import ( "strings" "time" + "github.com/hashicorp/consul/lib/decode" + "github.com/hashicorp/consul/lib/retry" "github.com/hashicorp/go-hclog" vaultapi "github.com/hashicorp/vault/api" "github.com/mitchellh/mapstructure" "github.com/hashicorp/consul/agent/connect" "github.com/hashicorp/consul/agent/structs" - "github.com/hashicorp/consul/lib/decode" ) const ( @@ -43,6 +44,10 @@ const ( VaultAuthMethodTypeUserpass = "userpass" defaultK8SServiceAccountTokenPath = "/var/run/secrets/kubernetes.io/serviceaccount/token" + + retryMin = 1 * time.Second + retryMax = 5 * time.Second + retryJitter = 20 ) var ErrBackendNotMounted = fmt.Errorf("backend not mounted") @@ -52,7 +57,7 @@ type VaultProvider struct { config *structs.VaultCAProviderConfig client *vaultapi.Client - shutdown func() + stopWatcher func() isPrimary bool clusterID string @@ -63,8 +68,8 @@ type VaultProvider struct { func NewVaultProvider(logger hclog.Logger) *VaultProvider { return &VaultProvider{ - shutdown: func() {}, - logger: logger, + stopWatcher: func() {}, + logger: logger, } } @@ -153,7 +158,10 @@ func (v *VaultProvider) Configure(cfg ProviderConfig) error { } ctx, cancel := context.WithCancel(context.Background()) - v.shutdown = cancel + if v.stopWatcher != nil { + v.stopWatcher() + } + v.stopWatcher = cancel go v.renewToken(ctx, lifetimeWatcher) } @@ -195,16 +203,33 @@ func (v *VaultProvider) renewToken(ctx context.Context, watcher *vaultapi.Lifeti go watcher.Start() defer watcher.Stop() + // TODO: Once we've upgraded to a later version of protobuf we can upgrade to github.com/hashicorp/vault/api@1.1.1 + // or later and rip this out. + retrier := retry.Waiter{ + MinFailures: 5, + MinWait: retryMin, + MaxWait: retryMax, + Jitter: retry.NewJitter(retryJitter), + } + for { select { case <-ctx.Done(): return case err := <-watcher.DoneCh(): + // In the event we fail to login to Vault or our token is no longer valid we can overwhelm a Vault instance + // with rate limit configured. We would make these requests to Vault as fast as we possibly could and start + // causing all client's to receive 429 response codes. To mitigate that we're sleeping 1 second or less + // before moving on to login again and restart the lifetime watcher. Once we can upgrade to + // github.com/hashicorp/vault/api@v1.1.1 or later the LifetimeWatcher _should_ perform that backoff for us. if err != nil { v.logger.Error("Error renewing token for Vault provider", "error", err) } + // wait at least 1 second after returning from the lifetime watcher + retrier.Wait(ctx) + // If the watcher has exited and auth method is enabled, // re-authenticate using the auth method and set up a new watcher. if v.config.AuthMethod != nil { @@ -212,7 +237,7 @@ func (v *VaultProvider) renewToken(ctx context.Context, watcher *vaultapi.Lifeti loginResp, err := vaultLogin(v.client, v.config.AuthMethod) if err != nil { v.logger.Error("Error login in to Vault with %q auth method", v.config.AuthMethod.Type) - // Restart the watcher. + // Restart the watcher go watcher.Start() continue } @@ -232,11 +257,12 @@ func (v *VaultProvider) renewToken(ctx context.Context, watcher *vaultapi.Lifeti continue } } - // Restart the watcher. + go watcher.Start() case <-watcher.RenewCh(): + retrier.Reset() v.logger.Info("Successfully renewed token for Vault provider") } } @@ -677,7 +703,7 @@ func (v *VaultProvider) Cleanup(providerTypeChange bool, otherConfig map[string] // Stop shuts down the token renew goroutine. func (v *VaultProvider) Stop() { - v.shutdown() + v.stopWatcher() } func (v *VaultProvider) PrimaryUsesIntermediate() {} diff --git a/agent/connect/ca/provider_vault_test.go b/agent/connect/ca/provider_vault_test.go index 460507383..11689ae69 100644 --- a/agent/connect/ca/provider_vault_test.go +++ b/agent/connect/ca/provider_vault_test.go @@ -5,6 +5,7 @@ import ( "encoding/json" "fmt" "io/ioutil" + "sync/atomic" "testing" "time" @@ -212,6 +213,52 @@ func TestVaultCAProvider_RenewToken(t *testing.T) { }) } +func TestVaultCAProvider_RenewTokenStopWatcherOnConfigure(t *testing.T) { + + SkipIfVaultNotPresent(t) + + testVault, err := runTestVault(t) + require.NoError(t, err) + testVault.WaitUntilReady(t) + + // Create a token with a short TTL to be renewed by the provider. + ttl := 1 * time.Second + tcr := &vaultapi.TokenCreateRequest{ + TTL: ttl.String(), + } + secret, err := testVault.client.Auth().Token().Create(tcr) + require.NoError(t, err) + providerToken := secret.Auth.ClientToken + + provider, err := createVaultProvider(t, true, testVault.Addr, providerToken, nil) + require.NoError(t, err) + + var gotStopped = uint32(0) + provider.stopWatcher = func() { + atomic.StoreUint32(&gotStopped, 1) + } + + // Check the last renewal time. + secret, err = testVault.client.Auth().Token().Lookup(providerToken) + require.NoError(t, err) + firstRenewal, err := secret.Data["last_renewal_time"].(json.Number).Int64() + require.NoError(t, err) + + // Wait past the TTL and make sure the token has been renewed. + retry.Run(t, func(r *retry.R) { + secret, err = testVault.client.Auth().Token().Lookup(providerToken) + require.NoError(r, err) + lastRenewal, err := secret.Data["last_renewal_time"].(json.Number).Int64() + require.NoError(r, err) + require.Greater(r, lastRenewal, firstRenewal) + }) + + providerConfig := vaultProviderConfig(t, testVault.Addr, providerToken, nil) + + require.NoError(t, provider.Configure(providerConfig)) + require.Equal(t, uint32(1), atomic.LoadUint32(&gotStopped)) +} + func TestVaultCAProvider_Bootstrap(t *testing.T) { SkipIfVaultNotPresent(t) @@ -762,27 +809,10 @@ func testVaultProviderWithConfig(t *testing.T, isPrimary bool, rawConf map[strin } func createVaultProvider(t *testing.T, isPrimary bool, addr, token string, rawConf map[string]interface{}) (*VaultProvider, error) { - conf := map[string]interface{}{ - "Address": addr, - "Token": token, - "RootPKIPath": "pki-root/", - "IntermediatePKIPath": "pki-intermediate/", - // Tests duration parsing after msgpack type mangling during raft apply. - "LeafCertTTL": []uint8("72h"), - } - for k, v := range rawConf { - conf[k] = v - } + cfg := vaultProviderConfig(t, addr, token, rawConf) provider := NewVaultProvider(hclog.New(nil)) - cfg := ProviderConfig{ - ClusterID: connect.TestClusterID, - Datacenter: "dc1", - IsPrimary: true, - RawConfig: conf, - } - if !isPrimary { cfg.IsPrimary = false cfg.Datacenter = "dc2" @@ -799,3 +829,26 @@ func createVaultProvider(t *testing.T, isPrimary bool, addr, token string, rawCo return provider, nil } + +func vaultProviderConfig(t *testing.T, addr, token string, rawConf map[string]interface{}) ProviderConfig { + conf := map[string]interface{}{ + "Address": addr, + "Token": token, + "RootPKIPath": "pki-root/", + "IntermediatePKIPath": "pki-intermediate/", + // Tests duration parsing after msgpack type mangling during raft apply. + "LeafCertTTL": []uint8("72h"), + } + for k, v := range rawConf { + conf[k] = v + } + + cfg := ProviderConfig{ + ClusterID: connect.TestClusterID, + Datacenter: "dc1", + IsPrimary: true, + RawConfig: conf, + } + + return cfg +} From 7ddeab2e50649125adf841a6e187f066652314e2 Mon Sep 17 00:00:00 2001 From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com> Date: Mon, 28 Mar 2022 10:08:41 -0500 Subject: [PATCH 028/785] proto-gen-rpc-glue: use a shallow copy of proto/pbcommon instead of a consul dependency (#12634) --- .../proto-gen-rpc-glue/e2e/consul/go.mod | 5 + .../proto-gen-rpc-glue/e2e/consul/go.sum | 2 + .../e2e/consul/proto/pbcommon/common.pb.go | 588 ++++++++++++++++ internal/tools/proto-gen-rpc-glue/e2e/go.mod | 6 +- internal/tools/proto-gen-rpc-glue/e2e/go.sum | 655 ------------------ 5 files changed, 596 insertions(+), 660 deletions(-) create mode 100644 internal/tools/proto-gen-rpc-glue/e2e/consul/go.mod create mode 100644 internal/tools/proto-gen-rpc-glue/e2e/consul/go.sum create mode 100644 internal/tools/proto-gen-rpc-glue/e2e/consul/proto/pbcommon/common.pb.go diff --git a/internal/tools/proto-gen-rpc-glue/e2e/consul/go.mod b/internal/tools/proto-gen-rpc-glue/e2e/consul/go.mod new file mode 100644 index 000000000..78852ba84 --- /dev/null +++ b/internal/tools/proto-gen-rpc-glue/e2e/consul/go.mod @@ -0,0 +1,5 @@ +module github.com/hashicorp/consul + +go 1.13 + +require github.com/golang/protobuf v1.3.5 diff --git a/internal/tools/proto-gen-rpc-glue/e2e/consul/go.sum b/internal/tools/proto-gen-rpc-glue/e2e/consul/go.sum new file mode 100644 index 000000000..6124ed3e4 --- /dev/null +++ b/internal/tools/proto-gen-rpc-glue/e2e/consul/go.sum @@ -0,0 +1,2 @@ +github.com/golang/protobuf v1.3.5 h1:F768QJ1E9tib+q5Sc8MkdJi1RxLTbRcTf8LJV56aRls= +github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk= diff --git a/internal/tools/proto-gen-rpc-glue/e2e/consul/proto/pbcommon/common.pb.go b/internal/tools/proto-gen-rpc-glue/e2e/consul/proto/pbcommon/common.pb.go new file mode 100644 index 000000000..a04042cac --- /dev/null +++ b/internal/tools/proto-gen-rpc-glue/e2e/consul/proto/pbcommon/common.pb.go @@ -0,0 +1,588 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// source: proto/pbcommon/common.proto + +package pbcommon + +import ( + fmt "fmt" + proto "github.com/golang/protobuf/proto" + duration "github.com/golang/protobuf/ptypes/duration" + math "math" +) + +// Reference imports to suppress errors if they are not otherwise used. +var _ = proto.Marshal +var _ = fmt.Errorf +var _ = math.Inf + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the proto package it is being compiled against. +// A compilation error at this line likely means your copy of the +// proto package needs to be updated. +const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package + +// RaftIndex is used to track the index used while creating +// or modifying a given struct type. +// +// mog annotation: +// +// target=github.com/hashicorp/consul/agent/structs.RaftIndex +// output=common.gen.go +// name=Structs +// ignore-fields=state,sizeCache,unknownFields +type RaftIndex struct { + // @gotags: bexpr:"-" + CreateIndex uint64 `protobuf:"varint,1,opt,name=CreateIndex,proto3" json:"CreateIndex,omitempty" bexpr:"-"` + // @gotags: bexpr:"-" + ModifyIndex uint64 `protobuf:"varint,2,opt,name=ModifyIndex,proto3" json:"ModifyIndex,omitempty" bexpr:"-"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *RaftIndex) Reset() { *m = RaftIndex{} } +func (m *RaftIndex) String() string { return proto.CompactTextString(m) } +func (*RaftIndex) ProtoMessage() {} +func (*RaftIndex) Descriptor() ([]byte, []int) { + return fileDescriptor_a6f5ac44994d718c, []int{0} +} + +func (m *RaftIndex) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_RaftIndex.Unmarshal(m, b) +} +func (m *RaftIndex) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_RaftIndex.Marshal(b, m, deterministic) +} +func (m *RaftIndex) XXX_Merge(src proto.Message) { + xxx_messageInfo_RaftIndex.Merge(m, src) +} +func (m *RaftIndex) XXX_Size() int { + return xxx_messageInfo_RaftIndex.Size(m) +} +func (m *RaftIndex) XXX_DiscardUnknown() { + xxx_messageInfo_RaftIndex.DiscardUnknown(m) +} + +var xxx_messageInfo_RaftIndex proto.InternalMessageInfo + +func (m *RaftIndex) GetCreateIndex() uint64 { + if m != nil { + return m.CreateIndex + } + return 0 +} + +func (m *RaftIndex) GetModifyIndex() uint64 { + if m != nil { + return m.ModifyIndex + } + return 0 +} + +// TargetDatacenter is intended to be used within other messages used for RPC routing +// amongst the various Consul datacenters +type TargetDatacenter struct { + Datacenter string `protobuf:"bytes,1,opt,name=Datacenter,proto3" json:"Datacenter,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *TargetDatacenter) Reset() { *m = TargetDatacenter{} } +func (m *TargetDatacenter) String() string { return proto.CompactTextString(m) } +func (*TargetDatacenter) ProtoMessage() {} +func (*TargetDatacenter) Descriptor() ([]byte, []int) { + return fileDescriptor_a6f5ac44994d718c, []int{1} +} + +func (m *TargetDatacenter) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_TargetDatacenter.Unmarshal(m, b) +} +func (m *TargetDatacenter) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_TargetDatacenter.Marshal(b, m, deterministic) +} +func (m *TargetDatacenter) XXX_Merge(src proto.Message) { + xxx_messageInfo_TargetDatacenter.Merge(m, src) +} +func (m *TargetDatacenter) XXX_Size() int { + return xxx_messageInfo_TargetDatacenter.Size(m) +} +func (m *TargetDatacenter) XXX_DiscardUnknown() { + xxx_messageInfo_TargetDatacenter.DiscardUnknown(m) +} + +var xxx_messageInfo_TargetDatacenter proto.InternalMessageInfo + +func (m *TargetDatacenter) GetDatacenter() string { + if m != nil { + return m.Datacenter + } + return "" +} + +// mog annotation: +// +// target=github.com/hashicorp/consul/agent/structs.WriteRequest +// output=common.gen.go +// name=Structs +// ignore-fields=state,sizeCache,unknownFields +type WriteRequest struct { + // Token is the ACL token ID. If not provided, the 'anonymous' + // token is assumed for backwards compatibility. + Token string `protobuf:"bytes,1,opt,name=Token,proto3" json:"Token,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *WriteRequest) Reset() { *m = WriteRequest{} } +func (m *WriteRequest) String() string { return proto.CompactTextString(m) } +func (*WriteRequest) ProtoMessage() {} +func (*WriteRequest) Descriptor() ([]byte, []int) { + return fileDescriptor_a6f5ac44994d718c, []int{2} +} + +func (m *WriteRequest) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_WriteRequest.Unmarshal(m, b) +} +func (m *WriteRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_WriteRequest.Marshal(b, m, deterministic) +} +func (m *WriteRequest) XXX_Merge(src proto.Message) { + xxx_messageInfo_WriteRequest.Merge(m, src) +} +func (m *WriteRequest) XXX_Size() int { + return xxx_messageInfo_WriteRequest.Size(m) +} +func (m *WriteRequest) XXX_DiscardUnknown() { + xxx_messageInfo_WriteRequest.DiscardUnknown(m) +} + +var xxx_messageInfo_WriteRequest proto.InternalMessageInfo + +func (m *WriteRequest) GetToken() string { + if m != nil { + return m.Token + } + return "" +} + +// ReadRequest is a type that may be embedded into any requests for read +// operations. +// It is a replacement for QueryOptions now that we no longer need any of those +// fields because we are moving away from using blocking queries. +// It is also similar to WriteRequest. It is a separate type so that in the +// future we can introduce fields that may only be relevant for reads. +type ReadRequest struct { + // Token is the ACL token ID. If not provided, the 'anonymous' + // token is assumed for backwards compatibility. + Token string `protobuf:"bytes,1,opt,name=Token,proto3" json:"Token,omitempty"` + // RequireConsistent indicates that the request must be sent to the leader. + RequireConsistent bool `protobuf:"varint,2,opt,name=RequireConsistent,proto3" json:"RequireConsistent,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *ReadRequest) Reset() { *m = ReadRequest{} } +func (m *ReadRequest) String() string { return proto.CompactTextString(m) } +func (*ReadRequest) ProtoMessage() {} +func (*ReadRequest) Descriptor() ([]byte, []int) { + return fileDescriptor_a6f5ac44994d718c, []int{3} +} + +func (m *ReadRequest) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_ReadRequest.Unmarshal(m, b) +} +func (m *ReadRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_ReadRequest.Marshal(b, m, deterministic) +} +func (m *ReadRequest) XXX_Merge(src proto.Message) { + xxx_messageInfo_ReadRequest.Merge(m, src) +} +func (m *ReadRequest) XXX_Size() int { + return xxx_messageInfo_ReadRequest.Size(m) +} +func (m *ReadRequest) XXX_DiscardUnknown() { + xxx_messageInfo_ReadRequest.DiscardUnknown(m) +} + +var xxx_messageInfo_ReadRequest proto.InternalMessageInfo + +func (m *ReadRequest) GetToken() string { + if m != nil { + return m.Token + } + return "" +} + +func (m *ReadRequest) GetRequireConsistent() bool { + if m != nil { + return m.RequireConsistent + } + return false +} + +// QueryOptions is used to specify various flags for read queries +// +// mog annotation: +// +// target=github.com/hashicorp/consul/agent/structs.QueryOptions +// output=common.gen.go +// name=Structs +// ignore-fields=StaleIfError,AllowNotModifiedResponse,state,sizeCache,unknownFields +type QueryOptions struct { + // Token is the ACL token ID. If not provided, the 'anonymous' + // token is assumed for backwards compatibility. + Token string `protobuf:"bytes,1,opt,name=Token,proto3" json:"Token,omitempty"` + // If set, wait until query exceeds given index. Must be provided + // with MaxQueryTime. + MinQueryIndex uint64 `protobuf:"varint,2,opt,name=MinQueryIndex,proto3" json:"MinQueryIndex,omitempty"` + // Provided with MinQueryIndex to wait for change. + // mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto + MaxQueryTime *duration.Duration `protobuf:"bytes,3,opt,name=MaxQueryTime,proto3" json:"MaxQueryTime,omitempty"` + // If set, any follower can service the request. Results + // may be arbitrarily stale. + AllowStale bool `protobuf:"varint,4,opt,name=AllowStale,proto3" json:"AllowStale,omitempty"` + // If set, the leader must verify leadership prior to + // servicing the request. Prevents a stale read. + RequireConsistent bool `protobuf:"varint,5,opt,name=RequireConsistent,proto3" json:"RequireConsistent,omitempty"` + // If set, the local agent may respond with an arbitrarily stale locally + // cached response. The semantics differ from AllowStale since the agent may + // be entirely partitioned from the servers and still considered "healthy" by + // operators. Stale responses from Servers are also arbitrarily stale, but can + // provide additional bounds on the last contact time from the leader. It's + // expected that servers that are partitioned are noticed and replaced in a + // timely way by operators while the same may not be true for client agents. + UseCache bool `protobuf:"varint,6,opt,name=UseCache,proto3" json:"UseCache,omitempty"` + // If set and AllowStale is true, will try first a stale + // read, and then will perform a consistent read if stale + // read is older than value. + // mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto + MaxStaleDuration *duration.Duration `protobuf:"bytes,7,opt,name=MaxStaleDuration,proto3" json:"MaxStaleDuration,omitempty"` + // MaxAge limits how old a cached value will be returned if UseCache is true. + // If there is a cached response that is older than the MaxAge, it is treated + // as a cache miss and a new fetch invoked. If the fetch fails, the error is + // returned. Clients that wish to allow for stale results on error can set + // StaleIfError to a longer duration to change this behavior. It is ignored + // if the endpoint supports background refresh caching. See + // https://www.consul.io/api/index.html#agent-caching for more details. + // mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto + MaxAge *duration.Duration `protobuf:"bytes,8,opt,name=MaxAge,proto3" json:"MaxAge,omitempty"` + // MustRevalidate forces the agent to fetch a fresh version of a cached + // resource or at least validate that the cached version is still fresh. It is + // implied by either max-age=0 or must-revalidate Cache-Control headers. It + // only makes sense when UseCache is true. We store it since MaxAge = 0 is the + // default unset value. + MustRevalidate bool `protobuf:"varint,9,opt,name=MustRevalidate,proto3" json:"MustRevalidate,omitempty"` + // StaleIfError specifies how stale the client will accept a cached response + // if the servers are unavailable to fetch a fresh one. Only makes sense when + // UseCache is true and MaxAge is set to a lower, non-zero value. It is + // ignored if the endpoint supports background refresh caching. See + // https://www.consul.io/api/index.html#agent-caching for more details. + StaleIfError *duration.Duration `protobuf:"bytes,10,opt,name=StaleIfError,proto3" json:"StaleIfError,omitempty"` + // Filter specifies the go-bexpr filter expression to be used for + // filtering the data prior to returning a response + Filter string `protobuf:"bytes,11,opt,name=Filter,proto3" json:"Filter,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *QueryOptions) Reset() { *m = QueryOptions{} } +func (m *QueryOptions) String() string { return proto.CompactTextString(m) } +func (*QueryOptions) ProtoMessage() {} +func (*QueryOptions) Descriptor() ([]byte, []int) { + return fileDescriptor_a6f5ac44994d718c, []int{4} +} + +func (m *QueryOptions) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_QueryOptions.Unmarshal(m, b) +} +func (m *QueryOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_QueryOptions.Marshal(b, m, deterministic) +} +func (m *QueryOptions) XXX_Merge(src proto.Message) { + xxx_messageInfo_QueryOptions.Merge(m, src) +} +func (m *QueryOptions) XXX_Size() int { + return xxx_messageInfo_QueryOptions.Size(m) +} +func (m *QueryOptions) XXX_DiscardUnknown() { + xxx_messageInfo_QueryOptions.DiscardUnknown(m) +} + +var xxx_messageInfo_QueryOptions proto.InternalMessageInfo + +func (m *QueryOptions) GetToken() string { + if m != nil { + return m.Token + } + return "" +} + +func (m *QueryOptions) GetMinQueryIndex() uint64 { + if m != nil { + return m.MinQueryIndex + } + return 0 +} + +func (m *QueryOptions) GetMaxQueryTime() *duration.Duration { + if m != nil { + return m.MaxQueryTime + } + return nil +} + +func (m *QueryOptions) GetAllowStale() bool { + if m != nil { + return m.AllowStale + } + return false +} + +func (m *QueryOptions) GetRequireConsistent() bool { + if m != nil { + return m.RequireConsistent + } + return false +} + +func (m *QueryOptions) GetUseCache() bool { + if m != nil { + return m.UseCache + } + return false +} + +func (m *QueryOptions) GetMaxStaleDuration() *duration.Duration { + if m != nil { + return m.MaxStaleDuration + } + return nil +} + +func (m *QueryOptions) GetMaxAge() *duration.Duration { + if m != nil { + return m.MaxAge + } + return nil +} + +func (m *QueryOptions) GetMustRevalidate() bool { + if m != nil { + return m.MustRevalidate + } + return false +} + +func (m *QueryOptions) GetStaleIfError() *duration.Duration { + if m != nil { + return m.StaleIfError + } + return nil +} + +func (m *QueryOptions) GetFilter() string { + if m != nil { + return m.Filter + } + return "" +} + +// QueryMeta allows a query response to include potentially +// useful metadata about a query +// +// mog annotation: +// +// target=github.com/hashicorp/consul/agent/structs.QueryMeta +// output=common.gen.go +// name=Structs +// ignore-fields=NotModified,Backend,state,sizeCache,unknownFields +type QueryMeta struct { + // This is the index associated with the read + Index uint64 `protobuf:"varint,1,opt,name=Index,proto3" json:"Index,omitempty"` + // If AllowStale is used, this is time elapsed since + // last contact between the follower and leader. This + // can be used to gauge staleness. + // mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto + LastContact *duration.Duration `protobuf:"bytes,2,opt,name=LastContact,proto3" json:"LastContact,omitempty"` + // Used to indicate if there is a known leader node + KnownLeader bool `protobuf:"varint,3,opt,name=KnownLeader,proto3" json:"KnownLeader,omitempty"` + // Consistencylevel returns the consistency used to serve the query + // Having `discovery_max_stale` on the agent can affect whether + // the request was served by a leader. + ConsistencyLevel string `protobuf:"bytes,4,opt,name=ConsistencyLevel,proto3" json:"ConsistencyLevel,omitempty"` + // ResultsFilteredByACLs is true when some of the query's results were + // filtered out by enforcing ACLs. It may be false because nothing was + // removed, or because the endpoint does not yet support this flag. + ResultsFilteredByACLs bool `protobuf:"varint,7,opt,name=ResultsFilteredByACLs,proto3" json:"ResultsFilteredByACLs,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *QueryMeta) Reset() { *m = QueryMeta{} } +func (m *QueryMeta) String() string { return proto.CompactTextString(m) } +func (*QueryMeta) ProtoMessage() {} +func (*QueryMeta) Descriptor() ([]byte, []int) { + return fileDescriptor_a6f5ac44994d718c, []int{5} +} + +func (m *QueryMeta) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_QueryMeta.Unmarshal(m, b) +} +func (m *QueryMeta) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_QueryMeta.Marshal(b, m, deterministic) +} +func (m *QueryMeta) XXX_Merge(src proto.Message) { + xxx_messageInfo_QueryMeta.Merge(m, src) +} +func (m *QueryMeta) XXX_Size() int { + return xxx_messageInfo_QueryMeta.Size(m) +} +func (m *QueryMeta) XXX_DiscardUnknown() { + xxx_messageInfo_QueryMeta.DiscardUnknown(m) +} + +var xxx_messageInfo_QueryMeta proto.InternalMessageInfo + +func (m *QueryMeta) GetIndex() uint64 { + if m != nil { + return m.Index + } + return 0 +} + +func (m *QueryMeta) GetLastContact() *duration.Duration { + if m != nil { + return m.LastContact + } + return nil +} + +func (m *QueryMeta) GetKnownLeader() bool { + if m != nil { + return m.KnownLeader + } + return false +} + +func (m *QueryMeta) GetConsistencyLevel() string { + if m != nil { + return m.ConsistencyLevel + } + return "" +} + +func (m *QueryMeta) GetResultsFilteredByACLs() bool { + if m != nil { + return m.ResultsFilteredByACLs + } + return false +} + +// EnterpriseMeta contains metadata that is only used by the Enterprise version +// of Consul. +type EnterpriseMeta struct { + // Namespace in which the entity exists. + Namespace string `protobuf:"bytes,1,opt,name=Namespace,proto3" json:"Namespace,omitempty"` + // Partition in which the entity exists. + Partition string `protobuf:"bytes,2,opt,name=Partition,proto3" json:"Partition,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *EnterpriseMeta) Reset() { *m = EnterpriseMeta{} } +func (m *EnterpriseMeta) String() string { return proto.CompactTextString(m) } +func (*EnterpriseMeta) ProtoMessage() {} +func (*EnterpriseMeta) Descriptor() ([]byte, []int) { + return fileDescriptor_a6f5ac44994d718c, []int{6} +} + +func (m *EnterpriseMeta) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_EnterpriseMeta.Unmarshal(m, b) +} +func (m *EnterpriseMeta) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_EnterpriseMeta.Marshal(b, m, deterministic) +} +func (m *EnterpriseMeta) XXX_Merge(src proto.Message) { + xxx_messageInfo_EnterpriseMeta.Merge(m, src) +} +func (m *EnterpriseMeta) XXX_Size() int { + return xxx_messageInfo_EnterpriseMeta.Size(m) +} +func (m *EnterpriseMeta) XXX_DiscardUnknown() { + xxx_messageInfo_EnterpriseMeta.DiscardUnknown(m) +} + +var xxx_messageInfo_EnterpriseMeta proto.InternalMessageInfo + +func (m *EnterpriseMeta) GetNamespace() string { + if m != nil { + return m.Namespace + } + return "" +} + +func (m *EnterpriseMeta) GetPartition() string { + if m != nil { + return m.Partition + } + return "" +} + +func init() { + proto.RegisterType((*RaftIndex)(nil), "common.RaftIndex") + proto.RegisterType((*TargetDatacenter)(nil), "common.TargetDatacenter") + proto.RegisterType((*WriteRequest)(nil), "common.WriteRequest") + proto.RegisterType((*ReadRequest)(nil), "common.ReadRequest") + proto.RegisterType((*QueryOptions)(nil), "common.QueryOptions") + proto.RegisterType((*QueryMeta)(nil), "common.QueryMeta") + proto.RegisterType((*EnterpriseMeta)(nil), "common.EnterpriseMeta") +} + +func init() { + proto.RegisterFile("proto/pbcommon/common.proto", fileDescriptor_a6f5ac44994d718c) +} + +var fileDescriptor_a6f5ac44994d718c = []byte{ + // 558 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x84, 0x54, 0x51, 0x6f, 0xd3, 0x30, + 0x10, 0x56, 0xb7, 0x2e, 0x4b, 0xae, 0x65, 0x2a, 0x16, 0xa0, 0x30, 0xd0, 0x54, 0x45, 0x13, 0x9a, + 0xa6, 0xa9, 0x11, 0x83, 0x37, 0xc4, 0x43, 0xd7, 0x15, 0x69, 0xa3, 0x61, 0xcc, 0x14, 0x21, 0xf1, + 0xe6, 0x26, 0xd7, 0xd6, 0x22, 0x8d, 0x83, 0xed, 0x6c, 0xed, 0x7f, 0x46, 0xfc, 0x06, 0x14, 0xa7, + 0xed, 0x52, 0xba, 0xad, 0x4f, 0xd1, 0xf7, 0xdd, 0xe7, 0xf3, 0xdd, 0x7d, 0xe7, 0xc0, 0xab, 0x54, + 0x0a, 0x2d, 0xfc, 0x74, 0x10, 0x8a, 0xc9, 0x44, 0x24, 0x7e, 0xf1, 0x69, 0x19, 0x96, 0x58, 0x05, + 0xda, 0x3f, 0x18, 0x09, 0x31, 0x8a, 0xd1, 0x37, 0xec, 0x20, 0x1b, 0xfa, 0x51, 0x26, 0x99, 0xe6, + 0x0b, 0x9d, 0x77, 0x05, 0x0e, 0x65, 0x43, 0x7d, 0x91, 0x44, 0x38, 0x25, 0x4d, 0xa8, 0x75, 0x24, + 0x32, 0x8d, 0x06, 0xba, 0x95, 0x66, 0xe5, 0xa8, 0x4a, 0xcb, 0x54, 0xae, 0x08, 0x44, 0xc4, 0x87, + 0xb3, 0x42, 0xb1, 0x55, 0x28, 0x4a, 0x94, 0x77, 0x0a, 0x8d, 0x3e, 0x93, 0x23, 0xd4, 0xe7, 0x4c, + 0xb3, 0x10, 0x13, 0x8d, 0x92, 0x1c, 0x00, 0xdc, 0x21, 0x93, 0xd6, 0xa1, 0x25, 0xc6, 0x3b, 0x84, + 0xfa, 0x0f, 0xc9, 0x35, 0x52, 0xfc, 0x9d, 0xa1, 0xd2, 0xe4, 0x19, 0xec, 0xf4, 0xc5, 0x2f, 0x4c, + 0xe6, 0xd2, 0x02, 0x78, 0xd7, 0x50, 0xa3, 0xc8, 0xa2, 0x47, 0x45, 0xe4, 0x04, 0x9e, 0xe6, 0x02, + 0x2e, 0xb1, 0x23, 0x12, 0xc5, 0x95, 0xc6, 0x44, 0x9b, 0x32, 0x6d, 0xba, 0x1e, 0xf0, 0xfe, 0x6c, + 0x43, 0xfd, 0x3a, 0x43, 0x39, 0xbb, 0x4a, 0xf3, 0x99, 0xa8, 0x07, 0x92, 0x1e, 0xc2, 0x93, 0x80, + 0x27, 0x46, 0x58, 0xee, 0x7b, 0x95, 0x24, 0x1f, 0xa1, 0x1e, 0xb0, 0xa9, 0x21, 0xfa, 0x7c, 0x82, + 0xee, 0x76, 0xb3, 0x72, 0x54, 0x3b, 0x7d, 0xd9, 0x2a, 0x1c, 0x68, 0x2d, 0x1c, 0x68, 0x9d, 0xcf, + 0x1d, 0xa0, 0x2b, 0xf2, 0x7c, 0x48, 0xed, 0x38, 0x16, 0xb7, 0xdf, 0x34, 0x8b, 0xd1, 0xad, 0x9a, + 0x92, 0x4b, 0xcc, 0xfd, 0x9d, 0xed, 0x3c, 0xd0, 0x19, 0xd9, 0x07, 0xfb, 0xbb, 0xc2, 0x0e, 0x0b, + 0xc7, 0xe8, 0x5a, 0x46, 0xb4, 0xc4, 0xa4, 0x0b, 0x8d, 0x80, 0x4d, 0x4d, 0xd6, 0x45, 0x2d, 0xee, + 0xee, 0xa6, 0x62, 0xd7, 0x8e, 0x90, 0xb7, 0x60, 0x05, 0x6c, 0xda, 0x1e, 0xa1, 0x6b, 0x6f, 0x3a, + 0x3c, 0x17, 0x92, 0x37, 0xb0, 0x17, 0x64, 0x4a, 0x53, 0xbc, 0x61, 0x31, 0x8f, 0x98, 0x46, 0xd7, + 0x31, 0xb5, 0xfd, 0xc7, 0xe6, 0xa3, 0x34, 0x77, 0x5d, 0x0c, 0xbb, 0x52, 0x0a, 0xe9, 0xc2, 0xc6, + 0x51, 0x96, 0xe5, 0xe4, 0x05, 0x58, 0x9f, 0x78, 0x9c, 0xef, 0x5a, 0xcd, 0xd8, 0x38, 0x47, 0xde, + 0xdf, 0x0a, 0x38, 0x66, 0xe0, 0x01, 0x6a, 0x96, 0x7b, 0x5d, 0xde, 0xf3, 0x02, 0x90, 0x0f, 0x50, + 0xeb, 0x31, 0xa5, 0x3b, 0x22, 0xd1, 0x2c, 0x2c, 0x56, 0xe7, 0xd1, 0x9b, 0xcb, 0xea, 0xfc, 0x79, + 0x7c, 0x4e, 0xc4, 0x6d, 0xd2, 0x43, 0x16, 0xa1, 0x34, 0x1b, 0x60, 0xd3, 0x32, 0x45, 0x8e, 0xa1, + 0xb1, 0x74, 0x29, 0x9c, 0xf5, 0xf0, 0x06, 0x63, 0xe3, 0xb5, 0x43, 0xd7, 0x78, 0xf2, 0x1e, 0x9e, + 0x53, 0x54, 0x59, 0xac, 0x55, 0x51, 0x3f, 0x46, 0x67, 0xb3, 0x76, 0xa7, 0xa7, 0x8c, 0x59, 0x36, + 0xbd, 0x3f, 0x78, 0x59, 0xb5, 0x77, 0x1a, 0xd6, 0x65, 0xd5, 0xb6, 0x1a, 0xbb, 0x5e, 0x0f, 0xf6, + 0xba, 0xf9, 0x0b, 0x4b, 0x25, 0x57, 0x68, 0x9a, 0x7e, 0x0d, 0xce, 0x17, 0x36, 0x41, 0x95, 0xb2, + 0x10, 0xe7, 0x4b, 0x7e, 0x47, 0xe4, 0xd1, 0xaf, 0x4c, 0x6a, 0x6e, 0x56, 0x62, 0xab, 0x88, 0x2e, + 0x89, 0xb3, 0x93, 0x9f, 0xc7, 0x23, 0xae, 0xc7, 0xd9, 0xa0, 0x15, 0x8a, 0x89, 0x3f, 0x66, 0x6a, + 0xcc, 0x43, 0x21, 0x53, 0x3f, 0x14, 0x89, 0xca, 0x62, 0x7f, 0xf5, 0x77, 0x34, 0xb0, 0x0c, 0x7e, + 0xf7, 0x2f, 0x00, 0x00, 0xff, 0xff, 0x35, 0xe5, 0x62, 0x05, 0xa7, 0x04, 0x00, 0x00, +} diff --git a/internal/tools/proto-gen-rpc-glue/e2e/go.mod b/internal/tools/proto-gen-rpc-glue/e2e/go.mod index b4b31db76..222f9f9c1 100644 --- a/internal/tools/proto-gen-rpc-glue/e2e/go.mod +++ b/internal/tools/proto-gen-rpc-glue/e2e/go.mod @@ -2,10 +2,6 @@ module github.com/hashicorp/consul/internal/tools/proto-gen-rpc-glue/e2e go 1.13 -replace github.com/hashicorp/consul => ../../../.. - -replace github.com/hashicorp/consul/api => ../../../../api - -replace github.com/hashicorp/consul/sdk => ../../../../sdk +replace github.com/hashicorp/consul => ./consul require github.com/hashicorp/consul v1.11.4 diff --git a/internal/tools/proto-gen-rpc-glue/e2e/go.sum b/internal/tools/proto-gen-rpc-glue/e2e/go.sum index a0f384377..6124ed3e4 100644 --- a/internal/tools/proto-gen-rpc-glue/e2e/go.sum +++ b/internal/tools/proto-gen-rpc-glue/e2e/go.sum @@ -1,657 +1,2 @@ -cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= -github.com/Azure/azure-sdk-for-go v44.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= -github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= -github.com/Azure/go-autorest/autorest v0.9.0/go.mod h1:xyHB1BMZT0cuDHU7I0+g046+BFDTQ8rEZB0s4Yfa6bI= -github.com/Azure/go-autorest/autorest v0.11.0/go.mod h1:JFgpikqFJ/MleTTxwepExTKnFUKKszPS8UavbQYUMuw= -github.com/Azure/go-autorest/autorest/adal v0.5.0/go.mod h1:8Z9fGy2MpX0PvDjB1pEgQTmVqjGhiHBW7RJJEciWzS0= -github.com/Azure/go-autorest/autorest/adal v0.9.0/go.mod h1:/c022QCutn2P7uY+/oQWWNcK9YU+MH96NgK+jErpbcg= -github.com/Azure/go-autorest/autorest/azure/auth v0.5.0/go.mod h1:QRTvSZQpxqm8mSErhnbI+tANIBAKP7B+UIE2z4ypUO0= -github.com/Azure/go-autorest/autorest/azure/cli v0.4.0/go.mod h1:JljT387FplPzBA31vUcvsetLKF3pec5bdAxjVU4kI2s= -github.com/Azure/go-autorest/autorest/date v0.1.0/go.mod h1:plvfp3oPSKwf2DNjlBjWF/7vwR+cUD/ELuzDCXwHUVA= -github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74= -github.com/Azure/go-autorest/autorest/mocks v0.1.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0= -github.com/Azure/go-autorest/autorest/mocks v0.2.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0= -github.com/Azure/go-autorest/autorest/mocks v0.4.0/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= -github.com/Azure/go-autorest/autorest/to v0.4.0/go.mod h1:fE8iZBn7LQR7zH/9XU2NcPR4o9jEImooCeWJcYV/zLE= -github.com/Azure/go-autorest/autorest/validation v0.3.0/go.mod h1:yhLgjC0Wda5DYXl6JAsWyUe4KVNffhoDhG0zVzUMo3E= -github.com/Azure/go-autorest/logger v0.1.0/go.mod h1:oExouG+K6PryycPJfVSxi/koC6LSNgds39diKLz7Vrc= -github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= -github.com/Azure/go-autorest/tracing v0.5.0/go.mod h1:r/s2XiOKccPW3HrqB+W0TQzfbtp2fGCgRFtBroKn4Dk= -github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= -github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/DataDog/datadog-go v2.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= -github.com/DataDog/datadog-go v3.2.0+incompatible h1:qSG2N4FghB1He/r2mFrWKCaL7dXCilEuNEeAn20fdD4= -github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= -github.com/Microsoft/go-winio v0.4.3/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA= -github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= -github.com/NYTimes/gziphandler v1.0.1/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= -github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= -github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= -github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= -github.com/StackExchange/wmi v1.2.1/go.mod h1:rcmrprowKIVzvc+NUiLncP2uuArMWLCbu9SBzvHz7e8= -github.com/abdullin/seq v0.0.0-20160510034733-d5467c17e7af/go.mod h1:5Jv4cbFiHJMsVxt52+i0Ha45fjshj6wxYr1r19tB9bw= -github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= -github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= -github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= -github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= -github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= -github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= -github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= -github.com/armon/go-metrics v0.0.0-20190430140413-ec5e00d3c878/go.mod h1:3AMJUQhVx52RsWOnlkpikZr01T/yAVN2gn0861vByNg= -github.com/armon/go-metrics v0.3.0/go.mod h1:zXjbSimjXTd7vOpY8B0/2LpvNvDoXBuplAD+gJD3GYs= -github.com/armon/go-metrics v0.3.8/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc= -github.com/armon/go-metrics v0.3.10 h1:FR+drcQStOe+32sYyJYyZ7FIdgoGGBnwLl+flodp8Uo= -github.com/armon/go-metrics v0.3.10/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc= -github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= -github.com/armon/go-radix v1.0.0 h1:F4z6KzEeeQIMeLFa97iZU6vupzoecKdU5TX24SNppXI= -github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= -github.com/aws/aws-sdk-go v1.25.37/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= -github.com/aws/aws-sdk-go v1.25.41/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= -github.com/aws/aws-sdk-go v1.42.34/go.mod h1:OGr6lGMAKGlG9CVrYnWYDKIyb829c6EVBRjxqjmPepc= -github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= -github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= -github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= -github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= -github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= -github.com/boltdb/bolt v1.3.1/go.mod h1:clJnj/oiGkjum5o1McbSZDSLxVThjynRyGBgiAx27Ps= -github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko= -github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= -github.com/cespare/xxhash/v2 v2.1.1 h1:6MnRN8NT7+YBpUIWxHtefFZOKTAPgGjpQSxqLNn0+qY= -github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= -github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= -github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= -github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible h1:C29Ae4G5GtYyYMm1aztcyj/J5ckgJm2zwdDajFbx1NY= -github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6Dob7S7YxXgwXpfOuvO54S+tGdZdw9fuRZt25Ag= -github.com/circonus-labs/circonusllhist v0.1.3 h1:TJH+oke8D16535+jHExHj4nQvzlZrj7ug5D7I/orNUA= -github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I= -github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/cncf/udpa/go v0.0.0-20200313221541-5f7e5dd04533/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= -github.com/cockroachdb/apd v1.1.0/go.mod h1:8Sl8LxpKi29FqWXR16WEFZRNSz3SoPzUzeMeY4+DwBQ= -github.com/coredns/coredns v1.1.2/go.mod h1:zASH/MVDgR6XZTbxvOnsZfffS+31vg6Ackf/wo1+AM0= -github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= -github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= -github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk= -github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= -github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= -github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= -github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= -github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE= -github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= -github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= -github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/denverdino/aliyungo v0.0.0-20170926055100-d3308649c661/go.mod h1:dV8lFg6daOBZbT6/BDGIz6Y3WFGn8juu6G+CQ6LHtl0= -github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= -github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= -github.com/digitalocean/godo v1.7.5/go.mod h1:h6faOIcZ8lWIwNQ+DN7b3CgX4Kwby5T+nbpNqkUIozU= -github.com/digitalocean/godo v1.10.0/go.mod h1:h6faOIcZ8lWIwNQ+DN7b3CgX4Kwby5T+nbpNqkUIozU= -github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8= -github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E= -github.com/docker/go-connections v0.3.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec= -github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM= -github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= -github.com/elazarl/go-bindata-assetfs v0.0.0-20160803192304-e1a2a7ec64b0/go.mod h1:v+YaWX3bdea5J/mo8dSETolEo7R71Vk1u8bnjau5yw4= -github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= -github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= -github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/go-control-plane v0.9.5/go.mod h1:OXl5to++W0ctG+EHWTFUjiypVxC/Y4VLc/KFU+al13s= -github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/evanphx/json-patch v4.2.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= -github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= -github.com/fatih/color v1.9.0 h1:8xPHl4/q1VyqGIPif1F+1V3Y3lSmrq01EabUW3CoW5s= -github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= -github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M= -github.com/frankban/quicktest v1.11.0/go.mod h1:K+q6oSqb0W0Ininfk863uOk1lMy69l/P6txr3mVT54s= -github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= -github.com/fsnotify/fsnotify v1.5.1/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5Ai1i3InKU= -github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= -github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= -github.com/go-asn1-ber/asn1-ber v1.3.1/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0= -github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= -github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= -github.com/go-ldap/ldap/v3 v3.1.3/go.mod h1:3rbOH3jRS2u6jg2rJnKAMLE/xQyCKIveG2Sa/Cohzb8= -github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= -github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= -github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= -github.com/go-ole/go-ole v1.2.5/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0= -github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0= -github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0= -github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9/go.mod h1:W3Z9FmVs9qj+KR4zFKmDPGiLdk1D9Rlm7cyMvf57TTg= -github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501/go.mod h1:J8+jY1nAiCcj+friV/PDoE1/3eeccG9LYBs0tYvLOWc= -github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dpr1UfpPtxFw+EFuQ41HhCWZfha5jSVRG7C7I= -github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= -github.com/go-test/deep v1.0.2-0.20181118220953-042da051cf31/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= -github.com/go-test/deep v1.0.2/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= -github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= -github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= -github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= -github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= -github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/protobuf v0.0.0-20161109072736-4bd1920723d7/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.5 h1:F768QJ1E9tib+q5Sc8MkdJi1RxLTbRcTf8LJV56aRls= github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk= -github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= -github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/btree v1.0.0 h1:0udJVsspx3VBr5FwtLhQQtuAsVc79tTq0ocGIPAU6qo= -github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= -github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ= -github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-querystring v0.0.0-20170111101155-53e6ce116135/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= -github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= -github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= -github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= -github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/tcpproxy v0.0.0-20180808230851-dfa16c61dad2/go.mod h1:DavVbd41y+b7ukKDmlnPR4nGYmkWXR6vHUkjQNiHPBs= -github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= -github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= -github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= -github.com/googleapis/gnostic v0.1.0/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= -github.com/googleapis/gnostic v0.2.0/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= -github.com/gophercloud/gophercloud v0.1.0/go.mod h1:vxM41WHh5uqHVBMZHzuwNOHh8XEoIEcSTewFxm1c5g8= -github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= -github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= -github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= -github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= -github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= -github.com/hashicorp/consul-net-rpc v0.0.0-20220307172752-3602954411b4 h1:Com/5n/omNSBusX11zdyIYtidiqewLIanchbm//McZA= -github.com/hashicorp/consul-net-rpc v0.0.0-20220307172752-3602954411b4/go.mod h1:vWEAHAeAqfOwB3pSgHMQpIu8VH1jL+Ltg54Tw0wt/NI= -github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA= -github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= -github.com/hashicorp/go-bexpr v0.1.2 h1:ijMXI4qERbzxbCnkxmfUtwMyjrrk3y+Vt0MxojNCbBs= -github.com/hashicorp/go-bexpr v0.1.2/go.mod h1:ANbpTX1oAql27TZkKVeW8p1w8NTdnyzPe/0qqPCKohU= -github.com/hashicorp/go-checkpoint v0.5.0/go.mod h1:7nfLNL10NsxqO4iWuW6tWW0HjZuDrwkBuEQsVcpCOgg= -github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= -github.com/hashicorp/go-cleanhttp v0.5.1 h1:dH3aiDG9Jvb5r5+bYHsikaOUIpcM0xvgMXVoDkXMzJM= -github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= -github.com/hashicorp/go-connlimit v0.3.0/go.mod h1:OUj9FGL1tPIhl/2RCfzYHrIiWj+VVPGNyVPnUX8AqS0= -github.com/hashicorp/go-discover v0.0.0-20210818145131-c573d69da192/go.mod h1:3/4dzY4lR1Hzt9bBqMhBzG7lngZ0GKx/nL6G/ad62wE= -github.com/hashicorp/go-hclog v0.0.0-20180709165350-ff2cf002a8dd/go.mod h1:9bjs9uLqI8l75knNv3lV1kA55veR+WUPSiKIWcQHudI= -github.com/hashicorp/go-hclog v0.9.1/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= -github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= -github.com/hashicorp/go-hclog v0.12.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= -github.com/hashicorp/go-hclog v0.14.1 h1:nQcJDQwIAGnmoUWp8ubocEX40cCml/17YkF6csQLReU= -github.com/hashicorp/go-hclog v0.14.1/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= -github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= -github.com/hashicorp/go-immutable-radix v1.3.0 h1:8exGP7ego3OmkfksihtSouGMZ+hQrhxx+FVELeXpVPE= -github.com/hashicorp/go-immutable-radix v1.3.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= -github.com/hashicorp/go-kms-wrapping/entropy v0.1.0/go.mod h1:d1g9WGtAunDNpek8jUIEJnBlbgKS1N2Q61QkHiZyR1g= -github.com/hashicorp/go-memdb v1.3.2/go.mod h1:Mluclgwib3R93Hk5fxEfiRhB+6Dar64wWh71LpNSe3g= -github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= -github.com/hashicorp/go-msgpack v0.5.5 h1:i9R9JSrqIz0QVLz3sz+i3YJdT7TTSLcfLLzJi9aZTuI= -github.com/hashicorp/go-msgpack v0.5.5/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= -github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= -github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA= -github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= -github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= -github.com/hashicorp/go-plugin v1.0.1/go.mod h1:++UyYGoz3o5w9ZzAdZxtQKrWWP+iqPBn3cQptSMzBuY= -github.com/hashicorp/go-raftchunking v0.6.2/go.mod h1:cGlg3JtDy7qy6c/3Bu660Mic1JF+7lWqIwCFSb08fX0= -github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs= -github.com/hashicorp/go-retryablehttp v0.6.6/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= -github.com/hashicorp/go-retryablehttp v0.6.7 h1:8/CAEZt/+F7kR7GevNHulKkUjLht3CPmn7egmhieNKo= -github.com/hashicorp/go-retryablehttp v0.6.7/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= -github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc= -github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= -github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU= -github.com/hashicorp/go-sockaddr v1.0.2 h1:ztczhD1jLxIRjVejw8gFomI1BQZOe2WoVOu0SyteCQc= -github.com/hashicorp/go-sockaddr v1.0.2/go.mod h1:rB4wwRAUzs07qva3c5SdrY/NEtAUjGlgmH/UkBUC97A= -github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4= -github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= -github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= -github.com/hashicorp/go-uuid v1.0.2 h1:cfejS+Tpcp13yd5nYHWDI6qVCny6wyX2Mt5SGur2IGE= -github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= -github.com/hashicorp/go-version v1.1.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= -github.com/hashicorp/go-version v1.2.1/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= -github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc= -github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= -github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= -github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= -github.com/hashicorp/hil v0.0.0-20200423225030-a18a1cd20038/go.mod h1:n2TSygSNwsLJ76m8qFXTSc7beTb+auJxYdqrnoqwZWE= -github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= -github.com/hashicorp/mdns v1.0.1/go.mod h1:4gW7WsVCke5TE7EPeYliwHlRUyBtfCwuFwuMg2DmyNY= -github.com/hashicorp/mdns v1.0.4/go.mod h1:mtBihi+LeNXGtG8L9dX59gAEa12BDtBQSp4v/YAJqrc= -github.com/hashicorp/memberlist v0.3.0/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOnAH9VT3Sh9MUE= -github.com/hashicorp/memberlist v0.3.1 h1:MXgUXLqva1QvpVEDQW1IQLG0wivQAtmFlHRQ+1vWZfM= -github.com/hashicorp/memberlist v0.3.1/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOnAH9VT3Sh9MUE= -github.com/hashicorp/raft v1.1.0/go.mod h1:4Ak7FSPnuvmb0GV6vgIAJ4vYT4bek9bb6Q+7HVbyzqM= -github.com/hashicorp/raft v1.1.1/go.mod h1:vPAJM8Asw6u8LxC3eJCUZmRP/E4QmUGE1R7g7k8sG/8= -github.com/hashicorp/raft v1.2.0/go.mod h1:vPAJM8Asw6u8LxC3eJCUZmRP/E4QmUGE1R7g7k8sG/8= -github.com/hashicorp/raft v1.3.6 h1:v5xW5KzByoerQlN/o31VJrFNiozgzGyDoMgDJgXpsto= -github.com/hashicorp/raft v1.3.6/go.mod h1:4Ak7FSPnuvmb0GV6vgIAJ4vYT4bek9bb6Q+7HVbyzqM= -github.com/hashicorp/raft-autopilot v0.1.5 h1:onEfMH5uHVdXQqtas36zXUHEZxLdsJVu/nXHLcLdL1I= -github.com/hashicorp/raft-autopilot v0.1.5/go.mod h1:Af4jZBwaNOI+tXfIqIdbcAnh/UyyqIMj/pOISIfhArw= -github.com/hashicorp/raft-boltdb v0.0.0-20171010151810-6e5ba93211ea/go.mod h1:pNv7Wc3ycL6F5oOWn+tPGo2gWD4a5X+yp/ntwdKLjRk= -github.com/hashicorp/raft-boltdb v0.0.0-20210409134258-03c10cc3d4ea/go.mod h1:qRd6nFJYYS6Iqnc/8HcUmko2/2Gw8qTFEmxDLii6W5I= -github.com/hashicorp/raft-boltdb v0.0.0-20211202195631-7d34b9fb3f42/go.mod h1:wcXL8otVu5cpJVLjcmq7pmfdRCdaP+xnvu7WQcKJAhs= -github.com/hashicorp/raft-boltdb/v2 v2.2.0/go.mod h1:SgPUD5TP20z/bswEr210SnkUFvQP/YjKV95aaiTbeMQ= -github.com/hashicorp/serf v0.9.6/go.mod h1:TXZNMjZQijwlDvp+r0b63xZ45H7JmCmgg4gpTwn9UV4= -github.com/hashicorp/serf v0.9.7 h1:hkdgbqizGQHuU5IPqYM1JdSMV8nKfpuOnZYXssk9muY= -github.com/hashicorp/serf v0.9.7/go.mod h1:TXZNMjZQijwlDvp+r0b63xZ45H7JmCmgg4gpTwn9UV4= -github.com/hashicorp/vault/api v1.0.5-0.20200717191844-f687267c8086/go.mod h1:R3Umvhlxi2TN7Ex2hzOowyeNb+SfbVWI973N+ctaFMk= -github.com/hashicorp/vault/sdk v0.1.14-0.20200519221838-e0cfd64bc267/go.mod h1:WX57W2PwkrOPQ6rVQk+dy5/htHIaB4aBM70EwKThu10= -github.com/hashicorp/vic v1.5.1-0.20190403131502-bbfe86ec9443/go.mod h1:bEpDU35nTu0ey1EXjwNwPjI9xErAsoOCmcMb9GKvyxo= -github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM= -github.com/hashicorp/yamux v0.0.0-20210826001029-26ff87cf9493 h1:brI5vBRUlAlM34VFmnLPwjnCL/FxAJp9XvOdX6Zt+XE= -github.com/hashicorp/yamux v0.0.0-20210826001029-26ff87cf9493/go.mod h1:CtWFDAQgb7dxtzFs4tWbplKIe2jSi3+5vKbgIO0SLnQ= -github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= -github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= -github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= -github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= -github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= -github.com/jackc/fake v0.0.0-20150926172116-812a484cc733/go.mod h1:WrMFNQdiFJ80sQsxDoMokWK1W5TQtxBFNpzWTD84ibQ= -github.com/jackc/pgx v3.3.0+incompatible/go.mod h1:0ZGrqGqkRlliWnWB4zKnWtjbSWbGkVEFm4TeybAXq+I= -github.com/jarcoal/httpmock v0.0.0-20180424175123-9c70cfe4a1da/go.mod h1:ks+b9deReOc7jgqp+e7LuFiCBH6Rm5hL32cLcEAArb4= -github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= -github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= -github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= -github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= -github.com/joyent/triton-go v0.0.0-20180628001255-830d2b111e62/go.mod h1:U+RSyWxWd04xTqnuOQxnai7XGS2PrPY2cfGoDKtMHjA= -github.com/joyent/triton-go v1.7.1-0.20200416154420-6801d15b779f/go.mod h1:KDSfL7qe5ZfQqvlDMkVjCztbmcpp/c8M77vhQP8ZPvk= -github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= -github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= -github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= -github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= -github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= -github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= -github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= -github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= -github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= -github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= -github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= -github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI= -github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= -github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= -github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= -github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= -github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= -github.com/linode/linodego v0.7.1/go.mod h1:ga11n3ivecUrPCHN0rANxKmfWBJVkOXfLMZinAbj2sY= -github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0/go.mod h1:zJYVVT2jmtg6P3p1VtQj7WsuWi/y4VnjVBn7F8KPB3I= -github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= -github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= -github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= -github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= -github.com/mattn/go-colorable v0.1.6 h1:6Su7aK7lXmJ/U79bYtBjLNaha4Fs1Rg9plHpcH+vvnE= -github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= -github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= -github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= -github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84= -github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= -github.com/mattn/go-isatty v0.0.12 h1:wuysRhFDzyxgEmMf5xjvJ2M9dZoWAXNNr5LSBS7uHXY= -github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= -github.com/mattn/go-runewidth v0.0.3/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= -github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU= -github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= -github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso= -github.com/miekg/dns v1.1.41 h1:WMszZWJG0XmzbK9FEmzH2TVcqYzFesusSIB41b8KHxY= -github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI= -github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= -github.com/mitchellh/cli v1.1.0/go.mod h1:xcISNoH86gajksDmfB23e/pu+B+GeFRMYmoHXxx3xhI= -github.com/mitchellh/copystructure v1.0.0 h1:Laisrj+bAB6b/yJwB5Bt3ITZhGJdqmxquMKeZ+mmkFQ= -github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= -github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= -github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= -github.com/mitchellh/go-testing-interface v0.0.0-20171004221916-a61a99592b77/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= -github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= -github.com/mitchellh/go-testing-interface v1.14.0 h1:/x0XQ6h+3U3nAyk1yx+bHPURrKa9sVVvYbuqZ7pIAtI= -github.com/mitchellh/go-testing-interface v1.14.0/go.mod h1:gfgS7OtZj6MA4U1UrDRp04twqAjfvlZyCfX3sDjEym8= -github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo= -github.com/mitchellh/hashstructure v0.0.0-20170609045927-2bca23e0e452 h1:hOY53G+kBFhbYFpRVxHl5eS7laP6B1+Cq+Z9Dry1iMU= -github.com/mitchellh/hashstructure v0.0.0-20170609045927-2bca23e0e452/go.mod h1:QjSHrPWS+BGUVBYkbTZWEnOh3G1DutKwClXU/ABz6AQ= -github.com/mitchellh/hashstructure/v2 v2.0.2/go.mod h1:MG3aRVU/N29oo/V/IhBX8GR/zz4kQkprJgF2EVszyDE= -github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= -github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= -github.com/mitchellh/mapstructure v1.3.2/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= -github.com/mitchellh/mapstructure v1.4.1 h1:CpVNEelQCZBooIPDn+AR3NpivK/TIKU8bDxdASFVQag= -github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= -github.com/mitchellh/pointerstructure v1.2.1 h1:ZhBBeX8tSlRpu/FFhXH4RC4OJzFlqsQhoHZAz4x7TIw= -github.com/mitchellh/pointerstructure v1.2.1/go.mod h1:BRAsLI5zgXmw97Lf6s25bs8ohIXc3tViBH44KcwB2g4= -github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= -github.com/mitchellh/reflectwalk v1.0.1 h1:FVzMWA5RllMAKIdUSC8mdWo3XtwoecrH79BY70sEEpE= -github.com/mitchellh/reflectwalk v1.0.1/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= -github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= -github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= -github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= -github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= -github.com/nicolai86/scaleway-sdk v1.10.2-0.20180628010248-798f60e20bb2/go.mod h1:TLb2Sg7HQcgGdloNxkrmtgDNR9uVYF3lfdFIN4Ro6Sk= -github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA= -github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= -github.com/olekukonko/tablewriter v0.0.0-20180130162743-b8a9be070da4/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo= -github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= -github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= -github.com/packethost/packngo v0.1.1-0.20180711074735-b9cb5096f54c/go.mod h1:otzZQXgoO96RTzDB/Hycg0qZcXZsWJGJRSXbmEIJ+4M= -github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= -github.com/pascaldekloe/goe v0.1.0 h1:cBOtyMzM9HTpWjXfbbunk26uA6nG3a8n06Wieeh0MwY= -github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= -github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ= -github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= -github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= -github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= -github.com/pierrec/lz4 v2.5.2+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= -github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= -github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= -github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= -github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s= -github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA= -github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= -github.com/prometheus/client_golang v0.9.2/go.mod h1:OsXs2jCmiKlQ1lTBmv21f2mNfw4xf/QclQDMrYNZzcM= -github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso= -github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= -github.com/prometheus/client_golang v1.4.0 h1:YVIb/fVcOTMSqtqZWSKnHpSLBxu8DKgxq8z6RuBZwqI= -github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU= -github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= -github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.2.0 h1:uq5h0d+GuxiXLJLNABMgp2qUWDPiLvgCzz2dUR+/W/M= -github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= -github.com/prometheus/common v0.0.0-20181126121408-4724e9255275/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= -github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= -github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= -github.com/prometheus/common v0.9.1 h1:KOMtN28tlbam3/7ZKEYKHhKoJZYYj3gMH4uc62x7X7U= -github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4= -github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= -github.com/prometheus/procfs v0.0.0-20181204211112-1dc9a6cbc91a/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= -github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= -github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= -github.com/prometheus/procfs v0.0.8 h1:+fpWZdT24pJBiqJdAwYBjPSk+5YmQzYNPYzQsdzLkt8= -github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= -github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= -github.com/rboyer/safeio v0.2.1/go.mod h1:Cq/cEPK+YXFn622lsQ0K4KsPZSPtaptHHEldsy7Fmig= -github.com/renier/xmlrpc v0.0.0-20170708154548-ce4a1a486c03/go.mod h1:gRAiPF5C5Nd0eyyRdqIu9qTiFSoZzpTq727b5B8fkkU= -github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= -github.com/rs/zerolog v1.4.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU= -github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= -github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= -github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= -github.com/ryanuber/columnize v2.1.2+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= -github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc= -github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= -github.com/sean-/conswriter v0.0.0-20180208195008-f5ae3917a627/go.mod h1:7zjs06qF79/FKAJpBvFx3P8Ww4UTIMAe+lpNXDHziac= -github.com/sean-/pager v0.0.0-20180208200047-666be9bf53b5/go.mod h1:BeybITEsBEg6qbIiqJ6/Bqeq25bCLbL7YFmpaFfJDuM= -github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 h1:nn5Wsu0esKSJiIVhscUtVbo7ada43DJhG55ua/hjS5I= -github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= -github.com/shirou/gopsutil/v3 v3.21.10/go.mod h1:t75NhzCZ/dYyPQjyQmrAYP6c8+LCdFANeBMdLPCNnew= -github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24/go.mod h1:M+9NzErvs504Cn4c5DxATwIqPbtswREoFCre64PpcG4= -github.com/sirupsen/logrus v1.0.6/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc= -github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= -github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= -github.com/softlayer/softlayer-go v0.0.0-20180806151055-260589d94c7d/go.mod h1:Cw4GTlQccdRGSEf6KiMju767x0NEHE0YIVPJSaXjlsw= -github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= -github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= -github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= -github.com/spf13/afero v1.2.1/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= -github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= -github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= -github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU= -github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= -github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= -github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= -github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= -github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s= -github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE= -github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.1.1 h1:2vfRuCMp5sSVIDSqO8oNnWJq7mPa6KVP3iPIwFBuy8A= -github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= -github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= -github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= -github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/tencentcloud/tencentcloud-sdk-go v1.0.162/go.mod h1:asUz5BPXxgoPGaRgZaVm1iGcUAuHyYUo1nXqKa83cvI= -github.com/tklauser/go-sysconf v0.3.9/go.mod h1:11DU/5sG7UexIrp/O6g35hrWzu0JxlwQ3LSFUzyeuhs= -github.com/tklauser/numcpus v0.3.0/go.mod h1:yFGUr7TUHQRAhyqBcEg0Ge34zDBAsIvJJcyE6boqnA8= -github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= -github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926 h1:G3dpKMzFDjgEh2q1Z7zUUtKa8ViPtH+ocF0bE0g00O8= -github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM= -github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= -github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= -github.com/vmware/govmomi v0.18.0/go.mod h1:URlwyTFZX72RmxtxuaFL2Uj3fD1JTvZdx59bHWk6aFU= -github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= -github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= -github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= -go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ= -go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= -go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= -go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= -go.uber.org/goleak v1.1.10 h1:z+mqJhf6ss6BSfSM671tgKyZBFPTTJM+HLxnhPC3wu0= -go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= -go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= -go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= -golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20190211182817-74369b46fc67/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190418165655-df01cb2cc480/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE= -golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY= -golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a h1:kr2P4QFmQr29mSLA43kwrOcgcReGTfbE9N577tCTuBc= -golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8= -golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= -golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190930215403-16217165b5de h1:5hukYrvBGR8/eNkX5mdUezrA6JiaEZDtJb9Ei+1LlBs= -golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.3.0 h1:RM4zey1++hCTbCVQfnWeKs9/IEsaBLA8vTkd0WVtmH4= -golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= -golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200602114024-627f9648deb9/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8= -golang.org/x/net v0.0.0-20211216030914-fe4d6282115f h1:hEYJvxw1lSnWIl8X9ofsYMklzaDs90JI2az5YMd4fPM= -golang.org/x/net v0.0.0-20211216030914-fe4d6282115f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ= -golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190129075346-302c3dd5f1cc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190209173611-3b5209105503/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190403152447-81d4e9dc473e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190515120540-06a5c4944438/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190523142557-0e01d883c5c5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191022100944-742c48ecaeb7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200124204421-9fbb57f87de9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210816074244-15123e1e1f71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211013075003-97ac67df715c h1:taxlMj0D/1sOAuv/CbSD+MMDof2vbyPTqz5FNYKpXt8= -golang.org/x/sys v0.0.0-20211013075003-97ac67df715c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= -golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20200416051211-89c76fbcd5d1/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e h1:EHBhcS0mlXEAVwNyO2dLfjToGsyY4j24pTs2ScHnX7s= -golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= -golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190624222133-a101b041ded4/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20210106214847-113979e3529a h1:CB3a9Nez8M13wwlr/E2YtwoU+qYHKfC+JrDa45RXXoQ= -golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE= -golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= -google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= -google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= -google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.6.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= -google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= -google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= -google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= -google.golang.org/grpc v1.22.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= -google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= -google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= -google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U= -gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= -gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo= -gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= -gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo= -gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= -gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= -gopkg.in/square/go-jose.v2 v2.5.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= -gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= -gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= -gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo= -gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8= -honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/api v0.18.2/go.mod h1:SJCWI7OLzhZSvbY7U8zwNl9UA4o1fizoug34OV/2r78= -k8s.io/apimachinery v0.18.2/go.mod h1:9SnR/e11v5IbyPCGbvJViimtJ0SwHG4nfZFjU77ftcA= -k8s.io/client-go v0.18.2/go.mod h1:Xcm5wVGXX9HAA2JJ2sSBUn3tCJ+4SVlCbl2MNNv+CIU= -k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= -k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= -k8s.io/klog v0.3.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= -k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= -k8s.io/kube-openapi v0.0.0-20200121204235-bf4fb3bd569c/go.mod h1:GRQhZsXIAJ1xR0C9bd8UpWHZ5plfAS9fzPjJuQ6JL3E= -k8s.io/utils v0.0.0-20200324210504-a9aa75ae1b89/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew= -sigs.k8s.io/structured-merge-diff/v3 v3.0.0-20200116222232-67a7b8c61874/go.mod h1:PlARxl6Hbt/+BC80dRLi1qAmnMqwqDg62YvvVkZjemw= -sigs.k8s.io/structured-merge-diff/v3 v3.0.0/go.mod h1:PlARxl6Hbt/+BC80dRLi1qAmnMqwqDg62YvvVkZjemw= -sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= -sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= From 484e1da6da8e4cb69aa332618cceba4aff65d701 Mon Sep 17 00:00:00 2001 From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com> Date: Mon, 28 Mar 2022 13:12:51 -0500 Subject: [PATCH 029/785] proto-gen-rpc-glue: support QueryMeta and QueryOptions (#12637) --- internal/tools/proto-gen-rpc-glue/.gitignore | 2 +- .../e2e/consul/agent/structs/structs.go | 57 ++++ .../e2e/consul/proto/pbcommon/common.go | 178 ++++++++++ .../tools/proto-gen-rpc-glue/e2e/source.pb.go | 24 ++ .../e2e/source.rpcglue.pb.go.golden | 275 +++++++++++++++ internal/tools/proto-gen-rpc-glue/main.go | 318 +++++++++++++----- 6 files changed, 777 insertions(+), 77 deletions(-) create mode 100644 internal/tools/proto-gen-rpc-glue/e2e/consul/agent/structs/structs.go create mode 100644 internal/tools/proto-gen-rpc-glue/e2e/consul/proto/pbcommon/common.go diff --git a/internal/tools/proto-gen-rpc-glue/.gitignore b/internal/tools/proto-gen-rpc-glue/.gitignore index 14130d475..343d68c1c 100644 --- a/internal/tools/proto-gen-rpc-glue/.gitignore +++ b/internal/tools/proto-gen-rpc-glue/.gitignore @@ -1 +1 @@ -./e2e/source.rpcglue.pb.go +e2e/*.rpcglue.pb.go diff --git a/internal/tools/proto-gen-rpc-glue/e2e/consul/agent/structs/structs.go b/internal/tools/proto-gen-rpc-glue/e2e/consul/agent/structs/structs.go new file mode 100644 index 000000000..4d7741398 --- /dev/null +++ b/internal/tools/proto-gen-rpc-glue/e2e/consul/agent/structs/structs.go @@ -0,0 +1,57 @@ +package structs + +import ( + "time" + + "github.com/golang/protobuf/ptypes" + "github.com/golang/protobuf/ptypes/duration" + "github.com/golang/protobuf/ptypes/timestamp" +) + +type QueryOptions struct { + // NOTE: fields omitted from upstream if not necessary for compilation check + MinQueryIndex uint64 + MaxQueryTime time.Duration +} + +func (q QueryOptions) HasTimedOut(start time.Time, rpcHoldTimeout, maxQueryTime, defaultQueryTime time.Duration) (bool, error) { + // NOTE: body was omitted from upstream; we only need the signature to verify it compiles + return false, nil +} + +type RPCInfo interface { + // NOTE: methods omitted from upstream if not necessary for compilation check +} + +type QueryBackend int + +const ( + QueryBackendBlocking QueryBackend = iota + QueryBackendStreaming +) + +func DurationToProto(d time.Duration) *duration.Duration { + return ptypes.DurationProto(d) +} + +func DurationFromProto(d *duration.Duration) time.Duration { + ret, _ := ptypes.Duration(d) + return ret + +} + +func TimeFromProto(s *timestamp.Timestamp) time.Time { + ret, _ := ptypes.Timestamp(s) + return ret +} + +func TimeToProto(s time.Time) *timestamp.Timestamp { + ret, _ := ptypes.TimestampProto(s) + return ret +} + +// IsZeroProtoTime returns true if the time is the minimum protobuf timestamp +// (the Unix epoch). +func IsZeroProtoTime(t *timestamp.Timestamp) bool { + return t.Seconds == 0 && t.Nanos == 0 +} diff --git a/internal/tools/proto-gen-rpc-glue/e2e/consul/proto/pbcommon/common.go b/internal/tools/proto-gen-rpc-glue/e2e/consul/proto/pbcommon/common.go new file mode 100644 index 000000000..f8211604d --- /dev/null +++ b/internal/tools/proto-gen-rpc-glue/e2e/consul/proto/pbcommon/common.go @@ -0,0 +1,178 @@ +package pbcommon + +import ( + "time" + + "github.com/hashicorp/consul/agent/structs" +) + +// IsRead is always true for QueryOption +func (q *QueryOptions) IsRead() bool { + return true +} + +// AllowStaleRead returns whether a stale read should be allowed +func (q *QueryOptions) AllowStaleRead() bool { + return q.AllowStale +} + +func (q *QueryOptions) TokenSecret() string { + return q.Token +} + +func (q *QueryOptions) SetTokenSecret(s string) { + q.Token = s +} + +// SetToken is needed to implement the structs.QueryOptionsCompat interface +func (q *QueryOptions) SetToken(token string) { + q.Token = token +} + +// SetMinQueryIndex is needed to implement the structs.QueryOptionsCompat interface +func (q *QueryOptions) SetMinQueryIndex(minQueryIndex uint64) { + q.MinQueryIndex = minQueryIndex +} + +// SetMaxQueryTime is needed to implement the structs.QueryOptionsCompat interface +func (q *QueryOptions) SetMaxQueryTime(maxQueryTime time.Duration) { + q.MaxQueryTime = structs.DurationToProto(maxQueryTime) +} + +// SetAllowStale is needed to implement the structs.QueryOptionsCompat interface +func (q *QueryOptions) SetAllowStale(allowStale bool) { + q.AllowStale = allowStale +} + +// SetRequireConsistent is needed to implement the structs.QueryOptionsCompat interface +func (q *QueryOptions) SetRequireConsistent(requireConsistent bool) { + q.RequireConsistent = requireConsistent +} + +// SetUseCache is needed to implement the structs.QueryOptionsCompat interface +func (q *QueryOptions) SetUseCache(useCache bool) { + q.UseCache = useCache +} + +// SetMaxStaleDuration is needed to implement the structs.QueryOptionsCompat interface +func (q *QueryOptions) SetMaxStaleDuration(maxStaleDuration time.Duration) { + q.MaxStaleDuration = structs.DurationToProto(maxStaleDuration) +} + +// SetMaxAge is needed to implement the structs.QueryOptionsCompat interface +func (q *QueryOptions) SetMaxAge(maxAge time.Duration) { + q.MaxAge = structs.DurationToProto(maxAge) +} + +// SetMustRevalidate is needed to implement the structs.QueryOptionsCompat interface +func (q *QueryOptions) SetMustRevalidate(mustRevalidate bool) { + q.MustRevalidate = mustRevalidate +} + +// SetStaleIfError is needed to implement the structs.QueryOptionsCompat interface +func (q *QueryOptions) SetStaleIfError(staleIfError time.Duration) { + q.StaleIfError = structs.DurationToProto(staleIfError) +} + +func (q QueryOptions) HasTimedOut(start time.Time, rpcHoldTimeout, maxQueryTime, defaultQueryTime time.Duration) (bool, error) { + maxTime := structs.DurationFromProto(q.MaxQueryTime) + o := structs.QueryOptions{ + MaxQueryTime: maxTime, + MinQueryIndex: q.MinQueryIndex, + } + return o.HasTimedOut(start, rpcHoldTimeout, maxQueryTime, defaultQueryTime) +} + +// SetFilter is needed to implement the structs.QueryOptionsCompat interface +func (q *QueryOptions) SetFilter(filter string) { + q.Filter = filter +} + +// WriteRequest only applies to writes, always false +// +// IsRead implements structs.RPCInfo +func (w WriteRequest) IsRead() bool { + return false +} + +// SetTokenSecret implements structs.RPCInfo +func (w WriteRequest) TokenSecret() string { + return w.Token +} + +// SetTokenSecret implements structs.RPCInfo +func (w *WriteRequest) SetTokenSecret(s string) { + w.Token = s +} + +// AllowStaleRead returns whether a stale read should be allowed +// +// AllowStaleRead implements structs.RPCInfo +func (w WriteRequest) AllowStaleRead() bool { + return false +} + +// HasTimedOut implements structs.RPCInfo +func (w WriteRequest) HasTimedOut(start time.Time, rpcHoldTimeout, _, _ time.Duration) (bool, error) { + return time.Since(start) > rpcHoldTimeout, nil +} + +// IsRead implements structs.RPCInfo +func (r *ReadRequest) IsRead() bool { + return true +} + +// AllowStaleRead implements structs.RPCInfo +func (r *ReadRequest) AllowStaleRead() bool { + // TODO(partitions): plumb this? + return false +} + +// TokenSecret implements structs.RPCInfo +func (r *ReadRequest) TokenSecret() string { + return r.Token +} + +// SetTokenSecret implements structs.RPCInfo +func (r *ReadRequest) SetTokenSecret(token string) { + r.Token = token +} + +// HasTimedOut implements structs.RPCInfo +func (r *ReadRequest) HasTimedOut(start time.Time, rpcHoldTimeout, maxQueryTime, defaultQueryTime time.Duration) (bool, error) { + return time.Since(start) > rpcHoldTimeout, nil +} + +// RequestDatacenter implements structs.RPCInfo +func (td TargetDatacenter) RequestDatacenter() string { + return td.Datacenter +} + +// SetLastContact is needed to implement the structs.QueryMetaCompat interface +func (q *QueryMeta) SetLastContact(lastContact time.Duration) { + q.LastContact = structs.DurationToProto(lastContact) +} + +// SetKnownLeader is needed to implement the structs.QueryMetaCompat interface +func (q *QueryMeta) SetKnownLeader(knownLeader bool) { + q.KnownLeader = knownLeader +} + +// SetIndex is needed to implement the structs.QueryMetaCompat interface +func (q *QueryMeta) SetIndex(index uint64) { + q.Index = index +} + +// SetConsistencyLevel is needed to implement the structs.QueryMetaCompat interface +func (q *QueryMeta) SetConsistencyLevel(consistencyLevel string) { + q.ConsistencyLevel = consistencyLevel +} + +func (q *QueryMeta) GetBackend() structs.QueryBackend { + return structs.QueryBackend(0) +} + +// SetResultsFilteredByACLs is needed to implement the structs.QueryMetaCompat interface +func (q *QueryMeta) SetResultsFilteredByACLs(v bool) { + q.ResultsFilteredByACLs = v +} diff --git a/internal/tools/proto-gen-rpc-glue/e2e/source.pb.go b/internal/tools/proto-gen-rpc-glue/e2e/source.pb.go index ed47e1d09..43ace7a84 100644 --- a/internal/tools/proto-gen-rpc-glue/e2e/source.pb.go +++ b/internal/tools/proto-gen-rpc-glue/e2e/source.pb.go @@ -19,6 +19,19 @@ type ExampleReadRequest struct { TargetDatacenter *pbcommon.TargetDatacenter } +// @consul-rpc-glue: QueryOptions,TargetDatacenter +type ExampleQueryOptions struct { + Value string + QueryOptions *pbcommon.QueryOptions + TargetDatacenter *pbcommon.TargetDatacenter +} + +// @consul-rpc-glue: QueryMeta +type ExampleQueryMeta struct { + Value string + QueryMeta *pbcommon.QueryMeta +} + // @consul-rpc-glue: WriteRequest=AltWriteRequest type AltExampleWriteRequest struct { Value int @@ -30,3 +43,14 @@ type AltExampleReadRequest struct { Value int AltReadRequest *pbcommon.ReadRequest } + +// @consul-rpc-glue: QueryOptions=AltQueryOptions +type AltExampleQueryOptions struct { + Value string + AltQueryOptions *pbcommon.QueryOptions +} + +// @consul-rpc-glue: QueryMeta=AltQueryMeta +type AltExampleQueryMeta struct { + AltQueryMeta *pbcommon.QueryMeta +} diff --git a/internal/tools/proto-gen-rpc-glue/e2e/source.rpcglue.pb.go.golden b/internal/tools/proto-gen-rpc-glue/e2e/source.rpcglue.pb.go.golden index 7f87f5477..a035aab7a 100644 --- a/internal/tools/proto-gen-rpc-glue/e2e/source.rpcglue.pb.go.golden +++ b/internal/tools/proto-gen-rpc-glue/e2e/source.rpcglue.pb.go.golden @@ -7,12 +7,19 @@ package e2e import ( "time" + + "github.com/hashicorp/consul/agent/structs" ) +// Reference imports to suppress errors if they are not otherwise used. +var _ structs.RPCInfo + +// AllowStaleRead implements structs.RPCInfo func (msg *ExampleWriteRequest) AllowStaleRead() bool { return false } +// HasTimedOut implements structs.RPCInfo func (msg *ExampleWriteRequest) HasTimedOut(start time.Time, rpcHoldTimeout time.Duration, a time.Duration, b time.Duration) (bool, error) { if msg == nil || msg.WriteRequest == nil { return false, nil @@ -20,14 +27,18 @@ func (msg *ExampleWriteRequest) HasTimedOut(start time.Time, rpcHoldTimeout time return msg.WriteRequest.HasTimedOut(start, rpcHoldTimeout, a, b) } +// IsRead implements structs.RPCInfo func (msg *ExampleWriteRequest) IsRead() bool { return false } +// SetTokenSecret implements structs.RPCInfo func (msg *ExampleWriteRequest) SetTokenSecret(s string) { + // TODO: initialize if nil msg.WriteRequest.SetTokenSecret(s) } +// TokenSecret implements structs.RPCInfo func (msg *ExampleWriteRequest) TokenSecret() string { if msg == nil || msg.WriteRequest == nil { return "" @@ -35,6 +46,7 @@ func (msg *ExampleWriteRequest) TokenSecret() string { return msg.WriteRequest.TokenSecret() } +// Token implements structs.RPCInfo func (msg *ExampleWriteRequest) Token() string { if msg.WriteRequest == nil { return "" @@ -42,6 +54,7 @@ func (msg *ExampleWriteRequest) Token() string { return msg.WriteRequest.Token } +// RequestDatacenter implements structs.RPCInfo func (msg *ExampleWriteRequest) RequestDatacenter() string { if msg == nil || msg.TargetDatacenter == nil { return "" @@ -49,14 +62,18 @@ func (msg *ExampleWriteRequest) RequestDatacenter() string { return msg.TargetDatacenter.GetDatacenter() } +// IsRead implements structs.RPCInfo func (msg *ExampleReadRequest) IsRead() bool { return true } +// AllowStaleRead implements structs.RPCInfo func (msg *ExampleReadRequest) AllowStaleRead() bool { + // TODO: initialize if nil return msg.ReadRequest.AllowStaleRead() } +// HasTimedOut implements structs.RPCInfo func (msg *ExampleReadRequest) HasTimedOut(start time.Time, rpcHoldTimeout time.Duration, a time.Duration, b time.Duration) (bool, error) { if msg == nil || msg.ReadRequest == nil { return false, nil @@ -64,10 +81,13 @@ func (msg *ExampleReadRequest) HasTimedOut(start time.Time, rpcHoldTimeout time. return msg.ReadRequest.HasTimedOut(start, rpcHoldTimeout, a, b) } +// SetTokenSecret implements structs.RPCInfo func (msg *ExampleReadRequest) SetTokenSecret(s string) { + // TODO: initialize if nil msg.ReadRequest.SetTokenSecret(s) } +// TokenSecret implements structs.RPCInfo func (msg *ExampleReadRequest) TokenSecret() string { if msg == nil || msg.ReadRequest == nil { return "" @@ -75,6 +95,7 @@ func (msg *ExampleReadRequest) TokenSecret() string { return msg.ReadRequest.TokenSecret() } +// Token implements structs.RPCInfo func (msg *ExampleReadRequest) Token() string { if msg.ReadRequest == nil { return "" @@ -82,6 +103,7 @@ func (msg *ExampleReadRequest) Token() string { return msg.ReadRequest.Token } +// RequestDatacenter implements structs.RPCInfo func (msg *ExampleReadRequest) RequestDatacenter() string { if msg == nil || msg.TargetDatacenter == nil { return "" @@ -89,10 +111,135 @@ func (msg *ExampleReadRequest) RequestDatacenter() string { return msg.TargetDatacenter.GetDatacenter() } +// RequestDatacenter implements structs.RPCInfo +func (msg *ExampleQueryOptions) RequestDatacenter() string { + if msg == nil || msg.TargetDatacenter == nil { + return "" + } + return msg.TargetDatacenter.GetDatacenter() +} + +// IsRead implements structs.RPCInfo +func (msg *ExampleQueryOptions) IsRead() bool { + return true +} + +// AllowStaleRead implements structs.RPCInfo +func (msg *ExampleQueryOptions) AllowStaleRead() bool { + return msg.QueryOptions.AllowStaleRead() +} + +// HasTimedOut implements structs.RPCInfo +func (msg *ExampleQueryOptions) HasTimedOut(start time.Time, rpcHoldTimeout time.Duration, a time.Duration, b time.Duration) (bool, error) { + if msg == nil || msg.QueryOptions == nil { + return false, nil + } + return msg.QueryOptions.HasTimedOut(start, rpcHoldTimeout, a, b) +} + +// SetTokenSecret implements structs.RPCInfo +func (msg *ExampleQueryOptions) SetTokenSecret(s string) { + // TODO: initialize if nil + msg.QueryOptions.SetTokenSecret(s) +} + +// TokenSecret implements structs.RPCInfo +func (msg *ExampleQueryOptions) TokenSecret() string { + if msg == nil || msg.QueryOptions == nil { + return "" + } + return msg.QueryOptions.TokenSecret() +} + +// Token implements structs.RPCInfo +func (msg *ExampleQueryOptions) Token() string { + if msg.QueryOptions == nil { + return "" + } + return msg.QueryOptions.Token +} + +// GetToken is required to implement blockingQueryOptions +func (msg *ExampleQueryOptions) GetToken() string { + if msg == nil || msg.QueryOptions == nil { + return "" + } + + return msg.QueryOptions.GetToken() +} + +// GetMinQueryIndex is required to implement blockingQueryOptions +func (msg *ExampleQueryOptions) GetMinQueryIndex() uint64 { + if msg == nil || msg.QueryOptions == nil { + return 0 + } + + return msg.QueryOptions.GetMinQueryIndex() +} + +// GetMaxQueryTime is required to implement blockingQueryOptions +func (msg *ExampleQueryOptions) GetMaxQueryTime() (time.Duration, error) { + if msg == nil || msg.QueryOptions == nil { + return 0, nil + } + + return structs.DurationFromProto(msg.QueryOptions.GetMaxQueryTime()), nil +} + +// GetRequireConsistent is required to implement blockingQueryOptions +func (msg *ExampleQueryOptions) GetRequireConsistent() bool { + if msg == nil || msg.QueryOptions == nil { + return false + } + return msg.QueryOptions.RequireConsistent +} + +// SetLastContact is required to implement blockingQueryResponseMeta +func (msg *ExampleQueryMeta) SetLastContact(d time.Duration) { + if msg == nil || msg.QueryMeta == nil { + return + } + msg.QueryMeta.SetLastContact(d) +} + +// SetKnownLeader is required to implement blockingQueryResponseMeta +func (msg *ExampleQueryMeta) SetKnownLeader(b bool) { + if msg == nil || msg.QueryMeta == nil { + return + } + msg.QueryMeta.SetKnownLeader(b) +} + +// GetIndex is required to implement blockingQueryResponseMeta +func (msg *ExampleQueryMeta) GetIndex() uint64 { + if msg == nil || msg.QueryMeta == nil { + return 0 + } + return msg.QueryMeta.GetIndex() +} + +// SetIndex is required to implement blockingQueryResponseMeta +func (msg *ExampleQueryMeta) SetIndex(i uint64) { + if msg == nil || msg.QueryMeta == nil { + return + } + msg.QueryMeta.SetIndex(i) +} + +// SetResultsFilteredByACLs is required to implement blockingQueryResponseMeta +func (msg *ExampleQueryMeta) SetResultsFilteredByACLs(b bool) { + if msg == nil || msg.QueryMeta == nil { + return + } + msg.QueryMeta.SetResultsFilteredByACLs(b) +} + +// AllowStaleRead implements structs.RPCInfo func (msg *AltExampleWriteRequest) AllowStaleRead() bool { return false } +// HasTimedOut implements structs.RPCInfo func (msg *AltExampleWriteRequest) HasTimedOut(start time.Time, rpcHoldTimeout time.Duration, a time.Duration, b time.Duration) (bool, error) { if msg == nil || msg.AltWriteRequest == nil { return false, nil @@ -100,14 +247,18 @@ func (msg *AltExampleWriteRequest) HasTimedOut(start time.Time, rpcHoldTimeout t return msg.AltWriteRequest.HasTimedOut(start, rpcHoldTimeout, a, b) } +// IsRead implements structs.RPCInfo func (msg *AltExampleWriteRequest) IsRead() bool { return false } +// SetTokenSecret implements structs.RPCInfo func (msg *AltExampleWriteRequest) SetTokenSecret(s string) { + // TODO: initialize if nil msg.AltWriteRequest.SetTokenSecret(s) } +// TokenSecret implements structs.RPCInfo func (msg *AltExampleWriteRequest) TokenSecret() string { if msg == nil || msg.AltWriteRequest == nil { return "" @@ -115,6 +266,7 @@ func (msg *AltExampleWriteRequest) TokenSecret() string { return msg.AltWriteRequest.TokenSecret() } +// Token implements structs.RPCInfo func (msg *AltExampleWriteRequest) Token() string { if msg.AltWriteRequest == nil { return "" @@ -122,14 +274,18 @@ func (msg *AltExampleWriteRequest) Token() string { return msg.AltWriteRequest.Token } +// IsRead implements structs.RPCInfo func (msg *AltExampleReadRequest) IsRead() bool { return true } +// AllowStaleRead implements structs.RPCInfo func (msg *AltExampleReadRequest) AllowStaleRead() bool { + // TODO: initialize if nil return msg.AltReadRequest.AllowStaleRead() } +// HasTimedOut implements structs.RPCInfo func (msg *AltExampleReadRequest) HasTimedOut(start time.Time, rpcHoldTimeout time.Duration, a time.Duration, b time.Duration) (bool, error) { if msg == nil || msg.AltReadRequest == nil { return false, nil @@ -137,10 +293,13 @@ func (msg *AltExampleReadRequest) HasTimedOut(start time.Time, rpcHoldTimeout ti return msg.AltReadRequest.HasTimedOut(start, rpcHoldTimeout, a, b) } +// SetTokenSecret implements structs.RPCInfo func (msg *AltExampleReadRequest) SetTokenSecret(s string) { + // TODO: initialize if nil msg.AltReadRequest.SetTokenSecret(s) } +// TokenSecret implements structs.RPCInfo func (msg *AltExampleReadRequest) TokenSecret() string { if msg == nil || msg.AltReadRequest == nil { return "" @@ -148,9 +307,125 @@ func (msg *AltExampleReadRequest) TokenSecret() string { return msg.AltReadRequest.TokenSecret() } +// Token implements structs.RPCInfo func (msg *AltExampleReadRequest) Token() string { if msg.AltReadRequest == nil { return "" } return msg.AltReadRequest.Token } + +// IsRead implements structs.RPCInfo +func (msg *AltExampleQueryOptions) IsRead() bool { + return true +} + +// AllowStaleRead implements structs.RPCInfo +func (msg *AltExampleQueryOptions) AllowStaleRead() bool { + return msg.AltQueryOptions.AllowStaleRead() +} + +// HasTimedOut implements structs.RPCInfo +func (msg *AltExampleQueryOptions) HasTimedOut(start time.Time, rpcHoldTimeout time.Duration, a time.Duration, b time.Duration) (bool, error) { + if msg == nil || msg.AltQueryOptions == nil { + return false, nil + } + return msg.AltQueryOptions.HasTimedOut(start, rpcHoldTimeout, a, b) +} + +// SetTokenSecret implements structs.RPCInfo +func (msg *AltExampleQueryOptions) SetTokenSecret(s string) { + // TODO: initialize if nil + msg.AltQueryOptions.SetTokenSecret(s) +} + +// TokenSecret implements structs.RPCInfo +func (msg *AltExampleQueryOptions) TokenSecret() string { + if msg == nil || msg.AltQueryOptions == nil { + return "" + } + return msg.AltQueryOptions.TokenSecret() +} + +// Token implements structs.RPCInfo +func (msg *AltExampleQueryOptions) Token() string { + if msg.AltQueryOptions == nil { + return "" + } + return msg.AltQueryOptions.Token +} + +// GetToken is required to implement blockingQueryOptions +func (msg *AltExampleQueryOptions) GetToken() string { + if msg == nil || msg.AltQueryOptions == nil { + return "" + } + + return msg.AltQueryOptions.GetToken() +} + +// GetMinQueryIndex is required to implement blockingQueryOptions +func (msg *AltExampleQueryOptions) GetMinQueryIndex() uint64 { + if msg == nil || msg.AltQueryOptions == nil { + return 0 + } + + return msg.AltQueryOptions.GetMinQueryIndex() +} + +// GetMaxQueryTime is required to implement blockingQueryOptions +func (msg *AltExampleQueryOptions) GetMaxQueryTime() (time.Duration, error) { + if msg == nil || msg.AltQueryOptions == nil { + return 0, nil + } + + return structs.DurationFromProto(msg.AltQueryOptions.GetMaxQueryTime()), nil +} + +// GetRequireConsistent is required to implement blockingQueryOptions +func (msg *AltExampleQueryOptions) GetRequireConsistent() bool { + if msg == nil || msg.AltQueryOptions == nil { + return false + } + return msg.AltQueryOptions.RequireConsistent +} + +// SetLastContact is required to implement blockingQueryResponseMeta +func (msg *AltExampleQueryMeta) SetLastContact(d time.Duration) { + if msg == nil || msg.AltQueryMeta == nil { + return + } + msg.AltQueryMeta.SetLastContact(d) +} + +// SetKnownLeader is required to implement blockingQueryResponseMeta +func (msg *AltExampleQueryMeta) SetKnownLeader(b bool) { + if msg == nil || msg.AltQueryMeta == nil { + return + } + msg.AltQueryMeta.SetKnownLeader(b) +} + +// GetIndex is required to implement blockingQueryResponseMeta +func (msg *AltExampleQueryMeta) GetIndex() uint64 { + if msg == nil || msg.AltQueryMeta == nil { + return 0 + } + return msg.AltQueryMeta.GetIndex() +} + +// SetIndex is required to implement blockingQueryResponseMeta +func (msg *AltExampleQueryMeta) SetIndex(i uint64) { + if msg == nil || msg.AltQueryMeta == nil { + return + } + msg.AltQueryMeta.SetIndex(i) +} + +// SetResultsFilteredByACLs is required to implement blockingQueryResponseMeta +func (msg *AltExampleQueryMeta) SetResultsFilteredByACLs(b bool) { + if msg == nil || msg.AltQueryMeta == nil { + return + } + msg.AltQueryMeta.SetResultsFilteredByACLs(b) +} diff --git a/internal/tools/proto-gen-rpc-glue/main.go b/internal/tools/proto-gen-rpc-glue/main.go index dd4956912..0618b35b2 100644 --- a/internal/tools/proto-gen-rpc-glue/main.go +++ b/internal/tools/proto-gen-rpc-glue/main.go @@ -96,6 +96,12 @@ func processFile(path string) error { if ann.TargetDatacenter != "" { log.Printf(" TargetDatacenter from %s", ann.TargetDatacenter) } + if ann.QueryOptions != "" { + log.Printf(" QueryOptions from %s", ann.QueryOptions) + } + if ann.QueryMeta != "" { + log.Printf(" QueryMeta from %s", ann.QueryMeta) + } } } @@ -114,91 +120,29 @@ func processFile(path string) error { buf.WriteString(` import ( "time" + + "github.com/hashicorp/consul/agent/structs" ) +// Reference imports to suppress errors if they are not otherwise used. +var _ structs.RPCInfo + `) for _, typ := range v.Types { if typ.Annotation.WriteRequest != "" { - buf.WriteString(fmt.Sprintf(` -func (msg *%[1]s) AllowStaleRead() bool { - return false -} - -func (msg *%[1]s) HasTimedOut(start time.Time, rpcHoldTimeout time.Duration, a time.Duration, b time.Duration) (bool, error) { - if msg == nil || msg.%[2]s == nil { - return false, nil - } - return msg.%[2]s.HasTimedOut(start, rpcHoldTimeout, a, b) -} - -func (msg *%[1]s) IsRead() bool { - return false -} - -func (msg *%[1]s) SetTokenSecret(s string) { - msg.%[2]s.SetTokenSecret(s) -} - -func (msg *%[1]s) TokenSecret() string { - if msg == nil || msg.%[2]s == nil { - return "" - } - return msg.%[2]s.TokenSecret() -} - -func (msg *%[1]s) Token() string { - if msg.%[2]s == nil { - return "" - } - return msg.%[2]s.Token -} -`, typ.Name, typ.Annotation.WriteRequest)) + buf.WriteString(fmt.Sprintf(tmplWriteRequest, typ.Name, typ.Annotation.WriteRequest)) } if typ.Annotation.ReadRequest != "" { - buf.WriteString(fmt.Sprintf(` -func (msg *%[1]s) IsRead() bool { - return true -} - -func (msg *%[1]s) AllowStaleRead() bool { - return msg.%[2]s.AllowStaleRead() -} - -func (msg *%[1]s) HasTimedOut(start time.Time, rpcHoldTimeout time.Duration, a time.Duration, b time.Duration) (bool, error) { - if msg == nil || msg.%[2]s == nil { - return false, nil - } - return msg.%[2]s.HasTimedOut(start, rpcHoldTimeout, a, b) -} - -func (msg *%[1]s) SetTokenSecret(s string) { - msg.%[2]s.SetTokenSecret(s) -} - -func (msg *%[1]s) TokenSecret() string { - if msg == nil || msg.%[2]s == nil { - return "" - } - return msg.%[2]s.TokenSecret() -} - -func (msg *%[1]s) Token() string { - if msg.%[2]s == nil { - return "" - } - return msg.%[2]s.Token -} -`, typ.Name, typ.Annotation.ReadRequest)) + buf.WriteString(fmt.Sprintf(tmplReadRequest, typ.Name, typ.Annotation.ReadRequest)) } if typ.Annotation.TargetDatacenter != "" { - buf.WriteString(fmt.Sprintf(` -func (msg *%[1]s) RequestDatacenter() string { - if msg == nil || msg.%[2]s == nil { - return "" - } - return msg.%[2]s.GetDatacenter() -} -`, typ.Name, typ.Annotation.TargetDatacenter)) + buf.WriteString(fmt.Sprintf(tmplTargetDatacenter, typ.Name, typ.Annotation.TargetDatacenter)) + } + if typ.Annotation.QueryOptions != "" { + buf.WriteString(fmt.Sprintf(tmplQueryOptions, typ.Name, typ.Annotation.QueryOptions)) + } + if typ.Annotation.QueryMeta != "" { + buf.WriteString(fmt.Sprintf(tmplQueryMeta, typ.Name, typ.Annotation.QueryMeta)) } } @@ -296,6 +240,8 @@ func (v *visitor) Visit(node ast.Node) ast.Visitor { } type Annotation struct { + QueryMeta string + QueryOptions string ReadRequest string WriteRequest string TargetDatacenter string @@ -332,6 +278,16 @@ func getAnnotation(doc []*ast.Comment) (Annotation, error) { case strings.HasPrefix(part, "TargetDatacenter="): ann.TargetDatacenter = strings.TrimPrefix(part, "TargetDatacenter=") + case part == "QueryOptions": + ann.QueryOptions = "QueryOptions" + case strings.HasPrefix(part, "QueryOptions="): + ann.QueryOptions = strings.TrimPrefix(part, "QueryOptions=") + + case part == "QueryMeta": + ann.QueryMeta = "QueryMeta" + case strings.HasPrefix(part, "QueryMeta="): + ann.QueryMeta = strings.TrimPrefix(part, "QueryMeta=") + default: return Annotation{}, fmt.Errorf("unexpected annotation part: %s", part) } @@ -373,3 +329,213 @@ func getRawBuildTags(file *ast.File) []string { return out } + +const tmplWriteRequest = ` +// AllowStaleRead implements structs.RPCInfo +func (msg *%[1]s) AllowStaleRead() bool { + return false +} + +// HasTimedOut implements structs.RPCInfo +func (msg *%[1]s) HasTimedOut(start time.Time, rpcHoldTimeout time.Duration, a time.Duration, b time.Duration) (bool, error) { + if msg == nil || msg.%[2]s == nil { + return false, nil + } + return msg.%[2]s.HasTimedOut(start, rpcHoldTimeout, a, b) +} + +// IsRead implements structs.RPCInfo +func (msg *%[1]s) IsRead() bool { + return false +} + +// SetTokenSecret implements structs.RPCInfo +func (msg *%[1]s) SetTokenSecret(s string) { + // TODO: initialize if nil + msg.%[2]s.SetTokenSecret(s) +} + +// TokenSecret implements structs.RPCInfo +func (msg *%[1]s) TokenSecret() string { + if msg == nil || msg.%[2]s == nil { + return "" + } + return msg.%[2]s.TokenSecret() +} + +// Token implements structs.RPCInfo +func (msg *%[1]s) Token() string { + if msg.%[2]s == nil { + return "" + } + return msg.%[2]s.Token +} +` + +const tmplReadRequest = ` +// IsRead implements structs.RPCInfo +func (msg *%[1]s) IsRead() bool { + return true +} + +// AllowStaleRead implements structs.RPCInfo +func (msg *%[1]s) AllowStaleRead() bool { + // TODO: initialize if nil + return msg.%[2]s.AllowStaleRead() +} + +// HasTimedOut implements structs.RPCInfo +func (msg *%[1]s) HasTimedOut(start time.Time, rpcHoldTimeout time.Duration, a time.Duration, b time.Duration) (bool, error) { + if msg == nil || msg.%[2]s == nil { + return false, nil + } + return msg.%[2]s.HasTimedOut(start, rpcHoldTimeout, a, b) +} + +// SetTokenSecret implements structs.RPCInfo +func (msg *%[1]s) SetTokenSecret(s string) { + // TODO: initialize if nil + msg.%[2]s.SetTokenSecret(s) +} + +// TokenSecret implements structs.RPCInfo +func (msg *%[1]s) TokenSecret() string { + if msg == nil || msg.%[2]s == nil { + return "" + } + return msg.%[2]s.TokenSecret() +} + +// Token implements structs.RPCInfo +func (msg *%[1]s) Token() string { + if msg.%[2]s == nil { + return "" + } + return msg.%[2]s.Token +} +` + +const tmplTargetDatacenter = ` +// RequestDatacenter implements structs.RPCInfo +func (msg *%[1]s) RequestDatacenter() string { + if msg == nil || msg.%[2]s == nil { + return "" + } + return msg.%[2]s.GetDatacenter() +} +` + +const tmplQueryOptions = ` +// IsRead implements structs.RPCInfo +func (msg *%[1]s) IsRead() bool { + return true +} + +// AllowStaleRead implements structs.RPCInfo +func (msg *%[1]s) AllowStaleRead() bool { + return msg.%[2]s.AllowStaleRead() +} + +// HasTimedOut implements structs.RPCInfo +func (msg *%[1]s) HasTimedOut(start time.Time, rpcHoldTimeout time.Duration, a time.Duration, b time.Duration) (bool, error) { + if msg == nil || msg.%[2]s == nil { + return false, nil + } + return msg.%[2]s.HasTimedOut(start, rpcHoldTimeout, a, b) +} +// SetTokenSecret implements structs.RPCInfo +func (msg *%[1]s) SetTokenSecret(s string) { + // TODO: initialize if nil + msg.%[2]s.SetTokenSecret(s) +} + +// TokenSecret implements structs.RPCInfo +func (msg *%[1]s) TokenSecret() string { + if msg == nil || msg.%[2]s == nil { + return "" + } + return msg.%[2]s.TokenSecret() +} + +// Token implements structs.RPCInfo +func (msg *%[1]s) Token() string { + if msg.%[2]s == nil { + return "" + } + return msg.%[2]s.Token +} +// GetToken is required to implement blockingQueryOptions +func (msg *%[1]s) GetToken() string { + if msg == nil || msg.%[2]s == nil { + return "" + } + + return msg.%[2]s.GetToken() +} +// GetMinQueryIndex is required to implement blockingQueryOptions +func (msg *%[1]s) GetMinQueryIndex() uint64 { + if msg == nil || msg.%[2]s == nil { + return 0 + } + + return msg.%[2]s.GetMinQueryIndex() +} +// GetMaxQueryTime is required to implement blockingQueryOptions +func (msg *%[1]s) GetMaxQueryTime() (time.Duration, error) { + if msg == nil || msg.%[2]s == nil { + return 0, nil + } + + return structs.DurationFromProto(msg.%[2]s.GetMaxQueryTime()), nil +} + +// GetRequireConsistent is required to implement blockingQueryOptions +func (msg *%[1]s) GetRequireConsistent() bool { + if msg == nil || msg.%[2]s == nil { + return false + } + return msg.%[2]s.RequireConsistent +} +` + +const tmplQueryMeta = ` +// SetLastContact is required to implement blockingQueryResponseMeta +func (msg *%[1]s) SetLastContact(d time.Duration) { + if msg == nil || msg.%[2]s == nil { + return + } + msg.%[2]s.SetLastContact(d) +} + +// SetKnownLeader is required to implement blockingQueryResponseMeta +func (msg *%[1]s) SetKnownLeader(b bool) { + if msg == nil || msg.%[2]s == nil { + return + } + msg.%[2]s.SetKnownLeader(b) +} + +// GetIndex is required to implement blockingQueryResponseMeta +func (msg *%[1]s) GetIndex() uint64 { + if msg == nil || msg.%[2]s == nil { + return 0 + } + return msg.%[2]s.GetIndex() +} + +// SetIndex is required to implement blockingQueryResponseMeta +func (msg *%[1]s) SetIndex(i uint64) { + if msg == nil || msg.%[2]s == nil { + return + } + msg.%[2]s.SetIndex(i) +} + +// SetResultsFilteredByACLs is required to implement blockingQueryResponseMeta +func (msg *%[1]s) SetResultsFilteredByACLs(b bool) { + if msg == nil || msg.%[2]s == nil { + return + } + msg.%[2]s.SetResultsFilteredByACLs(b) +} +` From 8fd73ede3ec92b5cc3add5fb19f616991309c6bc Mon Sep 17 00:00:00 2001 From: Eric Date: Mon, 28 Mar 2022 13:56:44 -0400 Subject: [PATCH 030/785] remove gogo from acl protobufs --- agent/consul/state/acl.go | 10 +++---- agent/consul/state/acl_test.go | 8 ++--- agent/http.go | 36 ++++++++++++++++++++--- agent/structs/protobuf_compat.go | 28 ------------------ agent/structs/structs.go | 18 ------------ api/namespace.go | 46 +++++++++++++++++++++++++++++ proto/pbacl/acl.go | 19 ++++++++++++ proto/pbacl/acl.pb.go | 50 +++++++++++++++++++++++--------- proto/pbacl/acl.proto | 19 ++---------- proto/pbcommon/common.go | 29 ++++++++++++++++++ proto/prototest/testing.go | 14 +++++++++ 11 files changed, 188 insertions(+), 89 deletions(-) create mode 100644 proto/pbacl/acl.go create mode 100644 proto/prototest/testing.go diff --git a/agent/consul/state/acl.go b/agent/consul/state/acl.go index 9b84c6c16..877037fe2 100644 --- a/agent/consul/state/acl.go +++ b/agent/consul/state/acl.go @@ -126,7 +126,7 @@ func (s *Store) CanBootstrapACLToken() (bool, uint64, error) { // to update the name. Unlike the older functions to operate specifically on role or policy links // this function does not itself handle the case where the id cannot be found. Instead the // getName function should handle that and return an error if necessary -func resolveACLLinks(tx ReadTxn, links []pbacl.ACLLink, getName func(ReadTxn, string) (string, error)) (int, error) { +func resolveACLLinks(tx ReadTxn, links []*pbacl.ACLLink, getName func(ReadTxn, string) (string, error)) (int, error) { var numValid int for linkIndex, link := range links { if link.ID != "" { @@ -152,12 +152,12 @@ func resolveACLLinks(tx ReadTxn, links []pbacl.ACLLink, getName func(ReadTxn, st // associated with the ID of the link. Ideally this will be a no-op if the names are already correct // however if a linked resource was renamed it might be stale. This function will treat the incoming // links with copy-on-write semantics and its output will indicate whether any modifications were made. -func fixupACLLinks(tx ReadTxn, original []pbacl.ACLLink, getName func(ReadTxn, string) (string, error)) ([]pbacl.ACLLink, bool, error) { +func fixupACLLinks(tx ReadTxn, original []*pbacl.ACLLink, getName func(ReadTxn, string) (string, error)) ([]*pbacl.ACLLink, bool, error) { owned := false links := original - cloneLinks := func(l []pbacl.ACLLink, copyNumLinks int) []pbacl.ACLLink { - clone := make([]pbacl.ACLLink, copyNumLinks) + cloneLinks := func(l []*pbacl.ACLLink, copyNumLinks int) []*pbacl.ACLLink { + clone := make([]*pbacl.ACLLink, copyNumLinks) copy(clone, l[:copyNumLinks]) return clone } @@ -183,7 +183,7 @@ func fixupACLLinks(tx ReadTxn, original []pbacl.ACLLink, getName func(ReadTxn, s } // append the corrected link - links = append(links, pbacl.ACLLink{ID: link.ID, Name: name}) + links = append(links, &pbacl.ACLLink{ID: link.ID, Name: name}) } else if owned { links = append(links, link) } diff --git a/agent/consul/state/acl_test.go b/agent/consul/state/acl_test.go index c86527cd1..358b1dea8 100644 --- a/agent/consul/state/acl_test.go +++ b/agent/consul/state/acl_test.go @@ -4110,7 +4110,7 @@ func TestStateStore_resolveACLLinks(t *testing.T) { tx := s.db.Txn(false) defer tx.Abort() - links := []pbacl.ACLLink{ + links := []*pbacl.ACLLink{ { Name: "foo", }, @@ -4133,7 +4133,7 @@ func TestStateStore_resolveACLLinks(t *testing.T) { tx := s.db.Txn(false) defer tx.Abort() - links := []pbacl.ACLLink{ + links := []*pbacl.ACLLink{ { ID: "b985e082-25d3-45a9-9dd8-fd1a41b83b0d", }, @@ -4166,7 +4166,7 @@ func TestStateStore_resolveACLLinks(t *testing.T) { tx := s.db.Txn(false) defer tx.Abort() - links := []pbacl.ACLLink{ + links := []*pbacl.ACLLink{ { ID: "b985e082-25d3-45a9-9dd8-fd1a41b83b0d", }, @@ -4186,7 +4186,7 @@ func TestStateStore_resolveACLLinks(t *testing.T) { func TestStateStore_fixupACLLinks(t *testing.T) { t.Parallel() - links := []pbacl.ACLLink{ + links := []*pbacl.ACLLink{ { ID: "40b57f86-97ea-40e4-a99a-c399cc81f4dd", Name: "foo", diff --git a/agent/http.go b/agent/http.go index e039c2c7c..ba0067b62 100644 --- a/agent/http.go +++ b/agent/http.go @@ -843,7 +843,7 @@ func serveHandlerWithHeaders(h http.Handler, headers map[string]string) http.Han // parseWait is used to parse the ?wait and ?index query params // Returns true on error -func parseWait(resp http.ResponseWriter, req *http.Request, b structs.QueryOptionsCompat) bool { +func parseWait(resp http.ResponseWriter, req *http.Request, b QueryOptionsCompat) bool { query := req.URL.Query() if wait := query.Get("wait"); wait != "" { dur, err := time.ParseDuration(wait) @@ -868,7 +868,7 @@ func parseWait(resp http.ResponseWriter, req *http.Request, b structs.QueryOptio // parseCacheControl parses the CacheControl HTTP header value. So far we only // support maxage directive. -func parseCacheControl(resp http.ResponseWriter, req *http.Request, b structs.QueryOptionsCompat) bool { +func parseCacheControl(resp http.ResponseWriter, req *http.Request, b QueryOptionsCompat) bool { raw := strings.ToLower(req.Header.Get("Cache-Control")) if raw == "" { @@ -926,7 +926,7 @@ func parseCacheControl(resp http.ResponseWriter, req *http.Request, b structs.Qu // parseConsistency is used to parse the ?stale and ?consistent query params. // Returns true on error -func (s *HTTPHandlers) parseConsistency(resp http.ResponseWriter, req *http.Request, b structs.QueryOptionsCompat) bool { +func (s *HTTPHandlers) parseConsistency(resp http.ResponseWriter, req *http.Request, b QueryOptionsCompat) bool { query := req.URL.Query() defaults := true if _, ok := query["stale"]; ok { @@ -1130,7 +1130,7 @@ func parseMetaPair(raw string) (string, string) { // parse is a convenience method for endpoints that need to use both parseWait // and parseDC. -func (s *HTTPHandlers) parse(resp http.ResponseWriter, req *http.Request, dc *string, b structs.QueryOptionsCompat) bool { +func (s *HTTPHandlers) parse(resp http.ResponseWriter, req *http.Request, dc *string, b QueryOptionsCompat) bool { s.parseDC(req, dc) var token string s.parseTokenWithDefault(req, &token) @@ -1190,3 +1190,31 @@ func getPathSuffixUnescaped(path string, prefixToTrim string) (string, error) { return suffixUnescaped, nil } + +func setMetaProtobuf(resp http.ResponseWriter, queryMeta *pbcommon.QueryMeta) { + qm := new(structs.QueryMeta) + pbcommon.QueryMetaToStructs(queryMeta, qm) + setMeta(resp, qm) +} + +type QueryOptionsCompat interface { + GetAllowStale() bool + SetAllowStale(bool) + + GetRequireConsistent() bool + SetRequireConsistent(bool) + + GetUseCache() bool + SetUseCache(bool) + + SetFilter(string) + SetToken(string) + + SetMustRevalidate(bool) + SetMaxAge(time.Duration) + SetMaxStaleDuration(time.Duration) + SetStaleIfError(time.Duration) + + SetMaxQueryTime(time.Duration) + SetMinQueryIndex(uint64) +} diff --git a/agent/structs/protobuf_compat.go b/agent/structs/protobuf_compat.go index 143bd97e3..860d971c3 100644 --- a/agent/structs/protobuf_compat.go +++ b/agent/structs/protobuf_compat.go @@ -4,34 +4,6 @@ import ( "time" ) -// QueryOptionsCompat is the interface that both the structs.QueryOptions -// and the proto/pbcommongogo.QueryOptions structs need to implement so that they -// can be operated on interchangeably -type QueryOptionsCompat interface { - GetToken() string - SetToken(string) - GetMinQueryIndex() uint64 - SetMinQueryIndex(uint64) - GetMaxQueryTime() (time.Duration, error) - SetMaxQueryTime(time.Duration) - GetAllowStale() bool - SetAllowStale(bool) - GetRequireConsistent() bool - SetRequireConsistent(bool) - GetUseCache() bool - SetUseCache(bool) - GetMaxStaleDuration() (time.Duration, error) - SetMaxStaleDuration(time.Duration) - GetMaxAge() (time.Duration, error) - SetMaxAge(time.Duration) - GetMustRevalidate() bool - SetMustRevalidate(bool) - GetStaleIfError() (time.Duration, error) - SetStaleIfError(time.Duration) - GetFilter() string - SetFilter(string) -} - // GetToken helps implement the QueryOptionsCompat interface // Copied from proto/pbcommongogo/common.pb.go func (m *QueryOptions) GetToken() string { diff --git a/agent/structs/structs.go b/agent/structs/structs.go index ca4a7c849..96af7c471 100644 --- a/agent/structs/structs.go +++ b/agent/structs/structs.go @@ -2575,10 +2575,6 @@ type ProtoMarshaller interface { } func EncodeProtoInterface(t MessageType, message interface{}) ([]byte, error) { - if marshaller, ok := message.(ProtoMarshaller); ok { - return EncodeProtoGogo(t, marshaller) - } - if marshaller, ok := message.(proto.Message); ok { return EncodeProto(t, marshaller) } @@ -2586,15 +2582,6 @@ func EncodeProtoInterface(t MessageType, message interface{}) ([]byte, error) { return nil, fmt.Errorf("message does not implement the ProtoMarshaller interface: %T", message) } -func EncodeProtoGogo(t MessageType, message ProtoMarshaller) ([]byte, error) { - data := make([]byte, message.Size()+1) - data[0] = uint8(t) - if _, err := message.MarshalTo(data[1:]); err != nil { - return nil, err - } - return data, nil -} - func EncodeProto(t MessageType, pb proto.Message) ([]byte, error) { data := make([]byte, proto.Size(pb)+1) data[0] = uint8(t) @@ -2612,11 +2599,6 @@ func DecodeProto(buf []byte, pb proto.Message) error { return proto.Unmarshal(buf, pb) } -func DecodeProtoGogo(buf []byte, out ProtoMarshaller) error { - // Note that this assumes the leading byte indicating the type as already been stripped off. - return out.Unmarshal(buf) -} - // CompoundResponse is an interface for gathering multiple responses. It is // used in cross-datacenter RPC calls where more than 1 datacenter is // expected to reply. diff --git a/api/namespace.go b/api/namespace.go index bfc5aff17..65cc6f3f3 100644 --- a/api/namespace.go +++ b/api/namespace.go @@ -1,6 +1,7 @@ package api import ( + "encoding/json" "fmt" "time" ) @@ -38,6 +39,25 @@ type Namespace struct { ModifyIndex uint64 `json:"ModifyIndex,omitempty"` } +func (n *Namespace) UnmarshalJSON(data []byte) error { + type Alias Namespace + aux := struct { + DeletedAtSnake *time.Time `json:"deleted_at"` + *Alias + }{ + Alias: (*Alias)(n), + } + if err := json.Unmarshal(data, &aux); err != nil { + return err + } + + if n.DeletedAt == nil && aux.DeletedAtSnake != nil { + n.DeletedAt = aux.DeletedAtSnake + } + + return nil +} + // NamespaceACLConfig is the Namespace specific ACL configuration container type NamespaceACLConfig struct { // PolicyDefaults is the list of policies that should be used for the parent authorizer @@ -48,6 +68,32 @@ type NamespaceACLConfig struct { RoleDefaults []ACLLink `json:"RoleDefaults" alias:"role_defaults"` } +func (n *NamespaceACLConfig) UnmarshalJSON(data []byte) error { + type Alias NamespaceACLConfig + aux := struct { + PolicyDefaultsSnake []ACLLink `json:"policy_defaults"` + RoleDefaultsSnake []ACLLink `json:"role_defaults"` + *Alias + }{ + Alias: (*Alias)(n), + } + if err := json.Unmarshal(data, &aux); err != nil { + return err + } + + if n.PolicyDefaults == nil { + for _, pd := range aux.PolicyDefaultsSnake { + n.PolicyDefaults = append(n.PolicyDefaults, pd) + } + } + if n.RoleDefaults == nil { + for _, pd := range aux.RoleDefaultsSnake { + n.RoleDefaults = append(n.RoleDefaults, pd) + } + } + return nil +} + // Namespaces can be used to manage Namespaces in Consul Enterprise.. type Namespaces struct { c *Client diff --git a/proto/pbacl/acl.go b/proto/pbacl/acl.go new file mode 100644 index 000000000..ec64d5929 --- /dev/null +++ b/proto/pbacl/acl.go @@ -0,0 +1,19 @@ +package pbacl + +import ( + "github.com/hashicorp/consul/api" +) + +func (a *ACLLink) ToAPI() api.ACLLink { + return api.ACLLink{ + ID: a.ID, + Name: a.Name, + } +} + +func ACLLinkFromAPI(a api.ACLLink) *ACLLink { + return &ACLLink{ + ID: a.ID, + Name: a.Name, + } +} diff --git a/proto/pbacl/acl.pb.go b/proto/pbacl/acl.pb.go index 6c52c8615..d91f00ed5 100644 --- a/proto/pbacl/acl.pb.go +++ b/proto/pbacl/acl.pb.go @@ -5,7 +5,6 @@ package pbacl import ( fmt "fmt" - _ "github.com/gogo/protobuf/gogoproto" proto "github.com/golang/protobuf/proto" io "io" math "math" @@ -24,8 +23,12 @@ var _ = math.Inf const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package type ACLLink struct { - ID string `protobuf:"bytes,1,opt,name=ID,proto3" json:"ID,omitempty"` - Name string `protobuf:"bytes,2,opt,name=Name,proto3" json:"Name,omitempty" hash:"ignore"` + ID string `protobuf:"bytes,1,opt,name=ID,proto3" json:"ID,omitempty"` + // @gotags: hash:ignore-" + Name string `protobuf:"bytes,2,opt,name=Name,proto3" json:"Name,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *ACLLink) Reset() { *m = ACLLink{} } @@ -61,6 +64,20 @@ func (m *ACLLink) XXX_DiscardUnknown() { var xxx_messageInfo_ACLLink proto.InternalMessageInfo +func (m *ACLLink) GetID() string { + if m != nil { + return m.ID + } + return "" +} + +func (m *ACLLink) GetName() string { + if m != nil { + return m.Name + } + return "" +} + func init() { proto.RegisterType((*ACLLink)(nil), "acl.ACLLink") } @@ -68,19 +85,16 @@ func init() { func init() { proto.RegisterFile("proto/pbacl/acl.proto", fileDescriptor_ad2d2c73a6a0d8b5) } var fileDescriptor_ad2d2c73a6a0d8b5 = []byte{ - // 193 bytes of a gzipped FileDescriptorProto + // 145 bytes of a gzipped FileDescriptorProto 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x12, 0x2d, 0x28, 0xca, 0x2f, 0xc9, 0xd7, 0x2f, 0x48, 0x4a, 0x4c, 0xce, 0xd1, 0x4f, 0x4c, 0xce, 0xd1, 0x03, 0xf3, 0x85, 0x98, - 0x13, 0x93, 0x73, 0xa4, 0x44, 0xd2, 0xf3, 0xd3, 0xf3, 0x21, 0xf2, 0x20, 0x16, 0x44, 0x4a, 0xc9, - 0x81, 0x8b, 0xdd, 0xd1, 0xd9, 0xc7, 0x27, 0x33, 0x2f, 0x5b, 0x88, 0x8f, 0x8b, 0xc9, 0xd3, 0x45, - 0x82, 0x51, 0x81, 0x51, 0x83, 0x33, 0x88, 0xc9, 0xd3, 0x45, 0x48, 0x95, 0x8b, 0xc5, 0x2f, 0x31, - 0x37, 0x55, 0x82, 0x09, 0x24, 0xe2, 0x24, 0xf8, 0xe9, 0x9e, 0x3c, 0x6f, 0x46, 0x62, 0x71, 0x86, - 0x95, 0x52, 0x66, 0x7a, 0x5e, 0x7e, 0x51, 0xaa, 0x52, 0x10, 0x58, 0xda, 0xc9, 0xf3, 0xc4, 0x43, - 0x39, 0x86, 0x13, 0x8f, 0xe4, 0x18, 0x2f, 0x3c, 0x92, 0x63, 0x7c, 0xf0, 0x48, 0x8e, 0x71, 0xc2, - 0x63, 0x39, 0x86, 0x19, 0x8f, 0xe5, 0x18, 0x2e, 0x3c, 0x96, 0x63, 0xb8, 0xf1, 0x58, 0x8e, 0x21, - 0x4a, 0x3d, 0x3d, 0xb3, 0x24, 0xa3, 0x34, 0x49, 0x2f, 0x39, 0x3f, 0x57, 0x1f, 0x64, 0x42, 0x66, - 0x72, 0x7e, 0x51, 0x81, 0x7e, 0x72, 0x7e, 0x5e, 0x71, 0x69, 0x8e, 0x3e, 0x92, 0x8b, 0x93, 0xd8, - 0xc0, 0x1c, 0x63, 0x40, 0x00, 0x00, 0x00, 0xff, 0xff, 0x29, 0x0f, 0xd4, 0xf1, 0xc7, 0x00, 0x00, + 0x13, 0x93, 0x73, 0x94, 0x74, 0xb9, 0xd8, 0x1d, 0x9d, 0x7d, 0x7c, 0x32, 0xf3, 0xb2, 0x85, 0xf8, + 0xb8, 0x98, 0x3c, 0x5d, 0x24, 0x18, 0x15, 0x18, 0x35, 0x38, 0x83, 0x98, 0x3c, 0x5d, 0x84, 0x84, + 0xb8, 0x58, 0xfc, 0x12, 0x73, 0x53, 0x25, 0x98, 0xc0, 0x22, 0x60, 0xb6, 0x93, 0xe5, 0x89, 0x47, + 0x72, 0x8c, 0x17, 0x1e, 0xc9, 0x31, 0x3e, 0x78, 0x24, 0xc7, 0x38, 0xe3, 0xb1, 0x1c, 0x43, 0x94, + 0x7a, 0x7a, 0x66, 0x49, 0x46, 0x69, 0x92, 0x5e, 0x72, 0x7e, 0xae, 0x7e, 0x46, 0x62, 0x71, 0x46, + 0x66, 0x72, 0x7e, 0x51, 0x81, 0x7e, 0x72, 0x7e, 0x5e, 0x71, 0x69, 0x8e, 0x3e, 0x92, 0xc5, 0x49, + 0x6c, 0x60, 0x8e, 0x31, 0x20, 0x00, 0x00, 0xff, 0xff, 0x1b, 0xe6, 0xfd, 0xff, 0x8e, 0x00, 0x00, 0x00, } @@ -104,6 +118,10 @@ func (m *ACLLink) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } if len(m.Name) > 0 { i -= len(m.Name) copy(dAtA[i:], m.Name) @@ -146,6 +164,9 @@ func (m *ACLLink) Size() (n int) { if l > 0 { n += 1 + l + sovAcl(uint64(l)) } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } return n } @@ -260,6 +281,7 @@ func (m *ACLLink) Unmarshal(dAtA []byte) error { if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) iNdEx += skippy } } diff --git a/proto/pbacl/acl.proto b/proto/pbacl/acl.proto index 60cfefb3d..58fa65ae1 100644 --- a/proto/pbacl/acl.proto +++ b/proto/pbacl/acl.proto @@ -4,21 +4,8 @@ package acl; option go_package = "github.com/hashicorp/consul/proto/pbacl"; - -// Go Modules now includes the version in the filepath for packages within GOPATH/pkg/mode -// Therefore unless we want to hardcode a version here like -// github.com/gogo/protobuf@v1.3.0/gogoproto/gogo.proto then the only other choice is to -// have a more relative import and pass the right import path to protoc. I don't like it -// but its necessary. -import "gogoproto/gogo.proto"; - -option (gogoproto.goproto_unkeyed_all) = false; -option (gogoproto.goproto_unrecognized_all) = false; -option (gogoproto.goproto_getters_all) = false; -option (gogoproto.goproto_sizecache_all) = false; - message ACLLink { string ID = 1; - string Name = 2 - [(gogoproto.moretags) = "hash:\"ignore\""]; -} \ No newline at end of file + // @gotags: hash:ignore-" + string Name = 2; +} diff --git a/proto/pbcommon/common.go b/proto/pbcommon/common.go index 713089e48..f8211604d 100644 --- a/proto/pbcommon/common.go +++ b/proto/pbcommon/common.go @@ -147,3 +147,32 @@ func (r *ReadRequest) HasTimedOut(start time.Time, rpcHoldTimeout, maxQueryTime, func (td TargetDatacenter) RequestDatacenter() string { return td.Datacenter } + +// SetLastContact is needed to implement the structs.QueryMetaCompat interface +func (q *QueryMeta) SetLastContact(lastContact time.Duration) { + q.LastContact = structs.DurationToProto(lastContact) +} + +// SetKnownLeader is needed to implement the structs.QueryMetaCompat interface +func (q *QueryMeta) SetKnownLeader(knownLeader bool) { + q.KnownLeader = knownLeader +} + +// SetIndex is needed to implement the structs.QueryMetaCompat interface +func (q *QueryMeta) SetIndex(index uint64) { + q.Index = index +} + +// SetConsistencyLevel is needed to implement the structs.QueryMetaCompat interface +func (q *QueryMeta) SetConsistencyLevel(consistencyLevel string) { + q.ConsistencyLevel = consistencyLevel +} + +func (q *QueryMeta) GetBackend() structs.QueryBackend { + return structs.QueryBackend(0) +} + +// SetResultsFilteredByACLs is needed to implement the structs.QueryMetaCompat interface +func (q *QueryMeta) SetResultsFilteredByACLs(v bool) { + q.ResultsFilteredByACLs = v +} diff --git a/proto/prototest/testing.go b/proto/prototest/testing.go new file mode 100644 index 000000000..5b5468ea6 --- /dev/null +++ b/proto/prototest/testing.go @@ -0,0 +1,14 @@ +package prototest + +import ( + "testing" + + "github.com/google/go-cmp/cmp" +) + +func AssertDeepEqual(t *testing.T, x, y interface{}, opts ...cmp.Option) { + t.Helper() + if diff := cmp.Diff(x, y, opts...); diff != "" { + t.Fatalf("assertion failed: values are not equal\n--- expected\n+++ actual\n%v", diff) + } +} From 2f84aabffed9757789ee3e92dbd01fc283dba3a5 Mon Sep 17 00:00:00 2001 From: Michele Degges Date: Mon, 28 Mar 2022 13:45:53 -0700 Subject: [PATCH 031/785] [RelAPI Onboarding] Add release API metadata file (#12591) --- .release/release-metadata.hcl | 6 ++++ .../content/docs/nia/release-notes/index.mdx | 12 +++++++ website/content/docs/releases/index.mdx | 10 ++++++ .../docs/releases/release-notes/index.mdx | 12 +++++++ .../release-notes/v1_10_0.mdx} | 0 .../release-notes/v1_11_0.mdx} | 0 .../release-notes/v1_9_0.mdx} | 0 website/data/docs-nav-data.json | 35 ++++++++++++++----- website/redirects.next.js | 15 ++++++++ 9 files changed, 81 insertions(+), 9 deletions(-) create mode 100644 .release/release-metadata.hcl create mode 100644 website/content/docs/nia/release-notes/index.mdx create mode 100644 website/content/docs/releases/index.mdx create mode 100644 website/content/docs/releases/release-notes/index.mdx rename website/content/docs/{release-notes/1-10-0.mdx => releases/release-notes/v1_10_0.mdx} (100%) rename website/content/docs/{release-notes/1-11-0.mdx => releases/release-notes/v1_11_0.mdx} (100%) rename website/content/docs/{release-notes/1-9-0.mdx => releases/release-notes/v1_9_0.mdx} (100%) diff --git a/.release/release-metadata.hcl b/.release/release-metadata.hcl new file mode 100644 index 000000000..fedd5c53f --- /dev/null +++ b/.release/release-metadata.hcl @@ -0,0 +1,6 @@ +url_docker_registry_dockerhub = "https://hub.docker.com/r/hashicorp/consul" +url_docker_registry_ecr = "https://gallery.ecr.aws/hashicorp/consul" +url_license = "https://github.com/hashicorp/consul/blob/main/LICENSE" +url_project_website = "https://www.consul.io" +url_release_notes = "https://www.consul.io/docs/release-notes" +url_source_repository = "https://github.com/hashicorp/consul" \ No newline at end of file diff --git a/website/content/docs/nia/release-notes/index.mdx b/website/content/docs/nia/release-notes/index.mdx new file mode 100644 index 000000000..f6936d891 --- /dev/null +++ b/website/content/docs/nia/release-notes/index.mdx @@ -0,0 +1,12 @@ +--- +layout: docs +page_title: Release Notes +description: |- + Consul-Terraform-Sync release notes +--- + +# Release Notes + +The side bar to the left has release notes for all major releases of CTS. + +Documentation for patch releases is available at the [Consul-Terraform-Sync changelog](https://github.com/hashicorp/consul-terraform-sync/blob/main/CHANGELOG.md). diff --git a/website/content/docs/releases/index.mdx b/website/content/docs/releases/index.mdx new file mode 100644 index 000000000..0dae70591 --- /dev/null +++ b/website/content/docs/releases/index.mdx @@ -0,0 +1,10 @@ +--- +layout: docs +page_title: Releases +description: |- + Consul releases +--- + +# Downloads + +Downloads of Consul can be found on the [HashiCorp Release Page](https://github.com/hashicorp/consul/releases/). diff --git a/website/content/docs/releases/release-notes/index.mdx b/website/content/docs/releases/release-notes/index.mdx new file mode 100644 index 000000000..839fe0bd2 --- /dev/null +++ b/website/content/docs/releases/release-notes/index.mdx @@ -0,0 +1,12 @@ +--- +layout: docs +page_title: Release Notes +description: |- + Consul release notes +--- + +# Release Notes + +The side bar to the left has release notes for all major releases of Consul. + +Documentation for patch releases (0.1.x) is available at the [Consul changelog](https://github.com/hashicorp/consul/blob/main/CHANGELOG.md). diff --git a/website/content/docs/release-notes/1-10-0.mdx b/website/content/docs/releases/release-notes/v1_10_0.mdx similarity index 100% rename from website/content/docs/release-notes/1-10-0.mdx rename to website/content/docs/releases/release-notes/v1_10_0.mdx diff --git a/website/content/docs/release-notes/1-11-0.mdx b/website/content/docs/releases/release-notes/v1_11_0.mdx similarity index 100% rename from website/content/docs/release-notes/1-11-0.mdx rename to website/content/docs/releases/release-notes/v1_11_0.mdx diff --git a/website/content/docs/release-notes/1-9-0.mdx b/website/content/docs/releases/release-notes/v1_9_0.mdx similarity index 100% rename from website/content/docs/release-notes/1-9-0.mdx rename to website/content/docs/releases/release-notes/v1_9_0.mdx diff --git a/website/data/docs-nav-data.json b/website/data/docs-nav-data.json index d0097e387..2f5934a12 100644 --- a/website/data/docs-nav-data.json +++ b/website/data/docs-nav-data.json @@ -818,6 +818,10 @@ { "title": "Release Notes", "routes": [ + { + "title": "Overview", + "path": "nia/release-notes" + }, { "title": "v0.5.0", "path": "nia/release-notes/0-5-0" @@ -1145,19 +1149,32 @@ ] }, { - "title": "Release Notes", + "title": "Releases", "routes": [ { - "title": "1.11.0", - "path": "release-notes/1-11-0" + "title": "Overview", + "path": "releases" }, { - "title": "1.10.0", - "path": "release-notes/1-10-0" - }, - { - "title": "1.9.0", - "path": "release-notes/1-9-0" + "title": "Release Notes", + "routes": [ + { + "title": "Overview", + "path": "releases/release-notes" + }, + { + "title": "v1.11.0", + "path": "releases/release-notes/v1_11_0" + }, + { + "title": "v1.10.0", + "path": "releases/release-notes/v1_10_0" + }, + { + "title": "v1.9.0", + "path": "releases/release-notes/v1_9_0" + } + ] } ] }, diff --git a/website/redirects.next.js b/website/redirects.next.js index 00c51dab3..484d912a1 100644 --- a/website/redirects.next.js +++ b/website/redirects.next.js @@ -1239,4 +1239,19 @@ module.exports = [ destination: '/docs/k8s/operations/tls-on-existing-cluster', permanent: true, }, + { + source: '/docs/release-notes/1-11-0', + destination: '/docs/releases/release-notes/v1_11_0', + permanent: true, + }, + { + source: '/docs/release-notes/1-10-0', + destination: '/docs/releases/release-notes/v1_10_0', + permanent: true, + }, + { + source: '/docs/release-notes/1-9-0', + destination: '/docs/releases/release-notes/v1_9_0', + permanent: true, + }, ] From ab5b5e85f50da64faee174f0d714d10909473325 Mon Sep 17 00:00:00 2001 From: Eric Date: Mon, 28 Mar 2022 17:17:50 -0400 Subject: [PATCH 032/785] remove the rest of gogo --- .circleci/config.yml | 4 +- GNUmakefile | 4 +- .../private/internal/testservice/simple.pb.go | 483 +--- .../services/subscribe/subscribe_test.go | 7 +- agent/rpcclient/health/view_test.go | 5 +- agent/structs/protobuf_compat.go | 29 - agent/structs/structs.go | 20 - agent/submatview/store_test.go | 12 +- build-support/scripts/proto-gen-entry.sh | 191 +- build-support/scripts/proto-gen-no-gogo.sh | 169 -- build-support/scripts/proto-gen.sh | 74 +- go.mod | 2 +- proto/pbacl/acl.pb.go | 314 +-- proto/pbcommongogo/common.gen.go | 70 - proto/pbcommongogo/common.go | 303 --- proto/pbcommongogo/common.pb.binary.go | 78 - proto/pbcommongogo/common.pb.go | 2036 ----------------- proto/pbcommongogo/common.proto | 182 -- proto/pbcommongogo/common_oss.go | 25 - proto/pbservice/convert_pbstruct.go | 1 - proto/pbutil/pbutil.go | 23 - proto/translate.go | 68 - proto/translate_test.go | 86 - 23 files changed, 273 insertions(+), 3913 deletions(-) mode change 100644 => 100755 build-support/scripts/proto-gen-entry.sh delete mode 100755 build-support/scripts/proto-gen-no-gogo.sh delete mode 100644 proto/pbcommongogo/common.gen.go delete mode 100644 proto/pbcommongogo/common.go delete mode 100644 proto/pbcommongogo/common.pb.binary.go delete mode 100644 proto/pbcommongogo/common.pb.go delete mode 100644 proto/pbcommongogo/common.proto delete mode 100644 proto/pbcommongogo/common_oss.go delete mode 100644 proto/pbutil/pbutil.go delete mode 100644 proto/translate.go delete mode 100644 proto/translate_test.go diff --git a/.circleci/config.yml b/.circleci/config.yml index e637d0d08..db57fb786 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -235,11 +235,9 @@ jobs: sudo chmod -R a+Xr /usr/local/include/google/ rm protoc-*.zip - run: - name: Install gogo/protobuf + name: Install protobuf command: | - gogo_version=$(go list -m github.com/gogo/protobuf | awk '{print $2}') go install -v github.com/hashicorp/protoc-gen-go-binary@master - go install -v github.com/gogo/protobuf/protoc-gen-gofast@${gogo_version} go install -v github.com/favadi/protoc-go-inject-tag@v1.3.0 go install -v github.com/golang/protobuf/protoc-gen-go@v1.3.5 diff --git a/GNUmakefile b/GNUmakefile index 578e826c5..fa9fcb600 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -2,13 +2,11 @@ # https://www.consul.io/docs/install#compiling-from-source SHELL = bash -GOGOVERSION?=$(shell grep github.com/gogo/protobuf go.mod | awk '{print $$2}') GOTOOLS = \ github.com/elazarl/go-bindata-assetfs/go-bindata-assetfs@master \ github.com/hashicorp/go-bindata/go-bindata@master \ golang.org/x/tools/cmd/cover@master \ golang.org/x/tools/cmd/stringer@master \ - github.com/gogo/protobuf/protoc-gen-gofast@$(GOGOVERSION) \ github.com/hashicorp/protoc-gen-go-binary@master \ github.com/vektra/mockery/cmd/mockery@master \ github.com/golangci/golangci-lint/cmd/golangci-lint@v1.40.1 \ @@ -347,7 +345,7 @@ proto: $(PROTOGOFILES) $(PROTOGOBINFILES) %.pb.go %.pb.binary.go: %.proto - @$(SHELL) $(CURDIR)/build-support/scripts/proto-gen-entry.sh --grpc --import-replace "$<" + @$(SHELL) $(CURDIR)/build-support/scripts/proto-gen.sh --grpc --import-replace "$<" .PHONY: module-versions # Print a list of modules which can be updated. diff --git a/agent/grpc/private/internal/testservice/simple.pb.go b/agent/grpc/private/internal/testservice/simple.pb.go index dc2835664..bfd847a28 100644 --- a/agent/grpc/private/internal/testservice/simple.pb.go +++ b/agent/grpc/private/internal/testservice/simple.pb.go @@ -1,4 +1,4 @@ -// Code generated by protoc-gen-gogo. DO NOT EDIT. +// Code generated by protoc-gen-go. DO NOT EDIT. // source: agent/grpc/private/internal/testservice/simple.proto package testservice @@ -10,9 +10,7 @@ import ( grpc "google.golang.org/grpc" codes "google.golang.org/grpc/codes" status "google.golang.org/grpc/status" - io "io" math "math" - math_bits "math/bits" ) // Reference imports to suppress errors if they are not otherwise used. @@ -39,26 +37,18 @@ func (*Req) ProtoMessage() {} func (*Req) Descriptor() ([]byte, []int) { return fileDescriptor_98af0751f806f450, []int{0} } + func (m *Req) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) + return xxx_messageInfo_Req.Unmarshal(m, b) } func (m *Req) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_Req.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil - } + return xxx_messageInfo_Req.Marshal(b, m, deterministic) } func (m *Req) XXX_Merge(src proto.Message) { xxx_messageInfo_Req.Merge(m, src) } func (m *Req) XXX_Size() int { - return m.Size() + return xxx_messageInfo_Req.Size(m) } func (m *Req) XXX_DiscardUnknown() { xxx_messageInfo_Req.DiscardUnknown(m) @@ -87,26 +77,18 @@ func (*Resp) ProtoMessage() {} func (*Resp) Descriptor() ([]byte, []int) { return fileDescriptor_98af0751f806f450, []int{1} } + func (m *Resp) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) + return xxx_messageInfo_Resp.Unmarshal(m, b) } func (m *Resp) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_Resp.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil - } + return xxx_messageInfo_Resp.Marshal(b, m, deterministic) } func (m *Resp) XXX_Merge(src proto.Message) { xxx_messageInfo_Resp.Merge(m, src) } func (m *Resp) XXX_Size() int { - return m.Size() + return xxx_messageInfo_Resp.Size(m) } func (m *Resp) XXX_DiscardUnknown() { xxx_messageInfo_Resp.DiscardUnknown(m) @@ -138,30 +120,28 @@ func init() { } var fileDescriptor_98af0751f806f450 = []byte{ - // 214 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x32, 0x49, 0x4c, 0x4f, 0xcd, - 0x2b, 0xd1, 0x4f, 0x2f, 0x2a, 0x48, 0xd6, 0x2f, 0x28, 0xca, 0x2c, 0x4b, 0x2c, 0x49, 0xd5, 0xcf, - 0xcc, 0x2b, 0x49, 0x2d, 0xca, 0x4b, 0xcc, 0xd1, 0x2f, 0x49, 0x2d, 0x2e, 0x29, 0x4e, 0x2d, 0x2a, - 0xcb, 0x4c, 0x4e, 0xd5, 0x2f, 0xce, 0xcc, 0x2d, 0xc8, 0x49, 0xd5, 0x2b, 0x28, 0xca, 0x2f, 0xc9, - 0x17, 0xe2, 0x46, 0x92, 0x51, 0x52, 0xe5, 0x62, 0x0e, 0x4a, 0x2d, 0x14, 0x92, 0xe3, 0xe2, 0x72, - 0x49, 0x2c, 0x49, 0x4c, 0x4e, 0x05, 0xe9, 0x96, 0x60, 0x54, 0x60, 0xd4, 0xe0, 0x0c, 0x42, 0x12, - 0x51, 0x72, 0xe3, 0x62, 0x09, 0x4a, 0x2d, 0x2e, 0x00, 0xa9, 0x0b, 0x4e, 0x2d, 0x2a, 0x4b, 0x2d, - 0xf2, 0x4b, 0xcc, 0x4d, 0x85, 0xa9, 0x43, 0x88, 0xa0, 0x99, 0xc3, 0x84, 0x6e, 0x8e, 0x51, 0x2e, - 0x17, 0x5b, 0x30, 0xd8, 0x2d, 0x42, 0x46, 0x5c, 0x9c, 0xc1, 0xf9, 0xb9, 0xa9, 0x25, 0x19, 0x99, - 0x79, 0xe9, 0x42, 0x02, 0x7a, 0x48, 0x6e, 0xd2, 0x0b, 0x4a, 0x2d, 0x94, 0x12, 0x44, 0x13, 0x29, - 0x2e, 0x50, 0x62, 0x10, 0xd2, 0xe7, 0x62, 0x71, 0xcb, 0xc9, 0x2f, 0x27, 0x52, 0xb9, 0x01, 0xa3, - 0x93, 0xc0, 0x89, 0x47, 0x72, 0x8c, 0x17, 0x1e, 0xc9, 0x31, 0x3e, 0x78, 0x24, 0xc7, 0x38, 0xe3, - 0xb1, 0x1c, 0x43, 0x12, 0x1b, 0x38, 0x0c, 0x8c, 0x01, 0x01, 0x00, 0x00, 0xff, 0xff, 0x76, 0xce, - 0x88, 0x7d, 0x3b, 0x01, 0x00, 0x00, + // 189 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x8c, 0x8f, 0xcd, 0x0a, 0x82, 0x40, + 0x14, 0x85, 0xb3, 0x44, 0xf0, 0xb6, 0xa9, 0x59, 0x45, 0x8b, 0x08, 0x21, 0x68, 0xe5, 0x84, 0xf5, + 0x08, 0xe1, 0xb2, 0xc5, 0xf8, 0x04, 0x93, 0x5c, 0x6c, 0xc0, 0xf9, 0x71, 0xe6, 0x62, 0xaf, 0x1f, + 0x0a, 0x91, 0xb8, 0x6a, 0xfb, 0xdd, 0xef, 0x1e, 0xce, 0x81, 0x9b, 0x6c, 0xd0, 0x10, 0x6f, 0xbc, + 0xab, 0xb9, 0xf3, 0xaa, 0x97, 0x84, 0x5c, 0x19, 0x42, 0x6f, 0x64, 0xcb, 0x09, 0x03, 0x05, 0xf4, + 0xbd, 0xaa, 0x91, 0x07, 0xa5, 0x5d, 0x8b, 0xb9, 0xf3, 0x96, 0x2c, 0x5b, 0x4f, 0x2e, 0xd9, 0x09, + 0x56, 0x02, 0x3b, 0x76, 0x00, 0xb8, 0x4b, 0x92, 0x35, 0x0e, 0xdf, 0xbb, 0xe8, 0x18, 0x9d, 0x53, + 0x31, 0x21, 0x59, 0x09, 0xb1, 0xc0, 0xe0, 0x06, 0xaf, 0x42, 0xdf, 0xa3, 0x7f, 0x48, 0x8d, 0x5f, + 0xef, 0x47, 0x66, 0x39, 0xcb, 0x79, 0x4e, 0xa1, 0x21, 0xa9, 0xc6, 0x2e, 0xac, 0x80, 0xb4, 0xb2, + 0x1a, 0xe9, 0xa5, 0x4c, 0xc3, 0x36, 0xf9, 0xa4, 0x53, 0x2e, 0xb0, 0xdb, 0x6f, 0x67, 0x24, 0xb8, + 0x6c, 0xc1, 0x38, 0xc4, 0x65, 0x6b, 0xdf, 0x7f, 0xea, 0x97, 0xe8, 0x99, 0x8c, 0x8b, 0xaf, 0x9f, + 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0x5c, 0xf5, 0xcb, 0x29, 0x01, 0x00, 0x00, } // Reference imports to suppress errors if they are not otherwise used. var _ context.Context -var _ grpc.ClientConn +var _ grpc.ClientConnInterface // This is a compile-time assertion to ensure that this generated file // is compatible with the grpc package it is being compiled against. -const _ = grpc.SupportPackageIsVersion4 +const _ = grpc.SupportPackageIsVersion6 // SimpleClient is the client API for Simple service. // @@ -172,10 +152,10 @@ type SimpleClient interface { } type simpleClient struct { - cc *grpc.ClientConn + cc grpc.ClientConnInterface } -func NewSimpleClient(cc *grpc.ClientConn) SimpleClient { +func NewSimpleClient(cc grpc.ClientConnInterface) SimpleClient { return &simpleClient{cc} } @@ -298,414 +278,3 @@ var _Simple_serviceDesc = grpc.ServiceDesc{ }, Metadata: "agent/grpc/private/internal/testservice/simple.proto", } - -func (m *Req) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *Req) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *Req) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if m.XXX_unrecognized != nil { - i -= len(m.XXX_unrecognized) - copy(dAtA[i:], m.XXX_unrecognized) - } - if len(m.Datacenter) > 0 { - i -= len(m.Datacenter) - copy(dAtA[i:], m.Datacenter) - i = encodeVarintSimple(dAtA, i, uint64(len(m.Datacenter))) - i-- - dAtA[i] = 0xa - } - return len(dAtA) - i, nil -} - -func (m *Resp) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *Resp) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *Resp) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if m.XXX_unrecognized != nil { - i -= len(m.XXX_unrecognized) - copy(dAtA[i:], m.XXX_unrecognized) - } - if len(m.Datacenter) > 0 { - i -= len(m.Datacenter) - copy(dAtA[i:], m.Datacenter) - i = encodeVarintSimple(dAtA, i, uint64(len(m.Datacenter))) - i-- - dAtA[i] = 0x12 - } - if len(m.ServerName) > 0 { - i -= len(m.ServerName) - copy(dAtA[i:], m.ServerName) - i = encodeVarintSimple(dAtA, i, uint64(len(m.ServerName))) - i-- - dAtA[i] = 0xa - } - return len(dAtA) - i, nil -} - -func encodeVarintSimple(dAtA []byte, offset int, v uint64) int { - offset -= sovSimple(v) - base := offset - for v >= 1<<7 { - dAtA[offset] = uint8(v&0x7f | 0x80) - v >>= 7 - offset++ - } - dAtA[offset] = uint8(v) - return base -} -func (m *Req) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.Datacenter) - if l > 0 { - n += 1 + l + sovSimple(uint64(l)) - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - -func (m *Resp) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.ServerName) - if l > 0 { - n += 1 + l + sovSimple(uint64(l)) - } - l = len(m.Datacenter) - if l > 0 { - n += 1 + l + sovSimple(uint64(l)) - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - -func sovSimple(x uint64) (n int) { - return (math_bits.Len64(x|1) + 6) / 7 -} -func sozSimple(x uint64) (n int) { - return sovSimple(uint64((x << 1) ^ uint64((int64(x) >> 63)))) -} -func (m *Req) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowSimple - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: Req: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: Req: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Datacenter", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowSimple - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthSimple - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthSimple - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Datacenter = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipSimple(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthSimple - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *Resp) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowSimple - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: Resp: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: Resp: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ServerName", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowSimple - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthSimple - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthSimple - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.ServerName = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Datacenter", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowSimple - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthSimple - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthSimple - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Datacenter = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipSimple(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthSimple - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func skipSimple(dAtA []byte) (n int, err error) { - l := len(dAtA) - iNdEx := 0 - depth := 0 - for iNdEx < l { - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowSimple - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - wireType := int(wire & 0x7) - switch wireType { - case 0: - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowSimple - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - iNdEx++ - if dAtA[iNdEx-1] < 0x80 { - break - } - } - case 1: - iNdEx += 8 - case 2: - var length int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowSimple - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - length |= (int(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - if length < 0 { - return 0, ErrInvalidLengthSimple - } - iNdEx += length - case 3: - depth++ - case 4: - if depth == 0 { - return 0, ErrUnexpectedEndOfGroupSimple - } - depth-- - case 5: - iNdEx += 4 - default: - return 0, fmt.Errorf("proto: illegal wireType %d", wireType) - } - if iNdEx < 0 { - return 0, ErrInvalidLengthSimple - } - if depth == 0 { - return iNdEx, nil - } - } - return 0, io.ErrUnexpectedEOF -} - -var ( - ErrInvalidLengthSimple = fmt.Errorf("proto: negative length found during unmarshaling") - ErrIntOverflowSimple = fmt.Errorf("proto: integer overflow") - ErrUnexpectedEndOfGroupSimple = fmt.Errorf("proto: unexpected end of group") -) diff --git a/agent/grpc/private/services/subscribe/subscribe_test.go b/agent/grpc/private/services/subscribe/subscribe_test.go index 0a52c0f49..aea7669c9 100644 --- a/agent/grpc/private/services/subscribe/subscribe_test.go +++ b/agent/grpc/private/services/subscribe/subscribe_test.go @@ -26,7 +26,6 @@ import ( grpc "github.com/hashicorp/consul/agent/grpc/private" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" - "github.com/hashicorp/consul/proto/pbcommongogo" "github.com/hashicorp/consul/proto/pbservice" "github.com/hashicorp/consul/proto/pbsubscribe" "github.com/hashicorp/consul/types" @@ -124,7 +123,7 @@ func TestServer_Subscribe_IntegrationWithBackend(t *testing.T) { streamHandle, err := streamClient.Subscribe(ctx, &pbsubscribe.SubscribeRequest{ Topic: pbsubscribe.Topic_ServiceHealth, Key: "redis", - Namespace: pbcommongogo.DefaultEnterpriseMeta.Namespace, + Namespace: pbcommon.DefaultEnterpriseMeta.Namespace, }) require.NoError(t, err) @@ -489,7 +488,7 @@ func TestServer_Subscribe_IntegrationWithBackend_ForwardToDC(t *testing.T) { Topic: pbsubscribe.Topic_ServiceHealth, Key: "redis", Datacenter: "dc2", - Namespace: pbcommongogo.DefaultEnterpriseMeta.Namespace, + Namespace: pbcommon.DefaultEnterpriseMeta.Namespace, }) require.NoError(t, err) go recvEvents(chEvents, streamHandle) @@ -746,7 +745,7 @@ node "node1" { Topic: pbsubscribe.Topic_ServiceHealth, Key: "foo", Token: token, - Namespace: pbcommongogo.DefaultEnterpriseMeta.Namespace, + Namespace: pbcommon.DefaultEnterpriseMeta.Namespace, }) require.NoError(t, err) diff --git a/agent/rpcclient/health/view_test.go b/agent/rpcclient/health/view_test.go index 9dc00150f..96bae37a1 100644 --- a/agent/rpcclient/health/view_test.go +++ b/agent/rpcclient/health/view_test.go @@ -4,7 +4,6 @@ import ( "context" "errors" "fmt" - "github.com/hashicorp/consul/proto/pbcommon" "strings" "testing" "time" @@ -18,7 +17,7 @@ import ( "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/agent/submatview" - "github.com/hashicorp/consul/proto/pbcommongogo" + "github.com/hashicorp/consul/proto/pbcommon" "github.com/hashicorp/consul/proto/pbservice" "github.com/hashicorp/consul/proto/pbsubscribe" "github.com/hashicorp/consul/types" @@ -75,7 +74,7 @@ func TestHealthView_IntegrationWithStore_WithEmptySnapshot(t *testing.T) { t.Skip("too slow for testing.Short") } - namespace := getNamespace(pbcommongogo.DefaultEnterpriseMeta.Namespace) + namespace := getNamespace(pbcommon.DefaultEnterpriseMeta.Namespace) streamClient := newStreamClient(validateNamespace(namespace)) ctx, cancel := context.WithCancel(context.Background()) diff --git a/agent/structs/protobuf_compat.go b/agent/structs/protobuf_compat.go index 860d971c3..e3a01cadf 100644 --- a/agent/structs/protobuf_compat.go +++ b/agent/structs/protobuf_compat.go @@ -5,7 +5,6 @@ import ( ) // GetToken helps implement the QueryOptionsCompat interface -// Copied from proto/pbcommongogo/common.pb.go func (m *QueryOptions) GetToken() string { if m != nil { return m.Token @@ -14,7 +13,6 @@ func (m *QueryOptions) GetToken() string { } // GetMinQueryIndex helps implement the QueryOptionsCompat interface -// Copied from proto/pbcommongogo/common.pb.go func (m *QueryOptions) GetMinQueryIndex() uint64 { if m != nil { return m.MinQueryIndex @@ -23,7 +21,6 @@ func (m *QueryOptions) GetMinQueryIndex() uint64 { } // GetMaxQueryTime helps implement the QueryOptionsCompat interface -// Copied from proto/pbcommongogo/common.pb.go func (m *QueryOptions) GetMaxQueryTime() (time.Duration, error) { if m != nil { return m.MaxQueryTime, nil @@ -32,7 +29,6 @@ func (m *QueryOptions) GetMaxQueryTime() (time.Duration, error) { } // GetAllowStale helps implement the QueryOptionsCompat interface -// Copied from proto/pbcommongogo/common.pb.go func (m *QueryOptions) GetAllowStale() bool { if m != nil { return m.AllowStale @@ -41,7 +37,6 @@ func (m *QueryOptions) GetAllowStale() bool { } // GetRequireConsistent helps implement the QueryOptionsCompat interface -// Copied from proto/pbcommongogo/common.pb.go func (m *QueryOptions) GetRequireConsistent() bool { if m != nil { return m.RequireConsistent @@ -50,7 +45,6 @@ func (m *QueryOptions) GetRequireConsistent() bool { } // GetUseCache helps implement the QueryOptionsCompat interface -// Copied from proto/pbcommongogo/common.pb.go func (m *QueryOptions) GetUseCache() bool { if m != nil { return m.UseCache @@ -59,7 +53,6 @@ func (m *QueryOptions) GetUseCache() bool { } // GetMaxStaleDuration helps implement the QueryOptionsCompat interface -// Copied from proto/pbcommongogo/common.pb.go func (m *QueryOptions) GetMaxStaleDuration() (time.Duration, error) { if m != nil { return m.MaxStaleDuration, nil @@ -68,7 +61,6 @@ func (m *QueryOptions) GetMaxStaleDuration() (time.Duration, error) { } // GetMaxAge helps implement the QueryOptionsCompat interface -// Copied from proto/pbcommongogo/common.pb.go func (m *QueryOptions) GetMaxAge() (time.Duration, error) { if m != nil { return m.MaxAge, nil @@ -77,7 +69,6 @@ func (m *QueryOptions) GetMaxAge() (time.Duration, error) { } // GetMustRevalidate helps implement the QueryOptionsCompat interface -// Copied from proto/pbcommongogo/common.pb.go func (m *QueryOptions) GetMustRevalidate() bool { if m != nil { return m.MustRevalidate @@ -86,7 +77,6 @@ func (m *QueryOptions) GetMustRevalidate() bool { } // GetStaleIfError helps implement the QueryOptionsCompat interface -// Copied from proto/pbcommongogo/common.pb.go func (m *QueryOptions) GetStaleIfError() (time.Duration, error) { if m != nil { return m.StaleIfError, nil @@ -95,7 +85,6 @@ func (m *QueryOptions) GetStaleIfError() (time.Duration, error) { } // GetFilter helps implement the QueryOptionsCompat interface -// Copied from proto/pbcommongogo/common.pb.go func (m *QueryOptions) GetFilter() string { if m != nil { return m.Filter @@ -104,67 +93,56 @@ func (m *QueryOptions) GetFilter() string { } // SetToken is needed to implement the structs.QueryOptionsCompat interface -// Copied from proto/pbcommongogo/common.go func (q *QueryOptions) SetToken(token string) { q.Token = token } // SetMinQueryIndex is needed to implement the structs.QueryOptionsCompat interface -// Copied from proto/pbcommongogo/common.go func (q *QueryOptions) SetMinQueryIndex(minQueryIndex uint64) { q.MinQueryIndex = minQueryIndex } // SetMaxQueryTime is needed to implement the structs.QueryOptionsCompat interface -// Copied from proto/pbcommongogo/common.go func (q *QueryOptions) SetMaxQueryTime(maxQueryTime time.Duration) { q.MaxQueryTime = maxQueryTime } // SetAllowStale is needed to implement the structs.QueryOptionsCompat interface -// Copied from proto/pbcommongogo/common.go func (q *QueryOptions) SetAllowStale(allowStale bool) { q.AllowStale = allowStale } // SetRequireConsistent is needed to implement the structs.QueryOptionsCompat interface -// Copied from proto/pbcommongogo/common.go func (q *QueryOptions) SetRequireConsistent(requireConsistent bool) { q.RequireConsistent = requireConsistent } // SetUseCache is needed to implement the structs.QueryOptionsCompat interface -// Copied from proto/pbcommongogo/common.go func (q *QueryOptions) SetUseCache(useCache bool) { q.UseCache = useCache } // SetMaxStaleDuration is needed to implement the structs.QueryOptionsCompat interface -// Copied from proto/pbcommongogo/common.go func (q *QueryOptions) SetMaxStaleDuration(maxStaleDuration time.Duration) { q.MaxStaleDuration = maxStaleDuration } // SetMaxAge is needed to implement the structs.QueryOptionsCompat interface -// Copied from proto/pbcommongogo/common.go func (q *QueryOptions) SetMaxAge(maxAge time.Duration) { q.MaxAge = maxAge } // SetMustRevalidate is needed to implement the structs.QueryOptionsCompat interface -// Copied from proto/pbcommongogo/common.go func (q *QueryOptions) SetMustRevalidate(mustRevalidate bool) { q.MustRevalidate = mustRevalidate } // SetStaleIfError is needed to implement the structs.QueryOptionsCompat interface -// Copied from proto/pbcommongogo/common.go func (q *QueryOptions) SetStaleIfError(staleIfError time.Duration) { q.StaleIfError = staleIfError } // SetFilter is needed to implement the structs.QueryOptionsCompat interface -// Copied from proto/pbcommongogo/common.go func (q *QueryOptions) SetFilter(filter string) { q.Filter = filter } @@ -178,7 +156,6 @@ func (m *QueryMeta) GetIndex() uint64 { } // GetLastContact helps implement the QueryMetaCompat interface -// Copied from proto/pbcommongogo/common.pb.go func (m *QueryMeta) GetLastContact() (time.Duration, error) { if m != nil { return m.LastContact, nil @@ -187,7 +164,6 @@ func (m *QueryMeta) GetLastContact() (time.Duration, error) { } // GetKnownLeader helps implement the QueryMetaCompat interface -// Copied from proto/pbcommongogo/common.pb.go func (m *QueryMeta) GetKnownLeader() bool { if m != nil { return m.KnownLeader @@ -196,7 +172,6 @@ func (m *QueryMeta) GetKnownLeader() bool { } // GetConsistencyLevel helps implement the QueryMetaCompat interface -// Copied from proto/pbcommongogo/common.pb.go func (m *QueryMeta) GetConsistencyLevel() string { if m != nil { return m.ConsistencyLevel @@ -205,25 +180,21 @@ func (m *QueryMeta) GetConsistencyLevel() string { } // SetLastContact is needed to implement the structs.QueryMetaCompat interface -// Copied from proto/pbcommongogo/common.go func (q *QueryMeta) SetLastContact(lastContact time.Duration) { q.LastContact = lastContact } // SetKnownLeader is needed to implement the structs.QueryMetaCompat interface -// Copied from proto/pbcommongogo/common.go func (q *QueryMeta) SetKnownLeader(knownLeader bool) { q.KnownLeader = knownLeader } // SetIndex is needed to implement the structs.QueryMetaCompat interface -// Copied from proto/pbcommongogo/common.go func (q *QueryMeta) SetIndex(index uint64) { q.Index = index } // SetConsistencyLevel is needed to implement the structs.QueryMetaCompat interface -// Copied from proto/pbcommongogo/common.go func (q *QueryMeta) SetConsistencyLevel(consistencyLevel string) { q.ConsistencyLevel = consistencyLevel } diff --git a/agent/structs/structs.go b/agent/structs/structs.go index 96af7c471..80f27dd95 100644 --- a/agent/structs/structs.go +++ b/agent/structs/structs.go @@ -22,7 +22,6 @@ import ( "github.com/hashicorp/serf/coordinate" "github.com/mitchellh/hashstructure" - gtype "github.com/gogo/protobuf/types" ptypes "github.com/golang/protobuf/ptypes" "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/cache" @@ -2686,25 +2685,6 @@ func (m MessageType) String() string { } -func DurationToProtoGogo(d time.Duration) gtype.Duration { - return *gtype.DurationProto(d) -} - -func DurationFromProtoGogo(d gtype.Duration) time.Duration { - duration, _ := gtype.DurationFromProto(&d) - return duration -} - -func TimeFromProtoGogo(s *gtype.Timestamp) time.Time { - time, _ := gtype.TimestampFromProto(s) - return time -} - -func TimeToProtoGogo(s time.Time) *gtype.Timestamp { - proto, _ := gtype.TimestampProto(s) - return proto -} - func DurationToProto(d time.Duration) *duration.Duration { return ptypes.DurationProto(d) } diff --git a/agent/submatview/store_test.go b/agent/submatview/store_test.go index 2055cf911..93b04d1e8 100644 --- a/agent/submatview/store_test.go +++ b/agent/submatview/store_test.go @@ -11,7 +11,7 @@ import ( "github.com/hashicorp/consul/agent/cache" "github.com/hashicorp/consul/lib/ttlcache" - "github.com/hashicorp/consul/proto/pbcommongogo" + "github.com/hashicorp/consul/proto/pbcommon" "github.com/hashicorp/consul/proto/pbservice" "github.com/hashicorp/consul/proto/pbsubscribe" "github.com/hashicorp/consul/sdk/testutil/retry" @@ -25,7 +25,7 @@ func TestStore_Get(t *testing.T) { go store.Run(ctx) req := &fakeRequest{ - client: NewTestStreamingClient(pbcommongogo.DefaultEnterpriseMeta.Namespace), + client: NewTestStreamingClient(pbcommon.DefaultEnterpriseMeta.Namespace), } req.client.QueueEvents( newEndOfSnapshotEvent(2), @@ -232,7 +232,7 @@ func (r *fakeRequest) NewMaterializer() (*Materializer, error) { Token: "abcd", Datacenter: "dc1", Index: index, - Namespace: pbcommongogo.DefaultEnterpriseMeta.Namespace, + Namespace: pbcommon.DefaultEnterpriseMeta.Namespace, } return req }, @@ -292,7 +292,7 @@ func TestStore_Notify(t *testing.T) { go store.Run(ctx) req := &fakeRequest{ - client: NewTestStreamingClient(pbcommongogo.DefaultEnterpriseMeta.Namespace), + client: NewTestStreamingClient(pbcommon.DefaultEnterpriseMeta.Namespace), } req.client.QueueEvents( newEndOfSnapshotEvent(2), @@ -361,7 +361,7 @@ func TestStore_Notify_ManyRequests(t *testing.T) { go store.Run(ctx) req := &fakeRequest{ - client: NewTestStreamingClient(pbcommongogo.DefaultEnterpriseMeta.Namespace), + client: NewTestStreamingClient(pbcommon.DefaultEnterpriseMeta.Namespace), } req.client.QueueEvents(newEndOfSnapshotEvent(2)) @@ -473,7 +473,7 @@ func TestStore_Run_ExpiresEntries(t *testing.T) { go store.Run(ctx) req := &fakeRequest{ - client: NewTestStreamingClient(pbcommongogo.DefaultEnterpriseMeta.Namespace), + client: NewTestStreamingClient(pbcommon.DefaultEnterpriseMeta.Namespace), } req.client.QueueEvents(newEndOfSnapshotEvent(2)) diff --git a/build-support/scripts/proto-gen-entry.sh b/build-support/scripts/proto-gen-entry.sh old mode 100644 new mode 100755 index 639f725cc..50d51be0d --- a/build-support/scripts/proto-gen-entry.sh +++ b/build-support/scripts/proto-gen-entry.sh @@ -1,26 +1,169 @@ #!/usr/bin/env bash -FILENAME=$3 -echo $PWD -if [[ "$FILENAME" =~ .*pbcommon/.* ]]; then - echo "$FILENAME no gogo" - ./build-support/scripts/proto-gen-no-gogo.sh $1 $2 $3 -elif [[ "$FILENAME" =~ .*pbconnect/.* ]]; then - echo "$FILENAME no gogo" - ./build-support/scripts/proto-gen-no-gogo.sh $1 $2 $3 -elif [[ "$FILENAME" =~ .*pbconfig/.* ]]; then - echo "$FILENAME no gogo" - ./build-support/scripts/proto-gen-no-gogo.sh $1 $2 $3 -elif [[ "$FILENAME" =~ .*pbautoconf/.* ]]; then - echo "$FILENAME no gogo" - ./build-support/scripts/proto-gen-no-gogo.sh $1 $2 $3 -elif [[ "$FILENAME" =~ .*pbservice/.* ]]; then - echo "$FILENAME no gogo" - ./build-support/scripts/proto-gen-no-gogo.sh $1 $2 $3 -elif [[ "$FILENAME" =~ .*pbsubscribe/.* ]]; then - echo "$FILENAME no gogo" - ./build-support/scripts/proto-gen-no-gogo.sh $1 $2 $3 -else - echo "$FILENAME gogo" - ./build-support/scripts/proto-gen.sh $1 $2 $3 -fi \ No newline at end of file +SCRIPT_NAME="$(basename ${BASH_SOURCE[0]})" +pushd $(dirname ${BASH_SOURCE[0]}) > /dev/null +SCRIPT_DIR=$(pwd) +pushd ../.. > /dev/null +SOURCE_DIR=$(pwd) +popd > /dev/null +pushd ../functions > /dev/null +FN_DIR=$(pwd) +popd > /dev/null +popd > /dev/null + +source "${SCRIPT_DIR}/functions.sh" + +function usage { +cat <<-EOF +Usage: ${SCRIPT_NAME} [] + +Description: + Generate the Go files from protobuf definitions. In addition to + running the protoc generator it will also fixup build tags in the + generated code. + +Options: + --import-replace Replace imports of google types with those from the protobuf repo. + --grpc Enable the gRPC plugin + -h | --help Print this help text. +EOF +} + +function err_usage { + err "$1" + err "" + err "$(usage)" +} + +function main { + local -i grpc=0 + local -i imp_replace=0 + local proto_path= + + while test $# -gt 0 + do + case "$1" in + -h | --help ) + usage + return 0 + ;; + --grpc ) + grpc=1 + shift + ;; + --import-replace ) + imp_replace=1 + shift + ;; + * ) + proto_path="$1" + shift + ;; + esac + done + + if test -z "${proto_path}" + then + err_usage "ERROR: No proto file specified" + return 1 + fi + + go mod download + + local golang_proto_path=$(go list -f '{{ .Dir }}' -m github.com/golang/protobuf) + local golang_proto_mod_path=$(sed -e 's,\(.*\)github.com.*,\1,' <<< "${golang_proto_path}") + + + local golang_proto_imp_replace="Mgoogle/protobuf/timestamp.proto=github.com/golang/protobuf/ptypes/timestamp" + golang_proto_imp_replace="${golang_proto_imp_replace},Mgoogle/protobuf/duration.proto=github.com/golang/protobuf/ptypes/duration" + + local proto_go_path=${proto_path%%.proto}.pb.go + local proto_go_bin_path=${proto_path%%.proto}.pb.binary.go + local proto_go_rpcglue_path=${proto_path%%.proto}.rpcglue.pb.go + + local go_proto_out="paths=source_relative" + if is_set "${grpc}" + then + go_proto_out="${go_proto_out},plugins=grpc" + fi + + if is_set "${imp_replace}" + then + go_proto_out="${go_proto_out},${golang_proto_imp_replace}" + fi + + if test -n "${go_proto_out}" + then + go_proto_out="${go_proto_out}:" + fi + + # How we run protoc probably needs some documentation. + # + # This is the path to where + # -I="${golang_proto_path}/protobuf" \ + local -i ret=0 + status_stage "Generating ${proto_path} into ${proto_go_path} and ${proto_go_bin_path} (NO GOGO)" + echo "debug_run protoc \ + -I=\"${golang_proto_path}\" \ + -I=\"${golang_proto_mod_path}\" \ + -I=\"${SOURCE_DIR}\" \ + --go_out=\"${go_proto_out}${SOURCE_DIR}\" \ + --go-binary_out=\"${SOURCE_DIR}\" \ + \"${proto_path}\"" + debug_run protoc \ + -I="${golang_proto_path}" \ + -I="${golang_proto_mod_path}" \ + -I="${SOURCE_DIR}" \ + --go_out="${go_proto_out}${SOURCE_DIR}" \ + --go-binary_out="${SOURCE_DIR}" \ + "${proto_path}" + + if test $? -ne 0 + then + err "Failed to run protoc for ${proto_path}" + return 1 + fi + + debug_run protoc-go-inject-tag \ + -input="${proto_go_path}" + + if test $? -ne 0 + then + err "Failed to run protoc-go-inject-tag for ${proto_path}" + return 1 + fi + + echo "debug_run protoc \ + -I=\"${golang_proto_path}\" \ + -I=\"${golang_proto_mod_path}\" \ + -I=\"${SOURCE_DIR}\" \ + --go_out=\"${go_proto_out}${SOURCE_DIR}\" \ + --go-binary_out=\"${SOURCE_DIR}\" \ + \"${proto_path}\"" + + BUILD_TAGS=$(sed -e '/^[[:space:]]*$/,$d' < "${proto_path}" | grep '// +build') + if test -n "${BUILD_TAGS}" + then + echo -e "${BUILD_TAGS}\n" >> "${proto_go_path}.new" + cat "${proto_go_path}" >> "${proto_go_path}.new" + mv "${proto_go_path}.new" "${proto_go_path}" + + echo -e "${BUILD_TAGS}\n" >> "${proto_go_bin_path}.new" + cat "${proto_go_bin_path}" >> "${proto_go_bin_path}.new" + mv "${proto_go_bin_path}.new" "${proto_go_bin_path}" + fi + + # note: this has to run after we fix up the build tags above + rm -f "${proto_go_rpcglue_path}" + debug_run go run ./internal/tools/proto-gen-rpc-glue/main.go -path "${proto_go_path}" + if test $? -ne 0 + then + err "Failed to generate consul rpc glue outputs from ${proto_path}" + return 1 + fi + + return 0 +} + +main "$@" +exit $? diff --git a/build-support/scripts/proto-gen-no-gogo.sh b/build-support/scripts/proto-gen-no-gogo.sh deleted file mode 100755 index 50d51be0d..000000000 --- a/build-support/scripts/proto-gen-no-gogo.sh +++ /dev/null @@ -1,169 +0,0 @@ -#!/usr/bin/env bash - -SCRIPT_NAME="$(basename ${BASH_SOURCE[0]})" -pushd $(dirname ${BASH_SOURCE[0]}) > /dev/null -SCRIPT_DIR=$(pwd) -pushd ../.. > /dev/null -SOURCE_DIR=$(pwd) -popd > /dev/null -pushd ../functions > /dev/null -FN_DIR=$(pwd) -popd > /dev/null -popd > /dev/null - -source "${SCRIPT_DIR}/functions.sh" - -function usage { -cat <<-EOF -Usage: ${SCRIPT_NAME} [] - -Description: - Generate the Go files from protobuf definitions. In addition to - running the protoc generator it will also fixup build tags in the - generated code. - -Options: - --import-replace Replace imports of google types with those from the protobuf repo. - --grpc Enable the gRPC plugin - -h | --help Print this help text. -EOF -} - -function err_usage { - err "$1" - err "" - err "$(usage)" -} - -function main { - local -i grpc=0 - local -i imp_replace=0 - local proto_path= - - while test $# -gt 0 - do - case "$1" in - -h | --help ) - usage - return 0 - ;; - --grpc ) - grpc=1 - shift - ;; - --import-replace ) - imp_replace=1 - shift - ;; - * ) - proto_path="$1" - shift - ;; - esac - done - - if test -z "${proto_path}" - then - err_usage "ERROR: No proto file specified" - return 1 - fi - - go mod download - - local golang_proto_path=$(go list -f '{{ .Dir }}' -m github.com/golang/protobuf) - local golang_proto_mod_path=$(sed -e 's,\(.*\)github.com.*,\1,' <<< "${golang_proto_path}") - - - local golang_proto_imp_replace="Mgoogle/protobuf/timestamp.proto=github.com/golang/protobuf/ptypes/timestamp" - golang_proto_imp_replace="${golang_proto_imp_replace},Mgoogle/protobuf/duration.proto=github.com/golang/protobuf/ptypes/duration" - - local proto_go_path=${proto_path%%.proto}.pb.go - local proto_go_bin_path=${proto_path%%.proto}.pb.binary.go - local proto_go_rpcglue_path=${proto_path%%.proto}.rpcglue.pb.go - - local go_proto_out="paths=source_relative" - if is_set "${grpc}" - then - go_proto_out="${go_proto_out},plugins=grpc" - fi - - if is_set "${imp_replace}" - then - go_proto_out="${go_proto_out},${golang_proto_imp_replace}" - fi - - if test -n "${go_proto_out}" - then - go_proto_out="${go_proto_out}:" - fi - - # How we run protoc probably needs some documentation. - # - # This is the path to where - # -I="${golang_proto_path}/protobuf" \ - local -i ret=0 - status_stage "Generating ${proto_path} into ${proto_go_path} and ${proto_go_bin_path} (NO GOGO)" - echo "debug_run protoc \ - -I=\"${golang_proto_path}\" \ - -I=\"${golang_proto_mod_path}\" \ - -I=\"${SOURCE_DIR}\" \ - --go_out=\"${go_proto_out}${SOURCE_DIR}\" \ - --go-binary_out=\"${SOURCE_DIR}\" \ - \"${proto_path}\"" - debug_run protoc \ - -I="${golang_proto_path}" \ - -I="${golang_proto_mod_path}" \ - -I="${SOURCE_DIR}" \ - --go_out="${go_proto_out}${SOURCE_DIR}" \ - --go-binary_out="${SOURCE_DIR}" \ - "${proto_path}" - - if test $? -ne 0 - then - err "Failed to run protoc for ${proto_path}" - return 1 - fi - - debug_run protoc-go-inject-tag \ - -input="${proto_go_path}" - - if test $? -ne 0 - then - err "Failed to run protoc-go-inject-tag for ${proto_path}" - return 1 - fi - - echo "debug_run protoc \ - -I=\"${golang_proto_path}\" \ - -I=\"${golang_proto_mod_path}\" \ - -I=\"${SOURCE_DIR}\" \ - --go_out=\"${go_proto_out}${SOURCE_DIR}\" \ - --go-binary_out=\"${SOURCE_DIR}\" \ - \"${proto_path}\"" - - BUILD_TAGS=$(sed -e '/^[[:space:]]*$/,$d' < "${proto_path}" | grep '// +build') - if test -n "${BUILD_TAGS}" - then - echo -e "${BUILD_TAGS}\n" >> "${proto_go_path}.new" - cat "${proto_go_path}" >> "${proto_go_path}.new" - mv "${proto_go_path}.new" "${proto_go_path}" - - echo -e "${BUILD_TAGS}\n" >> "${proto_go_bin_path}.new" - cat "${proto_go_bin_path}" >> "${proto_go_bin_path}.new" - mv "${proto_go_bin_path}.new" "${proto_go_bin_path}" - fi - - # note: this has to run after we fix up the build tags above - rm -f "${proto_go_rpcglue_path}" - debug_run go run ./internal/tools/proto-gen-rpc-glue/main.go -path "${proto_go_path}" - if test $? -ne 0 - then - err "Failed to generate consul rpc glue outputs from ${proto_path}" - return 1 - fi - - return 0 -} - -main "$@" -exit $? diff --git a/build-support/scripts/proto-gen.sh b/build-support/scripts/proto-gen.sh index 82230bb74..4ecf9acd8 100755 --- a/build-support/scripts/proto-gen.sh +++ b/build-support/scripts/proto-gen.sh @@ -1,4 +1,5 @@ #!/usr/bin/env bash + SCRIPT_NAME="$(basename ${BASH_SOURCE[0]})" pushd $(dirname ${BASH_SOURCE[0]}) > /dev/null SCRIPT_DIR=$(pwd) @@ -22,7 +23,7 @@ Description: generated code. Options: - --import-replace Replace imports of google types with those from the gogo/protobuf repo. + --import-replace Replace imports of google types with those from the protobuf repo. --grpc Enable the gRPC plugin -h | --help Print this help text. EOF @@ -67,21 +68,19 @@ function main { return 1 fi - local gogo_proto_path=$(go list -f '{{ .Dir }}' -m github.com/gogo/protobuf) - local gogo_proto_mod_path=$(sed -e 's,\(.*\)github.com.*,\1,' <<< "${gogo_proto_path}") + go mod download - local gogo_proto_imp_replace="Mgoogle/protobuf/timestamp.proto=github.com/gogo/protobuf/types" - gogo_proto_imp_replace="${gogo_proto_imp_replace},Mgoogle/protobuf/duration.proto=github.com/gogo/protobuf/types" - gogo_proto_imp_replace="${gogo_proto_imp_replace},Mgoogle/protobuf/empty.proto=github.com/gogo/protobuf/types" - gogo_proto_imp_replace="${gogo_proto_imp_replace},Mgoogle/protobuf/struct.proto=github.com/gogo/protobuf/types" - gogo_proto_imp_replace="${gogo_proto_imp_replace},Mgoogle/protobuf/wrappers.proto=github.com/gogo/protobuf/types" - gogo_proto_imp_replace="${gogo_proto_imp_replace},Mgoogle/api/annotations.proto=github.com/gogo/googleapis/google/api" - gogo_proto_imp_replace="${gogo_proto_imp_replace},Mgoogle/protobuf/field_mask.proto=github.com/gogo/protobuf/types" - gogo_proto_imp_replace="${gogo_proto_imp_replace},Mgoogle/protobuf/any.proto=github.com/gogo/protobuf/types" + local golang_proto_path=$(go list -f '{{ .Dir }}' -m github.com/golang/protobuf) + local golang_proto_mod_path=$(sed -e 's,\(.*\)github.com.*,\1,' <<< "${golang_proto_path}") + + + local golang_proto_imp_replace="Mgoogle/protobuf/timestamp.proto=github.com/golang/protobuf/ptypes/timestamp" + golang_proto_imp_replace="${golang_proto_imp_replace},Mgoogle/protobuf/duration.proto=github.com/golang/protobuf/ptypes/duration" local proto_go_path=${proto_path%%.proto}.pb.go local proto_go_bin_path=${proto_path%%.proto}.pb.binary.go - + local proto_go_rpcglue_path=${proto_path%%.proto}.rpcglue.pb.go + local go_proto_out="paths=source_relative" if is_set "${grpc}" then @@ -90,7 +89,7 @@ function main { if is_set "${imp_replace}" then - go_proto_out="${go_proto_out},${gogo_proto_imp_replace}" + go_proto_out="${go_proto_out},${golang_proto_imp_replace}" fi if test -n "${go_proto_out}" @@ -100,36 +99,69 @@ function main { # How we run protoc probably needs some documentation. # - # This is the path to where - # -I="${gogo_proto_path}/protobuf" \ + # This is the path to where + # -I="${golang_proto_path}/protobuf" \ local -i ret=0 status_stage "Generating ${proto_path} into ${proto_go_path} and ${proto_go_bin_path}" + echo "debug_run protoc \ + -I=\"${golang_proto_path}\" \ + -I=\"${golang_proto_mod_path}\" \ + -I=\"${SOURCE_DIR}\" \ + --go_out=\"${go_proto_out}${SOURCE_DIR}\" \ + --go-binary_out=\"${SOURCE_DIR}\" \ + \"${proto_path}\"" debug_run protoc \ - -I="${gogo_proto_path}/protobuf" \ - -I="${gogo_proto_path}" \ - -I="${gogo_proto_mod_path}" \ + -I="${golang_proto_path}" \ + -I="${golang_proto_mod_path}" \ -I="${SOURCE_DIR}" \ - --gofast_out="${go_proto_out}${SOURCE_DIR}" \ + --go_out="${go_proto_out}${SOURCE_DIR}" \ --go-binary_out="${SOURCE_DIR}" \ "${proto_path}" + if test $? -ne 0 then - err "Failed to generate outputs from ${proto_path}" + err "Failed to run protoc for ${proto_path}" return 1 fi + debug_run protoc-go-inject-tag \ + -input="${proto_go_path}" + + if test $? -ne 0 + then + err "Failed to run protoc-go-inject-tag for ${proto_path}" + return 1 + fi + + echo "debug_run protoc \ + -I=\"${golang_proto_path}\" \ + -I=\"${golang_proto_mod_path}\" \ + -I=\"${SOURCE_DIR}\" \ + --go_out=\"${go_proto_out}${SOURCE_DIR}\" \ + --go-binary_out=\"${SOURCE_DIR}\" \ + \"${proto_path}\"" + BUILD_TAGS=$(sed -e '/^[[:space:]]*$/,$d' < "${proto_path}" | grep '// +build') if test -n "${BUILD_TAGS}" then echo -e "${BUILD_TAGS}\n" >> "${proto_go_path}.new" cat "${proto_go_path}" >> "${proto_go_path}.new" mv "${proto_go_path}.new" "${proto_go_path}" - + echo -e "${BUILD_TAGS}\n" >> "${proto_go_bin_path}.new" cat "${proto_go_bin_path}" >> "${proto_go_bin_path}.new" mv "${proto_go_bin_path}.new" "${proto_go_bin_path}" fi + # note: this has to run after we fix up the build tags above + rm -f "${proto_go_rpcglue_path}" + debug_run go run ./internal/tools/proto-gen-rpc-glue/main.go -path "${proto_go_path}" + if test $? -ne 0 + then + err "Failed to generate consul rpc glue outputs from ${proto_path}" + return 1 + fi + return 0 } diff --git a/go.mod b/go.mod index 628a30202..e438f1bf2 100644 --- a/go.mod +++ b/go.mod @@ -23,7 +23,7 @@ require ( github.com/envoyproxy/go-control-plane v0.9.5 github.com/frankban/quicktest v1.11.0 // indirect github.com/fsnotify/fsnotify v1.5.1 - github.com/gogo/protobuf v1.3.2 + github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/protobuf v1.3.5 github.com/google/go-cmp v0.5.6 github.com/google/go-querystring v1.0.0 // indirect diff --git a/proto/pbacl/acl.pb.go b/proto/pbacl/acl.pb.go index d91f00ed5..baaa994e9 100644 --- a/proto/pbacl/acl.pb.go +++ b/proto/pbacl/acl.pb.go @@ -1,4 +1,4 @@ -// Code generated by protoc-gen-gogo. DO NOT EDIT. +// Code generated by protoc-gen-go. DO NOT EDIT. // source: proto/pbacl/acl.proto package pbacl @@ -6,9 +6,7 @@ package pbacl import ( fmt "fmt" proto "github.com/golang/protobuf/proto" - io "io" math "math" - math_bits "math/bits" ) // Reference imports to suppress errors if they are not otherwise used. @@ -37,26 +35,18 @@ func (*ACLLink) ProtoMessage() {} func (*ACLLink) Descriptor() ([]byte, []int) { return fileDescriptor_ad2d2c73a6a0d8b5, []int{0} } + func (m *ACLLink) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) + return xxx_messageInfo_ACLLink.Unmarshal(m, b) } func (m *ACLLink) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_ACLLink.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil - } + return xxx_messageInfo_ACLLink.Marshal(b, m, deterministic) } func (m *ACLLink) XXX_Merge(src proto.Message) { xxx_messageInfo_ACLLink.Merge(m, src) } func (m *ACLLink) XXX_Size() int { - return m.Size() + return xxx_messageInfo_ACLLink.Size(m) } func (m *ACLLink) XXX_DiscardUnknown() { xxx_messageInfo_ACLLink.DiscardUnknown(m) @@ -82,296 +72,18 @@ func init() { proto.RegisterType((*ACLLink)(nil), "acl.ACLLink") } -func init() { proto.RegisterFile("proto/pbacl/acl.proto", fileDescriptor_ad2d2c73a6a0d8b5) } +func init() { + proto.RegisterFile("proto/pbacl/acl.proto", fileDescriptor_ad2d2c73a6a0d8b5) +} var fileDescriptor_ad2d2c73a6a0d8b5 = []byte{ - // 145 bytes of a gzipped FileDescriptorProto + // 128 bytes of a gzipped FileDescriptorProto 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x12, 0x2d, 0x28, 0xca, 0x2f, 0xc9, 0xd7, 0x2f, 0x48, 0x4a, 0x4c, 0xce, 0xd1, 0x4f, 0x4c, 0xce, 0xd1, 0x03, 0xf3, 0x85, 0x98, 0x13, 0x93, 0x73, 0x94, 0x74, 0xb9, 0xd8, 0x1d, 0x9d, 0x7d, 0x7c, 0x32, 0xf3, 0xb2, 0x85, 0xf8, 0xb8, 0x98, 0x3c, 0x5d, 0x24, 0x18, 0x15, 0x18, 0x35, 0x38, 0x83, 0x98, 0x3c, 0x5d, 0x84, 0x84, - 0xb8, 0x58, 0xfc, 0x12, 0x73, 0x53, 0x25, 0x98, 0xc0, 0x22, 0x60, 0xb6, 0x93, 0xe5, 0x89, 0x47, - 0x72, 0x8c, 0x17, 0x1e, 0xc9, 0x31, 0x3e, 0x78, 0x24, 0xc7, 0x38, 0xe3, 0xb1, 0x1c, 0x43, 0x94, - 0x7a, 0x7a, 0x66, 0x49, 0x46, 0x69, 0x92, 0x5e, 0x72, 0x7e, 0xae, 0x7e, 0x46, 0x62, 0x71, 0x46, - 0x66, 0x72, 0x7e, 0x51, 0x81, 0x7e, 0x72, 0x7e, 0x5e, 0x71, 0x69, 0x8e, 0x3e, 0x92, 0xc5, 0x49, - 0x6c, 0x60, 0x8e, 0x31, 0x20, 0x00, 0x00, 0xff, 0xff, 0x1b, 0xe6, 0xfd, 0xff, 0x8e, 0x00, 0x00, - 0x00, + 0xb8, 0x58, 0xfc, 0x12, 0x73, 0x53, 0x25, 0x98, 0xc0, 0x22, 0x60, 0xb6, 0x93, 0x66, 0x94, 0x7a, + 0x7a, 0x66, 0x49, 0x46, 0x69, 0x92, 0x5e, 0x72, 0x7e, 0xae, 0x7e, 0x46, 0x62, 0x71, 0x46, 0x66, + 0x72, 0x7e, 0x51, 0x81, 0x7e, 0x72, 0x7e, 0x5e, 0x71, 0x69, 0x8e, 0x3e, 0x92, 0x45, 0x49, 0x6c, + 0x60, 0x8e, 0x31, 0x20, 0x00, 0x00, 0xff, 0xff, 0xaf, 0x25, 0x54, 0x7f, 0x7e, 0x00, 0x00, 0x00, } - -func (m *ACLLink) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *ACLLink) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *ACLLink) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if m.XXX_unrecognized != nil { - i -= len(m.XXX_unrecognized) - copy(dAtA[i:], m.XXX_unrecognized) - } - if len(m.Name) > 0 { - i -= len(m.Name) - copy(dAtA[i:], m.Name) - i = encodeVarintAcl(dAtA, i, uint64(len(m.Name))) - i-- - dAtA[i] = 0x12 - } - if len(m.ID) > 0 { - i -= len(m.ID) - copy(dAtA[i:], m.ID) - i = encodeVarintAcl(dAtA, i, uint64(len(m.ID))) - i-- - dAtA[i] = 0xa - } - return len(dAtA) - i, nil -} - -func encodeVarintAcl(dAtA []byte, offset int, v uint64) int { - offset -= sovAcl(v) - base := offset - for v >= 1<<7 { - dAtA[offset] = uint8(v&0x7f | 0x80) - v >>= 7 - offset++ - } - dAtA[offset] = uint8(v) - return base -} -func (m *ACLLink) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.ID) - if l > 0 { - n += 1 + l + sovAcl(uint64(l)) - } - l = len(m.Name) - if l > 0 { - n += 1 + l + sovAcl(uint64(l)) - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - -func sovAcl(x uint64) (n int) { - return (math_bits.Len64(x|1) + 6) / 7 -} -func sozAcl(x uint64) (n int) { - return sovAcl(uint64((x << 1) ^ uint64((int64(x) >> 63)))) -} -func (m *ACLLink) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAcl - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: ACLLink: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: ACLLink: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ID", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAcl - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthAcl - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthAcl - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.ID = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAcl - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthAcl - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthAcl - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Name = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipAcl(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthAcl - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func skipAcl(dAtA []byte) (n int, err error) { - l := len(dAtA) - iNdEx := 0 - depth := 0 - for iNdEx < l { - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowAcl - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - wireType := int(wire & 0x7) - switch wireType { - case 0: - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowAcl - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - iNdEx++ - if dAtA[iNdEx-1] < 0x80 { - break - } - } - case 1: - iNdEx += 8 - case 2: - var length int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowAcl - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - length |= (int(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - if length < 0 { - return 0, ErrInvalidLengthAcl - } - iNdEx += length - case 3: - depth++ - case 4: - if depth == 0 { - return 0, ErrUnexpectedEndOfGroupAcl - } - depth-- - case 5: - iNdEx += 4 - default: - return 0, fmt.Errorf("proto: illegal wireType %d", wireType) - } - if iNdEx < 0 { - return 0, ErrInvalidLengthAcl - } - if depth == 0 { - return iNdEx, nil - } - } - return 0, io.ErrUnexpectedEOF -} - -var ( - ErrInvalidLengthAcl = fmt.Errorf("proto: negative length found during unmarshaling") - ErrIntOverflowAcl = fmt.Errorf("proto: integer overflow") - ErrUnexpectedEndOfGroupAcl = fmt.Errorf("proto: unexpected end of group") -) diff --git a/proto/pbcommongogo/common.gen.go b/proto/pbcommongogo/common.gen.go deleted file mode 100644 index 925ebb70d..000000000 --- a/proto/pbcommongogo/common.gen.go +++ /dev/null @@ -1,70 +0,0 @@ -// Code generated by mog. DO NOT EDIT. - -package pbcommongogo - -import "github.com/hashicorp/consul/agent/structs" - -func QueryMetaToStructs(s *QueryMeta, t *structs.QueryMeta) { - if s == nil { - return - } - t.Index = s.Index - t.LastContact = structs.DurationFromProtoGogo(s.LastContact) - t.KnownLeader = s.KnownLeader - t.ConsistencyLevel = s.ConsistencyLevel - t.ResultsFilteredByACLs = s.ResultsFilteredByACLs -} -func QueryMetaFromStructs(t *structs.QueryMeta, s *QueryMeta) { - if s == nil { - return - } - s.Index = t.Index - s.LastContact = structs.DurationToProtoGogo(t.LastContact) - s.KnownLeader = t.KnownLeader - s.ConsistencyLevel = t.ConsistencyLevel - s.ResultsFilteredByACLs = t.ResultsFilteredByACLs -} -func QueryOptionsToStructs(s *QueryOptions, t *structs.QueryOptions) { - if s == nil { - return - } - t.Token = s.Token - t.MinQueryIndex = s.MinQueryIndex - t.MaxQueryTime = structs.DurationFromProtoGogo(s.MaxQueryTime) - t.AllowStale = s.AllowStale - t.RequireConsistent = s.RequireConsistent - t.UseCache = s.UseCache - t.MaxStaleDuration = structs.DurationFromProtoGogo(s.MaxStaleDuration) - t.MaxAge = structs.DurationFromProtoGogo(s.MaxAge) - t.MustRevalidate = s.MustRevalidate - t.Filter = s.Filter -} -func QueryOptionsFromStructs(t *structs.QueryOptions, s *QueryOptions) { - if s == nil { - return - } - s.Token = t.Token - s.MinQueryIndex = t.MinQueryIndex - s.MaxQueryTime = structs.DurationToProtoGogo(t.MaxQueryTime) - s.AllowStale = t.AllowStale - s.RequireConsistent = t.RequireConsistent - s.UseCache = t.UseCache - s.MaxStaleDuration = structs.DurationToProtoGogo(t.MaxStaleDuration) - s.MaxAge = structs.DurationToProtoGogo(t.MaxAge) - s.MustRevalidate = t.MustRevalidate - s.Filter = t.Filter -} -func RaftIndexToStructs(s *RaftIndex, t *structs.RaftIndex) { - if s == nil { - return - } - t.CreateIndex = s.CreateIndex - t.ModifyIndex = s.ModifyIndex -} -func RaftIndexFromStructs(t *structs.RaftIndex, s *RaftIndex) { - if s == nil { - return - } - s.CreateIndex = t.CreateIndex - s.ModifyIndex = t.ModifyIndex -} diff --git a/proto/pbcommongogo/common.go b/proto/pbcommongogo/common.go deleted file mode 100644 index 5cd6d4d64..000000000 --- a/proto/pbcommongogo/common.go +++ /dev/null @@ -1,303 +0,0 @@ -package pbcommongogo - -import ( - "time" - - "github.com/hashicorp/consul/agent/structs" -) - -// IsRead is always true for QueryOption -func (q *QueryOptions) IsRead() bool { - return true -} - -// AllowStaleRead returns whether a stale read should be allowed -func (q *QueryOptions) AllowStaleRead() bool { - return q.AllowStale -} - -func (q *QueryOptions) TokenSecret() string { - return q.Token -} - -func (q *QueryOptions) SetTokenSecret(s string) { - q.Token = s -} - -// SetToken is needed to implement the structs.QueryOptionsCompat interface -func (q *QueryOptions) SetToken(token string) { - q.Token = token -} - -// SetMinQueryIndex is needed to implement the structs.QueryOptionsCompat interface -func (q *QueryOptions) SetMinQueryIndex(minQueryIndex uint64) { - q.MinQueryIndex = minQueryIndex -} - -// SetMaxQueryTime is needed to implement the structs.QueryOptionsCompat interface -func (q *QueryOptions) SetMaxQueryTime(maxQueryTime time.Duration) { - q.MaxQueryTime = structs.DurationToProtoGogo(maxQueryTime) -} - -// SetAllowStale is needed to implement the structs.QueryOptionsCompat interface -func (q *QueryOptions) SetAllowStale(allowStale bool) { - q.AllowStale = allowStale -} - -// SetRequireConsistent is needed to implement the structs.QueryOptionsCompat interface -func (q *QueryOptions) SetRequireConsistent(requireConsistent bool) { - q.RequireConsistent = requireConsistent -} - -// SetUseCache is needed to implement the structs.QueryOptionsCompat interface -func (q *QueryOptions) SetUseCache(useCache bool) { - q.UseCache = useCache -} - -// SetMaxStaleDuration is needed to implement the structs.QueryOptionsCompat interface -func (q *QueryOptions) SetMaxStaleDuration(maxStaleDuration time.Duration) { - q.MaxStaleDuration = structs.DurationToProtoGogo(maxStaleDuration) -} - -// SetMaxAge is needed to implement the structs.QueryOptionsCompat interface -func (q *QueryOptions) SetMaxAge(maxAge time.Duration) { - q.MaxAge = structs.DurationToProtoGogo(maxAge) -} - -// SetMustRevalidate is needed to implement the structs.QueryOptionsCompat interface -func (q *QueryOptions) SetMustRevalidate(mustRevalidate bool) { - q.MustRevalidate = mustRevalidate -} - -// SetStaleIfError is needed to implement the structs.QueryOptionsCompat interface -func (q *QueryOptions) SetStaleIfError(staleIfError time.Duration) { - q.StaleIfError = structs.DurationToProtoGogo(staleIfError) -} - -func (q QueryOptions) HasTimedOut(start time.Time, rpcHoldTimeout, maxQueryTime, defaultQueryTime time.Duration) (bool, error) { - maxTime := structs.DurationFromProtoGogo(q.MaxQueryTime) - o := structs.QueryOptions{ - MaxQueryTime: maxTime, - MinQueryIndex: q.MinQueryIndex, - } - return o.HasTimedOut(start, rpcHoldTimeout, maxQueryTime, defaultQueryTime) -} - -// SetFilter is needed to implement the structs.QueryOptionsCompat interface -func (q *QueryOptions) SetFilter(filter string) { - q.Filter = filter -} - -// GetMaxQueryTime is required to implement blockingQueryOptions -func (q *QueryOptions) GetMaxQueryTime() (time.Duration, error) { - return structs.DurationFromProtoGogo(q.MaxQueryTime), nil -} - -// GetMinQueryIndex is required to implement blockingQueryOptions -func (q *QueryOptions) GetMinQueryIndex() uint64 { - if q != nil { - return q.MinQueryIndex - } - return 0 -} - -// GetRequireConsistent is required to implement blockingQueryOptions -func (q *QueryOptions) GetRequireConsistent() bool { - if q != nil { - return q.RequireConsistent - } - return false -} - -// GetToken is required to implement blockingQueryOptions -func (q *QueryOptions) GetToken() string { - if q != nil { - return q.Token - } - return "" -} - -// GetAllowStale is required to implement structs.QueryOptionsCompat -func (q *QueryOptions) GetAllowStale() bool { - if q != nil { - return q.AllowStale - } - return false -} - -// GetFilter is required to implement structs.QueryOptionsCompat -func (q *QueryOptions) GetFilter() string { - if q != nil { - return q.Filter - } - return "" -} - -// GetMaxAge is required to implement structs.QueryOptionsCompat -func (q *QueryOptions) GetMaxAge() (time.Duration, error) { - if q != nil { - return structs.DurationFromProtoGogo(q.MaxAge), nil - } - return 0, nil -} - -// GetMaxStaleDuration is required to implement structs.QueryOptionsCompat -func (q *QueryOptions) GetMaxStaleDuration() (time.Duration, error) { - if q != nil { - return structs.DurationFromProtoGogo(q.MaxStaleDuration), nil - } - return 0, nil -} - -// GetMustRevalidate is required to implement structs.QueryOptionsCompat -func (q *QueryOptions) GetMustRevalidate() bool { - if q != nil { - return q.MustRevalidate - } - return false -} - -// GetStaleIfError is required to implement structs.QueryOptionsCompat -func (q *QueryOptions) GetStaleIfError() (time.Duration, error) { - if q != nil { - return structs.DurationFromProtoGogo(q.StaleIfError), nil - } - return 0, nil -} - -// GetUseCache is required to implement structs.QueryOptionsCompat -func (q *QueryOptions) GetUseCache() bool { - if q != nil { - return q.UseCache - } - return false -} - -// SetLastContact is needed to implement the structs.QueryMetaCompat interface -func (q *QueryMeta) SetLastContact(lastContact time.Duration) { - q.LastContact = structs.DurationToProtoGogo(lastContact) -} - -// SetKnownLeader is needed to implement the structs.QueryMetaCompat interface -func (q *QueryMeta) SetKnownLeader(knownLeader bool) { - q.KnownLeader = knownLeader -} - -// SetIndex is needed to implement the structs.QueryMetaCompat interface -func (q *QueryMeta) SetIndex(index uint64) { - q.Index = index -} - -// SetConsistencyLevel is needed to implement the structs.QueryMetaCompat interface -func (q *QueryMeta) SetConsistencyLevel(consistencyLevel string) { - q.ConsistencyLevel = consistencyLevel -} - -func (q *QueryMeta) GetBackend() structs.QueryBackend { - return structs.QueryBackend(0) -} - -// SetResultsFilteredByACLs is needed to implement the structs.QueryMetaCompat interface -func (q *QueryMeta) SetResultsFilteredByACLs(v bool) { - q.ResultsFilteredByACLs = v -} - -// GetIndex is required to implement blockingQueryResponseMeta -func (q *QueryMeta) GetIndex() uint64 { - if q != nil { - return q.Index - } - return 0 -} - -// GetConsistencyLevel is required to implement structs.QueryMetaCompat -func (q *QueryMeta) GetConsistencyLevel() string { - if q != nil { - return q.ConsistencyLevel - } - return "" -} - -// GetKnownLeader is required to implement structs.QueryMetaCompat -func (q *QueryMeta) GetKnownLeader() bool { - if q != nil { - return q.KnownLeader - } - return false -} - -// GetLastContact is required to implement structs.QueryMetaCompat -func (q *QueryMeta) GetLastContact() (time.Duration, error) { - if q != nil { - return structs.DurationFromProtoGogo(q.LastContact), nil - } - return 0, nil -} - -// GetResultsFilteredByACLs is required to implement structs.QueryMetaCompat -func (q *QueryMeta) GetResultsFilteredByACLs() bool { - if q != nil { - return q.ResultsFilteredByACLs - } - return false -} - -// WriteRequest only applies to writes, always false -// -// IsRead implements structs.RPCInfo -func (w WriteRequest) IsRead() bool { - return false -} - -// SetTokenSecret implements structs.RPCInfo -func (w WriteRequest) TokenSecret() string { - return w.Token -} - -// SetTokenSecret implements structs.RPCInfo -func (w *WriteRequest) SetTokenSecret(s string) { - w.Token = s -} - -// AllowStaleRead returns whether a stale read should be allowed -// -// AllowStaleRead implements structs.RPCInfo -func (w WriteRequest) AllowStaleRead() bool { - return false -} - -// HasTimedOut implements structs.RPCInfo -func (w WriteRequest) HasTimedOut(start time.Time, rpcHoldTimeout, _, _ time.Duration) (bool, error) { - return time.Since(start) > rpcHoldTimeout, nil -} - -// IsRead implements structs.RPCInfo -func (r *ReadRequest) IsRead() bool { - return true -} - -// AllowStaleRead implements structs.RPCInfo -func (r *ReadRequest) AllowStaleRead() bool { - // TODO(partitions): plumb this? - return false -} - -// TokenSecret implements structs.RPCInfo -func (r *ReadRequest) TokenSecret() string { - return r.Token -} - -// SetTokenSecret implements structs.RPCInfo -func (r *ReadRequest) SetTokenSecret(token string) { - r.Token = token -} - -// HasTimedOut implements structs.RPCInfo -func (r *ReadRequest) HasTimedOut(start time.Time, rpcHoldTimeout, maxQueryTime, defaultQueryTime time.Duration) (bool, error) { - return time.Since(start) > rpcHoldTimeout, nil -} - -// RequestDatacenter implements structs.RPCInfo -func (td TargetDatacenter) RequestDatacenter() string { - return td.Datacenter -} diff --git a/proto/pbcommongogo/common.pb.binary.go b/proto/pbcommongogo/common.pb.binary.go deleted file mode 100644 index 2e6b57496..000000000 --- a/proto/pbcommongogo/common.pb.binary.go +++ /dev/null @@ -1,78 +0,0 @@ -// Code generated by protoc-gen-go-binary. DO NOT EDIT. -// source: proto/pbcommongogo/common.proto - -package pbcommongogo - -import ( - "github.com/golang/protobuf/proto" -) - -// MarshalBinary implements encoding.BinaryMarshaler -func (msg *RaftIndex) MarshalBinary() ([]byte, error) { - return proto.Marshal(msg) -} - -// UnmarshalBinary implements encoding.BinaryUnmarshaler -func (msg *RaftIndex) UnmarshalBinary(b []byte) error { - return proto.Unmarshal(b, msg) -} - -// MarshalBinary implements encoding.BinaryMarshaler -func (msg *TargetDatacenter) MarshalBinary() ([]byte, error) { - return proto.Marshal(msg) -} - -// UnmarshalBinary implements encoding.BinaryUnmarshaler -func (msg *TargetDatacenter) UnmarshalBinary(b []byte) error { - return proto.Unmarshal(b, msg) -} - -// MarshalBinary implements encoding.BinaryMarshaler -func (msg *WriteRequest) MarshalBinary() ([]byte, error) { - return proto.Marshal(msg) -} - -// UnmarshalBinary implements encoding.BinaryUnmarshaler -func (msg *WriteRequest) UnmarshalBinary(b []byte) error { - return proto.Unmarshal(b, msg) -} - -// MarshalBinary implements encoding.BinaryMarshaler -func (msg *ReadRequest) MarshalBinary() ([]byte, error) { - return proto.Marshal(msg) -} - -// UnmarshalBinary implements encoding.BinaryUnmarshaler -func (msg *ReadRequest) UnmarshalBinary(b []byte) error { - return proto.Unmarshal(b, msg) -} - -// MarshalBinary implements encoding.BinaryMarshaler -func (msg *QueryOptions) MarshalBinary() ([]byte, error) { - return proto.Marshal(msg) -} - -// UnmarshalBinary implements encoding.BinaryUnmarshaler -func (msg *QueryOptions) UnmarshalBinary(b []byte) error { - return proto.Unmarshal(b, msg) -} - -// MarshalBinary implements encoding.BinaryMarshaler -func (msg *QueryMeta) MarshalBinary() ([]byte, error) { - return proto.Marshal(msg) -} - -// UnmarshalBinary implements encoding.BinaryUnmarshaler -func (msg *QueryMeta) UnmarshalBinary(b []byte) error { - return proto.Unmarshal(b, msg) -} - -// MarshalBinary implements encoding.BinaryMarshaler -func (msg *EnterpriseMeta) MarshalBinary() ([]byte, error) { - return proto.Marshal(msg) -} - -// UnmarshalBinary implements encoding.BinaryUnmarshaler -func (msg *EnterpriseMeta) UnmarshalBinary(b []byte) error { - return proto.Unmarshal(b, msg) -} diff --git a/proto/pbcommongogo/common.pb.go b/proto/pbcommongogo/common.pb.go deleted file mode 100644 index 07db0feaa..000000000 --- a/proto/pbcommongogo/common.pb.go +++ /dev/null @@ -1,2036 +0,0 @@ -// Code generated by protoc-gen-gogo. DO NOT EDIT. -// source: proto/pbcommongogo/common.proto - -package pbcommongogo - -import ( - fmt "fmt" - _ "github.com/gogo/protobuf/gogoproto" - types "github.com/gogo/protobuf/types" - proto "github.com/golang/protobuf/proto" - io "io" - math "math" - math_bits "math/bits" -) - -// Reference imports to suppress errors if they are not otherwise used. -var _ = proto.Marshal -var _ = fmt.Errorf -var _ = math.Inf - -// This is a compile-time assertion to ensure that this generated file -// is compatible with the proto package it is being compiled against. -// A compilation error at this line likely means your copy of the -// proto package needs to be updated. -const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package - -// RaftIndex is used to track the index used while creating -// or modifying a given struct type. -// -// mog annotation: -// -// target=github.com/hashicorp/consul/agent/structs.RaftIndex -// output=common.gen.go -// name=Structs -type RaftIndex struct { - CreateIndex uint64 `protobuf:"varint,1,opt,name=CreateIndex,proto3" json:"CreateIndex,omitempty" bexpr:"-"` - ModifyIndex uint64 `protobuf:"varint,2,opt,name=ModifyIndex,proto3" json:"ModifyIndex,omitempty" bexpr:"-"` -} - -func (m *RaftIndex) Reset() { *m = RaftIndex{} } -func (m *RaftIndex) String() string { return proto.CompactTextString(m) } -func (*RaftIndex) ProtoMessage() {} -func (*RaftIndex) Descriptor() ([]byte, []int) { - return fileDescriptor_a834024536145257, []int{0} -} -func (m *RaftIndex) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *RaftIndex) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_RaftIndex.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil - } -} -func (m *RaftIndex) XXX_Merge(src proto.Message) { - xxx_messageInfo_RaftIndex.Merge(m, src) -} -func (m *RaftIndex) XXX_Size() int { - return m.Size() -} -func (m *RaftIndex) XXX_DiscardUnknown() { - xxx_messageInfo_RaftIndex.DiscardUnknown(m) -} - -var xxx_messageInfo_RaftIndex proto.InternalMessageInfo - -// TargetDatacenter is intended to be used within other messages used for RPC routing -// amongst the various Consul datacenters -type TargetDatacenter struct { - Datacenter string `protobuf:"bytes,1,opt,name=Datacenter,proto3" json:"Datacenter,omitempty"` -} - -func (m *TargetDatacenter) Reset() { *m = TargetDatacenter{} } -func (m *TargetDatacenter) String() string { return proto.CompactTextString(m) } -func (*TargetDatacenter) ProtoMessage() {} -func (*TargetDatacenter) Descriptor() ([]byte, []int) { - return fileDescriptor_a834024536145257, []int{1} -} -func (m *TargetDatacenter) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *TargetDatacenter) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_TargetDatacenter.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil - } -} -func (m *TargetDatacenter) XXX_Merge(src proto.Message) { - xxx_messageInfo_TargetDatacenter.Merge(m, src) -} -func (m *TargetDatacenter) XXX_Size() int { - return m.Size() -} -func (m *TargetDatacenter) XXX_DiscardUnknown() { - xxx_messageInfo_TargetDatacenter.DiscardUnknown(m) -} - -var xxx_messageInfo_TargetDatacenter proto.InternalMessageInfo - -type WriteRequest struct { - // Token is the ACL token ID. If not provided, the 'anonymous' - // token is assumed for backwards compatibility. - Token string `protobuf:"bytes,1,opt,name=Token,proto3" json:"Token,omitempty"` -} - -func (m *WriteRequest) Reset() { *m = WriteRequest{} } -func (m *WriteRequest) String() string { return proto.CompactTextString(m) } -func (*WriteRequest) ProtoMessage() {} -func (*WriteRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_a834024536145257, []int{2} -} -func (m *WriteRequest) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *WriteRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_WriteRequest.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil - } -} -func (m *WriteRequest) XXX_Merge(src proto.Message) { - xxx_messageInfo_WriteRequest.Merge(m, src) -} -func (m *WriteRequest) XXX_Size() int { - return m.Size() -} -func (m *WriteRequest) XXX_DiscardUnknown() { - xxx_messageInfo_WriteRequest.DiscardUnknown(m) -} - -var xxx_messageInfo_WriteRequest proto.InternalMessageInfo - -// ReadRequest is a type that may be embedded into any requests for read -// operations. -// It is a replacement for QueryOptions now that we no longer need any of those -// fields because we are moving away from using blocking queries. -// It is also similar to WriteRequest. It is a separate type so that in the -// future we can introduce fields that may only be relevant for reads. -type ReadRequest struct { - // Token is the ACL token ID. If not provided, the 'anonymous' - // token is assumed for backwards compatibility. - Token string `protobuf:"bytes,1,opt,name=Token,proto3" json:"Token,omitempty"` - // RequireConsistent indicates that the request must be sent to the leader. - RequireConsistent bool `protobuf:"varint,2,opt,name=RequireConsistent,proto3" json:"RequireConsistent,omitempty"` -} - -func (m *ReadRequest) Reset() { *m = ReadRequest{} } -func (m *ReadRequest) String() string { return proto.CompactTextString(m) } -func (*ReadRequest) ProtoMessage() {} -func (*ReadRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_a834024536145257, []int{3} -} -func (m *ReadRequest) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *ReadRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_ReadRequest.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil - } -} -func (m *ReadRequest) XXX_Merge(src proto.Message) { - xxx_messageInfo_ReadRequest.Merge(m, src) -} -func (m *ReadRequest) XXX_Size() int { - return m.Size() -} -func (m *ReadRequest) XXX_DiscardUnknown() { - xxx_messageInfo_ReadRequest.DiscardUnknown(m) -} - -var xxx_messageInfo_ReadRequest proto.InternalMessageInfo - -// QueryOptions is used to specify various flags for read queries -// -// mog annotation: -// -// target=github.com/hashicorp/consul/agent/structs.QueryOptions -// output=common.gen.go -// name=Structs -// ignore-fields=StaleIfError,AllowNotModifiedResponse -type QueryOptions struct { - // Token is the ACL token ID. If not provided, the 'anonymous' - // token is assumed for backwards compatibility. - Token string `protobuf:"bytes,1,opt,name=Token,proto3" json:"Token,omitempty"` - // If set, wait until query exceeds given index. Must be provided - // with MaxQueryTime. - MinQueryIndex uint64 `protobuf:"varint,2,opt,name=MinQueryIndex,proto3" json:"MinQueryIndex,omitempty"` - // Provided with MinQueryIndex to wait for change. - // mog: func-to=structs.DurationFromProtoGogo func-from=structs.DurationToProtoGogo - MaxQueryTime types.Duration `protobuf:"bytes,3,opt,name=MaxQueryTime,proto3" json:"MaxQueryTime"` - // If set, any follower can service the request. Results - // may be arbitrarily stale. - AllowStale bool `protobuf:"varint,4,opt,name=AllowStale,proto3" json:"AllowStale,omitempty"` - // If set, the leader must verify leadership prior to - // servicing the request. Prevents a stale read. - RequireConsistent bool `protobuf:"varint,5,opt,name=RequireConsistent,proto3" json:"RequireConsistent,omitempty"` - // If set, the local agent may respond with an arbitrarily stale locally - // cached response. The semantics differ from AllowStale since the agent may - // be entirely partitioned from the servers and still considered "healthy" by - // operators. Stale responses from Servers are also arbitrarily stale, but can - // provide additional bounds on the last contact time from the leader. It's - // expected that servers that are partitioned are noticed and replaced in a - // timely way by operators while the same may not be true for client agents. - UseCache bool `protobuf:"varint,6,opt,name=UseCache,proto3" json:"UseCache,omitempty"` - // If set and AllowStale is true, will try first a stale - // read, and then will perform a consistent read if stale - // read is older than value. - // mog: func-to=structs.DurationFromProtoGogo func-from=structs.DurationToProtoGogo - MaxStaleDuration types.Duration `protobuf:"bytes,7,opt,name=MaxStaleDuration,proto3" json:"MaxStaleDuration"` - // MaxAge limits how old a cached value will be returned if UseCache is true. - // If there is a cached response that is older than the MaxAge, it is treated - // as a cache miss and a new fetch invoked. If the fetch fails, the error is - // returned. Clients that wish to allow for stale results on error can set - // StaleIfError to a longer duration to change this behavior. It is ignored - // if the endpoint supports background refresh caching. See - // https://www.consul.io/api/index.html#agent-caching for more details. - // mog: func-to=structs.DurationFromProtoGogo func-from=structs.DurationToProtoGogo - MaxAge types.Duration `protobuf:"bytes,8,opt,name=MaxAge,proto3" json:"MaxAge"` - // MustRevalidate forces the agent to fetch a fresh version of a cached - // resource or at least validate that the cached version is still fresh. It is - // implied by either max-age=0 or must-revalidate Cache-Control headers. It - // only makes sense when UseCache is true. We store it since MaxAge = 0 is the - // default unset value. - MustRevalidate bool `protobuf:"varint,9,opt,name=MustRevalidate,proto3" json:"MustRevalidate,omitempty"` - // StaleIfError specifies how stale the client will accept a cached response - // if the servers are unavailable to fetch a fresh one. Only makes sense when - // UseCache is true and MaxAge is set to a lower, non-zero value. It is - // ignored if the endpoint supports background refresh caching. See - // https://www.consul.io/api/index.html#agent-caching for more details. - StaleIfError types.Duration `protobuf:"bytes,10,opt,name=StaleIfError,proto3" json:"StaleIfError"` - // Filter specifies the go-bexpr filter expression to be used for - // filtering the data prior to returning a response - Filter string `protobuf:"bytes,11,opt,name=Filter,proto3" json:"Filter,omitempty"` -} - -func (m *QueryOptions) Reset() { *m = QueryOptions{} } -func (m *QueryOptions) String() string { return proto.CompactTextString(m) } -func (*QueryOptions) ProtoMessage() {} -func (*QueryOptions) Descriptor() ([]byte, []int) { - return fileDescriptor_a834024536145257, []int{4} -} -func (m *QueryOptions) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *QueryOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_QueryOptions.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil - } -} -func (m *QueryOptions) XXX_Merge(src proto.Message) { - xxx_messageInfo_QueryOptions.Merge(m, src) -} -func (m *QueryOptions) XXX_Size() int { - return m.Size() -} -func (m *QueryOptions) XXX_DiscardUnknown() { - xxx_messageInfo_QueryOptions.DiscardUnknown(m) -} - -var xxx_messageInfo_QueryOptions proto.InternalMessageInfo - -// QueryMeta allows a query response to include potentially -// useful metadata about a query -// -// mog annotation: -// -// target=github.com/hashicorp/consul/agent/structs.QueryMeta -// output=common.gen.go -// name=Structs -// ignore-fields=NotModified,Backend -type QueryMeta struct { - // This is the index associated with the read - Index uint64 `protobuf:"varint,1,opt,name=Index,proto3" json:"Index,omitempty"` - // If AllowStale is used, this is time elapsed since - // last contact between the follower and leader. This - // can be used to gauge staleness. - // mog: func-to=structs.DurationFromProtoGogo func-from=structs.DurationToProtoGogo - LastContact types.Duration `protobuf:"bytes,2,opt,name=LastContact,proto3" json:"LastContact"` - // Used to indicate if there is a known leader node - KnownLeader bool `protobuf:"varint,3,opt,name=KnownLeader,proto3" json:"KnownLeader,omitempty"` - // Consistencylevel returns the consistency used to serve the query - // Having `discovery_max_stale` on the agent can affect whether - // the request was served by a leader. - ConsistencyLevel string `protobuf:"bytes,4,opt,name=ConsistencyLevel,proto3" json:"ConsistencyLevel,omitempty"` - // ResultsFilteredByACLs is true when some of the query's results were - // filtered out by enforcing ACLs. It may be false because nothing was - // removed, or because the endpoint does not yet support this flag. - ResultsFilteredByACLs bool `protobuf:"varint,7,opt,name=ResultsFilteredByACLs,proto3" json:"ResultsFilteredByACLs,omitempty"` -} - -func (m *QueryMeta) Reset() { *m = QueryMeta{} } -func (m *QueryMeta) String() string { return proto.CompactTextString(m) } -func (*QueryMeta) ProtoMessage() {} -func (*QueryMeta) Descriptor() ([]byte, []int) { - return fileDescriptor_a834024536145257, []int{5} -} -func (m *QueryMeta) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *QueryMeta) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_QueryMeta.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil - } -} -func (m *QueryMeta) XXX_Merge(src proto.Message) { - xxx_messageInfo_QueryMeta.Merge(m, src) -} -func (m *QueryMeta) XXX_Size() int { - return m.Size() -} -func (m *QueryMeta) XXX_DiscardUnknown() { - xxx_messageInfo_QueryMeta.DiscardUnknown(m) -} - -var xxx_messageInfo_QueryMeta proto.InternalMessageInfo - -// EnterpriseMeta contains metadata that is only used by the Enterprise version -// of Consul. -type EnterpriseMeta struct { - // Namespace in which the entity exists. - Namespace string `protobuf:"bytes,1,opt,name=Namespace,proto3" json:"Namespace,omitempty"` - // Partition in which the entity exists. - Partition string `protobuf:"bytes,2,opt,name=Partition,proto3" json:"Partition,omitempty"` -} - -func (m *EnterpriseMeta) Reset() { *m = EnterpriseMeta{} } -func (m *EnterpriseMeta) String() string { return proto.CompactTextString(m) } -func (*EnterpriseMeta) ProtoMessage() {} -func (*EnterpriseMeta) Descriptor() ([]byte, []int) { - return fileDescriptor_a834024536145257, []int{6} -} -func (m *EnterpriseMeta) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *EnterpriseMeta) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_EnterpriseMeta.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil - } -} -func (m *EnterpriseMeta) XXX_Merge(src proto.Message) { - xxx_messageInfo_EnterpriseMeta.Merge(m, src) -} -func (m *EnterpriseMeta) XXX_Size() int { - return m.Size() -} -func (m *EnterpriseMeta) XXX_DiscardUnknown() { - xxx_messageInfo_EnterpriseMeta.DiscardUnknown(m) -} - -var xxx_messageInfo_EnterpriseMeta proto.InternalMessageInfo - -func init() { - proto.RegisterType((*RaftIndex)(nil), "commongogo.RaftIndex") - proto.RegisterType((*TargetDatacenter)(nil), "commongogo.TargetDatacenter") - proto.RegisterType((*WriteRequest)(nil), "commongogo.WriteRequest") - proto.RegisterType((*ReadRequest)(nil), "commongogo.ReadRequest") - proto.RegisterType((*QueryOptions)(nil), "commongogo.QueryOptions") - proto.RegisterType((*QueryMeta)(nil), "commongogo.QueryMeta") - proto.RegisterType((*EnterpriseMeta)(nil), "commongogo.EnterpriseMeta") -} - -func init() { proto.RegisterFile("proto/pbcommongogo/common.proto", fileDescriptor_a834024536145257) } - -var fileDescriptor_a834024536145257 = []byte{ - // 639 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x8c, 0x54, 0xc1, 0x6e, 0xd3, 0x40, - 0x10, 0x4d, 0x4a, 0x9a, 0x26, 0x93, 0xb6, 0x0a, 0xab, 0x82, 0x4c, 0x85, 0xdc, 0xca, 0xaa, 0x50, - 0x85, 0x20, 0x96, 0x0a, 0x12, 0x12, 0xb7, 0x24, 0x2d, 0x52, 0xdb, 0x18, 0xda, 0xa5, 0x08, 0x89, - 0xdb, 0xc6, 0x9e, 0x38, 0x16, 0x8e, 0xd7, 0xec, 0xae, 0xdb, 0xe4, 0xce, 0x07, 0x70, 0xe4, 0x93, - 0x7a, 0xec, 0x91, 0x53, 0x05, 0xcd, 0x1f, 0x20, 0x3e, 0x00, 0x79, 0x9d, 0xb6, 0x2e, 0x69, 0x51, - 0x6e, 0x9e, 0x37, 0xef, 0xed, 0xce, 0xcc, 0x9b, 0x35, 0xac, 0xc5, 0x82, 0x2b, 0x6e, 0xc7, 0x5d, - 0x97, 0x0f, 0x06, 0x3c, 0xf2, 0xb9, 0xcf, 0xed, 0xec, 0xb3, 0xa1, 0x33, 0x04, 0xae, 0x13, 0xab, - 0xa6, 0xcf, 0xb9, 0x1f, 0xa2, 0xad, 0x33, 0xdd, 0xa4, 0x67, 0x7b, 0x89, 0x60, 0x2a, 0xb8, 0xe4, - 0xae, 0xae, 0xa4, 0xac, 0xec, 0xc0, 0xf4, 0x2b, 0x43, 0xad, 0x01, 0x54, 0x29, 0xeb, 0xa9, 0xdd, - 0xc8, 0xc3, 0x21, 0xb1, 0xa1, 0xd6, 0x16, 0xc8, 0x14, 0xea, 0xd0, 0x28, 0xae, 0x17, 0x37, 0x4b, - 0xad, 0xa5, 0xdf, 0xe7, 0x6b, 0xd5, 0x2e, 0x0e, 0x63, 0xf1, 0xda, 0x7a, 0x6e, 0xd1, 0x3c, 0x23, - 0x15, 0x38, 0xdc, 0x0b, 0x7a, 0xa3, 0x4c, 0x30, 0x77, 0xab, 0x20, 0xc7, 0xb0, 0xb6, 0xa0, 0x7e, - 0xc4, 0x84, 0x8f, 0x6a, 0x9b, 0x29, 0xe6, 0x62, 0xa4, 0x50, 0x10, 0x13, 0xe0, 0x3a, 0xd2, 0x97, - 0x56, 0x69, 0x0e, 0xb1, 0x36, 0x60, 0xf1, 0xa3, 0x08, 0x14, 0x52, 0xfc, 0x92, 0xa0, 0x54, 0x64, - 0x05, 0xe6, 0x8f, 0xf8, 0x67, 0x8c, 0x26, 0xd4, 0x2c, 0xb0, 0x0e, 0xa1, 0x46, 0x91, 0x79, 0xff, - 0x25, 0x91, 0x67, 0x70, 0x3f, 0x25, 0x04, 0x02, 0xdb, 0x3c, 0x92, 0x81, 0x54, 0x18, 0x29, 0x5d, - 0x75, 0x85, 0x4e, 0x27, 0xac, 0xaf, 0x25, 0x58, 0x3c, 0x4c, 0x50, 0x8c, 0xde, 0xc5, 0xe9, 0x1c, - 0xe5, 0x1d, 0x87, 0x6e, 0xc0, 0x92, 0x13, 0x44, 0x9a, 0x98, 0x1b, 0x03, 0xbd, 0x09, 0x92, 0x36, - 0x2c, 0x3a, 0x6c, 0xa8, 0x81, 0xa3, 0x60, 0x80, 0xc6, 0xbd, 0xf5, 0xe2, 0x66, 0x6d, 0xeb, 0x51, - 0x23, 0x73, 0xad, 0x71, 0xe9, 0x5a, 0x63, 0x7b, 0xe2, 0x5a, 0xab, 0x74, 0x7a, 0xbe, 0x56, 0xa0, - 0x37, 0x44, 0xe9, 0xa8, 0x9a, 0x61, 0xc8, 0x4f, 0xde, 0x2b, 0x16, 0xa2, 0x51, 0xd2, 0x85, 0xe7, - 0x90, 0xdb, 0xfb, 0x9b, 0xbf, 0xa3, 0x3f, 0xb2, 0x0a, 0x95, 0x0f, 0x12, 0xdb, 0xcc, 0xed, 0xa3, - 0x51, 0xd6, 0xa4, 0xab, 0x98, 0xec, 0x43, 0xdd, 0x61, 0x43, 0x7d, 0xea, 0x65, 0x45, 0xc6, 0xc2, - 0x6c, 0x25, 0x4f, 0x09, 0xc9, 0x2b, 0x28, 0x3b, 0x6c, 0xd8, 0xf4, 0xd1, 0xa8, 0xcc, 0x76, 0xc4, - 0x84, 0x4e, 0x9e, 0xc0, 0xb2, 0x93, 0x48, 0x45, 0xf1, 0x98, 0x85, 0x81, 0xc7, 0x14, 0x1a, 0x55, - 0x5d, 0xe7, 0x3f, 0x68, 0x3a, 0x5c, 0x7d, 0xe3, 0x6e, 0x6f, 0x47, 0x08, 0x2e, 0x0c, 0x98, 0x71, - 0xb8, 0x79, 0x11, 0x79, 0x08, 0xe5, 0x37, 0x41, 0x98, 0xee, 0x60, 0x4d, 0xdb, 0x3b, 0x89, 0xac, - 0x3f, 0x45, 0xa8, 0x6a, 0x0b, 0x1c, 0x54, 0x2c, 0xdd, 0x81, 0xdc, 0xeb, 0xa0, 0x59, 0x40, 0x9a, - 0x50, 0xeb, 0x30, 0xa9, 0xda, 0x3c, 0x52, 0xcc, 0xcd, 0x56, 0x6a, 0x86, 0xfb, 0xf3, 0x1a, 0xb2, - 0x0e, 0xb5, 0xfd, 0x88, 0x9f, 0x44, 0x1d, 0x64, 0x1e, 0x0a, 0xbd, 0x1f, 0x15, 0x9a, 0x87, 0xc8, - 0x53, 0xa8, 0x5f, 0xb9, 0xe7, 0x8e, 0x3a, 0x78, 0x8c, 0xa1, 0xde, 0x81, 0x2a, 0x9d, 0xc2, 0xc9, - 0x4b, 0x78, 0x40, 0x51, 0x26, 0xa1, 0x92, 0x59, 0x17, 0xe8, 0xb5, 0x46, 0xcd, 0x76, 0x47, 0x6a, - 0x13, 0x2b, 0xf4, 0xf6, 0xe4, 0x5e, 0xa9, 0x32, 0x5f, 0x2f, 0xef, 0x95, 0x2a, 0xe5, 0xfa, 0x82, - 0xd5, 0x81, 0xe5, 0x9d, 0xf4, 0xfd, 0xc5, 0x22, 0x90, 0xa8, 0x5b, 0x7f, 0x0c, 0xd5, 0xb7, 0x6c, - 0x80, 0x32, 0x66, 0x2e, 0x4e, 0x9e, 0xc0, 0x35, 0x90, 0x66, 0x0f, 0x98, 0x50, 0x81, 0x5e, 0x95, - 0xb9, 0x2c, 0x7b, 0x05, 0xb4, 0x0e, 0x4e, 0x7f, 0x99, 0x85, 0xd3, 0x0b, 0xb3, 0x78, 0x76, 0x61, - 0x16, 0x7f, 0x5e, 0x98, 0xc5, 0x6f, 0x63, 0xb3, 0xf0, 0x7d, 0x6c, 0x16, 0xce, 0xc6, 0x66, 0xe1, - 0xc7, 0xd8, 0x2c, 0x7c, 0x6a, 0xf8, 0x81, 0xea, 0x27, 0xdd, 0x86, 0xcb, 0x07, 0x76, 0x9f, 0xc9, - 0x7e, 0xe0, 0x72, 0x11, 0xdb, 0x2e, 0x8f, 0x64, 0x12, 0xda, 0xd3, 0x3f, 0xc2, 0x6e, 0x59, 0x63, - 0x2f, 0xfe, 0x06, 0x00, 0x00, 0xff, 0xff, 0x17, 0x8b, 0xc5, 0x82, 0x25, 0x05, 0x00, 0x00, -} - -func (m *RaftIndex) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *RaftIndex) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *RaftIndex) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if m.ModifyIndex != 0 { - i = encodeVarintCommon(dAtA, i, uint64(m.ModifyIndex)) - i-- - dAtA[i] = 0x10 - } - if m.CreateIndex != 0 { - i = encodeVarintCommon(dAtA, i, uint64(m.CreateIndex)) - i-- - dAtA[i] = 0x8 - } - return len(dAtA) - i, nil -} - -func (m *TargetDatacenter) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *TargetDatacenter) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *TargetDatacenter) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if len(m.Datacenter) > 0 { - i -= len(m.Datacenter) - copy(dAtA[i:], m.Datacenter) - i = encodeVarintCommon(dAtA, i, uint64(len(m.Datacenter))) - i-- - dAtA[i] = 0xa - } - return len(dAtA) - i, nil -} - -func (m *WriteRequest) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *WriteRequest) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *WriteRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if len(m.Token) > 0 { - i -= len(m.Token) - copy(dAtA[i:], m.Token) - i = encodeVarintCommon(dAtA, i, uint64(len(m.Token))) - i-- - dAtA[i] = 0xa - } - return len(dAtA) - i, nil -} - -func (m *ReadRequest) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *ReadRequest) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *ReadRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if m.RequireConsistent { - i-- - if m.RequireConsistent { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x10 - } - if len(m.Token) > 0 { - i -= len(m.Token) - copy(dAtA[i:], m.Token) - i = encodeVarintCommon(dAtA, i, uint64(len(m.Token))) - i-- - dAtA[i] = 0xa - } - return len(dAtA) - i, nil -} - -func (m *QueryOptions) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *QueryOptions) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *QueryOptions) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if len(m.Filter) > 0 { - i -= len(m.Filter) - copy(dAtA[i:], m.Filter) - i = encodeVarintCommon(dAtA, i, uint64(len(m.Filter))) - i-- - dAtA[i] = 0x5a - } - { - size, err := m.StaleIfError.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintCommon(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x52 - if m.MustRevalidate { - i-- - if m.MustRevalidate { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x48 - } - { - size, err := m.MaxAge.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintCommon(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x42 - { - size, err := m.MaxStaleDuration.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintCommon(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x3a - if m.UseCache { - i-- - if m.UseCache { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x30 - } - if m.RequireConsistent { - i-- - if m.RequireConsistent { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x28 - } - if m.AllowStale { - i-- - if m.AllowStale { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x20 - } - { - size, err := m.MaxQueryTime.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintCommon(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x1a - if m.MinQueryIndex != 0 { - i = encodeVarintCommon(dAtA, i, uint64(m.MinQueryIndex)) - i-- - dAtA[i] = 0x10 - } - if len(m.Token) > 0 { - i -= len(m.Token) - copy(dAtA[i:], m.Token) - i = encodeVarintCommon(dAtA, i, uint64(len(m.Token))) - i-- - dAtA[i] = 0xa - } - return len(dAtA) - i, nil -} - -func (m *QueryMeta) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *QueryMeta) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *QueryMeta) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if m.ResultsFilteredByACLs { - i-- - if m.ResultsFilteredByACLs { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x38 - } - if len(m.ConsistencyLevel) > 0 { - i -= len(m.ConsistencyLevel) - copy(dAtA[i:], m.ConsistencyLevel) - i = encodeVarintCommon(dAtA, i, uint64(len(m.ConsistencyLevel))) - i-- - dAtA[i] = 0x22 - } - if m.KnownLeader { - i-- - if m.KnownLeader { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x18 - } - { - size, err := m.LastContact.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintCommon(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x12 - if m.Index != 0 { - i = encodeVarintCommon(dAtA, i, uint64(m.Index)) - i-- - dAtA[i] = 0x8 - } - return len(dAtA) - i, nil -} - -func (m *EnterpriseMeta) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *EnterpriseMeta) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *EnterpriseMeta) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if len(m.Partition) > 0 { - i -= len(m.Partition) - copy(dAtA[i:], m.Partition) - i = encodeVarintCommon(dAtA, i, uint64(len(m.Partition))) - i-- - dAtA[i] = 0x12 - } - if len(m.Namespace) > 0 { - i -= len(m.Namespace) - copy(dAtA[i:], m.Namespace) - i = encodeVarintCommon(dAtA, i, uint64(len(m.Namespace))) - i-- - dAtA[i] = 0xa - } - return len(dAtA) - i, nil -} - -func encodeVarintCommon(dAtA []byte, offset int, v uint64) int { - offset -= sovCommon(v) - base := offset - for v >= 1<<7 { - dAtA[offset] = uint8(v&0x7f | 0x80) - v >>= 7 - offset++ - } - dAtA[offset] = uint8(v) - return base -} -func (m *RaftIndex) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - if m.CreateIndex != 0 { - n += 1 + sovCommon(uint64(m.CreateIndex)) - } - if m.ModifyIndex != 0 { - n += 1 + sovCommon(uint64(m.ModifyIndex)) - } - return n -} - -func (m *TargetDatacenter) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.Datacenter) - if l > 0 { - n += 1 + l + sovCommon(uint64(l)) - } - return n -} - -func (m *WriteRequest) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.Token) - if l > 0 { - n += 1 + l + sovCommon(uint64(l)) - } - return n -} - -func (m *ReadRequest) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.Token) - if l > 0 { - n += 1 + l + sovCommon(uint64(l)) - } - if m.RequireConsistent { - n += 2 - } - return n -} - -func (m *QueryOptions) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.Token) - if l > 0 { - n += 1 + l + sovCommon(uint64(l)) - } - if m.MinQueryIndex != 0 { - n += 1 + sovCommon(uint64(m.MinQueryIndex)) - } - l = m.MaxQueryTime.Size() - n += 1 + l + sovCommon(uint64(l)) - if m.AllowStale { - n += 2 - } - if m.RequireConsistent { - n += 2 - } - if m.UseCache { - n += 2 - } - l = m.MaxStaleDuration.Size() - n += 1 + l + sovCommon(uint64(l)) - l = m.MaxAge.Size() - n += 1 + l + sovCommon(uint64(l)) - if m.MustRevalidate { - n += 2 - } - l = m.StaleIfError.Size() - n += 1 + l + sovCommon(uint64(l)) - l = len(m.Filter) - if l > 0 { - n += 1 + l + sovCommon(uint64(l)) - } - return n -} - -func (m *QueryMeta) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - if m.Index != 0 { - n += 1 + sovCommon(uint64(m.Index)) - } - l = m.LastContact.Size() - n += 1 + l + sovCommon(uint64(l)) - if m.KnownLeader { - n += 2 - } - l = len(m.ConsistencyLevel) - if l > 0 { - n += 1 + l + sovCommon(uint64(l)) - } - if m.ResultsFilteredByACLs { - n += 2 - } - return n -} - -func (m *EnterpriseMeta) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.Namespace) - if l > 0 { - n += 1 + l + sovCommon(uint64(l)) - } - l = len(m.Partition) - if l > 0 { - n += 1 + l + sovCommon(uint64(l)) - } - return n -} - -func sovCommon(x uint64) (n int) { - return (math_bits.Len64(x|1) + 6) / 7 -} -func sozCommon(x uint64) (n int) { - return sovCommon(uint64((x << 1) ^ uint64((int64(x) >> 63)))) -} -func (m *RaftIndex) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: RaftIndex: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: RaftIndex: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field CreateIndex", wireType) - } - m.CreateIndex = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.CreateIndex |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - case 2: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field ModifyIndex", wireType) - } - m.ModifyIndex = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.ModifyIndex |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - default: - iNdEx = preIndex - skippy, err := skipCommon(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthCommon - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *TargetDatacenter) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: TargetDatacenter: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: TargetDatacenter: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Datacenter", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthCommon - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthCommon - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Datacenter = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipCommon(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthCommon - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *WriteRequest) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: WriteRequest: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: WriteRequest: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Token", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthCommon - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthCommon - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Token = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipCommon(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthCommon - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *ReadRequest) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: ReadRequest: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: ReadRequest: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Token", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthCommon - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthCommon - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Token = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 2: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field RequireConsistent", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.RequireConsistent = bool(v != 0) - default: - iNdEx = preIndex - skippy, err := skipCommon(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthCommon - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *QueryOptions) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: QueryOptions: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: QueryOptions: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Token", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthCommon - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthCommon - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Token = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 2: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field MinQueryIndex", wireType) - } - m.MinQueryIndex = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.MinQueryIndex |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field MaxQueryTime", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthCommon - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthCommon - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.MaxQueryTime.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 4: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field AllowStale", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.AllowStale = bool(v != 0) - case 5: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field RequireConsistent", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.RequireConsistent = bool(v != 0) - case 6: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field UseCache", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.UseCache = bool(v != 0) - case 7: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field MaxStaleDuration", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthCommon - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthCommon - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.MaxStaleDuration.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 8: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field MaxAge", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthCommon - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthCommon - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.MaxAge.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 9: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field MustRevalidate", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.MustRevalidate = bool(v != 0) - case 10: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field StaleIfError", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthCommon - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthCommon - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.StaleIfError.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 11: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Filter", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthCommon - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthCommon - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Filter = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipCommon(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthCommon - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *QueryMeta) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: QueryMeta: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: QueryMeta: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field Index", wireType) - } - m.Index = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.Index |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field LastContact", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthCommon - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthCommon - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.LastContact.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 3: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field KnownLeader", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.KnownLeader = bool(v != 0) - case 4: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ConsistencyLevel", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthCommon - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthCommon - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.ConsistencyLevel = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 7: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field ResultsFilteredByACLs", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.ResultsFilteredByACLs = bool(v != 0) - default: - iNdEx = preIndex - skippy, err := skipCommon(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthCommon - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *EnterpriseMeta) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: EnterpriseMeta: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: EnterpriseMeta: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Namespace", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthCommon - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthCommon - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Namespace = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Partition", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCommon - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthCommon - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthCommon - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Partition = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipCommon(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthCommon - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func skipCommon(dAtA []byte) (n int, err error) { - l := len(dAtA) - iNdEx := 0 - depth := 0 - for iNdEx < l { - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowCommon - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - wireType := int(wire & 0x7) - switch wireType { - case 0: - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowCommon - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - iNdEx++ - if dAtA[iNdEx-1] < 0x80 { - break - } - } - case 1: - iNdEx += 8 - case 2: - var length int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowCommon - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - length |= (int(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - if length < 0 { - return 0, ErrInvalidLengthCommon - } - iNdEx += length - case 3: - depth++ - case 4: - if depth == 0 { - return 0, ErrUnexpectedEndOfGroupCommon - } - depth-- - case 5: - iNdEx += 4 - default: - return 0, fmt.Errorf("proto: illegal wireType %d", wireType) - } - if iNdEx < 0 { - return 0, ErrInvalidLengthCommon - } - if depth == 0 { - return iNdEx, nil - } - } - return 0, io.ErrUnexpectedEOF -} - -var ( - ErrInvalidLengthCommon = fmt.Errorf("proto: negative length found during unmarshaling") - ErrIntOverflowCommon = fmt.Errorf("proto: integer overflow") - ErrUnexpectedEndOfGroupCommon = fmt.Errorf("proto: unexpected end of group") -) diff --git a/proto/pbcommongogo/common.proto b/proto/pbcommongogo/common.proto deleted file mode 100644 index 30cd847f3..000000000 --- a/proto/pbcommongogo/common.proto +++ /dev/null @@ -1,182 +0,0 @@ -syntax = "proto3"; - -package commongogo; - -option go_package = "github.com/hashicorp/consul/proto/pbcommongogo"; - -import "google/protobuf/duration.proto"; -// Go Modules now includes the version in the filepath for packages within GOPATH/pkg/mode -// Therefore unless we want to hardcode a version here like -// github.com/gogo/protobuf@v1.3.0/gogoproto/gogo.proto then the only other choice is to -// have a more relative import and pass the right import path to protoc. I don't like it -// but its necessary. -import "gogoproto/gogo.proto"; - -option (gogoproto.goproto_unkeyed_all) = false; -option (gogoproto.goproto_unrecognized_all) = false; -option (gogoproto.goproto_getters_all) = false; -option (gogoproto.goproto_sizecache_all) = false; - -// RaftIndex is used to track the index used while creating -// or modifying a given struct type. -// -// mog annotation: -// -// target=github.com/hashicorp/consul/agent/structs.RaftIndex -// output=common.gen.go -// name=Structs -message RaftIndex { - uint64 CreateIndex = 1 [(gogoproto.moretags) = "bexpr:\"-\""]; - uint64 ModifyIndex = 2 [(gogoproto.moretags) = "bexpr:\"-\""]; -} - -// TargetDatacenter is intended to be used within other messages used for RPC routing -// amongst the various Consul datacenters -message TargetDatacenter { - string Datacenter = 1; -} - -message WriteRequest { - // Token is the ACL token ID. If not provided, the 'anonymous' - // token is assumed for backwards compatibility. - string Token = 1; -} - -// ReadRequest is a type that may be embedded into any requests for read -// operations. -// It is a replacement for QueryOptions now that we no longer need any of those -// fields because we are moving away from using blocking queries. -// It is also similar to WriteRequest. It is a separate type so that in the -// future we can introduce fields that may only be relevant for reads. -message ReadRequest { - // Token is the ACL token ID. If not provided, the 'anonymous' - // token is assumed for backwards compatibility. - string Token = 1; - - // RequireConsistent indicates that the request must be sent to the leader. - bool RequireConsistent = 2; -} - - -// QueryOptions is used to specify various flags for read queries -// -// mog annotation: -// -// target=github.com/hashicorp/consul/agent/structs.QueryOptions -// output=common.gen.go -// name=Structs -// ignore-fields=StaleIfError,AllowNotModifiedResponse -message QueryOptions { - // Token is the ACL token ID. If not provided, the 'anonymous' - // token is assumed for backwards compatibility. - string Token = 1; - - // If set, wait until query exceeds given index. Must be provided - // with MaxQueryTime. - uint64 MinQueryIndex = 2; - - // Provided with MinQueryIndex to wait for change. - // mog: func-to=structs.DurationFromProtoGogo func-from=structs.DurationToProtoGogo - google.protobuf.Duration MaxQueryTime = 3 - [(gogoproto.nullable) = false]; - - // If set, any follower can service the request. Results - // may be arbitrarily stale. - bool AllowStale = 4; - - // If set, the leader must verify leadership prior to - // servicing the request. Prevents a stale read. - bool RequireConsistent = 5; - - // If set, the local agent may respond with an arbitrarily stale locally - // cached response. The semantics differ from AllowStale since the agent may - // be entirely partitioned from the servers and still considered "healthy" by - // operators. Stale responses from Servers are also arbitrarily stale, but can - // provide additional bounds on the last contact time from the leader. It's - // expected that servers that are partitioned are noticed and replaced in a - // timely way by operators while the same may not be true for client agents. - bool UseCache = 6; - - // If set and AllowStale is true, will try first a stale - // read, and then will perform a consistent read if stale - // read is older than value. - // mog: func-to=structs.DurationFromProtoGogo func-from=structs.DurationToProtoGogo - google.protobuf.Duration MaxStaleDuration = 7 - [(gogoproto.nullable) = false]; - - // MaxAge limits how old a cached value will be returned if UseCache is true. - // If there is a cached response that is older than the MaxAge, it is treated - // as a cache miss and a new fetch invoked. If the fetch fails, the error is - // returned. Clients that wish to allow for stale results on error can set - // StaleIfError to a longer duration to change this behavior. It is ignored - // if the endpoint supports background refresh caching. See - // https://www.consul.io/api/index.html#agent-caching for more details. - // mog: func-to=structs.DurationFromProtoGogo func-from=structs.DurationToProtoGogo - google.protobuf.Duration MaxAge = 8 - [(gogoproto.nullable) = false]; - - // MustRevalidate forces the agent to fetch a fresh version of a cached - // resource or at least validate that the cached version is still fresh. It is - // implied by either max-age=0 or must-revalidate Cache-Control headers. It - // only makes sense when UseCache is true. We store it since MaxAge = 0 is the - // default unset value. - bool MustRevalidate = 9; - - // StaleIfError specifies how stale the client will accept a cached response - // if the servers are unavailable to fetch a fresh one. Only makes sense when - // UseCache is true and MaxAge is set to a lower, non-zero value. It is - // ignored if the endpoint supports background refresh caching. See - // https://www.consul.io/api/index.html#agent-caching for more details. - google.protobuf.Duration StaleIfError = 10 - [(gogoproto.nullable) = false]; - - // Filter specifies the go-bexpr filter expression to be used for - // filtering the data prior to returning a response - string Filter = 11; -} - -// QueryMeta allows a query response to include potentially -// useful metadata about a query -// -// mog annotation: -// -// target=github.com/hashicorp/consul/agent/structs.QueryMeta -// output=common.gen.go -// name=Structs -// ignore-fields=NotModified,Backend -message QueryMeta { - // This is the index associated with the read - uint64 Index = 1; - - // If AllowStale is used, this is time elapsed since - // last contact between the follower and leader. This - // can be used to gauge staleness. - // mog: func-to=structs.DurationFromProtoGogo func-from=structs.DurationToProtoGogo - google.protobuf.Duration LastContact = 2 - [(gogoproto.nullable) = false]; - - // Used to indicate if there is a known leader node - bool KnownLeader = 3; - - // Consistencylevel returns the consistency used to serve the query - // Having `discovery_max_stale` on the agent can affect whether - // the request was served by a leader. - string ConsistencyLevel = 4; - - // Reserved for NotModified and Backend. - reserved 5, 6; - - // ResultsFilteredByACLs is true when some of the query's results were - // filtered out by enforcing ACLs. It may be false because nothing was - // removed, or because the endpoint does not yet support this flag. - bool ResultsFilteredByACLs = 7; -} - -// EnterpriseMeta contains metadata that is only used by the Enterprise version -// of Consul. -message EnterpriseMeta { - // Namespace in which the entity exists. - string Namespace = 1; - // Partition in which the entity exists. - string Partition = 2; -} diff --git a/proto/pbcommongogo/common_oss.go b/proto/pbcommongogo/common_oss.go deleted file mode 100644 index d24b27b69..000000000 --- a/proto/pbcommongogo/common_oss.go +++ /dev/null @@ -1,25 +0,0 @@ -//go:build !consulent -// +build !consulent - -package pbcommongogo - -import ( - "github.com/hashicorp/consul/agent/structs" -) - -var DefaultEnterpriseMeta = EnterpriseMeta{} - -func NewEnterpriseMetaFromStructs(_ structs.EnterpriseMeta) *EnterpriseMeta { - return &EnterpriseMeta{} -} - -func EnterpriseMetaToStructs(s *EnterpriseMeta, t *structs.EnterpriseMeta) { - if s == nil { - return - } -} -func EnterpriseMetaFromStructs(t *structs.EnterpriseMeta, s *EnterpriseMeta) { - if s == nil { - return - } -} diff --git a/proto/pbservice/convert_pbstruct.go b/proto/pbservice/convert_pbstruct.go index 1a09d81ef..8b1902942 100644 --- a/proto/pbservice/convert_pbstruct.go +++ b/proto/pbservice/convert_pbstruct.go @@ -4,7 +4,6 @@ import ( fmt "fmt" "reflect" - //TODO(gogo-remove): remove the types alias types "github.com/golang/protobuf/ptypes/struct" ) diff --git a/proto/pbutil/pbutil.go b/proto/pbutil/pbutil.go deleted file mode 100644 index 91736c061..000000000 --- a/proto/pbutil/pbutil.go +++ /dev/null @@ -1,23 +0,0 @@ -package pbutil - -import ( - "time" - - "github.com/gogo/protobuf/types" -) - -func DurationToProto(d time.Duration) *types.Duration { - return types.DurationProto(d) -} - -func DurationFromProto(d *types.Duration) (time.Duration, error) { - return types.DurationFromProto(d) -} - -func TimeFromProto(s *types.Timestamp) (time.Time, error) { - return types.TimestampFromProto(s) -} - -func TimeToProto(s time.Time) (*types.Timestamp, error) { - return types.TimestampProto(s) -} diff --git a/proto/translate.go b/proto/translate.go deleted file mode 100644 index 6ee90c084..000000000 --- a/proto/translate.go +++ /dev/null @@ -1,68 +0,0 @@ -package proto - -import ( - "reflect" - "time" - - "github.com/gogo/protobuf/types" -) - -var ( - tsType = reflect.TypeOf((*types.Timestamp)(nil)) - timePtrType = reflect.TypeOf((*time.Time)(nil)) - timeType = timePtrType.Elem() - mapStrInf = reflect.TypeOf((map[string]interface{})(nil)) - - epoch1970 = time.Date(1970, 1, 1, 0, 0, 0, 0, time.UTC) -) - -// HookPBTimestampToTime is a mapstructure decode hook to translate a protobuf timestamp -// to a time.Time value -func HookPBTimestampToTime(from, to reflect.Type, data interface{}) (interface{}, error) { - if to == timeType && from == tsType { - ts := data.(*types.Timestamp) - if ts.Seconds == 0 && ts.Nanos == 0 { - return time.Time{}, nil - } - return time.Unix(ts.Seconds, int64(ts.Nanos)).UTC(), nil - } - - return data, nil -} - -// HookTimeToPBtimestamp is a mapstructure decode hook to translate a time.Time value to -// a protobuf Timestamp value. -func HookTimeToPBTimestamp(from, to reflect.Type, data interface{}) (interface{}, error) { - // Note that mapstructure doesn't do direct struct to struct conversion in this case. I - // still don't completely understand why converting the PB TS to time.Time does but - // I suspect it has something to do with the struct containing a concrete time.Time - // as opposed to a pointer to a time.Time. Regardless this path through mapstructure - // first will decode the concrete time.Time into a map[string]interface{} before - // eventually decoding that map[string]interface{} into the *types.Timestamp. One - // other note is that mapstructure ends up creating a new Value and sets it it to - // the time.Time value and thats what gets passed to us. That is why we end up - // seeing a *time.Time instead of a time.Time. - if from == timePtrType && to == mapStrInf { - ts := data.(*time.Time) - - // protobuf only supports times from Jan 1 1970 onward but the time.Time type - // can represent values back to year 1. Basically - if ts.Before(epoch1970) { - return map[string]interface{}{}, nil - } - - nanos := ts.UnixNano() - if nanos < 0 { - return map[string]interface{}{}, nil - } - - seconds := nanos / 1000000000 - nanos = nanos % 1000000000 - - return map[string]interface{}{ - "Seconds": seconds, - "Nanos": int32(nanos), - }, nil - } - return data, nil -} diff --git a/proto/translate_test.go b/proto/translate_test.go deleted file mode 100644 index 0fbfa2b9b..000000000 --- a/proto/translate_test.go +++ /dev/null @@ -1,86 +0,0 @@ -package proto - -import ( - "testing" - "time" - - "github.com/gogo/protobuf/types" - "github.com/mitchellh/mapstructure" - - "github.com/stretchr/testify/require" -) - -type pbTSWrapper struct { - Timestamp *types.Timestamp -} - -type timeTSWrapper struct { - Timestamp time.Time -} - -func TestHookPBTimestampToTime(t *testing.T) { - in := pbTSWrapper{ - Timestamp: &types.Timestamp{ - Seconds: 1000, - Nanos: 42, - }, - } - - expected := timeTSWrapper{ - Timestamp: time.Unix(1000, 42).UTC(), - } - - var actual timeTSWrapper - decoder, err := mapstructure.NewDecoder(&mapstructure.DecoderConfig{ - DecodeHook: HookPBTimestampToTime, - Result: &actual, - }) - require.NoError(t, err) - require.NoError(t, decoder.Decode(in)) - - require.Equal(t, expected, actual) -} - -func TestHookTimeToPBTimestamp(t *testing.T) { - in := timeTSWrapper{ - Timestamp: time.Unix(999999, 123456).UTC(), - } - - expected := pbTSWrapper{ - Timestamp: &types.Timestamp{ - Seconds: 999999, - Nanos: 123456, - }, - } - - var actual pbTSWrapper - decoder, err := mapstructure.NewDecoder(&mapstructure.DecoderConfig{ - DecodeHook: HookTimeToPBTimestamp, - Result: &actual, - }) - require.NoError(t, err) - require.NoError(t, decoder.Decode(in)) - - require.Equal(t, expected, actual) -} - -func TestHookTimeToPBTimestamp_ZeroTime(t *testing.T) { - in := timeTSWrapper{} - - expected := pbTSWrapper{ - Timestamp: &types.Timestamp{ - Seconds: 0, - Nanos: 0, - }, - } - - var actual pbTSWrapper - decoder, err := mapstructure.NewDecoder(&mapstructure.DecoderConfig{ - DecodeHook: HookTimeToPBTimestamp, - Result: &actual, - }) - require.NoError(t, err) - require.NoError(t, decoder.Decode(in)) - - require.Equal(t, expected, actual) -} From 14c9389fa946e69b18e9c988873da02f43245f34 Mon Sep 17 00:00:00 2001 From: Eric Date: Tue, 29 Mar 2022 09:34:39 -0400 Subject: [PATCH 033/785] code review changes --- .circleci/config.yml | 3 +- GNUmakefile | 2 + build-support/scripts/proto-gen-entry.sh | 169 ----------------------- 3 files changed, 4 insertions(+), 170 deletions(-) delete mode 100755 build-support/scripts/proto-gen-entry.sh diff --git a/.circleci/config.yml b/.circleci/config.yml index db57fb786..164c5ddb2 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -237,9 +237,10 @@ jobs: - run: name: Install protobuf command: | + goproto_version=$(go list -m github.com/golang/protobuf | awk '{print $2}') go install -v github.com/hashicorp/protoc-gen-go-binary@master go install -v github.com/favadi/protoc-go-inject-tag@v1.3.0 - go install -v github.com/golang/protobuf/protoc-gen-go@v1.3.5 + go install -v github.com/golang/protobuf/protoc-gen-go@${goproto_version} - run: command: make --always-make proto diff --git a/GNUmakefile b/GNUmakefile index fa9fcb600..4710fbbaa 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -2,11 +2,13 @@ # https://www.consul.io/docs/install#compiling-from-source SHELL = bash +GOPROTOVERSION?=$(shell grep github.com/golang/protobuf go.mod | awk '{print $$2}') GOTOOLS = \ github.com/elazarl/go-bindata-assetfs/go-bindata-assetfs@master \ github.com/hashicorp/go-bindata/go-bindata@master \ golang.org/x/tools/cmd/cover@master \ golang.org/x/tools/cmd/stringer@master \ + github.com/golang/protobuf/protoc-gen-go@$(GOPROTOVERSION) \ github.com/hashicorp/protoc-gen-go-binary@master \ github.com/vektra/mockery/cmd/mockery@master \ github.com/golangci/golangci-lint/cmd/golangci-lint@v1.40.1 \ diff --git a/build-support/scripts/proto-gen-entry.sh b/build-support/scripts/proto-gen-entry.sh deleted file mode 100755 index 50d51be0d..000000000 --- a/build-support/scripts/proto-gen-entry.sh +++ /dev/null @@ -1,169 +0,0 @@ -#!/usr/bin/env bash - -SCRIPT_NAME="$(basename ${BASH_SOURCE[0]})" -pushd $(dirname ${BASH_SOURCE[0]}) > /dev/null -SCRIPT_DIR=$(pwd) -pushd ../.. > /dev/null -SOURCE_DIR=$(pwd) -popd > /dev/null -pushd ../functions > /dev/null -FN_DIR=$(pwd) -popd > /dev/null -popd > /dev/null - -source "${SCRIPT_DIR}/functions.sh" - -function usage { -cat <<-EOF -Usage: ${SCRIPT_NAME} [] - -Description: - Generate the Go files from protobuf definitions. In addition to - running the protoc generator it will also fixup build tags in the - generated code. - -Options: - --import-replace Replace imports of google types with those from the protobuf repo. - --grpc Enable the gRPC plugin - -h | --help Print this help text. -EOF -} - -function err_usage { - err "$1" - err "" - err "$(usage)" -} - -function main { - local -i grpc=0 - local -i imp_replace=0 - local proto_path= - - while test $# -gt 0 - do - case "$1" in - -h | --help ) - usage - return 0 - ;; - --grpc ) - grpc=1 - shift - ;; - --import-replace ) - imp_replace=1 - shift - ;; - * ) - proto_path="$1" - shift - ;; - esac - done - - if test -z "${proto_path}" - then - err_usage "ERROR: No proto file specified" - return 1 - fi - - go mod download - - local golang_proto_path=$(go list -f '{{ .Dir }}' -m github.com/golang/protobuf) - local golang_proto_mod_path=$(sed -e 's,\(.*\)github.com.*,\1,' <<< "${golang_proto_path}") - - - local golang_proto_imp_replace="Mgoogle/protobuf/timestamp.proto=github.com/golang/protobuf/ptypes/timestamp" - golang_proto_imp_replace="${golang_proto_imp_replace},Mgoogle/protobuf/duration.proto=github.com/golang/protobuf/ptypes/duration" - - local proto_go_path=${proto_path%%.proto}.pb.go - local proto_go_bin_path=${proto_path%%.proto}.pb.binary.go - local proto_go_rpcglue_path=${proto_path%%.proto}.rpcglue.pb.go - - local go_proto_out="paths=source_relative" - if is_set "${grpc}" - then - go_proto_out="${go_proto_out},plugins=grpc" - fi - - if is_set "${imp_replace}" - then - go_proto_out="${go_proto_out},${golang_proto_imp_replace}" - fi - - if test -n "${go_proto_out}" - then - go_proto_out="${go_proto_out}:" - fi - - # How we run protoc probably needs some documentation. - # - # This is the path to where - # -I="${golang_proto_path}/protobuf" \ - local -i ret=0 - status_stage "Generating ${proto_path} into ${proto_go_path} and ${proto_go_bin_path} (NO GOGO)" - echo "debug_run protoc \ - -I=\"${golang_proto_path}\" \ - -I=\"${golang_proto_mod_path}\" \ - -I=\"${SOURCE_DIR}\" \ - --go_out=\"${go_proto_out}${SOURCE_DIR}\" \ - --go-binary_out=\"${SOURCE_DIR}\" \ - \"${proto_path}\"" - debug_run protoc \ - -I="${golang_proto_path}" \ - -I="${golang_proto_mod_path}" \ - -I="${SOURCE_DIR}" \ - --go_out="${go_proto_out}${SOURCE_DIR}" \ - --go-binary_out="${SOURCE_DIR}" \ - "${proto_path}" - - if test $? -ne 0 - then - err "Failed to run protoc for ${proto_path}" - return 1 - fi - - debug_run protoc-go-inject-tag \ - -input="${proto_go_path}" - - if test $? -ne 0 - then - err "Failed to run protoc-go-inject-tag for ${proto_path}" - return 1 - fi - - echo "debug_run protoc \ - -I=\"${golang_proto_path}\" \ - -I=\"${golang_proto_mod_path}\" \ - -I=\"${SOURCE_DIR}\" \ - --go_out=\"${go_proto_out}${SOURCE_DIR}\" \ - --go-binary_out=\"${SOURCE_DIR}\" \ - \"${proto_path}\"" - - BUILD_TAGS=$(sed -e '/^[[:space:]]*$/,$d' < "${proto_path}" | grep '// +build') - if test -n "${BUILD_TAGS}" - then - echo -e "${BUILD_TAGS}\n" >> "${proto_go_path}.new" - cat "${proto_go_path}" >> "${proto_go_path}.new" - mv "${proto_go_path}.new" "${proto_go_path}" - - echo -e "${BUILD_TAGS}\n" >> "${proto_go_bin_path}.new" - cat "${proto_go_bin_path}" >> "${proto_go_bin_path}.new" - mv "${proto_go_bin_path}.new" "${proto_go_bin_path}" - fi - - # note: this has to run after we fix up the build tags above - rm -f "${proto_go_rpcglue_path}" - debug_run go run ./internal/tools/proto-gen-rpc-glue/main.go -path "${proto_go_path}" - if test $? -ne 0 - then - err "Failed to generate consul rpc glue outputs from ${proto_path}" - return 1 - fi - - return 0 -} - -main "$@" -exit $? From dcfcac433d0089c93489eec81d1a50a2e6ca3eec Mon Sep 17 00:00:00 2001 From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com> Date: Tue, 29 Mar 2022 12:02:43 -0500 Subject: [PATCH 034/785] build: enforce protoc binary is the expected version (#12641) --- .circleci/config.yml | 3 ++- GNUmakefile | 18 ++++++++++++++++-- 2 files changed, 18 insertions(+), 3 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 164c5ddb2..f4c7567d5 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -229,7 +229,8 @@ jobs: - run: name: Install protobuf command: | - wget https://github.com/protocolbuffers/protobuf/releases/download/v3.12.3/protoc-3.12.3-linux-x86_64.zip + protoc_version="$(make print-PROTOC_VERSION)" + wget https://github.com/protocolbuffers/protobuf/releases/download/v${protoc_version}/protoc-${protoc_version}-linux-x86_64.zip sudo unzip -d /usr/local protoc-*.zip sudo chmod +x /usr/local/bin/protoc sudo chmod -R a+Xr /usr/local/include/google/ diff --git a/GNUmakefile b/GNUmakefile index 4710fbbaa..d844cb6c3 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -2,6 +2,7 @@ # https://www.consul.io/docs/install#compiling-from-source SHELL = bash +PROTOC_VERSION=3.12.3 GOPROTOVERSION?=$(shell grep github.com/golang/protobuf go.mod | awk '{print $$2}') GOTOOLS = \ github.com/elazarl/go-bindata-assetfs/go-bindata-assetfs@master \ @@ -342,13 +343,26 @@ else @go test -v ./agent -run Vault endif -proto: $(PROTOGOFILES) $(PROTOGOBINFILES) - @echo "Generated all protobuf Go files" +.PHONY: protoc-check +protoc-check: + $(info checking protocol buffer compiler version (expect: $(PROTOC_VERSION))) + @if ! command -v protoc &>/dev/null; then \ + echo "ERROR: protoc is not installed; please install version $(PROTOC_VERSION)" >&2 ; \ + exit 1 ; \ + fi + @if [[ "$$(protoc --version | cut -d' ' -f2)" != "$(PROTOC_VERSION)" ]]; then \ + echo "ERROR: protoc version $(PROTOC_VERSION) is required" >&2 ; \ + fi +proto: protoc-check $(PROTOGOFILES) $(PROTOGOBINFILES) + @echo "Generated all protobuf Go files" %.pb.go %.pb.binary.go: %.proto @$(SHELL) $(CURDIR)/build-support/scripts/proto-gen.sh --grpc --import-replace "$<" +# utility to echo a makefile variable (i.e. 'make print-PROTOC_VERSION') +print-% : ; @echo $($*) + .PHONY: module-versions # Print a list of modules which can be updated. # Columns are: module current_version date_of_current_version latest_version From 609a83db5e8eae03bfb6737e53b3dab1f64aba32 Mon Sep 17 00:00:00 2001 From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com> Date: Tue, 29 Mar 2022 13:17:41 -0500 Subject: [PATCH 035/785] add missing line from prototest.AssertDeepEqual (#12645) --- proto/prototest/testing.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/proto/prototest/testing.go b/proto/prototest/testing.go index 5b5468ea6..1dbe03618 100644 --- a/proto/prototest/testing.go +++ b/proto/prototest/testing.go @@ -3,11 +3,15 @@ package prototest import ( "testing" + "github.com/golang/protobuf/proto" "github.com/google/go-cmp/cmp" ) func AssertDeepEqual(t *testing.T, x, y interface{}, opts ...cmp.Option) { t.Helper() + + opts = append(opts, cmp.Comparer(proto.Equal)) + if diff := cmp.Diff(x, y, opts...); diff != "" { t.Fatalf("assertion failed: values are not equal\n--- expected\n+++ actual\n%v", diff) } From d1938482e7a64e62eb2888ac66cf3a6cd753ee4d Mon Sep 17 00:00:00 2001 From: Fulvio Date: Tue, 29 Mar 2022 20:56:01 +0200 Subject: [PATCH 036/785] remove DualStack field from check TCP #12629 (#12630) --- agent/checks/check.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/agent/checks/check.go b/agent/checks/check.go index 5bc00bc18..8f910901f 100644 --- a/agent/checks/check.go +++ b/agent/checks/check.go @@ -644,8 +644,7 @@ func (c *CheckTCP) Start() { if c.dialer == nil { // Create the socket dialer c.dialer = &net.Dialer{ - Timeout: 10 * time.Second, - DualStack: true, + Timeout: 10 * time.Second, } if c.Timeout > 0 { c.dialer.Timeout = c.Timeout From 356d068a4f130ccf84ca30a124f0bd542c6d493b Mon Sep 17 00:00:00 2001 From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com> Date: Tue, 29 Mar 2022 15:18:05 -0500 Subject: [PATCH 037/785] build: install mog and execute it during protobuf compilation (#12647) - also import replace isn't needed anymore --- .circleci/config.yml | 6 +---- GNUmakefile | 28 ++++++++++++++++-------- build-support/scripts/proto-gen.sh | 35 ++++++++++-------------------- 3 files changed, 32 insertions(+), 37 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index f4c7567d5..80b19a03e 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -237,11 +237,7 @@ jobs: rm protoc-*.zip - run: name: Install protobuf - command: | - goproto_version=$(go list -m github.com/golang/protobuf | awk '{print $2}') - go install -v github.com/hashicorp/protoc-gen-go-binary@master - go install -v github.com/favadi/protoc-go-inject-tag@v1.3.0 - go install -v github.com/golang/protobuf/protoc-gen-go@${goproto_version} + command: make proto-tools - run: command: make --always-make proto diff --git a/GNUmakefile b/GNUmakefile index d844cb6c3..097e22539 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -2,19 +2,22 @@ # https://www.consul.io/docs/install#compiling-from-source SHELL = bash -PROTOC_VERSION=3.12.3 -GOPROTOVERSION?=$(shell grep github.com/golang/protobuf go.mod | awk '{print $$2}') GOTOOLS = \ github.com/elazarl/go-bindata-assetfs/go-bindata-assetfs@master \ github.com/hashicorp/go-bindata/go-bindata@master \ golang.org/x/tools/cmd/cover@master \ golang.org/x/tools/cmd/stringer@master \ - github.com/golang/protobuf/protoc-gen-go@$(GOPROTOVERSION) \ - github.com/hashicorp/protoc-gen-go-binary@master \ github.com/vektra/mockery/cmd/mockery@master \ github.com/golangci/golangci-lint/cmd/golangci-lint@v1.40.1 \ - github.com/hashicorp/lint-consul-retry@master \ - github.com/favadi/protoc-go-inject-tag@v1.3.0 + github.com/hashicorp/lint-consul-retry@master + +PROTOC_VERSION=3.12.3 +GOPROTOVERSION?=$(shell grep github.com/golang/protobuf go.mod | awk '{print $$2}') +GOPROTOTOOLS = \ + github.com/golang/protobuf/protoc-gen-go@$(GOPROTOVERSION) \ + github.com/hashicorp/protoc-gen-go-binary@master \ + github.com/favadi/protoc-go-inject-tag@v1.3.0 \ + github.com/hashicorp/mog@v0.1.1 GOTAGS ?= GOPATH=$(shell go env GOPATH) @@ -287,13 +290,20 @@ static-assets: # Build the static web ui and build static assets inside a Docker container ui: ui-docker static-assets-docker -tools: +tools: proto-tools @if [[ -d .gotools ]]; then rm -rf .gotools ; fi @for TOOL in $(GOTOOLS); do \ echo "=== TOOL: $$TOOL" ; \ go install -v $$TOOL ; \ done +proto-tools: + @if [[ -d .gotools ]]; then rm -rf .gotools ; fi + @for TOOL in $(GOPROTOTOOLS); do \ + echo "=== TOOL: $$TOOL" ; \ + go install -v $$TOOL ; \ + done + version: @echo -n "Version: " @$(SHELL) $(CURDIR)/build-support/scripts/version.sh @@ -358,7 +368,7 @@ proto: protoc-check $(PROTOGOFILES) $(PROTOGOBINFILES) @echo "Generated all protobuf Go files" %.pb.go %.pb.binary.go: %.proto - @$(SHELL) $(CURDIR)/build-support/scripts/proto-gen.sh --grpc --import-replace "$<" + @$(SHELL) $(CURDIR)/build-support/scripts/proto-gen.sh --grpc "$<" # utility to echo a makefile variable (i.e. 'make print-PROTOC_VERSION') print-% : ; @echo $($*) @@ -385,6 +395,6 @@ envoy-regen: @find "command/connect/envoy/testdata" -name '*.golden' -delete @go test -tags '$(GOTAGS)' ./command/connect/envoy -update -.PHONY: all bin dev dist cov test test-internal cover lint ui static-assets tools +.PHONY: all bin dev dist cov test test-internal cover lint ui static-assets tools proto-tools protoc-check .PHONY: docker-images go-build-image ui-build-image static-assets-docker consul-docker ui-docker .PHONY: version proto test-envoy-integ diff --git a/build-support/scripts/proto-gen.sh b/build-support/scripts/proto-gen.sh index 4ecf9acd8..c1dedc52e 100755 --- a/build-support/scripts/proto-gen.sh +++ b/build-support/scripts/proto-gen.sh @@ -37,7 +37,6 @@ function err_usage { function main { local -i grpc=0 - local -i imp_replace=0 local proto_path= while test $# -gt 0 @@ -51,10 +50,6 @@ function main { grpc=1 shift ;; - --import-replace ) - imp_replace=1 - shift - ;; * ) proto_path="$1" shift @@ -73,13 +68,10 @@ function main { local golang_proto_path=$(go list -f '{{ .Dir }}' -m github.com/golang/protobuf) local golang_proto_mod_path=$(sed -e 's,\(.*\)github.com.*,\1,' <<< "${golang_proto_path}") - - local golang_proto_imp_replace="Mgoogle/protobuf/timestamp.proto=github.com/golang/protobuf/ptypes/timestamp" - golang_proto_imp_replace="${golang_proto_imp_replace},Mgoogle/protobuf/duration.proto=github.com/golang/protobuf/ptypes/duration" - local proto_go_path=${proto_path%%.proto}.pb.go local proto_go_bin_path=${proto_path%%.proto}.pb.binary.go local proto_go_rpcglue_path=${proto_path%%.proto}.rpcglue.pb.go + local mog_input_path="$(dirname "${proto_path}")" local go_proto_out="paths=source_relative" if is_set "${grpc}" @@ -87,23 +79,20 @@ function main { go_proto_out="${go_proto_out},plugins=grpc" fi - if is_set "${imp_replace}" - then - go_proto_out="${go_proto_out},${golang_proto_imp_replace}" - fi - if test -n "${go_proto_out}" then go_proto_out="${go_proto_out}:" fi + rm -f "${proto_go_path}" ${proto_go_bin_path}" ${proto_go_rpcglue_path}" "${mog_input_path}/*.gen.go" + # How we run protoc probably needs some documentation. # # This is the path to where # -I="${golang_proto_path}/protobuf" \ local -i ret=0 - status_stage "Generating ${proto_path} into ${proto_go_path} and ${proto_go_bin_path}" - echo "debug_run protoc \ + status_stage "Generating ${proto_path} into ${proto_go_path} and ${proto_go_bin_path} ${mog_input_path}/*.gen.go" + echo "debug_run protoc \ -I=\"${golang_proto_path}\" \ -I=\"${golang_proto_mod_path}\" \ -I=\"${SOURCE_DIR}\" \ @@ -133,13 +122,13 @@ function main { return 1 fi - echo "debug_run protoc \ - -I=\"${golang_proto_path}\" \ - -I=\"${golang_proto_mod_path}\" \ - -I=\"${SOURCE_DIR}\" \ - --go_out=\"${go_proto_out}${SOURCE_DIR}\" \ - --go-binary_out=\"${SOURCE_DIR}\" \ - \"${proto_path}\"" + debug_run mog -source ./${mog_input_path} -tags ${GOTAGS} -ignore-package-load-errors + + if test $? -ne 0 + then + err "Failed to generate mog outputs from ${mog_input_path}" + return 1 + fi BUILD_TAGS=$(sed -e '/^[[:space:]]*$/,$d' < "${proto_path}" | grep '// +build') if test -n "${BUILD_TAGS}" From 0ae60adff99194957aad13b6905997e8eee7a2e0 Mon Sep 17 00:00:00 2001 From: Mike Morris Date: Tue, 29 Mar 2022 17:36:21 -0400 Subject: [PATCH 038/785] website(api-gateway): add consul namespace to helm install (#12644) * website: api-gateway helm install consul namespace To mirror instructions at https://learn.hashicorp.com/tutorials/consul/kubernetes-api-gateway * website(api-gateway): add notes on where to find available versions * website(api-gateway): fixup link to more clearly indicate Consul Helm chart releases * Update website/content/docs/api-gateway/api-gateway-usage.mdx --- website/content/docs/api-gateway/api-gateway-usage.mdx | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/website/content/docs/api-gateway/api-gateway-usage.mdx b/website/content/docs/api-gateway/api-gateway-usage.mdx index 04f8daf5a..ac8474892 100644 --- a/website/content/docs/api-gateway/api-gateway-usage.mdx +++ b/website/content/docs/api-gateway/api-gateway-usage.mdx @@ -7,7 +7,7 @@ description: >- # Consul API Gateway Usage -This topic describes how to use the Consul API Gateway add-on module. It includes instructions for installation and configuration. +This topic describes how to use the Consul API Gateway add-on module. It includes instructions for installation and configuration. ## Requirements @@ -25,7 +25,7 @@ Refer to [Technical Specifications](/docs/api-gateway/tech-specs) for minimum so -1. Create a `values.yaml` file for your Consul API Gateway deployment. Copy the content below into the `values.yaml` file. The `values.yaml` will be used by the Consul Helm chart. See [Helm Chart Configuration - apiGateway](https://www.consul.io/docs/k8s/helm#apigateway) for more available options on how to configure your Consul API Gateway deployment via the Helm chart. +1. Create a `values.yaml` file for your Consul API Gateway deployment. Copy the content below into the `values.yaml` file. The `values.yaml` will be used by the Consul Helm chart. Available versions of the [Consul](https://hub.docker.com/r/hashicorp/consul/tags) and [Consul API Gateway](https://hub.docker.com/r/hashicorp/consul-api-gateway/tags) Docker images can be found on DockerHub, with additional context on version compatibility published in [GitHub releases](https://github.com/hashicorp/consul-api-gateway/releases). See [Helm Chart Configuration - apiGateway](https://www.consul.io/docs/k8s/helm#apigateway) for more available options on how to configure your Consul API Gateway deployment via the Helm chart. @@ -44,12 +44,12 @@ Refer to [Technical Specifications](/docs/api-gateway/tech-specs) for minimum so -1. Install Consul API Gateway using the standard Consul Helm chart and specify the custom values file. +1. Install Consul API Gateway using the standard Consul Helm chart and specify the custom values file. Available versions of the [Consul Helm chart](https://github.com/hashicorp/consul-k8s/releases) can be found in GitHub releases. ```shell-session - $ helm install consul hashicorp/consul --version 0.41.1 --values values.yaml + $ helm install consul hashicorp/consul --version 0.41.1 --values values.yaml --create-namespace --namespace consul ``` @@ -58,7 +58,7 @@ Refer to [Technical Specifications](/docs/api-gateway/tech-specs) for minimum so 1. Verify that the [requirements](#requirements) have been met. 1. Verify that the Consul API Gateway CRDs and controller have been installed and applied (see [Installation](#installation)). -1. Configure the artifacts described below in [Configuration](#configuration). +1. Configure the artifacts described below in [Configuration](#configuration). From 0fd6cdc900205ac36bdafeeee8571223e5790304 Mon Sep 17 00:00:00 2001 From: FFMMM Date: Tue, 29 Mar 2022 18:05:45 -0700 Subject: [PATCH 039/785] introduce EmptyReadRequest for status_endpoint (#12653) Co-authored-by: Daniel Nephin --- agent/consul/stats_fetcher.go | 7 ++++--- agent/consul/status_endpoint.go | 14 +++++++++++--- 2 files changed, 15 insertions(+), 6 deletions(-) diff --git a/agent/consul/stats_fetcher.go b/agent/consul/stats_fetcher.go index d486ae504..334472be5 100644 --- a/agent/consul/stats_fetcher.go +++ b/agent/consul/stats_fetcher.go @@ -5,11 +5,12 @@ import ( "net" "sync" - "github.com/hashicorp/consul/agent/pool" - "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/go-hclog" "github.com/hashicorp/raft" autopilot "github.com/hashicorp/raft-autopilot" + + "github.com/hashicorp/consul/agent/pool" + "github.com/hashicorp/consul/agent/structs" ) // StatsFetcher has two functions for autopilot. First, lets us fetch all the @@ -42,7 +43,7 @@ func NewStatsFetcher(logger hclog.Logger, pool *pool.ConnPool, datacenter string // RPC to each server, so we let it finish and then clean up the in-flight // tracking. func (f *StatsFetcher) fetch(server *autopilot.Server, replyCh chan *autopilot.ServerStats) { - var args struct{} + var args EmptyReadRequest var reply structs.RaftStats // defer some cleanup to notify everything else that the fetching is no longer occurring diff --git a/agent/consul/status_endpoint.go b/agent/consul/status_endpoint.go index ac0dc0314..b82baf842 100644 --- a/agent/consul/status_endpoint.go +++ b/agent/consul/status_endpoint.go @@ -13,7 +13,7 @@ type Status struct { } // Ping is used to just check for connectivity -func (s *Status) Ping(args struct{}, reply *struct{}) error { +func (s *Status) Ping(args EmptyReadRequest, reply *struct{}) error { return nil } @@ -55,8 +55,16 @@ func (s *Status) Peers(args *structs.DCSpecificRequest, reply *[]string) error { return nil } -// Used by Autopilot to query the raft stats of the local server. -func (s *Status) RaftStats(args struct{}, reply *structs.RaftStats) error { +// EmptyReadRequest implements the interface used by middleware.RequestRecorder +// to communicate properties of requests. +type EmptyReadRequest struct{} + +func (e EmptyReadRequest) IsRead() bool { + return true +} + +// RaftStats is used by Autopilot to query the raft stats of the local server. +func (s *Status) RaftStats(args EmptyReadRequest, reply *structs.RaftStats) error { stats := s.server.raft.Stats() var err error From d4e80b880023516e1a35fdece003b6b5b2eba01f Mon Sep 17 00:00:00 2001 From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com> Date: Wed, 30 Mar 2022 10:04:18 -0500 Subject: [PATCH 040/785] server: ensure that service-defaults meta is incorporated into the discovery chain response (#12511) Also add a new "Default" field to the discovery chain response to clients --- .changelog/12511.txt | 7 + agent/consul/discovery_chain_endpoint_test.go | 8 +- agent/consul/discoverychain/compile.go | 44 ++++++ agent/consul/discoverychain/compile_test.go | 139 +++++++++++++++--- agent/discovery_chain_endpoint_test.go | 6 +- agent/proxycfg/testing_connect_proxy.go | 2 +- agent/proxycfg/testing_ingress_gateway.go | 8 +- agent/structs/discovery_chain.go | 35 +---- agent/xds/clusters.go | 2 +- agent/xds/endpoints.go | 2 +- agent/xds/listeners.go | 4 +- agent/xds/listeners_ingress.go | 2 +- agent/xds/routes.go | 2 +- api/discovery_chain.go | 8 + api/discovery_chain_test.go | 2 + .../connect/l7-traffic/discovery-chain.mdx | 6 + 16 files changed, 214 insertions(+), 63 deletions(-) create mode 100644 .changelog/12511.txt diff --git a/.changelog/12511.txt b/.changelog/12511.txt new file mode 100644 index 000000000..a7ba31633 --- /dev/null +++ b/.changelog/12511.txt @@ -0,0 +1,7 @@ +```release-note:feature +server: ensure that service-defaults meta is incorporated into the discovery chain response +``` + +```release-note:feature +server: discovery chains now include a response field named "Default" to indicate if they were not constructed from any service-resolver, service-splitter, or service-router config entries +``` diff --git a/agent/consul/discovery_chain_endpoint_test.go b/agent/consul/discovery_chain_endpoint_test.go index 174cab742..e875ec25d 100644 --- a/agent/consul/discovery_chain_endpoint_test.go +++ b/agent/consul/discovery_chain_endpoint_test.go @@ -98,6 +98,7 @@ func TestDiscoveryChainEndpoint_Get(t *testing.T) { Datacenter: "dc1", Protocol: "tcp", StartNode: "resolver:web.default.default.dc1", + Default: true, Nodes: map[string]*structs.DiscoveryGraphNode{ "resolver:web.default.default.dc1": { Type: structs.DiscoveryGraphNodeTypeResolver, @@ -286,12 +287,7 @@ func TestDiscoveryChainEndpoint_Get_BlockOnNoChange(t *testing.T) { args.QueryOptions.MinQueryIndex = minQueryIndex var out structs.DiscoveryChainResponse - errCh := channelCallRPC(s1, "DiscoveryChain.Get", &args, &out, func() error { - if !out.Chain.IsDefault() { - return fmt.Errorf("expected default chain") - } - return nil - }) + errCh := channelCallRPC(s1, "DiscoveryChain.Get", &args, &out, nil) return &out.QueryMeta, errCh }, func(i int) <-chan error { diff --git a/agent/consul/discoverychain/compile.go b/agent/consul/discoverychain/compile.go index 4f78eb8bf..0567b8b90 100644 --- a/agent/consul/discoverychain/compile.go +++ b/agent/consul/discoverychain/compile.go @@ -161,6 +161,12 @@ type compiler struct { // This is an OUTPUT field. protocol string + // serviceMeta is the Meta field from the service-defaults entry that + // shares a name with this discovery chain. + // + // This is an OUTPUT field. + serviceMeta map[string]string + // startNode is computed inside of assembleChain() // // This is an OUTPUT field. @@ -327,14 +333,47 @@ func (c *compiler) compile() (*structs.CompiledDiscoveryChain, error) { Namespace: c.evaluateInNamespace, Partition: c.evaluateInPartition, Datacenter: c.evaluateInDatacenter, + Default: c.determineIfDefaultChain(), CustomizationHash: customizationHash, Protocol: c.protocol, + ServiceMeta: c.serviceMeta, StartNode: c.startNode, Nodes: c.nodes, Targets: c.loadedTargets, }, nil } +// determineIfDefaultChain returns true if the compiled chain represents no +// routing, no splitting, and only the default resolution. We have to be +// careful here to avoid returning "yep this is default" when the only +// resolver action being applied is redirection to another resolver that is +// default, so we double check the resolver matches the requested resolver. +// +// NOTE: "default chain" mostly means that this is compatible with how things +// worked (roughly) in consul 1.5 pre-discovery chain, not that there are zero +// config entries in play (like service-defaults). +func (c *compiler) determineIfDefaultChain() bool { + if c.startNode == "" || len(c.nodes) == 0 { + return true + } + + node := c.nodes[c.startNode] + if node == nil { + panic("not possible: missing node named '" + c.startNode + "' in chain '" + c.serviceName + "'") + } + + if node.Type != structs.DiscoveryGraphNodeTypeResolver { + return false + } + if !node.Resolver.Default { + return false + } + + target := c.loadedTargets[node.Resolver.Target] + + return target.Service == c.serviceName && target.Namespace == c.evaluateInNamespace && target.Partition == c.evaluateInPartition +} + func (c *compiler) detectCircularReferences() error { var ( todo stringStack @@ -515,6 +554,11 @@ func (c *compiler) assembleChain() error { sid := structs.NewServiceID(c.serviceName, c.GetEnterpriseMeta()) + // Extract the service meta for the service named by this discovery chain. + if serviceDefault := c.entries.GetService(sid); serviceDefault != nil { + c.serviceMeta = serviceDefault.GetMeta() + } + // Check for short circuit path. if len(c.resolvers) == 0 && c.entries.IsChainEmpty() { // Materialize defaults and cache. diff --git a/agent/consul/discoverychain/compile_test.go b/agent/consul/discoverychain/compile_test.go index 94029465e..9a3dde647 100644 --- a/agent/consul/discoverychain/compile_test.go +++ b/agent/consul/discoverychain/compile_test.go @@ -12,14 +12,12 @@ import ( ) type compileTestCase struct { - entries *configentry.DiscoveryChainSet - setup func(req *CompileRequest) - expect *structs.CompiledDiscoveryChain - // expectIsDefault tests behavior of CompiledDiscoveryChain.IsDefault() - expectIsDefault bool - expectCustom bool - expectErr string - expectGraphErr bool + entries *configentry.DiscoveryChainSet + setup func(req *CompileRequest) + expect *structs.CompiledDiscoveryChain + expectCustom bool + expectErr string + expectGraphErr bool } func TestCompile(t *testing.T) { @@ -56,6 +54,8 @@ func TestCompile(t *testing.T) { "loadbalancer splitter and resolver": testcase_LBSplitterAndResolver(), "loadbalancer resolver": testcase_LBResolver(), "service redirect to service with default resolver is not a default chain": testcase_RedirectToDefaultResolverIsNotDefaultChain(), + "service meta projection": testcase_ServiceMetaProjection(), + "service meta projection with redirect": testcase_ServiceMetaProjectionWithRedirect(), "all the bells and whistles": testcase_AllBellsAndWhistles(), "multi dc canary": testcase_MultiDatacenterCanary(), @@ -141,7 +141,6 @@ func TestCompile(t *testing.T) { } require.Equal(t, tc.expect, res) - require.Equal(t, tc.expectIsDefault, res.IsDefault()) } }) } @@ -1429,6 +1428,7 @@ func testcase_DefaultResolver() compileTestCase { expect := &structs.CompiledDiscoveryChain{ Protocol: "tcp", + Default: true, StartNode: "resolver:main.default.default.dc1", Nodes: map[string]*structs.DiscoveryGraphNode{ "resolver:main.default.default.dc1": { @@ -1446,7 +1446,7 @@ func testcase_DefaultResolver() compileTestCase { "main.default.default.dc1": newTarget("main", "", "default", "default", "dc1", nil), }, } - return compileTestCase{entries: entries, expect: expect, expectIsDefault: true} + return compileTestCase{entries: entries, expect: expect} } func testcase_DefaultResolver_WithProxyDefaults() compileTestCase { @@ -1465,6 +1465,7 @@ func testcase_DefaultResolver_WithProxyDefaults() compileTestCase { expect := &structs.CompiledDiscoveryChain{ Protocol: "grpc", + Default: true, StartNode: "resolver:main.default.default.dc1", Nodes: map[string]*structs.DiscoveryGraphNode{ "resolver:main.default.default.dc1": { @@ -1485,11 +1486,69 @@ func testcase_DefaultResolver_WithProxyDefaults() compileTestCase { }), }, } - return compileTestCase{entries: entries, expect: expect, expectIsDefault: true} + return compileTestCase{entries: entries, expect: expect} } -func testcase_RedirectToDefaultResolverIsNotDefaultChain() compileTestCase { +func testcase_ServiceMetaProjection() compileTestCase { entries := newEntries() + entries.AddServices( + &structs.ServiceConfigEntry{ + Kind: structs.ServiceDefaults, + Name: "main", + Meta: map[string]string{ + "foo": "bar", + "abc": "123", + }, + }, + ) + expect := &structs.CompiledDiscoveryChain{ + Protocol: "tcp", + Default: true, + ServiceMeta: map[string]string{ + "foo": "bar", + "abc": "123", + }, + StartNode: "resolver:main.default.default.dc1", + Nodes: map[string]*structs.DiscoveryGraphNode{ + "resolver:main.default.default.dc1": { + Type: structs.DiscoveryGraphNodeTypeResolver, + Name: "main.default.default.dc1", + Resolver: &structs.DiscoveryResolver{ + Default: true, + ConnectTimeout: 5 * time.Second, + Target: "main.default.default.dc1", + }, + }, + }, + Targets: map[string]*structs.DiscoveryTarget{ + "main.default.default.dc1": newTarget("main", "", "default", "default", "dc1", nil), + }, + } + + return compileTestCase{entries: entries, expect: expect} +} + +func testcase_ServiceMetaProjectionWithRedirect() compileTestCase { + entries := newEntries() + entries.AddServices( + &structs.ServiceConfigEntry{ + Kind: structs.ServiceDefaults, + Name: "main", + Meta: map[string]string{ + "foo": "bar", + "abc": "123", + }, + }, + &structs.ServiceConfigEntry{ + Kind: structs.ServiceDefaults, + Name: "other", + Meta: map[string]string{ + "zim": "gir", + "abc": "456", + "xyz": "999", + }, + }, + ) entries.AddResolvers( &structs.ServiceResolverConfigEntry{ Kind: structs.ServiceResolver, @@ -1501,7 +1560,12 @@ func testcase_RedirectToDefaultResolverIsNotDefaultChain() compileTestCase { ) expect := &structs.CompiledDiscoveryChain{ - Protocol: "tcp", + Protocol: "tcp", + ServiceMeta: map[string]string{ + // Note this is main's meta, not other's. + "foo": "bar", + "abc": "123", + }, StartNode: "resolver:other.default.default.dc1", Nodes: map[string]*structs.DiscoveryGraphNode{ "resolver:other.default.default.dc1": { @@ -1519,7 +1583,42 @@ func testcase_RedirectToDefaultResolverIsNotDefaultChain() compileTestCase { }, } - return compileTestCase{entries: entries, expect: expect, expectIsDefault: false /*being explicit here because this is the whole point of this test*/} + return compileTestCase{entries: entries, expect: expect} +} + +func testcase_RedirectToDefaultResolverIsNotDefaultChain() compileTestCase { + entries := newEntries() + entries.AddResolvers( + &structs.ServiceResolverConfigEntry{ + Kind: structs.ServiceResolver, + Name: "main", + Redirect: &structs.ServiceResolverRedirect{ + Service: "other", + }, + }, + ) + + expect := &structs.CompiledDiscoveryChain{ + Protocol: "tcp", + StartNode: "resolver:other.default.default.dc1", + Default: false, /*being explicit here because this is the whole point of this test*/ + Nodes: map[string]*structs.DiscoveryGraphNode{ + "resolver:other.default.default.dc1": { + Type: structs.DiscoveryGraphNodeTypeResolver, + Name: "other.default.default.dc1", + Resolver: &structs.DiscoveryResolver{ + Default: true, + ConnectTimeout: 5 * time.Second, + Target: "other.default.default.dc1", + }, + }, + }, + Targets: map[string]*structs.DiscoveryTarget{ + "other.default.default.dc1": newTarget("other", "", "default", "default", "dc1", nil), + }, + } + + return compileTestCase{entries: entries, expect: expect} } func testcase_Resolve_WithDefaultSubset() compileTestCase { @@ -1570,6 +1669,7 @@ func testcase_DefaultResolver_ExternalSNI() compileTestCase { expect := &structs.CompiledDiscoveryChain{ Protocol: "tcp", + Default: true, StartNode: "resolver:main.default.default.dc1", Nodes: map[string]*structs.DiscoveryGraphNode{ "resolver:main.default.default.dc1": { @@ -1589,7 +1689,7 @@ func testcase_DefaultResolver_ExternalSNI() compileTestCase { }), }, } - return compileTestCase{entries: entries, expect: expect, expectIsDefault: true} + return compileTestCase{entries: entries, expect: expect} } func testcase_Resolver_ExternalSNI_FailoverNotAllowed() compileTestCase { @@ -2249,6 +2349,7 @@ func testcase_ResolverProtocolOverride() compileTestCase { expect := &structs.CompiledDiscoveryChain{ Protocol: "http2", + Default: true, StartNode: "resolver:main.default.default.dc1", Nodes: map[string]*structs.DiscoveryGraphNode{ "resolver:main.default.default.dc1": { @@ -2266,7 +2367,7 @@ func testcase_ResolverProtocolOverride() compileTestCase { "main.default.default.dc1": newTarget("main", "", "default", "default", "dc1", nil), }, } - return compileTestCase{entries: entries, expect: expect, expectIsDefault: true, + return compileTestCase{entries: entries, expect: expect, expectCustom: true, setup: func(req *CompileRequest) { req.OverrideProtocol = "http2" @@ -2282,6 +2383,7 @@ func testcase_ResolverProtocolOverrideIgnored() compileTestCase { expect := &structs.CompiledDiscoveryChain{ Protocol: "http2", + Default: true, StartNode: "resolver:main.default.default.dc1", Nodes: map[string]*structs.DiscoveryGraphNode{ "resolver:main.default.default.dc1": { @@ -2299,7 +2401,7 @@ func testcase_ResolverProtocolOverrideIgnored() compileTestCase { "main.default.default.dc1": newTarget("main", "", "default", "default", "dc1", nil), }, } - return compileTestCase{entries: entries, expect: expect, expectIsDefault: true, + return compileTestCase{entries: entries, expect: expect, setup: func(req *CompileRequest) { req.OverrideProtocol = "http2" }, @@ -2320,6 +2422,7 @@ func testcase_RouterIgnored_ResolverProtocolOverride() compileTestCase { expect := &structs.CompiledDiscoveryChain{ Protocol: "tcp", StartNode: "resolver:main.default.default.dc1", + Default: true, Nodes: map[string]*structs.DiscoveryGraphNode{ "resolver:main.default.default.dc1": { Type: structs.DiscoveryGraphNodeTypeResolver, @@ -2336,7 +2439,7 @@ func testcase_RouterIgnored_ResolverProtocolOverride() compileTestCase { "main.default.default.dc1": newTarget("main", "", "default", "default", "dc1", nil), }, } - return compileTestCase{entries: entries, expect: expect, expectIsDefault: true, + return compileTestCase{entries: entries, expect: expect, expectCustom: true, setup: func(req *CompileRequest) { req.OverrideProtocol = "tcp" diff --git a/agent/discovery_chain_endpoint_test.go b/agent/discovery_chain_endpoint_test.go index 78fcfe303..3db87ba52 100644 --- a/agent/discovery_chain_endpoint_test.go +++ b/agent/discovery_chain_endpoint_test.go @@ -8,11 +8,12 @@ import ( "testing" "time" + "github.com/stretchr/testify/require" + "github.com/hashicorp/consul/agent/connect" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/sdk/testutil/retry" "github.com/hashicorp/consul/testrpc" - "github.com/stretchr/testify/require" ) func TestDiscoveryChainRead(t *testing.T) { @@ -79,6 +80,7 @@ func TestDiscoveryChainRead(t *testing.T) { Partition: "default", Datacenter: "dc1", Protocol: "tcp", + Default: true, StartNode: "resolver:web.default.default.dc1", Nodes: map[string]*structs.DiscoveryGraphNode{ "resolver:web.default.default.dc1": { @@ -122,6 +124,7 @@ func TestDiscoveryChainRead(t *testing.T) { Namespace: "default", Partition: "default", Datacenter: "dc2", + Default: true, Protocol: "tcp", StartNode: "resolver:web.default.default.dc2", Nodes: map[string]*structs.DiscoveryGraphNode{ @@ -175,6 +178,7 @@ func TestDiscoveryChainRead(t *testing.T) { Namespace: "default", Partition: "default", Datacenter: "dc1", + Default: true, Protocol: "tcp", StartNode: "resolver:web.default.default.dc1", Nodes: map[string]*structs.DiscoveryGraphNode{ diff --git a/agent/proxycfg/testing_connect_proxy.go b/agent/proxycfg/testing_connect_proxy.go index b23f02585..35a8e6011 100644 --- a/agent/proxycfg/testing_connect_proxy.go +++ b/agent/proxycfg/testing_connect_proxy.go @@ -16,7 +16,7 @@ func TestConfigSnapshot(t testing.T, nsFn func(ns *structs.NodeService), extraUp // no entries implies we'll get a default chain dbChain := discoverychain.TestCompileConfigEntries(t, "db", "default", "default", "dc1", connect.TestClusterID+".consul", nil) - assert.True(t, dbChain.IsDefault()) + assert.True(t, dbChain.Default) var ( upstreams = structs.TestUpstreams(t) diff --git a/agent/proxycfg/testing_ingress_gateway.go b/agent/proxycfg/testing_ingress_gateway.go index c3360fd96..7686993ba 100644 --- a/agent/proxycfg/testing_ingress_gateway.go +++ b/agent/proxycfg/testing_ingress_gateway.go @@ -685,10 +685,10 @@ func TestConfigSnapshotIngress_HTTPMultipleServices(t testing.T) *ConfigSnapshot quxChain = discoverychain.TestCompileConfigEntries(t, "qux", "default", "default", "dc1", connect.TestClusterID+".consul", nil, entries...) ) - require.False(t, fooChain.IsDefault()) - require.False(t, barChain.IsDefault()) - require.True(t, bazChain.IsDefault()) - require.True(t, quxChain.IsDefault()) + require.False(t, fooChain.Default) + require.False(t, barChain.Default) + require.True(t, bazChain.Default) + require.True(t, quxChain.Default) return TestConfigSnapshotIngressGateway(t, false, "http", "default", nil, func(entry *structs.IngressGatewayConfigEntry) { entry.Listeners = []structs.IngressListener{ diff --git a/agent/structs/discovery_chain.go b/agent/structs/discovery_chain.go index 86c24515d..0dd3010e7 100644 --- a/agent/structs/discovery_chain.go +++ b/agent/structs/discovery_chain.go @@ -26,9 +26,17 @@ type CompiledDiscoveryChain struct { // non-customized versions. CustomizationHash string `json:",omitempty"` + // Default indicates if this discovery chain is based on no + // service-resolver, service-splitter, or service-router config entries. + Default bool `json:",omitempty"` + // Protocol is the overall protocol shared by everything in the chain. Protocol string `json:",omitempty"` + // ServiceMeta is the metadata from the underlying service-defaults config + // entry for the service named ServiceName. + ServiceMeta map[string]string `json:",omitempty"` + // StartNode is the first key into the Nodes map that should be followed // when walking the discovery chain. StartNode string `json:",omitempty"` @@ -62,33 +70,6 @@ func (c *CompiledDiscoveryChain) WillFailoverThroughMeshGateway(node *DiscoveryG return false } -// IsDefault returns true if the compiled chain represents no routing, no -// splitting, and only the default resolution. We have to be careful here to -// avoid returning "yep this is default" when the only resolver action being -// applied is redirection to another resolver that is default, so we double -// check the resolver matches the requested resolver. -func (c *CompiledDiscoveryChain) IsDefault() bool { - if c.StartNode == "" || len(c.Nodes) == 0 { - return true - } - - node := c.Nodes[c.StartNode] - if node == nil { - panic("not possible: missing node named '" + c.StartNode + "' in chain '" + c.ServiceName + "'") - } - - if node.Type != DiscoveryGraphNodeTypeResolver { - return false - } - if !node.Resolver.Default { - return false - } - - target := c.Targets[node.Resolver.Target] - - return target.Service == c.ServiceName && target.Namespace == c.Namespace && target.Partition == c.Partition -} - // ID returns an ID that encodes the service, namespace, partition, and datacenter. // This ID allows us to compare a discovery chain target to the chain upstream itself. func (c *CompiledDiscoveryChain) ID() string { diff --git a/agent/xds/clusters.go b/agent/xds/clusters.go index 283df4125..716c320d3 100644 --- a/agent/xds/clusters.go +++ b/agent/xds/clusters.go @@ -612,7 +612,7 @@ func (s *ResourceGenerator) makeUpstreamClustersForDiscoveryChain( var escapeHatchCluster *envoy_cluster_v3.Cluster if cfg.EnvoyClusterJSON != "" { - if chain.IsDefault() { + if chain.Default { // If you haven't done anything to setup the discovery chain, then // you can use the envoy_cluster_json escape hatch. escapeHatchCluster, err = makeClusterFromUserConfig(cfg.EnvoyClusterJSON) diff --git a/agent/xds/endpoints.go b/agent/xds/endpoints.go index 9981dc940..b1a38f0cd 100644 --- a/agent/xds/endpoints.go +++ b/agent/xds/endpoints.go @@ -393,7 +393,7 @@ func (s *ResourceGenerator) endpointsFromDiscoveryChain( var escapeHatchCluster *envoy_cluster_v3.Cluster if cfg.EnvoyClusterJSON != "" { - if chain.IsDefault() { + if chain.Default { // If you haven't done anything to setup the discovery chain, then // you can use the envoy_cluster_json escape hatch. escapeHatchCluster, err = makeClusterFromUserConfig(cfg.EnvoyClusterJSON) diff --git a/agent/xds/listeners.go b/agent/xds/listeners.go index 68ab9c1bf..2a671c40d 100644 --- a/agent/xds/listeners.go +++ b/agent/xds/listeners.go @@ -115,7 +115,7 @@ func (s *ResourceGenerator) listenersFromSnapshotConnectProxy(cfgSnap *proxycfg. } // RDS, Envoy's Route Discovery Service, is only used for HTTP services with a customized discovery chain. - useRDS := chain.Protocol != "tcp" && !chain.IsDefault() + useRDS := chain.Protocol != "tcp" && !chain.Default var clusterName string if !useRDS { @@ -1303,7 +1303,7 @@ func (s *ResourceGenerator) getAndModifyUpstreamConfigForListener( if u != nil { configMap = u.Config } - if chain == nil || chain.IsDefault() { + if chain == nil || chain.Default { cfg, err = structs.ParseUpstreamConfigNoDefaults(configMap) if err != nil { // Don't hard fail on a config typo, just warn. The parse func returns diff --git a/agent/xds/listeners_ingress.go b/agent/xds/listeners_ingress.go index 3ab7de3c0..cd2023d2b 100644 --- a/agent/xds/listeners_ingress.go +++ b/agent/xds/listeners_ingress.go @@ -48,7 +48,7 @@ func (s *ResourceGenerator) makeIngressGatewayListeners(address string, cfgSnap // RDS, Envoy's Route Discovery Service, is only used for HTTP services with a customized discovery chain. // TODO(freddy): Why can the protocol of the listener be overridden here? - useRDS := cfg.Protocol != "tcp" && !chain.IsDefault() + useRDS := cfg.Protocol != "tcp" && !chain.Default var clusterName string if !useRDS { diff --git a/agent/xds/routes.go b/agent/xds/routes.go index e6ed55df8..0a772d3f5 100644 --- a/agent/xds/routes.go +++ b/agent/xds/routes.go @@ -45,7 +45,7 @@ func (s *ResourceGenerator) routesFromSnapshot(cfgSnap *proxycfg.ConfigSnapshot) func (s *ResourceGenerator) routesForConnectProxy(cfgSnap *proxycfg.ConfigSnapshot) ([]proto.Message, error) { var resources []proto.Message for uid, chain := range cfgSnap.ConnectProxy.DiscoveryChain { - if chain.IsDefault() { + if chain.Default { continue } diff --git a/api/discovery_chain.go b/api/discovery_chain.go index 29bda8591..d198b2bb5 100644 --- a/api/discovery_chain.go +++ b/api/discovery_chain.go @@ -109,9 +109,17 @@ type CompiledDiscoveryChain struct { // non-customized versions. CustomizationHash string + // Default indicates if this discovery chain is based on no + // service-resolver, service-splitter, or service-router config entries. + Default bool + // Protocol is the overall protocol shared by everything in the chain. Protocol string + // ServiceMeta is the metadata from the underlying service-defaults config + // entry for the service named ServiceName. + ServiceMeta map[string]string + // StartNode is the first key into the Nodes map that should be followed // when walking the discovery chain. StartNode string diff --git a/api/discovery_chain_test.go b/api/discovery_chain_test.go index 99f97fa9d..049ce3963 100644 --- a/api/discovery_chain_test.go +++ b/api/discovery_chain_test.go @@ -32,6 +32,7 @@ func TestAPI_DiscoveryChain_Get(t *testing.T) { Namespace: "default", Datacenter: "dc1", Protocol: "tcp", + Default: true, StartNode: "resolver:web.default.default.dc1", Nodes: map[string]*DiscoveryGraphNode{ "resolver:web.default.default.dc1": { @@ -72,6 +73,7 @@ func TestAPI_DiscoveryChain_Get(t *testing.T) { Namespace: "default", Datacenter: "dc2", Protocol: "tcp", + Default: true, StartNode: "resolver:web.default.default.dc2", Nodes: map[string]*DiscoveryGraphNode{ "resolver:web.default.default.dc2": { diff --git a/website/content/docs/connect/l7-traffic/discovery-chain.mdx b/website/content/docs/connect/l7-traffic/discovery-chain.mdx index 807c92b98..41a32a9b5 100644 --- a/website/content/docs/connect/l7-traffic/discovery-chain.mdx +++ b/website/content/docs/connect/l7-traffic/discovery-chain.mdx @@ -121,9 +121,15 @@ resolved by name using the [`Targets`](#targets) field. balancer data plane objects to avoid sharing customized and non-customized versions. +- `Default` `(bool: )` - Indicates if this discovery chain is based on no + `service-resolver`, `service-splitter`, or `service-router` config entries. + - `Protocol` `(string)` - The overall protocol shared by everything in the chain. +- `ServiceMeta` `(map)` - The metadata from the underlying `service-defaults` config + entry for the service named `ServiceName`. + - `StartNode` `(string)` - The first key into the `Nodes` map that should be followed when traversing the discovery chain. From 232da6e8f42b9805385f1bbccc2fc00c9db8e6d6 Mon Sep 17 00:00:00 2001 From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com> Date: Wed, 30 Mar 2022 10:08:17 -0500 Subject: [PATCH 041/785] build: auto install correct version of protoc locally (#12651) --- .circleci/config.yml | 9 --------- .gitignore | 3 ++- GNUmakefile | 32 +++++++++++++++++++----------- build-support/scripts/proto-gen.sh | 21 ++++++++++++++++++-- 4 files changed, 41 insertions(+), 24 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 80b19a03e..c39652d7b 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -226,15 +226,6 @@ jobs: <<: *ENVIRONMENT steps: - checkout - - run: - name: Install protobuf - command: | - protoc_version="$(make print-PROTOC_VERSION)" - wget https://github.com/protocolbuffers/protobuf/releases/download/v${protoc_version}/protoc-${protoc_version}-linux-x86_64.zip - sudo unzip -d /usr/local protoc-*.zip - sudo chmod +x /usr/local/bin/protoc - sudo chmod -R a+Xr /usr/local/include/google/ - rm protoc-*.zip - run: name: Install protobuf command: make proto-tools diff --git a/.gitignore b/.gitignore index 204a06653..e67312cbe 100644 --- a/.gitignore +++ b/.gitignore @@ -6,6 +6,7 @@ *.test .envrc .gotools +.protobuf .vagrant/ /pkg bin/ @@ -59,4 +60,4 @@ override.tf.json # Ignore CLI configuration files .terraformrc -terraform.rc \ No newline at end of file +terraform.rc diff --git a/GNUmakefile b/GNUmakefile index 097e22539..120a2dfd8 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -12,6 +12,11 @@ GOTOOLS = \ github.com/hashicorp/lint-consul-retry@master PROTOC_VERSION=3.12.3 +PROTOC_OS := $(shell if test "$(uname)" == "Darwin"; then echo osx; else echo linux; fi) +PROTOC_ZIP := protoc-$(PROTOC_VERSION)-$(PROTOC_OS)-x86_64.zip +PROTOC_URL := https://github.com/protocolbuffers/protobuf/releases/download/v$(PROTOC_VERSION)/$(PROTOC_ZIP) +PROTOC_ROOT := .protobuf/protoc-$(PROTOC_OS)-$(PROTOC_VERSION) +PROTOC_BIN := $(PROTOC_ROOT)/bin/protoc GOPROTOVERSION?=$(shell grep github.com/golang/protobuf go.mod | awk '{print $$2}') GOPROTOTOOLS = \ github.com/golang/protobuf/protoc-gen-go@$(GOPROTOVERSION) \ @@ -33,7 +38,7 @@ GIT_DIRTY?=$(shell test -n "`git status --porcelain`" && echo "+CHANGES" || true GIT_IMPORT=github.com/hashicorp/consul/version GOLDFLAGS=-X $(GIT_IMPORT).GitCommit=$(GIT_COMMIT)$(GIT_DIRTY) -PROTOFILES?=$(shell find . -name '*.proto' | grep -v 'vendor/') +PROTOFILES?=$(shell find . -name '*.proto' | grep -v 'vendor/' | grep -v '.protobuf' ) PROTOGOFILES=$(PROTOFILES:.proto=.pb.go) PROTOGOBINFILES=$(PROTOFILES:.proto=.pb.binary.go) @@ -353,22 +358,25 @@ else @go test -v ./agent -run Vault endif -.PHONY: protoc-check -protoc-check: - $(info checking protocol buffer compiler version (expect: $(PROTOC_VERSION))) - @if ! command -v protoc &>/dev/null; then \ - echo "ERROR: protoc is not installed; please install version $(PROTOC_VERSION)" >&2 ; \ - exit 1 ; \ - fi - @if [[ "$$(protoc --version | cut -d' ' -f2)" != "$(PROTOC_VERSION)" ]]; then \ - echo "ERROR: protoc version $(PROTOC_VERSION) is required" >&2 ; \ +.PHONY: protoc-install +protoc-install: + $(info locally installing protocol buffer compiler version if needed (expect: $(PROTOC_VERSION))) + @if [[ ! -x $(PROTOC_ROOT)/bin/protoc ]]; then \ + mkdir -p .protobuf/tmp ; \ + if [[ ! -f .protobuf/tmp/$(PROTOC_ZIP) ]]; then \ + ( cd .protobuf/tmp && curl -sSL "$(PROTOC_URL)" -o "$(PROTOC_ZIP)" ) ; \ + fi ; \ + mkdir -p $(PROTOC_ROOT) ; \ + unzip -d $(PROTOC_ROOT) .protobuf/tmp/$(PROTOC_ZIP) ; \ + chmod -R a+Xr $(PROTOC_ROOT) ; \ + chmod +x $(PROTOC_ROOT)/bin/protoc ; \ fi -proto: protoc-check $(PROTOGOFILES) $(PROTOGOBINFILES) +proto: protoc-install $(PROTOGOFILES) $(PROTOGOBINFILES) @echo "Generated all protobuf Go files" %.pb.go %.pb.binary.go: %.proto - @$(SHELL) $(CURDIR)/build-support/scripts/proto-gen.sh --grpc "$<" + @$(SHELL) $(CURDIR)/build-support/scripts/proto-gen.sh --grpc --protoc-bin "$(PROTOC_BIN)" "$<" # utility to echo a makefile variable (i.e. 'make print-PROTOC_VERSION') print-% : ; @echo $($*) diff --git a/build-support/scripts/proto-gen.sh b/build-support/scripts/proto-gen.sh index c1dedc52e..022b2ff44 100755 --- a/build-support/scripts/proto-gen.sh +++ b/build-support/scripts/proto-gen.sh @@ -23,6 +23,7 @@ Description: generated code. Options: + --protoc-bin Path to protoc. --import-replace Replace imports of google types with those from the protobuf repo. --grpc Enable the gRPC plugin -h | --help Print this help text. @@ -38,6 +39,7 @@ function err_usage { function main { local -i grpc=0 local proto_path= + local protoc_bin= while test $# -gt 0 do @@ -50,6 +52,10 @@ function main { grpc=1 shift ;; + --protoc-bin ) + protoc_bin="$2" + shift 2 + ;; * ) proto_path="$1" shift @@ -63,6 +69,17 @@ function main { return 1 fi + if test -z "${protoc_bin}" + then + protoc_bin="$(command -v protoc)" + if test -z "${protoc_bin}" + then + err_usage "ERROR: no proto-bin specified and protoc could not be discovered" + return 1 + fi + fi + + go mod download local golang_proto_path=$(go list -f '{{ .Dir }}' -m github.com/golang/protobuf) @@ -92,14 +109,14 @@ function main { # -I="${golang_proto_path}/protobuf" \ local -i ret=0 status_stage "Generating ${proto_path} into ${proto_go_path} and ${proto_go_bin_path} ${mog_input_path}/*.gen.go" - echo "debug_run protoc \ + echo "debug_run ${protoc_bin} \ -I=\"${golang_proto_path}\" \ -I=\"${golang_proto_mod_path}\" \ -I=\"${SOURCE_DIR}\" \ --go_out=\"${go_proto_out}${SOURCE_DIR}\" \ --go-binary_out=\"${SOURCE_DIR}\" \ \"${proto_path}\"" - debug_run protoc \ + debug_run ${protoc_bin} \ -I="${golang_proto_path}" \ -I="${golang_proto_mod_path}" \ -I="${SOURCE_DIR}" \ From c5a2de0c9b9b594efc3d78cceb85998fc1cb91b2 Mon Sep 17 00:00:00 2001 From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com> Date: Wed, 30 Mar 2022 10:37:44 -0500 Subject: [PATCH 042/785] need two dollar signs for a shell variable in makefiles (#12657) --- GNUmakefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/GNUmakefile b/GNUmakefile index 120a2dfd8..0649580b3 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -12,7 +12,7 @@ GOTOOLS = \ github.com/hashicorp/lint-consul-retry@master PROTOC_VERSION=3.12.3 -PROTOC_OS := $(shell if test "$(uname)" == "Darwin"; then echo osx; else echo linux; fi) +PROTOC_OS := $(shell if test "$$(uname)" == "Darwin"; then echo osx; else echo linux; fi) PROTOC_ZIP := protoc-$(PROTOC_VERSION)-$(PROTOC_OS)-x86_64.zip PROTOC_URL := https://github.com/protocolbuffers/protobuf/releases/download/v$(PROTOC_VERSION)/$(PROTOC_ZIP) PROTOC_ROOT := .protobuf/protoc-$(PROTOC_OS)-$(PROTOC_VERSION) From 8d51e22d269535ca12136ae494bfcdb870607e31 Mon Sep 17 00:00:00 2001 From: Matt Keeler Date: Wed, 30 Mar 2022 11:38:44 -0400 Subject: [PATCH 043/785] Update raft-boltdb to pull in new writeCapacity metric (#12646) --- .changelog/12646.txt | 3 +++ go.mod | 2 +- go.sum | 4 ++-- website/content/docs/agent/telemetry.mdx | 24 ++++++++++++------------ 4 files changed, 18 insertions(+), 15 deletions(-) create mode 100644 .changelog/12646.txt diff --git a/.changelog/12646.txt b/.changelog/12646.txt new file mode 100644 index 000000000..1dddfc115 --- /dev/null +++ b/.changelog/12646.txt @@ -0,0 +1,3 @@ +```release-note:improvement +metrics: The `consul.raft.boltdb.writeCapacity` metric was added and indicates a theoretical number of writes/second that can be performed to Consul. +``` diff --git a/go.mod b/go.mod index e438f1bf2..9f43af2bb 100644 --- a/go.mod +++ b/go.mod @@ -55,7 +55,7 @@ require ( github.com/hashicorp/raft v1.3.6 github.com/hashicorp/raft-autopilot v0.1.5 github.com/hashicorp/raft-boltdb v0.0.0-20211202195631-7d34b9fb3f42 // indirect - github.com/hashicorp/raft-boltdb/v2 v2.2.0 + github.com/hashicorp/raft-boltdb/v2 v2.2.2 github.com/hashicorp/serf v0.9.7 github.com/hashicorp/vault/api v1.0.5-0.20200717191844-f687267c8086 github.com/hashicorp/vault/sdk v0.1.14-0.20200519221838-e0cfd64bc267 diff --git a/go.sum b/go.sum index 688dd2b8f..972a1634c 100644 --- a/go.sum +++ b/go.sum @@ -304,8 +304,8 @@ github.com/hashicorp/raft-boltdb v0.0.0-20171010151810-6e5ba93211ea/go.mod h1:pN github.com/hashicorp/raft-boltdb v0.0.0-20210409134258-03c10cc3d4ea/go.mod h1:qRd6nFJYYS6Iqnc/8HcUmko2/2Gw8qTFEmxDLii6W5I= github.com/hashicorp/raft-boltdb v0.0.0-20211202195631-7d34b9fb3f42 h1:Ye8SofeDHJzu9xvvaMmpMkqHELWW7rTcXwdUR0CWW48= github.com/hashicorp/raft-boltdb v0.0.0-20211202195631-7d34b9fb3f42/go.mod h1:wcXL8otVu5cpJVLjcmq7pmfdRCdaP+xnvu7WQcKJAhs= -github.com/hashicorp/raft-boltdb/v2 v2.2.0 h1:/CVN9LSAcH50L3yp2TsPFIpeyHn1m3VF6kiutlDE3Nw= -github.com/hashicorp/raft-boltdb/v2 v2.2.0/go.mod h1:SgPUD5TP20z/bswEr210SnkUFvQP/YjKV95aaiTbeMQ= +github.com/hashicorp/raft-boltdb/v2 v2.2.2 h1:rlkPtOllgIcKLxVT4nutqlTH2NRFn+tO1wwZk/4Dxqw= +github.com/hashicorp/raft-boltdb/v2 v2.2.2/go.mod h1:N8YgaZgNJLpZC+h+by7vDu5rzsRgONThTEeUS3zWbfY= github.com/hashicorp/serf v0.9.6/go.mod h1:TXZNMjZQijwlDvp+r0b63xZ45H7JmCmgg4gpTwn9UV4= github.com/hashicorp/serf v0.9.7 h1:hkdgbqizGQHuU5IPqYM1JdSMV8nKfpuOnZYXssk9muY= github.com/hashicorp/serf v0.9.7/go.mod h1:TXZNMjZQijwlDvp+r0b63xZ45H7JmCmgg4gpTwn9UV4= diff --git a/website/content/docs/agent/telemetry.mdx b/website/content/docs/agent/telemetry.mdx index 029ff9bcb..1c02cebf0 100644 --- a/website/content/docs/agent/telemetry.mdx +++ b/website/content/docs/agent/telemetry.mdx @@ -273,9 +273,10 @@ This metric should be monitored to ensure that the license doesn't expire to pre | Metric Name | Description | Unit | Type | | :-------------------------------- | :--------------------------------------------------------------- | :---- | :---- | -| `consul.raft.boltdb.freelistBytes` | Represents the number of bytes necessary to encode the freelist metadata. When [`raft_boltdb.NoFreelistSync`](/docs/agent/options#NoFreelistSync) is set to `false` these metadata bytes must also be written to disk for each committed log. | bytes | gauge | -| `consul.raft.boltdb.logsPerBatch` | Measures the number of logs being written per batch to the db. | logs | sample | -| `consul.raft.boltdb.storeLogs` | Measures the amount of time spent writing logs to the db. | ms | timer | +| `consul.raft.boltdb.freelistBytes` | Represents the number of bytes necessary to encode the freelist metadata. When [`raft_boltdb.NoFreelistSync`](/docs/agent/options#NoFreelistSync) is set to `false` these metadata bytes must also be written to disk for each committed log. | bytes | gauge | +| `consul.raft.boltdb.logsPerBatch` | Measures the number of logs being written per batch to the db. | logs | sample | +| `consul.raft.boltdb.storeLogs` | Measures the amount of time spent writing logs to the db. | ms | timer | +| `consul.raft.boltdb.writeCapacity` | Theoretical write capacity in terms of the number of logs that can be written per second. Each sample outputs what the capacity would be if future batched log write operations were similar to this one. This similarity encompasses 4 things: batch size, byte size, disk performance and boltdb performance. While none of these will be static and its highly likely individual samples of this metric will vary, aggregating this metric over a larger time window should provide a decent picture into how this BoltDB store can perform | logs/second | sample | ** Requirements: ** @@ -293,15 +294,13 @@ upper limit to the throughput of write operations within Consul. In Consul each write operation will turn into a single Raft log to be committed. Raft will process these logs and store them within Bolt DB in batches. Each call to store logs within Bolt DB is measured to record how long -it took as well as how many logs were contained in the batch. Writing logs is this fashion is serialized so that -a subsequent log storage operation can only be started after the previous one completed. Therefore the maximum number -of log storage operations that can be performed each second can be calculated with the following equation: -`(1000 ms) / (consul.raft.boltdb.storeLogs ms/op)`. From there we can extrapolate the maximum number of Consul writes -per second by multiplying that value by the `consul.raft.boltdb.logsPerBatch` metric's value. When log storage -operations are becoming slower you may not see an immediate decrease in write throughput to Consul due to increased -batch sizes of the each operation. However, the max batch size allowed is 64 logs. Therefore if the `logsPerBatch` -metric is near 64 and the `storeLogs` metric is seeing increased time to write each batch to disk, then it is likely -that increased write latencies and other errors may occur. +it took as well as how many logs were contained in the batch. Writing logs in this fashion is serialized so that +a subsequent log storage operation can only be started after the previous one completed. The maximum number +of log storage operations that can be performed each second is represented with the `consul.raft.boltdb.writeCapacity` +metric. When log storage operations are becoming slower you may not see an immediate decrease in write capacity +due to increased batch sizes of the each operation. However, the max batch size allowed is 64 logs. Therefore if +the `logsPerBatch` metric is near 64 and the `storeLogs` metric is seeing increased time to write each batch to disk, +then it is likely that increased write latencies and other errors may occur. There can be a number of potential issues that can cause this. Often times it could be performance of the underlying disks that is the issue. Other times it may be caused by Bolt DB behavior. Bolt DB keeps track of free space within @@ -421,6 +420,7 @@ These metrics are used to monitor the health of the Consul servers. | `consul.raft.boltdb.txstats.split` | Counts the number of nodes split in the db since Consul was started. | splits | counter | | `consul.raft.boltdb.txstats.write` | Counts the number of writes to the db since Consul was started. | writes | counter | | `consul.raft.boltdb.txstats.writeTime` | Measures the amount of time spent performing writes to the db. | ms | timer | +| `consul.raft.boltdb.writeCapacity` | Theoretical write capacity in terms of the number of logs that can be written per second. Each sample outputs what the capacity would be if future batched log write operations were similar to this one. This similarity encompasses 4 things: batch size, byte size, disk performance and boltdb performance. While none of these will be static and its highly likely individual samples of this metric will vary, aggregating this metric over a larger time window should provide a decent picture into how this BoltDB store can perform | logs/second | sample | | `consul.raft.commitNumLogs` | Measures the count of logs processed for application to the FSM in a single batch. | logs | gauge | | `consul.raft.commitTime` | Measures the time it takes to commit a new entry to the Raft log on the leader. | ms | timer | | `consul.raft.fsm.lastRestoreDuration` | Measures the time taken to restore the FSM from a snapshot on an agent restart or from the leader calling installSnapshot. This is a gauge that holds it's value since most servers only restore during restarts which are typically infrequent. | ms | gauge | From 91a493efe9cc3a95850dce1512ce498be756759f Mon Sep 17 00:00:00 2001 From: Eric Date: Wed, 30 Mar 2022 12:51:56 -0400 Subject: [PATCH 044/785] Bump go-control-plane * `go get cloud.google.com/go@v0.59.0` * `go get github.com/envoyproxy/go-control-plane@v0.9.9` * `make envoy-library` * Bumpprotoc to 3.15.8 --- GNUmakefile | 4 +- agent/auto-config/mock_test.go | 5 + agent/config/runtime_test.go | 13 +- agent/consul/auto_config_endpoint_test.go | 77 +- agent/consul/state/catalog_events_test.go | 14 +- agent/consul/state/connect_ca_test.go | 3 +- agent/grpc/private/handler_test.go | 2 +- .../private/internal/testservice/simple.pb.go | 288 ++-- .../services/subscribe/subscribe_test.go | 29 +- agent/grpc/private/stats_test.go | 12 +- agent/rpcclient/health/view.go | 6 +- agent/rpcclient/health/view_test.go | 24 +- agent/structs/structs.go | 9 +- agent/submatview/materializer.go | 6 +- agent/submatview/store_test.go | 4 +- agent/xds/clusters.go | 26 +- ...th-chain-and-overrides.envoy-1-20-x.golden | 9 +- ...grpc-new-cluster-http1.envoy-1-20-x.golden | 9 +- ...aths-new-cluster-http2.envoy-1-20-x.golden | 9 +- ...ss-gateway-no-services.envoy-1-20-x.golden | 2 - ...sh-gateway-no-services.envoy-1-20-x.golden | 2 - ...ng-gateway-no-services.envoy-1-20-x.golden | 2 - ...ss-gateway-no-services.envoy-1-20-x.golden | 2 - ...sh-gateway-no-services.envoy-1-20-x.golden | 2 - ...ng-gateway-no-services.envoy-1-20-x.golden | 2 - ...ss-gateway-no-services.envoy-1-20-x.golden | 2 - .../routes/defaults.envoy-1-20-x.golden | 2 - ...ress-defaults-no-chain.envoy-1-20-x.golden | 2 - ...ith-chain-external-sni.envoy-1-20-x.golden | 2 - .../ingress-with-chain.envoy-1-20-x.golden | 2 - agent/xds/xds_protocol_helpers_test.go | 23 +- agent/xds/z_xds_packages.go | 129 +- .../scripts/envoy-library-references.sh | 4 +- build-support/scripts/proto-gen.sh | 6 +- connect/tls_test.go | 10 +- go.mod | 15 +- go.sum | 250 ++- proto/pbacl/acl.pb.go | 183 ++- proto/pbautoconf/auto_config.pb.go | 359 ++-- proto/pbcommon/common.go | 12 +- proto/pbcommon/common.pb.go | 871 ++++++---- proto/pbconfig/config.pb.go | 1133 ++++++++----- proto/pbconnect/connect.pb.go | 645 +++++--- proto/pbservice/healthcheck.pb.go | 1120 ++++++++----- proto/pbservice/ids_test.go | 14 +- proto/pbservice/node.pb.go | 643 +++++--- proto/pbservice/service.pb.go | 1441 +++++++++++------ proto/pbsubscribe/subscribe.pb.go | 744 ++++++--- 48 files changed, 5269 insertions(+), 2904 deletions(-) diff --git a/GNUmakefile b/GNUmakefile index 0649580b3..873d1ad60 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -11,7 +11,7 @@ GOTOOLS = \ github.com/golangci/golangci-lint/cmd/golangci-lint@v1.40.1 \ github.com/hashicorp/lint-consul-retry@master -PROTOC_VERSION=3.12.3 +PROTOC_VERSION=3.15.8 PROTOC_OS := $(shell if test "$$(uname)" == "Darwin"; then echo osx; else echo linux; fi) PROTOC_ZIP := protoc-$(PROTOC_VERSION)-$(PROTOC_OS)-x86_64.zip PROTOC_URL := https://github.com/protocolbuffers/protobuf/releases/download/v$(PROTOC_VERSION)/$(PROTOC_ZIP) @@ -22,7 +22,7 @@ GOPROTOTOOLS = \ github.com/golang/protobuf/protoc-gen-go@$(GOPROTOVERSION) \ github.com/hashicorp/protoc-gen-go-binary@master \ github.com/favadi/protoc-go-inject-tag@v1.3.0 \ - github.com/hashicorp/mog@v0.1.1 + github.com/hashicorp/mog@v0.1.2 GOTAGS ?= GOPATH=$(shell go env GOPATH) diff --git a/agent/auto-config/mock_test.go b/agent/auto-config/mock_test.go index 49d3ed29e..45fd42ef4 100644 --- a/agent/auto-config/mock_test.go +++ b/agent/auto-config/mock_test.go @@ -276,6 +276,11 @@ func (m *mockedConfig) expectInitialTLS(t *testing.T, agentName, datacenter, tok for _, root := range indexedRoots.Roots { pems = append(pems, root.RootCert) } + for _, root := range indexedRoots.Roots { + if len(root.IntermediateCerts) == 0 { + root.IntermediateCerts = nil + } + } // we should update the TLS configurator with the proper certs m.tlsCfg.On("UpdateAutoTLS", diff --git a/agent/config/runtime_test.go b/agent/config/runtime_test.go index b239b1ed4..d74650c07 100644 --- a/agent/config/runtime_test.go +++ b/agent/config/runtime_test.go @@ -18,7 +18,6 @@ import ( "time" "github.com/armon/go-metrics/prometheus" - "github.com/google/go-cmp/cmp" "github.com/google/go-cmp/cmp/cmpopts" "github.com/stretchr/testify/require" @@ -30,6 +29,7 @@ import ( "github.com/hashicorp/consul/agent/token" "github.com/hashicorp/consul/lib" "github.com/hashicorp/consul/logging" + "github.com/hashicorp/consul/proto/prototest" "github.com/hashicorp/consul/sdk/testutil" "github.com/hashicorp/consul/tlsutil" "github.com/hashicorp/consul/types" @@ -5604,7 +5604,7 @@ func (tc testCase) run(format string, dataDir string) func(t *testing.T) { expected.ACLResolverSettings.NodeName = expected.NodeName expected.ACLResolverSettings.EnterpriseMeta = *structs.NodeEnterpriseMetaInPartition(expected.PartitionOrDefault()) - assertDeepEqual(t, expected, actual, cmpopts.EquateEmpty()) + prototest.AssertDeepEqual(t, expected, actual, cmpopts.EquateEmpty()) } } @@ -5617,13 +5617,6 @@ func runCase(t *testing.T, name string, fn func(t *testing.T)) { }) } -func assertDeepEqual(t *testing.T, x, y interface{}, opts ...cmp.Option) { - t.Helper() - if diff := cmp.Diff(x, y, opts...); diff != "" { - t.Fatalf("assertion failed: values are not equal\n--- expected\n+++ actual\n%v", diff) - } -} - func TestLoad_InvalidConfigFormat(t *testing.T) { _, err := Load(LoadOpts{ConfigFormat: "yaml"}) require.Error(t, err) @@ -6432,7 +6425,7 @@ func TestLoad_FullConfig(t *testing.T) { opts.Overrides = append(opts.Overrides, versionSource("JNtPSav3", "R909Hblt", "ZT1JOQLn")) r, err := Load(opts) require.NoError(t, err) - assertDeepEqual(t, expected, r.RuntimeConfig) + prototest.AssertDeepEqual(t, expected, r.RuntimeConfig) require.ElementsMatch(t, expectedWarns, r.Warnings, "Warnings: %#v", r.Warnings) }) } diff --git a/agent/consul/auto_config_endpoint_test.go b/agent/consul/auto_config_endpoint_test.go index f81461bbb..676b126fd 100644 --- a/agent/consul/auto_config_endpoint_test.go +++ b/agent/consul/auto_config_endpoint_test.go @@ -23,6 +23,7 @@ import ( "github.com/hashicorp/consul/proto/pbautoconf" "github.com/hashicorp/consul/proto/pbconfig" "github.com/hashicorp/consul/proto/pbconnect" + "github.com/hashicorp/consul/proto/prototest" "github.com/hashicorp/consul/sdk/testutil" "github.com/hashicorp/consul/tlsutil" "github.com/hashicorp/consul/types" @@ -213,8 +214,8 @@ func TestAutoConfigInitialConfiguration(t *testing.T) { // ------------------------------------------------------------------------- type testCase struct { - request pbautoconf.AutoConfigRequest - expected pbautoconf.AutoConfigResponse + request *pbautoconf.AutoConfigRequest + expected *pbautoconf.AutoConfigResponse patchResponse func(t *testing.T, srv *Server, resp *pbautoconf.AutoConfigResponse) err string } @@ -223,13 +224,13 @@ func TestAutoConfigInitialConfiguration(t *testing.T) { cases := map[string]testCase{ "wrong-datacenter": { - request: pbautoconf.AutoConfigRequest{ + request: &pbautoconf.AutoConfigRequest{ Datacenter: "no-such-dc", }, err: `invalid datacenter "no-such-dc" - agent auto configuration cannot target a remote datacenter`, }, "unverifiable": { - request: pbautoconf.AutoConfigRequest{ + request: &pbautoconf.AutoConfigRequest{ Node: "test-node", // this is signed using an incorrect private key JWT: signJWTWithStandardClaims(t, altpriv, map[string]interface{}{"consul_node_name": "test-node"}), @@ -237,14 +238,14 @@ func TestAutoConfigInitialConfiguration(t *testing.T) { err: "Permission denied: Failed JWT authorization: no known key successfully validated the token signature", }, "claim-assertion-failed": { - request: pbautoconf.AutoConfigRequest{ + request: &pbautoconf.AutoConfigRequest{ Node: "test-node", JWT: signJWTWithStandardClaims(t, priv, map[string]interface{}{"wrong_claim": "test-node"}), }, err: "Permission denied: Failed JWT claim assertion", }, "bad-csr-id": { - request: pbautoconf.AutoConfigRequest{ + request: &pbautoconf.AutoConfigRequest{ Node: "test-node", JWT: signJWTWithStandardClaims(t, priv, map[string]interface{}{"consul_node_name": "test-node"}), CSR: altCSR, @@ -252,12 +253,12 @@ func TestAutoConfigInitialConfiguration(t *testing.T) { err: "Spiffe ID agent name (alt) of the certificate signing request is not for the correct node (test-node)", }, "good": { - request: pbautoconf.AutoConfigRequest{ + request: &pbautoconf.AutoConfigRequest{ Node: "test-node", JWT: signJWTWithStandardClaims(t, priv, map[string]interface{}{"consul_node_name": "test-node"}), CSR: csr, }, - expected: pbautoconf.AutoConfigResponse{ + expected: &pbautoconf.AutoConfigResponse{ CARoots: pbroots, ExtraCACertificates: []string{cacert}, Config: &pbconfig.Config{ @@ -323,16 +324,16 @@ func TestAutoConfigInitialConfiguration(t *testing.T) { for testName, tcase := range cases { t.Run(testName, func(t *testing.T) { - var reply pbautoconf.AutoConfigResponse - err := msgpackrpc.CallWithCodec(codec, "AutoConfig.InitialConfiguration", &tcase.request, &reply) + reply := &pbautoconf.AutoConfigResponse{} + err := msgpackrpc.CallWithCodec(codec, "AutoConfig.InitialConfiguration", &tcase.request, reply) if tcase.err != "" { testutil.RequireErrorContains(t, err, tcase.err) } else { require.NoError(t, err) if tcase.patchResponse != nil { - tcase.patchResponse(t, s, &reply) + tcase.patchResponse(t, s, reply) } - require.Equal(t, tcase.expected, reply) + prototest.AssertDeepEqual(t, tcase.expected, reply) } }) } @@ -342,7 +343,7 @@ func TestAutoConfig_baseConfig(t *testing.T) { type testCase struct { serverConfig Config opts AutoConfigOptions - expected pbautoconf.AutoConfigResponse + expected *pbautoconf.AutoConfigResponse err string } @@ -356,7 +357,7 @@ func TestAutoConfig_baseConfig(t *testing.T) { NodeName: "lBdc0lsH", SegmentName: "HZiwlWpi", }, - expected: pbautoconf.AutoConfigResponse{ + expected: &pbautoconf.AutoConfigResponse{ Config: &pbconfig.Config{ Datacenter: "oSWzfhnU", PrimaryDatacenter: "53XO9mx4", @@ -380,8 +381,8 @@ func TestAutoConfig_baseConfig(t *testing.T) { config: &tcase.serverConfig, } - actual := pbautoconf.AutoConfigResponse{Config: &pbconfig.Config{}} - err := ac.baseConfig(tcase.opts, &actual) + actual := &pbautoconf.AutoConfigResponse{Config: &pbconfig.Config{}} + err := ac.baseConfig(tcase.opts, actual) if tcase.err == "" { require.NoError(t, err) require.Equal(t, tcase.expected, actual) @@ -403,7 +404,7 @@ func TestAutoConfig_updateTLSSettingsInConfig(t *testing.T) { type testCase struct { tlsConfig tlsutil.Config - expected pbautoconf.AutoConfigResponse + expected *pbautoconf.AutoConfigResponse } cases := map[string]testCase{ @@ -417,7 +418,7 @@ func TestAutoConfig_updateTLSSettingsInConfig(t *testing.T) { CipherSuites: []types.TLSCipherSuite{"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}, }, }, - expected: pbautoconf.AutoConfigResponse{ + expected: &pbautoconf.AutoConfigResponse{ Config: &pbconfig.Config{ TLS: &pbconfig.TLS{ VerifyOutgoing: true, @@ -438,7 +439,7 @@ func TestAutoConfig_updateTLSSettingsInConfig(t *testing.T) { CipherSuites: []types.TLSCipherSuite{"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}, }, }, - expected: pbautoconf.AutoConfigResponse{ + expected: &pbautoconf.AutoConfigResponse{ Config: &pbconfig.Config{ TLS: &pbconfig.TLS{ VerifyOutgoing: true, @@ -461,8 +462,8 @@ func TestAutoConfig_updateTLSSettingsInConfig(t *testing.T) { tlsConfigurator: configurator, } - actual := pbautoconf.AutoConfigResponse{Config: &pbconfig.Config{}} - err = ac.updateTLSSettingsInConfig(AutoConfigOptions{}, &actual) + actual := &pbautoconf.AutoConfigResponse{Config: &pbconfig.Config{}} + err = ac.updateTLSSettingsInConfig(AutoConfigOptions{}, actual) require.NoError(t, err) require.Equal(t, tcase.expected, actual) }) @@ -472,7 +473,7 @@ func TestAutoConfig_updateTLSSettingsInConfig(t *testing.T) { func TestAutoConfig_updateGossipEncryptionInConfig(t *testing.T) { type testCase struct { conf memberlist.Config - expected pbautoconf.AutoConfigResponse + expected *pbautoconf.AutoConfigResponse } gossipKey := make([]byte, 32) @@ -492,7 +493,7 @@ func TestAutoConfig_updateGossipEncryptionInConfig(t *testing.T) { GossipVerifyIncoming: true, GossipVerifyOutgoing: true, }, - expected: pbautoconf.AutoConfigResponse{ + expected: &pbautoconf.AutoConfigResponse{ Config: &pbconfig.Config{ Gossip: &pbconfig.Gossip{ Encryption: &pbconfig.GossipEncryption{ @@ -510,7 +511,7 @@ func TestAutoConfig_updateGossipEncryptionInConfig(t *testing.T) { GossipVerifyIncoming: false, GossipVerifyOutgoing: false, }, - expected: pbautoconf.AutoConfigResponse{ + expected: &pbautoconf.AutoConfigResponse{ Config: &pbconfig.Config{ Gossip: &pbconfig.Gossip{ Encryption: &pbconfig.GossipEncryption{ @@ -525,7 +526,7 @@ func TestAutoConfig_updateGossipEncryptionInConfig(t *testing.T) { "encryption-disabled": { // zero values all around - if no keyring is configured then the gossip // encryption settings should not be set. - expected: pbautoconf.AutoConfigResponse{ + expected: &pbautoconf.AutoConfigResponse{ Config: &pbconfig.Config{}, }, }, @@ -540,8 +541,8 @@ func TestAutoConfig_updateGossipEncryptionInConfig(t *testing.T) { config: cfg, } - actual := pbautoconf.AutoConfigResponse{Config: &pbconfig.Config{}} - err := ac.updateGossipEncryptionInConfig(AutoConfigOptions{}, &actual) + actual := &pbautoconf.AutoConfigResponse{Config: &pbconfig.Config{}} + err := ac.updateGossipEncryptionInConfig(AutoConfigOptions{}, actual) require.NoError(t, err) require.Equal(t, tcase.expected, actual) }) @@ -617,7 +618,7 @@ func TestAutoConfig_updateTLSCertificatesInConfig(t *testing.T) { tlsConfig tlsutil.Config opts AutoConfigOptions - expected pbautoconf.AutoConfigResponse + expected *pbautoconf.AutoConfigResponse } cases := map[string]testCase{ @@ -634,7 +635,7 @@ func TestAutoConfig_updateTLSCertificatesInConfig(t *testing.T) { CipherSuites: []types.TLSCipherSuite{"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}, }, }, - expected: pbautoconf.AutoConfigResponse{ + expected: &pbautoconf.AutoConfigResponse{ CARoots: pbroots, ExtraCACertificates: []string{cacert}, Config: &pbconfig.Config{}, @@ -658,7 +659,7 @@ func TestAutoConfig_updateTLSCertificatesInConfig(t *testing.T) { CSR: csr, SpiffeID: &csrID, }, - expected: pbautoconf.AutoConfigResponse{ + expected: &pbautoconf.AutoConfigResponse{ Config: &pbconfig.Config{}, CARoots: pbroots, ExtraCACertificates: []string{cacert}, @@ -669,7 +670,7 @@ func TestAutoConfig_updateTLSCertificatesInConfig(t *testing.T) { serverConfig: Config{ ConnectEnabled: false, }, - expected: pbautoconf.AutoConfigResponse{ + expected: &pbautoconf.AutoConfigResponse{ Config: &pbconfig.Config{}, }, }, @@ -690,8 +691,8 @@ func TestAutoConfig_updateTLSCertificatesInConfig(t *testing.T) { backend: backend, } - actual := pbautoconf.AutoConfigResponse{Config: &pbconfig.Config{}} - err = ac.updateTLSCertificatesInConfig(tcase.opts, &actual) + actual := &pbautoconf.AutoConfigResponse{Config: &pbconfig.Config{}} + err = ac.updateTLSCertificatesInConfig(tcase.opts, actual) require.NoError(t, err) require.Equal(t, tcase.expected, actual) }) @@ -701,7 +702,7 @@ func TestAutoConfig_updateTLSCertificatesInConfig(t *testing.T) { func TestAutoConfig_updateACLsInConfig(t *testing.T) { type testCase struct { config Config - expected pbautoconf.AutoConfigResponse + expected *pbautoconf.AutoConfigResponse expectACLToken bool err error } @@ -729,7 +730,7 @@ func TestAutoConfig_updateACLsInConfig(t *testing.T) { ACLEnableKeyListPolicy: true, }, expectACLToken: true, - expected: pbautoconf.AutoConfigResponse{ + expected: &pbautoconf.AutoConfigResponse{ Config: &pbconfig.Config{ ACL: &pbconfig.ACL{ Enabled: true, @@ -761,7 +762,7 @@ func TestAutoConfig_updateACLsInConfig(t *testing.T) { ACLEnableKeyListPolicy: true, }, expectACLToken: false, - expected: pbautoconf.AutoConfigResponse{ + expected: &pbautoconf.AutoConfigResponse{ Config: &pbconfig.Config{ ACL: &pbconfig.ACL{ Enabled: false, @@ -820,8 +821,8 @@ func TestAutoConfig_updateACLsInConfig(t *testing.T) { ac := AutoConfig{config: &tcase.config, backend: backend} - actual := pbautoconf.AutoConfigResponse{Config: &pbconfig.Config{}} - err := ac.updateACLsInConfig(AutoConfigOptions{NodeName: "something"}, &actual) + actual := &pbautoconf.AutoConfigResponse{Config: &pbconfig.Config{}} + err := ac.updateACLsInConfig(AutoConfigOptions{NodeName: "something"}, actual) if tcase.err != nil { testutil.RequireErrorContains(t, err, tcase.err.Error()) } else { diff --git a/agent/consul/state/catalog_events_test.go b/agent/consul/state/catalog_events_test.go index 16269242e..bb17dae10 100644 --- a/agent/consul/state/catalog_events_test.go +++ b/agent/consul/state/catalog_events_test.go @@ -12,6 +12,7 @@ import ( "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/proto/pbsubscribe" + "github.com/hashicorp/consul/proto/prototest" "github.com/hashicorp/consul/types" ) @@ -162,7 +163,7 @@ func TestServiceHealthSnapshot(t *testing.T) { }), }, } - assertDeepEqual(t, expected, buf.events, cmpEvents) + prototest.AssertDeepEqual(t, expected, buf.events, cmpEvents) } func TestServiceHealthSnapshot_ConnectTopic(t *testing.T) { @@ -263,7 +264,7 @@ func TestServiceHealthSnapshot_ConnectTopic(t *testing.T) { }), }, } - assertDeepEqual(t, expected, buf.events, cmpEvents) + prototest.AssertDeepEqual(t, expected, buf.events, cmpEvents) } type snapshotAppender struct { @@ -1762,7 +1763,7 @@ func (tc eventsTestCase) run(t *testing.T) { } require.NoError(t, err) - assertDeepEqual(t, tc.WantEvents, got, cmpPartialOrderEvents, cmpopts.EquateEmpty()) + prototest.AssertDeepEqual(t, tc.WantEvents, got, cmpPartialOrderEvents, cmpopts.EquateEmpty()) } func runCase(t *testing.T, name string, fn func(t *testing.T)) bool { @@ -1855,13 +1856,6 @@ func evServiceIndex(idx uint64) func(e *stream.Event) error { } } -func assertDeepEqual(t *testing.T, x, y interface{}, opts ...cmp.Option) { - t.Helper() - if diff := cmp.Diff(x, y, opts...); diff != "" { - t.Fatalf("assertion failed: values are not equal\n--- expected\n+++ actual\n%v", diff) - } -} - // cmpPartialOrderEvents returns a compare option which sorts events so that // all events for a particular topic are grouped together. The sort is // stable so events with the same key retain their relative order. diff --git a/agent/consul/state/connect_ca_test.go b/agent/consul/state/connect_ca_test.go index 2b2349c2d..0a39e7632 100644 --- a/agent/consul/state/connect_ca_test.go +++ b/agent/consul/state/connect_ca_test.go @@ -4,6 +4,7 @@ import ( "reflect" "testing" + "github.com/hashicorp/consul/proto/prototest" "github.com/hashicorp/consul/sdk/testutil" "github.com/hashicorp/go-memdb" @@ -214,7 +215,7 @@ func TestStore_CARootSetList(t *testing.T) { assert.Nil(t, err) assert.Len(t, roots, 1) actual := roots[0] - assertDeepEqual(t, expected, *actual) + prototest.AssertDeepEqual(t, expected, *actual) } func TestStore_CARootSet_emptyID(t *testing.T) { diff --git a/agent/grpc/private/handler_test.go b/agent/grpc/private/handler_test.go index bb1a7f414..6edf82195 100644 --- a/agent/grpc/private/handler_test.go +++ b/agent/grpc/private/handler_test.go @@ -49,7 +49,7 @@ func TestHandler_PanicRecoveryInterceptor(t *testing.T) { resp, err := client.Something(ctx, &testservice.Req{}) expectedErr := status.Errorf(codes.Internal, "grpc: panic serving request") - require.Equal(t, expectedErr, err) + require.Equal(t, expectedErr.Error(), err.Error()) require.Nil(t, resp) // Read the log diff --git a/agent/grpc/private/internal/testservice/simple.pb.go b/agent/grpc/private/internal/testservice/simple.pb.go index bfd847a28..4f12adeb9 100644 --- a/agent/grpc/private/internal/testservice/simple.pb.go +++ b/agent/grpc/private/internal/testservice/simple.pb.go @@ -1,138 +1,238 @@ // Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.23.0 +// protoc v3.15.8 // source: agent/grpc/private/internal/testservice/simple.proto package testservice import ( context "context" - fmt "fmt" proto "github.com/golang/protobuf/proto" grpc "google.golang.org/grpc" codes "google.golang.org/grpc/codes" status "google.golang.org/grpc/status" - math "math" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" ) -// Reference imports to suppress errors if they are not otherwise used. -var _ = proto.Marshal -var _ = fmt.Errorf -var _ = math.Inf +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) -// This is a compile-time assertion to ensure that this generated file -// is compatible with the proto package it is being compiled against. -// A compilation error at this line likely means your copy of the -// proto package needs to be updated. -const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package +// This is a compile-time assertion that a sufficiently up-to-date version +// of the legacy proto package is being used. +const _ = proto.ProtoPackageIsVersion4 type Req struct { - Datacenter string `protobuf:"bytes,1,opt,name=Datacenter,proto3" json:"Datacenter,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Datacenter string `protobuf:"bytes,1,opt,name=Datacenter,proto3" json:"Datacenter,omitempty"` } -func (m *Req) Reset() { *m = Req{} } -func (m *Req) String() string { return proto.CompactTextString(m) } -func (*Req) ProtoMessage() {} +func (x *Req) Reset() { + *x = Req{} + if protoimpl.UnsafeEnabled { + mi := &file_agent_grpc_private_internal_testservice_simple_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Req) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Req) ProtoMessage() {} + +func (x *Req) ProtoReflect() protoreflect.Message { + mi := &file_agent_grpc_private_internal_testservice_simple_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Req.ProtoReflect.Descriptor instead. func (*Req) Descriptor() ([]byte, []int) { - return fileDescriptor_98af0751f806f450, []int{0} + return file_agent_grpc_private_internal_testservice_simple_proto_rawDescGZIP(), []int{0} } -func (m *Req) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_Req.Unmarshal(m, b) -} -func (m *Req) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_Req.Marshal(b, m, deterministic) -} -func (m *Req) XXX_Merge(src proto.Message) { - xxx_messageInfo_Req.Merge(m, src) -} -func (m *Req) XXX_Size() int { - return xxx_messageInfo_Req.Size(m) -} -func (m *Req) XXX_DiscardUnknown() { - xxx_messageInfo_Req.DiscardUnknown(m) -} - -var xxx_messageInfo_Req proto.InternalMessageInfo - -func (m *Req) GetDatacenter() string { - if m != nil { - return m.Datacenter +func (x *Req) GetDatacenter() string { + if x != nil { + return x.Datacenter } return "" } type Resp struct { - ServerName string `protobuf:"bytes,1,opt,name=ServerName,proto3" json:"ServerName,omitempty"` - Datacenter string `protobuf:"bytes,2,opt,name=Datacenter,proto3" json:"Datacenter,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + ServerName string `protobuf:"bytes,1,opt,name=ServerName,proto3" json:"ServerName,omitempty"` + Datacenter string `protobuf:"bytes,2,opt,name=Datacenter,proto3" json:"Datacenter,omitempty"` } -func (m *Resp) Reset() { *m = Resp{} } -func (m *Resp) String() string { return proto.CompactTextString(m) } -func (*Resp) ProtoMessage() {} +func (x *Resp) Reset() { + *x = Resp{} + if protoimpl.UnsafeEnabled { + mi := &file_agent_grpc_private_internal_testservice_simple_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Resp) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Resp) ProtoMessage() {} + +func (x *Resp) ProtoReflect() protoreflect.Message { + mi := &file_agent_grpc_private_internal_testservice_simple_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Resp.ProtoReflect.Descriptor instead. func (*Resp) Descriptor() ([]byte, []int) { - return fileDescriptor_98af0751f806f450, []int{1} + return file_agent_grpc_private_internal_testservice_simple_proto_rawDescGZIP(), []int{1} } -func (m *Resp) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_Resp.Unmarshal(m, b) -} -func (m *Resp) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_Resp.Marshal(b, m, deterministic) -} -func (m *Resp) XXX_Merge(src proto.Message) { - xxx_messageInfo_Resp.Merge(m, src) -} -func (m *Resp) XXX_Size() int { - return xxx_messageInfo_Resp.Size(m) -} -func (m *Resp) XXX_DiscardUnknown() { - xxx_messageInfo_Resp.DiscardUnknown(m) -} - -var xxx_messageInfo_Resp proto.InternalMessageInfo - -func (m *Resp) GetServerName() string { - if m != nil { - return m.ServerName +func (x *Resp) GetServerName() string { + if x != nil { + return x.ServerName } return "" } -func (m *Resp) GetDatacenter() string { - if m != nil { - return m.Datacenter +func (x *Resp) GetDatacenter() string { + if x != nil { + return x.Datacenter } return "" } -func init() { - proto.RegisterType((*Req)(nil), "testservice.Req") - proto.RegisterType((*Resp)(nil), "testservice.Resp") +var File_agent_grpc_private_internal_testservice_simple_proto protoreflect.FileDescriptor + +var file_agent_grpc_private_internal_testservice_simple_proto_rawDesc = []byte{ + 0x0a, 0x34, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2f, 0x67, 0x72, 0x70, 0x63, 0x2f, 0x70, 0x72, 0x69, + 0x76, 0x61, 0x74, 0x65, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x74, 0x65, + 0x73, 0x74, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2f, 0x73, 0x69, 0x6d, 0x70, 0x6c, 0x65, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0b, 0x74, 0x65, 0x73, 0x74, 0x73, 0x65, 0x72, 0x76, + 0x69, 0x63, 0x65, 0x22, 0x25, 0x0a, 0x03, 0x52, 0x65, 0x71, 0x12, 0x1e, 0x0a, 0x0a, 0x44, 0x61, + 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, + 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x22, 0x46, 0x0a, 0x04, 0x52, 0x65, + 0x73, 0x70, 0x12, 0x1e, 0x0a, 0x0a, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x4e, 0x61, + 0x6d, 0x65, 0x12, 0x1e, 0x0a, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, + 0x65, 0x72, 0x32, 0x6d, 0x0a, 0x06, 0x53, 0x69, 0x6d, 0x70, 0x6c, 0x65, 0x12, 0x32, 0x0a, 0x09, + 0x53, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x69, 0x6e, 0x67, 0x12, 0x10, 0x2e, 0x74, 0x65, 0x73, 0x74, + 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x52, 0x65, 0x71, 0x1a, 0x11, 0x2e, 0x74, 0x65, + 0x73, 0x74, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x52, 0x65, 0x73, 0x70, 0x22, 0x00, + 0x12, 0x2f, 0x0a, 0x04, 0x46, 0x6c, 0x6f, 0x77, 0x12, 0x10, 0x2e, 0x74, 0x65, 0x73, 0x74, 0x73, + 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x52, 0x65, 0x71, 0x1a, 0x11, 0x2e, 0x74, 0x65, 0x73, + 0x74, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x52, 0x65, 0x73, 0x70, 0x22, 0x00, 0x30, + 0x01, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } -func init() { - proto.RegisterFile("agent/grpc/private/internal/testservice/simple.proto", fileDescriptor_98af0751f806f450) +var ( + file_agent_grpc_private_internal_testservice_simple_proto_rawDescOnce sync.Once + file_agent_grpc_private_internal_testservice_simple_proto_rawDescData = file_agent_grpc_private_internal_testservice_simple_proto_rawDesc +) + +func file_agent_grpc_private_internal_testservice_simple_proto_rawDescGZIP() []byte { + file_agent_grpc_private_internal_testservice_simple_proto_rawDescOnce.Do(func() { + file_agent_grpc_private_internal_testservice_simple_proto_rawDescData = protoimpl.X.CompressGZIP(file_agent_grpc_private_internal_testservice_simple_proto_rawDescData) + }) + return file_agent_grpc_private_internal_testservice_simple_proto_rawDescData } -var fileDescriptor_98af0751f806f450 = []byte{ - // 189 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x8c, 0x8f, 0xcd, 0x0a, 0x82, 0x40, - 0x14, 0x85, 0xb3, 0x44, 0xf0, 0xb6, 0xa9, 0x59, 0x45, 0x8b, 0x08, 0x21, 0x68, 0xe5, 0x84, 0xf5, - 0x08, 0xe1, 0xb2, 0xc5, 0xf8, 0x04, 0x93, 0x5c, 0x6c, 0xc0, 0xf9, 0x71, 0xe6, 0x62, 0xaf, 0x1f, - 0x0a, 0x91, 0xb8, 0x6a, 0xfb, 0xdd, 0xef, 0x1e, 0xce, 0x81, 0x9b, 0x6c, 0xd0, 0x10, 0x6f, 0xbc, - 0xab, 0xb9, 0xf3, 0xaa, 0x97, 0x84, 0x5c, 0x19, 0x42, 0x6f, 0x64, 0xcb, 0x09, 0x03, 0x05, 0xf4, - 0xbd, 0xaa, 0x91, 0x07, 0xa5, 0x5d, 0x8b, 0xb9, 0xf3, 0x96, 0x2c, 0x5b, 0x4f, 0x2e, 0xd9, 0x09, - 0x56, 0x02, 0x3b, 0x76, 0x00, 0xb8, 0x4b, 0x92, 0x35, 0x0e, 0xdf, 0xbb, 0xe8, 0x18, 0x9d, 0x53, - 0x31, 0x21, 0x59, 0x09, 0xb1, 0xc0, 0xe0, 0x06, 0xaf, 0x42, 0xdf, 0xa3, 0x7f, 0x48, 0x8d, 0x5f, - 0xef, 0x47, 0x66, 0x39, 0xcb, 0x79, 0x4e, 0xa1, 0x21, 0xa9, 0xc6, 0x2e, 0xac, 0x80, 0xb4, 0xb2, - 0x1a, 0xe9, 0xa5, 0x4c, 0xc3, 0x36, 0xf9, 0xa4, 0x53, 0x2e, 0xb0, 0xdb, 0x6f, 0x67, 0x24, 0xb8, - 0x6c, 0xc1, 0x38, 0xc4, 0x65, 0x6b, 0xdf, 0x7f, 0xea, 0x97, 0xe8, 0x99, 0x8c, 0x8b, 0xaf, 0x9f, - 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0x5c, 0xf5, 0xcb, 0x29, 0x01, 0x00, 0x00, +var file_agent_grpc_private_internal_testservice_simple_proto_msgTypes = make([]protoimpl.MessageInfo, 2) +var file_agent_grpc_private_internal_testservice_simple_proto_goTypes = []interface{}{ + (*Req)(nil), // 0: testservice.Req + (*Resp)(nil), // 1: testservice.Resp +} +var file_agent_grpc_private_internal_testservice_simple_proto_depIdxs = []int32{ + 0, // 0: testservice.Simple.Something:input_type -> testservice.Req + 0, // 1: testservice.Simple.Flow:input_type -> testservice.Req + 1, // 2: testservice.Simple.Something:output_type -> testservice.Resp + 1, // 3: testservice.Simple.Flow:output_type -> testservice.Resp + 2, // [2:4] is the sub-list for method output_type + 0, // [0:2] is the sub-list for method input_type + 0, // [0:0] is the sub-list for extension type_name + 0, // [0:0] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_agent_grpc_private_internal_testservice_simple_proto_init() } +func file_agent_grpc_private_internal_testservice_simple_proto_init() { + if File_agent_grpc_private_internal_testservice_simple_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_agent_grpc_private_internal_testservice_simple_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Req); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_agent_grpc_private_internal_testservice_simple_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Resp); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_agent_grpc_private_internal_testservice_simple_proto_rawDesc, + NumEnums: 0, + NumMessages: 2, + NumExtensions: 0, + NumServices: 1, + }, + GoTypes: file_agent_grpc_private_internal_testservice_simple_proto_goTypes, + DependencyIndexes: file_agent_grpc_private_internal_testservice_simple_proto_depIdxs, + MessageInfos: file_agent_grpc_private_internal_testservice_simple_proto_msgTypes, + }.Build() + File_agent_grpc_private_internal_testservice_simple_proto = out.File + file_agent_grpc_private_internal_testservice_simple_proto_rawDesc = nil + file_agent_grpc_private_internal_testservice_simple_proto_goTypes = nil + file_agent_grpc_private_internal_testservice_simple_proto_depIdxs = nil } // Reference imports to suppress errors if they are not otherwise used. @@ -210,10 +310,10 @@ type SimpleServer interface { type UnimplementedSimpleServer struct { } -func (*UnimplementedSimpleServer) Something(ctx context.Context, req *Req) (*Resp, error) { +func (*UnimplementedSimpleServer) Something(context.Context, *Req) (*Resp, error) { return nil, status.Errorf(codes.Unimplemented, "method Something not implemented") } -func (*UnimplementedSimpleServer) Flow(req *Req, srv Simple_FlowServer) error { +func (*UnimplementedSimpleServer) Flow(*Req, Simple_FlowServer) error { return status.Errorf(codes.Unimplemented, "method Flow not implemented") } diff --git a/agent/grpc/private/services/subscribe/subscribe_test.go b/agent/grpc/private/services/subscribe/subscribe_test.go index aea7669c9..95df5fb13 100644 --- a/agent/grpc/private/services/subscribe/subscribe_test.go +++ b/agent/grpc/private/services/subscribe/subscribe_test.go @@ -10,7 +10,6 @@ import ( "testing" "time" - "github.com/google/go-cmp/cmp" "github.com/google/go-cmp/cmp/cmpopts" "github.com/hashicorp/go-hclog" "github.com/hashicorp/go-uuid" @@ -28,6 +27,7 @@ import ( "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/proto/pbservice" "github.com/hashicorp/consul/proto/pbsubscribe" + "github.com/hashicorp/consul/proto/prototest" "github.com/hashicorp/consul/types" ) @@ -206,7 +206,7 @@ func TestServer_Subscribe_IntegrationWithBackend(t *testing.T) { Payload: &pbsubscribe.Event_EndOfSnapshot{EndOfSnapshot: true}, }, } - assertDeepEqual(t, expected, snapshotEvents) + prototest.AssertDeepEqual(t, expected, snapshotEvents) }) runStep(t, "update the registration by adding a check", func(t *testing.T) { @@ -271,7 +271,7 @@ func TestServer_Subscribe_IntegrationWithBackend(t *testing.T) { }, }, } - assertDeepEqual(t, expectedEvent, event) + prototest.AssertDeepEqual(t, expectedEvent, event) }) } @@ -311,13 +311,6 @@ func getEvent(t *testing.T, ch chan eventOrError) *pbsubscribe.Event { return nil } -func assertDeepEqual(t *testing.T, x, y interface{}, opts ...cmp.Option) { - t.Helper() - if diff := cmp.Diff(x, y, opts...); diff != "" { - t.Fatalf("assertion failed: values are not equal\n--- expected\n+++ actual\n%v", diff) - } -} - type testBackend struct { store *state.Store authorizer func(token string, entMeta *structs.EnterpriseMeta) acl.Authorizer @@ -571,7 +564,7 @@ func TestServer_Subscribe_IntegrationWithBackend_ForwardToDC(t *testing.T) { Payload: &pbsubscribe.Event_EndOfSnapshot{EndOfSnapshot: true}, }, } - assertDeepEqual(t, expected, snapshotEvents) + prototest.AssertDeepEqual(t, expected, snapshotEvents) }) runStep(t, "update the registration by adding a check", func(t *testing.T) { @@ -636,7 +629,7 @@ func TestServer_Subscribe_IntegrationWithBackend_ForwardToDC(t *testing.T) { }, }, } - assertDeepEqual(t, expectedEvent, event) + prototest.AssertDeepEqual(t, expectedEvent, event) }) } @@ -949,20 +942,20 @@ func TestNewEventFromSteamEvent(t *testing.T) { type testCase struct { name string event stream.Event - expected pbsubscribe.Event + expected *pbsubscribe.Event } fn := func(t *testing.T, tc testCase) { expected := tc.expected actual := newEventFromStreamEvent(tc.event) - assertDeepEqual(t, &expected, actual, cmpopts.EquateEmpty()) + prototest.AssertDeepEqual(t, expected, actual, cmpopts.EquateEmpty()) } var testCases = []testCase{ { name: "end of snapshot", event: newEventFromSubscription(t, 0), - expected: pbsubscribe.Event{ + expected: &pbsubscribe.Event{ Index: 1, Payload: &pbsubscribe.Event_EndOfSnapshot{EndOfSnapshot: true}, }, @@ -970,7 +963,7 @@ func TestNewEventFromSteamEvent(t *testing.T) { { name: "new snapshot to follow", event: newEventFromSubscription(t, 22), - expected: pbsubscribe.Event{ + expected: &pbsubscribe.Event{ Payload: &pbsubscribe.Event_NewSnapshotToFollow{NewSnapshotToFollow: true}, }, }, @@ -1000,7 +993,7 @@ func TestNewEventFromSteamEvent(t *testing.T) { }, }), }, - expected: pbsubscribe.Event{ + expected: &pbsubscribe.Event{ Index: 2002, Payload: &pbsubscribe.Event_EventBatch{ EventBatch: &pbsubscribe.EventBatch{ @@ -1066,7 +1059,7 @@ func TestNewEventFromSteamEvent(t *testing.T) { }, }, }, - expected: pbsubscribe.Event{ + expected: &pbsubscribe.Event{ Index: 2002, Payload: &pbsubscribe.Event_ServiceHealth{ ServiceHealth: &pbsubscribe.ServiceHealthUpdate{ diff --git a/agent/grpc/private/stats_test.go b/agent/grpc/private/stats_test.go index 78e63647e..0d7268e4e 100644 --- a/agent/grpc/private/stats_test.go +++ b/agent/grpc/private/stats_test.go @@ -15,6 +15,7 @@ import ( "google.golang.org/grpc" "github.com/hashicorp/consul/agent/grpc/private/internal/testservice" + "github.com/hashicorp/consul/proto/prototest" "github.com/hashicorp/go-hclog" ) @@ -86,21 +87,14 @@ func TestHandler_EmitsStats(t *testing.T) { {key: []string{"testing", "grpc", "server", "connections"}, val: 0}, {key: []string{"testing", "grpc", "server", "streams"}, val: 0}, } - assertDeepEqual(t, expectedGauge, sink.gaugeCalls, cmpMetricCalls) + prototest.AssertDeepEqual(t, expectedGauge, sink.gaugeCalls, cmpMetricCalls) expectedCounter := []metricCall{ {key: []string{"testing", "grpc", "server", "connection", "count"}, val: 1}, {key: []string{"testing", "grpc", "server", "request", "count"}, val: 1}, {key: []string{"testing", "grpc", "server", "stream", "count"}, val: 1}, } - assertDeepEqual(t, expectedCounter, sink.incrCounterCalls, cmpMetricCalls) -} - -func assertDeepEqual(t *testing.T, x, y interface{}, opts ...cmp.Option) { - t.Helper() - if diff := cmp.Diff(x, y, opts...); diff != "" { - t.Fatalf("assertion failed: values are not equal\n--- expected\n+++ actual\n%v", diff) - } + prototest.AssertDeepEqual(t, expectedCounter, sink.incrCounterCalls, cmpMetricCalls) } func patchGlobalMetrics(t *testing.T) (*fakeMetricsSink, func()) { diff --git a/agent/rpcclient/health/view.go b/agent/rpcclient/health/view.go index 7ec0eca26..6343032d9 100644 --- a/agent/rpcclient/health/view.go +++ b/agent/rpcclient/health/view.go @@ -21,9 +21,9 @@ type MaterializerDeps struct { Logger hclog.Logger } -func newMaterializerRequest(srvReq structs.ServiceSpecificRequest) func(index uint64) pbsubscribe.SubscribeRequest { - return func(index uint64) pbsubscribe.SubscribeRequest { - req := pbsubscribe.SubscribeRequest{ +func newMaterializerRequest(srvReq structs.ServiceSpecificRequest) func(index uint64) *pbsubscribe.SubscribeRequest { + return func(index uint64) *pbsubscribe.SubscribeRequest { + req := &pbsubscribe.SubscribeRequest{ Topic: pbsubscribe.Topic_ServiceHealth, Key: srvReq.ServiceName, Token: srvReq.Token, diff --git a/agent/rpcclient/health/view_test.go b/agent/rpcclient/health/view_test.go index 96bae37a1..c2a7ea79b 100644 --- a/agent/rpcclient/health/view_test.go +++ b/agent/rpcclient/health/view_test.go @@ -20,6 +20,7 @@ import ( "github.com/hashicorp/consul/proto/pbcommon" "github.com/hashicorp/consul/proto/pbservice" "github.com/hashicorp/consul/proto/pbsubscribe" + "github.com/hashicorp/consul/proto/prototest" "github.com/hashicorp/consul/types" ) @@ -291,7 +292,7 @@ func TestHealthView_IntegrationWithStore_WithFullSnapshot(t *testing.T) { require.Equal(t, uint64(5), result.Index) expected := newExpectedNodes("node1", "node2", "node3") expected.Index = 5 - assertDeepEqual(t, expected, result.Value, cmpCheckServiceNodeNames) + prototest.AssertDeepEqual(t, expected, result.Value, cmpCheckServiceNodeNames) req.QueryOptions.MinQueryIndex = result.Index }) @@ -319,7 +320,7 @@ func TestHealthView_IntegrationWithStore_WithFullSnapshot(t *testing.T) { require.Equal(t, uint64(20), result.Index) expected := newExpectedNodes("node2", "node3") expected.Index = 20 - assertDeepEqual(t, expected, result.Value, cmpCheckServiceNodeNames) + prototest.AssertDeepEqual(t, expected, result.Value, cmpCheckServiceNodeNames) req.QueryOptions.MinQueryIndex = result.Index }) @@ -349,7 +350,7 @@ func TestHealthView_IntegrationWithStore_WithFullSnapshot(t *testing.T) { require.Equal(t, uint64(50), result.Index) expected := newExpectedNodes("node3", "node4", "node5") expected.Index = 50 - assertDeepEqual(t, expected, result.Value, cmpCheckServiceNodeNames) + prototest.AssertDeepEqual(t, expected, result.Value, cmpCheckServiceNodeNames) req.QueryOptions.MinQueryIndex = result.Index }) @@ -376,7 +377,7 @@ func TestHealthView_IntegrationWithStore_WithFullSnapshot(t *testing.T) { require.Equal(t, uint64(50), result.Index) expected := newExpectedNodes("node3", "node4", "node5") expected.Index = 50 - assertDeepEqual(t, expected, result.Value, cmpCheckServiceNodeNames) + prototest.AssertDeepEqual(t, expected, result.Value, cmpCheckServiceNodeNames) }) } @@ -399,13 +400,6 @@ var cmpCheckServiceNodeNames = cmp.Options{ }), } -func assertDeepEqual(t *testing.T, x, y interface{}, opts ...cmp.Option) { - t.Helper() - if diff := cmp.Diff(x, y, opts...); diff != "" { - t.Fatalf("assertion failed: values are not equal\n--- expected\n+++ actual\n%v", diff) - } -} - func TestHealthView_IntegrationWithStore_EventBatches(t *testing.T) { namespace := getNamespace("ns3") client := newStreamClient(validateNamespace(namespace)) @@ -444,7 +438,7 @@ func TestHealthView_IntegrationWithStore_EventBatches(t *testing.T) { expected := newExpectedNodes("node1", "node2", "node3") expected.Index = 5 - assertDeepEqual(t, expected, result.Value, cmpCheckServiceNodeNames) + prototest.AssertDeepEqual(t, expected, result.Value, cmpCheckServiceNodeNames) req.QueryOptions.MinQueryIndex = result.Index }) @@ -465,7 +459,7 @@ func TestHealthView_IntegrationWithStore_EventBatches(t *testing.T) { require.Equal(t, uint64(20), result.Index) expected := newExpectedNodes("node2", "node3", "node4") expected.Index = 20 - assertDeepEqual(t, expected, result.Value, cmpCheckServiceNodeNames) + prototest.AssertDeepEqual(t, expected, result.Value, cmpCheckServiceNodeNames) req.QueryOptions.MinQueryIndex = result.Index }) @@ -512,7 +506,7 @@ func TestHealthView_IntegrationWithStore_Filtering(t *testing.T) { require.Equal(t, uint64(5), result.Index) expected := newExpectedNodes("node2") expected.Index = 5 - assertDeepEqual(t, expected, result.Value, cmpCheckServiceNodeNames) + prototest.AssertDeepEqual(t, expected, result.Value, cmpCheckServiceNodeNames) req.QueryOptions.MinQueryIndex = result.Index }) @@ -532,7 +526,7 @@ func TestHealthView_IntegrationWithStore_Filtering(t *testing.T) { require.Equal(t, uint64(20), result.Index) expected := newExpectedNodes("node2") expected.Index = 20 - assertDeepEqual(t, expected, result.Value, cmpCheckServiceNodeNames) + prototest.AssertDeepEqual(t, expected, result.Value, cmpCheckServiceNodeNames) }) } diff --git a/agent/structs/structs.go b/agent/structs/structs.go index 80f27dd95..1a678f5c0 100644 --- a/agent/structs/structs.go +++ b/agent/structs/structs.go @@ -2566,19 +2566,12 @@ func Encode(t MessageType, msg interface{}) ([]byte, error) { return buf.Bytes(), err } -type ProtoMarshaller interface { - Size() int - MarshalTo([]byte) (int, error) - Unmarshal([]byte) error - ProtoMessage() -} - func EncodeProtoInterface(t MessageType, message interface{}) ([]byte, error) { if marshaller, ok := message.(proto.Message); ok { return EncodeProto(t, marshaller) } - return nil, fmt.Errorf("message does not implement the ProtoMarshaller interface: %T", message) + return nil, fmt.Errorf("message does not implement proto.Message: %T", message) } func EncodeProto(t MessageType, pb proto.Message) ([]byte, error) { diff --git a/agent/submatview/materializer.go b/agent/submatview/materializer.go index b830689e6..3b870d9e1 100644 --- a/agent/submatview/materializer.go +++ b/agent/submatview/materializer.go @@ -63,7 +63,7 @@ type Deps struct { Client StreamClient Logger hclog.Logger Waiter *retry.Waiter - Request func(index uint64) pbsubscribe.SubscribeRequest + Request func(index uint64) *pbsubscribe.SubscribeRequest } // StreamClient provides a subscription to state change events. @@ -136,13 +136,13 @@ func isNonTemporaryOrConsecutiveFailure(err error, failures int) bool { // runSubscription opens a new subscribe streaming call to the servers and runs // for it's lifetime or until the view is closed. -func (m *Materializer) runSubscription(ctx context.Context, req pbsubscribe.SubscribeRequest) error { +func (m *Materializer) runSubscription(ctx context.Context, req *pbsubscribe.SubscribeRequest) error { ctx, cancel := context.WithCancel(ctx) defer cancel() m.handler = initialHandler(req.Index) - s, err := m.deps.Client.Subscribe(ctx, &req) + s, err := m.deps.Client.Subscribe(ctx, req) if err != nil { return err } diff --git a/agent/submatview/store_test.go b/agent/submatview/store_test.go index 93b04d1e8..b177380d3 100644 --- a/agent/submatview/store_test.go +++ b/agent/submatview/store_test.go @@ -225,8 +225,8 @@ func (r *fakeRequest) NewMaterializer() (*Materializer, error) { View: &fakeView{srvs: make(map[string]*pbservice.CheckServiceNode)}, Client: r.client, Logger: hclog.New(nil), - Request: func(index uint64) pbsubscribe.SubscribeRequest { - req := pbsubscribe.SubscribeRequest{ + Request: func(index uint64) *pbsubscribe.SubscribeRequest { + req := &pbsubscribe.SubscribeRequest{ Topic: pbsubscribe.Topic_ServiceHealth, Key: "key", Token: "abcd", diff --git a/agent/xds/clusters.go b/agent/xds/clusters.go index 716c320d3..fac6d0cfd 100644 --- a/agent/xds/clusters.go +++ b/agent/xds/clusters.go @@ -10,6 +10,7 @@ import ( envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" envoy_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3" envoy_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" + envoy_upstreams_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/upstreams/http/v3" envoy_matcher_v3 "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3" envoy_type_v3 "github.com/envoyproxy/go-control-plane/envoy/type/v3" @@ -18,6 +19,7 @@ import ( "github.com/golang/protobuf/ptypes" "github.com/golang/protobuf/ptypes/any" "github.com/golang/protobuf/ptypes/wrappers" + "google.golang.org/protobuf/types/known/anypb" "github.com/hashicorp/consul/agent/connect" "github.com/hashicorp/consul/agent/proxycfg" @@ -486,7 +488,7 @@ func (s *ResourceGenerator) makeAppCluster(cfgSnap *proxycfg.ConfigSnapshot, nam protocol = cfg.Protocol } if protocol == "http2" || protocol == "grpc" { - c.Http2ProtocolOptions = &envoy_core_v3.Http2ProtocolOptions{} + s.setHttp2ProtocolOptions(c) } return c, err @@ -537,7 +539,7 @@ func (s *ResourceGenerator) makeUpstreamClusterForPreparedQuery(upstream structs OutlierDetection: ToOutlierDetection(cfg.PassiveHealthCheck), } if cfg.Protocol == "http2" || cfg.Protocol == "grpc" { - c.Http2ProtocolOptions = &envoy_core_v3.Http2ProtocolOptions{} + s.setHttp2ProtocolOptions(c) } } @@ -742,7 +744,7 @@ func (s *ResourceGenerator) makeUpstreamClustersForDiscoveryChain( } if proto == "http2" || proto == "grpc" { - c.Http2ProtocolOptions = &envoy_core_v3.Http2ProtocolOptions{} + s.setHttp2ProtocolOptions(c) } commonTLSContext := makeCommonTLSContextFromLeafWithoutParams(cfgSnap, cfgSnap.Leaf()) @@ -1037,3 +1039,21 @@ func injectLBToCluster(ec *structs.LoadBalancer, c *envoy_cluster_v3.Cluster) er } return nil } + +func (s *ResourceGenerator) setHttp2ProtocolOptions(c *envoy_cluster_v3.Cluster) { + typedExtensionProtocolOptions := &envoy_upstreams_v3.HttpProtocolOptions{ + UpstreamProtocolOptions: &envoy_upstreams_v3.HttpProtocolOptions_ExplicitHttpConfig_{ + ExplicitHttpConfig: &envoy_upstreams_v3.HttpProtocolOptions_ExplicitHttpConfig{ + ProtocolConfig: &envoy_upstreams_v3.HttpProtocolOptions_ExplicitHttpConfig_Http2ProtocolOptions{ + Http2ProtocolOptions: &envoy_core_v3.Http2ProtocolOptions{}, + }, + }, + }, + } + typedExtensionProtocolOptionsEncoded, err := anypb.New(typedExtensionProtocolOptions) + if err != nil { + s.Logger.Warn("failed to convert http protocol options to anypb") + } + c.TypedExtensionProtocolOptions = make(map[string]*anypb.Any) + c.TypedExtensionProtocolOptions["envoy.extensions.upstreams.http.v3.HttpProtocolOptions"] = typedExtensionProtocolOptionsEncoded +} diff --git a/agent/xds/testdata/clusters/connect-proxy-with-chain-and-overrides.envoy-1-20-x.golden b/agent/xds/testdata/clusters/connect-proxy-with-chain-and-overrides.envoy-1-20-x.golden index b0e4298f5..fd63324de 100644 --- a/agent/xds/testdata/clusters/connect-proxy-with-chain-and-overrides.envoy-1-20-x.golden +++ b/agent/xds/testdata/clusters/connect-proxy-with-chain-and-overrides.envoy-1-20-x.golden @@ -18,8 +18,15 @@ "circuitBreakers": { }, - "http2ProtocolOptions": { + "typedExtensionProtocolOptions": { + "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": { + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions", + "explicitHttpConfig": { + "http2ProtocolOptions": { + } + } + } }, "outlierDetection": { diff --git a/agent/xds/testdata/clusters/expose-paths-grpc-new-cluster-http1.envoy-1-20-x.golden b/agent/xds/testdata/clusters/expose-paths-grpc-new-cluster-http1.envoy-1-20-x.golden index 11d8684b4..b86715755 100644 --- a/agent/xds/testdata/clusters/expose-paths-grpc-new-cluster-http1.envoy-1-20-x.golden +++ b/agent/xds/testdata/clusters/expose-paths-grpc-new-cluster-http1.envoy-1-20-x.golden @@ -50,8 +50,15 @@ } ] }, - "http2ProtocolOptions": { + "typedExtensionProtocolOptions": { + "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": { + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions", + "explicitHttpConfig": { + "http2ProtocolOptions": { + } + } + } } } ], diff --git a/agent/xds/testdata/clusters/expose-paths-new-cluster-http2.envoy-1-20-x.golden b/agent/xds/testdata/clusters/expose-paths-new-cluster-http2.envoy-1-20-x.golden index 624b8d8e6..b42be025b 100644 --- a/agent/xds/testdata/clusters/expose-paths-new-cluster-http2.envoy-1-20-x.golden +++ b/agent/xds/testdata/clusters/expose-paths-new-cluster-http2.envoy-1-20-x.golden @@ -25,8 +25,15 @@ } ] }, - "http2ProtocolOptions": { + "typedExtensionProtocolOptions": { + "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": { + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions", + "explicitHttpConfig": { + "http2ProtocolOptions": { + } + } + } } }, { diff --git a/agent/xds/testdata/clusters/ingress-gateway-no-services.envoy-1-20-x.golden b/agent/xds/testdata/clusters/ingress-gateway-no-services.envoy-1-20-x.golden index 24861388e..cd8f56517 100644 --- a/agent/xds/testdata/clusters/ingress-gateway-no-services.envoy-1-20-x.golden +++ b/agent/xds/testdata/clusters/ingress-gateway-no-services.envoy-1-20-x.golden @@ -1,7 +1,5 @@ { "versionInfo": "00000001", - "resources": [ - ], "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", "nonce": "00000001" } \ No newline at end of file diff --git a/agent/xds/testdata/clusters/mesh-gateway-no-services.envoy-1-20-x.golden b/agent/xds/testdata/clusters/mesh-gateway-no-services.envoy-1-20-x.golden index 24861388e..cd8f56517 100644 --- a/agent/xds/testdata/clusters/mesh-gateway-no-services.envoy-1-20-x.golden +++ b/agent/xds/testdata/clusters/mesh-gateway-no-services.envoy-1-20-x.golden @@ -1,7 +1,5 @@ { "versionInfo": "00000001", - "resources": [ - ], "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", "nonce": "00000001" } \ No newline at end of file diff --git a/agent/xds/testdata/clusters/terminating-gateway-no-services.envoy-1-20-x.golden b/agent/xds/testdata/clusters/terminating-gateway-no-services.envoy-1-20-x.golden index 24861388e..cd8f56517 100644 --- a/agent/xds/testdata/clusters/terminating-gateway-no-services.envoy-1-20-x.golden +++ b/agent/xds/testdata/clusters/terminating-gateway-no-services.envoy-1-20-x.golden @@ -1,7 +1,5 @@ { "versionInfo": "00000001", - "resources": [ - ], "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", "nonce": "00000001" } \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/ingress-gateway-no-services.envoy-1-20-x.golden b/agent/xds/testdata/endpoints/ingress-gateway-no-services.envoy-1-20-x.golden index 4e316f149..8504dae2b 100644 --- a/agent/xds/testdata/endpoints/ingress-gateway-no-services.envoy-1-20-x.golden +++ b/agent/xds/testdata/endpoints/ingress-gateway-no-services.envoy-1-20-x.golden @@ -1,7 +1,5 @@ { "versionInfo": "00000001", - "resources": [ - ], "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", "nonce": "00000001" } \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/mesh-gateway-no-services.envoy-1-20-x.golden b/agent/xds/testdata/endpoints/mesh-gateway-no-services.envoy-1-20-x.golden index 4e316f149..8504dae2b 100644 --- a/agent/xds/testdata/endpoints/mesh-gateway-no-services.envoy-1-20-x.golden +++ b/agent/xds/testdata/endpoints/mesh-gateway-no-services.envoy-1-20-x.golden @@ -1,7 +1,5 @@ { "versionInfo": "00000001", - "resources": [ - ], "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", "nonce": "00000001" } \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/terminating-gateway-no-services.envoy-1-20-x.golden b/agent/xds/testdata/endpoints/terminating-gateway-no-services.envoy-1-20-x.golden index 4e316f149..8504dae2b 100644 --- a/agent/xds/testdata/endpoints/terminating-gateway-no-services.envoy-1-20-x.golden +++ b/agent/xds/testdata/endpoints/terminating-gateway-no-services.envoy-1-20-x.golden @@ -1,7 +1,5 @@ { "versionInfo": "00000001", - "resources": [ - ], "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", "nonce": "00000001" } \ No newline at end of file diff --git a/agent/xds/testdata/listeners/ingress-gateway-no-services.envoy-1-20-x.golden b/agent/xds/testdata/listeners/ingress-gateway-no-services.envoy-1-20-x.golden index c587fc277..53b67bb37 100644 --- a/agent/xds/testdata/listeners/ingress-gateway-no-services.envoy-1-20-x.golden +++ b/agent/xds/testdata/listeners/ingress-gateway-no-services.envoy-1-20-x.golden @@ -1,7 +1,5 @@ { "versionInfo": "00000001", - "resources": [ - ], "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", "nonce": "00000001" } \ No newline at end of file diff --git a/agent/xds/testdata/routes/defaults.envoy-1-20-x.golden b/agent/xds/testdata/routes/defaults.envoy-1-20-x.golden index 6bbc48e6d..9c050cbe6 100644 --- a/agent/xds/testdata/routes/defaults.envoy-1-20-x.golden +++ b/agent/xds/testdata/routes/defaults.envoy-1-20-x.golden @@ -1,7 +1,5 @@ { "versionInfo": "00000001", - "resources": [ - ], "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", "nonce": "00000001" } \ No newline at end of file diff --git a/agent/xds/testdata/routes/ingress-defaults-no-chain.envoy-1-20-x.golden b/agent/xds/testdata/routes/ingress-defaults-no-chain.envoy-1-20-x.golden index 6bbc48e6d..9c050cbe6 100644 --- a/agent/xds/testdata/routes/ingress-defaults-no-chain.envoy-1-20-x.golden +++ b/agent/xds/testdata/routes/ingress-defaults-no-chain.envoy-1-20-x.golden @@ -1,7 +1,5 @@ { "versionInfo": "00000001", - "resources": [ - ], "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", "nonce": "00000001" } \ No newline at end of file diff --git a/agent/xds/testdata/routes/ingress-with-chain-external-sni.envoy-1-20-x.golden b/agent/xds/testdata/routes/ingress-with-chain-external-sni.envoy-1-20-x.golden index 6bbc48e6d..9c050cbe6 100644 --- a/agent/xds/testdata/routes/ingress-with-chain-external-sni.envoy-1-20-x.golden +++ b/agent/xds/testdata/routes/ingress-with-chain-external-sni.envoy-1-20-x.golden @@ -1,7 +1,5 @@ { "versionInfo": "00000001", - "resources": [ - ], "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", "nonce": "00000001" } \ No newline at end of file diff --git a/agent/xds/testdata/routes/ingress-with-chain.envoy-1-20-x.golden b/agent/xds/testdata/routes/ingress-with-chain.envoy-1-20-x.golden index 6bbc48e6d..9c050cbe6 100644 --- a/agent/xds/testdata/routes/ingress-with-chain.envoy-1-20-x.golden +++ b/agent/xds/testdata/routes/ingress-with-chain.envoy-1-20-x.golden @@ -1,7 +1,5 @@ { "versionInfo": "00000001", - "resources": [ - ], "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", "nonce": "00000001" } \ No newline at end of file diff --git a/agent/xds/xds_protocol_helpers_test.go b/agent/xds/xds_protocol_helpers_test.go index 228cf543b..6f2863f31 100644 --- a/agent/xds/xds_protocol_helpers_test.go +++ b/agent/xds/xds_protocol_helpers_test.go @@ -18,6 +18,7 @@ import ( envoy_network_rbac_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/rbac/v3" envoy_tcp_proxy_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/tcp_proxy/v3" envoy_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" + envoy_upstreams_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/upstreams/http/v3" envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" envoy_type_v3 "github.com/envoyproxy/go-control-plane/envoy/type/v3" @@ -27,6 +28,7 @@ import ( "github.com/golang/protobuf/ptypes/wrappers" "github.com/mitchellh/copystructure" "github.com/stretchr/testify/require" + "google.golang.org/protobuf/types/known/anypb" "github.com/hashicorp/consul/agent/proxycfg" "github.com/hashicorp/consul/agent/structs" @@ -421,7 +423,7 @@ func makeTestCluster(t *testing.T, snap *proxycfg.ConfigSnapshot, fixtureName st TransportSocket: xdsNewUpstreamTransportSocket(t, snap, dbSNI, dbURI), } case "http2:db": - return &envoy_cluster_v3.Cluster{ + c := &envoy_cluster_v3.Cluster{ Name: dbSNI, ClusterDiscoveryType: &envoy_cluster_v3.Cluster_Type{ Type: envoy_cluster_v3.Cluster_EDS, @@ -435,10 +437,23 @@ func makeTestCluster(t *testing.T, snap *proxycfg.ConfigSnapshot, fixtureName st CommonLbConfig: &envoy_cluster_v3.Cluster_CommonLbConfig{ HealthyPanicThreshold: &envoy_type_v3.Percent{Value: 0}, }, - ConnectTimeout: ptypes.DurationProto(5 * time.Second), - TransportSocket: xdsNewUpstreamTransportSocket(t, snap, dbSNI, dbURI), - Http2ProtocolOptions: &envoy_core_v3.Http2ProtocolOptions{}, + ConnectTimeout: ptypes.DurationProto(5 * time.Second), + TransportSocket: xdsNewUpstreamTransportSocket(t, snap, dbSNI, dbURI), } + typedExtensionProtocolOptions := &envoy_upstreams_v3.HttpProtocolOptions{ + UpstreamProtocolOptions: &envoy_upstreams_v3.HttpProtocolOptions_ExplicitHttpConfig_{ + ExplicitHttpConfig: &envoy_upstreams_v3.HttpProtocolOptions_ExplicitHttpConfig{ + ProtocolConfig: &envoy_upstreams_v3.HttpProtocolOptions_ExplicitHttpConfig_Http2ProtocolOptions{ + Http2ProtocolOptions: &envoy_core_v3.Http2ProtocolOptions{}, + }, + }, + }, + } + typedExtensionProtocolOptionsEncoded, err := anypb.New(typedExtensionProtocolOptions) + require.NoError(t, err) + c.TypedExtensionProtocolOptions = make(map[string]*anypb.Any) + c.TypedExtensionProtocolOptions["envoy.extensions.upstreams.http.v3.HttpProtocolOptions"] = typedExtensionProtocolOptionsEncoded + return c case "http:db": return &envoy_cluster_v3.Cluster{ Name: dbSNI, diff --git a/agent/xds/z_xds_packages.go b/agent/xds/z_xds_packages.go index 2c781214a..4528e3ae2 100644 --- a/agent/xds/z_xds_packages.go +++ b/agent/xds/z_xds_packages.go @@ -5,6 +5,7 @@ package xds import ( _ "github.com/envoyproxy/go-control-plane/envoy/admin/v2alpha" _ "github.com/envoyproxy/go-control-plane/envoy/admin/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/admin/v4alpha" _ "github.com/envoyproxy/go-control-plane/envoy/annotations" _ "github.com/envoyproxy/go-control-plane/envoy/api/v2" _ "github.com/envoyproxy/go-control-plane/envoy/api/v2/auth" @@ -16,15 +17,21 @@ import ( _ "github.com/envoyproxy/go-control-plane/envoy/api/v2/route" _ "github.com/envoyproxy/go-control-plane/envoy/config/accesslog/v2" _ "github.com/envoyproxy/go-control-plane/envoy/config/accesslog/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/config/accesslog/v4alpha" _ "github.com/envoyproxy/go-control-plane/envoy/config/bootstrap/v2" _ "github.com/envoyproxy/go-control-plane/envoy/config/bootstrap/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/config/bootstrap/v4alpha" _ "github.com/envoyproxy/go-control-plane/envoy/config/cluster/aggregate/v2alpha" _ "github.com/envoyproxy/go-control-plane/envoy/config/cluster/dynamic_forward_proxy/v2alpha" _ "github.com/envoyproxy/go-control-plane/envoy/config/cluster/redis" _ "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v4alpha" _ "github.com/envoyproxy/go-control-plane/envoy/config/common/dynamic_forward_proxy/v2alpha" + _ "github.com/envoyproxy/go-control-plane/envoy/config/common/matcher/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/config/common/matcher/v4alpha" _ "github.com/envoyproxy/go-control-plane/envoy/config/common/tap/v2alpha" _ "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/config/core/v4alpha" _ "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3" _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/accesslog/v2" _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/dubbo/router/v2alpha1" @@ -83,21 +90,24 @@ import ( _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/network/zookeeper_proxy/v1alpha1" _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/thrift/rate_limit/v2alpha1" _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/thrift/router/v2alpha1" - _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/udp/dns_filter/v2alpha" _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/udp/udp_proxy/v2alpha" _ "github.com/envoyproxy/go-control-plane/envoy/config/grpc_credential/v2alpha" _ "github.com/envoyproxy/go-control-plane/envoy/config/grpc_credential/v3" _ "github.com/envoyproxy/go-control-plane/envoy/config/health_checker/redis/v2" _ "github.com/envoyproxy/go-control-plane/envoy/config/listener/v2" _ "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/config/listener/v4alpha" _ "github.com/envoyproxy/go-control-plane/envoy/config/metrics/v2" _ "github.com/envoyproxy/go-control-plane/envoy/config/metrics/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/config/metrics/v4alpha" _ "github.com/envoyproxy/go-control-plane/envoy/config/overload/v2alpha" _ "github.com/envoyproxy/go-control-plane/envoy/config/overload/v3" _ "github.com/envoyproxy/go-control-plane/envoy/config/ratelimit/v2" _ "github.com/envoyproxy/go-control-plane/envoy/config/ratelimit/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/config/ratelimit/v4alpha" _ "github.com/envoyproxy/go-control-plane/envoy/config/rbac/v2" _ "github.com/envoyproxy/go-control-plane/envoy/config/rbac/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/config/rbac/v4alpha" _ "github.com/envoyproxy/go-control-plane/envoy/config/resource_monitor/fixed_heap/v2alpha" _ "github.com/envoyproxy/go-control-plane/envoy/config/resource_monitor/injected_resource/v2alpha" _ "github.com/envoyproxy/go-control-plane/envoy/config/retry/omit_canary_hosts/v2" @@ -105,14 +115,16 @@ import ( _ "github.com/envoyproxy/go-control-plane/envoy/config/retry/previous_hosts/v2" _ "github.com/envoyproxy/go-control-plane/envoy/config/retry/previous_priorities" _ "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/config/route/v4alpha" _ "github.com/envoyproxy/go-control-plane/envoy/config/tap/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/config/tap/v4alpha" _ "github.com/envoyproxy/go-control-plane/envoy/config/trace/v2" _ "github.com/envoyproxy/go-control-plane/envoy/config/trace/v2alpha" _ "github.com/envoyproxy/go-control-plane/envoy/config/trace/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/config/trace/v4alpha" _ "github.com/envoyproxy/go-control-plane/envoy/config/transport_socket/alts/v2alpha" _ "github.com/envoyproxy/go-control-plane/envoy/config/transport_socket/raw_buffer/v2" _ "github.com/envoyproxy/go-control-plane/envoy/config/transport_socket/tap/v2alpha" - _ "github.com/envoyproxy/go-control-plane/envoy/config/wasm/v2alpha" _ "github.com/envoyproxy/go-control-plane/envoy/data/accesslog/v2" _ "github.com/envoyproxy/go-control-plane/envoy/data/accesslog/v3" _ "github.com/envoyproxy/go-control-plane/envoy/data/cluster/v2alpha" @@ -121,48 +133,88 @@ import ( _ "github.com/envoyproxy/go-control-plane/envoy/data/core/v3" _ "github.com/envoyproxy/go-control-plane/envoy/data/dns/v2alpha" _ "github.com/envoyproxy/go-control-plane/envoy/data/dns/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/data/dns/v4alpha" _ "github.com/envoyproxy/go-control-plane/envoy/data/tap/v2alpha" _ "github.com/envoyproxy/go-control-plane/envoy/data/tap/v3" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/access_loggers/file/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/access_loggers/file/v4alpha" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/access_loggers/grpc/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/access_loggers/grpc/v4alpha" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/access_loggers/open_telemetry/v3alpha" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/access_loggers/open_telemetry/v4alpha" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/access_loggers/stream/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/access_loggers/stream/v4alpha" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/access_loggers/wasm/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/cache/simple_http_cache/v3alpha" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/clusters/aggregate/v3" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/clusters/dynamic_forward_proxy/v3" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/clusters/redis/v3" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/common/dynamic_forward_proxy/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/common/matching/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/common/matching/v4alpha" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/common/ratelimit/v3" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/common/tap/v3" - _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filter/udp/dns_filter/v3alpha" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/common/tap/v4alpha" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/compression/brotli/compressor/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/compression/brotli/decompressor/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/compression/gzip/compressor/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/compression/gzip/decompressor/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/common/dependency/v3" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/common/fault/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/common/matcher/action/v3" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/adaptive_concurrency/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/admission_control/v3alpha" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/aws_lambda/v3" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/aws_request_signing/v3" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/buffer/v3" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/cache/v3alpha" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/cache/v4alpha" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/cdn_loop/v3alpha" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/composite/v3" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/compressor/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/compressor/v4alpha" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/cors/v3" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/csrf/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/csrf/v4alpha" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/decompressor/v3" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/dynamic_forward_proxy/v3" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/dynamo/v3" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/ext_authz/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/ext_authz/v4alpha" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/ext_proc/v3alpha" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/fault/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/fault/v4alpha" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/grpc_http1_bridge/v3" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/grpc_http1_reverse_bridge/v3" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/grpc_json_transcoder/v3" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/grpc_stats/v3" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/grpc_web/v3" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/gzip/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/gzip/v4alpha" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/header_to_metadata/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/header_to_metadata/v4alpha" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/health_check/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/health_check/v4alpha" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/ip_tagging/v3" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/jwt_authn/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/jwt_authn/v4alpha" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/kill_request/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/local_ratelimit/v3" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/lua/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/oauth2/v3alpha" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/oauth2/v4alpha" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/on_demand/v3" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/original_src/v3" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/ratelimit/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/ratelimit/v4alpha" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/rbac/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/rbac/v4alpha" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/router/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/router/v4alpha" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/squash/v3" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/tap/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/tap/v4alpha" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/wasm/v3" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/listener/http_inspector/v3" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/listener/original_dst/v3" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/listener/original_src/v3" @@ -172,45 +224,110 @@ import ( _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/direct_response/v3" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/dubbo_proxy/router/v3" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/dubbo_proxy/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/dubbo_proxy/v4alpha" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/echo/v3" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/ext_authz/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/ext_authz/v4alpha" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v4alpha" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/kafka_broker/v3" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/local_ratelimit/v3" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/mongo_proxy/v3" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/mysql_proxy/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/postgres_proxy/v3alpha" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/ratelimit/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/ratelimit/v4alpha" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/rbac/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/rbac/v4alpha" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/redis_proxy/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/rocketmq_proxy/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/rocketmq_proxy/v4alpha" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/sni_cluster/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/sni_dynamic_forward_proxy/v3alpha" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/tcp_proxy/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/tcp_proxy/v4alpha" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/thrift_proxy/filters/ratelimit/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/thrift_proxy/filters/ratelimit/v4alpha" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/thrift_proxy/router/v3" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/thrift_proxy/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/thrift_proxy/v4alpha" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/wasm/v3" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/zookeeper_proxy/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/udp/dns_filter/v3alpha" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/udp/dns_filter/v4alpha" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/udp/udp_proxy/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/health_checkers/redis/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/http/header_formatters/preserve_case/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/http/original_ip_detection/custom_header/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/http/original_ip_detection/xff/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/internal_redirect/allow_listed_routes/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/internal_redirect/previous_routes/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/internal_redirect/safe_cross_scheme/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/matching/common_inputs/environment_variable/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/matching/input_matchers/consistent_hashing/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/network/socket_interface/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/rate_limit_descriptors/expr/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/request_id/uuid/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/resource_monitors/fixed_heap/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/resource_monitors/injected_resource/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/retry/host/omit_canary_hosts/v3" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/retry/host/omit_host_metadata/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/retry/host/previous_hosts/v3" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/retry/priority/previous_priorities/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/stat_sinks/wasm/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/tracers/datadog/v4alpha" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/tracers/dynamic_ot/v4alpha" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/tracers/lightstep/v4alpha" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/tracers/opencensus/v4alpha" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/tracers/skywalking/v4alpha" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/tracers/xray/v4alpha" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/tracers/zipkin/v4alpha" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/alts/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/proxy_protocol/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/quic/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/quic/v4alpha" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/raw_buffer/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/s2a/v3alpha" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/starttls/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/starttls/v4alpha" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tap/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tap/v4alpha" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v4alpha" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/upstreams/http/generic/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/upstreams/http/http/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/upstreams/http/tcp/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/upstreams/http/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/upstreams/http/v4alpha" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/upstreams/tcp/generic/v3" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/wasm/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/watchdog/profile_action/v3alpha" _ "github.com/envoyproxy/go-control-plane/envoy/service/accesslog/v2" _ "github.com/envoyproxy/go-control-plane/envoy/service/accesslog/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/service/accesslog/v4alpha" _ "github.com/envoyproxy/go-control-plane/envoy/service/auth/v2" _ "github.com/envoyproxy/go-control-plane/envoy/service/auth/v2alpha" _ "github.com/envoyproxy/go-control-plane/envoy/service/auth/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/service/auth/v4alpha" _ "github.com/envoyproxy/go-control-plane/envoy/service/cluster/v3" _ "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v2" _ "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v4alpha" _ "github.com/envoyproxy/go-control-plane/envoy/service/endpoint/v3" _ "github.com/envoyproxy/go-control-plane/envoy/service/event_reporting/v2alpha" _ "github.com/envoyproxy/go-control-plane/envoy/service/event_reporting/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/service/event_reporting/v4alpha" + _ "github.com/envoyproxy/go-control-plane/envoy/service/ext_proc/v3alpha" + _ "github.com/envoyproxy/go-control-plane/envoy/service/extension/v3" _ "github.com/envoyproxy/go-control-plane/envoy/service/health/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/service/health/v4alpha" _ "github.com/envoyproxy/go-control-plane/envoy/service/listener/v3" _ "github.com/envoyproxy/go-control-plane/envoy/service/load_stats/v2" _ "github.com/envoyproxy/go-control-plane/envoy/service/load_stats/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/service/load_stats/v4alpha" _ "github.com/envoyproxy/go-control-plane/envoy/service/metrics/v2" _ "github.com/envoyproxy/go-control-plane/envoy/service/metrics/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/service/metrics/v4alpha" _ "github.com/envoyproxy/go-control-plane/envoy/service/ratelimit/v2" _ "github.com/envoyproxy/go-control-plane/envoy/service/ratelimit/v3" _ "github.com/envoyproxy/go-control-plane/envoy/service/route/v3" @@ -218,16 +335,22 @@ import ( _ "github.com/envoyproxy/go-control-plane/envoy/service/secret/v3" _ "github.com/envoyproxy/go-control-plane/envoy/service/status/v2" _ "github.com/envoyproxy/go-control-plane/envoy/service/status/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/service/status/v4alpha" _ "github.com/envoyproxy/go-control-plane/envoy/service/tap/v2alpha" _ "github.com/envoyproxy/go-control-plane/envoy/service/tap/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/service/tap/v4alpha" _ "github.com/envoyproxy/go-control-plane/envoy/service/trace/v2" _ "github.com/envoyproxy/go-control-plane/envoy/service/trace/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/service/trace/v4alpha" _ "github.com/envoyproxy/go-control-plane/envoy/type" + _ "github.com/envoyproxy/go-control-plane/envoy/type/http/v3" _ "github.com/envoyproxy/go-control-plane/envoy/type/matcher" _ "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v4alpha" _ "github.com/envoyproxy/go-control-plane/envoy/type/metadata/v2" _ "github.com/envoyproxy/go-control-plane/envoy/type/metadata/v3" _ "github.com/envoyproxy/go-control-plane/envoy/type/tracing/v2" _ "github.com/envoyproxy/go-control-plane/envoy/type/tracing/v3" _ "github.com/envoyproxy/go-control-plane/envoy/type/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/watchdog/v3alpha" ) diff --git a/build-support/scripts/envoy-library-references.sh b/build-support/scripts/envoy-library-references.sh index b91285fa5..819f01e01 100644 --- a/build-support/scripts/envoy-library-references.sh +++ b/build-support/scripts/envoy-library-references.sh @@ -66,5 +66,5 @@ goimports -w "${OUTFILE}" mv -f "${OUTFILE}" ../../agent/xds ) -echo "updating vendored code..." -make update-vendor +echo "tidying dependencies..." +make go-mod-tidy diff --git a/build-support/scripts/proto-gen.sh b/build-support/scripts/proto-gen.sh index 022b2ff44..eff35b09a 100755 --- a/build-support/scripts/proto-gen.sh +++ b/build-support/scripts/proto-gen.sh @@ -147,13 +147,9 @@ function main { return 1 fi - BUILD_TAGS=$(sed -e '/^[[:space:]]*$/,$d' < "${proto_path}" | grep '// +build') + BUILD_TAGS=$(head -n 2 "${proto_path}" | grep '^//go:build\|// +build') if test -n "${BUILD_TAGS}" then - echo -e "${BUILD_TAGS}\n" >> "${proto_go_path}.new" - cat "${proto_go_path}" >> "${proto_go_path}.new" - mv "${proto_go_path}.new" "${proto_go_path}" - echo -e "${BUILD_TAGS}\n" >> "${proto_go_bin_path}.new" cat "${proto_go_bin_path}" >> "${proto_go_bin_path}.new" mv "${proto_go_bin_path}.new" "${proto_go_bin_path}" diff --git a/connect/tls_test.go b/connect/tls_test.go index 46d20a466..9659cf5be 100644 --- a/connect/tls_test.go +++ b/connect/tls_test.go @@ -12,6 +12,7 @@ import ( "github.com/hashicorp/consul/agent" "github.com/hashicorp/consul/agent/connect" "github.com/hashicorp/consul/api" + "github.com/hashicorp/consul/proto/prototest" "github.com/hashicorp/consul/sdk/testutil" "github.com/hashicorp/consul/testrpc" ) @@ -265,7 +266,7 @@ func TestServerSideVerifier(t *testing.T) { // allows expecting a leaf cert different from the one in expect func requireEqualTLSConfig(t *testing.T, expect, got *tls.Config) { require.Equal(t, expect.RootCAs, got.RootCAs) - assertDeepEqual(t, expect.ClientCAs, got.ClientCAs, cmpCertPool) + prototest.AssertDeepEqual(t, expect.ClientCAs, got.ClientCAs, cmpCertPool) require.Equal(t, expect.InsecureSkipVerify, got.InsecureSkipVerify) require.Equal(t, expect.MinVersion, got.MinVersion) require.Equal(t, expect.CipherSuites, got.CipherSuites) @@ -298,13 +299,6 @@ var cmpCertPool = cmp.Comparer(func(x, y *x509.CertPool) bool { return cmp.Equal(x.Subjects(), y.Subjects()) }) -func assertDeepEqual(t *testing.T, x, y interface{}, opts ...cmp.Option) { - t.Helper() - if diff := cmp.Diff(x, y, opts...); diff != "" { - t.Fatalf("assertion failed: values are not equal\n--- expected\n+++ actual\n%v", diff) - } -} - // requireCorrectVerifier invokes got.VerifyPeerCertificate and expects the // tls.Config arg to be returned on the provided channel. This ensures the // correct verifier func was attached to got. diff --git a/go.mod b/go.mod index 9f43af2bb..456623d40 100644 --- a/go.mod +++ b/go.mod @@ -9,6 +9,7 @@ replace github.com/hashicorp/consul/sdk => ./sdk replace launchpad.net/gocheck => github.com/go-check/check v0.0.0-20140225173054-eb6ee6f84d0a require ( + cloud.google.com/go v0.59.0 // indirect github.com/Microsoft/go-winio v0.4.3 // indirect github.com/NYTimes/gziphandler v1.0.1 github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e @@ -20,11 +21,11 @@ require ( github.com/digitalocean/godo v1.10.0 // indirect github.com/docker/go-connections v0.3.0 github.com/elazarl/go-bindata-assetfs v0.0.0-20160803192304-e1a2a7ec64b0 - github.com/envoyproxy/go-control-plane v0.9.5 + github.com/envoyproxy/go-control-plane v0.9.9 github.com/frankban/quicktest v1.11.0 // indirect github.com/fsnotify/fsnotify v1.5.1 github.com/gogo/protobuf v1.3.2 // indirect - github.com/golang/protobuf v1.3.5 + github.com/golang/protobuf v1.4.3 github.com/google/go-cmp v0.5.6 github.com/google/go-querystring v1.0.0 // indirect github.com/google/gofuzz v1.2.0 @@ -83,18 +84,16 @@ require ( github.com/shirou/gopsutil/v3 v3.21.10 github.com/stretchr/testify v1.7.0 go.etcd.io/bbolt v1.3.5 - go.opencensus.io v0.22.0 // indirect go.uber.org/goleak v1.1.10 golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a golang.org/x/net v0.0.0-20211216030914-fe4d6282115f - golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45 + golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d golang.org/x/sync v0.0.0-20210220032951-036812b2e83c golang.org/x/sys v0.0.0-20211013075003-97ac67df715c golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e - google.golang.org/api v0.9.0 // indirect - google.golang.org/appengine v1.6.0 // indirect - google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55 - google.golang.org/grpc v1.27.1 + google.golang.org/genproto v0.0.0-20200623002339-fbb79eadd5eb + google.golang.org/grpc v1.36.0 + google.golang.org/protobuf v1.25.0 gopkg.in/square/go-jose.v2 v2.5.1 gotest.tools/v3 v3.0.3 k8s.io/api v0.18.2 diff --git a/go.sum b/go.sum index 972a1634c..bf61a6bf0 100644 --- a/go.sum +++ b/go.sum @@ -1,7 +1,35 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.38.0 h1:ROfEUZz+Gh5pa62DJWXSaonyu3StP6EA6lPEXPI6mCo= cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= +cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU= +cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= +cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc= +cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0= +cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To= +cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4= +cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M= +cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc= +cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk= +cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs= +cloud.google.com/go v0.59.0 h1:BM3svUDU3itpc2m5cu5wCyThIYNDlFlts9GASw31GW8= +cloud.google.com/go v0.59.0/go.mod h1:qJxNOVCRTxHfwLhvDxxSI9vQc1zI59b9pEglp1Iv60E= +cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= +cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= +cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= +cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= +cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= +cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= +cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= +cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= +cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= +cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= +cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= +cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= +cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= +cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= +cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= +cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= +dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= github.com/Azure/azure-sdk-for-go v44.0.0+incompatible h1:e82Yv2HNpS0kuyeCrV29OPKvEiqfs2/uJHic3/3iKdg= github.com/Azure/azure-sdk-for-go v44.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs= @@ -34,6 +62,7 @@ github.com/Azure/go-autorest/tracing v0.5.0/go.mod h1:r/s2XiOKccPW3HrqB+W0TQzfbt github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo= github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= +github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/DataDog/datadog-go v2.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= github.com/DataDog/datadog-go v3.2.0+incompatible h1:qSG2N4FghB1He/r2mFrWKCaL7dXCilEuNEeAn20fdD4= github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= @@ -53,6 +82,7 @@ github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuy github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= +github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e h1:QEF07wC0T1rKkctt1RINW/+RMTVmiwxETico2l3gxJA= github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= @@ -91,8 +121,10 @@ github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6D github.com/circonus-labs/circonusllhist v0.1.3 h1:TJH+oke8D16535+jHExHj4nQvzlZrj7ug5D7I/orNUA= github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/cncf/udpa/go v0.0.0-20200313221541-5f7e5dd04533 h1:8wZizuKuZVu5COB7EsBYxBQz8nRcXXn5d4Gt91eJLvU= -github.com/cncf/udpa/go v0.0.0-20200313221541-5f7e5dd04533/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= +github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= +github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= +github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed h1:OZmjad4L3H8ncOIR8rnb5MREYqG8ixi5+WbeUsquF0c= +github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cockroachdb/apd v1.1.0/go.mod h1:8Sl8LxpKi29FqWXR16WEFZRNSz3SoPzUzeMeY4+DwBQ= github.com/coredns/coredns v1.1.2 h1:bAFHrSsBeTeRG5W3Nf2su3lUGw7Npw2UKeCJm/3A638= github.com/coredns/coredns v1.1.2/go.mod h1:zASH/MVDgR6XZTbxvOnsZfffS+31vg6Ackf/wo1+AM0= @@ -131,8 +163,10 @@ github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkg github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/go-control-plane v0.9.5 h1:lRJIqDD8yjV1YyPRqecMdytjDLs2fTXq363aCib5xPU= -github.com/envoyproxy/go-control-plane v0.9.5/go.mod h1:OXl5to++W0ctG+EHWTFUjiypVxC/Y4VLc/KFU+al13s= +github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= +github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= +github.com/envoyproxy/go-control-plane v0.9.9 h1:vQLjymTobffN2R0F8eTqw6q7iozfRO5Z0m+/4Vw+/uA= +github.com/envoyproxy/go-control-plane v0.9.9/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= github.com/envoyproxy/protoc-gen-validate v0.1.0 h1:EQciDnbrYxy13PgWoY8AqoxGiPrpgBZ1R8UNe3ddc+A= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/evanphx/json-patch v4.2.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= @@ -148,6 +182,9 @@ github.com/fsnotify/fsnotify v1.5.1/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5 github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/go-asn1-ber/asn1-ber v1.3.1/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0= +github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= +github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= +github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-ldap/ldap/v3 v3.1.3/go.mod h1:3rbOH3jRS2u6jg2rJnKAMLE/xQyCKIveG2Sa/Cohzb8= @@ -170,18 +207,35 @@ github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zV github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e h1:1r7pUrabqp18hOBcwBwiTsbnFeTZHV9eER/QT5JVZxY= +github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= +github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= +github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= +github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= +github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= github.com/golang/protobuf v0.0.0-20161109072736-4bd1920723d7/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.5 h1:F768QJ1E9tib+q5Sc8MkdJi1RxLTbRcTf8LJV56aRls= +github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= +github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk= +github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= +github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= +github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= +github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= +github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= +github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= +github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= +github.com/golang/protobuf v1.4.3 h1:JjCZWpVbqXDqFVmTfYWEVTMIYrL/NPdPSCHPJ0T/raM= +github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/snappy v0.0.1 h1:Qgr9rKW7uDUkrbSmQeiDsGa8SjGyCOGtuasMWwvp2P4= github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= @@ -191,6 +245,8 @@ github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5a github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ= github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= @@ -203,11 +259,19 @@ github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= +github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= +github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20200507031123-427632fa3b1c/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22 h1:ub2sxhs2A0HRa2dWHavvmWxiVGXNfE9wI+gcTMwED8A= github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/tcpproxy v0.0.0-20180808230851-dfa16c61dad2 h1:AtvtonGEH/fZK0XPNNBdB6swgy7Iudfx88wzyIpwqJ8= github.com/google/tcpproxy v0.0.0-20180808230851-dfa16c61dad2/go.mod h1:DavVbd41y+b7ukKDmlnPR4nGYmkWXR6vHUkjQNiHPBs= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5 h1:sjZBwGj9Jlw33ImPtvFviGYvseOtDM7hkSKB7+Tv3SM= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= @@ -223,6 +287,7 @@ github.com/grpc-ecosystem/go-grpc-middleware v1.0.0 h1:Iju5GlWwrvL6UBg4zJJt3btmo github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= +github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= github.com/hashicorp/consul-net-rpc v0.0.0-20220307172752-3602954411b4 h1:Com/5n/omNSBusX11zdyIYtidiqewLIanchbm//McZA= github.com/hashicorp/consul-net-rpc v0.0.0-20220307172752-3602954411b4/go.mod h1:vWEAHAeAqfOwB3pSgHMQpIu8VH1jL+Ltg54Tw0wt/NI= github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA= @@ -319,6 +384,7 @@ github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKe github.com/hashicorp/yamux v0.0.0-20210826001029-26ff87cf9493 h1:brI5vBRUlAlM34VFmnLPwjnCL/FxAJp9XvOdX6Zt+XE= github.com/hashicorp/yamux v0.0.0-20210826001029-26ff87cf9493/go.mod h1:CtWFDAQgb7dxtzFs4tWbplKIe2jSi3+5vKbgIO0SLnQ= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= +github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.6 h1:xTNEAn+kxVO7dTZGu0CegyqKZmoWFI0rF8UxjlB2d28= @@ -342,6 +408,7 @@ github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/u github.com/json-iterator/go v1.1.9 h1:9yzud/Ht36ygwatGx56VwCZtlI/2AD15T1X2sjSuGns= github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= +github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= @@ -480,6 +547,8 @@ github.com/rboyer/safeio v0.2.1/go.mod h1:Cq/cEPK+YXFn622lsQ0K4KsPZSPtaptHHEldsy github.com/renier/xmlrpc v0.0.0-20170708154548-ce4a1a486c03 h1:Wdi9nwnhFNAlseAOekn6B5G/+GMtks9UKbvRU/CMM/o= github.com/renier/xmlrpc v0.0.0-20170708154548-ce4a1a486c03/go.mod h1:gRAiPF5C5Nd0eyyRdqIu9qTiFSoZzpTq727b5B8fkkU= github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= +github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= +github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rs/zerolog v1.4.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= @@ -522,6 +591,7 @@ github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+ github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= +github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= @@ -540,14 +610,19 @@ github.com/vmware/govmomi v0.18.0 h1:f7QxSmP7meCtoAmiKZogvVbLInT+CZx6Px6K5rYsJZo github.com/vmware/govmomi v0.18.0/go.mod h1:URlwyTFZX72RmxtxuaFL2Uj3fD1JTvZdx59bHWk6aFU= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= +github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/bbolt v1.3.5 h1:XAzx9gjCb0Rxj7EoqcClPD1d5ZBxZJk0jbuoPHenBt0= go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= -go.opencensus.io v0.22.0 h1:C9hSCOW830chIVkdja34wa6Ky+IzWllkUinR+BtRZd4= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= +go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= +go.opencensus.io v0.22.3 h1:8sGtKOrtQqkN1bp2AtX+misvLIlOmsEsNd+9NIcPEm8= +go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= +go.opentelemetry.io/proto/otlp v0.7.0 h1:rwOQPCuKAKmwGKq2aVNnYIibI6wnV7EvzgfTCzcdGg8= +go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/goleak v1.1.10 h1:z+mqJhf6ss6BSfSM671tgKyZBFPTTJM+HLxnhPC3wu0= go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= @@ -559,6 +634,8 @@ golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnf golang.org/x/crypto v0.0.0-20190211182817-74369b46fc67/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190418165655-df01cb2cc480/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE= +golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= @@ -567,13 +644,34 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a h1:kr2P4QFmQr29mSLA43kwrOcgcReGTfbE9N577tCTuBc= golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= +golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= +golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= +golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek= +golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= +golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= +golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= +golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= +golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= +golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= +golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= +golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190930215403-16217165b5de h1:5hukYrvBGR8/eNkX5mdUezrA6JiaEZDtJb9Ei+1LlBs= +golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs= +golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= +golang.org/x/lint v0.0.0-20200302205851-738671d3881b h1:Wh+f8QHJXR411sJR8/vRBTZ7YapZaRvUcLFFJhusH0k= +golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= +golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= +golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= +golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= +golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY= +golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= +golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0 h1:RM4zey1++hCTbCVQfnWeKs9/IEsaBLA8vTkd0WVtmH4= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= @@ -592,12 +690,25 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= +golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200602114024-627f9648deb9/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8= @@ -605,14 +716,17 @@ golang.org/x/net v0.0.0-20211216030914-fe4d6282115f h1:hEYJvxw1lSnWIl8X9ofsYMklz golang.org/x/net v0.0.0-20211216030914-fe4d6282115f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45 h1:SVwTIAaPC2U/AvvLNZ2a7OVsmBpC8L5BlwK1whH3hm0= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d h1:TzXSXBo42m9gQenoE3b9BGiEpg5IG2JkU5FkPIawgtw= +golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -629,6 +743,7 @@ golang.org/x/sys v0.0.0-20190129075346-302c3dd5f1cc/go.mod h1:STP8DvDyc/dI5b8T5h golang.org/x/sys v0.0.0-20190209173611-3b5209105503/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190403152447-81d4e9dc473e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -636,19 +751,32 @@ golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190515120540-06a5c4944438/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190523142557-0e01d883c5c5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191022100944-742c48ecaeb7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200124204421-9fbb57f87de9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -661,6 +789,7 @@ golang.org/x/sys v0.0.0-20211013075003-97ac67df715c/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= @@ -669,6 +798,7 @@ golang.org/x/text v0.3.6 h1:aRYxNxv6iGQlyVaZmk6ZgYEDa+Jg18DxebPSrd6bg1M= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20200416051211-89c76fbcd5d1/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e h1:EHBhcS0mlXEAVwNyO2dLfjToGsyY4j24pTs2ScHnX7s= golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -679,14 +809,43 @@ golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGm golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= +golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= +golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190624222133-a101b041ded4/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= +golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= +golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= +golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= +golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= +golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200622203043-20e05c1c8ffa/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a h1:CB3a9Nez8M13wwlr/E2YtwoU+qYHKfC+JrDa45RXXoQ= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -695,35 +854,89 @@ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= -google.golang.org/api v0.9.0 h1:jbyannxz0XFD3zdjgrSUsaJbgpH4eTrkdhRChkHPfO8= +google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= +google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= +google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= +google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= +google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= +google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= +google.golang.org/api v0.28.0 h1:jMF5hhVfMkTZwHW1SDpKq5CkgWLXOb31Foaca9Zr3oM= +google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.6.0 h1:Tfd7cKwKbFRsI8RMAD3oqqw7JPFRrvFlOsfbgVkjOOw= -google.golang.org/appengine v1.6.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= +google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= +google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +google.golang.org/appengine v1.6.6 h1:lMO5rYAqUxkmaj76jAkRUvt5JZgFymx/+Q5Mzfivuhc= +google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55 h1:gSJIx1SDwno+2ElGhA4+qG2zF97qiUzTM+rQ0klBOcE= +google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= +google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= +google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA= +google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U= +google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= +google.golang.org/genproto v0.0.0-20200623002339-fbb79eadd5eb h1:PUcq6RTy8Gp9xukBme8m2+2Z8pQCmJ7TbPpQd6xNDvk= +google.golang.org/genproto v0.0.0-20200623002339-fbb79eadd5eb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= +google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= google.golang.org/grpc v1.22.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= -google.golang.org/grpc v1.27.1 h1:zvIju4sqAGvwKspUQOhwnpcqSbzi7/H6QomNNjTL4sk= +google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= +google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= +google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60= +google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= +google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0= +google.golang.org/grpc v1.36.0 h1:o1bcQ6imQMIOpdrO3SWf2z5RV72WbDwdXuK0MDlc8As= +google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= +google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= +google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= +google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= +google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= +google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= +google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= +google.golang.org/protobuf v1.25.0 h1:Ejskq+SyPohKW+1uil0JJMtmHCgJPJ/qWTxr8qp+R4c= +google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= @@ -736,6 +949,7 @@ gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWD gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10= @@ -748,6 +962,9 @@ honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= +honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= +honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= k8s.io/api v0.18.2 h1:wG5g5ZmSVgm5B+eHMIbI9EGATS2L8Z72rda19RIEgY8= k8s.io/api v0.18.2/go.mod h1:SJCWI7OLzhZSvbY7U8zwNl9UA4o1fizoug34OV/2r78= k8s.io/apimachinery v0.18.2 h1:44CmtbmkzVDAhCpRVSiP2R5PPrC2RtlIv/MoB8xpdRA= @@ -762,6 +979,9 @@ k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= k8s.io/kube-openapi v0.0.0-20200121204235-bf4fb3bd569c/go.mod h1:GRQhZsXIAJ1xR0C9bd8UpWHZ5plfAS9fzPjJuQ6JL3E= k8s.io/utils v0.0.0-20200324210504-a9aa75ae1b89 h1:d4vVOjXm687F1iLSP2q3lyPPuyvTUt3aVoBpi2DqRsU= k8s.io/utils v0.0.0-20200324210504-a9aa75ae1b89/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew= +rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= +rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= +rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= sigs.k8s.io/structured-merge-diff/v3 v3.0.0-20200116222232-67a7b8c61874/go.mod h1:PlARxl6Hbt/+BC80dRLi1qAmnMqwqDg62YvvVkZjemw= sigs.k8s.io/structured-merge-diff/v3 v3.0.0 h1:dOmIZBMfhcHS09XZkMyUgkq5trg3/jRyJYFZUiaOp8E= sigs.k8s.io/structured-merge-diff/v3 v3.0.0/go.mod h1:PlARxl6Hbt/+BC80dRLi1qAmnMqwqDg62YvvVkZjemw= diff --git a/proto/pbacl/acl.pb.go b/proto/pbacl/acl.pb.go index baaa994e9..b3c4e68a7 100644 --- a/proto/pbacl/acl.pb.go +++ b/proto/pbacl/acl.pb.go @@ -1,89 +1,158 @@ // Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.23.0 +// protoc v3.15.8 // source: proto/pbacl/acl.proto package pbacl import ( - fmt "fmt" proto "github.com/golang/protobuf/proto" - math "math" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" ) -// Reference imports to suppress errors if they are not otherwise used. -var _ = proto.Marshal -var _ = fmt.Errorf -var _ = math.Inf +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) -// This is a compile-time assertion to ensure that this generated file -// is compatible with the proto package it is being compiled against. -// A compilation error at this line likely means your copy of the -// proto package needs to be updated. -const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package +// This is a compile-time assertion that a sufficiently up-to-date version +// of the legacy proto package is being used. +const _ = proto.ProtoPackageIsVersion4 type ACLLink struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + ID string `protobuf:"bytes,1,opt,name=ID,proto3" json:"ID,omitempty"` // @gotags: hash:ignore-" - Name string `protobuf:"bytes,2,opt,name=Name,proto3" json:"Name,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + Name string `protobuf:"bytes,2,opt,name=Name,proto3" json:"Name,omitempty"` } -func (m *ACLLink) Reset() { *m = ACLLink{} } -func (m *ACLLink) String() string { return proto.CompactTextString(m) } -func (*ACLLink) ProtoMessage() {} +func (x *ACLLink) Reset() { + *x = ACLLink{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_pbacl_acl_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ACLLink) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ACLLink) ProtoMessage() {} + +func (x *ACLLink) ProtoReflect() protoreflect.Message { + mi := &file_proto_pbacl_acl_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ACLLink.ProtoReflect.Descriptor instead. func (*ACLLink) Descriptor() ([]byte, []int) { - return fileDescriptor_ad2d2c73a6a0d8b5, []int{0} + return file_proto_pbacl_acl_proto_rawDescGZIP(), []int{0} } -func (m *ACLLink) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_ACLLink.Unmarshal(m, b) -} -func (m *ACLLink) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_ACLLink.Marshal(b, m, deterministic) -} -func (m *ACLLink) XXX_Merge(src proto.Message) { - xxx_messageInfo_ACLLink.Merge(m, src) -} -func (m *ACLLink) XXX_Size() int { - return xxx_messageInfo_ACLLink.Size(m) -} -func (m *ACLLink) XXX_DiscardUnknown() { - xxx_messageInfo_ACLLink.DiscardUnknown(m) -} - -var xxx_messageInfo_ACLLink proto.InternalMessageInfo - -func (m *ACLLink) GetID() string { - if m != nil { - return m.ID +func (x *ACLLink) GetID() string { + if x != nil { + return x.ID } return "" } -func (m *ACLLink) GetName() string { - if m != nil { - return m.Name +func (x *ACLLink) GetName() string { + if x != nil { + return x.Name } return "" } -func init() { - proto.RegisterType((*ACLLink)(nil), "acl.ACLLink") +var File_proto_pbacl_acl_proto protoreflect.FileDescriptor + +var file_proto_pbacl_acl_proto_rawDesc = []byte{ + 0x0a, 0x15, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x61, 0x63, 0x6c, 0x2f, 0x61, 0x63, + 0x6c, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x03, 0x61, 0x63, 0x6c, 0x22, 0x2d, 0x0a, 0x07, + 0x41, 0x43, 0x4c, 0x4c, 0x69, 0x6e, 0x6b, 0x12, 0x0e, 0x0a, 0x02, 0x49, 0x44, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x02, 0x49, 0x44, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x42, 0x29, 0x5a, 0x27, 0x67, + 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, + 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x2f, 0x70, 0x62, 0x61, 0x63, 0x6c, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } -func init() { - proto.RegisterFile("proto/pbacl/acl.proto", fileDescriptor_ad2d2c73a6a0d8b5) +var ( + file_proto_pbacl_acl_proto_rawDescOnce sync.Once + file_proto_pbacl_acl_proto_rawDescData = file_proto_pbacl_acl_proto_rawDesc +) + +func file_proto_pbacl_acl_proto_rawDescGZIP() []byte { + file_proto_pbacl_acl_proto_rawDescOnce.Do(func() { + file_proto_pbacl_acl_proto_rawDescData = protoimpl.X.CompressGZIP(file_proto_pbacl_acl_proto_rawDescData) + }) + return file_proto_pbacl_acl_proto_rawDescData } -var fileDescriptor_ad2d2c73a6a0d8b5 = []byte{ - // 128 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x12, 0x2d, 0x28, 0xca, 0x2f, - 0xc9, 0xd7, 0x2f, 0x48, 0x4a, 0x4c, 0xce, 0xd1, 0x4f, 0x4c, 0xce, 0xd1, 0x03, 0xf3, 0x85, 0x98, - 0x13, 0x93, 0x73, 0x94, 0x74, 0xb9, 0xd8, 0x1d, 0x9d, 0x7d, 0x7c, 0x32, 0xf3, 0xb2, 0x85, 0xf8, - 0xb8, 0x98, 0x3c, 0x5d, 0x24, 0x18, 0x15, 0x18, 0x35, 0x38, 0x83, 0x98, 0x3c, 0x5d, 0x84, 0x84, - 0xb8, 0x58, 0xfc, 0x12, 0x73, 0x53, 0x25, 0x98, 0xc0, 0x22, 0x60, 0xb6, 0x93, 0x66, 0x94, 0x7a, - 0x7a, 0x66, 0x49, 0x46, 0x69, 0x92, 0x5e, 0x72, 0x7e, 0xae, 0x7e, 0x46, 0x62, 0x71, 0x46, 0x66, - 0x72, 0x7e, 0x51, 0x81, 0x7e, 0x72, 0x7e, 0x5e, 0x71, 0x69, 0x8e, 0x3e, 0x92, 0x45, 0x49, 0x6c, - 0x60, 0x8e, 0x31, 0x20, 0x00, 0x00, 0xff, 0xff, 0xaf, 0x25, 0x54, 0x7f, 0x7e, 0x00, 0x00, 0x00, +var file_proto_pbacl_acl_proto_msgTypes = make([]protoimpl.MessageInfo, 1) +var file_proto_pbacl_acl_proto_goTypes = []interface{}{ + (*ACLLink)(nil), // 0: acl.ACLLink +} +var file_proto_pbacl_acl_proto_depIdxs = []int32{ + 0, // [0:0] is the sub-list for method output_type + 0, // [0:0] is the sub-list for method input_type + 0, // [0:0] is the sub-list for extension type_name + 0, // [0:0] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_proto_pbacl_acl_proto_init() } +func file_proto_pbacl_acl_proto_init() { + if File_proto_pbacl_acl_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_proto_pbacl_acl_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ACLLink); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_proto_pbacl_acl_proto_rawDesc, + NumEnums: 0, + NumMessages: 1, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_proto_pbacl_acl_proto_goTypes, + DependencyIndexes: file_proto_pbacl_acl_proto_depIdxs, + MessageInfos: file_proto_pbacl_acl_proto_msgTypes, + }.Build() + File_proto_pbacl_acl_proto = out.File + file_proto_pbacl_acl_proto_rawDesc = nil + file_proto_pbacl_acl_proto_goTypes = nil + file_proto_pbacl_acl_proto_depIdxs = nil } diff --git a/proto/pbautoconf/auto_config.pb.go b/proto/pbautoconf/auto_config.pb.go index 0f64d9688..4e4a60e1c 100644 --- a/proto/pbautoconf/auto_config.pb.go +++ b/proto/pbautoconf/auto_config.pb.go @@ -1,30 +1,39 @@ // Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.23.0 +// protoc v3.15.8 // source: proto/pbautoconf/auto_config.proto package pbautoconf import ( - fmt "fmt" proto "github.com/golang/protobuf/proto" pbconfig "github.com/hashicorp/consul/proto/pbconfig" pbconnect "github.com/hashicorp/consul/proto/pbconnect" - math "math" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" ) -// Reference imports to suppress errors if they are not otherwise used. -var _ = proto.Marshal -var _ = fmt.Errorf -var _ = math.Inf +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) -// This is a compile-time assertion to ensure that this generated file -// is compatible with the proto package it is being compiled against. -// A compilation error at this line likely means your copy of the -// proto package needs to be updated. -const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package +// This is a compile-time assertion that a sufficiently up-to-date version +// of the legacy proto package is being used. +const _ = proto.ProtoPackageIsVersion4 // AutoConfigRequest is the data structure to be sent along with the // AutoConfig.InitialConfiguration RPC type AutoConfigRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + // Datacenter is the local datacenter name. This wont actually be set by clients // but rather will be set by the servers to allow for forwarding to // the leader. If it ever happens to be set and differs from the local datacenters @@ -44,88 +53,96 @@ type AutoConfigRequest struct { ConsulToken string `protobuf:"bytes,6,opt,name=ConsulToken,proto3" json:"ConsulToken,omitempty"` // CSR is a certificate signing request to be used when generating the // agents TLS certificate - CSR string `protobuf:"bytes,7,opt,name=CSR,proto3" json:"CSR,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + CSR string `protobuf:"bytes,7,opt,name=CSR,proto3" json:"CSR,omitempty"` } -func (m *AutoConfigRequest) Reset() { *m = AutoConfigRequest{} } -func (m *AutoConfigRequest) String() string { return proto.CompactTextString(m) } -func (*AutoConfigRequest) ProtoMessage() {} +func (x *AutoConfigRequest) Reset() { + *x = AutoConfigRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_pbautoconf_auto_config_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *AutoConfigRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*AutoConfigRequest) ProtoMessage() {} + +func (x *AutoConfigRequest) ProtoReflect() protoreflect.Message { + mi := &file_proto_pbautoconf_auto_config_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use AutoConfigRequest.ProtoReflect.Descriptor instead. func (*AutoConfigRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ccc5af992e5daf69, []int{0} + return file_proto_pbautoconf_auto_config_proto_rawDescGZIP(), []int{0} } -func (m *AutoConfigRequest) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_AutoConfigRequest.Unmarshal(m, b) -} -func (m *AutoConfigRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_AutoConfigRequest.Marshal(b, m, deterministic) -} -func (m *AutoConfigRequest) XXX_Merge(src proto.Message) { - xxx_messageInfo_AutoConfigRequest.Merge(m, src) -} -func (m *AutoConfigRequest) XXX_Size() int { - return xxx_messageInfo_AutoConfigRequest.Size(m) -} -func (m *AutoConfigRequest) XXX_DiscardUnknown() { - xxx_messageInfo_AutoConfigRequest.DiscardUnknown(m) -} - -var xxx_messageInfo_AutoConfigRequest proto.InternalMessageInfo - -func (m *AutoConfigRequest) GetDatacenter() string { - if m != nil { - return m.Datacenter +func (x *AutoConfigRequest) GetDatacenter() string { + if x != nil { + return x.Datacenter } return "" } -func (m *AutoConfigRequest) GetNode() string { - if m != nil { - return m.Node +func (x *AutoConfigRequest) GetNode() string { + if x != nil { + return x.Node } return "" } -func (m *AutoConfigRequest) GetSegment() string { - if m != nil { - return m.Segment +func (x *AutoConfigRequest) GetSegment() string { + if x != nil { + return x.Segment } return "" } -func (m *AutoConfigRequest) GetPartition() string { - if m != nil { - return m.Partition +func (x *AutoConfigRequest) GetPartition() string { + if x != nil { + return x.Partition } return "" } -func (m *AutoConfigRequest) GetJWT() string { - if m != nil { - return m.JWT +func (x *AutoConfigRequest) GetJWT() string { + if x != nil { + return x.JWT } return "" } -func (m *AutoConfigRequest) GetConsulToken() string { - if m != nil { - return m.ConsulToken +func (x *AutoConfigRequest) GetConsulToken() string { + if x != nil { + return x.ConsulToken } return "" } -func (m *AutoConfigRequest) GetCSR() string { - if m != nil { - return m.CSR +func (x *AutoConfigRequest) GetCSR() string { + if x != nil { + return x.CSR } return "" } // AutoConfigResponse is the data structure sent in response to a AutoConfig.InitialConfiguration request type AutoConfigResponse struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + // Config is the partial Consul configuration to inject into the agents own configuration Config *pbconfig.Config `protobuf:"bytes,1,opt,name=Config,proto3" json:"Config,omitempty"` // CARoots is the current list of Connect CA Roots @@ -134,96 +151,188 @@ type AutoConfigResponse struct { Certificate *pbconnect.IssuedCert `protobuf:"bytes,3,opt,name=Certificate,proto3" json:"Certificate,omitempty"` // ExtraCACertificates holds non-Connect certificates that may be necessary // to verify TLS connections with the Consul servers - ExtraCACertificates []string `protobuf:"bytes,4,rep,name=ExtraCACertificates,proto3" json:"ExtraCACertificates,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + ExtraCACertificates []string `protobuf:"bytes,4,rep,name=ExtraCACertificates,proto3" json:"ExtraCACertificates,omitempty"` } -func (m *AutoConfigResponse) Reset() { *m = AutoConfigResponse{} } -func (m *AutoConfigResponse) String() string { return proto.CompactTextString(m) } -func (*AutoConfigResponse) ProtoMessage() {} +func (x *AutoConfigResponse) Reset() { + *x = AutoConfigResponse{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_pbautoconf_auto_config_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *AutoConfigResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*AutoConfigResponse) ProtoMessage() {} + +func (x *AutoConfigResponse) ProtoReflect() protoreflect.Message { + mi := &file_proto_pbautoconf_auto_config_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use AutoConfigResponse.ProtoReflect.Descriptor instead. func (*AutoConfigResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_ccc5af992e5daf69, []int{1} + return file_proto_pbautoconf_auto_config_proto_rawDescGZIP(), []int{1} } -func (m *AutoConfigResponse) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_AutoConfigResponse.Unmarshal(m, b) -} -func (m *AutoConfigResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_AutoConfigResponse.Marshal(b, m, deterministic) -} -func (m *AutoConfigResponse) XXX_Merge(src proto.Message) { - xxx_messageInfo_AutoConfigResponse.Merge(m, src) -} -func (m *AutoConfigResponse) XXX_Size() int { - return xxx_messageInfo_AutoConfigResponse.Size(m) -} -func (m *AutoConfigResponse) XXX_DiscardUnknown() { - xxx_messageInfo_AutoConfigResponse.DiscardUnknown(m) -} - -var xxx_messageInfo_AutoConfigResponse proto.InternalMessageInfo - -func (m *AutoConfigResponse) GetConfig() *pbconfig.Config { - if m != nil { - return m.Config +func (x *AutoConfigResponse) GetConfig() *pbconfig.Config { + if x != nil { + return x.Config } return nil } -func (m *AutoConfigResponse) GetCARoots() *pbconnect.CARoots { - if m != nil { - return m.CARoots +func (x *AutoConfigResponse) GetCARoots() *pbconnect.CARoots { + if x != nil { + return x.CARoots } return nil } -func (m *AutoConfigResponse) GetCertificate() *pbconnect.IssuedCert { - if m != nil { - return m.Certificate +func (x *AutoConfigResponse) GetCertificate() *pbconnect.IssuedCert { + if x != nil { + return x.Certificate } return nil } -func (m *AutoConfigResponse) GetExtraCACertificates() []string { - if m != nil { - return m.ExtraCACertificates +func (x *AutoConfigResponse) GetExtraCACertificates() []string { + if x != nil { + return x.ExtraCACertificates } return nil } -func init() { - proto.RegisterType((*AutoConfigRequest)(nil), "autoconf.AutoConfigRequest") - proto.RegisterType((*AutoConfigResponse)(nil), "autoconf.AutoConfigResponse") +var File_proto_pbautoconf_auto_config_proto protoreflect.FileDescriptor + +var file_proto_pbautoconf_auto_config_proto_rawDesc = []byte{ + 0x0a, 0x22, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x61, 0x75, 0x74, 0x6f, 0x63, 0x6f, + 0x6e, 0x66, 0x2f, 0x61, 0x75, 0x74, 0x6f, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x08, 0x61, 0x75, 0x74, 0x6f, 0x63, 0x6f, 0x6e, 0x66, 0x1a, 0x1b, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2f, 0x63, + 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1d, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x2f, 0x63, 0x6f, 0x6e, + 0x6e, 0x65, 0x63, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xc5, 0x01, 0x0a, 0x11, 0x41, + 0x75, 0x74, 0x6f, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, + 0x12, 0x1e, 0x0a, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, + 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x6f, 0x64, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, + 0x4e, 0x6f, 0x64, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x53, 0x65, 0x67, 0x6d, 0x65, 0x6e, 0x74, 0x18, + 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x53, 0x65, 0x67, 0x6d, 0x65, 0x6e, 0x74, 0x12, 0x1c, + 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x08, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x10, 0x0a, 0x03, + 0x4a, 0x57, 0x54, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x4a, 0x57, 0x54, 0x12, 0x20, + 0x0a, 0x0b, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x06, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x0b, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x54, 0x6f, 0x6b, 0x65, 0x6e, + 0x12, 0x10, 0x0a, 0x03, 0x43, 0x53, 0x52, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x43, + 0x53, 0x52, 0x22, 0xd1, 0x01, 0x0a, 0x12, 0x41, 0x75, 0x74, 0x6f, 0x43, 0x6f, 0x6e, 0x66, 0x69, + 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x26, 0x0a, 0x06, 0x43, 0x6f, 0x6e, + 0x66, 0x69, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x63, 0x6f, 0x6e, 0x66, + 0x69, 0x67, 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x06, 0x43, 0x6f, 0x6e, 0x66, 0x69, + 0x67, 0x12, 0x2a, 0x0a, 0x07, 0x43, 0x41, 0x52, 0x6f, 0x6f, 0x74, 0x73, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x2e, 0x43, 0x41, 0x52, + 0x6f, 0x6f, 0x74, 0x73, 0x52, 0x07, 0x43, 0x41, 0x52, 0x6f, 0x6f, 0x74, 0x73, 0x12, 0x35, 0x0a, + 0x0b, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x18, 0x03, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x2e, 0x49, 0x73, 0x73, + 0x75, 0x65, 0x64, 0x43, 0x65, 0x72, 0x74, 0x52, 0x0b, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, + 0x63, 0x61, 0x74, 0x65, 0x12, 0x30, 0x0a, 0x13, 0x45, 0x78, 0x74, 0x72, 0x61, 0x43, 0x41, 0x43, + 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, + 0x09, 0x52, 0x13, 0x45, 0x78, 0x74, 0x72, 0x61, 0x43, 0x41, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, + 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x42, 0x2e, 0x5a, 0x2c, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, + 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, + 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x61, 0x75, + 0x74, 0x6f, 0x63, 0x6f, 0x6e, 0x66, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } -func init() { - proto.RegisterFile("proto/pbautoconf/auto_config.proto", fileDescriptor_ccc5af992e5daf69) +var ( + file_proto_pbautoconf_auto_config_proto_rawDescOnce sync.Once + file_proto_pbautoconf_auto_config_proto_rawDescData = file_proto_pbautoconf_auto_config_proto_rawDesc +) + +func file_proto_pbautoconf_auto_config_proto_rawDescGZIP() []byte { + file_proto_pbautoconf_auto_config_proto_rawDescOnce.Do(func() { + file_proto_pbautoconf_auto_config_proto_rawDescData = protoimpl.X.CompressGZIP(file_proto_pbautoconf_auto_config_proto_rawDescData) + }) + return file_proto_pbautoconf_auto_config_proto_rawDescData } -var fileDescriptor_ccc5af992e5daf69 = []byte{ - // 340 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x6c, 0x92, 0xcd, 0x4a, 0xc3, 0x40, - 0x10, 0xc7, 0x89, 0xad, 0xfd, 0x98, 0x80, 0xd4, 0xed, 0x65, 0xa9, 0x1f, 0x94, 0x1e, 0xa4, 0x88, - 0x24, 0x52, 0xf1, 0x01, 0x6a, 0xf4, 0xa0, 0x07, 0x91, 0x6d, 0x41, 0xf0, 0x22, 0x69, 0xba, 0x6d, - 0x83, 0xed, 0x4e, 0xcc, 0xce, 0x82, 0x2f, 0xe8, 0x03, 0xf8, 0x46, 0x92, 0x4d, 0xa2, 0x8b, 0x78, - 0xca, 0x3f, 0xbf, 0xdf, 0x7f, 0x0e, 0x33, 0x09, 0x8c, 0xb2, 0x1c, 0x09, 0xc3, 0x6c, 0x11, 0x1b, - 0xc2, 0x04, 0xd5, 0x2a, 0x2c, 0xc2, 0x6b, 0x91, 0xd2, 0x75, 0x60, 0x25, 0xeb, 0xd4, 0x6e, 0x70, - 0x54, 0xb7, 0x4b, 0x1f, 0xba, 0xb5, 0xc1, 0x89, 0x23, 0x95, 0x4c, 0x28, 0xac, 0x9e, 0xa5, 0x1e, - 0x7d, 0x7a, 0x70, 0x38, 0x35, 0x84, 0x91, 0x9d, 0x11, 0xf2, 0xdd, 0x48, 0x4d, 0xec, 0x14, 0xe0, - 0x36, 0xa6, 0x38, 0x91, 0x8a, 0x64, 0xce, 0xbd, 0xa1, 0x37, 0xee, 0x0a, 0x87, 0x30, 0x06, 0xcd, - 0x47, 0x5c, 0x4a, 0xbe, 0x67, 0x8d, 0xcd, 0x8c, 0x43, 0x7b, 0x26, 0xd7, 0x3b, 0xa9, 0x88, 0x37, - 0x2d, 0xae, 0x5f, 0xd9, 0x31, 0x74, 0x9f, 0xe2, 0x9c, 0x52, 0x4a, 0x51, 0xf1, 0x8e, 0x75, 0xbf, - 0x80, 0xf5, 0xa0, 0xf1, 0xf0, 0x3c, 0xe7, 0xfb, 0x96, 0x17, 0x91, 0x0d, 0xc1, 0x8f, 0x50, 0x69, - 0xb3, 0x9d, 0xe3, 0x9b, 0x54, 0xbc, 0x65, 0x8d, 0x8b, 0x8a, 0x99, 0x68, 0x26, 0x78, 0xbb, 0x9c, - 0x89, 0x66, 0x62, 0xf4, 0xe5, 0x01, 0x73, 0xf7, 0xd0, 0x19, 0x2a, 0x2d, 0xd9, 0x19, 0xb4, 0x4a, - 0x62, 0x97, 0xf0, 0x27, 0x07, 0x41, 0x75, 0x9c, 0xaa, 0x57, 0x59, 0x76, 0x0e, 0xed, 0x68, 0x2a, - 0x10, 0x49, 0xdb, 0x9d, 0xfc, 0x49, 0x2f, 0xa8, 0xef, 0x54, 0x71, 0x51, 0x17, 0xd8, 0x35, 0xf8, - 0x91, 0xcc, 0x29, 0x5d, 0xa5, 0x49, 0x4c, 0x92, 0x37, 0x6c, 0xbf, 0xff, 0xd3, 0xbf, 0xd7, 0xda, - 0xc8, 0x65, 0xd1, 0x10, 0x6e, 0x8f, 0x5d, 0x42, 0xff, 0xee, 0x83, 0xf2, 0x38, 0x9a, 0x3a, 0x54, - 0xf3, 0xe6, 0xb0, 0x31, 0xee, 0x8a, 0xff, 0xd4, 0x4d, 0xf0, 0x72, 0xb1, 0x4e, 0x69, 0x63, 0x16, - 0x41, 0x82, 0xbb, 0x70, 0x13, 0xeb, 0x4d, 0x9a, 0x60, 0x9e, 0x15, 0x5f, 0x50, 0x9b, 0x6d, 0xf8, - 0xf7, 0x1f, 0x59, 0xb4, 0x2c, 0xb9, 0xfa, 0x0e, 0x00, 0x00, 0xff, 0xff, 0x29, 0xae, 0x66, 0x30, - 0x3e, 0x02, 0x00, 0x00, +var file_proto_pbautoconf_auto_config_proto_msgTypes = make([]protoimpl.MessageInfo, 2) +var file_proto_pbautoconf_auto_config_proto_goTypes = []interface{}{ + (*AutoConfigRequest)(nil), // 0: autoconf.AutoConfigRequest + (*AutoConfigResponse)(nil), // 1: autoconf.AutoConfigResponse + (*pbconfig.Config)(nil), // 2: config.Config + (*pbconnect.CARoots)(nil), // 3: connect.CARoots + (*pbconnect.IssuedCert)(nil), // 4: connect.IssuedCert +} +var file_proto_pbautoconf_auto_config_proto_depIdxs = []int32{ + 2, // 0: autoconf.AutoConfigResponse.Config:type_name -> config.Config + 3, // 1: autoconf.AutoConfigResponse.CARoots:type_name -> connect.CARoots + 4, // 2: autoconf.AutoConfigResponse.Certificate:type_name -> connect.IssuedCert + 3, // [3:3] is the sub-list for method output_type + 3, // [3:3] is the sub-list for method input_type + 3, // [3:3] is the sub-list for extension type_name + 3, // [3:3] is the sub-list for extension extendee + 0, // [0:3] is the sub-list for field type_name +} + +func init() { file_proto_pbautoconf_auto_config_proto_init() } +func file_proto_pbautoconf_auto_config_proto_init() { + if File_proto_pbautoconf_auto_config_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_proto_pbautoconf_auto_config_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*AutoConfigRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_proto_pbautoconf_auto_config_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*AutoConfigResponse); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_proto_pbautoconf_auto_config_proto_rawDesc, + NumEnums: 0, + NumMessages: 2, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_proto_pbautoconf_auto_config_proto_goTypes, + DependencyIndexes: file_proto_pbautoconf_auto_config_proto_depIdxs, + MessageInfos: file_proto_pbautoconf_auto_config_proto_msgTypes, + }.Build() + File_proto_pbautoconf_auto_config_proto = out.File + file_proto_pbautoconf_auto_config_proto_rawDesc = nil + file_proto_pbautoconf_auto_config_proto_goTypes = nil + file_proto_pbautoconf_auto_config_proto_depIdxs = nil } diff --git a/proto/pbcommon/common.go b/proto/pbcommon/common.go index f8211604d..79b1592e5 100644 --- a/proto/pbcommon/common.go +++ b/proto/pbcommon/common.go @@ -74,7 +74,7 @@ func (q *QueryOptions) SetStaleIfError(staleIfError time.Duration) { q.StaleIfError = structs.DurationToProto(staleIfError) } -func (q QueryOptions) HasTimedOut(start time.Time, rpcHoldTimeout, maxQueryTime, defaultQueryTime time.Duration) (bool, error) { +func (q *QueryOptions) HasTimedOut(start time.Time, rpcHoldTimeout, maxQueryTime, defaultQueryTime time.Duration) (bool, error) { maxTime := structs.DurationFromProto(q.MaxQueryTime) o := structs.QueryOptions{ MaxQueryTime: maxTime, @@ -91,12 +91,12 @@ func (q *QueryOptions) SetFilter(filter string) { // WriteRequest only applies to writes, always false // // IsRead implements structs.RPCInfo -func (w WriteRequest) IsRead() bool { +func (w *WriteRequest) IsRead() bool { return false } // SetTokenSecret implements structs.RPCInfo -func (w WriteRequest) TokenSecret() string { +func (w *WriteRequest) TokenSecret() string { return w.Token } @@ -108,12 +108,12 @@ func (w *WriteRequest) SetTokenSecret(s string) { // AllowStaleRead returns whether a stale read should be allowed // // AllowStaleRead implements structs.RPCInfo -func (w WriteRequest) AllowStaleRead() bool { +func (w *WriteRequest) AllowStaleRead() bool { return false } // HasTimedOut implements structs.RPCInfo -func (w WriteRequest) HasTimedOut(start time.Time, rpcHoldTimeout, _, _ time.Duration) (bool, error) { +func (w *WriteRequest) HasTimedOut(start time.Time, rpcHoldTimeout, _, _ time.Duration) (bool, error) { return time.Since(start) > rpcHoldTimeout, nil } @@ -144,7 +144,7 @@ func (r *ReadRequest) HasTimedOut(start time.Time, rpcHoldTimeout, maxQueryTime, } // RequestDatacenter implements structs.RPCInfo -func (td TargetDatacenter) RequestDatacenter() string { +func (td *TargetDatacenter) RequestDatacenter() string { return td.Datacenter } diff --git a/proto/pbcommon/common.pb.go b/proto/pbcommon/common.pb.go index a04042cac..e67bf6139 100644 --- a/proto/pbcommon/common.pb.go +++ b/proto/pbcommon/common.pb.go @@ -1,25 +1,30 @@ // Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.23.0 +// protoc v3.15.8 // source: proto/pbcommon/common.proto package pbcommon import ( - fmt "fmt" proto "github.com/golang/protobuf/proto" - duration "github.com/golang/protobuf/ptypes/duration" - math "math" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + durationpb "google.golang.org/protobuf/types/known/durationpb" + reflect "reflect" + sync "sync" ) -// Reference imports to suppress errors if they are not otherwise used. -var _ = proto.Marshal -var _ = fmt.Errorf -var _ = math.Inf +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) -// This is a compile-time assertion to ensure that this generated file -// is compatible with the proto package it is being compiled against. -// A compilation error at this line likely means your copy of the -// proto package needs to be updated. -const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package +// This is a compile-time assertion that a sufficiently up-to-date version +// of the legacy proto package is being used. +const _ = proto.ProtoPackageIsVersion4 // RaftIndex is used to track the index used while creating // or modifying a given struct type. @@ -31,50 +36,58 @@ const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package // name=Structs // ignore-fields=state,sizeCache,unknownFields type RaftIndex struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + // @gotags: bexpr:"-" CreateIndex uint64 `protobuf:"varint,1,opt,name=CreateIndex,proto3" json:"CreateIndex,omitempty" bexpr:"-"` // @gotags: bexpr:"-" - ModifyIndex uint64 `protobuf:"varint,2,opt,name=ModifyIndex,proto3" json:"ModifyIndex,omitempty" bexpr:"-"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + ModifyIndex uint64 `protobuf:"varint,2,opt,name=ModifyIndex,proto3" json:"ModifyIndex,omitempty" bexpr:"-"` } -func (m *RaftIndex) Reset() { *m = RaftIndex{} } -func (m *RaftIndex) String() string { return proto.CompactTextString(m) } -func (*RaftIndex) ProtoMessage() {} +func (x *RaftIndex) Reset() { + *x = RaftIndex{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_pbcommon_common_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *RaftIndex) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*RaftIndex) ProtoMessage() {} + +func (x *RaftIndex) ProtoReflect() protoreflect.Message { + mi := &file_proto_pbcommon_common_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use RaftIndex.ProtoReflect.Descriptor instead. func (*RaftIndex) Descriptor() ([]byte, []int) { - return fileDescriptor_a6f5ac44994d718c, []int{0} + return file_proto_pbcommon_common_proto_rawDescGZIP(), []int{0} } -func (m *RaftIndex) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_RaftIndex.Unmarshal(m, b) -} -func (m *RaftIndex) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_RaftIndex.Marshal(b, m, deterministic) -} -func (m *RaftIndex) XXX_Merge(src proto.Message) { - xxx_messageInfo_RaftIndex.Merge(m, src) -} -func (m *RaftIndex) XXX_Size() int { - return xxx_messageInfo_RaftIndex.Size(m) -} -func (m *RaftIndex) XXX_DiscardUnknown() { - xxx_messageInfo_RaftIndex.DiscardUnknown(m) -} - -var xxx_messageInfo_RaftIndex proto.InternalMessageInfo - -func (m *RaftIndex) GetCreateIndex() uint64 { - if m != nil { - return m.CreateIndex +func (x *RaftIndex) GetCreateIndex() uint64 { + if x != nil { + return x.CreateIndex } return 0 } -func (m *RaftIndex) GetModifyIndex() uint64 { - if m != nil { - return m.ModifyIndex +func (x *RaftIndex) GetModifyIndex() uint64 { + if x != nil { + return x.ModifyIndex } return 0 } @@ -82,40 +95,48 @@ func (m *RaftIndex) GetModifyIndex() uint64 { // TargetDatacenter is intended to be used within other messages used for RPC routing // amongst the various Consul datacenters type TargetDatacenter struct { - Datacenter string `protobuf:"bytes,1,opt,name=Datacenter,proto3" json:"Datacenter,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Datacenter string `protobuf:"bytes,1,opt,name=Datacenter,proto3" json:"Datacenter,omitempty"` } -func (m *TargetDatacenter) Reset() { *m = TargetDatacenter{} } -func (m *TargetDatacenter) String() string { return proto.CompactTextString(m) } -func (*TargetDatacenter) ProtoMessage() {} +func (x *TargetDatacenter) Reset() { + *x = TargetDatacenter{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_pbcommon_common_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *TargetDatacenter) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*TargetDatacenter) ProtoMessage() {} + +func (x *TargetDatacenter) ProtoReflect() protoreflect.Message { + mi := &file_proto_pbcommon_common_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use TargetDatacenter.ProtoReflect.Descriptor instead. func (*TargetDatacenter) Descriptor() ([]byte, []int) { - return fileDescriptor_a6f5ac44994d718c, []int{1} + return file_proto_pbcommon_common_proto_rawDescGZIP(), []int{1} } -func (m *TargetDatacenter) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_TargetDatacenter.Unmarshal(m, b) -} -func (m *TargetDatacenter) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_TargetDatacenter.Marshal(b, m, deterministic) -} -func (m *TargetDatacenter) XXX_Merge(src proto.Message) { - xxx_messageInfo_TargetDatacenter.Merge(m, src) -} -func (m *TargetDatacenter) XXX_Size() int { - return xxx_messageInfo_TargetDatacenter.Size(m) -} -func (m *TargetDatacenter) XXX_DiscardUnknown() { - xxx_messageInfo_TargetDatacenter.DiscardUnknown(m) -} - -var xxx_messageInfo_TargetDatacenter proto.InternalMessageInfo - -func (m *TargetDatacenter) GetDatacenter() string { - if m != nil { - return m.Datacenter +func (x *TargetDatacenter) GetDatacenter() string { + if x != nil { + return x.Datacenter } return "" } @@ -127,42 +148,50 @@ func (m *TargetDatacenter) GetDatacenter() string { // name=Structs // ignore-fields=state,sizeCache,unknownFields type WriteRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + // Token is the ACL token ID. If not provided, the 'anonymous' // token is assumed for backwards compatibility. - Token string `protobuf:"bytes,1,opt,name=Token,proto3" json:"Token,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + Token string `protobuf:"bytes,1,opt,name=Token,proto3" json:"Token,omitempty"` } -func (m *WriteRequest) Reset() { *m = WriteRequest{} } -func (m *WriteRequest) String() string { return proto.CompactTextString(m) } -func (*WriteRequest) ProtoMessage() {} +func (x *WriteRequest) Reset() { + *x = WriteRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_pbcommon_common_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *WriteRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*WriteRequest) ProtoMessage() {} + +func (x *WriteRequest) ProtoReflect() protoreflect.Message { + mi := &file_proto_pbcommon_common_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use WriteRequest.ProtoReflect.Descriptor instead. func (*WriteRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_a6f5ac44994d718c, []int{2} + return file_proto_pbcommon_common_proto_rawDescGZIP(), []int{2} } -func (m *WriteRequest) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_WriteRequest.Unmarshal(m, b) -} -func (m *WriteRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_WriteRequest.Marshal(b, m, deterministic) -} -func (m *WriteRequest) XXX_Merge(src proto.Message) { - xxx_messageInfo_WriteRequest.Merge(m, src) -} -func (m *WriteRequest) XXX_Size() int { - return xxx_messageInfo_WriteRequest.Size(m) -} -func (m *WriteRequest) XXX_DiscardUnknown() { - xxx_messageInfo_WriteRequest.DiscardUnknown(m) -} - -var xxx_messageInfo_WriteRequest proto.InternalMessageInfo - -func (m *WriteRequest) GetToken() string { - if m != nil { - return m.Token +func (x *WriteRequest) GetToken() string { + if x != nil { + return x.Token } return "" } @@ -174,51 +203,59 @@ func (m *WriteRequest) GetToken() string { // It is also similar to WriteRequest. It is a separate type so that in the // future we can introduce fields that may only be relevant for reads. type ReadRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + // Token is the ACL token ID. If not provided, the 'anonymous' // token is assumed for backwards compatibility. Token string `protobuf:"bytes,1,opt,name=Token,proto3" json:"Token,omitempty"` // RequireConsistent indicates that the request must be sent to the leader. - RequireConsistent bool `protobuf:"varint,2,opt,name=RequireConsistent,proto3" json:"RequireConsistent,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + RequireConsistent bool `protobuf:"varint,2,opt,name=RequireConsistent,proto3" json:"RequireConsistent,omitempty"` } -func (m *ReadRequest) Reset() { *m = ReadRequest{} } -func (m *ReadRequest) String() string { return proto.CompactTextString(m) } -func (*ReadRequest) ProtoMessage() {} +func (x *ReadRequest) Reset() { + *x = ReadRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_pbcommon_common_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ReadRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ReadRequest) ProtoMessage() {} + +func (x *ReadRequest) ProtoReflect() protoreflect.Message { + mi := &file_proto_pbcommon_common_proto_msgTypes[3] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ReadRequest.ProtoReflect.Descriptor instead. func (*ReadRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_a6f5ac44994d718c, []int{3} + return file_proto_pbcommon_common_proto_rawDescGZIP(), []int{3} } -func (m *ReadRequest) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_ReadRequest.Unmarshal(m, b) -} -func (m *ReadRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_ReadRequest.Marshal(b, m, deterministic) -} -func (m *ReadRequest) XXX_Merge(src proto.Message) { - xxx_messageInfo_ReadRequest.Merge(m, src) -} -func (m *ReadRequest) XXX_Size() int { - return xxx_messageInfo_ReadRequest.Size(m) -} -func (m *ReadRequest) XXX_DiscardUnknown() { - xxx_messageInfo_ReadRequest.DiscardUnknown(m) -} - -var xxx_messageInfo_ReadRequest proto.InternalMessageInfo - -func (m *ReadRequest) GetToken() string { - if m != nil { - return m.Token +func (x *ReadRequest) GetToken() string { + if x != nil { + return x.Token } return "" } -func (m *ReadRequest) GetRequireConsistent() bool { - if m != nil { - return m.RequireConsistent +func (x *ReadRequest) GetRequireConsistent() bool { + if x != nil { + return x.RequireConsistent } return false } @@ -232,6 +269,10 @@ func (m *ReadRequest) GetRequireConsistent() bool { // name=Structs // ignore-fields=StaleIfError,AllowNotModifiedResponse,state,sizeCache,unknownFields type QueryOptions struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + // Token is the ACL token ID. If not provided, the 'anonymous' // token is assumed for backwards compatibility. Token string `protobuf:"bytes,1,opt,name=Token,proto3" json:"Token,omitempty"` @@ -240,7 +281,7 @@ type QueryOptions struct { MinQueryIndex uint64 `protobuf:"varint,2,opt,name=MinQueryIndex,proto3" json:"MinQueryIndex,omitempty"` // Provided with MinQueryIndex to wait for change. // mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto - MaxQueryTime *duration.Duration `protobuf:"bytes,3,opt,name=MaxQueryTime,proto3" json:"MaxQueryTime,omitempty"` + MaxQueryTime *durationpb.Duration `protobuf:"bytes,3,opt,name=MaxQueryTime,proto3" json:"MaxQueryTime,omitempty"` // If set, any follower can service the request. Results // may be arbitrarily stale. AllowStale bool `protobuf:"varint,4,opt,name=AllowStale,proto3" json:"AllowStale,omitempty"` @@ -259,7 +300,7 @@ type QueryOptions struct { // read, and then will perform a consistent read if stale // read is older than value. // mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto - MaxStaleDuration *duration.Duration `protobuf:"bytes,7,opt,name=MaxStaleDuration,proto3" json:"MaxStaleDuration,omitempty"` + MaxStaleDuration *durationpb.Duration `protobuf:"bytes,7,opt,name=MaxStaleDuration,proto3" json:"MaxStaleDuration,omitempty"` // MaxAge limits how old a cached value will be returned if UseCache is true. // If there is a cached response that is older than the MaxAge, it is treated // as a cache miss and a new fetch invoked. If the fetch fails, the error is @@ -268,7 +309,7 @@ type QueryOptions struct { // if the endpoint supports background refresh caching. See // https://www.consul.io/api/index.html#agent-caching for more details. // mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto - MaxAge *duration.Duration `protobuf:"bytes,8,opt,name=MaxAge,proto3" json:"MaxAge,omitempty"` + MaxAge *durationpb.Duration `protobuf:"bytes,8,opt,name=MaxAge,proto3" json:"MaxAge,omitempty"` // MustRevalidate forces the agent to fetch a fresh version of a cached // resource or at least validate that the cached version is still fresh. It is // implied by either max-age=0 or must-revalidate Cache-Control headers. It @@ -280,113 +321,117 @@ type QueryOptions struct { // UseCache is true and MaxAge is set to a lower, non-zero value. It is // ignored if the endpoint supports background refresh caching. See // https://www.consul.io/api/index.html#agent-caching for more details. - StaleIfError *duration.Duration `protobuf:"bytes,10,opt,name=StaleIfError,proto3" json:"StaleIfError,omitempty"` + StaleIfError *durationpb.Duration `protobuf:"bytes,10,opt,name=StaleIfError,proto3" json:"StaleIfError,omitempty"` // Filter specifies the go-bexpr filter expression to be used for // filtering the data prior to returning a response - Filter string `protobuf:"bytes,11,opt,name=Filter,proto3" json:"Filter,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + Filter string `protobuf:"bytes,11,opt,name=Filter,proto3" json:"Filter,omitempty"` } -func (m *QueryOptions) Reset() { *m = QueryOptions{} } -func (m *QueryOptions) String() string { return proto.CompactTextString(m) } -func (*QueryOptions) ProtoMessage() {} +func (x *QueryOptions) Reset() { + *x = QueryOptions{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_pbcommon_common_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *QueryOptions) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*QueryOptions) ProtoMessage() {} + +func (x *QueryOptions) ProtoReflect() protoreflect.Message { + mi := &file_proto_pbcommon_common_proto_msgTypes[4] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use QueryOptions.ProtoReflect.Descriptor instead. func (*QueryOptions) Descriptor() ([]byte, []int) { - return fileDescriptor_a6f5ac44994d718c, []int{4} + return file_proto_pbcommon_common_proto_rawDescGZIP(), []int{4} } -func (m *QueryOptions) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_QueryOptions.Unmarshal(m, b) -} -func (m *QueryOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_QueryOptions.Marshal(b, m, deterministic) -} -func (m *QueryOptions) XXX_Merge(src proto.Message) { - xxx_messageInfo_QueryOptions.Merge(m, src) -} -func (m *QueryOptions) XXX_Size() int { - return xxx_messageInfo_QueryOptions.Size(m) -} -func (m *QueryOptions) XXX_DiscardUnknown() { - xxx_messageInfo_QueryOptions.DiscardUnknown(m) -} - -var xxx_messageInfo_QueryOptions proto.InternalMessageInfo - -func (m *QueryOptions) GetToken() string { - if m != nil { - return m.Token +func (x *QueryOptions) GetToken() string { + if x != nil { + return x.Token } return "" } -func (m *QueryOptions) GetMinQueryIndex() uint64 { - if m != nil { - return m.MinQueryIndex +func (x *QueryOptions) GetMinQueryIndex() uint64 { + if x != nil { + return x.MinQueryIndex } return 0 } -func (m *QueryOptions) GetMaxQueryTime() *duration.Duration { - if m != nil { - return m.MaxQueryTime +func (x *QueryOptions) GetMaxQueryTime() *durationpb.Duration { + if x != nil { + return x.MaxQueryTime } return nil } -func (m *QueryOptions) GetAllowStale() bool { - if m != nil { - return m.AllowStale +func (x *QueryOptions) GetAllowStale() bool { + if x != nil { + return x.AllowStale } return false } -func (m *QueryOptions) GetRequireConsistent() bool { - if m != nil { - return m.RequireConsistent +func (x *QueryOptions) GetRequireConsistent() bool { + if x != nil { + return x.RequireConsistent } return false } -func (m *QueryOptions) GetUseCache() bool { - if m != nil { - return m.UseCache +func (x *QueryOptions) GetUseCache() bool { + if x != nil { + return x.UseCache } return false } -func (m *QueryOptions) GetMaxStaleDuration() *duration.Duration { - if m != nil { - return m.MaxStaleDuration +func (x *QueryOptions) GetMaxStaleDuration() *durationpb.Duration { + if x != nil { + return x.MaxStaleDuration } return nil } -func (m *QueryOptions) GetMaxAge() *duration.Duration { - if m != nil { - return m.MaxAge +func (x *QueryOptions) GetMaxAge() *durationpb.Duration { + if x != nil { + return x.MaxAge } return nil } -func (m *QueryOptions) GetMustRevalidate() bool { - if m != nil { - return m.MustRevalidate +func (x *QueryOptions) GetMustRevalidate() bool { + if x != nil { + return x.MustRevalidate } return false } -func (m *QueryOptions) GetStaleIfError() *duration.Duration { - if m != nil { - return m.StaleIfError +func (x *QueryOptions) GetStaleIfError() *durationpb.Duration { + if x != nil { + return x.StaleIfError } return nil } -func (m *QueryOptions) GetFilter() string { - if m != nil { - return m.Filter +func (x *QueryOptions) GetFilter() string { + if x != nil { + return x.Filter } return "" } @@ -401,13 +446,17 @@ func (m *QueryOptions) GetFilter() string { // name=Structs // ignore-fields=NotModified,Backend,state,sizeCache,unknownFields type QueryMeta struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + // This is the index associated with the read Index uint64 `protobuf:"varint,1,opt,name=Index,proto3" json:"Index,omitempty"` // If AllowStale is used, this is time elapsed since // last contact between the follower and leader. This // can be used to gauge staleness. // mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto - LastContact *duration.Duration `protobuf:"bytes,2,opt,name=LastContact,proto3" json:"LastContact,omitempty"` + LastContact *durationpb.Duration `protobuf:"bytes,2,opt,name=LastContact,proto3" json:"LastContact,omitempty"` // Used to indicate if there is a known leader node KnownLeader bool `protobuf:"varint,3,opt,name=KnownLeader,proto3" json:"KnownLeader,omitempty"` // Consistencylevel returns the consistency used to serve the query @@ -417,68 +466,72 @@ type QueryMeta struct { // ResultsFilteredByACLs is true when some of the query's results were // filtered out by enforcing ACLs. It may be false because nothing was // removed, or because the endpoint does not yet support this flag. - ResultsFilteredByACLs bool `protobuf:"varint,7,opt,name=ResultsFilteredByACLs,proto3" json:"ResultsFilteredByACLs,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + ResultsFilteredByACLs bool `protobuf:"varint,7,opt,name=ResultsFilteredByACLs,proto3" json:"ResultsFilteredByACLs,omitempty"` } -func (m *QueryMeta) Reset() { *m = QueryMeta{} } -func (m *QueryMeta) String() string { return proto.CompactTextString(m) } -func (*QueryMeta) ProtoMessage() {} +func (x *QueryMeta) Reset() { + *x = QueryMeta{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_pbcommon_common_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *QueryMeta) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*QueryMeta) ProtoMessage() {} + +func (x *QueryMeta) ProtoReflect() protoreflect.Message { + mi := &file_proto_pbcommon_common_proto_msgTypes[5] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use QueryMeta.ProtoReflect.Descriptor instead. func (*QueryMeta) Descriptor() ([]byte, []int) { - return fileDescriptor_a6f5ac44994d718c, []int{5} + return file_proto_pbcommon_common_proto_rawDescGZIP(), []int{5} } -func (m *QueryMeta) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_QueryMeta.Unmarshal(m, b) -} -func (m *QueryMeta) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_QueryMeta.Marshal(b, m, deterministic) -} -func (m *QueryMeta) XXX_Merge(src proto.Message) { - xxx_messageInfo_QueryMeta.Merge(m, src) -} -func (m *QueryMeta) XXX_Size() int { - return xxx_messageInfo_QueryMeta.Size(m) -} -func (m *QueryMeta) XXX_DiscardUnknown() { - xxx_messageInfo_QueryMeta.DiscardUnknown(m) -} - -var xxx_messageInfo_QueryMeta proto.InternalMessageInfo - -func (m *QueryMeta) GetIndex() uint64 { - if m != nil { - return m.Index +func (x *QueryMeta) GetIndex() uint64 { + if x != nil { + return x.Index } return 0 } -func (m *QueryMeta) GetLastContact() *duration.Duration { - if m != nil { - return m.LastContact +func (x *QueryMeta) GetLastContact() *durationpb.Duration { + if x != nil { + return x.LastContact } return nil } -func (m *QueryMeta) GetKnownLeader() bool { - if m != nil { - return m.KnownLeader +func (x *QueryMeta) GetKnownLeader() bool { + if x != nil { + return x.KnownLeader } return false } -func (m *QueryMeta) GetConsistencyLevel() string { - if m != nil { - return m.ConsistencyLevel +func (x *QueryMeta) GetConsistencyLevel() string { + if x != nil { + return x.ConsistencyLevel } return "" } -func (m *QueryMeta) GetResultsFilteredByACLs() bool { - if m != nil { - return m.ResultsFilteredByACLs +func (x *QueryMeta) GetResultsFilteredByACLs() bool { + if x != nil { + return x.ResultsFilteredByACLs } return false } @@ -486,103 +539,285 @@ func (m *QueryMeta) GetResultsFilteredByACLs() bool { // EnterpriseMeta contains metadata that is only used by the Enterprise version // of Consul. type EnterpriseMeta struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + // Namespace in which the entity exists. Namespace string `protobuf:"bytes,1,opt,name=Namespace,proto3" json:"Namespace,omitempty"` // Partition in which the entity exists. - Partition string `protobuf:"bytes,2,opt,name=Partition,proto3" json:"Partition,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + Partition string `protobuf:"bytes,2,opt,name=Partition,proto3" json:"Partition,omitempty"` } -func (m *EnterpriseMeta) Reset() { *m = EnterpriseMeta{} } -func (m *EnterpriseMeta) String() string { return proto.CompactTextString(m) } -func (*EnterpriseMeta) ProtoMessage() {} +func (x *EnterpriseMeta) Reset() { + *x = EnterpriseMeta{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_pbcommon_common_proto_msgTypes[6] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *EnterpriseMeta) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*EnterpriseMeta) ProtoMessage() {} + +func (x *EnterpriseMeta) ProtoReflect() protoreflect.Message { + mi := &file_proto_pbcommon_common_proto_msgTypes[6] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use EnterpriseMeta.ProtoReflect.Descriptor instead. func (*EnterpriseMeta) Descriptor() ([]byte, []int) { - return fileDescriptor_a6f5ac44994d718c, []int{6} + return file_proto_pbcommon_common_proto_rawDescGZIP(), []int{6} } -func (m *EnterpriseMeta) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_EnterpriseMeta.Unmarshal(m, b) -} -func (m *EnterpriseMeta) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_EnterpriseMeta.Marshal(b, m, deterministic) -} -func (m *EnterpriseMeta) XXX_Merge(src proto.Message) { - xxx_messageInfo_EnterpriseMeta.Merge(m, src) -} -func (m *EnterpriseMeta) XXX_Size() int { - return xxx_messageInfo_EnterpriseMeta.Size(m) -} -func (m *EnterpriseMeta) XXX_DiscardUnknown() { - xxx_messageInfo_EnterpriseMeta.DiscardUnknown(m) -} - -var xxx_messageInfo_EnterpriseMeta proto.InternalMessageInfo - -func (m *EnterpriseMeta) GetNamespace() string { - if m != nil { - return m.Namespace +func (x *EnterpriseMeta) GetNamespace() string { + if x != nil { + return x.Namespace } return "" } -func (m *EnterpriseMeta) GetPartition() string { - if m != nil { - return m.Partition +func (x *EnterpriseMeta) GetPartition() string { + if x != nil { + return x.Partition } return "" } -func init() { - proto.RegisterType((*RaftIndex)(nil), "common.RaftIndex") - proto.RegisterType((*TargetDatacenter)(nil), "common.TargetDatacenter") - proto.RegisterType((*WriteRequest)(nil), "common.WriteRequest") - proto.RegisterType((*ReadRequest)(nil), "common.ReadRequest") - proto.RegisterType((*QueryOptions)(nil), "common.QueryOptions") - proto.RegisterType((*QueryMeta)(nil), "common.QueryMeta") - proto.RegisterType((*EnterpriseMeta)(nil), "common.EnterpriseMeta") +var File_proto_pbcommon_common_proto protoreflect.FileDescriptor + +var file_proto_pbcommon_common_proto_rawDesc = []byte{ + 0x0a, 0x1b, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, + 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x06, 0x63, + 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x4f, 0x0a, 0x09, 0x52, 0x61, 0x66, 0x74, 0x49, 0x6e, 0x64, + 0x65, 0x78, 0x12, 0x20, 0x0a, 0x0b, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x49, 0x6e, 0x64, 0x65, + 0x78, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0b, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x49, + 0x6e, 0x64, 0x65, 0x78, 0x12, 0x20, 0x0a, 0x0b, 0x4d, 0x6f, 0x64, 0x69, 0x66, 0x79, 0x49, 0x6e, + 0x64, 0x65, 0x78, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0b, 0x4d, 0x6f, 0x64, 0x69, 0x66, + 0x79, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x22, 0x32, 0x0a, 0x10, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, + 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x1e, 0x0a, 0x0a, 0x44, 0x61, + 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, + 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x22, 0x24, 0x0a, 0x0c, 0x57, 0x72, + 0x69, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x14, 0x0a, 0x05, 0x54, 0x6f, + 0x6b, 0x65, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x54, 0x6f, 0x6b, 0x65, 0x6e, + 0x22, 0x51, 0x0a, 0x0b, 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, + 0x14, 0x0a, 0x05, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, + 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x2c, 0x0a, 0x11, 0x52, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, + 0x43, 0x6f, 0x6e, 0x73, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, + 0x52, 0x11, 0x52, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x43, 0x6f, 0x6e, 0x73, 0x69, 0x73, 0x74, + 0x65, 0x6e, 0x74, 0x22, 0xec, 0x03, 0x0a, 0x0c, 0x51, 0x75, 0x65, 0x72, 0x79, 0x4f, 0x70, 0x74, + 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x14, 0x0a, 0x05, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x05, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x24, 0x0a, 0x0d, 0x4d, 0x69, + 0x6e, 0x51, 0x75, 0x65, 0x72, 0x79, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x04, 0x52, 0x0d, 0x4d, 0x69, 0x6e, 0x51, 0x75, 0x65, 0x72, 0x79, 0x49, 0x6e, 0x64, 0x65, 0x78, + 0x12, 0x3d, 0x0a, 0x0c, 0x4d, 0x61, 0x78, 0x51, 0x75, 0x65, 0x72, 0x79, 0x54, 0x69, 0x6d, 0x65, + 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x52, 0x0c, 0x4d, 0x61, 0x78, 0x51, 0x75, 0x65, 0x72, 0x79, 0x54, 0x69, 0x6d, 0x65, 0x12, + 0x1e, 0x0a, 0x0a, 0x41, 0x6c, 0x6c, 0x6f, 0x77, 0x53, 0x74, 0x61, 0x6c, 0x65, 0x18, 0x04, 0x20, + 0x01, 0x28, 0x08, 0x52, 0x0a, 0x41, 0x6c, 0x6c, 0x6f, 0x77, 0x53, 0x74, 0x61, 0x6c, 0x65, 0x12, + 0x2c, 0x0a, 0x11, 0x52, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x43, 0x6f, 0x6e, 0x73, 0x69, 0x73, + 0x74, 0x65, 0x6e, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x11, 0x52, 0x65, 0x71, 0x75, + 0x69, 0x72, 0x65, 0x43, 0x6f, 0x6e, 0x73, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x74, 0x12, 0x1a, 0x0a, + 0x08, 0x55, 0x73, 0x65, 0x43, 0x61, 0x63, 0x68, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x52, + 0x08, 0x55, 0x73, 0x65, 0x43, 0x61, 0x63, 0x68, 0x65, 0x12, 0x45, 0x0a, 0x10, 0x4d, 0x61, 0x78, + 0x53, 0x74, 0x61, 0x6c, 0x65, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x07, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x10, + 0x4d, 0x61, 0x78, 0x53, 0x74, 0x61, 0x6c, 0x65, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x12, 0x31, 0x0a, 0x06, 0x4d, 0x61, 0x78, 0x41, 0x67, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, + 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x06, 0x4d, 0x61, 0x78, + 0x41, 0x67, 0x65, 0x12, 0x26, 0x0a, 0x0e, 0x4d, 0x75, 0x73, 0x74, 0x52, 0x65, 0x76, 0x61, 0x6c, + 0x69, 0x64, 0x61, 0x74, 0x65, 0x18, 0x09, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x4d, 0x75, 0x73, + 0x74, 0x52, 0x65, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x12, 0x3d, 0x0a, 0x0c, 0x53, + 0x74, 0x61, 0x6c, 0x65, 0x49, 0x66, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x18, 0x0a, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0c, 0x53, 0x74, + 0x61, 0x6c, 0x65, 0x49, 0x66, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x16, 0x0a, 0x06, 0x46, 0x69, + 0x6c, 0x74, 0x65, 0x72, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x46, 0x69, 0x6c, 0x74, + 0x65, 0x72, 0x22, 0xee, 0x01, 0x0a, 0x09, 0x51, 0x75, 0x65, 0x72, 0x79, 0x4d, 0x65, 0x74, 0x61, + 0x12, 0x14, 0x0a, 0x05, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, + 0x05, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x3b, 0x0a, 0x0b, 0x4c, 0x61, 0x73, 0x74, 0x43, 0x6f, + 0x6e, 0x74, 0x61, 0x63, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, + 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, + 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0b, 0x4c, 0x61, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x74, + 0x61, 0x63, 0x74, 0x12, 0x20, 0x0a, 0x0b, 0x4b, 0x6e, 0x6f, 0x77, 0x6e, 0x4c, 0x65, 0x61, 0x64, + 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b, 0x4b, 0x6e, 0x6f, 0x77, 0x6e, 0x4c, + 0x65, 0x61, 0x64, 0x65, 0x72, 0x12, 0x2a, 0x0a, 0x10, 0x43, 0x6f, 0x6e, 0x73, 0x69, 0x73, 0x74, + 0x65, 0x6e, 0x63, 0x79, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x10, 0x43, 0x6f, 0x6e, 0x73, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x63, 0x79, 0x4c, 0x65, 0x76, 0x65, + 0x6c, 0x12, 0x34, 0x0a, 0x15, 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x73, 0x46, 0x69, 0x6c, 0x74, + 0x65, 0x72, 0x65, 0x64, 0x42, 0x79, 0x41, 0x43, 0x4c, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, + 0x52, 0x15, 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x73, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x65, + 0x64, 0x42, 0x79, 0x41, 0x43, 0x4c, 0x73, 0x4a, 0x04, 0x08, 0x05, 0x10, 0x06, 0x4a, 0x04, 0x08, + 0x06, 0x10, 0x07, 0x22, 0x4c, 0x0a, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, + 0x65, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x1c, 0x0a, 0x09, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, + 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, + 0x61, 0x63, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, + 0x6e, 0x42, 0x2c, 0x5a, 0x2a, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, + 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, + 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x62, + 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } -func init() { - proto.RegisterFile("proto/pbcommon/common.proto", fileDescriptor_a6f5ac44994d718c) +var ( + file_proto_pbcommon_common_proto_rawDescOnce sync.Once + file_proto_pbcommon_common_proto_rawDescData = file_proto_pbcommon_common_proto_rawDesc +) + +func file_proto_pbcommon_common_proto_rawDescGZIP() []byte { + file_proto_pbcommon_common_proto_rawDescOnce.Do(func() { + file_proto_pbcommon_common_proto_rawDescData = protoimpl.X.CompressGZIP(file_proto_pbcommon_common_proto_rawDescData) + }) + return file_proto_pbcommon_common_proto_rawDescData } -var fileDescriptor_a6f5ac44994d718c = []byte{ - // 558 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x84, 0x54, 0x51, 0x6f, 0xd3, 0x30, - 0x10, 0x56, 0xb7, 0x2e, 0x4b, 0xae, 0x65, 0x2a, 0x16, 0xa0, 0x30, 0xd0, 0x54, 0x45, 0x13, 0x9a, - 0xa6, 0xa9, 0x11, 0x83, 0x37, 0xc4, 0x43, 0xd7, 0x15, 0x69, 0xa3, 0x61, 0xcc, 0x14, 0x21, 0xf1, - 0xe6, 0x26, 0xd7, 0xd6, 0x22, 0x8d, 0x83, 0xed, 0x6c, 0xed, 0x7f, 0x46, 0xfc, 0x06, 0x14, 0xa7, - 0xed, 0x52, 0xba, 0xad, 0x4f, 0xd1, 0xf7, 0xdd, 0xe7, 0xf3, 0xdd, 0x7d, 0xe7, 0xc0, 0xab, 0x54, - 0x0a, 0x2d, 0xfc, 0x74, 0x10, 0x8a, 0xc9, 0x44, 0x24, 0x7e, 0xf1, 0x69, 0x19, 0x96, 0x58, 0x05, - 0xda, 0x3f, 0x18, 0x09, 0x31, 0x8a, 0xd1, 0x37, 0xec, 0x20, 0x1b, 0xfa, 0x51, 0x26, 0x99, 0xe6, - 0x0b, 0x9d, 0x77, 0x05, 0x0e, 0x65, 0x43, 0x7d, 0x91, 0x44, 0x38, 0x25, 0x4d, 0xa8, 0x75, 0x24, - 0x32, 0x8d, 0x06, 0xba, 0x95, 0x66, 0xe5, 0xa8, 0x4a, 0xcb, 0x54, 0xae, 0x08, 0x44, 0xc4, 0x87, - 0xb3, 0x42, 0xb1, 0x55, 0x28, 0x4a, 0x94, 0x77, 0x0a, 0x8d, 0x3e, 0x93, 0x23, 0xd4, 0xe7, 0x4c, - 0xb3, 0x10, 0x13, 0x8d, 0x92, 0x1c, 0x00, 0xdc, 0x21, 0x93, 0xd6, 0xa1, 0x25, 0xc6, 0x3b, 0x84, - 0xfa, 0x0f, 0xc9, 0x35, 0x52, 0xfc, 0x9d, 0xa1, 0xd2, 0xe4, 0x19, 0xec, 0xf4, 0xc5, 0x2f, 0x4c, - 0xe6, 0xd2, 0x02, 0x78, 0xd7, 0x50, 0xa3, 0xc8, 0xa2, 0x47, 0x45, 0xe4, 0x04, 0x9e, 0xe6, 0x02, - 0x2e, 0xb1, 0x23, 0x12, 0xc5, 0x95, 0xc6, 0x44, 0x9b, 0x32, 0x6d, 0xba, 0x1e, 0xf0, 0xfe, 0x6c, - 0x43, 0xfd, 0x3a, 0x43, 0x39, 0xbb, 0x4a, 0xf3, 0x99, 0xa8, 0x07, 0x92, 0x1e, 0xc2, 0x93, 0x80, - 0x27, 0x46, 0x58, 0xee, 0x7b, 0x95, 0x24, 0x1f, 0xa1, 0x1e, 0xb0, 0xa9, 0x21, 0xfa, 0x7c, 0x82, - 0xee, 0x76, 0xb3, 0x72, 0x54, 0x3b, 0x7d, 0xd9, 0x2a, 0x1c, 0x68, 0x2d, 0x1c, 0x68, 0x9d, 0xcf, - 0x1d, 0xa0, 0x2b, 0xf2, 0x7c, 0x48, 0xed, 0x38, 0x16, 0xb7, 0xdf, 0x34, 0x8b, 0xd1, 0xad, 0x9a, - 0x92, 0x4b, 0xcc, 0xfd, 0x9d, 0xed, 0x3c, 0xd0, 0x19, 0xd9, 0x07, 0xfb, 0xbb, 0xc2, 0x0e, 0x0b, - 0xc7, 0xe8, 0x5a, 0x46, 0xb4, 0xc4, 0xa4, 0x0b, 0x8d, 0x80, 0x4d, 0x4d, 0xd6, 0x45, 0x2d, 0xee, - 0xee, 0xa6, 0x62, 0xd7, 0x8e, 0x90, 0xb7, 0x60, 0x05, 0x6c, 0xda, 0x1e, 0xa1, 0x6b, 0x6f, 0x3a, - 0x3c, 0x17, 0x92, 0x37, 0xb0, 0x17, 0x64, 0x4a, 0x53, 0xbc, 0x61, 0x31, 0x8f, 0x98, 0x46, 0xd7, - 0x31, 0xb5, 0xfd, 0xc7, 0xe6, 0xa3, 0x34, 0x77, 0x5d, 0x0c, 0xbb, 0x52, 0x0a, 0xe9, 0xc2, 0xc6, - 0x51, 0x96, 0xe5, 0xe4, 0x05, 0x58, 0x9f, 0x78, 0x9c, 0xef, 0x5a, 0xcd, 0xd8, 0x38, 0x47, 0xde, - 0xdf, 0x0a, 0x38, 0x66, 0xe0, 0x01, 0x6a, 0x96, 0x7b, 0x5d, 0xde, 0xf3, 0x02, 0x90, 0x0f, 0x50, - 0xeb, 0x31, 0xa5, 0x3b, 0x22, 0xd1, 0x2c, 0x2c, 0x56, 0xe7, 0xd1, 0x9b, 0xcb, 0xea, 0xfc, 0x79, - 0x7c, 0x4e, 0xc4, 0x6d, 0xd2, 0x43, 0x16, 0xa1, 0x34, 0x1b, 0x60, 0xd3, 0x32, 0x45, 0x8e, 0xa1, - 0xb1, 0x74, 0x29, 0x9c, 0xf5, 0xf0, 0x06, 0x63, 0xe3, 0xb5, 0x43, 0xd7, 0x78, 0xf2, 0x1e, 0x9e, - 0x53, 0x54, 0x59, 0xac, 0x55, 0x51, 0x3f, 0x46, 0x67, 0xb3, 0x76, 0xa7, 0xa7, 0x8c, 0x59, 0x36, - 0xbd, 0x3f, 0x78, 0x59, 0xb5, 0x77, 0x1a, 0xd6, 0x65, 0xd5, 0xb6, 0x1a, 0xbb, 0x5e, 0x0f, 0xf6, - 0xba, 0xf9, 0x0b, 0x4b, 0x25, 0x57, 0x68, 0x9a, 0x7e, 0x0d, 0xce, 0x17, 0x36, 0x41, 0x95, 0xb2, - 0x10, 0xe7, 0x4b, 0x7e, 0x47, 0xe4, 0xd1, 0xaf, 0x4c, 0x6a, 0x6e, 0x56, 0x62, 0xab, 0x88, 0x2e, - 0x89, 0xb3, 0x93, 0x9f, 0xc7, 0x23, 0xae, 0xc7, 0xd9, 0xa0, 0x15, 0x8a, 0x89, 0x3f, 0x66, 0x6a, - 0xcc, 0x43, 0x21, 0x53, 0x3f, 0x14, 0x89, 0xca, 0x62, 0x7f, 0xf5, 0x77, 0x34, 0xb0, 0x0c, 0x7e, - 0xf7, 0x2f, 0x00, 0x00, 0xff, 0xff, 0x35, 0xe5, 0x62, 0x05, 0xa7, 0x04, 0x00, 0x00, +var file_proto_pbcommon_common_proto_msgTypes = make([]protoimpl.MessageInfo, 7) +var file_proto_pbcommon_common_proto_goTypes = []interface{}{ + (*RaftIndex)(nil), // 0: common.RaftIndex + (*TargetDatacenter)(nil), // 1: common.TargetDatacenter + (*WriteRequest)(nil), // 2: common.WriteRequest + (*ReadRequest)(nil), // 3: common.ReadRequest + (*QueryOptions)(nil), // 4: common.QueryOptions + (*QueryMeta)(nil), // 5: common.QueryMeta + (*EnterpriseMeta)(nil), // 6: common.EnterpriseMeta + (*durationpb.Duration)(nil), // 7: google.protobuf.Duration +} +var file_proto_pbcommon_common_proto_depIdxs = []int32{ + 7, // 0: common.QueryOptions.MaxQueryTime:type_name -> google.protobuf.Duration + 7, // 1: common.QueryOptions.MaxStaleDuration:type_name -> google.protobuf.Duration + 7, // 2: common.QueryOptions.MaxAge:type_name -> google.protobuf.Duration + 7, // 3: common.QueryOptions.StaleIfError:type_name -> google.protobuf.Duration + 7, // 4: common.QueryMeta.LastContact:type_name -> google.protobuf.Duration + 5, // [5:5] is the sub-list for method output_type + 5, // [5:5] is the sub-list for method input_type + 5, // [5:5] is the sub-list for extension type_name + 5, // [5:5] is the sub-list for extension extendee + 0, // [0:5] is the sub-list for field type_name +} + +func init() { file_proto_pbcommon_common_proto_init() } +func file_proto_pbcommon_common_proto_init() { + if File_proto_pbcommon_common_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_proto_pbcommon_common_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*RaftIndex); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_proto_pbcommon_common_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*TargetDatacenter); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_proto_pbcommon_common_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*WriteRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_proto_pbcommon_common_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ReadRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_proto_pbcommon_common_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*QueryOptions); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_proto_pbcommon_common_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*QueryMeta); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_proto_pbcommon_common_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*EnterpriseMeta); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_proto_pbcommon_common_proto_rawDesc, + NumEnums: 0, + NumMessages: 7, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_proto_pbcommon_common_proto_goTypes, + DependencyIndexes: file_proto_pbcommon_common_proto_depIdxs, + MessageInfos: file_proto_pbcommon_common_proto_msgTypes, + }.Build() + File_proto_pbcommon_common_proto = out.File + file_proto_pbcommon_common_proto_rawDesc = nil + file_proto_pbcommon_common_proto_goTypes = nil + file_proto_pbcommon_common_proto_depIdxs = nil } diff --git a/proto/pbconfig/config.pb.go b/proto/pbconfig/config.pb.go index a3dfa4c81..e7443fc37 100644 --- a/proto/pbconfig/config.pb.go +++ b/proto/pbconfig/config.pb.go @@ -1,305 +1,348 @@ // Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.23.0 +// protoc v3.15.8 // source: proto/pbconfig/config.proto package pbconfig import ( - fmt "fmt" proto "github.com/golang/protobuf/proto" - math "math" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" ) -// Reference imports to suppress errors if they are not otherwise used. -var _ = proto.Marshal -var _ = fmt.Errorf -var _ = math.Inf +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) -// This is a compile-time assertion to ensure that this generated file -// is compatible with the proto package it is being compiled against. -// A compilation error at this line likely means your copy of the -// proto package needs to be updated. -const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package +// This is a compile-time assertion that a sufficiently up-to-date version +// of the legacy proto package is being used. +const _ = proto.ProtoPackageIsVersion4 type Config struct { - Datacenter string `protobuf:"bytes,1,opt,name=Datacenter,proto3" json:"Datacenter,omitempty"` - PrimaryDatacenter string `protobuf:"bytes,2,opt,name=PrimaryDatacenter,proto3" json:"PrimaryDatacenter,omitempty"` - NodeName string `protobuf:"bytes,3,opt,name=NodeName,proto3" json:"NodeName,omitempty"` - SegmentName string `protobuf:"bytes,4,opt,name=SegmentName,proto3" json:"SegmentName,omitempty"` - Partition string `protobuf:"bytes,9,opt,name=Partition,proto3" json:"Partition,omitempty"` - ACL *ACL `protobuf:"bytes,5,opt,name=ACL,proto3" json:"ACL,omitempty"` - AutoEncrypt *AutoEncrypt `protobuf:"bytes,6,opt,name=AutoEncrypt,proto3" json:"AutoEncrypt,omitempty"` - Gossip *Gossip `protobuf:"bytes,7,opt,name=Gossip,proto3" json:"Gossip,omitempty"` - TLS *TLS `protobuf:"bytes,8,opt,name=TLS,proto3" json:"TLS,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Datacenter string `protobuf:"bytes,1,opt,name=Datacenter,proto3" json:"Datacenter,omitempty"` + PrimaryDatacenter string `protobuf:"bytes,2,opt,name=PrimaryDatacenter,proto3" json:"PrimaryDatacenter,omitempty"` + NodeName string `protobuf:"bytes,3,opt,name=NodeName,proto3" json:"NodeName,omitempty"` + SegmentName string `protobuf:"bytes,4,opt,name=SegmentName,proto3" json:"SegmentName,omitempty"` + Partition string `protobuf:"bytes,9,opt,name=Partition,proto3" json:"Partition,omitempty"` + ACL *ACL `protobuf:"bytes,5,opt,name=ACL,proto3" json:"ACL,omitempty"` + AutoEncrypt *AutoEncrypt `protobuf:"bytes,6,opt,name=AutoEncrypt,proto3" json:"AutoEncrypt,omitempty"` + Gossip *Gossip `protobuf:"bytes,7,opt,name=Gossip,proto3" json:"Gossip,omitempty"` + TLS *TLS `protobuf:"bytes,8,opt,name=TLS,proto3" json:"TLS,omitempty"` } -func (m *Config) Reset() { *m = Config{} } -func (m *Config) String() string { return proto.CompactTextString(m) } -func (*Config) ProtoMessage() {} +func (x *Config) Reset() { + *x = Config{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_pbconfig_config_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Config) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Config) ProtoMessage() {} + +func (x *Config) ProtoReflect() protoreflect.Message { + mi := &file_proto_pbconfig_config_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Config.ProtoReflect.Descriptor instead. func (*Config) Descriptor() ([]byte, []int) { - return fileDescriptor_aefa824db7b74d77, []int{0} + return file_proto_pbconfig_config_proto_rawDescGZIP(), []int{0} } -func (m *Config) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_Config.Unmarshal(m, b) -} -func (m *Config) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_Config.Marshal(b, m, deterministic) -} -func (m *Config) XXX_Merge(src proto.Message) { - xxx_messageInfo_Config.Merge(m, src) -} -func (m *Config) XXX_Size() int { - return xxx_messageInfo_Config.Size(m) -} -func (m *Config) XXX_DiscardUnknown() { - xxx_messageInfo_Config.DiscardUnknown(m) -} - -var xxx_messageInfo_Config proto.InternalMessageInfo - -func (m *Config) GetDatacenter() string { - if m != nil { - return m.Datacenter +func (x *Config) GetDatacenter() string { + if x != nil { + return x.Datacenter } return "" } -func (m *Config) GetPrimaryDatacenter() string { - if m != nil { - return m.PrimaryDatacenter +func (x *Config) GetPrimaryDatacenter() string { + if x != nil { + return x.PrimaryDatacenter } return "" } -func (m *Config) GetNodeName() string { - if m != nil { - return m.NodeName +func (x *Config) GetNodeName() string { + if x != nil { + return x.NodeName } return "" } -func (m *Config) GetSegmentName() string { - if m != nil { - return m.SegmentName +func (x *Config) GetSegmentName() string { + if x != nil { + return x.SegmentName } return "" } -func (m *Config) GetPartition() string { - if m != nil { - return m.Partition +func (x *Config) GetPartition() string { + if x != nil { + return x.Partition } return "" } -func (m *Config) GetACL() *ACL { - if m != nil { - return m.ACL +func (x *Config) GetACL() *ACL { + if x != nil { + return x.ACL } return nil } -func (m *Config) GetAutoEncrypt() *AutoEncrypt { - if m != nil { - return m.AutoEncrypt +func (x *Config) GetAutoEncrypt() *AutoEncrypt { + if x != nil { + return x.AutoEncrypt } return nil } -func (m *Config) GetGossip() *Gossip { - if m != nil { - return m.Gossip +func (x *Config) GetGossip() *Gossip { + if x != nil { + return x.Gossip } return nil } -func (m *Config) GetTLS() *TLS { - if m != nil { - return m.TLS +func (x *Config) GetTLS() *TLS { + if x != nil { + return x.TLS } return nil } type Gossip struct { - Encryption *GossipEncryption `protobuf:"bytes,1,opt,name=Encryption,proto3" json:"Encryption,omitempty"` - RetryJoinLAN []string `protobuf:"bytes,2,rep,name=RetryJoinLAN,proto3" json:"RetryJoinLAN,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Encryption *GossipEncryption `protobuf:"bytes,1,opt,name=Encryption,proto3" json:"Encryption,omitempty"` + RetryJoinLAN []string `protobuf:"bytes,2,rep,name=RetryJoinLAN,proto3" json:"RetryJoinLAN,omitempty"` } -func (m *Gossip) Reset() { *m = Gossip{} } -func (m *Gossip) String() string { return proto.CompactTextString(m) } -func (*Gossip) ProtoMessage() {} +func (x *Gossip) Reset() { + *x = Gossip{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_pbconfig_config_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Gossip) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Gossip) ProtoMessage() {} + +func (x *Gossip) ProtoReflect() protoreflect.Message { + mi := &file_proto_pbconfig_config_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Gossip.ProtoReflect.Descriptor instead. func (*Gossip) Descriptor() ([]byte, []int) { - return fileDescriptor_aefa824db7b74d77, []int{1} + return file_proto_pbconfig_config_proto_rawDescGZIP(), []int{1} } -func (m *Gossip) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_Gossip.Unmarshal(m, b) -} -func (m *Gossip) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_Gossip.Marshal(b, m, deterministic) -} -func (m *Gossip) XXX_Merge(src proto.Message) { - xxx_messageInfo_Gossip.Merge(m, src) -} -func (m *Gossip) XXX_Size() int { - return xxx_messageInfo_Gossip.Size(m) -} -func (m *Gossip) XXX_DiscardUnknown() { - xxx_messageInfo_Gossip.DiscardUnknown(m) -} - -var xxx_messageInfo_Gossip proto.InternalMessageInfo - -func (m *Gossip) GetEncryption() *GossipEncryption { - if m != nil { - return m.Encryption +func (x *Gossip) GetEncryption() *GossipEncryption { + if x != nil { + return x.Encryption } return nil } -func (m *Gossip) GetRetryJoinLAN() []string { - if m != nil { - return m.RetryJoinLAN +func (x *Gossip) GetRetryJoinLAN() []string { + if x != nil { + return x.RetryJoinLAN } return nil } type GossipEncryption struct { - Key string `protobuf:"bytes,1,opt,name=Key,proto3" json:"Key,omitempty"` - VerifyIncoming bool `protobuf:"varint,2,opt,name=VerifyIncoming,proto3" json:"VerifyIncoming,omitempty"` - VerifyOutgoing bool `protobuf:"varint,3,opt,name=VerifyOutgoing,proto3" json:"VerifyOutgoing,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Key string `protobuf:"bytes,1,opt,name=Key,proto3" json:"Key,omitempty"` + VerifyIncoming bool `protobuf:"varint,2,opt,name=VerifyIncoming,proto3" json:"VerifyIncoming,omitempty"` + VerifyOutgoing bool `protobuf:"varint,3,opt,name=VerifyOutgoing,proto3" json:"VerifyOutgoing,omitempty"` } -func (m *GossipEncryption) Reset() { *m = GossipEncryption{} } -func (m *GossipEncryption) String() string { return proto.CompactTextString(m) } -func (*GossipEncryption) ProtoMessage() {} +func (x *GossipEncryption) Reset() { + *x = GossipEncryption{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_pbconfig_config_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *GossipEncryption) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*GossipEncryption) ProtoMessage() {} + +func (x *GossipEncryption) ProtoReflect() protoreflect.Message { + mi := &file_proto_pbconfig_config_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use GossipEncryption.ProtoReflect.Descriptor instead. func (*GossipEncryption) Descriptor() ([]byte, []int) { - return fileDescriptor_aefa824db7b74d77, []int{2} + return file_proto_pbconfig_config_proto_rawDescGZIP(), []int{2} } -func (m *GossipEncryption) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_GossipEncryption.Unmarshal(m, b) -} -func (m *GossipEncryption) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_GossipEncryption.Marshal(b, m, deterministic) -} -func (m *GossipEncryption) XXX_Merge(src proto.Message) { - xxx_messageInfo_GossipEncryption.Merge(m, src) -} -func (m *GossipEncryption) XXX_Size() int { - return xxx_messageInfo_GossipEncryption.Size(m) -} -func (m *GossipEncryption) XXX_DiscardUnknown() { - xxx_messageInfo_GossipEncryption.DiscardUnknown(m) -} - -var xxx_messageInfo_GossipEncryption proto.InternalMessageInfo - -func (m *GossipEncryption) GetKey() string { - if m != nil { - return m.Key +func (x *GossipEncryption) GetKey() string { + if x != nil { + return x.Key } return "" } -func (m *GossipEncryption) GetVerifyIncoming() bool { - if m != nil { - return m.VerifyIncoming +func (x *GossipEncryption) GetVerifyIncoming() bool { + if x != nil { + return x.VerifyIncoming } return false } -func (m *GossipEncryption) GetVerifyOutgoing() bool { - if m != nil { - return m.VerifyOutgoing +func (x *GossipEncryption) GetVerifyOutgoing() bool { + if x != nil { + return x.VerifyOutgoing } return false } type TLS struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + VerifyOutgoing bool `protobuf:"varint,1,opt,name=VerifyOutgoing,proto3" json:"VerifyOutgoing,omitempty"` VerifyServerHostname bool `protobuf:"varint,2,opt,name=VerifyServerHostname,proto3" json:"VerifyServerHostname,omitempty"` CipherSuites string `protobuf:"bytes,3,opt,name=CipherSuites,proto3" json:"CipherSuites,omitempty"` MinVersion string `protobuf:"bytes,4,opt,name=MinVersion,proto3" json:"MinVersion,omitempty"` // Deprecated_PreferServerCipherSuites is deprecated. It is no longer // populated and should be ignored by clients. - Deprecated_PreferServerCipherSuites bool `protobuf:"varint,5,opt,name=Deprecated_PreferServerCipherSuites,json=DeprecatedPreferServerCipherSuites,proto3" json:"Deprecated_PreferServerCipherSuites,omitempty"` // Deprecated: Do not use. - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + // + // Deprecated: Do not use. + Deprecated_PreferServerCipherSuites bool `protobuf:"varint,5,opt,name=Deprecated_PreferServerCipherSuites,json=DeprecatedPreferServerCipherSuites,proto3" json:"Deprecated_PreferServerCipherSuites,omitempty"` } -func (m *TLS) Reset() { *m = TLS{} } -func (m *TLS) String() string { return proto.CompactTextString(m) } -func (*TLS) ProtoMessage() {} +func (x *TLS) Reset() { + *x = TLS{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_pbconfig_config_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *TLS) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*TLS) ProtoMessage() {} + +func (x *TLS) ProtoReflect() protoreflect.Message { + mi := &file_proto_pbconfig_config_proto_msgTypes[3] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use TLS.ProtoReflect.Descriptor instead. func (*TLS) Descriptor() ([]byte, []int) { - return fileDescriptor_aefa824db7b74d77, []int{3} + return file_proto_pbconfig_config_proto_rawDescGZIP(), []int{3} } -func (m *TLS) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_TLS.Unmarshal(m, b) -} -func (m *TLS) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_TLS.Marshal(b, m, deterministic) -} -func (m *TLS) XXX_Merge(src proto.Message) { - xxx_messageInfo_TLS.Merge(m, src) -} -func (m *TLS) XXX_Size() int { - return xxx_messageInfo_TLS.Size(m) -} -func (m *TLS) XXX_DiscardUnknown() { - xxx_messageInfo_TLS.DiscardUnknown(m) -} - -var xxx_messageInfo_TLS proto.InternalMessageInfo - -func (m *TLS) GetVerifyOutgoing() bool { - if m != nil { - return m.VerifyOutgoing +func (x *TLS) GetVerifyOutgoing() bool { + if x != nil { + return x.VerifyOutgoing } return false } -func (m *TLS) GetVerifyServerHostname() bool { - if m != nil { - return m.VerifyServerHostname +func (x *TLS) GetVerifyServerHostname() bool { + if x != nil { + return x.VerifyServerHostname } return false } -func (m *TLS) GetCipherSuites() string { - if m != nil { - return m.CipherSuites +func (x *TLS) GetCipherSuites() string { + if x != nil { + return x.CipherSuites } return "" } -func (m *TLS) GetMinVersion() string { - if m != nil { - return m.MinVersion +func (x *TLS) GetMinVersion() string { + if x != nil { + return x.MinVersion } return "" } // Deprecated: Do not use. -func (m *TLS) GetDeprecated_PreferServerCipherSuites() bool { - if m != nil { - return m.Deprecated_PreferServerCipherSuites +func (x *TLS) GetDeprecated_PreferServerCipherSuites() bool { + if x != nil { + return x.Deprecated_PreferServerCipherSuites } return false } type ACL struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + Enabled bool `protobuf:"varint,1,opt,name=Enabled,proto3" json:"Enabled,omitempty"` PolicyTTL string `protobuf:"bytes,2,opt,name=PolicyTTL,proto3" json:"PolicyTTL,omitempty"` RoleTTL string `protobuf:"bytes,3,opt,name=RoleTTL,proto3" json:"RoleTTL,omitempty"` @@ -310,372 +353,612 @@ type ACL struct { Tokens *ACLTokens `protobuf:"bytes,8,opt,name=Tokens,proto3" json:"Tokens,omitempty"` // Deprecated_DisabledTTL is deprecated. It is no longer populated and should // be ignored by clients. - Deprecated_DisabledTTL string `protobuf:"bytes,9,opt,name=Deprecated_DisabledTTL,json=DeprecatedDisabledTTL,proto3" json:"Deprecated_DisabledTTL,omitempty"` // Deprecated: Do not use. - EnableTokenPersistence bool `protobuf:"varint,10,opt,name=EnableTokenPersistence,proto3" json:"EnableTokenPersistence,omitempty"` - MSPDisableBootstrap bool `protobuf:"varint,11,opt,name=MSPDisableBootstrap,proto3" json:"MSPDisableBootstrap,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + // + // Deprecated: Do not use. + Deprecated_DisabledTTL string `protobuf:"bytes,9,opt,name=Deprecated_DisabledTTL,json=DeprecatedDisabledTTL,proto3" json:"Deprecated_DisabledTTL,omitempty"` + EnableTokenPersistence bool `protobuf:"varint,10,opt,name=EnableTokenPersistence,proto3" json:"EnableTokenPersistence,omitempty"` + MSPDisableBootstrap bool `protobuf:"varint,11,opt,name=MSPDisableBootstrap,proto3" json:"MSPDisableBootstrap,omitempty"` } -func (m *ACL) Reset() { *m = ACL{} } -func (m *ACL) String() string { return proto.CompactTextString(m) } -func (*ACL) ProtoMessage() {} +func (x *ACL) Reset() { + *x = ACL{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_pbconfig_config_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ACL) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ACL) ProtoMessage() {} + +func (x *ACL) ProtoReflect() protoreflect.Message { + mi := &file_proto_pbconfig_config_proto_msgTypes[4] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ACL.ProtoReflect.Descriptor instead. func (*ACL) Descriptor() ([]byte, []int) { - return fileDescriptor_aefa824db7b74d77, []int{4} + return file_proto_pbconfig_config_proto_rawDescGZIP(), []int{4} } -func (m *ACL) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_ACL.Unmarshal(m, b) -} -func (m *ACL) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_ACL.Marshal(b, m, deterministic) -} -func (m *ACL) XXX_Merge(src proto.Message) { - xxx_messageInfo_ACL.Merge(m, src) -} -func (m *ACL) XXX_Size() int { - return xxx_messageInfo_ACL.Size(m) -} -func (m *ACL) XXX_DiscardUnknown() { - xxx_messageInfo_ACL.DiscardUnknown(m) -} - -var xxx_messageInfo_ACL proto.InternalMessageInfo - -func (m *ACL) GetEnabled() bool { - if m != nil { - return m.Enabled +func (x *ACL) GetEnabled() bool { + if x != nil { + return x.Enabled } return false } -func (m *ACL) GetPolicyTTL() string { - if m != nil { - return m.PolicyTTL +func (x *ACL) GetPolicyTTL() string { + if x != nil { + return x.PolicyTTL } return "" } -func (m *ACL) GetRoleTTL() string { - if m != nil { - return m.RoleTTL +func (x *ACL) GetRoleTTL() string { + if x != nil { + return x.RoleTTL } return "" } -func (m *ACL) GetTokenTTL() string { - if m != nil { - return m.TokenTTL +func (x *ACL) GetTokenTTL() string { + if x != nil { + return x.TokenTTL } return "" } -func (m *ACL) GetDownPolicy() string { - if m != nil { - return m.DownPolicy +func (x *ACL) GetDownPolicy() string { + if x != nil { + return x.DownPolicy } return "" } -func (m *ACL) GetDefaultPolicy() string { - if m != nil { - return m.DefaultPolicy +func (x *ACL) GetDefaultPolicy() string { + if x != nil { + return x.DefaultPolicy } return "" } -func (m *ACL) GetEnableKeyListPolicy() bool { - if m != nil { - return m.EnableKeyListPolicy +func (x *ACL) GetEnableKeyListPolicy() bool { + if x != nil { + return x.EnableKeyListPolicy } return false } -func (m *ACL) GetTokens() *ACLTokens { - if m != nil { - return m.Tokens +func (x *ACL) GetTokens() *ACLTokens { + if x != nil { + return x.Tokens } return nil } // Deprecated: Do not use. -func (m *ACL) GetDeprecated_DisabledTTL() string { - if m != nil { - return m.Deprecated_DisabledTTL +func (x *ACL) GetDeprecated_DisabledTTL() string { + if x != nil { + return x.Deprecated_DisabledTTL } return "" } -func (m *ACL) GetEnableTokenPersistence() bool { - if m != nil { - return m.EnableTokenPersistence +func (x *ACL) GetEnableTokenPersistence() bool { + if x != nil { + return x.EnableTokenPersistence } return false } -func (m *ACL) GetMSPDisableBootstrap() bool { - if m != nil { - return m.MSPDisableBootstrap +func (x *ACL) GetMSPDisableBootstrap() bool { + if x != nil { + return x.MSPDisableBootstrap } return false } type ACLTokens struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + InitialManagement string `protobuf:"bytes,1,opt,name=InitialManagement,proto3" json:"InitialManagement,omitempty"` Replication string `protobuf:"bytes,2,opt,name=Replication,proto3" json:"Replication,omitempty"` AgentRecovery string `protobuf:"bytes,3,opt,name=AgentRecovery,proto3" json:"AgentRecovery,omitempty"` Default string `protobuf:"bytes,4,opt,name=Default,proto3" json:"Default,omitempty"` Agent string `protobuf:"bytes,5,opt,name=Agent,proto3" json:"Agent,omitempty"` ManagedServiceProvider []*ACLServiceProviderToken `protobuf:"bytes,6,rep,name=ManagedServiceProvider,proto3" json:"ManagedServiceProvider,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` } -func (m *ACLTokens) Reset() { *m = ACLTokens{} } -func (m *ACLTokens) String() string { return proto.CompactTextString(m) } -func (*ACLTokens) ProtoMessage() {} +func (x *ACLTokens) Reset() { + *x = ACLTokens{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_pbconfig_config_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ACLTokens) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ACLTokens) ProtoMessage() {} + +func (x *ACLTokens) ProtoReflect() protoreflect.Message { + mi := &file_proto_pbconfig_config_proto_msgTypes[5] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ACLTokens.ProtoReflect.Descriptor instead. func (*ACLTokens) Descriptor() ([]byte, []int) { - return fileDescriptor_aefa824db7b74d77, []int{5} + return file_proto_pbconfig_config_proto_rawDescGZIP(), []int{5} } -func (m *ACLTokens) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_ACLTokens.Unmarshal(m, b) -} -func (m *ACLTokens) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_ACLTokens.Marshal(b, m, deterministic) -} -func (m *ACLTokens) XXX_Merge(src proto.Message) { - xxx_messageInfo_ACLTokens.Merge(m, src) -} -func (m *ACLTokens) XXX_Size() int { - return xxx_messageInfo_ACLTokens.Size(m) -} -func (m *ACLTokens) XXX_DiscardUnknown() { - xxx_messageInfo_ACLTokens.DiscardUnknown(m) -} - -var xxx_messageInfo_ACLTokens proto.InternalMessageInfo - -func (m *ACLTokens) GetInitialManagement() string { - if m != nil { - return m.InitialManagement +func (x *ACLTokens) GetInitialManagement() string { + if x != nil { + return x.InitialManagement } return "" } -func (m *ACLTokens) GetReplication() string { - if m != nil { - return m.Replication +func (x *ACLTokens) GetReplication() string { + if x != nil { + return x.Replication } return "" } -func (m *ACLTokens) GetAgentRecovery() string { - if m != nil { - return m.AgentRecovery +func (x *ACLTokens) GetAgentRecovery() string { + if x != nil { + return x.AgentRecovery } return "" } -func (m *ACLTokens) GetDefault() string { - if m != nil { - return m.Default +func (x *ACLTokens) GetDefault() string { + if x != nil { + return x.Default } return "" } -func (m *ACLTokens) GetAgent() string { - if m != nil { - return m.Agent +func (x *ACLTokens) GetAgent() string { + if x != nil { + return x.Agent } return "" } -func (m *ACLTokens) GetManagedServiceProvider() []*ACLServiceProviderToken { - if m != nil { - return m.ManagedServiceProvider +func (x *ACLTokens) GetManagedServiceProvider() []*ACLServiceProviderToken { + if x != nil { + return x.ManagedServiceProvider } return nil } type ACLServiceProviderToken struct { - AccessorID string `protobuf:"bytes,1,opt,name=AccessorID,proto3" json:"AccessorID,omitempty"` - SecretID string `protobuf:"bytes,2,opt,name=SecretID,proto3" json:"SecretID,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + AccessorID string `protobuf:"bytes,1,opt,name=AccessorID,proto3" json:"AccessorID,omitempty"` + SecretID string `protobuf:"bytes,2,opt,name=SecretID,proto3" json:"SecretID,omitempty"` } -func (m *ACLServiceProviderToken) Reset() { *m = ACLServiceProviderToken{} } -func (m *ACLServiceProviderToken) String() string { return proto.CompactTextString(m) } -func (*ACLServiceProviderToken) ProtoMessage() {} +func (x *ACLServiceProviderToken) Reset() { + *x = ACLServiceProviderToken{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_pbconfig_config_proto_msgTypes[6] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ACLServiceProviderToken) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ACLServiceProviderToken) ProtoMessage() {} + +func (x *ACLServiceProviderToken) ProtoReflect() protoreflect.Message { + mi := &file_proto_pbconfig_config_proto_msgTypes[6] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ACLServiceProviderToken.ProtoReflect.Descriptor instead. func (*ACLServiceProviderToken) Descriptor() ([]byte, []int) { - return fileDescriptor_aefa824db7b74d77, []int{6} + return file_proto_pbconfig_config_proto_rawDescGZIP(), []int{6} } -func (m *ACLServiceProviderToken) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_ACLServiceProviderToken.Unmarshal(m, b) -} -func (m *ACLServiceProviderToken) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_ACLServiceProviderToken.Marshal(b, m, deterministic) -} -func (m *ACLServiceProviderToken) XXX_Merge(src proto.Message) { - xxx_messageInfo_ACLServiceProviderToken.Merge(m, src) -} -func (m *ACLServiceProviderToken) XXX_Size() int { - return xxx_messageInfo_ACLServiceProviderToken.Size(m) -} -func (m *ACLServiceProviderToken) XXX_DiscardUnknown() { - xxx_messageInfo_ACLServiceProviderToken.DiscardUnknown(m) -} - -var xxx_messageInfo_ACLServiceProviderToken proto.InternalMessageInfo - -func (m *ACLServiceProviderToken) GetAccessorID() string { - if m != nil { - return m.AccessorID +func (x *ACLServiceProviderToken) GetAccessorID() string { + if x != nil { + return x.AccessorID } return "" } -func (m *ACLServiceProviderToken) GetSecretID() string { - if m != nil { - return m.SecretID +func (x *ACLServiceProviderToken) GetSecretID() string { + if x != nil { + return x.SecretID } return "" } type AutoEncrypt struct { - TLS bool `protobuf:"varint,1,opt,name=TLS,proto3" json:"TLS,omitempty"` - DNSSAN []string `protobuf:"bytes,2,rep,name=DNSSAN,proto3" json:"DNSSAN,omitempty"` - IPSAN []string `protobuf:"bytes,3,rep,name=IPSAN,proto3" json:"IPSAN,omitempty"` - AllowTLS bool `protobuf:"varint,4,opt,name=AllowTLS,proto3" json:"AllowTLS,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + TLS bool `protobuf:"varint,1,opt,name=TLS,proto3" json:"TLS,omitempty"` + DNSSAN []string `protobuf:"bytes,2,rep,name=DNSSAN,proto3" json:"DNSSAN,omitempty"` + IPSAN []string `protobuf:"bytes,3,rep,name=IPSAN,proto3" json:"IPSAN,omitempty"` + AllowTLS bool `protobuf:"varint,4,opt,name=AllowTLS,proto3" json:"AllowTLS,omitempty"` } -func (m *AutoEncrypt) Reset() { *m = AutoEncrypt{} } -func (m *AutoEncrypt) String() string { return proto.CompactTextString(m) } -func (*AutoEncrypt) ProtoMessage() {} +func (x *AutoEncrypt) Reset() { + *x = AutoEncrypt{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_pbconfig_config_proto_msgTypes[7] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *AutoEncrypt) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*AutoEncrypt) ProtoMessage() {} + +func (x *AutoEncrypt) ProtoReflect() protoreflect.Message { + mi := &file_proto_pbconfig_config_proto_msgTypes[7] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use AutoEncrypt.ProtoReflect.Descriptor instead. func (*AutoEncrypt) Descriptor() ([]byte, []int) { - return fileDescriptor_aefa824db7b74d77, []int{7} + return file_proto_pbconfig_config_proto_rawDescGZIP(), []int{7} } -func (m *AutoEncrypt) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_AutoEncrypt.Unmarshal(m, b) -} -func (m *AutoEncrypt) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_AutoEncrypt.Marshal(b, m, deterministic) -} -func (m *AutoEncrypt) XXX_Merge(src proto.Message) { - xxx_messageInfo_AutoEncrypt.Merge(m, src) -} -func (m *AutoEncrypt) XXX_Size() int { - return xxx_messageInfo_AutoEncrypt.Size(m) -} -func (m *AutoEncrypt) XXX_DiscardUnknown() { - xxx_messageInfo_AutoEncrypt.DiscardUnknown(m) -} - -var xxx_messageInfo_AutoEncrypt proto.InternalMessageInfo - -func (m *AutoEncrypt) GetTLS() bool { - if m != nil { - return m.TLS +func (x *AutoEncrypt) GetTLS() bool { + if x != nil { + return x.TLS } return false } -func (m *AutoEncrypt) GetDNSSAN() []string { - if m != nil { - return m.DNSSAN +func (x *AutoEncrypt) GetDNSSAN() []string { + if x != nil { + return x.DNSSAN } return nil } -func (m *AutoEncrypt) GetIPSAN() []string { - if m != nil { - return m.IPSAN +func (x *AutoEncrypt) GetIPSAN() []string { + if x != nil { + return x.IPSAN } return nil } -func (m *AutoEncrypt) GetAllowTLS() bool { - if m != nil { - return m.AllowTLS +func (x *AutoEncrypt) GetAllowTLS() bool { + if x != nil { + return x.AllowTLS } return false } -func init() { - proto.RegisterType((*Config)(nil), "config.Config") - proto.RegisterType((*Gossip)(nil), "config.Gossip") - proto.RegisterType((*GossipEncryption)(nil), "config.GossipEncryption") - proto.RegisterType((*TLS)(nil), "config.TLS") - proto.RegisterType((*ACL)(nil), "config.ACL") - proto.RegisterType((*ACLTokens)(nil), "config.ACLTokens") - proto.RegisterType((*ACLServiceProviderToken)(nil), "config.ACLServiceProviderToken") - proto.RegisterType((*AutoEncrypt)(nil), "config.AutoEncrypt") +var File_proto_pbconfig_config_proto protoreflect.FileDescriptor + +var file_proto_pbconfig_config_proto_rawDesc = []byte{ + 0x0a, 0x1b, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, + 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x06, 0x63, + 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x22, 0xcf, 0x02, 0x0a, 0x06, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, + 0x12, 0x1e, 0x0a, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, + 0x12, 0x2c, 0x0a, 0x11, 0x50, 0x72, 0x69, 0x6d, 0x61, 0x72, 0x79, 0x44, 0x61, 0x74, 0x61, 0x63, + 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x50, 0x72, 0x69, + 0x6d, 0x61, 0x72, 0x79, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x1a, + 0x0a, 0x08, 0x4e, 0x6f, 0x64, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x08, 0x4e, 0x6f, 0x64, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x53, 0x65, + 0x67, 0x6d, 0x65, 0x6e, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x0b, 0x53, 0x65, 0x67, 0x6d, 0x65, 0x6e, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, + 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1d, 0x0a, 0x03, 0x41, 0x43, + 0x4c, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0b, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, + 0x2e, 0x41, 0x43, 0x4c, 0x52, 0x03, 0x41, 0x43, 0x4c, 0x12, 0x35, 0x0a, 0x0b, 0x41, 0x75, 0x74, + 0x6f, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, + 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x41, 0x75, 0x74, 0x6f, 0x45, 0x6e, 0x63, 0x72, + 0x79, 0x70, 0x74, 0x52, 0x0b, 0x41, 0x75, 0x74, 0x6f, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, + 0x12, 0x26, 0x0a, 0x06, 0x47, 0x6f, 0x73, 0x73, 0x69, 0x70, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x0e, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x47, 0x6f, 0x73, 0x73, 0x69, 0x70, + 0x52, 0x06, 0x47, 0x6f, 0x73, 0x73, 0x69, 0x70, 0x12, 0x1d, 0x0a, 0x03, 0x54, 0x4c, 0x53, 0x18, + 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0b, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x54, + 0x4c, 0x53, 0x52, 0x03, 0x54, 0x4c, 0x53, 0x22, 0x66, 0x0a, 0x06, 0x47, 0x6f, 0x73, 0x73, 0x69, + 0x70, 0x12, 0x38, 0x0a, 0x0a, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x47, + 0x6f, 0x73, 0x73, 0x69, 0x70, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, + 0x0a, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x22, 0x0a, 0x0c, 0x52, + 0x65, 0x74, 0x72, 0x79, 0x4a, 0x6f, 0x69, 0x6e, 0x4c, 0x41, 0x4e, 0x18, 0x02, 0x20, 0x03, 0x28, + 0x09, 0x52, 0x0c, 0x52, 0x65, 0x74, 0x72, 0x79, 0x4a, 0x6f, 0x69, 0x6e, 0x4c, 0x41, 0x4e, 0x22, + 0x74, 0x0a, 0x10, 0x47, 0x6f, 0x73, 0x73, 0x69, 0x70, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, + 0x69, 0x6f, 0x6e, 0x12, 0x10, 0x0a, 0x03, 0x4b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x03, 0x4b, 0x65, 0x79, 0x12, 0x26, 0x0a, 0x0e, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x49, + 0x6e, 0x63, 0x6f, 0x6d, 0x69, 0x6e, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x56, + 0x65, 0x72, 0x69, 0x66, 0x79, 0x49, 0x6e, 0x63, 0x6f, 0x6d, 0x69, 0x6e, 0x67, 0x12, 0x26, 0x0a, + 0x0e, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x4f, 0x75, 0x74, 0x67, 0x6f, 0x69, 0x6e, 0x67, 0x18, + 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x4f, 0x75, 0x74, + 0x67, 0x6f, 0x69, 0x6e, 0x67, 0x22, 0xfa, 0x01, 0x0a, 0x03, 0x54, 0x4c, 0x53, 0x12, 0x26, 0x0a, + 0x0e, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x4f, 0x75, 0x74, 0x67, 0x6f, 0x69, 0x6e, 0x67, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x4f, 0x75, 0x74, + 0x67, 0x6f, 0x69, 0x6e, 0x67, 0x12, 0x32, 0x0a, 0x14, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x53, + 0x65, 0x72, 0x76, 0x65, 0x72, 0x48, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x08, 0x52, 0x14, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x53, 0x65, 0x72, 0x76, 0x65, + 0x72, 0x48, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x22, 0x0a, 0x0c, 0x43, 0x69, 0x70, + 0x68, 0x65, 0x72, 0x53, 0x75, 0x69, 0x74, 0x65, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x0c, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x53, 0x75, 0x69, 0x74, 0x65, 0x73, 0x12, 0x1e, 0x0a, + 0x0a, 0x4d, 0x69, 0x6e, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x0a, 0x4d, 0x69, 0x6e, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x53, 0x0a, + 0x23, 0x44, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x50, 0x72, 0x65, 0x66, + 0x65, 0x72, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x53, 0x75, + 0x69, 0x74, 0x65, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x42, 0x02, 0x18, 0x01, 0x52, 0x22, + 0x44, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x50, 0x72, 0x65, 0x66, 0x65, 0x72, + 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x53, 0x75, 0x69, 0x74, + 0x65, 0x73, 0x22, 0xbb, 0x03, 0x0a, 0x03, 0x41, 0x43, 0x4c, 0x12, 0x18, 0x0a, 0x07, 0x45, 0x6e, + 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x45, 0x6e, 0x61, + 0x62, 0x6c, 0x65, 0x64, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x54, 0x54, + 0x4c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x54, + 0x54, 0x4c, 0x12, 0x18, 0x0a, 0x07, 0x52, 0x6f, 0x6c, 0x65, 0x54, 0x54, 0x4c, 0x18, 0x03, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x07, 0x52, 0x6f, 0x6c, 0x65, 0x54, 0x54, 0x4c, 0x12, 0x1a, 0x0a, 0x08, + 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x54, 0x54, 0x4c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, + 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x54, 0x54, 0x4c, 0x12, 0x1e, 0x0a, 0x0a, 0x44, 0x6f, 0x77, 0x6e, + 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x44, 0x6f, + 0x77, 0x6e, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x24, 0x0a, 0x0d, 0x44, 0x65, 0x66, 0x61, + 0x75, 0x6c, 0x74, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x0d, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x30, + 0x0a, 0x13, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x4b, 0x65, 0x79, 0x4c, 0x69, 0x73, 0x74, 0x50, + 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x13, 0x45, 0x6e, 0x61, + 0x62, 0x6c, 0x65, 0x4b, 0x65, 0x79, 0x4c, 0x69, 0x73, 0x74, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, + 0x12, 0x29, 0x0a, 0x06, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x11, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x41, 0x43, 0x4c, 0x54, 0x6f, 0x6b, + 0x65, 0x6e, 0x73, 0x52, 0x06, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x12, 0x39, 0x0a, 0x16, 0x44, + 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x44, 0x69, 0x73, 0x61, 0x62, 0x6c, + 0x65, 0x64, 0x54, 0x54, 0x4c, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x42, 0x02, 0x18, 0x01, 0x52, + 0x15, 0x44, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x44, 0x69, 0x73, 0x61, 0x62, + 0x6c, 0x65, 0x64, 0x54, 0x54, 0x4c, 0x12, 0x36, 0x0a, 0x16, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, + 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x50, 0x65, 0x72, 0x73, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x63, 0x65, + 0x18, 0x0a, 0x20, 0x01, 0x28, 0x08, 0x52, 0x16, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x54, 0x6f, + 0x6b, 0x65, 0x6e, 0x50, 0x65, 0x72, 0x73, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x63, 0x65, 0x12, 0x30, + 0x0a, 0x13, 0x4d, 0x53, 0x50, 0x44, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x42, 0x6f, 0x6f, 0x74, + 0x73, 0x74, 0x72, 0x61, 0x70, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x08, 0x52, 0x13, 0x4d, 0x53, 0x50, + 0x44, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x42, 0x6f, 0x6f, 0x74, 0x73, 0x74, 0x72, 0x61, 0x70, + 0x22, 0x8a, 0x02, 0x0a, 0x09, 0x41, 0x43, 0x4c, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x12, 0x2c, + 0x0a, 0x11, 0x49, 0x6e, 0x69, 0x74, 0x69, 0x61, 0x6c, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, + 0x65, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x49, 0x6e, 0x69, 0x74, 0x69, + 0x61, 0x6c, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x12, 0x20, 0x0a, 0x0b, + 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x0b, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x24, + 0x0a, 0x0d, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x18, + 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x63, 0x6f, + 0x76, 0x65, 0x72, 0x79, 0x12, 0x18, 0x0a, 0x07, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x18, + 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x12, 0x14, + 0x0a, 0x05, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x41, + 0x67, 0x65, 0x6e, 0x74, 0x12, 0x57, 0x0a, 0x16, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x64, 0x53, + 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x18, 0x06, + 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x41, 0x43, + 0x4c, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, + 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x16, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x64, 0x53, 0x65, + 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x22, 0x55, 0x0a, + 0x17, 0x41, 0x43, 0x4c, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x72, 0x6f, 0x76, 0x69, + 0x64, 0x65, 0x72, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x1e, 0x0a, 0x0a, 0x41, 0x63, 0x63, 0x65, + 0x73, 0x73, 0x6f, 0x72, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x41, 0x63, + 0x63, 0x65, 0x73, 0x73, 0x6f, 0x72, 0x49, 0x44, 0x12, 0x1a, 0x0a, 0x08, 0x53, 0x65, 0x63, 0x72, + 0x65, 0x74, 0x49, 0x44, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x53, 0x65, 0x63, 0x72, + 0x65, 0x74, 0x49, 0x44, 0x22, 0x69, 0x0a, 0x0b, 0x41, 0x75, 0x74, 0x6f, 0x45, 0x6e, 0x63, 0x72, + 0x79, 0x70, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x54, 0x4c, 0x53, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, + 0x52, 0x03, 0x54, 0x4c, 0x53, 0x12, 0x16, 0x0a, 0x06, 0x44, 0x4e, 0x53, 0x53, 0x41, 0x4e, 0x18, + 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x06, 0x44, 0x4e, 0x53, 0x53, 0x41, 0x4e, 0x12, 0x14, 0x0a, + 0x05, 0x49, 0x50, 0x53, 0x41, 0x4e, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x05, 0x49, 0x50, + 0x53, 0x41, 0x4e, 0x12, 0x1a, 0x0a, 0x08, 0x41, 0x6c, 0x6c, 0x6f, 0x77, 0x54, 0x4c, 0x53, 0x18, + 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x41, 0x6c, 0x6c, 0x6f, 0x77, 0x54, 0x4c, 0x53, 0x42, + 0x2c, 0x5a, 0x2a, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, + 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x62, 0x06, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x33, } -func init() { - proto.RegisterFile("proto/pbconfig/config.proto", fileDescriptor_aefa824db7b74d77) +var ( + file_proto_pbconfig_config_proto_rawDescOnce sync.Once + file_proto_pbconfig_config_proto_rawDescData = file_proto_pbconfig_config_proto_rawDesc +) + +func file_proto_pbconfig_config_proto_rawDescGZIP() []byte { + file_proto_pbconfig_config_proto_rawDescOnce.Do(func() { + file_proto_pbconfig_config_proto_rawDescData = protoimpl.X.CompressGZIP(file_proto_pbconfig_config_proto_rawDescData) + }) + return file_proto_pbconfig_config_proto_rawDescData } -var fileDescriptor_aefa824db7b74d77 = []byte{ - // 805 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x74, 0x55, 0xdd, 0x8e, 0x22, 0x45, - 0x14, 0x0e, 0xf4, 0x6e, 0x0f, 0x14, 0xba, 0xd9, 0xad, 0x5d, 0xb1, 0xe3, 0x2f, 0x69, 0xcd, 0x06, - 0xcd, 0x66, 0x30, 0x63, 0x34, 0x7a, 0xc9, 0xc0, 0x46, 0x71, 0x19, 0x24, 0xdd, 0x38, 0x26, 0xde, - 0x98, 0xa6, 0x39, 0x40, 0xc5, 0xa6, 0xaa, 0x53, 0x5d, 0xcc, 0xa4, 0x5f, 0xc1, 0x57, 0xf2, 0x21, - 0x7c, 0x1f, 0xaf, 0xcc, 0xa9, 0xaa, 0xfe, 0x9b, 0x81, 0x2b, 0x38, 0xdf, 0xf7, 0xd5, 0xa9, 0x73, - 0xea, 0xfc, 0x34, 0xf9, 0x38, 0x95, 0x42, 0x89, 0x51, 0xba, 0x8e, 0x05, 0xdf, 0xb2, 0xdd, 0xc8, - 0xfc, 0x5c, 0x6a, 0x94, 0xba, 0xc6, 0xf2, 0xff, 0x6d, 0x13, 0x77, 0xa2, 0xff, 0xd2, 0xcf, 0x08, - 0x99, 0x46, 0x2a, 0x8a, 0x81, 0x2b, 0x90, 0x5e, 0x6b, 0xd0, 0x1a, 0x76, 0x83, 0x1a, 0x42, 0xdf, - 0x90, 0x17, 0x4b, 0xc9, 0x0e, 0x91, 0xcc, 0x6b, 0xb2, 0xb6, 0x96, 0x3d, 0x26, 0xe8, 0x47, 0xa4, - 0xb3, 0x10, 0x1b, 0x58, 0x44, 0x07, 0xf0, 0x1c, 0x2d, 0x2a, 0x6d, 0x3a, 0x20, 0xbd, 0x10, 0x76, - 0x07, 0xe0, 0x4a, 0xd3, 0x4f, 0x34, 0x5d, 0x87, 0xe8, 0x27, 0xa4, 0xbb, 0x8c, 0xa4, 0x62, 0x8a, - 0x09, 0xee, 0x75, 0x35, 0x5f, 0x01, 0xf4, 0x53, 0xe2, 0x8c, 0x27, 0x73, 0xef, 0xe9, 0xa0, 0x35, - 0xec, 0x5d, 0xf5, 0x2e, 0x6d, 0x62, 0xe3, 0xc9, 0x3c, 0x40, 0x9c, 0x7e, 0x47, 0x7a, 0xe3, 0xa3, - 0x12, 0x6f, 0x79, 0x2c, 0xf3, 0x54, 0x79, 0xae, 0x96, 0xbd, 0x2c, 0x65, 0x15, 0x15, 0xd4, 0x75, - 0xf4, 0x35, 0x71, 0x7f, 0x12, 0x59, 0xc6, 0x52, 0xef, 0x42, 0x9f, 0x78, 0x56, 0x9c, 0x30, 0x68, - 0x60, 0x59, 0xbc, 0x7d, 0x35, 0x0f, 0xbd, 0x4e, 0xf3, 0xf6, 0xd5, 0x3c, 0x0c, 0x10, 0xf7, 0xb7, - 0x85, 0x1b, 0xfa, 0x03, 0x21, 0xd6, 0x37, 0x66, 0xd1, 0xd2, 0x7a, 0xaf, 0xe9, 0xb4, 0xe2, 0x83, - 0x9a, 0x96, 0xfa, 0xe4, 0xbd, 0x00, 0x94, 0xcc, 0x7f, 0x11, 0x8c, 0xcf, 0xc7, 0x0b, 0xaf, 0x3d, - 0x70, 0x86, 0xdd, 0xa0, 0x81, 0xf9, 0x8a, 0x3c, 0x7f, 0xe8, 0x83, 0x3e, 0x27, 0xce, 0x3b, 0xc8, - 0x6d, 0xed, 0xf0, 0x2f, 0x7d, 0x4d, 0x9e, 0xdd, 0x82, 0x64, 0xdb, 0x7c, 0xc6, 0x63, 0x71, 0x60, - 0x7c, 0xa7, 0x2b, 0xd6, 0x09, 0x1e, 0xa0, 0x95, 0xee, 0xd7, 0xa3, 0xda, 0x09, 0xd4, 0x39, 0x75, - 0x5d, 0x81, 0xfa, 0xff, 0xb5, 0x74, 0xf6, 0x27, 0xf4, 0xad, 0x53, 0x7a, 0x7a, 0x45, 0x5e, 0x19, - 0x24, 0x04, 0x79, 0x07, 0xf2, 0x67, 0x91, 0x29, 0x8e, 0x35, 0x37, 0x51, 0x9c, 0xe4, 0x30, 0xfb, - 0x09, 0x4b, 0xf7, 0x20, 0xc3, 0x23, 0x53, 0x90, 0xd9, 0xf6, 0x69, 0x60, 0xd8, 0xac, 0x37, 0x8c, - 0xdf, 0x82, 0xcc, 0xf0, 0x6d, 0x4d, 0x07, 0xd5, 0x10, 0x1a, 0x92, 0x2f, 0xa6, 0x90, 0x4a, 0x88, - 0x23, 0x05, 0x9b, 0x3f, 0x97, 0x12, 0xb6, 0x20, 0xcd, 0x35, 0x0d, 0xd7, 0xd8, 0x42, 0x9d, 0xeb, - 0xb6, 0xd7, 0x0a, 0xfc, 0x4a, 0x7e, 0x4e, 0xed, 0xff, 0xe3, 0xe8, 0xc6, 0xa3, 0x1e, 0xb9, 0x78, - 0xcb, 0xa3, 0x75, 0x02, 0x1b, 0x9b, 0x75, 0x61, 0xea, 0xbe, 0x15, 0x09, 0x8b, 0xf3, 0xd5, 0x6a, - 0x6e, 0x67, 0xa3, 0x02, 0xf0, 0x5c, 0x20, 0x12, 0x40, 0xce, 0xe4, 0x54, 0x98, 0x38, 0x2d, 0x2b, - 0xf1, 0x17, 0x70, 0xa4, 0x4c, 0x32, 0xa5, 0xad, 0xe7, 0x52, 0xdc, 0x73, 0xe3, 0x46, 0x47, 0x8c, - 0x73, 0x59, 0x22, 0xf4, 0x4b, 0xf2, 0xfe, 0x14, 0xb6, 0xd1, 0x31, 0x51, 0x56, 0xe2, 0x6a, 0x49, - 0x13, 0xa4, 0xdf, 0x90, 0x97, 0x26, 0xc8, 0x77, 0x90, 0xcf, 0x59, 0x56, 0x68, 0x2f, 0x74, 0xfc, - 0xa7, 0x28, 0xfa, 0x15, 0x71, 0x75, 0x0c, 0x99, 0x6d, 0xf5, 0x17, 0xb5, 0x41, 0x33, 0x44, 0x60, - 0x05, 0xf4, 0x47, 0xd2, 0xaf, 0xbd, 0xf6, 0x94, 0x65, 0xfa, 0x35, 0x30, 0x19, 0x3d, 0xbb, 0xfa, - 0x81, 0x3f, 0xa8, 0x14, 0x35, 0x01, 0xfd, 0x9e, 0xf4, 0xcd, 0xe5, 0xda, 0xd5, 0x12, 0xcb, 0x97, - 0x29, 0xe0, 0x31, 0x78, 0x44, 0x87, 0x76, 0x86, 0xc5, 0x7c, 0x6e, 0xc2, 0xa5, 0xf5, 0x74, 0x2d, - 0x84, 0xca, 0x94, 0x8c, 0x52, 0xaf, 0x67, 0xf2, 0x39, 0x41, 0xf9, 0x7f, 0xb7, 0x49, 0xb7, 0x0c, - 0x1d, 0xb7, 0xd9, 0x8c, 0x33, 0xc5, 0xa2, 0xe4, 0x26, 0xe2, 0xd1, 0x0e, 0x70, 0xf5, 0xd8, 0xc1, - 0x79, 0x4c, 0xe0, 0xc6, 0x0a, 0x20, 0x4d, 0x58, 0x1c, 0xe9, 0x59, 0x36, 0x95, 0xad, 0x43, 0x58, - 0x85, 0xf1, 0x0e, 0xb8, 0x0a, 0x20, 0x16, 0x77, 0x20, 0x73, 0x5b, 0xe1, 0x26, 0x88, 0x1d, 0x60, - 0xcb, 0x62, 0xcb, 0x5c, 0x98, 0xf4, 0x15, 0x79, 0xaa, 0xa5, 0xb6, 0xc0, 0xc6, 0xa0, 0xbf, 0x93, - 0xbe, 0x89, 0x62, 0x83, 0xed, 0xc8, 0x62, 0x58, 0x4a, 0x71, 0xc7, 0x36, 0x20, 0x3d, 0x77, 0xe0, - 0x0c, 0x7b, 0x57, 0x9f, 0xd7, 0x6a, 0xf2, 0x40, 0xa1, 0xf3, 0x0c, 0xce, 0x1c, 0xf7, 0x7f, 0x23, - 0x1f, 0x9e, 0x39, 0x82, 0xfd, 0x36, 0x8e, 0x63, 0xc8, 0x32, 0x21, 0x67, 0xd3, 0xe2, 0x3b, 0x50, - 0x21, 0xd8, 0xab, 0x21, 0xc4, 0x12, 0xd4, 0x6c, 0x6a, 0x1f, 0xa2, 0xb4, 0x7d, 0xd6, 0x58, 0xbd, - 0xb8, 0x8f, 0x70, 0x55, 0x9a, 0x21, 0xd1, 0x7b, 0xa3, 0x4f, 0xdc, 0xe9, 0x22, 0x0c, 0xcb, 0x9d, - 0x66, 0x2d, 0x4c, 0x7f, 0xb6, 0x44, 0xd8, 0xd1, 0xb0, 0x31, 0xf0, 0xaa, 0x71, 0x92, 0x88, 0x7b, - 0x74, 0xf2, 0x44, 0x3b, 0x29, 0xed, 0xeb, 0x37, 0x7f, 0x7c, 0xbd, 0x63, 0x6a, 0x7f, 0x5c, 0x5f, - 0xc6, 0xe2, 0x30, 0xda, 0x47, 0xd9, 0x9e, 0xc5, 0x42, 0xa6, 0xf8, 0x99, 0xcb, 0x8e, 0xc9, 0xa8, - 0xf9, 0xf1, 0x5b, 0xbb, 0xda, 0xfe, 0xf6, 0xff, 0x00, 0x00, 0x00, 0xff, 0xff, 0xa0, 0x97, 0xb9, - 0xb8, 0x15, 0x07, 0x00, 0x00, +var file_proto_pbconfig_config_proto_msgTypes = make([]protoimpl.MessageInfo, 8) +var file_proto_pbconfig_config_proto_goTypes = []interface{}{ + (*Config)(nil), // 0: config.Config + (*Gossip)(nil), // 1: config.Gossip + (*GossipEncryption)(nil), // 2: config.GossipEncryption + (*TLS)(nil), // 3: config.TLS + (*ACL)(nil), // 4: config.ACL + (*ACLTokens)(nil), // 5: config.ACLTokens + (*ACLServiceProviderToken)(nil), // 6: config.ACLServiceProviderToken + (*AutoEncrypt)(nil), // 7: config.AutoEncrypt +} +var file_proto_pbconfig_config_proto_depIdxs = []int32{ + 4, // 0: config.Config.ACL:type_name -> config.ACL + 7, // 1: config.Config.AutoEncrypt:type_name -> config.AutoEncrypt + 1, // 2: config.Config.Gossip:type_name -> config.Gossip + 3, // 3: config.Config.TLS:type_name -> config.TLS + 2, // 4: config.Gossip.Encryption:type_name -> config.GossipEncryption + 5, // 5: config.ACL.Tokens:type_name -> config.ACLTokens + 6, // 6: config.ACLTokens.ManagedServiceProvider:type_name -> config.ACLServiceProviderToken + 7, // [7:7] is the sub-list for method output_type + 7, // [7:7] is the sub-list for method input_type + 7, // [7:7] is the sub-list for extension type_name + 7, // [7:7] is the sub-list for extension extendee + 0, // [0:7] is the sub-list for field type_name +} + +func init() { file_proto_pbconfig_config_proto_init() } +func file_proto_pbconfig_config_proto_init() { + if File_proto_pbconfig_config_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_proto_pbconfig_config_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Config); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_proto_pbconfig_config_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Gossip); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_proto_pbconfig_config_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*GossipEncryption); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_proto_pbconfig_config_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*TLS); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_proto_pbconfig_config_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ACL); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_proto_pbconfig_config_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ACLTokens); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_proto_pbconfig_config_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ACLServiceProviderToken); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_proto_pbconfig_config_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*AutoEncrypt); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_proto_pbconfig_config_proto_rawDesc, + NumEnums: 0, + NumMessages: 8, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_proto_pbconfig_config_proto_goTypes, + DependencyIndexes: file_proto_pbconfig_config_proto_depIdxs, + MessageInfos: file_proto_pbconfig_config_proto_msgTypes, + }.Build() + File_proto_pbconfig_config_proto = out.File + file_proto_pbconfig_config_proto_rawDesc = nil + file_proto_pbconfig_config_proto_goTypes = nil + file_proto_pbconfig_config_proto_depIdxs = nil } diff --git a/proto/pbconnect/connect.pb.go b/proto/pbconnect/connect.pb.go index 97ce17def..4197003bc 100644 --- a/proto/pbconnect/connect.pb.go +++ b/proto/pbconnect/connect.pb.go @@ -1,26 +1,31 @@ // Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.23.0 +// protoc v3.15.8 // source: proto/pbconnect/connect.proto package pbconnect import ( - fmt "fmt" proto "github.com/golang/protobuf/proto" - timestamp "github.com/golang/protobuf/ptypes/timestamp" pbcommon "github.com/hashicorp/consul/proto/pbcommon" - math "math" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + timestamppb "google.golang.org/protobuf/types/known/timestamppb" + reflect "reflect" + sync "sync" ) -// Reference imports to suppress errors if they are not otherwise used. -var _ = proto.Marshal -var _ = fmt.Errorf -var _ = math.Inf +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) -// This is a compile-time assertion to ensure that this generated file -// is compatible with the proto package it is being compiled against. -// A compilation error at this line likely means your copy of the -// proto package needs to be updated. -const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package +// This is a compile-time assertion that a sufficiently up-to-date version +// of the legacy proto package is being used. +const _ = proto.ProtoPackageIsVersion4 // CARoots is the list of all currently trusted CA Roots. // @@ -30,6 +35,10 @@ const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package // output=connect.gen.go // name=StructsIndexedCARoots type CARoots struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + // ActiveRootID is the ID of a root in Roots that is the active CA root. // Other roots are still valid if they're in the Roots list but are in // the process of being rotated out. @@ -62,61 +71,65 @@ type CARoots struct { // QueryMeta here is mainly used to contain the latest Raft Index that could // be used to perform a blocking query. // mog: func-to=QueryMetaTo func-from=QueryMetaFrom - QueryMeta *pbcommon.QueryMeta `protobuf:"bytes,4,opt,name=QueryMeta,proto3" json:"QueryMeta,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + QueryMeta *pbcommon.QueryMeta `protobuf:"bytes,4,opt,name=QueryMeta,proto3" json:"QueryMeta,omitempty"` } -func (m *CARoots) Reset() { *m = CARoots{} } -func (m *CARoots) String() string { return proto.CompactTextString(m) } -func (*CARoots) ProtoMessage() {} +func (x *CARoots) Reset() { + *x = CARoots{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_pbconnect_connect_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *CARoots) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CARoots) ProtoMessage() {} + +func (x *CARoots) ProtoReflect() protoreflect.Message { + mi := &file_proto_pbconnect_connect_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CARoots.ProtoReflect.Descriptor instead. func (*CARoots) Descriptor() ([]byte, []int) { - return fileDescriptor_80627e709958eb04, []int{0} + return file_proto_pbconnect_connect_proto_rawDescGZIP(), []int{0} } -func (m *CARoots) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_CARoots.Unmarshal(m, b) -} -func (m *CARoots) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_CARoots.Marshal(b, m, deterministic) -} -func (m *CARoots) XXX_Merge(src proto.Message) { - xxx_messageInfo_CARoots.Merge(m, src) -} -func (m *CARoots) XXX_Size() int { - return xxx_messageInfo_CARoots.Size(m) -} -func (m *CARoots) XXX_DiscardUnknown() { - xxx_messageInfo_CARoots.DiscardUnknown(m) -} - -var xxx_messageInfo_CARoots proto.InternalMessageInfo - -func (m *CARoots) GetActiveRootID() string { - if m != nil { - return m.ActiveRootID +func (x *CARoots) GetActiveRootID() string { + if x != nil { + return x.ActiveRootID } return "" } -func (m *CARoots) GetTrustDomain() string { - if m != nil { - return m.TrustDomain +func (x *CARoots) GetTrustDomain() string { + if x != nil { + return x.TrustDomain } return "" } -func (m *CARoots) GetRoots() []*CARoot { - if m != nil { - return m.Roots +func (x *CARoots) GetRoots() []*CARoot { + if x != nil { + return x.Roots } return nil } -func (m *CARoots) GetQueryMeta() *pbcommon.QueryMeta { - if m != nil { - return m.QueryMeta +func (x *CARoots) GetQueryMeta() *pbcommon.QueryMeta { + if x != nil { + return x.QueryMeta } return nil } @@ -129,6 +142,10 @@ func (m *CARoots) GetQueryMeta() *pbcommon.QueryMeta { // output=connect.gen.go // name=StructsCARoot type CARoot struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + // ID is a globally unique ID (UUID) representing this CA root. ID string `protobuf:"bytes,1,opt,name=ID,proto3" json:"ID,omitempty"` // Name is a human-friendly name for this CA root. This value is @@ -151,9 +168,9 @@ type CARoot struct { ExternalTrustDomain string `protobuf:"bytes,5,opt,name=ExternalTrustDomain,proto3" json:"ExternalTrustDomain,omitempty"` // Time validity bounds. // mog: func-to=structs.TimeFromProto func-from=structs.TimeToProto - NotBefore *timestamp.Timestamp `protobuf:"bytes,6,opt,name=NotBefore,proto3" json:"NotBefore,omitempty"` + NotBefore *timestamppb.Timestamp `protobuf:"bytes,6,opt,name=NotBefore,proto3" json:"NotBefore,omitempty"` // mog: func-to=structs.TimeFromProto func-from=structs.TimeToProto - NotAfter *timestamp.Timestamp `protobuf:"bytes,7,opt,name=NotAfter,proto3" json:"NotAfter,omitempty"` + NotAfter *timestamppb.Timestamp `protobuf:"bytes,7,opt,name=NotAfter,proto3" json:"NotAfter,omitempty"` // RootCert is the PEM-encoded public certificate. RootCert string `protobuf:"bytes,8,opt,name=RootCert,proto3" json:"RootCert,omitempty"` // IntermediateCerts is a list of PEM-encoded intermediate certs to @@ -173,7 +190,7 @@ type CARoot struct { // This will only be set on roots that have been rotated out from being the // active root. // mog: func-to=structs.TimeFromProto func-from=structs.TimeToProto - RotatedOutAt *timestamp.Timestamp `protobuf:"bytes,13,opt,name=RotatedOutAt,proto3" json:"RotatedOutAt,omitempty"` + RotatedOutAt *timestamppb.Timestamp `protobuf:"bytes,13,opt,name=RotatedOutAt,proto3" json:"RotatedOutAt,omitempty"` // PrivateKeyType is the type of the private key used to sign certificates. It // may be "rsa" or "ec". This is provided as a convenience to avoid parsing // the public key to from the certificate to infer the type. @@ -184,145 +201,149 @@ type CARoot struct { // mog: func-to=int func-from=int32 PrivateKeyBits int32 `protobuf:"varint,15,opt,name=PrivateKeyBits,proto3" json:"PrivateKeyBits,omitempty"` // mog: func-to=RaftIndexTo func-from=RaftIndexFrom - RaftIndex *pbcommon.RaftIndex `protobuf:"bytes,16,opt,name=RaftIndex,proto3" json:"RaftIndex,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + RaftIndex *pbcommon.RaftIndex `protobuf:"bytes,16,opt,name=RaftIndex,proto3" json:"RaftIndex,omitempty"` } -func (m *CARoot) Reset() { *m = CARoot{} } -func (m *CARoot) String() string { return proto.CompactTextString(m) } -func (*CARoot) ProtoMessage() {} +func (x *CARoot) Reset() { + *x = CARoot{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_pbconnect_connect_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *CARoot) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CARoot) ProtoMessage() {} + +func (x *CARoot) ProtoReflect() protoreflect.Message { + mi := &file_proto_pbconnect_connect_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CARoot.ProtoReflect.Descriptor instead. func (*CARoot) Descriptor() ([]byte, []int) { - return fileDescriptor_80627e709958eb04, []int{1} + return file_proto_pbconnect_connect_proto_rawDescGZIP(), []int{1} } -func (m *CARoot) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_CARoot.Unmarshal(m, b) -} -func (m *CARoot) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_CARoot.Marshal(b, m, deterministic) -} -func (m *CARoot) XXX_Merge(src proto.Message) { - xxx_messageInfo_CARoot.Merge(m, src) -} -func (m *CARoot) XXX_Size() int { - return xxx_messageInfo_CARoot.Size(m) -} -func (m *CARoot) XXX_DiscardUnknown() { - xxx_messageInfo_CARoot.DiscardUnknown(m) -} - -var xxx_messageInfo_CARoot proto.InternalMessageInfo - -func (m *CARoot) GetID() string { - if m != nil { - return m.ID +func (x *CARoot) GetID() string { + if x != nil { + return x.ID } return "" } -func (m *CARoot) GetName() string { - if m != nil { - return m.Name +func (x *CARoot) GetName() string { + if x != nil { + return x.Name } return "" } -func (m *CARoot) GetSerialNumber() uint64 { - if m != nil { - return m.SerialNumber +func (x *CARoot) GetSerialNumber() uint64 { + if x != nil { + return x.SerialNumber } return 0 } -func (m *CARoot) GetSigningKeyID() string { - if m != nil { - return m.SigningKeyID +func (x *CARoot) GetSigningKeyID() string { + if x != nil { + return x.SigningKeyID } return "" } -func (m *CARoot) GetExternalTrustDomain() string { - if m != nil { - return m.ExternalTrustDomain +func (x *CARoot) GetExternalTrustDomain() string { + if x != nil { + return x.ExternalTrustDomain } return "" } -func (m *CARoot) GetNotBefore() *timestamp.Timestamp { - if m != nil { - return m.NotBefore +func (x *CARoot) GetNotBefore() *timestamppb.Timestamp { + if x != nil { + return x.NotBefore } return nil } -func (m *CARoot) GetNotAfter() *timestamp.Timestamp { - if m != nil { - return m.NotAfter +func (x *CARoot) GetNotAfter() *timestamppb.Timestamp { + if x != nil { + return x.NotAfter } return nil } -func (m *CARoot) GetRootCert() string { - if m != nil { - return m.RootCert +func (x *CARoot) GetRootCert() string { + if x != nil { + return x.RootCert } return "" } -func (m *CARoot) GetIntermediateCerts() []string { - if m != nil { - return m.IntermediateCerts +func (x *CARoot) GetIntermediateCerts() []string { + if x != nil { + return x.IntermediateCerts } return nil } -func (m *CARoot) GetSigningCert() string { - if m != nil { - return m.SigningCert +func (x *CARoot) GetSigningCert() string { + if x != nil { + return x.SigningCert } return "" } -func (m *CARoot) GetSigningKey() string { - if m != nil { - return m.SigningKey +func (x *CARoot) GetSigningKey() string { + if x != nil { + return x.SigningKey } return "" } -func (m *CARoot) GetActive() bool { - if m != nil { - return m.Active +func (x *CARoot) GetActive() bool { + if x != nil { + return x.Active } return false } -func (m *CARoot) GetRotatedOutAt() *timestamp.Timestamp { - if m != nil { - return m.RotatedOutAt +func (x *CARoot) GetRotatedOutAt() *timestamppb.Timestamp { + if x != nil { + return x.RotatedOutAt } return nil } -func (m *CARoot) GetPrivateKeyType() string { - if m != nil { - return m.PrivateKeyType +func (x *CARoot) GetPrivateKeyType() string { + if x != nil { + return x.PrivateKeyType } return "" } -func (m *CARoot) GetPrivateKeyBits() int32 { - if m != nil { - return m.PrivateKeyBits +func (x *CARoot) GetPrivateKeyBits() int32 { + if x != nil { + return x.PrivateKeyBits } return 0 } -func (m *CARoot) GetRaftIndex() *pbcommon.RaftIndex { - if m != nil { - return m.RaftIndex +func (x *CARoot) GetRaftIndex() *pbcommon.RaftIndex { + if x != nil { + return x.RaftIndex } return nil } @@ -336,6 +357,10 @@ func (m *CARoot) GetRaftIndex() *pbcommon.RaftIndex { // output=connect.gen.go // name=StructsIssuedCert type IssuedCert struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + // SerialNumber is the unique serial number for this certificate. // This is encoded in standard hex separated by :. SerialNumber string `protobuf:"bytes,1,opt,name=SerialNumber,proto3" json:"SerialNumber,omitempty"` @@ -355,171 +380,319 @@ type IssuedCert struct { // ValidAfter and ValidBefore are the validity periods for the // certificate. // mog: func-to=structs.TimeFromProto func-from=structs.TimeToProto - ValidAfter *timestamp.Timestamp `protobuf:"bytes,8,opt,name=ValidAfter,proto3" json:"ValidAfter,omitempty"` + ValidAfter *timestamppb.Timestamp `protobuf:"bytes,8,opt,name=ValidAfter,proto3" json:"ValidAfter,omitempty"` // mog: func-to=structs.TimeFromProto func-from=structs.TimeToProto - ValidBefore *timestamp.Timestamp `protobuf:"bytes,9,opt,name=ValidBefore,proto3" json:"ValidBefore,omitempty"` + ValidBefore *timestamppb.Timestamp `protobuf:"bytes,9,opt,name=ValidBefore,proto3" json:"ValidBefore,omitempty"` // EnterpriseMeta is the Consul Enterprise specific metadata // mog: func-to=EnterpriseMetaTo func-from=EnterpriseMetaFrom EnterpriseMeta *pbcommon.EnterpriseMeta `protobuf:"bytes,10,opt,name=EnterpriseMeta,proto3" json:"EnterpriseMeta,omitempty"` // mog: func-to=RaftIndexTo func-from=RaftIndexFrom - RaftIndex *pbcommon.RaftIndex `protobuf:"bytes,11,opt,name=RaftIndex,proto3" json:"RaftIndex,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + RaftIndex *pbcommon.RaftIndex `protobuf:"bytes,11,opt,name=RaftIndex,proto3" json:"RaftIndex,omitempty"` } -func (m *IssuedCert) Reset() { *m = IssuedCert{} } -func (m *IssuedCert) String() string { return proto.CompactTextString(m) } -func (*IssuedCert) ProtoMessage() {} +func (x *IssuedCert) Reset() { + *x = IssuedCert{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_pbconnect_connect_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *IssuedCert) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*IssuedCert) ProtoMessage() {} + +func (x *IssuedCert) ProtoReflect() protoreflect.Message { + mi := &file_proto_pbconnect_connect_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use IssuedCert.ProtoReflect.Descriptor instead. func (*IssuedCert) Descriptor() ([]byte, []int) { - return fileDescriptor_80627e709958eb04, []int{2} + return file_proto_pbconnect_connect_proto_rawDescGZIP(), []int{2} } -func (m *IssuedCert) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_IssuedCert.Unmarshal(m, b) -} -func (m *IssuedCert) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_IssuedCert.Marshal(b, m, deterministic) -} -func (m *IssuedCert) XXX_Merge(src proto.Message) { - xxx_messageInfo_IssuedCert.Merge(m, src) -} -func (m *IssuedCert) XXX_Size() int { - return xxx_messageInfo_IssuedCert.Size(m) -} -func (m *IssuedCert) XXX_DiscardUnknown() { - xxx_messageInfo_IssuedCert.DiscardUnknown(m) -} - -var xxx_messageInfo_IssuedCert proto.InternalMessageInfo - -func (m *IssuedCert) GetSerialNumber() string { - if m != nil { - return m.SerialNumber +func (x *IssuedCert) GetSerialNumber() string { + if x != nil { + return x.SerialNumber } return "" } -func (m *IssuedCert) GetCertPEM() string { - if m != nil { - return m.CertPEM +func (x *IssuedCert) GetCertPEM() string { + if x != nil { + return x.CertPEM } return "" } -func (m *IssuedCert) GetPrivateKeyPEM() string { - if m != nil { - return m.PrivateKeyPEM +func (x *IssuedCert) GetPrivateKeyPEM() string { + if x != nil { + return x.PrivateKeyPEM } return "" } -func (m *IssuedCert) GetService() string { - if m != nil { - return m.Service +func (x *IssuedCert) GetService() string { + if x != nil { + return x.Service } return "" } -func (m *IssuedCert) GetServiceURI() string { - if m != nil { - return m.ServiceURI +func (x *IssuedCert) GetServiceURI() string { + if x != nil { + return x.ServiceURI } return "" } -func (m *IssuedCert) GetAgent() string { - if m != nil { - return m.Agent +func (x *IssuedCert) GetAgent() string { + if x != nil { + return x.Agent } return "" } -func (m *IssuedCert) GetAgentURI() string { - if m != nil { - return m.AgentURI +func (x *IssuedCert) GetAgentURI() string { + if x != nil { + return x.AgentURI } return "" } -func (m *IssuedCert) GetValidAfter() *timestamp.Timestamp { - if m != nil { - return m.ValidAfter +func (x *IssuedCert) GetValidAfter() *timestamppb.Timestamp { + if x != nil { + return x.ValidAfter } return nil } -func (m *IssuedCert) GetValidBefore() *timestamp.Timestamp { - if m != nil { - return m.ValidBefore +func (x *IssuedCert) GetValidBefore() *timestamppb.Timestamp { + if x != nil { + return x.ValidBefore } return nil } -func (m *IssuedCert) GetEnterpriseMeta() *pbcommon.EnterpriseMeta { - if m != nil { - return m.EnterpriseMeta +func (x *IssuedCert) GetEnterpriseMeta() *pbcommon.EnterpriseMeta { + if x != nil { + return x.EnterpriseMeta } return nil } -func (m *IssuedCert) GetRaftIndex() *pbcommon.RaftIndex { - if m != nil { - return m.RaftIndex +func (x *IssuedCert) GetRaftIndex() *pbcommon.RaftIndex { + if x != nil { + return x.RaftIndex } return nil } -func init() { - proto.RegisterType((*CARoots)(nil), "connect.CARoots") - proto.RegisterType((*CARoot)(nil), "connect.CARoot") - proto.RegisterType((*IssuedCert)(nil), "connect.IssuedCert") +var File_proto_pbconnect_connect_proto protoreflect.FileDescriptor + +var file_proto_pbconnect_connect_proto_rawDesc = []byte{ + 0x0a, 0x1d, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, + 0x74, 0x2f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, + 0x07, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, + 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, + 0x61, 0x6d, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1b, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x2f, 0x70, 0x62, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xa7, 0x01, 0x0a, 0x07, 0x43, 0x41, 0x52, 0x6f, 0x6f, + 0x74, 0x73, 0x12, 0x22, 0x0a, 0x0c, 0x41, 0x63, 0x74, 0x69, 0x76, 0x65, 0x52, 0x6f, 0x6f, 0x74, + 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x41, 0x63, 0x74, 0x69, 0x76, 0x65, + 0x52, 0x6f, 0x6f, 0x74, 0x49, 0x44, 0x12, 0x20, 0x0a, 0x0b, 0x54, 0x72, 0x75, 0x73, 0x74, 0x44, + 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x54, 0x72, 0x75, + 0x73, 0x74, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x12, 0x25, 0x0a, 0x05, 0x52, 0x6f, 0x6f, 0x74, + 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, + 0x74, 0x2e, 0x43, 0x41, 0x52, 0x6f, 0x6f, 0x74, 0x52, 0x05, 0x52, 0x6f, 0x6f, 0x74, 0x73, 0x12, + 0x2f, 0x0a, 0x09, 0x51, 0x75, 0x65, 0x72, 0x79, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x04, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x51, 0x75, 0x65, 0x72, + 0x79, 0x4d, 0x65, 0x74, 0x61, 0x52, 0x09, 0x51, 0x75, 0x65, 0x72, 0x79, 0x4d, 0x65, 0x74, 0x61, + 0x22, 0xfd, 0x04, 0x0a, 0x06, 0x43, 0x41, 0x52, 0x6f, 0x6f, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x49, + 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x49, 0x44, 0x12, 0x12, 0x0a, 0x04, 0x4e, + 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, + 0x22, 0x0a, 0x0c, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x4e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, + 0x03, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0c, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x4e, 0x75, 0x6d, + 0x62, 0x65, 0x72, 0x12, 0x22, 0x0a, 0x0c, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x4b, 0x65, + 0x79, 0x49, 0x44, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x53, 0x69, 0x67, 0x6e, 0x69, + 0x6e, 0x67, 0x4b, 0x65, 0x79, 0x49, 0x44, 0x12, 0x30, 0x0a, 0x13, 0x45, 0x78, 0x74, 0x65, 0x72, + 0x6e, 0x61, 0x6c, 0x54, 0x72, 0x75, 0x73, 0x74, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x18, 0x05, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x13, 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x54, 0x72, + 0x75, 0x73, 0x74, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x12, 0x38, 0x0a, 0x09, 0x4e, 0x6f, 0x74, + 0x42, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, + 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, + 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x09, 0x4e, 0x6f, 0x74, 0x42, 0x65, 0x66, + 0x6f, 0x72, 0x65, 0x12, 0x36, 0x0a, 0x08, 0x4e, 0x6f, 0x74, 0x41, 0x66, 0x74, 0x65, 0x72, 0x18, + 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, + 0x70, 0x52, 0x08, 0x4e, 0x6f, 0x74, 0x41, 0x66, 0x74, 0x65, 0x72, 0x12, 0x1a, 0x0a, 0x08, 0x52, + 0x6f, 0x6f, 0x74, 0x43, 0x65, 0x72, 0x74, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x52, + 0x6f, 0x6f, 0x74, 0x43, 0x65, 0x72, 0x74, 0x12, 0x2c, 0x0a, 0x11, 0x49, 0x6e, 0x74, 0x65, 0x72, + 0x6d, 0x65, 0x64, 0x69, 0x61, 0x74, 0x65, 0x43, 0x65, 0x72, 0x74, 0x73, 0x18, 0x09, 0x20, 0x03, + 0x28, 0x09, 0x52, 0x11, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6d, 0x65, 0x64, 0x69, 0x61, 0x74, 0x65, + 0x43, 0x65, 0x72, 0x74, 0x73, 0x12, 0x20, 0x0a, 0x0b, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, + 0x43, 0x65, 0x72, 0x74, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x53, 0x69, 0x67, 0x6e, + 0x69, 0x6e, 0x67, 0x43, 0x65, 0x72, 0x74, 0x12, 0x1e, 0x0a, 0x0a, 0x53, 0x69, 0x67, 0x6e, 0x69, + 0x6e, 0x67, 0x4b, 0x65, 0x79, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x53, 0x69, 0x67, + 0x6e, 0x69, 0x6e, 0x67, 0x4b, 0x65, 0x79, 0x12, 0x16, 0x0a, 0x06, 0x41, 0x63, 0x74, 0x69, 0x76, + 0x65, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x41, 0x63, 0x74, 0x69, 0x76, 0x65, 0x12, + 0x3e, 0x0a, 0x0c, 0x52, 0x6f, 0x74, 0x61, 0x74, 0x65, 0x64, 0x4f, 0x75, 0x74, 0x41, 0x74, 0x18, + 0x0d, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, + 0x70, 0x52, 0x0c, 0x52, 0x6f, 0x74, 0x61, 0x74, 0x65, 0x64, 0x4f, 0x75, 0x74, 0x41, 0x74, 0x12, + 0x26, 0x0a, 0x0e, 0x50, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x54, 0x79, 0x70, + 0x65, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x50, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, + 0x4b, 0x65, 0x79, 0x54, 0x79, 0x70, 0x65, 0x12, 0x26, 0x0a, 0x0e, 0x50, 0x72, 0x69, 0x76, 0x61, + 0x74, 0x65, 0x4b, 0x65, 0x79, 0x42, 0x69, 0x74, 0x73, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x05, 0x52, + 0x0e, 0x50, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x42, 0x69, 0x74, 0x73, 0x12, + 0x2f, 0x0a, 0x09, 0x52, 0x61, 0x66, 0x74, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x10, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x52, 0x61, 0x66, 0x74, + 0x49, 0x6e, 0x64, 0x65, 0x78, 0x52, 0x09, 0x52, 0x61, 0x66, 0x74, 0x49, 0x6e, 0x64, 0x65, 0x78, + 0x22, 0xc7, 0x03, 0x0a, 0x0a, 0x49, 0x73, 0x73, 0x75, 0x65, 0x64, 0x43, 0x65, 0x72, 0x74, 0x12, + 0x22, 0x0a, 0x0c, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x4e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x4e, 0x75, 0x6d, + 0x62, 0x65, 0x72, 0x12, 0x18, 0x0a, 0x07, 0x43, 0x65, 0x72, 0x74, 0x50, 0x45, 0x4d, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x43, 0x65, 0x72, 0x74, 0x50, 0x45, 0x4d, 0x12, 0x24, 0x0a, + 0x0d, 0x50, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x50, 0x45, 0x4d, 0x18, 0x03, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x50, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, + 0x50, 0x45, 0x4d, 0x12, 0x18, 0x0a, 0x07, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x18, 0x04, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x1e, 0x0a, + 0x0a, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x55, 0x52, 0x49, 0x18, 0x05, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x0a, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x55, 0x52, 0x49, 0x12, 0x14, 0x0a, + 0x05, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x41, 0x67, + 0x65, 0x6e, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x55, 0x52, 0x49, 0x18, + 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x55, 0x52, 0x49, 0x12, + 0x3a, 0x0a, 0x0a, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x41, 0x66, 0x74, 0x65, 0x72, 0x18, 0x08, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, + 0x0a, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x41, 0x66, 0x74, 0x65, 0x72, 0x12, 0x3c, 0x0a, 0x0b, 0x56, + 0x61, 0x6c, 0x69, 0x64, 0x42, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, + 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x0b, 0x56, 0x61, + 0x6c, 0x69, 0x64, 0x42, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x12, 0x3e, 0x0a, 0x0e, 0x45, 0x6e, 0x74, + 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x0a, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x16, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, 0x74, 0x65, 0x72, + 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x52, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, + 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x2f, 0x0a, 0x09, 0x52, 0x61, 0x66, + 0x74, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x63, + 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x52, 0x61, 0x66, 0x74, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x52, + 0x09, 0x52, 0x61, 0x66, 0x74, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x42, 0x2d, 0x5a, 0x2b, 0x67, 0x69, + 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, + 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, + 0x70, 0x62, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x33, } -func init() { - proto.RegisterFile("proto/pbconnect/connect.proto", fileDescriptor_80627e709958eb04) +var ( + file_proto_pbconnect_connect_proto_rawDescOnce sync.Once + file_proto_pbconnect_connect_proto_rawDescData = file_proto_pbconnect_connect_proto_rawDesc +) + +func file_proto_pbconnect_connect_proto_rawDescGZIP() []byte { + file_proto_pbconnect_connect_proto_rawDescOnce.Do(func() { + file_proto_pbconnect_connect_proto_rawDescData = protoimpl.X.CompressGZIP(file_proto_pbconnect_connect_proto_rawDescData) + }) + return file_proto_pbconnect_connect_proto_rawDescData } -var fileDescriptor_80627e709958eb04 = []byte{ - // 632 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x84, 0x54, 0x5d, 0x6f, 0xd3, 0x30, - 0x14, 0x55, 0xd7, 0xcf, 0xdc, 0x6e, 0x1d, 0x33, 0x68, 0xb2, 0x8a, 0x80, 0xa8, 0x02, 0x14, 0x09, - 0x68, 0xd0, 0x90, 0x10, 0x42, 0x68, 0x52, 0xb7, 0xee, 0x21, 0x9a, 0x56, 0x86, 0x37, 0x78, 0xe0, - 0x2d, 0x6d, 0x6f, 0x3b, 0x4b, 0x4d, 0x5c, 0x39, 0xce, 0xb4, 0xfe, 0x22, 0x7e, 0x0a, 0xbf, 0x0a, - 0x09, 0xd9, 0x4e, 0xda, 0xa4, 0x20, 0xf5, 0x29, 0xbe, 0xe7, 0x1e, 0x5f, 0xdf, 0xeb, 0x73, 0x62, - 0x78, 0xb6, 0x94, 0x42, 0x09, 0x7f, 0x39, 0x9e, 0x88, 0x38, 0xc6, 0x89, 0xf2, 0xb3, 0x6f, 0xdf, - 0xe0, 0xa4, 0x99, 0x85, 0xdd, 0x17, 0x73, 0x21, 0xe6, 0x0b, 0xf4, 0x0d, 0x3c, 0x4e, 0x67, 0xbe, - 0xe2, 0x11, 0x26, 0x2a, 0x8c, 0x96, 0x96, 0xd9, 0x7d, 0xba, 0x29, 0x14, 0x45, 0x22, 0xf6, 0xed, - 0xc7, 0x26, 0x7b, 0xbf, 0x2a, 0xd0, 0x3c, 0x1f, 0x30, 0x21, 0x54, 0x42, 0x7a, 0xb0, 0x3f, 0x98, - 0x28, 0x7e, 0x8f, 0x3a, 0x0c, 0x86, 0xb4, 0xe2, 0x56, 0x3c, 0x87, 0x95, 0x30, 0xe2, 0x42, 0xfb, - 0x56, 0xa6, 0x89, 0x1a, 0x8a, 0x28, 0xe4, 0x31, 0xdd, 0x33, 0x94, 0x22, 0x44, 0x5e, 0x41, 0xdd, - 0x94, 0xa3, 0x55, 0xb7, 0xea, 0xb5, 0x4f, 0x0e, 0xfb, 0x79, 0xdf, 0xf6, 0x18, 0x66, 0xb3, 0xc4, - 0x07, 0xe7, 0x5b, 0x8a, 0x72, 0x75, 0x85, 0x2a, 0xa4, 0x35, 0xb7, 0xe2, 0xb5, 0x4f, 0x8e, 0xfa, - 0x59, 0x6b, 0xeb, 0x04, 0xdb, 0x70, 0x7a, 0x7f, 0x6a, 0xd0, 0xb0, 0x25, 0x48, 0x07, 0xf6, 0xd6, - 0xed, 0xed, 0x05, 0x43, 0x42, 0xa0, 0x36, 0x0a, 0x23, 0xcc, 0xba, 0x31, 0x6b, 0x3d, 0xcc, 0x0d, - 0x4a, 0x1e, 0x2e, 0x46, 0x69, 0x34, 0x46, 0x49, 0xab, 0x6e, 0xc5, 0xab, 0xb1, 0x12, 0x66, 0x38, - 0x7c, 0x1e, 0xf3, 0x78, 0x7e, 0x89, 0xab, 0x60, 0x68, 0xda, 0x70, 0x58, 0x09, 0x23, 0xef, 0xe1, - 0xf1, 0xc5, 0x83, 0x42, 0x19, 0x87, 0x8b, 0xe2, 0xe0, 0x75, 0x43, 0xfd, 0x5f, 0x8a, 0x7c, 0x02, - 0x67, 0x24, 0xd4, 0x19, 0xce, 0x84, 0x44, 0xda, 0x30, 0x93, 0x75, 0xfb, 0x56, 0xa4, 0x7e, 0x2e, - 0x52, 0xff, 0x36, 0x17, 0x89, 0x6d, 0xc8, 0xe4, 0x23, 0xb4, 0x46, 0x42, 0x0d, 0x66, 0x0a, 0x25, - 0x6d, 0xee, 0xdc, 0xb8, 0xe6, 0x92, 0x2e, 0xb4, 0xf4, 0xbd, 0x9c, 0xa3, 0x54, 0xb4, 0x65, 0x1a, - 0x5b, 0xc7, 0xe4, 0x2d, 0x1c, 0x05, 0xb1, 0x42, 0x19, 0xe1, 0x94, 0x87, 0x0a, 0x35, 0x96, 0x50, - 0xc7, 0xad, 0x7a, 0x0e, 0xfb, 0x37, 0xa1, 0xe5, 0xcd, 0xa6, 0x37, 0xc5, 0xc0, 0xca, 0x5b, 0x80, - 0xc8, 0x73, 0x80, 0xcd, 0xfd, 0xd0, 0xb6, 0x21, 0x14, 0x10, 0x72, 0x0c, 0x0d, 0x6b, 0x18, 0xba, - 0xef, 0x56, 0xbc, 0x16, 0xcb, 0x22, 0x72, 0x0a, 0xfb, 0x4c, 0xa8, 0x50, 0xe1, 0xf4, 0x6b, 0xaa, - 0x06, 0x8a, 0x1e, 0xec, 0x9c, 0xaf, 0xc4, 0x27, 0xaf, 0xa1, 0x73, 0x2d, 0xf9, 0x7d, 0xa8, 0xf0, - 0x12, 0x57, 0xb7, 0xab, 0x25, 0xd2, 0x8e, 0x39, 0x7b, 0x0b, 0x2d, 0xf3, 0xce, 0xb8, 0x4a, 0xe8, - 0xa1, 0x5b, 0xf1, 0xea, 0x6c, 0x0b, 0xd5, 0xfe, 0x63, 0xe1, 0x4c, 0x05, 0xf1, 0x14, 0x1f, 0xe8, - 0xa3, 0xb2, 0xff, 0xd6, 0x09, 0xb6, 0xe1, 0xf4, 0x7e, 0x57, 0x01, 0x82, 0x24, 0x49, 0x71, 0x6a, - 0xee, 0x61, 0xdb, 0x5f, 0xd9, 0xcf, 0x52, 0xf2, 0x17, 0x85, 0xa6, 0xe6, 0x5e, 0x5f, 0x5c, 0x65, - 0xd6, 0xcc, 0x43, 0xf2, 0x12, 0x0e, 0x36, 0xfd, 0xe8, 0x7c, 0xd5, 0xe4, 0xcb, 0xa0, 0xde, 0x7f, - 0x83, 0xf2, 0x9e, 0x4f, 0x30, 0xb3, 0x66, 0x1e, 0x1a, 0x15, 0xec, 0xf2, 0x3b, 0x0b, 0x32, 0x33, - 0x16, 0x10, 0xf2, 0x04, 0xea, 0x83, 0x39, 0xc6, 0xca, 0xf8, 0xcf, 0x61, 0x36, 0xd0, 0x3e, 0x31, - 0x0b, 0xbd, 0xa7, 0x69, 0x7d, 0x92, 0xc7, 0xe4, 0x33, 0xc0, 0x8f, 0x70, 0xc1, 0xa7, 0xd6, 0x7d, - 0xad, 0x9d, 0xea, 0x14, 0xd8, 0xe4, 0x0b, 0xb4, 0x4d, 0x94, 0x79, 0xde, 0xd9, 0xb9, 0xb9, 0x48, - 0x27, 0xa7, 0xd0, 0xb9, 0xd0, 0x46, 0x5c, 0x4a, 0x9e, 0xa0, 0x79, 0x0e, 0xc0, 0x14, 0x38, 0xce, - 0xe5, 0x28, 0x67, 0xd9, 0x16, 0xbb, 0xac, 0x64, 0x7b, 0xb7, 0x92, 0x67, 0xef, 0x7e, 0xbe, 0x99, - 0x73, 0x75, 0x97, 0x8e, 0x35, 0xcb, 0xbf, 0x0b, 0x93, 0x3b, 0x3e, 0x11, 0x72, 0xa9, 0x1f, 0xd8, - 0x24, 0x5d, 0xf8, 0x5b, 0xef, 0xee, 0xb8, 0x61, 0x80, 0x0f, 0x7f, 0x03, 0x00, 0x00, 0xff, 0xff, - 0x77, 0x18, 0x20, 0xcd, 0x91, 0x05, 0x00, 0x00, +var file_proto_pbconnect_connect_proto_msgTypes = make([]protoimpl.MessageInfo, 3) +var file_proto_pbconnect_connect_proto_goTypes = []interface{}{ + (*CARoots)(nil), // 0: connect.CARoots + (*CARoot)(nil), // 1: connect.CARoot + (*IssuedCert)(nil), // 2: connect.IssuedCert + (*pbcommon.QueryMeta)(nil), // 3: common.QueryMeta + (*timestamppb.Timestamp)(nil), // 4: google.protobuf.Timestamp + (*pbcommon.RaftIndex)(nil), // 5: common.RaftIndex + (*pbcommon.EnterpriseMeta)(nil), // 6: common.EnterpriseMeta +} +var file_proto_pbconnect_connect_proto_depIdxs = []int32{ + 1, // 0: connect.CARoots.Roots:type_name -> connect.CARoot + 3, // 1: connect.CARoots.QueryMeta:type_name -> common.QueryMeta + 4, // 2: connect.CARoot.NotBefore:type_name -> google.protobuf.Timestamp + 4, // 3: connect.CARoot.NotAfter:type_name -> google.protobuf.Timestamp + 4, // 4: connect.CARoot.RotatedOutAt:type_name -> google.protobuf.Timestamp + 5, // 5: connect.CARoot.RaftIndex:type_name -> common.RaftIndex + 4, // 6: connect.IssuedCert.ValidAfter:type_name -> google.protobuf.Timestamp + 4, // 7: connect.IssuedCert.ValidBefore:type_name -> google.protobuf.Timestamp + 6, // 8: connect.IssuedCert.EnterpriseMeta:type_name -> common.EnterpriseMeta + 5, // 9: connect.IssuedCert.RaftIndex:type_name -> common.RaftIndex + 10, // [10:10] is the sub-list for method output_type + 10, // [10:10] is the sub-list for method input_type + 10, // [10:10] is the sub-list for extension type_name + 10, // [10:10] is the sub-list for extension extendee + 0, // [0:10] is the sub-list for field type_name +} + +func init() { file_proto_pbconnect_connect_proto_init() } +func file_proto_pbconnect_connect_proto_init() { + if File_proto_pbconnect_connect_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_proto_pbconnect_connect_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*CARoots); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_proto_pbconnect_connect_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*CARoot); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_proto_pbconnect_connect_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*IssuedCert); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_proto_pbconnect_connect_proto_rawDesc, + NumEnums: 0, + NumMessages: 3, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_proto_pbconnect_connect_proto_goTypes, + DependencyIndexes: file_proto_pbconnect_connect_proto_depIdxs, + MessageInfos: file_proto_pbconnect_connect_proto_msgTypes, + }.Build() + File_proto_pbconnect_connect_proto = out.File + file_proto_pbconnect_connect_proto_rawDesc = nil + file_proto_pbconnect_connect_proto_goTypes = nil + file_proto_pbconnect_connect_proto_depIdxs = nil } diff --git a/proto/pbservice/healthcheck.pb.go b/proto/pbservice/healthcheck.pb.go index 3f5fe637b..a0dbe715c 100644 --- a/proto/pbservice/healthcheck.pb.go +++ b/proto/pbservice/healthcheck.pb.go @@ -1,26 +1,31 @@ // Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.23.0 +// protoc v3.15.8 // source: proto/pbservice/healthcheck.proto package pbservice import ( - fmt "fmt" proto "github.com/golang/protobuf/proto" - duration "github.com/golang/protobuf/ptypes/duration" pbcommon "github.com/hashicorp/consul/proto/pbcommon" - math "math" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + durationpb "google.golang.org/protobuf/types/known/durationpb" + reflect "reflect" + sync "sync" ) -// Reference imports to suppress errors if they are not otherwise used. -var _ = proto.Marshal -var _ = fmt.Errorf -var _ = math.Inf +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) -// This is a compile-time assertion to ensure that this generated file -// is compatible with the proto package it is being compiled against. -// A compilation error at this line likely means your copy of the -// proto package needs to be updated. -const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package +// This is a compile-time assertion that a sufficiently up-to-date version +// of the legacy proto package is being used. +const _ = proto.ProtoPackageIsVersion4 // HealthCheck represents a single check on a given node // @@ -30,203 +35,219 @@ const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package // output=healthcheck.gen.go // name=Structs type HealthCheck struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + Node string `protobuf:"bytes,1,opt,name=Node,proto3" json:"Node,omitempty"` // mog: func-to=CheckIDType func-from=string CheckID string `protobuf:"bytes,2,opt,name=CheckID,proto3" json:"CheckID,omitempty"` Name string `protobuf:"bytes,3,opt,name=Name,proto3" json:"Name,omitempty"` - Status string `protobuf:"bytes,4,opt,name=Status,proto3" json:"Status,omitempty"` - Notes string `protobuf:"bytes,5,opt,name=Notes,proto3" json:"Notes,omitempty"` - Output string `protobuf:"bytes,6,opt,name=Output,proto3" json:"Output,omitempty"` - ServiceID string `protobuf:"bytes,7,opt,name=ServiceID,proto3" json:"ServiceID,omitempty"` - ServiceName string `protobuf:"bytes,8,opt,name=ServiceName,proto3" json:"ServiceName,omitempty"` - ServiceTags []string `protobuf:"bytes,9,rep,name=ServiceTags,proto3" json:"ServiceTags,omitempty"` - Type string `protobuf:"bytes,12,opt,name=Type,proto3" json:"Type,omitempty"` + Status string `protobuf:"bytes,4,opt,name=Status,proto3" json:"Status,omitempty"` // The current check status + Notes string `protobuf:"bytes,5,opt,name=Notes,proto3" json:"Notes,omitempty"` // Additional notes with the status + Output string `protobuf:"bytes,6,opt,name=Output,proto3" json:"Output,omitempty"` // Holds output of script runs + ServiceID string `protobuf:"bytes,7,opt,name=ServiceID,proto3" json:"ServiceID,omitempty"` // optional associated service + ServiceName string `protobuf:"bytes,8,opt,name=ServiceName,proto3" json:"ServiceName,omitempty"` // optional service name + ServiceTags []string `protobuf:"bytes,9,rep,name=ServiceTags,proto3" json:"ServiceTags,omitempty"` // optional service tags + Type string `protobuf:"bytes,12,opt,name=Type,proto3" json:"Type,omitempty"` // Check type: http/ttl/tcp/etc Definition *HealthCheckDefinition `protobuf:"bytes,10,opt,name=Definition,proto3" json:"Definition,omitempty"` // mog: func-to=RaftIndexToStructs func-from=NewRaftIndexFromStructs RaftIndex *pbcommon.RaftIndex `protobuf:"bytes,11,opt,name=RaftIndex,proto3" json:"RaftIndex,omitempty"` // mog: func-to=EnterpriseMetaToStructs func-from=NewEnterpriseMetaFromStructs EnterpriseMeta *pbcommon.EnterpriseMeta `protobuf:"bytes,13,opt,name=EnterpriseMeta,proto3" json:"EnterpriseMeta,omitempty"` // mog: func-to=int func-from=int32 - ExposedPort int32 `protobuf:"varint,14,opt,name=ExposedPort,proto3" json:"ExposedPort,omitempty"` - Interval string `protobuf:"bytes,15,opt,name=Interval,proto3" json:"Interval,omitempty"` - Timeout string `protobuf:"bytes,16,opt,name=Timeout,proto3" json:"Timeout,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + ExposedPort int32 `protobuf:"varint,14,opt,name=ExposedPort,proto3" json:"ExposedPort,omitempty"` + Interval string `protobuf:"bytes,15,opt,name=Interval,proto3" json:"Interval,omitempty"` + Timeout string `protobuf:"bytes,16,opt,name=Timeout,proto3" json:"Timeout,omitempty"` } -func (m *HealthCheck) Reset() { *m = HealthCheck{} } -func (m *HealthCheck) String() string { return proto.CompactTextString(m) } -func (*HealthCheck) ProtoMessage() {} +func (x *HealthCheck) Reset() { + *x = HealthCheck{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_pbservice_healthcheck_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *HealthCheck) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*HealthCheck) ProtoMessage() {} + +func (x *HealthCheck) ProtoReflect() protoreflect.Message { + mi := &file_proto_pbservice_healthcheck_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use HealthCheck.ProtoReflect.Descriptor instead. func (*HealthCheck) Descriptor() ([]byte, []int) { - return fileDescriptor_8a6f7448747c9fbe, []int{0} + return file_proto_pbservice_healthcheck_proto_rawDescGZIP(), []int{0} } -func (m *HealthCheck) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_HealthCheck.Unmarshal(m, b) -} -func (m *HealthCheck) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_HealthCheck.Marshal(b, m, deterministic) -} -func (m *HealthCheck) XXX_Merge(src proto.Message) { - xxx_messageInfo_HealthCheck.Merge(m, src) -} -func (m *HealthCheck) XXX_Size() int { - return xxx_messageInfo_HealthCheck.Size(m) -} -func (m *HealthCheck) XXX_DiscardUnknown() { - xxx_messageInfo_HealthCheck.DiscardUnknown(m) -} - -var xxx_messageInfo_HealthCheck proto.InternalMessageInfo - -func (m *HealthCheck) GetNode() string { - if m != nil { - return m.Node +func (x *HealthCheck) GetNode() string { + if x != nil { + return x.Node } return "" } -func (m *HealthCheck) GetCheckID() string { - if m != nil { - return m.CheckID +func (x *HealthCheck) GetCheckID() string { + if x != nil { + return x.CheckID } return "" } -func (m *HealthCheck) GetName() string { - if m != nil { - return m.Name +func (x *HealthCheck) GetName() string { + if x != nil { + return x.Name } return "" } -func (m *HealthCheck) GetStatus() string { - if m != nil { - return m.Status +func (x *HealthCheck) GetStatus() string { + if x != nil { + return x.Status } return "" } -func (m *HealthCheck) GetNotes() string { - if m != nil { - return m.Notes +func (x *HealthCheck) GetNotes() string { + if x != nil { + return x.Notes } return "" } -func (m *HealthCheck) GetOutput() string { - if m != nil { - return m.Output +func (x *HealthCheck) GetOutput() string { + if x != nil { + return x.Output } return "" } -func (m *HealthCheck) GetServiceID() string { - if m != nil { - return m.ServiceID +func (x *HealthCheck) GetServiceID() string { + if x != nil { + return x.ServiceID } return "" } -func (m *HealthCheck) GetServiceName() string { - if m != nil { - return m.ServiceName +func (x *HealthCheck) GetServiceName() string { + if x != nil { + return x.ServiceName } return "" } -func (m *HealthCheck) GetServiceTags() []string { - if m != nil { - return m.ServiceTags +func (x *HealthCheck) GetServiceTags() []string { + if x != nil { + return x.ServiceTags } return nil } -func (m *HealthCheck) GetType() string { - if m != nil { - return m.Type +func (x *HealthCheck) GetType() string { + if x != nil { + return x.Type } return "" } -func (m *HealthCheck) GetDefinition() *HealthCheckDefinition { - if m != nil { - return m.Definition +func (x *HealthCheck) GetDefinition() *HealthCheckDefinition { + if x != nil { + return x.Definition } return nil } -func (m *HealthCheck) GetRaftIndex() *pbcommon.RaftIndex { - if m != nil { - return m.RaftIndex +func (x *HealthCheck) GetRaftIndex() *pbcommon.RaftIndex { + if x != nil { + return x.RaftIndex } return nil } -func (m *HealthCheck) GetEnterpriseMeta() *pbcommon.EnterpriseMeta { - if m != nil { - return m.EnterpriseMeta +func (x *HealthCheck) GetEnterpriseMeta() *pbcommon.EnterpriseMeta { + if x != nil { + return x.EnterpriseMeta } return nil } -func (m *HealthCheck) GetExposedPort() int32 { - if m != nil { - return m.ExposedPort +func (x *HealthCheck) GetExposedPort() int32 { + if x != nil { + return x.ExposedPort } return 0 } -func (m *HealthCheck) GetInterval() string { - if m != nil { - return m.Interval +func (x *HealthCheck) GetInterval() string { + if x != nil { + return x.Interval } return "" } -func (m *HealthCheck) GetTimeout() string { - if m != nil { - return m.Timeout +func (x *HealthCheck) GetTimeout() string { + if x != nil { + return x.Timeout } return "" } type HeaderValue struct { - Value []string `protobuf:"bytes,1,rep,name=Value,proto3" json:"Value,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Value []string `protobuf:"bytes,1,rep,name=Value,proto3" json:"Value,omitempty"` } -func (m *HeaderValue) Reset() { *m = HeaderValue{} } -func (m *HeaderValue) String() string { return proto.CompactTextString(m) } -func (*HeaderValue) ProtoMessage() {} +func (x *HeaderValue) Reset() { + *x = HeaderValue{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_pbservice_healthcheck_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *HeaderValue) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*HeaderValue) ProtoMessage() {} + +func (x *HeaderValue) ProtoReflect() protoreflect.Message { + mi := &file_proto_pbservice_healthcheck_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use HeaderValue.ProtoReflect.Descriptor instead. func (*HeaderValue) Descriptor() ([]byte, []int) { - return fileDescriptor_8a6f7448747c9fbe, []int{1} + return file_proto_pbservice_healthcheck_proto_rawDescGZIP(), []int{1} } -func (m *HeaderValue) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_HeaderValue.Unmarshal(m, b) -} -func (m *HeaderValue) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_HeaderValue.Marshal(b, m, deterministic) -} -func (m *HeaderValue) XXX_Merge(src proto.Message) { - xxx_messageInfo_HeaderValue.Merge(m, src) -} -func (m *HeaderValue) XXX_Size() int { - return xxx_messageInfo_HeaderValue.Size(m) -} -func (m *HeaderValue) XXX_DiscardUnknown() { - xxx_messageInfo_HeaderValue.DiscardUnknown(m) -} - -var xxx_messageInfo_HeaderValue proto.InternalMessageInfo - -func (m *HeaderValue) GetValue() []string { - if m != nil { - return m.Value +func (x *HeaderValue) GetValue() []string { + if x != nil { + return x.Value } return nil } @@ -239,6 +260,10 @@ func (m *HeaderValue) GetValue() []string { // output=healthcheck.gen.go // name=Structs type HealthCheckDefinition struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + HTTP string `protobuf:"bytes,1,opt,name=HTTP,proto3" json:"HTTP,omitempty"` TLSServerName string `protobuf:"bytes,19,opt,name=TLSServerName,proto3" json:"TLSServerName,omitempty"` TLSSkipVerify bool `protobuf:"varint,2,opt,name=TLSSkipVerify,proto3" json:"TLSSkipVerify,omitempty"` @@ -248,197 +273,201 @@ type HealthCheckDefinition struct { Body string `protobuf:"bytes,18,opt,name=Body,proto3" json:"Body,omitempty"` TCP string `protobuf:"bytes,5,opt,name=TCP,proto3" json:"TCP,omitempty"` // mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto - Interval *duration.Duration `protobuf:"bytes,6,opt,name=Interval,proto3" json:"Interval,omitempty"` + Interval *durationpb.Duration `protobuf:"bytes,6,opt,name=Interval,proto3" json:"Interval,omitempty"` // mog: func-to=uint func-from=uint32 OutputMaxSize uint32 `protobuf:"varint,9,opt,name=OutputMaxSize,proto3" json:"OutputMaxSize,omitempty"` // mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto - Timeout *duration.Duration `protobuf:"bytes,7,opt,name=Timeout,proto3" json:"Timeout,omitempty"` + Timeout *durationpb.Duration `protobuf:"bytes,7,opt,name=Timeout,proto3" json:"Timeout,omitempty"` // mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto - DeregisterCriticalServiceAfter *duration.Duration `protobuf:"bytes,8,opt,name=DeregisterCriticalServiceAfter,proto3" json:"DeregisterCriticalServiceAfter,omitempty"` - ScriptArgs []string `protobuf:"bytes,10,rep,name=ScriptArgs,proto3" json:"ScriptArgs,omitempty"` - DockerContainerID string `protobuf:"bytes,11,opt,name=DockerContainerID,proto3" json:"DockerContainerID,omitempty"` - Shell string `protobuf:"bytes,12,opt,name=Shell,proto3" json:"Shell,omitempty"` - H2PING string `protobuf:"bytes,20,opt,name=H2PING,proto3" json:"H2PING,omitempty"` - H2PingUseTLS bool `protobuf:"varint,21,opt,name=H2PingUseTLS,proto3" json:"H2PingUseTLS,omitempty"` - GRPC string `protobuf:"bytes,13,opt,name=GRPC,proto3" json:"GRPC,omitempty"` - GRPCUseTLS bool `protobuf:"varint,14,opt,name=GRPCUseTLS,proto3" json:"GRPCUseTLS,omitempty"` - AliasNode string `protobuf:"bytes,15,opt,name=AliasNode,proto3" json:"AliasNode,omitempty"` - AliasService string `protobuf:"bytes,16,opt,name=AliasService,proto3" json:"AliasService,omitempty"` + DeregisterCriticalServiceAfter *durationpb.Duration `protobuf:"bytes,8,opt,name=DeregisterCriticalServiceAfter,proto3" json:"DeregisterCriticalServiceAfter,omitempty"` + ScriptArgs []string `protobuf:"bytes,10,rep,name=ScriptArgs,proto3" json:"ScriptArgs,omitempty"` + DockerContainerID string `protobuf:"bytes,11,opt,name=DockerContainerID,proto3" json:"DockerContainerID,omitempty"` + Shell string `protobuf:"bytes,12,opt,name=Shell,proto3" json:"Shell,omitempty"` + H2PING string `protobuf:"bytes,20,opt,name=H2PING,proto3" json:"H2PING,omitempty"` + H2PingUseTLS bool `protobuf:"varint,21,opt,name=H2PingUseTLS,proto3" json:"H2PingUseTLS,omitempty"` + GRPC string `protobuf:"bytes,13,opt,name=GRPC,proto3" json:"GRPC,omitempty"` + GRPCUseTLS bool `protobuf:"varint,14,opt,name=GRPCUseTLS,proto3" json:"GRPCUseTLS,omitempty"` + AliasNode string `protobuf:"bytes,15,opt,name=AliasNode,proto3" json:"AliasNode,omitempty"` + AliasService string `protobuf:"bytes,16,opt,name=AliasService,proto3" json:"AliasService,omitempty"` // mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto - TTL *duration.Duration `protobuf:"bytes,17,opt,name=TTL,proto3" json:"TTL,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + TTL *durationpb.Duration `protobuf:"bytes,17,opt,name=TTL,proto3" json:"TTL,omitempty"` } -func (m *HealthCheckDefinition) Reset() { *m = HealthCheckDefinition{} } -func (m *HealthCheckDefinition) String() string { return proto.CompactTextString(m) } -func (*HealthCheckDefinition) ProtoMessage() {} +func (x *HealthCheckDefinition) Reset() { + *x = HealthCheckDefinition{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_pbservice_healthcheck_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *HealthCheckDefinition) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*HealthCheckDefinition) ProtoMessage() {} + +func (x *HealthCheckDefinition) ProtoReflect() protoreflect.Message { + mi := &file_proto_pbservice_healthcheck_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use HealthCheckDefinition.ProtoReflect.Descriptor instead. func (*HealthCheckDefinition) Descriptor() ([]byte, []int) { - return fileDescriptor_8a6f7448747c9fbe, []int{2} + return file_proto_pbservice_healthcheck_proto_rawDescGZIP(), []int{2} } -func (m *HealthCheckDefinition) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_HealthCheckDefinition.Unmarshal(m, b) -} -func (m *HealthCheckDefinition) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_HealthCheckDefinition.Marshal(b, m, deterministic) -} -func (m *HealthCheckDefinition) XXX_Merge(src proto.Message) { - xxx_messageInfo_HealthCheckDefinition.Merge(m, src) -} -func (m *HealthCheckDefinition) XXX_Size() int { - return xxx_messageInfo_HealthCheckDefinition.Size(m) -} -func (m *HealthCheckDefinition) XXX_DiscardUnknown() { - xxx_messageInfo_HealthCheckDefinition.DiscardUnknown(m) -} - -var xxx_messageInfo_HealthCheckDefinition proto.InternalMessageInfo - -func (m *HealthCheckDefinition) GetHTTP() string { - if m != nil { - return m.HTTP +func (x *HealthCheckDefinition) GetHTTP() string { + if x != nil { + return x.HTTP } return "" } -func (m *HealthCheckDefinition) GetTLSServerName() string { - if m != nil { - return m.TLSServerName +func (x *HealthCheckDefinition) GetTLSServerName() string { + if x != nil { + return x.TLSServerName } return "" } -func (m *HealthCheckDefinition) GetTLSSkipVerify() bool { - if m != nil { - return m.TLSSkipVerify +func (x *HealthCheckDefinition) GetTLSSkipVerify() bool { + if x != nil { + return x.TLSSkipVerify } return false } -func (m *HealthCheckDefinition) GetHeader() map[string]*HeaderValue { - if m != nil { - return m.Header +func (x *HealthCheckDefinition) GetHeader() map[string]*HeaderValue { + if x != nil { + return x.Header } return nil } -func (m *HealthCheckDefinition) GetMethod() string { - if m != nil { - return m.Method +func (x *HealthCheckDefinition) GetMethod() string { + if x != nil { + return x.Method } return "" } -func (m *HealthCheckDefinition) GetBody() string { - if m != nil { - return m.Body +func (x *HealthCheckDefinition) GetBody() string { + if x != nil { + return x.Body } return "" } -func (m *HealthCheckDefinition) GetTCP() string { - if m != nil { - return m.TCP +func (x *HealthCheckDefinition) GetTCP() string { + if x != nil { + return x.TCP } return "" } -func (m *HealthCheckDefinition) GetInterval() *duration.Duration { - if m != nil { - return m.Interval +func (x *HealthCheckDefinition) GetInterval() *durationpb.Duration { + if x != nil { + return x.Interval } return nil } -func (m *HealthCheckDefinition) GetOutputMaxSize() uint32 { - if m != nil { - return m.OutputMaxSize +func (x *HealthCheckDefinition) GetOutputMaxSize() uint32 { + if x != nil { + return x.OutputMaxSize } return 0 } -func (m *HealthCheckDefinition) GetTimeout() *duration.Duration { - if m != nil { - return m.Timeout +func (x *HealthCheckDefinition) GetTimeout() *durationpb.Duration { + if x != nil { + return x.Timeout } return nil } -func (m *HealthCheckDefinition) GetDeregisterCriticalServiceAfter() *duration.Duration { - if m != nil { - return m.DeregisterCriticalServiceAfter +func (x *HealthCheckDefinition) GetDeregisterCriticalServiceAfter() *durationpb.Duration { + if x != nil { + return x.DeregisterCriticalServiceAfter } return nil } -func (m *HealthCheckDefinition) GetScriptArgs() []string { - if m != nil { - return m.ScriptArgs +func (x *HealthCheckDefinition) GetScriptArgs() []string { + if x != nil { + return x.ScriptArgs } return nil } -func (m *HealthCheckDefinition) GetDockerContainerID() string { - if m != nil { - return m.DockerContainerID +func (x *HealthCheckDefinition) GetDockerContainerID() string { + if x != nil { + return x.DockerContainerID } return "" } -func (m *HealthCheckDefinition) GetShell() string { - if m != nil { - return m.Shell +func (x *HealthCheckDefinition) GetShell() string { + if x != nil { + return x.Shell } return "" } -func (m *HealthCheckDefinition) GetH2PING() string { - if m != nil { - return m.H2PING +func (x *HealthCheckDefinition) GetH2PING() string { + if x != nil { + return x.H2PING } return "" } -func (m *HealthCheckDefinition) GetH2PingUseTLS() bool { - if m != nil { - return m.H2PingUseTLS +func (x *HealthCheckDefinition) GetH2PingUseTLS() bool { + if x != nil { + return x.H2PingUseTLS } return false } -func (m *HealthCheckDefinition) GetGRPC() string { - if m != nil { - return m.GRPC +func (x *HealthCheckDefinition) GetGRPC() string { + if x != nil { + return x.GRPC } return "" } -func (m *HealthCheckDefinition) GetGRPCUseTLS() bool { - if m != nil { - return m.GRPCUseTLS +func (x *HealthCheckDefinition) GetGRPCUseTLS() bool { + if x != nil { + return x.GRPCUseTLS } return false } -func (m *HealthCheckDefinition) GetAliasNode() string { - if m != nil { - return m.AliasNode +func (x *HealthCheckDefinition) GetAliasNode() string { + if x != nil { + return x.AliasNode } return "" } -func (m *HealthCheckDefinition) GetAliasService() string { - if m != nil { - return m.AliasService +func (x *HealthCheckDefinition) GetAliasService() string { + if x != nil { + return x.AliasService } return "" } -func (m *HealthCheckDefinition) GetTTL() *duration.Duration { - if m != nil { - return m.TTL +func (x *HealthCheckDefinition) GetTTL() *durationpb.Duration { + if x != nil { + return x.TTL } return nil } @@ -456,6 +485,10 @@ func (m *HealthCheckDefinition) GetTTL() *duration.Duration { // output=healthcheck.gen.go // name=Structs type CheckType struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + // mog: func-to=CheckIDType func-from=string CheckID string `protobuf:"bytes,1,opt,name=CheckID,proto3" json:"CheckID,omitempty"` Name string `protobuf:"bytes,2,opt,name=Name,proto3" json:"Name,omitempty"` @@ -469,21 +502,21 @@ type CheckType struct { Body string `protobuf:"bytes,26,opt,name=Body,proto3" json:"Body,omitempty"` TCP string `protobuf:"bytes,8,opt,name=TCP,proto3" json:"TCP,omitempty"` // mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto - Interval *duration.Duration `protobuf:"bytes,9,opt,name=Interval,proto3" json:"Interval,omitempty"` - AliasNode string `protobuf:"bytes,10,opt,name=AliasNode,proto3" json:"AliasNode,omitempty"` - AliasService string `protobuf:"bytes,11,opt,name=AliasService,proto3" json:"AliasService,omitempty"` - DockerContainerID string `protobuf:"bytes,12,opt,name=DockerContainerID,proto3" json:"DockerContainerID,omitempty"` - Shell string `protobuf:"bytes,13,opt,name=Shell,proto3" json:"Shell,omitempty"` - H2PING string `protobuf:"bytes,28,opt,name=H2PING,proto3" json:"H2PING,omitempty"` - H2PingUseTLS bool `protobuf:"varint,30,opt,name=H2PingUseTLS,proto3" json:"H2PingUseTLS,omitempty"` - GRPC string `protobuf:"bytes,14,opt,name=GRPC,proto3" json:"GRPC,omitempty"` - GRPCUseTLS bool `protobuf:"varint,15,opt,name=GRPCUseTLS,proto3" json:"GRPCUseTLS,omitempty"` - TLSServerName string `protobuf:"bytes,27,opt,name=TLSServerName,proto3" json:"TLSServerName,omitempty"` - TLSSkipVerify bool `protobuf:"varint,16,opt,name=TLSSkipVerify,proto3" json:"TLSSkipVerify,omitempty"` + Interval *durationpb.Duration `protobuf:"bytes,9,opt,name=Interval,proto3" json:"Interval,omitempty"` + AliasNode string `protobuf:"bytes,10,opt,name=AliasNode,proto3" json:"AliasNode,omitempty"` + AliasService string `protobuf:"bytes,11,opt,name=AliasService,proto3" json:"AliasService,omitempty"` + DockerContainerID string `protobuf:"bytes,12,opt,name=DockerContainerID,proto3" json:"DockerContainerID,omitempty"` + Shell string `protobuf:"bytes,13,opt,name=Shell,proto3" json:"Shell,omitempty"` + H2PING string `protobuf:"bytes,28,opt,name=H2PING,proto3" json:"H2PING,omitempty"` + H2PingUseTLS bool `protobuf:"varint,30,opt,name=H2PingUseTLS,proto3" json:"H2PingUseTLS,omitempty"` + GRPC string `protobuf:"bytes,14,opt,name=GRPC,proto3" json:"GRPC,omitempty"` + GRPCUseTLS bool `protobuf:"varint,15,opt,name=GRPCUseTLS,proto3" json:"GRPCUseTLS,omitempty"` + TLSServerName string `protobuf:"bytes,27,opt,name=TLSServerName,proto3" json:"TLSServerName,omitempty"` + TLSSkipVerify bool `protobuf:"varint,16,opt,name=TLSSkipVerify,proto3" json:"TLSSkipVerify,omitempty"` // mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto - Timeout *duration.Duration `protobuf:"bytes,17,opt,name=Timeout,proto3" json:"Timeout,omitempty"` + Timeout *durationpb.Duration `protobuf:"bytes,17,opt,name=Timeout,proto3" json:"Timeout,omitempty"` // mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto - TTL *duration.Duration `protobuf:"bytes,18,opt,name=TTL,proto3" json:"TTL,omitempty"` + TTL *durationpb.Duration `protobuf:"bytes,18,opt,name=TTL,proto3" json:"TTL,omitempty"` // mog: func-to=int func-from=int32 SuccessBeforePassing int32 `protobuf:"varint,21,opt,name=SuccessBeforePassing,proto3" json:"SuccessBeforePassing,omitempty"` // mog: func-to=int func-from=int32 @@ -497,325 +530,554 @@ type CheckType struct { // service, if any, to be deregistered if this check is critical for // longer than this duration. // mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto - DeregisterCriticalServiceAfter *duration.Duration `protobuf:"bytes,19,opt,name=DeregisterCriticalServiceAfter,proto3" json:"DeregisterCriticalServiceAfter,omitempty"` + DeregisterCriticalServiceAfter *durationpb.Duration `protobuf:"bytes,19,opt,name=DeregisterCriticalServiceAfter,proto3" json:"DeregisterCriticalServiceAfter,omitempty"` // mog: func-to=int func-from=int32 - OutputMaxSize int32 `protobuf:"varint,25,opt,name=OutputMaxSize,proto3" json:"OutputMaxSize,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + OutputMaxSize int32 `protobuf:"varint,25,opt,name=OutputMaxSize,proto3" json:"OutputMaxSize,omitempty"` } -func (m *CheckType) Reset() { *m = CheckType{} } -func (m *CheckType) String() string { return proto.CompactTextString(m) } -func (*CheckType) ProtoMessage() {} +func (x *CheckType) Reset() { + *x = CheckType{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_pbservice_healthcheck_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *CheckType) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CheckType) ProtoMessage() {} + +func (x *CheckType) ProtoReflect() protoreflect.Message { + mi := &file_proto_pbservice_healthcheck_proto_msgTypes[3] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CheckType.ProtoReflect.Descriptor instead. func (*CheckType) Descriptor() ([]byte, []int) { - return fileDescriptor_8a6f7448747c9fbe, []int{3} + return file_proto_pbservice_healthcheck_proto_rawDescGZIP(), []int{3} } -func (m *CheckType) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_CheckType.Unmarshal(m, b) -} -func (m *CheckType) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_CheckType.Marshal(b, m, deterministic) -} -func (m *CheckType) XXX_Merge(src proto.Message) { - xxx_messageInfo_CheckType.Merge(m, src) -} -func (m *CheckType) XXX_Size() int { - return xxx_messageInfo_CheckType.Size(m) -} -func (m *CheckType) XXX_DiscardUnknown() { - xxx_messageInfo_CheckType.DiscardUnknown(m) -} - -var xxx_messageInfo_CheckType proto.InternalMessageInfo - -func (m *CheckType) GetCheckID() string { - if m != nil { - return m.CheckID +func (x *CheckType) GetCheckID() string { + if x != nil { + return x.CheckID } return "" } -func (m *CheckType) GetName() string { - if m != nil { - return m.Name +func (x *CheckType) GetName() string { + if x != nil { + return x.Name } return "" } -func (m *CheckType) GetStatus() string { - if m != nil { - return m.Status +func (x *CheckType) GetStatus() string { + if x != nil { + return x.Status } return "" } -func (m *CheckType) GetNotes() string { - if m != nil { - return m.Notes +func (x *CheckType) GetNotes() string { + if x != nil { + return x.Notes } return "" } -func (m *CheckType) GetScriptArgs() []string { - if m != nil { - return m.ScriptArgs +func (x *CheckType) GetScriptArgs() []string { + if x != nil { + return x.ScriptArgs } return nil } -func (m *CheckType) GetHTTP() string { - if m != nil { - return m.HTTP +func (x *CheckType) GetHTTP() string { + if x != nil { + return x.HTTP } return "" } -func (m *CheckType) GetHeader() map[string]*HeaderValue { - if m != nil { - return m.Header +func (x *CheckType) GetHeader() map[string]*HeaderValue { + if x != nil { + return x.Header } return nil } -func (m *CheckType) GetMethod() string { - if m != nil { - return m.Method +func (x *CheckType) GetMethod() string { + if x != nil { + return x.Method } return "" } -func (m *CheckType) GetBody() string { - if m != nil { - return m.Body +func (x *CheckType) GetBody() string { + if x != nil { + return x.Body } return "" } -func (m *CheckType) GetTCP() string { - if m != nil { - return m.TCP +func (x *CheckType) GetTCP() string { + if x != nil { + return x.TCP } return "" } -func (m *CheckType) GetInterval() *duration.Duration { - if m != nil { - return m.Interval +func (x *CheckType) GetInterval() *durationpb.Duration { + if x != nil { + return x.Interval } return nil } -func (m *CheckType) GetAliasNode() string { - if m != nil { - return m.AliasNode +func (x *CheckType) GetAliasNode() string { + if x != nil { + return x.AliasNode } return "" } -func (m *CheckType) GetAliasService() string { - if m != nil { - return m.AliasService +func (x *CheckType) GetAliasService() string { + if x != nil { + return x.AliasService } return "" } -func (m *CheckType) GetDockerContainerID() string { - if m != nil { - return m.DockerContainerID +func (x *CheckType) GetDockerContainerID() string { + if x != nil { + return x.DockerContainerID } return "" } -func (m *CheckType) GetShell() string { - if m != nil { - return m.Shell +func (x *CheckType) GetShell() string { + if x != nil { + return x.Shell } return "" } -func (m *CheckType) GetH2PING() string { - if m != nil { - return m.H2PING +func (x *CheckType) GetH2PING() string { + if x != nil { + return x.H2PING } return "" } -func (m *CheckType) GetH2PingUseTLS() bool { - if m != nil { - return m.H2PingUseTLS +func (x *CheckType) GetH2PingUseTLS() bool { + if x != nil { + return x.H2PingUseTLS } return false } -func (m *CheckType) GetGRPC() string { - if m != nil { - return m.GRPC +func (x *CheckType) GetGRPC() string { + if x != nil { + return x.GRPC } return "" } -func (m *CheckType) GetGRPCUseTLS() bool { - if m != nil { - return m.GRPCUseTLS +func (x *CheckType) GetGRPCUseTLS() bool { + if x != nil { + return x.GRPCUseTLS } return false } -func (m *CheckType) GetTLSServerName() string { - if m != nil { - return m.TLSServerName +func (x *CheckType) GetTLSServerName() string { + if x != nil { + return x.TLSServerName } return "" } -func (m *CheckType) GetTLSSkipVerify() bool { - if m != nil { - return m.TLSSkipVerify +func (x *CheckType) GetTLSSkipVerify() bool { + if x != nil { + return x.TLSSkipVerify } return false } -func (m *CheckType) GetTimeout() *duration.Duration { - if m != nil { - return m.Timeout +func (x *CheckType) GetTimeout() *durationpb.Duration { + if x != nil { + return x.Timeout } return nil } -func (m *CheckType) GetTTL() *duration.Duration { - if m != nil { - return m.TTL +func (x *CheckType) GetTTL() *durationpb.Duration { + if x != nil { + return x.TTL } return nil } -func (m *CheckType) GetSuccessBeforePassing() int32 { - if m != nil { - return m.SuccessBeforePassing +func (x *CheckType) GetSuccessBeforePassing() int32 { + if x != nil { + return x.SuccessBeforePassing } return 0 } -func (m *CheckType) GetFailuresBeforeWarning() int32 { - if m != nil { - return m.FailuresBeforeWarning +func (x *CheckType) GetFailuresBeforeWarning() int32 { + if x != nil { + return x.FailuresBeforeWarning } return 0 } -func (m *CheckType) GetFailuresBeforeCritical() int32 { - if m != nil { - return m.FailuresBeforeCritical +func (x *CheckType) GetFailuresBeforeCritical() int32 { + if x != nil { + return x.FailuresBeforeCritical } return 0 } -func (m *CheckType) GetProxyHTTP() string { - if m != nil { - return m.ProxyHTTP +func (x *CheckType) GetProxyHTTP() string { + if x != nil { + return x.ProxyHTTP } return "" } -func (m *CheckType) GetProxyGRPC() string { - if m != nil { - return m.ProxyGRPC +func (x *CheckType) GetProxyGRPC() string { + if x != nil { + return x.ProxyGRPC } return "" } -func (m *CheckType) GetDeregisterCriticalServiceAfter() *duration.Duration { - if m != nil { - return m.DeregisterCriticalServiceAfter +func (x *CheckType) GetDeregisterCriticalServiceAfter() *durationpb.Duration { + if x != nil { + return x.DeregisterCriticalServiceAfter } return nil } -func (m *CheckType) GetOutputMaxSize() int32 { - if m != nil { - return m.OutputMaxSize +func (x *CheckType) GetOutputMaxSize() int32 { + if x != nil { + return x.OutputMaxSize } return 0 } -func init() { - proto.RegisterType((*HealthCheck)(nil), "pbservice.HealthCheck") - proto.RegisterType((*HeaderValue)(nil), "pbservice.HeaderValue") - proto.RegisterType((*HealthCheckDefinition)(nil), "pbservice.HealthCheckDefinition") - proto.RegisterMapType((map[string]*HeaderValue)(nil), "pbservice.HealthCheckDefinition.HeaderEntry") - proto.RegisterType((*CheckType)(nil), "pbservice.CheckType") - proto.RegisterMapType((map[string]*HeaderValue)(nil), "pbservice.CheckType.HeaderEntry") +var File_proto_pbservice_healthcheck_proto protoreflect.FileDescriptor + +var file_proto_pbservice_healthcheck_proto_rawDesc = []byte{ + 0x0a, 0x21, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, + 0x65, 0x2f, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x12, 0x09, 0x70, 0x62, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x1a, 0x1e, + 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, + 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1b, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x63, + 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x96, 0x04, 0x0a, 0x0b, + 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x12, 0x12, 0x0a, 0x04, 0x4e, + 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x6f, 0x64, 0x65, 0x12, + 0x18, 0x0a, 0x07, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x49, 0x44, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x07, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x49, 0x44, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, + 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x16, 0x0a, + 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x53, + 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x14, 0x0a, 0x05, 0x4e, 0x6f, 0x74, 0x65, 0x73, 0x18, 0x05, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x4e, 0x6f, 0x74, 0x65, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x4f, + 0x75, 0x74, 0x70, 0x75, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x4f, 0x75, 0x74, + 0x70, 0x75, 0x74, 0x12, 0x1c, 0x0a, 0x09, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x49, 0x44, + 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x49, + 0x44, 0x12, 0x20, 0x0a, 0x0b, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, + 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4e, + 0x61, 0x6d, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x54, 0x61, + 0x67, 0x73, 0x18, 0x09, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0b, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, + 0x65, 0x54, 0x61, 0x67, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, 0x18, 0x0c, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x04, 0x54, 0x79, 0x70, 0x65, 0x12, 0x40, 0x0a, 0x0a, 0x44, 0x65, 0x66, + 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x20, 0x2e, + 0x70, 0x62, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, + 0x43, 0x68, 0x65, 0x63, 0x6b, 0x44, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x52, + 0x0a, 0x44, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x2f, 0x0a, 0x09, 0x52, + 0x61, 0x66, 0x74, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x11, + 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x52, 0x61, 0x66, 0x74, 0x49, 0x6e, 0x64, 0x65, + 0x78, 0x52, 0x09, 0x52, 0x61, 0x66, 0x74, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x3e, 0x0a, 0x0e, + 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x0d, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, + 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x52, 0x0e, 0x45, 0x6e, + 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x20, 0x0a, 0x0b, + 0x45, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x64, 0x50, 0x6f, 0x72, 0x74, 0x18, 0x0e, 0x20, 0x01, 0x28, + 0x05, 0x52, 0x0b, 0x45, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x64, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x1a, + 0x0a, 0x08, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x08, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, 0x18, 0x0a, 0x07, 0x54, 0x69, + 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x10, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x54, 0x69, 0x6d, + 0x65, 0x6f, 0x75, 0x74, 0x22, 0x23, 0x0a, 0x0b, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x56, 0x61, + 0x6c, 0x75, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x01, 0x20, 0x03, + 0x28, 0x09, 0x52, 0x05, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x22, 0x86, 0x07, 0x0a, 0x15, 0x48, 0x65, + 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x44, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, + 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x48, 0x54, 0x54, 0x50, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x04, 0x48, 0x54, 0x54, 0x50, 0x12, 0x24, 0x0a, 0x0d, 0x54, 0x4c, 0x53, 0x53, 0x65, + 0x72, 0x76, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x13, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, + 0x54, 0x4c, 0x53, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x24, 0x0a, + 0x0d, 0x54, 0x4c, 0x53, 0x53, 0x6b, 0x69, 0x70, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x08, 0x52, 0x0d, 0x54, 0x4c, 0x53, 0x53, 0x6b, 0x69, 0x70, 0x56, 0x65, 0x72, + 0x69, 0x66, 0x79, 0x12, 0x44, 0x0a, 0x06, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x18, 0x03, 0x20, + 0x03, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x70, 0x62, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, + 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x44, 0x65, 0x66, 0x69, 0x6e, + 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x45, 0x6e, 0x74, 0x72, + 0x79, 0x52, 0x06, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12, 0x16, 0x0a, 0x06, 0x4d, 0x65, 0x74, + 0x68, 0x6f, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x4d, 0x65, 0x74, 0x68, 0x6f, + 0x64, 0x12, 0x12, 0x0a, 0x04, 0x42, 0x6f, 0x64, 0x79, 0x18, 0x12, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x04, 0x42, 0x6f, 0x64, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x54, 0x43, 0x50, 0x18, 0x05, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x03, 0x54, 0x43, 0x50, 0x12, 0x35, 0x0a, 0x08, 0x49, 0x6e, 0x74, 0x65, 0x72, + 0x76, 0x61, 0x6c, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, + 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x08, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, 0x24, + 0x0a, 0x0d, 0x4f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x4d, 0x61, 0x78, 0x53, 0x69, 0x7a, 0x65, 0x18, + 0x09, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0d, 0x4f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x4d, 0x61, 0x78, + 0x53, 0x69, 0x7a, 0x65, 0x12, 0x33, 0x0a, 0x07, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, + 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x52, 0x07, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x61, 0x0a, 0x1e, 0x44, 0x65, 0x72, + 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x43, 0x72, 0x69, 0x74, 0x69, 0x63, 0x61, 0x6c, 0x53, + 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x41, 0x66, 0x74, 0x65, 0x72, 0x18, 0x08, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x1e, 0x44, 0x65, + 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x43, 0x72, 0x69, 0x74, 0x69, 0x63, 0x61, 0x6c, + 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x41, 0x66, 0x74, 0x65, 0x72, 0x12, 0x1e, 0x0a, 0x0a, + 0x53, 0x63, 0x72, 0x69, 0x70, 0x74, 0x41, 0x72, 0x67, 0x73, 0x18, 0x0a, 0x20, 0x03, 0x28, 0x09, + 0x52, 0x0a, 0x53, 0x63, 0x72, 0x69, 0x70, 0x74, 0x41, 0x72, 0x67, 0x73, 0x12, 0x2c, 0x0a, 0x11, + 0x44, 0x6f, 0x63, 0x6b, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x49, + 0x44, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x44, 0x6f, 0x63, 0x6b, 0x65, 0x72, 0x43, + 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x49, 0x44, 0x12, 0x14, 0x0a, 0x05, 0x53, 0x68, + 0x65, 0x6c, 0x6c, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x53, 0x68, 0x65, 0x6c, 0x6c, + 0x12, 0x16, 0x0a, 0x06, 0x48, 0x32, 0x50, 0x49, 0x4e, 0x47, 0x18, 0x14, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x06, 0x48, 0x32, 0x50, 0x49, 0x4e, 0x47, 0x12, 0x22, 0x0a, 0x0c, 0x48, 0x32, 0x50, 0x69, + 0x6e, 0x67, 0x55, 0x73, 0x65, 0x54, 0x4c, 0x53, 0x18, 0x15, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0c, + 0x48, 0x32, 0x50, 0x69, 0x6e, 0x67, 0x55, 0x73, 0x65, 0x54, 0x4c, 0x53, 0x12, 0x12, 0x0a, 0x04, + 0x47, 0x52, 0x50, 0x43, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x47, 0x52, 0x50, 0x43, + 0x12, 0x1e, 0x0a, 0x0a, 0x47, 0x52, 0x50, 0x43, 0x55, 0x73, 0x65, 0x54, 0x4c, 0x53, 0x18, 0x0e, + 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x47, 0x52, 0x50, 0x43, 0x55, 0x73, 0x65, 0x54, 0x4c, 0x53, + 0x12, 0x1c, 0x0a, 0x09, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x4e, 0x6f, 0x64, 0x65, 0x18, 0x0f, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x09, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x4e, 0x6f, 0x64, 0x65, 0x12, 0x22, + 0x0a, 0x0c, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x18, 0x10, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x53, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0x12, 0x2b, 0x0a, 0x03, 0x54, 0x54, 0x4c, 0x18, 0x11, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, + 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x03, 0x54, 0x54, 0x4c, 0x1a, + 0x51, 0x0a, 0x0b, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, + 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, + 0x12, 0x2c, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x16, 0x2e, 0x70, 0x62, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x48, 0x65, 0x61, 0x64, + 0x65, 0x72, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, + 0x38, 0x01, 0x22, 0xa8, 0x09, 0x0a, 0x09, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x54, 0x79, 0x70, 0x65, + 0x12, 0x18, 0x0a, 0x07, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x07, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x49, 0x44, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, + 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x16, + 0x0a, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, + 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x14, 0x0a, 0x05, 0x4e, 0x6f, 0x74, 0x65, 0x73, 0x18, + 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x4e, 0x6f, 0x74, 0x65, 0x73, 0x12, 0x1e, 0x0a, 0x0a, + 0x53, 0x63, 0x72, 0x69, 0x70, 0x74, 0x41, 0x72, 0x67, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, + 0x52, 0x0a, 0x53, 0x63, 0x72, 0x69, 0x70, 0x74, 0x41, 0x72, 0x67, 0x73, 0x12, 0x12, 0x0a, 0x04, + 0x48, 0x54, 0x54, 0x50, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x48, 0x54, 0x54, 0x50, + 0x12, 0x38, 0x0a, 0x06, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x18, 0x14, 0x20, 0x03, 0x28, 0x0b, + 0x32, 0x20, 0x2e, 0x70, 0x62, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x43, 0x68, 0x65, + 0x63, 0x6b, 0x54, 0x79, 0x70, 0x65, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x45, 0x6e, 0x74, + 0x72, 0x79, 0x52, 0x06, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12, 0x16, 0x0a, 0x06, 0x4d, 0x65, + 0x74, 0x68, 0x6f, 0x64, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x4d, 0x65, 0x74, 0x68, + 0x6f, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x42, 0x6f, 0x64, 0x79, 0x18, 0x1a, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x04, 0x42, 0x6f, 0x64, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x54, 0x43, 0x50, 0x18, 0x08, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x03, 0x54, 0x43, 0x50, 0x12, 0x35, 0x0a, 0x08, 0x49, 0x6e, 0x74, 0x65, + 0x72, 0x76, 0x61, 0x6c, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, + 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x08, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, + 0x1c, 0x0a, 0x09, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x4e, 0x6f, 0x64, 0x65, 0x18, 0x0a, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x09, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x4e, 0x6f, 0x64, 0x65, 0x12, 0x22, 0x0a, + 0x0c, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x18, 0x0b, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x0c, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, + 0x65, 0x12, 0x2c, 0x0a, 0x11, 0x44, 0x6f, 0x63, 0x6b, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x74, 0x61, + 0x69, 0x6e, 0x65, 0x72, 0x49, 0x44, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x44, 0x6f, + 0x63, 0x6b, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x49, 0x44, 0x12, + 0x14, 0x0a, 0x05, 0x53, 0x68, 0x65, 0x6c, 0x6c, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, + 0x53, 0x68, 0x65, 0x6c, 0x6c, 0x12, 0x16, 0x0a, 0x06, 0x48, 0x32, 0x50, 0x49, 0x4e, 0x47, 0x18, + 0x1c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x48, 0x32, 0x50, 0x49, 0x4e, 0x47, 0x12, 0x22, 0x0a, + 0x0c, 0x48, 0x32, 0x50, 0x69, 0x6e, 0x67, 0x55, 0x73, 0x65, 0x54, 0x4c, 0x53, 0x18, 0x1e, 0x20, + 0x01, 0x28, 0x08, 0x52, 0x0c, 0x48, 0x32, 0x50, 0x69, 0x6e, 0x67, 0x55, 0x73, 0x65, 0x54, 0x4c, + 0x53, 0x12, 0x12, 0x0a, 0x04, 0x47, 0x52, 0x50, 0x43, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x04, 0x47, 0x52, 0x50, 0x43, 0x12, 0x1e, 0x0a, 0x0a, 0x47, 0x52, 0x50, 0x43, 0x55, 0x73, 0x65, + 0x54, 0x4c, 0x53, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x47, 0x52, 0x50, 0x43, 0x55, + 0x73, 0x65, 0x54, 0x4c, 0x53, 0x12, 0x24, 0x0a, 0x0d, 0x54, 0x4c, 0x53, 0x53, 0x65, 0x72, 0x76, + 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x1b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x54, 0x4c, + 0x53, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x24, 0x0a, 0x0d, 0x54, + 0x4c, 0x53, 0x53, 0x6b, 0x69, 0x70, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x18, 0x10, 0x20, 0x01, + 0x28, 0x08, 0x52, 0x0d, 0x54, 0x4c, 0x53, 0x53, 0x6b, 0x69, 0x70, 0x56, 0x65, 0x72, 0x69, 0x66, + 0x79, 0x12, 0x33, 0x0a, 0x07, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x11, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x07, 0x54, + 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x2b, 0x0a, 0x03, 0x54, 0x54, 0x4c, 0x18, 0x12, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x03, + 0x54, 0x54, 0x4c, 0x12, 0x32, 0x0a, 0x14, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x42, 0x65, + 0x66, 0x6f, 0x72, 0x65, 0x50, 0x61, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x18, 0x15, 0x20, 0x01, 0x28, + 0x05, 0x52, 0x14, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x42, 0x65, 0x66, 0x6f, 0x72, 0x65, + 0x50, 0x61, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x12, 0x34, 0x0a, 0x15, 0x46, 0x61, 0x69, 0x6c, 0x75, + 0x72, 0x65, 0x73, 0x42, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x57, 0x61, 0x72, 0x6e, 0x69, 0x6e, 0x67, + 0x18, 0x1d, 0x20, 0x01, 0x28, 0x05, 0x52, 0x15, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x73, + 0x42, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x57, 0x61, 0x72, 0x6e, 0x69, 0x6e, 0x67, 0x12, 0x36, 0x0a, + 0x16, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x73, 0x42, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x43, + 0x72, 0x69, 0x74, 0x69, 0x63, 0x61, 0x6c, 0x18, 0x16, 0x20, 0x01, 0x28, 0x05, 0x52, 0x16, 0x46, + 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x73, 0x42, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x43, 0x72, 0x69, + 0x74, 0x69, 0x63, 0x61, 0x6c, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x48, 0x54, + 0x54, 0x50, 0x18, 0x17, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x48, + 0x54, 0x54, 0x50, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x47, 0x52, 0x50, 0x43, + 0x18, 0x18, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x47, 0x52, 0x50, + 0x43, 0x12, 0x61, 0x0a, 0x1e, 0x44, 0x65, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x43, + 0x72, 0x69, 0x74, 0x69, 0x63, 0x61, 0x6c, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x41, 0x66, + 0x74, 0x65, 0x72, 0x18, 0x13, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, + 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x1e, 0x44, 0x65, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, + 0x43, 0x72, 0x69, 0x74, 0x69, 0x63, 0x61, 0x6c, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x41, + 0x66, 0x74, 0x65, 0x72, 0x12, 0x24, 0x0a, 0x0d, 0x4f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x4d, 0x61, + 0x78, 0x53, 0x69, 0x7a, 0x65, 0x18, 0x19, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0d, 0x4f, 0x75, 0x74, + 0x70, 0x75, 0x74, 0x4d, 0x61, 0x78, 0x53, 0x69, 0x7a, 0x65, 0x1a, 0x51, 0x0a, 0x0b, 0x48, 0x65, + 0x61, 0x64, 0x65, 0x72, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x2c, 0x0a, 0x05, 0x76, + 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x70, 0x62, 0x73, + 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x56, 0x61, 0x6c, + 0x75, 0x65, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x42, 0x2d, 0x5a, + 0x2b, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, + 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x62, 0x06, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x33, } -func init() { - proto.RegisterFile("proto/pbservice/healthcheck.proto", fileDescriptor_8a6f7448747c9fbe) +var ( + file_proto_pbservice_healthcheck_proto_rawDescOnce sync.Once + file_proto_pbservice_healthcheck_proto_rawDescData = file_proto_pbservice_healthcheck_proto_rawDesc +) + +func file_proto_pbservice_healthcheck_proto_rawDescGZIP() []byte { + file_proto_pbservice_healthcheck_proto_rawDescOnce.Do(func() { + file_proto_pbservice_healthcheck_proto_rawDescData = protoimpl.X.CompressGZIP(file_proto_pbservice_healthcheck_proto_rawDescData) + }) + return file_proto_pbservice_healthcheck_proto_rawDescData } -var fileDescriptor_8a6f7448747c9fbe = []byte{ - // 994 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x56, 0xd1, 0x6e, 0x22, 0x37, - 0x14, 0x15, 0x21, 0x40, 0xc6, 0x84, 0x6c, 0xe2, 0x4d, 0x52, 0x2f, 0xbb, 0x8d, 0x28, 0xdd, 0x07, - 0xa4, 0x4d, 0x41, 0x62, 0xdb, 0x6a, 0xd5, 0x87, 0xaa, 0x09, 0xa4, 0x1b, 0xa4, 0x24, 0xa5, 0xc3, - 0x74, 0x2b, 0xf5, 0xcd, 0x19, 0x0c, 0x58, 0x19, 0xc6, 0x23, 0x8f, 0x27, 0x0a, 0xfd, 0x80, 0x7e, - 0x42, 0xbf, 0xa1, 0x9f, 0x59, 0xf9, 0x7a, 0x06, 0x66, 0x96, 0x49, 0x88, 0x54, 0xf5, 0x09, 0xdf, - 0x7b, 0xae, 0x8d, 0x7d, 0xef, 0x39, 0x07, 0xd0, 0x57, 0x81, 0x14, 0x4a, 0x74, 0x82, 0xdb, 0x90, - 0xc9, 0x7b, 0xee, 0xb2, 0xce, 0x8c, 0x51, 0x4f, 0xcd, 0xdc, 0x19, 0x73, 0xef, 0xda, 0x80, 0x61, - 0x6b, 0x09, 0xd6, 0x4f, 0xa6, 0x42, 0x4c, 0x3d, 0xd6, 0x01, 0xe0, 0x36, 0x9a, 0x74, 0xc6, 0x91, - 0xa4, 0x8a, 0x0b, 0xdf, 0x94, 0xd6, 0x5f, 0x27, 0xa7, 0xb9, 0x62, 0x3e, 0x17, 0x7e, 0xc7, 0x7c, - 0x18, 0xb0, 0xf9, 0xf7, 0x36, 0xaa, 0x5e, 0xc2, 0xe9, 0x3d, 0x7d, 0x3a, 0xc6, 0x68, 0xfb, 0x46, - 0x8c, 0x19, 0x29, 0x34, 0x0a, 0x2d, 0xcb, 0x86, 0x35, 0x26, 0xa8, 0x02, 0xe0, 0xa0, 0x4f, 0xb6, - 0x20, 0x9d, 0x84, 0x50, 0x4d, 0xe7, 0x8c, 0x14, 0xe3, 0x6a, 0x3a, 0x67, 0xf8, 0x18, 0x95, 0x47, - 0x8a, 0xaa, 0x28, 0x24, 0xdb, 0x90, 0x8d, 0x23, 0x7c, 0x88, 0x4a, 0x37, 0x42, 0xb1, 0x90, 0x94, - 0x20, 0x6d, 0x02, 0x5d, 0xfd, 0x4b, 0xa4, 0x82, 0x48, 0x91, 0xb2, 0xa9, 0x36, 0x11, 0x7e, 0x83, - 0xac, 0x91, 0x79, 0xdf, 0xa0, 0x4f, 0x2a, 0x00, 0xad, 0x12, 0xb8, 0x81, 0xaa, 0x71, 0x00, 0x5f, - 0xbf, 0x03, 0x78, 0x3a, 0x95, 0xaa, 0x70, 0xe8, 0x34, 0x24, 0x56, 0xa3, 0x98, 0xaa, 0xd0, 0x29, - 0x7d, 0x77, 0x67, 0x11, 0x30, 0xb2, 0x6b, 0xee, 0xae, 0xd7, 0xf8, 0x27, 0x84, 0xfa, 0x6c, 0xc2, - 0x7d, 0xae, 0xdb, 0x47, 0x50, 0xa3, 0xd0, 0xaa, 0x76, 0x1b, 0xed, 0x65, 0xab, 0xdb, 0xa9, 0x4e, - 0xad, 0xea, 0xec, 0xd4, 0x1e, 0xdc, 0x41, 0x96, 0x4d, 0x27, 0x6a, 0xe0, 0x8f, 0xd9, 0x03, 0xa9, - 0xc2, 0x01, 0x07, 0xed, 0xb8, 0xe3, 0x4b, 0xc0, 0x5e, 0xd5, 0xe0, 0x1f, 0xd1, 0xde, 0x85, 0xaf, - 0x98, 0x0c, 0x24, 0x0f, 0xd9, 0x35, 0x53, 0x94, 0xd4, 0x60, 0xd7, 0x71, 0xb2, 0x2b, 0x8b, 0xda, - 0x9f, 0x55, 0xeb, 0x87, 0x5e, 0x3c, 0x04, 0x22, 0x64, 0xe3, 0xa1, 0x90, 0x8a, 0xec, 0x35, 0x0a, - 0xad, 0x92, 0x9d, 0x4e, 0xe1, 0x3a, 0xda, 0x19, 0xe8, 0x3d, 0xf7, 0xd4, 0x23, 0x2f, 0xe0, 0xb1, - 0xcb, 0x58, 0x8f, 0xd6, 0xe1, 0x73, 0x26, 0x22, 0x45, 0xf6, 0xcd, 0x68, 0xe3, 0xb0, 0xf9, 0x35, - 0xf0, 0x62, 0xcc, 0xe4, 0x27, 0xea, 0x45, 0x4c, 0x4f, 0x0f, 0x16, 0xa4, 0x00, 0x9d, 0x34, 0x41, - 0xf3, 0xaf, 0x0a, 0x3a, 0xca, 0xed, 0x89, 0xee, 0xee, 0xa5, 0xe3, 0x0c, 0x13, 0x1e, 0xe9, 0x35, - 0x7e, 0x8b, 0x6a, 0xce, 0xd5, 0x48, 0xcf, 0x80, 0x49, 0x98, 0xdb, 0x4b, 0x00, 0xb3, 0xc9, 0xa4, - 0xea, 0x8e, 0x07, 0x9f, 0x98, 0xe4, 0x93, 0x05, 0x70, 0x6e, 0xc7, 0xce, 0x26, 0x71, 0x1f, 0x95, - 0xcd, 0xf5, 0x48, 0xb1, 0x51, 0x6c, 0x55, 0xbb, 0xa7, 0x9b, 0xa6, 0xd4, 0x36, 0xe5, 0x17, 0xbe, - 0x92, 0x0b, 0x3b, 0xde, 0xab, 0xd9, 0x77, 0xcd, 0xd4, 0x4c, 0x8c, 0x13, 0xae, 0x9a, 0x48, 0xdf, - 0xfe, 0x5c, 0x8c, 0x17, 0x04, 0x9b, 0xdb, 0xeb, 0x35, 0xde, 0x47, 0x45, 0xa7, 0x37, 0x8c, 0xd9, - 0xab, 0x97, 0xf8, 0xbb, 0x54, 0x63, 0xcb, 0x30, 0xb4, 0x57, 0x6d, 0xa3, 0xc5, 0x76, 0xa2, 0xc5, - 0x76, 0x3f, 0xd6, 0x62, 0xaa, 0xe7, 0x6f, 0x51, 0xcd, 0x90, 0xfc, 0x9a, 0x3e, 0x8c, 0xf8, 0x9f, - 0x8c, 0x58, 0x8d, 0x42, 0xab, 0x66, 0x67, 0x93, 0xf8, 0xfd, 0x6a, 0x32, 0x95, 0x4d, 0x67, 0x27, - 0x95, 0x98, 0xa2, 0x93, 0x3e, 0x93, 0x6c, 0xca, 0x43, 0xc5, 0x64, 0x4f, 0x72, 0xc5, 0x5d, 0xea, - 0xc5, 0xa4, 0x3f, 0x9b, 0x28, 0x26, 0x41, 0x2a, 0x4f, 0x9e, 0xb5, 0xe1, 0x00, 0x7c, 0x82, 0xd0, - 0xc8, 0x95, 0x3c, 0x50, 0x67, 0x72, 0x1a, 0x12, 0x04, 0x6c, 0x48, 0x65, 0xf0, 0x29, 0x3a, 0xe8, - 0x0b, 0xf7, 0x8e, 0xc9, 0x9e, 0xf0, 0x15, 0xe5, 0x3e, 0x93, 0x83, 0x3e, 0x08, 0xc1, 0xb2, 0xd7, - 0x01, 0x4d, 0xab, 0xd1, 0x8c, 0x79, 0x5e, 0xac, 0x42, 0x13, 0xe8, 0xb1, 0x5c, 0x76, 0x87, 0x83, - 0x9b, 0x8f, 0xe4, 0xd0, 0x8c, 0xc5, 0x44, 0xb8, 0x89, 0x76, 0x2f, 0xbb, 0x43, 0xee, 0x4f, 0x7f, - 0x0b, 0x99, 0x73, 0x35, 0x22, 0x47, 0xc0, 0x8c, 0x4c, 0x4e, 0x8f, 0xee, 0xa3, 0x3d, 0xec, 0x81, - 0x8a, 0x2c, 0x1b, 0xd6, 0xfa, 0xce, 0xfa, 0x33, 0xde, 0xb5, 0x07, 0xbb, 0x52, 0x19, 0x6d, 0x36, - 0x67, 0x1e, 0xa7, 0x21, 0x38, 0x9f, 0x91, 0xc8, 0x2a, 0xa1, 0xbf, 0x15, 0x82, 0xb8, 0x0d, 0xb1, - 0x50, 0x32, 0x39, 0xfc, 0x0e, 0x15, 0x1d, 0xe7, 0x8a, 0x1c, 0x6c, 0xea, 0xae, 0xae, 0xaa, 0xff, - 0x9a, 0x48, 0x0b, 0xc8, 0xa8, 0x89, 0x75, 0xc7, 0x16, 0xb1, 0x52, 0xf4, 0x12, 0x9f, 0xa2, 0xd2, - 0x3d, 0x88, 0x6d, 0x2b, 0xb6, 0x82, 0x0c, 0xb7, 0x13, 0x4d, 0xda, 0xa6, 0xe8, 0x87, 0xad, 0x0f, - 0x85, 0xe6, 0x3f, 0x16, 0xb2, 0x80, 0xf0, 0x60, 0x63, 0x29, 0xc3, 0x2e, 0xe4, 0x1b, 0xf6, 0x56, - 0xae, 0x61, 0x17, 0xf3, 0x0d, 0x7b, 0x3b, 0x6d, 0xd8, 0xd9, 0xf9, 0x97, 0xd6, 0xe6, 0x9f, 0x08, - 0xbf, 0x9c, 0x12, 0xfe, 0x87, 0xa5, 0x58, 0x0f, 0x41, 0xac, 0x69, 0x4b, 0x5d, 0xde, 0x7a, 0x83, - 0x40, 0x2b, 0xb9, 0x02, 0xad, 0xaf, 0x0b, 0x74, 0x27, 0x5f, 0xa0, 0xd6, 0xf3, 0x05, 0x9a, 0xa1, - 0x03, 0xda, 0x44, 0x87, 0x6a, 0x0e, 0x1d, 0x72, 0x45, 0xb0, 0xbb, 0x51, 0x04, 0xb5, 0x7c, 0x11, - 0xbc, 0x79, 0x52, 0x04, 0x27, 0x4f, 0x88, 0x60, 0xef, 0x51, 0x11, 0xbc, 0x58, 0x13, 0xc1, 0x9a, - 0x3b, 0xbf, 0x7e, 0x96, 0x3b, 0xef, 0xe7, 0xb9, 0x73, 0xca, 0xbc, 0x0e, 0x9e, 0x6d, 0x5e, 0xb1, - 0x86, 0xf0, 0x73, 0x34, 0x84, 0xbb, 0xe8, 0x70, 0x14, 0xb9, 0x2e, 0x0b, 0xc3, 0x73, 0x36, 0x11, - 0x92, 0x0d, 0x69, 0x18, 0x72, 0x7f, 0x0a, 0x96, 0x50, 0xb2, 0x73, 0x31, 0xfc, 0x2d, 0x3a, 0xfa, - 0x99, 0x72, 0x2f, 0x92, 0x2c, 0x06, 0x7e, 0xa7, 0xd2, 0xd7, 0x9b, 0xbe, 0x84, 0x4d, 0xf9, 0x20, - 0xfe, 0x1e, 0x1d, 0x67, 0x81, 0xc4, 0x16, 0xc9, 0x31, 0x6c, 0x7b, 0x04, 0xd5, 0x2c, 0x1a, 0x4a, - 0xf1, 0xb0, 0x00, 0x35, 0x7c, 0x61, 0x58, 0xb4, 0x4c, 0x2c, 0x51, 0x18, 0x13, 0x49, 0xa1, 0x30, - 0xab, 0xcd, 0x3e, 0xfe, 0xf2, 0xbf, 0xfa, 0xf8, 0xda, 0xaf, 0xd0, 0x2b, 0x78, 0x4d, 0x36, 0xf9, - 0x3f, 0x58, 0xd5, 0xf9, 0x37, 0x7f, 0xbc, 0x9b, 0x72, 0x35, 0x8b, 0x6e, 0xf5, 0x1f, 0x9c, 0xce, - 0x8c, 0x86, 0x33, 0xee, 0x0a, 0x19, 0x74, 0x5c, 0xe1, 0x87, 0x91, 0xd7, 0xf9, 0xec, 0xaf, 0xef, - 0x6d, 0x19, 0x12, 0xef, 0xff, 0x0d, 0x00, 0x00, 0xff, 0xff, 0x33, 0x6c, 0x46, 0x9d, 0x14, 0x0b, - 0x00, 0x00, +var file_proto_pbservice_healthcheck_proto_msgTypes = make([]protoimpl.MessageInfo, 6) +var file_proto_pbservice_healthcheck_proto_goTypes = []interface{}{ + (*HealthCheck)(nil), // 0: pbservice.HealthCheck + (*HeaderValue)(nil), // 1: pbservice.HeaderValue + (*HealthCheckDefinition)(nil), // 2: pbservice.HealthCheckDefinition + (*CheckType)(nil), // 3: pbservice.CheckType + nil, // 4: pbservice.HealthCheckDefinition.HeaderEntry + nil, // 5: pbservice.CheckType.HeaderEntry + (*pbcommon.RaftIndex)(nil), // 6: common.RaftIndex + (*pbcommon.EnterpriseMeta)(nil), // 7: common.EnterpriseMeta + (*durationpb.Duration)(nil), // 8: google.protobuf.Duration +} +var file_proto_pbservice_healthcheck_proto_depIdxs = []int32{ + 2, // 0: pbservice.HealthCheck.Definition:type_name -> pbservice.HealthCheckDefinition + 6, // 1: pbservice.HealthCheck.RaftIndex:type_name -> common.RaftIndex + 7, // 2: pbservice.HealthCheck.EnterpriseMeta:type_name -> common.EnterpriseMeta + 4, // 3: pbservice.HealthCheckDefinition.Header:type_name -> pbservice.HealthCheckDefinition.HeaderEntry + 8, // 4: pbservice.HealthCheckDefinition.Interval:type_name -> google.protobuf.Duration + 8, // 5: pbservice.HealthCheckDefinition.Timeout:type_name -> google.protobuf.Duration + 8, // 6: pbservice.HealthCheckDefinition.DeregisterCriticalServiceAfter:type_name -> google.protobuf.Duration + 8, // 7: pbservice.HealthCheckDefinition.TTL:type_name -> google.protobuf.Duration + 5, // 8: pbservice.CheckType.Header:type_name -> pbservice.CheckType.HeaderEntry + 8, // 9: pbservice.CheckType.Interval:type_name -> google.protobuf.Duration + 8, // 10: pbservice.CheckType.Timeout:type_name -> google.protobuf.Duration + 8, // 11: pbservice.CheckType.TTL:type_name -> google.protobuf.Duration + 8, // 12: pbservice.CheckType.DeregisterCriticalServiceAfter:type_name -> google.protobuf.Duration + 1, // 13: pbservice.HealthCheckDefinition.HeaderEntry.value:type_name -> pbservice.HeaderValue + 1, // 14: pbservice.CheckType.HeaderEntry.value:type_name -> pbservice.HeaderValue + 15, // [15:15] is the sub-list for method output_type + 15, // [15:15] is the sub-list for method input_type + 15, // [15:15] is the sub-list for extension type_name + 15, // [15:15] is the sub-list for extension extendee + 0, // [0:15] is the sub-list for field type_name +} + +func init() { file_proto_pbservice_healthcheck_proto_init() } +func file_proto_pbservice_healthcheck_proto_init() { + if File_proto_pbservice_healthcheck_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_proto_pbservice_healthcheck_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*HealthCheck); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_proto_pbservice_healthcheck_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*HeaderValue); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_proto_pbservice_healthcheck_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*HealthCheckDefinition); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_proto_pbservice_healthcheck_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*CheckType); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_proto_pbservice_healthcheck_proto_rawDesc, + NumEnums: 0, + NumMessages: 6, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_proto_pbservice_healthcheck_proto_goTypes, + DependencyIndexes: file_proto_pbservice_healthcheck_proto_depIdxs, + MessageInfos: file_proto_pbservice_healthcheck_proto_msgTypes, + }.Build() + File_proto_pbservice_healthcheck_proto = out.File + file_proto_pbservice_healthcheck_proto_rawDesc = nil + file_proto_pbservice_healthcheck_proto_goTypes = nil + file_proto_pbservice_healthcheck_proto_depIdxs = nil } diff --git a/proto/pbservice/ids_test.go b/proto/pbservice/ids_test.go index 2d534e902..09d459aaf 100644 --- a/proto/pbservice/ids_test.go +++ b/proto/pbservice/ids_test.go @@ -11,17 +11,17 @@ import ( func TestCheckServiceNode_UniqueID(t *testing.T) { type testCase struct { name string - csn CheckServiceNode + csn *CheckServiceNode expected string } - fn := func(t *testing.T, tc testCase) { + fn := func(t *testing.T, tc *testCase) { require.Equal(t, tc.expected, tc.csn.UniqueID()) } var testCases = []testCase{ { name: "full", - csn: CheckServiceNode{ + csn: &CheckServiceNode{ Node: &Node{Node: "the-node-name"}, Service: &NodeService{ ID: "the-service-id", @@ -32,7 +32,7 @@ func TestCheckServiceNode_UniqueID(t *testing.T) { }, { name: "without node", - csn: CheckServiceNode{ + csn: &CheckServiceNode{ Service: &NodeService{ ID: "the-service-id", EnterpriseMeta: &pbcommon.EnterpriseMeta{Namespace: "the-namespace"}, @@ -42,14 +42,14 @@ func TestCheckServiceNode_UniqueID(t *testing.T) { }, { name: "without service", - csn: CheckServiceNode{ + csn: &CheckServiceNode{ Node: &Node{Node: "the-node-name"}, }, expected: "/the-node-name/", }, { name: "without namespace", - csn: CheckServiceNode{ + csn: &CheckServiceNode{ Node: &Node{Node: "the-node-name"}, Service: &NodeService{ ID: "the-service-id", @@ -60,7 +60,7 @@ func TestCheckServiceNode_UniqueID(t *testing.T) { } for _, tc := range testCases { t.Run(tc.name, func(t *testing.T) { - fn(t, tc) + fn(t, &tc) }) } diff --git a/proto/pbservice/node.pb.go b/proto/pbservice/node.pb.go index 556f37d57..44340c9aa 100644 --- a/proto/pbservice/node.pb.go +++ b/proto/pbservice/node.pb.go @@ -1,79 +1,92 @@ // Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.23.0 +// protoc v3.15.8 // source: proto/pbservice/node.proto package pbservice import ( - fmt "fmt" proto "github.com/golang/protobuf/proto" pbcommon "github.com/hashicorp/consul/proto/pbcommon" - math "math" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" ) -// Reference imports to suppress errors if they are not otherwise used. -var _ = proto.Marshal -var _ = fmt.Errorf -var _ = math.Inf +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) -// This is a compile-time assertion to ensure that this generated file -// is compatible with the proto package it is being compiled against. -// A compilation error at this line likely means your copy of the -// proto package needs to be updated. -const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package +// This is a compile-time assertion that a sufficiently up-to-date version +// of the legacy proto package is being used. +const _ = proto.ProtoPackageIsVersion4 // CheckServiceNode is used to provide the node, its service // definition, as well as a HealthCheck that is associated. type CheckServiceNode struct { - Node *Node `protobuf:"bytes,1,opt,name=Node,proto3" json:"Node,omitempty"` - Service *NodeService `protobuf:"bytes,2,opt,name=Service,proto3" json:"Service,omitempty"` - Checks []*HealthCheck `protobuf:"bytes,3,rep,name=Checks,proto3" json:"Checks,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Node *Node `protobuf:"bytes,1,opt,name=Node,proto3" json:"Node,omitempty"` + Service *NodeService `protobuf:"bytes,2,opt,name=Service,proto3" json:"Service,omitempty"` + Checks []*HealthCheck `protobuf:"bytes,3,rep,name=Checks,proto3" json:"Checks,omitempty"` } -func (m *CheckServiceNode) Reset() { *m = CheckServiceNode{} } -func (m *CheckServiceNode) String() string { return proto.CompactTextString(m) } -func (*CheckServiceNode) ProtoMessage() {} +func (x *CheckServiceNode) Reset() { + *x = CheckServiceNode{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_pbservice_node_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *CheckServiceNode) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CheckServiceNode) ProtoMessage() {} + +func (x *CheckServiceNode) ProtoReflect() protoreflect.Message { + mi := &file_proto_pbservice_node_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CheckServiceNode.ProtoReflect.Descriptor instead. func (*CheckServiceNode) Descriptor() ([]byte, []int) { - return fileDescriptor_bbc215b78fa95fe5, []int{0} + return file_proto_pbservice_node_proto_rawDescGZIP(), []int{0} } -func (m *CheckServiceNode) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_CheckServiceNode.Unmarshal(m, b) -} -func (m *CheckServiceNode) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_CheckServiceNode.Marshal(b, m, deterministic) -} -func (m *CheckServiceNode) XXX_Merge(src proto.Message) { - xxx_messageInfo_CheckServiceNode.Merge(m, src) -} -func (m *CheckServiceNode) XXX_Size() int { - return xxx_messageInfo_CheckServiceNode.Size(m) -} -func (m *CheckServiceNode) XXX_DiscardUnknown() { - xxx_messageInfo_CheckServiceNode.DiscardUnknown(m) -} - -var xxx_messageInfo_CheckServiceNode proto.InternalMessageInfo - -func (m *CheckServiceNode) GetNode() *Node { - if m != nil { - return m.Node +func (x *CheckServiceNode) GetNode() *Node { + if x != nil { + return x.Node } return nil } -func (m *CheckServiceNode) GetService() *NodeService { - if m != nil { - return m.Service +func (x *CheckServiceNode) GetService() *NodeService { + if x != nil { + return x.Service } return nil } -func (m *CheckServiceNode) GetChecks() []*HealthCheck { - if m != nil { - return m.Checks +func (x *CheckServiceNode) GetChecks() []*HealthCheck { + if x != nil { + return x.Checks } return nil } @@ -86,6 +99,10 @@ func (m *CheckServiceNode) GetChecks() []*HealthCheck { // output=node.gen.go // name=Structs type Node struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + // mog: func-to=NodeIDType func-from=string ID string `protobuf:"bytes,1,opt,name=ID,proto3" json:"ID,omitempty"` Node string `protobuf:"bytes,2,opt,name=Node,proto3" json:"Node,omitempty"` @@ -95,89 +112,93 @@ type Node struct { TaggedAddresses map[string]string `protobuf:"bytes,5,rep,name=TaggedAddresses,proto3" json:"TaggedAddresses,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` Meta map[string]string `protobuf:"bytes,6,rep,name=Meta,proto3" json:"Meta,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` // mog: func-to=RaftIndexToStructs func-from=NewRaftIndexFromStructs - RaftIndex *pbcommon.RaftIndex `protobuf:"bytes,7,opt,name=RaftIndex,proto3" json:"RaftIndex,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + RaftIndex *pbcommon.RaftIndex `protobuf:"bytes,7,opt,name=RaftIndex,proto3" json:"RaftIndex,omitempty"` } -func (m *Node) Reset() { *m = Node{} } -func (m *Node) String() string { return proto.CompactTextString(m) } -func (*Node) ProtoMessage() {} +func (x *Node) Reset() { + *x = Node{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_pbservice_node_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Node) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Node) ProtoMessage() {} + +func (x *Node) ProtoReflect() protoreflect.Message { + mi := &file_proto_pbservice_node_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Node.ProtoReflect.Descriptor instead. func (*Node) Descriptor() ([]byte, []int) { - return fileDescriptor_bbc215b78fa95fe5, []int{1} + return file_proto_pbservice_node_proto_rawDescGZIP(), []int{1} } -func (m *Node) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_Node.Unmarshal(m, b) -} -func (m *Node) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_Node.Marshal(b, m, deterministic) -} -func (m *Node) XXX_Merge(src proto.Message) { - xxx_messageInfo_Node.Merge(m, src) -} -func (m *Node) XXX_Size() int { - return xxx_messageInfo_Node.Size(m) -} -func (m *Node) XXX_DiscardUnknown() { - xxx_messageInfo_Node.DiscardUnknown(m) -} - -var xxx_messageInfo_Node proto.InternalMessageInfo - -func (m *Node) GetID() string { - if m != nil { - return m.ID +func (x *Node) GetID() string { + if x != nil { + return x.ID } return "" } -func (m *Node) GetNode() string { - if m != nil { - return m.Node +func (x *Node) GetNode() string { + if x != nil { + return x.Node } return "" } -func (m *Node) GetPartition() string { - if m != nil { - return m.Partition +func (x *Node) GetPartition() string { + if x != nil { + return x.Partition } return "" } -func (m *Node) GetAddress() string { - if m != nil { - return m.Address +func (x *Node) GetAddress() string { + if x != nil { + return x.Address } return "" } -func (m *Node) GetDatacenter() string { - if m != nil { - return m.Datacenter +func (x *Node) GetDatacenter() string { + if x != nil { + return x.Datacenter } return "" } -func (m *Node) GetTaggedAddresses() map[string]string { - if m != nil { - return m.TaggedAddresses +func (x *Node) GetTaggedAddresses() map[string]string { + if x != nil { + return x.TaggedAddresses } return nil } -func (m *Node) GetMeta() map[string]string { - if m != nil { - return m.Meta +func (x *Node) GetMeta() map[string]string { + if x != nil { + return x.Meta } return nil } -func (m *Node) GetRaftIndex() *pbcommon.RaftIndex { - if m != nil { - return m.RaftIndex +func (x *Node) GetRaftIndex() *pbcommon.RaftIndex { + if x != nil { + return x.RaftIndex } return nil } @@ -190,6 +211,10 @@ func (m *Node) GetRaftIndex() *pbcommon.RaftIndex { // output=node.gen.go // name=Structs type NodeService struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + // Kind is the kind of service this is. Different kinds of services may // have differing validation, DNS behavior, etc. An empty kind will default // to the Default kind. See ServiceKind for the full list of kinds. @@ -243,204 +268,372 @@ type NodeService struct { // mog: func-to=EnterpriseMetaToStructs func-from=NewEnterpriseMetaFromStructs EnterpriseMeta *pbcommon.EnterpriseMeta `protobuf:"bytes,16,opt,name=EnterpriseMeta,proto3" json:"EnterpriseMeta,omitempty"` // mog: func-to=RaftIndexToStructs func-from=NewRaftIndexFromStructs - RaftIndex *pbcommon.RaftIndex `protobuf:"bytes,14,opt,name=RaftIndex,proto3" json:"RaftIndex,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + RaftIndex *pbcommon.RaftIndex `protobuf:"bytes,14,opt,name=RaftIndex,proto3" json:"RaftIndex,omitempty"` } -func (m *NodeService) Reset() { *m = NodeService{} } -func (m *NodeService) String() string { return proto.CompactTextString(m) } -func (*NodeService) ProtoMessage() {} +func (x *NodeService) Reset() { + *x = NodeService{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_pbservice_node_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *NodeService) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*NodeService) ProtoMessage() {} + +func (x *NodeService) ProtoReflect() protoreflect.Message { + mi := &file_proto_pbservice_node_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use NodeService.ProtoReflect.Descriptor instead. func (*NodeService) Descriptor() ([]byte, []int) { - return fileDescriptor_bbc215b78fa95fe5, []int{2} + return file_proto_pbservice_node_proto_rawDescGZIP(), []int{2} } -func (m *NodeService) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_NodeService.Unmarshal(m, b) -} -func (m *NodeService) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_NodeService.Marshal(b, m, deterministic) -} -func (m *NodeService) XXX_Merge(src proto.Message) { - xxx_messageInfo_NodeService.Merge(m, src) -} -func (m *NodeService) XXX_Size() int { - return xxx_messageInfo_NodeService.Size(m) -} -func (m *NodeService) XXX_DiscardUnknown() { - xxx_messageInfo_NodeService.DiscardUnknown(m) -} - -var xxx_messageInfo_NodeService proto.InternalMessageInfo - -func (m *NodeService) GetKind() string { - if m != nil { - return m.Kind +func (x *NodeService) GetKind() string { + if x != nil { + return x.Kind } return "" } -func (m *NodeService) GetID() string { - if m != nil { - return m.ID +func (x *NodeService) GetID() string { + if x != nil { + return x.ID } return "" } -func (m *NodeService) GetService() string { - if m != nil { - return m.Service +func (x *NodeService) GetService() string { + if x != nil { + return x.Service } return "" } -func (m *NodeService) GetTags() []string { - if m != nil { - return m.Tags +func (x *NodeService) GetTags() []string { + if x != nil { + return x.Tags } return nil } -func (m *NodeService) GetAddress() string { - if m != nil { - return m.Address +func (x *NodeService) GetAddress() string { + if x != nil { + return x.Address } return "" } -func (m *NodeService) GetTaggedAddresses() map[string]*ServiceAddress { - if m != nil { - return m.TaggedAddresses +func (x *NodeService) GetTaggedAddresses() map[string]*ServiceAddress { + if x != nil { + return x.TaggedAddresses } return nil } -func (m *NodeService) GetMeta() map[string]string { - if m != nil { - return m.Meta +func (x *NodeService) GetMeta() map[string]string { + if x != nil { + return x.Meta } return nil } -func (m *NodeService) GetPort() int32 { - if m != nil { - return m.Port +func (x *NodeService) GetPort() int32 { + if x != nil { + return x.Port } return 0 } -func (m *NodeService) GetSocketPath() string { - if m != nil { - return m.SocketPath +func (x *NodeService) GetSocketPath() string { + if x != nil { + return x.SocketPath } return "" } -func (m *NodeService) GetWeights() *Weights { - if m != nil { - return m.Weights +func (x *NodeService) GetWeights() *Weights { + if x != nil { + return x.Weights } return nil } -func (m *NodeService) GetEnableTagOverride() bool { - if m != nil { - return m.EnableTagOverride +func (x *NodeService) GetEnableTagOverride() bool { + if x != nil { + return x.EnableTagOverride } return false } -func (m *NodeService) GetProxy() *ConnectProxyConfig { - if m != nil { - return m.Proxy +func (x *NodeService) GetProxy() *ConnectProxyConfig { + if x != nil { + return x.Proxy } return nil } -func (m *NodeService) GetConnect() *ServiceConnect { - if m != nil { - return m.Connect +func (x *NodeService) GetConnect() *ServiceConnect { + if x != nil { + return x.Connect } return nil } -func (m *NodeService) GetLocallyRegisteredAsSidecar() bool { - if m != nil { - return m.LocallyRegisteredAsSidecar +func (x *NodeService) GetLocallyRegisteredAsSidecar() bool { + if x != nil { + return x.LocallyRegisteredAsSidecar } return false } -func (m *NodeService) GetEnterpriseMeta() *pbcommon.EnterpriseMeta { - if m != nil { - return m.EnterpriseMeta +func (x *NodeService) GetEnterpriseMeta() *pbcommon.EnterpriseMeta { + if x != nil { + return x.EnterpriseMeta } return nil } -func (m *NodeService) GetRaftIndex() *pbcommon.RaftIndex { - if m != nil { - return m.RaftIndex +func (x *NodeService) GetRaftIndex() *pbcommon.RaftIndex { + if x != nil { + return x.RaftIndex } return nil } -func init() { - proto.RegisterType((*CheckServiceNode)(nil), "pbservice.CheckServiceNode") - proto.RegisterType((*Node)(nil), "pbservice.Node") - proto.RegisterMapType((map[string]string)(nil), "pbservice.Node.MetaEntry") - proto.RegisterMapType((map[string]string)(nil), "pbservice.Node.TaggedAddressesEntry") - proto.RegisterType((*NodeService)(nil), "pbservice.NodeService") - proto.RegisterMapType((map[string]string)(nil), "pbservice.NodeService.MetaEntry") - proto.RegisterMapType((map[string]*ServiceAddress)(nil), "pbservice.NodeService.TaggedAddressesEntry") +var File_proto_pbservice_node_proto protoreflect.FileDescriptor + +var file_proto_pbservice_node_proto_rawDesc = []byte{ + 0x0a, 0x1a, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, + 0x65, 0x2f, 0x6e, 0x6f, 0x64, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x09, 0x70, 0x62, + 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x1a, 0x1b, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, + 0x62, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x21, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x73, 0x65, + 0x72, 0x76, 0x69, 0x63, 0x65, 0x2f, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x63, 0x68, 0x65, 0x63, + 0x6b, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1d, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, + 0x62, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x99, 0x01, 0x0a, 0x10, 0x43, 0x68, 0x65, 0x63, 0x6b, + 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4e, 0x6f, 0x64, 0x65, 0x12, 0x23, 0x0a, 0x04, 0x4e, + 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x70, 0x62, 0x73, 0x65, + 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x4e, 0x6f, 0x64, 0x65, 0x52, 0x04, 0x4e, 0x6f, 0x64, 0x65, + 0x12, 0x30, 0x0a, 0x07, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x16, 0x2e, 0x70, 0x62, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x4e, 0x6f, + 0x64, 0x65, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x07, 0x53, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0x12, 0x2e, 0x0a, 0x06, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x73, 0x18, 0x03, 0x20, 0x03, + 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x70, 0x62, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x48, + 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x06, 0x43, 0x68, 0x65, 0x63, + 0x6b, 0x73, 0x22, 0xaf, 0x03, 0x0a, 0x04, 0x4e, 0x6f, 0x64, 0x65, 0x12, 0x0e, 0x0a, 0x02, 0x49, + 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x49, 0x44, 0x12, 0x12, 0x0a, 0x04, 0x4e, + 0x6f, 0x64, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x6f, 0x64, 0x65, 0x12, + 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x08, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x18, 0x0a, + 0x07, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, + 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x1e, 0x0a, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, + 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x44, 0x61, 0x74, + 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x4e, 0x0a, 0x0f, 0x54, 0x61, 0x67, 0x67, 0x65, + 0x64, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, + 0x32, 0x24, 0x2e, 0x70, 0x62, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x4e, 0x6f, 0x64, + 0x65, 0x2e, 0x54, 0x61, 0x67, 0x67, 0x65, 0x64, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, + 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0f, 0x54, 0x61, 0x67, 0x67, 0x65, 0x64, 0x41, 0x64, + 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x12, 0x2d, 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, + 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x70, 0x62, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, + 0x65, 0x2e, 0x4e, 0x6f, 0x64, 0x65, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, + 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x2f, 0x0a, 0x09, 0x52, 0x61, 0x66, 0x74, 0x49, 0x6e, + 0x64, 0x65, 0x78, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, + 0x6f, 0x6e, 0x2e, 0x52, 0x61, 0x66, 0x74, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x52, 0x09, 0x52, 0x61, + 0x66, 0x74, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x1a, 0x42, 0x0a, 0x14, 0x54, 0x61, 0x67, 0x67, 0x65, + 0x64, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, + 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, + 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x37, 0x0a, 0x09, 0x4d, + 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, + 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, + 0x3a, 0x02, 0x38, 0x01, 0x22, 0xc9, 0x06, 0x0a, 0x0b, 0x4e, 0x6f, 0x64, 0x65, 0x53, 0x65, 0x72, + 0x76, 0x69, 0x63, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x4b, 0x69, 0x6e, 0x64, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x04, 0x4b, 0x69, 0x6e, 0x64, 0x12, 0x0e, 0x0a, 0x02, 0x49, 0x44, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x49, 0x44, 0x12, 0x18, 0x0a, 0x07, 0x53, 0x65, 0x72, 0x76, + 0x69, 0x63, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x53, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x54, 0x61, 0x67, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, + 0x52, 0x04, 0x54, 0x61, 0x67, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, + 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, + 0x12, 0x55, 0x0a, 0x0f, 0x54, 0x61, 0x67, 0x67, 0x65, 0x64, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, + 0x73, 0x65, 0x73, 0x18, 0x0f, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x70, 0x62, 0x73, 0x65, + 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x4e, 0x6f, 0x64, 0x65, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, + 0x65, 0x2e, 0x54, 0x61, 0x67, 0x67, 0x65, 0x64, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, + 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0f, 0x54, 0x61, 0x67, 0x67, 0x65, 0x64, 0x41, 0x64, + 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x12, 0x34, 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, + 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x70, 0x62, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, + 0x65, 0x2e, 0x4e, 0x6f, 0x64, 0x65, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x4d, 0x65, + 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x12, 0x0a, + 0x04, 0x50, 0x6f, 0x72, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x05, 0x52, 0x04, 0x50, 0x6f, 0x72, + 0x74, 0x12, 0x1e, 0x0a, 0x0a, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x50, 0x61, 0x74, 0x68, 0x18, + 0x11, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x50, 0x61, 0x74, + 0x68, 0x12, 0x2c, 0x0a, 0x07, 0x57, 0x65, 0x69, 0x67, 0x68, 0x74, 0x73, 0x18, 0x08, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x70, 0x62, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x57, + 0x65, 0x69, 0x67, 0x68, 0x74, 0x73, 0x52, 0x07, 0x57, 0x65, 0x69, 0x67, 0x68, 0x74, 0x73, 0x12, + 0x2c, 0x0a, 0x11, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x54, 0x61, 0x67, 0x4f, 0x76, 0x65, 0x72, + 0x72, 0x69, 0x64, 0x65, 0x18, 0x09, 0x20, 0x01, 0x28, 0x08, 0x52, 0x11, 0x45, 0x6e, 0x61, 0x62, + 0x6c, 0x65, 0x54, 0x61, 0x67, 0x4f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x12, 0x33, 0x0a, + 0x05, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x70, + 0x62, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, + 0x50, 0x72, 0x6f, 0x78, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x05, 0x50, 0x72, 0x6f, + 0x78, 0x79, 0x12, 0x33, 0x0a, 0x07, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x18, 0x0c, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x70, 0x62, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, + 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x52, 0x07, + 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x12, 0x3e, 0x0a, 0x1a, 0x4c, 0x6f, 0x63, 0x61, 0x6c, + 0x6c, 0x79, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x65, 0x64, 0x41, 0x73, 0x53, 0x69, + 0x64, 0x65, 0x63, 0x61, 0x72, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x08, 0x52, 0x1a, 0x4c, 0x6f, 0x63, + 0x61, 0x6c, 0x6c, 0x79, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x65, 0x64, 0x41, 0x73, + 0x53, 0x69, 0x64, 0x65, 0x63, 0x61, 0x72, 0x12, 0x3e, 0x0a, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, + 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x10, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x16, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, + 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x52, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, + 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x2f, 0x0a, 0x09, 0x52, 0x61, 0x66, 0x74, 0x49, + 0x6e, 0x64, 0x65, 0x78, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x63, 0x6f, 0x6d, + 0x6d, 0x6f, 0x6e, 0x2e, 0x52, 0x61, 0x66, 0x74, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x52, 0x09, 0x52, + 0x61, 0x66, 0x74, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x1a, 0x5d, 0x0a, 0x14, 0x54, 0x61, 0x67, 0x67, + 0x65, 0x64, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, + 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, + 0x65, 0x79, 0x12, 0x2f, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x19, 0x2e, 0x70, 0x62, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x53, 0x65, + 0x72, 0x76, 0x69, 0x63, 0x65, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x52, 0x05, 0x76, 0x61, + 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, + 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, + 0x42, 0x2d, 0x5a, 0x2b, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, + 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x62, + 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } -func init() { - proto.RegisterFile("proto/pbservice/node.proto", fileDescriptor_bbc215b78fa95fe5) +var ( + file_proto_pbservice_node_proto_rawDescOnce sync.Once + file_proto_pbservice_node_proto_rawDescData = file_proto_pbservice_node_proto_rawDesc +) + +func file_proto_pbservice_node_proto_rawDescGZIP() []byte { + file_proto_pbservice_node_proto_rawDescOnce.Do(func() { + file_proto_pbservice_node_proto_rawDescData = protoimpl.X.CompressGZIP(file_proto_pbservice_node_proto_rawDescData) + }) + return file_proto_pbservice_node_proto_rawDescData } -var fileDescriptor_bbc215b78fa95fe5 = []byte{ - // 646 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x54, 0xdb, 0x6e, 0xd3, 0x40, - 0x10, 0x55, 0xee, 0xcd, 0x04, 0x7a, 0x59, 0x55, 0x68, 0x09, 0x14, 0x85, 0xc2, 0x43, 0xa5, 0xb6, - 0x31, 0x6a, 0x91, 0x40, 0x3c, 0x54, 0xea, 0x4d, 0xa2, 0x02, 0x4a, 0xb4, 0x2d, 0x42, 0x42, 0xe2, - 0x61, 0x63, 0x4f, 0x6d, 0xab, 0xa9, 0x37, 0x5a, 0x6f, 0xab, 0xe6, 0x53, 0xf8, 0x0a, 0xbe, 0x83, - 0xbf, 0x42, 0x3b, 0xde, 0x24, 0x8e, 0x5b, 0x50, 0x90, 0x78, 0xf2, 0x7a, 0xce, 0x39, 0xb3, 0xe3, - 0x39, 0x33, 0x86, 0xf6, 0x50, 0x2b, 0xa3, 0xbc, 0x61, 0x3f, 0x45, 0x7d, 0x13, 0xfb, 0xe8, 0x25, - 0x2a, 0xc0, 0x2e, 0x05, 0x59, 0x73, 0x12, 0x6d, 0x3f, 0x19, 0xd3, 0x7c, 0x75, 0x75, 0xa5, 0x12, - 0x2f, 0x7b, 0x64, 0xbc, 0xf6, 0xf3, 0x62, 0x8e, 0x08, 0xe5, 0xc0, 0x44, 0x7e, 0x84, 0xfe, 0xa5, - 0xa3, 0xac, 0x15, 0x29, 0xee, 0x99, 0xc1, 0xeb, 0x3f, 0x4a, 0xb0, 0x7c, 0x68, 0xe9, 0x67, 0x59, - 0xf8, 0x54, 0x05, 0xc8, 0x5e, 0x40, 0xd5, 0x3e, 0x79, 0xa9, 0x53, 0xda, 0x68, 0xed, 0x2c, 0x75, - 0x27, 0xe2, 0xae, 0x0d, 0x0b, 0x02, 0xd9, 0x2b, 0x68, 0x38, 0x0d, 0x2f, 0x13, 0xef, 0x51, 0x81, - 0xe7, 0x50, 0x31, 0xa6, 0xb1, 0x2e, 0xd4, 0xe9, 0xaa, 0x94, 0x57, 0x3a, 0x95, 0x82, 0xe0, 0x3d, - 0x15, 0x4e, 0xb0, 0x70, 0xac, 0xf5, 0x9f, 0x95, 0xac, 0x0e, 0xb6, 0x08, 0xe5, 0x93, 0x23, 0xaa, - 0xa6, 0x29, 0xca, 0x27, 0x47, 0x8c, 0xb9, 0xfa, 0xca, 0x14, 0xc9, 0x38, 0x4f, 0xa1, 0xd9, 0x93, - 0xda, 0xc4, 0x26, 0x56, 0x09, 0x5f, 0x20, 0x60, 0x1a, 0x60, 0x1c, 0x1a, 0xfb, 0x41, 0xa0, 0x31, - 0xb5, 0x77, 0x5b, 0x6c, 0xfc, 0xca, 0x9e, 0x01, 0x1c, 0x49, 0x23, 0x7d, 0x4c, 0x0c, 0x6a, 0x5e, - 0x25, 0x30, 0x17, 0x61, 0xa7, 0xb0, 0x74, 0x2e, 0xc3, 0x10, 0x03, 0x27, 0xc0, 0x94, 0xd7, 0xa8, - 0xfa, 0x97, 0x85, 0xcf, 0xed, 0x16, 0x68, 0xc7, 0x89, 0xd1, 0x23, 0x51, 0x14, 0xb3, 0x6d, 0xa8, - 0x7e, 0x42, 0x23, 0x79, 0x9d, 0x92, 0x3c, 0x2e, 0x26, 0xb1, 0x58, 0xa6, 0x24, 0x1a, 0xf3, 0xa0, - 0x29, 0xe4, 0x85, 0x39, 0x49, 0x02, 0xbc, 0xe5, 0x0d, 0xea, 0xf3, 0x4a, 0xd7, 0xcd, 0xc0, 0x04, - 0x10, 0x53, 0x4e, 0xfb, 0x00, 0x56, 0xef, 0x2b, 0x84, 0x2d, 0x43, 0xe5, 0x12, 0x47, 0xae, 0x89, - 0xf6, 0xc8, 0x56, 0xa1, 0x76, 0x23, 0x07, 0xd7, 0xe3, 0x36, 0x66, 0x2f, 0xef, 0xca, 0x6f, 0x4b, - 0xed, 0x37, 0xd0, 0x9c, 0xd4, 0xf1, 0x2f, 0xc2, 0xf5, 0x5f, 0x75, 0x68, 0xe5, 0xac, 0xb7, 0x46, - 0x7d, 0x88, 0x93, 0xc0, 0x89, 0xe9, 0xec, 0xcc, 0x2c, 0x4f, 0xcc, 0xe4, 0xd3, 0x39, 0x72, 0xd6, - 0xe4, 0xd4, 0xe7, 0x32, 0x4c, 0x79, 0xb5, 0x53, 0xb1, 0x6a, 0x7b, 0xce, 0x1b, 0x59, 0x9b, 0x35, - 0xf2, 0xcb, 0x5d, 0xa3, 0x96, 0xa8, 0xc7, 0x9b, 0xf7, 0xcf, 0xe5, 0x9c, 0x7e, 0xbd, 0x9e, 0xf1, - 0xab, 0xf3, 0x87, 0x5c, 0x45, 0xdb, 0x18, 0x54, 0x7b, 0x4a, 0x1b, 0x72, 0xac, 0x26, 0xe8, 0x6c, - 0x27, 0xed, 0x4c, 0xf9, 0x97, 0x68, 0x7a, 0xd2, 0x44, 0x7c, 0x25, 0x9b, 0xb4, 0x69, 0x84, 0x6d, - 0x41, 0xe3, 0x2b, 0xc6, 0x61, 0x64, 0x52, 0x9a, 0xdf, 0xd6, 0x0e, 0xcb, 0x5d, 0xe6, 0x10, 0x31, - 0xa6, 0xb0, 0x2d, 0x58, 0x39, 0x4e, 0x64, 0x7f, 0x80, 0xe7, 0x32, 0xfc, 0x7c, 0x83, 0x5a, 0xc7, - 0x01, 0xf2, 0x66, 0xa7, 0xb4, 0xb1, 0x20, 0xee, 0x02, 0x6c, 0x17, 0x6a, 0x3d, 0xad, 0x6e, 0x47, - 0xbc, 0x45, 0x99, 0xd7, 0x72, 0x99, 0x0f, 0x55, 0x92, 0xa0, 0x6f, 0x08, 0x3e, 0x54, 0xc9, 0x45, - 0x1c, 0x8a, 0x8c, 0xcb, 0x76, 0xa1, 0xe1, 0x40, 0xfe, 0x80, 0x64, 0xf9, 0x69, 0x75, 0x5f, 0xee, - 0x08, 0x62, 0xcc, 0x64, 0x7b, 0xd0, 0xfe, 0xa8, 0x7c, 0x39, 0x18, 0x8c, 0x04, 0x86, 0x71, 0x6a, - 0x50, 0x63, 0xb0, 0x9f, 0x9e, 0xc5, 0x01, 0xfa, 0x52, 0xf3, 0x87, 0x54, 0xe0, 0x5f, 0x18, 0x6c, - 0x0f, 0x16, 0x8f, 0xed, 0xe2, 0x0d, 0x75, 0x9c, 0x22, 0x75, 0x7e, 0xd9, 0xfd, 0x5d, 0xdc, 0xd4, - 0xcf, 0xa2, 0xa2, 0xc0, 0x9e, 0x5d, 0x98, 0xc5, 0x39, 0x16, 0xe6, 0xfb, 0xdc, 0x0b, 0xe3, 0xe5, - 0xe7, 0xfe, 0xde, 0x6e, 0xb8, 0x14, 0xff, 0x63, 0x97, 0x0e, 0xb6, 0xbf, 0x6d, 0x86, 0xb1, 0x89, - 0xae, 0xfb, 0xb6, 0x7a, 0x2f, 0x92, 0x69, 0x14, 0xfb, 0x4a, 0x0f, 0x3d, 0x5f, 0x25, 0xe9, 0xf5, - 0xc0, 0x2b, 0xfc, 0xd6, 0xfb, 0x75, 0x0a, 0xec, 0xfe, 0x0e, 0x00, 0x00, 0xff, 0xff, 0xf7, 0x69, - 0xf0, 0xb9, 0x57, 0x06, 0x00, 0x00, +var file_proto_pbservice_node_proto_msgTypes = make([]protoimpl.MessageInfo, 7) +var file_proto_pbservice_node_proto_goTypes = []interface{}{ + (*CheckServiceNode)(nil), // 0: pbservice.CheckServiceNode + (*Node)(nil), // 1: pbservice.Node + (*NodeService)(nil), // 2: pbservice.NodeService + nil, // 3: pbservice.Node.TaggedAddressesEntry + nil, // 4: pbservice.Node.MetaEntry + nil, // 5: pbservice.NodeService.TaggedAddressesEntry + nil, // 6: pbservice.NodeService.MetaEntry + (*HealthCheck)(nil), // 7: pbservice.HealthCheck + (*pbcommon.RaftIndex)(nil), // 8: common.RaftIndex + (*Weights)(nil), // 9: pbservice.Weights + (*ConnectProxyConfig)(nil), // 10: pbservice.ConnectProxyConfig + (*ServiceConnect)(nil), // 11: pbservice.ServiceConnect + (*pbcommon.EnterpriseMeta)(nil), // 12: common.EnterpriseMeta + (*ServiceAddress)(nil), // 13: pbservice.ServiceAddress +} +var file_proto_pbservice_node_proto_depIdxs = []int32{ + 1, // 0: pbservice.CheckServiceNode.Node:type_name -> pbservice.Node + 2, // 1: pbservice.CheckServiceNode.Service:type_name -> pbservice.NodeService + 7, // 2: pbservice.CheckServiceNode.Checks:type_name -> pbservice.HealthCheck + 3, // 3: pbservice.Node.TaggedAddresses:type_name -> pbservice.Node.TaggedAddressesEntry + 4, // 4: pbservice.Node.Meta:type_name -> pbservice.Node.MetaEntry + 8, // 5: pbservice.Node.RaftIndex:type_name -> common.RaftIndex + 5, // 6: pbservice.NodeService.TaggedAddresses:type_name -> pbservice.NodeService.TaggedAddressesEntry + 6, // 7: pbservice.NodeService.Meta:type_name -> pbservice.NodeService.MetaEntry + 9, // 8: pbservice.NodeService.Weights:type_name -> pbservice.Weights + 10, // 9: pbservice.NodeService.Proxy:type_name -> pbservice.ConnectProxyConfig + 11, // 10: pbservice.NodeService.Connect:type_name -> pbservice.ServiceConnect + 12, // 11: pbservice.NodeService.EnterpriseMeta:type_name -> common.EnterpriseMeta + 8, // 12: pbservice.NodeService.RaftIndex:type_name -> common.RaftIndex + 13, // 13: pbservice.NodeService.TaggedAddressesEntry.value:type_name -> pbservice.ServiceAddress + 14, // [14:14] is the sub-list for method output_type + 14, // [14:14] is the sub-list for method input_type + 14, // [14:14] is the sub-list for extension type_name + 14, // [14:14] is the sub-list for extension extendee + 0, // [0:14] is the sub-list for field type_name +} + +func init() { file_proto_pbservice_node_proto_init() } +func file_proto_pbservice_node_proto_init() { + if File_proto_pbservice_node_proto != nil { + return + } + file_proto_pbservice_healthcheck_proto_init() + file_proto_pbservice_service_proto_init() + if !protoimpl.UnsafeEnabled { + file_proto_pbservice_node_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*CheckServiceNode); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_proto_pbservice_node_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Node); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_proto_pbservice_node_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*NodeService); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_proto_pbservice_node_proto_rawDesc, + NumEnums: 0, + NumMessages: 7, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_proto_pbservice_node_proto_goTypes, + DependencyIndexes: file_proto_pbservice_node_proto_depIdxs, + MessageInfos: file_proto_pbservice_node_proto_msgTypes, + }.Build() + File_proto_pbservice_node_proto = out.File + file_proto_pbservice_node_proto_rawDesc = nil + file_proto_pbservice_node_proto_goTypes = nil + file_proto_pbservice_node_proto_depIdxs = nil } diff --git a/proto/pbservice/service.pb.go b/proto/pbservice/service.pb.go index b71a0a387..5749c3928 100644 --- a/proto/pbservice/service.pb.go +++ b/proto/pbservice/service.pb.go @@ -1,26 +1,31 @@ // Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.23.0 +// protoc v3.15.8 // source: proto/pbservice/service.proto package pbservice import ( - fmt "fmt" proto "github.com/golang/protobuf/proto" - _struct "github.com/golang/protobuf/ptypes/struct" pbcommon "github.com/hashicorp/consul/proto/pbcommon" - math "math" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + structpb "google.golang.org/protobuf/types/known/structpb" + reflect "reflect" + sync "sync" ) -// Reference imports to suppress errors if they are not otherwise used. -var _ = proto.Marshal -var _ = fmt.Errorf -var _ = math.Inf +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) -// This is a compile-time assertion to ensure that this generated file -// is compatible with the proto package it is being compiled against. -// A compilation error at this line likely means your copy of the -// proto package needs to be updated. -const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package +// This is a compile-time assertion that a sufficiently up-to-date version +// of the legacy proto package is being used. +const _ = proto.ProtoPackageIsVersion4 // ConnectProxyConfig describes the configuration needed for any proxy managed // or unmanaged. It describes a single logical service's listener and optionally @@ -34,6 +39,10 @@ const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package // output=service.gen.go // name=Structs type ConnectProxyConfig struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + // DestinationServiceName is required and is the name of the service to accept // traffic for. DestinationServiceName string `protobuf:"bytes,1,opt,name=DestinationServiceName,proto3" json:"DestinationServiceName,omitempty"` @@ -58,7 +67,7 @@ type ConnectProxyConfig struct { // Config is the arbitrary configuration data provided with the proxy // registration. // mog: func-to=ProtobufTypesStructToMapStringInterface func-from=MapStringInterfaceToProtobufTypesStruct - Config *_struct.Struct `protobuf:"bytes,5,opt,name=Config,proto3" json:"Config,omitempty"` + Config *structpb.Struct `protobuf:"bytes,5,opt,name=Config,proto3" json:"Config,omitempty"` // Upstreams describes any upstream dependencies the proxy instance should // setup. // mog: func-to=UpstreamsToStructs func-from=NewUpstreamsFromStructs @@ -74,110 +83,114 @@ type ConnectProxyConfig struct { // transparent mode. TransparentProxy *TransparentProxyConfig `protobuf:"bytes,10,opt,name=TransparentProxy,proto3" json:"TransparentProxy,omitempty"` // LocalServiceSocketPath is the path to the unix domain socket for the local service instance - LocalServiceSocketPath string `protobuf:"bytes,11,opt,name=LocalServiceSocketPath,proto3" json:"LocalServiceSocketPath,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + LocalServiceSocketPath string `protobuf:"bytes,11,opt,name=LocalServiceSocketPath,proto3" json:"LocalServiceSocketPath,omitempty"` } -func (m *ConnectProxyConfig) Reset() { *m = ConnectProxyConfig{} } -func (m *ConnectProxyConfig) String() string { return proto.CompactTextString(m) } -func (*ConnectProxyConfig) ProtoMessage() {} +func (x *ConnectProxyConfig) Reset() { + *x = ConnectProxyConfig{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_pbservice_service_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ConnectProxyConfig) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ConnectProxyConfig) ProtoMessage() {} + +func (x *ConnectProxyConfig) ProtoReflect() protoreflect.Message { + mi := &file_proto_pbservice_service_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ConnectProxyConfig.ProtoReflect.Descriptor instead. func (*ConnectProxyConfig) Descriptor() ([]byte, []int) { - return fileDescriptor_cbb99233b75fb80b, []int{0} + return file_proto_pbservice_service_proto_rawDescGZIP(), []int{0} } -func (m *ConnectProxyConfig) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_ConnectProxyConfig.Unmarshal(m, b) -} -func (m *ConnectProxyConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_ConnectProxyConfig.Marshal(b, m, deterministic) -} -func (m *ConnectProxyConfig) XXX_Merge(src proto.Message) { - xxx_messageInfo_ConnectProxyConfig.Merge(m, src) -} -func (m *ConnectProxyConfig) XXX_Size() int { - return xxx_messageInfo_ConnectProxyConfig.Size(m) -} -func (m *ConnectProxyConfig) XXX_DiscardUnknown() { - xxx_messageInfo_ConnectProxyConfig.DiscardUnknown(m) -} - -var xxx_messageInfo_ConnectProxyConfig proto.InternalMessageInfo - -func (m *ConnectProxyConfig) GetDestinationServiceName() string { - if m != nil { - return m.DestinationServiceName +func (x *ConnectProxyConfig) GetDestinationServiceName() string { + if x != nil { + return x.DestinationServiceName } return "" } -func (m *ConnectProxyConfig) GetDestinationServiceID() string { - if m != nil { - return m.DestinationServiceID +func (x *ConnectProxyConfig) GetDestinationServiceID() string { + if x != nil { + return x.DestinationServiceID } return "" } -func (m *ConnectProxyConfig) GetLocalServiceAddress() string { - if m != nil { - return m.LocalServiceAddress +func (x *ConnectProxyConfig) GetLocalServiceAddress() string { + if x != nil { + return x.LocalServiceAddress } return "" } -func (m *ConnectProxyConfig) GetLocalServicePort() int32 { - if m != nil { - return m.LocalServicePort +func (x *ConnectProxyConfig) GetLocalServicePort() int32 { + if x != nil { + return x.LocalServicePort } return 0 } -func (m *ConnectProxyConfig) GetConfig() *_struct.Struct { - if m != nil { - return m.Config +func (x *ConnectProxyConfig) GetConfig() *structpb.Struct { + if x != nil { + return x.Config } return nil } -func (m *ConnectProxyConfig) GetUpstreams() []*Upstream { - if m != nil { - return m.Upstreams +func (x *ConnectProxyConfig) GetUpstreams() []*Upstream { + if x != nil { + return x.Upstreams } return nil } -func (m *ConnectProxyConfig) GetMeshGateway() *MeshGatewayConfig { - if m != nil { - return m.MeshGateway +func (x *ConnectProxyConfig) GetMeshGateway() *MeshGatewayConfig { + if x != nil { + return x.MeshGateway } return nil } -func (m *ConnectProxyConfig) GetExpose() *ExposeConfig { - if m != nil { - return m.Expose +func (x *ConnectProxyConfig) GetExpose() *ExposeConfig { + if x != nil { + return x.Expose } return nil } -func (m *ConnectProxyConfig) GetMode() string { - if m != nil { - return m.Mode +func (x *ConnectProxyConfig) GetMode() string { + if x != nil { + return x.Mode } return "" } -func (m *ConnectProxyConfig) GetTransparentProxy() *TransparentProxyConfig { - if m != nil { - return m.TransparentProxy +func (x *ConnectProxyConfig) GetTransparentProxy() *TransparentProxyConfig { + if x != nil { + return x.TransparentProxy } return nil } -func (m *ConnectProxyConfig) GetLocalServiceSocketPath() string { - if m != nil { - return m.LocalServiceSocketPath +func (x *ConnectProxyConfig) GetLocalServiceSocketPath() string { + if x != nil { + return x.LocalServiceSocketPath } return "" } @@ -194,6 +207,10 @@ func (m *ConnectProxyConfig) GetLocalServiceSocketPath() string { // name=Structs // ignore-fields=IngressHosts type Upstream struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + // Destination fields are the required ones for determining what this upstream // points to. Depending on DestinationType some other fields below might // further restrict the set of instances allowable. @@ -219,126 +236,130 @@ type Upstream struct { // It can be used to pass arbitrary configuration for this specific upstream // to the proxy. // mog: func-to=ProtobufTypesStructToMapStringInterface func-from=MapStringInterfaceToProtobufTypesStruct - Config *_struct.Struct `protobuf:"bytes,7,opt,name=Config,proto3" json:"Config,omitempty"` + Config *structpb.Struct `protobuf:"bytes,7,opt,name=Config,proto3" json:"Config,omitempty"` // MeshGateway is the configuration for mesh gateway usage of this upstream MeshGateway *MeshGatewayConfig `protobuf:"bytes,8,opt,name=MeshGateway,proto3" json:"MeshGateway,omitempty"` // CentrallyConfigured indicates whether the upstream was defined in a proxy // instance registration or whether it was generated from a config entry. CentrallyConfigured bool `protobuf:"varint,9,opt,name=CentrallyConfigured,proto3" json:"CentrallyConfigured,omitempty"` // LocalBindSocketPath is the socket to create to connect to the upstream service - LocalBindSocketPath string `protobuf:"bytes,10,opt,name=LocalBindSocketPath,proto3" json:"LocalBindSocketPath,omitempty"` - LocalBindSocketMode string `protobuf:"bytes,11,opt,name=LocalBindSocketMode,proto3" json:"LocalBindSocketMode,omitempty"` - DestinationPartition string `protobuf:"bytes,12,opt,name=DestinationPartition,proto3" json:"DestinationPartition,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + LocalBindSocketPath string `protobuf:"bytes,10,opt,name=LocalBindSocketPath,proto3" json:"LocalBindSocketPath,omitempty"` + LocalBindSocketMode string `protobuf:"bytes,11,opt,name=LocalBindSocketMode,proto3" json:"LocalBindSocketMode,omitempty"` + DestinationPartition string `protobuf:"bytes,12,opt,name=DestinationPartition,proto3" json:"DestinationPartition,omitempty"` } -func (m *Upstream) Reset() { *m = Upstream{} } -func (m *Upstream) String() string { return proto.CompactTextString(m) } -func (*Upstream) ProtoMessage() {} +func (x *Upstream) Reset() { + *x = Upstream{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_pbservice_service_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Upstream) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Upstream) ProtoMessage() {} + +func (x *Upstream) ProtoReflect() protoreflect.Message { + mi := &file_proto_pbservice_service_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Upstream.ProtoReflect.Descriptor instead. func (*Upstream) Descriptor() ([]byte, []int) { - return fileDescriptor_cbb99233b75fb80b, []int{1} + return file_proto_pbservice_service_proto_rawDescGZIP(), []int{1} } -func (m *Upstream) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_Upstream.Unmarshal(m, b) -} -func (m *Upstream) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_Upstream.Marshal(b, m, deterministic) -} -func (m *Upstream) XXX_Merge(src proto.Message) { - xxx_messageInfo_Upstream.Merge(m, src) -} -func (m *Upstream) XXX_Size() int { - return xxx_messageInfo_Upstream.Size(m) -} -func (m *Upstream) XXX_DiscardUnknown() { - xxx_messageInfo_Upstream.DiscardUnknown(m) -} - -var xxx_messageInfo_Upstream proto.InternalMessageInfo - -func (m *Upstream) GetDestinationType() string { - if m != nil { - return m.DestinationType +func (x *Upstream) GetDestinationType() string { + if x != nil { + return x.DestinationType } return "" } -func (m *Upstream) GetDestinationNamespace() string { - if m != nil { - return m.DestinationNamespace +func (x *Upstream) GetDestinationNamespace() string { + if x != nil { + return x.DestinationNamespace } return "" } -func (m *Upstream) GetDestinationName() string { - if m != nil { - return m.DestinationName +func (x *Upstream) GetDestinationName() string { + if x != nil { + return x.DestinationName } return "" } -func (m *Upstream) GetDatacenter() string { - if m != nil { - return m.Datacenter +func (x *Upstream) GetDatacenter() string { + if x != nil { + return x.Datacenter } return "" } -func (m *Upstream) GetLocalBindAddress() string { - if m != nil { - return m.LocalBindAddress +func (x *Upstream) GetLocalBindAddress() string { + if x != nil { + return x.LocalBindAddress } return "" } -func (m *Upstream) GetLocalBindPort() int32 { - if m != nil { - return m.LocalBindPort +func (x *Upstream) GetLocalBindPort() int32 { + if x != nil { + return x.LocalBindPort } return 0 } -func (m *Upstream) GetConfig() *_struct.Struct { - if m != nil { - return m.Config +func (x *Upstream) GetConfig() *structpb.Struct { + if x != nil { + return x.Config } return nil } -func (m *Upstream) GetMeshGateway() *MeshGatewayConfig { - if m != nil { - return m.MeshGateway +func (x *Upstream) GetMeshGateway() *MeshGatewayConfig { + if x != nil { + return x.MeshGateway } return nil } -func (m *Upstream) GetCentrallyConfigured() bool { - if m != nil { - return m.CentrallyConfigured +func (x *Upstream) GetCentrallyConfigured() bool { + if x != nil { + return x.CentrallyConfigured } return false } -func (m *Upstream) GetLocalBindSocketPath() string { - if m != nil { - return m.LocalBindSocketPath +func (x *Upstream) GetLocalBindSocketPath() string { + if x != nil { + return x.LocalBindSocketPath } return "" } -func (m *Upstream) GetLocalBindSocketMode() string { - if m != nil { - return m.LocalBindSocketMode +func (x *Upstream) GetLocalBindSocketMode() string { + if x != nil { + return x.LocalBindSocketMode } return "" } -func (m *Upstream) GetDestinationPartition() string { - if m != nil { - return m.DestinationPartition +func (x *Upstream) GetDestinationPartition() string { + if x != nil { + return x.DestinationPartition } return "" } @@ -351,6 +372,10 @@ func (m *Upstream) GetDestinationPartition() string { // output=service.gen.go // name=Structs type ServiceConnect struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + // Native is true when this service can natively understand Connect. Native bool `protobuf:"varint,1,opt,name=Native,proto3" json:"Native,omitempty"` // SidecarService is a nested Service Definition to register at the same time. @@ -361,47 +386,51 @@ type ServiceConnect struct { // result is identical to just making a second service registration via any // other means. // mog: func-to=ServiceDefinitionPtrToStructs func-from=NewServiceDefinitionPtrFromStructs - SidecarService *ServiceDefinition `protobuf:"bytes,3,opt,name=SidecarService,proto3" json:"SidecarService,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + SidecarService *ServiceDefinition `protobuf:"bytes,3,opt,name=SidecarService,proto3" json:"SidecarService,omitempty"` } -func (m *ServiceConnect) Reset() { *m = ServiceConnect{} } -func (m *ServiceConnect) String() string { return proto.CompactTextString(m) } -func (*ServiceConnect) ProtoMessage() {} +func (x *ServiceConnect) Reset() { + *x = ServiceConnect{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_pbservice_service_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ServiceConnect) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ServiceConnect) ProtoMessage() {} + +func (x *ServiceConnect) ProtoReflect() protoreflect.Message { + mi := &file_proto_pbservice_service_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ServiceConnect.ProtoReflect.Descriptor instead. func (*ServiceConnect) Descriptor() ([]byte, []int) { - return fileDescriptor_cbb99233b75fb80b, []int{2} + return file_proto_pbservice_service_proto_rawDescGZIP(), []int{2} } -func (m *ServiceConnect) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_ServiceConnect.Unmarshal(m, b) -} -func (m *ServiceConnect) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_ServiceConnect.Marshal(b, m, deterministic) -} -func (m *ServiceConnect) XXX_Merge(src proto.Message) { - xxx_messageInfo_ServiceConnect.Merge(m, src) -} -func (m *ServiceConnect) XXX_Size() int { - return xxx_messageInfo_ServiceConnect.Size(m) -} -func (m *ServiceConnect) XXX_DiscardUnknown() { - xxx_messageInfo_ServiceConnect.DiscardUnknown(m) -} - -var xxx_messageInfo_ServiceConnect proto.InternalMessageInfo - -func (m *ServiceConnect) GetNative() bool { - if m != nil { - return m.Native +func (x *ServiceConnect) GetNative() bool { + if x != nil { + return x.Native } return false } -func (m *ServiceConnect) GetSidecarService() *ServiceDefinition { - if m != nil { - return m.SidecarService +func (x *ServiceConnect) GetSidecarService() *ServiceDefinition { + if x != nil { + return x.SidecarService } return nil } @@ -415,52 +444,60 @@ func (m *ServiceConnect) GetSidecarService() *ServiceDefinition { // output=service.gen.go // name=Structs type ExposeConfig struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + // Checks defines whether paths associated with Consul checks will be exposed. // This flag triggers exposing all HTTP and GRPC check paths registered for the service. Checks bool `protobuf:"varint,1,opt,name=Checks,proto3" json:"Checks,omitempty"` // Paths is the list of paths exposed through the proxy. // mog: func-to=ExposePathSliceToStructs func-from=NewExposePathSliceFromStructs - Paths []*ExposePath `protobuf:"bytes,2,rep,name=Paths,proto3" json:"Paths,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + Paths []*ExposePath `protobuf:"bytes,2,rep,name=Paths,proto3" json:"Paths,omitempty"` } -func (m *ExposeConfig) Reset() { *m = ExposeConfig{} } -func (m *ExposeConfig) String() string { return proto.CompactTextString(m) } -func (*ExposeConfig) ProtoMessage() {} +func (x *ExposeConfig) Reset() { + *x = ExposeConfig{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_pbservice_service_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ExposeConfig) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ExposeConfig) ProtoMessage() {} + +func (x *ExposeConfig) ProtoReflect() protoreflect.Message { + mi := &file_proto_pbservice_service_proto_msgTypes[3] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ExposeConfig.ProtoReflect.Descriptor instead. func (*ExposeConfig) Descriptor() ([]byte, []int) { - return fileDescriptor_cbb99233b75fb80b, []int{3} + return file_proto_pbservice_service_proto_rawDescGZIP(), []int{3} } -func (m *ExposeConfig) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_ExposeConfig.Unmarshal(m, b) -} -func (m *ExposeConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_ExposeConfig.Marshal(b, m, deterministic) -} -func (m *ExposeConfig) XXX_Merge(src proto.Message) { - xxx_messageInfo_ExposeConfig.Merge(m, src) -} -func (m *ExposeConfig) XXX_Size() int { - return xxx_messageInfo_ExposeConfig.Size(m) -} -func (m *ExposeConfig) XXX_DiscardUnknown() { - xxx_messageInfo_ExposeConfig.DiscardUnknown(m) -} - -var xxx_messageInfo_ExposeConfig proto.InternalMessageInfo - -func (m *ExposeConfig) GetChecks() bool { - if m != nil { - return m.Checks +func (x *ExposeConfig) GetChecks() bool { + if x != nil { + return x.Checks } return false } -func (m *ExposeConfig) GetPaths() []*ExposePath { - if m != nil { - return m.Paths +func (x *ExposeConfig) GetPaths() []*ExposePath { + if x != nil { + return x.Paths } return nil } @@ -471,6 +508,10 @@ func (m *ExposeConfig) GetPaths() []*ExposePath { // output=service.gen.go // name=Structs type ExposePath struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + // ListenerPort defines the port of the proxy's listener for exposed paths. // mog: func-to=int func-from=int32 ListenerPort int32 `protobuf:"varint,1,opt,name=ListenerPort,proto3" json:"ListenerPort,omitempty"` @@ -483,68 +524,72 @@ type ExposePath struct { // Valid values are "http" and "http2", defaults to "http" Protocol string `protobuf:"bytes,4,opt,name=Protocol,proto3" json:"Protocol,omitempty"` // ParsedFromCheck is set if this path was parsed from a registered check - ParsedFromCheck bool `protobuf:"varint,5,opt,name=ParsedFromCheck,proto3" json:"ParsedFromCheck,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + ParsedFromCheck bool `protobuf:"varint,5,opt,name=ParsedFromCheck,proto3" json:"ParsedFromCheck,omitempty"` } -func (m *ExposePath) Reset() { *m = ExposePath{} } -func (m *ExposePath) String() string { return proto.CompactTextString(m) } -func (*ExposePath) ProtoMessage() {} +func (x *ExposePath) Reset() { + *x = ExposePath{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_pbservice_service_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ExposePath) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ExposePath) ProtoMessage() {} + +func (x *ExposePath) ProtoReflect() protoreflect.Message { + mi := &file_proto_pbservice_service_proto_msgTypes[4] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ExposePath.ProtoReflect.Descriptor instead. func (*ExposePath) Descriptor() ([]byte, []int) { - return fileDescriptor_cbb99233b75fb80b, []int{4} + return file_proto_pbservice_service_proto_rawDescGZIP(), []int{4} } -func (m *ExposePath) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_ExposePath.Unmarshal(m, b) -} -func (m *ExposePath) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_ExposePath.Marshal(b, m, deterministic) -} -func (m *ExposePath) XXX_Merge(src proto.Message) { - xxx_messageInfo_ExposePath.Merge(m, src) -} -func (m *ExposePath) XXX_Size() int { - return xxx_messageInfo_ExposePath.Size(m) -} -func (m *ExposePath) XXX_DiscardUnknown() { - xxx_messageInfo_ExposePath.DiscardUnknown(m) -} - -var xxx_messageInfo_ExposePath proto.InternalMessageInfo - -func (m *ExposePath) GetListenerPort() int32 { - if m != nil { - return m.ListenerPort +func (x *ExposePath) GetListenerPort() int32 { + if x != nil { + return x.ListenerPort } return 0 } -func (m *ExposePath) GetPath() string { - if m != nil { - return m.Path +func (x *ExposePath) GetPath() string { + if x != nil { + return x.Path } return "" } -func (m *ExposePath) GetLocalPathPort() int32 { - if m != nil { - return m.LocalPathPort +func (x *ExposePath) GetLocalPathPort() int32 { + if x != nil { + return x.LocalPathPort } return 0 } -func (m *ExposePath) GetProtocol() string { - if m != nil { - return m.Protocol +func (x *ExposePath) GetProtocol() string { + if x != nil { + return x.Protocol } return "" } -func (m *ExposePath) GetParsedFromCheck() bool { - if m != nil { - return m.ParsedFromCheck +func (x *ExposePath) GetParsedFromCheck() bool { + if x != nil { + return x.ParsedFromCheck } return false } @@ -555,41 +600,49 @@ func (m *ExposePath) GetParsedFromCheck() bool { // output=service.gen.go // name=Structs type MeshGatewayConfig struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + // mog: func-to=structs.MeshGatewayMode func-from=string - Mode string `protobuf:"bytes,1,opt,name=Mode,proto3" json:"Mode,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + Mode string `protobuf:"bytes,1,opt,name=Mode,proto3" json:"Mode,omitempty"` } -func (m *MeshGatewayConfig) Reset() { *m = MeshGatewayConfig{} } -func (m *MeshGatewayConfig) String() string { return proto.CompactTextString(m) } -func (*MeshGatewayConfig) ProtoMessage() {} +func (x *MeshGatewayConfig) Reset() { + *x = MeshGatewayConfig{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_pbservice_service_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *MeshGatewayConfig) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*MeshGatewayConfig) ProtoMessage() {} + +func (x *MeshGatewayConfig) ProtoReflect() protoreflect.Message { + mi := &file_proto_pbservice_service_proto_msgTypes[5] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use MeshGatewayConfig.ProtoReflect.Descriptor instead. func (*MeshGatewayConfig) Descriptor() ([]byte, []int) { - return fileDescriptor_cbb99233b75fb80b, []int{5} + return file_proto_pbservice_service_proto_rawDescGZIP(), []int{5} } -func (m *MeshGatewayConfig) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_MeshGatewayConfig.Unmarshal(m, b) -} -func (m *MeshGatewayConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_MeshGatewayConfig.Marshal(b, m, deterministic) -} -func (m *MeshGatewayConfig) XXX_Merge(src proto.Message) { - xxx_messageInfo_MeshGatewayConfig.Merge(m, src) -} -func (m *MeshGatewayConfig) XXX_Size() int { - return xxx_messageInfo_MeshGatewayConfig.Size(m) -} -func (m *MeshGatewayConfig) XXX_DiscardUnknown() { - xxx_messageInfo_MeshGatewayConfig.DiscardUnknown(m) -} - -var xxx_messageInfo_MeshGatewayConfig proto.InternalMessageInfo - -func (m *MeshGatewayConfig) GetMode() string { - if m != nil { - return m.Mode +func (x *MeshGatewayConfig) GetMode() string { + if x != nil { + return x.Mode } return "" } @@ -600,52 +653,60 @@ func (m *MeshGatewayConfig) GetMode() string { // output=service.gen.go // name=Structs type TransparentProxyConfig struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + // mog: func-to=int func-from=int32 OutboundListenerPort int32 `protobuf:"varint,1,opt,name=OutboundListenerPort,proto3" json:"OutboundListenerPort,omitempty"` // DialedDirectly indicates whether transparent proxies can dial this proxy instance directly. // The discovery chain is not considered when dialing a service instance directly. // This setting is useful when addressing stateful services, such as a database cluster with a leader node. - DialedDirectly bool `protobuf:"varint,2,opt,name=DialedDirectly,proto3" json:"DialedDirectly,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + DialedDirectly bool `protobuf:"varint,2,opt,name=DialedDirectly,proto3" json:"DialedDirectly,omitempty"` } -func (m *TransparentProxyConfig) Reset() { *m = TransparentProxyConfig{} } -func (m *TransparentProxyConfig) String() string { return proto.CompactTextString(m) } -func (*TransparentProxyConfig) ProtoMessage() {} +func (x *TransparentProxyConfig) Reset() { + *x = TransparentProxyConfig{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_pbservice_service_proto_msgTypes[6] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *TransparentProxyConfig) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*TransparentProxyConfig) ProtoMessage() {} + +func (x *TransparentProxyConfig) ProtoReflect() protoreflect.Message { + mi := &file_proto_pbservice_service_proto_msgTypes[6] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use TransparentProxyConfig.ProtoReflect.Descriptor instead. func (*TransparentProxyConfig) Descriptor() ([]byte, []int) { - return fileDescriptor_cbb99233b75fb80b, []int{6} + return file_proto_pbservice_service_proto_rawDescGZIP(), []int{6} } -func (m *TransparentProxyConfig) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_TransparentProxyConfig.Unmarshal(m, b) -} -func (m *TransparentProxyConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_TransparentProxyConfig.Marshal(b, m, deterministic) -} -func (m *TransparentProxyConfig) XXX_Merge(src proto.Message) { - xxx_messageInfo_TransparentProxyConfig.Merge(m, src) -} -func (m *TransparentProxyConfig) XXX_Size() int { - return xxx_messageInfo_TransparentProxyConfig.Size(m) -} -func (m *TransparentProxyConfig) XXX_DiscardUnknown() { - xxx_messageInfo_TransparentProxyConfig.DiscardUnknown(m) -} - -var xxx_messageInfo_TransparentProxyConfig proto.InternalMessageInfo - -func (m *TransparentProxyConfig) GetOutboundListenerPort() int32 { - if m != nil { - return m.OutboundListenerPort +func (x *TransparentProxyConfig) GetOutboundListenerPort() int32 { + if x != nil { + return x.OutboundListenerPort } return 0 } -func (m *TransparentProxyConfig) GetDialedDirectly() bool { - if m != nil { - return m.DialedDirectly +func (x *TransparentProxyConfig) GetDialedDirectly() bool { + if x != nil { + return x.DialedDirectly } return false } @@ -659,6 +720,10 @@ func (m *TransparentProxyConfig) GetDialedDirectly() bool { // output=service.gen.go // name=Structs type ServiceDefinition struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + // mog: func-to=structs.ServiceKind func-from=string Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"Kind,omitempty"` ID string `protobuf:"bytes,2,opt,name=ID,proto3" json:"ID,omitempty"` @@ -694,342 +759,660 @@ type ServiceDefinition struct { // mog: func-to=EnterpriseMetaToStructs func-from=NewEnterpriseMetaFromStructs EnterpriseMeta *pbcommon.EnterpriseMeta `protobuf:"bytes,17,opt,name=EnterpriseMeta,proto3" json:"EnterpriseMeta,omitempty"` // mog: func-to=ServiceConnectPtrToStructs func-from=NewServiceConnectPtrFromStructs - Connect *ServiceConnect `protobuf:"bytes,15,opt,name=Connect,proto3" json:"Connect,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + Connect *ServiceConnect `protobuf:"bytes,15,opt,name=Connect,proto3" json:"Connect,omitempty"` } -func (m *ServiceDefinition) Reset() { *m = ServiceDefinition{} } -func (m *ServiceDefinition) String() string { return proto.CompactTextString(m) } -func (*ServiceDefinition) ProtoMessage() {} +func (x *ServiceDefinition) Reset() { + *x = ServiceDefinition{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_pbservice_service_proto_msgTypes[7] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ServiceDefinition) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ServiceDefinition) ProtoMessage() {} + +func (x *ServiceDefinition) ProtoReflect() protoreflect.Message { + mi := &file_proto_pbservice_service_proto_msgTypes[7] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ServiceDefinition.ProtoReflect.Descriptor instead. func (*ServiceDefinition) Descriptor() ([]byte, []int) { - return fileDescriptor_cbb99233b75fb80b, []int{7} + return file_proto_pbservice_service_proto_rawDescGZIP(), []int{7} } -func (m *ServiceDefinition) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_ServiceDefinition.Unmarshal(m, b) -} -func (m *ServiceDefinition) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_ServiceDefinition.Marshal(b, m, deterministic) -} -func (m *ServiceDefinition) XXX_Merge(src proto.Message) { - xxx_messageInfo_ServiceDefinition.Merge(m, src) -} -func (m *ServiceDefinition) XXX_Size() int { - return xxx_messageInfo_ServiceDefinition.Size(m) -} -func (m *ServiceDefinition) XXX_DiscardUnknown() { - xxx_messageInfo_ServiceDefinition.DiscardUnknown(m) -} - -var xxx_messageInfo_ServiceDefinition proto.InternalMessageInfo - -func (m *ServiceDefinition) GetKind() string { - if m != nil { - return m.Kind +func (x *ServiceDefinition) GetKind() string { + if x != nil { + return x.Kind } return "" } -func (m *ServiceDefinition) GetID() string { - if m != nil { - return m.ID +func (x *ServiceDefinition) GetID() string { + if x != nil { + return x.ID } return "" } -func (m *ServiceDefinition) GetName() string { - if m != nil { - return m.Name +func (x *ServiceDefinition) GetName() string { + if x != nil { + return x.Name } return "" } -func (m *ServiceDefinition) GetTags() []string { - if m != nil { - return m.Tags +func (x *ServiceDefinition) GetTags() []string { + if x != nil { + return x.Tags } return nil } -func (m *ServiceDefinition) GetAddress() string { - if m != nil { - return m.Address +func (x *ServiceDefinition) GetAddress() string { + if x != nil { + return x.Address } return "" } -func (m *ServiceDefinition) GetTaggedAddresses() map[string]*ServiceAddress { - if m != nil { - return m.TaggedAddresses +func (x *ServiceDefinition) GetTaggedAddresses() map[string]*ServiceAddress { + if x != nil { + return x.TaggedAddresses } return nil } -func (m *ServiceDefinition) GetMeta() map[string]string { - if m != nil { - return m.Meta +func (x *ServiceDefinition) GetMeta() map[string]string { + if x != nil { + return x.Meta } return nil } -func (m *ServiceDefinition) GetPort() int32 { - if m != nil { - return m.Port +func (x *ServiceDefinition) GetPort() int32 { + if x != nil { + return x.Port } return 0 } -func (m *ServiceDefinition) GetSocketPath() string { - if m != nil { - return m.SocketPath +func (x *ServiceDefinition) GetSocketPath() string { + if x != nil { + return x.SocketPath } return "" } -func (m *ServiceDefinition) GetCheck() *CheckType { - if m != nil { - return m.Check +func (x *ServiceDefinition) GetCheck() *CheckType { + if x != nil { + return x.Check } return nil } -func (m *ServiceDefinition) GetChecks() []*CheckType { - if m != nil { - return m.Checks +func (x *ServiceDefinition) GetChecks() []*CheckType { + if x != nil { + return x.Checks } return nil } -func (m *ServiceDefinition) GetWeights() *Weights { - if m != nil { - return m.Weights +func (x *ServiceDefinition) GetWeights() *Weights { + if x != nil { + return x.Weights } return nil } -func (m *ServiceDefinition) GetToken() string { - if m != nil { - return m.Token +func (x *ServiceDefinition) GetToken() string { + if x != nil { + return x.Token } return "" } -func (m *ServiceDefinition) GetEnableTagOverride() bool { - if m != nil { - return m.EnableTagOverride +func (x *ServiceDefinition) GetEnableTagOverride() bool { + if x != nil { + return x.EnableTagOverride } return false } -func (m *ServiceDefinition) GetProxy() *ConnectProxyConfig { - if m != nil { - return m.Proxy +func (x *ServiceDefinition) GetProxy() *ConnectProxyConfig { + if x != nil { + return x.Proxy } return nil } -func (m *ServiceDefinition) GetEnterpriseMeta() *pbcommon.EnterpriseMeta { - if m != nil { - return m.EnterpriseMeta +func (x *ServiceDefinition) GetEnterpriseMeta() *pbcommon.EnterpriseMeta { + if x != nil { + return x.EnterpriseMeta } return nil } -func (m *ServiceDefinition) GetConnect() *ServiceConnect { - if m != nil { - return m.Connect +func (x *ServiceDefinition) GetConnect() *ServiceConnect { + if x != nil { + return x.Connect } return nil } // Type to hold an address and port of a service type ServiceAddress struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + Address string `protobuf:"bytes,1,opt,name=Address,proto3" json:"Address,omitempty"` // mog: func-to=int func-from=int32 - Port int32 `protobuf:"varint,2,opt,name=Port,proto3" json:"Port,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + Port int32 `protobuf:"varint,2,opt,name=Port,proto3" json:"Port,omitempty"` } -func (m *ServiceAddress) Reset() { *m = ServiceAddress{} } -func (m *ServiceAddress) String() string { return proto.CompactTextString(m) } -func (*ServiceAddress) ProtoMessage() {} +func (x *ServiceAddress) Reset() { + *x = ServiceAddress{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_pbservice_service_proto_msgTypes[8] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ServiceAddress) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ServiceAddress) ProtoMessage() {} + +func (x *ServiceAddress) ProtoReflect() protoreflect.Message { + mi := &file_proto_pbservice_service_proto_msgTypes[8] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ServiceAddress.ProtoReflect.Descriptor instead. func (*ServiceAddress) Descriptor() ([]byte, []int) { - return fileDescriptor_cbb99233b75fb80b, []int{8} + return file_proto_pbservice_service_proto_rawDescGZIP(), []int{8} } -func (m *ServiceAddress) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_ServiceAddress.Unmarshal(m, b) -} -func (m *ServiceAddress) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_ServiceAddress.Marshal(b, m, deterministic) -} -func (m *ServiceAddress) XXX_Merge(src proto.Message) { - xxx_messageInfo_ServiceAddress.Merge(m, src) -} -func (m *ServiceAddress) XXX_Size() int { - return xxx_messageInfo_ServiceAddress.Size(m) -} -func (m *ServiceAddress) XXX_DiscardUnknown() { - xxx_messageInfo_ServiceAddress.DiscardUnknown(m) -} - -var xxx_messageInfo_ServiceAddress proto.InternalMessageInfo - -func (m *ServiceAddress) GetAddress() string { - if m != nil { - return m.Address +func (x *ServiceAddress) GetAddress() string { + if x != nil { + return x.Address } return "" } -func (m *ServiceAddress) GetPort() int32 { - if m != nil { - return m.Port +func (x *ServiceAddress) GetPort() int32 { + if x != nil { + return x.Port } return 0 } // Weights represent the weight used by DNS for a given status type Weights struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + // mog: func-to=int func-from=int32 Passing int32 `protobuf:"varint,1,opt,name=Passing,proto3" json:"Passing,omitempty"` // mog: func-to=int func-from=int32 - Warning int32 `protobuf:"varint,2,opt,name=Warning,proto3" json:"Warning,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + Warning int32 `protobuf:"varint,2,opt,name=Warning,proto3" json:"Warning,omitempty"` } -func (m *Weights) Reset() { *m = Weights{} } -func (m *Weights) String() string { return proto.CompactTextString(m) } -func (*Weights) ProtoMessage() {} +func (x *Weights) Reset() { + *x = Weights{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_pbservice_service_proto_msgTypes[9] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Weights) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Weights) ProtoMessage() {} + +func (x *Weights) ProtoReflect() protoreflect.Message { + mi := &file_proto_pbservice_service_proto_msgTypes[9] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Weights.ProtoReflect.Descriptor instead. func (*Weights) Descriptor() ([]byte, []int) { - return fileDescriptor_cbb99233b75fb80b, []int{9} + return file_proto_pbservice_service_proto_rawDescGZIP(), []int{9} } -func (m *Weights) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_Weights.Unmarshal(m, b) -} -func (m *Weights) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_Weights.Marshal(b, m, deterministic) -} -func (m *Weights) XXX_Merge(src proto.Message) { - xxx_messageInfo_Weights.Merge(m, src) -} -func (m *Weights) XXX_Size() int { - return xxx_messageInfo_Weights.Size(m) -} -func (m *Weights) XXX_DiscardUnknown() { - xxx_messageInfo_Weights.DiscardUnknown(m) -} - -var xxx_messageInfo_Weights proto.InternalMessageInfo - -func (m *Weights) GetPassing() int32 { - if m != nil { - return m.Passing +func (x *Weights) GetPassing() int32 { + if x != nil { + return x.Passing } return 0 } -func (m *Weights) GetWarning() int32 { - if m != nil { - return m.Warning +func (x *Weights) GetWarning() int32 { + if x != nil { + return x.Warning } return 0 } -func init() { - proto.RegisterType((*ConnectProxyConfig)(nil), "pbservice.ConnectProxyConfig") - proto.RegisterType((*Upstream)(nil), "pbservice.Upstream") - proto.RegisterType((*ServiceConnect)(nil), "pbservice.ServiceConnect") - proto.RegisterType((*ExposeConfig)(nil), "pbservice.ExposeConfig") - proto.RegisterType((*ExposePath)(nil), "pbservice.ExposePath") - proto.RegisterType((*MeshGatewayConfig)(nil), "pbservice.MeshGatewayConfig") - proto.RegisterType((*TransparentProxyConfig)(nil), "pbservice.TransparentProxyConfig") - proto.RegisterType((*ServiceDefinition)(nil), "pbservice.ServiceDefinition") - proto.RegisterMapType((map[string]string)(nil), "pbservice.ServiceDefinition.MetaEntry") - proto.RegisterMapType((map[string]*ServiceAddress)(nil), "pbservice.ServiceDefinition.TaggedAddressesEntry") - proto.RegisterType((*ServiceAddress)(nil), "pbservice.ServiceAddress") - proto.RegisterType((*Weights)(nil), "pbservice.Weights") +var File_proto_pbservice_service_proto protoreflect.FileDescriptor + +var file_proto_pbservice_service_proto_rawDesc = []byte{ + 0x0a, 0x1d, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, + 0x65, 0x2f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, + 0x09, 0x70, 0x62, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x1a, 0x1c, 0x67, 0x6f, 0x6f, 0x67, + 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x73, 0x74, 0x72, 0x75, + 0x63, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1b, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, + 0x70, 0x62, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x21, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x73, + 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2f, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x63, 0x68, 0x65, + 0x63, 0x6b, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xce, 0x04, 0x0a, 0x12, 0x43, 0x6f, 0x6e, + 0x6e, 0x65, 0x63, 0x74, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, + 0x36, 0x0a, 0x16, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, + 0x72, 0x76, 0x69, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x16, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, + 0x69, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x32, 0x0a, 0x14, 0x44, 0x65, 0x73, 0x74, 0x69, + 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x49, 0x44, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x14, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x49, 0x44, 0x12, 0x30, 0x0a, 0x13, 0x4c, + 0x6f, 0x63, 0x61, 0x6c, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x41, 0x64, 0x64, 0x72, 0x65, + 0x73, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x13, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x53, + 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x2a, 0x0a, + 0x10, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x6f, 0x72, + 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x05, 0x52, 0x10, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x53, 0x65, + 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x2f, 0x0a, 0x06, 0x43, 0x6f, 0x6e, + 0x66, 0x69, 0x67, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, + 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, + 0x63, 0x74, 0x52, 0x06, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x31, 0x0a, 0x09, 0x55, 0x70, + 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x13, 0x2e, + 0x70, 0x62, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, + 0x61, 0x6d, 0x52, 0x09, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x73, 0x12, 0x3e, 0x0a, + 0x0b, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x18, 0x07, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x70, 0x62, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x4d, + 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, + 0x52, 0x0b, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x12, 0x2f, 0x0a, + 0x06, 0x45, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, + 0x70, 0x62, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x45, 0x78, 0x70, 0x6f, 0x73, 0x65, + 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x06, 0x45, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x12, 0x12, + 0x0a, 0x04, 0x4d, 0x6f, 0x64, 0x65, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4d, 0x6f, + 0x64, 0x65, 0x12, 0x4d, 0x0a, 0x10, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, 0x6e, + 0x74, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x70, + 0x62, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, + 0x72, 0x65, 0x6e, 0x74, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, + 0x10, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x50, 0x72, 0x6f, 0x78, + 0x79, 0x12, 0x36, 0x0a, 0x16, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, + 0x65, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x50, 0x61, 0x74, 0x68, 0x18, 0x0b, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x16, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x53, + 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x50, 0x61, 0x74, 0x68, 0x22, 0xbf, 0x04, 0x0a, 0x08, 0x55, 0x70, + 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x12, 0x28, 0x0a, 0x0f, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x0f, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x79, 0x70, 0x65, + 0x12, 0x32, 0x0a, 0x14, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4e, + 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x14, + 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x73, + 0x70, 0x61, 0x63, 0x65, 0x12, 0x28, 0x0a, 0x0f, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x44, + 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1e, + 0x0a, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x04, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x2a, + 0x0a, 0x10, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x42, 0x69, 0x6e, 0x64, 0x41, 0x64, 0x64, 0x72, 0x65, + 0x73, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x10, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x42, + 0x69, 0x6e, 0x64, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x24, 0x0a, 0x0d, 0x4c, 0x6f, + 0x63, 0x61, 0x6c, 0x42, 0x69, 0x6e, 0x64, 0x50, 0x6f, 0x72, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, + 0x05, 0x52, 0x0d, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x42, 0x69, 0x6e, 0x64, 0x50, 0x6f, 0x72, 0x74, + 0x12, 0x2f, 0x0a, 0x06, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, + 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x52, 0x06, 0x43, 0x6f, 0x6e, 0x66, 0x69, + 0x67, 0x12, 0x3e, 0x0a, 0x0b, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, + 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x70, 0x62, 0x73, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x43, 0x6f, + 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0b, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, + 0x79, 0x12, 0x30, 0x0a, 0x13, 0x43, 0x65, 0x6e, 0x74, 0x72, 0x61, 0x6c, 0x6c, 0x79, 0x43, 0x6f, + 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x65, 0x64, 0x18, 0x09, 0x20, 0x01, 0x28, 0x08, 0x52, 0x13, + 0x43, 0x65, 0x6e, 0x74, 0x72, 0x61, 0x6c, 0x6c, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, + 0x72, 0x65, 0x64, 0x12, 0x30, 0x0a, 0x13, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x42, 0x69, 0x6e, 0x64, + 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x50, 0x61, 0x74, 0x68, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x13, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x42, 0x69, 0x6e, 0x64, 0x53, 0x6f, 0x63, 0x6b, 0x65, + 0x74, 0x50, 0x61, 0x74, 0x68, 0x12, 0x30, 0x0a, 0x13, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x42, 0x69, + 0x6e, 0x64, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x4d, 0x6f, 0x64, 0x65, 0x18, 0x0b, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x13, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x42, 0x69, 0x6e, 0x64, 0x53, 0x6f, 0x63, + 0x6b, 0x65, 0x74, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x32, 0x0a, 0x14, 0x44, 0x65, 0x73, 0x74, 0x69, + 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, + 0x0c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x14, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x6e, 0x0a, 0x0e, 0x53, + 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x12, 0x16, 0x0a, + 0x06, 0x4e, 0x61, 0x74, 0x69, 0x76, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x4e, + 0x61, 0x74, 0x69, 0x76, 0x65, 0x12, 0x44, 0x0a, 0x0e, 0x53, 0x69, 0x64, 0x65, 0x63, 0x61, 0x72, + 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, + 0x70, 0x62, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, + 0x65, 0x44, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x53, 0x69, 0x64, + 0x65, 0x63, 0x61, 0x72, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x22, 0x53, 0x0a, 0x0c, 0x45, + 0x78, 0x70, 0x6f, 0x73, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x16, 0x0a, 0x06, 0x43, + 0x68, 0x65, 0x63, 0x6b, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x43, 0x68, 0x65, + 0x63, 0x6b, 0x73, 0x12, 0x2b, 0x0a, 0x05, 0x50, 0x61, 0x74, 0x68, 0x73, 0x18, 0x02, 0x20, 0x03, + 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x70, 0x62, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x45, + 0x78, 0x70, 0x6f, 0x73, 0x65, 0x50, 0x61, 0x74, 0x68, 0x52, 0x05, 0x50, 0x61, 0x74, 0x68, 0x73, + 0x22, 0xb0, 0x01, 0x0a, 0x0a, 0x45, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x50, 0x61, 0x74, 0x68, 0x12, + 0x22, 0x0a, 0x0c, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x50, 0x6f, 0x72, 0x74, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0c, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x50, + 0x6f, 0x72, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x50, 0x61, 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x04, 0x50, 0x61, 0x74, 0x68, 0x12, 0x24, 0x0a, 0x0d, 0x4c, 0x6f, 0x63, 0x61, 0x6c, + 0x50, 0x61, 0x74, 0x68, 0x50, 0x6f, 0x72, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0d, + 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x50, 0x61, 0x74, 0x68, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x1a, 0x0a, + 0x08, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x08, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x28, 0x0a, 0x0f, 0x50, 0x61, 0x72, + 0x73, 0x65, 0x64, 0x46, 0x72, 0x6f, 0x6d, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x18, 0x05, 0x20, 0x01, + 0x28, 0x08, 0x52, 0x0f, 0x50, 0x61, 0x72, 0x73, 0x65, 0x64, 0x46, 0x72, 0x6f, 0x6d, 0x43, 0x68, + 0x65, 0x63, 0x6b, 0x22, 0x27, 0x0a, 0x11, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, + 0x61, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x4d, 0x6f, 0x64, 0x65, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4d, 0x6f, 0x64, 0x65, 0x22, 0x74, 0x0a, 0x16, + 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x50, 0x72, 0x6f, 0x78, 0x79, + 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x32, 0x0a, 0x14, 0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, + 0x6e, 0x64, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x50, 0x6f, 0x72, 0x74, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x05, 0x52, 0x14, 0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4c, 0x69, + 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x26, 0x0a, 0x0e, 0x44, 0x69, + 0x61, 0x6c, 0x65, 0x64, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x6c, 0x79, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x08, 0x52, 0x0e, 0x44, 0x69, 0x61, 0x6c, 0x65, 0x64, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, + 0x6c, 0x79, 0x22, 0xd4, 0x06, 0x0a, 0x11, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x44, 0x65, + 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x4b, 0x69, 0x6e, 0x64, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4b, 0x69, 0x6e, 0x64, 0x12, 0x0e, 0x0a, 0x02, + 0x49, 0x44, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x49, 0x44, 0x12, 0x12, 0x0a, 0x04, + 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, + 0x12, 0x12, 0x0a, 0x04, 0x54, 0x61, 0x67, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, 0x04, + 0x54, 0x61, 0x67, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, + 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x5b, + 0x0a, 0x0f, 0x54, 0x61, 0x67, 0x67, 0x65, 0x64, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, + 0x73, 0x18, 0x10, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x70, 0x62, 0x73, 0x65, 0x72, 0x76, + 0x69, 0x63, 0x65, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x44, 0x65, 0x66, 0x69, 0x6e, + 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x54, 0x61, 0x67, 0x67, 0x65, 0x64, 0x41, 0x64, 0x64, 0x72, + 0x65, 0x73, 0x73, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0f, 0x54, 0x61, 0x67, 0x67, + 0x65, 0x64, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x12, 0x3a, 0x0a, 0x04, 0x4d, + 0x65, 0x74, 0x61, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x70, 0x62, 0x73, 0x65, + 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x44, 0x65, 0x66, + 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, + 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x12, 0x0a, 0x04, 0x50, 0x6f, 0x72, 0x74, 0x18, + 0x07, 0x20, 0x01, 0x28, 0x05, 0x52, 0x04, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x1e, 0x0a, 0x0a, 0x53, + 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x50, 0x61, 0x74, 0x68, 0x18, 0x12, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x0a, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x50, 0x61, 0x74, 0x68, 0x12, 0x2a, 0x0a, 0x05, 0x43, + 0x68, 0x65, 0x63, 0x6b, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x70, 0x62, 0x73, + 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x54, 0x79, 0x70, 0x65, + 0x52, 0x05, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x12, 0x2c, 0x0a, 0x06, 0x43, 0x68, 0x65, 0x63, 0x6b, + 0x73, 0x18, 0x09, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x70, 0x62, 0x73, 0x65, 0x72, 0x76, + 0x69, 0x63, 0x65, 0x2e, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x54, 0x79, 0x70, 0x65, 0x52, 0x06, 0x43, + 0x68, 0x65, 0x63, 0x6b, 0x73, 0x12, 0x2c, 0x0a, 0x07, 0x57, 0x65, 0x69, 0x67, 0x68, 0x74, 0x73, + 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x70, 0x62, 0x73, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0x2e, 0x57, 0x65, 0x69, 0x67, 0x68, 0x74, 0x73, 0x52, 0x07, 0x57, 0x65, 0x69, 0x67, + 0x68, 0x74, 0x73, 0x12, 0x14, 0x0a, 0x05, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x0b, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x05, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x2c, 0x0a, 0x11, 0x45, 0x6e, 0x61, + 0x62, 0x6c, 0x65, 0x54, 0x61, 0x67, 0x4f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x18, 0x0c, + 0x20, 0x01, 0x28, 0x08, 0x52, 0x11, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x54, 0x61, 0x67, 0x4f, + 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x12, 0x33, 0x0a, 0x05, 0x50, 0x72, 0x6f, 0x78, 0x79, + 0x18, 0x0e, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x70, 0x62, 0x73, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x43, + 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x05, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x12, 0x3e, 0x0a, 0x0e, + 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x11, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, + 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x52, 0x0e, 0x45, 0x6e, + 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x33, 0x0a, 0x07, + 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, + 0x70, 0x62, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, + 0x65, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x52, 0x07, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, + 0x74, 0x1a, 0x5d, 0x0a, 0x14, 0x54, 0x61, 0x67, 0x67, 0x65, 0x64, 0x41, 0x64, 0x64, 0x72, 0x65, + 0x73, 0x73, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x2f, 0x0a, 0x05, 0x76, + 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x70, 0x62, 0x73, + 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x41, 0x64, + 0x64, 0x72, 0x65, 0x73, 0x73, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, + 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, + 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, + 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, + 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x3e, 0x0a, 0x0e, 0x53, 0x65, 0x72, + 0x76, 0x69, 0x63, 0x65, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x41, + 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x41, 0x64, + 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x50, 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x05, 0x52, 0x04, 0x50, 0x6f, 0x72, 0x74, 0x22, 0x3d, 0x0a, 0x07, 0x57, 0x65, 0x69, + 0x67, 0x68, 0x74, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x50, 0x61, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x07, 0x50, 0x61, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x12, 0x18, + 0x0a, 0x07, 0x57, 0x61, 0x72, 0x6e, 0x69, 0x6e, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, + 0x07, 0x57, 0x61, 0x72, 0x6e, 0x69, 0x6e, 0x67, 0x42, 0x2d, 0x5a, 0x2b, 0x67, 0x69, 0x74, 0x68, + 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, + 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, + 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } -func init() { - proto.RegisterFile("proto/pbservice/service.proto", fileDescriptor_cbb99233b75fb80b) +var ( + file_proto_pbservice_service_proto_rawDescOnce sync.Once + file_proto_pbservice_service_proto_rawDescData = file_proto_pbservice_service_proto_rawDesc +) + +func file_proto_pbservice_service_proto_rawDescGZIP() []byte { + file_proto_pbservice_service_proto_rawDescOnce.Do(func() { + file_proto_pbservice_service_proto_rawDescData = protoimpl.X.CompressGZIP(file_proto_pbservice_service_proto_rawDescData) + }) + return file_proto_pbservice_service_proto_rawDescData } -var fileDescriptor_cbb99233b75fb80b = []byte{ - // 1086 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x56, 0xef, 0x6e, 0x1b, 0x45, - 0x10, 0x97, 0xff, 0xdb, 0x93, 0xe0, 0x24, 0x9b, 0x10, 0x8e, 0xd0, 0xa2, 0xf4, 0x84, 0x4a, 0xd4, - 0x06, 0xbb, 0x4d, 0x24, 0x40, 0x95, 0x88, 0x44, 0xe3, 0x80, 0x2a, 0x9a, 0xd6, 0xba, 0x18, 0x55, - 0x02, 0xf1, 0x61, 0x7d, 0xb7, 0xb1, 0x4f, 0xb9, 0xec, 0x59, 0xbb, 0xeb, 0x50, 0xbf, 0x15, 0x6f, - 0xc0, 0x1b, 0xf0, 0x89, 0x07, 0x42, 0x3b, 0xbb, 0x77, 0x59, 0xdf, 0x1d, 0x15, 0x7c, 0xf2, 0xee, - 0xfc, 0xe6, 0x37, 0xbb, 0x9e, 0xf9, 0xcd, 0xec, 0xc1, 0xc3, 0x85, 0x48, 0x55, 0x3a, 0x5c, 0x4c, - 0x25, 0x13, 0x77, 0x71, 0xc8, 0x86, 0xf6, 0x77, 0x80, 0x76, 0xd2, 0xcb, 0x81, 0x83, 0x07, 0xb3, - 0x34, 0x9d, 0x25, 0x6c, 0x88, 0xc0, 0x74, 0x79, 0x3d, 0x94, 0x4a, 0x2c, 0x43, 0x65, 0x1c, 0x0f, - 0x3e, 0xcb, 0xe2, 0x84, 0xe9, 0xed, 0x6d, 0xca, 0x87, 0xe6, 0xc7, 0x82, 0x8f, 0x8a, 0x87, 0xcc, - 0x19, 0x4d, 0xd4, 0x3c, 0x9c, 0xb3, 0xf0, 0xc6, 0xb8, 0xf8, 0x7f, 0x35, 0x81, 0x9c, 0xa7, 0x9c, - 0xb3, 0x50, 0x8d, 0x45, 0xfa, 0x7e, 0x75, 0x9e, 0xf2, 0xeb, 0x78, 0x46, 0xbe, 0x86, 0xfd, 0x11, - 0x93, 0x2a, 0xe6, 0x54, 0xc5, 0x29, 0xbf, 0x32, 0xf4, 0x37, 0xf4, 0x96, 0x79, 0xb5, 0xc3, 0xda, - 0x51, 0x2f, 0xf8, 0x17, 0x94, 0x9c, 0xc0, 0x5e, 0x19, 0x79, 0x35, 0xf2, 0xea, 0xc8, 0xaa, 0xc4, - 0xc8, 0x33, 0xd8, 0x7d, 0x9d, 0x86, 0x34, 0xb1, 0x96, 0xef, 0xa3, 0x48, 0x30, 0x29, 0xbd, 0x06, - 0x52, 0xaa, 0x20, 0xf2, 0x04, 0xb6, 0x5d, 0xf3, 0x38, 0x15, 0xca, 0x6b, 0x1e, 0xd6, 0x8e, 0x5a, - 0x41, 0xc9, 0x4e, 0x86, 0xd0, 0x36, 0xff, 0xc9, 0x6b, 0x1d, 0xd6, 0x8e, 0x36, 0x4e, 0x3e, 0x19, - 0x98, 0x7c, 0x0e, 0xb2, 0x7c, 0x0e, 0xae, 0x30, 0x9f, 0x81, 0x75, 0x23, 0xcf, 0xa1, 0xf7, 0xf3, - 0x42, 0x2a, 0xc1, 0xe8, 0xad, 0xf4, 0xda, 0x87, 0x8d, 0xa3, 0x8d, 0x93, 0xdd, 0x41, 0x9e, 0xc2, - 0x41, 0x86, 0x05, 0xf7, 0x5e, 0xe4, 0x0c, 0x36, 0x2e, 0x99, 0x9c, 0xff, 0x48, 0x15, 0xfb, 0x9d, - 0xae, 0xbc, 0x0e, 0x1e, 0xf4, 0xc0, 0x21, 0x39, 0xa8, 0x39, 0x25, 0x70, 0x09, 0xfa, 0x8e, 0x17, - 0xef, 0x17, 0xa9, 0x64, 0x5e, 0xd7, 0xde, 0xf1, 0x9e, 0x6a, 0x00, 0xcb, 0xb2, 0x6e, 0x84, 0x40, - 0xf3, 0x32, 0x8d, 0x98, 0xd7, 0xc3, 0x1c, 0xe1, 0x9a, 0x5c, 0xc2, 0xf6, 0x44, 0x50, 0x2e, 0x17, - 0x54, 0x30, 0x6e, 0x8a, 0xe9, 0x01, 0x86, 0x7b, 0xe4, 0x84, 0x2b, 0xba, 0xd8, 0xc0, 0x25, 0xaa, - 0x56, 0x80, 0x9b, 0xcb, 0xab, 0x34, 0xbc, 0x61, 0x6a, 0x4c, 0xd5, 0xdc, 0xdb, 0x30, 0x0a, 0xa8, - 0x46, 0xfd, 0x3f, 0x9b, 0xd0, 0xcd, 0x32, 0x43, 0x8e, 0x60, 0xcb, 0x29, 0xf9, 0x64, 0xb5, 0xc8, - 0xf4, 0x53, 0x34, 0x17, 0x84, 0xa3, 0xb5, 0x24, 0x17, 0x34, 0x64, 0x15, 0xc2, 0xc9, 0xb1, 0x42, - 0x74, 0x54, 0x67, 0xa3, 0x14, 0x1d, 0x65, 0xf9, 0x39, 0xc0, 0x88, 0x2a, 0x1a, 0x32, 0xae, 0x98, - 0x40, 0xa9, 0xf4, 0x02, 0xc7, 0x92, 0x0b, 0xea, 0x65, 0xcc, 0xa3, 0x4c, 0x7f, 0x2d, 0xf4, 0x2a, - 0xd9, 0xc9, 0x17, 0xf0, 0x51, 0x6e, 0x43, 0xe5, 0xb5, 0x51, 0x79, 0xeb, 0x46, 0x47, 0x76, 0x9d, - 0xff, 0x26, 0xbb, 0x82, 0x86, 0xba, 0xff, 0x57, 0x43, 0xcf, 0x60, 0xf7, 0x9c, 0x71, 0x25, 0x68, - 0x92, 0x58, 0x7c, 0x29, 0x58, 0x84, 0x0a, 0xe9, 0x06, 0x55, 0x50, 0xde, 0x77, 0xfa, 0xce, 0x4e, - 0x79, 0xc1, 0xe9, 0xbb, 0x75, 0xa8, 0x82, 0x81, 0x2a, 0xdc, 0xa8, 0x64, 0xa0, 0x28, 0xd7, 0xcb, - 0x3a, 0xa6, 0x42, 0xc5, 0x7a, 0xe1, 0x6d, 0x96, 0xca, 0x9a, 0x63, 0x3e, 0x87, 0xbe, 0x95, 0x95, - 0x1d, 0x4c, 0x64, 0x1f, 0xda, 0x6f, 0xa8, 0x8a, 0xef, 0x8c, 0x7a, 0xba, 0x81, 0xdd, 0x91, 0x11, - 0xf4, 0xaf, 0xe2, 0x88, 0x85, 0x54, 0x58, 0x02, 0xd6, 0x7f, 0x3d, 0x6d, 0x16, 0x19, 0xb1, 0xeb, - 0x98, 0x63, 0xfc, 0xa0, 0xc0, 0xf1, 0xaf, 0x60, 0xd3, 0x6d, 0x32, 0x7d, 0xda, 0xb9, 0x9e, 0x90, - 0x32, 0x3b, 0xcd, 0xec, 0xc8, 0x53, 0x68, 0xe9, 0x2c, 0x48, 0xaf, 0x8e, 0x43, 0xe1, 0xe3, 0x52, - 0x93, 0x6a, 0x34, 0x30, 0x3e, 0xfe, 0x1f, 0x35, 0x80, 0x7b, 0x2b, 0xf1, 0x61, 0xf3, 0x75, 0x2c, - 0x15, 0xe3, 0x4c, 0xa0, 0x66, 0x6a, 0xa8, 0x99, 0x35, 0x9b, 0x6e, 0x6a, 0x2c, 0x80, 0x91, 0x3c, - 0xae, 0x73, 0xb1, 0xe9, 0x0d, 0x12, 0x1b, 0x8e, 0xd8, 0x32, 0x23, 0x39, 0x80, 0xee, 0x58, 0xcb, - 0x2a, 0x4c, 0x13, 0x2b, 0xee, 0x7c, 0xaf, 0x9b, 0x64, 0x4c, 0x85, 0x64, 0xd1, 0x0f, 0x22, 0xbd, - 0xc5, 0x7f, 0x82, 0xca, 0xee, 0x06, 0x45, 0xb3, 0xff, 0x25, 0xec, 0x94, 0x34, 0x96, 0x4f, 0x9a, - 0xda, 0xfd, 0xa4, 0xf1, 0x15, 0xec, 0x57, 0x8f, 0x11, 0x5d, 0xee, 0xb7, 0x4b, 0x35, 0x4d, 0x97, - 0x3c, 0xaa, 0xf8, 0xbb, 0x95, 0x18, 0x79, 0x0c, 0xfd, 0x51, 0x4c, 0x13, 0x16, 0x8d, 0x62, 0xc1, - 0x42, 0x95, 0xac, 0x30, 0x01, 0xdd, 0xa0, 0x60, 0xf5, 0xff, 0x6e, 0xc3, 0x4e, 0xa9, 0x98, 0xfa, - 0x7e, 0x3f, 0xc5, 0x3c, 0xca, 0xee, 0xa7, 0xd7, 0xa4, 0x0f, 0xf5, 0xfc, 0xc9, 0xa9, 0xbf, 0x1a, - 0x69, 0x1f, 0x67, 0x38, 0xe0, 0x5a, 0xdb, 0x26, 0x74, 0x26, 0xbd, 0xe6, 0x61, 0x43, 0xdb, 0xf4, - 0x9a, 0x78, 0xd0, 0x59, 0x6f, 0xfe, 0x6c, 0x4b, 0x7e, 0x85, 0xad, 0x09, 0x9d, 0xcd, 0x58, 0x36, - 0x04, 0x98, 0xf4, 0xb6, 0x51, 0x04, 0xcf, 0x3f, 0xa4, 0xb4, 0x41, 0x81, 0x73, 0xc1, 0x95, 0x58, - 0x05, 0xc5, 0x48, 0xe4, 0x05, 0x34, 0x2f, 0x99, 0xa2, 0xf6, 0xad, 0x79, 0xfc, 0xc1, 0x88, 0xda, - 0xd1, 0x84, 0x41, 0x0e, 0x6a, 0x46, 0x27, 0xb8, 0x83, 0x09, 0xc6, 0xb5, 0x1e, 0x76, 0x4e, 0x3b, - 0x13, 0x33, 0xec, 0x9c, 0x2e, 0x7e, 0x02, 0x2d, 0xa3, 0x03, 0x33, 0x63, 0xf6, 0x9c, 0x03, 0xd1, - 0xae, 0xe7, 0x71, 0x60, 0x5c, 0xc8, 0x71, 0xde, 0x0b, 0x3d, 0xbc, 0x5d, 0xb5, 0x73, 0xd6, 0x21, - 0xc7, 0xd0, 0x79, 0xc7, 0xe2, 0xd9, 0x5c, 0x49, 0xfb, 0xf2, 0x10, 0xc7, 0xdd, 0x22, 0x41, 0xe6, - 0x42, 0xf6, 0xa0, 0x35, 0x49, 0x6f, 0x18, 0xb7, 0xf3, 0xc3, 0x6c, 0xc8, 0x31, 0xec, 0x5c, 0x70, - 0x3a, 0x4d, 0xd8, 0x84, 0xce, 0xde, 0xde, 0x31, 0x21, 0xe2, 0x88, 0xe1, 0xb8, 0xe8, 0x06, 0x65, - 0x80, 0x9c, 0x42, 0xcb, 0xbc, 0x74, 0x7d, 0x3c, 0xef, 0xa1, 0x7b, 0xbd, 0xd2, 0x57, 0x4d, 0x60, - 0x7c, 0xc9, 0x19, 0xf4, 0x2f, 0xf4, 0xd8, 0x5f, 0x88, 0x58, 0x32, 0x4c, 0xfd, 0x0e, 0xb2, 0xf7, - 0x07, 0xf6, 0xeb, 0x69, 0x1d, 0x0d, 0x0a, 0xde, 0xe4, 0x14, 0x3a, 0x36, 0xb8, 0xb7, 0x85, 0xc4, - 0x4f, 0xcb, 0x35, 0xb3, 0x0e, 0x41, 0xe6, 0x79, 0xf0, 0x1b, 0xec, 0x55, 0xc9, 0x81, 0x6c, 0x43, - 0xe3, 0x86, 0xad, 0xac, 0x7e, 0xf5, 0x92, 0x0c, 0xa1, 0x75, 0x47, 0x93, 0xa5, 0x79, 0xfb, 0x2a, - 0x83, 0xdb, 0x10, 0x81, 0xf1, 0x7b, 0x51, 0xff, 0xb6, 0x76, 0xf0, 0x0d, 0xf4, 0x72, 0x6d, 0x54, - 0xc4, 0xdc, 0x73, 0x63, 0xf6, 0x1c, 0xa2, 0x7f, 0x96, 0x4f, 0xdb, 0x4c, 0xec, 0x4e, 0x1b, 0xd4, - 0xd6, 0xdb, 0x20, 0x53, 0x5b, 0xfd, 0x5e, 0x6d, 0xfe, 0x77, 0x79, 0xcd, 0x35, 0x71, 0x4c, 0xa5, - 0x8c, 0xf9, 0xcc, 0x36, 0x7c, 0xb6, 0xd5, 0xc8, 0x3b, 0x2a, 0xb8, 0x46, 0x0c, 0x37, 0xdb, 0xbe, - 0xfc, 0xea, 0x97, 0xa7, 0xb3, 0x58, 0xcd, 0x97, 0x53, 0x9d, 0xfb, 0xe1, 0x9c, 0xca, 0x79, 0x1c, - 0xa6, 0x62, 0x31, 0x0c, 0x53, 0x2e, 0x97, 0xc9, 0xb0, 0xf0, 0x01, 0x3b, 0x6d, 0xa3, 0xe1, 0xf4, - 0x9f, 0x00, 0x00, 0x00, 0xff, 0xff, 0xba, 0x23, 0xd7, 0x20, 0x3f, 0x0b, 0x00, 0x00, +var file_proto_pbservice_service_proto_msgTypes = make([]protoimpl.MessageInfo, 12) +var file_proto_pbservice_service_proto_goTypes = []interface{}{ + (*ConnectProxyConfig)(nil), // 0: pbservice.ConnectProxyConfig + (*Upstream)(nil), // 1: pbservice.Upstream + (*ServiceConnect)(nil), // 2: pbservice.ServiceConnect + (*ExposeConfig)(nil), // 3: pbservice.ExposeConfig + (*ExposePath)(nil), // 4: pbservice.ExposePath + (*MeshGatewayConfig)(nil), // 5: pbservice.MeshGatewayConfig + (*TransparentProxyConfig)(nil), // 6: pbservice.TransparentProxyConfig + (*ServiceDefinition)(nil), // 7: pbservice.ServiceDefinition + (*ServiceAddress)(nil), // 8: pbservice.ServiceAddress + (*Weights)(nil), // 9: pbservice.Weights + nil, // 10: pbservice.ServiceDefinition.TaggedAddressesEntry + nil, // 11: pbservice.ServiceDefinition.MetaEntry + (*structpb.Struct)(nil), // 12: google.protobuf.Struct + (*CheckType)(nil), // 13: pbservice.CheckType + (*pbcommon.EnterpriseMeta)(nil), // 14: common.EnterpriseMeta +} +var file_proto_pbservice_service_proto_depIdxs = []int32{ + 12, // 0: pbservice.ConnectProxyConfig.Config:type_name -> google.protobuf.Struct + 1, // 1: pbservice.ConnectProxyConfig.Upstreams:type_name -> pbservice.Upstream + 5, // 2: pbservice.ConnectProxyConfig.MeshGateway:type_name -> pbservice.MeshGatewayConfig + 3, // 3: pbservice.ConnectProxyConfig.Expose:type_name -> pbservice.ExposeConfig + 6, // 4: pbservice.ConnectProxyConfig.TransparentProxy:type_name -> pbservice.TransparentProxyConfig + 12, // 5: pbservice.Upstream.Config:type_name -> google.protobuf.Struct + 5, // 6: pbservice.Upstream.MeshGateway:type_name -> pbservice.MeshGatewayConfig + 7, // 7: pbservice.ServiceConnect.SidecarService:type_name -> pbservice.ServiceDefinition + 4, // 8: pbservice.ExposeConfig.Paths:type_name -> pbservice.ExposePath + 10, // 9: pbservice.ServiceDefinition.TaggedAddresses:type_name -> pbservice.ServiceDefinition.TaggedAddressesEntry + 11, // 10: pbservice.ServiceDefinition.Meta:type_name -> pbservice.ServiceDefinition.MetaEntry + 13, // 11: pbservice.ServiceDefinition.Check:type_name -> pbservice.CheckType + 13, // 12: pbservice.ServiceDefinition.Checks:type_name -> pbservice.CheckType + 9, // 13: pbservice.ServiceDefinition.Weights:type_name -> pbservice.Weights + 0, // 14: pbservice.ServiceDefinition.Proxy:type_name -> pbservice.ConnectProxyConfig + 14, // 15: pbservice.ServiceDefinition.EnterpriseMeta:type_name -> common.EnterpriseMeta + 2, // 16: pbservice.ServiceDefinition.Connect:type_name -> pbservice.ServiceConnect + 8, // 17: pbservice.ServiceDefinition.TaggedAddressesEntry.value:type_name -> pbservice.ServiceAddress + 18, // [18:18] is the sub-list for method output_type + 18, // [18:18] is the sub-list for method input_type + 18, // [18:18] is the sub-list for extension type_name + 18, // [18:18] is the sub-list for extension extendee + 0, // [0:18] is the sub-list for field type_name +} + +func init() { file_proto_pbservice_service_proto_init() } +func file_proto_pbservice_service_proto_init() { + if File_proto_pbservice_service_proto != nil { + return + } + file_proto_pbservice_healthcheck_proto_init() + if !protoimpl.UnsafeEnabled { + file_proto_pbservice_service_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ConnectProxyConfig); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_proto_pbservice_service_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Upstream); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_proto_pbservice_service_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ServiceConnect); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_proto_pbservice_service_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ExposeConfig); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_proto_pbservice_service_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ExposePath); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_proto_pbservice_service_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*MeshGatewayConfig); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_proto_pbservice_service_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*TransparentProxyConfig); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_proto_pbservice_service_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ServiceDefinition); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_proto_pbservice_service_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ServiceAddress); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_proto_pbservice_service_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Weights); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_proto_pbservice_service_proto_rawDesc, + NumEnums: 0, + NumMessages: 12, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_proto_pbservice_service_proto_goTypes, + DependencyIndexes: file_proto_pbservice_service_proto_depIdxs, + MessageInfos: file_proto_pbservice_service_proto_msgTypes, + }.Build() + File_proto_pbservice_service_proto = out.File + file_proto_pbservice_service_proto_rawDesc = nil + file_proto_pbservice_service_proto_goTypes = nil + file_proto_pbservice_service_proto_depIdxs = nil } diff --git a/proto/pbsubscribe/subscribe.pb.go b/proto/pbsubscribe/subscribe.pb.go index 9df5bba25..851991ed0 100644 --- a/proto/pbsubscribe/subscribe.pb.go +++ b/proto/pbsubscribe/subscribe.pb.go @@ -1,29 +1,37 @@ +// +//Package event provides a service for subscribing to state change events. + // Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.23.0 +// protoc v3.15.8 // source: proto/pbsubscribe/subscribe.proto package pbsubscribe import ( context "context" - fmt "fmt" proto "github.com/golang/protobuf/proto" pbservice "github.com/hashicorp/consul/proto/pbservice" grpc "google.golang.org/grpc" codes "google.golang.org/grpc/codes" status "google.golang.org/grpc/status" - math "math" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" ) -// Reference imports to suppress errors if they are not otherwise used. -var _ = proto.Marshal -var _ = fmt.Errorf -var _ = math.Inf +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) -// This is a compile-time assertion to ensure that this generated file -// is compatible with the proto package it is being compiled against. -// A compilation error at this line likely means your copy of the -// proto package needs to be updated. -const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package +// This is a compile-time assertion that a sufficiently up-to-date version +// of the legacy proto package is being used. +const _ = proto.ProtoPackageIsVersion4 // Topic enumerates the supported event topics. type Topic int32 @@ -37,24 +45,45 @@ const ( Topic_ServiceHealthConnect Topic = 2 ) -var Topic_name = map[int32]string{ - 0: "Unknown", - 1: "ServiceHealth", - 2: "ServiceHealthConnect", -} +// Enum value maps for Topic. +var ( + Topic_name = map[int32]string{ + 0: "Unknown", + 1: "ServiceHealth", + 2: "ServiceHealthConnect", + } + Topic_value = map[string]int32{ + "Unknown": 0, + "ServiceHealth": 1, + "ServiceHealthConnect": 2, + } +) -var Topic_value = map[string]int32{ - "Unknown": 0, - "ServiceHealth": 1, - "ServiceHealthConnect": 2, +func (x Topic) Enum() *Topic { + p := new(Topic) + *p = x + return p } func (x Topic) String() string { - return proto.EnumName(Topic_name, int32(x)) + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) } +func (Topic) Descriptor() protoreflect.EnumDescriptor { + return file_proto_pbsubscribe_subscribe_proto_enumTypes[0].Descriptor() +} + +func (Topic) Type() protoreflect.EnumType { + return &file_proto_pbsubscribe_subscribe_proto_enumTypes[0] +} + +func (x Topic) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use Topic.Descriptor instead. func (Topic) EnumDescriptor() ([]byte, []int) { - return fileDescriptor_ab3eb8c810e315fb, []int{0} + return file_proto_pbsubscribe_subscribe_proto_rawDescGZIP(), []int{0} } type CatalogOp int32 @@ -64,26 +93,51 @@ const ( CatalogOp_Deregister CatalogOp = 1 ) -var CatalogOp_name = map[int32]string{ - 0: "Register", - 1: "Deregister", -} +// Enum value maps for CatalogOp. +var ( + CatalogOp_name = map[int32]string{ + 0: "Register", + 1: "Deregister", + } + CatalogOp_value = map[string]int32{ + "Register": 0, + "Deregister": 1, + } +) -var CatalogOp_value = map[string]int32{ - "Register": 0, - "Deregister": 1, +func (x CatalogOp) Enum() *CatalogOp { + p := new(CatalogOp) + *p = x + return p } func (x CatalogOp) String() string { - return proto.EnumName(CatalogOp_name, int32(x)) + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) } +func (CatalogOp) Descriptor() protoreflect.EnumDescriptor { + return file_proto_pbsubscribe_subscribe_proto_enumTypes[1].Descriptor() +} + +func (CatalogOp) Type() protoreflect.EnumType { + return &file_proto_pbsubscribe_subscribe_proto_enumTypes[1] +} + +func (x CatalogOp) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use CatalogOp.Descriptor instead. func (CatalogOp) EnumDescriptor() ([]byte, []int) { - return fileDescriptor_ab3eb8c810e315fb, []int{1} + return file_proto_pbsubscribe_subscribe_proto_rawDescGZIP(), []int{1} } // SubscribeRequest used to subscribe to a topic. type SubscribeRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + // Topic identifies the set of events the subscriber is interested in. Topic Topic `protobuf:"varint,1,opt,name=Topic,proto3,enum=subscribe.Topic" json:"Topic,omitempty"` // Key is a topic-specific identifier that restricts the scope of the @@ -115,82 +169,86 @@ type SubscribeRequest struct { // default partition will be used. // // Partition is an enterprise-only feature. - Partition string `protobuf:"bytes,7,opt,name=Partition,proto3" json:"Partition,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + Partition string `protobuf:"bytes,7,opt,name=Partition,proto3" json:"Partition,omitempty"` } -func (m *SubscribeRequest) Reset() { *m = SubscribeRequest{} } -func (m *SubscribeRequest) String() string { return proto.CompactTextString(m) } -func (*SubscribeRequest) ProtoMessage() {} +func (x *SubscribeRequest) Reset() { + *x = SubscribeRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_pbsubscribe_subscribe_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *SubscribeRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*SubscribeRequest) ProtoMessage() {} + +func (x *SubscribeRequest) ProtoReflect() protoreflect.Message { + mi := &file_proto_pbsubscribe_subscribe_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use SubscribeRequest.ProtoReflect.Descriptor instead. func (*SubscribeRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ab3eb8c810e315fb, []int{0} + return file_proto_pbsubscribe_subscribe_proto_rawDescGZIP(), []int{0} } -func (m *SubscribeRequest) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_SubscribeRequest.Unmarshal(m, b) -} -func (m *SubscribeRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_SubscribeRequest.Marshal(b, m, deterministic) -} -func (m *SubscribeRequest) XXX_Merge(src proto.Message) { - xxx_messageInfo_SubscribeRequest.Merge(m, src) -} -func (m *SubscribeRequest) XXX_Size() int { - return xxx_messageInfo_SubscribeRequest.Size(m) -} -func (m *SubscribeRequest) XXX_DiscardUnknown() { - xxx_messageInfo_SubscribeRequest.DiscardUnknown(m) -} - -var xxx_messageInfo_SubscribeRequest proto.InternalMessageInfo - -func (m *SubscribeRequest) GetTopic() Topic { - if m != nil { - return m.Topic +func (x *SubscribeRequest) GetTopic() Topic { + if x != nil { + return x.Topic } return Topic_Unknown } -func (m *SubscribeRequest) GetKey() string { - if m != nil { - return m.Key +func (x *SubscribeRequest) GetKey() string { + if x != nil { + return x.Key } return "" } -func (m *SubscribeRequest) GetToken() string { - if m != nil { - return m.Token +func (x *SubscribeRequest) GetToken() string { + if x != nil { + return x.Token } return "" } -func (m *SubscribeRequest) GetIndex() uint64 { - if m != nil { - return m.Index +func (x *SubscribeRequest) GetIndex() uint64 { + if x != nil { + return x.Index } return 0 } -func (m *SubscribeRequest) GetDatacenter() string { - if m != nil { - return m.Datacenter +func (x *SubscribeRequest) GetDatacenter() string { + if x != nil { + return x.Datacenter } return "" } -func (m *SubscribeRequest) GetNamespace() string { - if m != nil { - return m.Namespace +func (x *SubscribeRequest) GetNamespace() string { + if x != nil { + return x.Namespace } return "" } -func (m *SubscribeRequest) GetPartition() string { - if m != nil { - return m.Partition +func (x *SubscribeRequest) GetPartition() string { + if x != nil { + return x.Partition } return "" } @@ -199,6 +257,10 @@ func (m *SubscribeRequest) GetPartition() string { // describe the current "snapshot" of the result as well as ongoing mutations to // that snapshot. type Event struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + // Index is the raft index at which the mutation took place. At the top // level of a subscription there will always be at most one Event per index. // If multiple events are published to the same topic in a single raft @@ -207,66 +269,118 @@ type Event struct { Index uint64 `protobuf:"varint,1,opt,name=Index,proto3" json:"Index,omitempty"` // Payload is the actual event content. // - // Types that are valid to be assigned to Payload: + // Types that are assignable to Payload: // *Event_EndOfSnapshot // *Event_NewSnapshotToFollow // *Event_EventBatch // *Event_ServiceHealth - Payload isEvent_Payload `protobuf_oneof:"Payload"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + Payload isEvent_Payload `protobuf_oneof:"Payload"` } -func (m *Event) Reset() { *m = Event{} } -func (m *Event) String() string { return proto.CompactTextString(m) } -func (*Event) ProtoMessage() {} +func (x *Event) Reset() { + *x = Event{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_pbsubscribe_subscribe_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Event) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Event) ProtoMessage() {} + +func (x *Event) ProtoReflect() protoreflect.Message { + mi := &file_proto_pbsubscribe_subscribe_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Event.ProtoReflect.Descriptor instead. func (*Event) Descriptor() ([]byte, []int) { - return fileDescriptor_ab3eb8c810e315fb, []int{1} + return file_proto_pbsubscribe_subscribe_proto_rawDescGZIP(), []int{1} } -func (m *Event) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_Event.Unmarshal(m, b) -} -func (m *Event) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_Event.Marshal(b, m, deterministic) -} -func (m *Event) XXX_Merge(src proto.Message) { - xxx_messageInfo_Event.Merge(m, src) -} -func (m *Event) XXX_Size() int { - return xxx_messageInfo_Event.Size(m) -} -func (m *Event) XXX_DiscardUnknown() { - xxx_messageInfo_Event.DiscardUnknown(m) -} - -var xxx_messageInfo_Event proto.InternalMessageInfo - -func (m *Event) GetIndex() uint64 { - if m != nil { - return m.Index +func (x *Event) GetIndex() uint64 { + if x != nil { + return x.Index } return 0 } +func (m *Event) GetPayload() isEvent_Payload { + if m != nil { + return m.Payload + } + return nil +} + +func (x *Event) GetEndOfSnapshot() bool { + if x, ok := x.GetPayload().(*Event_EndOfSnapshot); ok { + return x.EndOfSnapshot + } + return false +} + +func (x *Event) GetNewSnapshotToFollow() bool { + if x, ok := x.GetPayload().(*Event_NewSnapshotToFollow); ok { + return x.NewSnapshotToFollow + } + return false +} + +func (x *Event) GetEventBatch() *EventBatch { + if x, ok := x.GetPayload().(*Event_EventBatch); ok { + return x.EventBatch + } + return nil +} + +func (x *Event) GetServiceHealth() *ServiceHealthUpdate { + if x, ok := x.GetPayload().(*Event_ServiceHealth); ok { + return x.ServiceHealth + } + return nil +} + type isEvent_Payload interface { isEvent_Payload() } type Event_EndOfSnapshot struct { + // EndOfSnapshot indicates the event stream for the initial snapshot has + // ended. Subsequent Events delivered will be mutations to that result. EndOfSnapshot bool `protobuf:"varint,2,opt,name=EndOfSnapshot,proto3,oneof"` } type Event_NewSnapshotToFollow struct { + // NewSnapshotToFollow indicates that the client view is stale. The client + // must reset its view before handing any more events. Subsequent events + // in the stream will be for a new snapshot until an EndOfSnapshot event + // is received. NewSnapshotToFollow bool `protobuf:"varint,3,opt,name=NewSnapshotToFollow,proto3,oneof"` } type Event_EventBatch struct { + // EventBatch is a set of events. This is typically used as the payload + // type where multiple events are emitted in a single topic and raft + // index (e.g. transactional updates). In this case the Topic and Index + // values of all events will match and the whole set should be delivered + // and consumed atomically. EventBatch *EventBatch `protobuf:"bytes,4,opt,name=EventBatch,proto3,oneof"` } type Event_ServiceHealth struct { + // ServiceHealth is used for ServiceHealth and ServiceHealthConnect + // topics. ServiceHealth *ServiceHealthUpdate `protobuf:"bytes,10,opt,name=ServiceHealth,proto3,oneof"` } @@ -278,185 +392,295 @@ func (*Event_EventBatch) isEvent_Payload() {} func (*Event_ServiceHealth) isEvent_Payload() {} -func (m *Event) GetPayload() isEvent_Payload { - if m != nil { - return m.Payload - } - return nil -} - -func (m *Event) GetEndOfSnapshot() bool { - if x, ok := m.GetPayload().(*Event_EndOfSnapshot); ok { - return x.EndOfSnapshot - } - return false -} - -func (m *Event) GetNewSnapshotToFollow() bool { - if x, ok := m.GetPayload().(*Event_NewSnapshotToFollow); ok { - return x.NewSnapshotToFollow - } - return false -} - -func (m *Event) GetEventBatch() *EventBatch { - if x, ok := m.GetPayload().(*Event_EventBatch); ok { - return x.EventBatch - } - return nil -} - -func (m *Event) GetServiceHealth() *ServiceHealthUpdate { - if x, ok := m.GetPayload().(*Event_ServiceHealth); ok { - return x.ServiceHealth - } - return nil -} - -// XXX_OneofWrappers is for the internal use of the proto package. -func (*Event) XXX_OneofWrappers() []interface{} { - return []interface{}{ - (*Event_EndOfSnapshot)(nil), - (*Event_NewSnapshotToFollow)(nil), - (*Event_EventBatch)(nil), - (*Event_ServiceHealth)(nil), - } -} - type EventBatch struct { - Events []*Event `protobuf:"bytes,1,rep,name=Events,proto3" json:"Events,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Events []*Event `protobuf:"bytes,1,rep,name=Events,proto3" json:"Events,omitempty"` } -func (m *EventBatch) Reset() { *m = EventBatch{} } -func (m *EventBatch) String() string { return proto.CompactTextString(m) } -func (*EventBatch) ProtoMessage() {} +func (x *EventBatch) Reset() { + *x = EventBatch{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_pbsubscribe_subscribe_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *EventBatch) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*EventBatch) ProtoMessage() {} + +func (x *EventBatch) ProtoReflect() protoreflect.Message { + mi := &file_proto_pbsubscribe_subscribe_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use EventBatch.ProtoReflect.Descriptor instead. func (*EventBatch) Descriptor() ([]byte, []int) { - return fileDescriptor_ab3eb8c810e315fb, []int{2} + return file_proto_pbsubscribe_subscribe_proto_rawDescGZIP(), []int{2} } -func (m *EventBatch) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_EventBatch.Unmarshal(m, b) -} -func (m *EventBatch) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_EventBatch.Marshal(b, m, deterministic) -} -func (m *EventBatch) XXX_Merge(src proto.Message) { - xxx_messageInfo_EventBatch.Merge(m, src) -} -func (m *EventBatch) XXX_Size() int { - return xxx_messageInfo_EventBatch.Size(m) -} -func (m *EventBatch) XXX_DiscardUnknown() { - xxx_messageInfo_EventBatch.DiscardUnknown(m) -} - -var xxx_messageInfo_EventBatch proto.InternalMessageInfo - -func (m *EventBatch) GetEvents() []*Event { - if m != nil { - return m.Events +func (x *EventBatch) GetEvents() []*Event { + if x != nil { + return x.Events } return nil } type ServiceHealthUpdate struct { - Op CatalogOp `protobuf:"varint,1,opt,name=Op,proto3,enum=subscribe.CatalogOp" json:"Op,omitempty"` - CheckServiceNode *pbservice.CheckServiceNode `protobuf:"bytes,2,opt,name=CheckServiceNode,proto3" json:"CheckServiceNode,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Op CatalogOp `protobuf:"varint,1,opt,name=Op,proto3,enum=subscribe.CatalogOp" json:"Op,omitempty"` + CheckServiceNode *pbservice.CheckServiceNode `protobuf:"bytes,2,opt,name=CheckServiceNode,proto3" json:"CheckServiceNode,omitempty"` } -func (m *ServiceHealthUpdate) Reset() { *m = ServiceHealthUpdate{} } -func (m *ServiceHealthUpdate) String() string { return proto.CompactTextString(m) } -func (*ServiceHealthUpdate) ProtoMessage() {} +func (x *ServiceHealthUpdate) Reset() { + *x = ServiceHealthUpdate{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_pbsubscribe_subscribe_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ServiceHealthUpdate) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ServiceHealthUpdate) ProtoMessage() {} + +func (x *ServiceHealthUpdate) ProtoReflect() protoreflect.Message { + mi := &file_proto_pbsubscribe_subscribe_proto_msgTypes[3] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ServiceHealthUpdate.ProtoReflect.Descriptor instead. func (*ServiceHealthUpdate) Descriptor() ([]byte, []int) { - return fileDescriptor_ab3eb8c810e315fb, []int{3} + return file_proto_pbsubscribe_subscribe_proto_rawDescGZIP(), []int{3} } -func (m *ServiceHealthUpdate) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_ServiceHealthUpdate.Unmarshal(m, b) -} -func (m *ServiceHealthUpdate) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_ServiceHealthUpdate.Marshal(b, m, deterministic) -} -func (m *ServiceHealthUpdate) XXX_Merge(src proto.Message) { - xxx_messageInfo_ServiceHealthUpdate.Merge(m, src) -} -func (m *ServiceHealthUpdate) XXX_Size() int { - return xxx_messageInfo_ServiceHealthUpdate.Size(m) -} -func (m *ServiceHealthUpdate) XXX_DiscardUnknown() { - xxx_messageInfo_ServiceHealthUpdate.DiscardUnknown(m) -} - -var xxx_messageInfo_ServiceHealthUpdate proto.InternalMessageInfo - -func (m *ServiceHealthUpdate) GetOp() CatalogOp { - if m != nil { - return m.Op +func (x *ServiceHealthUpdate) GetOp() CatalogOp { + if x != nil { + return x.Op } return CatalogOp_Register } -func (m *ServiceHealthUpdate) GetCheckServiceNode() *pbservice.CheckServiceNode { - if m != nil { - return m.CheckServiceNode +func (x *ServiceHealthUpdate) GetCheckServiceNode() *pbservice.CheckServiceNode { + if x != nil { + return x.CheckServiceNode } return nil } -func init() { - proto.RegisterEnum("subscribe.Topic", Topic_name, Topic_value) - proto.RegisterEnum("subscribe.CatalogOp", CatalogOp_name, CatalogOp_value) - proto.RegisterType((*SubscribeRequest)(nil), "subscribe.SubscribeRequest") - proto.RegisterType((*Event)(nil), "subscribe.Event") - proto.RegisterType((*EventBatch)(nil), "subscribe.EventBatch") - proto.RegisterType((*ServiceHealthUpdate)(nil), "subscribe.ServiceHealthUpdate") +var File_proto_pbsubscribe_subscribe_proto protoreflect.FileDescriptor + +var file_proto_pbsubscribe_subscribe_proto_rawDesc = []byte{ + 0x0a, 0x21, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, + 0x69, 0x62, 0x65, 0x2f, 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x12, 0x09, 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x1a, 0x1a, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2f, + 0x6e, 0x6f, 0x64, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xd4, 0x01, 0x0a, 0x10, 0x53, + 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, + 0x26, 0x0a, 0x05, 0x54, 0x6f, 0x70, 0x69, 0x63, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x10, + 0x2e, 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x2e, 0x54, 0x6f, 0x70, 0x69, 0x63, + 0x52, 0x05, 0x54, 0x6f, 0x70, 0x69, 0x63, 0x12, 0x10, 0x0a, 0x03, 0x4b, 0x65, 0x79, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x4b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x54, 0x6f, 0x6b, + 0x65, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, + 0x14, 0x0a, 0x05, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x04, 0x20, 0x01, 0x28, 0x04, 0x52, 0x05, + 0x49, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x1e, 0x0a, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, + 0x74, 0x65, 0x72, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, + 0x65, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x1c, 0x0a, 0x09, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, + 0x63, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, + 0x61, 0x63, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, + 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, + 0x6e, 0x22, 0x85, 0x02, 0x0a, 0x05, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x14, 0x0a, 0x05, 0x49, + 0x6e, 0x64, 0x65, 0x78, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x05, 0x49, 0x6e, 0x64, 0x65, + 0x78, 0x12, 0x26, 0x0a, 0x0d, 0x45, 0x6e, 0x64, 0x4f, 0x66, 0x53, 0x6e, 0x61, 0x70, 0x73, 0x68, + 0x6f, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x48, 0x00, 0x52, 0x0d, 0x45, 0x6e, 0x64, 0x4f, + 0x66, 0x53, 0x6e, 0x61, 0x70, 0x73, 0x68, 0x6f, 0x74, 0x12, 0x32, 0x0a, 0x13, 0x4e, 0x65, 0x77, + 0x53, 0x6e, 0x61, 0x70, 0x73, 0x68, 0x6f, 0x74, 0x54, 0x6f, 0x46, 0x6f, 0x6c, 0x6c, 0x6f, 0x77, + 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x48, 0x00, 0x52, 0x13, 0x4e, 0x65, 0x77, 0x53, 0x6e, 0x61, + 0x70, 0x73, 0x68, 0x6f, 0x74, 0x54, 0x6f, 0x46, 0x6f, 0x6c, 0x6c, 0x6f, 0x77, 0x12, 0x37, 0x0a, + 0x0a, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x42, 0x61, 0x74, 0x63, 0x68, 0x18, 0x04, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x15, 0x2e, 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x2e, 0x45, 0x76, + 0x65, 0x6e, 0x74, 0x42, 0x61, 0x74, 0x63, 0x68, 0x48, 0x00, 0x52, 0x0a, 0x45, 0x76, 0x65, 0x6e, + 0x74, 0x42, 0x61, 0x74, 0x63, 0x68, 0x12, 0x46, 0x0a, 0x0d, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, + 0x65, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, + 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, + 0x65, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x48, 0x00, 0x52, + 0x0d, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x42, 0x09, + 0x0a, 0x07, 0x50, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x22, 0x36, 0x0a, 0x0a, 0x45, 0x76, 0x65, + 0x6e, 0x74, 0x42, 0x61, 0x74, 0x63, 0x68, 0x12, 0x28, 0x0a, 0x06, 0x45, 0x76, 0x65, 0x6e, 0x74, + 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, + 0x69, 0x62, 0x65, 0x2e, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x52, 0x06, 0x45, 0x76, 0x65, 0x6e, 0x74, + 0x73, 0x22, 0x84, 0x01, 0x0a, 0x13, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x48, 0x65, 0x61, + 0x6c, 0x74, 0x68, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x12, 0x24, 0x0a, 0x02, 0x4f, 0x70, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x14, 0x2e, 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, + 0x65, 0x2e, 0x43, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x4f, 0x70, 0x52, 0x02, 0x4f, 0x70, 0x12, + 0x47, 0x0a, 0x10, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4e, + 0x6f, 0x64, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x70, 0x62, 0x73, 0x65, + 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x53, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0x4e, 0x6f, 0x64, 0x65, 0x52, 0x10, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x53, 0x65, 0x72, + 0x76, 0x69, 0x63, 0x65, 0x4e, 0x6f, 0x64, 0x65, 0x2a, 0x41, 0x0a, 0x05, 0x54, 0x6f, 0x70, 0x69, + 0x63, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x6e, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x10, 0x00, 0x12, 0x11, + 0x0a, 0x0d, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x10, + 0x01, 0x12, 0x18, 0x0a, 0x14, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x48, 0x65, 0x61, 0x6c, + 0x74, 0x68, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x10, 0x02, 0x2a, 0x29, 0x0a, 0x09, 0x43, + 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x4f, 0x70, 0x12, 0x0c, 0x0a, 0x08, 0x52, 0x65, 0x67, 0x69, + 0x73, 0x74, 0x65, 0x72, 0x10, 0x00, 0x12, 0x0e, 0x0a, 0x0a, 0x44, 0x65, 0x72, 0x65, 0x67, 0x69, + 0x73, 0x74, 0x65, 0x72, 0x10, 0x01, 0x32, 0x59, 0x0a, 0x17, 0x53, 0x74, 0x61, 0x74, 0x65, 0x43, + 0x68, 0x61, 0x6e, 0x67, 0x65, 0x53, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, + 0x6e, 0x12, 0x3e, 0x0a, 0x09, 0x53, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x12, 0x1b, + 0x2e, 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x2e, 0x53, 0x75, 0x62, 0x73, 0x63, + 0x72, 0x69, 0x62, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x10, 0x2e, 0x73, 0x75, + 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x2e, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x22, 0x00, 0x30, + 0x01, 0x42, 0x2f, 0x5a, 0x2d, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, + 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, + 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, + 0x62, 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } -func init() { - proto.RegisterFile("proto/pbsubscribe/subscribe.proto", fileDescriptor_ab3eb8c810e315fb) +var ( + file_proto_pbsubscribe_subscribe_proto_rawDescOnce sync.Once + file_proto_pbsubscribe_subscribe_proto_rawDescData = file_proto_pbsubscribe_subscribe_proto_rawDesc +) + +func file_proto_pbsubscribe_subscribe_proto_rawDescGZIP() []byte { + file_proto_pbsubscribe_subscribe_proto_rawDescOnce.Do(func() { + file_proto_pbsubscribe_subscribe_proto_rawDescData = protoimpl.X.CompressGZIP(file_proto_pbsubscribe_subscribe_proto_rawDescData) + }) + return file_proto_pbsubscribe_subscribe_proto_rawDescData } -var fileDescriptor_ab3eb8c810e315fb = []byte{ - // 527 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x6c, 0x53, 0x5d, 0x6f, 0xda, 0x3c, - 0x14, 0xc6, 0xb4, 0x85, 0xe6, 0xf0, 0xb6, 0xca, 0xeb, 0x32, 0x2d, 0xa2, 0x53, 0xc5, 0xd0, 0x54, - 0xb1, 0x4a, 0x23, 0x13, 0x93, 0xb6, 0xbb, 0x49, 0x83, 0xb6, 0x63, 0x9a, 0x04, 0x55, 0x68, 0x2f, - 0xb6, 0x3b, 0xe3, 0x9c, 0x91, 0x88, 0xd4, 0xf6, 0x12, 0x53, 0xd6, 0xfb, 0xed, 0x1f, 0xee, 0x07, - 0x4d, 0x31, 0x21, 0x04, 0xe8, 0x9d, 0xcf, 0xf3, 0xe1, 0x63, 0x9f, 0x0f, 0x78, 0xa9, 0x62, 0xa9, - 0xa5, 0xab, 0x26, 0xc9, 0x7c, 0x92, 0xf0, 0x38, 0x9c, 0xa0, 0x9b, 0x9f, 0x3a, 0x86, 0xa3, 0x56, - 0x0e, 0x34, 0x1a, 0xb9, 0x1a, 0xe3, 0x87, 0x90, 0xa3, 0x2b, 0xa4, 0x9f, 0xc9, 0x5a, 0x7f, 0x09, - 0xd8, 0xe3, 0x95, 0xd2, 0xc3, 0x9f, 0x73, 0x4c, 0x34, 0x3d, 0x87, 0x83, 0x5b, 0xa9, 0x42, 0xee, - 0x90, 0x26, 0x69, 0x1f, 0x77, 0xed, 0xce, 0xfa, 0x72, 0x83, 0x7b, 0x4b, 0x9a, 0xda, 0xb0, 0xf7, - 0x15, 0x1f, 0x9d, 0x72, 0x93, 0xb4, 0x2d, 0x2f, 0x3d, 0xd2, 0x7a, 0xea, 0x9c, 0xa1, 0x70, 0xf6, - 0x0c, 0xb6, 0x0c, 0x52, 0xf4, 0x8b, 0xf0, 0xf1, 0x97, 0xb3, 0xdf, 0x24, 0xed, 0x7d, 0x6f, 0x19, - 0xd0, 0x33, 0x80, 0x4b, 0xa6, 0x19, 0x47, 0xa1, 0x31, 0x76, 0x0e, 0x8c, 0xa1, 0x80, 0xd0, 0x17, - 0x60, 0x0d, 0xd9, 0x3d, 0x26, 0x8a, 0x71, 0x74, 0x2a, 0x86, 0x5e, 0x03, 0x29, 0x7b, 0xc3, 0x62, - 0x1d, 0xea, 0x50, 0x0a, 0xa7, 0xba, 0x64, 0x73, 0xa0, 0xf5, 0xa7, 0x0c, 0x07, 0x57, 0x0f, 0x28, - 0xf4, 0x3a, 0x37, 0x29, 0xe6, 0x3e, 0x87, 0xa3, 0x2b, 0xe1, 0x8f, 0x7e, 0x8c, 0x05, 0x53, 0x49, - 0x20, 0xb5, 0xf9, 0xc3, 0xe1, 0xa0, 0xe4, 0x6d, 0xc2, 0xb4, 0x0b, 0x27, 0x43, 0x5c, 0xac, 0xc2, - 0x5b, 0x79, 0x2d, 0xa3, 0x48, 0x2e, 0xcc, 0xef, 0x52, 0xf5, 0x53, 0x24, 0xfd, 0x00, 0x60, 0x52, - 0xf7, 0x98, 0xe6, 0x81, 0xf9, 0x72, 0xad, 0xfb, 0xac, 0x50, 0xc2, 0x35, 0x39, 0x28, 0x79, 0x05, - 0x29, 0xbd, 0x86, 0xa3, 0xf1, 0xb2, 0x43, 0x03, 0x64, 0x91, 0x0e, 0x1c, 0x30, 0xde, 0xb3, 0x82, - 0x77, 0x83, 0xbf, 0x53, 0x3e, 0xd3, 0x98, 0x3e, 0x7a, 0x03, 0xee, 0x59, 0x50, 0xbd, 0x61, 0x8f, - 0x91, 0x64, 0x7e, 0xeb, 0x7d, 0xf1, 0x2d, 0xb4, 0x0d, 0x15, 0x13, 0x25, 0x0e, 0x69, 0xee, 0xb5, - 0x6b, 0x1b, 0x8d, 0x35, 0x84, 0x97, 0xf1, 0xad, 0xdf, 0x04, 0x4e, 0x9e, 0xc8, 0x45, 0x5f, 0x41, - 0x79, 0xa4, 0xb2, 0xb1, 0xa8, 0x17, 0xdc, 0x7d, 0xa6, 0x59, 0x24, 0xa7, 0x23, 0xe5, 0x95, 0x47, - 0x8a, 0x7e, 0x06, 0xbb, 0x1f, 0x20, 0x9f, 0x65, 0x37, 0x0c, 0xa5, 0x8f, 0xa6, 0xc0, 0xb5, 0xee, - 0x69, 0x27, 0x9f, 0xc2, 0xce, 0xb6, 0xc4, 0xdb, 0x31, 0x5d, 0x7c, 0xca, 0x06, 0x91, 0xd6, 0xa0, - 0x7a, 0x27, 0x66, 0x42, 0x2e, 0x84, 0x5d, 0xa2, 0xff, 0x6f, 0xd5, 0xc9, 0x26, 0xd4, 0x81, 0xfa, - 0x06, 0xd4, 0x97, 0x42, 0x20, 0xd7, 0x76, 0xf9, 0xe2, 0x35, 0x58, 0xf9, 0xe3, 0xe8, 0x7f, 0x70, - 0xe8, 0xe1, 0x34, 0x4c, 0x34, 0xc6, 0x76, 0x89, 0x1e, 0x03, 0x5c, 0x62, 0xbc, 0x8a, 0x49, 0xf7, - 0x1b, 0x3c, 0x1f, 0x6b, 0xa6, 0xb1, 0x1f, 0x30, 0x31, 0xc5, 0x6c, 0x2b, 0x54, 0x3a, 0x4f, 0xf4, - 0x23, 0x58, 0xf9, 0x96, 0xd0, 0xd3, 0x62, 0x43, 0xb6, 0x76, 0xa7, 0xb1, 0x53, 0xd3, 0x56, 0xe9, - 0x2d, 0xe9, 0xb9, 0xdf, 0xdf, 0x4c, 0x43, 0x1d, 0xcc, 0x27, 0x1d, 0x2e, 0xef, 0xdd, 0x80, 0x25, - 0x41, 0xc8, 0x65, 0xac, 0x5c, 0x2e, 0x45, 0x32, 0x8f, 0xdc, 0x9d, 0x75, 0x9e, 0x54, 0x0c, 0xf4, - 0xee, 0x5f, 0x00, 0x00, 0x00, 0xff, 0xff, 0xa0, 0xb3, 0x69, 0x51, 0xea, 0x03, 0x00, 0x00, +var file_proto_pbsubscribe_subscribe_proto_enumTypes = make([]protoimpl.EnumInfo, 2) +var file_proto_pbsubscribe_subscribe_proto_msgTypes = make([]protoimpl.MessageInfo, 4) +var file_proto_pbsubscribe_subscribe_proto_goTypes = []interface{}{ + (Topic)(0), // 0: subscribe.Topic + (CatalogOp)(0), // 1: subscribe.CatalogOp + (*SubscribeRequest)(nil), // 2: subscribe.SubscribeRequest + (*Event)(nil), // 3: subscribe.Event + (*EventBatch)(nil), // 4: subscribe.EventBatch + (*ServiceHealthUpdate)(nil), // 5: subscribe.ServiceHealthUpdate + (*pbservice.CheckServiceNode)(nil), // 6: pbservice.CheckServiceNode +} +var file_proto_pbsubscribe_subscribe_proto_depIdxs = []int32{ + 0, // 0: subscribe.SubscribeRequest.Topic:type_name -> subscribe.Topic + 4, // 1: subscribe.Event.EventBatch:type_name -> subscribe.EventBatch + 5, // 2: subscribe.Event.ServiceHealth:type_name -> subscribe.ServiceHealthUpdate + 3, // 3: subscribe.EventBatch.Events:type_name -> subscribe.Event + 1, // 4: subscribe.ServiceHealthUpdate.Op:type_name -> subscribe.CatalogOp + 6, // 5: subscribe.ServiceHealthUpdate.CheckServiceNode:type_name -> pbservice.CheckServiceNode + 2, // 6: subscribe.StateChangeSubscription.Subscribe:input_type -> subscribe.SubscribeRequest + 3, // 7: subscribe.StateChangeSubscription.Subscribe:output_type -> subscribe.Event + 7, // [7:8] is the sub-list for method output_type + 6, // [6:7] is the sub-list for method input_type + 6, // [6:6] is the sub-list for extension type_name + 6, // [6:6] is the sub-list for extension extendee + 0, // [0:6] is the sub-list for field type_name +} + +func init() { file_proto_pbsubscribe_subscribe_proto_init() } +func file_proto_pbsubscribe_subscribe_proto_init() { + if File_proto_pbsubscribe_subscribe_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_proto_pbsubscribe_subscribe_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*SubscribeRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_proto_pbsubscribe_subscribe_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Event); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_proto_pbsubscribe_subscribe_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*EventBatch); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_proto_pbsubscribe_subscribe_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ServiceHealthUpdate); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + file_proto_pbsubscribe_subscribe_proto_msgTypes[1].OneofWrappers = []interface{}{ + (*Event_EndOfSnapshot)(nil), + (*Event_NewSnapshotToFollow)(nil), + (*Event_EventBatch)(nil), + (*Event_ServiceHealth)(nil), + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_proto_pbsubscribe_subscribe_proto_rawDesc, + NumEnums: 2, + NumMessages: 4, + NumExtensions: 0, + NumServices: 1, + }, + GoTypes: file_proto_pbsubscribe_subscribe_proto_goTypes, + DependencyIndexes: file_proto_pbsubscribe_subscribe_proto_depIdxs, + EnumInfos: file_proto_pbsubscribe_subscribe_proto_enumTypes, + MessageInfos: file_proto_pbsubscribe_subscribe_proto_msgTypes, + }.Build() + File_proto_pbsubscribe_subscribe_proto = out.File + file_proto_pbsubscribe_subscribe_proto_rawDesc = nil + file_proto_pbsubscribe_subscribe_proto_goTypes = nil + file_proto_pbsubscribe_subscribe_proto_depIdxs = nil } // Reference imports to suppress errors if they are not otherwise used. @@ -561,7 +785,7 @@ type StateChangeSubscriptionServer interface { type UnimplementedStateChangeSubscriptionServer struct { } -func (*UnimplementedStateChangeSubscriptionServer) Subscribe(req *SubscribeRequest, srv StateChangeSubscription_SubscribeServer) error { +func (*UnimplementedStateChangeSubscriptionServer) Subscribe(*SubscribeRequest, StateChangeSubscription_SubscribeServer) error { return status.Errorf(codes.Unimplemented, "method Subscribe not implemented") } From 47693e3ebf3412405bc2c2fea72688bdaa76ff12 Mon Sep 17 00:00:00 2001 From: "R.B. Boyer" Date: Wed, 30 Mar 2022 13:27:49 -0500 Subject: [PATCH 045/785] fail on error and use ptypes.MarshalAny for now instead of anypb.New --- agent/xds/clusters.go | 27 ++++++++++++++++++--------- 1 file changed, 18 insertions(+), 9 deletions(-) diff --git a/agent/xds/clusters.go b/agent/xds/clusters.go index fac6d0cfd..d9906058d 100644 --- a/agent/xds/clusters.go +++ b/agent/xds/clusters.go @@ -488,7 +488,9 @@ func (s *ResourceGenerator) makeAppCluster(cfgSnap *proxycfg.ConfigSnapshot, nam protocol = cfg.Protocol } if protocol == "http2" || protocol == "grpc" { - s.setHttp2ProtocolOptions(c) + if err := s.setHttp2ProtocolOptions(c); err != nil { + return c, err + } } return c, err @@ -539,7 +541,9 @@ func (s *ResourceGenerator) makeUpstreamClusterForPreparedQuery(upstream structs OutlierDetection: ToOutlierDetection(cfg.PassiveHealthCheck), } if cfg.Protocol == "http2" || cfg.Protocol == "grpc" { - s.setHttp2ProtocolOptions(c) + if err := s.setHttp2ProtocolOptions(c); err != nil { + return c, err + } } } @@ -744,7 +748,9 @@ func (s *ResourceGenerator) makeUpstreamClustersForDiscoveryChain( } if proto == "http2" || proto == "grpc" { - s.setHttp2ProtocolOptions(c) + if err := s.setHttp2ProtocolOptions(c); err != nil { + return nil, err + } } commonTLSContext := makeCommonTLSContextFromLeafWithoutParams(cfgSnap, cfgSnap.Leaf()) @@ -1040,8 +1046,8 @@ func injectLBToCluster(ec *structs.LoadBalancer, c *envoy_cluster_v3.Cluster) er return nil } -func (s *ResourceGenerator) setHttp2ProtocolOptions(c *envoy_cluster_v3.Cluster) { - typedExtensionProtocolOptions := &envoy_upstreams_v3.HttpProtocolOptions{ +func (s *ResourceGenerator) setHttp2ProtocolOptions(c *envoy_cluster_v3.Cluster) error { + cfg := &envoy_upstreams_v3.HttpProtocolOptions{ UpstreamProtocolOptions: &envoy_upstreams_v3.HttpProtocolOptions_ExplicitHttpConfig_{ ExplicitHttpConfig: &envoy_upstreams_v3.HttpProtocolOptions_ExplicitHttpConfig{ ProtocolConfig: &envoy_upstreams_v3.HttpProtocolOptions_ExplicitHttpConfig_Http2ProtocolOptions{ @@ -1050,10 +1056,13 @@ func (s *ResourceGenerator) setHttp2ProtocolOptions(c *envoy_cluster_v3.Cluster) }, }, } - typedExtensionProtocolOptionsEncoded, err := anypb.New(typedExtensionProtocolOptions) + any, err := ptypes.MarshalAny(cfg) if err != nil { - s.Logger.Warn("failed to convert http protocol options to anypb") + return err } - c.TypedExtensionProtocolOptions = make(map[string]*anypb.Any) - c.TypedExtensionProtocolOptions["envoy.extensions.upstreams.http.v3.HttpProtocolOptions"] = typedExtensionProtocolOptionsEncoded + c.TypedExtensionProtocolOptions = map[string]*anypb.Any{ + "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": any, + } + + return nil } From ee11dff5a5edb46dcd703c5dcbd3c60ab809749d Mon Sep 17 00:00:00 2001 From: "R.B. Boyer" Date: Wed, 30 Mar 2022 13:28:00 -0500 Subject: [PATCH 046/785] similar bump --- agent/xds/xds_protocol_helpers_test.go | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/agent/xds/xds_protocol_helpers_test.go b/agent/xds/xds_protocol_helpers_test.go index 6f2863f31..c4d5f8673 100644 --- a/agent/xds/xds_protocol_helpers_test.go +++ b/agent/xds/xds_protocol_helpers_test.go @@ -449,10 +449,11 @@ func makeTestCluster(t *testing.T, snap *proxycfg.ConfigSnapshot, fixtureName st }, }, } - typedExtensionProtocolOptionsEncoded, err := anypb.New(typedExtensionProtocolOptions) + typedExtensionProtocolOptionsEncoded, err := ptypes.MarshalAny(typedExtensionProtocolOptions) require.NoError(t, err) - c.TypedExtensionProtocolOptions = make(map[string]*anypb.Any) - c.TypedExtensionProtocolOptions["envoy.extensions.upstreams.http.v3.HttpProtocolOptions"] = typedExtensionProtocolOptionsEncoded + c.TypedExtensionProtocolOptions = map[string]*anypb.Any{ + "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": typedExtensionProtocolOptionsEncoded, + } return c case "http:db": return &envoy_cluster_v3.Cluster{ From e9230e93d81a8fca9a05c2f589dc0af696f760dc Mon Sep 17 00:00:00 2001 From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com> Date: Wed, 30 Mar 2022 13:43:59 -0500 Subject: [PATCH 047/785] xds: adding control of the mesh-wide min/max TLS versions and cipher suites from the mesh config entry (#12601) - `tls.incoming`: applies to the inbound mTLS targeting the public listener on `connect-proxy` and `terminating-gateway` envoy instances - `tls.outgoing`: applies to the outbound mTLS dialing upstreams from `connect-proxy` and `ingress-gateway` envoy instances Fixes #11966 --- .changelog/12601.txt | 3 + agent/proxycfg/connect_proxy.go | 40 +-- agent/proxycfg/ingress_gateway.go | 12 + agent/proxycfg/manager_test.go | 30 +- agent/proxycfg/snapshot.go | 65 ++++- agent/proxycfg/state_test.go | 100 ++++--- agent/proxycfg/terminating_gateway.go | 29 ++ agent/proxycfg/testing.go | 3 + agent/proxycfg/testing_connect_proxy.go | 6 + agent/proxycfg/upstreams.go | 17 ++ agent/structs/config_entry_gateways.go | 32 +-- agent/structs/config_entry_mesh.go | 76 +++++ agent/structs/config_entry_test.go | 54 ++++ agent/xds/clusters.go | 23 +- agent/xds/clusters_test.go | 141 +++++++++ agent/xds/listeners.go | 90 +++++- agent/xds/listeners_ingress.go | 45 +-- agent/xds/listeners_test.go | 139 +++++++++ ...outgoing-cipher-suites.envoy-1-20-x.golden | 151 ++++++++++ ...s-outgoing-max-version.envoy-1-20-x.golden | 145 ++++++++++ ...going-min-version-auto.envoy-1-20-x.golden | 145 ++++++++++ ...s-outgoing-min-version.envoy-1-20-x.golden | 145 ++++++++++ ...outgoing-cipher-suites.envoy-1-20-x.golden | 68 +++++ ...s-outgoing-max-version.envoy-1-20-x.golden | 65 +++++ ...s-outgoing-min-version.envoy-1-20-x.golden | 65 +++++ ...incoming-cipher-suites.envoy-1-20-x.golden | 122 ++++++++ ...s-incoming-max-version.envoy-1-20-x.golden | 119 ++++++++ ...s-incoming-min-version.envoy-1-20-x.golden | 119 ++++++++ ...going-min-version-auto.envoy-1-20-x.golden | 119 ++++++++ ...incoming-cipher-suites.envoy-1-20-x.golden | 268 ++++++++++++++++++ ...s-incoming-max-version.envoy-1-20-x.golden | 256 +++++++++++++++++ ...s-incoming-min-version.envoy-1-20-x.golden | 256 +++++++++++++++++ api/config_entry.go | 7 +- api/config_entry_mesh.go | 13 + api/config_entry_test.go | 36 +++ command/config/write/config_write_test.go | 90 ++++++ .../docs/connect/config-entries/mesh.mdx | 188 ++++++++++++ 37 files changed, 3116 insertions(+), 166 deletions(-) create mode 100644 .changelog/12601.txt create mode 100644 agent/xds/testdata/clusters/connect-proxy-with-tls-outgoing-cipher-suites.envoy-1-20-x.golden create mode 100644 agent/xds/testdata/clusters/connect-proxy-with-tls-outgoing-max-version.envoy-1-20-x.golden create mode 100644 agent/xds/testdata/clusters/connect-proxy-with-tls-outgoing-min-version-auto.envoy-1-20-x.golden create mode 100644 agent/xds/testdata/clusters/connect-proxy-with-tls-outgoing-min-version.envoy-1-20-x.golden create mode 100644 agent/xds/testdata/clusters/ingress-gateway-with-tls-outgoing-cipher-suites.envoy-1-20-x.golden create mode 100644 agent/xds/testdata/clusters/ingress-gateway-with-tls-outgoing-max-version.envoy-1-20-x.golden create mode 100644 agent/xds/testdata/clusters/ingress-gateway-with-tls-outgoing-min-version.envoy-1-20-x.golden create mode 100644 agent/xds/testdata/listeners/connect-proxy-with-tls-incoming-cipher-suites.envoy-1-20-x.golden create mode 100644 agent/xds/testdata/listeners/connect-proxy-with-tls-incoming-max-version.envoy-1-20-x.golden create mode 100644 agent/xds/testdata/listeners/connect-proxy-with-tls-incoming-min-version.envoy-1-20-x.golden create mode 100644 agent/xds/testdata/listeners/connect-proxy-with-tls-outgoing-min-version-auto.envoy-1-20-x.golden create mode 100644 agent/xds/testdata/listeners/terminating-gateway-with-tls-incoming-cipher-suites.envoy-1-20-x.golden create mode 100644 agent/xds/testdata/listeners/terminating-gateway-with-tls-incoming-max-version.envoy-1-20-x.golden create mode 100644 agent/xds/testdata/listeners/terminating-gateway-with-tls-incoming-min-version.envoy-1-20-x.golden diff --git a/.changelog/12601.txt b/.changelog/12601.txt new file mode 100644 index 000000000..078da4439 --- /dev/null +++ b/.changelog/12601.txt @@ -0,0 +1,3 @@ +```release-note:feature +xds: adding control of the mesh-wide min/max TLS versions and cipher suites from the mesh config entry +``` diff --git a/agent/proxycfg/connect_proxy.go b/agent/proxycfg/connect_proxy.go index 64ce9020c..d0849a01e 100644 --- a/agent/proxycfg/connect_proxy.go +++ b/agent/proxycfg/connect_proxy.go @@ -70,6 +70,18 @@ func (s *handlerConnectProxy) initialize(ctx context.Context) (ConfigSnapshot, e return snap, err } + // Get information about the entire service mesh. + err = s.cache.Notify(ctx, cachetype.ConfigEntryName, &structs.ConfigEntryQuery{ + Kind: structs.MeshConfig, + Name: structs.MeshConfigMesh, + Datacenter: s.source.Datacenter, + QueryOptions: structs.QueryOptions{Token: s.token}, + EnterpriseMeta: *structs.DefaultEnterpriseMetaInPartition(s.proxyID.PartitionOrDefault()), + }, meshConfigEntryID, s.ch) + if err != nil { + return snap, err + } + // Watch for service check updates err = s.cache.Notify(ctx, cachetype.ServiceHTTPChecksName, &cachetype.ServiceHTTPChecksRequest{ ServiceID: s.proxyCfg.DestinationServiceID, @@ -90,17 +102,6 @@ func (s *handlerConnectProxy) initialize(ctx context.Context) (ConfigSnapshot, e if err != nil { return snap, err } - - err = s.cache.Notify(ctx, cachetype.ConfigEntryName, &structs.ConfigEntryQuery{ - Kind: structs.MeshConfig, - Name: structs.MeshConfigMesh, - Datacenter: s.source.Datacenter, - QueryOptions: structs.QueryOptions{Token: s.token}, - EnterpriseMeta: *structs.DefaultEnterpriseMetaInPartition(s.proxyID.PartitionOrDefault()), - }, meshConfigEntryID, s.ch) - if err != nil { - return snap, err - } } // Watch for updates to service endpoints for all upstreams @@ -368,23 +369,6 @@ func (s *handlerConnectProxy) handleUpdate(ctx context.Context, u cache.UpdateEv svcID := structs.ServiceIDFromString(strings.TrimPrefix(u.CorrelationID, svcChecksWatchIDPrefix)) snap.ConnectProxy.WatchedServiceChecks[svcID] = resp - case u.CorrelationID == meshConfigEntryID: - resp, ok := u.Result.(*structs.ConfigEntryResponse) - if !ok { - return fmt.Errorf("invalid type for response: %T", u.Result) - } - - if resp.Entry != nil { - meshConf, ok := resp.Entry.(*structs.MeshConfigEntry) - if !ok { - return fmt.Errorf("invalid type for config entry: %T", resp.Entry) - } - snap.ConnectProxy.MeshConfig = meshConf - } else { - snap.ConnectProxy.MeshConfig = nil - } - snap.ConnectProxy.MeshConfigSet = true - default: return (*handlerUpstreams)(s).handleUpdateUpstreams(ctx, u, snap) } diff --git a/agent/proxycfg/ingress_gateway.go b/agent/proxycfg/ingress_gateway.go index 1a5eb5ed9..34566201b 100644 --- a/agent/proxycfg/ingress_gateway.go +++ b/agent/proxycfg/ingress_gateway.go @@ -25,6 +25,18 @@ func (s *handlerIngressGateway) initialize(ctx context.Context) (ConfigSnapshot, return snap, err } + // Get information about the entire service mesh. + err = s.cache.Notify(ctx, cachetype.ConfigEntryName, &structs.ConfigEntryQuery{ + Kind: structs.MeshConfig, + Name: structs.MeshConfigMesh, + Datacenter: s.source.Datacenter, + QueryOptions: structs.QueryOptions{Token: s.token}, + EnterpriseMeta: *structs.DefaultEnterpriseMetaInPartition(s.proxyID.PartitionOrDefault()), + }, meshConfigEntryID, s.ch) + if err != nil { + return snap, err + } + // Watch this ingress gateway's config entry err = s.cache.Notify(ctx, cachetype.ConfigEntryName, &structs.ConfigEntryQuery{ Kind: structs.IngressGateway, diff --git a/agent/proxycfg/manager_test.go b/agent/proxycfg/manager_test.go index 5ac37b793..61454a074 100644 --- a/agent/proxycfg/manager_test.go +++ b/agent/proxycfg/manager_test.go @@ -147,6 +147,13 @@ func TestManager_BasicLifecycle(t *testing.T) { }, }, }) + meshCacheKey := testGenCacheKey(&structs.ConfigEntryQuery{ + Datacenter: "dc1", + QueryOptions: structs.QueryOptions{Token: "my-token"}, + Kind: structs.MeshConfig, + Name: structs.MeshConfigMesh, + EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(), + }) dbChainCacheKey := testGenCacheKey(&structs.DiscoveryChainRequest{ Name: "db", @@ -214,7 +221,8 @@ func TestManager_BasicLifecycle(t *testing.T) { Roots: roots, ConnectProxy: configSnapshotConnectProxy{ ConfigSnapshotUpstreams: ConfigSnapshotUpstreams{ - Leaf: leaf, + Leaf: leaf, + MeshConfigSet: true, DiscoveryChain: map[UpstreamID]*structs.CompiledDiscoveryChain{ dbUID: dbDefaultChain(), }, @@ -272,7 +280,8 @@ func TestManager_BasicLifecycle(t *testing.T) { Roots: roots, ConnectProxy: configSnapshotConnectProxy{ ConfigSnapshotUpstreams: ConfigSnapshotUpstreams{ - Leaf: leaf, + Leaf: leaf, + MeshConfigSet: true, DiscoveryChain: map[UpstreamID]*structs.CompiledDiscoveryChain{ dbUID: dbSplitChain(), }, @@ -319,6 +328,7 @@ func TestManager_BasicLifecycle(t *testing.T) { types.roots.Set(rootsCacheKey, roots) types.leaf.Set(leafCacheKey, leaf) types.intentions.Set(intentionCacheKey, TestIntentions()) + types.configEntry.Set(meshCacheKey, &structs.ConfigEntryResponse{Entry: nil}) tt.setup(t, types) expectSnapCopy, err := copystructure.Copy(tt.expectSnap) @@ -692,6 +702,22 @@ func TestManager_SyncState_No_Notify(t *testing.T) { } + // update the mesh config entry + notifyCH <- cache.UpdateEvent{ + CorrelationID: meshConfigEntryID, + Result: &structs.ConfigEntryResponse{}, + Err: nil, + } + + // at this point the snapshot should not be valid and not be sent + after = time.After(200 * time.Millisecond) + select { + case <-snapSent: + t.Fatal("snap should not be valid") + case <-after: + + } + // prepare to read a snapshot update as the next update should make the snapshot valid readEvent <- true diff --git a/agent/proxycfg/snapshot.go b/agent/proxycfg/snapshot.go index 98aafa262..cebf0b2e9 100644 --- a/agent/proxycfg/snapshot.go +++ b/agent/proxycfg/snapshot.go @@ -17,6 +17,9 @@ import ( type ConfigSnapshotUpstreams struct { Leaf *structs.IssuedCert + MeshConfig *structs.MeshConfigEntry + MeshConfigSet bool + // DiscoveryChain is a map of UpstreamID -> CompiledDiscoveryChain's, and // is used to determine what services could be targeted by this upstream. // We then instantiate watches for those targets. @@ -117,12 +120,10 @@ type configSnapshotConnectProxy struct { // intentions. Intentions structs.Intentions IntentionsSet bool - - MeshConfig *structs.MeshConfigEntry - MeshConfigSet bool } -func (c *configSnapshotConnectProxy) IsEmpty() bool { +// isEmpty is a test helper +func (c *configSnapshotConnectProxy) isEmpty() bool { if c == nil { return true } @@ -143,6 +144,9 @@ func (c *configSnapshotConnectProxy) IsEmpty() bool { } type configSnapshotTerminatingGateway struct { + MeshConfig *structs.MeshConfigEntry + MeshConfigSet bool + // WatchedServices is a map of service name to a cancel function. This cancel // function is tied to the watch of linked service instances for the given // id. If the linked services watch would indicate the removal of @@ -241,7 +245,8 @@ func (c *configSnapshotTerminatingGateway) ValidServices() []structs.ServiceName return out } -func (c *configSnapshotTerminatingGateway) IsEmpty() bool { +// isEmpty is a test helper +func (c *configSnapshotTerminatingGateway) isEmpty() bool { if c == nil { return true } @@ -257,7 +262,8 @@ func (c *configSnapshotTerminatingGateway) IsEmpty() bool { len(c.ServiceConfigs) == 0 && len(c.WatchedConfigs) == 0 && len(c.GatewayServices) == 0 && - len(c.HostnameServices) == 0 + len(c.HostnameServices) == 0 && + !c.MeshConfigSet } type configSnapshotMeshGateway struct { @@ -335,7 +341,8 @@ func (c *configSnapshotMeshGateway) GatewayKeys() []GatewayKey { return keys } -func (c *configSnapshotMeshGateway) IsEmpty() bool { +// isEmpty is a test helper +func (c *configSnapshotMeshGateway) isEmpty() bool { if c == nil { return true } @@ -382,7 +389,8 @@ type configSnapshotIngressGateway struct { Listeners map[IngressListenerKey]structs.IngressListener } -func (c *configSnapshotIngressGateway) IsEmpty() bool { +// isEmpty is a test helper +func (c *configSnapshotIngressGateway) isEmpty() bool { if c == nil { return true } @@ -390,7 +398,8 @@ func (c *configSnapshotIngressGateway) IsEmpty() bool { len(c.UpstreamsSet) == 0 && len(c.DiscoveryChain) == 0 && len(c.WatchedUpstreams) == 0 && - len(c.WatchedUpstreamEndpoints) == 0 + len(c.WatchedUpstreamEndpoints) == 0 && + !c.MeshConfigSet } type IngressListenerKey struct { @@ -451,10 +460,12 @@ func (s *ConfigSnapshot) Valid() bool { } return s.Roots != nil && s.ConnectProxy.Leaf != nil && - s.ConnectProxy.IntentionsSet + s.ConnectProxy.IntentionsSet && + s.ConnectProxy.MeshConfigSet case structs.ServiceKindTerminatingGateway: - return s.Roots != nil + return s.Roots != nil && + s.TerminatingGateway.MeshConfigSet case structs.ServiceKindMeshGateway: if s.ServiceMeta[structs.MetaWANFederationKey] == "1" { @@ -469,7 +480,8 @@ func (s *ConfigSnapshot) Valid() bool { return s.Roots != nil && s.IngressGateway.Leaf != nil && s.IngressGateway.GatewayConfigLoaded && - s.IngressGateway.HostsSet + s.IngressGateway.HostsSet && + s.IngressGateway.MeshConfigSet default: return false } @@ -519,3 +531,32 @@ func (s *ConfigSnapshot) Leaf() *structs.IssuedCert { return nil } } + +func (s *ConfigSnapshot) MeshConfig() *structs.MeshConfigEntry { + switch s.Kind { + case structs.ServiceKindConnectProxy: + return s.ConnectProxy.MeshConfig + case structs.ServiceKindIngressGateway: + return s.IngressGateway.MeshConfig + case structs.ServiceKindTerminatingGateway: + return s.TerminatingGateway.MeshConfig + default: + return nil + } +} + +func (s *ConfigSnapshot) MeshConfigTLSIncoming() *structs.MeshDirectionalTLSConfig { + mesh := s.MeshConfig() + if mesh == nil || mesh.TLS == nil { + return nil + } + return mesh.TLS.Incoming +} + +func (s *ConfigSnapshot) MeshConfigTLSOutgoing() *structs.MeshDirectionalTLSConfig { + mesh := s.MeshConfig() + if mesh == nil || mesh.TLS == nil { + return nil + } + return mesh.TLS.Outgoing +} diff --git a/agent/proxycfg/state_test.go b/agent/proxycfg/state_test.go index 7e88c6eab..5a88c2880 100644 --- a/agent/proxycfg/state_test.go +++ b/agent/proxycfg/state_test.go @@ -504,6 +504,7 @@ func TestState_WatchesAndUpdates(t *testing.T) { rootsWatchID: genVerifyRootsWatch("dc1"), leafWatchID: genVerifyLeafWatch("web", "dc1"), intentionsWatchID: genVerifyIntentionWatch("web", "dc1"), + meshConfigEntryID: genVerifyMeshConfigWatch("dc1"), "upstream:" + pqUID.String(): genVerifyPreparedQueryWatch("query", "dc1"), fmt.Sprintf("discovery-chain:%s", apiUID.String()): genVerifyDiscoveryChainWatch(&structs.DiscoveryChainRequest{ Name: "api", @@ -568,6 +569,10 @@ func TestState_WatchesAndUpdates(t *testing.T) { Result: ixnMatch, Err: nil, }, + { + CorrelationID: meshConfigEntryID, + Result: &structs.ConfigEntryResponse{}, + }, { CorrelationID: fmt.Sprintf("discovery-chain:%s", apiUID.String()), Result: &structs.DiscoveryChainResponse{ @@ -628,7 +633,7 @@ func TestState_WatchesAndUpdates(t *testing.T) { }, verifySnapshot: func(t testing.TB, snap *ConfigSnapshot) { require.True(t, snap.Valid()) - require.True(t, snap.MeshGateway.IsEmpty()) + require.True(t, snap.MeshGateway.isEmpty()) require.Equal(t, indexedRoots, snap.Roots) require.Equal(t, issuedCert, snap.ConnectProxy.Leaf) @@ -643,6 +648,7 @@ func TestState_WatchesAndUpdates(t *testing.T) { require.True(t, snap.ConnectProxy.IntentionsSet) require.Equal(t, ixnMatch.Matches[0], snap.ConnectProxy.Intentions) + require.True(t, snap.ConnectProxy.MeshConfigSet) }, } @@ -657,7 +663,7 @@ func TestState_WatchesAndUpdates(t *testing.T) { }, verifySnapshot: func(t testing.TB, snap *ConfigSnapshot) { require.True(t, snap.Valid()) - require.True(t, snap.MeshGateway.IsEmpty()) + require.True(t, snap.MeshGateway.isEmpty()) require.Equal(t, indexedRoots, snap.Roots) require.Equal(t, issuedCert, snap.ConnectProxy.Leaf) @@ -740,7 +746,7 @@ func TestState_WatchesAndUpdates(t *testing.T) { }, verifySnapshot: func(t testing.TB, snap *ConfigSnapshot) { require.False(t, snap.Valid(), "gateway without root is not valid") - require.True(t, snap.ConnectProxy.IsEmpty()) + require.True(t, snap.ConnectProxy.isEmpty()) }, }, { @@ -749,7 +755,7 @@ func TestState_WatchesAndUpdates(t *testing.T) { }, verifySnapshot: func(t testing.TB, snap *ConfigSnapshot) { require.False(t, snap.Valid(), "gateway without services is valid") - require.True(t, snap.ConnectProxy.IsEmpty()) + require.True(t, snap.ConnectProxy.isEmpty()) require.Equal(t, indexedRoots, snap.Roots) require.Empty(t, snap.MeshGateway.WatchedServices) require.False(t, snap.MeshGateway.WatchedServicesSet) @@ -771,7 +777,7 @@ func TestState_WatchesAndUpdates(t *testing.T) { }, verifySnapshot: func(t testing.TB, snap *ConfigSnapshot) { require.True(t, snap.Valid(), "gateway with empty service list is valid") - require.True(t, snap.ConnectProxy.IsEmpty()) + require.True(t, snap.ConnectProxy.isEmpty()) require.Equal(t, indexedRoots, snap.Roots) require.Empty(t, snap.MeshGateway.WatchedServices) require.True(t, snap.MeshGateway.WatchedServicesSet) @@ -940,17 +946,22 @@ func TestState_WatchesAndUpdates(t *testing.T) { { requiredWatches: map[string]verifyWatchRequest{ rootsWatchID: genVerifyRootsWatch("dc1"), + meshConfigEntryID: genVerifyMeshConfigWatch("dc1"), gatewayConfigWatchID: genVerifyConfigEntryWatch(structs.IngressGateway, "ingress-gateway", "dc1"), gatewayServicesWatchID: genVerifyGatewayServiceWatch("ingress-gateway", "dc1"), }, verifySnapshot: func(t testing.TB, snap *ConfigSnapshot) { require.False(t, snap.Valid(), "gateway without root is not valid") - require.True(t, snap.IngressGateway.IsEmpty()) + require.True(t, snap.IngressGateway.isEmpty()) }, }, { events: []cache.UpdateEvent{ rootWatchEvent(), + { + CorrelationID: meshConfigEntryID, + Result: &structs.ConfigEntryResponse{}, + }, }, verifySnapshot: func(t testing.TB, snap *ConfigSnapshot) { require.False(t, snap.Valid(), "gateway without config entry is not valid") @@ -1104,11 +1115,16 @@ func TestState_WatchesAndUpdates(t *testing.T) { { requiredWatches: map[string]verifyWatchRequest{ rootsWatchID: genVerifyRootsWatch("dc1"), + meshConfigEntryID: genVerifyMeshConfigWatch("dc1"), gatewayConfigWatchID: genVerifyConfigEntryWatch(structs.IngressGateway, "ingress-gateway", "dc1"), gatewayServicesWatchID: genVerifyGatewayServiceWatch("ingress-gateway", "dc1"), }, events: []cache.UpdateEvent{ rootWatchEvent(), + { + CorrelationID: meshConfigEntryID, + Result: &structs.ConfigEntryResponse{}, + }, ingressConfigWatchEvent(true, false), { CorrelationID: gatewayServicesWatchID, @@ -1179,11 +1195,16 @@ func TestState_WatchesAndUpdates(t *testing.T) { { requiredWatches: map[string]verifyWatchRequest{ rootsWatchID: genVerifyRootsWatch("dc1"), + meshConfigEntryID: genVerifyMeshConfigWatch("dc1"), gatewayConfigWatchID: genVerifyConfigEntryWatch(structs.IngressGateway, "ingress-gateway", "dc1"), gatewayServicesWatchID: genVerifyGatewayServiceWatch("ingress-gateway", "dc1"), }, events: []cache.UpdateEvent{ rootWatchEvent(), + { + CorrelationID: meshConfigEntryID, + Result: &structs.ConfigEntryResponse{}, + }, ingressConfigWatchEvent(false, true), { CorrelationID: gatewayServicesWatchID, @@ -1266,27 +1287,33 @@ func TestState_WatchesAndUpdates(t *testing.T) { stages: []verificationStage{ { requiredWatches: map[string]verifyWatchRequest{ - rootsWatchID: genVerifyRootsWatch("dc1"), + rootsWatchID: genVerifyRootsWatch("dc1"), + meshConfigEntryID: genVerifyMeshConfigWatch("dc1"), gatewayServicesWatchID: genVerifyServiceSpecificRequest(gatewayServicesWatchID, "terminating-gateway", "", "dc1", false), }, verifySnapshot: func(t testing.TB, snap *ConfigSnapshot) { require.False(t, snap.Valid(), "gateway without root is not valid") - require.True(t, snap.ConnectProxy.IsEmpty()) - require.True(t, snap.MeshGateway.IsEmpty()) - require.True(t, snap.IngressGateway.IsEmpty()) + require.True(t, snap.ConnectProxy.isEmpty()) + require.True(t, snap.MeshGateway.isEmpty()) + require.True(t, snap.IngressGateway.isEmpty()) }, }, { events: []cache.UpdateEvent{ rootWatchEvent(), + { + CorrelationID: meshConfigEntryID, + Result: &structs.ConfigEntryResponse{}, + }, }, verifySnapshot: func(t testing.TB, snap *ConfigSnapshot) { require.True(t, snap.Valid(), "gateway without services is valid") - require.True(t, snap.ConnectProxy.IsEmpty()) - require.True(t, snap.MeshGateway.IsEmpty()) - require.True(t, snap.IngressGateway.IsEmpty()) - require.True(t, snap.TerminatingGateway.IsEmpty()) + require.True(t, snap.ConnectProxy.isEmpty()) + require.True(t, snap.MeshGateway.isEmpty()) + require.True(t, snap.IngressGateway.isEmpty()) + require.False(t, snap.TerminatingGateway.isEmpty()) + require.Nil(t, snap.TerminatingGateway.MeshConfig) require.Equal(t, indexedRoots, snap.Roots) }, }, @@ -1303,12 +1330,17 @@ func TestState_WatchesAndUpdates(t *testing.T) { stages: []verificationStage{ { requiredWatches: map[string]verifyWatchRequest{ - rootsWatchID: genVerifyRootsWatch("dc1"), + rootsWatchID: genVerifyRootsWatch("dc1"), + meshConfigEntryID: genVerifyMeshConfigWatch("dc1"), gatewayServicesWatchID: genVerifyServiceSpecificRequest(gatewayServicesWatchID, "terminating-gateway", "", "dc1", false), }, events: []cache.UpdateEvent{ rootWatchEvent(), + { + CorrelationID: meshConfigEntryID, + Result: &structs.ConfigEntryResponse{}, + }, { CorrelationID: gatewayServicesWatchID, Result: &structs.IndexedGatewayServices{ @@ -1680,11 +1712,11 @@ func TestState_WatchesAndUpdates(t *testing.T) { }, verifySnapshot: func(t testing.TB, snap *ConfigSnapshot) { require.False(t, snap.Valid(), "proxy without roots/leaf/intentions is not valid") - require.True(t, snap.MeshGateway.IsEmpty()) - require.True(t, snap.IngressGateway.IsEmpty()) - require.True(t, snap.TerminatingGateway.IsEmpty()) + require.True(t, snap.MeshGateway.isEmpty()) + require.True(t, snap.IngressGateway.isEmpty()) + require.True(t, snap.TerminatingGateway.isEmpty()) - require.False(t, snap.ConnectProxy.IsEmpty()) + require.False(t, snap.ConnectProxy.isEmpty()) expectUpstreams := map[UpstreamID]*structs.Upstream{ dbUID: { DestinationName: "db", @@ -1721,9 +1753,9 @@ func TestState_WatchesAndUpdates(t *testing.T) { require.Equal(t, indexedRoots, snap.Roots) require.Equal(t, issuedCert, snap.Leaf()) require.Equal(t, TestIntentions().Matches[0], snap.ConnectProxy.Intentions) - require.True(t, snap.MeshGateway.IsEmpty()) - require.True(t, snap.IngressGateway.IsEmpty()) - require.True(t, snap.TerminatingGateway.IsEmpty()) + require.True(t, snap.MeshGateway.isEmpty()) + require.True(t, snap.IngressGateway.isEmpty()) + require.True(t, snap.TerminatingGateway.isEmpty()) require.True(t, snap.ConnectProxy.MeshConfigSet) require.Nil(t, snap.ConnectProxy.MeshConfig) }, @@ -1766,9 +1798,9 @@ func TestState_WatchesAndUpdates(t *testing.T) { }, verifySnapshot: func(t testing.TB, snap *ConfigSnapshot) { require.False(t, snap.Valid(), "proxy without roots/leaf/intentions is not valid") - require.True(t, snap.MeshGateway.IsEmpty()) - require.True(t, snap.IngressGateway.IsEmpty()) - require.True(t, snap.TerminatingGateway.IsEmpty()) + require.True(t, snap.MeshGateway.isEmpty()) + require.True(t, snap.IngressGateway.isEmpty()) + require.True(t, snap.TerminatingGateway.isEmpty()) // Centrally configured upstream defaults should be stored so that upstreams from intentions can inherit them require.Len(t, snap.ConnectProxy.UpstreamConfig, 1) @@ -1807,9 +1839,9 @@ func TestState_WatchesAndUpdates(t *testing.T) { require.Equal(t, indexedRoots, snap.Roots) require.Equal(t, issuedCert, snap.Leaf()) require.Equal(t, TestIntentions().Matches[0], snap.ConnectProxy.Intentions) - require.True(t, snap.MeshGateway.IsEmpty()) - require.True(t, snap.IngressGateway.IsEmpty()) - require.True(t, snap.TerminatingGateway.IsEmpty()) + require.True(t, snap.MeshGateway.isEmpty()) + require.True(t, snap.IngressGateway.isEmpty()) + require.True(t, snap.TerminatingGateway.isEmpty()) require.True(t, snap.ConnectProxy.MeshConfigSet) require.NotNil(t, snap.ConnectProxy.MeshConfig) }, @@ -2333,9 +2365,9 @@ func TestState_WatchesAndUpdates(t *testing.T) { }, verifySnapshot: func(t testing.TB, snap *ConfigSnapshot) { require.False(t, snap.Valid(), "proxy without roots/leaf/intentions is not valid") - require.True(t, snap.MeshGateway.IsEmpty()) - require.True(t, snap.IngressGateway.IsEmpty()) - require.True(t, snap.TerminatingGateway.IsEmpty()) + require.True(t, snap.MeshGateway.isEmpty()) + require.True(t, snap.IngressGateway.isEmpty()) + require.True(t, snap.TerminatingGateway.isEmpty()) // Centrally configured upstream defaults should be stored so that upstreams from intentions can inherit them require.Len(t, snap.ConnectProxy.UpstreamConfig, 2) @@ -2375,9 +2407,9 @@ func TestState_WatchesAndUpdates(t *testing.T) { require.Equal(t, indexedRoots, snap.Roots) require.Equal(t, issuedCert, snap.Leaf()) require.Equal(t, TestIntentions().Matches[0], snap.ConnectProxy.Intentions) - require.True(t, snap.MeshGateway.IsEmpty()) - require.True(t, snap.IngressGateway.IsEmpty()) - require.True(t, snap.TerminatingGateway.IsEmpty()) + require.True(t, snap.MeshGateway.isEmpty()) + require.True(t, snap.IngressGateway.isEmpty()) + require.True(t, snap.TerminatingGateway.isEmpty()) require.True(t, snap.ConnectProxy.MeshConfigSet) require.NotNil(t, snap.ConnectProxy.MeshConfig) }, diff --git a/agent/proxycfg/terminating_gateway.go b/agent/proxycfg/terminating_gateway.go index b08985b29..73b968272 100644 --- a/agent/proxycfg/terminating_gateway.go +++ b/agent/proxycfg/terminating_gateway.go @@ -28,6 +28,18 @@ func (s *handlerTerminatingGateway) initialize(ctx context.Context) (ConfigSnaps return snap, err } + // Get information about the entire service mesh. + err = s.cache.Notify(ctx, cachetype.ConfigEntryName, &structs.ConfigEntryQuery{ + Kind: structs.MeshConfig, + Name: structs.MeshConfigMesh, + Datacenter: s.source.Datacenter, + QueryOptions: structs.QueryOptions{Token: s.token}, + EnterpriseMeta: *structs.DefaultEnterpriseMetaInPartition(s.proxyID.PartitionOrDefault()), + }, meshConfigEntryID, s.ch) + if err != nil { + return snap, err + } + // Watch for the terminating-gateway's linked services err = s.cache.Notify(ctx, cachetype.GatewayServicesName, &structs.ServiceSpecificRequest{ Datacenter: s.source.Datacenter, @@ -70,6 +82,23 @@ func (s *handlerTerminatingGateway) handleUpdate(ctx context.Context, u cache.Up } snap.Roots = roots + case u.CorrelationID == meshConfigEntryID: + resp, ok := u.Result.(*structs.ConfigEntryResponse) + if !ok { + return fmt.Errorf("invalid type for response: %T", u.Result) + } + + if resp.Entry != nil { + meshConf, ok := resp.Entry.(*structs.MeshConfigEntry) + if !ok { + return fmt.Errorf("invalid type for config entry: %T", resp.Entry) + } + snap.TerminatingGateway.MeshConfig = meshConf + } else { + snap.TerminatingGateway.MeshConfig = nil + } + snap.TerminatingGateway.MeshConfigSet = true + // Update watches based on the current list of services associated with the terminating-gateway case u.CorrelationID == gatewayServicesWatchID: services, ok := u.Result.(*structs.IndexedGatewayServices) diff --git a/agent/proxycfg/testing.go b/agent/proxycfg/testing.go index af3a33061..eb2ebfb0b 100644 --- a/agent/proxycfg/testing.go +++ b/agent/proxycfg/testing.go @@ -32,6 +32,7 @@ type TestCacheTypes struct { query *ControllableCacheType compiledChain *ControllableCacheType serviceHTTPChecks *ControllableCacheType + configEntry *ControllableCacheType } // NewTestCacheTypes creates a set of ControllableCacheTypes for all types that @@ -46,6 +47,7 @@ func NewTestCacheTypes(t testing.T) *TestCacheTypes { query: NewControllableCacheType(t), compiledChain: NewControllableCacheType(t), serviceHTTPChecks: NewControllableCacheType(t), + configEntry: NewControllableCacheType(t), } ct.query.blocking = false return ct @@ -62,6 +64,7 @@ func TestCacheWithTypes(t testing.T, types *TestCacheTypes) *cache.Cache { c.RegisterType(cachetype.PreparedQueryName, types.query) c.RegisterType(cachetype.CompiledDiscoveryChainName, types.compiledChain) c.RegisterType(cachetype.ServiceHTTPChecksName, types.serviceHTTPChecks) + c.RegisterType(cachetype.ConfigEntryName, types.configEntry) return c } diff --git a/agent/proxycfg/testing_connect_proxy.go b/agent/proxycfg/testing_connect_proxy.go index 35a8e6011..61db728c2 100644 --- a/agent/proxycfg/testing_connect_proxy.go +++ b/agent/proxycfg/testing_connect_proxy.go @@ -125,6 +125,12 @@ func TestConfigSnapshotDiscoveryChain( }, }, }, + { + CorrelationID: meshConfigEntryID, + Result: &structs.ConfigEntryResponse{ + Entry: nil, + }, + }, { CorrelationID: svcChecksWatchIDPrefix + webSN, Result: []structs.CheckType{}, diff --git a/agent/proxycfg/upstreams.go b/agent/proxycfg/upstreams.go index e77b554ff..f8daf340f 100644 --- a/agent/proxycfg/upstreams.go +++ b/agent/proxycfg/upstreams.go @@ -35,6 +35,23 @@ func (s *handlerUpstreams) handleUpdateUpstreams(ctx context.Context, u cache.Up } upstreamsSnapshot.Leaf = leaf + case u.CorrelationID == meshConfigEntryID: + resp, ok := u.Result.(*structs.ConfigEntryResponse) + if !ok { + return fmt.Errorf("invalid type for response: %T", u.Result) + } + + if resp.Entry != nil { + meshConf, ok := resp.Entry.(*structs.MeshConfigEntry) + if !ok { + return fmt.Errorf("invalid type for config entry: %T", resp.Entry) + } + upstreamsSnapshot.MeshConfig = meshConf + } else { + upstreamsSnapshot.MeshConfig = nil + } + upstreamsSnapshot.MeshConfigSet = true + case strings.HasPrefix(u.CorrelationID, "discovery-chain:"): resp, ok := u.Result.(*structs.DiscoveryChainResponse) if !ok { diff --git a/agent/structs/config_entry_gateways.go b/agent/structs/config_entry_gateways.go index 80ef0f98d..94014230d 100644 --- a/agent/structs/config_entry_gateways.go +++ b/agent/structs/config_entry_gateways.go @@ -240,37 +240,7 @@ func (e *IngressGatewayConfigEntry) validateServiceSDS(lis IngressListener, svc } func validateGatewayTLSConfig(tlsCfg GatewayTLSConfig) error { - if tlsCfg.TLSMinVersion != types.TLSVersionUnspecified { - if err := types.ValidateTLSVersion(tlsCfg.TLSMinVersion); err != nil { - return err - } - } - - if tlsCfg.TLSMaxVersion != types.TLSVersionUnspecified { - if err := types.ValidateTLSVersion(tlsCfg.TLSMaxVersion); err != nil { - return err - } - - if tlsCfg.TLSMinVersion != types.TLSVersionUnspecified { - if err, maxLessThanMin := tlsCfg.TLSMaxVersion.LessThan(tlsCfg.TLSMinVersion); err == nil && maxLessThanMin { - return fmt.Errorf("configuring max version %s less than the configured min version %s is invalid", tlsCfg.TLSMaxVersion, tlsCfg.TLSMinVersion) - } - } - } - - if len(tlsCfg.CipherSuites) != 0 { - if _, ok := types.TLSVersionsWithConfigurableCipherSuites[tlsCfg.TLSMinVersion]; !ok { - return fmt.Errorf("configuring CipherSuites is only applicable to conncetions negotiated with TLS 1.2 or earlier, TLSMinVersion is set to %s", tlsCfg.TLSMinVersion) - } - - // NOTE: it would be nice to emit a warning but not return an error from - // here if TLSMaxVersion is unspecified, TLS_AUTO or TLSv1_3 - if err := types.ValidateEnvoyCipherSuites(tlsCfg.CipherSuites); err != nil { - return err - } - } - - return nil + return validateTLSConfig(tlsCfg.TLSMinVersion, tlsCfg.TLSMaxVersion, tlsCfg.CipherSuites) } func (e *IngressGatewayConfigEntry) Validate() error { diff --git a/agent/structs/config_entry_mesh.go b/agent/structs/config_entry_mesh.go index 020b76c9c..eb9f34f43 100644 --- a/agent/structs/config_entry_mesh.go +++ b/agent/structs/config_entry_mesh.go @@ -5,6 +5,7 @@ import ( "fmt" "github.com/hashicorp/consul/acl" + "github.com/hashicorp/consul/types" ) type MeshConfigEntry struct { @@ -12,6 +13,8 @@ type MeshConfigEntry struct { // when enabled. TransparentProxy TransparentProxyMeshConfig `alias:"transparent_proxy"` + TLS *MeshTLSConfig `json:",omitempty"` + Meta map[string]string `json:",omitempty"` EnterpriseMeta `hcl:",squash" mapstructure:",squash"` RaftIndex @@ -25,6 +28,20 @@ type TransparentProxyMeshConfig struct { MeshDestinationsOnly bool `alias:"mesh_destinations_only"` } +type MeshTLSConfig struct { + Incoming *MeshDirectionalTLSConfig `json:",omitempty"` + Outgoing *MeshDirectionalTLSConfig `json:",omitempty"` +} + +type MeshDirectionalTLSConfig struct { + TLSMinVersion types.TLSVersion `json:",omitempty" alias:"tls_min_version"` + TLSMaxVersion types.TLSVersion `json:",omitempty" alias:"tls_max_version"` + + // Define a subset of cipher suites to restrict + // Only applicable to connections negotiated via TLS 1.2 or earlier + CipherSuites []types.TLSCipherSuite `json:",omitempty" alias:"cipher_suites"` +} + func (e *MeshConfigEntry) GetKind() string { return MeshConfig } @@ -57,10 +74,24 @@ func (e *MeshConfigEntry) Validate() error { if e == nil { return fmt.Errorf("config entry is nil") } + if err := validateConfigEntryMeta(e.Meta); err != nil { return err } + if e.TLS != nil { + if e.TLS.Incoming != nil { + if err := validateMeshDirectionalTLSConfig(e.TLS.Incoming); err != nil { + return fmt.Errorf("error in incoming TLS configuration: %v", err) + } + } + if e.TLS.Outgoing != nil { + if err := validateMeshDirectionalTLSConfig(e.TLS.Outgoing); err != nil { + return fmt.Errorf("error in outgoing TLS configuration: %v", err) + } + } + } + return e.validateEnterpriseMeta() } @@ -105,3 +136,48 @@ func (e *MeshConfigEntry) MarshalJSON() ([]byte, error) { } return json.Marshal(source) } + +func validateMeshDirectionalTLSConfig(cfg *MeshDirectionalTLSConfig) error { + if cfg == nil { + return nil + } + return validateTLSConfig(cfg.TLSMinVersion, cfg.TLSMaxVersion, cfg.CipherSuites) +} + +func validateTLSConfig( + tlsMinVersion types.TLSVersion, + tlsMaxVersion types.TLSVersion, + cipherSuites []types.TLSCipherSuite, +) error { + if tlsMinVersion != types.TLSVersionUnspecified { + if err := types.ValidateTLSVersion(tlsMinVersion); err != nil { + return err + } + } + + if tlsMaxVersion != types.TLSVersionUnspecified { + if err := types.ValidateTLSVersion(tlsMaxVersion); err != nil { + return err + } + + if tlsMinVersion != types.TLSVersionUnspecified { + if err, maxLessThanMin := tlsMaxVersion.LessThan(tlsMinVersion); err == nil && maxLessThanMin { + return fmt.Errorf("configuring max version %s less than the configured min version %s is invalid", tlsMaxVersion, tlsMinVersion) + } + } + } + + if len(cipherSuites) != 0 { + if _, ok := types.TLSVersionsWithConfigurableCipherSuites[tlsMinVersion]; !ok { + return fmt.Errorf("configuring CipherSuites is only applicable to connections negotiated with TLS 1.2 or earlier, TLSMinVersion is set to %s", tlsMinVersion) + } + + // NOTE: it would be nice to emit a warning but not return an error from + // here if TLSMaxVersion is unspecified, TLS_AUTO or TLSv1_3 + if err := types.ValidateEnvoyCipherSuites(cipherSuites); err != nil { + return err + } + } + + return nil +} diff --git a/agent/structs/config_entry_test.go b/agent/structs/config_entry_test.go index e4d581075..f125998b9 100644 --- a/agent/structs/config_entry_test.go +++ b/agent/structs/config_entry_test.go @@ -1675,6 +1675,24 @@ func TestDecodeConfigEntry(t *testing.T) { transparent_proxy { mesh_destinations_only = true } + tls { + incoming { + tls_min_version = "TLSv1_1" + tls_max_version = "TLSv1_2" + cipher_suites = [ + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" + ] + } + outgoing { + tls_min_version = "TLSv1_1" + tls_max_version = "TLSv1_2" + cipher_suites = [ + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" + ] + } + } `, camel: ` Kind = "mesh" @@ -1685,6 +1703,24 @@ func TestDecodeConfigEntry(t *testing.T) { TransparentProxy { MeshDestinationsOnly = true } + TLS { + Incoming { + TLSMinVersion = "TLSv1_1" + TLSMaxVersion = "TLSv1_2" + CipherSuites = [ + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" + ] + } + Outgoing { + TLSMinVersion = "TLSv1_1" + TLSMaxVersion = "TLSv1_2" + CipherSuites = [ + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" + ] + } + } `, expect: &MeshConfigEntry{ Meta: map[string]string{ @@ -1694,6 +1730,24 @@ func TestDecodeConfigEntry(t *testing.T) { TransparentProxy: TransparentProxyMeshConfig{ MeshDestinationsOnly: true, }, + TLS: &MeshTLSConfig{ + Incoming: &MeshDirectionalTLSConfig{ + TLSMinVersion: types.TLSv1_1, + TLSMaxVersion: types.TLSv1_2, + CipherSuites: []types.TLSCipherSuite{ + types.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + types.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + }, + }, + Outgoing: &MeshDirectionalTLSConfig{ + TLSMinVersion: types.TLSv1_1, + TLSMaxVersion: types.TLSv1_2, + CipherSuites: []types.TLSCipherSuite{ + types.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + types.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + }, + }, + }, }, }, { diff --git a/agent/xds/clusters.go b/agent/xds/clusters.go index 716c320d3..94610a828 100644 --- a/agent/xds/clusters.go +++ b/agent/xds/clusters.go @@ -158,8 +158,8 @@ func makePassthroughClusters(cfgSnap *proxycfg.ConfigSnapshot) ([]proto.Message, // This size is an upper bound. clusters := make([]proto.Message, 0, len(cfgSnap.ConnectProxy.PassthroughUpstreams)+1) - if cfgSnap.ConnectProxy.MeshConfig == nil || - !cfgSnap.ConnectProxy.MeshConfig.TransparentProxy.MeshDestinationsOnly { + if meshConf := cfgSnap.MeshConfig(); meshConf == nil || + !meshConf.TransparentProxy.MeshDestinationsOnly { clusters = append(clusters, &envoy_cluster_v3.Cluster{ Name: OriginalDestinationClusterName, @@ -200,7 +200,11 @@ func makePassthroughClusters(cfgSnap *proxycfg.ConfigSnapshot) ([]proto.Message, Service: uid.Name, } - commonTLSContext := makeCommonTLSContextFromLeafWithoutParams(cfgSnap, cfgSnap.Leaf()) + commonTLSContext := makeCommonTLSContextFromLeaf( + cfgSnap, + cfgSnap.Leaf(), + makeTLSParametersFromProxyTLSConfig(cfgSnap.MeshConfigTLSOutgoing()), + ) err := injectSANMatcher(commonTLSContext, spiffeID) if err != nil { return nil, fmt.Errorf("failed to inject SAN matcher rules for cluster %q: %v", sni, err) @@ -567,7 +571,11 @@ func (s *ResourceGenerator) makeUpstreamClusterForPreparedQuery(upstream structs } // Enable TLS upstream with the configured client certificate. - commonTLSContext := makeCommonTLSContextFromLeafWithoutParams(cfgSnap, cfgSnap.Leaf()) + commonTLSContext := makeCommonTLSContextFromLeaf( + cfgSnap, + cfgSnap.Leaf(), + makeTLSParametersFromProxyTLSConfig(cfgSnap.MeshConfigTLSOutgoing()), + ) err = injectSANMatcher(commonTLSContext, spiffeIDs...) if err != nil { return nil, fmt.Errorf("failed to inject SAN matcher rules for cluster %q: %v", sni, err) @@ -745,7 +753,12 @@ func (s *ResourceGenerator) makeUpstreamClustersForDiscoveryChain( c.Http2ProtocolOptions = &envoy_core_v3.Http2ProtocolOptions{} } - commonTLSContext := makeCommonTLSContextFromLeafWithoutParams(cfgSnap, cfgSnap.Leaf()) + commonTLSContext := makeCommonTLSContextFromLeaf( + cfgSnap, + cfgSnap.Leaf(), + makeTLSParametersFromProxyTLSConfig(cfgSnap.MeshConfigTLSOutgoing()), + ) + err = injectSANMatcher(commonTLSContext, spiffeIDs...) if err != nil { return nil, fmt.Errorf("failed to inject SAN matcher rules for cluster %q: %v", sni, err) diff --git a/agent/xds/clusters_test.go b/agent/xds/clusters_test.go index 4b4de8d27..c8a1e98e5 100644 --- a/agent/xds/clusters_test.go +++ b/agent/xds/clusters_test.go @@ -13,11 +13,13 @@ import ( testinf "github.com/mitchellh/go-testing-interface" "github.com/stretchr/testify/require" + "github.com/hashicorp/consul/agent/cache" "github.com/hashicorp/consul/agent/proxycfg" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/agent/xds/proxysupport" "github.com/hashicorp/consul/agent/xds/xdscommon" "github.com/hashicorp/consul/sdk/testutil" + "github.com/hashicorp/consul/types" ) func TestClustersFromSnapshot(t *testing.T) { @@ -36,6 +38,85 @@ func TestClustersFromSnapshot(t *testing.T) { return proxycfg.TestConfigSnapshot(t, nil, nil) }, }, + { + name: "connect-proxy-with-tls-outgoing-min-version-auto", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshot(t, nil, []cache.UpdateEvent{ + { + CorrelationID: "mesh", + Result: &structs.ConfigEntryResponse{ + Entry: &structs.MeshConfigEntry{ + TLS: &structs.MeshTLSConfig{ + Outgoing: &structs.MeshDirectionalTLSConfig{ + TLSMinVersion: types.TLSVersionAuto, + }, + }, + }, + }, + }, + }) + }, + }, + { + name: "connect-proxy-with-tls-outgoing-min-version", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshot(t, nil, []cache.UpdateEvent{ + { + CorrelationID: "mesh", + Result: &structs.ConfigEntryResponse{ + Entry: &structs.MeshConfigEntry{ + TLS: &structs.MeshTLSConfig{ + Outgoing: &structs.MeshDirectionalTLSConfig{ + TLSMinVersion: types.TLSv1_3, + }, + }, + }, + }, + }, + }) + }, + }, + { + name: "connect-proxy-with-tls-outgoing-max-version", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshot(t, nil, []cache.UpdateEvent{ + { + CorrelationID: "mesh", + Result: &structs.ConfigEntryResponse{ + Entry: &structs.MeshConfigEntry{ + TLS: &structs.MeshTLSConfig{ + Outgoing: &structs.MeshDirectionalTLSConfig{ + TLSMaxVersion: types.TLSv1_2, + }, + }, + }, + }, + }, + }) + }, + }, + { + name: "connect-proxy-with-tls-outgoing-cipher-suites", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshot(t, nil, []cache.UpdateEvent{ + { + CorrelationID: "mesh", + Result: &structs.ConfigEntryResponse{ + Entry: &structs.MeshConfigEntry{ + TLS: &structs.MeshTLSConfig{ + Outgoing: &structs.MeshDirectionalTLSConfig{ + CipherSuites: []types.TLSCipherSuite{ + types.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + types.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, + }, + }, + }, + }, + }, + }, + }) + }, + }, { name: "custom-local-app", create: func(t testinf.T) *proxycfg.ConfigSnapshot { @@ -322,6 +403,66 @@ func TestClustersFromSnapshot(t *testing.T) { "default", nil, nil, nil) }, }, + { + name: "ingress-gateway-with-tls-outgoing-min-version", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", "default", nil, nil, []cache.UpdateEvent{ + { + CorrelationID: "mesh", + Result: &structs.ConfigEntryResponse{ + Entry: &structs.MeshConfigEntry{ + TLS: &structs.MeshTLSConfig{ + Outgoing: &structs.MeshDirectionalTLSConfig{ + TLSMinVersion: types.TLSv1_3, + }, + }, + }, + }, + }, + }) + }, + }, + { + name: "ingress-gateway-with-tls-outgoing-max-version", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", "default", nil, nil, []cache.UpdateEvent{ + { + CorrelationID: "mesh", + Result: &structs.ConfigEntryResponse{ + Entry: &structs.MeshConfigEntry{ + TLS: &structs.MeshTLSConfig{ + Outgoing: &structs.MeshDirectionalTLSConfig{ + TLSMaxVersion: types.TLSv1_2, + }, + }, + }, + }, + }, + }) + }, + }, + { + name: "ingress-gateway-with-tls-outgoing-cipher-suites", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", "default", nil, nil, []cache.UpdateEvent{ + { + CorrelationID: "mesh", + Result: &structs.ConfigEntryResponse{ + Entry: &structs.MeshConfigEntry{ + TLS: &structs.MeshTLSConfig{ + Outgoing: &structs.MeshDirectionalTLSConfig{ + CipherSuites: []types.TLSCipherSuite{ + types.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + types.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, + }, + }, + }, + }, + }, + }, + }) + }, + }, { name: "ingress-gateway-no-services", create: func(t testinf.T) *proxycfg.ConfigSnapshot { diff --git a/agent/xds/listeners.go b/agent/xds/listeners.go index 2a671c40d..bca152ad9 100644 --- a/agent/xds/listeners.go +++ b/agent/xds/listeners.go @@ -12,6 +12,7 @@ import ( "time" "github.com/hashicorp/consul/agent/connect/ca" + "github.com/hashicorp/consul/types" envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" @@ -250,8 +251,8 @@ func (s *ResourceGenerator) listenersFromSnapshotConnectProxy(cfgSnap *proxycfg. }) // Add a catch-all filter chain that acts as a TCP proxy to destinations outside the mesh - if cfgSnap.ConnectProxy.MeshConfig == nil || - !cfgSnap.ConnectProxy.MeshConfig.TransparentProxy.MeshDestinationsOnly { + if meshConf := cfgSnap.MeshConfig(); meshConf == nil || + !meshConf.TransparentProxy.MeshDestinationsOnly { filterChain, err := s.makeUpstreamFilterChain(filterChainOpts{ clusterName: OriginalDestinationClusterName, @@ -749,7 +750,11 @@ func injectHTTPFilterOnFilterChains( func (s *ResourceGenerator) injectConnectTLSOnFilterChains(cfgSnap *proxycfg.ConfigSnapshot, listener *envoy_listener_v3.Listener) error { for idx := range listener.FilterChains { tlsContext := &envoy_tls_v3.DownstreamTlsContext{ - CommonTlsContext: makeCommonTLSContextFromLeafWithoutParams(cfgSnap, cfgSnap.Leaf()), + CommonTlsContext: makeCommonTLSContextFromLeaf( + cfgSnap, + cfgSnap.Leaf(), + makeTLSParametersFromProxyTLSConfig(cfgSnap.MeshConfigTLSIncoming()), + ), RequireClientCertificate: &wrappers.BoolValue{Value: true}, } transportSocket, err := makeDownstreamTLSTransportSocket(tlsContext) @@ -1071,7 +1076,11 @@ func (s *ResourceGenerator) makeFilterChainTerminatingGateway( protocol string, ) (*envoy_listener_v3.FilterChain, error) { tlsContext := &envoy_tls_v3.DownstreamTlsContext{ - CommonTlsContext: makeCommonTLSContextFromLeafWithoutParams(cfgSnap, cfgSnap.TerminatingGateway.ServiceLeaves[service]), + CommonTlsContext: makeCommonTLSContextFromLeaf( + cfgSnap, + cfgSnap.TerminatingGateway.ServiceLeaves[service], + makeTLSParametersFromProxyTLSConfig(cfgSnap.MeshConfigTLSIncoming()), + ), RequireClientCertificate: &wrappers.BoolValue{Value: true}, } transportSocket, err := makeDownstreamTLSTransportSocket(tlsContext) @@ -1549,11 +1558,11 @@ func makeEnvoyHTTPFilter(name string, cfg proto.Message) (*envoy_http_v3.HttpFil }, nil } -func makeCommonTLSContextFromLeafWithoutParams(cfgSnap *proxycfg.ConfigSnapshot, leaf *structs.IssuedCert) *envoy_tls_v3.CommonTlsContext { - return makeCommonTLSContextFromLeaf(cfgSnap, leaf, nil) -} - -func makeCommonTLSContextFromLeaf(cfgSnap *proxycfg.ConfigSnapshot, leaf *structs.IssuedCert, tlsParams *envoy_tls_v3.TlsParameters) *envoy_tls_v3.CommonTlsContext { +func makeCommonTLSContextFromLeaf( + cfgSnap *proxycfg.ConfigSnapshot, + leaf *structs.IssuedCert, + tlsParams *envoy_tls_v3.TlsParameters, +) *envoy_tls_v3.CommonTlsContext { // Concatenate all the root PEMs into one. if cfgSnap.Roots == nil { return nil @@ -1662,3 +1671,66 @@ func makeCommonTLSContextFromFiles(caFile, certFile, keyFile string) *envoy_tls_ return &ctx } + +func validateListenerTLSConfig(tlsMinVersion types.TLSVersion, cipherSuites []types.TLSCipherSuite) error { + // Validate. Configuring cipher suites is only applicable to connections negotiated + // via TLS 1.2 or earlier. Other cases shouldn't be possible as we validate them at + // input but be resilient to bugs later. + if len(cipherSuites) != 0 { + if _, ok := tlsVersionsWithConfigurableCipherSuites[tlsMinVersion]; !ok { + return fmt.Errorf("configuring CipherSuites is only applicable to connections negotiated with TLS 1.2 or earlier, TLSMinVersion is set to %s in config", tlsMinVersion) + } + } + + return nil +} + +var tlsVersionsWithConfigurableCipherSuites = map[types.TLSVersion]struct{}{ + // Remove these two if Envoy ever sets TLS 1.3 as default minimum + types.TLSVersionUnspecified: {}, + types.TLSVersionAuto: {}, + + types.TLSv1_0: {}, + types.TLSv1_1: {}, + types.TLSv1_2: {}, +} + +func makeTLSParametersFromProxyTLSConfig(tlsConf *structs.MeshDirectionalTLSConfig) *envoy_tls_v3.TlsParameters { + if tlsConf == nil { + return &envoy_tls_v3.TlsParameters{} + } + + return makeTLSParametersFromTLSConfig(tlsConf.TLSMinVersion, tlsConf.TLSMaxVersion, tlsConf.CipherSuites) +} + +func makeTLSParametersFromTLSConfig( + tlsMinVersion types.TLSVersion, + tlsMaxVersion types.TLSVersion, + cipherSuites []types.TLSCipherSuite, +) *envoy_tls_v3.TlsParameters { + tlsParams := envoy_tls_v3.TlsParameters{} + + if tlsMinVersion != types.TLSVersionUnspecified { + if minVersion, ok := envoyTLSVersions[tlsMinVersion]; ok { + tlsParams.TlsMinimumProtocolVersion = minVersion + } + } + if tlsMaxVersion != types.TLSVersionUnspecified { + if maxVersion, ok := envoyTLSVersions[tlsMaxVersion]; ok { + tlsParams.TlsMaximumProtocolVersion = maxVersion + } + } + if len(cipherSuites) != 0 { + tlsParams.CipherSuites = types.MarshalEnvoyTLSCipherSuiteStrings(cipherSuites) + } + + return &tlsParams +} + +var envoyTLSVersions = map[types.TLSVersion]envoy_tls_v3.TlsParameters_TlsProtocol{ + types.TLSVersionAuto: envoy_tls_v3.TlsParameters_TLS_AUTO, + types.TLSv1_0: envoy_tls_v3.TlsParameters_TLSv1_0, + types.TLSv1_1: envoy_tls_v3.TlsParameters_TLSv1_1, + types.TLSv1_2: envoy_tls_v3.TlsParameters_TLSv1_2, + types.TLSv1_3: envoy_tls_v3.TlsParameters_TLSv1_3, +} diff --git a/agent/xds/listeners_ingress.go b/agent/xds/listeners_ingress.go index cd2023d2b..5261bdb50 100644 --- a/agent/xds/listeners_ingress.go +++ b/agent/xds/listeners_ingress.go @@ -214,23 +214,8 @@ func resolveListenerTLSConfig(gatewayTLSCfg *structs.GatewayTLSConfig, listenerC } } - var TLSVersionsWithConfigurableCipherSuites = map[types.TLSVersion]struct{}{ - // Remove these two if Envoy ever sets TLS 1.3 as default minimum - types.TLSVersionUnspecified: {}, - types.TLSVersionAuto: {}, - - types.TLSv1_0: {}, - types.TLSv1_1: {}, - types.TLSv1_2: {}, - } - - // Validate. Configuring cipher suites is only applicable to connections negotiated - // via TLS 1.2 or earlier. Other cases shouldn't be possible as we validate them at - // input but be resilient to bugs later. - if len(mergedCfg.CipherSuites) != 0 { - if _, ok := TLSVersionsWithConfigurableCipherSuites[mergedCfg.TLSMinVersion]; !ok { - return nil, fmt.Errorf("configuring CipherSuites is only applicable to connections negotiated with TLS 1.2 or earlier, TLSMinVersion is set to %s in listener or gateway config", mergedCfg.TLSMinVersion) - } + if err := validateListenerTLSConfig(mergedCfg.TLSMinVersion, mergedCfg.CipherSuites); err != nil { + return nil, err } return &mergedCfg, nil @@ -365,32 +350,8 @@ func makeSDSOverrideFilterChains(cfgSnap *proxycfg.ConfigSnapshot, return chains, nil } -var envoyTLSVersions = map[types.TLSVersion]envoy_tls_v3.TlsParameters_TlsProtocol{ - types.TLSVersionAuto: envoy_tls_v3.TlsParameters_TLS_AUTO, - types.TLSv1_0: envoy_tls_v3.TlsParameters_TLSv1_0, - types.TLSv1_1: envoy_tls_v3.TlsParameters_TLSv1_1, - types.TLSv1_2: envoy_tls_v3.TlsParameters_TLSv1_2, - types.TLSv1_3: envoy_tls_v3.TlsParameters_TLSv1_3, -} - func makeTLSParametersFromGatewayTLSConfig(tlsCfg structs.GatewayTLSConfig) *envoy_tls_v3.TlsParameters { - tlsParams := envoy_tls_v3.TlsParameters{} - - if tlsCfg.TLSMinVersion != types.TLSVersionUnspecified { - if minVersion, ok := envoyTLSVersions[tlsCfg.TLSMinVersion]; ok { - tlsParams.TlsMinimumProtocolVersion = minVersion - } - } - if tlsCfg.TLSMaxVersion != types.TLSVersionUnspecified { - if maxVersion, ok := envoyTLSVersions[tlsCfg.TLSMaxVersion]; ok { - tlsParams.TlsMaximumProtocolVersion = maxVersion - } - } - if len(tlsCfg.CipherSuites) != 0 { - tlsParams.CipherSuites = types.MarshalEnvoyTLSCipherSuiteStrings(tlsCfg.CipherSuites) - } - - return &tlsParams + return makeTLSParametersFromTLSConfig(tlsCfg.TLSMinVersion, tlsCfg.TLSMaxVersion, tlsCfg.CipherSuites) } func makeCommonTLSContextFromGatewayTLSConfig(tlsCfg structs.GatewayTLSConfig) *envoy_tls_v3.CommonTlsContext { diff --git a/agent/xds/listeners_test.go b/agent/xds/listeners_test.go index 71c5a09fe..d80cde7b1 100644 --- a/agent/xds/listeners_test.go +++ b/agent/xds/listeners_test.go @@ -43,6 +43,85 @@ func TestListenersFromSnapshot(t *testing.T) { return proxycfg.TestConfigSnapshot(t, nil, nil) }, }, + { + name: "connect-proxy-with-tls-outgoing-min-version-auto", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshot(t, nil, []cache.UpdateEvent{ + { + CorrelationID: "mesh", + Result: &structs.ConfigEntryResponse{ + Entry: &structs.MeshConfigEntry{ + TLS: &structs.MeshTLSConfig{ + Outgoing: &structs.MeshDirectionalTLSConfig{ + TLSMinVersion: types.TLSVersionAuto, + }, + }, + }, + }, + }, + }) + }, + }, + { + name: "connect-proxy-with-tls-incoming-min-version", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshot(t, nil, []cache.UpdateEvent{ + { + CorrelationID: "mesh", + Result: &structs.ConfigEntryResponse{ + Entry: &structs.MeshConfigEntry{ + TLS: &structs.MeshTLSConfig{ + Incoming: &structs.MeshDirectionalTLSConfig{ + TLSMinVersion: types.TLSv1_3, + }, + }, + }, + }, + }, + }) + }, + }, + { + name: "connect-proxy-with-tls-incoming-max-version", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshot(t, nil, []cache.UpdateEvent{ + { + CorrelationID: "mesh", + Result: &structs.ConfigEntryResponse{ + Entry: &structs.MeshConfigEntry{ + TLS: &structs.MeshTLSConfig{ + Incoming: &structs.MeshDirectionalTLSConfig{ + TLSMaxVersion: types.TLSv1_2, + }, + }, + }, + }, + }, + }) + }, + }, + { + name: "connect-proxy-with-tls-incoming-cipher-suites", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshot(t, nil, []cache.UpdateEvent{ + { + CorrelationID: "mesh", + Result: &structs.ConfigEntryResponse{ + Entry: &structs.MeshConfigEntry{ + TLS: &structs.MeshTLSConfig{ + Incoming: &structs.MeshDirectionalTLSConfig{ + CipherSuites: []types.TLSCipherSuite{ + types.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + types.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, + }, + }, + }, + }, + }, + }, + }) + }, + }, { name: "listener-bind-address", create: func(t testinf.T) *proxycfg.ConfigSnapshot { @@ -477,6 +556,66 @@ func TestListenersFromSnapshot(t *testing.T) { return proxycfg.TestConfigSnapshotTerminatingGateway(t, true, nil, nil) }, }, + { + name: "terminating-gateway-with-tls-incoming-min-version", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotTerminatingGateway(t, true, nil, []cache.UpdateEvent{ + { + CorrelationID: "mesh", + Result: &structs.ConfigEntryResponse{ + Entry: &structs.MeshConfigEntry{ + TLS: &structs.MeshTLSConfig{ + Incoming: &structs.MeshDirectionalTLSConfig{ + TLSMinVersion: types.TLSv1_3, + }, + }, + }, + }, + }, + }) + }, + }, + { + name: "terminating-gateway-with-tls-incoming-max-version", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotTerminatingGateway(t, true, nil, []cache.UpdateEvent{ + { + CorrelationID: "mesh", + Result: &structs.ConfigEntryResponse{ + Entry: &structs.MeshConfigEntry{ + TLS: &structs.MeshTLSConfig{ + Incoming: &structs.MeshDirectionalTLSConfig{ + TLSMaxVersion: types.TLSv1_2, + }, + }, + }, + }, + }, + }) + }, + }, + { + name: "terminating-gateway-with-tls-incoming-cipher-suites", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotTerminatingGateway(t, true, nil, []cache.UpdateEvent{ + { + CorrelationID: "mesh", + Result: &structs.ConfigEntryResponse{ + Entry: &structs.MeshConfigEntry{ + TLS: &structs.MeshTLSConfig{ + Incoming: &structs.MeshDirectionalTLSConfig{ + CipherSuites: []types.TLSCipherSuite{ + types.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + types.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, + }, + }, + }, + }, + }, + }, + }) + }, + }, { name: "terminating-gateway-no-services", create: func(t testinf.T) *proxycfg.ConfigSnapshot { diff --git a/agent/xds/testdata/clusters/connect-proxy-with-tls-outgoing-cipher-suites.envoy-1-20-x.golden b/agent/xds/testdata/clusters/connect-proxy-with-tls-outgoing-cipher-suites.envoy-1-20-x.golden new file mode 100644 index 000000000..3efce306b --- /dev/null +++ b/agent/xds/testdata/clusters/connect-proxy-with-tls-outgoing-cipher-suites.envoy-1-20-x.golden @@ -0,0 +1,151 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "type": "EDS", + "edsClusterConfig": { + "edsConfig": { + "ads": { + + }, + "resourceApiVersion": "V3" + } + }, + "connectTimeout": "5s", + "circuitBreakers": { + + }, + "outlierDetection": { + + }, + "commonLbConfig": { + "healthyPanicThreshold": { + + } + }, + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "commonTlsContext": { + "tlsParams": { + "cipherSuites": [ + "ECDHE-ECDSA-AES128-GCM-SHA256", + "ECDHE-ECDSA-CHACHA20-POLY1305" + ] + }, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" + }, + "matchSubjectAltNames": [ + { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } + ] + } + }, + "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + } + } + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", + "type": "EDS", + "edsClusterConfig": { + "edsConfig": { + "ads": { + + }, + "resourceApiVersion": "V3" + } + }, + "connectTimeout": "5s", + "circuitBreakers": { + + }, + "outlierDetection": { + + }, + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "commonTlsContext": { + "tlsParams": { + "cipherSuites": [ + "ECDHE-ECDSA-AES128-GCM-SHA256", + "ECDHE-ECDSA-CHACHA20-POLY1305" + ] + }, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" + }, + "matchSubjectAltNames": [ + { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + }, + { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } + ] + } + }, + "sni": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" + } + } + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "local_app", + "type": "STATIC", + "connectTimeout": "5s", + "loadAssignment": { + "clusterName": "local_app", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 8080 + } + } + } + } + ] + } + ] + } + } + ], + "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/connect-proxy-with-tls-outgoing-max-version.envoy-1-20-x.golden b/agent/xds/testdata/clusters/connect-proxy-with-tls-outgoing-max-version.envoy-1-20-x.golden new file mode 100644 index 000000000..afef227a2 --- /dev/null +++ b/agent/xds/testdata/clusters/connect-proxy-with-tls-outgoing-max-version.envoy-1-20-x.golden @@ -0,0 +1,145 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "type": "EDS", + "edsClusterConfig": { + "edsConfig": { + "ads": { + + }, + "resourceApiVersion": "V3" + } + }, + "connectTimeout": "5s", + "circuitBreakers": { + + }, + "outlierDetection": { + + }, + "commonLbConfig": { + "healthyPanicThreshold": { + + } + }, + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "commonTlsContext": { + "tlsParams": { + "tlsMaximumProtocolVersion": "TLSv1_2" + }, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" + }, + "matchSubjectAltNames": [ + { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } + ] + } + }, + "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + } + } + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", + "type": "EDS", + "edsClusterConfig": { + "edsConfig": { + "ads": { + + }, + "resourceApiVersion": "V3" + } + }, + "connectTimeout": "5s", + "circuitBreakers": { + + }, + "outlierDetection": { + + }, + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "commonTlsContext": { + "tlsParams": { + "tlsMaximumProtocolVersion": "TLSv1_2" + }, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" + }, + "matchSubjectAltNames": [ + { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + }, + { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } + ] + } + }, + "sni": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" + } + } + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "local_app", + "type": "STATIC", + "connectTimeout": "5s", + "loadAssignment": { + "clusterName": "local_app", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 8080 + } + } + } + } + ] + } + ] + } + } + ], + "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/connect-proxy-with-tls-outgoing-min-version-auto.envoy-1-20-x.golden b/agent/xds/testdata/clusters/connect-proxy-with-tls-outgoing-min-version-auto.envoy-1-20-x.golden new file mode 100644 index 000000000..2e3c9ea20 --- /dev/null +++ b/agent/xds/testdata/clusters/connect-proxy-with-tls-outgoing-min-version-auto.envoy-1-20-x.golden @@ -0,0 +1,145 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "type": "EDS", + "edsClusterConfig": { + "edsConfig": { + "ads": { + + }, + "resourceApiVersion": "V3" + } + }, + "connectTimeout": "5s", + "circuitBreakers": { + + }, + "outlierDetection": { + + }, + "commonLbConfig": { + "healthyPanicThreshold": { + + } + }, + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "commonTlsContext": { + "tlsParams": { + + }, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" + }, + "matchSubjectAltNames": [ + { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } + ] + } + }, + "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + } + } + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", + "type": "EDS", + "edsClusterConfig": { + "edsConfig": { + "ads": { + + }, + "resourceApiVersion": "V3" + } + }, + "connectTimeout": "5s", + "circuitBreakers": { + + }, + "outlierDetection": { + + }, + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "commonTlsContext": { + "tlsParams": { + + }, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" + }, + "matchSubjectAltNames": [ + { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + }, + { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } + ] + } + }, + "sni": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" + } + } + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "local_app", + "type": "STATIC", + "connectTimeout": "5s", + "loadAssignment": { + "clusterName": "local_app", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 8080 + } + } + } + } + ] + } + ] + } + } + ], + "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/connect-proxy-with-tls-outgoing-min-version.envoy-1-20-x.golden b/agent/xds/testdata/clusters/connect-proxy-with-tls-outgoing-min-version.envoy-1-20-x.golden new file mode 100644 index 000000000..9d8c283a4 --- /dev/null +++ b/agent/xds/testdata/clusters/connect-proxy-with-tls-outgoing-min-version.envoy-1-20-x.golden @@ -0,0 +1,145 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "type": "EDS", + "edsClusterConfig": { + "edsConfig": { + "ads": { + + }, + "resourceApiVersion": "V3" + } + }, + "connectTimeout": "5s", + "circuitBreakers": { + + }, + "outlierDetection": { + + }, + "commonLbConfig": { + "healthyPanicThreshold": { + + } + }, + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "commonTlsContext": { + "tlsParams": { + "tlsMinimumProtocolVersion": "TLSv1_3" + }, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" + }, + "matchSubjectAltNames": [ + { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } + ] + } + }, + "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + } + } + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", + "type": "EDS", + "edsClusterConfig": { + "edsConfig": { + "ads": { + + }, + "resourceApiVersion": "V3" + } + }, + "connectTimeout": "5s", + "circuitBreakers": { + + }, + "outlierDetection": { + + }, + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "commonTlsContext": { + "tlsParams": { + "tlsMinimumProtocolVersion": "TLSv1_3" + }, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" + }, + "matchSubjectAltNames": [ + { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + }, + { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } + ] + } + }, + "sni": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" + } + } + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "local_app", + "type": "STATIC", + "connectTimeout": "5s", + "loadAssignment": { + "clusterName": "local_app", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 8080 + } + } + } + } + ] + } + ] + } + } + ], + "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/ingress-gateway-with-tls-outgoing-cipher-suites.envoy-1-20-x.golden b/agent/xds/testdata/clusters/ingress-gateway-with-tls-outgoing-cipher-suites.envoy-1-20-x.golden new file mode 100644 index 000000000..6a64ad79b --- /dev/null +++ b/agent/xds/testdata/clusters/ingress-gateway-with-tls-outgoing-cipher-suites.envoy-1-20-x.golden @@ -0,0 +1,68 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "type": "EDS", + "edsClusterConfig": { + "edsConfig": { + "ads": { + + }, + "resourceApiVersion": "V3" + } + }, + "connectTimeout": "5s", + "circuitBreakers": { + + }, + "outlierDetection": { + + }, + "commonLbConfig": { + "healthyPanicThreshold": { + + } + }, + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "commonTlsContext": { + "tlsParams": { + "cipherSuites": [ + "ECDHE-ECDSA-AES128-GCM-SHA256", + "ECDHE-ECDSA-CHACHA20-POLY1305" + ] + }, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" + }, + "matchSubjectAltNames": [ + { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } + ] + } + }, + "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + } + } + } + ], + "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/ingress-gateway-with-tls-outgoing-max-version.envoy-1-20-x.golden b/agent/xds/testdata/clusters/ingress-gateway-with-tls-outgoing-max-version.envoy-1-20-x.golden new file mode 100644 index 000000000..eb24656eb --- /dev/null +++ b/agent/xds/testdata/clusters/ingress-gateway-with-tls-outgoing-max-version.envoy-1-20-x.golden @@ -0,0 +1,65 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "type": "EDS", + "edsClusterConfig": { + "edsConfig": { + "ads": { + + }, + "resourceApiVersion": "V3" + } + }, + "connectTimeout": "5s", + "circuitBreakers": { + + }, + "outlierDetection": { + + }, + "commonLbConfig": { + "healthyPanicThreshold": { + + } + }, + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "commonTlsContext": { + "tlsParams": { + "tlsMaximumProtocolVersion": "TLSv1_2" + }, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" + }, + "matchSubjectAltNames": [ + { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } + ] + } + }, + "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + } + } + } + ], + "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/ingress-gateway-with-tls-outgoing-min-version.envoy-1-20-x.golden b/agent/xds/testdata/clusters/ingress-gateway-with-tls-outgoing-min-version.envoy-1-20-x.golden new file mode 100644 index 000000000..1c29f4d25 --- /dev/null +++ b/agent/xds/testdata/clusters/ingress-gateway-with-tls-outgoing-min-version.envoy-1-20-x.golden @@ -0,0 +1,65 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "type": "EDS", + "edsClusterConfig": { + "edsConfig": { + "ads": { + + }, + "resourceApiVersion": "V3" + } + }, + "connectTimeout": "5s", + "circuitBreakers": { + + }, + "outlierDetection": { + + }, + "commonLbConfig": { + "healthyPanicThreshold": { + + } + }, + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "commonTlsContext": { + "tlsParams": { + "tlsMinimumProtocolVersion": "TLSv1_3" + }, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" + }, + "matchSubjectAltNames": [ + { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } + ] + } + }, + "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + } + } + } + ], + "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/connect-proxy-with-tls-incoming-cipher-suites.envoy-1-20-x.golden b/agent/xds/testdata/listeners/connect-proxy-with-tls-incoming-cipher-suites.envoy-1-20-x.golden new file mode 100644 index 000000000..05ed17d4e --- /dev/null +++ b/agent/xds/testdata/listeners/connect-proxy-with-tls-incoming-cipher-suites.envoy-1-20-x.golden @@ -0,0 +1,122 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "name": "db:127.0.0.1:9191", + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 9191 + } + }, + "filterChains": [ + { + "filters": [ + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.db.default.default.dc1", + "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + } + } + ] + } + ], + "trafficDirection": "OUTBOUND" + }, + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "name": "prepared_query:geo-cache:127.10.10.10:8181", + "address": { + "socketAddress": { + "address": "127.10.10.10", + "portValue": 8181 + } + }, + "filterChains": [ + { + "filters": [ + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.prepared_query_geo-cache", + "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" + } + } + ] + } + ], + "trafficDirection": "OUTBOUND" + }, + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "name": "public_listener:0.0.0.0:9999", + "address": { + "socketAddress": { + "address": "0.0.0.0", + "portValue": 9999 + } + }, + "filterChains": [ + { + "filters": [ + { + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": { + + }, + "statPrefix": "connect_authz" + } + }, + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "public_listener", + "cluster": "local_app" + } + } + ], + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", + "commonTlsContext": { + "tlsParams": { + "cipherSuites": [ + "ECDHE-ECDSA-AES128-GCM-SHA256", + "ECDHE-ECDSA-CHACHA20-POLY1305" + ] + }, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" + } + } + }, + "requireClientCertificate": true + } + } + } + ], + "trafficDirection": "INBOUND" + } + ], + "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/connect-proxy-with-tls-incoming-max-version.envoy-1-20-x.golden b/agent/xds/testdata/listeners/connect-proxy-with-tls-incoming-max-version.envoy-1-20-x.golden new file mode 100644 index 000000000..8f157291c --- /dev/null +++ b/agent/xds/testdata/listeners/connect-proxy-with-tls-incoming-max-version.envoy-1-20-x.golden @@ -0,0 +1,119 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "name": "db:127.0.0.1:9191", + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 9191 + } + }, + "filterChains": [ + { + "filters": [ + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.db.default.default.dc1", + "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + } + } + ] + } + ], + "trafficDirection": "OUTBOUND" + }, + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "name": "prepared_query:geo-cache:127.10.10.10:8181", + "address": { + "socketAddress": { + "address": "127.10.10.10", + "portValue": 8181 + } + }, + "filterChains": [ + { + "filters": [ + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.prepared_query_geo-cache", + "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" + } + } + ] + } + ], + "trafficDirection": "OUTBOUND" + }, + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "name": "public_listener:0.0.0.0:9999", + "address": { + "socketAddress": { + "address": "0.0.0.0", + "portValue": 9999 + } + }, + "filterChains": [ + { + "filters": [ + { + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": { + + }, + "statPrefix": "connect_authz" + } + }, + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "public_listener", + "cluster": "local_app" + } + } + ], + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", + "commonTlsContext": { + "tlsParams": { + "tlsMaximumProtocolVersion": "TLSv1_2" + }, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" + } + } + }, + "requireClientCertificate": true + } + } + } + ], + "trafficDirection": "INBOUND" + } + ], + "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/connect-proxy-with-tls-incoming-min-version.envoy-1-20-x.golden b/agent/xds/testdata/listeners/connect-proxy-with-tls-incoming-min-version.envoy-1-20-x.golden new file mode 100644 index 000000000..1081c4431 --- /dev/null +++ b/agent/xds/testdata/listeners/connect-proxy-with-tls-incoming-min-version.envoy-1-20-x.golden @@ -0,0 +1,119 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "name": "db:127.0.0.1:9191", + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 9191 + } + }, + "filterChains": [ + { + "filters": [ + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.db.default.default.dc1", + "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + } + } + ] + } + ], + "trafficDirection": "OUTBOUND" + }, + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "name": "prepared_query:geo-cache:127.10.10.10:8181", + "address": { + "socketAddress": { + "address": "127.10.10.10", + "portValue": 8181 + } + }, + "filterChains": [ + { + "filters": [ + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.prepared_query_geo-cache", + "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" + } + } + ] + } + ], + "trafficDirection": "OUTBOUND" + }, + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "name": "public_listener:0.0.0.0:9999", + "address": { + "socketAddress": { + "address": "0.0.0.0", + "portValue": 9999 + } + }, + "filterChains": [ + { + "filters": [ + { + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": { + + }, + "statPrefix": "connect_authz" + } + }, + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "public_listener", + "cluster": "local_app" + } + } + ], + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", + "commonTlsContext": { + "tlsParams": { + "tlsMinimumProtocolVersion": "TLSv1_3" + }, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" + } + } + }, + "requireClientCertificate": true + } + } + } + ], + "trafficDirection": "INBOUND" + } + ], + "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/connect-proxy-with-tls-outgoing-min-version-auto.envoy-1-20-x.golden b/agent/xds/testdata/listeners/connect-proxy-with-tls-outgoing-min-version-auto.envoy-1-20-x.golden new file mode 100644 index 000000000..57d50f71c --- /dev/null +++ b/agent/xds/testdata/listeners/connect-proxy-with-tls-outgoing-min-version-auto.envoy-1-20-x.golden @@ -0,0 +1,119 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "name": "db:127.0.0.1:9191", + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 9191 + } + }, + "filterChains": [ + { + "filters": [ + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.db.default.default.dc1", + "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + } + } + ] + } + ], + "trafficDirection": "OUTBOUND" + }, + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "name": "prepared_query:geo-cache:127.10.10.10:8181", + "address": { + "socketAddress": { + "address": "127.10.10.10", + "portValue": 8181 + } + }, + "filterChains": [ + { + "filters": [ + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.prepared_query_geo-cache", + "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" + } + } + ] + } + ], + "trafficDirection": "OUTBOUND" + }, + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "name": "public_listener:0.0.0.0:9999", + "address": { + "socketAddress": { + "address": "0.0.0.0", + "portValue": 9999 + } + }, + "filterChains": [ + { + "filters": [ + { + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": { + + }, + "statPrefix": "connect_authz" + } + }, + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "public_listener", + "cluster": "local_app" + } + } + ], + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", + "commonTlsContext": { + "tlsParams": { + + }, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" + } + } + }, + "requireClientCertificate": true + } + } + } + ], + "trafficDirection": "INBOUND" + } + ], + "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/terminating-gateway-with-tls-incoming-cipher-suites.envoy-1-20-x.golden b/agent/xds/testdata/listeners/terminating-gateway-with-tls-incoming-cipher-suites.envoy-1-20-x.golden new file mode 100644 index 000000000..7b8a7eb8f --- /dev/null +++ b/agent/xds/testdata/listeners/terminating-gateway-with-tls-incoming-cipher-suites.envoy-1-20-x.golden @@ -0,0 +1,268 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "name": "default:1.2.3.4:8443", + "address": { + "socketAddress": { + "address": "1.2.3.4", + "portValue": 8443 + } + }, + "filterChains": [ + { + "filterChainMatch": { + "serverNames": [ + "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + ] + }, + "filters": [ + { + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": { + + }, + "statPrefix": "connect_authz" + } + }, + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.api.default.default.dc1", + "cluster": "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + } + } + ], + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", + "commonTlsContext": { + "tlsParams": { + "cipherSuites": [ + "ECDHE-ECDSA-AES128-GCM-SHA256", + "ECDHE-ECDSA-CHACHA20-POLY1305" + ] + }, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICnTCCAkKgAwIBAgIRAJrvEdaRAkSltrotd/l/j2cwCgYIKoZIzj0EAwIwgbgx\nCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj\nbzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw\nFQYDVQQKEw5IYXNoaUNvcnAgSW5jLjE/MD0GA1UEAxM2Q29uc3VsIEFnZW50IENB\nIDk2NjM4NzM1MDkzNTU5NTIwNDk3MTQwOTU3MDY1MTc0OTg3NDMxMB4XDTIwMDQx\nNDIyMzE1MloXDTIxMDQxNDIyMzE1MlowHDEaMBgGA1UEAxMRc2VydmVyLmRjMS5j\nb25zdWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ4v0FoIYI0OWmxE2MR6w5l\n0pWGhc02RpsOPj/6RS1fmXMMu7JzPzwCmkGcR16RlwwhNFKCZsWpvAjVRHf/pTp+\no4HHMIHEMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB\nBQUHAwIwDAYDVR0TAQH/BAIwADApBgNVHQ4EIgQgk7kABFitAy3PluyNtmzYiC7H\njSN8W/K/OXNJQAQAscMwKwYDVR0jBCQwIoAgNKbPPepvRHXSAPTc+a/BXBzFX1qJ\ny+Zi7qtjlFX7qtUwLQYDVR0RBCYwJIIRc2VydmVyLmRjMS5jb25zdWyCCWxvY2Fs\naG9zdIcEfwAAATAKBggqhkjOPQQDAgNJADBGAiEAhP4HmN5BWysWTbQWClXaWUah\nLpBGFrvc/2cCQuyEZKsCIQD6JyYCYMArtWwZ4G499zktxrFlqfX14bqyONrxtA5I\nDw==\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIE3KbKXHdsa0vvC1fysQaGdoJRgjRALIolI4XJanie+coAoGCCqGSM49\nAwEHoUQDQgAEOL9BaCGCNDlpsRNjEesOZdKVhoXNNkabDj4/+kUtX5lzDLuycz88\nAppBnEdekZcMITRSgmbFqbwI1UR3/6U6fg==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" + } + } + }, + "requireClientCertificate": true + } + } + }, + { + "filterChainMatch": { + "serverNames": [ + "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + ] + }, + "filters": [ + { + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": { + + }, + "statPrefix": "connect_authz" + } + }, + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.cache.default.default.dc1", + "cluster": "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + } + } + ], + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", + "commonTlsContext": { + "tlsParams": { + "cipherSuites": [ + "ECDHE-ECDSA-AES128-GCM-SHA256", + "ECDHE-ECDSA-CHACHA20-POLY1305" + ] + }, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICmjCCAkGgAwIBAgIQe1ZmC0rzRwer6jaH1YIUIjAKBggqhkjOPQQDAjCBuDEL\nMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv\nMRowGAYDVQQJExExMDEgU2Vjb25kIFN0cmVldDEOMAwGA1UEERMFOTQxMDUxFzAV\nBgNVBAoTDkhhc2hpQ29ycCBJbmMuMT8wPQYDVQQDEzZDb25zdWwgQWdlbnQgQ0Eg\nODE5ODAwNjg0MDM0MTM3ODkyNDYxNTA1MDk0NDU3OTU1MTQxNjEwHhcNMjAwNjE5\nMTU1MjAzWhcNMjEwNjE5MTU1MjAzWjAcMRowGAYDVQQDExFzZXJ2ZXIuZGMxLmNv\nbnN1bDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABH2aWaaa3fpQLBayheHiKlrH\n+z53m0frfGknKjOhOPVYDVHV8x0OE01negswVQbKHAtxPf1M8Zy+WbI9rK7Ua1mj\ngccwgcQwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF\nBQcDAjAMBgNVHRMBAf8EAjAAMCkGA1UdDgQiBCDf9CPBSUwwZvpeW73oJLTmgQE2\ntW1NKpL5t1uq9WFcqDArBgNVHSMEJDAigCCPPd/NxgZB0tq2M8pdVpPj3Cr79iTv\ni4/T1ysodfMb7zAtBgNVHREEJjAkghFzZXJ2ZXIuZGMxLmNvbnN1bIIJbG9jYWxo\nb3N0hwR/AAABMAoGCCqGSM49BAMCA0cAMEQCIFCjFZAoXq0s2ied2eIBv0i1KoW5\nIhCylnKFt6iHkyDeAiBBCByTcjHRgEQmqyPojQKoO584EFiczTub9aWdnf9tEw==\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEINsen3S8xzxMrKcRZIvxXzhKDn43Tw9ttqWEFU9TqS5hoAoGCCqGSM49\nAwEHoUQDQgAEfZpZpprd+lAsFrKF4eIqWsf7PnebR+t8aScqM6E49VgNUdXzHQ4T\nTWd6CzBVBsocC3E9/UzxnL5Zsj2srtRrWQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" + } + } + }, + "requireClientCertificate": true + } + } + }, + { + "filterChainMatch": { + "serverNames": [ + "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + ] + }, + "filters": [ + { + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": { + + }, + "statPrefix": "connect_authz" + } + }, + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.db.default.default.dc1", + "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + } + } + ], + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", + "commonTlsContext": { + "tlsParams": { + "cipherSuites": [ + "ECDHE-ECDSA-AES128-GCM-SHA256", + "ECDHE-ECDSA-CHACHA20-POLY1305" + ] + }, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICnTCCAkOgAwIBAgIRAKF+qDJbaOULNL1TIatrsBowCgYIKoZIzj0EAwIwgbkx\nCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj\nbzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw\nFQYDVQQKEw5IYXNoaUNvcnAgSW5jLjFAMD4GA1UEAxM3Q29uc3VsIEFnZW50IENB\nIDE4Nzg3MDAwNjUzMDcxOTYzNTk1ODkwNTE1ODY1NjEzMDA2MTU0NDAeFw0yMDA2\nMTkxNTMxMzRaFw0yMTA2MTkxNTMxMzRaMBwxGjAYBgNVBAMTEXNlcnZlci5kYzEu\nY29uc3VsMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdQ8Igci5f7ZvvCVsxXt9\ntLfvczD+60XHg0OC0+Aka7ZjQfbEjQwZbz/82EwPoS7Dqo3LTK4IuelOimoNNxuk\nkaOBxzCBxDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG\nAQUFBwMCMAwGA1UdEwEB/wQCMAAwKQYDVR0OBCIEILzTLkfJcdWQnTMKUcai/YJq\n0RqH1pjCqtY7SOU4gGOTMCsGA1UdIwQkMCKAIMa2vNcTEC5AGfHIYARJ/4sodX0o\nLzCj3lpw7BcEzPTcMC0GA1UdEQQmMCSCEXNlcnZlci5kYzEuY29uc3Vsgglsb2Nh\nbGhvc3SHBH8AAAEwCgYIKoZIzj0EAwIDSAAwRQIgBZ/Z4GSLEc98WvT/qjTVCNTG\n1WNaAaesVbkRx+J0yl8CIQDAVoqY9ByA5vKHjnQrxWlc/JUtJz8wudg7e/OCRriP\nSg==\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIN1v14FaNxgY4MgjDOOWthen8dgwB0lNMs9/j2TfrnxzoAoGCCqGSM49\nAwEHoUQDQgAEdQ8Igci5f7ZvvCVsxXt9tLfvczD+60XHg0OC0+Aka7ZjQfbEjQwZ\nbz/82EwPoS7Dqo3LTK4IuelOimoNNxukkQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" + } + } + }, + "requireClientCertificate": true + } + } + }, + { + "filterChainMatch": { + "serverNames": [ + "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + ] + }, + "filters": [ + { + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": { + + }, + "statPrefix": "connect_authz" + } + }, + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.web.default.default.dc1", + "cluster": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + } + } + ], + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", + "commonTlsContext": { + "tlsParams": { + "cipherSuites": [ + "ECDHE-ECDSA-AES128-GCM-SHA256", + "ECDHE-ECDSA-CHACHA20-POLY1305" + ] + }, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" + } + } + }, + "requireClientCertificate": true + } + } + }, + { + "filters": [ + { + "name": "envoy.filters.network.sni_cluster" + }, + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "terminating_gateway.default", + "cluster": "" + } + } + ] + } + ], + "listenerFilters": [ + { + "name": "envoy.filters.listener.tls_inspector" + } + ], + "trafficDirection": "INBOUND" + } + ], + "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/terminating-gateway-with-tls-incoming-max-version.envoy-1-20-x.golden b/agent/xds/testdata/listeners/terminating-gateway-with-tls-incoming-max-version.envoy-1-20-x.golden new file mode 100644 index 000000000..433a49902 --- /dev/null +++ b/agent/xds/testdata/listeners/terminating-gateway-with-tls-incoming-max-version.envoy-1-20-x.golden @@ -0,0 +1,256 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "name": "default:1.2.3.4:8443", + "address": { + "socketAddress": { + "address": "1.2.3.4", + "portValue": 8443 + } + }, + "filterChains": [ + { + "filterChainMatch": { + "serverNames": [ + "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + ] + }, + "filters": [ + { + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": { + + }, + "statPrefix": "connect_authz" + } + }, + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.api.default.default.dc1", + "cluster": "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + } + } + ], + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", + "commonTlsContext": { + "tlsParams": { + "tlsMaximumProtocolVersion": "TLSv1_2" + }, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICnTCCAkKgAwIBAgIRAJrvEdaRAkSltrotd/l/j2cwCgYIKoZIzj0EAwIwgbgx\nCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj\nbzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw\nFQYDVQQKEw5IYXNoaUNvcnAgSW5jLjE/MD0GA1UEAxM2Q29uc3VsIEFnZW50IENB\nIDk2NjM4NzM1MDkzNTU5NTIwNDk3MTQwOTU3MDY1MTc0OTg3NDMxMB4XDTIwMDQx\nNDIyMzE1MloXDTIxMDQxNDIyMzE1MlowHDEaMBgGA1UEAxMRc2VydmVyLmRjMS5j\nb25zdWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ4v0FoIYI0OWmxE2MR6w5l\n0pWGhc02RpsOPj/6RS1fmXMMu7JzPzwCmkGcR16RlwwhNFKCZsWpvAjVRHf/pTp+\no4HHMIHEMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB\nBQUHAwIwDAYDVR0TAQH/BAIwADApBgNVHQ4EIgQgk7kABFitAy3PluyNtmzYiC7H\njSN8W/K/OXNJQAQAscMwKwYDVR0jBCQwIoAgNKbPPepvRHXSAPTc+a/BXBzFX1qJ\ny+Zi7qtjlFX7qtUwLQYDVR0RBCYwJIIRc2VydmVyLmRjMS5jb25zdWyCCWxvY2Fs\naG9zdIcEfwAAATAKBggqhkjOPQQDAgNJADBGAiEAhP4HmN5BWysWTbQWClXaWUah\nLpBGFrvc/2cCQuyEZKsCIQD6JyYCYMArtWwZ4G499zktxrFlqfX14bqyONrxtA5I\nDw==\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIE3KbKXHdsa0vvC1fysQaGdoJRgjRALIolI4XJanie+coAoGCCqGSM49\nAwEHoUQDQgAEOL9BaCGCNDlpsRNjEesOZdKVhoXNNkabDj4/+kUtX5lzDLuycz88\nAppBnEdekZcMITRSgmbFqbwI1UR3/6U6fg==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" + } + } + }, + "requireClientCertificate": true + } + } + }, + { + "filterChainMatch": { + "serverNames": [ + "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + ] + }, + "filters": [ + { + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": { + + }, + "statPrefix": "connect_authz" + } + }, + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.cache.default.default.dc1", + "cluster": "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + } + } + ], + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", + "commonTlsContext": { + "tlsParams": { + "tlsMaximumProtocolVersion": "TLSv1_2" + }, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICmjCCAkGgAwIBAgIQe1ZmC0rzRwer6jaH1YIUIjAKBggqhkjOPQQDAjCBuDEL\nMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv\nMRowGAYDVQQJExExMDEgU2Vjb25kIFN0cmVldDEOMAwGA1UEERMFOTQxMDUxFzAV\nBgNVBAoTDkhhc2hpQ29ycCBJbmMuMT8wPQYDVQQDEzZDb25zdWwgQWdlbnQgQ0Eg\nODE5ODAwNjg0MDM0MTM3ODkyNDYxNTA1MDk0NDU3OTU1MTQxNjEwHhcNMjAwNjE5\nMTU1MjAzWhcNMjEwNjE5MTU1MjAzWjAcMRowGAYDVQQDExFzZXJ2ZXIuZGMxLmNv\nbnN1bDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABH2aWaaa3fpQLBayheHiKlrH\n+z53m0frfGknKjOhOPVYDVHV8x0OE01negswVQbKHAtxPf1M8Zy+WbI9rK7Ua1mj\ngccwgcQwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF\nBQcDAjAMBgNVHRMBAf8EAjAAMCkGA1UdDgQiBCDf9CPBSUwwZvpeW73oJLTmgQE2\ntW1NKpL5t1uq9WFcqDArBgNVHSMEJDAigCCPPd/NxgZB0tq2M8pdVpPj3Cr79iTv\ni4/T1ysodfMb7zAtBgNVHREEJjAkghFzZXJ2ZXIuZGMxLmNvbnN1bIIJbG9jYWxo\nb3N0hwR/AAABMAoGCCqGSM49BAMCA0cAMEQCIFCjFZAoXq0s2ied2eIBv0i1KoW5\nIhCylnKFt6iHkyDeAiBBCByTcjHRgEQmqyPojQKoO584EFiczTub9aWdnf9tEw==\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEINsen3S8xzxMrKcRZIvxXzhKDn43Tw9ttqWEFU9TqS5hoAoGCCqGSM49\nAwEHoUQDQgAEfZpZpprd+lAsFrKF4eIqWsf7PnebR+t8aScqM6E49VgNUdXzHQ4T\nTWd6CzBVBsocC3E9/UzxnL5Zsj2srtRrWQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" + } + } + }, + "requireClientCertificate": true + } + } + }, + { + "filterChainMatch": { + "serverNames": [ + "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + ] + }, + "filters": [ + { + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": { + + }, + "statPrefix": "connect_authz" + } + }, + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.db.default.default.dc1", + "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + } + } + ], + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", + "commonTlsContext": { + "tlsParams": { + "tlsMaximumProtocolVersion": "TLSv1_2" + }, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICnTCCAkOgAwIBAgIRAKF+qDJbaOULNL1TIatrsBowCgYIKoZIzj0EAwIwgbkx\nCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj\nbzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw\nFQYDVQQKEw5IYXNoaUNvcnAgSW5jLjFAMD4GA1UEAxM3Q29uc3VsIEFnZW50IENB\nIDE4Nzg3MDAwNjUzMDcxOTYzNTk1ODkwNTE1ODY1NjEzMDA2MTU0NDAeFw0yMDA2\nMTkxNTMxMzRaFw0yMTA2MTkxNTMxMzRaMBwxGjAYBgNVBAMTEXNlcnZlci5kYzEu\nY29uc3VsMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdQ8Igci5f7ZvvCVsxXt9\ntLfvczD+60XHg0OC0+Aka7ZjQfbEjQwZbz/82EwPoS7Dqo3LTK4IuelOimoNNxuk\nkaOBxzCBxDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG\nAQUFBwMCMAwGA1UdEwEB/wQCMAAwKQYDVR0OBCIEILzTLkfJcdWQnTMKUcai/YJq\n0RqH1pjCqtY7SOU4gGOTMCsGA1UdIwQkMCKAIMa2vNcTEC5AGfHIYARJ/4sodX0o\nLzCj3lpw7BcEzPTcMC0GA1UdEQQmMCSCEXNlcnZlci5kYzEuY29uc3Vsgglsb2Nh\nbGhvc3SHBH8AAAEwCgYIKoZIzj0EAwIDSAAwRQIgBZ/Z4GSLEc98WvT/qjTVCNTG\n1WNaAaesVbkRx+J0yl8CIQDAVoqY9ByA5vKHjnQrxWlc/JUtJz8wudg7e/OCRriP\nSg==\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIN1v14FaNxgY4MgjDOOWthen8dgwB0lNMs9/j2TfrnxzoAoGCCqGSM49\nAwEHoUQDQgAEdQ8Igci5f7ZvvCVsxXt9tLfvczD+60XHg0OC0+Aka7ZjQfbEjQwZ\nbz/82EwPoS7Dqo3LTK4IuelOimoNNxukkQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" + } + } + }, + "requireClientCertificate": true + } + } + }, + { + "filterChainMatch": { + "serverNames": [ + "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + ] + }, + "filters": [ + { + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": { + + }, + "statPrefix": "connect_authz" + } + }, + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.web.default.default.dc1", + "cluster": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + } + } + ], + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", + "commonTlsContext": { + "tlsParams": { + "tlsMaximumProtocolVersion": "TLSv1_2" + }, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" + } + } + }, + "requireClientCertificate": true + } + } + }, + { + "filters": [ + { + "name": "envoy.filters.network.sni_cluster" + }, + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "terminating_gateway.default", + "cluster": "" + } + } + ] + } + ], + "listenerFilters": [ + { + "name": "envoy.filters.listener.tls_inspector" + } + ], + "trafficDirection": "INBOUND" + } + ], + "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/terminating-gateway-with-tls-incoming-min-version.envoy-1-20-x.golden b/agent/xds/testdata/listeners/terminating-gateway-with-tls-incoming-min-version.envoy-1-20-x.golden new file mode 100644 index 000000000..74a08b900 --- /dev/null +++ b/agent/xds/testdata/listeners/terminating-gateway-with-tls-incoming-min-version.envoy-1-20-x.golden @@ -0,0 +1,256 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "name": "default:1.2.3.4:8443", + "address": { + "socketAddress": { + "address": "1.2.3.4", + "portValue": 8443 + } + }, + "filterChains": [ + { + "filterChainMatch": { + "serverNames": [ + "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + ] + }, + "filters": [ + { + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": { + + }, + "statPrefix": "connect_authz" + } + }, + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.api.default.default.dc1", + "cluster": "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + } + } + ], + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", + "commonTlsContext": { + "tlsParams": { + "tlsMinimumProtocolVersion": "TLSv1_3" + }, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICnTCCAkKgAwIBAgIRAJrvEdaRAkSltrotd/l/j2cwCgYIKoZIzj0EAwIwgbgx\nCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj\nbzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw\nFQYDVQQKEw5IYXNoaUNvcnAgSW5jLjE/MD0GA1UEAxM2Q29uc3VsIEFnZW50IENB\nIDk2NjM4NzM1MDkzNTU5NTIwNDk3MTQwOTU3MDY1MTc0OTg3NDMxMB4XDTIwMDQx\nNDIyMzE1MloXDTIxMDQxNDIyMzE1MlowHDEaMBgGA1UEAxMRc2VydmVyLmRjMS5j\nb25zdWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ4v0FoIYI0OWmxE2MR6w5l\n0pWGhc02RpsOPj/6RS1fmXMMu7JzPzwCmkGcR16RlwwhNFKCZsWpvAjVRHf/pTp+\no4HHMIHEMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB\nBQUHAwIwDAYDVR0TAQH/BAIwADApBgNVHQ4EIgQgk7kABFitAy3PluyNtmzYiC7H\njSN8W/K/OXNJQAQAscMwKwYDVR0jBCQwIoAgNKbPPepvRHXSAPTc+a/BXBzFX1qJ\ny+Zi7qtjlFX7qtUwLQYDVR0RBCYwJIIRc2VydmVyLmRjMS5jb25zdWyCCWxvY2Fs\naG9zdIcEfwAAATAKBggqhkjOPQQDAgNJADBGAiEAhP4HmN5BWysWTbQWClXaWUah\nLpBGFrvc/2cCQuyEZKsCIQD6JyYCYMArtWwZ4G499zktxrFlqfX14bqyONrxtA5I\nDw==\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIE3KbKXHdsa0vvC1fysQaGdoJRgjRALIolI4XJanie+coAoGCCqGSM49\nAwEHoUQDQgAEOL9BaCGCNDlpsRNjEesOZdKVhoXNNkabDj4/+kUtX5lzDLuycz88\nAppBnEdekZcMITRSgmbFqbwI1UR3/6U6fg==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" + } + } + }, + "requireClientCertificate": true + } + } + }, + { + "filterChainMatch": { + "serverNames": [ + "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + ] + }, + "filters": [ + { + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": { + + }, + "statPrefix": "connect_authz" + } + }, + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.cache.default.default.dc1", + "cluster": "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + } + } + ], + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", + "commonTlsContext": { + "tlsParams": { + "tlsMinimumProtocolVersion": "TLSv1_3" + }, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICmjCCAkGgAwIBAgIQe1ZmC0rzRwer6jaH1YIUIjAKBggqhkjOPQQDAjCBuDEL\nMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv\nMRowGAYDVQQJExExMDEgU2Vjb25kIFN0cmVldDEOMAwGA1UEERMFOTQxMDUxFzAV\nBgNVBAoTDkhhc2hpQ29ycCBJbmMuMT8wPQYDVQQDEzZDb25zdWwgQWdlbnQgQ0Eg\nODE5ODAwNjg0MDM0MTM3ODkyNDYxNTA1MDk0NDU3OTU1MTQxNjEwHhcNMjAwNjE5\nMTU1MjAzWhcNMjEwNjE5MTU1MjAzWjAcMRowGAYDVQQDExFzZXJ2ZXIuZGMxLmNv\nbnN1bDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABH2aWaaa3fpQLBayheHiKlrH\n+z53m0frfGknKjOhOPVYDVHV8x0OE01negswVQbKHAtxPf1M8Zy+WbI9rK7Ua1mj\ngccwgcQwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF\nBQcDAjAMBgNVHRMBAf8EAjAAMCkGA1UdDgQiBCDf9CPBSUwwZvpeW73oJLTmgQE2\ntW1NKpL5t1uq9WFcqDArBgNVHSMEJDAigCCPPd/NxgZB0tq2M8pdVpPj3Cr79iTv\ni4/T1ysodfMb7zAtBgNVHREEJjAkghFzZXJ2ZXIuZGMxLmNvbnN1bIIJbG9jYWxo\nb3N0hwR/AAABMAoGCCqGSM49BAMCA0cAMEQCIFCjFZAoXq0s2ied2eIBv0i1KoW5\nIhCylnKFt6iHkyDeAiBBCByTcjHRgEQmqyPojQKoO584EFiczTub9aWdnf9tEw==\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEINsen3S8xzxMrKcRZIvxXzhKDn43Tw9ttqWEFU9TqS5hoAoGCCqGSM49\nAwEHoUQDQgAEfZpZpprd+lAsFrKF4eIqWsf7PnebR+t8aScqM6E49VgNUdXzHQ4T\nTWd6CzBVBsocC3E9/UzxnL5Zsj2srtRrWQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" + } + } + }, + "requireClientCertificate": true + } + } + }, + { + "filterChainMatch": { + "serverNames": [ + "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + ] + }, + "filters": [ + { + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": { + + }, + "statPrefix": "connect_authz" + } + }, + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.db.default.default.dc1", + "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + } + } + ], + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", + "commonTlsContext": { + "tlsParams": { + "tlsMinimumProtocolVersion": "TLSv1_3" + }, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICnTCCAkOgAwIBAgIRAKF+qDJbaOULNL1TIatrsBowCgYIKoZIzj0EAwIwgbkx\nCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj\nbzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw\nFQYDVQQKEw5IYXNoaUNvcnAgSW5jLjFAMD4GA1UEAxM3Q29uc3VsIEFnZW50IENB\nIDE4Nzg3MDAwNjUzMDcxOTYzNTk1ODkwNTE1ODY1NjEzMDA2MTU0NDAeFw0yMDA2\nMTkxNTMxMzRaFw0yMTA2MTkxNTMxMzRaMBwxGjAYBgNVBAMTEXNlcnZlci5kYzEu\nY29uc3VsMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdQ8Igci5f7ZvvCVsxXt9\ntLfvczD+60XHg0OC0+Aka7ZjQfbEjQwZbz/82EwPoS7Dqo3LTK4IuelOimoNNxuk\nkaOBxzCBxDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG\nAQUFBwMCMAwGA1UdEwEB/wQCMAAwKQYDVR0OBCIEILzTLkfJcdWQnTMKUcai/YJq\n0RqH1pjCqtY7SOU4gGOTMCsGA1UdIwQkMCKAIMa2vNcTEC5AGfHIYARJ/4sodX0o\nLzCj3lpw7BcEzPTcMC0GA1UdEQQmMCSCEXNlcnZlci5kYzEuY29uc3Vsgglsb2Nh\nbGhvc3SHBH8AAAEwCgYIKoZIzj0EAwIDSAAwRQIgBZ/Z4GSLEc98WvT/qjTVCNTG\n1WNaAaesVbkRx+J0yl8CIQDAVoqY9ByA5vKHjnQrxWlc/JUtJz8wudg7e/OCRriP\nSg==\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIN1v14FaNxgY4MgjDOOWthen8dgwB0lNMs9/j2TfrnxzoAoGCCqGSM49\nAwEHoUQDQgAEdQ8Igci5f7ZvvCVsxXt9tLfvczD+60XHg0OC0+Aka7ZjQfbEjQwZ\nbz/82EwPoS7Dqo3LTK4IuelOimoNNxukkQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" + } + } + }, + "requireClientCertificate": true + } + } + }, + { + "filterChainMatch": { + "serverNames": [ + "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + ] + }, + "filters": [ + { + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": { + + }, + "statPrefix": "connect_authz" + } + }, + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.web.default.default.dc1", + "cluster": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + } + } + ], + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", + "commonTlsContext": { + "tlsParams": { + "tlsMinimumProtocolVersion": "TLSv1_3" + }, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" + } + } + }, + "requireClientCertificate": true + } + } + }, + { + "filters": [ + { + "name": "envoy.filters.network.sni_cluster" + }, + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "terminating_gateway.default", + "cluster": "" + } + } + ] + } + ], + "listenerFilters": [ + { + "name": "envoy.filters.listener.tls_inspector" + } + ], + "trafficDirection": "INBOUND" + } + ], + "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", + "nonce": "00000001" +} \ No newline at end of file diff --git a/api/config_entry.go b/api/config_entry.go index 91c407bb5..ace5894cb 100644 --- a/api/config_entry.go +++ b/api/config_entry.go @@ -244,9 +244,10 @@ type ProxyConfigEntry struct { Config map[string]interface{} `json:",omitempty"` MeshGateway MeshGatewayConfig `json:",omitempty" alias:"mesh_gateway"` Expose ExposeConfig `json:",omitempty"` - Meta map[string]string `json:",omitempty"` - CreateIndex uint64 - ModifyIndex uint64 + + Meta map[string]string `json:",omitempty"` + CreateIndex uint64 + ModifyIndex uint64 } func (p *ProxyConfigEntry) GetKind() string { return p.Kind } diff --git a/api/config_entry_mesh.go b/api/config_entry_mesh.go index f58fabc17..30fab166c 100644 --- a/api/config_entry_mesh.go +++ b/api/config_entry_mesh.go @@ -17,6 +17,8 @@ type MeshConfigEntry struct { // in transparent mode. TransparentProxy TransparentProxyMeshConfig `alias:"transparent_proxy"` + TLS *MeshTLSConfig `json:",omitempty"` + Meta map[string]string `json:",omitempty"` // CreateIndex is the Raft index this entry was created at. This is a @@ -33,6 +35,17 @@ type TransparentProxyMeshConfig struct { MeshDestinationsOnly bool `alias:"mesh_destinations_only"` } +type MeshTLSConfig struct { + Incoming *MeshDirectionalTLSConfig `json:",omitempty"` + Outgoing *MeshDirectionalTLSConfig `json:",omitempty"` +} + +type MeshDirectionalTLSConfig struct { + TLSMinVersion string `json:",omitempty" alias:"tls_min_version"` + TLSMaxVersion string `json:",omitempty" alias:"tls_max_version"` + CipherSuites []string `json:",omitempty" alias:"cipher_suites"` +} + func (e *MeshConfigEntry) GetKind() string { return MeshConfig } func (e *MeshConfigEntry) GetName() string { return MeshConfigMesh } func (e *MeshConfigEntry) GetPartition() string { return e.Partition } diff --git a/api/config_entry_test.go b/api/config_entry_test.go index f072bea91..0f38f62cd 100644 --- a/api/config_entry_test.go +++ b/api/config_entry_test.go @@ -1260,6 +1260,24 @@ func TestDecodeConfigEntry(t *testing.T) { }, "TransparentProxy": { "MeshDestinationsOnly": true + }, + "TLS": { + "Incoming": { + "TLSMinVersion": "TLSv1_1", + "TLSMaxVersion": "TLSv1_2", + "CipherSuites": [ + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" + ] + }, + "Outgoing": { + "TLSMinVersion": "TLSv1_1", + "TLSMaxVersion": "TLSv1_2", + "CipherSuites": [ + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" + ] + } } } `, @@ -1271,6 +1289,24 @@ func TestDecodeConfigEntry(t *testing.T) { TransparentProxy: TransparentProxyMeshConfig{ MeshDestinationsOnly: true, }, + TLS: &MeshTLSConfig{ + Incoming: &MeshDirectionalTLSConfig{ + TLSMinVersion: "TLSv1_1", + TLSMaxVersion: "TLSv1_2", + CipherSuites: []string{ + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", + }, + }, + Outgoing: &MeshDirectionalTLSConfig{ + TLSMinVersion: "TLSv1_1", + TLSMaxVersion: "TLSv1_2", + CipherSuites: []string{ + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", + }, + }, + }, }, }, } { diff --git a/command/config/write/config_write_test.go b/command/config/write/config_write_test.go index 3128233fe..a55253d48 100644 --- a/command/config/write/config_write_test.go +++ b/command/config/write/config_write_test.go @@ -2737,6 +2737,24 @@ func TestParseConfigEntry(t *testing.T) { transparent_proxy { mesh_destinations_only = true } + tls { + incoming { + tls_min_version = "TLSv1_1" + tls_max_version = "TLSv1_2" + cipher_suites = [ + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" + ] + } + outgoing { + tls_min_version = "TLSv1_1" + tls_max_version = "TLSv1_2" + cipher_suites = [ + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" + ] + } + } `, camel: ` Kind = "mesh" @@ -2747,6 +2765,24 @@ func TestParseConfigEntry(t *testing.T) { TransparentProxy { MeshDestinationsOnly = true } + TLS { + Incoming { + TLSMinVersion = "TLSv1_1" + TLSMaxVersion = "TLSv1_2" + CipherSuites = [ + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" + ] + } + Outgoing { + TLSMinVersion = "TLSv1_1" + TLSMaxVersion = "TLSv1_2" + CipherSuites = [ + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" + ] + } + } `, snakeJSON: ` { @@ -2757,6 +2793,24 @@ func TestParseConfigEntry(t *testing.T) { }, "transparent_proxy": { "mesh_destinations_only": true + }, + "tls": { + "incoming": { + "tls_min_version": "TLSv1_1", + "tls_max_version": "TLSv1_2", + "cipher_suites": [ + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" + ] + }, + "outgoing": { + "tls_min_version": "TLSv1_1", + "tls_max_version": "TLSv1_2", + "cipher_suites": [ + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" + ] + } } } `, @@ -2769,6 +2823,24 @@ func TestParseConfigEntry(t *testing.T) { }, "TransparentProxy": { "MeshDestinationsOnly": true + }, + "TLS": { + "Incoming": { + "TLSMinVersion": "TLSv1_1", + "TLSMaxVersion": "TLSv1_2", + "CipherSuites": [ + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" + ] + }, + "Outgoing": { + "TLSMinVersion": "TLSv1_1", + "TLSMaxVersion": "TLSv1_2", + "CipherSuites": [ + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" + ] + } } } `, @@ -2780,6 +2852,24 @@ func TestParseConfigEntry(t *testing.T) { TransparentProxy: api.TransparentProxyMeshConfig{ MeshDestinationsOnly: true, }, + TLS: &api.MeshTLSConfig{ + Incoming: &api.MeshDirectionalTLSConfig{ + TLSMinVersion: "TLSv1_1", + TLSMaxVersion: "TLSv1_2", + CipherSuites: []string{ + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", + }, + }, + Outgoing: &api.MeshDirectionalTLSConfig{ + TLSMinVersion: "TLSv1_1", + TLSMaxVersion: "TLSv1_2", + CipherSuites: []string{ + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", + }, + }, + }, }, }, { diff --git a/website/content/docs/connect/config-entries/mesh.mdx b/website/content/docs/connect/config-entries/mesh.mdx index 7a633e056..a72a54aa0 100644 --- a/website/content/docs/connect/config-entries/mesh.mdx +++ b/website/content/docs/connect/config-entries/mesh.mdx @@ -17,6 +17,99 @@ Settings in this config entry apply across all namespaces and federated datacent ## Sample Configuration Entries +### Mesh-wide TLS Min Version + +Enforce that service mesh mTLS traffic uses TLS v1.2 or newer. + + + + + + +```hcl +Kind = "mesh" +TLS { + Incoming { + TLSMinVersion = "TLSv1_2" + } +} +``` + +```yaml +apiVersion: consul.hashicorp.com/v1alpha1 +kind: Mesh +metadata: + name: mesh +spec: + tls: + incoming: + tlsMinVersion: TLSv1_2 +``` + +```json +{ + "Kind": "mesh", + "TLS": { + "Incoming": { + "TLSMinVersion": "TLSv1_2" + } + } +} +``` + + + + + + +The `mesh` configuration entry can only be created in the `default` namespace and will apply to proxies across **all** namespaces. + + + +```hcl +Kind = "mesh" +Namespace = "default" # Can only be set to "default". +Partition = "default" + +TLS { + Incoming { + TLSMinVersion = "TLSv1_2" + } +} +``` + +```yaml +apiVersion: consul.hashicorp.com/v1alpha1 +kind: Mesh +metadata: + name: mesh + namespace: default +spec: + tls: + incoming: + tlsMinVersion: TLSv1_2 +``` + +```json +{ + "Kind": "mesh", + "Namespace": "default", + "Partition": "default", + "TLS": { + "Incoming": { + "TLSMinVersion": "TLSv1_2" + } + } +} +``` + + + + + + +Note that the Kubernetes example does not include a `partition` field. Configuration entries are applied on Kubernetes using [custom resource definitions (CRD)](/docs/k8s/crds), which can only be scoped to their own partition. + ### Mesh Destinations Only Only allow transparent proxies to dial addresses in the mesh. @@ -171,6 +264,101 @@ Note that the Kubernetes example does not include a `partition` field. Configura }, ], }, + { + name: 'TLS', + type: 'TLSConfig: ', + description: 'TLS configuration for the service mesh.', + children: [ + { + name: 'Incoming', + yaml: false, + type: 'TLSDirectionConfig: ', + description: `TLS configuration for inbound mTLS connections targeting + the public listener on \`connect-proxy\` and \`terminating-gateway\` + proxy kinds.`, + children: [ + { + name: 'TLSMinVersion', + yaml: false, + type: 'string: ""', + description: + "Set the default minimum TLS version supported. One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, or `TLSv1_3`. If unspecified, Envoy v1.22.0 and newer [will default to TLS 1.2 as a min version](https://github.com/envoyproxy/envoy/pull/19330), while older releases of Envoy default to TLS 1.0.", + }, + { + name: 'TLSMaxVersion', + yaml: false, + type: 'string: ""', + description: { + hcl: + "Set the default maximum TLS version supported. Must be greater than or equal to `TLSMinVersion`. One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, or `TLSv1_3`. If unspecified, Envoy will default to TLS 1.3 as a max version for incoming connections.", + yaml: + "Set the default maximum TLS version supported. Must be greater than or equal to `tls_min_version`. One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, or `TLSv1_3`. If unspecified, Envoy will default to TLS 1.3 as a max version for incoming connections.", + }, + }, + { + name: 'CipherSuites', + yaml: false, + type: 'array: ', + description: `Set the default list of TLS cipher suites + to support when negotiating connections using + TLS 1.2 or earlier. If unspecified, Envoy will use a + [default server cipher list](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto#envoy-v3-api-field-extensions-transport-sockets-tls-v3-tlsparameters-cipher-suites). + The list of supported cipher suites can seen in + [\`consul/types/tls.go\`](https://github.com/hashicorp/consul/blob/v1.11.2/types/tls.go#L154-L169) + and is dependent on underlying support in Envoy. Future + releases of Envoy may remove currently-supported but + insecure cipher suites, and future releases of Consul + may add new supported cipher suites if any are added to + Envoy.`, + }, + ], + }, + { + name: 'Outgoing', + yaml: false, + type: 'TLSDirectionConfig: ', + description: `TLS configuration for outbound mTLS connections dialing upstreams + from \`connect-proxy\` and \`ingress-gateway\` + proxy kinds.`, + children: [ + { + name: 'TLSMinVersion', + yaml: false, + type: 'string: ""', + description: + "Set the default minimum TLS version supported. One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, or `TLSv1_3`. If unspecified, Envoy v1.22.0 and newer [will default to TLS 1.2 as a min version](https://github.com/envoyproxy/envoy/pull/19330), while older releases of Envoy default to TLS 1.0.", + }, + { + name: 'TLSMaxVersion', + yaml: false, + type: 'string: ""', + description: { + hcl: + "Set the default maximum TLS version supported. Must be greater than or equal to `TLSMinVersion`. One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, or `TLSv1_3`. If unspecified, Envoy will default to TLS 1.2 as a max version for outgoing connections, but future Envoy releases [may change this to TLS 1.3](https://github.com/envoyproxy/envoy/issues/9300).", + yaml: + "Set the default maximum TLS version supported. Must be greater than or equal to `tls_min_version`. One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, or `TLSv1_3`. If unspecified, Envoy will default to TLS 1.2 as a max version for outgoing connections, but future Envoy releases [may change this to TLS 1.3](https://github.com/envoyproxy/envoy/issues/9300).", + }, + }, + { + name: 'CipherSuites', + yaml: false, + type: 'array: ', + description: `Set the default list of TLS cipher suites + to support when negotiating connections using + TLS 1.2 or earlier. If unspecified, Envoy will use a + [default server cipher list](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto#envoy-v3-api-field-extensions-transport-sockets-tls-v3-tlsparameters-cipher-suites). + The list of supported cipher suites can seen in + [\`consul/types/tls.go\`](https://github.com/hashicorp/consul/blob/v1.11.2/types/tls.go#L154-L169) + and is dependent on underlying support in Envoy. Future + releases of Envoy may remove currently-supported but + insecure cipher suites, and future releases of Consul + may add new supported cipher suites if any are added to + Envoy.`, + }, + ], + }, + ], + }, ]} /> From 3b6fd762ae9b6a954438b252e5f6022208b7fbee Mon Sep 17 00:00:00 2001 From: Mike Morris Date: Wed, 30 Mar 2022 16:05:00 -0400 Subject: [PATCH 048/785] website(api-gateway): add common errors page (#12643) * Adding common errors page for API Gateway * website(api-gateway): add missing CRDs common error message * Update website/content/docs/api-gateway/common-errors.mdx Co-authored-by: Nathan Coleman * Update website/content/docs/api-gateway/common-errors.mdx Co-authored-by: Nathan Coleman * Update website/content/docs/api-gateway/common-errors.mdx Co-authored-by: Nathan Coleman * Update website/content/docs/api-gateway/common-errors.mdx * Additional page editing instructions and formating * Update website/content/docs/api-gateway/common-errors.mdx * Update website/content/docs/api-gateway/common-errors.mdx * Update website/content/docs/api-gateway/common-errors.mdx * Update website/content/docs/api-gateway/common-errors.mdx * Update website/content/docs/api-gateway/common-errors.mdx Co-authored-by: mrspanishviking * Apply suggestions from code review Co-authored-by: Jeff-Apple <79924108+Jeff-Apple@users.noreply.github.com> Co-authored-by: Nathan Coleman Co-authored-by: mrspanishviking --- .../docs/api-gateway/common-errors.mdx | 67 +++++++++++++++++++ website/data/docs-nav-data.json | 4 ++ 2 files changed, 71 insertions(+) create mode 100644 website/content/docs/api-gateway/common-errors.mdx diff --git a/website/content/docs/api-gateway/common-errors.mdx b/website/content/docs/api-gateway/common-errors.mdx new file mode 100644 index 000000000..d3ba51dca --- /dev/null +++ b/website/content/docs/api-gateway/common-errors.mdx @@ -0,0 +1,67 @@ +--- +layout: docs +page_title: Common Error Messages +--- + +# Common Error Messages + +Some of the errors messages commonly encountered during installation and operations of Consul API Gateway are listed below, along with suggested methods for resolving them. + +If the error message is not listed on this page, it may be listed on the main [Consul Common errors][consul-common-errors] page. If the error message is not listed on that page either, please consider following our general [Troubleshooting Guide][troubleshooting] or reach out to us in [Discuss](https://discuss.hashicorp.com/). + + + +### Helm installation failed: "no matches for kind" + +``` +Error: INSTALLATION FAILED: unable to build kubernetes objects from release manifest: [unable to recognize "": no matches for kind "GatewayClass" in version "gateway.networking.k8s.io/v1alpha2", unable to recognize "": no matches for kind "GatewayClassConfig" in version "api-gateway.consul.hashicorp.com/v1alpha1"] +``` +**Conditions:** +When this error occurs during the process of installing Consul API Gateway, it is usually caused by not having the required CRD files installed in Kubernetes prior to installing Consul API Gateway. + +**Impact:** +The installation process will typically fail after this error message is generated + +**Recommended Action:** +Install the required CRDs by using the command in Step 1 of the [Consul API Gateway installation instructions][install-instructions] and then retry installing Consul API Gateway. + + + + + +[consul-common-errors]: /docs/troubleshoot/common-errors +[troubleshooting]: https://learn.hashicorp.com/consul/day-2-operations/advanced-operations/troubleshooting +[install-instructions]: /docs/api-gateway/api-gateway-usage#installation \ No newline at end of file diff --git a/website/data/docs-nav-data.json b/website/data/docs-nav-data.json index 2f5934a12..f6fc6bbd1 100644 --- a/website/data/docs-nav-data.json +++ b/website/data/docs-nav-data.json @@ -388,6 +388,10 @@ { "title": "Technical Specifications", "path": "api-gateway/tech-specs" + }, + { + "title": "Common Errors", + "path": "api-gateway/common-errors" } ] }, From 04ec4c2aa43d8f143c29773a2b99184da1729154 Mon Sep 17 00:00:00 2001 From: Bryce Kalow Date: Wed, 30 Mar 2022 16:16:26 -0500 Subject: [PATCH 049/785] website: redirect /api to /api-docs (#12660) --- website/content/api-docs/acl/auth-methods.mdx | 38 ++++---- .../content/api-docs/acl/binding-rules.mdx | 30 +++---- website/content/api-docs/acl/index.mdx | 60 ++++++------- website/content/api-docs/acl/legacy.mdx | 38 ++++---- website/content/api-docs/acl/policies.mdx | 38 ++++---- website/content/api-docs/acl/roles.mdx | 36 ++++---- website/content/api-docs/acl/tokens.mdx | 44 +++++----- website/content/api-docs/admin-partitions.mdx | 30 +++---- website/content/api-docs/agent/check.mdx | 42 ++++----- website/content/api-docs/agent/connect.mdx | 26 +++--- website/content/api-docs/agent/index.mdx | 66 +++++++------- website/content/api-docs/agent/service.mdx | 48 +++++----- website/content/api-docs/catalog.mdx | 66 +++++++------- website/content/api-docs/config.mdx | 24 ++--- website/content/api-docs/connect/ca.mdx | 18 ++-- website/content/api-docs/connect/index.mdx | 2 +- .../content/api-docs/connect/intentions.mdx | 62 ++++++------- website/content/api-docs/coordinate.mdx | 24 ++--- website/content/api-docs/discovery-chain.mdx | 6 +- website/content/api-docs/event.mdx | 12 +-- .../content/api-docs/features/consistency.mdx | 2 +- .../content/api-docs/features/filtering.mdx | 2 +- website/content/api-docs/health.mdx | 30 +++---- website/content/api-docs/kv.mdx | 22 ++--- website/content/api-docs/namespaces.mdx | 30 +++---- website/content/api-docs/operator/area.mdx | 42 ++++----- .../content/api-docs/operator/autopilot.mdx | 24 ++--- website/content/api-docs/operator/keyring.mdx | 24 ++--- website/content/api-docs/operator/license.mdx | 18 ++-- website/content/api-docs/operator/raft.mdx | 14 +-- website/content/api-docs/operator/segment.mdx | 6 +- website/content/api-docs/query.mdx | 42 ++++----- website/content/api-docs/session.mdx | 36 ++++---- website/content/api-docs/snapshot.mdx | 12 +-- website/content/api-docs/status.mdx | 12 +-- website/content/api-docs/txn.mdx | 12 +-- .../commands/acl/auth-method/create.mdx | 2 +- .../commands/acl/auth-method/delete.mdx | 2 +- .../commands/acl/auth-method/index.mdx | 2 +- .../content/commands/acl/auth-method/list.mdx | 2 +- .../content/commands/acl/auth-method/read.mdx | 2 +- .../commands/acl/auth-method/update.mdx | 2 +- .../commands/acl/binding-rule/create.mdx | 2 +- .../commands/acl/binding-rule/delete.mdx | 2 +- .../commands/acl/binding-rule/index.mdx | 2 +- .../commands/acl/binding-rule/list.mdx | 2 +- .../commands/acl/binding-rule/read.mdx | 2 +- .../commands/acl/binding-rule/update.mdx | 2 +- website/content/commands/acl/bootstrap.mdx | 2 +- .../content/commands/acl/policy/create.mdx | 2 +- .../content/commands/acl/policy/delete.mdx | 2 +- website/content/commands/acl/policy/index.mdx | 2 +- website/content/commands/acl/policy/list.mdx | 2 +- website/content/commands/acl/policy/read.mdx | 2 +- .../content/commands/acl/policy/update.mdx | 2 +- website/content/commands/acl/role/create.mdx | 2 +- website/content/commands/acl/role/delete.mdx | 2 +- website/content/commands/acl/role/index.mdx | 2 +- website/content/commands/acl/role/list.mdx | 2 +- website/content/commands/acl/role/read.mdx | 2 +- website/content/commands/acl/role/update.mdx | 2 +- .../content/commands/acl/set-agent-token.mdx | 2 +- website/content/commands/acl/token/clone.mdx | 2 +- website/content/commands/acl/token/create.mdx | 2 +- website/content/commands/acl/token/delete.mdx | 2 +- website/content/commands/acl/token/index.mdx | 2 +- website/content/commands/acl/token/list.mdx | 2 +- website/content/commands/acl/token/read.mdx | 2 +- website/content/commands/acl/token/update.mdx | 2 +- .../content/commands/acl/translate-rules.mdx | 2 +- .../content/commands/catalog/datacenters.mdx | 2 +- website/content/commands/catalog/index.mdx | 2 +- website/content/commands/catalog/nodes.mdx | 4 +- website/content/commands/catalog/services.mdx | 2 +- website/content/commands/config/delete.mdx | 2 +- website/content/commands/config/list.mdx | 2 +- website/content/commands/config/read.mdx | 2 +- website/content/commands/config/write.mdx | 2 +- website/content/commands/connect/ca.mdx | 6 +- website/content/commands/event.mdx | 2 +- website/content/commands/force-leave.mdx | 2 +- website/content/commands/intention/check.mdx | 2 +- website/content/commands/intention/create.mdx | 2 +- website/content/commands/intention/delete.mdx | 2 +- website/content/commands/intention/get.mdx | 2 +- website/content/commands/intention/index.mdx | 2 +- website/content/commands/intention/list.mdx | 2 +- website/content/commands/intention/match.mdx | 2 +- website/content/commands/join.mdx | 2 +- website/content/commands/keyring.mdx | 2 +- website/content/commands/kv/delete.mdx | 2 +- website/content/commands/kv/export.mdx | 2 +- website/content/commands/kv/get.mdx | 2 +- website/content/commands/kv/import.mdx | 2 +- website/content/commands/kv/index.mdx | 2 +- website/content/commands/kv/put.mdx | 2 +- website/content/commands/leave.mdx | 2 +- website/content/commands/license.mdx | 6 +- website/content/commands/login.mdx | 2 +- website/content/commands/logout.mdx | 2 +- website/content/commands/maint.mdx | 2 +- website/content/commands/members.mdx | 2 +- website/content/commands/namespace/create.mdx | 2 +- website/content/commands/namespace/delete.mdx | 2 +- website/content/commands/namespace/list.mdx | 2 +- website/content/commands/namespace/read.mdx | 2 +- website/content/commands/namespace/update.mdx | 2 +- website/content/commands/namespace/write.mdx | 2 +- website/content/commands/operator/area.mdx | 12 +-- .../content/commands/operator/autopilot.mdx | 6 +- website/content/commands/operator/index.mdx | 2 +- website/content/commands/operator/raft.mdx | 4 +- website/content/commands/reload.mdx | 2 +- website/content/commands/rtt.mdx | 2 +- .../content/commands/services/deregister.mdx | 2 +- .../content/commands/services/register.mdx | 6 +- website/content/commands/snapshot/agent.mdx | 6 +- website/content/commands/snapshot/index.mdx | 2 +- website/content/commands/snapshot/inspect.mdx | 2 +- website/content/commands/snapshot/restore.mdx | 4 +- website/content/commands/snapshot/save.mdx | 4 +- website/content/docs/agent/config-entries.mdx | 2 +- website/content/docs/agent/options.mdx | 40 ++++----- website/content/docs/agent/sentinel.mdx | 2 +- website/content/docs/agent/telemetry.mdx | 2 +- .../content/docs/architecture/consensus.mdx | 4 +- .../content/docs/architecture/coordinates.mdx | 10 +-- website/content/docs/connect/ca/consul.mdx | 6 +- website/content/docs/connect/ca/index.mdx | 12 +-- .../config-entries/ingress-gateway.mdx | 4 +- .../config-entries/service-resolver.mdx | 4 +- .../config-entries/terminating-gateway.mdx | 4 +- .../docs/connect/connect-internals.mdx | 10 +-- .../docs/connect/gateways/ingress-gateway.mdx | 6 +- .../wan-federation-via-mesh-gateways.mdx | 2 +- .../connect/gateways/terminating-gateway.mdx | 10 +-- .../docs/connect/intentions-legacy.mdx | 2 +- website/content/docs/connect/intentions.mdx | 2 +- .../connect/l7-traffic/discovery-chain.mdx | 8 +- website/content/docs/connect/native/go.mdx | 2 +- website/content/docs/connect/native/index.mdx | 26 +++--- .../docs/connect/proxies/integrate.mdx | 18 ++-- .../connect/proxies/managed-deprecated.mdx | 2 +- website/content/docs/discovery/checks.mdx | 6 +- website/content/docs/discovery/dns.mdx | 10 +-- .../content/docs/dynamic-app-config/kv.mdx | 2 +- .../content/docs/enterprise/namespaces.mdx | 2 +- website/content/docs/install/performance.mdx | 4 +- .../docs/k8s/connect/connect-ca-provider.mdx | 4 +- .../content/docs/k8s/installation/install.mdx | 2 +- .../docs/nia/installation/requirements.mdx | 2 +- .../acl/acl-federated-datacenters.mdx | 2 +- .../content/docs/security/acl/acl-legacy.mdx | 88 +++++++++---------- .../docs/security/acl/acl-migrate-tokens.mdx | 4 +- .../docs/security/acl/acl-policies.mdx | 4 +- .../content/docs/security/acl/acl-roles.mdx | 4 +- .../content/docs/security/acl/acl-rules.mdx | 56 ++++++------ .../content/docs/security/acl/acl-tokens.mdx | 8 +- .../docs/security/acl/auth-methods/index.mdx | 6 +- .../docs/security/acl/auth-methods/jwt.mdx | 2 +- .../security/acl/auth-methods/kubernetes.mdx | 14 +-- .../docs/security/acl/auth-methods/oidc.mdx | 2 +- website/content/docs/security/acl/index.mdx | 4 +- .../docs/upgrading/upgrade-specific.mdx | 10 +-- website/next.config.js | 6 -- website/redirects.next.js | 9 +- 166 files changed, 837 insertions(+), 838 deletions(-) diff --git a/website/content/api-docs/acl/auth-methods.mdx b/website/content/api-docs/acl/auth-methods.mdx index 2e662213b..d5fa84d86 100644 --- a/website/content/api-docs/acl/auth-methods.mdx +++ b/website/content/api-docs/acl/auth-methods.mdx @@ -25,9 +25,9 @@ This endpoint creates a new ACL auth method. | `PUT` | `/acl/auth-method` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -54,7 +54,7 @@ The corresponding CLI command is [`consul acl auth-method create`](/commands/acl - `MaxTokenTTL` `(duration: 0s)` - This specifies the maximum life of any token created by this auth method. When set it will initialize the - [`ExpirationTime`](/api/acl/tokens#expirationtime) field on all tokens + [`ExpirationTime`](/api-docs/acl/tokens#expirationtime) field on all tokens to a value of `Token.CreateTime + AuthMethod.MaxTokenTTL`. This field is not persisted beyond its initial use. Can be specified in the form of `"60s"` or `"5m"` (i.e., 60 seconds or 5 minutes, respectively). This value must be no @@ -153,9 +153,9 @@ auth method exists with the given name, a 404 is returned instead of a | `GET` | `/acl/auth-method/:name` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -207,9 +207,9 @@ This endpoint updates an existing ACL auth method. | `PUT` | `/acl/auth-method/:name` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -237,7 +237,7 @@ The corresponding CLI command is [`consul acl auth-method update`](/commands/acl - `MaxTokenTTL` `(duration: 0s)` - This specifies the maximum life of any token created by this auth method. When set it will initialize the - [`ExpirationTime`](/api/acl/tokens#expirationtime) field on all tokens + [`ExpirationTime`](/api-docs/acl/tokens#expirationtime) field on all tokens to a value of `Token.CreateTime + AuthMethod.MaxTokenTTL`. This field is not persisted beyond its initial use. Can be specified in the form of `"60s"` or `"5m"` (i.e., 60 seconds or 5 minutes, respectively). This value must be no @@ -329,8 +329,8 @@ $ curl --request PUT \ This endpoint deletes an ACL auth method. ~> Deleting an auth method will also immediately delete all associated -[binding rules](/api/acl/binding-rules) as well as any -outstanding [tokens](/api/acl/tokens) created from this auth method. +[binding rules](/api-docs/acl/binding-rules) as well as any +outstanding [tokens](/api-docs/acl/tokens) created from this auth method. | Method | Path | Produces | | -------- | ------------------------ | ------------------ | @@ -340,9 +340,9 @@ Even though the return type is application/json, the value is either true or false indicating whether the delete succeeded. The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -384,9 +384,9 @@ This endpoint lists all the ACL auth methods. | `GET` | `/acl/auth-methods` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | diff --git a/website/content/api-docs/acl/binding-rules.mdx b/website/content/api-docs/acl/binding-rules.mdx index e979d3440..3a17106bd 100644 --- a/website/content/api-docs/acl/binding-rules.mdx +++ b/website/content/api-docs/acl/binding-rules.mdx @@ -25,9 +25,9 @@ This endpoint creates a new ACL binding rule. | `PUT` | `/acl/binding-rule` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -151,9 +151,9 @@ response. | `GET` | `/acl/binding-rule/:id` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -203,9 +203,9 @@ This endpoint updates an existing ACL binding rule. | `PUT` | `/acl/binding-rule/:id` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -335,9 +335,9 @@ Even though the return type is application/json, the value is either true or false indicating whether the delete succeeded. The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -379,9 +379,9 @@ This endpoint lists all the ACL binding rules. | `GET` | `/acl/binding-rules` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | diff --git a/website/content/api-docs/acl/index.mdx b/website/content/api-docs/acl/index.mdx index 3445d233d..081025ced 100644 --- a/website/content/api-docs/acl/index.mdx +++ b/website/content/api-docs/acl/index.mdx @@ -6,9 +6,9 @@ description: The /acl endpoints manage the Consul's ACL system. # ACL HTTP API --> **1.4.0+:** This API documentation is for Consul versions 1.4.0 and later. The documentation for the legacy ACL API is [here](/api/acl/legacy). +-> **1.4.0+:** This API documentation is for Consul versions 1.4.0 and later. The documentation for the legacy ACL API is [here](/api-docs/acl/legacy). -The `/acl` endpoints are used to manage ACL tokens and policies in Consul, [bootstrap the ACL system](#bootstrap-acls), [check ACL replication status](#check-acl-replication), and [translate rules](#translate-rules). There are additional pages for managing [tokens](/api/acl/tokens) and [policies](/api/acl/policies) with the `/acl` endpoints. +The `/acl` endpoints are used to manage ACL tokens and policies in Consul, [bootstrap the ACL system](#bootstrap-acls), [check ACL replication status](#check-acl-replication), and [translate rules](#translate-rules). There are additional pages for managing [tokens](/api-docs/acl/tokens) and [policies](/api-docs/acl/policies) with the `/acl` endpoints. For more information on how to setup ACLs, please check the [ACL tutorial](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production). @@ -29,9 +29,9 @@ configuration files. | `PUT` | `/acl/bootstrap` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -96,9 +96,9 @@ for more details. | `GET` | `/acl/replication` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -157,17 +157,17 @@ $ curl \ - `ReplicatedIndex` - The last index that was successfully replicated. Which data the replicated index refers to depends on the replication type. For `legacy` replication this can be compared with the value of the `X-Consul-Index` header - returned by the [`/v1/acl/list`](/api/acl/legacy#list-acls) endpoint to + returned by the [`/v1/acl/list`](/api-docs/acl/legacy#list-acls) endpoint to determine if the replication process has gotten all available ACLs. When in either `tokens` or `policies` mode, this index can be compared with the value of the - `X-Consul-Index` header returned by the [`/v1/acl/policies`](/api/acl/policies#list-policies) + `X-Consul-Index` header returned by the [`/v1/acl/policies`](/api-docs/acl/policies#list-policies) endpoint to determine if the policy replication process has gotten all available ACL policies. Note that ACL replication is rate limited so the indexes may lag behind the primary datacenter. - `ReplicatedTokenIndex` - The last token index that was successfully replicated. This index can be compared with the value of the `X-Consul-Index` header returned - by the [`/v1/acl/tokens`](/api/acl/tokens#list-tokens) endpoint to determine + by the [`/v1/acl/tokens`](/api-docs/acl/tokens#list-tokens) endpoint to determine if the replication process has gotten all available ACL tokens. Note that ACL replication is rate limited so the indexes may lag behind the primary datacenter. @@ -199,9 +199,9 @@ migrations. | `POST` | `/acl/rules/translate` | `text/plain` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -241,16 +241,16 @@ This endpoint translates the legacy rules embedded within a legacy ACL into the syntax. It is intended to be used by operators managing Consul's ACLs and performing legacy token to new policy migrations. Note that this API requires the auto-generated Accessor ID of the legacy token. This ID can be retrieved using the -[`/v1/acl/token/self`](/api/acl/tokens#read-self-token) endpoint. +[`/v1/acl/token/self`](/api-docs/acl/tokens#read-self-token) endpoint. | Method | Path | Produces | | ------ | ----------------------------------- | ------------ | | `GET` | `/acl/rules/translate/:accessor_id` | `text/plain` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -284,9 +284,9 @@ Consul ACL token. | `POST` | `/acl/login` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -376,9 +376,9 @@ with the `X-Consul-Token` header or the `token` query parameter. | `POST` | `/acl/logout` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -414,9 +414,9 @@ URL from Consul to start an [OIDC login flow](/docs/security/acl/auth-methods/oi | `POST` | `/acl/oidc/auth-url` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -494,9 +494,9 @@ for a newly-created Consul ACL token. | `POST` | `/acl/oidc/callback` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | diff --git a/website/content/api-docs/acl/legacy.mdx b/website/content/api-docs/acl/legacy.mdx index ab3bbb70f..c465f6d8e 100644 --- a/website/content/api-docs/acl/legacy.mdx +++ b/website/content/api-docs/acl/legacy.mdx @@ -10,7 +10,7 @@ description: >- -> **The legacy ACL system was deprecated in Consul 1.4.0 and removed in Consul 1.11.0.** It's _strongly_ recommended you do not build anything using the legacy system and use -the new ACL [Token](/api/acl/tokens) and [Policy](/api/acl/policies) APIs instead. +the new ACL [Token](/api-docs/acl/tokens) and [Policy](/api-docs/acl/policies) APIs instead. The legacy `/acl` endpoints to create, update, destroy, and query legacy ACL tokens in Consul. @@ -25,9 +25,9 @@ This endpoint makes a new ACL token. | `PUT` | `/acl/create` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -84,9 +84,9 @@ generating a new token ID, the `ID` field must be provided. | `PUT` | `/acl/update` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -138,9 +138,9 @@ Even though the return type is application/json, the value is either true or false, indicating whether the delete succeeded. The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -175,9 +175,9 @@ This endpoint reads an ACL token with the given ID. | `GET` | `/acl/info/:uuid` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -224,9 +224,9 @@ complex rule management. | `PUT` | `/acl/clone/:uuid` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -263,9 +263,9 @@ This endpoint lists all the active ACL tokens. | `GET` | `/acl/list` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | diff --git a/website/content/api-docs/acl/policies.mdx b/website/content/api-docs/acl/policies.mdx index f5ef0a38d..02db7380d 100644 --- a/website/content/api-docs/acl/policies.mdx +++ b/website/content/api-docs/acl/policies.mdx @@ -6,7 +6,7 @@ description: The /acl/policy endpoints manage Consul's ACL policies. # ACL Policy HTTP API --> **1.4.0+:** The APIs are available in Consul versions 1.4.0 and later. The documentation for the legacy ACL API is [here](/api/acl/legacy). +-> **1.4.0+:** The APIs are available in Consul versions 1.4.0 and later. The documentation for the legacy ACL API is [here](/api-docs/acl/legacy). The `/acl/policy` endpoints [create](#create-a-policy), [read](#read-a-policy), [update](#update-a-policy), [list](#list-policies) and @@ -24,9 +24,9 @@ This endpoint creates a new ACL policy. | `PUT` | `/acl/policy` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -99,9 +99,9 @@ This endpoint reads an ACL policy with the given ID. | `GET` | `/acl/policy/:id` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -151,9 +151,9 @@ This endpoint reads an ACL policy with the given ID. | `GET` | `/acl/policy/name/:name` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -203,9 +203,9 @@ This endpoint updates an existing ACL policy. | `PUT` | `/acl/policy/:id` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -284,9 +284,9 @@ Even though the return type is application/json, the value is either true or false indicating whether the delete succeeded. The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -328,9 +328,9 @@ This endpoint lists all the ACL policies. | `GET` | `/acl/policies` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | diff --git a/website/content/api-docs/acl/roles.mdx b/website/content/api-docs/acl/roles.mdx index 5b73c7325..f76ab9e31 100644 --- a/website/content/api-docs/acl/roles.mdx +++ b/website/content/api-docs/acl/roles.mdx @@ -23,9 +23,9 @@ This endpoint creates a new ACL role. | `PUT` | `/acl/role` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -165,9 +165,9 @@ given ID, a 404 is returned instead of a 200 response. | `GET` | `/acl/role/:id` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -237,9 +237,9 @@ given name, a 404 is returned instead of a 200 response. | `GET` | `/acl/role/name/:name` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -308,9 +308,9 @@ This endpoint updates an existing ACL role. | `PUT` | `/acl/role/:id` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -426,9 +426,9 @@ Even though the return type is application/json, the value is either true or false indicating whether the delete succeeded. The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -470,9 +470,9 @@ This endpoint lists all the ACL roles. | `GET` | `/acl/roles` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | diff --git a/website/content/api-docs/acl/tokens.mdx b/website/content/api-docs/acl/tokens.mdx index 31456965d..b73acc50e 100644 --- a/website/content/api-docs/acl/tokens.mdx +++ b/website/content/api-docs/acl/tokens.mdx @@ -6,7 +6,7 @@ description: The /acl/token endpoints manage Consul's ACL Tokens. # ACL Token HTTP API --> **1.4.0+:** The APIs are available in Consul versions 1.4.0 and later. The documentation for the legacy ACL API is [here](/api/acl/legacy). +-> **1.4.0+:** The APIs are available in Consul versions 1.4.0 and later. The documentation for the legacy ACL API is [here](/api-docs/acl/legacy). The `/acl/token` endpoints [create](#create-a-token), [read](#read-a-token), [update](#update-a-token), [list](#list-tokens), [clone](#clone-a-token) and [delete](#delete-a-token) ACL tokens in Consul. @@ -23,9 +23,9 @@ This endpoint creates a new ACL token. | `PUT` | `/acl/token` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -166,9 +166,9 @@ This endpoint reads an ACL token with the given Accessor ID. | `GET` | `/acl/token/:AccessorID` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -235,9 +235,9 @@ specified with the `X-Consul-Token` header or the `token` query parameter. | `GET` | `/acl/token/self` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -290,9 +290,9 @@ This endpoint updates an existing ACL token. | `PUT` | `/acl/token/:AccessorID` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -440,9 +440,9 @@ This endpoint clones an existing ACL token. | `PUT` | `/acl/token/:AccessorID/clone` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -521,9 +521,9 @@ Even though the return type is application/json, the value is either true or false, indicating whether the delete succeeded. The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -565,9 +565,9 @@ This endpoint lists all the ACL tokens. | `GET` | `/acl/tokens` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | diff --git a/website/content/api-docs/admin-partitions.mdx b/website/content/api-docs/admin-partitions.mdx index 061187d6b..422223b4a 100644 --- a/website/content/api-docs/admin-partitions.mdx +++ b/website/content/api-docs/admin-partitions.mdx @@ -20,9 +20,9 @@ This endpoint creates a new Partition. | `PUT` | `/partition` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -76,9 +76,9 @@ This endpoint reads a Partition with the given name. | `GET` | `/partition/:name` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -121,9 +121,9 @@ This endpoint updates a Partition description. | `PUT` | `/partition/:name` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -185,9 +185,9 @@ This endpoint will return no data. Success or failure is indicated by the status code returned. The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -230,9 +230,9 @@ This endpoint lists all the Partitions. | `GET` | `/partitions` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | diff --git a/website/content/api-docs/agent/check.mdx b/website/content/api-docs/agent/check.mdx index 706d07369..e0b69258f 100644 --- a/website/content/api-docs/agent/check.mdx +++ b/website/content/api-docs/agent/check.mdx @@ -28,9 +28,9 @@ everything will be in sync within a few seconds. | `GET` | `/agent/checks` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -109,9 +109,9 @@ check and keeping the Catalog in sync. | `PUT` | `/agent/check/register` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -300,9 +300,9 @@ not exist, no action is taken. | `PUT` | `/agent/check/deregister/:check_id` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -338,9 +338,9 @@ This endpoint is used with a TTL type check to set the status of the check to | `PUT` | `/agent/check/pass/:check_id` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -379,9 +379,9 @@ This endpoint is used with a TTL type check to set the status of the check to | `PUT` | `/agent/check/warn/:check_id` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -419,9 +419,9 @@ This endpoint is used with a TTL type check to set the status of the check to | `PUT` | `/agent/check/fail/:check_id` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -459,9 +459,9 @@ to reset the TTL clock. | `PUT` | `/agent/check/update/:check_id` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | diff --git a/website/content/api-docs/agent/connect.mdx b/website/content/api-docs/agent/connect.mdx index 8b7da249d..0570070e5 100644 --- a/website/content/api-docs/agent/connect.mdx +++ b/website/content/api-docs/agent/connect.mdx @@ -11,7 +11,7 @@ description: >- The `/agent/connect` endpoints interact with [Connect](/docs/connect) with agent-local operations. -These endpoints may mirror the [non-agent Connect endpoints](/api/connect) +These endpoints may mirror the [non-agent Connect endpoints](/api-docs/connect) in some cases. Almost all agent-local Connect endpoints perform local caching to optimize performance of Connect without having to make requests to the server. @@ -22,7 +22,7 @@ defined as _deny_ intentions during evaluation, as this endpoint is only suited for networking layer 4 (e.g. TCP) integration. For performance and reliability reasons it is desirable to implement intention enforcement by listing [intentions that match the -destination](/api/connect/intentions#list-matching-intentions) and representing +destination](/api-docs/connect/intentions#list-matching-intentions) and representing them in the native configuration of the proxy itself (such as RBAC for Envoy). This endpoint tests whether a connection attempt is authorized between @@ -43,9 +43,9 @@ connection attempt. | `POST` | `/agent/connect/authorize` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -105,7 +105,7 @@ This is used by [proxies](/docs/connect/proxies) or [native integrations](/docs/connect/native) to verify served client or server certificates are valid. -This is equivalent to the [non-Agent Connect endpoint](/api/connect), +This is equivalent to the [non-Agent Connect endpoint](/api-docs/connect), but the response of this request is cached locally at the agent. This allows for very fast response times and for fail open behavior if the server is unavailable. This endpoint should be used by proxies and native integrations. @@ -115,9 +115,9 @@ unavailable. This endpoint should be used by proxies and native integrations. | `GET` | `/agent/connect/ca/roots` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -165,7 +165,7 @@ connections and is also used as the client certificate for establishing outbound connections to other services. The agent generates a CSR locally and calls the -[CA sign API](/api/connect/ca) to sign it. The resulting certificate +[CA sign API](/api-docs/connect/ca) to sign it. The resulting certificate is cached and returned by this API until it is near expiry or the root certificates change. @@ -183,9 +183,9 @@ wait for certificate rotations. | `GET` | `/agent/connect/ca/leaf/:service` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | diff --git a/website/content/api-docs/agent/index.mdx b/website/content/api-docs/agent/index.mdx index 50c013ee0..8a7b4a693 100644 --- a/website/content/api-docs/agent/index.mdx +++ b/website/content/api-docs/agent/index.mdx @@ -31,9 +31,9 @@ GitHub issue to discuss your use case. | `GET` | `/agent/host` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -220,9 +220,9 @@ by agent. The strongly consistent view of nodes is instead provided by | `GET` | `/agent/members` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -288,9 +288,9 @@ to change without notice or deprecation. | `GET` | `/agent/self` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -368,9 +368,9 @@ section on the agent options page for details on which options are supported. | `PUT` | `/agent/reload` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -401,9 +401,9 @@ restart. | `PUT` | `/agent/maintenance` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -462,9 +462,9 @@ endpoint. | `GET` | `/agent/metrics?format=prometheus` | `text/plain; version=0.0.4; charset=utf-8` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -584,9 +584,9 @@ This endpoint streams logs from the local agent until the connection is closed. | `GET` | `/agent/monitor` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -628,9 +628,9 @@ This endpoint instructs the agent to attempt to connect to a given address. | `PUT` | `/agent/join/:address` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -670,9 +670,9 @@ can affect cluster availability. | `PUT` | `/agent/leave` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -709,9 +709,9 @@ the list of members entirely. | `PUT` | `/agent/force-leave/:node?prune` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -785,9 +785,9 @@ The paths above correspond to the token names as found in the agent configuratio [`acl_replication_token`](/docs/agent/options#acl_replication_token_legacy). The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | diff --git a/website/content/api-docs/agent/service.mdx b/website/content/api-docs/agent/service.mdx index 489556919..9254bfd05 100644 --- a/website/content/api-docs/agent/service.mdx +++ b/website/content/api-docs/agent/service.mdx @@ -30,9 +30,9 @@ everything will be in sync within a few seconds. | `GET` | `/agent/services` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -147,9 +147,9 @@ everything will be in sync within a few seconds. | `GET` | `/agent/service/:service_id` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -235,7 +235,7 @@ $ curl \ The response has the same structure as the [service definition](/docs/discovery/services) with one extra field `ContentHash` which contains the [hash-based blocking -query](/api/features/blocking#hash-based-blocking-queries) hash for the result. The +query](/api-docs/features/blocking#hash-based-blocking-queries) hash for the result. The same hash is also present in `X-Consul-ContentHash`. ## Get local service health @@ -253,9 +253,9 @@ the URL or use Mime Content negotiation by specifying a HTTP Header | `GET` | `/agent/health/service/name/:service_name?format=text` | `text/plain` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -294,7 +294,7 @@ Those endpoints might be useful for the following use-cases: ##### Note If you know the ID of service you want to target, it is recommended to use -[`/v1/agent/health/service/id/:service_id`](/api/agent/service#get-local-service-health-by-id) +[`/v1/agent/health/service/id/:service_id`](/api-docs/agent/service#get-local-service-health-by-id) so you have the result for the service only. When requesting `/v1/agent/health/service/name/:service_name`, the caller will receive the worst state of all services having the given name. @@ -430,7 +430,7 @@ Retrieve the health state of a specific service on the local agent by ID. | `GET` | `/agent/health/service/id/:service_id?format=text` | `text/plain` | The supported request parameters are the same as -[`/v1/agent/health/service/name/:service_name`](/api/agent/service#get-local-service-health). +[`/v1/agent/health/service/name/:service_name`](/api-docs/agent/service#get-local-service-health). ### Sample Requests @@ -586,9 +586,9 @@ For "connect-proxy" kind services, the `service:write` ACL for the | `PUT` | `/agent/service/register` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -655,13 +655,13 @@ service definition keys for compatibility with the config file format. [Connect Structure](#connect-structure) section below for supported fields. - `Check` `(Check: nil)` - Specifies a check. Please see the - [check documentation](/api/agent/check) for more information about the + [check documentation](/api-docs/agent/check) for more information about the accepted fields. If you don't provide a name or id for the check then they will be generated. To provide a custom id and/or name set the `CheckID` and/or `Name` field. - `Checks` `(array: nil)` - Specifies a list of checks. Please see the - [check documentation](/api/agent/check) for more information about the + [check documentation](/api-docs/agent/check) for more information about the accepted fields. If you don't provide a name or id for the check then they will be generated. To provide a custom id and/or name set the `CheckID` and/or `Name` field. The automatically generated `Name` and `CheckID` depend @@ -671,7 +671,7 @@ service definition keys for compatibility with the config file format. - `EnableTagOverride` `(bool: false)` - Specifies to disable the anti-entropy feature for this service's tags. If `EnableTagOverride` is set to `true` then - external agents can update this service in the [catalog](/api/catalog) + external agents can update this service in the [catalog](/api-docs/catalog) and modify the tags. Subsequent local sync operations by this agent will ignore the updated tags. For instance, if an external agent modified both the tags and the port for this service and `EnableTagOverride` was set to `true` @@ -761,9 +761,9 @@ is an associated check, that is also deregistered. | `PUT` | `/agent/service/deregister/:service_id` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -803,9 +803,9 @@ will be automatically restored on agent restart. | `PUT` | `/agent/service/maintenance/:service_id` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | diff --git a/website/content/api-docs/catalog.mdx b/website/content/api-docs/catalog.mdx index 64011347c..4b2e93033 100644 --- a/website/content/api-docs/catalog.mdx +++ b/website/content/api-docs/catalog.mdx @@ -16,7 +16,7 @@ API methods look similar. This endpoint is a low-level mechanism for registering or updating entries in the catalog. It is usually preferable to instead use the -[agent endpoints](/api/agent) for registration as they are simpler and +[agent endpoints](/api-docs/agent) for registration as they are simpler and perform [anti-entropy](/docs/architecture/anti-entropy). | Method | Path | Produces | @@ -24,9 +24,9 @@ perform [anti-entropy](/docs/architecture/anti-entropy). | `PUT` | `/catalog/register` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -57,7 +57,7 @@ The table below shows this endpoint's support for for service definition names for [compatibility with external DNS](/docs/discovery/services#service-and-tag-names-with-dns). The service `Tags`, `Address`, `Meta`, and `Port` fields are all optional. For more information about these fields and the implications of setting them, - see the [Service - Agent API](/api/agent/service) page + see the [Service - Agent API](/api-docs/agent/service) page as registering services differs between using this or the Services Agent endpoint. - `Check` `(Check: nil)` - Specifies to register a check. The register API @@ -167,7 +167,7 @@ $ curl \ This endpoint is a low-level mechanism for directly removing entries from the Catalog. It is usually preferable to instead use the -[agent endpoints](/api/agent) for deregistration as they are simpler and +[agent endpoints](/api-docs/agent) for deregistration as they are simpler and perform [anti-entropy](/docs/architecture/anti-entropy). | Method | Path | Produces | @@ -175,9 +175,9 @@ perform [anti-entropy](/docs/architecture/anti-entropy). | `PUT` | `/catalog/deregister` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -257,9 +257,9 @@ Consul servers are routable. | `GET` | `/catalog/datacenters` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -292,9 +292,9 @@ This endpoint and returns the nodes registered in a given datacenter. | `GET` | `/catalog/nodes` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -391,9 +391,9 @@ This endpoint returns the services registered in a given datacenter. | `GET` | `/catalog/services` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -449,9 +449,9 @@ This endpoint returns the nodes providing a service in a given datacenter. | `GET` | `/catalog/service/:service` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -592,7 +592,7 @@ $ curl \ service instance. This includes both the address as well as the port. - `ServiceKind` is the kind of service, usually "". See the Agent - [service registration API](/api/agent/service#kind) for more information. + [service registration API](/api-docs/agent/service#kind) for more information. - `ServiceProxy` is the proxy config as specified in [Connect Proxies](/docs/connect/proxies). @@ -664,7 +664,7 @@ so this endpoint may be used to filter only the Connect-capable endpoints. | `GET` | `/catalog/connect/:service` | `application/json` | Parameters and response format are the same as -[`/catalog/service/:service`](/api/catalog#list-nodes-for-service). +[`/catalog/service/:service`](/api-docs/catalog#list-nodes-for-service). ## Retrieve Map of Services for a Node @@ -677,9 +677,9 @@ This endpoint returns the node's registered services. | `GET` | `/catalog/node/:node` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -808,9 +808,9 @@ This endpoint returns the node's registered services. | `GET` | `/catalog/node-services/:node` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -944,9 +944,9 @@ This endpoint returns the services associated with an ingress gateway or termina | `GET` | `/catalog/gateway-services/:gateway` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -1057,7 +1057,7 @@ $ curl \ - `Service.Namespace` is the Consul Enterprise namespace of a service associated with the gateway - `GatewayKind` is the kind of service, will be one of "ingress-gateway" or "terminating-gateway". See the Agent - [service registration API](/api/agent/service#kind) for more information. + [service registration API](/api-docs/agent/service#kind) for more information. - `CAFile` is the path to a CA file the gateway will use for TLS origination to the associated service diff --git a/website/content/api-docs/config.mdx b/website/content/api-docs/config.mdx index 151af061f..27d665aa6 100644 --- a/website/content/api-docs/config.mdx +++ b/website/content/api-docs/config.mdx @@ -24,9 +24,9 @@ This endpoint creates or updates the given config entry. | `PUT` | `/config` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -95,9 +95,9 @@ This endpoint returns a specific config entry. | `GET` | `/config/:kind/:name` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -168,9 +168,9 @@ This endpoint returns all config entries of the given kind. | `GET` | `/config/:kind` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -244,9 +244,9 @@ This endpoint deletes the given config entry. | `DELETE` | `/config/:kind/:name` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | diff --git a/website/content/api-docs/connect/ca.mdx b/website/content/api-docs/connect/ca.mdx index 90a49d8c6..86c729460 100644 --- a/website/content/api-docs/connect/ca.mdx +++ b/website/content/api-docs/connect/ca.mdx @@ -21,9 +21,9 @@ the cluster. | `GET` | `/connect/ca/roots` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -113,9 +113,9 @@ This endpoint returns the current CA configuration. | `GET` | `/connect/ca/configuration` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -158,9 +158,9 @@ new root certificate being used, the [Root Rotation](/docs/connect/ca#root-certi | `PUT` | `/connect/ca/configuration` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | diff --git a/website/content/api-docs/connect/index.mdx b/website/content/api-docs/connect/index.mdx index 508c30b1d..4c5d209aa 100644 --- a/website/content/api-docs/connect/index.mdx +++ b/website/content/api-docs/connect/index.mdx @@ -13,7 +13,7 @@ The `/connect` endpoints provide access to intentions and the certificate authority. There are also Connect-related endpoints in the -[Agent](/api/agent) and [Catalog](/api/catalog) APIs. For example, +[Agent](/api-docs/agent) and [Catalog](/api-docs/catalog) APIs. For example, the API for requesting a TLS certificate for a service is part of the agent APIs. And the catalog API has an endpoint for finding all Connect-capable services in the catalog. diff --git a/website/content/api-docs/connect/intentions.mdx b/website/content/api-docs/connect/intentions.mdx index 2ffcc58bc..49b6ac660 100644 --- a/website/content/api-docs/connect/intentions.mdx +++ b/website/content/api-docs/connect/intentions.mdx @@ -36,9 +36,9 @@ be persisted using this endpoint and will require editing the enclosing | `PUT` | `/connect/intentions/exact` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -147,9 +147,9 @@ existing intention or delete it prior to creating a new one. | `POST` | `/connect/intentions` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -247,9 +247,9 @@ This endpoint updates an intention with the given values. | `PUT` | `/connect/intentions/:uuid` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -301,9 +301,9 @@ This endpoint reads a specific intention by its unique source and destination. | `GET` | `/connect/intentions/exact` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -378,9 +378,9 @@ This endpoint reads a specific intention. | `GET` | `/connect/intentions/:uuid` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -442,9 +442,9 @@ This endpoint lists all intentions. | `GET` | `/connect/intentions` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -533,9 +533,9 @@ This endpoint deletes a specific intention by its unique source and destination. | `DELETE` | `/connect/intentions/exact` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -593,9 +593,9 @@ This endpoint deletes a specific intention. | `DELETE` | `/connect/intentions/:uuid` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -638,7 +638,7 @@ networking layer 4 (e.g. TCP) integration. For performance and reliability reasons it is desirable to implement intention enforcement by listing [intentions that match the -destination](/api/connect/intentions#list-matching-intentions) and representing +destination](/api-docs/connect/intentions#list-matching-intentions) and representing them in the native configuration of the proxy itself (such as RBAC for Envoy). This endpoint will work even if the destination service has @@ -650,9 +650,9 @@ does not contain any information about the intention itself. | `GET` | `/connect/intentions/check` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -715,9 +715,9 @@ The intentions in the response are in evaluation order. | `GET` | `/connect/intentions/match` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | diff --git a/website/content/api-docs/coordinate.mdx b/website/content/api-docs/coordinate.mdx index 2e6c5fe2b..bbba8afaf 100644 --- a/website/content/api-docs/coordinate.mdx +++ b/website/content/api-docs/coordinate.mdx @@ -29,9 +29,9 @@ cluster. | `GET` | `/coordinate/datacenters` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -85,9 +85,9 @@ datacenter. | `GET` | `/coordinate/nodes` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -144,9 +144,9 @@ This endpoint returns the LAN network coordinates for the given node. | `GET` | `/coordinate/node/:node` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -202,9 +202,9 @@ datacenter. | `PUT` | `/coordinate/update` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | diff --git a/website/content/api-docs/discovery-chain.mdx b/website/content/api-docs/discovery-chain.mdx index e7e2de6e5..29adab555 100644 --- a/website/content/api-docs/discovery-chain.mdx +++ b/website/content/api-docs/discovery-chain.mdx @@ -38,9 +38,9 @@ the `POST` method must be used, otherwise `GET` is sufficient.

The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | diff --git a/website/content/api-docs/event.mdx b/website/content/api-docs/event.mdx index c9edbe47b..1d795997a 100644 --- a/website/content/api-docs/event.mdx +++ b/website/content/api-docs/event.mdx @@ -20,9 +20,9 @@ This endpoint triggers a new user event. | `PUT` | `/event/fire/:name` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -100,9 +100,9 @@ nor do they make a promise of delivery. | `GET` | `/event/list` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | diff --git a/website/content/api-docs/features/consistency.mdx b/website/content/api-docs/features/consistency.mdx index a50658069..71fd92ffb 100644 --- a/website/content/api-docs/features/consistency.mdx +++ b/website/content/api-docs/features/consistency.mdx @@ -42,7 +42,7 @@ should be provided on requests. It is an error to provide both. Note that some endpoints support a `cached` parameter which has some of the same semantics as `stale` but different trade offs. This behavior is described in -[agent caching feature documentation](/api/features/caching). +[agent caching feature documentation](/api-docs/features/caching). To support bounding the acceptable staleness of data, responses provide the `X-Consul-LastContact` header containing the time in milliseconds that a server diff --git a/website/content/api-docs/features/filtering.mdx b/website/content/api-docs/features/filtering.mdx index bcf86b9d8..b4a25b242 100644 --- a/website/content/api-docs/features/filtering.mdx +++ b/website/content/api-docs/features/filtering.mdx @@ -122,7 +122,7 @@ example, the following two expressions would be equivalent. Generally, only the main object is filtered. When filtering for an item within an array that is not at the top level, the entire array that contains the item will be returned. This is usually the outermost object of a response, -but in some cases such the [`/catalog/node/:node`](/api/catalog#list-services-for-node) +but in some cases such the [`/catalog/node/:node`](/api-docs/catalog#list-services-for-node) endpoint the filtering is performed on a object embedded within the results. ### Performance diff --git a/website/content/api-docs/health.mdx b/website/content/api-docs/health.mdx index 1ae4c2701..6d8a1c677 100644 --- a/website/content/api-docs/health.mdx +++ b/website/content/api-docs/health.mdx @@ -25,9 +25,9 @@ This endpoint returns the checks specific to the node provided on the path. | `GET` | `/health/node/:node` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -122,9 +122,9 @@ path. | `GET` | `/health/checks/:service` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -214,9 +214,9 @@ incorporating the use of health checks. | `GET` | `/health/service/:service` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -422,7 +422,7 @@ so this endpoint may be used to filter only the Connect-capable endpoints. | `GET` | `/health/connect/:service` | `application/json` | Parameters and response format are the same as -[`/health/service/:service`](/api/health#list-nodes-for-service). +[`/health/service/:service`](/api-docs/health#list-nodes-for-service). ## List Service Instances for Ingress Gateways Associated with a Service @@ -438,10 +438,10 @@ gateway](/docs/connect/gateways/ingress-gateway) for a service in a given datace | `GET` | `/health/ingress/:service` | `application/json` | Parameters and response format are the same as -[`/health/service/:service`](/api/health#list-nodes-for-service). +[`/health/service/:service`](/api-docs/health#list-nodes-for-service). **Note** that unlike `/health/connect/:service` and `/health/service/:service` this -endpoint does not support the [streaming backend](/api/features/blocking#streaming-backend). +endpoint does not support the [streaming backend](/api-docs/features/blocking#streaming-backend). ## List Checks in State @@ -455,9 +455,9 @@ This endpoint returns the checks in the state provided on the path. | `GET` | `/health/state/:state` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | diff --git a/website/content/api-docs/kv.mdx b/website/content/api-docs/kv.mdx index 029c3ae81..ba77717f4 100644 --- a/website/content/api-docs/kv.mdx +++ b/website/content/api-docs/kv.mdx @@ -19,7 +19,7 @@ replication between datacenters, please view the ~> Values in the KV store cannot be larger than 512kb. In order to perform atomic operations on multiple KV pairs (up to a limit of 64) -please consider using [transactions](/api/txn) instead. +please consider using [transactions](/api-docs/txn) instead. ## Read Key @@ -27,7 +27,7 @@ This endpoint returns the specified key. If no key exists at the given path, a 404 is returned instead of a 200 response. For multi-key reads (up to a limit of 64 KV operations) please consider using -[transactions](/api/txn) instead. +[transactions](/api-docs/txn) instead. If the [`recurse`](#recurse) or [`keys`](#keys) query parameters are `true`, this endpoint will return an array of keys. In this case, @@ -40,9 +40,9 @@ Refer to the [HTTP API documentation](/api-docs#results-filtered-by-acls) for mo | `GET` | `/kv/:key` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -172,9 +172,9 @@ Even though the return type is `application/json`, the value is either `true` or `false`, indicating whether the create/update succeeded. The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -260,9 +260,9 @@ This endpoint deletes a single key or all keys sharing a prefix. | `DELETE` | `/kv/:key` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | diff --git a/website/content/api-docs/namespaces.mdx b/website/content/api-docs/namespaces.mdx index c14c9a721..67fc5d6b3 100644 --- a/website/content/api-docs/namespaces.mdx +++ b/website/content/api-docs/namespaces.mdx @@ -20,9 +20,9 @@ This endpoint creates a new Namespace. | `PUT` | `/namespace` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -151,9 +151,9 @@ This endpoint reads a Namespace with the given name. | `GET` | `/namespace/:name` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -222,9 +222,9 @@ This endpoint updates a Namespace. | `PUT` | `/namespace/:name` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -361,9 +361,9 @@ This endpoint will return no data. Success or failure is indicated by the status code returned. The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -434,9 +434,9 @@ privileges of the ACL token used for the request. | `GET` | `/namespaces` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | diff --git a/website/content/api-docs/operator/area.mdx b/website/content/api-docs/operator/area.mdx index 505057666..6f10fa2dd 100644 --- a/website/content/api-docs/operator/area.mdx +++ b/website/content/api-docs/operator/area.mdx @@ -36,9 +36,9 @@ successfully. | `POST` | `/operator/area` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -104,9 +104,9 @@ This endpoint lists all network areas. | `GET` | `/operator/area` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -149,9 +149,9 @@ This endpoint updates a network area to the given configuration. | `PUT` | `/operator/area/:uuid` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -195,9 +195,9 @@ This endpoint lists a specific network area. | `GET` | `/operator/area/:uuid` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -241,9 +241,9 @@ This endpoint deletes a specific network area. | `DELETE` | `/operator/area/:uuid` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -279,9 +279,9 @@ area. | `PUT` | `/operator/area/:uuid/join` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -354,9 +354,9 @@ network area. | `GET` | `/operator/area/:uuid/members` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | diff --git a/website/content/api-docs/operator/autopilot.mdx b/website/content/api-docs/operator/autopilot.mdx index 89ffb67a3..e1d050871 100644 --- a/website/content/api-docs/operator/autopilot.mdx +++ b/website/content/api-docs/operator/autopilot.mdx @@ -24,9 +24,9 @@ This endpoint retrieves its latest Autopilot configuration. | `GET` | `/operator/autopilot/configuration` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -80,9 +80,9 @@ This endpoint updates the Autopilot configuration of the cluster. | `PUT` | `/operator/autopilot/configuration` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -159,9 +159,9 @@ This endpoint queries the health of the autopilot status. | `GET` | `/operator/autopilot/health` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -264,9 +264,9 @@ This endpoint queries the health of the autopilot status. | `GET` | `/operator/autopilot/state` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | diff --git a/website/content/api-docs/operator/keyring.mdx b/website/content/api-docs/operator/keyring.mdx index 3b3690101..83d1b89bd 100644 --- a/website/content/api-docs/operator/keyring.mdx +++ b/website/content/api-docs/operator/keyring.mdx @@ -26,9 +26,9 @@ read privileges. | `GET` | `/operator/keyring` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -113,9 +113,9 @@ This endpoint installs a new gossip encryption key into the cluster. | `POST` | `/operator/keyring` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -161,9 +161,9 @@ installed before this operation can succeed. | `PUT` | `/operator/keyring` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -209,9 +209,9 @@ may only be performed on keys which are not currently the primary key. | `DELETE` | `/operator/keyring` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | diff --git a/website/content/api-docs/operator/license.mdx b/website/content/api-docs/operator/license.mdx index ff0c0b657..c2c9186fe 100644 --- a/website/content/api-docs/operator/license.mdx +++ b/website/content/api-docs/operator/license.mdx @@ -22,9 +22,9 @@ This endpoint gets information about the current license. | `GET` | `/operator/license` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -89,9 +89,9 @@ license contents as well as any warning messages regarding its validity. | `PUT` | `/operator/license` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -161,9 +161,9 @@ This endpoint resets the Consul license to the license included in the Enterpris | `DELETE` | `/operator/license` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | diff --git a/website/content/api-docs/operator/raft.mdx b/website/content/api-docs/operator/raft.mdx index 5225208a3..8d1259454 100644 --- a/website/content/api-docs/operator/raft.mdx +++ b/website/content/api-docs/operator/raft.mdx @@ -23,9 +23,9 @@ This endpoint reads the current raft configuration. | `GET` | `/operator/raft/configuration` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -43,7 +43,7 @@ The table below shows this endpoint's support for Raft configuration from any of the Consul servers. Not setting this will choose the default consistency mode which will forward the request to the leader for processing but not re-confirm the server is still the leader before returning - results. See [default consistency](/api/features/consistency#default) for more details. + results. See [default consistency](/api-docs/features/consistency#default) for more details. ### Sample Request @@ -121,9 +121,9 @@ write privileges. | `DELETE` | `/operator/raft/peer` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | diff --git a/website/content/api-docs/operator/segment.mdx b/website/content/api-docs/operator/segment.mdx index 713fae4e6..360a6f1b0 100644 --- a/website/content/api-docs/operator/segment.mdx +++ b/website/content/api-docs/operator/segment.mdx @@ -29,9 +29,9 @@ This endpoint lists all network areas. | `GET` | `/operator/segment` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | diff --git a/website/content/api-docs/query.mdx b/website/content/api-docs/query.mdx index 2adaa152e..c91cdacdd 100644 --- a/website/content/api-docs/query.mdx +++ b/website/content/api-docs/query.mdx @@ -141,9 +141,9 @@ successfully. | `POST` | `/query` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -306,9 +306,9 @@ This endpoint returns a list of all prepared queries. | `GET` | `/query` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -369,9 +369,9 @@ given ID, an error is returned. | `PUT` | `/query/:uuid` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -409,9 +409,9 @@ given ID, an error is returned. | `GET` | `/query/:uuid` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -449,9 +449,9 @@ given ID, an error is returned. | `DELETE` | `/query/:uuid` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -489,9 +489,9 @@ Refer to the [HTTP API documentation](/api-docs#results-filtered-by-acls) for mo | `GET` | `/query/:uuid/execute` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -618,9 +618,9 @@ interpolation. | `GET` | `/query/:uuid/explain` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | diff --git a/website/content/api-docs/session.mdx b/website/content/api-docs/session.mdx index efaccbcc3..15415c0c4 100644 --- a/website/content/api-docs/session.mdx +++ b/website/content/api-docs/session.mdx @@ -18,9 +18,9 @@ node and may be associated with any number of checks. | `PUT` | `/session/create` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -127,9 +127,9 @@ either a literal `true` or `false`, indicating of whether the destroy was successful. The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -173,9 +173,9 @@ This endpoint returns the requested session information. | `GET` | `/session/info/:uuid` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -237,9 +237,9 @@ This endpoint returns the active sessions for a given node. | `GET` | `/session/node/:node` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -301,9 +301,9 @@ This endpoint returns the list of active sessions. | `GET` | `/session/list` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -360,9 +360,9 @@ TTL, and it extends the expiration by the TTL. | `PUT` | `/session/renew/:uuid` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | diff --git a/website/content/api-docs/snapshot.mdx b/website/content/api-docs/snapshot.mdx index 885cdd0a3..2e3419279 100644 --- a/website/content/api-docs/snapshot.mdx +++ b/website/content/api-docs/snapshot.mdx @@ -30,9 +30,9 @@ restore. | `GET` | `/snapshot` | `200 application/x-gzip` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -87,9 +87,9 @@ call to the `GET` method. | `PUT` | `/snapshot` | `200 text/plain (empty body)` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | diff --git a/website/content/api-docs/status.mdx b/website/content/api-docs/status.mdx index c7cb3e557..8948a5a7f 100644 --- a/website/content/api-docs/status.mdx +++ b/website/content/api-docs/status.mdx @@ -23,9 +23,9 @@ running. | `GET` | `/status/leader` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -61,9 +61,9 @@ determining when a given server has successfully joined the cluster. | `GET` | `/status/peers` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | diff --git a/website/content/api-docs/txn.mdx b/website/content/api-docs/txn.mdx index bf5a3fdfa..2fa10bcb0 100644 --- a/website/content/api-docs/txn.mdx +++ b/website/content/api-docs/txn.mdx @@ -36,9 +36,9 @@ the leader via the Raft consensus protocol. | `PUT` | `/txn` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/features/blocking), -[consistency modes](/api/features/consistency), -[agent caching](/api/features/caching), and +[blocking queries](/api-docs/features/blocking), +[consistency modes](/api-docs/features/consistency), +[agent caching](/api-docs/features/caching), and [required ACLs](/api#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | @@ -86,7 +86,7 @@ The table below shows this endpoint's support for - `Verb` `(string: )` - Specifies the type of operation to perform. - `Node` `(Node: )` - Specifies the node information to use - for the operation. See the [catalog endpoint](/api/catalog#parameters) for the fields in this object. Note the only the node can be specified here, not any services or checks - separate service or check operations must be used for those. + for the operation. See the [catalog endpoint](/api-docs/catalog#parameters) for the fields in this object. Note the only the node can be specified here, not any services or checks - separate service or check operations must be used for those. - `Service` operations have the following fields: @@ -96,14 +96,14 @@ The table below shows this endpoint's support for this service operation. - `Service` `(Service: )` - Specifies the service instance information to use - for the operation. See the [catalog endpoint](/api/catalog#parameters) for the fields in this object. + for the operation. See the [catalog endpoint](/api-docs/catalog#parameters) for the fields in this object. - `Check` operations have the following fields: - `Verb` `(string: )` - Specifies the type of operation to perform. - `Check` `(Service: )` - Specifies the check to use - for the operation. See the [catalog endpoint](/api/catalog#parameters) for the fields in this object. + for the operation. See the [catalog endpoint](/api-docs/catalog#parameters) for the fields in this object. Please see the table below for available verbs. diff --git a/website/content/commands/acl/auth-method/create.mdx b/website/content/commands/acl/auth-method/create.mdx index a47477493..dfdce5d13 100644 --- a/website/content/commands/acl/auth-method/create.mdx +++ b/website/content/commands/acl/auth-method/create.mdx @@ -12,7 +12,7 @@ Corresponding HTTP API Endpoint: [\[PUT\] /v1/acl/auth-method](/api-docs/acl/aut The `acl auth-method create` command creates new auth methods. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/acl/auth-method/delete.mdx b/website/content/commands/acl/auth-method/delete.mdx index 3ba8324a4..a0865825b 100644 --- a/website/content/commands/acl/auth-method/delete.mdx +++ b/website/content/commands/acl/auth-method/delete.mdx @@ -12,7 +12,7 @@ Corresponding HTTP API Endpoint: [\[DELETE\] /v1/acl/auth-method/:name](/api-doc The `acl auth-method delete` command deletes an auth method. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/acl/auth-method/index.mdx b/website/content/commands/acl/auth-method/index.mdx index 1ae28de78..db92f6f35 100644 --- a/website/content/commands/acl/auth-method/index.mdx +++ b/website/content/commands/acl/auth-method/index.mdx @@ -11,7 +11,7 @@ The `acl auth-method` command is used to manage Consul's ACL auth methods. It exposes commands for creating, updating, reading, deleting, and listing auth methods. This command is available in Consul 1.5.0 and newer. -ACL auth methods may also be managed via the [HTTP API](/api/acl/auth-methods). +ACL auth methods may also be managed via the [HTTP API](/api-docs/acl/auth-methods). -> **Note:** All of the example subcommands in this document will require a valid Consul token with the appropriate permissions. Either set the diff --git a/website/content/commands/acl/auth-method/list.mdx b/website/content/commands/acl/auth-method/list.mdx index 643e1c02c..93387e588 100644 --- a/website/content/commands/acl/auth-method/list.mdx +++ b/website/content/commands/acl/auth-method/list.mdx @@ -12,7 +12,7 @@ Corresponding HTTP API Endpoint: [\[GET\] /v1/acl/auth-methods](/api-docs/acl/au The `acl auth-method list` command lists all auth methods. By default it will not show metadata. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/acl/auth-method/read.mdx b/website/content/commands/acl/auth-method/read.mdx index fbe7d055c..f9ec06619 100644 --- a/website/content/commands/acl/auth-method/read.mdx +++ b/website/content/commands/acl/auth-method/read.mdx @@ -12,7 +12,7 @@ Corresponding HTTP API Endpoint: [\[GET\] /v1/acl/auth-method/:name](/api-docs/a The `acl auth-method read` command reads and displays an auth method's details. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/acl/auth-method/update.mdx b/website/content/commands/acl/auth-method/update.mdx index c960a09d0..a7fae8dc3 100644 --- a/website/content/commands/acl/auth-method/update.mdx +++ b/website/content/commands/acl/auth-method/update.mdx @@ -15,7 +15,7 @@ provided to the command invocation. Therefore to update just one field, only the `-name` options and the option to modify must be provided. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/acl/binding-rule/create.mdx b/website/content/commands/acl/binding-rule/create.mdx index df65da77a..9df0d2691 100644 --- a/website/content/commands/acl/binding-rule/create.mdx +++ b/website/content/commands/acl/binding-rule/create.mdx @@ -12,7 +12,7 @@ Corresponding HTTP API Endpoint: [\[PUT\] /v1/acl/binding-rule](/api-docs/acl/bi The `acl binding-rule create` command creates new binding rules. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/acl/binding-rule/delete.mdx b/website/content/commands/acl/binding-rule/delete.mdx index e59d533fd..0ef61278b 100644 --- a/website/content/commands/acl/binding-rule/delete.mdx +++ b/website/content/commands/acl/binding-rule/delete.mdx @@ -12,7 +12,7 @@ Corresponding HTTP API Endpoint: [\[DELETE\] /v1/acl/binding-rule/:id](/api-docs The `acl binding-rule delete` command deletes a binding rule. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/acl/binding-rule/index.mdx b/website/content/commands/acl/binding-rule/index.mdx index 440bd92e0..911ada43d 100644 --- a/website/content/commands/acl/binding-rule/index.mdx +++ b/website/content/commands/acl/binding-rule/index.mdx @@ -11,7 +11,7 @@ The `acl binding-rule` command is used to manage Consul's ACL binding rules. It exposes commands for creating, updating, reading, deleting, and listing binding rules. This command is available in Consul 1.5.0 and newer. -ACL binding rules may also be managed via the [HTTP API](/api/acl/binding-rules). +ACL binding rules may also be managed via the [HTTP API](/api-docs/acl/binding-rules). -> **Note:** All of the example subcommands in this document will require a valid Consul token with the appropriate permissions. Either set the diff --git a/website/content/commands/acl/binding-rule/list.mdx b/website/content/commands/acl/binding-rule/list.mdx index 1753f3f9b..322d647d2 100644 --- a/website/content/commands/acl/binding-rule/list.mdx +++ b/website/content/commands/acl/binding-rule/list.mdx @@ -12,7 +12,7 @@ Corresponding HTTP API Endpoint: [\[GET\] /v1/acl/binding-rules](/api-docs/acl/b The `acl binding-rule list` command lists all binding rules. By default it will not show metadata. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/acl/binding-rule/read.mdx b/website/content/commands/acl/binding-rule/read.mdx index 15b66acb6..1ac0e2c85 100644 --- a/website/content/commands/acl/binding-rule/read.mdx +++ b/website/content/commands/acl/binding-rule/read.mdx @@ -12,7 +12,7 @@ Corresponding HTTP API Endpoint: [\[GET\] /v1/acl/binding-rule/:id](/api-docs/ac The `acl binding-rule read` command reads and displays a binding rules details. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/acl/binding-rule/update.mdx b/website/content/commands/acl/binding-rule/update.mdx index 2fb1496ab..320979663 100644 --- a/website/content/commands/acl/binding-rule/update.mdx +++ b/website/content/commands/acl/binding-rule/update.mdx @@ -15,7 +15,7 @@ provided to the command invocation. Therefore to update just one field, only the `-id` option and the option to modify must be provided. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/acl/bootstrap.mdx b/website/content/commands/acl/bootstrap.mdx index 28592f0e7..534674267 100644 --- a/website/content/commands/acl/bootstrap.mdx +++ b/website/content/commands/acl/bootstrap.mdx @@ -15,7 +15,7 @@ will be disabled. If all tokens are lost and you need to bootstrap again you can [reset procedure](https://learn.hashicorp.com/consul/security-networking/acl-troubleshooting?utm_source=consul.io&utm_medium=docs#reset-the-acl-system). The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/acl/policy/create.mdx b/website/content/commands/acl/policy/create.mdx index 8cdcd20b7..2cf29f87b 100644 --- a/website/content/commands/acl/policy/create.mdx +++ b/website/content/commands/acl/policy/create.mdx @@ -20,7 +20,7 @@ To load the value from a file prefix the value with an `@`. Any other values will be used directly. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/acl/policy/delete.mdx b/website/content/commands/acl/policy/delete.mdx index c903545c7..9449a5edc 100644 --- a/website/content/commands/acl/policy/delete.mdx +++ b/website/content/commands/acl/policy/delete.mdx @@ -12,7 +12,7 @@ Corresponding HTTP API Endpoint: [\[DELETE\] /v1/acl/policy/:id](/api-docs/acl/p The `acl policy delete` command deletes a policy. Policies may be deleted by their ID or by name. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/acl/policy/index.mdx b/website/content/commands/acl/policy/index.mdx index 79f4a136a..dcfdbdf31 100644 --- a/website/content/commands/acl/policy/index.mdx +++ b/website/content/commands/acl/policy/index.mdx @@ -11,7 +11,7 @@ The `acl policy` command is used to manage Consul's ACL policies. It exposes commands for creating, updating, reading, deleting, and listing policies. This command is available in Consul 1.4.0 and newer. -ACL policies may also be managed via the [HTTP API](/api/acl/policies). +ACL policies may also be managed via the [HTTP API](/api-docs/acl/policies). -> **Note:** All of the example subcommands in this document will require a valid Consul token with the appropriate permissions. Either set the diff --git a/website/content/commands/acl/policy/list.mdx b/website/content/commands/acl/policy/list.mdx index dd2a6606b..acb0bebae 100644 --- a/website/content/commands/acl/policy/list.mdx +++ b/website/content/commands/acl/policy/list.mdx @@ -12,7 +12,7 @@ Corresponding HTTP API Endpoint: [\[GET\] /v1/acl/policies](/api-docs/acl/polici The `acl policy list` command lists all policies. By default it will not show metadata. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/acl/policy/read.mdx b/website/content/commands/acl/policy/read.mdx index 0f45b18cb..119a71c1d 100644 --- a/website/content/commands/acl/policy/read.mdx +++ b/website/content/commands/acl/policy/read.mdx @@ -12,7 +12,7 @@ Corresponding HTTP API Endpoints: [\[GET\] /v1/acl/policy/:id](/api-docs/acl/pol The `acl policy read` command reads and displays a policies details. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/acl/policy/update.mdx b/website/content/commands/acl/policy/update.mdx index 4beeec210..c3b23278e 100644 --- a/website/content/commands/acl/policy/update.mdx +++ b/website/content/commands/acl/policy/update.mdx @@ -16,7 +16,7 @@ policies requires both the `-id` and `-name` as the new name cannot yet be used policy. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/acl/role/create.mdx b/website/content/commands/acl/role/create.mdx index 37b3a9a00..fea5919b8 100644 --- a/website/content/commands/acl/role/create.mdx +++ b/website/content/commands/acl/role/create.mdx @@ -12,7 +12,7 @@ Corresponding HTTP API Endpoint: [\[PUT\] /v1/acl/role](/api-docs/acl/roles#crea The `acl role create` command creates new roles. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/acl/role/delete.mdx b/website/content/commands/acl/role/delete.mdx index 3f37cf51e..d0b9823d2 100644 --- a/website/content/commands/acl/role/delete.mdx +++ b/website/content/commands/acl/role/delete.mdx @@ -12,7 +12,7 @@ Corresponding HTTP API Endpoint: [\[DELETE\] /v1/acl/role/:id](/api-docs/acl/rol The `acl role delete` command deletes a role. Roles may be deleted by their ID or by name. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/acl/role/index.mdx b/website/content/commands/acl/role/index.mdx index 422c514af..b14cd6f63 100644 --- a/website/content/commands/acl/role/index.mdx +++ b/website/content/commands/acl/role/index.mdx @@ -11,7 +11,7 @@ The `acl role` command is used to manage Consul's ACL roles. It exposes commands for creating, updating, reading, deleting, and listing roles. This command is available in Consul 1.5.0 and newer. -ACL roles may also be managed via the [HTTP API](/api/acl/roles). +ACL roles may also be managed via the [HTTP API](/api-docs/acl/roles). -> **Note:** All of the example subcommands in this document will require a valid Consul token with the appropriate permissions. Either set the diff --git a/website/content/commands/acl/role/list.mdx b/website/content/commands/acl/role/list.mdx index 9ba9115ce..dd973c630 100644 --- a/website/content/commands/acl/role/list.mdx +++ b/website/content/commands/acl/role/list.mdx @@ -12,7 +12,7 @@ Corresponding HTTP API Endpoint: [\[GET\] /v1/acl/roles](/api-docs/acl/roles#lis The `acl role list` command lists all roles. By default it will not show metadata. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/acl/role/read.mdx b/website/content/commands/acl/role/read.mdx index b28aa6bfd..ef45e636c 100644 --- a/website/content/commands/acl/role/read.mdx +++ b/website/content/commands/acl/role/read.mdx @@ -12,7 +12,7 @@ Corresponding HTTP API Endpoints: [\[GET\] /v1/acl/role/:id](/api-docs/acl/roles The `acl role read` command reads and displays a roles details. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/acl/role/update.mdx b/website/content/commands/acl/role/update.mdx index 17469059c..52133e117 100644 --- a/website/content/commands/acl/role/update.mdx +++ b/website/content/commands/acl/role/update.mdx @@ -16,7 +16,7 @@ modify must be provided. Note that renaming roles requires both the `-id` and `-name` as the new name cannot yet be used to lookup the role. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/acl/set-agent-token.mdx b/website/content/commands/acl/set-agent-token.mdx index af142a694..201e8b6ed 100644 --- a/website/content/commands/acl/set-agent-token.mdx +++ b/website/content/commands/acl/set-agent-token.mdx @@ -17,7 +17,7 @@ is `true`, so tokens will need to be updated again if that option is `false` and the agent is restarted. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/acl/token/clone.mdx b/website/content/commands/acl/token/clone.mdx index 2b7b3ca9b..7dafeb34e 100644 --- a/website/content/commands/acl/token/clone.mdx +++ b/website/content/commands/acl/token/clone.mdx @@ -12,7 +12,7 @@ Corresponding HTTP API Endpoint: [\[PUT\] /v1/acl/token/:AccessorID/clone](/api- The `acl token clone` command clones an existing token. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/acl/token/create.mdx b/website/content/commands/acl/token/create.mdx index b9e2e0ae1..8690e5b76 100644 --- a/website/content/commands/acl/token/create.mdx +++ b/website/content/commands/acl/token/create.mdx @@ -14,7 +14,7 @@ either the `-policy-id` or the `-policy-name` options. When specifying policies may use a unique prefix of the UUID as a shortcut for specifying the entire UUID. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/acl/token/delete.mdx b/website/content/commands/acl/token/delete.mdx index 20545e319..eee3e5db6 100644 --- a/website/content/commands/acl/token/delete.mdx +++ b/website/content/commands/acl/token/delete.mdx @@ -12,7 +12,7 @@ Corresponding HTTP API Endpoint: [\[DELETE\] /v1/acl/token/:AccessorID](/api-doc The `acl token delete` command deletes a token. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/acl/token/index.mdx b/website/content/commands/acl/token/index.mdx index 2198eb572..9c3e497d7 100644 --- a/website/content/commands/acl/token/index.mdx +++ b/website/content/commands/acl/token/index.mdx @@ -11,7 +11,7 @@ The `acl token` command is used to manage Consul's ACL tokens. It exposes commands for creating, updating, reading, deleting, and listing tokens. This command is available in Consul 1.4.0 and newer. -ACL tokens may also be managed via the [HTTP API](/api/acl/tokens). +ACL tokens may also be managed via the [HTTP API](/api-docs/acl/tokens). -> **Note:** All of the example subcommands in this document will require a valid Consul token with the appropriate permissions. Either set the diff --git a/website/content/commands/acl/token/list.mdx b/website/content/commands/acl/token/list.mdx index 0439dc7ed..f3a64c1ca 100644 --- a/website/content/commands/acl/token/list.mdx +++ b/website/content/commands/acl/token/list.mdx @@ -12,7 +12,7 @@ Corresponding HTTP API Endpoint: [\[GET\] /v1/acl/tokens](/api-docs/acl/tokens#l The `acl token list` command lists all tokens. By default it will not show metadata. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/acl/token/read.mdx b/website/content/commands/acl/token/read.mdx index 6d3aefadb..e249e1b38 100644 --- a/website/content/commands/acl/token/read.mdx +++ b/website/content/commands/acl/token/read.mdx @@ -12,7 +12,7 @@ Corresponding HTTP API Endpoint: [\[GET\] /v1/acl/token/:AccessorID](/api-docs/a The `acl token read` command reads and displays a token details. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/acl/token/update.mdx b/website/content/commands/acl/token/update.mdx index ca9c04e1f..b7c2b5bbc 100644 --- a/website/content/commands/acl/token/update.mdx +++ b/website/content/commands/acl/token/update.mdx @@ -13,7 +13,7 @@ The `acl token update` command will update a token. Some parts of the token like token is local to the datacenter cannot be changed. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/acl/translate-rules.mdx b/website/content/commands/acl/translate-rules.mdx index 6501b56e0..1255de367 100644 --- a/website/content/commands/acl/translate-rules.mdx +++ b/website/content/commands/acl/translate-rules.mdx @@ -15,7 +15,7 @@ Corresponding HTTP API Endpoint: [\[GET\] /v1/acl/rules/translate/:accessor_id]( This command translates the legacy ACL rule syntax into the new syntax. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/catalog/datacenters.mdx b/website/content/commands/catalog/datacenters.mdx index 8d329b786..1f823d1d1 100644 --- a/website/content/commands/catalog/datacenters.mdx +++ b/website/content/commands/catalog/datacenters.mdx @@ -12,7 +12,7 @@ Corresponding HTTP API Endpoint: [\[GET\] /v1/catalog/datacenters](/api-docs/cat The `catalog datacenters` command prints all known datacenters. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/catalog/index.mdx b/website/content/commands/catalog/index.mdx index c95bae537..63b213a6c 100644 --- a/website/content/commands/catalog/index.mdx +++ b/website/content/commands/catalog/index.mdx @@ -11,7 +11,7 @@ The `catalog` command is used to interact with Consul's catalog via the command line. It exposes top-level commands for reading and filtering data from the registry. -The catalog is also accessible via the [HTTP API](/api/catalog). +The catalog is also accessible via the [HTTP API](/api-docs/catalog). ## Basic Examples diff --git a/website/content/commands/catalog/nodes.mdx b/website/content/commands/catalog/nodes.mdx index 386948d29..7537ce1ef 100644 --- a/website/content/commands/catalog/nodes.mdx +++ b/website/content/commands/catalog/nodes.mdx @@ -14,7 +14,7 @@ It can also query for nodes that match a particular metadata or provide a particular service. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | @@ -84,7 +84,7 @@ Usage: `consul catalog nodes [options]` - `-filter=` - Expression to use for filtering the results. Can be passed via stdin by using `-` for the value or from a file by passing `@`. - See the [`/catalog/nodes` API documentation](/api/catalog#filtering) for a + See the [`/catalog/nodes` API documentation](/api-docs/catalog#filtering) for a description of what is filterable. #### Enterprise Options diff --git a/website/content/commands/catalog/services.mdx b/website/content/commands/catalog/services.mdx index 8c414653c..d4653f04f 100644 --- a/website/content/commands/catalog/services.mdx +++ b/website/content/commands/catalog/services.mdx @@ -14,7 +14,7 @@ for services that match particular metadata or list the services that a particular node provides. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/config/delete.mdx b/website/content/commands/config/delete.mdx index a869d17aa..bee966700 100644 --- a/website/content/commands/config/delete.mdx +++ b/website/content/commands/config/delete.mdx @@ -14,7 +14,7 @@ kind and name. See the [configuration entries docs](/docs/agent/config-entries) for more details about configuration entries. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required1 | diff --git a/website/content/commands/config/list.mdx b/website/content/commands/config/list.mdx index a2e5a7c49..8ceec02b6 100644 --- a/website/content/commands/config/list.mdx +++ b/website/content/commands/config/list.mdx @@ -14,7 +14,7 @@ See the [configuration entries docs](/docs/agent/config-entries) for more details about configuration entries. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required1 | diff --git a/website/content/commands/config/read.mdx b/website/content/commands/config/read.mdx index 3df4009b3..b57f74de9 100644 --- a/website/content/commands/config/read.mdx +++ b/website/content/commands/config/read.mdx @@ -15,7 +15,7 @@ kind and name and outputs its JSON representation. See the details about configuration entries. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required1 | diff --git a/website/content/commands/config/write.mdx b/website/content/commands/config/write.mdx index 214b92a24..01c0b7d06 100644 --- a/website/content/commands/config/write.mdx +++ b/website/content/commands/config/write.mdx @@ -14,7 +14,7 @@ See the [configuration entries docs](/docs/agent/config-entries) for more details about configuration entries. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required1 | diff --git a/website/content/commands/connect/ca.mdx b/website/content/commands/connect/ca.mdx index 3b037ea4a..e00be9f94 100644 --- a/website/content/commands/connect/ca.mdx +++ b/website/content/commands/connect/ca.mdx @@ -43,7 +43,7 @@ Subcommands: This command displays the current CA configuration. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | @@ -78,7 +78,7 @@ being used, the [Root Rotation](/docs/connect/ca#root-certificate-rotation) proc will be triggered. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | @@ -99,7 +99,7 @@ Corresponding HTTP API Endpoint: [\[PUT\] /v1/connect/ca/configuration](/api-doc - `-config-file` - (required) Specifies a JSON-formatted file to use for the new configuration. The format of this config file matches the request payload documented in the - [Update CA Configuration API](/api/connect/ca#update-ca-configuration). + [Update CA Configuration API](/api-docs/connect/ca#update-ca-configuration). - `-force-without-cross-signing` `(bool: )` - Indicates that the CA change should be forced to complete even if the current CA doesn't support cross diff --git a/website/content/commands/event.mdx b/website/content/commands/event.mdx index 96edc4d34..ec85dba6c 100644 --- a/website/content/commands/event.mdx +++ b/website/content/commands/event.mdx @@ -38,7 +38,7 @@ parameters of the event, but the payload should be kept very small (< 100 bytes). Specifying too large of an event will return an error. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/force-leave.mdx b/website/content/commands/force-leave.mdx index f923b746f..399bf412b 100644 --- a/website/content/commands/force-leave.mdx +++ b/website/content/commands/force-leave.mdx @@ -33,7 +33,7 @@ if the agent returns after transitioning to the "left" state, but before it is r from the member list, then it will rejoin the cluster. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/intention/check.mdx b/website/content/commands/intention/check.mdx index a8641b653..02b6abb73 100644 --- a/website/content/commands/intention/check.mdx +++ b/website/content/commands/intention/check.mdx @@ -24,7 +24,7 @@ defined as _deny_ intentions during evaluation, as this endpoint is only suited for networking layer 4 (e.g. TCP) integration. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/intention/create.mdx b/website/content/commands/intention/create.mdx index 37b70b92b..4b3cd5d43 100644 --- a/website/content/commands/intention/create.mdx +++ b/website/content/commands/intention/create.mdx @@ -18,7 +18,7 @@ Corresponding HTTP API Endpoint: [\[POST\] /v1/connect/intentions](/api-docs/con The `intention create` command creates or updates an L4 intention. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/intention/delete.mdx b/website/content/commands/intention/delete.mdx index d2b58545e..474065332 100644 --- a/website/content/commands/intention/delete.mdx +++ b/website/content/commands/intention/delete.mdx @@ -12,7 +12,7 @@ Corresponding HTTP API Endpoints: [\[DELETE\] /v1/connect/intentions/exact](/api The `intention delete` command deletes a matching intention. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/intention/get.mdx b/website/content/commands/intention/get.mdx index b1252a1b4..f61ab5e93 100644 --- a/website/content/commands/intention/get.mdx +++ b/website/content/commands/intention/get.mdx @@ -17,7 +17,7 @@ Consul 1.9.0. Intentions no longer need IDs when represented as entries. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/intention/index.mdx b/website/content/commands/intention/index.mdx index 8ba1dd996..b907d144b 100644 --- a/website/content/commands/intention/index.mdx +++ b/website/content/commands/intention/index.mdx @@ -15,7 +15,7 @@ This command is available in Consul 1.2 and later. Intentions are managed primarily via [`service-intentions`](/docs/connect/config-entries/service-intentions) config entries after Consul 1.9. Intentions may also be managed via the [HTTP -API](/api/connect/intentions). +API](/api-docs/connect/intentions). ~> **Deprecated** - This command is deprecated in Consul 1.9.0 in favor of using the [config entry CLI command](/commands/config/write). To create an diff --git a/website/content/commands/intention/list.mdx b/website/content/commands/intention/list.mdx index 03dd93248..004914a73 100644 --- a/website/content/commands/intention/list.mdx +++ b/website/content/commands/intention/list.mdx @@ -12,7 +12,7 @@ Corresponding HTTP API Endpoint: [\[GET\] /v1/connect/intentions](/api-docs/conn The `intention list` command shows all intentions including ID and precedence. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/intention/match.mdx b/website/content/commands/intention/match.mdx index 49694551a..b7d456c4f 100644 --- a/website/content/commands/intention/match.mdx +++ b/website/content/commands/intention/match.mdx @@ -17,7 +17,7 @@ The [check](/commands/intention/check) command can be used to check whether an L4 connection would be authorized between any two services. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/join.mdx b/website/content/commands/join.mdx index 2186e67e8..85125d75f 100644 --- a/website/content/commands/join.mdx +++ b/website/content/commands/join.mdx @@ -23,7 +23,7 @@ An agent which is already part of a cluster may join an agent in a different cluster, causing the two clusters to be merged into a single cluster. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/keyring.mdx b/website/content/commands/keyring.mdx index 0dbcb98b4..50494a66d 100644 --- a/website/content/commands/keyring.mdx +++ b/website/content/commands/keyring.mdx @@ -30,7 +30,7 @@ are no errors. If any node fails to reply or reports failure, the exit code will be 1. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required1 | diff --git a/website/content/commands/kv/delete.mdx b/website/content/commands/kv/delete.mdx index 6789fa810..8fe1f5bb1 100644 --- a/website/content/commands/kv/delete.mdx +++ b/website/content/commands/kv/delete.mdx @@ -13,7 +13,7 @@ The `kv delete` command removes the value from Consul's KV store at the given path. If no key exists at the path, no action is taken. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/kv/export.mdx b/website/content/commands/kv/export.mdx index 97f675966..b117de87c 100644 --- a/website/content/commands/kv/export.mdx +++ b/website/content/commands/kv/export.mdx @@ -13,7 +13,7 @@ stdout. This can be used with the command "consul kv import" to move entire trees between Consul clusters. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/kv/get.mdx b/website/content/commands/kv/get.mdx index 044e557bb..44e2c8bc8 100644 --- a/website/content/commands/kv/get.mdx +++ b/website/content/commands/kv/get.mdx @@ -21,7 +21,7 @@ Consul clusters. Alternatively, the [transaction API](/api-docs/txn) provides support for performing up to 64 KV operations atomically. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/kv/import.mdx b/website/content/commands/kv/import.mdx index ab9acf229..f8ef0b670 100644 --- a/website/content/commands/kv/import.mdx +++ b/website/content/commands/kv/import.mdx @@ -11,7 +11,7 @@ The `kv import` command is used to import KV pairs from the JSON representation generated by the `kv export` command. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/kv/index.mdx b/website/content/commands/kv/index.mdx index b3c525ff8..49bfcc6b4 100644 --- a/website/content/commands/kv/index.mdx +++ b/website/content/commands/kv/index.mdx @@ -13,7 +13,7 @@ and deleting from the store. This command is available in Consul 0.7.1 and later. The KV store is also accessible via the -[HTTP API](/api/kv). +[HTTP API](/api-docs/kv). ## Usage diff --git a/website/content/commands/kv/put.mdx b/website/content/commands/kv/put.mdx index 8769d726f..f8c9dd137 100644 --- a/website/content/commands/kv/put.mdx +++ b/website/content/commands/kv/put.mdx @@ -17,7 +17,7 @@ The `kv put` command writes the data to the given path in the KV store. 64 KV operations atomically. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/leave.mdx b/website/content/commands/leave.mdx index 527a617bf..a987338b8 100644 --- a/website/content/commands/leave.mdx +++ b/website/content/commands/leave.mdx @@ -26,7 +26,7 @@ Running `consul leave` on a server explicitly will reduce the quorum size. Even This means you could end up with just one server that is still able to commit writes because quorum is only 1, but those writes might be lost if that server fails before more are added. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/license.mdx b/website/content/commands/license.mdx index e8073e844..7b19228d4 100644 --- a/website/content/commands/license.mdx +++ b/website/content/commands/license.mdx @@ -129,7 +129,7 @@ Corresponding HTTP API Endpoint: [\[PUT\] /v1/operator/license](/api-docs/operat This command sets the Consul Enterprise license. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | @@ -169,7 +169,7 @@ Corresponding HTTP API Endpoint: [\[GET\] /v1/operator/license](/api-docs/operat This command gets the Consul Enterprise license. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | @@ -214,7 +214,7 @@ Resets license for the datacenter to the one builtin in Consul binary, if it is If the builtin license is invalid, the current one stays active. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/login.mdx b/website/content/commands/login.mdx index ff04c51a4..715ba71c5 100644 --- a/website/content/commands/login.mdx +++ b/website/content/commands/login.mdx @@ -18,7 +18,7 @@ command `consul logout` should be used to destroy any tokens created this way to avoid a resource leak. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/logout.mdx b/website/content/commands/logout.mdx index 4c0af4a97..67c39910a 100644 --- a/website/content/commands/logout.mdx +++ b/website/content/commands/logout.mdx @@ -16,7 +16,7 @@ The `logout` command will destroy the provided token if it was created from `consul login`. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/maint.mdx b/website/content/commands/maint.mdx index 221e7e67d..2bd327b34 100644 --- a/website/content/commands/maint.mdx +++ b/website/content/commands/maint.mdx @@ -22,7 +22,7 @@ critical status against a service, and deactivated by deregistering the health check. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/members.mdx b/website/content/commands/members.mdx index 98a1ac58b..fe0c3120c 100644 --- a/website/content/commands/members.mdx +++ b/website/content/commands/members.mdx @@ -22,7 +22,7 @@ reconnect with failed nodes for a certain amount of time in the case that the failure is actually just a network partition. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/namespace/create.mdx b/website/content/commands/namespace/create.mdx index ccadc6204..6fd8e083c 100644 --- a/website/content/commands/namespace/create.mdx +++ b/website/content/commands/namespace/create.mdx @@ -15,7 +15,7 @@ This `namespace create` command creates a namespaces using the CLI parameters pr This was added in Consul Enterprise 1.7.2. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/namespace/delete.mdx b/website/content/commands/namespace/delete.mdx index 95fd4b9e9..5854b585f 100644 --- a/website/content/commands/namespace/delete.mdx +++ b/website/content/commands/namespace/delete.mdx @@ -15,7 +15,7 @@ This `namespace delete` command deletes a namespace. This was added in Consul En ACLs are enabled then this command will require a token with `operator:write` privileges. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/namespace/list.mdx b/website/content/commands/namespace/list.mdx index 1ce45328c..ede6da945 100644 --- a/website/content/commands/namespace/list.mdx +++ b/website/content/commands/namespace/list.mdx @@ -17,7 +17,7 @@ within the target namespaces. The results will be filtered based on the ACL toke see a partial list. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/namespace/read.mdx b/website/content/commands/namespace/read.mdx index b008977b7..d194a7ff6 100644 --- a/website/content/commands/namespace/read.mdx +++ b/website/content/commands/namespace/read.mdx @@ -16,7 +16,7 @@ ACLs are enabled then this command will require a token with `operator:read` pri within the target namespace. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/namespace/update.mdx b/website/content/commands/namespace/update.mdx index bcbb571b4..e74dbc66e 100644 --- a/website/content/commands/namespace/update.mdx +++ b/website/content/commands/namespace/update.mdx @@ -15,7 +15,7 @@ This `namespace update` command updates a namespaces using the CLI parameters pr This was added in Consul Enterprise 1.7.2. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/namespace/write.mdx b/website/content/commands/namespace/write.mdx index 1fe3e5d69..ddcc04348 100644 --- a/website/content/commands/namespace/write.mdx +++ b/website/content/commands/namespace/write.mdx @@ -14,7 +14,7 @@ Corresponding HTTP API Endpoint: [\[PUT\] /v1/namespace/:name](/api-docs/namespa This `namespace write` command creates or updates a namespace's configuration from its full definition. This was added in Consul Enterprise 1.7.0. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/operator/area.mdx b/website/content/commands/operator/area.mdx index 17f2881f5..ae61c6b31 100644 --- a/website/content/commands/operator/area.mdx +++ b/website/content/commands/operator/area.mdx @@ -52,7 +52,7 @@ Corresponding HTTP API Endpoint: [\[POST\] /v1/operator/area](/api-docs/operator This command creates a new network area. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | @@ -94,7 +94,7 @@ Corresponding HTTP API Endpoint: [\[DELETE\] /v1/operator/area/:uuid](/api-docs/ This command deletes an existing network area. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | @@ -133,7 +133,7 @@ This command joins Consul servers into an existing network area by address, such an IP or hostname with an optional port. Multiple addresses may be given. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | @@ -177,7 +177,7 @@ Corresponding HTTP API Endpoint: [\[GET\] /v1/operator/area](/api-docs/operator/ This command lists all network areas. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | @@ -216,7 +216,7 @@ This command displays Consul server nodes present in a network area, or all areas if no area is specified. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | @@ -280,7 +280,7 @@ Corresponding HTTP API Endpoint: [\[PUT\] /v1/operator/area/:uuid](/api-docs/ope This command updates the configuration of network area. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/operator/autopilot.mdx b/website/content/commands/operator/autopilot.mdx index ccd395b35..e78ade6a7 100644 --- a/website/content/commands/operator/autopilot.mdx +++ b/website/content/commands/operator/autopilot.mdx @@ -33,7 +33,7 @@ Corresponding HTTP API Endpoint: [\[GET\] /v1/operator/autopilot/configuration]( This command displays the current autopilot configuration. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | @@ -68,7 +68,7 @@ Corresponding HTTP API Endpoint: [\[PUT\] /v1/operator/autopilot/configuration]( Modifies the current Autopilot configuration. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | @@ -126,7 +126,7 @@ Corresponding HTTP API Endpoint: [\[GET\] /v1/operator/autopilot/state](/api-doc This command displays the current autopilot state. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/operator/index.mdx b/website/content/commands/operator/index.mdx index 0e0b46019..067632298 100644 --- a/website/content/commands/operator/index.mdx +++ b/website/content/commands/operator/index.mdx @@ -22,7 +22,7 @@ if required, so this can be run from any Consul node in a cluster. See the See the [Outage Recovery](https://learn.hashicorp.com/consul/day-2-operations/outage) guide for some examples of how this command is used. For an API to perform these operations programmatically, -please see the documentation for the [Operator](/api/operator) +please see the documentation for the [Operator](/api-docs/operator) endpoint. ## Usage diff --git a/website/content/commands/operator/raft.mdx b/website/content/commands/operator/raft.mdx index 2f10cac74..6c0e1f22d 100644 --- a/website/content/commands/operator/raft.mdx +++ b/website/content/commands/operator/raft.mdx @@ -34,7 +34,7 @@ Corresponding HTTP API Endpoint: [\[GET\] /v1/status/peers](/api-docs/status#lis This command displays the current Raft peer configuration. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | @@ -86,7 +86,7 @@ clean up by simply running instead of this command. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/reload.mdx b/website/content/commands/reload.mdx index def20e377..40d234a15 100644 --- a/website/content/commands/reload.mdx +++ b/website/content/commands/reload.mdx @@ -26,7 +26,7 @@ Not all configuration options are reloadable. See the section on the agent options page for details on which options are supported. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/rtt.mdx b/website/content/commands/rtt.mdx index 4f7fd6e3a..3f8a1f819 100644 --- a/website/content/commands/rtt.mdx +++ b/website/content/commands/rtt.mdx @@ -18,7 +18,7 @@ See the [Network Coordinates](/docs/architecture/coordinates) internals guide for more information on how these coordinates are computed. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/services/deregister.mdx b/website/content/commands/services/deregister.mdx index 7b3afb066..e61456b69 100644 --- a/website/content/commands/services/deregister.mdx +++ b/website/content/commands/services/deregister.mdx @@ -21,7 +21,7 @@ deregister. See [Service Definition](/docs/discovery/services) for more information about registering services generally. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | diff --git a/website/content/commands/services/register.mdx b/website/content/commands/services/register.mdx index 22a960325..7c0b04446 100644 --- a/website/content/commands/services/register.mdx +++ b/website/content/commands/services/register.mdx @@ -20,10 +20,10 @@ in the Consul agent configuration directory and issuing a [reload](/commands/reload). This approach is easiest for configuration management systems that other systems that have access to the configuration directory. Clients may also use the -[HTTP API](/api/agent/service) directly. +[HTTP API](/api-docs/agent/service) directly. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | @@ -44,7 +44,7 @@ This command returns after registration succeeds. It must be paired with a deregistration command or API call to remove the service. To ensure that services are properly deregistered, it is **highly recommended** that a check is created with the -[`DeregisterCriticalServiceAfter`](/api/agent/check#deregistercriticalserviceafter) +[`DeregisterCriticalServiceAfter`](/api-docs/agent/check#deregistercriticalserviceafter) configuration set. This will ensure that even if deregistration failed for any reason, the agent will automatically deregister the service instance after it is unhealthy for the specified period of time. diff --git a/website/content/commands/snapshot/agent.mdx b/website/content/commands/snapshot/agent.mdx index 2be5a849b..f70525389 100644 --- a/website/content/commands/snapshot/agent.mdx +++ b/website/content/commands/snapshot/agent.mdx @@ -49,7 +49,7 @@ remote storage. Snapshots can be restored using the [`consul snapshot restore`](/commands/snapshot/restore) command, or -the [HTTP API](/api/snapshot). +the [HTTP API](/api-docs/snapshot). ## ACL permissions @@ -372,7 +372,7 @@ leader election or service registration: $ consul snapshot agent -interval=0 ``` -Please see the [HTTP API](/api/snapshot) documentation for +Please see the [HTTP API](/api-docs/snapshot) documentation for more details about snapshot internals. ## Licensing @@ -391,4 +391,4 @@ then the order of precedence is as follows: The ability to load licenses from the configuration or environment was added in v1.10.0, v1.9.7 and v1.8.13. See the [licensing documentation](/docs/enterprise/license/overview) for -more information about Consul Enterprise license management. \ No newline at end of file +more information about Consul Enterprise license management. diff --git a/website/content/commands/snapshot/index.mdx b/website/content/commands/snapshot/index.mdx index 6892b07e3..8c872642a 100644 --- a/website/content/commands/snapshot/index.mdx +++ b/website/content/commands/snapshot/index.mdx @@ -12,7 +12,7 @@ state of the Consul servers for disaster recovery. These are atomic, point-in-ti snapshots which include key/value entries, service catalog, prepared queries, sessions, and ACLs. This command is available in Consul 0.7.1 and later. -Snapshots are also accessible via the [HTTP API](/api/snapshot). +Snapshots are also accessible via the [HTTP API](/api-docs/snapshot). ## Usage diff --git a/website/content/commands/snapshot/inspect.mdx b/website/content/commands/snapshot/inspect.mdx index 9db0bac0c..3a5e0b32d 100644 --- a/website/content/commands/snapshot/inspect.mdx +++ b/website/content/commands/snapshot/inspect.mdx @@ -112,7 +112,7 @@ $ consul snapshot inspect -kvdetails -kvdepth 3 -kvfilter vault/core backup.snap Total 5.9KB ``` -Please see the [HTTP API](/api/snapshot) documentation for +Please see the [HTTP API](/api-docs/snapshot) documentation for more details about snapshot internals. To inspect an internal snapshot directly from a Consul server data directory: diff --git a/website/content/commands/snapshot/restore.mdx b/website/content/commands/snapshot/restore.mdx index bc7d68fa1..1657033d1 100644 --- a/website/content/commands/snapshot/restore.mdx +++ b/website/content/commands/snapshot/restore.mdx @@ -20,7 +20,7 @@ intended to be used when recovering from a disaster, restoring into a fresh cluster of Consul servers. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | @@ -46,5 +46,5 @@ $ consul snapshot restore backup.snap Restored snapshot ``` -Please see the [HTTP API](/api/snapshot) documentation for +Please see the [HTTP API](/api-docs/snapshot) documentation for more details about snapshot internals. diff --git a/website/content/commands/snapshot/save.mdx b/website/content/commands/snapshot/save.mdx index 38b9a2708..f2c2afede 100644 --- a/website/content/commands/snapshot/save.mdx +++ b/website/content/commands/snapshot/save.mdx @@ -28,7 +28,7 @@ the context of the server process. If you're using Systemd to manage your Consul processes, then adding `Environment=TMPDIR=/path/to/dir` to your Consul unit file will work. The table below shows this command's [required ACLs](/api#authentication). Configuration of -[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | @@ -73,5 +73,5 @@ This is useful for situations where a cluster is in a degraded state and no leader is available. To target a specific server for a snapshot, you can run the `consul snapshot save` command on that specific server. -Please see the [HTTP API](/api/snapshot) documentation for +Please see the [HTTP API](/api-docs/snapshot) documentation for more details about snapshot internals. diff --git a/website/content/docs/agent/config-entries.mdx b/website/content/docs/agent/config-entries.mdx index 7a9dfa75d..d477db6b2 100644 --- a/website/content/docs/agent/config-entries.mdx +++ b/website/content/docs/agent/config-entries.mdx @@ -55,7 +55,7 @@ See [Kubernetes Custom Resource Definitions](/docs/k8s/crds). ## Managing Configuration Entries Outside Of Kubernetes Configuration entries outside of Kubernetes should be managed with the Consul -[CLI](/commands/config) or [API](/api/config). Additionally, as a +[CLI](/commands/config) or [API](/api-docs/config). Additionally, as a convenience for initial cluster bootstrapping, configuration entries can be specified in the Consul servers agent's [configuration files](/docs/agent/options#config_entries_bootstrap) diff --git a/website/content/docs/agent/options.mdx b/website/content/docs/agent/options.mdx index b35e964ff..2b1c1b867 100644 --- a/website/content/docs/agent/options.mdx +++ b/website/content/docs/agent/options.mdx @@ -709,7 +709,7 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'." - `enable_token_replication` ((#acl_enable_token_replication)) - By default secondary Consul datacenters will perform replication of only ACL policies and roles. Setting this configuration will will enable ACL token replication and - allow for the creation of both [local tokens](/api/acl/tokens#local) and + allow for the creation of both [local tokens](/api-docs/acl/tokens#local) and [auth methods](/docs/security/acl/auth-methods) in connected secondary datacenters. ~> **Warning:** When enabling ACL token replication on the secondary datacenter, @@ -761,7 +761,7 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'." - `agent_recovery` ((#acl_tokens_agent_recovery)) - This is available in Consul 1.11 and later. In prior versions, use [`acl.tokens.agent_master`](#acl_tokens_agent_master). - Used to access [agent endpoints](/api/agent) that require agent read or write privileges, + Used to access [agent endpoints](/api-docs/agent) that require agent read or write privileges, or node read privileges, even if Consul servers aren't present to validate any tokens. This should only be used by operators during outages, regular ACL tokens should normally be used by applications. @@ -771,7 +771,7 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'." - `replication` ((#acl_tokens_replication)) - The ACL token used to authorize secondary datacenters with the primary datacenter for replication - operations. This token is required for servers outside the [`primary_datacenter`](#primary_datacenter) when ACLs are enabled. This token may be provided later using the [agent token API](/api/agent#update-acl-tokens) on each server. This token must have at least "read" permissions on ACL data but if ACL token replication is enabled then it must have "write" permissions. This also enables Connect replication, for which the token will require both operator "write" and intention "read" permissions for replicating CA and Intention data. + operations. This token is required for servers outside the [`primary_datacenter`](#primary_datacenter) when ACLs are enabled. This token may be provided later using the [agent token API](/api-docs/agent#update-acl-tokens) on each server. This token must have at least "read" permissions on ACL data but if ACL token replication is enabled then it must have "write" permissions. This also enables Connect replication, for which the token will require both operator "write" and intention "read" permissions for replicating CA and Intention data. ~> **Warning:** When enabling ACL token replication on the secondary datacenter, policies and roles already present in the secondary datacenter will be lost. For @@ -828,7 +828,7 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'." - `acl_agent_master_token` ((#acl_agent_master_token_legacy)) - **Deprecated in Consul 1.4.0. See the [`acl.tokens.agent_master`](#acl_tokens_agent_master) - field instead.** Used to access [agent endpoints](/api/agent) that + field instead.** Used to access [agent endpoints](/api-docs/agent) that require agent read or write privileges, or node read privileges, even if Consul servers aren't present to validate any tokens. This should only be used by operators during outages, regular ACL tokens should normally be used by applications. This @@ -859,7 +859,7 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'." using this ACL replication using this token to retrieve and replicate the ACLs to the non-authoritative local datacenter. In Consul 0.9.1 and later you can enable ACL replication using [`acl.enable_token_replication`](#acl_enable_token_replication) and then - set the token later using the [agent token API](/api/agent#update-acl-tokens) + set the token later using the [agent token API](/api-docs/agent#update-acl-tokens) on each server. If the `acl_replication_token` is set in the config, it will automatically set [`acl.enable_token_replication`](#acl_enable_token_replication) to true for backward compatibility. @@ -1164,7 +1164,7 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'." - `claim_assertions` (Defaults to `[]`) List of assertions about the mapped claims required to authorize the incoming RPC request. The syntax uses [github.com/hashicorp/go-bexpr](https://github.com/hashicorp/go-bexpr) which is shared with the - [API filtering feature](/api/features/filtering). For example, the following + [API filtering feature](/api-docs/features/filtering). For example, the following configurations when combined will ensure that the JWT `sub` matches the node name requested by the client. @@ -1319,12 +1319,12 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr - `ca_provider` ((#connect_ca_provider)) Controls which CA provider to use for Connect's CA. Currently only the `aws-pca`, `consul`, and `vault` providers are supported. This is only used when initially bootstrapping the cluster. For an existing cluster, - use the [Update CA Configuration Endpoint](/api/connect/ca#update-ca-configuration). + use the [Update CA Configuration Endpoint](/api-docs/connect/ca#update-ca-configuration). - `ca_config` ((#connect_ca_config)) An object which allows setting different config options based on the CA provider chosen. This is only used when initially bootstrapping the cluster. For an existing cluster, use the [Update CA Configuration - Endpoint](/api/connect/ca#update-ca-configuration). + Endpoint](/api-docs/connect/ca#update-ca-configuration). The following providers are supported: @@ -1598,12 +1598,12 @@ There are also a number of common configuration options supported by all provide in seconds, default value is 600, ie: 10 minutes. - `use_cache` ((#dns_use_cache)) - When set to true, DNS resolution will - use the agent cache described in [agent caching](/api/features/caching). + use the agent cache described in [agent caching](/api-docs/features/caching). This setting affects all service and prepared queries DNS requests. Implies [`allow_stale`](#allow_stale) - `cache_max_age` ((#dns_cache_max_age)) - When [use_cache](#dns_use_cache) is enabled, the agent will attempt to re-fetch the result from the servers if - the cached value is older than this duration. See: [agent caching](/api/features/caching). + the cached value is older than this duration. See: [agent caching](/api-docs/features/caching). **Note** that unlike the `max-age` HTTP header, a value of 0 for this field is equivalent to "no max age". To get a fresh value from the cache use a very small value @@ -1622,7 +1622,7 @@ There are also a number of common configuration options supported by all provide - `enable_acl_replication` **Deprecated in Consul 1.11. Use the [`acl.enable_token_replication`](#acl_enable_token_replication) field instead.** When set on a Consul server, enables ACL replication without having to set the replication token via [`acl_replication_token`](#acl_replication_token). Instead, enable ACL replication - and then introduce the token using the [agent token API](/api/agent#update-acl-tokens) on each server. + and then introduce the token using the [agent token API](/api-docs/agent#update-acl-tokens) on each server. See [`acl_replication_token`](#acl_replication_token) for more details. ~> **Warning:** When enabling ACL token replication on the secondary datacenter, @@ -1801,7 +1801,7 @@ There are also a number of common configuration options supported by all provide - `allow_write_http_from` This object is a list of networks in CIDR notation (eg "127.0.0.0/8") that are allowed to call the agent write endpoints. It defaults to an empty list, which means all networks are allowed. This is used to make the agent read-only, except for select ip ranges. - To block write calls from anywhere, use `[ "255.255.255.255/32" ]`. - To only allow write calls from localhost, use `[ "127.0.0.0/8" ]` - To only allow specific IPs, use `[ "10.0.0.1/32", "10.0.0.2/32" ]` - - `use_cache` ((#http_config_use_cache)) Defaults to true. If disabled, the agent won't be using [agent caching](/api/features/caching) to answer the request. Even when the url parameter is provided. + - `use_cache` ((#http_config_use_cache)) Defaults to true. If disabled, the agent won't be using [agent caching](/api-docs/features/caching) to answer the request. Even when the url parameter is provided. - `max_header_bytes` This setting controls the maximum number of bytes the consul http server will read parsing the request header's keys and values, including the request line. It does not limit the size of the request body. If zero, or negative, http.DefaultMaxHeaderBytes is used, which equates to 1 Megabyte. @@ -1820,8 +1820,8 @@ There are also a number of common configuration options supported by all provide - `rpc_max_conns_per_client` - Configures a limit of how many concurrent TCP connections a single source IP address is allowed to open to a single server. It affects both clients connections and other server connections. In general Consul clients multiplex many RPC calls over a single TCP connection so this can typically be kept low. It needs to be more than one though since servers open at least one additional connection for raft RPC, possibly more for WAN federation when using network areas, and snapshot requests from clients run over a separate TCP conn. A reasonably low limit significantly reduces the ability of an unauthenticated attacker to consume unbounded resources by holding open many connections. You may need to increase this if WAN federated servers connect via proxies or NAT gateways or similar causing many legitimate connections from a single source IP. Default value is `100` which is designed to be extremely conservative to limit issues with certain deployment patterns. Most deployments can probably reduce this safely. 100 connections on modern server hardware should not cause a significant impact on resource usage from an unauthenticated attacker though. - `rpc_rate` - Configures the RPC rate limiter on Consul _clients_ by setting the maximum request rate that this agent is allowed to make for RPC requests to Consul servers, in requests per second. Defaults to infinite, which disables rate limiting. - `rpc_max_burst` - The size of the token bucket used to recharge the RPC rate limiter on Consul _clients_. Defaults to 1000 tokens, and each token is good for a single RPC call to a Consul server. See https://en.wikipedia.org/wiki/Token_bucket for more details about how token bucket rate limiters operate. - - `kv_max_value_size` - **(Advanced)** Configures the maximum number of bytes for a kv request body to the [`/v1/kv`](/api/kv) endpoint. This limit defaults to [raft's](https://github.com/hashicorp/raft) suggested max size (512KB). **Note that tuning these improperly can cause Consul to fail in unexpected ways**, it may potentially affect leadership stability and prevent timely heartbeat signals by increasing RPC IO duration. This option affects the txn endpoint too, but Consul 1.7.2 introduced `txn_max_req_len` which is the preferred way to set the limit for the txn endpoint. If both limits are set, the higher one takes precedence. - - `txn_max_req_len` - **(Advanced)** Configures the maximum number of bytes for a transaction request body to the [`/v1/txn`](/api/txn) endpoint. This limit defaults to [raft's](https://github.com/hashicorp/raft) suggested max size (512KB). **Note that tuning these improperly can cause Consul to fail in unexpected ways**, it may potentially affect leadership stability and prevent timely heartbeat signals by increasing RPC IO duration. + - `kv_max_value_size` - **(Advanced)** Configures the maximum number of bytes for a kv request body to the [`/v1/kv`](/api-docs/kv) endpoint. This limit defaults to [raft's](https://github.com/hashicorp/raft) suggested max size (512KB). **Note that tuning these improperly can cause Consul to fail in unexpected ways**, it may potentially affect leadership stability and prevent timely heartbeat signals by increasing RPC IO duration. This option affects the txn endpoint too, but Consul 1.7.2 introduced `txn_max_req_len` which is the preferred way to set the limit for the txn endpoint. If both limits are set, the higher one takes precedence. + - `txn_max_req_len` - **(Advanced)** Configures the maximum number of bytes for a transaction request body to the [`/v1/txn`](/api-docs/txn) endpoint. This limit defaults to [raft's](https://github.com/hashicorp/raft) suggested max size (512KB). **Note that tuning these improperly can cause Consul to fail in unexpected ways**, it may potentially affect leadership stability and prevent timely heartbeat signals by increasing RPC IO duration. - `log_file` Equivalent to the [`-log-file` command-line flag](#_log_file). @@ -2238,7 +2238,7 @@ There are also a number of common configuration options supported by all provide 2 times the interval of scrape of Prometheus, but you might also put a very high retention time such as a few days (for instance 744h to enable retention to 31 days). Fetching the metrics using prometheus can then be performed using the - [`/v1/agent/metrics?format=prometheus`](/api/agent#view-metrics) endpoint. + [`/v1/agent/metrics?format=prometheus`](/api-docs/agent#view-metrics) endpoint. The format is compatible natively with prometheus. When running in this mode, it is recommended to also enable the option [`disable_hostname`](#telemetry-disable_hostname) to avoid having prefixed metrics with hostname. Consul does not use the default @@ -2288,11 +2288,11 @@ There are also a number of common configuration options supported by all provide The following endpoints translate addresses: - - [`/v1/catalog/nodes`](/api/catalog#list-nodes) - - [`/v1/catalog/node/`](/api/catalog#retrieve-map-of-services-for-a-node) - - [`/v1/catalog/service/`](/api/catalog#list-nodes-for-service) - - [`/v1/health/service/`](/api/health#list-nodes-for-service) - - [`/v1/query//execute`](/api/query#execute-prepared-query) + - [`/v1/catalog/nodes`](/api-docs/catalog#list-nodes) + - [`/v1/catalog/node/`](/api-docs/catalog#retrieve-map-of-services-for-a-node) + - [`/v1/catalog/service/`](/api-docs/catalog#list-nodes-for-service) + - [`/v1/health/service/`](/api-docs/health#list-nodes-for-service) + - [`/v1/query//execute`](/api-docs/query#execute-prepared-query) - `ui` - **This field is deprecated in Consul 1.9.0. See the [`ui_config.enabled`](#ui_config_enabled) field instead.** Equivalent to the [`-ui`](#_ui) command-line flag. diff --git a/website/content/docs/agent/sentinel.mdx b/website/content/docs/agent/sentinel.mdx index b86e12942..c25da5293 100644 --- a/website/content/docs/agent/sentinel.mdx +++ b/website/content/docs/agent/sentinel.mdx @@ -54,7 +54,7 @@ Consul passes some context as variables into Sentinel, which are available to us | ------------- | -------- | ---------------------- | | `key` | `string` | Key being written | | `value` | `string` | Value being written | -| `flags` | `uint64` | [Flags](/api/kv#flags) | +| `flags` | `uint64` | [Flags](/api-docs/kv#flags) | ## Sentinel Examples diff --git a/website/content/docs/agent/telemetry.mdx b/website/content/docs/agent/telemetry.mdx index 1c02cebf0..e17b75396 100644 --- a/website/content/docs/agent/telemetry.mdx +++ b/website/content/docs/agent/telemetry.mdx @@ -36,7 +36,7 @@ it can be aggregated and flushed to Graphite or any other metrics store. For a configuration example for Telegraf, review the [Monitoring with Telegraf tutorial](https://learn.hashicorp.com/tutorials/consul/monitor-health-telegraf?utm_source=consul.io&utm_medium=docs). This -information can also be viewed with the [metrics endpoint](/api/agent#view-metrics) in JSON +information can also be viewed with the [metrics endpoint](/api-docs/agent#view-metrics) in JSON format or using [Prometheus](https://prometheus.io/) format. diff --git a/website/content/docs/architecture/consensus.mdx b/website/content/docs/architecture/consensus.mdx index 9a172a54b..361d2336e 100644 --- a/website/content/docs/architecture/consensus.mdx +++ b/website/content/docs/architecture/consensus.mdx @@ -73,7 +73,7 @@ _committed_, it can be _applied_ to a finite state machine. The finite state mac is application specific; in Consul's case, we use [MemDB](https://github.com/hashicorp/go-memdb) to maintain cluster state. Consul's writes block until it is both _committed_ and _applied_. This achieves read after write semantics -when used with the [consistent](/api/features/consistency#consistent) mode for queries. +when used with the [consistent](/api-docs/features/consistency#consistent) mode for queries. Obviously, it would be undesirable to allow a replicated log to grow in an unbounded fashion. Raft provides a mechanism by which the current state is snapshotted and the @@ -168,7 +168,7 @@ The three read modes are: a cluster that is unavailable will still be able to respond. For more documentation about using these various modes, see the -[HTTP API](/api/features/consistency). +[HTTP API](/api-docs/features/consistency). ## Deployment Table ((#deployment_table)) diff --git a/website/content/docs/architecture/coordinates.mdx b/website/content/docs/architecture/coordinates.mdx index 082273fef..1e642b31b 100644 --- a/website/content/docs/architecture/coordinates.mdx +++ b/website/content/docs/architecture/coordinates.mdx @@ -25,15 +25,15 @@ Network coordinates manifest in several ways inside Consul: - The [`consul rtt`](/commands/rtt) command can be used to query for the network round trip time between any two nodes. -- The [Catalog endpoints](/api/catalog) and - [Health endpoints](/api/health) can sort the results of queries based +- The [Catalog endpoints](/api-docs/catalog) and + [Health endpoints](/api-docs/health) can sort the results of queries based on the network round trip time from a given node using a "?near=" parameter. -- [Prepared queries](/api/query) can automatically fail over services +- [Prepared queries](/api-docs/query) can automatically fail over services to other Consul datacenters based on network round trip times. See the [Geo Failover](https://learn.hashicorp.com/tutorials/consul/automate-geo-failover) for some examples. -- The [Coordinate endpoint](/api/coordinate) exposes raw network +- The [Coordinate endpoint](/api-docs/coordinate) exposes raw network coordinates for use in other applications. Consul uses Serf to manage two different gossip pools, one for the LAN with members @@ -46,7 +46,7 @@ LAN coordinates, and WAN coordinates only make sense with other WAN coordinates. Computing the estimated network round trip time between any two nodes is simple once you have their coordinates. Here's a sample coordinate, as returned from the -[Coordinate endpoint](/api/coordinate). +[Coordinate endpoint](/api-docs/coordinate). diff --git a/website/content/docs/connect/ca/consul.mdx b/website/content/docs/connect/ca/consul.mdx index 2c7b08d74..1094ffd25 100644 --- a/website/content/docs/connect/ca/consul.mdx +++ b/website/content/docs/connect/ca/consul.mdx @@ -60,7 +60,7 @@ configuration file. [SPIFFE SVID signing certificate](https://github.com/spiffe/spiffe/blob/master/standards/X509-SVID.md) and the URI in the SAN must match the cluster identifier created at bootstrap with the ".consul" TLD. The cluster identifier can be found - using the [CA List Roots endpoint](/api/connect/ca#list-ca-root-certificates). + using the [CA List Roots endpoint](/api-docs/connect/ca#list-ca-root-certificates). @include 'http_api_connect_ca_common_options.mdx' @@ -72,7 +72,7 @@ the Consul CA provider to use a specific private key and root certificate. This is particularly useful if you have an external PKI system that doesn't currently integrate with Consul directly. -To view the current CA configuration, use the [Get CA Configuration endpoint](/api/connect/ca#get-ca-configuration): +To view the current CA configuration, use the [Get CA Configuration endpoint](/api-docs/connect/ca#get-ca-configuration): ```shell-session $ curl localhost:8500/v1/connect/ca/configuration @@ -93,7 +93,7 @@ been generated (as seen above in the roots list). There are two ways to have the Consul CA use a custom private key and root certificate: either through the `ca_config` section of the [Agent configuration](/docs/agent/options#connect_ca_config) (which can only be used during the cluster's -initial bootstrap) or through the [Update CA Configuration endpoint](/api/connect/ca#update-ca-configuration). +initial bootstrap) or through the [Update CA Configuration endpoint](/api-docs/connect/ca#update-ca-configuration). Currently Consul requires that root certificates are valid [SPIFFE SVID Signing certificates](https://github.com/spiffe/spiffe/blob/master/standards/X509-SVID.md) and that the URI encoded in the SAN is the cluster identifier created at bootstrap with the ".consul" TLD. In this diff --git a/website/content/docs/connect/ca/index.mdx b/website/content/docs/connect/ca/index.mdx index d4caf7ed5..dc035b4e4 100644 --- a/website/content/docs/connect/ca/index.mdx +++ b/website/content/docs/connect/ca/index.mdx @@ -49,7 +49,7 @@ state. For the initial bootstrap, the CA provider can be configured through the [Agent configuration](/docs/agent/options#connect_ca_config). After initialization, the CA can only be updated through the -[Update CA Configuration API endpoint](/api/connect/ca#update-ca-configuration). +[Update CA Configuration API endpoint](/api-docs/connect/ca#update-ca-configuration). If a CA is already initialized, any changes to the CA configuration in the agent configuration file (including removing the configuration completely) will have no effect. @@ -61,7 +61,7 @@ be generated automatically. ## Viewing Root Certificates Root certificates can be queried with the -[list CA Roots endpoint](/api/connect/ca#list-ca-root-certificates). +[list CA Roots endpoint](/api-docs/connect/ca#list-ca-root-certificates). With this endpoint, you can see the list of currently trusted root certificates. When a cluster first initializes, this will only list one trusted root. Multiple roots may appear as part of @@ -96,7 +96,7 @@ $ curl http://localhost:8500/v1/connect/ca/roots ## CA Configuration After initialization, the CA provider configuration can be viewed with the -[Get CA Configuration API endpoint](/api/connect/ca#get-ca-configuration). +[Get CA Configuration API endpoint](/api-docs/connect/ca#get-ca-configuration). Consul will filter sensitive values from this endpoint depending on the provider in use, so the configuration may not be complete. @@ -114,7 +114,7 @@ $ curl http://localhost:8500/v1/connect/ca/configuration ``` The CA provider can be reconfigured using the -[Update CA Configuration API endpoint](/api/connect/ca#update-ca-configuration). +[Update CA Configuration API endpoint](/api-docs/connect/ca#update-ca-configuration). Specific options for reconfiguration can be found in the specific CA provider documentation in the sidebar to the left. @@ -147,7 +147,7 @@ certificate or CA provider has been set up, the new root becomes the active one and is immediately used for signing any new incoming certificate requests. If we check the [list CA roots -endpoint](/api/connect/ca#list-ca-root-certificates) after updating the +endpoint](/api-docs/connect/ca#list-ca-root-certificates) after updating the configuration with a new root certificate, we can see both the old and new root certificates are present, and the currently active root has an intermediate certificate which has been generated and cross-signed automatically by the old @@ -244,6 +244,6 @@ to each cluster and can be looked up by examining the `TrustDomain` field in the [List CA Roots](/api-docs/connect/ca#list-ca-root-certificates) endpoint. The contents of the generated cert and private key files from the above step should then be used with -the [Update CA Configuration](/api/connect/ca#update-ca-configuration) endpoint. Once the CA configuration is +the [Update CA Configuration](/api-docs/connect/ca#update-ca-configuration) endpoint. Once the CA configuration is updated on the primary datacenter, all secondary datacenters will pick up the changes and regenerate their intermediate and leaf certificates, after which any new requests that require certificate verification will succeed. diff --git a/website/content/docs/connect/config-entries/ingress-gateway.mdx b/website/content/docs/connect/config-entries/ingress-gateway.mdx index 918177e4c..78773188d 100644 --- a/website/content/docs/connect/config-entries/ingress-gateway.mdx +++ b/website/content/docs/connect/config-entries/ingress-gateway.mdx @@ -937,7 +937,7 @@ You can specify the following parameters to configure ingress gateway configurat enterprise: true, description: 'Specifies the namespace in which the configuration entry will apply. The value must match the namespace in which the gateway is registered.' + - ' If omitted, the namespace will be inherited from the `ns` request parameter (refer to the [`config` API endpoint documentation](/api/config#ns)).' + + ' If omitted, the namespace will be inherited from the `ns` request parameter (refer to the [`config` API endpoint documentation](/api-docs/config#ns)).' + ' or will default to the `default` namespace.', yaml: false, }, @@ -954,7 +954,7 @@ You can specify the following parameters to configure ingress gateway configurat enterprise: true, description: 'Specifies the admin partition in which the configuration will apply. The value must match the partition in which the gateway is registered.' + - ' If omitted, the partition will be inherited from the request (refer to the [`config` API endpoint documentation](/api/config)).' + + ' If omitted, the partition will be inherited from the request (refer to the [`config` API endpoint documentation](/api-docs/config)).' + ' See [Admin Partitions](/docs/enterprise/admin-partitions) for additional information.', yaml: false, }, diff --git a/website/content/docs/connect/config-entries/service-resolver.mdx b/website/content/docs/connect/config-entries/service-resolver.mdx index da4f24e0c..056c7ba02 100644 --- a/website/content/docs/connect/config-entries/service-resolver.mdx +++ b/website/content/docs/connect/config-entries/service-resolver.mdx @@ -405,10 +405,10 @@ spec: { name: 'Filter', type: 'string: ""', - description: `The [filter expression](/api/features/filtering) to be used for selecting + description: `The [filter expression](/api-docs/features/filtering) to be used for selecting instances of the requested service. If empty all healthy instances are returned. This expression can filter on the same selectors as the - [Health API endpoint](/api/health#filtering-2).`, + [Health API endpoint](/api-docs/health#filtering-2).`, }, { name: 'OnlyPassing', diff --git a/website/content/docs/connect/config-entries/terminating-gateway.mdx b/website/content/docs/connect/config-entries/terminating-gateway.mdx index c5efc511a..8da3b20e6 100644 --- a/website/content/docs/connect/config-entries/terminating-gateway.mdx +++ b/website/content/docs/connect/config-entries/terminating-gateway.mdx @@ -568,7 +568,7 @@ spec: enterprise: true, description: 'Specifies the namespace to which the configuration entry will apply. This must match the namespace in which the gateway is registered.' + - ' If omitted, the namespace will be inherited from [the request](/api/config#ns)' + + ' If omitted, the namespace will be inherited from [the request](/api-docs/config#ns)' + ' or will default to the `default` namespace.', yaml: false, }, @@ -578,7 +578,7 @@ spec: enterprise: true, description: 'Specifies the admin partition to which the configuration entry will apply. This must match the partition in which the gateway is registered.' + - ' If omitted, the partition will be inherited from [the request](/api/config)' + + ' If omitted, the partition will be inherited from [the request](/api-docs/config)' + ' or will default to the `default` partition.', yaml: false, }, diff --git a/website/content/docs/connect/connect-internals.mdx b/website/content/docs/connect/connect-internals.mdx index c55ab2942..7e49c9936 100644 --- a/website/content/docs/connect/connect-internals.mdx +++ b/website/content/docs/connect/connect-internals.mdx @@ -30,14 +30,14 @@ This enables Connect services to establish and accept connections with other SPIFFE-compliant systems. The client service verifies the destination service certificate -against the [public CA bundle](/api/connect/ca#list-ca-root-certificates). +against the [public CA bundle](/api-docs/connect/ca#list-ca-root-certificates). This is very similar to a typical HTTPS web browser connection. In addition to this, the client provides its own client certificate to show its identity to the destination service. If the connection handshake succeeds, the connection is encrypted and authorized. The destination service verifies the client certificate against the [public CA -bundle](/api/connect/ca#list-ca-root-certificates). After verifying the +bundle](/api-docs/connect/ca#list-ca-root-certificates). After verifying the certificate, the next step depends upon the configured application protocol of the destination service. TCP (L4) services must authorize incoming _connections_ against the configured set of Consul [intentions](/docs/connect/intentions), @@ -54,15 +54,15 @@ and can be extended to support any system by adding additional CA providers. All APIs required for Connect typically respond in microseconds and impose minimal overhead to existing services. To ensure this, Connect-related API calls are all made to the local Consul agent over a loopback interface, and all [agent -Connect endpoints](/api/agent/connect) implement local caching, background +Connect endpoints](/api-docs/agent/connect) implement local caching, background updating, and support blocking queries. Most API calls operate on purely local in-memory data. ## Agent Caching and Performance To enable fast responses on endpoints such as the [agent Connect -API](/api/agent/connect), the Consul agent locally caches most Connect-related -data and sets up background [blocking queries](/api/features/blocking) against +API](/api-docs/agent/connect), the Consul agent locally caches most Connect-related +data and sets up background [blocking queries](/api-docs/features/blocking) against the server to update the cache in the background. This allows most API calls such as retrieving certificates or authorizing connections to use in-memory data and respond very quickly. diff --git a/website/content/docs/connect/gateways/ingress-gateway.mdx b/website/content/docs/connect/gateways/ingress-gateway.mdx index 50c796532..9f181850e 100644 --- a/website/content/docs/connect/gateways/ingress-gateway.mdx +++ b/website/content/docs/connect/gateways/ingress-gateway.mdx @@ -13,7 +13,7 @@ description: >- Ingress gateways enable connectivity within your organizational network from services outside the Consul service mesh to services in the mesh. An ingress gateway is a type of proxy and must be registered as a service in Consul, with the -[kind](/api/agent/service#kind) set to "ingress-gateway". They are an +[kind](/api-docs/agent/service#kind) set to "ingress-gateway". They are an entrypoint for outside traffic and allow you to define what services should be exposed and on what port. You configure an ingress gateway by defining a set of [listeners](/docs/connect/config-entries/ingress-gateway#listeners) that each map @@ -53,7 +53,7 @@ review the [ingress gateway tutorial](https://learn.hashicorp.com/tutorials/cons ## Ingress Gateway Configuration Ingress gateways are configured in service definitions and registered with Consul like other services, with two exceptions. -The first is that the [kind](/api/agent/service#kind) must be "ingress-gateway". Second, +The first is that the [kind](/api-docs/agent/service#kind) must be "ingress-gateway". Second, the ingress gateway service definition may contain a `Proxy.Config` entry just like a Connect proxy service, to define opaque configuration parameters useful for the actual proxy software. For Envoy there are some supported [gateway options](/docs/connect/proxies/envoy#gateway-options) as well as @@ -279,4 +279,4 @@ Listeners = [ Separate certificates may be loaded per listener or per-service with hostname (SNI) switching. See the [Config Entry -reference](/docs/connect/config-entries/ingress-gateway) for more details. \ No newline at end of file +reference](/docs/connect/config-entries/ingress-gateway) for more details. diff --git a/website/content/docs/connect/gateways/mesh-gateway/wan-federation-via-mesh-gateways.mdx b/website/content/docs/connect/gateways/mesh-gateway/wan-federation-via-mesh-gateways.mdx index 69399111b..aac107b2e 100644 --- a/website/content/docs/connect/gateways/mesh-gateway/wan-federation-via-mesh-gateways.mdx +++ b/website/content/docs/connect/gateways/mesh-gateway/wan-federation-via-mesh-gateways.mdx @@ -179,5 +179,5 @@ expected result: their _local_ ip addresses and are listed as `alive`. - Ensure any API request that activates datacenter request forwarding. such as - [`/v1/catalog/services?dc=`](/api/catalog#dc-1) + [`/v1/catalog/services?dc=`](/api-docs/catalog#dc-1) succeeds. diff --git a/website/content/docs/connect/gateways/terminating-gateway.mdx b/website/content/docs/connect/gateways/terminating-gateway.mdx index 31aeddc41..81e18d19f 100644 --- a/website/content/docs/connect/gateways/terminating-gateway.mdx +++ b/website/content/docs/connect/gateways/terminating-gateway.mdx @@ -73,7 +73,7 @@ Connect proxies that send upstream traffic through a gateway aren't affected when you deploy terminating gateways. If you are using non-Envoy proxies as Connect proxies they will continue to work for traffic directed at services linked to a terminating gateway as long as they discover upstreams with the -[/health/connect](/api/health#list-nodes-for-connect-capable-service) endpoint. +[/health/connect](/api-docs/health#list-nodes-for-connect-capable-service) endpoint. ## Running and Using a Terminating Gateway @@ -83,7 +83,7 @@ services outside the mesh, review the [terminating gateway tutorial](https://lea ## Terminating Gateway Configuration Terminating gateways are configured in service definitions and registered with Consul like other services, with two exceptions. -The first is that the [kind](/api/agent/service#kind) must be "terminating-gateway". Second, +The first is that the [kind](/api-docs/agent/service#kind) must be "terminating-gateway". Second, the terminating gateway service definition may contain a `Proxy.Config` entry just like a Connect proxy service, to define opaque configuration parameters useful for the actual proxy software. For Envoy there are some supported [gateway options](/docs/connect/proxies/envoy#gateway-options) as well as @@ -98,7 +98,7 @@ must also provide `agent:read` for its node's name in order to discover the agen Linking services to a terminating gateway is done with a `terminating-gateway` [configuration entry](/docs/connect/config-entries/terminating-gateway). This config entry can be applied via the -[CLI](/commands/config/write) or [API](/api/config#apply-configuration). +[CLI](/commands/config/write) or [API](/api-docs/config#apply-configuration). Gateways with the same name in Consul's service catalog are configured with a single configuration entry. This means that additional gateway instances registered with the same name will determine their routing based on the existing configuration entry. @@ -113,12 +113,12 @@ sets of services within their datacenter then the terminating gateways **must** The services that the terminating gateway will proxy for must be registered with Consul, even the services outside the mesh. They must also be registered in the same Consul datacenter as the terminating gateway. Otherwise the terminating gateway will not be able to discover the services' addresses. These services can be registered with a local Consul agent. -If there is no agent present, the services can be registered [directly in the catalog](/api/catalog#register-entity) +If there is no agent present, the services can be registered [directly in the catalog](/api-docs/catalog#register-entity) by sending the registration request to a client or server agent on a different host. All services registered in the Consul catalog must be associated with a node, even when their node is not managed by a Consul client agent. All agent-less services with the same address can be registered under the same node name and address. -However, ensure that the [node name](/api/catalog#node) for external services registered directly in the catalog +However, ensure that the [node name](/api-docs/catalog#node) for external services registered directly in the catalog does not match the node name of any Consul client agent node. If the node name overlaps with the node name of a Consul client agent, Consul's [anti-entropy sync](/docs/architecture/anti-entropy) will delete the services registered via the `/catalog/register` HTTP API endpoint. diff --git a/website/content/docs/connect/intentions-legacy.mdx b/website/content/docs/connect/intentions-legacy.mdx index 240f0aea8..1939db196 100644 --- a/website/content/docs/connect/intentions-legacy.mdx +++ b/website/content/docs/connect/intentions-legacy.mdx @@ -107,7 +107,7 @@ top to bottom, with larger numbers being evaluated first. | Exact | `*` | `*` | `*` | 2 | | `*` | `*` | `*` | `*` | 1 | -The precedence value can be read from the [API](/api/connect/intentions) +The precedence value can be read from the [API](/api-docs/connect/intentions) after an intention is created. Precedence cannot be manually overridden today. This is a feature that will be added in a later version of Consul. diff --git a/website/content/docs/connect/intentions.mdx b/website/content/docs/connect/intentions.mdx index 9f3ea2c42..e76db2511 100644 --- a/website/content/docs/connect/intentions.mdx +++ b/website/content/docs/connect/intentions.mdx @@ -43,7 +43,7 @@ At any given point in time, between any pair of services **only one intention controls authorization**. This may be either an L4 intention or an L7 intention, but at any given point in time only one of those applies. -The [intention match API](/api/connect/intentions#list-matching-intentions) +The [intention match API](/api-docs/connect/intentions#list-matching-intentions) should be periodically called to retrieve all relevant intentions for the target destination. After verifying the TLS client certificate, the cached intentions should be consulted for each incoming connection/request to diff --git a/website/content/docs/connect/l7-traffic/discovery-chain.mdx b/website/content/docs/connect/l7-traffic/discovery-chain.mdx index 41a32a9b5..dc9594e61 100644 --- a/website/content/docs/connect/l7-traffic/discovery-chain.mdx +++ b/website/content/docs/connect/l7-traffic/discovery-chain.mdx @@ -11,7 +11,7 @@ description: >- -> **1.6.0+:** This feature is available in Consul versions 1.6.0 and newer. -~> This topic is part of a [low-level API](/api/discovery-chain) +~> This topic is part of a [low-level API](/api-docs/discovery-chain) primarily targeted at developers building external [Connect proxy integrations](/docs/connect/proxies/integrate). @@ -74,7 +74,7 @@ discovery chain, we first compile them into a form more directly usable by the layers responsible for configuring Connect sidecar proxies. You can interact with the compiler directly using the [discovery-chain -API](/api/discovery-chain). +API](/api-docs/discovery-chain). ### Compilation Parameters @@ -102,7 +102,7 @@ The response is a single wrapped `CompiledDiscoveryChain` field: The chain encodes a digraph of [nodes](#discoverygraphnode) and [targets](#discoverytarget). Nodes are the compiled representation of various discovery chain stages and targets are instructions on how to use the [health -API](/api/health#list-nodes-for-connect-capable-service) to retrieve +API](/api-docs/health#list-nodes-for-connect-capable-service) to retrieve relevant service instance lists. You should traverse the nodes starting with [`StartNode`](#startnode). The @@ -219,7 +219,7 @@ A single node in the compiled discovery chain. definition for this target. - `Filter` `(string: "")` - The - [filter expression](/api/features/filtering) to be used for selecting + [filter expression](/api-docs/features/filtering) to be used for selecting instances of the requested service. If empty all healthy instances are returned. diff --git a/website/content/docs/connect/native/go.mdx b/website/content/docs/connect/native/go.mdx index 879bb9ea6..43016a851 100644 --- a/website/content/docs/connect/native/go.mdx +++ b/website/content/docs/connect/native/go.mdx @@ -179,7 +179,7 @@ the following specific limitations: - `.service[.].consul` to discover a healthy service instance for a given service. - `.query[.].consul` to discover an instance via - [Prepared Query](/api/query). + [Prepared Query](/api-docs/query). - The top-level domain _must_ be `.consul` even if your cluster has a custom `domain` configured for its DNS interface. This might be relaxed in the future. diff --git a/website/content/docs/connect/native/index.mdx b/website/content/docs/connect/native/index.mdx index e90d833b9..57b7e461d 100644 --- a/website/content/docs/connect/native/index.mdx +++ b/website/content/docs/connect/native/index.mdx @@ -37,9 +37,9 @@ to integrate with Connect. ## Overview The primary work involved in natively integrating with Connect is -[acquiring the proper TLS certificate](/api/agent/connect#service-leaf-certificate), -[verifying TLS certificates](/api/agent/connect#certificate-authority-ca-roots), -and [authorizing inbound connections or requests](/api/connect/intentions#list-matching-intentions). +[acquiring the proper TLS certificate](/api-docs/agent/connect#service-leaf-certificate), +[verifying TLS certificates](/api-docs/agent/connect#certificate-authority-ca-roots), +and [authorizing inbound connections or requests](/api-docs/connect/intentions#list-matching-intentions). All of this is done using the Consul HTTP APIs linked above. @@ -50,7 +50,7 @@ an API call to verify the incoming client certificate. ![Native Integration Overview](/img/connect-native-overview.png) -> **Note:** This diagram depicts the simpler networking layer 4 (e.g. TCP) [integration -mechanism](/api/agent/connect#authorize). +mechanism](/api-docs/agent/connect#authorize). Details on the steps are below: @@ -62,21 +62,21 @@ Details on the steps are below: - **Mutual TLS** - As a client, connect to the discovered service address over normal TLS. As part of the TLS connection, provide the - [service certificate](/api/agent/connect#service-leaf-certificate) + [service certificate](/api-docs/agent/connect#service-leaf-certificate) as the client certificate. Verify the remote certificate against the - [public CA roots](/api/agent/connect#certificate-authority-ca-roots). + [public CA roots](/api-docs/agent/connect#certificate-authority-ca-roots). As a client, if the connection is established then you've established a Connect-based connection and there are no further steps! - **Authorization** - As a server accepting connections, verify the client certificate against the [public CA - roots](/api/agent/connect#certificate-authority-ca-roots). After verifying + roots](/api-docs/agent/connect#certificate-authority-ca-roots). After verifying the certificate, parse some basic fields from it and use those to determine if the connection should be allowed. How this is done is dependent on the level of integration desired: - **Simple integration (TCP-only)** - Call the [authorizing - API](/api/agent/connect#authorize) against the local agent. If this returns + API](/api-docs/agent/connect#authorize) against the local agent. If this returns successfully, complete the TLS handshake and establish the connection. If authorization fails, close the connection. @@ -89,7 +89,7 @@ Details on the steps are below: - **Complete integration** - Like how the calls to acquire the leaf certificate and CA roots are expected to be done out of band and reused, so should the [intention match - API](/api/connect/intentions#list-matching-intentions). With all of the + API](/api-docs/connect/intentions#list-matching-intentions). With all of the relevant intentions cached for the destination, all enforcement operations can be done entirely by the service without calling any Consul APIs in the connection or request path. If the service is networking layer 7 (e.g. @@ -104,10 +104,10 @@ so that new connections are not disrupted. This can be done through Consul blocking queries (HTTP long polling) or through periodic polling. The API calls for -[acquiring a leaf TLS certificate](/api/agent/connect#service-leaf-certificate) -and [reading CA roots](/api/agent/connect#certificate-authority-ca-roots) +[acquiring a leaf TLS certificate](/api-docs/agent/connect#service-leaf-certificate) +and [reading CA roots](/api-docs/agent/connect#certificate-authority-ca-roots) both support -[blocking queries](/api/features/blocking). By using blocking +[blocking queries](/api-docs/features/blocking). By using blocking queries, an application can efficiently wait for an updated value. For example, the leaf certificate API will block until the certificate is near expiration or the signing certificates have changed and will issue and return a new @@ -116,7 +116,7 @@ certificate. In some languages, using blocking queries may not be simple. In that case, we still recommend using the blocking query parameters but with a very short `timeout` value set. Doing this is documented with -[blocking queries](/api/features/blocking). The low timeout will +[blocking queries](/api-docs/features/blocking). The low timeout will ensure the API responds quickly. We recommend that applications poll the certificate endpoints frequently, such as multiple times per minute. diff --git a/website/content/docs/connect/proxies/integrate.mdx b/website/content/docs/connect/proxies/integrate.mdx index bdf59a1af..6b1f64612 100644 --- a/website/content/docs/connect/proxies/integrate.mdx +++ b/website/content/docs/connect/proxies/integrate.mdx @@ -57,15 +57,15 @@ transport layer. -> **Note:** Some features, such as (local) rate limiting or max connections, are expected to be proxy-level configurations enforced separately when authorization calls are made. Proxies can enforce the configurations based on information about request rates and other states that should already be available. -The proxy can authorize the connection by either calling the [`/v1/agent/connect/authorize`](/api/agent/connect) API endpoint or by querying the [intention match API](/api/connect/intentions#list-matching-intentions) endpoint. +The proxy can authorize the connection by either calling the [`/v1/agent/connect/authorize`](/api-docs/agent/connect) API endpoint or by querying the [intention match API](/api-docs/connect/intentions#list-matching-intentions) endpoint. -The [`/v1/agent/connect/authorize`](/api/agent/connect) endpoint should be called in the connection path for each received connection. +The [`/v1/agent/connect/authorize`](/api-docs/agent/connect) endpoint should be called in the connection path for each received connection. If the local Consul agent is down or unresponsive, the success rate of new connections will be compromised. The agent uses locally-cached data to authorize the connection and typically responds in microseconds. As a result, the TLS handshake typically spans microseconds. ~> **Note:** This endpoint is only suitable for L4 (e.g., TCP) integration. The endpoint always treats intentions with `Permissions` defined (i.e., L7 criteria) as `deny` intentions during evaluation. -The proxy can query the [intention match API](/api/connect/intentions#list-matching-intentions) endpoint on startup to retrieve a list of intentions that match the proxy destination. The matches should be stored in the native filter configuration of the proxy, such as RBAC for Envoy. +The proxy can query the [intention match API](/api-docs/connect/intentions#list-matching-intentions) endpoint on startup to retrieve a list of intentions that match the proxy destination. The matches should be stored in the native filter configuration of the proxy, such as RBAC for Envoy. For performance and reliability reasons, querying the intention match API endpoint is the recommended method for implementing intention enforcement. The cached intentions should be consulted for each incoming connection (L4) or request (L7) to determine if the connection or request should be accepted or rejected. @@ -90,7 +90,7 @@ background. The leaf, roots, and intentions should be updated in the background by the proxy. The leaf cert, root cert, and intentions endpoints support [blocking -queries](/api/features/blocking), which should be used to get near-immediate +queries](/api-docs/features/blocking), which should be used to get near-immediate updates for root key rotations, new leaf certs before expiry, and intention changes. @@ -111,7 +111,7 @@ endpoint for a service and provide a client certificate from the ## Configuration Discovery -The [`/v1/agent/service/:service_id`](/api/agent/service#get-service-configuration) +The [`/v1/agent/service/:service_id`](/api-docs/agent/service#get-service-configuration) API endpoint enables any proxy to discover proxy configurations registered with a local service. This endpoint supports hash-based blocking, which enables long-polling for changes to the registration/configuration. Any changes to the registration/config will result in the new config being returned immediately. @@ -119,11 +119,11 @@ result in the new config being returned immediately. Refer to the [built-in proxy](/docs/connect/proxies/built-in) for an example implementation. Using the Go SDK, the proxy calls the HTTP "pull" API via the `watch` package: [`consul/connect/proxy/config.go`]. The [discovery chain] for each upstream service should be fetched from the -[`/v1/discovery-chain/:service_id`](/api/discovery-chain#read-compiled-discovery-chain) +[`/v1/discovery-chain/:service_id`](/api-docs/discovery-chain#read-compiled-discovery-chain) API endpoint. This will return a compiled graph of configurations a sidecar needs for a particular upstream service. If you are only implementing L4 support in your proxy, set the -[`OverrideProtocol`](/api/discovery-chain#overrideprotocol) value to `tcp` when +[`OverrideProtocol`](/api-docs/discovery-chain#overrideprotocol) value to `tcp` when fetching the discovery chain so that L7 features, such as HTTP routing rules, are not returned. @@ -140,7 +140,7 @@ documentation for details about supported configuration parameters. ### Service Discovery -Proxies can use Consul's [service discovery API](`/v1/health/connect/:service_id`) to return all available, Connect-capable endpoints for a given service. This endpoint supports a `cached` query parameter, which uses [agent caching](/api/features/caching) to improve +Proxies can use Consul's [service discovery API](`/v1/health/connect/:service_id`) to return all available, Connect-capable endpoints for a given service. This endpoint supports a `cached` query parameter, which uses [agent caching](/api-docs/features/caching) to improve performance. The API package provides a [`UseCache`] query option to leverage caching. In addition to performance improvements, using the cache makes the mesh more resilient to Consul server outages. This is because the mesh "fails static" with the last known set of service instances still used, rather than errors on new connections. @@ -152,7 +152,7 @@ proxies are likely to find it easier to integrate by pulling the set of endpoints and maintaining it in local memory using blocking queries. Upstreams may be defined with the Prepared Query target type. These upstreams -should use Consul's [prepared query](/api/query) API to determine a list of upstream endpoints for the service. Note that the `PreparedQuery` API does not support blocking, so proxies choosing to populate endpoints in memory will need to poll the endpoint at a suitable and, ideally, configurable frequency. +should use Consul's [prepared query](/api-docs/query) API to determine a list of upstream endpoints for the service. Note that the `PreparedQuery` API does not support blocking, so proxies choosing to populate endpoints in memory will need to poll the endpoint at a suitable and, ideally, configurable frequency. -> **Long-term support for [`service-resolver`](/docs/connect/config-entries/service-resolver) configuration entries**. The `service-resolver` configuration will completely replace prepared queries in future versions of Consul. In some instances, however, prepared queries are still used. diff --git a/website/content/docs/connect/proxies/managed-deprecated.mdx b/website/content/docs/connect/proxies/managed-deprecated.mdx index a1d918772..6b97e006d 100644 --- a/website/content/docs/connect/proxies/managed-deprecated.mdx +++ b/website/content/docs/connect/proxies/managed-deprecated.mdx @@ -177,7 +177,7 @@ reference](/docs/connect/configuration). ### Prepared Query Upstreams The upstream destination may also be a -[prepared query](/api/query). +[prepared query](/api-docs/query). This allows complex service discovery behavior such as connecting to the nearest neighbor or filtering by tags. diff --git a/website/content/docs/discovery/checks.mdx b/website/content/docs/discovery/checks.mdx index bd1617795..61fec921a 100644 --- a/website/content/docs/discovery/checks.mdx +++ b/website/content/docs/discovery/checks.mdx @@ -88,9 +88,9 @@ There are several different kinds of checks: dead man's switch, relies on the application to directly report its health. For example, a healthy app can periodically `PUT` a status update to the HTTP endpoint; if the app fails, the TTL will expire and the health check enters a critical state. - The endpoints used to update health information for a given check are: [pass](/api/agent/check#ttl-check-pass), - [warn](/api/agent/check#ttl-check-warn), [fail](/api/agent/check#ttl-check-fail), - and [update](/api/agent/check#ttl-check-update). TTL checks also persist their + The endpoints used to update health information for a given check are: [pass](/api-docs/agent/check#ttl-check-pass), + [warn](/api-docs/agent/check#ttl-check-warn), [fail](/api-docs/agent/check#ttl-check-fail), + and [update](/api-docs/agent/check#ttl-check-update). TTL checks also persist their last known status to disk. This allows the Consul agent to restore the last known status of the check across restarts. Persisted check status is valid through the end of the TTL from the time of the last check. diff --git a/website/content/docs/discovery/dns.mdx b/website/content/docs/discovery/dns.mdx index 47807e62f..5023b7b12 100644 --- a/website/content/docs/discovery/dns.mdx +++ b/website/content/docs/discovery/dns.mdx @@ -335,11 +335,11 @@ The `datacenter` is optional, and if not provided, the datacenter of this Consul agent is assumed. The `query or name` is the ID or given name of an existing -[Prepared Query](/api/query). These behave like standard service +[Prepared Query](/api-docs/query). These behave like standard service queries but provide a much richer set of features, such as filtering by multiple tags and automatically failing over to look for services in remote datacenters if no healthy nodes are available in the local datacenter. Consul 0.6.4 and later also -added support for [prepared query templates](/api/query#prepared-query-templates) +added support for [prepared query templates](/api-docs/query#prepared-query-templates) which can match names using a prefix match, allowing one template to apply to potentially many services. @@ -369,7 +369,7 @@ applications. This endpoint currently only finds services within the same datacenter and doesn't support tags. This DNS interface will be expanded over time. If you need more complex behavior, please use the -[catalog API](/api/catalog). +[catalog API](/api-docs/catalog). ### Service Virtual IP Lookups @@ -400,7 +400,7 @@ endpoints for the given `service`. This endpoint currently only finds services within the same datacenter and doesn't support tags. This DNS interface will be expanded over time. If you need more complex behavior, please use the -[catalog API](/api/catalog). +[catalog API](/api-docs/catalog). ### UDP Based DNS Queries @@ -508,7 +508,7 @@ DNS lookups and required policies when ACLs are enabled: | ------------------------------------------------------------------------------ | -------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `*.node.consul` | [Node](#node-lookups) | Allow resolving DNS requests for the target node (i.e., `.node.consul`) | [`node:read`](/docs/security/acl/acl-rules#node-rules) | | `*.service.consul`, `*.connect.consul`, `*.ingress.consul`, `*.virtual.consul` | [Service: standard](#service-lookups) | Allow resolving DNS requests for target service (e.g., `.service.consul`) instances running on ACL-authorized nodes | [`service:read`](/docs/security/acl/acl-rules#service-rules), [`node:read`](/docs/security/acl/acl-rules#node-rules) | -| `*.query.consul` | [Service: prepared query](#prepared-query-lookups) | Allow resolving DNS requests for [service instances specified](/api/query#service-1) by the target prepared query (i.e., `.query.consul`) running on ACL-authorized nodes | [`query:read`](/docs/security/acl/acl-rules#prepared-query-rules), [`service:read`](/docs/security/acl/acl-rules#service-rules), [`node:read`](/docs/security/acl/acl-rules#node-rules) | +| `*.query.consul` | [Service: prepared query](#prepared-query-lookups) | Allow resolving DNS requests for [service instances specified](/api-docs/query#service-1) by the target prepared query (i.e., `.query.consul`) running on ACL-authorized nodes | [`query:read`](/docs/security/acl/acl-rules#prepared-query-rules), [`service:read`](/docs/security/acl/acl-rules#service-rules), [`node:read`](/docs/security/acl/acl-rules#node-rules) | For guidance on how to configure an appropriate token for DNS, refer to the securing Consul with ACLs guides for: diff --git a/website/content/docs/dynamic-app-config/kv.mdx b/website/content/docs/dynamic-app-config/kv.mdx index 2e9a7b94c..501abf027 100644 --- a/website/content/docs/dynamic-app-config/kv.mdx +++ b/website/content/docs/dynamic-app-config/kv.mdx @@ -28,7 +28,7 @@ Learn. ## Accessing the KV store The KV store can be accessed by the [consul kv CLI -subcommands](/commands/kv), [HTTP API](/api/kv), and Consul UI. +subcommands](/commands/kv), [HTTP API](/api-docs/kv), and Consul UI. To restrict access, enable and configure [ACLs](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production). Once the ACL system has been bootstrapped, users and services, will need a diff --git a/website/content/docs/enterprise/namespaces.mdx b/website/content/docs/enterprise/namespaces.mdx index ed90fd303..34bca5862 100644 --- a/website/content/docs/enterprise/namespaces.mdx +++ b/website/content/docs/enterprise/namespaces.mdx @@ -24,7 +24,7 @@ For more information on how to use namespaces with Consul Enterprise please revi ## Namespace Definition -Namespaces are managed exclusively through the [HTTP API](/api/namespaces) and the [Consul CLI](/commands/namespace). +Namespaces are managed exclusively through the [HTTP API](/api-docs/namespaces) and the [Consul CLI](/commands/namespace). The HTTP API accepts only JSON formatted definitions while the CLI will parse either JSON or HCL. An example namespace definition looks like the following: diff --git a/website/content/docs/install/performance.mdx b/website/content/docs/install/performance.mdx index a2d30e369..ca9c0e538 100644 --- a/website/content/docs/install/performance.mdx +++ b/website/content/docs/install/performance.mdx @@ -118,7 +118,7 @@ Here are some general recommendations: respect them. - In other applications that perform high volumes of reads against Consul, consider using the - [stale consistency mode](/api/features/consistency#stale) available to allow reads to scale + [stale consistency mode](/api-docs/features/consistency#stale) available to allow reads to scale across all the servers and not just be forwarded to the leader. - In Consul 0.9.3 and later, a new [`limits`](/docs/agent/options#limits) configuration is @@ -158,7 +158,7 @@ RAM NEEDED = number of keys * average key size * 2-3x Since writes must be synced to disk (persistent storage) on a quorum of servers before they are committed, deploying a disk with high write throughput (or an SSD) will enhance performance on the write side. ([Documentation](/docs/agent/options#_data_dir)) -For a **read-heavy** workload, configure all Consul server agents with the `allow_stale` DNS option, or query the API with the `stale` [consistency mode](/api/features/consistency). By default, all queries made to the server are RPC forwarded to and serviced by the leader. By enabling stale reads, any server will respond to any query, thereby reducing overhead on the leader. Typically, the stale response is `100ms` or less from consistent mode but it drastically improves performance and reduces latency under high load. +For a **read-heavy** workload, configure all Consul server agents with the `allow_stale` DNS option, or query the API with the `stale` [consistency mode](/api-docs/features/consistency). By default, all queries made to the server are RPC forwarded to and serviced by the leader. By enabling stale reads, any server will respond to any query, thereby reducing overhead on the leader. Typically, the stale response is `100ms` or less from consistent mode but it drastically improves performance and reduces latency under high load. If the leader server is out of memory or the disk is full, the server eventually stops responding, loses its election and cannot move past its last commit time. However, by configuring `max_stale` and setting it to a large value, Consul will continue to respond to queries during such outage scenarios. ([max_stale documentation](/docs/agent/options#max_stale)). diff --git a/website/content/docs/k8s/connect/connect-ca-provider.mdx b/website/content/docs/k8s/connect/connect-ca-provider.mdx index d5a824270..4fb45c82c 100644 --- a/website/content/docs/k8s/connect/connect-ca-provider.mdx +++ b/website/content/docs/k8s/connect/connect-ca-provider.mdx @@ -8,7 +8,7 @@ description: Configuring a Connect CA Provider ~> **NOTE:** The instructions below should only be used for initially bootstrapping a cluster with **Consul K8s 0.38.0+.** To update the Connect CA provider on an existing cluster or to update any properties, such as tokens, of the CA provider, -please use the [Update CA Configuration Endpoint](/api/connect/ca#update-ca-configuration). +please use the [Update CA Configuration Endpoint](/api-docs/connect/ca#update-ca-configuration). Consul has support for different certificate authority (CA) providers to be used with the Consul Service Mesh. Please see [Connect Certificate Management](/docs/connect/ca) for the information on the providers @@ -193,7 +193,7 @@ The [`ca_config`] and [`ca_provider`] options defined in the Consul agent configuration are only used when initially bootstrapping the cluster. Once the cluster is running, subsequent changes to the [`ca_provider`] config are **ignored**–even if `consul reload` is run or the servers are restarted. -To update any settings under these keys, you must use Consul's [Update CA Configuration](/api/connect/ca#update-ca-configuration) API or the [`consul connect ca set-config`](/commands/connect/ca#set-config) command. +To update any settings under these keys, you must use Consul's [Update CA Configuration](/api-docs/connect/ca#update-ca-configuration) API or the [`consul connect ca set-config`](/commands/connect/ca#set-config) command. #### Renewing Vault Token diff --git a/website/content/docs/k8s/installation/install.mdx b/website/content/docs/k8s/installation/install.mdx index e128ccef0..f437467cf 100644 --- a/website/content/docs/k8s/installation/install.mdx +++ b/website/content/docs/k8s/installation/install.mdx @@ -303,7 +303,7 @@ The Consul HTTP API should be accessed by communicating to the local agent running on the same node. While technically any listening agent (client or server) can respond to the HTTP API, communicating with the local agent has important caching behavior, and allows you to use the simpler -[`/agent` endpoints for services and checks](/api/agent). +[`/agent` endpoints for services and checks](/api-docs/agent). For Consul installed via the Helm chart, a client agent is installed on each Kubernetes node. This is explained in the [architecture](/docs/k8s/installation/install#client-agents) diff --git a/website/content/docs/nia/installation/requirements.mdx b/website/content/docs/nia/installation/requirements.mdx index f8ae5831e..ee30a49f4 100644 --- a/website/content/docs/nia/installation/requirements.mdx +++ b/website/content/docs/nia/installation/requirements.mdx @@ -33,7 +33,7 @@ For information on compatible Consul versions, refer to the [Consul compatibilit The Consul agent must be running in order to dynamically update network devices. To run the local Consul agent, you can run Consul in development mode which can be started with `consul agent -dev` for simplicity. For more details on running Consul agent, refer to the [Getting Started: Run the Consul Agent Tutorial](https://learn.hashicorp.com/tutorials/consul/get-started-agent?in=consul/getting-started). -When running a Consul agent with CTS in production, we suggest to keep a few considerations in mind. CTS uses [blocking queries](/api/features/blocking) to monitor task dependencies, like changes to registered services. This results in multiple long running TCP connections between CTS and the agent to poll changes for each dependency. Monitoring a high number of services may quickly hit the default Consul agent connection limits. +When running a Consul agent with CTS in production, we suggest to keep a few considerations in mind. CTS uses [blocking queries](/api-docs/features/blocking) to monitor task dependencies, like changes to registered services. This results in multiple long running TCP connections between CTS and the agent to poll changes for each dependency. Monitoring a high number of services may quickly hit the default Consul agent connection limits. There are 2 ways to fix this issue. The first and recommended fix is to use HTTP/2 (requires HTTPS) to communicate between CTS and the Consul agent. When using HTTP/2 only a single connection is made and reused for all communications. See the [Consul Configuration section](/docs/nia/configuration#consul) for more. The other option is to configure [`limits.http_max_conns_per_client`](/docs/agent/options#http_max_conns_per_client) for the agent to a reasonable value proportional to the number of services monitored by CTS. diff --git a/website/content/docs/security/acl/acl-federated-datacenters.mdx b/website/content/docs/security/acl/acl-federated-datacenters.mdx index e13627d17..045680ec2 100644 --- a/website/content/docs/security/acl/acl-federated-datacenters.mdx +++ b/website/content/docs/security/acl/acl-federated-datacenters.mdx @@ -67,7 +67,7 @@ acl = { ~> **Warning:** Note that most enterprise deployments have security requirements that prevent specifying tokens in configuration files. The `enable_token_persistence` flag is also set in the configuration example so that the token is stored to disk in the agent's -[data directory](/docs/agent/options#_data_dir). Any future changes to the token that are made through the [API](/api/agent#update-acl-tokens) will +[data directory](/docs/agent/options#_data_dir). Any future changes to the token that are made through the [API](/api-docs/agent#update-acl-tokens) will be persisted to the same location, and the value in the config file will be ignored. The ACL agent token can also be set using the [`consul acl set-agent-token`](/commands/acl/set-agent-token) CLI as shown below. diff --git a/website/content/docs/security/acl/acl-legacy.mdx b/website/content/docs/security/acl/acl-legacy.mdx index 629fa0b1e..ea58bef0d 100644 --- a/website/content/docs/security/acl/acl-legacy.mdx +++ b/website/content/docs/security/acl/acl-legacy.mdx @@ -72,18 +72,18 @@ key_prefix "foo" { policy = "write" } The "old" API endpoints below continue to work for backwards compatibility but will continue to create or show only "legacy" tokens that can't take full advantage of the new ACL system improvements. They are documented fully under -[Legacy Tokens](/api/acl/legacy). +[Legacy Tokens](/api-docs/acl/legacy). -- [`PUT /acl/create` - Create Legacy Token](/api/acl/legacy#create-acl-token) -- [`PUT /acl/update` - Update Legacy Token](/api/acl/legacy#update-acl-token) -- [`PUT /acl/destroy/:uuid` - Delete Legacy Token](/api/acl/legacy#delete-acl-token) -- [`GET /acl/info/:uuid` - Read Legacy Token](/api/acl/legacy#read-acl-token) -- [`PUT /acl/clone/:uuid` - Clone Legacy Token](/api/acl/legacy#clone-acl-token) -- [`GET /acl/list` - List Legacy Tokens](/api/acl/legacy#list-acls) +- [`PUT /acl/create` - Create Legacy Token](/api-docs/acl/legacy#create-acl-token) +- [`PUT /acl/update` - Update Legacy Token](/api-docs/acl/legacy#update-acl-token) +- [`PUT /acl/destroy/:uuid` - Delete Legacy Token](/api-docs/acl/legacy#delete-acl-token) +- [`GET /acl/info/:uuid` - Read Legacy Token](/api-docs/acl/legacy#read-acl-token) +- [`PUT /acl/clone/:uuid` - Clone Legacy Token](/api-docs/acl/legacy#clone-acl-token) +- [`GET /acl/list` - List Legacy Tokens](/api-docs/acl/legacy#list-acls) The new ACL system includes new API endpoints to manage -the [ACL System](/api-docs/acl), [Tokens](/api/acl/tokens) -and [Policies](/api/acl/policies). +the [ACL System](/api-docs/acl), [Tokens](/api-docs/acl/tokens) +and [Policies](/api-docs/acl/policies). # Legacy ACL System @@ -139,28 +139,28 @@ rules: | Policy | Scope | | -------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| [`agent`](#agent-rules) | Utility operations in the [Agent API](/api/agent), other than service and check registration | -| [`event`](#event-rules) | Listing and firing events in the [Event API](/api/event) | -| [`key`](#key-value-rules) | Key/value store operations in the [KV Store API](/api/kv) | -| [`keyring`](#keyring-rules) | Keyring operations in the [Keyring API](/api/operator/keyring) | -| [`node`](#node-rules) | Node-level catalog operations in the [Catalog API](/api/catalog), [Health API](/api/health), [Prepared Query API](/api/query), [Network Coordinate API](/api/coordinate), and [Agent API](/api/agent) | -| [`operator`](#operator-rules) | Cluster-level operations in the [Operator API](/api/operator), other than the [Keyring API](/api/operator/keyring) | -| [`query`](#prepared-query-rules) | Prepared query operations in the [Prepared Query API](/api/query) | -| [`service`](#service-rules) | Service-level catalog operations in the [Catalog API](/api/catalog), [Health API](/api/health), [Prepared Query API](/api/query), and [Agent API](/api/agent) | -| [`session`](#session-rules) | Session operations in the [Session API](/api/session) | +| [`agent`](#agent-rules) | Utility operations in the [Agent API](/api-docs/agent), other than service and check registration | +| [`event`](#event-rules) | Listing and firing events in the [Event API](/api-docs/event) | +| [`key`](#key-value-rules) | Key/value store operations in the [KV Store API](/api-docs/kv) | +| [`keyring`](#keyring-rules) | Keyring operations in the [Keyring API](/api-docs/operator/keyring) | +| [`node`](#node-rules) | Node-level catalog operations in the [Catalog API](/api-docs/catalog), [Health API](/api-docs/health), [Prepared Query API](/api-docs/query), [Network Coordinate API](/api-docs/coordinate), and [Agent API](/api-docs/agent) | +| [`operator`](#operator-rules) | Cluster-level operations in the [Operator API](/api-docs/operator), other than the [Keyring API](/api-docs/operator/keyring) | +| [`query`](#prepared-query-rules) | Prepared query operations in the [Prepared Query API](/api-docs/query) | +| [`service`](#service-rules) | Service-level catalog operations in the [Catalog API](/api-docs/catalog), [Health API](/api-docs/health), [Prepared Query API](/api-docs/query), and [Agent API](/api-docs/agent) | +| [`session`](#session-rules) | Session operations in the [Session API](/api-docs/session) | Since Consul snapshots actually contain ACL tokens, the -[Snapshot API](/api/snapshot) requires a management token for snapshot operations +[Snapshot API](/api-docs/snapshot) requires a management token for snapshot operations and does not use a special policy. The following resources are not covered by ACL policies: -1. The [Status API](/api/status) is used by servers when bootstrapping and exposes +1. The [Status API](/api-docs/status) is used by servers when bootstrapping and exposes basic IP and port information about the servers, and does not allow modification of any state. 2. The datacenter listing operation of the - [Catalog API](/api/catalog#list-datacenters) similarly exposes the names of known + [Catalog API](/api-docs/catalog#list-datacenters) similarly exposes the names of known Consul datacenters, and does not allow modification of any state. Constructing rules from these policies is covered in detail in the @@ -212,13 +212,13 @@ system, or accessing Consul in special situations: | Special Token | Servers | Clients | Purpose | | ----------------------------------------------------------------------------- | ---------- | ---------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| [`acl_agent_master_token`](/docs/agent/options#acl_agent_master_token_legacy) | `OPTIONAL` | `OPTIONAL` | Special token that can be used to access [Agent API](/api/agent) when the ACL datacenter isn't available, or servers are offline (for clients); used for setting up the cluster such as doing initial join operations, see the [ACL Agent Master Token](#acl-agent-master-token) section for more details | +| [`acl_agent_master_token`](/docs/agent/options#acl_agent_master_token_legacy) | `OPTIONAL` | `OPTIONAL` | Special token that can be used to access [Agent API](/api-docs/agent) when the ACL datacenter isn't available, or servers are offline (for clients); used for setting up the cluster such as doing initial join operations, see the [ACL Agent Master Token](#acl-agent-master-token) section for more details | | [`acl_agent_token`](/docs/agent/options#acl_agent_token_legacy) | `OPTIONAL` | `OPTIONAL` | Special token that is used for an agent's internal operations, see the [ACL Agent Token](#acl-agent-token) section for more details | | [`acl_master_token`](/docs/agent/options#acl_master_token_legacy) | `REQUIRED` | `N/A` | Special token used to bootstrap the ACL system, see the [Bootstrapping ACLs](#bootstrapping-acls) section for more details | | [`acl_token`](/docs/agent/options#acl_token_legacy) | `OPTIONAL` | `OPTIONAL` | Default token to use for client requests where no token is supplied; this is often configured with read-only access to services to enable DNS service discovery on agents | In Consul 0.9.1 and later, the agent ACL tokens can be introduced or updated via the -[/v1/agent/token API](/api/agent#update-acl-tokens). +[/v1/agent/token API](/api-docs/agent#update-acl-tokens). #### ACL Agent Master Token @@ -234,13 +234,13 @@ node "" { ``` In Consul 0.9.1 and later, the agent ACL tokens can be introduced or updated via the -[/v1/agent/token API](/api/agent#update-acl-tokens). +[/v1/agent/token API](/api-docs/agent#update-acl-tokens). #### ACL Agent Token The [`acl_agent_token`](/docs/agent/options#acl_agent_token) is a special token that is used for an agent's internal operations. It isn't used directly for any user-initiated operations like the [`acl_token`](/docs/agent/options#acl_token), though if the `acl_agent_token` isn't configured the `acl_token` will be used. The ACL agent token is used for the following operations by the agent: -1. Updating the agent's node entry using the [Catalog API](/api/catalog), including updating its node metadata, tagged addresses, and network coordinates +1. Updating the agent's node entry using the [Catalog API](/api-docs/catalog), including updating its node metadata, tagged addresses, and network coordinates 2. Performing [anti-entropy](/docs/architecture/anti-entropy) syncing, in particular reading the node metadata and services registered with the catalog 3. Reading and writing the special `_rexec` section of the KV store when executing [`consul exec`](/commands/exec) commands @@ -261,7 +261,7 @@ key "_rexec" { The `service` policy needs `read` access for any services that can be registered on the agent. If [remote exec is disabled](/docs/agent/options#disable_remote_exec), the default, then the `key` policy can be omitted. In Consul 0.9.1 and later, the agent ACL tokens can be introduced or updated via the -[/v1/agent/token API](/api/agent#update-acl-tokens). +[/v1/agent/token API](/api-docs/agent#update-acl-tokens). ## Bootstrapping ACLs @@ -556,7 +556,7 @@ supplied, the [`acl_token`](/docs/agent/options#acl_token) will be used for the instead of being left empty which would normally invoke the anonymous token. In Consul 0.9.1 and later, the agent ACL tokens can be introduced or updated via the -[/v1/agent/token API](/api/agent#update-acl-tokens). +[/v1/agent/token API](/api-docs/agent#update-acl-tokens). This behaves very similarly to the anonymous token, but can be configured differently on each agent, if desired. For example, this allows more fine grained control of what DNS requests a @@ -702,7 +702,7 @@ or the `CONSUL_HTTP_TOKEN` environment variable. #### Agent Rules -The `agent` policy controls access to the utility operations in the [Agent API](/api/agent), +The `agent` policy controls access to the utility operations in the [Agent API](/api-docs/agent), such as join and leave. All of the catalog-related operations are covered by the [`node`](#node-rules) and [`service`](#service-rules) policies instead. @@ -725,14 +725,14 @@ the example above, the rules allow read-only access to any node name with the em read-write access to any node name that starts with "foo", and deny all access to any node name that starts with "bar". -Since [Agent API](/api/agent) utility operations may be required before an agent is joined to +Since [Agent API](/api-docs/agent) utility operations may be required before an agent is joined to a cluster, or during an outage of the Consul servers or ACL datacenter, a special token may be configured with [`acl_agent_master_token`](/docs/agent/options#acl_agent_master_token) to allow write access to these operations even if no ACL resolution capability is available. #### Event Rules -The `event` policy controls access to event operations in the [Event API](/api/event), such as +The `event` policy controls access to event operations in the [Event API](/api-docs/event), such as firing events and listing events. Event rules look like this: @@ -757,7 +757,7 @@ give agents a token with access to this event prefix, in addition to configuring #### Key/Value Rules -The `key` policy controls access to key/value store operations in the [KV API](/api/kv). Key +The `key` policy controls access to key/value store operations in the [KV API](/api-docs/kv). Key rules look like this: ```hcl @@ -781,7 +781,7 @@ starts with "bar". Consul 1.0 introduces a new `list` policy for keys that is only enforced when opted in via the boolean config param "acl_enable_key_list_policy". `list` controls access to recursively list entries and keys, and enables more fine grained policies. With "acl_enable_key_list_policy", -recursive reads via [the KV API](/api/kv#recurse) with an invalid token result in a 403. Example: +recursive reads via [the KV API](/api-docs/kv#recurse) with an invalid token result in a 403. Example: ```hcl key "" { @@ -825,7 +825,7 @@ For more detailed information, see the [Consul Sentinel documentation](/docs/age #### Keyring Rules The `keyring` policy controls access to keyring operations in the -[Keyring API](/api/operator/keyring). +[Keyring API](/api-docs/operator/keyring). Keyring rules look like this: @@ -838,8 +838,8 @@ dispositions. In the example above, the keyring may be read and updated. #### Node Rules -The `node` policy controls node-level registration and read access to the [Catalog API](/api/catalog), -service discovery with the [Health API](/api/health), and filters results in [Agent API](/api/agent) +The `node` policy controls node-level registration and read access to the [Catalog API](/api-docs/catalog), +service discovery with the [Health API](/api-docs/health), and filters results in [Agent API](/api-docs/agent) operations like fetching the list of cluster members. Node rules look like this: @@ -874,7 +874,7 @@ When reading from the catalog or retrieving information from the health endpoint used to filter the results of the query. This allows for configurations where a token has access to a given service name, but only on an allowed subset of node names. -Node rules come into play when using the [Agent API](/api/agent) to register node-level +Node rules come into play when using the [Agent API](/api-docs/agent) to register node-level checks. The agent will check tokens locally as a check is registered, and Consul also performs periodic [anti-entropy](/docs/architecture/anti-entropy) syncs, which may require an ACL token to complete. To accommodate this, Consul provides two methods of configuring ACL tokens @@ -897,7 +897,7 @@ script checks. #### Operator Rules The `operator` policy controls access to cluster-level operations in the -[Operator API](/api/operator), other than the [Keyring API](/api/operator/keyring). +[Operator API](/api-docs/operator), other than the [Keyring API](/api-docs/operator/keyring). Operator rules look like this: @@ -912,7 +912,7 @@ diagnostic purposes but not make any changes. #### Prepared Query Rules The `query` policy controls access to create, update, and delete prepared queries in the -[Prepared Query API](/api/query). Executing queries is subject to `node` and `service` +[Prepared Query API](/api-docs/query). Executing queries is subject to `node` and `service` policies, as will be explained below. Query rules look like this: @@ -955,7 +955,7 @@ here, with examples: that is used and known by many clients to provide geo-failover behavior for a database. -- [Template queries](/api/query#prepared-query-templates) +- [Template queries](/api-docs/query#prepared-query-templates) queries work like static queries with a `Name` defined, except that a catch-all template with an empty `Name` requires an ACL token that can write to any query prefix. @@ -1002,8 +1002,8 @@ These differences are outlined in the table below: #### Service Rules -The `service` policy controls service-level registration and read access to the [Catalog API](/api/catalog) -and service discovery with the [Health API](/api/health). +The `service` policy controls service-level registration and read access to the [Catalog API](/api-docs/catalog) +and service discovery with the [Health API](/api-docs/health). Service rules look like this: @@ -1031,7 +1031,7 @@ given service, then the DNS interface will return no records when queried for it When reading from the catalog or retrieving information from the health endpoints, service rules are used to filter the results of the query. -Service rules come into play when using the [Agent API](/api/agent) to register services or +Service rules come into play when using the [Agent API](/api-docs/agent) to register services or checks. The agent will check tokens locally as a service or check is registered, and Consul also performs periodic [anti-entropy](/docs/architecture/anti-entropy) syncs, which may require an ACL token to complete. To accommodate this, Consul provides two methods of configuring ACL tokens @@ -1058,7 +1058,7 @@ set to `true` in order to enable script checks. #### Session Rules -The `session` policy controls access to [Session API](/api/session) operations. +The `session` policy controls access to [Session API](/api-docs/session) operations. Session rules look like this: @@ -1099,7 +1099,7 @@ configuration on the servers in the non-authoritative datacenters. In Consul 0.9.1 and later you can enable ACL replication using [`enable_acl_replication`](/docs/agent/options#enable_acl_replication) and then set the token later using the -[agent token API](/api/agent#update-acl-tokens) on each server. This can +[agent token API](/api-docs/agent#update-acl-tokens) on each server. This can also be used to rotate the token without restarting the Consul servers. With replication enabled, the servers will maintain a replica of the authoritative diff --git a/website/content/docs/security/acl/acl-migrate-tokens.mdx b/website/content/docs/security/acl/acl-migrate-tokens.mdx index fc1a8e522..36387783c 100644 --- a/website/content/docs/security/acl/acl-migrate-tokens.mdx +++ b/website/content/docs/security/acl/acl-migrate-tokens.mdx @@ -59,7 +59,7 @@ blank `AccessorID`. In addition, it is assumed that all clients that might _create_ ACL tokens (e.g. Vault's Consul secrets engine) have been updated to use the [new ACL -APIs](/api/acl/tokens). +APIs](/api-docs/acl/tokens). Specifically if you are using Vault's Consul secrets engine you need to be running Vault 1.0.0 or higher, _and_ you must update all roles defined in Vault @@ -135,7 +135,7 @@ necessary access for existing clients; this is up to the operator to ensure. #### Update via API -Use the [`PUT /v1/acl/token/:AccessorID`](/api/acl/tokens#update-a-token) +Use the [`PUT /v1/acl/token/:AccessorID`](/api-docs/acl/tokens#update-a-token) endpoint. Specifically, ensure that the `Rules` field is omitted or empty. Empty `Rules` indicates that this is now treated as a new token. diff --git a/website/content/docs/security/acl/acl-policies.mdx b/website/content/docs/security/acl/acl-policies.mdx index 485b1a8f9..1a72774cf 100644 --- a/website/content/docs/security/acl/acl-policies.mdx +++ b/website/content/docs/security/acl/acl-policies.mdx @@ -318,7 +318,7 @@ You can can define several attributes that attach additional metadata and specif ### HTTP API Endpoint -The endpoint takes data formatted in HCL or JSON. Refer to the [ACL HTTP API endpoint documentation](/api/acl/acl) for details about the API. +The endpoint takes data formatted in HCL or JSON. Refer to the [ACL HTTP API endpoint documentation](/api-docs/acl/acl) for details about the API. The following example adds a set of rules to a policy called `my-app-policy`. The policy defines access to the `key` resource (Consul K/V). The rules are formatted in HCL, but they are wrapped in JSON so that the data can be sent using cURL: @@ -540,4 +540,4 @@ session_prefix "" { } ``` - \ No newline at end of file + diff --git a/website/content/docs/security/acl/acl-roles.mdx b/website/content/docs/security/acl/acl-roles.mdx index c5bd0661b..1b16e37e2 100644 --- a/website/content/docs/security/acl/acl-roles.mdx +++ b/website/content/docs/security/acl/acl-roles.mdx @@ -106,7 +106,7 @@ Use the following syntax to define a service identity: - `ServiceIdentities.ServiceName`: String value that specifies the name of the service you want to associate with the policy. - `ServiceIdentitites.Datacenters`: Array that specifies the names of datacenters in which the service identity applies. This field is optional. -Refer to the the [API documentation for roles](/api/acl/roles#sample-payload) for additional information and examples. +Refer to the the [API documentation for roles](/api-docs/acl/roles#sample-payload) for additional information and examples. -> **Scope for Namespace and Admin Partition** - In Consul Enterprise, service identities inherit the namespace or admin partition scope of the corresponding ACL token or role. @@ -280,7 +280,7 @@ NodeIdentities = { - `NodeIdentities.NodeName`: String value that specifies the name of the node you want to associate with the policy. - `NodeIdentitites.Datacenters`: Array that specifies the names of datacenters in which the node identity applies. This field is optional. -Refer to the the [API documentation for roles](/api/acl/roles#sample-payload) for additional information and examples. +Refer to the the [API documentation for roles](/api-docs/acl/roles#sample-payload) for additional information and examples. -> **Consul Enterprise Namespacing** - Node Identities can only be applied to tokens and roles in the `default` namespace. The generated policy rules allow for `service:read` permissions on all services in all namespaces. diff --git a/website/content/docs/security/acl/acl-rules.mdx b/website/content/docs/security/acl/acl-rules.mdx index ddce746cc..28fe09a70 100644 --- a/website/content/docs/security/acl/acl-rules.mdx +++ b/website/content/docs/security/acl/acl-rules.mdx @@ -15,25 +15,25 @@ The following table provides an overview of the resources you can use to create | Resource | Description | Labels | | ---------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ | -| `acl` | Controls access to ACL operations in the [ACL API](/api/acl/acl).
See [ACL Resource Rules](#acl-resource-rules) for details. | No | +| `acl` | Controls access to ACL operations in the [ACL API](/api-docs/acl/acl).
See [ACL Resource Rules](#acl-resource-rules) for details. | No | | `partition`
`partition_prefix` | Controls access to one or more admin partitions.
See [Admin Partition Rules](#admin-partition-rules) for details. | Yes | -| `agent`
`agent_prefix` | Controls access to the utility operations in the [Agent API](/api/agent), such as `join` and `leave`.
See [Agent Rules](#agent-rules) for details. | Yes | -| `event`
`event_prefix` | Controls access to event operations in the [Event API](/api/event), such as firing and listing events.
See [Event Rules](#event-rules) for details. | Yes | -| `key`
`key_prefix`   | Controls access to key/value store operations in the [KV API](/api/kv).
Can also use the `list` access level when setting the policy disposition.
Has additional value options in Consul Enterprise for integrating with [Sentinel](https://docs.hashicorp.com/sentinel/consul).
See [Key/Value Rules](#key-value-rules) for details. | Yes | -| `keyring`       | Controls access to keyring operations in the [Keyring API](/api/keyring).
See [Keyring Rules](#keyring-rules) for details. | No | +| `agent`
`agent_prefix` | Controls access to the utility operations in the [Agent API](/api-docs/agent), such as `join` and `leave`.
See [Agent Rules](#agent-rules) for details. | Yes | +| `event`
`event_prefix` | Controls access to event operations in the [Event API](/api-docs/event), such as firing and listing events.
See [Event Rules](#event-rules) for details. | Yes | +| `key`
`key_prefix`   | Controls access to key/value store operations in the [KV API](/api-docs/kv).
Can also use the `list` access level when setting the policy disposition.
Has additional value options in Consul Enterprise for integrating with [Sentinel](https://docs.hashicorp.com/sentinel/consul).
See [Key/Value Rules](#key-value-rules) for details. | Yes | +| `keyring`       | Controls access to keyring operations in the [Keyring API](/api-docs/keyring).
See [Keyring Rules](#keyring-rules) for details. | No | | `mesh`       | Provides operator-level permissions for resources in the admin partition, such as ingress gateways or mesh proxy defaults. See [Mesh Rules](#mesh-rules) for details. | No | | `namespace`
`namespace_prefix` | Controls access to one or more namespaces.
See [Namespace Rules](#namespace-rules) for details. | Yes | -| `node`
`node_prefix`   | Controls access to node-level operations in the [Catalog API](/api/catalog), [Health API](/api/health), [Prepared Query API](/api/query), [Network Coordinate API](/api/coordinate), and [Agent API](/api/agent)
See [Node Rules](#node-rules) for details. | Yes | -| `operator`       | Controls access to cluster-level operations available in the [Operator API](/api/operator) excluding keyring API endpoints.
See [Operator Rules](#operator-rules) for details. | No | -| `query`
`query_prefix` | Controls access to create, update, and delete prepared queries in the [Prepared Query API](/api/query). Access to the [node](#node-rules) and [service](#service-rules) must also be granted.
See [Prepared Query Rules](#prepared-query-rules) for details. | Yes | -| `service`
`service_prefix` | Controls service-level operations in the [Catalog API](/api/catalog), [Health API](/api/health), [Intentions API](/api/connect/intentions), [Prepared Query API](/api/query), and [Agent API](/api/agent).
See [Service Rules](#node-rules) for details. | Yes | -| `session`
`session_prefix` | Controls access to operations in the [Session API](/api/session).
See [Session Rules](#session-rules) for details. | Yes | +| `node`
`node_prefix`   | Controls access to node-level operations in the [Catalog API](/api-docs/catalog), [Health API](/api-docs/health), [Prepared Query API](/api-docs/query), [Network Coordinate API](/api-docs/coordinate), and [Agent API](/api-docs/agent)
See [Node Rules](#node-rules) for details. | Yes | +| `operator`       | Controls access to cluster-level operations available in the [Operator API](/api-docs/operator) excluding keyring API endpoints.
See [Operator Rules](#operator-rules) for details. | No | +| `query`
`query_prefix` | Controls access to create, update, and delete prepared queries in the [Prepared Query API](/api-docs/query). Access to the [node](#node-rules) and [service](#service-rules) must also be granted.
See [Prepared Query Rules](#prepared-query-rules) for details. | Yes | +| `service`
`service_prefix` | Controls service-level operations in the [Catalog API](/api-docs/catalog), [Health API](/api-docs/health), [Intentions API](/api-docs/connect/intentions), [Prepared Query API](/api-docs/query), and [Agent API](/api-docs/agent).
See [Service Rules](#node-rules) for details. | Yes | +| `session`
`session_prefix` | Controls access to operations in the [Session API](/api-docs/session).
See [Session Rules](#session-rules) for details. | Yes | The following resources are not covered by ACL policies: -- The [Status API](/api/status) is used by servers when bootstrapping and exposes basic IP and port information about the servers, and does not allow modification of any state. -- The datacenter listing operation of the [Catalog API](/api/catalog#list-datacenters) similarly exposes the names of known Consul datacenters, and does not allow modification of any state. -- The [connect CA roots endpoint](/api/connect/ca#list-ca-root-certificates) exposes just the public TLS certificate which other systems can use to verify the TLS connection with Consul. +- The [Status API](/api-docs/status) is used by servers when bootstrapping and exposes basic IP and port information about the servers, and does not allow modification of any state. +- The datacenter listing operation of the [Catalog API](/api-docs/catalog#list-datacenters) similarly exposes the names of known Consul datacenters, and does not allow modification of any state. +- The [connect CA roots endpoint](/api-docs/connect/ca#list-ca-root-certificates) exposes just the public TLS certificate which other systems can use to verify the TLS connection with Consul. -> **Consul Enterprise Namespace** - In addition to directly-linked policies, roles, and service identities, Consul Enterprise enables ACL policies and roles to be defined in the [Namespaces definition](/docs/enterprise/namespaces#namespace-definition) (Consul Enterprise 1.7.0+). @@ -179,7 +179,7 @@ partition_prefix "ex-" { ## Agent Rules -The `agent` and `agent_prefix` resources control access to the utility operations in the [Agent API](/api/agent), +The `agent` and `agent_prefix` resources control access to the utility operations in the [Agent API](/api-docs/agent), such as join and leave. All of the catalog-related operations are covered by the [`node` or `node_prefix`](#node-rules) and [`service` or `service_prefix`](#service-rules) policies instead. @@ -225,14 +225,14 @@ allow read-only access to any node name by using the empty prefix, read-write ac the node with the _exact_ name `foo`, and denies all access to any node name that starts with `bar`. -Since [Agent API](/api/agent) utility operations may be required before an agent is joined to +Since [Agent API](/api-docs/agent) utility operations may be required before an agent is joined to a cluster, or during an outage of the Consul servers or ACL datacenter, a special token may be configured with [`acl.tokens.agent_recovery`](/docs/agent/options#acl_tokens_agent_recovery) to allow write access to these operations even if no ACL resolution capability is available. ## Event Rules -The `event` and `event_prefix` resources control access to event operations in the [Event API](/api/event), such as +The `event` and `event_prefix` resources control access to event operations in the [Event API](/api-docs/event), such as firing events and listing events. @@ -276,7 +276,7 @@ give agents a token with access to this event prefix, in addition to configuring ## Key/Value Rules -The `key` and `key_prefix` resources control access to key/value store operations in the [KV API](/api/kv). +The `key` and `key_prefix` resources control access to key/value store operations in the [KV API](/api-docs/kv). @@ -320,7 +320,7 @@ to any key name with the empty prefix rule, allow read-write access to the "foo" ### List Policy for Keys -Enable the `list` policy disposition (Consul 1.0+) by setting the `acl.enable_key_list_policy` parameter to `true`. The disposition provides recursive access to `key` entries. Refer to the [KV API](/api/kv#recurse) documentation for additional information. In the following example, `key` resources that start with `bar` are listed. +Enable the `list` policy disposition (Consul 1.0+) by setting the `acl.enable_key_list_policy` parameter to `true`. The disposition provides recursive access to `key` entries. Refer to the [KV API](/api-docs/kv#recurse) documentation for additional information. In the following example, `key` resources that start with `bar` are listed. @@ -385,7 +385,7 @@ For more detailed information, see the [Consul Sentinel documentation](/docs/age ## Keyring Rules -The `keyring` resource controls access to keyring operations in the [Keyring API](/api/operator/keyring). Only one keyring policy is allowed per rule set. The value is set to one of the policy dispositions, but may be read and updated. +The `keyring` resource controls access to keyring operations in the [Keyring API](/api-docs/operator/keyring). Only one keyring policy is allowed per rule set. The value is set to one of the policy dispositions, but may be read and updated. @@ -592,9 +592,9 @@ specific namespace are prevented from accessing resources in another namespace. The `node` and `node_prefix` resources control access to the following API behaviors: -- node-level registration and read access to the [Catalog API](/api/catalog) -- service discovery with the [Health API](/api/health) -- filtering results in [Agent API](/api/agent) operations, such as fetching the list of cluster members. +- node-level registration and read access to the [Catalog API](/api-docs/catalog) +- service discovery with the [Health API](/api-docs/health) +- filtering results in [Agent API](/api-docs/agent) operations, such as fetching the list of cluster members. You can use resource labels to scope the rule to a specific resource or set of resources. @@ -659,7 +659,7 @@ These actions may required an ACL token to complete. Use the following methods t ## Operator Rules The `operator` resource controls access to cluster-level operations in the -[Operator API](/api/operator), other than the [Keyring API](/api/operator/keyring). +[Operator API](/api-docs/operator), other than the [Keyring API](/api-docs/operator/keyring). Only one operator rule allowed per rule set. In the following example, the token may be used to query the operator endpoints for diagnostic purposes but it will not make changes. @@ -684,7 +684,7 @@ operator = "read" ## Prepared Query Rules The `query` and `query_prefix` resources control access to create, update, and delete prepared queries in the -[Prepared Query API](/api/query). Specify the resource label in query rules to determine the scope of the rule. +[Prepared Query API](/api-docs/query). Specify the resource label in query rules to determine the scope of the rule. The resource label in the following example is empty. As a result, the rules allow read-only access to query resources with any name. The rules also grant read-write access to the query named `foo`, which allows control of the query namespace to be delegated based on ACLs: @@ -745,7 +745,7 @@ here, with examples: that is used and known by many clients to provide geo-failover behavior for a database. -- [Template queries](/api/query#prepared-query-templates) +- [Template queries](/api-docs/query#prepared-query-templates) queries work like static queries with a `Name` defined, except that a catch-all template with an empty `Name` requires an ACL token that can write to any query prefix. @@ -792,7 +792,7 @@ These differences are outlined in the table below: ## Service Rules -The `service` and `service_prefix` resources control service-level registration and read access to the [Catalog API](/api/catalog) and service discovery with the [Health API](/api/health). +The `service` and `service_prefix` resources control service-level registration and read access to the [Catalog API](/api-docs/catalog) and service discovery with the [Health API](/api-docs/health). Specify the resource label in service rules to set the scope of the rule. The resource label in the following example is empty. As a result, the rules allow read-only access to any service name with the empty prefix. The rules also allow read-write access to the `app` service and deny all access to the `admin` service: @@ -841,7 +841,7 @@ given service, then the DNS interface will return no records when queried for it When reading from the catalog or retrieving information from the health endpoints, service rules are used to filter the results of the query. -Service rules come into play when using the [Agent API](/api/agent) to register services or +Service rules come into play when using the [Agent API](/api-docs/agent) to register services or checks. The agent will check tokens locally as a service or check is registered, and Consul also performs periodic [anti-entropy](/docs/architecture/anti-entropy) syncs, which may require an ACL token to complete. To accommodate this, Consul provides two methods of configuring ACL tokens @@ -900,7 +900,7 @@ for more information about managing intentions access with service rules. ## Session Rules -The `session` and `session_prefix` resources controls access to [Session API](/api/session) operations. +The `session` and `session_prefix` resources controls access to [Session API](/api-docs/session) operations. Specify the resource label in session rules to set the scope of the rule. The resource label in the following example is empty. As a result, the rules allow read-only access to all sessions. diff --git a/website/content/docs/security/acl/acl-tokens.mdx b/website/content/docs/security/acl/acl-tokens.mdx index 66d886ecb..89999008b 100644 --- a/website/content/docs/security/acl/acl-tokens.mdx +++ b/website/content/docs/security/acl/acl-tokens.mdx @@ -160,22 +160,22 @@ system or accessing Consul under specific conditions. The following table descri | Token | Servers | Clients | Description | | ------------------------------------------------------------------------------------ | ---------- | ---------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| [`acl.tokens.agent_recovery`](/docs/agent/options#acl_tokens_agent_recovery) | `OPTIONAL` | `OPTIONAL` | Enables access to the [Agent API](/api/agent) when remote bearer token resolution fails.
Used for setting up the cluster and performing initial join operations.
See [ACL Agent Recovery Token](#acl-agent-recovery-token) for details. | +| [`acl.tokens.agent_recovery`](/docs/agent/options#acl_tokens_agent_recovery) | `OPTIONAL` | `OPTIONAL` | Enables access to the [Agent API](/api-docs/agent) when remote bearer token resolution fails.
Used for setting up the cluster and performing initial join operations.
See [ACL Agent Recovery Token](#acl-agent-recovery-token) for details. | | [`acl.tokens.agent`](/docs/agent/options#acl_tokens_agent) | `OPTIONAL` | `OPTIONAL` | Used for internal agent operations. See [ACL Agent Token](#acl-agent-token) for details. | | [`acl.tokens.initial_management`](/docs/agent/options#acl_tokens_initial_management) | `OPTIONAL` | `N/A` | Used to bootstrap the ACL system. See [Initial Management Token](#initial-management-token). | | [`acl.tokens.default`](/docs/agent/options#acl_tokens_default) | `OPTIONAL` | `OPTIONAL` | Specifies a default token to use for client requests if no token is supplied. This is commonly configured with read-only access to services to enable DNS service discovery on agents. | -All reserved tokens except the `initial_management` token can be created or updated using the [/v1/agent/token API](/api/agent#update-acl-tokens). +All reserved tokens except the `initial_management` token can be created or updated using the [/v1/agent/token API](/api-docs/agent#update-acl-tokens). ### Snapshot Tokens -Snapshots are artifacts created with the [snapshot API](/api/snapshot) for backup and recovery purposes. Snapshots contain ACL tokens and require, and interacting with them requires a token with `write` privileges. +Snapshots are artifacts created with the [snapshot API](/api-docs/snapshot) for backup and recovery purposes. Snapshots contain ACL tokens and require, and interacting with them requires a token with `write` privileges. ### ACL Agent Token The [`acl.tokens.agent`](/docs/agent/options#acl_tokens_agent) is a special token that is used for an agent's internal operations. It isn't used directly for any user-initiated operations like the [`acl.tokens.default`](/docs/agent/options#acl_tokens_default), though if the `acl.tokens.agent` isn't configured the `acl.tokens.default` will be used. The ACL agent token is used for the following operations by the agent: -1. Updating the agent's node entry using the [Catalog API](/api/catalog), including updating its node metadata, tagged addresses, and network coordinates +1. Updating the agent's node entry using the [Catalog API](/api-docs/catalog), including updating its node metadata, tagged addresses, and network coordinates 2. Performing [anti-entropy](/docs/internals/anti-entropy) syncing, in particular reading the node metadata and services registered with the catalog 3. Reading and writing the special `_rexec` section of the KV store when executing [`consul exec`](/commands/exec) commands diff --git a/website/content/docs/security/acl/auth-methods/index.mdx b/website/content/docs/security/acl/auth-methods/index.mdx index 6f3385a03..c1e29d504 100644 --- a/website/content/docs/security/acl/auth-methods/index.mdx +++ b/website/content/docs/security/acl/auth-methods/index.mdx @@ -49,7 +49,7 @@ using the API or command line before they can be used by applications. details about how to authenticate application credentials. Successful validation of application credentials will return a set of trusted identity attributes (such as a username). These can be managed with the `consul acl auth-method` subcommands or the corresponding [API - endpoints](/api/acl/auth-methods). The specific details of + endpoints](/api-docs/acl/auth-methods). The specific details of configuration are type dependent and described in their own documentation pages. @@ -57,7 +57,7 @@ using the API or command line before they can be used by applications. how to translate trusted identity attributes from each auth method into privileges assigned to the ACL token that is created. These can be managed with the `consul acl binding-rule` subcommands or the corresponding [API - endpoints](/api/acl/binding-rules). + endpoints](/api-docs/acl/binding-rules). -> **Note** - To configure auth methods in any connected secondary datacenter, [ACL token replication](/docs/agent/options#acl_enable_token_replication) @@ -83,7 +83,7 @@ Each binding rule is composed of two portions: - **Selector** - A logical query that must match the trusted identity attributes for the binding rule to be applicable to a given login attempt. The syntax uses github.com/hashicorp/go-bexpr which is shared with the [API - filtering feature](/api/features/filtering). For example: + filtering feature](/api-docs/features/filtering). For example: `"serviceaccount.namespace==default and serviceaccount.name!=vault"` - **Bind Type and Name** - A binding rule can bind a token to a diff --git a/website/content/docs/security/acl/auth-methods/jwt.mdx b/website/content/docs/security/acl/auth-methods/jwt.mdx index d3d8130c6..60fe15891 100644 --- a/website/content/docs/security/acl/auth-methods/jwt.mdx +++ b/website/content/docs/security/acl/auth-methods/jwt.mdx @@ -28,7 +28,7 @@ processing of the claims data in the JWT. ## Config Parameters -The following auth method [`Config`](/api/acl/auth-methods#config) +The following auth method [`Config`](/api-docs/acl/auth-methods#config) parameters are required to properly configure an auth method of type `jwt`: diff --git a/website/content/docs/security/acl/auth-methods/kubernetes.mdx b/website/content/docs/security/acl/auth-methods/kubernetes.mdx index e1490ba8e..8d84d0ca1 100644 --- a/website/content/docs/security/acl/auth-methods/kubernetes.mdx +++ b/website/content/docs/security/acl/auth-methods/kubernetes.mdx @@ -21,7 +21,7 @@ documentation](/docs/security/acl/auth-methods). ## Config Parameters -The following auth method [`Config`](/api/acl/auth-methods#config) +The following auth method [`Config`](/api-docs/acl/auth-methods#config) parameters are required to properly configure an auth method of type `kubernetes`: @@ -37,27 +37,27 @@ parameters are required to properly configure an auth method of type validate application JWTs during login. - `MapNamespaces` `(bool: )` - - **Deprecated in Consul 1.8.0 in favor of [namespace rules](/api/acl/auth-methods#namespacerules).** + **Deprecated in Consul 1.8.0 in favor of [namespace rules](/api-docs/acl/auth-methods#namespacerules).** Indicates whether the auth method should attempt to map the Kubernetes namespace to a Consul namespace instead of creating tokens in the auth methods own namespace. Note that mapping namespaces requires the auth method to reside within the `default` namespace. - Deprecated in Consul 1.8.0 in favor of [namespace rules](/api/acl/auth-methods#namespacerules). + Deprecated in Consul 1.8.0 in favor of [namespace rules](/api-docs/acl/auth-methods#namespacerules). - `ConsulNamespacePrefix` `(string: )` - - **Deprecated in Consul 1.8.0 in favor of [namespace rules](/api/acl/auth-methods#namespacerules).** + **Deprecated in Consul 1.8.0 in favor of [namespace rules](/api-docs/acl/auth-methods#namespacerules).** When `MapNamespaces` is enabled, this value will be prefixed to the Kubernetes namespace to determine the Consul namespace to create the new token within. - Deprecated in Consul 1.8.0 in favor of [namespace rules](/api/acl/auth-methods#namespacerules). + Deprecated in Consul 1.8.0 in favor of [namespace rules](/api-docs/acl/auth-methods#namespacerules). - `ConsulNamespaceOverrides` `(map: )` - - **Deprecated in Consul 1.8.0 in favor of [namespace rules](/api/acl/auth-methods#namespacerules).** + **Deprecated in Consul 1.8.0 in favor of [namespace rules](/api-docs/acl/auth-methods#namespacerules).** This field is a mapping of Kubernetes namespace names to Consul namespace names. If a Kubernetes namespace is present within this map, the value will be used without adding the `ConsulNamespacePrefix`. If the value in the map is `""` then the auth methods namespace will be used instead of attempting to determine an alternate namespace. - Deprecated in Consul 1.8.0 in favor of [namespace rules](/api/acl/auth-methods#namespacerules). + Deprecated in Consul 1.8.0 in favor of [namespace rules](/api-docs/acl/auth-methods#namespacerules). ### Sample Config diff --git a/website/content/docs/security/acl/auth-methods/oidc.mdx b/website/content/docs/security/acl/auth-methods/oidc.mdx index 5c9605831..07ca08a89 100644 --- a/website/content/docs/security/acl/auth-methods/oidc.mdx +++ b/website/content/docs/security/acl/auth-methods/oidc.mdx @@ -34,7 +34,7 @@ processing of the claims data in the JWT. ## Config Parameters -The following auth method [`Config`](/api/acl/auth-methods#config) +The following auth method [`Config`](/api-docs/acl/auth-methods#config) parameters are required to properly configure an auth method of type `oidc`: diff --git a/website/content/docs/security/acl/index.mdx b/website/content/docs/security/acl/index.mdx index 197d63250..d0676d14d 100644 --- a/website/content/docs/security/acl/index.mdx +++ b/website/content/docs/security/acl/index.mdx @@ -76,7 +76,7 @@ Service identities enable you to quickly construct policies for services, rather Refer to the following topics for additional information about service identities: - [Service Identities](/docs/security/acl/acl-roles#service-identities) -- [API documentation for roles](/api/acl/roles#sample-payload) +- [API documentation for roles](/api-docs/acl/roles#sample-payload) ## Node Identities @@ -87,4 +87,4 @@ Node identities enable you to quickly construct policies for nodes, rather than Refer to the following topics for additional information about node identities: - [Node Identities](/docs/security/acl/acl-roles#node-identities) -- [API documentation for roles](/api/acl/roles#sample-payload) +- [API documentation for roles](/api-docs/acl/roles#sample-payload) diff --git a/website/content/docs/upgrading/upgrade-specific.mdx b/website/content/docs/upgrading/upgrade-specific.mdx index 096ecba58..e7284dd38 100644 --- a/website/content/docs/upgrading/upgrade-specific.mdx +++ b/website/content/docs/upgrading/upgrade-specific.mdx @@ -403,7 +403,7 @@ will not upgrade more than one batch per second so on a cluster with 10,000 tokens, this may take several minutes. While this is happening both old and new ACLs will work correctly with the -caveat that new ACL [Token APIs](/api/acl/tokens) may not return an +caveat that new ACL [Token APIs](/api-docs/acl/tokens) may not return an accessor ID for legacy tokens that are not yet migrated. #### Migrating Existing ACLs @@ -417,8 +417,8 @@ API so existing integrations that create tokens (e.g. Vault) will continue to work. The "legacy" tokens generated though will not be able to take advantage of new policy features. It's recommended that you complete migration of all tokens as soon as possible after upgrade, as well as updating any integrations to work -with the the new ACL [Token](/api/acl/tokens) and -[Policy](/api/acl/policies) APIs. +with the the new ACL [Token](/api-docs/acl/tokens) and +[Policy](/api-docs/acl/policies) APIs. More complete details on how to upgrade "legacy" tokens is available [here](/docs/security/acl/acl-migrate-tokens). @@ -718,7 +718,7 @@ directly returning one of Consul's internal data structures. This configuration structure has been moved under `DebugConfig`, and is documents as for debugging use and subject to change, and a small set of elements of `Config` have been maintained and documented. See [Read -Configuration](/api/agent#read-configuration) endpoint documentation for +Configuration](/api-docs/agent#read-configuration) endpoint documentation for details. #### Deprecated `configtest` Command Removed @@ -950,7 +950,7 @@ to upgrade all agents to a newer version of Consul before upgrading to Consul #### Prepared Query Changes Consul version 0.7 adds a feature which allows prepared queries to store a -[`Near` parameter](/api/query#near) in the query definition +[`Near` parameter](/api-docs/query#near) in the query definition itself. This feature enables using the distance sorting features of prepared queries without explicitly providing the node to sort near in requests, but requires the agent servicing a request to send additional information about diff --git a/website/next.config.js b/website/next.config.js index 0ddf76822..f90501d0d 100644 --- a/website/next.config.js +++ b/website/next.config.js @@ -10,12 +10,6 @@ module.exports = withHashicorp({ transpileModules: ['@hashicorp/flight-icons'], })({ svgo: { plugins: [{ removeViewBox: false }] }, - rewrites: () => [ - { - source: '/api/:path*', - destination: '/api-docs/:path*', - }, - ], redirects: () => redirects, // Note: These are meant to be public, it's not a mistake that they are here env: { diff --git a/website/redirects.next.js b/website/redirects.next.js index 484d912a1..3517dc5e3 100644 --- a/website/redirects.next.js +++ b/website/redirects.next.js @@ -357,10 +357,10 @@ module.exports = [ }, { source: '/docs/agent/http/:path*', - destination: '/api/:path*', + destination: '/api-docs/:path*', permanent: true, }, - { source: '/docs/agent/http', destination: '/api', permanent: true }, + { source: '/docs/agent/http', destination: '/api-docs', permanent: true }, // CLI Redirects { source: '/docs/commands', destination: '/commands', permanent: true }, { @@ -1254,4 +1254,9 @@ module.exports = [ destination: '/docs/releases/release-notes/v1_9_0', permanent: true, }, + { + source: '/api/:path*', + destination: '/api-docs/:path*', + permanent: true, + }, ] From aae6d8080dcf63fc252fb342524d863c0f3ce3df Mon Sep 17 00:00:00 2001 From: Paul Glass Date: Thu, 31 Mar 2022 10:18:48 -0500 Subject: [PATCH 050/785] Add IAM Auth Method (#12583) This adds an aws-iam auth method type which supports authenticating to Consul using AWS IAM identities. Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> --- .changelog/12583.txt | 3 + agent/consul/acl_authmethod.go | 1 + agent/consul/authmethod/awsauth/aws.go | 193 ++++++++++ agent/consul/authmethod/awsauth/aws_test.go | 342 +++++++++++++++++ command/login/aws.go | 148 ++++++++ command/login/login.go | 41 ++- command/login/login_test.go | 291 +++++++++++++-- go.mod | 2 +- internal/iamauth/README.md | 2 + internal/iamauth/auth.go | 311 ++++++++++++++++ internal/iamauth/auth_test.go | 123 +++++++ internal/iamauth/config.go | 69 ++++ internal/iamauth/config_test.go | 150 ++++++++ internal/iamauth/iamauthtest/testing.go | 187 ++++++++++ internal/iamauth/responses/arn.go | 94 +++++ internal/iamauth/responses/responses.go | 92 +++++ internal/iamauth/responses/responses_test.go | 157 ++++++++ internal/iamauth/responsestest/testing.go | 81 +++++ internal/iamauth/token.go | 343 +++++++++++++++++ internal/iamauth/token_test.go | 364 +++++++++++++++++++ internal/iamauth/util.go | 158 ++++++++ lib/glob.go | 24 ++ lib/glob_test.go | 37 ++ 23 files changed, 3165 insertions(+), 48 deletions(-) create mode 100644 .changelog/12583.txt create mode 100644 agent/consul/authmethod/awsauth/aws.go create mode 100644 agent/consul/authmethod/awsauth/aws_test.go create mode 100644 command/login/aws.go create mode 100644 internal/iamauth/README.md create mode 100644 internal/iamauth/auth.go create mode 100644 internal/iamauth/auth_test.go create mode 100644 internal/iamauth/config.go create mode 100644 internal/iamauth/config_test.go create mode 100644 internal/iamauth/iamauthtest/testing.go create mode 100644 internal/iamauth/responses/arn.go create mode 100644 internal/iamauth/responses/responses.go create mode 100644 internal/iamauth/responses/responses_test.go create mode 100644 internal/iamauth/responsestest/testing.go create mode 100644 internal/iamauth/token.go create mode 100644 internal/iamauth/token_test.go create mode 100644 internal/iamauth/util.go create mode 100644 lib/glob.go create mode 100644 lib/glob_test.go diff --git a/.changelog/12583.txt b/.changelog/12583.txt new file mode 100644 index 000000000..4b5dad9c0 --- /dev/null +++ b/.changelog/12583.txt @@ -0,0 +1,3 @@ +```release-note:feature +acl: Added an AWS IAM auth method that allows authenticating to Consul using AWS IAM identities +``` diff --git a/agent/consul/acl_authmethod.go b/agent/consul/acl_authmethod.go index 2e973c6a1..b901ce131 100644 --- a/agent/consul/acl_authmethod.go +++ b/agent/consul/acl_authmethod.go @@ -8,6 +8,7 @@ import ( "github.com/hashicorp/go-bexpr" // register these as a builtin auth method + _ "github.com/hashicorp/consul/agent/consul/authmethod/awsauth" _ "github.com/hashicorp/consul/agent/consul/authmethod/kubeauth" _ "github.com/hashicorp/consul/agent/consul/authmethod/ssoauth" ) diff --git a/agent/consul/authmethod/awsauth/aws.go b/agent/consul/authmethod/awsauth/aws.go new file mode 100644 index 000000000..32320e3f7 --- /dev/null +++ b/agent/consul/authmethod/awsauth/aws.go @@ -0,0 +1,193 @@ +package awsauth + +import ( + "context" + "fmt" + + "github.com/hashicorp/consul/agent/consul/authmethod" + "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/internal/iamauth" + "github.com/hashicorp/go-hclog" +) + +const ( + authMethodType string = "aws-iam" + + IAMServerIDHeaderName string = "X-Consul-IAM-ServerID" + GetEntityMethodHeader string = "X-Consul-IAM-GetEntity-Method" + GetEntityURLHeader string = "X-Consul-IAM-GetEntity-URL" + GetEntityHeadersHeader string = "X-Consul-IAM-GetEntity-Headers" + GetEntityBodyHeader string = "X-Consul-IAM-GetEntity-Body" +) + +func init() { + // register this as an available auth method type + authmethod.Register(authMethodType, func(logger hclog.Logger, method *structs.ACLAuthMethod) (authmethod.Validator, error) { + v, err := NewValidator(logger, method) + if err != nil { + return nil, err + } + return v, nil + }) +} + +type Config struct { + // BoundIAMPrincipalARNs are the trusted AWS IAM principal ARNs that are permitted + // to login to the auth method. These can be the exact ARNs or wildcards. Wildcards + // are only supported if EnableIAMEntityDetails is true. + BoundIAMPrincipalARNs []string `json:",omitempty"` + + // EnableIAMEntityDetails will fetch the IAM User or IAM Role details to include + // in binding rules. Required if wildcard principal ARNs are used. + EnableIAMEntityDetails bool `json:",omitempty"` + + // IAMEntityTags are the specific IAM User or IAM Role tags to include as selectable + // fields in the binding rule attributes. Requires EnableIAMEntityDetails = true. + IAMEntityTags []string `json:",omitempty"` + + // ServerIDHeaderValue adds a X-Consul-IAM-ServerID header to each AWS API request. + // This helps protect against replay attacks. + ServerIDHeaderValue string `json:",omitempty"` + + // MaxRetries is the maximum number of retries on AWS API requests for recoverable errors. + MaxRetries int `json:",omitempty"` + // IAMEndpoint is the AWS IAM endpoint where iam:GetRole or iam:GetUser requests will be sent. + // Note that the Host header in a signed request cannot be changed. + IAMEndpoint string `json:",omitempty"` + // STSEndpoint is the AWS STS endpoint where sts:GetCallerIdentity requests will be sent. + // Note that the Host header in a signed request cannot be changed. + STSEndpoint string `json:",omitempty"` + // STSRegion is the region for the AWS STS service. This should only be set if STSEndpoint + // is set, and must match the region of the STSEndpoint. + STSRegion string `json:",omitempty"` + + // AllowedSTSHeaderValues is a list of additional allowed headers on the sts:GetCallerIdentity + // request in the bearer token. A default list of necessary headers is allowed in any case. + AllowedSTSHeaderValues []string `json:",omitempty"` +} + +func (c *Config) convertForLibrary() *iamauth.Config { + return &iamauth.Config{ + BoundIAMPrincipalARNs: c.BoundIAMPrincipalARNs, + EnableIAMEntityDetails: c.EnableIAMEntityDetails, + IAMEntityTags: c.IAMEntityTags, + ServerIDHeaderValue: c.ServerIDHeaderValue, + MaxRetries: c.MaxRetries, + IAMEndpoint: c.IAMEndpoint, + STSEndpoint: c.STSEndpoint, + STSRegion: c.STSRegion, + AllowedSTSHeaderValues: c.AllowedSTSHeaderValues, + + ServerIDHeaderName: IAMServerIDHeaderName, + GetEntityMethodHeader: GetEntityMethodHeader, + GetEntityURLHeader: GetEntityURLHeader, + GetEntityHeadersHeader: GetEntityHeadersHeader, + GetEntityBodyHeader: GetEntityBodyHeader, + } +} + +type Validator struct { + name string + config *iamauth.Config + logger hclog.Logger + + auth *iamauth.Authenticator +} + +func NewValidator(logger hclog.Logger, method *structs.ACLAuthMethod) (*Validator, error) { + if method.Type != authMethodType { + return nil, fmt.Errorf("%q is not an AWS IAM auth method", method.Name) + } + + var config Config + if err := authmethod.ParseConfig(method.Config, &config); err != nil { + return nil, err + } + iamConfig := config.convertForLibrary() + + auth, err := iamauth.NewAuthenticator(iamConfig, logger) + if err != nil { + return nil, err + } + + return &Validator{ + name: method.Name, + config: iamConfig, + logger: logger, + auth: auth, + }, nil +} + +// Name implements authmethod.Validator. +func (v *Validator) Name() string { return v.name } + +// Stop implements authmethod.Validator. +func (v *Validator) Stop() {} + +// ValidateLogin implements authmethod.Validator. +func (v *Validator) ValidateLogin(ctx context.Context, loginToken string) (*authmethod.Identity, error) { + details, err := v.auth.ValidateLogin(ctx, loginToken) + if err != nil { + return nil, err + } + + vars := map[string]string{ + "entity_name": details.EntityName, + "entity_id": details.EntityId, + "account_id": details.AccountId, + } + fields := &awsSelectableFields{ + EntityName: details.EntityName, + EntityId: details.EntityId, + AccountId: details.AccountId, + } + + if v.config.EnableIAMEntityDetails { + vars["entity_path"] = details.EntityPath + fields.EntityPath = details.EntityPath + fields.EntityTags = map[string]string{} + for _, tag := range v.config.IAMEntityTags { + vars["entity_tags."+tag] = details.EntityTags[tag] + fields.EntityTags[tag] = details.EntityTags[tag] + } + } + + result := &authmethod.Identity{ + SelectableFields: fields, + ProjectedVars: vars, + EnterpriseMeta: nil, + } + return result, nil + +} + +func (v *Validator) NewIdentity() *authmethod.Identity { + fields := &awsSelectableFields{ + EntityTags: map[string]string{}, + } + vars := map[string]string{ + "entity_name": "", + "entity_id": "", + "account_id": "", + } + if v.config.EnableIAMEntityDetails { + vars["entity_path"] = "" + for _, tag := range v.config.IAMEntityTags { + vars["entity_tags."+tag] = "" + fields.EntityTags[tag] = "" + } + } + return &authmethod.Identity{ + SelectableFields: fields, + ProjectedVars: vars, + } +} + +type awsSelectableFields struct { + EntityName string `bexpr:"entity_name"` + EntityId string `bexpr:"entity_id"` + AccountId string `bexpr:"account_id"` + + EntityPath string `bexpr:"entity_path"` + EntityTags map[string]string `bexpr:"entity_tags"` +} diff --git a/agent/consul/authmethod/awsauth/aws_test.go b/agent/consul/authmethod/awsauth/aws_test.go new file mode 100644 index 000000000..8ee507692 --- /dev/null +++ b/agent/consul/authmethod/awsauth/aws_test.go @@ -0,0 +1,342 @@ +package awsauth + +import ( + "context" + "encoding/json" + "fmt" + "net/http/httptest" + "testing" + + "github.com/aws/aws-sdk-go/aws/credentials" + "github.com/hashicorp/consul/agent/consul/authmethod" + "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/internal/iamauth" + "github.com/hashicorp/consul/internal/iamauth/iamauthtest" + "github.com/hashicorp/go-hclog" + "github.com/stretchr/testify/require" +) + +func TestNewValidator(t *testing.T) { + f := iamauthtest.MakeFixture() + expConfig := &iamauth.Config{ + BoundIAMPrincipalARNs: []string{f.AssumedRoleARN}, + EnableIAMEntityDetails: true, + IAMEntityTags: []string{"tag-1"}, + ServerIDHeaderValue: "x-some-header", + MaxRetries: 3, + IAMEndpoint: "iam-endpoint", + STSEndpoint: "sts-endpoint", + STSRegion: "sts-region", + AllowedSTSHeaderValues: []string{"header-value"}, + ServerIDHeaderName: "X-Consul-IAM-ServerID", + GetEntityMethodHeader: "X-Consul-IAM-GetEntity-Method", + GetEntityURLHeader: "X-Consul-IAM-GetEntity-URL", + GetEntityHeadersHeader: "X-Consul-IAM-GetEntity-Headers", + GetEntityBodyHeader: "X-Consul-IAM-GetEntity-Body", + } + + type AM = *structs.ACLAuthMethod + // Create the auth method, with an optional modification function. + makeMethod := func(modifyFn func(AM)) AM { + config := map[string]interface{}{ + "BoundIAMPrincipalARNs": []string{f.AssumedRoleARN}, + "EnableIAMEntityDetails": true, + "IAMEntityTags": []string{"tag-1"}, + "ServerIDHeaderValue": "x-some-header", + "MaxRetries": 3, + "IAMEndpoint": "iam-endpoint", + "STSEndpoint": "sts-endpoint", + "STSRegion": "sts-region", + "AllowedSTSHeaderValues": []string{"header-value"}, + } + + m := &structs.ACLAuthMethod{ + Name: "test-iam", + Type: "aws-iam", + Description: "aws iam auth", + Config: config, + } + if modifyFn != nil { + modifyFn(m) + } + return m + } + + cases := map[string]struct { + ok bool + modifyFn func(AM) + }{ + "success": {true, nil}, + "wrong type": {false, func(m AM) { m.Type = "not-iam" }}, + "extra config": {false, func(m AM) { m.Config["extraField"] = "123" }}, + "wrong config value type": {false, func(m AM) { m.Config["MaxRetries"] = []string{"1"} }}, + "missing bound principals": {false, func(m AM) { delete(m.Config, "BoundIAMPrincipalARNs") }}, + } + for name, c := range cases { + t.Run(name, func(t *testing.T) { + v, err := NewValidator(nil, makeMethod(c.modifyFn)) + if c.ok { + require.NoError(t, err) + require.NotNil(t, v) + require.Equal(t, "test-iam", v.name) + require.NotNil(t, v.auth) + require.Equal(t, expConfig, v.config) + } else { + require.Error(t, err) + require.Nil(t, v) + } + }) + } +} + +func TestValidateLogin(t *testing.T) { + f := iamauthtest.MakeFixture() + + cases := map[string]struct { + server *iamauthtest.Server + token string + config map[string]interface{} + expVars map[string]string + expFields []string + expError string + }{ + "success - role login": { + server: f.ServerForRole, + config: map[string]interface{}{ + "BoundIAMPrincipalARNs": []string{f.CanonicalRoleARN}, + }, + expVars: map[string]string{ + "entity_id": f.EntityID, + "entity_name": f.RoleName, + "account_id": f.AccountID, + }, + expFields: []string{ + fmt.Sprintf(`entity_id == %q`, f.EntityID), + fmt.Sprintf(`entity_name == %q`, f.RoleName), + fmt.Sprintf(`account_id == %q`, f.AccountID), + }, + }, + "success - user login": { + server: f.ServerForUser, + config: map[string]interface{}{ + "BoundIAMPrincipalARNs": []string{f.UserARN}, + }, + expVars: map[string]string{ + "entity_id": f.EntityID, + "entity_name": f.UserName, + "account_id": f.AccountID, + }, + expFields: []string{ + fmt.Sprintf(`entity_id == %q`, f.EntityID), + fmt.Sprintf(`entity_name == %q`, f.UserName), + fmt.Sprintf(`account_id == %q`, f.AccountID), + }, + }, + "success - role login with entity details": { + server: f.ServerForUser, + config: map[string]interface{}{ + "BoundIAMPrincipalARNs": []string{f.UserARN}, + "EnableIAMEntityDetails": true, + }, + expVars: map[string]string{ + "entity_id": f.EntityID, + "entity_name": f.UserName, + "account_id": f.AccountID, + "entity_path": f.UserPath, + }, + expFields: []string{ + fmt.Sprintf(`entity_id == %q`, f.EntityID), + fmt.Sprintf(`entity_name == %q`, f.UserName), + fmt.Sprintf(`account_id == %q`, f.AccountID), + fmt.Sprintf(`entity_path == %q`, f.UserPath), + }, + }, + "success - user login with entity details": { + server: f.ServerForUser, + config: map[string]interface{}{ + "BoundIAMPrincipalARNs": []string{f.UserARN}, + "EnableIAMEntityDetails": true, + }, + expVars: map[string]string{ + "entity_id": f.EntityID, + "entity_name": f.UserName, + "account_id": f.AccountID, + "entity_path": f.UserPath, + }, + expFields: []string{ + fmt.Sprintf(`entity_id == %q`, f.EntityID), + fmt.Sprintf(`entity_name == %q`, f.UserName), + fmt.Sprintf(`account_id == %q`, f.AccountID), + fmt.Sprintf(`entity_path == %q`, f.UserPath), + }, + }, + "invalid token": { + server: f.ServerForUser, + config: map[string]interface{}{ + "BoundIAMPrincipalARNs": []string{f.UserARN}, + }, + token: `invalid`, + expError: "invalid token", + }, + "empty json token": { + server: f.ServerForUser, + config: map[string]interface{}{ + "BoundIAMPrincipalARNs": []string{f.UserARN}, + }, + token: `{}`, + expError: "invalid token", + }, + "empty json fields in token": { + server: f.ServerForUser, + config: map[string]interface{}{ + "BoundIAMPrincipalARNs": []string{f.UserARN}, + }, + token: `{"iam_http_request_method": "", +"iam_request_body": "", +"iam_request_headers": "", +"iam_request_url": "" +}`, + expError: "invalid token", + }, + } + for name, c := range cases { + t.Run(name, func(t *testing.T) { + v, _, token := setup(t, c.config, c.server) + if c.token != "" { + token = c.token + } + id, err := v.ValidateLogin(context.Background(), token) + if c.expError != "" { + require.Error(t, err) + require.Contains(t, err.Error(), c.expError) + require.Nil(t, id) + } else { + require.NoError(t, err) + authmethod.RequireIdentityMatch(t, id, c.expVars, c.expFields...) + } + }) + } +} + +func setup(t *testing.T, config map[string]interface{}, server *iamauthtest.Server) (*Validator, *httptest.Server, string) { + t.Helper() + + fakeAws := iamauthtest.NewTestServer(t, server) + + config["STSEndpoint"] = fakeAws.URL + "/sts" + config["STSRegion"] = "fake-region" + config["IAMEndpoint"] = fakeAws.URL + "/iam" + + method := &structs.ACLAuthMethod{ + Name: "test-method", + Type: "aws-iam", + Config: config, + } + nullLogger := hclog.NewNullLogger() + v, err := NewValidator(nullLogger, method) + require.NoError(t, err) + + // Generate the login token + tokenData, err := iamauth.GenerateLoginData(&iamauth.LoginInput{ + Creds: credentials.NewStaticCredentials("fake", "fake", ""), + IncludeIAMEntity: v.config.EnableIAMEntityDetails, + STSEndpoint: v.config.STSEndpoint, + STSRegion: v.config.STSRegion, + Logger: nullLogger, + ServerIDHeaderValue: v.config.ServerIDHeaderValue, + ServerIDHeaderName: v.config.ServerIDHeaderName, + GetEntityMethodHeader: v.config.GetEntityMethodHeader, + GetEntityURLHeader: v.config.GetEntityURLHeader, + GetEntityHeadersHeader: v.config.GetEntityHeadersHeader, + GetEntityBodyHeader: v.config.GetEntityBodyHeader, + }) + require.NoError(t, err) + + token, err := json.Marshal(tokenData) + require.NoError(t, err) + return v, fakeAws, string(token) +} + +func TestNewIdentity(t *testing.T) { + principals := []string{"arn:aws:sts::1234567890:assumed-role/my-role/some-session"} + cases := map[string]struct { + config map[string]interface{} + expVars map[string]string + expFilters []string + }{ + "entity details disabled": { + config: map[string]interface{}{ + "BoundIAMPrincipalARNs": principals, + }, + expVars: map[string]string{ + "entity_name": "", + "entity_id": "", + "account_id": "", + }, + expFilters: []string{ + `entity_name == ""`, + `entity_id == ""`, + `account_id == ""`, + }, + }, + "entity details enabled": { + config: map[string]interface{}{ + "BoundIAMPrincipalARNs": principals, + "EnableIAMEntityDetails": true, + }, + expVars: map[string]string{ + "entity_name": "", + "entity_id": "", + "account_id": "", + "entity_path": "", + }, + expFilters: []string{ + `entity_name == ""`, + `entity_id == ""`, + `account_id == ""`, + `entity_path == ""`, + }, + }, + "entity tags": { + config: map[string]interface{}{ + "BoundIAMPrincipalARNs": principals, + "EnableIAMEntityDetails": true, + "IAMEntityTags": []string{ + "test_tag", + "test_tag_2", + }, + }, + expVars: map[string]string{ + "entity_name": "", + "entity_id": "", + "account_id": "", + "entity_path": "", + "entity_tags.test_tag": "", + "entity_tags.test_tag_2": "", + }, + expFilters: []string{ + `entity_name == ""`, + `entity_id == ""`, + `account_id == ""`, + `entity_path == ""`, + `entity_tags.test_tag == ""`, + `entity_tags.test_tag_2 == ""`, + }, + }, + } + for name, c := range cases { + t.Run(name, func(t *testing.T) { + method := &structs.ACLAuthMethod{ + Name: "test-method", + Type: "aws-iam", + Config: c.config, + } + nullLogger := hclog.NewNullLogger() + v, err := NewValidator(nullLogger, method) + require.NoError(t, err) + + id := v.NewIdentity() + authmethod.RequireIdentityMatch(t, id, c.expVars, c.expFilters...) + }) + } +} diff --git a/command/login/aws.go b/command/login/aws.go new file mode 100644 index 000000000..bae90c943 --- /dev/null +++ b/command/login/aws.go @@ -0,0 +1,148 @@ +package login + +import ( + "encoding/json" + "flag" + "fmt" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/credentials" + "github.com/aws/aws-sdk-go/aws/session" + + "github.com/hashicorp/consul/agent/consul/authmethod/awsauth" + "github.com/hashicorp/consul/internal/iamauth" + "github.com/hashicorp/go-hclog" +) + +type AWSLogin struct { + autoBearerToken bool + includeEntity bool + stsEndpoint string + region string + serverIDHeaderValue string + accessKeyId string + secretAccessKey string + sessionToken string +} + +func (a *AWSLogin) flags() *flag.FlagSet { + fs := flag.NewFlagSet("", flag.ContinueOnError) + fs.BoolVar(&a.autoBearerToken, "aws-auto-bearer-token", false, + "Construct a bearer token and login to the AWS IAM auth method. This requires AWS credentials. "+ + "AWS credentials are automatically discovered from standard sources supported by the Go SDK for "+ + "AWS. Alternatively, explicit credentials can be passed using the -aws-acesss-key-id and "+ + "-aws-secret-access-key flags. [aws-iam only]") + + fs.BoolVar(&a.includeEntity, "aws-include-entity", false, + "Include a signed request to get the IAM role or IAM user in the bearer token. [aws-iam only]") + + fs.StringVar(&a.stsEndpoint, "aws-sts-endpoint", "", + "URL for AWS STS API calls. [aws-iam only]") + + fs.StringVar(&a.region, "aws-region", "", + "Region for AWS API calls. If set, should match the region of -aws-sts-endpoint. "+ + "If not provided, the region will be discovered from standard sources, such as "+ + "the AWS_REGION environment variable. [aws-iam only]") + + fs.StringVar(&a.serverIDHeaderValue, "aws-server-id-header-value", "", + "If set, an X-Consul-IAM-ServerID header is included in signed AWS API request(s) that form "+ + "the bearer token. This value must match the server-side configured value for the auth method "+ + "in order to login. This is optional and helps protect against replay attacks. [aws-iam only]") + + fs.StringVar(&a.accessKeyId, "aws-access-key-id", "", + "AWS access key id to use. Requires -aws-secret-access-key if specified. [aws-iam only]") + + fs.StringVar(&a.secretAccessKey, "aws-secret-access-key", "", + "AWS secret access key to use. Requires -aws-access-key-id if specified. [aws-iam only]") + + fs.StringVar(&a.sessionToken, "aws-session-token", "", + "AWS session token to use. Requires -aws-access-key-id and -aws-secret-access-key if "+ + "specified. [aws-iam only]") + return fs +} + +// checkFlags validates flags for the aws-iam auth method. +func (a *AWSLogin) checkFlags() error { + if !a.autoBearerToken { + if a.includeEntity || a.stsEndpoint != "" || a.region != "" || a.serverIDHeaderValue != "" || + a.accessKeyId != "" || a.secretAccessKey != "" || a.sessionToken != "" { + return fmt.Errorf("Missing '-aws-auto-bearer-token' flag") + } + } + if a.accessKeyId != "" && a.secretAccessKey == "" { + return fmt.Errorf("Missing '-aws-secret-access-key' flag") + } + if a.secretAccessKey != "" && a.accessKeyId == "" { + return fmt.Errorf("Missing '-aws-access-key-id' flag") + } + if a.sessionToken != "" && (a.accessKeyId == "" || a.secretAccessKey == "") { + return fmt.Errorf("Missing '-aws-access-key-id' and '-aws-secret-access-key' flags") + } + return nil +} + +// createAWSBearerToken generates a bearer token string for the AWS IAM auth method. +// It will discover AWS credentials which are used to sign AWS API requests. +// Alternatively, static credentials can be passed as flags. +// +// The bearer token contains a signed sts:GetCallerIdentity request. +// If aws-include-entity is specified, a signed iam:GetRole or iam:GetUser request is +// also included. The AWS credentials are used to retrieve the current user's role +// or user name for the iam:GetRole or iam:GetUser request. +func (a *AWSLogin) createAWSBearerToken() (string, error) { + cfg := aws.Config{ + Endpoint: aws.String(a.stsEndpoint), + Region: aws.String(a.region), + // More detailed error message to help debug credential discovery. + CredentialsChainVerboseErrors: aws.Bool(true), + } + + if a.accessKeyId != "" { + // Use creds from flags. + cfg.Credentials = credentials.NewStaticCredentials( + a.accessKeyId, a.secretAccessKey, a.sessionToken, + ) + } + + // Session loads creds from standard sources (env vars, file, EC2 metadata, ...) + sess, err := session.NewSessionWithOptions(session.Options{ + Config: cfg, + // Allow loading from config files by default: + // ~/.aws/config or AWS_CONFIG_FILE + // ~/.aws/credentials or AWS_SHARED_CREDENTIALS_FILE + SharedConfigState: session.SharedConfigEnable, + }) + if err != nil { + return "", err + } + if sess.Config.Region == nil || *sess.Config.Region == "" { + return "", fmt.Errorf("AWS region not found") + } + if sess.Config.Credentials == nil { + return "", fmt.Errorf("AWS credentials not found") + } + creds := sess.Config.Credentials + + loginData, err := iamauth.GenerateLoginData(&iamauth.LoginInput{ + Creds: creds, + IncludeIAMEntity: a.includeEntity, + STSEndpoint: a.stsEndpoint, + STSRegion: a.region, + Logger: hclog.New(nil), + ServerIDHeaderValue: a.serverIDHeaderValue, + ServerIDHeaderName: awsauth.IAMServerIDHeaderName, + GetEntityMethodHeader: awsauth.GetEntityMethodHeader, + GetEntityURLHeader: awsauth.GetEntityURLHeader, + GetEntityHeadersHeader: awsauth.GetEntityHeadersHeader, + GetEntityBodyHeader: awsauth.GetEntityBodyHeader, + }) + if err != nil { + return "", err + } + + loginDataJson, err := json.Marshal(loginData) + if err != nil { + return "", err + } + return string(loginDataJson), err +} diff --git a/command/login/login.go b/command/login/login.go index ded0958f9..a8f58556a 100644 --- a/command/login/login.go +++ b/command/login/login.go @@ -36,6 +36,8 @@ type cmd struct { tokenSinkFile string meta map[string]string + aws AWSLogin + enterpriseCmd } @@ -57,10 +59,10 @@ func (c *cmd) init() { c.flags.Var((*flags.FlagMapValue)(&c.meta), "meta", "Metadata to set on the token, formatted as key=value. This flag "+ "may be specified multiple times to set multiple meta fields.") - c.initEnterpriseFlags() c.http = &flags.HTTPFlags{} + flags.Merge(c.flags, c.aws.flags()) flags.Merge(c.flags, c.http.ClientFlags()) flags.Merge(c.flags, c.http.ServerFlags()) flags.Merge(c.flags, c.http.MultiTenancyFlags()) @@ -89,21 +91,38 @@ func (c *cmd) Run(args []string) int { } func (c *cmd) bearerTokenLogin() int { - if c.bearerTokenFile == "" { - c.UI.Error(fmt.Sprintf("Missing required '-bearer-token-file' flag")) - return 1 - } - - data, err := ioutil.ReadFile(c.bearerTokenFile) - if err != nil { + if err := c.aws.checkFlags(); err != nil { c.UI.Error(err.Error()) return 1 } - c.bearerToken = strings.TrimSpace(string(data)) - if c.bearerToken == "" { - c.UI.Error(fmt.Sprintf("No bearer token found in %s", c.bearerTokenFile)) + if c.aws.autoBearerToken { + if c.bearerTokenFile != "" { + c.UI.Error("Cannot use '-bearer-token-file' flag with '-aws-auto-bearer-token'") + return 1 + } + + if token, err := c.aws.createAWSBearerToken(); err != nil { + c.UI.Error(fmt.Sprintf("Error with aws-iam auth method: %s", err)) + return 1 + } else { + c.bearerToken = token + } + } else if c.bearerTokenFile == "" { + c.UI.Error("Missing required '-bearer-token-file' flag") return 1 + } else { + data, err := ioutil.ReadFile(c.bearerTokenFile) + if err != nil { + c.UI.Error(err.Error()) + return 1 + } + c.bearerToken = strings.TrimSpace(string(data)) + + if c.bearerToken == "" { + c.UI.Error(fmt.Sprintf("No bearer token found in %s", c.bearerTokenFile)) + return 1 + } } // Ensure that we don't try to use a token when performing a login diff --git a/command/login/login_test.go b/command/login/login_test.go index 3d730548d..7eba6a403 100644 --- a/command/login/login_test.go +++ b/command/login/login_test.go @@ -1,6 +1,7 @@ package login import ( + "fmt" "io/ioutil" "os" "path/filepath" @@ -18,6 +19,7 @@ import ( "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/command/acl" "github.com/hashicorp/consul/internal/go-sso/oidcauth/oidcauthtest" + "github.com/hashicorp/consul/internal/iamauth/iamauthtest" "github.com/hashicorp/consul/sdk/testutil" "github.com/hashicorp/consul/testrpc" ) @@ -39,18 +41,7 @@ func TestLoginCommand(t *testing.T) { testDir := testutil.TempDir(t, "acl") - a := agent.NewTestAgent(t, ` - primary_datacenter = "dc1" - acl { - enabled = true - tokens { - initial_management = "root" - } - }`) - - defer a.Shutdown() - testrpc.WaitForLeader(t, a.RPC, "dc1") - + a := newTestAgent(t) client := a.Client() t.Run("method is required", func(t *testing.T) { @@ -102,6 +93,81 @@ func TestLoginCommand(t *testing.T) { require.Contains(t, ui.ErrorWriter.String(), "Missing required '-bearer-token-file' flag") }) + t.Run("bearer-token-file disallowed with aws-auto-bearer-token", func(t *testing.T) { + defer os.Remove(tokenSinkFile) + + ui := cli.NewMockUi() + cmd := New(ui) + + args := []string{ + "-http-addr=" + a.HTTPAddr(), + "-token=root", + "-method=test", + "-token-sink-file", tokenSinkFile, + "-bearer-token-file", "none.txt", + "-aws-auto-bearer-token", + } + + code := cmd.Run(args) + require.Equal(t, code, 1, "err: %s", ui.ErrorWriter.String()) + require.Contains(t, ui.ErrorWriter.String(), "Cannot use '-bearer-token-file' flag with '-aws-auto-bearer-token'") + }) + + t.Run("aws flags require aws-auto-bearer-token", func(t *testing.T) { + defer os.Remove(tokenSinkFile) + + baseArgs := []string{ + "-http-addr=" + a.HTTPAddr(), + "-token=root", + "-method=test", + "-token-sink-file", tokenSinkFile, + } + + for _, extraArgs := range [][]string{ + {"-aws-include-entity"}, + {"-aws-sts-endpoint", "some-endpoint"}, + {"-aws-region", "some-region"}, + {"-aws-server-id-header-value", "some-value"}, + {"-aws-access-key-id", "some-key"}, + {"-aws-secret-access-key", "some-secret"}, + {"-aws-session-token", "some-token"}, + } { + ui := cli.NewMockUi() + code := New(ui).Run(append(baseArgs, extraArgs...)) + require.Equal(t, code, 1, "err: %s", ui.ErrorWriter.String()) + require.Contains(t, ui.ErrorWriter.String(), "Missing '-aws-auto-bearer-token' flag") + } + }) + + t.Run("aws-access-key-id and aws-secret-access-key require each other", func(t *testing.T) { + defer os.Remove(tokenSinkFile) + + baseArgs := []string{ + "-http-addr=" + a.HTTPAddr(), + "-token=root", + "-method=test", + "-token-sink-file", tokenSinkFile, + "-aws-auto-bearer-token", + } + + ui := cli.NewMockUi() + code := New(ui).Run(append(baseArgs, "-aws-access-key-id", "some-key")) + require.Equal(t, code, 1, "err: %s", ui.ErrorWriter.String()) + require.Contains(t, ui.ErrorWriter.String(), "Missing '-aws-secret-access-key' flag") + + ui = cli.NewMockUi() + code = New(ui).Run(append(baseArgs, "-aws-secret-access-key", "some-key")) + require.Equal(t, code, 1, "err: %s", ui.ErrorWriter.String()) + require.Contains(t, ui.ErrorWriter.String(), "Missing '-aws-access-key-id' flag") + + ui = cli.NewMockUi() + code = New(ui).Run(append(baseArgs, "-aws-session-token", "some-token")) + require.Equal(t, code, 1, "err: %s", ui.ErrorWriter.String()) + require.Contains(t, ui.ErrorWriter.String(), + "Missing '-aws-access-key-id' and '-aws-secret-access-key' flags") + + }) + bearerTokenFile := filepath.Join(testDir, "bearer.token") t.Run("bearer-token-file is empty", func(t *testing.T) { @@ -236,18 +302,7 @@ func TestLoginCommand_k8s(t *testing.T) { testDir := testutil.TempDir(t, "acl") - a := agent.NewTestAgent(t, ` - primary_datacenter = "dc1" - acl { - enabled = true - tokens { - initial_management = "root" - } - }`) - - defer a.Shutdown() - testrpc.WaitForLeader(t, a.RPC, "dc1") - + a := newTestAgent(t) client := a.Client() tokenSinkFile := filepath.Join(testDir, "test.token") @@ -334,18 +389,7 @@ func TestLoginCommand_jwt(t *testing.T) { testDir := testutil.TempDir(t, "acl") - a := agent.NewTestAgent(t, ` - primary_datacenter = "dc1" - acl { - enabled = true - tokens { - initial_management = "root" - } - }`) - - defer a.Shutdown() - testrpc.WaitForLeader(t, a.RPC, "dc1") - + a := newTestAgent(t) client := a.Client() tokenSinkFile := filepath.Join(testDir, "test.token") @@ -470,3 +514,178 @@ func TestLoginCommand_jwt(t *testing.T) { }) } } + +func TestLoginCommand_aws_iam(t *testing.T) { + if testing.Short() { + t.Skip("too slow for testing.Short") + } + + t.Parallel() + + // Formats an HIL template for a BindName, and the expected value for entity tags. + // Input: string{"a", "b"}, []string{"1", "2"} + // Return: "${entity_tags.a}-${entity_tags.b}", "1-2" + entityTagsBind := func(keys, values []string) (string, string) { + parts := []string{} + for _, k := range keys { + parts = append(parts, fmt.Sprintf("${entity_tags.%s}", k)) + } + return strings.Join(parts, "-"), strings.Join(values, "-") + } + + f := iamauthtest.MakeFixture() + roleTagsBindName, roleTagsBindValue := entityTagsBind(f.RoleTagKeys(), f.RoleTagValues()) + userTagsBindName, userTagsBindValue := entityTagsBind(f.UserTagKeys(), f.UserTagValues()) + + cases := map[string]struct { + awsServer *iamauthtest.Server + cmdArgs []string + config map[string]interface{} + bindingRule *api.ACLBindingRule + expServiceIdentity *api.ACLServiceIdentity + }{ + "success - login with role": { + awsServer: f.ServerForRole, + cmdArgs: []string{"-aws-auto-bearer-token"}, + config: map[string]interface{}{ + // Test that an assumed-role arn is translated to the canonical role arn. + "BoundIAMPrincipalARNs": []string{f.CanonicalRoleARN}, + }, + bindingRule: &api.ACLBindingRule{ + BindType: api.BindingRuleBindTypeService, + BindName: "${entity_name}-${entity_id}-${account_id}", + Selector: fmt.Sprintf(`entity_name==%q and entity_id==%q and account_id==%q`, + f.RoleName, f.EntityID, f.AccountID), + }, + expServiceIdentity: &api.ACLServiceIdentity{ + ServiceName: fmt.Sprintf("%s-%s-%s", f.RoleName, strings.ToLower(f.EntityID), f.AccountID), + }, + }, + "success - login with role and entity details enabled": { + awsServer: f.ServerForRole, + cmdArgs: []string{"-aws-auto-bearer-token", "-aws-include-entity"}, + config: map[string]interface{}{ + // Test that we can login with full user path. + "BoundIAMPrincipalARNs": []string{f.RoleARN}, + "EnableIAMEntityDetails": true, + }, + bindingRule: &api.ACLBindingRule{ + BindType: api.BindingRuleBindTypeService, + // TODO: Path cannot be used as service name if it contains a '/' + BindName: "${entity_name}", + Selector: fmt.Sprintf(`entity_name==%q and entity_path==%q`, f.RoleName, f.RolePath), + }, + expServiceIdentity: &api.ACLServiceIdentity{ServiceName: f.RoleName}, + }, + "success - login with role and role tags": { + awsServer: f.ServerForRole, + cmdArgs: []string{"-aws-auto-bearer-token", "-aws-include-entity"}, + config: map[string]interface{}{ + // Test that we can login with a wildcard. + "BoundIAMPrincipalARNs": []string{f.RoleARNWildcard}, + "EnableIAMEntityDetails": true, + "IAMEntityTags": f.RoleTagKeys(), + }, + bindingRule: &api.ACLBindingRule{ + BindType: api.BindingRuleBindTypeService, + BindName: roleTagsBindName, + Selector: fmt.Sprintf(`entity_name==%q and entity_path==%q`, f.RoleName, f.RolePath), + }, + expServiceIdentity: &api.ACLServiceIdentity{ServiceName: roleTagsBindValue}, + }, + "success - login with user and user tags": { + awsServer: f.ServerForUser, + cmdArgs: []string{"-aws-auto-bearer-token", "-aws-include-entity"}, + config: map[string]interface{}{ + // Test that we can login with a wildcard. + "BoundIAMPrincipalARNs": []string{f.UserARNWildcard}, + "EnableIAMEntityDetails": true, + "IAMEntityTags": f.UserTagKeys(), + }, + bindingRule: &api.ACLBindingRule{ + BindType: api.BindingRuleBindTypeService, + BindName: "${entity_name}-" + userTagsBindName, + Selector: fmt.Sprintf(`entity_name==%q and entity_path==%q`, f.UserName, f.UserPath), + }, + expServiceIdentity: &api.ACLServiceIdentity{ + ServiceName: fmt.Sprintf("%s-%s", f.UserName, userTagsBindValue), + }, + }, + } + + for name, c := range cases { + t.Run(name, func(t *testing.T) { + a := newTestAgent(t) + client := a.Client() + + fakeAws := iamauthtest.NewTestServer(t, c.awsServer) + + c.config["STSEndpoint"] = fakeAws.URL + "/sts" + c.config["IAMEndpoint"] = fakeAws.URL + "/iam" + + _, _, err := client.ACL().AuthMethodCreate( + &api.ACLAuthMethod{ + Name: "iam-test", + Type: "aws-iam", + Config: c.config, + }, + &api.WriteOptions{Token: "root"}, + ) + require.NoError(t, err) + + c.bindingRule.AuthMethod = "iam-test" + _, _, err = client.ACL().BindingRuleCreate( + c.bindingRule, + &api.WriteOptions{Token: "root"}, + ) + require.NoError(t, err) + + testDir := testutil.TempDir(t, "acl") + tokenSinkFile := filepath.Join(testDir, "test.token") + t.Cleanup(func() { _ = os.Remove(tokenSinkFile) }) + + ui := cli.NewMockUi() + cmd := New(ui) + args := []string{ + "-http-addr=" + a.HTTPAddr(), + "-token=root", + "-method=iam-test", + "-token-sink-file", tokenSinkFile, + "-aws-sts-endpoint", fakeAws.URL + "/sts", + "-aws-region", "fake-region", + "-aws-access-key-id", "fake-key-id", + "-aws-secret-access-key", "fake-secret-key", + } + args = append(args, c.cmdArgs...) + code := cmd.Run(args) + require.Equal(t, 0, code, ui.ErrorWriter.String()) + + raw, err := ioutil.ReadFile(tokenSinkFile) + require.NoError(t, err) + + token := strings.TrimSpace(string(raw)) + require.Len(t, token, 36, "must be a valid uid: %s", token) + + // Validate correct BindName was interpolated. + tokenRead, _, err := client.ACL().TokenReadSelf(&api.QueryOptions{Token: token}) + require.NoError(t, err) + require.Len(t, tokenRead.ServiceIdentities, 1) + require.Equal(t, c.expServiceIdentity, tokenRead.ServiceIdentities[0]) + + }) + } +} + +func newTestAgent(t *testing.T) *agent.TestAgent { + a := agent.NewTestAgent(t, ` + primary_datacenter = "dc1" + acl { + enabled = true + tokens { + initial_management = "root" + } + }`) + t.Cleanup(func() { _ = a.Shutdown() }) + testrpc.WaitForLeader(t, a.RPC, "dc1") + return a +} diff --git a/go.mod b/go.mod index 456623d40..e99a098ba 100644 --- a/go.mod +++ b/go.mod @@ -44,7 +44,7 @@ require ( github.com/hashicorp/go-memdb v1.3.2 github.com/hashicorp/go-multierror v1.1.1 github.com/hashicorp/go-raftchunking v0.6.2 - github.com/hashicorp/go-retryablehttp v0.6.7 // indirect + github.com/hashicorp/go-retryablehttp v0.6.7 github.com/hashicorp/go-sockaddr v1.0.2 github.com/hashicorp/go-syslog v1.0.0 github.com/hashicorp/go-uuid v1.0.2 diff --git a/internal/iamauth/README.md b/internal/iamauth/README.md new file mode 100644 index 000000000..a9880a355 --- /dev/null +++ b/internal/iamauth/README.md @@ -0,0 +1,2 @@ +This is an internal package to house the AWS IAM auth method utilities for potential +future extraction from Consul. diff --git a/internal/iamauth/auth.go b/internal/iamauth/auth.go new file mode 100644 index 000000000..aaf6bc657 --- /dev/null +++ b/internal/iamauth/auth.go @@ -0,0 +1,311 @@ +package iamauth + +import ( + "context" + "encoding/xml" + "fmt" + "io/ioutil" + "net/http" + "regexp" + "strings" + "time" + + "github.com/hashicorp/consul/internal/iamauth/responses" + "github.com/hashicorp/consul/lib" + "github.com/hashicorp/consul/lib/stringslice" + "github.com/hashicorp/go-cleanhttp" + "github.com/hashicorp/go-hclog" + "github.com/hashicorp/go-retryablehttp" +) + +const ( + // Retry configuration + retryWaitMin = 500 * time.Millisecond + retryWaitMax = 30 * time.Second +) + +type Authenticator struct { + config *Config + logger hclog.Logger +} + +type IdentityDetails struct { + EntityName string + EntityId string + AccountId string + + EntityPath string + EntityTags map[string]string +} + +func NewAuthenticator(config *Config, logger hclog.Logger) (*Authenticator, error) { + if err := config.Validate(); err != nil { + return nil, err + } + return &Authenticator{ + config: config, + logger: logger, + }, nil +} + +// ValidateLogin determines if the identity in the loginToken is permitted to login. +// If so, it returns details about the identity. Otherwise, an error is returned. +func (a *Authenticator) ValidateLogin(ctx context.Context, loginToken string) (*IdentityDetails, error) { + token, err := NewBearerToken(loginToken, a.config) + if err != nil { + return nil, err + } + + req, err := token.GetCallerIdentityRequest() + if err != nil { + return nil, err + } + + if a.config.ServerIDHeaderValue != "" { + err := validateHeaderValue(req.Header, a.config.ServerIDHeaderName, a.config.ServerIDHeaderValue) + if err != nil { + return nil, err + } + } + + callerIdentity, err := a.submitCallerIdentityRequest(ctx, req) + if err != nil { + return nil, err + } + a.logger.Debug("iamauth login attempt", "arn", callerIdentity.Arn) + + entity, err := responses.ParseArn(callerIdentity.Arn) + if err != nil { + return nil, err + } + + identityDetails := &IdentityDetails{ + EntityName: entity.FriendlyName, + // This could either be a "userID:SessionID" (in the case of an assumed role) or just a "userID" + // (in the case of an IAM user). + EntityId: strings.Split(callerIdentity.UserId, ":")[0], + AccountId: callerIdentity.Account, + } + clientArn := entity.CanonicalArn() + + // Fetch the IAM Role or IAM User, if configured. + // This requires the token to contain a signed iam:GetRole or iam:GetUser request. + if a.config.EnableIAMEntityDetails { + iamReq, err := token.GetEntityRequest() + if err != nil { + return nil, err + } + + if a.config.ServerIDHeaderValue != "" { + err := validateHeaderValue(iamReq.Header, a.config.ServerIDHeaderName, a.config.ServerIDHeaderValue) + if err != nil { + return nil, err + } + } + + iamEntityDetails, err := a.submitGetIAMEntityRequest(ctx, iamReq, token.entityRequestType) + if err != nil { + return nil, err + } + + // Only the CallerIdentity response is a guarantee of the client's identity. + // The role/user details must have a unique id match to the CallerIdentity before use. + if iamEntityDetails.EntityId() != identityDetails.EntityId { + return nil, fmt.Errorf("unique id mismatch in login token") + } + + // Use the full ARN with path from the Role/User details + clientArn = iamEntityDetails.EntityArn() + identityDetails.EntityPath = iamEntityDetails.EntityPath() + identityDetails.EntityTags = iamEntityDetails.EntityTags() + } + + if err := a.validateIdentity(clientArn); err != nil { + return nil, err + } + return identityDetails, nil +} + +// https://github.com/hashicorp/vault/blob/ba533d006f2244103648785ebfe8a9a9763d2b6e/builtin/credential/aws/path_login.go#L1321-L1361 +func (a *Authenticator) validateIdentity(clientArn string) error { + if stringslice.Contains(a.config.BoundIAMPrincipalARNs, clientArn) { + // Matches one of BoundIAMPrincipalARNs, so it is trusted + return nil + } + if a.config.EnableIAMEntityDetails { + for _, principalArn := range a.config.BoundIAMPrincipalARNs { + if strings.HasSuffix(principalArn, "*") && lib.GlobbedStringsMatch(principalArn, clientArn) { + // Wildcard match, so it is trusted + return nil + } + } + } + return fmt.Errorf("IAM principal %s is not trusted", clientArn) +} + +func (a *Authenticator) submitCallerIdentityRequest(ctx context.Context, req *http.Request) (*responses.GetCallerIdentityResult, error) { + responseBody, err := a.submitRequest(ctx, req) + if err != nil { + return nil, err + } + callerIdentityResponse, err := parseGetCallerIdentityResponse(responseBody) + if err != nil { + return nil, fmt.Errorf("error parsing STS response") + } + + if n := len(callerIdentityResponse.GetCallerIdentityResult); n != 1 { + return nil, fmt.Errorf("received %d identities in STS response but expected 1", n) + } + return &callerIdentityResponse.GetCallerIdentityResult[0], nil +} + +func (a *Authenticator) submitGetIAMEntityRequest(ctx context.Context, req *http.Request, reqType string) (responses.IAMEntity, error) { + responseBody, err := a.submitRequest(ctx, req) + if err != nil { + return nil, err + } + iamResponse, err := parseGetIAMEntityResponse(responseBody, reqType) + if err != nil { + return nil, fmt.Errorf("error parsing IAM response: %s", err) + } + return iamResponse, nil + +} + +// https://github.com/hashicorp/vault/blob/b17e3256dde937a6248c9a2fa56206aac93d07de/builtin/credential/aws/path_login.go#L1636 +func (a *Authenticator) submitRequest(ctx context.Context, req *http.Request) (string, error) { + retryableReq, err := retryablehttp.FromRequest(req) + if err != nil { + return "", err + } + retryableReq = retryableReq.WithContext(ctx) + client := cleanhttp.DefaultClient() + client.CheckRedirect = func(req *http.Request, via []*http.Request) error { + return http.ErrUseLastResponse + } + retryingClient := &retryablehttp.Client{ + HTTPClient: client, + RetryWaitMin: retryWaitMin, + RetryWaitMax: retryWaitMax, + RetryMax: a.config.MaxRetries, + CheckRetry: retryablehttp.DefaultRetryPolicy, + Backoff: retryablehttp.DefaultBackoff, + } + + response, err := retryingClient.Do(retryableReq) + if err != nil { + return "", fmt.Errorf("error making request: %w", err) + } + if response != nil { + defer response.Body.Close() + } + // Validate that the response type is XML + if ct := response.Header.Get("Content-Type"); ct != "text/xml" { + return "", fmt.Errorf("response body is invalid") + } + + // we check for status code afterwards to also print out response body + responseBody, err := ioutil.ReadAll(response.Body) + if err != nil { + return "", err + } + if response.StatusCode != 200 { + return "", fmt.Errorf("received error code %d: %s", response.StatusCode, string(responseBody)) + } + return string(responseBody), nil + +} + +// https://github.com/hashicorp/vault/blob/ba533d006f2244103648785ebfe8a9a9763d2b6e/builtin/credential/aws/path_login.go#L1625-L1634 +func parseGetCallerIdentityResponse(response string) (responses.GetCallerIdentityResponse, error) { + result := responses.GetCallerIdentityResponse{} + response = strings.TrimSpace(response) + if !strings.HasPrefix(response, " 2 { + return fmt.Errorf("found multiple SignedHeaders components") + } + signedHeaders := string(matches[1]) + return ensureHeaderIsSigned(signedHeaders, headerName) + } + // NOTE: If we support GET requests, then we need to parse the X-Amz-SignedHeaders + // argument out of the query string and search in there for the header value + return fmt.Errorf("missing Authorization header") +} + +func ensureHeaderIsSigned(signedHeaders, headerToSign string) error { + // Not doing a constant time compare here, the values aren't secret + for _, header := range strings.Split(signedHeaders, ";") { + if header == strings.ToLower(headerToSign) { + return nil + } + } + return fmt.Errorf("header wasn't signed") +} diff --git a/internal/iamauth/auth_test.go b/internal/iamauth/auth_test.go new file mode 100644 index 000000000..736c3203a --- /dev/null +++ b/internal/iamauth/auth_test.go @@ -0,0 +1,123 @@ +package iamauth + +import ( + "context" + "encoding/json" + "testing" + + "github.com/aws/aws-sdk-go/aws/credentials" + "github.com/hashicorp/consul/internal/iamauth/iamauthtest" + "github.com/hashicorp/consul/internal/iamauth/responsestest" + "github.com/hashicorp/go-hclog" + "github.com/stretchr/testify/require" +) + +func TestValidateLogin(t *testing.T) { + f := iamauthtest.MakeFixture() + + var ( + serverForRoleMismatchedIds = &iamauthtest.Server{ + GetCallerIdentityResponse: f.ServerForRole.GetCallerIdentityResponse, + GetRoleResponse: responsestest.MakeGetRoleResponse(f.RoleARN, "AAAAsomenonmatchingid"), + } + serverForUserMismatchedIds = &iamauthtest.Server{ + GetCallerIdentityResponse: f.ServerForUser.GetCallerIdentityResponse, + GetUserResponse: responsestest.MakeGetUserResponse(f.UserARN, "AAAAsomenonmatchingid"), + } + ) + + cases := map[string]struct { + config *Config + server *iamauthtest.Server + expIdent *IdentityDetails + expError string + }{ + "no bound principals": { + expError: "not trusted", + server: f.ServerForRole, + config: &Config{}, + }, + "no matching principal": { + expError: "not trusted", + server: f.ServerForUser, + config: &Config{ + BoundIAMPrincipalARNs: []string{ + "arn:aws:iam::1234567890:user/some-other-role", + "arn:aws:iam::1234567890:user/some-other-user", + }, + }, + }, + "mismatched server id header": { + expError: `expected "some-non-matching-value" but got "server.id.example.com"`, + server: f.ServerForRole, + config: &Config{ + BoundIAMPrincipalARNs: []string{f.CanonicalRoleARN}, + ServerIDHeaderValue: "some-non-matching-value", + ServerIDHeaderName: "X-Test-ServerID", + }, + }, + "role unique id mismatch": { + expError: "unique id mismatch in login token", + // The RoleId in the GetRole response must match the UserId in the GetCallerIdentity response + // during login. If not, the RoleId cannot be used. + server: serverForRoleMismatchedIds, + config: &Config{ + BoundIAMPrincipalARNs: []string{f.RoleARN}, + EnableIAMEntityDetails: true, + }, + }, + "user unique id mismatch": { + expError: "unique id mismatch in login token", + server: serverForUserMismatchedIds, + config: &Config{ + BoundIAMPrincipalARNs: []string{f.UserARN}, + EnableIAMEntityDetails: true, + }, + }, + } + logger := hclog.New(nil) + for name, c := range cases { + t.Run(name, func(t *testing.T) { + fakeAws := iamauthtest.NewTestServer(t, c.server) + + c.config.STSEndpoint = fakeAws.URL + "/sts" + c.config.IAMEndpoint = fakeAws.URL + "/iam" + setTestHeaderNames(c.config) + + // This bypasses NewAuthenticator, which bypasses config.Validate(). + auth := &Authenticator{config: c.config, logger: logger} + + loginInput := &LoginInput{ + Creds: credentials.NewStaticCredentials("fake", "fake", ""), + IncludeIAMEntity: c.config.EnableIAMEntityDetails, + STSEndpoint: c.config.STSEndpoint, + STSRegion: "fake-region", + Logger: logger, + ServerIDHeaderValue: "server.id.example.com", + } + setLoginInputHeaderNames(loginInput) + loginData, err := GenerateLoginData(loginInput) + require.NoError(t, err) + loginBytes, err := json.Marshal(loginData) + require.NoError(t, err) + + ident, err := auth.ValidateLogin(context.Background(), string(loginBytes)) + if c.expError != "" { + require.Error(t, err) + require.Contains(t, err.Error(), c.expError) + require.Nil(t, ident) + } else { + require.NoError(t, err) + require.Equal(t, c.expIdent, ident) + } + }) + } +} + +func setLoginInputHeaderNames(in *LoginInput) { + in.ServerIDHeaderName = "X-Test-ServerID" + in.GetEntityMethodHeader = "X-Test-Method" + in.GetEntityURLHeader = "X-Test-URL" + in.GetEntityHeadersHeader = "X-Test-Headers" + in.GetEntityBodyHeader = "X-Test-Body" +} diff --git a/internal/iamauth/config.go b/internal/iamauth/config.go new file mode 100644 index 000000000..a8a6b61d5 --- /dev/null +++ b/internal/iamauth/config.go @@ -0,0 +1,69 @@ +package iamauth + +import ( + "fmt" + "strings" + + awsArn "github.com/aws/aws-sdk-go/aws/arn" +) + +type Config struct { + BoundIAMPrincipalARNs []string + EnableIAMEntityDetails bool + IAMEntityTags []string + ServerIDHeaderValue string + MaxRetries int + IAMEndpoint string + STSEndpoint string + STSRegion string + AllowedSTSHeaderValues []string + + // Customizable header names + ServerIDHeaderName string + GetEntityMethodHeader string + GetEntityURLHeader string + GetEntityHeadersHeader string + GetEntityBodyHeader string +} + +func (c *Config) Validate() error { + if len(c.BoundIAMPrincipalARNs) == 0 { + return fmt.Errorf("BoundIAMPrincipalARNs is required and must have at least 1 entry") + } + + for _, arn := range c.BoundIAMPrincipalARNs { + if n := strings.Count(arn, "*"); n > 0 { + if !c.EnableIAMEntityDetails { + return fmt.Errorf("Must set EnableIAMEntityDetails=true to use wildcards in BoundIAMPrincipalARNs") + } + if n != 1 || !strings.HasSuffix(arn, "*") { + return fmt.Errorf("Only one wildcard is allowed at the end of the bound IAM principal ARN") + } + } + + if parsed, err := awsArn.Parse(arn); err != nil { + return fmt.Errorf("Invalid principal ARN: %q", arn) + } else if parsed.Service != "iam" && parsed.Service != "sts" { + return fmt.Errorf("Invalid principal ARN: %q", arn) + } + } + + if len(c.IAMEntityTags) > 0 && !c.EnableIAMEntityDetails { + return fmt.Errorf("Must set EnableIAMEntityDetails=true to use IAMUserTags") + } + + // If server id header checking is enabled, we need the header name. + if c.ServerIDHeaderValue != "" && c.ServerIDHeaderName == "" { + return fmt.Errorf("Must set ServerIDHeaderName to use a server ID value") + } + + if c.EnableIAMEntityDetails && (c.GetEntityBodyHeader == "" || + c.GetEntityHeadersHeader == "" || + c.GetEntityMethodHeader == "" || + c.GetEntityURLHeader == "") { + return fmt.Errorf("Must set all of GetEntityMethodHeader, GetEntityURLHeader, " + + "GetEntityHeadersHeader, and GetEntityBodyHeader when EnableIAMEntityDetails=true") + } + + return nil +} diff --git a/internal/iamauth/config_test.go b/internal/iamauth/config_test.go new file mode 100644 index 000000000..d23dc992a --- /dev/null +++ b/internal/iamauth/config_test.go @@ -0,0 +1,150 @@ +package iamauth + +import ( + "fmt" + "testing" + + "github.com/stretchr/testify/require" +) + +func TestConfigValidate(t *testing.T) { + principalArn := "arn:aws:iam::000000000000:role/my-role" + + cases := map[string]struct { + expError string + configs []Config + + includeHeaderNames bool + }{ + "bound iam principals are required": { + expError: "BoundIAMPrincipalARNs is required and must have at least 1 entry", + configs: []Config{ + {BoundIAMPrincipalARNs: nil}, + {BoundIAMPrincipalARNs: []string{}}, + }, + }, + "entity tags require entity details": { + expError: "Must set EnableIAMEntityDetails=true to use IAMUserTags", + configs: []Config{ + { + BoundIAMPrincipalARNs: []string{principalArn}, + EnableIAMEntityDetails: false, + IAMEntityTags: []string{"some-tag"}, + }, + }, + }, + "entity details require all entity header names": { + expError: "Must set all of GetEntityMethodHeader, GetEntityURLHeader, " + + "GetEntityHeadersHeader, and GetEntityBodyHeader when EnableIAMEntityDetails=true", + configs: []Config{ + { + BoundIAMPrincipalARNs: []string{principalArn}, + EnableIAMEntityDetails: true, + }, + { + BoundIAMPrincipalARNs: []string{principalArn}, + EnableIAMEntityDetails: true, + GetEntityBodyHeader: "X-Test-Header", + }, + { + BoundIAMPrincipalARNs: []string{principalArn}, + EnableIAMEntityDetails: true, + GetEntityHeadersHeader: "X-Test-Header", + }, + { + BoundIAMPrincipalARNs: []string{principalArn}, + EnableIAMEntityDetails: true, + GetEntityURLHeader: "X-Test-Header", + }, + { + BoundIAMPrincipalARNs: []string{principalArn}, + EnableIAMEntityDetails: true, + GetEntityMethodHeader: "X-Test-Header", + }, + }, + }, + "wildcard principals require entity details": { + expError: "Must set EnableIAMEntityDetails=true to use wildcards in BoundIAMPrincipalARNs", + configs: []Config{ + {BoundIAMPrincipalARNs: []string{"arn:aws:iam::000000000000:role/*"}}, + {BoundIAMPrincipalARNs: []string{"arn:aws:iam::000000000000:role/path/*"}}, + }, + }, + "only one wildcard suffix is allowed": { + expError: "Only one wildcard is allowed at the end of the bound IAM principal ARN", + configs: []Config{ + { + BoundIAMPrincipalARNs: []string{"arn:aws:iam::000000000000:role/**"}, + EnableIAMEntityDetails: true, + }, + { + BoundIAMPrincipalARNs: []string{"arn:aws:iam::000000000000:role/*/*"}, + EnableIAMEntityDetails: true, + }, + { + BoundIAMPrincipalARNs: []string{"arn:aws:iam::000000000000:role/*/path"}, + EnableIAMEntityDetails: true, + }, + { + BoundIAMPrincipalARNs: []string{"arn:aws:iam::000000000000:role/*/path/*"}, + EnableIAMEntityDetails: true, + }, + }, + }, + "invalid principal arns are disallowed": { + expError: fmt.Sprintf("Invalid principal ARN"), + configs: []Config{ + {BoundIAMPrincipalARNs: []string{""}}, + {BoundIAMPrincipalARNs: []string{" "}}, + {BoundIAMPrincipalARNs: []string{"*"}, EnableIAMEntityDetails: true}, + {BoundIAMPrincipalARNs: []string{"arn:aws:iam:role/my-role"}}, + }, + }, + "valid principal arns are allowed": { + includeHeaderNames: true, + configs: []Config{ + {BoundIAMPrincipalARNs: []string{"arn:aws:sts::000000000000:assumed-role/my-role/some-session-name"}}, + {BoundIAMPrincipalARNs: []string{"arn:aws:iam::000000000000:user/my-user"}}, + {BoundIAMPrincipalARNs: []string{"arn:aws:iam::000000000000:role/my-role"}}, + {BoundIAMPrincipalARNs: []string{"arn:aws:iam::000000000000:*"}, EnableIAMEntityDetails: true}, + {BoundIAMPrincipalARNs: []string{"arn:aws:iam::000000000000:role/*"}, EnableIAMEntityDetails: true}, + {BoundIAMPrincipalARNs: []string{"arn:aws:iam::000000000000:role/path/*"}, EnableIAMEntityDetails: true}, + {BoundIAMPrincipalARNs: []string{"arn:aws:iam::000000000000:user/*"}, EnableIAMEntityDetails: true}, + {BoundIAMPrincipalARNs: []string{"arn:aws:iam::000000000000:user/path/*"}, EnableIAMEntityDetails: true}, + }, + }, + "server id header value requires service id header name": { + expError: "Must set ServerIDHeaderName to use a server ID value", + configs: []Config{ + { + BoundIAMPrincipalARNs: []string{principalArn}, + ServerIDHeaderValue: "consul.test.example.com", + }, + }, + }, + } + + for name, c := range cases { + t.Run(name, func(t *testing.T) { + for _, conf := range c.configs { + if c.includeHeaderNames { + setTestHeaderNames(&conf) + } + err := conf.Validate() + if c.expError != "" { + require.Error(t, err) + require.Contains(t, err.Error(), c.expError) + } else { + require.NoError(t, err) + } + } + }) + } +} + +func setTestHeaderNames(conf *Config) { + conf.GetEntityMethodHeader = "X-Test-Method" + conf.GetEntityURLHeader = "X-Test-URL" + conf.GetEntityHeadersHeader = "X-Test-Headers" + conf.GetEntityBodyHeader = "X-Test-Body" +} diff --git a/internal/iamauth/iamauthtest/testing.go b/internal/iamauth/iamauthtest/testing.go new file mode 100644 index 000000000..4cb8519a9 --- /dev/null +++ b/internal/iamauth/iamauthtest/testing.go @@ -0,0 +1,187 @@ +package iamauthtest + +import ( + "encoding/xml" + "fmt" + "io" + "net/http" + "net/http/httptest" + "sort" + "strings" + "testing" + + "github.com/hashicorp/consul/internal/iamauth/responses" + "github.com/hashicorp/consul/internal/iamauth/responsestest" +) + +// NewTestServer returns a fake AWS API server for local tests: +// It supports the following paths: +// /sts returns STS API responses +// /iam returns IAM API responses +func NewTestServer(t *testing.T, s *Server) *httptest.Server { + server := httptest.NewUnstartedServer(s) + t.Cleanup(server.Close) + server.Start() + return server +} + +// Server contains configuration for the fake AWS API server. +type Server struct { + GetCallerIdentityResponse responses.GetCallerIdentityResponse + GetRoleResponse responses.GetRoleResponse + GetUserResponse responses.GetUserResponse +} + +func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) { + if r.Method != "POST" { + writeError(w, http.StatusBadRequest, r) + return + } + + switch { + case strings.HasPrefix(r.URL.Path, "/sts"): + writeXML(w, s.GetCallerIdentityResponse) + case strings.HasPrefix(r.URL.Path, "/iam"): + if bodyBytes, err := io.ReadAll(r.Body); err == nil { + body := string(bodyBytes) + switch { + case strings.Contains(body, "Action=GetRole"): + writeXML(w, s.GetRoleResponse) + return + case strings.Contains(body, "Action=GetUser"): + writeXML(w, s.GetUserResponse) + return + } + } + writeError(w, http.StatusBadRequest, r) + default: + writeError(w, http.StatusNotFound, r) + } +} + +func writeXML(w http.ResponseWriter, val interface{}) { + str, err := xml.MarshalIndent(val, "", " ") + if err != nil { + w.WriteHeader(http.StatusInternalServerError) + fmt.Fprint(w, err.Error()) + return + } + w.Header().Add("Content-Type", "text/xml") + w.WriteHeader(http.StatusOK) + fmt.Fprint(w, string(str)) +} + +func writeError(w http.ResponseWriter, code int, r *http.Request) { + w.WriteHeader(code) + msg := fmt.Sprintf("%s %s", r.Method, r.URL) + fmt.Fprintf(w, ` + + Fake AWS Server Error: %s + +`, msg) +} + +type Fixture struct { + AssumedRoleARN string + CanonicalRoleARN string + RoleARN string + RoleARNWildcard string + RoleName string + RolePath string + RoleTags map[string]string + + EntityID string + EntityIDWithSession string + AccountID string + + UserARN string + UserARNWildcard string + UserName string + UserPath string + UserTags map[string]string + + ServerForRole *Server + ServerForUser *Server +} + +func MakeFixture() Fixture { + f := Fixture{ + AssumedRoleARN: "arn:aws:sts::1234567890:assumed-role/my-role/some-session", + CanonicalRoleARN: "arn:aws:iam::1234567890:role/my-role", + RoleARN: "arn:aws:iam::1234567890:role/some/path/my-role", + RoleARNWildcard: "arn:aws:iam::1234567890:role/some/path/*", + RoleName: "my-role", + RolePath: "some/path", + RoleTags: map[string]string{ + "service-name": "my-service", + "env": "my-env", + }, + + EntityID: "AAAsomeuniqueid", + EntityIDWithSession: "AAAsomeuniqueid:some-session", + AccountID: "1234567890", + + UserARN: "arn:aws:iam::1234567890:user/my-user", + UserARNWildcard: "arn:aws:iam::1234567890:user/*", + UserName: "my-user", + UserPath: "", + UserTags: map[string]string{"user-group": "my-group"}, + } + + f.ServerForRole = &Server{ + GetCallerIdentityResponse: responsestest.MakeGetCallerIdentityResponse( + f.AssumedRoleARN, f.EntityIDWithSession, f.AccountID, + ), + GetRoleResponse: responsestest.MakeGetRoleResponse( + f.RoleARN, f.EntityID, toTags(f.RoleTags)..., + ), + } + + f.ServerForUser = &Server{ + GetCallerIdentityResponse: responsestest.MakeGetCallerIdentityResponse( + f.UserARN, f.EntityID, f.AccountID, + ), + GetUserResponse: responsestest.MakeGetUserResponse( + f.UserARN, f.EntityID, toTags(f.UserTags)..., + ), + } + + return f +} + +func (f *Fixture) RoleTagKeys() []string { return keys(f.RoleTags) } +func (f *Fixture) UserTagKeys() []string { return keys(f.UserTags) } +func (f *Fixture) RoleTagValues() []string { return values(f.RoleTags) } +func (f *Fixture) UserTagValues() []string { return values(f.UserTags) } + +// toTags converts the map to a slice of responses.Tag +func toTags(tags map[string]string) []responses.Tag { + result := []responses.Tag{} + for k, v := range tags { + result = append(result, responses.Tag{ + Key: k, + Value: v, + }) + } + return result + +} + +// keys returns the keys in sorted order +func keys(tags map[string]string) []string { + result := []string{} + for k := range tags { + result = append(result, k) + } + sort.Strings(result) + return result +} + +// values returns values in tags, ordered by sorted keys +func values(tags map[string]string) []string { + result := []string{} + for _, k := range keys(tags) { // ensures sorted by key + result = append(result, tags[k]) + } + return result +} diff --git a/internal/iamauth/responses/arn.go b/internal/iamauth/responses/arn.go new file mode 100644 index 000000000..ea5e541d3 --- /dev/null +++ b/internal/iamauth/responses/arn.go @@ -0,0 +1,94 @@ +package responses + +import ( + "fmt" + "strings" +) + +// https://github.com/hashicorp/vault/blob/ba533d006f2244103648785ebfe8a9a9763d2b6e/builtin/credential/aws/path_login.go#L1722-L1744 +type ParsedArn struct { + Partition string + AccountNumber string + Type string + Path string + FriendlyName string + SessionInfo string +} + +// https://github.com/hashicorp/vault/blob/ba533d006f2244103648785ebfe8a9a9763d2b6e/builtin/credential/aws/path_login.go#L1482-L1530 +// However, instance profiles are not support in Consul. +func ParseArn(iamArn string) (*ParsedArn, error) { + // iamArn should look like one of the following: + // 1. arn:aws:iam:::/ + // 2. arn:aws:sts:::assumed-role// + // if we get something like 2, then we want to transform that back to what + // most people would expect, which is arn:aws:iam:::role/ + var entity ParsedArn + fullParts := strings.Split(iamArn, ":") + if len(fullParts) != 6 { + return nil, fmt.Errorf("unrecognized arn: contains %d colon-separated parts, expected 6", len(fullParts)) + } + if fullParts[0] != "arn" { + return nil, fmt.Errorf("unrecognized arn: does not begin with \"arn:\"") + } + // normally aws, but could be aws-cn or aws-us-gov + entity.Partition = fullParts[1] + if entity.Partition == "" { + return nil, fmt.Errorf("unrecognized arn: %q is missing the partition", iamArn) + } + if fullParts[2] != "iam" && fullParts[2] != "sts" { + return nil, fmt.Errorf("unrecognized service: %v, not one of iam or sts", fullParts[2]) + } + // fullParts[3] is the region, which doesn't matter for AWS IAM entities + entity.AccountNumber = fullParts[4] + if entity.AccountNumber == "" { + return nil, fmt.Errorf("unrecognized arn: %q is missing the account number", iamArn) + } + // fullParts[5] would now be something like user/ or assumed-role// + parts := strings.Split(fullParts[5], "/") + if len(parts) < 2 { + return nil, fmt.Errorf("unrecognized arn: %q contains fewer than 2 slash-separated parts", fullParts[5]) + } + entity.Type = parts[0] + entity.Path = strings.Join(parts[1:len(parts)-1], "/") + entity.FriendlyName = parts[len(parts)-1] + // now, entity.FriendlyName should either be or + switch entity.Type { + case "assumed-role": + // Check for three parts for assumed role ARNs + if len(parts) < 3 { + return nil, fmt.Errorf("unrecognized arn: %q contains fewer than 3 slash-separated parts", fullParts[5]) + } + // Assumed roles don't have paths and have a slightly different format + // parts[2] is + entity.Path = "" + entity.FriendlyName = parts[1] + entity.SessionInfo = parts[2] + case "user": + case "role": + // case "instance-profile": + default: + return nil, fmt.Errorf("unrecognized principal type: %q", entity.Type) + } + + if entity.FriendlyName == "" { + return nil, fmt.Errorf("unrecognized arn: %q is missing the resource name", iamArn) + } + + return &entity, nil +} + +// CanonicalArn returns the canonical ARN for referring to an IAM entity +func (p *ParsedArn) CanonicalArn() string { + entityType := p.Type + // canonicalize "assumed-role" into "role" + if entityType == "assumed-role" { + entityType = "role" + } + // Annoyingly, the assumed-role entity type doesn't have the Path of the role which was assumed + // So, we "canonicalize" it by just completely dropping the path. The other option would be to + // make an AWS API call to look up the role by FriendlyName, which introduces more complexity to + // code and test, and it also breaks backwards compatibility in an area where we would really want + // it + return fmt.Sprintf("arn:%s:iam::%s:%s/%s", p.Partition, p.AccountNumber, entityType, p.FriendlyName) +} diff --git a/internal/iamauth/responses/responses.go b/internal/iamauth/responses/responses.go new file mode 100644 index 000000000..e050b7734 --- /dev/null +++ b/internal/iamauth/responses/responses.go @@ -0,0 +1,92 @@ +package responses + +import "encoding/xml" + +type GetCallerIdentityResponse struct { + XMLName xml.Name `xml:"GetCallerIdentityResponse"` + GetCallerIdentityResult []GetCallerIdentityResult `xml:"GetCallerIdentityResult"` + ResponseMetadata []ResponseMetadata `xml:"ResponseMetadata"` +} + +type GetCallerIdentityResult struct { + Arn string `xml:"Arn"` + UserId string `xml:"UserId"` + Account string `xml:"Account"` +} + +type ResponseMetadata struct { + RequestId string `xml:"RequestId"` +} + +// IAMEntity is an interface for getting details from an IAM Role or User. +type IAMEntity interface { + EntityPath() string + EntityArn() string + EntityName() string + EntityId() string + EntityTags() map[string]string +} + +var _ IAMEntity = (*Role)(nil) +var _ IAMEntity = (*User)(nil) + +type GetRoleResponse struct { + XMLName xml.Name `xml:"GetRoleResponse"` + GetRoleResult []GetRoleResult `xml:"GetRoleResult"` + ResponseMetadata []ResponseMetadata `xml:"ResponseMetadata"` +} + +type GetRoleResult struct { + Role Role `xml:"Role"` +} + +type Role struct { + Arn string `xml:"Arn"` + Path string `xml:"Path"` + RoleId string `xml:"RoleId"` + RoleName string `xml:"RoleName"` + Tags []Tag `xml:"Tags"` +} + +func (r *Role) EntityPath() string { return r.Path } +func (r *Role) EntityArn() string { return r.Arn } +func (r *Role) EntityName() string { return r.RoleName } +func (r *Role) EntityId() string { return r.RoleId } +func (r *Role) EntityTags() map[string]string { return tagsToMap(r.Tags) } + +type GetUserResponse struct { + XMLName xml.Name `xml:"GetUserResponse"` + GetUserResult []GetUserResult `xml:"GetUserResult"` + ResponseMetadata []ResponseMetadata `xml:"ResponseMetadata"` +} + +type GetUserResult struct { + User User `xml:"User"` +} + +type User struct { + Arn string `xml:"Arn"` + Path string `xml:"Path"` + UserId string `xml:"UserId"` + UserName string `xml:"UserName"` + Tags []Tag `xml:"Tags"` +} + +func (u *User) EntityPath() string { return u.Path } +func (u *User) EntityArn() string { return u.Arn } +func (u *User) EntityName() string { return u.UserName } +func (u *User) EntityId() string { return u.UserId } +func (u *User) EntityTags() map[string]string { return tagsToMap(u.Tags) } + +type Tag struct { + Key string `xml:"Key"` + Value string `xml:"Value"` +} + +func tagsToMap(tags []Tag) map[string]string { + result := map[string]string{} + for _, tag := range tags { + result[tag.Key] = tag.Value + } + return result +} diff --git a/internal/iamauth/responses/responses_test.go b/internal/iamauth/responses/responses_test.go new file mode 100644 index 000000000..df4a9c1e3 --- /dev/null +++ b/internal/iamauth/responses/responses_test.go @@ -0,0 +1,157 @@ +package responses + +import ( + "testing" + + "github.com/stretchr/testify/require" +) + +func TestParseArn(t *testing.T) { + cases := map[string]struct { + arn string + expArn *ParsedArn + }{ + "assumed-role": { + arn: "arn:aws:sts::000000000000:assumed-role/my-role/session-name", + expArn: &ParsedArn{ + Partition: "aws", + AccountNumber: "000000000000", + Type: "assumed-role", + Path: "", + FriendlyName: "my-role", + SessionInfo: "session-name", + }, + }, + "role": { + arn: "arn:aws:iam::000000000000:role/my-role", + expArn: &ParsedArn{ + Partition: "aws", + AccountNumber: "000000000000", + Type: "role", + Path: "", + FriendlyName: "my-role", + SessionInfo: "", + }, + }, + "user": { + arn: "arn:aws:iam::000000000000:user/my-user", + expArn: &ParsedArn{ + Partition: "aws", + AccountNumber: "000000000000", + Type: "user", + Path: "", + FriendlyName: "my-user", + SessionInfo: "", + }, + }, + "role with path": { + arn: "arn:aws:iam::000000000000:role/path/my-role", + expArn: &ParsedArn{ + Partition: "aws", + AccountNumber: "000000000000", + Type: "role", + Path: "path", + FriendlyName: "my-role", + SessionInfo: "", + }, + }, + "role with path 2": { + arn: "arn:aws:iam::000000000000:role/path/to/my-role", + expArn: &ParsedArn{ + Partition: "aws", + AccountNumber: "000000000000", + Type: "role", + Path: "path/to", + FriendlyName: "my-role", + SessionInfo: "", + }, + }, + "role with path 3": { + arn: "arn:aws:iam::000000000000:role/some/path/to/my-role", + expArn: &ParsedArn{ + Partition: "aws", + AccountNumber: "000000000000", + Type: "role", + Path: "some/path/to", + FriendlyName: "my-role", + SessionInfo: "", + }, + }, + "user with path": { + arn: "arn:aws:iam::000000000000:user/path/my-user", + expArn: &ParsedArn{ + Partition: "aws", + AccountNumber: "000000000000", + Type: "user", + Path: "path", + FriendlyName: "my-user", + SessionInfo: "", + }, + }, + + // Invalid cases + "empty string": {arn: ""}, + "wildcard": {arn: "*"}, + "missing prefix": {arn: ":aws:sts::000000000000:assumed-role/my-role/session-name"}, + "missing partition": {arn: "arn::sts::000000000000:assumed-role/my-role/session-name"}, + "missing service": {arn: "arn:aws:::000000000000:assumed-role/my-role/session-name"}, + "missing separator": {arn: "arn:aws:sts:000000000000:assumed-role/my-role/session-name"}, + "missing account id": {arn: "arn:aws:sts:::assumed-role/my-role/session-name"}, + "missing resource": {arn: "arn:aws:sts::000000000000:"}, + "assumed-role missing parts": {arn: "arn:aws:sts::000000000000:assumed-role/my-role"}, + "role missing parts": {arn: "arn:aws:sts::000000000000:role"}, + "role missing parts 2": {arn: "arn:aws:sts::000000000000:role/"}, + "user missing parts": {arn: "arn:aws:sts::000000000000:user"}, + "user missing parts 2": {arn: "arn:aws:sts::000000000000:user/"}, + "unsupported service": {arn: "arn:aws:ecs:us-east-1:000000000000:task/my-task/00000000000000000000000000000000"}, + } + + for name, c := range cases { + t.Run(name, func(t *testing.T) { + parsed, err := ParseArn(c.arn) + if c.expArn != nil { + require.NoError(t, err) + require.Equal(t, c.expArn, parsed) + } else { + require.Error(t, err) + require.Nil(t, parsed) + } + }) + } +} + +func TestCanonicalArn(t *testing.T) { + cases := map[string]struct { + arn string + expArn string + }{ + "assumed-role arn": { + arn: "arn:aws:sts::000000000000:assumed-role/my-role/session-name", + expArn: "arn:aws:iam::000000000000:role/my-role", + }, + "role arn": { + arn: "arn:aws:iam::000000000000:role/my-role", + expArn: "arn:aws:iam::000000000000:role/my-role", + }, + "role arn with path": { + arn: "arn:aws:iam::000000000000:role/path/to/my-role", + expArn: "arn:aws:iam::000000000000:role/my-role", + }, + "user arn": { + arn: "arn:aws:iam::000000000000:user/my-user", + expArn: "arn:aws:iam::000000000000:user/my-user", + }, + "user arn with path": { + arn: "arn:aws:iam::000000000000:user/path/to/my-user", + expArn: "arn:aws:iam::000000000000:user/my-user", + }, + } + + for name, c := range cases { + t.Run(name, func(t *testing.T) { + parsed, err := ParseArn(c.arn) + require.NoError(t, err) + require.Equal(t, c.expArn, parsed.CanonicalArn()) + }) + } +} diff --git a/internal/iamauth/responsestest/testing.go b/internal/iamauth/responsestest/testing.go new file mode 100644 index 000000000..683308677 --- /dev/null +++ b/internal/iamauth/responsestest/testing.go @@ -0,0 +1,81 @@ +package responsestest + +import ( + "strings" + + "github.com/hashicorp/consul/internal/iamauth/responses" +) + +func MakeGetCallerIdentityResponse(arn, userId, accountId string) responses.GetCallerIdentityResponse { + // Sanity check the UserId for unit tests. + parsed := parseArn(arn) + switch parsed.Type { + case "assumed-role": + if !strings.Contains(userId, ":") { + panic("UserId for assumed-role in GetCallerIdentity response must be ':'") + } + default: + if strings.Contains(userId, ":") { + panic("UserId in GetCallerIdentity must not contain ':'") + } + } + + return responses.GetCallerIdentityResponse{ + GetCallerIdentityResult: []responses.GetCallerIdentityResult{ + { + Arn: arn, + UserId: userId, + Account: accountId, + }, + }, + } +} + +func MakeGetRoleResponse(arn, id string, tags ...responses.Tag) responses.GetRoleResponse { + if strings.Contains(id, ":") { + panic("RoleId in GetRole response must not contain ':'") + } + parsed := parseArn(arn) + return responses.GetRoleResponse{ + GetRoleResult: []responses.GetRoleResult{ + { + Role: responses.Role{ + Arn: arn, + Path: parsed.Path, + RoleId: id, + RoleName: parsed.FriendlyName, + Tags: tags, + }, + }, + }, + } +} + +func MakeGetUserResponse(arn, id string, tags ...responses.Tag) responses.GetUserResponse { + if strings.Contains(id, ":") { + panic("UserId in GetUser resposne must not contain ':'") + } + parsed := parseArn(arn) + return responses.GetUserResponse{ + GetUserResult: []responses.GetUserResult{ + { + User: responses.User{ + Arn: arn, + Path: parsed.Path, + UserId: id, + UserName: parsed.FriendlyName, + Tags: tags, + }, + }, + }, + } +} + +func parseArn(arn string) *responses.ParsedArn { + parsed, err := responses.ParseArn(arn) + if err != nil { + // For testing, just fail immediately. + panic(err) + } + return parsed +} diff --git a/internal/iamauth/token.go b/internal/iamauth/token.go new file mode 100644 index 000000000..91994b510 --- /dev/null +++ b/internal/iamauth/token.go @@ -0,0 +1,343 @@ +package iamauth + +import ( + "encoding/base64" + "encoding/json" + "fmt" + "net/http" + "net/textproto" + "net/url" + "strings" + + "github.com/hashicorp/consul/lib/stringslice" +) + +const ( + amzHeaderPrefix = "X-Amz-" + defaultIAMEndpoint = "https://iam.amazonaws.com" + defaultSTSEndpoint = "https://sts.amazonaws.com" +) + +var defaultAllowedSTSRequestHeaders = []string{ + "X-Amz-Algorithm", + "X-Amz-Content-Sha256", + "X-Amz-Credential", + "X-Amz-Date", + "X-Amz-Security-Token", + "X-Amz-Signature", + "X-Amz-SignedHeaders", +} + +// BearerToken is a login "token" for an IAM auth method. It is a signed +// sts:GetCallerIdentity request in JSON format. Optionally, it can include a +// signed embedded iam:GetRole or iam:GetUser request in the headers. +type BearerToken struct { + config *Config + + getCallerIdentityMethod string + getCallerIdentityURL string + getCallerIdentityHeader http.Header + getCallerIdentityBody string + + getIAMEntityMethod string + getIAMEntityURL string + getIAMEntityHeader http.Header + getIAMEntityBody string + + entityRequestType string + parsedCallerIdentityURL *url.URL + parsedIAMEntityURL *url.URL +} + +var _ json.Unmarshaler = (*BearerToken)(nil) + +func NewBearerToken(loginToken string, config *Config) (*BearerToken, error) { + token := &BearerToken{config: config} + if err := json.Unmarshal([]byte(loginToken), &token); err != nil { + return nil, fmt.Errorf("invalid token: %s", err) + } + + if err := token.validate(); err != nil { + return nil, err + } + + if config.EnableIAMEntityDetails { + method, err := token.getHeader(token.config.GetEntityMethodHeader) + if err != nil { + return nil, err + } + + rawUrl, err := token.getHeader(token.config.GetEntityURLHeader) + if err != nil { + return nil, err + } + + headerJson, err := token.getHeader(token.config.GetEntityHeadersHeader) + if err != nil { + return nil, err + } + + var header http.Header + if err := json.Unmarshal([]byte(headerJson), &header); err != nil { + return nil, err + } + + body, err := token.getHeader(token.config.GetEntityBodyHeader) + if err != nil { + return nil, err + } + + parsedUrl, err := parseUrl(rawUrl) + if err != nil { + return nil, err + } + + token.getIAMEntityMethod = method + token.getIAMEntityBody = body + token.getIAMEntityURL = rawUrl + token.getIAMEntityHeader = header + token.parsedIAMEntityURL = parsedUrl + + reqType, err := token.validateIAMEntityBody() + if err != nil { + return nil, err + } + token.entityRequestType = reqType + } + return token, nil +} + +// https://github.com/hashicorp/vault/blob/b17e3256dde937a6248c9a2fa56206aac93d07de/builtin/credential/aws/path_login.go#L1178 +func (t *BearerToken) validate() error { + if t.getCallerIdentityMethod != "POST" { + return fmt.Errorf("iam_http_request_method must be POST") + } + if err := t.validateGetCallerIdentityBody(); err != nil { + return err + } + if err := t.validateAllowedSTSHeaderValues(); err != nil { + return err + } + return nil +} + +// https://github.com/hashicorp/vault/blob/b17e3256dde937a6248c9a2fa56206aac93d07de/builtin/credential/aws/path_login.go#L1439 +func (t *BearerToken) validateGetCallerIdentityBody() error { + allowedValues := url.Values{ + "Action": []string{"GetCallerIdentity"}, + // Will assume for now that future versions don't change + // the semantics + "Version": nil, // any value is allowed + } + if _, err := parseRequestBody(t.getCallerIdentityBody, allowedValues); err != nil { + return fmt.Errorf("iam_request_body error: %s", err) + } + + return nil +} + +func (t *BearerToken) validateIAMEntityBody() (string, error) { + allowedValues := url.Values{ + "Action": []string{"GetRole", "GetUser"}, + "RoleName": nil, // any value is allowed + "UserName": nil, + "Version": nil, + } + body, err := parseRequestBody(t.getIAMEntityBody, allowedValues) + if err != nil { + return "", fmt.Errorf("iam_request_headers[%s] error: %s", t.config.GetEntityBodyHeader, err) + } + + // Disallow GetRole+UserName and GetUser+RoleName. + action := body["Action"][0] + _, hasRoleName := body["RoleName"] + _, hasUserName := body["UserName"] + if action == "GetUser" && hasUserName && !hasRoleName { + return action, nil + } else if action == "GetRole" && hasRoleName && !hasUserName { + return action, nil + } + return "", fmt.Errorf("iam_request_headers[%q] error: invalid request body %q", t.config.GetEntityBodyHeader, t.getIAMEntityBody) +} + +// parseRequestBody parses the AWS STS or IAM request body, such as 'Action=GetRole&RoleName=my-role'. +// It returns the parsed values, or an error if there are unexpected fields based on allowedValues. +// +// A key-value pair in the body is allowed if: +// - It is a single value (i.e. no bodies like 'Action=1&Action=2') +// - allowedValues[key] is an empty slice or nil (any value is allowed for the key) +// - allowedValues[key] is non-empty and contains the exact value +// This always requires an 'Action' field is present and non-empty. +func parseRequestBody(body string, allowedValues url.Values) (url.Values, error) { + qs, err := url.ParseQuery(body) + if err != nil { + return nil, err + } + + // Action field is always required. + if _, ok := qs["Action"]; !ok || len(qs["Action"]) == 0 || qs["Action"][0] == "" { + return nil, fmt.Errorf(`missing field "Action"`) + } + + // Ensure the body does not have extra fields and each + // field in the body matches the allowed values. + for k, v := range qs { + exp, ok := allowedValues[k] + if k != "Action" && !ok { + return nil, fmt.Errorf("unexpected field %q", k) + } + + if len(exp) == 0 { + // empty indicates any value is okay + continue + } else if len(v) != 1 || !stringslice.Contains(exp, v[0]) { + return nil, fmt.Errorf("unexpected value %s=%v", k, v) + } + } + + return qs, nil +} + +// https://github.com/hashicorp/vault/blob/861454e0ed1390d67ddaf1a53c1798e5e291728c/builtin/credential/aws/path_config_client.go#L349 +func (t *BearerToken) validateAllowedSTSHeaderValues() error { + for k := range t.getCallerIdentityHeader { + h := textproto.CanonicalMIMEHeaderKey(k) + if strings.HasPrefix(h, amzHeaderPrefix) && + !stringslice.Contains(defaultAllowedSTSRequestHeaders, h) && + !stringslice.Contains(t.config.AllowedSTSHeaderValues, h) { + return fmt.Errorf("invalid request header: %s", h) + } + } + return nil +} + +// UnmarshalJSON unmarshals the bearer token details which contains an HTTP +// request (a signed sts:GetCallerIdentity request). +func (t *BearerToken) UnmarshalJSON(data []byte) error { + var rawData struct { + Method string `json:"iam_http_request_method"` + UrlBase64 string `json:"iam_request_url"` + HeadersBase64 string `json:"iam_request_headers"` + BodyBase64 string `json:"iam_request_body"` + } + + if err := json.Unmarshal(data, &rawData); err != nil { + return err + } + + rawUrl, err := base64.StdEncoding.DecodeString(rawData.UrlBase64) + if err != nil { + return err + } + + headersJson, err := base64.StdEncoding.DecodeString(rawData.HeadersBase64) + if err != nil { + return err + } + + var headers http.Header + // This is a JSON-string in JSON + if err := json.Unmarshal(headersJson, &headers); err != nil { + return err + } + + body, err := base64.StdEncoding.DecodeString(rawData.BodyBase64) + if err != nil { + return err + } + + t.getCallerIdentityMethod = rawData.Method + t.getCallerIdentityBody = string(body) + t.getCallerIdentityHeader = headers + t.getCallerIdentityURL = string(rawUrl) + + parsedUrl, err := parseUrl(t.getCallerIdentityURL) + if err != nil { + return err + } + t.parsedCallerIdentityURL = parsedUrl + return nil +} + +func parseUrl(s string) (*url.URL, error) { + u, err := url.Parse(s) + if err != nil { + return nil, err + } + // url.Parse doesn't error on empty string + if u == nil || u.Scheme == "" || u.Host == "" || u.Path == "" { + return nil, fmt.Errorf("url is invalid: %q", s) + } + return u, nil +} + +// GetCallerIdentityRequest returns the sts:GetCallerIdentity request decoded +// from the bearer token. +func (t *BearerToken) GetCallerIdentityRequest() (*http.Request, error) { + // NOTE: We need to ensure we're calling STS, instead of acting as an unintended network proxy + // The protection against this is that this method will only call the endpoint specified in the + // client config (defaulting to sts.amazonaws.com), so it would require an admin to override + // the endpoint to talk to alternate web addresses + endpoint := defaultSTSEndpoint + if t.config.STSEndpoint != "" { + endpoint = t.config.STSEndpoint + } + + return buildHttpRequest( + t.getCallerIdentityMethod, + endpoint, + t.parsedCallerIdentityURL, + t.getCallerIdentityBody, + t.getCallerIdentityHeader, + ) +} + +// GetEntityRequest returns the iam:GetUser or iam:GetRole request from the request details, +// if present, embedded in the headers of the sts:GetCallerIdentity request. +func (t *BearerToken) GetEntityRequest() (*http.Request, error) { + endpoint := defaultIAMEndpoint + if t.config.IAMEndpoint != "" { + endpoint = t.config.IAMEndpoint + } + + return buildHttpRequest( + t.getIAMEntityMethod, + endpoint, + t.parsedIAMEntityURL, + t.getIAMEntityBody, + t.getIAMEntityHeader, + ) +} + +// getHeader returns the header from s.GetCallerIdentityHeader, or an error if +// the header is not found or is not a single value. +func (t *BearerToken) getHeader(name string) (string, error) { + values := t.getCallerIdentityHeader.Values(name) + if len(values) == 0 { + return "", fmt.Errorf("missing header %q", name) + } + if len(values) != 1 { + return "", fmt.Errorf("invalid value for header %q (expected 1 item)", name) + } + return values[0], nil +} + +// buildHttpRequest returns an HTTP request from the given details. +// This supports sending to a custom endpoint, but always preserves the +// Host header and URI path, which are signed and cannot be modified. +// There's a deeper explanation of this in the Vault source code. +// https://github.com/hashicorp/vault/blob/b17e3256dde937a6248c9a2fa56206aac93d07de/builtin/credential/aws/path_login.go#L1569 +func buildHttpRequest(method, endpoint string, parsedUrl *url.URL, body string, headers http.Header) (*http.Request, error) { + targetUrl := fmt.Sprintf("%s%s", endpoint, parsedUrl.RequestURI()) + request, err := http.NewRequest(method, targetUrl, strings.NewReader(body)) + if err != nil { + return nil, err + } + request.Host = parsedUrl.Host + for k, vals := range headers { + for _, val := range vals { + request.Header.Add(k, val) + } + } + return request, nil +} diff --git a/internal/iamauth/token_test.go b/internal/iamauth/token_test.go new file mode 100644 index 000000000..4de7ba715 --- /dev/null +++ b/internal/iamauth/token_test.go @@ -0,0 +1,364 @@ +package iamauth + +import ( + "net/http" + "net/url" + "testing" + + "github.com/stretchr/testify/require" +) + +func TestNewBearerToken(t *testing.T) { + cases := map[string]struct { + tokenStr string + config Config + expToken BearerToken + expError string + }{ + "valid token": { + tokenStr: validBearerTokenJson, + expToken: validBearerTokenParsed, + }, + "valid token with role": { + tokenStr: validBearerTokenWithRoleJson, + config: Config{ + EnableIAMEntityDetails: true, + GetEntityMethodHeader: "X-Consul-IAM-GetEntity-Method", + GetEntityURLHeader: "X-Consul-IAM-GetEntity-URL", + GetEntityHeadersHeader: "X-Consul-IAM-GetEntity-Headers", + GetEntityBodyHeader: "X-Consul-IAM-GetEntity-Body", + }, + expToken: validBearerTokenWithRoleParsed, + }, + + "empty json": { + tokenStr: `{}`, + expError: "unexpected end of JSON input", + }, + "missing iam_request_method field": { + tokenStr: tokenJsonMissingMethodField, + expError: "iam_http_request_method must be POST", + }, + "missing iam_request_url field": { + tokenStr: tokenJsonMissingUrlField, + expError: "url is invalid", + }, + "missing iam_request_headers field": { + tokenStr: tokenJsonMissingHeadersField, + expError: "unexpected end of JSON input", + }, + "missing iam_request_body field": { + tokenStr: tokenJsonMissingBodyField, + expError: "iam_request_body error", + }, + "invalid json": { + tokenStr: `{`, + expError: "unexpected end of JSON input", + }, + } + for name, c := range cases { + t.Run(name, func(t *testing.T) { + token, err := NewBearerToken(c.tokenStr, &c.config) + t.Logf("token = %+v", token) + if c.expError != "" { + require.Error(t, err) + require.Contains(t, err.Error(), c.expError) + require.Nil(t, token) + } else { + require.NoError(t, err) + c.expToken.config = &c.config + require.Equal(t, &c.expToken, token) + } + }) + } +} + +func TestParseRequestBody(t *testing.T) { + cases := map[string]struct { + body string + allowedValues url.Values + expValues url.Values + expError string + }{ + "one allowed field": { + body: "Action=GetCallerIdentity&Version=1234", + allowedValues: url.Values{"Version": []string{"1234"}}, + expValues: url.Values{ + "Action": []string{"GetCallerIdentity"}, + "Version": []string{"1234"}, + }, + }, + "many allowed fields": { + body: "Action=GetRole&RoleName=my-role&Version=1234", + allowedValues: url.Values{ + "Action": []string{"GetUser", "GetRole"}, + "UserName": nil, + "RoleName": nil, + "Version": nil, + }, + expValues: url.Values{ + "Action": []string{"GetRole"}, + "RoleName": []string{"my-role"}, + "Version": []string{"1234"}, + }, + }, + "action only": { + body: "Action=GetRole", + allowedValues: nil, + expValues: url.Values{"Action": []string{"GetRole"}}, + }, + + "empty body": { + expValues: url.Values{}, + expError: `missing field "Action"`, + }, + "disallowed field": { + body: "Action=GetRole&Version=1234&Extra=Abc", + allowedValues: url.Values{"Action": nil, "Version": nil}, + expError: `unexpected field "Extra"`, + }, + "mismatched action": { + body: "Action=GetRole", + allowedValues: url.Values{"Action": []string{"GetUser"}}, + expError: `unexpected value Action=[GetRole]`, + }, + "mismatched field": { + body: "Action=GetRole&Extra=1234", + allowedValues: url.Values{"Action": nil, "Extra": []string{"abc"}}, + expError: `unexpected value Extra=[1234]`, + }, + "multi-valued field": { + body: "Action=GetRole&Action=GetUser", + allowedValues: url.Values{"Action": []string{"GetRole", "GetUser"}}, + // only one value is allowed. + expError: `unexpected value Action=[GetRole GetUser]`, + }, + "empty action": { + body: "Action=", + allowedValues: nil, + expError: `missing field "Action"`, + }, + "missing action": { + body: "Version=1234", + allowedValues: url.Values{"Action": []string{"GetRole"}}, + expError: `missing field "Action"`, + }, + } + for name, c := range cases { + t.Run(name, func(t *testing.T) { + values, err := parseRequestBody(c.body, c.allowedValues) + if c.expError != "" { + require.Error(t, err) + require.Contains(t, err.Error(), c.expError) + require.Nil(t, values) + } else { + require.NoError(t, err) + require.Equal(t, c.expValues, values) + } + }) + } +} + +func TestValidateGetCallerIdentityBody(t *testing.T) { + cases := map[string]struct { + body string + expError string + }{ + "valid": {"Action=GetCallerIdentity&Version=1234", ""}, + "valid 2": {"Action=GetCallerIdentity", ""}, + "empty action": { + "Action=", + `iam_request_body error: missing field "Action"`, + }, + "invalid action": { + "Action=GetRole", + `iam_request_body error: unexpected value Action=[GetRole]`, + }, + "missing action": { + "Version=1234", + `iam_request_body error: missing field "Action"`, + }, + "empty": { + "", + `iam_request_body error: missing field "Action"`, + }, + } + for name, c := range cases { + t.Run(name, func(t *testing.T) { + token := &BearerToken{getCallerIdentityBody: c.body} + err := token.validateGetCallerIdentityBody() + if c.expError != "" { + require.Error(t, err) + require.Contains(t, err.Error(), c.expError) + } else { + require.NoError(t, err) + } + }) + } +} + +func TestValidateIAMEntityBody(t *testing.T) { + cases := map[string]struct { + body string + expReqType string + expError string + }{ + "valid role": { + body: "Action=GetRole&RoleName=my-role&Version=1234", + expReqType: "GetRole", + }, + "valid role without version": { + body: "Action=GetRole&RoleName=my-role", + expReqType: "GetRole", + }, + "valid user": { + body: "Action=GetUser&UserName=my-role&Version=1234", + expReqType: "GetUser", + }, + "valid user without version": { + body: "Action=GetUser&UserName=my-role", + expReqType: "GetUser", + }, + + "invalid action": { + body: "Action=GetCallerIdentity", + expError: `unexpected value Action=[GetCallerIdentity]`, + }, + "role missing action": { + body: "RoleName=my-role&Version=1234", + expError: `missing field "Action"`, + }, + "user missing action": { + body: "UserName=my-role&Version=1234", + expError: `missing field "Action"`, + }, + "empty": { + body: "", + expError: `missing field "Action"`, + }, + "empty action": { + body: "Action=", + expError: `missing field "Action"`, + }, + "role with user name": { + body: "Action=GetRole&UserName=my-role&Version=1234", + expError: `invalid request body`, + }, + "user with role name": { + body: "Action=GetUser&RoleName=my-role&Version=1234", + expError: `invalid request body`, + }, + } + for name, c := range cases { + t.Run(name, func(t *testing.T) { + token := &BearerToken{ + config: &Config{}, + getIAMEntityBody: c.body, + } + reqType, err := token.validateIAMEntityBody() + if c.expError != "" { + require.Error(t, err) + require.Contains(t, err.Error(), c.expError) + require.Equal(t, "", reqType) + } else { + require.NoError(t, err) + require.Equal(t, c.expReqType, reqType) + } + }) + } +} + +var ( + validBearerTokenJson = `{ + "iam_http_request_method":"POST", + "iam_request_body":"QWN0aW9uPUdldENhbGxlcklkZW50aXR5JlZlcnNpb249MjAxMS0wNi0xNQ==", + "iam_request_headers":"eyJBdXRob3JpemF0aW9uIjpbIkFXUzQtSE1BQy1TSEEyNTYgQ3JlZGVudGlhbD1mYWtlLzIwMjIwMzIyL3VzLWVhc3QtMS9zdHMvYXdzNF9yZXF1ZXN0LCBTaWduZWRIZWFkZXJzPWNvbnRlbnQtbGVuZ3RoO2NvbnRlbnQtdHlwZTtob3N0O3gtYW16LWRhdGU7eC1hbXotc2VjdXJpdHktdG9rZW4sIFNpZ25hdHVyZT1lZmMzMjBiOTcyZDA3YjM4YjY1ZWIyNDI1NjgwNWUwMzE0OWRhNTg2ZDgwNGY4YzYzNjRjZTk4ZGViZTA4MGIxIl0sIkNvbnRlbnQtTGVuZ3RoIjpbIjQzIl0sIkNvbnRlbnQtVHlwZSI6WyJhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQ7IGNoYXJzZXQ9dXRmLTgiXSwiVXNlci1BZ2VudCI6WyJhd3Mtc2RrLWdvLzEuNDIuMzQgKGdvMS4xNy41OyBkYXJ3aW47IGFtZDY0KSJdLCJYLUFtei1EYXRlIjpbIjIwMjIwMzIyVDIxMTEwM1oiXSwiWC1BbXotU2VjdXJpdHktVG9rZW4iOlsiZmFrZSJdfQ==", + "iam_request_url":"aHR0cHM6Ly9zdHMuYW1hem9uYXdzLmNvbS8=" +}` + + validBearerTokenParsed = BearerToken{ + getCallerIdentityMethod: "POST", + getCallerIdentityURL: "https://sts.amazonaws.com/", + getCallerIdentityHeader: http.Header{ + "Authorization": []string{"AWS4-HMAC-SHA256 Credential=fake/20220322/us-east-1/sts/aws4_request, SignedHeaders=content-length;content-type;host;x-amz-date;x-amz-security-token, Signature=efc320b972d07b38b65eb24256805e03149da586d804f8c6364ce98debe080b1"}, + "Content-Length": []string{"43"}, + "Content-Type": []string{"application/x-www-form-urlencoded; charset=utf-8"}, + "User-Agent": []string{"aws-sdk-go/1.42.34 (go1.17.5; darwin; amd64)"}, + "X-Amz-Date": []string{"20220322T211103Z"}, + "X-Amz-Security-Token": []string{"fake"}, + }, + getCallerIdentityBody: "Action=GetCallerIdentity&Version=2011-06-15", + parsedCallerIdentityURL: &url.URL{ + Scheme: "https", + Host: "sts.amazonaws.com", + Path: "/", + }, + } + + validBearerTokenWithRoleJson = `{"iam_http_request_method":"POST","iam_request_body":"QWN0aW9uPUdldENhbGxlcklkZW50aXR5JlZlcnNpb249MjAxMS0wNi0xNQ==","iam_request_headers":"eyJBdXRob3JpemF0aW9uIjpbIkFXUzQtSE1BQy1TSEEyNTYgQ3JlZGVudGlhbD1mYWtlLWtleS1pZC8yMDIyMDMyMi9mYWtlLXJlZ2lvbi9zdHMvYXdzNF9yZXF1ZXN0LCBTaWduZWRIZWFkZXJzPWNvbnRlbnQtbGVuZ3RoO2NvbnRlbnQtdHlwZTtob3N0O3gtYW16LWRhdGU7eC1jb25zdWwtaWFtLWdldGVudGl0eS1ib2R5O3gtY29uc3VsLWlhbS1nZXRlbnRpdHktaGVhZGVyczt4LWNvbnN1bC1pYW0tZ2V0ZW50aXR5LW1ldGhvZDt4LWNvbnN1bC1pYW0tZ2V0ZW50aXR5LXVybCwgU2lnbmF0dXJlPTU2MWFjMzFiNWFkMDFjMTI0YzU0YzE2OGY3NmVhNmJmZDY0NWI4ZWM1MzQ1ZjgzNTc3MjljOWFhMGI0NzEzMzciXSwiQ29udGVudC1MZW5ndGgiOlsiNDMiXSwiQ29udGVudC1UeXBlIjpbImFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZDsgY2hhcnNldD11dGYtOCJdLCJVc2VyLUFnZW50IjpbImF3cy1zZGstZ28vMS40Mi4zNCAoZ28xLjE3LjU7IGRhcndpbjsgYW1kNjQpIl0sIlgtQW16LURhdGUiOlsiMjAyMjAzMjJUMjI1NzQyWiJdLCJYLUNvbnN1bC1JYW0tR2V0ZW50aXR5LUJvZHkiOlsiQWN0aW9uPUdldFJvbGVcdTAwMjZSb2xlTmFtZT1teS1yb2xlXHUwMDI2VmVyc2lvbj0yMDEwLTA1LTA4Il0sIlgtQ29uc3VsLUlhbS1HZXRlbnRpdHktSGVhZGVycyI6WyJ7XCJBdXRob3JpemF0aW9uXCI6W1wiQVdTNC1ITUFDLVNIQTI1NiBDcmVkZW50aWFsPWZha2Uta2V5LWlkLzIwMjIwMzIyL3VzLWVhc3QtMS9pYW0vYXdzNF9yZXF1ZXN0LCBTaWduZWRIZWFkZXJzPWNvbnRlbnQtbGVuZ3RoO2NvbnRlbnQtdHlwZTtob3N0O3gtYW16LWRhdGUsIFNpZ25hdHVyZT1hYTJhMTlkMGEzMDVkNzRiYmQwMDk3NzZiY2E4ODBlNTNjZmE5OTFlNDgzZTQwMzk0NzE4MWE0MWNjNDgyOTQwXCJdLFwiQ29udGVudC1MZW5ndGhcIjpbXCI1MFwiXSxcIkNvbnRlbnQtVHlwZVwiOltcImFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZDsgY2hhcnNldD11dGYtOFwiXSxcIlVzZXItQWdlbnRcIjpbXCJhd3Mtc2RrLWdvLzEuNDIuMzQgKGdvMS4xNy41OyBkYXJ3aW47IGFtZDY0KVwiXSxcIlgtQW16LURhdGVcIjpbXCIyMDIyMDMyMlQyMjU3NDJaXCJdfSJdLCJYLUNvbnN1bC1JYW0tR2V0ZW50aXR5LU1ldGhvZCI6WyJQT1NUIl0sIlgtQ29uc3VsLUlhbS1HZXRlbnRpdHktVXJsIjpbImh0dHBzOi8vaWFtLmFtYXpvbmF3cy5jb20vIl19","iam_request_url":"aHR0cDovLzEyNy4wLjAuMTo2MzY5Ni9zdHMv"}` + + validBearerTokenWithRoleParsed = BearerToken{ + getCallerIdentityMethod: "POST", + getCallerIdentityURL: "http://127.0.0.1:63696/sts/", + getCallerIdentityHeader: http.Header{ + "Authorization": []string{"AWS4-HMAC-SHA256 Credential=fake-key-id/20220322/fake-region/sts/aws4_request, SignedHeaders=content-length;content-type;host;x-amz-date;x-consul-iam-getentity-body;x-consul-iam-getentity-headers;x-consul-iam-getentity-method;x-consul-iam-getentity-url, Signature=561ac31b5ad01c124c54c168f76ea6bfd645b8ec5345f8357729c9aa0b471337"}, + "Content-Length": []string{"43"}, + "Content-Type": []string{"application/x-www-form-urlencoded; charset=utf-8"}, + "User-Agent": []string{"aws-sdk-go/1.42.34 (go1.17.5; darwin; amd64)"}, + "X-Amz-Date": []string{"20220322T225742Z"}, + "X-Consul-Iam-Getentity-Body": []string{"Action=GetRole&RoleName=my-role&Version=2010-05-08"}, + "X-Consul-Iam-Getentity-Headers": []string{`{"Authorization":["AWS4-HMAC-SHA256 Credential=fake-key-id/20220322/us-east-1/iam/aws4_request, SignedHeaders=content-length;content-type;host;x-amz-date, Signature=aa2a19d0a305d74bbd009776bca880e53cfa991e483e403947181a41cc482940"],"Content-Length":["50"],"Content-Type":["application/x-www-form-urlencoded; charset=utf-8"],"User-Agent":["aws-sdk-go/1.42.34 (go1.17.5; darwin; amd64)"],"X-Amz-Date":["20220322T225742Z"]}`}, + "X-Consul-Iam-Getentity-Method": []string{"POST"}, + "X-Consul-Iam-Getentity-Url": []string{"https://iam.amazonaws.com/"}, + }, + getCallerIdentityBody: "Action=GetCallerIdentity&Version=2011-06-15", + + // Fields parsed from headers above + getIAMEntityMethod: "POST", + getIAMEntityURL: "https://iam.amazonaws.com/", + getIAMEntityHeader: http.Header{ + "Authorization": []string{"AWS4-HMAC-SHA256 Credential=fake-key-id/20220322/us-east-1/iam/aws4_request, SignedHeaders=content-length;content-type;host;x-amz-date, Signature=aa2a19d0a305d74bbd009776bca880e53cfa991e483e403947181a41cc482940"}, + "Content-Length": []string{"50"}, + "Content-Type": []string{"application/x-www-form-urlencoded; charset=utf-8"}, + "User-Agent": []string{"aws-sdk-go/1.42.34 (go1.17.5; darwin; amd64)"}, + "X-Amz-Date": []string{"20220322T225742Z"}, + }, + getIAMEntityBody: "Action=GetRole&RoleName=my-role&Version=2010-05-08", + entityRequestType: "GetRole", + + parsedCallerIdentityURL: &url.URL{ + Scheme: "http", + Host: "127.0.0.1:63696", + Path: "/sts/", + }, + parsedIAMEntityURL: &url.URL{ + Scheme: "https", + Host: "iam.amazonaws.com", + Path: "/", + }, + } + + tokenJsonMissingMethodField = `{ + "iam_request_body":"QWN0aW9uPUdldENhbGxlcklkZW50aXR5JlZlcnNpb249MjAxMS0wNi0xNQ==", + "iam_request_headers":"eyJBdXRob3JpemF0aW9uIjpbIkFXUzQtSE1BQy1TSEEyNTYgQ3JlZGVudGlhbD1mYWtlLzIwMjIwMzIyL3VzLWVhc3QtMS9zdHMvYXdzNF9yZXF1ZXN0LCBTaWduZWRIZWFkZXJzPWNvbnRlbnQtbGVuZ3RoO2NvbnRlbnQtdHlwZTtob3N0O3gtYW16LWRhdGU7eC1hbXotc2VjdXJpdHktdG9rZW4sIFNpZ25hdHVyZT1lZmMzMjBiOTcyZDA3YjM4YjY1ZWIyNDI1NjgwNWUwMzE0OWRhNTg2ZDgwNGY4YzYzNjRjZTk4ZGViZTA4MGIxIl0sIkNvbnRlbnQtTGVuZ3RoIjpbIjQzIl0sIkNvbnRlbnQtVHlwZSI6WyJhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQ7IGNoYXJzZXQ9dXRmLTgiXSwiVXNlci1BZ2VudCI6WyJhd3Mtc2RrLWdvLzEuNDIuMzQgKGdvMS4xNy41OyBkYXJ3aW47IGFtZDY0KSJdLCJYLUFtei1EYXRlIjpbIjIwMjIwMzIyVDIxMTEwM1oiXSwiWC1BbXotU2VjdXJpdHktVG9rZW4iOlsiZmFrZSJdfQ==", + "iam_request_url":"aHR0cHM6Ly9zdHMuYW1hem9uYXdzLmNvbS8=" +}` + + tokenJsonMissingBodyField = `{ + "iam_http_request_method":"POST", + "iam_request_headers":"eyJBdXRob3JpemF0aW9uIjpbIkFXUzQtSE1BQy1TSEEyNTYgQ3JlZGVudGlhbD1mYWtlLzIwMjIwMzIyL3VzLWVhc3QtMS9zdHMvYXdzNF9yZXF1ZXN0LCBTaWduZWRIZWFkZXJzPWNvbnRlbnQtbGVuZ3RoO2NvbnRlbnQtdHlwZTtob3N0O3gtYW16LWRhdGU7eC1hbXotc2VjdXJpdHktdG9rZW4sIFNpZ25hdHVyZT1lZmMzMjBiOTcyZDA3YjM4YjY1ZWIyNDI1NjgwNWUwMzE0OWRhNTg2ZDgwNGY4YzYzNjRjZTk4ZGViZTA4MGIxIl0sIkNvbnRlbnQtTGVuZ3RoIjpbIjQzIl0sIkNvbnRlbnQtVHlwZSI6WyJhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQ7IGNoYXJzZXQ9dXRmLTgiXSwiVXNlci1BZ2VudCI6WyJhd3Mtc2RrLWdvLzEuNDIuMzQgKGdvMS4xNy41OyBkYXJ3aW47IGFtZDY0KSJdLCJYLUFtei1EYXRlIjpbIjIwMjIwMzIyVDIxMTEwM1oiXSwiWC1BbXotU2VjdXJpdHktVG9rZW4iOlsiZmFrZSJdfQ==", + "iam_request_url":"aHR0cHM6Ly9zdHMuYW1hem9uYXdzLmNvbS8=" +}` + + tokenJsonMissingHeadersField = `{ + "iam_http_request_method":"POST", + "iam_request_body":"QWN0aW9uPUdldENhbGxlcklkZW50aXR5JlZlcnNpb249MjAxMS0wNi0xNQ==", + "iam_request_url":"aHR0cHM6Ly9zdHMuYW1hem9uYXdzLmNvbS8=" +}` + + tokenJsonMissingUrlField = `{ + "iam_http_request_method":"POST", + "iam_request_body":"QWN0aW9uPUdldENhbGxlcklkZW50aXR5JlZlcnNpb249MjAxMS0wNi0xNQ==", + "iam_request_headers":"eyJBdXRob3JpemF0aW9uIjpbIkFXUzQtSE1BQy1TSEEyNTYgQ3JlZGVudGlhbD1mYWtlLzIwMjIwMzIyL3VzLWVhc3QtMS9zdHMvYXdzNF9yZXF1ZXN0LCBTaWduZWRIZWFkZXJzPWNvbnRlbnQtbGVuZ3RoO2NvbnRlbnQtdHlwZTtob3N0O3gtYW16LWRhdGU7eC1hbXotc2VjdXJpdHktdG9rZW4sIFNpZ25hdHVyZT1lZmMzMjBiOTcyZDA3YjM4YjY1ZWIyNDI1NjgwNWUwMzE0OWRhNTg2ZDgwNGY4YzYzNjRjZTk4ZGViZTA4MGIxIl0sIkNvbnRlbnQtTGVuZ3RoIjpbIjQzIl0sIkNvbnRlbnQtVHlwZSI6WyJhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQ7IGNoYXJzZXQ9dXRmLTgiXSwiVXNlci1BZ2VudCI6WyJhd3Mtc2RrLWdvLzEuNDIuMzQgKGdvMS4xNy41OyBkYXJ3aW47IGFtZDY0KSJdLCJYLUFtei1EYXRlIjpbIjIwMjIwMzIyVDIxMTEwM1oiXSwiWC1BbXotU2VjdXJpdHktVG9rZW4iOlsiZmFrZSJdfQ==" +}` +) diff --git a/internal/iamauth/util.go b/internal/iamauth/util.go new file mode 100644 index 000000000..bfd5f22d7 --- /dev/null +++ b/internal/iamauth/util.go @@ -0,0 +1,158 @@ +package iamauth + +import ( + "encoding/base64" + "encoding/json" + "fmt" + "io/ioutil" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/credentials" + "github.com/aws/aws-sdk-go/aws/endpoints" + "github.com/aws/aws-sdk-go/aws/request" + "github.com/aws/aws-sdk-go/aws/session" + "github.com/aws/aws-sdk-go/service/iam" + "github.com/aws/aws-sdk-go/service/sts" + "github.com/hashicorp/consul/internal/iamauth/responses" + "github.com/hashicorp/go-hclog" +) + +type LoginInput struct { + Creds *credentials.Credentials + IncludeIAMEntity bool + STSEndpoint string + STSRegion string + + Logger hclog.Logger + + ServerIDHeaderValue string + // Customizable header names + ServerIDHeaderName string + GetEntityMethodHeader string + GetEntityURLHeader string + GetEntityHeadersHeader string + GetEntityBodyHeader string +} + +// GenerateLoginData populates the necessary data to send for the bearer token. +// https://github.com/hashicorp/go-secure-stdlib/blob/main/awsutil/generate_credentials.go#L232-L301 +func GenerateLoginData(in *LoginInput) (map[string]interface{}, error) { + cfg := aws.Config{ + Credentials: in.Creds, + Region: aws.String(in.STSRegion), + } + if in.STSEndpoint != "" { + cfg.Endpoint = aws.String(in.STSEndpoint) + } else { + cfg.EndpointResolver = endpoints.ResolverFunc(stsSigningResolver) + } + + stsSession, err := session.NewSessionWithOptions(session.Options{Config: cfg}) + if err != nil { + return nil, err + } + + svc := sts.New(stsSession) + stsRequest, _ := svc.GetCallerIdentityRequest(nil) + + // Include the iam:GetRole or iam:GetUser request in headers. + if in.IncludeIAMEntity { + entityRequest, err := formatSignedEntityRequest(svc, in) + if err != nil { + return nil, err + } + + headersJson, err := json.Marshal(entityRequest.HTTPRequest.Header) + if err != nil { + return nil, err + } + requestBody, err := ioutil.ReadAll(entityRequest.HTTPRequest.Body) + if err != nil { + return nil, err + } + + stsRequest.HTTPRequest.Header.Add(in.GetEntityMethodHeader, entityRequest.HTTPRequest.Method) + stsRequest.HTTPRequest.Header.Add(in.GetEntityURLHeader, entityRequest.HTTPRequest.URL.String()) + stsRequest.HTTPRequest.Header.Add(in.GetEntityHeadersHeader, string(headersJson)) + stsRequest.HTTPRequest.Header.Add(in.GetEntityBodyHeader, string(requestBody)) + } + + // Inject the required auth header value, if supplied, and then sign the request including that header + if in.ServerIDHeaderValue != "" { + stsRequest.HTTPRequest.Header.Add(in.ServerIDHeaderName, in.ServerIDHeaderValue) + } + + stsRequest.Sign() + + // Now extract out the relevant parts of the request + headersJson, err := json.Marshal(stsRequest.HTTPRequest.Header) + if err != nil { + return nil, err + } + requestBody, err := ioutil.ReadAll(stsRequest.HTTPRequest.Body) + if err != nil { + return nil, err + } + + return map[string]interface{}{ + "iam_http_request_method": stsRequest.HTTPRequest.Method, + "iam_request_url": base64.StdEncoding.EncodeToString([]byte(stsRequest.HTTPRequest.URL.String())), + "iam_request_headers": base64.StdEncoding.EncodeToString(headersJson), + "iam_request_body": base64.StdEncoding.EncodeToString(requestBody), + }, nil +} + +// STS is a really weird service that used to only have global endpoints but now has regional endpoints as well. +// For backwards compatibility, even if you request a region other than us-east-1, it'll still sign for us-east-1. +// See, e.g., https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#id_credentials_temp_enable-regions_writing_code +// So we have to shim in this EndpointResolver to force it to sign for the right region +func stsSigningResolver(service, region string, optFns ...func(*endpoints.Options)) (endpoints.ResolvedEndpoint, error) { + defaultEndpoint, err := endpoints.DefaultResolver().EndpointFor(service, region, optFns...) + if err != nil { + return defaultEndpoint, err + } + defaultEndpoint.SigningRegion = region + return defaultEndpoint, nil +} + +func formatSignedEntityRequest(svc *sts.STS, in *LoginInput) (*request.Request, error) { + // We need to retrieve the IAM user or role for the iam:GetRole or iam:GetUser request. + // GetCallerIdentity returns this and requires no permissions. + resp, err := svc.GetCallerIdentity(nil) + if err != nil { + return nil, err + } + + arn, err := responses.ParseArn(*resp.Arn) + if err != nil { + return nil, err + } + + iamSession, err := session.NewSessionWithOptions(session.Options{ + Config: aws.Config{ + Credentials: svc.Config.Credentials, + }, + }) + if err != nil { + return nil, err + } + iamSvc := iam.New(iamSession) + + var req *request.Request + switch arn.Type { + case "role", "assumed-role": + req, _ = iamSvc.GetRoleRequest(&iam.GetRoleInput{RoleName: &arn.FriendlyName}) + case "user": + req, _ = iamSvc.GetUserRequest(&iam.GetUserInput{UserName: &arn.FriendlyName}) + default: + return nil, fmt.Errorf("entity %s is not an IAM role or IAM user", arn.Type) + } + + // Inject the required auth header value, if supplied, and then sign the request including that header + if in.ServerIDHeaderValue != "" { + req.HTTPRequest.Header.Add(in.ServerIDHeaderName, in.ServerIDHeaderValue) + } + + req.Sign() + return req, nil +} diff --git a/lib/glob.go b/lib/glob.go new file mode 100644 index 000000000..969e3ab25 --- /dev/null +++ b/lib/glob.go @@ -0,0 +1,24 @@ +package lib + +import "strings" + +// GlobbedStringsMatch compares item to val with support for a leading and/or +// trailing wildcard '*' in item. +func GlobbedStringsMatch(item, val string) bool { + if len(item) < 2 { + return val == item + } + + hasPrefix := strings.HasPrefix(item, "*") + hasSuffix := strings.HasSuffix(item, "*") + + if hasPrefix && hasSuffix { + return strings.Contains(val, item[1:len(item)-1]) + } else if hasPrefix { + return strings.HasSuffix(val, item[1:]) + } else if hasSuffix { + return strings.HasPrefix(val, item[:len(item)-1]) + } + + return val == item +} diff --git a/lib/glob_test.go b/lib/glob_test.go new file mode 100644 index 000000000..6c29f5ef1 --- /dev/null +++ b/lib/glob_test.go @@ -0,0 +1,37 @@ +package lib + +import "testing" + +func TestGlobbedStringsMatch(t *testing.T) { + tests := []struct { + item string + val string + expect bool + }{ + {"", "", true}, + {"*", "*", true}, + {"**", "**", true}, + {"*t", "t", true}, + {"*t", "test", true}, + {"t*", "test", true}, + {"*test", "test", true}, + {"*test", "a test", true}, + {"test", "a test", false}, + {"*test", "tests", false}, + {"test*", "test", true}, + {"test*", "testsss", true}, + {"test**", "testsss", false}, + {"test**", "test*", true}, + {"**test", "*test", true}, + {"TEST", "test", false}, + {"test", "test", true}, + } + + for _, tt := range tests { + actual := GlobbedStringsMatch(tt.item, tt.val) + + if actual != tt.expect { + t.Fatalf("Bad testcase %#v, expected %t, got %t", tt, tt.expect, actual) + } + } +} From 8b184197b3104107db6dabc9026bc0e68e81b46f Mon Sep 17 00:00:00 2001 From: FFMMM Date: Thu, 31 Mar 2022 10:49:37 -0700 Subject: [PATCH 051/785] polish rpc.service.call metric behavior (#12624) --- agent/config/builder.go | 52 +++++++--- agent/config/builder_test.go | 51 ++++++++++ agent/config/runtime_test.go | 4 +- agent/metrics_test.go | 117 +++++++++++++++++++++- agent/rpc/middleware/interceptors.go | 33 +++--- agent/rpc/middleware/interceptors_test.go | 15 ++- agent/setup.go | 2 - 7 files changed, 230 insertions(+), 44 deletions(-) diff --git a/agent/config/builder.go b/agent/config/builder.go index d9686254b..d5d3bbfb4 100644 --- a/agent/config/builder.go +++ b/agent/config/builder.go @@ -32,6 +32,7 @@ import ( "github.com/hashicorp/consul/agent/consul" "github.com/hashicorp/consul/agent/consul/authmethod/ssoauth" "github.com/hashicorp/consul/agent/dns" + "github.com/hashicorp/consul/agent/rpc/middleware" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/agent/token" "github.com/hashicorp/consul/ipaddr" @@ -640,21 +641,7 @@ func (b *builder) build() (rt RuntimeConfig, err error) { } // Parse the metric filters - var telemetryAllowedPrefixes, telemetryBlockedPrefixes []string - for _, rule := range c.Telemetry.PrefixFilter { - if rule == "" { - b.warn("Cannot have empty filter rule in prefix_filter") - continue - } - switch rule[0] { - case '+': - telemetryAllowedPrefixes = append(telemetryAllowedPrefixes, rule[1:]) - case '-': - telemetryBlockedPrefixes = append(telemetryBlockedPrefixes, rule[1:]) - default: - b.warn("Filter rule must begin with either '+' or '-': %q", rule) - } - } + telemetryAllowedPrefixes, telemetryBlockedPrefixes := b.parsePrefixFilter(&c.Telemetry) // raft performance scaling performanceRaftMultiplier := intVal(c.Performance.RaftMultiplier) @@ -2588,3 +2575,38 @@ func (b *builder) buildTLSConfig(rt RuntimeConfig, t TLS) (tlsutil.Config, error return c, nil } + +func (b *builder) parsePrefixFilter(telemetry *Telemetry) ([]string, []string) { + var telemetryAllowedPrefixes, telemetryBlockedPrefixes []string + + // TODO(FFMMM): Once one twelve style RPC metrics get out of Beta, don't remove them by default. + operatorPassedOneTwelveRPCMetric := false + oneTwelveRPCMetric := *telemetry.MetricsPrefix + "." + strings.Join(middleware.OneTwelveRPCSummary[0].Name, ".") + + for _, rule := range telemetry.PrefixFilter { + if rule == "" { + b.warn("Cannot have empty filter rule in prefix_filter") + continue + } + switch rule[0] { + case '+': + if rule[1:] == oneTwelveRPCMetric { + operatorPassedOneTwelveRPCMetric = true + } + telemetryAllowedPrefixes = append(telemetryAllowedPrefixes, rule[1:]) + case '-': + if rule[1:] == oneTwelveRPCMetric { + operatorPassedOneTwelveRPCMetric = true + } + telemetryBlockedPrefixes = append(telemetryBlockedPrefixes, rule[1:]) + default: + b.warn("Filter rule must begin with either '+' or '-': %q", rule) + } + } + + if !operatorPassedOneTwelveRPCMetric { + telemetryBlockedPrefixes = append(telemetryBlockedPrefixes, oneTwelveRPCMetric) + } + + return telemetryAllowedPrefixes, telemetryBlockedPrefixes +} diff --git a/agent/config/builder_test.go b/agent/config/builder_test.go index 58fd922fc..1bd6d8653 100644 --- a/agent/config/builder_test.go +++ b/agent/config/builder_test.go @@ -384,3 +384,54 @@ func TestBuilder_tlsCipherSuites(t *testing.T) { require.Contains(t, b.err.Error(), invalidCipherSuites) require.Contains(t, b.err.Error(), "cipher suites are not configurable") } + +func TestBuilder_parsePrefixFilter(t *testing.T) { + t.Run("Check that 1.12 rpc metrics are parsed correctly.", func(t *testing.T) { + type testCase struct { + name string + metricsPrefix string + prefixFilter []string + expectedAllowedPrefix []string + expectedBlockedPrefix []string + } + + var testCases = []testCase{ + { + name: "no prefix filter", + metricsPrefix: "somePrefix", + prefixFilter: []string{}, + expectedAllowedPrefix: nil, + expectedBlockedPrefix: []string{"somePrefix.rpc.server.call"}, + }, + { + name: "operator enables 1.12 rpc metrics", + metricsPrefix: "somePrefix", + prefixFilter: []string{"+somePrefix.rpc.server.call"}, + expectedAllowedPrefix: []string{"somePrefix.rpc.server.call"}, + expectedBlockedPrefix: nil, + }, + { + name: "operator enables 1.12 rpc metrics", + metricsPrefix: "somePrefix", + prefixFilter: []string{"-somePrefix.rpc.server.call"}, + expectedAllowedPrefix: nil, + expectedBlockedPrefix: []string{"somePrefix.rpc.server.call"}, + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + b := builder{} + telemetry := &Telemetry{ + MetricsPrefix: &tc.metricsPrefix, + PrefixFilter: tc.prefixFilter, + } + + allowedPrefix, blockedPrefix := b.parsePrefixFilter(telemetry) + + require.Equal(t, tc.expectedAllowedPrefix, allowedPrefix) + require.Equal(t, tc.expectedBlockedPrefix, blockedPrefix) + }) + } + }) +} diff --git a/agent/config/runtime_test.go b/agent/config/runtime_test.go index d74650c07..ab0798342 100644 --- a/agent/config/runtime_test.go +++ b/agent/config/runtime_test.go @@ -2326,7 +2326,7 @@ func TestLoad_IntegrationWithFlags(t *testing.T) { expected: func(rt *RuntimeConfig) { rt.DataDir = dataDir rt.Telemetry.AllowedPrefixes = []string{"foo"} - rt.Telemetry.BlockedPrefixes = []string{"bar"} + rt.Telemetry.BlockedPrefixes = []string{"bar", "consul.rpc.server.call"} }, expectedWarnings: []string{`Filter rule must begin with either '+' or '-': "nix"`}, }) @@ -6285,7 +6285,7 @@ func TestLoad_FullConfig(t *testing.T) { DogstatsdTags: []string{"3N81zSUB", "Xtj8AnXZ"}, FilterDefault: true, AllowedPrefixes: []string{"oJotS8XJ"}, - BlockedPrefixes: []string{"cazlEhGn"}, + BlockedPrefixes: []string{"cazlEhGn", "ftO6DySn.rpc.server.call"}, MetricsPrefix: "ftO6DySn", StatsdAddr: "drce87cy", StatsiteAddr: "HpFwKB8R", diff --git a/agent/metrics_test.go b/agent/metrics_test.go index b530eda25..5bbc7de23 100644 --- a/agent/metrics_test.go +++ b/agent/metrics_test.go @@ -10,6 +10,7 @@ import ( "strings" "testing" + "github.com/hashicorp/consul/agent/rpc/middleware" "github.com/hashicorp/consul/sdk/testutil" "github.com/hashicorp/consul/testrpc" "github.com/hashicorp/consul/tlsutil" @@ -43,6 +44,82 @@ func assertMetricExists(t *testing.T, respRec *httptest.ResponseRecorder, metric } } +// assertMetricExistsWithLabels looks in the prometheus metrics reponse for the metric name and all the labels. eg: +// new_rpc_metrics_rpc_server_call{errored="false",method="Status.Ping",request_type="unknown",rpc_type="net/rpc"} +func assertMetricExistsWithLabels(t *testing.T, respRec *httptest.ResponseRecorder, metric string, labelNames []string) { + if respRec.Body.String() == "" { + t.Fatalf("Response body is empty.") + } + + if !strings.Contains(respRec.Body.String(), metric) { + t.Fatalf("Could not find the metric \"%s\" in the /v1/agent/metrics response", metric) + } + + foundAllLabels := false + metrics := respRec.Body.String() + for _, line := range strings.Split(metrics, "\n") { + // skip help lines + if len(line) < 1 || line[0] == '#' { + continue + } + + if strings.Contains(line, metric) { + hasAllLabels := true + for _, labelName := range labelNames { + if !strings.Contains(line, labelName) { + hasAllLabels = false + break + } + } + + if hasAllLabels { + foundAllLabels = true + + // done! + break + } + } + } + + if !foundAllLabels { + t.Fatalf("Could not verify that all named labels \"%s\" exist for the metric \"%s\" in the /v1/agent/metrics response", strings.Join(labelNames, ", "), metric) + } +} + +func assertLabelWithValueForMetricExistsNTime(t *testing.T, respRec *httptest.ResponseRecorder, metric string, label string, labelValue string, occurrences int) { + if respRec.Body.String() == "" { + t.Fatalf("Response body is empty.") + } + + if !strings.Contains(respRec.Body.String(), metric) { + t.Fatalf("Could not find the metric \"%s\" in the /v1/agent/metrics response", metric) + } + + metrics := respRec.Body.String() + // don't look at _sum or _count or other aggregates + metricTarget := metric + "{" + // eg method="Status.Ping" + labelWithValueTarget := label + "=" + "\"" + labelValue + "\"" + + matchesFound := 0 + for _, line := range strings.Split(metrics, "\n") { + // skip help lines + if len(line) < 1 || line[0] == '#' { + continue + } + + if strings.Contains(line, metricTarget) { + if strings.Contains(line, labelWithValueTarget) { + matchesFound++ + } + } + } + + if matchesFound < occurrences { + t.Fatalf("Only found metric \"%s\" %d times. Wanted %d times.", metric, matchesFound, occurrences) + } +} + func assertMetricExistsWithValue(t *testing.T, respRec *httptest.ResponseRecorder, metric string, value string) { if respRec.Body.String() == "" { t.Fatalf("Response body is empty.") @@ -66,13 +143,13 @@ func assertMetricNotExists(t *testing.T, respRec *httptest.ResponseRecorder, met } } -// TestAgent_NewRPCMetrics test for the new RPC metrics. These are the labeled metrics coming from +// TestAgent_OneTwelveRPCMetrics test for the 1.12 style RPC metrics. These are the labeled metrics coming from // agent.rpc.middleware.interceptors package. -func TestAgent_NewRPCMetrics(t *testing.T) { +func TestAgent_OneTwelveRPCMetrics(t *testing.T) { skipIfShortTesting(t) // This test cannot use t.Parallel() since we modify global state, ie the global metrics instance - t.Run("Check new rpc metrics are being emitted", func(t *testing.T) { + t.Run("Check that 1.12 rpc metrics are not emitted by default.", func(t *testing.T) { metricsPrefix := "new_rpc_metrics" hcl := fmt.Sprintf(` telemetry = { @@ -92,7 +169,39 @@ func TestAgent_NewRPCMetrics(t *testing.T) { respRec := httptest.NewRecorder() recordPromMetrics(t, a, respRec) - assertMetricExists(t, respRec, metricsPrefix+"_rpc_server_call") + assertMetricNotExists(t, respRec, metricsPrefix+"_rpc_server_call") + }) + + t.Run("Check that 1.12 rpc metrics are emitted when specified by operator.", func(t *testing.T) { + metricsPrefix := "new_rpc_metrics_2" + allowRPCMetricRule := metricsPrefix + "." + strings.Join(middleware.OneTwelveRPCSummary[0].Name, ".") + hcl := fmt.Sprintf(` + telemetry = { + prometheus_retention_time = "5s" + disable_hostname = true + metrics_prefix = "%s" + prefix_filter = ["+%s"] + } + `, metricsPrefix, allowRPCMetricRule) + + a := StartTestAgent(t, TestAgent{HCL: hcl}) + defer a.Shutdown() + + var out struct{} + err := a.RPC("Status.Ping", struct{}{}, &out) + require.NoError(t, err) + err = a.RPC("Status.Ping", struct{}{}, &out) + require.NoError(t, err) + err = a.RPC("Status.Ping", struct{}{}, &out) + require.NoError(t, err) + + respRec := httptest.NewRecorder() + recordPromMetrics(t, a, respRec) + + // make sure the labels exist for this metric + assertMetricExistsWithLabels(t, respRec, metricsPrefix+"_rpc_server_call", []string{"errored", "method", "request_type", "rpc_type"}) + // make sure we see 3 Status.Ping metrics corresponding to the calls we made above + assertLabelWithValueForMetricExistsNTime(t, respRec, metricsPrefix+"_rpc_server_call", "method", "Status.Ping", 3) }) } diff --git a/agent/rpc/middleware/interceptors.go b/agent/rpc/middleware/interceptors.go index a5ee26f4e..c7ac72f35 100644 --- a/agent/rpc/middleware/interceptors.go +++ b/agent/rpc/middleware/interceptors.go @@ -3,6 +3,7 @@ package middleware import ( "reflect" "strconv" + "strings" "time" "github.com/armon/go-metrics" @@ -22,27 +23,26 @@ const RPCTypeInternal = "internal" const RPCTypeNetRPC = "net/rpc" var metricRPCRequest = []string{"rpc", "server", "call"} -var requestLogName = "rpc.server.request" +var requestLogName = strings.Join(metricRPCRequest, "_") -var NewRPCGauges = []prometheus.GaugeDefinition{ +var OneTwelveRPCSummary = []prometheus.SummaryDefinition{ { Name: metricRPCRequest, - Help: "Increments when a server makes an RPC service call. The labels on the metric have more information", + Help: "Measures the time an RPC service call takes to make in milliseconds. Labels mark which RPC method was called and metadata about the call.", }, } type RequestRecorder struct { Logger hclog.Logger - recorderFunc func(key []string, start time.Time, labels []metrics.Label) + recorderFunc func(key []string, val float32, labels []metrics.Label) } func NewRequestRecorder(logger hclog.Logger) *RequestRecorder { - return &RequestRecorder{Logger: logger, recorderFunc: metrics.MeasureSinceWithLabels} + return &RequestRecorder{Logger: logger, recorderFunc: metrics.AddSampleWithLabels} } func (r *RequestRecorder) Record(requestName string, rpcType string, start time.Time, request interface{}, respErrored bool) { - elapsed := time.Since(start) - + elapsed := time.Since(start).Milliseconds() reqType := requestType(request) labels := []metrics.Label{ @@ -52,9 +52,8 @@ func (r *RequestRecorder) Record(requestName string, rpcType string, start time. {Name: "rpc_type", Value: rpcType}, } - // TODO(FFMMM): it'd be neat if we could actually pass the elapsed observed above - r.recorderFunc(metricRPCRequest, start, labels) - + // math.MaxInt64 < math.MaxFloat32 is true so we should be good! + r.recorderFunc(metricRPCRequest, float32(elapsed), labels) r.Logger.Debug(requestLogName, "method", requestName, "errored", respErrored, @@ -64,10 +63,18 @@ func (r *RequestRecorder) Record(requestName string, rpcType string, start time. } func requestType(req interface{}) string { - if r, ok := req.(interface{ IsRead() bool }); ok && r.IsRead() { - return "read" + if r, ok := req.(interface{ IsRead() bool }); ok { + if r.IsRead() { + return "read" + } else { + return "write" + } } - return "write" + + // This logical branch should not happen. If it happens + // it means an underlying request is not implementing the interface. + // Rather than swallowing it up in a "read" or "write", let's be aware of it. + return "unreported" } func GetNetRPCInterceptor(recorder *RequestRecorder) rpc.ServerServiceCallInterceptor { diff --git a/agent/rpc/middleware/interceptors_test.go b/agent/rpc/middleware/interceptors_test.go index e6743a4a6..23d764962 100644 --- a/agent/rpc/middleware/interceptors_test.go +++ b/agent/rpc/middleware/interceptors_test.go @@ -13,9 +13,9 @@ import ( // obs holds all the things we want to assert on that we recorded correctly in our tests. type obs struct { - key []string - start time.Time - labels []metrics.Label + key []string + elapsed float32 + labels []metrics.Label } // recorderStore acts as an in-mem mock storage for all the RequestRecorder.Record() recorderFunc calls. @@ -41,9 +41,8 @@ func (rs *recorderStore) get(key []string) obs { } var store = recorderStore{store: make(map[string]obs)} -var simpleRecorderFunc = func(key []string, start time.Time, labels []metrics.Label) { - o := obs{key: key, start: start, labels: labels} - +var simpleRecorderFunc = func(key []string, val float32, labels []metrics.Label) { + o := obs{key: key, elapsed: val, labels: labels} store.put(key, o) } @@ -71,13 +70,13 @@ func TestRequestRecorder_SimpleOK(t *testing.T) { expectedLabels := []metrics.Label{ {Name: "method", Value: "A.B"}, {Name: "errored", Value: "false"}, - {Name: "request_type", Value: "write"}, + {Name: "request_type", Value: "unreported"}, {Name: "rpc_type", Value: RPCTypeInternal}, } o := store.get(append(metricRPCRequest, expectedLabels[0].Value)) require.Equal(t, o.key, metricRPCRequest) - require.Equal(t, o.start, start) + require.LessOrEqual(t, o.elapsed, float32(start.Sub(time.Now()).Milliseconds())) require.Equal(t, o.labels, expectedLabels) } diff --git a/agent/setup.go b/agent/setup.go index 4921a42d8..bf67c0360 100644 --- a/agent/setup.go +++ b/agent/setup.go @@ -25,7 +25,6 @@ import ( "github.com/hashicorp/consul/agent/local" "github.com/hashicorp/consul/agent/pool" "github.com/hashicorp/consul/agent/router" - "github.com/hashicorp/consul/agent/rpc/middleware" "github.com/hashicorp/consul/agent/submatview" "github.com/hashicorp/consul/agent/token" "github.com/hashicorp/consul/agent/xds" @@ -215,7 +214,6 @@ func getPrometheusDefs(cfg lib.TelemetryConfig, isServer bool) ([]prometheus.Gau CertExpirationGauges, Gauges, raftGauges, - middleware.NewRPCGauges, } // TODO(ffmmm): conditionally add only leader specific metrics to gauges, counters, summaries, etc From 9a2474381ac4f26477973257a1a0f4fe81cb1a55 Mon Sep 17 00:00:00 2001 From: Kyle Havlovitz Date: Thu, 31 Mar 2022 09:49:11 -0700 Subject: [PATCH 052/785] Add expanded token read flag and endpoint option --- .changelog/12670.txt | 3 + agent/acl_endpoint.go | 11 + agent/acl_endpoint_test.go | 11 + agent/consul/acl_endpoint.go | 89 +++++++ agent/consul/acl_endpoint_oss.go | 6 + agent/consul/acl_endpoint_test.go | 175 +++++++++++++ agent/structs/acl.go | 27 +- agent/structs/acl_test.go | 2 +- api/acl.go | 40 +++ command/acl/token/formatter.go | 166 ++++++++++++ command/acl/token/formatter_oss_test.go | 12 + command/acl/token/formatter_test.go | 236 ++++++++++++++++++ command/acl/token/read/token_read.go | 18 +- .../FormatTokenExpanded/oss/basic.json.golden | 48 ++++ .../oss/basic.pretty-meta.golden | 34 +++ .../oss/basic.pretty.golden | 31 +++ .../oss/complex.json.golden | 191 ++++++++++++++ .../oss/complex.pretty-meta.golden | 166 ++++++++++++ .../oss/complex.pretty.golden | 163 ++++++++++++ 19 files changed, 1423 insertions(+), 6 deletions(-) create mode 100644 .changelog/12670.txt create mode 100644 command/acl/token/formatter_oss_test.go create mode 100644 command/acl/token/testdata/FormatTokenExpanded/oss/basic.json.golden create mode 100644 command/acl/token/testdata/FormatTokenExpanded/oss/basic.pretty-meta.golden create mode 100644 command/acl/token/testdata/FormatTokenExpanded/oss/basic.pretty.golden create mode 100644 command/acl/token/testdata/FormatTokenExpanded/oss/complex.json.golden create mode 100644 command/acl/token/testdata/FormatTokenExpanded/oss/complex.pretty-meta.golden create mode 100644 command/acl/token/testdata/FormatTokenExpanded/oss/complex.pretty.golden diff --git a/.changelog/12670.txt b/.changelog/12670.txt new file mode 100644 index 000000000..85d9348c5 --- /dev/null +++ b/.changelog/12670.txt @@ -0,0 +1,3 @@ +```release-note:feature +cli: The `token read` command now supports the `-expanded` flag to display detailed role and policy information for the token. +``` diff --git a/agent/acl_endpoint.go b/agent/acl_endpoint.go index 5b9ddec3b..54f6c3948 100644 --- a/agent/acl_endpoint.go +++ b/agent/acl_endpoint.go @@ -378,6 +378,9 @@ func (s *HTTPHandlers) ACLTokenGet(resp http.ResponseWriter, req *http.Request, if err := s.parseEntMeta(req, &args.EnterpriseMeta); err != nil { return nil, err } + if _, ok := req.URL.Query()["expanded"]; ok { + args.Expanded = true + } if args.Datacenter == "" { args.Datacenter = s.agent.config.Datacenter @@ -393,6 +396,14 @@ func (s *HTTPHandlers) ACLTokenGet(resp http.ResponseWriter, req *http.Request, return nil, acl.ErrNotFound } + if args.Expanded { + expanded := &structs.ACLTokenExpanded{ + ACLToken: out.Token, + ExpandedTokenInfo: out.ExpandedTokenInfo, + } + return expanded, nil + } + return out.Token, nil } diff --git a/agent/acl_endpoint_test.go b/agent/acl_endpoint_test.go index 5087367d8..2c6aad450 100644 --- a/agent/acl_endpoint_test.go +++ b/agent/acl_endpoint_test.go @@ -724,6 +724,17 @@ func TestACL_HTTP(t *testing.T) { require.True(t, ok) require.Equal(t, expected, token) }) + t.Run("Read-expanded", func(t *testing.T) { + expected := tokenMap[idMap["token-test"]] + req, _ := http.NewRequest("GET", "/v1/acl/token/"+expected.AccessorID+"?token=root&expanded=true", nil) + resp := httptest.NewRecorder() + obj, err := a.srv.ACLTokenCRUD(resp, req) + require.NoError(t, err) + tokenResp, ok := obj.(*structs.ACLTokenExpanded) + require.True(t, ok) + require.Equal(t, expected, tokenResp.ACLToken) + require.Len(t, tokenResp.ExpandedPolicies, 3) + }) t.Run("Self", func(t *testing.T) { expected := tokenMap[idMap["token-test"]] req, _ := http.NewRequest("GET", "/v1/acl/token/self?token="+expected.SecretID, nil) diff --git a/agent/consul/acl_endpoint.go b/agent/consul/acl_endpoint.go index 2541c36c1..bac938dfa 100644 --- a/agent/consul/acl_endpoint.go +++ b/agent/consul/acl_endpoint.go @@ -325,10 +325,99 @@ func (a *ACL) TokenRead(args *structs.ACLTokenGetRequest, reply *structs.ACLToke if token == nil { return errNotFound } + + if args.Expanded { + info, err := a.lookupExpandedTokenInfo(ws, state, token) + if err != nil { + return err + } + reply.ExpandedTokenInfo = info + } + return nil }) } +func (a *ACL) lookupExpandedTokenInfo(ws memdb.WatchSet, state *state.Store, token *structs.ACLToken) (structs.ExpandedTokenInfo, error) { + policyIDs := make(map[string]struct{}) + roleIDs := make(map[string]struct{}) + identityPolicies := make(map[string]*structs.ACLPolicy) + tokenInfo := structs.ExpandedTokenInfo{} + + // Add the token's policies and node/service identity policies + for _, policy := range token.Policies { + policyIDs[policy.ID] = struct{}{} + } + for _, roleLink := range token.Roles { + roleIDs[roleLink.ID] = struct{}{} + } + + for _, identity := range token.ServiceIdentities { + policy := identity.SyntheticPolicy(&token.EnterpriseMeta) + identityPolicies[policy.ID] = policy + } + for _, identity := range token.NodeIdentities { + policy := identity.SyntheticPolicy(&token.EnterpriseMeta) + identityPolicies[policy.ID] = policy + } + + // Get any namespace default roles/policies to look up + nsPolicies, nsRoles, err := getTokenNamespaceDefaults(ws, state, &token.EnterpriseMeta) + if err != nil { + return tokenInfo, err + } + tokenInfo.NamespaceDefaultPolicyIDs = nsPolicies + tokenInfo.NamespaceDefaultRoleIDs = nsRoles + for _, id := range nsPolicies { + policyIDs[id] = struct{}{} + } + for _, id := range nsRoles { + roleIDs[id] = struct{}{} + } + + // Add each role's policies and node/service identity policies + for roleID := range roleIDs { + _, role, err := state.ACLRoleGetByID(ws, roleID, &token.EnterpriseMeta) + if err != nil { + return tokenInfo, err + } + + for _, policy := range role.Policies { + policyIDs[policy.ID] = struct{}{} + } + + for _, identity := range role.ServiceIdentities { + policy := identity.SyntheticPolicy(&role.EnterpriseMeta) + identityPolicies[policy.ID] = policy + } + for _, identity := range role.NodeIdentities { + policy := identity.SyntheticPolicy(&role.EnterpriseMeta) + identityPolicies[policy.ID] = policy + } + + tokenInfo.ExpandedRoles = append(tokenInfo.ExpandedRoles, role) + } + + var policies []*structs.ACLPolicy + for id := range policyIDs { + _, policy, err := state.ACLPolicyGetByID(ws, id, &token.EnterpriseMeta) + if err != nil { + return tokenInfo, err + } + policies = append(policies, policy) + } + for _, policy := range identityPolicies { + policies = append(policies, policy) + } + + tokenInfo.ExpandedPolicies = policies + tokenInfo.AgentACLDefaultPolicy = a.srv.config.ACLResolverSettings.ACLDefaultPolicy + tokenInfo.AgentACLDownPolicy = a.srv.config.ACLResolverSettings.ACLDownPolicy + tokenInfo.ResolvedByAgent = a.srv.config.NodeName + + return tokenInfo, nil +} + func (a *ACL) TokenClone(args *structs.ACLTokenSetRequest, reply *structs.ACLToken) error { if err := a.aclPreCheck(); err != nil { return err diff --git a/agent/consul/acl_endpoint_oss.go b/agent/consul/acl_endpoint_oss.go index 80cb54c80..3cc9e35d4 100644 --- a/agent/consul/acl_endpoint_oss.go +++ b/agent/consul/acl_endpoint_oss.go @@ -5,7 +5,9 @@ package consul import ( "github.com/hashicorp/consul/agent/consul/authmethod" + "github.com/hashicorp/consul/agent/consul/state" "github.com/hashicorp/consul/agent/structs" + memdb "github.com/hashicorp/go-memdb" ) func (a *ACL) tokenUpsertValidateEnterprise(token *structs.ACLToken, existing *structs.ACLToken) error { @@ -37,3 +39,7 @@ func computeTargetEnterpriseMeta( ) (*structs.EnterpriseMeta, error) { return &structs.EnterpriseMeta{}, nil } + +func getTokenNamespaceDefaults(ws memdb.WatchSet, state *state.Store, entMeta *structs.EnterpriseMeta) ([]string, []string, error) { + return nil, nil, nil +} diff --git a/agent/consul/acl_endpoint_test.go b/agent/consul/acl_endpoint_test.go index 009f1c52d..637872070 100644 --- a/agent/consul/acl_endpoint_test.go +++ b/agent/consul/acl_endpoint_test.go @@ -204,6 +204,181 @@ func TestACLEndpoint_TokenRead(t *testing.T) { require.Nil(t, resp.Token) require.EqualError(t, err, "failed acl token lookup: index error: UUID must be 36 characters") }) + + t.Run("expanded output with role/policy", func(t *testing.T) { + p1, err := upsertTestPolicy(codec, TestDefaultInitialManagementToken, "dc1") + require.NoError(t, err) + + p2, err := upsertTestPolicy(codec, TestDefaultInitialManagementToken, "dc1") + require.NoError(t, err) + + r1, err := upsertTestCustomizedRole(codec, TestDefaultInitialManagementToken, "dc1", func(role *structs.ACLRole) { + role.Policies = []structs.ACLRolePolicyLink{ + { + ID: p2.ID, + }, + } + }) + require.NoError(t, err) + + setReq := structs.ACLTokenSetRequest{ + Datacenter: "dc1", + ACLToken: structs.ACLToken{ + Description: "foobar", + Policies: []structs.ACLTokenPolicyLink{ + { + ID: p1.ID, + }, + }, + Roles: []structs.ACLTokenRoleLink{ + { + ID: r1.ID, + }, + }, + Local: false, + }, + WriteRequest: structs.WriteRequest{Token: TestDefaultInitialManagementToken}, + } + + setResp := structs.ACLToken{} + err = msgpackrpc.CallWithCodec(codec, "ACL.TokenSet", &setReq, &setResp) + require.NoError(t, err) + require.NotEmpty(t, setResp.AccessorID) + + req := structs.ACLTokenGetRequest{ + Datacenter: "dc1", + TokenID: setResp.AccessorID, + TokenIDType: structs.ACLTokenAccessor, + Expanded: true, + QueryOptions: structs.QueryOptions{Token: TestDefaultInitialManagementToken}, + } + resp := structs.ACLTokenResponse{} + + err = msgpackrpc.CallWithCodec(codec, "ACL.TokenRead", &req, &resp) + require.NoError(t, err) + require.NotNil(t, resp.Token) + require.ElementsMatch(t, []*structs.ACLPolicy{p1, p2}, resp.ExpandedPolicies) + require.ElementsMatch(t, []*structs.ACLRole{r1}, resp.ExpandedRoles) + }) + + t.Run("expanded output with multiple roles that share a policy", func(t *testing.T) { + p1, err := upsertTestPolicy(codec, TestDefaultInitialManagementToken, "dc1") + require.NoError(t, err) + + r1, err := upsertTestCustomizedRole(codec, TestDefaultInitialManagementToken, "dc1", func(role *structs.ACLRole) { + role.Policies = []structs.ACLRolePolicyLink{ + { + ID: p1.ID, + }, + } + }) + require.NoError(t, err) + + r2, err := upsertTestCustomizedRole(codec, TestDefaultInitialManagementToken, "dc1", func(role *structs.ACLRole) { + role.Policies = []structs.ACLRolePolicyLink{ + { + ID: p1.ID, + }, + } + }) + require.NoError(t, err) + + setReq := structs.ACLTokenSetRequest{ + Datacenter: "dc1", + ACLToken: structs.ACLToken{ + Description: "foobar", + Roles: []structs.ACLTokenRoleLink{ + { + ID: r1.ID, + }, + { + ID: r2.ID, + }, + }, + Local: false, + }, + WriteRequest: structs.WriteRequest{Token: TestDefaultInitialManagementToken}, + } + + setResp := structs.ACLToken{} + err = msgpackrpc.CallWithCodec(codec, "ACL.TokenSet", &setReq, &setResp) + require.NoError(t, err) + require.NotEmpty(t, setResp.AccessorID) + + req := structs.ACLTokenGetRequest{ + Datacenter: "dc1", + TokenID: setResp.AccessorID, + TokenIDType: structs.ACLTokenAccessor, + Expanded: true, + QueryOptions: structs.QueryOptions{Token: TestDefaultInitialManagementToken}, + } + resp := structs.ACLTokenResponse{} + + err = msgpackrpc.CallWithCodec(codec, "ACL.TokenRead", &req, &resp) + require.NoError(t, err) + require.NotNil(t, resp.Token) + require.ElementsMatch(t, []*structs.ACLPolicy{p1}, resp.ExpandedPolicies) + require.ElementsMatch(t, []*structs.ACLRole{r1, r2}, resp.ExpandedRoles) + }) + + t.Run("expanded output with node/service identities", func(t *testing.T) { + setReq := structs.ACLTokenSetRequest{ + Datacenter: "dc1", + ACLToken: structs.ACLToken{ + Description: "foobar", + ServiceIdentities: []*structs.ACLServiceIdentity{ + { + ServiceName: "web", + Datacenters: []string{"dc1"}, + }, + { + ServiceName: "db", + Datacenters: []string{"dc2"}, + }, + }, + NodeIdentities: []*structs.ACLNodeIdentity{ + { + NodeName: "foo", + Datacenter: "dc1", + }, + { + NodeName: "bar", + Datacenter: "dc1", + }, + }, + Local: false, + }, + WriteRequest: structs.WriteRequest{Token: TestDefaultInitialManagementToken}, + } + + var expectedPolicies []*structs.ACLPolicy + entMeta := structs.DefaultEnterpriseMetaInDefaultPartition() + for _, serviceIdentity := range setReq.ACLToken.ServiceIdentities { + expectedPolicies = append(expectedPolicies, serviceIdentity.SyntheticPolicy(entMeta)) + } + for _, serviceIdentity := range setReq.ACLToken.NodeIdentities { + expectedPolicies = append(expectedPolicies, serviceIdentity.SyntheticPolicy(entMeta)) + } + + setResp := structs.ACLToken{} + err := msgpackrpc.CallWithCodec(codec, "ACL.TokenSet", &setReq, &setResp) + require.NoError(t, err) + require.NotEmpty(t, setResp.AccessorID) + + req := structs.ACLTokenGetRequest{ + Datacenter: "dc1", + TokenID: setResp.AccessorID, + TokenIDType: structs.ACLTokenAccessor, + Expanded: true, + QueryOptions: structs.QueryOptions{Token: TestDefaultInitialManagementToken}, + } + resp := structs.ACLTokenResponse{} + + err = msgpackrpc.CallWithCodec(codec, "ACL.TokenRead", &req, &resp) + require.NoError(t, err) + require.NotNil(t, resp.Token) + require.ElementsMatch(t, expectedPolicies, resp.ExpandedPolicies) + }) } func TestACLEndpoint_TokenClone(t *testing.T) { diff --git a/agent/structs/acl.go b/agent/structs/acl.go index 42fa55821..6631fa918 100644 --- a/agent/structs/acl.go +++ b/agent/structs/acl.go @@ -158,7 +158,8 @@ func (s *ACLServiceIdentity) SyntheticPolicy(entMeta *EnterpriseMeta) *ACLPolicy policy := &ACLPolicy{} policy.ID = hashID policy.Name = fmt.Sprintf("synthetic-policy-%s", hashID) - policy.Description = "synthetic policy" + sn := NewServiceName(s.ServiceName, entMeta) + policy.Description = fmt.Sprintf("synthetic policy for service identity %q", sn.String()) policy.Rules = rules policy.Syntax = acl.SyntaxCurrent policy.Datacenters = s.Datacenters @@ -202,7 +203,7 @@ func (s *ACLNodeIdentity) SyntheticPolicy(entMeta *EnterpriseMeta) *ACLPolicy { policy := &ACLPolicy{} policy.ID = hashID policy.Name = fmt.Sprintf("synthetic-policy-%s", hashID) - policy.Description = "synthetic policy" + policy.Description = fmt.Sprintf("synthetic policy for node identity %q", s.NodeName) policy.Rules = rules policy.Syntax = acl.SyntaxCurrent policy.Datacenters = []string{s.Datacenter} @@ -1217,7 +1218,8 @@ func (r *ACLTokenSetRequest) RequestDatacenter() string { type ACLTokenGetRequest struct { TokenID string // id used for the token lookup TokenIDType ACLTokenIDType // The Type of ID used to lookup the token - Datacenter string // The datacenter to perform the request within + Expanded bool + Datacenter string // The datacenter to perform the request within EnterpriseMeta QueryOptions } @@ -1313,9 +1315,28 @@ type ACLTokenResponse struct { Token *ACLToken Redacted bool // whether the token's secret was redacted SourceDatacenter string + + ExpandedTokenInfo QueryMeta } +type ExpandedTokenInfo struct { + ExpandedPolicies []*ACLPolicy + ExpandedRoles []*ACLRole + + NamespaceDefaultPolicyIDs []string + NamespaceDefaultRoleIDs []string + + AgentACLDefaultPolicy string + AgentACLDownPolicy string + ResolvedByAgent string +} + +type ACLTokenExpanded struct { + *ACLToken + ExpandedTokenInfo +} + // ACLTokenBatchResponse returns multiple Tokens associated with the same metadata type ACLTokenBatchResponse struct { Tokens []*ACLToken diff --git a/agent/structs/acl_test.go b/agent/structs/acl_test.go index a435d1c57..65afc6bf1 100644 --- a/agent/structs/acl_test.go +++ b/agent/structs/acl_test.go @@ -69,7 +69,6 @@ func TestStructs_ACLServiceIdentity_SyntheticPolicy(t *testing.T) { expect := &ACLPolicy{ Syntax: acl.SyntaxCurrent, Datacenters: test.datacenters, - Description: "synthetic policy", Rules: test.expectRules, } @@ -79,6 +78,7 @@ func TestStructs_ACLServiceIdentity_SyntheticPolicy(t *testing.T) { // strip irrelevant fields before equality got.ID = "" got.Name = "" + got.Description = "" got.Hash = nil require.Equal(t, expect, got) }) diff --git a/api/acl.go b/api/acl.go index 0f44494dd..9989a50b2 100644 --- a/api/acl.go +++ b/api/acl.go @@ -62,6 +62,20 @@ type ACLToken struct { AuthMethodNamespace string `json:",omitempty"` } +type ACLTokenExpanded struct { + ExpandedPolicies []ACLPolicy + ExpandedRoles []ACLRole + + NamespaceDefaultPolicies []string + NamespaceDefaultRoles []string + + AgentACLDefaultPolicy string + AgentACLDownPolicy string + ResolvedByAgent string + + ACLToken +} + type ACLTokenListEntry struct { CreateIndex uint64 ModifyIndex uint64 @@ -788,6 +802,32 @@ func (a *ACL) TokenRead(tokenID string, q *QueryOptions) (*ACLToken, *QueryMeta, return &out, qm, nil } +// TokenReadExpanded retrieves the full token details, as well as the contents of any policies affecting the token. +// The tokenID parameter must be a valid Accessor ID of an existing token. +func (a *ACL) TokenReadExpanded(tokenID string, q *QueryOptions) (*ACLTokenExpanded, *QueryMeta, error) { + r := a.c.newRequest("GET", "/v1/acl/token/"+tokenID) + r.setQueryOptions(q) + r.params.Set("expanded", "true") + rtt, resp, err := a.c.doRequest(r) + if err != nil { + return nil, nil, err + } + defer closeResponseBody(resp) + if err := requireOK(resp); err != nil { + return nil, nil, err + } + qm := &QueryMeta{} + parseQueryMeta(resp, qm) + qm.RequestTime = rtt + + var out ACLTokenExpanded + if err := decodeBody(resp, &out); err != nil { + return nil, nil, err + } + + return &out, qm, nil +} + // TokenReadSelf retrieves the full token details of the token currently // assigned to the API Client. In this manner its possible to read a token // by its Secret ID. diff --git a/command/acl/token/formatter.go b/command/acl/token/formatter.go index e88ee28ba..a1eb050ba 100644 --- a/command/acl/token/formatter.go +++ b/command/acl/token/formatter.go @@ -6,17 +6,22 @@ import ( "fmt" "strings" + "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" ) const ( PrettyFormat string = "pretty" JSONFormat string = "json" + + WHITESPACE_2 string = "\t" + WHITESPACE_4 string = "\t\t" ) // Formatter defines methods provided by token command output formatter type Formatter interface { FormatToken(token *api.ACLToken) (string, error) + FormatTokenExpanded(token *api.ACLTokenExpanded) (string, error) FormatTokenList(tokens []*api.ACLTokenListEntry) (string, error) } @@ -108,6 +113,159 @@ func (f *prettyFormatter) FormatToken(token *api.ACLToken) (string, error) { return buffer.String(), nil } +func (f *prettyFormatter) FormatTokenExpanded(token *api.ACLTokenExpanded) (string, error) { + var buffer bytes.Buffer + + buffer.WriteString(fmt.Sprintf("AccessorID: %s\n", token.AccessorID)) + buffer.WriteString(fmt.Sprintf("SecretID: %s\n", token.SecretID)) + if token.Partition != "" { + buffer.WriteString(fmt.Sprintf("Partition: %s\n", token.Partition)) + } + if token.Namespace != "" { + buffer.WriteString(fmt.Sprintf("Namespace: %s\n", token.Namespace)) + } + buffer.WriteString(fmt.Sprintf("Description: %s\n", token.Description)) + buffer.WriteString(fmt.Sprintf("Local: %t\n", token.Local)) + if token.AuthMethod != "" { + buffer.WriteString(fmt.Sprintf("Auth Method: %s (Namespace: %s)\n", token.AuthMethod, token.AuthMethodNamespace)) + } + buffer.WriteString(fmt.Sprintf("Create Time: %v\n", token.CreateTime)) + if token.ExpirationTime != nil && !token.ExpirationTime.IsZero() { + buffer.WriteString(fmt.Sprintf("Expiration Time: %v\n", *token.ExpirationTime)) + } + if f.showMeta { + buffer.WriteString(fmt.Sprintf("Hash: %x\n", token.Hash)) + buffer.WriteString(fmt.Sprintf("Create Index: %d\n", token.CreateIndex)) + buffer.WriteString(fmt.Sprintf("Modify Index: %d\n", token.ModifyIndex)) + } + + policies := make(map[string]api.ACLPolicy) + roles := make(map[string]api.ACLRole) + for _, policy := range token.ExpandedPolicies { + policies[policy.ID] = policy + } + for _, role := range token.ExpandedRoles { + roles[role.ID] = role + } + + formatPolicy := func(policy api.ACLPolicy, indent string) { + buffer.WriteString(fmt.Sprintf(indent+"Policy Name: %s\n", policy.Name)) + buffer.WriteString(fmt.Sprintf(indent+WHITESPACE_2+"ID: %s\n", policy.ID)) + buffer.WriteString(fmt.Sprintf(indent+WHITESPACE_2+"Description: %s\n", policy.Description)) + buffer.WriteString(indent + WHITESPACE_2 + "Rules:\n") + buffer.WriteString(indent + WHITESPACE_4) + buffer.WriteString(strings.ReplaceAll(policy.Rules, "\n", "\n"+indent+WHITESPACE_4)) + buffer.WriteString("\n\n") + } + + if len(token.ACLToken.Policies) > 0 { + buffer.WriteString("Policies:\n") + for _, policyLink := range token.ACLToken.Policies { + formatPolicy(policies[policyLink.ID], WHITESPACE_2) + } + } + + entMeta := structs.NewEnterpriseMetaWithPartition(token.Partition, token.Namespace) + formatServiceIdentity := func(svcIdentity *api.ACLServiceIdentity, indent string) { + if len(svcIdentity.Datacenters) > 0 { + buffer.WriteString(fmt.Sprintf(indent+"Name: %s (Datacenters: %s)\n", svcIdentity.ServiceName, strings.Join(svcIdentity.Datacenters, ", "))) + } else { + buffer.WriteString(fmt.Sprintf(indent+"Name: %s (Datacenters: all)\n", svcIdentity.ServiceName)) + } + identity := structs.ACLServiceIdentity{ServiceName: svcIdentity.ServiceName, Datacenters: svcIdentity.Datacenters} + policy := identity.SyntheticPolicy(&entMeta) + buffer.WriteString(fmt.Sprintf(indent+WHITESPACE_2+"Description: %s\n", policy.Description)) + buffer.WriteString(indent + WHITESPACE_2 + "Rules:") + buffer.WriteString(strings.ReplaceAll(policy.Rules, "\n", "\n"+indent+WHITESPACE_4)) + buffer.WriteString("\n\n") + } + if len(token.ACLToken.ServiceIdentities) > 0 { + buffer.WriteString("Service Identities:\n") + for _, svcIdentity := range token.ACLToken.ServiceIdentities { + formatServiceIdentity(svcIdentity, WHITESPACE_2) + } + } + + formatNodeIdentity := func(nodeIdentity *api.ACLNodeIdentity, indent string) { + buffer.WriteString(fmt.Sprintf(indent+"Name: %s (Datacenter: %s)\n", nodeIdentity.NodeName, nodeIdentity.Datacenter)) + identity := structs.ACLNodeIdentity{NodeName: nodeIdentity.NodeName, Datacenter: nodeIdentity.Datacenter} + policy := identity.SyntheticPolicy(&entMeta) + buffer.WriteString(fmt.Sprintf(indent+WHITESPACE_2+"Description: %s\n", policy.Description)) + buffer.WriteString(indent + WHITESPACE_2 + "Rules:") + buffer.WriteString(strings.ReplaceAll(policy.Rules, "\n", "\n"+indent+WHITESPACE_4)) + buffer.WriteString("\n\n") + } + if len(token.ACLToken.NodeIdentities) > 0 { + buffer.WriteString("Node Identities:\n") + for _, nodeIdentity := range token.ACLToken.NodeIdentities { + formatNodeIdentity(nodeIdentity, WHITESPACE_2) + } + } + + formatRole := func(role api.ACLRole, indent string) { + buffer.WriteString(fmt.Sprintf(indent+"Role Name: %s\n", role.Name)) + buffer.WriteString(fmt.Sprintf(indent+WHITESPACE_2+"ID: %s\n", role.ID)) + buffer.WriteString(fmt.Sprintf(indent+WHITESPACE_2+"Description: %s\n", role.Description)) + + if len(role.Policies) > 0 { + buffer.WriteString(indent + WHITESPACE_2 + "Policies:\n") + for _, policyLink := range role.Policies { + formatPolicy(policies[policyLink.ID], indent+WHITESPACE_4) + } + } + + if len(role.ServiceIdentities) > 0 { + buffer.WriteString(indent + WHITESPACE_2 + "Service Identities:\n") + for _, svcIdentity := range role.ServiceIdentities { + formatServiceIdentity(svcIdentity, indent+WHITESPACE_4) + } + } + + if len(role.NodeIdentities) > 0 { + buffer.WriteString(indent + WHITESPACE_2 + "Node Identities:\n") + for _, nodeIdentity := range role.NodeIdentities { + formatNodeIdentity(nodeIdentity, indent+WHITESPACE_4) + } + } + } + if len(token.ACLToken.Roles) > 0 { + buffer.WriteString("Roles:\n") + for _, roleLink := range token.ACLToken.Roles { + role := roles[roleLink.ID] + formatRole(role, WHITESPACE_2) + } + } + + buffer.WriteString("=== End of Authorizer Layer 0: Token ===\n") + + if len(token.NamespaceDefaultPolicies) > 0 || len(token.NamespaceDefaultRoles) > 0 { + buffer.WriteString("=== Start of Authorizer Layer 1: Token Namespace’s Defaults (Inherited) ===\n") + buffer.WriteString(fmt.Sprintf("Description: ACL Roles inherited by all Tokens in Namespace %q\n\n", token.Namespace)) + + buffer.WriteString("Namespace Policy Defaults:\n") + for _, policyID := range token.NamespaceDefaultPolicies { + formatPolicy(policies[policyID], WHITESPACE_2) + } + + buffer.WriteString("Namespace Role Defaults:\n") + for _, roleID := range token.NamespaceDefaultRoles { + formatRole(roles[roleID], WHITESPACE_2) + } + + buffer.WriteString("=== End of Authorizer Layer 1: Token Namespace’s Defaults (Inherited) ===\n") + } + + buffer.WriteString("=== Start of Authorizer Layer 2: Agent Configuration Defaults (Inherited) ===\n") + buffer.WriteString("Description: Defined at request-time by the agent that resolves the ACL token; other agents may have different configuration defaults\n") + buffer.WriteString(fmt.Sprintf("Resolved By Agent: %q\n\n", token.ResolvedByAgent)) + buffer.WriteString(fmt.Sprintf("Default Policy: %s\n", token.AgentACLDefaultPolicy)) + buffer.WriteString(WHITESPACE_2 + "Description: Backstop rule used if no preceding layer has a matching rule (refer to default_policy option in agent configuration)\n\n") + buffer.WriteString(fmt.Sprintf("Down Policy: %s\n", token.AgentACLDownPolicy)) + buffer.WriteString(WHITESPACE_2 + "Description: Defines what to do if this Token's information cannot be read from the primary_datacenter (refer to down_policy option in agent configuration)\n\n") + + return buffer.String(), nil +} + func (f *prettyFormatter) FormatTokenList(tokens []*api.ACLTokenListEntry) (string, error) { var buffer bytes.Buffer @@ -204,3 +362,11 @@ func (f *jsonFormatter) FormatToken(token *api.ACLToken) (string, error) { } return string(b), nil } + +func (f *jsonFormatter) FormatTokenExpanded(token *api.ACLTokenExpanded) (string, error) { + b, err := json.MarshalIndent(token, "", " ") + if err != nil { + return "", fmt.Errorf("Failed to marshal token: %v", err) + } + return string(b), nil +} diff --git a/command/acl/token/formatter_oss_test.go b/command/acl/token/formatter_oss_test.go new file mode 100644 index 000000000..d825a5ee3 --- /dev/null +++ b/command/acl/token/formatter_oss_test.go @@ -0,0 +1,12 @@ +//go:build !consulent +// +build !consulent + +package token + +import ( + "testing" +) + +func TestFormatTokenExpanded(t *testing.T) { + testFormatTokenExpanded(t, "FormatTokenExpanded/oss") +} diff --git a/command/acl/token/formatter_test.go b/command/acl/token/formatter_test.go index a267c385f..ba93e9dc0 100644 --- a/command/acl/token/formatter_test.go +++ b/command/acl/token/formatter_test.go @@ -254,3 +254,239 @@ func TestFormatTokenList(t *testing.T) { }) } } + +type testCase struct { + tokenExpanded api.ACLTokenExpanded + overrideGoldenName string +} + +func timeRef(in time.Time) *time.Time { + return &in +} + +var expandedTokenTestCases = map[string]testCase{ + "basic": { + tokenExpanded: api.ACLTokenExpanded{ + ExpandedPolicies: []api.ACLPolicy{ + { + ID: "beb04680-815b-4d7c-9e33-3d707c24672c", + Name: "foo", + Description: "user policy on token", + Rules: `service_prefix "" { + policy = "read" +}`, + }, + { + ID: "18788457-584c-4812-80d3-23d403148a90", + Name: "bar", + Description: "other user policy on token", + Rules: `operator = "read"`, + }, + }, + AgentACLDefaultPolicy: "allow", + AgentACLDownPolicy: "deny", + ResolvedByAgent: "leader", + ACLToken: api.ACLToken{ + AccessorID: "fbd2447f-7479-4329-ad13-b021d74f86ba", + SecretID: "869c6e91-4de9-4dab-b56e-87548435f9c6", + Description: "test token", + Local: false, + CreateTime: time.Date(2020, 5, 22, 18, 52, 31, 0, time.UTC), + Hash: []byte{'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h'}, + CreateIndex: 42, + ModifyIndex: 100, + Policies: []*api.ACLLink{ + { + ID: "beb04680-815b-4d7c-9e33-3d707c24672c", + Name: "foo", + }, + { + ID: "18788457-584c-4812-80d3-23d403148a90", + Name: "bar", + }, + }, + }, + }, + }, + "complex": { + tokenExpanded: api.ACLTokenExpanded{ + ExpandedPolicies: []api.ACLPolicy{ + { + ID: "beb04680-815b-4d7c-9e33-3d707c24672c", + Name: "hobbiton", + Description: "user policy on token", + Rules: `service_prefix "" { + policy = "read" +}`, + }, + { + ID: "18788457-584c-4812-80d3-23d403148a90", + Name: "bywater", + Description: "other user policy on token", + Rules: `operator = "read"`, + }, + { + ID: "6204f4cd-4709-441c-ac1b-cb029e940263", + Name: "shire-policy", + Description: "policy for shire role", + Rules: `operator = "write"`, + }, + { + ID: "e86f0d1f-71b1-4690-bdfd-ff8c2cd4ae93", + Name: "west-farthing-policy", + Description: "policy for west-farthing role", + Rules: `service "foo" { + policy = "read" +}`, + }, + { + ID: "2b582ff1-4a43-457f-8a2b-30a8265e29a5", + Name: "default-policy-1", + Description: "default policy 1", + Rules: `key "foo" { policy = "write" }`, + }, + { + ID: "b55dce64-f2cc-4eb5-8e5f-50e90e63c6ea", + Name: "default-policy-2", + Description: "default policy 2", + Rules: `key "bar" { policy = "read" }`, + }, + }, + ExpandedRoles: []api.ACLRole{ + { + ID: "3b0a78fe-b9c3-40de-b8ea-7d4d6674b366", + Name: "shire", + Description: "shire role", + Policies: []*api.ACLRolePolicyLink{ + { + ID: "6204f4cd-4709-441c-ac1b-cb029e940263", + }, + }, + ServiceIdentities: []*api.ACLServiceIdentity{ + { + ServiceName: "foo", + Datacenters: []string{"middleearth-southwest"}, + }, + }, + }, + { + ID: "6c9d1e1d-34bc-4d55-80f3-add0890ad791", + Name: "west-farthing", + Description: "west-farthing role", + Policies: []*api.ACLRolePolicyLink{ + { + ID: "e86f0d1f-71b1-4690-bdfd-ff8c2cd4ae93", + }, + }, + NodeIdentities: []*api.ACLNodeIdentity{ + { + NodeName: "bar", + Datacenter: "middleearth-southwest", + }, + }, + }, + { + ID: "56033f2b-e1a6-4905-b71d-e011c862bc65", + Name: "ns-default", + Description: "default role", + Policies: []*api.ACLRolePolicyLink{ + { + ID: "b55dce64-f2cc-4eb5-8e5f-50e90e63c6ea", + }, + }, + ServiceIdentities: []*api.ACLServiceIdentity{ + { + ServiceName: "web", + Datacenters: []string{"middleearth-northeast"}, + }, + }, + NodeIdentities: []*api.ACLNodeIdentity{ + { + NodeName: "db", + Datacenter: "middleearth-northwest", + }, + }, + }, + }, + NamespaceDefaultPolicies: []string{"2b582ff1-4a43-457f-8a2b-30a8265e29a5"}, + NamespaceDefaultRoles: []string{"56033f2b-e1a6-4905-b71d-e011c862bc65"}, + AgentACLDefaultPolicy: "deny", + AgentACLDownPolicy: "extend-cache", + ResolvedByAgent: "server-1", + ACLToken: api.ACLToken{ + AccessorID: "fbd2447f-7479-4329-ad13-b021d74f86ba", + SecretID: "869c6e91-4de9-4dab-b56e-87548435f9c6", + Namespace: "foo", + Description: "test token", + Local: false, + AuthMethod: "bar", + AuthMethodNamespace: "baz", + CreateTime: time.Date(2020, 5, 22, 18, 52, 31, 0, time.UTC), + ExpirationTime: timeRef(time.Date(2020, 5, 22, 19, 52, 31, 0, time.UTC)), + Hash: []byte{'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h'}, + CreateIndex: 5, + ModifyIndex: 10, + Policies: []*api.ACLLink{ + { + ID: "beb04680-815b-4d7c-9e33-3d707c24672c", + Name: "hobbiton", + }, + { + ID: "18788457-584c-4812-80d3-23d403148a90", + Name: "bywater", + }, + }, + Roles: []*api.ACLLink{ + { + ID: "3b0a78fe-b9c3-40de-b8ea-7d4d6674b366", + Name: "shire", + }, + { + ID: "6c9d1e1d-34bc-4d55-80f3-add0890ad791", + Name: "west-farthing", + }, + }, + ServiceIdentities: []*api.ACLServiceIdentity{ + { + ServiceName: "gardener", + Datacenters: []string{"middleearth-northwest"}, + }, + }, + NodeIdentities: []*api.ACLNodeIdentity{ + { + NodeName: "bagend", + Datacenter: "middleearth-northwest", + }, + }, + }, + }, + }, +} + +func testFormatTokenExpanded(t *testing.T, dirPath string) { + formatters := map[string]Formatter{ + "pretty": newPrettyFormatter(false), + "pretty-meta": newPrettyFormatter(true), + // the JSON formatter ignores the showMeta + "json": newJSONFormatter(false), + } + + for name, tcase := range expandedTokenTestCases { + t.Run(name, func(t *testing.T) { + for fmtName, formatter := range formatters { + t.Run(fmtName, func(t *testing.T) { + actual, err := formatter.FormatTokenExpanded(&tcase.tokenExpanded) + require.NoError(t, err) + + gName := fmt.Sprintf("%s.%s", name, fmtName) + if tcase.overrideGoldenName != "" { + gName = tcase.overrideGoldenName + } + + expected := golden(t, path.Join(dirPath, gName), actual) + require.Equal(t, expected, actual) + }) + } + }) + } +} diff --git a/command/acl/token/read/token_read.go b/command/acl/token/read/token_read.go index 8b0616cdc..885d7d916 100644 --- a/command/acl/token/read/token_read.go +++ b/command/acl/token/read/token_read.go @@ -28,6 +28,7 @@ type cmd struct { self bool showMeta bool format string + expanded bool } func (c *cmd) init() { @@ -36,6 +37,8 @@ func (c *cmd) init() { "as the content hash and Raft indices should be shown for each entry") c.flags.BoolVar(&c.self, "self", false, "Indicates that the current HTTP token "+ "should be read by secret ID instead of expecting a -id option") + c.flags.BoolVar(&c.expanded, "expanded", false, "Indicates that the contents of the "+ + " policies and roles affecting the token should also be shown.") c.flags.StringVar(&c.tokenID, "id", "", "The Accessor ID of the token to read. "+ "It may be specified as a unique ID prefix but will error if the prefix "+ "matches multiple token Accessor IDs") @@ -69,6 +72,7 @@ func (c *cmd) Run(args []string) int { } var t *api.ACLToken + var expanded *api.ACLTokenExpanded if !c.self { tokenID, err := acl.GetTokenIDFromPartial(client, c.tokenID) if err != nil { @@ -76,7 +80,12 @@ func (c *cmd) Run(args []string) int { return 1 } - t, _, err = client.ACL().TokenRead(tokenID, nil) + if !c.expanded { + t, _, err = client.ACL().TokenRead(tokenID, nil) + } else { + expanded, _, err = client.ACL().TokenReadExpanded(tokenID, nil) + } + if err != nil { c.UI.Error(fmt.Sprintf("Error reading token %q: %v", tokenID, err)) return 1 @@ -94,7 +103,12 @@ func (c *cmd) Run(args []string) int { c.UI.Error(err.Error()) return 1 } - out, err := formatter.FormatToken(t) + var out string + if !c.expanded { + out, err = formatter.FormatToken(t) + } else { + out, err = formatter.FormatTokenExpanded(expanded) + } if err != nil { c.UI.Error(err.Error()) return 1 diff --git a/command/acl/token/testdata/FormatTokenExpanded/oss/basic.json.golden b/command/acl/token/testdata/FormatTokenExpanded/oss/basic.json.golden new file mode 100644 index 000000000..cba80e455 --- /dev/null +++ b/command/acl/token/testdata/FormatTokenExpanded/oss/basic.json.golden @@ -0,0 +1,48 @@ +{ + "ExpandedPolicies": [ + { + "ID": "beb04680-815b-4d7c-9e33-3d707c24672c", + "Name": "foo", + "Description": "user policy on token", + "Rules": "service_prefix \"\" {\n policy = \"read\"\n}", + "Datacenters": null, + "Hash": null, + "CreateIndex": 0, + "ModifyIndex": 0 + }, + { + "ID": "18788457-584c-4812-80d3-23d403148a90", + "Name": "bar", + "Description": "other user policy on token", + "Rules": "operator = \"read\"", + "Datacenters": null, + "Hash": null, + "CreateIndex": 0, + "ModifyIndex": 0 + } + ], + "ExpandedRoles": null, + "NamespaceDefaultPolicies": null, + "NamespaceDefaultRoles": null, + "AgentACLDefaultPolicy": "allow", + "AgentACLDownPolicy": "deny", + "ResolvedByAgent": "leader", + "CreateIndex": 42, + "ModifyIndex": 100, + "AccessorID": "fbd2447f-7479-4329-ad13-b021d74f86ba", + "SecretID": "869c6e91-4de9-4dab-b56e-87548435f9c6", + "Description": "test token", + "Policies": [ + { + "ID": "beb04680-815b-4d7c-9e33-3d707c24672c", + "Name": "foo" + }, + { + "ID": "18788457-584c-4812-80d3-23d403148a90", + "Name": "bar" + } + ], + "Local": false, + "CreateTime": "2020-05-22T18:52:31Z", + "Hash": "YWJjZGVmZ2g=" +} \ No newline at end of file diff --git a/command/acl/token/testdata/FormatTokenExpanded/oss/basic.pretty-meta.golden b/command/acl/token/testdata/FormatTokenExpanded/oss/basic.pretty-meta.golden new file mode 100644 index 000000000..401c8ee8a --- /dev/null +++ b/command/acl/token/testdata/FormatTokenExpanded/oss/basic.pretty-meta.golden @@ -0,0 +1,34 @@ +AccessorID: fbd2447f-7479-4329-ad13-b021d74f86ba +SecretID: 869c6e91-4de9-4dab-b56e-87548435f9c6 +Description: test token +Local: false +Create Time: 2020-05-22 18:52:31 +0000 UTC +Hash: 6162636465666768 +Create Index: 42 +Modify Index: 100 +Policies: + Policy Name: foo + ID: beb04680-815b-4d7c-9e33-3d707c24672c + Description: user policy on token + Rules: + service_prefix "" { + policy = "read" + } + + Policy Name: bar + ID: 18788457-584c-4812-80d3-23d403148a90 + Description: other user policy on token + Rules: + operator = "read" + +=== End of Authorizer Layer 0: Token === +=== Start of Authorizer Layer 2: Agent Configuration Defaults (Inherited) === +Description: Defined at request-time by the agent that resolves the ACL token; other agents may have different configuration defaults +Resolved By Agent: "leader" + +Default Policy: allow + Description: Backstop rule used if no preceding layer has a matching rule (refer to default_policy option in agent configuration) + +Down Policy: deny + Description: Defines what to do if this Token's information cannot be read from the primary_datacenter (refer to down_policy option in agent configuration) + diff --git a/command/acl/token/testdata/FormatTokenExpanded/oss/basic.pretty.golden b/command/acl/token/testdata/FormatTokenExpanded/oss/basic.pretty.golden new file mode 100644 index 000000000..73e1fb40b --- /dev/null +++ b/command/acl/token/testdata/FormatTokenExpanded/oss/basic.pretty.golden @@ -0,0 +1,31 @@ +AccessorID: fbd2447f-7479-4329-ad13-b021d74f86ba +SecretID: 869c6e91-4de9-4dab-b56e-87548435f9c6 +Description: test token +Local: false +Create Time: 2020-05-22 18:52:31 +0000 UTC +Policies: + Policy Name: foo + ID: beb04680-815b-4d7c-9e33-3d707c24672c + Description: user policy on token + Rules: + service_prefix "" { + policy = "read" + } + + Policy Name: bar + ID: 18788457-584c-4812-80d3-23d403148a90 + Description: other user policy on token + Rules: + operator = "read" + +=== End of Authorizer Layer 0: Token === +=== Start of Authorizer Layer 2: Agent Configuration Defaults (Inherited) === +Description: Defined at request-time by the agent that resolves the ACL token; other agents may have different configuration defaults +Resolved By Agent: "leader" + +Default Policy: allow + Description: Backstop rule used if no preceding layer has a matching rule (refer to default_policy option in agent configuration) + +Down Policy: deny + Description: Defines what to do if this Token's information cannot be read from the primary_datacenter (refer to down_policy option in agent configuration) + diff --git a/command/acl/token/testdata/FormatTokenExpanded/oss/complex.json.golden b/command/acl/token/testdata/FormatTokenExpanded/oss/complex.json.golden new file mode 100644 index 000000000..36931e219 --- /dev/null +++ b/command/acl/token/testdata/FormatTokenExpanded/oss/complex.json.golden @@ -0,0 +1,191 @@ +{ + "ExpandedPolicies": [ + { + "ID": "beb04680-815b-4d7c-9e33-3d707c24672c", + "Name": "hobbiton", + "Description": "user policy on token", + "Rules": "service_prefix \"\" {\n policy = \"read\"\n}", + "Datacenters": null, + "Hash": null, + "CreateIndex": 0, + "ModifyIndex": 0 + }, + { + "ID": "18788457-584c-4812-80d3-23d403148a90", + "Name": "bywater", + "Description": "other user policy on token", + "Rules": "operator = \"read\"", + "Datacenters": null, + "Hash": null, + "CreateIndex": 0, + "ModifyIndex": 0 + }, + { + "ID": "6204f4cd-4709-441c-ac1b-cb029e940263", + "Name": "shire-policy", + "Description": "policy for shire role", + "Rules": "operator = \"write\"", + "Datacenters": null, + "Hash": null, + "CreateIndex": 0, + "ModifyIndex": 0 + }, + { + "ID": "e86f0d1f-71b1-4690-bdfd-ff8c2cd4ae93", + "Name": "west-farthing-policy", + "Description": "policy for west-farthing role", + "Rules": "service \"foo\" {\n policy = \"read\"\n}", + "Datacenters": null, + "Hash": null, + "CreateIndex": 0, + "ModifyIndex": 0 + }, + { + "ID": "2b582ff1-4a43-457f-8a2b-30a8265e29a5", + "Name": "default-policy-1", + "Description": "default policy 1", + "Rules": "key \"foo\" { policy = \"write\" }", + "Datacenters": null, + "Hash": null, + "CreateIndex": 0, + "ModifyIndex": 0 + }, + { + "ID": "b55dce64-f2cc-4eb5-8e5f-50e90e63c6ea", + "Name": "default-policy-2", + "Description": "default policy 2", + "Rules": "key \"bar\" { policy = \"read\" }", + "Datacenters": null, + "Hash": null, + "CreateIndex": 0, + "ModifyIndex": 0 + } + ], + "ExpandedRoles": [ + { + "ID": "3b0a78fe-b9c3-40de-b8ea-7d4d6674b366", + "Name": "shire", + "Description": "shire role", + "Policies": [ + { + "ID": "6204f4cd-4709-441c-ac1b-cb029e940263", + "Name": "" + } + ], + "ServiceIdentities": [ + { + "ServiceName": "foo", + "Datacenters": [ + "middleearth-southwest" + ] + } + ], + "Hash": null, + "CreateIndex": 0, + "ModifyIndex": 0 + }, + { + "ID": "6c9d1e1d-34bc-4d55-80f3-add0890ad791", + "Name": "west-farthing", + "Description": "west-farthing role", + "Policies": [ + { + "ID": "e86f0d1f-71b1-4690-bdfd-ff8c2cd4ae93", + "Name": "" + } + ], + "NodeIdentities": [ + { + "NodeName": "bar", + "Datacenter": "middleearth-southwest" + } + ], + "Hash": null, + "CreateIndex": 0, + "ModifyIndex": 0 + }, + { + "ID": "56033f2b-e1a6-4905-b71d-e011c862bc65", + "Name": "ns-default", + "Description": "default role", + "Policies": [ + { + "ID": "b55dce64-f2cc-4eb5-8e5f-50e90e63c6ea", + "Name": "" + } + ], + "ServiceIdentities": [ + { + "ServiceName": "web", + "Datacenters": [ + "middleearth-northeast" + ] + } + ], + "NodeIdentities": [ + { + "NodeName": "db", + "Datacenter": "middleearth-northwest" + } + ], + "Hash": null, + "CreateIndex": 0, + "ModifyIndex": 0 + } + ], + "NamespaceDefaultPolicies": [ + "2b582ff1-4a43-457f-8a2b-30a8265e29a5" + ], + "NamespaceDefaultRoles": [ + "56033f2b-e1a6-4905-b71d-e011c862bc65" + ], + "AgentACLDefaultPolicy": "deny", + "AgentACLDownPolicy": "extend-cache", + "ResolvedByAgent": "server-1", + "CreateIndex": 5, + "ModifyIndex": 10, + "AccessorID": "fbd2447f-7479-4329-ad13-b021d74f86ba", + "SecretID": "869c6e91-4de9-4dab-b56e-87548435f9c6", + "Description": "test token", + "Policies": [ + { + "ID": "beb04680-815b-4d7c-9e33-3d707c24672c", + "Name": "hobbiton" + }, + { + "ID": "18788457-584c-4812-80d3-23d403148a90", + "Name": "bywater" + } + ], + "Roles": [ + { + "ID": "3b0a78fe-b9c3-40de-b8ea-7d4d6674b366", + "Name": "shire" + }, + { + "ID": "6c9d1e1d-34bc-4d55-80f3-add0890ad791", + "Name": "west-farthing" + } + ], + "ServiceIdentities": [ + { + "ServiceName": "gardener", + "Datacenters": [ + "middleearth-northwest" + ] + } + ], + "NodeIdentities": [ + { + "NodeName": "bagend", + "Datacenter": "middleearth-northwest" + } + ], + "Local": false, + "AuthMethod": "bar", + "ExpirationTime": "2020-05-22T19:52:31Z", + "CreateTime": "2020-05-22T18:52:31Z", + "Hash": "YWJjZGVmZ2g=", + "Namespace": "foo", + "AuthMethodNamespace": "baz" +} \ No newline at end of file diff --git a/command/acl/token/testdata/FormatTokenExpanded/oss/complex.pretty-meta.golden b/command/acl/token/testdata/FormatTokenExpanded/oss/complex.pretty-meta.golden new file mode 100644 index 000000000..bc8033edf --- /dev/null +++ b/command/acl/token/testdata/FormatTokenExpanded/oss/complex.pretty-meta.golden @@ -0,0 +1,166 @@ +AccessorID: fbd2447f-7479-4329-ad13-b021d74f86ba +SecretID: 869c6e91-4de9-4dab-b56e-87548435f9c6 +Namespace: foo +Description: test token +Local: false +Auth Method: bar (Namespace: baz) +Create Time: 2020-05-22 18:52:31 +0000 UTC +Expiration Time: 2020-05-22 19:52:31 +0000 UTC +Hash: 6162636465666768 +Create Index: 5 +Modify Index: 10 +Policies: + Policy Name: hobbiton + ID: beb04680-815b-4d7c-9e33-3d707c24672c + Description: user policy on token + Rules: + service_prefix "" { + policy = "read" + } + + Policy Name: bywater + ID: 18788457-584c-4812-80d3-23d403148a90 + Description: other user policy on token + Rules: + operator = "read" + +Service Identities: + Name: gardener (Datacenters: middleearth-northwest) + Description: synthetic policy for service identity "gardener" + Rules: + service "gardener" { + policy = "write" + } + service "gardener-sidecar-proxy" { + policy = "write" + } + service_prefix "" { + policy = "read" + } + node_prefix "" { + policy = "read" + } + +Node Identities: + Name: bagend (Datacenter: middleearth-northwest) + Description: synthetic policy for node identity "bagend" + Rules: + node "bagend" { + policy = "write" + } + service_prefix "" { + policy = "read" + } + +Roles: + Role Name: shire + ID: 3b0a78fe-b9c3-40de-b8ea-7d4d6674b366 + Description: shire role + Policies: + Policy Name: shire-policy + ID: 6204f4cd-4709-441c-ac1b-cb029e940263 + Description: policy for shire role + Rules: + operator = "write" + + Service Identities: + Name: foo (Datacenters: middleearth-southwest) + Description: synthetic policy for service identity "foo" + Rules: + service "foo" { + policy = "write" + } + service "foo-sidecar-proxy" { + policy = "write" + } + service_prefix "" { + policy = "read" + } + node_prefix "" { + policy = "read" + } + + Role Name: west-farthing + ID: 6c9d1e1d-34bc-4d55-80f3-add0890ad791 + Description: west-farthing role + Policies: + Policy Name: west-farthing-policy + ID: e86f0d1f-71b1-4690-bdfd-ff8c2cd4ae93 + Description: policy for west-farthing role + Rules: + service "foo" { + policy = "read" + } + + Node Identities: + Name: bar (Datacenter: middleearth-southwest) + Description: synthetic policy for node identity "bar" + Rules: + node "bar" { + policy = "write" + } + service_prefix "" { + policy = "read" + } + +=== End of Authorizer Layer 0: Token === +=== Start of Authorizer Layer 1: Token Namespace’s Defaults (Inherited) === +Description: ACL Roles inherited by all Tokens in Namespace "foo" + +Namespace Policy Defaults: + Policy Name: default-policy-1 + ID: 2b582ff1-4a43-457f-8a2b-30a8265e29a5 + Description: default policy 1 + Rules: + key "foo" { policy = "write" } + +Namespace Role Defaults: + Role Name: ns-default + ID: 56033f2b-e1a6-4905-b71d-e011c862bc65 + Description: default role + Policies: + Policy Name: default-policy-2 + ID: b55dce64-f2cc-4eb5-8e5f-50e90e63c6ea + Description: default policy 2 + Rules: + key "bar" { policy = "read" } + + Service Identities: + Name: web (Datacenters: middleearth-northeast) + Description: synthetic policy for service identity "web" + Rules: + service "web" { + policy = "write" + } + service "web-sidecar-proxy" { + policy = "write" + } + service_prefix "" { + policy = "read" + } + node_prefix "" { + policy = "read" + } + + Node Identities: + Name: db (Datacenter: middleearth-northwest) + Description: synthetic policy for node identity "db" + Rules: + node "db" { + policy = "write" + } + service_prefix "" { + policy = "read" + } + +=== End of Authorizer Layer 1: Token Namespace’s Defaults (Inherited) === +=== Start of Authorizer Layer 2: Agent Configuration Defaults (Inherited) === +Description: Defined at request-time by the agent that resolves the ACL token; other agents may have different configuration defaults +Resolved By Agent: "server-1" + +Default Policy: deny + Description: Backstop rule used if no preceding layer has a matching rule (refer to default_policy option in agent configuration) + +Down Policy: extend-cache + Description: Defines what to do if this Token's information cannot be read from the primary_datacenter (refer to down_policy option in agent configuration) + diff --git a/command/acl/token/testdata/FormatTokenExpanded/oss/complex.pretty.golden b/command/acl/token/testdata/FormatTokenExpanded/oss/complex.pretty.golden new file mode 100644 index 000000000..215cf8b7a --- /dev/null +++ b/command/acl/token/testdata/FormatTokenExpanded/oss/complex.pretty.golden @@ -0,0 +1,163 @@ +AccessorID: fbd2447f-7479-4329-ad13-b021d74f86ba +SecretID: 869c6e91-4de9-4dab-b56e-87548435f9c6 +Namespace: foo +Description: test token +Local: false +Auth Method: bar (Namespace: baz) +Create Time: 2020-05-22 18:52:31 +0000 UTC +Expiration Time: 2020-05-22 19:52:31 +0000 UTC +Policies: + Policy Name: hobbiton + ID: beb04680-815b-4d7c-9e33-3d707c24672c + Description: user policy on token + Rules: + service_prefix "" { + policy = "read" + } + + Policy Name: bywater + ID: 18788457-584c-4812-80d3-23d403148a90 + Description: other user policy on token + Rules: + operator = "read" + +Service Identities: + Name: gardener (Datacenters: middleearth-northwest) + Description: synthetic policy for service identity "gardener" + Rules: + service "gardener" { + policy = "write" + } + service "gardener-sidecar-proxy" { + policy = "write" + } + service_prefix "" { + policy = "read" + } + node_prefix "" { + policy = "read" + } + +Node Identities: + Name: bagend (Datacenter: middleearth-northwest) + Description: synthetic policy for node identity "bagend" + Rules: + node "bagend" { + policy = "write" + } + service_prefix "" { + policy = "read" + } + +Roles: + Role Name: shire + ID: 3b0a78fe-b9c3-40de-b8ea-7d4d6674b366 + Description: shire role + Policies: + Policy Name: shire-policy + ID: 6204f4cd-4709-441c-ac1b-cb029e940263 + Description: policy for shire role + Rules: + operator = "write" + + Service Identities: + Name: foo (Datacenters: middleearth-southwest) + Description: synthetic policy for service identity "foo" + Rules: + service "foo" { + policy = "write" + } + service "foo-sidecar-proxy" { + policy = "write" + } + service_prefix "" { + policy = "read" + } + node_prefix "" { + policy = "read" + } + + Role Name: west-farthing + ID: 6c9d1e1d-34bc-4d55-80f3-add0890ad791 + Description: west-farthing role + Policies: + Policy Name: west-farthing-policy + ID: e86f0d1f-71b1-4690-bdfd-ff8c2cd4ae93 + Description: policy for west-farthing role + Rules: + service "foo" { + policy = "read" + } + + Node Identities: + Name: bar (Datacenter: middleearth-southwest) + Description: synthetic policy for node identity "bar" + Rules: + node "bar" { + policy = "write" + } + service_prefix "" { + policy = "read" + } + +=== End of Authorizer Layer 0: Token === +=== Start of Authorizer Layer 1: Token Namespace’s Defaults (Inherited) === +Description: ACL Roles inherited by all Tokens in Namespace "foo" + +Namespace Policy Defaults: + Policy Name: default-policy-1 + ID: 2b582ff1-4a43-457f-8a2b-30a8265e29a5 + Description: default policy 1 + Rules: + key "foo" { policy = "write" } + +Namespace Role Defaults: + Role Name: ns-default + ID: 56033f2b-e1a6-4905-b71d-e011c862bc65 + Description: default role + Policies: + Policy Name: default-policy-2 + ID: b55dce64-f2cc-4eb5-8e5f-50e90e63c6ea + Description: default policy 2 + Rules: + key "bar" { policy = "read" } + + Service Identities: + Name: web (Datacenters: middleearth-northeast) + Description: synthetic policy for service identity "web" + Rules: + service "web" { + policy = "write" + } + service "web-sidecar-proxy" { + policy = "write" + } + service_prefix "" { + policy = "read" + } + node_prefix "" { + policy = "read" + } + + Node Identities: + Name: db (Datacenter: middleearth-northwest) + Description: synthetic policy for node identity "db" + Rules: + node "db" { + policy = "write" + } + service_prefix "" { + policy = "read" + } + +=== End of Authorizer Layer 1: Token Namespace’s Defaults (Inherited) === +=== Start of Authorizer Layer 2: Agent Configuration Defaults (Inherited) === +Description: Defined at request-time by the agent that resolves the ACL token; other agents may have different configuration defaults +Resolved By Agent: "server-1" + +Default Policy: deny + Description: Backstop rule used if no preceding layer has a matching rule (refer to default_policy option in agent configuration) + +Down Policy: extend-cache + Description: Defines what to do if this Token's information cannot be read from the primary_datacenter (refer to down_policy option in agent configuration) + From 9daed50c3d6d0524b97481210b3d7911c51f62f5 Mon Sep 17 00:00:00 2001 From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com> Date: Thu, 31 Mar 2022 13:49:42 -0500 Subject: [PATCH 053/785] build: run mog separately after the protobufs are generated (#12665) Also ensure that we run mog serially on each package in dependency order. --- GNUmakefile | 23 +++++++++++++++++++---- build-support/scripts/proto-gen.sh | 13 ++----------- 2 files changed, 21 insertions(+), 15 deletions(-) diff --git a/GNUmakefile b/GNUmakefile index 873d1ad60..ecd0e8e38 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -22,7 +22,7 @@ GOPROTOTOOLS = \ github.com/golang/protobuf/protoc-gen-go@$(GOPROTOVERSION) \ github.com/hashicorp/protoc-gen-go-binary@master \ github.com/favadi/protoc-go-inject-tag@v1.3.0 \ - github.com/hashicorp/mog@v0.1.2 + github.com/hashicorp/mog@v0.2.0 GOTAGS ?= GOPATH=$(shell go env GOPATH) @@ -41,6 +41,7 @@ GOLDFLAGS=-X $(GIT_IMPORT).GitCommit=$(GIT_COMMIT)$(GIT_DIRTY) PROTOFILES?=$(shell find . -name '*.proto' | grep -v 'vendor/' | grep -v '.protobuf' ) PROTOGOFILES=$(PROTOFILES:.proto=.pb.go) PROTOGOBINFILES=$(PROTOFILES:.proto=.pb.binary.go) +PROTO_MOG_ORDER=$(shell go list -tags '$(GOTAGS)' -deps ./proto/pb... | grep "consul/proto") ifeq ($(FORCE_REBUILD),1) NOCACHE=--no-cache @@ -372,7 +373,21 @@ protoc-install: chmod +x $(PROTOC_ROOT)/bin/protoc ; \ fi -proto: protoc-install $(PROTOGOFILES) $(PROTOGOBINFILES) +.PHONY: proto +proto: -protoc-files -mog-files + +.PHONY: -mog-files +-mog-files: + @for FULL_PKG in $(PROTO_MOG_ORDER); do \ + PKG="$${FULL_PKG/#github.com\/hashicorp\/consul\//.\/}" ; \ + find "$$PKG" -name '*.gen.go' -delete ; \ + echo "mog -tags '$(GOTAGS)' -source \"$${PKG}/*.pb.go\"" ; \ + mog -tags '$(GOTAGS)' -source "$${PKG}/*.pb.go" ; \ + done + @echo "Generated all mog Go files" + +.PHONY: -protoc-files +-protoc-files: protoc-install $(PROTOGOFILES) $(PROTOGOBINFILES) @echo "Generated all protobuf Go files" %.pb.go %.pb.binary.go: %.proto @@ -403,6 +418,6 @@ envoy-regen: @find "command/connect/envoy/testdata" -name '*.golden' -delete @go test -tags '$(GOTAGS)' ./command/connect/envoy -update -.PHONY: all bin dev dist cov test test-internal cover lint ui static-assets tools proto-tools protoc-check +.PHONY: all bin dev dist cov test test-internal cover lint ui static-assets tools proto-tools .PHONY: docker-images go-build-image ui-build-image static-assets-docker consul-docker ui-docker -.PHONY: version proto test-envoy-integ +.PHONY: version test-envoy-integ diff --git a/build-support/scripts/proto-gen.sh b/build-support/scripts/proto-gen.sh index eff35b09a..693a29de1 100755 --- a/build-support/scripts/proto-gen.sh +++ b/build-support/scripts/proto-gen.sh @@ -88,7 +88,6 @@ function main { local proto_go_path=${proto_path%%.proto}.pb.go local proto_go_bin_path=${proto_path%%.proto}.pb.binary.go local proto_go_rpcglue_path=${proto_path%%.proto}.rpcglue.pb.go - local mog_input_path="$(dirname "${proto_path}")" local go_proto_out="paths=source_relative" if is_set "${grpc}" @@ -101,14 +100,14 @@ function main { go_proto_out="${go_proto_out}:" fi - rm -f "${proto_go_path}" ${proto_go_bin_path}" ${proto_go_rpcglue_path}" "${mog_input_path}/*.gen.go" + rm -f "${proto_go_path}" ${proto_go_bin_path}" ${proto_go_rpcglue_path}" # How we run protoc probably needs some documentation. # # This is the path to where # -I="${golang_proto_path}/protobuf" \ local -i ret=0 - status_stage "Generating ${proto_path} into ${proto_go_path} and ${proto_go_bin_path} ${mog_input_path}/*.gen.go" + status_stage "Generating ${proto_path} into ${proto_go_path} and ${proto_go_bin_path}" echo "debug_run ${protoc_bin} \ -I=\"${golang_proto_path}\" \ -I=\"${golang_proto_mod_path}\" \ @@ -139,14 +138,6 @@ function main { return 1 fi - debug_run mog -source ./${mog_input_path} -tags ${GOTAGS} -ignore-package-load-errors - - if test $? -ne 0 - then - err "Failed to generate mog outputs from ${mog_input_path}" - return 1 - fi - BUILD_TAGS=$(head -n 2 "${proto_path}" | grep '^//go:build\|// +build') if test -n "${BUILD_TAGS}" then From 8552efa955c35842fd3e02d51e0934618e50c664 Mon Sep 17 00:00:00 2001 From: Dhia Ayachi Date: Thu, 31 Mar 2022 15:11:49 -0400 Subject: [PATCH 054/785] auto-reload configuration when config files change (#12329) * add config watcher to the config package * add logging to watcher * add test and refactor to add WatcherEvent. * add all API calls and fix a bug with recreated files * add tests for watcher * remove the unnecessary use of context * Add debug log and a test for file rename * use inode to detect if the file is recreated/replaced and only listen to create events. * tidy ups (#1535) * tidy ups * Add tests for inode reconcile * fix linux vs windows syscall * fix linux vs windows syscall * fix windows compile error * increase timeout * use ctime ID * remove remove/creation test as it's a use case that fail in linux * fix linux/windows to use Ino/CreationTime * fix the watcher to only overwrite current file id * fix linter error * fix remove/create test * set reconcile loop to 200 Milliseconds * fix watcher to not trigger event on remove, add more tests * on a remove event try to add the file back to the watcher and trigger the handler if success * fix race condition * fix flaky test * fix race conditions * set level to info * fix when file is removed and get an event for it after * fix to trigger handler when we get a remove but re-add fail * fix error message * add tests for directory watch and fixes * detect if a file is a symlink and return an error on Add * rename Watcher to FileWatcher and remove symlink deref * add fsnotify@v1.5.1 * fix go mod * do not reset timer on errors, rename OS specific files * rename New func * events trigger on write and rename * add missing test * fix flaking tests * fix flaky test * check reconcile when removed * delete invalid file * fix test to create files with different mod time. * back date file instead of sleeping * add watching file in agent command. * fix watcher call to use new API * add configuration and stop watcher when server stop * add certs as watched files * move FileWatcher to the agent start instead of the command code * stop watcher before replacing it * save watched files in agent * add add and remove interfaces to the file watcher * fix remove to not return an error * use `Add` and `Remove` to update certs files * fix tests * close events channel on the file watcher even when the context is done * extract `NotAutoReloadableRuntimeConfig` is a separate struct * fix linter errors * add Ca configs and outgoing verify to the not auto reloadable config * add some logs and fix to use background context * add tests to auto-config reload * remove stale test * add tests to changes to config files * add check to see if old cert files still trigger updates * rename `NotAutoReloadableRuntimeConfig` to `StaticRuntimeConfig` * fix to re add both key and cert file. Add test to cover this case. * review suggestion Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> * add check to static runtime config changes * fix test * add changelog file * fix review comments * Apply suggestions from code review Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> * update flag description Co-authored-by: FFMMM * fix compilation error * add static runtime config support * fix test * fix review comments * fix log test * Update .changelog/12329.txt Co-authored-by: Dan Upton * transfer tests to runtime_test.go * fix filewatcher Replace to not deadlock. * avoid having lingering locks Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> * split ReloadConfig func * fix warning message Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> * convert `FileWatcher` into an interface * fix compilation errors * fix tests * extract func for adding and removing files Co-authored-by: Ashwin Venkatesh Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> Co-authored-by: FFMMM Co-authored-by: Daniel Upton --- .changelog/12329.txt | 3 + agent/agent.go | 117 +++++- agent/agent_test.go | 394 +++++++++++++++++- agent/config/builder.go | 13 +- agent/config/config.go | 1 + agent/config/file_watcher.go | 122 ++++-- agent/config/file_watcher_test.go | 103 ++++- agent/config/flags.go | 1 + agent/config/runtime.go | 35 +- agent/config/runtime_test.go | 54 ++- .../TestRuntimeConfig_Sanitize.golden | 7 +- agent/local/state.go | 4 +- agent/setup.go | 3 +- agent/structs/acl.go | 15 +- agent/structs/config_entry_intentions.go | 4 +- agent/structs/connect_ca.go | 4 +- agent/testagent.go | 14 +- command/agent/agent.go | 1 - lib/stringslice/stringslice.go | 9 + 19 files changed, 781 insertions(+), 123 deletions(-) create mode 100644 .changelog/12329.txt diff --git a/.changelog/12329.txt b/.changelog/12329.txt new file mode 100644 index 000000000..4960a9bfd --- /dev/null +++ b/.changelog/12329.txt @@ -0,0 +1,3 @@ +```release-note:feature +config: automatically reload config when a file changes using the `auto-reload-config` CLI flag or `auto_reload_config` config option. +``` diff --git a/agent/agent.go b/agent/agent.go index e103629c2..fef53c0f2 100644 --- a/agent/agent.go +++ b/agent/agent.go @@ -11,6 +11,7 @@ import ( "net/http" "os" "path/filepath" + "reflect" "regexp" "strconv" "strings" @@ -360,6 +361,10 @@ type Agent struct { // run by the Agent routineManager *routine.Manager + // FileWatcher is the watcher responsible to report events when a config file + // changed + FileWatcher config.Watcher + // xdsServer serves the XDS protocol for configuring Envoy proxies. xdsServer *xds.Server @@ -443,6 +448,21 @@ func New(bd BaseDeps) (*Agent, error) { // TODO: pass in a fully populated apiServers into Agent.New a.apiServers = NewAPIServers(a.logger) + for _, f := range []struct { + Cfg tlsutil.ProtocolConfig + }{ + {a.baseDeps.RuntimeConfig.TLS.InternalRPC}, + {a.baseDeps.RuntimeConfig.TLS.GRPC}, + {a.baseDeps.RuntimeConfig.TLS.HTTPS}, + } { + if f.Cfg.KeyFile != "" { + a.baseDeps.WatchedFiles = append(a.baseDeps.WatchedFiles, f.Cfg.KeyFile) + } + if f.Cfg.CertFile != "" { + a.baseDeps.WatchedFiles = append(a.baseDeps.WatchedFiles, f.Cfg.CertFile) + } + } + return &a, nil } @@ -692,6 +712,26 @@ func (a *Agent) Start(ctx context.Context) error { {Name: "pre_release", Value: a.config.VersionPrerelease}, }) + // start a go routine to reload config based on file watcher events + if a.baseDeps.RuntimeConfig.AutoReloadConfig && len(a.baseDeps.WatchedFiles) > 0 { + w, err := config.NewFileWatcher(a.baseDeps.WatchedFiles, a.baseDeps.Logger) + if err != nil { + a.baseDeps.Logger.Error("error loading config", "error", err) + } else { + a.FileWatcher = w + a.baseDeps.Logger.Debug("starting file watcher") + a.FileWatcher.Start(context.Background()) + go func() { + for event := range a.FileWatcher.EventsCh() { + a.baseDeps.Logger.Debug("auto-reload config triggered", "event-file", event.Filename) + err := a.AutoReloadConfig() + if err != nil { + a.baseDeps.Logger.Error("error loading config", "error", err) + } + } + }() + } + } return nil } @@ -1084,8 +1124,8 @@ func newConsulConfig(runtimeCfg *config.RuntimeConfig, logger hclog.Logger) (*co cfg.SerfWANConfig.MemberlistConfig.CIDRsAllowed = runtimeCfg.SerfAllowedCIDRsWAN cfg.SerfLANConfig.MemberlistConfig.AdvertiseAddr = runtimeCfg.SerfAdvertiseAddrLAN.IP.String() cfg.SerfLANConfig.MemberlistConfig.AdvertisePort = runtimeCfg.SerfAdvertiseAddrLAN.Port - cfg.SerfLANConfig.MemberlistConfig.GossipVerifyIncoming = runtimeCfg.EncryptVerifyIncoming - cfg.SerfLANConfig.MemberlistConfig.GossipVerifyOutgoing = runtimeCfg.EncryptVerifyOutgoing + cfg.SerfLANConfig.MemberlistConfig.GossipVerifyIncoming = runtimeCfg.StaticRuntimeConfig.EncryptVerifyIncoming + cfg.SerfLANConfig.MemberlistConfig.GossipVerifyOutgoing = runtimeCfg.StaticRuntimeConfig.EncryptVerifyOutgoing cfg.SerfLANConfig.MemberlistConfig.GossipInterval = runtimeCfg.GossipLANGossipInterval cfg.SerfLANConfig.MemberlistConfig.GossipNodes = runtimeCfg.GossipLANGossipNodes cfg.SerfLANConfig.MemberlistConfig.ProbeInterval = runtimeCfg.GossipLANProbeInterval @@ -1101,8 +1141,8 @@ func newConsulConfig(runtimeCfg *config.RuntimeConfig, logger hclog.Logger) (*co cfg.SerfWANConfig.MemberlistConfig.BindPort = runtimeCfg.SerfBindAddrWAN.Port cfg.SerfWANConfig.MemberlistConfig.AdvertiseAddr = runtimeCfg.SerfAdvertiseAddrWAN.IP.String() cfg.SerfWANConfig.MemberlistConfig.AdvertisePort = runtimeCfg.SerfAdvertiseAddrWAN.Port - cfg.SerfWANConfig.MemberlistConfig.GossipVerifyIncoming = runtimeCfg.EncryptVerifyIncoming - cfg.SerfWANConfig.MemberlistConfig.GossipVerifyOutgoing = runtimeCfg.EncryptVerifyOutgoing + cfg.SerfWANConfig.MemberlistConfig.GossipVerifyIncoming = runtimeCfg.StaticRuntimeConfig.EncryptVerifyIncoming + cfg.SerfWANConfig.MemberlistConfig.GossipVerifyOutgoing = runtimeCfg.StaticRuntimeConfig.EncryptVerifyOutgoing cfg.SerfWANConfig.MemberlistConfig.GossipInterval = runtimeCfg.GossipWANGossipInterval cfg.SerfWANConfig.MemberlistConfig.GossipNodes = runtimeCfg.GossipWANGossipNodes cfg.SerfWANConfig.MemberlistConfig.ProbeInterval = runtimeCfg.GossipWANProbeInterval @@ -1294,11 +1334,11 @@ func segmentConfig(config *config.RuntimeConfig) ([]consul.NetworkSegment, error if config.ReconnectTimeoutLAN != 0 { serfConf.ReconnectTimeout = config.ReconnectTimeoutLAN } - if config.EncryptVerifyIncoming { - serfConf.MemberlistConfig.GossipVerifyIncoming = config.EncryptVerifyIncoming + if config.StaticRuntimeConfig.EncryptVerifyIncoming { + serfConf.MemberlistConfig.GossipVerifyIncoming = config.StaticRuntimeConfig.EncryptVerifyIncoming } - if config.EncryptVerifyOutgoing { - serfConf.MemberlistConfig.GossipVerifyOutgoing = config.EncryptVerifyOutgoing + if config.StaticRuntimeConfig.EncryptVerifyOutgoing { + serfConf.MemberlistConfig.GossipVerifyOutgoing = config.StaticRuntimeConfig.EncryptVerifyOutgoing } var rpcAddr *net.TCPAddr @@ -1372,6 +1412,11 @@ func (a *Agent) ShutdownAgent() error { // Stop the watches to avoid any notification/state change during shutdown a.stopAllWatches() + // Stop config file watcher + if a.FileWatcher != nil { + a.FileWatcher.Stop() + } + a.stopLicenseManager() // this would be cancelled anyways (by the closing of the shutdown ch) but @@ -3694,10 +3739,18 @@ func (a *Agent) DisableNodeMaintenance() { a.logger.Info("Node left maintenance mode") } +func (a *Agent) AutoReloadConfig() error { + return a.reloadConfig(true) +} + +func (a *Agent) ReloadConfig() error { + return a.reloadConfig(false) +} + // ReloadConfig will atomically reload all configuration, including // all services, checks, tokens, metadata, dnsServer configs, etc. // It will also reload all ongoing watches. -func (a *Agent) ReloadConfig() error { +func (a *Agent) reloadConfig(autoReload bool) error { newCfg, err := a.baseDeps.AutoConfig.ReadConfig() if err != nil { return err @@ -3708,6 +3761,39 @@ func (a *Agent) ReloadConfig() error { // breaking some existing behavior. newCfg.NodeID = a.config.NodeID + //if auto reload is enabled, make sure we have the right certs file watched. + if autoReload { + for _, f := range []struct { + oldCfg tlsutil.ProtocolConfig + newCfg tlsutil.ProtocolConfig + }{ + {a.config.TLS.InternalRPC, newCfg.TLS.InternalRPC}, + {a.config.TLS.GRPC, newCfg.TLS.GRPC}, + {a.config.TLS.HTTPS, newCfg.TLS.HTTPS}, + } { + if f.oldCfg.KeyFile != f.newCfg.KeyFile { + a.FileWatcher.Replace(f.oldCfg.KeyFile, f.newCfg.KeyFile) + if err != nil { + return err + } + } + if f.oldCfg.CertFile != f.newCfg.CertFile { + a.FileWatcher.Replace(f.oldCfg.CertFile, f.newCfg.CertFile) + if err != nil { + return err + } + } + if revertStaticConfig(f.oldCfg, f.newCfg) { + a.logger.Warn("Changes to your configuration were detected that for security reasons cannot be automatically applied by 'auto_reload_config'. Manually reload your configuration (e.g. with 'consul reload') to apply these changes.", "StaticRuntimeConfig", f.oldCfg, "StaticRuntimeConfig From file", f.newCfg) + } + } + if !reflect.DeepEqual(newCfg.StaticRuntimeConfig, a.config.StaticRuntimeConfig) { + a.logger.Warn("Changes to your configuration were detected that for security reasons cannot be automatically applied by 'auto_reload_config'. Manually reload your configuration (e.g. with 'consul reload') to apply these changes.", "StaticRuntimeConfig", a.config.StaticRuntimeConfig, "StaticRuntimeConfig From file", newCfg.StaticRuntimeConfig) + // reset not reloadable fields + newCfg.StaticRuntimeConfig = a.config.StaticRuntimeConfig + } + } + // DEPRECATED: Warn users on reload if they're emitting deprecated metrics. Remove this warning and the flagged // metrics in a future release of Consul. if !a.config.Telemetry.DisableCompatOneNine { @@ -3717,6 +3803,19 @@ func (a *Agent) ReloadConfig() error { return a.reloadConfigInternal(newCfg) } +func revertStaticConfig(oldCfg tlsutil.ProtocolConfig, newCfg tlsutil.ProtocolConfig) bool { + newNewCfg := oldCfg + newNewCfg.CertFile = newCfg.CertFile + newNewCfg.KeyFile = newCfg.KeyFile + newOldcfg := newCfg + newOldcfg.CertFile = oldCfg.CertFile + newOldcfg.KeyFile = oldCfg.KeyFile + if !reflect.DeepEqual(newOldcfg, oldCfg) { + return true + } + return false +} + // reloadConfigInternal is mainly needed for some unit tests. Instead of parsing // the configuration using CLI flags and on disk config, this just takes a // runtime configuration and applies it. diff --git a/agent/agent_test.go b/agent/agent_test.go index 25708ace6..43d9bd31d 100644 --- a/agent/agent_test.go +++ b/agent/agent_test.go @@ -5328,9 +5328,395 @@ func uniqueAddrs(srvs []apiServer) map[string]struct{} { return result } -func runStep(t *testing.T, name string, fn func(t *testing.T)) { - t.Helper() - if !t.Run(name, fn) { - t.FailNow() +func TestAgent_AutoReloadDoReload_WhenCertAndKeyUpdated(t *testing.T) { + if testing.Short() { + t.Skip("too slow for testing.Short") } + + certsDir := testutil.TempDir(t, "auto-config") + + // write some test TLS certificates out to the cfg dir + serverName := "server.dc1.consul" + signer, _, err := tlsutil.GeneratePrivateKey() + require.NoError(t, err) + + ca, _, err := tlsutil.GenerateCA(tlsutil.CAOpts{Signer: signer}) + require.NoError(t, err) + + cert, privateKey, err := tlsutil.GenerateCert(tlsutil.CertOpts{ + Signer: signer, + CA: ca, + Name: "Test Cert Name", + Days: 365, + DNSNames: []string{serverName}, + ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth}, + }) + require.NoError(t, err) + + certFile := filepath.Join(certsDir, "cert.pem") + caFile := filepath.Join(certsDir, "cacert.pem") + keyFile := filepath.Join(certsDir, "key.pem") + + require.NoError(t, ioutil.WriteFile(certFile, []byte(cert), 0600)) + require.NoError(t, ioutil.WriteFile(caFile, []byte(ca), 0600)) + require.NoError(t, ioutil.WriteFile(keyFile, []byte(privateKey), 0600)) + + // generate a gossip key + gossipKey := make([]byte, 32) + n, err := rand.Read(gossipKey) + require.NoError(t, err) + require.Equal(t, 32, n) + gossipKeyEncoded := base64.StdEncoding.EncodeToString(gossipKey) + + hclConfig := TestACLConfigWithParams(nil) + ` + encrypt = "` + gossipKeyEncoded + `" + encrypt_verify_incoming = true + encrypt_verify_outgoing = true + verify_incoming = true + verify_outgoing = true + verify_server_hostname = true + ca_file = "` + caFile + `" + cert_file = "` + certFile + `" + key_file = "` + keyFile + `" + connect { enabled = true } + auto_reload_config = true + ` + + srv := StartTestAgent(t, TestAgent{Name: "TestAgent-Server", HCL: hclConfig}) + defer srv.Shutdown() + + testrpc.WaitForTestAgent(t, srv.RPC, "dc1", testrpc.WithToken(TestDefaultInitialManagementToken)) + + aeCert := srv.tlsConfigurator.Cert() + require.NotNil(t, aeCert) + + cert2, privateKey2, err := tlsutil.GenerateCert(tlsutil.CertOpts{ + Signer: signer, + CA: ca, + Name: "Test Cert Name", + Days: 365, + DNSNames: []string{serverName}, + ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth}, + }) + require.NoError(t, err) + require.NoError(t, ioutil.WriteFile(certFile, []byte(cert2), 0600)) + require.NoError(t, ioutil.WriteFile(keyFile, []byte(privateKey2), 0600)) + + retry.Run(t, func(r *retry.R) { + aeCert2 := srv.tlsConfigurator.Cert() + require.NotEqual(r, aeCert.Certificate, aeCert2.Certificate) + }) + +} + +func TestAgent_AutoReloadDoNotReload_WhenCaUpdated(t *testing.T) { + if testing.Short() { + t.Skip("too slow for testing.Short") + } + + certsDir := testutil.TempDir(t, "auto-config") + + // write some test TLS certificates out to the cfg dir + serverName := "server.dc1.consul" + signer, _, err := tlsutil.GeneratePrivateKey() + require.NoError(t, err) + + ca, _, err := tlsutil.GenerateCA(tlsutil.CAOpts{Signer: signer}) + require.NoError(t, err) + + cert, privateKey, err := tlsutil.GenerateCert(tlsutil.CertOpts{ + Signer: signer, + CA: ca, + Name: "Test Cert Name", + Days: 365, + DNSNames: []string{serverName}, + ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth}, + }) + require.NoError(t, err) + + certFile := filepath.Join(certsDir, "cert.pem") + caFile := filepath.Join(certsDir, "cacert.pem") + keyFile := filepath.Join(certsDir, "key.pem") + + require.NoError(t, ioutil.WriteFile(certFile, []byte(cert), 0600)) + require.NoError(t, ioutil.WriteFile(caFile, []byte(ca), 0600)) + require.NoError(t, ioutil.WriteFile(keyFile, []byte(privateKey), 0600)) + + // generate a gossip key + gossipKey := make([]byte, 32) + n, err := rand.Read(gossipKey) + require.NoError(t, err) + require.Equal(t, 32, n) + gossipKeyEncoded := base64.StdEncoding.EncodeToString(gossipKey) + + hclConfig := TestACLConfigWithParams(nil) + ` + encrypt = "` + gossipKeyEncoded + `" + encrypt_verify_incoming = true + encrypt_verify_outgoing = true + verify_incoming = true + verify_outgoing = true + verify_server_hostname = true + ca_file = "` + caFile + `" + cert_file = "` + certFile + `" + key_file = "` + keyFile + `" + connect { enabled = true } + auto_reload_config = true + ` + + srv := StartTestAgent(t, TestAgent{Name: "TestAgent-Server", HCL: hclConfig}) + defer srv.Shutdown() + + testrpc.WaitForTestAgent(t, srv.RPC, "dc1", testrpc.WithToken(TestDefaultInitialManagementToken)) + + aeCA := srv.tlsConfigurator.ManualCAPems() + require.NotNil(t, aeCA) + + ca2, _, err := tlsutil.GenerateCA(tlsutil.CAOpts{Signer: signer}) + require.NoError(t, err) + require.NoError(t, ioutil.WriteFile(caFile, []byte(ca2), 0600)) + + // wait a bit to see if it get updated. + time.Sleep(time.Second) + + aeCA2 := srv.tlsConfigurator.ManualCAPems() + require.NotNil(t, aeCA2) + require.Equal(t, aeCA, aeCA2) +} + +func TestAgent_AutoReloadDoReload_WhenCertThenKeyUpdated(t *testing.T) { + if testing.Short() { + t.Skip("too slow for testing.Short") + } + + certsDir := testutil.TempDir(t, "auto-config") + + // write some test TLS certificates out to the cfg dir + serverName := "server.dc1.consul" + signer, _, err := tlsutil.GeneratePrivateKey() + require.NoError(t, err) + + ca, _, err := tlsutil.GenerateCA(tlsutil.CAOpts{Signer: signer}) + require.NoError(t, err) + + cert, privateKey, err := tlsutil.GenerateCert(tlsutil.CertOpts{ + Signer: signer, + CA: ca, + Name: "Test Cert Name", + Days: 365, + DNSNames: []string{serverName}, + ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth}, + }) + require.NoError(t, err) + + certFile := filepath.Join(certsDir, "cert.pem") + caFile := filepath.Join(certsDir, "cacert.pem") + keyFile := filepath.Join(certsDir, "key.pem") + + require.NoError(t, ioutil.WriteFile(certFile, []byte(cert), 0600)) + require.NoError(t, ioutil.WriteFile(caFile, []byte(ca), 0600)) + require.NoError(t, ioutil.WriteFile(keyFile, []byte(privateKey), 0600)) + + // generate a gossip key + gossipKey := make([]byte, 32) + n, err := rand.Read(gossipKey) + require.NoError(t, err) + require.Equal(t, 32, n) + gossipKeyEncoded := base64.StdEncoding.EncodeToString(gossipKey) + + hclConfig := TestACLConfigWithParams(nil) + + configFile := testutil.TempDir(t, "config") + "/config.hcl" + require.NoError(t, ioutil.WriteFile(configFile, []byte(` + encrypt = "`+gossipKeyEncoded+`" + encrypt_verify_incoming = true + encrypt_verify_outgoing = true + verify_incoming = true + verify_outgoing = true + verify_server_hostname = true + ca_file = "`+caFile+`" + cert_file = "`+certFile+`" + key_file = "`+keyFile+`" + connect { enabled = true } + auto_reload_config = true + `), 0600)) + + srv := StartTestAgent(t, TestAgent{Name: "TestAgent-Server", HCL: hclConfig, configFiles: []string{configFile}}) + defer srv.Shutdown() + + testrpc.WaitForTestAgent(t, srv.RPC, "dc1", testrpc.WithToken(TestDefaultInitialManagementToken)) + + cert1 := srv.tlsConfigurator.Cert() + + certNew, privateKeyNew, err := tlsutil.GenerateCert(tlsutil.CertOpts{ + Signer: signer, + CA: ca, + Name: "Test Cert Name", + Days: 365, + DNSNames: []string{serverName}, + ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth}, + }) + require.NoError(t, err) + certFileNew := filepath.Join(certsDir, "cert_new.pem") + require.NoError(t, ioutil.WriteFile(certFileNew, []byte(certNew), 0600)) + require.NoError(t, ioutil.WriteFile(configFile, []byte(` + encrypt = "`+gossipKeyEncoded+`" + encrypt_verify_incoming = true + encrypt_verify_outgoing = true + verify_incoming = true + verify_outgoing = true + verify_server_hostname = true + ca_file = "`+caFile+`" + cert_file = "`+certFileNew+`" + key_file = "`+keyFile+`" + connect { enabled = true } + auto_reload_config = true + `), 0600)) + + // cert should not change as we did not update the associated key + time.Sleep(1 * time.Second) + retry.Run(t, func(r *retry.R) { + require.Equal(r, cert1.Certificate, srv.tlsConfigurator.Cert().Certificate) + require.Equal(r, cert1.PrivateKey, srv.tlsConfigurator.Cert().PrivateKey) + }) + + require.NoError(t, ioutil.WriteFile(keyFile, []byte(privateKeyNew), 0600)) + + // cert should change as we did not update the associated key + time.Sleep(1 * time.Second) + retry.Run(t, func(r *retry.R) { + require.NotEqual(r, cert1.Certificate, srv.tlsConfigurator.Cert().Certificate) + require.NotEqual(r, cert1.PrivateKey, srv.tlsConfigurator.Cert().PrivateKey) + }) +} + +func TestAgent_AutoReloadDoReload_WhenKeyThenCertUpdated(t *testing.T) { + if testing.Short() { + t.Skip("too slow for testing.Short") + } + + certsDir := testutil.TempDir(t, "auto-config") + + // write some test TLS certificates out to the cfg dir + serverName := "server.dc1.consul" + signer, _, err := tlsutil.GeneratePrivateKey() + require.NoError(t, err) + + ca, _, err := tlsutil.GenerateCA(tlsutil.CAOpts{Signer: signer}) + require.NoError(t, err) + + cert, privateKey, err := tlsutil.GenerateCert(tlsutil.CertOpts{ + Signer: signer, + CA: ca, + Name: "Test Cert Name", + Days: 365, + DNSNames: []string{serverName}, + ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth}, + }) + require.NoError(t, err) + + certFile := filepath.Join(certsDir, "cert.pem") + caFile := filepath.Join(certsDir, "cacert.pem") + keyFile := filepath.Join(certsDir, "key.pem") + + require.NoError(t, ioutil.WriteFile(certFile, []byte(cert), 0600)) + require.NoError(t, ioutil.WriteFile(caFile, []byte(ca), 0600)) + require.NoError(t, ioutil.WriteFile(keyFile, []byte(privateKey), 0600)) + + // generate a gossip key + gossipKey := make([]byte, 32) + n, err := rand.Read(gossipKey) + require.NoError(t, err) + require.Equal(t, 32, n) + gossipKeyEncoded := base64.StdEncoding.EncodeToString(gossipKey) + + hclConfig := TestACLConfigWithParams(nil) + + configFile := testutil.TempDir(t, "config") + "/config.hcl" + require.NoError(t, ioutil.WriteFile(configFile, []byte(` + encrypt = "`+gossipKeyEncoded+`" + encrypt_verify_incoming = true + encrypt_verify_outgoing = true + verify_incoming = true + verify_outgoing = true + verify_server_hostname = true + ca_file = "`+caFile+`" + cert_file = "`+certFile+`" + key_file = "`+keyFile+`" + connect { enabled = true } + auto_reload_config = true + `), 0600)) + + srv := StartTestAgent(t, TestAgent{Name: "TestAgent-Server", HCL: hclConfig, configFiles: []string{configFile}}) + defer srv.Shutdown() + + testrpc.WaitForTestAgent(t, srv.RPC, "dc1", testrpc.WithToken(TestDefaultInitialManagementToken)) + + cert1 := srv.tlsConfigurator.Cert() + + certNew, privateKeyNew, err := tlsutil.GenerateCert(tlsutil.CertOpts{ + Signer: signer, + CA: ca, + Name: "Test Cert Name", + Days: 365, + DNSNames: []string{serverName}, + ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth}, + }) + require.NoError(t, err) + certFileNew := filepath.Join(certsDir, "cert_new.pem") + require.NoError(t, ioutil.WriteFile(keyFile, []byte(privateKeyNew), 0600)) + // cert should not change as we did not update the associated key + time.Sleep(1 * time.Second) + retry.Run(t, func(r *retry.R) { + require.Equal(r, cert1.Certificate, srv.tlsConfigurator.Cert().Certificate) + require.Equal(r, cert1.PrivateKey, srv.tlsConfigurator.Cert().PrivateKey) + }) + + require.NoError(t, ioutil.WriteFile(certFileNew, []byte(certNew), 0600)) + require.NoError(t, ioutil.WriteFile(configFile, []byte(` + encrypt = "`+gossipKeyEncoded+`" + encrypt_verify_incoming = true + encrypt_verify_outgoing = true + verify_incoming = true + verify_outgoing = true + verify_server_hostname = true + ca_file = "`+caFile+`" + cert_file = "`+certFileNew+`" + key_file = "`+keyFile+`" + connect { enabled = true } + auto_reload_config = true + `), 0600)) + + // cert should change as we did not update the associated key + time.Sleep(1 * time.Second) + retry.Run(t, func(r *retry.R) { + require.NotEqual(r, cert1.Certificate, srv.tlsConfigurator.Cert().Certificate) + require.NotEqual(r, cert1.PrivateKey, srv.tlsConfigurator.Cert().PrivateKey) + }) + cert2 := srv.tlsConfigurator.Cert() + + certNew2, privateKeyNew2, err := tlsutil.GenerateCert(tlsutil.CertOpts{ + Signer: signer, + CA: ca, + Name: "Test Cert Name", + Days: 365, + DNSNames: []string{serverName}, + ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth}, + }) + require.NoError(t, err) + require.NoError(t, ioutil.WriteFile(keyFile, []byte(privateKeyNew2), 0600)) + // cert should not change as we did not update the associated cert + time.Sleep(1 * time.Second) + retry.Run(t, func(r *retry.R) { + require.Equal(r, cert2.Certificate, srv.tlsConfigurator.Cert().Certificate) + require.Equal(r, cert2.PrivateKey, srv.tlsConfigurator.Cert().PrivateKey) + }) + + require.NoError(t, ioutil.WriteFile(certFileNew, []byte(certNew2), 0600)) + + // cert should change as we did update the associated key + time.Sleep(1 * time.Second) + retry.Run(t, func(r *retry.R) { + require.NotEqual(r, cert2.Certificate, srv.tlsConfigurator.Cert().Certificate) + require.NotEqual(r, cert2.PrivateKey, srv.tlsConfigurator.Cert().PrivateKey) + }) } diff --git a/agent/config/builder.go b/agent/config/builder.go index d5d3bbfb4..1762f3f6d 100644 --- a/agent/config/builder.go +++ b/agent/config/builder.go @@ -37,6 +37,7 @@ import ( "github.com/hashicorp/consul/agent/token" "github.com/hashicorp/consul/ipaddr" "github.com/hashicorp/consul/lib" + "github.com/hashicorp/consul/lib/stringslice" libtempl "github.com/hashicorp/consul/lib/template" "github.com/hashicorp/consul/logging" "github.com/hashicorp/consul/tlsutil" @@ -107,7 +108,8 @@ func Load(opts LoadOpts) (LoadResult, error) { if err := b.validate(cfg); err != nil { return r, err } - return LoadResult{RuntimeConfig: &cfg, Warnings: b.Warnings}, nil + watcherFiles := stringslice.CloneStringSlice(opts.ConfigFiles) + return LoadResult{RuntimeConfig: &cfg, Warnings: b.Warnings, WatchedFiles: watcherFiles}, nil } // LoadResult is the result returned from Load. The caller is responsible for @@ -115,6 +117,7 @@ func Load(opts LoadOpts) (LoadResult, error) { type LoadResult struct { RuntimeConfig *RuntimeConfig Warnings []string + WatchedFiles []string } // builder constructs and validates a runtime configuration from multiple @@ -938,6 +941,7 @@ func (b *builder) build() (rt RuntimeConfig, err error) { c.Cache.EntryFetchMaxBurst, cache.DefaultEntryFetchMaxBurst, ), }, + AutoReloadConfig: boolVal(c.AutoReloadConfig), CheckUpdateInterval: b.durationVal("check_update_interval", c.CheckUpdateInterval), CheckOutputMaxSize: intValWithDefault(c.CheckOutputMaxSize, 4096), Checks: checks, @@ -978,8 +982,6 @@ func (b *builder) build() (rt RuntimeConfig, err error) { EnableRemoteScriptChecks: enableRemoteScriptChecks, EnableLocalScriptChecks: enableLocalScriptChecks, EncryptKey: stringVal(c.EncryptKey), - EncryptVerifyIncoming: boolVal(c.EncryptVerifyIncoming), - EncryptVerifyOutgoing: boolVal(c.EncryptVerifyOutgoing), GRPCPort: grpcPort, GRPCAddrs: grpcAddrs, HTTPMaxConnsPerClient: intVal(c.Limits.HTTPMaxConnsPerClient), @@ -987,6 +989,11 @@ func (b *builder) build() (rt RuntimeConfig, err error) { KVMaxValueSize: uint64Val(c.Limits.KVMaxValueSize), LeaveDrainTime: b.durationVal("performance.leave_drain_time", c.Performance.LeaveDrainTime), LeaveOnTerm: leaveOnTerm, + StaticRuntimeConfig: StaticRuntimeConfig{ + EncryptVerifyIncoming: boolVal(c.EncryptVerifyIncoming), + EncryptVerifyOutgoing: boolVal(c.EncryptVerifyOutgoing), + }, + Logging: logging.Config{ LogLevel: stringVal(c.LogLevel), LogJSON: boolVal(c.LogJSON), diff --git a/agent/config/config.go b/agent/config/config.go index e8caa74b7..42d43f1d9 100644 --- a/agent/config/config.go +++ b/agent/config/config.go @@ -210,6 +210,7 @@ type Config struct { ReconnectTimeoutLAN *string `mapstructure:"reconnect_timeout"` ReconnectTimeoutWAN *string `mapstructure:"reconnect_timeout_wan"` RejoinAfterLeave *bool `mapstructure:"rejoin_after_leave"` + AutoReloadConfig *bool `mapstructure:"auto_reload_config"` RetryJoinIntervalLAN *string `mapstructure:"retry_interval"` RetryJoinIntervalWAN *string `mapstructure:"retry_interval_wan"` RetryJoinLAN []string `mapstructure:"retry_join"` diff --git a/agent/config/file_watcher.go b/agent/config/file_watcher.go index 1e35e7080..d85abca4b 100644 --- a/agent/config/file_watcher.go +++ b/agent/config/file_watcher.go @@ -14,19 +14,29 @@ import ( const timeoutDuration = 200 * time.Millisecond -type FileWatcher struct { +type Watcher interface { + Start(ctx context.Context) + Stop() error + Add(filename string) error + Remove(filename string) + Replace(oldFile, newFile string) error + EventsCh() chan *FileWatcherEvent +} + +type fileWatcher struct { watcher *fsnotify.Watcher configFiles map[string]*watchedFile + configFilesLock sync.RWMutex logger hclog.Logger reconcileTimeout time.Duration cancel context.CancelFunc done chan interface{} stopOnce sync.Once - //EventsCh Channel where an event will be emitted when a file change is detected + //eventsCh Channel where an event will be emitted when a file change is detected // a call to Start is needed before any event is emitted // after a Call to Stop succeed, the channel will be closed - EventsCh chan *FileWatcherEvent + eventsCh chan *FileWatcherEvent } type watchedFile struct { @@ -38,24 +48,23 @@ type FileWatcherEvent struct { } //NewFileWatcher create a file watcher that will watch all the files/folders from configFiles -// if success a FileWatcher will be returned and a nil error -// otherwise an error and a nil FileWatcher are returned -func NewFileWatcher(configFiles []string, logger hclog.Logger) (*FileWatcher, error) { +// if success a fileWatcher will be returned and a nil error +// otherwise an error and a nil fileWatcher are returned +func NewFileWatcher(configFiles []string, logger hclog.Logger) (Watcher, error) { ws, err := fsnotify.NewWatcher() if err != nil { return nil, err } - w := &FileWatcher{ + w := &fileWatcher{ watcher: ws, logger: logger.Named("file-watcher"), configFiles: make(map[string]*watchedFile), - EventsCh: make(chan *FileWatcherEvent), + eventsCh: make(chan *FileWatcherEvent), reconcileTimeout: timeoutDuration, done: make(chan interface{}), - stopOnce: sync.Once{}, } for _, f := range configFiles { - err = w.add(f) + err = w.Add(f) if err != nil { return nil, fmt.Errorf("error adding file %q: %w", f, err) } @@ -66,7 +75,7 @@ func NewFileWatcher(configFiles []string, logger hclog.Logger) (*FileWatcher, er // Start start a file watcher, with a copy of the passed context. // calling Start multiple times is a noop -func (w *FileWatcher) Start(ctx context.Context) { +func (w *fileWatcher) Start(ctx context.Context) { if w.cancel == nil { cancelCtx, cancel := context.WithCancel(ctx) w.cancel = cancel @@ -76,21 +85,19 @@ func (w *FileWatcher) Start(ctx context.Context) { // Stop the file watcher // calling Stop multiple times is a noop, Stop must be called after a Start -func (w *FileWatcher) Stop() error { +func (w *fileWatcher) Stop() error { var err error w.stopOnce.Do(func() { w.cancel() <-w.done - close(w.EventsCh) err = w.watcher.Close() }) return err } -func (w *FileWatcher) add(filename string) error { - if isSymLink(filename) { - return fmt.Errorf("symbolic links are not supported %s", filename) - } +// Add a file to the file watcher +// Add will lock the file watcher during the add +func (w *fileWatcher) Add(filename string) error { filename = filepath.Clean(filename) w.logger.Trace("adding file", "file", filename) if err := w.watcher.Add(filename); err != nil { @@ -100,25 +107,63 @@ func (w *FileWatcher) add(filename string) error { if err != nil { return err } - w.configFiles[filename] = &watchedFile{modTime: modTime} + w.addFile(filename, modTime) return nil } -func isSymLink(filename string) bool { - fi, err := os.Lstat(filename) - if err != nil { - return false - } - if fi.Mode()&os.ModeSymlink != 0 { - return true - } - return false +// Remove a file from the file watcher +// Remove will lock the file watcher during the remove +func (w *fileWatcher) Remove(filename string) { + w.removeFile(filename) } -func (w *FileWatcher) watch(ctx context.Context) { +// Replace a file in the file watcher +// Replace will lock the file watcher during the replace +func (w *fileWatcher) Replace(oldFile, newFile string) error { + if oldFile == newFile { + return nil + } + newFile = filepath.Clean(newFile) + w.logger.Trace("adding file", "file", newFile) + if err := w.watcher.Add(newFile); err != nil { + return err + } + modTime, err := w.getFileModifiedTime(newFile) + if err != nil { + return err + } + w.replaceFile(oldFile, newFile, modTime) + return nil +} + +func (w *fileWatcher) replaceFile(oldFile, newFile string, modTime time.Time) { + w.configFilesLock.Lock() + defer w.configFilesLock.Unlock() + delete(w.configFiles, oldFile) + w.configFiles[newFile] = &watchedFile{modTime: modTime} +} + +func (w *fileWatcher) addFile(filename string, modTime time.Time) { + w.configFilesLock.Lock() + defer w.configFilesLock.Unlock() + w.configFiles[filename] = &watchedFile{modTime: modTime} +} + +func (w *fileWatcher) removeFile(filename string) { + w.configFilesLock.Lock() + defer w.configFilesLock.Unlock() + delete(w.configFiles, filename) +} + +func (w *fileWatcher) EventsCh() chan *FileWatcherEvent { + return w.eventsCh +} + +func (w *fileWatcher) watch(ctx context.Context) { ticker := time.NewTicker(w.reconcileTimeout) defer ticker.Stop() defer close(w.done) + defer close(w.eventsCh) for { select { @@ -144,7 +189,7 @@ func (w *FileWatcher) watch(ctx context.Context) { } } -func (w *FileWatcher) handleEvent(ctx context.Context, event fsnotify.Event) error { +func (w *fileWatcher) handleEvent(ctx context.Context, event fsnotify.Event) error { w.logger.Trace("event received ", "filename", event.Name, "OP", event.Op) // we only want Create and Remove events to avoid triggering a reload on file modification if !isCreateEvent(event) && !isRemoveEvent(event) && !isWriteEvent(event) && !isRenameEvent(event) { @@ -168,7 +213,7 @@ func (w *FileWatcher) handleEvent(ctx context.Context, event fsnotify.Event) err if isCreateEvent(event) || isWriteEvent(event) || isRenameEvent(event) { w.logger.Trace("call the handler", "filename", event.Name, "OP", event.Op) select { - case w.EventsCh <- &FileWatcherEvent{Filename: filename}: + case w.eventsCh <- &FileWatcherEvent{Filename: filename}: case <-ctx.Done(): return ctx.Err() } @@ -177,9 +222,11 @@ func (w *FileWatcher) handleEvent(ctx context.Context, event fsnotify.Event) err return nil } -func (w *FileWatcher) isWatched(filename string) (*watchedFile, string, bool) { +func (w *fileWatcher) isWatched(filename string) (*watchedFile, string, bool) { path := filename + w.configFilesLock.RLock() configFile, ok := w.configFiles[path] + w.configFilesLock.RUnlock() if ok { return configFile, path, true } @@ -192,14 +239,17 @@ func (w *FileWatcher) isWatched(filename string) (*watchedFile, string, bool) { // try to see if the watched path is the parent dir newPath := filepath.Dir(path) w.logger.Trace("get dir", "dir", newPath) + w.configFilesLock.RLock() configFile, ok = w.configFiles[newPath] + w.configFilesLock.RUnlock() } return configFile, path, ok } -func (w *FileWatcher) reconcile(ctx context.Context) { +func (w *fileWatcher) reconcile(ctx context.Context) { + w.configFilesLock.Lock() + defer w.configFilesLock.Unlock() for filename, configFile := range w.configFiles { - w.logger.Trace("reconciling", "filename", filename) newModTime, err := w.getFileModifiedTime(filename) if err != nil { w.logger.Error("failed to get file modTime", "file", filename, "err", err) @@ -213,9 +263,9 @@ func (w *FileWatcher) reconcile(ctx context.Context) { } if !configFile.modTime.Equal(newModTime) { w.logger.Trace("call the handler", "filename", filename, "old modTime", configFile.modTime, "new modTime", newModTime) - w.configFiles[filename].modTime = newModTime + configFile.modTime = newModTime select { - case w.EventsCh <- &FileWatcherEvent{Filename: filename}: + case w.eventsCh <- &FileWatcherEvent{Filename: filename}: case <-ctx.Done(): return } @@ -239,7 +289,7 @@ func isRenameEvent(event fsnotify.Event) bool { return event.Op&fsnotify.Rename == fsnotify.Rename } -func (w *FileWatcher) getFileModifiedTime(filename string) (time.Time, error) { +func (w *fileWatcher) getFileModifiedTime(filename string) (time.Time, error) { fileInfo, err := os.Stat(filename) if err != nil { return time.Time{}, err diff --git a/agent/config/file_watcher_test.go b/agent/config/file_watcher_test.go index 68689e708..064729c53 100644 --- a/agent/config/file_watcher_test.go +++ b/agent/config/file_watcher_test.go @@ -27,7 +27,9 @@ func TestWatcherRenameEvent(t *testing.T) { fileTmp := createTempConfigFile(t, "temp_config3") filepaths := []string{createTempConfigFile(t, "temp_config1"), createTempConfigFile(t, "temp_config2")} - w, err := NewFileWatcher(filepaths, hclog.New(&hclog.LoggerOptions{})) + wi, err := NewFileWatcher(filepaths, hclog.New(&hclog.LoggerOptions{})) + w := wi.(*fileWatcher) + require.NoError(t, err) w.Start(context.Background()) defer func() { @@ -36,10 +38,66 @@ func TestWatcherRenameEvent(t *testing.T) { require.NoError(t, err) err = os.Rename(fileTmp, filepaths[0]) + time.Sleep(w.reconcileTimeout + 50*time.Millisecond) require.NoError(t, err) - require.NoError(t, assertEvent(filepaths[0], w.EventsCh, defaultTimeout)) + require.NoError(t, assertEvent(filepaths[0], w.eventsCh, defaultTimeout)) // make sure we consume all events - assertEvent(filepaths[0], w.EventsCh, defaultTimeout) + _ = assertEvent(filepaths[0], w.eventsCh, defaultTimeout) +} + +func TestWatcherAddRemove(t *testing.T) { + var filepaths []string + wi, err := NewFileWatcher(filepaths, hclog.New(&hclog.LoggerOptions{})) + w := wi.(*fileWatcher) + require.NoError(t, err) + file1 := createTempConfigFile(t, "temp_config1") + err = w.Add(file1) + require.NoError(t, err) + file2 := createTempConfigFile(t, "temp_config2") + err = w.Add(file2) + require.NoError(t, err) + w.Remove(file2) + _, ok := w.configFiles[file1] + require.True(t, ok) + _, ok = w.configFiles[file2] + require.False(t, ok) + +} + +func TestWatcherAddWhileRunning(t *testing.T) { + var filepaths []string + wi, err := NewFileWatcher(filepaths, hclog.New(&hclog.LoggerOptions{})) + w := wi.(*fileWatcher) + require.NoError(t, err) + w.Start(context.Background()) + defer func() { + _ = w.Stop() + }() + file1 := createTempConfigFile(t, "temp_config1") + err = w.Add(file1) + require.NoError(t, err) + file2 := createTempConfigFile(t, "temp_config2") + err = w.Add(file2) + require.NoError(t, err) + w.Remove(file2) + require.Len(t, w.configFiles, 1) + _, ok := w.configFiles[file1] + require.True(t, ok) + _, ok = w.configFiles[file2] + require.False(t, ok) +} + +func TestWatcherRemoveNotFound(t *testing.T) { + var filepaths []string + w, err := NewFileWatcher(filepaths, hclog.New(&hclog.LoggerOptions{})) + require.NoError(t, err) + w.Start(context.Background()) + defer func() { + _ = w.Stop() + }() + + file := createTempConfigFile(t, "temp_config2") + w.Remove(file) } func TestWatcherAddNotExist(t *testing.T) { @@ -69,7 +127,7 @@ func TestEventWatcherWrite(t *testing.T) { require.NoError(t, err) err = file.Sync() require.NoError(t, err) - require.NoError(t, assertEvent(file.Name(), w.EventsCh, defaultTimeout)) + require.NoError(t, assertEvent(file.Name(), w.EventsCh(), defaultTimeout)) } func TestEventWatcherRead(t *testing.T) { @@ -84,7 +142,7 @@ func TestEventWatcherRead(t *testing.T) { _, err = os.ReadFile(filepath) require.NoError(t, err) - require.Error(t, assertEvent(filepath, w.EventsCh, defaultTimeout), "timedout waiting for event") + require.Error(t, assertEvent(filepath, w.EventsCh(), defaultTimeout), "timedout waiting for event") } func TestEventWatcherChmod(t *testing.T) { @@ -107,7 +165,7 @@ func TestEventWatcherChmod(t *testing.T) { err = file.Chmod(0777) require.NoError(t, err) - require.Error(t, assertEvent(file.Name(), w.EventsCh, defaultTimeout), "timedout waiting for event") + require.Error(t, assertEvent(file.Name(), w.EventsCh(), defaultTimeout), "timedout waiting for event") } func TestEventWatcherRemoveCreate(t *testing.T) { @@ -130,7 +188,7 @@ func TestEventWatcherRemoveCreate(t *testing.T) { err = recreated.Sync() require.NoError(t, err) // this an event coming from the reconcile loop - require.NoError(t, assertEvent(filepath, w.EventsCh, defaultTimeout)) + require.NoError(t, assertEvent(filepath, w.EventsCh(), defaultTimeout)) } func TestEventWatcherMove(t *testing.T) { @@ -147,8 +205,9 @@ func TestEventWatcherMove(t *testing.T) { for i := 0; i < 10; i++ { filepath2 := createTempConfigFile(t, "temp_config2") err = os.Rename(filepath2, filepath) + time.Sleep(timeoutDuration + 50*time.Millisecond) require.NoError(t, err) - require.NoError(t, assertEvent(filepath, w.EventsCh, defaultTimeout)) + require.NoError(t, assertEvent(filepath, w.EventsCh(), defaultTimeout)) } } @@ -157,7 +216,8 @@ func TestEventReconcileMove(t *testing.T) { filepath2 := createTempConfigFile(t, "temp_config2") err := os.Chtimes(filepath, time.Now(), time.Now().Add(-1*time.Second)) require.NoError(t, err) - w, err := NewFileWatcher([]string{filepath}, hclog.New(&hclog.LoggerOptions{})) + wi, err := NewFileWatcher([]string{filepath}, hclog.New(&hclog.LoggerOptions{})) + w := wi.(*fileWatcher) require.NoError(t, err) w.Start(context.Background()) defer func() { @@ -169,8 +229,9 @@ func TestEventReconcileMove(t *testing.T) { require.NoError(t, err) err = os.Rename(filepath2, filepath) + time.Sleep(timeoutDuration + 50*time.Millisecond) require.NoError(t, err) - require.NoError(t, assertEvent(filepath, w.EventsCh, 2000*time.Millisecond)) + require.NoError(t, assertEvent(filepath, w.EventsCh(), 2000*time.Millisecond)) } func TestEventWatcherDirCreateRemove(t *testing.T) { @@ -187,11 +248,11 @@ func TestEventWatcherDirCreateRemove(t *testing.T) { require.NoError(t, err) err = file.Close() require.NoError(t, err) - require.NoError(t, assertEvent(filepath, w.EventsCh, defaultTimeout)) + require.NoError(t, assertEvent(filepath, w.EventsCh(), defaultTimeout)) err = os.Remove(name) require.NoError(t, err) - require.NoError(t, assertEvent(filepath, w.EventsCh, defaultTimeout)) + require.NoError(t, assertEvent(filepath, w.EventsCh(), defaultTimeout)) } } @@ -212,9 +273,9 @@ func TestEventWatcherDirMove(t *testing.T) { for i := 0; i < 100; i++ { filepathTmp := createTempConfigFile(t, "temp_config2") - os.Rename(filepathTmp, name) + err = os.Rename(filepathTmp, name) require.NoError(t, err) - require.NoError(t, assertEvent(filepath, w.EventsCh, defaultTimeout)) + require.NoError(t, assertEvent(filepath, w.EventsCh(), defaultTimeout)) } } @@ -235,9 +296,9 @@ func TestEventWatcherDirMoveTrim(t *testing.T) { for i := 0; i < 100; i++ { filepathTmp := createTempConfigFile(t, "temp_config2") - os.Rename(filepathTmp, name) + err = os.Rename(filepathTmp, name) require.NoError(t, err) - require.NoError(t, assertEvent(filepath, w.EventsCh, defaultTimeout)) + require.NoError(t, assertEvent(filepath, w.EventsCh(), defaultTimeout)) } } @@ -260,9 +321,9 @@ func TestEventWatcherSubDirMove(t *testing.T) { for i := 0; i < 2; i++ { filepathTmp := createTempConfigFile(t, "temp_config2") - os.Rename(filepathTmp, name) + err = os.Rename(filepathTmp, name) require.NoError(t, err) - require.Error(t, assertEvent(filepath, w.EventsCh, defaultTimeout), "timedout waiting for event") + require.Error(t, assertEvent(filepath, w.EventsCh(), defaultTimeout), "timedout waiting for event") } } @@ -283,7 +344,7 @@ func TestEventWatcherDirRead(t *testing.T) { _, err = os.ReadFile(name) require.NoError(t, err) - require.Error(t, assertEvent(filepath, w.EventsCh, defaultTimeout), "timedout waiting for event") + require.Error(t, assertEvent(filepath, w.EventsCh(), defaultTimeout), "timedout waiting for event") } func TestEventWatcherMoveSoftLink(t *testing.T) { @@ -295,8 +356,8 @@ func TestEventWatcherMoveSoftLink(t *testing.T) { require.NoError(t, err) w, err := NewFileWatcher([]string{name}, hclog.New(&hclog.LoggerOptions{})) - require.Error(t, err, "symbolic link are not supported") - require.Nil(t, w) + require.NoError(t, err) + require.NotNil(t, w) } diff --git a/agent/config/flags.go b/agent/config/flags.go index 00deebe1b..b2e3c35ba 100644 --- a/agent/config/flags.go +++ b/agent/config/flags.go @@ -76,6 +76,7 @@ func AddFlags(fs *flag.FlagSet, f *LoadOpts) { add(&f.FlagValues.DNSRecursors, "recursor", "Address of an upstream DNS server. Can be specified multiple times.") add(&f.FlagValues.PrimaryGateways, "primary-gateway", "Address of a mesh gateway in the primary datacenter to use to bootstrap WAN federation at start time with retries enabled. Can be specified multiple times.") add(&f.FlagValues.RejoinAfterLeave, "rejoin", "Ignores a previous leave and attempts to rejoin the cluster.") + add(&f.FlagValues.AutoReloadConfig, "auto-reload-config", "Watches config files for changes and auto reloads the files when modified.") add(&f.FlagValues.RetryJoinIntervalLAN, "retry-interval", "Time to wait between join attempts.") add(&f.FlagValues.RetryJoinIntervalWAN, "retry-interval-wan", "Time to wait between join -wan attempts.") add(&f.FlagValues.RetryJoinLAN, "retry-join", "Address of an agent to join at start time with retries enabled. Can be specified multiple times.") diff --git a/agent/config/runtime.go b/agent/config/runtime.go index af3dd51e1..99c51f335 100644 --- a/agent/config/runtime.go +++ b/agent/config/runtime.go @@ -29,6 +29,22 @@ type RuntimeSOAConfig struct { Minttl uint32 // 0, } +// StaticRuntimeConfig specifies the subset of configuration the consul agent actually +// uses and that are not reloadable by configuration auto reload. +type StaticRuntimeConfig struct { + // EncryptVerifyIncoming enforces incoming gossip encryption and can be + // used to upshift to encrypted gossip on a running cluster. + // + // hcl: encrypt_verify_incoming = (true|false) + EncryptVerifyIncoming bool + + // EncryptVerifyOutgoing enforces outgoing gossip encryption and can be + // used to upshift to encrypted gossip on a running cluster. + // + // hcl: encrypt_verify_outgoing = (true|false) + EncryptVerifyOutgoing bool +} + // RuntimeConfig specifies the configuration the consul agent actually // uses. Is is derived from one or more Config structures which can come // from files, flags and/or environment variables. @@ -651,18 +667,6 @@ type RuntimeConfig struct { // flag: -encrypt string EncryptKey string - // EncryptVerifyIncoming enforces incoming gossip encryption and can be - // used to upshift to encrypted gossip on a running cluster. - // - // hcl: encrypt_verify_incoming = (true|false) - EncryptVerifyIncoming bool - - // EncryptVerifyOutgoing enforces outgoing gossip encryption and can be - // used to upshift to encrypted gossip on a running cluster. - // - // hcl: encrypt_verify_outgoing = (true|false) - EncryptVerifyOutgoing bool - // GRPCPort is the port the gRPC server listens on. Currently this only // exposes the xDS and ext_authz APIs for Envoy and it is disabled by default. // @@ -1298,6 +1302,11 @@ type RuntimeConfig struct { // hcl: skip_leave_on_interrupt = (true|false) SkipLeaveOnInt bool + // AutoReloadConfig indicate if the config will be + //auto reloaded bases on config file modification + // hcl: auto_reload_config = (true|false) + AutoReloadConfig bool + // StartJoinAddrsLAN is a list of addresses to attempt to join -lan when the // agent starts. If Serf is unable to communicate with any of these // addresses, then the agent will error and exit. @@ -1374,6 +1383,8 @@ type RuntimeConfig struct { // hcl: unix_sockets { user = string } UnixSocketUser string + StaticRuntimeConfig StaticRuntimeConfig + // Watches are used to monitor various endpoints and to invoke a // handler to act appropriately. These are managed entirely in the // agent layer using the standard APIs. diff --git a/agent/config/runtime_test.go b/agent/config/runtime_test.go index ab0798342..408241e40 100644 --- a/agent/config/runtime_test.go +++ b/agent/config/runtime_test.go @@ -906,6 +906,18 @@ func TestLoad_IntegrationWithFlags(t *testing.T) { }, }) + run(t, testCase{ + desc: "-datacenter empty", + args: []string{ + `-auto-reload-config`, + `-data-dir=` + dataDir, + }, + expected: func(rt *RuntimeConfig) { + rt.AutoReloadConfig = true + rt.DataDir = dataDir + }, + }) + // ------------------------------------------------------------ // ports and addresses // @@ -5906,24 +5918,27 @@ func TestLoad_FullConfig(t *testing.T) { EnableRemoteScriptChecks: true, EnableLocalScriptChecks: true, EncryptKey: "A4wELWqH", - EncryptVerifyIncoming: true, - EncryptVerifyOutgoing: true, - GRPCPort: 4881, - GRPCAddrs: []net.Addr{tcpAddr("32.31.61.91:4881")}, - HTTPAddrs: []net.Addr{tcpAddr("83.39.91.39:7999")}, - HTTPBlockEndpoints: []string{"RBvAFcGD", "fWOWFznh"}, - AllowWriteHTTPFrom: []*net.IPNet{cidr("127.0.0.0/8"), cidr("22.33.44.55/32"), cidr("0.0.0.0/0")}, - HTTPPort: 7999, - HTTPResponseHeaders: map[string]string{"M6TKa9NP": "xjuxjOzQ", "JRCrHZed": "rl0mTx81"}, - HTTPSAddrs: []net.Addr{tcpAddr("95.17.17.19:15127")}, - HTTPMaxConnsPerClient: 100, - HTTPMaxHeaderBytes: 10, - HTTPSHandshakeTimeout: 2391 * time.Millisecond, - HTTPSPort: 15127, - HTTPUseCache: false, - KVMaxValueSize: 1234567800, - LeaveDrainTime: 8265 * time.Second, - LeaveOnTerm: true, + StaticRuntimeConfig: StaticRuntimeConfig{ + EncryptVerifyIncoming: true, + EncryptVerifyOutgoing: true, + }, + + GRPCPort: 4881, + GRPCAddrs: []net.Addr{tcpAddr("32.31.61.91:4881")}, + HTTPAddrs: []net.Addr{tcpAddr("83.39.91.39:7999")}, + HTTPBlockEndpoints: []string{"RBvAFcGD", "fWOWFznh"}, + AllowWriteHTTPFrom: []*net.IPNet{cidr("127.0.0.0/8"), cidr("22.33.44.55/32"), cidr("0.0.0.0/0")}, + HTTPPort: 7999, + HTTPResponseHeaders: map[string]string{"M6TKa9NP": "xjuxjOzQ", "JRCrHZed": "rl0mTx81"}, + HTTPSAddrs: []net.Addr{tcpAddr("95.17.17.19:15127")}, + HTTPMaxConnsPerClient: 100, + HTTPMaxHeaderBytes: 10, + HTTPSHandshakeTimeout: 2391 * time.Millisecond, + HTTPSPort: 15127, + HTTPUseCache: false, + KVMaxValueSize: 1234567800, + LeaveDrainTime: 8265 * time.Second, + LeaveOnTerm: true, Logging: logging.Config{ LogLevel: "k1zo9Spt", LogJSON: true, @@ -6760,7 +6775,8 @@ func TestRuntime_APIConfigHTTP(t *testing.T) { &net.UnixAddr{Name: "/var/run/foo"}, &net.TCPAddr{IP: net.ParseIP("198.18.0.1"), Port: 5678}, }, - Datacenter: "dc-test", + Datacenter: "dc-test", + StaticRuntimeConfig: StaticRuntimeConfig{}, } cfg, err := rt.APIConfig(false) diff --git a/agent/config/testdata/TestRuntimeConfig_Sanitize.golden b/agent/config/testdata/TestRuntimeConfig_Sanitize.golden index a8e2f46ee..5356761e4 100644 --- a/agent/config/testdata/TestRuntimeConfig_Sanitize.golden +++ b/agent/config/testdata/TestRuntimeConfig_Sanitize.golden @@ -63,6 +63,7 @@ "AutoEncryptDNSSAN": [], "AutoEncryptIPSAN": [], "AutoEncryptTLS": false, + "AutoReloadConfig": false, "AutopilotCleanupDeadServers": false, "AutopilotDisableUpgradeMigration": false, "AutopilotLastContactThreshold": "0s", @@ -182,8 +183,6 @@ "EnableLocalScriptChecks": false, "EnableRemoteScriptChecks": false, "EncryptKey": "hidden", - "EncryptVerifyIncoming": false, - "EncryptVerifyOutgoing": false, "EnterpriseRuntimeConfig": {}, "ExposeMaxPort": 0, "ExposeMinPort": 0, @@ -348,6 +347,10 @@ "SkipLeaveOnInt": false, "StartJoinAddrsLAN": [], "StartJoinAddrsWAN": [], + "StaticRuntimeConfig": { + "EncryptVerifyIncoming": false, + "EncryptVerifyOutgoing": false + }, "SyncCoordinateIntervalMin": "0s", "SyncCoordinateRateTarget": 0, "TLS": { diff --git a/agent/local/state.go b/agent/local/state.go index 8427068d7..e0bc8ae11 100644 --- a/agent/local/state.go +++ b/agent/local/state.go @@ -9,6 +9,8 @@ import ( "sync/atomic" "time" + "github.com/hashicorp/consul/lib/stringslice" + "github.com/armon/go-metrics" "github.com/armon/go-metrics/prometheus" "github.com/hashicorp/go-hclog" @@ -1104,7 +1106,7 @@ func (l *State) updateSyncState() error { // copy so that we don't retain a pointer to any actual state // store info for in-memory RPCs. if nextService.EnableTagOverride { - nextService.Tags = structs.CloneStringSlice(rs.Tags) + nextService.Tags = stringslice.CloneStringSlice(rs.Tags) changed = true } diff --git a/agent/setup.go b/agent/setup.go index bf67c0360..0799c472a 100644 --- a/agent/setup.go +++ b/agent/setup.go @@ -45,6 +45,7 @@ type BaseDeps struct { AutoConfig *autoconf.AutoConfig // TODO: use an interface Cache *cache.Cache ViewStore *submatview.Store + WatchedFiles []string } // MetricsHandler provides an http.Handler for displaying metrics. @@ -61,7 +62,7 @@ func NewBaseDeps(configLoader ConfigLoader, logOut io.Writer) (BaseDeps, error) if err != nil { return d, err } - + d.WatchedFiles = result.WatchedFiles cfg := result.RuntimeConfig logConf := cfg.Logging logConf.Name = logging.Agent diff --git a/agent/structs/acl.go b/agent/structs/acl.go index 42fa55821..25165c105 100644 --- a/agent/structs/acl.go +++ b/agent/structs/acl.go @@ -11,6 +11,8 @@ import ( "strings" "time" + "github.com/hashicorp/consul/lib/stringslice" + "golang.org/x/crypto/blake2b" "github.com/hashicorp/consul/acl" @@ -128,7 +130,7 @@ type ACLServiceIdentity struct { func (s *ACLServiceIdentity) Clone() *ACLServiceIdentity { s2 := *s - s2.Datacenters = CloneStringSlice(s.Datacenters) + s2.Datacenters = stringslice.CloneStringSlice(s.Datacenters) return &s2 } @@ -606,7 +608,7 @@ func (t *ACLPolicy) UnmarshalJSON(data []byte) error { func (p *ACLPolicy) Clone() *ACLPolicy { p2 := *p - p2.Datacenters = CloneStringSlice(p.Datacenters) + p2.Datacenters = stringslice.CloneStringSlice(p.Datacenters) return &p2 } @@ -1415,15 +1417,6 @@ type ACLPolicyBatchDeleteRequest struct { PolicyIDs []string } -func CloneStringSlice(s []string) []string { - if len(s) == 0 { - return nil - } - out := make([]string, len(s)) - copy(out, s) - return out -} - // ACLRoleSetRequest is used at the RPC layer for creation and update requests type ACLRoleSetRequest struct { Role ACLRole // The role to upsert diff --git a/agent/structs/config_entry_intentions.go b/agent/structs/config_entry_intentions.go index c77683319..8829c2178 100644 --- a/agent/structs/config_entry_intentions.go +++ b/agent/structs/config_entry_intentions.go @@ -6,6 +6,8 @@ import ( "strings" "time" + "github.com/hashicorp/consul/lib/stringslice" + "github.com/hashicorp/consul/acl" ) @@ -303,7 +305,7 @@ func (p *IntentionHTTPPermission) Clone() *IntentionHTTPPermission { } } - p2.Methods = CloneStringSlice(p.Methods) + p2.Methods = stringslice.CloneStringSlice(p.Methods) return &p2 } diff --git a/agent/structs/connect_ca.go b/agent/structs/connect_ca.go index 9d3f00d1c..ca08506e8 100644 --- a/agent/structs/connect_ca.go +++ b/agent/structs/connect_ca.go @@ -5,6 +5,8 @@ import ( "reflect" "time" + "github.com/hashicorp/consul/lib/stringslice" + "github.com/mitchellh/mapstructure" "github.com/hashicorp/consul/lib" @@ -156,7 +158,7 @@ func (c *CARoot) Clone() *CARoot { } newCopy := *c - newCopy.IntermediateCerts = CloneStringSlice(c.IntermediateCerts) + newCopy.IntermediateCerts = stringslice.CloneStringSlice(c.IntermediateCerts) return &newCopy } diff --git a/agent/testagent.go b/agent/testagent.go index fd35eb712..3910a78d9 100644 --- a/agent/testagent.go +++ b/agent/testagent.go @@ -43,7 +43,8 @@ type TestAgent struct { // Name is an optional name of the agent. Name string - HCL string + configFiles []string + HCL string // Config is the agent configuration. If Config is nil then // TestConfig() is used. If Config.DataDir is set then it is @@ -94,6 +95,16 @@ func NewTestAgent(t *testing.T, hcl string) *TestAgent { return a } +// NewTestAgent returns a started agent with the given configuration. It fails +// the test if the Agent could not be started. +// The caller is responsible for calling Shutdown() to stop the agent and remove +// temporary directories. +func NewTestAgentWithConfigFile(t *testing.T, hcl string, configFiles []string) *TestAgent { + a := StartTestAgent(t, TestAgent{configFiles: configFiles, HCL: hcl}) + t.Cleanup(func() { a.Shutdown() }) + return a +} + // StartTestAgent and wait for it to become available. If the agent fails to // start the test will be marked failed and execution will stop. // @@ -186,6 +197,7 @@ func (a *TestAgent) Start(t *testing.T) error { config.DefaultConsulSource(), config.DevConsulSource(), }, + ConfigFiles: a.configFiles, } result, err := config.Load(opts) if result.RuntimeConfig != nil { diff --git a/command/agent/agent.go b/command/agent/agent.go index 6a8d042c3..2167ba63b 100644 --- a/command/agent/agent.go +++ b/command/agent/agent.go @@ -172,7 +172,6 @@ func (c *cmd) run(args []string) int { ui.Error(err.Error()) return 1 } - c.logger = bd.Logger agent, err := agent.New(bd) if err != nil { diff --git a/lib/stringslice/stringslice.go b/lib/stringslice/stringslice.go index eea77def7..aadf8a551 100644 --- a/lib/stringslice/stringslice.go +++ b/lib/stringslice/stringslice.go @@ -68,3 +68,12 @@ func MergeSorted(a, b []string) []string { } return out } + +func CloneStringSlice(s []string) []string { + if len(s) == 0 { + return nil + } + out := make([]string, len(s)) + copy(out, s) + return out +} From 4974d8471bb9be3c2056e71d187a1ecc61f2d820 Mon Sep 17 00:00:00 2001 From: Kyle Havlovitz Date: Thu, 31 Mar 2022 12:18:40 -0700 Subject: [PATCH 055/785] Log a warning when a terminating gateway service has TLS but not SNI configured --- agent/consul/config_endpoint.go | 8 ++++++++ agent/structs/config_entry.go | 8 ++++++++ agent/structs/config_entry_gateways.go | 16 ++++++++++++++++ 3 files changed, 32 insertions(+) diff --git a/agent/consul/config_endpoint.go b/agent/consul/config_endpoint.go index e87e9eced..2e72f992e 100644 --- a/agent/consul/config_endpoint.go +++ b/agent/consul/config_endpoint.go @@ -89,6 +89,14 @@ func (c *ConfigEntry) Apply(args *structs.ConfigEntryRequest, reply *bool) error return err } + // Log any applicable warnings about the contents of the config entry. + if warnEntry, ok := args.Entry.(structs.WarningConfigEntry); ok { + warnings := warnEntry.Warnings() + for _, warning := range warnings { + c.logger.Warn(warning) + } + } + if err := args.Entry.CanWrite(authz); err != nil { return err } diff --git a/agent/structs/config_entry.go b/agent/structs/config_entry.go index 7222a1ec6..09e05fa4c 100644 --- a/agent/structs/config_entry.go +++ b/agent/structs/config_entry.go @@ -82,6 +82,14 @@ type UpdatableConfigEntry interface { ConfigEntry } +// WarningConfigEntry is an optional interface implemented by a ConfigEntry +// if it wants to be able to emit warnings when it is being upserted. +type WarningConfigEntry interface { + Warnings() []string + + ConfigEntry +} + // ServiceConfiguration is the top-level struct for the configuration of a service // across the entire cluster. type ServiceConfigEntry struct { diff --git a/agent/structs/config_entry_gateways.go b/agent/structs/config_entry_gateways.go index 94014230d..fc9c840a0 100644 --- a/agent/structs/config_entry_gateways.go +++ b/agent/structs/config_entry_gateways.go @@ -570,6 +570,22 @@ func (e *TerminatingGatewayConfigEntry) GetEnterpriseMeta() *EnterpriseMeta { return &e.EnterpriseMeta } +func (e *TerminatingGatewayConfigEntry) Warnings() []string { + if e == nil { + return nil + } + + warnings := make([]string, 0) + for _, svc := range e.Services { + if (svc.CAFile != "" || svc.CertFile != "" || svc.KeyFile != "") && svc.SNI == "" { + warning := fmt.Sprintf("TLS is configured but SNI is not set for service %q. Enabling SNI is strongly recommended when using TLS.", svc.Name) + warnings = append(warnings, warning) + } + } + + return warnings +} + // GatewayService is used to associate gateways with their linked services. type GatewayService struct { Gateway ServiceName From cc3c39b920ab17b7cb49d0d6cf468443d561873f Mon Sep 17 00:00:00 2001 From: Kyle Havlovitz Date: Thu, 31 Mar 2022 12:19:16 -0700 Subject: [PATCH 056/785] Recommend SNI with TLS in the terminating gateway docs --- .../docs/connect/config-entries/terminating-gateway.mdx | 3 +++ 1 file changed, 3 insertions(+) diff --git a/website/content/docs/connect/config-entries/terminating-gateway.mdx b/website/content/docs/connect/config-entries/terminating-gateway.mdx index 8da3b20e6..0c6a4bf56 100644 --- a/website/content/docs/connect/config-entries/terminating-gateway.mdx +++ b/website/content/docs/connect/config-entries/terminating-gateway.mdx @@ -30,6 +30,9 @@ from the terminating gateway will be encrypted using one-way TLS authentication. and [private key](/docs/connect/config-entries/terminating-gateway#keyfile) are also specified connections from the terminating gateway will be encrypted using mutual TLS authentication. +~> Setting the `SNI` field is strongly recommended when enabling TLS to a service. If this field is not set, +Consul will not attempt to verify the Subject Alternative Name fields in the service's certificate. + If none of these are provided, Consul will **only** encrypt connections to the gateway and not from the gateway to the destination service. From 8dd4e609c13bce392d22214005a57b6485a0ae3a Mon Sep 17 00:00:00 2001 From: FFMMM Date: Thu, 31 Mar 2022 13:04:33 -0700 Subject: [PATCH 057/785] docs: new rpc metric (#12608) --- website/content/docs/agent/telemetry.mdx | 120 ++++++++++++++++------- 1 file changed, 83 insertions(+), 37 deletions(-) diff --git a/website/content/docs/agent/telemetry.mdx b/website/content/docs/agent/telemetry.mdx index e17b75396..4f4ef8983 100644 --- a/website/content/docs/agent/telemetry.mdx +++ b/website/content/docs/agent/telemetry.mdx @@ -289,7 +289,7 @@ performance degradations related to Bolt DB, these metrics will show the issue a **What to look for:** -The primary thing to look for are increases in the `consul.raft.boltdb.storeLogs` times. Its value will directly govern an +The primary thing to look for are increases in the `consul.raft.boltdb.storeLogs` times. Its value will directly govern an upper limit to the throughput of write operations within Consul. In Consul each write operation will turn into a single Raft log to be committed. Raft will process these @@ -313,7 +313,7 @@ to drastically increase disk write throughput, potentially beyond what the under detect this situation you can look at the `consul.raft.boltdb.freelistBytes` metric. This metric is a count of the extra bytes that are being written for each log storage operation beyond the log data itself. While not a clear indicator of an actual issue, this metric can be used to diagnose why the `consul.raft.boltdb.storeLogs` metric -is high. +is high. If Bolt DB log storage performance becomes an issue and is caused by free list management then setting [`raft_boltdb.NoFreelistSync`](/docs/agent/options#NoFreelistSync) to `true` in the server's configuration @@ -519,47 +519,93 @@ These metrics are used to monitor the health of the Consul servers. | `consul.grpc.server.streams` | Measures the number of active gRPC streams handled by the server. | streams | gauge | | `consul.xds.server.streams` | Measures the number of active xDS streams handled by the server split by protocol version. | streams | gauge | + +## Server Workload + +** Requirements: ** +* Consul 1.12.0+ + +Label based RPC metrics were added in Consul 1.12.0 as a Beta feature to better understand the workload on a Consul server and, where that workload is coming from. The following metric(s) provide that insight + +| Metric | Description | Unit | Type | +| ------------------------------------- | --------------------------------------------------------- | ------ | --------- | +| `consul.rpc.server.call` | Measures the elapsed time taken to complete an RPC call. | ms | summary | + +Note that values of the `consul.rpc.server.call` may emit as `0 ms`. That means that the elapsed time < `1 ms`. + +### Labels + +The the server workload metrics above come with the following labels: + +| Label Name | Description | Possible values | +| ------------------------------------- | --------------------------------------------------------- | --------------------------------------- | +| `method` | The name of the RPC method. | The value of any RPC request in Consul. | +| `errored` | Indicates whether the RPC call errored. | `True` or `False`. | +| `request_type` | Whether it is a `read` or `write` request. | `read`, `write` or `unreported`. | +| `rpc_type` | The RPC implementation. | `net/rpc` or `internal`. | + +#### Label Explanations + +The `internal` value for the `rpc_type` in the table above refers to leader and cluster management RPC operations that Consul performs. +Historically, `internal` RPC operation metrics were accounted under the same metric names. + +The `unreported` value for the `request_type` in the table above refers to RPC requests within Consul where it is difficult to ascertain whether a request is `read` or `write` type. + +Here is a Prometheus style example of an RPC metric and its labels: + + + +```json + ... + consul_rpc_server_call{errored="false",method="Catalog.ListNodes",request_type="read",rpc_type="net/rpc",quantile="0.5"} 255 + ... +``` + + + +Any metric in this section can be turned off with the [`prefix_filter`](/docs/agent/options#telemetry-prefix_filter). + ## Cluster Health These metrics give insight into the health of the cluster as a whole. | Metric | Description | Unit | Type | | ------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------- | ------- | -| `consul.memberlist.degraded.probe` | Counts the number of times the agent has performed failure detection on another agent at a slower probe rate. The agent uses its own health metric as an indicator to perform this action. (If its health score is low, means that the node is healthy, and vice versa.) | probes / interval | counter | -| `consul.memberlist.degraded.timeout` | Counts the number of times an agent was marked as a dead node, whilst not getting enough confirmations from a randomly selected list of agent nodes in an agent's membership. | occurrence / interval | counter | -| `consul.memberlist.msg.dead` | Counts the number of times an agent has marked another agent to be a dead node. | messages / interval | counter | -| `consul.memberlist.health.score` | Describes a node's perception of its own health based on how well it is meeting the soft real-time requirements of the protocol. This metric ranges from 0 to 8, where 0 indicates "totally healthy". This health score is used to scale the time between outgoing probes, and higher scores translate into longer probing intervals. For more details see section IV of the Lifeguard paper: https://arxiv.org/pdf/1707.00788.pdf | score | gauge | -| `consul.memberlist.msg.suspect` | Increments when an agent suspects another as failed when executing random probes as part of the gossip protocol. These can be an indicator of overloaded agents, network problems, or configuration errors where agents can not connect to each other on the [required ports](/docs/agent/options#ports). | suspect messages received / interval | counter | -| `consul.memberlist.tcp.accept` | Counts the number of times an agent has accepted an incoming TCP stream connection. | connections accepted / interval | counter | -| `consul.memberlist.udp.sent/received` | Measures the total number of bytes sent/received by an agent through the UDP protocol. | bytes sent or bytes received / interval | counter | -| `consul.memberlist.tcp.connect` | Counts the number of times an agent has initiated a push/pull sync with an other agent. | push/pull initiated / interval | counter | -| `consul.memberlist.tcp.sent` | Measures the total number of bytes sent by an agent through the TCP protocol | bytes sent / interval | counter | -| `consul.memberlist.gossip` | Measures the time taken for gossip messages to be broadcasted to a set of randomly selected nodes. | ms | timer | -| `consul.memberlist.msg_alive` | Counts the number of alive messages, that the agent has processed so far, based on the message information given by the network layer. | messages / Interval | counter | -| `consul.memberlist.msg_dead` | The number of dead messages that the agent has processed so far, based on the message information given by the network layer. | messages / Interval | counter | -| `consul.memberlist.msg_suspect` | The number of suspect messages that the agent has processed so far, based on the message information given by the network layer. | messages / Interval | counter | -| `consul.memberlist.probeNode` | Measures the time taken to perform a single round of failure detection on a select agent. | nodes / Interval | counter | -| `consul.memberlist.pushPullNode` | Measures the number of agents that have exchanged state with this agent. | nodes / Interval | counter | -| `consul.serf.member.failed` | Increments when an agent is marked dead. This can be an indicator of overloaded agents, network problems, or configuration errors where agents cannot connect to each other on the [required ports](/docs/agent/options#ports). | failures / interval | counter | -| `consul.serf.member.flap` | Available in Consul 0.7 and later, this increments when an agent is marked dead and then recovers within a short time period. This can be an indicator of overloaded agents, network problems, or configuration errors where agents cannot connect to each other on the [required ports](/docs/agent/options#ports). | flaps / interval | counter | -| `consul.serf.member.join` | Increments when an agent joins the cluster. If an agent flapped or failed this counter also increments when it re-joins. | joins / interval | counter | -| `consul.serf.member.left` | Increments when an agent leaves the cluster. | leaves / interval | counter | -| `consul.serf.events` | Increments when an agent processes an [event](/commands/event). Consul uses events internally so there may be additional events showing in telemetry. There are also a per-event counters emitted as `consul.serf.events.`. | events / interval | counter | -| `consul.serf.msgs.sent` | This metric is sample of the number of bytes of messages broadcast to the cluster. In a given time interval, the sum of this metric is the total number of bytes sent and the count is the number of messages sent. | message bytes / interval | counter | -| `consul.autopilot.failure_tolerance` | Tracks the number of voting servers that the cluster can lose while continuing to function. | servers | gauge | -| `consul.autopilot.healthy` | Tracks the overall health of the local server cluster. If all servers are considered healthy by Autopilot, this will be set to 1. If any are unhealthy, this will be 0. All non-leader servers will report `NaN`. | boolean | gauge | -| `consul.session_ttl.active` | Tracks the active number of sessions being tracked. | sessions | gauge | -| `consul.catalog.service.query.` | Increments for each catalog query for the given service. | queries | counter | -| `consul.catalog.service.query-tag..` | Increments for each catalog query for the given service with the given tag. | queries | counter | -| `consul.catalog.service.query-tags..` | Increments for each catalog query for the given service with the given tags. | queries | counter | -| `consul.catalog.service.not-found.` | Increments for each catalog query where the given service could not be found. | queries | counter | -| `consul.catalog.connect.query.` | Increments for each connect-based catalog query for the given service. | queries | counter | -| `consul.catalog.connect.query-tag..` | Increments for each connect-based catalog query for the given service with the given tag. | queries | counter | -| `consul.catalog.connect.query-tags..` | Increments for each connect-based catalog query for the given service with the given tags. | queries | counter | -| `consul.catalog.connect.not-found.` | Increments for each connect-based catalog query where the given service could not be found. | queries | counter | -| `consul.mesh.active-root-ca.expiry` | The number of seconds until the root CA expires, updated every hour. | seconds | gauge | -| `consul.mesh.active-signing-ca.expiry` | The number of seconds until the signing CA expires, updated every hour. | seconds | gauge | -| `consul.agent.tls.cert.expiry` | The number of seconds until the Agent TLS certificate expires, updated every hour. | seconds | gauge | +| `consul.memberlist.degraded.probe` | Counts the number of times the agent has performed failure detection on another agent at a slower probe rate. The agent uses its own health metric as an indicator to perform this action. (If its health score is low, means that the node is healthy, and vice versa.) | probes / interval | counter | +| `consul.memberlist.degraded.timeout` | Counts the number of times an agent was marked as a dead node, whilst not getting enough confirmations from a randomly selected list of agent nodes in an agent's membership. | occurrence / interval | counter | +| `consul.memberlist.msg.dead` | Counts the number of times an agent has marked another agent to be a dead node. | messages / interval | counter | +| `consul.memberlist.health.score` | Describes a node's perception of its own health based on how well it is meeting the soft real-time requirements of the protocol. This metric ranges from 0 to 8, where 0 indicates "totally healthy". This health score is used to scale the time between outgoing probes, and higher scores translate into longer probing intervals. For more details see section IV of the Lifeguard paper: https://arxiv.org/pdf/1707.00788.pdf | score | gauge | +| `consul.memberlist.msg.suspect` | Increments when an agent suspects another as failed when executing random probes as part of the gossip protocol. These can be an indicator of overloaded agents, network problems, or configuration errors where agents can not connect to each other on the [required ports](/docs/agent/options#ports). | suspect messages received / interval | counter | +| `consul.memberlist.tcp.accept` | Counts the number of times an agent has accepted an incoming TCP stream connection. | connections accepted / interval | counter | +| `consul.memberlist.udp.sent/received` | Measures the total number of bytes sent/received by an agent through the UDP protocol. | bytes sent or bytes received / interval | counter | +| `consul.memberlist.tcp.connect` | Counts the number of times an agent has initiated a push/pull sync with an other agent. | push/pull initiated / interval | counter | +| `consul.memberlist.tcp.sent` | Measures the total number of bytes sent by an agent through the TCP protocol | bytes sent / interval | counter | +| `consul.memberlist.gossip` | Measures the time taken for gossip messages to be broadcasted to a set of randomly selected nodes. | ms | timer | +| `consul.memberlist.msg_alive` | Counts the number of alive messages, that the agent has processed so far, based on the message information given by the network layer. | messages / Interval | counter | +| `consul.memberlist.msg_dead` | The number of dead messages that the agent has processed so far, based on the message information given by the network layer. | messages / Interval | counter | +| `consul.memberlist.msg_suspect` | The number of suspect messages that the agent has processed so far, based on the message information given by the network layer. | messages / Interval | counter | +| `consul.memberlist.probeNode` | Measures the time taken to perform a single round of failure detection on a select agent. | nodes / Interval | counter | +| `consul.memberlist.pushPullNode` | Measures the number of agents that have exchanged state with this agent. | nodes / Interval | counter | +| `consul.serf.member.failed` | Increments when an agent is marked dead. This can be an indicator of overloaded agents, network problems, or configuration errors where agents cannot connect to each other on the [required ports](/docs/agent/options#ports). | failures / interval | counter | +| `consul.serf.member.flap` | Available in Consul 0.7 and later, this increments when an agent is marked dead and then recovers within a short time period. This can be an indicator of overloaded agents, network problems, or configuration errors where agents cannot connect to each other on the [required ports](/docs/agent/options#ports). | flaps / interval | counter | +| `consul.serf.member.join` | Increments when an agent joins the cluster. If an agent flapped or failed this counter also increments when it re-joins. | joins / interval | counter | +| `consul.serf.member.left` | Increments when an agent leaves the cluster. | leaves / interval | counter | +| `consul.serf.events` | Increments when an agent processes an [event](/commands/event). Consul uses events internally so there may be additional events showing in telemetry. There are also a per-event counters emitted as `consul.serf.events.`. | events / interval | counter | +| `consul.serf.msgs.sent` | This metric is sample of the number of bytes of messages broadcast to the cluster. In a given time interval, the sum of this metric is the total number of bytes sent and the count is the number of messages sent. | message bytes / interval | counter | +| `consul.autopilot.failure_tolerance` | Tracks the number of voting servers that the cluster can lose while continuing to function. | servers | gauge | +| `consul.autopilot.healthy` | Tracks the overall health of the local server cluster. If all servers are considered healthy by Autopilot, this will be set to 1. If any are unhealthy, this will be 0. All non-leader servers will report `NaN`. | boolean | gauge | +| `consul.session_ttl.active` | Tracks the active number of sessions being tracked. | sessions | gauge | +| `consul.catalog.service.query.` | Increments for each catalog query for the given service. | queries | counter | +| `consul.catalog.service.query-tag..` | Increments for each catalog query for the given service with the given tag. | queries | counter | +| `consul.catalog.service.query-tags..` | Increments for each catalog query for the given service with the given tags. | queries | counter | +| `consul.catalog.service.not-found.` | Increments for each catalog query where the given service could not be found. | queries | counter | +| `consul.catalog.connect.query.` | Increments for each connect-based catalog query for the given service. | queries | counter | +| `consul.catalog.connect.query-tag..` | Increments for each connect-based catalog query for the given service with the given tag. | queries | counter | +| `consul.catalog.connect.query-tags..` | Increments for each connect-based catalog query for the given service with the given tags. | queries | counter | +| `consul.catalog.connect.not-found.` | Increments for each connect-based catalog query where the given service could not be found. | queries | counter | +| `consul.mesh.active-root-ca.expiry` | The number of seconds until the root CA expires, updated every hour. | seconds | gauge | +| `consul.mesh.active-signing-ca.expiry`| The number of seconds until the signing CA expires, updated every hour. | seconds | gauge | +| `consul.agent.tls.cert.expiry` | The number of seconds until the Agent TLS certificate expires, updated every hour. | seconds | gauge | ## Connect Built-in Proxy Metrics From c7204528c5a7f07c864a8a0ea6fd59301c408a90 Mon Sep 17 00:00:00 2001 From: Eric Date: Thu, 31 Mar 2022 16:24:46 -0400 Subject: [PATCH 058/785] Implement Lambda Patching in the Serverless Plugin --- agent/proxycfg/testing_terminating_gateway.go | 10 +- agent/xds/serverless_plugin_oss_test.go | 107 +++++++ agent/xds/serverlessplugin/copied.go | 59 ++++ agent/xds/serverlessplugin/lambda_patcher.go | 170 +++++++++++ .../serverlessplugin/lambda_patcher_test.go | 83 ++++++ agent/xds/serverlessplugin/patcher.go | 81 ++++++ agent/xds/serverlessplugin/patcher_test.go | 100 +++++++ .../xds/serverlessplugin/serverlessplugin.go | 115 +++++++- ...da-terminating-gateway.envoy-1-20-x.golden | 169 +++++++++++ ...da-terminating-gateway.envoy-1-20-x.golden | 272 ++++++++++++++++++ agent/xds/xdscommon/xdscommon.go | 3 +- agent/xds/xdscommon/xdscommon_oss_test.go | 9 +- 12 files changed, 1172 insertions(+), 6 deletions(-) create mode 100644 agent/xds/serverless_plugin_oss_test.go create mode 100644 agent/xds/serverlessplugin/copied.go create mode 100644 agent/xds/serverlessplugin/lambda_patcher.go create mode 100644 agent/xds/serverlessplugin/lambda_patcher_test.go create mode 100644 agent/xds/serverlessplugin/patcher.go create mode 100644 agent/xds/serverlessplugin/patcher_test.go create mode 100644 agent/xds/testdata/serverless_plugin/clusters/lambda-terminating-gateway.envoy-1-20-x.golden create mode 100644 agent/xds/testdata/serverless_plugin/listeners/lambda-terminating-gateway.envoy-1-20-x.golden diff --git a/agent/proxycfg/testing_terminating_gateway.go b/agent/proxycfg/testing_terminating_gateway.go index 5b9889c85..e66ef3399 100644 --- a/agent/proxycfg/testing_terminating_gateway.go +++ b/agent/proxycfg/testing_terminating_gateway.go @@ -642,13 +642,19 @@ func TestConfigSnapshotTerminatingGatewayIgnoreExtraResolvers(t testing.T) *Conf }) } -func TestConfigSnapshotTerminatingGatewayWithServiceDefaultsMeta(t testing.T) *ConfigSnapshot { +func TestConfigSnapshotTerminatingGatewayWithLambdaService(t testing.T) *ConfigSnapshot { web := structs.NewServiceName("web", nil) return TestConfigSnapshotTerminatingGateway(t, true, nil, []agentcache.UpdateEvent{ { CorrelationID: serviceConfigIDPrefix + web.String(), Result: &structs.ServiceConfigResponse{ - Meta: map[string]string{"a": "b"}, + ProxyConfig: map[string]interface{}{"protocol": "http"}, + Meta: map[string]string{ + "serverless.consul.hashicorp.com/v1alpha1/lambda/enabled": "true", + "serverless.consul.hashicorp.com/v1alpha1/lambda/arn": "lambda-arn", + "serverless.consul.hashicorp.com/v1alpha1/lambda/payload-passthrough": "true", + "serverless.consul.hashicorp.com/v1alpha1/lambda/region": "us-east-1", + }, }, }, }) diff --git a/agent/xds/serverless_plugin_oss_test.go b/agent/xds/serverless_plugin_oss_test.go new file mode 100644 index 000000000..20c9a4d2d --- /dev/null +++ b/agent/xds/serverless_plugin_oss_test.go @@ -0,0 +1,107 @@ +//go:build !consulent +// +build !consulent + +package xds + +import ( + "path/filepath" + "sort" + "testing" + + envoy_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" + envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" + "github.com/golang/protobuf/proto" + testinf "github.com/mitchellh/go-testing-interface" + "github.com/stretchr/testify/require" + + "github.com/hashicorp/consul/agent/proxycfg" + "github.com/hashicorp/consul/agent/xds/proxysupport" + "github.com/hashicorp/consul/agent/xds/serverlessplugin" + "github.com/hashicorp/consul/agent/xds/xdscommon" + "github.com/hashicorp/consul/sdk/testutil" +) + +func TestServerlessPluginFromSnapshot(t *testing.T) { + tests := []struct { + name string + create func(t testinf.T) *proxycfg.ConfigSnapshot + }{ + { + name: "lambda-terminating-gateway", + create: proxycfg.TestConfigSnapshotTerminatingGatewayWithLambdaService, + }, + } + + latestEnvoyVersion := proxysupport.EnvoyVersions[0] + for _, envoyVersion := range proxysupport.EnvoyVersions { + sf, err := determineSupportedProxyFeaturesFromString(envoyVersion) + require.NoError(t, err) + t.Run("envoy-"+envoyVersion, func(t *testing.T) { + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + // Sanity check default with no overrides first + snap := tt.create(t) + + // We need to replace the TLS certs with deterministic ones to make golden + // files workable. Note we don't update these otherwise they'd change + // golden files for every test case and so not be any use! + setupTLSRootsAndLeaf(t, snap) + + g := newResourceGenerator(testutil.Logger(t), nil, nil, false) + g.ProxyFeatures = sf + + res, err := g.allResourcesFromSnapshot(snap) + require.NoError(t, err) + + indexedResources := indexResources(g.Logger, res) + newResourceMap, err := serverlessplugin.MutateIndexedResources(indexedResources, xdscommon.MakePluginConfiguration(snap)) + require.NoError(t, err) + + entities := []struct { + name string + key string + sorter func([]proto.Message) func(int, int) bool + }{ + { + name: "clusters", + key: xdscommon.ClusterType, + sorter: func(msgs []proto.Message) func(int, int) bool { + return func(i, j int) bool { + return msgs[i].(*envoy_cluster_v3.Cluster).Name < msgs[j].(*envoy_cluster_v3.Cluster).Name + } + }, + }, + { + name: "listeners", + key: xdscommon.ListenerType, + sorter: func(msgs []proto.Message) func(int, int) bool { + return func(i, j int) bool { + return msgs[i].(*envoy_listener_v3.Listener).Name < msgs[j].(*envoy_listener_v3.Listener).Name + } + }, + }, + } + + for _, entity := range entities { + var msgs []proto.Message + for _, e := range newResourceMap.Index[entity.key] { + msgs = append(msgs, e) + } + + sort.Slice(msgs, entity.sorter(msgs)) + r, err := createResponse(entity.key, "00000001", "00000001", msgs) + require.NoError(t, err) + + t.Run(entity.name, func(t *testing.T) { + gotJSON := protoToJSON(t, r) + + require.JSONEq(t, goldenEnvoy(t, + filepath.Join("serverless_plugin", entity.name, tt.name), + envoyVersion, latestEnvoyVersion, gotJSON), gotJSON) + }) + } + }) + } + }) + } +} diff --git a/agent/xds/serverlessplugin/copied.go b/agent/xds/serverlessplugin/copied.go new file mode 100644 index 000000000..3e99038aa --- /dev/null +++ b/agent/xds/serverlessplugin/copied.go @@ -0,0 +1,59 @@ +package serverlessplugin + +import ( + envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" + envoy_http_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" + envoy_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" + + "github.com/golang/protobuf/ptypes" + + "github.com/golang/protobuf/proto" +) + +// This is copied from xds and not put into the shared package because I'm not +// convinced it should be shared. + +func makeUpstreamTLSTransportSocket(tlsContext *envoy_tls_v3.UpstreamTlsContext) (*envoy_core_v3.TransportSocket, error) { + if tlsContext == nil { + return nil, nil + } + return makeTransportSocket("tls", tlsContext) +} + +func makeTransportSocket(name string, config proto.Message) (*envoy_core_v3.TransportSocket, error) { + any, err := ptypes.MarshalAny(config) + if err != nil { + return nil, err + } + return &envoy_core_v3.TransportSocket{ + Name: name, + ConfigType: &envoy_core_v3.TransportSocket_TypedConfig{ + TypedConfig: any, + }, + }, nil +} + +func makeEnvoyHTTPFilter(name string, cfg proto.Message) (*envoy_http_v3.HttpFilter, error) { + any, err := ptypes.MarshalAny(cfg) + if err != nil { + return nil, err + } + + return &envoy_http_v3.HttpFilter{ + Name: name, + ConfigType: &envoy_http_v3.HttpFilter_TypedConfig{TypedConfig: any}, + }, nil +} + +func makeFilter(name string, cfg proto.Message) (*envoy_listener_v3.Filter, error) { + any, err := ptypes.MarshalAny(cfg) + if err != nil { + return nil, err + } + + return &envoy_listener_v3.Filter{ + Name: name, + ConfigType: &envoy_listener_v3.Filter_TypedConfig{TypedConfig: any}, + }, nil +} diff --git a/agent/xds/serverlessplugin/lambda_patcher.go b/agent/xds/serverlessplugin/lambda_patcher.go new file mode 100644 index 000000000..5121a36df --- /dev/null +++ b/agent/xds/serverlessplugin/lambda_patcher.go @@ -0,0 +1,170 @@ +package serverlessplugin + +import ( + "errors" + "fmt" + + envoy_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" + envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + envoy_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3" + envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" + envoy_lambda_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/aws_lambda/v3" + envoy_http_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" + envoy_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" + envoy_resource_v3 "github.com/envoyproxy/go-control-plane/pkg/resource/v3" + pstruct "github.com/golang/protobuf/ptypes/struct" + + "github.com/hashicorp/consul/agent/xds/xdscommon" + "github.com/hashicorp/consul/api" +) + +const ( + lambdaPrefix string = "serverless.consul.hashicorp.com/v1alpha1" + lambdaEnabledTag string = lambdaPrefix + "/lambda/enabled" + lambdaArnTag string = lambdaPrefix + "/lambda/arn" + lambdaPayloadPassthroughTag string = lambdaPrefix + "/lambda/payload-passhthrough" + lambdaRegionTag string = lambdaPrefix + "/lambda/region" + lambdaInvocationMode string = lambdaPrefix + "/lambda/invocation-mode" +) + +type lambdaPatcher struct { + arn string + payloadPassthrough bool + region string + kind api.ServiceKind + invocationMode envoy_lambda_v3.Config_InvocationMode +} + +var _ patcher = (*lambdaPatcher)(nil) + +func makeLambdaPatcher(serviceConfig xdscommon.ServiceConfig) (patcher, bool) { + var patcher lambdaPatcher + if !isStringTrue(serviceConfig.Meta[lambdaEnabledTag]) { + return patcher, true + } + + arn := serviceConfig.Meta[lambdaArnTag] + if arn == "" { + return patcher, false + } + + region := serviceConfig.Meta[lambdaRegionTag] + if region == "" { + return patcher, false + } + + payloadPassthrough := isStringTrue(serviceConfig.Meta[lambdaPayloadPassthroughTag]) + + invocationModeStr := serviceConfig.Meta[lambdaInvocationMode] + invocationMode := envoy_lambda_v3.Config_SYNCHRONOUS + if invocationModeStr == "asynchronous" { + invocationMode = envoy_lambda_v3.Config_ASYNCHRONOUS + } + + return lambdaPatcher{ + arn: arn, + payloadPassthrough: payloadPassthrough, + region: region, + kind: serviceConfig.Kind, + invocationMode: invocationMode, + }, true +} + +func isStringTrue(v string) bool { + return v == "true" +} + +func (p lambdaPatcher) CanPatch(kind api.ServiceKind) bool { + return kind == p.kind +} + +func (p lambdaPatcher) PatchCluster(c *envoy_cluster_v3.Cluster) (*envoy_cluster_v3.Cluster, bool, error) { + transportSocket, err := makeUpstreamTLSTransportSocket(&envoy_tls_v3.UpstreamTlsContext{ + Sni: "*.amazonaws.com", + }) + + if err != nil { + return c, false, fmt.Errorf("failed to make transport socket: %w", err) + } + + cluster := &envoy_cluster_v3.Cluster{ + Name: c.Name, + ConnectTimeout: c.ConnectTimeout, + ClusterDiscoveryType: &envoy_cluster_v3.Cluster_Type{Type: envoy_cluster_v3.Cluster_LOGICAL_DNS}, + DnsLookupFamily: envoy_cluster_v3.Cluster_V4_ONLY, + LbPolicy: envoy_cluster_v3.Cluster_ROUND_ROBIN, + Metadata: &envoy_core_v3.Metadata{ + FilterMetadata: map[string]*pstruct.Struct{ + "com.amazonaws.lambda": { + Fields: map[string]*pstruct.Value{ + "egress_gateway": {Kind: &pstruct.Value_BoolValue{BoolValue: true}}, + }, + }, + }, + }, + LoadAssignment: &envoy_endpoint_v3.ClusterLoadAssignment{ + ClusterName: c.Name, + Endpoints: []*envoy_endpoint_v3.LocalityLbEndpoints{ + { + LbEndpoints: []*envoy_endpoint_v3.LbEndpoint{ + { + HostIdentifier: &envoy_endpoint_v3.LbEndpoint_Endpoint{ + Endpoint: &envoy_endpoint_v3.Endpoint{ + Address: &envoy_core_v3.Address{ + Address: &envoy_core_v3.Address_SocketAddress{ + SocketAddress: &envoy_core_v3.SocketAddress{ + Address: fmt.Sprintf("lambda.%s.amazonaws.com", p.region), + PortSpecifier: &envoy_core_v3.SocketAddress_PortValue{ + PortValue: 443, + }, + }, + }, + }, + }, + }, + }, + }, + }, + }, + }, + TransportSocket: transportSocket, + } + return cluster, true, nil +} + +func (p lambdaPatcher) PatchFilter(filter *envoy_listener_v3.Filter) (*envoy_listener_v3.Filter, bool, error) { + if filter.Name != "envoy.filters.network.http_connection_manager" { + return filter, false, nil + } + if typedConfig := filter.GetTypedConfig(); typedConfig == nil { + return filter, false, errors.New("error getting typed config for http filter") + } + + config := envoy_resource_v3.GetHTTPConnectionManager(filter) + if config == nil { + return filter, false, errors.New("error unmarshalling filter") + } + httpFilter, err := makeEnvoyHTTPFilter( + "envoy.filters.http.aws_lambda", + &envoy_lambda_v3.Config{ + Arn: p.arn, + PayloadPassthrough: p.payloadPassthrough, + InvocationMode: p.invocationMode, + }, + ) + if err != nil { + return filter, false, err + } + + config.HttpFilters = []*envoy_http_v3.HttpFilter{ + httpFilter, + {Name: "envoy.filters.http.router"}, + } + config.StripMatchingHostPort = true + newFilter, err := makeFilter("envoy.filters.network.http_connection_manager", config) + if err != nil { + return filter, false, errors.New("error making new filter") + } + + return newFilter, true, nil +} diff --git a/agent/xds/serverlessplugin/lambda_patcher_test.go b/agent/xds/serverlessplugin/lambda_patcher_test.go new file mode 100644 index 000000000..09ac0cc36 --- /dev/null +++ b/agent/xds/serverlessplugin/lambda_patcher_test.go @@ -0,0 +1,83 @@ +package serverlessplugin + +import ( + "strconv" + "testing" + + "github.com/stretchr/testify/require" + + "github.com/hashicorp/consul/agent/xds/xdscommon" + "github.com/hashicorp/consul/api" +) + +func TestMakeLambdaPatcher(t *testing.T) { + kind := api.ServiceKindTerminatingGateway + cases := []struct { + name string + enabled bool + arn string + payloadPassthrough bool + region string + expected lambdaPatcher + ok bool + }{ + { + name: "no meta", + ok: true, + }, + { + name: "lambda disabled", + enabled: false, + ok: true, + }, + { + name: "missing arn", + enabled: true, + region: "blah", + ok: false, + }, + { + name: "missing region", + enabled: true, + region: "arn", + ok: false, + }, + { + name: "including payload passthrough", + enabled: true, + arn: "arn", + region: "blah", + payloadPassthrough: true, + expected: lambdaPatcher{ + arn: "arn", + payloadPassthrough: true, + region: "blah", + kind: kind, + }, + ok: true, + }, + } + + for _, tc := range cases { + t.Run(tc.name, func(t *testing.T) { + config := xdscommon.ServiceConfig{ + Kind: kind, + Meta: map[string]string{ + lambdaEnabledTag: strconv.FormatBool(tc.enabled), + lambdaArnTag: tc.arn, + lambdaRegionTag: tc.region, + }, + } + + if tc.payloadPassthrough { + config.Meta[lambdaPayloadPassthroughTag] = strconv.FormatBool(tc.payloadPassthrough) + } + + patcher, ok := makeLambdaPatcher(config) + + require.Equal(t, tc.ok, ok) + + require.Equal(t, tc.expected, patcher) + }) + } +} diff --git a/agent/xds/serverlessplugin/patcher.go b/agent/xds/serverlessplugin/patcher.go new file mode 100644 index 000000000..58847bcb6 --- /dev/null +++ b/agent/xds/serverlessplugin/patcher.go @@ -0,0 +1,81 @@ +package serverlessplugin + +import ( + envoy_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" + envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" + + "github.com/hashicorp/consul/agent/xds/xdscommon" + "github.com/hashicorp/consul/api" +) + +// patcher is the interface that each serverless integration must implement. It +// is responsible for modifying the xDS structures based on only the state of +// the patcher. +type patcher interface { + // CanPatch determines if the patcher can mutate resources for the given api.ServiceKind + CanPatch(api.ServiceKind) bool + + // PatchCluster patches a cluster to include the custom Envoy configuration + // required to integrate with the serverless integration. + PatchCluster(*envoy_cluster_v3.Cluster) (*envoy_cluster_v3.Cluster, bool, error) + + // PatchFilter patches an Envoy filter to include the custom Envoy + // configuration required to integrate with the serverless integration. + PatchFilter(*envoy_listener_v3.Filter) (*envoy_listener_v3.Filter, bool, error) +} + +type patchers map[api.CompoundServiceName]patcher + +func getPatcher(patchers patchers, kind api.ServiceKind, name api.CompoundServiceName) patcher { + patcher, ok := patchers[name] + + if !ok { + return nil + } + + if !patcher.CanPatch(kind) { + return nil + } + + return patcher +} + +// getPatcherBySNI gets the patcher for the associated SNI. +func getPatcherBySNI(config xdscommon.PluginConfiguration, kind api.ServiceKind, sni string) patcher { + serviceName, ok := config.SNIToServiceName[sni] + + if !ok { + return nil + } + + serviceConfig, ok := config.ServiceConfigs[serviceName] + if !ok { + return nil + } + + p := makePatcher(serviceConfig) + if p == nil || !p.CanPatch(kind) { + return nil + } + + return p +} + +func makePatcher(serviceConfig xdscommon.ServiceConfig) patcher { + for _, constructor := range patchConstructors { + patcher, ok := constructor(serviceConfig) + if ok { + return patcher + } + } + + return nil +} + +// patchConstructor is used to construct patchers based on +// xdscommon.ServiceConfig. This function contains all of the logic around +// turning Meta data into the patcher. +type patchConstructor func(xdscommon.ServiceConfig) (patcher, bool) + +// patchConstructors contains all patchers that getPatchers tries to create. +var patchConstructors = []patchConstructor{makeLambdaPatcher} diff --git a/agent/xds/serverlessplugin/patcher_test.go b/agent/xds/serverlessplugin/patcher_test.go new file mode 100644 index 000000000..456cc0cd4 --- /dev/null +++ b/agent/xds/serverlessplugin/patcher_test.go @@ -0,0 +1,100 @@ +package serverlessplugin + +import ( + "testing" + + "github.com/stretchr/testify/require" + + "github.com/hashicorp/consul/agent/xds/xdscommon" + "github.com/hashicorp/consul/api" +) + +func TestGetPatcherBySNI(t *testing.T) { + cases := []struct { + name string + sni string + kind api.ServiceKind + expected patcher + config *xdscommon.PluginConfiguration + }{ + { + name: "no sni match", + sni: "not-matching", + }, + { + name: "no patcher", + config: &xdscommon.PluginConfiguration{}, + sni: "lambda-sni", + }, + { + name: "no kind match", + kind: api.ServiceKindIngressGateway, + sni: "lambda-sni", + }, + { + name: "full match", + sni: "lambda-sni", + kind: api.ServiceKindTerminatingGateway, + expected: lambdaPatcher{ + arn: "arn", + region: "region", + payloadPassthrough: false, + kind: api.ServiceKindTerminatingGateway, + }, + }, + } + + for _, tc := range cases { + t.Run(tc.name, func(t *testing.T) { + config := sampleConfig() + if tc.config != nil { + config = *tc.config + } + patcher := getPatcherBySNI(config, tc.kind, tc.sni) + + if tc.expected == nil { + require.Empty(t, patcher) + } else { + require.Equal(t, tc.expected, patcher) + } + }) + } +} + +var ( + lambdaService = api.CompoundServiceName{Name: "lambda"} + disabledLambdaService = api.CompoundServiceName{Name: "disabled-lambda"} + invalidLambdaService = api.CompoundServiceName{Name: "invalid-lambda"} +) + +func sampleConfig() xdscommon.PluginConfiguration { + return xdscommon.PluginConfiguration{ + ServiceConfigs: map[api.CompoundServiceName]xdscommon.ServiceConfig{ + lambdaService: { + Kind: api.ServiceKindTerminatingGateway, + Meta: map[string]string{ + lambdaEnabledTag: "true", + lambdaArnTag: "arn", + lambdaRegionTag: "region", + }, + }, + disabledLambdaService: { + Kind: api.ServiceKindTerminatingGateway, + Meta: map[string]string{ + lambdaEnabledTag: "false", + lambdaArnTag: "arn", + lambdaRegionTag: "region", + }, + }, + invalidLambdaService: { + Kind: api.ServiceKindTerminatingGateway, + Meta: map[string]string{ + lambdaEnabledTag: "true", + }, + }, + }, + SNIToServiceName: map[string]api.CompoundServiceName{ + "lambda-sni": lambdaService, + }, + } +} diff --git a/agent/xds/serverlessplugin/serverlessplugin.go b/agent/xds/serverlessplugin/serverlessplugin.go index 8ad6c6273..8ab38e374 100644 --- a/agent/xds/serverlessplugin/serverlessplugin.go +++ b/agent/xds/serverlessplugin/serverlessplugin.go @@ -1,9 +1,122 @@ package serverlessplugin import ( + "fmt" + + envoy_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" + envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" + "github.com/golang/protobuf/proto" + "github.com/hashicorp/go-multierror" + "github.com/hashicorp/consul/agent/xds/xdscommon" + "github.com/hashicorp/consul/api" ) +// MutateIndexedResources updates indexed xDS structures to include patches for +// serverless integrations. It is responsible for constructing all of the +// patchers and forwarding xDS structs onto the appropriate patcher. If any +// portion of this function fails, it will record the error and continue. The +// behavior is appropriate since the unpatched xDS structures this receives are +// typically invalid. func MutateIndexedResources(resources *xdscommon.IndexedResources, config xdscommon.PluginConfiguration) (*xdscommon.IndexedResources, error) { - return resources, nil + var resultErr error + + // The serverless plugin only supports terminating gateays for now, but will + // likely add connect proxies soon. + if config.Kind != api.ServiceKindTerminatingGateway { + return resources, resultErr + } + + for _, indexType := range []string{ + xdscommon.ClusterType, + xdscommon.ListenerType, + } { + for nameOrSNI, msg := range resources.Index[indexType] { + switch resource := msg.(type) { + case *envoy_cluster_v3.Cluster: + patcher := getPatcherBySNI(config, config.Kind, nameOrSNI) + if patcher == nil { + continue + } + + newCluster, patched, err := patcher.PatchCluster(resource) + if err != nil { + resultErr = multierror.Append(resultErr, fmt.Errorf("error patching cluster: %w", err)) + continue + } + if patched { + resources.Index[xdscommon.ClusterType][nameOrSNI] = newCluster + } + + case *envoy_listener_v3.Listener: + newListener, patched, err := patchTerminatingGatewayListener(resource, config) + if err != nil { + resultErr = multierror.Append(resultErr, fmt.Errorf("error patching listener: %w", err)) + continue + } + if patched { + resources.Index[xdscommon.ListenerType][nameOrSNI] = newListener + } + + default: + resultErr = multierror.Append(resultErr, fmt.Errorf("unsupported type was skipped: %T", resource)) + } + } + } + + return resources, resultErr +} + +func patchTerminatingGatewayListener(l *envoy_listener_v3.Listener, config xdscommon.PluginConfiguration) (proto.Message, bool, error) { + var resultErr error + patched := false + for _, filterChain := range l.FilterChains { + sni := getSNI(filterChain) + + if sni == "" { + continue + } + + patcher := getPatcherBySNI(config, config.Kind, sni) + + if patcher == nil { + continue + } + + var filters []*envoy_listener_v3.Filter + + for _, filter := range filterChain.Filters { + newFilter, ok, err := patcher.PatchFilter(filter) + + if err != nil { + resultErr = multierror.Append(resultErr, fmt.Errorf("error patching listener filter: %w", err)) + filters = append(filters, filter) + } + if ok { + filters = append(filters, newFilter) + patched = true + } + } + filterChain.Filters = filters + } + + return l, patched, resultErr +} + +func getSNI(chain *envoy_listener_v3.FilterChain) string { + var sni string + + if chain == nil { + return sni + } + + if chain.FilterChainMatch == nil { + return sni + } + + if len(chain.FilterChainMatch.ServerNames) == 0 { + return sni + } + + return chain.FilterChainMatch.ServerNames[0] } diff --git a/agent/xds/testdata/serverless_plugin/clusters/lambda-terminating-gateway.envoy-1-20-x.golden b/agent/xds/testdata/serverless_plugin/clusters/lambda-terminating-gateway.envoy-1-20-x.golden new file mode 100644 index 000000000..aa3deff05 --- /dev/null +++ b/agent/xds/testdata/serverless_plugin/clusters/lambda-terminating-gateway.envoy-1-20-x.golden @@ -0,0 +1,169 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "type": "LOGICAL_DNS", + "connectTimeout": "5s", + "loadAssignment": { + "clusterName": "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "api.altdomain", + "portValue": 8081 + } + } + }, + "healthStatus": "HEALTHY", + "loadBalancingWeight": 1 + } + ] + } + ] + }, + "dnsRefreshRate": "10s", + "dnsLookupFamily": "V4_ONLY", + "outlierDetection": { + + }, + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "commonTlsContext": { + "tlsParams": { + + }, + "tlsCertificates": [ + { + "certificateChain": { + "filename": "api.cert.pem" + }, + "privateKey": { + "filename": "api.key.pem" + } + } + ], + "validationContext": { + "trustedCa": { + "filename": "ca.cert.pem" + } + } + } + } + } + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "type": "LOGICAL_DNS", + "connectTimeout": "5s", + "loadAssignment": { + "clusterName": "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "cache.mydomain", + "portValue": 8081 + } + } + }, + "healthStatus": "HEALTHY", + "loadBalancingWeight": 1 + } + ] + } + ] + }, + "dnsRefreshRate": "10s", + "dnsLookupFamily": "V4_ONLY", + "outlierDetection": { + + } + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "type": "LOGICAL_DNS", + "connectTimeout": "5s", + "loadAssignment": { + "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "db.mydomain", + "portValue": 8081 + } + } + }, + "healthStatus": "UNHEALTHY", + "loadBalancingWeight": 1 + } + ] + } + ] + }, + "dnsRefreshRate": "10s", + "dnsLookupFamily": "V4_ONLY", + "outlierDetection": { + + } + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "type": "LOGICAL_DNS", + "connectTimeout": "5s", + "loadAssignment": { + "clusterName": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "lambda.us-east-1.amazonaws.com", + "portValue": 443 + } + } + } + } + ] + } + ] + }, + "dnsLookupFamily": "V4_ONLY", + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "sni": "*.amazonaws.com" + } + }, + "metadata": { + "filterMetadata": { + "com.amazonaws.lambda": { + "egress_gateway": true + } + } + } + } + ], + "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xds/testdata/serverless_plugin/listeners/lambda-terminating-gateway.envoy-1-20-x.golden b/agent/xds/testdata/serverless_plugin/listeners/lambda-terminating-gateway.envoy-1-20-x.golden new file mode 100644 index 000000000..e0b77f6f4 --- /dev/null +++ b/agent/xds/testdata/serverless_plugin/listeners/lambda-terminating-gateway.envoy-1-20-x.golden @@ -0,0 +1,272 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "name": "default:1.2.3.4:8443", + "address": { + "socketAddress": { + "address": "1.2.3.4", + "portValue": 8443 + } + }, + "filterChains": [ + { + "filterChainMatch": { + "serverNames": [ + "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + ] + }, + "filters": [ + { + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": { + + }, + "statPrefix": "connect_authz" + } + }, + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.api.default.default.dc1", + "cluster": "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + } + } + ], + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", + "commonTlsContext": { + "tlsParams": { + + }, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICnTCCAkKgAwIBAgIRAJrvEdaRAkSltrotd/l/j2cwCgYIKoZIzj0EAwIwgbgx\nCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj\nbzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw\nFQYDVQQKEw5IYXNoaUNvcnAgSW5jLjE/MD0GA1UEAxM2Q29uc3VsIEFnZW50IENB\nIDk2NjM4NzM1MDkzNTU5NTIwNDk3MTQwOTU3MDY1MTc0OTg3NDMxMB4XDTIwMDQx\nNDIyMzE1MloXDTIxMDQxNDIyMzE1MlowHDEaMBgGA1UEAxMRc2VydmVyLmRjMS5j\nb25zdWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ4v0FoIYI0OWmxE2MR6w5l\n0pWGhc02RpsOPj/6RS1fmXMMu7JzPzwCmkGcR16RlwwhNFKCZsWpvAjVRHf/pTp+\no4HHMIHEMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB\nBQUHAwIwDAYDVR0TAQH/BAIwADApBgNVHQ4EIgQgk7kABFitAy3PluyNtmzYiC7H\njSN8W/K/OXNJQAQAscMwKwYDVR0jBCQwIoAgNKbPPepvRHXSAPTc+a/BXBzFX1qJ\ny+Zi7qtjlFX7qtUwLQYDVR0RBCYwJIIRc2VydmVyLmRjMS5jb25zdWyCCWxvY2Fs\naG9zdIcEfwAAATAKBggqhkjOPQQDAgNJADBGAiEAhP4HmN5BWysWTbQWClXaWUah\nLpBGFrvc/2cCQuyEZKsCIQD6JyYCYMArtWwZ4G499zktxrFlqfX14bqyONrxtA5I\nDw==\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIE3KbKXHdsa0vvC1fysQaGdoJRgjRALIolI4XJanie+coAoGCCqGSM49\nAwEHoUQDQgAEOL9BaCGCNDlpsRNjEesOZdKVhoXNNkabDj4/+kUtX5lzDLuycz88\nAppBnEdekZcMITRSgmbFqbwI1UR3/6U6fg==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" + } + } + }, + "requireClientCertificate": true + } + } + }, + { + "filterChainMatch": { + "serverNames": [ + "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + ] + }, + "filters": [ + { + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": { + + }, + "statPrefix": "connect_authz" + } + }, + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.cache.default.default.dc1", + "cluster": "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + } + } + ], + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", + "commonTlsContext": { + "tlsParams": { + + }, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICmjCCAkGgAwIBAgIQe1ZmC0rzRwer6jaH1YIUIjAKBggqhkjOPQQDAjCBuDEL\nMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv\nMRowGAYDVQQJExExMDEgU2Vjb25kIFN0cmVldDEOMAwGA1UEERMFOTQxMDUxFzAV\nBgNVBAoTDkhhc2hpQ29ycCBJbmMuMT8wPQYDVQQDEzZDb25zdWwgQWdlbnQgQ0Eg\nODE5ODAwNjg0MDM0MTM3ODkyNDYxNTA1MDk0NDU3OTU1MTQxNjEwHhcNMjAwNjE5\nMTU1MjAzWhcNMjEwNjE5MTU1MjAzWjAcMRowGAYDVQQDExFzZXJ2ZXIuZGMxLmNv\nbnN1bDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABH2aWaaa3fpQLBayheHiKlrH\n+z53m0frfGknKjOhOPVYDVHV8x0OE01negswVQbKHAtxPf1M8Zy+WbI9rK7Ua1mj\ngccwgcQwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF\nBQcDAjAMBgNVHRMBAf8EAjAAMCkGA1UdDgQiBCDf9CPBSUwwZvpeW73oJLTmgQE2\ntW1NKpL5t1uq9WFcqDArBgNVHSMEJDAigCCPPd/NxgZB0tq2M8pdVpPj3Cr79iTv\ni4/T1ysodfMb7zAtBgNVHREEJjAkghFzZXJ2ZXIuZGMxLmNvbnN1bIIJbG9jYWxo\nb3N0hwR/AAABMAoGCCqGSM49BAMCA0cAMEQCIFCjFZAoXq0s2ied2eIBv0i1KoW5\nIhCylnKFt6iHkyDeAiBBCByTcjHRgEQmqyPojQKoO584EFiczTub9aWdnf9tEw==\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEINsen3S8xzxMrKcRZIvxXzhKDn43Tw9ttqWEFU9TqS5hoAoGCCqGSM49\nAwEHoUQDQgAEfZpZpprd+lAsFrKF4eIqWsf7PnebR+t8aScqM6E49VgNUdXzHQ4T\nTWd6CzBVBsocC3E9/UzxnL5Zsj2srtRrWQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" + } + } + }, + "requireClientCertificate": true + } + } + }, + { + "filterChainMatch": { + "serverNames": [ + "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + ] + }, + "filters": [ + { + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": { + + }, + "statPrefix": "connect_authz" + } + }, + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.db.default.default.dc1", + "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + } + } + ], + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", + "commonTlsContext": { + "tlsParams": { + + }, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICnTCCAkOgAwIBAgIRAKF+qDJbaOULNL1TIatrsBowCgYIKoZIzj0EAwIwgbkx\nCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj\nbzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw\nFQYDVQQKEw5IYXNoaUNvcnAgSW5jLjFAMD4GA1UEAxM3Q29uc3VsIEFnZW50IENB\nIDE4Nzg3MDAwNjUzMDcxOTYzNTk1ODkwNTE1ODY1NjEzMDA2MTU0NDAeFw0yMDA2\nMTkxNTMxMzRaFw0yMTA2MTkxNTMxMzRaMBwxGjAYBgNVBAMTEXNlcnZlci5kYzEu\nY29uc3VsMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdQ8Igci5f7ZvvCVsxXt9\ntLfvczD+60XHg0OC0+Aka7ZjQfbEjQwZbz/82EwPoS7Dqo3LTK4IuelOimoNNxuk\nkaOBxzCBxDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG\nAQUFBwMCMAwGA1UdEwEB/wQCMAAwKQYDVR0OBCIEILzTLkfJcdWQnTMKUcai/YJq\n0RqH1pjCqtY7SOU4gGOTMCsGA1UdIwQkMCKAIMa2vNcTEC5AGfHIYARJ/4sodX0o\nLzCj3lpw7BcEzPTcMC0GA1UdEQQmMCSCEXNlcnZlci5kYzEuY29uc3Vsgglsb2Nh\nbGhvc3SHBH8AAAEwCgYIKoZIzj0EAwIDSAAwRQIgBZ/Z4GSLEc98WvT/qjTVCNTG\n1WNaAaesVbkRx+J0yl8CIQDAVoqY9ByA5vKHjnQrxWlc/JUtJz8wudg7e/OCRriP\nSg==\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIN1v14FaNxgY4MgjDOOWthen8dgwB0lNMs9/j2TfrnxzoAoGCCqGSM49\nAwEHoUQDQgAEdQ8Igci5f7ZvvCVsxXt9tLfvczD+60XHg0OC0+Aka7ZjQfbEjQwZ\nbz/82EwPoS7Dqo3LTK4IuelOimoNNxukkQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" + } + } + }, + "requireClientCertificate": true + } + } + }, + { + "filterChainMatch": { + "serverNames": [ + "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + ] + }, + "filters": [ + { + "name": "envoy.filters.network.http_connection_manager", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", + "statPrefix": "upstream.web.default.default.dc1", + "rds": { + "configSource": { + "ads": { + + }, + "resourceApiVersion": "V3" + }, + "routeConfigName": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + }, + "httpFilters": [ + { + "name": "envoy.filters.http.aws_lambda", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.aws_lambda.v3.Config", + "arn": "lambda-arn" + } + }, + { + "name": "envoy.filters.http.router" + } + ], + "tracing": { + "randomSampling": { + + } + }, + "stripMatchingHostPort": true + } + } + ], + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", + "commonTlsContext": { + "tlsParams": { + + }, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" + } + } + }, + "requireClientCertificate": true + } + } + }, + { + "filters": [ + { + "name": "envoy.filters.network.sni_cluster" + }, + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "terminating_gateway.default", + "cluster": "" + } + } + ] + } + ], + "listenerFilters": [ + { + "name": "envoy.filters.listener.tls_inspector" + } + ], + "trafficDirection": "INBOUND" + } + ], + "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xds/xdscommon/xdscommon.go b/agent/xds/xdscommon/xdscommon.go index de856c355..b1b7da121 100644 --- a/agent/xds/xdscommon/xdscommon.go +++ b/agent/xds/xdscommon/xdscommon.go @@ -78,7 +78,8 @@ type PluginConfiguration struct { // associated service's CompoundServiceName EnvoyIDToServiceName map[string]api.CompoundServiceName - // Kind is mode the local Envoy proxy is running in + // Kind is mode the local Envoy proxy is running in. For now, only + // terminating gateways are supported. Kind api.ServiceKind } diff --git a/agent/xds/xdscommon/xdscommon_oss_test.go b/agent/xds/xdscommon/xdscommon_oss_test.go index d11c9b015..c92be3ba5 100644 --- a/agent/xds/xdscommon/xdscommon_oss_test.go +++ b/agent/xds/xdscommon/xdscommon_oss_test.go @@ -13,7 +13,7 @@ import ( ) func TestMakePluginConfiguration_TerminatingGateway(t *testing.T) { - snap := proxycfg.TestConfigSnapshotTerminatingGatewayWithServiceDefaultsMeta(t) + snap := proxycfg.TestConfigSnapshotTerminatingGatewayWithLambdaService(t) webService := api.CompoundServiceName{ Name: "web", @@ -41,7 +41,12 @@ func TestMakePluginConfiguration_TerminatingGateway(t *testing.T) { ServiceConfigs: map[api.CompoundServiceName]ServiceConfig{ webService: { Kind: api.ServiceKindTerminatingGateway, - Meta: map[string]string{"a": "b"}, + Meta: map[string]string{ + "serverless.consul.hashicorp.com/v1alpha1/lambda/enabled": "true", + "serverless.consul.hashicorp.com/v1alpha1/lambda/arn": "lambda-arn", + "serverless.consul.hashicorp.com/v1alpha1/lambda/payload-passthrough": "true", + "serverless.consul.hashicorp.com/v1alpha1/lambda/region": "us-east-1", + }, }, apiService: { Kind: api.ServiceKindTerminatingGateway, From 116b6c57cbdcc73f75635ae77e4760d959ec3ade Mon Sep 17 00:00:00 2001 From: Kyle Havlovitz Date: Thu, 31 Mar 2022 13:46:14 -0700 Subject: [PATCH 059/785] Use the GatewayService SNI field for upstream SAN validation --- agent/proxycfg/testing_terminating_gateway.go | 24 +++ agent/xds/clusters.go | 16 +- agent/xds/clusters_test.go | 4 + ...erminating-gateway-sni.envoy-1-20-x.golden | 174 ++++++++++++++++++ .../config-entries/terminating-gateway.mdx | 20 +- 5 files changed, 232 insertions(+), 6 deletions(-) create mode 100644 agent/xds/testdata/clusters/terminating-gateway-sni.envoy-1-20-x.golden diff --git a/agent/proxycfg/testing_terminating_gateway.go b/agent/proxycfg/testing_terminating_gateway.go index 5b9889c85..14092f450 100644 --- a/agent/proxycfg/testing_terminating_gateway.go +++ b/agent/proxycfg/testing_terminating_gateway.go @@ -526,6 +526,30 @@ func testConfigSnapshotTerminatingGatewayLBConfig(t testing.T, variant string) * }) } +func TestConfigSnapshotTerminatingGatewaySNI(t testing.T) *ConfigSnapshot { + return TestConfigSnapshotTerminatingGateway(t, true, nil, []cache.UpdateEvent{ + { + CorrelationID: "gateway-services", + Result: &structs.IndexedGatewayServices{ + Services: []*structs.GatewayService{ + { + Service: structs.NewServiceName("web", nil), + CAFile: "ca.cert.pem", + SNI: "foo.com", + }, + { + Service: structs.NewServiceName("api", nil), + CAFile: "ca.cert.pem", + CertFile: "api.cert.pem", + KeyFile: "api.key.pem", + SNI: "bar.com", + }, + }, + }, + }, + }) +} + func TestConfigSnapshotTerminatingGatewayHostnameSubsets(t testing.T) *ConfigSnapshot { var ( api = structs.NewServiceName("api", nil) diff --git a/agent/xds/clusters.go b/agent/xds/clusters.go index 4c9855036..63442eb51 100644 --- a/agent/xds/clusters.go +++ b/agent/xds/clusters.go @@ -390,6 +390,9 @@ func (s *ResourceGenerator) injectGatewayServiceAddons(cfgSnap *proxycfg.ConfigS } if mapping.SNI != "" { tlsContext.Sni = mapping.SNI + if err := injectRawSANMatcher(tlsContext.CommonTlsContext, []string{mapping.SNI}); err != nil { + return fmt.Errorf("failed to inject SNI matcher into TLS context: %v", err) + } } transportSocket, err := makeUpstreamTLSTransportSocket(tlsContext) @@ -803,6 +806,15 @@ func (s *ResourceGenerator) makeUpstreamClustersForDiscoveryChain( // injectSANMatcher updates a TLS context so that it verifies the upstream SAN. func injectSANMatcher(tlsContext *envoy_tls_v3.CommonTlsContext, spiffeIDs ...connect.SpiffeIDService) error { + var matchStrings []string + for _, id := range spiffeIDs { + matchStrings = append(matchStrings, id.URI().String()) + } + + return injectRawSANMatcher(tlsContext, matchStrings) +} + +func injectRawSANMatcher(tlsContext *envoy_tls_v3.CommonTlsContext, matchStrings []string) error { validationCtx, ok := tlsContext.ValidationContextType.(*envoy_tls_v3.CommonTlsContext_ValidationContext) if !ok { return fmt.Errorf("invalid type: expected CommonTlsContext_ValidationContext, got %T", @@ -810,10 +822,10 @@ func injectSANMatcher(tlsContext *envoy_tls_v3.CommonTlsContext, spiffeIDs ...co } var matchers []*envoy_matcher_v3.StringMatcher - for _, id := range spiffeIDs { + for _, m := range matchStrings { matchers = append(matchers, &envoy_matcher_v3.StringMatcher{ MatchPattern: &envoy_matcher_v3.StringMatcher_Exact{ - Exact: id.URI().String(), + Exact: m, }, }) } diff --git a/agent/xds/clusters_test.go b/agent/xds/clusters_test.go index c8a1e98e5..8f4156aed 100644 --- a/agent/xds/clusters_test.go +++ b/agent/xds/clusters_test.go @@ -581,6 +581,10 @@ func TestClustersFromSnapshot(t *testing.T) { name: "terminating-gateway-hostname-service-subsets", create: proxycfg.TestConfigSnapshotTerminatingGatewayHostnameSubsets, }, + { + name: "terminating-gateway-sni", + create: proxycfg.TestConfigSnapshotTerminatingGatewaySNI, + }, { name: "terminating-gateway-ignore-extra-resolvers", create: proxycfg.TestConfigSnapshotTerminatingGatewayIgnoreExtraResolvers, diff --git a/agent/xds/testdata/clusters/terminating-gateway-sni.envoy-1-20-x.golden b/agent/xds/testdata/clusters/terminating-gateway-sni.envoy-1-20-x.golden new file mode 100644 index 000000000..5b784eabc --- /dev/null +++ b/agent/xds/testdata/clusters/terminating-gateway-sni.envoy-1-20-x.golden @@ -0,0 +1,174 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "type": "LOGICAL_DNS", + "connectTimeout": "5s", + "loadAssignment": { + "clusterName": "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "api.altdomain", + "portValue": 8081 + } + } + }, + "healthStatus": "HEALTHY", + "loadBalancingWeight": 1 + } + ] + } + ] + }, + "dnsRefreshRate": "10s", + "dnsLookupFamily": "V4_ONLY", + "outlierDetection": { + + }, + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "commonTlsContext": { + "tlsParams": { + + }, + "tlsCertificates": [ + { + "certificateChain": { + "filename": "api.cert.pem" + }, + "privateKey": { + "filename": "api.key.pem" + } + } + ], + "validationContext": { + "trustedCa": { + "filename": "ca.cert.pem" + }, + "matchSubjectAltNames": [ + { + "exact": "bar.com" + } + ] + } + }, + "sni": "bar.com" + } + } + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "type": "LOGICAL_DNS", + "connectTimeout": "5s", + "loadAssignment": { + "clusterName": "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "cache.mydomain", + "portValue": 8081 + } + } + }, + "healthStatus": "HEALTHY", + "loadBalancingWeight": 1 + } + ] + } + ] + }, + "dnsRefreshRate": "10s", + "dnsLookupFamily": "V4_ONLY", + "outlierDetection": { + + } + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "type": "LOGICAL_DNS", + "connectTimeout": "5s", + "loadAssignment": { + "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "db.mydomain", + "portValue": 8081 + } + } + }, + "healthStatus": "UNHEALTHY", + "loadBalancingWeight": 1 + } + ] + } + ] + }, + "dnsRefreshRate": "10s", + "dnsLookupFamily": "V4_ONLY", + "outlierDetection": { + + } + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "type": "EDS", + "edsClusterConfig": { + "edsConfig": { + "ads": { + + }, + "resourceApiVersion": "V3" + } + }, + "connectTimeout": "5s", + "outlierDetection": { + + }, + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "commonTlsContext": { + "tlsParams": { + + }, + "validationContext": { + "trustedCa": { + "filename": "ca.cert.pem" + }, + "matchSubjectAltNames": [ + { + "exact": "foo.com" + } + ] + } + }, + "sni": "foo.com" + } + } + } + ], + "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "nonce": "00000001" +} \ No newline at end of file diff --git a/website/content/docs/connect/config-entries/terminating-gateway.mdx b/website/content/docs/connect/config-entries/terminating-gateway.mdx index 0c6a4bf56..80966017a 100644 --- a/website/content/docs/connect/config-entries/terminating-gateway.mdx +++ b/website/content/docs/connect/config-entries/terminating-gateway.mdx @@ -166,6 +166,7 @@ Services = [ { Name = "billing" CAFile = "/etc/certs/ca-chain.cert.pem" + SNI = "billing.service.com" } ] ``` @@ -179,6 +180,7 @@ spec: services: - name: billing caFile: /etc/certs/ca-chain.cert.pem + sni: billing.service.com ``` ```json @@ -189,6 +191,7 @@ spec: { "Name": "billing", "CAFile": "/etc/certs/ca-chain.cert.pem" + "SNI": "billing.service.com" } ] } @@ -217,6 +220,7 @@ Services = [ Namespace = "finance" Name = "billing" CAFile = "/etc/certs/ca-chain.cert.pem" + SNI = "billing.service.com" } ] ``` @@ -231,6 +235,7 @@ spec: - name: billing namespace: finance caFile: /etc/certs/ca-chain.cert.pem + sni: billing.service.com ``` ```json @@ -242,7 +247,8 @@ spec: { "Namespace": "finance", "Name": "billing", - "CAFile": "/etc/certs/ca-chain.cert.pem" + "CAFile": "/etc/certs/ca-chain.cert.pem", + "SNI": "billing.service.com" } ] } @@ -276,6 +282,7 @@ Services = [ CAFile = "/etc/certs/ca-chain.cert.pem" KeyFile = "/etc/certs/gateway.key.pem" CertFile = "/etc/certs/gateway.cert.pem" + SNI = "billing.service.com" } ] ``` @@ -291,6 +298,7 @@ spec: caFile: /etc/certs/ca-chain.cert.pem keyFile: /etc/certs/gateway.key.pem certFile: /etc/certs/gateway.cert.pem + sni: billing.service.com ``` ```json @@ -302,7 +310,8 @@ spec: "Name": "billing", "CAFile": "/etc/certs/ca-chain.cert.pem", "KeyFile": "/etc/certs/gateway.key.pem", - "CertFile": "/etc/certs/gateway.cert.pem" + "CertFile": "/etc/certs/gateway.cert.pem", + "SNI": "billing.service.com" } ] } @@ -333,6 +342,7 @@ Services = [ CAFile = "/etc/certs/ca-chain.cert.pem" KeyFile = "/etc/certs/gateway.key.pem" CertFile = "/etc/certs/gateway.cert.pem" + SNI = "billing.service.com" } ] ``` @@ -349,6 +359,7 @@ spec: caFile: /etc/certs/ca-chain.cert.pem keyFile: /etc/certs/gateway.key.pem certFile: /etc/certs/gateway.cert.pem + sni: billing.service.com ``` ```json @@ -362,7 +373,8 @@ spec: "Name": "billing", "CAFile": "/etc/certs/ca-chain.cert.pem", "KeyFile": "/etc/certs/gateway.key.pem", - "CertFile": "/etc/certs/gateway.cert.pem" + "CertFile": "/etc/certs/gateway.cert.pem", + "SNI": "billing.service.com" } ] } @@ -399,7 +411,7 @@ Services = [ }, { Name = "billing" - CAFile = "/etc/billing-ca/ca-chain.cert.pem", + CAFile = "/etc/billing-ca/ca-chain.cert.pem" SNI = "billing.service.com" } ] From 2a35d4a518cc03fd576bc6feac4bbe83eadcf924 Mon Sep 17 00:00:00 2001 From: Kyle Havlovitz Date: Thu, 31 Mar 2022 14:05:02 -0700 Subject: [PATCH 060/785] Add changelog note --- .changelog/12672.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 .changelog/12672.txt diff --git a/.changelog/12672.txt b/.changelog/12672.txt new file mode 100644 index 000000000..449890850 --- /dev/null +++ b/.changelog/12672.txt @@ -0,0 +1,3 @@ +```release-note:security +connect: Properly set SNI when configured for services behind a terminating gateway. +``` From 7a016a4c465597f7ac4e3f8788aad81c56b45fde Mon Sep 17 00:00:00 2001 From: Kyle Havlovitz Date: Thu, 31 Mar 2022 15:03:41 -0700 Subject: [PATCH 061/785] Add doc examples for expanded token read CLI and API --- website/content/api-docs/acl/tokens.mdx | 89 +++++++++++++++++++++ website/content/commands/acl/token/read.mdx | 39 +++++++++ 2 files changed, 128 insertions(+) diff --git a/website/content/api-docs/acl/tokens.mdx b/website/content/api-docs/acl/tokens.mdx index b73acc50e..7afada637 100644 --- a/website/content/api-docs/acl/tokens.mdx +++ b/website/content/api-docs/acl/tokens.mdx @@ -188,6 +188,9 @@ The corresponding CLI command is [`consul acl token read`](/commands/acl/token/r the namespace will be inherited from the request's ACL token or will default to the `default` namespace. Added in Consul 1.7.0. +- `expanded` `(bool: false)` - If this field is set, the contents of all policies and + roles affecting the token will also be returned. + ### Sample Request ```shell-session @@ -225,6 +228,92 @@ for reading other secrets which given even more permissions. } ``` +Sample response when setting the `expanded` parameter: + +```json +{ + "AccessorID": "fbd2447f-7479-4329-ad13-b021d74f86ba", + "SecretID": "869c6e91-4de9-4dab-b56e-87548435f9c6", + "Description": "test token", + "Policies": [ + { + "ID": "beb04680-815b-4d7c-9e33-3d707c24672c", + "Name": "foo" + }, + { + "ID": "18788457-584c-4812-80d3-23d403148a90", + "Name": "bar" + } + ], + "Local": false, + "CreateTime": "2020-05-22T18:52:31Z", + "Hash": "YWJjZGVmZ2g=", + "ExpandedPolicies": [ + { + "ID": "beb04680-815b-4d7c-9e33-3d707c24672c", + "Name": "foo", + "Description": "user policy on token", + "Rules": "service_prefix \"\" {\n policy = \"read\"\n}", + "Datacenters": null, + "Hash": null, + "CreateIndex": 0, + "ModifyIndex": 0 + }, + { + "ID": "18788457-584c-4812-80d3-23d403148a90", + "Name": "bar", + "Description": "other user policy on token", + "Rules": "operator = \"read\"", + "Datacenters": null, + "Hash": null, + "CreateIndex": 0, + "ModifyIndex": 0 + }, + { + "ID": "6204f4cd-4709-441c-ac1b-cb029e940263", + "Name": "admin policy", + "Description": "policy for admin role", + "Rules": "operator = \"write\"", + "Datacenters": null, + "Hash": null, + "CreateIndex": 0, + "ModifyIndex": 0 + } + ], + "ExpandedRoles": [ + { + "ID": "3b0a78fe-b9c3-40de-b8ea-7d4d6674b366", + "Name": "admin", + "Description": "admin role", + "Policies": [ + { + "ID": "6204f4cd-4709-441c-ac1b-cb029e940263", + "Name": "admin policy" + } + ], + "ServiceIdentities": [ + { + "ServiceName": "web", + "Datacenters": [ + "southwest" + ] + } + ], + "Hash": null, + "CreateIndex": 0, + "ModifyIndex": 0 + } + ], + "NamespaceDefaultPolicies": null, + "NamespaceDefaultRoles": null, + "AgentACLDefaultPolicy": "allow", + "AgentACLDownPolicy": "deny", + "ResolvedByAgent": "server-1", + "CreateIndex": 42, + "ModifyIndex": 100 +} +``` + ## Read Self Token This endpoint returns the ACL token details that matches the secret ID diff --git a/website/content/commands/acl/token/read.mdx b/website/content/commands/acl/token/read.mdx index e249e1b38..85f0f6a4e 100644 --- a/website/content/commands/acl/token/read.mdx +++ b/website/content/commands/acl/token/read.mdx @@ -40,6 +40,9 @@ Usage: `consul acl token read [options] [args]` - `-self` - Indicates that the current HTTP token should be read by secret ID instead of expecting a -id option. +- `-expanded` - Indicates that the contents of the policies and roles affecting + the token should also be shown. + - `-format={pretty|json}` - Command output format. The default value is `pretty`. #### Enterprise Options @@ -87,3 +90,39 @@ Local: false Create Time: 0001-01-01 00:00:00 +0000 UTC Policies: ``` + +Get token details (Expanded) + +```shell-session +$ consul acl token read -expanded -id 986 +AccessorID: 986193b5-e2b5-eb26-6264-b524ea60cc6d +SecretID: ec15675e-2999-d789-832e-8c4794daa8d7 +Description: Read Nodes and Services +Local: false +Create Time: 2018-10-22 15:33:39.01789 -0400 EDT +Policies: + Policy Name: foo + ID: beb04680-815b-4d7c-9e33-3d707c24672c + Description: user policy on token + Rules: + service_prefix "" { + policy = "read" + } + + Policy Name: bar + ID: 18788457-584c-4812-80d3-23d403148a90 + Description: other user policy on token + Rules: + operator = "read" + +=== End of Authorizer Layer 0: Token === +=== Start of Authorizer Layer 2: Agent Configuration Defaults (Inherited) === +Description: Defined at request-time by the agent that resolves the ACL token; other agents may have different configuration defaults +Resolved By Agent: "leader" + +Default Policy: allow + Description: Backstop rule used if no preceding layer has a matching rule (refer to default_policy option in agent configuration) + +Down Policy: deny + Description: Defines what to do if this Token's information cannot be read from the primary_datacenter (refer to down_policy option in agent configuration) +``` From aa29324a24c02a41f4487bd1a455163cd11d4c47 Mon Sep 17 00:00:00 2001 From: Mark Anderson Date: Thu, 31 Mar 2022 23:35:38 -0700 Subject: [PATCH 062/785] Avoid using sys/mounts to enable namespaces (#12655) * Avoid doing list of /sys/mounts From an internal ticket "Support standard "Vault namespace in the path" semantics for Connect Vault CA Provider" Vault allows the namespace to be specified as a prefix in the path of a PKI definition, but this doesn't currently work for ```IntermediatePKIPath``` specifications, because we attempt to list all of the paths to check if ours is already defined. This doesn't really work in a namespaced world. This changes the IntermediatePKIPath code to follow the same pattern as the root key, where we directly get the key rather than listing. This code is difficult to write automated tests for because it relies on features of Vault Enterprise, which isn't currently part of our test framework, so it was tested manually. Signed-off-by: Mark Anderson * add changelog Signed-off-by: Mark Anderson --- .changelog/12655.txt | 4 ++++ agent/connect/ca/provider_vault.go | 28 ++++++++++++++-------------- 2 files changed, 18 insertions(+), 14 deletions(-) create mode 100644 .changelog/12655.txt diff --git a/.changelog/12655.txt b/.changelog/12655.txt new file mode 100644 index 000000000..48237a314 --- /dev/null +++ b/.changelog/12655.txt @@ -0,0 +1,4 @@ +```release-note:improvement +Removed impediments to using a namespace prefixed IntermediatePKIPath +in a CA definition. +``` diff --git a/agent/connect/ca/provider_vault.go b/agent/connect/ca/provider_vault.go index beec649c3..787e5a247 100644 --- a/agent/connect/ca/provider_vault.go +++ b/agent/connect/ca/provider_vault.go @@ -356,22 +356,22 @@ func (v *VaultProvider) setupIntermediatePKIPath() error { if v.setupIntermediatePKIPathDone { return nil } - mounts, err := v.client.Sys().ListMounts() + + _, err := v.getCA(v.config.IntermediatePKIPath) if err != nil { - return err - } + if err == ErrBackendNotMounted { + err := v.client.Sys().Mount(v.config.IntermediatePKIPath, &vaultapi.MountInput{ + Type: "pki", + Description: "intermediate CA backend for Consul Connect", + Config: vaultapi.MountConfigInput{ + MaxLeaseTTL: v.config.IntermediateCertTTL.String(), + }, + }) - // Mount the backend if it isn't mounted already. - if _, ok := mounts[v.config.IntermediatePKIPath]; !ok { - err := v.client.Sys().Mount(v.config.IntermediatePKIPath, &vaultapi.MountInput{ - Type: "pki", - Description: "intermediate CA backend for Consul Connect", - Config: vaultapi.MountConfigInput{ - MaxLeaseTTL: v.config.IntermediateCertTTL.String(), - }, - }) - - if err != nil { + if err != nil { + return err + } + } else { return err } } From bbf0d13fc64128239fc62e7e9d41c0324278d268 Mon Sep 17 00:00:00 2001 From: Eric Date: Fri, 1 Apr 2022 10:38:56 -0400 Subject: [PATCH 063/785] Fix the Kubernetes service name for DNS --- website/content/docs/k8s/dns.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/website/content/docs/k8s/dns.mdx b/website/content/docs/k8s/dns.mdx index d99158705..47c9fc189 100644 --- a/website/content/docs/k8s/dns.mdx +++ b/website/content/docs/k8s/dns.mdx @@ -26,11 +26,11 @@ to turn on [Consul to Kubernetes Service Sync](/docs/k8s/service-sync#consul-to- To configure KubeDNS or CoreDNS you'll first need the `ClusterIP` of the Consul DNS service created by the [Helm chart](/docs/k8s/helm). -The default name of the Consul DNS service will be `consul-consul-dns`. Use +The default name of the Consul DNS service will be `consul-dns`. Use that name to get the `ClusterIP`: ```shell-session -$ kubectl get svc consul-consul-dns --output jsonpath='{.spec.clusterIP}' +$ kubectl get svc consul-dns --output jsonpath='{.spec.clusterIP}' 10.35.240.78% ``` From 66391186ce532cd11929610d8c7c4601de51ec69 Mon Sep 17 00:00:00 2001 From: Eric Date: Fri, 1 Apr 2022 10:32:38 -0400 Subject: [PATCH 064/785] Tweak the Lambda Envoy configuration generated by the serverless patcher - Move from `strip_matching_host_port` to `strip_any_host_port` - Remove `auto_host_rewrite` since it conflicts with `strip_any_host_port` --- .changelog/12681.txt | 3 ++ agent/xds/serverless_plugin_oss_test.go | 9 ++++++ agent/xds/serverlessplugin/lambda_patcher.go | 27 ++++++++++++++++- agent/xds/serverlessplugin/patcher.go | 6 ++++ .../xds/serverlessplugin/serverlessplugin.go | 17 +++++++++++ ...da-terminating-gateway.envoy-1-20-x.golden | 4 +-- ...da-terminating-gateway.envoy-1-20-x.golden | 30 +++++++++++++++++++ 7 files changed, 93 insertions(+), 3 deletions(-) create mode 100644 .changelog/12681.txt create mode 100644 agent/xds/testdata/serverless_plugin/routes/lambda-terminating-gateway.envoy-1-20-x.golden diff --git a/.changelog/12681.txt b/.changelog/12681.txt new file mode 100644 index 000000000..614770332 --- /dev/null +++ b/.changelog/12681.txt @@ -0,0 +1,3 @@ +```release-note:feature +xds: Add the ability to invoke AWS Lambdas through terminating gateways. +``` diff --git a/agent/xds/serverless_plugin_oss_test.go b/agent/xds/serverless_plugin_oss_test.go index 20c9a4d2d..5fbfdc1c6 100644 --- a/agent/xds/serverless_plugin_oss_test.go +++ b/agent/xds/serverless_plugin_oss_test.go @@ -80,6 +80,15 @@ func TestServerlessPluginFromSnapshot(t *testing.T) { } }, }, + { + name: "routes", + key: xdscommon.RouteType, + sorter: func(msgs []proto.Message) func(int, int) bool { + return func(i, j int) bool { + return msgs[i].(*envoy_listener_v3.Listener).Name < msgs[j].(*envoy_listener_v3.Listener).Name + } + }, + }, } for _, entity := range entities { diff --git a/agent/xds/serverlessplugin/lambda_patcher.go b/agent/xds/serverlessplugin/lambda_patcher.go index 5121a36df..c5d54d9cf 100644 --- a/agent/xds/serverlessplugin/lambda_patcher.go +++ b/agent/xds/serverlessplugin/lambda_patcher.go @@ -8,6 +8,7 @@ import ( envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" envoy_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3" envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" + envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" envoy_lambda_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/aws_lambda/v3" envoy_http_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" envoy_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" @@ -78,6 +79,28 @@ func (p lambdaPatcher) CanPatch(kind api.ServiceKind) bool { return kind == p.kind } +func (p lambdaPatcher) PatchRoute(route *envoy_route_v3.RouteConfiguration) (*envoy_route_v3.RouteConfiguration, bool, error) { + if p.kind != api.ServiceKindTerminatingGateway { + return route, false, nil + } + + for _, virtualHost := range route.VirtualHosts { + for _, route := range virtualHost.Routes { + action, ok := route.Action.(*envoy_route_v3.Route_Route) + + if !ok { + continue + } + + // When auto_host_rewrite is set it conflicts with strip_any_host_port + // on the http_connection_manager filter. + action.Route.HostRewriteSpecifier = nil + } + } + + return route, true, nil +} + func (p lambdaPatcher) PatchCluster(c *envoy_cluster_v3.Cluster) (*envoy_cluster_v3.Cluster, bool, error) { transportSocket, err := makeUpstreamTLSTransportSocket(&envoy_tls_v3.UpstreamTlsContext{ Sni: "*.amazonaws.com", @@ -160,7 +183,9 @@ func (p lambdaPatcher) PatchFilter(filter *envoy_listener_v3.Filter) (*envoy_lis httpFilter, {Name: "envoy.filters.http.router"}, } - config.StripMatchingHostPort = true + config.StripPortMode = &envoy_http_v3.HttpConnectionManager_StripAnyHostPort{ + StripAnyHostPort: true, + } newFilter, err := makeFilter("envoy.filters.network.http_connection_manager", config) if err != nil { return filter, false, errors.New("error making new filter") diff --git a/agent/xds/serverlessplugin/patcher.go b/agent/xds/serverlessplugin/patcher.go index 58847bcb6..8db1c95a1 100644 --- a/agent/xds/serverlessplugin/patcher.go +++ b/agent/xds/serverlessplugin/patcher.go @@ -3,6 +3,7 @@ package serverlessplugin import ( envoy_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" + envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" "github.com/hashicorp/consul/agent/xds/xdscommon" "github.com/hashicorp/consul/api" @@ -15,6 +16,11 @@ type patcher interface { // CanPatch determines if the patcher can mutate resources for the given api.ServiceKind CanPatch(api.ServiceKind) bool + // patchRoute patches a route to include the custom Envoy configuration + // PatchCluster patches a cluster to include the custom Envoy configuration + // required to integrate with the serverless integration. + PatchRoute(*envoy_route_v3.RouteConfiguration) (*envoy_route_v3.RouteConfiguration, bool, error) + // PatchCluster patches a cluster to include the custom Envoy configuration // required to integrate with the serverless integration. PatchCluster(*envoy_cluster_v3.Cluster) (*envoy_cluster_v3.Cluster, bool, error) diff --git a/agent/xds/serverlessplugin/serverlessplugin.go b/agent/xds/serverlessplugin/serverlessplugin.go index 8ab38e374..1d7387000 100644 --- a/agent/xds/serverlessplugin/serverlessplugin.go +++ b/agent/xds/serverlessplugin/serverlessplugin.go @@ -5,6 +5,7 @@ import ( envoy_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" + envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" "github.com/golang/protobuf/proto" "github.com/hashicorp/go-multierror" @@ -30,6 +31,7 @@ func MutateIndexedResources(resources *xdscommon.IndexedResources, config xdscom for _, indexType := range []string{ xdscommon.ClusterType, xdscommon.ListenerType, + xdscommon.RouteType, } { for nameOrSNI, msg := range resources.Index[indexType] { switch resource := msg.(type) { @@ -58,6 +60,21 @@ func MutateIndexedResources(resources *xdscommon.IndexedResources, config xdscom resources.Index[xdscommon.ListenerType][nameOrSNI] = newListener } + case *envoy_route_v3.RouteConfiguration: + patcher := getPatcherBySNI(config, config.Kind, nameOrSNI) + if patcher == nil { + continue + } + + newRoute, patched, err := patcher.PatchRoute(resource) + if err != nil { + resultErr = multierror.Append(resultErr, fmt.Errorf("error patching route: %w", err)) + continue + } + if patched { + resources.Index[xdscommon.RouteType][nameOrSNI] = newRoute + } + default: resultErr = multierror.Append(resultErr, fmt.Errorf("unsupported type was skipped: %T", resource)) } diff --git a/agent/xds/testdata/serverless_plugin/listeners/lambda-terminating-gateway.envoy-1-20-x.golden b/agent/xds/testdata/serverless_plugin/listeners/lambda-terminating-gateway.envoy-1-20-x.golden index e0b77f6f4..d412ef5ce 100644 --- a/agent/xds/testdata/serverless_plugin/listeners/lambda-terminating-gateway.envoy-1-20-x.golden +++ b/agent/xds/testdata/serverless_plugin/listeners/lambda-terminating-gateway.envoy-1-20-x.golden @@ -211,7 +211,7 @@ } }, - "stripMatchingHostPort": true + "stripAnyHostPort": true } } ], @@ -269,4 +269,4 @@ ], "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", "nonce": "00000001" -} \ No newline at end of file +} diff --git a/agent/xds/testdata/serverless_plugin/routes/lambda-terminating-gateway.envoy-1-20-x.golden b/agent/xds/testdata/serverless_plugin/routes/lambda-terminating-gateway.envoy-1-20-x.golden new file mode 100644 index 000000000..4cefff9c6 --- /dev/null +++ b/agent/xds/testdata/serverless_plugin/routes/lambda-terminating-gateway.envoy-1-20-x.golden @@ -0,0 +1,30 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "virtualHosts": [ + { + "name": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "domains": [ + "*" + ], + "routes": [ + { + "match": { + "prefix": "/" + }, + "route": { + "cluster": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + } + } + ] + } + ], + "validateClusters": true + } + ], + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" +} \ No newline at end of file From 3060b5cb8f9afeb33df080257842698809bdd1e4 Mon Sep 17 00:00:00 2001 From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com> Date: Fri, 1 Apr 2022 10:30:26 -0500 Subject: [PATCH 065/785] xds: errors from the xds serverless plugin are fatal (#12682) --- agent/xds/delta.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/agent/xds/delta.go b/agent/xds/delta.go index 7b4aa5242..872ac31aa 100644 --- a/agent/xds/delta.go +++ b/agent/xds/delta.go @@ -215,9 +215,8 @@ func (s *Server) processDelta(stream ADSDeltaStream, reqCh <-chan *envoy_discove if s.serverlessPluginEnabled { newResourceMap, err = serverlessplugin.MutateIndexedResources(newResourceMap, xdscommon.MakePluginConfiguration(cfgSnap)) - if err != nil { - generator.Logger.Warn("failed to patch xDS resources in the serverless plugin", "err", err) + return status.Errorf(codes.Unavailable, "failed to patch xDS resources in the serverless plugin: %v", err) } } From b0cba2ec0329a8442ff31023e8e2f418daf592a8 Mon Sep 17 00:00:00 2001 From: FFMMM Date: Fri, 1 Apr 2022 10:35:56 -0700 Subject: [PATCH 066/785] mark disable_compat_1.9 to deprecate in 1.13, change default to true (#12675) Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> --- .changelog/12675.txt | 3 + agent/agent.go | 4 +- agent/config/builder.go | 2 +- agent/http.go | 3 +- agent/metrics_test.go | 61 +++++++++++++++++++ website/content/docs/agent/options.mdx | 2 +- .../docs/upgrading/upgrade-specific.mdx | 14 ++++- 7 files changed, 82 insertions(+), 7 deletions(-) create mode 100644 .changelog/12675.txt diff --git a/.changelog/12675.txt b/.changelog/12675.txt new file mode 100644 index 000000000..0f46bb5a9 --- /dev/null +++ b/.changelog/12675.txt @@ -0,0 +1,3 @@ +```release-note:breaking-change +telemetry: the disable_compat_1.9 option now defaults to true. 1.9 style `consul.http...` metrics can still be enabled by setting `disable_compat_1.9 = false`. However, we will remove these metrics in 1.13. +``` \ No newline at end of file diff --git a/agent/agent.go b/agent/agent.go index fef53c0f2..7a313cb4f 100644 --- a/agent/agent.go +++ b/agent/agent.go @@ -698,7 +698,7 @@ func (a *Agent) Start(ctx context.Context) error { // DEPRECATED: Warn users if they're emitting deprecated metrics. Remove this warning and the flagged metrics in a // future release of Consul. if !a.config.Telemetry.DisableCompatOneNine { - a.logger.Warn("DEPRECATED Backwards compatibility with pre-1.9 metrics enabled. These metrics will be removed in a future version of Consul. Set `telemetry { disable_compat_1.9 = true }` to disable them.") + a.logger.Warn("DEPRECATED Backwards compatibility with pre-1.9 metrics enabled. These metrics will be removed in Consul 1.13. Consider not using this flag and rework instrumentation for 1.10 style http metrics.") } if a.tlsConfigurator.Cert() != nil { @@ -3797,7 +3797,7 @@ func (a *Agent) reloadConfig(autoReload bool) error { // DEPRECATED: Warn users on reload if they're emitting deprecated metrics. Remove this warning and the flagged // metrics in a future release of Consul. if !a.config.Telemetry.DisableCompatOneNine { - a.logger.Warn("DEPRECATED Backwards compatibility with pre-1.9 metrics enabled. These metrics will be removed in a future version of Consul. Set `telemetry { disable_compat_1.9 = true }` to disable them.") + a.logger.Warn("DEPRECATED Backwards compatibility with pre-1.9 metrics enabled. These metrics will be removed in Consul 1.13. Consider not using this flag and rework instrumentation for 1.10 style http metrics.") } return a.reloadConfigInternal(newCfg) diff --git a/agent/config/builder.go b/agent/config/builder.go index 1762f3f6d..b3bdc46f3 100644 --- a/agent/config/builder.go +++ b/agent/config/builder.go @@ -910,7 +910,7 @@ func (b *builder) build() (rt RuntimeConfig, err error) { CirconusCheckTags: stringVal(c.Telemetry.CirconusCheckTags), CirconusSubmissionInterval: stringVal(c.Telemetry.CirconusSubmissionInterval), CirconusSubmissionURL: stringVal(c.Telemetry.CirconusSubmissionURL), - DisableCompatOneNine: boolVal(c.Telemetry.DisableCompatOneNine), + DisableCompatOneNine: boolValWithDefault(c.Telemetry.DisableCompatOneNine, true), DisableHostname: boolVal(c.Telemetry.DisableHostname), DogstatsdAddr: stringVal(c.Telemetry.DogstatsdAddr), DogstatsdTags: c.Telemetry.DogstatsdTags, diff --git a/agent/http.go b/agent/http.go index ba0067b62..16a3a2150 100644 --- a/agent/http.go +++ b/agent/http.go @@ -228,8 +228,7 @@ func (s *HTTPHandlers) handler(enableDebug bool) http.Handler { labels := []metrics.Label{{Name: "method", Value: req.Method}, {Name: "path", Value: path_label}} metrics.MeasureSinceWithLabels([]string{"api", "http"}, start, labels) - // DEPRECATED Emit pre-1.9 metric as `consul.http...` to maintain backwards compatibility. Enabled by - // default. Users may set `telemetry { disable_compat_1.9 = true }` + // DEPRECATED Emit pre-1.9 metric as `consul.http...`. This will be removed in 1.13. if !s.agent.config.Telemetry.DisableCompatOneNine { key := append([]string{"http", req.Method}, parts...) metrics.MeasureSince(key, start) diff --git a/agent/metrics_test.go b/agent/metrics_test.go index 5bbc7de23..2aedc0180 100644 --- a/agent/metrics_test.go +++ b/agent/metrics_test.go @@ -255,6 +255,67 @@ func TestHTTPHandlers_AgentMetrics_ConsulAutopilot_Prometheus(t *testing.T) { }) } +// TestHTTPHandlers_AgentMetrics_Disable1Dot9MetricsChange adds testing around the 1.9 style metrics +// https://www.consul.io/docs/agent/options#telemetry-disable_compat_1.9 +func TestHTTPHandlers_AgentMetrics_Disable1Dot9MetricsChange(t *testing.T) { + skipIfShortTesting(t) + // This test cannot use t.Parallel() since we modify global state, ie the global metrics instance + + // 1.9 style http metrics looked like this: + // agent_http_2_http_GET_v1_agent_members{quantile="0.5"} 0.1329520046710968 + t.Run("check that no consul.http metrics are emitted by default", func(t *testing.T) { + hcl := ` + telemetry = { + prometheus_retention_time = "5s" + disable_hostname = true + metrics_prefix = "agent_http" + } + ` + + a := StartTestAgent(t, TestAgent{HCL: hcl}) + defer a.Shutdown() + + // we have to use the `a.srv.handler()` to actually trigger the wrapped function + uri := fmt.Sprintf("http://%s%s", a.HTTPAddr(), "/v1/agent/members") + req, err := http.NewRequest("GET", uri, nil) + require.NoError(t, err) + resp := httptest.NewRecorder() + handler := a.srv.handler(true) + handler.ServeHTTP(resp, req) + + respRec := httptest.NewRecorder() + recordPromMetrics(t, a, respRec) + + assertMetricNotExists(t, respRec, "agent_http_http_GET_v1_agent_members") + }) + + t.Run("check that we can still turn on consul.http metrics", func(t *testing.T) { + hcl := ` + telemetry = { + prometheus_retention_time = "5s", + disable_compat_1.9 = false + metrics_prefix = "agent_http_2" + } + ` + + a := StartTestAgent(t, TestAgent{HCL: hcl}) + defer a.Shutdown() + + uri := fmt.Sprintf("http://%s%s", a.HTTPAddr(), "/v1/agent/members") + req, err := http.NewRequest("GET", uri, nil) + require.NoError(t, err) + resp := httptest.NewRecorder() + + handler := a.srv.handler(true) + handler.ServeHTTP(resp, req) + + respRec := httptest.NewRecorder() + recordPromMetrics(t, a, respRec) + + assertMetricExists(t, respRec, "agent_http_2_http_GET_v1_agent_members") + }) +} + func TestHTTPHandlers_AgentMetrics_TLSCertExpiry_Prometheus(t *testing.T) { skipIfShortTesting(t) // This test cannot use t.Parallel() since we modify global state, ie the global metrics instance diff --git a/website/content/docs/agent/options.mdx b/website/content/docs/agent/options.mdx index 2b1c1b867..696d8bc88 100644 --- a/website/content/docs/agent/options.mdx +++ b/website/content/docs/agent/options.mdx @@ -2175,7 +2175,7 @@ There are also a number of common configuration options supported by all provide geo location or datacenter, dc:sfo). By default, this is left blank and not used. - `disable_compat_1.9` ((#telemetry-disable_compat_1.9)) - This allows users to disable metrics deprecated in 1.9 so they are no longer emitted, saving on performance and storage in large deployments. Defaults to false. + This allows users to disable metrics deprecated in 1.9 so they are no longer emitted, improving performance and reducing storage in large deployments. As of 1.12 this defaults to `true` and will be removed, along with 1.9 style http metrics in 1.13. - `disable_hostname` ((#telemetry-disable_hostname)) This controls whether or not to prepend runtime telemetry with the machine's diff --git a/website/content/docs/upgrading/upgrade-specific.mdx b/website/content/docs/upgrading/upgrade-specific.mdx index e7284dd38..b3fb7477f 100644 --- a/website/content/docs/upgrading/upgrade-specific.mdx +++ b/website/content/docs/upgrading/upgrade-specific.mdx @@ -14,12 +14,24 @@ provided for their upgrades as a result of new features or changed behavior. This page is used to document those details separately from the standard upgrade flow. +## Consul 1.12.0 + +### 1.9 Telemetry Compatibility + +#### Changing the default behavior for option + +The [`disable_compat_19`](/docs/agent/options#telemetry-disable_compat_1.9) telemetry configuration option now defaults +to `true`. In prior Consul versions (1.10.x through 1.11.x), the config defaulted to `false`. If you require 1.9 style +`consul.http...` metrics, you may enable them by setting the flag to `false`. However, be advised that these metrics, as +well as the flag will be removed in upcoming Consul 1.13. We recommend changing your instrumentation to use 1.10 and later +style `consul.api.http...` metrics and removing the configuration flag from your setup. + ## Consul 1.11.0 ### 1.10 Compatibility Consul Enterprise versions 1.10.0 through 1.10.4 contain a latent bug that causes those client or server agents to deregister their own services or health -checks when some of the servers have been upgraded to 1.11. Before upgrading Consul Enterprise servers to 1.11, all Consul agents should first +checks when some of the servers have been upgraded to 1.11. Before upgrading Consul Enterprise servers to 1.11, all Consul agents should first be upgraded to 1.10.7 or higher to ensure forward compatibility and prevent flapping of catalog registrations. From d099eca725023e2dd6341d28e91845668be87e7f Mon Sep 17 00:00:00 2001 From: John Cowen Date: Mon, 4 Apr 2022 09:45:03 +0100 Subject: [PATCH 067/785] ui: Initial Server Status Overview Page (#12599) --- ui/packages/consul-ui/app/abilities/raft.js | 6 - ui/packages/consul-ui/app/abilities/zone.js | 10 + .../components/consul/server/card/layout.scss | 2 +- .../components/consul/server/list/index.hbs | 8 +- .../consul-ui/app/components/tile/index.scss | 2 +- ui/packages/consul-ui/app/models/dc.js | 3 + .../consul-ui/app/services/repository/dc.js | 63 ++++- .../base/decoration/base-placeholders.scss | 14 +- .../base/decoration/base-variables.scss | 1 + ui/packages/consul-ui/app/styles/routes.scss | 1 + .../routes/dc/overview/serverstatus.scss | 135 ++++++++++ .../consul-ui/app/templates/application.hbs | 3 + .../consul-ui/app/templates/dc/show.hbs | 22 +- .../consul-ui/app/templates/dc/show/index.hbs | 6 + .../app/templates/dc/show/serverstatus.hbs | 240 ++++++++++++++++++ .../mock-api/v1/operator/autopilot/state | 29 ++- .../consul-ui/tests/unit/abilities/-test.js | 3 + .../consul-ui/translations/common/en-us.yaml | 4 + .../consul-ui/translations/routes/en-us.yaml | 12 +- .../consul-ui/vendor/consul-ui/routes.js | 8 +- 20 files changed, 525 insertions(+), 47 deletions(-) delete mode 100644 ui/packages/consul-ui/app/abilities/raft.js create mode 100644 ui/packages/consul-ui/app/abilities/zone.js create mode 100644 ui/packages/consul-ui/app/styles/routes/dc/overview/serverstatus.scss create mode 100644 ui/packages/consul-ui/app/templates/dc/show/index.hbs create mode 100644 ui/packages/consul-ui/app/templates/dc/show/serverstatus.hbs diff --git a/ui/packages/consul-ui/app/abilities/raft.js b/ui/packages/consul-ui/app/abilities/raft.js deleted file mode 100644 index 169619ad8..000000000 --- a/ui/packages/consul-ui/app/abilities/raft.js +++ /dev/null @@ -1,6 +0,0 @@ -import BaseAbility from './base'; - -export default class RaftAbility extends BaseAbility { - resource = 'operator'; - segmented = false; -} diff --git a/ui/packages/consul-ui/app/abilities/zone.js b/ui/packages/consul-ui/app/abilities/zone.js new file mode 100644 index 000000000..a976bd9e6 --- /dev/null +++ b/ui/packages/consul-ui/app/abilities/zone.js @@ -0,0 +1,10 @@ +import BaseAbility from './base'; +import { inject as service } from '@ember/service'; + +export default class ZoneAbility extends BaseAbility { + @service('env') env; + + get canRead() { + return this.env.var('CONSUL_NSPACES_ENABLED'); + } +} diff --git a/ui/packages/consul-ui/app/components/consul/server/card/layout.scss b/ui/packages/consul-ui/app/components/consul/server/card/layout.scss index 8ca116a8f..a1c679bd4 100644 --- a/ui/packages/consul-ui/app/components/consul/server/card/layout.scss +++ b/ui/packages/consul-ui/app/components/consul/server/card/layout.scss @@ -16,7 +16,7 @@ margin-bottom: calc(var(--padding-y) / 2); } %consul-server-card.voting-status-leader dd { - margin-left: calc(var(--tile-size) + var(--padding-x)); + margin-left: calc(var(--tile-size) + 1rem); /* 16px */ } diff --git a/ui/packages/consul-ui/app/components/consul/server/list/index.hbs b/ui/packages/consul-ui/app/components/consul/server/list/index.hbs index 4f9d1b50a..2144fdd9f 100644 --- a/ui/packages/consul-ui/app/components/consul/server/list/index.hbs +++ b/ui/packages/consul-ui/app/components/consul/server/list/index.hbs @@ -7,9 +7,11 @@
    {{#each @items as |item|}}
  • - + + +
    • {{/each}}
diff --git a/ui/packages/consul-ui/app/components/tile/index.scss b/ui/packages/consul-ui/app/components/tile/index.scss index 7754657eb..55ceb7b40 100644 --- a/ui/packages/consul-ui/app/components/tile/index.scss +++ b/ui/packages/consul-ui/app/components/tile/index.scss @@ -30,7 +30,7 @@ border-color: rgb(var(--tone-gray-999) / 10%); } %with-leader-tile::after { - --icon-name: icon-star-circle; + --icon-name: icon-star-fill; --icon-size: icon-700; color: rgb(var(--strawberry-500)); } diff --git a/ui/packages/consul-ui/app/models/dc.js b/ui/packages/consul-ui/app/models/dc.js index da0e06551..48250722b 100644 --- a/ui/packages/consul-ui/app/models/dc.js +++ b/ui/packages/consul-ui/app/models/dc.js @@ -14,6 +14,9 @@ export default class Datacenter extends Model { @attr('string') Leader; @attr() Voters; // [] @attr() Servers; // [] the API uses {} but we reshape that on the frontend + @attr() RedundancyZones; + @attr() Default; // added by the frontend, {Servers: []} any server that isn't in a zone + @attr() ReadReplicas; // @attr('boolean') Local; @attr('boolean') Primary; diff --git a/ui/packages/consul-ui/app/services/repository/dc.js b/ui/packages/consul-ui/app/services/repository/dc.js index 517c932ba..f47dfc683 100644 --- a/ui/packages/consul-ui/app/services/repository/dc.js +++ b/ui/packages/consul-ui/app/services/repository/dc.js @@ -108,21 +108,56 @@ export default class DcService extends RepositoryService { GET /v1/operator/autopilot/state?${{ dc }} X-Request-ID: ${uri} `)( - (headers, body, cache) => ({ - meta: { - version: 2, - uri: uri, - interval: 30 * SECONDS - }, - body: cache( - { - ...body, - // turn servers into an array instead of a map/object - Servers: Object.values(body.Servers) + (headers, body, cache) => { + // turn servers into an array instead of a map/object + const servers = Object.values(body.Servers); + const grouped = []; + return { + meta: { + version: 2, + uri: uri, }, - uri => uri`${MODEL_NAME}:///${''}/${''}/${dc}/datacenter` - ) - }) + body: cache( + { + ...body, + // all servers + Servers: servers, + RedundancyZones: Object.entries(body.RedundancyZones || {}).map(([key, value]) => { + const zone = { + ...value, + Name: key, + Healthy: true, + // convert the string[] to Server[] + Servers: value.Servers.reduce((prev, item) => { + const server = body.Servers[item]; + // TODO: It is not currently clear whether we should be + // taking ReadReplicas out of the RedundancyZones when we + // encounter one in a Zone once this is cleared up either + // way we can either remove this comment or make any + // necessary amends here + if(!server.ReadReplica) { + // keep a record of things + grouped.push(server.ID); + prev.push(server); + } + return prev; + }, []), + } + return zone; + }), + ReadReplicas: (body.ReadReplicas || []).map(item => { + // keep a record of things + grouped.push(item); + return body.Servers[item]; + }), + Default: { + Servers: servers.filter(item => !grouped.includes(item.ID)) + } + }, + uri => uri`${MODEL_NAME}:///${''}/${''}/${dc}/datacenter` + ) + } + } ); } diff --git a/ui/packages/consul-ui/app/styles/base/decoration/base-placeholders.scss b/ui/packages/consul-ui/app/styles/base/decoration/base-placeholders.scss index 095755d00..8e64f496b 100644 --- a/ui/packages/consul-ui/app/styles/base/decoration/base-placeholders.scss +++ b/ui/packages/consul-ui/app/styles/base/decoration/base-placeholders.scss @@ -10,13 +10,13 @@ } %visually-unhidden, %unvisually-hidden { - position: static; - clip: unset; - overflow: visible; - width: auto; - height: auto; - margin: 0; - padding: 0; + position: static !important; + clip: unset !important; + overflow: visible !important; + width: auto !important; + height: auto !important; + margin: 0 !important; + padding: 0 !important; } %visually-hidden-text { text-indent: -9000px; diff --git a/ui/packages/consul-ui/app/styles/base/decoration/base-variables.scss b/ui/packages/consul-ui/app/styles/base/decoration/base-variables.scss index e97f8df12..d2ee83711 100644 --- a/ui/packages/consul-ui/app/styles/base/decoration/base-variables.scss +++ b/ui/packages/consul-ui/app/styles/base/decoration/base-variables.scss @@ -15,6 +15,7 @@ --decor-border-400: 4px solid; /* box-shadowing*/ + --decor-elevation-000: none; --decor-elevation-100: 0 3px 2px rgb(var(--black) / 6%); --decor-elevation-200: 0 2px 4px rgb(var(--black) / 10%); --decor-elevation-300: 0 5px 1px -2px rgb(var(--black) / 12%); diff --git a/ui/packages/consul-ui/app/styles/routes.scss b/ui/packages/consul-ui/app/styles/routes.scss index 34f12616b..238790812 100644 --- a/ui/packages/consul-ui/app/styles/routes.scss +++ b/ui/packages/consul-ui/app/styles/routes.scss @@ -3,3 +3,4 @@ @import 'routes/dc/kv/index'; @import 'routes/dc/acls/index'; @import 'routes/dc/intentions/index'; +@import 'routes/dc/overview/serverstatus'; diff --git a/ui/packages/consul-ui/app/styles/routes/dc/overview/serverstatus.scss b/ui/packages/consul-ui/app/styles/routes/dc/overview/serverstatus.scss new file mode 100644 index 000000000..0e035f8a2 --- /dev/null +++ b/ui/packages/consul-ui/app/styles/routes/dc/overview/serverstatus.scss @@ -0,0 +1,135 @@ +section[data-route='dc.show.serverstatus'] { + @extend %serverstatus-route; +} +%serverstatus-route .server-failure-tolerance { + @extend %server-failure-tolerance; +} +%serverstatus-route .redundancy-zones { + @extend %redundancy-zones; +} +%redundancy-zones section { + @extend %redundancy-zone; +} + +/**/ + +%serverstatus-route h2, +%serverstatus-route h3 { + @extend %h200; +} + +%server-failure-tolerance { + @extend %panel; + box-shadow: var(--decor-elevation-000); + padding: var(--padding-y) var(--padding-x); + width: 770px; + display: flex; + flex-wrap: wrap; +} +%server-failure-tolerance > header { + width: 100%; + padding-bottom: 0.500rem; /* 8px */ + margin-bottom: 1rem; /* 16px */ + border-bottom: var(--decor-border-100); + border-color: rgb(var(--tone-border)); +} +%server-failure-tolerance header em { + @extend %pill-200; + font-size: 0.812rem; /* 13px */ + background-color: rgb(var(--tone-gray-200)); + + text-transform: uppercase; + font-style: normal; + +} +%server-failure-tolerance > section { + width: 50%; +} +%server-failure-tolerance > section, +%server-failure-tolerance dl { + display: flex; + flex-direction: column; +} +%server-failure-tolerance dl { + flex-grow: 1; + justify-content: space-between; +} +%server-failure-tolerance dd { + display: flex; + align-items: center; +} +%server-failure-tolerance dl.warning dd::before { + --icon-name: icon-alert-circle; + --icon-resolution: .5; + --icon-size: icon-800; + --icon-color: rgb(var(--tone-orange-400)); + content: ''; + margin-right: 0.500rem; /* 8px */ +} +%server-failure-tolerance section:first-of-type dl { + padding-right: 1.500rem; /* 24px */ +} +%server-failure-tolerance dt { + @extend %p2; + color: rgb(var(--tone-gray-700)); +} +%server-failure-tolerance dd { + font-size: var(--typo-size-250); + color: rgb(var(--tone-gray-999)); +} +%server-failure-tolerance header span::before { + --icon-name: icon-info; + --icon-size: icon-300; + --icon-color: rgb(var(--tone-gray-500)); + vertical-align: unset; + content: ''; +} + +%serverstatus-route section:not([class*='-tolerance']) h2 { + margin-top: 1.5rem; /* 24px */ + margin-bottom: 1.5rem; /* 24px */ +} +%serverstatus-route section:not([class*='-tolerance']) header { + margin-top: 18px; + margin-bottom: 18px; +} + + +%redundancy-zones h3 { + @extend %h300; +} +%redundancy-zone header { + display: flow-root; +} +%redundancy-zone header h3 { + float: left; + margin-right: 0.5rem; /* 8px */ +} + +%redundancy-zone header dl { + @extend %horizontal-kv-list; + @extend %pill-500; +} +%redundancy-zone header dt { + @extend %visually-unhidden; +} +%redundancy-zone header dl:not(.warning) { + background-color: rgb(var(--tone-gray-100)); +} +%redundancy-zone header dl.warning { + background-color: rgb(var(--tone-orange-100)); + color: rgb(var(--tone-orange-800)); +} +%redundancy-zone header dl.warning::before { + --icon-name: icon-alert-circle; + --icon-size: icon-000; + margin-right: 0.312rem; /* 5px */ + content: ''; +} +%redundancy-zone header dt::after { + content: ':'; + display: inline-block; + vertical-align: revert; + background-color: var(--transparent); +} + diff --git a/ui/packages/consul-ui/app/templates/application.hbs b/ui/packages/consul-ui/app/templates/application.hbs index d84c79057..d1c8a3a23 100644 --- a/ui/packages/consul-ui/app/templates/application.hbs +++ b/ui/packages/consul-ui/app/templates/application.hbs @@ -47,6 +47,9 @@ as |source|> {{! redirect if we aren't on a URL with dc information }} {{#if (eq route.currentName 'index')}} +{{! until we get to the dc route we don't know any permissions }} +{{! as we don't know the dc, any inital permission based }} +{{! redirects are in the dc.show route}} {{did-insert (route-action 'replaceWith' 'dc.show' (hash dc=(env 'CONSUL_DATACENTER_LOCAL') diff --git a/ui/packages/consul-ui/app/templates/dc/show.hbs b/ui/packages/consul-ui/app/templates/dc/show.hbs index 090152e1e..6089703a7 100644 --- a/ui/packages/consul-ui/app/templates/dc/show.hbs +++ b/ui/packages/consul-ui/app/templates/dc/show.hbs @@ -9,7 +9,8 @@ as |route|> - + +{{#if false}} href=(href-to "dc.show.serverstatus") selected=(is-href "dc.show.serverstatus") ) +(if false (hash - label=(compute (fn route.t 'health.title')) - href=(href-to 'dc.show.health') - selected=(is-href 'dc.show.health') + label=(compute (fn route.t 'cataloghealth.title')) + href=(href-to 'dc.show.cataloghealth') + selected=(is-href 'dc.show.cataloghealth') ) -(if (and (can 'read license') (not (is 'hcp'))) +'') +(if (can 'read license') (hash label=(compute (fn route.t 'license.title')) href=(href-to 'dc.show.license') @@ -32,6 +35,15 @@ as |route|> ) '') }}/> +{{/if}} + + + + {{outlet}} + diff --git a/ui/packages/consul-ui/app/templates/dc/show/index.hbs b/ui/packages/consul-ui/app/templates/dc/show/index.hbs new file mode 100644 index 000000000..96d39860a --- /dev/null +++ b/ui/packages/consul-ui/app/templates/dc/show/index.hbs @@ -0,0 +1,6 @@ + + {{did-insert (route-action 'replaceWith' (if (can 'access overview') 'dc.show.serverstatus' 'dc.services.index'))}} + + diff --git a/ui/packages/consul-ui/app/templates/dc/show/serverstatus.hbs b/ui/packages/consul-ui/app/templates/dc/show/serverstatus.hbs new file mode 100644 index 000000000..211289c72 --- /dev/null +++ b/ui/packages/consul-ui/app/templates/dc/show/serverstatus.hbs @@ -0,0 +1,240 @@ + + + +{{#let + loader.data +as |item|}} + + + + + + {{#if (eq loader.error.status "404")}} + + + Warning! + + +

+ This service has been deregistered and no longer exists in the catalog. +

+ + + {{else if (eq loader.error.status "403")}} + + + Error! + + +

+ You no longer have access to this service +

+ + + {{else}} + + + Warning! + + +

+ An error was returned whilst loading this data, refresh to try again. +

+ + + {{/if}} + + + +
+ +
+ +
+

+ {{compute (fn route.t 'tolerance.header')}} +

+
+ +
+
+

+ {{compute (fn route.t 'tolerance.immediate.header')}} +

+
+
+
+ {{compute (fn route.t 'tolerance.immediate.body')}} +
+
+ {{item.FailureTolerance}} +
+
+
+ +
+
+

+ {{compute (fn route.t 'tolerance.optimistic.header')}} + {{#if (not (can 'read zones'))}} + + {{t 'common.ui.enterprisefeature'}} + + {{/if}} + 30 seconds between server failures, Consul can restore the Immediate Fault Tolerance by replacing failed active voters with healthy back-up voters when using redundancy zones.'}} + > + +

+
+
+
+ {{compute (fn route.t 'tolerance.optimistic.body')}} +
+
+ {{item.OptimisticFailureTolerance}} +
+
+ +
+ +
+ + {{#if (gt item.RedundancyZones.length 0)}} +
+
+

+ {{pluralize (t 'common.consul.redundancyzone')}} +

+
+ + {{#each item.RedundancyZones as |item|}} + {{#if (gt item.Servers.length 0) }} +
+
+

+ {{item.Name}} +

+
+
{{t 'common.consul.failuretolerance'}}
+
{{item.FailureTolerance}}
+
+
+ +
+ {{/if}} + {{/each}} + + {{#if (gt item.Default.Servers.length 0)}} +
+
+

+ {{compute (fn route.t 'unassigned')}} +

+
+ +
+ {{/if}} + +
+ {{else}} +
+
+

+ {{compute (fn route.t 'servers')}} +

+
+ +
+ {{/if}} + + {{#if (gt item.ReadReplicas.length 0)}} +
+
+

+ {{pluralize (t 'common.consul.readreplica')}} +

+
+ + +
+ {{/if}} + +
+ +{{/let}} + + + diff --git a/ui/packages/consul-ui/mock-api/v1/operator/autopilot/state b/ui/packages/consul-ui/mock-api/v1/operator/autopilot/state index e3dbc500a..1cd442d09 100644 --- a/ui/packages/consul-ui/mock-api/v1/operator/autopilot/state +++ b/ui/packages/consul-ui/mock-api/v1/operator/autopilot/state @@ -1,7 +1,8 @@ ${[0].map(_ => { - const servers = range(env('CONSUL_SERVER_COUNT', 3)).map(_ => fake.random.uuid()); + const zones = range(env('CONSUL_ZONE_COUNT', 3)).map(_ => fake.hacker.noun()); + const servers = range(env('CONSUL_SERVER_COUNT', 15)).map(_ => fake.random.uuid()); const failureTolerance = Math.ceil(servers.length / 2); - const optimisticTolerance = failureTolerance; // <== same for now + const optimisticTolerance = 0; const leader = fake.random.number({min: 0, max: servers.length - 1}); return ` { @@ -18,10 +19,10 @@ ${[0].map(_ => { "LastContact": "0s", "LastTerm": 2, "LastIndex": 91, - "Healthy": true, + "Healthy": ${fake.random.boolean()}, "StableSince": "2022-02-02T11:59:01.0708146Z", "ReadReplica": false, - "Status": "${i === leader ? `leader` : `voter`}", + "Status": "${i === leader ? `leader` : fake.helpers.randomize(['non-voter', 'voter', 'staging'])}", "Meta": { "consul-network-segment": "" }, @@ -30,8 +31,26 @@ ${[0].map(_ => { `)}}, "Leader": "${servers[leader]}", "Voters": [ +${servers.map(item => `"${item}"`)} + ], +${ env('CONSUL_ZONES_ENABLE', false) ? ` + "RedundancyZones": {${zones.map((item, i) => ` + "${item}": { + "Servers": [ +${servers.map(item => `"${item}"`)} + ], + "Voters": [ +${servers.map(item => `"${item}"`)} + ], + "FailureTolerance": ${i} + } + `)} + }, + "ReadReplicas": [ ${servers.map(item => `"${item}"`)} - ] + ], +` : ``} + "Upgrade": {} } `; })} diff --git a/ui/packages/consul-ui/tests/unit/abilities/-test.js b/ui/packages/consul-ui/tests/unit/abilities/-test.js index e3ac70d9f..3ac3cf072 100644 --- a/ui/packages/consul-ui/tests/unit/abilities/-test.js +++ b/ui/packages/consul-ui/tests/unit/abilities/-test.js @@ -52,6 +52,9 @@ module('Unit | Ability | *', function(hooks) { // TODO: We currently hardcode KVs to always be true assert.equal(true, ability[`can${perm}`], `Expected ${item}.can${perm} to be true`); return; + case 'zone': + // Zone permissions depend on NSPACES_ENABLED + return; } assert.equal( bool, diff --git a/ui/packages/consul-ui/translations/common/en-us.yaml b/ui/packages/consul-ui/translations/common/en-us.yaml index e5700effe..5365996ab 100644 --- a/ui/packages/consul-ui/translations/common/en-us.yaml +++ b/ui/packages/consul-ui/translations/common/en-us.yaml @@ -14,6 +14,7 @@ ui: name: Name creation: Creation maxttl: Max TTL + enterprisefeature: Enterprise feature consul: name: Name passing: Passing @@ -41,6 +42,9 @@ consul: destinationname: Destination Name sourcename: Source Name displayname: Display Name + failuretolerance: Fault tolerance + readreplica: Read replica + redundancyzone: Redundancy zone search: search: Search searchproperty: Search Across diff --git a/ui/packages/consul-ui/translations/routes/en-us.yaml b/ui/packages/consul-ui/translations/routes/en-us.yaml index 82c60e4a8..59dd94ff1 100644 --- a/ui/packages/consul-ui/translations/routes/en-us.yaml +++ b/ui/packages/consul-ui/translations/routes/en-us.yaml @@ -3,10 +3,20 @@ dc: title: Cluster Overview serverstatus: title: Server status - health: + unassigned: Unassigned Zones + tolerance: + header: Server fault tolerance + immediate: + header: Immediate + body: the number of healthy active voting servers that can fail at once without causing an outage + optimistic: + header: Optimistic + body: the number of healthy active and back-up voting servers that can fail gradually without causing an outage + cataloghealth: title: Health license: title: License + nodes: show: healthchecks: diff --git a/ui/packages/consul-ui/vendor/consul-ui/routes.js b/ui/packages/consul-ui/vendor/consul-ui/routes.js index c79057c3b..99b3cfda5 100644 --- a/ui/packages/consul-ui/vendor/consul-ui/routes.js +++ b/ui/packages/consul-ui/vendor/consul-ui/routes.js @@ -13,18 +13,17 @@ show: { _options: { path: '/overview', - redirect: './serverstatus', abilities: ['access overview'] }, serverstatus: { _options: { path: '/server-status', - abilities: ['access overview', 'read raft'] + abilities: ['access overview', 'read zones'] }, }, - health: { + cataloghealth: { _options: { - path: '/health', + path: '/catalog-health', abilities: ['access overview'] }, }, @@ -417,6 +416,7 @@ }, index: { _options: { path: '/' }, + // root index redirects are currently dealt with in application.hbs }, settings: { _options: { From cdcb249449bb40f6a80d6299f41bd433a37f8fd3 Mon Sep 17 00:00:00 2001 From: Dhia Ayachi Date: Mon, 4 Apr 2022 11:31:39 -0400 Subject: [PATCH 068/785] add a rate limiter to config auto-reload (#12490) * add config watcher to the config package * add logging to watcher * add test and refactor to add WatcherEvent. * add all API calls and fix a bug with recreated files * add tests for watcher * remove the unnecessary use of context * Add debug log and a test for file rename * use inode to detect if the file is recreated/replaced and only listen to create events. * tidy ups (#1535) * tidy ups * Add tests for inode reconcile * fix linux vs windows syscall * fix linux vs windows syscall * fix windows compile error * increase timeout * use ctime ID * remove remove/creation test as it's a use case that fail in linux * fix linux/windows to use Ino/CreationTime * fix the watcher to only overwrite current file id * fix linter error * fix remove/create test * set reconcile loop to 200 Milliseconds * fix watcher to not trigger event on remove, add more tests * on a remove event try to add the file back to the watcher and trigger the handler if success * fix race condition * fix flaky test * fix race conditions * set level to info * fix when file is removed and get an event for it after * fix to trigger handler when we get a remove but re-add fail * fix error message * add tests for directory watch and fixes * detect if a file is a symlink and return an error on Add * rename Watcher to FileWatcher and remove symlink deref * add fsnotify@v1.5.1 * fix go mod * do not reset timer on errors, rename OS specific files * rename New func * events trigger on write and rename * add missing test * fix flaking tests * fix flaky test * check reconcile when removed * delete invalid file * fix test to create files with different mod time. * back date file instead of sleeping * add watching file in agent command. * fix watcher call to use new API * add configuration and stop watcher when server stop * add certs as watched files * move FileWatcher to the agent start instead of the command code * stop watcher before replacing it * save watched files in agent * add add and remove interfaces to the file watcher * fix remove to not return an error * use `Add` and `Remove` to update certs files * fix tests * close events channel on the file watcher even when the context is done * extract `NotAutoReloadableRuntimeConfig` is a separate struct * fix linter errors * add Ca configs and outgoing verify to the not auto reloadable config * add some logs and fix to use background context * add tests to auto-config reload * remove stale test * add tests to changes to config files * add check to see if old cert files still trigger updates * rename `NotAutoReloadableRuntimeConfig` to `StaticRuntimeConfig` * fix to re add both key and cert file. Add test to cover this case. * review suggestion Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> * add check to static runtime config changes * fix test * add changelog file * fix review comments * Apply suggestions from code review Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> * update flag description Co-authored-by: FFMMM * fix compilation error * add static runtime config support * fix test * fix review comments * fix log test * Update .changelog/12329.txt Co-authored-by: Dan Upton * transfer tests to runtime_test.go * fix filewatcher Replace to not deadlock. * avoid having lingering locks Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> * split ReloadConfig func * fix warning message Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> * convert `FileWatcher` into an interface * fix compilation errors * fix tests * extract func for adding and removing files * add a coalesceTimer with a very small timer * extract coaelsce Timer and add a shim for testing * add tests to coalesceTimer fix to send remaining events * set `coalesceTimer` to 1 Second * support symlink, fix a nil deref. * fix compile error * fix compile error * refactor file watcher rate limiting to be a Watcher implementation * fix linter issue * fix runtime config * fix runtime test * fix flaky tests * fix compile error * Apply suggestions from code review Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> * fix agent New to return an error if File watcher New return an error * quit timer loop if ctx is canceled * Apply suggestions from code review Co-authored-by: Chris S. Kim Co-authored-by: Ashwin Venkatesh Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> Co-authored-by: FFMMM Co-authored-by: Daniel Upton Co-authored-by: Chris S. Kim --- agent/agent.go | 48 +++--- agent/agent_test.go | 155 ++++++++++++++++-- agent/config/builder.go | 117 ++++++------- agent/config/file_watcher.go | 6 +- agent/config/file_watcher_test.go | 21 ++- agent/config/ratelimited_file_watcher.go | 90 ++++++++++ agent/config/ratelimited_file_watcher_test.go | 91 ++++++++++ agent/config/runtime.go | 3 + agent/config/runtime_test.go | 3 +- .../TestRuntimeConfig_Sanitize.golden | 3 +- agent/testagent.go | 3 + 11 files changed, 437 insertions(+), 103 deletions(-) create mode 100644 agent/config/ratelimited_file_watcher.go create mode 100644 agent/config/ratelimited_file_watcher_test.go diff --git a/agent/agent.go b/agent/agent.go index 7a313cb4f..91d42cb73 100644 --- a/agent/agent.go +++ b/agent/agent.go @@ -361,9 +361,9 @@ type Agent struct { // run by the Agent routineManager *routine.Manager - // FileWatcher is the watcher responsible to report events when a config file + // configFileWatcher is the watcher responsible to report events when a config file // changed - FileWatcher config.Watcher + configFileWatcher config.Watcher // xdsServer serves the XDS protocol for configuring Envoy proxies. xdsServer *xds.Server @@ -462,6 +462,13 @@ func New(bd BaseDeps) (*Agent, error) { a.baseDeps.WatchedFiles = append(a.baseDeps.WatchedFiles, f.Cfg.CertFile) } } + if a.baseDeps.RuntimeConfig.AutoReloadConfig && len(a.baseDeps.WatchedFiles) > 0 { + w, err := config.NewRateLimitedFileWatcher(a.baseDeps.WatchedFiles, a.baseDeps.Logger, a.baseDeps.RuntimeConfig.AutoReloadConfigCoalesceInterval) + if err != nil { + return nil, err + } + a.configFileWatcher = w + } return &a, nil } @@ -713,25 +720,20 @@ func (a *Agent) Start(ctx context.Context) error { }) // start a go routine to reload config based on file watcher events - if a.baseDeps.RuntimeConfig.AutoReloadConfig && len(a.baseDeps.WatchedFiles) > 0 { - w, err := config.NewFileWatcher(a.baseDeps.WatchedFiles, a.baseDeps.Logger) - if err != nil { - a.baseDeps.Logger.Error("error loading config", "error", err) - } else { - a.FileWatcher = w - a.baseDeps.Logger.Debug("starting file watcher") - a.FileWatcher.Start(context.Background()) - go func() { - for event := range a.FileWatcher.EventsCh() { - a.baseDeps.Logger.Debug("auto-reload config triggered", "event-file", event.Filename) - err := a.AutoReloadConfig() - if err != nil { - a.baseDeps.Logger.Error("error loading config", "error", err) - } + if a.configFileWatcher != nil { + a.baseDeps.Logger.Debug("starting file watcher") + a.configFileWatcher.Start(context.Background()) + go func() { + for event := range a.configFileWatcher.EventsCh() { + a.baseDeps.Logger.Debug("auto-reload config triggered", "num-events", len(event.Filenames)) + err := a.AutoReloadConfig() + if err != nil { + a.baseDeps.Logger.Error("error loading config", "error", err) } - }() - } + } + }() } + return nil } @@ -1413,8 +1415,8 @@ func (a *Agent) ShutdownAgent() error { a.stopAllWatches() // Stop config file watcher - if a.FileWatcher != nil { - a.FileWatcher.Stop() + if a.configFileWatcher != nil { + a.configFileWatcher.Stop() } a.stopLicenseManager() @@ -3772,13 +3774,13 @@ func (a *Agent) reloadConfig(autoReload bool) error { {a.config.TLS.HTTPS, newCfg.TLS.HTTPS}, } { if f.oldCfg.KeyFile != f.newCfg.KeyFile { - a.FileWatcher.Replace(f.oldCfg.KeyFile, f.newCfg.KeyFile) + a.configFileWatcher.Replace(f.oldCfg.KeyFile, f.newCfg.KeyFile) if err != nil { return err } } if f.oldCfg.CertFile != f.newCfg.CertFile { - a.FileWatcher.Replace(f.oldCfg.CertFile, f.newCfg.CertFile) + a.configFileWatcher.Replace(f.oldCfg.CertFile, f.newCfg.CertFile) if err != nil { return err } diff --git a/agent/agent_test.go b/agent/agent_test.go index 43d9bd31d..ba82f127f 100644 --- a/agent/agent_test.go +++ b/agent/agent_test.go @@ -5545,7 +5545,8 @@ func TestAgent_AutoReloadDoReload_WhenCertThenKeyUpdated(t *testing.T) { testrpc.WaitForTestAgent(t, srv.RPC, "dc1", testrpc.WithToken(TestDefaultInitialManagementToken)) - cert1 := srv.tlsConfigurator.Cert() + cert1Pub := srv.tlsConfigurator.Cert().Certificate + cert1Key := srv.tlsConfigurator.Cert().PrivateKey certNew, privateKeyNew, err := tlsutil.GenerateCert(tlsutil.CertOpts{ Signer: signer, @@ -5575,8 +5576,10 @@ func TestAgent_AutoReloadDoReload_WhenCertThenKeyUpdated(t *testing.T) { // cert should not change as we did not update the associated key time.Sleep(1 * time.Second) retry.Run(t, func(r *retry.R) { - require.Equal(r, cert1.Certificate, srv.tlsConfigurator.Cert().Certificate) - require.Equal(r, cert1.PrivateKey, srv.tlsConfigurator.Cert().PrivateKey) + cert := srv.tlsConfigurator.Cert() + require.NotNil(r, cert) + require.Equal(r, cert1Pub, cert.Certificate) + require.Equal(r, cert1Key, cert.PrivateKey) }) require.NoError(t, ioutil.WriteFile(keyFile, []byte(privateKeyNew), 0600)) @@ -5584,8 +5587,8 @@ func TestAgent_AutoReloadDoReload_WhenCertThenKeyUpdated(t *testing.T) { // cert should change as we did not update the associated key time.Sleep(1 * time.Second) retry.Run(t, func(r *retry.R) { - require.NotEqual(r, cert1.Certificate, srv.tlsConfigurator.Cert().Certificate) - require.NotEqual(r, cert1.PrivateKey, srv.tlsConfigurator.Cert().PrivateKey) + require.NotEqual(r, cert1Pub, srv.tlsConfigurator.Cert().Certificate) + require.NotEqual(r, cert1Key, srv.tlsConfigurator.Cert().PrivateKey) }) } @@ -5647,11 +5650,13 @@ func TestAgent_AutoReloadDoReload_WhenKeyThenCertUpdated(t *testing.T) { `), 0600)) srv := StartTestAgent(t, TestAgent{Name: "TestAgent-Server", HCL: hclConfig, configFiles: []string{configFile}}) + defer srv.Shutdown() testrpc.WaitForTestAgent(t, srv.RPC, "dc1", testrpc.WithToken(TestDefaultInitialManagementToken)) - cert1 := srv.tlsConfigurator.Cert() + cert1Pub := srv.tlsConfigurator.Cert().Certificate + cert1Key := srv.tlsConfigurator.Cert().PrivateKey certNew, privateKeyNew, err := tlsutil.GenerateCert(tlsutil.CertOpts{ Signer: signer, @@ -5667,8 +5672,10 @@ func TestAgent_AutoReloadDoReload_WhenKeyThenCertUpdated(t *testing.T) { // cert should not change as we did not update the associated key time.Sleep(1 * time.Second) retry.Run(t, func(r *retry.R) { - require.Equal(r, cert1.Certificate, srv.tlsConfigurator.Cert().Certificate) - require.Equal(r, cert1.PrivateKey, srv.tlsConfigurator.Cert().PrivateKey) + cert := srv.tlsConfigurator.Cert() + require.NotNil(r, cert) + require.Equal(r, cert1Pub, cert.Certificate) + require.Equal(r, cert1Key, cert.PrivateKey) }) require.NoError(t, ioutil.WriteFile(certFileNew, []byte(certNew), 0600)) @@ -5689,10 +5696,13 @@ func TestAgent_AutoReloadDoReload_WhenKeyThenCertUpdated(t *testing.T) { // cert should change as we did not update the associated key time.Sleep(1 * time.Second) retry.Run(t, func(r *retry.R) { - require.NotEqual(r, cert1.Certificate, srv.tlsConfigurator.Cert().Certificate) - require.NotEqual(r, cert1.PrivateKey, srv.tlsConfigurator.Cert().PrivateKey) + cert := srv.tlsConfigurator.Cert() + require.NotNil(r, cert) + require.NotEqual(r, cert1Key, cert.Certificate) + require.NotEqual(r, cert1Key, cert.PrivateKey) }) - cert2 := srv.tlsConfigurator.Cert() + cert2Pub := srv.tlsConfigurator.Cert().Certificate + cert2Key := srv.tlsConfigurator.Cert().PrivateKey certNew2, privateKeyNew2, err := tlsutil.GenerateCert(tlsutil.CertOpts{ Signer: signer, @@ -5707,8 +5717,10 @@ func TestAgent_AutoReloadDoReload_WhenKeyThenCertUpdated(t *testing.T) { // cert should not change as we did not update the associated cert time.Sleep(1 * time.Second) retry.Run(t, func(r *retry.R) { - require.Equal(r, cert2.Certificate, srv.tlsConfigurator.Cert().Certificate) - require.Equal(r, cert2.PrivateKey, srv.tlsConfigurator.Cert().PrivateKey) + cert := srv.tlsConfigurator.Cert() + require.NotNil(r, cert) + require.Equal(r, cert2Pub, cert.Certificate) + require.Equal(r, cert2Key, cert.PrivateKey) }) require.NoError(t, ioutil.WriteFile(certFileNew, []byte(certNew2), 0600)) @@ -5716,7 +5728,120 @@ func TestAgent_AutoReloadDoReload_WhenKeyThenCertUpdated(t *testing.T) { // cert should change as we did update the associated key time.Sleep(1 * time.Second) retry.Run(t, func(r *retry.R) { - require.NotEqual(r, cert2.Certificate, srv.tlsConfigurator.Cert().Certificate) - require.NotEqual(r, cert2.PrivateKey, srv.tlsConfigurator.Cert().PrivateKey) + cert := srv.tlsConfigurator.Cert() + require.NotNil(r, cert) + require.NotEqual(r, cert2Pub, cert.Certificate) + require.NotEqual(r, cert2Key, cert.PrivateKey) }) } + +func Test_coalesceTimerTwoPeriods(t *testing.T) { + + certsDir := testutil.TempDir(t, "auto-config") + + // write some test TLS certificates out to the cfg dir + serverName := "server.dc1.consul" + signer, _, err := tlsutil.GeneratePrivateKey() + require.NoError(t, err) + + ca, _, err := tlsutil.GenerateCA(tlsutil.CAOpts{Signer: signer}) + require.NoError(t, err) + + cert, privateKey, err := tlsutil.GenerateCert(tlsutil.CertOpts{ + Signer: signer, + CA: ca, + Name: "Test Cert Name", + Days: 365, + DNSNames: []string{serverName}, + ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth}, + }) + require.NoError(t, err) + + certFile := filepath.Join(certsDir, "cert.pem") + caFile := filepath.Join(certsDir, "cacert.pem") + keyFile := filepath.Join(certsDir, "key.pem") + + require.NoError(t, ioutil.WriteFile(certFile, []byte(cert), 0600)) + require.NoError(t, ioutil.WriteFile(caFile, []byte(ca), 0600)) + require.NoError(t, ioutil.WriteFile(keyFile, []byte(privateKey), 0600)) + + // generate a gossip key + gossipKey := make([]byte, 32) + n, err := rand.Read(gossipKey) + require.NoError(t, err) + require.Equal(t, 32, n) + gossipKeyEncoded := base64.StdEncoding.EncodeToString(gossipKey) + + hclConfig := TestACLConfigWithParams(nil) + + configFile := testutil.TempDir(t, "config") + "/config.hcl" + require.NoError(t, ioutil.WriteFile(configFile, []byte(` + encrypt = "`+gossipKeyEncoded+`" + encrypt_verify_incoming = true + encrypt_verify_outgoing = true + verify_incoming = true + verify_outgoing = true + verify_server_hostname = true + ca_file = "`+caFile+`" + cert_file = "`+certFile+`" + key_file = "`+keyFile+`" + connect { enabled = true } + auto_reload_config = true + `), 0600)) + + coalesceInterval := 100 * time.Millisecond + testAgent := TestAgent{Name: "TestAgent-Server", HCL: hclConfig, configFiles: []string{configFile}, Config: &config.RuntimeConfig{ + AutoReloadConfigCoalesceInterval: coalesceInterval, + }} + srv := StartTestAgent(t, testAgent) + defer srv.Shutdown() + + testrpc.WaitForTestAgent(t, srv.RPC, "dc1", testrpc.WithToken(TestDefaultInitialManagementToken)) + + cert1Pub := srv.tlsConfigurator.Cert().Certificate + cert1Key := srv.tlsConfigurator.Cert().PrivateKey + + certNew, privateKeyNew, err := tlsutil.GenerateCert(tlsutil.CertOpts{ + Signer: signer, + CA: ca, + Name: "Test Cert Name", + Days: 365, + DNSNames: []string{serverName}, + ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth}, + }) + require.NoError(t, err) + certFileNew := filepath.Join(certsDir, "cert_new.pem") + require.NoError(t, ioutil.WriteFile(certFileNew, []byte(certNew), 0600)) + require.NoError(t, ioutil.WriteFile(configFile, []byte(` + encrypt = "`+gossipKeyEncoded+`" + encrypt_verify_incoming = true + encrypt_verify_outgoing = true + verify_incoming = true + verify_outgoing = true + verify_server_hostname = true + ca_file = "`+caFile+`" + cert_file = "`+certFileNew+`" + key_file = "`+keyFile+`" + connect { enabled = true } + auto_reload_config = true + `), 0600)) + + // cert should not change as we did not update the associated key + time.Sleep(coalesceInterval * 2) + retry.Run(t, func(r *retry.R) { + cert := srv.tlsConfigurator.Cert() + require.NotNil(r, cert) + require.Equal(r, cert1Pub, cert.Certificate) + require.Equal(r, cert1Key, cert.PrivateKey) + }) + + require.NoError(t, ioutil.WriteFile(keyFile, []byte(privateKeyNew), 0600)) + + // cert should change as we did not update the associated key + time.Sleep(coalesceInterval * 2) + retry.Run(t, func(r *retry.R) { + require.NotEqual(r, cert1Pub, srv.tlsConfigurator.Cert().Certificate) + require.NotEqual(r, cert1Key, srv.tlsConfigurator.Cert().PrivateKey) + }) + +} diff --git a/agent/config/builder.go b/agent/config/builder.go index b3bdc46f3..d8a4ac042 100644 --- a/agent/config/builder.go +++ b/agent/config/builder.go @@ -1004,64 +1004,65 @@ func (b *builder) build() (rt RuntimeConfig, err error) { LogRotateBytes: intVal(c.LogRotateBytes), LogRotateMaxFiles: intVal(c.LogRotateMaxFiles), }, - MaxQueryTime: b.durationVal("max_query_time", c.MaxQueryTime), - NodeID: types.NodeID(stringVal(c.NodeID)), - NodeMeta: c.NodeMeta, - NodeName: b.nodeName(c.NodeName), - ReadReplica: boolVal(c.ReadReplica), - PidFile: stringVal(c.PidFile), - PrimaryDatacenter: primaryDatacenter, - PrimaryGateways: b.expandAllOptionalAddrs("primary_gateways", c.PrimaryGateways), - PrimaryGatewaysInterval: b.durationVal("primary_gateways_interval", c.PrimaryGatewaysInterval), - RPCAdvertiseAddr: rpcAdvertiseAddr, - RPCBindAddr: rpcBindAddr, - RPCHandshakeTimeout: b.durationVal("limits.rpc_handshake_timeout", c.Limits.RPCHandshakeTimeout), - RPCHoldTimeout: b.durationVal("performance.rpc_hold_timeout", c.Performance.RPCHoldTimeout), - RPCMaxBurst: intVal(c.Limits.RPCMaxBurst), - RPCMaxConnsPerClient: intVal(c.Limits.RPCMaxConnsPerClient), - RPCProtocol: intVal(c.RPCProtocol), - RPCRateLimit: rate.Limit(float64Val(c.Limits.RPCRate)), - RPCConfig: consul.RPCConfig{EnableStreaming: boolValWithDefault(c.RPC.EnableStreaming, serverMode)}, - RaftProtocol: intVal(c.RaftProtocol), - RaftSnapshotThreshold: intVal(c.RaftSnapshotThreshold), - RaftSnapshotInterval: b.durationVal("raft_snapshot_interval", c.RaftSnapshotInterval), - RaftTrailingLogs: intVal(c.RaftTrailingLogs), - ReconnectTimeoutLAN: b.durationVal("reconnect_timeout", c.ReconnectTimeoutLAN), - ReconnectTimeoutWAN: b.durationVal("reconnect_timeout_wan", c.ReconnectTimeoutWAN), - RejoinAfterLeave: boolVal(c.RejoinAfterLeave), - RetryJoinIntervalLAN: b.durationVal("retry_interval", c.RetryJoinIntervalLAN), - RetryJoinIntervalWAN: b.durationVal("retry_interval_wan", c.RetryJoinIntervalWAN), - RetryJoinLAN: b.expandAllOptionalAddrs("retry_join", c.RetryJoinLAN), - RetryJoinMaxAttemptsLAN: intVal(c.RetryJoinMaxAttemptsLAN), - RetryJoinMaxAttemptsWAN: intVal(c.RetryJoinMaxAttemptsWAN), - RetryJoinWAN: b.expandAllOptionalAddrs("retry_join_wan", c.RetryJoinWAN), - SegmentName: stringVal(c.SegmentName), - Segments: segments, - SegmentLimit: intVal(c.SegmentLimit), - SerfAdvertiseAddrLAN: serfAdvertiseAddrLAN, - SerfAdvertiseAddrWAN: serfAdvertiseAddrWAN, - SerfAllowedCIDRsLAN: serfAllowedCIDRSLAN, - SerfAllowedCIDRsWAN: serfAllowedCIDRSWAN, - SerfBindAddrLAN: serfBindAddrLAN, - SerfBindAddrWAN: serfBindAddrWAN, - SerfPortLAN: serfPortLAN, - SerfPortWAN: serfPortWAN, - ServerMode: serverMode, - ServerName: stringVal(c.ServerName), - ServerPort: serverPort, - Services: services, - SessionTTLMin: b.durationVal("session_ttl_min", c.SessionTTLMin), - SkipLeaveOnInt: skipLeaveOnInt, - StartJoinAddrsLAN: b.expandAllOptionalAddrs("start_join", c.StartJoinAddrsLAN), - StartJoinAddrsWAN: b.expandAllOptionalAddrs("start_join_wan", c.StartJoinAddrsWAN), - TaggedAddresses: c.TaggedAddresses, - TranslateWANAddrs: boolVal(c.TranslateWANAddrs), - TxnMaxReqLen: uint64Val(c.Limits.TxnMaxReqLen), - UIConfig: b.uiConfigVal(c.UIConfig), - UnixSocketGroup: stringVal(c.UnixSocket.Group), - UnixSocketMode: stringVal(c.UnixSocket.Mode), - UnixSocketUser: stringVal(c.UnixSocket.User), - Watches: c.Watches, + MaxQueryTime: b.durationVal("max_query_time", c.MaxQueryTime), + NodeID: types.NodeID(stringVal(c.NodeID)), + NodeMeta: c.NodeMeta, + NodeName: b.nodeName(c.NodeName), + ReadReplica: boolVal(c.ReadReplica), + PidFile: stringVal(c.PidFile), + PrimaryDatacenter: primaryDatacenter, + PrimaryGateways: b.expandAllOptionalAddrs("primary_gateways", c.PrimaryGateways), + PrimaryGatewaysInterval: b.durationVal("primary_gateways_interval", c.PrimaryGatewaysInterval), + RPCAdvertiseAddr: rpcAdvertiseAddr, + RPCBindAddr: rpcBindAddr, + RPCHandshakeTimeout: b.durationVal("limits.rpc_handshake_timeout", c.Limits.RPCHandshakeTimeout), + RPCHoldTimeout: b.durationVal("performance.rpc_hold_timeout", c.Performance.RPCHoldTimeout), + RPCMaxBurst: intVal(c.Limits.RPCMaxBurst), + RPCMaxConnsPerClient: intVal(c.Limits.RPCMaxConnsPerClient), + RPCProtocol: intVal(c.RPCProtocol), + RPCRateLimit: rate.Limit(float64Val(c.Limits.RPCRate)), + RPCConfig: consul.RPCConfig{EnableStreaming: boolValWithDefault(c.RPC.EnableStreaming, serverMode)}, + RaftProtocol: intVal(c.RaftProtocol), + RaftSnapshotThreshold: intVal(c.RaftSnapshotThreshold), + RaftSnapshotInterval: b.durationVal("raft_snapshot_interval", c.RaftSnapshotInterval), + RaftTrailingLogs: intVal(c.RaftTrailingLogs), + ReconnectTimeoutLAN: b.durationVal("reconnect_timeout", c.ReconnectTimeoutLAN), + ReconnectTimeoutWAN: b.durationVal("reconnect_timeout_wan", c.ReconnectTimeoutWAN), + RejoinAfterLeave: boolVal(c.RejoinAfterLeave), + RetryJoinIntervalLAN: b.durationVal("retry_interval", c.RetryJoinIntervalLAN), + RetryJoinIntervalWAN: b.durationVal("retry_interval_wan", c.RetryJoinIntervalWAN), + RetryJoinLAN: b.expandAllOptionalAddrs("retry_join", c.RetryJoinLAN), + RetryJoinMaxAttemptsLAN: intVal(c.RetryJoinMaxAttemptsLAN), + RetryJoinMaxAttemptsWAN: intVal(c.RetryJoinMaxAttemptsWAN), + RetryJoinWAN: b.expandAllOptionalAddrs("retry_join_wan", c.RetryJoinWAN), + SegmentName: stringVal(c.SegmentName), + Segments: segments, + SegmentLimit: intVal(c.SegmentLimit), + SerfAdvertiseAddrLAN: serfAdvertiseAddrLAN, + SerfAdvertiseAddrWAN: serfAdvertiseAddrWAN, + SerfAllowedCIDRsLAN: serfAllowedCIDRSLAN, + SerfAllowedCIDRsWAN: serfAllowedCIDRSWAN, + SerfBindAddrLAN: serfBindAddrLAN, + SerfBindAddrWAN: serfBindAddrWAN, + SerfPortLAN: serfPortLAN, + SerfPortWAN: serfPortWAN, + ServerMode: serverMode, + ServerName: stringVal(c.ServerName), + ServerPort: serverPort, + Services: services, + SessionTTLMin: b.durationVal("session_ttl_min", c.SessionTTLMin), + SkipLeaveOnInt: skipLeaveOnInt, + StartJoinAddrsLAN: b.expandAllOptionalAddrs("start_join", c.StartJoinAddrsLAN), + StartJoinAddrsWAN: b.expandAllOptionalAddrs("start_join_wan", c.StartJoinAddrsWAN), + TaggedAddresses: c.TaggedAddresses, + TranslateWANAddrs: boolVal(c.TranslateWANAddrs), + TxnMaxReqLen: uint64Val(c.Limits.TxnMaxReqLen), + UIConfig: b.uiConfigVal(c.UIConfig), + UnixSocketGroup: stringVal(c.UnixSocket.Group), + UnixSocketMode: stringVal(c.UnixSocket.Mode), + UnixSocketUser: stringVal(c.UnixSocket.User), + Watches: c.Watches, + AutoReloadConfigCoalesceInterval: 1 * time.Second, } rt.TLS, err = b.buildTLSConfig(rt, c.TLS) diff --git a/agent/config/file_watcher.go b/agent/config/file_watcher.go index d85abca4b..d62d19035 100644 --- a/agent/config/file_watcher.go +++ b/agent/config/file_watcher.go @@ -44,7 +44,7 @@ type watchedFile struct { } type FileWatcherEvent struct { - Filename string + Filenames []string } //NewFileWatcher create a file watcher that will watch all the files/folders from configFiles @@ -213,7 +213,7 @@ func (w *fileWatcher) handleEvent(ctx context.Context, event fsnotify.Event) err if isCreateEvent(event) || isWriteEvent(event) || isRenameEvent(event) { w.logger.Trace("call the handler", "filename", event.Name, "OP", event.Op) select { - case w.eventsCh <- &FileWatcherEvent{Filename: filename}: + case w.eventsCh <- &FileWatcherEvent{Filenames: []string{filename}}: case <-ctx.Done(): return ctx.Err() } @@ -265,7 +265,7 @@ func (w *fileWatcher) reconcile(ctx context.Context) { w.logger.Trace("call the handler", "filename", filename, "old modTime", configFile.modTime, "new modTime", newModTime) configFile.modTime = newModTime select { - case w.eventsCh <- &FileWatcherEvent{Filename: filename}: + case w.eventsCh <- &FileWatcherEvent{Filenames: []string{filename}}: case <-ctx.Done(): return } diff --git a/agent/config/file_watcher_test.go b/agent/config/file_watcher_test.go index 064729c53..52abb1328 100644 --- a/agent/config/file_watcher_test.go +++ b/agent/config/file_watcher_test.go @@ -64,6 +64,23 @@ func TestWatcherAddRemove(t *testing.T) { } +func TestWatcherReplace(t *testing.T) { + var filepaths []string + wi, err := NewFileWatcher(filepaths, hclog.New(&hclog.LoggerOptions{})) + w := wi.(*fileWatcher) + require.NoError(t, err) + file1 := createTempConfigFile(t, "temp_config1") + err = w.Add(file1) + require.NoError(t, err) + file2 := createTempConfigFile(t, "temp_config2") + err = w.Replace(file1, file2) + require.NoError(t, err) + _, ok := w.configFiles[file1] + require.False(t, ok) + _, ok = w.configFiles[file2] + require.True(t, ok) +} + func TestWatcherAddWhileRunning(t *testing.T) { var filepaths []string wi, err := NewFileWatcher(filepaths, hclog.New(&hclog.LoggerOptions{})) @@ -364,8 +381,8 @@ func TestEventWatcherMoveSoftLink(t *testing.T) { func assertEvent(name string, watcherCh chan *FileWatcherEvent, timeout time.Duration) error { select { case ev := <-watcherCh: - if ev.Filename != name && !strings.Contains(ev.Filename, name) { - return fmt.Errorf("filename do not match %s %s", ev.Filename, name) + if ev.Filenames[0] != name && !strings.Contains(ev.Filenames[0], name) { + return fmt.Errorf("filename do not match %s %s", ev.Filenames[0], name) } return nil case <-time.After(timeout): diff --git a/agent/config/ratelimited_file_watcher.go b/agent/config/ratelimited_file_watcher.go new file mode 100644 index 000000000..a47f9733d --- /dev/null +++ b/agent/config/ratelimited_file_watcher.go @@ -0,0 +1,90 @@ +package config + +import ( + "context" + "time" + + "github.com/hashicorp/go-hclog" +) + +type rateLimitedFileWatcher struct { + watcher Watcher + eventCh chan *FileWatcherEvent + coalesceInterval time.Duration +} + +func (r *rateLimitedFileWatcher) Start(ctx context.Context) { + r.watcher.Start(ctx) + r.coalesceTimer(ctx, r.watcher.EventsCh(), r.coalesceInterval) +} + +func (r rateLimitedFileWatcher) Stop() error { + return r.watcher.Stop() +} + +func (r rateLimitedFileWatcher) Add(filename string) error { + return r.watcher.Add(filename) +} + +func (r rateLimitedFileWatcher) Remove(filename string) { + r.watcher.Remove(filename) +} + +func (r rateLimitedFileWatcher) Replace(oldFile, newFile string) error { + return r.watcher.Replace(oldFile, newFile) +} + +func (r rateLimitedFileWatcher) EventsCh() chan *FileWatcherEvent { + return r.eventCh +} + +func NewRateLimitedFileWatcher(configFiles []string, logger hclog.Logger, coalesceInterval time.Duration) (Watcher, error) { + + watcher, err := NewFileWatcher(configFiles, logger) + if err != nil { + return nil, err + } + return &rateLimitedFileWatcher{ + watcher: watcher, + coalesceInterval: coalesceInterval, + eventCh: make(chan *FileWatcherEvent), + }, nil +} + +func (r rateLimitedFileWatcher) coalesceTimer(ctx context.Context, inputCh chan *FileWatcherEvent, coalesceDuration time.Duration) { + var ( + coalesceTimer *time.Timer + sendCh = make(chan struct{}) + fileWatcherEvents []string + ) + + go func() { + for { + select { + case event, ok := <-inputCh: + if !ok { + if len(fileWatcherEvents) > 0 { + r.eventCh <- &FileWatcherEvent{Filenames: fileWatcherEvents} + } + close(r.eventCh) + return + } + fileWatcherEvents = append(fileWatcherEvents, event.Filenames...) + if coalesceTimer == nil { + coalesceTimer = time.AfterFunc(coalesceDuration, func() { + // This runs in another goroutine so we can't just do the send + // directly here as access to fileWatcherEvents is racy. Instead, + // signal the main loop above. + sendCh <- struct{}{} + }) + } + case <-sendCh: + coalesceTimer = nil + r.eventCh <- &FileWatcherEvent{Filenames: fileWatcherEvents} + fileWatcherEvents = make([]string, 0) + case <-ctx.Done(): + return + } + } + }() +} diff --git a/agent/config/ratelimited_file_watcher_test.go b/agent/config/ratelimited_file_watcher_test.go new file mode 100644 index 000000000..ee1ecb8bb --- /dev/null +++ b/agent/config/ratelimited_file_watcher_test.go @@ -0,0 +1,91 @@ +package config + +import ( + "context" + "os" + "testing" + "time" + + "github.com/hashicorp/go-hclog" + + "github.com/hashicorp/consul/sdk/testutil" + "github.com/stretchr/testify/require" +) + +func TestNewRateLimitedWatcher(t *testing.T) { + w, err := NewRateLimitedFileWatcher([]string{}, hclog.New(&hclog.LoggerOptions{}), 1*time.Nanosecond) + require.NoError(t, err) + require.NotNil(t, w) +} + +func TestRateLimitedWatcherRenameEvent(t *testing.T) { + + fileTmp := createTempConfigFile(t, "temp_config3") + filepaths := []string{createTempConfigFile(t, "temp_config1"), createTempConfigFile(t, "temp_config2")} + w, err := NewRateLimitedFileWatcher(filepaths, hclog.New(&hclog.LoggerOptions{}), 1*time.Nanosecond) + + require.NoError(t, err) + w.Start(context.Background()) + defer func() { + _ = w.Stop() + }() + + require.NoError(t, err) + err = os.Rename(fileTmp, filepaths[0]) + time.Sleep(timeoutDuration + 50*time.Millisecond) + require.NoError(t, err) + require.NoError(t, assertEvent(filepaths[0], w.EventsCh(), defaultTimeout)) + // make sure we consume all events + _ = assertEvent(filepaths[0], w.EventsCh(), defaultTimeout) +} + +func TestRateLimitedWatcherAddNotExist(t *testing.T) { + + file := testutil.TempFile(t, "temp_config") + filename := file.Name() + randomStr(16) + w, err := NewRateLimitedFileWatcher([]string{filename}, hclog.New(&hclog.LoggerOptions{}), 1*time.Nanosecond) + require.Error(t, err, "no such file or directory") + require.Nil(t, w) +} + +func TestEventRateLimitedWatcherWrite(t *testing.T) { + + file := testutil.TempFile(t, "temp_config") + _, err := file.WriteString("test config") + require.NoError(t, err) + err = file.Sync() + require.NoError(t, err) + w, err := NewRateLimitedFileWatcher([]string{file.Name()}, hclog.New(&hclog.LoggerOptions{}), 1*time.Nanosecond) + require.NoError(t, err) + w.Start(context.Background()) + defer func() { + _ = w.Stop() + }() + + _, err = file.WriteString("test config 2") + require.NoError(t, err) + err = file.Sync() + require.NoError(t, err) + require.NoError(t, assertEvent(file.Name(), w.EventsCh(), defaultTimeout)) +} + +func TestEventRateLimitedWatcherMove(t *testing.T) { + + filepath := createTempConfigFile(t, "temp_config1") + + w, err := NewRateLimitedFileWatcher([]string{filepath}, hclog.New(&hclog.LoggerOptions{}), 1*time.Second) + require.NoError(t, err) + w.Start(context.Background()) + defer func() { + _ = w.Stop() + }() + + for i := 0; i < 10; i++ { + filepath2 := createTempConfigFile(t, "temp_config2") + err = os.Rename(filepath2, filepath) + time.Sleep(timeoutDuration + 50*time.Millisecond) + require.NoError(t, err) + } + require.NoError(t, assertEvent(filepath, w.EventsCh(), defaultTimeout)) + require.Error(t, assertEvent(filepath, w.EventsCh(), defaultTimeout), "expected timeout error") +} diff --git a/agent/config/runtime.go b/agent/config/runtime.go index 99c51f335..442393ba1 100644 --- a/agent/config/runtime.go +++ b/agent/config/runtime.go @@ -1399,6 +1399,9 @@ type RuntimeConfig struct { // Watches []map[string]interface{} + // AutoReloadConfigCoalesceInterval Coalesce Interval for auto reload config + AutoReloadConfigCoalesceInterval time.Duration + EnterpriseRuntimeConfig } diff --git a/agent/config/runtime_test.go b/agent/config/runtime_test.go index 408241e40..eb9d03d2b 100644 --- a/agent/config/runtime_test.go +++ b/agent/config/runtime_test.go @@ -6390,7 +6390,8 @@ func TestLoad_FullConfig(t *testing.T) { "args": []interface{}{"dltjDJ2a", "flEa7C2d"}, }, }, - RaftBoltDBConfig: consul.RaftBoltDBConfig{NoFreelistSync: true}, + RaftBoltDBConfig: consul.RaftBoltDBConfig{NoFreelistSync: true}, + AutoReloadConfigCoalesceInterval: 1 * time.Second, } entFullRuntimeConfig(expected) diff --git a/agent/config/testdata/TestRuntimeConfig_Sanitize.golden b/agent/config/testdata/TestRuntimeConfig_Sanitize.golden index 5356761e4..4fafb520b 100644 --- a/agent/config/testdata/TestRuntimeConfig_Sanitize.golden +++ b/agent/config/testdata/TestRuntimeConfig_Sanitize.golden @@ -64,6 +64,7 @@ "AutoEncryptIPSAN": [], "AutoEncryptTLS": false, "AutoReloadConfig": false, + "AutoReloadConfigCoalesceInterval": "0s", "AutopilotCleanupDeadServers": false, "AutopilotDisableUpgradeMigration": false, "AutopilotLastContactThreshold": "0s", @@ -456,4 +457,4 @@ "Version": "", "VersionPrerelease": "", "Watches": [] -} +} \ No newline at end of file diff --git a/agent/testagent.go b/agent/testagent.go index 3910a78d9..11ca9a518 100644 --- a/agent/testagent.go +++ b/agent/testagent.go @@ -221,6 +221,9 @@ func (a *TestAgent) Start(t *testing.T) error { bd.MetricsHandler = metrics.NewInmemSink(1*time.Second, time.Minute) } + if a.Config != nil && bd.RuntimeConfig.AutoReloadConfigCoalesceInterval == 0 { + bd.RuntimeConfig.AutoReloadConfigCoalesceInterval = a.Config.AutoReloadConfigCoalesceInterval + } a.Config = bd.RuntimeConfig agent, err := New(bd) From a6e7195bdf48f9b99dd6182c0448fa9f5c635260 Mon Sep 17 00:00:00 2001 From: Dhia Ayachi Date: Mon, 4 Apr 2022 12:01:38 -0400 Subject: [PATCH 069/785] documentation for config auto reload feature (#12548) * add config watcher to the config package * add logging to watcher * add test and refactor to add WatcherEvent. * add all API calls and fix a bug with recreated files * add tests for watcher * remove the unnecessary use of context * Add debug log and a test for file rename * use inode to detect if the file is recreated/replaced and only listen to create events. * tidy ups (#1535) * tidy ups * Add tests for inode reconcile * fix linux vs windows syscall * fix linux vs windows syscall * fix windows compile error * increase timeout * use ctime ID * remove remove/creation test as it's a use case that fail in linux * fix linux/windows to use Ino/CreationTime * fix the watcher to only overwrite current file id * fix linter error * fix remove/create test * set reconcile loop to 200 Milliseconds * fix watcher to not trigger event on remove, add more tests * on a remove event try to add the file back to the watcher and trigger the handler if success * fix race condition * fix flaky test * fix race conditions * set level to info * fix when file is removed and get an event for it after * fix to trigger handler when we get a remove but re-add fail * fix error message * add tests for directory watch and fixes * detect if a file is a symlink and return an error on Add * rename Watcher to FileWatcher and remove symlink deref * add fsnotify@v1.5.1 * fix go mod * do not reset timer on errors, rename OS specific files * rename New func * events trigger on write and rename * add missing test * fix flaking tests * fix flaky test * check reconcile when removed * delete invalid file * fix test to create files with different mod time. * back date file instead of sleeping * add watching file in agent command. * fix watcher call to use new API * add configuration and stop watcher when server stop * add certs as watched files * move FileWatcher to the agent start instead of the command code * stop watcher before replacing it * save watched files in agent * add add and remove interfaces to the file watcher * fix remove to not return an error * use `Add` and `Remove` to update certs files * fix tests * close events channel on the file watcher even when the context is done * extract `NotAutoReloadableRuntimeConfig` is a separate struct * fix linter errors * add Ca configs and outgoing verify to the not auto reloadable config * add some logs and fix to use background context * add tests to auto-config reload * remove stale test * add tests to changes to config files * add check to see if old cert files still trigger updates * rename `NotAutoReloadableRuntimeConfig` to `StaticRuntimeConfig` * fix to re add both key and cert file. Add test to cover this case. * review suggestion Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> * add check to static runtime config changes * fix test * add changelog file * fix review comments * Apply suggestions from code review Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> * update flag description Co-authored-by: FFMMM * fix compilation error * add static runtime config support * fix test * fix review comments * fix log test * Update .changelog/12329.txt Co-authored-by: Dan Upton * transfer tests to runtime_test.go * fix filewatcher Replace to not deadlock. * avoid having lingering locks Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> * split ReloadConfig func * fix warning message Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> * convert `FileWatcher` into an interface * fix compilation errors * fix tests * extract func for adding and removing files * add a coalesceTimer with a very small timer * extract coaelsce Timer and add a shim for testing * add tests to coalesceTimer fix to send remaining events * set `coalesceTimer` to 1 Second * support symlink, fix a nil deref. * fix compile error * fix compile error * refactor file watcher rate limiting to be a Watcher implementation * fix linter issue * fix runtime config * fix runtime test * fix flaky tests * fix compile error * Apply suggestions from code review Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> * fix agent New to return an error if File watcher New return an error * add a coalesceTimer with a very small timer * extract coaelsce Timer and add a shim for testing * set `coalesceTimer` to 1 Second * add flag description to agent command docs * fix link * add Static runtime config docs * fix links and alignment * fix typo * Revert "add a coalesceTimer with a very small timer" This reverts commit d9db2fcb8213a81ac761f04b458091409c5fb1ee. * Revert "extract coaelsce Timer and add a shim for testing" This reverts commit 0ab86012a415ffeb452acf58e52c9f37c9f49254. * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> Co-authored-by: Ashwin Venkatesh Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> Co-authored-by: FFMMM Co-authored-by: Daniel Upton Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> --- website/content/docs/agent/options.mdx | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/website/content/docs/agent/options.mdx b/website/content/docs/agent/options.mdx index 696d8bc88..19cc786e9 100644 --- a/website/content/docs/agent/options.mdx +++ b/website/content/docs/agent/options.mdx @@ -460,7 +460,10 @@ The agent configuration options below are all specified on the command-line. "trace", "debug", "info", "warn", and "err". You can always connect to an agent via [`consul monitor`](/commands/monitor) and use any log level. Also, the log level can be changed during a config reload. - +- `-auto-reload-config` ((#\_auto_reload_config)) - This flag set Consul to automatically reload + [Reloadable Configuration](#reloadable-configuration) when configuration files change. + Consul will also watch certificate and key files set in `cert_file` and `key_file` and reload the configuration + if updated. - `-log-json` ((#\_log_json)) - This flag enables the agent to output logs in a JSON format. By default this is false. @@ -1833,6 +1836,8 @@ There are also a number of common configuration options supported by all provide - `log_level` Equivalent to the [`-log-level` command-line flag](#_log_level). +- `auto-reload-config` Equivalent to the [`-auto-reload-config` command-line flag](#_auto_reload_config). + - `log_json` Equivalent to the [`-log-json` command-line flag](#_log_json). - `default_query_time` Equivalent to the [`-default-query-time` command-line flag](#_default_query_time). @@ -2771,6 +2776,19 @@ items which are reloaded include: - Services - TLS Configuration - Please be aware that this is currently limited to reload a configuration that is already TLS enabled. You cannot enable or disable TLS only with reloading. + - To avoid a potential security issue, the following TLS configuration parameters do not automatically reload when [-auto-reload-config](#_auto_reload_config) is enabled: + - [encrypt_verify_incoming](#encrypt_verify_incoming) + - [verify_incoming](#verify_incoming) + - [verify_incoming_rpc](#verify_incoming_rpc) + - [verify_incoming_https](#verify_incoming_https) + - [verify_outgoing](#verify_outgoing) + - [verify_server_hostname](#verify_server_hostname) + - [ca_file](#ca_file) + - [ca_path](#ca_path) + + If any of those configurations are changed while [-auto-reload-config](#_auto_reload_config) is enabled, + Consul will issue the following warning, `Static Runtime config has changed and need a manual config reload to be applied`. + You must manually issue the `consul reload` command or send a `SIGHUP` to the Consul process to reload the new values. - Watches From 7bd9dec6d02e46b1d7f2ec07a4102457dda3cbec Mon Sep 17 00:00:00 2001 From: Karl Cardenas Date: Mon, 4 Apr 2022 09:47:15 -0700 Subject: [PATCH 070/785] docs: fixes broken url in acl overview page --- website/content/docs/security/acl/index.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/content/docs/security/acl/index.mdx b/website/content/docs/security/acl/index.mdx index d0676d14d..5ef4544b7 100644 --- a/website/content/docs/security/acl/index.mdx +++ b/website/content/docs/security/acl/index.mdx @@ -54,7 +54,7 @@ In addition to the rules that authenticate access to services, several attribute Refer to the following topics for details about policies: -- [Policies](/docs/security/acl/policies) +- [Policies](/docs/security/acl/acl-policies) - [ACL policy command line](/commands/acl/policy) - [ACL policy API](/api-docs/acl/policies) From 9224181958d84f42d176a0bd915dee94a78de3ac Mon Sep 17 00:00:00 2001 From: John Murret Date: Mon, 4 Apr 2022 14:36:19 -0600 Subject: [PATCH 071/785] Updating helm docs with additionalVault and ACLs refactor functionality. (#12669) * Updating helm docs with additionalVault and ACLs refactor funtionality. * PR Feedback corrections. - Fix indentation. - Fix description of secretName and secretKey to be consistent - Change description of manageACLsRole to be more clear. - Make the added vault role field descriptions consistent * PR Feedback - correcting description for adminPartitionsRole * Fixing broken shell sessions * Fixing broken shell sessions by changing shell-session tobecloser tocomment marker --- website/content/docs/k8s/helm.mdx | 182 +++++++++++++++++++----------- 1 file changed, 116 insertions(+), 66 deletions(-) diff --git a/website/content/docs/k8s/helm.mdx b/website/content/docs/k8s/helm.mdx index 009e43348..81164cac3 100644 --- a/website/content/docs/k8s/helm.mdx +++ b/website/content/docs/k8s/helm.mdx @@ -151,35 +151,56 @@ Use these links to navigate to a particular top-level stanza. - `enabled` ((#v-global-secretsbackend-vault-enabled)) (`boolean: false`) - Enabling the Vault secrets backend will replace Kubernetes secrets with referenced Vault secrets. - `consulServerRole` ((#v-global-secretsbackend-vault-consulserverrole)) (`string: ""`) - The Vault role for the Consul server. - The role must be connected to the Consul server's service account and - have a policy with read capabilities for the following secrets: - - gossip encryption key defined by `global.gossipEncryption.secretName` - - certificate issue path defined by `server.serverCert.secretName` - - CA certificate defined by `global.tls.caCert.secretName` - - replication token defined by `global.acls.replicationToken.secretName` if `global.federation.enabled` is `true` + The role must be connected to the Consul server's service account. + The role must also have a policy with read capabilities for the following secrets: + - gossip encryption key defined by the `global.gossipEncryption.secretName` value + - certificate issue path defined by the `server.serverCert.secretName` value + - CA certificate defined by the `global.tls.caCert.secretName` value + - replication token defined by the `global.acls.replicationToken.secretName` value if `global.federation.enabled` is `true` To discover the service account name of the Consul server, run - ```shell-session - $ helm template --show-only templates/server-serviceaccount.yaml hashicorp/consul - ``` + ```shell-session + $ helm template --show-only templates/server-serviceaccount.yaml hashicorp/consul + ``` and check the name of `metadata.name`. - `consulClientRole` ((#v-global-secretsbackend-vault-consulclientrole)) (`string: ""`) - The Vault role for the Consul client. - The role must be connected to the Consul client's service account and - have a policy with read capabilities for the following secrets: - - gossip encryption key defined by `global.gossipEncryption.secretName`. + The role must be connected to the Consul client's service account. + The role must also have a policy with read capabilities for the gossip encryption + key defined by the `global.gossipEncryption.secretName` value. To discover the service account name of the Consul client, run - ```shell-session - $ helm template --show-only templates/client-serviceaccount.yaml charts/consul - ``` + ```shell-session + $ helm template --show-only templates/client-serviceaccount.yaml hashicorp/consul + ``` and check the name of `metadata.name`. - - `manageSystemACLsRole` ((#v-global-secretsbackend-vault-managesystemaclsrole)) (`string: ""`) - A Vault role to allow Kubernetes job that manages ACLs for this Helm chart (`server-acl-init`) - to read and update Vault secrets for the Consul's bootstrap and replication tokens. - This role must be bound the `server-acl-init`'s service account. + - `consulSnapshotAgentRole` ((#v-global-secretsbackend-vault-consulsnapshotagentrole)) (`string: ""`) - The Vault role for the Consul client snapshot agent. + The role must be connected to the Consul client snapshot agent's service account. + The role must also have a policy with read capabilities for the snapshot agent config + defined by the `client.snapshotAgent.configSecret.secretName` value. + To discover the service account name of the Consul client, run + ```shell-session + $ helm template --show-only templates/client-snapshot-agent-serviceaccount.yaml --set client.snapshotAgent.enabled=true hashicorp/consul + ``` + and check the name of `metadata.name`. + + - `manageSystemACLsRole` ((#v-global-secretsbackend-vault-managesystemaclsrole)) (`string: ""`) - A Vault role for the Consul `server-acl-init` job, which manages setting ACLs so that clients and components can obtain ACL tokens. + The role must be connected to the `server-acl-init` job's service account. + The role must also have a policy with read and write capabilities for the bootstrap, replication or partition tokens To discover the service account name of the `server-acl-init` job, run - ```shell-session - $ helm template --show-only templates/server-acl-init-serviceaccount.yaml charts/consul - ``` + ```shell-session + $ helm template --show-only templates/server-acl-init-serviceaccount.yaml \ + --set global.acls.manageSystemACLs=true hashicorp/consul + ``` + and check the name of `metadata.name`. + + - `adminPartitionsRole` ((#v-global-secretsbackend-vault-adminpartitionsrole)) (`string: ""`) - A Vault role that allows the Consul `partition-init` job to read a Vault secret for the partition ACL token. + The `partition-init` job bootstraps Admin Partitions on Consul servers. + . + This role must be bound the `partition-init` job's service account. + To discover the service account name of the `partition-init` job, run with Helm values for the client cluster: + ```shell-session + $ helm template --show-only templates/partition-init-serviceaccount.yaml -f client-cluster-values.yaml hashicorp/consul + ``` and check the name of `metadata.name`. - `agentAnnotations` ((#v-global-secretsbackend-vault-agentannotations)) (`string: null`) - This value defines additional annotations for @@ -200,10 +221,10 @@ Use these links to navigate to a particular top-level stanza. - `ca` ((#v-global-secretsbackend-vault-ca)) - Configuration for Vault server CA certificate. This certificate will be mounted to any pod where Vault agent needs to run. - - `secretName` ((#v-global-secretsbackend-vault-ca-secretname)) (`string: ""`) - secretName is the name of the Kubernetes secret that holds the Vault CA certificate. + - `secretName` ((#v-global-secretsbackend-vault-ca-secretname)) (`string: ""`) - The name of the Kubernetes or Vault secret that holds the Vault CA certificate. A Kubernetes secret must be in the same namespace that Consul is installed into. - - `secretKey` ((#v-global-secretsbackend-vault-ca-secretkey)) (`string: ""`) - secretKey is the key within the Kubernetes secret that holds the Vault CA certificate. + - `secretKey` ((#v-global-secretsbackend-vault-ca-secretkey)) (`string: ""`) - The key within the Kubernetes or Vault secret that holds the Vault CA certificate. - `connectCA` ((#v-global-secretsbackend-vault-connectca)) - Configuration for the Vault Connect CA provider. The provider will be configured to use the Vault Kubernetes auth method @@ -261,12 +282,12 @@ Use these links to navigate to a particular top-level stanza. `gossipEncryption.secretName="consul/data/secrets/gossip"` `gossipEncryption.secretKey="key"` - - `autoGenerate` ((#v-global-gossipencryption-autogenerate)) (`boolean: false`) - Automatically generate a gossip encryption key and save it to a Kubernetes secret. + - `autoGenerate` ((#v-global-gossipencryption-autogenerate)) (`boolean: false`) - Automatically generate a gossip encryption key and save it to a Kubernetes or Vault secret. - - `secretName` ((#v-global-gossipencryption-secretname)) (`string: ""`) - secretName is the name of the Kubernetes secret or Vault secret path that holds the gossip + - `secretName` ((#v-global-gossipencryption-secretname)) (`string: ""`) - The name of the Kubernetes secret or Vault secret path that holds the gossip encryption key. A Kubernetes secret must be in the same namespace that Consul is installed into. - - `secretKey` ((#v-global-gossipencryption-secretkey)) (`string: ""`) - secretKey is the key within the Kubernetes secret or Vault secret key that holds the gossip + - `secretKey` ((#v-global-gossipencryption-secretkey)) (`string: ""`) - The key within the Kubernetes secret or Vault secret key that holds the gossip encryption key. - `recursors` ((#v-global-recursors)) (`array: []`) - A list of addresses of upstream DNS servers that are used to recursively resolve DNS queries. @@ -294,11 +315,11 @@ Use these links to navigate to a particular top-level stanza. in the server certificate. This is useful when you need to access the Consul server(s) externally, for example, if you're using the UI. - - `verify` ((#v-global-tls-verify)) (`boolean: true`) - If true, `tls.defaults.verify_outgoing`, - `tls.internal_rpc.verify_server_hostname`, and `tls.internal_rpc.verify_incoming` will be set - to `true` for Consul servers and clients. Set this to false to incrementally roll out TLS - on an existing Consul cluster. - Please see https://consul.io/docs/k8s/operations/tls-on-existing-cluster for more details. + - `verify` ((#v-global-tls-verify)) (`boolean: true`) - If true, `verify_outgoing`, `verify_server_hostname`, + and `verify_incoming_rpc` will be set to `true` for Consul servers and clients. + Set this to false to incrementally roll out TLS on an existing Consul cluster. + Please see https://consul.io/docs/k8s/operations/tls-on-existing-cluster + for more details. - `httpsOnly` ((#v-global-tls-httpsonly)) (`boolean: true`) - If true, the Helm chart will configure Consul to disable the HTTP port on both clients and servers and to only accept HTTPS connections. @@ -317,11 +338,11 @@ Use these links to navigate to a particular top-level stanza. This will be consumed by the `global.secretsBackend.vault.consulCARole` role by all Consul components. When using Vault the secretKey is not used. - - `secretName` ((#v-global-tls-cacert-secretname)) (`string: null`) - The name of the Kubernetes secret. + - `secretName` ((#v-global-tls-cacert-secretname)) (`string: null`) - The name of the Kubernetes or Vault secret that holds the CA certificate. - - `secretKey` ((#v-global-tls-cacert-secretkey)) (`string: null`) - The key of the Kubernetes secret. + - `secretKey` ((#v-global-tls-cacert-secretkey)) (`string: null`) - The key within the Kubernetes or Vault secret that holds the CA certificate. - - `caKey` ((#v-global-tls-cakey)) - A Kubernetes secret containing the private key of the CA to use for + - `caKey` ((#v-global-tls-cakey)) - A Kubernetes or Vault secret containing the private key of the CA to use for TLS communication within the Consul cluster. If you have generated the CA yourself with the consul CLI, you could use the following command to create the secret in Kubernetes: @@ -336,9 +357,9 @@ Use these links to navigate to a particular top-level stanza. as Subject Alternative Names. In the future, we may support bringing your own server certificates. - - `secretName` ((#v-global-tls-cakey-secretname)) (`string: null`) - The name of the Kubernetes secret. + - `secretName` ((#v-global-tls-cakey-secretname)) (`string: null`) - The name of the Kubernetes or Vault secret that holds the CA key. - - `secretKey` ((#v-global-tls-cakey-secretkey)) (`string: null`) - The key of the Kubernetes secret. + - `secretKey` ((#v-global-tls-cakey-secretkey)) (`string: null`) - The key within the Kubernetes or Vault secret that holds the CA key. - `enableConsulNamespaces` ((#v-global-enableconsulnamespaces)) (`boolean: false`) - `enableConsulNamespaces` indicates that you are running Consul Enterprise v1.7+ with a valid Consul Enterprise license and would @@ -353,14 +374,14 @@ Use these links to navigate to a particular top-level stanza. for all Consul and consul-k8s-control-plane components. This requires Consul >= 1.4. - - `bootstrapToken` ((#v-global-acls-bootstraptoken)) - A Kubernetes secret containing the bootstrap token to use for + - `bootstrapToken` ((#v-global-acls-bootstraptoken)) - A Kubernetes or Vault secret containing the bootstrap token to use for creating policies and tokens for all Consul and consul-k8s-control-plane components. If set, we will skip ACL bootstrapping of the servers and will only initialize ACLs for the Consul clients and consul-k8s-control-plane system components. - - `secretName` ((#v-global-acls-bootstraptoken-secretname)) (`string: null`) - The name of the Kubernetes secret. + - `secretName` ((#v-global-acls-bootstraptoken-secretname)) (`string: null`) - The name of the Kubernetes or Vault secret that holds the bootstrap token. - - `secretKey` ((#v-global-acls-bootstraptoken-secretkey)) (`string: null`) - The key of the Kubernetes secret. + - `secretKey` ((#v-global-acls-bootstraptoken-secretkey)) (`string: null`) - The key within the Kubernetes or Vault secret that holds the bootstrap token. - `createReplicationToken` ((#v-global-acls-createreplicationtoken)) (`boolean: false`) - If true, an ACL token will be created that can be used in secondary datacenters for replication. This should only be set to true in the @@ -374,21 +395,32 @@ Use these links to navigate to a particular top-level stanza. and create ACL tokens and policies. This value is ignored if `bootstrapToken` is also set. - - `secretName` ((#v-global-acls-replicationtoken-secretname)) (`string: null`) - The name of the Kubernetes secret or the path of the secret in Vault. + - `secretName` ((#v-global-acls-replicationtoken-secretname)) (`string: null`) - The name of the Kubernetes or Vault secret that holds the replication token. - - `secretKey` ((#v-global-acls-replicationtoken-secretkey)) (`string: null`) - The key of the Kubernetes or Vault secret. + - `secretKey` ((#v-global-acls-replicationtoken-secretkey)) (`string: null`) - The key within the Kubernetes or Vault secret that holds the replication token. - - `enterpriseLicense` ((#v-global-enterpriselicense)) - This value refers to a Kubernetes secret that you have created + - `partitionToken` ((#v-global-acls-partitiontoken)) - partitionToken references a Vault secret containing the ACL token to be used in non-default partitions. + This value should only be provided in the default partition and only when setting + the `global.secretsBackend.vault.enabled` value to true. + Consul will use the value of the secret stored in Vault to create an ACL token in Consul with the value of the + secret as the secretID for the token. + In non-default, partitions set this secret as the `bootstrapToken`. + + - `secretName` ((#v-global-acls-partitiontoken-secretname)) (`string: null`) - The name of the Vault secret that holds the partition token. + + - `secretKey` ((#v-global-acls-partitiontoken-secretkey)) (`string: null`) - The key within the Vault secret that holds the parition token. + + - `enterpriseLicense` ((#v-global-enterpriselicense)) - This value refers to a Kubernetes or Vault secret that you have created that contains your enterprise license. It is required if you are using an enterprise binary. Defining it here applies it to your cluster once a leader has been elected. If you are not using an enterprise image or if you plan to introduce the license key via another route, then set these fields to null. Note: the job to apply license runs on both Helm installs and upgrades. - - `secretName` ((#v-global-enterpriselicense-secretname)) (`string: null`) - secretName is the name of the Kubernetes secret or Vault secret path that holds the enterprise license. + - `secretName` ((#v-global-enterpriselicense-secretname)) (`string: null`) - The name of the Kubernetes or Vault secret that holds the enterprise license. A Kubernetes secret must be in the same namespace that Consul is installed into. - - `secretKey` ((#v-global-enterpriselicense-secretkey)) (`string: null`) - secretKey is the key within the Kubernetes secret or Vault secret key that holds the enterprise license. + - `secretKey` ((#v-global-enterpriselicense-secretkey)) (`string: null`) - The key within the Kubernetes or Vault secret that holds the enterprise license. - `enableLicenseAutoload` ((#v-global-enterpriselicense-enablelicenseautoload)) (`boolean: true`) - Manages license autoload. Required in Consul 1.10.0+, 1.9.7+ and 1.8.12+. @@ -408,11 +440,25 @@ Use these links to navigate to a particular top-level stanza. `-federation` (if setting `global.name`), otherwise `-consul-federation`. - - `primaryDatacenter` ((#v-global-federation-primarydatacenter)) (`string: ""`) - The name of the primary datacenter. + - `primaryDatacenter` ((#v-global-federation-primarydatacenter)) (`string: null`) - The name of the primary datacenter. - `primaryGateways` ((#v-global-federation-primarygateways)) (`array: []`) - A list of addresses of the primary mesh gateways in the form `:`. (e.g. ["1.1.1.1:443", "2.3.4.5:443"] + - `k8sAuthMethodHost` ((#v-global-federation-k8sauthmethodhost)) (`string: null`) - If you are setting `global.federation.enabled` to true and are in a secondary datacenter, + set `k8sAuthMethodHost` to the address of the Kubernetes API server of the secondary datacenter. + This address must be reachable from the Consul servers in the primary datacenter. + This authmethod will be used to provision ACL tokens for Consul components and is different + from the one used by the Consul Service Mesh. + Please see the Kubernetes Auth Method documentation (https://consul.io/docs/acl/auth-methods/kubernetes). + + You could retrieve this value from your `kubeconfig` by running: + + ```shell-session + $ kubectl config view \ + -o jsonpath="{.clusters[?(@.name=='')].cluster.server}" + ``` + - `metrics` ((#v-global-metrics)) - Configures metrics for Consul service mesh - `enabled` ((#v-global-metrics-enabled)) (`boolean: false`) - Configures the Helm chart’s components @@ -511,7 +557,7 @@ Use these links to navigate to a particular top-level stanza. Note: when using TLS, both the `server.serverCert` and `global.tls.caCert` which points to the CA endpoint of this PKI engine must be provided. - - `secretName` ((#v-server-servercert-secretname)) (`string: null`) - The name of the Kubernetes secret or Vault secret path containing the PEM encoded server certificate. + - `secretName` ((#v-server-servercert-secretname)) (`string: null`) - The name of the Vault secret that holds the PEM encoded server certificate. - `exposeGossipAndRPCPorts` ((#v-server-exposegossipandrpcports)) (`boolean: false`) - Exposes the servers' gossip and RPC ports as hostPorts. To enable a client agent outside of the k8s cluster to join the datacenter, you would need to @@ -860,7 +906,7 @@ Use these links to navigate to a particular top-level stanza. "sample/annotation2": "bar" ``` - - `resources` ((#v-client-resources)) (`map`) - Resource settings for Client agents. + - `resources` ((#v-client-resources)) (`map`) - The resource settings for Client agents. NOTE: The use of a YAML string is deprecated. Instead, set directly as a YAML map. @@ -1033,15 +1079,15 @@ Use these links to navigate to a particular top-level stanza. - `replicas` ((#v-client-snapshotagent-replicas)) (`integer: 2`) - The number of snapshot agents to run. - - `configSecret` ((#v-client-snapshotagent-configsecret)) - A Kubernetes secret that should be manually created to contain the entire + - `configSecret` ((#v-client-snapshotagent-configsecret)) - A Kubernetes or Vault secret that should be manually created to contain the entire config to be used on the snapshot agent. This is the preferred method of configuration since there are usually storage credentials present. Please see Snapshot agent config (https://consul.io/commands/snapshot/agent#config-file-options) for details. - - `secretName` ((#v-client-snapshotagent-configsecret-secretname)) (`string: null`) - The name of the Kubernetes secret. + - `secretName` ((#v-client-snapshotagent-configsecret-secretname)) (`string: null`) - The name of the Kubernetes secret or Vault secret path that holds the snapshot agent config. - - `secretKey` ((#v-client-snapshotagent-configsecret-secretkey)) (`string: null`) - The key of the Kubernetes secret. + - `secretKey` ((#v-client-snapshotagent-configsecret-secretkey)) (`string: null`) - The key within the Kubernetes secret or Vault secret key that holds the snapshot agent config. - `serviceAccount` ((#v-client-snapshotagent-serviceaccount)) @@ -1054,7 +1100,7 @@ Use these links to navigate to a particular top-level stanza. "sample/annotation2": "bar" ``` - - `resources` ((#v-client-snapshotagent-resources)) (`map`) - Resource settings for snapshot agent pods. + - `resources` ((#v-client-snapshotagent-resources)) (`map`) - The resource settings for snapshot agent pods. - `caCert` ((#v-client-snapshotagent-cacert)) (`string: null`) - Optional PEM-encoded CA certificate that will be added to the trusted system CAs. Useful if using an S3-compatible storage exposing a self-signed certificate. @@ -1326,9 +1372,9 @@ Use these links to navigate to a particular top-level stanza. an ACL token for your Consul cluster which allows the sync process the correct permissions. This is only needed if ACLs are enabled on the Consul cluster. - - `secretName` ((#v-synccatalog-aclsynctoken-secretname)) (`string: null`) - The name of the Kubernetes secret. + - `secretName` ((#v-synccatalog-aclsynctoken-secretname)) (`string: null`) - The name of the Vault secret that holds the acl sync token. - - `secretKey` ((#v-synccatalog-aclsynctoken-secretkey)) (`string: null`) - The key of the Kubernetes secret. + - `secretKey` ((#v-synccatalog-aclsynctoken-secretkey)) (`string: null`) - The key within the Vault secret that holds the acl sync. - `nodeSelector` ((#v-synccatalog-nodeselector)) (`string: null`) - This value defines `nodeSelector` (https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) labels for catalog sync pod assignment, formatted as a multi-line string. @@ -1358,7 +1404,7 @@ Use these links to navigate to a particular top-level stanza. "sample/annotation2": "bar" ``` - - `resources` ((#v-synccatalog-resources)) (`map`) - Resource settings for sync catalog pods. + - `resources` ((#v-synccatalog-resources)) (`map`) - The resource settings for sync catalog pods. - `logLevel` ((#v-synccatalog-loglevel)) (`string: ""`) - Override global log verbosity level. One of "debug", "info", "warn", or "error". @@ -1464,7 +1510,7 @@ Use these links to navigate to a particular top-level stanza. "sample/annotation2": "bar" ``` - - `resources` ((#v-connectinject-resources)) (`map`) - Resource settings for connect inject pods. + - `resources` ((#v-connectinject-resources)) (`map`) - The resource settings for connect inject pods. - `failurePolicy` ((#v-connectinject-failurepolicy)) (`string: Fail`) - Sets the failurePolicy for the mutating webhook. By default this will cause pods not part of the consul installation to fail scheduling while the webhook is offline. This prevents a pod from skipping mutation if the webhook were to be momentarily offline. @@ -1576,9 +1622,9 @@ Use these links to navigate to a particular top-level stanza. This token needs to have `operator = "write"` privileges to be able to create Consul namespaces. - - `secretName` ((#v-connectinject-aclinjecttoken-secretname)) (`string: null`) - The name of the Kubernetes secret. + - `secretName` ((#v-connectinject-aclinjecttoken-secretname)) (`string: null`) - The name of the Vault secret that holds the ACL inject token. - - `secretKey` ((#v-connectinject-aclinjecttoken-secretkey)) (`string: null`) - The key of the Kubernetes secret. + - `secretKey` ((#v-connectinject-aclinjecttoken-secretkey)) (`string: null`) - The key within the Vault secret that holds the ACL inject token. - `sidecarProxy` ((#v-connectinject-sidecarproxy)) @@ -1603,7 +1649,7 @@ Use these links to navigate to a particular top-level stanza. - `cpu` ((#v-connectinject-sidecarproxy-resources-limits-cpu)) (`string: null`) - Recommended default: 100m - - `initContainer` ((#v-connectinject-initcontainer)) (`map`) - Resource settings for the Connect injected init container. + - `initContainer` ((#v-connectinject-initcontainer)) (`map`) - The resource settings for the Connect injected init container. ### controller @@ -1628,7 +1674,7 @@ Use these links to navigate to a particular top-level stanza. "sample/annotation2": "bar" ``` - - `resources` ((#v-controller-resources)) (`map`) - Resource settings for controller pods. + - `resources` ((#v-controller-resources)) (`map`) - The resource settings for controller pods. - `nodeSelector` ((#v-controller-nodeselector)) (`string: null`) - Optional YAML string to specify a nodeSelector config. @@ -1654,9 +1700,9 @@ Use these links to navigate to a particular top-level stanza. ``` If running Consul Enterprise, talk to your account manager for assistance. - - `secretName` ((#v-controller-acltoken-secretname)) (`string: null`) - The name of the Kubernetes secret. + - `secretName` ((#v-controller-acltoken-secretname)) (`string: null`) - The name of the Vault secret that holds the ACL token. - - `secretKey` ((#v-controller-acltoken-secretkey)) (`string: null`) - The key of the Kubernetes secret. + - `secretKey` ((#v-controller-acltoken-secretkey)) (`string: null`) - The key within the Vault secret that holds the ACL token. ### meshGateway @@ -1760,13 +1806,13 @@ Use these links to navigate to a particular top-level stanza. "sample/annotation2": "bar" ``` - - `resources` ((#v-meshgateway-resources)) (`map`) - Resource settings for mesh gateway pods. + - `resources` ((#v-meshgateway-resources)) (`map`) - The resource settings for mesh gateway pods. NOTE: The use of a YAML string is deprecated. Instead, set directly as a YAML map. - - `initCopyConsulContainer` ((#v-meshgateway-initcopyconsulcontainer)) (`map`) - Resource settings for the `copy-consul-bin` init container. + - `initCopyConsulContainer` ((#v-meshgateway-initcopyconsulcontainer)) (`map`) - The resource settings for the `copy-consul-bin` init container. - - `initServiceInitContainer` ((#v-meshgateway-initserviceinitcontainer)) (`map`) - Resource settings for the `service-init` init container. + - `initServiceInitContainer` ((#v-meshgateway-initserviceinitcontainer)) (`map`) - The resource settings for the `service-init` init container. - `affinity` ((#v-meshgateway-affinity)) (`string`) - By default, we set an anti-affinity so that two gateway pods won't be on the same node. NOTE: Gateways require that Consul client agents are @@ -1846,7 +1892,7 @@ Use these links to navigate to a particular top-level stanza. - `resources` ((#v-ingressgateways-defaults-resources)) (`map`) - Resource limits for all ingress gateway pods - - `initCopyConsulContainer` ((#v-ingressgateways-defaults-initcopyconsulcontainer)) (`map`) - Resource settings for the `copy-consul-bin` init container. + - `initCopyConsulContainer` ((#v-ingressgateways-defaults-initcopyconsulcontainer)) (`map`) - The resource settings for the `copy-consul-bin` init container. - `affinity` ((#v-ingressgateways-defaults-affinity)) (`string`) - By default, we set an anti-affinity so that two of the same gateway pods won't be on the same node. NOTE: Gateways require that Consul client agents are @@ -1919,7 +1965,7 @@ Use these links to navigate to a particular top-level stanza. - `resources` ((#v-terminatinggateways-defaults-resources)) (`map`) - Resource limits for all terminating gateway pods - - `initCopyConsulContainer` ((#v-terminatinggateways-defaults-initcopyconsulcontainer)) (`map`) - Resource settings for the `copy-consul-bin` init container. + - `initCopyConsulContainer` ((#v-terminatinggateways-defaults-initcopyconsulcontainer)) (`map`) - The resource settings for the `copy-consul-bin` init container. - `affinity` ((#v-terminatinggateways-defaults-affinity)) (`string`) - By default, we set an anti-affinity so that two of the same gateway pods won't be on the same node. NOTE: Gateways require that Consul client agents are @@ -2069,6 +2115,10 @@ Use these links to navigate to a particular top-level stanza. "annotation-key": "annotation-value" ``` + - `resources` ((#v-apigateway-resources)) (`map`) - The resource settings for api gateway pods. + + - `initCopyConsulContainer` ((#v-apigateway-initcopyconsulcontainer)) (`map`) - The resource settings for the `copy-consul-bin` init container. + ### webhookCertManager - `webhookCertManager` ((#v-webhookcertmanager)) - Configuration settings for the webhook-cert-manager From d60e8cd6460c42a8af64cca2cd2852feac66eb99 Mon Sep 17 00:00:00 2001 From: Blake Covarrubias Date: Mon, 4 Apr 2022 14:35:07 -0700 Subject: [PATCH 072/785] docs: Update links to K8s service mesh annotations (#12652) The list of supported annotations for Consul service mesh were moved from /docs/k8s/connect to /docs/k8s/annotations-and-labels in PR #12323. This commit updates various across the site to point to the new URL for these annotations. --- .../content/docs/connect/transparent-proxy.mdx | 15 ++++++++------- website/content/docs/k8s/connect/index.mdx | 2 +- .../docs/k8s/connect/ingress-controllers.mdx | 10 +++++----- .../single-dc-multi-k8s.mdx | 2 +- 4 files changed, 15 insertions(+), 14 deletions(-) diff --git a/website/content/docs/connect/transparent-proxy.mdx b/website/content/docs/connect/transparent-proxy.mdx index 5ddc21e2d..750c62e0f 100644 --- a/website/content/docs/connect/transparent-proxy.mdx +++ b/website/content/docs/connect/transparent-proxy.mdx @@ -47,7 +47,7 @@ proxy, and dial the local listener to reach the appropriate upstream. Users woul specific services to talk to one another. Transparent proxying reduces this duplication, by determining upstreams implicitly from Service Intentions. Explicit upstreams are still supported in the [proxy service registration](/docs/connect/registration/service-registration) on VMs and via the -[annotation](/docs/k8s/connect#consul-hashicorp-com-connect-service-upstreams) in Kubernetes. +[annotation](/docs/k8s/annotations-and-labels#consul-hashicorp-com-connect-service-upstreams) in Kubernetes. To support transparent proxying, Consul's CLI now has a command [`consul connect redirect-traffic`](/commands/connect/redirect-traffic) to redirect traffic through an inbound and @@ -153,20 +153,21 @@ or the Pod annotation `consul.hashicorp.com/transparent-proxy-overwrite-probes`. Pods with transparent proxy enabled will have an init container injected that sets up traffic redirection for all inbound and outbound traffic through the sidecar proxies. This will include all traffic by default, with the ability to configure exceptions on a per-Pod basis. The following Pod annotations allow you to exclude certain traffic from redirection to the sidecar proxies: -- [`consul.hashicorp.com/transparent-proxy-exclude-inbound-ports`](/docs/k8s/connect#consul-hashicorp-com-transparent-proxy-exclude-inbound-ports) -- [`consul.hashicorp.com/transparent-proxy-exclude-outbound-ports`](/docs/k8s/connect#consul-hashicorp-com-transparent-proxy-exclude-outbound-ports) -- [`consul.hashicorp.com/transparent-proxy-exclude-outbound-cidrs`](/docs/k8s/connect#consul-hashicorp-com-transparent-proxy-exclude-outbound-cidrs) -- [`consul.hashicorp.com/transparent-proxy-exclude-uids`](/docs/k8s/connect#consul-hashicorp-com-transparent-proxy-exclude-uids) + +- [`consul.hashicorp.com/transparent-proxy-exclude-inbound-ports`](/docs/k8s/annotations-and-labels#consul-hashicorp-com-transparent-proxy-exclude-inbound-ports) +- [`consul.hashicorp.com/transparent-proxy-exclude-outbound-ports`](/docs/k8s/annotations-and-labels#consul-hashicorp-com-transparent-proxy-exclude-outbound-ports) +- [`consul.hashicorp.com/transparent-proxy-exclude-outbound-cidrs`](/docs/k8s/annotations-and-labels#consul-hashicorp-com-transparent-proxy-exclude-outbound-cidrs) +- [`consul.hashicorp.com/transparent-proxy-exclude-uids`](/docs/k8s/annotations-and-labels#consul-hashicorp-com-transparent-proxy-exclude-uids) ## Known Limitations * Traffic can only be transparently proxied when the address dialed corresponds to the address of a service in the transparent proxy's datacenter. Services can also dial explicit upstreams in other datacenters without transparent proxy, for example, by adding an -[annotation](/docs/k8s/connect#consul-hashicorp-com-connect-service-upstreams) such as +[annotation](/docs/k8s/annotations-and-labels#consul-hashicorp-com-connect-service-upstreams) such as `"consul.hashicorp.com/connect-service-upstreams": "my-service:1234:dc2"` to reach an upstream service called `my-service` in the datacenter `dc2`. -* In the deployment configuration where a [single Consul datacenter spans multiple Kubernetes clusters](/docs/k8s/installation/deployment-configurations/single-dc-multi-k8s), services in one Kubernetes cluster must explicitly dial a service in another Kubernetes cluster using the [consul.hashicorp.com/connect-service-upstreams](/docs/k8s/connect#consul-hashicorp-com-connect-service-upstreams) annotation. An example would be +* In the deployment configuration where a [single Consul datacenter spans multiple Kubernetes clusters](/docs/k8s/installation/deployment-configurations/single-dc-multi-k8s), services in one Kubernetes cluster must explicitly dial a service in another Kubernetes cluster using the [consul.hashicorp.com/connect-service-upstreams](/docs/k8s/annotations-and-labels#consul-hashicorp-com-connect-service-upstreams) annotation. An example would be `"consul.hashicorp.com/connect-service-upstreams": "my-service:1234"`, where `my-service` is the service that exists in another Kubernetes cluster and is exposed on port `1234`. Although Transparent Proxy is enabled, KubeDNS is not utilized when communicating between services existing on separate Kubernetes clusters. * When dialing headless services the request will be proxied using a plain TCP proxy with a 5s connection timeout. Currently the upstream's protocol and connection timeout are not considered. diff --git a/website/content/docs/k8s/connect/index.mdx b/website/content/docs/k8s/connect/index.mdx index d708f342c..928089142 100644 --- a/website/content/docs/k8s/connect/index.mdx +++ b/website/content/docs/k8s/connect/index.mdx @@ -192,7 +192,7 @@ When ACLs are enabled with default `deny` policy, you must supply an [intention](/docs/connect/intentions) to tell Consul which upstream you need to talk to. When upstreams are specified explicitly with the -[`consul.hashicorp.com/connect-service-upstreams` annotation](/docs/k8s/connect#consul-hashicorp-com-connect-service-upstreams), +[`consul.hashicorp.com/connect-service-upstreams` annotation](/docs/k8s/annotations-and-labels#consul-hashicorp-com-connect-service-upstreams), the injector will also set environment variables `_CONNECT_SERVICE_HOST` and `_CONNECT_SERVICE_PORT` in every container in the Pod for every defined upstream. This is analogous to the standard Kubernetes service environment variables, but diff --git a/website/content/docs/k8s/connect/ingress-controllers.mdx b/website/content/docs/k8s/connect/ingress-controllers.mdx index b814d1241..eb99cc93f 100644 --- a/website/content/docs/k8s/connect/ingress-controllers.mdx +++ b/website/content/docs/k8s/connect/ingress-controllers.mdx @@ -12,22 +12,22 @@ description: Configuring Ingress Controllers With Consul On Kubernetes [Transparent Proxy](/docs/connect/transparent-proxy) mode enabled. This page describes a general approach for integrating Ingress Controllers with Consul on Kubernetes to secure traffic from the Controller -to the backend services by deploying sidecars along with your Ingress Controller. This allows Consul to transparently secure traffic from the ingress point through the entire traffic flow of the service. +to the backend services by deploying sidecars along with your Ingress Controller. This allows Consul to transparently secure traffic from the ingress point through the entire traffic flow of the service. -If you are looking for a fully supported solution for ingress traffic into Consul Service Mesh, please visit [Consul API Gateway](https://www.consul.io/docs/api-gateway) for instruction on how to install Consul API Gateway along with Consul on Kubernetes. +If you are looking for a fully supported solution for ingress traffic into Consul Service Mesh, please visit [Consul API Gateway](/docs/api-gateway) for instruction on how to install Consul API Gateway along with Consul on Kubernetes. A few steps are generally required to enable an Ingress controller to join the mesh and pass traffic through to a service: * Enable connect-injection via an annotation on the Ingress Controller's deployment: `consul.hashicorp.com/connect-inject` is `true`. * Using the following annotations on the Ingress controller's deployment, set up exclusion rules for its ports. - * [`consul.hashicorp.com/transparent-proxy-exclude-inbound-ports`](/docs/k8s/connect#consul-hashicorp-com-transparent-proxy-exclude-inbound-ports) - Provides the ability to exclude a list of ports for + * [`consul.hashicorp.com/transparent-proxy-exclude-inbound-ports`](/docs/k8s/annotations-and-labels#consul-hashicorp-com-transparent-proxy-exclude-inbound-ports) - Provides the ability to exclude a list of ports for inbound traffic that the service exposes from redirection. Typical configurations would require all inbound service ports for the controller to be included in this list. - * [`consul.hashicorp.com/transparent-proxy-exclude-outbound-ports`](/docs/k8s/connect#consul-hashicorp-com-transparent-proxy-exclude-outbound-ports) - Provides the ability to exclude a list of ports for + * [`consul.hashicorp.com/transparent-proxy-exclude-outbound-ports`](/docs/k8s/annotations-and-labels#consul-hashicorp-com-transparent-proxy-exclude-outbound-ports) - Provides the ability to exclude a list of ports for outbound traffic that the service exposes from redirection. These would be outbound ports used by your ingress controller which expect to skip the mesh and talk to non-mesh services. - * [`consul.hashicorp.com/transparent-proxy-exclude-outbound-cidrs`](/docs/k8s/connect#consul-hashicorp-com-transparent-proxy-exclude-outbound-cidrs) - Provides the ability to exclude a list of CIDRs that + * [`consul.hashicorp.com/transparent-proxy-exclude-outbound-cidrs`](/docs/k8s/annotations-and-labels#consul-hashicorp-com-transparent-proxy-exclude-outbound-cidrs) - Provides the ability to exclude a list of CIDRs that the service communicates with for outbound requests from redirection. It is somewhat common that an Ingress controller will expect to make API calls to the Kubernetes service for service/endpoint management. As such including the ClusterIP of the Kubernetes service is common. diff --git a/website/content/docs/k8s/installation/deployment-configurations/single-dc-multi-k8s.mdx b/website/content/docs/k8s/installation/deployment-configurations/single-dc-multi-k8s.mdx index baa36174d..4e47aeeda 100644 --- a/website/content/docs/k8s/installation/deployment-configurations/single-dc-multi-k8s.mdx +++ b/website/content/docs/k8s/installation/deployment-configurations/single-dc-multi-k8s.mdx @@ -188,7 +188,7 @@ $ helm install cluster2 --values cluster2-config.yaml hashicorp/consul ## Verifying the Consul Service Mesh works -~> When Transparent proxy is enabled, services in one Kubernetes cluster that need to communicate with a service in another Kubernetes cluster must have a explicit upstream configured through the ["consul.hashicorp.com/connect-service-upstreams"](/docs/k8s/connect#consul-hashicorp-com-connect-service-upstreams) annotation. +~> When Transparent proxy is enabled, services in one Kubernetes cluster that need to communicate with a service in another Kubernetes cluster must have a explicit upstream configured through the ["consul.hashicorp.com/connect-service-upstreams"](/docs/k8s/annotations-and-labels#consul-hashicorp-com-connect-service-upstreams) annotation. Now that we have our Consul cluster in multiple k8s clusters up and running, we will deploy two services and verify that they can connect to each other. From b4285b56ee8ce3e6d7b11d25fc48527597f68f50 Mon Sep 17 00:00:00 2001 From: Thomas Eckert Date: Mon, 4 Apr 2022 17:50:59 -0400 Subject: [PATCH 073/785] Update Helm docs to reflect 0.42.0 release (#12689) * Update Helm docs to reflect 0.42.0 release Co-authored-by: mrspanishviking Co-authored-by: David Yu Co-authored-by: mrspanishviking --- website/content/docs/k8s/helm.mdx | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/website/content/docs/k8s/helm.mdx b/website/content/docs/k8s/helm.mdx index 81164cac3..0072528c1 100644 --- a/website/content/docs/k8s/helm.mdx +++ b/website/content/docs/k8s/helm.mdx @@ -448,11 +448,12 @@ Use these links to navigate to a particular top-level stanza. - `k8sAuthMethodHost` ((#v-global-federation-k8sauthmethodhost)) (`string: null`) - If you are setting `global.federation.enabled` to true and are in a secondary datacenter, set `k8sAuthMethodHost` to the address of the Kubernetes API server of the secondary datacenter. This address must be reachable from the Consul servers in the primary datacenter. - This authmethod will be used to provision ACL tokens for Consul components and is different - from the one used by the Consul Service Mesh. - Please see the Kubernetes Auth Method documentation (https://consul.io/docs/acl/auth-methods/kubernetes). - You could retrieve this value from your `kubeconfig` by running: + This auth method will be used to provision ACL tokens for Consul components and is different + from the one used by the Consul Service Mesh. + Please see the [Kubernetes Auth Method documentation](https://consul.io/docs/acl/auth-methods/kubernetes) for additional information. + + You can retrieve this value from your `kubeconfig` by running: ```shell-session $ kubectl config view \ From e48c1611eeda4de78b1dc7e523642f06e8fb31df Mon Sep 17 00:00:00 2001 From: Dan Upton Date: Tue, 5 Apr 2022 15:26:14 +0100 Subject: [PATCH 074/785] WatchRoots gRPC endpoint (#12678) Adds a new gRPC streaming endpoint (WatchRoots) that dataplane clients will use to fetch the current list of active Connect CA roots and receive new lists whenever the roots are rotated. --- .changelog/12678.txt | 3 + agent/consul/acl.go | 20 + agent/consul/leader_connect_ca_test.go | 3 +- agent/consul/leader_test.go | 3 +- agent/consul/server.go | 8 + agent/consul/server_test.go | 3 +- agent/consul/state/catalog_events.go | 64 ++- agent/consul/state/catalog_events_test.go | 69 +-- agent/consul/state/connect_ca_events.go | 17 +- agent/consul/state/connect_ca_events_test.go | 23 + agent/consul/state/state_store.go | 5 +- agent/consul/state/store_integration_test.go | 56 ++- agent/consul/stream/event.go | 14 +- agent/consul/stream/event_publisher.go | 9 +- agent/consul/stream/event_publisher_test.go | 40 +- agent/consul/stream/subscription.go | 36 +- agent/consul/stream/subscription_test.go | 30 +- .../private/services/subscribe/subscribe.go | 12 +- .../services/subscribe/subscribe_test.go | 6 +- .../public/services/connectca/acl_test.go | 27 + .../services/connectca/mock_ACLResolver.go | 38 ++ .../grpc/public/services/connectca/server.go | 42 ++ .../public/services/connectca/server_test.go | 52 ++ .../public/services/connectca/watch_roots.go | 202 ++++++++ .../services/connectca/watch_roots_test.go | 280 +++++++++++ agent/grpc/public/token.go | 28 ++ agent/submatview/store_integration_test.go | 10 +- agent/xds/server.go | 16 +- proto-public/pbconnectca/ca.pb.binary.go | 28 ++ proto-public/pbconnectca/ca.pb.go | 473 ++++++++++++++++++ proto-public/pbconnectca/ca.proto | 72 +++ 31 files changed, 1473 insertions(+), 216 deletions(-) create mode 100644 .changelog/12678.txt create mode 100644 agent/grpc/public/services/connectca/acl_test.go create mode 100644 agent/grpc/public/services/connectca/mock_ACLResolver.go create mode 100644 agent/grpc/public/services/connectca/server.go create mode 100644 agent/grpc/public/services/connectca/server_test.go create mode 100644 agent/grpc/public/services/connectca/watch_roots.go create mode 100644 agent/grpc/public/services/connectca/watch_roots_test.go create mode 100644 agent/grpc/public/token.go create mode 100644 proto-public/pbconnectca/ca.pb.binary.go create mode 100644 proto-public/pbconnectca/ca.pb.go create mode 100644 proto-public/pbconnectca/ca.proto diff --git a/.changelog/12678.txt b/.changelog/12678.txt new file mode 100644 index 000000000..3758a06a1 --- /dev/null +++ b/.changelog/12678.txt @@ -0,0 +1,3 @@ +```release-note:feature +ca: Root certificates can now be consumed from a gRPC streaming endpoint: `WatchRoots` +``` diff --git a/agent/consul/acl.go b/agent/consul/acl.go index bd84857b6..8b3d4e55e 100644 --- a/agent/consul/acl.go +++ b/agent/consul/acl.go @@ -664,6 +664,26 @@ func (r *ACLResolver) synthesizePoliciesForNodeIdentities(nodeIdentities []*stru return syntheticPolicies } +// plainACLResolver wraps ACLResolver so that it can be used in other packages +// that cannot import agent/consul wholesale (e.g. because of import cycles). +// +// TODO(agentless): this pattern was copied from subscribeBackend for expediency +// but we should really refactor ACLResolver so it can be passed as a dependency +// to other packages. +type plainACLResolver struct { + resolver *ACLResolver +} + +func (r plainACLResolver) ResolveTokenAndDefaultMeta( + token string, + entMeta *structs.EnterpriseMeta, + authzContext *acl.AuthorizerContext, +) (acl.Authorizer, error) { + // ACLResolver.ResolveTokenAndDefaultMeta returns a ACLResolveResult which + // can't be used in other packages, but it embeds acl.Authorizer which can. + return r.resolver.ResolveTokenAndDefaultMeta(token, entMeta, authzContext) +} + func dedupeServiceIdentities(in []*structs.ACLServiceIdentity) []*structs.ACLServiceIdentity { // From: https://github.com/golang/go/wiki/SliceTricks#in-place-deduplicate-comparable diff --git a/agent/consul/leader_connect_ca_test.go b/agent/consul/leader_connect_ca_test.go index 2ebbda0a6..1f2c964b8 100644 --- a/agent/consul/leader_connect_ca_test.go +++ b/agent/consul/leader_connect_ca_test.go @@ -19,6 +19,7 @@ import ( vaultapi "github.com/hashicorp/vault/api" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + "google.golang.org/grpc" msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" "github.com/hashicorp/consul-net-rpc/net/rpc" @@ -550,7 +551,7 @@ func TestCAManager_Initialize_Logging(t *testing.T) { deps := newDefaultDeps(t, conf1) deps.Logger = logger - s1, err := NewServer(conf1, deps, nil) + s1, err := NewServer(conf1, deps, grpc.NewServer()) require.NoError(t, err) defer s1.Shutdown() testrpc.WaitForLeader(t, s1.RPC, "dc1") diff --git a/agent/consul/leader_test.go b/agent/consul/leader_test.go index 189c058b9..cb767acf0 100644 --- a/agent/consul/leader_test.go +++ b/agent/consul/leader_test.go @@ -12,6 +12,7 @@ import ( "github.com/hashicorp/go-hclog" "github.com/hashicorp/serf/serf" "github.com/stretchr/testify/require" + "google.golang.org/grpc" msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" @@ -1528,7 +1529,7 @@ func TestLeader_ConfigEntryBootstrap_Fail(t *testing.T) { deps := newDefaultDeps(t, config) deps.Logger = logger - srv, err := NewServer(config, deps, nil) + srv, err := NewServer(config, deps, grpc.NewServer()) require.NoError(t, err) defer srv.Shutdown() diff --git a/agent/consul/server.go b/agent/consul/server.go index da821ebc8..ccfa3044a 100644 --- a/agent/consul/server.go +++ b/agent/consul/server.go @@ -43,6 +43,7 @@ import ( "github.com/hashicorp/consul/agent/consul/wanfed" agentgrpc "github.com/hashicorp/consul/agent/grpc/private" "github.com/hashicorp/consul/agent/grpc/private/services/subscribe" + "github.com/hashicorp/consul/agent/grpc/public/services/connectca" "github.com/hashicorp/consul/agent/metadata" "github.com/hashicorp/consul/agent/pool" "github.com/hashicorp/consul/agent/router" @@ -632,6 +633,13 @@ func NewServer(config *Config, flat Deps, publicGRPCServer *grpc.Server) (*Serve // since it can fire events when leadership is obtained. go s.monitorLeadership() + // Initialize public gRPC server. + connectca.NewServer(connectca.Config{ + GetStore: func() connectca.StateStore { return s.FSM().State() }, + Logger: logger.Named("grpc-api.connect-ca"), + ACLResolver: plainACLResolver{s.ACLResolver}, + }).Register(s.publicGRPCServer) + // Start listening for RPC requests. go func() { if err := s.grpcHandler.Run(); err != nil { diff --git a/agent/consul/server_test.go b/agent/consul/server_test.go index bf7ff0ab6..6f953dd1c 100644 --- a/agent/consul/server_test.go +++ b/agent/consul/server_test.go @@ -13,6 +13,7 @@ import ( "github.com/google/tcpproxy" "github.com/hashicorp/memberlist" "github.com/hashicorp/raft" + "google.golang.org/grpc" "github.com/hashicorp/consul/ipaddr" @@ -263,7 +264,7 @@ func newServer(t *testing.T, c *Config) (*Server, error) { } } - srv, err := NewServer(c, newDefaultDeps(t, c), nil) + srv, err := NewServer(c, newDefaultDeps(t, c), grpc.NewServer()) if err != nil { return nil, err } diff --git a/agent/consul/state/catalog_events.go b/agent/consul/state/catalog_events.go index 3c72db0bd..eaca440a8 100644 --- a/agent/consul/state/catalog_events.go +++ b/agent/consul/state/catalog_events.go @@ -1,6 +1,7 @@ package state import ( + "fmt" "strings" memdb "github.com/hashicorp/go-memdb" @@ -11,6 +12,38 @@ import ( "github.com/hashicorp/consul/proto/pbsubscribe" ) +// EventSubjectService is a stream.Subject used to route and receive events for +// a specific service. +type EventSubjectService struct { + Key string + EnterpriseMeta structs.EnterpriseMeta + + overrideKey string + overrideNamespace string + overridePartition string +} + +// String satisfies the stream.Subject interface. +func (s EventSubjectService) String() string { + partition := s.EnterpriseMeta.PartitionOrDefault() + if v := s.overridePartition; v != "" { + partition = strings.ToLower(v) + } + + namespace := s.EnterpriseMeta.NamespaceOrDefault() + if v := s.overrideNamespace; v != "" { + namespace = strings.ToLower(v) + } + + key := s.Key + if v := s.overrideKey; v != "" { + key = v + } + key = strings.ToLower(key) + + return partition + "/" + namespace + "/" + key +} + // EventPayloadCheckServiceNode is used as the Payload for a stream.Event to // indicates changes to a CheckServiceNode for service health. // @@ -33,25 +66,14 @@ func (e EventPayloadCheckServiceNode) HasReadPermission(authz acl.Authorizer) bo } func (e EventPayloadCheckServiceNode) Subject() stream.Subject { - partition := e.Value.Service.PartitionOrDefault() - if e.overridePartition != "" { - partition = e.overridePartition - } - partition = strings.ToLower(partition) + return EventSubjectService{ + Key: e.Value.Service.Service, + EnterpriseMeta: e.Value.Service.EnterpriseMeta, - namespace := e.Value.Service.NamespaceOrDefault() - if e.overrideNamespace != "" { - namespace = e.overrideNamespace + overrideKey: e.overrideKey, + overrideNamespace: e.overrideNamespace, + overridePartition: e.overridePartition, } - namespace = strings.ToLower(namespace) - - key := e.Value.Service.Service - if e.overrideKey != "" { - key = e.overrideKey - } - key = strings.ToLower(key) - - return stream.Subject(partition + "/" + namespace + "/" + key) } // serviceHealthSnapshot returns a stream.SnapshotFunc that provides a snapshot @@ -62,7 +84,13 @@ func serviceHealthSnapshot(db ReadDB, topic stream.Topic) stream.SnapshotFunc { defer tx.Abort() connect := topic == topicServiceHealthConnect - idx, nodes, err := checkServiceNodesTxn(tx, nil, req.Key, connect, &req.EnterpriseMeta) + + subject, ok := req.Subject.(EventSubjectService) + if !ok { + return 0, fmt.Errorf("expected SubscribeRequest.Subject to be a: state.EventSubjectService, was a: %T", req.Subject) + } + + idx, nodes, err := checkServiceNodesTxn(tx, nil, subject.Key, connect, &subject.EnterpriseMeta) if err != nil { return 0, err } diff --git a/agent/consul/state/catalog_events_test.go b/agent/consul/state/catalog_events_test.go index bb17dae10..b85ea5f76 100644 --- a/agent/consul/state/catalog_events_test.go +++ b/agent/consul/state/catalog_events_test.go @@ -16,11 +16,10 @@ import ( "github.com/hashicorp/consul/types" ) -func TestEventPayloadCheckServiceNode_SubjectMatchesRequests(t *testing.T) { - // Matches. +func TestEventPayloadCheckServiceNode_Subject(t *testing.T) { for desc, tc := range map[string]struct { evt EventPayloadCheckServiceNode - req stream.SubscribeRequest + sub string }{ "default partition and namespace": { EventPayloadCheckServiceNode{ @@ -30,10 +29,7 @@ func TestEventPayloadCheckServiceNode_SubjectMatchesRequests(t *testing.T) { }, }, }, - stream.SubscribeRequest{ - Key: "foo", - EnterpriseMeta: structs.EnterpriseMeta{}, - }, + "default/default/foo", }, "mixed casing": { EventPayloadCheckServiceNode{ @@ -43,7 +39,7 @@ func TestEventPayloadCheckServiceNode_SubjectMatchesRequests(t *testing.T) { }, }, }, - stream.SubscribeRequest{Key: "foo"}, + "default/default/foo", }, "override key": { EventPayloadCheckServiceNode{ @@ -54,60 +50,11 @@ func TestEventPayloadCheckServiceNode_SubjectMatchesRequests(t *testing.T) { }, overrideKey: "bar", }, - stream.SubscribeRequest{Key: "bar"}, + "default/default/bar", }, } { t.Run(desc, func(t *testing.T) { - require.Equal(t, tc.req.Subject(), tc.evt.Subject()) - }) - } - - // Non-matches. - for desc, tc := range map[string]struct { - evt EventPayloadCheckServiceNode - req stream.SubscribeRequest - }{ - "different key": { - EventPayloadCheckServiceNode{ - Value: &structs.CheckServiceNode{ - Service: &structs.NodeService{ - Service: "foo", - }, - }, - }, - stream.SubscribeRequest{ - Key: "bar", - }, - }, - "different partition": { - EventPayloadCheckServiceNode{ - Value: &structs.CheckServiceNode{ - Service: &structs.NodeService{ - Service: "foo", - }, - }, - overridePartition: "bar", - }, - stream.SubscribeRequest{ - Key: "foo", - }, - }, - "different namespace": { - EventPayloadCheckServiceNode{ - Value: &structs.CheckServiceNode{ - Service: &structs.NodeService{ - Service: "foo", - }, - }, - overrideNamespace: "bar", - }, - stream.SubscribeRequest{ - Key: "foo", - }, - }, - } { - t.Run(desc, func(t *testing.T) { - require.NotEqual(t, tc.req.Subject(), tc.evt.Subject()) + require.Equal(t, tc.sub, tc.evt.Subject().String()) }) } } @@ -125,7 +72,7 @@ func TestServiceHealthSnapshot(t *testing.T) { fn := serviceHealthSnapshot((*readDB)(store.db.db), topicServiceHealth) buf := &snapshotAppender{} - req := stream.SubscribeRequest{Key: "web"} + req := stream.SubscribeRequest{Subject: EventSubjectService{Key: "web"}} idx, err := fn(req, buf) require.NoError(t, err) @@ -202,7 +149,7 @@ func TestServiceHealthSnapshot_ConnectTopic(t *testing.T) { fn := serviceHealthSnapshot((*readDB)(store.db.db), topicServiceHealthConnect) buf := &snapshotAppender{} - req := stream.SubscribeRequest{Key: "web", Topic: topicServiceHealthConnect} + req := stream.SubscribeRequest{Subject: EventSubjectService{Key: "web"}, Topic: topicServiceHealthConnect} idx, err := fn(req, buf) require.NoError(t, err) diff --git a/agent/consul/state/connect_ca_events.go b/agent/consul/state/connect_ca_events.go index e73c206b5..c6bd135be 100644 --- a/agent/consul/state/connect_ca_events.go +++ b/agent/consul/state/connect_ca_events.go @@ -12,11 +12,13 @@ import ( // // Note: topics are ordinarily defined in subscribe.proto, but this one isn't // currently available via the Subscribe endpoint. -const EventTopicCARoots stringTopic = "CARoots" +const EventTopicCARoots stringer = "CARoots" -type stringTopic string +// stringer is a convenience type to turn a regular string into a fmt.Stringer +// so that it can be used as a stream.Topic or stream.Subject. +type stringer string -func (s stringTopic) String() string { return string(s) } +func (s stringer) String() string { return string(s) } type EventPayloadCARoots struct { CARoots structs.CARoots @@ -25,9 +27,12 @@ type EventPayloadCARoots struct { func (e EventPayloadCARoots) Subject() stream.Subject { return stream.SubjectNone } func (e EventPayloadCARoots) HasReadPermission(authz acl.Authorizer) bool { - // TODO(agentless): implement this method once the Authorizer exposes a method - // to check for `service:write` on any service. - panic("EventPayloadCARoots does not implement HasReadPermission") + // Require `service:write` on any service in any partition and namespace. + var authzContext acl.AuthorizerContext + structs.WildcardEnterpriseMetaInPartition(structs.WildcardSpecifier). + FillAuthzContext(&authzContext) + + return authz.ServiceWriteAny(&authzContext) == acl.Allow } // caRootsChangeEvents returns an event on EventTopicCARoots whenever the list diff --git a/agent/consul/state/connect_ca_events_test.go b/agent/consul/state/connect_ca_events_test.go index 9e9134367..9651e2a47 100644 --- a/agent/consul/state/connect_ca_events_test.go +++ b/agent/consul/state/connect_ca_events_test.go @@ -5,6 +5,7 @@ import ( "github.com/stretchr/testify/require" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/connect" "github.com/hashicorp/consul/agent/consul/stream" "github.com/hashicorp/consul/agent/structs" @@ -93,3 +94,25 @@ func TestCARootsSnapshot(t *testing.T) { }) }) } + +func TestEventPayloadCARoots_HasReadPermission(t *testing.T) { + t.Run("no service:write", func(t *testing.T) { + hasRead := EventPayloadCARoots{}.HasReadPermission(acl.DenyAll()) + require.False(t, hasRead) + }) + + t.Run("has service:write", func(t *testing.T) { + policy, err := acl.NewPolicyFromSource(` + service "foo" { + policy = "write" + } + `, acl.SyntaxCurrent, nil, nil) + require.NoError(t, err) + + authz, err := acl.NewPolicyAuthorizerWithDefaults(acl.DenyAll(), []*acl.Policy{policy}, nil) + require.NoError(t, err) + + hasRead := EventPayloadCARoots{}.HasReadPermission(authz) + require.True(t, hasRead) + }) +} diff --git a/agent/consul/state/state_store.go b/agent/consul/state/state_store.go index 82dc8d356..2689ac142 100644 --- a/agent/consul/state/state_store.go +++ b/agent/consul/state/state_store.go @@ -276,8 +276,11 @@ func (s *Store) AbandonCh() <-chan struct{} { // Abandon is used to signal that the given state store has been abandoned. // Calling this more than one time will panic. func (s *Store) Abandon() { - s.stopEventPublisher() + // Note: the order of these operations matters. Subscribers may receive on + // abandonCh to determine whether their subscription was closed because the + // store was abandoned, therefore it's important abandonCh is closed first. close(s.abandonCh) + s.stopEventPublisher() } // maxIndex is a helper used to retrieve the highest known index diff --git a/agent/consul/state/store_integration_test.go b/agent/consul/state/store_integration_test.go index edd051389..55c3059ce 100644 --- a/agent/consul/state/store_integration_test.go +++ b/agent/consul/state/store_integration_test.go @@ -25,9 +25,9 @@ func TestStore_IntegrationWithEventPublisher_ACLTokenUpdate(t *testing.T) { // Register the subscription. subscription := &stream.SubscribeRequest{ - Topic: topicService, - Key: "nope", - Token: token.SecretID, + Topic: topicService, + Subject: stringer("nope"), + Token: token.SecretID, } ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second) defer cancel() @@ -71,9 +71,9 @@ func TestStore_IntegrationWithEventPublisher_ACLTokenUpdate(t *testing.T) { // Register another subscription. subscription2 := &stream.SubscribeRequest{ - Topic: topicService, - Key: "nope", - Token: token.SecretID, + Topic: topicService, + Subject: stringer("nope"), + Token: token.SecretID, } sub2, err := publisher.Subscribe(subscription2) require.NoError(t, err) @@ -112,9 +112,9 @@ func TestStore_IntegrationWithEventPublisher_ACLPolicyUpdate(t *testing.T) { // Register the subscription. subscription := &stream.SubscribeRequest{ - Topic: topicService, - Key: "nope", - Token: token.SecretID, + Topic: topicService, + Subject: stringer("nope"), + Token: token.SecretID, } ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second) defer cancel() @@ -162,9 +162,9 @@ func TestStore_IntegrationWithEventPublisher_ACLPolicyUpdate(t *testing.T) { // Register another subscription. subscription2 := &stream.SubscribeRequest{ - Topic: topicService, - Key: "nope", - Token: token.SecretID, + Topic: topicService, + Subject: stringer("nope"), + Token: token.SecretID, } sub, err = publisher.Subscribe(subscription2) require.NoError(t, err) @@ -191,9 +191,9 @@ func TestStore_IntegrationWithEventPublisher_ACLPolicyUpdate(t *testing.T) { // Register another subscription. subscription3 := &stream.SubscribeRequest{ - Topic: topicService, - Key: "nope", - Token: token.SecretID, + Topic: topicService, + Subject: stringer("nope"), + Token: token.SecretID, } sub, err = publisher.Subscribe(subscription3) require.NoError(t, err) @@ -233,9 +233,9 @@ func TestStore_IntegrationWithEventPublisher_ACLRoleUpdate(t *testing.T) { // Register the subscription. subscription := &stream.SubscribeRequest{ - Topic: topicService, - Key: "nope", - Token: token.SecretID, + Topic: topicService, + Subject: stringer("nope"), + Token: token.SecretID, } ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second) defer cancel() @@ -278,9 +278,9 @@ func TestStore_IntegrationWithEventPublisher_ACLRoleUpdate(t *testing.T) { // Register another subscription. subscription2 := &stream.SubscribeRequest{ - Topic: topicService, - Key: "nope", - Token: token.SecretID, + Topic: topicService, + Subject: stringer("nope"), + Token: token.SecretID, } sub, err = publisher.Subscribe(subscription2) require.NoError(t, err) @@ -396,7 +396,9 @@ var topicService topic = "test-topic-service" func newTestSnapshotHandlers(s *Store) stream.SnapshotHandlers { return stream.SnapshotHandlers{ topicService: func(req stream.SubscribeRequest, snap stream.SnapshotAppender) (uint64, error) { - idx, nodes, err := s.ServiceNodes(nil, req.Key, nil) + key := req.Subject.String() + + idx, nodes, err := s.ServiceNodes(nil, key, nil) if err != nil { return idx, err } @@ -405,7 +407,7 @@ func newTestSnapshotHandlers(s *Store) stream.SnapshotHandlers { event := stream.Event{ Topic: req.Topic, Index: node.ModifyIndex, - Payload: nodePayload{node: node, key: req.Key}, + Payload: nodePayload{node: node, key: key}, } snap.Append([]stream.Event{event}) } @@ -424,7 +426,7 @@ func (p nodePayload) HasReadPermission(acl.Authorizer) bool { } func (p nodePayload) Subject() stream.Subject { - return stream.Subject(p.node.PartitionOrDefault() + "/" + p.node.NamespaceOrDefault() + "/" + p.key) + return stringer(p.key) } func createTokenAndWaitForACLEventPublish(t *testing.T, s *Store) *structs.ACLToken { @@ -451,9 +453,9 @@ func createTokenAndWaitForACLEventPublish(t *testing.T, s *Store) *structs.ACLTo // so we know the initial token write event has been sent out before // continuing... req := &stream.SubscribeRequest{ - Topic: topicService, - Key: "nope", - Token: token.SecretID, + Topic: topicService, + Subject: stringer("nope"), + Token: token.SecretID, } ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second) defer cancel() diff --git a/agent/consul/stream/event.go b/agent/consul/stream/event.go index 78e41bc37..b3936a49b 100644 --- a/agent/consul/stream/event.go +++ b/agent/consul/stream/event.go @@ -17,12 +17,16 @@ type Topic fmt.Stringer // Subject identifies a portion of a topic for which a subscriber wishes to // receive events (e.g. health events for a particular service) usually the // normalized resource name (including partition and namespace if applicable). -type Subject string +type Subject fmt.Stringer // SubjectNone is used when all events on a given topic are "global" and not // further partitioned by subject. For example: the "CA Roots" topic which is // used to notify subscribers when the global set CA root certificates changes. -const SubjectNone Subject = "none" +const SubjectNone stringer = "none" + +type stringer string + +func (s stringer) String() string { return string(s) } // Event is a structure with identifiers and a payload. Events are Published to // EventPublisher and returned to Subscribers. @@ -123,6 +127,12 @@ func (e Event) IsNewSnapshotToFollow() bool { return e.Payload == newSnapshotToFollow{} } +// IsFramingEvent returns true if this is a framing event (e.g. EndOfSnapshot +// or NewSnapshotToFollow). +func (e Event) IsFramingEvent() bool { + return e.IsEndOfSnapshot() || e.IsNewSnapshotToFollow() +} + type framingEvent struct{} func (framingEvent) HasReadPermission(acl.Authorizer) bool { diff --git a/agent/consul/stream/event_publisher.go b/agent/consul/stream/event_publisher.go index 094101355..06b7b03a2 100644 --- a/agent/consul/stream/event_publisher.go +++ b/agent/consul/stream/event_publisher.go @@ -44,8 +44,8 @@ type EventPublisher struct { // topicSubject is used as a map key when accessing topic buffers and cached // snapshots. type topicSubject struct { - Topic Topic - Subject Subject + Topic string + Subject string } type subscriptions struct { @@ -138,7 +138,10 @@ func (e *EventPublisher) publishEvent(events []Event) { continue } - groupKey := topicSubject{event.Topic, event.Payload.Subject()} + groupKey := topicSubject{ + Topic: event.Topic.String(), + Subject: event.Payload.Subject().String(), + } groupedEvents[groupKey] = append(groupedEvents[groupKey], event) } diff --git a/agent/consul/stream/event_publisher_test.go b/agent/consul/stream/event_publisher_test.go index f90af0b1b..c718d5853 100644 --- a/agent/consul/stream/event_publisher_test.go +++ b/agent/consul/stream/event_publisher_test.go @@ -21,8 +21,8 @@ var testTopic Topic = intTopic(999) func TestEventPublisher_SubscribeWithIndex0(t *testing.T) { req := &SubscribeRequest{ - Topic: testTopic, - Key: "sub-key", + Topic: testTopic, + Subject: stringer("sub-key"), } ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second) defer cancel() @@ -81,7 +81,7 @@ func (p simplePayload) HasReadPermission(acl.Authorizer) bool { return !p.noReadPerm } -func (p simplePayload) Subject() Subject { return Subject("default/default/" + p.key) } +func (p simplePayload) Subject() Subject { return stringer(p.key) } func newTestSnapshotHandlers() SnapshotHandlers { return SnapshotHandlers{ @@ -153,11 +153,11 @@ func TestEventPublisher_ShutdownClosesSubscriptions(t *testing.T) { publisher := NewEventPublisher(handlers, time.Second) go publisher.Run(ctx) - sub1, err := publisher.Subscribe(&SubscribeRequest{Topic: intTopic(22)}) + sub1, err := publisher.Subscribe(&SubscribeRequest{Topic: intTopic(22), Subject: SubjectNone}) require.NoError(t, err) defer sub1.Unsubscribe() - sub2, err := publisher.Subscribe(&SubscribeRequest{Topic: intTopic(33)}) + sub2, err := publisher.Subscribe(&SubscribeRequest{Topic: intTopic(33), Subject: SubjectNone}) require.NoError(t, err) defer sub2.Unsubscribe() @@ -184,8 +184,8 @@ func consumeSub(ctx context.Context, sub *Subscription) error { func TestEventPublisher_SubscribeWithIndex0_FromCache(t *testing.T) { req := &SubscribeRequest{ - Topic: testTopic, - Key: "sub-key", + Topic: testTopic, + Subject: stringer("sub-key"), } ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second) defer cancel() @@ -229,8 +229,8 @@ func TestEventPublisher_SubscribeWithIndex0_FromCache(t *testing.T) { func TestEventPublisher_SubscribeWithIndexNotZero_CanResume(t *testing.T) { req := &SubscribeRequest{ - Topic: testTopic, - Key: "sub-key", + Topic: testTopic, + Subject: stringer("sub-key"), } ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second) defer cancel() @@ -282,8 +282,8 @@ func TestEventPublisher_SubscribeWithIndexNotZero_CanResume(t *testing.T) { func TestEventPublisher_SubscribeWithIndexNotZero_NewSnapshot(t *testing.T) { req := &SubscribeRequest{ - Topic: testTopic, - Key: "sub-key", + Topic: testTopic, + Subject: stringer("sub-key"), } ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second) defer cancel() @@ -338,8 +338,8 @@ func TestEventPublisher_SubscribeWithIndexNotZero_NewSnapshot(t *testing.T) { func TestEventPublisher_SubscribeWithIndexNotZero_NewSnapshotFromCache(t *testing.T) { req := &SubscribeRequest{ - Topic: testTopic, - Key: "sub-key", + Topic: testTopic, + Subject: stringer("sub-key"), } ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second) defer cancel() @@ -406,9 +406,9 @@ func TestEventPublisher_SubscribeWithIndexNotZero_NewSnapshotFromCache(t *testin func TestEventPublisher_SubscribeWithIndexNotZero_NewSnapshot_WithCache(t *testing.T) { req := &SubscribeRequest{ - Topic: testTopic, - Key: "sub-key", - Index: 1, + Topic: testTopic, + Subject: stringer("sub-key"), + Index: 1, } nextEvent := Event{ @@ -492,8 +492,8 @@ func runStep(t *testing.T, name string, fn func(t *testing.T)) { func TestEventPublisher_Unsubscribe_ClosesSubscription(t *testing.T) { req := &SubscribeRequest{ - Topic: testTopic, - Key: "sub-key", + Topic: testTopic, + Subject: stringer("sub-key"), } ctx, cancel := context.WithTimeout(context.Background(), time.Second) defer cancel() @@ -514,8 +514,8 @@ func TestEventPublisher_Unsubscribe_ClosesSubscription(t *testing.T) { func TestEventPublisher_Unsubscribe_FreesResourcesWhenThereAreNoSubscribers(t *testing.T) { req := &SubscribeRequest{ - Topic: testTopic, - Key: "sub-key", + Topic: testTopic, + Subject: stringer("sub-key"), } publisher := NewEventPublisher(newTestSnapshotHandlers(), time.Second) diff --git a/agent/consul/stream/subscription.go b/agent/consul/stream/subscription.go index 0a4294715..28ca50c3a 100644 --- a/agent/consul/stream/subscription.go +++ b/agent/consul/stream/subscription.go @@ -4,10 +4,7 @@ import ( "context" "errors" "fmt" - "strings" "sync/atomic" - - "github.com/hashicorp/consul/agent/structs" ) const ( @@ -54,37 +51,32 @@ type Subscription struct { } // SubscribeRequest identifies the types of events the subscriber would like to -// receiver. Topic and Token are required. +// receive. Topic, Subject, and Token are required. type SubscribeRequest struct { - // Topic to subscribe to + // Topic to subscribe to (e.g. service health). Topic Topic - // Key used to filter events in the topic. Only events matching the key will - // be returned by the subscription. A blank key will return all events. Key - // is generally the name of the resource. - Key string - // EnterpriseMeta is used to filter events in the topic. Only events matching - // the partition and namespace will be returned by the subscription. - EnterpriseMeta structs.EnterpriseMeta + + // Subject identifies the subset of Topic events the subscriber wishes to + // receive (e.g. events for a specific service). SubjectNone may be provided + // if all events on the given topic are "global" and not further partitioned + // by subject. + Subject Subject + // Token that was used to authenticate the request. If any ACL policy // changes impact the token the subscription will be forcefully closed. Token string + // Index is the last index the client received. If non-zero the // subscription will be resumed from this index. If the index is out-of-date // a NewSnapshotToFollow event will be sent. Index uint64 } -func (req SubscribeRequest) Subject() Subject { - var ( - partition = req.EnterpriseMeta.PartitionOrDefault() - namespace = req.EnterpriseMeta.NamespaceOrDefault() - key = strings.ToLower(req.Key) - ) - return Subject(partition + "/" + namespace + "/" + key) -} - func (req SubscribeRequest) topicSubject() topicSubject { - return topicSubject{req.Topic, req.Subject()} + return topicSubject{ + Topic: req.Topic.String(), + Subject: req.Subject.String(), + } } // newSubscription return a new subscription. The caller is responsible for diff --git a/agent/consul/stream/subscription_test.go b/agent/consul/stream/subscription_test.go index cf3be6393..b6e0f1a5f 100644 --- a/agent/consul/stream/subscription_test.go +++ b/agent/consul/stream/subscription_test.go @@ -6,32 +6,10 @@ import ( time "time" "github.com/stretchr/testify/require" - - "github.com/hashicorp/consul/agent/structs" ) func noopUnSub() {} -func TestSubscription_Subject(t *testing.T) { - for desc, tc := range map[string]struct { - req SubscribeRequest - sub Subject - }{ - "default partition and namespace": { - SubscribeRequest{Key: "foo", EnterpriseMeta: structs.EnterpriseMeta{}}, - "default/default/foo", - }, - "mixed casing": { - SubscribeRequest{Key: "BaZ"}, - "default/default/baz", - }, - } { - t.Run(desc, func(t *testing.T) { - require.Equal(t, tc.sub, tc.req.Subject()) - }) - } -} - func TestSubscription(t *testing.T) { if testing.Short() { t.Skip("too slow for testing.Short") @@ -50,8 +28,8 @@ func TestSubscription(t *testing.T) { defer cancel() req := SubscribeRequest{ - Topic: testTopic, - Key: "test", + Topic: testTopic, + Subject: stringer("test"), } sub := newSubscription(req, startHead, noopUnSub) @@ -124,8 +102,8 @@ func TestSubscription_Close(t *testing.T) { defer cancel() req := SubscribeRequest{ - Topic: testTopic, - Key: "test", + Topic: testTopic, + Subject: stringer("test"), } sub := newSubscription(req, startHead, noopUnSub) diff --git a/agent/grpc/private/services/subscribe/subscribe.go b/agent/grpc/private/services/subscribe/subscribe.go index 1a9d0031a..18372b200 100644 --- a/agent/grpc/private/services/subscribe/subscribe.go +++ b/agent/grpc/private/services/subscribe/subscribe.go @@ -93,11 +93,13 @@ func (h *Server) Subscribe(req *pbsubscribe.SubscribeRequest, serverStream pbsub func toStreamSubscribeRequest(req *pbsubscribe.SubscribeRequest, entMeta structs.EnterpriseMeta) *stream.SubscribeRequest { return &stream.SubscribeRequest{ - Topic: req.Topic, - Key: req.Key, - EnterpriseMeta: entMeta, - Token: req.Token, - Index: req.Index, + Topic: req.Topic, + Subject: state.EventSubjectService{ + Key: req.Key, + EnterpriseMeta: entMeta, + }, + Token: req.Token, + Index: req.Index, } } diff --git a/agent/grpc/private/services/subscribe/subscribe_test.go b/agent/grpc/private/services/subscribe/subscribe_test.go index 95df5fb13..a5a47a077 100644 --- a/agent/grpc/private/services/subscribe/subscribe_test.go +++ b/agent/grpc/private/services/subscribe/subscribe_test.go @@ -3,13 +3,12 @@ package subscribe import ( "context" "errors" - "github.com/golang/protobuf/ptypes/duration" - "github.com/hashicorp/consul/proto/pbcommon" "io" "net" "testing" "time" + "github.com/golang/protobuf/ptypes/duration" "github.com/google/go-cmp/cmp/cmpopts" "github.com/hashicorp/go-hclog" "github.com/hashicorp/go-uuid" @@ -25,6 +24,7 @@ import ( grpc "github.com/hashicorp/consul/agent/grpc/private" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" + "github.com/hashicorp/consul/proto/pbcommon" "github.com/hashicorp/consul/proto/pbservice" "github.com/hashicorp/consul/proto/pbsubscribe" "github.com/hashicorp/consul/proto/prototest" @@ -1106,7 +1106,7 @@ func newEventFromSubscription(t *testing.T, index uint64) stream.Event { }, } ep := stream.NewEventPublisher(handlers, 0) - req := &stream.SubscribeRequest{Topic: pbsubscribe.Topic_ServiceHealthConnect, Index: index} + req := &stream.SubscribeRequest{Topic: pbsubscribe.Topic_ServiceHealthConnect, Subject: stream.SubjectNone, Index: index} sub, err := ep.Subscribe(req) require.NoError(t, err) diff --git a/agent/grpc/public/services/connectca/acl_test.go b/agent/grpc/public/services/connectca/acl_test.go new file mode 100644 index 000000000..bac0e342e --- /dev/null +++ b/agent/grpc/public/services/connectca/acl_test.go @@ -0,0 +1,27 @@ +package connectca + +import ( + "testing" + + "github.com/stretchr/testify/require" + + "github.com/hashicorp/consul/acl" +) + +// testAuthorizer returns an ACL policy authorizer with `service:write` on an +// arbitrary service. +func testAuthorizer(t *testing.T) acl.Authorizer { + t.Helper() + + policy, err := acl.NewPolicyFromSource(` + service "foo" { + policy = "write" + } + `, acl.SyntaxCurrent, nil, nil) + require.NoError(t, err) + + authz, err := acl.NewPolicyAuthorizerWithDefaults(acl.DenyAll(), []*acl.Policy{policy}, nil) + require.NoError(t, err) + + return authz +} diff --git a/agent/grpc/public/services/connectca/mock_ACLResolver.go b/agent/grpc/public/services/connectca/mock_ACLResolver.go new file mode 100644 index 000000000..bbc462c44 --- /dev/null +++ b/agent/grpc/public/services/connectca/mock_ACLResolver.go @@ -0,0 +1,38 @@ +// Code generated by mockery v1.0.0. DO NOT EDIT. + +package connectca + +import ( + acl "github.com/hashicorp/consul/acl" + mock "github.com/stretchr/testify/mock" + + structs "github.com/hashicorp/consul/agent/structs" +) + +// MockACLResolver is an autogenerated mock type for the ACLResolver type +type MockACLResolver struct { + mock.Mock +} + +// ResolveTokenAndDefaultMeta provides a mock function with given fields: _a0, _a1, _a2 +func (_m *MockACLResolver) ResolveTokenAndDefaultMeta(_a0 string, _a1 *structs.EnterpriseMeta, _a2 *acl.AuthorizerContext) (acl.Authorizer, error) { + ret := _m.Called(_a0, _a1, _a2) + + var r0 acl.Authorizer + if rf, ok := ret.Get(0).(func(string, *structs.EnterpriseMeta, *acl.AuthorizerContext) acl.Authorizer); ok { + r0 = rf(_a0, _a1, _a2) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(acl.Authorizer) + } + } + + var r1 error + if rf, ok := ret.Get(1).(func(string, *structs.EnterpriseMeta, *acl.AuthorizerContext) error); ok { + r1 = rf(_a0, _a1, _a2) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} diff --git a/agent/grpc/public/services/connectca/server.go b/agent/grpc/public/services/connectca/server.go new file mode 100644 index 000000000..64bced2dd --- /dev/null +++ b/agent/grpc/public/services/connectca/server.go @@ -0,0 +1,42 @@ +package connectca + +import ( + "google.golang.org/grpc" + + "github.com/hashicorp/go-hclog" + "github.com/hashicorp/go-memdb" + + "github.com/hashicorp/consul/acl" + "github.com/hashicorp/consul/agent/consul/state" + "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/proto-public/pbconnectca" +) + +type Server struct { + Config +} + +type Config struct { + GetStore func() StateStore + Logger hclog.Logger + ACLResolver ACLResolver +} + +type StateStore interface { + EventPublisher() state.EventPublisher + CAConfig(memdb.WatchSet) (uint64, *structs.CAConfiguration, error) + AbandonCh() <-chan struct{} +} + +//go:generate mockery -name ACLResolver -inpkg +type ACLResolver interface { + ResolveTokenAndDefaultMeta(string, *structs.EnterpriseMeta, *acl.AuthorizerContext) (acl.Authorizer, error) +} + +func NewServer(cfg Config) *Server { + return &Server{cfg} +} + +func (s *Server) Register(grpcServer *grpc.Server) { + pbconnectca.RegisterConnectCAServiceServer(grpcServer, s) +} diff --git a/agent/grpc/public/services/connectca/server_test.go b/agent/grpc/public/services/connectca/server_test.go new file mode 100644 index 000000000..6a4d42fa0 --- /dev/null +++ b/agent/grpc/public/services/connectca/server_test.go @@ -0,0 +1,52 @@ +package connectca + +import ( + "context" + "net" + "testing" + "time" + + "github.com/stretchr/testify/require" + "google.golang.org/grpc" + + "github.com/hashicorp/consul/agent/consul/state" + "github.com/hashicorp/consul/proto-public/pbconnectca" +) + +func testStateStore(t *testing.T) *state.Store { + t.Helper() + + gc, err := state.NewTombstoneGC(time.Second, time.Millisecond) + require.NoError(t, err) + + return state.NewStateStoreWithEventPublisher(gc) +} + +func testClient(t *testing.T, server *Server) pbconnectca.ConnectCAServiceClient { + t.Helper() + + addr := runTestServer(t, server) + + conn, err := grpc.DialContext(context.Background(), addr.String(), grpc.WithInsecure()) + require.NoError(t, err) + t.Cleanup(func() { + require.NoError(t, conn.Close()) + }) + + return pbconnectca.NewConnectCAServiceClient(conn) +} + +func runTestServer(t *testing.T, server *Server) net.Addr { + t.Helper() + + lis, err := net.Listen("tcp", "127.0.0.1:0") + require.NoError(t, err) + + grpcServer := grpc.NewServer() + server.Register(grpcServer) + + go grpcServer.Serve(lis) + t.Cleanup(grpcServer.Stop) + + return lis.Addr() +} diff --git a/agent/grpc/public/services/connectca/watch_roots.go b/agent/grpc/public/services/connectca/watch_roots.go new file mode 100644 index 000000000..eeaf2d8c8 --- /dev/null +++ b/agent/grpc/public/services/connectca/watch_roots.go @@ -0,0 +1,202 @@ +package connectca + +import ( + "context" + "errors" + "fmt" + + "google.golang.org/grpc/codes" + "google.golang.org/grpc/status" + "google.golang.org/protobuf/types/known/emptypb" + "google.golang.org/protobuf/types/known/timestamppb" + + "github.com/hashicorp/go-hclog" + "github.com/hashicorp/go-uuid" + + "github.com/hashicorp/consul/acl" + "github.com/hashicorp/consul/agent/connect" + "github.com/hashicorp/consul/agent/consul/state" + "github.com/hashicorp/consul/agent/consul/stream" + "github.com/hashicorp/consul/agent/grpc/public" + "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/proto-public/pbconnectca" +) + +// WatchRoots provides a stream on which you can receive the list of active +// Connect CA roots. Current roots are sent immediately at the start of the +// stream, and new lists will be sent whenever the roots are rotated. +func (s *Server) WatchRoots(_ *emptypb.Empty, serverStream pbconnectca.ConnectCAService_WatchRootsServer) error { + logger := s.Logger.Named("watch-roots").With("stream_id", streamID()) + + logger.Trace("starting stream") + defer logger.Trace("stream closed") + + token := public.TokenFromContext(serverStream.Context()) + + // Serve the roots from an EventPublisher subscription. If the subscription is + // closed due to an ACL change, we'll attempt to re-authorize and resume it to + // prevent unnecessarily terminating the stream. + var idx uint64 + for { + var err error + idx, err = s.serveRoots(token, idx, serverStream, logger) + if errors.Is(err, stream.ErrSubForceClosed) { + logger.Trace("subscription force-closed due to an ACL change or snapshot restore, will attempt to re-auth and resume") + } else { + return err + } + } +} + +func (s *Server) serveRoots( + token string, + idx uint64, + serverStream pbconnectca.ConnectCAService_WatchRootsServer, + logger hclog.Logger, +) (uint64, error) { + if err := s.authorize(token); err != nil { + return 0, err + } + + store := s.GetStore() + + // Read the TrustDomain up front - we do not allow users to change the ClusterID + // so reading it once at the beginning of the stream is sufficient. + trustDomain, err := getTrustDomain(store, logger) + if err != nil { + return 0, err + } + + // Start the subscription. + sub, err := store.EventPublisher().Subscribe(&stream.SubscribeRequest{ + Topic: state.EventTopicCARoots, + Subject: stream.SubjectNone, + Token: token, + Index: idx, + }) + if err != nil { + logger.Error("failed to subscribe to CA Roots events", "error", err) + return 0, status.Error(codes.Internal, "failed to subscribe to CA Roots events") + } + defer sub.Unsubscribe() + + for { + event, err := sub.Next(serverStream.Context()) + switch { + case errors.Is(err, stream.ErrSubForceClosed): + // If the subscription was closed because the state store was abandoned (e.g. + // following a snapshot restore) reset idx to ensure we don't skip over the + // new store's events. + select { + case <-store.AbandonCh(): + idx = 0 + default: + } + return idx, err + case errors.Is(err, context.Canceled): + return 0, nil + case err != nil: + logger.Error("failed to read next event", "error", err) + return idx, status.Error(codes.Internal, err.Error()) + } + + // Note: this check isn't strictly necessary because the event publishing + // machinery will ensure the index increases monotonically, but it can be + // tricky to faithfully reproduce this in tests (e.g. the EventPublisher + // garbage collects topic buffers and snapshots aggressively when streams + // disconnect) so this avoids a bunch of confusing setup code. + if event.Index <= idx { + continue + } + + idx = event.Index + + // We do not send framing events (e.g. EndOfSnapshot, NewSnapshotToFollow) + // because we send a full list of roots on every event, rather than expecting + // clients to maintain a state-machine in the way they do for service health. + if event.IsFramingEvent() { + continue + } + + rsp, err := eventToResponse(event, trustDomain) + if err != nil { + logger.Error("failed to convert event to response", "error", err) + return idx, status.Error(codes.Internal, err.Error()) + } + if err := serverStream.Send(rsp); err != nil { + logger.Error("failed to send response", "error", err) + return idx, err + } + } +} + +func eventToResponse(event stream.Event, trustDomain string) (*pbconnectca.WatchRootsResponse, error) { + payload, ok := event.Payload.(state.EventPayloadCARoots) + if !ok { + return nil, fmt.Errorf("unexpected event payload type: %T", payload) + } + + var active string + roots := make([]*pbconnectca.CARoot, 0) + + for _, root := range payload.CARoots { + if root.Active { + active = root.ID + } + + roots = append(roots, &pbconnectca.CARoot{ + Id: root.ID, + Name: root.Name, + SerialNumber: root.SerialNumber, + SigningKeyId: root.SigningKeyID, + RootCert: root.RootCert, + IntermediateCerts: root.IntermediateCerts, + Active: root.Active, + RotatedOutAt: timestamppb.New(root.RotatedOutAt), + }) + } + + return &pbconnectca.WatchRootsResponse{ + TrustDomain: trustDomain, + ActiveRootId: active, + Roots: roots, + }, nil +} + +func (s *Server) authorize(token string) error { + // Require the given ACL token to have `service:write` on any service (in any + // partition and namespace). + var authzContext acl.AuthorizerContext + entMeta := structs.WildcardEnterpriseMetaInPartition(structs.WildcardSpecifier) + authz, err := s.ACLResolver.ResolveTokenAndDefaultMeta(token, entMeta, &authzContext) + if err != nil { + return status.Error(codes.Unauthenticated, err.Error()) + } + if err := authz.ToAllowAuthorizer().ServiceWriteAnyAllowed(&authzContext); err != nil { + return status.Error(codes.PermissionDenied, err.Error()) + } + return nil +} + +// We tag logs with a unique identifier to ease debugging. In the future this +// should probably be an Open Telemetry trace ID. +func streamID() string { + id, err := uuid.GenerateUUID() + if err != nil { + return "" + } + return id +} + +func getTrustDomain(store StateStore, logger hclog.Logger) (string, error) { + _, cfg, err := store.CAConfig(nil) + switch { + case err != nil: + logger.Error("failed to read Connect CA Config", "error", err) + return "", status.Error(codes.Internal, "failed to read Connect CA Config") + case cfg == nil: + logger.Warn("cannot begin stream because Connect CA is not yet initialized") + return "", status.Error(codes.FailedPrecondition, "Connect CA is not yet initialized") + } + return connect.SpiffeIDSigningForCluster(cfg.ClusterID).Host(), nil +} diff --git a/agent/grpc/public/services/connectca/watch_roots_test.go b/agent/grpc/public/services/connectca/watch_roots_test.go new file mode 100644 index 000000000..efd022d90 --- /dev/null +++ b/agent/grpc/public/services/connectca/watch_roots_test.go @@ -0,0 +1,280 @@ +package connectca + +import ( + "context" + "errors" + "io" + "testing" + "time" + + "github.com/stretchr/testify/mock" + "github.com/stretchr/testify/require" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/status" + "google.golang.org/protobuf/types/known/emptypb" + + "github.com/hashicorp/go-hclog" + "github.com/hashicorp/go-uuid" + + "github.com/hashicorp/consul/acl" + "github.com/hashicorp/consul/agent/connect" + "github.com/hashicorp/consul/agent/grpc/public" + "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/proto-public/pbconnectca" +) + +const testACLToken = "acl-token" + +func TestWatchRoots_Success(t *testing.T) { + store := testStateStore(t) + + // Set the initial roots and CA configuration. + rootA := connect.TestCA(t, nil) + _, err := store.CARootSetCAS(1, 0, structs.CARoots{rootA}) + require.NoError(t, err) + + err = store.CASetConfig(0, &structs.CAConfiguration{ClusterID: "cluster-id"}) + require.NoError(t, err) + + // Mock the ACL Resolver to return an authorizer with `service:write`. + aclResolver := &MockACLResolver{} + aclResolver.On("ResolveTokenAndDefaultMeta", testACLToken, mock.Anything, mock.Anything). + Return(testAuthorizer(t), nil) + + ctx := public.ContextWithToken(context.Background(), testACLToken) + + server := NewServer(Config{ + GetStore: func() StateStore { return store }, + Logger: hclog.NewNullLogger(), + ACLResolver: aclResolver, + }) + + // Begin the stream. + client := testClient(t, server) + stream, err := client.WatchRoots(ctx, &emptypb.Empty{}) + require.NoError(t, err) + rspCh := handleRootsStream(t, stream) + + // Expect an initial message containing current roots (provided by the snapshot). + roots := mustGetRoots(t, rspCh) + require.Equal(t, "cluster-id.consul", roots.TrustDomain) + require.Equal(t, rootA.ID, roots.ActiveRootId) + require.Len(t, roots.Roots, 1) + require.Equal(t, rootA.ID, roots.Roots[0].Id) + + // Rotate the roots. + rootB := connect.TestCA(t, nil) + _, err = store.CARootSetCAS(2, 1, structs.CARoots{rootB}) + require.NoError(t, err) + + // Expect another event containing the new roots. + roots = mustGetRoots(t, rspCh) + require.Equal(t, "cluster-id.consul", roots.TrustDomain) + require.Equal(t, rootB.ID, roots.ActiveRootId) + require.Len(t, roots.Roots, 1) + require.Equal(t, rootB.ID, roots.Roots[0].Id) +} + +func TestWatchRoots_InvalidACLToken(t *testing.T) { + store := testStateStore(t) + + // Set the initial CA configuration. + err := store.CASetConfig(0, &structs.CAConfiguration{ClusterID: "cluster-id"}) + require.NoError(t, err) + + // Mock the ACL resolver to return ErrNotFound. + aclResolver := &MockACLResolver{} + aclResolver.On("ResolveTokenAndDefaultMeta", mock.Anything, mock.Anything, mock.Anything). + Return(nil, acl.ErrNotFound) + + ctx := public.ContextWithToken(context.Background(), testACLToken) + + server := NewServer(Config{ + GetStore: func() StateStore { return store }, + Logger: hclog.NewNullLogger(), + ACLResolver: aclResolver, + }) + + // Start the stream. + client := testClient(t, server) + stream, err := client.WatchRoots(ctx, &emptypb.Empty{}) + require.NoError(t, err) + rspCh := handleRootsStream(t, stream) + + // Expect to get an Unauthenticated error immediately. + err = mustGetError(t, rspCh) + require.Equal(t, codes.Unauthenticated.String(), status.Code(err).String()) +} + +func TestWatchRoots_ACLTokenInvalidated(t *testing.T) { + store := testStateStore(t) + + // Set the initial roots and CA configuration. + rootA := connect.TestCA(t, nil) + _, err := store.CARootSetCAS(1, 0, structs.CARoots{rootA}) + require.NoError(t, err) + + err = store.CASetConfig(2, &structs.CAConfiguration{ClusterID: "cluster-id"}) + require.NoError(t, err) + + // Mock the ACL Resolver to return an authorizer with `service:write` the + // first two times it is called (initial connect and first re-auth). + aclResolver := &MockACLResolver{} + aclResolver.On("ResolveTokenAndDefaultMeta", testACLToken, mock.Anything, mock.Anything). + Return(testAuthorizer(t), nil).Twice() + + ctx := public.ContextWithToken(context.Background(), testACLToken) + + server := NewServer(Config{ + GetStore: func() StateStore { return store }, + Logger: hclog.NewNullLogger(), + ACLResolver: aclResolver, + }) + + // Start the stream. + client := testClient(t, server) + stream, err := client.WatchRoots(ctx, &emptypb.Empty{}) + require.NoError(t, err) + rspCh := handleRootsStream(t, stream) + + // Consume the initial response. + mustGetRoots(t, rspCh) + + // Update the ACL token to cause the subscription to be force-closed. + accessorID, err := uuid.GenerateUUID() + require.NoError(t, err) + err = store.ACLTokenSet(1, &structs.ACLToken{ + AccessorID: accessorID, + SecretID: testACLToken, + }) + require.NoError(t, err) + + // Update the roots. + rootB := connect.TestCA(t, nil) + _, err = store.CARootSetCAS(3, 1, structs.CARoots{rootB}) + require.NoError(t, err) + + // Expect the stream to remain open and to receive the new roots. + mustGetRoots(t, rspCh) + + // Simulate removing the `service:write` permission. + aclResolver.On("ResolveTokenAndDefaultMeta", testACLToken, mock.Anything, mock.Anything). + Return(acl.DenyAll(), nil) + + // Update the ACL token to cause the subscription to be force-closed. + err = store.ACLTokenSet(1, &structs.ACLToken{ + AccessorID: accessorID, + SecretID: testACLToken, + }) + require.NoError(t, err) + + // Expect the stream to be terminated. + err = mustGetError(t, rspCh) + require.Equal(t, codes.PermissionDenied.String(), status.Code(err).String()) +} + +func TestWatchRoots_StateStoreAbandoned(t *testing.T) { + storeA := testStateStore(t) + + // Set the initial roots and CA configuration. + rootA := connect.TestCA(t, nil) + _, err := storeA.CARootSetCAS(1, 0, structs.CARoots{rootA}) + require.NoError(t, err) + + err = storeA.CASetConfig(0, &structs.CAConfiguration{ClusterID: "cluster-a"}) + require.NoError(t, err) + + // Mock the ACL Resolver to return an authorizer with `service:write`. + aclResolver := &MockACLResolver{} + aclResolver.On("ResolveTokenAndDefaultMeta", testACLToken, mock.Anything, mock.Anything). + Return(testAuthorizer(t), nil) + + ctx := public.ContextWithToken(context.Background(), testACLToken) + + server := NewServer(Config{ + GetStore: func() StateStore { return storeA }, + Logger: hclog.NewNullLogger(), + ACLResolver: aclResolver, + }) + + // Begin the stream. + client := testClient(t, server) + stream, err := client.WatchRoots(ctx, &emptypb.Empty{}) + require.NoError(t, err) + rspCh := handleRootsStream(t, stream) + + // Consume the initial roots. + mustGetRoots(t, rspCh) + + // Simulate a snapshot restore. + storeB := testStateStore(t) + + rootB := connect.TestCA(t, nil) + _, err = storeB.CARootSetCAS(1, 0, structs.CARoots{rootB}) + require.NoError(t, err) + + err = storeB.CASetConfig(0, &structs.CAConfiguration{ClusterID: "cluster-b"}) + require.NoError(t, err) + + server.GetStore = func() StateStore { return storeB } + + storeA.Abandon() + + // Expect to get the new store's roots. + newRoots := mustGetRoots(t, rspCh) + require.Equal(t, "cluster-b.consul", newRoots.TrustDomain) + require.Len(t, newRoots.Roots, 1) + require.Equal(t, rootB.ID, newRoots.ActiveRootId) +} + +func mustGetRoots(t *testing.T, ch <-chan rootsOrError) *pbconnectca.WatchRootsResponse { + t.Helper() + + select { + case rsp := <-ch: + require.NoError(t, rsp.err) + return rsp.rsp + case <-time.After(1 * time.Second): + t.Fatal("timeout waiting for WatchRootsResponse") + return nil + } +} + +func mustGetError(t *testing.T, ch <-chan rootsOrError) error { + t.Helper() + + select { + case rsp := <-ch: + require.Error(t, rsp.err) + return rsp.err + case <-time.After(1 * time.Second): + t.Fatal("timeout waiting for WatchRootsResponse") + return nil + } +} + +func handleRootsStream(t *testing.T, stream pbconnectca.ConnectCAService_WatchRootsClient) <-chan rootsOrError { + t.Helper() + + rspCh := make(chan rootsOrError) + go func() { + for { + rsp, err := stream.Recv() + if errors.Is(err, io.EOF) || + errors.Is(err, context.Canceled) || + errors.Is(err, context.DeadlineExceeded) { + return + } + rspCh <- rootsOrError{ + rsp: rsp, + err: err, + } + } + }() + return rspCh +} + +type rootsOrError struct { + rsp *pbconnectca.WatchRootsResponse + err error +} diff --git a/agent/grpc/public/token.go b/agent/grpc/public/token.go new file mode 100644 index 000000000..237317ee4 --- /dev/null +++ b/agent/grpc/public/token.go @@ -0,0 +1,28 @@ +package public + +import ( + "context" + + "google.golang.org/grpc/metadata" +) + +const metadataKeyToken = "x-consul-token" + +// TokenFromContext returns the ACL token in the gRPC metadata attached to the +// given context. +func TokenFromContext(ctx context.Context) string { + md, ok := metadata.FromIncomingContext(ctx) + if !ok { + return "" + } + toks, ok := md[metadataKeyToken] + if ok && len(toks) > 0 { + return toks[0] + } + return "" +} + +// ContextWithToken returns a context with the given ACL token attached. +func ContextWithToken(ctx context.Context, token string) context.Context { + return metadata.AppendToOutgoingContext(ctx, metadataKeyToken, token) +} diff --git a/agent/submatview/store_integration_test.go b/agent/submatview/store_integration_test.go index b6e629543..69dab7cfc 100644 --- a/agent/submatview/store_integration_test.go +++ b/agent/submatview/store_integration_test.go @@ -37,9 +37,9 @@ func TestStore_IntegrationWithBackend(t *testing.T) { var maxIndex uint64 = 200 count := &counter{latest: 3} producers := map[string]*eventProducer{ - "srv1": newEventProducer(pbsubscribe.Topic_ServiceHealth, "srv1", count, maxIndex), - "srv2": newEventProducer(pbsubscribe.Topic_ServiceHealth, "srv2", count, maxIndex), - "srv3": newEventProducer(pbsubscribe.Topic_ServiceHealth, "srv3", count, maxIndex), + state.EventSubjectService{Key: "srv1"}.String(): newEventProducer(pbsubscribe.Topic_ServiceHealth, "srv1", count, maxIndex), + state.EventSubjectService{Key: "srv2"}.String(): newEventProducer(pbsubscribe.Topic_ServiceHealth, "srv2", count, maxIndex), + state.EventSubjectService{Key: "srv3"}.String(): newEventProducer(pbsubscribe.Topic_ServiceHealth, "srv3", count, maxIndex), } sh := snapshotHandler{producers: producers} @@ -88,7 +88,7 @@ func TestStore_IntegrationWithBackend(t *testing.T) { t.Run(fmt.Sprintf("consumer %d", i), func(t *testing.T) { require.True(t, len(consumer.states) > 2, "expected more than %d events", len(consumer.states)) - expected := producers[consumer.srvName].nodesByIndex + expected := producers[state.EventSubjectService{Key: consumer.srvName}.String()].nodesByIndex for idx, nodes := range consumer.states { assertDeepEqual(t, idx, expected[idx], nodes) } @@ -348,7 +348,7 @@ type snapshotHandler struct { } func (s *snapshotHandler) Snapshot(req stream.SubscribeRequest, buf stream.SnapshotAppender) (index uint64, err error) { - producer := s.producers[req.Key] + producer := s.producers[req.Subject.String()] producer.nodesLock.Lock() defer producer.nodesLock.Unlock() diff --git a/agent/xds/server.go b/agent/xds/server.go index d385ac863..88419547a 100644 --- a/agent/xds/server.go +++ b/agent/xds/server.go @@ -13,10 +13,10 @@ import ( "github.com/hashicorp/go-hclog" "google.golang.org/grpc" "google.golang.org/grpc/codes" - "google.golang.org/grpc/metadata" "google.golang.org/grpc/status" "github.com/hashicorp/consul/acl" + "github.com/hashicorp/consul/agent/grpc/public" "github.com/hashicorp/consul/agent/proxycfg" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/agent/xds/xdscommon" @@ -189,18 +189,6 @@ func (s *Server) StreamAggregatedResources(stream ADSStream) error { return errors.New("not implemented") } -func tokenFromContext(ctx context.Context) string { - md, ok := metadata.FromIncomingContext(ctx) - if !ok { - return "" - } - toks, ok := md["x-consul-token"] - if ok && len(toks) > 0 { - return toks[0] - } - return "" -} - // Register the XDS server handlers to the given gRPC server. func (s *Server) Register(srv *grpc.Server) { envoy_discovery_v3.RegisterAggregatedDiscoveryServiceServer(srv, s) @@ -221,7 +209,7 @@ func (s *Server) authorize(ctx context.Context, cfgSnap *proxycfg.ConfigSnapshot return status.Errorf(codes.Unauthenticated, "unauthenticated: no config snapshot") } - authz, err := s.ResolveToken(tokenFromContext(ctx)) + authz, err := s.ResolveToken(public.TokenFromContext(ctx)) if acl.IsErrNotFound(err) { return status.Errorf(codes.Unauthenticated, "unauthenticated: %v", err) } else if acl.IsErrPermissionDenied(err) { diff --git a/proto-public/pbconnectca/ca.pb.binary.go b/proto-public/pbconnectca/ca.pb.binary.go new file mode 100644 index 000000000..e373db9b5 --- /dev/null +++ b/proto-public/pbconnectca/ca.pb.binary.go @@ -0,0 +1,28 @@ +// Code generated by protoc-gen-go-binary. DO NOT EDIT. +// source: proto-public/pbconnectca/ca.proto + +package pbconnectca + +import ( + "github.com/golang/protobuf/proto" +) + +// MarshalBinary implements encoding.BinaryMarshaler +func (msg *WatchRootsResponse) MarshalBinary() ([]byte, error) { + return proto.Marshal(msg) +} + +// UnmarshalBinary implements encoding.BinaryUnmarshaler +func (msg *WatchRootsResponse) UnmarshalBinary(b []byte) error { + return proto.Unmarshal(b, msg) +} + +// MarshalBinary implements encoding.BinaryMarshaler +func (msg *CARoot) MarshalBinary() ([]byte, error) { + return proto.Marshal(msg) +} + +// UnmarshalBinary implements encoding.BinaryUnmarshaler +func (msg *CARoot) UnmarshalBinary(b []byte) error { + return proto.Unmarshal(b, msg) +} diff --git a/proto-public/pbconnectca/ca.pb.go b/proto-public/pbconnectca/ca.pb.go new file mode 100644 index 000000000..bb966a4de --- /dev/null +++ b/proto-public/pbconnectca/ca.pb.go @@ -0,0 +1,473 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.23.0 +// protoc v3.15.8 +// source: proto-public/pbconnectca/ca.proto + +package pbconnectca + +import ( + context "context" + proto "github.com/golang/protobuf/proto" + grpc "google.golang.org/grpc" + codes "google.golang.org/grpc/codes" + status "google.golang.org/grpc/status" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + emptypb "google.golang.org/protobuf/types/known/emptypb" + timestamppb "google.golang.org/protobuf/types/known/timestamppb" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// This is a compile-time assertion that a sufficiently up-to-date version +// of the legacy proto package is being used. +const _ = proto.ProtoPackageIsVersion4 + +type WatchRootsResponse struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // active_root_id is the ID of a root in Roots that is the active CA root. + // Other roots are still valid if they're in the Roots list but are in the + // process of being rotated out. + ActiveRootId string `protobuf:"bytes,1,opt,name=active_root_id,json=activeRootId,proto3" json:"active_root_id,omitempty"` + // trust_domain is the identification root for this Consul cluster. All + // certificates signed by the cluster's CA must have their identifying URI + // in this domain. + // + // This does not include the protocol (currently spiffe://) since we may + // implement other protocols in future with equivalent semantics. It should + // be compared against the "authority" section of a URI (i.e. host:port). + TrustDomain string `protobuf:"bytes,2,opt,name=trust_domain,json=trustDomain,proto3" json:"trust_domain,omitempty"` + // roots is a list of root CA certs to trust. + Roots []*CARoot `protobuf:"bytes,3,rep,name=roots,proto3" json:"roots,omitempty"` +} + +func (x *WatchRootsResponse) Reset() { + *x = WatchRootsResponse{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_public_pbconnectca_ca_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *WatchRootsResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*WatchRootsResponse) ProtoMessage() {} + +func (x *WatchRootsResponse) ProtoReflect() protoreflect.Message { + mi := &file_proto_public_pbconnectca_ca_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use WatchRootsResponse.ProtoReflect.Descriptor instead. +func (*WatchRootsResponse) Descriptor() ([]byte, []int) { + return file_proto_public_pbconnectca_ca_proto_rawDescGZIP(), []int{0} +} + +func (x *WatchRootsResponse) GetActiveRootId() string { + if x != nil { + return x.ActiveRootId + } + return "" +} + +func (x *WatchRootsResponse) GetTrustDomain() string { + if x != nil { + return x.TrustDomain + } + return "" +} + +func (x *WatchRootsResponse) GetRoots() []*CARoot { + if x != nil { + return x.Roots + } + return nil +} + +type CARoot struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // id is a globally unique ID (UUID) representing this CA root. + Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` + // name is a human-friendly name for this CA root. This value is opaque to + // Consul and is not used for anything internally. + Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"` + // serial_number is the x509 serial number of the certificate. + SerialNumber uint64 `protobuf:"varint,3,opt,name=serial_number,json=serialNumber,proto3" json:"serial_number,omitempty"` + // signing_key_id is the connect.HexString encoded id of the public key that + // corresponds to the private key used to sign leaf certificates in the + // local datacenter. + // + // The value comes from x509.Certificate.SubjectKeyId of the local leaf + // signing cert. + // + // See https://www.rfc-editor.org/rfc/rfc3280#section-4.2.1.1 for more detail. + SigningKeyId string `protobuf:"bytes,4,opt,name=signing_key_id,json=signingKeyId,proto3" json:"signing_key_id,omitempty"` + // root_cert is the PEM-encoded public certificate. + RootCert string `protobuf:"bytes,5,opt,name=root_cert,json=rootCert,proto3" json:"root_cert,omitempty"` + // intermediate_certs is a list of PEM-encoded intermediate certs to + // attach to any leaf certs signed by this CA. + IntermediateCerts []string `protobuf:"bytes,6,rep,name=intermediate_certs,json=intermediateCerts,proto3" json:"intermediate_certs,omitempty"` + // active is true if this is the current active CA. This must only + // be true for exactly one CA. + Active bool `protobuf:"varint,7,opt,name=active,proto3" json:"active,omitempty"` + // rotated_out_at is the time at which this CA was removed from the state. + // This will only be set on roots that have been rotated out from being the + // active root. + RotatedOutAt *timestamppb.Timestamp `protobuf:"bytes,8,opt,name=rotated_out_at,json=rotatedOutAt,proto3" json:"rotated_out_at,omitempty"` +} + +func (x *CARoot) Reset() { + *x = CARoot{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_public_pbconnectca_ca_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *CARoot) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CARoot) ProtoMessage() {} + +func (x *CARoot) ProtoReflect() protoreflect.Message { + mi := &file_proto_public_pbconnectca_ca_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CARoot.ProtoReflect.Descriptor instead. +func (*CARoot) Descriptor() ([]byte, []int) { + return file_proto_public_pbconnectca_ca_proto_rawDescGZIP(), []int{1} +} + +func (x *CARoot) GetId() string { + if x != nil { + return x.Id + } + return "" +} + +func (x *CARoot) GetName() string { + if x != nil { + return x.Name + } + return "" +} + +func (x *CARoot) GetSerialNumber() uint64 { + if x != nil { + return x.SerialNumber + } + return 0 +} + +func (x *CARoot) GetSigningKeyId() string { + if x != nil { + return x.SigningKeyId + } + return "" +} + +func (x *CARoot) GetRootCert() string { + if x != nil { + return x.RootCert + } + return "" +} + +func (x *CARoot) GetIntermediateCerts() []string { + if x != nil { + return x.IntermediateCerts + } + return nil +} + +func (x *CARoot) GetActive() bool { + if x != nil { + return x.Active + } + return false +} + +func (x *CARoot) GetRotatedOutAt() *timestamppb.Timestamp { + if x != nil { + return x.RotatedOutAt + } + return nil +} + +var File_proto_public_pbconnectca_ca_proto protoreflect.FileDescriptor + +var file_proto_public_pbconnectca_ca_proto_rawDesc = []byte{ + 0x0a, 0x21, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, + 0x62, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x63, 0x61, 0x2f, 0x63, 0x61, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x12, 0x09, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x63, 0x61, 0x1a, 0x1b, + 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, + 0x65, 0x6d, 0x70, 0x74, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, + 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x74, 0x69, 0x6d, + 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x86, 0x01, 0x0a, + 0x12, 0x57, 0x61, 0x74, 0x63, 0x68, 0x52, 0x6f, 0x6f, 0x74, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, + 0x6e, 0x73, 0x65, 0x12, 0x24, 0x0a, 0x0e, 0x61, 0x63, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x72, 0x6f, + 0x6f, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x61, 0x63, 0x74, + 0x69, 0x76, 0x65, 0x52, 0x6f, 0x6f, 0x74, 0x49, 0x64, 0x12, 0x21, 0x0a, 0x0c, 0x74, 0x72, 0x75, + 0x73, 0x74, 0x5f, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x0b, 0x74, 0x72, 0x75, 0x73, 0x74, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x12, 0x27, 0x0a, 0x05, + 0x72, 0x6f, 0x6f, 0x74, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x63, 0x6f, + 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x63, 0x61, 0x2e, 0x43, 0x41, 0x52, 0x6f, 0x6f, 0x74, 0x52, 0x05, + 0x72, 0x6f, 0x6f, 0x74, 0x73, 0x22, 0x9d, 0x02, 0x0a, 0x06, 0x43, 0x41, 0x52, 0x6f, 0x6f, 0x74, + 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, + 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, + 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x5f, 0x6e, + 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0c, 0x73, 0x65, 0x72, + 0x69, 0x61, 0x6c, 0x4e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x24, 0x0a, 0x0e, 0x73, 0x69, 0x67, + 0x6e, 0x69, 0x6e, 0x67, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x69, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x0c, 0x73, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x4b, 0x65, 0x79, 0x49, 0x64, 0x12, + 0x1b, 0x0a, 0x09, 0x72, 0x6f, 0x6f, 0x74, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x18, 0x05, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x08, 0x72, 0x6f, 0x6f, 0x74, 0x43, 0x65, 0x72, 0x74, 0x12, 0x2d, 0x0a, 0x12, + 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6d, 0x65, 0x64, 0x69, 0x61, 0x74, 0x65, 0x5f, 0x63, 0x65, 0x72, + 0x74, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x09, 0x52, 0x11, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6d, + 0x65, 0x64, 0x69, 0x61, 0x74, 0x65, 0x43, 0x65, 0x72, 0x74, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x61, + 0x63, 0x74, 0x69, 0x76, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x61, 0x63, 0x74, + 0x69, 0x76, 0x65, 0x12, 0x40, 0x0a, 0x0e, 0x72, 0x6f, 0x74, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x6f, + 0x75, 0x74, 0x5f, 0x61, 0x74, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, + 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, + 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x0c, 0x72, 0x6f, 0x74, 0x61, 0x74, 0x65, 0x64, + 0x4f, 0x75, 0x74, 0x41, 0x74, 0x32, 0x5b, 0x0a, 0x10, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, + 0x43, 0x41, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x47, 0x0a, 0x0a, 0x57, 0x61, 0x74, + 0x63, 0x68, 0x52, 0x6f, 0x6f, 0x74, 0x73, 0x12, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x1a, + 0x1d, 0x2e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x63, 0x61, 0x2e, 0x57, 0x61, 0x74, 0x63, + 0x68, 0x52, 0x6f, 0x6f, 0x74, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, + 0x30, 0x01, 0x42, 0x36, 0x5a, 0x34, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, + 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, + 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, + 0x62, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x63, 0x61, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x33, +} + +var ( + file_proto_public_pbconnectca_ca_proto_rawDescOnce sync.Once + file_proto_public_pbconnectca_ca_proto_rawDescData = file_proto_public_pbconnectca_ca_proto_rawDesc +) + +func file_proto_public_pbconnectca_ca_proto_rawDescGZIP() []byte { + file_proto_public_pbconnectca_ca_proto_rawDescOnce.Do(func() { + file_proto_public_pbconnectca_ca_proto_rawDescData = protoimpl.X.CompressGZIP(file_proto_public_pbconnectca_ca_proto_rawDescData) + }) + return file_proto_public_pbconnectca_ca_proto_rawDescData +} + +var file_proto_public_pbconnectca_ca_proto_msgTypes = make([]protoimpl.MessageInfo, 2) +var file_proto_public_pbconnectca_ca_proto_goTypes = []interface{}{ + (*WatchRootsResponse)(nil), // 0: connectca.WatchRootsResponse + (*CARoot)(nil), // 1: connectca.CARoot + (*timestamppb.Timestamp)(nil), // 2: google.protobuf.Timestamp + (*emptypb.Empty)(nil), // 3: google.protobuf.Empty +} +var file_proto_public_pbconnectca_ca_proto_depIdxs = []int32{ + 1, // 0: connectca.WatchRootsResponse.roots:type_name -> connectca.CARoot + 2, // 1: connectca.CARoot.rotated_out_at:type_name -> google.protobuf.Timestamp + 3, // 2: connectca.ConnectCAService.WatchRoots:input_type -> google.protobuf.Empty + 0, // 3: connectca.ConnectCAService.WatchRoots:output_type -> connectca.WatchRootsResponse + 3, // [3:4] is the sub-list for method output_type + 2, // [2:3] is the sub-list for method input_type + 2, // [2:2] is the sub-list for extension type_name + 2, // [2:2] is the sub-list for extension extendee + 0, // [0:2] is the sub-list for field type_name +} + +func init() { file_proto_public_pbconnectca_ca_proto_init() } +func file_proto_public_pbconnectca_ca_proto_init() { + if File_proto_public_pbconnectca_ca_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_proto_public_pbconnectca_ca_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*WatchRootsResponse); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_proto_public_pbconnectca_ca_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*CARoot); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_proto_public_pbconnectca_ca_proto_rawDesc, + NumEnums: 0, + NumMessages: 2, + NumExtensions: 0, + NumServices: 1, + }, + GoTypes: file_proto_public_pbconnectca_ca_proto_goTypes, + DependencyIndexes: file_proto_public_pbconnectca_ca_proto_depIdxs, + MessageInfos: file_proto_public_pbconnectca_ca_proto_msgTypes, + }.Build() + File_proto_public_pbconnectca_ca_proto = out.File + file_proto_public_pbconnectca_ca_proto_rawDesc = nil + file_proto_public_pbconnectca_ca_proto_goTypes = nil + file_proto_public_pbconnectca_ca_proto_depIdxs = nil +} + +// Reference imports to suppress errors if they are not otherwise used. +var _ context.Context +var _ grpc.ClientConnInterface + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the grpc package it is being compiled against. +const _ = grpc.SupportPackageIsVersion6 + +// ConnectCAServiceClient is the client API for ConnectCAService service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream. +type ConnectCAServiceClient interface { + // WatchRoots provides a stream on which you can receive the list of active + // Connect CA roots. Current roots are sent immediately at the start of the + // stream, and new lists will be sent whenever the roots are rotated. + WatchRoots(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (ConnectCAService_WatchRootsClient, error) +} + +type connectCAServiceClient struct { + cc grpc.ClientConnInterface +} + +func NewConnectCAServiceClient(cc grpc.ClientConnInterface) ConnectCAServiceClient { + return &connectCAServiceClient{cc} +} + +func (c *connectCAServiceClient) WatchRoots(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (ConnectCAService_WatchRootsClient, error) { + stream, err := c.cc.NewStream(ctx, &_ConnectCAService_serviceDesc.Streams[0], "/connectca.ConnectCAService/WatchRoots", opts...) + if err != nil { + return nil, err + } + x := &connectCAServiceWatchRootsClient{stream} + if err := x.ClientStream.SendMsg(in); err != nil { + return nil, err + } + if err := x.ClientStream.CloseSend(); err != nil { + return nil, err + } + return x, nil +} + +type ConnectCAService_WatchRootsClient interface { + Recv() (*WatchRootsResponse, error) + grpc.ClientStream +} + +type connectCAServiceWatchRootsClient struct { + grpc.ClientStream +} + +func (x *connectCAServiceWatchRootsClient) Recv() (*WatchRootsResponse, error) { + m := new(WatchRootsResponse) + if err := x.ClientStream.RecvMsg(m); err != nil { + return nil, err + } + return m, nil +} + +// ConnectCAServiceServer is the server API for ConnectCAService service. +type ConnectCAServiceServer interface { + // WatchRoots provides a stream on which you can receive the list of active + // Connect CA roots. Current roots are sent immediately at the start of the + // stream, and new lists will be sent whenever the roots are rotated. + WatchRoots(*emptypb.Empty, ConnectCAService_WatchRootsServer) error +} + +// UnimplementedConnectCAServiceServer can be embedded to have forward compatible implementations. +type UnimplementedConnectCAServiceServer struct { +} + +func (*UnimplementedConnectCAServiceServer) WatchRoots(*emptypb.Empty, ConnectCAService_WatchRootsServer) error { + return status.Errorf(codes.Unimplemented, "method WatchRoots not implemented") +} + +func RegisterConnectCAServiceServer(s *grpc.Server, srv ConnectCAServiceServer) { + s.RegisterService(&_ConnectCAService_serviceDesc, srv) +} + +func _ConnectCAService_WatchRoots_Handler(srv interface{}, stream grpc.ServerStream) error { + m := new(emptypb.Empty) + if err := stream.RecvMsg(m); err != nil { + return err + } + return srv.(ConnectCAServiceServer).WatchRoots(m, &connectCAServiceWatchRootsServer{stream}) +} + +type ConnectCAService_WatchRootsServer interface { + Send(*WatchRootsResponse) error + grpc.ServerStream +} + +type connectCAServiceWatchRootsServer struct { + grpc.ServerStream +} + +func (x *connectCAServiceWatchRootsServer) Send(m *WatchRootsResponse) error { + return x.ServerStream.SendMsg(m) +} + +var _ConnectCAService_serviceDesc = grpc.ServiceDesc{ + ServiceName: "connectca.ConnectCAService", + HandlerType: (*ConnectCAServiceServer)(nil), + Methods: []grpc.MethodDesc{}, + Streams: []grpc.StreamDesc{ + { + StreamName: "WatchRoots", + Handler: _ConnectCAService_WatchRoots_Handler, + ServerStreams: true, + }, + }, + Metadata: "proto-public/pbconnectca/ca.proto", +} diff --git a/proto-public/pbconnectca/ca.proto b/proto-public/pbconnectca/ca.proto new file mode 100644 index 000000000..fef15fbc1 --- /dev/null +++ b/proto-public/pbconnectca/ca.proto @@ -0,0 +1,72 @@ +syntax = "proto3"; + +package connectca; + +option go_package = "github.com/hashicorp/consul/proto-public/pbconnectca"; + +import "google/protobuf/empty.proto"; +import "google/protobuf/timestamp.proto"; + +service ConnectCAService { + // WatchRoots provides a stream on which you can receive the list of active + // Connect CA roots. Current roots are sent immediately at the start of the + // stream, and new lists will be sent whenever the roots are rotated. + rpc WatchRoots(google.protobuf.Empty) returns (stream WatchRootsResponse) {}; +} + +message WatchRootsResponse { + // active_root_id is the ID of a root in Roots that is the active CA root. + // Other roots are still valid if they're in the Roots list but are in the + // process of being rotated out. + string active_root_id = 1; + + // trust_domain is the identification root for this Consul cluster. All + // certificates signed by the cluster's CA must have their identifying URI + // in this domain. + // + // This does not include the protocol (currently spiffe://) since we may + // implement other protocols in future with equivalent semantics. It should + // be compared against the "authority" section of a URI (i.e. host:port). + string trust_domain = 2; + + // roots is a list of root CA certs to trust. + repeated CARoot roots = 3; +} + +message CARoot { + // id is a globally unique ID (UUID) representing this CA root. + string id = 1; + + // name is a human-friendly name for this CA root. This value is opaque to + // Consul and is not used for anything internally. + string name = 2; + + // serial_number is the x509 serial number of the certificate. + uint64 serial_number = 3; + + // signing_key_id is the connect.HexString encoded id of the public key that + // corresponds to the private key used to sign leaf certificates in the + // local datacenter. + // + // The value comes from x509.Certificate.SubjectKeyId of the local leaf + // signing cert. + // + // See https://www.rfc-editor.org/rfc/rfc3280#section-4.2.1.1 for more detail. + string signing_key_id = 4; + + // root_cert is the PEM-encoded public certificate. + string root_cert = 5; + + // intermediate_certs is a list of PEM-encoded intermediate certs to + // attach to any leaf certs signed by this CA. + repeated string intermediate_certs = 6; + + // active is true if this is the current active CA. This must only + // be true for exactly one CA. + bool active = 7; + + // rotated_out_at is the time at which this CA was removed from the state. + // This will only be set on roots that have been rotated out from being the + // active root. + google.protobuf.Timestamp rotated_out_at = 8; +} From f053279c4e596b40c91f989d4ca45cc31599d70c Mon Sep 17 00:00:00 2001 From: Riddhi Shah Date: Sun, 27 Mar 2022 16:29:30 +0530 Subject: [PATCH 075/785] [OSS] Supported dataplane features gRPC endpoint Adds a new gRPC service and endpoint to return the list of supported consul dataplane features. The Consul Dataplane will use this API to customize its interaction with that particular server. --- agent/consul/server.go | 7 +- .../services/connectca/watch_roots_test.go | 7 +- .../dataplane/get_supported_features.go | 45 ++ .../dataplane/get_supported_features_test.go | 82 ++++ .../services/dataplane/mock_ACLResolver.go | 38 ++ .../grpc/public/services/dataplane/server.go | 33 ++ .../public/services/dataplane/server_test.go | 40 ++ .../acl_test.go => testutils/acl.go} | 9 +- .../pbdataplane/dataplane.pb.binary.go | 38 ++ proto-public/pbdataplane/dataplane.pb.go | 448 ++++++++++++++++++ proto-public/pbdataplane/dataplane.proto | 32 ++ 11 files changed, 769 insertions(+), 10 deletions(-) create mode 100644 agent/grpc/public/services/dataplane/get_supported_features.go create mode 100644 agent/grpc/public/services/dataplane/get_supported_features_test.go create mode 100644 agent/grpc/public/services/dataplane/mock_ACLResolver.go create mode 100644 agent/grpc/public/services/dataplane/server.go create mode 100644 agent/grpc/public/services/dataplane/server_test.go rename agent/grpc/public/{services/connectca/acl_test.go => testutils/acl.go} (69%) create mode 100644 proto-public/pbdataplane/dataplane.pb.binary.go create mode 100644 proto-public/pbdataplane/dataplane.pb.go create mode 100644 proto-public/pbdataplane/dataplane.proto diff --git a/agent/consul/server.go b/agent/consul/server.go index ccfa3044a..2b40a615e 100644 --- a/agent/consul/server.go +++ b/agent/consul/server.go @@ -44,6 +44,7 @@ import ( agentgrpc "github.com/hashicorp/consul/agent/grpc/private" "github.com/hashicorp/consul/agent/grpc/private/services/subscribe" "github.com/hashicorp/consul/agent/grpc/public/services/connectca" + "github.com/hashicorp/consul/agent/grpc/public/services/dataplane" "github.com/hashicorp/consul/agent/metadata" "github.com/hashicorp/consul/agent/pool" "github.com/hashicorp/consul/agent/router" @@ -633,12 +634,16 @@ func NewServer(config *Config, flat Deps, publicGRPCServer *grpc.Server) (*Serve // since it can fire events when leadership is obtained. go s.monitorLeadership() - // Initialize public gRPC server. + // Initialize public gRPC server - register services on public gRPC server. connectca.NewServer(connectca.Config{ GetStore: func() connectca.StateStore { return s.FSM().State() }, Logger: logger.Named("grpc-api.connect-ca"), ACLResolver: plainACLResolver{s.ACLResolver}, }).Register(s.publicGRPCServer) + dataplane.NewServer(dataplane.Config{ + Logger: logger.Named("grpc-api.dataplane"), + ACLResolver: plainACLResolver{s.ACLResolver}, + }).Register(s.publicGRPCServer) // Start listening for RPC requests. go func() { diff --git a/agent/grpc/public/services/connectca/watch_roots_test.go b/agent/grpc/public/services/connectca/watch_roots_test.go index efd022d90..d650a4d13 100644 --- a/agent/grpc/public/services/connectca/watch_roots_test.go +++ b/agent/grpc/public/services/connectca/watch_roots_test.go @@ -19,6 +19,7 @@ import ( "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/connect" "github.com/hashicorp/consul/agent/grpc/public" + "github.com/hashicorp/consul/agent/grpc/public/testutils" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/proto-public/pbconnectca" ) @@ -39,7 +40,7 @@ func TestWatchRoots_Success(t *testing.T) { // Mock the ACL Resolver to return an authorizer with `service:write`. aclResolver := &MockACLResolver{} aclResolver.On("ResolveTokenAndDefaultMeta", testACLToken, mock.Anything, mock.Anything). - Return(testAuthorizer(t), nil) + Return(testutils.TestAuthorizer(t), nil) ctx := public.ContextWithToken(context.Background(), testACLToken) @@ -121,7 +122,7 @@ func TestWatchRoots_ACLTokenInvalidated(t *testing.T) { // first two times it is called (initial connect and first re-auth). aclResolver := &MockACLResolver{} aclResolver.On("ResolveTokenAndDefaultMeta", testACLToken, mock.Anything, mock.Anything). - Return(testAuthorizer(t), nil).Twice() + Return(testutils.TestAuthorizer(t), nil).Twice() ctx := public.ContextWithToken(context.Background(), testACLToken) @@ -187,7 +188,7 @@ func TestWatchRoots_StateStoreAbandoned(t *testing.T) { // Mock the ACL Resolver to return an authorizer with `service:write`. aclResolver := &MockACLResolver{} aclResolver.On("ResolveTokenAndDefaultMeta", testACLToken, mock.Anything, mock.Anything). - Return(testAuthorizer(t), nil) + Return(testutils.TestAuthorizer(t), nil) ctx := public.ContextWithToken(context.Background(), testACLToken) diff --git a/agent/grpc/public/services/dataplane/get_supported_features.go b/agent/grpc/public/services/dataplane/get_supported_features.go new file mode 100644 index 000000000..672e48f66 --- /dev/null +++ b/agent/grpc/public/services/dataplane/get_supported_features.go @@ -0,0 +1,45 @@ +package dataplane + +import ( + "context" + + acl "github.com/hashicorp/consul/acl" + "github.com/hashicorp/consul/agent/grpc/public" + structs "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/proto-public/pbdataplane" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/status" +) + +func (d *Server) SupportedDataplaneFeatures(ctx context.Context, req *pbdataplane.SupportedDataplaneFeaturesRequest) (*pbdataplane.SupportedDataplaneFeaturesResponse, error) { + d.Logger.Trace("Received request for supported dataplane features") + + // Require the given ACL token to have `service:write` on any service + token := public.TokenFromContext(ctx) + var authzContext acl.AuthorizerContext + entMeta := structs.WildcardEnterpriseMetaInPartition(structs.WildcardSpecifier) + authz, err := d.ACLResolver.ResolveTokenAndDefaultMeta(token, entMeta, &authzContext) + if err != nil { + return nil, status.Error(codes.Unauthenticated, err.Error()) + } + if err := authz.ToAllowAuthorizer().ServiceWriteAnyAllowed(&authzContext); err != nil { + return nil, status.Error(codes.PermissionDenied, err.Error()) + } + + supportedFeatures := []*pbdataplane.DataplaneFeatureSupport{ + { + FeatureName: pbdataplane.DataplaneFeatures_WATCH_SERVERS, + Supported: true, + }, + { + FeatureName: pbdataplane.DataplaneFeatures_EDGE_CERTIFICATE_MANAGEMENT, + Supported: true, + }, + { + FeatureName: pbdataplane.DataplaneFeatures_ENVOY_BOOTSTRAP_CONFIGURATION, + Supported: true, + }, + } + + return &pbdataplane.SupportedDataplaneFeaturesResponse{SupportedDataplaneFeatures: supportedFeatures}, nil +} diff --git a/agent/grpc/public/services/dataplane/get_supported_features_test.go b/agent/grpc/public/services/dataplane/get_supported_features_test.go new file mode 100644 index 000000000..2b3c5e76d --- /dev/null +++ b/agent/grpc/public/services/dataplane/get_supported_features_test.go @@ -0,0 +1,82 @@ +package dataplane + +import ( + "context" + "testing" + + "github.com/hashicorp/consul/acl" + "github.com/hashicorp/consul/agent/grpc/public" + "github.com/hashicorp/consul/agent/grpc/public/testutils" + "github.com/hashicorp/consul/proto-public/pbdataplane" + "github.com/hashicorp/go-hclog" + mock "github.com/stretchr/testify/mock" + "github.com/stretchr/testify/require" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/status" +) + +const testACLToken = "acl-token" + +func TestSupportedDataplaneFeatures_Success(t *testing.T) { + // Mock the ACL Resolver to return an authorizer with `service:write`. + aclResolver := &MockACLResolver{} + aclResolver.On("ResolveTokenAndDefaultMeta", testACLToken, mock.Anything, mock.Anything). + Return(testutils.TestAuthorizer(t), nil) + ctx := public.ContextWithToken(context.Background(), testACLToken) + server := NewServer(Config{ + Logger: hclog.NewNullLogger(), + ACLResolver: aclResolver, + }) + + client := testClient(t, server) + resp, err := client.SupportedDataplaneFeatures(ctx, &pbdataplane.SupportedDataplaneFeaturesRequest{}) + require.NoError(t, err) + require.Equal(t, 3, len(resp.SupportedDataplaneFeatures)) + + for _, feature := range resp.SupportedDataplaneFeatures { + switch feature.GetFeatureName() { + case pbdataplane.DataplaneFeatures_EDGE_CERTIFICATE_MANAGEMENT: + require.True(t, feature.GetSupported()) + case pbdataplane.DataplaneFeatures_WATCH_SERVERS: + require.True(t, feature.GetSupported()) + case pbdataplane.DataplaneFeatures_ENVOY_BOOTSTRAP_CONFIGURATION: + require.True(t, feature.GetSupported()) + default: + require.False(t, feature.GetSupported()) + } + } +} + +func TestSupportedDataplaneFeatures_Unauthenticated(t *testing.T) { + // Mock the ACL resolver to return ErrNotFound. + aclResolver := &MockACLResolver{} + aclResolver.On("ResolveTokenAndDefaultMeta", mock.Anything, mock.Anything, mock.Anything). + Return(nil, acl.ErrNotFound) + ctx := public.ContextWithToken(context.Background(), testACLToken) + server := NewServer(Config{ + Logger: hclog.NewNullLogger(), + ACLResolver: aclResolver, + }) + client := testClient(t, server) + resp, err := client.SupportedDataplaneFeatures(ctx, &pbdataplane.SupportedDataplaneFeaturesRequest{}) + require.Error(t, err) + require.Equal(t, codes.Unauthenticated.String(), status.Code(err).String()) + require.Nil(t, resp) +} + +func TestSupportedDataplaneFeatures_PermissionDenied(t *testing.T) { + // Mock the ACL resolver to return ErrNotFound. + aclResolver := &MockACLResolver{} + aclResolver.On("ResolveTokenAndDefaultMeta", testACLToken, mock.Anything, mock.Anything). + Return(acl.DenyAll(), nil) + ctx := public.ContextWithToken(context.Background(), testACLToken) + server := NewServer(Config{ + Logger: hclog.NewNullLogger(), + ACLResolver: aclResolver, + }) + client := testClient(t, server) + resp, err := client.SupportedDataplaneFeatures(ctx, &pbdataplane.SupportedDataplaneFeaturesRequest{}) + require.Error(t, err) + require.Equal(t, codes.PermissionDenied.String(), status.Code(err).String()) + require.Nil(t, resp) +} diff --git a/agent/grpc/public/services/dataplane/mock_ACLResolver.go b/agent/grpc/public/services/dataplane/mock_ACLResolver.go new file mode 100644 index 000000000..364e17e66 --- /dev/null +++ b/agent/grpc/public/services/dataplane/mock_ACLResolver.go @@ -0,0 +1,38 @@ +// Code generated by mockery v1.0.0. DO NOT EDIT. + +package dataplane + +import ( + acl "github.com/hashicorp/consul/acl" + mock "github.com/stretchr/testify/mock" + + structs "github.com/hashicorp/consul/agent/structs" +) + +// MockACLResolver is an autogenerated mock type for the ACLResolver type +type MockACLResolver struct { + mock.Mock +} + +// ResolveTokenAndDefaultMeta provides a mock function with given fields: _a0, _a1, _a2 +func (_m *MockACLResolver) ResolveTokenAndDefaultMeta(_a0 string, _a1 *structs.EnterpriseMeta, _a2 *acl.AuthorizerContext) (acl.Authorizer, error) { + ret := _m.Called(_a0, _a1, _a2) + + var r0 acl.Authorizer + if rf, ok := ret.Get(0).(func(string, *structs.EnterpriseMeta, *acl.AuthorizerContext) acl.Authorizer); ok { + r0 = rf(_a0, _a1, _a2) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(acl.Authorizer) + } + } + + var r1 error + if rf, ok := ret.Get(1).(func(string, *structs.EnterpriseMeta, *acl.AuthorizerContext) error); ok { + r1 = rf(_a0, _a1, _a2) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} diff --git a/agent/grpc/public/services/dataplane/server.go b/agent/grpc/public/services/dataplane/server.go new file mode 100644 index 000000000..90a050e22 --- /dev/null +++ b/agent/grpc/public/services/dataplane/server.go @@ -0,0 +1,33 @@ +package dataplane + +import ( + "github.com/hashicorp/consul/acl" + "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/proto-public/pbdataplane" + "github.com/hashicorp/go-hclog" + "google.golang.org/grpc" +) + +type Server struct { + Config +} + +type Config struct { + Logger hclog.Logger + ACLResolver ACLResolver +} + +//go:generate mockery -name ACLResolver -inpkg +type ACLResolver interface { + ResolveTokenAndDefaultMeta(string, *structs.EnterpriseMeta, *acl.AuthorizerContext) (acl.Authorizer, error) +} + +func NewServer(cfg Config) *Server { + return &Server{cfg} +} + +var _ pbdataplane.DataplaneServiceServer = (*Server)(nil) + +func (s *Server) Register(grpcServer *grpc.Server) { + pbdataplane.RegisterDataplaneServiceServer(grpcServer, s) +} diff --git a/agent/grpc/public/services/dataplane/server_test.go b/agent/grpc/public/services/dataplane/server_test.go new file mode 100644 index 000000000..5a9186c5a --- /dev/null +++ b/agent/grpc/public/services/dataplane/server_test.go @@ -0,0 +1,40 @@ +package dataplane + +import ( + "context" + "net" + "testing" + + "github.com/hashicorp/consul/proto-public/pbdataplane" + "github.com/stretchr/testify/require" + "google.golang.org/grpc" +) + +func testClient(t *testing.T, server *Server) pbdataplane.DataplaneServiceClient { + t.Helper() + + addr := RunTestServer(t, server) + + conn, err := grpc.DialContext(context.Background(), addr.String(), grpc.WithInsecure()) + require.NoError(t, err) + t.Cleanup(func() { + require.NoError(t, conn.Close()) + }) + + return pbdataplane.NewDataplaneServiceClient(conn) +} + +func RunTestServer(t *testing.T, server *Server) net.Addr { + t.Helper() + + lis, err := net.Listen("tcp", "127.0.0.1:0") + require.NoError(t, err) + + grpcServer := grpc.NewServer() + server.Register(grpcServer) + + go grpcServer.Serve(lis) + t.Cleanup(grpcServer.Stop) + + return lis.Addr() +} diff --git a/agent/grpc/public/services/connectca/acl_test.go b/agent/grpc/public/testutils/acl.go similarity index 69% rename from agent/grpc/public/services/connectca/acl_test.go rename to agent/grpc/public/testutils/acl.go index bac0e342e..0c640d266 100644 --- a/agent/grpc/public/services/connectca/acl_test.go +++ b/agent/grpc/public/testutils/acl.go @@ -1,16 +1,13 @@ -package connectca +package testutils import ( "testing" - "github.com/stretchr/testify/require" - "github.com/hashicorp/consul/acl" + "github.com/stretchr/testify/require" ) -// testAuthorizer returns an ACL policy authorizer with `service:write` on an -// arbitrary service. -func testAuthorizer(t *testing.T) acl.Authorizer { +func TestAuthorizer(t *testing.T) acl.Authorizer { t.Helper() policy, err := acl.NewPolicyFromSource(` diff --git a/proto-public/pbdataplane/dataplane.pb.binary.go b/proto-public/pbdataplane/dataplane.pb.binary.go new file mode 100644 index 000000000..aae9be911 --- /dev/null +++ b/proto-public/pbdataplane/dataplane.pb.binary.go @@ -0,0 +1,38 @@ +// Code generated by protoc-gen-go-binary. DO NOT EDIT. +// source: proto-public/pbdataplane/dataplane.proto + +package pbdataplane + +import ( + "github.com/golang/protobuf/proto" +) + +// MarshalBinary implements encoding.BinaryMarshaler +func (msg *SupportedDataplaneFeaturesRequest) MarshalBinary() ([]byte, error) { + return proto.Marshal(msg) +} + +// UnmarshalBinary implements encoding.BinaryUnmarshaler +func (msg *SupportedDataplaneFeaturesRequest) UnmarshalBinary(b []byte) error { + return proto.Unmarshal(b, msg) +} + +// MarshalBinary implements encoding.BinaryMarshaler +func (msg *DataplaneFeatureSupport) MarshalBinary() ([]byte, error) { + return proto.Marshal(msg) +} + +// UnmarshalBinary implements encoding.BinaryUnmarshaler +func (msg *DataplaneFeatureSupport) UnmarshalBinary(b []byte) error { + return proto.Unmarshal(b, msg) +} + +// MarshalBinary implements encoding.BinaryMarshaler +func (msg *SupportedDataplaneFeaturesResponse) MarshalBinary() ([]byte, error) { + return proto.Marshal(msg) +} + +// UnmarshalBinary implements encoding.BinaryUnmarshaler +func (msg *SupportedDataplaneFeaturesResponse) UnmarshalBinary(b []byte) error { + return proto.Unmarshal(b, msg) +} diff --git a/proto-public/pbdataplane/dataplane.pb.go b/proto-public/pbdataplane/dataplane.pb.go new file mode 100644 index 000000000..c5e48a241 --- /dev/null +++ b/proto-public/pbdataplane/dataplane.pb.go @@ -0,0 +1,448 @@ +// Package dataplane provides a service on Consul servers for the Consul Dataplane + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.23.0 +// protoc v3.15.8 +// source: proto-public/pbdataplane/dataplane.proto + +package pbdataplane + +import ( + context "context" + proto "github.com/golang/protobuf/proto" + grpc "google.golang.org/grpc" + codes "google.golang.org/grpc/codes" + status "google.golang.org/grpc/status" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// This is a compile-time assertion that a sufficiently up-to-date version +// of the legacy proto package is being used. +const _ = proto.ProtoPackageIsVersion4 + +type DataplaneFeatures int32 + +const ( + DataplaneFeatures_UNKNOWN DataplaneFeatures = 0 + DataplaneFeatures_WATCH_SERVERS DataplaneFeatures = 1 + DataplaneFeatures_EDGE_CERTIFICATE_MANAGEMENT DataplaneFeatures = 2 + DataplaneFeatures_ENVOY_BOOTSTRAP_CONFIGURATION DataplaneFeatures = 3 +) + +// Enum value maps for DataplaneFeatures. +var ( + DataplaneFeatures_name = map[int32]string{ + 0: "UNKNOWN", + 1: "WATCH_SERVERS", + 2: "EDGE_CERTIFICATE_MANAGEMENT", + 3: "ENVOY_BOOTSTRAP_CONFIGURATION", + } + DataplaneFeatures_value = map[string]int32{ + "UNKNOWN": 0, + "WATCH_SERVERS": 1, + "EDGE_CERTIFICATE_MANAGEMENT": 2, + "ENVOY_BOOTSTRAP_CONFIGURATION": 3, + } +) + +func (x DataplaneFeatures) Enum() *DataplaneFeatures { + p := new(DataplaneFeatures) + *p = x + return p +} + +func (x DataplaneFeatures) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (DataplaneFeatures) Descriptor() protoreflect.EnumDescriptor { + return file_proto_public_pbdataplane_dataplane_proto_enumTypes[0].Descriptor() +} + +func (DataplaneFeatures) Type() protoreflect.EnumType { + return &file_proto_public_pbdataplane_dataplane_proto_enumTypes[0] +} + +func (x DataplaneFeatures) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use DataplaneFeatures.Descriptor instead. +func (DataplaneFeatures) EnumDescriptor() ([]byte, []int) { + return file_proto_public_pbdataplane_dataplane_proto_rawDescGZIP(), []int{0} +} + +type SupportedDataplaneFeaturesRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields +} + +func (x *SupportedDataplaneFeaturesRequest) Reset() { + *x = SupportedDataplaneFeaturesRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_public_pbdataplane_dataplane_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *SupportedDataplaneFeaturesRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*SupportedDataplaneFeaturesRequest) ProtoMessage() {} + +func (x *SupportedDataplaneFeaturesRequest) ProtoReflect() protoreflect.Message { + mi := &file_proto_public_pbdataplane_dataplane_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use SupportedDataplaneFeaturesRequest.ProtoReflect.Descriptor instead. +func (*SupportedDataplaneFeaturesRequest) Descriptor() ([]byte, []int) { + return file_proto_public_pbdataplane_dataplane_proto_rawDescGZIP(), []int{0} +} + +type DataplaneFeatureSupport struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + FeatureName DataplaneFeatures `protobuf:"varint,1,opt,name=feature_name,json=featureName,proto3,enum=dataplane.DataplaneFeatures" json:"feature_name,omitempty"` + Supported bool `protobuf:"varint,2,opt,name=supported,proto3" json:"supported,omitempty"` +} + +func (x *DataplaneFeatureSupport) Reset() { + *x = DataplaneFeatureSupport{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_public_pbdataplane_dataplane_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *DataplaneFeatureSupport) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*DataplaneFeatureSupport) ProtoMessage() {} + +func (x *DataplaneFeatureSupport) ProtoReflect() protoreflect.Message { + mi := &file_proto_public_pbdataplane_dataplane_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use DataplaneFeatureSupport.ProtoReflect.Descriptor instead. +func (*DataplaneFeatureSupport) Descriptor() ([]byte, []int) { + return file_proto_public_pbdataplane_dataplane_proto_rawDescGZIP(), []int{1} +} + +func (x *DataplaneFeatureSupport) GetFeatureName() DataplaneFeatures { + if x != nil { + return x.FeatureName + } + return DataplaneFeatures_UNKNOWN +} + +func (x *DataplaneFeatureSupport) GetSupported() bool { + if x != nil { + return x.Supported + } + return false +} + +type SupportedDataplaneFeaturesResponse struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + SupportedDataplaneFeatures []*DataplaneFeatureSupport `protobuf:"bytes,1,rep,name=supported_dataplane_features,json=supportedDataplaneFeatures,proto3" json:"supported_dataplane_features,omitempty"` +} + +func (x *SupportedDataplaneFeaturesResponse) Reset() { + *x = SupportedDataplaneFeaturesResponse{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_public_pbdataplane_dataplane_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *SupportedDataplaneFeaturesResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*SupportedDataplaneFeaturesResponse) ProtoMessage() {} + +func (x *SupportedDataplaneFeaturesResponse) ProtoReflect() protoreflect.Message { + mi := &file_proto_public_pbdataplane_dataplane_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use SupportedDataplaneFeaturesResponse.ProtoReflect.Descriptor instead. +func (*SupportedDataplaneFeaturesResponse) Descriptor() ([]byte, []int) { + return file_proto_public_pbdataplane_dataplane_proto_rawDescGZIP(), []int{2} +} + +func (x *SupportedDataplaneFeaturesResponse) GetSupportedDataplaneFeatures() []*DataplaneFeatureSupport { + if x != nil { + return x.SupportedDataplaneFeatures + } + return nil +} + +var File_proto_public_pbdataplane_dataplane_proto protoreflect.FileDescriptor + +var file_proto_public_pbdataplane_dataplane_proto_rawDesc = []byte{ + 0x0a, 0x28, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, + 0x62, 0x64, 0x61, 0x74, 0x61, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2f, 0x64, 0x61, 0x74, 0x61, 0x70, + 0x6c, 0x61, 0x6e, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x09, 0x64, 0x61, 0x74, 0x61, + 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x22, 0x23, 0x0a, 0x21, 0x53, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, + 0x65, 0x64, 0x44, 0x61, 0x74, 0x61, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x46, 0x65, 0x61, 0x74, 0x75, + 0x72, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x78, 0x0a, 0x17, 0x44, 0x61, + 0x74, 0x61, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x53, 0x75, + 0x70, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x3f, 0x0a, 0x0c, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, + 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1c, 0x2e, 0x64, 0x61, + 0x74, 0x61, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2e, 0x44, 0x61, 0x74, 0x61, 0x70, 0x6c, 0x61, 0x6e, + 0x65, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x52, 0x0b, 0x66, 0x65, 0x61, 0x74, 0x75, + 0x72, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x75, 0x70, 0x70, 0x6f, 0x72, + 0x74, 0x65, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x73, 0x75, 0x70, 0x70, 0x6f, + 0x72, 0x74, 0x65, 0x64, 0x22, 0x8a, 0x01, 0x0a, 0x22, 0x53, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, + 0x65, 0x64, 0x44, 0x61, 0x74, 0x61, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x46, 0x65, 0x61, 0x74, 0x75, + 0x72, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x64, 0x0a, 0x1c, 0x73, + 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x65, 0x64, 0x5f, 0x64, 0x61, 0x74, 0x61, 0x70, 0x6c, 0x61, + 0x6e, 0x65, 0x5f, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, + 0x0b, 0x32, 0x22, 0x2e, 0x64, 0x61, 0x74, 0x61, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2e, 0x44, 0x61, + 0x74, 0x61, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x53, 0x75, + 0x70, 0x70, 0x6f, 0x72, 0x74, 0x52, 0x1a, 0x73, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x65, 0x64, + 0x44, 0x61, 0x74, 0x61, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, + 0x73, 0x2a, 0x77, 0x0a, 0x11, 0x44, 0x61, 0x74, 0x61, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x46, 0x65, + 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, + 0x4e, 0x10, 0x00, 0x12, 0x11, 0x0a, 0x0d, 0x57, 0x41, 0x54, 0x43, 0x48, 0x5f, 0x53, 0x45, 0x52, + 0x56, 0x45, 0x52, 0x53, 0x10, 0x01, 0x12, 0x1f, 0x0a, 0x1b, 0x45, 0x44, 0x47, 0x45, 0x5f, 0x43, + 0x45, 0x52, 0x54, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x5f, 0x4d, 0x41, 0x4e, 0x41, 0x47, + 0x45, 0x4d, 0x45, 0x4e, 0x54, 0x10, 0x02, 0x12, 0x21, 0x0a, 0x1d, 0x45, 0x4e, 0x56, 0x4f, 0x59, + 0x5f, 0x42, 0x4f, 0x4f, 0x54, 0x53, 0x54, 0x52, 0x41, 0x50, 0x5f, 0x43, 0x4f, 0x4e, 0x46, 0x49, + 0x47, 0x55, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x10, 0x03, 0x32, 0x8f, 0x01, 0x0a, 0x10, 0x44, + 0x61, 0x74, 0x61, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, + 0x7b, 0x0a, 0x1a, 0x53, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x65, 0x64, 0x44, 0x61, 0x74, 0x61, + 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x12, 0x2c, 0x2e, + 0x64, 0x61, 0x74, 0x61, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2e, 0x53, 0x75, 0x70, 0x70, 0x6f, 0x72, + 0x74, 0x65, 0x64, 0x44, 0x61, 0x74, 0x61, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x46, 0x65, 0x61, 0x74, + 0x75, 0x72, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2d, 0x2e, 0x64, 0x61, + 0x74, 0x61, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2e, 0x53, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x65, + 0x64, 0x44, 0x61, 0x74, 0x61, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, + 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x42, 0x36, 0x5a, 0x34, + 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, + 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x64, 0x61, 0x74, 0x61, 0x70, + 0x6c, 0x61, 0x6e, 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var ( + file_proto_public_pbdataplane_dataplane_proto_rawDescOnce sync.Once + file_proto_public_pbdataplane_dataplane_proto_rawDescData = file_proto_public_pbdataplane_dataplane_proto_rawDesc +) + +func file_proto_public_pbdataplane_dataplane_proto_rawDescGZIP() []byte { + file_proto_public_pbdataplane_dataplane_proto_rawDescOnce.Do(func() { + file_proto_public_pbdataplane_dataplane_proto_rawDescData = protoimpl.X.CompressGZIP(file_proto_public_pbdataplane_dataplane_proto_rawDescData) + }) + return file_proto_public_pbdataplane_dataplane_proto_rawDescData +} + +var file_proto_public_pbdataplane_dataplane_proto_enumTypes = make([]protoimpl.EnumInfo, 1) +var file_proto_public_pbdataplane_dataplane_proto_msgTypes = make([]protoimpl.MessageInfo, 3) +var file_proto_public_pbdataplane_dataplane_proto_goTypes = []interface{}{ + (DataplaneFeatures)(0), // 0: dataplane.DataplaneFeatures + (*SupportedDataplaneFeaturesRequest)(nil), // 1: dataplane.SupportedDataplaneFeaturesRequest + (*DataplaneFeatureSupport)(nil), // 2: dataplane.DataplaneFeatureSupport + (*SupportedDataplaneFeaturesResponse)(nil), // 3: dataplane.SupportedDataplaneFeaturesResponse +} +var file_proto_public_pbdataplane_dataplane_proto_depIdxs = []int32{ + 0, // 0: dataplane.DataplaneFeatureSupport.feature_name:type_name -> dataplane.DataplaneFeatures + 2, // 1: dataplane.SupportedDataplaneFeaturesResponse.supported_dataplane_features:type_name -> dataplane.DataplaneFeatureSupport + 1, // 2: dataplane.DataplaneService.SupportedDataplaneFeatures:input_type -> dataplane.SupportedDataplaneFeaturesRequest + 3, // 3: dataplane.DataplaneService.SupportedDataplaneFeatures:output_type -> dataplane.SupportedDataplaneFeaturesResponse + 3, // [3:4] is the sub-list for method output_type + 2, // [2:3] is the sub-list for method input_type + 2, // [2:2] is the sub-list for extension type_name + 2, // [2:2] is the sub-list for extension extendee + 0, // [0:2] is the sub-list for field type_name +} + +func init() { file_proto_public_pbdataplane_dataplane_proto_init() } +func file_proto_public_pbdataplane_dataplane_proto_init() { + if File_proto_public_pbdataplane_dataplane_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_proto_public_pbdataplane_dataplane_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*SupportedDataplaneFeaturesRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_proto_public_pbdataplane_dataplane_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*DataplaneFeatureSupport); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_proto_public_pbdataplane_dataplane_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*SupportedDataplaneFeaturesResponse); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_proto_public_pbdataplane_dataplane_proto_rawDesc, + NumEnums: 1, + NumMessages: 3, + NumExtensions: 0, + NumServices: 1, + }, + GoTypes: file_proto_public_pbdataplane_dataplane_proto_goTypes, + DependencyIndexes: file_proto_public_pbdataplane_dataplane_proto_depIdxs, + EnumInfos: file_proto_public_pbdataplane_dataplane_proto_enumTypes, + MessageInfos: file_proto_public_pbdataplane_dataplane_proto_msgTypes, + }.Build() + File_proto_public_pbdataplane_dataplane_proto = out.File + file_proto_public_pbdataplane_dataplane_proto_rawDesc = nil + file_proto_public_pbdataplane_dataplane_proto_goTypes = nil + file_proto_public_pbdataplane_dataplane_proto_depIdxs = nil +} + +// Reference imports to suppress errors if they are not otherwise used. +var _ context.Context +var _ grpc.ClientConnInterface + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the grpc package it is being compiled against. +const _ = grpc.SupportPackageIsVersion6 + +// DataplaneServiceClient is the client API for DataplaneService service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream. +type DataplaneServiceClient interface { + SupportedDataplaneFeatures(ctx context.Context, in *SupportedDataplaneFeaturesRequest, opts ...grpc.CallOption) (*SupportedDataplaneFeaturesResponse, error) +} + +type dataplaneServiceClient struct { + cc grpc.ClientConnInterface +} + +func NewDataplaneServiceClient(cc grpc.ClientConnInterface) DataplaneServiceClient { + return &dataplaneServiceClient{cc} +} + +func (c *dataplaneServiceClient) SupportedDataplaneFeatures(ctx context.Context, in *SupportedDataplaneFeaturesRequest, opts ...grpc.CallOption) (*SupportedDataplaneFeaturesResponse, error) { + out := new(SupportedDataplaneFeaturesResponse) + err := c.cc.Invoke(ctx, "/dataplane.DataplaneService/SupportedDataplaneFeatures", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +// DataplaneServiceServer is the server API for DataplaneService service. +type DataplaneServiceServer interface { + SupportedDataplaneFeatures(context.Context, *SupportedDataplaneFeaturesRequest) (*SupportedDataplaneFeaturesResponse, error) +} + +// UnimplementedDataplaneServiceServer can be embedded to have forward compatible implementations. +type UnimplementedDataplaneServiceServer struct { +} + +func (*UnimplementedDataplaneServiceServer) SupportedDataplaneFeatures(context.Context, *SupportedDataplaneFeaturesRequest) (*SupportedDataplaneFeaturesResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method SupportedDataplaneFeatures not implemented") +} + +func RegisterDataplaneServiceServer(s *grpc.Server, srv DataplaneServiceServer) { + s.RegisterService(&_DataplaneService_serviceDesc, srv) +} + +func _DataplaneService_SupportedDataplaneFeatures_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(SupportedDataplaneFeaturesRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(DataplaneServiceServer).SupportedDataplaneFeatures(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/dataplane.DataplaneService/SupportedDataplaneFeatures", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(DataplaneServiceServer).SupportedDataplaneFeatures(ctx, req.(*SupportedDataplaneFeaturesRequest)) + } + return interceptor(ctx, in, info, handler) +} + +var _DataplaneService_serviceDesc = grpc.ServiceDesc{ + ServiceName: "dataplane.DataplaneService", + HandlerType: (*DataplaneServiceServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "SupportedDataplaneFeatures", + Handler: _DataplaneService_SupportedDataplaneFeatures_Handler, + }, + }, + Streams: []grpc.StreamDesc{}, + Metadata: "proto-public/pbdataplane/dataplane.proto", +} diff --git a/proto-public/pbdataplane/dataplane.proto b/proto-public/pbdataplane/dataplane.proto new file mode 100644 index 000000000..17789fc55 --- /dev/null +++ b/proto-public/pbdataplane/dataplane.proto @@ -0,0 +1,32 @@ +// Package dataplane provides a service on Consul servers for the Consul Dataplane + +syntax = "proto3"; + +package dataplane; + +option go_package = "github.com/hashicorp/consul/proto-public/pbdataplane"; + + +message SupportedDataplaneFeaturesRequest {} + +enum DataplaneFeatures { + UNKNOWN = 0; + WATCH_SERVERS = 1; + EDGE_CERTIFICATE_MANAGEMENT = 2; + ENVOY_BOOTSTRAP_CONFIGURATION = 3; +} + + +message DataplaneFeatureSupport { + DataplaneFeatures feature_name = 1; + bool supported = 2; +} + +message SupportedDataplaneFeaturesResponse { + repeated DataplaneFeatureSupport supported_dataplane_features = 1; +} + + +service DataplaneService { + rpc SupportedDataplaneFeatures(SupportedDataplaneFeaturesRequest) returns (SupportedDataplaneFeaturesResponse) {}; +} \ No newline at end of file From e7dfc7288496646e22a514937760c0e1a62542db Mon Sep 17 00:00:00 2001 From: Riddhi Shah Date: Tue, 5 Apr 2022 07:44:26 -0700 Subject: [PATCH 076/785] Add changelog --- .changelog/12695.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 .changelog/12695.txt diff --git a/.changelog/12695.txt b/.changelog/12695.txt new file mode 100644 index 000000000..e9eb3aef0 --- /dev/null +++ b/.changelog/12695.txt @@ -0,0 +1,3 @@ +```release-note:feature +New gRPC service and endpoint to return the list of supported consul dataplane features +``` \ No newline at end of file From a49cbf50dd6a1cc0ab1756f68d5b7297c1c6884d Mon Sep 17 00:00:00 2001 From: David Yu Date: Tue, 5 Apr 2022 07:46:14 -0700 Subject: [PATCH 077/785] docs: rename Connect Service Mesh Kubernetes to Consul Service Mesh on Kubernetes (#12690) * docs:rename Connect Service Mesh Kubernetes to Consul Service Mesh on Kubernetes --- website/content/docs/k8s/connect/index.mdx | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/website/content/docs/k8s/connect/index.mdx b/website/content/docs/k8s/connect/index.mdx index 928089142..7a3c472ca 100644 --- a/website/content/docs/k8s/connect/index.mdx +++ b/website/content/docs/k8s/connect/index.mdx @@ -1,26 +1,27 @@ --- layout: docs -page_title: Service Mesh - Kubernetes +page_title: Consul Service Mesh on Kubernetes description: >- - Connect is a feature built into to Consul that enables automatic + Consul Service Mesh is a feature built into to Consul that enables automatic service-to-service authorization and connection encryption across your Consul - services. Connect can be used with Kubernetes to secure pod communication with + services. Consul Service Mesh can be used with Kubernetes to secure pod communication with other services. --- -# Connect Service Mesh on Kubernetes +# Consul Service Mesh on Kubernetes -[Connect](/docs/connect) is a feature built into to Consul that enables +[Consul Service Mesh](/docs/connect) is a feature built into to Consul that enables automatic service-to-service authorization and connection encryption across -your Consul services. Connect can be used with Kubernetes to secure pod -communication with other pods and external Kubernetes services. +your Consul services. Consul Service Mesh can be used with Kubernetes to secure pod +communication with other pods and external Kubernetes services. Consul Connect is used interchangeably with the name +Consul Service Mesh and is what will be used to refer to for Service Mesh functionality within Consul. The Connect sidecar running Envoy can be automatically injected into pods in your cluster, making configuration for Kubernetes automatic. This functionality is provided by the [consul-k8s project](https://github.com/hashicorp/consul-k8s) and can be automatically installed and configured using the -[Consul Helm chart](/docs/k8s/installation/install). +[Consul Helm chart](/docs/k8s/installation/install#helm-chart-installation). ## Usage From 76cfe558669fdb42f930454b1da9a819f907b10d Mon Sep 17 00:00:00 2001 From: Riddhi Shah Date: Tue, 5 Apr 2022 09:08:37 -0700 Subject: [PATCH 078/785] Update .changelog/12695.txt Co-authored-by: Matt Keeler --- .changelog/12695.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.changelog/12695.txt b/.changelog/12695.txt index e9eb3aef0..9baaa3dcb 100644 --- a/.changelog/12695.txt +++ b/.changelog/12695.txt @@ -1,3 +1,3 @@ ```release-note:feature -New gRPC service and endpoint to return the list of supported consul dataplane features +grpc: New gRPC service and endpoint to return the list of supported consul dataplane features ``` \ No newline at end of file From 23200990db0dda2863cc7ac517791ae75b610ea5 Mon Sep 17 00:00:00 2001 From: Bryce Kalow Date: Tue, 5 Apr 2022 11:18:57 -0500 Subject: [PATCH 079/785] website: fix usages of img tag (#12696) --- website/.gitignore | 2 + website/Makefile | 80 ++++++++----------- website/README.md | 2 +- website/content/docs/ecs/architecture.mdx | 12 ++- .../content/docs/integrate/partnerships.mdx | 27 ++++++- website/next.config.js | 2 +- website/package.json | 4 +- website/{redirects.next.js => redirects.js} | 0 website/scripts/website-build.sh | 31 +++++++ website/scripts/website-start.sh | 25 ++++++ 10 files changed, 127 insertions(+), 58 deletions(-) rename website/{redirects.next.js => redirects.js} (100%) create mode 100755 website/scripts/website-build.sh create mode 100755 website/scripts/website-start.sh diff --git a/website/.gitignore b/website/.gitignore index 507cbf4e5..7d809dab7 100644 --- a/website/.gitignore +++ b/website/.gitignore @@ -6,3 +6,5 @@ out # As per Next.js conventions (https://nextjs.org/docs/basic-features/environment-variables#default-environment-variables) .env*.local + +website-preview diff --git a/website/Makefile b/website/Makefile index 7267737fa..485e1b884 100644 --- a/website/Makefile +++ b/website/Makefile @@ -1,54 +1,38 @@ +.DEFAULT_GOAL := website + +PWD=$$(pwd) +DOCKER_IMAGE="hashicorp/dev-portal" +DOCKER_IMAGE_LOCAL="dev-portal-local" +DOCKER_RUN_FLAGS=-it \ + --publish "3000:3000" \ + --rm \ + --tty \ + --volume "$(PWD)/content:/app/content" \ + --volume "$(PWD)/public:/app/public" \ + --volume "$(PWD)/data:/app/data" \ + --volume "$(PWD)/redirects.js:/app/redirects.js" \ + --volume "next-dir:/app/website-preview/.next" \ + --volume "$(PWD)/.env:/app/.env" \ + -e "REPO=consul" + # Default: run this if working on the website locally to run in watch mode. +.PHONY: website website: @echo "==> Downloading latest Docker image..." - @docker pull hashicorp/consul-website - @echo "==> Starting website in Docker..." - @docker run \ - --interactive \ - --rm \ - --tty \ - --workdir "/website" \ - --volume "$(shell pwd):/website" \ - --volume "/website/node_modules" \ - --publish "3000:3000" \ - hashicorp/consul-website \ - npm start + @docker pull $(DOCKER_IMAGE) + @echo "==> Starting website..." + @docker run $(DOCKER_RUN_FLAGS) $(DOCKER_IMAGE) -# This command will generate a static version of the website to the "out" folder. -build: - @echo "==> Downloading latest Docker image..." - @docker pull hashicorp/consul-website - @echo "==> Starting build in Docker..." - @docker run \ - --interactive \ - --rm \ - --tty \ - --workdir "/website" \ - --volume "$(shell pwd):/website" \ - --volume "/website/node_modules" \ - hashicorp/consul-website \ - npm run static +# Use this if you have run `website/build-local` to use the locally built image. +.PHONY: website/local +website/local: + @echo "==> Starting website from local image..." + @docker run $(DOCKER_RUN_FLAGS) $(DOCKER_IMAGE_LOCAL) -# If you are changing node dependencies locally, run this to generate a new -# local Docker image with the dependency changes included. -build-image: - @echo "==> Building Docker image..." - @docker build --tag hashicorp-consul-website-local . +# Run this to generate a new local Docker image. +.PHONY: website/build-local +website/build-local: + @echo "==> Building local Docker image" + @docker build https://github.com/hashicorp/dev-portal.git\#main \ + -t $(DOCKER_IMAGE_LOCAL) -# Use this if you have run `build-image` to use the locally built image -# rather than our CI-generated image to test dependency changes. -website-local: - @echo "==> Starting website in Docker..." - @docker run \ - --interactive \ - --rm \ - --tty \ - --workdir "/website" \ - --volume "$(shell pwd):/website" \ - --volume "/website/node_modules" \ - --publish "3000:3000" \ - hashicorp-consul-website-local \ - npm start - -.DEFAULT_GOAL := website -.PHONY: build build-image website website-local diff --git a/website/README.md b/website/README.md index 545bbd3f8..7428737ca 100644 --- a/website/README.md +++ b/website/README.md @@ -58,7 +58,7 @@ The website can be run locally through node.js or [Docker](https://www.docker.co Running the site locally is simple. Provided you have Docker installed, clone this repo, run `make`, and then visit `http://localhost:3000`. -The docker image is pre-built with all the website dependencies installed, which is what makes it so quick and simple, but also means if you need to change dependencies and test the changes within Docker, you'll need a new image. If this is something you need to do, you can run `make build-image` to generate a local Docker image with updated dependencies, then `make website-local` to use that image and preview. +The docker image is pre-built with all the website dependencies installed, which is what makes it so quick and simple, but also means if you need to change dependencies and test the changes within Docker, you'll need a new image. If this is something you need to do, you can run `make website/build-local` to generate a local Docker image with updated dependencies, then `make website/local` to use that image and preview. ### With Node diff --git a/website/content/docs/ecs/architecture.mdx b/website/content/docs/ecs/architecture.mdx index 766402fcc..03d8bf7bc 100644 --- a/website/content/docs/ecs/architecture.mdx +++ b/website/content/docs/ecs/architecture.mdx @@ -32,7 +32,11 @@ For more information about how Consul works in general, see Consul's [Architectu This diagram shows the timeline of a task starting up and all its containers: -Task Startup Timeline + + +![Task Startup Timeline](/img/ecs-task-startup.svg) + + - **T0:** ECS starts the task. The `consul-client` and `mesh-init` containers start: - `consul-client` uses the `retry-join` option to join the Consul cluster @@ -49,7 +53,11 @@ This diagram shows the timeline of a task starting up and all its containers: This diagram shows an example timeline of a task shutting down: -Task Shutdown Timeline + + +![Task Shutdown Timeline](/img/ecs-task-shutdown.svg) + + - **T0**: ECS sends a TERM signal to all containers. Each container reacts to the TERM signal: - `consul-client` begins to gracefully leave the Consul cluster. diff --git a/website/content/docs/integrate/partnerships.mdx b/website/content/docs/integrate/partnerships.mdx index b4bd3c10c..e7c5bb222 100644 --- a/website/content/docs/integrate/partnerships.mdx +++ b/website/content/docs/integrate/partnerships.mdx @@ -20,7 +20,11 @@ By leveraging Consul’s RESTful HTTP API system, prospective partners are able **The Consul ecosystem of integrations:** -Consul Architecture + + +![Consul Architecture](/img/consul_ecosystem_diagram2.png) + + **Data Plane**: These integrations extend Consul’s certificate management, secure ACL configuration, observability metrics and logging, and service discovery that allows for dynamic service mapping APM and logging tools, extend sidecar proxies to support Consul connect, and extend API gateways to allow Consul to route incoming traffic to the proxies for Connect-enabled services. @@ -36,7 +40,18 @@ By leveraging Consul’s RESTful HTTP API system, prospective partners are able **Consul integration verification badges**: Partners will be issued the Consul Enterprise badge for integrations that work with [Consul Enterprise features](https://www.consul.io/docs/enterprise) such as namespaces. Partners will be issued the HCP Consul badge for integrations validated to work with [HCP Consul](https://cloud.hashicorp.com/docs/consul/features). Each badge would be displayed on HashiCorp’s partner page as well as be available for posting on the partner’s own website to provide better visibility and differentiation of the integration for joint customers. - + + + +![Consul Enterprise Badge](/img/consul_enterprise_partner_badge.png) + + + + +![HCP Consul](/img/HCPc_badge.png) + + + Developing a valid integration with either Consul Enterprise or HCP Consul also qualifies the partner for the Premier tier of the HashiCorp Technology Partners program. The process for verification of these integrations is detailed below. @@ -44,7 +59,11 @@ Developing a valid integration with either Consul Enterprise or HCP Consul also The Consul integration development process is described in the steps below. By following these steps, Consul integrations can be developed alongside HashiCorp to ensure new integrations are reviewed, approved and released as quickly as possible. -Integration Program Steps + + +![Integration Program Steps](/img/consul_integration_program_steps.png) + + 1. Engage: Initial contact between vendor and HashiCorp 2. Enable: Documentation, code samples and best practices for developing the integration @@ -168,4 +187,4 @@ Below is a checklist of steps that should be followed during the Consul integrat ## Contact Us -For any questions or feedback, please contact us at: [technologypartners@hashicorp.com](mailto:technologypartners@hashicorp.com) \ No newline at end of file +For any questions or feedback, please contact us at: [technologypartners@hashicorp.com](mailto:technologypartners@hashicorp.com) diff --git a/website/next.config.js b/website/next.config.js index f90501d0d..b46f9830b 100644 --- a/website/next.config.js +++ b/website/next.config.js @@ -1,5 +1,5 @@ const withHashicorp = require('@hashicorp/platform-nextjs-plugin') -const redirects = require('./redirects.next') +const redirects = require('./redirects') module.exports = withHashicorp({ dato: { diff --git a/website/package.json b/website/package.json index e4235d9cb..e8067cee0 100644 --- a/website/package.json +++ b/website/package.json @@ -72,14 +72,14 @@ }, "main": "index.js", "scripts": { - "build": "node --max-old-space-size=4096 ./node_modules/.bin/next build", + "build": "./scripts/website-build.sh", "dynamic": "NODE_ENV=production next build && next start", "export": "node --max-old-space-size=4096 ./node_modules/.bin/next export", "format": "next-hashicorp format", "generate:component": "next-hashicorp generate component", "generate:readme": "next-hashicorp markdown-blocks README.md", "lint": "next-hashicorp lint", - "start": "next-remote-watch './content/**/*.mdx'", + "start": "./scripts/website-start.sh", "static": "npm run build && npm run export && cp _redirects out/.", "linkcheck": "linkcheck https://consul.io" }, diff --git a/website/redirects.next.js b/website/redirects.js similarity index 100% rename from website/redirects.next.js rename to website/redirects.js diff --git a/website/scripts/website-build.sh b/website/scripts/website-build.sh new file mode 100755 index 000000000..1c3e5bd77 --- /dev/null +++ b/website/scripts/website-build.sh @@ -0,0 +1,31 @@ +# Repo which we are cloning and executing npm run build:deploy-preview within +REPO_TO_CLONE=dev-portal +# Set the subdirectory name for the base project +PREVIEW_DIR=website-preview +# The directory we want to clone the project into +CLONE_DIR=website-preview +# The product for which we are building the deploy preview +PRODUCT=consul + +from_cache=false + +if [ -d "$PREVIEW_DIR" ]; then + echo "$PREVIEW_DIR found" + CLONE_DIR="$PREVIEW_DIR-tmp" + from_cache=true +fi + +# Clone the base project, if needed +echo "⏳ Cloning the $REPO_TO_CLONE repo, this might take a while..." +git clone --depth=1 "https://github.com/hashicorp/$REPO_TO_CLONE.git" "$CLONE_DIR" + +if [ "$from_cache" = true ]; then + echo "Setting up $PREVIEW_DIR" + cp -R "./$CLONE_DIR/." "./$PREVIEW_DIR" +fi + +# cd into the preview directory project +cd "$PREVIEW_DIR" + +# Run the build:deploy-preview start script +REPO=$PRODUCT DEV_IO=$PRODUCT IS_CONTENT_PREVIEW=true HASHI_ENV=project-preview npm run build:deploy-preview diff --git a/website/scripts/website-start.sh b/website/scripts/website-start.sh new file mode 100755 index 000000000..0f2a5212b --- /dev/null +++ b/website/scripts/website-start.sh @@ -0,0 +1,25 @@ +# Repo which we are cloning and executing npm run build:deploy-preview within +REPO_TO_CLONE=dev-portal +# Set the subdirectory name for the dev-portal app +PREVIEW_DIR=website-preview +# The product for which we are building the deploy preview +PRODUCT=consul + +should_pull=true + +# Clone the dev-portal project, if needed +if [ ! -d "$PREVIEW_DIR" ]; then + echo "⏳ Cloning the $REPO_TO_CLONE repo, this might take a while..." + git clone --depth=1 https://github.com/hashicorp/$REPO_TO_CLONE.git "$PREVIEW_DIR" + should_pull=false +fi + +cd "$PREVIEW_DIR" + +# If the directory already existed, pull to ensure the clone is fresh +if [ "$should_pull" = true ]; then + git pull origin main +fi + +# Run the dev-portal content-repo start script +REPO=$PRODUCT PREVIEW_DIR="$PREVIEW_DIR" npm run start:local-preview From 744d79f55c25158df98f6655ca6caa2fc839eb6e Mon Sep 17 00:00:00 2001 From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com> Date: Tue, 5 Apr 2022 11:58:07 -0500 Subject: [PATCH 080/785] build: conditionally install or reinstall protobuf supporting tools as needed (#12674) --- GNUmakefile | 72 ++---- build-support/functions/00-vars.sh | 2 +- build-support/functions/10-util.sh | 6 + build-support/scripts/build-docker.sh | 17 +- build-support/scripts/functions.sh | 8 +- build-support/scripts/proto-gen.sh | 162 ------------ build-support/scripts/protobuf.sh | 340 ++++++++++++++++++++++++++ build-support/scripts/release.sh | 19 +- build-support/scripts/version.sh | 19 +- 9 files changed, 387 insertions(+), 258 deletions(-) delete mode 100755 build-support/scripts/proto-gen.sh create mode 100755 build-support/scripts/protobuf.sh diff --git a/GNUmakefile b/GNUmakefile index ecd0e8e38..36ef83b2c 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -12,23 +12,23 @@ GOTOOLS = \ github.com/hashicorp/lint-consul-retry@master PROTOC_VERSION=3.15.8 -PROTOC_OS := $(shell if test "$$(uname)" == "Darwin"; then echo osx; else echo linux; fi) -PROTOC_ZIP := protoc-$(PROTOC_VERSION)-$(PROTOC_OS)-x86_64.zip -PROTOC_URL := https://github.com/protocolbuffers/protobuf/releases/download/v$(PROTOC_VERSION)/$(PROTOC_ZIP) -PROTOC_ROOT := .protobuf/protoc-$(PROTOC_OS)-$(PROTOC_VERSION) -PROTOC_BIN := $(PROTOC_ROOT)/bin/protoc -GOPROTOVERSION?=$(shell grep github.com/golang/protobuf go.mod | awk '{print $$2}') -GOPROTOTOOLS = \ - github.com/golang/protobuf/protoc-gen-go@$(GOPROTOVERSION) \ - github.com/hashicorp/protoc-gen-go-binary@master \ - github.com/favadi/protoc-go-inject-tag@v1.3.0 \ - github.com/hashicorp/mog@v0.2.0 + +### +# MOG_VERSION can be either a valid string for "go install @" +# or the string @DEV to imply use whatever is currently installed locally. +### +MOG_VERSION='v0.2.0' +### +# PROTOC_GO_INJECT_TAG_VERSION can be either a valid string for "go install @" +# or the string @DEV to imply use whatever is currently installed locally. +### +PROTOC_GO_INJECT_TAG_VERSION='v1.3.0' GOTAGS ?= GOPATH=$(shell go env GOPATH) MAIN_GOPATH=$(shell go env GOPATH | cut -d: -f1) -export PATH := $(PWD)/bin:$(PATH) +export PATH := $(PWD)/bin:$(GOPATH)/bin:$(PATH) ASSETFS_PATH?=agent/uiserver/bindata_assetfs.go # Get the git commit @@ -38,11 +38,6 @@ GIT_DIRTY?=$(shell test -n "`git status --porcelain`" && echo "+CHANGES" || true GIT_IMPORT=github.com/hashicorp/consul/version GOLDFLAGS=-X $(GIT_IMPORT).GitCommit=$(GIT_COMMIT)$(GIT_DIRTY) -PROTOFILES?=$(shell find . -name '*.proto' | grep -v 'vendor/' | grep -v '.protobuf' ) -PROTOGOFILES=$(PROTOFILES:.proto=.pb.go) -PROTOGOBINFILES=$(PROTOFILES:.proto=.pb.binary.go) -PROTO_MOG_ORDER=$(shell go list -tags '$(GOTAGS)' -deps ./proto/pb... | grep "consul/proto") - ifeq ($(FORCE_REBUILD),1) NOCACHE=--no-cache else @@ -304,11 +299,9 @@ tools: proto-tools done proto-tools: - @if [[ -d .gotools ]]; then rm -rf .gotools ; fi - @for TOOL in $(GOPROTOTOOLS); do \ - echo "=== TOOL: $$TOOL" ; \ - go install -v $$TOOL ; \ - done + @$(SHELL) $(CURDIR)/build-support/scripts/protobuf.sh \ + --protoc-version "$(PROTOC_VERSION)" \ + --tools-only version: @echo -n "Version: " @@ -359,39 +352,10 @@ else @go test -v ./agent -run Vault endif -.PHONY: protoc-install -protoc-install: - $(info locally installing protocol buffer compiler version if needed (expect: $(PROTOC_VERSION))) - @if [[ ! -x $(PROTOC_ROOT)/bin/protoc ]]; then \ - mkdir -p .protobuf/tmp ; \ - if [[ ! -f .protobuf/tmp/$(PROTOC_ZIP) ]]; then \ - ( cd .protobuf/tmp && curl -sSL "$(PROTOC_URL)" -o "$(PROTOC_ZIP)" ) ; \ - fi ; \ - mkdir -p $(PROTOC_ROOT) ; \ - unzip -d $(PROTOC_ROOT) .protobuf/tmp/$(PROTOC_ZIP) ; \ - chmod -R a+Xr $(PROTOC_ROOT) ; \ - chmod +x $(PROTOC_ROOT)/bin/protoc ; \ - fi - .PHONY: proto -proto: -protoc-files -mog-files - -.PHONY: -mog-files --mog-files: - @for FULL_PKG in $(PROTO_MOG_ORDER); do \ - PKG="$${FULL_PKG/#github.com\/hashicorp\/consul\//.\/}" ; \ - find "$$PKG" -name '*.gen.go' -delete ; \ - echo "mog -tags '$(GOTAGS)' -source \"$${PKG}/*.pb.go\"" ; \ - mog -tags '$(GOTAGS)' -source "$${PKG}/*.pb.go" ; \ - done - @echo "Generated all mog Go files" - -.PHONY: -protoc-files --protoc-files: protoc-install $(PROTOGOFILES) $(PROTOGOBINFILES) - @echo "Generated all protobuf Go files" - -%.pb.go %.pb.binary.go: %.proto - @$(SHELL) $(CURDIR)/build-support/scripts/proto-gen.sh --grpc --protoc-bin "$(PROTOC_BIN)" "$<" +proto: + @$(SHELL) $(CURDIR)/build-support/scripts/protobuf.sh \ + --protoc-version "$(PROTOC_VERSION)" # utility to echo a makefile variable (i.e. 'make print-PROTOC_VERSION') print-% : ; @echo $($*) diff --git a/build-support/functions/00-vars.sh b/build-support/functions/00-vars.sh index f4705f5d1..c9af7c60b 100644 --- a/build-support/functions/00-vars.sh +++ b/build-support/functions/00-vars.sh @@ -8,7 +8,7 @@ GO_BUILD_CONTAINER_DEFAULT="consul-build-go" # Whether to colorize shell output COLORIZE=${COLORIZE-1} -# determine GOPATH and the first GOPATH to use for intalling binaries +# determine GOPATH and the first GOPATH to use for installing binaries if command -v go >/dev/null; then GOPATH=${GOPATH:-$(go env GOPATH)} case $(uname) in diff --git a/build-support/functions/10-util.sh b/build-support/functions/10-util.sh index b116f2483..6a5f7282d 100644 --- a/build-support/functions/10-util.sh +++ b/build-support/functions/10-util.sh @@ -64,6 +64,12 @@ function debug_run { return $? } +function print_run { + echo "$@" + "$@" + return $? +} + function sed_i { if test "$(uname)" == "Darwin" then diff --git a/build-support/scripts/build-docker.sh b/build-support/scripts/build-docker.sh index ba9abfb96..83aa3f1cc 100755 --- a/build-support/scripts/build-docker.sh +++ b/build-support/scripts/build-docker.sh @@ -1,14 +1,9 @@ -#!/bin/bash -SCRIPT_NAME="$(basename ${BASH_SOURCE[0]})" -pushd $(dirname ${BASH_SOURCE[0]}) > /dev/null -SCRIPT_DIR=$(pwd) -pushd ../.. > /dev/null -SOURCE_DIR=$(pwd) -popd > /dev/null -pushd ../functions > /dev/null -FN_DIR=$(pwd) -popd > /dev/null -popd > /dev/null +#!/usr/bin/env bash + +readonly SCRIPT_NAME="$(basename ${BASH_SOURCE[0]})" +readonly SCRIPT_DIR="$(dirname "${BASH_SOURCE[0]}")" +readonly SOURCE_DIR="$(dirname "$(dirname "${SCRIPT_DIR}")")" +readonly FN_DIR="$(dirname "${SCRIPT_DIR}")/functions" source "${SCRIPT_DIR}/functions.sh" diff --git a/build-support/scripts/functions.sh b/build-support/scripts/functions.sh index 2ddae96f2..75beeb141 100755 --- a/build-support/scripts/functions.sh +++ b/build-support/scripts/functions.sh @@ -3,15 +3,11 @@ # # It provides all the scripting around building Consul and the release process -pushd $(dirname ${BASH_SOURCE[0]}) > /dev/null -pushd ../functions > /dev/null -FUNC_DIR=$(pwd) -popd > /dev/null -popd > /dev/null +readonly FUNC_DIR="$(dirname "$(dirname "${BASH_SOURCE[0]}")")/functions" func_sources=$(find ${FUNC_DIR} -mindepth 1 -maxdepth 1 -name "*.sh" -type f | sort -n) for src in $func_sources do source $src -done \ No newline at end of file +done diff --git a/build-support/scripts/proto-gen.sh b/build-support/scripts/proto-gen.sh deleted file mode 100755 index 693a29de1..000000000 --- a/build-support/scripts/proto-gen.sh +++ /dev/null @@ -1,162 +0,0 @@ -#!/usr/bin/env bash - -SCRIPT_NAME="$(basename ${BASH_SOURCE[0]})" -pushd $(dirname ${BASH_SOURCE[0]}) > /dev/null -SCRIPT_DIR=$(pwd) -pushd ../.. > /dev/null -SOURCE_DIR=$(pwd) -popd > /dev/null -pushd ../functions > /dev/null -FN_DIR=$(pwd) -popd > /dev/null -popd > /dev/null - -source "${SCRIPT_DIR}/functions.sh" - -function usage { -cat <<-EOF -Usage: ${SCRIPT_NAME} [] - -Description: - Generate the Go files from protobuf definitions. In addition to - running the protoc generator it will also fixup build tags in the - generated code. - -Options: - --protoc-bin Path to protoc. - --import-replace Replace imports of google types with those from the protobuf repo. - --grpc Enable the gRPC plugin - -h | --help Print this help text. -EOF -} - -function err_usage { - err "$1" - err "" - err "$(usage)" -} - -function main { - local -i grpc=0 - local proto_path= - local protoc_bin= - - while test $# -gt 0 - do - case "$1" in - -h | --help ) - usage - return 0 - ;; - --grpc ) - grpc=1 - shift - ;; - --protoc-bin ) - protoc_bin="$2" - shift 2 - ;; - * ) - proto_path="$1" - shift - ;; - esac - done - - if test -z "${proto_path}" - then - err_usage "ERROR: No proto file specified" - return 1 - fi - - if test -z "${protoc_bin}" - then - protoc_bin="$(command -v protoc)" - if test -z "${protoc_bin}" - then - err_usage "ERROR: no proto-bin specified and protoc could not be discovered" - return 1 - fi - fi - - - go mod download - - local golang_proto_path=$(go list -f '{{ .Dir }}' -m github.com/golang/protobuf) - local golang_proto_mod_path=$(sed -e 's,\(.*\)github.com.*,\1,' <<< "${golang_proto_path}") - - local proto_go_path=${proto_path%%.proto}.pb.go - local proto_go_bin_path=${proto_path%%.proto}.pb.binary.go - local proto_go_rpcglue_path=${proto_path%%.proto}.rpcglue.pb.go - - local go_proto_out="paths=source_relative" - if is_set "${grpc}" - then - go_proto_out="${go_proto_out},plugins=grpc" - fi - - if test -n "${go_proto_out}" - then - go_proto_out="${go_proto_out}:" - fi - - rm -f "${proto_go_path}" ${proto_go_bin_path}" ${proto_go_rpcglue_path}" - - # How we run protoc probably needs some documentation. - # - # This is the path to where - # -I="${golang_proto_path}/protobuf" \ - local -i ret=0 - status_stage "Generating ${proto_path} into ${proto_go_path} and ${proto_go_bin_path}" - echo "debug_run ${protoc_bin} \ - -I=\"${golang_proto_path}\" \ - -I=\"${golang_proto_mod_path}\" \ - -I=\"${SOURCE_DIR}\" \ - --go_out=\"${go_proto_out}${SOURCE_DIR}\" \ - --go-binary_out=\"${SOURCE_DIR}\" \ - \"${proto_path}\"" - debug_run ${protoc_bin} \ - -I="${golang_proto_path}" \ - -I="${golang_proto_mod_path}" \ - -I="${SOURCE_DIR}" \ - --go_out="${go_proto_out}${SOURCE_DIR}" \ - --go-binary_out="${SOURCE_DIR}" \ - "${proto_path}" - - if test $? -ne 0 - then - err "Failed to run protoc for ${proto_path}" - return 1 - fi - - debug_run protoc-go-inject-tag \ - -input="${proto_go_path}" - - if test $? -ne 0 - then - err "Failed to run protoc-go-inject-tag for ${proto_path}" - return 1 - fi - - BUILD_TAGS=$(head -n 2 "${proto_path}" | grep '^//go:build\|// +build') - if test -n "${BUILD_TAGS}" - then - echo -e "${BUILD_TAGS}\n" >> "${proto_go_bin_path}.new" - cat "${proto_go_bin_path}" >> "${proto_go_bin_path}.new" - mv "${proto_go_bin_path}.new" "${proto_go_bin_path}" - fi - - # note: this has to run after we fix up the build tags above - rm -f "${proto_go_rpcglue_path}" - debug_run go run ./internal/tools/proto-gen-rpc-glue/main.go -path "${proto_go_path}" - if test $? -ne 0 - then - err "Failed to generate consul rpc glue outputs from ${proto_path}" - return 1 - fi - - return 0 -} - -main "$@" -exit $? diff --git a/build-support/scripts/protobuf.sh b/build-support/scripts/protobuf.sh new file mode 100755 index 000000000..fa6e5b79f --- /dev/null +++ b/build-support/scripts/protobuf.sh @@ -0,0 +1,340 @@ +#!/usr/bin/env bash + +readonly SCRIPT_NAME="$(basename ${BASH_SOURCE[0]})" +readonly SCRIPT_DIR="$(dirname "${BASH_SOURCE[0]}")" +readonly SOURCE_DIR="$(dirname "$(dirname "${SCRIPT_DIR}")")" +readonly FN_DIR="$(dirname "${SCRIPT_DIR}")/functions" + +source "${SCRIPT_DIR}/functions.sh" + +unset CDPATH + +set -euo pipefail + +usage() { +cat <<-EOF +Usage: ${SCRIPT_NAME} [] + +Description: + Installs protoc, various supporting Go tools, and then regenerates all Go + files from protobuf definitions. In addition to running the protoc + generator it will also fixup build tags in the generated code and + regenerate mog outputs and RPC stubs. + +Options: + --protoc-version Version of protoc to install. It defaults to what is specified in the makefile. + --tools-only Install all required tools but do not generate outputs. + -h | --help Print this help text. +EOF +} + +function err_usage { + err "$1" + err "" + err "$(usage)" +} + +function main { + local protoc_version= + local tools_only= + + while test $# -gt 0 + do + case "$1" in + -h | --help ) + usage + return 0 + ;; + --protoc-version ) + protoc_version="$2" + shift 2 + ;; + --tools-only ) + tools_only=1 + shift + ;; + esac + done + + if test -z "${protoc_version}" + then + protoc_version="$(make --no-print-directory print-PROTOC_VERSION)" + if test -z "${protoc_version}" + then + err_usage "ERROR: no proto-version specified and version could not be discovered" + return 1 + fi + fi + + # ensure the correct protoc compiler is installed + protoc_install "${protoc_version}" + if test -z "${protoc_bin}" ; then + exit 1 + fi + + # ensure these tools are installed + proto_tools_install + + if [[ -n $tools_only ]]; then + return 0 + fi + + # Compute some data from dependencies in non-local variables. + go mod download + golang_proto_path="$(go list -f '{{ .Dir }}' -m github.com/golang/protobuf)" + # golang_proto_mod_path="$(sed -e 's,\(.*\)github.com.*,\1,' <<< "${golang_proto_path}")" + golang_proto_mod_path="$(go env GOMODCACHE)" + + declare -a proto_files + while IFS= read -r pkg; do + pkg="${pkg#"./"}" + proto_files+=( "$pkg" ) + done < <(find . -name '*.proto' | grep -v 'vendor/' | grep -v '.protobuf' | sort ) + + for proto_file in "${proto_files[@]}"; do + generate_protobuf_code "${proto_file}" + done + + status "Generated all protobuf Go files" + + generate_mog_code + + status "Generated all mog Go files" + + return 0 +} + +# Installs the version of protoc specified by the first argument. +# +# Will set 'protoc_bin' +function protoc_install { + local protoc_version="${1:-}" + local protoc_os + + if test -z "${protoc_version}" + then + protoc_version="$(make --no-print-directory print-PROTOC_VERSION)" + if test -z "${protoc_version}" + then + err "ERROR: no protoc-version specified and version could not be discovered" + return 1 + fi + fi + + case "$(uname)" in + Darwin) + protoc_os="osx" + ;; + Linux) + protoc_os="linux" + ;; + *) + err "unexpected OS: $(uname)" + return 1 + esac + + local protoc_zip="protoc-${protoc_version}-${protoc_os}-x86_64.zip" + local protoc_url="https://github.com/protocolbuffers/protobuf/releases/download/v${protoc_version}/${protoc_zip}" + local protoc_root=".protobuf/protoc-${protoc_os}-${protoc_version}" + # This is updated for use outside of the function. + protoc_bin="${protoc_root}/bin/protoc" + + if [[ -x "${protoc_bin}" ]]; then + status "protocol buffer compiler version already installed: ${protoc_version}" + return 0 + fi + + status_stage "installing protocol buffer compiler version: ${protoc_version}" + + mkdir -p .protobuf/tmp + if [[ ! -f .protobuf/tmp/${protoc_zip} ]]; then \ + ( cd .protobuf/tmp && curl -sSL "${protoc_url}" -o "${protoc_zip}" ) + fi + + mkdir -p "${protoc_root}" + unzip -d "${protoc_root}" ".protobuf/tmp/${protoc_zip}" + chmod -R a+Xr "${protoc_root}" + chmod +x "${protoc_bin}" + + return 0 +} + +function proto_tools_install { + local protoc_gen_go_version + local mog_version + local protoc_go_inject_tag_version + + protoc_gen_go_version="$(grep github.com/golang/protobuf go.mod | awk '{print $2}')" + mog_version="$(make --no-print-directory print-MOG_VERSION)" + protoc_go_inject_tag_version="$(make --no-print-directory print-PROTOC_GO_INJECT_TAG_VERSION)" + + # echo "go: ${protoc_gen_go_version}" + # echo "mog: ${mog_version}" + # echo "tag: ${protoc_go_inject_tag_version}" + + install_versioned_tool \ + 'protoc-gen-go' \ + 'github.com/golang/protobuf' \ + "${protoc_gen_go_version}" \ + 'github.com/golang/protobuf/protoc-gen-go' + + install_unversioned_tool \ + protoc-gen-go-binary \ + 'github.com/hashicorp/protoc-gen-go-binary@master' + + install_versioned_tool \ + 'protoc-go-inject-tag' \ + 'github.com/favadi/protoc-go-inject-tag' \ + "${protoc_go_inject_tag_version}" \ + 'github.com/favadi/protoc-go-inject-tag' + + install_versioned_tool \ + 'mog' \ + 'github.com/hashicorp/mog' \ + "${mog_version}" \ + 'github.com/hashicorp/mog' + + return 0 +} + +function install_unversioned_tool { + local command="$1" + local install="$2" + + if ! command -v "${command}" &>/dev/null ; then + status_stage "installing tool: ${install}" + go install "${install}" + else + debug "skipping tool: ${install} (installed)" + fi + + return 0 +} + +function install_versioned_tool { + local command="$1" + local module="$2" + local version="$3" + local installbase="$4" + + local should_install= + local got + + local expect="${module}@${version}" + local install="${installbase}@${version}" + + if [[ -z "$version" ]]; then + err "cannot install '${command}' no version selected" + return 1 + fi + + if [[ "$version" = "@DEV" ]]; then + if ! command -v "${command}" &>/dev/null ; then + err "dev version of '${command}' requested but not installed" + return 1 + fi + status "skipping tool: ${installbase} (using development version)" + return 0 + fi + + if command -v "${command}" &>/dev/null ; then + got="$(go version -m $(which "${command}") | grep '\bmod\b' | grep "${module}" | + awk '{print $2 "@" $3}')" + if [[ "$expect" != "$got" ]]; then + should_install=1 + fi + else + should_install=1 + fi + + if [[ -n $should_install ]]; then + status_stage "installing tool: ${install}" + go install "${install}" + else + debug "skipping tool: ${install} (installed)" + fi + return 0 +} + +function generate_protobuf_code { + local proto_path="${1:-}" + if [[ -z "${proto_path}" ]]; then + err "missing protobuf path argument" + return 1 + fi + + if [[ -z "${golang_proto_path}" ]]; then + err "golang_proto_path was not set" + return 1 + fi + if [[ -z "${golang_proto_mod_path}" ]]; then + err "golang_proto_mod_path was not set" + return 1 + fi + + local proto_go_path="${proto_path%%.proto}.pb.go" + local proto_go_bin_path="${proto_path%%.proto}.pb.binary.go" + local proto_go_rpcglue_path="${proto_path%%.proto}.rpcglue.pb.go" + + local go_proto_out='paths=source_relative,plugins=grpc:' + + status_stage "Generating ${proto_path} into ${proto_go_path} and ${proto_go_bin_path}" + + rm -f "${proto_go_path}" ${proto_go_bin_path}" ${proto_go_rpcglue_path}" + + print_run ${protoc_bin} \ + -I="${golang_proto_path}" \ + -I="${golang_proto_mod_path}" \ + -I="${SOURCE_DIR}" \ + --go_out="${go_proto_out}${SOURCE_DIR}" \ + --go-binary_out="${SOURCE_DIR}" \ + "${proto_path}" || { + + err "Failed to run protoc for ${proto_path}" + return 1 + } + + print_run protoc-go-inject-tag -input="${proto_go_path}" || { + err "Failed to run protoc-go-inject-tag for ${proto_path}" + return 1 + } + + local build_tags + build_tags="$(head -n 2 "${proto_path}" | grep '^//go:build\|// +build' || true)" + if test -n "${build_tags}"; then + echo -e "${build_tags}\n" >> "${proto_go_bin_path}.new" + cat "${proto_go_bin_path}" >> "${proto_go_bin_path}.new" + mv "${proto_go_bin_path}.new" "${proto_go_bin_path}" + fi + + # NOTE: this has to run after we fix up the build tags above + rm -f "${proto_go_rpcglue_path}" + print_run go run ./internal/tools/proto-gen-rpc-glue/main.go -path "${proto_go_path}" || { + err "Failed to generate consul rpc glue outputs from ${proto_path}" + return 1 + } + + return 0 +} + +function generate_mog_code { + local mog_order + + mog_order="$(go list -tags "${GOTAGS}" -deps ./proto/pb... | grep "consul/proto")" + + for FULL_PKG in ${mog_order}; do + PKG="${FULL_PKG/#github.com\/hashicorp\/consul\/}" + status_stage "Generating ${PKG}/*.pb.go into ${PKG}/*.gen.go with mog" + find "$PKG" -name '*.gen.go' -delete + if [[ -n "${GOTAGS}" ]]; then + print_run mog -tags "${GOTAGS}" -source "./${PKG}/*.pb.go" + else + print_run mog -source "./${PKG}/*.pb.go" + fi + done + + return 0 +} + +main "$@" +exit $? diff --git a/build-support/scripts/release.sh b/build-support/scripts/release.sh index 879fe4320..ca1ccbd2e 100755 --- a/build-support/scripts/release.sh +++ b/build-support/scripts/release.sh @@ -1,14 +1,9 @@ -#!/bin/bash -SCRIPT_NAME="$(basename ${BASH_SOURCE[0]})" -pushd $(dirname ${BASH_SOURCE[0]}) > /dev/null -SCRIPT_DIR=$(pwd) -pushd ../.. > /dev/null -SOURCE_DIR=$(pwd) -popd > /dev/null -pushd ../functions > /dev/null -FN_DIR=$(pwd) -popd > /dev/null -popd > /dev/null +#!/usr/bin/env bash + +readonly SCRIPT_NAME="$(basename ${BASH_SOURCE[0]})" +readonly SCRIPT_DIR="$(dirname "${BASH_SOURCE[0]}")" +readonly SOURCE_DIR="$(dirname "$(dirname "${SCRIPT_DIR}")")" +readonly FN_DIR="$(dirname "${SCRIPT_DIR}")/functions" source "${SCRIPT_DIR}/functions.sh" @@ -153,4 +148,4 @@ function main { main "$@" exit $? - \ No newline at end of file + diff --git a/build-support/scripts/version.sh b/build-support/scripts/version.sh index d7c166f0f..3812cd3f1 100755 --- a/build-support/scripts/version.sh +++ b/build-support/scripts/version.sh @@ -1,14 +1,9 @@ -#!/bin/bash -SCRIPT_NAME="$(basename ${BASH_SOURCE[0]})" -pushd $(dirname ${BASH_SOURCE[0]}) > /dev/null -SCRIPT_DIR=$(pwd) -pushd ../.. > /dev/null -SOURCE_DIR=$(pwd) -popd > /dev/null -pushd ../functions > /dev/null -FN_DIR=$(pwd) -popd > /dev/null -popd > /dev/null +#!/usr/bin/env bash + +readonly SCRIPT_NAME="$(basename ${BASH_SOURCE[0]})" +readonly SCRIPT_DIR="$(dirname "${BASH_SOURCE[0]}")" +readonly SOURCE_DIR="$(dirname "$(dirname "${SCRIPT_DIR}")")" +readonly FN_DIR="$(dirname "${SCRIPT_DIR}")/functions" source "${SCRIPT_DIR}/functions.sh" @@ -89,4 +84,4 @@ function main { main "$@" exit $? - \ No newline at end of file + From e3d2b91e34a247a832f1a28b98823a3b3f29544f Mon Sep 17 00:00:00 2001 From: Dan Upton Date: Tue, 5 Apr 2022 19:16:20 +0100 Subject: [PATCH 081/785] ca: move ConnectCA.Sign authorization logic to CAManager (#12609) OSS sync of enterprise changes at 8d6fd125 --- agent/consul/connect_ca_endpoint.go | 40 +-------------------------- agent/consul/leader_connect_ca.go | 43 +++++++++++++++++++++++++++++ 2 files changed, 44 insertions(+), 39 deletions(-) diff --git a/agent/consul/connect_ca_endpoint.go b/agent/consul/connect_ca_endpoint.go index bf68611fc..c325ff123 100644 --- a/agent/consul/connect_ca_endpoint.go +++ b/agent/consul/connect_ca_endpoint.go @@ -8,7 +8,6 @@ import ( "github.com/hashicorp/go-hclog" "github.com/hashicorp/go-memdb" - "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/connect" "github.com/hashicorp/consul/agent/consul/state" "github.com/hashicorp/consul/agent/structs" @@ -145,54 +144,17 @@ func (s *ConnectCA) Sign( return err } - // Parse the CSR csr, err := connect.ParseCSR(args.CSR) if err != nil { return err } - // Parse the SPIFFE ID - spiffeID, err := connect.ParseCertURI(csr.URIs[0]) - if err != nil { - return err - } - - // Verify that the ACL token provided has permission to act as this service authz, err := s.srv.ResolveToken(args.Token) if err != nil { return err } - var authzContext acl.AuthorizerContext - var entMeta structs.EnterpriseMeta - - serviceID, isService := spiffeID.(*connect.SpiffeIDService) - agentID, isAgent := spiffeID.(*connect.SpiffeIDAgent) - if !isService && !isAgent { - return fmt.Errorf("SPIFFE ID in CSR must be a service or agent ID") - } - - if isService { - entMeta.Merge(serviceID.GetEnterpriseMeta()) - entMeta.FillAuthzContext(&authzContext) - if err := authz.ToAllowAuthorizer().ServiceWriteAllowed(serviceID.Service, &authzContext); err != nil { - return err - } - - // Verify that the DC in the service URI matches us. We might relax this - // requirement later but being restrictive for now is safer. - if serviceID.Datacenter != s.srv.config.Datacenter { - return fmt.Errorf("SPIFFE ID in CSR from a different datacenter: %s, "+ - "we are %s", serviceID.Datacenter, s.srv.config.Datacenter) - } - } else if isAgent { - agentID.GetEnterpriseMeta().FillAuthzContext(&authzContext) - if err := authz.ToAllowAuthorizer().NodeWriteAllowed(agentID.Agent, &authzContext); err != nil { - return err - } - } - - cert, err := s.srv.caManager.SignCertificate(csr, spiffeID) + cert, err := s.srv.caManager.AuthorizeAndSignCertificate(csr, authz) if err != nil { return err } diff --git a/agent/consul/leader_connect_ca.go b/agent/consul/leader_connect_ca.go index ed5587ff5..899ff494a 100644 --- a/agent/consul/leader_connect_ca.go +++ b/agent/consul/leader_connect_ca.go @@ -15,6 +15,7 @@ import ( uuid "github.com/hashicorp/go-uuid" "golang.org/x/time/rate" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/lib/semaphore" "github.com/hashicorp/consul/agent/connect" @@ -1375,6 +1376,48 @@ func (l *connectSignRateLimiter) getCSRRateLimiterWithLimit(limit rate.Limit) *r return l.csrRateLimiter } +// AuthorizeAndSignCertificate signs a leaf certificate for the service or agent +// identified by the SPIFFE ID in the given CSR's SAN. It performs authorization +// using the given acl.Authorizer. +func (c *CAManager) AuthorizeAndSignCertificate(csr *x509.CertificateRequest, authz acl.Authorizer) (*structs.IssuedCert, error) { + // Parse the SPIFFE ID from the CSR SAN. + if len(csr.URIs) == 0 { + return nil, errors.New("CSR SAN does not contain a SPIFFE ID") + } + spiffeID, err := connect.ParseCertURI(csr.URIs[0]) + if err != nil { + return nil, err + } + + // Perform authorization. + var authzContext acl.AuthorizerContext + allow := authz.ToAllowAuthorizer() + switch v := spiffeID.(type) { + case *connect.SpiffeIDService: + v.GetEnterpriseMeta().FillAuthzContext(&authzContext) + if err := allow.ServiceWriteAllowed(v.Service, &authzContext); err != nil { + return nil, err + } + + // Verify that the DC in the service URI matches us. We might relax this + // requirement later but being restrictive for now is safer. + dc := c.serverConf.Datacenter + if v.Datacenter != dc { + return nil, fmt.Errorf("SPIFFE ID in CSR from a different datacenter: %s, "+ + "we are %s", v.Datacenter, dc) + } + case *connect.SpiffeIDAgent: + v.GetEnterpriseMeta().FillAuthzContext(&authzContext) + if err := allow.NodeWriteAllowed(v.Agent, &authzContext); err != nil { + return nil, err + } + default: + return nil, errors.New("SPIFFE ID in CSR must be a service or agent ID") + } + + return c.SignCertificate(csr, spiffeID) +} + func (c *CAManager) SignCertificate(csr *x509.CertificateRequest, spiffeID connect.CertURI) (*structs.IssuedCert, error) { provider, caRoot := c.getCAProvider() if provider == nil { From e1b013d8356772e322173410f76ac8c2eb8e1f8f Mon Sep 17 00:00:00 2001 From: weichuliu Date: Wed, 6 Apr 2022 03:17:53 +0900 Subject: [PATCH 082/785] routine: fix that acl stops replicating after regaining leadership (#12295) (#12565) * routine: fix that acl stops replicating after regaining leadership (#12295) * routine: add TestManager_StopBlocking (#12295) * routine: update TestManager_StopBlocking (#12295) --- lib/routine/routine.go | 20 +++++++++++--- lib/routine/routine_test.go | 55 +++++++++++++++++++++++++++++++++++++ 2 files changed, 71 insertions(+), 4 deletions(-) diff --git a/lib/routine/routine.go b/lib/routine/routine.go index 48fc2aef4..cf1ab1c0d 100644 --- a/lib/routine/routine.go +++ b/lib/routine/routine.go @@ -10,15 +10,22 @@ import ( type Routine func(ctx context.Context) error +// cancelCh is the ctx.Done() +// When cancel() is called, if the routine is running a blocking call (e.g. some ACL replication RPCs), +// stoppedCh won't be closed till the blocking call returns, while cancelCh will be closed immediately. +// cancelCh is used to properly detect routine running status between cancel() and close(stoppedCh) type routineTracker struct { cancel context.CancelFunc - stoppedCh chan struct{} // closed when no longer running + cancelCh <-chan struct{} // closed when ctx is done + stoppedCh chan struct{} // closed when no longer running } func (r *routineTracker) running() bool { select { case <-r.stoppedCh: return false + case <-r.cancelCh: + return false default: return true } @@ -74,6 +81,7 @@ func (m *Manager) Start(ctx context.Context, name string, routine Routine) error rtCtx, cancel := context.WithCancel(ctx) instance := &routineTracker{ cancel: cancel, + cancelCh: ctx.Done(), stoppedCh: make(chan struct{}), } @@ -97,10 +105,14 @@ func (m *Manager) execute(ctx context.Context, name string, routine Routine, don "error", err, ) } else { - m.logger.Debug("stopped routine", "routine", name) + m.logger.Info("stopped routine", "routine", name) } } +// Caveat: The returned stoppedCh indicates that the routine is completed +// It's possible that ctx is canceled, but stoppedCh not yet closed +// Use mgr.IsRunning(name) than this stoppedCh to tell whether the +// instance is still running (not cancelled or completed). func (m *Manager) Stop(name string) <-chan struct{} { instance := m.stopInstance(name) if instance == nil { @@ -127,7 +139,7 @@ func (m *Manager) stopInstance(name string) *routineTracker { return instance } - m.logger.Debug("stopping routine", "routine", name) + m.logger.Info("stopping routine", "routine", name) instance.cancel() delete(m.routines, name) @@ -145,7 +157,7 @@ func (m *Manager) StopAll() { if !routine.running() { continue } - m.logger.Debug("stopping routine", "routine", name) + m.logger.Info("stopping routine", "routine", name) routine.cancel() } } diff --git a/lib/routine/routine_test.go b/lib/routine/routine_test.go index 1bfdfa219..61eb15ccd 100644 --- a/lib/routine/routine_test.go +++ b/lib/routine/routine_test.go @@ -99,3 +99,58 @@ func TestManager_StopAll(t *testing.T) { require.False(r, mgr.IsRunning("run2")) }) } + +// Test IsRunning when routine is a blocking call that does not +// immediately return when cancelled +func TestManager_StopBlocking(t *testing.T) { + t.Parallel() + var runs uint32 + var running uint32 + unblock := make(chan struct{}) // To simulate a blocking call + mgr := NewManager(testutil.Logger(t)) + + // A routine that will be still running for a while after cancelled + run := func(ctx context.Context) error { + atomic.StoreUint32(&running, 1) + defer atomic.StoreUint32(&running, 0) + atomic.AddUint32(&runs, 1) + <-ctx.Done() + <-unblock + return nil + } + + require.NoError(t, mgr.Start(context.Background(), "blocking", run)) + retry.Run(t, func(r *retry.R) { + require.True(r, mgr.IsRunning("blocking")) + require.Equal(r, uint32(1), atomic.LoadUint32(&runs)) + require.Equal(r, uint32(1), atomic.LoadUint32(&running)) + }) + + doneCh := mgr.Stop("blocking") + + // IsRunning should return false, however &running is still 1 + retry.Run(t, func(r *retry.R) { + require.False(r, mgr.IsRunning("blocking")) + require.Equal(r, uint32(1), atomic.LoadUint32(&running)) + }) + + // New routine should be able to replace old "cancelled but running" routine. + require.NoError(t, mgr.Start(context.Background(), "blocking", func(ctx context.Context) error { + <-ctx.Done() + return nil + })) + defer mgr.Stop("blocking") + + retry.Run(t, func(r *retry.R) { + require.True(r, mgr.IsRunning("blocking")) // New routine + require.Equal(r, uint32(1), atomic.LoadUint32(&running)) // Old routine + }) + + // Complete the blocking routine + close(unblock) + <-doneCh + + retry.Run(t, func(r *retry.R) { + require.Equal(r, uint32(0), atomic.LoadUint32(&running)) + }) +} From 9d67f346140afed6f610e06ec9a5ce4ff7d7f5c7 Mon Sep 17 00:00:00 2001 From: Matt Keeler Date: Tue, 5 Apr 2022 15:55:14 -0400 Subject: [PATCH 083/785] Creating a changelog entry for #12565 (#12699) --- .changelog/12565.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 .changelog/12565.txt diff --git a/.changelog/12565.txt b/.changelog/12565.txt new file mode 100644 index 000000000..d7ad635fc --- /dev/null +++ b/.changelog/12565.txt @@ -0,0 +1,3 @@ +```release-note:bug +replication: Fixed a bug which could prevent ACL replication from continuing successfully after a leader election. +``` From 12523197f934e30457300ed805492f51c887c1cb Mon Sep 17 00:00:00 2001 From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com> Date: Tue, 5 Apr 2022 15:46:56 -0500 Subject: [PATCH 084/785] syncing changes back from enterprise (#12701) --- acl/policy_merger.go | 2 ++ agent/delegate_mock_test.go | 4 ++-- api/acl_test.go | 8 ++++++-- .../acl/authmethod/create/authmethod_create_test.go | 12 +++++++++--- .../acl/authmethod/update/authmethod_update_test.go | 10 +++++++--- command/connect/expose/expose_test.go | 7 +++++-- test/integration/connect/envoy/case-basic/capture.sh | 4 ++++ test/integration/connect/envoy/case-http/capture.sh | 4 ++++ 8 files changed, 39 insertions(+), 12 deletions(-) create mode 100644 test/integration/connect/envoy/case-basic/capture.sh create mode 100644 test/integration/connect/envoy/case-http/capture.sh diff --git a/acl/policy_merger.go b/acl/policy_merger.go index cceb62dd9..d4a454bc1 100644 --- a/acl/policy_merger.go +++ b/acl/policy_merger.go @@ -19,6 +19,8 @@ type policyRulesMergeContext struct { servicePrefixRules map[string]*ServiceRule sessionRules map[string]*SessionRule sessionPrefixRules map[string]*SessionRule + // namespaceRule is an enterprise-only field + namespaceRule string } func (p *policyRulesMergeContext) init() { diff --git a/agent/delegate_mock_test.go b/agent/delegate_mock_test.go index d2c6e267c..36b32f689 100644 --- a/agent/delegate_mock_test.go +++ b/agent/delegate_mock_test.go @@ -47,9 +47,9 @@ func (m *delegateMock) RemoveFailedNode(node string, prune bool, entMeta *struct return m.Called(node, prune, entMeta).Error(0) } -func (m *delegateMock) ResolveTokenAndDefaultMeta(token string, entMeta *structs.EnterpriseMeta, authzContext *acl.AuthorizerContext) (acl.Authorizer, error) { +func (m *delegateMock) ResolveTokenAndDefaultMeta(token string, entMeta *structs.EnterpriseMeta, authzContext *acl.AuthorizerContext) (consul.ACLResolveResult, error) { ret := m.Called(token, entMeta, authzContext) - return ret.Get(0).(acl.Authorizer), ret.Error(1) + return ret.Get(0).(consul.ACLResolveResult), ret.Error(1) } func (m *delegateMock) RPC(method string, args interface{}, reply interface{}) error { diff --git a/api/acl_test.go b/api/acl_test.go index 59c9bc315..6177a5c3f 100644 --- a/api/acl_test.go +++ b/api/acl_test.go @@ -237,6 +237,10 @@ func prepTokenPolicies(t *testing.T, acl *ACL) (policies []*ACLPolicy) { } func prepTokenPoliciesInPartition(t *testing.T, acl *ACL, partition string) (policies []*ACLPolicy) { + datacenters := []string{"dc1", "dc2"} + if partition != "" && partition != "default" { + datacenters = []string{"dc1"} + } var wqPart *WriteOptions if partition != "" { wqPart = &WriteOptions{Partition: partition} @@ -245,7 +249,7 @@ func prepTokenPoliciesInPartition(t *testing.T, acl *ACL, partition string) (pol Name: "one", Description: "one description", Rules: `acl = "read"`, - Datacenters: []string{"dc1", "dc2"}, + Datacenters: datacenters, }, wqPart) require.NoError(t, err) @@ -256,7 +260,7 @@ func prepTokenPoliciesInPartition(t *testing.T, acl *ACL, partition string) (pol Name: "two", Description: "two description", Rules: `node_prefix "" { policy = "read" }`, - Datacenters: []string{"dc1", "dc2"}, + Datacenters: datacenters, }, wqPart) require.NoError(t, err) diff --git a/command/acl/authmethod/create/authmethod_create_test.go b/command/acl/authmethod/create/authmethod_create_test.go index 0e45e624d..03bdcd1e8 100644 --- a/command/acl/authmethod/create/authmethod_create_test.go +++ b/command/acl/authmethod/create/authmethod_create_test.go @@ -9,15 +9,16 @@ import ( "testing" "time" + "github.com/hashicorp/go-uuid" + "github.com/mitchellh/cli" + "github.com/stretchr/testify/require" + "github.com/hashicorp/consul/agent" "github.com/hashicorp/consul/agent/connect" "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/command/acl" "github.com/hashicorp/consul/sdk/testutil" "github.com/hashicorp/consul/testrpc" - "github.com/hashicorp/go-uuid" - "github.com/mitchellh/cli" - "github.com/stretchr/testify/require" // activate testing auth method _ "github.com/hashicorp/consul/agent/consul/authmethod/testauth" @@ -293,6 +294,7 @@ func TestAuthMethodCreateCommand_JSON(t *testing.T) { delete(raw, "CreateIndex") delete(raw, "ModifyIndex") delete(raw, "Namespace") + delete(raw, "Partition") require.Equal(t, map[string]interface{}{ "Name": name, @@ -342,6 +344,7 @@ func TestAuthMethodCreateCommand_JSON(t *testing.T) { delete(raw, "CreateIndex") delete(raw, "ModifyIndex") delete(raw, "Namespace") + delete(raw, "Partition") require.Equal(t, map[string]interface{}{ "Name": name, @@ -613,6 +616,9 @@ func getTestMethod(t *testing.T, client *api.Client, methodName string) *api.ACL if method.Namespace == "default" { method.Namespace = "" } + if method.Partition == "default" { + method.Partition = "" + } return method } diff --git a/command/acl/authmethod/update/authmethod_update_test.go b/command/acl/authmethod/update/authmethod_update_test.go index 8ebde83cd..263f0b774 100644 --- a/command/acl/authmethod/update/authmethod_update_test.go +++ b/command/acl/authmethod/update/authmethod_update_test.go @@ -8,15 +8,16 @@ import ( "strings" "testing" + "github.com/hashicorp/go-uuid" + "github.com/mitchellh/cli" + "github.com/stretchr/testify/require" + "github.com/hashicorp/consul/agent" "github.com/hashicorp/consul/agent/connect" "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/command/acl" "github.com/hashicorp/consul/sdk/testutil" "github.com/hashicorp/consul/testrpc" - "github.com/hashicorp/go-uuid" - "github.com/mitchellh/cli" - "github.com/stretchr/testify/require" // activate testing auth method _ "github.com/hashicorp/consul/agent/consul/authmethod/testauth" @@ -941,6 +942,9 @@ func getTestMethod(t *testing.T, client *api.Client, methodName string) *api.ACL if method.Namespace == "default" { method.Namespace = "" } + if method.Partition == "default" { + method.Partition = "" + } return method } diff --git a/command/connect/expose/expose_test.go b/command/connect/expose/expose_test.go index fa9c38de8..61434d6d1 100644 --- a/command/connect/expose/expose_test.go +++ b/command/connect/expose/expose_test.go @@ -3,11 +3,12 @@ package expose import ( "testing" + "github.com/mitchellh/cli" + "github.com/stretchr/testify/require" + "github.com/hashicorp/consul/agent" "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/testrpc" - "github.com/mitchellh/cli" - "github.com/stretchr/testify/require" ) func TestConnectExpose(t *testing.T) { @@ -47,6 +48,7 @@ func TestConnectExpose(t *testing.T) { Kind: api.IngressGateway, Name: "ingress", Namespace: ns, + Partition: ap, Listeners: []api.IngressListener{ { Port: 8888, @@ -280,6 +282,7 @@ func TestConnectExpose_existingConfig(t *testing.T) { }, }, }) + ingressConf.Partition = entryConf.Partition ingressConf.Namespace = entryConf.Namespace for i, listener := range ingressConf.Listeners { listener.Services[0].Namespace = entryConf.Listeners[i].Services[0].Namespace diff --git a/test/integration/connect/envoy/case-basic/capture.sh b/test/integration/connect/envoy/case-basic/capture.sh new file mode 100644 index 000000000..1a11f7d5e --- /dev/null +++ b/test/integration/connect/envoy/case-basic/capture.sh @@ -0,0 +1,4 @@ +#!/bin/bash + +snapshot_envoy_admin localhost:19000 s1 primary || true +snapshot_envoy_admin localhost:19001 s2 primary || true diff --git a/test/integration/connect/envoy/case-http/capture.sh b/test/integration/connect/envoy/case-http/capture.sh new file mode 100644 index 000000000..1a11f7d5e --- /dev/null +++ b/test/integration/connect/envoy/case-http/capture.sh @@ -0,0 +1,4 @@ +#!/bin/bash + +snapshot_envoy_admin localhost:19000 s1 primary || true +snapshot_envoy_admin localhost:19001 s2 primary || true From 67bedd02cc51ad31d1a201663fbd5cbfd91248f3 Mon Sep 17 00:00:00 2001 From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com> Date: Tue, 5 Apr 2022 16:01:02 -0500 Subject: [PATCH 085/785] build: remove unused tools from being installed (#12671) --- GNUmakefile | 2 -- build-support/docker/Build-Go.dockerfile | 18 ++---------------- 2 files changed, 2 insertions(+), 18 deletions(-) diff --git a/GNUmakefile b/GNUmakefile index 36ef83b2c..2fd96a9ec 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -5,8 +5,6 @@ SHELL = bash GOTOOLS = \ github.com/elazarl/go-bindata-assetfs/go-bindata-assetfs@master \ github.com/hashicorp/go-bindata/go-bindata@master \ - golang.org/x/tools/cmd/cover@master \ - golang.org/x/tools/cmd/stringer@master \ github.com/vektra/mockery/cmd/mockery@master \ github.com/golangci/golangci-lint/cmd/golangci-lint@v1.40.1 \ github.com/hashicorp/lint-consul-retry@master diff --git a/build-support/docker/Build-Go.dockerfile b/build-support/docker/Build-Go.dockerfile index 7d82dbef9..39fc6df5c 100644 --- a/build-support/docker/Build-Go.dockerfile +++ b/build-support/docker/Build-Go.dockerfile @@ -1,21 +1,7 @@ ARG GOLANG_VERSION=1.17.5 FROM golang:${GOLANG_VERSION} -ARG GOTOOLS="github.com/elazarl/go-bindata-assetfs/... \ - github.com/hashicorp/go-bindata/... \ - golang.org/x/tools/cmd/cover \ - golang.org/x/tools/cmd/stringer \ - github.com/axw/gocov/gocov \ - gopkg.in/matm/v1/gocov-html" - -RUN mkdir -p .gotools && \ - cd .gotools && \ - for tool in ${GOTOOLS}; do \ - echo "=== TOOL: ${tool}" ; \ - rm -rf go.mod go.sum ; \ - go mod init consul-tools ; \ - go get -v "${tool}" ; \ - done && \ - rm -rf go.mod go.sum +RUN go install github.com/elazarl/go-bindata-assetfs/go-bindata-assetfs@master +RUN go install github.com/hashicorp/go-bindata/go-bindata@master WORKDIR /consul From 497b300c766b366b1abe8411ca298c6560f6256d Mon Sep 17 00:00:00 2001 From: Mark Anderson Date: Fri, 11 Mar 2022 19:51:24 -0800 Subject: [PATCH 086/785] add new entmeta stuff. Signed-off-by: Mark Anderson --- acl/acl_oss.go | 5 + acl/enterprisemeta_oss.go | 108 ++++++++++++++++++++++ agent/structs/structs.go | 4 +- agent/structs/structs_oss.go | 148 ++++++------------------------ agent/structs/structs_oss_test.go | 14 +-- 5 files changed, 153 insertions(+), 126 deletions(-) create mode 100644 acl/enterprisemeta_oss.go diff --git a/acl/acl_oss.go b/acl/acl_oss.go index 9c62c5bdb..ca2974e4e 100644 --- a/acl/acl_oss.go +++ b/acl/acl_oss.go @@ -5,6 +5,11 @@ package acl const DefaultPartitionName = "" +// Reviewer Note: This is a little bit strange; one might want it to be "" like partition name +// However in consul/structs/intention.go we define IntentionDefaultNamespace as 'default' and so +// we use the same here +const DefaultNamespaceName = "default" + type EnterpriseConfig struct { // no fields in OSS } diff --git a/acl/enterprisemeta_oss.go b/acl/enterprisemeta_oss.go new file mode 100644 index 000000000..2296fdd43 --- /dev/null +++ b/acl/enterprisemeta_oss.go @@ -0,0 +1,108 @@ +//go:build !consulent +// +build !consulent + +package acl + +import "hash" + +var emptyEnterpriseMeta = EnterpriseMeta{} + +// EnterpriseMeta stub +type EnterpriseMeta struct{} + +func (m *EnterpriseMeta) ToEnterprisePolicyMeta() *EnterprisePolicyMeta { + return nil +} + +func DefaultEnterpriseMeta() *EnterpriseMeta { + return &EnterpriseMeta{} +} + +func WildcardEnterpriseMeta() *EnterpriseMeta { + return &EnterpriseMeta{} +} + +func (m *EnterpriseMeta) EstimateSize() int { + return 0 +} + +func (m *EnterpriseMeta) AddToHash(_ hash.Hash, _ bool) { + // do nothing +} + +func (m *EnterpriseMeta) PartitionOrDefault() string { + return "default" +} + +func EqualPartitions(_, _ string) bool { + return true +} + +func IsDefaultPartition(partition string) bool { + return true +} + +func PartitionOrDefault(_ string) string { + return "default" +} + +func (m *EnterpriseMeta) PartitionOrEmpty() string { + return "" +} + +func (m *EnterpriseMeta) InDefaultPartition() bool { + return true +} + +func (m *EnterpriseMeta) NamespaceOrDefault() string { + return DefaultNamespaceName +} + +func NamespaceOrDefault(_ string) string { + return DefaultNamespaceName +} + +func (m *EnterpriseMeta) NamespaceOrEmpty() string { + return "" +} + +func (m *EnterpriseMeta) InDefaultNamespace() bool { + return true +} + +func (m *EnterpriseMeta) Merge(_ *EnterpriseMeta) { + // do nothing +} + +func (m *EnterpriseMeta) MergeNoWildcard(_ *EnterpriseMeta) { + // do nothing +} + +func (_ *EnterpriseMeta) Normalize() {} + +func (m *EnterpriseMeta) Matches(_ *EnterpriseMeta) bool { + return true +} + +func (m *EnterpriseMeta) IsSame(_ *EnterpriseMeta) bool { + return true +} + +func (m *EnterpriseMeta) LessThan(_ *EnterpriseMeta) bool { + return false +} + +func (m *EnterpriseMeta) WithWildcardNamespace() *EnterpriseMeta { + return &emptyEnterpriseMeta +} + +func (m *EnterpriseMeta) UnsetPartition() { + // do nothing +} + +func NewEnterpriseMetaWithPartition(_, _ string) EnterpriseMeta { + return emptyEnterpriseMeta +} + +// FillAuthzContext stub +func (_ *EnterpriseMeta) FillAuthzContext(_ *AuthorizerContext) {} diff --git a/agent/structs/structs.go b/agent/structs/structs.go index 1a678f5c0..9ea65fc3a 100644 --- a/agent/structs/structs.go +++ b/agent/structs/structs.go @@ -1896,13 +1896,13 @@ type CheckID struct { EnterpriseMeta } -// NamespaceOrDefault exists because structs.EnterpriseMeta uses a pointer +// NamespaceOrDefault exists because acl.EnterpriseMeta uses a pointer // receiver for this method. Remove once that is fixed. func (c CheckID) NamespaceOrDefault() string { return c.EnterpriseMeta.NamespaceOrDefault() } -// PartitionOrDefault exists because structs.EnterpriseMeta uses a pointer +// PartitionOrDefault exists because acl.EnterpriseMeta uses a pointer // receiver for this method. Remove once that is fixed. func (c CheckID) PartitionOrDefault() string { return c.EnterpriseMeta.PartitionOrDefault() diff --git a/agent/structs/structs_oss.go b/agent/structs/structs_oss.go index 669361802..bf911f5a8 100644 --- a/agent/structs/structs_oss.go +++ b/agent/structs/structs_oss.go @@ -4,158 +4,70 @@ package structs import ( - "hash" - "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/types" ) -var emptyEnterpriseMeta = EnterpriseMeta{} - -// EnterpriseMeta stub -type EnterpriseMeta struct{} - -func (m *EnterpriseMeta) ToEnterprisePolicyMeta() *acl.EnterprisePolicyMeta { - return nil -} - -func (m *EnterpriseMeta) estimateSize() int { - return 0 -} - -func (m *EnterpriseMeta) addToHash(_ hash.Hash, _ bool) { - // do nothing -} - -func (m *EnterpriseMeta) Merge(_ *EnterpriseMeta) { - // do nothing -} - -func (m *EnterpriseMeta) MergeNoWildcard(_ *EnterpriseMeta) { - // do nothing -} - -func (m *EnterpriseMeta) Matches(_ *EnterpriseMeta) bool { - return true -} - -func (m *EnterpriseMeta) IsSame(_ *EnterpriseMeta) bool { - return true -} - -func (m *EnterpriseMeta) LessThan(_ *EnterpriseMeta) bool { - return false -} - -func (m *EnterpriseMeta) WithWildcardNamespace() *EnterpriseMeta { - return &emptyEnterpriseMeta -} - -func (m *EnterpriseMeta) UnsetPartition() { - // do nothing -} +// TODO(acl-move-enterprise-meta) sync this with enterprise +var emptyEnterpriseMeta = acl.EnterpriseMeta{} // TODO(partition): stop using this -func NewEnterpriseMetaInDefaultPartition(_ string) EnterpriseMeta { +func NewEnterpriseMetaInDefaultPartition(_ string) acl.EnterpriseMeta { return emptyEnterpriseMeta } -func NewEnterpriseMetaWithPartition(_, _ string) EnterpriseMeta { - return emptyEnterpriseMeta -} - -func (m *EnterpriseMeta) NamespaceOrDefault() string { - return IntentionDefaultNamespace -} - -func NamespaceOrDefault(_ string) string { - return IntentionDefaultNamespace -} - -func (m *EnterpriseMeta) NamespaceOrEmpty() string { - return "" -} - -func (m *EnterpriseMeta) InDefaultNamespace() bool { - return true -} - -func (m *EnterpriseMeta) PartitionOrDefault() string { - return "default" -} - -func EqualPartitions(_, _ string) bool { - return true -} - -func IsDefaultPartition(partition string) bool { - return true -} - -func PartitionOrDefault(_ string) string { - return "default" -} - -func (m *EnterpriseMeta) PartitionOrEmpty() string { - return "" -} - -func (m *EnterpriseMeta) InDefaultPartition() bool { - return true -} - // ReplicationEnterpriseMeta stub -func ReplicationEnterpriseMeta() *EnterpriseMeta { +func ReplicationEnterpriseMeta() *acl.EnterpriseMeta { return &emptyEnterpriseMeta } // TODO(partition): stop using this -func DefaultEnterpriseMetaInDefaultPartition() *EnterpriseMeta { +func WildcardEnterpriseMetaInDefaultPartition() *acl.EnterpriseMeta { + return &emptyEnterpriseMeta +} + +// TODO(partition): stop using this +func DefaultEnterpriseMetaInDefaultPartition() *acl.EnterpriseMeta { return &emptyEnterpriseMeta } // DefaultEnterpriseMetaInPartition stub -func DefaultEnterpriseMetaInPartition(_ string) *EnterpriseMeta { - return &emptyEnterpriseMeta -} - -func NodeEnterpriseMetaInPartition(_ string) *EnterpriseMeta { - return &emptyEnterpriseMeta -} - -// TODO(partition): stop using this -func NodeEnterpriseMetaInDefaultPartition() *EnterpriseMeta { - return &emptyEnterpriseMeta -} - -// TODO(partition): stop using this -func WildcardEnterpriseMetaInDefaultPartition() *EnterpriseMeta { +func DefaultEnterpriseMetaInPartition(_ string) *acl.EnterpriseMeta { return &emptyEnterpriseMeta } // WildcardEnterpriseMetaInPartition stub -func WildcardEnterpriseMetaInPartition(_ string) *EnterpriseMeta { +func WildcardEnterpriseMetaInPartition(_ string) *acl.EnterpriseMeta { + return &emptyEnterpriseMeta +} + +func NewEnterpriseMetaWithPartition(_, _ string) acl.EnterpriseMeta { + return emptyEnterpriseMeta +} + +func NodeEnterpriseMetaInPartition(_ string) *acl.EnterpriseMeta { + return &emptyEnterpriseMeta +} + +// TODO(partition): stop using this +func NodeEnterpriseMetaInDefaultPartition() *acl.EnterpriseMeta { return &emptyEnterpriseMeta } // FillAuthzContext stub -func (_ *EnterpriseMeta) FillAuthzContext(_ *acl.AuthorizerContext) {} - func (_ *Node) FillAuthzContext(_ *acl.AuthorizerContext) {} func (_ *Coordinate) FillAuthzContext(_ *acl.AuthorizerContext) {} func (_ *NodeInfo) FillAuthzContext(_ *acl.AuthorizerContext) {} -func (_ *EnterpriseMeta) Normalize() {} - // FillAuthzContext stub func (_ *DirEntry) FillAuthzContext(_ *acl.AuthorizerContext) {} // FillAuthzContext stub func (_ *RegisterRequest) FillAuthzContext(_ *acl.AuthorizerContext) {} -func (_ *RegisterRequest) GetEnterpriseMeta() *EnterpriseMeta { +func (_ *RegisterRequest) GetEnterpriseMeta() *acl.EnterpriseMeta { return nil } @@ -168,15 +80,15 @@ func (_ *TxnServiceOp) FillAuthzContext(_ *acl.AuthorizerContext) {} // OSS Stub func (_ *TxnCheckOp) FillAuthzContext(_ *acl.AuthorizerContext) {} -func NodeNameString(node string, _ *EnterpriseMeta) string { +func NodeNameString(node string, _ *acl.EnterpriseMeta) string { return node } -func ServiceIDString(id string, _ *EnterpriseMeta) string { +func ServiceIDString(id string, _ *acl.EnterpriseMeta) string { return id } -func ParseServiceIDString(input string) (string, *EnterpriseMeta) { +func ParseServiceIDString(input string) (string, *acl.EnterpriseMeta) { return input, DefaultEnterpriseMetaInDefaultPartition() } @@ -189,7 +101,7 @@ func ServiceIDFromString(input string) ServiceID { return ServiceID{ID: id} } -func ParseServiceNameString(input string) (string, *EnterpriseMeta) { +func ParseServiceNameString(input string) (string, *acl.EnterpriseMeta) { return input, DefaultEnterpriseMetaInDefaultPartition() } diff --git a/agent/structs/structs_oss_test.go b/agent/structs/structs_oss_test.go index 28b6e3797..54bbb0f2f 100644 --- a/agent/structs/structs_oss_test.go +++ b/agent/structs/structs_oss_test.go @@ -8,39 +8,41 @@ import ( "testing" "github.com/stretchr/testify/require" + + "github.com/hashicorp/consul/acl" ) var enterpriseMetaField = "EnterpriseMeta" func TestServiceID_String(t *testing.T) { t.Run("value", func(t *testing.T) { - sid := NewServiceID("the-id", &EnterpriseMeta{}) + sid := NewServiceID("the-id", &acl.EnterpriseMeta{}) require.Equal(t, "the-id", fmt.Sprintf("%v", sid)) }) t.Run("pointer", func(t *testing.T) { - sid := NewServiceID("the-id", &EnterpriseMeta{}) + sid := NewServiceID("the-id", &acl.EnterpriseMeta{}) require.Equal(t, "the-id", fmt.Sprintf("%v", &sid)) }) } func TestCheckID_String(t *testing.T) { t.Run("value", func(t *testing.T) { - cid := NewCheckID("the-id", &EnterpriseMeta{}) + cid := NewCheckID("the-id", &acl.EnterpriseMeta{}) require.Equal(t, "the-id", fmt.Sprintf("%v", cid)) }) t.Run("pointer", func(t *testing.T) { - cid := NewCheckID("the-id", &EnterpriseMeta{}) + cid := NewCheckID("the-id", &acl.EnterpriseMeta{}) require.Equal(t, "the-id", fmt.Sprintf("%v", &cid)) }) } func TestServiceName_String(t *testing.T) { t.Run("value", func(t *testing.T) { - sn := NewServiceName("the-id", &EnterpriseMeta{}) + sn := NewServiceName("the-id", &acl.EnterpriseMeta{}) require.Equal(t, "the-id", fmt.Sprintf("%v", sn)) }) t.Run("pointer", func(t *testing.T) { - sn := NewServiceName("the-id", &EnterpriseMeta{}) + sn := NewServiceName("the-id", &acl.EnterpriseMeta{}) require.Equal(t, "the-id", fmt.Sprintf("%v", &sn)) }) } From 0905c1d83d36a01c5dfbf7e35b50e118146144e1 Mon Sep 17 00:00:00 2001 From: Mark Anderson Date: Sat, 12 Mar 2022 19:55:53 -0800 Subject: [PATCH 087/785] Manual Structs fixup Change things by hand that I couldn't figure out how to automate Signed-off-by: Mark Anderson --- agent/structs/acl.go | 75 +++++++------ agent/structs/acl_oss.go | 10 +- agent/structs/catalog.go | 3 +- agent/structs/check_definition.go | 3 +- agent/structs/config_entry.go | 28 ++--- agent/structs/config_entry_discoverychain.go | 20 ++-- .../config_entry_discoverychain_oss.go | 16 ++- agent/structs/config_entry_exports.go | 8 +- agent/structs/config_entry_gateways.go | 18 +-- agent/structs/config_entry_intentions.go | 10 +- agent/structs/config_entry_intentions_oss.go | 6 +- agent/structs/config_entry_mesh.go | 6 +- agent/structs/config_entry_oss.go | 4 +- agent/structs/config_entry_test.go | 2 +- agent/structs/connect.go | 4 +- agent/structs/connect_ca.go | 3 +- agent/structs/connect_proxy_config_oss.go | 6 +- agent/structs/discovery_chain.go | 3 +- agent/structs/discovery_chain_oss.go | 6 +- agent/structs/identity.go | 4 +- agent/structs/intention.go | 6 +- agent/structs/intention_oss.go | 12 +- agent/structs/prepared_query.go | 8 +- agent/structs/service_definition.go | 3 +- agent/structs/structs.go | 104 +++++++++--------- agent/structs/testing_connect_proxy_config.go | 8 +- 26 files changed, 204 insertions(+), 172 deletions(-) diff --git a/agent/structs/acl.go b/agent/structs/acl.go index 9e79ecb56..f516e0a6d 100644 --- a/agent/structs/acl.go +++ b/agent/structs/acl.go @@ -101,9 +101,8 @@ type ACLIdentity interface { NodeIdentityList() []*ACLNodeIdentity IsExpired(asOf time.Time) bool IsLocal() bool - EnterpriseMetadata() *EnterpriseMeta + EnterpriseMetadata() *acl.EnterpriseMeta } - type ACLTokenPolicyLink struct { ID string Name string `hash:"ignore"` @@ -149,7 +148,7 @@ func (s *ACLServiceIdentity) EstimateSize() int { return size } -func (s *ACLServiceIdentity) SyntheticPolicy(entMeta *EnterpriseMeta) *ACLPolicy { +func (s *ACLServiceIdentity) SyntheticPolicy(entMeta *acl.EnterpriseMeta) *ACLPolicy { // Given that we validate this string name before persisting, we do not // have to escape it before doing the following interpolation. rules := aclServiceIdentityRules(s.ServiceName, entMeta) @@ -194,7 +193,7 @@ func (s *ACLNodeIdentity) EstimateSize() int { return len(s.NodeName) + len(s.Datacenter) } -func (s *ACLNodeIdentity) SyntheticPolicy(entMeta *EnterpriseMeta) *ACLPolicy { +func (s *ACLNodeIdentity) SyntheticPolicy(entMeta *acl.EnterpriseMeta) *ACLPolicy { // Given that we validate this string name before persisting, we do not // have to escape it before doing the following interpolation. rules := aclNodeIdentityRules(s.NodeName, entMeta) @@ -289,7 +288,7 @@ type ACLToken struct { Hash []byte // Embedded Enterprise Metadata - EnterpriseMeta `mapstructure:",squash"` + acl.EnterpriseMeta `mapstructure:",squash"` // Embedded Raft Metadata RaftIndex @@ -415,7 +414,7 @@ func (t *ACLToken) HasExpirationTime() bool { return t.ExpirationTime != nil && !t.ExpirationTime.IsZero() } -func (t *ACLToken) EnterpriseMetadata() *EnterpriseMeta { +func (t *ACLToken) EnterpriseMetadata() *acl.EnterpriseMeta { return &t.EnterpriseMeta } @@ -462,7 +461,7 @@ func (t *ACLToken) SetHash(force bool) []byte { nodeID.AddToHash(hash) } - t.EnterpriseMeta.addToHash(hash, false) + t.EnterpriseMeta.AddToHash(hash, false) // Finalize the hash hashVal := hash.Sum(nil) @@ -488,7 +487,7 @@ func (t *ACLToken) EstimateSize() int { for _, nodeID := range t.NodeIdentities { size += nodeID.EstimateSize() } - return size + t.EnterpriseMeta.estimateSize() + return size + t.EnterpriseMeta.EstimateSize() } // ACLTokens is a slice of ACLTokens. @@ -510,7 +509,7 @@ type ACLTokenListStub struct { CreateIndex uint64 ModifyIndex uint64 Legacy bool `json:",omitempty"` - EnterpriseMeta + acl.EnterpriseMeta ACLAuthMethodEnterpriseMeta } @@ -583,7 +582,7 @@ type ACLPolicy struct { Hash []byte // Embedded Enterprise ACL Metadata - EnterpriseMeta `mapstructure:",squash"` + acl.EnterpriseMeta `mapstructure:",squash"` // Embedded Raft Metadata RaftIndex `hash:"ignore"` @@ -621,7 +620,7 @@ type ACLPolicyListStub struct { Hash []byte CreateIndex uint64 ModifyIndex uint64 - EnterpriseMeta + acl.EnterpriseMeta } func (p *ACLPolicy) Stub() *ACLPolicyListStub { @@ -664,7 +663,7 @@ func (p *ACLPolicy) SetHash(force bool) []byte { hash.Write([]byte(dc)) } - p.EnterpriseMeta.addToHash(hash, false) + p.EnterpriseMeta.AddToHash(hash, false) // Finalize the hash hashVal := hash.Sum(nil) @@ -685,7 +684,7 @@ func (p *ACLPolicy) EstimateSize() int { size += len(dc) } - return size + p.EnterpriseMeta.estimateSize() + return size + p.EnterpriseMeta.EstimateSize() } // HashKey returns a consistent hash for a set of policies. @@ -824,7 +823,7 @@ type ACLRole struct { Hash []byte // Embedded Enterprise ACL metadata - EnterpriseMeta `mapstructure:",squash"` + acl.EnterpriseMeta `mapstructure:",squash"` // Embedded Raft Metadata RaftIndex `hash:"ignore"` @@ -902,7 +901,7 @@ func (r *ACLRole) SetHash(force bool) []byte { nodeID.AddToHash(hash) } - r.EnterpriseMeta.addToHash(hash, false) + r.EnterpriseMeta.AddToHash(hash, false) // Finalize the hash hashVal := hash.Sum(nil) @@ -929,7 +928,7 @@ func (r *ACLRole) EstimateSize() int { size += nodeID.EstimateSize() } - return size + r.EnterpriseMeta.estimateSize() + return size + r.EnterpriseMeta.EstimateSize() } const ( @@ -1005,7 +1004,7 @@ type ACLBindingRule struct { BindName string // Embedded Enterprise ACL metadata - EnterpriseMeta `mapstructure:",squash"` + acl.EnterpriseMeta `mapstructure:",squash"` // Embedded Raft Metadata RaftIndex `hash:"ignore"` @@ -1034,7 +1033,7 @@ type ACLAuthMethodListStub struct { TokenLocality string `json:",omitempty"` CreateIndex uint64 ModifyIndex uint64 - EnterpriseMeta + acl.EnterpriseMeta } func (p *ACLAuthMethod) Stub() *ACLAuthMethodListStub { @@ -1118,7 +1117,7 @@ type ACLAuthMethod struct { Config map[string]interface{} // Embedded Enterprise ACL Meta - EnterpriseMeta `mapstructure:",squash"` + acl.EnterpriseMeta `mapstructure:",squash"` ACLAuthMethodEnterpriseFields `mapstructure:",squash"` @@ -1222,7 +1221,7 @@ type ACLTokenGetRequest struct { TokenIDType ACLTokenIDType // The Type of ID used to lookup the token Expanded bool Datacenter string // The datacenter to perform the request within - EnterpriseMeta + acl.EnterpriseMeta QueryOptions } @@ -1234,7 +1233,7 @@ func (r *ACLTokenGetRequest) RequestDatacenter() string { type ACLTokenDeleteRequest struct { TokenID string // ID of the token to delete Datacenter string // The datacenter to perform the request within - EnterpriseMeta + acl.EnterpriseMeta WriteRequest } @@ -1251,7 +1250,7 @@ type ACLTokenListRequest struct { AuthMethod string // Auth Method filter Datacenter string // The datacenter to perform the request within ACLAuthMethodEnterpriseMeta - EnterpriseMeta + acl.EnterpriseMeta QueryOptions } @@ -1362,7 +1361,7 @@ func (r *ACLPolicySetRequest) RequestDatacenter() string { type ACLPolicyDeleteRequest struct { PolicyID string // The id of the policy to delete Datacenter string // The datacenter to perform the request within - EnterpriseMeta + acl.EnterpriseMeta WriteRequest } @@ -1375,7 +1374,7 @@ type ACLPolicyGetRequest struct { PolicyID string // id used for the policy lookup (one of PolicyID or PolicyName is allowed) PolicyName string // name used for the policy lookup (one of PolicyID or PolicyName is allowed) Datacenter string // The datacenter to perform the request within - EnterpriseMeta + acl.EnterpriseMeta QueryOptions } @@ -1386,7 +1385,7 @@ func (r *ACLPolicyGetRequest) RequestDatacenter() string { // ACLPolicyListRequest is used at the RPC layer to request a listing of policies type ACLPolicyListRequest struct { Datacenter string // The datacenter to perform the request within - EnterpriseMeta + acl.EnterpriseMeta QueryOptions } @@ -1453,7 +1452,7 @@ func (r *ACLRoleSetRequest) RequestDatacenter() string { type ACLRoleDeleteRequest struct { RoleID string // id of the role to delete Datacenter string // The datacenter to perform the request within - EnterpriseMeta + acl.EnterpriseMeta WriteRequest } @@ -1466,7 +1465,7 @@ type ACLRoleGetRequest struct { RoleID string // id used for the role lookup (one of RoleID or RoleName is allowed) RoleName string // name used for the role lookup (one of RoleID or RoleName is allowed) Datacenter string // The datacenter to perform the request within - EnterpriseMeta + acl.EnterpriseMeta QueryOptions } @@ -1478,7 +1477,7 @@ func (r *ACLRoleGetRequest) RequestDatacenter() string { type ACLRoleListRequest struct { Policy string // Policy filter Datacenter string // The datacenter to perform the request within - EnterpriseMeta + acl.EnterpriseMeta QueryOptions } @@ -1546,7 +1545,7 @@ func (r *ACLBindingRuleSetRequest) RequestDatacenter() string { type ACLBindingRuleDeleteRequest struct { BindingRuleID string // id of the rule to delete Datacenter string // The datacenter to perform the request within - EnterpriseMeta + acl.EnterpriseMeta WriteRequest } @@ -1558,7 +1557,7 @@ func (r *ACLBindingRuleDeleteRequest) RequestDatacenter() string { type ACLBindingRuleGetRequest struct { BindingRuleID string // id used for the rule lookup Datacenter string // The datacenter to perform the request within - EnterpriseMeta + acl.EnterpriseMeta QueryOptions } @@ -1570,7 +1569,7 @@ func (r *ACLBindingRuleGetRequest) RequestDatacenter() string { type ACLBindingRuleListRequest struct { AuthMethod string // optional filter Datacenter string // The datacenter to perform the request within - EnterpriseMeta + acl.EnterpriseMeta QueryOptions } @@ -1616,7 +1615,7 @@ func (r *ACLAuthMethodSetRequest) RequestDatacenter() string { type ACLAuthMethodDeleteRequest struct { AuthMethodName string // name of the auth method to delete Datacenter string // The datacenter to perform the request within - EnterpriseMeta + acl.EnterpriseMeta WriteRequest } @@ -1628,7 +1627,7 @@ func (r *ACLAuthMethodDeleteRequest) RequestDatacenter() string { type ACLAuthMethodGetRequest struct { AuthMethodName string // name used for the auth method lookup Datacenter string // The datacenter to perform the request within - EnterpriseMeta + acl.EnterpriseMeta QueryOptions } @@ -1639,7 +1638,7 @@ func (r *ACLAuthMethodGetRequest) RequestDatacenter() string { // ACLAuthMethodListRequest is used at the RPC layer to request a listing of auth methods type ACLAuthMethodListRequest struct { Datacenter string // The datacenter to perform the request within - EnterpriseMeta + acl.EnterpriseMeta QueryOptions } @@ -1673,14 +1672,14 @@ type ACLAuthMethodBatchDeleteRequest struct { // delete a single entry. This is because AuthMethods unlike tokens, policies // and roles are not replicated between datacenters and therefore never // batch applied. - EnterpriseMeta + acl.EnterpriseMeta } type ACLLoginParams struct { AuthMethod string BearerToken string Meta map[string]string `json:",omitempty"` - EnterpriseMeta + acl.EnterpriseMeta } type ACLLoginRequest struct { @@ -1712,7 +1711,7 @@ type ACLAuthorizationRequest struct { Resource acl.Resource Segment string `json:",omitempty"` Access string - EnterpriseMeta + acl.EnterpriseMeta } type ACLAuthorizationResponse struct { @@ -1786,6 +1785,6 @@ func (id *AgentRecoveryTokenIdentity) IsLocal() bool { return true } -func (id *AgentRecoveryTokenIdentity) EnterpriseMetadata() *EnterpriseMeta { +func (id *AgentRecoveryTokenIdentity) EnterpriseMetadata() *acl.EnterpriseMeta { return nil } diff --git a/agent/structs/acl_oss.go b/agent/structs/acl_oss.go index 3a1457aad..b41986547 100644 --- a/agent/structs/acl_oss.go +++ b/agent/structs/acl_oss.go @@ -51,19 +51,19 @@ type ACLAuthMethodEnterpriseFields struct{} type ACLAuthMethodEnterpriseMeta struct{} -func (_ *ACLAuthMethodEnterpriseMeta) FillWithEnterpriseMeta(_ *EnterpriseMeta) { +func (_ *ACLAuthMethodEnterpriseMeta) FillWithEnterpriseMeta(_ *acl.EnterpriseMeta) { // do nothing } -func (_ *ACLAuthMethodEnterpriseMeta) ToEnterpriseMeta() *EnterpriseMeta { +func (_ *ACLAuthMethodEnterpriseMeta) ToEnterpriseMeta() *acl.EnterpriseMeta { return DefaultEnterpriseMetaInDefaultPartition() } -func aclServiceIdentityRules(svc string, _ *EnterpriseMeta) string { +func aclServiceIdentityRules(svc string, _ *acl.EnterpriseMeta) string { return fmt.Sprintf(aclPolicyTemplateServiceIdentity, svc) } -func aclNodeIdentityRules(node string, _ *EnterpriseMeta) string { +func aclNodeIdentityRules(node string, _ *acl.EnterpriseMeta) string { return fmt.Sprintf(aclPolicyTemplateNodeIdentity, node) } @@ -95,6 +95,6 @@ func (r *ACLRole) NodeIdentityList() []*ACLNodeIdentity { return out } -func IsValidPartitionAndDatacenter(meta EnterpriseMeta, datacenters []string, primaryDatacenter string) bool { +func IsValidPartitionAndDatacenter(meta acl.EnterpriseMeta, datacenters []string, primaryDatacenter string) bool { return true } diff --git a/agent/structs/catalog.go b/agent/structs/catalog.go index 73cd0264f..94581a45c 100644 --- a/agent/structs/catalog.go +++ b/agent/structs/catalog.go @@ -1,6 +1,7 @@ package structs import ( + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/types" ) @@ -41,7 +42,7 @@ type HealthSummary struct { Warning int Critical int - EnterpriseMeta + acl.EnterpriseMeta } func (h *HealthSummary) Add(status string) { diff --git a/agent/structs/check_definition.go b/agent/structs/check_definition.go index 434f35e65..c6967d2fc 100644 --- a/agent/structs/check_definition.go +++ b/agent/structs/check_definition.go @@ -1,6 +1,7 @@ package structs import ( + "github.com/hashicorp/consul/acl" "time" "github.com/hashicorp/consul/api" @@ -47,7 +48,7 @@ type CheckDefinition struct { DeregisterCriticalServiceAfter time.Duration OutputMaxSize int - EnterpriseMeta `hcl:",squash" mapstructure:",squash"` + acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"` } func (t *CheckDefinition) UnmarshalJSON(data []byte) (err error) { diff --git a/agent/structs/config_entry.go b/agent/structs/config_entry.go index 09e05fa4c..1fe7cad73 100644 --- a/agent/structs/config_entry.go +++ b/agent/structs/config_entry.go @@ -65,7 +65,7 @@ type ConfigEntry interface { CanWrite(acl.Authorizer) error GetMeta() map[string]string - GetEnterpriseMeta() *EnterpriseMeta + GetEnterpriseMeta() *acl.EnterpriseMeta GetRaftIndex() *RaftIndex } @@ -103,8 +103,8 @@ type ServiceConfigEntry struct { ExternalSNI string `json:",omitempty" alias:"external_sni"` UpstreamConfig *UpstreamConfiguration `json:",omitempty" alias:"upstream_config"` - Meta map[string]string `json:",omitempty"` - EnterpriseMeta `hcl:",squash" mapstructure:",squash"` + Meta map[string]string `json:",omitempty"` + acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"` RaftIndex } @@ -212,7 +212,7 @@ func (e *ServiceConfigEntry) GetRaftIndex() *RaftIndex { return &e.RaftIndex } -func (e *ServiceConfigEntry) GetEnterpriseMeta() *EnterpriseMeta { +func (e *ServiceConfigEntry) GetEnterpriseMeta() *acl.EnterpriseMeta { if e == nil { return nil } @@ -262,8 +262,8 @@ type ProxyConfigEntry struct { MeshGateway MeshGatewayConfig `json:",omitempty" alias:"mesh_gateway"` Expose ExposeConfig `json:",omitempty"` - Meta map[string]string `json:",omitempty"` - EnterpriseMeta `hcl:",squash" mapstructure:",squash"` + Meta map[string]string `json:",omitempty"` + acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"` RaftIndex } @@ -333,7 +333,7 @@ func (e *ProxyConfigEntry) GetRaftIndex() *RaftIndex { return &e.RaftIndex } -func (e *ProxyConfigEntry) GetEnterpriseMeta() *EnterpriseMeta { +func (e *ProxyConfigEntry) GetEnterpriseMeta() *acl.EnterpriseMeta { if e == nil { return nil } @@ -555,7 +555,7 @@ type ConfigEntryQuery struct { Name string Datacenter string - EnterpriseMeta `hcl:",squash" mapstructure:",squash"` + acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"` QueryOptions } @@ -601,7 +601,7 @@ type ConfigEntryListAllRequest struct { Kinds []string Datacenter string - EnterpriseMeta `hcl:",squash" mapstructure:",squash"` + acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"` QueryOptions } @@ -629,7 +629,7 @@ type ServiceConfigRequest struct { // uniquely identify a service. Upstreams []string - EnterpriseMeta `hcl:",squash" mapstructure:",squash"` + acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"` QueryOptions } @@ -654,7 +654,7 @@ func (r *ServiceConfigRequest) CacheInfo() cache.RequestInfo { // and change it. v, err := hashstructure.Hash(struct { Name string - EnterpriseMeta EnterpriseMeta + EnterpriseMeta acl.EnterpriseMeta Upstreams []string `hash:"set"` UpstreamIDs []ServiceID `hash:"set"` MeshGatewayConfig MeshGatewayConfig @@ -683,7 +683,7 @@ type UpstreamConfig struct { // Name is only accepted within a service-defaults config entry. Name string `json:",omitempty"` // EnterpriseMeta is only accepted within a service-defaults config entry. - EnterpriseMeta `hcl:",squash" mapstructure:",squash"` + acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"` // EnvoyListenerJSON is a complete override ("escape hatch") for the upstream's // listener. @@ -773,10 +773,10 @@ func (cfg UpstreamConfig) MergeInto(dst map[string]interface{}) { func (cfg *UpstreamConfig) NormalizeWithoutName() error { return cfg.normalize(false, nil) } -func (cfg *UpstreamConfig) NormalizeWithName(entMeta *EnterpriseMeta) error { +func (cfg *UpstreamConfig) NormalizeWithName(entMeta *acl.EnterpriseMeta) error { return cfg.normalize(true, entMeta) } -func (cfg *UpstreamConfig) normalize(named bool, entMeta *EnterpriseMeta) error { +func (cfg *UpstreamConfig) normalize(named bool, entMeta *acl.EnterpriseMeta) error { if named { // If the upstream namespace is omitted it inherits that of the enclosing // config entry. diff --git a/agent/structs/config_entry_discoverychain.go b/agent/structs/config_entry_discoverychain.go index 826b2528d..aaac8652a 100644 --- a/agent/structs/config_entry_discoverychain.go +++ b/agent/structs/config_entry_discoverychain.go @@ -73,8 +73,8 @@ type ServiceRouterConfigEntry struct { // the default service. Routes []ServiceRoute - Meta map[string]string `json:",omitempty"` - EnterpriseMeta `hcl:",squash" mapstructure:",squash"` + Meta map[string]string `json:",omitempty"` + acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"` RaftIndex } @@ -298,7 +298,7 @@ func (e *ServiceRouterConfigEntry) ListRelatedServices() []ServiceID { return out } -func (e *ServiceRouterConfigEntry) GetEnterpriseMeta() *EnterpriseMeta { +func (e *ServiceRouterConfigEntry) GetEnterpriseMeta() *acl.EnterpriseMeta { if e == nil { return nil } @@ -485,8 +485,8 @@ type ServiceSplitterConfigEntry struct { // to the FIRST split. Splits []ServiceSplit - Meta map[string]string `json:",omitempty"` - EnterpriseMeta `hcl:",squash" mapstructure:",squash"` + Meta map[string]string `json:",omitempty"` + acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"` RaftIndex } @@ -610,7 +610,7 @@ func (e *ServiceSplitterConfigEntry) GetRaftIndex() *RaftIndex { return &e.RaftIndex } -func (e *ServiceSplitterConfigEntry) GetEnterpriseMeta() *EnterpriseMeta { +func (e *ServiceSplitterConfigEntry) GetEnterpriseMeta() *acl.EnterpriseMeta { if e == nil { return nil } @@ -815,8 +815,8 @@ type ServiceResolverConfigEntry struct { // issuing requests to this upstream service. LoadBalancer *LoadBalancer `json:",omitempty" alias:"load_balancer"` - Meta map[string]string `json:",omitempty"` - EnterpriseMeta `hcl:",squash" mapstructure:",squash"` + Meta map[string]string `json:",omitempty"` + acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"` RaftIndex } @@ -948,7 +948,7 @@ func (e *ServiceResolverConfigEntry) Validate() error { if !e.InDefaultPartition() && e.Redirect.Datacenter != "" { return fmt.Errorf("Cross-datacenter redirect is only supported in the default partition") } - if PartitionOrDefault(e.Redirect.Partition) != e.PartitionOrDefault() && e.Redirect.Datacenter != "" { + if acl.PartitionOrDefault(e.Redirect.Partition) != e.PartitionOrDefault() && e.Redirect.Datacenter != "" { return fmt.Errorf("Cross-datacenter and cross-partition redirect is not supported") } @@ -1085,7 +1085,7 @@ func (e *ServiceResolverConfigEntry) GetRaftIndex() *RaftIndex { return &e.RaftIndex } -func (e *ServiceResolverConfigEntry) GetEnterpriseMeta() *EnterpriseMeta { +func (e *ServiceResolverConfigEntry) GetEnterpriseMeta() *acl.EnterpriseMeta { if e == nil { return nil } diff --git a/agent/structs/config_entry_discoverychain_oss.go b/agent/structs/config_entry_discoverychain_oss.go index cd22c9686..0dcf1cc8f 100644 --- a/agent/structs/config_entry_discoverychain_oss.go +++ b/agent/structs/config_entry_discoverychain_oss.go @@ -3,38 +3,42 @@ package structs +import ( + "github.com/hashicorp/consul/acl" +) + // GetEnterpriseMeta is used to synthesize the EnterpriseMeta struct from // fields in the ServiceRouteDestination -func (dest *ServiceRouteDestination) GetEnterpriseMeta(_ *EnterpriseMeta) *EnterpriseMeta { +func (dest *ServiceRouteDestination) GetEnterpriseMeta(_ *acl.EnterpriseMeta) *acl.EnterpriseMeta { return DefaultEnterpriseMetaInDefaultPartition() } // GetEnterpriseMeta is used to synthesize the EnterpriseMeta struct from // fields in the ServiceSplit -func (split *ServiceSplit) GetEnterpriseMeta(_ *EnterpriseMeta) *EnterpriseMeta { +func (split *ServiceSplit) GetEnterpriseMeta(_ *acl.EnterpriseMeta) *acl.EnterpriseMeta { return DefaultEnterpriseMetaInDefaultPartition() } // GetEnterpriseMeta is used to synthesize the EnterpriseMeta struct from // fields in the ServiceResolverRedirect -func (redir *ServiceResolverRedirect) GetEnterpriseMeta(_ *EnterpriseMeta) *EnterpriseMeta { +func (redir *ServiceResolverRedirect) GetEnterpriseMeta(_ *acl.EnterpriseMeta) *acl.EnterpriseMeta { return DefaultEnterpriseMetaInDefaultPartition() } // GetEnterpriseMeta is used to synthesize the EnterpriseMeta struct from // fields in the ServiceResolverFailover -func (failover *ServiceResolverFailover) GetEnterpriseMeta(_ *EnterpriseMeta) *EnterpriseMeta { +func (failover *ServiceResolverFailover) GetEnterpriseMeta(_ *acl.EnterpriseMeta) *acl.EnterpriseMeta { return DefaultEnterpriseMetaInDefaultPartition() } // GetEnterpriseMeta is used to synthesize the EnterpriseMeta struct from // fields in the DiscoveryChainRequest -func (req *DiscoveryChainRequest) GetEnterpriseMeta() *EnterpriseMeta { +func (req *DiscoveryChainRequest) GetEnterpriseMeta() *acl.EnterpriseMeta { return DefaultEnterpriseMetaInDefaultPartition() } // WithEnterpriseMeta will populate the corresponding fields in the // DiscoveryChainRequest from the EnterpriseMeta struct -func (req *DiscoveryChainRequest) WithEnterpriseMeta(_ *EnterpriseMeta) { +func (req *DiscoveryChainRequest) WithEnterpriseMeta(_ *acl.EnterpriseMeta) { // do nothing } diff --git a/agent/structs/config_entry_exports.go b/agent/structs/config_entry_exports.go index 910f7451d..8a184cc39 100644 --- a/agent/structs/config_entry_exports.go +++ b/agent/structs/config_entry_exports.go @@ -16,8 +16,8 @@ type ExportedServicesConfigEntry struct { // to expose them to. Services []ExportedService - Meta map[string]string `json:",omitempty"` - EnterpriseMeta `hcl:",squash" mapstructure:",squash"` + Meta map[string]string `json:",omitempty"` + acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"` RaftIndex } @@ -99,7 +99,7 @@ func (e *ExportedServicesConfigEntry) Normalize() error { e.EnterpriseMeta.Normalize() for i := range e.Services { - e.Services[i].Namespace = NamespaceOrDefault(e.Services[i].Namespace) + e.Services[i].Namespace = acl.NamespaceOrDefault(e.Services[i].Namespace) } return nil @@ -156,7 +156,7 @@ func (e *ExportedServicesConfigEntry) GetRaftIndex() *RaftIndex { return &e.RaftIndex } -func (e *ExportedServicesConfigEntry) GetEnterpriseMeta() *EnterpriseMeta { +func (e *ExportedServicesConfigEntry) GetEnterpriseMeta() *acl.EnterpriseMeta { if e == nil { return nil } diff --git a/agent/structs/config_entry_gateways.go b/agent/structs/config_entry_gateways.go index fc9c840a0..4aadd8ef9 100644 --- a/agent/structs/config_entry_gateways.go +++ b/agent/structs/config_entry_gateways.go @@ -31,8 +31,8 @@ type IngressGatewayConfigEntry struct { // what services to associated to those ports. Listeners []IngressListener - Meta map[string]string `json:",omitempty"` - EnterpriseMeta `hcl:",squash" mapstructure:",squash"` + Meta map[string]string `json:",omitempty"` + acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"` RaftIndex } @@ -90,8 +90,8 @@ type IngressService struct { RequestHeaders *HTTPHeaderModifiers `json:",omitempty" alias:"request_headers"` ResponseHeaders *HTTPHeaderModifiers `json:",omitempty" alias:"response_headers"` - Meta map[string]string `json:",omitempty"` - EnterpriseMeta `hcl:",squash" mapstructure:",squash"` + Meta map[string]string `json:",omitempty"` + acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"` } type GatewayTLSConfig struct { @@ -420,7 +420,7 @@ func (e *IngressGatewayConfigEntry) GetRaftIndex() *RaftIndex { return &e.RaftIndex } -func (e *IngressGatewayConfigEntry) GetEnterpriseMeta() *EnterpriseMeta { +func (e *IngressGatewayConfigEntry) GetEnterpriseMeta() *acl.EnterpriseMeta { if e == nil { return nil } @@ -439,8 +439,8 @@ type TerminatingGatewayConfigEntry struct { Name string Services []LinkedService - Meta map[string]string `json:",omitempty"` - EnterpriseMeta `hcl:",squash" mapstructure:",squash"` + Meta map[string]string `json:",omitempty"` + acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"` RaftIndex } @@ -464,7 +464,7 @@ type LinkedService struct { // SNI is the optional name to specify during the TLS handshake with a linked service SNI string `json:",omitempty"` - EnterpriseMeta `hcl:",squash" mapstructure:",squash"` + acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"` } func (e *TerminatingGatewayConfigEntry) GetKind() string { @@ -562,7 +562,7 @@ func (e *TerminatingGatewayConfigEntry) GetRaftIndex() *RaftIndex { return &e.RaftIndex } -func (e *TerminatingGatewayConfigEntry) GetEnterpriseMeta() *EnterpriseMeta { +func (e *TerminatingGatewayConfigEntry) GetEnterpriseMeta() *acl.EnterpriseMeta { if e == nil { return nil } diff --git a/agent/structs/config_entry_intentions.go b/agent/structs/config_entry_intentions.go index 8829c2178..8f7cd8123 100644 --- a/agent/structs/config_entry_intentions.go +++ b/agent/structs/config_entry_intentions.go @@ -19,7 +19,7 @@ type ServiceIntentionsConfigEntry struct { Meta map[string]string `json:",omitempty"` // formerly Intention.Meta - EnterpriseMeta `hcl:",squash" mapstructure:",squash"` // formerly DestinationNS + acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"` // formerly DestinationNS RaftIndex } @@ -258,7 +258,7 @@ type SourceIntention struct { // Things like L7 rules or Sentinel rules could go here later. // formerly Intention.SourceNS - EnterpriseMeta `hcl:",squash" mapstructure:",squash"` + acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"` } type IntentionPermission struct { @@ -498,7 +498,7 @@ func computeIntentionPrecedence(entry *ServiceIntentionsConfigEntry, src *Source // intentionCountExact counts the number of exact values (not wildcards) in // the given namespace and name. -func intentionCountExact(name string, entMeta *EnterpriseMeta) int { +func intentionCountExact(name string, entMeta *acl.EnterpriseMeta) int { ns := entMeta.NamespaceOrDefault() // If NS is wildcard, pair must be */* since an exact service cannot follow a wildcard NS @@ -753,7 +753,7 @@ func (e *ServiceIntentionsConfigEntry) validate(legacyWrite bool) error { } // Wildcard usage verification -func validateIntentionWildcards(name string, entMeta *EnterpriseMeta) error { +func validateIntentionWildcards(name string, entMeta *acl.EnterpriseMeta) error { ns := entMeta.NamespaceOrDefault() if ns != WildcardSpecifier { if strings.Contains(ns, WildcardSpecifier) { @@ -783,7 +783,7 @@ func (e *ServiceIntentionsConfigEntry) GetRaftIndex() *RaftIndex { return &e.RaftIndex } -func (e *ServiceIntentionsConfigEntry) GetEnterpriseMeta() *EnterpriseMeta { +func (e *ServiceIntentionsConfigEntry) GetEnterpriseMeta() *acl.EnterpriseMeta { if e == nil { return nil } diff --git a/agent/structs/config_entry_intentions_oss.go b/agent/structs/config_entry_intentions_oss.go index d2edadd27..2628951f8 100644 --- a/agent/structs/config_entry_intentions_oss.go +++ b/agent/structs/config_entry_intentions_oss.go @@ -3,6 +3,10 @@ package structs -func validateSourceIntentionEnterpriseMeta(_, _ *EnterpriseMeta) error { +import ( + "github.com/hashicorp/consul/acl" +) + +func validateSourceIntentionEnterpriseMeta(_, _ *acl.EnterpriseMeta) error { return nil } diff --git a/agent/structs/config_entry_mesh.go b/agent/structs/config_entry_mesh.go index eb9f34f43..2d983eb82 100644 --- a/agent/structs/config_entry_mesh.go +++ b/agent/structs/config_entry_mesh.go @@ -15,8 +15,8 @@ type MeshConfigEntry struct { TLS *MeshTLSConfig `json:",omitempty"` - Meta map[string]string `json:",omitempty"` - EnterpriseMeta `hcl:",squash" mapstructure:",squash"` + Meta map[string]string `json:",omitempty"` + acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"` RaftIndex } @@ -113,7 +113,7 @@ func (e *MeshConfigEntry) GetRaftIndex() *RaftIndex { return &e.RaftIndex } -func (e *MeshConfigEntry) GetEnterpriseMeta() *EnterpriseMeta { +func (e *MeshConfigEntry) GetEnterpriseMeta() *acl.EnterpriseMeta { if e == nil { return nil } diff --git a/agent/structs/config_entry_oss.go b/agent/structs/config_entry_oss.go index f7ccac38c..2cd1db7ac 100644 --- a/agent/structs/config_entry_oss.go +++ b/agent/structs/config_entry_oss.go @@ -8,6 +8,8 @@ import ( "strings" "github.com/hashicorp/go-multierror" + + "github.com/hashicorp/consul/acl" ) func (e *ProxyConfigEntry) validateEnterpriseMeta() error { @@ -32,7 +34,7 @@ func validateUnusedKeys(unused []string) error { return err } -func validateInnerEnterpriseMeta(_, _ *EnterpriseMeta) error { +func validateInnerEnterpriseMeta(_, _ *acl.EnterpriseMeta) error { return nil } diff --git a/agent/structs/config_entry_test.go b/agent/structs/config_entry_test.go index f125998b9..5203bcc00 100644 --- a/agent/structs/config_entry_test.go +++ b/agent/structs/config_entry_test.go @@ -2750,7 +2750,7 @@ func testConfigEntryNormalizeAndValidate(t *testing.T, cases map[string]configEn // nothing else changes though during Normalize. So we ignore // EnterpriseMeta Defaults. opts := cmp.Options{ - cmp.Comparer(func(a, b EnterpriseMeta) bool { + cmp.Comparer(func(a, b acl.EnterpriseMeta) bool { return a.IsSame(&b) }), } diff --git a/agent/structs/connect.go b/agent/structs/connect.go index 533b44270..9edf744a1 100644 --- a/agent/structs/connect.go +++ b/agent/structs/connect.go @@ -1,5 +1,7 @@ package structs +import "github.com/hashicorp/consul/acl" + // ConnectAuthorizeRequest is the structure of a request to authorize // a connection. type ConnectAuthorizeRequest struct { @@ -7,7 +9,7 @@ type ConnectAuthorizeRequest struct { Target string // EnterpriseMeta is the embedded Consul Enterprise specific metadata - EnterpriseMeta + acl.EnterpriseMeta // ClientCertURI is a unique identifier for the requesting client. This // is currently the URI SAN from the TLS client certificate. diff --git a/agent/structs/connect_ca.go b/agent/structs/connect_ca.go index ca08506e8..18210e571 100644 --- a/agent/structs/connect_ca.go +++ b/agent/structs/connect_ca.go @@ -9,6 +9,7 @@ import ( "github.com/mitchellh/mapstructure" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/lib" ) @@ -229,7 +230,7 @@ type IssuedCert struct { ValidBefore time.Time // EnterpriseMeta is the Consul Enterprise specific metadata - EnterpriseMeta + acl.EnterpriseMeta RaftIndex } diff --git a/agent/structs/connect_proxy_config_oss.go b/agent/structs/connect_proxy_config_oss.go index dff9cc25c..9e53a8fa2 100644 --- a/agent/structs/connect_proxy_config_oss.go +++ b/agent/structs/connect_proxy_config_oss.go @@ -3,7 +3,11 @@ package structs -func (us *Upstream) GetEnterpriseMeta() *EnterpriseMeta { +import ( + "github.com/hashicorp/consul/acl" +) + +func (us *Upstream) GetEnterpriseMeta() *acl.EnterpriseMeta { return DefaultEnterpriseMetaInDefaultPartition() } diff --git a/agent/structs/discovery_chain.go b/agent/structs/discovery_chain.go index 0dd3010e7..17b9ee77a 100644 --- a/agent/structs/discovery_chain.go +++ b/agent/structs/discovery_chain.go @@ -3,6 +3,7 @@ package structs import ( "encoding/json" "fmt" + "github.com/hashicorp/consul/acl" "time" "github.com/hashicorp/consul/lib" @@ -77,7 +78,7 @@ func (c *CompiledDiscoveryChain) ID() string { } func (c *CompiledDiscoveryChain) CompoundServiceName() ServiceName { - entMeta := NewEnterpriseMetaWithPartition(c.Partition, c.Namespace) + entMeta := acl.NewEnterpriseMetaWithPartition(c.Partition, c.Namespace) return NewServiceName(c.ServiceName, &entMeta) } diff --git a/agent/structs/discovery_chain_oss.go b/agent/structs/discovery_chain_oss.go index 3b7f091c5..cdabdf6b3 100644 --- a/agent/structs/discovery_chain_oss.go +++ b/agent/structs/discovery_chain_oss.go @@ -3,6 +3,10 @@ package structs -func (t *DiscoveryTarget) GetEnterpriseMetadata() *EnterpriseMeta { +import ( + "github.com/hashicorp/consul/acl" +) + +func (t *DiscoveryTarget) GetEnterpriseMetadata() *acl.EnterpriseMeta { return DefaultEnterpriseMetaInDefaultPartition() } diff --git a/agent/structs/identity.go b/agent/structs/identity.go index afe560abf..d0bfd62ec 100644 --- a/agent/structs/identity.go +++ b/agent/structs/identity.go @@ -1,10 +1,12 @@ package structs +import "github.com/hashicorp/consul/acl" + // Identity of some entity (ex: service, node, check). // // TODO: this type should replace ServiceID, ServiceName, and CheckID which all // have roughly identical implementations. type Identity struct { ID string - EnterpriseMeta + acl.EnterpriseMeta } diff --git a/agent/structs/intention.go b/agent/structs/intention.go index 49217b130..feefc5672 100644 --- a/agent/structs/intention.go +++ b/agent/structs/intention.go @@ -728,9 +728,9 @@ func (q *IntentionQueryExact) Validate() error { } type IntentionListRequest struct { - Datacenter string - Legacy bool `json:"-"` - EnterpriseMeta `hcl:",squash" mapstructure:",squash"` + Datacenter string + Legacy bool `json:"-"` + acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"` QueryOptions } diff --git a/agent/structs/intention_oss.go b/agent/structs/intention_oss.go index 11a57e07d..e35b9b5b3 100644 --- a/agent/structs/intention_oss.go +++ b/agent/structs/intention_oss.go @@ -7,23 +7,23 @@ import ( "github.com/hashicorp/consul/acl" ) -func (ixn *Intention) SourceEnterpriseMeta() *EnterpriseMeta { +func (ixn *Intention) SourceEnterpriseMeta() *acl.EnterpriseMeta { return DefaultEnterpriseMetaInDefaultPartition() } -func (ixn *Intention) DestinationEnterpriseMeta() *EnterpriseMeta { +func (ixn *Intention) DestinationEnterpriseMeta() *acl.EnterpriseMeta { return DefaultEnterpriseMetaInDefaultPartition() } -func (e *IntentionMatchEntry) GetEnterpriseMeta() *EnterpriseMeta { +func (e *IntentionMatchEntry) GetEnterpriseMeta() *acl.EnterpriseMeta { return DefaultEnterpriseMetaInDefaultPartition() } -func (e *IntentionQueryExact) SourceEnterpriseMeta() *EnterpriseMeta { +func (e *IntentionQueryExact) SourceEnterpriseMeta() *acl.EnterpriseMeta { return DefaultEnterpriseMetaInDefaultPartition() } -func (e *IntentionQueryExact) DestinationEnterpriseMeta() *EnterpriseMeta { +func (e *IntentionQueryExact) DestinationEnterpriseMeta() *acl.EnterpriseMeta { return DefaultEnterpriseMetaInDefaultPartition() } @@ -55,7 +55,7 @@ func (_ *IntentionQueryCheck) FillAuthzContext(_ *acl.AuthorizerContext) { // fillDefault MUST be true on servers to ensure that all fields are populated on writes. // fillDefault MUST be false on clients so that servers can correctly fill in the // namespace/partition of the ACL token. -func (ixn *Intention) FillPartitionAndNamespace(entMeta *EnterpriseMeta, fillDefault bool) { +func (ixn *Intention) FillPartitionAndNamespace(entMeta *acl.EnterpriseMeta, fillDefault bool) { if ixn == nil { return } diff --git a/agent/structs/prepared_query.go b/agent/structs/prepared_query.go index 0f795891c..b6028cead 100644 --- a/agent/structs/prepared_query.go +++ b/agent/structs/prepared_query.go @@ -3,9 +3,11 @@ package structs import ( "strconv" + "github.com/mitchellh/hashstructure" + + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/cache" "github.com/hashicorp/consul/types" - "github.com/mitchellh/hashstructure" ) // QueryDatacenterOptions sets options about how we fail over if there are no @@ -78,7 +80,7 @@ type ServiceQuery struct { Connect bool // EnterpriseMeta is the embedded enterprise metadata - EnterpriseMeta `hcl:",squash" mapstructure:",squash"` + acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"` } const ( @@ -306,7 +308,7 @@ type PreparedQueryExecuteResponse struct { Service string // EnterpriseMeta of the service that was queried. - EnterpriseMeta + acl.EnterpriseMeta // Nodes has the nodes that were output by the query. Nodes CheckServiceNodes diff --git a/agent/structs/service_definition.go b/agent/structs/service_definition.go index 5141cbd96..05357c8f2 100644 --- a/agent/structs/service_definition.go +++ b/agent/structs/service_definition.go @@ -5,6 +5,7 @@ import ( "github.com/hashicorp/go-multierror" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/lib" ) @@ -33,7 +34,7 @@ type ServiceDefinition struct { // also called just "Config" Proxy *ConnectProxyConfig - EnterpriseMeta `hcl:",squash" mapstructure:",squash"` + acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"` Connect *ServiceConnect } diff --git a/agent/structs/structs.go b/agent/structs/structs.go index 9ea65fc3a..46dbbe7c5 100644 --- a/agent/structs/structs.go +++ b/agent/structs/structs.go @@ -429,7 +429,7 @@ type RegisterRequest struct { SkipNodeUpdate bool // EnterpriseMeta is the embedded enterprise metadata - EnterpriseMeta `hcl:",squash" mapstructure:",squash"` + acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"` WriteRequest RaftIndex `bexpr:"-"` @@ -474,11 +474,11 @@ func (r *RegisterRequest) ChangesNode(node *Node) bool { // If a ServiceID is provided, any associated Checks with that service // are also deregistered. type DeregisterRequest struct { - Datacenter string - Node string - ServiceID string - CheckID types.CheckID - EnterpriseMeta `hcl:",squash" mapstructure:",squash"` + Datacenter string + Node string + ServiceID string + CheckID types.CheckID + acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"` WriteRequest } @@ -512,12 +512,12 @@ type QuerySource struct { Ip string } -func (s QuerySource) NodeEnterpriseMeta() *EnterpriseMeta { +func (s QuerySource) NodeEnterpriseMeta() *acl.EnterpriseMeta { return NodeEnterpriseMetaInPartition(s.NodePartition) } func (s QuerySource) NodePartitionOrDefault() string { - return PartitionOrDefault(s.NodePartition) + return acl.PartitionOrDefault(s.NodePartition) } type DatacentersRequest struct { @@ -538,10 +538,10 @@ func (r *DatacentersRequest) CacheInfo() cache.RequestInfo { // DCSpecificRequest is used to query about a specific DC type DCSpecificRequest struct { - Datacenter string - NodeMetaFilters map[string]string - Source QuerySource - EnterpriseMeta `hcl:",squash" mapstructure:",squash"` + Datacenter string + NodeMetaFilters map[string]string + Source QuerySource + acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"` QueryOptions } @@ -582,11 +582,11 @@ func (r *DCSpecificRequest) CacheMinIndex() uint64 { } type ServiceDumpRequest struct { - Datacenter string - ServiceKind ServiceKind - UseServiceKind bool - Source QuerySource - EnterpriseMeta `hcl:",squash" mapstructure:",squash"` + Datacenter string + ServiceKind ServiceKind + UseServiceKind bool + Source QuerySource + acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"` QueryOptions } @@ -652,7 +652,7 @@ type ServiceSpecificRequest struct { // Ingress if true will only search for Ingress gateways for the given service. Ingress bool - EnterpriseMeta `hcl:",squash" mapstructure:",squash"` + acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"` QueryOptions } @@ -714,9 +714,9 @@ func (r *ServiceSpecificRequest) CacheMinIndex() uint64 { // NodeSpecificRequest is used to request the information about a single node type NodeSpecificRequest struct { - Datacenter string - Node string - EnterpriseMeta `hcl:",squash" mapstructure:",squash"` + Datacenter string + Node string + acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"` QueryOptions } @@ -756,7 +756,7 @@ type ChecksInStateRequest struct { State string Source QuerySource - EnterpriseMeta `mapstructure:",squash"` + acl.EnterpriseMeta `mapstructure:",squash"` QueryOptions } @@ -777,12 +777,12 @@ type Node struct { RaftIndex `bexpr:"-"` } -func (n *Node) GetEnterpriseMeta() *EnterpriseMeta { +func (n *Node) GetEnterpriseMeta() *acl.EnterpriseMeta { return NodeEnterpriseMetaInPartition(n.Partition) } func (n *Node) PartitionOrDefault() string { - return PartitionOrDefault(n.Partition) + return acl.PartitionOrDefault(n.Partition) } func (n *Node) BestAddress(wan bool) string { @@ -920,7 +920,7 @@ type ServiceNode struct { ServiceProxy ConnectProxyConfig ServiceConnect ServiceConnect - EnterpriseMeta `hcl:",squash" mapstructure:",squash" bexpr:"-"` + acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash" bexpr:"-"` RaftIndex `bexpr:"-"` } @@ -1128,7 +1128,7 @@ type NodeService struct { // somewhere this is used in API output. LocallyRegisteredAsSidecar bool `json:"-" bexpr:"-"` - EnterpriseMeta `hcl:",squash" mapstructure:",squash" bexpr:"-"` + acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash" bexpr:"-"` RaftIndex `bexpr:"-"` } @@ -1528,7 +1528,7 @@ type HealthCheck struct { Definition HealthCheckDefinition `bexpr:"-"` - EnterpriseMeta `hcl:",squash" mapstructure:",squash" bexpr:"-"` + acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash" bexpr:"-"` RaftIndex `bexpr:"-"` } @@ -1869,12 +1869,12 @@ type NodeInfo struct { Checks HealthChecks } -func (n *NodeInfo) GetEnterpriseMeta() *EnterpriseMeta { +func (n *NodeInfo) GetEnterpriseMeta() *acl.EnterpriseMeta { return NodeEnterpriseMetaInPartition(n.Partition) } func (n *NodeInfo) PartitionOrDefault() string { - return PartitionOrDefault(n.Partition) + return acl.PartitionOrDefault(n.Partition) } // NodeDump is used to dump all the nodes with all their @@ -1893,7 +1893,7 @@ type ServiceDump []*ServiceInfo type CheckID struct { ID types.CheckID - EnterpriseMeta + acl.EnterpriseMeta } // NamespaceOrDefault exists because acl.EnterpriseMeta uses a pointer @@ -1908,7 +1908,7 @@ func (c CheckID) PartitionOrDefault() string { return c.EnterpriseMeta.PartitionOrDefault() } -func NewCheckID(id types.CheckID, entMeta *EnterpriseMeta) CheckID { +func NewCheckID(id types.CheckID, entMeta *acl.EnterpriseMeta) CheckID { var cid CheckID cid.ID = id if entMeta == nil { @@ -1926,7 +1926,7 @@ func NewCheckID(id types.CheckID, entMeta *EnterpriseMeta) CheckID { func (cid CheckID) StringHashMD5() string { hasher := md5.New() hasher.Write([]byte(cid.ID)) - cid.EnterpriseMeta.addToHash(hasher, true) + cid.EnterpriseMeta.AddToHash(hasher, true) return fmt.Sprintf("%x", hasher.Sum(nil)) } @@ -1935,16 +1935,16 @@ func (cid CheckID) StringHashMD5() string { func (cid CheckID) StringHashSHA256() string { hasher := sha256.New() hasher.Write([]byte(cid.ID)) - cid.EnterpriseMeta.addToHash(hasher, true) + cid.EnterpriseMeta.AddToHash(hasher, true) return fmt.Sprintf("%x", hasher.Sum(nil)) } type ServiceID struct { ID string - EnterpriseMeta + acl.EnterpriseMeta } -func NewServiceID(id string, entMeta *EnterpriseMeta) ServiceID { +func NewServiceID(id string, entMeta *acl.EnterpriseMeta) ServiceID { var sid ServiceID sid.ID = id if entMeta == nil { @@ -1965,7 +1965,7 @@ func (sid ServiceID) Matches(other ServiceID) bool { func (sid ServiceID) StringHashSHA256() string { hasher := sha256.New() hasher.Write([]byte(sid.ID)) - sid.EnterpriseMeta.addToHash(hasher, true) + sid.EnterpriseMeta.AddToHash(hasher, true) return fmt.Sprintf("%x", hasher.Sum(nil)) } @@ -1978,16 +1978,16 @@ type IndexedServices struct { Services Services // In various situations we need to know the meta that the services are for - in particular // this is needed to be able to properly filter the list based on ACLs - EnterpriseMeta + acl.EnterpriseMeta QueryMeta } type ServiceName struct { Name string - EnterpriseMeta + acl.EnterpriseMeta } -func NewServiceName(name string, entMeta *EnterpriseMeta) ServiceName { +func NewServiceName(name string, entMeta *acl.EnterpriseMeta) ServiceName { var ret ServiceName ret.Name = name if entMeta == nil { @@ -2252,7 +2252,7 @@ type DirEntry struct { Value []byte Session string `json:",omitempty"` - EnterpriseMeta `bexpr:"-"` + acl.EnterpriseMeta `bexpr:"-"` RaftIndex } @@ -2303,7 +2303,7 @@ func (r *KVSRequest) RequestDatacenter() string { type KeyRequest struct { Datacenter string Key string - EnterpriseMeta + acl.EnterpriseMeta QueryOptions } @@ -2317,7 +2317,7 @@ type KeyListRequest struct { Prefix string Seperator string QueryOptions - EnterpriseMeta + acl.EnterpriseMeta } func (r *KeyListRequest) RequestDatacenter() string { @@ -2363,7 +2363,7 @@ type Session struct { // Deprecated v1.7.0. Checks []types.CheckID `json:",omitempty"` - EnterpriseMeta + acl.EnterpriseMeta RaftIndex } @@ -2432,7 +2432,7 @@ type SessionSpecificRequest struct { SessionID string // DEPRECATED in 1.7.0 Session string - EnterpriseMeta + acl.EnterpriseMeta QueryOptions } @@ -2453,12 +2453,12 @@ type Coordinate struct { Coord *coordinate.Coordinate } -func (c *Coordinate) GetEnterpriseMeta() *EnterpriseMeta { +func (c *Coordinate) GetEnterpriseMeta() *acl.EnterpriseMeta { return NodeEnterpriseMetaInPartition(c.Partition) } func (c *Coordinate) PartitionOrDefault() string { - return PartitionOrDefault(c.Partition) + return acl.PartitionOrDefault(c.Partition) } type Coordinates []*Coordinate @@ -2489,11 +2489,11 @@ type DatacenterMap struct { // CoordinateUpdateRequest is used to update the network coordinate of a given // node. type CoordinateUpdateRequest struct { - Datacenter string - Node string - Segment string - Coord *coordinate.Coordinate - EnterpriseMeta `hcl:",squash" mapstructure:",squash"` + Datacenter string + Node string + Segment string + Coord *coordinate.Coordinate + acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"` WriteRequest } @@ -2643,7 +2643,7 @@ type KeyringResponse struct { } func (r *KeyringResponse) PartitionOrDefault() string { - return PartitionOrDefault(r.Partition) + return acl.PartitionOrDefault(r.Partition) } // KeyringResponses holds multiple responses to keyring queries. Each diff --git a/agent/structs/testing_connect_proxy_config.go b/agent/structs/testing_connect_proxy_config.go index 12124ba9a..ad918927a 100644 --- a/agent/structs/testing_connect_proxy_config.go +++ b/agent/structs/testing_connect_proxy_config.go @@ -1,6 +1,10 @@ package structs -import "github.com/mitchellh/go-testing-interface" +import ( + "github.com/mitchellh/go-testing-interface" + + "github.com/hashicorp/consul/acl" +) // TestConnectProxyConfig returns a ConnectProxyConfig representing a valid // Connect proxy. @@ -44,7 +48,7 @@ func TestUpstreams(t testing.T) Upstreams { // TestUpstreams) and adds default values that are populated during // registration. Use this for generating the expected Upstreams value after // registration. -func TestAddDefaultsToUpstreams(t testing.T, upstreams []Upstream, entMeta EnterpriseMeta) Upstreams { +func TestAddDefaultsToUpstreams(t testing.T, upstreams []Upstream, entMeta acl.EnterpriseMeta) Upstreams { ups := make([]Upstream, len(upstreams)) for i := range upstreams { ups[i] = upstreams[i] From 5b1e494fafa4441434e762502a1d90773d94f2ea Mon Sep 17 00:00:00 2001 From: Mark Anderson Date: Fri, 25 Mar 2022 11:27:28 -0700 Subject: [PATCH 088/785] Add script (REMOVE LATER) ' Signed-off-by: Mark Anderson --- fixup_acl_move.sh | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 fixup_acl_move.sh diff --git a/fixup_acl_move.sh b/fixup_acl_move.sh new file mode 100644 index 000000000..23da0a7cb --- /dev/null +++ b/fixup_acl_move.sh @@ -0,0 +1,24 @@ + +GOIMPORTS=~/go/bin/goimports + +CHANGED=(EnterpriseMeta PartitionOrDefault IsDefaultPartition NamespaceOrDefault NewEnterpriseMetaWithPartition EqualPartitions) + +DIRS=(agent command proto) + +for dir in "${DIRS[@]}" + do + echo "CD to $dir" + pushd $dir + for s in "${CHANGED[@]}" + do + REWRITE='structs.'$s' -> acl.'$s + echo "REPL $REWRITE" + gofmt -w -r="$REWRITE" . + done + popd +done + +git diff --name-only | xargs $GOIMPORTS -local "github.com/hashicorp/consul" -w + +make --always-make proto + From d652063d0a94174ff72e734a2a886d4f03afda49 Mon Sep 17 00:00:00 2001 From: Mark Anderson Date: Mon, 28 Mar 2022 18:45:12 -0700 Subject: [PATCH 089/785] SQ FIX Signed-off-by: Mark Anderson --- fixup_acl_move.sh | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/fixup_acl_move.sh b/fixup_acl_move.sh index 23da0a7cb..4fc428c0c 100644 --- a/fixup_acl_move.sh +++ b/fixup_acl_move.sh @@ -18,7 +18,15 @@ for dir in "${DIRS[@]}" popd done -git diff --name-only | xargs $GOIMPORTS -local "github.com/hashicorp/consul" -w +find . -name \*.go | xargs fgrep 'acl.' -l | xargs $GOIMPORTS -local "github.com/hashicorp/consul" -w make --always-make proto - + + +go get google.golang.org/protobuf/reflect/protoreflect +go get google.golang.org/protobuf/types/known/structpb +go get google.golang.org/protobuf/runtime/protoimpl +go get github.com/hashicorp/consul/agent/xds +go get github.com/hashicorp/consul/agent/structs +go get google.golang.org/protobuf + From 58ca8c8ed45d4e82d7b2d13ad90d040edbd7cff4 Mon Sep 17 00:00:00 2001 From: Mark Anderson Date: Mon, 28 Mar 2022 19:31:46 -0700 Subject: [PATCH 090/785] Fixup script 2 Signed-off-by: Mark Anderson --- fixup_acl_move.sh | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/fixup_acl_move.sh b/fixup_acl_move.sh index 4fc428c0c..e8fa2698a 100644 --- a/fixup_acl_move.sh +++ b/fixup_acl_move.sh @@ -21,12 +21,4 @@ done find . -name \*.go | xargs fgrep 'acl.' -l | xargs $GOIMPORTS -local "github.com/hashicorp/consul" -w make --always-make proto - - -go get google.golang.org/protobuf/reflect/protoreflect -go get google.golang.org/protobuf/types/known/structpb -go get google.golang.org/protobuf/runtime/protoimpl -go get github.com/hashicorp/consul/agent/xds -go get github.com/hashicorp/consul/agent/structs -go get google.golang.org/protobuf - +make go-mod-tidy From ed3e42296d911656342bf1d2db1e6c42f4d27a7a Mon Sep 17 00:00:00 2001 From: Mark Anderson Date: Tue, 5 Apr 2022 14:10:06 -0700 Subject: [PATCH 091/785] Fixup acl.EnterpriseMeta Signed-off-by: Mark Anderson --- agent/acl_test.go | 6 +- agent/agent.go | 20 +-- agent/agent_endpoint.go | 12 +- agent/agent_endpoint_oss.go | 4 +- agent/agent_endpoint_test.go | 2 +- agent/agent_oss.go | 7 +- agent/cache-types/connect_ca_leaf.go | 3 +- agent/cache-types/service_checks.go | 8 +- agent/check.go | 3 +- agent/checks/alias.go | 5 +- agent/checks/alias_test.go | 3 +- agent/config/config_oss.go | 7 +- agent/config_endpoint.go | 5 +- agent/config_endpoint_test.go | 3 +- agent/configentry/config_entry.go | 5 +- agent/connect/authz.go | 5 +- agent/connect/uri_agent.go | 4 +- agent/connect/uri_agent_oss.go | 6 +- agent/connect/uri_service.go | 8 +- agent/connect/uri_service_oss.go | 6 +- agent/connect_auth.go | 2 +- agent/consul/acl.go | 18 +-- agent/consul/acl_authmethod.go | 8 +- agent/consul/acl_endpoint.go | 6 +- agent/consul/acl_endpoint_oss.go | 10 +- agent/consul/acl_endpoint_test.go | 11 +- agent/consul/acl_oss.go | 4 +- agent/consul/acl_test.go | 3 +- agent/consul/authmethod/authmethods.go | 6 +- agent/consul/authmethod/kubeauth/k8s_oss.go | 7 +- agent/consul/authmethod/ssoauth/sso_oss.go | 4 +- agent/consul/authmethod/testauth/testing.go | 5 +- .../consul/authmethod/testauth/testing_oss.go | 6 +- agent/consul/auto_config_backend.go | 3 +- agent/consul/auto_config_endpoint.go | 6 +- agent/consul/catalog_endpoint_test.go | 5 +- agent/consul/client.go | 7 +- agent/consul/config_endpoint_test.go | 3 +- agent/consul/config_oss.go | 7 +- agent/consul/connect_ca_endpoint_test.go | 3 +- agent/consul/coordinate_endpoint_test.go | 5 +- agent/consul/discovery_chain_endpoint_test.go | 3 +- agent/consul/discoverychain/compile_oss.go | 7 +- agent/consul/enterprise_server_oss.go | 5 +- .../consul/federation_state_endpoint_test.go | 5 +- agent/consul/fsm/snapshot_oss_test.go | 3 +- agent/consul/health_endpoint_test.go | 3 +- agent/consul/helper_test.go | 10 +- agent/consul/intention_endpoint.go | 18 +-- agent/consul/intention_endpoint_test.go | 3 +- agent/consul/internal_endpoint.go | 2 +- agent/consul/internal_endpoint_test.go | 3 +- agent/consul/kvs_endpoint_test.go | 3 +- agent/consul/leader.go | 12 +- agent/consul/leader_connect_ca.go | 2 +- .../operator_autopilot_endpoint_test.go | 3 +- agent/consul/operator_raft_endpoint_test.go | 3 +- agent/consul/prepared_query_endpoint_test.go | 5 +- agent/consul/rpc_test.go | 4 +- agent/consul/serf_filter.go | 6 +- agent/consul/server.go | 6 +- agent/consul/server_oss.go | 7 +- agent/consul/server_overview.go | 6 +- agent/consul/session_endpoint_test.go | 3 +- agent/consul/session_ttl.go | 5 +- agent/consul/snapshot_endpoint_test.go | 3 +- agent/consul/state/acl.go | 95 ++++++------ agent/consul/state/acl_oss.go | 37 ++--- agent/consul/state/acl_oss_test.go | 7 +- agent/consul/state/acl_schema.go | 5 +- agent/consul/state/catalog.go | 142 +++++++++--------- agent/consul/state/catalog_events.go | 8 +- agent/consul/state/catalog_oss.go | 41 ++--- agent/consul/state/catalog_oss_test.go | 15 +- agent/consul/state/catalog_schema.go | 5 +- agent/consul/state/config_entry.go | 51 ++++--- agent/consul/state/config_entry_intention.go | 9 +- .../state/config_entry_intention_oss.go | 3 +- agent/consul/state/config_entry_oss.go | 11 +- agent/consul/state/config_entry_oss_test.go | 3 +- agent/consul/state/coordinate.go | 7 +- agent/consul/state/coordinate_oss.go | 5 +- agent/consul/state/coordinate_oss_test.go | 9 +- agent/consul/state/delay_oss.go | 7 +- agent/consul/state/graveyard.go | 6 +- agent/consul/state/graveyard_oss.go | 3 +- agent/consul/state/indexer.go | 3 +- agent/consul/state/intention.go | 6 +- agent/consul/state/intention_oss.go | 4 +- agent/consul/state/kvs.go | 25 +-- agent/consul/state/kvs_oss.go | 9 +- agent/consul/state/kvs_oss_test.go | 9 +- agent/consul/state/operations_oss.go | 4 +- agent/consul/state/query.go | 13 +- agent/consul/state/query_oss.go | 6 +- agent/consul/state/schema_oss.go | 4 +- agent/consul/state/session.go | 9 +- agent/consul/state/session_oss.go | 9 +- agent/consul/state/state_store.go | 3 +- agent/consul/state/state_store_test.go | 3 +- agent/consul/subscribe_backend.go | 2 +- agent/consul/txn_endpoint_test.go | 3 +- .../usagemetrics/usagemetrics_oss_test.go | 5 +- agent/delegate_mock_test.go | 6 +- agent/discovery_chain_endpoint.go | 3 +- agent/dns.go | 7 +- agent/dns_oss.go | 6 +- .../private/services/subscribe/subscribe.go | 6 +- .../services/subscribe/subscribe_test.go | 10 +- .../services/connectca/mock_ACLResolver.go | 9 +- .../grpc/public/services/connectca/server.go | 2 +- .../dataplane/get_supported_features.go | 5 +- .../dataplane/get_supported_features_test.go | 9 +- .../services/dataplane/mock_ACLResolver.go | 9 +- .../grpc/public/services/dataplane/server.go | 8 +- agent/grpc/public/testutils/acl.go | 3 +- agent/http_oss.go | 7 +- agent/intentions_endpoint.go | 23 +-- agent/intentions_endpoint_test.go | 3 +- agent/local/state.go | 24 +-- agent/local/state_test.go | 6 +- agent/operator_endpoint.go | 3 +- agent/proxycfg/manager_test.go | 5 +- agent/proxycfg/naming.go | 9 +- agent/proxycfg/naming_oss.go | 5 +- agent/proxycfg/snapshot.go | 4 +- agent/proxycfg/state_test.go | 7 +- agent/proxycfg/testing_ingress_gateway.go | 7 +- agent/proxycfg/upstreams.go | 7 +- agent/structs/acl_cache_test.go | 3 +- agent/structs/check_definition.go | 3 +- agent/structs/config_entry.go | 3 +- agent/structs/config_entry_test.go | 3 +- agent/structs/discovery_chain.go | 3 +- agent/structs/structs.go | 9 +- agent/submatview/store_integration_test.go | 2 +- agent/txn_endpoint.go | 7 +- agent/ui_endpoint.go | 6 +- agent/xds/endpoints.go | 3 +- agent/xds/listeners.go | 3 +- agent/xds/server_oss.go | 3 +- .../bindingrule/delete/bindingrule_delete.go | 3 +- .../bindingrule/update/bindingrule_update.go | 3 +- command/acl/policy/create/policy_create.go | 3 +- command/acl/policy/delete/policy_delete.go | 3 +- command/acl/policy/read/policy_read.go | 3 +- command/acl/policy/update/policy_update.go | 3 +- command/acl/role/create/role_create.go | 3 +- command/acl/role/delete/role_delete.go | 3 +- command/acl/role/read/role_read.go | 3 +- command/acl/role/update/role_update.go | 3 +- command/acl/rules/translate.go | 3 +- command/acl/token/clone/token_clone.go | 3 +- command/acl/token/create/token_create.go | 3 +- command/acl/token/delete/token_delete.go | 3 +- command/acl/token/formatter.go | 3 +- command/acl/token/read/token_read.go | 3 +- command/acl/token/update/token_update.go | 3 +- command/keyring/keyring.go | 4 +- command/logout/logout_test.go | 7 +- command/members/members.go | 4 +- proto/pbcommon/common_oss.go | 10 +- proto/pbconnect/connect.go | 7 +- proto/pbservice/convert_oss.go | 8 +- proto/pbservice/convert_oss_test.go | 4 +- 165 files changed, 717 insertions(+), 586 deletions(-) diff --git a/agent/acl_test.go b/agent/acl_test.go index 539cf5c07..995a3b6e6 100644 --- a/agent/acl_test.go +++ b/agent/acl_test.go @@ -92,7 +92,7 @@ func (a *TestACLAgent) ResolveToken(secretID string) (acl.Authorizer, error) { return authz, err } -func (a *TestACLAgent) ResolveTokenAndDefaultMeta(secretID string, entMeta *structs.EnterpriseMeta, authzContext *acl.AuthorizerContext) (consul.ACLResolveResult, error) { +func (a *TestACLAgent) ResolveTokenAndDefaultMeta(secretID string, entMeta *acl.EnterpriseMeta, authzContext *acl.AuthorizerContext) (consul.ACLResolveResult, error) { authz, err := a.ResolveToken(secretID) if err != nil { return consul.ACLResolveResult{}, err @@ -133,10 +133,10 @@ func (a *TestACLAgent) LANMembers(f consul.LANMemberFilter) ([]serf.Member, erro func (a *TestACLAgent) AgentLocalMember() serf.Member { return serf.Member{} } -func (a *TestACLAgent) JoinLAN(addrs []string, entMeta *structs.EnterpriseMeta) (n int, err error) { +func (a *TestACLAgent) JoinLAN(addrs []string, entMeta *acl.EnterpriseMeta) (n int, err error) { return 0, fmt.Errorf("Unimplemented") } -func (a *TestACLAgent) RemoveFailedNode(node string, prune bool, entMeta *structs.EnterpriseMeta) error { +func (a *TestACLAgent) RemoveFailedNode(node string, prune bool, entMeta *acl.EnterpriseMeta) error { return fmt.Errorf("Unimplemented") } func (a *TestACLAgent) RPC(method string, args interface{}, reply interface{}) error { diff --git a/agent/agent.go b/agent/agent.go index 91d42cb73..c08316fd8 100644 --- a/agent/agent.go +++ b/agent/agent.go @@ -164,16 +164,16 @@ type delegate interface { // JoinLAN is used to have Consul join the inner-DC pool The target address // should be another node inside the DC listening on the Serf LAN address - JoinLAN(addrs []string, entMeta *structs.EnterpriseMeta) (n int, err error) + JoinLAN(addrs []string, entMeta *acl.EnterpriseMeta) (n int, err error) // RemoveFailedNode is used to remove a failed node from the cluster. - RemoveFailedNode(node string, prune bool, entMeta *structs.EnterpriseMeta) error + RemoveFailedNode(node string, prune bool, entMeta *acl.EnterpriseMeta) error // ResolveTokenAndDefaultMeta returns an acl.Authorizer which authorizes // actions based on the permissions granted to the token. // If either entMeta or authzContext are non-nil they will be populated with the // default partition and namespace from the token. - ResolveTokenAndDefaultMeta(token string, entMeta *structs.EnterpriseMeta, authzContext *acl.AuthorizerContext) (consul.ACLResolveResult, error) + ResolveTokenAndDefaultMeta(token string, entMeta *acl.EnterpriseMeta, authzContext *acl.AuthorizerContext) (consul.ACLResolveResult, error) RPC(method string, args interface{}, reply interface{}) error SnapshotRPC(args *structs.SnapshotRequest, in io.Reader, out io.Writer, replyFn structs.SnapshotReplyFn) error @@ -1536,7 +1536,7 @@ func (a *Agent) ShutdownCh() <-chan struct{} { } // JoinLAN is used to have the agent join a LAN cluster -func (a *Agent) JoinLAN(addrs []string, entMeta *structs.EnterpriseMeta) (n int, err error) { +func (a *Agent) JoinLAN(addrs []string, entMeta *acl.EnterpriseMeta) (n int, err error) { a.logger.Info("(LAN) joining", "lan_addresses", addrs) n, err = a.delegate.JoinLAN(addrs, entMeta) if err == nil { @@ -1603,7 +1603,7 @@ func (a *Agent) RefreshPrimaryGatewayFallbackAddresses(addrs []string) error { } // ForceLeave is used to remove a failed node from the cluster -func (a *Agent) ForceLeave(node string, prune bool, entMeta *structs.EnterpriseMeta) error { +func (a *Agent) ForceLeave(node string, prune bool, entMeta *acl.EnterpriseMeta) error { a.logger.Info("Force leaving node", "node", node) err := a.delegate.RemoveFailedNode(node, prune, entMeta) @@ -1617,7 +1617,7 @@ func (a *Agent) ForceLeave(node string, prune bool, entMeta *structs.EnterpriseM } // ForceLeaveWAN is used to remove a failed node from the WAN cluster -func (a *Agent) ForceLeaveWAN(node string, prune bool, entMeta *structs.EnterpriseMeta) error { +func (a *Agent) ForceLeaveWAN(node string, prune bool, entMeta *acl.EnterpriseMeta) error { a.logger.Info("(WAN) Force leaving node", "node", node) srv, ok := a.delegate.(*consul.Server) @@ -1923,7 +1923,7 @@ func (a *Agent) purgeCheck(checkID structs.CheckID) error { type persistedServiceConfig struct { ServiceID string Defaults *structs.ServiceConfigResponse - structs.EnterpriseMeta + acl.EnterpriseMeta } func (a *Agent) makeServiceConfigFilePath(serviceID structs.ServiceID) string { @@ -2017,7 +2017,7 @@ func (a *Agent) readPersistedServiceConfigs() (map[structs.ServiceID]*structs.Se } } - if !structs.EqualPartitions(a.AgentEnterpriseMeta().PartitionOrDefault(), p.PartitionOrDefault()) { + if !acl.EqualPartitions(a.AgentEnterpriseMeta().PartitionOrDefault(), p.PartitionOrDefault()) { a.logger.Info("Purging service config file in wrong partition", "file", file, "partition", p.PartitionOrDefault(), @@ -3390,7 +3390,7 @@ func (a *Agent) loadServices(conf *config.RuntimeConfig, snap map[structs.CheckI } } - if !structs.EqualPartitions(a.AgentEnterpriseMeta().PartitionOrDefault(), p.Service.PartitionOrDefault()) { + if !acl.EqualPartitions(a.AgentEnterpriseMeta().PartitionOrDefault(), p.Service.PartitionOrDefault()) { a.logger.Info("Purging service file in wrong partition", "file", file, "partition", p.Service.EnterpriseMeta.PartitionOrDefault(), @@ -3546,7 +3546,7 @@ func (a *Agent) loadChecks(conf *config.RuntimeConfig, snap map[structs.CheckID] } } - if !structs.EqualPartitions(a.AgentEnterpriseMeta().PartitionOrDefault(), p.Check.PartitionOrDefault()) { + if !acl.EqualPartitions(a.AgentEnterpriseMeta().PartitionOrDefault(), p.Check.PartitionOrDefault()) { a.logger.Info("Purging check file in wrong partition", "file", file, "partition", p.Check.PartitionOrDefault(), diff --git a/agent/agent_endpoint.go b/agent/agent_endpoint.go index 67158f87a..d9a516f96 100644 --- a/agent/agent_endpoint.go +++ b/agent/agent_endpoint.go @@ -308,7 +308,7 @@ func (s *HTTPHandlers) AgentServices(resp http.ResponseWriter, req *http.Request var token string s.parseToken(req, &token) - var entMeta structs.EnterpriseMeta + var entMeta acl.EnterpriseMeta if err := s.parseEntMetaNoWildcard(req, &entMeta); err != nil { return nil, err } @@ -397,7 +397,7 @@ func (s *HTTPHandlers) AgentService(resp http.ResponseWriter, req *http.Request) var token string s.parseToken(req, &token) - var entMeta structs.EnterpriseMeta + var entMeta acl.EnterpriseMeta if err := s.parseEntMetaNoWildcard(req, &entMeta); err != nil { return nil, err } @@ -471,7 +471,7 @@ func (s *HTTPHandlers) AgentChecks(resp http.ResponseWriter, req *http.Request) var token string s.parseToken(req, &token) - var entMeta structs.EnterpriseMeta + var entMeta acl.EnterpriseMeta if err := s.parseEntMetaNoWildcard(req, &entMeta); err != nil { return nil, err } @@ -576,7 +576,7 @@ func (s *HTTPHandlers) AgentMembers(resp http.ResponseWriter, req *http.Request) // Older 'consul members' calls will default to adding segment=_all // so we only choose to use that request argument in the case where // the partition is also the default and ignore it the rest of the time. - if structs.IsDefaultPartition(filter.Partition) { + if acl.IsDefaultPartition(filter.Partition) { filter.AllSegments = true } } else { @@ -984,7 +984,7 @@ func (s *HTTPHandlers) AgentHealthServiceByID(resp http.ResponseWriter, req *htt return nil, &BadRequestError{Reason: "Missing serviceID"} } - var entMeta structs.EnterpriseMeta + var entMeta acl.EnterpriseMeta if err := s.parseEntMetaNoWildcard(req, &entMeta); err != nil { return nil, err } @@ -1046,7 +1046,7 @@ func (s *HTTPHandlers) AgentHealthServiceByName(resp http.ResponseWriter, req *h return nil, &BadRequestError{Reason: "Missing service Name"} } - var entMeta structs.EnterpriseMeta + var entMeta acl.EnterpriseMeta if err := s.parseEntMetaNoWildcard(req, &entMeta); err != nil { return nil, err } diff --git a/agent/agent_endpoint_oss.go b/agent/agent_endpoint_oss.go index 2c6585a4b..b775b5e79 100644 --- a/agent/agent_endpoint_oss.go +++ b/agent/agent_endpoint_oss.go @@ -6,9 +6,9 @@ package agent import ( "net/http" - "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/acl" ) -func (s *HTTPHandlers) validateRequestPartition(_ http.ResponseWriter, _ *structs.EnterpriseMeta) bool { +func (s *HTTPHandlers) validateRequestPartition(_ http.ResponseWriter, _ *acl.EnterpriseMeta) bool { return true } diff --git a/agent/agent_endpoint_test.go b/agent/agent_endpoint_test.go index 70840f950..103243497 100644 --- a/agent/agent_endpoint_test.go +++ b/agent/agent_endpoint_test.go @@ -1640,7 +1640,7 @@ type fakeResolveTokenDelegate struct { authorizer acl.Authorizer } -func (f fakeResolveTokenDelegate) ResolveTokenAndDefaultMeta(_ string, _ *structs.EnterpriseMeta, _ *acl.AuthorizerContext) (consul.ACLResolveResult, error) { +func (f fakeResolveTokenDelegate) ResolveTokenAndDefaultMeta(_ string, _ *acl.EnterpriseMeta, _ *acl.AuthorizerContext) (consul.ACLResolveResult, error) { return consul.ACLResolveResult{Authorizer: f.authorizer}, nil } diff --git a/agent/agent_oss.go b/agent/agent_oss.go index b9b1f91dc..43de920a5 100644 --- a/agent/agent_oss.go +++ b/agent/agent_oss.go @@ -6,6 +6,7 @@ package agent import ( "context" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/config" "github.com/hashicorp/consul/agent/consul" "github.com/hashicorp/consul/agent/structs" @@ -16,10 +17,10 @@ import ( type enterpriseAgent struct{} // fillAgentServiceEnterpriseMeta is a noop stub for the func defined agent_ent.go -func fillAgentServiceEnterpriseMeta(_ *api.AgentService, _ *structs.EnterpriseMeta) {} +func fillAgentServiceEnterpriseMeta(_ *api.AgentService, _ *acl.EnterpriseMeta) {} // fillHealthCheckEnterpriseMeta is a noop stub for the func defined agent_ent.go -func fillHealthCheckEnterpriseMeta(_ *api.HealthCheck, _ *structs.EnterpriseMeta) {} +func fillHealthCheckEnterpriseMeta(_ *api.HealthCheck, _ *acl.EnterpriseMeta) {} // initEnterprise is a noop stub for the func defined agent_ent.go func (a *Agent) initEnterprise(consulCfg *consul.Config) error { @@ -52,7 +53,7 @@ func (a *Agent) enterpriseStats() map[string]map[string]string { return nil } -func (a *Agent) AgentEnterpriseMeta() *structs.EnterpriseMeta { +func (a *Agent) AgentEnterpriseMeta() *acl.EnterpriseMeta { return structs.NodeEnterpriseMetaInDefaultPartition() } diff --git a/agent/cache-types/connect_ca_leaf.go b/agent/cache-types/connect_ca_leaf.go index 1950ef756..3b382573a 100644 --- a/agent/cache-types/connect_ca_leaf.go +++ b/agent/cache-types/connect_ca_leaf.go @@ -11,6 +11,7 @@ import ( "github.com/mitchellh/hashstructure" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/lib" "github.com/hashicorp/consul/agent/cache" @@ -672,7 +673,7 @@ type ConnectCALeafRequest struct { MaxQueryTime time.Duration MustRevalidate bool - structs.EnterpriseMeta + acl.EnterpriseMeta } func (r *ConnectCALeafRequest) Key() string { diff --git a/agent/cache-types/service_checks.go b/agent/cache-types/service_checks.go index 9c0b7f253..a42cb3a8e 100644 --- a/agent/cache-types/service_checks.go +++ b/agent/cache-types/service_checks.go @@ -5,11 +5,13 @@ import ( "strconv" "time" + "github.com/hashicorp/go-memdb" + "github.com/mitchellh/hashstructure" + + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/cache" "github.com/hashicorp/consul/agent/local" "github.com/hashicorp/consul/agent/structs" - "github.com/hashicorp/go-memdb" - "github.com/mitchellh/hashstructure" ) // Recommended name for registration. @@ -103,7 +105,7 @@ type ServiceHTTPChecksRequest struct { ServiceID string MinQueryIndex uint64 MaxQueryTime time.Duration - structs.EnterpriseMeta + acl.EnterpriseMeta } func (s *ServiceHTTPChecksRequest) CacheInfo() cache.RequestInfo { diff --git a/agent/check.go b/agent/check.go index 8f8bd5d08..da70a8005 100644 --- a/agent/check.go +++ b/agent/check.go @@ -1,6 +1,7 @@ package agent import ( + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/types" ) @@ -23,5 +24,5 @@ type persistedCheckState struct { Output string Status string Expires int64 - structs.EnterpriseMeta + acl.EnterpriseMeta } diff --git a/agent/checks/alias.go b/agent/checks/alias.go index 3cbb8ed82..9553745af 100644 --- a/agent/checks/alias.go +++ b/agent/checks/alias.go @@ -6,6 +6,7 @@ import ( "sync" "time" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" ) @@ -35,7 +36,7 @@ type CheckAlias struct { stopLock sync.Mutex stopWg sync.WaitGroup - structs.EnterpriseMeta + acl.EnterpriseMeta } // AliasNotifier is a CheckNotifier specifically for the Alias check. @@ -46,7 +47,7 @@ type AliasNotifier interface { AddAliasCheck(structs.CheckID, structs.ServiceID, chan<- struct{}) error RemoveAliasCheck(structs.CheckID, structs.ServiceID) - Checks(*structs.EnterpriseMeta) map[structs.CheckID]*structs.HealthCheck + Checks(*acl.EnterpriseMeta) map[structs.CheckID]*structs.HealthCheck } // Start is used to start the check, runs until Stop() func (c *CheckAlias) Start() { diff --git a/agent/checks/alias_test.go b/agent/checks/alias_test.go index 941ffbc7c..673e83304 100644 --- a/agent/checks/alias_test.go +++ b/agent/checks/alias_test.go @@ -7,6 +7,7 @@ import ( "testing" "time" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/mock" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" @@ -523,7 +524,7 @@ func (m *mockAliasNotify) AddAliasCheck(chkID structs.CheckID, serviceID structs func (m *mockAliasNotify) RemoveAliasCheck(chkID structs.CheckID, serviceID structs.ServiceID) { } -func (m *mockAliasNotify) Checks(*structs.EnterpriseMeta) map[structs.CheckID]*structs.HealthCheck { +func (m *mockAliasNotify) Checks(*acl.EnterpriseMeta) map[structs.CheckID]*structs.HealthCheck { return nil } diff --git a/agent/config/config_oss.go b/agent/config/config_oss.go index 7e061b8e5..5a297cacc 100644 --- a/agent/config/config_oss.go +++ b/agent/config/config_oss.go @@ -3,11 +3,14 @@ package config -import "github.com/hashicorp/consul/agent/structs" +import ( + "github.com/hashicorp/consul/acl" + "github.com/hashicorp/consul/agent/structs" +) // EnterpriseMeta stub type EnterpriseMeta struct{} -func (_ *EnterpriseMeta) ToStructs() structs.EnterpriseMeta { +func (_ *EnterpriseMeta) ToStructs() acl.EnterpriseMeta { return *structs.DefaultEnterpriseMetaInDefaultPartition() } diff --git a/agent/config_endpoint.go b/agent/config_endpoint.go index 4bd96d436..637b8ab91 100644 --- a/agent/config_endpoint.go +++ b/agent/config_endpoint.go @@ -6,6 +6,7 @@ import ( "strconv" "strings" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" ) @@ -148,7 +149,7 @@ func (s *HTTPHandlers) ConfigApply(resp http.ResponseWriter, req *http.Request) } // Parse enterprise meta. - var meta structs.EnterpriseMeta + var meta acl.EnterpriseMeta if err := s.parseEntMetaForConfigEntryKind(args.Entry.GetKind(), req, &meta); err != nil { return nil, err } @@ -172,7 +173,7 @@ func (s *HTTPHandlers) ConfigApply(resp http.ResponseWriter, req *http.Request) return reply, nil } -func (s *HTTPHandlers) parseEntMetaForConfigEntryKind(kind string, req *http.Request, entMeta *structs.EnterpriseMeta) error { +func (s *HTTPHandlers) parseEntMetaForConfigEntryKind(kind string, req *http.Request, entMeta *acl.EnterpriseMeta) error { if kind == structs.ServiceIntentions { return s.parseEntMeta(req, entMeta) } diff --git a/agent/config_endpoint_test.go b/agent/config_endpoint_test.go index 3518d045e..949b6be11 100644 --- a/agent/config_endpoint_test.go +++ b/agent/config_endpoint_test.go @@ -10,6 +10,7 @@ import ( "github.com/pkg/errors" "github.com/stretchr/testify/require" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/testrpc" ) @@ -119,7 +120,7 @@ func TestConfig_Get(t *testing.T) { // Set indexes and EnterpriseMeta to expected values for assertions ce.CreateIndex = 12 ce.ModifyIndex = 13 - ce.EnterpriseMeta = structs.EnterpriseMeta{} + ce.EnterpriseMeta = acl.EnterpriseMeta{} out, err := a.srv.marshalJSON(req, obj) require.NoError(t, err) diff --git a/agent/configentry/config_entry.go b/agent/configentry/config_entry.go index 7ede09358..a34a197c4 100644 --- a/agent/configentry/config_entry.go +++ b/agent/configentry/config_entry.go @@ -1,6 +1,7 @@ package configentry import ( + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" ) @@ -11,7 +12,7 @@ import ( type KindName struct { Kind string Name string - structs.EnterpriseMeta + acl.EnterpriseMeta } // NewKindName returns a new KindName. The EnterpriseMeta values will be @@ -19,7 +20,7 @@ type KindName struct { // // Any caller which modifies the EnterpriseMeta field must call Normalize // before persisting or using the value as a map key. -func NewKindName(kind, name string, entMeta *structs.EnterpriseMeta) KindName { +func NewKindName(kind, name string, entMeta *acl.EnterpriseMeta) KindName { ret := KindName{ Kind: kind, Name: name, diff --git a/agent/connect/authz.go b/agent/connect/authz.go index ead804174..f3beb1be6 100644 --- a/agent/connect/authz.go +++ b/agent/connect/authz.go @@ -1,6 +1,7 @@ package connect import ( + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" ) @@ -18,7 +19,7 @@ func AuthorizeIntentionTarget( switch matchType { case structs.IntentionMatchDestination: - if structs.PartitionOrDefault(ixn.DestinationPartition) != structs.PartitionOrDefault(targetAP) { + if acl.PartitionOrDefault(ixn.DestinationPartition) != acl.PartitionOrDefault(targetAP) { return false, false } @@ -33,7 +34,7 @@ func AuthorizeIntentionTarget( } case structs.IntentionMatchSource: - if structs.PartitionOrDefault(ixn.SourcePartition) != structs.PartitionOrDefault(targetAP) { + if acl.PartitionOrDefault(ixn.SourcePartition) != acl.PartitionOrDefault(targetAP) { return false, false } diff --git a/agent/connect/uri_agent.go b/agent/connect/uri_agent.go index 3d144b016..fb86614cd 100644 --- a/agent/connect/uri_agent.go +++ b/agent/connect/uri_agent.go @@ -3,7 +3,7 @@ package connect import ( "net/url" - "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/acl" ) // SpiffeIDService is the structure to represent the SPIFFE ID for an agent. @@ -15,7 +15,7 @@ type SpiffeIDAgent struct { } func (id SpiffeIDAgent) PartitionOrDefault() string { - return structs.PartitionOrDefault(id.Partition) + return acl.PartitionOrDefault(id.Partition) } // URI returns the *url.URL for this SPIFFE ID. diff --git a/agent/connect/uri_agent_oss.go b/agent/connect/uri_agent_oss.go index 1ae6f18c3..e24f9b560 100644 --- a/agent/connect/uri_agent_oss.go +++ b/agent/connect/uri_agent_oss.go @@ -6,13 +6,13 @@ package connect import ( "fmt" - "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/acl" ) // GetEnterpriseMeta will synthesize an EnterpriseMeta struct from the SpiffeIDAgent. // in OSS this just returns an empty (but never nil) struct pointer -func (id SpiffeIDAgent) GetEnterpriseMeta() *structs.EnterpriseMeta { - return &structs.EnterpriseMeta{} +func (id SpiffeIDAgent) GetEnterpriseMeta() *acl.EnterpriseMeta { + return &acl.EnterpriseMeta{} } func (id SpiffeIDAgent) uriPath() string { diff --git a/agent/connect/uri_service.go b/agent/connect/uri_service.go index 82ce662f6..34c55a92c 100644 --- a/agent/connect/uri_service.go +++ b/agent/connect/uri_service.go @@ -3,7 +3,7 @@ package connect import ( "net/url" - "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/acl" ) // SpiffeIDService is the structure to represent the SPIFFE ID for a service. @@ -16,15 +16,15 @@ type SpiffeIDService struct { } func (id SpiffeIDService) NamespaceOrDefault() string { - return structs.NamespaceOrDefault(id.Namespace) + return acl.NamespaceOrDefault(id.Namespace) } func (id SpiffeIDService) MatchesPartition(partition string) bool { - return id.PartitionOrDefault() == structs.PartitionOrDefault(partition) + return id.PartitionOrDefault() == acl.PartitionOrDefault(partition) } func (id SpiffeIDService) PartitionOrDefault() string { - return structs.PartitionOrDefault(id.Partition) + return acl.PartitionOrDefault(id.Partition) } // URI returns the *url.URL for this SPIFFE ID. diff --git a/agent/connect/uri_service_oss.go b/agent/connect/uri_service_oss.go index 8270f96c2..a20074e84 100644 --- a/agent/connect/uri_service_oss.go +++ b/agent/connect/uri_service_oss.go @@ -6,13 +6,13 @@ package connect import ( "fmt" - "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/acl" ) // GetEnterpriseMeta will synthesize an EnterpriseMeta struct from the SpiffeIDService. // in OSS this just returns an empty (but never nil) struct pointer -func (id SpiffeIDService) GetEnterpriseMeta() *structs.EnterpriseMeta { - return &structs.EnterpriseMeta{} +func (id SpiffeIDService) GetEnterpriseMeta() *acl.EnterpriseMeta { + return &acl.EnterpriseMeta{} } func (id SpiffeIDService) uriPath() string { diff --git a/agent/connect_auth.go b/agent/connect_auth.go index bc89d50af..9bd8a46eb 100644 --- a/agent/connect_auth.go +++ b/agent/connect_auth.go @@ -72,7 +72,7 @@ func (a *Agent) ConnectAuthorize(token string, if !uriService.MatchesPartition(req.TargetPartition()) { reason = fmt.Sprintf("Mismatched partitions: %q != %q", uriService.PartitionOrDefault(), - structs.PartitionOrDefault(req.TargetPartition())) + acl.PartitionOrDefault(req.TargetPartition())) return false, reason, nil, nil } diff --git a/agent/consul/acl.go b/agent/consul/acl.go index 8b3d4e55e..2c4264223 100644 --- a/agent/consul/acl.go +++ b/agent/consul/acl.go @@ -108,7 +108,7 @@ func (id *missingIdentity) IsLocal() bool { return false } -func (id *missingIdentity) EnterpriseMetadata() *structs.EnterpriseMeta { +func (id *missingIdentity) EnterpriseMetadata() *acl.EnterpriseMeta { return structs.DefaultEnterpriseMetaInDefaultPartition() } @@ -182,7 +182,7 @@ type ACLResolverSettings struct { ACLsEnabled bool Datacenter string NodeName string - EnterpriseMeta structs.EnterpriseMeta + EnterpriseMeta acl.EnterpriseMeta // ACLPolicyTTL is used to control the time-to-live of cached ACL policies. This has // a major impact on performance. By default, it is set to 30 seconds. @@ -264,7 +264,7 @@ type ACLResolver struct { agentRecoveryAuthz acl.Authorizer } -func agentRecoveryAuthorizer(nodeName string, entMeta *structs.EnterpriseMeta, aclConf *acl.Config) (acl.Authorizer, error) { +func agentRecoveryAuthorizer(nodeName string, entMeta *acl.EnterpriseMeta, aclConf *acl.Config) (acl.Authorizer, error) { var conf acl.Config if aclConf != nil { conf = *aclConf @@ -638,7 +638,7 @@ func (r *ACLResolver) resolvePoliciesForIdentity(identity structs.ACLIdentity) ( return filtered, nil } -func (r *ACLResolver) synthesizePoliciesForServiceIdentities(serviceIdentities []*structs.ACLServiceIdentity, entMeta *structs.EnterpriseMeta) []*structs.ACLPolicy { +func (r *ACLResolver) synthesizePoliciesForServiceIdentities(serviceIdentities []*structs.ACLServiceIdentity, entMeta *acl.EnterpriseMeta) []*structs.ACLPolicy { if len(serviceIdentities) == 0 { return nil } @@ -651,7 +651,7 @@ func (r *ACLResolver) synthesizePoliciesForServiceIdentities(serviceIdentities [ return syntheticPolicies } -func (r *ACLResolver) synthesizePoliciesForNodeIdentities(nodeIdentities []*structs.ACLNodeIdentity, entMeta *structs.EnterpriseMeta) []*structs.ACLPolicy { +func (r *ACLResolver) synthesizePoliciesForNodeIdentities(nodeIdentities []*structs.ACLNodeIdentity, entMeta *acl.EnterpriseMeta) []*structs.ACLPolicy { if len(nodeIdentities) == 0 { return nil } @@ -676,7 +676,7 @@ type plainACLResolver struct { func (r plainACLResolver) ResolveTokenAndDefaultMeta( token string, - entMeta *structs.EnterpriseMeta, + entMeta *acl.EnterpriseMeta, authzContext *acl.AuthorizerContext, ) (acl.Authorizer, error) { // ACLResolver.ResolveTokenAndDefaultMeta returns a ACLResolveResult which @@ -1174,14 +1174,14 @@ func (r *ACLResolver) ACLsEnabled() bool { return true } -func (r *ACLResolver) ResolveTokenAndDefaultMeta(token string, entMeta *structs.EnterpriseMeta, authzContext *acl.AuthorizerContext) (ACLResolveResult, error) { +func (r *ACLResolver) ResolveTokenAndDefaultMeta(token string, entMeta *acl.EnterpriseMeta, authzContext *acl.AuthorizerContext) (ACLResolveResult, error) { result, err := r.ResolveToken(token) if err != nil { return ACLResolveResult{}, err } if entMeta == nil { - entMeta = &structs.EnterpriseMeta{} + entMeta = &acl.EnterpriseMeta{} } // Default the EnterpriseMeta based on the Tokens meta or actual defaults @@ -1279,7 +1279,7 @@ func (f *aclFilter) filterHealthChecks(checks *structs.HealthChecks) bool { // filterServices is used to filter a set of services based on ACLs. Returns // true if any elements were removed. -func (f *aclFilter) filterServices(services structs.Services, entMeta *structs.EnterpriseMeta) bool { +func (f *aclFilter) filterServices(services structs.Services, entMeta *acl.EnterpriseMeta) bool { var authzContext acl.AuthorizerContext entMeta.FillAuthzContext(&authzContext) diff --git a/agent/consul/acl_authmethod.go b/agent/consul/acl_authmethod.go index b901ce131..34035e159 100644 --- a/agent/consul/acl_authmethod.go +++ b/agent/consul/acl_authmethod.go @@ -3,9 +3,11 @@ package consul import ( "fmt" + "github.com/hashicorp/go-bexpr" + + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/consul/authmethod" "github.com/hashicorp/consul/agent/structs" - "github.com/hashicorp/go-bexpr" // register these as a builtin auth method _ "github.com/hashicorp/consul/agent/consul/authmethod/awsauth" @@ -51,8 +53,8 @@ type aclBindings struct { func (s *Server) evaluateRoleBindings( validator authmethod.Validator, verifiedIdentity *authmethod.Identity, - methodMeta *structs.EnterpriseMeta, - targetMeta *structs.EnterpriseMeta, + methodMeta *acl.EnterpriseMeta, + targetMeta *acl.EnterpriseMeta, ) (*aclBindings, error) { // Only fetch rules that are relevant for this method. _, rules, err := s.fsm.State().ACLBindingRuleList(nil, validator.Name(), methodMeta) diff --git a/agent/consul/acl_endpoint.go b/agent/consul/acl_endpoint.go index bac938dfa..77ca6edf3 100644 --- a/agent/consul/acl_endpoint.go +++ b/agent/consul/acl_endpoint.go @@ -1000,7 +1000,7 @@ func (a *ACL) TokenList(args *structs.ACLTokenListRequest, reply *structs.ACLTok } var authzContext acl.AuthorizerContext - var requestMeta structs.EnterpriseMeta + var requestMeta acl.EnterpriseMeta authz, err := a.srv.ResolveTokenAndDefaultMeta(args.Token, &requestMeta, &authzContext) if err != nil { return err @@ -1012,7 +1012,7 @@ func (a *ACL) TokenList(args *structs.ACLTokenListRequest, reply *structs.ACLTok return err } - var methodMeta *structs.EnterpriseMeta + var methodMeta *acl.EnterpriseMeta if args.AuthMethod != "" { methodMeta = args.ACLAuthMethodEnterpriseMeta.ToEnterpriseMeta() // attempt to merge in the overall meta, wildcards will not be merged @@ -2449,7 +2449,7 @@ func (a *ACL) Login(args *structs.ACLLoginRequest, reply *structs.ACLToken) erro func (a *ACL) tokenSetFromAuthMethod( method *structs.ACLAuthMethod, - entMeta *structs.EnterpriseMeta, + entMeta *acl.EnterpriseMeta, tokenDescriptionPrefix string, tokenMetadata map[string]string, validator authmethod.Validator, diff --git a/agent/consul/acl_endpoint_oss.go b/agent/consul/acl_endpoint_oss.go index 3cc9e35d4..e218826a6 100644 --- a/agent/consul/acl_endpoint_oss.go +++ b/agent/consul/acl_endpoint_oss.go @@ -4,10 +4,12 @@ package consul import ( + memdb "github.com/hashicorp/go-memdb" + + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/consul/authmethod" "github.com/hashicorp/consul/agent/consul/state" "github.com/hashicorp/consul/agent/structs" - memdb "github.com/hashicorp/go-memdb" ) func (a *ACL) tokenUpsertValidateEnterprise(token *structs.ACLToken, existing *structs.ACLToken) error { @@ -36,10 +38,10 @@ func enterpriseAuthMethodValidation(method *structs.ACLAuthMethod, validator aut func computeTargetEnterpriseMeta( method *structs.ACLAuthMethod, verifiedIdentity *authmethod.Identity, -) (*structs.EnterpriseMeta, error) { - return &structs.EnterpriseMeta{}, nil +) (*acl.EnterpriseMeta, error) { + return &acl.EnterpriseMeta{}, nil } -func getTokenNamespaceDefaults(ws memdb.WatchSet, state *state.Store, entMeta *structs.EnterpriseMeta) ([]string, []string, error) { +func getTokenNamespaceDefaults(ws memdb.WatchSet, state *state.Store, entMeta *acl.EnterpriseMeta) ([]string, []string, error) { return nil, nil, nil } diff --git a/agent/consul/acl_endpoint_test.go b/agent/consul/acl_endpoint_test.go index 637872070..1ceb3a0a2 100644 --- a/agent/consul/acl_endpoint_test.go +++ b/agent/consul/acl_endpoint_test.go @@ -9,12 +9,13 @@ import ( "testing" "time" - msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" - "github.com/hashicorp/consul-net-rpc/net/rpc" uuid "github.com/hashicorp/go-uuid" "github.com/stretchr/testify/require" "gopkg.in/square/go-jose.v2/jwt" + msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" + "github.com/hashicorp/consul-net-rpc/net/rpc" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/consul/authmethod/kubeauth" "github.com/hashicorp/consul/agent/consul/authmethod/testauth" @@ -5415,7 +5416,7 @@ func TestValidateBindingRuleBindName(t *testing.T) { // upsertTestToken creates a token for testing purposes func upsertTestTokenInEntMeta(codec rpc.ClientCodec, initialManagementToken string, datacenter string, - tokenModificationFn func(token *structs.ACLToken), entMeta *structs.EnterpriseMeta) (*structs.ACLToken, error) { + tokenModificationFn func(token *structs.ACLToken), entMeta *acl.EnterpriseMeta) (*structs.ACLToken, error) { if entMeta == nil { entMeta = structs.DefaultEnterpriseMetaInDefaultPartition() } @@ -5455,7 +5456,7 @@ func upsertTestToken(codec rpc.ClientCodec, initialManagementToken string, datac tokenModificationFn, structs.DefaultEnterpriseMetaInDefaultPartition()) } -func upsertTestTokenWithPolicyRulesInEntMeta(codec rpc.ClientCodec, initialManagementToken string, datacenter string, rules string, entMeta *structs.EnterpriseMeta) (*structs.ACLToken, error) { +func upsertTestTokenWithPolicyRulesInEntMeta(codec rpc.ClientCodec, initialManagementToken string, datacenter string, rules string, entMeta *acl.EnterpriseMeta) (*structs.ACLToken, error) { policy, err := upsertTestPolicyWithRulesInEntMeta(codec, initialManagementToken, datacenter, rules, entMeta) if err != nil { return nil, err @@ -5585,7 +5586,7 @@ func upsertTestPolicyWithRules(codec rpc.ClientCodec, initialManagementToken str return upsertTestPolicyWithRulesInEntMeta(codec, initialManagementToken, datacenter, rules, structs.DefaultEnterpriseMetaInDefaultPartition()) } -func upsertTestPolicyWithRulesInEntMeta(codec rpc.ClientCodec, initialManagementToken string, datacenter string, rules string, entMeta *structs.EnterpriseMeta) (*structs.ACLPolicy, error) { +func upsertTestPolicyWithRulesInEntMeta(codec rpc.ClientCodec, initialManagementToken string, datacenter string, rules string, entMeta *acl.EnterpriseMeta) (*structs.ACLPolicy, error) { return upsertTestCustomizedPolicy(codec, initialManagementToken, datacenter, func(policy *structs.ACLPolicy) { if entMeta == nil { entMeta = structs.DefaultEnterpriseMetaInDefaultPartition() diff --git a/agent/consul/acl_oss.go b/agent/consul/acl_oss.go index 33b11a416..1fe4fbbf8 100644 --- a/agent/consul/acl_oss.go +++ b/agent/consul/acl_oss.go @@ -13,7 +13,7 @@ import ( // EnterpriseACLResolverDelegate stub type EnterpriseACLResolverDelegate interface{} -func (s *Server) replicationEnterpriseMeta() *structs.EnterpriseMeta { +func (s *Server) replicationEnterpriseMeta() *acl.EnterpriseMeta { return structs.ReplicationEnterpriseMeta() } @@ -48,4 +48,4 @@ func (_ *ACLResolver) resolveLocallyManagedEnterpriseToken(_ string) (structs.AC return nil, nil, false } -func setEnterpriseConf(entMeta *structs.EnterpriseMeta, conf *acl.Config) {} +func setEnterpriseConf(entMeta *acl.EnterpriseMeta, conf *acl.Config) {} diff --git a/agent/consul/acl_test.go b/agent/consul/acl_test.go index 54dc3a6b5..49036ae4f 100644 --- a/agent/consul/acl_test.go +++ b/agent/consul/acl_test.go @@ -9,12 +9,13 @@ import ( "testing" "time" - msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" "github.com/hashicorp/go-hclog" "github.com/hashicorp/go-uuid" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/agent/token" diff --git a/agent/consul/authmethod/authmethods.go b/agent/consul/authmethod/authmethods.go index 3f701aa8b..fbcd27e01 100644 --- a/agent/consul/authmethod/authmethods.go +++ b/agent/consul/authmethod/authmethods.go @@ -6,9 +6,11 @@ import ( "sort" "sync" - "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/go-hclog" "github.com/mitchellh/mapstructure" + + "github.com/hashicorp/consul/acl" + "github.com/hashicorp/consul/agent/structs" ) type Cache interface { @@ -62,7 +64,7 @@ type Identity struct { // in a bind name within a binding rule. ProjectedVars map[string]string - *structs.EnterpriseMeta + *acl.EnterpriseMeta } // ProjectedVarNames returns just the keyspace of the ProjectedVars map. diff --git a/agent/consul/authmethod/kubeauth/k8s_oss.go b/agent/consul/authmethod/kubeauth/k8s_oss.go index b3d74361e..a023c24e7 100644 --- a/agent/consul/authmethod/kubeauth/k8s_oss.go +++ b/agent/consul/authmethod/kubeauth/k8s_oss.go @@ -3,7 +3,10 @@ package kubeauth -import "github.com/hashicorp/consul/agent/structs" +import ( + "github.com/hashicorp/consul/acl" + "github.com/hashicorp/consul/agent/structs" +) type enterpriseConfig struct{} @@ -11,6 +14,6 @@ func enterpriseValidation(method *structs.ACLAuthMethod, config *Config) error { return nil } -func (v *Validator) k8sEntMetaFromFields(fields map[string]string) *structs.EnterpriseMeta { +func (v *Validator) k8sEntMetaFromFields(fields map[string]string) *acl.EnterpriseMeta { return nil } diff --git a/agent/consul/authmethod/ssoauth/sso_oss.go b/agent/consul/authmethod/ssoauth/sso_oss.go index 2f6bbe12a..495ce482b 100644 --- a/agent/consul/authmethod/ssoauth/sso_oss.go +++ b/agent/consul/authmethod/ssoauth/sso_oss.go @@ -6,7 +6,7 @@ package ssoauth import ( "fmt" - "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/internal/go-sso/oidcauth" ) @@ -17,7 +17,7 @@ func validateType(typ string) error { return nil } -func (v *Validator) ssoEntMetaFromClaims(_ *oidcauth.Claims) *structs.EnterpriseMeta { +func (v *Validator) ssoEntMetaFromClaims(_ *oidcauth.Claims) *acl.EnterpriseMeta { return nil } diff --git a/agent/consul/authmethod/testauth/testing.go b/agent/consul/authmethod/testauth/testing.go index 11e6fd7fc..5ad0f1e49 100644 --- a/agent/consul/authmethod/testauth/testing.go +++ b/agent/consul/authmethod/testauth/testing.go @@ -5,11 +5,12 @@ import ( "fmt" "sync" + "github.com/hashicorp/go-hclog" + "github.com/hashicorp/go-uuid" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/consul/authmethod" "github.com/hashicorp/consul/agent/structs" - "github.com/hashicorp/go-hclog" - "github.com/hashicorp/go-uuid" ) func init() { diff --git a/agent/consul/authmethod/testauth/testing_oss.go b/agent/consul/authmethod/testauth/testing_oss.go index a3c9b4382..d03a6ad87 100644 --- a/agent/consul/authmethod/testauth/testing_oss.go +++ b/agent/consul/authmethod/testauth/testing_oss.go @@ -3,12 +3,10 @@ package testauth -import ( - "github.com/hashicorp/consul/agent/structs" -) +import "github.com/hashicorp/consul/acl" type enterpriseConfig struct{} -func (v *Validator) testAuthEntMetaFromFields(fields map[string]string) *structs.EnterpriseMeta { +func (v *Validator) testAuthEntMetaFromFields(fields map[string]string) *acl.EnterpriseMeta { return nil } diff --git a/agent/consul/auto_config_backend.go b/agent/consul/auto_config_backend.go index aef6ad7ba..e77093d5e 100644 --- a/agent/consul/auto_config_backend.go +++ b/agent/consul/auto_config_backend.go @@ -6,6 +6,7 @@ import ( "net" "time" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/connect" "github.com/hashicorp/consul/agent/metadata" "github.com/hashicorp/consul/agent/structs" @@ -40,7 +41,7 @@ func (b autoConfigBackend) DatacenterJoinAddresses(partition, segment string) ([ if segment != "" { return nil, fmt.Errorf("Failed to retrieve members for segment %s: %w", segment, err) } - return nil, fmt.Errorf("Failed to retrieve members for partition %s: %w", structs.PartitionOrDefault(partition), err) + return nil, fmt.Errorf("Failed to retrieve members for partition %s: %w", acl.PartitionOrDefault(partition), err) } var joinAddrs []string diff --git a/agent/consul/auto_config_endpoint.go b/agent/consul/auto_config_endpoint.go index 5ca15f33b..088c9a3e0 100644 --- a/agent/consul/auto_config_endpoint.go +++ b/agent/consul/auto_config_endpoint.go @@ -30,7 +30,7 @@ type AutoConfigOptions struct { } func (opts AutoConfigOptions) PartitionOrDefault() string { - return structs.PartitionOrDefault(opts.Partition) + return acl.PartitionOrDefault(opts.Partition) } type AutoConfigAuthorizer interface { @@ -99,7 +99,7 @@ func (a *jwtAuthorizer) Authorize(req *pbautoconf.AutoConfigRequest) (AutoConfig return AutoConfigOptions{}, err } - if id.Agent != req.Node || !structs.EqualPartitions(id.Partition, req.Partition) { + if id.Agent != req.Node || !acl.EqualPartitions(id.Partition, req.Partition) { return AutoConfigOptions{}, fmt.Errorf("Spiffe ID agent name (%s) of the certificate signing request is not for the correct node (%s)", printNodeName(id.Agent, id.Partition), @@ -392,7 +392,7 @@ func parseAutoConfigCSR(csr string) (*x509.CertificateRequest, *connect.SpiffeID } func printNodeName(nodeName, partition string) string { - if structs.IsDefaultPartition(partition) { + if acl.IsDefaultPartition(partition) { return nodeName } return partition + "/" + nodeName diff --git a/agent/consul/catalog_endpoint_test.go b/agent/consul/catalog_endpoint_test.go index cf4b024f0..d6d303c2b 100644 --- a/agent/consul/catalog_endpoint_test.go +++ b/agent/consul/catalog_endpoint_test.go @@ -9,11 +9,12 @@ import ( "github.com/hashicorp/go-uuid" - msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" - "github.com/hashicorp/consul-net-rpc/net/rpc" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" + "github.com/hashicorp/consul-net-rpc/net/rpc" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" diff --git a/agent/consul/client.go b/agent/consul/client.go index 4709c3108..6a15acb94 100644 --- a/agent/consul/client.go +++ b/agent/consul/client.go @@ -14,6 +14,7 @@ import ( "github.com/hashicorp/serf/serf" "golang.org/x/time/rate" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/pool" "github.com/hashicorp/consul/agent/router" "github.com/hashicorp/consul/agent/structs" @@ -192,7 +193,7 @@ func (c *Client) Leave() error { // JoinLAN is used to have Consul join the inner-DC pool The target address // should be another node inside the DC listening on the Serf LAN address -func (c *Client) JoinLAN(addrs []string, entMeta *structs.EnterpriseMeta) (int, error) { +func (c *Client) JoinLAN(addrs []string, entMeta *acl.EnterpriseMeta) (int, error) { // Partitions definitely have to match. if c.config.AgentEnterpriseMeta().PartitionOrDefault() != entMeta.PartitionOrDefault() { return 0, fmt.Errorf("target partition %q must match client agent partition %q", @@ -240,7 +241,7 @@ func (c *Client) LANMembers(filter LANMemberFilter) ([]serf.Member, error) { } // RemoveFailedNode is used to remove a failed node from the cluster. -func (c *Client) RemoveFailedNode(node string, prune bool, entMeta *structs.EnterpriseMeta) error { +func (c *Client) RemoveFailedNode(node string, prune bool, entMeta *acl.EnterpriseMeta) error { // Partitions definitely have to match. if c.config.AgentEnterpriseMeta().PartitionOrDefault() != entMeta.PartitionOrDefault() { return fmt.Errorf("client agent in partition %q cannot remove node in different partition %q", @@ -418,7 +419,7 @@ func (c *Client) ReloadConfig(config ReloadableConfig) error { return nil } -func (c *Client) AgentEnterpriseMeta() *structs.EnterpriseMeta { +func (c *Client) AgentEnterpriseMeta() *acl.EnterpriseMeta { return c.config.AgentEnterpriseMeta() } diff --git a/agent/consul/config_endpoint_test.go b/agent/consul/config_endpoint_test.go index e5c0b7f6d..3c60818e4 100644 --- a/agent/consul/config_endpoint_test.go +++ b/agent/consul/config_endpoint_test.go @@ -7,10 +7,11 @@ import ( "testing" "time" - msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" hashstructure_v2 "github.com/mitchellh/hashstructure/v2" "github.com/stretchr/testify/require" + msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/configentry" "github.com/hashicorp/consul/agent/structs" diff --git a/agent/consul/config_oss.go b/agent/consul/config_oss.go index 63d3cb2a3..bae469eaf 100644 --- a/agent/consul/config_oss.go +++ b/agent/consul/config_oss.go @@ -3,8 +3,11 @@ package consul -import "github.com/hashicorp/consul/agent/structs" +import ( + "github.com/hashicorp/consul/acl" + "github.com/hashicorp/consul/agent/structs" +) -func (c *Config) AgentEnterpriseMeta() *structs.EnterpriseMeta { +func (c *Config) AgentEnterpriseMeta() *acl.EnterpriseMeta { return structs.NodeEnterpriseMetaInDefaultPartition() } diff --git a/agent/consul/connect_ca_endpoint_test.go b/agent/consul/connect_ca_endpoint_test.go index 394721411..f69960f5f 100644 --- a/agent/consul/connect_ca_endpoint_test.go +++ b/agent/consul/connect_ca_endpoint_test.go @@ -9,10 +9,11 @@ import ( "testing" "time" - msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/connect" ca "github.com/hashicorp/consul/agent/connect/ca" diff --git a/agent/consul/coordinate_endpoint_test.go b/agent/consul/coordinate_endpoint_test.go index 25cb41a5f..471a92623 100644 --- a/agent/consul/coordinate_endpoint_test.go +++ b/agent/consul/coordinate_endpoint_test.go @@ -9,11 +9,12 @@ import ( "testing" "time" - msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" - "github.com/hashicorp/consul-net-rpc/net/rpc" "github.com/hashicorp/serf/coordinate" "github.com/stretchr/testify/require" + msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" + "github.com/hashicorp/consul-net-rpc/net/rpc" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/lib" diff --git a/agent/consul/discovery_chain_endpoint_test.go b/agent/consul/discovery_chain_endpoint_test.go index e875ec25d..1f9a82f14 100644 --- a/agent/consul/discovery_chain_endpoint_test.go +++ b/agent/consul/discovery_chain_endpoint_test.go @@ -6,9 +6,10 @@ import ( "testing" "time" - msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" "github.com/stretchr/testify/require" + msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/connect" "github.com/hashicorp/consul/agent/structs" diff --git a/agent/consul/discoverychain/compile_oss.go b/agent/consul/discoverychain/compile_oss.go index 4aa43eb27..c0aa1118e 100644 --- a/agent/consul/discoverychain/compile_oss.go +++ b/agent/consul/discoverychain/compile_oss.go @@ -3,8 +3,11 @@ package discoverychain -import "github.com/hashicorp/consul/agent/structs" +import ( + "github.com/hashicorp/consul/acl" + "github.com/hashicorp/consul/agent/structs" +) -func (c *compiler) GetEnterpriseMeta() *structs.EnterpriseMeta { +func (c *compiler) GetEnterpriseMeta() *acl.EnterpriseMeta { return structs.DefaultEnterpriseMetaInDefaultPartition() } diff --git a/agent/consul/enterprise_server_oss.go b/agent/consul/enterprise_server_oss.go index cad141c11..187d59e97 100644 --- a/agent/consul/enterprise_server_oss.go +++ b/agent/consul/enterprise_server_oss.go @@ -12,6 +12,7 @@ import ( "github.com/hashicorp/go-version" "github.com/hashicorp/serf/serf" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/pool" "github.com/hashicorp/consul/agent/structs" ) @@ -56,7 +57,7 @@ func (s *Server) revokeEnterpriseLeadership() error { return nil } -func (s *Server) validateEnterpriseRequest(entMeta *structs.EnterpriseMeta, write bool) error { +func (s *Server) validateEnterpriseRequest(entMeta *acl.EnterpriseMeta, write bool) error { return nil } @@ -109,6 +110,6 @@ func (s *Server) shutdownSerfLAN() { } } -func addEnterpriseSerfTags(_ map[string]string, _ *structs.EnterpriseMeta) { +func addEnterpriseSerfTags(_ map[string]string, _ *acl.EnterpriseMeta) { // do nothing } diff --git a/agent/consul/federation_state_endpoint_test.go b/agent/consul/federation_state_endpoint_test.go index 8cd880826..299622447 100644 --- a/agent/consul/federation_state_endpoint_test.go +++ b/agent/consul/federation_state_endpoint_test.go @@ -5,11 +5,12 @@ import ( "testing" "time" - msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" - "github.com/hashicorp/consul-net-rpc/net/rpc" uuid "github.com/hashicorp/go-uuid" "github.com/stretchr/testify/require" + msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" + "github.com/hashicorp/consul-net-rpc/net/rpc" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" diff --git a/agent/consul/fsm/snapshot_oss_test.go b/agent/consul/fsm/snapshot_oss_test.go index 6d14d6f2d..c75bbc197 100644 --- a/agent/consul/fsm/snapshot_oss_test.go +++ b/agent/consul/fsm/snapshot_oss_test.go @@ -6,10 +6,11 @@ import ( "testing" "time" - "github.com/hashicorp/consul-net-rpc/go-msgpack/codec" "github.com/hashicorp/go-raftchunking" "github.com/stretchr/testify/require" + "github.com/hashicorp/consul-net-rpc/go-msgpack/codec" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/connect" "github.com/hashicorp/consul/agent/consul/state" diff --git a/agent/consul/health_endpoint_test.go b/agent/consul/health_endpoint_test.go index d84fbb21a..4193f7fee 100644 --- a/agent/consul/health_endpoint_test.go +++ b/agent/consul/health_endpoint_test.go @@ -5,10 +5,11 @@ import ( "testing" "time" - msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" + "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/lib" diff --git a/agent/consul/helper_test.go b/agent/consul/helper_test.go index f5c37f14d..807bb8be2 100644 --- a/agent/consul/helper_test.go +++ b/agent/consul/helper_test.go @@ -6,12 +6,14 @@ import ( "net" "testing" - msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" - "github.com/hashicorp/consul-net-rpc/net/rpc" "github.com/hashicorp/raft" "github.com/hashicorp/serf/serf" "github.com/stretchr/testify/require" + msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" + "github.com/hashicorp/consul-net-rpc/net/rpc" + + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/sdk/testutil/retry" @@ -116,9 +118,9 @@ func joinAddrWAN(s *Server) string { } type clientOrServer interface { - JoinLAN(addrs []string, entMeta *structs.EnterpriseMeta) (int, error) + JoinLAN(addrs []string, entMeta *acl.EnterpriseMeta) (int, error) LANMembersInAgentPartition() []serf.Member - AgentEnterpriseMeta() *structs.EnterpriseMeta + AgentEnterpriseMeta() *acl.EnterpriseMeta agentSegmentName() string } diff --git a/agent/consul/intention_endpoint.go b/agent/consul/intention_endpoint.go index 89a5f219a..fc6db87db 100644 --- a/agent/consul/intention_endpoint.go +++ b/agent/consul/intention_endpoint.go @@ -101,7 +101,7 @@ func (s *Intention) Apply(args *structs.IntentionRequest, reply *string) error { } // Get the ACL token for the request for the checks below. - var entMeta structs.EnterpriseMeta + var entMeta acl.EnterpriseMeta authz, err := s.srv.ACLResolver.ResolveTokenAndDefaultMeta(args.Token, &entMeta, nil) if err != nil { return err @@ -162,7 +162,7 @@ func (s *Intention) Apply(args *structs.IntentionRequest, reply *string) error { func (s *Intention) computeApplyChangesLegacyCreate( accessorID string, authz acl.Authorizer, - entMeta *structs.EnterpriseMeta, + entMeta *acl.EnterpriseMeta, args *structs.IntentionRequest, ) (*structs.IntentionMutation, error) { // This variant is just for legacy UUID-based intentions. @@ -232,7 +232,7 @@ func (s *Intention) computeApplyChangesLegacyCreate( func (s *Intention) computeApplyChangesLegacyUpdate( accessorID string, authz acl.Authorizer, - entMeta *structs.EnterpriseMeta, + entMeta *acl.EnterpriseMeta, args *structs.IntentionRequest, ) (*structs.IntentionMutation, error) { // This variant is just for legacy UUID-based intentions. @@ -292,7 +292,7 @@ func (s *Intention) computeApplyChangesLegacyUpdate( func (s *Intention) computeApplyChangesUpsert( accessorID string, authz acl.Authorizer, - entMeta *structs.EnterpriseMeta, + entMeta *acl.EnterpriseMeta, args *structs.IntentionRequest, ) (*structs.IntentionMutation, error) { // This variant is just for config-entry based intentions. @@ -355,7 +355,7 @@ func (s *Intention) computeApplyChangesUpsert( func (s *Intention) computeApplyChangesLegacyDelete( accessorID string, authz acl.Authorizer, - entMeta *structs.EnterpriseMeta, + entMeta *acl.EnterpriseMeta, args *structs.IntentionRequest, ) (*structs.IntentionMutation, error) { _, _, ixn, err := s.srv.fsm.State().IntentionGet(nil, args.Intention.ID) @@ -380,7 +380,7 @@ func (s *Intention) computeApplyChangesLegacyDelete( func (s *Intention) computeApplyChangesDelete( accessorID string, authz acl.Authorizer, - entMeta *structs.EnterpriseMeta, + entMeta *acl.EnterpriseMeta, args *structs.IntentionRequest, ) (*structs.IntentionMutation, error) { args.Intention.FillPartitionAndNamespace(entMeta, true) @@ -425,7 +425,7 @@ func (s *Intention) Get(args *structs.IntentionQueryRequest, reply *structs.Inde } // Get the ACL token for the request for the checks below. - var entMeta structs.EnterpriseMeta + var entMeta acl.EnterpriseMeta authz, err := s.srv.ResolveTokenAndDefaultMeta(args.Token, &entMeta, nil) if err != nil { return err @@ -574,7 +574,7 @@ func (s *Intention) Match(args *structs.IntentionQueryRequest, reply *structs.In } // Get the ACL token for the request for the checks below. - var entMeta structs.EnterpriseMeta + var entMeta acl.EnterpriseMeta authz, err := s.srv.ResolveTokenAndDefaultMeta(args.Token, &entMeta, nil) if err != nil { return err @@ -695,7 +695,7 @@ func (s *Intention) Check(args *structs.IntentionQueryRequest, reply *structs.In } // Get the ACL token for the request for the checks below. - var entMeta structs.EnterpriseMeta + var entMeta acl.EnterpriseMeta authz, err := s.srv.ResolveTokenAndDefaultMeta(args.Token, &entMeta, nil) if err != nil { return err diff --git a/agent/consul/intention_endpoint_test.go b/agent/consul/intention_endpoint_test.go index e1a35bf62..1fc0db35e 100644 --- a/agent/consul/intention_endpoint_test.go +++ b/agent/consul/intention_endpoint_test.go @@ -6,9 +6,10 @@ import ( "testing" "time" - msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" "github.com/stretchr/testify/require" + msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/sdk/testutil" diff --git a/agent/consul/internal_endpoint.go b/agent/consul/internal_endpoint.go index 9c2f2c75d..d78f20046 100644 --- a/agent/consul/internal_endpoint.go +++ b/agent/consul/internal_endpoint.go @@ -362,7 +362,7 @@ func (m *Internal) GatewayIntentions(args *structs.IntentionQueryRequest, reply } // Get the ACL token for the request for the checks below. - var entMeta structs.EnterpriseMeta + var entMeta acl.EnterpriseMeta var authzContext acl.AuthorizerContext authz, err := m.srv.ResolveTokenAndDefaultMeta(args.Token, &entMeta, &authzContext) diff --git a/agent/consul/internal_endpoint_test.go b/agent/consul/internal_endpoint_test.go index e639c003f..7f5e59a0a 100644 --- a/agent/consul/internal_endpoint_test.go +++ b/agent/consul/internal_endpoint_test.go @@ -8,10 +8,11 @@ import ( "testing" "time" - msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" diff --git a/agent/consul/kvs_endpoint_test.go b/agent/consul/kvs_endpoint_test.go index 10c94e702..1289ac655 100644 --- a/agent/consul/kvs_endpoint_test.go +++ b/agent/consul/kvs_endpoint_test.go @@ -5,9 +5,10 @@ import ( "testing" "time" - msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" "github.com/stretchr/testify/require" + msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" diff --git a/agent/consul/leader.go b/agent/consul/leader.go index b6291ee56..f40faed42 100644 --- a/agent/consul/leader.go +++ b/agent/consul/leader.go @@ -883,7 +883,7 @@ func (s *Server) bootstrapConfigEntries(entries []structs.ConfigEntry) error { // reconcileReaped is used to reconcile nodes that have failed and been reaped // from Serf but remain in the catalog. This is done by looking for unknown nodes with serfHealth checks registered. // We generate a "reap" event to cause the node to be cleaned up. -func (s *Server) reconcileReaped(known map[string]struct{}, nodeEntMeta *structs.EnterpriseMeta) error { +func (s *Server) reconcileReaped(known map[string]struct{}, nodeEntMeta *acl.EnterpriseMeta) error { if nodeEntMeta == nil { nodeEntMeta = structs.NodeEnterpriseMetaInDefaultPartition() } @@ -1016,7 +1016,7 @@ func (s *Server) shouldHandleMember(member serf.Member) bool { // handleAliveMember is used to ensure the node // is registered, with a passing health check. -func (s *Server) handleAliveMember(member serf.Member, nodeEntMeta *structs.EnterpriseMeta) error { +func (s *Server) handleAliveMember(member serf.Member, nodeEntMeta *acl.EnterpriseMeta) error { if nodeEntMeta == nil { nodeEntMeta = structs.NodeEnterpriseMetaInDefaultPartition() } @@ -1122,7 +1122,7 @@ AFTER_CHECK: // handleFailedMember is used to mark the node's status // as being critical, along with all checks as unknown. -func (s *Server) handleFailedMember(member serf.Member, nodeEntMeta *structs.EnterpriseMeta) error { +func (s *Server) handleFailedMember(member serf.Member, nodeEntMeta *acl.EnterpriseMeta) error { if nodeEntMeta == nil { nodeEntMeta = structs.NodeEnterpriseMetaInDefaultPartition() } @@ -1184,18 +1184,18 @@ func (s *Server) handleFailedMember(member serf.Member, nodeEntMeta *structs.Ent // handleLeftMember is used to handle members that gracefully // left. They are deregistered if necessary. -func (s *Server) handleLeftMember(member serf.Member, nodeEntMeta *structs.EnterpriseMeta) error { +func (s *Server) handleLeftMember(member serf.Member, nodeEntMeta *acl.EnterpriseMeta) error { return s.handleDeregisterMember("left", member, nodeEntMeta) } // handleReapMember is used to handle members that have been // reaped after a prolonged failure. They are deregistered. -func (s *Server) handleReapMember(member serf.Member, nodeEntMeta *structs.EnterpriseMeta) error { +func (s *Server) handleReapMember(member serf.Member, nodeEntMeta *acl.EnterpriseMeta) error { return s.handleDeregisterMember("reaped", member, nodeEntMeta) } // handleDeregisterMember is used to deregister a member of a given reason -func (s *Server) handleDeregisterMember(reason string, member serf.Member, nodeEntMeta *structs.EnterpriseMeta) error { +func (s *Server) handleDeregisterMember(reason string, member serf.Member, nodeEntMeta *acl.EnterpriseMeta) error { if nodeEntMeta == nil { nodeEntMeta = structs.NodeEnterpriseMetaInDefaultPartition() } diff --git a/agent/consul/leader_connect_ca.go b/agent/consul/leader_connect_ca.go index 899ff494a..88d3c5d42 100644 --- a/agent/consul/leader_connect_ca.go +++ b/agent/consul/leader_connect_ca.go @@ -1439,7 +1439,7 @@ func (c *CAManager) SignCertificate(csr *x509.CertificateRequest, spiffeID conne return nil, fmt.Errorf("SPIFFE ID in CSR must be a service or agent ID") } - var entMeta structs.EnterpriseMeta + var entMeta acl.EnterpriseMeta if isService { if !signingID.CanSign(spiffeID) { return nil, fmt.Errorf("SPIFFE ID in CSR from a different trust domain: %s, "+ diff --git a/agent/consul/operator_autopilot_endpoint_test.go b/agent/consul/operator_autopilot_endpoint_test.go index e28f30dab..a0a300c6d 100644 --- a/agent/consul/operator_autopilot_endpoint_test.go +++ b/agent/consul/operator_autopilot_endpoint_test.go @@ -5,11 +5,12 @@ import ( "testing" "time" - msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" "github.com/hashicorp/raft" autopilot "github.com/hashicorp/raft-autopilot" "github.com/stretchr/testify/require" + msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/sdk/testutil/retry" diff --git a/agent/consul/operator_raft_endpoint_test.go b/agent/consul/operator_raft_endpoint_test.go index e9e055e68..be60ec66a 100644 --- a/agent/consul/operator_raft_endpoint_test.go +++ b/agent/consul/operator_raft_endpoint_test.go @@ -7,10 +7,11 @@ import ( "testing" "time" - msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" "github.com/hashicorp/raft" "github.com/stretchr/testify/require" + msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/sdk/freeport" diff --git a/agent/consul/prepared_query_endpoint_test.go b/agent/consul/prepared_query_endpoint_test.go index 8c67eb5d7..5a0aef305 100644 --- a/agent/consul/prepared_query_endpoint_test.go +++ b/agent/consul/prepared_query_endpoint_test.go @@ -10,13 +10,14 @@ import ( "testing" "time" - msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" - "github.com/hashicorp/consul-net-rpc/net/rpc" "github.com/hashicorp/go-hclog" "github.com/hashicorp/serf/coordinate" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" + "github.com/hashicorp/consul-net-rpc/net/rpc" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" tokenStore "github.com/hashicorp/consul/agent/token" diff --git a/agent/consul/rpc_test.go b/agent/consul/rpc_test.go index d8bb45241..0e236eed5 100644 --- a/agent/consul/rpc_test.go +++ b/agent/consul/rpc_test.go @@ -995,7 +995,7 @@ func TestRPC_LocalTokenStrippedOnForward(t *testing.T) { // Wait for it to replicate retry.Run(t, func(r *retry.R) { - _, p, err := s2.fsm.State().ACLPolicyGetByID(nil, kvPolicy.ID, &structs.EnterpriseMeta{}) + _, p, err := s2.fsm.State().ACLPolicyGetByID(nil, kvPolicy.ID, &acl.EnterpriseMeta{}) require.Nil(r, err) require.NotNil(r, p) }) @@ -1128,7 +1128,7 @@ func TestRPC_LocalTokenStrippedOnForward_GRPC(t *testing.T) { // Wait for it to replicate retry.Run(t, func(r *retry.R) { - _, p, err := s2.fsm.State().ACLPolicyGetByID(nil, policy.ID, &structs.EnterpriseMeta{}) + _, p, err := s2.fsm.State().ACLPolicyGetByID(nil, policy.ID, &acl.EnterpriseMeta{}) require.Nil(r, err) require.NotNil(r, p) }) diff --git a/agent/consul/serf_filter.go b/agent/consul/serf_filter.go index 4ea2811d2..ebd6db759 100644 --- a/agent/consul/serf_filter.go +++ b/agent/consul/serf_filter.go @@ -3,7 +3,7 @@ package consul import ( "fmt" - "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/acl" ) type LANMemberFilter struct { @@ -16,12 +16,12 @@ func (f LANMemberFilter) Validate() error { if f.AllSegments && f.Segment != "" { return fmt.Errorf("cannot specify both allSegments and segment filters") } - if (f.AllSegments || f.Segment != "") && !structs.IsDefaultPartition(f.Partition) { + if (f.AllSegments || f.Segment != "") && !acl.IsDefaultPartition(f.Partition) { return fmt.Errorf("segments do not exist outside of the default partition") } return nil } func (f LANMemberFilter) PartitionOrDefault() string { - return structs.PartitionOrDefault(f.Partition) + return acl.PartitionOrDefault(f.Partition) } diff --git a/agent/consul/server.go b/agent/consul/server.go index 2b40a615e..c48204bb5 100644 --- a/agent/consul/server.go +++ b/agent/consul/server.go @@ -1230,7 +1230,7 @@ func (s *Server) WANMembers() []serf.Member { } // RemoveFailedNode is used to remove a failed node from the cluster. -func (s *Server) RemoveFailedNode(node string, prune bool, entMeta *structs.EnterpriseMeta) error { +func (s *Server) RemoveFailedNode(node string, prune bool, entMeta *acl.EnterpriseMeta) error { var removeFn func(*serf.Serf, string) error if prune { removeFn = (*serf.Serf).RemoveFailedNodePrune @@ -1250,7 +1250,7 @@ func (s *Server) RemoveFailedNode(node string, prune bool, entMeta *structs.Ente } // RemoveFailedNodeWAN is used to remove a failed node from the WAN cluster. -func (s *Server) RemoveFailedNodeWAN(wanNode string, prune bool, entMeta *structs.EnterpriseMeta) error { +func (s *Server) RemoveFailedNodeWAN(wanNode string, prune bool, entMeta *acl.EnterpriseMeta) error { var removeFn func(*serf.Serf, string) error if prune { removeFn = (*serf.Serf).RemoveFailedNodePrune @@ -1283,7 +1283,7 @@ func (s *Server) KeyManagerWAN() *serf.KeyManager { return s.serfWAN.KeyManager() } -func (s *Server) AgentEnterpriseMeta() *structs.EnterpriseMeta { +func (s *Server) AgentEnterpriseMeta() *acl.EnterpriseMeta { return s.config.AgentEnterpriseMeta() } diff --git a/agent/consul/server_oss.go b/agent/consul/server_oss.go index 0281b4d7a..5ae2fc3ea 100644 --- a/agent/consul/server_oss.go +++ b/agent/consul/server_oss.go @@ -14,6 +14,7 @@ import ( "github.com/hashicorp/serf/serf" "google.golang.org/grpc" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/lib" ) @@ -26,7 +27,7 @@ func (s *Server) enterpriseValidateJoinWAN() error { // JoinLAN is used to have Consul join the inner-DC pool The target address // should be another node inside the DC listening on the Serf LAN address -func (s *Server) JoinLAN(addrs []string, entMeta *structs.EnterpriseMeta) (int, error) { +func (s *Server) JoinLAN(addrs []string, entMeta *acl.EnterpriseMeta) (int, error) { return s.serfLAN.Join(addrs, true) } @@ -36,7 +37,7 @@ func (s *Server) JoinLAN(addrs []string, entMeta *structs.EnterpriseMeta) (int, func (s *Server) removeFailedNode( removeFn func(*serf.Serf, string) error, node, wanNode string, - entMeta *structs.EnterpriseMeta, + entMeta *acl.EnterpriseMeta, ) error { maybeRemove := func(s *serf.Serf, node string) (bool, error) { if !isSerfMember(s, node) { @@ -155,6 +156,6 @@ func (s *Server) addEnterpriseStats(stats map[string]map[string]string) { // no-op } -func getSerfMemberEnterpriseMeta(member serf.Member) *structs.EnterpriseMeta { +func getSerfMemberEnterpriseMeta(member serf.Member) *acl.EnterpriseMeta { return structs.NodeEnterpriseMetaInDefaultPartition() } diff --git a/agent/consul/server_overview.go b/agent/consul/server_overview.go index b75ffed5d..1c42f3483 100644 --- a/agent/consul/server_overview.go +++ b/agent/consul/server_overview.go @@ -7,10 +7,12 @@ import ( "sync" "time" + "github.com/hashicorp/go-hclog" + + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/consul/usagemetrics" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" - "github.com/hashicorp/go-hclog" ) type OverviewManager struct { @@ -69,7 +71,7 @@ func getCatalogOverview(catalog *structs.CatalogContents) *structs.CatalogSummar serviceInstanceChecks := make(map[string][]*structs.HealthCheck) checkSummaries := make(map[string]structs.HealthSummary) - entMetaIDString := func(id string, entMeta structs.EnterpriseMeta) string { + entMetaIDString := func(id string, entMeta acl.EnterpriseMeta) string { return fmt.Sprintf("%s/%s/%s", id, entMeta.PartitionOrEmpty(), entMeta.NamespaceOrEmpty()) } diff --git a/agent/consul/session_endpoint_test.go b/agent/consul/session_endpoint_test.go index cbfcdc43f..277d326f3 100644 --- a/agent/consul/session_endpoint_test.go +++ b/agent/consul/session_endpoint_test.go @@ -5,9 +5,10 @@ import ( "testing" "time" - msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" "github.com/stretchr/testify/require" + msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/lib/stringslice" diff --git a/agent/consul/session_ttl.go b/agent/consul/session_ttl.go index 7052d5db1..1b2d1ff0c 100644 --- a/agent/consul/session_ttl.go +++ b/agent/consul/session_ttl.go @@ -7,6 +7,7 @@ import ( "github.com/armon/go-metrics" "github.com/armon/go-metrics/prometheus" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" ) @@ -82,7 +83,7 @@ func (s *Server) resetSessionTimer(session *structs.Session) error { return nil } -func (s *Server) createSessionTimer(id string, ttl time.Duration, entMeta *structs.EnterpriseMeta) { +func (s *Server) createSessionTimer(id string, ttl time.Duration, entMeta *acl.EnterpriseMeta) { // Reset the session timer // Adjust the given TTL by the TTL multiplier. This is done // to give a client a grace period and to compensate for network @@ -95,7 +96,7 @@ func (s *Server) createSessionTimer(id string, ttl time.Duration, entMeta *struc // invalidateSession is invoked when a session TTL is reached and we // need to invalidate the session. -func (s *Server) invalidateSession(id string, entMeta *structs.EnterpriseMeta) { +func (s *Server) invalidateSession(id string, entMeta *acl.EnterpriseMeta) { defer metrics.MeasureSince([]string{"session_ttl", "invalidate"}, time.Now()) // Clear the session timer diff --git a/agent/consul/snapshot_endpoint_test.go b/agent/consul/snapshot_endpoint_test.go index 03e25f847..29f60618b 100644 --- a/agent/consul/snapshot_endpoint_test.go +++ b/agent/consul/snapshot_endpoint_test.go @@ -7,10 +7,11 @@ import ( "testing" "time" - msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" autopilot "github.com/hashicorp/raft-autopilot" "github.com/stretchr/testify/require" + msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" diff --git a/agent/consul/state/acl.go b/agent/consul/state/acl.go index 877037fe2..61fa3337f 100644 --- a/agent/consul/state/acl.go +++ b/agent/consul/state/acl.go @@ -6,6 +6,7 @@ import ( memdb "github.com/hashicorp/go-memdb" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" pbacl "github.com/hashicorp/consul/proto/pbacl" ) @@ -571,17 +572,17 @@ func aclTokenSetTxn(tx WriteTxn, idx uint64, token *structs.ACLToken, opts ACLTo } // ACLTokenGetBySecret is used to look up an existing ACL token by its SecretID. -func (s *Store) ACLTokenGetBySecret(ws memdb.WatchSet, secret string, entMeta *structs.EnterpriseMeta) (uint64, *structs.ACLToken, error) { +func (s *Store) ACLTokenGetBySecret(ws memdb.WatchSet, secret string, entMeta *acl.EnterpriseMeta) (uint64, *structs.ACLToken, error) { return s.aclTokenGet(ws, secret, "id", entMeta) } // ACLTokenGetByAccessor is used to look up an existing ACL token by its AccessorID. -func (s *Store) ACLTokenGetByAccessor(ws memdb.WatchSet, accessor string, entMeta *structs.EnterpriseMeta) (uint64, *structs.ACLToken, error) { +func (s *Store) ACLTokenGetByAccessor(ws memdb.WatchSet, accessor string, entMeta *acl.EnterpriseMeta) (uint64, *structs.ACLToken, error) { return s.aclTokenGet(ws, accessor, indexAccessor, entMeta) } // aclTokenGet looks up a token using one of the indexes provided -func (s *Store) aclTokenGet(ws memdb.WatchSet, value, index string, entMeta *structs.EnterpriseMeta) (uint64, *structs.ACLToken, error) { +func (s *Store) aclTokenGet(ws memdb.WatchSet, value, index string, entMeta *acl.EnterpriseMeta) (uint64, *structs.ACLToken, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -616,7 +617,7 @@ func (s *Store) ACLTokenBatchGet(ws memdb.WatchSet, accessors []string) (uint64, return idx, tokens, nil } -func aclTokenGetTxn(tx ReadTxn, ws memdb.WatchSet, value, index string, entMeta *structs.EnterpriseMeta) (*structs.ACLToken, error) { +func aclTokenGetTxn(tx ReadTxn, ws memdb.WatchSet, value, index string, entMeta *acl.EnterpriseMeta) (*structs.ACLToken, error) { watchCh, rawToken, err := aclTokenGetFromIndex(tx, value, index, entMeta) if err != nil { return nil, fmt.Errorf("failed acl token lookup: %v", err) @@ -640,7 +641,7 @@ func aclTokenGetTxn(tx ReadTxn, ws memdb.WatchSet, value, index string, entMeta } // ACLTokenList return a list of ACL Tokens that match the policy, role, and method. -func (s *Store) ACLTokenList(ws memdb.WatchSet, local, global bool, policy, role, methodName string, methodMeta, entMeta *structs.EnterpriseMeta) (uint64, structs.ACLTokens, error) { +func (s *Store) ACLTokenList(ws memdb.WatchSet, local, global bool, policy, role, methodName string, methodMeta, entMeta *acl.EnterpriseMeta) (uint64, structs.ACLTokens, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -799,7 +800,7 @@ func (s *Store) expiresIndexName(local bool) string { // ACLTokenDeleteByAccessor is used to remove an existing ACL from the state store. If // the ACL does not exist this is a no-op and no error is returned. -func (s *Store) ACLTokenDeleteByAccessor(idx uint64, accessor string, entMeta *structs.EnterpriseMeta) error { +func (s *Store) ACLTokenDeleteByAccessor(idx uint64, accessor string, entMeta *acl.EnterpriseMeta) error { return s.aclTokenDelete(idx, accessor, indexAccessor, entMeta) } @@ -816,7 +817,7 @@ func (s *Store) ACLTokenBatchDelete(idx uint64, tokenIDs []string) error { return tx.Commit() } -func (s *Store) aclTokenDelete(idx uint64, value, index string, entMeta *structs.EnterpriseMeta) error { +func (s *Store) aclTokenDelete(idx uint64, value, index string, entMeta *acl.EnterpriseMeta) error { tx := s.db.WriteTxn(idx) defer tx.Abort() @@ -827,7 +828,7 @@ func (s *Store) aclTokenDelete(idx uint64, value, index string, entMeta *structs return tx.Commit() } -func aclTokenDeleteTxn(tx WriteTxn, idx uint64, value, index string, entMeta *structs.EnterpriseMeta) error { +func aclTokenDeleteTxn(tx WriteTxn, idx uint64, value, index string, entMeta *acl.EnterpriseMeta) error { // Look up the existing token _, token, err := aclTokenGetFromIndex(tx, value, index, entMeta) if err != nil { @@ -845,7 +846,7 @@ func aclTokenDeleteTxn(tx WriteTxn, idx uint64, value, index string, entMeta *st return aclTokenDeleteWithToken(tx, token.(*structs.ACLToken), idx) } -func aclTokenDeleteAllForAuthMethodTxn(tx WriteTxn, idx uint64, methodName string, methodGlobalLocality bool, methodMeta *structs.EnterpriseMeta) error { +func aclTokenDeleteAllForAuthMethodTxn(tx WriteTxn, idx uint64, methodName string, methodGlobalLocality bool, methodMeta *acl.EnterpriseMeta) error { // collect all the tokens linked with the given auth method. iter, err := aclTokenListByAuthMethod(tx, methodName, methodMeta, methodMeta.WithWildcardNamespace()) if err != nil { @@ -966,15 +967,15 @@ func aclPolicySetTxn(tx WriteTxn, idx uint64, policy *structs.ACLPolicy) error { return aclPolicyInsert(tx, policy) } -func (s *Store) ACLPolicyGetByID(ws memdb.WatchSet, id string, entMeta *structs.EnterpriseMeta) (uint64, *structs.ACLPolicy, error) { +func (s *Store) ACLPolicyGetByID(ws memdb.WatchSet, id string, entMeta *acl.EnterpriseMeta) (uint64, *structs.ACLPolicy, error) { return s.aclPolicyGet(ws, id, aclPolicyGetByID, entMeta) } -func (s *Store) ACLPolicyGetByName(ws memdb.WatchSet, name string, entMeta *structs.EnterpriseMeta) (uint64, *structs.ACLPolicy, error) { +func (s *Store) ACLPolicyGetByName(ws memdb.WatchSet, name string, entMeta *acl.EnterpriseMeta) (uint64, *structs.ACLPolicy, error) { return s.aclPolicyGet(ws, name, aclPolicyGetByName, entMeta) } -func aclPolicyGetByName(tx ReadTxn, name string, entMeta *structs.EnterpriseMeta) (<-chan struct{}, interface{}, error) { +func aclPolicyGetByName(tx ReadTxn, name string, entMeta *acl.EnterpriseMeta) (<-chan struct{}, interface{}, error) { // todo: accept non-pointer value if entMeta == nil { entMeta = structs.DefaultEnterpriseMetaInDefaultPartition() @@ -1006,9 +1007,9 @@ func (s *Store) ACLPolicyBatchGet(ws memdb.WatchSet, ids []string) (uint64, stru return idx, policies, nil } -type aclPolicyGetFn func(ReadTxn, string, *structs.EnterpriseMeta) (<-chan struct{}, interface{}, error) +type aclPolicyGetFn func(ReadTxn, string, *acl.EnterpriseMeta) (<-chan struct{}, interface{}, error) -func getPolicyWithTxn(tx ReadTxn, ws memdb.WatchSet, value string, fn aclPolicyGetFn, entMeta *structs.EnterpriseMeta) (*structs.ACLPolicy, error) { +func getPolicyWithTxn(tx ReadTxn, ws memdb.WatchSet, value string, fn aclPolicyGetFn, entMeta *acl.EnterpriseMeta) (*structs.ACLPolicy, error) { watchCh, policy, err := fn(tx, value, entMeta) if err != nil { return nil, fmt.Errorf("failed acl policy lookup: %v", err) @@ -1022,7 +1023,7 @@ func getPolicyWithTxn(tx ReadTxn, ws memdb.WatchSet, value string, fn aclPolicyG return policy.(*structs.ACLPolicy), nil } -func (s *Store) aclPolicyGet(ws memdb.WatchSet, value string, fn aclPolicyGetFn, entMeta *structs.EnterpriseMeta) (uint64, *structs.ACLPolicy, error) { +func (s *Store) aclPolicyGet(ws memdb.WatchSet, value string, fn aclPolicyGetFn, entMeta *acl.EnterpriseMeta) (uint64, *structs.ACLPolicy, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -1036,7 +1037,7 @@ func (s *Store) aclPolicyGet(ws memdb.WatchSet, value string, fn aclPolicyGetFn, return idx, policy, nil } -func (s *Store) ACLPolicyList(ws memdb.WatchSet, entMeta *structs.EnterpriseMeta) (uint64, structs.ACLPolicies, error) { +func (s *Store) ACLPolicyList(ws memdb.WatchSet, entMeta *acl.EnterpriseMeta) (uint64, structs.ACLPolicies, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -1057,11 +1058,11 @@ func (s *Store) ACLPolicyList(ws memdb.WatchSet, entMeta *structs.EnterpriseMeta return idx, result, nil } -func (s *Store) ACLPolicyDeleteByID(idx uint64, id string, entMeta *structs.EnterpriseMeta) error { +func (s *Store) ACLPolicyDeleteByID(idx uint64, id string, entMeta *acl.EnterpriseMeta) error { return s.aclPolicyDelete(idx, id, aclPolicyGetByID, entMeta) } -func (s *Store) ACLPolicyDeleteByName(idx uint64, name string, entMeta *structs.EnterpriseMeta) error { +func (s *Store) ACLPolicyDeleteByName(idx uint64, name string, entMeta *acl.EnterpriseMeta) error { return s.aclPolicyDelete(idx, name, aclPolicyGetByName, entMeta) } @@ -1077,7 +1078,7 @@ func (s *Store) ACLPolicyBatchDelete(idx uint64, policyIDs []string) error { return tx.Commit() } -func (s *Store) aclPolicyDelete(idx uint64, value string, fn aclPolicyGetFn, entMeta *structs.EnterpriseMeta) error { +func (s *Store) aclPolicyDelete(idx uint64, value string, fn aclPolicyGetFn, entMeta *acl.EnterpriseMeta) error { tx := s.db.WriteTxn(idx) defer tx.Abort() @@ -1088,7 +1089,7 @@ func (s *Store) aclPolicyDelete(idx uint64, value string, fn aclPolicyGetFn, ent return tx.Commit() } -func aclPolicyDeleteTxn(tx WriteTxn, idx uint64, value string, fn aclPolicyGetFn, entMeta *structs.EnterpriseMeta) error { +func aclPolicyDeleteTxn(tx WriteTxn, idx uint64, value string, fn aclPolicyGetFn, entMeta *acl.EnterpriseMeta) error { // Look up the existing token _, rawPolicy, err := fn(tx, value, entMeta) if err != nil { @@ -1197,17 +1198,17 @@ func aclRoleSetTxn(tx WriteTxn, idx uint64, role *structs.ACLRole, allowMissing return aclRoleInsert(tx, role) } -type aclRoleGetFn func(ReadTxn, string, *structs.EnterpriseMeta) (<-chan struct{}, interface{}, error) +type aclRoleGetFn func(ReadTxn, string, *acl.EnterpriseMeta) (<-chan struct{}, interface{}, error) -func (s *Store) ACLRoleGetByID(ws memdb.WatchSet, id string, entMeta *structs.EnterpriseMeta) (uint64, *structs.ACLRole, error) { +func (s *Store) ACLRoleGetByID(ws memdb.WatchSet, id string, entMeta *acl.EnterpriseMeta) (uint64, *structs.ACLRole, error) { return s.aclRoleGet(ws, id, aclRoleGetByID, entMeta) } -func (s *Store) ACLRoleGetByName(ws memdb.WatchSet, name string, entMeta *structs.EnterpriseMeta) (uint64, *structs.ACLRole, error) { +func (s *Store) ACLRoleGetByName(ws memdb.WatchSet, name string, entMeta *acl.EnterpriseMeta) (uint64, *structs.ACLRole, error) { return s.aclRoleGet(ws, name, aclRoleGetByName, entMeta) } -func aclRoleGetByName(tx ReadTxn, name string, entMeta *structs.EnterpriseMeta) (<-chan struct{}, interface{}, error) { +func aclRoleGetByName(tx ReadTxn, name string, entMeta *acl.EnterpriseMeta) (<-chan struct{}, interface{}, error) { // TODO: accept non-pointer value if entMeta == nil { entMeta = structs.DefaultEnterpriseMetaInDefaultPartition() @@ -1237,7 +1238,7 @@ func (s *Store) ACLRoleBatchGet(ws memdb.WatchSet, ids []string) (uint64, struct return idx, roles, nil } -func getRoleWithTxn(tx ReadTxn, ws memdb.WatchSet, value string, fn aclRoleGetFn, entMeta *structs.EnterpriseMeta) (*structs.ACLRole, error) { +func getRoleWithTxn(tx ReadTxn, ws memdb.WatchSet, value string, fn aclRoleGetFn, entMeta *acl.EnterpriseMeta) (*structs.ACLRole, error) { watchCh, rawRole, err := fn(tx, value, entMeta) if err != nil { return nil, fmt.Errorf("failed acl role lookup: %v", err) @@ -1256,7 +1257,7 @@ func getRoleWithTxn(tx ReadTxn, ws memdb.WatchSet, value string, fn aclRoleGetFn return nil, nil } -func (s *Store) aclRoleGet(ws memdb.WatchSet, value string, fn aclRoleGetFn, entMeta *structs.EnterpriseMeta) (uint64, *structs.ACLRole, error) { +func (s *Store) aclRoleGet(ws memdb.WatchSet, value string, fn aclRoleGetFn, entMeta *acl.EnterpriseMeta) (uint64, *structs.ACLRole, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -1270,7 +1271,7 @@ func (s *Store) aclRoleGet(ws memdb.WatchSet, value string, fn aclRoleGetFn, ent return idx, role, nil } -func (s *Store) ACLRoleList(ws memdb.WatchSet, policy string, entMeta *structs.EnterpriseMeta) (uint64, structs.ACLRoles, error) { +func (s *Store) ACLRoleList(ws memdb.WatchSet, policy string, entMeta *acl.EnterpriseMeta) (uint64, structs.ACLRoles, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -1310,11 +1311,11 @@ func (s *Store) ACLRoleList(ws memdb.WatchSet, policy string, entMeta *structs.E return idx, result, nil } -func (s *Store) ACLRoleDeleteByID(idx uint64, id string, entMeta *structs.EnterpriseMeta) error { +func (s *Store) ACLRoleDeleteByID(idx uint64, id string, entMeta *acl.EnterpriseMeta) error { return s.aclRoleDelete(idx, id, aclRoleGetByID, entMeta) } -func (s *Store) ACLRoleDeleteByName(idx uint64, name string, entMeta *structs.EnterpriseMeta) error { +func (s *Store) ACLRoleDeleteByName(idx uint64, name string, entMeta *acl.EnterpriseMeta) error { return s.aclRoleDelete(idx, name, aclRoleGetByName, entMeta) } @@ -1330,7 +1331,7 @@ func (s *Store) ACLRoleBatchDelete(idx uint64, roleIDs []string) error { return tx.Commit() } -func (s *Store) aclRoleDelete(idx uint64, value string, fn aclRoleGetFn, entMeta *structs.EnterpriseMeta) error { +func (s *Store) aclRoleDelete(idx uint64, value string, fn aclRoleGetFn, entMeta *acl.EnterpriseMeta) error { tx := s.db.WriteTxn(idx) defer tx.Abort() @@ -1341,7 +1342,7 @@ func (s *Store) aclRoleDelete(idx uint64, value string, fn aclRoleGetFn, entMeta return tx.Commit() } -func aclRoleDeleteTxn(tx WriteTxn, idx uint64, value string, fn aclRoleGetFn, entMeta *structs.EnterpriseMeta) error { +func aclRoleDeleteTxn(tx WriteTxn, idx uint64, value string, fn aclRoleGetFn, entMeta *acl.EnterpriseMeta) error { // Look up the existing role _, rawRole, err := fn(tx, value, entMeta) if err != nil { @@ -1417,11 +1418,11 @@ func aclBindingRuleSetTxn(tx WriteTxn, idx uint64, rule *structs.ACLBindingRule) return aclBindingRuleInsert(tx, rule) } -func (s *Store) ACLBindingRuleGetByID(ws memdb.WatchSet, id string, entMeta *structs.EnterpriseMeta) (uint64, *structs.ACLBindingRule, error) { +func (s *Store) ACLBindingRuleGetByID(ws memdb.WatchSet, id string, entMeta *acl.EnterpriseMeta) (uint64, *structs.ACLBindingRule, error) { return s.aclBindingRuleGet(ws, id, entMeta) } -func (s *Store) aclBindingRuleGet(ws memdb.WatchSet, value string, entMeta *structs.EnterpriseMeta) (uint64, *structs.ACLBindingRule, error) { +func (s *Store) aclBindingRuleGet(ws memdb.WatchSet, value string, entMeta *acl.EnterpriseMeta) (uint64, *structs.ACLBindingRule, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -1441,7 +1442,7 @@ func (s *Store) aclBindingRuleGet(ws memdb.WatchSet, value string, entMeta *stru return idx, rule, nil } -func (s *Store) ACLBindingRuleList(ws memdb.WatchSet, methodName string, entMeta *structs.EnterpriseMeta) (uint64, structs.ACLBindingRules, error) { +func (s *Store) ACLBindingRuleList(ws memdb.WatchSet, methodName string, entMeta *acl.EnterpriseMeta) (uint64, structs.ACLBindingRules, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -1471,7 +1472,7 @@ func (s *Store) ACLBindingRuleList(ws memdb.WatchSet, methodName string, entMeta return idx, result, nil } -func (s *Store) ACLBindingRuleDeleteByID(idx uint64, id string, entMeta *structs.EnterpriseMeta) error { +func (s *Store) ACLBindingRuleDeleteByID(idx uint64, id string, entMeta *acl.EnterpriseMeta) error { return s.aclBindingRuleDelete(idx, id, entMeta) } @@ -1485,7 +1486,7 @@ func (s *Store) ACLBindingRuleBatchDelete(idx uint64, bindingRuleIDs []string) e return tx.Commit() } -func (s *Store) aclBindingRuleDelete(idx uint64, id string, entMeta *structs.EnterpriseMeta) error { +func (s *Store) aclBindingRuleDelete(idx uint64, id string, entMeta *acl.EnterpriseMeta) error { tx := s.db.WriteTxn(idx) defer tx.Abort() @@ -1496,7 +1497,7 @@ func (s *Store) aclBindingRuleDelete(idx uint64, id string, entMeta *structs.Ent return tx.Commit() } -func aclBindingRuleDeleteTxn(tx WriteTxn, idx uint64, id string, entMeta *structs.EnterpriseMeta) error { +func aclBindingRuleDeleteTxn(tx WriteTxn, idx uint64, id string, entMeta *acl.EnterpriseMeta) error { // Look up the existing binding rule _, rawRule, err := aclBindingRuleGetByID(tx, id, entMeta) if err != nil { @@ -1515,7 +1516,7 @@ func aclBindingRuleDeleteTxn(tx WriteTxn, idx uint64, id string, entMeta *struct return nil } -func aclBindingRuleDeleteAllForAuthMethodTxn(tx WriteTxn, idx uint64, methodName string, entMeta *structs.EnterpriseMeta) error { +func aclBindingRuleDeleteAllForAuthMethodTxn(tx WriteTxn, idx uint64, methodName string, entMeta *acl.EnterpriseMeta) error { // collect them all iter, err := aclBindingRuleListByAuthMethod(tx, methodName, entMeta) if err != nil { @@ -1596,11 +1597,11 @@ func aclAuthMethodSetTxn(tx WriteTxn, idx uint64, method *structs.ACLAuthMethod) return aclAuthMethodInsert(tx, method) } -func (s *Store) ACLAuthMethodGetByName(ws memdb.WatchSet, name string, entMeta *structs.EnterpriseMeta) (uint64, *structs.ACLAuthMethod, error) { +func (s *Store) ACLAuthMethodGetByName(ws memdb.WatchSet, name string, entMeta *acl.EnterpriseMeta) (uint64, *structs.ACLAuthMethod, error) { return s.aclAuthMethodGet(ws, name, entMeta) } -func (s *Store) aclAuthMethodGet(ws memdb.WatchSet, name string, entMeta *structs.EnterpriseMeta) (uint64, *structs.ACLAuthMethod, error) { +func (s *Store) aclAuthMethodGet(ws memdb.WatchSet, name string, entMeta *acl.EnterpriseMeta) (uint64, *structs.ACLAuthMethod, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -1614,7 +1615,7 @@ func (s *Store) aclAuthMethodGet(ws memdb.WatchSet, name string, entMeta *struct return idx, method, nil } -func getAuthMethodWithTxn(tx ReadTxn, ws memdb.WatchSet, name string, entMeta *structs.EnterpriseMeta) (*structs.ACLAuthMethod, error) { +func getAuthMethodWithTxn(tx ReadTxn, ws memdb.WatchSet, name string, entMeta *acl.EnterpriseMeta) (*structs.ACLAuthMethod, error) { watchCh, rawMethod, err := aclAuthMethodGetByName(tx, name, entMeta) if err != nil { return nil, fmt.Errorf("failed acl auth method lookup: %v", err) @@ -1628,7 +1629,7 @@ func getAuthMethodWithTxn(tx ReadTxn, ws memdb.WatchSet, name string, entMeta *s return nil, nil } -func (s *Store) ACLAuthMethodList(ws memdb.WatchSet, entMeta *structs.EnterpriseMeta) (uint64, structs.ACLAuthMethods, error) { +func (s *Store) ACLAuthMethodList(ws memdb.WatchSet, entMeta *acl.EnterpriseMeta) (uint64, structs.ACLAuthMethods, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -1650,11 +1651,11 @@ func (s *Store) ACLAuthMethodList(ws memdb.WatchSet, entMeta *structs.Enterprise return idx, result, nil } -func (s *Store) ACLAuthMethodDeleteByName(idx uint64, name string, entMeta *structs.EnterpriseMeta) error { +func (s *Store) ACLAuthMethodDeleteByName(idx uint64, name string, entMeta *acl.EnterpriseMeta) error { return s.aclAuthMethodDelete(idx, name, entMeta) } -func (s *Store) ACLAuthMethodBatchDelete(idx uint64, names []string, entMeta *structs.EnterpriseMeta) error { +func (s *Store) ACLAuthMethodBatchDelete(idx uint64, names []string, entMeta *acl.EnterpriseMeta) error { tx := s.db.WriteTxn(idx) defer tx.Abort() @@ -1669,7 +1670,7 @@ func (s *Store) ACLAuthMethodBatchDelete(idx uint64, names []string, entMeta *st return tx.Commit() } -func (s *Store) aclAuthMethodDelete(idx uint64, name string, entMeta *structs.EnterpriseMeta) error { +func (s *Store) aclAuthMethodDelete(idx uint64, name string, entMeta *acl.EnterpriseMeta) error { tx := s.db.WriteTxn(idx) defer tx.Abort() @@ -1680,7 +1681,7 @@ func (s *Store) aclAuthMethodDelete(idx uint64, name string, entMeta *structs.En return tx.Commit() } -func aclAuthMethodDeleteTxn(tx WriteTxn, idx uint64, name string, entMeta *structs.EnterpriseMeta) error { +func aclAuthMethodDeleteTxn(tx WriteTxn, idx uint64, name string, entMeta *acl.EnterpriseMeta) error { // Look up the existing method _, rawMethod, err := aclAuthMethodGetByName(tx, name, entMeta) if err != nil { @@ -1704,7 +1705,7 @@ func aclAuthMethodDeleteTxn(tx WriteTxn, idx uint64, name string, entMeta *struc return aclAuthMethodDeleteWithMethod(tx, method, idx) } -func aclTokenList(tx ReadTxn, entMeta *structs.EnterpriseMeta, locality bool) (memdb.ResultIterator, error) { +func aclTokenList(tx ReadTxn, entMeta *acl.EnterpriseMeta, locality bool) (memdb.ResultIterator, error) { // TODO: accept non-pointer value if entMeta == nil { entMeta = structs.DefaultEnterpriseMetaInDefaultPartition() diff --git a/agent/consul/state/acl_oss.go b/agent/consul/state/acl_oss.go index d7bed1d80..67a272c24 100644 --- a/agent/consul/state/acl_oss.go +++ b/agent/consul/state/acl_oss.go @@ -9,17 +9,18 @@ import ( memdb "github.com/hashicorp/go-memdb" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" ) -func updateTableIndexEntries(tx WriteTxn, tableName string, modifyIndex uint64, _ *structs.EnterpriseMeta) error { +func updateTableIndexEntries(tx WriteTxn, tableName string, modifyIndex uint64, _ *acl.EnterpriseMeta) error { if err := indexUpdateMaxTxn(tx, modifyIndex, tableName); err != nil { return fmt.Errorf("failed updating %s index: %v", tableName, err) } return nil } -func aclPolicyGetByID(tx ReadTxn, id string, _ *structs.EnterpriseMeta) (<-chan struct{}, interface{}, error) { +func aclPolicyGetByID(tx ReadTxn, id string, _ *acl.EnterpriseMeta) (<-chan struct{}, interface{}, error) { return tx.FirstWatch(tableACLPolicies, indexID, id) } @@ -36,7 +37,7 @@ func aclPolicyDeleteWithPolicy(tx WriteTxn, policy *structs.ACLPolicy, idx uint6 return nil } -func aclPolicyMaxIndex(tx ReadTxn, _ *structs.ACLPolicy, _ *structs.EnterpriseMeta) uint64 { +func aclPolicyMaxIndex(tx ReadTxn, _ *structs.ACLPolicy, _ *acl.EnterpriseMeta) uint64 { return maxIndexTxn(tx, tableACLPolicies) } @@ -52,23 +53,23 @@ func (s *Store) ACLPolicyUpsertValidateEnterprise(*structs.ACLPolicy, *structs.A ///// ACL Token Functions ///// /////////////////////////////////////////////////////////////////////////////// -func aclTokenGetFromIndex(tx ReadTxn, id string, index string, entMeta *structs.EnterpriseMeta) (<-chan struct{}, interface{}, error) { +func aclTokenGetFromIndex(tx ReadTxn, id string, index string, entMeta *acl.EnterpriseMeta) (<-chan struct{}, interface{}, error) { return tx.FirstWatch(tableACLTokens, index, id) } -func aclTokenListAll(tx ReadTxn, _ *structs.EnterpriseMeta) (memdb.ResultIterator, error) { +func aclTokenListAll(tx ReadTxn, _ *acl.EnterpriseMeta) (memdb.ResultIterator, error) { return tx.Get(tableACLTokens, indexID) } -func aclTokenListByPolicy(tx ReadTxn, policy string, _ *structs.EnterpriseMeta) (memdb.ResultIterator, error) { +func aclTokenListByPolicy(tx ReadTxn, policy string, _ *acl.EnterpriseMeta) (memdb.ResultIterator, error) { return tx.Get(tableACLTokens, indexPolicies, Query{Value: policy}) } -func aclTokenListByRole(tx ReadTxn, role string, _ *structs.EnterpriseMeta) (memdb.ResultIterator, error) { +func aclTokenListByRole(tx ReadTxn, role string, _ *acl.EnterpriseMeta) (memdb.ResultIterator, error) { return tx.Get(tableACLTokens, indexRoles, Query{Value: role}) } -func aclTokenListByAuthMethod(tx ReadTxn, authMethod string, _, _ *structs.EnterpriseMeta) (memdb.ResultIterator, error) { +func aclTokenListByAuthMethod(tx ReadTxn, authMethod string, _, _ *acl.EnterpriseMeta) (memdb.ResultIterator, error) { return tx.Get(tableACLTokens, indexAuthMethod, AuthMethodQuery{Value: authMethod}) } @@ -85,7 +86,7 @@ func aclTokenDeleteWithToken(tx WriteTxn, token *structs.ACLToken, idx uint64) e return nil } -func aclTokenMaxIndex(tx ReadTxn, _ *structs.ACLToken, entMeta *structs.EnterpriseMeta) uint64 { +func aclTokenMaxIndex(tx ReadTxn, _ *structs.ACLToken, entMeta *acl.EnterpriseMeta) uint64 { return maxIndexTxn(tx, tableACLTokens) } @@ -101,7 +102,7 @@ func (s *Store) ACLTokenUpsertValidateEnterprise(token *structs.ACLToken, existi ///// ACL Role Functions ///// /////////////////////////////////////////////////////////////////////////////// -func aclRoleGetByID(tx ReadTxn, id string, _ *structs.EnterpriseMeta) (<-chan struct{}, interface{}, error) { +func aclRoleGetByID(tx ReadTxn, id string, _ *acl.EnterpriseMeta) (<-chan struct{}, interface{}, error) { return tx.FirstWatch(tableACLRoles, indexID, id) } @@ -118,7 +119,7 @@ func aclRoleDeleteWithRole(tx WriteTxn, role *structs.ACLRole, idx uint64) error return nil } -func aclRoleMaxIndex(tx ReadTxn, _ *structs.ACLRole, _ *structs.EnterpriseMeta) uint64 { +func aclRoleMaxIndex(tx ReadTxn, _ *structs.ACLRole, _ *acl.EnterpriseMeta) uint64 { return maxIndexTxn(tx, tableACLRoles) } @@ -134,15 +135,15 @@ func (s *Store) ACLRoleUpsertValidateEnterprise(role *structs.ACLRole, existing ///// ACL Binding Rule Functions ///// /////////////////////////////////////////////////////////////////////////////// -func aclBindingRuleGetByID(tx ReadTxn, id string, _ *structs.EnterpriseMeta) (<-chan struct{}, interface{}, error) { +func aclBindingRuleGetByID(tx ReadTxn, id string, _ *acl.EnterpriseMeta) (<-chan struct{}, interface{}, error) { return tx.FirstWatch(tableACLBindingRules, indexID, id) } -func aclBindingRuleList(tx ReadTxn, _ *structs.EnterpriseMeta) (memdb.ResultIterator, error) { +func aclBindingRuleList(tx ReadTxn, _ *acl.EnterpriseMeta) (memdb.ResultIterator, error) { return tx.Get(tableACLBindingRules, indexID) } -func aclBindingRuleListByAuthMethod(tx ReadTxn, method string, _ *structs.EnterpriseMeta) (memdb.ResultIterator, error) { +func aclBindingRuleListByAuthMethod(tx ReadTxn, method string, _ *acl.EnterpriseMeta) (memdb.ResultIterator, error) { return tx.Get(tableACLBindingRules, indexAuthMethod, Query{Value: method}) } @@ -159,7 +160,7 @@ func aclBindingRuleDeleteWithRule(tx WriteTxn, rule *structs.ACLBindingRule, idx return nil } -func aclBindingRuleMaxIndex(tx ReadTxn, _ *structs.ACLBindingRule, entMeta *structs.EnterpriseMeta) uint64 { +func aclBindingRuleMaxIndex(tx ReadTxn, _ *structs.ACLBindingRule, entMeta *acl.EnterpriseMeta) uint64 { return maxIndexTxn(tx, tableACLBindingRules) } @@ -175,11 +176,11 @@ func (s *Store) ACLBindingRuleUpsertValidateEnterprise(rule *structs.ACLBindingR ///// ACL Auth Method Functions ///// /////////////////////////////////////////////////////////////////////////////// -func aclAuthMethodGetByName(tx ReadTxn, method string, _ *structs.EnterpriseMeta) (<-chan struct{}, interface{}, error) { +func aclAuthMethodGetByName(tx ReadTxn, method string, _ *acl.EnterpriseMeta) (<-chan struct{}, interface{}, error) { return tx.FirstWatch(tableACLAuthMethods, indexID, Query{Value: method}) } -func aclAuthMethodList(tx ReadTxn, entMeta *structs.EnterpriseMeta) (memdb.ResultIterator, error) { +func aclAuthMethodList(tx ReadTxn, entMeta *acl.EnterpriseMeta) (memdb.ResultIterator, error) { return tx.Get(tableACLAuthMethods, indexID) } @@ -196,7 +197,7 @@ func aclAuthMethodDeleteWithMethod(tx WriteTxn, method *structs.ACLAuthMethod, i return nil } -func aclAuthMethodMaxIndex(tx ReadTxn, _ *structs.ACLAuthMethod, entMeta *structs.EnterpriseMeta) uint64 { +func aclAuthMethodMaxIndex(tx ReadTxn, _ *structs.ACLAuthMethod, entMeta *acl.EnterpriseMeta) uint64 { return maxIndexTxn(tx, tableACLAuthMethods) } diff --git a/agent/consul/state/acl_oss_test.go b/agent/consul/state/acl_oss_test.go index 22b3c3b94..f86afc1a3 100644 --- a/agent/consul/state/acl_oss_test.go +++ b/agent/consul/state/acl_oss_test.go @@ -3,7 +3,10 @@ package state -import "github.com/hashicorp/consul/agent/structs" +import ( + "github.com/hashicorp/consul/acl" + "github.com/hashicorp/consul/agent/structs" +) func testIndexerTableACLPolicies() map[string]indexerTestCase { obj := &structs.ACLPolicy{ @@ -177,7 +180,7 @@ func testIndexerTableACLBindingRules() map[string]indexerTestCase { func testIndexerTableACLAuthMethods() map[string]indexerTestCase { obj := &structs.ACLAuthMethod{ Name: "ThEAuthMethod", - EnterpriseMeta: structs.EnterpriseMeta{}, + EnterpriseMeta: acl.EnterpriseMeta{}, } encodedName := []byte{0x74, 0x68, 0x65, 0x61, 0x75, 0x74, 0x68, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x0} return map[string]indexerTestCase{ diff --git a/agent/consul/state/acl_schema.go b/agent/consul/state/acl_schema.go index 1e8f415f4..f2b77dcbf 100644 --- a/agent/consul/state/acl_schema.go +++ b/agent/consul/state/acl_schema.go @@ -6,6 +6,7 @@ import ( "github.com/hashicorp/go-memdb" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" ) @@ -227,9 +228,9 @@ func indexFromUUIDQuery(raw interface{}) ([]byte, error) { func prefixIndexFromUUIDQuery(arg interface{}) ([]byte, error) { switch v := arg.(type) { - case *structs.EnterpriseMeta: + case *acl.EnterpriseMeta: return nil, nil - case structs.EnterpriseMeta: + case acl.EnterpriseMeta: return nil, nil case Query: return variableLengthUUIDStringToBytes(v.Value) diff --git a/agent/consul/state/catalog.go b/agent/consul/state/catalog.go index b882931d6..db256cfe1 100644 --- a/agent/consul/state/catalog.go +++ b/agent/consul/state/catalog.go @@ -57,7 +57,7 @@ func (s *Snapshot) Nodes() (memdb.ResultIterator, error) { // Services is used to pull the full list of services for a given node for use // during snapshots. -func (s *Snapshot) Services(node string, entMeta *structs.EnterpriseMeta) (memdb.ResultIterator, error) { +func (s *Snapshot) Services(node string, entMeta *acl.EnterpriseMeta) (memdb.ResultIterator, error) { // TODO: accept non-pointer value if entMeta == nil { entMeta = structs.NodeEnterpriseMetaInDefaultPartition() @@ -70,7 +70,7 @@ func (s *Snapshot) Services(node string, entMeta *structs.EnterpriseMeta) (memdb // Checks is used to pull the full list of checks for a given node for use // during snapshots. -func (s *Snapshot) Checks(node string, entMeta *structs.EnterpriseMeta) (memdb.ResultIterator, error) { +func (s *Snapshot) Checks(node string, entMeta *acl.EnterpriseMeta) (memdb.ResultIterator, error) { // TODO: accept non-pointer value if entMeta == nil { entMeta = structs.NodeEnterpriseMetaInDefaultPartition() @@ -136,7 +136,7 @@ func (s *Store) ensureCheckIfNodeMatches( nodePartition string, check *structs.HealthCheck, ) error { - if !strings.EqualFold(check.Node, node) || !structs.EqualPartitions(nodePartition, check.PartitionOrDefault()) { + if !strings.EqualFold(check.Node, node) || !acl.EqualPartitions(nodePartition, check.PartitionOrDefault()) { return fmt.Errorf("check node %q does not match node %q", printNodeName(check.Node, check.PartitionOrDefault()), printNodeName(node, nodePartition), @@ -149,7 +149,7 @@ func (s *Store) ensureCheckIfNodeMatches( } func printNodeName(nodeName, partition string) string { - if structs.IsDefaultPartition(partition) { + if acl.IsDefaultPartition(partition) { return nodeName } return partition + "/" + nodeName @@ -396,7 +396,7 @@ func (s *Store) ensureNodeTxn(tx WriteTxn, idx uint64, preserveIndexes bool, nod } // GetNode is used to retrieve a node registration by node name ID. -func (s *Store) GetNode(nodeNameOrID string, entMeta *structs.EnterpriseMeta) (uint64, *structs.Node, error) { +func (s *Store) GetNode(nodeNameOrID string, entMeta *acl.EnterpriseMeta) (uint64, *structs.Node, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -416,7 +416,7 @@ func (s *Store) GetNode(nodeNameOrID string, entMeta *structs.EnterpriseMeta) (u return idx, node, nil } -func getNodeTxn(tx ReadTxn, nodeNameOrID string, entMeta *structs.EnterpriseMeta) (*structs.Node, error) { +func getNodeTxn(tx ReadTxn, nodeNameOrID string, entMeta *acl.EnterpriseMeta) (*structs.Node, error) { node, err := tx.First(tableNodes, indexID, Query{ Value: nodeNameOrID, EnterpriseMeta: *entMeta, @@ -430,7 +430,7 @@ func getNodeTxn(tx ReadTxn, nodeNameOrID string, entMeta *structs.EnterpriseMeta return nil, nil } -func getNodeIDTxn(tx ReadTxn, id types.NodeID, entMeta *structs.EnterpriseMeta) (*structs.Node, error) { +func getNodeIDTxn(tx ReadTxn, id types.NodeID, entMeta *acl.EnterpriseMeta) (*structs.Node, error) { node, err := tx.First(tableNodes, indexUUID+"_prefix", Query{ Value: string(id), EnterpriseMeta: *entMeta, @@ -445,7 +445,7 @@ func getNodeIDTxn(tx ReadTxn, id types.NodeID, entMeta *structs.EnterpriseMeta) } // GetNodeID is used to retrieve a node registration by node ID. -func (s *Store) GetNodeID(id types.NodeID, entMeta *structs.EnterpriseMeta) (uint64, *structs.Node, error) { +func (s *Store) GetNodeID(id types.NodeID, entMeta *acl.EnterpriseMeta) (uint64, *structs.Node, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -463,7 +463,7 @@ func (s *Store) GetNodeID(id types.NodeID, entMeta *structs.EnterpriseMeta) (uin } // Nodes is used to return all of the known nodes. -func (s *Store) Nodes(ws memdb.WatchSet, entMeta *structs.EnterpriseMeta) (uint64, structs.Nodes, error) { +func (s *Store) Nodes(ws memdb.WatchSet, entMeta *acl.EnterpriseMeta) (uint64, structs.Nodes, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -491,7 +491,7 @@ func (s *Store) Nodes(ws memdb.WatchSet, entMeta *structs.EnterpriseMeta) (uint6 } // NodesByMeta is used to return all nodes with the given metadata key/value pairs. -func (s *Store) NodesByMeta(ws memdb.WatchSet, filters map[string]string, entMeta *structs.EnterpriseMeta) (uint64, structs.Nodes, error) { +func (s *Store) NodesByMeta(ws memdb.WatchSet, filters map[string]string, entMeta *acl.EnterpriseMeta) (uint64, structs.Nodes, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -537,7 +537,7 @@ func (s *Store) NodesByMeta(ws memdb.WatchSet, filters map[string]string, entMet } // DeleteNode is used to delete a given node by its ID. -func (s *Store) DeleteNode(idx uint64, nodeName string, entMeta *structs.EnterpriseMeta) error { +func (s *Store) DeleteNode(idx uint64, nodeName string, entMeta *acl.EnterpriseMeta) error { tx := s.db.WriteTxn(idx) defer tx.Abort() @@ -557,7 +557,7 @@ func (s *Store) DeleteNode(idx uint64, nodeName string, entMeta *structs.Enterpr // deleteNodeCASTxn is used to try doing a node delete operation with a given // raft index. If the CAS index specified is not equal to the last observed index for // the given check, then the call is a noop, otherwise a normal check delete is invoked. -func (s *Store) deleteNodeCASTxn(tx WriteTxn, idx, cidx uint64, nodeName string, entMeta *structs.EnterpriseMeta) (bool, error) { +func (s *Store) deleteNodeCASTxn(tx WriteTxn, idx, cidx uint64, nodeName string, entMeta *acl.EnterpriseMeta) (bool, error) { // Look up the node. node, err := getNodeTxn(tx, nodeName, entMeta) if err != nil { @@ -584,7 +584,7 @@ func (s *Store) deleteNodeCASTxn(tx WriteTxn, idx, cidx uint64, nodeName string, // deleteNodeTxn is the inner method used for removing a node from // the store within a given transaction. -func (s *Store) deleteNodeTxn(tx WriteTxn, idx uint64, nodeName string, entMeta *structs.EnterpriseMeta) error { +func (s *Store) deleteNodeTxn(tx WriteTxn, idx uint64, nodeName string, entMeta *acl.EnterpriseMeta) error { // TODO: accept non-pointer value if entMeta == nil { entMeta = structs.DefaultEnterpriseMetaInDefaultPartition() @@ -978,7 +978,7 @@ func terminatingGatewayVirtualIPsSupported(tx ReadTxn, ws memdb.WatchSet) (bool, } // Services returns all services along with a list of associated tags. -func (s *Store) Services(ws memdb.WatchSet, entMeta *structs.EnterpriseMeta) (uint64, structs.Services, error) { +func (s *Store) Services(ws memdb.WatchSet, entMeta *acl.EnterpriseMeta) (uint64, structs.Services, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -1018,14 +1018,14 @@ func (s *Store) Services(ws memdb.WatchSet, entMeta *structs.EnterpriseMeta) (ui return idx, results, nil } -func (s *Store) ServiceList(ws memdb.WatchSet, entMeta *structs.EnterpriseMeta) (uint64, structs.ServiceList, error) { +func (s *Store) ServiceList(ws memdb.WatchSet, entMeta *acl.EnterpriseMeta) (uint64, structs.ServiceList, error) { tx := s.db.Txn(false) defer tx.Abort() return serviceListTxn(tx, ws, entMeta) } -func serviceListTxn(tx ReadTxn, ws memdb.WatchSet, entMeta *structs.EnterpriseMeta) (uint64, structs.ServiceList, error) { +func serviceListTxn(tx ReadTxn, ws memdb.WatchSet, entMeta *acl.EnterpriseMeta) (uint64, structs.ServiceList, error) { idx := catalogServicesMaxIndex(tx, entMeta) services, err := tx.Get(tableServices, indexID+"_prefix", entMeta) @@ -1049,7 +1049,7 @@ func serviceListTxn(tx ReadTxn, ws memdb.WatchSet, entMeta *structs.EnterpriseMe } // ServicesByNodeMeta returns all services, filtered by the given node metadata. -func (s *Store) ServicesByNodeMeta(ws memdb.WatchSet, filters map[string]string, entMeta *structs.EnterpriseMeta) (uint64, structs.Services, error) { +func (s *Store) ServicesByNodeMeta(ws memdb.WatchSet, filters map[string]string, entMeta *acl.EnterpriseMeta) (uint64, structs.Services, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -1144,7 +1144,7 @@ func (s *Store) ServicesByNodeMeta(ws memdb.WatchSet, filters map[string]string, // * return when the last instance of a service is removed // * block until an instance for this service is available, or another // service is unregistered. -func maxIndexForService(tx ReadTxn, serviceName string, serviceExists, checks bool, entMeta *structs.EnterpriseMeta) uint64 { +func maxIndexForService(tx ReadTxn, serviceName string, serviceExists, checks bool, entMeta *acl.EnterpriseMeta) uint64 { idx, _ := maxIndexAndWatchChForService(tx, serviceName, serviceExists, checks, entMeta) return idx } @@ -1163,7 +1163,7 @@ func maxIndexForService(tx ReadTxn, serviceName string, serviceExists, checks bo // returned for the chan. This allows for blocking watchers to _only_ watch this // one chan in the common case, falling back to watching all touched MemDB // indexes in more complicated cases. -func maxIndexAndWatchChForService(tx ReadTxn, serviceName string, serviceExists, checks bool, entMeta *structs.EnterpriseMeta) (uint64, <-chan struct{}) { +func maxIndexAndWatchChForService(tx ReadTxn, serviceName string, serviceExists, checks bool, entMeta *acl.EnterpriseMeta) (uint64, <-chan struct{}) { if !serviceExists { res, err := catalogServiceLastExtinctionIndex(tx, entMeta) if missingIdx, ok := res.(*IndexEntry); ok && err == nil { @@ -1207,7 +1207,7 @@ func maxIndexAndWatchChsForServiceNodes(tx ReadTxn, // ConnectServiceNodes returns the nodes associated with a Connect // compatible destination for the given service name. This will include // both proxies and native integrations. -func (s *Store) ConnectServiceNodes(ws memdb.WatchSet, serviceName string, entMeta *structs.EnterpriseMeta) (uint64, structs.ServiceNodes, error) { +func (s *Store) ConnectServiceNodes(ws memdb.WatchSet, serviceName string, entMeta *acl.EnterpriseMeta) (uint64, structs.ServiceNodes, error) { tx := s.db.ReadTxn() defer tx.Abort() @@ -1220,7 +1220,7 @@ func (s *Store) ConnectServiceNodes(ws memdb.WatchSet, serviceName string, entMe } // ServiceNodes returns the nodes associated with a given service name. -func (s *Store) ServiceNodes(ws memdb.WatchSet, serviceName string, entMeta *structs.EnterpriseMeta) (uint64, structs.ServiceNodes, error) { +func (s *Store) ServiceNodes(ws memdb.WatchSet, serviceName string, entMeta *acl.EnterpriseMeta) (uint64, structs.ServiceNodes, error) { tx := s.db.ReadTxn() defer tx.Abort() @@ -1294,7 +1294,7 @@ func serviceNodesTxn(tx ReadTxn, ws memdb.WatchSet, index string, q Query) (uint // ServiceTagNodes returns the nodes associated with a given service, filtering // out services that don't contain the given tags. -func (s *Store) ServiceTagNodes(ws memdb.WatchSet, service string, tags []string, entMeta *structs.EnterpriseMeta) (uint64, structs.ServiceNodes, error) { +func (s *Store) ServiceTagNodes(ws memdb.WatchSet, service string, tags []string, entMeta *acl.EnterpriseMeta) (uint64, structs.ServiceNodes, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -1364,7 +1364,7 @@ func serviceTagsFilter(sn *structs.ServiceNode, tags []string) bool { // ServiceAddressNodes returns the nodes associated with a given service, filtering // out services that don't match the given serviceAddress -func (s *Store) ServiceAddressNodes(ws memdb.WatchSet, address string, entMeta *structs.EnterpriseMeta) (uint64, structs.ServiceNodes, error) { +func (s *Store) ServiceAddressNodes(ws memdb.WatchSet, address string, entMeta *acl.EnterpriseMeta) (uint64, structs.ServiceNodes, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -1401,7 +1401,7 @@ func (s *Store) ServiceAddressNodes(ws memdb.WatchSet, address string, entMeta * // parseServiceNodes iterates over a services query and fills in the node details, // returning a ServiceNodes slice. -func parseServiceNodes(tx ReadTxn, ws memdb.WatchSet, services structs.ServiceNodes, entMeta *structs.EnterpriseMeta) (structs.ServiceNodes, error) { +func parseServiceNodes(tx ReadTxn, ws memdb.WatchSet, services structs.ServiceNodes, entMeta *acl.EnterpriseMeta) (structs.ServiceNodes, error) { // We don't want to track an unlimited number of nodes, so we pull a // top-level watch to use as a fallback. allNodes, err := tx.Get(tableNodes, indexID+"_prefix", entMeta) @@ -1446,7 +1446,7 @@ func parseServiceNodes(tx ReadTxn, ws memdb.WatchSet, services structs.ServiceNo // NodeService is used to retrieve a specific service associated with the given // node. -func (s *Store) NodeService(nodeName string, serviceID string, entMeta *structs.EnterpriseMeta) (uint64, *structs.NodeService, error) { +func (s *Store) NodeService(nodeName string, serviceID string, entMeta *acl.EnterpriseMeta) (uint64, *structs.NodeService, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -1462,7 +1462,7 @@ func (s *Store) NodeService(nodeName string, serviceID string, entMeta *structs. return idx, service, nil } -func getNodeServiceTxn(tx ReadTxn, nodeName, serviceID string, entMeta *structs.EnterpriseMeta) (*structs.NodeService, error) { +func getNodeServiceTxn(tx ReadTxn, nodeName, serviceID string, entMeta *acl.EnterpriseMeta) (*structs.NodeService, error) { // TODO: pass non-pointer type for ent meta if entMeta == nil { entMeta = structs.DefaultEnterpriseMetaInDefaultPartition() @@ -1485,7 +1485,7 @@ func getNodeServiceTxn(tx ReadTxn, nodeName, serviceID string, entMeta *structs. return nil, nil } -func (s *Store) nodeServices(ws memdb.WatchSet, nodeNameOrID string, entMeta *structs.EnterpriseMeta, allowWildcard bool) (bool, uint64, *structs.Node, memdb.ResultIterator, error) { +func (s *Store) nodeServices(ws memdb.WatchSet, nodeNameOrID string, entMeta *acl.EnterpriseMeta, allowWildcard bool) (bool, uint64, *structs.Node, memdb.ResultIterator, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -1555,7 +1555,7 @@ func (s *Store) nodeServices(ws memdb.WatchSet, nodeNameOrID string, entMeta *st } // NodeServices is used to query service registrations by node name or UUID. -func (s *Store) NodeServices(ws memdb.WatchSet, nodeNameOrID string, entMeta *structs.EnterpriseMeta) (uint64, *structs.NodeServices, error) { +func (s *Store) NodeServices(ws memdb.WatchSet, nodeNameOrID string, entMeta *acl.EnterpriseMeta) (uint64, *structs.NodeServices, error) { done, idx, node, services, err := s.nodeServices(ws, nodeNameOrID, entMeta, false) if done || err != nil { return idx, nil, err @@ -1579,7 +1579,7 @@ func (s *Store) NodeServices(ws memdb.WatchSet, nodeNameOrID string, entMeta *st } // NodeServices is used to query service registrations by node name or UUID. -func (s *Store) NodeServiceList(ws memdb.WatchSet, nodeNameOrID string, entMeta *structs.EnterpriseMeta) (uint64, *structs.NodeServiceList, error) { +func (s *Store) NodeServiceList(ws memdb.WatchSet, nodeNameOrID string, entMeta *acl.EnterpriseMeta) (uint64, *structs.NodeServiceList, error) { done, idx, node, services, err := s.nodeServices(ws, nodeNameOrID, entMeta, true) if done || err != nil { return idx, nil, err @@ -1606,7 +1606,7 @@ func (s *Store) NodeServiceList(ws memdb.WatchSet, nodeNameOrID string, entMeta } // DeleteService is used to delete a given service associated with a node. -func (s *Store) DeleteService(idx uint64, nodeName, serviceID string, entMeta *structs.EnterpriseMeta) error { +func (s *Store) DeleteService(idx uint64, nodeName, serviceID string, entMeta *acl.EnterpriseMeta) error { tx := s.db.WriteTxn(idx) defer tx.Abort() @@ -1621,7 +1621,7 @@ func (s *Store) DeleteService(idx uint64, nodeName, serviceID string, entMeta *s // deleteServiceCASTxn is used to try doing a service delete operation with a given // raft index. If the CAS index specified is not equal to the last observed index for // the given service, then the call is a noop, otherwise a normal delete is invoked. -func (s *Store) deleteServiceCASTxn(tx WriteTxn, idx, cidx uint64, nodeName, serviceID string, entMeta *structs.EnterpriseMeta) (bool, error) { +func (s *Store) deleteServiceCASTxn(tx WriteTxn, idx, cidx uint64, nodeName, serviceID string, entMeta *acl.EnterpriseMeta) (bool, error) { // Look up the service. service, err := getNodeServiceTxn(tx, nodeName, serviceID, entMeta) if err != nil { @@ -1648,7 +1648,7 @@ func (s *Store) deleteServiceCASTxn(tx WriteTxn, idx, cidx uint64, nodeName, ser // deleteServiceTxn is the inner method called to remove a service // registration within an existing transaction. -func (s *Store) deleteServiceTxn(tx WriteTxn, idx uint64, nodeName, serviceID string, entMeta *structs.EnterpriseMeta) error { +func (s *Store) deleteServiceTxn(tx WriteTxn, idx uint64, nodeName, serviceID string, entMeta *acl.EnterpriseMeta) error { // TODO: pass non-pointer type for ent meta if entMeta == nil { entMeta = structs.DefaultEnterpriseMetaInDefaultPartition() @@ -1751,7 +1751,7 @@ func (s *Store) deleteServiceTxn(tx WriteTxn, idx uint64, nodeName, serviceID st // freeServiceVirtualIP is used to free a virtual IP for a service after the last instance // is removed. -func freeServiceVirtualIP(tx WriteTxn, svc string, excludeGateway *structs.ServiceName, entMeta *structs.EnterpriseMeta) error { +func freeServiceVirtualIP(tx WriteTxn, svc string, excludeGateway *structs.ServiceName, entMeta *acl.EnterpriseMeta) error { supported, err := virtualIPsSupported(tx, nil) if err != nil { return err @@ -1818,7 +1818,7 @@ func (s *Store) EnsureCheck(idx uint64, hc *structs.HealthCheck) error { } // updateAllServiceIndexesOfNode updates the Raft index of all the services associated with this node -func updateAllServiceIndexesOfNode(tx WriteTxn, idx uint64, nodeID string, entMeta *structs.EnterpriseMeta) error { +func updateAllServiceIndexesOfNode(tx WriteTxn, idx uint64, nodeID string, entMeta *acl.EnterpriseMeta) error { services, err := tx.Get(tableServices, indexNode, Query{ Value: nodeID, EnterpriseMeta: *entMeta.WithWildcardNamespace(), @@ -1977,7 +1977,7 @@ func (s *Store) ensureCheckTxn(tx WriteTxn, idx uint64, preserveIndexes bool, hc // NodeCheck is used to retrieve a specific check associated with the given // node. -func (s *Store) NodeCheck(nodeName string, checkID types.CheckID, entMeta *structs.EnterpriseMeta) (uint64, *structs.HealthCheck, error) { +func (s *Store) NodeCheck(nodeName string, checkID types.CheckID, entMeta *acl.EnterpriseMeta) (uint64, *structs.HealthCheck, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -1986,7 +1986,7 @@ func (s *Store) NodeCheck(nodeName string, checkID types.CheckID, entMeta *struc // nodeCheckTxn is used as the inner method to handle reading a health check // from the state store. -func getNodeCheckTxn(tx ReadTxn, nodeName string, checkID types.CheckID, entMeta *structs.EnterpriseMeta) (uint64, *structs.HealthCheck, error) { +func getNodeCheckTxn(tx ReadTxn, nodeName string, checkID types.CheckID, entMeta *acl.EnterpriseMeta) (uint64, *structs.HealthCheck, error) { // Get the table index. idx := catalogChecksMaxIndex(tx, entMeta) @@ -2009,7 +2009,7 @@ func getNodeCheckTxn(tx ReadTxn, nodeName string, checkID types.CheckID, entMeta // NodeChecks is used to retrieve checks associated with the // given node from the state store. -func (s *Store) NodeChecks(ws memdb.WatchSet, nodeName string, entMeta *structs.EnterpriseMeta) (uint64, structs.HealthChecks, error) { +func (s *Store) NodeChecks(ws memdb.WatchSet, nodeName string, entMeta *acl.EnterpriseMeta) (uint64, structs.HealthChecks, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -2037,7 +2037,7 @@ func (s *Store) NodeChecks(ws memdb.WatchSet, nodeName string, entMeta *structs. // ServiceChecks is used to get all checks associated with a // given service ID. The query is performed against a service // _name_ instead of a service ID. -func (s *Store) ServiceChecks(ws memdb.WatchSet, serviceName string, entMeta *structs.EnterpriseMeta) (uint64, structs.HealthChecks, error) { +func (s *Store) ServiceChecks(ws memdb.WatchSet, serviceName string, entMeta *acl.EnterpriseMeta) (uint64, structs.HealthChecks, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -2065,7 +2065,7 @@ func (s *Store) ServiceChecks(ws memdb.WatchSet, serviceName string, entMeta *st // given service ID, filtered by the given node metadata values. The query // is performed against a service _name_ instead of a service ID. func (s *Store) ServiceChecksByNodeMeta(ws memdb.WatchSet, serviceName string, - filters map[string]string, entMeta *structs.EnterpriseMeta) (uint64, structs.HealthChecks, error) { + filters map[string]string, entMeta *acl.EnterpriseMeta) (uint64, structs.HealthChecks, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -2088,7 +2088,7 @@ func (s *Store) ServiceChecksByNodeMeta(ws memdb.WatchSet, serviceName string, // ChecksInState is used to query the state store for all checks // which are in the provided state. -func (s *Store) ChecksInState(ws memdb.WatchSet, state string, entMeta *structs.EnterpriseMeta) (uint64, structs.HealthChecks, error) { +func (s *Store) ChecksInState(ws memdb.WatchSet, state string, entMeta *acl.EnterpriseMeta) (uint64, structs.HealthChecks, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -2106,7 +2106,7 @@ func (s *Store) ChecksInState(ws memdb.WatchSet, state string, entMeta *structs. // ChecksInStateByNodeMeta is used to query the state store for all checks // which are in the provided state, filtered by the given node metadata values. -func (s *Store) ChecksInStateByNodeMeta(ws memdb.WatchSet, state string, filters map[string]string, entMeta *structs.EnterpriseMeta) (uint64, structs.HealthChecks, error) { +func (s *Store) ChecksInStateByNodeMeta(ws memdb.WatchSet, state string, filters map[string]string, entMeta *acl.EnterpriseMeta) (uint64, structs.HealthChecks, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -2118,7 +2118,7 @@ func (s *Store) ChecksInStateByNodeMeta(ws memdb.WatchSet, state string, filters return parseChecksByNodeMeta(tx, ws, idx, iter, filters, entMeta) } -func checksInStateTxn(tx ReadTxn, ws memdb.WatchSet, state string, entMeta *structs.EnterpriseMeta) (uint64, memdb.ResultIterator, error) { +func checksInStateTxn(tx ReadTxn, ws memdb.WatchSet, state string, entMeta *acl.EnterpriseMeta) (uint64, memdb.ResultIterator, error) { // Get the table index. idx := catalogChecksMaxIndex(tx, entMeta) @@ -2147,7 +2147,7 @@ func checksInStateTxn(tx ReadTxn, ws memdb.WatchSet, state string, entMeta *stru // repetitive code for returning health checks filtered by node metadata fields. func parseChecksByNodeMeta(tx ReadTxn, ws memdb.WatchSet, idx uint64, iter memdb.ResultIterator, filters map[string]string, - entMeta *structs.EnterpriseMeta) (uint64, structs.HealthChecks, error) { + entMeta *acl.EnterpriseMeta) (uint64, structs.HealthChecks, error) { // We don't want to track an unlimited number of nodes, so we pull a // top-level watch to use as a fallback. @@ -2183,7 +2183,7 @@ func parseChecksByNodeMeta(tx ReadTxn, ws memdb.WatchSet, } // DeleteCheck is used to delete a health check registration. -func (s *Store) DeleteCheck(idx uint64, node string, checkID types.CheckID, entMeta *structs.EnterpriseMeta) error { +func (s *Store) DeleteCheck(idx uint64, node string, checkID types.CheckID, entMeta *acl.EnterpriseMeta) error { tx := s.db.WriteTxn(idx) defer tx.Abort() @@ -2198,7 +2198,7 @@ func (s *Store) DeleteCheck(idx uint64, node string, checkID types.CheckID, entM // deleteCheckCASTxn is used to try doing a check delete operation with a given // raft index. If the CAS index specified is not equal to the last observed index for // the given check, then the call is a noop, otherwise a normal check delete is invoked. -func (s *Store) deleteCheckCASTxn(tx WriteTxn, idx, cidx uint64, node string, checkID types.CheckID, entMeta *structs.EnterpriseMeta) (bool, error) { +func (s *Store) deleteCheckCASTxn(tx WriteTxn, idx, cidx uint64, node string, checkID types.CheckID, entMeta *acl.EnterpriseMeta) (bool, error) { // Try to retrieve the existing health check. _, hc, err := getNodeCheckTxn(tx, node, checkID, entMeta) if err != nil { @@ -2227,7 +2227,7 @@ func (s *Store) deleteCheckCASTxn(tx WriteTxn, idx, cidx uint64, node string, ch type NodeServiceQuery struct { Node string Service string - structs.EnterpriseMeta + acl.EnterpriseMeta } // NamespaceOrDefault exists because structs.EnterpriseMeta uses a pointer @@ -2244,7 +2244,7 @@ func (q NodeServiceQuery) PartitionOrDefault() string { // deleteCheckTxn is the inner method used to call a health // check deletion within an existing transaction. -func (s *Store) deleteCheckTxn(tx WriteTxn, idx uint64, node string, checkID types.CheckID, entMeta *structs.EnterpriseMeta) error { +func (s *Store) deleteCheckTxn(tx WriteTxn, idx uint64, node string, checkID types.CheckID, entMeta *acl.EnterpriseMeta) error { if entMeta == nil { entMeta = structs.DefaultEnterpriseMetaInDefaultPartition() } @@ -2337,19 +2337,19 @@ func (s *Store) CombinedCheckServiceNodes(ws memdb.WatchSet, service structs.Ser } // CheckServiceNodes is used to query all nodes and checks for a given service. -func (s *Store) CheckServiceNodes(ws memdb.WatchSet, serviceName string, entMeta *structs.EnterpriseMeta) (uint64, structs.CheckServiceNodes, error) { +func (s *Store) CheckServiceNodes(ws memdb.WatchSet, serviceName string, entMeta *acl.EnterpriseMeta) (uint64, structs.CheckServiceNodes, error) { return s.checkServiceNodes(ws, serviceName, false, entMeta) } // CheckConnectServiceNodes is used to query all nodes and checks for Connect // compatible endpoints for a given service. -func (s *Store) CheckConnectServiceNodes(ws memdb.WatchSet, serviceName string, entMeta *structs.EnterpriseMeta) (uint64, structs.CheckServiceNodes, error) { +func (s *Store) CheckConnectServiceNodes(ws memdb.WatchSet, serviceName string, entMeta *acl.EnterpriseMeta) (uint64, structs.CheckServiceNodes, error) { return s.checkServiceNodes(ws, serviceName, true, entMeta) } // CheckIngressServiceNodes is used to query all nodes and checks for ingress // endpoints for a given service. -func (s *Store) CheckIngressServiceNodes(ws memdb.WatchSet, serviceName string, entMeta *structs.EnterpriseMeta) (uint64, structs.CheckServiceNodes, error) { +func (s *Store) CheckIngressServiceNodes(ws memdb.WatchSet, serviceName string, entMeta *acl.EnterpriseMeta) (uint64, structs.CheckServiceNodes, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -2385,14 +2385,14 @@ func (s *Store) CheckIngressServiceNodes(ws memdb.WatchSet, serviceName string, return maxIdx, results, nil } -func (s *Store) checkServiceNodes(ws memdb.WatchSet, serviceName string, connect bool, entMeta *structs.EnterpriseMeta) (uint64, structs.CheckServiceNodes, error) { +func (s *Store) checkServiceNodes(ws memdb.WatchSet, serviceName string, connect bool, entMeta *acl.EnterpriseMeta) (uint64, structs.CheckServiceNodes, error) { tx := s.db.Txn(false) defer tx.Abort() return checkServiceNodesTxn(tx, ws, serviceName, connect, entMeta) } -func checkServiceNodesTxn(tx ReadTxn, ws memdb.WatchSet, serviceName string, connect bool, entMeta *structs.EnterpriseMeta) (uint64, structs.CheckServiceNodes, error) { +func checkServiceNodesTxn(tx ReadTxn, ws memdb.WatchSet, serviceName string, connect bool, entMeta *acl.EnterpriseMeta) (uint64, structs.CheckServiceNodes, error) { index := indexService if connect { index = indexConnect @@ -2526,7 +2526,7 @@ func checkServiceNodesTxn(tx ReadTxn, ws memdb.WatchSet, serviceName string, con // CheckServiceTagNodes is used to query all nodes and checks for a given // service, filtering out services that don't contain the given tag. -func (s *Store) CheckServiceTagNodes(ws memdb.WatchSet, serviceName string, tags []string, entMeta *structs.EnterpriseMeta) (uint64, structs.CheckServiceNodes, error) { +func (s *Store) CheckServiceTagNodes(ws memdb.WatchSet, serviceName string, tags []string, entMeta *acl.EnterpriseMeta) (uint64, structs.CheckServiceNodes, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -2559,7 +2559,7 @@ func (s *Store) CheckServiceTagNodes(ws memdb.WatchSet, serviceName string, tags } // GatewayServices is used to query all services associated with a gateway -func (s *Store) GatewayServices(ws memdb.WatchSet, gateway string, entMeta *structs.EnterpriseMeta) (uint64, structs.GatewayServices, error) { +func (s *Store) GatewayServices(ws memdb.WatchSet, gateway string, entMeta *acl.EnterpriseMeta) (uint64, structs.GatewayServices, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -2631,7 +2631,7 @@ func serviceNamesOfKindTxn(tx ReadTxn, ws memdb.WatchSet, kind structs.ServiceKi func parseCheckServiceNodes( tx ReadTxn, ws memdb.WatchSet, idx uint64, services structs.ServiceNodes, - entMeta *structs.EnterpriseMeta, + entMeta *acl.EnterpriseMeta, err error) (uint64, structs.CheckServiceNodes, error) { if err != nil { return 0, nil, err @@ -2722,7 +2722,7 @@ func parseCheckServiceNodes( // NodeInfo is used to generate a dump of a single node. The dump includes // all services and checks which are registered against the node. -func (s *Store) NodeInfo(ws memdb.WatchSet, node string, entMeta *structs.EnterpriseMeta) (uint64, structs.NodeDump, error) { +func (s *Store) NodeInfo(ws memdb.WatchSet, node string, entMeta *acl.EnterpriseMeta) (uint64, structs.NodeDump, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -2748,7 +2748,7 @@ func (s *Store) NodeInfo(ws memdb.WatchSet, node string, entMeta *structs.Enterp // NodeDump is used to generate a dump of all nodes. This call is expensive // as it has to query every node, service, and check. The response can also // be quite large since there is currently no filtering applied. -func (s *Store) NodeDump(ws memdb.WatchSet, entMeta *structs.EnterpriseMeta) (uint64, structs.NodeDump, error) { +func (s *Store) NodeDump(ws memdb.WatchSet, entMeta *acl.EnterpriseMeta) (uint64, structs.NodeDump, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -2764,7 +2764,7 @@ func (s *Store) NodeDump(ws memdb.WatchSet, entMeta *structs.EnterpriseMeta) (ui return parseNodes(tx, ws, idx, nodes, entMeta) } -func (s *Store) ServiceDump(ws memdb.WatchSet, kind structs.ServiceKind, useKind bool, entMeta *structs.EnterpriseMeta) (uint64, structs.CheckServiceNodes, error) { +func (s *Store) ServiceDump(ws memdb.WatchSet, kind structs.ServiceKind, useKind bool, entMeta *acl.EnterpriseMeta) (uint64, structs.CheckServiceNodes, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -2775,7 +2775,7 @@ func (s *Store) ServiceDump(ws memdb.WatchSet, kind structs.ServiceKind, useKind } } -func serviceDumpAllTxn(tx ReadTxn, ws memdb.WatchSet, entMeta *structs.EnterpriseMeta) (uint64, structs.CheckServiceNodes, error) { +func serviceDumpAllTxn(tx ReadTxn, ws memdb.WatchSet, entMeta *acl.EnterpriseMeta) (uint64, structs.CheckServiceNodes, error) { // Get the table index idx := catalogMaxIndexWatch(tx, ws, entMeta, true) @@ -2793,7 +2793,7 @@ func serviceDumpAllTxn(tx ReadTxn, ws memdb.WatchSet, entMeta *structs.Enterpris return parseCheckServiceNodes(tx, nil, idx, results, entMeta, err) } -func serviceDumpKindTxn(tx ReadTxn, ws memdb.WatchSet, kind structs.ServiceKind, entMeta *structs.EnterpriseMeta) (uint64, structs.CheckServiceNodes, error) { +func serviceDumpKindTxn(tx ReadTxn, ws memdb.WatchSet, kind structs.ServiceKind, entMeta *acl.EnterpriseMeta) (uint64, structs.CheckServiceNodes, error) { // unlike when we are dumping all services here we only need to watch the kind specific index entry for changing (or nodes, checks) // updating any services, nodes or checks will bump the appropriate service kind index so there is no need to watch any of the individual // entries @@ -2821,7 +2821,7 @@ func serviceDumpKindTxn(tx ReadTxn, ws memdb.WatchSet, kind structs.ServiceKind, // containing the nodes along with all of their associated services // and/or health checks. func parseNodes(tx ReadTxn, ws memdb.WatchSet, idx uint64, - iter memdb.ResultIterator, entMeta *structs.EnterpriseMeta) (uint64, structs.NodeDump, error) { + iter memdb.ResultIterator, entMeta *acl.EnterpriseMeta) (uint64, structs.NodeDump, error) { if entMeta == nil { entMeta = structs.DefaultEnterpriseMetaInDefaultPartition() @@ -2900,7 +2900,7 @@ func checkSessionsTxn(tx ReadTxn, hc *structs.HealthCheck) ([]*sessionCheck, err } // updateGatewayServices associates services with gateways as specified in a gateway config entry -func updateGatewayServices(tx WriteTxn, idx uint64, conf structs.ConfigEntry, entMeta *structs.EnterpriseMeta) error { +func updateGatewayServices(tx WriteTxn, idx uint64, conf structs.ConfigEntry, entMeta *acl.EnterpriseMeta) error { var ( noChange bool gatewayServices structs.GatewayServices @@ -2970,7 +2970,7 @@ func updateGatewayServices(tx WriteTxn, idx uint64, conf structs.ConfigEntry, en return nil } -func getTermGatewayVirtualIPs(tx WriteTxn, services []structs.LinkedService, entMeta *structs.EnterpriseMeta) (map[string]structs.ServiceAddress, error) { +func getTermGatewayVirtualIPs(tx WriteTxn, services []structs.LinkedService, entMeta *acl.EnterpriseMeta) (map[string]structs.ServiceAddress, error) { addrs := make(map[string]structs.ServiceAddress, len(services)) for _, s := range services { sn := structs.ServiceName{Name: s.Name, EnterpriseMeta: *entMeta} @@ -2985,7 +2985,7 @@ func getTermGatewayVirtualIPs(tx WriteTxn, services []structs.LinkedService, ent return addrs, nil } -func updateTerminatingGatewayVirtualIPs(tx WriteTxn, idx uint64, conf *structs.TerminatingGatewayConfigEntry, entMeta *structs.EnterpriseMeta) error { +func updateTerminatingGatewayVirtualIPs(tx WriteTxn, idx uint64, conf *structs.TerminatingGatewayConfigEntry, entMeta *acl.EnterpriseMeta) error { // Build the current map of services with virtual IPs for this gateway services := conf.Services addrs, err := getTermGatewayVirtualIPs(tx, services, entMeta) @@ -3067,7 +3067,7 @@ func ingressConfigGatewayServices( tx ReadTxn, gateway structs.ServiceName, conf structs.ConfigEntry, - entMeta *structs.EnterpriseMeta, + entMeta *acl.EnterpriseMeta, ) (bool, structs.GatewayServices, error) { entry, ok := conf.(*structs.IngressGatewayConfigEntry) if !ok { @@ -3112,7 +3112,7 @@ func terminatingConfigGatewayServices( tx ReadTxn, gateway structs.ServiceName, conf structs.ConfigEntry, - entMeta *structs.EnterpriseMeta, + entMeta *acl.EnterpriseMeta, ) (bool, structs.GatewayServices, error) { entry, ok := conf.(*structs.TerminatingGatewayConfigEntry) if !ok { @@ -3149,7 +3149,7 @@ func terminatingConfigGatewayServices( } // updateGatewayNamespace is used to target all services within a namespace -func updateGatewayNamespace(tx WriteTxn, idx uint64, service *structs.GatewayService, entMeta *structs.EnterpriseMeta) error { +func updateGatewayNamespace(tx WriteTxn, idx uint64, service *structs.GatewayService, entMeta *acl.EnterpriseMeta) error { if entMeta == nil { entMeta = structs.DefaultEnterpriseMetaInDefaultPartition() } @@ -3343,7 +3343,7 @@ func (s *Store) collectGatewayServices(tx ReadTxn, ws memdb.WatchSet, iter memdb // TODO(ingress): How to handle index rolling back when a config entry is // deleted that references a service? // We might need something like the service_last_extinction index? -func serviceGatewayNodes(tx ReadTxn, ws memdb.WatchSet, service string, kind structs.ServiceKind, entMeta *structs.EnterpriseMeta) (uint64, structs.ServiceNodes, error) { +func serviceGatewayNodes(tx ReadTxn, ws memdb.WatchSet, service string, kind structs.ServiceKind, entMeta *acl.EnterpriseMeta) (uint64, structs.ServiceNodes, error) { // Look up gateway name associated with the service gws, err := tx.Get(tableGatewayServices, indexService, structs.NewServiceName(service, entMeta)) if err != nil { @@ -3448,7 +3448,7 @@ func (s *Store) ServiceTopology( dc, service string, kind structs.ServiceKind, defaultAllow acl.EnforcementDecision, - entMeta *structs.EnterpriseMeta, + entMeta *acl.EnterpriseMeta, ) (uint64, *structs.ServiceTopology, error) { tx := s.db.ReadTxn() defer tx.Abort() @@ -3883,7 +3883,7 @@ func updateMeshTopology(tx WriteTxn, idx uint64, node string, svc *structs.NodeS oldUpstreams := make(map[structs.ServiceName]bool) if e, ok := existing.(*structs.ServiceNode); ok { for _, u := range e.ServiceProxy.Upstreams { - upstreamMeta := structs.NewEnterpriseMetaWithPartition(e.PartitionOrDefault(), u.DestinationNamespace) + upstreamMeta := acl.NewEnterpriseMetaWithPartition(e.PartitionOrDefault(), u.DestinationNamespace) sn := structs.NewServiceName(u.DestinationName, &upstreamMeta) oldUpstreams[sn] = true @@ -3899,7 +3899,7 @@ func updateMeshTopology(tx WriteTxn, idx uint64, node string, svc *structs.NodeS } // TODO (freddy): Account for upstream datacenter - upstreamMeta := structs.NewEnterpriseMetaWithPartition(svc.PartitionOrDefault(), u.DestinationNamespace) + upstreamMeta := acl.NewEnterpriseMetaWithPartition(svc.PartitionOrDefault(), u.DestinationNamespace) upstream := structs.NewServiceName(u.DestinationName, &upstreamMeta) obj, err := tx.First(tableMeshTopology, indexID, upstream, downstream) diff --git a/agent/consul/state/catalog_events.go b/agent/consul/state/catalog_events.go index eaca440a8..91e1bf361 100644 --- a/agent/consul/state/catalog_events.go +++ b/agent/consul/state/catalog_events.go @@ -16,7 +16,7 @@ import ( // a specific service. type EventSubjectService struct { Key string - EnterpriseMeta structs.EnterpriseMeta + EnterpriseMeta acl.EnterpriseMeta overrideKey string overrideNamespace string @@ -128,7 +128,7 @@ func serviceHealthSnapshot(db ReadDB, topic stream.Topic) stream.SnapshotFunc { type nodeServiceTuple struct { Node string ServiceID string - EntMeta structs.EnterpriseMeta + EntMeta acl.EnterpriseMeta } func newNodeServiceTupleFromServiceNode(sn *structs.ServiceNode) nodeServiceTuple { @@ -553,7 +553,7 @@ func getPayloadCheckServiceNode(payload stream.Payload) *structs.CheckServiceNod // given node. This mirrors some of the the logic in the oddly-named // parseCheckServiceNodes but is more efficient since we know they are all on // the same node. -func newServiceHealthEventsForNode(tx ReadTxn, idx uint64, node string, entMeta *structs.EnterpriseMeta) ([]stream.Event, error) { +func newServiceHealthEventsForNode(tx ReadTxn, idx uint64, node string, entMeta *acl.EnterpriseMeta) ([]stream.Event, error) { services, err := tx.Get(tableServices, indexNode, Query{ Value: node, EnterpriseMeta: *entMeta, @@ -580,7 +580,7 @@ func newServiceHealthEventsForNode(tx ReadTxn, idx uint64, node string, entMeta // getNodeAndNodeChecks returns a the node structure and a function that returns // the full list of checks for a specific service on that node. -func getNodeAndChecks(tx ReadTxn, node string, entMeta *structs.EnterpriseMeta) (*structs.Node, serviceChecksFunc, error) { +func getNodeAndChecks(tx ReadTxn, node string, entMeta *acl.EnterpriseMeta) (*structs.Node, serviceChecksFunc, error) { // Fetch the node nodeRaw, err := tx.First(tableNodes, indexID, Query{ Value: node, diff --git a/agent/consul/state/catalog_oss.go b/agent/consul/state/catalog_oss.go index f2902ca71..8a30d4589 100644 --- a/agent/consul/state/catalog_oss.go +++ b/agent/consul/state/catalog_oss.go @@ -9,20 +9,21 @@ import ( memdb "github.com/hashicorp/go-memdb" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" ) func withEnterpriseSchema(_ *memdb.DBSchema) {} -func serviceIndexName(name string, _ *structs.EnterpriseMeta) string { +func serviceIndexName(name string, _ *acl.EnterpriseMeta) string { return fmt.Sprintf("service.%s", name) } -func serviceKindIndexName(kind structs.ServiceKind, _ *structs.EnterpriseMeta) string { +func serviceKindIndexName(kind structs.ServiceKind, _ *acl.EnterpriseMeta) string { return "service_kind." + kind.Normalized() } -func catalogUpdateNodesIndexes(tx WriteTxn, idx uint64, entMeta *structs.EnterpriseMeta) error { +func catalogUpdateNodesIndexes(tx WriteTxn, idx uint64, entMeta *acl.EnterpriseMeta) error { // overall nodes index if err := indexUpdateMaxTxn(tx, idx, tableNodes); err != nil { return fmt.Errorf("failed updating index: %s", err) @@ -31,7 +32,7 @@ func catalogUpdateNodesIndexes(tx WriteTxn, idx uint64, entMeta *structs.Enterpr return nil } -func catalogUpdateServicesIndexes(tx WriteTxn, idx uint64, _ *structs.EnterpriseMeta) error { +func catalogUpdateServicesIndexes(tx WriteTxn, idx uint64, _ *acl.EnterpriseMeta) error { // overall services index if err := indexUpdateMaxTxn(tx, idx, tableServices); err != nil { return fmt.Errorf("failed updating index: %s", err) @@ -40,7 +41,7 @@ func catalogUpdateServicesIndexes(tx WriteTxn, idx uint64, _ *structs.Enterprise return nil } -func catalogUpdateServiceKindIndexes(tx WriteTxn, kind structs.ServiceKind, idx uint64, _ *structs.EnterpriseMeta) error { +func catalogUpdateServiceKindIndexes(tx WriteTxn, kind structs.ServiceKind, idx uint64, _ *acl.EnterpriseMeta) error { // service-kind index if err := indexUpdateMaxTxn(tx, idx, serviceKindIndexName(kind, nil)); err != nil { return fmt.Errorf("failed updating index: %s", err) @@ -49,7 +50,7 @@ func catalogUpdateServiceKindIndexes(tx WriteTxn, kind structs.ServiceKind, idx return nil } -func catalogUpdateServiceIndexes(tx WriteTxn, serviceName string, idx uint64, _ *structs.EnterpriseMeta) error { +func catalogUpdateServiceIndexes(tx WriteTxn, serviceName string, idx uint64, _ *acl.EnterpriseMeta) error { // per-service index if err := indexUpdateMaxTxn(tx, idx, serviceIndexName(serviceName, nil)); err != nil { return fmt.Errorf("failed updating index: %s", err) @@ -58,7 +59,7 @@ func catalogUpdateServiceIndexes(tx WriteTxn, serviceName string, idx uint64, _ return nil } -func catalogUpdateServiceExtinctionIndex(tx WriteTxn, idx uint64, _ *structs.EnterpriseMeta) error { +func catalogUpdateServiceExtinctionIndex(tx WriteTxn, idx uint64, _ *acl.EnterpriseMeta) error { if err := tx.Insert(tableIndex, &IndexEntry{indexServiceExtinction, idx}); err != nil { return fmt.Errorf("failed updating missing service extinction index: %s", err) } @@ -109,49 +110,49 @@ func catalogInsertService(tx WriteTxn, svc *structs.ServiceNode) error { return nil } -func catalogNodesMaxIndex(tx ReadTxn, entMeta *structs.EnterpriseMeta) uint64 { +func catalogNodesMaxIndex(tx ReadTxn, entMeta *acl.EnterpriseMeta) uint64 { return maxIndexTxn(tx, tableNodes) } -func catalogServicesMaxIndex(tx ReadTxn, _ *structs.EnterpriseMeta) uint64 { +func catalogServicesMaxIndex(tx ReadTxn, _ *acl.EnterpriseMeta) uint64 { return maxIndexTxn(tx, tableServices) } -func catalogServiceMaxIndex(tx ReadTxn, serviceName string, _ *structs.EnterpriseMeta) (<-chan struct{}, interface{}, error) { +func catalogServiceMaxIndex(tx ReadTxn, serviceName string, _ *acl.EnterpriseMeta) (<-chan struct{}, interface{}, error) { return tx.FirstWatch(tableIndex, "id", serviceIndexName(serviceName, nil)) } -func catalogServiceKindMaxIndex(tx ReadTxn, ws memdb.WatchSet, kind structs.ServiceKind, entMeta *structs.EnterpriseMeta) uint64 { +func catalogServiceKindMaxIndex(tx ReadTxn, ws memdb.WatchSet, kind structs.ServiceKind, entMeta *acl.EnterpriseMeta) uint64 { return maxIndexWatchTxn(tx, ws, serviceKindIndexName(kind, nil)) } -func catalogServiceListNoWildcard(tx ReadTxn, _ *structs.EnterpriseMeta) (memdb.ResultIterator, error) { +func catalogServiceListNoWildcard(tx ReadTxn, _ *acl.EnterpriseMeta) (memdb.ResultIterator, error) { return tx.Get(tableServices, indexID) } -func catalogServiceListByNode(tx ReadTxn, node string, _ *structs.EnterpriseMeta, _ bool) (memdb.ResultIterator, error) { +func catalogServiceListByNode(tx ReadTxn, node string, _ *acl.EnterpriseMeta, _ bool) (memdb.ResultIterator, error) { return tx.Get(tableServices, indexNode, Query{Value: node}) } -func catalogServiceLastExtinctionIndex(tx ReadTxn, _ *structs.EnterpriseMeta) (interface{}, error) { +func catalogServiceLastExtinctionIndex(tx ReadTxn, _ *acl.EnterpriseMeta) (interface{}, error) { return tx.First(tableIndex, "id", indexServiceExtinction) } -func catalogMaxIndex(tx ReadTxn, _ *structs.EnterpriseMeta, checks bool) uint64 { +func catalogMaxIndex(tx ReadTxn, _ *acl.EnterpriseMeta, checks bool) uint64 { if checks { return maxIndexTxn(tx, tableNodes, tableServices, tableChecks) } return maxIndexTxn(tx, tableNodes, tableServices) } -func catalogMaxIndexWatch(tx ReadTxn, ws memdb.WatchSet, _ *structs.EnterpriseMeta, checks bool) uint64 { +func catalogMaxIndexWatch(tx ReadTxn, ws memdb.WatchSet, _ *acl.EnterpriseMeta, checks bool) uint64 { if checks { return maxIndexWatchTxn(tx, ws, tableNodes, tableServices, tableChecks) } return maxIndexWatchTxn(tx, ws, tableNodes, tableServices) } -func catalogUpdateCheckIndexes(tx WriteTxn, idx uint64, _ *structs.EnterpriseMeta) error { +func catalogUpdateCheckIndexes(tx WriteTxn, idx uint64, _ *acl.EnterpriseMeta) error { // update the universal index entry if err := tx.Insert(tableIndex, &IndexEntry{tableChecks, idx}); err != nil { return fmt.Errorf("failed updating index: %s", err) @@ -159,7 +160,7 @@ func catalogUpdateCheckIndexes(tx WriteTxn, idx uint64, _ *structs.EnterpriseMet return nil } -func catalogChecksMaxIndex(tx ReadTxn, _ *structs.EnterpriseMeta) uint64 { +func catalogChecksMaxIndex(tx ReadTxn, _ *acl.EnterpriseMeta) uint64 { return maxIndexTxn(tx, tableChecks) } @@ -180,11 +181,11 @@ func catalogInsertCheck(tx WriteTxn, chk *structs.HealthCheck, idx uint64) error return nil } -func validateRegisterRequestTxn(_ ReadTxn, _ *structs.RegisterRequest, _ bool) (*structs.EnterpriseMeta, error) { +func validateRegisterRequestTxn(_ ReadTxn, _ *structs.RegisterRequest, _ bool) (*acl.EnterpriseMeta, error) { return nil, nil } -func (s *Store) ValidateRegisterRequest(_ *structs.RegisterRequest) (*structs.EnterpriseMeta, error) { +func (s *Store) ValidateRegisterRequest(_ *structs.RegisterRequest) (*acl.EnterpriseMeta, error) { return nil, nil } diff --git a/agent/consul/state/catalog_oss_test.go b/agent/consul/state/catalog_oss_test.go index 5811416b1..9edaff833 100644 --- a/agent/consul/state/catalog_oss_test.go +++ b/agent/consul/state/catalog_oss_test.go @@ -6,6 +6,7 @@ package state import ( "net" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/types" ) @@ -33,7 +34,7 @@ func testIndexerTableChecks() map[string]indexerTestCase { }, prefix: []indexValue{ { - source: structs.EnterpriseMeta{}, + source: acl.EnterpriseMeta{}, expected: nil, }, { @@ -193,11 +194,11 @@ func testIndexerTableNodes() map[string]indexerTestCase { }, prefix: []indexValue{ { - source: (*structs.EnterpriseMeta)(nil), + source: (*acl.EnterpriseMeta)(nil), expected: nil, }, { - source: structs.EnterpriseMeta{}, + source: acl.EnterpriseMeta{}, expected: nil, }, { @@ -220,11 +221,11 @@ func testIndexerTableNodes() map[string]indexerTestCase { }, prefix: []indexValue{ { - source: (*structs.EnterpriseMeta)(nil), + source: (*acl.EnterpriseMeta)(nil), expected: nil, }, { - source: structs.EnterpriseMeta{}, + source: acl.EnterpriseMeta{}, expected: nil, }, { // partial length @@ -286,11 +287,11 @@ func testIndexerTableServices() map[string]indexerTestCase { }, prefix: []indexValue{ { - source: (*structs.EnterpriseMeta)(nil), + source: (*acl.EnterpriseMeta)(nil), expected: nil, }, { - source: structs.EnterpriseMeta{}, + source: acl.EnterpriseMeta{}, expected: nil, }, { diff --git a/agent/consul/state/catalog_schema.go b/agent/consul/state/catalog_schema.go index 9d0b447dc..b2d0907dc 100644 --- a/agent/consul/state/catalog_schema.go +++ b/agent/consul/state/catalog_schema.go @@ -8,6 +8,7 @@ import ( "github.com/hashicorp/go-memdb" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" ) @@ -589,7 +590,7 @@ type upstreamDownstream struct { type NodeCheckQuery struct { Node string CheckID string - structs.EnterpriseMeta + acl.EnterpriseMeta } // NamespaceOrDefault exists because structs.EnterpriseMeta uses a pointer @@ -709,7 +710,7 @@ func kindServiceNameTableSchema() *memdb.TableSchema { type KindServiceNameQuery struct { Kind structs.ServiceKind Name string - structs.EnterpriseMeta + acl.EnterpriseMeta } // NamespaceOrDefault exists because structs.EnterpriseMeta uses a pointer diff --git a/agent/consul/state/config_entry.go b/agent/consul/state/config_entry.go index 507388283..1ae05bc11 100644 --- a/agent/consul/state/config_entry.go +++ b/agent/consul/state/config_entry.go @@ -6,6 +6,7 @@ import ( memdb "github.com/hashicorp/go-memdb" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/configentry" "github.com/hashicorp/consul/agent/connect" "github.com/hashicorp/consul/agent/consul/discoverychain" @@ -95,13 +96,13 @@ func (s *Restore) ConfigEntry(c structs.ConfigEntry) error { } // ConfigEntry is called to get a given config entry. -func (s *Store) ConfigEntry(ws memdb.WatchSet, kind, name string, entMeta *structs.EnterpriseMeta) (uint64, structs.ConfigEntry, error) { +func (s *Store) ConfigEntry(ws memdb.WatchSet, kind, name string, entMeta *acl.EnterpriseMeta) (uint64, structs.ConfigEntry, error) { tx := s.db.Txn(false) defer tx.Abort() return configEntryTxn(tx, ws, kind, name, entMeta) } -func configEntryTxn(tx ReadTxn, ws memdb.WatchSet, kind, name string, entMeta *structs.EnterpriseMeta) (uint64, structs.ConfigEntry, error) { +func configEntryTxn(tx ReadTxn, ws memdb.WatchSet, kind, name string, entMeta *acl.EnterpriseMeta) (uint64, structs.ConfigEntry, error) { // Get the index idx := maxIndexTxn(tx, tableConfigEntries) @@ -124,19 +125,19 @@ func configEntryTxn(tx ReadTxn, ws memdb.WatchSet, kind, name string, entMeta *s } // ConfigEntries is called to get all config entry objects. -func (s *Store) ConfigEntries(ws memdb.WatchSet, entMeta *structs.EnterpriseMeta) (uint64, []structs.ConfigEntry, error) { +func (s *Store) ConfigEntries(ws memdb.WatchSet, entMeta *acl.EnterpriseMeta) (uint64, []structs.ConfigEntry, error) { return s.ConfigEntriesByKind(ws, "", entMeta) } // ConfigEntriesByKind is called to get all config entry objects with the given kind. // If kind is empty, all config entries will be returned. -func (s *Store) ConfigEntriesByKind(ws memdb.WatchSet, kind string, entMeta *structs.EnterpriseMeta) (uint64, []structs.ConfigEntry, error) { +func (s *Store) ConfigEntriesByKind(ws memdb.WatchSet, kind string, entMeta *acl.EnterpriseMeta) (uint64, []structs.ConfigEntry, error) { tx := s.db.Txn(false) defer tx.Abort() return configEntriesByKindTxn(tx, ws, kind, entMeta) } -func configEntriesByKindTxn(tx ReadTxn, ws memdb.WatchSet, kind string, entMeta *structs.EnterpriseMeta) (uint64, []structs.ConfigEntry, error) { +func configEntriesByKindTxn(tx ReadTxn, ws memdb.WatchSet, kind string, entMeta *acl.EnterpriseMeta) (uint64, []structs.ConfigEntry, error) { // Get the index and watch for updates idx := maxIndexWatchTxn(tx, ws, tableConfigEntries) @@ -278,7 +279,7 @@ func (s *Store) DeleteConfigEntryCAS(idx, cidx uint64, conf structs.ConfigEntry) return err == nil, err } -func (s *Store) DeleteConfigEntry(idx uint64, kind, name string, entMeta *structs.EnterpriseMeta) error { +func (s *Store) DeleteConfigEntry(idx uint64, kind, name string, entMeta *acl.EnterpriseMeta) error { tx := s.db.WriteTxn(idx) defer tx.Abort() @@ -290,7 +291,7 @@ func (s *Store) DeleteConfigEntry(idx uint64, kind, name string, entMeta *struct } // TODO: accept structs.ConfigEntry instead of individual fields -func deleteConfigEntryTxn(tx WriteTxn, idx uint64, kind, name string, entMeta *structs.EnterpriseMeta) error { +func deleteConfigEntryTxn(tx WriteTxn, idx uint64, kind, name string, entMeta *acl.EnterpriseMeta) error { q := configentry.NewKindName(kind, name, entMeta) existing, err := tx.First(tableConfigEntries, indexID, q) if err != nil { @@ -423,7 +424,7 @@ var serviceGraphKinds = []string{ } // discoveryChainTargets will return a list of services listed as a target for the input's discovery chain -func (s *Store) discoveryChainTargetsTxn(tx ReadTxn, ws memdb.WatchSet, dc, service string, entMeta *structs.EnterpriseMeta) (uint64, []structs.ServiceName, error) { +func (s *Store) discoveryChainTargetsTxn(tx ReadTxn, ws memdb.WatchSet, dc, service string, entMeta *acl.EnterpriseMeta) (uint64, []structs.ServiceName, error) { source := structs.NewServiceName(service, entMeta) req := discoverychain.CompileRequest{ ServiceName: source.Name, @@ -438,7 +439,7 @@ func (s *Store) discoveryChainTargetsTxn(tx ReadTxn, ws memdb.WatchSet, dc, serv var resp []structs.ServiceName for _, t := range chain.Targets { - em := structs.NewEnterpriseMetaWithPartition(entMeta.PartitionOrDefault(), t.Namespace) + em := acl.NewEnterpriseMetaWithPartition(entMeta.PartitionOrDefault(), t.Namespace) target := structs.NewServiceName(t.Service, &em) // TODO (freddy): Allow upstream DC and encode in response @@ -494,7 +495,7 @@ func (s *Store) discoveryChainSourcesTxn(tx ReadTxn, ws memdb.WatchSet, dc strin } for _, t := range chain.Targets { - em := structs.NewEnterpriseMetaWithPartition(sn.PartitionOrDefault(), t.Namespace) + em := acl.NewEnterpriseMetaWithPartition(sn.PartitionOrDefault(), t.Namespace) candidate := structs.NewServiceName(t.Service, &em) if !candidate.Matches(destination) { @@ -740,7 +741,7 @@ func testCompileDiscoveryChain( tx ReadTxn, chainName string, overrides map[configentry.KindName]structs.ConfigEntry, - entMeta *structs.EnterpriseMeta, + entMeta *acl.EnterpriseMeta, ) (string, *structs.DiscoveryGraphNode, error) { _, speculativeEntries, err := readDiscoveryChainConfigEntriesTxn(tx, nil, chainName, overrides, entMeta) if err != nil { @@ -770,7 +771,7 @@ func testCompileDiscoveryChain( func (s *Store) ServiceDiscoveryChain( ws memdb.WatchSet, serviceName string, - entMeta *structs.EnterpriseMeta, + entMeta *acl.EnterpriseMeta, req discoverychain.CompileRequest, ) (uint64, *structs.CompiledDiscoveryChain, *configentry.DiscoveryChainSet, error) { tx := s.db.ReadTxn() @@ -783,7 +784,7 @@ func (s *Store) serviceDiscoveryChainTxn( tx ReadTxn, ws memdb.WatchSet, serviceName string, - entMeta *structs.EnterpriseMeta, + entMeta *acl.EnterpriseMeta, req discoverychain.CompileRequest, ) (uint64, *structs.CompiledDiscoveryChain, *configentry.DiscoveryChainSet, error) { @@ -821,7 +822,7 @@ func (s *Store) serviceDiscoveryChainTxn( func (s *Store) ReadResolvedServiceConfigEntries( ws memdb.WatchSet, serviceName string, - entMeta *structs.EnterpriseMeta, + entMeta *acl.EnterpriseMeta, upstreamIDs []structs.ServiceID, proxyMode structs.ProxyMode, ) (uint64, *configentry.ResolvedServiceConfigSet, error) { @@ -941,7 +942,7 @@ func (s *Store) ReadResolvedServiceConfigEntries( func (s *Store) ReadDiscoveryChainConfigEntries( ws memdb.WatchSet, serviceName string, - entMeta *structs.EnterpriseMeta, + entMeta *acl.EnterpriseMeta, ) (uint64, *configentry.DiscoveryChainSet, error) { return s.readDiscoveryChainConfigEntries(ws, serviceName, nil, entMeta) } @@ -960,7 +961,7 @@ func (s *Store) readDiscoveryChainConfigEntries( ws memdb.WatchSet, serviceName string, overrides map[configentry.KindName]structs.ConfigEntry, - entMeta *structs.EnterpriseMeta, + entMeta *acl.EnterpriseMeta, ) (uint64, *configentry.DiscoveryChainSet, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -972,7 +973,7 @@ func readDiscoveryChainConfigEntriesTxn( ws memdb.WatchSet, serviceName string, overrides map[configentry.KindName]structs.ConfigEntry, - entMeta *structs.EnterpriseMeta, + entMeta *acl.EnterpriseMeta, ) (uint64, *configentry.DiscoveryChainSet, error) { res := configentry.NewDiscoveryChainSet() @@ -1179,7 +1180,7 @@ func getProxyConfigEntryTxn( ws memdb.WatchSet, name string, overrides map[configentry.KindName]structs.ConfigEntry, - entMeta *structs.EnterpriseMeta, + entMeta *acl.EnterpriseMeta, ) (uint64, *structs.ProxyConfigEntry, error) { idx, entry, err := configEntryWithOverridesTxn(tx, ws, structs.ProxyDefaults, name, overrides, entMeta) if err != nil { @@ -1204,7 +1205,7 @@ func getServiceConfigEntryTxn( ws memdb.WatchSet, serviceName string, overrides map[configentry.KindName]structs.ConfigEntry, - entMeta *structs.EnterpriseMeta, + entMeta *acl.EnterpriseMeta, ) (uint64, *structs.ServiceConfigEntry, error) { idx, entry, err := configEntryWithOverridesTxn(tx, ws, structs.ServiceDefaults, serviceName, overrides, entMeta) if err != nil { @@ -1229,7 +1230,7 @@ func getRouterConfigEntryTxn( ws memdb.WatchSet, serviceName string, overrides map[configentry.KindName]structs.ConfigEntry, - entMeta *structs.EnterpriseMeta, + entMeta *acl.EnterpriseMeta, ) (uint64, *structs.ServiceRouterConfigEntry, error) { idx, entry, err := configEntryWithOverridesTxn(tx, ws, structs.ServiceRouter, serviceName, overrides, entMeta) if err != nil { @@ -1254,7 +1255,7 @@ func getSplitterConfigEntryTxn( ws memdb.WatchSet, serviceName string, overrides map[configentry.KindName]structs.ConfigEntry, - entMeta *structs.EnterpriseMeta, + entMeta *acl.EnterpriseMeta, ) (uint64, *structs.ServiceSplitterConfigEntry, error) { idx, entry, err := configEntryWithOverridesTxn(tx, ws, structs.ServiceSplitter, serviceName, overrides, entMeta) if err != nil { @@ -1279,7 +1280,7 @@ func getResolverConfigEntryTxn( ws memdb.WatchSet, serviceName string, overrides map[configentry.KindName]structs.ConfigEntry, - entMeta *structs.EnterpriseMeta, + entMeta *acl.EnterpriseMeta, ) (uint64, *structs.ServiceResolverConfigEntry, error) { idx, entry, err := configEntryWithOverridesTxn(tx, ws, structs.ServiceResolver, serviceName, overrides, entMeta) if err != nil { @@ -1304,7 +1305,7 @@ func getServiceIntentionsConfigEntryTxn( ws memdb.WatchSet, name string, overrides map[configentry.KindName]structs.ConfigEntry, - entMeta *structs.EnterpriseMeta, + entMeta *acl.EnterpriseMeta, ) (uint64, *structs.ServiceIntentionsConfigEntry, error) { idx, entry, err := configEntryWithOverridesTxn(tx, ws, structs.ServiceIntentions, name, overrides, entMeta) if err != nil { @@ -1326,7 +1327,7 @@ func configEntryWithOverridesTxn( kind string, name string, overrides map[configentry.KindName]structs.ConfigEntry, - entMeta *structs.EnterpriseMeta, + entMeta *acl.EnterpriseMeta, ) (uint64, structs.ConfigEntry, error) { if len(overrides) > 0 { kn := configentry.NewKindName(kind, name, entMeta) @@ -1389,7 +1390,7 @@ func newConfigEntryQuery(c structs.ConfigEntry) configentry.KindName { // ConfigEntryKindQuery is used to lookup config entries by their kind. type ConfigEntryKindQuery struct { Kind string - structs.EnterpriseMeta + acl.EnterpriseMeta } // NamespaceOrDefault exists because structs.EnterpriseMeta uses a pointer diff --git a/agent/consul/state/config_entry_intention.go b/agent/consul/state/config_entry_intention.go index ad0c97694..27c4912e6 100644 --- a/agent/consul/state/config_entry_intention.go +++ b/agent/consul/state/config_entry_intention.go @@ -6,6 +6,7 @@ import ( memdb "github.com/hashicorp/go-memdb" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" ) @@ -123,7 +124,7 @@ func (s *ServiceIntentionSourceIndex) FromArgs(args ...interface{}) ([]byte, err return []byte(arg.String() + "\x00"), nil } -func configIntentionsListTxn(tx ReadTxn, ws memdb.WatchSet, entMeta *structs.EnterpriseMeta) (uint64, structs.Intentions, bool, error) { +func configIntentionsListTxn(tx ReadTxn, ws memdb.WatchSet, entMeta *acl.EnterpriseMeta) (uint64, structs.Intentions, bool, error) { // unrolled part of configEntriesByKindTxn idx := maxIndexTxn(tx, tableConfigEntries) @@ -238,7 +239,7 @@ func configIntentionMatchOneTxn( } } -func readSourceIntentionsFromConfigEntriesTxn(tx ReadTxn, ws memdb.WatchSet, serviceName string, entMeta *structs.EnterpriseMeta) (uint64, structs.Intentions, error) { +func readSourceIntentionsFromConfigEntriesTxn(tx ReadTxn, ws memdb.WatchSet, serviceName string, entMeta *acl.EnterpriseMeta) (uint64, structs.Intentions, error) { idx := maxIndexTxn(tx, tableConfigEntries) var ( @@ -262,7 +263,7 @@ func readSourceIntentionsFromConfigEntriesTxn(tx ReadTxn, ws memdb.WatchSet, ser return idx, results, nil } -func readSourceIntentionsFromConfigEntriesForServiceTxn(tx ReadTxn, ws memdb.WatchSet, serviceName string, entMeta *structs.EnterpriseMeta, results structs.Intentions) (structs.Intentions, error) { +func readSourceIntentionsFromConfigEntriesForServiceTxn(tx ReadTxn, ws memdb.WatchSet, serviceName string, entMeta *acl.EnterpriseMeta, results structs.Intentions) (structs.Intentions, error) { sn := structs.NewServiceName(serviceName, entMeta) iter, err := tx.Get(tableConfigEntries, indexSource, sn) @@ -283,7 +284,7 @@ func readSourceIntentionsFromConfigEntriesForServiceTxn(tx ReadTxn, ws memdb.Wat return results, nil } -func readDestinationIntentionsFromConfigEntriesTxn(tx ReadTxn, ws memdb.WatchSet, serviceName string, entMeta *structs.EnterpriseMeta) (uint64, structs.Intentions, error) { +func readDestinationIntentionsFromConfigEntriesTxn(tx ReadTxn, ws memdb.WatchSet, serviceName string, entMeta *acl.EnterpriseMeta) (uint64, structs.Intentions, error) { idx := maxIndexTxn(tx, tableConfigEntries) var results structs.Intentions diff --git a/agent/consul/state/config_entry_intention_oss.go b/agent/consul/state/config_entry_intention_oss.go index d6fafe621..c954c147c 100644 --- a/agent/consul/state/config_entry_intention_oss.go +++ b/agent/consul/state/config_entry_intention_oss.go @@ -4,10 +4,11 @@ package state import ( + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" ) -func getIntentionPrecedenceMatchServiceNames(serviceName string, entMeta *structs.EnterpriseMeta) []structs.ServiceName { +func getIntentionPrecedenceMatchServiceNames(serviceName string, entMeta *acl.EnterpriseMeta) []structs.ServiceName { if serviceName == structs.WildcardSpecifier { return []structs.ServiceName{ structs.NewServiceName(structs.WildcardSpecifier, entMeta), diff --git a/agent/consul/state/config_entry_oss.go b/agent/consul/state/config_entry_oss.go index 9c3d6c7ea..66a47eb86 100644 --- a/agent/consul/state/config_entry_oss.go +++ b/agent/consul/state/config_entry_oss.go @@ -9,6 +9,7 @@ import ( memdb "github.com/hashicorp/go-memdb" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/configentry" "github.com/hashicorp/consul/agent/structs" ) @@ -17,9 +18,9 @@ func indexFromConfigEntryKindName(arg interface{}) ([]byte, error) { var b indexBuilder switch n := arg.(type) { - case *structs.EnterpriseMeta: + case *acl.EnterpriseMeta: return nil, nil - case structs.EnterpriseMeta: + case acl.EnterpriseMeta: return b.Bytes(), nil case ConfigEntryKindQuery: b.String(strings.ToLower(n.Kind)) @@ -37,7 +38,7 @@ func validateConfigEntryEnterprise(_ ReadTxn, _ structs.ConfigEntry) error { return nil } -func getAllConfigEntriesWithTxn(tx ReadTxn, _ *structs.EnterpriseMeta) (memdb.ResultIterator, error) { +func getAllConfigEntriesWithTxn(tx ReadTxn, _ *acl.EnterpriseMeta) (memdb.ResultIterator, error) { return tx.Get(tableConfigEntries, indexID) } @@ -45,11 +46,11 @@ func getAllConfigEntriesByKindWithTxn(tx ReadTxn, kind string) (memdb.ResultIter return getConfigEntryKindsWithTxn(tx, kind, nil) } -func getConfigEntryKindsWithTxn(tx ReadTxn, kind string, _ *structs.EnterpriseMeta) (memdb.ResultIterator, error) { +func getConfigEntryKindsWithTxn(tx ReadTxn, kind string, _ *acl.EnterpriseMeta) (memdb.ResultIterator, error) { return tx.Get(tableConfigEntries, indexID+"_prefix", ConfigEntryKindQuery{Kind: kind}) } -func configIntentionsConvertToList(iter memdb.ResultIterator, _ *structs.EnterpriseMeta) structs.Intentions { +func configIntentionsConvertToList(iter memdb.ResultIterator, _ *acl.EnterpriseMeta) structs.Intentions { var results structs.Intentions for v := iter.Next(); v != nil; v = iter.Next() { entry := v.(*structs.ServiceIntentionsConfigEntry) diff --git a/agent/consul/state/config_entry_oss_test.go b/agent/consul/state/config_entry_oss_test.go index 4c6595192..13a56e18c 100644 --- a/agent/consul/state/config_entry_oss_test.go +++ b/agent/consul/state/config_entry_oss_test.go @@ -4,6 +4,7 @@ package state import ( + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/configentry" "github.com/hashicorp/consul/agent/structs" ) @@ -24,7 +25,7 @@ func testIndexerTableConfigEntries() map[string]indexerTestCase { }, prefix: []indexValue{ { - source: structs.EnterpriseMeta{}, + source: acl.EnterpriseMeta{}, expected: nil, }, { diff --git a/agent/consul/state/coordinate.go b/agent/consul/state/coordinate.go index f294adb7b..0cbccf25c 100644 --- a/agent/consul/state/coordinate.go +++ b/agent/consul/state/coordinate.go @@ -6,6 +6,7 @@ import ( "github.com/hashicorp/go-memdb" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/lib" ) @@ -66,7 +67,7 @@ type CoordinateQuery struct { } func (c CoordinateQuery) PartitionOrDefault() string { - return structs.PartitionOrDefault(c.Partition) + return acl.PartitionOrDefault(c.Partition) } // coordinatesTableSchema returns a new table schema used for storing @@ -128,7 +129,7 @@ func (s *Restore) Coordinates(idx uint64, updates structs.Coordinates) error { // Coordinate returns a map of coordinates for the given node, indexed by // network segment. -func (s *Store) Coordinate(ws memdb.WatchSet, node string, entMeta *structs.EnterpriseMeta) (uint64, lib.CoordinateSet, error) { +func (s *Store) Coordinate(ws memdb.WatchSet, node string, entMeta *acl.EnterpriseMeta) (uint64, lib.CoordinateSet, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -157,7 +158,7 @@ func (s *Store) Coordinate(ws memdb.WatchSet, node string, entMeta *structs.Ente } // Coordinates queries for all nodes with coordinates. -func (s *Store) Coordinates(ws memdb.WatchSet, entMeta *structs.EnterpriseMeta) (uint64, structs.Coordinates, error) { +func (s *Store) Coordinates(ws memdb.WatchSet, entMeta *acl.EnterpriseMeta) (uint64, structs.Coordinates, error) { tx := s.db.Txn(false) defer tx.Abort() diff --git a/agent/consul/state/coordinate_oss.go b/agent/consul/state/coordinate_oss.go index d6b6042d7..8c86b768a 100644 --- a/agent/consul/state/coordinate_oss.go +++ b/agent/consul/state/coordinate_oss.go @@ -6,14 +6,15 @@ package state import ( "fmt" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" ) -func coordinatesMaxIndex(tx ReadTxn, entMeta *structs.EnterpriseMeta) uint64 { +func coordinatesMaxIndex(tx ReadTxn, entMeta *acl.EnterpriseMeta) uint64 { return maxIndexTxn(tx, tableCoordinates) } -func updateCoordinatesIndexes(tx WriteTxn, idx uint64, entMeta *structs.EnterpriseMeta) error { +func updateCoordinatesIndexes(tx WriteTxn, idx uint64, entMeta *acl.EnterpriseMeta) error { // Update the index. if err := indexUpdateMaxTxn(tx, idx, tableCoordinates); err != nil { return fmt.Errorf("failed updating index: %s", err) diff --git a/agent/consul/state/coordinate_oss_test.go b/agent/consul/state/coordinate_oss_test.go index 0bb08c1df..d5d15547b 100644 --- a/agent/consul/state/coordinate_oss_test.go +++ b/agent/consul/state/coordinate_oss_test.go @@ -3,7 +3,10 @@ package state -import "github.com/hashicorp/consul/agent/structs" +import ( + "github.com/hashicorp/consul/acl" + "github.com/hashicorp/consul/agent/structs" +) func testIndexerTableCoordinates() map[string]indexerTestCase { return map[string]indexerTestCase{ @@ -24,11 +27,11 @@ func testIndexerTableCoordinates() map[string]indexerTestCase { }, prefix: []indexValue{ { - source: (*structs.EnterpriseMeta)(nil), + source: (*acl.EnterpriseMeta)(nil), expected: nil, }, { - source: structs.EnterpriseMeta{}, + source: acl.EnterpriseMeta{}, expected: nil, }, { diff --git a/agent/consul/state/delay_oss.go b/agent/consul/state/delay_oss.go index 41b9a0405..8167d6bfe 100644 --- a/agent/consul/state/delay_oss.go +++ b/agent/consul/state/delay_oss.go @@ -4,9 +4,10 @@ package state import ( - "github.com/hashicorp/consul/agent/structs" "sync" "time" + + "github.com/hashicorp/consul/acl" ) // Delay is used to mark certain locks as unacquirable. When a lock is @@ -36,7 +37,7 @@ func NewDelay() *Delay { // GetExpiration returns the expiration time of a key lock delay. This must be // checked on the leader node, and not in KVSLock due to the variability of // clocks. -func (d *Delay) GetExpiration(key string, entMeta *structs.EnterpriseMeta) time.Time { +func (d *Delay) GetExpiration(key string, entMeta *acl.EnterpriseMeta) time.Time { d.lock.RLock() expires := d.delay[key] d.lock.RUnlock() @@ -45,7 +46,7 @@ func (d *Delay) GetExpiration(key string, entMeta *structs.EnterpriseMeta) time. // SetExpiration sets the expiration time for the lock delay to the given // delay from the given now time. -func (d *Delay) SetExpiration(key string, now time.Time, delay time.Duration, entMeta *structs.EnterpriseMeta) { +func (d *Delay) SetExpiration(key string, now time.Time, delay time.Duration, entMeta *acl.EnterpriseMeta) { d.lock.Lock() defer d.lock.Unlock() diff --git a/agent/consul/state/graveyard.go b/agent/consul/state/graveyard.go index 89601ea21..705846881 100644 --- a/agent/consul/state/graveyard.go +++ b/agent/consul/state/graveyard.go @@ -5,7 +5,7 @@ import ( "github.com/hashicorp/go-memdb" - "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/acl" ) // Tombstone is the internal type used to track tombstones. @@ -13,7 +13,7 @@ type Tombstone struct { Key string Index uint64 - structs.EnterpriseMeta + acl.EnterpriseMeta } func (t Tombstone) IDValue() string { @@ -33,7 +33,7 @@ func NewGraveyard(gc *TombstoneGC) *Graveyard { } // InsertTxn adds a new tombstone. -func (g *Graveyard) InsertTxn(tx WriteTxn, key string, idx uint64, entMeta *structs.EnterpriseMeta) error { +func (g *Graveyard) InsertTxn(tx WriteTxn, key string, idx uint64, entMeta *acl.EnterpriseMeta) error { stone := &Tombstone{ Key: key, Index: idx, diff --git a/agent/consul/state/graveyard_oss.go b/agent/consul/state/graveyard_oss.go index 71b6bd90b..bccbe1ec7 100644 --- a/agent/consul/state/graveyard_oss.go +++ b/agent/consul/state/graveyard_oss.go @@ -6,6 +6,7 @@ package state import ( "fmt" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" ) @@ -28,7 +29,7 @@ func (g *Graveyard) insertTombstoneWithTxn(tx WriteTxn, _ string, stone *Tombsto // GetMaxIndexTxn returns the highest index tombstone whose key matches the // given context, using a prefix match. -func (g *Graveyard) GetMaxIndexTxn(tx ReadTxn, prefix string, _ *structs.EnterpriseMeta) (uint64, error) { +func (g *Graveyard) GetMaxIndexTxn(tx ReadTxn, prefix string, _ *acl.EnterpriseMeta) (uint64, error) { var lindex uint64 q := Query{Value: prefix, EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition()} stones, err := tx.Get(tableTombstones, indexID+"_prefix", q) diff --git a/agent/consul/state/indexer.go b/agent/consul/state/indexer.go index 7fa30a7d5..70b769c58 100644 --- a/agent/consul/state/indexer.go +++ b/agent/consul/state/indexer.go @@ -8,6 +8,7 @@ import ( "strings" "time" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" ) @@ -196,7 +197,7 @@ func (b *indexBuilder) Bool(v bool) { type TimeQuery struct { Value time.Time - structs.EnterpriseMeta + acl.EnterpriseMeta } // NamespaceOrDefault exists because structs.EnterpriseMeta uses a pointer diff --git a/agent/consul/state/intention.go b/agent/consul/state/intention.go index f2f64500f..2417f5741 100644 --- a/agent/consul/state/intention.go +++ b/agent/consul/state/intention.go @@ -150,7 +150,7 @@ func areIntentionsInConfigEntries(tx ReadTxn, ws memdb.WatchSet) (bool, error) { // LegacyIntentions is like Intentions() but only returns legacy intentions. // This is exposed for migration purposes. -func (s *Store) LegacyIntentions(ws memdb.WatchSet, entMeta *structs.EnterpriseMeta) (uint64, structs.Intentions, error) { +func (s *Store) LegacyIntentions(ws memdb.WatchSet, entMeta *acl.EnterpriseMeta) (uint64, structs.Intentions, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -159,7 +159,7 @@ func (s *Store) LegacyIntentions(ws memdb.WatchSet, entMeta *structs.EnterpriseM } // Intentions returns the list of all intentions. The boolean response value is true if it came from config entries. -func (s *Store) Intentions(ws memdb.WatchSet, entMeta *structs.EnterpriseMeta) (uint64, structs.Intentions, bool, error) { +func (s *Store) Intentions(ws memdb.WatchSet, entMeta *acl.EnterpriseMeta) (uint64, structs.Intentions, bool, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -173,7 +173,7 @@ func (s *Store) Intentions(ws memdb.WatchSet, entMeta *structs.EnterpriseMeta) ( return configIntentionsListTxn(tx, ws, entMeta) } -func legacyIntentionsListTxn(tx ReadTxn, ws memdb.WatchSet, entMeta *structs.EnterpriseMeta) (uint64, structs.Intentions, bool, error) { +func legacyIntentionsListTxn(tx ReadTxn, ws memdb.WatchSet, entMeta *acl.EnterpriseMeta) (uint64, structs.Intentions, bool, error) { // Get the index idx := maxIndexTxn(tx, tableConnectIntentions) if idx < 1 { diff --git a/agent/consul/state/intention_oss.go b/agent/consul/state/intention_oss.go index e6872ab5b..6c99e6749 100644 --- a/agent/consul/state/intention_oss.go +++ b/agent/consul/state/intention_oss.go @@ -6,10 +6,10 @@ package state import ( memdb "github.com/hashicorp/go-memdb" - "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/acl" ) -func intentionListTxn(tx ReadTxn, _ *structs.EnterpriseMeta) (memdb.ResultIterator, error) { +func intentionListTxn(tx ReadTxn, _ *acl.EnterpriseMeta) (memdb.ResultIterator, error) { // Get all intentions return tx.Get(tableConnectIntentions, "id") } diff --git a/agent/consul/state/kvs.go b/agent/consul/state/kvs.go index 34639ace0..82aa842e8 100644 --- a/agent/consul/state/kvs.go +++ b/agent/consul/state/kvs.go @@ -6,6 +6,7 @@ import ( "github.com/hashicorp/go-memdb" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" ) @@ -176,7 +177,7 @@ func kvsSetTxn(tx WriteTxn, idx uint64, entry *structs.DirEntry, updateSession b } // KVSGet is used to retrieve a key/value pair from the state store. -func (s *Store) KVSGet(ws memdb.WatchSet, key string, entMeta *structs.EnterpriseMeta) (uint64, *structs.DirEntry, error) { +func (s *Store) KVSGet(ws memdb.WatchSet, key string, entMeta *acl.EnterpriseMeta) (uint64, *structs.DirEntry, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -191,7 +192,7 @@ func (s *Store) KVSGet(ws memdb.WatchSet, key string, entMeta *structs.Enterpris // kvsGetTxn is the inner method that gets a KVS entry inside an existing // transaction. func kvsGetTxn(tx ReadTxn, - ws memdb.WatchSet, key string, entMeta structs.EnterpriseMeta) (uint64, *structs.DirEntry, error) { + ws memdb.WatchSet, key string, entMeta acl.EnterpriseMeta) (uint64, *structs.DirEntry, error) { // Get the table index. idx := kvsMaxIndex(tx, entMeta) @@ -212,7 +213,7 @@ func kvsGetTxn(tx ReadTxn, // is the max index of the returned kvs entries or applicable tombstones, or // else it's the full table indexes for kvs and tombstones. func (s *Store) KVSList(ws memdb.WatchSet, - prefix string, entMeta *structs.EnterpriseMeta) (uint64, structs.DirEntries, error) { + prefix string, entMeta *acl.EnterpriseMeta) (uint64, structs.DirEntries, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -228,7 +229,7 @@ func (s *Store) KVSList(ws memdb.WatchSet, // kvsListTxn is the inner method that gets a list of KVS entries matching a // prefix. func (s *Store) kvsListTxn(tx ReadTxn, - ws memdb.WatchSet, prefix string, entMeta structs.EnterpriseMeta) (uint64, structs.DirEntries, error) { + ws memdb.WatchSet, prefix string, entMeta acl.EnterpriseMeta) (uint64, structs.DirEntries, error) { // Get the table indexes. idx := kvsMaxIndex(tx, entMeta) @@ -262,7 +263,7 @@ func (s *Store) kvsListTxn(tx ReadTxn, // KVSDelete is used to perform a shallow delete on a single key in the // the state store. -func (s *Store) KVSDelete(idx uint64, key string, entMeta *structs.EnterpriseMeta) error { +func (s *Store) KVSDelete(idx uint64, key string, entMeta *acl.EnterpriseMeta) error { tx := s.db.WriteTxn(idx) defer tx.Abort() @@ -276,7 +277,7 @@ func (s *Store) KVSDelete(idx uint64, key string, entMeta *structs.EnterpriseMet // kvsDeleteTxn is the inner method used to perform the actual deletion // of a key/value pair within an existing transaction. -func (s *Store) kvsDeleteTxn(tx WriteTxn, idx uint64, key string, entMeta *structs.EnterpriseMeta) error { +func (s *Store) kvsDeleteTxn(tx WriteTxn, idx uint64, key string, entMeta *acl.EnterpriseMeta) error { if entMeta == nil { entMeta = structs.DefaultEnterpriseMetaInDefaultPartition() @@ -303,7 +304,7 @@ func (s *Store) kvsDeleteTxn(tx WriteTxn, idx uint64, key string, entMeta *struc // raft index. If the CAS index specified is not equal to the last // observed index for the given key, then the call is a noop, otherwise // a normal KV delete is invoked. -func (s *Store) KVSDeleteCAS(idx, cidx uint64, key string, entMeta *structs.EnterpriseMeta) (bool, error) { +func (s *Store) KVSDeleteCAS(idx, cidx uint64, key string, entMeta *acl.EnterpriseMeta) (bool, error) { tx := s.db.WriteTxn(idx) defer tx.Abort() @@ -318,7 +319,7 @@ func (s *Store) KVSDeleteCAS(idx, cidx uint64, key string, entMeta *structs.Ente // kvsDeleteCASTxn is the inner method that does a CAS delete within an existing // transaction. -func (s *Store) kvsDeleteCASTxn(tx WriteTxn, idx, cidx uint64, key string, entMeta *structs.EnterpriseMeta) (bool, error) { +func (s *Store) kvsDeleteCASTxn(tx WriteTxn, idx, cidx uint64, key string, entMeta *acl.EnterpriseMeta) (bool, error) { if entMeta == nil { entMeta = structs.DefaultEnterpriseMetaInDefaultPartition() } @@ -390,7 +391,7 @@ func kvsSetCASTxn(tx WriteTxn, idx uint64, entry *structs.DirEntry) (bool, error // KVSDeleteTree is used to do a recursive delete on a key prefix // in the state store. If any keys are modified, the last index is // set, otherwise this is a no-op. -func (s *Store) KVSDeleteTree(idx uint64, prefix string, entMeta *structs.EnterpriseMeta) error { +func (s *Store) KVSDeleteTree(idx uint64, prefix string, entMeta *acl.EnterpriseMeta) error { tx := s.db.WriteTxn(idx) defer tx.Abort() @@ -403,7 +404,7 @@ func (s *Store) KVSDeleteTree(idx uint64, prefix string, entMeta *structs.Enterp // KVSLockDelay returns the expiration time for any lock delay associated with // the given key. -func (s *Store) KVSLockDelay(key string, entMeta *structs.EnterpriseMeta) time.Time { +func (s *Store) KVSLockDelay(key string, entMeta *acl.EnterpriseMeta) time.Time { return s.lockDelay.GetExpiration(key, entMeta) } @@ -527,7 +528,7 @@ func kvsUnlockTxn(tx WriteTxn, idx uint64, entry *structs.DirEntry) (bool, error // kvsCheckSessionTxn checks to see if the given session matches the current // entry for a key. func kvsCheckSessionTxn(tx WriteTxn, - key string, session string, entMeta *structs.EnterpriseMeta) (*structs.DirEntry, error) { + key string, session string, entMeta *acl.EnterpriseMeta) (*structs.DirEntry, error) { if entMeta == nil { entMeta = structs.DefaultEnterpriseMetaInDefaultPartition() @@ -552,7 +553,7 @@ func kvsCheckSessionTxn(tx WriteTxn, // kvsCheckIndexTxn checks to see if the given modify index matches the current // entry for a key. func kvsCheckIndexTxn(tx WriteTxn, - key string, cidx uint64, entMeta structs.EnterpriseMeta) (*structs.DirEntry, error) { + key string, cidx uint64, entMeta acl.EnterpriseMeta) (*structs.DirEntry, error) { entry, err := tx.First(tableKVs, indexID, Query{Value: key, EnterpriseMeta: entMeta}) if err != nil { diff --git a/agent/consul/state/kvs_oss.go b/agent/consul/state/kvs_oss.go index 598ffc39d..3ded43255 100644 --- a/agent/consul/state/kvs_oss.go +++ b/agent/consul/state/kvs_oss.go @@ -9,6 +9,7 @@ import ( "github.com/hashicorp/go-memdb" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" ) @@ -25,7 +26,7 @@ func prefixIndexForIDValue(arg interface{}) ([]byte, error) { // DeletePrefix always uses a string, pass it along unmodified case string: return []byte(v), nil - case structs.EnterpriseMeta: + case acl.EnterpriseMeta: return nil, nil case singleValueID: var b indexBuilder @@ -56,7 +57,7 @@ func insertKVTxn(tx WriteTxn, entry *structs.DirEntry, updateMax bool, _ bool) e return nil } -func kvsListEntriesTxn(tx ReadTxn, ws memdb.WatchSet, prefix string, entMeta structs.EnterpriseMeta) (uint64, structs.DirEntries, error) { +func kvsListEntriesTxn(tx ReadTxn, ws memdb.WatchSet, prefix string, entMeta acl.EnterpriseMeta) (uint64, structs.DirEntries, error) { var ents structs.DirEntries var lindex uint64 @@ -79,7 +80,7 @@ func kvsListEntriesTxn(tx ReadTxn, ws memdb.WatchSet, prefix string, entMeta str // kvsDeleteTreeTxn is the inner method that does a recursive delete inside an // existing transaction. -func (s *Store) kvsDeleteTreeTxn(tx WriteTxn, idx uint64, prefix string, entMeta *structs.EnterpriseMeta) error { +func (s *Store) kvsDeleteTreeTxn(tx WriteTxn, idx uint64, prefix string, entMeta *acl.EnterpriseMeta) error { // For prefix deletes, only insert one tombstone and delete the entire subtree deleted, err := tx.DeletePrefix(tableKVs, indexID+"_prefix", prefix) if err != nil { @@ -100,7 +101,7 @@ func (s *Store) kvsDeleteTreeTxn(tx WriteTxn, idx uint64, prefix string, entMeta return nil } -func kvsMaxIndex(tx ReadTxn, entMeta structs.EnterpriseMeta) uint64 { +func kvsMaxIndex(tx ReadTxn, entMeta acl.EnterpriseMeta) uint64 { return maxIndexTxn(tx, "kvs", "tombstones") } diff --git a/agent/consul/state/kvs_oss_test.go b/agent/consul/state/kvs_oss_test.go index 4ec7ac7a3..7cee36893 100644 --- a/agent/consul/state/kvs_oss_test.go +++ b/agent/consul/state/kvs_oss_test.go @@ -3,7 +3,10 @@ package state -import "github.com/hashicorp/consul/agent/structs" +import ( + "github.com/hashicorp/consul/acl" + "github.com/hashicorp/consul/agent/structs" +) func testIndexerTableKVs() map[string]indexerTestCase { return map[string]indexerTestCase{ @@ -22,7 +25,7 @@ func testIndexerTableKVs() map[string]indexerTestCase { expected: []byte("indexString"), }, { - source: structs.EnterpriseMeta{}, + source: acl.EnterpriseMeta{}, expected: nil, }, { @@ -51,7 +54,7 @@ func testIndexerTableTombstones() map[string]indexerTestCase { expected: []byte("indexString"), }, { - source: structs.EnterpriseMeta{}, + source: acl.EnterpriseMeta{}, expected: nil, }, { diff --git a/agent/consul/state/operations_oss.go b/agent/consul/state/operations_oss.go index 7be71732d..c1a3300ad 100644 --- a/agent/consul/state/operations_oss.go +++ b/agent/consul/state/operations_oss.go @@ -6,11 +6,11 @@ package state import ( "github.com/hashicorp/go-memdb" - "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/acl" ) func getCompoundWithTxn(tx ReadTxn, table, index string, - _ *structs.EnterpriseMeta, idxVals ...interface{}) (memdb.ResultIterator, error) { + _ *acl.EnterpriseMeta, idxVals ...interface{}) (memdb.ResultIterator, error) { return tx.Get(table, index, idxVals...) } diff --git a/agent/consul/state/query.go b/agent/consul/state/query.go index 7e0838448..b88fbe4fc 100644 --- a/agent/consul/state/query.go +++ b/agent/consul/state/query.go @@ -5,6 +5,7 @@ import ( "fmt" "strings" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" ) @@ -12,7 +13,7 @@ import ( // enterprise identifier. type Query struct { Value string - structs.EnterpriseMeta + acl.EnterpriseMeta } func (q Query) IDValue() string { @@ -33,7 +34,7 @@ func (q Query) PartitionOrDefault() string { type MultiQuery struct { Value []string - structs.EnterpriseMeta + acl.EnterpriseMeta } func (q MultiQuery) IDValue() []string { @@ -118,7 +119,7 @@ func parseUUIDString(uuid string) ([]byte, error) { // enterprise identifier. type BoolQuery struct { Value bool - structs.EnterpriseMeta + acl.EnterpriseMeta } // NamespaceOrDefault exists because structs.EnterpriseMeta uses a pointer @@ -138,7 +139,7 @@ func (q BoolQuery) PartitionOrDefault() string { type KeyValueQuery struct { Key string Value string - structs.EnterpriseMeta + acl.EnterpriseMeta } // NamespaceOrDefault exists because structs.EnterpriseMeta uses a pointer @@ -168,8 +169,8 @@ func indexFromKeyValueQuery(arg interface{}) ([]byte, error) { type AuthMethodQuery struct { Value string - AuthMethodEntMeta structs.EnterpriseMeta - structs.EnterpriseMeta + AuthMethodEntMeta acl.EnterpriseMeta + acl.EnterpriseMeta } // NamespaceOrDefault exists because structs.EnterpriseMeta uses a pointer diff --git a/agent/consul/state/query_oss.go b/agent/consul/state/query_oss.go index 04fed3a6b..0f11dce5f 100644 --- a/agent/consul/state/query_oss.go +++ b/agent/consul/state/query_oss.go @@ -7,15 +7,15 @@ import ( "fmt" "strings" - "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/acl" ) func prefixIndexFromQuery(arg interface{}) ([]byte, error) { var b indexBuilder switch v := arg.(type) { - case *structs.EnterpriseMeta: + case *acl.EnterpriseMeta: return nil, nil - case structs.EnterpriseMeta: + case acl.EnterpriseMeta: return nil, nil case Query: if v.Value == "" { diff --git a/agent/consul/state/schema_oss.go b/agent/consul/state/schema_oss.go index 758d22423..ea8e8a43e 100644 --- a/agent/consul/state/schema_oss.go +++ b/agent/consul/state/schema_oss.go @@ -3,12 +3,12 @@ package state -import "github.com/hashicorp/consul/agent/structs" +import "github.com/hashicorp/consul/acl" func partitionedIndexEntryName(entry string, _ string) string { return entry } -func partitionedAndNamespacedIndexEntryName(entry string, _ *structs.EnterpriseMeta) string { +func partitionedAndNamespacedIndexEntryName(entry string, _ *acl.EnterpriseMeta) string { return entry } diff --git a/agent/consul/state/session.go b/agent/consul/state/session.go index 876e67f50..cf2e78b6e 100644 --- a/agent/consul/state/session.go +++ b/agent/consul/state/session.go @@ -8,6 +8,7 @@ import ( "github.com/hashicorp/go-memdb" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" ) @@ -291,7 +292,7 @@ func sessionCreateTxn(tx WriteTxn, idx uint64, sess *structs.Session) error { // SessionGet is used to retrieve an active session from the state store. func (s *Store) SessionGet(ws memdb.WatchSet, - sessionID string, entMeta *structs.EnterpriseMeta) (uint64, *structs.Session, error) { + sessionID string, entMeta *acl.EnterpriseMeta) (uint64, *structs.Session, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -318,7 +319,7 @@ func (s *Store) SessionGet(ws memdb.WatchSet, // NodeSessions returns a set of active sessions associated // with the given node ID. The returned index is the highest // index seen from the result set. -func (s *Store) NodeSessions(ws memdb.WatchSet, nodeID string, entMeta *structs.EnterpriseMeta) (uint64, structs.Sessions, error) { +func (s *Store) NodeSessions(ws memdb.WatchSet, nodeID string, entMeta *acl.EnterpriseMeta) (uint64, structs.Sessions, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -336,7 +337,7 @@ func (s *Store) NodeSessions(ws memdb.WatchSet, nodeID string, entMeta *structs. // SessionDestroy is used to remove an active session. This will // implicitly invalidate the session and invoke the specified // session destroy behavior. -func (s *Store) SessionDestroy(idx uint64, sessionID string, entMeta *structs.EnterpriseMeta) error { +func (s *Store) SessionDestroy(idx uint64, sessionID string, entMeta *acl.EnterpriseMeta) error { tx := s.db.WriteTxn(idx) defer tx.Abort() @@ -350,7 +351,7 @@ func (s *Store) SessionDestroy(idx uint64, sessionID string, entMeta *structs.En // deleteSessionTxn is the inner method, which is used to do the actual // session deletion and handle session invalidation, etc. -func (s *Store) deleteSessionTxn(tx WriteTxn, idx uint64, sessionID string, entMeta *structs.EnterpriseMeta) error { +func (s *Store) deleteSessionTxn(tx WriteTxn, idx uint64, sessionID string, entMeta *acl.EnterpriseMeta) error { // Look up the session. if entMeta == nil { entMeta = structs.DefaultEnterpriseMetaInDefaultPartition() diff --git a/agent/consul/state/session_oss.go b/agent/consul/state/session_oss.go index d313fb5f9..96622387e 100644 --- a/agent/consul/state/session_oss.go +++ b/agent/consul/state/session_oss.go @@ -9,6 +9,7 @@ import ( "github.com/hashicorp/go-memdb" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" ) @@ -121,7 +122,7 @@ func allNodeSessionsTxn(tx ReadTxn, node string, _ string) (structs.Sessions, er } func nodeSessionsTxn(tx ReadTxn, - ws memdb.WatchSet, node string, entMeta *structs.EnterpriseMeta) (structs.Sessions, error) { + ws memdb.WatchSet, node string, entMeta *acl.EnterpriseMeta) (structs.Sessions, error) { sessions, err := tx.Get(tableSessions, indexNode, Query{Value: node}) if err != nil { @@ -136,7 +137,7 @@ func nodeSessionsTxn(tx ReadTxn, return result, nil } -func sessionMaxIndex(tx ReadTxn, entMeta *structs.EnterpriseMeta) uint64 { +func sessionMaxIndex(tx ReadTxn, entMeta *acl.EnterpriseMeta) uint64 { return maxIndexTxn(tx, "sessions") } @@ -161,7 +162,7 @@ func validateSessionChecksTxn(tx ReadTxn, session *structs.Session) error { } // SessionList returns a slice containing all of the active sessions. -func (s *Store) SessionList(ws memdb.WatchSet, entMeta *structs.EnterpriseMeta) (uint64, structs.Sessions, error) { +func (s *Store) SessionList(ws memdb.WatchSet, entMeta *acl.EnterpriseMeta) (uint64, structs.Sessions, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -184,7 +185,7 @@ func (s *Store) SessionList(ws memdb.WatchSet, entMeta *structs.EnterpriseMeta) return idx, result, nil } -func maxIndexTxnSessions(tx *memdb.Txn, _ *structs.EnterpriseMeta) uint64 { +func maxIndexTxnSessions(tx *memdb.Txn, _ *acl.EnterpriseMeta) uint64 { return maxIndexTxn(tx, tableSessions) } diff --git a/agent/consul/state/state_store.go b/agent/consul/state/state_store.go index 2689ac142..39a4371ef 100644 --- a/agent/consul/state/state_store.go +++ b/agent/consul/state/state_store.go @@ -8,6 +8,7 @@ import ( memdb "github.com/hashicorp/go-memdb" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/consul/stream" "github.com/hashicorp/consul/agent/structs" ) @@ -143,7 +144,7 @@ type sessionCheck struct { Session string CheckID structs.CheckID - structs.EnterpriseMeta + acl.EnterpriseMeta } // NewStateStore creates a new in-memory state storage layer. diff --git a/agent/consul/state/state_store_test.go b/agent/consul/state/state_store_test.go index b617e0e46..0047d2531 100644 --- a/agent/consul/state/state_store_test.go +++ b/agent/consul/state/state_store_test.go @@ -9,6 +9,7 @@ import ( "github.com/hashicorp/go-memdb" "github.com/stretchr/testify/require" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/types" ) @@ -229,7 +230,7 @@ func testRegisterConnectNativeService(t *testing.T, s *Store, idx uint64, nodeID require.NoError(t, s.EnsureService(idx, nodeID, svc)) } -func testSetKey(t *testing.T, s *Store, idx uint64, key, value string, entMeta *structs.EnterpriseMeta) { +func testSetKey(t *testing.T, s *Store, idx uint64, key, value string, entMeta *acl.EnterpriseMeta) { entry := &structs.DirEntry{ Key: key, Value: []byte(value), diff --git a/agent/consul/subscribe_backend.go b/agent/consul/subscribe_backend.go index 8dc2d3cb2..94b8671f4 100644 --- a/agent/consul/subscribe_backend.go +++ b/agent/consul/subscribe_backend.go @@ -18,7 +18,7 @@ type subscribeBackend struct { // the endpoints. func (s subscribeBackend) ResolveTokenAndDefaultMeta( token string, - entMeta *structs.EnterpriseMeta, + entMeta *acl.EnterpriseMeta, authzContext *acl.AuthorizerContext, ) (acl.Authorizer, error) { return s.srv.ResolveTokenAndDefaultMeta(token, entMeta, authzContext) diff --git a/agent/consul/txn_endpoint_test.go b/agent/consul/txn_endpoint_test.go index 4f82c98d6..868ea3b81 100644 --- a/agent/consul/txn_endpoint_test.go +++ b/agent/consul/txn_endpoint_test.go @@ -7,9 +7,10 @@ import ( "testing" "time" - msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" "github.com/stretchr/testify/require" + msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" diff --git a/agent/consul/usagemetrics/usagemetrics_oss_test.go b/agent/consul/usagemetrics/usagemetrics_oss_test.go index 5ab34256f..9a25cb0ff 100644 --- a/agent/consul/usagemetrics/usagemetrics_oss_test.go +++ b/agent/consul/usagemetrics/usagemetrics_oss_test.go @@ -12,6 +12,7 @@ import ( "github.com/hashicorp/serf/serf" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/consul/state" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/sdk/testutil" @@ -1028,8 +1029,8 @@ func TestUsageReporter_emitKVUsage_OSS(t *testing.T) { require.NoError(t, s.KVSSet(5, &structs.DirEntry{Key: "b", Value: []byte{1}})) require.NoError(t, s.KVSSet(6, &structs.DirEntry{Key: "c", Value: []byte{1}})) require.NoError(t, s.KVSSet(7, &structs.DirEntry{Key: "d", Value: []byte{1}})) - require.NoError(t, s.KVSDelete(8, "d", &structs.EnterpriseMeta{})) - require.NoError(t, s.KVSDelete(9, "c", &structs.EnterpriseMeta{})) + require.NoError(t, s.KVSDelete(8, "d", &acl.EnterpriseMeta{})) + require.NoError(t, s.KVSDelete(9, "c", &acl.EnterpriseMeta{})) require.NoError(t, s.KVSSet(10, &structs.DirEntry{Key: "e", Value: []byte{1}})) require.NoError(t, s.KVSSet(11, &structs.DirEntry{Key: "f", Value: []byte{1}})) }, diff --git a/agent/delegate_mock_test.go b/agent/delegate_mock_test.go index 36b32f689..5498e5f04 100644 --- a/agent/delegate_mock_test.go +++ b/agent/delegate_mock_test.go @@ -38,16 +38,16 @@ func (m *delegateMock) AgentLocalMember() serf.Member { return m.Called().Get(0).(serf.Member) } -func (m *delegateMock) JoinLAN(addrs []string, entMeta *structs.EnterpriseMeta) (n int, err error) { +func (m *delegateMock) JoinLAN(addrs []string, entMeta *acl.EnterpriseMeta) (n int, err error) { ret := m.Called(addrs, entMeta) return ret.Int(0), ret.Error(1) } -func (m *delegateMock) RemoveFailedNode(node string, prune bool, entMeta *structs.EnterpriseMeta) error { +func (m *delegateMock) RemoveFailedNode(node string, prune bool, entMeta *acl.EnterpriseMeta) error { return m.Called(node, prune, entMeta).Error(0) } -func (m *delegateMock) ResolveTokenAndDefaultMeta(token string, entMeta *structs.EnterpriseMeta, authzContext *acl.AuthorizerContext) (consul.ACLResolveResult, error) { +func (m *delegateMock) ResolveTokenAndDefaultMeta(token string, entMeta *acl.EnterpriseMeta, authzContext *acl.AuthorizerContext) (consul.ACLResolveResult, error) { ret := m.Called(token, entMeta, authzContext) return ret.Get(0).(consul.ACLResolveResult), ret.Error(1) } diff --git a/agent/discovery_chain_endpoint.go b/agent/discovery_chain_endpoint.go index 666841ef3..e9bb63185 100644 --- a/agent/discovery_chain_endpoint.go +++ b/agent/discovery_chain_endpoint.go @@ -7,6 +7,7 @@ import ( "github.com/mitchellh/mapstructure" + "github.com/hashicorp/consul/acl" cachetype "github.com/hashicorp/consul/agent/cache-types" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/lib/decode" @@ -28,7 +29,7 @@ func (s *HTTPHandlers) DiscoveryChainRead(resp http.ResponseWriter, req *http.Re } args.EvaluateInDatacenter = req.URL.Query().Get("compile-dc") - var entMeta structs.EnterpriseMeta + var entMeta acl.EnterpriseMeta if err := s.parseEntMetaNoWildcard(req, &entMeta); err != nil { return nil, err } diff --git a/agent/dns.go b/agent/dns.go index 1deda3ebd..a973056a1 100644 --- a/agent/dns.go +++ b/agent/dns.go @@ -19,6 +19,7 @@ import ( "github.com/hashicorp/go-hclog" "github.com/miekg/dns" + "github.com/hashicorp/consul/acl" cachetype "github.com/hashicorp/consul/agent/cache-types" "github.com/hashicorp/consul/agent/config" agentdns "github.com/hashicorp/consul/agent/dns" @@ -103,7 +104,7 @@ type serviceLookup struct { MaxRecursionLevel int Connect bool Ingress bool - structs.EnterpriseMeta + acl.EnterpriseMeta } // DNSServer is used to wrap an Agent and expose various @@ -123,7 +124,7 @@ type DNSServer struct { // the recursor handler is only enabled if recursors are configured. This flag is used during config hot-reloading recursorEnabled uint32 - defaultEnterpriseMeta structs.EnterpriseMeta + defaultEnterpriseMeta acl.EnterpriseMeta } func NewDNSServer(a *Agent) (*DNSServer, error) { @@ -344,7 +345,7 @@ func serviceNodeCanonicalDNSName(sn *structs.ServiceNode, domain string) string return serviceCanonicalDNSName(sn.ServiceName, "service", sn.Datacenter, domain, &sn.EnterpriseMeta) } -func serviceIngressDNSName(service, datacenter, domain string, entMeta *structs.EnterpriseMeta) string { +func serviceIngressDNSName(service, datacenter, domain string, entMeta *acl.EnterpriseMeta) string { return serviceCanonicalDNSName(service, "ingress", datacenter, domain, entMeta) } diff --git a/agent/dns_oss.go b/agent/dns_oss.go index 1328195c8..9476e810f 100644 --- a/agent/dns_oss.go +++ b/agent/dns_oss.go @@ -6,8 +6,8 @@ package agent import ( "fmt" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/config" - "github.com/hashicorp/consul/agent/structs" ) type enterpriseDNSConfig struct{} @@ -16,7 +16,7 @@ func getEnterpriseDNSConfig(conf *config.RuntimeConfig) enterpriseDNSConfig { return enterpriseDNSConfig{} } -func (d *DNSServer) parseDatacenterAndEnterpriseMeta(labels []string, _ *dnsConfig, datacenter *string, _ *structs.EnterpriseMeta) bool { +func (d *DNSServer) parseDatacenterAndEnterpriseMeta(labels []string, _ *dnsConfig, datacenter *string, _ *acl.EnterpriseMeta) bool { switch len(labels) { case 1: *datacenter = labels[0] @@ -27,6 +27,6 @@ func (d *DNSServer) parseDatacenterAndEnterpriseMeta(labels []string, _ *dnsConf return false } -func serviceCanonicalDNSName(name, kind, datacenter, domain string, _ *structs.EnterpriseMeta) string { +func serviceCanonicalDNSName(name, kind, datacenter, domain string, _ *acl.EnterpriseMeta) string { return fmt.Sprintf("%s.%s.%s.%s", name, kind, datacenter, domain) } diff --git a/agent/grpc/private/services/subscribe/subscribe.go b/agent/grpc/private/services/subscribe/subscribe.go index 18372b200..c1b2f7e2d 100644 --- a/agent/grpc/private/services/subscribe/subscribe.go +++ b/agent/grpc/private/services/subscribe/subscribe.go @@ -36,7 +36,7 @@ type Logger interface { var _ pbsubscribe.StateChangeSubscriptionServer = (*Server)(nil) type Backend interface { - ResolveTokenAndDefaultMeta(token string, entMeta *structs.EnterpriseMeta, authzContext *acl.AuthorizerContext) (acl.Authorizer, error) + ResolveTokenAndDefaultMeta(token string, entMeta *acl.EnterpriseMeta, authzContext *acl.AuthorizerContext) (acl.Authorizer, error) Forward(info structs.RPCInfo, f func(*grpc.ClientConn) error) (handled bool, err error) Subscribe(req *stream.SubscribeRequest) (*stream.Subscription, error) } @@ -51,7 +51,7 @@ func (h *Server) Subscribe(req *pbsubscribe.SubscribeRequest, serverStream pbsub logger.Trace("new subscription") defer logger.Trace("subscription closed") - entMeta := structs.NewEnterpriseMetaWithPartition(req.Partition, req.Namespace) + entMeta := acl.NewEnterpriseMetaWithPartition(req.Partition, req.Namespace) authz, err := h.Backend.ResolveTokenAndDefaultMeta(req.Token, &entMeta, nil) if err != nil { return err @@ -91,7 +91,7 @@ func (h *Server) Subscribe(req *pbsubscribe.SubscribeRequest, serverStream pbsub } } -func toStreamSubscribeRequest(req *pbsubscribe.SubscribeRequest, entMeta structs.EnterpriseMeta) *stream.SubscribeRequest { +func toStreamSubscribeRequest(req *pbsubscribe.SubscribeRequest, entMeta acl.EnterpriseMeta) *stream.SubscribeRequest { return &stream.SubscribeRequest{ Topic: req.Topic, Subject: state.EventSubjectService{ diff --git a/agent/grpc/private/services/subscribe/subscribe_test.go b/agent/grpc/private/services/subscribe/subscribe_test.go index a5a47a077..d9d8d162d 100644 --- a/agent/grpc/private/services/subscribe/subscribe_test.go +++ b/agent/grpc/private/services/subscribe/subscribe_test.go @@ -313,13 +313,13 @@ func getEvent(t *testing.T, ch chan eventOrError) *pbsubscribe.Event { type testBackend struct { store *state.Store - authorizer func(token string, entMeta *structs.EnterpriseMeta) acl.Authorizer + authorizer func(token string, entMeta *acl.EnterpriseMeta) acl.Authorizer forwardConn *gogrpc.ClientConn } func (b testBackend) ResolveTokenAndDefaultMeta( token string, - entMeta *structs.EnterpriseMeta, + entMeta *acl.EnterpriseMeta, _ *acl.AuthorizerContext, ) (acl.Authorizer, error) { return b.authorizer(token, entMeta), nil @@ -342,7 +342,7 @@ func newTestBackend() (*testBackend, error) { return nil, err } store := state.NewStateStoreWithEventPublisher(gc) - allowAll := func(string, *structs.EnterpriseMeta) acl.Authorizer { + allowAll := func(string, *acl.EnterpriseMeta) acl.Authorizer { return acl.AllowAll() } return &testBackend{store: store, authorizer: allowAll}, nil @@ -663,7 +663,7 @@ node "node1" { require.Equal(t, acl.Deny, authorizer.NodeRead("denied", nil)) // TODO: is there any easy way to do this with the acl package? - backend.authorizer = func(tok string, _ *structs.EnterpriseMeta) acl.Authorizer { + backend.authorizer = func(tok string, _ *acl.EnterpriseMeta) acl.Authorizer { if tok == token { return authorizer } @@ -859,7 +859,7 @@ node "node1" { require.Equal(t, acl.Deny, authorizer.NodeRead("denied", nil)) // TODO: is there any easy way to do this with the acl package? - backend.authorizer = func(tok string, _ *structs.EnterpriseMeta) acl.Authorizer { + backend.authorizer = func(tok string, _ *acl.EnterpriseMeta) acl.Authorizer { if tok == token { return authorizer } diff --git a/agent/grpc/public/services/connectca/mock_ACLResolver.go b/agent/grpc/public/services/connectca/mock_ACLResolver.go index bbc462c44..6b6a6a771 100644 --- a/agent/grpc/public/services/connectca/mock_ACLResolver.go +++ b/agent/grpc/public/services/connectca/mock_ACLResolver.go @@ -3,10 +3,9 @@ package connectca import ( - acl "github.com/hashicorp/consul/acl" mock "github.com/stretchr/testify/mock" - structs "github.com/hashicorp/consul/agent/structs" + acl "github.com/hashicorp/consul/acl" ) // MockACLResolver is an autogenerated mock type for the ACLResolver type @@ -15,11 +14,11 @@ type MockACLResolver struct { } // ResolveTokenAndDefaultMeta provides a mock function with given fields: _a0, _a1, _a2 -func (_m *MockACLResolver) ResolveTokenAndDefaultMeta(_a0 string, _a1 *structs.EnterpriseMeta, _a2 *acl.AuthorizerContext) (acl.Authorizer, error) { +func (_m *MockACLResolver) ResolveTokenAndDefaultMeta(_a0 string, _a1 *acl.EnterpriseMeta, _a2 *acl.AuthorizerContext) (acl.Authorizer, error) { ret := _m.Called(_a0, _a1, _a2) var r0 acl.Authorizer - if rf, ok := ret.Get(0).(func(string, *structs.EnterpriseMeta, *acl.AuthorizerContext) acl.Authorizer); ok { + if rf, ok := ret.Get(0).(func(string, *acl.EnterpriseMeta, *acl.AuthorizerContext) acl.Authorizer); ok { r0 = rf(_a0, _a1, _a2) } else { if ret.Get(0) != nil { @@ -28,7 +27,7 @@ func (_m *MockACLResolver) ResolveTokenAndDefaultMeta(_a0 string, _a1 *structs.E } var r1 error - if rf, ok := ret.Get(1).(func(string, *structs.EnterpriseMeta, *acl.AuthorizerContext) error); ok { + if rf, ok := ret.Get(1).(func(string, *acl.EnterpriseMeta, *acl.AuthorizerContext) error); ok { r1 = rf(_a0, _a1, _a2) } else { r1 = ret.Error(1) diff --git a/agent/grpc/public/services/connectca/server.go b/agent/grpc/public/services/connectca/server.go index 64bced2dd..002f8e344 100644 --- a/agent/grpc/public/services/connectca/server.go +++ b/agent/grpc/public/services/connectca/server.go @@ -30,7 +30,7 @@ type StateStore interface { //go:generate mockery -name ACLResolver -inpkg type ACLResolver interface { - ResolveTokenAndDefaultMeta(string, *structs.EnterpriseMeta, *acl.AuthorizerContext) (acl.Authorizer, error) + ResolveTokenAndDefaultMeta(string, *acl.EnterpriseMeta, *acl.AuthorizerContext) (acl.Authorizer, error) } func NewServer(cfg Config) *Server { diff --git a/agent/grpc/public/services/dataplane/get_supported_features.go b/agent/grpc/public/services/dataplane/get_supported_features.go index 672e48f66..f9a817190 100644 --- a/agent/grpc/public/services/dataplane/get_supported_features.go +++ b/agent/grpc/public/services/dataplane/get_supported_features.go @@ -3,12 +3,13 @@ package dataplane import ( "context" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/status" + acl "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/grpc/public" structs "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/proto-public/pbdataplane" - "google.golang.org/grpc/codes" - "google.golang.org/grpc/status" ) func (d *Server) SupportedDataplaneFeatures(ctx context.Context, req *pbdataplane.SupportedDataplaneFeaturesRequest) (*pbdataplane.SupportedDataplaneFeaturesResponse, error) { diff --git a/agent/grpc/public/services/dataplane/get_supported_features_test.go b/agent/grpc/public/services/dataplane/get_supported_features_test.go index 2b3c5e76d..36ac7400c 100644 --- a/agent/grpc/public/services/dataplane/get_supported_features_test.go +++ b/agent/grpc/public/services/dataplane/get_supported_features_test.go @@ -4,15 +4,16 @@ import ( "context" "testing" - "github.com/hashicorp/consul/acl" - "github.com/hashicorp/consul/agent/grpc/public" - "github.com/hashicorp/consul/agent/grpc/public/testutils" - "github.com/hashicorp/consul/proto-public/pbdataplane" "github.com/hashicorp/go-hclog" mock "github.com/stretchr/testify/mock" "github.com/stretchr/testify/require" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" + + "github.com/hashicorp/consul/acl" + "github.com/hashicorp/consul/agent/grpc/public" + "github.com/hashicorp/consul/agent/grpc/public/testutils" + "github.com/hashicorp/consul/proto-public/pbdataplane" ) const testACLToken = "acl-token" diff --git a/agent/grpc/public/services/dataplane/mock_ACLResolver.go b/agent/grpc/public/services/dataplane/mock_ACLResolver.go index 364e17e66..39d4b5477 100644 --- a/agent/grpc/public/services/dataplane/mock_ACLResolver.go +++ b/agent/grpc/public/services/dataplane/mock_ACLResolver.go @@ -3,10 +3,9 @@ package dataplane import ( - acl "github.com/hashicorp/consul/acl" mock "github.com/stretchr/testify/mock" - structs "github.com/hashicorp/consul/agent/structs" + acl "github.com/hashicorp/consul/acl" ) // MockACLResolver is an autogenerated mock type for the ACLResolver type @@ -15,11 +14,11 @@ type MockACLResolver struct { } // ResolveTokenAndDefaultMeta provides a mock function with given fields: _a0, _a1, _a2 -func (_m *MockACLResolver) ResolveTokenAndDefaultMeta(_a0 string, _a1 *structs.EnterpriseMeta, _a2 *acl.AuthorizerContext) (acl.Authorizer, error) { +func (_m *MockACLResolver) ResolveTokenAndDefaultMeta(_a0 string, _a1 *acl.EnterpriseMeta, _a2 *acl.AuthorizerContext) (acl.Authorizer, error) { ret := _m.Called(_a0, _a1, _a2) var r0 acl.Authorizer - if rf, ok := ret.Get(0).(func(string, *structs.EnterpriseMeta, *acl.AuthorizerContext) acl.Authorizer); ok { + if rf, ok := ret.Get(0).(func(string, *acl.EnterpriseMeta, *acl.AuthorizerContext) acl.Authorizer); ok { r0 = rf(_a0, _a1, _a2) } else { if ret.Get(0) != nil { @@ -28,7 +27,7 @@ func (_m *MockACLResolver) ResolveTokenAndDefaultMeta(_a0 string, _a1 *structs.E } var r1 error - if rf, ok := ret.Get(1).(func(string, *structs.EnterpriseMeta, *acl.AuthorizerContext) error); ok { + if rf, ok := ret.Get(1).(func(string, *acl.EnterpriseMeta, *acl.AuthorizerContext) error); ok { r1 = rf(_a0, _a1, _a2) } else { r1 = ret.Error(1) diff --git a/agent/grpc/public/services/dataplane/server.go b/agent/grpc/public/services/dataplane/server.go index 90a050e22..6c05a0d08 100644 --- a/agent/grpc/public/services/dataplane/server.go +++ b/agent/grpc/public/services/dataplane/server.go @@ -1,11 +1,11 @@ package dataplane import ( - "github.com/hashicorp/consul/acl" - "github.com/hashicorp/consul/agent/structs" - "github.com/hashicorp/consul/proto-public/pbdataplane" "github.com/hashicorp/go-hclog" "google.golang.org/grpc" + + "github.com/hashicorp/consul/acl" + "github.com/hashicorp/consul/proto-public/pbdataplane" ) type Server struct { @@ -19,7 +19,7 @@ type Config struct { //go:generate mockery -name ACLResolver -inpkg type ACLResolver interface { - ResolveTokenAndDefaultMeta(string, *structs.EnterpriseMeta, *acl.AuthorizerContext) (acl.Authorizer, error) + ResolveTokenAndDefaultMeta(string, *acl.EnterpriseMeta, *acl.AuthorizerContext) (acl.Authorizer, error) } func NewServer(cfg Config) *Server { diff --git a/agent/grpc/public/testutils/acl.go b/agent/grpc/public/testutils/acl.go index 0c640d266..3bea248ba 100644 --- a/agent/grpc/public/testutils/acl.go +++ b/agent/grpc/public/testutils/acl.go @@ -3,8 +3,9 @@ package testutils import ( "testing" - "github.com/hashicorp/consul/acl" "github.com/stretchr/testify/require" + + "github.com/hashicorp/consul/acl" ) func TestAuthorizer(t *testing.T) acl.Authorizer { diff --git a/agent/http_oss.go b/agent/http_oss.go index 797070ea1..c14c31d8d 100644 --- a/agent/http_oss.go +++ b/agent/http_oss.go @@ -8,10 +8,11 @@ import ( "net/http" "strings" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" ) -func (s *HTTPHandlers) parseEntMeta(req *http.Request, entMeta *structs.EnterpriseMeta) error { +func (s *HTTPHandlers) parseEntMeta(req *http.Request, entMeta *acl.EnterpriseMeta) error { if headerNS := req.Header.Get("X-Consul-Namespace"); headerNS != "" { return BadRequestError{Reason: "Invalid header: \"X-Consul-Namespace\" - Namespaces are a Consul Enterprise feature"} } @@ -46,7 +47,7 @@ func (s *HTTPHandlers) validateEnterpriseIntentionNamespace(logName, ns string, return BadRequestError{Reason: "Invalid " + logName + "(" + ns + ")" + ": Namespaces is a Consul Enterprise feature"} } -func (s *HTTPHandlers) parseEntMetaNoWildcard(req *http.Request, _ *structs.EnterpriseMeta) error { +func (s *HTTPHandlers) parseEntMetaNoWildcard(req *http.Request, _ *acl.EnterpriseMeta) error { return s.parseEntMeta(req, nil) } @@ -88,7 +89,7 @@ func (s *HTTPHandlers) uiTemplateDataTransform(data map[string]interface{}) erro return nil } -func (s *HTTPHandlers) parseEntMetaPartition(req *http.Request, meta *structs.EnterpriseMeta) error { +func (s *HTTPHandlers) parseEntMetaPartition(req *http.Request, meta *acl.EnterpriseMeta) error { if headerAP := req.Header.Get("X-Consul-Partition"); headerAP != "" { return BadRequestError{Reason: "Invalid header: \"X-Consul-Partition\" - Partitions are a Consul Enterprise feature"} } diff --git a/agent/intentions_endpoint.go b/agent/intentions_endpoint.go index 4c326b4f1..b99911f7f 100644 --- a/agent/intentions_endpoint.go +++ b/agent/intentions_endpoint.go @@ -5,6 +5,7 @@ import ( "net/http" "strings" + "github.com/hashicorp/consul/acl" cachetype "github.com/hashicorp/consul/agent/cache-types" "github.com/hashicorp/consul/agent/consul" "github.com/hashicorp/consul/agent/structs" @@ -51,11 +52,11 @@ func (s *HTTPHandlers) IntentionList(resp http.ResponseWriter, req *http.Request func (s *HTTPHandlers) IntentionCreate(resp http.ResponseWriter, req *http.Request) (interface{}, error) { // Method is tested in IntentionEndpoint - var entMeta structs.EnterpriseMeta + var entMeta acl.EnterpriseMeta if err := s.parseEntMetaNoWildcard(req, &entMeta); err != nil { return nil, err } - if entMeta.PartitionOrDefault() != structs.PartitionOrDefault("") { + if entMeta.PartitionOrDefault() != acl.PartitionOrDefault("") { return nil, BadRequestError{Reason: "Cannot use a partition with this endpoint"} } @@ -114,7 +115,7 @@ func (s *HTTPHandlers) IntentionMatch(resp http.ResponseWriter, req *http.Reques return nil, nil } - var entMeta structs.EnterpriseMeta + var entMeta acl.EnterpriseMeta if err := s.parseEntMetaNoWildcard(req, &entMeta); err != nil { return nil, err } @@ -207,7 +208,7 @@ func (s *HTTPHandlers) IntentionCheck(resp http.ResponseWriter, req *http.Reques return nil, nil } - var entMeta structs.EnterpriseMeta + var entMeta acl.EnterpriseMeta if err := s.parseEntMetaNoWildcard(req, &entMeta); err != nil { return nil, err } @@ -275,7 +276,7 @@ func (s *HTTPHandlers) IntentionExact(resp http.ResponseWriter, req *http.Reques // GET /v1/connect/intentions/exact func (s *HTTPHandlers) IntentionGetExact(resp http.ResponseWriter, req *http.Request) (interface{}, error) { - var entMeta structs.EnterpriseMeta + var entMeta acl.EnterpriseMeta if err := s.parseEntMetaNoWildcard(req, &entMeta); err != nil { return nil, err } @@ -349,7 +350,7 @@ func (s *HTTPHandlers) IntentionGetExact(resp http.ResponseWriter, req *http.Req // PUT /v1/connect/intentions/exact func (s *HTTPHandlers) IntentionPutExact(resp http.ResponseWriter, req *http.Request) (interface{}, error) { - var entMeta structs.EnterpriseMeta + var entMeta acl.EnterpriseMeta if err := s.parseEntMetaNoWildcard(req, &entMeta); err != nil { return nil, err } @@ -391,7 +392,7 @@ func (s *HTTPHandlers) IntentionPutExact(resp http.ResponseWriter, req *http.Req // DELETE /v1/connect/intentions/exact func (s *HTTPHandlers) IntentionDeleteExact(resp http.ResponseWriter, req *http.Request) (interface{}, error) { - var entMeta structs.EnterpriseMeta + var entMeta acl.EnterpriseMeta if err := s.parseEntMetaNoWildcard(req, &entMeta); err != nil { return nil, err } @@ -427,7 +428,7 @@ func (s *HTTPHandlers) IntentionDeleteExact(resp http.ResponseWriter, req *http. // intentionCreateResponse is the response structure for creating an intention. type intentionCreateResponse struct{ ID string } -func parseIntentionQueryExact(req *http.Request, entMeta *structs.EnterpriseMeta) (*structs.IntentionQueryExact, error) { +func parseIntentionQueryExact(req *http.Request, entMeta *acl.EnterpriseMeta) (*structs.IntentionQueryExact, error) { q := req.URL.Query() // Extract the source/destination @@ -464,7 +465,7 @@ func parseIntentionQueryExact(req *http.Request, entMeta *structs.EnterpriseMeta return &exact, nil } -func parseIntentionStringComponent(input string, entMeta *structs.EnterpriseMeta) (string, string, string, error) { +func parseIntentionStringComponent(input string, entMeta *acl.EnterpriseMeta) (string, string, string, error) { ss := strings.Split(input, "/") switch len(ss) { case 1: // Name only @@ -547,11 +548,11 @@ func (s *HTTPHandlers) IntentionSpecificGet(id string, resp http.ResponseWriter, func (s *HTTPHandlers) IntentionSpecificUpdate(id string, resp http.ResponseWriter, req *http.Request) (interface{}, error) { // Method is tested in IntentionEndpoint - var entMeta structs.EnterpriseMeta + var entMeta acl.EnterpriseMeta if err := s.parseEntMetaNoWildcard(req, &entMeta); err != nil { return nil, err } - if entMeta.PartitionOrDefault() != structs.PartitionOrDefault("") { + if entMeta.PartitionOrDefault() != acl.PartitionOrDefault("") { return nil, BadRequestError{Reason: "Cannot use a partition with this endpoint"} } diff --git a/agent/intentions_endpoint_test.go b/agent/intentions_endpoint_test.go index 5b7965c5c..62190cf9b 100644 --- a/agent/intentions_endpoint_test.go +++ b/agent/intentions_endpoint_test.go @@ -9,6 +9,7 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/sdk/testutil" "github.com/hashicorp/consul/testrpc" @@ -786,7 +787,7 @@ func TestParseIntentionStringComponent(t *testing.T) { for _, tc := range cases { t.Run(tc.TestName, func(t *testing.T) { - var entMeta structs.EnterpriseMeta + var entMeta acl.EnterpriseMeta ap, ns, name, err := parseIntentionStringComponent(tc.Input, &entMeta) if tc.Err { require.Error(t, err) diff --git a/agent/local/state.go b/agent/local/state.go index e0bc8ae11..9a2e00a94 100644 --- a/agent/local/state.go +++ b/agent/local/state.go @@ -154,7 +154,7 @@ func (c *CheckState) CriticalFor() time.Duration { type rpc interface { RPC(method string, args interface{}, reply interface{}) error - ResolveTokenAndDefaultMeta(token string, entMeta *structs.EnterpriseMeta, authzContext *acl.AuthorizerContext) (consul.ACLResolveResult, error) + ResolveTokenAndDefaultMeta(token string, entMeta *acl.EnterpriseMeta, authzContext *acl.AuthorizerContext) (consul.ACLResolveResult, error) } // State is used to represent the node's services, @@ -181,7 +181,7 @@ type State struct { // Config is the agent config config Config - agentEnterpriseMeta structs.EnterpriseMeta + agentEnterpriseMeta acl.EnterpriseMeta // nodeInfoInSync tracks whether the server has our correct top-level // node information in sync @@ -411,11 +411,11 @@ func (l *State) AllServices() map[structs.ServiceID]*structs.NodeService { // and are being kept in sync with the server // // Results are scoped to the provided namespace and partition. -func (l *State) Services(entMeta *structs.EnterpriseMeta) map[structs.ServiceID]*structs.NodeService { +func (l *State) Services(entMeta *acl.EnterpriseMeta) map[structs.ServiceID]*structs.NodeService { return l.listServices(true, entMeta) } -func (l *State) listServices(filtered bool, entMeta *structs.EnterpriseMeta) map[structs.ServiceID]*structs.NodeService { +func (l *State) listServices(filtered bool, entMeta *acl.EnterpriseMeta) map[structs.ServiceID]*structs.NodeService { l.RLock() defer l.RUnlock() @@ -487,7 +487,7 @@ func (l *State) setServiceStateLocked(s *ServiceState) { // ServiceStates returns a shallow copy of all service state records. // The service record still points to the original service record and // must not be modified. -func (l *State) ServiceStates(entMeta *structs.EnterpriseMeta) map[structs.ServiceID]*ServiceState { +func (l *State) ServiceStates(entMeta *acl.EnterpriseMeta) map[structs.ServiceID]*ServiceState { l.RLock() defer l.RUnlock() @@ -553,7 +553,7 @@ func (l *State) addCheckLocked(check *structs.HealthCheck, token string) error { // hard-set the node name and partition check.Node = l.config.NodeName - check.EnterpriseMeta = structs.NewEnterpriseMetaWithPartition( + check.EnterpriseMeta = acl.NewEnterpriseMetaWithPartition( l.agentEnterpriseMeta.PartitionOrEmpty(), check.NamespaceOrEmpty(), ) @@ -752,11 +752,11 @@ func (l *State) AllChecks() map[structs.CheckID]*structs.HealthCheck { // agent is aware of and are being kept in sync with the server // // Results are scoped to the provided namespace and partition. -func (l *State) Checks(entMeta *structs.EnterpriseMeta) map[structs.CheckID]*structs.HealthCheck { +func (l *State) Checks(entMeta *acl.EnterpriseMeta) map[structs.CheckID]*structs.HealthCheck { return l.listChecks(true, entMeta) } -func (l *State) listChecks(filtered bool, entMeta *structs.EnterpriseMeta) map[structs.CheckID]*structs.HealthCheck { +func (l *State) listChecks(filtered bool, entMeta *acl.EnterpriseMeta) map[structs.CheckID]*structs.HealthCheck { m := make(map[structs.CheckID]*structs.HealthCheck) for id, c := range l.listCheckStates(filtered, entMeta) { m[id] = c.Check @@ -846,11 +846,11 @@ func (l *State) AllCheckStates() map[structs.CheckID]*CheckState { // The defer timers still point to the original values and must not be modified. // // Results are scoped to the provided namespace and partition. -func (l *State) CheckStates(entMeta *structs.EnterpriseMeta) map[structs.CheckID]*CheckState { +func (l *State) CheckStates(entMeta *acl.EnterpriseMeta) map[structs.CheckID]*CheckState { return l.listCheckStates(true, entMeta) } -func (l *State) listCheckStates(filtered bool, entMeta *structs.EnterpriseMeta) map[structs.CheckID]*CheckState { +func (l *State) listCheckStates(filtered bool, entMeta *acl.EnterpriseMeta) map[structs.CheckID]*CheckState { l.RLock() defer l.RUnlock() @@ -883,11 +883,11 @@ func (l *State) AllCriticalCheckStates() map[structs.CheckID]*CheckState { // The defer timers still point to the original values and must not be modified. // // Results are scoped to the provided namespace and partition. -func (l *State) CriticalCheckStates(entMeta *structs.EnterpriseMeta) map[structs.CheckID]*CheckState { +func (l *State) CriticalCheckStates(entMeta *acl.EnterpriseMeta) map[structs.CheckID]*CheckState { return l.listCriticalCheckStates(true, entMeta) } -func (l *State) listCriticalCheckStates(filtered bool, entMeta *structs.EnterpriseMeta) map[structs.CheckID]*CheckState { +func (l *State) listCriticalCheckStates(filtered bool, entMeta *acl.EnterpriseMeta) map[structs.CheckID]*CheckState { l.RLock() defer l.RUnlock() diff --git a/agent/local/state_test.go b/agent/local/state_test.go index be4cb6aa4..c75d0234c 100644 --- a/agent/local/state_test.go +++ b/agent/local/state_test.go @@ -2156,7 +2156,7 @@ func TestAgent_sendCoordinate(t *testing.T) { }) } -func servicesInSync(state *local.State, wantServices int, entMeta *structs.EnterpriseMeta) error { +func servicesInSync(state *local.State, wantServices int, entMeta *acl.EnterpriseMeta) error { services := state.ServiceStates(entMeta) if got, want := len(services), wantServices; got != want { return fmt.Errorf("got %d services want %d", got, want) @@ -2169,7 +2169,7 @@ func servicesInSync(state *local.State, wantServices int, entMeta *structs.Enter return nil } -func checksInSync(state *local.State, wantChecks int, entMeta *structs.EnterpriseMeta) error { +func checksInSync(state *local.State, wantChecks int, entMeta *acl.EnterpriseMeta) error { checks := state.CheckStates(entMeta) if got, want := len(checks), wantChecks; got != want { return fmt.Errorf("got %d checks want %d", got, want) @@ -2421,6 +2421,6 @@ func (f *fakeRPC) RPC(method string, args interface{}, reply interface{}) error return nil } -func (f *fakeRPC) ResolveTokenAndDefaultMeta(string, *structs.EnterpriseMeta, *acl.AuthorizerContext) (consul.ACLResolveResult, error) { +func (f *fakeRPC) ResolveTokenAndDefaultMeta(string, *acl.EnterpriseMeta, *acl.AuthorizerContext) (consul.ACLResolveResult, error) { return consul.ACLResolveResult{}, nil } diff --git a/agent/operator_endpoint.go b/agent/operator_endpoint.go index e43302aef..4a33497a8 100644 --- a/agent/operator_endpoint.go +++ b/agent/operator_endpoint.go @@ -10,6 +10,7 @@ import ( "github.com/hashicorp/raft" autopilot "github.com/hashicorp/raft-autopilot" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" ) @@ -175,7 +176,7 @@ func keyringErrorsOrNil(responses []*structs.KeyringResponse) error { } if response.Segment != "" { pool += " [segment: " + response.Segment + "]" - } else if !structs.IsDefaultPartition(response.Partition) { + } else if !acl.IsDefaultPartition(response.Partition) { pool += " [partition: " + response.Partition + "]" } errs = multierror.Append(errs, fmt.Errorf("%s error: %s", pool, response.Error)) diff --git a/agent/proxycfg/manager_test.go b/agent/proxycfg/manager_test.go index 61454a074..9b6289703 100644 --- a/agent/proxycfg/manager_test.go +++ b/agent/proxycfg/manager_test.go @@ -10,6 +10,7 @@ import ( "github.com/stretchr/testify/require" "golang.org/x/time/rate" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/cache" cachetype "github.com/hashicorp/consul/agent/cache-types" "github.com/hashicorp/consul/agent/connect" @@ -251,7 +252,7 @@ func TestManager_BasicLifecycle(t *testing.T) { IntentionsSet: true, }, Datacenter: "dc1", - Locality: GatewayKey{Datacenter: "dc1", Partition: structs.PartitionOrDefault("")}, + Locality: GatewayKey{Datacenter: "dc1", Partition: acl.PartitionOrDefault("")}, }, }, { @@ -311,7 +312,7 @@ func TestManager_BasicLifecycle(t *testing.T) { IntentionsSet: true, }, Datacenter: "dc1", - Locality: GatewayKey{Datacenter: "dc1", Partition: structs.PartitionOrDefault("")}, + Locality: GatewayKey{Datacenter: "dc1", Partition: acl.PartitionOrDefault("")}, }, }, } diff --git a/agent/proxycfg/naming.go b/agent/proxycfg/naming.go index 5a5f20975..e222c8fe3 100644 --- a/agent/proxycfg/naming.go +++ b/agent/proxycfg/naming.go @@ -3,6 +3,7 @@ package proxycfg import ( "strings" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" ) @@ -10,7 +11,7 @@ type UpstreamID struct { Type string Name string Datacenter string - structs.EnterpriseMeta + acl.EnterpriseMeta } func NewUpstreamID(u *structs.Upstream) UpstreamID { @@ -18,7 +19,7 @@ func NewUpstreamID(u *structs.Upstream) UpstreamID { Type: u.DestinationType, Name: u.DestinationName, Datacenter: u.Datacenter, - EnterpriseMeta: structs.NewEnterpriseMetaWithPartition( + EnterpriseMeta: acl.NewEnterpriseMetaWithPartition( u.DestinationPartition, u.DestinationNamespace, ), @@ -57,7 +58,7 @@ func NewUpstreamIDFromTargetID(tid string) UpstreamID { id := UpstreamID{ Name: split[0], - EnterpriseMeta: structs.NewEnterpriseMetaWithPartition(split[2], split[1]), + EnterpriseMeta: acl.NewEnterpriseMetaWithPartition(split[2], split[1]), Datacenter: split[3], } id.normalize() @@ -96,7 +97,7 @@ func UpstreamIDFromString(input string) UpstreamID { const upstreamTypePreparedQueryPrefix = structs.UpstreamDestTypePreparedQuery + ":" -func ParseUpstreamIDString(input string) (typ, dc, name string, meta *structs.EnterpriseMeta) { +func ParseUpstreamIDString(input string) (typ, dc, name string, meta *acl.EnterpriseMeta) { if strings.HasPrefix(input, upstreamTypePreparedQueryPrefix) { typ = structs.UpstreamDestTypePreparedQuery input = strings.TrimPrefix(input, upstreamTypePreparedQueryPrefix) diff --git a/agent/proxycfg/naming_oss.go b/agent/proxycfg/naming_oss.go index bbcf1d0e8..2ba2d9996 100644 --- a/agent/proxycfg/naming_oss.go +++ b/agent/proxycfg/naming_oss.go @@ -4,10 +4,11 @@ package proxycfg import ( + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" ) -func UpstreamIDString(typ, dc, name string, _ *structs.EnterpriseMeta) string { +func UpstreamIDString(typ, dc, name string, _ *acl.EnterpriseMeta) string { ret := name if dc != "" { @@ -21,7 +22,7 @@ func UpstreamIDString(typ, dc, name string, _ *structs.EnterpriseMeta) string { return typ + ":" + ret } -func parseInnerUpstreamIDString(input string) (string, *structs.EnterpriseMeta) { +func parseInnerUpstreamIDString(input string) (string, *acl.EnterpriseMeta) { return input, structs.DefaultEnterpriseMetaInDefaultPartition() } diff --git a/agent/proxycfg/snapshot.go b/agent/proxycfg/snapshot.go index cebf0b2e9..7cf669a89 100644 --- a/agent/proxycfg/snapshot.go +++ b/agent/proxycfg/snapshot.go @@ -86,7 +86,7 @@ type GatewayKey struct { func (k GatewayKey) String() string { resp := k.Datacenter - if !structs.IsDefaultPartition(k.Partition) { + if !acl.IsDefaultPartition(k.Partition) { resp = k.Partition + "." + resp } return resp @@ -97,7 +97,7 @@ func (k GatewayKey) IsEmpty() bool { } func (k GatewayKey) Matches(dc, partition string) bool { - return structs.EqualPartitions(k.Partition, partition) && k.Datacenter == dc + return acl.EqualPartitions(k.Partition, partition) && k.Datacenter == dc } func gatewayKeyFromString(s string) GatewayKey { diff --git a/agent/proxycfg/state_test.go b/agent/proxycfg/state_test.go index 5a88c2880..29004eeaf 100644 --- a/agent/proxycfg/state_test.go +++ b/agent/proxycfg/state_test.go @@ -10,6 +10,7 @@ import ( "github.com/hashicorp/go-hclog" "github.com/stretchr/testify/require" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/cache" cachetype "github.com/hashicorp/consul/agent/cache-types" "github.com/hashicorp/consul/agent/consul/discoverychain" @@ -2581,7 +2582,7 @@ func Test_hostnameEndpoints(t *testing.T) { cases := []testCase{ { name: "same locality and no LAN hostname endpoints", - localKey: GatewayKey{Datacenter: "dc1", Partition: structs.PartitionOrDefault("")}, + localKey: GatewayKey{Datacenter: "dc1", Partition: acl.PartitionOrDefault("")}, nodes: structs.CheckServiceNodes{ { Node: &structs.Node{ @@ -2608,7 +2609,7 @@ func Test_hostnameEndpoints(t *testing.T) { }, { name: "same locality and one LAN hostname endpoint", - localKey: GatewayKey{Datacenter: "dc1", Partition: structs.PartitionOrDefault("")}, + localKey: GatewayKey{Datacenter: "dc1", Partition: acl.PartitionOrDefault("")}, nodes: structs.CheckServiceNodes{ { Node: &structs.Node{ @@ -2646,7 +2647,7 @@ func Test_hostnameEndpoints(t *testing.T) { }, { name: "different locality and one WAN hostname endpoint", - localKey: GatewayKey{Datacenter: "dc2", Partition: structs.PartitionOrDefault("")}, + localKey: GatewayKey{Datacenter: "dc2", Partition: acl.PartitionOrDefault("")}, nodes: structs.CheckServiceNodes{ { Node: &structs.Node{ diff --git a/agent/proxycfg/testing_ingress_gateway.go b/agent/proxycfg/testing_ingress_gateway.go index 7686993ba..b0f09449d 100644 --- a/agent/proxycfg/testing_ingress_gateway.go +++ b/agent/proxycfg/testing_ingress_gateway.go @@ -6,6 +6,7 @@ import ( "github.com/mitchellh/go-testing-interface" "github.com/stretchr/testify/require" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/cache" "github.com/hashicorp/consul/agent/connect" "github.com/hashicorp/consul/agent/consul/discoverychain" @@ -882,13 +883,13 @@ func TestConfigSnapshotIngress_MultipleListenersDuplicateService(t testing.T) *C func TestConfigSnapshotIngressGatewayWithChain( t testing.T, variant string, - webEntMeta, fooEntMeta *structs.EnterpriseMeta, + webEntMeta, fooEntMeta *acl.EnterpriseMeta, ) *ConfigSnapshot { if webEntMeta == nil { - webEntMeta = &structs.EnterpriseMeta{} + webEntMeta = &acl.EnterpriseMeta{} } if fooEntMeta == nil { - fooEntMeta = &structs.EnterpriseMeta{} + fooEntMeta = &acl.EnterpriseMeta{} } var ( diff --git a/agent/proxycfg/upstreams.go b/agent/proxycfg/upstreams.go index f8daf340f..e38ddeb63 100644 --- a/agent/proxycfg/upstreams.go +++ b/agent/proxycfg/upstreams.go @@ -8,6 +8,7 @@ import ( "github.com/mitchellh/mapstructure" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/cache" cachetype "github.com/hashicorp/consul/agent/cache-types" "github.com/hashicorp/consul/agent/structs" @@ -283,7 +284,7 @@ func (s *handlerUpstreams) resetWatchesFromChain( // Outside of transparent mode we only watch the chain target, B, // since A is a virtual service and traffic will not be sent to it. if !watchedChainEndpoints && s.proxyCfg.Mode == structs.ProxyModeTransparent { - chainEntMeta := structs.NewEnterpriseMetaWithPartition(chain.Partition, chain.Namespace) + chainEntMeta := acl.NewEnterpriseMetaWithPartition(chain.Partition, chain.Namespace) opts := targetWatchOpts{ upstreamID: uid, @@ -356,7 +357,7 @@ type targetWatchOpts struct { service string filter string datacenter string - entMeta *structs.EnterpriseMeta + entMeta *acl.EnterpriseMeta } func (s *handlerUpstreams) watchUpstreamTarget(ctx context.Context, snap *ConfigSnapshotUpstreams, opts targetWatchOpts) error { @@ -366,7 +367,7 @@ func (s *handlerUpstreams) watchUpstreamTarget(ctx context.Context, snap *Config "target", opts.chainID, ) - var finalMeta structs.EnterpriseMeta + var finalMeta acl.EnterpriseMeta finalMeta.Merge(opts.entMeta) correlationID := "upstream-target:" + opts.chainID + ":" + opts.upstreamID.String() diff --git a/agent/structs/acl_cache_test.go b/agent/structs/acl_cache_test.go index 2d527b7aa..9a5ba3707 100644 --- a/agent/structs/acl_cache_test.go +++ b/agent/structs/acl_cache_test.go @@ -3,8 +3,9 @@ package structs import ( "testing" - "github.com/hashicorp/consul/acl" "github.com/stretchr/testify/require" + + "github.com/hashicorp/consul/acl" ) func TestStructs_ACLCaches(t *testing.T) { diff --git a/agent/structs/check_definition.go b/agent/structs/check_definition.go index c6967d2fc..5e7768270 100644 --- a/agent/structs/check_definition.go +++ b/agent/structs/check_definition.go @@ -1,9 +1,10 @@ package structs import ( - "github.com/hashicorp/consul/acl" "time" + "github.com/hashicorp/consul/acl" + "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/lib" "github.com/hashicorp/consul/types" diff --git a/agent/structs/config_entry.go b/agent/structs/config_entry.go index 1fe7cad73..fabb5dae9 100644 --- a/agent/structs/config_entry.go +++ b/agent/structs/config_entry.go @@ -6,11 +6,12 @@ import ( "strings" "time" - "github.com/hashicorp/consul-net-rpc/go-msgpack/codec" "github.com/hashicorp/go-multierror" "github.com/mitchellh/hashstructure" "github.com/mitchellh/mapstructure" + "github.com/hashicorp/consul-net-rpc/go-msgpack/codec" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/cache" "github.com/hashicorp/consul/lib" diff --git a/agent/structs/config_entry_test.go b/agent/structs/config_entry_test.go index 5203bcc00..90931907e 100644 --- a/agent/structs/config_entry_test.go +++ b/agent/structs/config_entry_test.go @@ -7,12 +7,13 @@ import ( "time" "github.com/google/go-cmp/cmp" - "github.com/hashicorp/consul-net-rpc/go-msgpack/codec" "github.com/hashicorp/hcl" "github.com/mitchellh/copystructure" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + "github.com/hashicorp/consul-net-rpc/go-msgpack/codec" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/cache" "github.com/hashicorp/consul/sdk/testutil" diff --git a/agent/structs/discovery_chain.go b/agent/structs/discovery_chain.go index 17b9ee77a..c2738f842 100644 --- a/agent/structs/discovery_chain.go +++ b/agent/structs/discovery_chain.go @@ -3,9 +3,10 @@ package structs import ( "encoding/json" "fmt" - "github.com/hashicorp/consul/acl" "time" + "github.com/hashicorp/consul/acl" + "github.com/hashicorp/consul/lib" ) diff --git a/agent/structs/structs.go b/agent/structs/structs.go index 46dbbe7c5..1ea8eb3ca 100644 --- a/agent/structs/structs.go +++ b/agent/structs/structs.go @@ -6,8 +6,6 @@ import ( "crypto/sha256" "encoding/json" "fmt" - "github.com/golang/protobuf/ptypes/duration" - "github.com/golang/protobuf/ptypes/timestamp" "math/rand" "reflect" "regexp" @@ -16,13 +14,18 @@ import ( "strings" "time" + "github.com/golang/protobuf/ptypes/duration" + "github.com/golang/protobuf/ptypes/timestamp" + "github.com/golang/protobuf/proto" - "github.com/hashicorp/consul-net-rpc/go-msgpack/codec" "github.com/hashicorp/go-multierror" "github.com/hashicorp/serf/coordinate" "github.com/mitchellh/hashstructure" + "github.com/hashicorp/consul-net-rpc/go-msgpack/codec" + ptypes "github.com/golang/protobuf/ptypes" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/cache" "github.com/hashicorp/consul/api" diff --git a/agent/submatview/store_integration_test.go b/agent/submatview/store_integration_test.go index 69dab7cfc..49cb67677 100644 --- a/agent/submatview/store_integration_test.go +++ b/agent/submatview/store_integration_test.go @@ -142,7 +142,7 @@ type backend struct { pub *stream.EventPublisher } -func (b backend) ResolveTokenAndDefaultMeta(string, *structs.EnterpriseMeta, *acl.AuthorizerContext) (acl.Authorizer, error) { +func (b backend) ResolveTokenAndDefaultMeta(string, *acl.EnterpriseMeta, *acl.AuthorizerContext) (acl.Authorizer, error) { return acl.AllowAll(), nil } diff --git a/agent/txn_endpoint.go b/agent/txn_endpoint.go index 58a1cd4b0..54338c86b 100644 --- a/agent/txn_endpoint.go +++ b/agent/txn_endpoint.go @@ -7,6 +7,7 @@ import ( "strings" "time" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/types" @@ -147,7 +148,7 @@ func (s *HTTPHandlers) convertOps(resp http.ResponseWriter, req *http.Request) ( Value: in.KV.Value, Flags: in.KV.Flags, Session: in.KV.Session, - EnterpriseMeta: structs.NewEnterpriseMetaWithPartition( + EnterpriseMeta: acl.NewEnterpriseMetaWithPartition( in.KV.Partition, in.KV.Namespace, ), @@ -211,7 +212,7 @@ func (s *HTTPHandlers) convertOps(resp http.ResponseWriter, req *http.Request) ( Warning: svc.Weights.Warning, }, EnableTagOverride: svc.EnableTagOverride, - EnterpriseMeta: structs.NewEnterpriseMetaWithPartition( + EnterpriseMeta: acl.NewEnterpriseMetaWithPartition( svc.Partition, svc.Namespace, ), @@ -274,7 +275,7 @@ func (s *HTTPHandlers) convertOps(resp http.ResponseWriter, req *http.Request) ( Timeout: timeout, DeregisterCriticalServiceAfter: deregisterCriticalServiceAfter, }, - EnterpriseMeta: structs.NewEnterpriseMetaWithPartition( + EnterpriseMeta: acl.NewEnterpriseMetaWithPartition( check.Partition, check.Namespace, ), diff --git a/agent/ui_endpoint.go b/agent/ui_endpoint.go index 1defb241b..dfe14e9d5 100644 --- a/agent/ui_endpoint.go +++ b/agent/ui_endpoint.go @@ -37,7 +37,7 @@ type ServiceSummary struct { transparentProxySet bool ConnectNative bool - structs.EnterpriseMeta + acl.EnterpriseMeta } func (s *ServiceSummary) LessThan(other *ServiceSummary) bool { @@ -582,7 +582,7 @@ func (s *HTTPHandlers) UIGatewayIntentions(resp http.ResponseWriter, req *http.R return nil, nil } - var entMeta structs.EnterpriseMeta + var entMeta acl.EnterpriseMeta if err := s.parseEntMetaNoWildcard(req, &entMeta); err != nil { return nil, err } @@ -642,7 +642,7 @@ func (s *HTTPHandlers) UIMetricsProxy(resp http.ResponseWriter, req *http.Reques // Clear the token from the headers so we don't end up proxying it. s.clearTokenFromHeaders(req) - var entMeta structs.EnterpriseMeta + var entMeta acl.EnterpriseMeta if err := s.parseEntMetaPartition(req, &entMeta); err != nil { return nil, err } diff --git a/agent/xds/endpoints.go b/agent/xds/endpoints.go index b1a38f0cd..711f854b2 100644 --- a/agent/xds/endpoints.go +++ b/agent/xds/endpoints.go @@ -11,6 +11,7 @@ import ( "github.com/golang/protobuf/proto" bexpr "github.com/hashicorp/go-bexpr" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/connect" "github.com/hashicorp/consul/agent/proxycfg" "github.com/hashicorp/consul/agent/structs" @@ -564,7 +565,7 @@ func makeLoadAssignmentEndpointGroup( gatewayKey = localKey } - if gatewayKey.IsEmpty() || (structs.EqualPartitions(localKey.Partition, target.Partition) && localKey.Datacenter == target.Datacenter) { + if gatewayKey.IsEmpty() || (acl.EqualPartitions(localKey.Partition, target.Partition) && localKey.Datacenter == target.Datacenter) { // Gateways are not needed if the request isn't for a remote DC or partition. return loadAssignmentEndpointGroup{ Endpoints: realEndpoints, diff --git a/agent/xds/listeners.go b/agent/xds/listeners.go index bca152ad9..b9b7855b9 100644 --- a/agent/xds/listeners.go +++ b/agent/xds/listeners.go @@ -11,6 +11,7 @@ import ( "strings" "time" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/connect/ca" "github.com/hashicorp/consul/types" @@ -192,7 +193,7 @@ func (s *ResourceGenerator) listenersFromSnapshotConnectProxy(cfgSnap *proxycfg. // The virtualIPTag is used by consul-k8s to store the ClusterIP for a service. // We only match on this virtual IP if the upstream is in the proxy's partition. // This is because the IP is not guaranteed to be unique across k8s clusters. - if structs.EqualPartitions(e.Node.PartitionOrDefault(), cfgSnap.ProxyID.PartitionOrDefault()) { + if acl.EqualPartitions(e.Node.PartitionOrDefault(), cfgSnap.ProxyID.PartitionOrDefault()) { if vip := e.Service.TaggedAddresses[virtualIPTag]; vip.Address != "" { uniqueAddrs[vip.Address] = struct{}{} } diff --git a/agent/xds/server_oss.go b/agent/xds/server_oss.go index a9a01908d..dc5ab309c 100644 --- a/agent/xds/server_oss.go +++ b/agent/xds/server_oss.go @@ -6,9 +6,10 @@ package xds import ( envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" ) -func parseEnterpriseMeta(node *envoy_core_v3.Node) *structs.EnterpriseMeta { +func parseEnterpriseMeta(node *envoy_core_v3.Node) *acl.EnterpriseMeta { return structs.DefaultEnterpriseMetaInDefaultPartition() } diff --git a/command/acl/bindingrule/delete/bindingrule_delete.go b/command/acl/bindingrule/delete/bindingrule_delete.go index 49dac4e59..938699251 100644 --- a/command/acl/bindingrule/delete/bindingrule_delete.go +++ b/command/acl/bindingrule/delete/bindingrule_delete.go @@ -4,9 +4,10 @@ import ( "flag" "fmt" + "github.com/mitchellh/cli" + "github.com/hashicorp/consul/command/acl" "github.com/hashicorp/consul/command/flags" - "github.com/mitchellh/cli" ) func New(ui cli.Ui) *cmd { diff --git a/command/acl/bindingrule/update/bindingrule_update.go b/command/acl/bindingrule/update/bindingrule_update.go index d3d0eb462..aa667f01e 100644 --- a/command/acl/bindingrule/update/bindingrule_update.go +++ b/command/acl/bindingrule/update/bindingrule_update.go @@ -5,11 +5,12 @@ import ( "fmt" "strings" + "github.com/mitchellh/cli" + "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/command/acl" "github.com/hashicorp/consul/command/acl/bindingrule" "github.com/hashicorp/consul/command/flags" - "github.com/mitchellh/cli" ) func New(ui cli.Ui) *cmd { diff --git a/command/acl/policy/create/policy_create.go b/command/acl/policy/create/policy_create.go index 00546ff18..46bc2b596 100644 --- a/command/acl/policy/create/policy_create.go +++ b/command/acl/policy/create/policy_create.go @@ -6,13 +6,14 @@ import ( "io" "strings" + "github.com/mitchellh/cli" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/api" aclhelpers "github.com/hashicorp/consul/command/acl" "github.com/hashicorp/consul/command/acl/policy" "github.com/hashicorp/consul/command/flags" "github.com/hashicorp/consul/command/helpers" - "github.com/mitchellh/cli" ) func New(ui cli.Ui) *cmd { diff --git a/command/acl/policy/delete/policy_delete.go b/command/acl/policy/delete/policy_delete.go index 109cdb9ac..69d23d2a8 100644 --- a/command/acl/policy/delete/policy_delete.go +++ b/command/acl/policy/delete/policy_delete.go @@ -4,9 +4,10 @@ import ( "flag" "fmt" + "github.com/mitchellh/cli" + "github.com/hashicorp/consul/command/acl" "github.com/hashicorp/consul/command/flags" - "github.com/mitchellh/cli" ) func New(ui cli.Ui) *cmd { diff --git a/command/acl/policy/read/policy_read.go b/command/acl/policy/read/policy_read.go index c5be7f63b..455f5e5f7 100644 --- a/command/acl/policy/read/policy_read.go +++ b/command/acl/policy/read/policy_read.go @@ -5,11 +5,12 @@ import ( "fmt" "strings" + "github.com/mitchellh/cli" + "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/command/acl" "github.com/hashicorp/consul/command/acl/policy" "github.com/hashicorp/consul/command/flags" - "github.com/mitchellh/cli" ) func New(ui cli.Ui) *cmd { diff --git a/command/acl/policy/update/policy_update.go b/command/acl/policy/update/policy_update.go index 4af67cfe2..5d0768a80 100644 --- a/command/acl/policy/update/policy_update.go +++ b/command/acl/policy/update/policy_update.go @@ -6,12 +6,13 @@ import ( "io" "strings" + "github.com/mitchellh/cli" + "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/command/acl" "github.com/hashicorp/consul/command/acl/policy" "github.com/hashicorp/consul/command/flags" "github.com/hashicorp/consul/command/helpers" - "github.com/mitchellh/cli" ) func New(ui cli.Ui) *cmd { diff --git a/command/acl/role/create/role_create.go b/command/acl/role/create/role_create.go index c4f480464..9afbfe841 100644 --- a/command/acl/role/create/role_create.go +++ b/command/acl/role/create/role_create.go @@ -5,11 +5,12 @@ import ( "fmt" "strings" + "github.com/mitchellh/cli" + "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/command/acl" "github.com/hashicorp/consul/command/acl/role" "github.com/hashicorp/consul/command/flags" - "github.com/mitchellh/cli" ) func New(ui cli.Ui) *cmd { diff --git a/command/acl/role/delete/role_delete.go b/command/acl/role/delete/role_delete.go index d43858379..41fbb26a3 100644 --- a/command/acl/role/delete/role_delete.go +++ b/command/acl/role/delete/role_delete.go @@ -4,9 +4,10 @@ import ( "flag" "fmt" + "github.com/mitchellh/cli" + "github.com/hashicorp/consul/command/acl" "github.com/hashicorp/consul/command/flags" - "github.com/mitchellh/cli" ) func New(ui cli.Ui) *cmd { diff --git a/command/acl/role/read/role_read.go b/command/acl/role/read/role_read.go index 5d46dbad2..c22c48477 100644 --- a/command/acl/role/read/role_read.go +++ b/command/acl/role/read/role_read.go @@ -5,11 +5,12 @@ import ( "fmt" "strings" + "github.com/mitchellh/cli" + "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/command/acl" "github.com/hashicorp/consul/command/acl/role" "github.com/hashicorp/consul/command/flags" - "github.com/mitchellh/cli" ) func New(ui cli.Ui) *cmd { diff --git a/command/acl/role/update/role_update.go b/command/acl/role/update/role_update.go index c9b116a30..d229fd47b 100644 --- a/command/acl/role/update/role_update.go +++ b/command/acl/role/update/role_update.go @@ -5,11 +5,12 @@ import ( "fmt" "strings" + "github.com/mitchellh/cli" + "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/command/acl" "github.com/hashicorp/consul/command/acl/role" "github.com/hashicorp/consul/command/flags" - "github.com/mitchellh/cli" ) func New(ui cli.Ui) *cmd { diff --git a/command/acl/rules/translate.go b/command/acl/rules/translate.go index cdd423943..b8053ba74 100644 --- a/command/acl/rules/translate.go +++ b/command/acl/rules/translate.go @@ -6,11 +6,12 @@ import ( "io" "strings" + "github.com/mitchellh/cli" + "github.com/hashicorp/consul/acl" aclhelpers "github.com/hashicorp/consul/command/acl" "github.com/hashicorp/consul/command/flags" "github.com/hashicorp/consul/command/helpers" - "github.com/mitchellh/cli" ) func New(ui cli.Ui) *cmd { diff --git a/command/acl/token/clone/token_clone.go b/command/acl/token/clone/token_clone.go index 129a451cf..c7c90435f 100644 --- a/command/acl/token/clone/token_clone.go +++ b/command/acl/token/clone/token_clone.go @@ -5,10 +5,11 @@ import ( "fmt" "strings" + "github.com/mitchellh/cli" + "github.com/hashicorp/consul/command/acl" "github.com/hashicorp/consul/command/acl/token" "github.com/hashicorp/consul/command/flags" - "github.com/mitchellh/cli" ) func New(ui cli.Ui) *cmd { diff --git a/command/acl/token/create/token_create.go b/command/acl/token/create/token_create.go index 15ac10cb9..8be472475 100644 --- a/command/acl/token/create/token_create.go +++ b/command/acl/token/create/token_create.go @@ -6,11 +6,12 @@ import ( "strings" "time" + "github.com/mitchellh/cli" + "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/command/acl" "github.com/hashicorp/consul/command/acl/token" "github.com/hashicorp/consul/command/flags" - "github.com/mitchellh/cli" ) func New(ui cli.Ui) *cmd { diff --git a/command/acl/token/delete/token_delete.go b/command/acl/token/delete/token_delete.go index 94af0c1bc..4d265bcf6 100644 --- a/command/acl/token/delete/token_delete.go +++ b/command/acl/token/delete/token_delete.go @@ -4,9 +4,10 @@ import ( "flag" "fmt" + "github.com/mitchellh/cli" + "github.com/hashicorp/consul/command/acl" "github.com/hashicorp/consul/command/flags" - "github.com/mitchellh/cli" ) func New(ui cli.Ui) *cmd { diff --git a/command/acl/token/formatter.go b/command/acl/token/formatter.go index a1eb050ba..cc5671002 100644 --- a/command/acl/token/formatter.go +++ b/command/acl/token/formatter.go @@ -6,6 +6,7 @@ import ( "fmt" "strings" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" ) @@ -165,7 +166,7 @@ func (f *prettyFormatter) FormatTokenExpanded(token *api.ACLTokenExpanded) (stri } } - entMeta := structs.NewEnterpriseMetaWithPartition(token.Partition, token.Namespace) + entMeta := acl.NewEnterpriseMetaWithPartition(token.Partition, token.Namespace) formatServiceIdentity := func(svcIdentity *api.ACLServiceIdentity, indent string) { if len(svcIdentity.Datacenters) > 0 { buffer.WriteString(fmt.Sprintf(indent+"Name: %s (Datacenters: %s)\n", svcIdentity.ServiceName, strings.Join(svcIdentity.Datacenters, ", "))) diff --git a/command/acl/token/read/token_read.go b/command/acl/token/read/token_read.go index 885d7d916..4e66d9ea7 100644 --- a/command/acl/token/read/token_read.go +++ b/command/acl/token/read/token_read.go @@ -5,11 +5,12 @@ import ( "fmt" "strings" + "github.com/mitchellh/cli" + "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/command/acl" "github.com/hashicorp/consul/command/acl/token" "github.com/hashicorp/consul/command/flags" - "github.com/mitchellh/cli" ) func New(ui cli.Ui) *cmd { diff --git a/command/acl/token/update/token_update.go b/command/acl/token/update/token_update.go index 4a8b97b4b..7c9b4f20f 100644 --- a/command/acl/token/update/token_update.go +++ b/command/acl/token/update/token_update.go @@ -5,11 +5,12 @@ import ( "fmt" "strings" + "github.com/mitchellh/cli" + "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/command/acl" "github.com/hashicorp/consul/command/acl/token" "github.com/hashicorp/consul/command/flags" - "github.com/mitchellh/cli" ) func New(ui cli.Ui) *cmd { diff --git a/command/keyring/keyring.go b/command/keyring/keyring.go index 6c73c7429..b2f418c82 100644 --- a/command/keyring/keyring.go +++ b/command/keyring/keyring.go @@ -7,8 +7,8 @@ import ( "github.com/mitchellh/cli" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent" - "github.com/hashicorp/consul/agent/structs" consulapi "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/command/flags" ) @@ -202,7 +202,7 @@ func poolName(dc string, wan bool, partition, segment string) string { var suffix string if segment != "" { suffix = fmt.Sprintf(" [%s]", segment) - } else if !structs.IsDefaultPartition(partition) { + } else if !acl.IsDefaultPartition(partition) { suffix = fmt.Sprintf(" [partition: %s]", partition) } return fmt.Sprintf("%s%s:\n", pool, suffix) diff --git a/command/logout/logout_test.go b/command/logout/logout_test.go index 82e82bc03..92520976d 100644 --- a/command/logout/logout_test.go +++ b/command/logout/logout_test.go @@ -4,15 +4,16 @@ import ( "strings" "testing" + "github.com/hashicorp/go-uuid" + "github.com/mitchellh/cli" + "github.com/stretchr/testify/require" + "github.com/hashicorp/consul/agent" "github.com/hashicorp/consul/agent/consul/authmethod/kubeauth" "github.com/hashicorp/consul/agent/consul/authmethod/testauth" "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/command/acl" "github.com/hashicorp/consul/testrpc" - "github.com/hashicorp/go-uuid" - "github.com/mitchellh/cli" - "github.com/stretchr/testify/require" ) func TestLogout_noTabs(t *testing.T) { diff --git a/command/members/members.go b/command/members/members.go index b7ce700ab..2541799cb 100644 --- a/command/members/members.go +++ b/command/members/members.go @@ -12,7 +12,7 @@ import ( "github.com/mitchellh/cli" "github.com/ryanuber/columnize" - "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/acl" consulapi "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/command/flags" ) @@ -94,7 +94,7 @@ func (c *cmd) Run(args []string) int { if member.Tags[consulapi.MemberTagKeyPartition] == "" { member.Tags[consulapi.MemberTagKeyPartition] = "default" } - if structs.IsDefaultPartition(member.Tags[consulapi.MemberTagKeyPartition]) { + if acl.IsDefaultPartition(member.Tags[consulapi.MemberTagKeyPartition]) { if c.segment == consulapi.AllSegments && member.Tags[consulapi.MemberTagKeyRole] == consulapi.MemberTagValueRoleServer { member.Tags[consulapi.MemberTagKeySegment] = "" } else if member.Tags[consulapi.MemberTagKeySegment] == "" { diff --git a/proto/pbcommon/common_oss.go b/proto/pbcommon/common_oss.go index 2dc2026e8..0df88ec20 100644 --- a/proto/pbcommon/common_oss.go +++ b/proto/pbcommon/common_oss.go @@ -3,21 +3,19 @@ package pbcommon -import ( - "github.com/hashicorp/consul/agent/structs" -) +import "github.com/hashicorp/consul/acl" var DefaultEnterpriseMeta = &EnterpriseMeta{} -func NewEnterpriseMetaFromStructs(_ structs.EnterpriseMeta) *EnterpriseMeta { +func NewEnterpriseMetaFromStructs(_ acl.EnterpriseMeta) *EnterpriseMeta { return &EnterpriseMeta{} } -func EnterpriseMetaToStructs(s *EnterpriseMeta, t *structs.EnterpriseMeta) { +func EnterpriseMetaToStructs(s *EnterpriseMeta, t *acl.EnterpriseMeta) { if s == nil { return } } -func EnterpriseMetaFromStructs(t *structs.EnterpriseMeta, s *EnterpriseMeta) { +func EnterpriseMetaFromStructs(t *acl.EnterpriseMeta, s *EnterpriseMeta) { if s == nil { return } diff --git a/proto/pbconnect/connect.go b/proto/pbconnect/connect.go index 2b13a12b3..ae279b31a 100644 --- a/proto/pbconnect/connect.go +++ b/proto/pbconnect/connect.go @@ -1,6 +1,7 @@ package pbconnect import ( + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/proto/pbcommon" ) @@ -29,14 +30,14 @@ func RaftIndexTo(f *pbcommon.RaftIndex) structs.RaftIndex { return *t } -func EnterpriseMetaFrom(f structs.EnterpriseMeta) *pbcommon.EnterpriseMeta { +func EnterpriseMetaFrom(f acl.EnterpriseMeta) *pbcommon.EnterpriseMeta { t := new(pbcommon.EnterpriseMeta) pbcommon.EnterpriseMetaFromStructs(&f, t) return t } -func EnterpriseMetaTo(f *pbcommon.EnterpriseMeta) structs.EnterpriseMeta { - t := new(structs.EnterpriseMeta) +func EnterpriseMetaTo(f *pbcommon.EnterpriseMeta) acl.EnterpriseMeta { + t := new(acl.EnterpriseMeta) pbcommon.EnterpriseMetaToStructs(f, t) return *t } diff --git a/proto/pbservice/convert_oss.go b/proto/pbservice/convert_oss.go index 4efb78bef..5ecd2f7f4 100644 --- a/proto/pbservice/convert_oss.go +++ b/proto/pbservice/convert_oss.go @@ -4,14 +4,14 @@ package pbservice import ( - "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/proto/pbcommon" ) -func EnterpriseMetaToStructs(_ *pbcommon.EnterpriseMeta) structs.EnterpriseMeta { - return structs.EnterpriseMeta{} +func EnterpriseMetaToStructs(_ *pbcommon.EnterpriseMeta) acl.EnterpriseMeta { + return acl.EnterpriseMeta{} } -func NewEnterpriseMetaFromStructs(_ structs.EnterpriseMeta) *pbcommon.EnterpriseMeta { +func NewEnterpriseMetaFromStructs(_ acl.EnterpriseMeta) *pbcommon.EnterpriseMeta { return &pbcommon.EnterpriseMeta{} } diff --git a/proto/pbservice/convert_oss_test.go b/proto/pbservice/convert_oss_test.go index 17717f058..253da69e5 100644 --- a/proto/pbservice/convert_oss_test.go +++ b/proto/pbservice/convert_oss_test.go @@ -6,8 +6,8 @@ package pbservice import ( fuzz "github.com/google/gofuzz" - "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/acl" ) -func randEnterpriseMeta(_ *structs.EnterpriseMeta, _ fuzz.Continue) { +func randEnterpriseMeta(_ *acl.EnterpriseMeta, _ fuzz.Continue) { } From b3db499c746564bec63eef12e1db787b4deae1d3 Mon Sep 17 00:00:00 2001 From: Kyle Havlovitz Date: Fri, 1 Apr 2022 14:31:15 -0700 Subject: [PATCH 092/785] Add a field to disable following redirects on http checks --- .changelog/12685.txt | 3 + agent/agent.go | 25 +- agent/checks/check.go | 30 +- agent/checks/check_test.go | 40 +++ agent/config/builder.go | 1 + agent/config/config.go | 1 + agent/config/runtime.go | 1 + agent/config/runtime_test.go | 7 + .../TestRuntimeConfig_Sanitize.golden | 4 +- agent/config/testdata/full-config.hcl | 8 + agent/config/testdata/full-config.json | 8 + agent/structs/check_definition.go | 6 + agent/structs/check_type.go | 1 + agent/structs/structs.go | 7 +- proto/pbservice/healthcheck.gen.go | 4 + proto/pbservice/healthcheck.pb.go | 271 ++++++++++-------- proto/pbservice/healthcheck.proto | 2 + website/content/api-docs/agent/check.mdx | 4 + website/content/docs/discovery/checks.mdx | 5 + 19 files changed, 276 insertions(+), 152 deletions(-) create mode 100644 .changelog/12685.txt diff --git a/.changelog/12685.txt b/.changelog/12685.txt new file mode 100644 index 000000000..727d3556e --- /dev/null +++ b/.changelog/12685.txt @@ -0,0 +1,3 @@ +```release-note:security +agent: Added a new check field, `disable_redirects`, that allows for disabling the following of redirects for HTTP checks. The intention is to default this to true in a future release so that redirects must explicitly be enabled. +``` diff --git a/agent/agent.go b/agent/agent.go index 7a313cb4f..a23700ebd 100644 --- a/agent/agent.go +++ b/agent/agent.go @@ -2683,18 +2683,19 @@ func (a *Agent) addCheck(check *structs.HealthCheck, chkType *structs.CheckType, tlsClientConfig := a.tlsConfigurator.OutgoingTLSConfigForCheck(chkType.TLSSkipVerify, chkType.TLSServerName) http := &checks.CheckHTTP{ - CheckID: cid, - ServiceID: sid, - HTTP: chkType.HTTP, - Header: chkType.Header, - Method: chkType.Method, - Body: chkType.Body, - Interval: chkType.Interval, - Timeout: chkType.Timeout, - Logger: a.logger, - OutputMaxSize: maxOutputSize, - TLSClientConfig: tlsClientConfig, - StatusHandler: statusHandler, + CheckID: cid, + ServiceID: sid, + HTTP: chkType.HTTP, + Header: chkType.Header, + Method: chkType.Method, + Body: chkType.Body, + DisableRedirects: chkType.DisableRedirects, + Interval: chkType.Interval, + Timeout: chkType.Timeout, + Logger: a.logger, + OutputMaxSize: maxOutputSize, + TLSClientConfig: tlsClientConfig, + StatusHandler: statusHandler, } if proxy != nil && proxy.Proxy.Expose.Checks { diff --git a/agent/checks/check.go b/agent/checks/check.go index 8f910901f..3e3ce44f8 100644 --- a/agent/checks/check.go +++ b/agent/checks/check.go @@ -334,18 +334,19 @@ func (c *CheckTTL) SetStatus(status, output string) string { // or if the request returns an error // Supports failures_before_critical and success_before_passing. type CheckHTTP struct { - CheckID structs.CheckID - ServiceID structs.ServiceID - HTTP string - Header map[string][]string - Method string - Body string - Interval time.Duration - Timeout time.Duration - Logger hclog.Logger - TLSClientConfig *tls.Config - OutputMaxSize int - StatusHandler *StatusHandler + CheckID structs.CheckID + ServiceID structs.ServiceID + HTTP string + Header map[string][]string + Method string + Body string + Interval time.Duration + Timeout time.Duration + Logger hclog.Logger + TLSClientConfig *tls.Config + OutputMaxSize int + StatusHandler *StatusHandler + DisableRedirects bool httpClient *http.Client stop bool @@ -392,6 +393,11 @@ func (c *CheckHTTP) Start() { Timeout: 10 * time.Second, Transport: trans, } + if c.DisableRedirects { + c.httpClient.CheckRedirect = func(req *http.Request, via []*http.Request) error { + return http.ErrUseLastResponse + } + } if c.Timeout > 0 { c.httpClient.Timeout = c.Timeout } diff --git a/agent/checks/check_test.go b/agent/checks/check_test.go index ba61aeeab..caddee424 100644 --- a/agent/checks/check_test.go +++ b/agent/checks/check_test.go @@ -459,6 +459,46 @@ func TestCheckHTTP_NotProxied(t *testing.T) { }) } +func TestCheckHTTP_DisableRedirects(t *testing.T) { + t.Parallel() + + server1 := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + fmt.Fprintln(w, "server1") + })) + defer server1.Close() + + server2 := httptest.NewServer(http.RedirectHandler(server1.URL, 301)) + defer server2.Close() + + notif := mock.NewNotify() + logger := testutil.Logger(t) + statusHandler := NewStatusHandler(notif, logger, 0, 0, 0) + cid := structs.NewCheckID("foo", nil) + + check := &CheckHTTP{ + CheckID: cid, + HTTP: server2.URL, + Method: "GET", + OutputMaxSize: DefaultBufSize, + Interval: 10 * time.Millisecond, + DisableRedirects: true, + Logger: logger, + StatusHandler: statusHandler, + } + check.Start() + defer check.Stop() + + retry.Run(t, func(r *retry.R) { + output := notif.Output(cid) + if !strings.Contains(output, "Moved Permanently") { + r.Fatalf("should have returned 301 body instead of redirecting") + } + if strings.Contains(output, "server1") { + r.Fatalf("followed redirect") + } + }) +} + func TestCheckHTTPTCP_BigTimeout(t *testing.T) { testCases := []struct { timeoutIn, intervalIn, timeoutWant time.Duration diff --git a/agent/config/builder.go b/agent/config/builder.go index b3bdc46f3..d9b0aff91 100644 --- a/agent/config/builder.go +++ b/agent/config/builder.go @@ -1546,6 +1546,7 @@ func (b *builder) checkVal(v *CheckDefinition) *structs.CheckDefinition { Header: v.Header, Method: stringVal(v.Method), Body: stringVal(v.Body), + DisableRedirects: boolVal(v.DisableRedirects), TCP: stringVal(v.TCP), Interval: b.durationVal(fmt.Sprintf("check[%s].interval", id), v.Interval), DockerContainerID: stringVal(v.DockerContainerID), diff --git a/agent/config/config.go b/agent/config/config.go index 42d43f1d9..c5936afa7 100644 --- a/agent/config/config.go +++ b/agent/config/config.go @@ -399,6 +399,7 @@ type CheckDefinition struct { Header map[string][]string `mapstructure:"header"` Method *string `mapstructure:"method"` Body *string `mapstructure:"body"` + DisableRedirects *bool `mapstructure:"disable_redirects"` OutputMaxSize *int `mapstructure:"output_max_size"` TCP *string `mapstructure:"tcp"` Interval *string `mapstructure:"interval"` diff --git a/agent/config/runtime.go b/agent/config/runtime.go index 99c51f335..eb59edc84 100644 --- a/agent/config/runtime.go +++ b/agent/config/runtime.go @@ -424,6 +424,7 @@ type RuntimeConfig struct { // http = string // header = map[string][]string // method = string + // disable_redirects = (true|false) // tcp = string // h2ping = string // interval = string diff --git a/agent/config/runtime_test.go b/agent/config/runtime_test.go index 408241e40..44b10008a 100644 --- a/agent/config/runtime_test.go +++ b/agent/config/runtime_test.go @@ -5743,6 +5743,7 @@ func TestLoad_FullConfig(t *testing.T) { }, Method: "aldrIQ4l", Body: "wSjTy7dg", + DisableRedirects: true, TCP: "RJQND605", H2PING: "9N1cSb5B", H2PingUseTLS: false, @@ -5770,6 +5771,7 @@ func TestLoad_FullConfig(t *testing.T) { }, Method: "gLrztrNw", Body: "0jkKgGUC", + DisableRedirects: false, OutputMaxSize: checks.DefaultBufSize, TCP: "4jG5casb", H2PING: "HCHU7gEb", @@ -5797,6 +5799,7 @@ func TestLoad_FullConfig(t *testing.T) { }, Method: "Dou0nGT5", Body: "5PBQd2OT", + DisableRedirects: true, OutputMaxSize: checks.DefaultBufSize, TCP: "JY6fTTcw", H2PING: "rQ8eyCSF", @@ -6008,6 +6011,7 @@ func TestLoad_FullConfig(t *testing.T) { }, Method: "X5DrovFc", Body: "WeikigLh", + DisableRedirects: true, OutputMaxSize: checks.DefaultBufSize, TCP: "ICbxkpSF", H2PING: "7s7BbMyb", @@ -6204,6 +6208,7 @@ func TestLoad_FullConfig(t *testing.T) { }, Method: "T66MFBfR", Body: "OwGjTFQi", + DisableRedirects: true, OutputMaxSize: checks.DefaultBufSize, TCP: "bNnNfx2A", H2PING: "qC1pidiW", @@ -6229,6 +6234,7 @@ func TestLoad_FullConfig(t *testing.T) { }, Method: "ciYHWors", Body: "lUVLGYU7", + DisableRedirects: false, OutputMaxSize: checks.DefaultBufSize, TCP: "FfvCwlqH", H2PING: "spI3muI3", @@ -6254,6 +6260,7 @@ func TestLoad_FullConfig(t *testing.T) { }, Method: "9afLm3Mj", Body: "wVVL2V6f", + DisableRedirects: true, OutputMaxSize: checks.DefaultBufSize, TCP: "fjiLFqVd", H2PING: "5NbNWhan", diff --git a/agent/config/testdata/TestRuntimeConfig_Sanitize.golden b/agent/config/testdata/TestRuntimeConfig_Sanitize.golden index 5356761e4..ae0be95cb 100644 --- a/agent/config/testdata/TestRuntimeConfig_Sanitize.golden +++ b/agent/config/testdata/TestRuntimeConfig_Sanitize.golden @@ -90,6 +90,7 @@ "AliasService": "", "Body": "", "DeregisterCriticalServiceAfter": "0s", + "DisableRedirects": false, "DockerContainerID": "", "EnterpriseMeta": {}, "FailuresBeforeCritical": 0, @@ -297,6 +298,7 @@ "Body": "", "CheckID": "", "DeregisterCriticalServiceAfter": "0s", + "DisableRedirects": false, "DockerContainerID": "", "FailuresBeforeCritical": 0, "FailuresBeforeWarning": 0, @@ -456,4 +458,4 @@ "Version": "", "VersionPrerelease": "", "Watches": [] -} +} \ No newline at end of file diff --git a/agent/config/testdata/full-config.hcl b/agent/config/testdata/full-config.hcl index 48b6e9a1a..c52488751 100644 --- a/agent/config/testdata/full-config.hcl +++ b/agent/config/testdata/full-config.hcl @@ -110,6 +110,7 @@ check = { } method = "Dou0nGT5" body = "5PBQd2OT" + disable_redirects = true tcp = "JY6fTTcw" h2ping = "rQ8eyCSF" h2ping_use_tls = false @@ -138,6 +139,7 @@ checks = [ } method = "aldrIQ4l" body = "wSjTy7dg" + disable_redirects = true tcp = "RJQND605" h2ping = "9N1cSb5B" h2ping_use_tls = false @@ -165,6 +167,7 @@ checks = [ } method = "gLrztrNw" body = "0jkKgGUC" + disable_redirects = false tcp = "4jG5casb" h2ping = "HCHU7gEb" h2ping_use_tls = false @@ -389,6 +392,7 @@ service = { } method = "9afLm3Mj" body = "wVVL2V6f" + disable_redirects = true tcp = "fjiLFqVd" h2ping = "5NbNWhan" h2ping_use_tls = false @@ -414,6 +418,7 @@ service = { } method = "T66MFBfR" body = "OwGjTFQi" + disable_redirects = true tcp = "bNnNfx2A" h2ping = "qC1pidiW" h2ping_use_tls = false @@ -439,6 +444,7 @@ service = { } method = "ciYHWors" body = "lUVLGYU7" + disable_redirects = false tcp = "FfvCwlqH" h2ping = "spI3muI3" h2ping_use_tls = false @@ -478,6 +484,7 @@ services = [ } method = "X5DrovFc" body = "WeikigLh" + disable_redirects = true tcp = "ICbxkpSF" h2ping = "7s7BbMyb" h2ping_use_tls = false @@ -520,6 +527,7 @@ services = [ } method = "5wkAxCUE" body = "7CRjCJyz" + disable_redirects = false tcp = "MN3oA9D2" h2ping = "OV6Q2XEg" h2ping_use_tls = false diff --git a/agent/config/testdata/full-config.json b/agent/config/testdata/full-config.json index 1c92d6d02..f051b9d81 100644 --- a/agent/config/testdata/full-config.json +++ b/agent/config/testdata/full-config.json @@ -111,6 +111,7 @@ }, "method": "Dou0nGT5", "body": "5PBQd2OT", + "disable_redirects": true, "output_max_size": 4096, "tcp": "JY6fTTcw", "h2ping": "rQ8eyCSF", @@ -139,6 +140,7 @@ }, "method": "aldrIQ4l", "body": "wSjTy7dg", + "disable_redirects": true, "tcp": "RJQND605", "h2ping": "9N1cSb5B", "h2ping_use_tls": false, @@ -166,6 +168,7 @@ }, "method": "gLrztrNw", "body": "0jkKgGUC", + "disable_redirects": false, "tcp": "4jG5casb", "h2ping": "HCHU7gEb", "h2ping_use_tls": false, @@ -385,6 +388,7 @@ }, "method": "9afLm3Mj", "body": "wVVL2V6f", + "disable_redirects": true, "tcp": "fjiLFqVd", "h2ping": "5NbNWhan", "h2ping_use_tls": false, @@ -411,6 +415,7 @@ }, "method": "T66MFBfR", "body": "OwGjTFQi", + "disable_redirects": true, "tcp": "bNnNfx2A", "h2ping": "qC1pidiW", "h2ping_use_tls": false, @@ -436,6 +441,7 @@ }, "method": "ciYHWors", "body": "lUVLGYU7", + "disable_redirects": false, "tcp": "FfvCwlqH", "h2ping": "spI3muI3", "h2ping_use_tls": false, @@ -475,6 +481,7 @@ }, "method": "X5DrovFc", "body": "WeikigLh", + "disable_redirects": true, "tcp": "ICbxkpSF", "h2ping": "7s7BbMyb", "h2ping_use_tls": false, @@ -517,6 +524,7 @@ }, "method": "5wkAxCUE", "body": "7CRjCJyz", + "disable_redirects": false, "tcp": "MN3oA9D2", "h2ping": "OV6Q2XEg", "h2ping_use_tls": false, diff --git a/agent/structs/check_definition.go b/agent/structs/check_definition.go index 434f35e65..e650122fc 100644 --- a/agent/structs/check_definition.go +++ b/agent/structs/check_definition.go @@ -29,6 +29,7 @@ type CheckDefinition struct { Header map[string][]string Method string Body string + DisableRedirects bool TCP string Interval time.Duration DockerContainerID string @@ -71,6 +72,7 @@ func (t *CheckDefinition) UnmarshalJSON(data []byte) (err error) { GRPCUseTLSSnake bool `json:"grpc_use_tls"` ServiceIDSnake string `json:"service_id"` H2PingUseTLSSnake bool `json:"h2ping_use_tls"` + DisableRedirectsSnake bool `json:"disable_redirects"` *Alias }{ @@ -116,6 +118,9 @@ func (t *CheckDefinition) UnmarshalJSON(data []byte) (err error) { if t.ServiceID == "" { t.ServiceID = aux.ServiceIDSnake } + if aux.DisableRedirectsSnake { + t.DisableRedirects = aux.DisableRedirectsSnake + } if (aux.H2PING != "" && !aux.H2PingUseTLSSnake) || (aux.H2PING == "" && aux.H2PingUseTLSSnake) { t.H2PingUseTLS = aux.H2PingUseTLSSnake @@ -205,6 +210,7 @@ func (c *CheckDefinition) CheckType() *CheckType { Header: c.Header, Method: c.Method, Body: c.Body, + DisableRedirects: c.DisableRedirects, OutputMaxSize: c.OutputMaxSize, TCP: c.TCP, Interval: c.Interval, diff --git a/agent/structs/check_type.go b/agent/structs/check_type.go index 7f3b58370..0c89a00f2 100644 --- a/agent/structs/check_type.go +++ b/agent/structs/check_type.go @@ -37,6 +37,7 @@ type CheckType struct { Header map[string][]string Method string Body string + DisableRedirects bool TCP string Interval time.Duration AliasNode string diff --git a/agent/structs/structs.go b/agent/structs/structs.go index 1a678f5c0..9b32f6cb9 100644 --- a/agent/structs/structs.go +++ b/agent/structs/structs.go @@ -6,8 +6,6 @@ import ( "crypto/sha256" "encoding/json" "fmt" - "github.com/golang/protobuf/ptypes/duration" - "github.com/golang/protobuf/ptypes/timestamp" "math/rand" "reflect" "regexp" @@ -16,6 +14,9 @@ import ( "strings" "time" + "github.com/golang/protobuf/ptypes/duration" + "github.com/golang/protobuf/ptypes/timestamp" + "github.com/golang/protobuf/proto" "github.com/hashicorp/consul-net-rpc/go-msgpack/codec" "github.com/hashicorp/go-multierror" @@ -1572,6 +1573,7 @@ type HealthCheckDefinition struct { Header map[string][]string `json:",omitempty"` Method string `json:",omitempty"` Body string `json:",omitempty"` + DisableRedirects bool `json:",omitempty"` TCP string `json:",omitempty"` H2PING string `json:",omitempty"` H2PingUseTLS bool `json:",omitempty"` @@ -1720,6 +1722,7 @@ func (c *HealthCheck) CheckType() *CheckType { Header: c.Definition.Header, Method: c.Definition.Method, Body: c.Definition.Body, + DisableRedirects: c.Definition.DisableRedirects, TCP: c.Definition.TCP, H2PING: c.Definition.H2PING, H2PingUseTLS: c.Definition.H2PingUseTLS, diff --git a/proto/pbservice/healthcheck.gen.go b/proto/pbservice/healthcheck.gen.go index 6bdb63b4b..a38fd30c2 100644 --- a/proto/pbservice/healthcheck.gen.go +++ b/proto/pbservice/healthcheck.gen.go @@ -19,6 +19,7 @@ func CheckTypeToStructs(s *CheckType, t *structs.CheckType) { t.Header = MapHeadersToStructs(s.Header) t.Method = s.Method t.Body = s.Body + t.DisableRedirects = s.DisableRedirects t.TCP = s.TCP t.Interval = structs.DurationFromProto(s.Interval) t.AliasNode = s.AliasNode @@ -54,6 +55,7 @@ func CheckTypeFromStructs(t *structs.CheckType, s *CheckType) { s.Header = NewMapHeadersFromStructs(t.Header) s.Method = t.Method s.Body = t.Body + s.DisableRedirects = t.DisableRedirects s.TCP = t.TCP s.Interval = structs.DurationToProto(t.Interval) s.AliasNode = t.AliasNode @@ -132,6 +134,7 @@ func HealthCheckDefinitionToStructs(s *HealthCheckDefinition, t *structs.HealthC t.Header = MapHeadersToStructs(s.Header) t.Method = s.Method t.Body = s.Body + t.DisableRedirects = s.DisableRedirects t.TCP = s.TCP t.H2PING = s.H2PING t.H2PingUseTLS = s.H2PingUseTLS @@ -158,6 +161,7 @@ func HealthCheckDefinitionFromStructs(t *structs.HealthCheckDefinition, s *Healt s.Header = NewMapHeadersFromStructs(t.Header) s.Method = t.Method s.Body = t.Body + s.DisableRedirects = t.DisableRedirects s.TCP = t.TCP s.H2PING = t.H2PING s.H2PingUseTLS = t.H2PingUseTLS diff --git a/proto/pbservice/healthcheck.pb.go b/proto/pbservice/healthcheck.pb.go index a0dbe715c..d28ed185c 100644 --- a/proto/pbservice/healthcheck.pb.go +++ b/proto/pbservice/healthcheck.pb.go @@ -268,10 +268,11 @@ type HealthCheckDefinition struct { TLSServerName string `protobuf:"bytes,19,opt,name=TLSServerName,proto3" json:"TLSServerName,omitempty"` TLSSkipVerify bool `protobuf:"varint,2,opt,name=TLSSkipVerify,proto3" json:"TLSSkipVerify,omitempty"` // mog: func-to=MapHeadersToStructs func-from=NewMapHeadersFromStructs - Header map[string]*HeaderValue `protobuf:"bytes,3,rep,name=Header,proto3" json:"Header,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - Method string `protobuf:"bytes,4,opt,name=Method,proto3" json:"Method,omitempty"` - Body string `protobuf:"bytes,18,opt,name=Body,proto3" json:"Body,omitempty"` - TCP string `protobuf:"bytes,5,opt,name=TCP,proto3" json:"TCP,omitempty"` + Header map[string]*HeaderValue `protobuf:"bytes,3,rep,name=Header,proto3" json:"Header,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + Method string `protobuf:"bytes,4,opt,name=Method,proto3" json:"Method,omitempty"` + Body string `protobuf:"bytes,18,opt,name=Body,proto3" json:"Body,omitempty"` + DisableRedirects bool `protobuf:"varint,22,opt,name=DisableRedirects,proto3" json:"DisableRedirects,omitempty"` + TCP string `protobuf:"bytes,5,opt,name=TCP,proto3" json:"TCP,omitempty"` // mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto Interval *durationpb.Duration `protobuf:"bytes,6,opt,name=Interval,proto3" json:"Interval,omitempty"` // mog: func-to=uint func-from=uint32 @@ -367,6 +368,13 @@ func (x *HealthCheckDefinition) GetBody() string { return "" } +func (x *HealthCheckDefinition) GetDisableRedirects() bool { + if x != nil { + return x.DisableRedirects + } + return false +} + func (x *HealthCheckDefinition) GetTCP() string { if x != nil { return x.TCP @@ -497,10 +505,11 @@ type CheckType struct { ScriptArgs []string `protobuf:"bytes,5,rep,name=ScriptArgs,proto3" json:"ScriptArgs,omitempty"` HTTP string `protobuf:"bytes,6,opt,name=HTTP,proto3" json:"HTTP,omitempty"` // mog: func-to=MapHeadersToStructs func-from=NewMapHeadersFromStructs - Header map[string]*HeaderValue `protobuf:"bytes,20,rep,name=Header,proto3" json:"Header,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - Method string `protobuf:"bytes,7,opt,name=Method,proto3" json:"Method,omitempty"` - Body string `protobuf:"bytes,26,opt,name=Body,proto3" json:"Body,omitempty"` - TCP string `protobuf:"bytes,8,opt,name=TCP,proto3" json:"TCP,omitempty"` + Header map[string]*HeaderValue `protobuf:"bytes,20,rep,name=Header,proto3" json:"Header,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + Method string `protobuf:"bytes,7,opt,name=Method,proto3" json:"Method,omitempty"` + Body string `protobuf:"bytes,26,opt,name=Body,proto3" json:"Body,omitempty"` + DisableRedirects bool `protobuf:"varint,31,opt,name=DisableRedirects,proto3" json:"DisableRedirects,omitempty"` + TCP string `protobuf:"bytes,8,opt,name=TCP,proto3" json:"TCP,omitempty"` // mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto Interval *durationpb.Duration `protobuf:"bytes,9,opt,name=Interval,proto3" json:"Interval,omitempty"` AliasNode string `protobuf:"bytes,10,opt,name=AliasNode,proto3" json:"AliasNode,omitempty"` @@ -630,6 +639,13 @@ func (x *CheckType) GetBody() string { return "" } +func (x *CheckType) GetDisableRedirects() bool { + if x != nil { + return x.DisableRedirects + } + return false +} + func (x *CheckType) GetTCP() string { if x != nil { return x.TCP @@ -822,7 +838,7 @@ var file_proto_pbservice_healthcheck_proto_rawDesc = []byte{ 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x10, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x22, 0x23, 0x0a, 0x0b, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x01, 0x20, 0x03, - 0x28, 0x09, 0x52, 0x05, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x22, 0x86, 0x07, 0x0a, 0x15, 0x48, 0x65, + 0x28, 0x09, 0x52, 0x05, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x22, 0xb2, 0x07, 0x0a, 0x15, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x44, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x48, 0x54, 0x54, 0x50, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x48, 0x54, 0x54, 0x50, 0x12, 0x24, 0x0a, 0x0d, 0x54, 0x4c, 0x53, 0x53, 0x65, @@ -837,127 +853,132 @@ var file_proto_pbservice_healthcheck_proto_rawDesc = []byte{ 0x79, 0x52, 0x06, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12, 0x16, 0x0a, 0x06, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x42, 0x6f, 0x64, 0x79, 0x18, 0x12, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x04, 0x42, 0x6f, 0x64, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x54, 0x43, 0x50, 0x18, 0x05, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x03, 0x54, 0x43, 0x50, 0x12, 0x35, 0x0a, 0x08, 0x49, 0x6e, 0x74, 0x65, 0x72, - 0x76, 0x61, 0x6c, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, - 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x08, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, 0x24, - 0x0a, 0x0d, 0x4f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x4d, 0x61, 0x78, 0x53, 0x69, 0x7a, 0x65, 0x18, - 0x09, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0d, 0x4f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x4d, 0x61, 0x78, - 0x53, 0x69, 0x7a, 0x65, 0x12, 0x33, 0x0a, 0x07, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, - 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, + 0x04, 0x42, 0x6f, 0x64, 0x79, 0x12, 0x2a, 0x0a, 0x10, 0x44, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, + 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x73, 0x18, 0x16, 0x20, 0x01, 0x28, 0x08, 0x52, + 0x10, 0x44, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, + 0x73, 0x12, 0x10, 0x0a, 0x03, 0x54, 0x43, 0x50, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, + 0x54, 0x43, 0x50, 0x12, 0x35, 0x0a, 0x08, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, + 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x52, 0x07, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x61, 0x0a, 0x1e, 0x44, 0x65, 0x72, + 0x52, 0x08, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, 0x24, 0x0a, 0x0d, 0x4f, 0x75, + 0x74, 0x70, 0x75, 0x74, 0x4d, 0x61, 0x78, 0x53, 0x69, 0x7a, 0x65, 0x18, 0x09, 0x20, 0x01, 0x28, + 0x0d, 0x52, 0x0d, 0x4f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x4d, 0x61, 0x78, 0x53, 0x69, 0x7a, 0x65, + 0x12, 0x33, 0x0a, 0x07, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x07, 0x54, 0x69, + 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x61, 0x0a, 0x1e, 0x44, 0x65, 0x72, 0x65, 0x67, 0x69, 0x73, + 0x74, 0x65, 0x72, 0x43, 0x72, 0x69, 0x74, 0x69, 0x63, 0x61, 0x6c, 0x53, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0x41, 0x66, 0x74, 0x65, 0x72, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, + 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, + 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x1e, 0x44, 0x65, 0x72, 0x65, 0x67, 0x69, + 0x73, 0x74, 0x65, 0x72, 0x43, 0x72, 0x69, 0x74, 0x69, 0x63, 0x61, 0x6c, 0x53, 0x65, 0x72, 0x76, + 0x69, 0x63, 0x65, 0x41, 0x66, 0x74, 0x65, 0x72, 0x12, 0x1e, 0x0a, 0x0a, 0x53, 0x63, 0x72, 0x69, + 0x70, 0x74, 0x41, 0x72, 0x67, 0x73, 0x18, 0x0a, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x53, 0x63, + 0x72, 0x69, 0x70, 0x74, 0x41, 0x72, 0x67, 0x73, 0x12, 0x2c, 0x0a, 0x11, 0x44, 0x6f, 0x63, 0x6b, + 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x49, 0x44, 0x18, 0x0b, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x11, 0x44, 0x6f, 0x63, 0x6b, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x74, 0x61, + 0x69, 0x6e, 0x65, 0x72, 0x49, 0x44, 0x12, 0x14, 0x0a, 0x05, 0x53, 0x68, 0x65, 0x6c, 0x6c, 0x18, + 0x0c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x53, 0x68, 0x65, 0x6c, 0x6c, 0x12, 0x16, 0x0a, 0x06, + 0x48, 0x32, 0x50, 0x49, 0x4e, 0x47, 0x18, 0x14, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x48, 0x32, + 0x50, 0x49, 0x4e, 0x47, 0x12, 0x22, 0x0a, 0x0c, 0x48, 0x32, 0x50, 0x69, 0x6e, 0x67, 0x55, 0x73, + 0x65, 0x54, 0x4c, 0x53, 0x18, 0x15, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0c, 0x48, 0x32, 0x50, 0x69, + 0x6e, 0x67, 0x55, 0x73, 0x65, 0x54, 0x4c, 0x53, 0x12, 0x12, 0x0a, 0x04, 0x47, 0x52, 0x50, 0x43, + 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x47, 0x52, 0x50, 0x43, 0x12, 0x1e, 0x0a, 0x0a, + 0x47, 0x52, 0x50, 0x43, 0x55, 0x73, 0x65, 0x54, 0x4c, 0x53, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x08, + 0x52, 0x0a, 0x47, 0x52, 0x50, 0x43, 0x55, 0x73, 0x65, 0x54, 0x4c, 0x53, 0x12, 0x1c, 0x0a, 0x09, + 0x41, 0x6c, 0x69, 0x61, 0x73, 0x4e, 0x6f, 0x64, 0x65, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x09, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x4e, 0x6f, 0x64, 0x65, 0x12, 0x22, 0x0a, 0x0c, 0x41, 0x6c, + 0x69, 0x61, 0x73, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x18, 0x10, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x0c, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x2b, + 0x0a, 0x03, 0x54, 0x54, 0x4c, 0x18, 0x11, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, + 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, + 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x03, 0x54, 0x54, 0x4c, 0x1a, 0x51, 0x0a, 0x0b, 0x48, + 0x65, 0x61, 0x64, 0x65, 0x72, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, + 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x2c, 0x0a, 0x05, + 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x70, 0x62, + 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x56, 0x61, + 0x6c, 0x75, 0x65, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xd4, + 0x09, 0x0a, 0x09, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x54, 0x79, 0x70, 0x65, 0x12, 0x18, 0x0a, 0x07, + 0x43, 0x68, 0x65, 0x63, 0x6b, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x43, + 0x68, 0x65, 0x63, 0x6b, 0x49, 0x44, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x53, 0x74, + 0x61, 0x74, 0x75, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x53, 0x74, 0x61, 0x74, + 0x75, 0x73, 0x12, 0x14, 0x0a, 0x05, 0x4e, 0x6f, 0x74, 0x65, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x05, 0x4e, 0x6f, 0x74, 0x65, 0x73, 0x12, 0x1e, 0x0a, 0x0a, 0x53, 0x63, 0x72, 0x69, + 0x70, 0x74, 0x41, 0x72, 0x67, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x53, 0x63, + 0x72, 0x69, 0x70, 0x74, 0x41, 0x72, 0x67, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x48, 0x54, 0x54, 0x50, + 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x48, 0x54, 0x54, 0x50, 0x12, 0x38, 0x0a, 0x06, + 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x18, 0x14, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x70, + 0x62, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x54, 0x79, + 0x70, 0x65, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, + 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12, 0x16, 0x0a, 0x06, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, + 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x12, 0x12, + 0x0a, 0x04, 0x42, 0x6f, 0x64, 0x79, 0x18, 0x1a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x42, 0x6f, + 0x64, 0x79, 0x12, 0x2a, 0x0a, 0x10, 0x44, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x52, 0x65, 0x64, + 0x69, 0x72, 0x65, 0x63, 0x74, 0x73, 0x18, 0x1f, 0x20, 0x01, 0x28, 0x08, 0x52, 0x10, 0x44, 0x69, + 0x73, 0x61, 0x62, 0x6c, 0x65, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x73, 0x12, 0x10, + 0x0a, 0x03, 0x54, 0x43, 0x50, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x54, 0x43, 0x50, + 0x12, 0x35, 0x0a, 0x08, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x09, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x08, 0x49, + 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, 0x1c, 0x0a, 0x09, 0x41, 0x6c, 0x69, 0x61, 0x73, + 0x4e, 0x6f, 0x64, 0x65, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x41, 0x6c, 0x69, 0x61, + 0x73, 0x4e, 0x6f, 0x64, 0x65, 0x12, 0x22, 0x0a, 0x0c, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x53, 0x65, + 0x72, 0x76, 0x69, 0x63, 0x65, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x41, 0x6c, 0x69, + 0x61, 0x73, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x2c, 0x0a, 0x11, 0x44, 0x6f, 0x63, + 0x6b, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x49, 0x44, 0x18, 0x0c, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x44, 0x6f, 0x63, 0x6b, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x74, + 0x61, 0x69, 0x6e, 0x65, 0x72, 0x49, 0x44, 0x12, 0x14, 0x0a, 0x05, 0x53, 0x68, 0x65, 0x6c, 0x6c, + 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x53, 0x68, 0x65, 0x6c, 0x6c, 0x12, 0x16, 0x0a, + 0x06, 0x48, 0x32, 0x50, 0x49, 0x4e, 0x47, 0x18, 0x1c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x48, + 0x32, 0x50, 0x49, 0x4e, 0x47, 0x12, 0x22, 0x0a, 0x0c, 0x48, 0x32, 0x50, 0x69, 0x6e, 0x67, 0x55, + 0x73, 0x65, 0x54, 0x4c, 0x53, 0x18, 0x1e, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0c, 0x48, 0x32, 0x50, + 0x69, 0x6e, 0x67, 0x55, 0x73, 0x65, 0x54, 0x4c, 0x53, 0x12, 0x12, 0x0a, 0x04, 0x47, 0x52, 0x50, + 0x43, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x47, 0x52, 0x50, 0x43, 0x12, 0x1e, 0x0a, + 0x0a, 0x47, 0x52, 0x50, 0x43, 0x55, 0x73, 0x65, 0x54, 0x4c, 0x53, 0x18, 0x0f, 0x20, 0x01, 0x28, + 0x08, 0x52, 0x0a, 0x47, 0x52, 0x50, 0x43, 0x55, 0x73, 0x65, 0x54, 0x4c, 0x53, 0x12, 0x24, 0x0a, + 0x0d, 0x54, 0x4c, 0x53, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x1b, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x54, 0x4c, 0x53, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x4e, + 0x61, 0x6d, 0x65, 0x12, 0x24, 0x0a, 0x0d, 0x54, 0x4c, 0x53, 0x53, 0x6b, 0x69, 0x70, 0x56, 0x65, + 0x72, 0x69, 0x66, 0x79, 0x18, 0x10, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0d, 0x54, 0x4c, 0x53, 0x53, + 0x6b, 0x69, 0x70, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x12, 0x33, 0x0a, 0x07, 0x54, 0x69, 0x6d, + 0x65, 0x6f, 0x75, 0x74, 0x18, 0x11, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, + 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x07, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x2b, + 0x0a, 0x03, 0x54, 0x54, 0x4c, 0x18, 0x12, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, + 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, + 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x03, 0x54, 0x54, 0x4c, 0x12, 0x32, 0x0a, 0x14, 0x53, + 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x42, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x50, 0x61, 0x73, 0x73, + 0x69, 0x6e, 0x67, 0x18, 0x15, 0x20, 0x01, 0x28, 0x05, 0x52, 0x14, 0x53, 0x75, 0x63, 0x63, 0x65, + 0x73, 0x73, 0x42, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x50, 0x61, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x12, + 0x34, 0x0a, 0x15, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x73, 0x42, 0x65, 0x66, 0x6f, 0x72, + 0x65, 0x57, 0x61, 0x72, 0x6e, 0x69, 0x6e, 0x67, 0x18, 0x1d, 0x20, 0x01, 0x28, 0x05, 0x52, 0x15, + 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x73, 0x42, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x57, 0x61, + 0x72, 0x6e, 0x69, 0x6e, 0x67, 0x12, 0x36, 0x0a, 0x16, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, + 0x73, 0x42, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x43, 0x72, 0x69, 0x74, 0x69, 0x63, 0x61, 0x6c, 0x18, + 0x16, 0x20, 0x01, 0x28, 0x05, 0x52, 0x16, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x73, 0x42, + 0x65, 0x66, 0x6f, 0x72, 0x65, 0x43, 0x72, 0x69, 0x74, 0x69, 0x63, 0x61, 0x6c, 0x12, 0x1c, 0x0a, + 0x09, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x48, 0x54, 0x54, 0x50, 0x18, 0x17, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x09, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x48, 0x54, 0x54, 0x50, 0x12, 0x1c, 0x0a, 0x09, 0x50, + 0x72, 0x6f, 0x78, 0x79, 0x47, 0x52, 0x50, 0x43, 0x18, 0x18, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, + 0x50, 0x72, 0x6f, 0x78, 0x79, 0x47, 0x52, 0x50, 0x43, 0x12, 0x61, 0x0a, 0x1e, 0x44, 0x65, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x43, 0x72, 0x69, 0x74, 0x69, 0x63, 0x61, 0x6c, 0x53, - 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x41, 0x66, 0x74, 0x65, 0x72, 0x18, 0x08, 0x20, 0x01, 0x28, + 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x41, 0x66, 0x74, 0x65, 0x72, 0x18, 0x13, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x1e, 0x44, 0x65, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x43, 0x72, 0x69, 0x74, 0x69, 0x63, 0x61, 0x6c, - 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x41, 0x66, 0x74, 0x65, 0x72, 0x12, 0x1e, 0x0a, 0x0a, - 0x53, 0x63, 0x72, 0x69, 0x70, 0x74, 0x41, 0x72, 0x67, 0x73, 0x18, 0x0a, 0x20, 0x03, 0x28, 0x09, - 0x52, 0x0a, 0x53, 0x63, 0x72, 0x69, 0x70, 0x74, 0x41, 0x72, 0x67, 0x73, 0x12, 0x2c, 0x0a, 0x11, - 0x44, 0x6f, 0x63, 0x6b, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x49, - 0x44, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x44, 0x6f, 0x63, 0x6b, 0x65, 0x72, 0x43, - 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x49, 0x44, 0x12, 0x14, 0x0a, 0x05, 0x53, 0x68, - 0x65, 0x6c, 0x6c, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x53, 0x68, 0x65, 0x6c, 0x6c, - 0x12, 0x16, 0x0a, 0x06, 0x48, 0x32, 0x50, 0x49, 0x4e, 0x47, 0x18, 0x14, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x06, 0x48, 0x32, 0x50, 0x49, 0x4e, 0x47, 0x12, 0x22, 0x0a, 0x0c, 0x48, 0x32, 0x50, 0x69, - 0x6e, 0x67, 0x55, 0x73, 0x65, 0x54, 0x4c, 0x53, 0x18, 0x15, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0c, - 0x48, 0x32, 0x50, 0x69, 0x6e, 0x67, 0x55, 0x73, 0x65, 0x54, 0x4c, 0x53, 0x12, 0x12, 0x0a, 0x04, - 0x47, 0x52, 0x50, 0x43, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x47, 0x52, 0x50, 0x43, - 0x12, 0x1e, 0x0a, 0x0a, 0x47, 0x52, 0x50, 0x43, 0x55, 0x73, 0x65, 0x54, 0x4c, 0x53, 0x18, 0x0e, - 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x47, 0x52, 0x50, 0x43, 0x55, 0x73, 0x65, 0x54, 0x4c, 0x53, - 0x12, 0x1c, 0x0a, 0x09, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x4e, 0x6f, 0x64, 0x65, 0x18, 0x0f, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x09, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x4e, 0x6f, 0x64, 0x65, 0x12, 0x22, - 0x0a, 0x0c, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x18, 0x10, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x53, 0x65, 0x72, 0x76, 0x69, - 0x63, 0x65, 0x12, 0x2b, 0x0a, 0x03, 0x54, 0x54, 0x4c, 0x18, 0x11, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, - 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x03, 0x54, 0x54, 0x4c, 0x1a, - 0x51, 0x0a, 0x0b, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, - 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, - 0x12, 0x2c, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x16, 0x2e, 0x70, 0x62, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x48, 0x65, 0x61, 0x64, - 0x65, 0x72, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, - 0x38, 0x01, 0x22, 0xa8, 0x09, 0x0a, 0x09, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x54, 0x79, 0x70, 0x65, - 0x12, 0x18, 0x0a, 0x07, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x07, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x49, 0x44, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, - 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x16, - 0x0a, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, - 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x14, 0x0a, 0x05, 0x4e, 0x6f, 0x74, 0x65, 0x73, 0x18, - 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x4e, 0x6f, 0x74, 0x65, 0x73, 0x12, 0x1e, 0x0a, 0x0a, - 0x53, 0x63, 0x72, 0x69, 0x70, 0x74, 0x41, 0x72, 0x67, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, - 0x52, 0x0a, 0x53, 0x63, 0x72, 0x69, 0x70, 0x74, 0x41, 0x72, 0x67, 0x73, 0x12, 0x12, 0x0a, 0x04, - 0x48, 0x54, 0x54, 0x50, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x48, 0x54, 0x54, 0x50, - 0x12, 0x38, 0x0a, 0x06, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x18, 0x14, 0x20, 0x03, 0x28, 0x0b, - 0x32, 0x20, 0x2e, 0x70, 0x62, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x43, 0x68, 0x65, - 0x63, 0x6b, 0x54, 0x79, 0x70, 0x65, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x45, 0x6e, 0x74, - 0x72, 0x79, 0x52, 0x06, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12, 0x16, 0x0a, 0x06, 0x4d, 0x65, - 0x74, 0x68, 0x6f, 0x64, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x4d, 0x65, 0x74, 0x68, - 0x6f, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x42, 0x6f, 0x64, 0x79, 0x18, 0x1a, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x04, 0x42, 0x6f, 0x64, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x54, 0x43, 0x50, 0x18, 0x08, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x03, 0x54, 0x43, 0x50, 0x12, 0x35, 0x0a, 0x08, 0x49, 0x6e, 0x74, 0x65, - 0x72, 0x76, 0x61, 0x6c, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, - 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x08, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, - 0x1c, 0x0a, 0x09, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x4e, 0x6f, 0x64, 0x65, 0x18, 0x0a, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x09, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x4e, 0x6f, 0x64, 0x65, 0x12, 0x22, 0x0a, - 0x0c, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x18, 0x0b, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x0c, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, - 0x65, 0x12, 0x2c, 0x0a, 0x11, 0x44, 0x6f, 0x63, 0x6b, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x74, 0x61, - 0x69, 0x6e, 0x65, 0x72, 0x49, 0x44, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x44, 0x6f, - 0x63, 0x6b, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x49, 0x44, 0x12, - 0x14, 0x0a, 0x05, 0x53, 0x68, 0x65, 0x6c, 0x6c, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, - 0x53, 0x68, 0x65, 0x6c, 0x6c, 0x12, 0x16, 0x0a, 0x06, 0x48, 0x32, 0x50, 0x49, 0x4e, 0x47, 0x18, - 0x1c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x48, 0x32, 0x50, 0x49, 0x4e, 0x47, 0x12, 0x22, 0x0a, - 0x0c, 0x48, 0x32, 0x50, 0x69, 0x6e, 0x67, 0x55, 0x73, 0x65, 0x54, 0x4c, 0x53, 0x18, 0x1e, 0x20, - 0x01, 0x28, 0x08, 0x52, 0x0c, 0x48, 0x32, 0x50, 0x69, 0x6e, 0x67, 0x55, 0x73, 0x65, 0x54, 0x4c, - 0x53, 0x12, 0x12, 0x0a, 0x04, 0x47, 0x52, 0x50, 0x43, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x04, 0x47, 0x52, 0x50, 0x43, 0x12, 0x1e, 0x0a, 0x0a, 0x47, 0x52, 0x50, 0x43, 0x55, 0x73, 0x65, - 0x54, 0x4c, 0x53, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x47, 0x52, 0x50, 0x43, 0x55, - 0x73, 0x65, 0x54, 0x4c, 0x53, 0x12, 0x24, 0x0a, 0x0d, 0x54, 0x4c, 0x53, 0x53, 0x65, 0x72, 0x76, - 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x1b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x54, 0x4c, - 0x53, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x24, 0x0a, 0x0d, 0x54, - 0x4c, 0x53, 0x53, 0x6b, 0x69, 0x70, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x18, 0x10, 0x20, 0x01, - 0x28, 0x08, 0x52, 0x0d, 0x54, 0x4c, 0x53, 0x53, 0x6b, 0x69, 0x70, 0x56, 0x65, 0x72, 0x69, 0x66, - 0x79, 0x12, 0x33, 0x0a, 0x07, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x11, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x07, 0x54, - 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x2b, 0x0a, 0x03, 0x54, 0x54, 0x4c, 0x18, 0x12, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x03, - 0x54, 0x54, 0x4c, 0x12, 0x32, 0x0a, 0x14, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x42, 0x65, - 0x66, 0x6f, 0x72, 0x65, 0x50, 0x61, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x18, 0x15, 0x20, 0x01, 0x28, - 0x05, 0x52, 0x14, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x42, 0x65, 0x66, 0x6f, 0x72, 0x65, - 0x50, 0x61, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x12, 0x34, 0x0a, 0x15, 0x46, 0x61, 0x69, 0x6c, 0x75, - 0x72, 0x65, 0x73, 0x42, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x57, 0x61, 0x72, 0x6e, 0x69, 0x6e, 0x67, - 0x18, 0x1d, 0x20, 0x01, 0x28, 0x05, 0x52, 0x15, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x73, - 0x42, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x57, 0x61, 0x72, 0x6e, 0x69, 0x6e, 0x67, 0x12, 0x36, 0x0a, - 0x16, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x73, 0x42, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x43, - 0x72, 0x69, 0x74, 0x69, 0x63, 0x61, 0x6c, 0x18, 0x16, 0x20, 0x01, 0x28, 0x05, 0x52, 0x16, 0x46, - 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x73, 0x42, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x43, 0x72, 0x69, - 0x74, 0x69, 0x63, 0x61, 0x6c, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x48, 0x54, - 0x54, 0x50, 0x18, 0x17, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x48, - 0x54, 0x54, 0x50, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x47, 0x52, 0x50, 0x43, - 0x18, 0x18, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x47, 0x52, 0x50, - 0x43, 0x12, 0x61, 0x0a, 0x1e, 0x44, 0x65, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x43, - 0x72, 0x69, 0x74, 0x69, 0x63, 0x61, 0x6c, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x41, 0x66, - 0x74, 0x65, 0x72, 0x18, 0x13, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, - 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x1e, 0x44, 0x65, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, - 0x43, 0x72, 0x69, 0x74, 0x69, 0x63, 0x61, 0x6c, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x41, - 0x66, 0x74, 0x65, 0x72, 0x12, 0x24, 0x0a, 0x0d, 0x4f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x4d, 0x61, - 0x78, 0x53, 0x69, 0x7a, 0x65, 0x18, 0x19, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0d, 0x4f, 0x75, 0x74, - 0x70, 0x75, 0x74, 0x4d, 0x61, 0x78, 0x53, 0x69, 0x7a, 0x65, 0x1a, 0x51, 0x0a, 0x0b, 0x48, 0x65, - 0x61, 0x64, 0x65, 0x72, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x2c, 0x0a, 0x05, 0x76, - 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x70, 0x62, 0x73, - 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x56, 0x61, 0x6c, - 0x75, 0x65, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x42, 0x2d, 0x5a, - 0x2b, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, - 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x62, 0x06, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x33, + 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x41, 0x66, 0x74, 0x65, 0x72, 0x12, 0x24, 0x0a, 0x0d, + 0x4f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x4d, 0x61, 0x78, 0x53, 0x69, 0x7a, 0x65, 0x18, 0x19, 0x20, + 0x01, 0x28, 0x05, 0x52, 0x0d, 0x4f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x4d, 0x61, 0x78, 0x53, 0x69, + 0x7a, 0x65, 0x1a, 0x51, 0x0a, 0x0b, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x45, 0x6e, 0x74, 0x72, + 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, + 0x6b, 0x65, 0x79, 0x12, 0x2c, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x70, 0x62, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x48, + 0x65, 0x61, 0x64, 0x65, 0x72, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, + 0x65, 0x3a, 0x02, 0x38, 0x01, 0x42, 0x2d, 0x5a, 0x2b, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, + 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, + 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x73, 0x65, 0x72, + 0x76, 0x69, 0x63, 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/proto/pbservice/healthcheck.proto b/proto/pbservice/healthcheck.proto index 6d709d874..67629ba98 100644 --- a/proto/pbservice/healthcheck.proto +++ b/proto/pbservice/healthcheck.proto @@ -62,6 +62,7 @@ message HealthCheckDefinition { map Header = 3; string Method = 4; string Body = 18; + bool DisableRedirects = 22; string TCP = 5; // mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto google.protobuf.Duration Interval = 6; @@ -110,6 +111,7 @@ message CheckType { map Header = 20; string Method = 7; string Body = 26; + bool DisableRedirects = 31; string TCP = 8; // mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto google.protobuf.Duration Interval = 9; diff --git a/website/content/api-docs/agent/check.mdx b/website/content/api-docs/agent/check.mdx index e0b69258f..e3f50f2c3 100644 --- a/website/content/api-docs/agent/check.mdx +++ b/website/content/api-docs/agent/check.mdx @@ -206,6 +206,9 @@ The table below shows this endpoint's support for - `Body` `(string: "")` - Specifies a body that should be sent with `HTTP` checks. +- `DisableRedirects` `(bool: false)` - Specifies whether to disable following HTTP + redirects when performing an HTTP check. + - `Header` `(map[string][]string: {})` - Specifies a set of headers that should be set for `HTTP` checks. Each header can have multiple values. @@ -273,6 +276,7 @@ The table below shows this endpoint's support for "Method": "POST", "Header": { "Content-Type": ["application/json"] }, "Body": "{\"check\":\"mem\"}", + "DisableRedirects": true, "TCP": "example.com:22", "Interval": "10s", "Timeout": "5s", diff --git a/website/content/docs/discovery/checks.mdx b/website/content/docs/discovery/checks.mdx index 61fec921a..64dc3de11 100644 --- a/website/content/docs/discovery/checks.mdx +++ b/website/content/docs/discovery/checks.mdx @@ -57,6 +57,7 @@ There are several different kinds of checks: fields can be set through the `header` field which is a map of lists of strings, e.g. `{"x-foo": ["bar", "baz"]}`. By default, HTTP checks will be configured with a request timeout equal to 10 seconds. + It is possible to configure a custom HTTP check timeout value by specifying the `timeout` field in the check definition. The output of the check is limited to roughly 4KB. Responses larger than this will be truncated. @@ -66,6 +67,9 @@ There are several different kinds of checks: automatically from the URL if it uses a hostname (as opposed to an IP address); the value can be overridden by setting `tls_server_name`. + Consul follows HTTP redirects by default. Set the `disable_redirects` field to + `true` to disable redirects. + - `TCP + Interval` - These checks make a TCP connection attempt to the specified IP/hostname and port, waiting `interval` amount of time between attempts (e.g. 30 seconds). If no hostname @@ -185,6 +189,7 @@ check = { Content-Type = ["application/json"] } body = "{\"method\":\"health\"}" + disable_redirects = true interval = "10s" timeout = "1s" } From d3c71d3e01cb89d87f782d10ae102d534b93268c Mon Sep 17 00:00:00 2001 From: Mark Anderson Date: Tue, 5 Apr 2022 10:48:26 -0700 Subject: [PATCH 093/785] Update branch list Signed-off-by: Mark Anderson --- .release/ci.hcl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.release/ci.hcl b/.release/ci.hcl index 746e7476c..8452ef3b2 100644 --- a/.release/ci.hcl +++ b/.release/ci.hcl @@ -11,10 +11,10 @@ project "consul" { repository = "consul" release_branches = [ "main", - "release/1.8.x", "release/1.9.x", "release/1.10.x", - "release/1.11.x" + "release/1.11.x", + "release/1.12.x", ] } } @@ -227,4 +227,4 @@ event "promote-production-packaging" { notification { on = "always" } -} \ No newline at end of file +} From 6bdde40d5e3949b407e1f2cf7655c53f898e3c88 Mon Sep 17 00:00:00 2001 From: FFMMM Date: Wed, 6 Apr 2022 11:37:08 -0700 Subject: [PATCH 094/785] lower log to trace (#12708) --- agent/rpc/middleware/interceptors.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/agent/rpc/middleware/interceptors.go b/agent/rpc/middleware/interceptors.go index c7ac72f35..e57ab647d 100644 --- a/agent/rpc/middleware/interceptors.go +++ b/agent/rpc/middleware/interceptors.go @@ -54,7 +54,7 @@ func (r *RequestRecorder) Record(requestName string, rpcType string, start time. // math.MaxInt64 < math.MaxFloat32 is true so we should be good! r.recorderFunc(metricRPCRequest, float32(elapsed), labels) - r.Logger.Debug(requestLogName, + r.Logger.Trace(requestLogName, "method", requestName, "errored", respErrored, "request_type", reqType, From 0f68bf879a869f93861c48084732c2db3efc1482 Mon Sep 17 00:00:00 2001 From: FFMMM Date: Wed, 6 Apr 2022 14:33:05 -0700 Subject: [PATCH 095/785] [rpc/middleware][consul] plumb intercept off, add server level happy test (#12692) --- agent/consul/client_test.go | 7 +- agent/consul/options.go | 8 + agent/consul/server.go | 48 +++-- agent/consul/server_test.go | 226 +++++++++++++++++++++- agent/rpc/middleware/interceptors.go | 6 +- agent/rpc/middleware/interceptors_test.go | 14 +- agent/setup.go | 4 + 7 files changed, 287 insertions(+), 26 deletions(-) diff --git a/agent/consul/client_test.go b/agent/consul/client_test.go index 06ef80efe..d593f5aa9 100644 --- a/agent/consul/client_test.go +++ b/agent/consul/client_test.go @@ -21,6 +21,7 @@ import ( "github.com/hashicorp/consul/agent/grpc/private/resolver" "github.com/hashicorp/consul/agent/pool" "github.com/hashicorp/consul/agent/router" + "github.com/hashicorp/consul/agent/rpc/middleware" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/agent/token" "github.com/hashicorp/consul/sdk/freeport" @@ -542,8 +543,10 @@ func newDefaultDeps(t *testing.T, c *Config) Deps { DialingFromServer: true, DialingFromDatacenter: c.Datacenter, }), - LeaderForwarder: builder, - EnterpriseDeps: newDefaultDepsEnterprise(t, logger, c), + LeaderForwarder: builder, + NewRequestRecorderFunc: middleware.NewRequestRecorder, + GetNetRPCInterceptorFunc: middleware.GetNetRPCInterceptor, + EnterpriseDeps: newDefaultDepsEnterprise(t, logger, c), } } diff --git a/agent/consul/options.go b/agent/consul/options.go index 3440b0245..e253864a5 100644 --- a/agent/consul/options.go +++ b/agent/consul/options.go @@ -1,11 +1,13 @@ package consul import ( + "github.com/hashicorp/consul-net-rpc/net/rpc" "github.com/hashicorp/go-hclog" "google.golang.org/grpc" "github.com/hashicorp/consul/agent/pool" "github.com/hashicorp/consul/agent/router" + "github.com/hashicorp/consul/agent/rpc/middleware" "github.com/hashicorp/consul/agent/token" "github.com/hashicorp/consul/tlsutil" ) @@ -18,6 +20,12 @@ type Deps struct { ConnPool *pool.ConnPool GRPCConnPool GRPCClientConner LeaderForwarder LeaderForwarder + // GetNetRPCInterceptorFunc, if not nil, sets the net/rpc rpc.ServerServiceCallInterceptor on + // the server side to record metrics around the RPC requests. If nil, no interceptor is added to + // the rpc server. + GetNetRPCInterceptorFunc func(recorder *middleware.RequestRecorder) rpc.ServerServiceCallInterceptor + // NewRequestRecorderFunc provides a middleware.RequestRecorder for the server to use; it cannot be nil + NewRequestRecorderFunc func(logger hclog.Logger) *middleware.RequestRecorder EnterpriseDeps } diff --git a/agent/consul/server.go b/agent/consul/server.go index c48204bb5..3ec3d61dd 100644 --- a/agent/consul/server.go +++ b/agent/consul/server.go @@ -379,24 +379,40 @@ func NewServer(config *Config, flat Deps, publicGRPCServer *grpc.Server) (*Serve serverLogger := flat.Logger.NamedIntercept(logging.ConsulServer) loggers := newLoggerStore(serverLogger) - recorder := middleware.NewRequestRecorder(serverLogger) + var recorder *middleware.RequestRecorder + if flat.NewRequestRecorderFunc == nil { + return nil, fmt.Errorf("cannot initialize server without an RPC request recorder provider") + } + recorder = flat.NewRequestRecorderFunc(serverLogger) + if recorder == nil { + return nil, fmt.Errorf("cannot initialize server without a non nil RPC request recorder") + } + + var rpcServer, insecureRPCServer *rpc.Server + if flat.GetNetRPCInterceptorFunc == nil { + rpcServer = rpc.NewServer() + insecureRPCServer = rpc.NewServer() + } else { + rpcServer = rpc.NewServerWithOpts(rpc.WithServerServiceCallInterceptor(flat.GetNetRPCInterceptorFunc(recorder))) + insecureRPCServer = rpc.NewServerWithOpts(rpc.WithServerServiceCallInterceptor(flat.GetNetRPCInterceptorFunc(recorder))) + } + // Create server. s := &Server{ - config: config, - tokens: flat.Tokens, - connPool: flat.ConnPool, - grpcConnPool: flat.GRPCConnPool, - eventChLAN: make(chan serf.Event, serfEventChSize), - eventChWAN: make(chan serf.Event, serfEventChSize), - logger: serverLogger, - loggers: loggers, - leaveCh: make(chan struct{}), - reconcileCh: make(chan serf.Member, reconcileChSize), - router: flat.Router, - rpcRecorder: recorder, - // TODO(rpc-metrics-improv): consider pulling out the interceptor from config in order to isolate testing - rpcServer: rpc.NewServerWithOpts(rpc.WithServerServiceCallInterceptor(middleware.GetNetRPCInterceptor(recorder))), - insecureRPCServer: rpc.NewServerWithOpts(rpc.WithServerServiceCallInterceptor(middleware.GetNetRPCInterceptor(recorder))), + config: config, + tokens: flat.Tokens, + connPool: flat.ConnPool, + grpcConnPool: flat.GRPCConnPool, + eventChLAN: make(chan serf.Event, serfEventChSize), + eventChWAN: make(chan serf.Event, serfEventChSize), + logger: serverLogger, + loggers: loggers, + leaveCh: make(chan struct{}), + reconcileCh: make(chan serf.Member, reconcileChSize), + router: flat.Router, + rpcRecorder: recorder, + rpcServer: rpcServer, + insecureRPCServer: insecureRPCServer, tlsConfigurator: flat.TLSConfigurator, publicGRPCServer: publicGRPCServer, reassertLeaderCh: make(chan chan error), diff --git a/agent/consul/server_test.go b/agent/consul/server_test.go index 6f953dd1c..5c06fb4d9 100644 --- a/agent/consul/server_test.go +++ b/agent/consul/server_test.go @@ -5,16 +5,20 @@ import ( "fmt" "net" "os" + "reflect" "strings" "sync/atomic" "testing" "time" + "github.com/armon/go-metrics" "github.com/google/tcpproxy" + "github.com/hashicorp/go-hclog" "github.com/hashicorp/memberlist" "github.com/hashicorp/raft" "google.golang.org/grpc" + "github.com/hashicorp/consul/agent/rpc/middleware" "github.com/hashicorp/consul/ipaddr" "github.com/hashicorp/go-uuid" @@ -254,6 +258,10 @@ func testACLServerWithConfig(t *testing.T, cb func(*Config), initReplicationToke } func newServer(t *testing.T, c *Config) (*Server, error) { + return newServerWithDeps(t, c, newDefaultDeps(t, c)) +} + +func newServerWithDeps(t *testing.T, c *Config, deps Deps) (*Server, error) { // chain server up notification oldNotify := c.NotifyListen up := make(chan struct{}) @@ -264,7 +272,8 @@ func newServer(t *testing.T, c *Config) (*Server, error) { } } - srv, err := NewServer(c, newDefaultDeps(t, c), grpc.NewServer()) + srv, err := NewServer(c, deps, grpc.NewServer()) + if err != nil { return nil, err } @@ -1130,6 +1139,221 @@ func TestServer_RPC(t *testing.T) { } } +// TestServer_RPC_MetricsIntercept_Off proves that we can turn off net/rpc interceptors all together. +func TestServer_RPC_MetricsIntercept_Off(t *testing.T) { + if testing.Short() { + t.Skip("too slow for testing.Short") + } + + storage := make(map[string]float32) + keyMakingFunc := func(key []string, labels []metrics.Label) string { + allKey := strings.Join(key, "+") + + for _, label := range labels { + if label.Name == "method" { + allKey = allKey + "+" + label.Value + } + } + + return allKey + } + + simpleRecorderFunc := func(key []string, val float32, labels []metrics.Label) { + storage[keyMakingFunc(key, labels)] = val + } + + t.Run("test no net/rpc interceptor metric with nil func", func(t *testing.T) { + _, conf := testServerConfig(t) + deps := newDefaultDeps(t, conf) + + // "disable" metrics net/rpc interceptor + deps.GetNetRPCInterceptorFunc = nil + // "hijack" the rpc recorder for asserts; + // note that there will be "internal" net/rpc calls made + // that will still show up; those don't go thru the net/rpc interceptor; + // see consul.agent.rpc.middleware.RPCTypeInternal for context + deps.NewRequestRecorderFunc = func(logger hclog.Logger) *middleware.RequestRecorder { + return &middleware.RequestRecorder{ + Logger: hclog.NewInterceptLogger(&hclog.LoggerOptions{}), + RecorderFunc: simpleRecorderFunc, + } + } + + s1, err := NewServer(conf, deps, grpc.NewServer()) + if err != nil { + t.Fatalf("err: %v", err) + } + t.Cleanup(func() { s1.Shutdown() }) + + var out struct{} + if err := s1.RPC("Status.Ping", struct{}{}, &out); err != nil { + t.Fatalf("err: %v", err) + } + + key := keyMakingFunc(middleware.OneTwelveRPCSummary[0].Name, []metrics.Label{{Name: "method", Value: "Status.Ping"}}) + + if _, ok := storage[key]; ok { + t.Fatalf("Did not expect to find key %s in the metrics log, ", key) + } + }) + + t.Run("test no net/rpc interceptor metric with func that gives nil", func(t *testing.T) { + _, conf := testServerConfig(t) + deps := newDefaultDeps(t, conf) + + // "hijack" the rpc recorder for asserts; + // note that there will be "internal" net/rpc calls made + // that will still show up; those don't go thru the net/rpc interceptor; + // see consul.agent.rpc.middleware.RPCTypeInternal for context + deps.NewRequestRecorderFunc = func(logger hclog.Logger) *middleware.RequestRecorder { + return &middleware.RequestRecorder{ + Logger: hclog.NewInterceptLogger(&hclog.LoggerOptions{}), + RecorderFunc: simpleRecorderFunc, + } + } + + deps.GetNetRPCInterceptorFunc = func(recorder *middleware.RequestRecorder) rpc.ServerServiceCallInterceptor { + return nil + } + + s2, err := NewServer(conf, deps, grpc.NewServer()) + if err != nil { + t.Fatalf("err: %v", err) + } + t.Cleanup(func() { s2.Shutdown() }) + if err != nil { + t.Fatalf("err: %v", err) + } + + var out struct{} + if err := s2.RPC("Status.Ping", struct{}{}, &out); err != nil { + t.Fatalf("err: %v", err) + } + + key := keyMakingFunc(middleware.OneTwelveRPCSummary[0].Name, []metrics.Label{{Name: "method", Value: "Status.Ping"}}) + + if _, ok := storage[key]; ok { + t.Fatalf("Did not expect to find key %s in the metrics log, ", key) + } + }) +} + +// TestServer_RPC_RequestRecorder proves that we cannot make a server without a valid RequestRecorder provider func +// or a non nil RequestRecorder. +func TestServer_RPC_RequestRecorder(t *testing.T) { + if testing.Short() { + t.Skip("too slow for testing.Short") + } + + t.Run("test nil func provider", func(t *testing.T) { + _, conf := testServerConfig(t) + deps := newDefaultDeps(t, conf) + deps.NewRequestRecorderFunc = nil + + s1, err := NewServer(conf, deps, grpc.NewServer()) + + require.Error(t, err, "need err when provider func is nil") + require.Equal(t, err.Error(), "cannot initialize server without an RPC request recorder provider") + + t.Cleanup(func() { + if s1 != nil { + s1.Shutdown() + } + }) + }) + + t.Run("test nil RequestRecorder", func(t *testing.T) { + _, conf := testServerConfig(t) + deps := newDefaultDeps(t, conf) + deps.NewRequestRecorderFunc = func(logger hclog.Logger) *middleware.RequestRecorder { + return nil + } + + s2, err := NewServer(conf, deps, grpc.NewServer()) + + require.Error(t, err, "need err when RequestRecorder is nil") + require.Equal(t, err.Error(), "cannot initialize server without a non nil RPC request recorder") + + t.Cleanup(func() { + if s2 != nil { + s2.Shutdown() + } + }) + }) +} + +// TestServer_RPC_MetricsIntercept mocks a request recorder and asserts that RPC calls are observed. +func TestServer_RPC_MetricsIntercept(t *testing.T) { + if testing.Short() { + t.Skip("too slow for testing.Short") + } + + _, conf := testServerConfig(t) + deps := newDefaultDeps(t, conf) + + // The method used to record metric observations here is similar to that used in + // interceptors_test.go; at present, we don't have a need to lock yet but if we do + // we can imitate that set up further or just factor it out as a "mock" metrics backend + storage := make(map[string]float32) + keyMakingFunc := func(key []string, labels []metrics.Label) string { + allKey := strings.Join(key, "+") + + for _, label := range labels { + allKey = allKey + "+" + label.Value + } + + return allKey + } + + simpleRecorderFunc := func(key []string, val float32, labels []metrics.Label) { + storage[keyMakingFunc(key, labels)] = val + } + deps.NewRequestRecorderFunc = func(logger hclog.Logger) *middleware.RequestRecorder { + return &middleware.RequestRecorder{ + Logger: hclog.NewInterceptLogger(&hclog.LoggerOptions{}), + RecorderFunc: simpleRecorderFunc, + } + } + + deps.GetNetRPCInterceptorFunc = func(recorder *middleware.RequestRecorder) rpc.ServerServiceCallInterceptor { + return func(reqServiceMethod string, argv, replyv reflect.Value, handler func() error) { + reqStart := time.Now() + + err := handler() + + recorder.Record(reqServiceMethod, "test", reqStart, argv.Interface(), err != nil) + } + } + + s, err := newServerWithDeps(t, conf, deps) + if err != nil { + t.Fatalf("err: %v", err) + } + defer s.Shutdown() + testrpc.WaitForTestAgent(t, s.RPC, "dc1") + + // asserts + t.Run("test happy path for metrics interceptor", func(t *testing.T) { + var out struct{} + if err := s.RPC("Status.Ping", struct{}{}, &out); err != nil { + t.Fatalf("err: %v", err) + } + + expectedLabels := []metrics.Label{ + {Name: "method", Value: "Status.Ping"}, + {Name: "errored", Value: "false"}, + {Name: "request_type", Value: "read"}, + {Name: "rpc_type", Value: "test"}, + } + + key := keyMakingFunc(middleware.OneTwelveRPCSummary[0].Name, expectedLabels) + + if _, ok := storage[key]; !ok { + t.Fatalf("Did not find key %s in the metrics log, ", key) + } + }) +} + func TestServer_JoinLAN_TLS(t *testing.T) { if testing.Short() { t.Skip("too slow for testing.Short") diff --git a/agent/rpc/middleware/interceptors.go b/agent/rpc/middleware/interceptors.go index e57ab647d..ba6747c3a 100644 --- a/agent/rpc/middleware/interceptors.go +++ b/agent/rpc/middleware/interceptors.go @@ -34,11 +34,11 @@ var OneTwelveRPCSummary = []prometheus.SummaryDefinition{ type RequestRecorder struct { Logger hclog.Logger - recorderFunc func(key []string, val float32, labels []metrics.Label) + RecorderFunc func(key []string, val float32, labels []metrics.Label) } func NewRequestRecorder(logger hclog.Logger) *RequestRecorder { - return &RequestRecorder{Logger: logger, recorderFunc: metrics.AddSampleWithLabels} + return &RequestRecorder{Logger: logger, RecorderFunc: metrics.AddSampleWithLabels} } func (r *RequestRecorder) Record(requestName string, rpcType string, start time.Time, request interface{}, respErrored bool) { @@ -53,7 +53,7 @@ func (r *RequestRecorder) Record(requestName string, rpcType string, start time. } // math.MaxInt64 < math.MaxFloat32 is true so we should be good! - r.recorderFunc(metricRPCRequest, float32(elapsed), labels) + r.RecorderFunc(metricRPCRequest, float32(elapsed), labels) r.Logger.Trace(requestLogName, "method", requestName, "errored", respErrored, diff --git a/agent/rpc/middleware/interceptors_test.go b/agent/rpc/middleware/interceptors_test.go index 23d764962..63fbefecb 100644 --- a/agent/rpc/middleware/interceptors_test.go +++ b/agent/rpc/middleware/interceptors_test.go @@ -18,7 +18,7 @@ type obs struct { labels []metrics.Label } -// recorderStore acts as an in-mem mock storage for all the RequestRecorder.Record() recorderFunc calls. +// recorderStore acts as an in-mem mock storage for all the RequestRecorder.Record() RecorderFunc calls. type recorderStore struct { lock sync.Mutex store map[string]obs @@ -59,9 +59,11 @@ func (wr writeRequest) IsRead() bool { // TestRequestRecorder_SimpleOK tests that the RequestRecorder can record a simple request. func TestRequestRecorder_SimpleOK(t *testing.T) { + t.Parallel() + r := RequestRecorder{ Logger: hclog.NewInterceptLogger(&hclog.LoggerOptions{}), - recorderFunc: simpleRecorderFunc, + RecorderFunc: simpleRecorderFunc, } start := time.Now() @@ -82,9 +84,11 @@ func TestRequestRecorder_SimpleOK(t *testing.T) { // TestRequestRecorder_ReadRequest tests that RequestRecorder can record a read request AND a responseErrored arg. func TestRequestRecorder_ReadRequest(t *testing.T) { + t.Parallel() + r := RequestRecorder{ Logger: hclog.NewInterceptLogger(&hclog.LoggerOptions{}), - recorderFunc: simpleRecorderFunc, + RecorderFunc: simpleRecorderFunc, } start := time.Now() @@ -104,9 +108,11 @@ func TestRequestRecorder_ReadRequest(t *testing.T) { // TestRequestRecorder_WriteRequest tests that RequestRecorder can record a write request. func TestRequestRecorder_WriteRequest(t *testing.T) { + t.Parallel() + r := RequestRecorder{ Logger: hclog.NewInterceptLogger(&hclog.LoggerOptions{}), - recorderFunc: simpleRecorderFunc, + RecorderFunc: simpleRecorderFunc, } start := time.Now() diff --git a/agent/setup.go b/agent/setup.go index 0799c472a..322f170b2 100644 --- a/agent/setup.go +++ b/agent/setup.go @@ -25,6 +25,7 @@ import ( "github.com/hashicorp/consul/agent/local" "github.com/hashicorp/consul/agent/pool" "github.com/hashicorp/consul/agent/router" + "github.com/hashicorp/consul/agent/rpc/middleware" "github.com/hashicorp/consul/agent/submatview" "github.com/hashicorp/consul/agent/token" "github.com/hashicorp/consul/agent/xds" @@ -151,6 +152,9 @@ func NewBaseDeps(configLoader ConfigLoader, logOut io.Writer) (BaseDeps, error) return d, err } + d.NewRequestRecorderFunc = middleware.NewRequestRecorder + d.GetNetRPCInterceptorFunc = middleware.GetNetRPCInterceptor + return d, nil } From 6bf3de8e52145319ccbffaa644b8e3b41e670170 Mon Sep 17 00:00:00 2001 From: John Murret Date: Wed, 6 Apr 2022 15:54:27 -0600 Subject: [PATCH 096/785] k8s docs - ACLs refactor - Updating terminating gateway documentation to call out updating the role rather than the token with the policy (#12612) * k8s docs - ACLs refactor - Updating terminating gateway documentation to call out updating the role rather than the token with the policy * Modifying role and policy names based on naming convention change. --- .../docs/k8s/connect/terminating-gateways.mdx | 23 ++++++++----------- 1 file changed, 10 insertions(+), 13 deletions(-) diff --git a/website/content/docs/k8s/connect/terminating-gateways.mdx b/website/content/docs/k8s/connect/terminating-gateways.mdx index c4a90a923..1522035dd 100644 --- a/website/content/docs/k8s/connect/terminating-gateways.mdx +++ b/website/content/docs/k8s/connect/terminating-gateways.mdx @@ -138,16 +138,13 @@ $ curl --request PUT --header "X-Consul-Token: $CONSUL_HTTP_TOKEN" --data @exter true ``` -### Update terminating gateway ACL token if ACLs are enabled +### Update terminating gateway ACL role if ACLs are enabled -If ACLs are enabled, update the terminating gateway acl token to have `service: write` permissions on all of the services +If ACLs are enabled, update the terminating gateway acl role to have `service: write` permissions on all of the services being represented by the gateway: - Create a new policy that includes these permissions -- Update the existing token to include the new policy - -~> The CLI command should be run with the `-merge-policies`, `-merge-roles` and `-merge-service-identities` so -nothing is removed from the terminating gateway token +- Update the existing rolc to include the new policy @@ -174,28 +171,28 @@ service "example-https" { Now fetch the ID of the terminating gateway token ```shell-session -consul acl token list | grep -B 6 -- "- terminating-gateway-terminating-gateway-token" | grep AccessorID +consul acl role list | grep -B 6 -- "- RELEASE_NAME-terminating-gateway-policy" | grep ID -AccessorID: +ID: ``` Update the terminating gateway acl token with the new policy ```shell-session -$ consul acl token update -id -policy-name example-https-write-policy -merge-policies -merge-roles -merge-service-identities -AccessorID: +$ consul acl role update -id -policy-name example-https-write-policy +AccessorID: SecretID: -Description: terminating-gateway-terminating-gateway-token Token +Description: RELEASE_NAME-terminating-gateway-acl-role Local: true Create Time: 2021-01-08 21:18:47.957450486 +0000 UTC Policies: - 63bf1d9b-a87d-8672-ddcb-d25e2d88adb8 - terminating-gateway-terminating-gateway-token + 63bf1d9b-a87d-8672-ddcb-d25e2d88adb8 - RELEASE_NAME-terminating-gateway-policy f63d1ae6-ffe7-44bd-bf7a-704a86939a63 - example-https-write-policy ``` ### Create the configuration entry for the terminating gateway -Once the tokens have been updated, create the [TerminatingGateway](/docs/connect/config-entries/terminating-gateway) +Once the roles have been updated, create the [TerminatingGateway](/docs/connect/config-entries/terminating-gateway) resource to configure the terminating gateway: From 264a3ed39e4172c20941fe998287085e58601d27 Mon Sep 17 00:00:00 2001 From: John Cowen Date: Thu, 7 Apr 2022 11:34:24 +0100 Subject: [PATCH 097/785] ui: Amend UI branching docs (#12705) --- ui/packages/consul-ui/README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/ui/packages/consul-ui/README.md b/ui/packages/consul-ui/README.md index 88e79cba4..c87923c83 100644 --- a/ui/packages/consul-ui/README.md +++ b/ui/packages/consul-ui/README.md @@ -109,7 +109,11 @@ See [./docs/index.mdx](./docs/index.mdx#environment-variables) ### Branching -Follow a `ui/**/**` branch naming pattern. This branch naming pattern allows front-end focused builds, such as FE tests, to run automatically in Pull Requests. It also adds the `theme/ui` label to Pull Requests. +We follow a `ui/**/**` branch naming pattern. This branch naming pattern allows +front-end focused builds, such as FE tests, to run automatically in Pull +Requests. Please note this only works if you are a member of the HashiCorp +GitHub Org. If you are an external contributor these tests won't run and will +instead be run by a member of our team during review. Examples: - `ui/feature/add...` From 9516b96d9272ace457178baa75e7ca4ed84d7b74 Mon Sep 17 00:00:00 2001 From: John Cowen Date: Thu, 7 Apr 2022 11:35:49 +0100 Subject: [PATCH 098/785] ui: Ignore Service/Node permissions for Overview just use operator (#12693) --- ui/packages/consul-ui/app/abilities/overview.js | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ui/packages/consul-ui/app/abilities/overview.js b/ui/packages/consul-ui/app/abilities/overview.js index 0b9ee6461..eba021772 100644 --- a/ui/packages/consul-ui/app/abilities/overview.js +++ b/ui/packages/consul-ui/app/abilities/overview.js @@ -1,8 +1,9 @@ import BaseAbility from './base'; export default class OverviewAbility extends BaseAbility { + resource = 'operator'; + segmented = false; get canAccess() { - return ['read services', 'read nodes', 'read license'] - .some(item => this.permissions.can(item)) + return this.canRead; } } From 34478800912b089cb2334e8b04784f6281196e15 Mon Sep 17 00:00:00 2001 From: Matt Keeler Date: Thu, 7 Apr 2022 10:48:48 -0400 Subject: [PATCH 099/785] Enable running autopilot state updates on all servers (#12617) * Fixes a lint warning about t.Errorf not supporting %w * Enable running autopilot on all servers On the non-leader servers all they do is update the state and do not attempt any modifications. * Fix the RPC conn limiting tests Technically they were relying on racey behavior before. Now they should be reliable. --- .changelog/12617.txt | 9 ++++ agent/consul/autopilot.go | 47 ++++++++++++--------- agent/consul/leader.go | 6 +-- agent/consul/operator_autopilot_endpoint.go | 9 +--- agent/consul/rpc_test.go | 9 ++-- agent/consul/server.go | 4 ++ agent/metrics_test.go | 4 +- go.mod | 2 +- go.sum | 4 +- website/content/docs/agent/telemetry.mdx | 6 +-- 10 files changed, 56 insertions(+), 44 deletions(-) create mode 100644 .changelog/12617.txt diff --git a/.changelog/12617.txt b/.changelog/12617.txt new file mode 100644 index 000000000..25ae7f9ec --- /dev/null +++ b/.changelog/12617.txt @@ -0,0 +1,9 @@ +```release-note:improvement +autopilot: Autopilot state is now tracked on Raft followers in addition to the leader. +Stale queries may be used to query for the non-leaders state. +``` + +```release-note:improvement +autopilot: The `autopilot.healthy` and `autopilot.failure_tolerance` metrics are now +regularly emitted by all servers. +``` diff --git a/agent/consul/autopilot.go b/agent/consul/autopilot.go index 8d17e4948..27471b533 100644 --- a/agent/consul/autopilot.go +++ b/agent/consul/autopilot.go @@ -9,10 +9,10 @@ import ( "github.com/hashicorp/raft" autopilot "github.com/hashicorp/raft-autopilot" "github.com/hashicorp/serf/serf" - "math" "github.com/hashicorp/consul/agent/metadata" "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/logging" "github.com/hashicorp/consul/types" ) @@ -33,7 +33,7 @@ type AutopilotDelegate struct { } func (d *AutopilotDelegate) AutopilotConfig() *autopilot.Config { - return d.server.getOrCreateAutopilotConfig().ToAutopilotLibraryConfig() + return d.server.getAutopilotConfigOrDefault().ToAutopilotLibraryConfig() } func (d *AutopilotDelegate) KnownServers() map[raft.ServerID]*autopilot.Server { @@ -45,23 +45,11 @@ func (d *AutopilotDelegate) FetchServerStats(ctx context.Context, servers map[ra } func (d *AutopilotDelegate) NotifyState(state *autopilot.State) { - // emit metrics if we are the leader regarding overall healthiness and the failure tolerance - if d.server.raft.State() == raft.Leader { - metrics.SetGauge([]string{"autopilot", "failure_tolerance"}, float32(state.FailureTolerance)) - if state.Healthy { - metrics.SetGauge([]string{"autopilot", "healthy"}, 1) - } else { - metrics.SetGauge([]string{"autopilot", "healthy"}, 0) - } + metrics.SetGauge([]string{"autopilot", "failure_tolerance"}, float32(state.FailureTolerance)) + if state.Healthy { + metrics.SetGauge([]string{"autopilot", "healthy"}, 1) } else { - - // if we are not a leader, emit NaN per - // https://www.consul.io/docs/agent/telemetry#autopilot - metrics.SetGauge([]string{"autopilot", "healthy"}, float32(math.NaN())) - - // also emit NaN for failure tolerance to be backwards compatible - metrics.SetGauge([]string{"autopilot", "failure_tolerance"}, float32(math.NaN())) - + metrics.SetGauge([]string{"autopilot", "healthy"}, 0) } } @@ -84,10 +72,8 @@ func (s *Server) initAutopilot(config *Config) { autopilot.WithReconcileInterval(config.AutopilotInterval), autopilot.WithUpdateInterval(config.ServerHealthInterval), autopilot.WithPromoter(s.autopilotPromoter()), + autopilot.WithReconciliationDisabled(), ) - - metrics.SetGauge([]string{"autopilot", "healthy"}, float32(math.NaN())) - metrics.SetGauge([]string{"autopilot", "failure_tolerance"}, float32(math.NaN())) } func (s *Server) autopilotServers() map[raft.ServerID]*autopilot.Server { @@ -154,3 +140,22 @@ func (s *Server) autopilotServerFromMetadata(srv *metadata.Server) (*autopilot.S return server, nil } + +func (s *Server) getAutopilotConfigOrDefault() *structs.AutopilotConfig { + logger := s.loggers.Named(logging.Autopilot) + state := s.fsm.State() + _, config, err := state.AutopilotConfig() + if err != nil { + logger.Error("failed to get config", "error", err) + return nil + } + + if config != nil { + return config + } + + // autopilot may start running prior to there ever being a leader + // and having an autopilot configuration created. In that case + // use the one from the local configuration for now. + return s.config.AutopilotConfig +} diff --git a/agent/consul/leader.go b/agent/consul/leader.go index f40faed42..456fbec1e 100644 --- a/agent/consul/leader.go +++ b/agent/consul/leader.go @@ -297,7 +297,7 @@ func (s *Server) establishLeadership(ctx context.Context) error { } s.getOrCreateAutopilotConfig() - s.autopilot.Start(ctx) + s.autopilot.EnableReconciliation() s.startConfigReplication(ctx) @@ -350,9 +350,7 @@ func (s *Server) revokeLeadership() { s.resetConsistentReadReady() - // Stop returns a chan and we want to block until it is closed - // which indicates that autopilot is actually stopped. - <-s.autopilot.Stop() + s.autopilot.DisableReconciliation() } // initializeACLs is used to setup the ACLs if we are the leader diff --git a/agent/consul/operator_autopilot_endpoint.go b/agent/consul/operator_autopilot_endpoint.go index 0b3aee53f..babbb7956 100644 --- a/agent/consul/operator_autopilot_endpoint.go +++ b/agent/consul/operator_autopilot_endpoint.go @@ -2,6 +2,7 @@ package consul import ( "fmt" + autopilot "github.com/hashicorp/raft-autopilot" "github.com/hashicorp/serf/serf" @@ -75,10 +76,6 @@ func (op *Operator) AutopilotSetConfiguration(args *structs.AutopilotSetConfigRe // ServerHealth is used to get the current health of the servers. func (op *Operator) ServerHealth(args *structs.DCSpecificRequest, reply *structs.AutopilotHealthReply) error { - // This must be sent to the leader, so we fix the args since we are - // re-using a structure where we don't support all the options. - args.RequireConsistent = true - args.AllowStale = false if done, err := op.srv.ForwardRPC("Operator.ServerHealth", args, reply); done { return err } @@ -143,10 +140,6 @@ func (op *Operator) ServerHealth(args *structs.DCSpecificRequest, reply *structs } func (op *Operator) AutopilotState(args *structs.DCSpecificRequest, reply *autopilot.State) error { - // This must be sent to the leader, so we fix the args since we are - // re-using a structure where we don't support all the options. - args.RequireConsistent = true - args.AllowStale = false if done, err := op.srv.ForwardRPC("Operator.AutopilotState", args, reply); done { return err } diff --git a/agent/consul/rpc_test.go b/agent/consul/rpc_test.go index 0e236eed5..5e1323a1e 100644 --- a/agent/consul/rpc_test.go +++ b/agent/consul/rpc_test.go @@ -817,7 +817,8 @@ func TestRPC_RPCMaxConnsPerClient(t *testing.T) { tc := tc t.Run(tc.name, func(t *testing.T) { dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.RPCMaxConnsPerClient = 2 + // we have to set this to 3 because autopilot is going to keep a connection open + c.RPCMaxConnsPerClient = 3 if tc.tlsEnabled { c.TLSConfig.InternalRPC.CAFile = "../../test/hostname/CertAuth.crt" c.TLSConfig.InternalRPC.CertFile = "../../test/hostname/Alice.crt" @@ -831,6 +832,8 @@ func TestRPC_RPCMaxConnsPerClient(t *testing.T) { defer os.RemoveAll(dir1) defer s1.Shutdown() + waitForLeaderEstablishment(t, s1) + // Connect to the server with bare TCP conn1 := connectClient(t, s1, tc.magicByte, tc.tlsEnabled, true, "conn1") defer conn1.Close() @@ -847,7 +850,7 @@ func TestRPC_RPCMaxConnsPerClient(t *testing.T) { addr := conn1.RemoteAddr() conn1.Close() retry.Run(t, func(r *retry.R) { - if n := s1.rpcConnLimiter.NumOpen(addr); n >= 2 { + if n := s1.rpcConnLimiter.NumOpen(addr); n >= 3 { r.Fatal("waiting for open conns to drop") } }) @@ -1736,7 +1739,7 @@ func rpcBlockingQueryTestHarness( return case err := <-errCh: if err != nil { - t.Errorf("[%d] unexpected error: %w", i, err) + t.Errorf("[%d] unexpected error: %v", i, err) return } } diff --git a/agent/consul/server.go b/agent/consul/server.go index 3ec3d61dd..a3effba97 100644 --- a/agent/consul/server.go +++ b/agent/consul/server.go @@ -674,6 +674,10 @@ func NewServer(config *Config, flat Deps, publicGRPCServer *grpc.Server) (*Serve go s.listen(listener) } + // start autopilot - this must happen after the RPC listeners get setup + // or else it may block + s.autopilot.Start(&lib.StopChannelContext{StopCh: s.shutdownCh}) + // Start the metrics handlers. go s.updateMetrics() diff --git a/agent/metrics_test.go b/agent/metrics_test.go index 2aedc0180..448694e3e 100644 --- a/agent/metrics_test.go +++ b/agent/metrics_test.go @@ -250,8 +250,8 @@ func TestHTTPHandlers_AgentMetrics_ConsulAutopilot_Prometheus(t *testing.T) { respRec := httptest.NewRecorder() recordPromMetrics(t, a, respRec) - assertMetricExistsWithValue(t, respRec, "agent_2_autopilot_healthy", "NaN") - assertMetricExistsWithValue(t, respRec, "agent_2_autopilot_failure_tolerance", "NaN") + assertMetricExistsWithValue(t, respRec, "agent_2_autopilot_healthy", "1") + assertMetricExistsWithValue(t, respRec, "agent_2_autopilot_failure_tolerance", "0") }) } diff --git a/go.mod b/go.mod index e99a098ba..47b494c46 100644 --- a/go.mod +++ b/go.mod @@ -54,7 +54,7 @@ require ( github.com/hashicorp/hil v0.0.0-20200423225030-a18a1cd20038 github.com/hashicorp/memberlist v0.3.1 github.com/hashicorp/raft v1.3.6 - github.com/hashicorp/raft-autopilot v0.1.5 + github.com/hashicorp/raft-autopilot v0.1.6 github.com/hashicorp/raft-boltdb v0.0.0-20211202195631-7d34b9fb3f42 // indirect github.com/hashicorp/raft-boltdb/v2 v2.2.2 github.com/hashicorp/serf v0.9.7 diff --git a/go.sum b/go.sum index bf61a6bf0..fb093ee1e 100644 --- a/go.sum +++ b/go.sum @@ -363,8 +363,8 @@ github.com/hashicorp/raft v1.1.1/go.mod h1:vPAJM8Asw6u8LxC3eJCUZmRP/E4QmUGE1R7g7 github.com/hashicorp/raft v1.2.0/go.mod h1:vPAJM8Asw6u8LxC3eJCUZmRP/E4QmUGE1R7g7k8sG/8= github.com/hashicorp/raft v1.3.6 h1:v5xW5KzByoerQlN/o31VJrFNiozgzGyDoMgDJgXpsto= github.com/hashicorp/raft v1.3.6/go.mod h1:4Ak7FSPnuvmb0GV6vgIAJ4vYT4bek9bb6Q+7HVbyzqM= -github.com/hashicorp/raft-autopilot v0.1.5 h1:onEfMH5uHVdXQqtas36zXUHEZxLdsJVu/nXHLcLdL1I= -github.com/hashicorp/raft-autopilot v0.1.5/go.mod h1:Af4jZBwaNOI+tXfIqIdbcAnh/UyyqIMj/pOISIfhArw= +github.com/hashicorp/raft-autopilot v0.1.6 h1:C1q3RNF2FfXNZfHWbvVAu0QixaQK8K5pX4O5lh+9z4I= +github.com/hashicorp/raft-autopilot v0.1.6/go.mod h1:Af4jZBwaNOI+tXfIqIdbcAnh/UyyqIMj/pOISIfhArw= github.com/hashicorp/raft-boltdb v0.0.0-20171010151810-6e5ba93211ea/go.mod h1:pNv7Wc3ycL6F5oOWn+tPGo2gWD4a5X+yp/ntwdKLjRk= github.com/hashicorp/raft-boltdb v0.0.0-20210409134258-03c10cc3d4ea/go.mod h1:qRd6nFJYYS6Iqnc/8HcUmko2/2Gw8qTFEmxDLii6W5I= github.com/hashicorp/raft-boltdb v0.0.0-20211202195631-7d34b9fb3f42 h1:Ye8SofeDHJzu9xvvaMmpMkqHELWW7rTcXwdUR0CWW48= diff --git a/website/content/docs/agent/telemetry.mdx b/website/content/docs/agent/telemetry.mdx index 4f4ef8983..7296ed208 100644 --- a/website/content/docs/agent/telemetry.mdx +++ b/website/content/docs/agent/telemetry.mdx @@ -94,7 +94,7 @@ These are some metrics emitted that can help you understand the health of your c | Metric Name | Description | Unit | Type | | :------------------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :----------- | :---- | -| `consul.autopilot.healthy` | Tracks the overall health of the local server cluster. If all servers are considered healthy by Autopilot, this will be set to 1. If any are unhealthy, this will be 0. All non-leader servers will report `NaN`. | health state | gauge | +| `consul.autopilot.healthy` | Tracks the overall health of the local server cluster. If all servers are considered healthy by Autopilot, this will be set to 1. If any are unhealthy, this will be 0. | health state | gauge | **Why it's important:** Autopilot can expose the overall health of your cluster with a simple boolean. @@ -592,8 +592,8 @@ These metrics give insight into the health of the cluster as a whole. | `consul.serf.member.left` | Increments when an agent leaves the cluster. | leaves / interval | counter | | `consul.serf.events` | Increments when an agent processes an [event](/commands/event). Consul uses events internally so there may be additional events showing in telemetry. There are also a per-event counters emitted as `consul.serf.events.`. | events / interval | counter | | `consul.serf.msgs.sent` | This metric is sample of the number of bytes of messages broadcast to the cluster. In a given time interval, the sum of this metric is the total number of bytes sent and the count is the number of messages sent. | message bytes / interval | counter | -| `consul.autopilot.failure_tolerance` | Tracks the number of voting servers that the cluster can lose while continuing to function. | servers | gauge | -| `consul.autopilot.healthy` | Tracks the overall health of the local server cluster. If all servers are considered healthy by Autopilot, this will be set to 1. If any are unhealthy, this will be 0. All non-leader servers will report `NaN`. | boolean | gauge | +| `consul.autopilot.failure_tolerance` | Tracks the number of voting servers that the cluster can lose while continuing to function. | servers   | gauge | +| `consul.autopilot.healthy` | Tracks the overall health of the local server cluster. If all servers are considered healthy by Autopilot, this will be set to 1. If any are unhealthy, this will be 0. | boolean   | gauge | | `consul.session_ttl.active` | Tracks the active number of sessions being tracked. | sessions | gauge | | `consul.catalog.service.query.` | Increments for each catalog query for the given service. | queries | counter | | `consul.catalog.service.query-tag..` | Increments for each catalog query for the given service with the given tag. | queries | counter | From a20eed261e18c4c7abec4576e1f508dbf465cea7 Mon Sep 17 00:00:00 2001 From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com> Date: Thu, 7 Apr 2022 11:25:10 -0500 Subject: [PATCH 100/785] ci: run envoy integration tests on a real machine (#12715) --- .circleci/config.yml | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index c39652d7b..df724af17 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -840,11 +840,10 @@ jobs: - run: *notify-slack-failure envoy-integration-test-1_17_4: &ENVOY_TESTS - docker: - # We only really need bash and docker-compose which is installed on all - # Circle images but pick Go since we have to pick one of them. - - image: *GOLANG_IMAGE - parallelism: 2 + machine: + image: ubuntu-2004:202101-01 + parallelism: 4 + resource_class: medium environment: ENVOY_VERSION: "1.17.4" steps: &ENVOY_INTEGRATION_TEST_STEPS @@ -852,7 +851,7 @@ jobs: # Get go binary from workspace - attach_workspace: at: . - - setup_remote_docker + - run: *install-gotestsum # Build the consul-dev image from the already built binary - run: docker build -t consul-dev -f ./build-support/docker/Consul-Dev.dockerfile . - run: From 2f7a30b393aac30a7937a1ca725409628128a654 Mon Sep 17 00:00:00 2001 From: John Murret Date: Thu, 7 Apr 2022 12:16:24 -0600 Subject: [PATCH 101/785] Update k8s docs for Vault as a Secrets Backend (#12691) * Updating k8s Vault as a Secrets Backend docs * Moving files in data-integration folder * Updating routes to moved files * Removing known limitations since we have delivered them. * Revise overview page to point towards the System Integration and Data Integration pages. * Updating Systems Overview page * Making corrections to Overview and Systems Integration page * Updating Data Integration page * Gossip page * Enterprise Licensepage * Bootstrap Token * Replication Token * Revisions to bootrap, replication, and enterprise license * snapshot agent page. revisiions to other data integration pages * Consul Service Mesh TLS Provider page * ServerTLS page * Spelling, grammar errors * Update website/content/docs/k8s/installation/vault/index.mdx Co-authored-by: David Yu * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu * Update website/content/docs/k8s/installation/vault/data-integration/index.mdx Co-authored-by: David Yu * Update website/content/docs/k8s/installation/vault/data-integration/server-tls.mdx Co-authored-by: David Yu * Update website/content/docs/k8s/installation/vault/data-integration/connect-ca.mdx Co-authored-by: David Yu * Update website/content/docs/k8s/installation/vault/data-integration/gossip.mdx Co-authored-by: David Yu * Update website/content/docs/k8s/installation/vault/data-integration/snapshot-agent-config.mdx Co-authored-by: David Yu * Update website/content/docs/k8s/installation/vault/data-integration/bootstrap-token.mdx Co-authored-by: David Yu * Update website/content/docs/k8s/installation/vault/data-integration/connect-ca.mdx Co-authored-by: David Yu * Update website/content/docs/k8s/installation/vault/data-integration/enterprise-license.mdx Co-authored-by: David Yu * Update website/content/docs/k8s/installation/vault/data-integration/replication-token.mdx Co-authored-by: David Yu * Update website/content/docs/k8s/installation/vault/data-integration/replication-token.mdx Co-authored-by: David Yu * Updating data center to datacenter * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu * interim changes * more formatting changes * adding additional formatting changes * more formatting on systems integration page * remove TODO * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu * Update website/content/docs/k8s/installation/vault/index.mdx Co-authored-by: Iryna Shustava * Update website/content/docs/k8s/installation/vault/index.mdx Co-authored-by: Iryna Shustava * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava * Adding partition token * removing dangling word * Adding missing navlink for partitions page * Adding VAULT_TOKEN documentation and a note to VAULT_ADDR about https and the possible need for the VAULT_CACERT. * Fixing broken links and ordering lists * Fixing broken links. Changing pre-requisites to prerequisites. Co-authored-by: David Yu Co-authored-by: Iryna Shustava --- package-lock.json | 5 +- .../data-integration/bootstrap-token.mdx | 102 +++++++++ .../{ => data-integration}/connect-ca.mdx | 32 ++- .../data-integration/enterprise-license.mdx | 115 ++++++++++ .../vault/{ => data-integration}/gossip.mdx | 35 ++- .../vault/data-integration/index.mdx | 160 ++++++++++++++ .../data-integration/partition-token.mdx | 101 +++++++++ .../data-integration/replication-token.mdx | 101 +++++++++ .../{ => data-integration}/server-tls.mdx | 69 +++--- .../snapshot-agent-config.mdx | 104 +++++++++ .../installation/vault/enterprise-license.mdx | 98 --------- .../docs/k8s/installation/vault/index.mdx | 129 +++-------- .../vault/systems-integration.mdx | 202 ++++++++++++++++++ website/data/docs-nav-data.json | 54 +++-- website/package-lock.json | 36 +++- 15 files changed, 1088 insertions(+), 255 deletions(-) create mode 100644 website/content/docs/k8s/installation/vault/data-integration/bootstrap-token.mdx rename website/content/docs/k8s/installation/vault/{ => data-integration}/connect-ca.mdx (64%) create mode 100644 website/content/docs/k8s/installation/vault/data-integration/enterprise-license.mdx rename website/content/docs/k8s/installation/vault/{ => data-integration}/gossip.mdx (57%) create mode 100644 website/content/docs/k8s/installation/vault/data-integration/index.mdx create mode 100644 website/content/docs/k8s/installation/vault/data-integration/partition-token.mdx create mode 100644 website/content/docs/k8s/installation/vault/data-integration/replication-token.mdx rename website/content/docs/k8s/installation/vault/{ => data-integration}/server-tls.mdx (65%) create mode 100644 website/content/docs/k8s/installation/vault/data-integration/snapshot-agent-config.mdx delete mode 100644 website/content/docs/k8s/installation/vault/enterprise-license.mdx create mode 100644 website/content/docs/k8s/installation/vault/systems-integration.mdx diff --git a/package-lock.json b/package-lock.json index 48e341a09..29027cb00 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,3 +1,6 @@ { - "lockfileVersion": 1 + "name": "consul", + "lockfileVersion": 2, + "requires": true, + "packages": {} } diff --git a/website/content/docs/k8s/installation/vault/data-integration/bootstrap-token.mdx b/website/content/docs/k8s/installation/vault/data-integration/bootstrap-token.mdx new file mode 100644 index 000000000..a3145d775 --- /dev/null +++ b/website/content/docs/k8s/installation/vault/data-integration/bootstrap-token.mdx @@ -0,0 +1,102 @@ +--- +layout: docs +page_title: Storing the ACL Bootstrap Token in Vault +description: >- + Configuring the Consul Helm chart to use an ACL bootstrap token stored in Vault. +--- + +# Storing the ACL Bootstrap Token in Vault + +## Prerequisites +Prior to setting up the data integration between Vault and Consul on Kubernetes, you will need to have: +1. Read and completed the steps in the [Systems Integration](/docs/k8s/installation/vault/systems-integration) section of [Vault as a Secrets Backend](/docs/k8s/installation/vault). +2. Read the [Data Integration Overview](/docs/k8s/installation/vault/data-integration) section of [Vault as a Secrets Backend](/docs/k8s/installation/vault). + +## Overview +To use an ACL bootstrap token stored in Vault, we will follow the steps outlined in the [Data Integration](/docs/k8s/installation/vault/data-integration) section: + +### One time setup in Vault + + 1. Store the secret in Vault. + 1. Create a Vault policy that authorizes the desired level of access to the secret. + +### setup per Consul datacenter + 1. Create Vault Kubernetes auth roles that link the policy to each Consul on Kubernetes service account that requires access. + 1. Configure the Vault Kubernetes auth role in the Consul on Kubernetes helm chart. + +## One time setup in Vault +### Store the Secret in Vault + +First, store the ACL bootstrap token in Vault: + +```shell-session +$ vault kv put secret/consul/boostrap-token token="" +``` + +### Create a Vault policy that authorizes the desired level of access to the secret + +-> **Note:** The secret path referenced by the Vault Policy below will be your `global.acls.bootstrapToken.secretName` Helm value. + +Next, you will need to create a Vault policy that allows read access to this secret: + + + +```HCL +path "secret/data/consul/boostrap-token" { + capabilities = ["read"] +} +``` + + + +Apply the Vault policy by issuing the `vault policy write` CLI command: + +```shell-session +$ vault policy write boostrap-token-policy boostrap-token-policy.hcl +``` + +## setup per Consul datacenter +### Create Vault Kubernetes auth roles that link the policy to each Consul on Kubernetes service account that requires access + +Next, you will create Kubernetes auth roles for the Consul `server-acl-init` container that runs as part of the Consul server statefulset: + +```shell-session +$ vault write auth/kubernetes/role/consul-server-acl-init \ + bound_service_account_names= \ + bound_service_account_namespaces= \ + policies=boostrap-token-policy \ + ttl=1h +``` + +To find out the service account name of the Consul server-acl-init job (i.e. the Consul server service account name), +you can run the following `helm template` command with your Consul on Kubernetes values file: + +```shell-session +$ helm template --release-name ${RELEASE_NAME} -s templates/server-acl-init-serviceaccount.yaml hashicorp/consul +``` + +### Configure the Vault Kubernetes auth role in the Consul on Kubernetes helm chart + +Now that you have configured Vault, you can configure the Consul Helm chart to +use the ACL bootrap token in Vault: + + + +```yaml +global: + secretsBackend: + vault: + enabled: true + manageSystemACLsRole: consul-server-acl-init + acls: + bootstrapToken: + secretName: secret/data/consul/bootstrap-token + secretKey: token +``` + + + +Note that `global.acls.bootstrapToken.secretName` is the path of the secret in Vault. +This should be the same path as the one you included in your Vault policy. +`global.acls.bootstrapToken.secretKey` is the key inside the secret data. This should be the same +as the key you passed when creating the ACL replication token secret in Vault. diff --git a/website/content/docs/k8s/installation/vault/connect-ca.mdx b/website/content/docs/k8s/installation/vault/data-integration/connect-ca.mdx similarity index 64% rename from website/content/docs/k8s/installation/vault/connect-ca.mdx rename to website/content/docs/k8s/installation/vault/data-integration/connect-ca.mdx index bf0c707cf..ad7b9c863 100644 --- a/website/content/docs/k8s/installation/vault/connect-ca.mdx +++ b/website/content/docs/k8s/installation/vault/data-integration/connect-ca.mdx @@ -11,14 +11,39 @@ description: >- Consul allows using Kubernetes auth methods to configure Connect CA. This allows for automatic token rotation once the renewal is no longer possible. -In order to create Vault auth roles for the Consul servers for this feature, ensure that the Vault Kubernetes auth method is enabled as described in [Vault Kubernetes Auth Method](/docs/k8s/installation/vault#vault-kubernetes-auth-method). -To configure [Vault as the provider](/docs/connect/ca/vault) for the Consul service certificates, +## Prerequisites +Prior to setting up the data integration between Vault and Consul on Kubernetes, you will need to have: +1. Read and completed the steps in the [Systems Integration](/docs/k8s/installation/vault/systems-integration) section of [Vault as a Secrets Backend](/docs/k8s/installation/vault). +2. Read the [Data Integration Overview](/docs/k8s/installation/vault/data-integration) section of [Vault as a Secrets Backend](/docs/k8s/installation/vault). + + +## Overview +To use an Vault as the Service Mesh Certificate Provider on Kubernetes, we will need to modify the steps outlined in the [Data Integration](/docs/k8s/installation/vault/data-integration) section: + +### One time setup in Vault + 1. Create a Vault policy that authorizes the desired level of access to the secret. + +### setup per Consul datacenter + 1. Create Vault Kubernetes auth roles that link the policy to each Consul on Kubernetes service account that requires access. + 1. Configure the Vault Kubernetes auth role in the Consul on Kubernetes helm chart. + +## One time setup in Vault +### Store the secret in Vault + +This step is not valid to this use case as we are not storing any secrets for Service Mesh certificate, and we instead are Leveraging Vault CA as a provider to mint certificates on an ongoing basis. + +### Create a Vault policy that authorizes the desired level of access to the secret + +To configure [Vault as the provider](/docs/connect/ca/vault) for the Consul service mesh certificates, you will first need to decide on the type of policy that is suitable for you. To see the permissions that Consul would need in Vault, please see [Vault ACL policies](/docs/connect/ca/vault#vault-acl-policies) documentation. -Once you have a policy, you will need to link that policy to the Consul server service account. +## setup per Consul datacenter +### Create Vault Kubernetes auth roles that link the policy to each Consul on Kubernetes service account that requires access + +Next, you will create Kubernetes auth roles for the Consul servers: ```shell-session $ vault write auth/kubernetes/role/consul-server \ @@ -35,6 +60,7 @@ you can run: $ helm template --release-name ${RELEASE_NAME} --show-only templates/server-serviceaccount.yaml hashicorp/consul ``` +### Configure the Vault Kubernetes auth role in the Consul on Kubernetes helm chart Now you can configure the Consul Helm chart to use Vault as the Connect CA provider: diff --git a/website/content/docs/k8s/installation/vault/data-integration/enterprise-license.mdx b/website/content/docs/k8s/installation/vault/data-integration/enterprise-license.mdx new file mode 100644 index 000000000..8f89e4f54 --- /dev/null +++ b/website/content/docs/k8s/installation/vault/data-integration/enterprise-license.mdx @@ -0,0 +1,115 @@ +--- +layout: docs +page_title: Storing the Enterprise License in Vault +description: >- + Configuring the Consul Helm chart to use an enterprise license stored in Vault. +--- + +# Storing the Enterprise License in Vault + +## Prerequisites +Prior to setting up the data integration between Vault and Consul on Kubernetes, you will need to have: +1. Read and completed the steps in the [Systems Integration](/docs/k8s/installation/vault/systems-integration) section of [Vault as a Secrets Backend](/docs/k8s/installation/vault). +2. Read the [Data Integration Overview](/docs/k8s/installation/vault/data-integration) section of [Vault as a Secrets Backend](/docs/k8s/installation/vault). + +## Overview +To use an enterprise license stored in Vault, we will follow the steps outlined in the [Data Integration](/docs/k8s/installation/vault/data-integration) section: + +### One time setup in Vault + 1. Store the secret in Vault. + 1. Create a Vault policy that authorizes the desired level of access to the secret. + +### setup per Consul datacenter + 1. Create Vault Kubernetes auth roles that link the policy to each Consul on Kubernetes service account that requires access. + 1. Configure the Vault Kubernetes auth role in the Consul on Kubernetes helm chart. + +## One time setup in Vault +### Store the Secret in Vault + +First, store the enterprise license in Vault: + +```shell-session +$ vault kv put secret/consul/license key="" +``` + +### Create a Vault policy that authorizes the desired level of access to the secret + +-> **Note:** The secret path referenced by the Vault Policy below will be your `global.enterpriseLicense.secretName` Helm value. + +Next, you will need to create a policy that allows read access to this secret: + + + +```HCL +path "secret/data/consul/license" { + capabilities = ["read"] +} +``` + + + +Apply the Vault policy by issuing the `vault policy write` CLI command: + +```shell-session +$ vault policy write license-policy license-policy.hcl +``` + +## setup per Consul datacenter +### Create Vault Kubernetes auth roles that link the policy to each Consul on Kubernetes service account that requires access + +Next, you will create Kubernetes auth roles for the Consul server and client: + +```shell-session +$ vault write auth/kubernetes/role/consul-server \ + bound_service_account_names= \ + bound_service_account_namespaces= \ + policies=license-policy \ + ttl=1h +``` + +```shell-session +$ vault write auth/kubernetes/role/consul-client \ + bound_service_account_names= \ + bound_service_account_namespaces= \ + policies=license-policy \ + ttl=1h +``` + +To find out the service account names of the Consul server and client, +you can run the following `helm template` commands with your Consul on Kubernetes values file: + +- Generate Consul server service account name + ```shell-session + $ helm template --release-name ${RELEASE_NAME} -s templates/server-serviceaccount.yaml hashicorp/consul + ``` + +- Generate Consul client service account name + ```shell-session + $ helm template --release-name ${RELEASE_NAME} -s templates/client-serviceaccount.yaml hashicorp/consul + ``` + +### Configure the Vault Kubernetes auth role in the Consul on Kubernetes helm chart. + +Now that you have configured Vault, you can configure the Consul Helm chart to +use the enterprise enterprise license in Vault: + + + +```yaml +global: + secretsBackend: + vault: + enabled: true + consulServerRole: consul-server + consulClientRole: consul-client + enterpriseLicense: + secretName: secret/data/consul/enterpriselicense + secretKey: key +``` + + + +Note that `global.enterpriseLicense.secretName` is the path of the secret in Vault. +This should be the same path as the one you included in your Vault policy. +`global.enterpriseLicense.secretKey` is the key inside the secret data. This should be the same +as the key you passed when creating the enterprise license secret in Vault. diff --git a/website/content/docs/k8s/installation/vault/gossip.mdx b/website/content/docs/k8s/installation/vault/data-integration/gossip.mdx similarity index 57% rename from website/content/docs/k8s/installation/vault/gossip.mdx rename to website/content/docs/k8s/installation/vault/data-integration/gossip.mdx index 184bb2d2e..e0360cc3c 100644 --- a/website/content/docs/k8s/installation/vault/gossip.mdx +++ b/website/content/docs/k8s/installation/vault/data-integration/gossip.mdx @@ -1,29 +1,41 @@ --- layout: docs -page_title: Storing Gossip Encryption Key in Vault +page_title: Storing the Gossip Encryption Key in Vault description: >- - Configuring the Consul Helm chart to use gossip encryption key stored in Vault. + Configuring the Consul Helm chart to use a gossip encryption key stored in Vault. --- # Storing Gossip Encryption Key in Vault -To use a gossip encryption key stored in Vault we need the following: +## Prerequisites +Prior to setting up the data integration between Vault and Consul on Kubernetes, you will need to have: +1. Read and completed the steps in the [Systems Integration](/docs/k8s/installation/vault/systems-integration) section of [Vault as a Secrets Backend](/docs/k8s/installation/vault). +2. Read the [Data Integration Overview](/docs/k8s/installation/vault/data-integration) section of [Vault as a Secrets Backend](/docs/k8s/installation/vault). -1. Generate and store an encryption key in Vault. -1. Create policies that will allow Consul client and server to access that key. -1. Create a Kubernetes auth roles that link policies from step 2 to Kubernetes service accounts of the Consul servers and clients. +## Overview +To use a gossip encryption key stored in Vault, we will follow the steps outlined in the [Data Integration](/docs/k8s/installation/vault/data-integration) section: -## Configuring Vault +### One time setup in Vault + 1. Store the secret in Vault. + 1. Create a Vault policy that authorizes the desired level of access to the secret. + +### setup per Consul datacenter + 1. Create Vault Kubernetes auth roles that link the policy to each Consul on Kubernetes service account that requires access. + 1. Configure the Vault Kubernetes auth role in the Consul on Kubernetes helm chart. +## One time setup in Vault +### Store the Secret in Vault First, generate and store the gossip key in Vault: ```shell-session $ vault kv put secret/consul/gossip key="$(consul keygen)" ``` +### Create a Vault policy that authorizes the desired level of access to the secret + +-> **Note:** The secret path referenced by the Vault Policy below will be your `global.gossipEncryption.secretName` Helm value. Next, we will need to create a policy that allows read access to this secret: - ```HCL @@ -34,11 +46,14 @@ path "secret/data/consul/gossip" { +Apply the Vault policy by issuing the `vault policy write` CLI command: + ```shell-session $ vault policy write gossip-policy gossip-policy.hcl ``` -Prior to creating Vault auth roles for the Consul servers and clients, ensure that the Vault Kubernetes auth method is enabled as described in [Vault Kubernetes Auth Method](/docs/k8s/installation/vault#vault-kubernetes-auth-method). +## setup per Consul datacenter +### Create Vault Kubernetes auth roles that link the policy to each Consul on Kubernetes service account that requires access Next, we will create Kubernetes auth roles for the Consul server and client: @@ -71,7 +86,7 @@ you can run the following `helm template` commands with your Consul on Kubernete $ helm template --release-name ${RELEASE_NAME} -s templates/client-serviceaccount.yaml hashicorp/consul ``` -## Deploying the Consul Helm chart +### Configure the Vault Kubernetes auth role in the Consul on Kubernetes helm chart Now that we've configured Vault, you can configure the Consul Helm chart to use the gossip key in Vault: diff --git a/website/content/docs/k8s/installation/vault/data-integration/index.mdx b/website/content/docs/k8s/installation/vault/data-integration/index.mdx new file mode 100644 index 000000000..e8dea2183 --- /dev/null +++ b/website/content/docs/k8s/installation/vault/data-integration/index.mdx @@ -0,0 +1,160 @@ +--- +layout: docs +page_title: Vault as the Secrets Backend Data Integration Overview +description: >- + Overview of the data integration aspects to using Vault as the secrets backend for Consul on Kubernetes. +--- + +# Vault as the Secrets Backend - Data Integration + +## Prerequisites +Prior to setting up the data integration between Vault and Consul on Kubernetes, you will need to have read and completed the steps in the [Systems Integration](/docs/k8s/installation/vault/systems-integration) section of [Vault as a Secrets Backend](/docs/k8s/installation/vault). + +## Overview + +### General Integration Steps + +Generally, for each secret you wish to store in Vault, the process to integrate the date between Vault and Consul on Kubernetes is: + +#### One time setup in Vault + 1. Store the secret in Vault. + 1. Create a Vault policy that authorizes the desired level of access to the secret. + +#### setup per Consul datacenter + 1. Create Vault Kubernetes auth roles that link the policy to each Consul on Kubernetes service account that requires access. + 1. Configure the Vault Kubernetes auth role in the Consul on Kubernetes helm chart. + +### Example - Gossip Encryption Key Integration + +Following the general integraiton steps, a more detailed workflow for integration of the [Gossip encryption key](/docs/k8s/installation/vault/data-integration/gossip) with the Vault Secrets backend would like the following: + + +#### One time setup in Vault + 1. Store the secret in Vault. + - Save the gossip encryption key in Vault at the path `secret/consul/gossip`. + 1. Create a Vault policy that authorizes the desired level of access to the secret. + - Create a Vault policy that you name `gossip-policy` which allows `read` access to the path `secret/consul/gossip`. + +#### setup per Consul datacenter + + 1. Create Vault Kubernetes auth roles that link the policy to each Consul on Kubernetes service account that requires access. + - Both Consul servers and Consul clients need access to the gossip encryption key, so you create two Vault Kubernetes: + - A role called `consul-server` that maps the Kubernetes namespace and service account name for your consul servers to the `gossip-policy` created in [step 2](#one-time-setup-in-vault) of One time setup in Vault. + - A role called `consul-client` that maps the Kubernetes namespace and service account name for your consul clients to the `gossip-policy` created in [step 2](#one-time-setup-in-vault) of One time setup in Vault.. + 1. Configure the Vault Kubernetes auth role in the Consul on Kubernetes helm chart. + - Configure the Vault Kubernetes auth roles created for the gossip encryption key: + - [`global.secretsBackend.vault.consulServerRole`](/docs/k8s/helm#v-global-secretsbackend-vault-consulserverrole) is set to the `consul-server` Vault Kubernetes auth role created previously. + - [`global.secretsBackend.vault.consulClientRole`](/docs/k8s/helm#v-global-secretsbackend-vault-consulclientrole) is set to the `consul-client` Vault Kubernetes auth role created previously. + +## Secrets to Service Account Mapping + +At the most basic level, the goal of this configuration is to authorize a Consul on Kubernetes service account to access a secret in Vault. +Below is a mapping of Vault secrets and the Consul on Kubernetes service accounts that need to access them. +(NOTE: `Consul components` refers to all other services and jobs that are not Consul servers or clients. +It includes things like terminating gateways, ingress gateways, etc.) + +### Primary Datacenter +| Secret | Service Account For | Configurable Role in Consul k8s Helm | +| ------ | ------------------- | ------------------------------------ | +|[ACL Bootstrap token](/docs/k8s/installation/vault/data-integration/bootstrap-token) | Consul server-acl-init job | [`global.secretsBackend.vault.manageSystemACLsRole`](/docs/k8s/helm#v-global-secretsbackend-vault-managesystemaclsrole)| +|[ACL Partition token](/docs/k8s/installation/vault/data-integration/partition-token) | Consul server-acl-init job | [`global.secretsBackend.vault.manageSystemACLsRole`](/docs/k8s/helm#v-global-secretsbackend-vault-managesystemaclsrole)| +|[ACL Replication token](/docs/k8s/installation/vault/data-integration/replication-token) | Consul server-acl-init job | [`global.secretsBackend.vault.manageSystemACLsRole`](/docs/k8s/helm#v-global-secretsbackend-vault-managesystemaclsrole)| +|[Enterprise license](/docs/k8s/installation/vault/data-integration/enterprise-license) | Consul servers
Consul clients | [`global.secretsBackend.vault.consulServerRole`](/docs/k8s/helm#v-global-secretsbackend-vault-consulserverrole)
[`global.secretsBackend.vault.consulClientRole`](/docs/k8s/helm#v-global-secretsbackend-vault-consulclientrole)| +|[Gossip encryption key](/docs/k8s/installation/vault/data-integration/gossip) | Consul servers
Consul clients | [`global.secretsBackend.vault.consulServerRole`](/docs/k8s/helm#v-global-secretsbackend-vault-consulserverrole)
[`global.secretsBackend.vault.consulClientRole`](/docs/k8s/helm#v-global-secretsbackend-vault-consulclientrole)| +|[Snapshot Agent config](/docs/k8s/installation/vault/data-integration/snapshot-agent-config) | Consul snapshot agent | [`global.secretsBackend.vault.consulSnapshotAgentRole`](/docs/k8s/helm#v-global-secretsbackend-vault-consulsnapshotagentrole)| +|[Server TLS credentials](/docs/k8s/installation/vault/data-integration/server-tls) | Consul servers
Consul clients
Consul components | [`global.secretsBackend.vault.consulServerRole`](/docs/k8s/helm#v-global-secretsbackend-vault-consulserverrole)
[`global.secretsBackend.vault.consulClientRole`](/docs/k8s/helm#v-global-secretsbackend-vault-consulclientrole)
[`global.secretsBackend.vault.consulCARole`](/docs/k8s/helm#v-global-secretsbackend-vault-consulcarole)| +|[Service Mesh and Consul client TLS credentials](/docs/k8s/installation/vault/data-integration/connect-ca) | Consul servers | [`global.secretsBackend.vault.consulServerRole`](/docs/k8s/helm#v-global-secretsbackend-vault-consulserverrole)| + +### Secondary Datacenters +The mapping for secondary data centers is similar with the following differences: +- There is no use of bootstrap token because ACLs would have been bootstrapped in the primary datacenter. +- ACL Partition token is mapped to both the `server-acl-init` job and the `partition-init` job service accounts. +- ACL Replication token is mapped to both the `server-acl-init` job and Consul service accounts. + +| Secret | Service Account For | Configurable Role in Consul k8s Helm | +| ------ | ------------------- | ------------------------------------ | +|[ACL Partition token](/docs/k8s/installation/vault/data-integration/partition-token) | Consul server-acl-init job
Consul partition-init job | [`global.secretsBackend.vault.manageSystemACLsRole`](/docs/k8s/helm#v-global-secretsbackend-vault-managesystemaclsrole)
[`global.secretsBackend.vault.adminPartitionsRole`](/docs/k8s/helm#v-global-secretsbackend-vault-adminpartitionsrole)| +|[ACL Replication token](/docs/k8s/installation/vault/data-integration/replication-token) | Consul server-acl-init job
Consul servers | [`global.secretsBackend.vault.manageSystemACLsRole`](/docs/k8s/helm#v-global-secretsbackend-vault-managesystemaclsrole)
[`global.secretsBackend.vault.consulServerRole`](/docs/k8s/helm#v-global-secretsbackend-vault-consulserverrole)| +|[Enterprise license](/docs/k8s/installation/vault/data-integration/enterprise-license) | Consul servers
Consul clients | [`global.secretsBackend.vault.consulServerRole`](/docs/k8s/helm#v-global-secretsbackend-vault-consulserverrole)
[`global.secretsBackend.vault.consulClientRole`](/docs/k8s/helm#v-global-secretsbackend-vault-consulclientrole)| +|[Gossip encryption key](/docs/k8s/installation/vault/data-integration/gossip) | Consul servers
Consul clients | [`global.secretsBackend.vault.consulServerRole`](/docs/k8s/helm#v-global-secretsbackend-vault-consulserverrole)
[`global.secretsBackend.vault.consulClientRole`](/docs/k8s/helm#v-global-secretsbackend-vault-consulclientrole)| +|[Snapshot Agent config](/docs/k8s/installation/vault/data-integration/snapshot-agent-config) | Consul snapshot agent | [`global.secretsBackend.vault.consulSnapshotAgentRole`](/docs/k8s/helm#v-global-secretsbackend-vault-consulsnapshotagentrole)| +|[Server TLS credentials](/docs/k8s/installation/vault/data-integration/server-tls) | Consul servers
Consul clients
Consul components | [`global.secretsBackend.vault.consulServerRole`](/docs/k8s/helm#v-global-secretsbackend-vault-consulserverrole)
[`global.secretsBackend.vault.consulClientRole`](/docs/k8s/helm#v-global-secretsbackend-vault-consulclientrole)
[`global.secretsBackend.vault.consulCARole`](/docs/k8s/helm#v-global-secretsbackend-vault-consulcarole)| +|[Service Mesh and Consul client TLS credentials](/docs/k8s/installation/vault/data-integration/connect-ca) | Consul servers | [`global.secretsBackend.vault.consulServerRole`](/docs/k8s/helm#v-global-secretsbackend-vault-consulserverrole)| + +### Combining policies within roles +As you can see in the table above, depending upon your needs, a Consul on Kubernetes service account could have the need to request more than one secret. In these cases, you will want to create one role for the Consul on Kubernetes service account that is mapped to multiple policies, each of which allows it access to a given secret. + +For example, if your Consul on Kubernetes servers need access to [Gossip encryption key](/docs/k8s/installation/vault/data-integration/gossip), [Consul Server TLS credentials](/docs/k8s/installation/vault/data-integration/server-tls), and [Enterprise license](/docs/k8s/installation/vault/data-integration/enterprise-license), assuming you have already saved the secrets in vault, you would: +1. Create a policy for each secret. + 1. Gossip encryption key + + + + ```HCL + path "secret/data/consul/gossip" { + capabilities = ["read"] + } + ``` + + + + ```shell-session + $ vault policy write gossip-policy gossip-policy.hcl + ``` + + 1. Consul Server TLS credentials + + + + ```HCL + path "pki/cert/ca" { + capabilities = ["read"] + } + ``` + + + + ```shell-session + $ vault policy write ca-policy ca-policy.hcl + ``` + + 1. Enterprise License + + + + ```HCL + path "secret/data/consul/license" { + capabilities = ["read"] + } + ``` + + + + ```shell-session + $ vault policy write license-policy license-policy.hcl + ``` + +1. Create one role that maps the Consul on Kubernetes servicea account to the 3 policies. + ```shell-session + $ vault write auth/kubernetes/role/consul-server \ + bound_service_account_names= \ + bound_service_account_namespaces= \ + policies=gossip-policy,ca-policy,license-policy \ + ttl=1h + ``` + +## Detailed data integration guides +The following secrets can be stored in Vault KV secrets engine, which is meant to handle arbitraty secrets: +- [ACL Bootstrap token](/docs/k8s/installation/vault/data-integration/bootstrap-token) +- [ACL Partition token](/docs/k8s/installation/vault/data-integration/partition-token) +- [ACL Replication token](/docs/k8s/installation/vault/data-integration/replication-token) +- [Enterprise license](/docs/k8s/installation/vault/data-integration/enterprise-license) +- [Gossip encryption key](/docs/k8s/installation/vault/data-integration/gossip) +- [Snapshot Agent config](/docs/k8s/installation/vault/data-integration/snapshot-agent-config) + +The following TLS certificates and keys can generated and managed by Vault the Vault PKI Engine, which is meant to handle things like certificate expiration and rotation: +- [Server TLS credentials](/docs/k8s/installation/vault/data-integration/server-tls) +- [Service Mesh and Consul client TLS credentials](/docs/k8s/installation/vault/data-integration/connect-ca) + +## Secrets to Service Account Mapping +Read through the [detailed data integration guides](#detailed-data-integration-guides) that are pertinent to your environment. diff --git a/website/content/docs/k8s/installation/vault/data-integration/partition-token.mdx b/website/content/docs/k8s/installation/vault/data-integration/partition-token.mdx new file mode 100644 index 000000000..0d0f9bb84 --- /dev/null +++ b/website/content/docs/k8s/installation/vault/data-integration/partition-token.mdx @@ -0,0 +1,101 @@ +--- +layout: docs +page_title: Storing the ACL Partition Token in Vault +description: >- + Configuring the Consul Helm chart to use an ACL partition token stored in Vault. +--- + +# Storing the ACL Partition Token in Vault + +## Prerequisites +Prior to setting up the data integration between Vault and Consul on Kubernetes, you will need to have: +1. Read and completed the steps in the [Systems Integration](/docs/k8s/installation/vault/systems-integration) section of [Vault as a Secrets Backend](/docs/k8s/installation/vault). +2. Read the [Data Integration Overview](/docs/k8s/installation/vault/data-integration) section of [Vault as a Secrets Backend](/docs/k8s/installation/vault). + +## Overview +To use an ACL partition token stored in Vault, we will follow the steps outlined in the [Data Integration](/docs/k8s/installation/vault/data-integration) section: + +### One time setup in Vault + 1. Store the secret in Vault. + 1. Create a Vault policy that authorizes the desired level of access to the secret. + +### setup per Consul datacenter + 1. Create Vault Kubernetes auth roles that link the policy to each Consul on Kubernetes service account that requires access. + 1. Configure the Vault Kubernetes auth role in the Consul on Kubernetes helm chart. + +## One time setup in Vault +### Store the Secret in Vault + +First, store the ACL partition token in Vault: + +```shell-session +$ vault kv put secret/consul/partition-token token="" +``` + +### Create a Vault policy that authorizes the desired level of access to the secret + +-> **Note:** The secret path referenced by the Vault Policy below will be your `global.acls.partitionToken.secretName` Helm value. + +Next, you will need to create a policy that allows read access to this secret: + + + +```HCL +path "secret/data/consul/partition-token" { + capabilities = ["read"] +} +``` + + + +Apply the Vault policy by issuing the `vault policy write` CLI command: + +```shell-session +$ vault policy write partition-token-policy partition-token-policy.hcl +``` + +## setup per Consul datacenter +### Create Vault Kubernetes auth roles that link the policy to each Consul on Kubernetes service account that requires access + +Next, you will create Kubernetes auth roles for the Consul `server-acl-init` job: + +```shell-session +$ vault write auth/kubernetes/role/consul-server-acl-init \ + bound_service_account_names= \ + bound_service_account_namespaces= \ + policies=partition-token-policy \ + ttl=1h +``` + +To find out the service account name of the Consul server, +you can run the following `helm template` command with your Consul on Kubernetes values file: + +```shell-session +$ helm template --release-name ${RELEASE_NAME} -s templates/server-acl-init-serviceaccount.yaml hashicorp/consul +``` + +### Configure the Vault Kubernetes auth role in the Consul on Kubernetes helm chart + +Now that you have configured Vault, you can configure the Consul Helm chart to +use the ACL partition token key in Vault: + + + +```yaml +global: + secretsBackend: + vault: + enabled: true + manageSystemACLsRole: consul-server-acl-init + acls: + partitionToken: + secretName: secret/data/consul/partition-token + secretKey: token +``` + + + +Note that `global.acls.partitionToken.secretName` is the path of the secret in Vault. +This should be the same path as the one you included in your Vault policy. +`global.acls.partitionToken.secretKey` is the key inside the secret data. This should be the same +as the key you passed when creating the ACL partition token secret in Vault. diff --git a/website/content/docs/k8s/installation/vault/data-integration/replication-token.mdx b/website/content/docs/k8s/installation/vault/data-integration/replication-token.mdx new file mode 100644 index 000000000..74b854748 --- /dev/null +++ b/website/content/docs/k8s/installation/vault/data-integration/replication-token.mdx @@ -0,0 +1,101 @@ +--- +layout: docs +page_title: Storing the ACL Replication Token in Vault +description: >- + Configuring the Consul Helm chart to use an ACL replication token stored in Vault. +--- + +# Storing the ACL Replication Token in Vault + +## Prerequisites +Prior to setting up the data integration between Vault and Consul on Kubernetes, you will need to have: +1. Read and completed the steps in the [Systems Integration](/docs/k8s/installation/vault/systems-integration) section of [Vault as a Secrets Backend](/docs/k8s/installation/vault). +2. Read the [Data Integration Overview](/docs/k8s/installation/vault/data-integration) section of [Vault as a Secrets Backend](/docs/k8s/installation/vault). + +## Overview +To use an ACL replication token stored in Vault, we will follow the steps outlined in the [Data Integration](/docs/k8s/installation/vault/data-integration) section: + +### One time setup in Vault + 1. Store the secret in Vault. + 1. Create a Vault policy that authorizes the desired level of access to the secret. + +### setup per Consul datacenter + 1. Create Vault Kubernetes auth roles that link the policy to each Consul on Kubernetes service account that requires access. + 1. Configure the Vault Kubernetes auth role in the Consul on Kubernetes helm chart. + +## One time setup in Vault +### Store the Secret in Vault + +First, store the ACL replication token in Vault: + +```shell-session +$ vault kv put secret/consul/replication-token token="" +``` + +### Create a Vault policy that authorizes the desired level of access to the secret + +-> **Note:** The secret path referenced by the Vault Policy below will be your `global.acls.replicationToken.secretName` Helm value. + +Next, you will need to create a policy that allows read access to this secret: + + + +```HCL +path "secret/data/consul/replication-token" { + capabilities = ["read"] +} +``` + + + +Apply the Vault policy by issuing the `vault policy write` CLI command: + +```shell-session +$ vault policy write replication-token-policy replication-token-policy.hcl +``` + +## setup per Consul datacenter +### Create Vault Kubernetes auth roles that link the policy to each Consul on Kubernetes service account that requires access + +Next, you will create Kubernetes auth roles for the Consul `server-acl-init` job: + +```shell-session +$ vault write auth/kubernetes/role/consul-server-acl-init \ + bound_service_account_names= \ + bound_service_account_namespaces= \ + policies=replication-token-policy \ + ttl=1h +``` + +To find out the service account name of the Consul server, +you can run the following `helm template` command with your Consul on Kubernetes values file: + +```shell-session +$ helm template --release-name ${RELEASE_NAME} -s templates/server-acl-init-serviceaccount.yaml hashicorp/consul +``` + +### Configure the Vault Kubernetes auth role in the Consul on Kubernetes helm chart + +Now that you have configured Vault, you can configure the Consul Helm chart to +use the ACL replication token key in Vault: + + + +```yaml +global: + secretsBackend: + vault: + enabled: true + manageSystemACLsRole: consul-server-acl-init + acls: + replicationToken: + secretName: secret/data/consul/replication-token + secretKey: token +``` + + + +Note that `global.acls.replicationToken.secretName` is the path of the secret in Vault. +This should be the same path as the one you included in your Vault policy. +`global.acls.replicationToken.secretKey` is the key inside the secret data. This should be the same +as the key you passed when creating the ACL replication token secret in Vault. diff --git a/website/content/docs/k8s/installation/vault/server-tls.mdx b/website/content/docs/k8s/installation/vault/data-integration/server-tls.mdx similarity index 65% rename from website/content/docs/k8s/installation/vault/server-tls.mdx rename to website/content/docs/k8s/installation/vault/data-integration/server-tls.mdx index d669d97b9..35b187f00 100644 --- a/website/content/docs/k8s/installation/vault/server-tls.mdx +++ b/website/content/docs/k8s/installation/vault/data-integration/server-tls.mdx @@ -1,18 +1,16 @@ --- layout: docs -page_title: Storing Server TLS certificates in Vault +page_title: Vault as the Server TLS Certificate Provider on Kubernetes description: >- Configuring the Consul Helm chart to use TLS certificates issued by Vault for the Consul server. --- -# Storing Server TLS certificates in Vault - -To use Vault to issue Server TLS certificates the following will be needed: - -1. Bootstrap the Vault PKI engine and bootstrap it with any configuration required for your infrastructure. -1. Create Vault Policies that will allow the Consul server to access the certificate issuing url. -1. Create Vault Policies that will allow the Consul components, e.g. ingress gateways, controller, to access the CA url. -1. Create Kubernetes auth roles that link these policies to the Kubernetes service accounts of the Consul components. +# Vault as the Server TLS Certificate Provider on Kubernetes +## Prerequisites +Prior to setting up the data integration between Vault and Consul on Kubernetes, you will need to have: +1. Read and completed the steps in the [Systems Integration](/docs/k8s/installation/vault/systems-integration) section of [Vault as a Secrets Backend](/docs/k8s/installation/vault). +2. Read the [Data Integration Overview](/docs/k8s/installation/vault/data-integration) section of [Vault as a Secrets Backend](/docs/k8s/installation/vault). +3. Complete the [Bootstrapping the PKI Engine](#bootstrapping-the-pki-engine) section. ### Bootstrapping the PKI Engine @@ -32,7 +30,9 @@ which also uses an intermediate signing authority. $ vault secrets tune -max-lease-ttl=87600h pki ``` -* Generate the root CA +* Generate the root CA: + + -> **Note:** The `common_name` value is comprised of combining `global.datacenter` dot `global.domain`. ```shell-session $ vault write -field=certificate pki/root/generate/internal \ @@ -40,9 +40,32 @@ which also uses an intermediate signing authority. ttl=87600h ``` - -> **Note:** Where `common_name` is comprised of combining `global.datacenter` dot `global.domain`. -### Create Vault Policies for the Server TLS Certificates +## Overview +To use an Vault as the Server TLS Certificate Provider on Kubernetes, we will need to modify the steps outlined in the [Data Integration](/docs/k8s/installation/vault/data-integration) section: + +### One time setup in Vault + 1. Create a Vault policy that authorizes the desired level of access to the secret. + +### setup per Consul datacenter + 1. (Added) Create a Vault PKI role that establishes the domains that it is allowed to issue certificates for + 1. Create Vault Kubernetes auth roles that link the policy to each Consul on Kubernetes service account that requires access. + 1. Configure the Vault Kubernetes auth role in the Consul on Kubernetes helm chart. + +## One time setup in Vault +### Store the secret in Vault + +This step is not valid to this use case because we are not storing a single secret. We are configuring Vault as a provider to mint certificates on an ongaing basis. + +### Create a Vault policy that authorizes the desired level of access to the secret +To use Vault to issue Server TLS certificates, you will need to create the following: + +1. Vault Policies that will allow the Consul server to access the certificate issuing url. +1. Vault Policies that will allow the Consul components, e.g. ingress gateways, controller, to access the CA url. + +#### Create Vault Policies for the Server TLS Certificates + +-> **Note:** The PKI secret path referenced by the Vault Policy below will be your `server.serverCert.secretName` Helm value. Next we will create a policy that allows `["create", "update"]` access to the [certificate issuing URL](https://www.vaultproject.io/api/secret/pki#generate-certificate) so the Consul servers can @@ -58,13 +81,13 @@ path "pki/issue/consul-server" { +Apply the Vault policy by issuing the `vault policy write` CLI command: + ```shell-session $ vault policy write consul-server consul-server-policy.hcl ``` --> **Note:** The PKI secret path referenced by the above Policy will be your `server.serverCert.secretName` Helm value. - -### Create Vault Policies for the CA URL +#### Create Vault Policies for the CA URL Next, we will create a policy that allows `["read"]` access to the [CA URL](https://www.vaultproject.io/api/secret/pki#read-certificate), this is required for the Consul components to communicate with the Consul servers in order to fetch their auto-encryption certificates. @@ -85,7 +108,8 @@ $ vault policy write ca-policy ca-policy.hcl -> **Note:** The PKI secret path referenced by the above Policy will be your `global.tls.caCert.secretName` Helm value. -### Create Vault Roles for the PKI engine, Consul servers and components +## setup per Consul datacenter +### Create a Vault PKI role that establishes the domains that it is allowed to issue certificates for Next, a Vault role for the PKI engine will set the default certificate issuance parameters: @@ -114,9 +138,8 @@ export DATACENTER=dc1 echo allowed_domains=\"$DATACENTER.consul, $NAME-server, $NAME-server.$NAMESPACE, $NAME-server.$NAMESPACE.svc\" ``` -Prior to creating Vault auth roles for the Consul server and the Consul components, ensure that the Vault Kubernetes auth method is enabled as described in [Vault Kubernetes Auth Method](/docs/k8s/installation/vault#vault-kubernetes-auth-method). - -Finally, three Kubernetes auth roles need to be created, one for the Consul servers, one for the Consul clients, and one for the Consul components. +### Create a Vault auth roles that link the policy to each Consul on Kubernetes service account that requires access +Finally, three Kubernetes auth roles need to be created, one for the Consul servers, one for the Consul clients, and one for Consul components. Role for Consul servers: ```shell-session @@ -134,9 +157,6 @@ you can run: $ helm template --release-name ${RELEASE_NAME} --show-only templates/server-serviceaccount.yaml hashicorp/consul ``` --> **Note:** Should you enable other supported features such as gossip-encryption be sure to append additional policies to -the Kube auth role in a comma separated value e.g. `policies=consul-server,consul-gossip` - Role for Consul clients: ```shell-session @@ -152,9 +172,6 @@ To find out the service account name of the Consul client, use the command below $ helm template --release-name ${RELEASE_NAME} --show-only templates/client-serviceaccount.yaml hashicorp/consul ``` --> **Note:** Should you enable other supported features such as gossip-encryption, ensure you append additional policies to -the Kube auth role in a comma separated value e.g. `policies=ca-policy,consul-gossip` - Role for CA components: ```shell-session $ vault write auth/kubernetes/role/consul-ca \ @@ -167,7 +184,7 @@ $ vault write auth/kubernetes/role/consul-ca \ The above Vault Roles will now be your Helm values for `global.secretsBackend.vault.consulServerRole` and `global.secretsBackend.vault.consulCARole` respectively. -## Deploying the Consul Helm chart +### Configure the Vault Kubernetes auth role in the Consul on Kubernetes helm chart Now that we've configured Vault, you can configure the Consul Helm chart to use the Server TLS certificates from Vault: diff --git a/website/content/docs/k8s/installation/vault/data-integration/snapshot-agent-config.mdx b/website/content/docs/k8s/installation/vault/data-integration/snapshot-agent-config.mdx new file mode 100644 index 000000000..fee102dcb --- /dev/null +++ b/website/content/docs/k8s/installation/vault/data-integration/snapshot-agent-config.mdx @@ -0,0 +1,104 @@ +--- +layout: docs +page_title: Storing the Snapshot Agent Config in Vault +description: >- + Configuring the Consul Helm chart to use a snapshot agent config stored in Vault. +--- + +# Storing the Snapshot Agent Config in Vault + +## Prerequisites +Prior to setting up the data integration between Vault and Consul on Kubernetes, you will need to have: +1. Read and completed the steps in the [Systems Integration](/docs/k8s/installation/vault/systems-integration) section of [Vault as a Secrets Backend](/docs/k8s/installation/vault). +2. Read the [Data Integration Overview](/docs/k8s/installation/vault/data-integration) section of [Vault as a Secrets Backend](/docs/k8s/installation/vault). + +## Overview +To use an ACL replication token stored in Vault, we will follow the steps outlined in the [Data Integration](/docs/k8s/installation/vault/data-integration) section: + +### One time setup in Vault + + 1. Store the secret in Vault. + 1. Create a Vault policy that authorizes the desired level of access to the secret. + +### setup per Consul datacenter + + 1. Create Vault Kubernetes auth roles that link the policy to each Consul on Kubernetes service account that requires access. + 1. Configure the Vault Kubernetes auth role in the Consul on Kubernetes helm chart. + +## One time setup in Vault +### Store the Secret in Vault + +First, store the snapshot agent config in Vault: + +```shell-session +$ vault kv put secret/consul/snapshot-agent-config key="" +``` + +### Create a Vault policy that authorizes the desired level of access to the secret + +-> **Note:** The secret path referenced by the Vault Policy below will be your `client.snapshotAgent.configSecret.secretName` Helm value. + +Next, you will need to create a policy that allows read access to this secret: + + + +```HCL +path "secret/data/consul/snapshot-agent-config" { + capabilities = ["read"] +} +``` + + + +Apply the Vault policy by issuing the `vault policy write` CLI command: + +```shell-session +$ vault policy write snapshot-agent-config-policy snapshot-agent-config-policy.hcl +``` + +## setup per Consul datacenter +### Create Vault Kubernetes auth roles that link the policy to each Consul on Kubernetes service account that requires access + +Next, you will create a Kubernetes auth role for the Consul snapshot agent: + +```shell-session +$ vault write auth/kubernetes/role/consul-server \ + bound_service_account_names= \ + bound_service_account_namespaces= \ + policies=snapshot-agent-config-policy \ + ttl=1h +``` + +To find out the service account name of the Consul snapshot agent, +you can run the following `helm template` command with your Consul on Kubernetes values file: + +```shell-session +$ helm template --release-name ${RELEASE_NAME} -s templates/client-snapshot-agent-serviceaccount.yaml hashicorp/consul +``` + +### Configure the Vault Kubernetes auth role in the Consul on Kubernetes helm chart + +Now that you have configured Vault, you can configure the Consul Helm chart to +use the snapshot agent config in Vault: + + + +```yaml +global: + secretsBackend: + vault: + enabled: true + consulSnapshotAgentRole: snapshot-agent +client: + snapshotAgent: + configSecret: + secretName: secret/data/consul/snapshot-agent-config + secretKey: key +``` + + + +Note that `client.snapshotAgent.configSecret.secretName` is the path of the secret in Vault. +This should be the same path as the one you included in your Vault policy. +`client.snapshotAgent.configSecret.secretKey` is the key inside the secret data. This should be the same +as the key you passed when creating the snapshot agent config secret in Vault. diff --git a/website/content/docs/k8s/installation/vault/enterprise-license.mdx b/website/content/docs/k8s/installation/vault/enterprise-license.mdx deleted file mode 100644 index 8cdd9f233..000000000 --- a/website/content/docs/k8s/installation/vault/enterprise-license.mdx +++ /dev/null @@ -1,98 +0,0 @@ ---- -layout: docs -page_title: Storing Enterprise License in Vault -description: >- - Configuring the Consul Helm chart to use enterprise license stored in Vault. ---- - -# Storing the Enterprise License in Vault - -To use an enterprise license stored in Vault, the steps will be similar to [Storing Gossip Encryption Key in Vault](/docs/k8s/installation/vault/gossip). You need to do the following: - -1. Store an enterprise license key in Vault's KV2 secrets engine. -1. Create Vault Policies that allow read access to the key. -1. Create a Vault Kubernetes Auth Role that links policies from step 2 to the Kubernetes service accounts of the Consul servers and clients. - -## Configuring Vault - -First, store the license key in Vault: - -```shell-session -$ vault kv put secret/consul/enterpriselicense key="" -``` - -Next, you will need to create a policy that allows read access to this secret: - - - - -```HCL -path "secret/data/consul/enterpriselicense" { - capabilities = ["read"] -} -``` - - - -```shell-session -$ vault policy write enterpriselicense-policy enterpriselicense-policy.hcl -``` - -Prior to creating Vault auth roles for the Consul servers and clients, ensure that the Vault Kubernetes auth method is enabled as described in [Vault Kubernetes Auth Method](/docs/k8s/installation/vault#vault-kubernetes-auth-method). - -Next, you will create Kubernetes auth roles for the Consul server and client: - -```shell-session -$ vault write auth/kubernetes/role/consul-server \ - bound_service_account_names= \ - bound_service_account_namespaces= \ - policies=enterpriselicense-policy \ - ttl=1h -``` - -```shell-session -$ vault write auth/kubernetes/role/consul-client \ - bound_service_account_names= \ - bound_service_account_namespaces= \ - policies=enterpriselicense-policy \ - ttl=1h -``` - -To find out the service account names of the Consul server and client, -you can run the following `helm template` commands with your Consul on Kubernetes values file: - -- Generate Consul server service account name - ```shell-session - $ helm template --release-name ${RELEASE_NAME} -s templates/server-serviceaccount.yaml hashicorp/consul - ``` - -- Generate Consul client service account name - ```shell-session - $ helm template --release-name ${RELEASE_NAME} -s templates/client-serviceaccount.yaml hashicorp/consul - ``` - -## Deploying the Consul Helm chart - -Now that you have configured Vault, you can configure the Consul Helm chart to -use the enterprise license key in Vault: - - - -```yaml -global: - secretsBackend: - vault: - enabled: true - consulServerRole: consul-server - consulClientRole: consul-client - enterpriseLicense: - secretName: secret/data/consul/enterpriselicense - secretKey: key -``` - - - -Note that `global.enterpriseLicense.secretName` is the path of the secret in Vault. -This should be the same path as the one you included in your Vault policy. -`global.enterpriseLicense.secretKey` is the key inside the secret data. This should be the same -as the key you passed when creating the enterprise license secret in Vault. diff --git a/website/content/docs/k8s/installation/vault/index.mdx b/website/content/docs/k8s/installation/vault/index.mdx index 84dd345fc..bd51f43b7 100644 --- a/website/content/docs/k8s/installation/vault/index.mdx +++ b/website/content/docs/k8s/installation/vault/index.mdx @@ -1,115 +1,54 @@ --- layout: docs -page_title: Vault as Secrets Backend Overview +page_title: Vault as the Secrets Backend Overview description: >- - Using Vault as secrets backend for Consul on Kubernetes. + Using Vault as the secrets backend for Consul on Kubernetes. --- -# Vault as Secrets Backend Overview +# Vault as the Secrets Backend Overview By default, Consul Helm chart will expect that any credentials it needs are stored as Kubernetes secrets. As of Consul 1.11 and Consul Helm chart v0.38.0, we integrate more natively with Vault making it easier to use Consul Helm chart with Vault as the secrets storage backend. -At a high level, there are two points of integration with Vault: -- **Gossip encryption** - The encryption key for gossip communication is stored in Vault. -- **TLS certificates and keys**: - - **Consul Server TLS credentials** - TLS certificate and key for the Consul server is stored in Vault and issued from Vault. - - **Service Mesh and Consul client TLS credentials** - Consul uses Vault as the provider for mTLS certificates and keys for the service mesh services - and TLS certificates and keys for the Consul clients. +## Secrets Overview + +By default, Consul on Kubernetes leverages Kubernetes secrets which are base64 encoded and unencrypted. In addition, the following limitations exist with mangaging sensitive data within Kubernetes secrets: + +- There are no lease or time-to-live properties associated with these secrets. +- Kubernetes can only manage resources, such as secrets, within a cluster boundary. If you have sets of clusters, the resources across them need to be managed separately. + +By leveraging Vault as a secrets backend for Consul on Kubernetes, you can now manage and store Consul related secrets within a centralized Vault cluster to use across one or many Consul on Kubernetes datacenters. + +### Secrets stored in the Vault KV Secrets Engine + +The following secrets can be stored in Vault KV secrets engine, which is meant to handle arbitrary secrets: +- ACL Bootstrap token +- ACL Partition token +- ACL Replication token +- Enterprise license +- Gossip encryption key +- Snapshot Agent config + + +### Secrets generated and managed by the Vault PKI Engine + +The following TLS certificates and keys can be generated and managed by the Vault PKI Engine, which is meant to handle things like certificate expiration and rotation: +- Server TLS credentials +- Service Mesh and Consul client TLS credentials ## Requirements 1. Vault 1.9+ and Vault-k8s 0.14+ is required. 1. Vault must be installed and accessible to the Consul on Kubernetes installation. 1. `global.tls.enableAutoencrypt=true` is required if TLS is enabled for the Consul installation when using the Vault secrets backend. -1. The Vault installation must have been initialized, unsealed and the KV2 and PKI secrets engines enabled and the Kubernetes Auth Method enabled. - -### Vault Helm Config - -A minimal valid installation of Vault Kubernetes must include the Agent Injector which is utilized for accessing secrets from Vault. Vault servers could be deployed -external to Vault on Kubernetes as described via the [`externalvaultaddr`](https://www.vaultproject.io/docs/platform/k8s/helm/configuration#externalvaultaddr) value in the Vault Helm Configuration - - - -```yaml -injector: - enabled: "true" -``` - - - -### Vault Kubernetes Auth Method - -Prior to creating Vault auth roles for the Consul servers and clients, ensure that the Vault Kubernetes auth method is enabled: - -```shell-session -$ vault auth enable kubernetes -``` - -After enabling the Kubernetes auth method, in Vault, ensure that you have configured the Kubernetes Auth method properly as described in [Kubernetes Auth Method Configuration](https://www.vaultproject.io/docs/auth/kubernetes#configuration). The command should look similar to the following with a custom `kubernetes_host` config provided from the information provided via `kubectl cluster-info`. - -```shell-session -$ vault write auth/kubernetes/config \ - token_reviewer_jwt="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" \ - kubernetes_host="https://$KUBERNETES_PORT_443_TCP_ADDR:443" \ - kubernetes_ca_cert=@/var/run/secrets/kubernetes.io/serviceaccount/ca.crt -``` - -### Vault KV Secrets Engine - Version 2 - -In order to utilize Vault as a secrets backend, we must enable the [Vault KV secrets engine - Version 2](https://www.vaultproject.io/docs/secrets/kv/kv-v2). - -```shell-session -$ vault secrets enable -path=consul kv-v2 -``` - -### Vault PKI Engine - -The Vault PKI Engine must be enabled in order to leverage Vault for issuing Consul Server TLS certificates. More details for configuring the PKI Engine is found in [Bootstrapping the PKI Engine](/docs/k8s/installation/vault/server-tls#bootstrapping-the-pki-engine) under the Server TLS section. - -```shell-session -$ vault secrets enable pki -``` - -## Known Limitations - -- TLS - - Mesh gateway is not currently supported. -- Multi-DC Federation is not currently supported. -- Certificate rotation for Server TLS certs is not currently supported through the Helm chart. Ensure the TTL for your Server TLS certificates are sufficiently long. Should your certificates expire it will be necessary to issue a `consul reload` on each server after issuing new Server TLS certs from Vault. -- CA rotation is not currently supported through the Helm chart and must be manually rotated. - +1. The Vault installation must have been initialized, unsealed and the KV2 and PKI secrets engines and the Kubernetes Auth Method enabled. ## Next Steps -To utilize Vault as a secrets backend with Consul it is necessary to add several configuration fields to the Vault installation -which bootstrap Vault Auth roles and Policies for Consul to use. For the supported Vault secrets please see the individual secret -guides and ensure to, when combining the secrets, append the Vault Policies to your Vault Kube Auth Roles via a comma separated value (i.e. `policies=gossip-policy,consul-ca,consul-server,custom-policy`). -Ex: -```shell-session -$ vault write auth/kubernetes/role/consul-server \ - bound_service_account_names= \ - bound_service_account_namespaces= \ - policies=gossip-policy,consul-ca,consul-server \ - ttl=1h -``` +The Vault integration with Consul on Kubernetes has two aspects or phases: +- [Systems Integration](/docs/k8s/installation/vault/systems-integration) - Configure Vault and Consul on Kubernetes systems to leverage Vault as the secrets store. +- [Data Integration](/docs/k8s/installation/vault/data-integration) - Configure specific secrets to be stored and +retrieved from Vault for use with Consul on Kubernetes. +As a next step, please proceed to [Systems Integration](/docs/k8s/installation/vault/systems-integration) overview to understand how to first setup Vault and Consul on Kubernetes to leverage Vault as a secrets backend. -## Troubleshooting - -The Vault integration with Consul on Kubernetes makes use of the Vault Agent Injectors. Kubernetes annotations are added to the -deployments of the Consul components which cause the Vault Agent Injector to be added as an init-container that will then attach -Vault secrets to Consul's pods at startup. Additionally the Vault Agent sidecar is added to the Consul component pods which -is responsible for synchronizing and reissuing secrets at runtime. -As a result of these additional sidecar containers the typical location for logging is expanded in the Consul components. - -As a general rule the best way to troubleshoot startup issues for your Consul installation when using the Vault integration -is to establish if the `vault-agent-init` container has completed or not via `kubectl logs -f -c vault-agent-int` -and checking to see if the secrets have completed rendering. -* If the secrets are not properly rendered the underlying problem will be logged in `vault-agent-init` init-container - and generally is related to the Vault Kube Auth Role not having the correct policies for the specific secret - e.g. `global.secretsBackend.vault.consulServerRole` not having the correct policies for TLS. -* If the secrets are rendered and the `vault-agent-init` container has completed AND the Consul component has not become `Ready`, - this generally points to an issue with Consul being unable to utilize the Vault secret. This can occur if, for example, the Vault Role - created for the PKI engine does not have the correct `alt_names` or otherwise is not properly configured. The best logs for this - circumstance are the Consul container logs: `kubectl logs -f -c consul`. diff --git a/website/content/docs/k8s/installation/vault/systems-integration.mdx b/website/content/docs/k8s/installation/vault/systems-integration.mdx new file mode 100644 index 000000000..a34b3f0f2 --- /dev/null +++ b/website/content/docs/k8s/installation/vault/systems-integration.mdx @@ -0,0 +1,202 @@ +--- +layout: docs +page_title: Vault as the Secrets Backend Systems Integration Overview +description: >- + Overview of the systems integration aspects to using Vault as the secrets backend for Consul on Kubernetes. +--- + +# Vault as the Secrets Backend - Systems Integration + +## Overview +At a high level, configuring a systems integration of Vault with Consul on Kubernetes consists of 1) a one time setup on Vault and 2) a setup of the secrets backend per Consul datacenter via Helm. + +### One time setup on Vault + - Enabling Vault KV Secrets Engine - Version 2 to store arbitrary secrets + - Enabling Vault PKI Engine if you are choosing to store and manage either [Consul Server TLS credentials](/docs/k8s/installation/vault/data-integration/server-tls) or [Service Mesh and Consul client TLS credentials](/docs/k8s/installation/vault/data-integration/connect-ca) + +### Setup per Consul datacenter + - Installing the Vault Injector within the Consul datacenter installation + - Configuring a Kubernetes Auth Method in Vault to authenticate and authorize operations from the Consul datacenter + - Enable Vault as the Secrets Backend in the Consul datacenter + +## One time setup on Vault + +A one time setup on a Vault deployment is necessary to enable both the Vault KV Secrets Engine and the Vault PKI Engine. These docs assume that you have already setup a Vault cluster for use with Consul on Kubernetes. + +Please read [Run Vault on Kubernetes](https://www.vaultproject.io/docs/platform/k8s/helm/run) if instructions on setting up a Vault cluster are needed. + +### Vault KV Secrets Engine - Version 2 + +The following secrets can be stored in Vault KV secrets engine, which is meant to handle arbitrary secrets: +- ACL Bootstrap token ([`global.acls.bootstrapToken`](/docs/k8s/helm#v-global-acls-bootstraptoken)) +- ACL Partition token ([`global.acls.partitionToken`](/docs/k8s/helm#v-global-acls-partitiontoken)) +- ACL Replication token ([`global.acls.replicationToken`](/docs/k8s/helm#v-global-acls-replicationtoken)) +- Gossip encryption key ([`global.gossipEncryption`](/docs/k8s/helm#v-global-gossipencryption)) +- Enterprise license ([`global.enterpriseLicense`](/docs/k8s/helm#v-global-enterpriselicense)) +- Snapshot Agent config ([`client.snapshotAgent.configSecret`](/docs/k8s/helm#v-client-snapshotagent-configsecret)) + +In order to store any of these secrets, we must enable the [Vault KV secrets engine - Version 2](https://www.vaultproject.io/docs/secrets/kv/kv-v2). + +```shell-session +$ vault secrets enable -path=consul kv-v2 +``` + +### Vault PKI Engine + +The Vault PKI Engine must be enabled in order to leverage Vault for issuing Consul Server TLS certificates. More details for configuring the PKI Engine is found in [Bootstrapping the PKI Engine](/docs/k8s/installation/vault/data-integration/server-tls#bootstrapping-the-pki-engine) under the Server TLS section. + +```shell-session +$ vault secrets enable pki +``` + +## Setup per Consul datacenter + +After configuring Vault, Consul datacenters on Kubernetes must be deployed with the Vault Agent injector and configured to leverage the Vault Kubernetes Auth Method to read secrets from a Vault cluster. + +### Set Environment Variables to ensure integration consistency + +Before installing the Vault Injector and configuring the Vault Kubernetes Auth Method, some environment variables need to be set to better ensure consistent mapping between Vault and Consul on Kubernetes. + +#### DATACENTER + + - **Recommended value:** value of `global.datacenter` in your Consul Helm values file. + ```shell-session + $ export DATACENTER=dc1 + ``` +#### VAULT_AUTH_METHOD_NAME + + - **Recommended value:** a concatentation of a `kubernetes-` prefix (to denote the auth method type) with `DATACENTER` environment variable. + ```shell-session + $ export VAULT_AUTH_METHOD_NAME=kubernetes-${DATACENTER} + ``` + +#### VAULT_SERVER_HOST + + - **Recommended value:** find the external IP address of your Vault cluster. + - If Vault is installed in a Kubernetes cluster, get the external IP or DNS name of the Vault server load balancer. + - On GKE or AKS, it'll be an IP: + ```shell-session + $ export VAULT_SERVER_HOST=$(kubectl get svc vault-dc1 -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + ``` + - On EKS, it'll be a hostname: + ```shell-session + $ export VAULT_SERVER_HOST=$(kubectl get svc vault-dc1 -o jsonpath='{.status.loadBalancer.ingress[0].hostname}') + ``` + - If Vault is not running on Kubernetes, utilize the `api_addr` as defined in the Vault [High Availability Paremeters](https://www.vaultproject.io/docs/configuration#high-availability-parameters) configuration: + ```shell-session + $ export VAULT_SERVER_HOST= + ``` + +#### VAULT_ADDR + + - **Recommended value:** Connecting to port 8200 of the Vault server + ```shell-session + $ export VAULT_ADDR=http://${VAULT_SERVER_HOST}:8200 + ``` +-> **Note:** If your vault installation is current exposed using SSL, this address will need to use `https` instead of `http`. You will also need to setup the [`VAULT_CACERT`](https://www.vaultproject.io/docs/commands#vault_cacert) environment variable. + +#### VAULT_TOKEN + + - **Recommended value:** Your allocated Vault token. If running Vault in dev mode, this can be set to to `root`. + ```shell-session + $ export VAULT_ADDR= + ``` + +### Install Vault Injector in your Consul k8s cluster + +A minimal valid installation of Vault Kubernetes must include the Agent Injector which is utilized for accessing secrets from Vault. Vault servers could be deployed external to Vault on Kubernetes with the [`injector.externalVaultAddr`](https://www.vaultproject.io/docs/platform/k8s/helm/configuration#externalvaultaddr) value in the Vault Helm Configuration. + +```shell-session +$ cat <> vault-injector.yaml +# vault-injector.yaml +server: + enabled: false +injector: + enabled: true + externalVaultAddr: ${VAULT_ADDR} + authPath: auth/${VAULT_AUTH_METHOD_NAME} +EOF +``` + +Issue the Helm `install` command to install the Vault agent injector using the HashiCorp Vault Helm chart. + +```shell-session +$ helm install vault-${DATACENTER} -f vault-injector.yaml hashicorp/vault --wait +``` + +### Configure the Kubernetes Auth Method in Vault for the datacenter + +#### Enable the Auth Method + +Ensure that the Vault Kubernetes Auth method is enabled. + +```shell-session +$ vault auth enable -path=kubernetes-${DATACENTER} kubernetes +``` + +#### Configure Auth Method with JWT token of service account + +After enabling the Kubernetes auth method, in Vault, ensure that you have configured the Kubernetes Auth method properly as described in [Kubernetes Auth Method Configuration](https://www.vaultproject.io/docs/auth/kubernetes#configuration). + +First, while targeting your Consul cluster, get the externally reachable address of the Consul Kubernetes cluster. + +```shell-session +$ export KUBE_API_URL=$(kubectl config view -o jsonpath="{.clusters[?(@.name == \"$(kubectl config current-context)\")].cluster.server}") +``` + +Next, you will configure the Vault Kubernetes Auth Method for the datacenter. You will need to provide it with: +- `token_reviewer_jwt` - this a JWT token from the Consul datacenter cluster that the Vault Kubernetes Auth Method will use to query the Consul datacenter Kubernetes API when services in the Consul datacenter request data from Vault. +- `kubernetes_host` - this is the URL of the Consul datacenter's Kubernetes API that Vault will query to authenticate the service account of an incoming request from a Consul data ceneter kubernetes service. +- `kubernetes_ca_cert` - this is the CA certifcation that is currently being used by the Consul datacenter Kubernetes cluster. + +```shell-session +$ vault write auth/kubernetes/config \ + token_reviewer_jwt="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" \ + kubernetes_host="https://${KUBE_API_URL}:443" \ + kubernetes_ca_cert=@/var/run/secrets/kubernetes.io/serviceaccount/ca.crt +``` + +#### Enable Vault as the Secrets Backend in the Consul datacenter +Finally, you will configure the Consul on Kubernetes helm chart for the datacenter to expect to receive the following values (if you have configured them) to be retreived from Vault: +- ACL Bootstrap token ([`global.acls.bootstrapToken`](/docs/k8s/helm#v-global-acls-bootstraptoken)) +- ACL Partition token ([`global.acls.partitionToken`](/docs/k8s/helm#v-global-acls-partitiontoken)) +- ACL Replication token ([`global.acls.replicationToken`](/docs/k8s/helm#v-global-acls-replicationtoken)) +- Enterprise license ([`global.enterpriseLicense`](/docs/k8s/helm#v-global-enterpriselicense)) +- Gossip encryption key ([`global.gossipEncryption`](/docs/k8s/helm#v-global-gossipencryption)) +- Snapshot Agent config ([`client.snapshotAgent.configSecret`](/docs/k8s/helm#v-client-snapshotagent-configsecret)) +- TLS CA certificates ([`global.tls.caCert`](/docs/k8s/helm#v-global-tls-cacert)) +- Server TLS certificates ([`server.serverCert`](/docs/k8s/helm#v-server-servercert)) + + + +```yaml +global: + secretsBackend: + vault: + enabled: true +``` + + + +## Next Steps + +As a next step, please proceed to Vault integration with Consul on Kubernetes' [Data Integration](/docs/k8s/installation/vault/data-integration). + +## Troubleshooting + +The Vault integration with Consul on Kubernetes makes use of the Vault Agent Injectors. Kubernetes annotations are added to the +deployments of the Consul components which cause the Vault Agent Injector to be added as an init-container that will then attach +Vault secrets to Consul's pods at startup. Additionally the Vault Agent sidecar is added to the Consul component pods which +is responsible for synchronizing and reissuing secrets at runtime. +As a result of these additional sidecar containers the typical location for logging is expanded in the Consul components. + +As a general rule the best way to troubleshoot startup issues for your Consul installation when using the Vault integration +is to establish if the `vault-agent-init` container has completed or not via `kubectl logs -f -c vault-agent-int` +and checking to see if the secrets have completed rendering. +* If the secrets are not properly rendered the underlying problem will be logged in `vault-agent-init` init-container + and generally is related to the Vault Kube Auth Role not having the correct policies for the specific secret + e.g. `global.secretsBackend.vault.consulServerRole` not having the correct policies for TLS. +* If the secrets are rendered and the `vault-agent-init` container has completed AND the Consul component has not become `Ready`, + this generally points to an issue with Consul being unable to utilize the Vault secret. This can occur if, for example, the Vault Role + created for the PKI engine does not have the correct `alt_names` or otherwise is not properly configured. The best logs for this + circumstance are the Consul container logs: `kubectl logs -f -c consul`. diff --git a/website/data/docs-nav-data.json b/website/data/docs-nav-data.json index f6fc6bbd1..d8cf955f1 100644 --- a/website/data/docs-nav-data.json +++ b/website/data/docs-nav-data.json @@ -496,20 +496,49 @@ "path": "k8s/installation/vault" }, { - "title": "Gossip Encryption Key", - "path": "k8s/installation/vault/gossip" + "title": "Systems Integration", + "path": "k8s/installation/vault/systems-integration" }, { - "title": "Enterprise License", - "path": "k8s/installation/vault/enterprise-license" - }, - { - "title": "Server TLS", - "path": "k8s/installation/vault/server-tls" - }, - { - "title": "Service Mesh Certificates", - "path": "k8s/installation/vault/connect-ca" + "title": "Data Integration", + "routes": [ + { + "title": "Overview", + "path": "k8s/installation/vault/data-integration" + }, + { + "title": "Bootstrap Token", + "path": "k8s/installation/vault/data-integration/bootstrap-token" + }, + { + "title": "Enterprise License", + "path": "k8s/installation/vault/data-integration/enterprise-license" + }, + { + "title": "Gossip Encryption Key", + "path": "k8s/installation/vault/data-integration/gossip" + }, + { + "title": "Partition Token", + "path": "k8s/installation/vault/data-integration/partition-token" + }, + { + "title": "Replication Token", + "path": "k8s/installation/vault/data-integration/replication-token" + }, + { + "title": "Server TLS", + "path": "k8s/installation/vault/data-integration/server-tls" + }, + { + "title": "Service Mesh Certificates", + "path": "k8s/installation/vault/data-integration/connect-ca" + }, + { + "title": "Snapshot Agent Config", + "path": "k8s/installation/vault/data-integration/snapshot-agent-config" + } + ] } ] }, @@ -787,7 +816,6 @@ "title": "Overview", "path": "nia/enterprise" }, - { "title": "License", "path": "nia/enterprise/license" diff --git a/website/package-lock.json b/website/package-lock.json index ec5069512..9be17cbe7 100644 --- a/website/package-lock.json +++ b/website/package-lock.json @@ -2225,9 +2225,13 @@ "version": "11.1.2", "resolved": "https://registry.npmjs.org/@next/swc-darwin-arm64/-/swc-darwin-arm64-11.1.2.tgz", "integrity": "sha512-hZuwOlGOwBZADA8EyDYyjx3+4JGIGjSHDHWrmpI7g5rFmQNltjlbaefAbiU5Kk7j3BUSDwt30quJRFv3nyJQ0w==", - "cpu": ["arm64"], + "cpu": [ + "arm64" + ], "optional": true, - "os": ["darwin"], + "os": [ + "darwin" + ], "engines": { "node": ">= 10" } @@ -2236,9 +2240,13 @@ "version": "11.1.2", "resolved": "https://registry.npmjs.org/@next/swc-darwin-x64/-/swc-darwin-x64-11.1.2.tgz", "integrity": "sha512-PGOp0E1GisU+EJJlsmJVGE+aPYD0Uh7zqgsrpD3F/Y3766Ptfbe1lEPPWnRDl+OzSSrSrX1lkyM/Jlmh5OwNvA==", - "cpu": ["x64"], + "cpu": [ + "x64" + ], "optional": true, - "os": ["darwin"], + "os": [ + "darwin" + ], "engines": { "node": ">= 10" } @@ -2247,9 +2255,13 @@ "version": "11.1.2", "resolved": "https://registry.npmjs.org/@next/swc-linux-x64-gnu/-/swc-linux-x64-gnu-11.1.2.tgz", "integrity": "sha512-YcDHTJjn/8RqvyJVB6pvEKXihDcdrOwga3GfMv/QtVeLphTouY4BIcEUfrG5+26Nf37MP1ywN3RRl1TxpurAsQ==", - "cpu": ["x64"], + "cpu": [ + "x64" + ], "optional": true, - "os": ["linux"], + "os": [ + "linux" + ], "engines": { "node": ">= 10" } @@ -2258,9 +2270,13 @@ "version": "11.1.2", "resolved": "https://registry.npmjs.org/@next/swc-win32-x64-msvc/-/swc-win32-x64-msvc-11.1.2.tgz", "integrity": "sha512-e/pIKVdB+tGQYa1cW3sAeHm8gzEri/HYLZHT4WZojrUxgWXqx8pk7S7Xs47uBcFTqBDRvK3EcQpPLf3XdVsDdg==", - "cpu": ["x64"], + "cpu": [ + "x64" + ], "optional": true, - "os": ["win32"], + "os": [ + "win32" + ], "engines": { "node": ">= 10" } @@ -8415,7 +8431,9 @@ "integrity": "sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==", "hasInstallScript": true, "optional": true, - "os": ["darwin"], + "os": [ + "darwin" + ], "engines": { "node": "^8.16.0 || ^10.6.0 || >=11.0.0" } From 6feb7abe572aec9e7ae2eb930240faeb47ade2a4 Mon Sep 17 00:00:00 2001 From: FFMMM Date: Thu, 7 Apr 2022 11:35:06 -0700 Subject: [PATCH 102/785] add changelog for rpc metric improv project (#12709) Co-authored-by: Dhia Ayachi --- .changelog/12311.txt | 3 +++ .changelog/12573.txt | 3 +++ 2 files changed, 6 insertions(+) create mode 100644 .changelog/12311.txt create mode 100644 .changelog/12573.txt diff --git a/.changelog/12311.txt b/.changelog/12311.txt new file mode 100644 index 000000000..42bcc8f0f --- /dev/null +++ b/.changelog/12311.txt @@ -0,0 +1,3 @@ +```release-note:note +Forked net/rpc to add middleware support: https://github.com/hashicorp/consul-net-rpc/ . +``` \ No newline at end of file diff --git a/.changelog/12573.txt b/.changelog/12573.txt new file mode 100644 index 000000000..28c9825aa --- /dev/null +++ b/.changelog/12573.txt @@ -0,0 +1,3 @@ +```release-note:feature +rpc: (beta): add a new metric `consul.rpc.server.call` with labels +for `method`, `errored`, `rpc_type`, `request_type`. \ No newline at end of file From a125e12c785403cc227b2e7222d49ac1435faebd Mon Sep 17 00:00:00 2001 From: Chris Thain <32781396+cthain@users.noreply.github.com> Date: Thu, 7 Apr 2022 11:43:12 -0700 Subject: [PATCH 103/785] Consul on ECS 0.4.0 (#12694) Update website docs for Consul on ECS 0.4.0 --- website/content/docs/ecs/architecture.mdx | 23 ++++- website/content/docs/ecs/enterprise.mdx | 98 +++++++++++++++---- website/content/docs/ecs/index.mdx | 2 +- website/content/docs/ecs/manual/install.mdx | 10 +- website/content/docs/ecs/requirements.mdx | 19 ++-- .../ecs/terraform/secure-configuration.mdx | 2 +- 6 files changed, 120 insertions(+), 34 deletions(-) diff --git a/website/content/docs/ecs/architecture.mdx b/website/content/docs/ecs/architecture.mdx index 03d8bf7bc..83e46783d 100644 --- a/website/content/docs/ecs/architecture.mdx +++ b/website/content/docs/ecs/architecture.mdx @@ -73,7 +73,13 @@ This diagram shows an example timeline of a task shutting down: - Updates about this task have reached the rest of the Consul cluster, so downstream proxies have been updated to stopped sending traffic to this task. - **T4**: At this point task shutdown should be complete. Otherwise, ECS will send a KILL signal to any containers still running. The KILL signal cannot be ignored and will forcefully stop containers. This will interrupt in-progress operations and possibly cause errors. -## Automatic ACL Token Provisioning +## ACL Controller + +The ACL controller performs the following operations: +* Provisions Consul ACL tokens for Consul clients and service mesh services. +* Manages Consul admin partitions and namespaces. + +### Automatic ACL Token Provisioning Consul ACL tokens secure communication between agents and services. The following containers in a task require an ACL token: @@ -92,6 +98,21 @@ token does not yet exist. The ACL controller stores all ACL tokens in AWS Secrets Manager, and tasks are configured to pull these tokens from AWS Secrets Manager when they start. +### Admin Partitions and Namespaces + +When [admin partitions and namespaces](/docs/ecs/enterprise#admin-partitions-and-namespaces) are enabled, +the ACL controller is assigned to its configured admin partition. The ACL controller provisions ACL +tokens for tasks in a single admin partition and supports one ACL controller instance per ECS +cluster. This results in an architecture with one admin partition per ECS cluster. + +The ACL controller automatically performs the following actions: +* Creates its admin partition at startup if it does not exist. +* Inspects ECS task tags for the task's intended partition and namespace. + The ACL controller ignores tasks that do not match the `partition` tag. +* Creates namespaces when tasks start up. Namespaces are only created if they do not exist. +* Provisions ACL tokens and ACL policies that are scoped to the applicable admin partition and namespace. +* Provision ACL tokens that allow services to communicate with upstreams across admin partitions and namespaces. + ## ECS Health Check Syncing If the following conditions apply, ECS health checks automatically sync with Consul health checks for all application containers: diff --git a/website/content/docs/ecs/enterprise.mdx b/website/content/docs/ecs/enterprise.mdx index b181b5e13..6ee42d5be 100644 --- a/website/content/docs/ecs/enterprise.mdx +++ b/website/content/docs/ecs/enterprise.mdx @@ -38,28 +38,86 @@ run Consul Enterprise clients then you must enable ACLs. ## Running Open Source Consul Clients -Consul supports running Consul Enterprise servers with Consul OSS (Open Source) clients. Since -currently no Consul Enterprise features are supported that require Consul client support, -you can run Consul OSS clients with Consul Enterprise servers without issue. +You can operate Consul Enterprise servers with Consul OSS (open source) clients as long as the features you are using do not require Consul Enterprise client support. Admin partitions and namespaces, for example, require Consul Enterprise clients and are not supported with Consul OSS. ## Feature Support -Consul on ECS does not currently support any Consul Enterprise features that require -support from Consul clients. That being said, there are many enterprise features that -are activated only on Consul servers and so Consul on ECS will run fine with those -features. +Consul on ECS supports the following Consul Enterprise features. +If you are only using features that run on Consul servers, then you can use an OSS client in your service mesh tasks on ECS. +If client support is required for any of the features, then you must use a Consul Enterprise client in your `mesh-tasks`. -| Feature | Supported | Description | -|-----------------------------------|---------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Automated Backups/Snapshot Agent | Yes* | Running the snapshot agent on ECS is not currently supported but you are able to run the snapshot agent alongside your Consul servers on VMs. | -| Automated Upgrades | Yes (servers) | This feature runs on Consul servers. | -| Enhanced Read Scalability | Yes (servers) | This feature runs on Consul servers. | -| Single Sign-On/OIDC | Yes (servers) | This feature runs on Consul servers. | -| Redundancy Zones | Yes (servers) | This feature runs on Consul servers. | -| Advanced Federation/Network Areas | Yes (servers) | This feature runs on Consul servers. | -| Sentinel | Yes (servers) | This feature runs on Consul servers. | -| Network Segments | No | Currently there is no capability to configure the network segment Consul clients on ECS run in. | -| Namespaces | No | Currently there is no capability to configure the Consul namespace for a service on ECS. | -| Admin Partitions | No* | Supported if Consul ECS clients run in the default partition. Otherwise there is currently no capability to configure the admin partition Consul clients in ECS run in. | -| Audit Logging | No* | Audit logging can be enabled on Consul servers that run outside of ECS but is not currently supported on the Consul clients that run inside ECS. | +| Feature | Supported | Description | +|-----------------------------------|---------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Automated Backups/Snapshot Agent | Yes* | Running the snapshot agent on ECS is not currently supported but you are able to run the snapshot agent alongside your Consul servers on VMs. | +| Automated Upgrades | Yes (servers) | This feature runs on Consul servers. | +| Enhanced Read Scalability | Yes (servers) | This feature runs on Consul servers. | +| Single Sign-On/OIDC | Yes (servers) | This feature runs on Consul servers. | +| Redundancy Zones | Yes (servers) | This feature runs on Consul servers. | +| Advanced Federation/Network Areas | Yes (servers) | This feature runs on Consul servers. | +| Sentinel | Yes (servers) | This feature runs on Consul servers. | +| Network Segments | No | Currently there is no capability to configure the network segment Consul clients on ECS run in. | +| Namespaces | Yes | This feature requires Consul Enterprise servers. OSS clients can register into the `default` namespace. Registration into a non-default namespace requires a Consul Enterprise client. | +| Admin Partitions | Yes | This feature requires Consul Enterprise servers. OSS clients can register into the `default` admin partition. Registration into a non-default partition requires a Consul Enterprise client. | +| Audit Logging | No* | Audit logging can be enabled on Consul servers that run outside of ECS but is not currently supported on the Consul clients that run inside ECS. | +### Admin Partitions and Namespaces + +Consul on ECS supports [admin partitions](/docs/enterprise/admin-partitions) and [namespaces](/docs/enterprise/namespaces) when Consul Enterprise servers and clients are used. +These features have the following requirements: +* ACLs must be enabled. +* ACL controller must run in the ECS cluster. +* `mesh-tasks` must use a Consul Enterprise client image. + +The ACL controller automatically manages ACL policies and token provisioning for clients and services on the service mesh. +It also creates admin partitions and namespaces if they do not already exist. + +-> **NOTE:** The ACL controller does not delete admin partitions or namespaces once they are created. + +Each ACL controller manages a single admin partition. Consul on ECS supports one ACL controller per ECS cluster; +therefore, the administrative boundary for admin partitions is one admin partition per ECS cluster. + +The following example demonstrates how to configure the ACL controller to enable admin partitions +and manage an admin partition named `my-partition`. The `consul_partition` field is optional and if it +is not provided when `consul_partitions_enabled = true`, will default to the `default` admin partition. + + + +```hcl +module "acl_controller" { + source = "hashicorp/consul/aws-ecs//modules/acl-controller" + + ... + + consul_partitions_enabled = true + consul_partition = "my-partition" +} +``` + + + +Services are assigned to admin partitions and namespaces through the use of [task tags](/docs/ecs/manual/install#task-tags). +The `mesh-task` module automatically adds the necessary tags to the task definition. +If the ACL controller is configured for admin partitions, services on the mesh will +always be assigned to an admin partition and namespace. If the `mesh-task` does not define +the partition it will default to the `default` admin partition. Similarly, if a `mesh-task` does +not define the namespace it will default to the `default` namespace. + +The following example demonstrates how to create a `mesh-task` assigned to the admin partition named +`my-partition`, in the `my-namespace` namespace. + + + +```hcl +module "my_task" { + source = "hashicorp/consul/aws-ecs//modules/mesh-task" + family = "my_task" + + ... + + consul_image = "hashicorp/consul-enterprise:-ent" + consul_partition = "my-partition" + consul_namespace = "my-namespace" +} +``` + + diff --git a/website/content/docs/ecs/index.mdx b/website/content/docs/ecs/index.mdx index b62f2175d..e5c1f2e42 100644 --- a/website/content/docs/ecs/index.mdx +++ b/website/content/docs/ecs/index.mdx @@ -24,7 +24,7 @@ traffic policy, and more. Consul on ECS follows an [architecture](/docs/internals/architecture) similar to other platforms, but each ECS task is a Consul node. An ECS task runs the user application container(s), as well as a Consul client container for control plane -communication and an [Envoy](https://envoyproxy.io/) sidecar proxy container to faciliate data plane communication for +communication and an [Envoy](https://envoyproxy.io/) sidecar proxy container to facilitate data plane communication for [Consul Connect](/docs/connect). For a detailed architecture overview, see the [Architecture](/docs/ecs/architecture) page. diff --git a/website/content/docs/ecs/manual/install.mdx b/website/content/docs/ecs/manual/install.mdx index 1f6f5239f..6b01e08e1 100644 --- a/website/content/docs/ecs/manual/install.mdx +++ b/website/content/docs/ecs/manual/install.mdx @@ -72,10 +72,12 @@ during task startup. The `tags` list must include the following if you are using the ACL controller in a [secure configuration](/docs/manual/secure-configuration). Without these tags, the ACL controller will be unable to provision a service token for the task. -| Tag Key | Tag Value | Description | -| ----------------------------------- | ------------------- | -------------------------------------------------------------------------------------------------------------------------- | -| `consul.hashicorp.com/mesh` | `true` (string) | The ACL controller ignores tasks without this tag set to `true`. | -| `consul.hashicorp.com/service-name` | Consul service name | Specifies the Consul service associated with this task. Required if the service name is different than the task `family`. | +| Tag Key | Tag Value | Description | +| ----------------------------------- | ---------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- | +| `consul.hashicorp.com/mesh` | `true` (string) | The ACL controller ignores tasks without this tag set to `true`. | +| `consul.hashicorp.com/service-name` | Consul service name | Specifies the Consul service associated with this task. Required if the service name is different than the task `family`. | +| `consul.hashicorp.com/partition` | Consul admin partition | Specifies the Consul admin partition associated with this task. Defaults to the `default` admin partition if omitted. | +| `consul.hashicorp.com/namespace` | Consul namespace | Specifies the Consul namespace associated with this task. Defaults to the `default` namespace if omitted. | ## Application container diff --git a/website/content/docs/ecs/requirements.mdx b/website/content/docs/ecs/requirements.mdx index 972b545a5..e7c0a8ea8 100644 --- a/website/content/docs/ecs/requirements.mdx +++ b/website/content/docs/ecs/requirements.mdx @@ -9,18 +9,23 @@ description: >- The following requirements must be met in order to install Consul on ECS: -1. **Launch Type:** Fargate and EC2 launch types are supported. -1. **Subnets:** ECS Tasks can run in private or public subnets. Tasks must have [network access](https://aws.amazon.com/premiumsupport/knowledge-center/ecs-pull-container-api-error-ecr/) to Amazon ECR or other public container registries to pull images. -1. **Consul Servers:** You can use your own Consul servers running on virtual machines or use [HashiCorp Cloud Platform Consul](https://www.hashicorp.com/cloud-platform) to host the servers for you. For development purposes or testing, you may use the `dev-server` [Terraform module](https://github.com/hashicorp/terraform-aws-consul-ecs/tree/main) that runs the Consul server as an ECS task. The `dev-server` does not support persistent storage. -1. **ACL Controller:** If you are running a secure Consul installation with ACLs enabled, configure the ACL controller. -1. **Sidecar containers:** Consul on ECS requires two sidecar containers to run in each ECS task: a +* **Launch Type:** Fargate and EC2 launch types are supported. +* **Subnets:** ECS Tasks can run in private or public subnets. Tasks must have [network access](https://aws.amazon.com/premiumsupport/knowledge-center/ecs-pull-container-api-error-ecr/) to Amazon ECR or other public container registries to pull images. +* **Consul Servers:** You can use your own Consul servers running on virtual machines or use [HashiCorp Cloud Platform Consul](https://www.hashicorp.com/cloud-platform) to host the servers for you. For development purposes or testing, you may use the `dev-server` [Terraform module](https://github.com/hashicorp/terraform-aws-consul-ecs/tree/main) that runs the Consul server as an ECS task. The `dev-server` does not support persistent storage. +* **ACL Controller:** If you are running a secure Consul installation with ACLs enabled, configure the ACL controller. + * **Admin Partitions:** Consul on ECS supports [admin partitions](/docs/enterprise/admin-partitions) when ACLs are enabled and the ACL controller is configured. + The ACL controller manages one admin partition and each ECS cluster requires an ACL controller. + Each `mesh-task` must also be configured to use a Consul Enterprise client. + * **Namespaces:** [Namespaces](/docs/enterprise/namespaces) are supported when ACLs are enabled and the ACL controller is configured. + Each `mesh-task` must also be configured to use a Consul Enterprise client. +* **Sidecar containers:** Consul on ECS requires two sidecar containers to run in each ECS task: a Consul agent container and a sidecar proxy container. These additional sidecar containers must be included in the ECS task definition. The [Consul ECS Terraform module](/docs/ecs/terraform/install) will include these sidecar containers for you. If you do not use Terraform, you can construct the task definition yourself by following [our documentation](/docs/ecs/manual/install). -1. **Routing:** With your application running in tasks as part of the mesh, you must specify the +* **Routing:** With your application running in tasks as part of the mesh, you must specify the upstream services that your application calls. You will also need to change the URLs your application uses to ensure the application is making requests through the service mesh. -1. **Bind Address:** Once all communication is flowing through the service mesh, you should change +* **Bind Address:** Once all communication is flowing through the service mesh, you should change the address your application is listening on to `127.0.0.1` so that it only receives requests through the sidecar proxy. diff --git a/website/content/docs/ecs/terraform/secure-configuration.mdx b/website/content/docs/ecs/terraform/secure-configuration.mdx index 0d6e9ef48..6a932960e 100644 --- a/website/content/docs/ecs/terraform/secure-configuration.mdx +++ b/website/content/docs/ecs/terraform/secure-configuration.mdx @@ -21,7 +21,7 @@ A secure Consul cluster should include the following: Before deploying your service, you will need to deploy the [ACL controller](https://registry.terraform.io/modules/hashicorp/consul-ecs/aws/latest/submodules/acl-controller) so that it can provision the necessary tokens for tasks on the service mesh. To learn more about the ACL Controller, please see [Automatic ACL Token Provisioning](/docs/ecs/architecture#automatic-acl-token-provisioning). -To deploy the controller, you will first need store an ACL token with `acl:write` privileges +To deploy the controller, you will first need to store an ACL token with `acl:write` and `operator:write` privileges, and a CA certificate for the Consul server in AWS Secrets Manager. ```hcl From 9e06543a4f1ef88e9185a1749f8b819808fbda34 Mon Sep 17 00:00:00 2001 From: John Murret Date: Thu, 7 Apr 2022 13:41:42 -0600 Subject: [PATCH 104/785] docs: Updating Gossip EncryptionKey Rotation page with Vault use case (#12720) * docs: Updating Gossip EncryptionKey Rotation page with Vault use case * Adding a note to the vault instructions linking to the gossip key encryption using Vault page. * Correcting Vault guide for storing the rotated gossip key. * adding $ to shell sessions where it is missing on the gossip rotation page * adding $ to more shell sessions where it is missing on the gossip rotation page --- .../gossip-encryption-key-rotation.mdx | 52 +++++++++++++++---- 1 file changed, 43 insertions(+), 9 deletions(-) diff --git a/website/content/docs/k8s/operations/gossip-encryption-key-rotation.mdx b/website/content/docs/k8s/operations/gossip-encryption-key-rotation.mdx index 0161ec323..6270f926f 100644 --- a/website/content/docs/k8s/operations/gossip-encryption-key-rotation.mdx +++ b/website/content/docs/k8s/operations/gossip-encryption-key-rotation.mdx @@ -15,7 +15,7 @@ The following steps need only be performed once in any single datacenter if your 1. (Optional) If Consul is installed in a dedicated namespace, set the kubeConfig context to the consul namespace. Otherwise, subsequent commands will need to include -n consul. ```shell-session - kubectl config set-context --current --namespace=consul + $ kubectl config set-context --current --namespace=consul ``` 1. Generate a new key and store in safe place for retrieval in the future ([Vault KV Secrets Engine](https://www.vaultproject.io/docs/secrets/kv/kv-v2#usage) is a recommended option). @@ -31,7 +31,7 @@ The following steps need only be performed once in any single datacenter if your 1. `kubectl exec` into a Consul Agent pod (Server or Client) and add the new key to the Consul Keyring. This can be performed by running the following command: ```shell-session - kubectl exec -it consul-server-0 -- /bin/sh + $ kubectl exec -it consul-server-0 -- /bin/sh ``` 1. **Note:** If ACLs are enabled, export the bootstrap token as the CONSUL_HTTP_TOKEN to perform all `consul keyring` operations. The bootstrap token can be found in the Kubernetes secret `consul-bootstrap-acl-token` of the primary datacenter. @@ -43,7 +43,7 @@ The following steps need only be performed once in any single datacenter if your 1. Install the new Gossip encryption key with the `consul keyring` command: ```shell-session - consul keyring -install="Wa6/XFAnYy0f9iqVH2iiG+yore3CqHSemUy4AIVTa/w=" + $ consul keyring -install="Wa6/XFAnYy0f9iqVH2iiG+yore3CqHSemUy4AIVTa/w=" ==> Installing new gossip encryption key... ``` Consul automatically propagates this encryption key across all clients and servers across the cluster and the federation if Consul federation is enabled. @@ -51,7 +51,7 @@ The following steps need only be performed once in any single datacenter if your 1. List the keys in the keyring to verify the new key has been installed successfully. ```shell-session - consul keyring -list + $ consul keyring -list ==> Gathering installed encryption keys... WAN: @@ -72,14 +72,14 @@ The following steps need only be performed once in any single datacenter if your 1. After the new key has been added to the keychain, you can install it as the new gossip encryption key. Run the following command in the Consul Agent pod using `kubectl exec`: ```shell-session - consul keyring -use="Wa6/XFAnYy0f9iqVH2iiG+yore3CqHSemUy4AIVTa/w=" + $ consul keyring -use="Wa6/XFAnYy0f9iqVH2iiG+yore3CqHSemUy4AIVTa/w=" ==> Changing primary gossip encryption key... ``` 1. You can ensure that the key has been propagated to all agents by verifying the number of agents that recognize the key over the number of total agents in the datacenter. Listing them provides that information. ```shell-session - consul keyring -list + $ consul keyring -list ==> Gathering installed encryption keys... WAN: @@ -95,7 +95,9 @@ The following steps need only be performed once in any single datacenter if your Wa6/XFAnYy0f9iqVH2iiG+yore3CqHSemUy4AIVTa/w= [4/4] ``` -1. Update the Kubernetes secrets with the latest gossip encryption key. +1. Update the Kubernetes or Vault secrets with the latest gossip encryption key. + + Update the gossip encryption Kubernetes Secret with the value of the new gossip encryption key to ensure that subsequent `helm upgrades` commands execute successfully. The name of the secret that stores the value of the gossip encryption key can be found in the Helm values file: @@ -122,6 +124,38 @@ The following steps need only be performed once in any single datacenter if your ```shell-session $ kubectl patch secret consul-federation --patch='{"stringData":{"gossipEncryptionKey": "Wa6/XFAnYy0f9iqVH2iiG+yore3CqHSemUy4AIVTa/w="}}' ``` + + + + -> **Note:** These Vault instructions assume that you have integrated your [Gossip encryption key](/docs/k8s/installation/vault/data-integration/gossip) using [Vault as a Secrets Backend](/docs/k8s/installation/vault). + + Update the gossip encryption Vault Secret with the value of the new gossip encryption key to ensure that subsequent `helm upgrades` commands execute successfully. + The name of the secret that stores the value of the gossip encryption key can be found in the Helm values file: + ```yaml + global: + gossipEncryption: + secretName: secret/data/consul/gossip-encryption + secretKey: key + ``` + + ```shell-session + $ vault kv put secret/consul/gossip-encryption key="Wa6/XFAnYy0f9iqVH2iiG+yore3CqHSemUy4AIVTa/w=" + ``` + + **Note:** In the case of federated Consul clusters, update the federation-secret value for the gossip encryption key. The name of the secret and key can be found in the values file of the secondary datacenter. + + ```yaml + global: + gossipEncryption: + secretName: consul-federation + secretKey: gossip-key + ``` + + ```shell-session + $ vault kv put secret/consul/consul-federation gossip-key="Wa6/XFAnYy0f9iqVH2iiG+yore3CqHSemUy4AIVTa/w=" + ``` + + 1. Remove the old key once the new one has been installed successfully. @@ -132,10 +166,10 @@ The following steps need only be performed once in any single datacenter if your 1. **Note:** If ACLs are enabled, export the bootstrap token as the CONSUL_HTTP_TOKEN to perform all `consul keyring` operations. ```shell-session - export CONSUL_HTTP_TOKEN= + $ export CONSUL_HTTP_TOKEN= ``` 1. Remove old Gossip encryption key with the `consul keyring` command: ```shell-session - consul keyring -remove="CL6M+jKj3630CZLXI0IRVeyci1jgIAveiZKvdtTybbA=" + $ consul keyring -remove="CL6M+jKj3630CZLXI0IRVeyci1jgIAveiZKvdtTybbA=" ==> Removing gossip encryption key... ``` From 1835e761fd9a8156d85b0df7346dd087fe569c1a Mon Sep 17 00:00:00 2001 From: Jared Kirschner Date: Thu, 7 Apr 2022 13:10:20 -0700 Subject: [PATCH 105/785] improve error msg for deregister critical service If a service is automatically registered because it has a critical health check for longer than deregister_critical_service_after, the error message will now include: - mention of the deregister_critical_service_after option - the value of deregister_critical_service_after for that check --- .changelog/12725.txt | 3 +++ agent/agent.go | 9 ++++++--- 2 files changed, 9 insertions(+), 3 deletions(-) create mode 100644 .changelog/12725.txt diff --git a/.changelog/12725.txt b/.changelog/12725.txt new file mode 100644 index 000000000..3cba2d250 --- /dev/null +++ b/.changelog/12725.txt @@ -0,0 +1,3 @@ +```release-note:improvement +agent: improve log messages when a service with a critical health check is deregistered due to exceeding the deregister_critical_service_after timeout +``` \ No newline at end of file diff --git a/agent/agent.go b/agent/agent.go index c08316fd8..818587407 100644 --- a/agent/agent.go +++ b/agent/agent.go @@ -1813,14 +1813,17 @@ func (a *Agent) reapServicesInternal() { if timeout > 0 && cs.CriticalFor() > timeout { reaped[serviceID] = true if err := a.RemoveService(serviceID); err != nil { - a.logger.Error("unable to deregister service after check has been critical for too long", + a.logger.Error("failed to deregister service with critical health that exceeded health check's 'deregister_critical_service_after' timeout", "service", serviceID.String(), "check", checkID.String(), - "error", err) + "timeout", timeout.String(), + "error", err, + ) } else { - a.logger.Info("Check for service has been critical for too long; deregistered service", + a.logger.Info("deregistered service with critical health due to exceeding health check's 'deregister_critical_service_after' timeout", "service", serviceID.String(), "check", checkID.String(), + "timeout", timeout.String(), ) } } From f4eac06b21b176bac168f7d75ee97761326da976 Mon Sep 17 00:00:00 2001 From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com> Date: Thu, 7 Apr 2022 16:58:21 -0500 Subject: [PATCH 106/785] xds: ensure that all connect timeout configs can apply equally to tproxy direct dial connections (#12711) Just like standard upstreams the order of applicability in descending precedence: 1. caller's `service-defaults` upstream override for destination 2. caller's `service-defaults` upstream defaults 3. destination's `service-resolver` ConnectTimeout 4. system default of 5s Co-authored-by: mrspanishviking --- .changelog/12711.txt | 3 ++ agent/consul/discovery_chain_endpoint_test.go | 11 ++++- agent/consul/discoverychain/compile.go | 3 ++ agent/consul/discoverychain/compile_test.go | 31 ++++++++++-- agent/discovery_chain_endpoint_test.go | 26 ++++++++-- agent/proxycfg/connect_proxy.go | 2 +- agent/proxycfg/testing_tproxy.go | 8 +++- agent/structs/discovery_chain.go | 38 +++++++++++++++ agent/xds/clusters.go | 17 +++++-- ...ial-instances-directly.envoy-1-20-x.golden | 4 +- api/discovery_chain.go | 47 +++++++++++++++++-- api/discovery_chain_test.go | 44 +++++++++-------- .../connect/l7-traffic/discovery-chain.mdx | 4 ++ .../docs/connect/transparent-proxy.mdx | 5 +- 14 files changed, 198 insertions(+), 45 deletions(-) create mode 100644 .changelog/12711.txt diff --git a/.changelog/12711.txt b/.changelog/12711.txt new file mode 100644 index 000000000..3d1400550 --- /dev/null +++ b/.changelog/12711.txt @@ -0,0 +1,3 @@ +```release-note:improvement +xds: ensure that all connect timeout configs can apply equally to tproxy direct dial connections +``` diff --git a/agent/consul/discovery_chain_endpoint_test.go b/agent/consul/discovery_chain_endpoint_test.go index 1f9a82f14..97ae5b124 100644 --- a/agent/consul/discovery_chain_endpoint_test.go +++ b/agent/consul/discovery_chain_endpoint_test.go @@ -59,6 +59,12 @@ func TestDiscoveryChainEndpoint_Get(t *testing.T) { t := structs.NewDiscoveryTarget(service, serviceSubset, namespace, partition, datacenter) t.SNI = connect.TargetSNI(t, connect.TestClusterID+".consul") t.Name = t.SNI + t.ConnectTimeout = 5 * time.Second // default + return t + } + + targetWithConnectTimeout := func(t *structs.DiscoveryTarget, connectTimeout time.Duration) *structs.DiscoveryTarget { + t.ConnectTimeout = connectTimeout return t } @@ -237,7 +243,10 @@ func TestDiscoveryChainEndpoint_Get(t *testing.T) { }, }, Targets: map[string]*structs.DiscoveryTarget{ - "web.default.default.dc1": newTarget("web", "", "default", "default", "dc1"), + "web.default.default.dc1": targetWithConnectTimeout( + newTarget("web", "", "default", "default", "dc1"), + 33*time.Second, + ), }, }, } diff --git a/agent/consul/discoverychain/compile.go b/agent/consul/discoverychain/compile.go index 0567b8b90..ed664878b 100644 --- a/agent/consul/discoverychain/compile.go +++ b/agent/consul/discoverychain/compile.go @@ -928,6 +928,9 @@ RESOLVE_AGAIN: } } + // Expose a copy of this on the targets for ease of access. + target.ConnectTimeout = connectTimeout + // Build node. node := &structs.DiscoveryGraphNode{ Type: structs.DiscoveryGraphNodeTypeResolver, diff --git a/agent/consul/discoverychain/compile_test.go b/agent/consul/discoverychain/compile_test.go index 9a3dde647..221ac757f 100644 --- a/agent/consul/discoverychain/compile_test.go +++ b/agent/consul/discoverychain/compile_test.go @@ -293,7 +293,10 @@ func testcase_RouterWithDefaults_NoSplit_WithResolver() compileTestCase { }, }, Targets: map[string]*structs.DiscoveryTarget{ - "main.default.default.dc1": newTarget("main", "", "default", "default", "dc1", nil), + "main.default.default.dc1": targetWithConnectTimeout( + newTarget("main", "", "default", "default", "dc1", nil), + 33*time.Second, + ), }, } @@ -494,7 +497,10 @@ func testcase_RouterWithDefaults_WithNoopSplit_WithResolver() compileTestCase { }, }, Targets: map[string]*structs.DiscoveryTarget{ - "main.default.default.dc1": newTarget("main", "", "default", "default", "dc1", nil), + "main.default.default.dc1": targetWithConnectTimeout( + newTarget("main", "", "default", "default", "dc1", nil), + 33*time.Second, + ), }, } @@ -687,7 +693,10 @@ func testcase_NoopSplit_WithResolver() compileTestCase { }, }, Targets: map[string]*structs.DiscoveryTarget{ - "main.default.default.dc1": newTarget("main", "", "default", "default", "dc1", nil), + "main.default.default.dc1": targetWithConnectTimeout( + newTarget("main", "", "default", "default", "dc1", nil), + 33*time.Second, + ), }, } @@ -1847,8 +1856,14 @@ func testcase_MultiDatacenterCanary() compileTestCase { }, }, Targets: map[string]*structs.DiscoveryTarget{ - "main.default.default.dc2": newTarget("main", "", "default", "default", "dc2", nil), - "main.default.default.dc3": newTarget("main", "", "default", "default", "dc3", nil), + "main.default.default.dc2": targetWithConnectTimeout( + newTarget("main", "", "default", "default", "dc2", nil), + 33*time.Second, + ), + "main.default.default.dc3": targetWithConnectTimeout( + newTarget("main", "", "default", "default", "dc3", nil), + 33*time.Second, + ), }, } return compileTestCase{entries: entries, expect: expect} @@ -2780,8 +2795,14 @@ func newTarget(service, serviceSubset, namespace, partition, datacenter string, t := structs.NewDiscoveryTarget(service, serviceSubset, namespace, partition, datacenter) t.SNI = connect.TargetSNI(t, "trustdomain.consul") t.Name = t.SNI + t.ConnectTimeout = 5 * time.Second // default if modFn != nil { modFn(t) } return t } + +func targetWithConnectTimeout(t *structs.DiscoveryTarget, connectTimeout time.Duration) *structs.DiscoveryTarget { + t.ConnectTimeout = connectTimeout + return t +} diff --git a/agent/discovery_chain_endpoint_test.go b/agent/discovery_chain_endpoint_test.go index 3db87ba52..86ef96617 100644 --- a/agent/discovery_chain_endpoint_test.go +++ b/agent/discovery_chain_endpoint_test.go @@ -31,6 +31,12 @@ func TestDiscoveryChainRead(t *testing.T) { t := structs.NewDiscoveryTarget(service, serviceSubset, namespace, partition, datacenter) t.SNI = connect.TargetSNI(t, connect.TestClusterID+".consul") t.Name = t.SNI + t.ConnectTimeout = 5 * time.Second // default + return t + } + + targetWithConnectTimeout := func(t *structs.DiscoveryTarget, connectTimeout time.Duration) *structs.DiscoveryTarget { + t.ConnectTimeout = connectTimeout return t } @@ -258,8 +264,14 @@ func TestDiscoveryChainRead(t *testing.T) { }, }, Targets: map[string]*structs.DiscoveryTarget{ - "web.default.default.dc1": newTarget("web", "", "default", "default", "dc1"), - "web.default.default.dc2": newTarget("web", "", "default", "default", "dc2"), + "web.default.default.dc1": targetWithConnectTimeout( + newTarget("web", "", "default", "default", "dc1"), + 33*time.Second, + ), + "web.default.default.dc2": targetWithConnectTimeout( + newTarget("web", "", "default", "default", "dc2"), + 33*time.Second, + ), }, } if !reflect.DeepEqual(expect, value.Chain) { @@ -268,12 +280,18 @@ func TestDiscoveryChainRead(t *testing.T) { }) })) - expectTarget_DC1 := newTarget("web", "", "default", "default", "dc1") + expectTarget_DC1 := targetWithConnectTimeout( + newTarget("web", "", "default", "default", "dc1"), + 33*time.Second, + ) expectTarget_DC1.MeshGateway = structs.MeshGatewayConfig{ Mode: structs.MeshGatewayModeLocal, } - expectTarget_DC2 := newTarget("web", "", "default", "default", "dc2") + expectTarget_DC2 := targetWithConnectTimeout( + newTarget("web", "", "default", "default", "dc2"), + 33*time.Second, + ) expectTarget_DC2.MeshGateway = structs.MeshGatewayConfig{ Mode: structs.MeshGatewayModeLocal, } diff --git a/agent/proxycfg/connect_proxy.go b/agent/proxycfg/connect_proxy.go index d0849a01e..e23ae0662 100644 --- a/agent/proxycfg/connect_proxy.go +++ b/agent/proxycfg/connect_proxy.go @@ -116,12 +116,12 @@ func (s *handlerConnectProxy) initialize(ctx context.Context) (ConfigSnapshot, e continue } + snap.ConnectProxy.UpstreamConfig[uid] = &u // This can be true if the upstream is a synthetic entry populated from centralized upstream config. // Watches should not be created for them. if u.CentrallyConfigured { continue } - snap.ConnectProxy.UpstreamConfig[uid] = &u dc := s.source.Datacenter if u.Datacenter != "" { diff --git a/agent/proxycfg/testing_tproxy.go b/agent/proxycfg/testing_tproxy.go index 4c04c9346..e593a51e9 100644 --- a/agent/proxycfg/testing_tproxy.go +++ b/agent/proxycfg/testing_tproxy.go @@ -1,6 +1,8 @@ package proxycfg import ( + "time" + "github.com/mitchellh/go-testing-interface" "github.com/hashicorp/consul/agent/cache" @@ -322,7 +324,11 @@ func TestConfigSnapshotTransparentProxyDialDirectly(t testing.T) *ConfigSnapshot mongo = structs.NewServiceName("mongo", nil) mongoUID = NewUpstreamIDFromServiceName(mongo) - mongoChain = discoverychain.TestCompileConfigEntries(t, "mongo", "default", "default", "dc1", connect.TestClusterID+".consul", nil) + mongoChain = discoverychain.TestCompileConfigEntries(t, "mongo", "default", "default", "dc1", connect.TestClusterID+".consul", nil, &structs.ServiceResolverConfigEntry{ + Kind: structs.ServiceResolver, + Name: "mongo", + ConnectTimeout: 33 * time.Second, + }) db = structs.NewServiceName("db", nil) ) diff --git a/agent/structs/discovery_chain.go b/agent/structs/discovery_chain.go index c2738f842..046ec1c4d 100644 --- a/agent/structs/discovery_chain.go +++ b/agent/structs/discovery_chain.go @@ -208,6 +208,8 @@ type DiscoveryTarget struct { MeshGateway MeshGatewayConfig `json:",omitempty"` Subset ServiceResolverSubset `json:",omitempty"` + ConnectTimeout time.Duration `json:",omitempty"` + // External is true if this target is outside of this consul cluster. External bool `json:",omitempty"` @@ -221,6 +223,42 @@ type DiscoveryTarget struct { Name string `json:",omitempty"` } +func (t *DiscoveryTarget) MarshalJSON() ([]byte, error) { + type Alias DiscoveryTarget + exported := struct { + ConnectTimeout string `json:",omitempty"` + *Alias + }{ + ConnectTimeout: t.ConnectTimeout.String(), + Alias: (*Alias)(t), + } + if t.ConnectTimeout == 0 { + exported.ConnectTimeout = "" + } + + return json.Marshal(exported) +} + +func (t *DiscoveryTarget) UnmarshalJSON(data []byte) error { + type Alias DiscoveryTarget + aux := &struct { + ConnectTimeout string + *Alias + }{ + Alias: (*Alias)(t), + } + if err := lib.UnmarshalJSON(data, &aux); err != nil { + return err + } + var err error + if aux.ConnectTimeout != "" { + if t.ConnectTimeout, err = time.ParseDuration(aux.ConnectTimeout); err != nil { + return err + } + } + return nil +} + func NewDiscoveryTarget(service, serviceSubset, namespace, partition, datacenter string) *DiscoveryTarget { t := &DiscoveryTarget{ Service: service, diff --git a/agent/xds/clusters.go b/agent/xds/clusters.go index 63442eb51..bbbad4a8b 100644 --- a/agent/xds/clusters.go +++ b/agent/xds/clusters.go @@ -173,9 +173,15 @@ func makePassthroughClusters(cfgSnap *proxycfg.ConfigSnapshot) ([]proto.Message, }) } - for _, target := range cfgSnap.ConnectProxy.PassthroughUpstreams { - for tid := range target { - uid := proxycfg.NewUpstreamIDFromTargetID(tid) + for uid, chain := range cfgSnap.ConnectProxy.DiscoveryChain { + targetMap, ok := cfgSnap.ConnectProxy.PassthroughUpstreams[uid] + if !ok { + continue + } + + for targetID := range targetMap { + + uid := proxycfg.NewUpstreamIDFromTargetID(targetID) sni := connect.ServiceSNI( uid.Name, "", uid.NamespaceOrDefault(), uid.PartitionOrDefault(), cfgSnap.Datacenter, cfgSnap.Roots.TrustDomain) @@ -190,10 +196,13 @@ func makePassthroughClusters(cfgSnap *proxycfg.ConfigSnapshot) ([]proto.Message, }, LbPolicy: envoy_cluster_v3.Cluster_CLUSTER_PROVIDED, - // TODO(tproxy) This should use the connection timeout configured on the upstream's config entry ConnectTimeout: ptypes.DurationProto(5 * time.Second), } + if discoTarget, ok := chain.Targets[targetID]; ok && discoTarget.ConnectTimeout > 0 { + c.ConnectTimeout = ptypes.DurationProto(discoTarget.ConnectTimeout) + } + spiffeID := connect.SpiffeIDService{ Host: cfgSnap.Roots.TrustDomain, Partition: uid.PartitionOrDefault(), diff --git a/agent/xds/testdata/clusters/transparent-proxy-dial-instances-directly.envoy-1-20-x.golden b/agent/xds/testdata/clusters/transparent-proxy-dial-instances-directly.envoy-1-20-x.golden index d920c11a4..ff729a66d 100644 --- a/agent/xds/testdata/clusters/transparent-proxy-dial-instances-directly.envoy-1-20-x.golden +++ b/agent/xds/testdata/clusters/transparent-proxy-dial-instances-directly.envoy-1-20-x.golden @@ -210,7 +210,7 @@ "resourceApiVersion": "V3" } }, - "connectTimeout": "5s", + "connectTimeout": "33s", "circuitBreakers": { }, @@ -305,7 +305,7 @@ "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", "name": "passthrough~mongo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", "type": "ORIGINAL_DST", - "connectTimeout": "5s", + "connectTimeout": "33s", "lbPolicy": "CLUSTER_PROVIDED", "transportSocket": { "name": "tls", diff --git a/api/discovery_chain.go b/api/discovery_chain.go index d198b2bb5..4217603cf 100644 --- a/api/discovery_chain.go +++ b/api/discovery_chain.go @@ -234,9 +234,46 @@ type DiscoveryTarget struct { Namespace string Datacenter string - MeshGateway MeshGatewayConfig - Subset ServiceResolverSubset - External bool - SNI string - Name string + MeshGateway MeshGatewayConfig + Subset ServiceResolverSubset + ConnectTimeout time.Duration + External bool + SNI string + Name string +} + +func (t *DiscoveryTarget) MarshalJSON() ([]byte, error) { + type Alias DiscoveryTarget + exported := &struct { + ConnectTimeout string `json:",omitempty"` + *Alias + }{ + ConnectTimeout: t.ConnectTimeout.String(), + Alias: (*Alias)(t), + } + if t.ConnectTimeout == 0 { + exported.ConnectTimeout = "" + } + + return json.Marshal(exported) +} + +func (t *DiscoveryTarget) UnmarshalJSON(data []byte) error { + type Alias DiscoveryTarget + aux := &struct { + ConnectTimeout string + *Alias + }{ + Alias: (*Alias)(t), + } + if err := json.Unmarshal(data, &aux); err != nil { + return err + } + var err error + if aux.ConnectTimeout != "" { + if t.ConnectTimeout, err = time.ParseDuration(aux.ConnectTimeout); err != nil { + return err + } + } + return nil } diff --git a/api/discovery_chain_test.go b/api/discovery_chain_test.go index 049ce3963..dd4fc0181 100644 --- a/api/discovery_chain_test.go +++ b/api/discovery_chain_test.go @@ -47,12 +47,13 @@ func TestAPI_DiscoveryChain_Get(t *testing.T) { }, Targets: map[string]*DiscoveryTarget{ "web.default.default.dc1": { - ID: "web.default.default.dc1", - Service: "web", - Namespace: "default", - Datacenter: "dc1", - SNI: "web.default.dc1.internal." + testClusterID + ".consul", - Name: "web.default.dc1.internal." + testClusterID + ".consul", + ID: "web.default.default.dc1", + Service: "web", + Namespace: "default", + Datacenter: "dc1", + ConnectTimeout: 5 * time.Second, + SNI: "web.default.dc1.internal." + testClusterID + ".consul", + Name: "web.default.dc1.internal." + testClusterID + ".consul", }, }, }, @@ -88,12 +89,13 @@ func TestAPI_DiscoveryChain_Get(t *testing.T) { }, Targets: map[string]*DiscoveryTarget{ "web.default.default.dc2": { - ID: "web.default.default.dc2", - Service: "web", - Namespace: "default", - Datacenter: "dc2", - SNI: "web.default.dc2.internal." + testClusterID + ".consul", - Name: "web.default.dc2.internal." + testClusterID + ".consul", + ID: "web.default.default.dc2", + Service: "web", + Namespace: "default", + Datacenter: "dc2", + ConnectTimeout: 5 * time.Second, + SNI: "web.default.dc2.internal." + testClusterID + ".consul", + Name: "web.default.dc2.internal." + testClusterID + ".consul", }, }, }, @@ -134,12 +136,13 @@ func TestAPI_DiscoveryChain_Get(t *testing.T) { }, Targets: map[string]*DiscoveryTarget{ "web.default.default.dc1": { - ID: "web.default.default.dc1", - Service: "web", - Namespace: "default", - Datacenter: "dc1", - SNI: "web.default.dc1.internal." + testClusterID + ".consul", - Name: "web.default.dc1.internal." + testClusterID + ".consul", + ID: "web.default.default.dc1", + Service: "web", + Namespace: "default", + Datacenter: "dc1", + ConnectTimeout: 33 * time.Second, + SNI: "web.default.dc1.internal." + testClusterID + ".consul", + Name: "web.default.dc1.internal." + testClusterID + ".consul", }, }, }, @@ -186,8 +189,9 @@ func TestAPI_DiscoveryChain_Get(t *testing.T) { MeshGateway: MeshGatewayConfig{ Mode: MeshGatewayModeLocal, }, - SNI: "web.default.dc2.internal." + testClusterID + ".consul", - Name: "web.default.dc2.internal." + testClusterID + ".consul", + ConnectTimeout: 22 * time.Second, + SNI: "web.default.dc2.internal." + testClusterID + ".consul", + Name: "web.default.dc2.internal." + testClusterID + ".consul", }, }, }, diff --git a/website/content/docs/connect/l7-traffic/discovery-chain.mdx b/website/content/docs/connect/l7-traffic/discovery-chain.mdx index dc9594e61..39ea48df5 100644 --- a/website/content/docs/connect/l7-traffic/discovery-chain.mdx +++ b/website/content/docs/connect/l7-traffic/discovery-chain.mdx @@ -237,6 +237,10 @@ A single node in the compiled discovery chain. - `External` `(bool: false)` - True if this target is outside of this consul cluster. +- `ConnectTimeout` `(duration)` - Copy of the underlying `service-resolver` + [`ConnectTimeout`](/docs/connect/config-entries/service-resolver#connecttimeout) + field. If one is not defined the default of `5s` is returned. + - `SNI` `(string)` - This value should be used as the [SNI](https://en.wikipedia.org/wiki/Server_Name_Indication) value when connecting to this set of endpoints over TLS. diff --git a/website/content/docs/connect/transparent-proxy.mdx b/website/content/docs/connect/transparent-proxy.mdx index 750c62e0f..1091091cf 100644 --- a/website/content/docs/connect/transparent-proxy.mdx +++ b/website/content/docs/connect/transparent-proxy.mdx @@ -169,8 +169,9 @@ transparent proxy's datacenter. Services can also dial explicit upstreams in oth in the datacenter `dc2`. * In the deployment configuration where a [single Consul datacenter spans multiple Kubernetes clusters](/docs/k8s/installation/deployment-configurations/single-dc-multi-k8s), services in one Kubernetes cluster must explicitly dial a service in another Kubernetes cluster using the [consul.hashicorp.com/connect-service-upstreams](/docs/k8s/annotations-and-labels#consul-hashicorp-com-connect-service-upstreams) annotation. An example would be `"consul.hashicorp.com/connect-service-upstreams": "my-service:1234"`, where `my-service` is the service that exists in another Kubernetes cluster and is exposed on port `1234`. Although Transparent Proxy is enabled, KubeDNS is not utilized when communicating between services existing on separate Kubernetes clusters. -* When dialing headless services the request will be proxied using a plain TCP proxy with a 5s connection timeout. -Currently the upstream's protocol and connection timeout are not considered. + +* When dialing headless services, the request will be proxied using a plain TCP + proxy. The upstream's protocol is not considered. ## Using Transparent Proxy From 365f1c866f229fb469fb729eedbfa303aca6adc0 Mon Sep 17 00:00:00 2001 From: Mark Anderson Date: Fri, 8 Apr 2022 15:33:45 -0700 Subject: [PATCH 107/785] Update vault to 1.9.4 Vault hasn't been updated for a while, and we should be testing against a newer version. I'd update to 1.10.0, but we would run afoul of https://github.com/hashicorp/vault/issues/14863. We should update to 1.10.1 as soon as it comes our, or better yet move to using latest. Signed-off-by: Mark Anderson --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index df724af17..0226bffbf 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -31,7 +31,7 @@ references: GIT_COMMITTER_NAME: circleci-consul S3_ARTIFACT_BUCKET: consul-dev-artifacts-v2 BASH_ENV: .circleci/bash_env.sh - VAULT_BINARY_VERSION: 1.2.2 + VAULT_BINARY_VERSION: 1.9.4 steps: install-gotestsum: &install-gotestsum From e4d8c3b1d02125ad2b4e5fb1d9af54122a3bb50f Mon Sep 17 00:00:00 2001 From: John Cowen Date: Mon, 11 Apr 2022 10:04:26 +0100 Subject: [PATCH 108/785] Fallback icons to currentColor --- .../consul-ui/app/styles/base/icons/base-keyframes.scss | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ui/packages/consul-ui/app/styles/base/icons/base-keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/base-keyframes.scss index dab94ecee..37d328afc 100644 --- a/ui/packages/consul-ui/app/styles/base/icons/base-keyframes.scss +++ b/ui/packages/consul-ui/app/styles/base/icons/base-keyframes.scss @@ -8,12 +8,12 @@ *::before { animation-name: var(--icon-name-start, var(--icon-name)), var(--icon-size-start, var(--icon-size, icon-000)); - background-color: var(--icon-color-start, var(--icon-color)); + background-color: var(--icon-color-start, var(--icon-color, currentColor)); } *::after { animation-name: var(--icon-name-end, var(--icon-name)), var(--icon-size-end, var(--icon-size, icon-000)); - background-color: var(--icon-color-end, var(--icon-color)); + background-color: var(--icon-color-end, var(--icon-color, currentColor)); } [style*='--icon-color-start']::before { From 42a0f204ac5c9798288675461ed20f497041f034 Mon Sep 17 00:00:00 2001 From: John Cowen Date: Mon, 11 Apr 2022 10:05:02 +0100 Subject: [PATCH 109/785] Fixup any psuedo elements that don't need currentColor --- ui/packages/consul-ui/app/components/breadcrumbs/skin.scss | 1 + ui/packages/consul-ui/app/components/csv-list/index.scss | 1 + ui/packages/consul-ui/app/components/empty-state/skin.scss | 2 +- .../consul-ui/app/components/main-nav-vertical/skin.scss | 1 + .../consul-ui/app/components/secret-button/layout.scss | 1 + ui/packages/consul-ui/app/components/tooltip-panel/skin.scss | 2 +- ui/packages/consul-ui/app/components/tooltip/index.scss | 5 +++++ 7 files changed, 11 insertions(+), 2 deletions(-) diff --git a/ui/packages/consul-ui/app/components/breadcrumbs/skin.scss b/ui/packages/consul-ui/app/components/breadcrumbs/skin.scss index 966cf886e..55a32e5c9 100644 --- a/ui/packages/consul-ui/app/components/breadcrumbs/skin.scss +++ b/ui/packages/consul-ui/app/components/breadcrumbs/skin.scss @@ -8,6 +8,7 @@ } %crumbs::before { text-decoration: none; + background-color: var(--transparent); } %breadcrumb-milestone::before { @extend %with-chevron-left-mask, %as-pseudo; diff --git a/ui/packages/consul-ui/app/components/csv-list/index.scss b/ui/packages/consul-ui/app/components/csv-list/index.scss index 4c64a7c87..a5141fe18 100644 --- a/ui/packages/consul-ui/app/components/csv-list/index.scss +++ b/ui/packages/consul-ui/app/components/csv-list/index.scss @@ -14,4 +14,5 @@ content: var(--csv-list-separator); vertical-align: initial; margin-right: 0.3em; + background-color: var(--transparent); } diff --git a/ui/packages/consul-ui/app/components/empty-state/skin.scss b/ui/packages/consul-ui/app/components/empty-state/skin.scss index 9e09d9368..22d9fcae4 100644 --- a/ui/packages/consul-ui/app/components/empty-state/skin.scss +++ b/ui/packages/consul-ui/app/components/empty-state/skin.scss @@ -23,7 +23,7 @@ %empty-state[class*='status-'] header::before { @extend %as-pseudo; } -%empty-state header::before { +%empty-state[class*='status-'] header::before { @extend %with-alert-circle-outline-mask; } %empty-state.status-404 header::before { diff --git a/ui/packages/consul-ui/app/components/main-nav-vertical/skin.scss b/ui/packages/consul-ui/app/components/main-nav-vertical/skin.scss index e1930d8bf..abd048df9 100644 --- a/ui/packages/consul-ui/app/components/main-nav-vertical/skin.scss +++ b/ui/packages/consul-ui/app/components/main-nav-vertical/skin.scss @@ -47,6 +47,7 @@ display: block; margin-top: -0.5rem; margin-bottom: 0.5rem; + background-color: var(--transparent); } %main-nav-vertical-popover-menu-trigger { border: var(--decor-border-100); diff --git a/ui/packages/consul-ui/app/components/secret-button/layout.scss b/ui/packages/consul-ui/app/components/secret-button/layout.scss index 1393e5efe..fe223180e 100644 --- a/ui/packages/consul-ui/app/components/secret-button/layout.scss +++ b/ui/packages/consul-ui/app/components/secret-button/layout.scss @@ -17,6 +17,7 @@ display: inline; visibility: visible; content: '■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■'; + background-color: var(--transparent); } %secret-button input:checked ~ em::before { display: none; diff --git a/ui/packages/consul-ui/app/components/tooltip-panel/skin.scss b/ui/packages/consul-ui/app/components/tooltip-panel/skin.scss index 619da5172..7e65c6292 100644 --- a/ui/packages/consul-ui/app/components/tooltip-panel/skin.scss +++ b/ui/packages/consul-ui/app/components/tooltip-panel/skin.scss @@ -6,7 +6,7 @@ @extend %as-pseudo; width: 12px; height: 12px; - background: white; + background-color: rgb(var(--tone-gray-000)); border-top: 1px solid rgb(var(--tone-gray-300)); border-right: 1px solid rgb(var(--tone-gray-300)); transform: rotate(-45deg); diff --git a/ui/packages/consul-ui/app/components/tooltip/index.scss b/ui/packages/consul-ui/app/components/tooltip/index.scss index 333faed35..1f8802a11 100644 --- a/ui/packages/consul-ui/app/components/tooltip/index.scss +++ b/ui/packages/consul-ui/app/components/tooltip/index.scss @@ -45,6 +45,7 @@ &::before { border-color: var(--transparent); border-style: solid; + background-color: var(--transparent); } } @@ -52,23 +53,27 @@ &::before { border-width: var(--size) var(--size) 0; border-top-color: initial; + background-color: var(--transparent); } } %tooltip-tail-bottom { &::before { border-width: 0 var(--size) var(--size); border-bottom-color: initial; + background-color: var(--transparent); } } %tooltip-tail-left { &::before { border-width: var(--size) 0 var(--size) var(--size); border-left-color: initial; + background-color: var(--transparent); } } %tooltip-tail-right { &::before { border-width: var(--size) var(--size) var(--size) 0; border-right-color: initial; + background-color: var(--transparent); } } From de234b3aa74e3e85f4c82f1224936d85053ae663 Mon Sep 17 00:00:00 2001 From: John Cowen Date: Mon, 11 Apr 2022 12:49:59 +0100 Subject: [PATCH 110/785] ui: Add more explanatory texts for empty states (#12354) * ui: Add more explanatory texts for empty states * Change all template "Read the guide"s * Add missing htmlSafe * Remove the stuff I commented out to try and grok the hairy rebase * Changelog * More rebased yaml weirdness plus added node:read --- .changelog/12354.txt | 3 + .../app/templates/dc/nodes/show/sessions.hbs | 25 +- .../templates/dc/acls/auth-methods/index.hbs | 19 +- .../acls/auth-methods/show/binding-rules.hbs | 10 +- .../acls/auth-methods/show/nspace-rules.hbs | 10 +- .../app/templates/dc/acls/policies/index.hbs | 21 +- .../app/templates/dc/acls/roles/index.hbs | 19 +- .../app/templates/dc/acls/tokens/index.hbs | 19 +- .../app/templates/dc/intentions/index.hbs | 21 +- .../consul-ui/app/templates/dc/kv/index.hbs | 21 +- .../app/templates/dc/nodes/index.hbs | 15 +- .../templates/dc/nodes/show/healthchecks.hbs | 8 +- .../app/templates/dc/nodes/show/services.hbs | 7 +- .../app/templates/dc/services/index.hbs | 23 +- .../dc/services/instance/exposedpaths.hbs | 8 +- .../dc/services/instance/upstreams.hbs | 24 +- .../templates/dc/services/show/instances.hbs | 7 +- .../dc/services/show/intentions/index.hbs | 21 +- .../templates/dc/services/show/services.hbs | 14 +- .../app/templates/dc/services/show/tags.hbs | 11 +- .../templates/dc/services/show/upstreams.hbs | 7 +- .../consul-ui/translations/routes/en-us.yaml | 268 ++++++++++++++++-- 22 files changed, 385 insertions(+), 196 deletions(-) create mode 100644 .changelog/12354.txt diff --git a/.changelog/12354.txt b/.changelog/12354.txt new file mode 100644 index 000000000..a81bb29bc --- /dev/null +++ b/.changelog/12354.txt @@ -0,0 +1,3 @@ +```release-note:improvement +ui: Include details on ACL policy dispositions required for unauthorized views +``` diff --git a/ui/packages/consul-lock-sessions/app/templates/dc/nodes/show/sessions.hbs b/ui/packages/consul-lock-sessions/app/templates/dc/nodes/show/sessions.hbs index b868871f7..b6cb1107a 100644 --- a/ui/packages/consul-lock-sessions/app/templates/dc/nodes/show/sessions.hbs +++ b/ui/packages/consul-lock-sessions/app/templates/dc/nodes/show/sessions.hbs @@ -70,17 +70,18 @@ as |route|> - -

- Welcome to Lock Sessions -

- - - -

- Consul provides a session mechanism which can be used to build distributed locks. Sessions act as a binding layer between nodes, health checks, and key/value data. There are currently no lock sessions present, or you may not have permission to view lock sessions. -

- + +

+ {{t 'routes.dc.nodes.show.sessions.empty.header' + items=items.length + }} +

+ + + {{t 'routes.dc.nodes.show.sessions.empty.body' + htmlSafe=true + }} +
  • @@ -96,7 +97,7 @@ as |route|> @href="{{env 'CONSUL_DOCS_LEARN_URL'}}/tutorials/consul/distributed-semaphore" @external={{true}} > - Read the guide + Take the tutorial
    • diff --git a/ui/packages/consul-ui/app/templates/dc/acls/auth-methods/index.hbs b/ui/packages/consul-ui/app/templates/dc/acls/auth-methods/index.hbs index d68a2ec88..f61a94347 100644 --- a/ui/packages/consul-ui/app/templates/dc/acls/auth-methods/index.hbs +++ b/ui/packages/consul-ui/app/templates/dc/acls/auth-methods/index.hbs @@ -90,21 +90,16 @@ as |route|> >

    - {{#if (gt items.length 0)}} - No auth methods found - {{else}} - Welcome to Auth Methods - {{/if}} + {{t 'routes.dc.auth-methods.index.empty.header' + items=items.length + }}

    -

    - {{#if (gt items.length 0)}} - No auth methods where found matching that search, or you may not have access to view the auth methods you are searching for. - {{else}} - There don't seem to be any auth methods, or you may not have access to view auth methods yet. - {{/if}} -

    + {{t 'routes.dc.auth-methods.index.empty.body' + items=items.length + htmlSafe=true + }}
  • diff --git a/ui/packages/consul-ui/app/templates/dc/acls/auth-methods/show/binding-rules.hbs b/ui/packages/consul-ui/app/templates/dc/acls/auth-methods/show/binding-rules.hbs index 86b509d63..f12f996a0 100644 --- a/ui/packages/consul-ui/app/templates/dc/acls/auth-methods/show/binding-rules.hbs +++ b/ui/packages/consul-ui/app/templates/dc/acls/auth-methods/show/binding-rules.hbs @@ -41,12 +41,14 @@ as |items|}} {{else}} -

    No binding rules

    +

    + {{t 'routes.dc.acls.auth-methods.show.binding-rules.index.empty.header'}} +

    -

    - Binding rules allow an operator to express a systematic way of automatically linking roles and service identities to newly created tokens without operator intervention. -

    + {{t 'routes.dc.acls.auth-methods.show.binding-rules.index.empty.body' + htmlSafe=true + }}
  • diff --git a/ui/packages/consul-ui/app/templates/dc/acls/auth-methods/show/nspace-rules.hbs b/ui/packages/consul-ui/app/templates/dc/acls/auth-methods/show/nspace-rules.hbs index 95ef17e01..91561e1b1 100644 --- a/ui/packages/consul-ui/app/templates/dc/acls/auth-methods/show/nspace-rules.hbs +++ b/ui/packages/consul-ui/app/templates/dc/acls/auth-methods/show/nspace-rules.hbs @@ -13,12 +13,14 @@ as |item|}} {{else}} -

    No namespace rules

    +

    + {{t 'routes.dc.acls.auth-methods.show.nspace-rules.index.empty.header'}} +

    -

    - A set of rules that can control which namespace tokens created via this auth method will be created within. Unlike binding rules, the first matching namespace rule wins. -

    + {{t 'routes.dc.acls.auth-methods.show.nspace-rules.index.empty.body' + htmlSafe=true + }}
  • diff --git a/ui/packages/consul-ui/app/templates/dc/acls/policies/index.hbs b/ui/packages/consul-ui/app/templates/dc/acls/policies/index.hbs index 9428bbece..583b896ed 100644 --- a/ui/packages/consul-ui/app/templates/dc/acls/policies/index.hbs +++ b/ui/packages/consul-ui/app/templates/dc/acls/policies/index.hbs @@ -99,28 +99,23 @@ as |route|> >

    - {{#if (gt items.length 0)}} - No policies found - {{else}} - Welcome to Policies - {{/if}} + {{t 'routes.dc.acls.policies.index.empty.header' + items=items.length + }}

    -

    - {{#if (gt items.length 0)}} - No policies where found matching that search, or you may not have access to view the policies you are searching for. - {{else}} - There don't seem to be any policies, or you may not have access to view policies yet. - {{/if}} -

    + {{t 'routes.dc.acls.policies.index.empty.body' + items=items.length + htmlSafe=true + }}
  • Documentation on policies
  • - Read the guide + Take the tutorial
    • diff --git a/ui/packages/consul-ui/app/templates/dc/acls/roles/index.hbs b/ui/packages/consul-ui/app/templates/dc/acls/roles/index.hbs index 17d398429..a1b76fb63 100644 --- a/ui/packages/consul-ui/app/templates/dc/acls/roles/index.hbs +++ b/ui/packages/consul-ui/app/templates/dc/acls/roles/index.hbs @@ -91,21 +91,16 @@ as |route|> >

    - {{#if (gt items.length 0)}} - No roles found - {{else}} - Welcome to Roles - {{/if}} + {{t 'routes.dc.acls.roles.index.empty.header' + items=items.length + }}

    -

    - {{#if (gt items.length 0)}} - No roles where found matching that search, or you may not have access to view the roles you are searching for. - {{else}} - There don't seem to be any roles, or you may not have access to view roles yet. - {{/if}} -

    + {{t 'routes.dc.acls.roles.index.empty.body' + items=items.length + htmlSafe=true + }}
  • diff --git a/ui/packages/consul-ui/app/templates/dc/acls/tokens/index.hbs b/ui/packages/consul-ui/app/templates/dc/acls/tokens/index.hbs index fe55436bb..ffd05ffee 100644 --- a/ui/packages/consul-ui/app/templates/dc/acls/tokens/index.hbs +++ b/ui/packages/consul-ui/app/templates/dc/acls/tokens/index.hbs @@ -110,21 +110,16 @@ as |route|> >

    - {{#if (gt items.length 0)}} - No tokens found - {{else}} - Welcome to ACL Tokens - {{/if}} + {{t 'routes.dc.acls.tokens.index.empty.header' + items=items.length + }}

    -

    - {{#if (gt items.length 0)}} - No tokens where found matching that search, or you may not have access to view the tokens you are searching for. - {{else}} - There don't seem to be any tokens, or you may not have access to view tokens yet. - {{/if}} -

    + {{t 'routes.dc.acls.tokens.index.empty.body' + items=items.length + htmlSafe=true + }}     diff --git a/ui/packages/consul-ui/app/templates/dc/intentions/index.hbs b/ui/packages/consul-ui/app/templates/dc/intentions/index.hbs index 9ec526f3e..f847151a1 100644 --- a/ui/packages/consul-ui/app/templates/dc/intentions/index.hbs +++ b/ui/packages/consul-ui/app/templates/dc/intentions/index.hbs @@ -106,28 +106,23 @@ as |route|> >

    - {{#if (gt items.length 0)}} - No intentions found - {{else}} - Welcome to Intentions - {{/if}} + {{t 'routes.dc.intentions.index.empty.header' + items=items.length + }}

    -

    - {{#if (gt items.length 0)}} - No intentions where found matching that search, or you may not have access to view the intentions you are searching for. - {{else}} - There don't seem to be any intentions, or you may not have access to view intentions yet. - {{/if}} -

    + {{t 'routes.dc.intentions.index.empty.body' + items=items.length + htmlSafe=true + }}
  • Documentation on intentions
  • - Read the guide + Take the tutorial
    • diff --git a/ui/packages/consul-ui/app/templates/dc/kv/index.hbs b/ui/packages/consul-ui/app/templates/dc/kv/index.hbs index 100e6144d..97858ca95 100644 --- a/ui/packages/consul-ui/app/templates/dc/kv/index.hbs +++ b/ui/packages/consul-ui/app/templates/dc/kv/index.hbs @@ -178,28 +178,23 @@ as |sort filters parent items|}} >

    - {{#if (gt items.length 0)}} - No K/V pairs found - {{else}} - Welcome to Key/Value - {{/if}} + {{t 'routes.dc.kv.index.empty.header' + items=items.length + }}

    -

    - {{#if (gt items.length 0)}} - No K/V pairs where found matching that search, or you may not have access to view the K/V pairs you are searching for. - {{else}} - You don't have any K/V pairs, or you may not have access to view K/V pairs yet. - {{/if}} -

    + {{t 'routes.dc.kv.index.empty.body' + items=items.length + htmlSafe=true + }}
  • Documentation on K/V
  • - Read the guide + Take the tutorial
    • diff --git a/ui/packages/consul-ui/app/templates/dc/nodes/index.hbs b/ui/packages/consul-ui/app/templates/dc/nodes/index.hbs index 7c75724d1..d5ba6306a 100644 --- a/ui/packages/consul-ui/app/templates/dc/nodes/index.hbs +++ b/ui/packages/consul-ui/app/templates/dc/nodes/index.hbs @@ -95,17 +95,16 @@ as |route|> >

    - {{#if (gt items.length 0)}} - No nodes found - {{else}} - Welcome to Nodes - {{/if}} + {{t 'routes.dc.nodes.index.empty.header' + items=items.length + }}

    -

    - There don't seem to be any registered nodes, or you may not have access to view nodes yet. -

    + {{t 'routes.dc.nodes.index.empty.body' + items=items.length + htmlSafe=true + }}     diff --git a/ui/packages/consul-ui/app/templates/dc/nodes/show/healthchecks.hbs b/ui/packages/consul-ui/app/templates/dc/nodes/show/healthchecks.hbs index ca2cb185a..8a8f9b876 100644 --- a/ui/packages/consul-ui/app/templates/dc/nodes/show/healthchecks.hbs +++ b/ui/packages/consul-ui/app/templates/dc/nodes/show/healthchecks.hbs @@ -82,10 +82,10 @@ as |route|> - {{t "routes.dc.nodes.show.healthchecks.empty" - items=items.length - htmlSafe=true - }} + {{t "routes.dc.nodes.show.healthchecks.empty" + items=items.length + htmlSafe=true + }} diff --git a/ui/packages/consul-ui/app/templates/dc/nodes/show/services.hbs b/ui/packages/consul-ui/app/templates/dc/nodes/show/services.hbs index 770386b37..2c7c67a18 100644 --- a/ui/packages/consul-ui/app/templates/dc/nodes/show/services.hbs +++ b/ui/packages/consul-ui/app/templates/dc/nodes/show/services.hbs @@ -63,9 +63,10 @@ as |route|> -

    - This node has no service instances{{#if (gt items.length 0)}} matching that search{{/if}}. -

    + {{t "routes.dc.nodes.show.services.empty" + items=items.length + htmlSafe=true + }}     diff --git a/ui/packages/consul-ui/app/templates/dc/services/index.hbs b/ui/packages/consul-ui/app/templates/dc/services/index.hbs index 3d6e04933..433211d0c 100644 --- a/ui/packages/consul-ui/app/templates/dc/services/index.hbs +++ b/ui/packages/consul-ui/app/templates/dc/services/index.hbs @@ -105,21 +105,16 @@ as |sort filters items partition nspace|}} >

    - {{#if (gt items.length 0)}} - No services found - {{else}} - Welcome to Services - {{/if}} + {{t 'routes.dc.services.index.empty.header' + items=items.length + }}

    -

    - {{#if (gt items.length 0)}} - No services where found matching that search, or you may not have access to view the services you are searching for. - {{else}} - There don't seem to be any registered services, or you may not have access to view services yet. - {{/if}} -

    + {{t 'routes.dc.services.index.empty.body' + items=items.length + htmlSafe=true + }}
  • @@ -127,7 +122,7 @@ as |sort filters items partition nspace|}} @href="{{env 'CONSUL_DOCS_URL'}}/commands/services" @external={{true}} > - Documentation on services + Documentation on Services
  • @@ -135,7 +130,7 @@ as |sort filters items partition nspace|}} @href="{{env 'CONSUL_DOCS_LEARN_URL'}}/consul/getting-started/services" @external={{true}} > - Read the guide + Take the tutorial
    • diff --git a/ui/packages/consul-ui/app/templates/dc/services/instance/exposedpaths.hbs b/ui/packages/consul-ui/app/templates/dc/services/instance/exposedpaths.hbs index df7e723d6..c044d97dd 100644 --- a/ui/packages/consul-ui/app/templates/dc/services/instance/exposedpaths.hbs +++ b/ui/packages/consul-ui/app/templates/dc/services/instance/exposedpaths.hbs @@ -7,9 +7,7 @@ as |route|> as |item proxy|}}
    {{#if (gt proxy.ServiceProxy.Expose.Paths.length 0)}} -

    - The following list shows individual HTTP paths exposed through Envoy for external services like Prometheus. Read more about this in our documentation. -

    + {{t 'routes.dc.services.instance.exposedpaths.intro' htmlSafe=true}} -

    - There are no individual HTTP paths exposed through Envoy for external services like Prometheus. Read more about this in our documentation. -

    + {{t 'routes.dc.services.instance.exposedpaths.empty.body' htmlSafe=true}}     {{/if}} diff --git a/ui/packages/consul-ui/app/templates/dc/services/instance/upstreams.hbs b/ui/packages/consul-ui/app/templates/dc/services/instance/upstreams.hbs index 30830ca4c..c5282482f 100644 --- a/ui/packages/consul-ui/app/templates/dc/services/instance/upstreams.hbs +++ b/ui/packages/consul-ui/app/templates/dc/services/instance/upstreams.hbs @@ -53,19 +53,14 @@ as |route|> -

    - {{t "routes.dc.services.instance.upstreams.tproxy-mode.body"}} -

    + {{t "routes.dc.services.instance.upstreams.tproxy-mode.body" + htmlSafe=true + }}     -

    - - {{t "routes.dc.services.instance.upstreams.tproxy-mode.footer"}} - -

    + {{t "routes.dc.services.instance.upstreams.tproxy-mode.footer" + htmlSafe=true + }}     {{/if}} @@ -87,9 +82,10 @@ as |route|> -

    - This service has no upstreams{{#if (gt items.length 0)}} matching that search{{/if}}. -

    + {{t "routes.dc.services.instance.upstreams.empty" + items=items.length + htmlSafe=true + }}     diff --git a/ui/packages/consul-ui/app/templates/dc/services/show/instances.hbs b/ui/packages/consul-ui/app/templates/dc/services/show/instances.hbs index 5cd8d2297..7ee9df362 100644 --- a/ui/packages/consul-ui/app/templates/dc/services/show/instances.hbs +++ b/ui/packages/consul-ui/app/templates/dc/services/show/instances.hbs @@ -75,9 +75,10 @@ as |sort filters items proxyMeta|}} -

    - There are no instances{{#if (gt items.length 0)}} matching that search{{/if}}. -

    + {{t "routes.dc.services.show.instances.empty" + items=items.length + htmlSafe=true + }}     diff --git a/ui/packages/consul-ui/app/templates/dc/services/show/intentions/index.hbs b/ui/packages/consul-ui/app/templates/dc/services/show/intentions/index.hbs index 003d915f6..2b127daa3 100644 --- a/ui/packages/consul-ui/app/templates/dc/services/show/intentions/index.hbs +++ b/ui/packages/consul-ui/app/templates/dc/services/show/intentions/index.hbs @@ -94,28 +94,23 @@ as |route|> >

    - {{#if (gt items.length 0)}} - No intentions found - {{else}} - Welcome to Intentions - {{/if}} + {{t 'routes.dc.services.intentions.index.empty.header' + items=items.length + }}

    -

    - {{#if (gt items.length 0)}} - No intentions where found matching that search, or you may not have access to view the intentions you are searching for. - {{else}} - There don't seem to be any intentions, or you may not have access to view intentions yet. - {{/if}} -

    + {{t 'routes.dc.services.intentions.index.empty.body' + items=items.length + htmlSafe=true + }}
  • Documentation on intentions
  • - Read the guide + Take the tutorial
    • diff --git a/ui/packages/consul-ui/app/templates/dc/services/show/services.hbs b/ui/packages/consul-ui/app/templates/dc/services/show/services.hbs index 33d782863..04d568e8e 100644 --- a/ui/packages/consul-ui/app/templates/dc/services/show/services.hbs +++ b/ui/packages/consul-ui/app/templates/dc/services/show/services.hbs @@ -56,10 +56,6 @@ as |route|> @filter={{filters}} /> {{/if}} -

    - The following services may receive traffic from external services through this gateway. Learn more about configuring gateways in our - step-by-step guide. -

    @items={{items}} as |collection|> + {{t "routes.dc.services.show.services.intro" + htmlSafe=true + }} -

    - There are no linked services{{#if (gt items.length 0)}} matching that search{{/if}}. -

    + {{t "routes.dc.services.show.services.empty" + items=items.length + htmlSafe=true + }}     diff --git a/ui/packages/consul-ui/app/templates/dc/services/show/tags.hbs b/ui/packages/consul-ui/app/templates/dc/services/show/tags.hbs index e94891f87..5aae2f633 100644 --- a/ui/packages/consul-ui/app/templates/dc/services/show/tags.hbs +++ b/ui/packages/consul-ui/app/templates/dc/services/show/tags.hbs @@ -7,10 +7,15 @@ as |route|> {{else}} + +

    + {{t 'routes.dc.services.show.tags.empty.header'}} +

    +     -

    - There are no tags. -

    + {{t 'routes.dc.services.show.tags.empty.body' + htmlSafe=true + }}     {{/if}} diff --git a/ui/packages/consul-ui/app/templates/dc/services/show/upstreams.hbs b/ui/packages/consul-ui/app/templates/dc/services/show/upstreams.hbs index 72d86d0f7..1f4c8efbc 100644 --- a/ui/packages/consul-ui/app/templates/dc/services/show/upstreams.hbs +++ b/ui/packages/consul-ui/app/templates/dc/services/show/upstreams.hbs @@ -82,9 +82,10 @@ as |route|> -

    - There are no upstreams{{#if (gt items.length 0)}} matching that search{{/if}}. -

    + {{t "routes.dc.services.show.upstreams.empty" + items=items.length + htmlSafe=true + }}     diff --git a/ui/packages/consul-ui/translations/routes/en-us.yaml b/ui/packages/consul-ui/translations/routes/en-us.yaml index 59dd94ff1..e1b7d3559 100644 --- a/ui/packages/consul-ui/translations/routes/en-us.yaml +++ b/ui/packages/consul-ui/translations/routes/en-us.yaml @@ -18,12 +18,46 @@ dc: title: License nodes: + index: + empty: + header: | + {items, select, + 0 {Welcome to Nodes} + other {No Nodes found} + } + body: | +

    + {items, select, + 0 {There don't seem to be any registered Nodes in this Consul cluster} + other {No Nodes were found matching your search} + }, or you may not have service:read and node:read permissions access to this view. +

    show: + rtt: + title: Round Trip Time + metadata: + title: Metadata + sessions: + title: Lock Sessions + header: Welcome to Lock Sessions + body: | +

    + Consul provides a session mechanism which can be used to build distributed locks. Sessions act as a binding layer between Nodes, Health Checks, and Key/Value data. There are currently no Lock Sessions present, or you may not have key:read or session:read permissions. +

    + services: + title: Service Instances + empty: | +

    + This Node has no Service Instances{items, select, + 0 {} + other { matching that search} + }. +

    healthchecks: title: Health Checks empty: |

    - This node has no health checks{items, select, + This Node has no Health Checks{items, select, 0 {} other { matching that search} }. @@ -34,15 +68,65 @@ dc:

    This node has a failing serf node check. The health statuses shown on this page are the statuses as they were known before the node became unreachable.

    - services: - title: Service Instances - rtt: - title: Round Trip Time - sessions: - title: Lock Sessions - metadata: - title: Metadata services: + index: + empty: + header: | + {items, select, + 0 {Welcome to Services} + other {No Services found} + } + body: | +

    + {items, select, + 0 {There don't seem to be any registered services in this Consul cluster} + other {No Services were found matching your search} + }, or you may not have service:read and node:read access to this view. Use Terraform, Kubernetes CRDs, Vault, or the Consul CLI to register Services. +

    + instance: + exposedpaths: + intro: | +

    + The following list shows individual HTTP paths exposed through Envoy for external services like Prometheus. Read more about this in our documentation. +

    + + empty: + body: | +

    + There are no individual HTTP paths exposed through Envoy for external services like Prometheus. Read more about this in our documentation. +

    + healthchecks: + empty: | +

    + This instance has no health checks{items, select, + 0 {} + other { matching that search} + }. +

    + critical-serf-notice: + header: Failing serf check + body: | +

    + This instance has a failing serf node check. The health statuses shown on this page are the statuses as they were known before the node became unreachable. +

    + upstreams: + tproxy-mode: + header: Transparent proxy mode + body: | +

    + The upstreams listed on this page have been defined in a proxy registration. There may be more upstreams, though, as "transparent" mode is enabled on this proxy. +

    + footer: | +

    + Read the documentation +

    + empty: | +

    + This Service Instance has no Upstreams{items, select, + 0 {} + other { matching that search} + }. +

    show: topology: notices: @@ -87,30 +171,168 @@ dc:

    Read the documentation

    + intentions: + index: + empty: + header: | + {items, select, + 0 {Welcome to Intentions} + other {No Intentions found} + } + body: | +

    + {items, select, + 0 {There don't seem to be any Intentions in this Consul cluster} + other {No Intentions were found matching your search} + }, or you may not have intentions:read permissions access to this view. +

    + + instances: + empty: | +

    + This Service has no Instances{items, select, + 0 {} + other { matching that search} + }. +

    + services: + intro: | +

    + The following services may receive traffic from external services through this gateway. Learn more about configuring gateways in our step-by-step guide. +

    + empty: | +

    + There are no Services{items, select, + 0 {} + other { matching that search} + }. +

    + tags: + empty: + header: Welcome to Tags + body: | +

    + There are no tags for this Service. +

    upstreams: intro: |

    Upstreams are services that may receive traffic from this gateway. If you are not using Consul DNS, please make sure your Host: header uses the correct domain name for the gateway to correctly proxy to its upstreams. Learn more about configuring gateways in our documentation.

    - instance: - healthchecks: empty: |

    - This instance has no health checks{items, select, + This Service has no Upstreams{items, select, 0 {} other { matching that search} }.

    - critical-serf-notice: - header: Failing serf check - body: | -

    - This instance has a failing serf node check. The health statuses shown on this page are the statuses as they were known before the node became unreachable. -

    - upstreams: - tproxy-mode: - header: Transparent proxy mode - body: The upstreams listed on this page have been defined in a proxy registration. There may be more upstreams, though, as "transparent" mode is enabled on this proxy. - footer: Read the documentation + routing-config: source: Routing Configuration + intentions: + index: + empty: + header: | + {items, select, + 0 {Welcome to Intentions} + other {No Intentions found} + } + body: | +

    + {items, select, + 0 {There don't seem to be any Intentions in this Consul cluster} + other {No Intentions were found matching your search} + }, or you may not have intentions:read permissions access to this view. +

    + kv: + index: + empty: + header: | + {items, select, + 0 {Welcome to Key/Value} + other {No Key/Values found} + } + body: | +

    + {items, select, + 0 {There don't seem to be any K/V pairs in this Consul cluster yet} + other {No K/V pairs were found matching your search} + }, or you may not have key:read permissions access to this view. +

    + acls: + tokens: + index: + empty: + header: | + {items, select, + 0 {Welcome to Tokens} + other {No Tokens found} + } + body: | +

    + {items, select, + 0 {There don't seem to be any Tokens} + other {No Tokens were found matching your search} + }, or you may not have acl:read permissions to view Tokens yet. +

    + policies: + index: + empty: + header: | + {items, select, + 0 {Welcome to Policies} + other {No Policies found} + } + body: | +

    + {items, select, + 0 {There don't seem to be any Policies} + other {No Policies were found matching your search} + }, or you may not have acl:read permissions to view Policies yet. +

    + roles: + index: + empty: + header: | + {items, select, + 0 {Welcome to Roles} + other {No Roles found} + } + body: | +

    + {items, select, + 0 {There don't seem to be any Roles} + other {No Roles were found matching your search} + }, or you may not have acl:read permissions to view Roles yet. +

    + auth-methods: + show: + binding-rules: + empty: + header: No Binding Rules + body: | +

    + Binding rules allow an operator to express a systematic way of automatically linking roles and service identities to newly created tokens without operator intervention. +

    + nspace-rules: + empty: + header: No Namespace Rules + body: | +

    + A set of rules that can control which namespace tokens created via this auth method will be created within. Unlike binding rules, the first matching namespace rule wins. +

    + + index: + empty: + header: | + {items, select, + 0 {Welcome to Auth Methods} + other {No Auth Methods found} + } + body: | +

    + {items, select, + 0 {There don't seem to be any Auth Methods} + other {No Auth Methods were found matching your search} + }, or you may not have acl:read permissions to view Auth Methods yet. +

    From 13ab14e60c528d1b9cf48d40d46f3f9fe3787212 Mon Sep 17 00:00:00 2001 From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com> Date: Mon, 11 Apr 2022 10:49:44 -0500 Subject: [PATCH 111/785] test: use docker buildkit backend for envoy integration tests (#12726) --- test/integration/connect/envoy/run-tests.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/test/integration/connect/envoy/run-tests.sh b/test/integration/connect/envoy/run-tests.sh index db008d5a5..bd33af513 100755 --- a/test/integration/connect/envoy/run-tests.sh +++ b/test/integration/connect/envoy/run-tests.sh @@ -13,6 +13,8 @@ DEBUG=${DEBUG:-} ENVOY_VERSION=${ENVOY_VERSION:-"1.20.2"} export ENVOY_VERSION +export DOCKER_BUILDKIT=1 + if [ ! -z "$DEBUG" ] ; then set -x fi From f5a882f66c26991fdf5c63f923e9d3939dea5bcc Mon Sep 17 00:00:00 2001 From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com> Date: Mon, 11 Apr 2022 10:56:57 -0500 Subject: [PATCH 112/785] fix broken test (#12741) --- agent/discovery_chain_endpoint_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/agent/discovery_chain_endpoint_test.go b/agent/discovery_chain_endpoint_test.go index 86ef96617..b93cd45c9 100644 --- a/agent/discovery_chain_endpoint_test.go +++ b/agent/discovery_chain_endpoint_test.go @@ -282,7 +282,7 @@ func TestDiscoveryChainRead(t *testing.T) { expectTarget_DC1 := targetWithConnectTimeout( newTarget("web", "", "default", "default", "dc1"), - 33*time.Second, + 22*time.Second, ) expectTarget_DC1.MeshGateway = structs.MeshGatewayConfig{ Mode: structs.MeshGatewayModeLocal, @@ -290,7 +290,7 @@ func TestDiscoveryChainRead(t *testing.T) { expectTarget_DC2 := targetWithConnectTimeout( newTarget("web", "", "default", "default", "dc2"), - 33*time.Second, + 22*time.Second, ) expectTarget_DC2.MeshGateway = structs.MeshGatewayConfig{ Mode: structs.MeshGatewayModeLocal, From 07893afbdb30e3eb12725dd4247dab455c9d53fd Mon Sep 17 00:00:00 2001 From: David Yu Date: Mon, 11 Apr 2022 11:41:35 -0700 Subject: [PATCH 113/785] docs: Upgrade Consul K8s update link to combat matrix (#12744) --- website/content/docs/k8s/upgrade/index.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/content/docs/k8s/upgrade/index.mdx b/website/content/docs/k8s/upgrade/index.mdx index 7ce00caf3..3f119200d 100644 --- a/website/content/docs/k8s/upgrade/index.mdx +++ b/website/content/docs/k8s/upgrade/index.mdx @@ -118,7 +118,7 @@ to update to the new version. 1. Ensure you've read the [Upgrading Consul](/docs/upgrading) documentation. 1. Ensure you've read any [specific instructions](/docs/upgrading/upgrade-specific) for the version you're upgrading to and the Consul [changelog](https://github.com/hashicorp/consul/blob/main/CHANGELOG.md) for that version. -1. Read our [Compatibility Matrix](/docs/k8s/upgrade/compatibility) to ensure +1. Read our [Compatibility Matrix](/docs/k8s/installation/compatibility) to ensure your current Helm chart version supports this Consul version. If it does not, you may need to also upgrade your Helm chart version at the same time. 1. Set `global.image` in your `values.yaml` to the desired version: From 0422512ca17c4272ecdbc81bc933da50263eb912 Mon Sep 17 00:00:00 2001 From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com> Date: Mon, 11 Apr 2022 14:40:57 -0500 Subject: [PATCH 114/785] ci: upsize many slow-running circleci builds (#12742) --- .circleci/config.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index df724af17..381bc5594 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -177,6 +177,7 @@ jobs: default: "" docker: - image: *GOLANG_IMAGE + resource_class: large environment: GOTAGS: "" # No tags for OSS but there are for enterprise GOARCH: "<>" @@ -241,7 +242,7 @@ jobs: go-test-arm64: machine: image: ubuntu-2004:202101-01 - resource_class: arm.medium + resource_class: arm.large parallelism: 4 environment: <<: *ENVIRONMENT @@ -272,6 +273,7 @@ jobs: go-test: docker: - image: *GOLANG_IMAGE + resource_class: large parallelism: 4 environment: <<: *ENVIRONMENT @@ -328,6 +330,7 @@ jobs: go-test-32bit: docker: - image: *GOLANG_IMAGE + resource_class: large environment: <<: *ENVIRONMENT GOTAGS: "" # No tags for OSS but there are for enterprise @@ -401,6 +404,7 @@ jobs: build-distros: &build-distros docker: - image: *GOLANG_IMAGE + resource_class: large environment: &build-env <<: *ENVIRONMENT steps: @@ -438,6 +442,7 @@ jobs: build-arm: docker: - image: *GOLANG_IMAGE + resource_class: large environment: <<: *ENVIRONMENT CGO_ENABLED: 1 @@ -470,6 +475,7 @@ jobs: dev-build: docker: - image: *GOLANG_IMAGE + resource_class: large environment: <<: *ENVIRONMENT steps: From fd3f797dd5ec5f118250cadbbfc9c632a63a5f73 Mon Sep 17 00:00:00 2001 From: David Yu Date: Mon, 11 Apr 2022 13:51:21 -0700 Subject: [PATCH 115/785] website: redirect change consul k8s compatibility matrix link (#12751) --- website/redirects.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/redirects.js b/website/redirects.js index 3517dc5e3..3ccff92be 100644 --- a/website/redirects.js +++ b/website/redirects.js @@ -1089,7 +1089,7 @@ module.exports = [ }, { source: '/docs/compatibility', - destination: '/docs/upgrading/compatibility', + destination: '/docs/installation/compatibility', permanent: true, }, { From 1ba6678f26123988546796f325b2bf04c780cbcc Mon Sep 17 00:00:00 2001 From: David Yu Date: Mon, 11 Apr 2022 15:45:18 -0700 Subject: [PATCH 116/785] redirect.js: fixing redirect to new compatibility matrix for k8s (#12755) --- website/redirects.js | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/website/redirects.js b/website/redirects.js index 3ccff92be..ea95d1803 100644 --- a/website/redirects.js +++ b/website/redirects.js @@ -1089,7 +1089,12 @@ module.exports = [ }, { source: '/docs/compatibility', - destination: '/docs/installation/compatibility', + destination: '/docs/upgrading/compatibility', + permanent: true, + }, + { + source: '/docs/k8s/upgrade/compatibility', + destination: '/docs/k8s/installation/compatibility', permanent: true, }, { From f7edcdc6b91bc527d0f292028041294db4015dc6 Mon Sep 17 00:00:00 2001 From: Blake Covarrubias Date: Mon, 11 Apr 2022 16:05:21 -0700 Subject: [PATCH 117/785] docs: move agent/options.mdx into agent/config/index.mdx and add placeholder .mdx files for cli/files Also update nav data --- .../docs/agent/config/agent-config-cli.mdx | 0 .../docs/agent/config/agent-config-files.mdx | 0 .../docs/agent/{options.mdx => config/index.mdx} | 0 website/data/docs-nav-data.json | 15 ++++++++++++++- 4 files changed, 14 insertions(+), 1 deletion(-) create mode 100644 website/content/docs/agent/config/agent-config-cli.mdx create mode 100644 website/content/docs/agent/config/agent-config-files.mdx rename website/content/docs/agent/{options.mdx => config/index.mdx} (100%) diff --git a/website/content/docs/agent/config/agent-config-cli.mdx b/website/content/docs/agent/config/agent-config-cli.mdx new file mode 100644 index 000000000..e69de29bb diff --git a/website/content/docs/agent/config/agent-config-files.mdx b/website/content/docs/agent/config/agent-config-files.mdx new file mode 100644 index 000000000..e69de29bb diff --git a/website/content/docs/agent/options.mdx b/website/content/docs/agent/config/index.mdx similarity index 100% rename from website/content/docs/agent/options.mdx rename to website/content/docs/agent/config/index.mdx diff --git a/website/data/docs-nav-data.json b/website/data/docs-nav-data.json index d8cf955f1..f23305dbb 100644 --- a/website/data/docs-nav-data.json +++ b/website/data/docs-nav-data.json @@ -888,7 +888,20 @@ }, { "title": "Configuration", - "path": "agent/options" + "routes": [ + { + "title": "General", + "path": "agent/config" + }, + { + "title": "CLI Reference", + "path": "agent/config/agent-config-cli" + }, + { + "title": "Configuration Reference", + "path": "agent/config/agent-config-files" + } + ] }, { "title": "Configuration Entries", From 84123368db01c8af2f8fa4df3d1c512a6e55f8d9 Mon Sep 17 00:00:00 2001 From: Blake Covarrubias Date: Mon, 11 Apr 2022 16:05:48 -0700 Subject: [PATCH 118/785] docs: move cli content from agent/config/index to agent/config/agent-config-cli And add sections for logical groupings of options --- .../docs/agent/config/agent-config-cli.mdx | 517 ++++++++++++++++ website/content/docs/agent/config/index.mdx | 550 +----------------- 2 files changed, 518 insertions(+), 549 deletions(-) diff --git a/website/content/docs/agent/config/agent-config-cli.mdx b/website/content/docs/agent/config/agent-config-cli.mdx index e69de29bb..ff19b147f 100644 --- a/website/content/docs/agent/config/agent-config-cli.mdx +++ b/website/content/docs/agent/config/agent-config-cli.mdx @@ -0,0 +1,517 @@ +--- +layout: docs +page_title: Consul Agent CLI Reference +description: >- + This topic describes the supported options for configuring Consul agents on the command line. +--- + +# Command-line Options ((#commandline_options)) + +-> **Note:** Some CLI arguments may be different from HCL keys. See [Configuration Key Reference](#config_key_reference) for equivalent HCL Keys. + +The options below are all specified on the command-line. + +## Environment Variables + +Environment variables **cannot** be used to configure the Consul client. They +_can_ be used when running other `consul` CLI commands that connect with a +running agent, e.g. `CONSUL_HTTP_ADDR=192.168.0.1:8500 consul members`. + +See [Consul Commands](/docs/commands#environment-variables) for more +information. + +## General + +- `-check_output_max_size` - Override the default + limit of 4k for maximum size of checks, this is a positive value. By limiting this + size, it allows to put less pressure on Consul servers when many checks are having + a very large output in their checks. In order to completely disable check output + capture, it is possible to use [`discard_check_output`](#discard_check_output). + +- `-client` ((#\_client)) - The address to which Consul will bind client + interfaces, including the HTTP and DNS servers. By default, this is "127.0.0.1", + allowing only loopback connections. In Consul 1.0 and later this can be set to + a space-separated list of addresses to bind to, or a [go-sockaddr] + template that can potentially resolve to multiple addresses. + +- `-data-dir` ((#\_data_dir)) - This flag provides a data directory for + the agent to store state. This is required for all agents. The directory should + be durable across reboots. This is especially critical for agents that are running + in server mode as they must be able to persist cluster state. Additionally, the + directory must support the use of filesystem locking, meaning some types of mounted + folders (e.g. VirtualBox shared folders) may not be suitable. + + **Note:** both server and non-server agents may store ACL tokens in the state in this directory so read access may grant access to any tokens on servers and to any tokens used during service registration on non-servers. On Unix-based platforms the files are written with 0600 permissions so you should ensure only trusted processes can execute as the same user as Consul. On Windows, you should ensure the directory has suitable permissions configured as these will be inherited. + +- `-datacenter` ((#\_datacenter)) - This flag controls the datacenter in + which the agent is running. If not provided, it defaults to "dc1". Consul has first-class + support for multiple datacenters, but it relies on proper configuration. Nodes + in the same datacenter should be on a single LAN. + +- `-dev` ((#\_dev)) - Enable development server mode. This is useful for + quickly starting a Consul agent with all persistence options turned off, enabling + an in-memory server which can be used for rapid prototyping or developing against + the API. In this mode, [Connect is enabled](/docs/connect/configuration) and + will by default create a new root CA certificate on startup. This mode is **not** + intended for production use as it does not write any data to disk. The gRPC port + is also defaulted to `8502` in this mode. + +- `-disable-host-node-id` ((#\_disable_host_node_id)) - Setting this to + true will prevent Consul from using information from the host to generate a deterministic + node ID, and will instead generate a random node ID which will be persisted in + the data directory. This is useful when running multiple Consul agents on the same + host for testing. This defaults to false in Consul prior to version 0.8.5 and in + 0.8.5 and later defaults to true, so you must opt-in for host-based IDs. Host-based + IDs are generated using [gopsutil](https://github.com/shirou/gopsutil/tree/master/v3/host), which + is shared with HashiCorp's [Nomad](https://www.nomadproject.io/), so if you opt-in + to host-based IDs then Consul and Nomad will use information on the host to automatically + assign the same ID in both systems. + +- `-disable-keyring-file` ((#\_disable_keyring_file)) - If set, the keyring + will not be persisted to a file. Any installed keys will be lost on shutdown, and + only the given `-encrypt` key will be available on startup. This defaults to false. + +- `-enable-script-checks` ((#\_enable_script_checks)) This controls whether + [health checks that execute scripts](/docs/agent/checks) are enabled on this + agent, and defaults to `false` so operators must opt-in to allowing these. This + was added in Consul 0.9.0. + + ~> **Security Warning:** Enabling script checks in some configurations may + introduce a remote execution vulnerability which is known to be targeted by + malware. We strongly recommend `-enable-local-script-checks` instead. See [this + blog post](https://www.hashicorp.com/blog/protecting-consul-from-rce-risk-in-specific-configurations) + for more details. + +- `-enable-local-script-checks` ((#\_enable_local_script_checks)) + Like [`enable_script_checks`](#_enable_script_checks), but only enable them when + they are defined in the local configuration files. Script checks defined in HTTP + API registrations will still not be allowed. + + +- `-encrypt` ((#\_encrypt)) - Specifies the secret key to use for encryption + of Consul network traffic. This key must be 32-bytes that are Base64-encoded. The + easiest way to create an encryption key is to use [`consul keygen`](/commands/keygen). + All nodes within a cluster must share the same encryption key to communicate. The + provided key is automatically persisted to the data directory and loaded automatically + whenever the agent is restarted. This means that to encrypt Consul's gossip protocol, + this option only needs to be provided once on each agent's initial startup sequence. + If it is provided after Consul has been initialized with an encryption key, then + the provided key is ignored and a warning will be displayed. + +- `-grpc-port` ((#\_grpc_port)) - the gRPC API port to listen on. Default + -1 (gRPC disabled). See [ports](#ports) documentation for more detail. + +- `-hcl` ((#\_hcl)) - A HCL configuration fragment. This HCL configuration + fragment is appended to the configuration and allows to specify the full range + of options of a config file on the command line. This option can be specified multiple + times. This was added in Consul 1.0. + +- `-http-port` ((#\_http_port)) - the HTTP API port to listen on. This overrides + the default port 8500. This option is very useful when deploying Consul to an environment + which communicates the HTTP port through the environment e.g. PaaS like CloudFoundry, + allowing you to set the port directly via a Procfile. + +- `-https-port` ((#\_https_port)) - the HTTPS API port to listen on. Default + -1 (https disabled). See [ports](#ports) documentation for more detail. + +- `-default-query-time` ((#\_default_query_time)) - This flag controls the + amount of time a blocking query will wait before Consul will force a response. + This value can be overridden by the `wait` query parameter. Note that Consul applies + some jitter on top of this time. Defaults to 300s. + +- `-max-query-time` ((#\_max_query_time)) - this flag controls the maximum + amount of time a blocking query can wait before Consul will force a response. Consul + applies jitter to the wait time. The jittered time will be capped to this time. + Defaults to 600s. + +- `-pid-file` ((#\_pid_file)) - This flag provides the file path for the + agent to store its PID. This is useful for sending signals (for example, `SIGINT` + to close the agent or `SIGHUP` to update check definitions) to the agent. + +- `-protocol` ((#\_protocol)) - The Consul protocol version to use. Consul + agents speak protocol 2 by default, however agents will automatically use protocol > 2 when speaking to compatible agents. This should be set only when [upgrading](/docs/upgrading). You can view the protocol versions supported by Consul by running `consul -v`. + +- `-raft-protocol` ((#\_raft_protocol)) - This controls the internal version + of the Raft consensus protocol used for server communications. This must be set + to 3 in order to gain access to Autopilot features, with the exception of [`cleanup_dead_servers`](#cleanup_dead_servers). Defaults to 3 in Consul 1.0.0 and later (defaulted to 2 previously). See [Raft Protocol Version Compatibility](/docs/upgrade-specific#raft-protocol-version-compatibility) for more details. + +- `-segment` ((#\_segment)) - This flag is used to set + the name of the network segment the agent belongs to. An agent can only join and + communicate with other agents within its network segment. Ensure the [join + operation uses the correct port for this segment](/docs/enterprise/network-segments#join_a_client_to_a_segment). + Review the [Network Segments documentation](/docs/enterprise/network-segments) + for more details. By default, this is an empty string, which is the `` + network segment. + + ~> **Warning:** The `segment` flag cannot be used with the [`partition`](#partition-1) option. + +## Advertise Address Options + +- `-advertise` ((#\_advertise)) - The advertise address is used to change + the address that we advertise to other nodes in the cluster. By default, the [`-bind`](#_bind) + address is advertised. However, in some cases, there may be a routable address + that cannot be bound. This flag enables gossiping a different address to support + this. If this address is not routable, the node will be in a constant flapping + state as other nodes will treat the non-routability as a failure. In Consul 1.1.0 and later this can be dynamically defined with a [go-sockaddr] + template that is resolved at runtime. + +- `-advertise-wan` ((#\_advertise-wan)) - The advertise WAN address is used + to change the address that we advertise to server nodes joining through the WAN. + This can also be set on client agents when used in combination with the [`translate_wan_addrs`](#translate_wan_addrs) configuration option. By default, the [`-advertise`](#_advertise) address + is advertised. However, in some cases all members of all datacenters cannot be + on the same physical or virtual network, especially on hybrid setups mixing cloud + and private datacenters. This flag enables server nodes gossiping through the public + network for the WAN while using private VLANs for gossiping to each other and their + client agents, and it allows client agents to be reached at this address when being + accessed from a remote datacenter if the remote datacenter is configured with [`translate_wan_addrs`](#translate_wan_addrs). In Consul 1.1.0 and later this can be dynamically defined with a [go-sockaddr] + template that is resolved at runtime. + +## Bind Options + +- `-bind` ((#\_bind)) - The address that should be bound to for internal + cluster communications. This is an IP address that should be reachable by all other + nodes in the cluster. By default, this is "0.0.0.0", meaning Consul will bind to + all addresses on the local machine and will [advertise](/docs/agent/options#_advertise) + the private IPv4 address to the rest of the cluster. If there are multiple private + IPv4 addresses available, Consul will exit with an error at startup. If you specify + `"[::]"`, Consul will [advertise](/docs/agent/options#_advertise) the public + IPv6 address. If there are multiple public IPv6 addresses available, Consul will + exit with an error at startup. Consul uses both TCP and UDP and the same port for + both. If you have any firewalls, be sure to allow both protocols. In Consul 1.1.0 and later this can be dynamically defined with a [go-sockaddr] + template that must resolve at runtime to a single address. Some example templates: + + ```shell + # Using address within a specific CIDR + $ consul agent -bind '{{ GetPrivateInterfaces | include "network" "10.0.0.0/8" | attr "address" }}' + ``` + + ```shell + # Using a static network interface name + $ consul agent -bind '{{ GetInterfaceIP "eth0" }}' + ``` + + ```shell + # Using regular expression matching for network interface name that is forwardable and up + $ consul agent -bind '{{ GetAllInterfaces | include "name" "^eth" | include "flags" "forwardable|up" | attr "address" }}' + ``` + +- `-serf-wan-bind` ((#\_serf_wan_bind)) - The address that should be bound + to for Serf WAN gossip communications. By default, the value follows the same rules + as [`-bind` command-line flag](#_bind), and if this is not specified, the `-bind` + option is used. This is available in Consul 0.7.1 and later. In Consul 1.1.0 and later this can be dynamically defined with a [go-sockaddr] + template that is resolved at runtime. + +- `-serf-lan-bind` ((#\_serf_lan_bind)) - The address that should be bound + to for Serf LAN gossip communications. This is an IP address that should be reachable + by all other LAN nodes in the cluster. By default, the value follows the same rules + as [`-bind` command-line flag](#_bind), and if this is not specified, the `-bind` + option is used. This is available in Consul 0.7.1 and later. In Consul 1.1.0 and later this can be dynamically defined with a [go-sockaddr] + template that is resolved at runtime. + +## Bootstrap Options + +- `-bootstrap` ((#\_bootstrap)) - This flag is used to control if a server + is in "bootstrap" mode. It is important that no more than one server **per** datacenter + be running in this mode. Technically, a server in bootstrap mode is allowed to + self-elect as the Raft leader. It is important that only a single node is in this + mode; otherwise, consistency cannot be guaranteed as multiple nodes are able to + self-elect. It is not recommended to use this flag after a cluster has been bootstrapped. + +- `-bootstrap-expect` ((#\_bootstrap_expect)) - This flag provides the number + of expected servers in the datacenter. Either this value should not be provided + or the value must agree with other servers in the cluster. When provided, Consul + waits until the specified number of servers are available and then bootstraps the + cluster. This allows an initial leader to be elected automatically. This cannot + be used in conjunction with the legacy [`-bootstrap`](#_bootstrap) flag. This flag + requires [`-server`](#_server) mode. + +## Configuration File Options + +- `-config-file` ((#\_config_file)) - A configuration file to load. For + more information on the format of this file, read the [Configuration Files](#configuration_files) + section. This option can be specified multiple times to load multiple configuration + files. If it is specified multiple times, configuration files loaded later will + merge with configuration files loaded earlier. During a config merge, single-value + keys (string, int, bool) will simply have their values replaced while list types + will be appended together. + +- `-config-dir` ((#\_config_dir)) - A directory of configuration files to + load. Consul will load all files in this directory with the suffix ".json" or ".hcl". + The load order is alphabetical, and the the same merge routine is used as with + the [`config-file`](#_config_file) option above. This option can be specified multiple + times to load multiple directories. Sub-directories of the config directory are + not loaded. For more information on the format of the configuration files, see + the [Configuration Files](#configuration_files) section. + +- `-config-format` ((#\_config_format)) - The format of the configuration + files to load. Normally, Consul detects the format of the config files from the + ".json" or ".hcl" extension. Setting this option to either "json" or "hcl" forces + Consul to interpret any file with or without extension to be interpreted in that + format. + +## DNS and Domain Options + +- `-dns-port` ((#\_dns_port)) - the DNS port to listen on. This overrides + the default port 8600. This is available in Consul 0.7 and later. + +- `-domain` ((#\_domain)) - By default, Consul responds to DNS queries in + the "consul." domain. This flag can be used to change that domain. All queries + in this domain are assumed to be handled by Consul and will not be recursively + resolved. + +- `-alt-domain` ((#\_alt_domain)) - This flag allows Consul to respond to + DNS queries in an alternate domain, in addition to the primary domain. If unset, + no alternate domain is used. + + In Consul 1.10.4 and later, Consul DNS responses will use the same domain as in the query (`-domain` or `-alt-domain`) where applicable. + PTR query responses will always use `-domain`, since the desired domain cannot be included in the query. + +- `-recursor` ((#\_recursor)) - Specifies the address of an upstream DNS + server. This option may be provided multiple times, and is functionally equivalent + to the [`recursors` configuration option](#recursors). + +## Join Options + +- `-join` ((#\_join)) - Address of another agent to join upon starting up. + This can be specified multiple times to specify multiple agents to join. If Consul + is unable to join with any of the specified addresses, agent startup will fail. + By default, the agent won't join any nodes when it starts up. Note that using [`retry_join`](#retry_join) could be more appropriate to help mitigate node startup race conditions when automating + a Consul cluster deployment. + + In Consul 1.1.0 and later this can be dynamically defined with a + [go-sockaddr] + template that is resolved at runtime. + + If using Enterprise network segments, see [additional documentation on + joining a client to a segment](/docs/enterprise/network-segments#join_a_client_to_a_segment). + +- `-retry-join` ((#\_retry_join)) - Similar to [`-join`](#_join) but allows retrying a join until + it is successful. Once it joins successfully to a member in a list of members + it will never attempt to join again. Agents will then solely maintain their + membership via gossip. This is useful for cases where you know the address will + eventually be available. This option can be specified multiple times to + specify multiple agents to join. The value can contain IPv4, IPv6, or DNS + addresses. IPv6 must use the "bracketed" syntax. If multiple values + are given, they are tried and retried in the order listed until the first + succeeds. + + In Consul 1.1.0 and later this can be dynamically defined with a + [go-sockaddr] + template that is resolved at runtime. + + If Consul is running on the non-default Serf LAN port, the port must + be specified in the join address, or configured as the agent's default Serf port + using the [`ports.serf_lan`](#serf_lan_port) configuration option or + [`-serf-lan-port`](#_serf_lan_port) command line flag. + + If using network segments (Enterprise), see [additional documentation on + joining a client to a segment](/docs/enterprise/network-segments#join_a_client_to_a_segment). + + Here are some examples of using `-retry-join`: + + ```shell + # Using a DNS entry + $ consul agent -retry-join "consul.domain.internal" + ``` + + ```shell + # Using IPv4 + $ consul agent -retry-join "10.0.4.67" + ``` + + ```shell + # Using a non-default Serf LAN port + $ consul agent -retry-join "192.0.2.10:8304" + ``` + + ```shell + # Using IPv6 + $ consul agent -retry-join "[::1]:8301" + ``` + + ```shell + # Using multiple addresses + $ consul agent -retry-join "consul.domain.internal" -retry-join "10.0.4.67" + ``` + + ### Cloud Auto-Joining + + As of Consul 0.9.1, `retry-join` accepts a unified interface using the + [go-discover](https://github.com/hashicorp/go-discover) library for doing + automatic cluster joining using cloud metadata. For more information, see + the [Cloud Auto-join page](/docs/agent/cloud-auto-join). + + ```shell + # Using Cloud Auto-Joining + $ consul agent -retry-join "provider=aws tag_key=..." + ``` + +- `-retry-interval` ((#\_retry_interval)) - Time to wait between join attempts. + Defaults to 30s. + +- `-retry-max` ((#\_retry_max)) - The maximum number of [`-join`](#_join) + attempts to be made before exiting with return code 1. By default, this is set + to 0 which is interpreted as infinite retries. + +- `-join-wan` ((#\_join_wan)) - Address of another wan agent to join upon + starting up. This can be specified multiple times to specify multiple WAN agents + to join. If Consul is unable to join with any of the specified addresses, agent + startup will fail. By default, the agent won't [`-join-wan`](#_join_wan) any nodes + when it starts up. + + In Consul 1.1.0 and later this can be dynamically defined with a [go-sockaddr] + template that is resolved at runtime. + +- `-retry-join-wan` ((#\_retry_join_wan)) - Similar to [`retry-join`](#_retry_join) + but allows retrying a wan join if the first attempt fails. This is useful for cases + where we know the address will become available eventually. As of Consul 0.9.3 + [Cloud Auto-Joining](#cloud-auto-joining) is supported as well. + + In Consul 1.1.0 and later this can be dynamically defined with a [go-sockaddr] + template that is resolved at runtime. + +- `-primary-gateway` ((#\_primary_gateway)) - Similar to [`retry-join-wan`](#_retry_join_wan) + but allows retrying discovery of fallback addresses for the mesh gateways in the + primary datacenter if the first attempt fails. This is useful for cases where we + know the address will become available eventually. [Cloud Auto-Joining](#cloud-auto-joining) + is supported as well as [go-sockaddr] + templates. This was added in Consul 1.8.0. + +- `-retry-interval-wan` ((#\_retry_interval_wan)) - Time to wait between + [`-join-wan`](#_join_wan) attempts. Defaults to 30s. + +- `-retry-max-wan` ((#\_retry_max_wan)) - The maximum number of [`-join-wan`](#_join_wan) + attempts to be made before exiting with return code 1. By default, this is set + to 0 which is interpreted as infinite retries. + +- `-rejoin` ((#\_rejoin)) - When provided, Consul will ignore a previous + leave and attempt to rejoin the cluster when starting. By default, Consul treats + leave as a permanent intent and does not attempt to join the cluster again when + starting. This flag allows the previous state to be used to rejoin the cluster. + +## Log Options + +- `-log-file` ((#\_log_file)) - writes all the Consul agent log messages + to a file. This value is used as a prefix for the log file name. The current timestamp + is appended to the file name. If the value ends in a path separator, `consul-` + will be appended to the value. If the file name is missing an extension, `.log` + is appended. For example, setting `log-file` to `/var/log/` would result in a log + file path of `/var/log/consul-{timestamp}.log`. `log-file` can be combined with + [`-log-rotate-bytes`](#_log_rotate_bytes) and [-log-rotate-duration](#_log_rotate_duration) + for a fine-grained log rotation experience. + +- `-log-rotate-bytes` ((#\_log_rotate_bytes)) - to specify the number of + bytes that should be written to a log before it needs to be rotated. Unless specified, + there is no limit to the number of bytes that can be written to a log file. + +- `-log-rotate-duration` ((#\_log_rotate_duration)) - to specify the maximum + duration a log should be written to before it needs to be rotated. Must be a duration + value such as 30s. Defaults to 24h. + +- `-log-rotate-max-files` ((#\_log_rotate_max_files)) - to specify the maximum + number of older log file archives to keep. Defaults to 0 (no files are ever deleted). + Set to -1 to discard old log files when a new one is created. + +- `-log-level` ((#\_log_level)) - The level of logging to show after the + Consul agent has started. This defaults to "info". The available log levels are + "trace", "debug", "info", "warn", and "err". You can always connect to an agent + via [`consul monitor`](/commands/monitor) and use any log level. Also, + the log level can be changed during a config reload. + +- `-log-json` ((#\_log_json)) - This flag enables the agent to output logs + in a JSON format. By default this is false. + +- `-syslog` ((#\_syslog)) - This flag enables logging to syslog. This is + only supported on Linux and OSX. It will result in an error if provided on Windows. + +## Node Options + +- `-node` ((#\_node)) - The name of this node in the cluster. This must + be unique within the cluster. By default this is the hostname of the machine. + +- `-node-id` ((#\_node_id)) - Available in Consul 0.7.3 and later, this + is a unique identifier for this node across all time, even if the name of the node + or address changes. This must be in the form of a hex string, 36 characters long, + such as `adf4238a-882b-9ddc-4a9d-5b6758e4159e`. If this isn't supplied, which is + the most common case, then the agent will generate an identifier at startup and + persist it in the [data directory](#_data_dir) so that it will remain the same + across agent restarts. Information from the host will be used to generate a deterministic + node ID if possible, unless [`-disable-host-node-id`](#_disable_host_node_id) is + set to true. + +- `-node-meta` ((#\_node_meta)) - Available in Consul 0.7.3 and later, this + specifies an arbitrary metadata key/value pair to associate with the node, of the + form `key:value`. This can be specified multiple times. Node metadata pairs have + the following restrictions: + + - A maximum of 64 key/value pairs can be registered per node. + - Metadata keys must be between 1 and 128 characters (inclusive) in length + - Metadata keys must contain only alphanumeric, `-`, and `_` characters. + - Metadata keys must not begin with the `consul-` prefix; that is reserved for internal use by Consul. + - Metadata values must be between 0 and 512 (inclusive) characters in length. + - Metadata values for keys beginning with `rfc1035-` are encoded verbatim in DNS TXT requests, otherwise + the metadata kv-pair is encoded according [RFC1464](https://www.ietf.org/rfc/rfc1464.txt). + +## Serf Options + +- `-serf-lan-allowed-cidrs` ((#\_serf_lan_allowed_cidrs)) - The Serf LAN allowed CIDRs allow to accept incoming + connections for Serf only from several networks (multiple values are supported). + Those networks are specified with CIDR notation (eg: 192.168.1.0/24). + This is available in Consul 1.8 and later. + +- `-serf-lan-port` ((#\_serf_lan_port)) - the Serf LAN port to listen on. + This overrides the default Serf LAN port 8301. This is available in Consul 1.2.2 + and later. + +- `-serf-wan-allowed-cidrs` ((#\_serf_wan_allowed_cidrs)) - The Serf WAN allowed CIDRs allow to accept incoming + connections for Serf only from several networks (multiple values are supported). + Those networks are specified with CIDR notation (eg: 192.168.1.0/24). + This is available in Consul 1.8 and later. + +- `-serf-wan-port` ((#\_serf_wan_port)) - the Serf WAN port to listen on. + This overrides the default Serf WAN port 8302. This is available in Consul 1.2.2 + and later. + +## Server Options + +- `-server` ((#\_server)) - This flag is used to control if an agent is + in server or client mode. When provided, an agent will act as a Consul server. + Each Consul cluster must have at least one server and ideally no more than 5 per + datacenter. All servers participate in the Raft consensus algorithm to ensure that + transactions occur in a consistent, linearizable manner. Transactions modify cluster + state, which is maintained on all server nodes to ensure availability in the case + of node failure. Server nodes also participate in a WAN gossip pool with server + nodes in other datacenters. Servers act as gateways to other datacenters and forward + traffic as appropriate. + +- `-server-port` ((#\_server_port)) - the server RPC port to listen on. + This overrides the default server RPC port 8300. This is available in Consul 1.2.2 + and later. + +- `-non-voting-server` ((#\_non_voting_server)) - **This field + is deprecated in Consul 1.9.1. See the [`-read-replica`](#_read_replica) flag instead.** + +- `-read-replica` ((#\_read_replica)) - This + flag is used to make the server not participate in the Raft quorum, and have it + only receive the data replication stream. This can be used to add read scalability + to a cluster in cases where a high volume of reads to servers are needed. + +## UI Options + +- `-ui` ((#\_ui)) - Enables the built-in web UI server and the required + HTTP routes. This eliminates the need to maintain the Consul web UI files separately + from the binary. + +- `-ui-dir` ((#\_ui_dir)) - This flag provides the directory containing + the Web UI resources for Consul. This will automatically enable the Web UI. The + directory must be readable to the agent. Starting with Consul version 0.7.0 and + later, the Web UI assets are included in the binary so this flag is no longer necessary; + specifying only the `-ui` flag is enough to enable the Web UI. Specifying both + the '-ui' and '-ui-dir' flags will result in an error. + + +- `-ui-content-path` ((#\_ui\_content\_path)) - This flag provides the option + to change the path the Consul UI loads from and will be displayed in the browser. + By default, the path is `/ui/`, for example `http://localhost:8500/ui/`. Only alphanumerics, + `-`, and `_` are allowed in a custom path.`/v1/` is not allowed as it would overwrite + the API endpoint. \ No newline at end of file diff --git a/website/content/docs/agent/config/index.mdx b/website/content/docs/agent/config/index.mdx index 19cc786e9..064165879 100644 --- a/website/content/docs/agent/config/index.mdx +++ b/website/content/docs/agent/config/index.mdx @@ -43,554 +43,6 @@ You can test the following configuration options by following the [Getting Started](https://learn.hashicorp.com/tutorials/consul/get-started-install?utm_source=consul.io&utm_medium=docs) tutorials to install a local agent. -## Environment Variables - -Environment variables **cannot** be used to configure the Consul client. They -_can_ be used when running other `consul` CLI commands that connect with a -running agent, e.g. `CONSUL_HTTP_ADDR=192.168.0.1:8500 consul members`. - -See [Consul Commands](/commands#environment-variables) for more -information. - -## Command-line Options ((#commandline_options)) - --> **Note:** Some CLI arguments may be different from HCL keys. See [Configuration Key Reference](#config_key_reference) for equivalent HCL Keys. - -The agent configuration options below are all specified on the command-line. - -- `-advertise` ((#\_advertise)) - The advertise address is used to change - the address that we advertise to other nodes in the cluster. By default, the [`-bind`](#_bind) - address is advertised. However, in some cases, there may be a routable address - that cannot be bound. This flag enables gossiping a different address to support - this. If this address is not routable, the node will be in a constant flapping - state as other nodes will treat the non-routability as a failure. In Consul 1.1.0 and later this can be dynamically defined with a [go-sockaddr] - template that is resolved at runtime. - - - - ```shell-session - $ consul agent -advertise '{{ GetInterfaceIP "eth0" }}' - ``` - - - -- `-advertise-wan` ((#\_advertise-wan)) - The advertise WAN address is used - to change the address that we advertise to server nodes joining through the WAN. - This can also be set on client agents when used in combination with the [`translate_wan_addrs`](#translate_wan_addrs) configuration option. By default, the [`-advertise`](#_advertise) address - is advertised. However, in some cases all members of all datacenters cannot be - on the same physical or virtual network, especially on hybrid setups mixing cloud - and private datacenters. This flag enables server nodes gossiping through the public - network for the WAN while using private VLANs for gossiping to each other and their - client agents, and it allows client agents to be reached at this address when being - accessed from a remote datacenter if the remote datacenter is configured with [`translate_wan_addrs`](#translate_wan_addrs). In Consul 1.1.0 and later this can be dynamically defined with a [go-sockaddr] - template that is resolved at runtime. - -- `-bootstrap` ((#\_bootstrap)) - This flag is used to control if a server - is in "bootstrap" mode. It is important that no more than one server **per** datacenter - be running in this mode. Technically, a server in bootstrap mode is allowed to - self-elect as the Raft leader. It is important that only a single node is in this - mode; otherwise, consistency cannot be guaranteed as multiple nodes are able to - self-elect. It is not recommended to use this flag after a cluster has been bootstrapped. - -- `-bootstrap-expect` ((#\_bootstrap_expect)) - This flag provides the number - of expected servers in the datacenter. Either this value should not be provided - or the value must agree with other servers in the cluster. When provided, Consul - waits until the specified number of servers are available and then bootstraps the - cluster. This allows an initial leader to be elected automatically. This cannot - be used in conjunction with the legacy [`-bootstrap`](#_bootstrap) flag. This flag - requires [`-server`](#_server) mode. - -- `-bind` ((#\_bind)) - The address that should be bound to for internal - cluster communications. This is an IP address that should be reachable by all other - nodes in the cluster. By default, this is "0.0.0.0", meaning Consul will bind to - all addresses on the local machine and will [advertise](/docs/agent/options#_advertise) - the private IPv4 address to the rest of the cluster. If there are multiple private - IPv4 addresses available, Consul will exit with an error at startup. If you specify - `"[::]"`, Consul will [advertise](/docs/agent/options#_advertise) the public - IPv6 address. If there are multiple public IPv6 addresses available, Consul will - exit with an error at startup. Consul uses both TCP and UDP and the same port for - both. If you have any firewalls, be sure to allow both protocols. In Consul 1.1.0 and later this can be dynamically defined with a [go-sockaddr] - template that must resolve at runtime to a single address. Some example templates: - - - - ```shell-session - $ consul agent -bind '{{ GetPrivateInterfaces | include "network" "10.0.0.0/8" | attr "address" }}' - ``` - - - - - - ```shell-session - $ consul agent -bind '{{ GetInterfaceIP "eth0" }}' - ``` - - - - - - ```shell-session - $ consul agent -bind '{{ GetAllInterfaces | include "name" "^eth" | include "flags" "forwardable|up" | attr "address" }}' - ``` - - - -- `-serf-wan-bind` ((#\_serf_wan_bind)) - The address that should be bound - to for Serf WAN gossip communications. By default, the value follows the same rules - as [`-bind` command-line flag](#_bind), and if this is not specified, the `-bind` - option is used. This is available in Consul 0.7.1 and later. In Consul 1.1.0 and later this can be dynamically defined with a [go-sockaddr] - template that is resolved at runtime. - -- `-serf-lan-bind` ((#\_serf_lan_bind)) - The address that should be bound - to for Serf LAN gossip communications. This is an IP address that should be reachable - by all other LAN nodes in the cluster. By default, the value follows the same rules - as [`-bind` command-line flag](#_bind), and if this is not specified, the `-bind` - option is used. This is available in Consul 0.7.1 and later. In Consul 1.1.0 and later this can be dynamically defined with a [go-sockaddr] - template that is resolved at runtime. - -- `-check_output_max_size` - Override the default - limit of 4k for maximum size of checks, this is a positive value. By limiting this - size, it allows to put less pressure on Consul servers when many checks are having - a very large output in their checks. In order to completely disable check output - capture, it is possible to use [`discard_check_output`](#discard_check_output). - -- `-client` ((#\_client)) - The address to which Consul will bind client - interfaces, including the HTTP, HTTPS, gRPC and DNS servers. By default, this is "127.0.0.1", - allowing only loopback connections. In Consul 1.0 and later this can be set to - a space-separated list of addresses to bind to, or a [go-sockaddr] - template that can potentially resolve to multiple addresses. - - - - ```shell - $ consul agent -dev -client '{{ GetPrivateInterfaces | exclude "type" "ipv6" | join "address" " " }}' - ``` - - - - - - ```shell - $ consul agent -dev -client '{{ GetPrivateInterfaces | join "address" " " }} {{ GetAllInterfaces | include "flags" "loopback" | join "address" " " }}' - ``` - - - - - - ```shell - $ consul agent -dev -client '{{ GetPrivateInterfaces | exclude "name" "br.*" | join "address" " " }}' - ``` - - - -- `-config-file` ((#\_config_file)) - A configuration file to load. For - more information on the format of this file, read the [Configuration Files](#configuration_files) - section. This option can be specified multiple times to load multiple configuration - files. If it is specified multiple times, configuration files loaded later will - merge with configuration files loaded earlier. During a config merge, single-value - keys (string, int, bool) will simply have their values replaced while list types - will be appended together. - -- `-config-dir` ((#\_config_dir)) - A directory of configuration files to - load. Consul will load all files in this directory with the suffix ".json" or ".hcl". - The load order is alphabetical, and the the same merge routine is used as with - the [`config-file`](#_config_file) option above. This option can be specified multiple - times to load multiple directories. Sub-directories of the config directory are - not loaded. For more information on the format of the configuration files, see - the [Configuration Files](#configuration_files) section. - -- `-config-format` ((#\_config_format)) - The format of the configuration - files to load. Normally, Consul detects the format of the config files from the - ".json" or ".hcl" extension. Setting this option to either "json" or "hcl" forces - Consul to interpret any file with or without extension to be interpreted in that - format. - -- `-data-dir` ((#\_data_dir)) - This flag provides a data directory for - the agent to store state. This is required for all agents. The directory should - be durable across reboots. This is especially critical for agents that are running - in server mode as they must be able to persist cluster state. Additionally, the - directory must support the use of filesystem locking, meaning some types of mounted - folders (e.g. VirtualBox shared folders) may not be suitable. - - **Note:** both server and non-server agents may store ACL tokens in the state in this directory so read access may grant access to any tokens on servers and to any tokens used during service registration on non-servers. On Unix-based platforms the files are written with 0600 permissions so you should ensure only trusted processes can execute as the same user as Consul. On Windows, you should ensure the directory has suitable permissions configured as these will be inherited. - -- `-datacenter` ((#\_datacenter)) - This flag controls the datacenter in - which the agent is running. If not provided, it defaults to "dc1". Consul has first-class - support for multiple datacenters, but it relies on proper configuration. Nodes - in the same datacenter should be on a single LAN. - -- `-dev` ((#\_dev)) - Enable development server mode. This is useful for - quickly starting a Consul agent with all persistence options turned off, enabling - an in-memory server which can be used for rapid prototyping or developing against - the API. In this mode, [Connect is enabled](/docs/connect/configuration) and - will by default create a new root CA certificate on startup. This mode is **not** - intended for production use as it does not write any data to disk. The gRPC port - is also defaulted to `8502` in this mode. - -- `-disable-host-node-id` ((#\_disable_host_node_id)) - Setting this to - true will prevent Consul from using information from the host to generate a deterministic - node ID, and will instead generate a random node ID which will be persisted in - the data directory. This is useful when running multiple Consul agents on the same - host for testing. This defaults to false in Consul prior to version 0.8.5 and in - 0.8.5 and later defaults to true, so you must opt-in for host-based IDs. Host-based - IDs are generated using [gopsutil](https://github.com/shirou/gopsutil/tree/master/v3/host), which - is shared with HashiCorp's [Nomad](https://www.nomadproject.io/), so if you opt-in - to host-based IDs then Consul and Nomad will use information on the host to automatically - assign the same ID in both systems. - -- `-disable-keyring-file` ((#\_disable_keyring_file)) - If set, the keyring - will not be persisted to a file. Any installed keys will be lost on shutdown, and - only the given `-encrypt` key will be available on startup. This defaults to false. - -- `-dns-port` ((#\_dns_port)) - the DNS port to listen on. This overrides - the default port 8600. This is available in Consul 0.7 and later. - -- `-domain` ((#\_domain)) - By default, Consul responds to DNS queries in - the "consul." domain. This flag can be used to change that domain. All queries - in this domain are assumed to be handled by Consul and will not be recursively - resolved. - -- `-alt-domain` ((#\_alt_domain)) - This flag allows Consul to respond to - DNS queries in an alternate domain, in addition to the primary domain. If unset, - no alternate domain is used. - - In Consul 1.10.4 and later, Consul DNS responses will use the same domain as in the query (`-domain` or `-alt-domain`) where applicable. - PTR query responses will always use `-domain`, since the desired domain cannot be included in the query. - -- `-enable-script-checks` ((#\_enable_script_checks)) This controls whether - [health checks that execute scripts](/docs/discovery/checks) are enabled on this - agent, and defaults to `false` so operators must opt-in to allowing these. This - was added in Consul 0.9.0. - - ~> **Security Warning:** Enabling script checks in some configurations may - introduce a remote execution vulnerability which is known to be targeted by - malware. We strongly recommend `-enable-local-script-checks` instead. See [this - blog post](https://www.hashicorp.com/blog/protecting-consul-from-rce-risk-in-specific-configurations) - for more details. - -- `-enable-local-script-checks` ((#\_enable_local_script_checks)) - Like [`enable_script_checks`](#_enable_script_checks), but only enable them when - they are defined in the local configuration files. Script checks defined in HTTP - API registrations will still not be allowed. - -- `-encrypt` ((#\_encrypt)) - Specifies the secret key to use for encryption - of Consul network traffic. This key must be 32-bytes that are Base64-encoded. The - easiest way to create an encryption key is to use [`consul keygen`](/commands/keygen). - All nodes within a cluster must share the same encryption key to communicate. The - provided key is automatically persisted to the data directory and loaded automatically - whenever the agent is restarted. This means that to encrypt Consul's gossip protocol, - this option only needs to be provided once on each agent's initial startup sequence. - If it is provided after Consul has been initialized with an encryption key, then - the provided key is ignored and a warning will be displayed. - -- `-grpc-port` ((#\_grpc_port)) - the gRPC API port to listen on. Default - -1 (gRPC disabled). See [ports](#ports) documentation for more detail. - -- `-hcl` ((#\_hcl)) - A HCL configuration fragment. This HCL configuration - fragment is appended to the configuration and allows to specify the full range - of options of a config file on the command line. This option can be specified multiple - times. This was added in Consul 1.0. - -- `-http-port` ((#\_http_port)) - the HTTP API port to listen on. This overrides - the default port 8500. This option is very useful when deploying Consul to an environment - which communicates the HTTP port through the environment e.g. PaaS like CloudFoundry, - allowing you to set the port directly via a Procfile. - -- `-https-port` ((#\_https_port)) - the HTTPS API port to listen on. Default - -1 (https disabled). See [ports](#ports) documentation for more detail. - -- `-log-file` ((#\_log_file)) - writes all the Consul agent log messages - to a file. This value is used as a prefix for the log file name. The current timestamp - is appended to the file name. If the value ends in a path separator, `consul-` - will be appended to the value. If the file name is missing an extension, `.log` - is appended. For example, setting `log-file` to `/var/log/` would result in a log - file path of `/var/log/consul-{timestamp}.log`. `log-file` can be combined with - [`-log-rotate-bytes`](#_log_rotate_bytes) and [-log-rotate-duration](#_log_rotate_duration) - for a fine-grained log rotation experience. - -- `-log-rotate-bytes` ((#\_log_rotate_bytes)) - to specify the number of - bytes that should be written to a log before it needs to be rotated. Unless specified, - there is no limit to the number of bytes that can be written to a log file. - -- `-log-rotate-duration` ((#\_log_rotate_duration)) - to specify the maximum - duration a log should be written to before it needs to be rotated. Must be a duration - value such as 30s. Defaults to 24h. - -- `-log-rotate-max-files` ((#\_log_rotate_max_files)) - to specify the maximum - number of older log file archives to keep. Defaults to 0 (no files are ever deleted). - Set to -1 to discard old log files when a new one is created. - -- `-default-query-time` ((#\_default_query_time)) - This flag controls the - amount of time a blocking query will wait before Consul will force a response. - This value can be overridden by the `wait` query parameter. Note that Consul applies - some jitter on top of this time. Defaults to 300s. - -- `-max-query-time` ((#\_max_query_time)) - this flag controls the maximum - amount of time a blocking query can wait before Consul will force a response. Consul - applies jitter to the wait time. The jittered time will be capped to this time. - Defaults to 600s. - -- `-join` ((#\_join)) - Address of another agent to join upon starting up. - This can be specified multiple times to specify multiple agents to join. If Consul - is unable to join with any of the specified addresses, agent startup will fail. - By default, the agent won't join any nodes when it starts up. Note that using [`retry_join`](#retry_join) could be more appropriate to help mitigate node startup race conditions when automating - a Consul cluster deployment. - - In Consul 1.1.0 and later this can be dynamically defined with a - [go-sockaddr] - template that is resolved at runtime. - - If using Enterprise network segments, see [additional documentation on - joining a client to a segment](/docs/enterprise/network-segments#join_a_client_to_a_segment). - -- `-retry-join` ((#\_retry_join)) - Similar to [`-join`](#_join) but allows retrying a join until - it is successful. Once it joins successfully to a member in a list of members - it will never attempt to join again. Agents will then solely maintain their - membership via gossip. This is useful for cases where you know the address will - eventually be available. This option can be specified multiple times to - specify multiple agents to join. The value can contain IPv4, IPv6, or DNS - addresses. IPv6 must use the "bracketed" syntax. If multiple values - are given, they are tried and retried in the order listed until the first - succeeds. - - In Consul 1.1.0 and later this can be dynamically defined with a - [go-sockaddr] - template that is resolved at runtime. - - If Consul is running on the non-default Serf LAN port, the port must - be specified in the join address, or configured as the agent's default Serf port - using the [`ports.serf_lan`](#serf_lan_port) configuration option or - [`-serf-lan-port`](#_serf_lan_port) command line flag. - - If using network segments (Enterprise), see [additional documentation on - joining a client to a segment](/docs/enterprise/network-segments#join_a_client_to_a_segment). - - Here are some examples of using `-retry-join`: - - - - ```shell-session - $ consul agent -retry-join "consul.domain.internal" - ``` - - - - - - ```shell-session - $ consul agent -retry-join "10.0.4.67" - ``` - - - - - - ```shell-session - $ consul agent -retry-join "192.0.2.10:8304" - ``` - - - - - - ```shell-session - $ consul agent -retry-join "[::1]:8301" - ``` - - - - - - ```shell-session - $ consul agent -retry-join "consul.domain.internal" -retry-join "10.0.4.67" - ``` - - - - ### Cloud Auto-Joining - - As of Consul 0.9.1, `retry-join` accepts a unified interface using the - [go-discover](https://github.com/hashicorp/go-discover) library for doing - automatic cluster joining using cloud metadata. For more information, see - the [Cloud Auto-join page](/docs/install/cloud-auto-join). - - - - ```shell-session - $ consul agent -retry-join "provider=aws tag_key=..." - ``` - - - -- `-retry-interval` ((#\_retry_interval)) - Time to wait between join attempts. - Defaults to 30s. - -- `-retry-max` ((#\_retry_max)) - The maximum number of [`-join`](#_join) - attempts to be made before exiting with return code 1. By default, this is set - to 0 which is interpreted as infinite retries. - -- `-join-wan` ((#\_join_wan)) - Address of another wan agent to join upon - starting up. This can be specified multiple times to specify multiple WAN agents - to join. If Consul is unable to join with any of the specified addresses, agent - startup will fail. By default, the agent won't [`-join-wan`](#_join_wan) any nodes - when it starts up. - - In Consul 1.1.0 and later this can be dynamically defined with a [go-sockaddr] - template that is resolved at runtime. - -- `-retry-join-wan` ((#\_retry_join_wan)) - Similar to [`retry-join`](#_retry_join) - but allows retrying a wan join if the first attempt fails. This is useful for cases - where we know the address will become available eventually. As of Consul 0.9.3 - [Cloud Auto-Joining](#cloud-auto-joining) is supported as well. - - In Consul 1.1.0 and later this can be dynamically defined with a [go-sockaddr] - template that is resolved at runtime. - -- `-retry-interval-wan` ((#\_retry_interval_wan)) - Time to wait between - [`-join-wan`](#_join_wan) attempts. Defaults to 30s. - -- `-retry-max-wan` ((#\_retry_max_wan)) - The maximum number of [`-join-wan`](#_join_wan) - attempts to be made before exiting with return code 1. By default, this is set - to 0 which is interpreted as infinite retries. - -- `-log-level` ((#\_log_level)) - The level of logging to show after the - Consul agent has started. This defaults to "info". The available log levels are - "trace", "debug", "info", "warn", and "err". You can always connect to an agent - via [`consul monitor`](/commands/monitor) and use any log level. Also, - the log level can be changed during a config reload. -- `-auto-reload-config` ((#\_auto_reload_config)) - This flag set Consul to automatically reload - [Reloadable Configuration](#reloadable-configuration) when configuration files change. - Consul will also watch certificate and key files set in `cert_file` and `key_file` and reload the configuration - if updated. -- `-log-json` ((#\_log_json)) - This flag enables the agent to output logs - in a JSON format. By default this is false. - -- `-node` ((#\_node)) - The name of this node in the cluster. This must - be unique within the cluster. By default this is the hostname of the machine. - -- `-node-id` ((#\_node_id)) - Available in Consul 0.7.3 and later, this - is a unique identifier for this node across all time, even if the name of the node - or address changes. This must be in the form of a hex string, 36 characters long, - such as `adf4238a-882b-9ddc-4a9d-5b6758e4159e`. If this isn't supplied, which is - the most common case, then the agent will generate an identifier at startup and - persist it in the [data directory](#_data_dir) so that it will remain the same - across agent restarts. Information from the host will be used to generate a deterministic - node ID if possible, unless [`-disable-host-node-id`](#_disable_host_node_id) is - set to true. - -- `-node-meta` ((#\_node_meta)) - Available in Consul 0.7.3 and later, this - specifies an arbitrary metadata key/value pair to associate with the node, of the - form `key:value`. This can be specified multiple times. Node metadata pairs have - the following restrictions: - - - A maximum of 64 key/value pairs can be registered per node. - - Metadata keys must be between 1 and 128 characters (inclusive) in length - - Metadata keys must contain only alphanumeric, `-`, and `_` characters. - - Metadata keys must not begin with the `consul-` prefix; that is reserved for internal use by Consul. - - Metadata values must be between 0 and 512 (inclusive) characters in length. - - Metadata values for keys beginning with `rfc1035-` are encoded verbatim in DNS TXT requests, otherwise - the metadata kv-pair is encoded according [RFC1464](https://www.ietf.org/rfc/rfc1464.txt). - -- `-pid-file` ((#\_pid_file)) - This flag provides the file path for the - agent to store its PID. This is useful for sending signals (for example, `SIGINT` - to close the agent or `SIGHUP` to update check definitions) to the agent. - -- `-protocol` ((#\_protocol)) - The Consul protocol version to use. Consul - agents speak protocol 2 by default, however agents will automatically use protocol > 2 when speaking to compatible agents. This should be set only when [upgrading](/docs/upgrading). You can view the protocol versions supported by Consul by running `consul -v`. - -- `-primary-gateway` ((#\_primary_gateway)) - Similar to [`retry-join-wan`](#_retry_join_wan) - but allows retrying discovery of fallback addresses for the mesh gateways in the - primary datacenter if the first attempt fails. This is useful for cases where we - know the address will become available eventually. [Cloud Auto-Joining](#cloud-auto-joining) - is supported as well as [go-sockaddr] - templates. This was added in Consul 1.8.0. - -- `-raft-protocol` ((#\_raft_protocol)) - This controls the internal version - of the Raft consensus protocol used for server communications. This must be set - to 3 in order to gain access to Autopilot features, with the exception of [`cleanup_dead_servers`](#cleanup_dead_servers). Defaults to 3 in Consul 1.0.0 and later (defaulted to 2 previously). See [Raft Protocol Version Compatibility](/docs/upgrading/upgrade-specific#raft-protocol-version-compatibility) for more details. - -- `-recursor` ((#\_recursor)) - Specifies the address of an upstream DNS - server. This option may be provided multiple times, and is functionally equivalent - to the [`recursors` configuration option](#recursors). - -- `-rejoin` ((#\_rejoin)) - When provided, Consul will ignore a previous - leave and attempt to rejoin the cluster when starting. By default, Consul treats - leave as a permanent intent and does not attempt to join the cluster again when - starting. This flag allows the previous state to be used to rejoin the cluster. - -- `-segment` ((#\_segment)) - This flag is used to set - the name of the network segment the agent belongs to. An agent can only join and - communicate with other agents within its network segment. Ensure the [join - operation uses the correct port for this segment](/docs/enterprise/network-segments#join_a_client_to_a_segment). - Review the [Network Segments documentation](/docs/enterprise/network-segments) - for more details. By default, this is an empty string, which is the `` - network segment. - - ~> **Warning:** The `segment` flag cannot be used with the [`partition`](#partition-1) option. - -- `-serf-lan-allowed-cidrs` ((#\_serf_lan_allowed_cidrs)) - The Serf LAN allowed CIDRs allow to accept incoming - connections for Serf only from several networks (multiple values are supported). - Those networks are specified with CIDR notation (eg: 192.168.1.0/24). - This is available in Consul 1.8 and later. - -- `-serf-lan-port` ((#\_serf_lan_port)) - the Serf LAN port to listen on. - This overrides the default Serf LAN port 8301. This is available in Consul 1.2.2 - and later. - -- `-serf-wan-allowed-cidrs` ((#\_serf_wan_allowed_cidrs)) - The Serf WAN allowed CIDRs allow to accept incoming - connections for Serf only from several networks (multiple values are supported). - Those networks are specified with CIDR notation (eg: 192.168.1.0/24). - This is available in Consul 1.8 and later. - -- `-serf-wan-port` ((#\_serf_wan_port)) - the Serf WAN port to listen on. - This overrides the default Serf WAN port 8302. This is available in Consul 1.2.2 - and later. - -- `-server` ((#\_server)) - This flag is used to control if an agent is - in server or client mode. When provided, an agent will act as a Consul server. - Each Consul cluster must have at least one server and ideally no more than 5 per - datacenter. All servers participate in the Raft consensus algorithm to ensure that - transactions occur in a consistent, linearizable manner. Transactions modify cluster - state, which is maintained on all server nodes to ensure availability in the case - of node failure. Server nodes also participate in a WAN gossip pool with server - nodes in other datacenters. Servers act as gateways to other datacenters and forward - traffic as appropriate. - -- `-server-port` ((#\_server_port)) - the server RPC port to listen on. - This overrides the default server RPC port 8300. This is available in Consul 1.2.2 - and later. - -- `-non-voting-server` ((#\_non_voting_server)) - **This field - is deprecated in Consul 1.9.1. See the [`-read-replica`](#_read_replica) flag instead.** - -- `-read-replica` ((#\_read_replica)) - This - flag is used to make the server not participate in the Raft quorum, and have it - only receive the data replication stream. This can be used to add read scalability - to a cluster in cases where a high volume of reads to servers are needed. - -- `-syslog` ((#\_syslog)) - This flag enables logging to syslog. This is - only supported on Linux and OSX. It will result in an error if provided on Windows. - -- `-ui` ((#\_ui)) - Enables the built-in web UI server and the required - HTTP routes. This eliminates the need to maintain the Consul web UI files separately - from the binary. - -- `-ui-dir` ((#\_ui_dir)) - This flag provides the directory containing - the Web UI resources for Consul. This will automatically enable the Web UI. The - directory must be readable to the agent. Starting with Consul version 0.7.0 and - later, the Web UI assets are included in the binary so this flag is no longer necessary; - specifying only the `-ui` flag is enough to enable the Web UI. Specifying both - the '-ui' and '-ui-dir' flags will result in an error. - - -- `-ui-content-path` ((#\_ui\_content\_path)) - This flag provides the option - to change the path the Consul UI loads from and will be displayed in the browser. - By default, the path is `/ui/`, for example `http://localhost:8500/ui/`. Only alphanumerics, - `-`, and `_` are allowed in a custom path.`/v1/` is not allowed as it would overwrite - the API endpoint. - ## Configuration Files ((#configuration_files)) In addition to the command-line options, configuration for the Consul agent can be put into @@ -1416,7 +868,7 @@ There are also a number of common configuration options supported by all provide certificate will be requested by a proxy before this limit is reached. This is also the effective limit on how long a server outage can last (with no leader) before network connections will start being rejected. Defaults to `72h`. - + You can specify a range from one hour (minimum) up to one year (maximum) using the following units: `h`, `m`, `s`, `ms`, `us` (or `µs`), `ns`, or a combination of those units, e.g. `1h5m`. From 7a1d4f0ec5b24510d95692dbc7d54187a22275ab Mon Sep 17 00:00:00 2001 From: Blake Covarrubias Date: Mon, 11 Apr 2022 16:06:20 -0700 Subject: [PATCH 119/785] docs: move configuration files content from agent/config/index to agent/config/agent-config-files --- .../docs/agent/config/agent-config-files.mdx | 1884 +++++++++++++++ website/content/docs/agent/config/index.mdx | 2152 ----------------- 2 files changed, 1884 insertions(+), 2152 deletions(-) diff --git a/website/content/docs/agent/config/agent-config-files.mdx b/website/content/docs/agent/config/agent-config-files.mdx index e69de29bb..a454adb0e 100644 --- a/website/content/docs/agent/config/agent-config-files.mdx +++ b/website/content/docs/agent/config/agent-config-files.mdx @@ -0,0 +1,1884 @@ +--- +layout: docs +page_title: Consul Agent Configuration Reference +description: >- + This topic describes the supported parameters for configuring Consul agents in HCL and JSON configuration files. +--- + +# Configuration Files ((#configuration_files)) + +In addition to the command-line options, configuration can be put into +files. This may be easier in certain situations, for example when Consul is +being configured using a configuration management system. + +The configuration files are JSON formatted, making them easily readable +and editable by both humans and computers. The configuration is formatted +as a single JSON object with configuration within it. + +Configuration files are used for more than just setting up the agent, +they are also used to provide check and service definitions. These are used +to announce the availability of system servers to the rest of the cluster. +They are documented separately under [check configuration](/docs/agent/checks) and +[service configuration](/docs/agent/services) respectively. The service and check +definitions support being updated during a reload. + +#### Example Configuration File + +```json +{ + "datacenter": "east-aws", + "data_dir": "/opt/consul", + "log_level": "INFO", + "node_name": "foobar", + "server": true, + "watches": [ + { + "type": "checks", + "handler": "/usr/bin/health-check-handler.sh" + } + ], + "telemetry": { + "statsite_address": "127.0.0.1:2180" + } +} +``` + +#### Configuration Key Reference + +-> **Note:** All the TTL values described below are parsed by Go's `time` package, and have the following +[formatting specification](https://golang.org/pkg/time/#ParseDuration): "A +duration string is a possibly signed sequence of decimal numbers, each with +optional fraction and a unit suffix, such as '300ms', '-1.5h' or '2h45m'. +Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'." + +- `acl` ((#acl)) - This object allows a number of sub-keys to be set which + controls the ACL system. Configuring the ACL system within the ACL stanza was added + in Consul 1.4.0 + + The following sub-keys are available: + + - `enabled` ((#acl_enabled)) - Enables ACLs. + + - `policy_ttl` ((#acl_policy_ttl)) - Used to control Time-To-Live caching + of ACL policies. By default, this is 30 seconds. This setting has a major performance + impact: reducing it will cause more frequent refreshes while increasing it reduces + the number of refreshes. However, because the caches are not actively invalidated, + ACL policy may be stale up to the TTL value. + + - `role_ttl` ((#acl_role_ttl)) - Used to control Time-To-Live caching + of ACL roles. By default, this is 30 seconds. This setting has a major performance + impact: reducing it will cause more frequent refreshes while increasing it reduces + the number of refreshes. However, because the caches are not actively invalidated, + ACL role may be stale up to the TTL value. + + - `token_ttl` ((#acl_token_ttl)) - Used to control Time-To-Live caching + of ACL tokens. By default, this is 30 seconds. This setting has a major performance + impact: reducing it will cause more frequent refreshes while increasing it reduces + the number of refreshes. However, because the caches are not actively invalidated, + ACL token may be stale up to the TTL value. + + - `down_policy` ((#acl_down_policy)) - Either "allow", "deny", "extend-cache" + or "async-cache"; "extend-cache" is the default. In the case that a policy or + token cannot be read from the [`primary_datacenter`](#primary_datacenter) or + leader node, the down policy is applied. In "allow" mode, all actions are permitted, + "deny" restricts all operations, and "extend-cache" allows any cached objects + to be used, ignoring the expiry time of the cached entry. If the request uses an + ACL that is not in the cache, "extend-cache" falls back to the behaviour of + `default_policy`. + The value "async-cache" acts the same way as "extend-cache" + but performs updates asynchronously when ACL is present but its TTL is expired, + thus, if latency is bad between the primary and secondary datacenters, latency + of operations is not impacted. + + - `default_policy` ((#acl_default_policy)) - Either "allow" or "deny"; + defaults to "allow" but this will be changed in a future major release. The default + policy controls the behavior of a token when there is no matching rule. In "allow" + mode, ACLs are a denylist: any operation not specifically prohibited is allowed. + In "deny" mode, ACLs are an allowlist: any operation not specifically + allowed is blocked. **Note**: this will not take effect until you've enabled ACLs. + + - `enable_key_list_policy` ((#acl_enable_key_list_policy)) - Boolean value, defaults to false. + When true, the `list` permission will be required on the prefix being recursively read from the KV store. + Regardless of being enabled, the full set of KV entries under the prefix will be filtered + to remove any entries that the request's ACL token does not grant at least read + permissions. This option is only available in Consul 1.0 and newer. + + - `enable_token_replication` ((#acl_enable_token_replication)) - By default + secondary Consul datacenters will perform replication of only ACL policies and + roles. Setting this configuration will will enable ACL token replication and + allow for the creation of both [local tokens](/api/acl/tokens#local) and + [auth methods](/docs/acl/auth-methods) in connected secondary datacenters. + + ~> **Warning:** When enabling ACL token replication on the secondary datacenter, + global tokens already present in the secondary datacenter will be lost. For + production environments, consider configuring ACL replication in your initial + datacenter bootstrapping process. + + - `enable_token_persistence` ((#acl_enable_token_persistence)) - Either + `true` or `false`. When `true` tokens set using the API will be persisted to + disk and reloaded when an agent restarts. + + - `tokens` ((#acl_tokens)) - This object holds all of the configured + ACL tokens for the agents usage. + + - `initial_management` ((#acl_tokens_initial_management)) - This is available in + Consul 1.11 and later. In prior versions, use [`acl.tokens.master`](#acl_tokens_master). + + Only used for servers in the [`primary_datacenter`](#primary_datacenter). + This token will be created with management-level permissions if it does not exist. + It allows operators to bootstrap the ACL system with a token Secret ID that is + well-known. + + The `initial_management` token is only installed when a server acquires cluster + leadership. If you would like to install or change it, set the new value for + `initial_management` in the configuration for all servers. Once this is done, + restart the current leader to force a leader election. If the `initial_management` + token is not supplied, then the servers do not create an initial management token. + When you provide a value, it should be a UUID. To maintain backwards compatibility + and an upgrade path this restriction is not currently enforced but will be in a + future major Consul release. + + - `master` ((#acl_tokens_master)) **Renamed in Consul 1.11 to + [`acl.tokens.initial_management`](#acl_tokens_initial_management).** + + - `default` ((#acl_tokens_default)) - When provided, the agent will + use this token when making requests to the Consul servers. Clients can override + this token on a per-request basis by providing the "?token" query parameter. + When not provided, the empty token, which maps to the 'anonymous' ACL token, + is used. + + - `agent` ((#acl_tokens_agent)) - Used for clients and servers to perform + internal operations. If this isn't specified, then the + [`default`](#acl_tokens_default) will be used. + + This token must at least have write access to the node name it will + register as in order to set any of the node-level information in the + catalog such as metadata, or the node's tagged addresses. + + - `agent_recovery` ((#acl_tokens_agent_recovery)) - This is available in Consul 1.11 + and later. In prior versions, use [`acl.tokens.agent_master`](#acl_tokens_agent_master). + + Used to access [agent endpoints](/api/agent) that require agent read or write privileges, + or node read privileges, even if Consul servers aren't present to validate any tokens. + This should only be used by operators during outages, regular ACL tokens should normally + be used by applications. + + - `agent_master` ((#acl_tokens_agent_master)) **Renamed in Consul 1.11 to + [`acl.tokens.agent_recovery`](#acl_tokens_agent_recovery).** + + - `replication` ((#acl_tokens_replication)) - The ACL token used to + authorize secondary datacenters with the primary datacenter for replication + operations. This token is required for servers outside the [`primary_datacenter`](#primary_datacenter) when ACLs are enabled. This token may be provided later using the [agent token API](/api/agent#update-acl-tokens) on each server. This token must have at least "read" permissions on ACL data but if ACL token replication is enabled then it must have "write" permissions. This also enables Connect replication, for which the token will require both operator "write" and intention "read" permissions for replicating CA and Intention data. + + ~> **Warning:** When enabling ACL token replication on the secondary datacenter, + policies and roles already present in the secondary datacenter will be lost. For + production environments, consider configuring ACL replication in your initial + datacenter bootstrapping process. + + - `managed_service_provider` ((#acl_tokens_managed_service_provider)) - An + array of ACL tokens used by Consul managed service providers for cluster operations. + + ```json + "managed_service_provider": [ + { + "accessor_id": "ed22003b-0832-4e48-ac65-31de64e5c2ff", + "secret_id": "cb6be010-bba8-4f30-a9ed-d347128dde17" + } + ] + ``` + +- `acl_datacenter` - **This field is deprecated in Consul 1.4.0. See the [`primary_datacenter`](#primary_datacenter) field instead.** + + This designates the datacenter which is authoritative for ACL information. It must be provided to enable ACLs. All servers and datacenters must agree on the ACL datacenter. Setting it on the servers is all you need for cluster-level enforcement, but for the APIs to forward properly from the clients, + it must be set on them too. In Consul 0.8 and later, this also enables agent-level enforcement + of ACLs. Please review the [ACL tutorial](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production) for more details. + +- `acl_default_policy` ((#acl_default_policy_legacy)) - **Deprecated in Consul 1.4.0. See the [`acl.default_policy`](#acl_default_policy) field instead.** + Either "allow" or "deny"; defaults to "allow". The default policy controls the + behavior of a token when there is no matching rule. In "allow" mode, ACLs are a + denylist: any operation not specifically prohibited is allowed. In "deny" mode, + ACLs are an allowlist: any operation not specifically allowed is blocked. **Note**: + this will not take effect until you've set `primary_datacenter` to enable ACL support. + +- `acl_down_policy` ((#acl_down_policy_legacy)) - **Deprecated in Consul + 1.4.0. See the [`acl.down_policy`](#acl_down_policy) field instead.** Either "allow", + "deny", "extend-cache" or "async-cache"; "extend-cache" is the default. In the + case that the policy for a token cannot be read from the [`primary_datacenter`](#primary_datacenter) + or leader node, the down policy is applied. In "allow" mode, all actions are permitted, + "deny" restricts all operations, and "extend-cache" allows any cached ACLs to be + used, ignoring their TTL values. If a non-cached ACL is used, "extend-cache" acts + like "deny". The value "async-cache" acts the same way as "extend-cache" but performs + updates asynchronously when ACL is present but its TTL is expired, thus, if latency + is bad between ACL authoritative and other datacenters, latency of operations is + not impacted. + +- `acl_agent_master_token` ((#acl_agent_master_token_legacy)) - **Deprecated + in Consul 1.4.0. See the [`acl.tokens.agent_master`](#acl_tokens_agent_master) + field instead.** Used to access [agent endpoints](/api/agent) that + require agent read or write privileges, or node read privileges, even if Consul + servers aren't present to validate any tokens. This should only be used by operators + during outages, regular ACL tokens should normally be used by applications. This + was added in Consul 0.7.2 and is only used when [`acl_enforce_version_8`](#acl_enforce_version_8) is set to true. + +- `acl_agent_token` ((#acl_agent_token_legacy)) - **Deprecated in Consul + 1.4.0. See the [`acl.tokens.agent`](#acl_tokens_agent) field instead.** Used for + clients and servers to perform internal operations. If this isn't specified, then + the [`acl_token`](#acl_token) will be used. This was added in Consul 0.7.2. + + This token must at least have write access to the node name it will register as in order to set any + of the node-level information in the catalog such as metadata, or the node's tagged addresses. + +- `acl_enforce_version_8` - **Deprecated in + Consul 1.4.0 and removed in 1.8.0.** Used for clients and servers to determine if enforcement should + occur for new ACL policies being previewed before Consul 0.8. Added in Consul 0.7.2, + this defaults to false in versions of Consul prior to 0.8, and defaults to true + in Consul 0.8 and later. This helps ease the transition to the new ACL features + by allowing policies to be in place before enforcement begins. + +- `acl_master_token` ((#acl_master_token_legacy)) - **Deprecated in Consul + 1.4.0. See the [`acl.tokens.master`](#acl_tokens_master) field instead.** + +- `acl_replication_token` ((#acl_replication_token_legacy)) - **Deprecated + in Consul 1.4.0. See the [`acl.tokens.replication`](#acl_tokens_replication) field + instead.** Only used for servers outside the [`primary_datacenter`](#primary_datacenter) + running Consul 0.7 or later. When provided, this will enable [ACL replication](https://learn.hashicorp.com/tutorials/consul/access-control-replication-multiple-datacenters) + using this ACL replication using this token to retrieve and replicate the ACLs + to the non-authoritative local datacenter. In Consul 0.9.1 and later you can enable + ACL replication using [`acl.enable_token_replication`](#acl_enable_token_replication) and then + set the token later using the [agent token API](/api/agent#update-acl-tokens) + on each server. If the `acl_replication_token` is set in the config, it will automatically + set [`acl.enable_token_replication`](#acl_enable_token_replication) to true for backward compatibility. + + If there's a partition or other outage affecting the authoritative datacenter, and the + [`acl_down_policy`](/docs/agent/options#acl_down_policy) is set to "extend-cache", tokens not + in the cache can be resolved during the outage using the replicated set of ACLs. + +- `acl_token` ((#acl_token_legacy)) - **Deprecated in Consul 1.4.0. See + the [`acl.tokens.default`](#acl_tokens_default) field instead.** When provided, + the agent will use this token when making requests to the Consul servers. Clients + can override this token on a per-request basis by providing the "?token" query + parameter. When not provided, the empty token, which maps to the 'anonymous' ACL + policy, is used. + +- `acl_ttl` ((#acl_ttl_legacy)) - **Deprecated in Consul 1.4.0. See the + [`acl.token_ttl`](#acl_token_ttl) field instead.**Used to control Time-To-Live + caching of ACLs. By default, this is 30 seconds. This setting has a major performance + impact: reducing it will cause more frequent refreshes while increasing it reduces + the number of refreshes. However, because the caches are not actively invalidated, + ACL policy may be stale up to the TTL value. + +- `addresses` - This is a nested object that allows setting + bind addresses. In Consul 1.0 and later these can be set to a space-separated list + of addresses to bind to, or a [go-sockaddr] template that can potentially resolve to multiple addresses. + + `http`, `https` and `grpc` all support binding to a Unix domain socket. A + socket can be specified in the form `unix:///path/to/socket`. A new domain + socket will be created at the given path. If the specified file path already + exists, Consul will attempt to clear the file and create the domain socket + in its place. The permissions of the socket file are tunable via the + [`unix_sockets` config construct](#unix_sockets). + + When running Consul agent commands against Unix socket interfaces, use the + `-http-addr` argument to specify the path to the socket. You can also place + the desired values in the `CONSUL_HTTP_ADDR` environment variable. + + For TCP addresses, the environment variable value should be an IP address + _with the port_. For example: `10.0.0.1:8500` and not `10.0.0.1`. However, + ports are set separately in the [`ports`](#ports) structure when + defining them in a configuration file. + + The following keys are valid: + + - `dns` - The DNS server. Defaults to `client_addr` + - `http` - The HTTP API. Defaults to `client_addr` + - `https` - The HTTPS API. Defaults to `client_addr` + - `grpc` - The gRPC API. Defaults to `client_addr` + +- `advertise_addr` Equivalent to the [`-advertise` command-line flag](#_advertise). + +- `advertise_addr_ipv4` This was added together with [`advertise_addr_ipv6`](#advertise_addr_ipv6) to support dual stack IPv4/IPv6 environments. Using this, both IPv4 and IPv6 addresses can be specified and requested during eg service discovery. + +- `advertise_addr_ipv6` This was added together with [`advertise_addr_ipv4`](#advertise_addr_ipv4) to support dual stack IPv4/IPv6 environments. Using this, both IPv4 and IPv6 addresses can be specified and requested during eg service discovery. + +- `advertise_addr_wan` Equivalent to the [`-advertise-wan` command-line flag](#_advertise-wan). + +- `advertise_addr_wan_ipv4` This was added together with [`advertise_addr_wan_ipv6`](#advertise_addr_wan_ipv6) to support dual stack IPv4/IPv6 environments. Using this, both IPv4 and IPv6 addresses can be specified and requested during eg service discovery. + +- `advertise_addr_wan_ipv6` This was added together with [`advertise_addr_wan_ipv4`](#advertise_addr_wan_ipv4) to support dual stack IPv4/IPv6 environments. Using this, both IPv4 and IPv6 addresses can be specified and requested during eg service discovery. + +- `advertise_reconnect_timeout` This is a per-agent setting of the [`reconnect_timeout`](#reconnect_timeout) parameter. + This agent will advertise to all other nodes in the cluster that after this timeout, the node may be completely + removed from the cluster. This may only be set on client agents and if unset then other nodes will use the main + `reconnect_timeout` setting when determining when this node may be removed from the cluster. + +- `alt_domain` Equivalent to the [`-alt-domain` command-line flag](#_alt_domain) + +- `serf_lan` ((#serf_lan_bind)) Equivalent to the [`-serf-lan-bind` command-line flag](#_serf_lan_bind). + This is an IP address, not to be confused with [`ports.serf_lan`](#serf_lan_port). + +- `serf_lan_allowed_cidrs` ((#serf_lan_allowed_cidrs)) Equivalent to the [`-serf-lan-allowed-cidrs` command-line flag](#_serf_lan_allowed_cidrs). + +- `serf_wan` ((#serf_wan_bind)) Equivalent to the [`-serf-wan-bind` command-line flag](#_serf_wan_bind). + +- `serf_wan_allowed_cidrs` ((#serf_wan_allowed_cidrs)) Equivalent to the [`-serf-wan-allowed-cidrs` command-line flag](#_serf_wan_allowed_cidrs). + +- `audit` - Added in Consul 1.8, the audit object allow users to enable auditing + and configure a sink and filters for their audit logs. For more information, review the [audit log tutorial](https://learn.hashicorp.com/tutorials/consul/audit-logging). + + ```hcl + audit { + enabled = true + sink "My sink" { + type = "file" + format = "json" + path = "data/audit/audit.json" + delivery_guarantee = "best-effort" + rotate_duration = "24h" + rotate_max_files = 15 + rotate_bytes = 25165824 + } + } + ``` + + The following sub-keys are available: + + - `enabled` - Controls whether Consul logs out each time a user + performs an operation. ACLs must be enabled to use this feature. Defaults to `false`. + + - `sink` - This object provides configuration for the destination to which + Consul will log auditing events. Sink is an object containing keys to sink objects, where the key is the name of the sink. + + - `type` - Type specifies what kind of sink this is. + The following keys are valid: + - `file` - Currently only file sinks are available, they take the following keys. + - `format` - Format specifies what format the events will + be emitted with. + The following keys are valid: + - `json` - Currently only json events are offered. + - `path` - The directory and filename to write audit events to. + - `delivery_guarantee` - Specifies + the rules governing how audit events are written. + The following keys are valid: + - `best-effort` - Consul only supports `best-effort` event delivery. + - `mode` - The permissions to set on the audit log files. + - `rotate_duration` - Specifies the + interval by which the system rotates to a new log file. At least one of `rotate_duration` or `rotate_bytes` + must be configured to enable audit logging. + - `rotate_max_files` - Defines the + limit that Consul should follow before it deletes old log files. + - `rotate_bytes` - Specifies how large an + individual log file can grow before Consul rotates to a new file. At least one of `rotate_bytes` or + `rotate_duration` must be configured to enable audit logging. + +- `autopilot` Added in Consul 0.8, this object allows a + number of sub-keys to be set which can configure operator-friendly settings for + Consul servers. When these keys are provided as configuration, they will only be + respected on bootstrapping. If they are not provided, the defaults will be used. + In order to change the value of these options after bootstrapping, you will need + to use the [Consul Operator Autopilot](/commands/operator/autopilot) + command. For more information about Autopilot, review the [Autopilot tutorial](https://learn.hashicorp.com/tutorials/consul/autopilot-datacenter-operations). + + The following sub-keys are available: + + - `cleanup_dead_servers` - This controls the + automatic removal of dead server nodes periodically and whenever a new server + is added to the cluster. Defaults to `true`. + + - `last_contact_threshold` - Controls the + maximum amount of time a server can go without contact from the leader before + being considered unhealthy. Must be a duration value such as `10s`. Defaults + to `200ms`. + + - `max_trailing_logs` - Controls the maximum number + of log entries that a server can trail the leader by before being considered + unhealthy. Defaults to 250. + + - `min_quorum` - Sets the minimum number of servers necessary + in a cluster before autopilot can prune dead servers. There is no default. + + - `server_stabilization_time` - Controls + the minimum amount of time a server must be stable in the 'healthy' state before + being added to the cluster. Only takes effect if all servers are running Raft + protocol version 3 or higher. Must be a duration value such as `30s`. Defaults + to `10s`. + + - `redundancy_zone_tag` - + This controls the [`-node-meta`](#_node_meta) key to use when Autopilot is separating + servers into zones for redundancy. Only one server in each zone can be a voting + member at one time. If left blank (the default), this feature will be disabled. + + - `disable_upgrade_migration` - + If set to `true`, this setting will disable Autopilot's upgrade migration strategy + in Consul Enterprise of waiting until enough newer-versioned servers have been + added to the cluster before promoting any of them to voters. Defaults to `false`. + + - `upgrade_version_tag` - + The node_meta tag to use for version info when performing upgrade migrations. + If this is not set, the Consul version will be used. + +- `auto_config` This object allows setting options for the `auto_config` feature. + + The following sub-keys are available: + + - `enabled` (Defaults to `false`) This option enables `auto_config` on a client + agent. When starting up but before joining the cluster, the client agent will + make an RPC to the configured server addresses to request configuration settings, + such as its `agent` ACL token, TLS certificates, Gossip encryption key as well + as other configuration settings. These configurations get merged in as defaults + with any user-supplied configuration on the client agent able to override them. + The initial RPC uses a JWT specified with either `intro_token`, + `intro_token_file` or the `CONSUL_INTRO_TOKEN` environment variable to authorize + the request. How the JWT token is verified is controlled by the `auto_config.authorizer` + object available for use on Consul servers. Enabling this option also turns + on Connect because it is vital for `auto_config`, more specifically the CA + and certificates infrastructure. + + ~> **Warning:** Enabling `auto_config` conflicts with the [`auto_encrypt.tls`](#tls) feature. + Only one option may be specified. + + - `intro_token` (Defaults to `""`) This specifies the JWT to use for the initial + `auto_config` RPC to the Consul servers. This can be overridden with the + `CONSUL_INTRO_TOKEN` environment variable + + - `intro_token_file` (Defaults to `""`) This specifies a file containing the JWT + to use for the initial `auto_config` RPC to the Consul servers. This token + from this file is only loaded if the `intro_token` configuration is unset as + well as the `CONSUL_INTRO_TOKEN` environment variable + + - `server_addresses` (Defaults to `[]`) This specifies the addresses of servers in + the local datacenter to use for the initial RPC. These addresses support + [Cloud Auto-Joining](#cloud-auto-joining) and can optionally include a port to + use when making the outbound connection. If not port is provided the `server_port` + will be used. + + - `dns_sans` (Defaults to `[]`) This is a list of extra DNS SANs to request in the + client agent's TLS certificate. The `localhost` DNS SAN is always requested. + + - `ip_sans` (Defaults to `[]`) This is a list of extra IP SANs to request in the + client agent's TLS certificate. The `::1` and `127.0.0.1` IP SANs are always requested. + + - `authorization` This object controls how a Consul server will authorize `auto_config` + requests and in particular how to verify the JWT intro token. + + - `enabled` (Defaults to `false`) This option enables `auto_config` authorization + capabilities on the server. + + - `static` This object controls configuring the static authorizer setup in the Consul + configuration file. Almost all sub-keys are identical to those provided by the [JWT + Auth Method](/docs/acl/auth-methods/jwt). + + - `jwt_validation_pub_keys` (Defaults to `[]`) A list of PEM-encoded public keys + to use to authenticate signatures locally. + + Exactly one of `jwks_url` `jwt_validation_pub_keys`, or `oidc_discovery_url` is required. + + - `oidc_discovery_url` (Defaults to `""`) The OIDC Discovery URL, without any + .well-known component (base path). + + Exactly one of `jwks_url` `jwt_validation_pub_keys`, or `oidc_discovery_url` is required. + + - `oidc_discovery_ca_cert` (Defaults to `""`) PEM encoded CA cert for use by the TLS + client used to talk with the OIDC Discovery URL. NOTE: Every line must end + with a newline (`\n`). If not set, system certificates are used. + + - `jwks_url` (Defaults to `""`) The JWKS URL to use to authenticate signatures. + + Exactly one of `jwks_url` `jwt_validation_pub_keys`, or `oidc_discovery_url` is required. + + - `jwks_ca_cert` (Defaults to `""`) PEM encoded CA cert for use by the TLS client + used to talk with the JWKS URL. NOTE: Every line must end with a newline + (`\n`). If not set, system certificates are used. + + - `claim_mappings` (Defaults to `(map[string]string)` Mappings of claims (key) that + will be copied to a metadata field (value). Use this if the claim you are capturing + is singular (such as an attribute). + + When mapped, the values can be any of a number, string, or boolean and will + all be stringified when returned. + + - `list_claim_mappings` (Defaults to `(map[string]string)`) Mappings of claims (key) + will be copied to a metadata field (value). Use this if the claim you are capturing + is list-like (such as groups). + + When mapped, the values in each list can be any of a number, string, or + boolean and will all be stringified when returned. + + - `jwt_supported_algs` (Defaults to `["RS256"]`) JWTSupportedAlgs is a list of + supported signing algorithms. + + - `bound_audiences` (Defaults to `[]`) List of `aud` claims that are valid for + login; any match is sufficient. + + - `bound_issuer` (Defaults to `""`) The value against which to match the `iss` + claim in a JWT. + + - `expiration_leeway` (Defaults to `"0s"`) Duration of leeway when + validating expiration of a token to account for clock skew. Defaults to 150s + (2.5 minutes) if set to 0s and can be disabled if set to -1ns. + + - `not_before_leeway` (Defaults to `"0s"`) Duration of leeway when + validating not before values of a token to account for clock skew. Defaults + to 150s (2.5 minutes) if set to 0s and can be disabled if set to -1. + + - `clock_skew_leeway` (Defaults to `"0s"`) Duration of leeway when + validating all claims to account for clock skew. Defaults to 60s (1 minute) + if set to 0s and can be disabled if set to -1ns. + + - `claim_assertions` (Defaults to []) List of assertions about the mapped + claims required to authorize the incoming RPC request. The syntax uses + github.com/hashicorp/go-bexpr which is shared with the + [API filtering feature](/api/features/filtering). For example, the following + configurations when combined will ensure that the JWT `sub` matches the node + name requested by the client. + + ``` + claim_mappings { + sub = "node_name" + } + claim_assertions = [ + "value.node_name == \"${node}\"" + ] + ``` + + The assertions are lightly templated using [HIL syntax](https://github.com/hashicorp/hil) + to interpolate some values from the RPC request. The list of variables that can be interpolated + are: + + - `node` - The node name the client agent is requesting. + + - `segment` - The network segment name the client is requesting. + + - `partition` - The admin partition name the client is requesting. + +- `auto_encrypt` This object allows setting options for the `auto_encrypt` feature. + + The following sub-keys are available: + + - `allow_tls` (Defaults to `false`) This option enables + `auto_encrypt` on the servers and allows them to automatically distribute certificates + from the Connect CA to the clients. If enabled, the server can accept incoming + connections from both the built-in CA and the Connect CA, as well as their certificates. + Note, the server will only present the built-in CA and certificate, which the + client can verify using the CA it received from `auto_encrypt` endpoint. If disabled, + a client configured with `auto_encrypt.tls` will be unable to start. + + - `tls` (Defaults to `false`) Allows the client to request the + Connect CA and certificates from the servers, for encrypting RPC communication. + The client will make the request to any servers listed in the `-join` or `-retry-join` + option. This requires that every server to have `auto_encrypt.allow_tls` enabled. + When both `auto_encrypt` options are used, it allows clients to receive certificates + that are generated on the servers. If the `-server-port` is not the default one, + it has to be provided to the client as well. Usually this is discovered through + LAN gossip, but `auto_encrypt` provision happens before the information can be + distributed through gossip. The most secure `auto_encrypt` setup is when the + client is provided with the built-in CA, `verify_server_hostname` is turned on, + and when an ACL token with `node.write` permissions is setup. It is also possible + to use `auto_encrypt` with a CA and ACL, but without `verify_server_hostname`, + or only with a ACL enabled, or only with CA and `verify_server_hostname`, or + only with a CA, or finally without a CA and without ACL enabled. In any case, + the communication to the `auto_encrypt` endpoint is always TLS encrypted. + + ~> **Warning:** Enabling `auto_encrypt.tls` conflicts with the [`auto_config`](#auto_config) feature. + Only one option may be specified. + + - `dns_san` (Defaults to `[]`) When this option is being + used, the certificates requested by `auto_encrypt` from the server have these + `dns_san` set as DNS SAN. + + - `ip_san` (Defaults to `[]`) When this option is being used, + the certificates requested by `auto_encrypt` from the server have these `ip_san` + set as IP SAN. + +- `bootstrap` Equivalent to the [`-bootstrap` command-line flag](#_bootstrap). + +- `bootstrap_expect` Equivalent to the [`-bootstrap-expect` command-line flag](#_bootstrap_expect). + +- `bind_addr` Equivalent to the [`-bind` command-line flag](#_bind). + + This parameter can be set to a go-sockaddr template that resolves to a single + address. Special characters such as backslashes `\` or double quotes `"` + within a double quoted string value must be escaped with a backslash `\`. + Some example templates: + + + +```hcl +bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr \"address\" }}" +``` + +```json +{ + "bind_addr": "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr \"address\" }}" +} +``` + + + +- `cache` configuration for client agents. The configurable values are the following: + + - `entry_fetch_max_burst` The size of the token bucket used to recharge the rate-limit per + cache entry. The default value is 2 and means that when cache has not been updated + for a long time, 2 successive queries can be made as long as the rate-limit is not + reached. + + - `entry_fetch_rate` configures the rate-limit at which the cache may refresh a single + entry. On a cluster with many changes/s, watching changes in the cache might put high + pressure on the servers. This ensures the number of requests for a single cache entry + will never go beyond this limit, even when a given service changes every 1/100s. + Since this is a per cache entry limit, having a highly unstable service will only rate + limit the watched on this service, but not the other services/entries. + The value is strictly positive, expressed in queries per second as a float, + 1 means 1 query per second, 0.1 mean 1 request every 10s maximum. + The default value is "No limit" and should be tuned on large + clusters to avoid performing too many RPCs on entries changing a lot. + +- `check_update_interval` ((#check_update_interval)) + This interval controls how often check output from checks in a steady state is + synchronized with the server. By default, this is set to 5 minutes ("5m"). Many + checks which are in a steady state produce slightly different output per run (timestamps, + etc) which cause constant writes. This configuration allows deferring the sync + of check output for a given interval to reduce write pressure. If a check ever + changes state, the new state and associated output is synchronized immediately. + To disable this behavior, set the value to "0s". + +- `client_addr` Equivalent to the [`-client` command-line flag](#_client). + +- `config_entries` This object allows setting options for centralized config entries. + + The following sub-keys are available: + + - `bootstrap` ((#config_entries_bootstrap)) + This is a list of inlined config entries to insert into the state store when + the Consul server gains leadership. This option is only applicable to server + nodes. Each bootstrap entry will be created only if it does not exist. When reloading, + any new entries that have been added to the configuration will be processed. + See the [configuration entry docs](/docs/agent/config-entries) for more + details about the contents of each entry. + +- `connect` This object allows setting options for the Connect feature. + + The following sub-keys are available: + + - `enabled` ((#connect_enabled)) Controls whether Connect features are + enabled on this agent. Should be enabled on all servers in the cluster + in order for Connect to function properly. Defaults to false. + + - `enable_mesh_gateway_wan_federation` ((#connect_enable_mesh_gateway_wan_federation)) Controls whether cross-datacenter federation traffic between servers is funneled + through mesh gateways. Defaults to false. This was added in Consul 1.8.0. + + - `ca_provider` ((#connect_ca_provider)) Controls which CA provider to + use for Connect's CA. Currently only the `aws-pca`, `consul`, and `vault` providers are supported. + This is only used when initially bootstrapping the cluster. For an existing cluster, + use the [Update CA Configuration Endpoint](/api/connect/ca#update-ca-configuration). + + - `ca_config` ((#connect_ca_config)) An object which allows setting different + config options based on the CA provider chosen. This is only used when initially + bootstrapping the cluster. For an existing cluster, use the [Update CA Configuration + Endpoint](/api/connect/ca#update-ca-configuration). + + The following providers are supported: + + #### AWS ACM Private CA Provider (`ca_provider = "aws-pca"`) + + - `existing_arn` ((#aws_ca_existing_arn)) The Amazon Resource Name (ARN) of + an existing private CA in your ACM account. If specified, Consul will + attempt to use the existing CA to issue certificates. + + #### Consul CA Provider (`ca_provider = "consul"`) + + - `private_key` ((#consul_ca_private_key)) The PEM contents of the + private key to use for the CA. + + - `root_cert` ((#consul_ca_root_cert)) The PEM contents of the root + certificate to use for the CA. + + #### Vault CA Provider (`ca_provider = "vault"`) + + - `address` ((#vault_ca_address)) The address of the Vault server to + connect to. + + - `token` ((#vault_ca_token)) The Vault token to use. In Consul 1.8.5 and later, if + the token has the [renewable](https://www.vaultproject.io/api-docs/auth/token#renewable) + flag set, Consul will attempt to renew its lease periodically after half the + duration has expired. + + - `root_pki_path` ((#vault_ca_root_pki)) The path to use for the root + CA pki backend in Vault. This can be an existing backend with a CA already + configured, or a blank/unmounted backend in which case Connect will automatically + mount/generate the CA. The Vault token given above must have `sudo` access + to this backend, as well as permission to mount the backend at this path if + it is not already mounted. + + - `intermediate_pki_path` ((#vault_ca_intermediate_pki)) + The path to use for the temporary intermediate CA pki backend in Vault. **Connect + will overwrite any data at this path in order to generate a temporary intermediate + CA**. The Vault token given above must have `write` access to this backend, + as well as permission to mount the backend at this path if it is not already + mounted. + + #### Common CA Config Options + + There are also a number of common configuration options supported by all providers: + + - `csr_max_concurrent` ((#ca_csr_max_concurrent)) Sets a limit on the number + of Certificate Signing Requests that can be processed concurrently. Defaults + to 0 (disabled). This is useful when you want to limit the number of CPU cores + available to the server for certificate signing operations. For example, on an + 8 core server, setting this to 1 will ensure that no more than one CPU core + will be consumed when generating or rotating certificates. Setting this is + recommended **instead** of `csr_max_per_second` when you want to limit the + number of cores consumed since it is simpler to reason about limiting CSR + resources this way without artificially slowing down rotations. Added in 1.4.1. + + - `csr_max_per_second` ((#ca_csr_max_per_second)) Sets a rate limit + on the maximum number of Certificate Signing Requests (CSRs) the servers will + accept. This is used to prevent CA rotation from causing unbounded CPU usage + on servers. It defaults to 50 which is conservative – a 2017 Macbook can process + about 100 per second using only ~40% of one CPU core – but sufficient for deployments + up to ~1500 service instances before the time it takes to rotate is impacted. + For larger deployments we recommend increasing this based on the expected number + of server instances and server resources, or use `csr_max_concurrent` instead + if servers have more than one CPU core. Setting this to zero disables rate limiting. + Added in 1.4.1. + + - `leaf_cert_ttl` ((#ca_leaf_cert_ttl)) The upper bound on the lease + duration of a leaf certificate issued for a service. In most cases a new leaf + certificate will be requested by a proxy before this limit is reached. This + is also the effective limit on how long a server outage can last (with no leader) + before network connections will start being rejected. Defaults to `72h`. + This value cannot be lower than 1 hour or higher than 1 year. + + This value is also used when rotating out old root certificates from + the cluster. When a root certificate has been inactive (rotated out) + for more than twice the _current_ `leaf_cert_ttl`, it will be removed + from the trusted list. + + - `root_cert_ttl` ((#ca_root_cert_ttl)) The time to live (TTL) for a root certificate. + Defaults to 10 years as `87600h`. This value, if provided, needs to be higher than the + intermediate certificate TTL. + + This setting applies to all Consul CA providers. + + For the Vault provider, this value is only used if the backend is not initialized at first. + + This value is also applied on the `ca set-config` command. + + - `private_key_type` ((#ca_private_key_type)) The type of key to generate + for this CA. This is only used when the provider is generating a new key. If + `private_key` is set for the Consul provider, or existing root or intermediate + PKI paths given for Vault then this will be ignored. Currently supported options + are `ec` or `rsa`. Default is `ec`. + + It is required that all servers in a datacenter have + the same config for the CA. It is recommended that servers in + different datacenters use the same key type and size, + although the built-in CA and Vault provider will both allow mixed CA + key types. + + Some CA providers (currently Vault) will not allow cross-signing a + new CA certificate with a different key type. This means that if you + migrate from an RSA-keyed Vault CA to an EC-keyed CA from any + provider, you may have to proceed without cross-signing which risks + temporary connection issues for workloads during the new certificate + rollout. We highly recommend testing this outside of production to + understand the impact and suggest sticking to same key type where + possible. + + Note that this only affects _CA_ keys generated by the provider. + Leaf certificate keys are always EC 256 regardless of the CA + configuration. + + - `private_key_bits` ((#ca_private_key_bits)) The length of key to + generate for this CA. This is only used when the provider is generating a new + key. If `private_key` is set for the Consul provider, or existing root or intermediate + PKI paths given for Vault then this will be ignored. + + Currently supported values are: + + - `private_key_type = ec` (default): `224, 256, 384, 521` + corresponding to the NIST P-\* curves of the same name. + - `private_key_type = rsa`: `2048, 4096` + +- `datacenter` Equivalent to the [`-datacenter` command-line flag](#_datacenter). + +- `data_dir` Equivalent to the [`-data-dir` command-line flag](#_data_dir). + +- `disable_anonymous_signature` Disables providing an anonymous + signature for de-duplication with the update check. See [`disable_update_check`](#disable_update_check). + +- `disable_host_node_id` Equivalent to the [`-disable-host-node-id` command-line flag](#_disable_host_node_id). + +- `disable_http_unprintable_char_filter` Defaults to false. Consul 1.0.3 fixed a potential security vulnerability where malicious users could craft KV keys with unprintable chars that would confuse operators using the CLI or UI into taking wrong actions. Users who had data written in older versions of Consul that did not have this restriction will be unable to delete those values by default in 1.0.3 or later. This setting enables those users to **temporarily** disable the filter such that delete operations can work on those keys again to get back to a healthy state. It is strongly recommended that this filter is not disabled permanently as it exposes the original security vulnerability. + +- `disable_remote_exec` Disables support for remote execution. When set to true, the agent will ignore + any incoming remote exec requests. In versions of Consul prior to 0.8, this defaulted + to false. In Consul 0.8 the default was changed to true, to make remote exec opt-in + instead of opt-out. + +- `disable_update_check` Disables automatic checking for security bulletins and new version releases. This is disabled in Consul Enterprise. + +- `discard_check_output` Discards the output of health checks before storing them. This reduces the number of writes to the Consul raft log in environments where health checks have volatile output like timestamps, process ids, ... + +- `discovery_max_stale` - Enables stale requests for all service discovery HTTP endpoints. This is + equivalent to the [`max_stale`](#max_stale) configuration for DNS requests. If this value is zero (default), all service discovery HTTP endpoints are forwarded to the leader. If this value is greater than zero, any Consul server can handle the service discovery request. If a Consul server is behind the leader by more than `discovery_max_stale`, the query will be re-evaluated on the leader to get more up-to-date results. Consul agents also add a new `X-Consul-Effective-Consistency` response header which indicates if the agent did a stale read. `discover-max-stale` was introduced in Consul 1.0.7 as a way for Consul operators to force stale requests from clients at the agent level, and defaults to zero which matches default consistency behavior in earlier Consul versions. + +- `dns_config` This object allows a number of sub-keys + to be set which can tune how DNS queries are serviced. Check the tutorial on [DNS caching](https://learn.hashicorp.com/tutorials/consul/dns-caching) for more detail. + + The following sub-keys are available: + + - `allow_stale` - Enables a stale query for DNS information. + This allows any Consul server, rather than only the leader, to service the request. + The advantage of this is you get linear read scalability with Consul servers. + In versions of Consul prior to 0.7, this defaulted to false, meaning all requests + are serviced by the leader, providing stronger consistency but less throughput + and higher latency. In Consul 0.7 and later, this defaults to true for better + utilization of available servers. + + - `max_stale` - When [`allow_stale`](#allow_stale) is + specified, this is used to limit how stale results are allowed to be. If a Consul + server is behind the leader by more than `max_stale`, the query will be re-evaluated + on the leader to get more up-to-date results. Prior to Consul 0.7.1 this defaulted + to 5 seconds; in Consul 0.7.1 and later this defaults to 10 years ("87600h") + which effectively allows DNS queries to be answered by any server, no matter + how stale. In practice, servers are usually only milliseconds behind the leader, + so this lets Consul continue serving requests in long outage scenarios where + no leader can be elected. + + - `node_ttl` - By default, this is "0s", so all node lookups + are served with a 0 TTL value. DNS caching for node lookups can be enabled by + setting this value. This should be specified with the "s" suffix for second or + "m" for minute. + + - `service_ttl` - This is a sub-object which allows + for setting a TTL on service lookups with a per-service policy. The "\*" wildcard + service can be used when there is no specific policy available for a service. + By default, all services are served with a 0 TTL value. DNS caching for service + lookups can be enabled by setting this value. + + - `enable_truncate` - If set to true, a UDP DNS + query that would return more than 3 records, or more than would fit into a valid + UDP response, will set the truncated flag, indicating to clients that they should + re-query using TCP to get the full set of records. + + - `only_passing` - If set to true, any nodes whose + health checks are warning or critical will be excluded from DNS results. If false, + the default, only nodes whose health checks are failing as critical will be excluded. + For service lookups, the health checks of the node itself, as well as the service-specific + checks are considered. For example, if a node has a health check that is critical + then all services on that node will be excluded because they are also considered + critical. + + - `recursor_strategy` - If set to `sequential`, Consul will query recursors in the + order listed in the [`recursors`](#recursors) option. If set to `random`, + Consul will query an upstream DNS resolvers in a random order. Defaults to + `sequential`. + + - `recursor_timeout` - Timeout used by Consul when + recursively querying an upstream DNS server. See [`recursors`](#recursors) for more details. Default is 2s. This is available in Consul 0.7 and later. + + - `disable_compression` - If set to true, DNS + responses will not be compressed. Compression was added and enabled by default + in Consul 0.7. + + - `udp_answer_limit` - Limit the number of resource + records contained in the answer section of a UDP-based DNS response. This parameter + applies only to UDP DNS queries that are less than 512 bytes. This setting is + deprecated and replaced in Consul 1.0.7 by [`a_record_limit`](#a_record_limit). + + - `a_record_limit` - Limit the number of resource + records contained in the answer section of a A, AAAA or ANY DNS response (both + TCP and UDP). When answering a question, Consul will use the complete list of + matching hosts, shuffle the list randomly, and then limit the number of answers + to `a_record_limit` (default: no limit). This limit does not apply to SRV records. + + In environments where [RFC 3484 Section 6](https://tools.ietf.org/html/rfc3484#section-6) Rule 9 + is implemented and enforced (i.e. DNS answers are always sorted and + therefore never random), clients may need to set this value to `1` to + preserve the expected randomized distribution behavior (note: + [RFC 3484](https://tools.ietf.org/html/rfc3484) has been obsoleted by + [RFC 6724](https://tools.ietf.org/html/rfc6724) and as a result it should + be increasingly uncommon to need to change this value with modern + resolvers). + + - `enable_additional_node_meta_txt` - When set to true, Consul + will add TXT records for Node metadata into the Additional section of the DNS responses for several query types such as SRV queries. When set to false those records are not emitted. This does not impact the behavior of those same TXT records when they would be added to the Answer section of the response like when querying with type TXT or ANY. This defaults to true. + + - `soa` Allow to tune the setting set up in SOA. Non specified + values fallback to their default values, all values are integers and expressed + as seconds. + + The following settings are available: + + - `expire` ((#soa_expire)) - Configure SOA Expire duration in seconds, + default value is 86400, ie: 24 hours. + + - `min_ttl` ((#soa_min_ttl)) - Configure SOA DNS minimum TTL. As explained + in [RFC-2308](https://tools.ietf.org/html/rfc2308) this also controls negative + cache TTL in most implementations. Default value is 0, ie: no minimum delay + or negative TTL. + + - `refresh` ((#soa_refresh)) - Configure SOA Refresh duration in seconds, + default value is `3600`, ie: 1 hour. + + - `retry` ((#soa_retry)) - Configures the Retry duration expressed + in seconds, default value is 600, ie: 10 minutes. + + - `use_cache` ((#dns_use_cache)) - When set to true, DNS resolution will + use the agent cache described in [agent caching](/api/features/caching). + This setting affects all service and prepared queries DNS requests. Implies [`allow_stale`](#allow_stale) + + - `cache_max_age` ((#dns_cache_max_age)) - When [use_cache](#dns_use_cache) + is enabled, the agent will attempt to re-fetch the result from the servers if + the cached value is older than this duration. See: [agent caching](/api/features/caching). + + **Note** that unlike the `max-age` HTTP header, a value of 0 for this field is + equivalent to "no max age". To get a fresh value from the cache use a very small value + of `1ns` instead of 0. + + - `prefer_namespace` ((#dns_prefer_namespace)) **Deprecated in + Consul 1.11. Use the [canonical DNS format](/docs/discovery/dns#namespaced-partitioned-services) instead.** - + When set to true, in a DNS query for a service, the label between the domain + and the `service` label will be treated as a namespace name instead of a datacenter. + When set to false, the default, the behavior will be the same as non-Enterprise + versions and will assume the label is the datacenter. See: [this section](/docs/discovery/dns#namespaced-services) + for more details. + +- `domain` Equivalent to the [`-domain` command-line flag](#_domain). + +- `enable_acl_replication` **Deprecated in Consul 1.11. Use the [`acl.enable_token_replication`](#acl_enable_token_replication) field instead.** + When set on a Consul server, enables ACL replication without having to set + the replication token via [`acl_replication_token`](#acl_replication_token). Instead, enable ACL replication + and then introduce the token using the [agent token API](/api/agent#update-acl-tokens) on each server. + See [`acl_replication_token`](#acl_replication_token) for more details. + + ~> **Warning:** When enabling ACL token replication on the secondary datacenter, + policies and roles already present in the secondary datacenter will be lost. For + production environments, consider configuring ACL replication in your initial + datacenter bootstrapping process. + +- `enable_agent_tls_for_checks` When set, uses a subset of the agent's TLS configuration (`key_file`, + `cert_file`, `ca_file`, `ca_path`, and `server_name`) to set up the client for HTTP or gRPC health checks. This allows services requiring 2-way TLS to be checked using the agent's credentials. This was added in Consul 1.0.1 and defaults to false. + +- `enable_central_service_config` When set, the Consul agent will look for any + [centralized service configuration](/docs/agent/config-entries) + that match a registering service instance. If it finds any, the agent will merge the centralized defaults with the service instance configuration. This allows for things like service protocol or proxy configuration to be defined centrally and inherited by any affected service registrations. + This defaults to `false` in versions of Consul prior to 1.9.0, and defaults to `true` in Consul 1.9.0 and later. + +- `enable_debug` When set, enables some additional debugging features. Currently, this is only used to + access runtime profiling HTTP endpoints, which are available with an `operator:read` ACL regardless of the value of `enable_debug`. + +- `enable_script_checks` Equivalent to the [`-enable-script-checks` command-line flag](#_enable_script_checks). + + ACLs must be enabled for agents and the `enable_script_checks` option must be set to `true` to enable script checks in Consul 0.9.0 and later. See [Registering and Querying Node Information](/docs/security/acl/acl-rules#registering-and-querying-node-information) for related information. + + ~> **Security Warning:** Enabling script checks in some configurations may introduce a known remote execution vulnerability targeted by malware. We strongly recommend `enable_local_script_checks` instead. Refer to the following article for additional guidance: [_Protecting Consul from RCE Risk in Specific Configurations_](https://www.hashicorp.com/blog/protecting-consul-from-rce-risk-in-specific-configurations) + for more details. + +- `enable_local_script_checks` Equivalent to the [`-enable-local-script-checks` command-line flag](#_enable_local_script_checks). + +- `enable_syslog` Equivalent to the [`-syslog` command-line flag](#_syslog). + +- `encrypt` Equivalent to the [`-encrypt` command-line flag](#_encrypt). + +- `encrypt_verify_incoming` - This is an optional + parameter that can be used to disable enforcing encryption for incoming gossip + in order to upshift from unencrypted to encrypted gossip on a running cluster. + See [this section](/docs/agent/encryption#configuring-gossip-encryption-on-an-existing-cluster) + for more information. Defaults to true. + +- `encrypt_verify_outgoing` - This is an optional + parameter that can be used to disable enforcing encryption for outgoing gossip + in order to upshift from unencrypted to encrypted gossip on a running cluster. + See [this section](/docs/agent/encryption#configuring-gossip-encryption-on-an-existing-cluster) + for more information. Defaults to true. + +- `disable_keyring_file` - Equivalent to the + [`-disable-keyring-file` command-line flag](#_disable_keyring_file). + +- `disable_coordinates` - Disables sending of [network coordinates](/docs/architecture/coordinates). + When network coordinates are disabled the `near` query param will not work to sort the nodes, + and the [`consul rtt`](/commands/rtt) command will not be able to provide round trip time between nodes. + +- `gossip_lan` - **(Advanced)** This object contains a + number of sub-keys which can be set to tune the LAN gossip communications. These + are only provided for users running especially large clusters that need fine tuning + and are prepared to spend significant effort correctly tuning them for their environment + and workload. **Tuning these improperly can cause Consul to fail in unexpected + ways**. The default values are appropriate in almost all deployments. + + - `gossip_nodes` - The number of random nodes to send + gossip messages to per gossip_interval. Increasing this number causes the gossip + messages to propagate across the cluster more quickly at the expense of increased + bandwidth. The default is 3. + + - `gossip_interval` - The interval between sending + messages that need to be gossiped that haven't been able to piggyback on probing + messages. If this is set to zero, non-piggyback gossip is disabled. By lowering + this value (more frequent) gossip messages are propagated across the cluster + more quickly at the expense of increased bandwidth. The default is 200ms. + + - `probe_interval` - The interval between random + node probes. Setting this lower (more frequent) will cause the cluster to detect + failed nodes more quickly at the expense of increased bandwidth usage. The default + is 1s. + + - `probe_timeout` - The timeout to wait for an ack + from a probed node before assuming it is unhealthy. This should be at least the + 99-percentile of RTT (round-trip time) on your network. The default is 500ms + and is a conservative value suitable for almost all realistic deployments. + + - `retransmit_mult` - The multiplier for the number + of retransmissions that are attempted for messages broadcasted over gossip. The + number of retransmits is scaled using this multiplier and the cluster size. The + higher the multiplier, the more likely a failed broadcast is to converge at the + expense of increased bandwidth. The default is 4. + + - `suspicion_mult` - The multiplier for determining + the time an inaccessible node is considered suspect before declaring it dead. + The timeout is scaled with the cluster size and the probe_interval. This allows + the timeout to scale properly with expected propagation delay with a larger cluster + size. The higher the multiplier, the longer an inaccessible node is considered + part of the cluster before declaring it dead, giving that suspect node more time + to refute if it is indeed still alive. The default is 4. + +- `gossip_wan` - **(Advanced)** This object contains a + number of sub-keys which can be set to tune the WAN gossip communications. These + are only provided for users running especially large clusters that need fine tuning + and are prepared to spend significant effort correctly tuning them for their environment + and workload. **Tuning these improperly can cause Consul to fail in unexpected + ways**. The default values are appropriate in almost all deployments. + + - `gossip_nodes` - The number of random nodes to send + gossip messages to per gossip_interval. Increasing this number causes the gossip + messages to propagate across the cluster more quickly at the expense of increased + bandwidth. The default is 4. + + - `gossip_interval` - The interval between sending + messages that need to be gossiped that haven't been able to piggyback on probing + messages. If this is set to zero, non-piggyback gossip is disabled. By lowering + this value (more frequent) gossip messages are propagated across the cluster + more quickly at the expense of increased bandwidth. The default is 500ms. + + - `probe_interval` - The interval between random + node probes. Setting this lower (more frequent) will cause the cluster to detect + failed nodes more quickly at the expense of increased bandwidth usage. The default + is 5s. + + - `probe_timeout` - The timeout to wait for an ack + from a probed node before assuming it is unhealthy. This should be at least the + 99-percentile of RTT (round-trip time) on your network. The default is 3s + and is a conservative value suitable for almost all realistic deployments. + + - `retransmit_mult` - The multiplier for the number + of retransmissions that are attempted for messages broadcasted over gossip. The + number of retransmits is scaled using this multiplier and the cluster size. The + higher the multiplier, the more likely a failed broadcast is to converge at the + expense of increased bandwidth. The default is 4. + + - `suspicion_mult` - The multiplier for determining + the time an inaccessible node is considered suspect before declaring it dead. + The timeout is scaled with the cluster size and the probe_interval. This allows + the timeout to scale properly with expected propagation delay with a larger cluster + size. The higher the multiplier, the longer an inaccessible node is considered + part of the cluster before declaring it dead, giving that suspect node more time + to refute if it is indeed still alive. The default is 6. + +- `http_config` This object allows setting options for the HTTP API and UI. + + The following sub-keys are available: + + - `block_endpoints` + This object is a list of HTTP API endpoint prefixes to block on the agent, and + defaults to an empty list, meaning all endpoints are enabled. Any endpoint that + has a common prefix with one of the entries on this list will be blocked and + will return a 403 response code when accessed. For example, to block all of the + V1 ACL endpoints, set this to `["/v1/acl"]`, which will block `/v1/acl/create`, + `/v1/acl/update`, and the other ACL endpoints that begin with `/v1/acl`. This + only works with API endpoints, not `/ui` or `/debug`, those must be disabled + with their respective configuration options. Any CLI commands that use disabled + endpoints will no longer function as well. For more general access control, Consul's + [ACL system](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production) + should be used, but this option is useful for removing access to HTTP API endpoints + completely, or on specific agents. This is available in Consul 0.9.0 and later. + + - `response_headers` This object allows adding headers to the HTTP API and UI responses. For example, the following config can be used to enable [CORS](https://en.wikipedia.org/wiki/Cross-origin_resource_sharing) on the HTTP API endpoints: + + ```json + { + "http_config": { + "response_headers": { + "Access-Control-Allow-Origin": "*" + } + } + } + ``` + + - `allow_write_http_from` This object is a list of networks in CIDR notation (eg "127.0.0.0/8") that are allowed to call the agent write endpoints. It defaults to an empty list, which means all networks are allowed. This is used to make the agent read-only, except for select ip ranges. - To block write calls from anywhere, use `[ "255.255.255.255/32" ]`. - To only allow write calls from localhost, use `[ "127.0.0.0/8" ]` - To only allow specific IPs, use `[ "10.0.0.1/32", "10.0.0.2/32" ]` + + - `use_cache` ((#http_config_use_cache)) Defaults to true. If disabled, the agent won't be using [agent caching](/api/features/caching) to answer the request. Even when the url parameter is provided. + + - `max_header_bytes` This setting controls the maximum number of bytes the consul http server will read parsing the request header's keys and values, including the request line. It does not limit the size of the request body. If zero, or negative, http.DefaultMaxHeaderBytes is used, which equates to 1 Megabyte. + +- `leave_on_terminate` If enabled, when the agent receives a TERM signal, it will send a `Leave` message to the rest of the cluster and gracefully leave. The default behavior for this feature varies based on whether or not the agent is running as a client or a server (prior to Consul 0.7 the default value was unconditionally set to `false`). On agents in client-mode, this defaults to `true` and for agents in server-mode, this defaults to `false`. + +- `license_path` This specifies the path to a file that contains the Consul Enterprise license. Alternatively the license may also be specified in either the `CONSUL_LICENSE` or `CONSUL_LICENSE_PATH` environment variables. See the [licensing documentation](/docs/enterprise/license/overview) for more information about Consul Enterprise license management. Added in versions 1.10.0, 1.9.7 and 1.8.13. Prior to version 1.10.0 the value may be set for all agents to facilitate forwards compatibility with 1.10 but will only actually be used by client agents. + +- `limits` Available in Consul 0.9.3 and later, this is a nested + object that configures limits that are enforced by the agent. Prior to Consul 1.5.2, + this only applied to agents in client mode, not Consul servers. The following parameters + are available: + + - `http_max_conns_per_client` - Configures a limit of how many concurrent TCP connections a single client IP address is allowed to open to the agent's HTTP(S) server. This affects the HTTP(S) servers in both client and server agents. Default value is `200`. + - `https_handshake_timeout` - Configures the limit for how long the HTTPS server in both client and server agents will wait for a client to complete a TLS handshake. This should be kept conservative as it limits how many connections an unauthenticated attacker can open if `verify_incoming` is being using to authenticate clients (strongly recommended in production). Default value is `5s`. + - `rpc_handshake_timeout` - Configures the limit for how long servers will wait after a client TCP connection is established before they complete the connection handshake. When TLS is used, the same timeout applies to the TLS handshake separately from the initial protocol negotiation. All Consul clients should perform this immediately on establishing a new connection. This should be kept conservative as it limits how many connections an unauthenticated attacker can open if `verify_incoming` is being using to authenticate clients (strongly recommended in production). When `verify_incoming` is true on servers, this limits how long the connection socket and associated goroutines will be held open before the client successfully authenticates. Default value is `5s`. + - `rpc_max_conns_per_client` - Configures a limit of how many concurrent TCP connections a single source IP address is allowed to open to a single server. It affects both clients connections and other server connections. In general Consul clients multiplex many RPC calls over a single TCP connection so this can typically be kept low. It needs to be more than one though since servers open at least one additional connection for raft RPC, possibly more for WAN federation when using network areas, and snapshot requests from clients run over a separate TCP conn. A reasonably low limit significantly reduces the ability of an unauthenticated attacker to consume unbounded resources by holding open many connections. You may need to increase this if WAN federated servers connect via proxies or NAT gateways or similar causing many legitimate connections from a single source IP. Default value is `100` which is designed to be extremely conservative to limit issues with certain deployment patterns. Most deployments can probably reduce this safely. 100 connections on modern server hardware should not cause a significant impact on resource usage from an unauthenticated attacker though. + - `rpc_rate` - Configures the RPC rate limiter on Consul _clients_ by setting the maximum request rate that this agent is allowed to make for RPC requests to Consul servers, in requests per second. Defaults to infinite, which disables rate limiting. + - `rpc_max_burst` - The size of the token bucket used to recharge the RPC rate limiter on Consul _clients_. Defaults to 1000 tokens, and each token is good for a single RPC call to a Consul server. See https://en.wikipedia.org/wiki/Token_bucket for more details about how token bucket rate limiters operate. + - `kv_max_value_size` - **(Advanced)** Configures the maximum number of bytes for a kv request body to the [`/v1/kv`](/api/kv) endpoint. This limit defaults to [raft's](https://github.com/hashicorp/raft) suggested max size (512KB). **Note that tuning these improperly can cause Consul to fail in unexpected ways**, it may potentially affect leadership stability and prevent timely heartbeat signals by increasing RPC IO duration. This option affects the txn endpoint too, but Consul 1.7.2 introduced `txn_max_req_len` which is the preferred way to set the limit for the txn endpoint. If both limits are set, the higher one takes precedence. + - `txn_max_req_len` - **(Advanced)** Configures the maximum number of bytes for a transaction request body to the [`/v1/txn`](/api/txn) endpoint. This limit defaults to [raft's](https://github.com/hashicorp/raft) suggested max size (512KB). **Note that tuning these improperly can cause Consul to fail in unexpected ways**, it may potentially affect leadership stability and prevent timely heartbeat signals by increasing RPC IO duration. + +- `log_file` Equivalent to the [`-log-file` command-line flag](#_log_file). + +- `log_rotate_duration` Equivalent to the [`-log-rotate-duration` command-line flag](#_log_rotate_duration). + +- `log_rotate_bytes` Equivalent to the [`-log-rotate-bytes` command-line flag](#_log_rotate_bytes). + +- `log_rotate_max_files` Equivalent to the [`-log-rotate-max-files` command-line flag](#_log_rotate_max_files). + +- `log_level` Equivalent to the [`-log-level` command-line flag](#_log_level). + +- `log_json` Equivalent to the [`-log-json` command-line flag](#_log_json). + +- `default_query_time` Equivalent to the [`-default-query-time` command-line flag](#_default_query_time). + +- `max_query_time` Equivalent to the [`-max-query-time` command-line flag](#_max_query_time). + +- `node_id` Equivalent to the [`-node-id` command-line flag](#_node_id). + +- `node_name` Equivalent to the [`-node` command-line flag](#_node). + +- `node_meta` Available in Consul 0.7.3 and later, This object allows associating arbitrary metadata key/value pairs with the local node, which can then be used for filtering results from certain catalog endpoints. See the [`-node-meta` command-line flag](#_node_meta) for more information. + + ```json + { + "node_meta": { + "instance_type": "t2.medium" + } + } + ``` + +- `partition` - This flag is used to set + the name of the admin partition the agent belongs to. An agent can only join + and communicate with other agents within its admin partition. Review the + [Admin Partitions documentation](/docs/enterprise/admin-partitions) for more + details. By default, this is an empty string, which is the `default` admin + partition. This cannot be set on a server agent. + + ~> **Warning:** The `partition` option cannot be used either the + [`segment`](#segment-2) option or [`-segment`](#_segment) flag. + +- `performance` Available in Consul 0.7 and later, this is a nested object that allows tuning the performance of different subsystems in Consul. See the [Server Performance](/docs/install/performance) documentation for more details. The following parameters are available: + + - `leave_drain_time` - A duration that a server will dwell during a graceful leave in order to allow requests to be retried against other Consul servers. Under normal circumstances, this can prevent clients from experiencing "no leader" errors when performing a rolling update of the Consul servers. This was added in Consul 1.0. Must be a duration value such as 10s. Defaults to 5s. + + - `raft_multiplier` - An integer multiplier used by Consul servers to scale key Raft timing parameters. Omitting this value or setting it to 0 uses default timing described below. Lower values are used to tighten timing and increase sensitivity while higher values relax timings and reduce sensitivity. Tuning this affects the time it takes Consul to detect leader failures and to perform leader elections, at the expense of requiring more network and CPU resources for better performance. + + By default, Consul will use a lower-performance timing that's suitable + for [minimal Consul servers](/docs/install/performance#minimum), currently equivalent + to setting this to a value of 5 (this default may be changed in future versions of Consul, + depending if the target minimum server profile changes). Setting this to a value of 1 will + configure Raft to its highest-performance mode, equivalent to the default timing of Consul + prior to 0.7, and is recommended for [production Consul servers](/docs/install/performance#production). + + See the note on [last contact](/docs/install/performance#production-server-requirements) timing for more + details on tuning this parameter. The maximum allowed value is 10. + + - `rpc_hold_timeout` - A duration that a client + or server will retry internal RPC requests during leader elections. Under normal + circumstances, this can prevent clients from experiencing "no leader" errors. + This was added in Consul 1.0. Must be a duration value such as 10s. Defaults + to 7s. + +- `pid_file` Equivalent to the [`-pid-file` command line flag](#_pid_file). + +- `ports` This is a nested object that allows setting the bind ports for the following keys: + + - `dns` ((#dns_port)) - The DNS server, -1 to disable. Default 8600. + TCP and UDP. + - `http` ((#http_port)) - The HTTP API, -1 to disable. Default 8500. + TCP only. + - `https` ((#https_port)) - The HTTPS API, -1 to disable. Default -1 + (disabled). **We recommend using `8501`** for `https` by convention as some tooling + will work automatically with this. + - `grpc` ((#grpc_port)) - The gRPC API, -1 to disable. Default -1 (disabled). + **We recommend using `8502`** for `grpc` by convention as some tooling will work + automatically with this. This is set to `8502` by default when the agent runs + in `-dev` mode. Currently gRPC is only used to expose Envoy xDS API to Envoy + proxies. + - `serf_lan` ((#serf_lan_port)) - The Serf LAN port. Default 8301. TCP + and UDP. Equivalent to the [`-serf-lan-port` command line flag](#_serf_lan_port). + - `serf_wan` ((#serf_wan_port)) - The Serf WAN port. Default 8302. + Equivalent to the [`-serf-wan-port` command line flag](#_serf_wan_port). Set + to -1 to disable. **Note**: this will disable WAN federation which is not recommended. + Various catalog and WAN related endpoints will return errors or empty results. + TCP and UDP. + - `server` ((#server_rpc_port)) - Server RPC address. Default 8300. TCP + only. + - `sidecar_min_port` ((#sidecar_min_port)) - Inclusive minimum port number + to use for automatically assigned [sidecar service registrations](/docs/connect/registration/sidecar-service). + Default 21000. Set to `0` to disable automatic port assignment. + - `sidecar_max_port` ((#sidecar_max_port)) - Inclusive maximum port number + to use for automatically assigned [sidecar service registrations](/docs/connect/registration/sidecar-service). + Default 21255. Set to `0` to disable automatic port assignment. + - `expose_min_port` ((#expose_min_port)) - Inclusive minimum port number + to use for automatically assigned [exposed check listeners](/docs/connect/registration/service-registration#expose-paths-configuration-reference). + Default 21500. Set to `0` to disable automatic port assignment. + - `expose_max_port` ((#expose_max_port)) - Inclusive maximum port number + to use for automatically assigned [exposed check listeners](/docs/connect/registration/service-registration#expose-paths-configuration-reference). + Default 21755. Set to `0` to disable automatic port assignment. + +- `primary_datacenter` - This designates the datacenter + which is authoritative for ACL information, intentions and is the root Certificate + Authority for Connect. It must be provided to enable ACLs. All servers and datacenters + must agree on the primary datacenter. Setting it on the servers is all you need + for cluster-level enforcement, but for the APIs to forward properly from the clients, + it must be set on them too. In Consul 0.8 and later, this also enables agent-level + enforcement of ACLs. + +- `primary_gateways` Equivalent to the [`-primary-gateway` + command-line flag](#_primary_gateway). Takes a list of addresses to use as the + mesh gateways for the primary datacenter when authoritative replicated catalog + data is not present. Discovery happens every [`primary_gateways_interval`](#primary_gateways_interval) + until at least one primary mesh gateway is discovered. This was added in Consul + 1.8.0. + +- `primary_gateways_interval` Time to wait + between [`primary_gateways`](#primary_gateways) discovery attempts. Defaults to + 30s. This was added in Consul 1.8.0. + +- `protocol` ((#protocol)) Equivalent to the [`-protocol` command-line + flag](#_protocol). + +- `raft_boltdb` ((#raft_boltdb)) This is a nested object that allows configuring + options for Raft's BoltDB based log store. + + - `NoFreelistSync` ((#NoFreelistSync)) Setting this to `true` will disable + syncing the BoltDB freelist to disk within the raft.db file. Not syncing + the freelist to disk will reduce disk IO required for write operations + at the expense of potentially increasing start up time due to needing + to scan the db to discover where the free space resides within the file. + + +- `raft_protocol` ((#raft_protocol)) Equivalent to the [`-raft-protocol` + command-line flag](#_raft_protocol). + +- `raft_snapshot_threshold` ((#\_raft_snapshot_threshold)) This controls the + minimum number of raft commit entries between snapshots that are saved to + disk. This is a low-level parameter that should rarely need to be changed. + Very busy clusters experiencing excessive disk IO may increase this value to + reduce disk IO, and minimize the chances of all servers taking snapshots at + the same time. Increasing this trades off disk IO for disk space since the log + will grow much larger and the space in the raft.db file can't be reclaimed + till the next snapshot. Servers may take longer to recover from crashes or + failover if this is increased significantly as more logs will need to be + replayed. In Consul 1.1.0 and later this defaults to 16384, and in prior + versions it was set to 8192. + + Since Consul 1.10.0 this can be reloaded using `consul reload` or sending the + server a `SIGHUP` to allow tuning snapshot activity without a rolling restart + in emergencies. + +- `raft_snapshot_interval` ((#\_raft_snapshot_interval)) This controls how often + servers check if they need to save a snapshot to disk. This is a low-level + parameter that should rarely need to be changed. Very busy clusters + experiencing excessive disk IO may increase this value to reduce disk IO, and + minimize the chances of all servers taking snapshots at the same time. + Increasing this trades off disk IO for disk space since the log will grow much + larger and the space in the raft.db file can't be reclaimed till the next + snapshot. Servers may take longer to recover from crashes or failover if this + is increased significantly as more logs will need to be replayed. In Consul + 1.1.0 and later this defaults to `30s`, and in prior versions it was set to + `5s`. + + Since Consul 1.10.0 this can be reloaded using `consul reload` or sending the + server a `SIGHUP` to allow tuning snapshot activity without a rolling restart + in emergencies. + +- `raft_trailing_logs` - This controls how many log entries are left in the log + store on disk after a snapshot is made. This should only be adjusted when + followers cannot catch up to the leader due to a very large snapshot size + and high write throughput causing log truncation before an snapshot can be + fully installed on a follower. If you need to use this to recover a cluster, + consider reducing write throughput or the amount of data stored on Consul as + it is likely under a load it is not designed to handle. The default value is + 10000 which is suitable for all normal workloads. Added in Consul 1.5.3. + + Since Consul 1.10.0 this can be reloaded using `consul reload` or sending the + server a `SIGHUP` to allow recovery without downtime when followers can't keep + up. + +- `reap` This controls Consul's automatic reaping of child processes, + which is useful if Consul is running as PID 1 in a Docker container. If this isn't + specified, then Consul will automatically reap child processes if it detects it + is running as PID 1. If this is set to true or false, then it controls reaping + regardless of Consul's PID (forces reaping on or off, respectively). This option + was removed in Consul 0.7.1. For later versions of Consul, you will need to reap + processes using a wrapper, please see the [Consul Docker image entry point script](https://github.com/hashicorp/docker-consul/blob/master/0.X/docker-entrypoint.sh) + for an example. If you are using Docker 1.13.0 or later, you can use the new `--init` + option of the `docker run` command and docker will enable an init process with + PID 1 that reaps child processes for the container. More info on [Docker docs](https://docs.docker.com/engine/reference/commandline/run/#options). + +- `reconnect_timeout` This controls how long it + takes for a failed node to be completely removed from the cluster. This defaults + to 72 hours and it is recommended that this is set to at least double the maximum + expected recoverable outage time for a node or network partition. WARNING: Setting + this time too low could cause Consul servers to be removed from quorum during an + extended node failure or partition, which could complicate recovery of the cluster. + The value is a time with a unit suffix, which can be "s", "m", "h" for seconds, + minutes, or hours. The value must be >= 8 hours. + +- `reconnect_timeout_wan` This is the WAN equivalent + of the [`reconnect_timeout`](#reconnect_timeout) parameter, which controls + how long it takes for a failed server to be completely removed from the WAN pool. + This also defaults to 72 hours, and must be >= 8 hours. + +- `recursors` This flag provides addresses of upstream DNS + servers that are used to recursively resolve queries if they are not inside the + service domain for Consul. For example, a node can use Consul directly as a DNS + server, and if the record is outside of the "consul." domain, the query will be + resolved upstream. As of Consul 1.0.1 recursors can be provided as IP addresses + or as go-sockaddr templates. IP addresses are resolved in order, and duplicates + are ignored. + +- `rejoin_after_leave` Equivalent to the [`-rejoin` command-line flag](#_rejoin). + +- `retry_join` - Equivalent to the [`-retry-join`](#retry-join) command-line flag. + +- `retry_interval` Equivalent to the [`-retry-interval` command-line flag](#_retry_interval). + +- `retry_join_wan` Equivalent to the [`-retry-join-wan` command-line flag](#_retry_join_wan). Takes a list of addresses to attempt joining to WAN every [`retry_interval_wan`](#_retry_interval_wan) until at least one join works. + +- `retry_interval_wan` Equivalent to the [`-retry-interval-wan` command-line flag](#_retry_interval_wan). + +- `rpc` configuration for Consul servers. + + - `enable_streaming` ((#rpc_enable_streaming)) defaults to true. If set to false it will disable + the gRPC subscribe endpoint on a Consul Server. All + servers in all federated datacenters must have this enabled before any client can use + [`use_streaming_backend`](#use_streaming_backend). + +- `segment` - Equivalent to the [`-segment` command-line flag](#_segment). + + ~> **Warning:** The `segment` option cannot be used with the [`partition`](#partition-1) option. + +- `segments` - (Server agents only) This is a list of nested objects + that specifies user-defined network segments, not including the `` segment, which is + created automatically. Review the [Network Segments documentation](/docs/enterprise/network-segments) + for more details. + + - `name` ((#segment_name)) - The name of the segment. Must be a string + between 1 and 64 characters in length. + - `bind` ((#segment_bind)) - The bind address to use for the segment's + gossip layer. Defaults to the [`-bind`](#_bind) value if not provided. + - `port` ((#segment_port)) - The port to use for the segment's gossip + layer (required). + - `advertise` ((#segment_advertise)) - The advertise address to use for + the segment's gossip layer. Defaults to the [`-advertise`](#_advertise) value + if not provided. + - `rpc_listener` ((#segment_rpc_listener)) - If true, a separate RPC + listener will be started on this segment's [`-bind`](#_bind) address on the rpc + port. Only valid if the segment's bind address differs from the [`-bind`](#_bind) + address. Defaults to false. + +- `server` Equivalent to the [`-server` command-line flag](#_server). + +- `non_voting_server` - **This field is deprecated in Consul 1.9.1. See the [`read_replica`](#read_replica) field instead.** + +- `read_replica` - Equivalent to the [`-read-replica` command-line flag](#_read_replica). + +- `session_ttl_min` The minimum allowed session TTL. This ensures sessions are not created with TTL's + shorter than the specified limit. It is recommended to keep this limit at or above + the default to encourage clients to send infrequent heartbeats. Defaults to 10s. + +- `skip_leave_on_interrupt` This is similar + to [`leave_on_terminate`](#leave_on_terminate) but only affects interrupt handling. + When Consul receives an interrupt signal (such as hitting Control-C in a terminal), + Consul will gracefully leave the cluster. Setting this to `true` disables that + behavior. The default behavior for this feature varies based on whether or not + the agent is running as a client or a server (prior to Consul 0.7 the default value + was unconditionally set to `false`). On agents in client-mode, this defaults to + `false` and for agents in server-mode, this defaults to `true` (i.e. Ctrl-C on + a server will keep the server in the cluster and therefore quorum, and Ctrl-C on + a client will gracefully leave). + +- `start_join` An array of strings specifying addresses + of nodes to [`-join`](#_join) upon startup. Note that using + `retry_join` could be more appropriate to help mitigate + node startup race conditions when automating a Consul cluster deployment. + +- `start_join_wan` An array of strings specifying addresses + of WAN nodes to [`-join-wan`](#_join_wan) upon startup. + +- `telemetry` This is a nested object that configures where + Consul sends its runtime telemetry, and contains the following keys: + + - `circonus_api_token` ((#telemetry-circonus_api_token)) A valid API + Token used to create/manage check. If provided, metric management is + enabled. + + - `circonus_api_app` ((#telemetry-circonus_api_app)) A valid app name + associated with the API token. By default, this is set to "consul". + + - `circonus_api_url` ((#telemetry-circonus_api_url)) + The base URL to use for contacting the Circonus API. By default, this is set + to "https://api.circonus.com/v2". + + - `circonus_submission_interval` ((#telemetry-circonus_submission_interval)) The interval at which metrics are submitted to Circonus. By default, this is set to "10s" (ten seconds). + + - `circonus_submission_url` ((#telemetry-circonus_submission_url)) + The `check.config.submission_url` field, of a Check API object, from a previously + created HTTPTrap check. + + - `circonus_check_id` ((#telemetry-circonus_check_id)) + The Check ID (not **check bundle**) from a previously created HTTPTrap check. + The numeric portion of the `check._cid` field in the Check API object. + + - `circonus_check_force_metric_activation` ((#telemetry-circonus_check_force_metric_activation)) Force activation of metrics which already exist and are not currently active. + If check management is enabled, the default behavior is to add new metrics as + they are encountered. If the metric already exists in the check, it will **not** + be activated. This setting overrides that behavior. By default, this is set to + false. + + - `circonus_check_instance_id` ((#telemetry-circonus_check_instance_id)) Uniquely identifies the metrics coming from this **instance**. It can be used to + maintain metric continuity with transient or ephemeral instances as they move + around within an infrastructure. By default, this is set to hostname:application + name (e.g. "host123:consul"). + + - `circonus_check_search_tag` ((#telemetry-circonus_check_search_tag)) A special tag which, when coupled with the instance id, helps to narrow down + the search results when neither a Submission URL or Check ID is provided. By + default, this is set to service:application name (e.g. "service:consul"). + + - `circonus_check_display_name` ((#telemetry-circonus_check_display_name)) Specifies a name to give a check when it is created. This name is displayed in + the Circonus UI Checks list. Available in Consul 0.7.2 and later. + + - `circonus_check_tags` ((#telemetry-circonus_check_tags)) + Comma separated list of additional tags to add to a check when it is created. + Available in Consul 0.7.2 and later. + + - `circonus_broker_id` ((#telemetry-circonus_broker_id)) + The ID of a specific Circonus Broker to use when creating a new check. The numeric + portion of `broker._cid` field in a Broker API object. If metric management is + enabled and neither a Submission URL nor Check ID is provided, an attempt will + be made to search for an existing check using Instance ID and Search Tag. If + one is not found, a new HTTPTrap check will be created. By default, this is not + used and a random Enterprise Broker is selected, or the default Circonus Public + Broker. + + - `circonus_broker_select_tag` ((#telemetry-circonus_broker_select_tag)) A special tag which will be used to select a Circonus Broker when a Broker ID + is not provided. The best use of this is to as a hint for which broker should + be used based on **where** this particular instance is running (e.g. a specific + geo location or datacenter, dc:sfo). By default, this is left blank and not used. + + - `disable_compat_1.9` ((#telemetry-disable_compat_1.9)) + This allows users to disable metrics deprecated in 1.9 so they are no longer emitted, saving on performance and storage in large deployments. Defaults to false. + + - `disable_hostname` ((#telemetry-disable_hostname)) + This controls whether or not to prepend runtime telemetry with the machine's + hostname, defaults to false. + + - `dogstatsd_addr` ((#telemetry-dogstatsd_addr)) This provides the address + of a DogStatsD instance in the format `host:port`. DogStatsD is a protocol-compatible + flavor of statsd, with the added ability to decorate metrics with tags and event + information. If provided, Consul will send various telemetry information to that + instance for aggregation. This can be used to capture runtime information. + + - `dogstatsd_tags` ((#telemetry-dogstatsd_tags)) This provides a list + of global tags that will be added to all telemetry packets sent to DogStatsD. + It is a list of strings, where each string looks like "my_tag_name:my_tag_value". + + - `filter_default` ((#telemetry-filter_default)) + This controls whether to allow metrics that have not been specified by the filter. + Defaults to `true`, which will allow all metrics when no filters are provided. + When set to `false` with no filters, no metrics will be sent. + + - `metrics_prefix` ((#telemetry-metrics_prefix)) + The prefix used while writing all telemetry data. By default, this is set to + "consul". This was added in Consul 1.0. For previous versions of Consul, use + the config option `statsite_prefix` in this same structure. This was renamed + in Consul 1.0 since this prefix applied to all telemetry providers, not just + statsite. + + - `prefix_filter` ((#telemetry-prefix_filter)) + This is a list of filter rules to apply for allowing/blocking metrics by + prefix in the following format: + + ```json + ["+consul.raft.apply", "-consul.http", "+consul.http.GET"] + ``` + + A leading "**+**" will enable any metrics with the given prefix, and a leading "**-**" will block them. If there is overlap between two rules, the more specific rule will take precedence. Blocking will take priority if the same prefix is listed multiple times. + + - `prometheus_retention_time` ((#telemetry-prometheus_retention_time)) If the value is greater than `0s` (the default), this enables [Prometheus](https://prometheus.io/) + export of metrics. The duration can be expressed using the duration semantics + and will aggregates all counters for the duration specified (it might have an + impact on Consul's memory usage). A good value for this parameter is at least + 2 times the interval of scrape of Prometheus, but you might also put a very high + retention time such as a few days (for instance 744h to enable retention to 31 + days). Fetching the metrics using prometheus can then be performed using the + [`/v1/agent/metrics?format=prometheus`](/api/agent#view-metrics) endpoint. + The format is compatible natively with prometheus. When running in this mode, + it is recommended to also enable the option [`disable_hostname`](#telemetry-disable_hostname) + to avoid having prefixed metrics with hostname. Consul does not use the default + Prometheus path, so Prometheus must be configured as follows. Note that using + ?format=prometheus in the path won't work as ? will be escaped, so it must be + specified as a parameter. + + ```yaml + metrics_path: '/v1/agent/metrics' + params: + format: ['prometheus'] + ``` + + - `statsd_address` ((#telemetry-statsd_address)) This provides the address + of a statsd instance in the format `host:port`. If provided, Consul will send + various telemetry information to that instance for aggregation. This can be used + to capture runtime information. This sends UDP packets only and can be used with + statsd or statsite. + + - `statsite_address` ((#telemetry-statsite_address)) This provides the + address of a statsite instance in the format `host:port`. If provided, Consul + will stream various telemetry information to that instance for aggregation. This + can be used to capture runtime information. This streams via TCP and can only + be used with statsite. + +- `syslog_facility` When [`enable_syslog`](#enable_syslog) + is provided, this controls to which facility messages are sent. By default, `LOCAL0` + will be used. + +- `translate_wan_addrs` If set to true, Consul + will prefer a node's configured [WAN address](#_advertise-wan) + when servicing DNS and HTTP requests for a node in a remote datacenter. This allows + the node to be reached within its own datacenter using its local address, and reached + from other datacenters using its WAN address, which is useful in hybrid setups + with mixed networks. This is disabled by default. + + Starting in Consul 0.7 and later, node addresses in responses to HTTP requests will also prefer a + node's configured [WAN address](#_advertise-wan) when querying for a node in a remote + datacenter. An [`X-Consul-Translate-Addresses`](/api#translated-addresses) header + will be present on all responses when translation is enabled to help clients know that the addresses + may be translated. The `TaggedAddresses` field in responses also have a `lan` address for clients that + need knowledge of that address, regardless of translation. + + The following endpoints translate addresses: + + - [`/v1/catalog/nodes`](/api/catalog#list-nodes) + - [`/v1/catalog/node/`](/api/catalog#retrieve-map-of-services-for-a-node) + - [`/v1/catalog/service/`](/api/catalog#list-nodes-for-service) + - [`/v1/health/service/`](/api/health#list-nodes-for-service) + - [`/v1/query//execute`](/api/query#execute-prepared-query) + +- `ui` - **This field is deprecated in Consul 1.9.0. See the [`ui_config.enabled`](#ui_config_enabled) field instead.** + Equivalent to the [`-ui`](#_ui) command-line flag. + +- `ui_config` - This object allows a number of sub-keys to be set which controls + the display or features available in the UI. Configuring the UI with this + stanza was added in Consul 1.9.0. + + The following sub-keys are available: + + - `enabled` ((#ui_config_enabled)) - This enables the service of the web UI + from this agent. Boolean value, defaults to false. In `-dev` mode this + defaults to true. Replaces `ui` from before 1.9.0. Equivalent to the + [`-ui`](#_ui) command-line flag. + + - `dir` ((#ui_config_dir)) - This specifies that the web UI should be served + from an external dir rather than the build in one. This allows for + customization or development. Replaces `ui_dir` from before 1.9.0. + Equivalent to the [`-ui-dir`](#_ui_dir) command-line flag. + + - `content_path` ((#ui_config_content_path)) - This specifies the HTTP path + that the web UI should be served from. Defaults to `/ui/`. Equivalent to the + [`-ui-content-path`](#_ui_content_path) flag. + + - `metrics_provider` ((#ui_config_metrics_provider)) - Specifies a named + metrics provider implementation the UI should use to fetch service metrics. + By default metrics are disabled. Consul 1.9.0 includes a built-in provider + named `prometheus` that can be enabled explicitly here. It also requires the + `metrics_proxy` to be configured below and direct queries to a Prometheus + instance that has Envoy metrics for all services in the datacenter. + + - `metrics_provider_files` ((#ui_config_metrics_provider_files)) - An optional array + of absolute paths to javascript files on the Agent's disk which will be + served as part of the UI. These files should contain metrics provider + implementations and registration enabling UI metric queries to be customized + or implemented for an alternative time-series backend. + + ~> **Security Note:** These javascript files are included in the UI with no + further validation or sand-boxing. By configuring them here the operator is + fully trusting anyone able to write to them as well as the original authors + not to include malicious code in the UI being served. + + - `metrics_provider_options_json` ((#ui_config_metrics_provider_options_json)) - + This is an optional raw JSON object as a string which is passed to the + provider implementation's `init` method at startup to allow arbitrary + configuration to be passed through. + + - `metrics_proxy` ((#ui_config_metrics_proxy)) - This object configures an + internal agent API endpoint that will proxy GET requests to a metrics + backend to allow querying metrics data in the UI. This simplifies deployment + where the metrics backend is not exposed externally to UI users' browsers. + It may also be used to augment requests with API credentials to allow + serving graphs to UI users without them needing individual access tokens for + the metrics backend. + + ~> **Security Note:** Exposing your metrics backend via Consul in this way + should be carefully considered in production. As Consul doesn't understand + the requests, it can't limit access to only specific resources. For example + **this might make it possible for a malicious user on the network to query + for arbitrary metrics about any server or workload in your infrastructure, + or overload the metrics infrastructure with queries**. See [Metrics Proxy + Security](/docs/connect/observability/ui-visualization#metrics-proxy-security) + for more details. + + The following sub-keys are available: + + - `base_url` ((#ui_config_metrics_provider_base_url)) - This is required to + enable the proxy. It should be set to the base URL that the Consul agent + should proxy requests for metrics too. For example a value of + `http://prometheus-server` would target a Prometheus instance with local + DNS name "prometheus-server" on port 80. This may include a path prefix + which will then not be necessary in provider requests to the backend and + the proxy will prevent any access to paths without that prefix on the + backend. + + - `path_allowlist` ((#ui_config_metrics_provider_path_allowlist)) - This + specifies the paths that may be proxies to when appended to the + `base_url`. It defaults to `["/api/v1/query_range", "/api/v1/query"]` + which are the endpoints required for the built-in Prometheus provider. If + a [custom + provider](/docs/connect/observability/ui-visualization#custom-metrics-providers) + is used that requires the metrics proxy, the correct allowlist must be + specified to enable proxying to necessary endpoints. See [Path + Allowlist](/docs/connect/observability/ui-visualization#path-allowlist) + for more information. + + - `add_headers` ((#ui_config_metrics_proxy_add_headers)) - This is an + optional list if headers to add to requests that are proxied to the + metrics backend. It may be used to inject Authorization tokens within the + agent without exposing those to UI users. + + Each item in the list is an object with the following keys: + + - `name` ((#ui_config_metrics_proxy_add_headers_name)) - Specifies the + HTTP header name to inject into proxied requests. + + - `value` ((#ui_config_metrics_proxy_add_headers_value)) - Specifies the + value in inject into proxied requests. + + - `dashboard_url_templates` ((#ui_config_dashboard_url_templates)) - This map + specifies URL templates that may be used to render links to external + dashboards in various contexts in the UI. It is a map with the name of the + template as a key. The value is a string URL with optional placeholders. + + Each template may contain placeholders which will be substituted for the + correct values in content when rendered in the UI. The placeholders + available are listed for each template. + + For more information and examples see [UI + Visualization](/docs/connect/observability/ui-visualization#configuring-dashboard-urls) + + The following named templates are defined: + + - `service` ((#ui_config_dashboard_url_templates_service)) - This is the URL + to use when linking to the dashboard for a specific service. It is shown + as part of the [Topology + Visualization](/docs/connect/observability/ui-visualization). + + The placeholders available are: + + - `{{Service.Name}}` - Replaced with the current service's name. + - `{{Service.Namespace}}` - Replaced with the current service's namespace or empty if namespaces are not enabled. + - `{{Service.Partition}}` - Replaced with the current service's admin + partition or empty if admin partitions are not enabled. + - `{{Datacenter}}` - Replaced with the current service's datacenter. + +- `ui_dir` - **This field is deprecated in Consul 1.9.0. See the [`ui_config.dir`](#ui_config_dir) field instead.** + Equivalent to the [`-ui-dir`](#_ui_dir) command-line + flag. This configuration key is not required as of Consul version 0.7.0 and later. + Specifying this configuration key will enable the web UI. There is no need to specify + both ui-dir and ui. Specifying both will result in an error. + +- `unix_sockets` - This allows tuning the ownership and + permissions of the Unix domain socket files created by Consul. Domain sockets are + only used if the HTTP address is configured with the `unix://` prefix. + + It is important to note that this option may have different effects on + different operating systems. Linux generally observes socket file permissions + while many BSD variants ignore permissions on the socket file itself. It is + important to test this feature on your specific distribution. This feature is + currently not functional on Windows hosts. + + The following options are valid within this construct and apply globally to all + sockets created by Consul: + + - `user` - The name or ID of the user who will own the socket file. + - `group` - The group ID ownership of the socket file. This option + currently only supports numeric IDs. + - `mode` - The permission bits to set on the file. + +- `use_streaming_backend` defaults to true. When enabled Consul client agents will use + streaming rpc, instead of the traditional blocking queries, for endpoints which support + streaming. All servers must have [`rpc.enable_streaming`](#rpc_enable_streaming) + enabled before any client can enable `use_streaming_backend`. + +- `watches` - Watches is a list of watch specifications which + allow an external process to be automatically invoked when a particular data view + is updated. See the [watch documentation](/docs/agent/watches) for more detail. + Watches can be modified when the configuration is reloaded. + +## TLS Configuration Reference + +This section documents all of the configuration settings that apply to Agent TLS. Agent +TLS is used by the HTTP API, server RPC, and xDS interfaces. Some of these settings may also be +applied automatically by [auto_config](#auto_config) or [auto_encrypt](#auto_encrypt). + +~> **Security Note:** The Certificate Authority (CA) specified by `ca_file` or `ca_path` +should be a private CA, not a public one. We recommend using a dedicated CA +which should not be used with any other systems. Any certificate signed by the +CA will be allowed to communicate with the cluster and a specially crafted certificate +signed by the CA can be used to gain full access to Consul. + +- `ca_file` This provides a file path to a PEM-encoded certificate + authority. The certificate authority is used to check the authenticity of client + and server connections with the appropriate [`verify_incoming`](#verify_incoming) + or [`verify_outgoing`](#verify_outgoing) flags. + +- `ca_path` This provides a path to a directory of PEM-encoded + certificate authority files. These certificate authorities are used to check the + authenticity of client and server connections with the appropriate [`verify_incoming`](#verify_incoming) or [`verify_outgoing`](#verify_outgoing) flags. + +- `cert_file` This provides a file path to a PEM-encoded + certificate. The certificate is provided to clients or servers to verify the agent's + authenticity. It must be provided along with [`key_file`](#key_file). + +- `key_file` This provides a the file path to a PEM-encoded + private key. The key is used with the certificate to verify the agent's authenticity. + This must be provided along with [`cert_file`](#cert_file). + +- `server_name` When provided, this overrides the [`node_name`](#_node) + for the TLS certificate. It can be used to ensure that the certificate name matches + the hostname we declare. + +- `tls_min_version` Added in Consul 0.7.4, this specifies + the minimum supported version of TLS. Accepted values are "tls10", "tls11", "tls12", + or "tls13". This defaults to "tls12". WARNING: TLS 1.1 and lower are generally + considered less secure; avoid using these if possible. + +- `tls_cipher_suites` Added in Consul 0.8.2, this specifies the list of + supported ciphersuites as a comma-separated-list. Applicable to TLS 1.2 and below only. + The list of all supported ciphersuites is available through + [this search](https://github.com/hashicorp/consul/search?q=cipherMap+%3A%3D+map&unscoped_q=cipherMap+%3A%3D+map). + + ~> **Note:** The ordering of cipher suites will not be guaranteed from Consul 1.11 onwards. See this + [post](https://go.dev/blog/tls-cipher-suites) for details. + +- `tls_prefer_server_cipher_suites` Added in Consul 0.8.2, this + will cause Consul to prefer the server's ciphersuite over the client ciphersuites. + + ~> **Note:** This config will be deprecated in Consul 1.11. See this + [post](https://go.dev/blog/tls-cipher-suites) for details. + +- `verify_incoming` - If set to true, Consul + requires that all incoming connections make use of TLS and that the client + provides a certificate signed by a Certificate Authority from the + [`ca_file`](#ca_file) or [`ca_path`](#ca_path). This applies to both server + RPC and to the HTTPS API. By default, this is false, and Consul will not + enforce the use of TLS or verify a client's authenticity. Turning on + `verify_incoming` on consul clients protects the HTTPS endpoint, by ensuring + that the certificate that is presented by a 3rd party tool to the HTTPS + endpoint was created by the CA that the consul client was setup with. If the + UI is served, the same checks are performed. + +- `verify_incoming_rpc` - When set to true, Consul + requires that all incoming RPC connections use TLS and that the client + provides a certificate signed by a Certificate Authority from the [`ca_file`](#ca_file) + or [`ca_path`](#ca_path). By default, this is false, and Consul will not enforce + the use of TLS or verify a client's authenticity. + + ~> **Security Note:** `verify_incoming_rpc` _must_ be set to true to prevent anyone + with access to the RPC port from gaining full access to the Consul cluster. + +- `verify_incoming_https` - If set to true, + Consul requires that all incoming HTTPS connections make use of TLS and that the + client provides a certificate signed by a Certificate Authority from the [`ca_file`](#ca_file) + or [`ca_path`](#ca_path). By default, this is false, and Consul will not enforce + the use of TLS or verify a client's authenticity. To enable the HTTPS API, you + must define an HTTPS port via the [`ports`](#ports) configuration. By default, + HTTPS is disabled. + +- `verify_outgoing` - If set to true, Consul requires + that all outgoing connections from this agent make use of TLS and that the server + provides a certificate that is signed by a Certificate Authority from the [`ca_file`](#ca_file) + or [`ca_path`](#ca_path). By default, this is false, and Consul will not make use + of TLS for outgoing connections. This applies to clients and servers as both will + make outgoing connections. + + ~> **Security Note:** Note that servers that specify `verify_outgoing = true` will always talk to other servers over TLS, but they still _accept_ + non-TLS connections to allow for a transition of all clients to TLS. + Currently the only way to enforce that no client can communicate with a + server unencrypted is to also enable `verify_incoming` which requires client + certificates too. + +- `verify_server_hostname` - When set to true, Consul verifies the TLS certificate + presented by the servers match the hostname `server..`. + By default this is false, and Consul does not verify the hostname + of the certificate, only that it is signed by a trusted CA. This setting _must_ be enabled + to prevent a compromised client from gaining full read and write access to all + cluster data _including all ACL tokens and Connect CA root keys_. This is new in 0.5.1. + + ~> **Security Note:** From versions 0.5.1 to 1.4.0, due to a bug, setting + this flag alone _does not_ imply `verify_outgoing` and leaves client to server + and server to server RPCs unencrypted despite the documentation stating otherwise. See + [CVE-2018-19653](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19653) + for more details. For those versions you **must also set `verify_outgoing = true`** to ensure encrypted RPC connections. + +### Example Configuration File, with TLS + +~> **Security Note:** all three verify options should be set as `true` to enable secure mTLS communication, enabling both +encryption and authentication. Failing to set [`verify_incoming`](#verify_incoming) or [`verify_outgoing`](#verify_outgoing) +will result in TLS not being enabled at all, even when specifying a [`ca_file`](#ca_file), [`cert_file`](#cert_file), and [`key_file`](#key_file). + +```json +{ + "datacenter": "east-aws", + "data_dir": "/opt/consul", + "log_level": "INFO", + "node_name": "foobar", + "server": true, + "addresses": { + "https": "0.0.0.0" + }, + "ports": { + "https": 8501 + }, + "key_file": "/etc/pki/tls/private/my.key", + "cert_file": "/etc/pki/tls/certs/my.crt", + "ca_file": "/etc/pki/tls/certs/ca-bundle.crt", + "verify_incoming": true, + "verify_outgoing": true, + "verify_server_hostname": true +} +``` + +See, especially, the use of the `ports` setting: + +```json +"ports": { + "https": 8501 +} +``` + +Consul will not enable TLS for the HTTP API unless the `https` port has been +assigned a port number `> 0`. We recommend using `8501` for `https` as this +default will automatically work with some tooling. \ No newline at end of file diff --git a/website/content/docs/agent/config/index.mdx b/website/content/docs/agent/config/index.mdx index 064165879..362cf36f6 100644 --- a/website/content/docs/agent/config/index.mdx +++ b/website/content/docs/agent/config/index.mdx @@ -43,2158 +43,6 @@ You can test the following configuration options by following the [Getting Started](https://learn.hashicorp.com/tutorials/consul/get-started-install?utm_source=consul.io&utm_medium=docs) tutorials to install a local agent. -## Configuration Files ((#configuration_files)) - -In addition to the command-line options, configuration for the Consul agent can be put into -files. This may be easier in certain situations, for example when Consul is -being configured using a configuration management system. - -The configuration files are formatted as HCL, or JSON. JSON formatted configs are easily readable -and editable by both humans and computers. JSON formatted configuration consists -of a single JSON object with multiple configuration keys specified within it. - -Configuration files are used for more than just setting up the agent. -They are also used to provide check and service definitions that -announce the availability of system servers to the rest of the cluster. -These definitions are documented separately under [check configuration](/docs/agent/checks) and -[service configuration](/docs/agent/services) respectively. Service and check -definitions support being updated during a reload. - - - -```hcl -datacenter = "east-aws" -data_dir = "/opt/consul" -log_level = "INFO" -node_name = "foobar" -server = true -watches = [ - { - type = "checks" - handler = "/usr/bin/health-check-handler.sh" - } -] - -telemetry { - statsite_address = "127.0.0.1:2180" -} -``` - -```json -{ - "datacenter": "east-aws", - "data_dir": "/opt/consul", - "log_level": "INFO", - "node_name": "foobar", - "server": true, - "watches": [ - { - "type": "checks", - "handler": "/usr/bin/health-check-handler.sh" - } - ], - "telemetry": { - "statsite_address": "127.0.0.1:2180" - } -} -``` - - - -#### Configuration Key Reference ((#config_key_reference)) - --> **Note:** All the TTL values described below are parsed by Go's `time` package, and have the following -[formatting specification](https://golang.org/pkg/time/#ParseDuration): "A -duration string is a possibly signed sequence of decimal numbers, each with -optional fraction and a unit suffix, such as '300ms', '-1.5h' or '2h45m'. -Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'." - -- `acl` ((#acl)) - This object allows a number of sub-keys to be set which - controls the ACL system. Configuring the ACL system within the ACL stanza was added - in Consul 1.4.0 - - The following sub-keys are available: - - - `enabled` ((#acl_enabled)) - Enables ACLs. - - - `policy_ttl` ((#acl_policy_ttl)) - Used to control Time-To-Live caching - of ACL policies. By default, this is 30 seconds. This setting has a major performance - impact: reducing it will cause more frequent refreshes while increasing it reduces - the number of refreshes. However, because the caches are not actively invalidated, - ACL policy may be stale up to the TTL value. - - - `role_ttl` ((#acl_role_ttl)) - Used to control Time-To-Live caching - of ACL roles. By default, this is 30 seconds. This setting has a major performance - impact: reducing it will cause more frequent refreshes while increasing it reduces - the number of refreshes. However, because the caches are not actively invalidated, - ACL role may be stale up to the TTL value. - - - `token_ttl` ((#acl_token_ttl)) - Used to control Time-To-Live caching - of ACL tokens. By default, this is 30 seconds. This setting has a major performance - impact: reducing it will cause more frequent refreshes while increasing it reduces - the number of refreshes. However, because the caches are not actively invalidated, - ACL token may be stale up to the TTL value. - - - `down_policy` ((#acl_down_policy)) - Either "allow", "deny", "extend-cache" - or "async-cache"; "extend-cache" is the default. In the case that a policy or - token cannot be read from the [`primary_datacenter`](#primary_datacenter) or - leader node, the down policy is applied. In "allow" mode, all actions are permitted, - "deny" restricts all operations, and "extend-cache" allows any cached objects - to be used, ignoring the expiry time of the cached entry. If the request uses an - ACL that is not in the cache, "extend-cache" falls back to the behavior of - `default_policy`. - The value "async-cache" acts the same way as "extend-cache" - but performs updates asynchronously when ACL is present but its TTL is expired, - thus, if latency is bad between the primary and secondary datacenters, latency - of operations is not impacted. - - - `default_policy` ((#acl_default_policy)) - Either "allow" or "deny"; - defaults to "allow" but this will be changed in a future major release. The default - policy controls the behavior of a token when there is no matching rule. In "allow" - mode, ACLs are a denylist: any operation not specifically prohibited is allowed. - In "deny" mode, ACLs are an allowlist: any operation not specifically - allowed is blocked. **Note**: this will not take effect until you've enabled ACLs. - - - `enable_key_list_policy` ((#acl_enable_key_list_policy)) - Boolean value, defaults to false. - When true, the `list` permission will be required on the prefix being recursively read from the KV store. - Regardless of being enabled, the full set of KV entries under the prefix will be filtered - to remove any entries that the request's ACL token does not grant at least read - permissions. This option is only available in Consul 1.0 and newer. - - - `enable_token_replication` ((#acl_enable_token_replication)) - By default - secondary Consul datacenters will perform replication of only ACL policies and - roles. Setting this configuration will will enable ACL token replication and - allow for the creation of both [local tokens](/api-docs/acl/tokens#local) and - [auth methods](/docs/security/acl/auth-methods) in connected secondary datacenters. - - ~> **Warning:** When enabling ACL token replication on the secondary datacenter, - global tokens already present in the secondary datacenter will be lost. For - production environments, consider configuring ACL replication in your initial - datacenter bootstrapping process. - - - `enable_token_persistence` ((#acl_enable_token_persistence)) - Either - `true` or `false`. When `true` tokens set using the API will be persisted to - disk and reloaded when an agent restarts. - - - `tokens` ((#acl_tokens)) - This object holds all of the configured - ACL tokens for the agents usage. - - - `initial_management` ((#acl_tokens_initial_management)) - This is available in - Consul 1.11 and later. In prior versions, use [`acl.tokens.master`](#acl_tokens_master). - - Only used for servers in the [`primary_datacenter`](#primary_datacenter). - This token will be created with management-level permissions if it does not exist. - It allows operators to bootstrap the ACL system with a token Secret ID that is - well-known. - - The `initial_management` token is only installed when a server acquires cluster - leadership. If you would like to install or change it, set the new value for - `initial_management` in the configuration for all servers. Once this is done, - restart the current leader to force a leader election. If the `initial_management` - token is not supplied, then the servers do not create an initial management token. - When you provide a value, it should be a UUID. To maintain backwards compatibility - and an upgrade path this restriction is not currently enforced but will be in a - future major Consul release. - - - `master` ((#acl_tokens_master)) **Renamed in Consul 1.11 to - [`acl.tokens.initial_management`](#acl_tokens_initial_management).** - - - `default` ((#acl_tokens_default)) - When provided, the agent will - use this token when making requests to the Consul servers. Clients can override - this token on a per-request basis by providing the "?token" query parameter. - When not provided, the empty token, which maps to the 'anonymous' ACL token, - is used. - - - `agent` ((#acl_tokens_agent)) - Used for clients and servers to perform - internal operations. If this isn't specified, then the - [`default`](#acl_tokens_default) will be used. - - This token must at least have write access to the node name it will - register as in order to set any of the node-level information in the - catalog such as metadata, or the node's tagged addresses. - - - `agent_recovery` ((#acl_tokens_agent_recovery)) - This is available in Consul 1.11 - and later. In prior versions, use [`acl.tokens.agent_master`](#acl_tokens_agent_master). - - Used to access [agent endpoints](/api-docs/agent) that require agent read or write privileges, - or node read privileges, even if Consul servers aren't present to validate any tokens. - This should only be used by operators during outages, regular ACL tokens should normally - be used by applications. - - - `agent_master` ((#acl_tokens_agent_master)) **Renamed in Consul 1.11 to - [`acl.tokens.agent_recovery`](#acl_tokens_agent_recovery).** - - - `replication` ((#acl_tokens_replication)) - The ACL token used to - authorize secondary datacenters with the primary datacenter for replication - operations. This token is required for servers outside the [`primary_datacenter`](#primary_datacenter) when ACLs are enabled. This token may be provided later using the [agent token API](/api-docs/agent#update-acl-tokens) on each server. This token must have at least "read" permissions on ACL data but if ACL token replication is enabled then it must have "write" permissions. This also enables Connect replication, for which the token will require both operator "write" and intention "read" permissions for replicating CA and Intention data. - - ~> **Warning:** When enabling ACL token replication on the secondary datacenter, - policies and roles already present in the secondary datacenter will be lost. For - production environments, consider configuring ACL replication in your initial - datacenter bootstrapping process. - - - `managed_service_provider` ((#acl_tokens_managed_service_provider)) - An - array of ACL tokens used by Consul managed service providers for cluster operations. - - - - ```hcl - managed_service_provider { - accessor_id = "ed22003b-0832-4e48-ac65-31de64e5c2ff" - secret_id = "cb6be010-bba8-4f30-a9ed-d347128dde17" - } - ``` - - ```json - "managed_service_provider": [ - { - "accessor_id": "ed22003b-0832-4e48-ac65-31de64e5c2ff", - "secret_id": "cb6be010-bba8-4f30-a9ed-d347128dde17" - } - ] - ``` - - - -- `acl_datacenter` - **This field is deprecated in Consul 1.4.0. See the [`primary_datacenter`](#primary_datacenter) field instead.** - - This designates the datacenter which is authoritative for ACL information. It must be provided to enable ACLs. All servers and datacenters must agree on the ACL datacenter. Setting it on the servers is all you need for cluster-level enforcement, but for the APIs to forward properly from the clients, - it must be set on them too. In Consul 0.8 and later, this also enables agent-level enforcement - of ACLs. Please review the [ACL tutorial](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production) for more details. - -- `acl_default_policy` ((#acl_default_policy_legacy)) - **Deprecated in Consul 1.4.0. See the [`acl.default_policy`](#acl_default_policy) field instead.** - Either "allow" or "deny"; defaults to "allow". The default policy controls the - behavior of a token when there is no matching rule. In "allow" mode, ACLs are a - denylist: any operation not specifically prohibited is allowed. In "deny" mode, - ACLs are an allowlist: any operation not specifically allowed is blocked. **Note**: - this will not take effect until you've set `primary_datacenter` to enable ACL support. - -- `acl_down_policy` ((#acl_down_policy_legacy)) - **Deprecated in Consul - 1.4.0. See the [`acl.down_policy`](#acl_down_policy) field instead.** Either "allow", - "deny", "extend-cache" or "async-cache"; "extend-cache" is the default. In the - case that the policy for a token cannot be read from the [`primary_datacenter`](#primary_datacenter) - or leader node, the down policy is applied. In "allow" mode, all actions are permitted, - "deny" restricts all operations, and "extend-cache" allows any cached ACLs to be - used, ignoring their TTL values. If a non-cached ACL is used, "extend-cache" acts - like "deny". The value "async-cache" acts the same way as "extend-cache" but performs - updates asynchronously when ACL is present but its TTL is expired, thus, if latency - is bad between ACL authoritative and other datacenters, latency of operations is - not impacted. - -- `acl_agent_master_token` ((#acl_agent_master_token_legacy)) - **Deprecated - in Consul 1.4.0. See the [`acl.tokens.agent_master`](#acl_tokens_agent_master) - field instead.** Used to access [agent endpoints](/api-docs/agent) that - require agent read or write privileges, or node read privileges, even if Consul - servers aren't present to validate any tokens. This should only be used by operators - during outages, regular ACL tokens should normally be used by applications. This - was added in Consul 0.7.2 and is only used when [`acl_enforce_version_8`](#acl_enforce_version_8) is set to true. - -- `acl_agent_token` ((#acl_agent_token_legacy)) - **Deprecated in Consul - 1.4.0. See the [`acl.tokens.agent`](#acl_tokens_agent) field instead.** Used for - clients and servers to perform internal operations. If this isn't specified, then - the [`acl_token`](#acl_token) will be used. This was added in Consul 0.7.2. - - This token must at least have write access to the node name it will register as in order to set any - of the node-level information in the catalog such as metadata, or the node's tagged addresses. - -- `acl_enforce_version_8` - **Deprecated in - Consul 1.4.0 and removed in 1.8.0.** Used for clients and servers to determine if enforcement should - occur for new ACL policies being previewed before Consul 0.8. Added in Consul 0.7.2, - this defaults to false in versions of Consul prior to 0.8, and defaults to true - in Consul 0.8 and later. This helps ease the transition to the new ACL features - by allowing policies to be in place before enforcement begins. - -- `acl_master_token` ((#acl_master_token_legacy)) - **Deprecated in Consul - 1.4.0. See the [`acl.tokens.master`](#acl_tokens_master) field instead.** - -- `acl_replication_token` ((#acl_replication_token_legacy)) - **Deprecated - in Consul 1.4.0. See the [`acl.tokens.replication`](#acl_tokens_replication) field - instead.** Only used for servers outside the [`primary_datacenter`](#primary_datacenter) - running Consul 0.7 or later. When provided, this will enable [ACL replication](https://learn.hashicorp.com/tutorials/consul/access-control-replication-multiple-datacenters) - using this ACL replication using this token to retrieve and replicate the ACLs - to the non-authoritative local datacenter. In Consul 0.9.1 and later you can enable - ACL replication using [`acl.enable_token_replication`](#acl_enable_token_replication) and then - set the token later using the [agent token API](/api-docs/agent#update-acl-tokens) - on each server. If the `acl_replication_token` is set in the config, it will automatically - set [`acl.enable_token_replication`](#acl_enable_token_replication) to true for backward compatibility. - - If there's a partition or other outage affecting the authoritative datacenter, and the - [`acl_down_policy`](/docs/agent/options#acl_down_policy) is set to "extend-cache", tokens not - in the cache can be resolved during the outage using the replicated set of ACLs. - -- `acl_token` ((#acl_token_legacy)) - **Deprecated in Consul 1.4.0. See - the [`acl.tokens.default`](#acl_tokens_default) field instead.** When provided, - the agent will use this token when making requests to the Consul servers. Clients - can override this token on a per-request basis by providing the "?token" query - parameter. When not provided, the empty token, which maps to the 'anonymous' ACL - policy, is used. - -- `acl_ttl` ((#acl_ttl_legacy)) - **Deprecated in Consul 1.4.0. See the - [`acl.token_ttl`](#acl_token_ttl) field instead.**Used to control Time-To-Live - caching of ACLs. By default, this is 30 seconds. This setting has a major performance - impact: reducing it will cause more frequent refreshes while increasing it reduces - the number of refreshes. However, because the caches are not actively invalidated, - ACL policy may be stale up to the TTL value. - -- `addresses` - This is a nested object that allows setting - bind addresses. In Consul 1.0 and later these can be set to a space-separated list - of addresses to bind to, or a [go-sockaddr] template that can potentially resolve to multiple addresses. - - `http`, `https` and `grpc` all support binding to a Unix domain socket. A - socket can be specified in the form `unix:///path/to/socket`. A new domain - socket will be created at the given path. If the specified file path already - exists, Consul will attempt to clear the file and create the domain socket - in its place. The permissions of the socket file are tunable via the - [`unix_sockets` config construct](#unix_sockets). - - When running Consul agent commands against Unix socket interfaces, use the - `-http-addr` argument to specify the path to the socket. You can also place - the desired values in the `CONSUL_HTTP_ADDR` environment variable. - - For TCP addresses, the environment variable value should be an IP address - _with the port_. For example: `10.0.0.1:8500` and not `10.0.0.1`. However, - ports are set separately in the [`ports`](#ports) structure when - defining them in a configuration file. - - The following keys are valid: - - - `dns` - The DNS server. Defaults to `client_addr` - - `http` - The HTTP API. Defaults to `client_addr` - - `https` - The HTTPS API. Defaults to `client_addr` - - `grpc` - The gRPC API. Defaults to `client_addr` - -- `advertise_addr` Equivalent to the [`-advertise` command-line flag](#_advertise). - -- `advertise_addr_ipv4` This was added together with [`advertise_addr_ipv6`](#advertise_addr_ipv6) to support dual stack IPv4/IPv6 environments. Using this, both IPv4 and IPv6 addresses can be specified and requested during eg service discovery. - -- `advertise_addr_ipv6` This was added together with [`advertise_addr_ipv4`](#advertise_addr_ipv4) to support dual stack IPv4/IPv6 environments. Using this, both IPv4 and IPv6 addresses can be specified and requested during eg service discovery. - -- `advertise_addr_wan` Equivalent to the [`-advertise-wan` command-line flag](#_advertise-wan). - -- `advertise_addr_wan_ipv4` This was added together with [`advertise_addr_wan_ipv6`](#advertise_addr_wan_ipv6) to support dual stack IPv4/IPv6 environments. Using this, both IPv4 and IPv6 addresses can be specified and requested during eg service discovery. - -- `advertise_addr_wan_ipv6` This was added together with [`advertise_addr_wan_ipv4`](#advertise_addr_wan_ipv4) to support dual stack IPv4/IPv6 environments. Using this, both IPv4 and IPv6 addresses can be specified and requested during eg service discovery. - -- `advertise_reconnect_timeout` This is a per-agent setting of the [`reconnect_timeout`](#reconnect_timeout) parameter. - This agent will advertise to all other nodes in the cluster that after this timeout, the node may be completely - removed from the cluster. This may only be set on client agents and if unset then other nodes will use the main - `reconnect_timeout` setting when determining when this node may be removed from the cluster. - -- `alt_domain` Equivalent to the [`-alt-domain` command-line flag](#_alt_domain) - -- `serf_lan` ((#serf_lan_bind)) Equivalent to the [`-serf-lan-bind` command-line flag](#_serf_lan_bind). - This is an IP address, not to be confused with [`ports.serf_lan`](#serf_lan_port). - -- `serf_lan_allowed_cidrs` ((#serf_lan_allowed_cidrs)) Equivalent to the [`-serf-lan-allowed-cidrs` command-line flag](#_serf_lan_allowed_cidrs). - -- `serf_wan` ((#serf_wan_bind)) Equivalent to the [`-serf-wan-bind` command-line flag](#_serf_wan_bind). - -- `serf_wan_allowed_cidrs` ((#serf_wan_allowed_cidrs)) Equivalent to the [`-serf-wan-allowed-cidrs` command-line flag](#_serf_wan_allowed_cidrs). - -- `audit` - Added in Consul 1.8, the audit object allow users to enable auditing - and configure a sink and filters for their audit logs. For more information, review the [audit log tutorial](https://learn.hashicorp.com/tutorials/consul/audit-logging). - - - - ```hcl - audit { - enabled = true - sink "My sink" { - type = "file" - format = "json" - path = "data/audit/audit.json" - delivery_guarantee = "best-effort" - rotate_duration = "24h" - rotate_max_files = 15 - rotate_bytes = 25165824 - } - } - ``` - - ```json - { - "audit": { - "enabled": true, - "sink": { - "My sink": { - "type": "file", - "format": "json", - "path": "data/audit/audit.json", - "delivery_guarantee": "best-effort", - "rotate_duration": "24h", - "rotate_max_files": 15, - "rotate_bytes": 25165824 - } - } - } - } - ``` - - - - The following sub-keys are available: - - - `enabled` - Controls whether Consul logs out each time a user - performs an operation. ACLs must be enabled to use this feature. Defaults to `false`. - - - `sink` - This object provides configuration for the destination to which - Consul will log auditing events. Sink is an object containing keys to sink objects, where the key is the name of the sink. - - - `type` - Type specifies what kind of sink this is. - The following keys are valid: - - `file` - Currently only file sinks are available, they take the following keys. - - `format` - Format specifies what format the events will - be emitted with. - The following keys are valid: - - `json` - Currently only json events are offered. - - `path` - The directory and filename to write audit events to. - - `delivery_guarantee` - Specifies - the rules governing how audit events are written. - The following keys are valid: - - `best-effort` - Consul only supports `best-effort` event delivery. - - `mode` - The permissions to set on the audit log files. - - `rotate_duration` - Specifies the - interval by which the system rotates to a new log file. At least one of `rotate_duration` or `rotate_bytes` - must be configured to enable audit logging. - - `rotate_max_files` - Defines the - limit that Consul should follow before it deletes old log files. - - `rotate_bytes` - Specifies how large an - individual log file can grow before Consul rotates to a new file. At least one of `rotate_bytes` or - `rotate_duration` must be configured to enable audit logging. - -- `autopilot` Added in Consul 0.8, this object allows a - number of sub-keys to be set which can configure operator-friendly settings for - Consul servers. When these keys are provided as configuration, they will only be - respected on bootstrapping. If they are not provided, the defaults will be used. - In order to change the value of these options after bootstrapping, you will need - to use the [Consul Operator Autopilot](/commands/operator/autopilot) - command. For more information about Autopilot, review the [Autopilot tutorial](https://learn.hashicorp.com/tutorials/consul/autopilot-datacenter-operations). - - The following sub-keys are available: - - - `cleanup_dead_servers` - This controls the - automatic removal of dead server nodes periodically and whenever a new server - is added to the cluster. Defaults to `true`. - - - `last_contact_threshold` - Controls the - maximum amount of time a server can go without contact from the leader before - being considered unhealthy. Must be a duration value such as `10s`. Defaults - to `200ms`. - - - `max_trailing_logs` - Controls the maximum number - of log entries that a server can trail the leader by before being considered - unhealthy. Defaults to 250. - - - `min_quorum` - Sets the minimum number of servers necessary - in a cluster. Autopilot will stop pruning dead servers when this minimum is reached. There is no default. - - - `server_stabilization_time` - Controls - the minimum amount of time a server must be stable in the 'healthy' state before - being added to the cluster. Only takes effect if all servers are running Raft - protocol version 3 or higher. Must be a duration value such as `30s`. Defaults - to `10s`. - - - `redundancy_zone_tag` - - This controls the [`-node-meta`](#_node_meta) key to use when Autopilot is separating - servers into zones for redundancy. Only one server in each zone can be a voting - member at one time. If left blank (the default), this feature will be disabled. - - - `disable_upgrade_migration` - - If set to `true`, this setting will disable Autopilot's upgrade migration strategy - in Consul Enterprise of waiting until enough newer-versioned servers have been - added to the cluster before promoting any of them to voters. Defaults to `false`. - - - `upgrade_version_tag` - - The node_meta tag to use for version info when performing upgrade migrations. - If this is not set, the Consul version will be used. - -- `auto_config` This object allows setting options for the `auto_config` feature. - - The following sub-keys are available: - - - `enabled` (Defaults to `false`) This option enables `auto_config` on a client - agent. When starting up but before joining the cluster, the client agent will - make an RPC to the configured server addresses to request configuration settings, - such as its `agent` ACL token, TLS certificates, Gossip encryption key as well - as other configuration settings. These configurations get merged in as defaults - with any user-supplied configuration on the client agent able to override them. - The initial RPC uses a JWT specified with either `intro_token`, - `intro_token_file` or the `CONSUL_INTRO_TOKEN` environment variable to authorize - the request. How the JWT token is verified is controlled by the `auto_config.authorizer` - object available for use on Consul servers. Enabling this option also turns - on Connect because it is vital for `auto_config`, more specifically the CA - and certificates infrastructure. - - ~> **Warning:** Enabling `auto_config` conflicts with the [`auto_encrypt.tls`](#tls) feature. - Only one option may be specified. - - - `intro_token` (Defaults to `""`) This specifies the JWT to use for the initial - `auto_config` RPC to the Consul servers. This can be overridden with the - `CONSUL_INTRO_TOKEN` environment variable - - - `intro_token_file` (Defaults to `""`) This specifies a file containing the JWT - to use for the initial `auto_config` RPC to the Consul servers. This token - from this file is only loaded if the `intro_token` configuration is unset as - well as the `CONSUL_INTRO_TOKEN` environment variable - - - `server_addresses` (Defaults to `[]`) This specifies the addresses of servers in - the local datacenter to use for the initial RPC. These addresses support - [Cloud Auto-Joining](#cloud-auto-joining) and can optionally include a port to - use when making the outbound connection. If not port is provided the `server_port` - will be used. - - - `dns_sans` (Defaults to `[]`) This is a list of extra DNS SANs to request in the - client agent's TLS certificate. The `localhost` DNS SAN is always requested. - - - `ip_sans` (Defaults to `[]`) This is a list of extra IP SANs to request in the - client agent's TLS certificate. The `::1` and `127.0.0.1` IP SANs are always requested. - - - `authorization` This object controls how a Consul server will authorize `auto_config` - requests and in particular how to verify the JWT intro token. - - - `enabled` (Defaults to `false`) This option enables `auto_config` authorization - capabilities on the server. - - - `static` This object controls configuring the static authorizer setup in the Consul - configuration file. Almost all sub-keys are identical to those provided by the [JWT - Auth Method](/docs/security/acl/auth-methods/jwt). - - - `jwt_validation_pub_keys` (Defaults to `[]`) A list of PEM-encoded public keys - to use to authenticate signatures locally. - - Exactly one of `jwks_url` `jwt_validation_pub_keys`, or `oidc_discovery_url` is required. - - - `oidc_discovery_url` (Defaults to `""`) The OIDC Discovery URL, without any - .well-known component (base path). - - Exactly one of `jwks_url` `jwt_validation_pub_keys`, or `oidc_discovery_url` is required. - - - `oidc_discovery_ca_cert` (Defaults to `""`) PEM encoded CA cert for use by the TLS - client used to talk with the OIDC Discovery URL. NOTE: Every line must end - with a newline (`\n`). If not set, system certificates are used. - - - `jwks_url` (Defaults to `""`) The JWKS URL to use to authenticate signatures. - - Exactly one of `jwks_url` `jwt_validation_pub_keys`, or `oidc_discovery_url` is required. - - - `jwks_ca_cert` (Defaults to `""`) PEM encoded CA cert for use by the TLS client - used to talk with the JWKS URL. NOTE: Every line must end with a newline - (`\n`). If not set, system certificates are used. - - - `claim_mappings` (Defaults to `(map[string]string)` Mappings of claims (key) that - will be copied to a metadata field (value). Use this if the claim you are capturing - is singular (such as an attribute). - - When mapped, the values can be any of a number, string, or boolean and will - all be stringified when returned. - - - `list_claim_mappings` (Defaults to `(map[string]string)`) Mappings of claims (key) - will be copied to a metadata field (value). Use this if the claim you are capturing - is list-like (such as groups). - - When mapped, the values in each list can be any of a number, string, or - boolean and will all be stringified when returned. - - - `jwt_supported_algs` (Defaults to `["RS256"]`) JWTSupportedAlgs is a list of - supported signing algorithms. - - - `bound_audiences` (Defaults to `[]`) List of `aud` claims that are valid for - login; any match is sufficient. - - - `bound_issuer` (Defaults to `""`) The value against which to match the `iss` - claim in a JWT. - - - `expiration_leeway` (Defaults to `"0s"`) Duration of leeway when - validating expiration of a token to account for clock skew. Defaults to 150s - (2.5 minutes) if set to 0s and can be disabled if set to -1ns. - - - `not_before_leeway` (Defaults to `"0s"`) Duration of leeway when - validating not before values of a token to account for clock skew. Defaults - to 150s (2.5 minutes) if set to 0s and can be disabled if set to -1. - - - `clock_skew_leeway` (Defaults to `"0s"`) Duration of leeway when - validating all claims to account for clock skew. Defaults to 60s (1 minute) - if set to 0s and can be disabled if set to -1ns. - - - `claim_assertions` (Defaults to `[]`) List of assertions about the mapped - claims required to authorize the incoming RPC request. The syntax uses - [github.com/hashicorp/go-bexpr](https://github.com/hashicorp/go-bexpr) which is shared with the - [API filtering feature](/api-docs/features/filtering). For example, the following - configurations when combined will ensure that the JWT `sub` matches the node - name requested by the client. - - - - ```hcl - claim_mappings { - sub = "node_name" - } - claim_assertions = [ - "value.node_name == \"${node}\"" - ] - ``` - - ```json - { - "claim_mappings": { - "sub": "node_name" - }, - "claim_assertions": ["value.node_name == \"${node}\""] - } - ``` - - - - The assertions are lightly templated using [HIL syntax](https://github.com/hashicorp/hil) - to interpolate some values from the RPC request. The list of variables that can be interpolated - are: - - - `node` - The node name the client agent is requesting. - - - `segment` - The network segment name the client is requesting. - - - `partition` - The admin partition name the client is requesting. - -- `auto_encrypt` This object allows setting options for the `auto_encrypt` feature. - - The following sub-keys are available: - - - `allow_tls` (Defaults to `false`) This option enables - `auto_encrypt` on the servers and allows them to automatically distribute certificates - from the Connect CA to the clients. If enabled, the server can accept incoming - connections from both the built-in CA and the Connect CA, as well as their certificates. - Note, the server will only present the built-in CA and certificate, which the - client can verify using the CA it received from `auto_encrypt` endpoint. If disabled, - a client configured with `auto_encrypt.tls` will be unable to start. - - - `tls` (Defaults to `false`) Allows the client to request the - Connect CA and certificates from the servers, for encrypting RPC communication. - The client will make the request to any servers listed in the `-join` or `-retry-join` - option. This requires that every server to have `auto_encrypt.allow_tls` enabled. - When both `auto_encrypt` options are used, it allows clients to receive certificates - that are generated on the servers. If the `-server-port` is not the default one, - it has to be provided to the client as well. Usually this is discovered through - LAN gossip, but `auto_encrypt` provision happens before the information can be - distributed through gossip. The most secure `auto_encrypt` setup is when the - client is provided with the built-in CA, `verify_server_hostname` is turned on, - and when an ACL token with `node.write` permissions is setup. It is also possible - to use `auto_encrypt` with a CA and ACL, but without `verify_server_hostname`, - or only with a ACL enabled, or only with CA and `verify_server_hostname`, or - only with a CA, or finally without a CA and without ACL enabled. In any case, - the communication to the `auto_encrypt` endpoint is always TLS encrypted. - - ~> **Warning:** Enabling `auto_encrypt.tls` conflicts with the [`auto_config`](#auto_config) feature. - Only one option may be specified. - - - `dns_san` (Defaults to `[]`) When this option is being - used, the certificates requested by `auto_encrypt` from the server have these - `dns_san` set as DNS SAN. - - - `ip_san` (Defaults to `[]`) When this option is being used, - the certificates requested by `auto_encrypt` from the server have these `ip_san` - set as IP SAN. - -- `bootstrap` Equivalent to the [`-bootstrap` command-line flag](#_bootstrap). - -- `bootstrap_expect` Equivalent to the [`-bootstrap-expect` command-line flag](#_bootstrap_expect). - -- `bind_addr` Equivalent to the [`-bind` command-line flag](#_bind). - - This parameter can be set to a go-sockaddr template that resolves to a single - address. Special characters such as backslashes `\` or double quotes `"` - within a double quoted string value must be escaped with a backslash `\`. - Some example templates: - - - -```hcl -bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr \"address\" }}" -``` - -```json -{ - "bind_addr": "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr \"address\" }}" -} -``` - - - -- `cache` configuration for client agents. The configurable values are the following: - - - `entry_fetch_max_burst` The size of the token bucket used to recharge the rate-limit per - cache entry. The default value is 2 and means that when cache has not been updated - for a long time, 2 successive queries can be made as long as the rate-limit is not - reached. - - - `entry_fetch_rate` configures the rate-limit at which the cache may refresh a single - entry. On a cluster with many changes/s, watching changes in the cache might put high - pressure on the servers. This ensures the number of requests for a single cache entry - will never go beyond this limit, even when a given service changes every 1/100s. - Since this is a per cache entry limit, having a highly unstable service will only rate - limit the watched on this service, but not the other services/entries. - The value is strictly positive, expressed in queries per second as a float, - 1 means 1 query per second, 0.1 mean 1 request every 10s maximum. - The default value is "No limit" and should be tuned on large - clusters to avoid performing too many RPCs on entries changing a lot. - -- `check_update_interval` ((#check_update_interval)) - This interval controls how often check output from checks in a steady state is - synchronized with the server. By default, this is set to 5 minutes ("5m"). Many - checks which are in a steady state produce slightly different output per run (timestamps, - etc) which cause constant writes. This configuration allows deferring the sync - of check output for a given interval to reduce write pressure. If a check ever - changes state, the new state and associated output is synchronized immediately. - To disable this behavior, set the value to "0s". - -- `client_addr` Equivalent to the [`-client` command-line flag](#_client). - -- `config_entries` This object allows setting options for centralized config entries. - - The following sub-keys are available: - - - `bootstrap` ((#config_entries_bootstrap)) - This is a list of inlined config entries to insert into the state store when - the Consul server gains leadership. This option is only applicable to server - nodes. Each bootstrap entry will be created only if it does not exist. When reloading, - any new entries that have been added to the configuration will be processed. - See the [configuration entry docs](/docs/agent/config-entries) for more - details about the contents of each entry. - -- `connect` This object allows setting options for the Connect feature. - - The following sub-keys are available: - - - `enabled` ((#connect_enabled)) Controls whether Connect features are - enabled on this agent. Should be enabled on all servers in the cluster - in order for Connect to function properly. Defaults to false. - - - `enable_mesh_gateway_wan_federation` ((#connect_enable_mesh_gateway_wan_federation)) Controls whether cross-datacenter federation traffic between servers is funneled - through mesh gateways. Defaults to false. This was added in Consul 1.8.0. - - - `ca_provider` ((#connect_ca_provider)) Controls which CA provider to - use for Connect's CA. Currently only the `aws-pca`, `consul`, and `vault` providers are supported. - This is only used when initially bootstrapping the cluster. For an existing cluster, - use the [Update CA Configuration Endpoint](/api-docs/connect/ca#update-ca-configuration). - - - `ca_config` ((#connect_ca_config)) An object which allows setting different - config options based on the CA provider chosen. This is only used when initially - bootstrapping the cluster. For an existing cluster, use the [Update CA Configuration - Endpoint](/api-docs/connect/ca#update-ca-configuration). - - The following providers are supported: - - #### AWS ACM Private CA Provider (`ca_provider = "aws-pca"`) - - - `existing_arn` ((#aws_ca_existing_arn)) The Amazon Resource Name (ARN) of - an existing private CA in your ACM account. If specified, Consul will - attempt to use the existing CA to issue certificates. - - #### Consul CA Provider (`ca_provider = "consul"`) - - - `private_key` ((#consul_ca_private_key)) The PEM contents of the - private key to use for the CA. - - - `root_cert` ((#consul_ca_root_cert)) The PEM contents of the root - certificate to use for the CA. - - #### Vault CA Provider (`ca_provider = "vault"`) - - - `address` ((#vault_ca_address)) The address of the Vault server to - connect to. - - - `token` ((#vault_ca_token)) The Vault token to use. In Consul 1.8.5 and later, if - the token has the [renewable](https://www.vaultproject.io/api-docs/auth/token#renewable) - flag set, Consul will attempt to renew its lease periodically after half the - duration has expired. - - - `root_pki_path` ((#vault_ca_root_pki)) The path to use for the root - CA pki backend in Vault. This can be an existing backend with a CA already - configured, or a blank/unmounted backend in which case Connect will automatically - mount/generate the CA. The Vault token given above must have `sudo` access - to this backend, as well as permission to mount the backend at this path if - it is not already mounted. - - - `intermediate_pki_path` ((#vault_ca_intermediate_pki)) - The path to use for the temporary intermediate CA pki backend in Vault. **Connect - will overwrite any data at this path in order to generate a temporary intermediate - CA**. The Vault token given above must have `write` access to this backend, - as well as permission to mount the backend at this path if it is not already - mounted. - - - `auth_method` ((#vault_ca_auth_method)) - Vault auth method to use for logging in to Vault. - Please see [Vault Auth Methods](https://www.vaultproject.io/docs/auth) for more information - on how to configure individual auth methods. If auth method is provided, Consul will obtain a - new token from Vault when the token can no longer be renewed. - - - `type` The type of Vault auth method. - - - `mount_path` The mount path of the auth method. - If not provided the auth method type will be used as the mount path. - - - `params` The parameters to configure the auth method. - Please see [Vault Auth Methods](https://www.vaultproject.io/docs/auth) for information on how - to configure the auth method you wish to use. If using the Kubernetes auth method, Consul will - read the service account token from the default mount path `/var/run/secrets/kubernetes.io/serviceaccount/token` - if the `jwt` parameter is not provided. - -#### Common CA Config Options - -There are also a number of common configuration options supported by all providers: - - - `csr_max_concurrent` ((#ca_csr_max_concurrent)) Sets a limit on the number - of Certificate Signing Requests that can be processed concurrently. Defaults - to 0 (disabled). This is useful when you want to limit the number of CPU cores - available to the server for certificate signing operations. For example, on an - 8 core server, setting this to 1 will ensure that no more than one CPU core - will be consumed when generating or rotating certificates. Setting this is - recommended **instead** of `csr_max_per_second` when you want to limit the - number of cores consumed since it is simpler to reason about limiting CSR - resources this way without artificially slowing down rotations. Added in 1.4.1. - - - `csr_max_per_second` ((#ca_csr_max_per_second)) Sets a rate limit - on the maximum number of Certificate Signing Requests (CSRs) the servers will - accept. This is used to prevent CA rotation from causing unbounded CPU usage - on servers. It defaults to 50 which is conservative – a 2017 Macbook can process - about 100 per second using only ~40% of one CPU core – but sufficient for deployments - up to ~1500 service instances before the time it takes to rotate is impacted. - For larger deployments we recommend increasing this based on the expected number - of server instances and server resources, or use `csr_max_concurrent` instead - if servers have more than one CPU core. Setting this to zero disables rate limiting. - Added in 1.4.1. - - - `leaf_cert_ttl` ((#ca_leaf_cert_ttl)) Specifies the upper bound on the expiry - of a leaf certificate issued for a service. In most cases a new leaf - certificate will be requested by a proxy before this limit is reached. This - is also the effective limit on how long a server outage can last (with no leader) - before network connections will start being rejected. Defaults to `72h`. - - You can specify a range from one hour (minimum) up to one year (maximum) using - the following units: `h`, `m`, `s`, `ms`, `us` (or `µs`), `ns`, or a combination - of those units, e.g. `1h5m`. - - This value is also used when rotating out old root certificates from - the cluster. When a root certificate has been inactive (rotated out) - for more than twice the _current_ `leaf_cert_ttl`, it will be removed - from the trusted list. - - - `intermediate_cert_ttl` ((#ca_intermediate_cert_ttl)) Specifies the expiry for the - intermediate certificates. Defaults to `8760h` (1 year). Must be at least 3 times `leaf_cert_ttl`. - - - `root_cert_ttl` ((#ca_root_cert_ttl)) Specifies the expiry for a root certificate. - Defaults to 10 years as `87600h`. This value, if provided, needs to be higher than the - intermediate certificate TTL. - - This setting applies to all Consul CA providers. - - For the Vault provider, this value is only used if the backend is not initialized at first. - - This value is also applied on the `ca set-config` command. - - - `private_key_type` ((#ca_private_key_type)) The type of key to generate - for this CA. This is only used when the provider is generating a new key. If - `private_key` is set for the Consul provider, or existing root or intermediate - PKI paths given for Vault then this will be ignored. Currently supported options - are `ec` or `rsa`. Default is `ec`. - - It is required that all servers in a datacenter have - the same config for the CA. It is recommended that servers in - different datacenters use the same key type and size, - although the built-in CA and Vault provider will both allow mixed CA - key types. - - Some CA providers (currently Vault) will not allow cross-signing a - new CA certificate with a different key type. This means that if you - migrate from an RSA-keyed Vault CA to an EC-keyed CA from any - provider, you may have to proceed without cross-signing which risks - temporary connection issues for workloads during the new certificate - rollout. We highly recommend testing this outside of production to - understand the impact and suggest sticking to same key type where - possible. - - Note that this only affects _CA_ keys generated by the provider. - Leaf certificate keys are always EC 256 regardless of the CA - configuration. - - - `private_key_bits` ((#ca_private_key_bits)) The length of key to - generate for this CA. This is only used when the provider is generating a new - key. If `private_key` is set for the Consul provider, or existing root or intermediate - PKI paths given for Vault then this will be ignored. - - Currently supported values are: - - - `private_key_type = ec` (default): `224, 256, 384, 521` - corresponding to the NIST P-\* curves of the same name. - - `private_key_type = rsa`: `2048, 4096` - -- `datacenter` Equivalent to the [`-datacenter` command-line flag](#_datacenter). - -- `data_dir` Equivalent to the [`-data-dir` command-line flag](#_data_dir). - -- `disable_anonymous_signature` Disables providing an anonymous - signature for de-duplication with the update check. See [`disable_update_check`](#disable_update_check). - -- `disable_host_node_id` Equivalent to the [`-disable-host-node-id` command-line flag](#_disable_host_node_id). - -- `disable_http_unprintable_char_filter` Defaults to false. Consul 1.0.3 fixed a potential security vulnerability where malicious users could craft KV keys with unprintable chars that would confuse operators using the CLI or UI into taking wrong actions. Users who had data written in older versions of Consul that did not have this restriction will be unable to delete those values by default in 1.0.3 or later. This setting enables those users to **temporarily** disable the filter such that delete operations can work on those keys again to get back to a healthy state. It is strongly recommended that this filter is not disabled permanently as it exposes the original security vulnerability. - -- `disable_remote_exec` Disables support for remote execution. When set to true, the agent will ignore - any incoming remote exec requests. In versions of Consul prior to 0.8, this defaulted - to false. In Consul 0.8 the default was changed to true, to make remote exec opt-in - instead of opt-out. - -- `disable_update_check` Disables automatic checking for security bulletins and new version releases. This is disabled in Consul Enterprise. - -- `discard_check_output` Discards the output of health checks before storing them. This reduces the number of writes to the Consul raft log in environments where health checks have volatile output like timestamps, process ids, ... - -- `discovery_max_stale` - Enables stale requests for all service discovery HTTP endpoints. This is - equivalent to the [`max_stale`](#max_stale) configuration for DNS requests. If this value is zero (default), all service discovery HTTP endpoints are forwarded to the leader. If this value is greater than zero, any Consul server can handle the service discovery request. If a Consul server is behind the leader by more than `discovery_max_stale`, the query will be re-evaluated on the leader to get more up-to-date results. Consul agents also add a new `X-Consul-Effective-Consistency` response header which indicates if the agent did a stale read. `discover-max-stale` was introduced in Consul 1.0.7 as a way for Consul operators to force stale requests from clients at the agent level, and defaults to zero which matches default consistency behavior in earlier Consul versions. - -- `dns_config` This object allows a number of sub-keys - to be set which can tune how DNS queries are serviced. Check the tutorial on [DNS caching](https://learn.hashicorp.com/tutorials/consul/dns-caching) for more detail. - - The following sub-keys are available: - - - `allow_stale` - Enables a stale query for DNS information. - This allows any Consul server, rather than only the leader, to service the request. - The advantage of this is you get linear read scalability with Consul servers. - In versions of Consul prior to 0.7, this defaulted to false, meaning all requests - are serviced by the leader, providing stronger consistency but less throughput - and higher latency. In Consul 0.7 and later, this defaults to true for better - utilization of available servers. - - - `max_stale` - When [`allow_stale`](#allow_stale) is - specified, this is used to limit how stale results are allowed to be. If a Consul - server is behind the leader by more than `max_stale`, the query will be re-evaluated - on the leader to get more up-to-date results. Prior to Consul 0.7.1 this defaulted - to 5 seconds; in Consul 0.7.1 and later this defaults to 10 years ("87600h") - which effectively allows DNS queries to be answered by any server, no matter - how stale. In practice, servers are usually only milliseconds behind the leader, - so this lets Consul continue serving requests in long outage scenarios where - no leader can be elected. - - - `node_ttl` - By default, this is "0s", so all node lookups - are served with a 0 TTL value. DNS caching for node lookups can be enabled by - setting this value. This should be specified with the "s" suffix for second or - "m" for minute. - - - `service_ttl` - This is a sub-object which allows - for setting a TTL on service lookups with a per-service policy. The "\*" wildcard - service can be used when there is no specific policy available for a service. - By default, all services are served with a 0 TTL value. DNS caching for service - lookups can be enabled by setting this value. - - - `enable_truncate` - If set to true, a UDP DNS - query that would return more than 3 records, or more than would fit into a valid - UDP response, will set the truncated flag, indicating to clients that they should - re-query using TCP to get the full set of records. - - - `only_passing` - If set to true, any nodes whose - health checks are warning or critical will be excluded from DNS results. If false, - the default, only nodes whose health checks are failing as critical will be excluded. - For service lookups, the health checks of the node itself, as well as the service-specific - checks are considered. For example, if a node has a health check that is critical - then all services on that node will be excluded because they are also considered - critical. - - - `recursor_strategy` - If set to `sequential`, Consul will query recursors in the - order listed in the [`recursors`](#recursors) option. If set to `random`, - Consul will query an upstream DNS resolvers in a random order. Defaults to - `sequential`. - - - `recursor_timeout` - Timeout used by Consul when - recursively querying an upstream DNS server. See [`recursors`](#recursors) for more details. Default is 2s. This is available in Consul 0.7 and later. - - - `disable_compression` - If set to true, DNS - responses will not be compressed. Compression was added and enabled by default - in Consul 0.7. - - - `udp_answer_limit` - Limit the number of resource - records contained in the answer section of a UDP-based DNS response. This parameter - applies only to UDP DNS queries that are less than 512 bytes. This setting is - deprecated and replaced in Consul 1.0.7 by [`a_record_limit`](#a_record_limit). - - - `a_record_limit` - Limit the number of resource - records contained in the answer section of a A, AAAA or ANY DNS response (both - TCP and UDP). When answering a question, Consul will use the complete list of - matching hosts, shuffle the list randomly, and then limit the number of answers - to `a_record_limit` (default: no limit). This limit does not apply to SRV records. - - In environments where [RFC 3484 Section 6](https://tools.ietf.org/html/rfc3484#section-6) Rule 9 - is implemented and enforced (i.e. DNS answers are always sorted and - therefore never random), clients may need to set this value to `1` to - preserve the expected randomized distribution behavior (note: - [RFC 3484](https://tools.ietf.org/html/rfc3484) has been obsoleted by - [RFC 6724](https://tools.ietf.org/html/rfc6724) and as a result it should - be increasingly uncommon to need to change this value with modern - resolvers). - - - `enable_additional_node_meta_txt` - When set to true, Consul - will add TXT records for Node metadata into the Additional section of the DNS responses for several query types such as SRV queries. When set to false those records are not emitted. This does not impact the behavior of those same TXT records when they would be added to the Answer section of the response like when querying with type TXT or ANY. This defaults to true. - - - `soa` Allow to tune the setting set up in SOA. Non specified - values fallback to their default values, all values are integers and expressed - as seconds. - - The following settings are available: - - - `expire` ((#soa_expire)) - Configure SOA Expire duration in seconds, - default value is 86400, ie: 24 hours. - - - `min_ttl` ((#soa_min_ttl)) - Configure SOA DNS minimum TTL. As explained - in [RFC-2308](https://tools.ietf.org/html/rfc2308) this also controls negative - cache TTL in most implementations. Default value is 0, ie: no minimum delay - or negative TTL. - - - `refresh` ((#soa_refresh)) - Configure SOA Refresh duration in seconds, - default value is `3600`, ie: 1 hour. - - - `retry` ((#soa_retry)) - Configures the Retry duration expressed - in seconds, default value is 600, ie: 10 minutes. - - - `use_cache` ((#dns_use_cache)) - When set to true, DNS resolution will - use the agent cache described in [agent caching](/api-docs/features/caching). - This setting affects all service and prepared queries DNS requests. Implies [`allow_stale`](#allow_stale) - - - `cache_max_age` ((#dns_cache_max_age)) - When [use_cache](#dns_use_cache) - is enabled, the agent will attempt to re-fetch the result from the servers if - the cached value is older than this duration. See: [agent caching](/api-docs/features/caching). - - **Note** that unlike the `max-age` HTTP header, a value of 0 for this field is - equivalent to "no max age". To get a fresh value from the cache use a very small value - of `1ns` instead of 0. - - - `prefer_namespace` ((#dns_prefer_namespace)) **Deprecated in - Consul 1.11. Use the [canonical DNS format](/docs/discovery/dns#namespaced-partitioned-services) instead.** - - When set to true, in a DNS query for a service, the label between the domain - and the `service` label will be treated as a namespace name instead of a datacenter. - When set to false, the default, the behavior will be the same as non-Enterprise - versions and will assume the label is the datacenter. See: [this section](/docs/discovery/dns#namespaced-services) - for more details. - -- `domain` Equivalent to the [`-domain` command-line flag](#_domain). - -- `enable_acl_replication` **Deprecated in Consul 1.11. Use the [`acl.enable_token_replication`](#acl_enable_token_replication) field instead.** - When set on a Consul server, enables ACL replication without having to set - the replication token via [`acl_replication_token`](#acl_replication_token). Instead, enable ACL replication - and then introduce the token using the [agent token API](/api-docs/agent#update-acl-tokens) on each server. - See [`acl_replication_token`](#acl_replication_token) for more details. - - ~> **Warning:** When enabling ACL token replication on the secondary datacenter, - policies and roles already present in the secondary datacenter will be lost. For - production environments, consider configuring ACL replication in your initial - datacenter bootstrapping process. - -- `enable_agent_tls_for_checks` When set, uses a subset of the agent's TLS configuration (`key_file`, - `cert_file`, `ca_file`, `ca_path`, and `server_name`) to set up the client for HTTP or gRPC health checks. This allows services requiring 2-way TLS to be checked using the agent's credentials. This was added in Consul 1.0.1 and defaults to false. - -- `enable_central_service_config` When set, the Consul agent will look for any - [centralized service configuration](/docs/agent/config-entries) - that match a registering service instance. If it finds any, the agent will merge the centralized defaults with the service instance configuration. This allows for things like service protocol or proxy configuration to be defined centrally and inherited by any affected service registrations. - This defaults to `false` in versions of Consul prior to 1.9.0, and defaults to `true` in Consul 1.9.0 and later. - -- `enable_debug` When set, enables some additional debugging features. Currently, this is only used to - access runtime profiling HTTP endpoints, which are available with an `operator:read` ACL regardless of the value of `enable_debug`. - -- `enable_script_checks` Equivalent to the [`-enable-script-checks` command-line flag](#_enable_script_checks). - - ACLs must be enabled for agents and the `enable_script_checks` option must be set to `true` to enable script checks in Consul 0.9.0 and later. See [Registering and Querying Node Information](/docs/security/acl/acl-rules#registering-and-querying-node-information) for related information. - - ~> **Security Warning:** Enabling script checks in some configurations may introduce a known remote execution vulnerability targeted by malware. We strongly recommend `enable_local_script_checks` instead. Refer to the following article for additional guidance: [_Protecting Consul from RCE Risk in Specific Configurations_](https://www.hashicorp.com/blog/protecting-consul-from-rce-risk-in-specific-configurations) - for more details. - -- `enable_local_script_checks` Equivalent to the [`-enable-local-script-checks` command-line flag](#_enable_local_script_checks). - -- `enable_syslog` Equivalent to the [`-syslog` command-line flag](#_syslog). - -- `encrypt` Equivalent to the [`-encrypt` command-line flag](#_encrypt). - -- `encrypt_verify_incoming` - This is an optional - parameter that can be used to disable enforcing encryption for incoming gossip - in order to upshift from unencrypted to encrypted gossip on a running cluster. - See [this section](/docs/security/encryption#configuring-gossip-encryption-on-an-existing-cluster) - for more information. Defaults to true. - -- `encrypt_verify_outgoing` - This is an optional - parameter that can be used to disable enforcing encryption for outgoing gossip - in order to upshift from unencrypted to encrypted gossip on a running cluster. - See [this section](/docs/security/encryption#configuring-gossip-encryption-on-an-existing-cluster) - for more information. Defaults to true. - -- `disable_keyring_file` - Equivalent to the - [`-disable-keyring-file` command-line flag](#_disable_keyring_file). - -- `disable_coordinates` - Disables sending of [network coordinates](/docs/architecture/coordinates). - When network coordinates are disabled the `near` query param will not work to sort the nodes, - and the [`consul rtt`](/commands/rtt) command will not be able to provide round trip time between nodes. - -- `gossip_lan` - **(Advanced)** This object contains a - number of sub-keys which can be set to tune the LAN gossip communications. These - are only provided for users running especially large clusters that need fine tuning - and are prepared to spend significant effort correctly tuning them for their environment - and workload. **Tuning these improperly can cause Consul to fail in unexpected - ways**. The default values are appropriate in almost all deployments. - - - `gossip_nodes` - The number of random nodes to send - gossip messages to per gossip_interval. Increasing this number causes the gossip - messages to propagate across the cluster more quickly at the expense of increased - bandwidth. The default is 3. - - - `gossip_interval` - The interval between sending - messages that need to be gossiped that haven't been able to piggyback on probing - messages. If this is set to zero, non-piggyback gossip is disabled. By lowering - this value (more frequent) gossip messages are propagated across the cluster - more quickly at the expense of increased bandwidth. The default is 200ms. - - - `probe_interval` - The interval between random - node probes. Setting this lower (more frequent) will cause the cluster to detect - failed nodes more quickly at the expense of increased bandwidth usage. The default - is 1s. - - - `probe_timeout` - The timeout to wait for an ack - from a probed node before assuming it is unhealthy. This should be at least the - 99-percentile of RTT (round-trip time) on your network. The default is 500ms - and is a conservative value suitable for almost all realistic deployments. - - - `retransmit_mult` - The multiplier for the number - of retransmissions that are attempted for messages broadcasted over gossip. The - number of retransmits is scaled using this multiplier and the cluster size. The - higher the multiplier, the more likely a failed broadcast is to converge at the - expense of increased bandwidth. The default is 4. - - - `suspicion_mult` - The multiplier for determining - the time an inaccessible node is considered suspect before declaring it dead. - The timeout is scaled with the cluster size and the probe_interval. This allows - the timeout to scale properly with expected propagation delay with a larger cluster - size. The higher the multiplier, the longer an inaccessible node is considered - part of the cluster before declaring it dead, giving that suspect node more time - to refute if it is indeed still alive. The default is 4. - -- `gossip_wan` - **(Advanced)** This object contains a - number of sub-keys which can be set to tune the WAN gossip communications. These - are only provided for users running especially large clusters that need fine tuning - and are prepared to spend significant effort correctly tuning them for their environment - and workload. **Tuning these improperly can cause Consul to fail in unexpected - ways**. The default values are appropriate in almost all deployments. - - - `gossip_nodes` - The number of random nodes to send - gossip messages to per gossip_interval. Increasing this number causes the gossip - messages to propagate across the cluster more quickly at the expense of increased - bandwidth. The default is 4. - - - `gossip_interval` - The interval between sending - messages that need to be gossiped that haven't been able to piggyback on probing - messages. If this is set to zero, non-piggyback gossip is disabled. By lowering - this value (more frequent) gossip messages are propagated across the cluster - more quickly at the expense of increased bandwidth. The default is 500ms. - - - `probe_interval` - The interval between random - node probes. Setting this lower (more frequent) will cause the cluster to detect - failed nodes more quickly at the expense of increased bandwidth usage. The default - is 5s. - - - `probe_timeout` - The timeout to wait for an ack - from a probed node before assuming it is unhealthy. This should be at least the - 99-percentile of RTT (round-trip time) on your network. The default is 3s - and is a conservative value suitable for almost all realistic deployments. - - - `retransmit_mult` - The multiplier for the number - of retransmissions that are attempted for messages broadcasted over gossip. The - number of retransmits is scaled using this multiplier and the cluster size. The - higher the multiplier, the more likely a failed broadcast is to converge at the - expense of increased bandwidth. The default is 4. - - - `suspicion_mult` - The multiplier for determining - the time an inaccessible node is considered suspect before declaring it dead. - The timeout is scaled with the cluster size and the probe_interval. This allows - the timeout to scale properly with expected propagation delay with a larger cluster - size. The higher the multiplier, the longer an inaccessible node is considered - part of the cluster before declaring it dead, giving that suspect node more time - to refute if it is indeed still alive. The default is 6. - -- `http_config` This object allows setting options for the HTTP API and UI. - - The following sub-keys are available: - - - `block_endpoints` - This object is a list of HTTP API endpoint prefixes to block on the agent, and - defaults to an empty list, meaning all endpoints are enabled. Any endpoint that - has a common prefix with one of the entries on this list will be blocked and - will return a 403 response code when accessed. For example, to block all of the - V1 ACL endpoints, set this to `["/v1/acl"]`, which will block `/v1/acl/create`, - `/v1/acl/update`, and the other ACL endpoints that begin with `/v1/acl`. This - only works with API endpoints, not `/ui` or `/debug`, those must be disabled - with their respective configuration options. Any CLI commands that use disabled - endpoints will no longer function as well. For more general access control, Consul's - [ACL system](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production) - should be used, but this option is useful for removing access to HTTP API endpoints - completely, or on specific agents. This is available in Consul 0.9.0 and later. - - - `response_headers` This object allows adding headers to the HTTP API and UI responses. For example, the following config can be used to enable [CORS](https://en.wikipedia.org/wiki/Cross-origin_resource_sharing) on the HTTP API endpoints: - - - - ```hcl - http_config { - response_headers { - Access-Control-Allow-Origin = "*" - } - } - ``` - - ```json - { - "http_config": { - "response_headers": { - "Access-Control-Allow-Origin": "*" - } - } - } - ``` - - - - - `allow_write_http_from` This object is a list of networks in CIDR notation (eg "127.0.0.0/8") that are allowed to call the agent write endpoints. It defaults to an empty list, which means all networks are allowed. This is used to make the agent read-only, except for select ip ranges. - To block write calls from anywhere, use `[ "255.255.255.255/32" ]`. - To only allow write calls from localhost, use `[ "127.0.0.0/8" ]` - To only allow specific IPs, use `[ "10.0.0.1/32", "10.0.0.2/32" ]` - - - `use_cache` ((#http_config_use_cache)) Defaults to true. If disabled, the agent won't be using [agent caching](/api-docs/features/caching) to answer the request. Even when the url parameter is provided. - - - `max_header_bytes` This setting controls the maximum number of bytes the consul http server will read parsing the request header's keys and values, including the request line. It does not limit the size of the request body. If zero, or negative, http.DefaultMaxHeaderBytes is used, which equates to 1 Megabyte. - -- `leave_on_terminate` If enabled, when the agent receives a TERM signal, it will send a `Leave` message to the rest of the cluster and gracefully leave. The default behavior for this feature varies based on whether or not the agent is running as a client or a server (prior to Consul 0.7 the default value was unconditionally set to `false`). On agents in client-mode, this defaults to `true` and for agents in server-mode, this defaults to `false`. - -- `license_path` This specifies the path to a file that contains the Consul Enterprise license. Alternatively the license may also be specified in either the `CONSUL_LICENSE` or `CONSUL_LICENSE_PATH` environment variables. See the [licensing documentation](/docs/enterprise/license/overview) for more information about Consul Enterprise license management. Added in versions 1.10.0, 1.9.7 and 1.8.13. Prior to version 1.10.0 the value may be set for all agents to facilitate forwards compatibility with 1.10 but will only actually be used by client agents. - -- `limits` Available in Consul 0.9.3 and later, this is a nested - object that configures limits that are enforced by the agent. Prior to Consul 1.5.2, - this only applied to agents in client mode, not Consul servers. The following parameters - are available: - - - `http_max_conns_per_client` - Configures a limit of how many concurrent TCP connections a single client IP address is allowed to open to the agent's HTTP(S) server. This affects the HTTP(S) servers in both client and server agents. Default value is `200`. - - `https_handshake_timeout` - Configures the limit for how long the HTTPS server in both client and server agents will wait for a client to complete a TLS handshake. This should be kept conservative as it limits how many connections an unauthenticated attacker can open if `verify_incoming` is being using to authenticate clients (strongly recommended in production). Default value is `5s`. - - `rpc_handshake_timeout` - Configures the limit for how long servers will wait after a client TCP connection is established before they complete the connection handshake. When TLS is used, the same timeout applies to the TLS handshake separately from the initial protocol negotiation. All Consul clients should perform this immediately on establishing a new connection. This should be kept conservative as it limits how many connections an unauthenticated attacker can open if `verify_incoming` is being using to authenticate clients (strongly recommended in production). When `verify_incoming` is true on servers, this limits how long the connection socket and associated goroutines will be held open before the client successfully authenticates. Default value is `5s`. - - `rpc_max_conns_per_client` - Configures a limit of how many concurrent TCP connections a single source IP address is allowed to open to a single server. It affects both clients connections and other server connections. In general Consul clients multiplex many RPC calls over a single TCP connection so this can typically be kept low. It needs to be more than one though since servers open at least one additional connection for raft RPC, possibly more for WAN federation when using network areas, and snapshot requests from clients run over a separate TCP conn. A reasonably low limit significantly reduces the ability of an unauthenticated attacker to consume unbounded resources by holding open many connections. You may need to increase this if WAN federated servers connect via proxies or NAT gateways or similar causing many legitimate connections from a single source IP. Default value is `100` which is designed to be extremely conservative to limit issues with certain deployment patterns. Most deployments can probably reduce this safely. 100 connections on modern server hardware should not cause a significant impact on resource usage from an unauthenticated attacker though. - - `rpc_rate` - Configures the RPC rate limiter on Consul _clients_ by setting the maximum request rate that this agent is allowed to make for RPC requests to Consul servers, in requests per second. Defaults to infinite, which disables rate limiting. - - `rpc_max_burst` - The size of the token bucket used to recharge the RPC rate limiter on Consul _clients_. Defaults to 1000 tokens, and each token is good for a single RPC call to a Consul server. See https://en.wikipedia.org/wiki/Token_bucket for more details about how token bucket rate limiters operate. - - `kv_max_value_size` - **(Advanced)** Configures the maximum number of bytes for a kv request body to the [`/v1/kv`](/api-docs/kv) endpoint. This limit defaults to [raft's](https://github.com/hashicorp/raft) suggested max size (512KB). **Note that tuning these improperly can cause Consul to fail in unexpected ways**, it may potentially affect leadership stability and prevent timely heartbeat signals by increasing RPC IO duration. This option affects the txn endpoint too, but Consul 1.7.2 introduced `txn_max_req_len` which is the preferred way to set the limit for the txn endpoint. If both limits are set, the higher one takes precedence. - - `txn_max_req_len` - **(Advanced)** Configures the maximum number of bytes for a transaction request body to the [`/v1/txn`](/api-docs/txn) endpoint. This limit defaults to [raft's](https://github.com/hashicorp/raft) suggested max size (512KB). **Note that tuning these improperly can cause Consul to fail in unexpected ways**, it may potentially affect leadership stability and prevent timely heartbeat signals by increasing RPC IO duration. - -- `log_file` Equivalent to the [`-log-file` command-line flag](#_log_file). - -- `log_rotate_duration` Equivalent to the [`-log-rotate-duration` command-line flag](#_log_rotate_duration). - -- `log_rotate_bytes` Equivalent to the [`-log-rotate-bytes` command-line flag](#_log_rotate_bytes). - -- `log_rotate_max_files` Equivalent to the [`-log-rotate-max-files` command-line flag](#_log_rotate_max_files). - -- `log_level` Equivalent to the [`-log-level` command-line flag](#_log_level). - -- `auto-reload-config` Equivalent to the [`-auto-reload-config` command-line flag](#_auto_reload_config). - -- `log_json` Equivalent to the [`-log-json` command-line flag](#_log_json). - -- `default_query_time` Equivalent to the [`-default-query-time` command-line flag](#_default_query_time). - -- `max_query_time` Equivalent to the [`-max-query-time` command-line flag](#_max_query_time). - -- `node_id` Equivalent to the [`-node-id` command-line flag](#_node_id). - -- `node_name` Equivalent to the [`-node` command-line flag](#_node). - -- `node_meta` Available in Consul 0.7.3 and later, This object allows associating arbitrary metadata key/value pairs with the local node, which can then be used for filtering results from certain catalog endpoints. See the [`-node-meta` command-line flag](#_node_meta) for more information. - - - - ```hcl - node_meta { - instance_type = "t2.medium" - } - ``` - - ```json - { - "node_meta": { - "instance_type": "t2.medium" - } - } - ``` - - - -- `partition` - This flag is used to set - the name of the admin partition the agent belongs to. An agent can only join - and communicate with other agents within its admin partition. Review the - [Admin Partitions documentation](/docs/enterprise/admin-partitions) for more - details. By default, this is an empty string, which is the `default` admin - partition. This cannot be set on a server agent. - - ~> **Warning:** The `partition` option cannot be used either the - [`segment`](#segment-2) option or [`-segment`](#_segment) flag. - -- `performance` Available in Consul 0.7 and later, this is a nested object that allows tuning the performance of different subsystems in Consul. See the [Server Performance](/docs/install/performance) documentation for more details. The following parameters are available: - - - `leave_drain_time` - A duration that a server will dwell during a graceful leave in order to allow requests to be retried against other Consul servers. Under normal circumstances, this can prevent clients from experiencing "no leader" errors when performing a rolling update of the Consul servers. This was added in Consul 1.0. Must be a duration value such as 10s. Defaults to 5s. - - - `raft_multiplier` - An integer multiplier used by Consul servers to scale key Raft timing parameters. Omitting this value or setting it to 0 uses default timing described below. Lower values are used to tighten timing and increase sensitivity while higher values relax timings and reduce sensitivity. Tuning this affects the time it takes Consul to detect leader failures and to perform leader elections, at the expense of requiring more network and CPU resources for better performance. - - By default, Consul will use a lower-performance timing that's suitable - for [minimal Consul servers](/docs/install/performance#minimum), currently equivalent - to setting this to a value of 5 (this default may be changed in future versions of Consul, - depending if the target minimum server profile changes). Setting this to a value of 1 will - configure Raft to its highest-performance mode, equivalent to the default timing of Consul - prior to 0.7, and is recommended for [production Consul servers](/docs/install/performance#production). - - See the note on [last contact](/docs/install/performance#production-server-requirements) timing for more - details on tuning this parameter. The maximum allowed value is 10. - - - `rpc_hold_timeout` - A duration that a client - or server will retry internal RPC requests during leader elections. Under normal - circumstances, this can prevent clients from experiencing "no leader" errors. - This was added in Consul 1.0. Must be a duration value such as 10s. Defaults - to 7s. - -- `pid_file` Equivalent to the [`-pid-file` command line flag](#_pid_file). - -- `ports` This is a nested object that allows setting the bind ports for the following keys: - - - `dns` ((#dns_port)) - The DNS server, -1 to disable. Default 8600. - TCP and UDP. - - `http` ((#http_port)) - The HTTP API, -1 to disable. Default 8500. - TCP only. - - `https` ((#https_port)) - The HTTPS API, -1 to disable. Default -1 - (disabled). **We recommend using `8501`** for `https` by convention as some tooling - will work automatically with this. - - `grpc` ((#grpc_port)) - The gRPC API, -1 to disable. Default -1 (disabled). - **We recommend using `8502`** for `grpc` by convention as some tooling will work - automatically with this. This is set to `8502` by default when the agent runs - in `-dev` mode. Currently gRPC is only used to expose Envoy xDS API to Envoy - proxies. - - `serf_lan` ((#serf_lan_port)) - The Serf LAN port. Default 8301. TCP - and UDP. Equivalent to the [`-serf-lan-port` command line flag](#_serf_lan_port). - - `serf_wan` ((#serf_wan_port)) - The Serf WAN port. Default 8302. - Equivalent to the [`-serf-wan-port` command line flag](#_serf_wan_port). Set - to -1 to disable. **Note**: this will disable WAN federation which is not recommended. - Various catalog and WAN related endpoints will return errors or empty results. - TCP and UDP. - - `server` ((#server_rpc_port)) - Server RPC address. Default 8300. TCP - only. - - `sidecar_min_port` ((#sidecar_min_port)) - Inclusive minimum port number - to use for automatically assigned [sidecar service registrations](/docs/connect/registration/sidecar-service). - Default 21000. Set to `0` to disable automatic port assignment. - - `sidecar_max_port` ((#sidecar_max_port)) - Inclusive maximum port number - to use for automatically assigned [sidecar service registrations](/docs/connect/registration/sidecar-service). - Default 21255. Set to `0` to disable automatic port assignment. - - `expose_min_port` ((#expose_min_port)) - Inclusive minimum port number - to use for automatically assigned [exposed check listeners](/docs/connect/registration/service-registration#expose-paths-configuration-reference). - Default 21500. Set to `0` to disable automatic port assignment. - - `expose_max_port` ((#expose_max_port)) - Inclusive maximum port number - to use for automatically assigned [exposed check listeners](/docs/connect/registration/service-registration#expose-paths-configuration-reference). - Default 21755. Set to `0` to disable automatic port assignment. - -- `primary_datacenter` - This designates the datacenter - which is authoritative for ACL information, intentions and is the root Certificate - Authority for Connect. It must be provided to enable ACLs. All servers and datacenters - must agree on the primary datacenter. Setting it on the servers is all you need - for cluster-level enforcement, but for the APIs to forward properly from the clients, - it must be set on them too. In Consul 0.8 and later, this also enables agent-level - enforcement of ACLs. - -- `primary_gateways` Equivalent to the [`-primary-gateway` - command-line flag](#_primary_gateway). Takes a list of addresses to use as the - mesh gateways for the primary datacenter when authoritative replicated catalog - data is not present. Discovery happens every [`primary_gateways_interval`](#primary_gateways_interval) - until at least one primary mesh gateway is discovered. This was added in Consul - 1.8.0. - -- `primary_gateways_interval` Time to wait - between [`primary_gateways`](#primary_gateways) discovery attempts. Defaults to - 30s. This was added in Consul 1.8.0. - -- `protocol` ((#protocol)) Equivalent to the [`-protocol` command-line - flag](#_protocol). - -- `raft_boltdb` ((#raft_boltdb)) This is a nested object that allows configuring - options for Raft's BoltDB based log store. - - - `NoFreelistSync` ((#NoFreelistSync)) Setting this to `true` will disable - syncing the BoltDB freelist to disk within the raft.db file. Not syncing - the freelist to disk will reduce disk IO required for write operations - at the expense of potentially increasing start up time due to needing - to scan the db to discover where the free space resides within the file. - -- `raft_protocol` ((#raft_protocol)) Equivalent to the [`-raft-protocol` - command-line flag](#_raft_protocol). - -- `raft_snapshot_threshold` ((#\_raft_snapshot_threshold)) This controls the - minimum number of raft commit entries between snapshots that are saved to - disk. This is a low-level parameter that should rarely need to be changed. - Very busy clusters experiencing excessive disk IO may increase this value to - reduce disk IO, and minimize the chances of all servers taking snapshots at - the same time. Increasing this trades off disk IO for disk space since the log - will grow much larger and the space in the raft.db file can't be reclaimed - till the next snapshot. Servers may take longer to recover from crashes or - failover if this is increased significantly as more logs will need to be - replayed. In Consul 1.1.0 and later this defaults to 16384, and in prior - versions it was set to 8192. - - Since Consul 1.10.0 this can be reloaded using `consul reload` or sending the - server a `SIGHUP` to allow tuning snapshot activity without a rolling restart - in emergencies. - -- `raft_snapshot_interval` ((#\_raft_snapshot_interval)) This controls how often - servers check if they need to save a snapshot to disk. This is a low-level - parameter that should rarely need to be changed. Very busy clusters - experiencing excessive disk IO may increase this value to reduce disk IO, and - minimize the chances of all servers taking snapshots at the same time. - Increasing this trades off disk IO for disk space since the log will grow much - larger and the space in the raft.db file can't be reclaimed till the next - snapshot. Servers may take longer to recover from crashes or failover if this - is increased significantly as more logs will need to be replayed. In Consul - 1.1.0 and later this defaults to `30s`, and in prior versions it was set to - `5s`. - - Since Consul 1.10.0 this can be reloaded using `consul reload` or sending the - server a `SIGHUP` to allow tuning snapshot activity without a rolling restart - in emergencies. - -- `raft_trailing_logs` - This controls how many log entries are left in the log - store on disk after a snapshot is made. This should only be adjusted when - followers cannot catch up to the leader due to a very large snapshot size - and high write throughput causing log truncation before an snapshot can be - fully installed on a follower. If you need to use this to recover a cluster, - consider reducing write throughput or the amount of data stored on Consul as - it is likely under a load it is not designed to handle. The default value is - 10000 which is suitable for all normal workloads. Added in Consul 1.5.3. - - Since Consul 1.10.0 this can be reloaded using `consul reload` or sending the - server a `SIGHUP` to allow recovery without downtime when followers can't keep - up. - -- `reap` This controls Consul's automatic reaping of child processes, - which is useful if Consul is running as PID 1 in a Docker container. If this isn't - specified, then Consul will automatically reap child processes if it detects it - is running as PID 1. If this is set to true or false, then it controls reaping - regardless of Consul's PID (forces reaping on or off, respectively). This option - was removed in Consul 0.7.1. For later versions of Consul, you will need to reap - processes using a wrapper, please see the [Consul Docker image entry point script](https://github.com/hashicorp/docker-consul/blob/master/0.X/docker-entrypoint.sh) - for an example. If you are using Docker 1.13.0 or later, you can use the new `--init` - option of the `docker run` command and docker will enable an init process with - PID 1 that reaps child processes for the container. More info on [Docker docs](https://docs.docker.com/engine/reference/commandline/run/#options). - -- `reconnect_timeout` This controls how long it - takes for a failed node to be completely removed from the cluster. This defaults - to 72 hours and it is recommended that this is set to at least double the maximum - expected recoverable outage time for a node or network partition. WARNING: Setting - this time too low could cause Consul servers to be removed from quorum during an - extended node failure or partition, which could complicate recovery of the cluster. - The value is a time with a unit suffix, which can be "s", "m", "h" for seconds, - minutes, or hours. The value must be >= 8 hours. - -- `reconnect_timeout_wan` This is the WAN equivalent - of the [`reconnect_timeout`](#reconnect_timeout) parameter, which controls - how long it takes for a failed server to be completely removed from the WAN pool. - This also defaults to 72 hours, and must be >= 8 hours. - -- `recursors` This flag provides addresses of upstream DNS - servers that are used to recursively resolve queries if they are not inside the - service domain for Consul. For example, a node can use Consul directly as a DNS - server, and if the record is outside of the "consul." domain, the query will be - resolved upstream. As of Consul 1.0.1 recursors can be provided as IP addresses - or as go-sockaddr templates. IP addresses are resolved in order, and duplicates - are ignored. - -- `rejoin_after_leave` Equivalent to the [`-rejoin` command-line flag](#_rejoin). - -- `retry_join` - Equivalent to the [`-retry-join`](#retry-join) command-line flag. - -- `retry_interval` Equivalent to the [`-retry-interval` command-line flag](#_retry_interval). - -- `retry_join_wan` Equivalent to the [`-retry-join-wan` command-line flag](#_retry_join_wan). Takes a list of addresses to attempt joining to WAN every [`retry_interval_wan`](#_retry_interval_wan) until at least one join works. - -- `retry_interval_wan` Equivalent to the [`-retry-interval-wan` command-line flag](#_retry_interval_wan). - -- `rpc` configuration for Consul servers. - - - `enable_streaming` ((#rpc_enable_streaming)) defaults to true. If set to false it will disable - the gRPC subscribe endpoint on a Consul Server. All - servers in all federated datacenters must have this enabled before any client can use - [`use_streaming_backend`](#use_streaming_backend). - -- `segment` - Equivalent to the [`-segment` command-line flag](#_segment). - - ~> **Warning:** The `segment` option cannot be used with the [`partition`](#partition-1) option. - -- `segments` - (Server agents only) This is a list of nested objects - that specifies user-defined network segments, not including the `` segment, which is - created automatically. Review the [Network Segments documentation](/docs/enterprise/network-segments) - for more details. - - - `name` ((#segment_name)) - The name of the segment. Must be a string - between 1 and 64 characters in length. - - `bind` ((#segment_bind)) - The bind address to use for the segment's - gossip layer. Defaults to the [`-bind`](#_bind) value if not provided. - - `port` ((#segment_port)) - The port to use for the segment's gossip - layer (required). - - `advertise` ((#segment_advertise)) - The advertise address to use for - the segment's gossip layer. Defaults to the [`-advertise`](#_advertise) value - if not provided. - - `rpc_listener` ((#segment_rpc_listener)) - If true, a separate RPC - listener will be started on this segment's [`-bind`](#_bind) address on the rpc - port. Only valid if the segment's bind address differs from the [`-bind`](#_bind) - address. Defaults to false. - -- `server` Equivalent to the [`-server` command-line flag](#_server). - -- `non_voting_server` - **This field is deprecated in Consul 1.9.1. See the [`read_replica`](#read_replica) field instead.** - -- `read_replica` - Equivalent to the [`-read-replica` command-line flag](#_read_replica). - -- `session_ttl_min` The minimum allowed session TTL. This ensures sessions are not created with TTLs - shorter than the specified limit. It is recommended to keep this limit at or above - the default to encourage clients to send infrequent heartbeats. Defaults to 10s. - -- `skip_leave_on_interrupt` This is similar - to [`leave_on_terminate`](#leave_on_terminate) but only affects interrupt handling. - When Consul receives an interrupt signal (such as hitting Control-C in a terminal), - Consul will gracefully leave the cluster. Setting this to `true` disables that - behavior. The default behavior for this feature varies based on whether or not - the agent is running as a client or a server (prior to Consul 0.7 the default value - was unconditionally set to `false`). On agents in client-mode, this defaults to - `false` and for agents in server-mode, this defaults to `true` (i.e. Ctrl-C on - a server will keep the server in the cluster and therefore quorum, and Ctrl-C on - a client will gracefully leave). - -- `start_join` An array of strings specifying addresses - of nodes to [`-join`](#_join) upon startup. Note that using - `retry_join` could be more appropriate to help mitigate - node startup race conditions when automating a Consul cluster deployment. - -- `start_join_wan` An array of strings specifying addresses - of WAN nodes to [`-join-wan`](#_join_wan) upon startup. - -- `telemetry` This is a nested object that configures where - Consul sends its runtime telemetry, and contains the following keys: - - - `circonus_api_token` ((#telemetry-circonus_api_token)) A valid API - Token used to create/manage check. If provided, metric management is - enabled. - - - `circonus_api_app` ((#telemetry-circonus_api_app)) A valid app name - associated with the API token. By default, this is set to "consul". - - - `circonus_api_url` ((#telemetry-circonus_api_url)) - The base URL to use for contacting the Circonus API. By default, this is set - to "https://api.circonus.com/v2". - - - `circonus_submission_interval` ((#telemetry-circonus_submission_interval)) The interval at which metrics are submitted to Circonus. By default, this is set to "10s" (ten seconds). - - - `circonus_submission_url` ((#telemetry-circonus_submission_url)) - The `check.config.submission_url` field, of a Check API object, from a previously - created HTTPTrap check. - - - `circonus_check_id` ((#telemetry-circonus_check_id)) - The Check ID (not **check bundle**) from a previously created HTTPTrap check. - The numeric portion of the `check._cid` field in the Check API object. - - - `circonus_check_force_metric_activation` ((#telemetry-circonus_check_force_metric_activation)) Force activation of metrics which already exist and are not currently active. - If check management is enabled, the default behavior is to add new metrics as - they are encountered. If the metric already exists in the check, it will **not** - be activated. This setting overrides that behavior. By default, this is set to - false. - - - `circonus_check_instance_id` ((#telemetry-circonus_check_instance_id)) Uniquely identifies the metrics coming from this **instance**. It can be used to - maintain metric continuity with transient or ephemeral instances as they move - around within an infrastructure. By default, this is set to hostname:application - name (e.g. "host123:consul"). - - - `circonus_check_search_tag` ((#telemetry-circonus_check_search_tag)) A special tag which, when coupled with the instance id, helps to narrow down - the search results when neither a Submission URL or Check ID is provided. By - default, this is set to service:application name (e.g. "service:consul"). - - - `circonus_check_display_name` ((#telemetry-circonus_check_display_name)) Specifies a name to give a check when it is created. This name is displayed in - the Circonus UI Checks list. Available in Consul 0.7.2 and later. - - - `circonus_check_tags` ((#telemetry-circonus_check_tags)) - Comma separated list of additional tags to add to a check when it is created. - Available in Consul 0.7.2 and later. - - - `circonus_broker_id` ((#telemetry-circonus_broker_id)) - The ID of a specific Circonus Broker to use when creating a new check. The numeric - portion of `broker._cid` field in a Broker API object. If metric management is - enabled and neither a Submission URL nor Check ID is provided, an attempt will - be made to search for an existing check using Instance ID and Search Tag. If - one is not found, a new HTTPTrap check will be created. By default, this is not - used and a random Enterprise Broker is selected, or the default Circonus Public - Broker. - - - `circonus_broker_select_tag` ((#telemetry-circonus_broker_select_tag)) A special tag which will be used to select a Circonus Broker when a Broker ID - is not provided. The best use of this is to as a hint for which broker should - be used based on **where** this particular instance is running (e.g. a specific - geo location or datacenter, dc:sfo). By default, this is left blank and not used. - - - `disable_compat_1.9` ((#telemetry-disable_compat_1.9)) - This allows users to disable metrics deprecated in 1.9 so they are no longer emitted, improving performance and reducing storage in large deployments. As of 1.12 this defaults to `true` and will be removed, along with 1.9 style http metrics in 1.13. - - - `disable_hostname` ((#telemetry-disable_hostname)) - This controls whether or not to prepend runtime telemetry with the machine's - hostname, defaults to false. - - - `dogstatsd_addr` ((#telemetry-dogstatsd_addr)) This provides the address - of a DogStatsD instance in the format `host:port`. DogStatsD is a protocol-compatible - flavor of statsd, with the added ability to decorate metrics with tags and event - information. If provided, Consul will send various telemetry information to that - instance for aggregation. This can be used to capture runtime information. - - - `dogstatsd_tags` ((#telemetry-dogstatsd_tags)) This provides a list - of global tags that will be added to all telemetry packets sent to DogStatsD. - It is a list of strings, where each string looks like "my_tag_name:my_tag_value". - - - `filter_default` ((#telemetry-filter_default)) - This controls whether to allow metrics that have not been specified by the filter. - Defaults to `true`, which will allow all metrics when no filters are provided. - When set to `false` with no filters, no metrics will be sent. - - - `metrics_prefix` ((#telemetry-metrics_prefix)) - The prefix used while writing all telemetry data. By default, this is set to - "consul". This was added in Consul 1.0. For previous versions of Consul, use - the config option `statsite_prefix` in this same structure. This was renamed - in Consul 1.0 since this prefix applied to all telemetry providers, not just - statsite. - - - `prefix_filter` ((#telemetry-prefix_filter)) - This is a list of filter rules to apply for allowing/blocking metrics by - prefix in the following format: - - - - ```hcl - telemetry { - prefix_filter = ["+consul.raft.apply", "-consul.http", "+consul.http.GET"] - } - ``` - - ```json - { - "telemetry": { - "prefix_filter": [ - "+consul.raft.apply", - "-consul.http", - "+consul.http.GET" - ] - } - } - ``` - - - - A leading "**+**" will enable any metrics with the given prefix, and a leading "**-**" will block them. If there is overlap between two rules, the more specific rule will take precedence. Blocking will take priority if the same prefix is listed multiple times. - - - `prometheus_retention_time` ((#telemetry-prometheus_retention_time)) If the value is greater than `0s` (the default), this enables [Prometheus](https://prometheus.io/) - export of metrics. The duration can be expressed using the duration semantics - and will aggregates all counters for the duration specified (it might have an - impact on Consul's memory usage). A good value for this parameter is at least - 2 times the interval of scrape of Prometheus, but you might also put a very high - retention time such as a few days (for instance 744h to enable retention to 31 - days). Fetching the metrics using prometheus can then be performed using the - [`/v1/agent/metrics?format=prometheus`](/api-docs/agent#view-metrics) endpoint. - The format is compatible natively with prometheus. When running in this mode, - it is recommended to also enable the option [`disable_hostname`](#telemetry-disable_hostname) - to avoid having prefixed metrics with hostname. Consul does not use the default - Prometheus path, so Prometheus must be configured as follows. Note that using - `?format=prometheus` in the path won't work as `?` will be escaped, so it must be - specified as a parameter. - - - - ```yaml - metrics_path: '/v1/agent/metrics' - params: - format: ['prometheus'] - ``` - - - - - `statsd_address` ((#telemetry-statsd_address)) This provides the address - of a statsd instance in the format `host:port`. If provided, Consul will send - various telemetry information to that instance for aggregation. This can be used - to capture runtime information. This sends UDP packets only and can be used with - statsd or statsite. - - - `statsite_address` ((#telemetry-statsite_address)) This provides the - address of a statsite instance in the format `host:port`. If provided, Consul - will stream various telemetry information to that instance for aggregation. This - can be used to capture runtime information. This streams via TCP and can only - be used with statsite. - -- `syslog_facility` When [`enable_syslog`](#enable_syslog) - is provided, this controls to which facility messages are sent. By default, `LOCAL0` - will be used. - -- `translate_wan_addrs` If set to true, Consul - will prefer a node's configured [WAN address](#_advertise-wan) - when servicing DNS and HTTP requests for a node in a remote datacenter. This allows - the node to be reached within its own datacenter using its local address, and reached - from other datacenters using its WAN address, which is useful in hybrid setups - with mixed networks. This is disabled by default. - - Starting in Consul 0.7 and later, node addresses in responses to HTTP requests will also prefer a - node's configured [WAN address](#_advertise-wan) when querying for a node in a remote - datacenter. An [`X-Consul-Translate-Addresses`](/api#translated-addresses) header - will be present on all responses when translation is enabled to help clients know that the addresses - may be translated. The `TaggedAddresses` field in responses also have a `lan` address for clients that - need knowledge of that address, regardless of translation. - - The following endpoints translate addresses: - - - [`/v1/catalog/nodes`](/api-docs/catalog#list-nodes) - - [`/v1/catalog/node/`](/api-docs/catalog#retrieve-map-of-services-for-a-node) - - [`/v1/catalog/service/`](/api-docs/catalog#list-nodes-for-service) - - [`/v1/health/service/`](/api-docs/health#list-nodes-for-service) - - [`/v1/query//execute`](/api-docs/query#execute-prepared-query) - -- `ui` - **This field is deprecated in Consul 1.9.0. See the [`ui_config.enabled`](#ui_config_enabled) field instead.** - Equivalent to the [`-ui`](#_ui) command-line flag. - -- `ui_config` - This object allows a number of sub-keys to be set which controls - the display or features available in the UI. Configuring the UI with this - stanza was added in Consul 1.9.0. - - The following sub-keys are available: - - - `enabled` ((#ui_config_enabled)) - This enables the service of the web UI - from this agent. Boolean value, defaults to false. In `-dev` mode this - defaults to true. Replaces `ui` from before 1.9.0. Equivalent to the - [`-ui`](#_ui) command-line flag. - - - `dir` ((#ui_config_dir)) - This specifies that the web UI should be served - from an external dir rather than the build in one. This allows for - customization or development. Replaces `ui_dir` from before 1.9.0. - Equivalent to the [`-ui-dir`](#_ui_dir) command-line flag. - - - `content_path` ((#ui_config_content_path)) - This specifies the HTTP path - that the web UI should be served from. Defaults to `/ui/`. Equivalent to the - [`-ui-content-path`](#_ui_content_path) flag. - - - `metrics_provider` ((#ui_config_metrics_provider)) - Specifies a named - metrics provider implementation the UI should use to fetch service metrics. - By default metrics are disabled. Consul 1.9.0 includes a built-in provider - named `prometheus` that can be enabled explicitly here. It also requires the - `metrics_proxy` to be configured below and direct queries to a Prometheus - instance that has Envoy metrics for all services in the datacenter. - - - `metrics_provider_files` ((#ui_config_metrics_provider_files)) - An optional array - of absolute paths to javascript files on the Agent's disk which will be - served as part of the UI. These files should contain metrics provider - implementations and registration enabling UI metric queries to be customized - or implemented for an alternative time-series backend. - - ~> **Security Note:** These javascript files are included in the UI with no - further validation or sand-boxing. By configuring them here the operator is - fully trusting anyone able to write to them as well as the original authors - not to include malicious code in the UI being served. - - - `metrics_provider_options_json` ((#ui_config_metrics_provider_options_json)) - - This is an optional raw JSON object as a string which is passed to the - provider implementation's `init` method at startup to allow arbitrary - configuration to be passed through. - - - `metrics_proxy` ((#ui_config_metrics_proxy)) - This object configures an - internal agent API endpoint that will proxy GET requests to a metrics - backend to allow querying metrics data in the UI. This simplifies deployment - where the metrics backend is not exposed externally to UI users' browsers. - It may also be used to augment requests with API credentials to allow - serving graphs to UI users without them needing individual access tokens for - the metrics backend. - - ~> **Security Note:** Exposing your metrics backend via Consul in this way - should be carefully considered in production. As Consul doesn't understand - the requests, it can't limit access to only specific resources. For example - **this might make it possible for a malicious user on the network to query - for arbitrary metrics about any server or workload in your infrastructure, - or overload the metrics infrastructure with queries**. See [Metrics Proxy - Security](/docs/connect/observability/ui-visualization#metrics-proxy-security) - for more details. - - The following sub-keys are available: - - - `base_url` ((#ui_config_metrics_provider_base_url)) - This is required to - enable the proxy. It should be set to the base URL that the Consul agent - should proxy requests for metrics too. For example a value of - `http://prometheus-server` would target a Prometheus instance with local - DNS name "prometheus-server" on port 80. This may include a path prefix - which will then not be necessary in provider requests to the backend and - the proxy will prevent any access to paths without that prefix on the - backend. - - - `path_allowlist` ((#ui_config_metrics_provider_path_allowlist)) - This - specifies the paths that may be proxies to when appended to the - `base_url`. It defaults to `["/api/v1/query_range", "/api/v1/query"]` - which are the endpoints required for the built-in Prometheus provider. If - a [custom - provider](/docs/connect/observability/ui-visualization#custom-metrics-providers) - is used that requires the metrics proxy, the correct allowlist must be - specified to enable proxying to necessary endpoints. See [Path - Allowlist](/docs/connect/observability/ui-visualization#path-allowlist) - for more information. - - - `add_headers` ((#ui_config_metrics_proxy_add_headers)) - This is an - optional list if headers to add to requests that are proxied to the - metrics backend. It may be used to inject Authorization tokens within the - agent without exposing those to UI users. - - Each item in the list is an object with the following keys: - - - `name` ((#ui_config_metrics_proxy_add_headers_name)) - Specifies the - HTTP header name to inject into proxied requests. - - - `value` ((#ui_config_metrics_proxy_add_headers_value)) - Specifies the - value in inject into proxied requests. - - - `dashboard_url_templates` ((#ui_config_dashboard_url_templates)) - This map - specifies URL templates that may be used to render links to external - dashboards in various contexts in the UI. It is a map with the name of the - template as a key. The value is a string URL with optional placeholders. - - Each template may contain placeholders which will be substituted for the - correct values in content when rendered in the UI. The placeholders - available are listed for each template. - - For more information and examples see [UI - Visualization](/docs/connect/observability/ui-visualization#configuring-dashboard-urls) - - The following named templates are defined: - - - `service` ((#ui_config_dashboard_url_templates_service)) - This is the URL - to use when linking to the dashboard for a specific service. It is shown - as part of the [Topology - Visualization](/docs/connect/observability/ui-visualization). - - The placeholders available are: - - - `{{Service.Name}}` - Replaced with the current service's name. - - `{{Service.Namespace}}` - Replaced with the current service's namespace or empty if namespaces are not enabled. - - `{{Service.Partition}}` - Replaced with the current service's admin - partition or empty if admin partitions are not enabled. - - `{{Datacenter}}` - Replaced with the current service's datacenter. - -- `ui_dir` - **This field is deprecated in Consul 1.9.0. See the [`ui_config.dir`](#ui_config_dir) field instead.** - Equivalent to the [`-ui-dir`](#_ui_dir) command-line - flag. This configuration key is not required as of Consul version 0.7.0 and later. - Specifying this configuration key will enable the web UI. There is no need to specify - both ui-dir and ui. Specifying both will result in an error. - -- `unix_sockets` - This allows tuning the ownership and - permissions of the Unix domain socket files created by Consul. Domain sockets are - only used if the HTTP address is configured with the `unix://` prefix. - - It is important to note that this option may have different effects on - different operating systems. Linux generally observes socket file permissions - while many BSD variants ignore permissions on the socket file itself. It is - important to test this feature on your specific distribution. This feature is - currently not functional on Windows hosts. - - The following options are valid within this construct and apply globally to all - sockets created by Consul: - - - `user` - The name or ID of the user who will own the socket file. - - `group` - The group ID ownership of the socket file. This option - currently only supports numeric IDs. - - `mode` - The permission bits to set on the file. - -- `use_streaming_backend` defaults to true. When enabled Consul client agents will use - streaming rpc, instead of the traditional blocking queries, for endpoints which support - streaming. All servers must have [`rpc.enable_streaming`](#rpc_enable_streaming) - enabled before any client can enable `use_streaming_backend`. - -- `watches` - Watches is a list of watch specifications which - allow an external process to be automatically invoked when a particular data view - is updated. See the [watch documentation](/docs/dynamic-app-config/watches) for more detail. - Watches can be modified when the configuration is reloaded. - -## TLS Configuration Reference - -This section documents all of the configuration settings that apply to Agent TLS. Agent -TLS is used by the HTTP API, internal RPC, and gRPC/xDS interfaces. Some of these settings -may also be applied automatically by [auto_config](#auto_config) or [auto_encrypt](#auto_encrypt). - -~> **Security Note:** The Certificate Authority (CA) configured on the internal RPC interface -(either explicitly by `tls.internal_rpc` or implicitly by `tls.defaults`) should be a private -CA, not a public one. We recommend using a dedicated CA which should not be used with any other -systems. Any certificate signed by the CA will be allowed to communicate with the cluster and a -specially crafted certificate signed by the CA can be used to gain full access to Consul. - -- `tls` Added in Consul 1.12, for previous versions see - [Deprecated Options](#tls_deprecated_options). - - - `defaults` ((#tls_defaults)) Provides default settings that will be applied - to every interface unless explicitly overridden by `tls.grpc`, `tls.https`, - or `tls.internal_rpc`. - - - `ca_file` ((#tls_defaults_ca_file)) This provides a file path to a - PEM-encoded certificate authority. The certificate authority is used to - check the authenticity of client and server connections with the - appropriate [`verify_incoming`](#tls_defaults_verify_incoming) or - [`verify_outgoing`](#tls_defaults_verify_outgoing) flags. - - - `ca_path` ((#tls_defaults_ca_path)) This provides a path to a directory - of PEM-encoded certificate authority files. These certificate authorities - are used to check the authenticity of client and server connections with - the appropriate [`verify_incoming`](#tls_defaults_verify_incoming) or - [`verify_outgoing`](#tls_defaults_verify_outgoing) flags. - - - `cert_file` ((#tls_defaults_cert_file)) This provides a file path to a - PEM-encoded certificate. The certificate is provided to clients or servers - to verify the agent's authenticity. It must be provided along with - [`key_file`](#tls_defaults_key_file). - - - `key_file` ((#tls_defaults_key_file)) This provides a the file path to a - PEM-encoded private key. The key is used with the certificate to verify - the agent's authenticity. This must be provided along with - [`cert_file`](#tls_defaults_cert_file). - - - `tls_min_version` ((#tls_defaults_tls_min_version)) This specifies the - minimum supported version of TLS. The following values are accepted: - * `TLSv1_0` - * `TLSv1_1` - * `TLSv1_2` (default) - * `TLSv1_3` - - **WARNING: TLS 1.1 and lower are generally considered less secure and - should not be used if possible.** - - The following values are also valid, but only when using the - [deprecated top-level `tls_min_version` config](#tls_deprecated_options), - and will be removed in a future release: - - * `tls10` - * `tls11` - * `tls12` - * `tls13` - - A warning message will appear if a deprecated value is specified. - - - `tls_cipher_suites` ((#tls_defaults_tls_cipher_suites)) This specifies - the list of supported ciphersuites as a comma-separated-list. Applicable - to TLS 1.2 and below only. The list of all supported ciphersuites is - available through [this search](https://github.com/hashicorp/consul/search?q=goTLSCipherSuites+%3D+map). - - ~> **Note:** The ordering of cipher suites will not be guaranteed from - Consul 1.11 onwards. See this [post](https://go.dev/blog/tls-cipher-suites) - for details. - - - `verify_incoming` - ((#tls_defaults_verify_incoming)) If set to true, - Consul requires that all incoming connections make use of TLS and that - the client provides a certificate signed by a Certificate Authority from - the [`ca_file`](#tls_defaults_ca_file) or [`ca_path`](#tls_defaults_ca_path). - By default, this is false, and Consul will not enforce the use of TLS or - verify a client's authenticity. - - - `verify_outgoing` - ((#tls_defaults_verify_outgoing)) If set to true, - Consul requires that all outgoing connections from this agent make use - of TLS and that the server provides a certificate that is signed by a - Certificate Authority from the [`ca_file`](#tls_defaults_ca_file) or - [`ca_path`](#tls_defaults_ca_path). By default, this is false, and Consul - will not make use of TLS for outgoing connections. This applies to clients - and servers as both will make outgoing connections. This setting *does not* - apply to the gRPC interface as Consul makes no outgoing connections on this - interface. - - - `grpc` ((#tls_grpc)) Provides settings for the gRPC/xDS interface. To enable - the gRPC interface you must define a port via [`ports.grpc`](#grpc_port). - To enable TLS on the gRPC interface you also must define an HTTPS port via - [`ports.https`](#https_port). - - - `ca_file` ((#tls_grpc_ca_file)) Overrides [`tls.defaults.ca_file`](#tls_defaults_ca_file). - - - `ca_path` ((#tls_grpc_ca_path)) Overrides [`tls.defaults.ca_path`](#tls_defaults_ca_path). - - - `cert_file` ((#tls_grpc_cert_file)) Overrides [`tls.defaults.cert_file`](#tls_defaults_cert_file). - - - `key_file` ((#tls_grpc_key_file)) Overrides [`tls.defaults.key_file`](#tls_defaults_key_file). - - - `tls_min_version` ((#tls_grpc_tls_min_version)) Overrides [`tls.defaults.tls_min_version`](#tls_defaults_tls_min_version). - - - `tls_cipher_suites` ((#tls_grpc_tls_cipher_suites)) Overrides [`tls.defaults.tls_cipher_suites`](#tls_defaults_tls_cipher_suites). - - - `verify_incoming` - ((#tls_grpc_verify_incoming)) Overrides [`tls.defaults.verify_incoming`](#tls_defaults_verify_incoming). - - - `https` ((#tls_https)) Provides settings for the HTTPS interface. To enable - the HTTPS interface you must define a port via [`ports.https`](#https_port). - - - `ca_file` ((#tls_https_ca_file)) Overrides [`tls.defaults.ca_file`](#tls_defaults_ca_file). - - - `ca_path` ((#tls_https_ca_path)) Overrides [`tls.defaults.ca_path`](#tls_defaults_ca_path). - - - `cert_file` ((#tls_https_cert_file)) Overrides [`tls.defaults.cert_file`](#tls_defaults_cert_file). - - - `key_file` ((#tls_https_key_file)) Overrides [`tls.defaults.key_file`](#tls_defaults_key_file). - - - `tls_min_version` ((#tls_https_tls_min_version)) Overrides [`tls.defaults.tls_min_version`](#tls_defaults_tls_min_version). - - - `tls_cipher_suites` ((#tls_https_tls_cipher_suites)) Overrides [`tls.defaults.tls_cipher_suites`](#tls_defaults_tls_cipher_suites). - - - `verify_incoming` - ((#tls_https_verify_incoming)) Overrides [`tls.defaults.verify_incoming`](#tls_defaults_verify_incoming). - - - `verify_outgoing` - ((#tls_https_verify_outgoing)) Overrides [`tls.defaults.verify_outgoing`](#tls_defaults_verify_outgoing). - - - `internal_rpc` ((#tls_internal_rpc)) Provides settings for the internal - "server" RPC interface configured by [`ports.server`](#server_rpc_port). - - - `ca_file` ((#tls_internal_rpc_ca_file)) Overrides [`tls.defaults.ca_file`](#tls_defaults_ca_file). - - - `ca_path` ((#tls_internal_rpc_ca_path)) Overrides [`tls.defaults.ca_path`](#tls_defaults_ca_path). - - - `cert_file` ((#tls_internal_rpc_cert_file)) Overrides [`tls.defaults.cert_file`](#tls_defaults_cert_file). - - - `key_file` ((#tls_internal_rpc_key_file)) Overrides [`tls.defaults.key_file`](#tls_defaults_key_file). - - - `tls_min_version` ((#tls_internal_rpc_tls_min_version)) Overrides [`tls.defaults.tls_min_version`](#tls_defaults_tls_min_version). - - - `tls_cipher_suites` ((#tls_internal_rpc_tls_cipher_suites)) Overrides [`tls.defaults.tls_cipher_suites`](#tls_defaults_tls_cipher_suites). - - - `verify_incoming` - ((#tls_internal_rpc_verify_incoming)) Overrides [`tls.defaults.verify_incoming`](#tls_defaults_verify_incoming). - - ~> **Security Note:** `verify_incoming` *must* be set to true to prevent - anyone with access to the internal RPC port from gaining full access to - the Consul cluster. - - - `verify_outgoing` ((#tls_internal_rpc_verify_outgoing)) Overrides [`tls.defaults.verify_outgoing`](#tls_defaults_verify_outgoing). - - ~> **Security Note:** Servers that specify `verify_outgoing = true` will - always talk to other servers over TLS, but they still _accept_ non-TLS - connections to allow for a transition of all clients to TLS. Currently the - only way to enforce that no client can communicate with a server unencrypted - is to also enable `verify_incoming` which requires client certificates too. - - - `verify_server_hostname` ((#tls_internal_rpc_verify_server_hostname)) When - set to true, Consul verifies the TLS certificate presented by the servers - match the hostname `server..`. By default this is false, - and Consul does not verify the hostname of the certificate, only that it - is signed by a trusted CA. This setting *must* be enabled to prevent a - compromised client from gaining full read and write access to all cluster - data *including all ACL tokens and Connect CA root keys*. - -- `server_name` When provided, this overrides the [`node_name`](#_node) - for the TLS certificate. It can be used to ensure that the certificate name matches - the hostname we declare. - -### Deprecated Options ((#tls_deprecated_options)) - -The following options were deprecated in Consul 1.12, please use the -[`tls`](#tls) stanza instead. - -- `ca_file` See: [`tls.defaults.ca_file`](#tls_defaults_ca_file). - -- `ca_path` See: [`tls.defaults.ca_path`](#tls_defaults_ca_path). - -- `cert_file` See: [`tls.defaults.cert_file`](#tls_defaults_cert_file). - -- `key_file` See: [`tls.defaults.key_file`](#tls_defaults_key_file). - -- `tls_min_version` Added in Consul 0.7.4. - See: [`tls.defaults.tls_min_version`](#tls_defaults_tls_min_version). - -- `tls_cipher_suites` Added in Consul 0.8.2. - See: [`tls.defaults.tls_cipher_suites`](#tls_defaults_tls_cipher_suites). - -- `tls_prefer_server_cipher_suites` Added in Consul 0.8.2. This setting will - be ignored (see [this post](https://go.dev/blog/tls-cipher-suites) for details). - -- `verify_incoming` See: [`tls.defaults.verify_incoming`](#tls_defaults_verify_incoming). - -- `verify_incoming_rpc` See: [`tls.internal_rpc.verify_incoming`](#tls_internal_rpc_verify_incoming). - -- `verify_incoming_https` See: [`tls.https.verify_incoming`](#tls_https_verify_incoming). - -- `verify_outgoing` See: [`tls.defaults.verify_outgoing`](#tls_defaults_verify_outgoing). - -- `verify_server_hostname` See: [`tls.internal_rpc.verify_server_hostname`](#tls_internal_rpc_verify_server_hostname). - -### Example Configuration File, with TLS - -~> **Security Note:** all three verify options should be set as `true` to enable -secure mTLS communication, enabling both encryption and authentication. Failing -to set [`verify_incoming`](#tls_defaults_verify_incoming) or -[`verify_outgoing`](#tls_defaults_verify_outgoing) either in the -interface-specific stanza (e.g. `tls.internal_rpc`, `tls.https`) or in -`tls.defaults` will result in TLS not being enabled at all, even when specifying -a [`ca_file`](#tls_defaults_ca_file), [`cert_file`](#tls_defaults_cert_file), -and [`key_file`](#tls_defaults_key_file). - -See, especially, the use of the `ports` setting highlighted below. - - - - - -```hcl -datacenter = "east-aws" -data_dir = "/opt/consul" -log_level = "INFO" -node_name = "foobar" -server = true - -addresses = { - https = "0.0.0.0" -} -ports { - https = 8501 -} - -tls { - defaults { - key_file = "/etc/pki/tls/private/my.key" - cert_file = "/etc/pki/tls/certs/my.crt" - ca_file = "/etc/pki/tls/certs/ca-bundle.crt" - verify_incoming = true - verify_outgoing = true - } - - internal_rpc { - verify_server_hostname = true - } -} -``` - - - - - -```json -{ - "datacenter": "east-aws", - "data_dir": "/opt/consul", - "log_level": "INFO", - "node_name": "foobar", - "server": true, - "addresses": { - "https": "0.0.0.0" - }, - "ports": { - "https": 8501 - }, - "tls": { - "defaults": { - "key_file": "/etc/pki/tls/private/my.key", - "cert_file": "/etc/pki/tls/certs/my.crt", - "ca_file": "/etc/pki/tls/certs/ca-bundle.crt", - "verify_incoming": true, - "verify_outgoing": true - }, - "internal_rpc": { - "verify_server_hostname": true - } - } -} -``` - - - - - -Consul will not enable TLS for the HTTP or gRPC API unless the `https` port has -been assigned a port number `> 0`. We recommend using `8501` for `https` as this -default will automatically work with some tooling. - ## Ports Used Consul requires up to 6 different ports to work properly, some on From 02dc86cad1fce586f5718f84f0c4e4fa227ea4f8 Mon Sep 17 00:00:00 2001 From: Natalie Smith Date: Mon, 10 Jan 2022 11:30:56 -0800 Subject: [PATCH 120/785] docs: arrange agent configuration file parameters into logical groups --- .../docs/agent/config/agent-config-cli.mdx | 24 +- .../docs/agent/config/agent-config-files.mdx | 1278 +++++++++-------- 2 files changed, 666 insertions(+), 636 deletions(-) diff --git a/website/content/docs/agent/config/agent-config-cli.mdx b/website/content/docs/agent/config/agent-config-cli.mdx index ff19b147f..8daeebcc1 100644 --- a/website/content/docs/agent/config/agent-config-cli.mdx +++ b/website/content/docs/agent/config/agent-config-cli.mdx @@ -56,17 +56,6 @@ information. intended for production use as it does not write any data to disk. The gRPC port is also defaulted to `8502` in this mode. -- `-disable-host-node-id` ((#\_disable_host_node_id)) - Setting this to - true will prevent Consul from using information from the host to generate a deterministic - node ID, and will instead generate a random node ID which will be persisted in - the data directory. This is useful when running multiple Consul agents on the same - host for testing. This defaults to false in Consul prior to version 0.8.5 and in - 0.8.5 and later defaults to true, so you must opt-in for host-based IDs. Host-based - IDs are generated using [gopsutil](https://github.com/shirou/gopsutil/tree/master/v3/host), which - is shared with HashiCorp's [Nomad](https://www.nomadproject.io/), so if you opt-in - to host-based IDs then Consul and Nomad will use information on the host to automatically - assign the same ID in both systems. - - `-disable-keyring-file` ((#\_disable_keyring_file)) - If set, the keyring will not be persisted to a file. Any installed keys will be lost on shutdown, and only the given `-encrypt` key will be available on startup. This defaults to false. @@ -166,7 +155,7 @@ information. accessed from a remote datacenter if the remote datacenter is configured with [`translate_wan_addrs`](#translate_wan_addrs). In Consul 1.1.0 and later this can be dynamically defined with a [go-sockaddr] template that is resolved at runtime. -## Bind Options +## Address Bind Options - `-bind` ((#\_bind)) - The address that should be bound to for internal cluster communications. This is an IP address that should be reachable by all other @@ -452,6 +441,17 @@ information. - Metadata values for keys beginning with `rfc1035-` are encoded verbatim in DNS TXT requests, otherwise the metadata kv-pair is encoded according [RFC1464](https://www.ietf.org/rfc/rfc1464.txt). +- `-disable-host-node-id` ((#\_disable_host_node_id)) - Setting this to + true will prevent Consul from using information from the host to generate a deterministic + node ID, and will instead generate a random node ID which will be persisted in + the data directory. This is useful when running multiple Consul agents on the same + host for testing. This defaults to false in Consul prior to version 0.8.5 and in + 0.8.5 and later defaults to true, so you must opt-in for host-based IDs. Host-based + IDs are generated using [gopsutil](https://github.com/shirou/gopsutil/tree/master/v3/host), which + is shared with HashiCorp's [Nomad](https://www.nomadproject.io/), so if you opt-in + to host-based IDs then Consul and Nomad will use information on the host to automatically + assign the same ID in both systems. + ## Serf Options - `-serf-lan-allowed-cidrs` ((#\_serf_lan_allowed_cidrs)) - The Serf LAN allowed CIDRs allow to accept incoming diff --git a/website/content/docs/agent/config/agent-config-files.mdx b/website/content/docs/agent/config/agent-config-files.mdx index a454adb0e..f22a1eb69 100644 --- a/website/content/docs/agent/config/agent-config-files.mdx +++ b/website/content/docs/agent/config/agent-config-files.mdx @@ -43,7 +43,7 @@ definitions support being updated during a reload. } ``` -#### Configuration Key Reference +# Configuration Key Reference -> **Note:** All the TTL values described below are parsed by Go's `time` package, and have the following [formatting specification](https://golang.org/pkg/time/#ParseDuration): "A @@ -51,221 +51,7 @@ duration string is a possibly signed sequence of decimal numbers, each with optional fraction and a unit suffix, such as '300ms', '-1.5h' or '2h45m'. Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'." -- `acl` ((#acl)) - This object allows a number of sub-keys to be set which - controls the ACL system. Configuring the ACL system within the ACL stanza was added - in Consul 1.4.0 - - The following sub-keys are available: - - - `enabled` ((#acl_enabled)) - Enables ACLs. - - - `policy_ttl` ((#acl_policy_ttl)) - Used to control Time-To-Live caching - of ACL policies. By default, this is 30 seconds. This setting has a major performance - impact: reducing it will cause more frequent refreshes while increasing it reduces - the number of refreshes. However, because the caches are not actively invalidated, - ACL policy may be stale up to the TTL value. - - - `role_ttl` ((#acl_role_ttl)) - Used to control Time-To-Live caching - of ACL roles. By default, this is 30 seconds. This setting has a major performance - impact: reducing it will cause more frequent refreshes while increasing it reduces - the number of refreshes. However, because the caches are not actively invalidated, - ACL role may be stale up to the TTL value. - - - `token_ttl` ((#acl_token_ttl)) - Used to control Time-To-Live caching - of ACL tokens. By default, this is 30 seconds. This setting has a major performance - impact: reducing it will cause more frequent refreshes while increasing it reduces - the number of refreshes. However, because the caches are not actively invalidated, - ACL token may be stale up to the TTL value. - - - `down_policy` ((#acl_down_policy)) - Either "allow", "deny", "extend-cache" - or "async-cache"; "extend-cache" is the default. In the case that a policy or - token cannot be read from the [`primary_datacenter`](#primary_datacenter) or - leader node, the down policy is applied. In "allow" mode, all actions are permitted, - "deny" restricts all operations, and "extend-cache" allows any cached objects - to be used, ignoring the expiry time of the cached entry. If the request uses an - ACL that is not in the cache, "extend-cache" falls back to the behaviour of - `default_policy`. - The value "async-cache" acts the same way as "extend-cache" - but performs updates asynchronously when ACL is present but its TTL is expired, - thus, if latency is bad between the primary and secondary datacenters, latency - of operations is not impacted. - - - `default_policy` ((#acl_default_policy)) - Either "allow" or "deny"; - defaults to "allow" but this will be changed in a future major release. The default - policy controls the behavior of a token when there is no matching rule. In "allow" - mode, ACLs are a denylist: any operation not specifically prohibited is allowed. - In "deny" mode, ACLs are an allowlist: any operation not specifically - allowed is blocked. **Note**: this will not take effect until you've enabled ACLs. - - - `enable_key_list_policy` ((#acl_enable_key_list_policy)) - Boolean value, defaults to false. - When true, the `list` permission will be required on the prefix being recursively read from the KV store. - Regardless of being enabled, the full set of KV entries under the prefix will be filtered - to remove any entries that the request's ACL token does not grant at least read - permissions. This option is only available in Consul 1.0 and newer. - - - `enable_token_replication` ((#acl_enable_token_replication)) - By default - secondary Consul datacenters will perform replication of only ACL policies and - roles. Setting this configuration will will enable ACL token replication and - allow for the creation of both [local tokens](/api/acl/tokens#local) and - [auth methods](/docs/acl/auth-methods) in connected secondary datacenters. - - ~> **Warning:** When enabling ACL token replication on the secondary datacenter, - global tokens already present in the secondary datacenter will be lost. For - production environments, consider configuring ACL replication in your initial - datacenter bootstrapping process. - - - `enable_token_persistence` ((#acl_enable_token_persistence)) - Either - `true` or `false`. When `true` tokens set using the API will be persisted to - disk and reloaded when an agent restarts. - - - `tokens` ((#acl_tokens)) - This object holds all of the configured - ACL tokens for the agents usage. - - - `initial_management` ((#acl_tokens_initial_management)) - This is available in - Consul 1.11 and later. In prior versions, use [`acl.tokens.master`](#acl_tokens_master). - - Only used for servers in the [`primary_datacenter`](#primary_datacenter). - This token will be created with management-level permissions if it does not exist. - It allows operators to bootstrap the ACL system with a token Secret ID that is - well-known. - - The `initial_management` token is only installed when a server acquires cluster - leadership. If you would like to install or change it, set the new value for - `initial_management` in the configuration for all servers. Once this is done, - restart the current leader to force a leader election. If the `initial_management` - token is not supplied, then the servers do not create an initial management token. - When you provide a value, it should be a UUID. To maintain backwards compatibility - and an upgrade path this restriction is not currently enforced but will be in a - future major Consul release. - - - `master` ((#acl_tokens_master)) **Renamed in Consul 1.11 to - [`acl.tokens.initial_management`](#acl_tokens_initial_management).** - - - `default` ((#acl_tokens_default)) - When provided, the agent will - use this token when making requests to the Consul servers. Clients can override - this token on a per-request basis by providing the "?token" query parameter. - When not provided, the empty token, which maps to the 'anonymous' ACL token, - is used. - - - `agent` ((#acl_tokens_agent)) - Used for clients and servers to perform - internal operations. If this isn't specified, then the - [`default`](#acl_tokens_default) will be used. - - This token must at least have write access to the node name it will - register as in order to set any of the node-level information in the - catalog such as metadata, or the node's tagged addresses. - - - `agent_recovery` ((#acl_tokens_agent_recovery)) - This is available in Consul 1.11 - and later. In prior versions, use [`acl.tokens.agent_master`](#acl_tokens_agent_master). - - Used to access [agent endpoints](/api/agent) that require agent read or write privileges, - or node read privileges, even if Consul servers aren't present to validate any tokens. - This should only be used by operators during outages, regular ACL tokens should normally - be used by applications. - - - `agent_master` ((#acl_tokens_agent_master)) **Renamed in Consul 1.11 to - [`acl.tokens.agent_recovery`](#acl_tokens_agent_recovery).** - - - `replication` ((#acl_tokens_replication)) - The ACL token used to - authorize secondary datacenters with the primary datacenter for replication - operations. This token is required for servers outside the [`primary_datacenter`](#primary_datacenter) when ACLs are enabled. This token may be provided later using the [agent token API](/api/agent#update-acl-tokens) on each server. This token must have at least "read" permissions on ACL data but if ACL token replication is enabled then it must have "write" permissions. This also enables Connect replication, for which the token will require both operator "write" and intention "read" permissions for replicating CA and Intention data. - - ~> **Warning:** When enabling ACL token replication on the secondary datacenter, - policies and roles already present in the secondary datacenter will be lost. For - production environments, consider configuring ACL replication in your initial - datacenter bootstrapping process. - - - `managed_service_provider` ((#acl_tokens_managed_service_provider)) - An - array of ACL tokens used by Consul managed service providers for cluster operations. - - ```json - "managed_service_provider": [ - { - "accessor_id": "ed22003b-0832-4e48-ac65-31de64e5c2ff", - "secret_id": "cb6be010-bba8-4f30-a9ed-d347128dde17" - } - ] - ``` - -- `acl_datacenter` - **This field is deprecated in Consul 1.4.0. See the [`primary_datacenter`](#primary_datacenter) field instead.** - - This designates the datacenter which is authoritative for ACL information. It must be provided to enable ACLs. All servers and datacenters must agree on the ACL datacenter. Setting it on the servers is all you need for cluster-level enforcement, but for the APIs to forward properly from the clients, - it must be set on them too. In Consul 0.8 and later, this also enables agent-level enforcement - of ACLs. Please review the [ACL tutorial](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production) for more details. - -- `acl_default_policy` ((#acl_default_policy_legacy)) - **Deprecated in Consul 1.4.0. See the [`acl.default_policy`](#acl_default_policy) field instead.** - Either "allow" or "deny"; defaults to "allow". The default policy controls the - behavior of a token when there is no matching rule. In "allow" mode, ACLs are a - denylist: any operation not specifically prohibited is allowed. In "deny" mode, - ACLs are an allowlist: any operation not specifically allowed is blocked. **Note**: - this will not take effect until you've set `primary_datacenter` to enable ACL support. - -- `acl_down_policy` ((#acl_down_policy_legacy)) - **Deprecated in Consul - 1.4.0. See the [`acl.down_policy`](#acl_down_policy) field instead.** Either "allow", - "deny", "extend-cache" or "async-cache"; "extend-cache" is the default. In the - case that the policy for a token cannot be read from the [`primary_datacenter`](#primary_datacenter) - or leader node, the down policy is applied. In "allow" mode, all actions are permitted, - "deny" restricts all operations, and "extend-cache" allows any cached ACLs to be - used, ignoring their TTL values. If a non-cached ACL is used, "extend-cache" acts - like "deny". The value "async-cache" acts the same way as "extend-cache" but performs - updates asynchronously when ACL is present but its TTL is expired, thus, if latency - is bad between ACL authoritative and other datacenters, latency of operations is - not impacted. - -- `acl_agent_master_token` ((#acl_agent_master_token_legacy)) - **Deprecated - in Consul 1.4.0. See the [`acl.tokens.agent_master`](#acl_tokens_agent_master) - field instead.** Used to access [agent endpoints](/api/agent) that - require agent read or write privileges, or node read privileges, even if Consul - servers aren't present to validate any tokens. This should only be used by operators - during outages, regular ACL tokens should normally be used by applications. This - was added in Consul 0.7.2 and is only used when [`acl_enforce_version_8`](#acl_enforce_version_8) is set to true. - -- `acl_agent_token` ((#acl_agent_token_legacy)) - **Deprecated in Consul - 1.4.0. See the [`acl.tokens.agent`](#acl_tokens_agent) field instead.** Used for - clients and servers to perform internal operations. If this isn't specified, then - the [`acl_token`](#acl_token) will be used. This was added in Consul 0.7.2. - - This token must at least have write access to the node name it will register as in order to set any - of the node-level information in the catalog such as metadata, or the node's tagged addresses. - -- `acl_enforce_version_8` - **Deprecated in - Consul 1.4.0 and removed in 1.8.0.** Used for clients and servers to determine if enforcement should - occur for new ACL policies being previewed before Consul 0.8. Added in Consul 0.7.2, - this defaults to false in versions of Consul prior to 0.8, and defaults to true - in Consul 0.8 and later. This helps ease the transition to the new ACL features - by allowing policies to be in place before enforcement begins. - -- `acl_master_token` ((#acl_master_token_legacy)) - **Deprecated in Consul - 1.4.0. See the [`acl.tokens.master`](#acl_tokens_master) field instead.** - -- `acl_replication_token` ((#acl_replication_token_legacy)) - **Deprecated - in Consul 1.4.0. See the [`acl.tokens.replication`](#acl_tokens_replication) field - instead.** Only used for servers outside the [`primary_datacenter`](#primary_datacenter) - running Consul 0.7 or later. When provided, this will enable [ACL replication](https://learn.hashicorp.com/tutorials/consul/access-control-replication-multiple-datacenters) - using this ACL replication using this token to retrieve and replicate the ACLs - to the non-authoritative local datacenter. In Consul 0.9.1 and later you can enable - ACL replication using [`acl.enable_token_replication`](#acl_enable_token_replication) and then - set the token later using the [agent token API](/api/agent#update-acl-tokens) - on each server. If the `acl_replication_token` is set in the config, it will automatically - set [`acl.enable_token_replication`](#acl_enable_token_replication) to true for backward compatibility. - - If there's a partition or other outage affecting the authoritative datacenter, and the - [`acl_down_policy`](/docs/agent/options#acl_down_policy) is set to "extend-cache", tokens not - in the cache can be resolved during the outage using the replicated set of ACLs. - -- `acl_token` ((#acl_token_legacy)) - **Deprecated in Consul 1.4.0. See - the [`acl.tokens.default`](#acl_tokens_default) field instead.** When provided, - the agent will use this token when making requests to the Consul servers. Clients - can override this token on a per-request basis by providing the "?token" query - parameter. When not provided, the empty token, which maps to the 'anonymous' ACL - policy, is used. - -- `acl_ttl` ((#acl_ttl_legacy)) - **Deprecated in Consul 1.4.0. See the - [`acl.token_ttl`](#acl_token_ttl) field instead.**Used to control Time-To-Live - caching of ACLs. By default, this is 30 seconds. This setting has a major performance - impact: reducing it will cause more frequent refreshes while increasing it reduces - the number of refreshes. However, because the caches are not actively invalidated, - ACL policy may be stale up to the TTL value. +## General - `addresses` - This is a nested object that allows setting bind addresses. In Consul 1.0 and later these can be set to a space-separated list @@ -294,34 +80,8 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'." - `https` - The HTTPS API. Defaults to `client_addr` - `grpc` - The gRPC API. Defaults to `client_addr` -- `advertise_addr` Equivalent to the [`-advertise` command-line flag](#_advertise). - -- `advertise_addr_ipv4` This was added together with [`advertise_addr_ipv6`](#advertise_addr_ipv6) to support dual stack IPv4/IPv6 environments. Using this, both IPv4 and IPv6 addresses can be specified and requested during eg service discovery. - -- `advertise_addr_ipv6` This was added together with [`advertise_addr_ipv4`](#advertise_addr_ipv4) to support dual stack IPv4/IPv6 environments. Using this, both IPv4 and IPv6 addresses can be specified and requested during eg service discovery. - -- `advertise_addr_wan` Equivalent to the [`-advertise-wan` command-line flag](#_advertise-wan). - -- `advertise_addr_wan_ipv4` This was added together with [`advertise_addr_wan_ipv6`](#advertise_addr_wan_ipv6) to support dual stack IPv4/IPv6 environments. Using this, both IPv4 and IPv6 addresses can be specified and requested during eg service discovery. - -- `advertise_addr_wan_ipv6` This was added together with [`advertise_addr_wan_ipv4`](#advertise_addr_wan_ipv4) to support dual stack IPv4/IPv6 environments. Using this, both IPv4 and IPv6 addresses can be specified and requested during eg service discovery. - -- `advertise_reconnect_timeout` This is a per-agent setting of the [`reconnect_timeout`](#reconnect_timeout) parameter. - This agent will advertise to all other nodes in the cluster that after this timeout, the node may be completely - removed from the cluster. This may only be set on client agents and if unset then other nodes will use the main - `reconnect_timeout` setting when determining when this node may be removed from the cluster. - - `alt_domain` Equivalent to the [`-alt-domain` command-line flag](#_alt_domain) -- `serf_lan` ((#serf_lan_bind)) Equivalent to the [`-serf-lan-bind` command-line flag](#_serf_lan_bind). - This is an IP address, not to be confused with [`ports.serf_lan`](#serf_lan_port). - -- `serf_lan_allowed_cidrs` ((#serf_lan_allowed_cidrs)) Equivalent to the [`-serf-lan-allowed-cidrs` command-line flag](#_serf_lan_allowed_cidrs). - -- `serf_wan` ((#serf_wan_bind)) Equivalent to the [`-serf-wan-bind` command-line flag](#_serf_wan_bind). - -- `serf_wan_allowed_cidrs` ((#serf_wan_allowed_cidrs)) Equivalent to the [`-serf-wan-allowed-cidrs` command-line flag](#_serf_wan_allowed_cidrs). - - `audit` - Added in Consul 1.8, the audit object allow users to enable auditing and configure a sink and filters for their audit logs. For more information, review the [audit log tutorial](https://learn.hashicorp.com/tutorials/consul/audit-logging). @@ -550,49 +310,6 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'." - `partition` - The admin partition name the client is requesting. -- `auto_encrypt` This object allows setting options for the `auto_encrypt` feature. - - The following sub-keys are available: - - - `allow_tls` (Defaults to `false`) This option enables - `auto_encrypt` on the servers and allows them to automatically distribute certificates - from the Connect CA to the clients. If enabled, the server can accept incoming - connections from both the built-in CA and the Connect CA, as well as their certificates. - Note, the server will only present the built-in CA and certificate, which the - client can verify using the CA it received from `auto_encrypt` endpoint. If disabled, - a client configured with `auto_encrypt.tls` will be unable to start. - - - `tls` (Defaults to `false`) Allows the client to request the - Connect CA and certificates from the servers, for encrypting RPC communication. - The client will make the request to any servers listed in the `-join` or `-retry-join` - option. This requires that every server to have `auto_encrypt.allow_tls` enabled. - When both `auto_encrypt` options are used, it allows clients to receive certificates - that are generated on the servers. If the `-server-port` is not the default one, - it has to be provided to the client as well. Usually this is discovered through - LAN gossip, but `auto_encrypt` provision happens before the information can be - distributed through gossip. The most secure `auto_encrypt` setup is when the - client is provided with the built-in CA, `verify_server_hostname` is turned on, - and when an ACL token with `node.write` permissions is setup. It is also possible - to use `auto_encrypt` with a CA and ACL, but without `verify_server_hostname`, - or only with a ACL enabled, or only with CA and `verify_server_hostname`, or - only with a CA, or finally without a CA and without ACL enabled. In any case, - the communication to the `auto_encrypt` endpoint is always TLS encrypted. - - ~> **Warning:** Enabling `auto_encrypt.tls` conflicts with the [`auto_config`](#auto_config) feature. - Only one option may be specified. - - - `dns_san` (Defaults to `[]`) When this option is being - used, the certificates requested by `auto_encrypt` from the server have these - `dns_san` set as DNS SAN. - - - `ip_san` (Defaults to `[]`) When this option is being used, - the certificates requested by `auto_encrypt` from the server have these `ip_san` - set as IP SAN. - -- `bootstrap` Equivalent to the [`-bootstrap` command-line flag](#_bootstrap). - -- `bootstrap_expect` Equivalent to the [`-bootstrap-expect` command-line flag](#_bootstrap_expect). - - `bind_addr` Equivalent to the [`-bind` command-line flag](#_bind). This parameter can be set to a go-sockaddr template that resolves to a single @@ -655,6 +372,594 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr See the [configuration entry docs](/docs/agent/config-entries) for more details about the contents of each entry. +- `datacenter` Equivalent to the [`-datacenter` command-line flag](#_datacenter). + +- `data_dir` Equivalent to the [`-data-dir` command-line flag](#_data_dir). + +- `disable_anonymous_signature` Disables providing an anonymous + signature for de-duplication with the update check. See [`disable_update_check`](#disable_update_check). + +- `disable_http_unprintable_char_filter` Defaults to false. Consul 1.0.3 fixed a potential security vulnerability where malicious users could craft KV keys with unprintable chars that would confuse operators using the CLI or UI into taking wrong actions. Users who had data written in older versions of Consul that did not have this restriction will be unable to delete those values by default in 1.0.3 or later. This setting enables those users to **temporarily** disable the filter such that delete operations can work on those keys again to get back to a healthy state. It is strongly recommended that this filter is not disabled permanently as it exposes the original security vulnerability. + +- `disable_remote_exec` Disables support for remote execution. When set to true, the agent will ignore + any incoming remote exec requests. In versions of Consul prior to 0.8, this defaulted + to false. In Consul 0.8 the default was changed to true, to make remote exec opt-in + instead of opt-out. + +- `disable_update_check` Disables automatic checking for security bulletins and new version releases. This is disabled in Consul Enterprise. + +- `discard_check_output` Discards the output of health checks before storing them. This reduces the number of writes to the Consul raft log in environments where health checks have volatile output like timestamps, process ids, ... + +- `discovery_max_stale` - Enables stale requests for all service discovery HTTP endpoints. This is + equivalent to the [`max_stale`](#max_stale) configuration for DNS requests. If this value is zero (default), all service discovery HTTP endpoints are forwarded to the leader. If this value is greater than zero, any Consul server can handle the service discovery request. If a Consul server is behind the leader by more than `discovery_max_stale`, the query will be re-evaluated on the leader to get more up-to-date results. Consul agents also add a new `X-Consul-Effective-Consistency` response header which indicates if the agent did a stale read. `discover-max-stale` was introduced in Consul 1.0.7 as a way for Consul operators to force stale requests from clients at the agent level, and defaults to zero which matches default consistency behavior in earlier Consul versions. + +- `enable_agent_tls_for_checks` When set, uses a subset of the agent's TLS configuration (`key_file`, + `cert_file`, `ca_file`, `ca_path`, and `server_name`) to set up the client for HTTP or gRPC health checks. This allows services requiring 2-way TLS to be checked using the agent's credentials. This was added in Consul 1.0.1 and defaults to false. + +- `enable_central_service_config` When set, the Consul agent will look for any + [centralized service configuration](/docs/agent/config-entries) + that match a registering service instance. If it finds any, the agent will merge the centralized defaults with the service instance configuration. This allows for things like service protocol or proxy configuration to be defined centrally and inherited by any affected service registrations. + This defaults to `false` in versions of Consul prior to 1.9.0, and defaults to `true` in Consul 1.9.0 and later. + +- `enable_debug` When set, enables some additional debugging features. Currently, this is only used to + access runtime profiling HTTP endpoints, which are available with an `operator:read` ACL regardless of the value of `enable_debug`. + +- `enable_script_checks` Equivalent to the [`-enable-script-checks` command-line flag](#_enable_script_checks). + + ACLs must be enabled for agents and the `enable_script_checks` option must be set to `true` to enable script checks in Consul 0.9.0 and later. See [Registering and Querying Node Information](/docs/security/acl/acl-rules#registering-and-querying-node-information) for related information. + + ~> **Security Warning:** Enabling script checks in some configurations may introduce a known remote execution vulnerability targeted by malware. We strongly recommend `enable_local_script_checks` instead. Refer to the following article for additional guidance: [_Protecting Consul from RCE Risk in Specific Configurations_](https://www.hashicorp.com/blog/protecting-consul-from-rce-risk-in-specific-configurations) + for more details. + +- `enable_local_script_checks` Equivalent to the [`-enable-local-script-checks` command-line flag](#_enable_local_script_checks). + +- `disable_keyring_file` - Equivalent to the + [`-disable-keyring-file` command-line flag](#_disable_keyring_file). + +- `disable_coordinates` - Disables sending of [network coordinates](/docs/architecture/coordinates). + When network coordinates are disabled the `near` query param will not work to sort the nodes, + and the [`consul rtt`](/commands/rtt) command will not be able to provide round trip time between nodes. + +- `http_config` This object allows setting options for the HTTP API and UI. + + The following sub-keys are available: + + - `block_endpoints` + This object is a list of HTTP API endpoint prefixes to block on the agent, and + defaults to an empty list, meaning all endpoints are enabled. Any endpoint that + has a common prefix with one of the entries on this list will be blocked and + will return a 403 response code when accessed. For example, to block all of the + V1 ACL endpoints, set this to `["/v1/acl"]`, which will block `/v1/acl/create`, + `/v1/acl/update`, and the other ACL endpoints that begin with `/v1/acl`. This + only works with API endpoints, not `/ui` or `/debug`, those must be disabled + with their respective configuration options. Any CLI commands that use disabled + endpoints will no longer function as well. For more general access control, Consul's + [ACL system](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production) + should be used, but this option is useful for removing access to HTTP API endpoints + completely, or on specific agents. This is available in Consul 0.9.0 and later. + + - `response_headers` This object allows adding headers to the HTTP API and UI responses. For example, the following config can be used to enable [CORS](https://en.wikipedia.org/wiki/Cross-origin_resource_sharing) on the HTTP API endpoints: + + ```json + { + "http_config": { + "response_headers": { + "Access-Control-Allow-Origin": "*" + } + } + } + ``` + + - `allow_write_http_from` This object is a list of networks in CIDR notation (eg "127.0.0.0/8") that are allowed to call the agent write endpoints. It defaults to an empty list, which means all networks are allowed. This is used to make the agent read-only, except for select ip ranges. - To block write calls from anywhere, use `[ "255.255.255.255/32" ]`. - To only allow write calls from localhost, use `[ "127.0.0.0/8" ]` - To only allow specific IPs, use `[ "10.0.0.1/32", "10.0.0.2/32" ]` + + - `use_cache` ((#http_config_use_cache)) Defaults to true. If disabled, the agent won't be using [agent caching](/api/features/caching) to answer the request. Even when the url parameter is provided. + + - `max_header_bytes` This setting controls the maximum number of bytes the consul http server will read parsing the request header's keys and values, including the request line. It does not limit the size of the request body. If zero, or negative, http.DefaultMaxHeaderBytes is used, which equates to 1 Megabyte. + +- `leave_on_terminate` If enabled, when the agent receives a TERM signal, it will send a `Leave` message to the rest of the cluster and gracefully leave. The default behavior for this feature varies based on whether or not the agent is running as a client or a server (prior to Consul 0.7 the default value was unconditionally set to `false`). On agents in client-mode, this defaults to `true` and for agents in server-mode, this defaults to `false`. + +- `license_path` This specifies the path to a file that contains the Consul Enterprise license. Alternatively the license may also be specified in either the `CONSUL_LICENSE` or `CONSUL_LICENSE_PATH` environment variables. See the [licensing documentation](/docs/enterprise/license/overview) for more information about Consul Enterprise license management. Added in versions 1.10.0, 1.9.7 and 1.8.13. Prior to version 1.10.0 the value may be set for all agents to facilitate forwards compatibility with 1.10 but will only actually be used by client agents. + +- `limits` Available in Consul 0.9.3 and later, this is a nested + object that configures limits that are enforced by the agent. Prior to Consul 1.5.2, + this only applied to agents in client mode, not Consul servers. The following parameters + are available: + + - `http_max_conns_per_client` - Configures a limit of how many concurrent TCP connections a single client IP address is allowed to open to the agent's HTTP(S) server. This affects the HTTP(S) servers in both client and server agents. Default value is `200`. + - `https_handshake_timeout` - Configures the limit for how long the HTTPS server in both client and server agents will wait for a client to complete a TLS handshake. This should be kept conservative as it limits how many connections an unauthenticated attacker can open if `verify_incoming` is being using to authenticate clients (strongly recommended in production). Default value is `5s`. + - `rpc_handshake_timeout` - Configures the limit for how long servers will wait after a client TCP connection is established before they complete the connection handshake. When TLS is used, the same timeout applies to the TLS handshake separately from the initial protocol negotiation. All Consul clients should perform this immediately on establishing a new connection. This should be kept conservative as it limits how many connections an unauthenticated attacker can open if `verify_incoming` is being using to authenticate clients (strongly recommended in production). When `verify_incoming` is true on servers, this limits how long the connection socket and associated goroutines will be held open before the client successfully authenticates. Default value is `5s`. + - `rpc_max_conns_per_client` - Configures a limit of how many concurrent TCP connections a single source IP address is allowed to open to a single server. It affects both clients connections and other server connections. In general Consul clients multiplex many RPC calls over a single TCP connection so this can typically be kept low. It needs to be more than one though since servers open at least one additional connection for raft RPC, possibly more for WAN federation when using network areas, and snapshot requests from clients run over a separate TCP conn. A reasonably low limit significantly reduces the ability of an unauthenticated attacker to consume unbounded resources by holding open many connections. You may need to increase this if WAN federated servers connect via proxies or NAT gateways or similar causing many legitimate connections from a single source IP. Default value is `100` which is designed to be extremely conservative to limit issues with certain deployment patterns. Most deployments can probably reduce this safely. 100 connections on modern server hardware should not cause a significant impact on resource usage from an unauthenticated attacker though. + - `rpc_rate` - Configures the RPC rate limiter on Consul _clients_ by setting the maximum request rate that this agent is allowed to make for RPC requests to Consul servers, in requests per second. Defaults to infinite, which disables rate limiting. + - `rpc_max_burst` - The size of the token bucket used to recharge the RPC rate limiter on Consul _clients_. Defaults to 1000 tokens, and each token is good for a single RPC call to a Consul server. See https://en.wikipedia.org/wiki/Token_bucket for more details about how token bucket rate limiters operate. + - `kv_max_value_size` - **(Advanced)** Configures the maximum number of bytes for a kv request body to the [`/v1/kv`](/api/kv) endpoint. This limit defaults to [raft's](https://github.com/hashicorp/raft) suggested max size (512KB). **Note that tuning these improperly can cause Consul to fail in unexpected ways**, it may potentially affect leadership stability and prevent timely heartbeat signals by increasing RPC IO duration. This option affects the txn endpoint too, but Consul 1.7.2 introduced `txn_max_req_len` which is the preferred way to set the limit for the txn endpoint. If both limits are set, the higher one takes precedence. + - `txn_max_req_len` - **(Advanced)** Configures the maximum number of bytes for a transaction request body to the [`/v1/txn`](/api/txn) endpoint. This limit defaults to [raft's](https://github.com/hashicorp/raft) suggested max size (512KB). **Note that tuning these improperly can cause Consul to fail in unexpected ways**, it may potentially affect leadership stability and prevent timely heartbeat signals by increasing RPC IO duration. + +- `default_query_time` Equivalent to the [`-default-query-time` command-line flag](#_default_query_time). + +- `max_query_time` Equivalent to the [`-max-query-time` command-line flag](#_max_query_time). + +- `partition` - This flag is used to set + the name of the admin partition the agent belongs to. An agent can only join + and communicate with other agents within its admin partition. Review the + [Admin Partitions documentation](/docs/enterprise/admin-partitions) for more + details. By default, this is an empty string, which is the `default` admin + partition. This cannot be set on a server agent. + + ~> **Warning:** The `partition` option cannot be used either the + [`segment`](#segment-2) option or [`-segment`](#_segment) flag. + +- `performance` Available in Consul 0.7 and later, this is a nested object that allows tuning the performance of different subsystems in Consul. See the [Server Performance](/docs/install/performance) documentation for more details. The following parameters are available: + + - `leave_drain_time` - A duration that a server will dwell during a graceful leave in order to allow requests to be retried against other Consul servers. Under normal circumstances, this can prevent clients from experiencing "no leader" errors when performing a rolling update of the Consul servers. This was added in Consul 1.0. Must be a duration value such as 10s. Defaults to 5s. + + - `raft_multiplier` - An integer multiplier used by Consul servers to scale key Raft timing parameters. Omitting this value or setting it to 0 uses default timing described below. Lower values are used to tighten timing and increase sensitivity while higher values relax timings and reduce sensitivity. Tuning this affects the time it takes Consul to detect leader failures and to perform leader elections, at the expense of requiring more network and CPU resources for better performance. + + By default, Consul will use a lower-performance timing that's suitable + for [minimal Consul servers](/docs/install/performance#minimum), currently equivalent + to setting this to a value of 5 (this default may be changed in future versions of Consul, + depending if the target minimum server profile changes). Setting this to a value of 1 will + configure Raft to its highest-performance mode, equivalent to the default timing of Consul + prior to 0.7, and is recommended for [production Consul servers](/docs/install/performance#production). + + See the note on [last contact](/docs/install/performance#production-server-requirements) timing for more + details on tuning this parameter. The maximum allowed value is 10. + + - `rpc_hold_timeout` - A duration that a client + or server will retry internal RPC requests during leader elections. Under normal + circumstances, this can prevent clients from experiencing "no leader" errors. + This was added in Consul 1.0. Must be a duration value such as 10s. Defaults + to 7s. + +- `pid_file` Equivalent to the [`-pid-file` command line flag](#_pid_file). + +- `ports` This is a nested object that allows setting the bind ports for the following keys: + + - `dns` ((#dns_port)) - The DNS server, -1 to disable. Default 8600. + TCP and UDP. + - `http` ((#http_port)) - The HTTP API, -1 to disable. Default 8500. + TCP only. + - `https` ((#https_port)) - The HTTPS API, -1 to disable. Default -1 + (disabled). **We recommend using `8501`** for `https` by convention as some tooling + will work automatically with this. + - `grpc` ((#grpc_port)) - The gRPC API, -1 to disable. Default -1 (disabled). + **We recommend using `8502`** for `grpc` by convention as some tooling will work + automatically with this. This is set to `8502` by default when the agent runs + in `-dev` mode. Currently gRPC is only used to expose Envoy xDS API to Envoy + proxies. + - `serf_lan` ((#serf_lan_port)) - The Serf LAN port. Default 8301. TCP + and UDP. Equivalent to the [`-serf-lan-port` command line flag](#_serf_lan_port). + - `serf_wan` ((#serf_wan_port)) - The Serf WAN port. Default 8302. + Equivalent to the [`-serf-wan-port` command line flag](#_serf_wan_port). Set + to -1 to disable. **Note**: this will disable WAN federation which is not recommended. + Various catalog and WAN related endpoints will return errors or empty results. + TCP and UDP. + - `server` ((#server_rpc_port)) - Server RPC address. Default 8300. TCP + only. + - `sidecar_min_port` ((#sidecar_min_port)) - Inclusive minimum port number + to use for automatically assigned [sidecar service registrations](/docs/connect/registration/sidecar-service). + Default 21000. Set to `0` to disable automatic port assignment. + - `sidecar_max_port` ((#sidecar_max_port)) - Inclusive maximum port number + to use for automatically assigned [sidecar service registrations](/docs/connect/registration/sidecar-service). + Default 21255. Set to `0` to disable automatic port assignment. + - `expose_min_port` ((#expose_min_port)) - Inclusive minimum port number + to use for automatically assigned [exposed check listeners](/docs/connect/registration/service-registration#expose-paths-configuration-reference). + Default 21500. Set to `0` to disable automatic port assignment. + - `expose_max_port` ((#expose_max_port)) - Inclusive maximum port number + to use for automatically assigned [exposed check listeners](/docs/connect/registration/service-registration#expose-paths-configuration-reference). + Default 21755. Set to `0` to disable automatic port assignment. + +- `primary_datacenter` - This designates the datacenter + which is authoritative for ACL information, intentions and is the root Certificate + Authority for Connect. It must be provided to enable ACLs. All servers and datacenters + must agree on the primary datacenter. Setting it on the servers is all you need + for cluster-level enforcement, but for the APIs to forward properly from the clients, + it must be set on them too. In Consul 0.8 and later, this also enables agent-level + enforcement of ACLs. + +- `primary_gateways` Equivalent to the [`-primary-gateway` + command-line flag](#_primary_gateway). Takes a list of addresses to use as the + mesh gateways for the primary datacenter when authoritative replicated catalog + data is not present. Discovery happens every [`primary_gateways_interval`](#primary_gateways_interval) + until at least one primary mesh gateway is discovered. This was added in Consul + 1.8.0. + +- `primary_gateways_interval` Time to wait + between [`primary_gateways`](#primary_gateways) discovery attempts. Defaults to + 30s. This was added in Consul 1.8.0. + +- `protocol` ((#protocol)) Equivalent to the [`-protocol` command-line + flag](#_protocol). + +- `reap` This controls Consul's automatic reaping of child processes, + which is useful if Consul is running as PID 1 in a Docker container. If this isn't + specified, then Consul will automatically reap child processes if it detects it + is running as PID 1. If this is set to true or false, then it controls reaping + regardless of Consul's PID (forces reaping on or off, respectively). This option + was removed in Consul 0.7.1. For later versions of Consul, you will need to reap + processes using a wrapper, please see the [Consul Docker image entry point script](https://github.com/hashicorp/docker-consul/blob/master/0.X/docker-entrypoint.sh) + for an example. If you are using Docker 1.13.0 or later, you can use the new `--init` + option of the `docker run` command and docker will enable an init process with + PID 1 that reaps child processes for the container. More info on [Docker docs](https://docs.docker.com/engine/reference/commandline/run/#options). + +- `reconnect_timeout` This controls how long it + takes for a failed node to be completely removed from the cluster. This defaults + to 72 hours and it is recommended that this is set to at least double the maximum + expected recoverable outage time for a node or network partition. WARNING: Setting + this time too low could cause Consul servers to be removed from quorum during an + extended node failure or partition, which could complicate recovery of the cluster. + The value is a time with a unit suffix, which can be "s", "m", "h" for seconds, + minutes, or hours. The value must be >= 8 hours. + +- `reconnect_timeout_wan` This is the WAN equivalent + of the [`reconnect_timeout`](#reconnect_timeout) parameter, which controls + how long it takes for a failed server to be completely removed from the WAN pool. + This also defaults to 72 hours, and must be >= 8 hours. + +- `recursors` This flag provides addresses of upstream DNS + servers that are used to recursively resolve queries if they are not inside the + service domain for Consul. For example, a node can use Consul directly as a DNS + server, and if the record is outside of the "consul." domain, the query will be + resolved upstream. As of Consul 1.0.1 recursors can be provided as IP addresses + or as go-sockaddr templates. IP addresses are resolved in order, and duplicates + are ignored. + +- `rpc` configuration for Consul servers. + + - `enable_streaming` ((#rpc_enable_streaming)) defaults to true. If set to false it will disable + the gRPC subscribe endpoint on a Consul Server. All + servers in all federated datacenters must have this enabled before any client can use + [`use_streaming_backend`](#use_streaming_backend). + +- `segment` - Equivalent to the [`-segment` command-line flag](#_segment). + + ~> **Warning:** The `segment` option cannot be used with the [`partition`](#partition-1) option. + +- `segments` - (Server agents only) This is a list of nested objects + that specifies user-defined network segments, not including the `` segment, which is + created automatically. Review the [Network Segments documentation](/docs/enterprise/network-segments) + for more details. + + - `name` ((#segment_name)) - The name of the segment. Must be a string + between 1 and 64 characters in length. + - `bind` ((#segment_bind)) - The bind address to use for the segment's + gossip layer. Defaults to the [`-bind`](#_bind) value if not provided. + - `port` ((#segment_port)) - The port to use for the segment's gossip + layer (required). + - `advertise` ((#segment_advertise)) - The advertise address to use for + the segment's gossip layer. Defaults to the [`-advertise`](#_advertise) value + if not provided. + - `rpc_listener` ((#segment_rpc_listener)) - If true, a separate RPC + listener will be started on this segment's [`-bind`](#_bind) address on the rpc + port. Only valid if the segment's bind address differs from the [`-bind`](#_bind) + address. Defaults to false. + +- `server` Equivalent to the [`-server` command-line flag](#_server). + +- `non_voting_server` - **This field is deprecated in Consul 1.9.1. See the [`read_replica`](#read_replica) field instead.** + +- `read_replica` - Equivalent to the [`-read-replica` command-line flag](#_read_replica). + +- `session_ttl_min` The minimum allowed session TTL. This ensures sessions are not created with TTL's + shorter than the specified limit. It is recommended to keep this limit at or above + the default to encourage clients to send infrequent heartbeats. Defaults to 10s. + +- `skip_leave_on_interrupt` This is similar + to [`leave_on_terminate`](#leave_on_terminate) but only affects interrupt handling. + When Consul receives an interrupt signal (such as hitting Control-C in a terminal), + Consul will gracefully leave the cluster. Setting this to `true` disables that + behavior. The default behavior for this feature varies based on whether or not + the agent is running as a client or a server (prior to Consul 0.7 the default value + was unconditionally set to `false`). On agents in client-mode, this defaults to + `false` and for agents in server-mode, this defaults to `true` (i.e. Ctrl-C on + a server will keep the server in the cluster and therefore quorum, and Ctrl-C on + a client will gracefully leave). + +- `translate_wan_addrs` If set to true, Consul + will prefer a node's configured [WAN address](#_advertise-wan) + when servicing DNS and HTTP requests for a node in a remote datacenter. This allows + the node to be reached within its own datacenter using its local address, and reached + from other datacenters using its WAN address, which is useful in hybrid setups + with mixed networks. This is disabled by default. + + Starting in Consul 0.7 and later, node addresses in responses to HTTP requests will also prefer a + node's configured [WAN address](#_advertise-wan) when querying for a node in a remote + datacenter. An [`X-Consul-Translate-Addresses`](/api#translated-addresses) header + will be present on all responses when translation is enabled to help clients know that the addresses + may be translated. The `TaggedAddresses` field in responses also have a `lan` address for clients that + need knowledge of that address, regardless of translation. + + The following endpoints translate addresses: + + - [`/v1/catalog/nodes`](/api/catalog#list-nodes) + - [`/v1/catalog/node/`](/api/catalog#retrieve-map-of-services-for-a-node) + - [`/v1/catalog/service/`](/api/catalog#list-nodes-for-service) + - [`/v1/health/service/`](/api/health#list-nodes-for-service) + - [`/v1/query//execute`](/api/query#execute-prepared-query) + +- `unix_sockets` - This allows tuning the ownership and + permissions of the Unix domain socket files created by Consul. Domain sockets are + only used if the HTTP address is configured with the `unix://` prefix. + + It is important to note that this option may have different effects on + different operating systems. Linux generally observes socket file permissions + while many BSD variants ignore permissions on the socket file itself. It is + important to test this feature on your specific distribution. This feature is + currently not functional on Windows hosts. + + The following options are valid within this construct and apply globally to all + sockets created by Consul: + + - `user` - The name or ID of the user who will own the socket file. + - `group` - The group ID ownership of the socket file. This option + currently only supports numeric IDs. + - `mode` - The permission bits to set on the file. + +- `use_streaming_backend` defaults to true. When enabled Consul client agents will use + streaming rpc, instead of the traditional blocking queries, for endpoints which support + streaming. All servers must have [`rpc.enable_streaming`](#rpc_enable_streaming) + enabled before any client can enable `use_streaming_backend`. + +- `watches` - Watches is a list of watch specifications which + allow an external process to be automatically invoked when a particular data view + is updated. See the [watch documentation](/docs/agent/watches) for more detail. + Watches can be modified when the configuration is reloaded. + +## ACL Paramters + +- `acl` ((#acl)) - This object allows a number of sub-keys to be set which + controls the ACL system. Configuring the ACL system within the ACL stanza was added + in Consul 1.4.0 + + The following sub-keys are available: + + - `enabled` ((#acl_enabled)) - Enables ACLs. + + - `policy_ttl` ((#acl_policy_ttl)) - Used to control Time-To-Live caching + of ACL policies. By default, this is 30 seconds. This setting has a major performance + impact: reducing it will cause more frequent refreshes while increasing it reduces + the number of refreshes. However, because the caches are not actively invalidated, + ACL policy may be stale up to the TTL value. + + - `role_ttl` ((#acl_role_ttl)) - Used to control Time-To-Live caching + of ACL roles. By default, this is 30 seconds. This setting has a major performance + impact: reducing it will cause more frequent refreshes while increasing it reduces + the number of refreshes. However, because the caches are not actively invalidated, + ACL role may be stale up to the TTL value. + + - `token_ttl` ((#acl_token_ttl)) - Used to control Time-To-Live caching + of ACL tokens. By default, this is 30 seconds. This setting has a major performance + impact: reducing it will cause more frequent refreshes while increasing it reduces + the number of refreshes. However, because the caches are not actively invalidated, + ACL token may be stale up to the TTL value. + + - `down_policy` ((#acl_down_policy)) - Either "allow", "deny", "extend-cache" + or "async-cache"; "extend-cache" is the default. In the case that a policy or + token cannot be read from the [`primary_datacenter`](#primary_datacenter) or + leader node, the down policy is applied. In "allow" mode, all actions are permitted, + "deny" restricts all operations, and "extend-cache" allows any cached objects + to be used, ignoring the expiry time of the cached entry. If the request uses an + ACL that is not in the cache, "extend-cache" falls back to the behaviour of + `default_policy`. + The value "async-cache" acts the same way as "extend-cache" + but performs updates asynchronously when ACL is present but its TTL is expired, + thus, if latency is bad between the primary and secondary datacenters, latency + of operations is not impacted. + + - `default_policy` ((#acl_default_policy)) - Either "allow" or "deny"; + defaults to "allow" but this will be changed in a future major release. The default + policy controls the behavior of a token when there is no matching rule. In "allow" + mode, ACLs are a denylist: any operation not specifically prohibited is allowed. + In "deny" mode, ACLs are an allowlist: any operation not specifically + allowed is blocked. **Note**: this will not take effect until you've enabled ACLs. + + - `enable_key_list_policy` ((#acl_enable_key_list_policy)) - Boolean value, defaults to false. + When true, the `list` permission will be required on the prefix being recursively read from the KV store. + Regardless of being enabled, the full set of KV entries under the prefix will be filtered + to remove any entries that the request's ACL token does not grant at least read + permissions. This option is only available in Consul 1.0 and newer. + + - `enable_token_replication` ((#acl_enable_token_replication)) - By default + secondary Consul datacenters will perform replication of only ACL policies and + roles. Setting this configuration will will enable ACL token replication and + allow for the creation of both [local tokens](/api/acl/tokens#local) and + [auth methods](/docs/acl/auth-methods) in connected secondary datacenters. + + ~> **Warning:** When enabling ACL token replication on the secondary datacenter, + global tokens already present in the secondary datacenter will be lost. For + production environments, consider configuring ACL replication in your initial + datacenter bootstrapping process. + + - `enable_token_persistence` ((#acl_enable_token_persistence)) - Either + `true` or `false`. When `true` tokens set using the API will be persisted to + disk and reloaded when an agent restarts. + + - `tokens` ((#acl_tokens)) - This object holds all of the configured + ACL tokens for the agents usage. + + - `initial_management` ((#acl_tokens_initial_management)) - This is available in + Consul 1.11 and later. In prior versions, use [`acl.tokens.master`](#acl_tokens_master). + + Only used for servers in the [`primary_datacenter`](#primary_datacenter). + This token will be created with management-level permissions if it does not exist. + It allows operators to bootstrap the ACL system with a token Secret ID that is + well-known. + + The `initial_management` token is only installed when a server acquires cluster + leadership. If you would like to install or change it, set the new value for + `initial_management` in the configuration for all servers. Once this is done, + restart the current leader to force a leader election. If the `initial_management` + token is not supplied, then the servers do not create an initial management token. + When you provide a value, it should be a UUID. To maintain backwards compatibility + and an upgrade path this restriction is not currently enforced but will be in a + future major Consul release. + + - `master` ((#acl_tokens_master)) **Renamed in Consul 1.11 to + [`acl.tokens.initial_management`](#acl_tokens_initial_management).** + + - `default` ((#acl_tokens_default)) - When provided, the agent will + use this token when making requests to the Consul servers. Clients can override + this token on a per-request basis by providing the "?token" query parameter. + When not provided, the empty token, which maps to the 'anonymous' ACL token, + is used. + + - `agent` ((#acl_tokens_agent)) - Used for clients and servers to perform + internal operations. If this isn't specified, then the + [`default`](#acl_tokens_default) will be used. + + This token must at least have write access to the node name it will + register as in order to set any of the node-level information in the + catalog such as metadata, or the node's tagged addresses. + + - `agent_recovery` ((#acl_tokens_agent_recovery)) - This is available in Consul 1.11 + and later. In prior versions, use [`acl.tokens.agent_master`](#acl_tokens_agent_master). + + Used to access [agent endpoints](/api/agent) that require agent read or write privileges, + or node read privileges, even if Consul servers aren't present to validate any tokens. + This should only be used by operators during outages, regular ACL tokens should normally + be used by applications. + + - `agent_master` ((#acl_tokens_agent_master)) **Renamed in Consul 1.11 to + [`acl.tokens.agent_recovery`](#acl_tokens_agent_recovery).** + + - `replication` ((#acl_tokens_replication)) - The ACL token used to + authorize secondary datacenters with the primary datacenter for replication + operations. This token is required for servers outside the [`primary_datacenter`](#primary_datacenter) when ACLs are enabled. This token may be provided later using the [agent token API](/api/agent#update-acl-tokens) on each server. This token must have at least "read" permissions on ACL data but if ACL token replication is enabled then it must have "write" permissions. This also enables Connect replication, for which the token will require both operator "write" and intention "read" permissions for replicating CA and Intention data. + + ~> **Warning:** When enabling ACL token replication on the secondary datacenter, + policies and roles already present in the secondary datacenter will be lost. For + production environments, consider configuring ACL replication in your initial + datacenter bootstrapping process. + + - `managed_service_provider` ((#acl_tokens_managed_service_provider)) - An + array of ACL tokens used by Consul managed service providers for cluster operations. + + ```json + "managed_service_provider": [ + { + "accessor_id": "ed22003b-0832-4e48-ac65-31de64e5c2ff", + "secret_id": "cb6be010-bba8-4f30-a9ed-d347128dde17" + } + ] + ``` + +- `acl_datacenter` - **This field is deprecated in Consul 1.4.0. See the [`primary_datacenter`](#primary_datacenter) field instead.** + + This designates the datacenter which is authoritative for ACL information. It must be provided to enable ACLs. All servers and datacenters must agree on the ACL datacenter. Setting it on the servers is all you need for cluster-level enforcement, but for the APIs to forward properly from the clients, + it must be set on them too. In Consul 0.8 and later, this also enables agent-level enforcement + of ACLs. Please review the [ACL tutorial](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production) for more details. + +- `acl_default_policy` ((#acl_default_policy_legacy)) - **Deprecated in Consul 1.4.0. See the [`acl.default_policy`](#acl_default_policy) field instead.** + Either "allow" or "deny"; defaults to "allow". The default policy controls the + behavior of a token when there is no matching rule. In "allow" mode, ACLs are a + denylist: any operation not specifically prohibited is allowed. In "deny" mode, + ACLs are an allowlist: any operation not specifically allowed is blocked. **Note**: + this will not take effect until you've set `primary_datacenter` to enable ACL support. + +- `acl_down_policy` ((#acl_down_policy_legacy)) - **Deprecated in Consul + 1.4.0. See the [`acl.down_policy`](#acl_down_policy) field instead.** Either "allow", + "deny", "extend-cache" or "async-cache"; "extend-cache" is the default. In the + case that the policy for a token cannot be read from the [`primary_datacenter`](#primary_datacenter) + or leader node, the down policy is applied. In "allow" mode, all actions are permitted, + "deny" restricts all operations, and "extend-cache" allows any cached ACLs to be + used, ignoring their TTL values. If a non-cached ACL is used, "extend-cache" acts + like "deny". The value "async-cache" acts the same way as "extend-cache" but performs + updates asynchronously when ACL is present but its TTL is expired, thus, if latency + is bad between ACL authoritative and other datacenters, latency of operations is + not impacted. + +- `acl_agent_master_token` ((#acl_agent_master_token_legacy)) - **Deprecated + in Consul 1.4.0. See the [`acl.tokens.agent_master`](#acl_tokens_agent_master) + field instead.** Used to access [agent endpoints](/api/agent) that + require agent read or write privileges, or node read privileges, even if Consul + servers aren't present to validate any tokens. This should only be used by operators + during outages, regular ACL tokens should normally be used by applications. This + was added in Consul 0.7.2 and is only used when [`acl_enforce_version_8`](#acl_enforce_version_8) is set to true. + +- `acl_agent_token` ((#acl_agent_token_legacy)) - **Deprecated in Consul + 1.4.0. See the [`acl.tokens.agent`](#acl_tokens_agent) field instead.** Used for + clients and servers to perform internal operations. If this isn't specified, then + the [`acl_token`](#acl_token) will be used. This was added in Consul 0.7.2. + + This token must at least have write access to the node name it will register as in order to set any + of the node-level information in the catalog such as metadata, or the node's tagged addresses. + +- `acl_enforce_version_8` - **Deprecated in + Consul 1.4.0 and removed in 1.8.0.** Used for clients and servers to determine if enforcement should + occur for new ACL policies being previewed before Consul 0.8. Added in Consul 0.7.2, + this defaults to false in versions of Consul prior to 0.8, and defaults to true + in Consul 0.8 and later. This helps ease the transition to the new ACL features + by allowing policies to be in place before enforcement begins. + +- `acl_master_token` ((#acl_master_token_legacy)) - **Deprecated in Consul + 1.4.0. See the [`acl.tokens.master`](#acl_tokens_master) field instead.** + +- `acl_replication_token` ((#acl_replication_token_legacy)) - **Deprecated + in Consul 1.4.0. See the [`acl.tokens.replication`](#acl_tokens_replication) field + instead.** Only used for servers outside the [`primary_datacenter`](#primary_datacenter) + running Consul 0.7 or later. When provided, this will enable [ACL replication](https://learn.hashicorp.com/tutorials/consul/access-control-replication-multiple-datacenters) + using this ACL replication using this token to retrieve and replicate the ACLs + to the non-authoritative local datacenter. In Consul 0.9.1 and later you can enable + ACL replication using [`acl.enable_token_replication`](#acl_enable_token_replication) and then + set the token later using the [agent token API](/api/agent#update-acl-tokens) + on each server. If the `acl_replication_token` is set in the config, it will automatically + set [`acl.enable_token_replication`](#acl_enable_token_replication) to true for backward compatibility. + + If there's a partition or other outage affecting the authoritative datacenter, and the + [`acl_down_policy`](/docs/agent/options#acl_down_policy) is set to "extend-cache", tokens not + in the cache can be resolved during the outage using the replicated set of ACLs. + +- `acl_token` ((#acl_token_legacy)) - **Deprecated in Consul 1.4.0. See + the [`acl.tokens.default`](#acl_tokens_default) field instead.** When provided, + the agent will use this token when making requests to the Consul servers. Clients + can override this token on a per-request basis by providing the "?token" query + parameter. When not provided, the empty token, which maps to the 'anonymous' ACL + policy, is used. + +- `acl_ttl` ((#acl_ttl_legacy)) - **Deprecated in Consul 1.4.0. See the + [`acl.token_ttl`](#acl_token_ttl) field instead.**Used to control Time-To-Live + caching of ACLs. By default, this is 30 seconds. This setting has a major performance + impact: reducing it will cause more frequent refreshes while increasing it reduces + the number of refreshes. However, because the caches are not actively invalidated, + ACL policy may be stale up to the TTL value. + +- `enable_acl_replication` **Deprecated in Consul 1.11. Use the [`acl.enable_token_replication`](#acl_enable_token_replication) field instead.** + When set on a Consul server, enables ACL replication without having to set + the replication token via [`acl_replication_token`](#acl_replication_token). Instead, enable ACL replication + and then introduce the token using the [agent token API](/api/agent#update-acl-tokens) on each server. + See [`acl_replication_token`](#acl_replication_token) for more details. + + ~> **Warning:** When enabling ACL token replication on the secondary datacenter, + policies and roles already present in the secondary datacenter will be lost. For + production environments, consider configuring ACL replication in your initial + datacenter bootstrapping process. + +## Advertise Address Parameters + +- `advertise_addr` Equivalent to the [`-advertise` command-line flag](#_advertise). + +- `advertise_addr_ipv4` This was added together with [`advertise_addr_ipv6`](#advertise_addr_ipv6) to support dual stack IPv4/IPv6 environments. Using this, both IPv4 and IPv6 addresses can be specified and requested during eg service discovery. + +- `advertise_addr_ipv6` This was added together with [`advertise_addr_ipv4`](#advertise_addr_ipv4) to support dual stack IPv4/IPv6 environments. Using this, both IPv4 and IPv6 addresses can be specified and requested during eg service discovery. + +- `advertise_addr_wan` Equivalent to the [`-advertise-wan` command-line flag](#_advertise-wan). + +- `advertise_addr_wan_ipv4` This was added together with [`advertise_addr_wan_ipv6`](#advertise_addr_wan_ipv6) to support dual stack IPv4/IPv6 environments. Using this, both IPv4 and IPv6 addresses can be specified and requested during eg service discovery. + +- `advertise_addr_wan_ipv6` This was added together with [`advertise_addr_wan_ipv4`](#advertise_addr_wan_ipv4) to support dual stack IPv4/IPv6 environments. Using this, both IPv4 and IPv6 addresses can be specified and requested during eg service discovery. + +- `advertise_reconnect_timeout` This is a per-agent setting of the [`reconnect_timeout`](#reconnect_timeout) parameter. + This agent will advertise to all other nodes in the cluster that after this timeout, the node may be completely + removed from the cluster. This may only be set on client agents and if unset then other nodes will use the main + `reconnect_timeout` setting when determining when this node may be removed from the cluster. + +## Bootstrap Parameters + +- `bootstrap` Equivalent to the [`-bootstrap` command-line flag](#_bootstrap). + +- `bootstrap_expect` Equivalent to the [`-bootstrap-expect` command-line flag](#_bootstrap_expect). + +## Connect Parameters + - `connect` This object allows setting options for the Connect feature. The following sub-keys are available: @@ -799,28 +1104,7 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr corresponding to the NIST P-\* curves of the same name. - `private_key_type = rsa`: `2048, 4096` -- `datacenter` Equivalent to the [`-datacenter` command-line flag](#_datacenter). - -- `data_dir` Equivalent to the [`-data-dir` command-line flag](#_data_dir). - -- `disable_anonymous_signature` Disables providing an anonymous - signature for de-duplication with the update check. See [`disable_update_check`](#disable_update_check). - -- `disable_host_node_id` Equivalent to the [`-disable-host-node-id` command-line flag](#_disable_host_node_id). - -- `disable_http_unprintable_char_filter` Defaults to false. Consul 1.0.3 fixed a potential security vulnerability where malicious users could craft KV keys with unprintable chars that would confuse operators using the CLI or UI into taking wrong actions. Users who had data written in older versions of Consul that did not have this restriction will be unable to delete those values by default in 1.0.3 or later. This setting enables those users to **temporarily** disable the filter such that delete operations can work on those keys again to get back to a healthy state. It is strongly recommended that this filter is not disabled permanently as it exposes the original security vulnerability. - -- `disable_remote_exec` Disables support for remote execution. When set to true, the agent will ignore - any incoming remote exec requests. In versions of Consul prior to 0.8, this defaulted - to false. In Consul 0.8 the default was changed to true, to make remote exec opt-in - instead of opt-out. - -- `disable_update_check` Disables automatic checking for security bulletins and new version releases. This is disabled in Consul Enterprise. - -- `discard_check_output` Discards the output of health checks before storing them. This reduces the number of writes to the Consul raft log in environments where health checks have volatile output like timestamps, process ids, ... - -- `discovery_max_stale` - Enables stale requests for all service discovery HTTP endpoints. This is - equivalent to the [`max_stale`](#max_stale) configuration for DNS requests. If this value is zero (default), all service discovery HTTP endpoints are forwarded to the leader. If this value is greater than zero, any Consul server can handle the service discovery request. If a Consul server is behind the leader by more than `discovery_max_stale`, the query will be re-evaluated on the leader to get more up-to-date results. Consul agents also add a new `X-Consul-Effective-Consistency` response header which indicates if the agent did a stale read. `discover-max-stale` was introduced in Consul 1.0.7 as a way for Consul operators to force stale requests from clients at the agent level, and defaults to zero which matches default consistency behavior in earlier Consul versions. +## DNS and Domain Parameters - `dns_config` This object allows a number of sub-keys to be set which can tune how DNS queries are serviced. Check the tutorial on [DNS caching](https://learn.hashicorp.com/tutorials/consul/dns-caching) for more detail. @@ -946,38 +1230,46 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr - `domain` Equivalent to the [`-domain` command-line flag](#_domain). -- `enable_acl_replication` **Deprecated in Consul 1.11. Use the [`acl.enable_token_replication`](#acl_enable_token_replication) field instead.** - When set on a Consul server, enables ACL replication without having to set - the replication token via [`acl_replication_token`](#acl_replication_token). Instead, enable ACL replication - and then introduce the token using the [agent token API](/api/agent#update-acl-tokens) on each server. - See [`acl_replication_token`](#acl_replication_token) for more details. +## Encryption Parameters - ~> **Warning:** When enabling ACL token replication on the secondary datacenter, - policies and roles already present in the secondary datacenter will be lost. For - production environments, consider configuring ACL replication in your initial - datacenter bootstrapping process. +- `auto_encrypt` This object allows setting options for the `auto_encrypt` feature. -- `enable_agent_tls_for_checks` When set, uses a subset of the agent's TLS configuration (`key_file`, - `cert_file`, `ca_file`, `ca_path`, and `server_name`) to set up the client for HTTP or gRPC health checks. This allows services requiring 2-way TLS to be checked using the agent's credentials. This was added in Consul 1.0.1 and defaults to false. + The following sub-keys are available: -- `enable_central_service_config` When set, the Consul agent will look for any - [centralized service configuration](/docs/agent/config-entries) - that match a registering service instance. If it finds any, the agent will merge the centralized defaults with the service instance configuration. This allows for things like service protocol or proxy configuration to be defined centrally and inherited by any affected service registrations. - This defaults to `false` in versions of Consul prior to 1.9.0, and defaults to `true` in Consul 1.9.0 and later. + - `allow_tls` (Defaults to `false`) This option enables + `auto_encrypt` on the servers and allows them to automatically distribute certificates + from the Connect CA to the clients. If enabled, the server can accept incoming + connections from both the built-in CA and the Connect CA, as well as their certificates. + Note, the server will only present the built-in CA and certificate, which the + client can verify using the CA it received from `auto_encrypt` endpoint. If disabled, + a client configured with `auto_encrypt.tls` will be unable to start. -- `enable_debug` When set, enables some additional debugging features. Currently, this is only used to - access runtime profiling HTTP endpoints, which are available with an `operator:read` ACL regardless of the value of `enable_debug`. + - `tls` (Defaults to `false`) Allows the client to request the + Connect CA and certificates from the servers, for encrypting RPC communication. + The client will make the request to any servers listed in the `-join` or `-retry-join` + option. This requires that every server to have `auto_encrypt.allow_tls` enabled. + When both `auto_encrypt` options are used, it allows clients to receive certificates + that are generated on the servers. If the `-server-port` is not the default one, + it has to be provided to the client as well. Usually this is discovered through + LAN gossip, but `auto_encrypt` provision happens before the information can be + distributed through gossip. The most secure `auto_encrypt` setup is when the + client is provided with the built-in CA, `verify_server_hostname` is turned on, + and when an ACL token with `node.write` permissions is setup. It is also possible + to use `auto_encrypt` with a CA and ACL, but without `verify_server_hostname`, + or only with a ACL enabled, or only with CA and `verify_server_hostname`, or + only with a CA, or finally without a CA and without ACL enabled. In any case, + the communication to the `auto_encrypt` endpoint is always TLS encrypted. -- `enable_script_checks` Equivalent to the [`-enable-script-checks` command-line flag](#_enable_script_checks). + ~> **Warning:** Enabling `auto_encrypt.tls` conflicts with the [`auto_config`](#auto_config) feature. + Only one option may be specified. - ACLs must be enabled for agents and the `enable_script_checks` option must be set to `true` to enable script checks in Consul 0.9.0 and later. See [Registering and Querying Node Information](/docs/security/acl/acl-rules#registering-and-querying-node-information) for related information. + - `dns_san` (Defaults to `[]`) When this option is being + used, the certificates requested by `auto_encrypt` from the server have these + `dns_san` set as DNS SAN. - ~> **Security Warning:** Enabling script checks in some configurations may introduce a known remote execution vulnerability targeted by malware. We strongly recommend `enable_local_script_checks` instead. Refer to the following article for additional guidance: [_Protecting Consul from RCE Risk in Specific Configurations_](https://www.hashicorp.com/blog/protecting-consul-from-rce-risk-in-specific-configurations) - for more details. - -- `enable_local_script_checks` Equivalent to the [`-enable-local-script-checks` command-line flag](#_enable_local_script_checks). - -- `enable_syslog` Equivalent to the [`-syslog` command-line flag](#_syslog). + - `ip_san` (Defaults to `[]`) When this option is being used, + the certificates requested by `auto_encrypt` from the server have these `ip_san` + set as IP SAN. - `encrypt` Equivalent to the [`-encrypt` command-line flag](#_encrypt). @@ -993,12 +1285,7 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr See [this section](/docs/agent/encryption#configuring-gossip-encryption-on-an-existing-cluster) for more information. Defaults to true. -- `disable_keyring_file` - Equivalent to the - [`-disable-keyring-file` command-line flag](#_disable_keyring_file). - -- `disable_coordinates` - Disables sending of [network coordinates](/docs/architecture/coordinates). - When network coordinates are disabled the `near` query param will not work to sort the nodes, - and the [`consul rtt`](/commands/rtt) command will not be able to provide round trip time between nodes. +## Gossip Parameters - `gossip_lan` - **(Advanced)** This object contains a number of sub-keys which can be set to tune the LAN gossip communications. These @@ -1084,59 +1371,27 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr part of the cluster before declaring it dead, giving that suspect node more time to refute if it is indeed still alive. The default is 6. -- `http_config` This object allows setting options for the HTTP API and UI. +## Join Parameters - The following sub-keys are available: +- `rejoin_after_leave` Equivalent to the [`-rejoin` command-line flag](#_rejoin). - - `block_endpoints` - This object is a list of HTTP API endpoint prefixes to block on the agent, and - defaults to an empty list, meaning all endpoints are enabled. Any endpoint that - has a common prefix with one of the entries on this list will be blocked and - will return a 403 response code when accessed. For example, to block all of the - V1 ACL endpoints, set this to `["/v1/acl"]`, which will block `/v1/acl/create`, - `/v1/acl/update`, and the other ACL endpoints that begin with `/v1/acl`. This - only works with API endpoints, not `/ui` or `/debug`, those must be disabled - with their respective configuration options. Any CLI commands that use disabled - endpoints will no longer function as well. For more general access control, Consul's - [ACL system](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production) - should be used, but this option is useful for removing access to HTTP API endpoints - completely, or on specific agents. This is available in Consul 0.9.0 and later. +- `retry_join` - Equivalent to the [`-retry-join`](#retry-join) command-line flag. - - `response_headers` This object allows adding headers to the HTTP API and UI responses. For example, the following config can be used to enable [CORS](https://en.wikipedia.org/wiki/Cross-origin_resource_sharing) on the HTTP API endpoints: +- `retry_interval` Equivalent to the [`-retry-interval` command-line flag](#_retry_interval). - ```json - { - "http_config": { - "response_headers": { - "Access-Control-Allow-Origin": "*" - } - } - } - ``` +- `retry_join_wan` Equivalent to the [`-retry-join-wan` command-line flag](#_retry_join_wan). Takes a list of addresses to attempt joining to WAN every [`retry_interval_wan`](#_retry_interval_wan) until at least one join works. - - `allow_write_http_from` This object is a list of networks in CIDR notation (eg "127.0.0.0/8") that are allowed to call the agent write endpoints. It defaults to an empty list, which means all networks are allowed. This is used to make the agent read-only, except for select ip ranges. - To block write calls from anywhere, use `[ "255.255.255.255/32" ]`. - To only allow write calls from localhost, use `[ "127.0.0.0/8" ]` - To only allow specific IPs, use `[ "10.0.0.1/32", "10.0.0.2/32" ]` +- `retry_interval_wan` Equivalent to the [`-retry-interval-wan` command-line flag](#_retry_interval_wan). - - `use_cache` ((#http_config_use_cache)) Defaults to true. If disabled, the agent won't be using [agent caching](/api/features/caching) to answer the request. Even when the url parameter is provided. +- `start_join` An array of strings specifying addresses + of nodes to [`-join`](#_join) upon startup. Note that using + `retry_join` could be more appropriate to help mitigate + node startup race conditions when automating a Consul cluster deployment. - - `max_header_bytes` This setting controls the maximum number of bytes the consul http server will read parsing the request header's keys and values, including the request line. It does not limit the size of the request body. If zero, or negative, http.DefaultMaxHeaderBytes is used, which equates to 1 Megabyte. +- `start_join_wan` An array of strings specifying addresses + of WAN nodes to [`-join-wan`](#_join_wan) upon startup. -- `leave_on_terminate` If enabled, when the agent receives a TERM signal, it will send a `Leave` message to the rest of the cluster and gracefully leave. The default behavior for this feature varies based on whether or not the agent is running as a client or a server (prior to Consul 0.7 the default value was unconditionally set to `false`). On agents in client-mode, this defaults to `true` and for agents in server-mode, this defaults to `false`. - -- `license_path` This specifies the path to a file that contains the Consul Enterprise license. Alternatively the license may also be specified in either the `CONSUL_LICENSE` or `CONSUL_LICENSE_PATH` environment variables. See the [licensing documentation](/docs/enterprise/license/overview) for more information about Consul Enterprise license management. Added in versions 1.10.0, 1.9.7 and 1.8.13. Prior to version 1.10.0 the value may be set for all agents to facilitate forwards compatibility with 1.10 but will only actually be used by client agents. - -- `limits` Available in Consul 0.9.3 and later, this is a nested - object that configures limits that are enforced by the agent. Prior to Consul 1.5.2, - this only applied to agents in client mode, not Consul servers. The following parameters - are available: - - - `http_max_conns_per_client` - Configures a limit of how many concurrent TCP connections a single client IP address is allowed to open to the agent's HTTP(S) server. This affects the HTTP(S) servers in both client and server agents. Default value is `200`. - - `https_handshake_timeout` - Configures the limit for how long the HTTPS server in both client and server agents will wait for a client to complete a TLS handshake. This should be kept conservative as it limits how many connections an unauthenticated attacker can open if `verify_incoming` is being using to authenticate clients (strongly recommended in production). Default value is `5s`. - - `rpc_handshake_timeout` - Configures the limit for how long servers will wait after a client TCP connection is established before they complete the connection handshake. When TLS is used, the same timeout applies to the TLS handshake separately from the initial protocol negotiation. All Consul clients should perform this immediately on establishing a new connection. This should be kept conservative as it limits how many connections an unauthenticated attacker can open if `verify_incoming` is being using to authenticate clients (strongly recommended in production). When `verify_incoming` is true on servers, this limits how long the connection socket and associated goroutines will be held open before the client successfully authenticates. Default value is `5s`. - - `rpc_max_conns_per_client` - Configures a limit of how many concurrent TCP connections a single source IP address is allowed to open to a single server. It affects both clients connections and other server connections. In general Consul clients multiplex many RPC calls over a single TCP connection so this can typically be kept low. It needs to be more than one though since servers open at least one additional connection for raft RPC, possibly more for WAN federation when using network areas, and snapshot requests from clients run over a separate TCP conn. A reasonably low limit significantly reduces the ability of an unauthenticated attacker to consume unbounded resources by holding open many connections. You may need to increase this if WAN federated servers connect via proxies or NAT gateways or similar causing many legitimate connections from a single source IP. Default value is `100` which is designed to be extremely conservative to limit issues with certain deployment patterns. Most deployments can probably reduce this safely. 100 connections on modern server hardware should not cause a significant impact on resource usage from an unauthenticated attacker though. - - `rpc_rate` - Configures the RPC rate limiter on Consul _clients_ by setting the maximum request rate that this agent is allowed to make for RPC requests to Consul servers, in requests per second. Defaults to infinite, which disables rate limiting. - - `rpc_max_burst` - The size of the token bucket used to recharge the RPC rate limiter on Consul _clients_. Defaults to 1000 tokens, and each token is good for a single RPC call to a Consul server. See https://en.wikipedia.org/wiki/Token_bucket for more details about how token bucket rate limiters operate. - - `kv_max_value_size` - **(Advanced)** Configures the maximum number of bytes for a kv request body to the [`/v1/kv`](/api/kv) endpoint. This limit defaults to [raft's](https://github.com/hashicorp/raft) suggested max size (512KB). **Note that tuning these improperly can cause Consul to fail in unexpected ways**, it may potentially affect leadership stability and prevent timely heartbeat signals by increasing RPC IO duration. This option affects the txn endpoint too, but Consul 1.7.2 introduced `txn_max_req_len` which is the preferred way to set the limit for the txn endpoint. If both limits are set, the higher one takes precedence. - - `txn_max_req_len` - **(Advanced)** Configures the maximum number of bytes for a transaction request body to the [`/v1/txn`](/api/txn) endpoint. This limit defaults to [raft's](https://github.com/hashicorp/raft) suggested max size (512KB). **Note that tuning these improperly can cause Consul to fail in unexpected ways**, it may potentially affect leadership stability and prevent timely heartbeat signals by increasing RPC IO duration. +## Log Parameters - `log_file` Equivalent to the [`-log-file` command-line flag](#_log_file). @@ -1150,9 +1405,13 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr - `log_json` Equivalent to the [`-log-json` command-line flag](#_log_json). -- `default_query_time` Equivalent to the [`-default-query-time` command-line flag](#_default_query_time). +- `enable_syslog` Equivalent to the [`-syslog` command-line flag](#_syslog). -- `max_query_time` Equivalent to the [`-max-query-time` command-line flag](#_max_query_time). +- `syslog_facility` When [`enable_syslog`](#enable_syslog) + is provided, this controls to which facility messages are sent. By default, `LOCAL0` + will be used. + +## Node Parameters - `node_id` Equivalent to the [`-node-id` command-line flag](#_node_id). @@ -1168,97 +1427,9 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr } ``` -- `partition` - This flag is used to set - the name of the admin partition the agent belongs to. An agent can only join - and communicate with other agents within its admin partition. Review the - [Admin Partitions documentation](/docs/enterprise/admin-partitions) for more - details. By default, this is an empty string, which is the `default` admin - partition. This cannot be set on a server agent. +- `disable_host_node_id` Equivalent to the [`-disable-host-node-id` command-line flag](#_disable_host_node_id). - ~> **Warning:** The `partition` option cannot be used either the - [`segment`](#segment-2) option or [`-segment`](#_segment) flag. - -- `performance` Available in Consul 0.7 and later, this is a nested object that allows tuning the performance of different subsystems in Consul. See the [Server Performance](/docs/install/performance) documentation for more details. The following parameters are available: - - - `leave_drain_time` - A duration that a server will dwell during a graceful leave in order to allow requests to be retried against other Consul servers. Under normal circumstances, this can prevent clients from experiencing "no leader" errors when performing a rolling update of the Consul servers. This was added in Consul 1.0. Must be a duration value such as 10s. Defaults to 5s. - - - `raft_multiplier` - An integer multiplier used by Consul servers to scale key Raft timing parameters. Omitting this value or setting it to 0 uses default timing described below. Lower values are used to tighten timing and increase sensitivity while higher values relax timings and reduce sensitivity. Tuning this affects the time it takes Consul to detect leader failures and to perform leader elections, at the expense of requiring more network and CPU resources for better performance. - - By default, Consul will use a lower-performance timing that's suitable - for [minimal Consul servers](/docs/install/performance#minimum), currently equivalent - to setting this to a value of 5 (this default may be changed in future versions of Consul, - depending if the target minimum server profile changes). Setting this to a value of 1 will - configure Raft to its highest-performance mode, equivalent to the default timing of Consul - prior to 0.7, and is recommended for [production Consul servers](/docs/install/performance#production). - - See the note on [last contact](/docs/install/performance#production-server-requirements) timing for more - details on tuning this parameter. The maximum allowed value is 10. - - - `rpc_hold_timeout` - A duration that a client - or server will retry internal RPC requests during leader elections. Under normal - circumstances, this can prevent clients from experiencing "no leader" errors. - This was added in Consul 1.0. Must be a duration value such as 10s. Defaults - to 7s. - -- `pid_file` Equivalent to the [`-pid-file` command line flag](#_pid_file). - -- `ports` This is a nested object that allows setting the bind ports for the following keys: - - - `dns` ((#dns_port)) - The DNS server, -1 to disable. Default 8600. - TCP and UDP. - - `http` ((#http_port)) - The HTTP API, -1 to disable. Default 8500. - TCP only. - - `https` ((#https_port)) - The HTTPS API, -1 to disable. Default -1 - (disabled). **We recommend using `8501`** for `https` by convention as some tooling - will work automatically with this. - - `grpc` ((#grpc_port)) - The gRPC API, -1 to disable. Default -1 (disabled). - **We recommend using `8502`** for `grpc` by convention as some tooling will work - automatically with this. This is set to `8502` by default when the agent runs - in `-dev` mode. Currently gRPC is only used to expose Envoy xDS API to Envoy - proxies. - - `serf_lan` ((#serf_lan_port)) - The Serf LAN port. Default 8301. TCP - and UDP. Equivalent to the [`-serf-lan-port` command line flag](#_serf_lan_port). - - `serf_wan` ((#serf_wan_port)) - The Serf WAN port. Default 8302. - Equivalent to the [`-serf-wan-port` command line flag](#_serf_wan_port). Set - to -1 to disable. **Note**: this will disable WAN federation which is not recommended. - Various catalog and WAN related endpoints will return errors or empty results. - TCP and UDP. - - `server` ((#server_rpc_port)) - Server RPC address. Default 8300. TCP - only. - - `sidecar_min_port` ((#sidecar_min_port)) - Inclusive minimum port number - to use for automatically assigned [sidecar service registrations](/docs/connect/registration/sidecar-service). - Default 21000. Set to `0` to disable automatic port assignment. - - `sidecar_max_port` ((#sidecar_max_port)) - Inclusive maximum port number - to use for automatically assigned [sidecar service registrations](/docs/connect/registration/sidecar-service). - Default 21255. Set to `0` to disable automatic port assignment. - - `expose_min_port` ((#expose_min_port)) - Inclusive minimum port number - to use for automatically assigned [exposed check listeners](/docs/connect/registration/service-registration#expose-paths-configuration-reference). - Default 21500. Set to `0` to disable automatic port assignment. - - `expose_max_port` ((#expose_max_port)) - Inclusive maximum port number - to use for automatically assigned [exposed check listeners](/docs/connect/registration/service-registration#expose-paths-configuration-reference). - Default 21755. Set to `0` to disable automatic port assignment. - -- `primary_datacenter` - This designates the datacenter - which is authoritative for ACL information, intentions and is the root Certificate - Authority for Connect. It must be provided to enable ACLs. All servers and datacenters - must agree on the primary datacenter. Setting it on the servers is all you need - for cluster-level enforcement, but for the APIs to forward properly from the clients, - it must be set on them too. In Consul 0.8 and later, this also enables agent-level - enforcement of ACLs. - -- `primary_gateways` Equivalent to the [`-primary-gateway` - command-line flag](#_primary_gateway). Takes a list of addresses to use as the - mesh gateways for the primary datacenter when authoritative replicated catalog - data is not present. Discovery happens every [`primary_gateways_interval`](#primary_gateways_interval) - until at least one primary mesh gateway is discovered. This was added in Consul - 1.8.0. - -- `primary_gateways_interval` Time to wait - between [`primary_gateways`](#primary_gateways) discovery attempts. Defaults to - 30s. This was added in Consul 1.8.0. - -- `protocol` ((#protocol)) Equivalent to the [`-protocol` command-line - flag](#_protocol). +## Raft Parameters - `raft_boltdb` ((#raft_boltdb)) This is a nested object that allows configuring options for Raft's BoltDB based log store. @@ -1318,107 +1489,18 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr server a `SIGHUP` to allow recovery without downtime when followers can't keep up. -- `reap` This controls Consul's automatic reaping of child processes, - which is useful if Consul is running as PID 1 in a Docker container. If this isn't - specified, then Consul will automatically reap child processes if it detects it - is running as PID 1. If this is set to true or false, then it controls reaping - regardless of Consul's PID (forces reaping on or off, respectively). This option - was removed in Consul 0.7.1. For later versions of Consul, you will need to reap - processes using a wrapper, please see the [Consul Docker image entry point script](https://github.com/hashicorp/docker-consul/blob/master/0.X/docker-entrypoint.sh) - for an example. If you are using Docker 1.13.0 or later, you can use the new `--init` - option of the `docker run` command and docker will enable an init process with - PID 1 that reaps child processes for the container. More info on [Docker docs](https://docs.docker.com/engine/reference/commandline/run/#options). +## Serf Parameters -- `reconnect_timeout` This controls how long it - takes for a failed node to be completely removed from the cluster. This defaults - to 72 hours and it is recommended that this is set to at least double the maximum - expected recoverable outage time for a node or network partition. WARNING: Setting - this time too low could cause Consul servers to be removed from quorum during an - extended node failure or partition, which could complicate recovery of the cluster. - The value is a time with a unit suffix, which can be "s", "m", "h" for seconds, - minutes, or hours. The value must be >= 8 hours. +- `serf_lan` ((#serf_lan_bind)) Equivalent to the [`-serf-lan-bind` command-line flag](#_serf_lan_bind). + This is an IP address, not to be confused with [`ports.serf_lan`](#serf_lan_port). -- `reconnect_timeout_wan` This is the WAN equivalent - of the [`reconnect_timeout`](#reconnect_timeout) parameter, which controls - how long it takes for a failed server to be completely removed from the WAN pool. - This also defaults to 72 hours, and must be >= 8 hours. +- `serf_lan_allowed_cidrs` ((#serf_lan_allowed_cidrs)) Equivalent to the [`-serf-lan-allowed-cidrs` command-line flag](#_serf_lan_allowed_cidrs). -- `recursors` This flag provides addresses of upstream DNS - servers that are used to recursively resolve queries if they are not inside the - service domain for Consul. For example, a node can use Consul directly as a DNS - server, and if the record is outside of the "consul." domain, the query will be - resolved upstream. As of Consul 1.0.1 recursors can be provided as IP addresses - or as go-sockaddr templates. IP addresses are resolved in order, and duplicates - are ignored. +- `serf_wan` ((#serf_wan_bind)) Equivalent to the [`-serf-wan-bind` command-line flag](#_serf_wan_bind). -- `rejoin_after_leave` Equivalent to the [`-rejoin` command-line flag](#_rejoin). +- `serf_wan_allowed_cidrs` ((#serf_wan_allowed_cidrs)) Equivalent to the [`-serf-wan-allowed-cidrs` command-line flag](#_serf_wan_allowed_cidrs). -- `retry_join` - Equivalent to the [`-retry-join`](#retry-join) command-line flag. - -- `retry_interval` Equivalent to the [`-retry-interval` command-line flag](#_retry_interval). - -- `retry_join_wan` Equivalent to the [`-retry-join-wan` command-line flag](#_retry_join_wan). Takes a list of addresses to attempt joining to WAN every [`retry_interval_wan`](#_retry_interval_wan) until at least one join works. - -- `retry_interval_wan` Equivalent to the [`-retry-interval-wan` command-line flag](#_retry_interval_wan). - -- `rpc` configuration for Consul servers. - - - `enable_streaming` ((#rpc_enable_streaming)) defaults to true. If set to false it will disable - the gRPC subscribe endpoint on a Consul Server. All - servers in all federated datacenters must have this enabled before any client can use - [`use_streaming_backend`](#use_streaming_backend). - -- `segment` - Equivalent to the [`-segment` command-line flag](#_segment). - - ~> **Warning:** The `segment` option cannot be used with the [`partition`](#partition-1) option. - -- `segments` - (Server agents only) This is a list of nested objects - that specifies user-defined network segments, not including the `` segment, which is - created automatically. Review the [Network Segments documentation](/docs/enterprise/network-segments) - for more details. - - - `name` ((#segment_name)) - The name of the segment. Must be a string - between 1 and 64 characters in length. - - `bind` ((#segment_bind)) - The bind address to use for the segment's - gossip layer. Defaults to the [`-bind`](#_bind) value if not provided. - - `port` ((#segment_port)) - The port to use for the segment's gossip - layer (required). - - `advertise` ((#segment_advertise)) - The advertise address to use for - the segment's gossip layer. Defaults to the [`-advertise`](#_advertise) value - if not provided. - - `rpc_listener` ((#segment_rpc_listener)) - If true, a separate RPC - listener will be started on this segment's [`-bind`](#_bind) address on the rpc - port. Only valid if the segment's bind address differs from the [`-bind`](#_bind) - address. Defaults to false. - -- `server` Equivalent to the [`-server` command-line flag](#_server). - -- `non_voting_server` - **This field is deprecated in Consul 1.9.1. See the [`read_replica`](#read_replica) field instead.** - -- `read_replica` - Equivalent to the [`-read-replica` command-line flag](#_read_replica). - -- `session_ttl_min` The minimum allowed session TTL. This ensures sessions are not created with TTL's - shorter than the specified limit. It is recommended to keep this limit at or above - the default to encourage clients to send infrequent heartbeats. Defaults to 10s. - -- `skip_leave_on_interrupt` This is similar - to [`leave_on_terminate`](#leave_on_terminate) but only affects interrupt handling. - When Consul receives an interrupt signal (such as hitting Control-C in a terminal), - Consul will gracefully leave the cluster. Setting this to `true` disables that - behavior. The default behavior for this feature varies based on whether or not - the agent is running as a client or a server (prior to Consul 0.7 the default value - was unconditionally set to `false`). On agents in client-mode, this defaults to - `false` and for agents in server-mode, this defaults to `true` (i.e. Ctrl-C on - a server will keep the server in the cluster and therefore quorum, and Ctrl-C on - a client will gracefully leave). - -- `start_join` An array of strings specifying addresses - of nodes to [`-join`](#_join) upon startup. Note that using - `retry_join` could be more appropriate to help mitigate - node startup race conditions when automating a Consul cluster deployment. - -- `start_join_wan` An array of strings specifying addresses - of WAN nodes to [`-join-wan`](#_join_wan) upon startup. +## Telemetry Paramters - `telemetry` This is a nested object that configures where Consul sends its runtime telemetry, and contains the following keys: @@ -1552,31 +1634,7 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr can be used to capture runtime information. This streams via TCP and can only be used with statsite. -- `syslog_facility` When [`enable_syslog`](#enable_syslog) - is provided, this controls to which facility messages are sent. By default, `LOCAL0` - will be used. - -- `translate_wan_addrs` If set to true, Consul - will prefer a node's configured [WAN address](#_advertise-wan) - when servicing DNS and HTTP requests for a node in a remote datacenter. This allows - the node to be reached within its own datacenter using its local address, and reached - from other datacenters using its WAN address, which is useful in hybrid setups - with mixed networks. This is disabled by default. - - Starting in Consul 0.7 and later, node addresses in responses to HTTP requests will also prefer a - node's configured [WAN address](#_advertise-wan) when querying for a node in a remote - datacenter. An [`X-Consul-Translate-Addresses`](/api#translated-addresses) header - will be present on all responses when translation is enabled to help clients know that the addresses - may be translated. The `TaggedAddresses` field in responses also have a `lan` address for clients that - need knowledge of that address, regardless of translation. - - The following endpoints translate addresses: - - - [`/v1/catalog/nodes`](/api/catalog#list-nodes) - - [`/v1/catalog/node/`](/api/catalog#retrieve-map-of-services-for-a-node) - - [`/v1/catalog/service/`](/api/catalog#list-nodes-for-service) - - [`/v1/health/service/`](/api/health#list-nodes-for-service) - - [`/v1/query//execute`](/api/query#execute-prepared-query) +## UI Parameters - `ui` - **This field is deprecated in Consul 1.9.0. See the [`ui_config.enabled`](#ui_config_enabled) field instead.** Equivalent to the [`-ui`](#_ui) command-line flag. @@ -1709,34 +1767,6 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr Specifying this configuration key will enable the web UI. There is no need to specify both ui-dir and ui. Specifying both will result in an error. -- `unix_sockets` - This allows tuning the ownership and - permissions of the Unix domain socket files created by Consul. Domain sockets are - only used if the HTTP address is configured with the `unix://` prefix. - - It is important to note that this option may have different effects on - different operating systems. Linux generally observes socket file permissions - while many BSD variants ignore permissions on the socket file itself. It is - important to test this feature on your specific distribution. This feature is - currently not functional on Windows hosts. - - The following options are valid within this construct and apply globally to all - sockets created by Consul: - - - `user` - The name or ID of the user who will own the socket file. - - `group` - The group ID ownership of the socket file. This option - currently only supports numeric IDs. - - `mode` - The permission bits to set on the file. - -- `use_streaming_backend` defaults to true. When enabled Consul client agents will use - streaming rpc, instead of the traditional blocking queries, for endpoints which support - streaming. All servers must have [`rpc.enable_streaming`](#rpc_enable_streaming) - enabled before any client can enable `use_streaming_backend`. - -- `watches` - Watches is a list of watch specifications which - allow an external process to be automatically invoked when a particular data view - is updated. See the [watch documentation](/docs/agent/watches) for more detail. - Watches can be modified when the configuration is reloaded. - ## TLS Configuration Reference This section documents all of the configuration settings that apply to Agent TLS. Agent From 9f693afcbac840276b86a9fbdb4c353b636fba53 Mon Sep 17 00:00:00 2001 From: Natalie Smith Date: Mon, 10 Jan 2022 12:06:21 -0800 Subject: [PATCH 121/785] docs: fix agent config links --- .../docs/agent/config/agent-config-cli.mdx | 14 +-- .../docs/agent/config/agent-config-files.mdx | 94 +++++++++---------- website/content/docs/agent/config/index.mdx | 4 +- 3 files changed, 56 insertions(+), 56 deletions(-) diff --git a/website/content/docs/agent/config/agent-config-cli.mdx b/website/content/docs/agent/config/agent-config-cli.mdx index 8daeebcc1..82d660803 100644 --- a/website/content/docs/agent/config/agent-config-cli.mdx +++ b/website/content/docs/agent/config/agent-config-cli.mdx @@ -26,7 +26,7 @@ information. limit of 4k for maximum size of checks, this is a positive value. By limiting this size, it allows to put less pressure on Consul servers when many checks are having a very large output in their checks. In order to completely disable check output - capture, it is possible to use [`discard_check_output`](#discard_check_output). + capture, it is possible to use [`discard_check_output`](/docs/agent/config/agent-config-files#discard_check_output). - `-client` ((#\_client)) - The address to which Consul will bind client interfaces, including the HTTP and DNS servers. By default, this is "127.0.0.1", @@ -122,7 +122,7 @@ information. - `-raft-protocol` ((#\_raft_protocol)) - This controls the internal version of the Raft consensus protocol used for server communications. This must be set - to 3 in order to gain access to Autopilot features, with the exception of [`cleanup_dead_servers`](#cleanup_dead_servers). Defaults to 3 in Consul 1.0.0 and later (defaulted to 2 previously). See [Raft Protocol Version Compatibility](/docs/upgrade-specific#raft-protocol-version-compatibility) for more details. + to 3 in order to gain access to Autopilot features, with the exception of [`cleanup_dead_servers`](/docs/agent/config/agent-config-files#cleanup_dead_servers). Defaults to 3 in Consul 1.0.0 and later (defaulted to 2 previously). See [Raft Protocol Version Compatibility](/docs/upgrade-specific#raft-protocol-version-compatibility) for more details. - `-segment` ((#\_segment)) - This flag is used to set the name of the network segment the agent belongs to. An agent can only join and @@ -146,13 +146,13 @@ information. - `-advertise-wan` ((#\_advertise-wan)) - The advertise WAN address is used to change the address that we advertise to server nodes joining through the WAN. - This can also be set on client agents when used in combination with the [`translate_wan_addrs`](#translate_wan_addrs) configuration option. By default, the [`-advertise`](#_advertise) address + This can also be set on client agents when used in combination with the [`translate_wan_addrs`](/docs/agent/config/agent-config-files#translate_wan_addrs) configuration option. By default, the [`-advertise`](#_advertise) address is advertised. However, in some cases all members of all datacenters cannot be on the same physical or virtual network, especially on hybrid setups mixing cloud and private datacenters. This flag enables server nodes gossiping through the public network for the WAN while using private VLANs for gossiping to each other and their client agents, and it allows client agents to be reached at this address when being - accessed from a remote datacenter if the remote datacenter is configured with [`translate_wan_addrs`](#translate_wan_addrs). In Consul 1.1.0 and later this can be dynamically defined with a [go-sockaddr] + accessed from a remote datacenter if the remote datacenter is configured with [`translate_wan_addrs`](/docs/agent/config/agent-config-files#translate_wan_addrs). In Consul 1.1.0 and later this can be dynamically defined with a [go-sockaddr] template that is resolved at runtime. ## Address Bind Options @@ -160,10 +160,10 @@ information. - `-bind` ((#\_bind)) - The address that should be bound to for internal cluster communications. This is an IP address that should be reachable by all other nodes in the cluster. By default, this is "0.0.0.0", meaning Consul will bind to - all addresses on the local machine and will [advertise](/docs/agent/options#_advertise) + all addresses on the local machine and will [advertise](#_advertise) the private IPv4 address to the rest of the cluster. If there are multiple private IPv4 addresses available, Consul will exit with an error at startup. If you specify - `"[::]"`, Consul will [advertise](/docs/agent/options#_advertise) the public + `"[::]"`, Consul will [advertise](#_advertise) the public IPv6 address. If there are multiple public IPv6 addresses available, Consul will exit with an error at startup. Consul uses both TCP and UDP and the same port for both. If you have any firewalls, be sure to allow both protocols. In Consul 1.1.0 and later this can be dynamically defined with a [go-sockaddr] @@ -290,7 +290,7 @@ information. If Consul is running on the non-default Serf LAN port, the port must be specified in the join address, or configured as the agent's default Serf port - using the [`ports.serf_lan`](#serf_lan_port) configuration option or + using the [`ports.serf_lan`](/docs/agent/config/agent-config-files#serf_lan_port) configuration option or [`-serf-lan-port`](#_serf_lan_port) command line flag. If using network segments (Enterprise), see [additional documentation on diff --git a/website/content/docs/agent/config/agent-config-files.mdx b/website/content/docs/agent/config/agent-config-files.mdx index f22a1eb69..40dae7878 100644 --- a/website/content/docs/agent/config/agent-config-files.mdx +++ b/website/content/docs/agent/config/agent-config-files.mdx @@ -80,7 +80,7 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'." - `https` - The HTTPS API. Defaults to `client_addr` - `grpc` - The gRPC API. Defaults to `client_addr` -- `alt_domain` Equivalent to the [`-alt-domain` command-line flag](#_alt_domain) +- `alt_domain` Equivalent to the [`-alt-domain` command-line flag](/docs/agent/config/agent-config-cli#_alt_domain) - `audit` - Added in Consul 1.8, the audit object allow users to enable auditing and configure a sink and filters for their audit logs. For more information, review the [audit log tutorial](https://learn.hashicorp.com/tutorials/consul/audit-logging). @@ -207,7 +207,7 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'." - `server_addresses` (Defaults to `[]`) This specifies the addresses of servers in the local datacenter to use for the initial RPC. These addresses support - [Cloud Auto-Joining](#cloud-auto-joining) and can optionally include a port to + [Cloud Auto-Joining](/docs/agent/config/agent-config-cli#cloud-auto-joining) and can optionally include a port to use when making the outbound connection. If not port is provided the `server_port` will be used. @@ -310,7 +310,7 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'." - `partition` - The admin partition name the client is requesting. -- `bind_addr` Equivalent to the [`-bind` command-line flag](#_bind). +- `bind_addr` Equivalent to the [`-bind` command-line flag](/docs/agent/config/agent-config-cli#_bind). This parameter can be set to a go-sockaddr template that resolves to a single address. Special characters such as backslashes `\` or double quotes `"` @@ -358,7 +358,7 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr changes state, the new state and associated output is synchronized immediately. To disable this behavior, set the value to "0s". -- `client_addr` Equivalent to the [`-client` command-line flag](#_client). +- `client_addr` Equivalent to the [`-client` command-line flag](/docs/agent/config/agent-config-cli#_client). - `config_entries` This object allows setting options for centralized config entries. @@ -372,9 +372,9 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr See the [configuration entry docs](/docs/agent/config-entries) for more details about the contents of each entry. -- `datacenter` Equivalent to the [`-datacenter` command-line flag](#_datacenter). +- `datacenter` Equivalent to the [`-datacenter` command-line flag](/docs/agent/config/agent-config-cli#_datacenter). -- `data_dir` Equivalent to the [`-data-dir` command-line flag](#_data_dir). +- `data_dir` Equivalent to the [`-data-dir` command-line flag](/docs/agent/config/agent-config-cli#_data_dir). - `disable_anonymous_signature` Disables providing an anonymous signature for de-duplication with the update check. See [`disable_update_check`](#disable_update_check). @@ -404,17 +404,17 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr - `enable_debug` When set, enables some additional debugging features. Currently, this is only used to access runtime profiling HTTP endpoints, which are available with an `operator:read` ACL regardless of the value of `enable_debug`. -- `enable_script_checks` Equivalent to the [`-enable-script-checks` command-line flag](#_enable_script_checks). +- `enable_script_checks` Equivalent to the [`-enable-script-checks` command-line flag](/docs/agent/config/agent-config-cli#_enable_script_checks). ACLs must be enabled for agents and the `enable_script_checks` option must be set to `true` to enable script checks in Consul 0.9.0 and later. See [Registering and Querying Node Information](/docs/security/acl/acl-rules#registering-and-querying-node-information) for related information. ~> **Security Warning:** Enabling script checks in some configurations may introduce a known remote execution vulnerability targeted by malware. We strongly recommend `enable_local_script_checks` instead. Refer to the following article for additional guidance: [_Protecting Consul from RCE Risk in Specific Configurations_](https://www.hashicorp.com/blog/protecting-consul-from-rce-risk-in-specific-configurations) for more details. -- `enable_local_script_checks` Equivalent to the [`-enable-local-script-checks` command-line flag](#_enable_local_script_checks). +- `enable_local_script_checks` Equivalent to the [`-enable-local-script-checks` command-line flag](/docs/agent/config/agent-config-cli#_enable_local_script_checks). - `disable_keyring_file` - Equivalent to the - [`-disable-keyring-file` command-line flag](#_disable_keyring_file). + [`-disable-keyring-file` command-line flag](/docs/agent/config/agent-config-cli#_disable_keyring_file). - `disable_coordinates` - Disables sending of [network coordinates](/docs/architecture/coordinates). When network coordinates are disabled the `near` query param will not work to sort the nodes, @@ -474,9 +474,9 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr - `kv_max_value_size` - **(Advanced)** Configures the maximum number of bytes for a kv request body to the [`/v1/kv`](/api/kv) endpoint. This limit defaults to [raft's](https://github.com/hashicorp/raft) suggested max size (512KB). **Note that tuning these improperly can cause Consul to fail in unexpected ways**, it may potentially affect leadership stability and prevent timely heartbeat signals by increasing RPC IO duration. This option affects the txn endpoint too, but Consul 1.7.2 introduced `txn_max_req_len` which is the preferred way to set the limit for the txn endpoint. If both limits are set, the higher one takes precedence. - `txn_max_req_len` - **(Advanced)** Configures the maximum number of bytes for a transaction request body to the [`/v1/txn`](/api/txn) endpoint. This limit defaults to [raft's](https://github.com/hashicorp/raft) suggested max size (512KB). **Note that tuning these improperly can cause Consul to fail in unexpected ways**, it may potentially affect leadership stability and prevent timely heartbeat signals by increasing RPC IO duration. -- `default_query_time` Equivalent to the [`-default-query-time` command-line flag](#_default_query_time). +- `default_query_time` Equivalent to the [`-default-query-time` command-line flag](/docs/agent/config/agent-config-cli#_default_query_time). -- `max_query_time` Equivalent to the [`-max-query-time` command-line flag](#_max_query_time). +- `max_query_time` Equivalent to the [`-max-query-time` command-line flag](/docs/agent/config/agent-config-cli#_max_query_time). - `partition` - This flag is used to set the name of the admin partition the agent belongs to. An agent can only join @@ -557,7 +557,7 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr enforcement of ACLs. - `primary_gateways` Equivalent to the [`-primary-gateway` - command-line flag](#_primary_gateway). Takes a list of addresses to use as the + command-line flag](/docs/agent/config/agent-config-cli#_primary_gateway). Takes a list of addresses to use as the mesh gateways for the primary datacenter when authoritative replicated catalog data is not present. Discovery happens every [`primary_gateways_interval`](#primary_gateways_interval) until at least one primary mesh gateway is discovered. This was added in Consul @@ -568,7 +568,7 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr 30s. This was added in Consul 1.8.0. - `protocol` ((#protocol)) Equivalent to the [`-protocol` command-line - flag](#_protocol). + flag](/docs/agent/config/agent-config-cli#_protocol). - `reap` This controls Consul's automatic reaping of child processes, which is useful if Consul is running as PID 1 in a Docker container. If this isn't @@ -610,7 +610,7 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr servers in all federated datacenters must have this enabled before any client can use [`use_streaming_backend`](#use_streaming_backend). -- `segment` - Equivalent to the [`-segment` command-line flag](#_segment). +- `segment` - Equivalent to the [`-segment` command-line flag](/docs/agent/config/agent-config-cli#_segment). ~> **Warning:** The `segment` option cannot be used with the [`partition`](#partition-1) option. @@ -633,11 +633,11 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr port. Only valid if the segment's bind address differs from the [`-bind`](#_bind) address. Defaults to false. -- `server` Equivalent to the [`-server` command-line flag](#_server). +- `server` Equivalent to the [`-server` command-line flag](/docs/agent/config/agent-config-cli#_server). - `non_voting_server` - **This field is deprecated in Consul 1.9.1. See the [`read_replica`](#read_replica) field instead.** -- `read_replica` - Equivalent to the [`-read-replica` command-line flag](#_read_replica). +- `read_replica` - Equivalent to the [`-read-replica` command-line flag](/docs/agent/config/agent-config-cli#_read_replica). - `session_ttl_min` The minimum allowed session TTL. This ensures sessions are not created with TTL's shorter than the specified limit. It is recommended to keep this limit at or above @@ -935,13 +935,13 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr ## Advertise Address Parameters -- `advertise_addr` Equivalent to the [`-advertise` command-line flag](#_advertise). +- `advertise_addr` Equivalent to the [`-advertise` command-line flag](/docs/agent/config/agent-config-cli#_advertise). - `advertise_addr_ipv4` This was added together with [`advertise_addr_ipv6`](#advertise_addr_ipv6) to support dual stack IPv4/IPv6 environments. Using this, both IPv4 and IPv6 addresses can be specified and requested during eg service discovery. - `advertise_addr_ipv6` This was added together with [`advertise_addr_ipv4`](#advertise_addr_ipv4) to support dual stack IPv4/IPv6 environments. Using this, both IPv4 and IPv6 addresses can be specified and requested during eg service discovery. -- `advertise_addr_wan` Equivalent to the [`-advertise-wan` command-line flag](#_advertise-wan). +- `advertise_addr_wan` Equivalent to the [`-advertise-wan` command-line flag](/docs/agent/config/agent-config-cli#_advertise-wan). - `advertise_addr_wan_ipv4` This was added together with [`advertise_addr_wan_ipv6`](#advertise_addr_wan_ipv6) to support dual stack IPv4/IPv6 environments. Using this, both IPv4 and IPv6 addresses can be specified and requested during eg service discovery. @@ -954,9 +954,9 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr ## Bootstrap Parameters -- `bootstrap` Equivalent to the [`-bootstrap` command-line flag](#_bootstrap). +- `bootstrap` Equivalent to the [`-bootstrap` command-line flag](/docs/agent/config/agent-config-cli#_bootstrap). -- `bootstrap_expect` Equivalent to the [`-bootstrap-expect` command-line flag](#_bootstrap_expect). +- `bootstrap_expect` Equivalent to the [`-bootstrap-expect` command-line flag](/docs/agent/config/agent-config-cli#_bootstrap_expect). ## Connect Parameters @@ -1228,7 +1228,7 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr versions and will assume the label is the datacenter. See: [this section](/docs/discovery/dns#namespaced-services) for more details. -- `domain` Equivalent to the [`-domain` command-line flag](#_domain). +- `domain` Equivalent to the [`-domain` command-line flag](/docs/agent/config/agent-config-cli#_domain). ## Encryption Parameters @@ -1271,7 +1271,7 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr the certificates requested by `auto_encrypt` from the server have these `ip_san` set as IP SAN. -- `encrypt` Equivalent to the [`-encrypt` command-line flag](#_encrypt). +- `encrypt` Equivalent to the [`-encrypt` command-line flag](/docs/agent/config/agent-config-cli#_encrypt). - `encrypt_verify_incoming` - This is an optional parameter that can be used to disable enforcing encryption for incoming gossip @@ -1373,15 +1373,15 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr ## Join Parameters -- `rejoin_after_leave` Equivalent to the [`-rejoin` command-line flag](#_rejoin). +- `rejoin_after_leave` Equivalent to the [`-rejoin` command-line flag](/docs/agent/config/agent-config-cli#_rejoin). -- `retry_join` - Equivalent to the [`-retry-join`](#retry-join) command-line flag. +- `retry_join` - Equivalent to the [`-retry-join`](/docs/agent/config/agent-config-cli#retry-join) command-line flag. -- `retry_interval` Equivalent to the [`-retry-interval` command-line flag](#_retry_interval). +- `retry_interval` Equivalent to the [`-retry-interval` command-line flag](/docs/agent/config/agent-config-cli#_retry_interval). -- `retry_join_wan` Equivalent to the [`-retry-join-wan` command-line flag](#_retry_join_wan). Takes a list of addresses to attempt joining to WAN every [`retry_interval_wan`](#_retry_interval_wan) until at least one join works. +- `retry_join_wan` Equivalent to the [`-retry-join-wan` command-line flag](/docs/agent/config/agent-config-cli#_retry_join_wan). Takes a list of addresses to attempt joining to WAN every [`retry_interval_wan`](#_retry_interval_wan) until at least one join works. -- `retry_interval_wan` Equivalent to the [`-retry-interval-wan` command-line flag](#_retry_interval_wan). +- `retry_interval_wan` Equivalent to the [`-retry-interval-wan` command-line flag](/docs/agent/config/agent-config-cli#_retry_interval_wan). - `start_join` An array of strings specifying addresses of nodes to [`-join`](#_join) upon startup. Note that using @@ -1393,19 +1393,19 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr ## Log Parameters -- `log_file` Equivalent to the [`-log-file` command-line flag](#_log_file). +- `log_file` Equivalent to the [`-log-file` command-line flag](/docs/agent/config/agent-config-cli#_log_file). -- `log_rotate_duration` Equivalent to the [`-log-rotate-duration` command-line flag](#_log_rotate_duration). +- `log_rotate_duration` Equivalent to the [`-log-rotate-duration` command-line flag](/docs/agent/config/agent-config-cli#_log_rotate_duration). -- `log_rotate_bytes` Equivalent to the [`-log-rotate-bytes` command-line flag](#_log_rotate_bytes). +- `log_rotate_bytes` Equivalent to the [`-log-rotate-bytes` command-line flag](/docs/agent/config/agent-config-cli#_log_rotate_bytes). -- `log_rotate_max_files` Equivalent to the [`-log-rotate-max-files` command-line flag](#_log_rotate_max_files). +- `log_rotate_max_files` Equivalent to the [`-log-rotate-max-files` command-line flag](/docs/agent/config/agent-config-cli#_log_rotate_max_files). -- `log_level` Equivalent to the [`-log-level` command-line flag](#_log_level). +- `log_level` Equivalent to the [`-log-level` command-line flag](/docs/agent/config/agent-config-cli#_log_level). -- `log_json` Equivalent to the [`-log-json` command-line flag](#_log_json). +- `log_json` Equivalent to the [`-log-json` command-line flag](/docs/agent/config/agent-config-cli#_log_json). -- `enable_syslog` Equivalent to the [`-syslog` command-line flag](#_syslog). +- `enable_syslog` Equivalent to the [`-syslog` command-line flag](/docs/agent/config/agent-config-cli#_syslog). - `syslog_facility` When [`enable_syslog`](#enable_syslog) is provided, this controls to which facility messages are sent. By default, `LOCAL0` @@ -1413,11 +1413,11 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr ## Node Parameters -- `node_id` Equivalent to the [`-node-id` command-line flag](#_node_id). +- `node_id` Equivalent to the [`-node-id` command-line flag](/docs/agent/config/agent-config-cli#_node_id). -- `node_name` Equivalent to the [`-node` command-line flag](#_node). +- `node_name` Equivalent to the [`-node` command-line flag](/docs/agent/config/agent-config-cli#_node). -- `node_meta` Available in Consul 0.7.3 and later, This object allows associating arbitrary metadata key/value pairs with the local node, which can then be used for filtering results from certain catalog endpoints. See the [`-node-meta` command-line flag](#_node_meta) for more information. +- `node_meta` Available in Consul 0.7.3 and later, This object allows associating arbitrary metadata key/value pairs with the local node, which can then be used for filtering results from certain catalog endpoints. See the [`-node-meta` command-line flag](/docs/agent/config/agent-config-cli#_node_meta) for more information. ```json { @@ -1427,7 +1427,7 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr } ``` -- `disable_host_node_id` Equivalent to the [`-disable-host-node-id` command-line flag](#_disable_host_node_id). +- `disable_host_node_id` Equivalent to the [`-disable-host-node-id` command-line flag](/docs/agent/config/agent-config-cli#_disable_host_node_id). ## Raft Parameters @@ -1442,7 +1442,7 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr - `raft_protocol` ((#raft_protocol)) Equivalent to the [`-raft-protocol` - command-line flag](#_raft_protocol). + command-line flag](/docs/agent/config/agent-config-cli#_raft_protocol). - `raft_snapshot_threshold` ((#\_raft_snapshot_threshold)) This controls the minimum number of raft commit entries between snapshots that are saved to @@ -1491,14 +1491,14 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr ## Serf Parameters -- `serf_lan` ((#serf_lan_bind)) Equivalent to the [`-serf-lan-bind` command-line flag](#_serf_lan_bind). +- `serf_lan` ((#serf_lan_bind)) Equivalent to the [`-serf-lan-bind` command-line flag](/docs/agent/config/agent-config-cli#_serf_lan_bind). This is an IP address, not to be confused with [`ports.serf_lan`](#serf_lan_port). -- `serf_lan_allowed_cidrs` ((#serf_lan_allowed_cidrs)) Equivalent to the [`-serf-lan-allowed-cidrs` command-line flag](#_serf_lan_allowed_cidrs). +- `serf_lan_allowed_cidrs` ((#serf_lan_allowed_cidrs)) Equivalent to the [`-serf-lan-allowed-cidrs` command-line flag](/docs/agent/config/agent-config-cli#_serf_lan_allowed_cidrs). -- `serf_wan` ((#serf_wan_bind)) Equivalent to the [`-serf-wan-bind` command-line flag](#_serf_wan_bind). +- `serf_wan` ((#serf_wan_bind)) Equivalent to the [`-serf-wan-bind` command-line flag](/docs/agent/config/agent-config-cli#_serf_wan_bind). -- `serf_wan_allowed_cidrs` ((#serf_wan_allowed_cidrs)) Equivalent to the [`-serf-wan-allowed-cidrs` command-line flag](#_serf_wan_allowed_cidrs). +- `serf_wan_allowed_cidrs` ((#serf_wan_allowed_cidrs)) Equivalent to the [`-serf-wan-allowed-cidrs` command-line flag](/docs/agent/config/agent-config-cli#_serf_wan_allowed_cidrs). ## Telemetry Paramters @@ -1637,7 +1637,7 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr ## UI Parameters - `ui` - **This field is deprecated in Consul 1.9.0. See the [`ui_config.enabled`](#ui_config_enabled) field instead.** - Equivalent to the [`-ui`](#_ui) command-line flag. + Equivalent to the [`-ui`](/docs/agent/config/agent-config-cli#_ui) command-line flag. - `ui_config` - This object allows a number of sub-keys to be set which controls the display or features available in the UI. Configuring the UI with this @@ -1648,12 +1648,12 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr - `enabled` ((#ui_config_enabled)) - This enables the service of the web UI from this agent. Boolean value, defaults to false. In `-dev` mode this defaults to true. Replaces `ui` from before 1.9.0. Equivalent to the - [`-ui`](#_ui) command-line flag. + [`-ui`](/docs/agent/config/agent-config-cli#_ui) command-line flag. - `dir` ((#ui_config_dir)) - This specifies that the web UI should be served from an external dir rather than the build in one. This allows for customization or development. Replaces `ui_dir` from before 1.9.0. - Equivalent to the [`-ui-dir`](#_ui_dir) command-line flag. + Equivalent to the [`-ui-dir`](/docs/agent/config/agent-config-cli#_ui_dir) command-line flag. - `content_path` ((#ui_config_content_path)) - This specifies the HTTP path that the web UI should be served from. Defaults to `/ui/`. Equivalent to the @@ -1762,7 +1762,7 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr - `{{Datacenter}}` - Replaced with the current service's datacenter. - `ui_dir` - **This field is deprecated in Consul 1.9.0. See the [`ui_config.dir`](#ui_config_dir) field instead.** - Equivalent to the [`-ui-dir`](#_ui_dir) command-line + Equivalent to the [`-ui-dir`](/docs/agent/config/agent-config-cli#_ui_dir) command-line flag. This configuration key is not required as of Consul version 0.7.0 and later. Specifying this configuration key will enable the web UI. There is no need to specify both ui-dir and ui. Specifying both will result in an error. diff --git a/website/content/docs/agent/config/index.mdx b/website/content/docs/agent/config/index.mdx index 362cf36f6..44ced8493 100644 --- a/website/content/docs/agent/config/index.mdx +++ b/website/content/docs/agent/config/index.mdx @@ -16,8 +16,8 @@ descriptions. Configuration precedence is evaluated in the following order: -1. Command line arguments -2. Configuration files +1. [Command line arguments](/docs/agent/config/agent-config-cli) +2. [Configuration files](/docs/agent/config/agent-config-files) When loading configuration, the Consul agent loads the configuration from files and directories in lexical order. For example, configuration file From cd73f27c8404fe1391621c19820983effa7bb092 Mon Sep 17 00:00:00 2001 From: Natalie Smith Date: Mon, 10 Jan 2022 13:13:13 -0800 Subject: [PATCH 122/785] docs: fix external links to agent config pages --- .../network-areas/README.md | 2 +- docs/config/README.md | 6 +- docs/config/checklist-adding-config-fields.md | 4 +- docs/rpc/README.md | 2 +- website/content/api-docs/acl/index.mdx | 10 +- website/content/api-docs/agent/index.mdx | 20 +-- website/content/api-docs/config.mdx | 2 +- .../content/api-docs/connect/intentions.mdx | 2 +- website/content/api-docs/health.mdx | 2 +- website/content/api-docs/index.mdx | 4 +- .../content/api-docs/operator/autopilot.mdx | 2 +- .../content/commands/acl/set-agent-token.mdx | 2 +- website/content/commands/config/index.mdx | 2 +- website/content/commands/connect/envoy.mdx | 2 +- website/content/commands/debug.mdx | 2 +- website/content/commands/index.mdx | 2 +- .../content/commands/operator/autopilot.mdx | 4 +- website/content/commands/reload.mdx | 2 +- website/content/commands/validate.mdx | 2 +- website/content/docs/agent/config-entries.mdx | 6 +- .../docs/agent/config/agent-config-files.mdx | 2 +- website/content/docs/agent/config/index.mdx | 18 +-- website/content/docs/agent/index.mdx | 32 ++--- website/content/docs/agent/telemetry.mdx | 26 ++-- website/content/docs/connect/ca/aws.mdx | 6 +- website/content/docs/connect/ca/consul.mdx | 2 +- website/content/docs/connect/ca/index.mdx | 2 +- website/content/docs/connect/ca/vault.mdx | 4 +- .../config-entries/exported-services.mdx | 2 +- .../docs/connect/config-entries/index.mdx | 2 +- .../connect/config-entries/proxy-defaults.mdx | 4 +- .../config-entries/service-defaults.mdx | 4 +- .../config-entries/service-intentions.mdx | 4 +- .../content/docs/connect/configuration.mdx | 14 +-- .../docs/connect/connect-internals.mdx | 4 +- .../docs/connect/gateways/ingress-gateway.mdx | 4 +- ...service-to-service-traffic-datacenters.mdx | 26 ++-- .../service-to-service-traffic-partitions.mdx | 20 +-- .../wan-federation-via-mesh-gateways.mdx | 5 +- .../connect/gateways/terminating-gateway.mdx | 4 +- .../docs/connect/intentions-legacy.mdx | 2 +- website/content/docs/connect/intentions.mdx | 2 +- .../docs/connect/observability/index.mdx | 6 +- .../observability/ui-visualization.mdx | 14 +-- .../content/docs/connect/proxies/built-in.mdx | 4 +- .../content/docs/connect/proxies/envoy.mdx | 2 +- .../connect/proxies/managed-deprecated.mdx | 6 +- .../registration/service-registration.mdx | 4 +- .../connect/registration/sidecar-service.mdx | 4 +- website/content/docs/discovery/checks.mdx | 10 +- website/content/docs/discovery/dns.mdx | 26 ++-- .../content/docs/dynamic-app-config/kv.mdx | 4 +- .../docs/dynamic-app-config/watches.mdx | 2 +- .../content/docs/enterprise/audit-logging.mdx | 8 +- .../docs/enterprise/license/overview.mdx | 8 +- .../docs/enterprise/network-segments.mdx | 32 ++--- .../content/docs/enterprise/read-scale.mdx | 4 +- website/content/docs/index.mdx | 2 +- .../content/docs/install/bootstrapping.mdx | 14 +-- .../content/docs/install/cloud-auto-join.mdx | 4 +- .../content/docs/install/manual-bootstrap.mdx | 2 +- website/content/docs/install/performance.mdx | 20 +-- website/content/docs/install/ports.mdx | 2 +- .../docs/k8s/connect/connect-ca-provider.mdx | 4 +- website/content/docs/k8s/helm.mdx | 16 +-- .../servers-outside-kubernetes.mdx | 4 +- .../installation/multi-cluster/kubernetes.mdx | 4 +- .../multi-cluster/vms-and-kubernetes.mdx | 2 +- website/content/docs/nia/configuration.mdx | 6 +- .../docs/nia/installation/requirements.mdx | 2 +- .../docs/releases/release-notes/v1_9_0.mdx | 2 +- .../content/docs/security/acl/acl-legacy.mdx | 102 +++++++-------- .../content/docs/security/acl/acl-rules.mdx | 26 ++-- .../docs/security/acl/auth-methods/index.mdx | 2 +- website/content/docs/security/encryption.mdx | 22 ++-- .../docs/security/security-models/core.mdx | 54 ++++---- .../docs/troubleshoot/common-errors.mdx | 6 +- website/content/docs/troubleshoot/faq.mdx | 8 +- .../instructions/general-process.mdx | 4 +- .../instructions/upgrade-to-1-6-x.mdx | 8 +- .../docs/upgrading/upgrade-specific.mdx | 119 +++++++++--------- .../partials/http_api_options_client.mdx | 2 +- 82 files changed, 422 insertions(+), 418 deletions(-) diff --git a/docs/cluster-federation/network-areas/README.md b/docs/cluster-federation/network-areas/README.md index 0b62162e4..efe10aa06 100644 --- a/docs/cluster-federation/network-areas/README.md +++ b/docs/cluster-federation/network-areas/README.md @@ -35,7 +35,7 @@ Every Consul Enterprise server maintains a reconciliation routine where every 30 Joining a network area pool involves: 1. Setting memberlist and Serf configuration. - * Prior to Consul `v1.8.11` and `v1.9.5`, network areas were configured with memberlist's [DefaultWANConfig](https://github.com/hashicorp/memberlist/blob/838073fef1a4e1f6cb702a57a8075304098b1c31/config.go#L315). This was then updated to instead use the server's [gossip_wan](https://www.consul.io/docs/agent/options#gossip_wan) configuration, which falls back to the DefaultWANConfig if it was not specified. + * Prior to Consul `v1.8.11` and `v1.9.5`, network areas were configured with memberlist's [DefaultWANConfig](https://github.com/hashicorp/memberlist/blob/838073fef1a4e1f6cb702a57a8075304098b1c31/config.go#L315). This was then updated to instead use the server's [gossip_wan](https://www.consul.io/docs/agent/config/agent-config-files#gossip_wan) configuration, which falls back to the DefaultWANConfig if it was not specified. * As of Consul `v1.8.11`/`v1.9.5` it is not possible to tune gossip communication on a per-area basis. 2. Update the server's gossip network, which keeps track of network areas that the server is a part of. This gossip network is also used to dispatch incoming **gossip** connections to handlers for the appropriate area. diff --git a/docs/config/README.md b/docs/config/README.md index 49f8014cf..fe38011b9 100644 --- a/docs/config/README.md +++ b/docs/config/README.md @@ -10,10 +10,10 @@ specified using command line flags, and some can be loaded with [Auto-Config]. See also the [checklist for adding a new field] to the configuration. [hcl]: https://github.com/hashicorp/hcl/tree/hcl1 -[Agent Configuration]: https://www.consul.io/docs/agent/options +[Agent Configuration]: https://www.consul.io/docs/agent/config [checklist for adding a new field]: ./checklist-adding-config-fields.md [Auto-Config]: #auto-config -[Config Entries]: https://www.consul.io/docs/agent/options#config_entries +[Config Entries]: https://www.consul.io/docs/agent/config/agent-config-files#config_entries [Services]: https://www.consul.io/docs/discovery/services [Checks]: https://www.consul.io/docs/discovery/checks @@ -53,6 +53,6 @@ implemented in a couple packages. * the server RPC endpoint is in [agent/consul/auto_config_endpoint.go] * the client that receives and applies the config is implemented in [agent/auto-config] -[auto_config]: https://www.consul.io/docs/agent/options#auto_config +[auto_config]: https://www.consul.io/docs/agent/config/agent-config-files#auto_config [agent/consul/auto_config_endpoint.go]: https://github.com/hashicorp/consul/blob/main/agent/consul/auto_config_endpoint.go [agent/auto-config]: https://github.com/hashicorp/consul/tree/main/agent/auto-config diff --git a/docs/config/checklist-adding-config-fields.md b/docs/config/checklist-adding-config-fields.md index fff3fba36..66807c072 100644 --- a/docs/config/checklist-adding-config-fields.md +++ b/docs/config/checklist-adding-config-fields.md @@ -55,7 +55,7 @@ There are four specific cases covered with increasing complexity: state for client agent's RPC client. - [ ] Add a test to `agent/agent_test.go` similar to others with prefix `TestAgent_reloadConfig*`. - - [ ] Add documentation to `website/content/docs/agent/options.mdx`. + - [ ] Add documentation to `website/content/docs/agent/config/agent-config-files.mdx`. Done! You can now use your new field in a client agent by accessing `s.agent.Config.`. @@ -75,7 +75,7 @@ If the config field also needs a CLI flag, then follow these steps. `TestLoad_IntegrationWithFlags` in `agent/config/runtime_test.go` to ensure setting the flag works. - [ ] Add flag (as well as config file) documentation to - `website/source/docs/agent/options.html.md`. + `website/source/docs/agent/config/agent-config-files.mdx` and `website/source/docs/agent/config/agent-config-cli.mdx`. ## Adding a Simple Config Field for Servers Consul servers have a separate Config struct for reasons. Note that Consul diff --git a/docs/rpc/README.md b/docs/rpc/README.md index 8a5236d4a..7d8a75cad 100644 --- a/docs/rpc/README.md +++ b/docs/rpc/README.md @@ -22,7 +22,7 @@ The "RPC Server" accepts requests to the [server port] and routes the requests b configuration of the Server and the the first byte in the request. The diagram below shows all the possible routing flows. -[server port]: https://www.consul.io/docs/agent/options#server_rpc_port +[server port]: https://www.consul.io/docs/agent/config/agent-config-files#server_rpc_port ![RPC Routing](./routing.svg) diff --git a/website/content/api-docs/acl/index.mdx b/website/content/api-docs/acl/index.mdx index 081025ced..6a39bef52 100644 --- a/website/content/api-docs/acl/index.mdx +++ b/website/content/api-docs/acl/index.mdx @@ -16,7 +16,7 @@ the [ACL tutorial](https://learn.hashicorp.com/tutorials/consul/access-control-s ## Bootstrap ACLs This endpoint does a special one-time bootstrap of the ACL system, making the first -management token if the [`acl.tokens.initial_management`](/docs/agent/options#acl_tokens_initial_management) +management token if the [`acl.tokens.initial_management`](/docs/agent/config/agent-config-files#acl_tokens_initial_management) configuration entry is not specified in the Consul server configuration and if the cluster has not been bootstrapped previously. This is available in Consul 0.9.1 and later, and requires all Consul servers to be upgraded in order to operate. @@ -143,7 +143,7 @@ $ curl \ - `SourceDatacenter` - The authoritative ACL datacenter that ACLs are being replicated from and will match the - [`primary_datacenter`](/docs/agent/options#primary_datacenter) configuration. + [`primary_datacenter`](/docs/agent/config/agent-config-files#primary_datacenter) configuration. - `ReplicationType` - The type of replication that is currently in use. @@ -295,7 +295,7 @@ The table below shows this endpoint's support for -> **Note** - To use the login process to create tokens in any connected secondary datacenter, [ACL -replication](/docs/agent/options#acl_enable_token_replication) must be +replication](/docs/agent/config/agent-config-files#acl_enable_token_replication) must be enabled. Login requires the ability to create local tokens which is restricted to the primary datacenter and any secondary datacenters with ACL token replication enabled. @@ -425,7 +425,7 @@ The table below shows this endpoint's support for -> **Note** - To use the login process to create tokens in any connected secondary datacenter, [ACL -replication](/docs/agent/options#acl_enable_token_replication) must be +replication](/docs/agent/config/agent-config-files#acl_enable_token_replication) must be enabled. Login requires the ability to create local tokens which is restricted to the primary datacenter and any secondary datacenters with ACL token replication enabled. @@ -505,7 +505,7 @@ The table below shows this endpoint's support for -> **Note** - To use the login process to create tokens in any connected secondary datacenter, [ACL -replication](/docs/agent/options#acl_enable_token_replication) must be +replication](/docs/agent/config/agent-config-files#acl_enable_token_replication) must be enabled. Login requires the ability to create local tokens which is restricted to the primary datacenter and any secondary datacenters with ACL token replication enabled. diff --git a/website/content/api-docs/agent/index.mdx b/website/content/api-docs/agent/index.mdx index 8a7b4a693..54360d802 100644 --- a/website/content/api-docs/agent/index.mdx +++ b/website/content/api-docs/agent/index.mdx @@ -360,7 +360,7 @@ This endpoint instructs the agent to reload its configuration. Any errors encountered during this process are returned. Not all configuration options are reloadable. See the -[Reloadable Configuration](/docs/agent/options#reloadable-configuration) +[Reloadable Configuration](/docs/agent/config#reloadable-configuration) section on the agent options page for details on which options are supported. | Method | Path | Produces | @@ -440,7 +440,7 @@ page. In order to enable [Prometheus](https://prometheus.io/) support, you need to use the configuration directive -[`prometheus_retention_time`](/docs/agent/options#telemetry-prometheus_retention_time). +[`prometheus_retention_time`](/docs/agent/config/agent-config-files#telemetry-prometheus_retention_time). Since Consul 1.7.2 this endpoint will also automatically switch output format if the request contains an `Accept` header with a compatible MIME type such as @@ -745,7 +745,7 @@ $ curl \ This endpoint updates the ACL tokens currently in use by the agent. It can be used to introduce ACL tokens to the agent for the first time, or to update tokens that were initially loaded from the agent's configuration. Tokens will be persisted -only if the [`acl.enable_token_persistence`](/docs/agent/options#acl_enable_token_persistence) +only if the [`acl.enable_token_persistence`](/docs/agent/config/agent-config-files#acl_enable_token_persistence) configuration is `true`. When not being persisted, they will need to be reset if the agent is restarted. @@ -757,9 +757,9 @@ is restarted. | `PUT` | `/agent/token/replication` | `application/json` | The paths above correspond to the token names as found in the agent configuration: -[`default`](/docs/agent/options#acl_tokens_default), [`agent`](/docs/agent/options#acl_tokens_agent), -[`agent_recovery`](/docs/agent/options#acl_tokens_agent_recovery), and -[`replication`](/docs/agent/options#acl_tokens_replication). +[`default`](/docs/agent/config/agent-config-files#acl_tokens_default), [`agent`](/docs/agent/config/agent-config-files#acl_tokens_agent), +[`agent_recovery`](/docs/agent/config/agent-config-files#acl_tokens_agent_recovery), and +[`replication`](/docs/agent/config/agent-config-files#acl_tokens_replication). -> **Deprecation Note:** The following paths were deprecated in version 1.11 @@ -768,7 +768,7 @@ The paths above correspond to the token names as found in the agent configuratio | `PUT` | `/agent/token/agent_master` | `application/json` | The paths above correspond to the token names as found in the agent configuration: -[`agent_master`](/docs/agent/options#acl_tokens_agent_master). +[`agent_master`](/docs/agent/config/agent-config-files#acl_tokens_agent_master). -> **Deprecation Note:** The following paths were deprecated in version 1.4.3 @@ -780,9 +780,9 @@ The paths above correspond to the token names as found in the agent configuratio | `PUT` | `/agent/token/acl_replication_token` | `application/json` | The paths above correspond to the token names as found in the agent configuration: -[`acl_token`](/docs/agent/options#acl_token_legacy), [`acl_agent_token`](/docs/agent/options#acl_agent_token_legacy), -[`acl_agent_master_token`](/docs/agent/options#acl_agent_master_token_legacy), and -[`acl_replication_token`](/docs/agent/options#acl_replication_token_legacy). +[`acl_token`](/docs/agent/config/agent-config-files#acl_token_legacy), [`acl_agent_token`](/docs/agent/config/agent-config-files#acl_agent_token_legacy), +[`acl_agent_master_token`](/docs/agent/config/agent-config-files#acl_agent_master_token_legacy), and +[`acl_replication_token`](/docs/agent/config/agent-config-files#acl_replication_token_legacy). The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), diff --git a/website/content/api-docs/config.mdx b/website/content/api-docs/config.mdx index 27d665aa6..1ba83ed68 100644 --- a/website/content/api-docs/config.mdx +++ b/website/content/api-docs/config.mdx @@ -10,7 +10,7 @@ description: |- The `/config` endpoints create, update, delete and query central configuration entries registered with Consul. See the -[agent configuration](/docs/agent/options#enable_central_service_config) +[agent configuration](/docs/agent/config/agent-config-files#enable_central_service_config) for more information on how to enable this functionality for centrally configuring services and [configuration entries docs](/docs/agent/config-entries) for a description of the configuration entries content. diff --git a/website/content/api-docs/connect/intentions.mdx b/website/content/api-docs/connect/intentions.mdx index 49b6ac660..ddbeab469 100644 --- a/website/content/api-docs/connect/intentions.mdx +++ b/website/content/api-docs/connect/intentions.mdx @@ -96,7 +96,7 @@ The corresponding CLI command is [`consul intention create -replace`](/commands/ evaluation. As with L4 intentions, traffic that fails to match any of the provided permissions in this intention will be subject to the default intention behavior is defined by the default [ACL - policy](/docs/agent/options#acl_default_policy). + policy](/docs/agent/config/agent-config-files#acl_default_policy). This should be omitted for an L4 intention as it is mutually exclusive with the `Action` field. diff --git a/website/content/api-docs/health.mdx b/website/content/api-docs/health.mdx index 6d8a1c677..4d60aafe9 100644 --- a/website/content/api-docs/health.mdx +++ b/website/content/api-docs/health.mdx @@ -241,7 +241,7 @@ The table below shows this endpoint's support for ascending order based on the estimated round trip time from that node. Passing `?near=_agent` will use the agent's node for the sort. This is specified as part of the URL as a query parameter. **Note** that using `near` will ignore - [`use_streaming_backend`](/docs/agent/options#use_streaming_backend) and always + [`use_streaming_backend`](/docs/agent/config/agent-config-files#use_streaming_backend) and always use blocking queries, because the data required to sort the results is not available to the streaming backend. diff --git a/website/content/api-docs/index.mdx b/website/content/api-docs/index.mdx index 481180c94..40dc5a79b 100644 --- a/website/content/api-docs/index.mdx +++ b/website/content/api-docs/index.mdx @@ -83,7 +83,7 @@ $ curl \ Consul 0.7 added the ability to translate addresses in HTTP response based on the configuration setting for -[`translate_wan_addrs`](/docs/agent/options#translate_wan_addrs). In order +[`translate_wan_addrs`](/docs/agent/config/agent-config-files#translate_wan_addrs). In order to allow clients to know if address translation is in effect, the `X-Consul-Translate-Addresses` header will be added if translation is enabled, and will have a value of `true`. If translation is not enabled then this header @@ -94,7 +94,7 @@ will not be present. All API responses for Consul versions after 1.9 will include an HTTP response header `X-Consul-Default-ACL-Policy` set to either "allow" or "deny" which mirrors the current value of the agent's -[`acl.default_policy`](/docs/agent/options#acl_default_policy) option. +[`acl.default_policy`](/docs/agent/config/agent-config-files#acl_default_policy) option. This is also the default [intention](/docs/connect/intentions) enforcement action if no intention matches. diff --git a/website/content/api-docs/operator/autopilot.mdx b/website/content/api-docs/operator/autopilot.mdx index e1d050871..f4a2e25c8 100644 --- a/website/content/api-docs/operator/autopilot.mdx +++ b/website/content/api-docs/operator/autopilot.mdx @@ -69,7 +69,7 @@ $ curl \ ``` For more information about the Autopilot configuration options, see the -[agent configuration section](/docs/agent/options#autopilot). +[agent configuration section](/docs/agent/config/agent-config-files#autopilot). ## Update Configuration diff --git a/website/content/commands/acl/set-agent-token.mdx b/website/content/commands/acl/set-agent-token.mdx index 201e8b6ed..dfe9f4567 100644 --- a/website/content/commands/acl/set-agent-token.mdx +++ b/website/content/commands/acl/set-agent-token.mdx @@ -12,7 +12,7 @@ Corresponding HTTP API Endpoint: [\[PUT\] /v1/agent/token/:type](/api-docs/agent This command updates the ACL tokens currently in use by the agent. It can be used to introduce ACL tokens to the agent for the first time, or to update tokens that were initially loaded from the agent's configuration. Tokens are not persisted unless -[`acl.enable_token_persistence`](/docs/agent/options#acl_enable_token_persistence) +[`acl.enable_token_persistence`](/docs/agent/config/agent-config-files#acl_enable_token_persistence) is `true`, so tokens will need to be updated again if that option is `false` and the agent is restarted. diff --git a/website/content/commands/config/index.mdx b/website/content/commands/config/index.mdx index 1d3abe7c4..5b22e5115 100644 --- a/website/content/commands/config/index.mdx +++ b/website/content/commands/config/index.mdx @@ -10,7 +10,7 @@ Command: `consul config` The `config` command is used to interact with Consul's central configuration system. It exposes commands for creating, updating, reading, and deleting different kinds of config entries. See the -[agent configuration](/docs/agent/options#enable_central_service_config) +[agent configuration](/docs/agent/config/agent-config-files#enable_central_service_config) for more information on how to enable this functionality for centrally configuring services and [configuration entries docs](/docs/agent/config-entries) for a description of the configuration entries content. diff --git a/website/content/commands/connect/envoy.mdx b/website/content/commands/connect/envoy.mdx index b2a1988e6..68d81d47a 100644 --- a/website/content/commands/connect/envoy.mdx +++ b/website/content/commands/connect/envoy.mdx @@ -42,7 +42,7 @@ proxy configuration needed. be used instead. The scheme can also be set to HTTPS by setting the environment variable CONSUL_HTTP_SSL=true. This may be a unix domain socket using `unix:///path/to/socket` if the [agent is configured to - listen](/docs/agent/options#addresses) that way. + listen](/docs/agent/config/agent-config-files#addresses) that way. -> **Note:** gRPC uses the same TLS settings as the HTTPS API. If HTTPS is enabled then gRPC will require HTTPS diff --git a/website/content/commands/debug.mdx b/website/content/commands/debug.mdx index 58434cb16..23ff3d0da 100644 --- a/website/content/commands/debug.mdx +++ b/website/content/commands/debug.mdx @@ -78,7 +78,7 @@ information when `debug` is running. By default, it captures all information. | `members` | A list of all the WAN and LAN members in the cluster. | | `metrics` | Metrics from the in-memory metrics endpoint in the target, captured at the interval. | | `logs` | `DEBUG` level logs for the target agent, captured for the duration. | -| `pprof` | Golang heap, CPU, goroutine, and trace profiling. CPU profile is captured for `duration` in a single file, trace is captured for a single `interval`, while heap and goroutine are separate snapshots for each `interval`. This information is not retrieved unless [`enable_debug`](/docs/agent/options#enable_debug) is set to `true` on the target agent or ACLs are enable and an ACL token with `operator:read` is provided. | +| `pprof` | Golang heap, CPU, goroutine, and trace profiling. CPU and traces are captured for `duration` in a single file while heap and goroutine are separate snapshots for each `interval`. This information is not retrieved unless [`enable_debug`](/docs/agent/config/agent-config-files#enable_debug) is set to `true` on the target agent or ACLs are enable and an ACL token with `operator:read` is provided. | ## Examples diff --git a/website/content/commands/index.mdx b/website/content/commands/index.mdx index e468c76cc..4ff1b0735 100644 --- a/website/content/commands/index.mdx +++ b/website/content/commands/index.mdx @@ -235,7 +235,7 @@ CONSUL_TLS_SERVER_NAME=consulserver.domain Like [`CONSUL_HTTP_ADDR`](#consul_http_addr) but configures the address the local agent is listening for gRPC requests. Currently gRPC is only used for integrating [Envoy proxy](/docs/connect/proxies/envoy) and must be [enabled -explicitly](/docs/agent/options#grpc_port) in agent configuration. +explicitly](/docs/agent/config/agent-config-files#grpc_port) in agent configuration. ``` CONSUL_GRPC_ADDR=127.0.0.1:8502 diff --git a/website/content/commands/operator/autopilot.mdx b/website/content/commands/operator/autopilot.mdx index e78ade6a7..2a0a2c29a 100644 --- a/website/content/commands/operator/autopilot.mdx +++ b/website/content/commands/operator/autopilot.mdx @@ -104,10 +104,10 @@ Usage: `consul operator autopilot set-config [options]` - `-disable-upgrade-migration` - Controls whether Consul will avoid promoting new servers until it can perform a migration. Must be one of `[true|false]`. -- `-redundancy-zone-tag` - Controls the [`-node-meta`](/docs/agent/options#_node_meta) +- `-redundancy-zone-tag` - Controls the [`-node-meta`](/docs/agent/config/agent-config-cli#_node_meta) key name used for separating servers into different redundancy zones. -- `-upgrade-version-tag` - Controls the [`-node-meta`](/docs/agent/options#_node_meta) +- `-upgrade-version-tag` - Controls the [`-node-meta`](/docs/agent/config/agent-config-cli#_node_meta) tag to use for version info when performing upgrade migrations. If left blank, the Consul version will be used. ### Command Output diff --git a/website/content/commands/reload.mdx b/website/content/commands/reload.mdx index 40d234a15..3043a346f 100644 --- a/website/content/commands/reload.mdx +++ b/website/content/commands/reload.mdx @@ -22,7 +22,7 @@ reload will be present in the agent logs and not in the output of this command. **NOTE** Not all configuration options are reloadable. See the -[Reloadable Configuration](/docs/agent/options#reloadable-configuration) +[Reloadable Configuration](/docs/agent/config#reloadable-configuration) section on the agent options page for details on which options are supported. The table below shows this command's [required ACLs](/api#authentication). Configuration of diff --git a/website/content/commands/validate.mdx b/website/content/commands/validate.mdx index cb3d02e07..ade133928 100644 --- a/website/content/commands/validate.mdx +++ b/website/content/commands/validate.mdx @@ -21,7 +21,7 @@ to be loaded by the agent. This command cannot operate on partial configuration fragments since those won't pass the full agent validation. For more information on the format of Consul's configuration files, read the -consul agent [Configuration Files](/docs/agent/options#configuration-files) +consul agent [Configuration Files](/docs/agent/config/agent-config-files) section. ## Usage diff --git a/website/content/docs/agent/config-entries.mdx b/website/content/docs/agent/config-entries.mdx index d477db6b2..48a996e05 100644 --- a/website/content/docs/agent/config-entries.mdx +++ b/website/content/docs/agent/config-entries.mdx @@ -57,8 +57,8 @@ See [Kubernetes Custom Resource Definitions](/docs/k8s/crds). Configuration entries outside of Kubernetes should be managed with the Consul [CLI](/commands/config) or [API](/api-docs/config). Additionally, as a convenience for initial cluster bootstrapping, configuration entries can be -specified in the Consul servers agent's -[configuration files](/docs/agent/options#config_entries_bootstrap) +specified in all of the Consul servers's +[configuration files](/docs/agent/config/agent-config-files#config_entries_bootstrap) ### Managing Configuration Entries with the CLI @@ -162,7 +162,7 @@ api ### Bootstrapping From A Configuration File Configuration entries can be bootstrapped by adding them [inline to each Consul -server's configuration file](/docs/agent/options#config_entries). When a +server's configuration file](/docs/agent/config/agent-config-files#config_entries). When a server gains leadership, it will attempt to initialize the configuration entries. If a configuration entry does not already exist outside of the servers configuration, then it will create it. If a configuration entry does exist, that diff --git a/website/content/docs/agent/config/agent-config-files.mdx b/website/content/docs/agent/config/agent-config-files.mdx index 40dae7878..08a9f4398 100644 --- a/website/content/docs/agent/config/agent-config-files.mdx +++ b/website/content/docs/agent/config/agent-config-files.mdx @@ -905,7 +905,7 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr set [`acl.enable_token_replication`](#acl_enable_token_replication) to true for backward compatibility. If there's a partition or other outage affecting the authoritative datacenter, and the - [`acl_down_policy`](/docs/agent/options#acl_down_policy) is set to "extend-cache", tokens not + [`acl_down_policy`](/docs/agent/config/agent-config-files#acl_down_policy) is set to "extend-cache", tokens not in the cache can be resolved during the outage using the replicated set of ACLs. - `acl_token` ((#acl_token_legacy)) - **Deprecated in Consul 1.4.0. See diff --git a/website/content/docs/agent/config/index.mdx b/website/content/docs/agent/config/index.mdx index 44ced8493..f9daad3b9 100644 --- a/website/content/docs/agent/config/index.mdx +++ b/website/content/docs/agent/config/index.mdx @@ -57,22 +57,22 @@ Reloading configuration does not reload all configuration items. The items which are reloaded include: - ACL Tokens -- [Configuration Entry Bootstrap](#config_entries_bootstrap) +- [Configuration Entry Bootstrap](/docs/agent/config/agent-config-files#config_entries_bootstrap) - Checks -- [Discard Check Output](#discard_check_output) +- [Discard Check Output](/docs/agent/config/agent-config-files#discard_check_output) - HTTP Client Address - Log level -- [Metric Prefix Filter](#telemetry-prefix_filter) -- [Node Metadata](#node_meta) +- [Metric Prefix Filter](/docs/agent/config/agent-config-files#telemetry-prefix_filter) +- [Node Metadata](/docs/agent/config/agent-config-files#node_meta) - Some Raft options (since Consul 1.10.0) - - [`raft_snapshot_threshold`](#_raft_snapshot_threshold) - - [`raft_snapshot_interval`](#_raft_snapshot_interval) - - [`raft_trailing_logs`](#_raft_trailing_logs) + - [`raft_snapshot_threshold`](/docs/agent/config/agent-config-files#_raft_snapshot_threshold) + - [`raft_snapshot_interval`](/docs/agent/config/agent-config-files#_raft_snapshot_interval) + - [`raft_trailing_logs`](/docs/agent/config/agent-config-files#_raft_trailing_logs) - These can be important in certain outage situations so being able to control them without a restart provides a recovery path that doesn't involve downtime. They generally shouldn't be changed otherwise. -- [RPC rate limiting](#limits) -- [HTTP Maximum Connections per Client](#http_max_conns_per_client) +- [RPC rate limiting](/docs/agent/config/agent-config-files#limits) +- [HTTP Maximum Connections per Client](/docs/agent/config/agent-config-files#http_max_conns_per_client) - Services - TLS Configuration - Please be aware that this is currently limited to reload a configuration that is already TLS enabled. You cannot enable or disable TLS only with reloading. diff --git a/website/content/docs/agent/index.mdx b/website/content/docs/agent/index.mdx index b937214a8..2d963d13f 100644 --- a/website/content/docs/agent/index.mdx +++ b/website/content/docs/agent/index.mdx @@ -102,7 +102,7 @@ The following example starts an agent in dev mode and stores agent state data in $ consul agent -data-dir=tmp/consul -dev ``` -Agents are highly configurable, which enables you to deploy Consul to any infrastructure. Many of the default options for the `agent` command are suitable for becoming familiar with a local instance of Consul. In practice, however, several additional configuration options must be specified for Consul to function as expected. Refer to [Agent Configuration](/docs/agent/options) topic for a complete list of configuration options. +Agents are highly configurable, which enables you to deploy Consul to any infrastructure. Many of the default options for the `agent` command are suitable for becoming familiar with a local instance of Consul. In practice, however, several additional configuration options must be specified for Consul to function as expected. Refer to [Agent Configuration](/docs/agent/config) topic for a complete list of configuration options. ### Understanding the Agent Startup Output @@ -127,16 +127,16 @@ $ consul agent -data-dir=/tmp/consul - **Node name**: This is a unique name for the agent. By default, this is the hostname of the machine, but you may customize it using the - [`-node`](/docs/agent/options#_node) flag. + [`-node`](/docs/agent/config/agent-config-cli#_node) flag. - **Datacenter**: This is the datacenter in which the agent is configured to - run. For single-DC configurations, the agent will default to `dc1`, but you can configure which datacenter the agent reports to with the [`-datacenter`](/docs/agent/options#_datacenter) flag. + run. For single-DC configurations, the agent will default to `dc1`, but you can configure which datacenter the agent reports to with the [`-datacenter`](/docs/agent/config/agent-config-cli#_datacenter) flag. Consul has first-class support for multiple datacenters, but configuring each node to report its datacenter improves agent efficiency. - **Server**: This indicates whether the agent is running in server or client mode. Running an agent in server mode requires additional overhead. This is because they participate in the consensus quorum, store cluster state, and handle queries. A server may also be - in ["bootstrap"](/docs/agent/options#_bootstrap_expect) mode, which enables the server to elect itself as the Raft leader. Multiple servers cannot be in bootstrap mode because it would put the cluster in an inconsistent state. + in ["bootstrap"](/docs/agent/config/agent-config-cli#_bootstrap_expect) mode, which enables the server to elect itselft as the Raft leader. Multiple servers cannot be in bootstrap mode because it would put the cluster in an inconsistent state. - **Client Addr**: This is the address used for client interfaces to the agent. This includes the ports for the HTTP and DNS interfaces. By default, this @@ -179,18 +179,18 @@ The following settings are commonly used in the configuration file (also called | Parameter | Description | Default | | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------- | -| `node_name` | String value that specifies a name for the agent node.
    See [`-node-id`](/docs/agent/options#_node_id) for details. | Hostname of the machine | -| `server` | Boolean value that determines if the agent runs in server mode.
    See [`-server`](/docs/agent/options#_server) for details. | `false` | -| `datacenter` | String value that specifies which datacenter the agent runs in.
    See [-datacenter](/docs/agent/options#_datacenter) for details. | `dc1` | -| `data_dir` | String value that specifies a directory for storing agent state data.
    See [`-data-dir`](/docs/agent/options#_data_dir) for details. | none | -| `log_level` | String value that specifies the level of logging the agent reports.
    See [`-log-level`](docs/agent/options#_log_level) for details. | `info` | -| `retry_join` | Array of string values that specify one or more agent addresses to join after startup. The agent will continue trying to join the specified agents until it has successfully joined another member.
    See [`-retry-join`](/docs/agent/options#_retry_join) for details. | none | -| `addresses` | Block of nested objects that define addresses bound to the agent for internal cluster communication. | `"http": "0.0.0.0"` See the Agent Configuration page for [default address values](/docs/agent/options#addresses) | -| `ports` | Block of nested objects that define ports bound to agent addresses.
    See (link to addresses option) for details. | See the Agent Configuration page for [default port values](/docs/agent/options#ports) | +| `node_name` | String value that specifies a name for the agent node.
    See [`-node-id`](/docs/agent/config/agent-config-cli#_node_id) for details. | Hostname of the machine | +| `server` | Boolean value that determines if the agent runs in server mode.
    See [`-server`](/docs/agent/config/agent-config-cli#_server) for details. | `false` | +| `datacenter` | String value that specifies which datacenter the agent runs in.
    See [-datacenter](/docs/agent/config/agent-config-cli#_datacenter) for details. | `dc1` | +| `data_dir` | String value that specifies a directory for storing agent state data.
    See [`-data-dir`](/docs/agent/config/agent-config-cli#_data_dir) for details. | none | +| `log_level` | String value that specifies the level of logging the agent reports.
    See [`-log-level`](/docs/agent/config/agent-config-cli#_log_level) for details. | `info` | +| `retry_join` | Array of string values that specify one or more agent addresses to join after startup. The agent will continue trying to join the specified agents until it has successfully joined another member.
    See [`-retry-join`](/docs/agent/config/agent-config-cli#_retry_join) for details. | none | +| `addresses` | Block of nested objects that define addresses bound to the agent for internal cluster communication. | `"http": "0.0.0.0"` See the Agent Configuration page for [default address values](/docs/agent/config/agent-config-files#addresses) | +| `ports` | Block of nested objects that define ports bound to agent addresses.
    See (link to addresses option) for details. | See the Agent Configuration page for [default port values](/docs/agent/config/agent-config-files#ports) | ### Server Node in a Service Mesh -The following example configuration is for a server agent named "`consul-server`". The server is [bootstrapped](/docs/agent/options#_bootstrap) and the Consul GUI is enabled. +The following example configuration is for a server agent named "`consul-server`". The server is [bootstrapped](/docs/agent/config/agent-config-cli#_bootstrap) and the Consul GUI is enabled. The reason this server agent is configured for a service mesh is that the `connect` configuration is enabled. Connect is Consul's service mesh component that provides service-to-service connection authorization and encryption using mutual Transport Layer Security (TLS). Applications can use sidecar proxies in a service mesh configuration to establish TLS connections for inbound and outbound connections without being aware of Connect at all. See [Connect](/docs/connect) for details. @@ -389,7 +389,7 @@ log_level = "INFO" bind_addr = "0.0.0.0" # Used for HTTP, HTTPS, DNS, and gRPC addresses. -# loopback is not included in GetPrivateInterfaces because it is not routable. +# loopback is not included in GetPrivateInterfaces because it is not routable. client_addr = "{{ GetPrivateInterfaces | exclude \"type\" \"ipv6\" | join \"address\" \" \" }} {{ GetAllInterfaces | include \"flags\" \"loopback\" | join \"address\" \" \" }}" # advertises gossip and RPC interface to other nodes @@ -448,8 +448,8 @@ may not be important for your use case. For example, for a web server and load balancer setup, both result in the same outcome: the web node is removed from the load balancer pool. -The [`skip_leave_on_interrupt`](/docs/agent/options#skip_leave_on_interrupt) and -[`leave_on_terminate`](/docs/agent/options#leave_on_terminate) configuration +The [`skip_leave_on_interrupt`](/docs/agent/config/agent-config-files#skip_leave_on_interrupt) and +[`leave_on_terminate`](/docs/agent/config/agent-config-files#leave_on_terminate) configuration options allow you to adjust this behavior. diff --git a/website/content/docs/agent/telemetry.mdx b/website/content/docs/agent/telemetry.mdx index 7296ed208..dcea27e05 100644 --- a/website/content/docs/agent/telemetry.mdx +++ b/website/content/docs/agent/telemetry.mdx @@ -29,7 +29,7 @@ This telemetry information can be used for debugging or otherwise getting a better view of what Consul is doing. Review the [Monitoring and Metrics tutorial](https://learn.hashicorp.com/tutorials/consul/monitor-datacenter-health?utm_source=consul.io&utm_medium=docs) to learn how collect and interpret Consul data. -Additionally, if the [`telemetry` configuration options](/docs/agent/options#telemetry) +Additionally, if the [`telemetry` configuration options](/docs/agent/config/agent-config-files#telemetry) are provided, the telemetry information will be streamed to a [statsite](http://github.com/armon/statsite) or [statsd](http://github.com/etsy/statsd) server where it can be aggregated and flushed to Graphite or any other metrics store. @@ -140,7 +140,7 @@ you will need to apply a function such as InfluxDB's [`non_negative_difference() | Metric Name | Description | Unit | Type | | :--------------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------- | :------ | | `consul.client.rpc` | Increments whenever a Consul agent in client mode makes an RPC request to a Consul server | requests | counter | -| `consul.client.rpc.exceeded` | Increments whenever a Consul agent in client mode makes an RPC request to a Consul server gets rate limited by that agent's [`limits`](/docs/agent/options#limits) configuration. | requests | counter | +| `consul.client.rpc.exceeded` | Increments whenever a Consul agent in client mode makes an RPC request to a Consul server gets rate limited by that agent's [`limits`](/docs/agent/config/agent-config-files#limits) configuration. | requests | counter | | `consul.client.rpc.failed` | Increments whenever a Consul agent in client mode makes an RPC request to a Consul server and fails. | requests | counter | **Why they're important:** These measurements indicate the current load created from a Consul agent, including when the load becomes high enough to be rate limited. A high RPC count, especially from `consul.client.rpcexceeded` meaning that the requests are being rate-limited, could imply a misconfigured Consul agent. @@ -172,7 +172,7 @@ Under these conditions, a follower after a restart may be unable to catch up on replication and become a voter again since it takes longer to restore from disk or the leader than the leader takes to write a new snapshot and truncate its logs. Servers retain -[`raft_trailing_logs`](/docs/agent/options#_raft_trailing_logs) (default +[`raft_trailing_logs`](/docs/agent/config/agent-config-files#raft_trailing_logs) (default `10240`) log entries even if their snapshot was more recent. On a leader processing 500 commits/second, that is only about 20 seconds worth of logs. Assuming the leader is able to write out a snapshot and truncate the logs in @@ -197,7 +197,7 @@ repeatedly as well as reduce the fault tolerance and serving capacity of the cluster. Since Consul 1.5.3 -[`raft_trailing_logs`](/docs/agent/options#_raft_trailing_logs) has been +[`raft_trailing_logs`](/docs/agent/config/agent-config-files#raft_trailing_logs) has been configurable. Increasing it allows the leader to retain more logs and give followers more time to restore and catch up. The tradeoff is potentially slower appends which eventually might affect write throughput and latency @@ -208,7 +208,7 @@ mean loosing cluster availability and needing to recover the cluster from a loss of quorum. Since Consul 1.10.0 -[`raft_trailing_logs`](/docs/agent/options#_raft_trailing_logs) is now +[`raft_trailing_logs`](/docs/agent/config/agent-config-files#raft_trailing_logs) is now reloadable with `consul reload` or `SIGHUP` allowing operators to increase this without the leader restarting or loosing leadership allowing the cluster to be recovered gracefully. @@ -298,7 +298,7 @@ it took as well as how many logs were contained in the batch. Writing logs in th a subsequent log storage operation can only be started after the previous one completed. The maximum number of log storage operations that can be performed each second is represented with the `consul.raft.boltdb.writeCapacity` metric. When log storage operations are becoming slower you may not see an immediate decrease in write capacity -due to increased batch sizes of the each operation. However, the max batch size allowed is 64 logs. Therefore if +due to increased batch sizes of the each operation. However, the max batch size allowed is 64 logs. Therefore if the `logsPerBatch` metric is near 64 and the `storeLogs` metric is seeing increased time to write each batch to disk, then it is likely that increased write latencies and other errors may occur. @@ -332,7 +332,7 @@ This is a full list of metrics emitted by Consul. | `consul.acl.blocked.{check,node,service}.registration` | Increments whenever a registration fails for an entity (check, node or service) is blocked by an ACL. | requests | counter | | `consul.api.http` | Migrated from consul.http.. this samples how long it takes to service the given HTTP request for the given verb and path. Includes labels for `path` and `method`. `path` does not include details like service or key names, for these an underscore will be present as a placeholder (eg. path=`v1.kv._`) | ms | timer | | `consul.client.rpc` | Increments whenever a Consul agent in client mode makes an RPC request to a Consul server. This gives a measure of how much a given agent is loading the Consul servers. Currently, this is only generated by agents in client mode, not Consul servers. | requests | counter | -| `consul.client.rpc.exceeded` | Increments whenever a Consul agent in client mode makes an RPC request to a Consul server gets rate limited by that agent's [`limits`](/docs/agent/options#limits) configuration. This gives an indication that there's an abusive application making too many requests on the agent, or that the rate limit needs to be increased. Currently, this only applies to agents in client mode, not Consul servers. | rejected requests | counter | +| `consul.client.rpc.exceeded` | Increments whenever a Consul agent in client mode makes an RPC request to a Consul server gets rate limited by that agent's [`limits`](/docs/agent/config/agent-config-files#limits) configuration. This gives an indication that there's an abusive application making too many requests on the agent, or that the rate limit needs to be increased. Currently, this only applies to agents in client mode, not Consul servers. | rejected requests | counter | | `consul.client.rpc.failed` | Increments whenever a Consul agent in client mode makes an RPC request to a Consul server and fails. | requests | counter | | `consul.client.api.catalog_register.` | Increments whenever a Consul agent receives a catalog register request. | requests | counter | | `consul.client.api.success.catalog_register.` | Increments whenever a Consul agent successfully responds to a catalog register request. | requests | counter | @@ -431,7 +431,7 @@ These metrics are used to monitor the health of the Consul servers. | `consul.raft.last_index` | Represents the raft applied index. | index | gauge | | `consul.raft.leader.dispatchLog` | Measures the time it takes for the leader to write log entries to disk. | ms | timer | | `consul.raft.leader.dispatchNumLogs` | Measures the number of logs committed to disk in a batch. | logs | gauge | -| `consul.raft.leader.lastContact` | Measures the time since the leader was last able to contact the follower nodes when checking its leader lease. It can be used as a measure for how stable the Raft timing is and how close the leader is to timing out its lease.The lease timeout is 500 ms times the [`raft_multiplier` configuration](/docs/agent/options#raft_multiplier), so this telemetry value should not be getting close to that configured value, otherwise the Raft timing is marginal and might need to be tuned, or more powerful servers might be needed. See the [Server Performance](/docs/install/performance) guide for more details. | ms | timer | +| `consul.raft.leader.lastContact` | Measures the time since the leader was last able to contact the follower nodes when checking its leader lease. It can be used as a measure for how stable the Raft timing is and how close the leader is to timing out its lease.The lease timeout is 500 ms times the [`raft_multiplier` configuration](/docs/agent/config/agent-config-files#raft_multiplier), so this telemetry value should not be getting close to that configured value, otherwise the Raft timing is marginal and might need to be tuned, or more powerful servers might be needed. See the [Server Performance](/docs/install/performance) guide for more details. | ms | timer | | `consul.raft.leader.oldestLogAge` | The number of milliseconds since the _oldest_ log in the leader's log store was written. This can be important for replication health where write rate is high and the snapshot is large as followers may be unable to recover from a restart if restoring takes longer than the minimum value for the current leader. Compare this with `consul.raft.fsm.lastRestoreDuration` and `consul.raft.rpc.installSnapshot` to monitor. In normal usage this gauge value will grow linearly over time until a snapshot completes on the leader and the log is truncated. Note: this metric won't be emitted until the leader writes a snapshot. After an upgrade to Consul 1.10.0 it won't be emitted until the oldest log was written after the upgrade. | ms | gauge | | `consul.raft.replication.heartbeat` | Measures the time taken to invoke appendEntries on a peer, so that it doesn’t timeout on a periodic basis. | ms | timer | | `consul.raft.replication.appendEntries` | Measures the time it takes to replicate log entries to followers. This is a general indicator of the load pressure on the Consul servers, as well as the performance of the communication between the servers. | ms | timer | @@ -575,7 +575,7 @@ These metrics give insight into the health of the cluster as a whole. | `consul.memberlist.degraded.timeout` | Counts the number of times an agent was marked as a dead node, whilst not getting enough confirmations from a randomly selected list of agent nodes in an agent's membership. | occurrence / interval | counter | | `consul.memberlist.msg.dead` | Counts the number of times an agent has marked another agent to be a dead node. | messages / interval | counter | | `consul.memberlist.health.score` | Describes a node's perception of its own health based on how well it is meeting the soft real-time requirements of the protocol. This metric ranges from 0 to 8, where 0 indicates "totally healthy". This health score is used to scale the time between outgoing probes, and higher scores translate into longer probing intervals. For more details see section IV of the Lifeguard paper: https://arxiv.org/pdf/1707.00788.pdf | score | gauge | -| `consul.memberlist.msg.suspect` | Increments when an agent suspects another as failed when executing random probes as part of the gossip protocol. These can be an indicator of overloaded agents, network problems, or configuration errors where agents can not connect to each other on the [required ports](/docs/agent/options#ports). | suspect messages received / interval | counter | +| `consul.memberlist.msg.suspect` | Increments when an agent suspects another as failed when executing random probes as part of the gossip protocol. These can be an indicator of overloaded agents, network problems, or configuration errors where agents can not connect to each other on the [required ports](/docs/agent/config/agent-config-files#ports). | suspect messages received / interval | counter | | `consul.memberlist.tcp.accept` | Counts the number of times an agent has accepted an incoming TCP stream connection. | connections accepted / interval | counter | | `consul.memberlist.udp.sent/received` | Measures the total number of bytes sent/received by an agent through the UDP protocol. | bytes sent or bytes received / interval | counter | | `consul.memberlist.tcp.connect` | Counts the number of times an agent has initiated a push/pull sync with an other agent. | push/pull initiated / interval | counter | @@ -586,14 +586,14 @@ These metrics give insight into the health of the cluster as a whole. | `consul.memberlist.msg_suspect` | The number of suspect messages that the agent has processed so far, based on the message information given by the network layer. | messages / Interval | counter | | `consul.memberlist.probeNode` | Measures the time taken to perform a single round of failure detection on a select agent. | nodes / Interval | counter | | `consul.memberlist.pushPullNode` | Measures the number of agents that have exchanged state with this agent. | nodes / Interval | counter | -| `consul.serf.member.failed` | Increments when an agent is marked dead. This can be an indicator of overloaded agents, network problems, or configuration errors where agents cannot connect to each other on the [required ports](/docs/agent/options#ports). | failures / interval | counter | -| `consul.serf.member.flap` | Available in Consul 0.7 and later, this increments when an agent is marked dead and then recovers within a short time period. This can be an indicator of overloaded agents, network problems, or configuration errors where agents cannot connect to each other on the [required ports](/docs/agent/options#ports). | flaps / interval | counter | +| `consul.serf.member.failed` | Increments when an agent is marked dead. This can be an indicator of overloaded agents, network problems, or configuration errors where agents cannot connect to each other on the [required ports](/docs/agent/config/agent-config-files#ports). | failures / interval | counter | +| `consul.serf.member.flap` | Available in Consul 0.7 and later, this increments when an agent is marked dead and then recovers within a short time period. This can be an indicator of overloaded agents, network problems, or configuration errors where agents cannot connect to each other on the [required ports](/docs/agent/config/agent-config-files#ports). | flaps / interval | counter | | `consul.serf.member.join` | Increments when an agent joins the cluster. If an agent flapped or failed this counter also increments when it re-joins. | joins / interval | counter | | `consul.serf.member.left` | Increments when an agent leaves the cluster. | leaves / interval | counter | | `consul.serf.events` | Increments when an agent processes an [event](/commands/event). Consul uses events internally so there may be additional events showing in telemetry. There are also a per-event counters emitted as `consul.serf.events.`. | events / interval | counter | | `consul.serf.msgs.sent` | This metric is sample of the number of bytes of messages broadcast to the cluster. In a given time interval, the sum of this metric is the total number of bytes sent and the count is the number of messages sent. | message bytes / interval | counter | -| `consul.autopilot.failure_tolerance` | Tracks the number of voting servers that the cluster can lose while continuing to function. | servers   | gauge | -| `consul.autopilot.healthy` | Tracks the overall health of the local server cluster. If all servers are considered healthy by Autopilot, this will be set to 1. If any are unhealthy, this will be 0. | boolean   | gauge | +| `consul.autopilot.failure_tolerance` | Tracks the number of voting servers that the cluster can lose while continuing to function. | servers | gauge | +| `consul.autopilot.healthy` | Tracks the overall health of the local server cluster. If all servers are considered healthy by Autopilot, this will be set to 1. If any are unhealthy, this will be 0. | boolean | gauge | | `consul.session_ttl.active` | Tracks the active number of sessions being tracked. | sessions | gauge | | `consul.catalog.service.query.` | Increments for each catalog query for the given service. | queries | counter | | `consul.catalog.service.query-tag..` | Increments for each catalog query for the given service with the given tag. | queries | counter | diff --git a/website/content/docs/connect/ca/aws.mdx b/website/content/docs/connect/ca/aws.mdx index 46e215f87..3b4ed80b9 100644 --- a/website/content/docs/connect/ca/aws.mdx +++ b/website/content/docs/connect/ca/aws.mdx @@ -173,11 +173,11 @@ So monthly cost would be calculated as: - 500 ⨉ 13.3 = 6,650 certificates issued in dc3 The number of certificates issued could be reduced by increasing -[`leaf_cert_ttl`](/docs/agent/options#ca_leaf_cert_ttl) in the CA Provider +[`leaf_cert_ttl`](/docs/agent/config/agent-config-files#ca_leaf_cert_ttl) in the CA Provider configuration if the longer lived credentials are an acceptable risk tradeoff against the cost. -[`ca_config`]: /docs/agent/options#connect_ca_config -[`ca_provider`]: /docs/agent/options#connect_ca_provider +[`ca_config`]: /docs/agent/config/agent-config-files#connect_ca_config +[`ca_provider`]: /docs/agent/config/agent-config-files#connect_ca_provider [`/connect/ca/configuration`]: /api-docs/connect/ca#update-ca-configuration diff --git a/website/content/docs/connect/ca/consul.mdx b/website/content/docs/connect/ca/consul.mdx index 1094ffd25..ba7645171 100644 --- a/website/content/docs/connect/ca/consul.mdx +++ b/website/content/docs/connect/ca/consul.mdx @@ -92,7 +92,7 @@ Connect is enabled - the PrivateKey and RootCert fields have not been set, so th been generated (as seen above in the roots list). There are two ways to have the Consul CA use a custom private key and root certificate: -either through the `ca_config` section of the [Agent configuration](/docs/agent/options#connect_ca_config) (which can only be used during the cluster's +either through the `ca_config` section of the [Agent configuration](/docs/agent/config/agent-config-files#connect_ca_config) (which can only be used during the cluster's initial bootstrap) or through the [Update CA Configuration endpoint](/api-docs/connect/ca#update-ca-configuration). Currently Consul requires that root certificates are valid [SPIFFE SVID Signing certificates](https://github.com/spiffe/spiffe/blob/master/standards/X509-SVID.md) and that the URI encoded diff --git a/website/content/docs/connect/ca/index.mdx b/website/content/docs/connect/ca/index.mdx index dc035b4e4..16d5c0021 100644 --- a/website/content/docs/connect/ca/index.mdx +++ b/website/content/docs/connect/ca/index.mdx @@ -47,7 +47,7 @@ will generate the initial root certificates and setup the internal Consul server state. For the initial bootstrap, the CA provider can be configured through the -[Agent configuration](/docs/agent/options#connect_ca_config). After +[Agent configuration](/docs/agent/config/agent-config-files#connect_ca_config). After initialization, the CA can only be updated through the [Update CA Configuration API endpoint](/api-docs/connect/ca#update-ca-configuration). If a CA is already initialized, any changes to the CA configuration in the diff --git a/website/content/docs/connect/ca/vault.mdx b/website/content/docs/connect/ca/vault.mdx index a39635046..376d50bfc 100644 --- a/website/content/docs/connect/ca/vault.mdx +++ b/website/content/docs/connect/ca/vault.mdx @@ -280,6 +280,6 @@ path "/connect_inter/*" { -[`ca_config`]: /docs/agent/options#connect_ca_config -[`ca_provider`]: /docs/agent/options#connect_ca_provider +[`ca_config`]: /docs/agent/config/agent-config-files#connect_ca_config +[`ca_provider`]: /docs/agent/config/agent-config-files#connect_ca_provider [`/connect/ca/configuration`]: /api-docs/connect/ca#update-ca-configuration diff --git a/website/content/docs/connect/config-entries/exported-services.mdx b/website/content/docs/connect/config-entries/exported-services.mdx index 41b3e94dc..790d773c6 100644 --- a/website/content/docs/connect/config-entries/exported-services.mdx +++ b/website/content/docs/connect/config-entries/exported-services.mdx @@ -28,7 +28,7 @@ You can configure the settings defined in the `exported-services` configuration ## Usage 1. Verify that your datacenter meets the conditions specified in the [Requirements](#requirements). -1. Specify the `exported-services` configuration in the agent configuration file (see [`config_entries`](/docs/agent/options#config_entries)) as described in [Configuration](#configuration). +1. Specify the `exported-services` configuration in the agent configuration file (see [`config_entries`](/docs/agent/config/agent-config-files#config_entries)) as described in [Configuration](#configuration). 1. Apply the configuration using one of the following methods: - Kubernetes CRD: Refer to the [Custom Resource Definitions](/docs/k8s/crds) documentation for details. - Issue the `consul config write` command: Refer to the [Consul Config Write](/commands/config/write) documentation for details. diff --git a/website/content/docs/connect/config-entries/index.mdx b/website/content/docs/connect/config-entries/index.mdx index d7d11797c..2ff6142fa 100644 --- a/website/content/docs/connect/config-entries/index.mdx +++ b/website/content/docs/connect/config-entries/index.mdx @@ -49,7 +49,7 @@ See [Agent - Config Entries](/docs/agent/config-entries). ## Using Configuration Entries For Service Defaults Outside of Kubernetes, when the agent is -[configured](/docs/agent/options#enable_central_service_config) to enable +[configured](/docs/agent/config/agent-config-files#enable_central_service_config) to enable central service configurations, it will look for service configuration defaults that match a registering service instance. If it finds any, the agent will merge those defaults with the service instance configuration. This allows for things diff --git a/website/content/docs/connect/config-entries/proxy-defaults.mdx b/website/content/docs/connect/config-entries/proxy-defaults.mdx index 699c2d133..2d5d2ebd8 100644 --- a/website/content/docs/connect/config-entries/proxy-defaults.mdx +++ b/website/content/docs/connect/config-entries/proxy-defaults.mdx @@ -390,8 +390,8 @@ spec: type: 'bool: false', description: `If enabled, all HTTP and gRPC checks registered with the agent are exposed through Envoy. Envoy will expose listeners for these checks and will only accept connections originating from localhost or Consul's - [advertise address](/docs/agent/options#advertise). The port for these listeners are dynamically allocated from - [expose_min_port](/docs/agent/options#expose_min_port) to [expose_max_port](/docs/agent/options#expose_max_port). + [advertise address](/docs/agent/config/agent-config-files#advertise). The port for these listeners are dynamically allocated from + [expose_min_port](/docs/agent/config/agent-config-files#expose_min_port) to [expose_max_port](/docs/agent/config/agent-config-files#expose_max_port). This flag is useful when a Consul client cannot reach registered services over localhost.`, }, { diff --git a/website/content/docs/connect/config-entries/service-defaults.mdx b/website/content/docs/connect/config-entries/service-defaults.mdx index 86ce364b6..06f1892a3 100644 --- a/website/content/docs/connect/config-entries/service-defaults.mdx +++ b/website/content/docs/connect/config-entries/service-defaults.mdx @@ -662,8 +662,8 @@ spec: type: 'bool: false', description: `If enabled, all HTTP and gRPC checks registered with the agent are exposed through Envoy. Envoy will expose listeners for these checks and will only accept connections originating from localhost or Consul's - [advertise address](/docs/agent/options#advertise). The port for these listeners are dynamically allocated from - [expose_min_port](/docs/agent/options#expose_min_port) to [expose_max_port](/docs/agent/options#expose_max_port). + [advertise address](/docs/agent/config/agent-config-files#advertise). The port for these listeners are dynamically allocated from + [expose_min_port](/docs/agent/config/agent-config-files#expose_min_port) to [expose_max_port](/docs/agent/config/agent-config-files#expose_max_port). This flag is useful when a Consul client cannot reach registered services over localhost. One example is when running Consul on Kubernetes, and Consul agents run in their own pods.`, }, diff --git a/website/content/docs/connect/config-entries/service-intentions.mdx b/website/content/docs/connect/config-entries/service-intentions.mdx index 64317d51c..c2e77fb06 100644 --- a/website/content/docs/connect/config-entries/service-intentions.mdx +++ b/website/content/docs/connect/config-entries/service-intentions.mdx @@ -488,7 +488,7 @@ spec: first permission to match in the list is terminal and stops further evaluation. As with L4 intentions, traffic that fails to match any of the provided permissions in this intention will be subject to the default - intention behavior is defined by the default [ACL policy](/docs/agent/options#acl_default_policy).

    + intention behavior is defined by the default [ACL policy](/docs/agent/config/agent-config-files#acl_default_policy).

    This should be omitted for an L4 intention as it is mutually exclusive with the \`Action\` field.

    Setting \`Permissions\` is not valid if a wildcard is used for the \`Name\` or \`Namespace\` because they can only be @@ -498,7 +498,7 @@ spec: first permission to match in the list is terminal and stops further evaluation. As with L4 intentions, traffic that fails to match any of the provided permissions in this intention will be subject to the default - intention behavior is defined by the default [ACL policy](/docs/agent/options#acl_default_policy).

    + intention behavior is defined by the default [ACL policy](/docs/agent/config/agent-config-files#acl_default_policy).

    This should be omitted for an L4 intention as it is mutually exclusive with the \`action\` field.

    Setting \`permissions\` is not valid if a wildcard is used for the \`spec.destination.name\` or \`spec.destination.namespace\` diff --git a/website/content/docs/connect/configuration.mdx b/website/content/docs/connect/configuration.mdx index e6ae57508..0018fc4db 100644 --- a/website/content/docs/connect/configuration.mdx +++ b/website/content/docs/connect/configuration.mdx @@ -22,7 +22,7 @@ The first step to use Connect is to enable Connect for your Consul cluster. By default, Connect is disabled. Enabling Connect requires changing the configuration of only your Consul _servers_ (not client agents). To enable Connect, add the following to a new or existing -[server configuration file](/docs/agent/options). In an existing cluster, this configuration change requires a Consul server restart, which you can perform one server at a time to maintain availability. In HCL: +[server configuration file](/docs/agent/config/agent-config-files). In an existing cluster, this configuration change requires a Consul server restart, which you can perform one server at a time to maintain availability. In HCL: ```hcl connect { @@ -43,20 +43,20 @@ connection attempts to fail until Connect is enabled on the server agents. Other optional Connect configurations that you can set in the server configuration file include: -- [certificate authority settings](/docs/agent/options#connect) -- [token replication](/docs/agent/options#acl_tokens_replication) -- [dev mode](/docs/agent/options#_dev) -- [server host name verification](/docs/agent/options#tls_internal_rpc_verify_server_hostname) +- [certificate authority settings](/docs/agent/config/agent-config-files#connect) +- [token replication](/docs/agent/config/agent-config-files#acl_tokens_replication) +- [dev mode](/docs/agent/config/agent-config-cli#_dev) +- [server host name verification](/docs/agent/config/agent-config-files#tls_internal_rpc_verify_server_hostname) If you would like to use Envoy as your Connect proxy you will need to [enable -gRPC](/docs/agent/options#grpc_port). +gRPC](/docs/agent/config/agent-config-files#grpc_port). Additionally if you plan on using the observability features of Connect, it can be convenient to configure your proxies and services using [configuration entries](/docs/agent/config-entries) which you can interact with using the CLI or API, or by creating configuration entry files. You will want to enable [centralized service -configuration](/docs/agent/options#enable_central_service_config) on +configuration](/docs/agent/config/agent-config-files#enable_central_service_config) on clients, which allows each service's proxy configuration to be managed centrally via API. diff --git a/website/content/docs/connect/connect-internals.mdx b/website/content/docs/connect/connect-internals.mdx index 7e49c9936..63682983e 100644 --- a/website/content/docs/connect/connect-internals.mdx +++ b/website/content/docs/connect/connect-internals.mdx @@ -109,10 +109,10 @@ externally routable IPs at the service level. ## Intention Replication Intention replication happens automatically but requires the -[`primary_datacenter`](/docs/agent/options#primary_datacenter) +[`primary_datacenter`](/docs/agent/config/agent-config-files#primary_datacenter) configuration to be set to specify a datacenter that is authoritative for intentions. In production setups with ACLs enabled, the -[replication token](/docs/agent/options#acl_tokens_replication) must also +[replication token](/docs/agent/config/agent-config-files#acl_tokens_replication) must also be set in the secondary datacenter server's configuration. ## Certificate Authority Federation diff --git a/website/content/docs/connect/gateways/ingress-gateway.mdx b/website/content/docs/connect/gateways/ingress-gateway.mdx index 9f181850e..da6155963 100644 --- a/website/content/docs/connect/gateways/ingress-gateway.mdx +++ b/website/content/docs/connect/gateways/ingress-gateway.mdx @@ -40,8 +40,8 @@ the [hosts](/docs/connect/config-entries/ingress-gateway#hosts) field. Ingress gateways also require that your Consul datacenters are configured correctly: - You'll need to use Consul version 1.8.0 or newer. -- Consul [Connect](/docs/agent/options#connect) must be enabled on the datacenter's Consul servers. -- [gRPC](/docs/agent/options#grpc_port) must be enabled on all client agents. +- Consul [Connect](/docs/agent/config/agent-config-files#connect) must be enabled on the datacenter's Consul servers. +- [gRPC](/docs/agent/config/agent-config-files#grpc_port) must be enabled on all client agents. Currently, [Envoy](https://www.envoyproxy.io/) is the only proxy with ingress gateway capabilities in Consul. diff --git a/website/content/docs/connect/gateways/mesh-gateway/service-to-service-traffic-datacenters.mdx b/website/content/docs/connect/gateways/mesh-gateway/service-to-service-traffic-datacenters.mdx index ad0405231..ee6266030 100644 --- a/website/content/docs/connect/gateways/mesh-gateway/service-to-service-traffic-datacenters.mdx +++ b/website/content/docs/connect/gateways/mesh-gateway/service-to-service-traffic-datacenters.mdx @@ -10,13 +10,13 @@ description: >- -> **1.6.0+:** This feature is available in Consul versions 1.6.0 and newer. -Mesh gateways enable service mesh traffic to be routed between different Consul datacenters. +Mesh gateways enable service mesh traffic to be routed between different Consul datacenters. Datacenters can reside in different clouds or runtime environments where general interconnectivity between all services -in all datacenters isn't feasible. +in all datacenters isn't feasible. Mesh gateways operate by sniffing and extracting the server name indication (SNI) header from the service mesh session and routing the connection to the appropriate destination based on the server name requested. The gateway does not decrypt the data within the mTLS session. -The following diagram describes the architecture for using mesh gateways for cross-datacenter communication: +The following diagram describes the architecture for using mesh gateways for cross-datacenter communication: ![Mesh Gateway Architecture](/img/mesh-gateways.png) @@ -30,12 +30,12 @@ Ensure that your Consul environment meets the following requirements. * Consul version 1.6.0 or newer. * A local Consul agent is required to manage its configuration. -* Consul [Connect](/docs/agent/options#connect) must be enabled in both datacenters. -* Each [datacenter](/docs/agent/options#datacenter) must have a unique name. +* Consul [Connect](/docs/agent/config/agent-config-files#connect) must be enabled in both datacenters. +* Each [datacenter](/docs/agent/config/agent-config-files#datacenter) must have a unique name. * Each datacenters must be [WAN joined](https://learn.hashicorp.com/tutorials/consul/federarion-gossip-wan). -* The [primary datacenter](/docs/agent/options#primary_datacenter) must be set to the same value in both datacenters. This specifies which datacenter is the authority for Connect certificates and is required for services in all datacenters to establish mutual TLS with each other. -* [gRPC](/docs/agent/options#grpc_port) must be enabled. -* If you want to [enable gateways globally](/docs/connect/gateways/mesh-gateway/service-to-service-traffic-datacenters#enabling-gateways-globally) you must enable [centralized configuration](/docs/agent/options#enable_central_service_config). +* The [primary datacenter](/docs/agent/config/agent-config-files#primary_datacenter) must be set to the same value in both datacenters. This specifies which datacenter is the authority for Connect certificates and is required for services in all datacenters to establish mutual TLS with each other. +* [gRPC](/docs/agent/config/agent-config-files#grpc_port) must be enabled. +* If you want to [enable gateways globally](/docs/connect/gateways/mesh-gateway/service-to-service-traffic-datacenters#enabling-gateways-globally) you must enable [centralized configuration](/docs/agent/config/agent-config-files#enable_central_service_config). ### Network @@ -58,23 +58,23 @@ Sidecar proxies that do not send upstream traffic through a gateway are not affe Configure the following settings to register the mesh gateway as a service in Consul. * Specify `mesh-gateway` in the `kind` field to register the gateway with Consul. -* Configure the `proxy.upstreams` parameters to route traffic to the correct service, namespace, and datacenter. Refer to the [`upstreams` documentation](/docs/connect/registration/service-registration#upstream-configuration-reference) for details. The service `proxy.upstreams.destination_name` is always required. The `proxy.upstreams.datacenter` must be configured to enable cross-datacenter traffic. The `proxy.upstreams.destination_namespace` configuration is only necessary if the destination service is in a different namespace. -* Define the `Proxy.Config` settings using opaque parameters compatible with your proxy (i.e., Envoy). For Envoy, refer to the [Gateway Options](/docs/connect/proxies/envoy#gateway-options) and [Escape-hatch Overrides](/docs/connect/proxies/envoy#escape-hatch-overrides) documentation for additional configuration information. +* Configure the `proxy.upstreams` parameters to route traffic to the correct service, namespace, and datacenter. Refer to the [`upstreams` documentation](/docs/connect/registration/service-registration#upstream-configuration-reference) for details. The service `proxy.upstreams.destination_name` is always required. The `proxy.upstreams.datacenter` must be configured to enable cross-datacenter traffic. The `proxy.upstreams.destination_namespace` configuration is only necessary if the destination service is in a different namespace. +* Define the `Proxy.Config` settings using opaque parameters compatible with your proxy (i.e., Envoy). For Envoy, refer to the [Gateway Options](/docs/connect/proxies/envoy#gateway-options) and [Escape-hatch Overrides](/docs/connect/proxies/envoy#escape-hatch-overrides) documentation for additional configuration information. * If ACLs are enabled, a token granting `service:write` for the gateway's service name and `service:read` for all services in the datacenter or partition must be added to the gateway's service definition. These permissions authorize the token to route communications for other Consul service mesh services, but does not allow decrypting any of their communications. ### Modes -Each upstream associated with a service mesh proxy can be configured so that it is routed through a mesh gateway. +Each upstream associated with a service mesh proxy can be configured so that it is routed through a mesh gateway. Depending on your network, the proxy's connection to the gateway can operate in one of the following modes (refer to the [mesh-architecture-diagram](#mesh-architecture-diagram)): * `none` - (Default) No gateway is used and a service mesh connect proxy makes its outbound connections directly to the destination services. * `local` - The service mesh connect proxy makes an outbound connection to a gateway running in the - same datacenter. That gateway is responsible for ensuring that the data is forwarded to gateways in the destination datacenter. + same datacenter. That gateway is responsible for ensuring that the data is forwarded to gateways in the destination datacenter. Refer to the flow labeled `local` in the [mesh-architecture-diagram](#mesh-architecture-diagram). -* `remote` - The service mesh proxy makes an outbound connection to a gateway running in the destination datacenter. +* `remote` - The service mesh proxy makes an outbound connection to a gateway running in the destination datacenter. The gateway forwards the data to the final destination service. Refer to the flow labeled `remote` in the [mesh-architecture-diagram](#mesh-architecture-diagram). diff --git a/website/content/docs/connect/gateways/mesh-gateway/service-to-service-traffic-partitions.mdx b/website/content/docs/connect/gateways/mesh-gateway/service-to-service-traffic-partitions.mdx index cebb531f7..65d133021 100644 --- a/website/content/docs/connect/gateways/mesh-gateway/service-to-service-traffic-partitions.mdx +++ b/website/content/docs/connect/gateways/mesh-gateway/service-to-service-traffic-partitions.mdx @@ -12,7 +12,7 @@ description: >- Mesh gateways enable you to route service mesh traffic between different Consul [admin partitions](/docs/enterprise/admin-partitions). Partitions can reside in different clouds or runtime environments where general interconnectivity between all services -in all partitions isn't feasible. +in all partitions isn't feasible. Mesh gateways operate by sniffing and extracting the server name indication (SNI) header from the service mesh session and routing the connection to the appropriate destination based on the server name requested. The gateway does not decrypt the data within the mTLS session. @@ -24,15 +24,15 @@ Ensure that your Consul environment meets the following requirements. * Consul Enterprise version 1.11.0 or newer. * A local Consul agent is required to manage its configuration. -* Consul service mesh must be enabled in all partitions. Refer to the [`connect` documentation](/docs/agent/options#connect) for details. +* Consul service mesh must be enabled in all partitions. Refer to the [`connect` documentation](/docs/agent/config/agent-config-files#connect) for details. * Each partition must have a unique name. Refer to the [admin partitions documentation](/docs/enterprise/admin-partitions) for details. -* If you want to [enable gateways globally](/docs/connect/gateways/mesh-gateway/service-to-service-traffic-datacenters#enabling-gateways-globally) you must enable [centralized configuration](/docs/agent/options#enable_central_service_config). +* If you want to [enable gateways globally](/docs/connect/gateways/mesh-gateway/service-to-service-traffic-datacenters#enabling-gateways-globally) you must enable [centralized configuration](/docs/agent/config/agent-config-files#enable_central_service_config). ### Proxy Envoy is the only proxy with mesh gateway capabilities in Consul. -Mesh gateway proxies receive their configuration through Consul, which automatically generates it based on the proxy's registration. +Mesh gateway proxies receive their configuration through Consul, which automatically generates it based on the proxy's registration. Consul can only translate mesh gateway registration information into Envoy configuration. Sidecar proxies that send traffic to an upstream service through a gateway need to know the location of that gateway. They discover the gateway based on their sidecar proxy registrations. Consul can only translate the gateway registration information into Envoy configuration. @@ -44,22 +44,22 @@ Sidecar proxies that do not send upstream traffic through a gateway are not affe Configure the following settings to register the mesh gateway as a service in Consul. * Specify `mesh-gateway` in the `kind` field to register the gateway with Consul. -* Configure the `proxy.upstreams` parameters to route traffic to the correct service, namespace, and partition. Refer to the [`upstreams` documentation](/docs/connect/registration/service-registration#upstream-configuration-reference) for details. The service `proxy.upstreams.destination_name` is always required. The `proxy.upstreams.destination_partition` must be configured to enable cross-partition traffic. The `proxy.upstreams.destination_namespace` configuration is only necessary if the destination service is in a different namespace. -* Configure the `exported-services` configuration entry to enable Consul to export services contained in an admin partition to one or more additional partitions. Refer to the [Exported Services documentation](/docs/connect/config-entries/exported-services) for details. -* Define the `Proxy.Config` settings using opaque parameters compatible with your proxy, i.e., Envoy. For Envoy, refer to the [Gateway Options](/docs/connect/proxies/envoy#gateway-options) and [Escape-hatch Overrides](/docs/connect/proxies/envoy#escape-hatch-overrides) documentation for additional configuration information. +* Configure the `proxy.upstreams` parameters to route traffic to the correct service, namespace, and partition. Refer to the [`upstreams` documentation](/docs/connect/registration/service-registration#upstream-configuration-reference) for details. The service `proxy.upstreams.destination_name` is always required. The `proxy.upstreams.destination_partition` must be configured to enable cross-partition traffic. The `proxy.upstreams.destination_namespace` configuration is only necessary if the destination service is in a different namespace. +* Configure the `exported-services` configuration entry to enable Consul to export services contained in an admin partition to one or more additional partitions. Refer to the [Exported Services documentation](/docs/connect/config-entries/exported-services) for details. +* Define the `Proxy.Config` settings using opaque parameters compatible with your proxy, i.e., Envoy. For Envoy, refer to the [Gateway Options](/docs/connect/proxies/envoy#gateway-options) and [Escape-hatch Overrides](/docs/connect/proxies/envoy#escape-hatch-overrides) documentation for additional configuration information. * If ACLs are enabled, a token granting `service:write` for the gateway's service name and `service:read` for all services in the datacenter or partition must be added to the gateway's service definition. These permissions authorize the token to route communications for other Consul service mesh services, but does not allow decrypting any of their communications. ### Modes -Each upstream associated with a service mesh proxy can be configured so that it is routed through a mesh gateway. +Each upstream associated with a service mesh proxy can be configured so that it is routed through a mesh gateway. Depending on your network, the proxy's connection to the gateway can operate in one of the following modes: * `none` - (Default) No gateway is used and a service mesh connect proxy makes its outbound connections directly to the destination services. -* `local` - The service mesh connect proxy makes an outbound connection to a gateway running in the same datacenter. The gateway at the outbound connection is responsible for ensuring that the data is forwarded to gateways in the destination partition. +* `local` - The service mesh connect proxy makes an outbound connection to a gateway running in the same datacenter. The gateway at the outbound connection is responsible for ensuring that the data is forwarded to gateways in the destination partition. -* `remote` - The service mesh connect proxy makes an outbound connection to a gateway running in the destination datacenter. +* `remote` - The service mesh connect proxy makes an outbound connection to a gateway running in the destination datacenter. The gateway forwards the data to the final destination service. ### Connect Proxy Configuration diff --git a/website/content/docs/connect/gateways/mesh-gateway/wan-federation-via-mesh-gateways.mdx b/website/content/docs/connect/gateways/mesh-gateway/wan-federation-via-mesh-gateways.mdx index aac107b2e..d6dcf2a42 100644 --- a/website/content/docs/connect/gateways/mesh-gateway/wan-federation-via-mesh-gateways.mdx +++ b/website/content/docs/connect/gateways/mesh-gateway/wan-federation-via-mesh-gateways.mdx @@ -126,7 +126,10 @@ connect { } ``` -The [`start_join_wan`](/docs/agent/options#start_join_wan) or [`retry_join_wan`](/docs/agent/options#retry_join_wan) are only used for the [traditional federation process](/docs/k8s/installation/multi-cluster#traditional-wan-federation). They must be omitted when federating Consul servers via gateways. +The [`start_join_wan`](/docs/agent/config/agent-config-files#start_join_wan) or +[`retry_join_wan`](/docs/agent/config/agent-config-files#retry_join_wan) are +only used for the [traditional federation process](/docs/k8s/installation/multi-cluster#traditional-wan-federation). +They must be omitted when federating Consul servers via gateways. -> The `primary_gateways` configuration can also use `go-discover` syntax just like `retry_join_wan`. diff --git a/website/content/docs/connect/gateways/terminating-gateway.mdx b/website/content/docs/connect/gateways/terminating-gateway.mdx index 81e18d19f..fdd3891c4 100644 --- a/website/content/docs/connect/gateways/terminating-gateway.mdx +++ b/website/content/docs/connect/gateways/terminating-gateway.mdx @@ -59,8 +59,8 @@ Each terminating gateway needs: Terminating gateways also require that your Consul datacenters are configured correctly: - You'll need to use Consul version 1.8.0 or newer. -- Consul [Connect](/docs/agent/options#connect) must be enabled on the datacenter's Consul servers. -- [gRPC](/docs/agent/options#grpc_port) must be enabled on all client agents. +- Consul [Connect](/docs/agent/config/agent-config-files#connect) must be enabled on the datacenter's Consul servers. +- [gRPC](/docs/agent/config/agent-config-files#grpc_port) must be enabled on all client agents. Currently, [Envoy](https://www.envoyproxy.io/) is the only proxy with terminating gateway capabilities in Consul. diff --git a/website/content/docs/connect/intentions-legacy.mdx b/website/content/docs/connect/intentions-legacy.mdx index 1939db196..804bd8c65 100644 --- a/website/content/docs/connect/intentions-legacy.mdx +++ b/website/content/docs/connect/intentions-legacy.mdx @@ -25,7 +25,7 @@ is allowed by testing the intentions. If authorize returns false the connection must be terminated. The default intention behavior is defined by the default [ACL -policy](/docs/agent/options#acl_default_policy). If the default ACL policy is +policy](/docs/agent/config/agent-config-files#acl_default_policy). If the default ACL policy is "allow all", then all Connect connections are allowed by default. If the default ACL policy is "deny all", then all Connect connections are denied by default. diff --git a/website/content/docs/connect/intentions.mdx b/website/content/docs/connect/intentions.mdx index e76db2511..71a182823 100644 --- a/website/content/docs/connect/intentions.mdx +++ b/website/content/docs/connect/intentions.mdx @@ -49,7 +49,7 @@ target destination. After verifying the TLS client certificate, the cached intentions should be consulted for each incoming connection/request to determine if it should be accepted or rejected. -The default intention behavior is defined by the [`default_policy`](/docs/agent/options#acl_default_policy) configuration. +The default intention behavior is defined by the [`default_policy`](/docs/agent/config/agent-config-files#acl_default_policy) configuration. If the configuration is set `allow`, then all service mesh Connect connections will be allowed by default. If is set to `deny`, then all connections or requests will be denied by default. diff --git a/website/content/docs/connect/observability/index.mdx b/website/content/docs/connect/observability/index.mdx index 8b5073c5e..616919f94 100644 --- a/website/content/docs/connect/observability/index.mdx +++ b/website/content/docs/connect/observability/index.mdx @@ -18,10 +18,10 @@ to: - Define the upstreams for each of your services. If you are using Envoy as your sidecar proxy, you will need to [enable -gRPC](/docs/agent/options#grpc_port) on your client agents. To define the +gRPC](/docs/agent/config/agent-config-files#grpc_port) on your client agents. To define the metrics destination and service protocol you may want to enable [configuration -entries](/docs/agent/options#config_entries) and [centralized service -configuration](/docs/agent/options#enable_central_service_config). +entries](/docs/agent/config/agent-config-files#config_entries) and [centralized service +configuration](/docs/agent/config/agent-config-files#enable_central_service_config). ### Kubernetes If you are using Kubernetes, the Helm chart can simplify much of the configuration needed to enable observability. See diff --git a/website/content/docs/connect/observability/ui-visualization.mdx b/website/content/docs/connect/observability/ui-visualization.mdx index 0b74a6b12..503163452 100644 --- a/website/content/docs/connect/observability/ui-visualization.mdx +++ b/website/content/docs/connect/observability/ui-visualization.mdx @@ -47,11 +47,11 @@ UI. If there are multiple clients with the UI enabled in a datacenter for redundancy these configurations must be added to all of them. We assume that the UI is already enabled by setting -[`ui_config.enabled`](/docs/agent/options#ui_config_enabled) to `true` in the +[`ui_config.enabled`](/docs/agent/config/agent-config-files#ui_config_enabled) to `true` in the agent's configuration file. To use the built-in Prometheus provider -[`ui_config.metrics_provider`](/docs/agent/options#ui_config_metrics_provider) +[`ui_config.metrics_provider`](/docs/agent/config/agent-config-files#ui_config_metrics_provider) must be set to `prometheus`. The UI must query the metrics provider through a proxy endpoint. This simplifies @@ -59,7 +59,7 @@ deployment where Prometheus is not exposed externally to UI user's browsers. To set this up, provide the URL that the _Consul agent_ should use to reach the Prometheus server in -[`ui_config.metrics_proxy.base_url`](/docs/agent/options#ui_config_metrics_proxy_base_url). +[`ui_config.metrics_proxy.base_url`](/docs/agent/config/agent-config-files#ui_config_metrics_proxy_base_url). For example in Kubernetes, the Prometheus helm chart by default installs a service named `prometheus-server` so each Consul agent can reach it on `http://prometheus-server` (using Kubernetes' DNS resolution). @@ -124,7 +124,7 @@ service-specific dashboard in an external tool like [Grafana](https://grafana.com) or a hosted provider. To configure this, you must provide a URL template in the [agent configuration -file](/docs/agent/options#ui_config_dashboard_url_templates) for all agents that +file](/docs/agent/config/agent-config-files#ui_config_dashboard_url_templates) for all agents that have the UI enabled. The template is essentially the URL to the external dashboard, but can have placeholder values which will be replaced with the service name, namespace and datacenter where appropriate to allow deep-linking @@ -659,12 +659,12 @@ ui_config {     More than one JavaScript file may be specified in -[`metrics_provider_files`](/docs/agent/options#ui_config_metrics_provider_files), +[`metrics_provider_files`](/docs/agent/config/agent-config-files#ui_config_metrics_provider_files) and all will be served allowing flexibility if needed to include dependencies. Only one metrics provider can be configured and used at one time. The -[`metrics_provider_options_json`](/docs/agent/options#ui_config_metrics_provider_options_json) +[`metrics_provider_options_json`](/docs/agent/config/agent-config-files#ui_config_metrics_provider_options_json) field is an optional literal JSON object which is passed to the provider's `init` method at startup time. This allows configuring arbitrary parameters for the provider in config rather than hard coding them into the provider itself to @@ -673,7 +673,7 @@ make providers more reusable. The provider may fetch metrics directly from another source although in this case the agent will probably need to serve the correct CORS headers to prevent browsers from blocking these requests. These may be configured with -[`http_config.response_headers`](/docs/agent/options#response_headers). +[`http_config.response_headers`](/docs/agent/config/agent-config-files#response_headers). Alternatively, the provider may choose to use the [built-in metrics proxy](#metrics-proxy) to avoid cross domain issues or to inject additional diff --git a/website/content/docs/connect/proxies/built-in.mdx b/website/content/docs/connect/proxies/built-in.mdx index 7661320d4..5dc321614 100644 --- a/website/content/docs/connect/proxies/built-in.mdx +++ b/website/content/docs/connect/proxies/built-in.mdx @@ -53,8 +53,8 @@ All fields are optional with a reasonable default. - `bind_port` - The port the proxy will bind its _public_ mTLS listener to. If not provided, the agent will assign a random port from its - configured proxy port range specified by [`sidecar_min_port`](/docs/agent/options#sidecar_min_port) - and [`sidecar_max_port`](/docs/agent/options#sidecar_max_port). + configured proxy port range specified by [`sidecar_min_port`](/docs/agent/config/agent-config-files#sidecar_min_port) + and [`sidecar_max_port`](/docs/agent/config/agent-config-files#sidecar_max_port). - `local_service_address`- The `[address]:port` that the proxy should use to connect to the local application instance. By default diff --git a/website/content/docs/connect/proxies/envoy.mdx b/website/content/docs/connect/proxies/envoy.mdx index babc8af27..b8fad5af7 100644 --- a/website/content/docs/connect/proxies/envoy.mdx +++ b/website/content/docs/connect/proxies/envoy.mdx @@ -184,7 +184,7 @@ the upstream listeners of any downstream service. One example is how users can define a service's protocol in a [`service-defaults` configuration entry](/docs/connect/config-entries/service-defaults). Agents with -[`enable_central_service_config`](/docs/agent/options#enable_central_service_config) +[`enable_central_service_config`](/docs/agent/config/agent-config-files#enable_central_service_config) set to true will automatically discover the protocol when configuring a proxy for a service. The proxy will discover the main protocol of the service it represents and use this to configure its main public listener. It will also diff --git a/website/content/docs/connect/proxies/managed-deprecated.mdx b/website/content/docs/connect/proxies/managed-deprecated.mdx index 6b97e006d..3848ecb64 100644 --- a/website/content/docs/connect/proxies/managed-deprecated.mdx +++ b/website/content/docs/connect/proxies/managed-deprecated.mdx @@ -24,7 +24,7 @@ Managed proxies have been deprecated since Consul 1.3 and have been fully remove in Consul 1.6. Anyone using Managed Proxies should aim to change their workflow as soon as possible to avoid issues with a later upgrade. -After transitioning away from all managed proxy usage, the `proxy` subdirectory inside [`data_dir`](/docs/agent/options#_data_dir) (specified in Consul config) can be deleted to remove extraneous configuration files and free up disk space. +After transitioning away from all managed proxy usage, the `proxy` subdirectory inside [`data_dir`](/docs/agent/config/agent-config-cli#_data_dir) (specified in Consul config) can be deleted to remove extraneous configuration files and free up disk space. **new and known issues will not be fixed**. @@ -79,7 +79,7 @@ via agent configuration files. They _cannot_ be registered via the HTTP API. And 2.) Managed proxies are not started at all if Consul is running as root. Both of these default configurations help prevent arbitrary process execution or privilege escalation. This behavior can be configured -[per-agent](/docs/agent/options). +[per-agent](/docs/agent/config). ### Lifecycle @@ -275,6 +275,6 @@ level logs showing service discovery, certificate and authorization information. ~> **Note:** In `-dev` mode there is no `data_dir` unless one is explicitly configured so logging is disabled. You can access logs by providing the -[`-data-dir`](/docs/agent/options#_data_dir) CLI option. If a data dir is +[`-data-dir`](/docs/agent/config/agent-config-cli#_data_dir) CLI option. If a data dir is configured, this will also cause proxy processes to stay running when the agent terminates as described in [Lifecycle](#lifecycle). diff --git a/website/content/docs/connect/registration/service-registration.mdx b/website/content/docs/connect/registration/service-registration.mdx index d579b9867..8e897da33 100644 --- a/website/content/docs/connect/registration/service-registration.mdx +++ b/website/content/docs/connect/registration/service-registration.mdx @@ -437,8 +437,8 @@ registrations](/docs/discovery/services#service-definition-parameter-case). - `checks` `(bool: false)` - If enabled, all HTTP and gRPC checks registered with the agent are exposed through Envoy. Envoy will expose listeners for these checks and will only accept connections originating from localhost or Consul's - [advertise address](/docs/agent/options#advertise). The port for these listeners are dynamically allocated from - [expose_min_port](/docs/agent/options#expose_min_port) to [expose_max_port](/docs/agent/options#expose_max_port). + [advertise address](/docs/agent/config/agent-config-files#advertise). The port for these listeners are dynamically allocated from + [expose_min_port](/docs/agent/config/agent-config-files#expose_min_port) to [expose_max_port](/docs/agent/config/agent-config-files#expose_max_port). This flag is useful when a Consul client cannot reach registered services over localhost. One example is when running Consul on Kubernetes, and Consul agents run in their own pods. - `paths` `array: []` - A list of paths to expose through Envoy. diff --git a/website/content/docs/connect/registration/sidecar-service.mdx b/website/content/docs/connect/registration/sidecar-service.mdx index c08bd1791..6b2602f90 100644 --- a/website/content/docs/connect/registration/sidecar-service.mdx +++ b/website/content/docs/connect/registration/sidecar-service.mdx @@ -131,8 +131,8 @@ proxy. - `tags` - Defaults to the tags of the parent service. - `meta` - Defaults to the service metadata of the parent service. - `port` - Defaults to being auto-assigned from a configurable - range specified by [`sidecar_min_port`](/docs/agent/options#sidecar_min_port) - and [`sidecar_max_port`](/docs/agent/options#sidecar_max_port). + range specified by [`sidecar_min_port`](/docs/agent/config/agent-config-files#sidecar_min_port) + and [`sidecar_max_port`](/docs/agent/config/agent-config-files#sidecar_max_port). - `kind` - Defaults to `connect-proxy`. This can't be overridden currently. - `check`, `checks` - By default we add a TCP check on the local address and port for the proxy, and a [service alias diff --git a/website/content/docs/discovery/checks.mdx b/website/content/docs/discovery/checks.mdx index 64dc3de11..8be31decf 100644 --- a/website/content/docs/discovery/checks.mdx +++ b/website/content/docs/discovery/checks.mdx @@ -34,10 +34,10 @@ There are several different kinds of checks: In Consul 0.9.0 and later, script checks are not enabled by default. To use them you can either use : - - [`enable_local_script_checks`](/docs/agent/options#_enable_local_script_checks): + - [`enable_local_script_checks`](/docs/agent/config/agent-config-cli#_enable_local_script_checks): enable script checks defined in local config files. Script checks defined via the HTTP API will not be allowed. - - [`enable_script_checks`](/docs/agent/options#_enable_script_checks): enable + - [`enable_script_checks`](/docs/agent/config/agent-config-cli#_enable_script_checks): enable script checks regardless of how they are defined. ~> **Security Warning:** Enabling script checks in some configurations may @@ -109,7 +109,7 @@ There are several different kinds of checks: has to be performed is configurable which makes it possible to run containers which have different shells on the same host. Check output for Docker is limited to 4KB. Any output larger than this will be truncated. In Consul 0.9.0 and later, the agent - must be configured with [`enable_script_checks`](/docs/agent/options#_enable_script_checks) + must be configured with [`enable_script_checks`](/docs/agent/config/agent-config-cli#_enable_script_checks) set to `true` in order to enable Docker health checks. - `gRPC + Interval` - These checks are intended for applications that support the standard @@ -467,7 +467,7 @@ This is the only convention that Consul depends on. Any output of the script will be captured and stored in the `output` field. In Consul 0.9.0 and later, the agent must be configured with -[`enable_script_checks`](/docs/agent/options#_enable_script_checks) set to `true` +[`enable_script_checks`](/docs/agent/config/agent-config-cli#_enable_script_checks) set to `true` in order to enable script checks. ## Initial Health Check Status @@ -543,7 +543,7 @@ provided by the node will remain unchanged. ## Agent Certificates for TLS Checks -The [enable_agent_tls_for_checks](/docs/agent/options#enable_agent_tls_for_checks) +The [enable_agent_tls_for_checks](/docs/agent/config/agent-config-files#enable_agent_tls_for_checks) agent configuration option can be utilized to have HTTP or gRPC health checks to use the agent's credentials when configured for TLS. diff --git a/website/content/docs/discovery/dns.mdx b/website/content/docs/discovery/dns.mdx index 5023b7b12..4a671f246 100644 --- a/website/content/docs/discovery/dns.mdx +++ b/website/content/docs/discovery/dns.mdx @@ -21,18 +21,18 @@ are located in the `us-east-1` datacenter, and have no failing health checks. It's that simple! There are a number of configuration options that are important for the DNS interface, -specifically [`client_addr`](/docs/agent/options#client_addr),[`ports.dns`](/docs/agent/options#dns_port), -[`recursors`](/docs/agent/options#recursors),[`domain`](/docs/agent/options#domain), -[`alt_domain`](/docs/agent/options#alt_domain), and [`dns_config`](/docs/agent/options#dns_config). +specifically [`client_addr`](/docs/agent/config/agent-config-files#client_addr),[`ports.dns`](/docs/agent/config/agent-config-files#dns_port), +[`recursors`](/docs/agent/config/agent-config-files#recursors),[`domain`](/docs/agent/config/agent-config-files#domain), +[`alt_domain`](/docs/agent/config/agent-config-files#alt_domain), and [`dns_config`](/docs/agent/config/agent-config-files#dns_config). By default, Consul will listen on 127.0.0.1:8600 for DNS queries in the `consul.` domain, without support for further DNS recursion. Please consult the -[documentation on configuration options](/docs/agent/options), +[documentation on configuration options](/docs/agent/config), specifically the configuration items linked above, for more details. There are a few ways to use the DNS interface. One option is to use a custom DNS resolver library and point it at Consul. Another option is to set Consul as the DNS server for a node and provide a -[`recursors`](/docs/agent/options#recursors) configuration so that non-Consul queries +[`recursors`](/docs/agent/config/agent-config-files#recursors) configuration so that non-Consul queries can also be resolved. The last method is to forward all queries for the "consul." domain to a Consul agent from the existing DNS server. Review the [DNS Forwarding tutorial](https://learn.hashicorp.com/tutorials/consul/dns-forwarding?utm_source=consul.io&utm_medium=docs) for examples. @@ -412,15 +412,15 @@ are not truncated. ## Alternative Domain By default, Consul responds to DNS queries in the `consul` domain, -but you can set a specific domain for responding to DNS queries by configuring the [`domain`](/docs/agent/options#domain) parameter. +but you can set a specific domain for responding to DNS queries by configuring the [`domain`](/docs/agent/config/agent-config-files#domain) parameter. In some instances, Consul may need to respond to queries in more than one domain, such as during a DNS migration or to distinguish between internal and external queries. Consul versions 1.5.2+ can be configured to respond to DNS queries on an alternative domain -through the [`alt_domain`](/docs/agent/options#alt_domain) agent configuration +through the [`alt_domain`](/docs/agent/config/agent-config-files#alt_domain) agent configuration option. As of Consul versions 1.11.0+, Consul's DNS response will use the same domain as was used in the query; -in prior versions, the response may use the primary [`domain`](/docs/agent/options#domain) no matter which +in prior versions, the response may use the primary [`domain`](/docs/agent/config/agent-config-files#domain) no matter which domain was used in the query. In the following example, the `alt_domain` parameter is set to `test-domain`: @@ -448,7 +448,7 @@ machine.node.dc1.test-domain. 0 IN TXT "consul-network-segment=" ``` -> **PTR queries:** Responses to PTR queries (`.in-addr.arpa.`) will always use the -[primary domain](/docs/agent/options#domain) (not the alternative domain), +[primary domain](/docs/agent/config/agent-config-files#domain) (not the alternative domain), as there is no way for the query to specify a domain. ## Caching @@ -463,8 +463,8 @@ for [DNS caching](https://learn.hashicorp.com/tutorials/consul/dns-caching). By default, Consul DNS queries will return a node's local address, even when being queried from a remote datacenter. If you need to use a different address to reach a node from outside its datacenter, you can configure this behavior -using the [`advertise-wan`](/docs/agent/options#_advertise-wan) and -[`translate_wan_addrs`](/docs/agent/options#translate_wan_addrs) configuration +using the [`advertise-wan`](/docs/agent/config/agent-config-cli#_advertise-wan) and +[`translate_wan_addrs`](/docs/agent/config/agent-config-files#translate_wan_addrs) configuration options. ## Namespaced/Partitioned Services @@ -480,7 +480,7 @@ services from other namespaces or partitions the following form can be used: This is the canonical name of a Consul Enterprise service. Currently all parts must be present - in a future version (once the -[`prefer_namespace` configuration](/docs/agent/options#dns_prefer_namespace) has been +[`prefer_namespace` configuration](/docs/agent/config/agent-config-files#dns_prefer_namespace) has been deprecated), the namespace, partition and datacenter components will become optional and may be individually omitted to default to the `default` namespace, local partition or local datacenter respectively. @@ -494,7 +494,7 @@ are enabled, you must first create ACL tokens with the necessary policies. Consul agents resolve DNS requests using one of the preconfigured tokens below, listed in order of precedence: -1. The agent's [`default` token](/docs/agent/options#acl_tokens_default). +1. The agent's [`default` token](/docs/agent/config/agent-config-files#acl_tokens_default). 2. The built-in [`anonymous` token](/docs/security/acl/acl-system#builtin-tokens). Because the anonymous token is used when any request is made to Consul without explicitly specifying a token, production deployments should not apply policies diff --git a/website/content/docs/dynamic-app-config/kv.mdx b/website/content/docs/dynamic-app-config/kv.mdx index 501abf027..ad8c57a4a 100644 --- a/website/content/docs/dynamic-app-config/kv.mdx +++ b/website/content/docs/dynamic-app-config/kv.mdx @@ -39,7 +39,7 @@ privileges on one key for developers to update the value related to their application. The datastore itself is located on the Consul servers in the [data -directory](/docs/agent/options#_data_dir). To ensure data is not lost in +directory](/docs/agent/config/agent-config-cli#_data_dir). To ensure data is not lost in the event of a complete outage, use the [`consul snapshot`](/commands/snapshot/restore) feature to backup the data. ## Using Consul KV @@ -48,7 +48,7 @@ Objects are opaque to Consul, meaning there are no restrictions on the type of object stored in a key/value entry. The main restriction on an object is size - the maximum is 512 KB. Due to the maximum object size and main use cases, you should not need extra storage; the general [sizing -recommendations](/docs/agent/options#kv_max_value_size) +recommendations](/docs/agent/config/agent-config-files#kv_max_value_size) are usually sufficient. Keys, like objects are not restricted by type and can include any character. diff --git a/website/content/docs/dynamic-app-config/watches.mdx b/website/content/docs/dynamic-app-config/watches.mdx index 328a46719..a3fe837d5 100644 --- a/website/content/docs/dynamic-app-config/watches.mdx +++ b/website/content/docs/dynamic-app-config/watches.mdx @@ -20,7 +20,7 @@ Watches are implemented using blocking queries in the [HTTP API](/api). Agents automatically make the proper API calls to watch for changes and inform a handler when the data view has updated. -Watches can be configured as part of the [agent's configuration](/docs/agent/options#watches), +Watches can be configured as part of the [agent's configuration](/docs/agent/config/agent-config-files#watches), causing them to run once the agent is initialized. Reloading the agent configuration allows for adding or removing watches dynamically. diff --git a/website/content/docs/enterprise/audit-logging.mdx b/website/content/docs/enterprise/audit-logging.mdx index 24e1ee26b..155872ae3 100644 --- a/website/content/docs/enterprise/audit-logging.mdx +++ b/website/content/docs/enterprise/audit-logging.mdx @@ -25,14 +25,14 @@ For more experience leveraging Consul's audit logging functionality, explore our HashiCorp Learn tutorial [Capture Consul Events with Audit Logging](https://learn.hashicorp.com/tutorials/consul/audit-logging). For detailed configuration information on configuring the Consul Enterprise's audit -logging, review the Consul [Audit Log](/docs/agent/options#audit) +logging, review the Consul [Audit Log](/docs/agent/config/agent-config-files#audit) documentation. ## Example Configuration Audit logging must be enabled on every agent in order to accurately capture all operations performed through the HTTP API. To enable logging, add -the [`audit`](/docs/agent/options#audit) stanza to the agent's configuration. +the [`audit`](/docs/agent/config/agent-config-files#audit) stanza to the agent's configuration. -> **Note**: Consul only logs operations which are initiated via the HTTP API. The audit log does not record operations that take place over the internal RPC @@ -42,8 +42,8 @@ communication channel used for agent communication. The following example configures a destination called "My Sink". Since rotation is enabled, -audit events will be stored at files named: `/tmp/audit-.json`. The log file will -be rotated either every 24 hours, or when the log file size is greater than 25165824 bytes +audit events will be stored at files named: `/tmp/audit-.json`. The log file will +be rotated either every 24 hours, or when the log file size is greater than 25165824 bytes (24 megabytes). diff --git a/website/content/docs/enterprise/license/overview.mdx b/website/content/docs/enterprise/license/overview.mdx index 67947e273..ae99a5874 100644 --- a/website/content/docs/enterprise/license/overview.mdx +++ b/website/content/docs/enterprise/license/overview.mdx @@ -36,7 +36,7 @@ When using these binaries no further action is necessary to configure the licens ### Binaries Without Built In Licenses For Consul Enterprise 1.10.0 or greater, binaries that do not include built in licenses a license must be available at the time the agent starts. -For server agents this means that they must either have the [`license_path`](/docs/agent/options#license_path) +For server agents this means that they must either have the [`license_path`](/docs/agent/config/agent-config-files#license_path) configuration set or have a license configured in the servers environment with the `CONSUL_LICENSE` or `CONSUL_LICENSE_PATH` environment variables. Both the configuration item and the `CONSUL_LICENSE_PATH` environment variable point to a file containing the license whereas the `CONSUL_LICENSE` environment @@ -55,9 +55,9 @@ to retrieve the license automatically under specific circumstances. When a client agent starts without a license in its configuration or environment, it will try to retrieve the license from the servers via RPCs. That RPC always requires a valid non-anonymous ACL token to authorize the request but the token doesn't need any particular permissions. As the license is required before the client -actually joins the cluster, where to make those RPC requests to is inferred from the [`start_join`](/docs/agent/options#start_join) -or [`retry_join`](/docs/agent/options#retry_join) configurations. If those are both unset or no -[`agent` token](/docs/agent/options#acl_tokens_agent) is set then the client agent will immediately shut itself down. +actually joins the cluster, where to make those RPC requests to is inferred from the [`start_join`](/docs/agent/config/agent-config-files#start_join) +or [`retry_join`](/docs/agent/config/agent-config-files#retry_join) configurations. If those are both unset or no +[`agent` token](/docs/agent/config/agent-config-files#acl_tokens_agent) is set then the client agent will immediately shut itself down. If all preliminary checks pass the client agent will attempt to reach out to any server on its RPC port to request the license. These requests will be retried for up to 5 minutes and if it is unable to retrieve a diff --git a/website/content/docs/enterprise/network-segments.mdx b/website/content/docs/enterprise/network-segments.mdx index f7c011c5c..d36d121ce 100644 --- a/website/content/docs/enterprise/network-segments.mdx +++ b/website/content/docs/enterprise/network-segments.mdx @@ -15,7 +15,7 @@ description: |- Consul requires full connectivity between all agents (servers and clients) in a -[datacenter](/docs/agent/options#_datacenter) within a given +[datacenter](/docs/agent/config/agent-config-cli#_datacenter) within a given LAN gossip pool. By default, all Consul agents will be a part of one shared Serf LAN gossip pool known as the `` network segment, thus requiring full mesh connectivity within the datacenter. @@ -46,7 +46,7 @@ Consul networking models and their capabilities. **Cluster:** A set of Consul servers forming a Raft quorum along with a collection of Consul clients, all set to the same -[datacenter](/docs/agent/options#_datacenter), and joined together to form +[datacenter](/docs/agent/config/agent-config-cli#_datacenter), and joined together to form what we will call a "local cluster". Consul clients discover the Consul servers in their local cluster through the gossip mechanism and make RPC requests to them. LAN Gossip (OSS) is an open intra-cluster networking model, and Network @@ -72,7 +72,7 @@ group of agents to only connect with the agents in its segment. Server agents are members of all segments. The datacenter includes a `` segment, as well as additional segments defined in the -[`segments`](/docs/agent/options#segments) server agent configuration option. +[`segments`](/docs/agent/config/agent-config-files#segments) server agent configuration option. Each additional segment is defined by: - a non-empty name @@ -129,19 +129,19 @@ segments = [ -The server [agent configuration](/docs/agent/options) options relevant to network +The server [agent configuration](/docs/agent/config/agent-config-files) options relevant to network segments are: -- [`ports.serf_lan`](/docs/agent/options#serf_lan_port): The Serf LAN port on this server +- [`ports.serf_lan`](/docs/agent/config/agent-config-files#serf_lan_port): The Serf LAN port on this server for the `` network segment's gossip pool. -- [`segments`](/docs/agent/options#segments): A list of user-defined network segments +- [`segments`](/docs/agent/config/agent-config-files#segments): A list of user-defined network segments on this server, including their names and Serf LAN ports. ## Client Configuration Each client agent can only be a member of one segment at a time. This will be the `` segment unless otherwise specified in the agent's -[`segment`](/docs/agent/options#_segment) agent configuration option. +[`segment`](/docs/agent/config/agent-config-cli#segment) agent configuration option. ### Join a Client to a Segment ((#join_a_client_to_a_segment)) @@ -154,14 +154,14 @@ configured segment. Clients A and B specify the same segment S. Client B is already joined to the segment S LAN gossip pool. Client A wants to join via Client B. In order to do so, Client A -must connect to Client B's configured [Serf LAN port](/docs/agent/options#serf_lan_port). +must connect to Client B's configured [Serf LAN port](/docs/agent/config/agent-config-files#serf_lan_port). Client A specifies segment S and wants to join the segment S gossip pool via Server 1. In order to do so, Client A must connect to Server 1's configured [Serf LAN port -for segment S](/docs/agent/options#segment_port). +for segment S](/docs/agent/config/agent-config-files#segment_port). @@ -171,12 +171,12 @@ of precedence: 1. **Specify an explicit port in the join address**. This can be done at the CLI when starting the agent (e.g., `consul agent -retry-join "client-b-address:8303"`), or in the agent's - configuration using the [retry-join option](/docs/agent/options#retry_join). This method + configuration using the [retry-join option](/docs/agent/config/agent-config-files#retry_join). This method is not compatible with [cloud auto-join](/docs/install/cloud-auto-join#auto-join-with-network-segments). 2. **Specify an alternate Serf LAN port for the agent**. This can be done at the CLI when starting the agent (e.g., `consul agent -retry-join "client-b-address" -serf-lan-port 8303`), or in - the agent's configuration using the [serf_lan](/docs/agent/options#serf_lan_port) option. + the agent's configuration using the [serf_lan](/docs/agent/config/agent-config-files#serf_lan_port) option. When a Serf LAN port is not explicitly specified in the join address, the agent will attempt to join the target host at the Serf LAN port specified in CLI or agent configuration. @@ -221,15 +221,15 @@ ports = { -The client [agent configuration](/docs/agent/options) options relevant to network +The client [agent configuration](/docs/agent/config/agent-config-files) options relevant to network segments are: -- [`segment`](/docs/agent/options#segment-2): The name of the network segment this +- [`segment`](/docs/agent/config/agent-config-files#segment-2): The name of the network segment this client agent belongs to. -- [`ports.serf_lan`](/docs/agent/options#serf_lan_port): +- [`ports.serf_lan`](/docs/agent/config/agent-config-files#serf_lan_port): Serf LAN port for the above segment on this client. This is not required to match the configured Serf LAN port for other agents on this segment. -- [`retry_join`](/docs/agent/options#retry_join) or - [`start_join`](/docs/agent/options#start_join): A list of agent addresses to join +- [`retry_join`](/docs/agent/config/agent-config-files#retry_join) or + [`start_join`](/docs/agent/config/agent-config-files#start_join): A list of agent addresses to join when starting. Ensure the correct Serf LAN port for this segment is used when joining the LAN gossip pool using one of the [available configuration methods](#join_a_client_to_a_segment). diff --git a/website/content/docs/enterprise/read-scale.mdx b/website/content/docs/enterprise/read-scale.mdx index 65faf68f9..c7b6006b5 100644 --- a/website/content/docs/enterprise/read-scale.mdx +++ b/website/content/docs/enterprise/read-scale.mdx @@ -19,6 +19,6 @@ to include voting servers and read replicas. Read replicas still receive data fr however, they do not take part in quorum election operations. Expanding your Consul cluster in this way can scale reads without impacting write latency. -For more details, review the [Consul server configuration](/docs/agent/options) -documentation and the [-read-replica](/docs/agent/options#_read_replica) +For more details, review the [Consul server configuration](/docs/agent/config) +documentation and the [-read-replica](/docs/agent/config/agent-config-cli#_read_replica) configuration flag. diff --git a/website/content/docs/index.mdx b/website/content/docs/index.mdx index d9ff3ca89..6388baf51 100644 --- a/website/content/docs/index.mdx +++ b/website/content/docs/index.mdx @@ -16,5 +16,5 @@ and a link to our guides that walk you through common tasks. Note that the guides are located on the HashiCorp Learn site. - Follow [the documentation](/docs/install) to install Consul either with a precompiled binary or from source. -- Read more about the [configuration options](/docs/agent/options) for Consul servers and clients. +- Read more about the [configuration options](/docs/agent/config) for Consul servers and clients. - Get started using Consul with our step-by-step guides at [HashiCorp Learn](https://learn.hashicorp.com/consul). diff --git a/website/content/docs/install/bootstrapping.mdx b/website/content/docs/install/bootstrapping.mdx index 107d2be0a..a191be28a 100644 --- a/website/content/docs/install/bootstrapping.mdx +++ b/website/content/docs/install/bootstrapping.mdx @@ -30,16 +30,16 @@ as data loss is inevitable in a failure scenario. Please refer to the Manual bootstrapping with `-bootstrap` is not recommended in newer versions of Consul (0.5 and newer) as it is more error-prone. Instead you should use automatic bootstrapping -with [`-bootstrap-expect`](/docs/agent/options#_bootstrap_expect). +with [`-bootstrap-expect`](/docs/agent/config/agent-config-cli#_bootstrap_expect). ## Bootstrapping the Servers -The recommended way to bootstrap the servers is to use the [`-bootstrap-expect`](/docs/agent/options#_bootstrap_expect) +The recommended way to bootstrap the servers is to use the [`-bootstrap-expect`](/docs/agent/config/agent-config-cli#_bootstrap_expect) configuration option. This option informs Consul of the expected number of server nodes and automatically bootstraps when that many servers are available. To prevent inconsistencies and split-brain (clusters where multiple servers consider themselves leader) situations, you should either specify the same value for -[`-bootstrap-expect`](/docs/agent/options#_bootstrap_expect) +[`-bootstrap-expect`](/docs/agent/config/agent-config-cli#_bootstrap_expect) or specify no value at all on all the servers. Only servers that specify a value will attempt to bootstrap the cluster. Suppose we are starting a three server cluster. We can start `Node A`, `Node B`, and `Node C` with each @@ -61,11 +61,11 @@ You can trigger leader election by joining the servers together, to create a clu There are multiple options for joining the servers. Choose the method which best suits your environment and specific use case. - Specify a list of servers with - [-join](/docs/agent/options#_join) and - [start_join](/docs/agent/options#start_join) + [-join](/docs/agent/config/agent-config-cli#_join) and + [start_join](/docs/agent/config/agent-config-files#start_join) options. -- Specify a list of servers with [-retry-join](/docs/agent/options#_retry_join) option. -- Use automatic joining by tag for supported cloud environments with the [-retry-join](/docs/agent/options#_retry_join) option. +- Specify a list of servers with [-retry-join](/docs/agent/config/agent-config-cli#_retry_join) option. +- Use automatic joining by tag for supported cloud environments with the [-retry-join](/docs/agent/config/agent-config-cli#_retry_join) option. All three methods can be set in the agent configuration file or the command line flag. diff --git a/website/content/docs/install/cloud-auto-join.mdx b/website/content/docs/install/cloud-auto-join.mdx index 064ca2fa0..78dc2b310 100644 --- a/website/content/docs/install/cloud-auto-join.mdx +++ b/website/content/docs/install/cloud-auto-join.mdx @@ -69,7 +69,7 @@ to use port `8303` as its Serf LAN port prior to attempting to join the cluster. The following example configuration overrides the default Serf LAN port using the -[`ports.serf_lan`](/docs/agent/options#serf_lan_port) configuration option. +[`ports.serf_lan`](/docs/agent/config/agent-config-files#serf_lan_port) configuration option. @@ -85,7 +85,7 @@ ports { The following example overrides the default Serf LAN port using the -[`-serf-lan-port`](/docs/agent/options#_serf_lan_port) command line flag. +[`-serf-lan-port`](/docs/agent/config/agent-config-cli#_serf_lan_port) command line flag. ```shell $ consul agent -serf-lan-port=8303 -retry-join "provider=..." diff --git a/website/content/docs/install/manual-bootstrap.mdx b/website/content/docs/install/manual-bootstrap.mdx index 1bb179786..46f8cab3e 100644 --- a/website/content/docs/install/manual-bootstrap.mdx +++ b/website/content/docs/install/manual-bootstrap.mdx @@ -23,7 +23,7 @@ storing the cluster state. The client nodes are mostly stateless and rely on the server nodes, so they can be started easily. Manual bootstrapping requires that the first server that is deployed in a new -datacenter provide the [`-bootstrap` configuration option](/docs/agent/options#_bootstrap). +datacenter provide the [`-bootstrap` configuration option](/docs/agent/config/agent-config-cli#_bootstrap). This option allows the server to assert leadership of the cluster without agreement from any other server. This is necessary because at this point, there are no other servers running in diff --git a/website/content/docs/install/performance.mdx b/website/content/docs/install/performance.mdx index ca9c0e538..3be2d3801 100644 --- a/website/content/docs/install/performance.mdx +++ b/website/content/docs/install/performance.mdx @@ -18,7 +18,7 @@ reads work from a fully in-memory data store that is optimized for concurrent ac ## Minimum Server Requirements ((#minimum)) -In Consul 0.7, the default server [performance parameters](/docs/agent/options#performance) +In Consul 0.7, the default server [performance parameters](/docs/agent/config/agent-config-files#performance) were tuned to allow Consul to run reliably (but relatively slowly) on a server cluster of three [AWS t2.micro](https://aws.amazon.com/ec2/instance-types/) instances. These thresholds were determined empirically using a leader instance that was under sufficient read, write, @@ -43,7 +43,7 @@ The default performance configuration is equivalent to this: ## Production Server Requirements ((#production)) When running Consul 0.7 and later in production, it is recommended to configure the server -[performance parameters](/docs/agent/options#performance) back to Consul's original +[performance parameters](/docs/agent/config/agent-config-files#performance) back to Consul's original high-performance settings. This will let Consul servers detect a failed leader and complete leader elections much more quickly than the default configuration which extends key Raft timeouts by a factor of 5, so it can be quite slow during these events. @@ -103,14 +103,14 @@ Here are some general recommendations: issues between the servers or insufficient CPU resources. Users in cloud environments often bump their servers up to the next instance class with improved networking and CPU until leader elections stabilize, and in Consul 0.7 or later the [performance - parameters](/docs/agent/options#performance) configuration now gives you tools + parameters](/docs/agent/config/agent-config-files#performance) configuration now gives you tools to trade off performance instead of upsizing servers. You can use the [`consul.raft.leader.lastContact` telemetry](/docs/agent/telemetry#leadership-changes) to observe how the Raft timing is performing and guide the decision to de-tune Raft performance or add more powerful servers. - For DNS-heavy workloads, configuring all Consul agents in a cluster with the - [`allow_stale`](/docs/agent/options#allow_stale) configuration option will allow reads to + [`allow_stale`](/docs/agent/config/agent-config-files#allow_stale) configuration option will allow reads to scale across all Consul servers, not just the leader. Consul 0.7 and later enables stale reads for DNS by default. See [Stale Reads](https://learn.hashicorp.com/tutorials/consul/dns-caching#stale-reads) in the [DNS Caching](https://learn.hashicorp.com/tutorials/consul/dns-caching) guide for more details. It's also good to set @@ -121,7 +121,7 @@ Here are some general recommendations: [stale consistency mode](/api-docs/features/consistency#stale) available to allow reads to scale across all the servers and not just be forwarded to the leader. -- In Consul 0.9.3 and later, a new [`limits`](/docs/agent/options#limits) configuration is +- In Consul 0.9.3 and later, a new [`limits`](/docs/agent/config/agent-config-files#limits) configuration is available on Consul clients to limit the RPC request rate they are allowed to make against the Consul servers. After hitting the limit, requests will start to return rate limit errors until time has passed and more requests are allowed. Configuring this across the cluster can help with @@ -156,11 +156,11 @@ For **write-heavy** workloads, the total RAM available for overhead must approxi RAM NEEDED = number of keys * average key size * 2-3x ``` -Since writes must be synced to disk (persistent storage) on a quorum of servers before they are committed, deploying a disk with high write throughput (or an SSD) will enhance performance on the write side. ([Documentation](/docs/agent/options#_data_dir)) +Since writes must be synced to disk (persistent storage) on a quorum of servers before they are committed, deploying a disk with high write throughput (or an SSD) will enhance performance on the write side. ([Documentation](/docs/agent/config/agent-config-cli#_data_dir)) For a **read-heavy** workload, configure all Consul server agents with the `allow_stale` DNS option, or query the API with the `stale` [consistency mode](/api-docs/features/consistency). By default, all queries made to the server are RPC forwarded to and serviced by the leader. By enabling stale reads, any server will respond to any query, thereby reducing overhead on the leader. Typically, the stale response is `100ms` or less from consistent mode but it drastically improves performance and reduces latency under high load. -If the leader server is out of memory or the disk is full, the server eventually stops responding, loses its election and cannot move past its last commit time. However, by configuring `max_stale` and setting it to a large value, Consul will continue to respond to queries during such outage scenarios. ([max_stale documentation](/docs/agent/options#max_stale)). +If the leader server is out of memory or the disk is full, the server eventually stops responding, loses its election and cannot move past its last commit time. However, by configuring `max_stale` and setting it to a large value, Consul will continue to respond to queries during such outage scenarios. ([max_stale documentation](/docs/agent/config/agent-config-files#max_stale)). It should be noted that `stale` is not appropriate for coordination where strong consistency is important (i.e. locking or application leader election). For critical cases, the optional `consistent` API query mode is required for true linearizability; the trade off is that this turns a read into a full quorum write so requires more resources and takes longer. @@ -168,7 +168,7 @@ It should be noted that `stale` is not appropriate for coordination where strong Consul’s agents use network sockets for communicating with the other nodes (gossip) and with the server agent. In addition, file descriptors are also opened for watch handlers, health checks, and log files. For a **write heavy** cluster, the `ulimit` size must be increased from the default value (`1024`) to prevent the leader from running out of file descriptors. -To prevent any CPU spikes from a misconfigured client, RPC requests to the server should be [rate limited](/docs/agent/options#limits) +To prevent any CPU spikes from a misconfigured client, RPC requests to the server should be [rate limited](/docs/agent/config/agent-config-files#limits) ~> **NOTE** Rate limiting is configured on the client agent only. @@ -191,8 +191,8 @@ Smearing requests over 30s is sufficient to bring RPC load to a reasonable level in all but the very largest clusters, but the extra CPU load from cryptographic operations could impact the server's normal work. To limit that, Consul since 1.4.1 exposes two ways to limit the impact Certificate signing has on the leader -[`csr_max_per_second`](/docs/agent/options#ca_csr_max_per_second) and -[`csr_max_concurrent`](/docs/agent/options#ca_csr_max_concurrent). +[`csr_max_per_second`](/docs/agent/config/agent-config-files#ca_csr_max_per_second) and +[`csr_max_concurrent`](/docs/agent/config/agent-config-files#ca_csr_max_concurrent). By default we set a limit of 50 per second which is reasonable on modest hardware but may be too low and impact rotation times if more than 1500 service diff --git a/website/content/docs/install/ports.mdx b/website/content/docs/install/ports.mdx index a9763327c..6cbc9eb82 100644 --- a/website/content/docs/install/ports.mdx +++ b/website/content/docs/install/ports.mdx @@ -55,4 +55,4 @@ the Serf WAN port (TCP/UDP) to be listening on both WAN and LAN interfaces. See **Server RPC** This is used by servers to handle incoming requests from other agents. -Note, the default ports can be changed in the [agent configuration](/docs/agent/options#ports). +Note, the default ports can be changed in the [agent configuration](/docs/agent/config/agent-config-files#ports). diff --git a/website/content/docs/k8s/connect/connect-ca-provider.mdx b/website/content/docs/k8s/connect/connect-ca-provider.mdx index 4fb45c82c..5025fcd7b 100644 --- a/website/content/docs/k8s/connect/connect-ca-provider.mdx +++ b/website/content/docs/k8s/connect/connect-ca-provider.mdx @@ -200,5 +200,5 @@ To update any settings under these keys, you must use Consul's [Update CA Config To renew the Vault token, use the [`vault token renew`](https://www.vaultproject.io/docs/commands/token/renew) CLI command or API. -[`ca_config`]: /docs/agent/options#connect_ca_config -[`ca_provider`]: /docs/agent/options#connect_ca_provider +[`ca_config`]: /docs/agent/config/agent-config-files#connect_ca_config +[`ca_provider`]: /docs/agent/config/agent-config-files#connect_ca_provider diff --git a/website/content/docs/k8s/helm.mdx b/website/content/docs/k8s/helm.mdx index 0072528c1..f2ca6d800 100644 --- a/website/content/docs/k8s/helm.mdx +++ b/website/content/docs/k8s/helm.mdx @@ -58,7 +58,7 @@ Use these links to navigate to a particular top-level stanza. the prefix will be `-consul`. - `domain` ((#v-global-domain)) (`string: consul`) - The domain Consul will answer DNS queries for - (see `-domain` (https://consul.io/docs/agent/options#_domain)) and the domain services synced from + (see `-domain` (https://consul.io/docs/agent/config/agent-config-cli#_domain)) and the domain services synced from Consul into Kubernetes will have, e.g. `service-name.service.consul`. - `adminPartitions` ((#v-global-adminpartitions)) - Enabling `adminPartitions` allows creation of Admin Partitions in Kubernetes clusters. @@ -261,7 +261,7 @@ Use these links to navigate to a particular top-level stanza. ``` - `gossipEncryption` ((#v-global-gossipencryption)) - Configures Consul's gossip encryption key. - (see `-encrypt` (https://consul.io/docs/agent/options#_encrypt)). + (see `-encrypt` (https://consul.io/docs/agent/config/agent-config-cli#_encrypt)). By default, gossip encryption is not enabled. The gossip encryption key may be set automatically or manually. The recommended method is to automatically generate the key. To automatically generate and set a gossip encryption key, set autoGenerate to true. @@ -292,7 +292,7 @@ Use these links to navigate to a particular top-level stanza. - `recursors` ((#v-global-recursors)) (`array: []`) - A list of addresses of upstream DNS servers that are used to recursively resolve DNS queries. These values are given as `-recursor` flags to Consul servers and clients. - See https://www.consul.io/docs/agent/options#_recursor for more details. + See https://www.consul.io/docs/agent/config/agent-config-cli#_recursor for more details. If this is an empty array (the default), then Consul DNS will only resolve queries for the Consul top level domain (by default `.consul`). - `tls` ((#v-global-tls)) - Enables TLS (https://learn.hashicorp.com/tutorials/consul/tls-encryption-secure) @@ -663,7 +663,7 @@ Use these links to navigate to a particular top-level stanza. --set 'server.disruptionBudget.maxUnavailable=0'` flag to the helm chart installation command because of a limitation in the Helm templating language. - - `extraConfig` ((#v-server-extraconfig)) (`string: {}`) - A raw string of extra JSON configuration (https://consul.io/docs/agent/options) for Consul + - `extraConfig` ((#v-server-extraconfig)) (`string: {}`) - A raw string of extra JSON configuration (https://consul.io/docs/agent/config) for Consul servers. This will be saved as-is into a ConfigMap that is read by the Consul server agents. This can be used to add additional configuration that isn't directly exposed by the chart. @@ -864,7 +864,7 @@ Use these links to navigate to a particular top-level stanza. - `image` ((#v-client-image)) (`string: null`) - The name of the Docker image (including any tag) for the containers running Consul client agents. - - `join` ((#v-client-join)) (`array: null`) - A list of valid `-retry-join` values (https://consul.io/docs/agent/options#retry-join). + - `join` ((#v-client-join)) (`array: null`) - A list of valid `-retry-join` values (https://consul.io/docs/agent/config/agent-config-files#retry-join). If this is `null` (default), then the clients will attempt to automatically join the server cluster running within Kubernetes. This means that with `server.enabled` set to true, clients will automatically @@ -885,7 +885,7 @@ Use these links to navigate to a particular top-level stanza. required for Connect. - `nodeMeta` ((#v-client-nodemeta)) - nodeMeta specifies an arbitrary metadata key/value pair to associate with the node - (see https://www.consul.io/docs/agent/options.html#_node_meta) + (see https://www.consul.io/docs/agent/config/agent-config-cli#_node_meta) - `pod-name` ((#v-client-nodemeta-pod-name)) (`string: ${HOSTNAME}`) @@ -929,7 +929,7 @@ Use these links to navigate to a particular top-level stanza. - `tlsInit` ((#v-client-containersecuritycontext-tlsinit)) (`map`) - The tls-init initContainer - - `extraConfig` ((#v-client-extraconfig)) (`string: {}`) - A raw string of extra JSON configuration (https://consul.io/docs/agent/options) for Consul + - `extraConfig` ((#v-client-extraconfig)) (`string: {}`) - A raw string of extra JSON configuration (https://consul.io/docs/agent/config) for Consul clients. This will be saved as-is into a ConfigMap that is read by the Consul client agents. This can be used to add additional configuration that isn't directly exposed by the chart. @@ -1238,7 +1238,7 @@ Use these links to navigate to a particular top-level stanza. will inherit from `global.metrics.enabled` value. - `provider` ((#v-ui-metrics-provider)) (`string: prometheus`) - Provider for metrics. See - https://www.consul.io/docs/agent/options#ui_config_metrics_provider + https://www.consul.io/docs/agent/config/agent-config-files#ui_config_metrics_provider This value is only used if `ui.enabled` is set to true. - `baseURL` ((#v-ui-metrics-baseurl)) (`string: http://prometheus-server`) - baseURL is the URL of the prometheus server, usually the service URL. diff --git a/website/content/docs/k8s/installation/deployment-configurations/servers-outside-kubernetes.mdx b/website/content/docs/k8s/installation/deployment-configurations/servers-outside-kubernetes.mdx index 7c021e06a..6cc85bb0f 100644 --- a/website/content/docs/k8s/installation/deployment-configurations/servers-outside-kubernetes.mdx +++ b/website/content/docs/k8s/installation/deployment-configurations/servers-outside-kubernetes.mdx @@ -22,8 +22,8 @@ you want the clients to be exposed on the Kubernetes internal node IPs (`true`) their pod IPs (`false`). Finally, `client.join` is set to an array of valid -[`-retry-join` values](/docs/agent/options#retry-join). In the -example above, a fake [cloud auto-join](/docs/install/cloud-auto-join) +[`-retry-join` values](/docs/agent/config/agent-config-cli#retry-join). In the +example above, a fake [cloud auto-join](/docs/agent/cloud-auto-join) value is specified. This should be set to resolve to the proper addresses of your existing Consul cluster. diff --git a/website/content/docs/k8s/installation/multi-cluster/kubernetes.mdx b/website/content/docs/k8s/installation/multi-cluster/kubernetes.mdx index 6c9054903..1c37161e0 100644 --- a/website/content/docs/k8s/installation/multi-cluster/kubernetes.mdx +++ b/website/content/docs/k8s/installation/multi-cluster/kubernetes.mdx @@ -271,8 +271,8 @@ The automatically generated federation secret contains: - **Consul server config** - This is a JSON snippet that must be used as part of the server config for secondary datacenters. It sets: - - [`primary_datacenter`](/docs/agent/options#primary_datacenter) to the name of the primary datacenter. - - [`primary_gateways`](/docs/agent/options#primary_gateways) to an array of IPs or hostnames + - [`primary_datacenter`](/docs/agent/config/agent-config-files#primary_datacenter) to the name of the primary datacenter. + - [`primary_gateways`](/docs/agent/config/agent-config-files#primary_gateways) to an array of IPs or hostnames for the mesh gateways in the primary datacenter. These are the addresses that Consul servers in secondary clusters will use to communicate with the primary datacenter. diff --git a/website/content/docs/k8s/installation/multi-cluster/vms-and-kubernetes.mdx b/website/content/docs/k8s/installation/multi-cluster/vms-and-kubernetes.mdx index 73e0c079e..f792ae115 100644 --- a/website/content/docs/k8s/installation/multi-cluster/vms-and-kubernetes.mdx +++ b/website/content/docs/k8s/installation/multi-cluster/vms-and-kubernetes.mdx @@ -95,7 +95,7 @@ The following sections detail how to export this data. ==> Saved dc1-client-consul-0-key.pem ``` - Or use the [auto_encrypt](/docs/agent/options#auto_encrypt) feature. + Or use the [auto_encrypt](/docs/agent/config/agent-config-files#auto_encrypt) feature. ### Mesh Gateway Addresses diff --git a/website/content/docs/nia/configuration.mdx b/website/content/docs/nia/configuration.mdx index 71657d8cb..52da3e570 100644 --- a/website/content/docs/nia/configuration.mdx +++ b/website/content/docs/nia/configuration.mdx @@ -61,7 +61,7 @@ tls { The `consul` block is used to configure CTS connection with a Consul agent to perform queries to the Consul Catalog and Consul KV pertaining to task execution. --> **Note:** Use HTTP/2 to improve CTS performance when communicating with the local Consul process. [TLS/HTTPS](/docs/agent/options) must be configured for the local Consul with the [cert_file](/docs/agent/options#cert_file) and [key_file](/docs/agent/options#key_file) parameters set. For the CTS configuration, set `tls.enabled = true` and set the `address` parameter to the HTTPS URL, e.g., `address = example.consul.com:8501`. If using self-signed certificates for Consul, you will also need to set `tls.verify = false` or add the certificate to `ca_cert` or `ca_path`. +-> **Note:** Use HTTP/2 to improve Consul-Terraform-Sync performance when communicating with the local Consul process. [TLS/HTTPS](/docs/agent/config/agent-config-files) must be configured for the local Consul with the [cert_file](/docs/agent/config/agent-config-filess#cert_file) and [key_file](/docs/agent/config/agent-config-files#key_file) parameters set. For the Consul-Terraform-Sync configuration, set `tls.enabled = true` and set the `address` parameter to the HTTPS URL, e.g., `address = example.consul.com:8501`. If using self-signed certificates for Consul, you will also need to set `tls.verify = false` or add the certificate to `ca_cert` or `ca_path`. To read more on suggestions for configuring the Consul agent, see [run an agent](/docs/nia/installation/requirements#run-an-agent). @@ -80,7 +80,7 @@ consul { - `enabled` - (bool) - `username` - (string) - `password` - (string) -- `tls` - Configure TLS to use a secure client connection with Consul. Using HTTP/2 can solve issues related to hitting Consul's maximum connection limits, as well as improve efficiency when processing many blocking queries. This option is required for CTS when connecting to a [Consul agent with TLS verification enabled for HTTPS connections](/docs/agent/options#verify_incoming). +- `tls` - Configure TLS to use a secure client connection with Consul. Using HTTP/2 can solve issues related to hitting Consul's maximum connection limits, as well as improve efficiency when processing many blocking queries. This option is required for Consul-Terraform-Sync when connecting to a [Consul agent with TLS verification enabled for HTTPS connections](/docs/agent/config/agent-config-files#verify_incoming). - `enabled` - (bool) Enable TLS. Providing a value for any of the TLS options will enable this parameter implicitly. - `verify` - (bool: true) Enables TLS peer verification. The default is enabled, which will check the global certificate authority (CA) chain to make sure the certificates returned by Consul are valid. - If Consul is using a self-signed certificate that you have not added to the global CA chain, you can set this certificate with `ca_cert` or `ca_path`. Alternatively, you can disable SSL verification by setting `verify` to false. However, disabling verification is a potential security vulnerability. @@ -98,7 +98,7 @@ consul { - `max_idle_conns` - (int: 0) The maximum number of total idle connections across all hosts. The limit is disabled by default. - `max_idle_conns_per_host` - (int: 100) The maximum number of idle connections per remote host. The majority of connections are established with one host, the Consul agent. - To achieve the shortest latency between a Consul service update to a task execution, configure `max_idle_conns_per_host` equal to or greater than the number of services in automation across all tasks. - - This value should be lower than the configured [`http_max_conns_per_client`](/docs/agent/options#http_max_conns_per_client) for the Consul agent. If `max_idle_conns_per_host` and the number of services in automation is greater than the Consul agent limit, CTS may error due to connection limits (status code 429). You may increase the agent limit with caution. _Note: requests to the Consul agent made by Terraform subprocesses or any other process on the same host as CTS will contribute to the Consul agent connection limit._ + - This value should be lower than the configured [`http_max_conns_per_client`](/docs/agent/config/agent-config-files#http_max_conns_per_client) for the Consul agent. If `max_idle_conns_per_host` and the number of services in automation is greater than the Consul agent limit, Consul-Terraform-Sync may error due to connection limits (status code 429). You may increase the agent limit with caution. _Note: requests to the Consul agent made by Terraform subprocesses or any other process on the same host as Consul-Terraform-Sync will contribute to the Consul agent connection limit._ - `tls_handshake_timeout` - (string: "10s") amount of time to wait to complete the TLS handshake. ## Service diff --git a/website/content/docs/nia/installation/requirements.mdx b/website/content/docs/nia/installation/requirements.mdx index ee30a49f4..27f482699 100644 --- a/website/content/docs/nia/installation/requirements.mdx +++ b/website/content/docs/nia/installation/requirements.mdx @@ -35,7 +35,7 @@ The Consul agent must be running in order to dynamically update network devices. When running a Consul agent with CTS in production, we suggest to keep a few considerations in mind. CTS uses [blocking queries](/api-docs/features/blocking) to monitor task dependencies, like changes to registered services. This results in multiple long running TCP connections between CTS and the agent to poll changes for each dependency. Monitoring a high number of services may quickly hit the default Consul agent connection limits. -There are 2 ways to fix this issue. The first and recommended fix is to use HTTP/2 (requires HTTPS) to communicate between CTS and the Consul agent. When using HTTP/2 only a single connection is made and reused for all communications. See the [Consul Configuration section](/docs/nia/configuration#consul) for more. The other option is to configure [`limits.http_max_conns_per_client`](/docs/agent/options#http_max_conns_per_client) for the agent to a reasonable value proportional to the number of services monitored by CTS. +There are 2 ways to fix this issue. The first and recommended fix is to use HTTP/2 (requires HTTPS) to communicate between Consul-Terraform-Sync and the Consul agent. When using HTTP/2 only a single connection is made and reused for all communications. See the [Consul Configuration section](/docs/nia/configuration#consul) for more. The other option is to configure [`limits.http_max_conns_per_client`](/docs/agent/config/agent-config-files#http_max_conns_per_client) for the agent to a reasonable value proportional to the number of services monitored by Consul-Terraform-Sync. ### Register Services diff --git a/website/content/docs/releases/release-notes/v1_9_0.mdx b/website/content/docs/releases/release-notes/v1_9_0.mdx index ee22d4ecc..1c7610aca 100644 --- a/website/content/docs/releases/release-notes/v1_9_0.mdx +++ b/website/content/docs/releases/release-notes/v1_9_0.mdx @@ -21,7 +21,7 @@ page_title: 1.9.0 - **Active Health Checks for Consul on Kubernetes:** Consul service mesh now integrates with Kubernetes Readiness probes. This provides the ability to natively detect health status from Kubernetes via Readiness probe, and is then used for directing service mesh traffic. - **Streaming:** This feature introduces a major architectural enhancement in how update notifications for blocking queries are delivered within the cluster. Streaming results in very significant reduction of CPU and network bandwidth usage on Consul servers in large-scale deployments. Streaming is particularly helpful in scaling blocking queries in Consul clusters that have rapid changes in service state. - - Streaming is now available for the service health HTTP endpoint, and can be enabled through the [`use_streaming_backend`](/docs/agent/options#use_streaming_backend) client configuration option, and [`rpc.enable_streaming`](/docs/agent/options#rpc_enable_streaming) option on the servers. We will continue to enable streaming in more endpoints in subsequent releases. + - Streaming is now available for the service health HTTP endpoint, and can be enabled through the [`use_streaming_backend`](/docs/agent/config/agent-config-files#use_streaming_backend) client configuration option, and [`rpc.enable_streaming`](/docs/agent/config/agent-config-files#rpc_enable_streaming) option on the servers. We will continue to enable streaming in more endpoints in subsequent releases. ## What's Changed diff --git a/website/content/docs/security/acl/acl-legacy.mdx b/website/content/docs/security/acl/acl-legacy.mdx index ea58bef0d..17fcbae22 100644 --- a/website/content/docs/security/acl/acl-legacy.mdx +++ b/website/content/docs/security/acl/acl-legacy.mdx @@ -89,7 +89,7 @@ and [Policies](/api-docs/acl/policies). ~> **Warning**: In this document we use the deprecated configuration parameter `acl_datacenter`. In Consul 1.4 and newer the -parameter has been updated to [`primary_datacenter`](/docs/agent/options#primary_datacenter). +parameter has been updated to [`primary_datacenter`](/docs/agent/config/agent-config-files#primary_datacenter). Consul provides an optional Access Control List (ACL) system which can be used to control access to data and APIs. The ACL is @@ -129,7 +129,7 @@ token are automatically applied. The anonymous token is managed using the Tokens are bound to a set of rules that control which Consul resources the token has access to. Policies can be defined in either an allowlist or denylist mode depending on the configuration of -[`acl_default_policy`](/docs/agent/options#acl_default_policy). If the default +[`acl_default_policy`](/docs/agent/config/agent-config-files#acl_default_policy). If the default policy is to "deny" all actions, then token rules can be set to allowlist specific actions. In the inverse, the "allow" all default behavior is a denylist where rules are used to prohibit actions. By default, Consul will allow all actions. @@ -169,7 +169,7 @@ Constructing rules from these policies is covered in detail in the #### ACL Datacenter All nodes (clients and servers) must be configured with a -[`acl_datacenter`](/docs/agent/options#acl_datacenter) which enables ACL +[`acl_datacenter`](/docs/agent/config/agent-config-files#acl_datacenter) which enables ACL enforcement but also specifies the authoritative datacenter. Consul relies on [RPC forwarding](/docs/architecture) to support multi-datacenter configurations. However, because requests can be made across datacenter boundaries, @@ -179,14 +179,14 @@ is considered authoritative and stores the canonical set of tokens. When a request is made to an agent in a non-authoritative datacenter, it must be resolved into the appropriate policy. This is done by reading the token from the authoritative server and caching the result for a configurable -[`acl_ttl`](/docs/agent/options#acl_ttl). The implication of caching is that +[`acl_ttl`](/docs/agent/config/agent-config-files#acl_ttl). The implication of caching is that the cache TTL is an upper bound on the staleness of policy that is enforced. It is possible to set a zero TTL, but this has adverse performance impacts, as every request requires refreshing the policy via an RPC call. During an outage of the ACL datacenter, or loss of connectivity, the cache will be used as long as the TTL is valid, or the cache may be extended if the -[`acl_down_policy`](/docs/agent/options#acl_down_policy) is set accordingly. +[`acl_down_policy`](/docs/agent/config/agent-config-files#acl_down_policy) is set accordingly. This configuration also allows the ACL system to fail open or closed. [ACL replication](#replication) is also available to allow for the full set of ACL tokens to be replicated for use during an outage. @@ -198,10 +198,10 @@ as to whether they are set on servers, clients, or both. | Configuration Option | Servers | Clients | Purpose | | --------------------------------------------------------------------- | ---------- | ---------- | ----------------------------------------------------------------------------------------- | -| [`acl_datacenter`](/docs/agent/options#acl_datacenter) | `REQUIRED` | `REQUIRED` | Master control that enables ACLs by defining the authoritative Consul datacenter for ACLs | -| [`acl_default_policy`](/docs/agent/options#acl_default_policy_legacy) | `OPTIONAL` | `N/A` | Determines allowlist or denylist mode | -| [`acl_down_policy`](/docs/agent/options#acl_down_policy_legacy) | `OPTIONAL` | `OPTIONAL` | Determines what to do when the ACL datacenter is offline | -| [`acl_ttl`](/docs/agent/options#acl_ttl_legacy) | `OPTIONAL` | `OPTIONAL` | Determines time-to-live for cached ACLs | +| [`acl_datacenter`](/docs/agent/config/agent-config-files#acl_datacenter) | `REQUIRED` | `REQUIRED` | Master control that enables ACLs by defining the authoritative Consul datacenter for ACLs | +| [`acl_default_policy`](/docs/agent/config/agent-config-files#acl_default_policy_legacy) | `OPTIONAL` | `N/A` | Determines allowlist or denylist mode | +| [`acl_down_policy`](/docs/agent/config/agent-config-files#acl_down_policy_legacy) | `OPTIONAL` | `OPTIONAL` | Determines what to do when the ACL datacenter is offline | +| [`acl_ttl`](/docs/agent/config/agent-config-files#acl_ttl_legacy) | `OPTIONAL` | `OPTIONAL` | Determines time-to-live for cached ACLs | There are some additional configuration items related to [ACL replication](#replication) and [Version 8 ACL support](#version_8_acls). These are discussed in those respective sections @@ -210,19 +210,19 @@ below. A number of special tokens can also be configured which allow for bootstrapping the ACL system, or accessing Consul in special situations: -| Special Token | Servers | Clients | Purpose | -| ----------------------------------------------------------------------------- | ---------- | ---------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| [`acl_agent_master_token`](/docs/agent/options#acl_agent_master_token_legacy) | `OPTIONAL` | `OPTIONAL` | Special token that can be used to access [Agent API](/api-docs/agent) when the ACL datacenter isn't available, or servers are offline (for clients); used for setting up the cluster such as doing initial join operations, see the [ACL Agent Master Token](#acl-agent-master-token) section for more details | -| [`acl_agent_token`](/docs/agent/options#acl_agent_token_legacy) | `OPTIONAL` | `OPTIONAL` | Special token that is used for an agent's internal operations, see the [ACL Agent Token](#acl-agent-token) section for more details | -| [`acl_master_token`](/docs/agent/options#acl_master_token_legacy) | `REQUIRED` | `N/A` | Special token used to bootstrap the ACL system, see the [Bootstrapping ACLs](#bootstrapping-acls) section for more details | -| [`acl_token`](/docs/agent/options#acl_token_legacy) | `OPTIONAL` | `OPTIONAL` | Default token to use for client requests where no token is supplied; this is often configured with read-only access to services to enable DNS service discovery on agents | +| Special Token | Servers | Clients | Purpose | +| ----------------------------------------------------------------------------------------------- | ---------- | ---------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| [`acl_agent_master_token`](/docs/agent/config/agent-config-files#acl_agent_master_token_legacy) | `OPTIONAL` | `OPTIONAL` | Special token that can be used to access [Agent API](/api-docs/agent) when the ACL datacenter isn't available, or servers are offline (for clients); used for setting up the cluster such as doing initial join operations, see the [ACL Agent Master Token](#acl-agent-master-token) section for more details | +| [`acl_agent_token`](/docs/agent/config/agent-config-files#acl_agent_token_legacy) | `OPTIONAL` | `OPTIONAL` | Special token that is used for an agent's internal operations, see the [ACL Agent Token](#acl-agent-token) section for more details | +| [`acl_master_token`](/docs/agent/config/agent-config-files#acl_master_token_legacy) | `REQUIRED` | `N/A` | Special token used to bootstrap the ACL system, see the [Bootstrapping ACLs](#bootstrapping-acls) section for more details | +| [`acl_token`](/docs/agent/config/agent-config-files#acl_token_legacy) | `OPTIONAL` | `OPTIONAL` | Default token to use for client requests where no token is supplied; this is often configured with read-only access to services to enable DNS service discovery on agents | In Consul 0.9.1 and later, the agent ACL tokens can be introduced or updated via the [/v1/agent/token API](/api-docs/agent#update-acl-tokens). #### ACL Agent Master Token -Since the [`acl_agent_master_token`](/docs/agent/options#acl_agent_master_token_legacy) is designed to be used when the Consul servers are not available, its policy is managed locally on the agent and does not need to have a token defined on the Consul servers via the ACL API. Once set, it implicitly has the following policy associated with it (the `node` policy was added in Consul 0.9.0): +Since the [`acl_agent_master_token`](/docs/agent/config/agent-config-files#acl_agent_master_token_legacy) is designed to be used when the Consul servers are not available, its policy is managed locally on the agent and does not need to have a token defined on the Consul servers via the ACL API. Once set, it implicitly has the following policy associated with it (the `node` policy was added in Consul 0.9.0): ```hcl agent "" { @@ -238,7 +238,7 @@ In Consul 0.9.1 and later, the agent ACL tokens can be introduced or updated via #### ACL Agent Token -The [`acl_agent_token`](/docs/agent/options#acl_agent_token) is a special token that is used for an agent's internal operations. It isn't used directly for any user-initiated operations like the [`acl_token`](/docs/agent/options#acl_token), though if the `acl_agent_token` isn't configured the `acl_token` will be used. The ACL agent token is used for the following operations by the agent: +The [`acl_agent_token`](/docs/agent/config/agent-config-files#acl_agent_token) is a special token that is used for an agent's internal operations. It isn't used directly for any user-initiated operations like the [`acl_token`](/docs/agent/config/agent-config-files#acl_token), though if the `acl_agent_token` isn't configured the `acl_token` will be used. The ACL agent token is used for the following operations by the agent: 1. Updating the agent's node entry using the [Catalog API](/api-docs/catalog), including updating its node metadata, tagged addresses, and network coordinates 2. Performing [anti-entropy](/docs/architecture/anti-entropy) syncing, in particular reading the node metadata and services registered with the catalog @@ -258,7 +258,7 @@ key "_rexec" { } ``` -The `service` policy needs `read` access for any services that can be registered on the agent. If [remote exec is disabled](/docs/agent/options#disable_remote_exec), the default, then the `key` policy can be omitted. +The `service` policy needs `read` access for any services that can be registered on the agent. If [remote exec is disabled](/docs/agent/config/agent-config-files#disable_remote_exec), the default, then the `key` policy can be omitted. In Consul 0.9.1 and later, the agent ACL tokens can be introduced or updated via the [/v1/agent/token API](/api-docs/agent#update-acl-tokens). @@ -294,12 +294,12 @@ The servers will need to be restarted to load the new configuration. Please take to start the servers one at a time, and ensure each server has joined and is operating correctly before starting another. -The [`acl_master_token`](/docs/agent/options#acl_master_token) will be created +The [`acl_master_token`](/docs/agent/config/agent-config-files#acl_master_token) will be created as a "management" type token automatically. The -[`acl_master_token`](/docs/agent/options#acl_master_token) is only installed when +[`acl_master_token`](/docs/agent/config/agent-config-files#acl_master_token) is only installed when a server acquires cluster leadership. If you would like to install or change the -[`acl_master_token`](/docs/agent/options#acl_master_token), set the new value for -[`acl_master_token`](/docs/agent/options#acl_master_token) in the configuration +[`acl_master_token`](/docs/agent/config/agent-config-files#acl_master_token), set the new value for +[`acl_master_token`](/docs/agent/config/agent-config-files#acl_master_token) in the configuration for all servers. Once this is done, restart the current leader to force a leader election. In Consul 0.9.1 and later, you can use the [/v1/acl/bootstrap API](/api-docs/acl#bootstrap-acls) @@ -332,7 +332,7 @@ servers related to permission denied errors: ``` These errors are because the agent doesn't yet have a properly configured -[`acl_agent_token`](/docs/agent/options#acl_agent_token) that it can use for its +[`acl_agent_token`](/docs/agent/config/agent-config-files#acl_agent_token) that it can use for its own internal operations like updating its node information in the catalog and performing [anti-entropy](/docs/architecture/anti-entropy) syncing. We can create a token using the ACL API, and the ACL master token we set in the previous step: @@ -550,9 +550,9 @@ The next section shows an alternative to the anonymous token. #### Set Agent-Specific Default Tokens (Optional) -An alternative to the anonymous token is the [`acl_token`](/docs/agent/options#acl_token) +An alternative to the anonymous token is the [`acl_token`](/docs/agent/config/agent-config-files#acl_token) configuration item. When a request is made to a particular Consul agent and no token is -supplied, the [`acl_token`](/docs/agent/options#acl_token) will be used for the token, +supplied, the [`acl_token`](/docs/agent/config/agent-config-files#acl_token) will be used for the token, instead of being left empty which would normally invoke the anonymous token. In Consul 0.9.1 and later, the agent ACL tokens can be introduced or updated via the @@ -563,7 +563,7 @@ agent, if desired. For example, this allows more fine grained control of what DN given agent can service, or can give the agent read access to some key-value store prefixes by default. -If using [`acl_token`](/docs/agent/options#acl_token), then it's likely the anonymous +If using [`acl_token`](/docs/agent/config/agent-config-files#acl_token), then it's likely the anonymous token will have a more restrictive policy than shown in the examples here. #### Create Tokens for UI Use (Optional) @@ -727,7 +727,7 @@ starts with "bar". Since [Agent API](/api-docs/agent) utility operations may be required before an agent is joined to a cluster, or during an outage of the Consul servers or ACL datacenter, a special token may be -configured with [`acl_agent_master_token`](/docs/agent/options#acl_agent_master_token) to allow +configured with [`acl_agent_master_token`](/docs/agent/config/agent-config-files#acl_agent_master_token) to allow write access to these operations even if no ACL resolution capability is available. #### Event Rules @@ -753,7 +753,7 @@ starts with "deploy". The [`consul exec`](/commands/exec) command uses events with the "\_rexec" prefix during operation, so to enable this feature in a Consul environment with ACLs enabled, you will need to give agents a token with access to this event prefix, in addition to configuring -[`disable_remote_exec`](/docs/agent/options#disable_remote_exec) to `false`. +[`disable_remote_exec`](/docs/agent/config/agent-config-files#disable_remote_exec) to `false`. #### Key/Value Rules @@ -861,13 +861,13 @@ the example above, the rules allow read-only access to any node name with the em read-write access to any node name that starts with "app", and deny all access to any node name that starts with "admin". -Agents need to be configured with an [`acl_agent_token`](/docs/agent/options#acl_agent_token) +Agents need to be configured with an [`acl_agent_token`](/docs/agent/config/agent-config-files#acl_agent_token) with at least "write" privileges to their own node name in order to register their information with the catalog, such as node metadata and tagged addresses. If this is configured incorrectly, the agent will print an error to the console when it tries to sync its state with the catalog. Consul's DNS interface is also affected by restrictions on node rules. If the -[`acl_token`](/docs/agent/options#acl_token) used by the agent does not have "read" access to a +[`acl_token`](/docs/agent/config/agent-config-files#acl_token) used by the agent does not have "read" access to a given node, then the DNS interface will return no records when queried for it. When reading from the catalog or retrieving information from the health endpoints, node rules are @@ -880,7 +880,7 @@ periodic [anti-entropy](/docs/architecture/anti-entropy) syncs, which may requir ACL token to complete. To accommodate this, Consul provides two methods of configuring ACL tokens to use for registration events: -1. Using the [acl_token](/docs/agent/options#acl_token) configuration +1. Using the [acl_token](/docs/agent/config/agent-config-files#acl_token) configuration directive. This allows a single token to be configured globally and used during all check registration operations. 2. Providing an ACL token with service and check definitions at @@ -891,7 +891,7 @@ to use for registration events: [HTTP API](/api) for operations that require them. In addition to ACLs, in Consul 0.9.0 and later, the agent must be configured with -[`enable_script_checks`](/docs/agent/options#_enable_script_checks) set to `true` in order to enable +[`enable_script_checks`](/docs/agent/config/agent-config-files#enable_script_checks) set to `true` in order to enable script checks. #### Operator Rules @@ -1025,7 +1025,7 @@ read-write access to any service name that starts with "app", and deny all acces starts with "admin". Consul's DNS interface is affected by restrictions on service rules. If the -[`acl_token`](/docs/agent/options#acl_token) used by the agent does not have "read" access to a +[`acl_token`](/docs/agent/config/agent-config-files#acl_token) used by the agent does not have "read" access to a given service, then the DNS interface will return no records when queried for it. When reading from the catalog or retrieving information from the health endpoints, service rules are @@ -1037,7 +1037,7 @@ performs periodic [anti-entropy](/docs/architecture/anti-entropy) syncs, which m ACL token to complete. To accommodate this, Consul provides two methods of configuring ACL tokens to use for registration events: -1. Using the [acl_token](/docs/agent/options#acl_token) configuration +1. Using the [acl_token](/docs/agent/config/agent-config-files#acl_token) configuration directive. This allows a single token to be configured globally and used during all service and check registration operations. 2. Providing an ACL token with service and check definitions at registration @@ -1048,12 +1048,12 @@ to use for registration events: API](/api) for operations that require them. **Note:** all tokens passed to an agent are persisted on local disk to allow recovery from restarts. See [`-data-dir` flag - documentation](/docs/agent/options#acl_token) for notes on securing + documentation](/docs/agent/config/agent-config-files#acl_token) for notes on securing access. In addition to ACLs, in Consul 0.9.0 and later, the agent must be configured with -[`enable_script_checks`](/docs/agent/options#_enable_script_checks) or -[`enable_local_script_checks`](/docs/agent/options#_enable_local_script_checks) +[`enable_script_checks`](/docs/agent/config/agent-config-files#enable_script_checks) or +[`enable_local_script_checks`](/docs/agent/config/agent-config-files#enable_local_script_checks) set to `true` in order to enable script checks. #### Session Rules @@ -1084,20 +1084,20 @@ name that starts with "admin". #### Outages and ACL Replication ((#replication)) The Consul ACL system is designed with flexible rules to accommodate for an outage -of the [`acl_datacenter`](/docs/agent/options#acl_datacenter) or networking +of the [`acl_datacenter`](/docs/agent/config/agent-config-files#acl_datacenter) or networking issues preventing access to it. In this case, it may be impossible for agents in non-authoritative datacenters to resolve tokens. Consul provides -a number of configurable [`acl_down_policy`](/docs/agent/options#acl_down_policy) +a number of configurable [`acl_down_policy`](/docs/agent/config/agent-config-files#acl_down_policy) choices to tune behavior. It is possible to deny or permit all actions or to ignore cache TTLs and enter a fail-safe mode. The default is to ignore cache TTLs for any previously resolved tokens and to deny any uncached tokens. Consul 0.7 added an ACL Replication capability that can allow non-authoritative datacenter agents to resolve even uncached tokens. This is enabled by setting an -[`acl_replication_token`](/docs/agent/options#acl_replication_token) in the +[`acl_replication_token`](/docs/agent/config/agent-config-files#acl_replication_token) in the configuration on the servers in the non-authoritative datacenters. In Consul 0.9.1 and later you can enable ACL replication using -[`enable_acl_replication`](/docs/agent/options#enable_acl_replication) and +[`enable_acl_replication`](/docs/agent/config/agent-config-files#enable_acl_replication) and then set the token later using the [agent token API](/api-docs/agent#update-acl-tokens) on each server. This can also be used to rotate the token without restarting the Consul servers. @@ -1113,7 +1113,7 @@ every 30 seconds. Replicated changes are written at a rate that's throttled to a large set of ACLs. If there's a partition or other outage affecting the authoritative datacenter, -and the [`acl_down_policy`](/docs/agent/options#acl_down_policy) +and the [`acl_down_policy`](/docs/agent/config/agent-config-files#acl_down_policy) is set to "extend-cache", tokens will be resolved during the outage using the replicated set of ACLs. An [ACL replication status](/api-docs/acl#check-acl-replication) endpoint is available to monitor the health of the replication process. @@ -1123,7 +1123,7 @@ already cached and is expired while similar semantics than "extend-cache". It allows to avoid having issues when connectivity with the authoritative is not completely broken, but very slow. -Locally-resolved ACLs will be cached using the [`acl_ttl`](/docs/agent/options#acl_ttl) +Locally-resolved ACLs will be cached using the [`acl_ttl`](/docs/agent/config/agent-config-files#acl_ttl) setting of the non-authoritative datacenter, so these entries may persist in the cache for up to the TTL, even after the authoritative datacenter comes back online. @@ -1149,7 +1149,7 @@ Consul 0.8 added many more ACL policy types and brought ACL enforcement to Consu agents for the first time. To ease the transition to Consul 0.8 for existing ACL users, there's a configuration option to disable these new features. To disable support for these new ACLs, set the -[`acl_enforce_version_8`](/docs/agent/options#acl_enforce_version_8) configuration +[`acl_enforce_version_8`](/docs/agent/config/agent-config-files#acl_enforce_version_8) configuration option to `false` on Consul clients and servers. Here's a summary of the new features: @@ -1172,31 +1172,31 @@ Here's a summary of the new features: Two new configuration options are used once version 8 ACLs are enabled: -- [`acl_agent_master_token`](/docs/agent/options#acl_agent_master_token) is used as +- [`acl_agent_master_token`](/docs/agent/config/agent-config-files#acl_agent_master_token) is used as a special access token that has `agent` ACL policy `write` privileges on each agent where it is configured, as well as `node` ACL policy `read` privileges for all nodes. This token should only be used by operators during outages when Consul servers aren't available to resolve ACL tokens. Applications should use regular ACL tokens during normal operation. -- [`acl_agent_token`](/docs/agent/options#acl_agent_token) is used internally by +- [`acl_agent_token`](/docs/agent/config/agent-config-files#acl_agent_token) is used internally by Consul agents to perform operations to the service catalog when registering themselves or sending network coordinates to the servers. This token must at least have `node` ACL policy `write` access to the node name it will register as in order to register any node-level information like metadata or tagged addresses. -Since clients now resolve ACLs locally, the [`acl_down_policy`](/docs/agent/options#acl_down_policy) +Since clients now resolve ACLs locally, the [`acl_down_policy`](/docs/agent/config/agent-config-files#acl_down_policy) now applies to Consul clients as well as Consul servers. This will determine what the client will do in the event that the servers are down. -Consul clients must have [`acl_datacenter`](/docs/agent/options#acl_datacenter) configured +Consul clients must have [`acl_datacenter`](/docs/agent/config/agent-config-files#acl_datacenter) configured in order to enable agent-level ACL features. If this is set, the agents will contact the Consul servers to determine if ACLs are enabled at the cluster level. If they detect that ACLs are not enabled, they will check at most every 2 minutes to see if they have become enabled, and will start enforcing ACLs automatically. If an agent has an `acl_datacenter` defined, operators will -need to use the [`acl_agent_master_token`](/docs/agent/options#acl_agent_master_token) to +need to use the [`acl_agent_master_token`](/docs/agent/config/agent-config-files#acl_agent_master_token) to perform agent-level operations if the Consul servers aren't present (such as for a manual join -to the cluster), unless the [`acl_down_policy`](/docs/agent/options#acl_down_policy) on the +to the cluster), unless the [`acl_down_policy`](/docs/agent/config/agent-config-files#acl_down_policy) on the agent is set to "allow". Non-server agents do not need to have the -[`acl_master_token`](/docs/agent/options#acl_master_token) configured; it is not +[`acl_master_token`](/docs/agent/config/agent-config-files#acl_master_token) configured; it is not used by agents in any way. diff --git a/website/content/docs/security/acl/acl-rules.mdx b/website/content/docs/security/acl/acl-rules.mdx index 28fe09a70..59c24b31d 100644 --- a/website/content/docs/security/acl/acl-rules.mdx +++ b/website/content/docs/security/acl/acl-rules.mdx @@ -100,7 +100,7 @@ partition_prefix "ex-" { ```json -({ +{ "partition": [ { "example": [ @@ -171,7 +171,7 @@ partition_prefix "ex-" { ] } ] -}) +} ``` @@ -227,7 +227,7 @@ with `bar`. Since [Agent API](/api-docs/agent) utility operations may be required before an agent is joined to a cluster, or during an outage of the Consul servers or ACL datacenter, a special token may be -configured with [`acl.tokens.agent_recovery`](/docs/agent/options#acl_tokens_agent_recovery) to allow +configured with [`acl.tokens.agent_recovery`](/docs/agent/config/agent-config-files#acl_tokens_agent_recovery) to allow write access to these operations even if no ACL resolution capability is available. ## Event Rules @@ -272,7 +272,7 @@ read-only access to any event, and firing of the "deploy" event. The [`consul exec`](/commands/exec) command uses events with the "\_rexec" prefix during operation, so to enable this feature in a Consul environment with ACLs enabled, you will need to give agents a token with access to this event prefix, in addition to configuring -[`disable_remote_exec`](/docs/agent/options#disable_remote_exec) to `false`. +[`disable_remote_exec`](/docs/agent/config/agent-config-files#disable_remote_exec) to `false`. ## Key/Value Rules @@ -640,18 +640,18 @@ node "admin" { Agents must be configured with `write` privileges for their own node name so that the agent can register their node metadata, tagged addresses, and other information in the catalog. If configured incorrectly, the agent will print an error to the console when it tries to sync its state with the catalog. -Configure `write` access in the [`acl.tokens.agent`](/docs/agent/options#acl_tokens_agent) parameter. +Configure `write` access in the [`acl.tokens.agent`](/docs/agent/config/agent-config-files#acl_tokens_agent) parameter. -The [`acl.token.default`](/docs/agent/options#acl_tokens_default) used by the agent should have `read` access to a given node so that the DNS interface can be queried. +The [`acl.token.default`](/docs/agent/config/agent-config-files#acl_tokens_default) used by the agent should have `read` access to a given node so that the DNS interface can be queried. Node rules are used to filter query results when reading from the catalog or retrieving information from the health endpoints. This allows for configurations where a token has access to a given service name, but only on an allowed subset of node names. Consul agents check tokens locally when health checks are registered and when Consul performs periodic [anti-entropy](/docs/architecture/anti-entropy) syncs. These actions may required an ACL token to complete. Use the following methods to configure ACL tokens for registration events: -- Configure a global token in the [acl.tokens.default](/docs/agent/options#acl_tokens_default) parameter. +* Configure a global token in the [acl.tokens.default](/docs/agent/config/agent-config-files#acl_tokens_default) parameter. This allows a single token to be used during all check registration operations. -- Provide an ACL token with `service` and `check` definitions at registration time. +* Provide an ACL token with `service` and `check` definitions at registration time. This allows for greater flexibility and enables the use of multiple tokens on the same agent. Refer to the [services](/docs/agent/services) and [checks](/docs/agent/checks) documentation for examples. Tokens may also be passed to the [HTTP API](/api) for operations that require them. @@ -835,7 +835,7 @@ service "admin" { Consul's DNS interface is affected by restrictions on service rules. If the -[`acl.tokens.default`](/docs/agent/options#acl_tokens_default) used by the agent does not have `read` access to a +[`acl.tokens.default`](/docs/agent/config/agent-config-files#acl_tokens_default) used by the agent does not have `read` access to a given service, then the DNS interface will return no records when queried for it. When reading from the catalog or retrieving information from the health endpoints, service rules are @@ -847,7 +847,7 @@ performs periodic [anti-entropy](/docs/architecture/anti-entropy) syncs, which m ACL token to complete. To accommodate this, Consul provides two methods of configuring ACL tokens to use for registration events: -1. Using the [acl.tokens.default](/docs/agent/options#acl_tokens_default) configuration +1. Using the [acl.tokens.default](/docs/agent/config/agent-config-files#acl_tokens_default) configuration directive. This allows a single token to be configured globally and used during all service and check registration operations. 2. Providing an ACL token with service and check definitions at registration @@ -858,12 +858,12 @@ to use for registration events: API](/api) for operations that require them. **Note:** all tokens passed to an agent are persisted on local disk to allow recovery from restarts. See [`-data-dir` flag - documentation](/docs/agent/options#acl_token) for notes on securing + documentation](/docs/agent/config/agent-config-files#acl_token) for notes on securing access. In addition to ACLs, in Consul 0.9.0 and later, the agent must be configured with -[`enable_script_checks`](/docs/agent/options#_enable_script_checks) or -[`enable_local_script_checks`](/docs/agent/options#_enable_local_script_checks) +[`enable_script_checks`](/docs/agent/config/agent-config-files#enable_script_checks) or +[`enable_local_script_checks`](/docs/agent/config/agent-config-files#enable_local_script_checks) set to `true` in order to enable script checks. Service rules are also used to grant read or write access to intentions. The diff --git a/website/content/docs/security/acl/auth-methods/index.mdx b/website/content/docs/security/acl/auth-methods/index.mdx index c1e29d504..253f038a0 100644 --- a/website/content/docs/security/acl/auth-methods/index.mdx +++ b/website/content/docs/security/acl/auth-methods/index.mdx @@ -60,7 +60,7 @@ using the API or command line before they can be used by applications. endpoints](/api-docs/acl/binding-rules). -> **Note** - To configure auth methods in any connected secondary datacenter, -[ACL token replication](/docs/agent/options#acl_enable_token_replication) +[ACL token replication](/docs/agent/config/agent-config-files#acl_enable_token_replication) must be enabled. Auth methods require the ability to create local tokens which is restricted to the primary datacenter and any secondary datacenters with ACL token replication enabled. diff --git a/website/content/docs/security/encryption.mdx b/website/content/docs/security/encryption.mdx index 5d33117cb..3f9c3659b 100644 --- a/website/content/docs/security/encryption.mdx +++ b/website/content/docs/security/encryption.mdx @@ -75,17 +75,17 @@ CA then signs keys for each of the agents, as in ~> Certificates need to be created with x509v3 extendedKeyUsage attributes for both clientAuth and serverAuth since Consul uses a single cert/key pair for both server and client communications. TLS can be used to verify the authenticity of the servers or verify the authenticity of clients. -These modes are controlled by the [`verify_outgoing`](/docs/agent/options#tls_internal_rpc_verify_outgoing), -[`verify_server_hostname`](/docs/agent/options#tls_internal_rpc_verify_server_hostname), -and [`verify_incoming`](/docs/agent/options#tls_internal_rpc_verify_incoming) options, respectively. +These modes are controlled by the [`verify_outgoing`](/docs/agent/config/agent-config-files#tls_internal_rpc_verify_outgoing), +[`verify_server_hostname`](/docs/agent/config/agent-config-files#tls_internal_rpc_verify_server_hostname), +and [`verify_incoming`](/docs/agent/config/agent-config-files#tls_internal_rpc_verify_incoming) options, respectively. -If [`verify_outgoing`](/docs/agent/options#tls_internal_rpc_verify_outgoing) is set, agents verify the +If [`verify_outgoing`](/docs/agent/config/agent-config-files#tls_internal_rpc_verify_outgoing) is set, agents verify the authenticity of Consul for outgoing connections. Server nodes must present a certificate signed by a common certificate authority present on all agents, set via the agent's -[`ca_file`](/docs/agent/options#tls_internal_rpc_ca_file) and [`ca_path`](/docs/agent/options#tls_internal_rpc_ca_path) -options. All server nodes must have an appropriate key pair set using [`cert_file`](/docs/agent/options#tls_internal_rpc_cert_file) and [`key_file`](/docs/agent/options#tls_internal_rpc_key_file). +[`ca_file`](/docs/agent/config/agent-config-files#tls_internal_rpc_ca_file) and [`ca_path`](/docs/agent/config/agent-config-files#tls_internal_rpc_ca_path) +options. All server nodes must have an appropriate key pair set using [`cert_file`](/docs/agent/config/agent-config-files#tls_internal_rpc_cert_file) and [`key_file`](/docs/agent/config/agent-config-files#tls_internal_rpc_key_file). -If [`verify_server_hostname`](/docs/agent/options#tls_internal_rpc_verify_server_hostname) is set, then +If [`verify_server_hostname`](/docs/agent/config/agent-config-files#tls_internal_rpc_verify_server_hostname) is set, then outgoing connections perform hostname verification. All servers must have a certificate valid for `server..` or the client will reject the handshake. This is a new configuration as of 0.5.1, and it is used to prevent a compromised client from being @@ -93,12 +93,12 @@ able to restart in server mode and perform a MITM (Man-In-The-Middle) attack. Ne to true, and generate the proper certificates, but this is defaulted to false to avoid breaking existing deployments. -If [`verify_incoming`](/docs/agent/options#tls_internal_rpc_verify_incoming) is set, the servers verify the +If [`verify_incoming`](/docs/agent/config/agent-config-files#tls_internal_rpc_verify_incoming) is set, the servers verify the authenticity of all incoming connections. All clients must have a valid key pair set using -[`cert_file`](/docs/agent/options#tls_internal_rpc_cert_file) and -[`key_file`](/docs/agent/options#tls_internal_rpc_key_file). Servers will +[`cert_file`](/docs/agent/config/agent-config-files#tls_internal_rpc_cert_file) and +[`key_file`](/docs/agent/config/agent-config-files#tls_internal_rpc_key_file). Servers will also disallow any non-TLS connections. To force clients to use TLS, -[`verify_outgoing`](/docs/agent/options#tls_internal_rpc_verify_outgoing) must also be set. +[`verify_outgoing`](/docs/agent/config/agent-config-files#tls_internal_rpc_verify_outgoing) must also be set. TLS is used to secure the RPC calls between agents, but gossip between nodes is done over UDP and is secured using a symmetric key. See above for enabling gossip encryption. diff --git a/website/content/docs/security/security-models/core.mdx b/website/content/docs/security/security-models/core.mdx index f408a57f6..59b9a0cdc 100644 --- a/website/content/docs/security/security-models/core.mdx +++ b/website/content/docs/security/security-models/core.mdx @@ -72,32 +72,32 @@ environment and adapt these configurations accordingly. - **mTLS** - Mutual authentication of both the TLS server and client x509 certificates prevents internal abuse through unauthorized access to Consul agents within the cluster. - - [`tls.defaults.verify_incoming`](/docs/agent/options#tls_defaults_verify_incoming) - By default this is false, and + - [`tls.defaults.verify_incoming`](/docs/agent/config/agent-config-files#tls_defaults_verify_incoming) - By default this is false, and should almost always be set to true to require TLS verification for incoming client connections. This applies to the internal RPC, HTTPS and gRPC APIs. - - [`tls.https.verify_incoming`](/docs/agent/options#tls_https_verify_incoming) - By default this is false, and should + - [`tls.https.verify_incoming`](/docs/agent/config/agent-config-files#tls_https_verify_incoming) - By default this is false, and should be set to true to require clients to provide a valid TLS certificate when the Consul HTTPS API is enabled. TLS for the API may be not be necessary if it is exclusively served over a loopback interface such as `localhost`. - - [`tls.internal_rpc.verify_incoming`](/docs/agent/options#tls_internal_rpc_verify_incoming) - By default this is false, + - [`tls.internal_rpc.verify_incoming`](/docs/agent/config/agent-config-files#tls_internal_rpc_verify_incoming) - By default this is false, and should almost always be set to true to require clients to provide a valid TLS certificate for Consul agent RPCs. - [`tls.grpc.verify_incoming`](/docs/agent/options#tls_grpc_verify_incoming) - By default this is false, and should be set to true to require clients to provide a valid TLS certificate when the Consul gRPC API is enabled. TLS for the API may be not be necessary if it is exclusively served over a loopback interface such as `localhost`. - - [`tls.internal_rpc.verify_outgoing`](/docs/agent/options#tls_internal_rpc_verify_outgoing) - By default this is false, + - [`tls.internal_rpc.verify_outgoing`](/docs/agent/config/agent-config-files#tls_internal_rpc_verify_outgoing) - By default this is false, and should be set to true to require TLS for outgoing connections from server or client agents. Servers that specify `verify_outgoing = true` will always talk to other servers over TLS, but they still accept non-TLS connections to allow for a transition of all clients to TLS. Currently the only way to enforce that no client can communicate with a server unencrypted is to also enable `verify_incoming` which requires client certificates too. - - [`enable_agent_tls_for_checks`](/docs/agent/options#enable_agent_tls_for_checks) - By default this is false, and + - [`enable_agent_tls_for_checks`](/docs/agent/config/agent-config-files#enable_agent_tls_for_checks) - By default this is false, and should almost always be set to true to require mTLS to set up the client for HTTP or gRPC health checks. This was added in Consul 1.0.1. - - [`tls.internal_rpc.verify_server_hostname`](/docs/agent/options#tls_internal_rpc_verify_server_hostname) - By default + - [`tls.internal_rpc.verify_server_hostname`](/docs/agent/config/agent-config-files#tls_internal_rpc_verify_server_hostname) - By default this is false, and should be set to true to require that the TLS certificate presented by the servers matches `server..` hostname for outgoing TLS connections. The default configuration does not verify the hostname of the certificate, only that it is signed by a trusted CA. This setting is critical to prevent a @@ -108,14 +108,14 @@ environment and adapt these configurations accordingly. [CVE-2018-19653](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19653) for more details. This is fixed in 1.4.1. - - [`auto_encrypt`](/docs/agent/options#auto_encrypt) - Enables automated TLS certificate distribution for client - agent RPC communication using the Connect CA. Using this configuration a [`ca_file`](/docs/agent/options#tls_defaults_ca_file) + - [`auto_encrypt`](/docs/agent/config/agent-config-files#auto_encrypt) - Enables automated TLS certificate distribution for client + agent RPC communication using the Connect CA. Using this configuration a [`ca_file`](/docs/agent/config/agent-config-files#tls_defaults_ca_file) and ACL token would still need to be distributed to client agents. - - [`allow_tls`](/docs/agent/options#allow_tls) - By default this is false, and should be set to true on server + - [`allow_tls`](/docs/agent/config/agent-config-files#allow_tls) - By default this is false, and should be set to true on server agents to allow certificates to be automatically generated and distributed from the Connect CA to client agents. - - [`tls`](/docs/agent/options#tls) - By default this is false, and should be set to true on client agents to + - [`tls`](/docs/agent/config/agent-config-files#tls) - By default this is false, and should be set to true on client agents to automatically request a client TLS certificate from the server's Connect CA. **Example Server Agent TLS Configuration** @@ -161,7 +161,7 @@ environment and adapt these configurations accordingly. } ``` - -> The client agent TLS configuration from above sets [`verify_incoming`](/docs/agent/options#tls_defaults_verify_incoming) + -> The client agent TLS configuration from above sets [`verify_incoming`](/docs/agent/config/agent-config-files#tls_defaults_verify_incoming) to false which assumes all incoming traffic is restricted to `localhost`. The primary benefit for this configuration would be to avoid provisioning client TLS certificates (in addition to ACL tokens) for all tools or applications using the local Consul agent. In this case ACLs should be enabled to provide authorization and only ACL tokens would @@ -169,7 +169,7 @@ environment and adapt these configurations accordingly. - **ACLs** - The access control list (ACL) system provides a security mechanism for Consul administrators to grant capabilities tied to an individual human, or machine operator identity. To ultimately secure the ACL system, - administrators should configure the [`default_policy`](/docs/agent/options#acl_default_policy) to "deny". + administrators should configure the [`default_policy`](/docs/agent/config/agent-config-files#acl_default_policy) to "deny". The [system](/docs/security/acl/acl-system) is comprised of five major components: @@ -196,10 +196,10 @@ environment and adapt these configurations accordingly. Two optional gossip encryption options enable Consul servers without gossip encryption to safely upgrade. After upgrading, the verification options should be enabled, or removed to set them to their default state: - - [`encrypt_verify_incoming`](/docs/agent/options#encrypt_verify_incoming) - By default this is true to enforce + - [`encrypt_verify_incoming`](/docs/agent/config/agent-config-files#encrypt_verify_incoming) - By default this is true to enforce encryption on _incoming_ gossip communications. - - [`encrypt_verify_outgoing`](/docs/agent/options#encrypt_verify_outgoing) - By default this is true to enforce + - [`encrypt_verify_outgoing`](/docs/agent/config/agent-config-files#encrypt_verify_outgoing) - By default this is true to enforce encryption on _outgoing_ gossip communications. - **Namespaces** - Read and write operations should be scoped to logical namespaces to @@ -240,16 +240,16 @@ environment and adapt these configurations accordingly. - **Linux Security Modules** - Use of security modules that can be directly integrated into operating systems such as AppArmor, SElinux, and Seccomp on Consul agent hosts. -- **Customize TLS Settings** - TLS settings such as the [available cipher suites](/docs/agent/options#tls_defaults_tls_cipher_suites), +- **Customize TLS Settings** - TLS settings such as the [available cipher suites](/docs/agent/config/agent-config-files#tls_defaults_tls_cipher_suites), should be tuned to fit the needs of your environment. - - [`tls_min_version`](/docs/agent/options#tls_defaults_tls_min_version) - Used to specify the minimum TLS version to use. + - [`tls_min_version`](/docs/agent/config/agent-config-files#tls_defaults_tls_min_version) - Used to specify the minimum TLS version to use. - - [`tls_cipher_suites`](/docs/agent/options#tls_defaults_tls_cipher_suites) - Used to specify which TLS cipher suites are allowed. + - [`tls_cipher_suites`](/docs/agent/config/agent-config-files#tls_defaults_tls_cipher_suites) - Used to specify which TLS cipher suites are allowed. - **Customize HTTP Response Headers** - Additional security headers, such as [`X-XSS-Protection`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection), can be - [configured](/docs/agent/options#response_headers) for HTTP API responses. + [configured](/docs/agent/config/agent-config-files#response_headers) for HTTP API responses. ```hcl http_config { @@ -262,28 +262,28 @@ environment and adapt these configurations accordingly. - **Customize Default Limits** - Consul has a number of builtin features with default connection limits that should be tuned to fit your environment. - - [`http_max_conns_per_client`](/docs/agent/options#http_max_conns_per_client) - Used to limit concurrent access from + - [`http_max_conns_per_client`](/docs/agent/config/agent-config-files#http_max_conns_per_client) - Used to limit concurrent access from a single client to the HTTP(S) endpoint on Consul agents. - - [`https_handshake_timeout`](/docs/agent/options#https_handshake_timeout) - Used to timeout TLS connection for the + - [`https_handshake_timeout`](/docs/agent/config/agent-config-files#https_handshake_timeout) - Used to timeout TLS connection for the HTTP(S) endpoint for Consul agents. - - [`rpc_handshake_timeout`](/docs/agent/options#rpc_handshake_timeout) - Used to timeout TLS connections for the RPC + - [`rpc_handshake_timeout`](/docs/agent/config/agent-config-files#rpc_handshake_timeout) - Used to timeout TLS connections for the RPC endpoint for Consul agents. - - [`rpc_max_conns_per_client`](/docs/agent/options#rpc_max_conns_per_client) - Used to limit concurrent access from a + - [`rpc_max_conns_per_client`](/docs/agent/config/agent-config-files#rpc_max_conns_per_client) - Used to limit concurrent access from a single client to the RPC endpoint on Consul agents. - - [`rpc_rate`](/docs/agent/options#rpc_rate) - Disabled by default, this is used to limit (requests/second) for client + - [`rpc_rate`](/docs/agent/config/agent-config-files#rpc_rate) - Disabled by default, this is used to limit (requests/second) for client agents making RPC calls to server agents. - - [`rpc_max_burst`](/docs/agent/options#rpc_max_burst) - Used as the token bucket size for client agents making RPC + - [`rpc_max_burst`](/docs/agent/config/agent-config-files#rpc_max_burst) - Used as the token bucket size for client agents making RPC calls to server agents. - - [`kv_max_value_size`](/docs/agent/options#kv_max_value_size) - Used to configure the max number of bytes in a + - [`kv_max_value_size`](/docs/agent/config/agent-config-files#kv_max_value_size) - Used to configure the max number of bytes in a key-value API request. - - [`txn_max_req_len`](/docs/agent/options#txn_max_req_len) - Used to configure the max number of bytes in a + - [`txn_max_req_len`](/docs/agent/config/agent-config-files#txn_max_req_len) - Used to configure the max number of bytes in a transaction API request. - **Secure UI Access** - Access to Consul’s builtin UI can be secured in various ways: @@ -303,7 +303,7 @@ environment and adapt these configurations accordingly. [Securing Consul with Access Control Lists (ACLs)](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production), which includes a section on [creating ACL tokens that provide a desired level UI access](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production#consul-ui-token). - - **Restrict HTTP Writes** - Using the [`allow_write_http_from`](/docs/agent/options#allow_write_http_from) + - **Restrict HTTP Writes** - Using the [`allow_write_http_from`](/docs/agent/config/agent-config-files#allow_write_http_from) configuration option to restrict write access for agent endpoints to hosts on the specified list of CIDRs. **Example Agent Configuration** diff --git a/website/content/docs/troubleshoot/common-errors.mdx b/website/content/docs/troubleshoot/common-errors.mdx index 450bdeaab..ca659196f 100644 --- a/website/content/docs/troubleshoot/common-errors.mdx +++ b/website/content/docs/troubleshoot/common-errors.mdx @@ -198,14 +198,14 @@ We recommend raising an issue with the CNI you're using to add support for `host and switching back to `hostPort` eventually. [troubleshooting]: https://learn.hashicorp.com/consul/day-2-operations/advanced-operations/troubleshooting -[node_name]: /docs/agent/options#node_name -[retry_join]: /docs/agent/options#retry-join +[node_name]: /docs/agent/config/agent-config-files#node_name +[retry_join]: /docs/agent/config/agent-config-cli#retry-join [license]: /commands/license [releases]: https://releases.hashicorp.com/consul/ [files]: https://easyengine.io/tutorials/linux/increase-open-files-limit [certificates]: https://learn.hashicorp.com/consul/advanced/day-1-operations/certificates [systemd]: https://learn.hashicorp.com/consul/advanced/day-1-operations/deployment-guide#configure-systemd [monitoring]: https://learn.hashicorp.com/consul/advanced/day-1-operations/monitoring -[bind]: /docs/agent/options#_bind +[bind]: /docs/agent/config/agent-config-cli#_bind [jq]: https://stedolan.github.io/jq/ [go-sockaddr]: https://godoc.org/github.com/hashicorp/go-sockaddr/template diff --git a/website/content/docs/troubleshoot/faq.mdx b/website/content/docs/troubleshoot/faq.mdx index 9734c3880..7e85ecd23 100644 --- a/website/content/docs/troubleshoot/faq.mdx +++ b/website/content/docs/troubleshoot/faq.mdx @@ -62,8 +62,8 @@ messages. This anonymous ID can be disabled. In fact, using the Checkpoint service is optional and can be disabled. -See [`disable_anonymous_signature`](/docs/agent/options#disable_anonymous_signature) -and [`disable_update_check`](/docs/agent/options#disable_update_check). +See [`disable_anonymous_signature`](/docs/agent/config/agent-config-files#disable_anonymous_signature) +and [`disable_update_check`](/docs/agent/config/agent-config-files#disable_update_check). ### Q: Does Consul rely on UDP Broadcast or Multicast? @@ -116,7 +116,7 @@ as well as race conditions between data updates and watch registrations. ### Q: What network ports does Consul use? -The [Ports Used](/docs/agent/options#ports) section of the Configuration +The [Ports Used](/docs/agent/config/agent-config-files#ports) section of the Configuration documentation lists all ports that Consul uses. ### Q: Does Consul require certain user process resource limits? @@ -143,7 +143,7 @@ of any excessive resource utilization before arbitrarily increasing the limits. The default recommended limit on a key's value size is 512KB. This is strictly enforced and an HTTP 413 status will be returned to any client that attempts to store more than that limit in a value. The limit can be increased by using the -[`kv_max_value_size`](/docs/agent/options#kv_max_value_size) configuration option. +[`kv_max_value_size`](/docs/agent/config/agent-config-files#kv_max_value_size) configuration option. It should be noted that the Consul key/value store is not designed to be used as a general purpose database. See diff --git a/website/content/docs/upgrading/instructions/general-process.mdx b/website/content/docs/upgrading/instructions/general-process.mdx index 51d8a3006..eeed1069a 100644 --- a/website/content/docs/upgrading/instructions/general-process.mdx +++ b/website/content/docs/upgrading/instructions/general-process.mdx @@ -74,7 +74,7 @@ this snapshot somewhere safe. More documentation on snapshot usage is available - [consul.io/commands/snapshot](/commands/snapshot) - -**2.** Temporarily modify your Consul configuration so that its [log_level](/docs/agent/options#_log_level) +**2.** Temporarily modify your Consul configuration so that its [log_level](/docs/agent/config/agent-config-cli#_log_level) is set to `debug`. After doing this, issue the following command on your servers to reload the configuration: @@ -183,7 +183,7 @@ then the following options for further assistance are available: When contacting Hashicorp Support, please include the following information in your ticket: - Consul version you were upgrading FROM and TO. -- [Debug level logs](/docs/agent/options#_log_level) from all servers in the cluster +- [Debug level logs](/docs/agent/config/agent-config-cli#_log_level) from all servers in the cluster that you are having trouble with. These should include logs from prior to the upgrade attempt up through the current time. If your logs were not set at debug level prior to the upgrade, please include those logs as well. Also, update your config to use debug logs, diff --git a/website/content/docs/upgrading/instructions/upgrade-to-1-6-x.mdx b/website/content/docs/upgrading/instructions/upgrade-to-1-6-x.mdx index 5b1d19fde..e1aa4a6b9 100644 --- a/website/content/docs/upgrading/instructions/upgrade-to-1-6-x.mdx +++ b/website/content/docs/upgrading/instructions/upgrade-to-1-6-x.mdx @@ -20,7 +20,7 @@ Here is some documentation that may prove useful for reference during this upgra - [ACL System in Legacy Mode](/docs/security/acl/acl-legacy) - You can find information about legacy configuration options and differences between modes here. -- [Configuration](/docs/agent/options) - You can find more details +- [Configuration](/docs/agent/config) - You can find more details around legacy ACL and new ACL configuration options here. Legacy ACL config options will be listed as deprecates as of 1.4.0. @@ -51,7 +51,7 @@ Looking through these changes prior to upgrading is highly recommended. Two very notable items are: - 1.6.2 introduced more strict JSON decoding. Invalid JSON that was previously ignored might result in errors now (e.g., `Connect: null` in service definitions). See [[GH#6680](https://github.com/hashicorp/consul/pull/6680)]. -- 1.6.3 introduced the [http_max_conns_per_client](/docs/agent/options#http_max_conns_per_client) limit. This defaults to 200. Prior to this, connections per client were unbounded. [[GH#7159](https://github.com/hashicorp/consul/issues/7159)] +- 1.6.3 introduced the [http_max_conns_per_client](/docs/agent/config/agent-config-files#http_max_conns_per_client) limit. This defaults to 200. Prior to this, connections per client were unbounded. [[GH#7159](https://github.com/hashicorp/consul/issues/7159)] ## Procedure @@ -202,8 +202,8 @@ update those now to avoid issues when moving to newer versions. These are the changes you will need to make: -- `acl_datacenter` is now named `primary_datacenter` (review our [docs](/docs/agent/options#primary_datacenter) for more info) -- `acl_default_policy`, `acl_down_policy`, `acl_ttl`, `acl_*_token` and `enable_acl_replication` options are now specified like this (review our [docs](/docs/agent/options#acl) for more info): +- `acl_datacenter` is now named `primary_datacenter` (review our [docs](/docs/agent/config/agent-config-files#primary_datacenter) for more info) +- `acl_default_policy`, `acl_down_policy`, `acl_ttl`, `acl_*_token` and `enable_acl_replication` options are now specified like this (review our [docs](/docs/agent/config/agent-config-files#acl) for more info): ```hcl acl { enabled = true/false diff --git a/website/content/docs/upgrading/upgrade-specific.mdx b/website/content/docs/upgrading/upgrade-specific.mdx index b3fb7477f..551979958 100644 --- a/website/content/docs/upgrading/upgrade-specific.mdx +++ b/website/content/docs/upgrading/upgrade-specific.mdx @@ -54,7 +54,7 @@ Due to this rename the following endpoint is also deprecated: These config keys are now deprecated: - `audit.sink[].name` - - [`dns_config.dns_prefer_namespace`](/docs/agent/options#dns_prefer_namespace) + - [`dns_config.dns_prefer_namespace`](/docs/agent/config/agent-config-files#dns_prefer_namespace) ### Deprecated CLI Subcommands @@ -119,8 +119,8 @@ have a license loaded from a configuration file or from their environment the sa agents must have the license specified. Both agents can still perform automatic retrieval of their license but with a few extra stipulations. First, license auto-retrieval now requires that ACLs are on and that the client or snapshot agent is configured with a valid ACL token. Secondly, client -agents require that either the [`start_join`](/docs/agent/options#start_join) or -[`retry_join`](/docs/agent/options#retry_join) configurations are set and that they resolve to server +agents require that either the [`start_join`](/docs/agent/config/agent-config-files#start_join) or +[`retry_join`](/docs/agent/config/agent-config-files#retry_join) configurations are set and that they resolve to server agents. If those stipulations are not met, attempting to start the client or snapshot agent will result in it immediately shutting down. @@ -214,7 +214,7 @@ to Consul 1.9.0. ### Changes to Configuration Defaults -The [`enable_central_service_config`](/docs/agent/options#enable_central_service_config) +The [`enable_central_service_config`](/docs/agent/config/agent-config-files#enable_central_service_config) configuration now defaults to `true`. ### Changes to Intentions @@ -283,7 +283,7 @@ behavior: #### Removal of Deprecated Features -The [`acl_enforce_version_8`](/docs/agent/options#acl_enforce_version_8) +The [`acl_enforce_version_8`](/docs/agent/config/agent-config-files#acl_enforce_version_8) configuration has been removed (with version 8 ACL support by being on by default). @@ -326,7 +326,7 @@ to more precisely capture the view of _active_ blocking queries. ### Vault: default `http_max_conns_per_client` too low to run Vault properly -Consul 1.7.0 introduced [limiting of connections per client](/docs/agent/options#http_max_conns_per_client). The default value +Consul 1.7.0 introduced [limiting of connections per client](/docs/agent/config/agent-config-files#http_max_conns_per_client). The default value was 100, but Vault could use up to 128, which caused problems. If you want to use Vault with Consul 1.7.0, you should change the value to 200. Starting with Consul 1.7.1 this is the new default. @@ -334,7 +334,7 @@ Starting with Consul 1.7.1 this is the new default. ### Vault: default `http_max_conns_per_client` too low to run Vault properly -Consul 1.6.3 introduced [limiting of connections per client](/docs/agent/options#http_max_conns_per_client). The default value +Consul 1.6.3 introduced [limiting of connections per client](/docs/agent/config/agent-config-files#http_max_conns_per_client). The default value was 100, but Vault could use up to 128, which caused problems. If you want to use Vault with Consul 1.6.3 through 1.7.0, you should change the value to 200. Starting with Consul 1.7.1 this is the new default. @@ -373,7 +373,7 @@ datacenter". All configuration is backwards compatible and shouldn't need to change prior to upgrade although it's strongly recommended to migrate ACL configuration to the new syntax soon after upgrade. This includes moving to `primary_datacenter` rather than `acl_datacenter` and `acl_*` to the new [ACL -block](/docs/agent/options#acl). +block](/docs/agent/config/agent-config-files#acl). Datacenters can be upgraded in any order although secondaries will remain in [Legacy ACL mode](#legacy-acl-mode) until the primary datacenter is fully @@ -500,11 +500,11 @@ The following previously deprecated fields and config options have been removed: Consul 1.0.1 (and earlier versions of Consul) checked for raft snapshots every 5 seconds, and created new snapshots for every 8192 writes. These defaults cause constant disk IO in large busy clusters. Consul 1.1.0 increases these to larger values, -and makes them tunable via the [raft_snapshot_interval](/docs/agent/options#_raft_snapshot_interval) and -[raft_snapshot_threshold](/docs/agent/options#_raft_snapshot_threshold) parameters. We recommend +and makes them tunable via the [raft_snapshot_interval](/docs/agent/config/agent-config-files#_raft_snapshot_interval) and +[raft_snapshot_threshold](/docs/agent/config/agent-config-files#_raft_snapshot_threshold) parameters. We recommend keeping the new defaults. However, operators can go back to the old defaults by changing their -config if they prefer more frequent snapshots. See the documentation for [raft_snapshot_interval](/docs/agent/options#_raft_snapshot_interval) -and [raft_snapshot_threshold](/docs/agent/options#_raft_snapshot_threshold) to understand the trade-offs +config if they prefer more frequent snapshots. See the documentation for [raft_snapshot_interval](/docs/agent/config/agent-config-files#_raft_snapshot_interval) +and [raft_snapshot_threshold](/docs/agent/config/agent-config-files#_raft_snapshot_threshold) to understand the trade-offs when tuning these. ## Consul 1.0.7 @@ -532,7 +532,7 @@ before proceeding. #### Carefully Check and Remove Stale Servers During Rolling Upgrades Consul 1.0 (and earlier versions of Consul when running with [Raft protocol -3](/docs/agent/options#_raft_protocol) had an issue where performing +3](/docs/agent/config/agent-config-files#_raft_protocol) had an issue where performing rolling updates of Consul servers could result in an outage from old servers remaining in the cluster. [Autopilot](https://learn.hashicorp.com/tutorials/consul/autopilot-datacenter-operations) @@ -553,7 +553,7 @@ Please be sure to read over all the details here before upgrading. #### Raft Protocol Now Defaults to 3 -The [`-raft-protocol`](/docs/agent/options#_raft_protocol) default has +The [`-raft-protocol`](/docs/agent/config/agent-config-cli#_raft_protocol) default has been changed from 2 to 3, enabling all [Autopilot](https://learn.hashicorp.com/tutorials/consul/autopilot-datacenter-operations) features by default. @@ -582,7 +582,7 @@ servers, and then slowly stand down each of the older servers in a similar fashion. When using Raft protocol version 3, servers are identified by their -[`-node-id`](/docs/agent/options#_node_id) instead of their IP address +[`-node-id`](/docs/agent/config/agent-config-cli#_node_id) instead of their IP address when Consul makes changes to its internal Raft quorum configuration. This means that once a cluster has been upgraded with servers all running Raft protocol version 3, it will no longer allow servers running any older Raft protocol @@ -597,7 +597,7 @@ to map the server to its node ID in the Raft quorum configuration. As part of supporting the [HCL](https://github.com/hashicorp/hcl#syntax) format for Consul's config files, an `.hcl` or `.json` extension is required for all config files loaded by Consul, even when using the -[`-config-file`](/docs/agent/options#_config_file) argument to specify a +[`-config-file`](/docs/agent/config/agent-config-cli#_config_file) argument to specify a file directly. #### Service Definition Parameter Case changed @@ -614,40 +614,41 @@ upgrading. Here's the complete list of removed options and their equivalents: | Removed Option | Equivalent | | ------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| `-dc` | [`-datacenter`](/docs/agent/options#_datacenter) | -| `-retry-join-azure-tag-name` | [`-retry-join`](/docs/agent/options#_retry_join) | -| `-retry-join-azure-tag-value` | [`-retry-join`](/docs/agent/options#_retry_join) | -| `-retry-join-ec2-region` | [`-retry-join`](/docs/agent/options#_retry_join) | -| `-retry-join-ec2-tag-key` | [`-retry-join`](/docs/agent/options#_retry_join) | -| `-retry-join-ec2-tag-value` | [`-retry-join`](/docs/agent/options#_retry_join) | -| `-retry-join-gce-credentials-file` | [`-retry-join`](/docs/agent/options#_retry_join) | -| `-retry-join-gce-project-name` | [`-retry-join`](/docs/agent/options#_retry_join) | -| `-retry-join-gce-tag-name` | [`-retry-join`](/docs/agent/options#_retry_join) | -| `-retry-join-gce-zone-pattern` | [`-retry-join`](/docs/agent/options#_retry_join) | +| `-dc` | [`-datacenter`](/docs/agent/config/agent-config-cli#_datacenter) | +| `-retry-join-azure-tag-name` | [`-retry-join`](/docs/agent/config/agent-config-cli#_retry_join) | +| `-retry-join-azure-tag-value` | [`-retry-join`](/docs/agent/config/agent-config-cli#_retry_join) | +| `-retry-join-ec2-region` | [`-retry-join`](/docs/agent/config/agent-config-cli#_retry_join) | +| `-retry-join-ec2-tag-key` | [`-retry-join`](/docs/agent/config/agent-config-cli#_retry_join) | +| `-retry-join-ec2-tag-value` | [`-retry-join`](/docs/agent/config/agent-config-cli#_retry_join) | +| `-retry-join-gce-credentials-file` | [`-retry-join`](/docs/agent/config/agent-config-cli#_retry_join) | +| `-retry-join-gce-project-name` | [`-retry-join`](/docs/agent/config/agent-config-cli#_retry_join) | +| `-retry-join-gce-tag-name` | [`-retry-join`](/docs/agent/config/agent-config-cli#_retry_join) | +| `-retry-join-gce-zone-pattern` | [`-retry-join`](/docs/agent/config/agent-config-cli#_retry_join) | | `addresses.rpc` | None, the RPC server for CLI commands is no longer supported. | -| `advertise_addrs` | [`ports`](/docs/agent/options#ports) with [`advertise_addr`](/docs/agent/options#advertise_addr) and/or [`advertise_addr_wan`](/docs/agent/options#advertise_addr_wan) | -| `dogstatsd_addr` | [`telemetry.dogstatsd_addr`](/docs/agent/options#telemetry-dogstatsd_addr) | -| `dogstatsd_tags` | [`telemetry.dogstatsd_tags`](/docs/agent/options#telemetry-dogstatsd_tags) | -| `http_api_response_headers` | [`http_config.response_headers`](/docs/agent/options#response_headers) | +| `advertise_addrs` | [`ports`](/docs/agent/config/agent-config-files#ports) with [`advertise_addr`](/docs/agent/config/agent-config-files#advertise_addr) and/or [`advertise_addr_wan`](/docs/agent/config/agent-config-files#advertise_addr_wan) | +| `dogstatsd_addr` | [`telemetry.dogstatsd_addr`](/docs/agent/config/agent-config-files#telemetry-dogstatsd_addr) | +| `dogstatsd_tags` | [`telemetry.dogstatsd_tags`](/docs/agent/config/agent-config-files#telemetry-dogstatsd_tags) | +| `http_api_response_headers` | [`http_config.response_headers`](/docs/agent/config/agent-config-files#response_headers) | | `ports.rpc` | None, the RPC server for CLI commands is no longer supported. | -| `recursor` | [`recursors`](https://github.com/hashicorp/consul/blob/main/website/pages/docs/agent/options.mdx#recursors) | -| `retry_join_azure` | [`-retry-join`](/docs/agent/options#_retry_join) | -| `retry_join_ec2` | [`-retry-join`](/docs/agent/options#_retry_join) | -| `retry_join_gce` | [`-retry-join`](/docs/agent/options#_retry_join) | -| `statsd_addr` | [`telemetry.statsd_address`](https://github.com/hashicorp/consul/blob/main/website/pages/docs/agent/options.mdx#telemetry-statsd_address) | -| `statsite_addr` | [`telemetry.statsite_address`](https://github.com/hashicorp/consul/blob/main/website/pages/docs/agent/options.mdx#telemetry-statsite_address) | -| `statsite_prefix` | [`telemetry.metrics_prefix`](/docs/agent/options#telemetry-metrics_prefix) | -| `telemetry.statsite_prefix` | [`telemetry.metrics_prefix`](/docs/agent/options#telemetry-metrics_prefix) | -| (service definitions) `serviceid` | [`service_id`](/docs/discovery/services) | -| (service definitions) `dockercontainerid` | [`docker_container_id`](/docs/discovery/services) | -| (service definitions) `tlsskipverify` | [`tls_skip_verify`](/docs/discovery/services) | -| (service definitions) `deregistercriticalserviceafter` | [`deregister_critical_service_after`](/docs/discovery/services) | + +| `recursor` | [`recursors`](/docs/agent/config/agent-config-files#recursors) | +| `retry_join_azure` | [`retry-join`](/docs/agent/config/agent-config-files#retry_join) | +| `retry_join_ec2` | [`retry-join`](/docs/agent/config/agent-config-files#retry_join) | +| `retry_join_gce` | [`retry-join`](/docs/agent/config/agent-config-files#retry_join) | +| `statsd_addr` | [`telemetry.statsd_address`](/docs/agent/config/agent-config-files#telemetry-statsd_address) | +| `statsite_addr` | [`telemetry.statsite_address`](/docs/agent/config/agent-config-files#telemetry-statsite_address) | +| `statsite_prefix` | [`telemetry.metrics_prefix`](/docs/agent/config/agent-config-files#telemetry-metrics_prefix) | +| `telemetry.statsite_prefix` | [`telemetry.metrics_prefix`](/docs/agent/config/agent-config-files#telemetry-metrics_prefix) | +| (service definitions) `serviceid` | [`id`](/api-docs/agent/service#id) | +| (service definitions) `dockercontainerid` | [`docker_container_id`](/api-docs/agent/check#dockercontainerid) | +| (service definitions) `tlsskipverify` | [`tls_skip_verify`](/api-docs/agent/check#tlsskipverify) | +| (service definitions) `deregistercriticalserviceafter` | [`deregister_critical_service_after`](/api-docs/agent/check#deregistercriticalserviceafter) | #### `statsite_prefix` Renamed to `metrics_prefix` Since the `statsite_prefix` configuration option applied to all telemetry providers, `statsite_prefix` was renamed to -[`metrics_prefix`](/docs/agent/options#telemetry-metrics_prefix). +[`metrics_prefix`](/docs/agent/config/agent-config-files#telemetry-metrics_prefix). Configuration files will need to be updated when upgrading to this version of Consul. @@ -659,8 +660,8 @@ wrongly stated that you could configure both host and port. #### Escaping Behavior Changed for go-discover Configs -The format for [`-retry-join`](/docs/agent/options#retry-join) and -[`-retry-join-wan`](/docs/agent/options#retry-join-wan) values that use +The format for [`-retry-join`](/docs/agent/config/agent-config-cli#retry-join) and +[`-retry-join-wan`](/docs/agent/config/agent-config-cli#retry-join-wan) values that use [go-discover](https://github.com/hashicorp/go-discover) cloud auto joining has changed. Values in `key=val` sequences must no longer be URL encoded and can be provided as literals as long as they do not contain spaces, backslashes `\` or @@ -778,7 +779,7 @@ invalid health checks would get skipped. #### Script Checks Are Now Opt-In -A new [`enable_script_checks`](/docs/agent/options#_enable_script_checks) +A new [`enable_script_checks`](/docs/agent/config/agent-config-cli#_enable_script_checks) configuration option was added, and defaults to `false`, meaning that in order to allow an agent to run health checks that execute scripts, this will need to be configured and set to `true`. This provides a safer out-of-the-box @@ -800,10 +801,10 @@ for more information. Consul releases will no longer include a `web_ui.zip` file with the compiled web assets. These have been built in to the Consul binary since the 0.7.x -series and can be enabled with the [`-ui`](/docs/agent/options#_ui) +series and can be enabled with the [`-ui`](/docs/agent/config/agent-config-cli#_ui) configuration option. These built-in web assets have always been identical to the contents of the `web_ui.zip` file for each release. The -[`-ui-dir`](/docs/agent/options#_ui_dir) option is still available for +[`-ui-dir`](/docs/agent/config/agent-config-cli#_ui_dir) option is still available for hosting customized versions of the web assets, but the vast majority of Consul users can just use the built in web assets. @@ -835,12 +836,12 @@ to the following commands: #### Version 8 ACLs Are Now Opt-Out -The [`acl_enforce_version_8`](/docs/agent/options#acl_enforce_version_8) +The [`acl_enforce_version_8`](/docs/agent/config/agent-config-files#acl_enforce_version_8) configuration now defaults to `true` to enable full version 8 ACL support by default. If you are upgrading an existing cluster with ACLs enabled, you will need to set this to `false` during the upgrade on **both Consul agents and Consul servers**. Version 8 ACLs were also changed so that -[`acl_datacenter`](/docs/agent/options#acl_datacenter) must be set on +[`acl_datacenter`](/docs/agent/config/agent-config-files#acl_datacenter) must be set on agents in order to enable the agent-side enforcement of ACLs. This makes for a smoother experience in clusters where ACLs aren't enabled at all, but where the agents would have to wait to contact a Consul server before learning that. @@ -848,14 +849,14 @@ agents would have to wait to contact a Consul server before learning that. #### Remote Exec Is Now Opt-In The default for -[`disable_remote_exec`](/docs/agent/options#disable_remote_exec) was +[`disable_remote_exec`](/docs/agent/config/agent-config-files#disable_remote_exec) was changed to "true", so now operators need to opt-in to having agents support running commands remotely via [`consul exec`](/commands/exec). #### Raft Protocol Version Compatibility When upgrading to Consul 0.8.0 from a version lower than 0.7.0, users will need -to set the [`-raft-protocol`](/docs/agent/options#_raft_protocol) option +to set the [`-raft-protocol`](/docs/agent/config/agent-config-cli#_raft_protocol) option to 1 in order to maintain backwards compatibility with the old servers during the upgrade. After the servers have been migrated to version 0.8.0, `-raft-protocol` can be moved up to 2 and the servers restarted to match the @@ -890,7 +891,7 @@ process to reap child processes. #### DNS Resiliency Defaults -The default for [`max_stale`](/docs/agent/options#max_stale) has been +The default for [`max_stale`](/docs/agent/config/agent-config-files#max_stale) has been increased from 5 seconds to a near-indefinite threshold (10 years) to allow DNS queries to continue to be served in the event of a long outage with no leader. A new telemetry counter was added at `consul.dns.stale_queries` to track when @@ -904,7 +905,7 @@ to be aware of during an upgrade are categorized below. #### Performance Timing Defaults and Tuning Consul 0.7 now defaults the DNS configuration to allow for stale queries by -defaulting [`allow_stale`](/docs/agent/options#allow_stale) to true for +defaulting [`allow_stale`](/docs/agent/config/agent-config-files#allow_stale) to true for better utilization of available servers. If you want to retain the previous behavior, set the following configuration: @@ -917,7 +918,7 @@ behavior, set the following configuration: ``` Consul also 0.7 introduced support for tuning Raft performance using a new -[performance configuration block](/docs/agent/options#performance). Also, +[performance configuration block](/docs/agent/config/agent-config-files#performance). Also, the default Raft timing is set to a lower-performance mode suitable for [minimal Consul servers](/docs/install/performance#minimum). @@ -937,8 +938,8 @@ See the [Server Performance](/docs/install/performance) guide for more details. #### Leave-Related Configuration Defaults -The default behavior of [`leave_on_terminate`](/docs/agent/options#leave_on_terminate) -and [`skip_leave_on_interrupt`](/docs/agent/options#skip_leave_on_interrupt) +The default behavior of [`leave_on_terminate`](/docs/agent/config/agent-config-files#leave_on_terminate) +and [`skip_leave_on_interrupt`](/docs/agent/config/agent-config-files#skip_leave_on_interrupt) are now dependent on whether or not the agent is acting as a server or client: - For servers, `leave_on_terminate` defaults to "false" and `skip_leave_on_interrupt` @@ -977,7 +978,7 @@ using this feature. #### WAN Address Translation in HTTP Endpoints Consul version 0.7 added support for translating WAN addresses in certain -[HTTP endpoints](/docs/agent/options#translate_wan_addrs). The servers +[HTTP endpoints](/docs/agent/config/agent-config-files#translate_wan_addrs). The servers and the agents need to be running version 0.7 or later in order to use this feature. @@ -1059,7 +1060,7 @@ which require it: } When the DNS interface is queried, the agent's -[`acl_token`](/docs/agent/options#acl_token) is used, so be sure +[`acl_token`](/docs/agent/config/agent-config-files#acl_token) is used, so be sure that token has sufficient privileges to return the DNS records you expect to retrieve from it. diff --git a/website/content/partials/http_api_options_client.mdx b/website/content/partials/http_api_options_client.mdx index 890253a61..516579bba 100644 --- a/website/content/partials/http_api_options_client.mdx +++ b/website/content/partials/http_api_options_client.mdx @@ -20,7 +20,7 @@ used instead. The scheme can also be set to HTTPS by setting the environment variable `CONSUL_HTTP_SSL=true`. This may be a unix domain socket using `unix:///path/to/socket` if the [agent is configured to - listen](/docs/agent/options#addresses) that way. + listen](/docs/agent/config/agent-config-files#addresses) that way. - `-tls-server-name=` - The server name to use as the SNI host when connecting via TLS. This can also be specified via the `CONSUL_TLS_SERVER_NAME` From a00492e62232d2f95e4ee846971d2042af962abf Mon Sep 17 00:00:00 2001 From: Natalie Smith Date: Mon, 10 Jan 2022 17:16:24 -0800 Subject: [PATCH 123/785] chore: rebase updates --- website/content/docs/agent/config/agent-config-cli.mdx | 2 +- website/content/docs/agent/config/agent-config-files.mdx | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/website/content/docs/agent/config/agent-config-cli.mdx b/website/content/docs/agent/config/agent-config-cli.mdx index 82d660803..df4a096f6 100644 --- a/website/content/docs/agent/config/agent-config-cli.mdx +++ b/website/content/docs/agent/config/agent-config-cli.mdx @@ -7,7 +7,7 @@ description: >- # Command-line Options ((#commandline_options)) --> **Note:** Some CLI arguments may be different from HCL keys. See [Configuration Key Reference](#config_key_reference) for equivalent HCL Keys. +-> **Note:** Some CLI arguments may be different from HCL keys. See [Configuration Key Reference](/docs/agent/config/agent-config-files#config_key_reference) for equivalent HCL Keys. The options below are all specified on the command-line. diff --git a/website/content/docs/agent/config/agent-config-files.mdx b/website/content/docs/agent/config/agent-config-files.mdx index 08a9f4398..78b918453 100644 --- a/website/content/docs/agent/config/agent-config-files.mdx +++ b/website/content/docs/agent/config/agent-config-files.mdx @@ -43,7 +43,7 @@ definitions support being updated during a reload. } ``` -# Configuration Key Reference +# Configuration Key Reference ((#config_key_reference)) -> **Note:** All the TTL values described below are parsed by Go's `time` package, and have the following [formatting specification](https://golang.org/pkg/time/#ParseDuration): "A From bea810cf6206609b4426b1a8da97221878e13796 Mon Sep 17 00:00:00 2001 From: Natalie Smith Date: Mon, 10 Jan 2022 17:26:47 -0800 Subject: [PATCH 124/785] docs: pr feedback --- website/content/docs/agent/config/agent-config-cli.mdx | 6 +++++- website/content/docs/agent/config/agent-config-files.mdx | 6 ++++-- website/redirects.js | 4 ++++ 3 files changed, 13 insertions(+), 3 deletions(-) diff --git a/website/content/docs/agent/config/agent-config-cli.mdx b/website/content/docs/agent/config/agent-config-cli.mdx index df4a096f6..0272dda5d 100644 --- a/website/content/docs/agent/config/agent-config-cli.mdx +++ b/website/content/docs/agent/config/agent-config-cli.mdx @@ -9,7 +9,11 @@ description: >- -> **Note:** Some CLI arguments may be different from HCL keys. See [Configuration Key Reference](/docs/agent/config/agent-config-files#config_key_reference) for equivalent HCL Keys. -The options below are all specified on the command-line. +This topic describes the available command-line options for the Consul agent. + +## Usage + +See [Agent Overview](/docs/agent#starting-the-consul-agent) for examples of how to use flags with the `consul agent` CLI. ## Environment Variables diff --git a/website/content/docs/agent/config/agent-config-files.mdx b/website/content/docs/agent/config/agent-config-files.mdx index 78b918453..9b21fbd14 100644 --- a/website/content/docs/agent/config/agent-config-files.mdx +++ b/website/content/docs/agent/config/agent-config-files.mdx @@ -7,8 +7,10 @@ description: >- # Configuration Files ((#configuration_files)) -In addition to the command-line options, configuration can be put into -files. This may be easier in certain situations, for example when Consul is +You can create one or more files to configure the Consul agent on startup. We recommend +grouping similar configurations into separate files, such as ACL parameters, to make it +easier to manage configuration changes. Using external files may be easier than +configuring agents on the command-line when Consul is being configured using a configuration management system. The configuration files are JSON formatted, making them easily readable diff --git a/website/redirects.js b/website/redirects.js index ea95d1803..777fa471d 100644 --- a/website/redirects.js +++ b/website/redirects.js @@ -1262,6 +1262,10 @@ module.exports = [ { source: '/api/:path*', destination: '/api-docs/:path*', + }, + { + source: '/docs/agent/options', + destination: '/docs/agent/config', permanent: true, }, ] From b9ec2222db0060c10be367bea7f0744395a4919b Mon Sep 17 00:00:00 2001 From: Natalie Smith Date: Mon, 10 Jan 2022 17:30:50 -0800 Subject: [PATCH 125/785] docs: simplify agent docs slugs --- .../network-areas/README.md | 2 +- docs/config/README.md | 4 +- docs/config/checklist-adding-config-fields.md | 4 +- docs/rpc/README.md | 2 +- website/content/api-docs/acl/index.mdx | 10 +- website/content/api-docs/agent/index.mdx | 18 +-- website/content/api-docs/config.mdx | 2 +- .../content/api-docs/connect/intentions.mdx | 2 +- website/content/api-docs/health.mdx | 2 +- website/content/api-docs/index.mdx | 4 +- .../content/api-docs/operator/autopilot.mdx | 2 +- .../content/commands/acl/set-agent-token.mdx | 2 +- website/content/commands/config/index.mdx | 2 +- website/content/commands/connect/envoy.mdx | 2 +- website/content/commands/debug.mdx | 2 +- website/content/commands/index.mdx | 2 +- .../content/commands/operator/autopilot.mdx | 4 +- website/content/commands/validate.mdx | 2 +- website/content/docs/agent/config-entries.mdx | 4 +- .../{agent-config-cli.mdx => cli-flags.mdx} | 12 +- ...gent-config-files.mdx => config-files.mdx} | 96 +++++++-------- website/content/docs/agent/config/index.mdx | 22 ++-- website/content/docs/agent/index.mdx | 28 ++--- website/content/docs/agent/telemetry.mdx | 20 ++-- website/content/docs/connect/ca/aws.mdx | 6 +- website/content/docs/connect/ca/consul.mdx | 2 +- website/content/docs/connect/ca/index.mdx | 2 +- website/content/docs/connect/ca/vault.mdx | 4 +- .../config-entries/exported-services.mdx | 2 +- .../docs/connect/config-entries/index.mdx | 2 +- .../connect/config-entries/proxy-defaults.mdx | 4 +- .../config-entries/service-defaults.mdx | 4 +- .../config-entries/service-intentions.mdx | 4 +- .../content/docs/connect/configuration.mdx | 14 +-- .../docs/connect/connect-internals.mdx | 4 +- .../docs/connect/gateways/ingress-gateway.mdx | 4 +- ...service-to-service-traffic-datacenters.mdx | 10 +- .../service-to-service-traffic-partitions.mdx | 4 +- .../wan-federation-via-mesh-gateways.mdx | 4 +- .../connect/gateways/terminating-gateway.mdx | 4 +- .../docs/connect/intentions-legacy.mdx | 2 +- website/content/docs/connect/intentions.mdx | 2 +- .../docs/connect/observability/index.mdx | 6 +- .../observability/ui-visualization.mdx | 14 +-- .../content/docs/connect/proxies/built-in.mdx | 4 +- .../content/docs/connect/proxies/envoy.mdx | 2 +- .../connect/proxies/managed-deprecated.mdx | 4 +- .../registration/service-registration.mdx | 4 +- .../connect/registration/sidecar-service.mdx | 4 +- website/content/docs/discovery/checks.mdx | 10 +- website/content/docs/discovery/dns.mdx | 24 ++-- .../content/docs/dynamic-app-config/kv.mdx | 4 +- .../docs/dynamic-app-config/watches.mdx | 2 +- .../content/docs/enterprise/audit-logging.mdx | 4 +- .../docs/enterprise/license/overview.mdx | 8 +- .../docs/enterprise/network-segments.mdx | 32 ++--- .../content/docs/enterprise/read-scale.mdx | 2 +- .../content/docs/install/bootstrapping.mdx | 14 +-- .../content/docs/install/cloud-auto-join.mdx | 4 +- .../content/docs/install/manual-bootstrap.mdx | 2 +- website/content/docs/install/performance.mdx | 20 ++-- website/content/docs/install/ports.mdx | 2 +- .../docs/k8s/connect/connect-ca-provider.mdx | 4 +- website/content/docs/k8s/helm.mdx | 12 +- .../servers-outside-kubernetes.mdx | 2 +- .../installation/multi-cluster/kubernetes.mdx | 4 +- .../multi-cluster/vms-and-kubernetes.mdx | 2 +- website/content/docs/nia/configuration.mdx | 6 +- .../docs/nia/installation/requirements.mdx | 2 +- .../docs/releases/release-notes/v1_9_0.mdx | 2 +- .../content/docs/security/acl/acl-legacy.mdx | 102 ++++++++-------- .../content/docs/security/acl/acl-rules.mdx | 20 ++-- .../docs/security/acl/auth-methods/index.mdx | 2 +- website/content/docs/security/encryption.mdx | 22 ++-- .../docs/security/security-models/core.mdx | 54 ++++----- .../docs/troubleshoot/common-errors.mdx | 6 +- website/content/docs/troubleshoot/faq.mdx | 8 +- .../instructions/general-process.mdx | 4 +- .../instructions/upgrade-to-1-6-x.mdx | 6 +- .../docs/upgrading/upgrade-specific.mdx | 110 +++++++++--------- .../partials/http_api_options_client.mdx | 2 +- website/data/docs-nav-data.json | 4 +- 82 files changed, 434 insertions(+), 434 deletions(-) rename website/content/docs/agent/config/{agent-config-cli.mdx => cli-flags.mdx} (96%) rename website/content/docs/agent/config/{agent-config-files.mdx => config-files.mdx} (97%) diff --git a/docs/cluster-federation/network-areas/README.md b/docs/cluster-federation/network-areas/README.md index efe10aa06..08a2014d5 100644 --- a/docs/cluster-federation/network-areas/README.md +++ b/docs/cluster-federation/network-areas/README.md @@ -35,7 +35,7 @@ Every Consul Enterprise server maintains a reconciliation routine where every 30 Joining a network area pool involves: 1. Setting memberlist and Serf configuration. - * Prior to Consul `v1.8.11` and `v1.9.5`, network areas were configured with memberlist's [DefaultWANConfig](https://github.com/hashicorp/memberlist/blob/838073fef1a4e1f6cb702a57a8075304098b1c31/config.go#L315). This was then updated to instead use the server's [gossip_wan](https://www.consul.io/docs/agent/config/agent-config-files#gossip_wan) configuration, which falls back to the DefaultWANConfig if it was not specified. + * Prior to Consul `v1.8.11` and `v1.9.5`, network areas were configured with memberlist's [DefaultWANConfig](https://github.com/hashicorp/memberlist/blob/838073fef1a4e1f6cb702a57a8075304098b1c31/config.go#L315). This was then updated to instead use the server's [gossip_wan](https://www.consul.io/docs/agent/config/config-files#gossip_wan) configuration, which falls back to the DefaultWANConfig if it was not specified. * As of Consul `v1.8.11`/`v1.9.5` it is not possible to tune gossip communication on a per-area basis. 2. Update the server's gossip network, which keeps track of network areas that the server is a part of. This gossip network is also used to dispatch incoming **gossip** connections to handlers for the appropriate area. diff --git a/docs/config/README.md b/docs/config/README.md index fe38011b9..98cd35ee8 100644 --- a/docs/config/README.md +++ b/docs/config/README.md @@ -13,7 +13,7 @@ See also the [checklist for adding a new field] to the configuration. [Agent Configuration]: https://www.consul.io/docs/agent/config [checklist for adding a new field]: ./checklist-adding-config-fields.md [Auto-Config]: #auto-config -[Config Entries]: https://www.consul.io/docs/agent/config/agent-config-files#config_entries +[Config Entries]: https://www.consul.io/docs/agent/config/config-files#config_entries [Services]: https://www.consul.io/docs/discovery/services [Checks]: https://www.consul.io/docs/discovery/checks @@ -53,6 +53,6 @@ implemented in a couple packages. * the server RPC endpoint is in [agent/consul/auto_config_endpoint.go] * the client that receives and applies the config is implemented in [agent/auto-config] -[auto_config]: https://www.consul.io/docs/agent/config/agent-config-files#auto_config +[auto_config]: https://www.consul.io/docs/agent/config/config-files#auto_config [agent/consul/auto_config_endpoint.go]: https://github.com/hashicorp/consul/blob/main/agent/consul/auto_config_endpoint.go [agent/auto-config]: https://github.com/hashicorp/consul/tree/main/agent/auto-config diff --git a/docs/config/checklist-adding-config-fields.md b/docs/config/checklist-adding-config-fields.md index 66807c072..e17139411 100644 --- a/docs/config/checklist-adding-config-fields.md +++ b/docs/config/checklist-adding-config-fields.md @@ -55,7 +55,7 @@ There are four specific cases covered with increasing complexity: state for client agent's RPC client. - [ ] Add a test to `agent/agent_test.go` similar to others with prefix `TestAgent_reloadConfig*`. - - [ ] Add documentation to `website/content/docs/agent/config/agent-config-files.mdx`. + - [ ] Add documentation to `website/content/docs/agent/config/config-files.mdx`. Done! You can now use your new field in a client agent by accessing `s.agent.Config.`. @@ -75,7 +75,7 @@ If the config field also needs a CLI flag, then follow these steps. `TestLoad_IntegrationWithFlags` in `agent/config/runtime_test.go` to ensure setting the flag works. - [ ] Add flag (as well as config file) documentation to - `website/source/docs/agent/config/agent-config-files.mdx` and `website/source/docs/agent/config/agent-config-cli.mdx`. + `website/source/docs/agent/config/config-files.mdx` and `website/source/docs/agent/config/cli-flags.mdx`. ## Adding a Simple Config Field for Servers Consul servers have a separate Config struct for reasons. Note that Consul diff --git a/docs/rpc/README.md b/docs/rpc/README.md index 7d8a75cad..4e9adbacf 100644 --- a/docs/rpc/README.md +++ b/docs/rpc/README.md @@ -22,7 +22,7 @@ The "RPC Server" accepts requests to the [server port] and routes the requests b configuration of the Server and the the first byte in the request. The diagram below shows all the possible routing flows. -[server port]: https://www.consul.io/docs/agent/config/agent-config-files#server_rpc_port +[server port]: https://www.consul.io/docs/agent/config/config-files#server_rpc_port ![RPC Routing](./routing.svg) diff --git a/website/content/api-docs/acl/index.mdx b/website/content/api-docs/acl/index.mdx index 6a39bef52..a1c40b06f 100644 --- a/website/content/api-docs/acl/index.mdx +++ b/website/content/api-docs/acl/index.mdx @@ -16,7 +16,7 @@ the [ACL tutorial](https://learn.hashicorp.com/tutorials/consul/access-control-s ## Bootstrap ACLs This endpoint does a special one-time bootstrap of the ACL system, making the first -management token if the [`acl.tokens.initial_management`](/docs/agent/config/agent-config-files#acl_tokens_initial_management) +management token if the [`acl.tokens.initial_management`](/docs/agent/config/config-files#acl_tokens_initial_management) configuration entry is not specified in the Consul server configuration and if the cluster has not been bootstrapped previously. This is available in Consul 0.9.1 and later, and requires all Consul servers to be upgraded in order to operate. @@ -143,7 +143,7 @@ $ curl \ - `SourceDatacenter` - The authoritative ACL datacenter that ACLs are being replicated from and will match the - [`primary_datacenter`](/docs/agent/config/agent-config-files#primary_datacenter) configuration. + [`primary_datacenter`](/docs/agent/config/config-files#primary_datacenter) configuration. - `ReplicationType` - The type of replication that is currently in use. @@ -295,7 +295,7 @@ The table below shows this endpoint's support for -> **Note** - To use the login process to create tokens in any connected secondary datacenter, [ACL -replication](/docs/agent/config/agent-config-files#acl_enable_token_replication) must be +replication](/docs/agent/config/config-files#acl_enable_token_replication) must be enabled. Login requires the ability to create local tokens which is restricted to the primary datacenter and any secondary datacenters with ACL token replication enabled. @@ -425,7 +425,7 @@ The table below shows this endpoint's support for -> **Note** - To use the login process to create tokens in any connected secondary datacenter, [ACL -replication](/docs/agent/config/agent-config-files#acl_enable_token_replication) must be +replication](/docs/agent/config/config-files#acl_enable_token_replication) must be enabled. Login requires the ability to create local tokens which is restricted to the primary datacenter and any secondary datacenters with ACL token replication enabled. @@ -505,7 +505,7 @@ The table below shows this endpoint's support for -> **Note** - To use the login process to create tokens in any connected secondary datacenter, [ACL -replication](/docs/agent/config/agent-config-files#acl_enable_token_replication) must be +replication](/docs/agent/config/config-files#acl_enable_token_replication) must be enabled. Login requires the ability to create local tokens which is restricted to the primary datacenter and any secondary datacenters with ACL token replication enabled. diff --git a/website/content/api-docs/agent/index.mdx b/website/content/api-docs/agent/index.mdx index 54360d802..e5f91b468 100644 --- a/website/content/api-docs/agent/index.mdx +++ b/website/content/api-docs/agent/index.mdx @@ -440,7 +440,7 @@ page. In order to enable [Prometheus](https://prometheus.io/) support, you need to use the configuration directive -[`prometheus_retention_time`](/docs/agent/config/agent-config-files#telemetry-prometheus_retention_time). +[`prometheus_retention_time`](/docs/agent/config/config-files#telemetry-prometheus_retention_time). Since Consul 1.7.2 this endpoint will also automatically switch output format if the request contains an `Accept` header with a compatible MIME type such as @@ -745,7 +745,7 @@ $ curl \ This endpoint updates the ACL tokens currently in use by the agent. It can be used to introduce ACL tokens to the agent for the first time, or to update tokens that were initially loaded from the agent's configuration. Tokens will be persisted -only if the [`acl.enable_token_persistence`](/docs/agent/config/agent-config-files#acl_enable_token_persistence) +only if the [`acl.enable_token_persistence`](/docs/agent/config/config-files#acl_enable_token_persistence) configuration is `true`. When not being persisted, they will need to be reset if the agent is restarted. @@ -757,9 +757,9 @@ is restarted. | `PUT` | `/agent/token/replication` | `application/json` | The paths above correspond to the token names as found in the agent configuration: -[`default`](/docs/agent/config/agent-config-files#acl_tokens_default), [`agent`](/docs/agent/config/agent-config-files#acl_tokens_agent), -[`agent_recovery`](/docs/agent/config/agent-config-files#acl_tokens_agent_recovery), and -[`replication`](/docs/agent/config/agent-config-files#acl_tokens_replication). +[`default`](/docs/agent/config/config-files#acl_tokens_default), [`agent`](/docs/agent/config/config-files#acl_tokens_agent), +[`agent_recovery`](/docs/agent/config/config-files#acl_tokens_agent_recovery), and +[`replication`](/docs/agent/config/config-files#acl_tokens_replication). -> **Deprecation Note:** The following paths were deprecated in version 1.11 @@ -768,7 +768,7 @@ The paths above correspond to the token names as found in the agent configuratio | `PUT` | `/agent/token/agent_master` | `application/json` | The paths above correspond to the token names as found in the agent configuration: -[`agent_master`](/docs/agent/config/agent-config-files#acl_tokens_agent_master). +[`agent_master`](/docs/agent/config/config-files#acl_tokens_agent_master). -> **Deprecation Note:** The following paths were deprecated in version 1.4.3 @@ -780,9 +780,9 @@ The paths above correspond to the token names as found in the agent configuratio | `PUT` | `/agent/token/acl_replication_token` | `application/json` | The paths above correspond to the token names as found in the agent configuration: -[`acl_token`](/docs/agent/config/agent-config-files#acl_token_legacy), [`acl_agent_token`](/docs/agent/config/agent-config-files#acl_agent_token_legacy), -[`acl_agent_master_token`](/docs/agent/config/agent-config-files#acl_agent_master_token_legacy), and -[`acl_replication_token`](/docs/agent/config/agent-config-files#acl_replication_token_legacy). +[`acl_token`](/docs/agent/config/config-files#acl_token_legacy), [`acl_agent_token`](/docs/agent/config/config-files#acl_agent_token_legacy), +[`acl_agent_master_token`](/docs/agent/config/config-files#acl_agent_master_token_legacy), and +[`acl_replication_token`](/docs/agent/config/config-files#acl_replication_token_legacy). The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), diff --git a/website/content/api-docs/config.mdx b/website/content/api-docs/config.mdx index 1ba83ed68..9a28880c6 100644 --- a/website/content/api-docs/config.mdx +++ b/website/content/api-docs/config.mdx @@ -10,7 +10,7 @@ description: |- The `/config` endpoints create, update, delete and query central configuration entries registered with Consul. See the -[agent configuration](/docs/agent/config/agent-config-files#enable_central_service_config) +[agent configuration](/docs/agent/config/config-files#enable_central_service_config) for more information on how to enable this functionality for centrally configuring services and [configuration entries docs](/docs/agent/config-entries) for a description of the configuration entries content. diff --git a/website/content/api-docs/connect/intentions.mdx b/website/content/api-docs/connect/intentions.mdx index ddbeab469..328c989b8 100644 --- a/website/content/api-docs/connect/intentions.mdx +++ b/website/content/api-docs/connect/intentions.mdx @@ -96,7 +96,7 @@ The corresponding CLI command is [`consul intention create -replace`](/commands/ evaluation. As with L4 intentions, traffic that fails to match any of the provided permissions in this intention will be subject to the default intention behavior is defined by the default [ACL - policy](/docs/agent/config/agent-config-files#acl_default_policy). + policy](/docs/agent/config/config-files#acl_default_policy). This should be omitted for an L4 intention as it is mutually exclusive with the `Action` field. diff --git a/website/content/api-docs/health.mdx b/website/content/api-docs/health.mdx index 4d60aafe9..1c68f60b0 100644 --- a/website/content/api-docs/health.mdx +++ b/website/content/api-docs/health.mdx @@ -241,7 +241,7 @@ The table below shows this endpoint's support for ascending order based on the estimated round trip time from that node. Passing `?near=_agent` will use the agent's node for the sort. This is specified as part of the URL as a query parameter. **Note** that using `near` will ignore - [`use_streaming_backend`](/docs/agent/config/agent-config-files#use_streaming_backend) and always + [`use_streaming_backend`](/docs/agent/config/config-files#use_streaming_backend) and always use blocking queries, because the data required to sort the results is not available to the streaming backend. diff --git a/website/content/api-docs/index.mdx b/website/content/api-docs/index.mdx index 40dc5a79b..23b3456eb 100644 --- a/website/content/api-docs/index.mdx +++ b/website/content/api-docs/index.mdx @@ -83,7 +83,7 @@ $ curl \ Consul 0.7 added the ability to translate addresses in HTTP response based on the configuration setting for -[`translate_wan_addrs`](/docs/agent/config/agent-config-files#translate_wan_addrs). In order +[`translate_wan_addrs`](/docs/agent/config/config-files#translate_wan_addrs). In order to allow clients to know if address translation is in effect, the `X-Consul-Translate-Addresses` header will be added if translation is enabled, and will have a value of `true`. If translation is not enabled then this header @@ -94,7 +94,7 @@ will not be present. All API responses for Consul versions after 1.9 will include an HTTP response header `X-Consul-Default-ACL-Policy` set to either "allow" or "deny" which mirrors the current value of the agent's -[`acl.default_policy`](/docs/agent/config/agent-config-files#acl_default_policy) option. +[`acl.default_policy`](/docs/agent/config/config-files#acl_default_policy) option. This is also the default [intention](/docs/connect/intentions) enforcement action if no intention matches. diff --git a/website/content/api-docs/operator/autopilot.mdx b/website/content/api-docs/operator/autopilot.mdx index f4a2e25c8..ef88056e5 100644 --- a/website/content/api-docs/operator/autopilot.mdx +++ b/website/content/api-docs/operator/autopilot.mdx @@ -69,7 +69,7 @@ $ curl \ ``` For more information about the Autopilot configuration options, see the -[agent configuration section](/docs/agent/config/agent-config-files#autopilot). +[agent configuration section](/docs/agent/config/config-files#autopilot). ## Update Configuration diff --git a/website/content/commands/acl/set-agent-token.mdx b/website/content/commands/acl/set-agent-token.mdx index dfe9f4567..138da2600 100644 --- a/website/content/commands/acl/set-agent-token.mdx +++ b/website/content/commands/acl/set-agent-token.mdx @@ -12,7 +12,7 @@ Corresponding HTTP API Endpoint: [\[PUT\] /v1/agent/token/:type](/api-docs/agent This command updates the ACL tokens currently in use by the agent. It can be used to introduce ACL tokens to the agent for the first time, or to update tokens that were initially loaded from the agent's configuration. Tokens are not persisted unless -[`acl.enable_token_persistence`](/docs/agent/config/agent-config-files#acl_enable_token_persistence) +[`acl.enable_token_persistence`](/docs/agent/config/config-files#acl_enable_token_persistence) is `true`, so tokens will need to be updated again if that option is `false` and the agent is restarted. diff --git a/website/content/commands/config/index.mdx b/website/content/commands/config/index.mdx index 5b22e5115..891e1ffce 100644 --- a/website/content/commands/config/index.mdx +++ b/website/content/commands/config/index.mdx @@ -10,7 +10,7 @@ Command: `consul config` The `config` command is used to interact with Consul's central configuration system. It exposes commands for creating, updating, reading, and deleting different kinds of config entries. See the -[agent configuration](/docs/agent/config/agent-config-files#enable_central_service_config) +[agent configuration](/docs/agent/config/config-files#enable_central_service_config) for more information on how to enable this functionality for centrally configuring services and [configuration entries docs](/docs/agent/config-entries) for a description of the configuration entries content. diff --git a/website/content/commands/connect/envoy.mdx b/website/content/commands/connect/envoy.mdx index 68d81d47a..d453a7cbf 100644 --- a/website/content/commands/connect/envoy.mdx +++ b/website/content/commands/connect/envoy.mdx @@ -42,7 +42,7 @@ proxy configuration needed. be used instead. The scheme can also be set to HTTPS by setting the environment variable CONSUL_HTTP_SSL=true. This may be a unix domain socket using `unix:///path/to/socket` if the [agent is configured to - listen](/docs/agent/config/agent-config-files#addresses) that way. + listen](/docs/agent/config/config-files#addresses) that way. -> **Note:** gRPC uses the same TLS settings as the HTTPS API. If HTTPS is enabled then gRPC will require HTTPS diff --git a/website/content/commands/debug.mdx b/website/content/commands/debug.mdx index 23ff3d0da..0e7b16e82 100644 --- a/website/content/commands/debug.mdx +++ b/website/content/commands/debug.mdx @@ -78,7 +78,7 @@ information when `debug` is running. By default, it captures all information. | `members` | A list of all the WAN and LAN members in the cluster. | | `metrics` | Metrics from the in-memory metrics endpoint in the target, captured at the interval. | | `logs` | `DEBUG` level logs for the target agent, captured for the duration. | -| `pprof` | Golang heap, CPU, goroutine, and trace profiling. CPU and traces are captured for `duration` in a single file while heap and goroutine are separate snapshots for each `interval`. This information is not retrieved unless [`enable_debug`](/docs/agent/config/agent-config-files#enable_debug) is set to `true` on the target agent or ACLs are enable and an ACL token with `operator:read` is provided. | +| `pprof` | Golang heap, CPU, goroutine, and trace profiling. CPU and traces are captured for `duration` in a single file while heap and goroutine are separate snapshots for each `interval`. This information is not retrieved unless [`enable_debug`](/docs/agent/config/config-files#enable_debug) is set to `true` on the target agent or ACLs are enable and an ACL token with `operator:read` is provided. | ## Examples diff --git a/website/content/commands/index.mdx b/website/content/commands/index.mdx index 4ff1b0735..47c4085b6 100644 --- a/website/content/commands/index.mdx +++ b/website/content/commands/index.mdx @@ -235,7 +235,7 @@ CONSUL_TLS_SERVER_NAME=consulserver.domain Like [`CONSUL_HTTP_ADDR`](#consul_http_addr) but configures the address the local agent is listening for gRPC requests. Currently gRPC is only used for integrating [Envoy proxy](/docs/connect/proxies/envoy) and must be [enabled -explicitly](/docs/agent/config/agent-config-files#grpc_port) in agent configuration. +explicitly](/docs/agent/config/config-files#grpc_port) in agent configuration. ``` CONSUL_GRPC_ADDR=127.0.0.1:8502 diff --git a/website/content/commands/operator/autopilot.mdx b/website/content/commands/operator/autopilot.mdx index 2a0a2c29a..f0b16a5de 100644 --- a/website/content/commands/operator/autopilot.mdx +++ b/website/content/commands/operator/autopilot.mdx @@ -104,10 +104,10 @@ Usage: `consul operator autopilot set-config [options]` - `-disable-upgrade-migration` - Controls whether Consul will avoid promoting new servers until it can perform a migration. Must be one of `[true|false]`. -- `-redundancy-zone-tag` - Controls the [`-node-meta`](/docs/agent/config/agent-config-cli#_node_meta) +- `-redundancy-zone-tag` - Controls the [`-node-meta`](/docs/agent/config/cli-flags#_node_meta) key name used for separating servers into different redundancy zones. -- `-upgrade-version-tag` - Controls the [`-node-meta`](/docs/agent/config/agent-config-cli#_node_meta) +- `-upgrade-version-tag` - Controls the [`-node-meta`](/docs/agent/config/cli-flags#_node_meta) tag to use for version info when performing upgrade migrations. If left blank, the Consul version will be used. ### Command Output diff --git a/website/content/commands/validate.mdx b/website/content/commands/validate.mdx index ade133928..abdb0657f 100644 --- a/website/content/commands/validate.mdx +++ b/website/content/commands/validate.mdx @@ -21,7 +21,7 @@ to be loaded by the agent. This command cannot operate on partial configuration fragments since those won't pass the full agent validation. For more information on the format of Consul's configuration files, read the -consul agent [Configuration Files](/docs/agent/config/agent-config-files) +consul agent [Configuration Files](/docs/agent/config/config-files) section. ## Usage diff --git a/website/content/docs/agent/config-entries.mdx b/website/content/docs/agent/config-entries.mdx index 48a996e05..09098e96c 100644 --- a/website/content/docs/agent/config-entries.mdx +++ b/website/content/docs/agent/config-entries.mdx @@ -58,7 +58,7 @@ Configuration entries outside of Kubernetes should be managed with the Consul [CLI](/commands/config) or [API](/api-docs/config). Additionally, as a convenience for initial cluster bootstrapping, configuration entries can be specified in all of the Consul servers's -[configuration files](/docs/agent/config/agent-config-files#config_entries_bootstrap) +[configuration files](/docs/agent/config/config-files#config_entries_bootstrap) ### Managing Configuration Entries with the CLI @@ -162,7 +162,7 @@ api ### Bootstrapping From A Configuration File Configuration entries can be bootstrapped by adding them [inline to each Consul -server's configuration file](/docs/agent/config/agent-config-files#config_entries). When a +server's configuration file](/docs/agent/config/config-files#config_entries). When a server gains leadership, it will attempt to initialize the configuration entries. If a configuration entry does not already exist outside of the servers configuration, then it will create it. If a configuration entry does exist, that diff --git a/website/content/docs/agent/config/agent-config-cli.mdx b/website/content/docs/agent/config/cli-flags.mdx similarity index 96% rename from website/content/docs/agent/config/agent-config-cli.mdx rename to website/content/docs/agent/config/cli-flags.mdx index 0272dda5d..3b97a76b0 100644 --- a/website/content/docs/agent/config/agent-config-cli.mdx +++ b/website/content/docs/agent/config/cli-flags.mdx @@ -7,7 +7,7 @@ description: >- # Command-line Options ((#commandline_options)) --> **Note:** Some CLI arguments may be different from HCL keys. See [Configuration Key Reference](/docs/agent/config/agent-config-files#config_key_reference) for equivalent HCL Keys. +-> **Note:** Some CLI arguments may be different from HCL keys. See [Configuration Key Reference](/docs/agent/config/config-files#config_key_reference) for equivalent HCL Keys. This topic describes the available command-line options for the Consul agent. @@ -30,7 +30,7 @@ information. limit of 4k for maximum size of checks, this is a positive value. By limiting this size, it allows to put less pressure on Consul servers when many checks are having a very large output in their checks. In order to completely disable check output - capture, it is possible to use [`discard_check_output`](/docs/agent/config/agent-config-files#discard_check_output). + capture, it is possible to use [`discard_check_output`](/docs/agent/config/config-files#discard_check_output). - `-client` ((#\_client)) - The address to which Consul will bind client interfaces, including the HTTP and DNS servers. By default, this is "127.0.0.1", @@ -126,7 +126,7 @@ information. - `-raft-protocol` ((#\_raft_protocol)) - This controls the internal version of the Raft consensus protocol used for server communications. This must be set - to 3 in order to gain access to Autopilot features, with the exception of [`cleanup_dead_servers`](/docs/agent/config/agent-config-files#cleanup_dead_servers). Defaults to 3 in Consul 1.0.0 and later (defaulted to 2 previously). See [Raft Protocol Version Compatibility](/docs/upgrade-specific#raft-protocol-version-compatibility) for more details. + to 3 in order to gain access to Autopilot features, with the exception of [`cleanup_dead_servers`](/docs/agent/config/config-files#cleanup_dead_servers). Defaults to 3 in Consul 1.0.0 and later (defaulted to 2 previously). See [Raft Protocol Version Compatibility](/docs/upgrade-specific#raft-protocol-version-compatibility) for more details. - `-segment` ((#\_segment)) - This flag is used to set the name of the network segment the agent belongs to. An agent can only join and @@ -150,13 +150,13 @@ information. - `-advertise-wan` ((#\_advertise-wan)) - The advertise WAN address is used to change the address that we advertise to server nodes joining through the WAN. - This can also be set on client agents when used in combination with the [`translate_wan_addrs`](/docs/agent/config/agent-config-files#translate_wan_addrs) configuration option. By default, the [`-advertise`](#_advertise) address + This can also be set on client agents when used in combination with the [`translate_wan_addrs`](/docs/agent/config/config-files#translate_wan_addrs) configuration option. By default, the [`-advertise`](#_advertise) address is advertised. However, in some cases all members of all datacenters cannot be on the same physical or virtual network, especially on hybrid setups mixing cloud and private datacenters. This flag enables server nodes gossiping through the public network for the WAN while using private VLANs for gossiping to each other and their client agents, and it allows client agents to be reached at this address when being - accessed from a remote datacenter if the remote datacenter is configured with [`translate_wan_addrs`](/docs/agent/config/agent-config-files#translate_wan_addrs). In Consul 1.1.0 and later this can be dynamically defined with a [go-sockaddr] + accessed from a remote datacenter if the remote datacenter is configured with [`translate_wan_addrs`](/docs/agent/config/config-files#translate_wan_addrs). In Consul 1.1.0 and later this can be dynamically defined with a [go-sockaddr] template that is resolved at runtime. ## Address Bind Options @@ -294,7 +294,7 @@ information. If Consul is running on the non-default Serf LAN port, the port must be specified in the join address, or configured as the agent's default Serf port - using the [`ports.serf_lan`](/docs/agent/config/agent-config-files#serf_lan_port) configuration option or + using the [`ports.serf_lan`](/docs/agent/config/config-files#serf_lan_port) configuration option or [`-serf-lan-port`](#_serf_lan_port) command line flag. If using network segments (Enterprise), see [additional documentation on diff --git a/website/content/docs/agent/config/agent-config-files.mdx b/website/content/docs/agent/config/config-files.mdx similarity index 97% rename from website/content/docs/agent/config/agent-config-files.mdx rename to website/content/docs/agent/config/config-files.mdx index 9b21fbd14..88cdc1780 100644 --- a/website/content/docs/agent/config/agent-config-files.mdx +++ b/website/content/docs/agent/config/config-files.mdx @@ -82,7 +82,7 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'." - `https` - The HTTPS API. Defaults to `client_addr` - `grpc` - The gRPC API. Defaults to `client_addr` -- `alt_domain` Equivalent to the [`-alt-domain` command-line flag](/docs/agent/config/agent-config-cli#_alt_domain) +- `alt_domain` Equivalent to the [`-alt-domain` command-line flag](/docs/agent/config/cli-flags#_alt_domain) - `audit` - Added in Consul 1.8, the audit object allow users to enable auditing and configure a sink and filters for their audit logs. For more information, review the [audit log tutorial](https://learn.hashicorp.com/tutorials/consul/audit-logging). @@ -209,7 +209,7 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'." - `server_addresses` (Defaults to `[]`) This specifies the addresses of servers in the local datacenter to use for the initial RPC. These addresses support - [Cloud Auto-Joining](/docs/agent/config/agent-config-cli#cloud-auto-joining) and can optionally include a port to + [Cloud Auto-Joining](/docs/agent/config/cli-flags#cloud-auto-joining) and can optionally include a port to use when making the outbound connection. If not port is provided the `server_port` will be used. @@ -312,7 +312,7 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'." - `partition` - The admin partition name the client is requesting. -- `bind_addr` Equivalent to the [`-bind` command-line flag](/docs/agent/config/agent-config-cli#_bind). +- `bind_addr` Equivalent to the [`-bind` command-line flag](/docs/agent/config/cli-flags#_bind). This parameter can be set to a go-sockaddr template that resolves to a single address. Special characters such as backslashes `\` or double quotes `"` @@ -360,7 +360,7 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr changes state, the new state and associated output is synchronized immediately. To disable this behavior, set the value to "0s". -- `client_addr` Equivalent to the [`-client` command-line flag](/docs/agent/config/agent-config-cli#_client). +- `client_addr` Equivalent to the [`-client` command-line flag](/docs/agent/config/cli-flags#_client). - `config_entries` This object allows setting options for centralized config entries. @@ -374,9 +374,9 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr See the [configuration entry docs](/docs/agent/config-entries) for more details about the contents of each entry. -- `datacenter` Equivalent to the [`-datacenter` command-line flag](/docs/agent/config/agent-config-cli#_datacenter). +- `datacenter` Equivalent to the [`-datacenter` command-line flag](/docs/agent/config/cli-flags#_datacenter). -- `data_dir` Equivalent to the [`-data-dir` command-line flag](/docs/agent/config/agent-config-cli#_data_dir). +- `data_dir` Equivalent to the [`-data-dir` command-line flag](/docs/agent/config/cli-flags#_data_dir). - `disable_anonymous_signature` Disables providing an anonymous signature for de-duplication with the update check. See [`disable_update_check`](#disable_update_check). @@ -406,17 +406,17 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr - `enable_debug` When set, enables some additional debugging features. Currently, this is only used to access runtime profiling HTTP endpoints, which are available with an `operator:read` ACL regardless of the value of `enable_debug`. -- `enable_script_checks` Equivalent to the [`-enable-script-checks` command-line flag](/docs/agent/config/agent-config-cli#_enable_script_checks). +- `enable_script_checks` Equivalent to the [`-enable-script-checks` command-line flag](/docs/agent/config/cli-flags#_enable_script_checks). ACLs must be enabled for agents and the `enable_script_checks` option must be set to `true` to enable script checks in Consul 0.9.0 and later. See [Registering and Querying Node Information](/docs/security/acl/acl-rules#registering-and-querying-node-information) for related information. ~> **Security Warning:** Enabling script checks in some configurations may introduce a known remote execution vulnerability targeted by malware. We strongly recommend `enable_local_script_checks` instead. Refer to the following article for additional guidance: [_Protecting Consul from RCE Risk in Specific Configurations_](https://www.hashicorp.com/blog/protecting-consul-from-rce-risk-in-specific-configurations) for more details. -- `enable_local_script_checks` Equivalent to the [`-enable-local-script-checks` command-line flag](/docs/agent/config/agent-config-cli#_enable_local_script_checks). +- `enable_local_script_checks` Equivalent to the [`-enable-local-script-checks` command-line flag](/docs/agent/config/cli-flags#_enable_local_script_checks). - `disable_keyring_file` - Equivalent to the - [`-disable-keyring-file` command-line flag](/docs/agent/config/agent-config-cli#_disable_keyring_file). + [`-disable-keyring-file` command-line flag](/docs/agent/config/cli-flags#_disable_keyring_file). - `disable_coordinates` - Disables sending of [network coordinates](/docs/architecture/coordinates). When network coordinates are disabled the `near` query param will not work to sort the nodes, @@ -476,9 +476,9 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr - `kv_max_value_size` - **(Advanced)** Configures the maximum number of bytes for a kv request body to the [`/v1/kv`](/api/kv) endpoint. This limit defaults to [raft's](https://github.com/hashicorp/raft) suggested max size (512KB). **Note that tuning these improperly can cause Consul to fail in unexpected ways**, it may potentially affect leadership stability and prevent timely heartbeat signals by increasing RPC IO duration. This option affects the txn endpoint too, but Consul 1.7.2 introduced `txn_max_req_len` which is the preferred way to set the limit for the txn endpoint. If both limits are set, the higher one takes precedence. - `txn_max_req_len` - **(Advanced)** Configures the maximum number of bytes for a transaction request body to the [`/v1/txn`](/api/txn) endpoint. This limit defaults to [raft's](https://github.com/hashicorp/raft) suggested max size (512KB). **Note that tuning these improperly can cause Consul to fail in unexpected ways**, it may potentially affect leadership stability and prevent timely heartbeat signals by increasing RPC IO duration. -- `default_query_time` Equivalent to the [`-default-query-time` command-line flag](/docs/agent/config/agent-config-cli#_default_query_time). +- `default_query_time` Equivalent to the [`-default-query-time` command-line flag](/docs/agent/config/cli-flags#_default_query_time). -- `max_query_time` Equivalent to the [`-max-query-time` command-line flag](/docs/agent/config/agent-config-cli#_max_query_time). +- `max_query_time` Equivalent to the [`-max-query-time` command-line flag](/docs/agent/config/cli-flags#_max_query_time). - `partition` - This flag is used to set the name of the admin partition the agent belongs to. An agent can only join @@ -559,7 +559,7 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr enforcement of ACLs. - `primary_gateways` Equivalent to the [`-primary-gateway` - command-line flag](/docs/agent/config/agent-config-cli#_primary_gateway). Takes a list of addresses to use as the + command-line flag](/docs/agent/config/cli-flags#_primary_gateway). Takes a list of addresses to use as the mesh gateways for the primary datacenter when authoritative replicated catalog data is not present. Discovery happens every [`primary_gateways_interval`](#primary_gateways_interval) until at least one primary mesh gateway is discovered. This was added in Consul @@ -570,7 +570,7 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr 30s. This was added in Consul 1.8.0. - `protocol` ((#protocol)) Equivalent to the [`-protocol` command-line - flag](/docs/agent/config/agent-config-cli#_protocol). + flag](/docs/agent/config/cli-flags#_protocol). - `reap` This controls Consul's automatic reaping of child processes, which is useful if Consul is running as PID 1 in a Docker container. If this isn't @@ -612,7 +612,7 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr servers in all federated datacenters must have this enabled before any client can use [`use_streaming_backend`](#use_streaming_backend). -- `segment` - Equivalent to the [`-segment` command-line flag](/docs/agent/config/agent-config-cli#_segment). +- `segment` - Equivalent to the [`-segment` command-line flag](/docs/agent/config/cli-flags#_segment). ~> **Warning:** The `segment` option cannot be used with the [`partition`](#partition-1) option. @@ -635,11 +635,11 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr port. Only valid if the segment's bind address differs from the [`-bind`](#_bind) address. Defaults to false. -- `server` Equivalent to the [`-server` command-line flag](/docs/agent/config/agent-config-cli#_server). +- `server` Equivalent to the [`-server` command-line flag](/docs/agent/config/cli-flags#_server). - `non_voting_server` - **This field is deprecated in Consul 1.9.1. See the [`read_replica`](#read_replica) field instead.** -- `read_replica` - Equivalent to the [`-read-replica` command-line flag](/docs/agent/config/agent-config-cli#_read_replica). +- `read_replica` - Equivalent to the [`-read-replica` command-line flag](/docs/agent/config/cli-flags#_read_replica). - `session_ttl_min` The minimum allowed session TTL. This ensures sessions are not created with TTL's shorter than the specified limit. It is recommended to keep this limit at or above @@ -907,7 +907,7 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr set [`acl.enable_token_replication`](#acl_enable_token_replication) to true for backward compatibility. If there's a partition or other outage affecting the authoritative datacenter, and the - [`acl_down_policy`](/docs/agent/config/agent-config-files#acl_down_policy) is set to "extend-cache", tokens not + [`acl_down_policy`](/docs/agent/config/config-files#acl_down_policy) is set to "extend-cache", tokens not in the cache can be resolved during the outage using the replicated set of ACLs. - `acl_token` ((#acl_token_legacy)) - **Deprecated in Consul 1.4.0. See @@ -937,13 +937,13 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr ## Advertise Address Parameters -- `advertise_addr` Equivalent to the [`-advertise` command-line flag](/docs/agent/config/agent-config-cli#_advertise). +- `advertise_addr` Equivalent to the [`-advertise` command-line flag](/docs/agent/config/cli-flags#_advertise). - `advertise_addr_ipv4` This was added together with [`advertise_addr_ipv6`](#advertise_addr_ipv6) to support dual stack IPv4/IPv6 environments. Using this, both IPv4 and IPv6 addresses can be specified and requested during eg service discovery. - `advertise_addr_ipv6` This was added together with [`advertise_addr_ipv4`](#advertise_addr_ipv4) to support dual stack IPv4/IPv6 environments. Using this, both IPv4 and IPv6 addresses can be specified and requested during eg service discovery. -- `advertise_addr_wan` Equivalent to the [`-advertise-wan` command-line flag](/docs/agent/config/agent-config-cli#_advertise-wan). +- `advertise_addr_wan` Equivalent to the [`-advertise-wan` command-line flag](/docs/agent/config/cli-flags#_advertise-wan). - `advertise_addr_wan_ipv4` This was added together with [`advertise_addr_wan_ipv6`](#advertise_addr_wan_ipv6) to support dual stack IPv4/IPv6 environments. Using this, both IPv4 and IPv6 addresses can be specified and requested during eg service discovery. @@ -956,9 +956,9 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr ## Bootstrap Parameters -- `bootstrap` Equivalent to the [`-bootstrap` command-line flag](/docs/agent/config/agent-config-cli#_bootstrap). +- `bootstrap` Equivalent to the [`-bootstrap` command-line flag](/docs/agent/config/cli-flags#_bootstrap). -- `bootstrap_expect` Equivalent to the [`-bootstrap-expect` command-line flag](/docs/agent/config/agent-config-cli#_bootstrap_expect). +- `bootstrap_expect` Equivalent to the [`-bootstrap-expect` command-line flag](/docs/agent/config/cli-flags#_bootstrap_expect). ## Connect Parameters @@ -1230,7 +1230,7 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr versions and will assume the label is the datacenter. See: [this section](/docs/discovery/dns#namespaced-services) for more details. -- `domain` Equivalent to the [`-domain` command-line flag](/docs/agent/config/agent-config-cli#_domain). +- `domain` Equivalent to the [`-domain` command-line flag](/docs/agent/config/cli-flags#_domain). ## Encryption Parameters @@ -1273,7 +1273,7 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr the certificates requested by `auto_encrypt` from the server have these `ip_san` set as IP SAN. -- `encrypt` Equivalent to the [`-encrypt` command-line flag](/docs/agent/config/agent-config-cli#_encrypt). +- `encrypt` Equivalent to the [`-encrypt` command-line flag](/docs/agent/config/cli-flags#_encrypt). - `encrypt_verify_incoming` - This is an optional parameter that can be used to disable enforcing encryption for incoming gossip @@ -1375,15 +1375,15 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr ## Join Parameters -- `rejoin_after_leave` Equivalent to the [`-rejoin` command-line flag](/docs/agent/config/agent-config-cli#_rejoin). +- `rejoin_after_leave` Equivalent to the [`-rejoin` command-line flag](/docs/agent/config/cli-flags#_rejoin). -- `retry_join` - Equivalent to the [`-retry-join`](/docs/agent/config/agent-config-cli#retry-join) command-line flag. +- `retry_join` - Equivalent to the [`-retry-join`](/docs/agent/config/cli-flags#retry-join) command-line flag. -- `retry_interval` Equivalent to the [`-retry-interval` command-line flag](/docs/agent/config/agent-config-cli#_retry_interval). +- `retry_interval` Equivalent to the [`-retry-interval` command-line flag](/docs/agent/config/cli-flags#_retry_interval). -- `retry_join_wan` Equivalent to the [`-retry-join-wan` command-line flag](/docs/agent/config/agent-config-cli#_retry_join_wan). Takes a list of addresses to attempt joining to WAN every [`retry_interval_wan`](#_retry_interval_wan) until at least one join works. +- `retry_join_wan` Equivalent to the [`-retry-join-wan` command-line flag](/docs/agent/config/cli-flags#_retry_join_wan). Takes a list of addresses to attempt joining to WAN every [`retry_interval_wan`](#_retry_interval_wan) until at least one join works. -- `retry_interval_wan` Equivalent to the [`-retry-interval-wan` command-line flag](/docs/agent/config/agent-config-cli#_retry_interval_wan). +- `retry_interval_wan` Equivalent to the [`-retry-interval-wan` command-line flag](/docs/agent/config/cli-flags#_retry_interval_wan). - `start_join` An array of strings specifying addresses of nodes to [`-join`](#_join) upon startup. Note that using @@ -1395,19 +1395,19 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr ## Log Parameters -- `log_file` Equivalent to the [`-log-file` command-line flag](/docs/agent/config/agent-config-cli#_log_file). +- `log_file` Equivalent to the [`-log-file` command-line flag](/docs/agent/config/cli-flags#_log_file). -- `log_rotate_duration` Equivalent to the [`-log-rotate-duration` command-line flag](/docs/agent/config/agent-config-cli#_log_rotate_duration). +- `log_rotate_duration` Equivalent to the [`-log-rotate-duration` command-line flag](/docs/agent/config/cli-flags#_log_rotate_duration). -- `log_rotate_bytes` Equivalent to the [`-log-rotate-bytes` command-line flag](/docs/agent/config/agent-config-cli#_log_rotate_bytes). +- `log_rotate_bytes` Equivalent to the [`-log-rotate-bytes` command-line flag](/docs/agent/config/cli-flags#_log_rotate_bytes). -- `log_rotate_max_files` Equivalent to the [`-log-rotate-max-files` command-line flag](/docs/agent/config/agent-config-cli#_log_rotate_max_files). +- `log_rotate_max_files` Equivalent to the [`-log-rotate-max-files` command-line flag](/docs/agent/config/cli-flags#_log_rotate_max_files). -- `log_level` Equivalent to the [`-log-level` command-line flag](/docs/agent/config/agent-config-cli#_log_level). +- `log_level` Equivalent to the [`-log-level` command-line flag](/docs/agent/config/cli-flags#_log_level). -- `log_json` Equivalent to the [`-log-json` command-line flag](/docs/agent/config/agent-config-cli#_log_json). +- `log_json` Equivalent to the [`-log-json` command-line flag](/docs/agent/config/cli-flags#_log_json). -- `enable_syslog` Equivalent to the [`-syslog` command-line flag](/docs/agent/config/agent-config-cli#_syslog). +- `enable_syslog` Equivalent to the [`-syslog` command-line flag](/docs/agent/config/cli-flags#_syslog). - `syslog_facility` When [`enable_syslog`](#enable_syslog) is provided, this controls to which facility messages are sent. By default, `LOCAL0` @@ -1415,11 +1415,11 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr ## Node Parameters -- `node_id` Equivalent to the [`-node-id` command-line flag](/docs/agent/config/agent-config-cli#_node_id). +- `node_id` Equivalent to the [`-node-id` command-line flag](/docs/agent/config/cli-flags#_node_id). -- `node_name` Equivalent to the [`-node` command-line flag](/docs/agent/config/agent-config-cli#_node). +- `node_name` Equivalent to the [`-node` command-line flag](/docs/agent/config/cli-flags#_node). -- `node_meta` Available in Consul 0.7.3 and later, This object allows associating arbitrary metadata key/value pairs with the local node, which can then be used for filtering results from certain catalog endpoints. See the [`-node-meta` command-line flag](/docs/agent/config/agent-config-cli#_node_meta) for more information. +- `node_meta` Available in Consul 0.7.3 and later, This object allows associating arbitrary metadata key/value pairs with the local node, which can then be used for filtering results from certain catalog endpoints. See the [`-node-meta` command-line flag](/docs/agent/config/cli-flags#_node_meta) for more information. ```json { @@ -1429,7 +1429,7 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr } ``` -- `disable_host_node_id` Equivalent to the [`-disable-host-node-id` command-line flag](/docs/agent/config/agent-config-cli#_disable_host_node_id). +- `disable_host_node_id` Equivalent to the [`-disable-host-node-id` command-line flag](/docs/agent/config/cli-flags#_disable_host_node_id). ## Raft Parameters @@ -1444,7 +1444,7 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr - `raft_protocol` ((#raft_protocol)) Equivalent to the [`-raft-protocol` - command-line flag](/docs/agent/config/agent-config-cli#_raft_protocol). + command-line flag](/docs/agent/config/cli-flags#_raft_protocol). - `raft_snapshot_threshold` ((#\_raft_snapshot_threshold)) This controls the minimum number of raft commit entries between snapshots that are saved to @@ -1493,14 +1493,14 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr ## Serf Parameters -- `serf_lan` ((#serf_lan_bind)) Equivalent to the [`-serf-lan-bind` command-line flag](/docs/agent/config/agent-config-cli#_serf_lan_bind). +- `serf_lan` ((#serf_lan_bind)) Equivalent to the [`-serf-lan-bind` command-line flag](/docs/agent/config/cli-flags#_serf_lan_bind). This is an IP address, not to be confused with [`ports.serf_lan`](#serf_lan_port). -- `serf_lan_allowed_cidrs` ((#serf_lan_allowed_cidrs)) Equivalent to the [`-serf-lan-allowed-cidrs` command-line flag](/docs/agent/config/agent-config-cli#_serf_lan_allowed_cidrs). +- `serf_lan_allowed_cidrs` ((#serf_lan_allowed_cidrs)) Equivalent to the [`-serf-lan-allowed-cidrs` command-line flag](/docs/agent/config/cli-flags#_serf_lan_allowed_cidrs). -- `serf_wan` ((#serf_wan_bind)) Equivalent to the [`-serf-wan-bind` command-line flag](/docs/agent/config/agent-config-cli#_serf_wan_bind). +- `serf_wan` ((#serf_wan_bind)) Equivalent to the [`-serf-wan-bind` command-line flag](/docs/agent/config/cli-flags#_serf_wan_bind). -- `serf_wan_allowed_cidrs` ((#serf_wan_allowed_cidrs)) Equivalent to the [`-serf-wan-allowed-cidrs` command-line flag](/docs/agent/config/agent-config-cli#_serf_wan_allowed_cidrs). +- `serf_wan_allowed_cidrs` ((#serf_wan_allowed_cidrs)) Equivalent to the [`-serf-wan-allowed-cidrs` command-line flag](/docs/agent/config/cli-flags#_serf_wan_allowed_cidrs). ## Telemetry Paramters @@ -1639,7 +1639,7 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr ## UI Parameters - `ui` - **This field is deprecated in Consul 1.9.0. See the [`ui_config.enabled`](#ui_config_enabled) field instead.** - Equivalent to the [`-ui`](/docs/agent/config/agent-config-cli#_ui) command-line flag. + Equivalent to the [`-ui`](/docs/agent/config/cli-flags#_ui) command-line flag. - `ui_config` - This object allows a number of sub-keys to be set which controls the display or features available in the UI. Configuring the UI with this @@ -1650,12 +1650,12 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr - `enabled` ((#ui_config_enabled)) - This enables the service of the web UI from this agent. Boolean value, defaults to false. In `-dev` mode this defaults to true. Replaces `ui` from before 1.9.0. Equivalent to the - [`-ui`](/docs/agent/config/agent-config-cli#_ui) command-line flag. + [`-ui`](/docs/agent/config/cli-flags#_ui) command-line flag. - `dir` ((#ui_config_dir)) - This specifies that the web UI should be served from an external dir rather than the build in one. This allows for customization or development. Replaces `ui_dir` from before 1.9.0. - Equivalent to the [`-ui-dir`](/docs/agent/config/agent-config-cli#_ui_dir) command-line flag. + Equivalent to the [`-ui-dir`](/docs/agent/config/cli-flags#_ui_dir) command-line flag. - `content_path` ((#ui_config_content_path)) - This specifies the HTTP path that the web UI should be served from. Defaults to `/ui/`. Equivalent to the @@ -1764,7 +1764,7 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr - `{{Datacenter}}` - Replaced with the current service's datacenter. - `ui_dir` - **This field is deprecated in Consul 1.9.0. See the [`ui_config.dir`](#ui_config_dir) field instead.** - Equivalent to the [`-ui-dir`](/docs/agent/config/agent-config-cli#_ui_dir) command-line + Equivalent to the [`-ui-dir`](/docs/agent/config/cli-flags#_ui_dir) command-line flag. This configuration key is not required as of Consul version 0.7.0 and later. Specifying this configuration key will enable the web UI. There is no need to specify both ui-dir and ui. Specifying both will result in an error. diff --git a/website/content/docs/agent/config/index.mdx b/website/content/docs/agent/config/index.mdx index f9daad3b9..0284b708b 100644 --- a/website/content/docs/agent/config/index.mdx +++ b/website/content/docs/agent/config/index.mdx @@ -16,8 +16,8 @@ descriptions. Configuration precedence is evaluated in the following order: -1. [Command line arguments](/docs/agent/config/agent-config-cli) -2. [Configuration files](/docs/agent/config/agent-config-files) +1. [Command line arguments](/docs/agent/config/cli-flags) +2. [Configuration files](/docs/agent/config/config-files) When loading configuration, the Consul agent loads the configuration from files and directories in lexical order. For example, configuration file @@ -57,22 +57,22 @@ Reloading configuration does not reload all configuration items. The items which are reloaded include: - ACL Tokens -- [Configuration Entry Bootstrap](/docs/agent/config/agent-config-files#config_entries_bootstrap) +- [Configuration Entry Bootstrap](/docs/agent/config/config-files#config_entries_bootstrap) - Checks -- [Discard Check Output](/docs/agent/config/agent-config-files#discard_check_output) +- [Discard Check Output](/docs/agent/config/config-files#discard_check_output) - HTTP Client Address - Log level -- [Metric Prefix Filter](/docs/agent/config/agent-config-files#telemetry-prefix_filter) -- [Node Metadata](/docs/agent/config/agent-config-files#node_meta) +- [Metric Prefix Filter](/docs/agent/config/config-files#telemetry-prefix_filter) +- [Node Metadata](/docs/agent/config/config-files#node_meta) - Some Raft options (since Consul 1.10.0) - - [`raft_snapshot_threshold`](/docs/agent/config/agent-config-files#_raft_snapshot_threshold) - - [`raft_snapshot_interval`](/docs/agent/config/agent-config-files#_raft_snapshot_interval) - - [`raft_trailing_logs`](/docs/agent/config/agent-config-files#_raft_trailing_logs) + - [`raft_snapshot_threshold`](/docs/agent/config/config-files#_raft_snapshot_threshold) + - [`raft_snapshot_interval`](/docs/agent/config/config-files#_raft_snapshot_interval) + - [`raft_trailing_logs`](/docs/agent/config/config-files#_raft_trailing_logs) - These can be important in certain outage situations so being able to control them without a restart provides a recovery path that doesn't involve downtime. They generally shouldn't be changed otherwise. -- [RPC rate limiting](/docs/agent/config/agent-config-files#limits) -- [HTTP Maximum Connections per Client](/docs/agent/config/agent-config-files#http_max_conns_per_client) +- [RPC rate limiting](/docs/agent/config/config-files#limits) +- [HTTP Maximum Connections per Client](/docs/agent/config/config-files#http_max_conns_per_client) - Services - TLS Configuration - Please be aware that this is currently limited to reload a configuration that is already TLS enabled. You cannot enable or disable TLS only with reloading. diff --git a/website/content/docs/agent/index.mdx b/website/content/docs/agent/index.mdx index 2d963d13f..0a4ba38aa 100644 --- a/website/content/docs/agent/index.mdx +++ b/website/content/docs/agent/index.mdx @@ -127,16 +127,16 @@ $ consul agent -data-dir=/tmp/consul - **Node name**: This is a unique name for the agent. By default, this is the hostname of the machine, but you may customize it using the - [`-node`](/docs/agent/config/agent-config-cli#_node) flag. + [`-node`](/docs/agent/config/cli-flags#_node) flag. - **Datacenter**: This is the datacenter in which the agent is configured to - run. For single-DC configurations, the agent will default to `dc1`, but you can configure which datacenter the agent reports to with the [`-datacenter`](/docs/agent/config/agent-config-cli#_datacenter) flag. + run. For single-DC configurations, the agent will default to `dc1`, but you can configure which datacenter the agent reports to with the [`-datacenter`](/docs/agent/config/cli-flags#_datacenter) flag. Consul has first-class support for multiple datacenters, but configuring each node to report its datacenter improves agent efficiency. - **Server**: This indicates whether the agent is running in server or client mode. Running an agent in server mode requires additional overhead. This is because they participate in the consensus quorum, store cluster state, and handle queries. A server may also be - in ["bootstrap"](/docs/agent/config/agent-config-cli#_bootstrap_expect) mode, which enables the server to elect itselft as the Raft leader. Multiple servers cannot be in bootstrap mode because it would put the cluster in an inconsistent state. + in ["bootstrap"](/docs/agent/config/cli-flags#_bootstrap_expect) mode, which enables the server to elect itself as the Raft leader. Multiple servers cannot be in bootstrap mode because it would put the cluster in an inconsistent state. - **Client Addr**: This is the address used for client interfaces to the agent. This includes the ports for the HTTP and DNS interfaces. By default, this @@ -179,18 +179,18 @@ The following settings are commonly used in the configuration file (also called | Parameter | Description | Default | | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------- | -| `node_name` | String value that specifies a name for the agent node.
    See [`-node-id`](/docs/agent/config/agent-config-cli#_node_id) for details. | Hostname of the machine | -| `server` | Boolean value that determines if the agent runs in server mode.
    See [`-server`](/docs/agent/config/agent-config-cli#_server) for details. | `false` | -| `datacenter` | String value that specifies which datacenter the agent runs in.
    See [-datacenter](/docs/agent/config/agent-config-cli#_datacenter) for details. | `dc1` | -| `data_dir` | String value that specifies a directory for storing agent state data.
    See [`-data-dir`](/docs/agent/config/agent-config-cli#_data_dir) for details. | none | -| `log_level` | String value that specifies the level of logging the agent reports.
    See [`-log-level`](/docs/agent/config/agent-config-cli#_log_level) for details. | `info` | -| `retry_join` | Array of string values that specify one or more agent addresses to join after startup. The agent will continue trying to join the specified agents until it has successfully joined another member.
    See [`-retry-join`](/docs/agent/config/agent-config-cli#_retry_join) for details. | none | -| `addresses` | Block of nested objects that define addresses bound to the agent for internal cluster communication. | `"http": "0.0.0.0"` See the Agent Configuration page for [default address values](/docs/agent/config/agent-config-files#addresses) | -| `ports` | Block of nested objects that define ports bound to agent addresses.
    See (link to addresses option) for details. | See the Agent Configuration page for [default port values](/docs/agent/config/agent-config-files#ports) | +| `node_name` | String value that specifies a name for the agent node.
    See [`-node-id`](/docs/agent/config/cli-flags#_node_id) for details. | Hostname of the machine | +| `server` | Boolean value that determines if the agent runs in server mode.
    See [`-server`](/docs/agent/config/cli-flags#_server) for details. | `false` | +| `datacenter` | String value that specifies which datacenter the agent runs in.
    See [-datacenter](/docs/agent/config/cli-flags#_datacenter) for details. | `dc1` | +| `data_dir` | String value that specifies a directory for storing agent state data.
    See [`-data-dir`](/docs/agent/config/cli-flags#_data_dir) for details. | none | +| `log_level` | String value that specifies the level of logging the agent reports.
    See [`-log-level`](/docs/agent/config/cli-flags#_log_level) for details. | `info` | +| `retry_join` | Array of string values that specify one or more agent addresses to join after startup. The agent will continue trying to join the specified agents until it has successfully joined another member.
    See [`-retry-join`](/docs/agent/config/cli-flags#_retry_join) for details. | none | +| `addresses` | Block of nested objects that define addresses bound to the agent for internal cluster communication. | `"http": "0.0.0.0"` See the Agent Configuration page for [default address values](/docs/agent/config/config-files#addresses) | +| `ports` | Block of nested objects that define ports bound to agent addresses.
    See (link to addresses option) for details. | See the Agent Configuration page for [default port values](/docs/agent/config/config-files#ports) | ### Server Node in a Service Mesh -The following example configuration is for a server agent named "`consul-server`". The server is [bootstrapped](/docs/agent/config/agent-config-cli#_bootstrap) and the Consul GUI is enabled. +The following example configuration is for a server agent named "`consul-server`". The server is [bootstrapped](/docs/agent/config/cli-flags#_bootstrap) and the Consul GUI is enabled. The reason this server agent is configured for a service mesh is that the `connect` configuration is enabled. Connect is Consul's service mesh component that provides service-to-service connection authorization and encryption using mutual Transport Layer Security (TLS). Applications can use sidecar proxies in a service mesh configuration to establish TLS connections for inbound and outbound connections without being aware of Connect at all. See [Connect](/docs/connect) for details. @@ -448,8 +448,8 @@ may not be important for your use case. For example, for a web server and load balancer setup, both result in the same outcome: the web node is removed from the load balancer pool. -The [`skip_leave_on_interrupt`](/docs/agent/config/agent-config-files#skip_leave_on_interrupt) and -[`leave_on_terminate`](/docs/agent/config/agent-config-files#leave_on_terminate) configuration +The [`skip_leave_on_interrupt`](/docs/agent/config/config-files#skip_leave_on_interrupt) and +[`leave_on_terminate`](/docs/agent/config/config-files#leave_on_terminate) configuration options allow you to adjust this behavior. diff --git a/website/content/docs/agent/telemetry.mdx b/website/content/docs/agent/telemetry.mdx index dcea27e05..53eac2d0f 100644 --- a/website/content/docs/agent/telemetry.mdx +++ b/website/content/docs/agent/telemetry.mdx @@ -29,7 +29,7 @@ This telemetry information can be used for debugging or otherwise getting a better view of what Consul is doing. Review the [Monitoring and Metrics tutorial](https://learn.hashicorp.com/tutorials/consul/monitor-datacenter-health?utm_source=consul.io&utm_medium=docs) to learn how collect and interpret Consul data. -Additionally, if the [`telemetry` configuration options](/docs/agent/config/agent-config-files#telemetry) +Additionally, if the [`telemetry` configuration options](/docs/agent/config/config-files#telemetry) are provided, the telemetry information will be streamed to a [statsite](http://github.com/armon/statsite) or [statsd](http://github.com/etsy/statsd) server where it can be aggregated and flushed to Graphite or any other metrics store. @@ -140,7 +140,7 @@ you will need to apply a function such as InfluxDB's [`non_negative_difference() | Metric Name | Description | Unit | Type | | :--------------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------- | :------ | | `consul.client.rpc` | Increments whenever a Consul agent in client mode makes an RPC request to a Consul server | requests | counter | -| `consul.client.rpc.exceeded` | Increments whenever a Consul agent in client mode makes an RPC request to a Consul server gets rate limited by that agent's [`limits`](/docs/agent/config/agent-config-files#limits) configuration. | requests | counter | +| `consul.client.rpc.exceeded` | Increments whenever a Consul agent in client mode makes an RPC request to a Consul server gets rate limited by that agent's [`limits`](/docs/agent/config/config-files#limits) configuration. | requests | counter | | `consul.client.rpc.failed` | Increments whenever a Consul agent in client mode makes an RPC request to a Consul server and fails. | requests | counter | **Why they're important:** These measurements indicate the current load created from a Consul agent, including when the load becomes high enough to be rate limited. A high RPC count, especially from `consul.client.rpcexceeded` meaning that the requests are being rate-limited, could imply a misconfigured Consul agent. @@ -172,7 +172,7 @@ Under these conditions, a follower after a restart may be unable to catch up on replication and become a voter again since it takes longer to restore from disk or the leader than the leader takes to write a new snapshot and truncate its logs. Servers retain -[`raft_trailing_logs`](/docs/agent/config/agent-config-files#raft_trailing_logs) (default +[`raft_trailing_logs`](/docs/agent/config/config-files#raft_trailing_logs) (default `10240`) log entries even if their snapshot was more recent. On a leader processing 500 commits/second, that is only about 20 seconds worth of logs. Assuming the leader is able to write out a snapshot and truncate the logs in @@ -197,7 +197,7 @@ repeatedly as well as reduce the fault tolerance and serving capacity of the cluster. Since Consul 1.5.3 -[`raft_trailing_logs`](/docs/agent/config/agent-config-files#raft_trailing_logs) has been +[`raft_trailing_logs`](/docs/agent/config/config-files#raft_trailing_logs) has been configurable. Increasing it allows the leader to retain more logs and give followers more time to restore and catch up. The tradeoff is potentially slower appends which eventually might affect write throughput and latency @@ -208,7 +208,7 @@ mean loosing cluster availability and needing to recover the cluster from a loss of quorum. Since Consul 1.10.0 -[`raft_trailing_logs`](/docs/agent/config/agent-config-files#raft_trailing_logs) is now +[`raft_trailing_logs`](/docs/agent/config/config-files#raft_trailing_logs) is now reloadable with `consul reload` or `SIGHUP` allowing operators to increase this without the leader restarting or loosing leadership allowing the cluster to be recovered gracefully. @@ -332,7 +332,7 @@ This is a full list of metrics emitted by Consul. | `consul.acl.blocked.{check,node,service}.registration` | Increments whenever a registration fails for an entity (check, node or service) is blocked by an ACL. | requests | counter | | `consul.api.http` | Migrated from consul.http.. this samples how long it takes to service the given HTTP request for the given verb and path. Includes labels for `path` and `method`. `path` does not include details like service or key names, for these an underscore will be present as a placeholder (eg. path=`v1.kv._`) | ms | timer | | `consul.client.rpc` | Increments whenever a Consul agent in client mode makes an RPC request to a Consul server. This gives a measure of how much a given agent is loading the Consul servers. Currently, this is only generated by agents in client mode, not Consul servers. | requests | counter | -| `consul.client.rpc.exceeded` | Increments whenever a Consul agent in client mode makes an RPC request to a Consul server gets rate limited by that agent's [`limits`](/docs/agent/config/agent-config-files#limits) configuration. This gives an indication that there's an abusive application making too many requests on the agent, or that the rate limit needs to be increased. Currently, this only applies to agents in client mode, not Consul servers. | rejected requests | counter | +| `consul.client.rpc.exceeded` | Increments whenever a Consul agent in client mode makes an RPC request to a Consul server gets rate limited by that agent's [`limits`](/docs/agent/config/config-files#limits) configuration. This gives an indication that there's an abusive application making too many requests on the agent, or that the rate limit needs to be increased. Currently, this only applies to agents in client mode, not Consul servers. | rejected requests | counter | | `consul.client.rpc.failed` | Increments whenever a Consul agent in client mode makes an RPC request to a Consul server and fails. | requests | counter | | `consul.client.api.catalog_register.` | Increments whenever a Consul agent receives a catalog register request. | requests | counter | | `consul.client.api.success.catalog_register.` | Increments whenever a Consul agent successfully responds to a catalog register request. | requests | counter | @@ -431,7 +431,7 @@ These metrics are used to monitor the health of the Consul servers. | `consul.raft.last_index` | Represents the raft applied index. | index | gauge | | `consul.raft.leader.dispatchLog` | Measures the time it takes for the leader to write log entries to disk. | ms | timer | | `consul.raft.leader.dispatchNumLogs` | Measures the number of logs committed to disk in a batch. | logs | gauge | -| `consul.raft.leader.lastContact` | Measures the time since the leader was last able to contact the follower nodes when checking its leader lease. It can be used as a measure for how stable the Raft timing is and how close the leader is to timing out its lease.The lease timeout is 500 ms times the [`raft_multiplier` configuration](/docs/agent/config/agent-config-files#raft_multiplier), so this telemetry value should not be getting close to that configured value, otherwise the Raft timing is marginal and might need to be tuned, or more powerful servers might be needed. See the [Server Performance](/docs/install/performance) guide for more details. | ms | timer | +| `consul.raft.leader.lastContact` | Measures the time since the leader was last able to contact the follower nodes when checking its leader lease. It can be used as a measure for how stable the Raft timing is and how close the leader is to timing out its lease.The lease timeout is 500 ms times the [`raft_multiplier` configuration](/docs/agent/config/config-files#raft_multiplier), so this telemetry value should not be getting close to that configured value, otherwise the Raft timing is marginal and might need to be tuned, or more powerful servers might be needed. See the [Server Performance](/docs/install/performance) guide for more details. | ms | timer | | `consul.raft.leader.oldestLogAge` | The number of milliseconds since the _oldest_ log in the leader's log store was written. This can be important for replication health where write rate is high and the snapshot is large as followers may be unable to recover from a restart if restoring takes longer than the minimum value for the current leader. Compare this with `consul.raft.fsm.lastRestoreDuration` and `consul.raft.rpc.installSnapshot` to monitor. In normal usage this gauge value will grow linearly over time until a snapshot completes on the leader and the log is truncated. Note: this metric won't be emitted until the leader writes a snapshot. After an upgrade to Consul 1.10.0 it won't be emitted until the oldest log was written after the upgrade. | ms | gauge | | `consul.raft.replication.heartbeat` | Measures the time taken to invoke appendEntries on a peer, so that it doesn’t timeout on a periodic basis. | ms | timer | | `consul.raft.replication.appendEntries` | Measures the time it takes to replicate log entries to followers. This is a general indicator of the load pressure on the Consul servers, as well as the performance of the communication between the servers. | ms | timer | @@ -575,7 +575,7 @@ These metrics give insight into the health of the cluster as a whole. | `consul.memberlist.degraded.timeout` | Counts the number of times an agent was marked as a dead node, whilst not getting enough confirmations from a randomly selected list of agent nodes in an agent's membership. | occurrence / interval | counter | | `consul.memberlist.msg.dead` | Counts the number of times an agent has marked another agent to be a dead node. | messages / interval | counter | | `consul.memberlist.health.score` | Describes a node's perception of its own health based on how well it is meeting the soft real-time requirements of the protocol. This metric ranges from 0 to 8, where 0 indicates "totally healthy". This health score is used to scale the time between outgoing probes, and higher scores translate into longer probing intervals. For more details see section IV of the Lifeguard paper: https://arxiv.org/pdf/1707.00788.pdf | score | gauge | -| `consul.memberlist.msg.suspect` | Increments when an agent suspects another as failed when executing random probes as part of the gossip protocol. These can be an indicator of overloaded agents, network problems, or configuration errors where agents can not connect to each other on the [required ports](/docs/agent/config/agent-config-files#ports). | suspect messages received / interval | counter | +| `consul.memberlist.msg.suspect` | Increments when an agent suspects another as failed when executing random probes as part of the gossip protocol. These can be an indicator of overloaded agents, network problems, or configuration errors where agents can not connect to each other on the [required ports](/docs/agent/config/config-files#ports). | suspect messages received / interval | counter | | `consul.memberlist.tcp.accept` | Counts the number of times an agent has accepted an incoming TCP stream connection. | connections accepted / interval | counter | | `consul.memberlist.udp.sent/received` | Measures the total number of bytes sent/received by an agent through the UDP protocol. | bytes sent or bytes received / interval | counter | | `consul.memberlist.tcp.connect` | Counts the number of times an agent has initiated a push/pull sync with an other agent. | push/pull initiated / interval | counter | @@ -586,8 +586,8 @@ These metrics give insight into the health of the cluster as a whole. | `consul.memberlist.msg_suspect` | The number of suspect messages that the agent has processed so far, based on the message information given by the network layer. | messages / Interval | counter | | `consul.memberlist.probeNode` | Measures the time taken to perform a single round of failure detection on a select agent. | nodes / Interval | counter | | `consul.memberlist.pushPullNode` | Measures the number of agents that have exchanged state with this agent. | nodes / Interval | counter | -| `consul.serf.member.failed` | Increments when an agent is marked dead. This can be an indicator of overloaded agents, network problems, or configuration errors where agents cannot connect to each other on the [required ports](/docs/agent/config/agent-config-files#ports). | failures / interval | counter | -| `consul.serf.member.flap` | Available in Consul 0.7 and later, this increments when an agent is marked dead and then recovers within a short time period. This can be an indicator of overloaded agents, network problems, or configuration errors where agents cannot connect to each other on the [required ports](/docs/agent/config/agent-config-files#ports). | flaps / interval | counter | +| `consul.serf.member.failed` | Increments when an agent is marked dead. This can be an indicator of overloaded agents, network problems, or configuration errors where agents cannot connect to each other on the [required ports](/docs/agent/config/config-files#ports). | failures / interval | counter | +| `consul.serf.member.flap` | Available in Consul 0.7 and later, this increments when an agent is marked dead and then recovers within a short time period. This can be an indicator of overloaded agents, network problems, or configuration errors where agents cannot connect to each other on the [required ports](/docs/agent/config/config-files#ports). | flaps / interval | counter | | `consul.serf.member.join` | Increments when an agent joins the cluster. If an agent flapped or failed this counter also increments when it re-joins. | joins / interval | counter | | `consul.serf.member.left` | Increments when an agent leaves the cluster. | leaves / interval | counter | | `consul.serf.events` | Increments when an agent processes an [event](/commands/event). Consul uses events internally so there may be additional events showing in telemetry. There are also a per-event counters emitted as `consul.serf.events.`. | events / interval | counter | diff --git a/website/content/docs/connect/ca/aws.mdx b/website/content/docs/connect/ca/aws.mdx index 3b4ed80b9..1c608c2c6 100644 --- a/website/content/docs/connect/ca/aws.mdx +++ b/website/content/docs/connect/ca/aws.mdx @@ -173,11 +173,11 @@ So monthly cost would be calculated as: - 500 ⨉ 13.3 = 6,650 certificates issued in dc3 The number of certificates issued could be reduced by increasing -[`leaf_cert_ttl`](/docs/agent/config/agent-config-files#ca_leaf_cert_ttl) in the CA Provider +[`leaf_cert_ttl`](/docs/agent/config/config-files#ca_leaf_cert_ttl) in the CA Provider configuration if the longer lived credentials are an acceptable risk tradeoff against the cost. -[`ca_config`]: /docs/agent/config/agent-config-files#connect_ca_config -[`ca_provider`]: /docs/agent/config/agent-config-files#connect_ca_provider +[`ca_config`]: /docs/agent/config/config-files#connect_ca_config +[`ca_provider`]: /docs/agent/config/config-files#connect_ca_provider [`/connect/ca/configuration`]: /api-docs/connect/ca#update-ca-configuration diff --git a/website/content/docs/connect/ca/consul.mdx b/website/content/docs/connect/ca/consul.mdx index ba7645171..3f65a85e2 100644 --- a/website/content/docs/connect/ca/consul.mdx +++ b/website/content/docs/connect/ca/consul.mdx @@ -92,7 +92,7 @@ Connect is enabled - the PrivateKey and RootCert fields have not been set, so th been generated (as seen above in the roots list). There are two ways to have the Consul CA use a custom private key and root certificate: -either through the `ca_config` section of the [Agent configuration](/docs/agent/config/agent-config-files#connect_ca_config) (which can only be used during the cluster's +either through the `ca_config` section of the [Agent configuration](/docs/agent/config/config-files#connect_ca_config) (which can only be used during the cluster's initial bootstrap) or through the [Update CA Configuration endpoint](/api-docs/connect/ca#update-ca-configuration). Currently Consul requires that root certificates are valid [SPIFFE SVID Signing certificates](https://github.com/spiffe/spiffe/blob/master/standards/X509-SVID.md) and that the URI encoded diff --git a/website/content/docs/connect/ca/index.mdx b/website/content/docs/connect/ca/index.mdx index 16d5c0021..45b9b3149 100644 --- a/website/content/docs/connect/ca/index.mdx +++ b/website/content/docs/connect/ca/index.mdx @@ -47,7 +47,7 @@ will generate the initial root certificates and setup the internal Consul server state. For the initial bootstrap, the CA provider can be configured through the -[Agent configuration](/docs/agent/config/agent-config-files#connect_ca_config). After +[Agent configuration](/docs/agent/config/config-files#connect_ca_config). After initialization, the CA can only be updated through the [Update CA Configuration API endpoint](/api-docs/connect/ca#update-ca-configuration). If a CA is already initialized, any changes to the CA configuration in the diff --git a/website/content/docs/connect/ca/vault.mdx b/website/content/docs/connect/ca/vault.mdx index 376d50bfc..be0953364 100644 --- a/website/content/docs/connect/ca/vault.mdx +++ b/website/content/docs/connect/ca/vault.mdx @@ -280,6 +280,6 @@ path "/connect_inter/*" {     -[`ca_config`]: /docs/agent/config/agent-config-files#connect_ca_config -[`ca_provider`]: /docs/agent/config/agent-config-files#connect_ca_provider +[`ca_config`]: /docs/agent/config/config-files#connect_ca_config +[`ca_provider`]: /docs/agent/config/config-files#connect_ca_provider [`/connect/ca/configuration`]: /api-docs/connect/ca#update-ca-configuration diff --git a/website/content/docs/connect/config-entries/exported-services.mdx b/website/content/docs/connect/config-entries/exported-services.mdx index 790d773c6..bf41a7cc6 100644 --- a/website/content/docs/connect/config-entries/exported-services.mdx +++ b/website/content/docs/connect/config-entries/exported-services.mdx @@ -28,7 +28,7 @@ You can configure the settings defined in the `exported-services` configuration ## Usage 1. Verify that your datacenter meets the conditions specified in the [Requirements](#requirements). -1. Specify the `exported-services` configuration in the agent configuration file (see [`config_entries`](/docs/agent/config/agent-config-files#config_entries)) as described in [Configuration](#configuration). +1. Specify the `exported-services` configuration in the agent configuration file (see [`config_entries`](/docs/agent/config/config-files#config_entries)) as described in [Configuration](#configuration). 1. Apply the configuration using one of the following methods: - Kubernetes CRD: Refer to the [Custom Resource Definitions](/docs/k8s/crds) documentation for details. - Issue the `consul config write` command: Refer to the [Consul Config Write](/commands/config/write) documentation for details. diff --git a/website/content/docs/connect/config-entries/index.mdx b/website/content/docs/connect/config-entries/index.mdx index 2ff6142fa..43b2a3d99 100644 --- a/website/content/docs/connect/config-entries/index.mdx +++ b/website/content/docs/connect/config-entries/index.mdx @@ -49,7 +49,7 @@ See [Agent - Config Entries](/docs/agent/config-entries). ## Using Configuration Entries For Service Defaults Outside of Kubernetes, when the agent is -[configured](/docs/agent/config/agent-config-files#enable_central_service_config) to enable +[configured](/docs/agent/config/config-files#enable_central_service_config) to enable central service configurations, it will look for service configuration defaults that match a registering service instance. If it finds any, the agent will merge those defaults with the service instance configuration. This allows for things diff --git a/website/content/docs/connect/config-entries/proxy-defaults.mdx b/website/content/docs/connect/config-entries/proxy-defaults.mdx index 2d5d2ebd8..570549477 100644 --- a/website/content/docs/connect/config-entries/proxy-defaults.mdx +++ b/website/content/docs/connect/config-entries/proxy-defaults.mdx @@ -390,8 +390,8 @@ spec: type: 'bool: false', description: `If enabled, all HTTP and gRPC checks registered with the agent are exposed through Envoy. Envoy will expose listeners for these checks and will only accept connections originating from localhost or Consul's - [advertise address](/docs/agent/config/agent-config-files#advertise). The port for these listeners are dynamically allocated from - [expose_min_port](/docs/agent/config/agent-config-files#expose_min_port) to [expose_max_port](/docs/agent/config/agent-config-files#expose_max_port). + [advertise address](/docs/agent/config/config-files#advertise). The port for these listeners are dynamically allocated from + [expose_min_port](/docs/agent/config/config-files#expose_min_port) to [expose_max_port](/docs/agent/config/config-files#expose_max_port). This flag is useful when a Consul client cannot reach registered services over localhost.`, }, { diff --git a/website/content/docs/connect/config-entries/service-defaults.mdx b/website/content/docs/connect/config-entries/service-defaults.mdx index 06f1892a3..c69d13169 100644 --- a/website/content/docs/connect/config-entries/service-defaults.mdx +++ b/website/content/docs/connect/config-entries/service-defaults.mdx @@ -662,8 +662,8 @@ spec: type: 'bool: false', description: `If enabled, all HTTP and gRPC checks registered with the agent are exposed through Envoy. Envoy will expose listeners for these checks and will only accept connections originating from localhost or Consul's - [advertise address](/docs/agent/config/agent-config-files#advertise). The port for these listeners are dynamically allocated from - [expose_min_port](/docs/agent/config/agent-config-files#expose_min_port) to [expose_max_port](/docs/agent/config/agent-config-files#expose_max_port). + [advertise address](/docs/agent/config/config-files#advertise). The port for these listeners are dynamically allocated from + [expose_min_port](/docs/agent/config/config-files#expose_min_port) to [expose_max_port](/docs/agent/config/config-files#expose_max_port). This flag is useful when a Consul client cannot reach registered services over localhost. One example is when running Consul on Kubernetes, and Consul agents run in their own pods.`, }, diff --git a/website/content/docs/connect/config-entries/service-intentions.mdx b/website/content/docs/connect/config-entries/service-intentions.mdx index c2e77fb06..b73eb61fb 100644 --- a/website/content/docs/connect/config-entries/service-intentions.mdx +++ b/website/content/docs/connect/config-entries/service-intentions.mdx @@ -488,7 +488,7 @@ spec: first permission to match in the list is terminal and stops further evaluation. As with L4 intentions, traffic that fails to match any of the provided permissions in this intention will be subject to the default - intention behavior is defined by the default [ACL policy](/docs/agent/config/agent-config-files#acl_default_policy).

    + intention behavior is defined by the default [ACL policy](/docs/agent/config/config-files#acl_default_policy).

    This should be omitted for an L4 intention as it is mutually exclusive with the \`Action\` field.

    Setting \`Permissions\` is not valid if a wildcard is used for the \`Name\` or \`Namespace\` because they can only be @@ -498,7 +498,7 @@ spec: first permission to match in the list is terminal and stops further evaluation. As with L4 intentions, traffic that fails to match any of the provided permissions in this intention will be subject to the default - intention behavior is defined by the default [ACL policy](/docs/agent/config/agent-config-files#acl_default_policy).

    + intention behavior is defined by the default [ACL policy](/docs/agent/config/config-files#acl_default_policy).

    This should be omitted for an L4 intention as it is mutually exclusive with the \`action\` field.

    Setting \`permissions\` is not valid if a wildcard is used for the \`spec.destination.name\` or \`spec.destination.namespace\` diff --git a/website/content/docs/connect/configuration.mdx b/website/content/docs/connect/configuration.mdx index 0018fc4db..e6ebdbf85 100644 --- a/website/content/docs/connect/configuration.mdx +++ b/website/content/docs/connect/configuration.mdx @@ -22,7 +22,7 @@ The first step to use Connect is to enable Connect for your Consul cluster. By default, Connect is disabled. Enabling Connect requires changing the configuration of only your Consul _servers_ (not client agents). To enable Connect, add the following to a new or existing -[server configuration file](/docs/agent/config/agent-config-files). In an existing cluster, this configuration change requires a Consul server restart, which you can perform one server at a time to maintain availability. In HCL: +[server configuration file](/docs/agent/config/config-files). In an existing cluster, this configuration change requires a Consul server restart, which you can perform one server at a time to maintain availability. In HCL: ```hcl connect { @@ -43,20 +43,20 @@ connection attempts to fail until Connect is enabled on the server agents. Other optional Connect configurations that you can set in the server configuration file include: -- [certificate authority settings](/docs/agent/config/agent-config-files#connect) -- [token replication](/docs/agent/config/agent-config-files#acl_tokens_replication) -- [dev mode](/docs/agent/config/agent-config-cli#_dev) -- [server host name verification](/docs/agent/config/agent-config-files#tls_internal_rpc_verify_server_hostname) +- [certificate authority settings](/docs/agent/config/config-files#connect) +- [token replication](/docs/agent/config/config-files#acl_tokens_replication) +- [dev mode](/docs/agent/config/cli-flags#_dev) +- [server host name verification](/docs/agent/config/config-files#tls_internal_rpc_verify_server_hostname) If you would like to use Envoy as your Connect proxy you will need to [enable -gRPC](/docs/agent/config/agent-config-files#grpc_port). +gRPC](/docs/agent/config/config-files#grpc_port). Additionally if you plan on using the observability features of Connect, it can be convenient to configure your proxies and services using [configuration entries](/docs/agent/config-entries) which you can interact with using the CLI or API, or by creating configuration entry files. You will want to enable [centralized service -configuration](/docs/agent/config/agent-config-files#enable_central_service_config) on +configuration](/docs/agent/config/config-files#enable_central_service_config) on clients, which allows each service's proxy configuration to be managed centrally via API. diff --git a/website/content/docs/connect/connect-internals.mdx b/website/content/docs/connect/connect-internals.mdx index 63682983e..01232ab1d 100644 --- a/website/content/docs/connect/connect-internals.mdx +++ b/website/content/docs/connect/connect-internals.mdx @@ -109,10 +109,10 @@ externally routable IPs at the service level. ## Intention Replication Intention replication happens automatically but requires the -[`primary_datacenter`](/docs/agent/config/agent-config-files#primary_datacenter) +[`primary_datacenter`](/docs/agent/config/config-files#primary_datacenter) configuration to be set to specify a datacenter that is authoritative for intentions. In production setups with ACLs enabled, the -[replication token](/docs/agent/config/agent-config-files#acl_tokens_replication) must also +[replication token](/docs/agent/config/config-files#acl_tokens_replication) must also be set in the secondary datacenter server's configuration. ## Certificate Authority Federation diff --git a/website/content/docs/connect/gateways/ingress-gateway.mdx b/website/content/docs/connect/gateways/ingress-gateway.mdx index da6155963..62ceffb7c 100644 --- a/website/content/docs/connect/gateways/ingress-gateway.mdx +++ b/website/content/docs/connect/gateways/ingress-gateway.mdx @@ -40,8 +40,8 @@ the [hosts](/docs/connect/config-entries/ingress-gateway#hosts) field. Ingress gateways also require that your Consul datacenters are configured correctly: - You'll need to use Consul version 1.8.0 or newer. -- Consul [Connect](/docs/agent/config/agent-config-files#connect) must be enabled on the datacenter's Consul servers. -- [gRPC](/docs/agent/config/agent-config-files#grpc_port) must be enabled on all client agents. +- Consul [Connect](/docs/agent/config/config-files#connect) must be enabled on the datacenter's Consul servers. +- [gRPC](/docs/agent/config/config-files#grpc_port) must be enabled on all client agents. Currently, [Envoy](https://www.envoyproxy.io/) is the only proxy with ingress gateway capabilities in Consul. diff --git a/website/content/docs/connect/gateways/mesh-gateway/service-to-service-traffic-datacenters.mdx b/website/content/docs/connect/gateways/mesh-gateway/service-to-service-traffic-datacenters.mdx index ee6266030..f016d949f 100644 --- a/website/content/docs/connect/gateways/mesh-gateway/service-to-service-traffic-datacenters.mdx +++ b/website/content/docs/connect/gateways/mesh-gateway/service-to-service-traffic-datacenters.mdx @@ -30,12 +30,12 @@ Ensure that your Consul environment meets the following requirements. * Consul version 1.6.0 or newer. * A local Consul agent is required to manage its configuration. -* Consul [Connect](/docs/agent/config/agent-config-files#connect) must be enabled in both datacenters. -* Each [datacenter](/docs/agent/config/agent-config-files#datacenter) must have a unique name. +* Consul [Connect](/docs/agent/config/config-files#connect) must be enabled in both datacenters. +* Each [datacenter](/docs/agent/config/config-files#datacenter) must have a unique name. * Each datacenters must be [WAN joined](https://learn.hashicorp.com/tutorials/consul/federarion-gossip-wan). -* The [primary datacenter](/docs/agent/config/agent-config-files#primary_datacenter) must be set to the same value in both datacenters. This specifies which datacenter is the authority for Connect certificates and is required for services in all datacenters to establish mutual TLS with each other. -* [gRPC](/docs/agent/config/agent-config-files#grpc_port) must be enabled. -* If you want to [enable gateways globally](/docs/connect/gateways/mesh-gateway/service-to-service-traffic-datacenters#enabling-gateways-globally) you must enable [centralized configuration](/docs/agent/config/agent-config-files#enable_central_service_config). +* The [primary datacenter](/docs/agent/config/config-files#primary_datacenter) must be set to the same value in both datacenters. This specifies which datacenter is the authority for Connect certificates and is required for services in all datacenters to establish mutual TLS with each other. +* [gRPC](/docs/agent/config/config-files#grpc_port) must be enabled. +* If you want to [enable gateways globally](/docs/connect/mesh-gateway#enabling-gateways-globally) you must enable [centralized configuration](/docs/agent/config/config-files#enable_central_service_config). ### Network diff --git a/website/content/docs/connect/gateways/mesh-gateway/service-to-service-traffic-partitions.mdx b/website/content/docs/connect/gateways/mesh-gateway/service-to-service-traffic-partitions.mdx index 65d133021..dfd4780c6 100644 --- a/website/content/docs/connect/gateways/mesh-gateway/service-to-service-traffic-partitions.mdx +++ b/website/content/docs/connect/gateways/mesh-gateway/service-to-service-traffic-partitions.mdx @@ -24,9 +24,9 @@ Ensure that your Consul environment meets the following requirements. * Consul Enterprise version 1.11.0 or newer. * A local Consul agent is required to manage its configuration. -* Consul service mesh must be enabled in all partitions. Refer to the [`connect` documentation](/docs/agent/config/agent-config-files#connect) for details. +* Consul service mesh must be enabled in all partitions. Refer to the [`connect` documentation](/docs/agent/config/config-files#connect) for details. * Each partition must have a unique name. Refer to the [admin partitions documentation](/docs/enterprise/admin-partitions) for details. -* If you want to [enable gateways globally](/docs/connect/gateways/mesh-gateway/service-to-service-traffic-datacenters#enabling-gateways-globally) you must enable [centralized configuration](/docs/agent/config/agent-config-files#enable_central_service_config). +* If you want to [enable gateways globally](/docs/connect/gateways/mesh-gateway/service-to-service-traffic-datacenters#enabling-gateways-globally) you must enable [centralized configuration](/docs/agent/config/config-files#enable_central_service_config). ### Proxy diff --git a/website/content/docs/connect/gateways/mesh-gateway/wan-federation-via-mesh-gateways.mdx b/website/content/docs/connect/gateways/mesh-gateway/wan-federation-via-mesh-gateways.mdx index d6dcf2a42..bf7a3c177 100644 --- a/website/content/docs/connect/gateways/mesh-gateway/wan-federation-via-mesh-gateways.mdx +++ b/website/content/docs/connect/gateways/mesh-gateway/wan-federation-via-mesh-gateways.mdx @@ -126,8 +126,8 @@ connect { } ``` -The [`start_join_wan`](/docs/agent/config/agent-config-files#start_join_wan) or -[`retry_join_wan`](/docs/agent/config/agent-config-files#retry_join_wan) are +The [`start_join_wan`](/docs/agent/config/config-files#start_join_wan) or +[`retry_join_wan`](/docs/agent/config/config-files#retry_join_wan) are only used for the [traditional federation process](/docs/k8s/installation/multi-cluster#traditional-wan-federation). They must be omitted when federating Consul servers via gateways. diff --git a/website/content/docs/connect/gateways/terminating-gateway.mdx b/website/content/docs/connect/gateways/terminating-gateway.mdx index fdd3891c4..2c8218c38 100644 --- a/website/content/docs/connect/gateways/terminating-gateway.mdx +++ b/website/content/docs/connect/gateways/terminating-gateway.mdx @@ -59,8 +59,8 @@ Each terminating gateway needs: Terminating gateways also require that your Consul datacenters are configured correctly: - You'll need to use Consul version 1.8.0 or newer. -- Consul [Connect](/docs/agent/config/agent-config-files#connect) must be enabled on the datacenter's Consul servers. -- [gRPC](/docs/agent/config/agent-config-files#grpc_port) must be enabled on all client agents. +- Consul [Connect](/docs/agent/config/config-files#connect) must be enabled on the datacenter's Consul servers. +- [gRPC](/docs/agent/config/config-files#grpc_port) must be enabled on all client agents. Currently, [Envoy](https://www.envoyproxy.io/) is the only proxy with terminating gateway capabilities in Consul. diff --git a/website/content/docs/connect/intentions-legacy.mdx b/website/content/docs/connect/intentions-legacy.mdx index 804bd8c65..8f6994d35 100644 --- a/website/content/docs/connect/intentions-legacy.mdx +++ b/website/content/docs/connect/intentions-legacy.mdx @@ -25,7 +25,7 @@ is allowed by testing the intentions. If authorize returns false the connection must be terminated. The default intention behavior is defined by the default [ACL -policy](/docs/agent/config/agent-config-files#acl_default_policy). If the default ACL policy is +policy](/docs/agent/config/config-files#acl_default_policy). If the default ACL policy is "allow all", then all Connect connections are allowed by default. If the default ACL policy is "deny all", then all Connect connections are denied by default. diff --git a/website/content/docs/connect/intentions.mdx b/website/content/docs/connect/intentions.mdx index 71a182823..15a5bcc36 100644 --- a/website/content/docs/connect/intentions.mdx +++ b/website/content/docs/connect/intentions.mdx @@ -49,7 +49,7 @@ target destination. After verifying the TLS client certificate, the cached intentions should be consulted for each incoming connection/request to determine if it should be accepted or rejected. -The default intention behavior is defined by the [`default_policy`](/docs/agent/config/agent-config-files#acl_default_policy) configuration. +The default intention behavior is defined by the [`default_policy`](/docs/agent/config/config-files#acl_default_policy) configuration. If the configuration is set `allow`, then all service mesh Connect connections will be allowed by default. If is set to `deny`, then all connections or requests will be denied by default. diff --git a/website/content/docs/connect/observability/index.mdx b/website/content/docs/connect/observability/index.mdx index 616919f94..eadc3e498 100644 --- a/website/content/docs/connect/observability/index.mdx +++ b/website/content/docs/connect/observability/index.mdx @@ -18,10 +18,10 @@ to: - Define the upstreams for each of your services. If you are using Envoy as your sidecar proxy, you will need to [enable -gRPC](/docs/agent/config/agent-config-files#grpc_port) on your client agents. To define the +gRPC](/docs/agent/config/config-files#grpc_port) on your client agents. To define the metrics destination and service protocol you may want to enable [configuration -entries](/docs/agent/config/agent-config-files#config_entries) and [centralized service -configuration](/docs/agent/config/agent-config-files#enable_central_service_config). +entries](/docs/agent/config/config-files#config_entries) and [centralized service +configuration](/docs/agent/config/config-files#enable_central_service_config). ### Kubernetes If you are using Kubernetes, the Helm chart can simplify much of the configuration needed to enable observability. See diff --git a/website/content/docs/connect/observability/ui-visualization.mdx b/website/content/docs/connect/observability/ui-visualization.mdx index 503163452..edbc96def 100644 --- a/website/content/docs/connect/observability/ui-visualization.mdx +++ b/website/content/docs/connect/observability/ui-visualization.mdx @@ -47,11 +47,11 @@ UI. If there are multiple clients with the UI enabled in a datacenter for redundancy these configurations must be added to all of them. We assume that the UI is already enabled by setting -[`ui_config.enabled`](/docs/agent/config/agent-config-files#ui_config_enabled) to `true` in the +[`ui_config.enabled`](/docs/agent/config/config-files#ui_config_enabled) to `true` in the agent's configuration file. To use the built-in Prometheus provider -[`ui_config.metrics_provider`](/docs/agent/config/agent-config-files#ui_config_metrics_provider) +[`ui_config.metrics_provider`](/docs/agent/config/config-files#ui_config_metrics_provider) must be set to `prometheus`. The UI must query the metrics provider through a proxy endpoint. This simplifies @@ -59,7 +59,7 @@ deployment where Prometheus is not exposed externally to UI user's browsers. To set this up, provide the URL that the _Consul agent_ should use to reach the Prometheus server in -[`ui_config.metrics_proxy.base_url`](/docs/agent/config/agent-config-files#ui_config_metrics_proxy_base_url). +[`ui_config.metrics_proxy.base_url`](/docs/agent/config/config-files#ui_config_metrics_proxy_base_url). For example in Kubernetes, the Prometheus helm chart by default installs a service named `prometheus-server` so each Consul agent can reach it on `http://prometheus-server` (using Kubernetes' DNS resolution). @@ -124,7 +124,7 @@ service-specific dashboard in an external tool like [Grafana](https://grafana.com) or a hosted provider. To configure this, you must provide a URL template in the [agent configuration -file](/docs/agent/config/agent-config-files#ui_config_dashboard_url_templates) for all agents that +file](/docs/agent/config/config-files#ui_config_dashboard_url_templates) for all agents that have the UI enabled. The template is essentially the URL to the external dashboard, but can have placeholder values which will be replaced with the service name, namespace and datacenter where appropriate to allow deep-linking @@ -659,12 +659,12 @@ ui_config { More than one JavaScript file may be specified in -[`metrics_provider_files`](/docs/agent/config/agent-config-files#ui_config_metrics_provider_files) +[`metrics_provider_files`](/docs/agent/config/config-files#ui_config_metrics_provider_files) and all will be served allowing flexibility if needed to include dependencies. Only one metrics provider can be configured and used at one time. The -[`metrics_provider_options_json`](/docs/agent/config/agent-config-files#ui_config_metrics_provider_options_json) +[`metrics_provider_options_json`](/docs/agent/config/config-files#ui_config_metrics_provider_options_json) field is an optional literal JSON object which is passed to the provider's `init` method at startup time. This allows configuring arbitrary parameters for the provider in config rather than hard coding them into the provider itself to @@ -673,7 +673,7 @@ make providers more reusable. The provider may fetch metrics directly from another source although in this case the agent will probably need to serve the correct CORS headers to prevent browsers from blocking these requests. These may be configured with -[`http_config.response_headers`](/docs/agent/config/agent-config-files#response_headers). +[`http_config.response_headers`](/docs/agent/config/config-files#response_headers). Alternatively, the provider may choose to use the [built-in metrics proxy](#metrics-proxy) to avoid cross domain issues or to inject additional diff --git a/website/content/docs/connect/proxies/built-in.mdx b/website/content/docs/connect/proxies/built-in.mdx index 5dc321614..358d80464 100644 --- a/website/content/docs/connect/proxies/built-in.mdx +++ b/website/content/docs/connect/proxies/built-in.mdx @@ -53,8 +53,8 @@ All fields are optional with a reasonable default. - `bind_port` - The port the proxy will bind its _public_ mTLS listener to. If not provided, the agent will assign a random port from its - configured proxy port range specified by [`sidecar_min_port`](/docs/agent/config/agent-config-files#sidecar_min_port) - and [`sidecar_max_port`](/docs/agent/config/agent-config-files#sidecar_max_port). + configured proxy port range specified by [`sidecar_min_port`](/docs/agent/config/config-files#sidecar_min_port) + and [`sidecar_max_port`](/docs/agent/config/config-files#sidecar_max_port). - `local_service_address`- The `[address]:port` that the proxy should use to connect to the local application instance. By default diff --git a/website/content/docs/connect/proxies/envoy.mdx b/website/content/docs/connect/proxies/envoy.mdx index b8fad5af7..516618877 100644 --- a/website/content/docs/connect/proxies/envoy.mdx +++ b/website/content/docs/connect/proxies/envoy.mdx @@ -184,7 +184,7 @@ the upstream listeners of any downstream service. One example is how users can define a service's protocol in a [`service-defaults` configuration entry](/docs/connect/config-entries/service-defaults). Agents with -[`enable_central_service_config`](/docs/agent/config/agent-config-files#enable_central_service_config) +[`enable_central_service_config`](/docs/agent/config/config-files#enable_central_service_config) set to true will automatically discover the protocol when configuring a proxy for a service. The proxy will discover the main protocol of the service it represents and use this to configure its main public listener. It will also diff --git a/website/content/docs/connect/proxies/managed-deprecated.mdx b/website/content/docs/connect/proxies/managed-deprecated.mdx index 3848ecb64..f4d709d27 100644 --- a/website/content/docs/connect/proxies/managed-deprecated.mdx +++ b/website/content/docs/connect/proxies/managed-deprecated.mdx @@ -24,7 +24,7 @@ Managed proxies have been deprecated since Consul 1.3 and have been fully remove in Consul 1.6. Anyone using Managed Proxies should aim to change their workflow as soon as possible to avoid issues with a later upgrade. -After transitioning away from all managed proxy usage, the `proxy` subdirectory inside [`data_dir`](/docs/agent/config/agent-config-cli#_data_dir) (specified in Consul config) can be deleted to remove extraneous configuration files and free up disk space. +After transitioning away from all managed proxy usage, the `proxy` subdirectory inside [`data_dir`](/docs/agent/config/cli-flags#_data_dir) (specified in Consul config) can be deleted to remove extraneous configuration files and free up disk space. **new and known issues will not be fixed**. @@ -275,6 +275,6 @@ level logs showing service discovery, certificate and authorization information. ~> **Note:** In `-dev` mode there is no `data_dir` unless one is explicitly configured so logging is disabled. You can access logs by providing the -[`-data-dir`](/docs/agent/config/agent-config-cli#_data_dir) CLI option. If a data dir is +[`-data-dir`](/docs/agent/config/cli-flags#_data_dir) CLI option. If a data dir is configured, this will also cause proxy processes to stay running when the agent terminates as described in [Lifecycle](#lifecycle). diff --git a/website/content/docs/connect/registration/service-registration.mdx b/website/content/docs/connect/registration/service-registration.mdx index 8e897da33..d32ddc283 100644 --- a/website/content/docs/connect/registration/service-registration.mdx +++ b/website/content/docs/connect/registration/service-registration.mdx @@ -437,8 +437,8 @@ registrations](/docs/discovery/services#service-definition-parameter-case). - `checks` `(bool: false)` - If enabled, all HTTP and gRPC checks registered with the agent are exposed through Envoy. Envoy will expose listeners for these checks and will only accept connections originating from localhost or Consul's - [advertise address](/docs/agent/config/agent-config-files#advertise). The port for these listeners are dynamically allocated from - [expose_min_port](/docs/agent/config/agent-config-files#expose_min_port) to [expose_max_port](/docs/agent/config/agent-config-files#expose_max_port). + [advertise address](/docs/agent/config/config-files#advertise). The port for these listeners are dynamically allocated from + [expose_min_port](/docs/agent/config/config-files#expose_min_port) to [expose_max_port](/docs/agent/config/config-files#expose_max_port). This flag is useful when a Consul client cannot reach registered services over localhost. One example is when running Consul on Kubernetes, and Consul agents run in their own pods. - `paths` `array: []` - A list of paths to expose through Envoy. diff --git a/website/content/docs/connect/registration/sidecar-service.mdx b/website/content/docs/connect/registration/sidecar-service.mdx index 6b2602f90..4ae04fdfc 100644 --- a/website/content/docs/connect/registration/sidecar-service.mdx +++ b/website/content/docs/connect/registration/sidecar-service.mdx @@ -131,8 +131,8 @@ proxy. - `tags` - Defaults to the tags of the parent service. - `meta` - Defaults to the service metadata of the parent service. - `port` - Defaults to being auto-assigned from a configurable - range specified by [`sidecar_min_port`](/docs/agent/config/agent-config-files#sidecar_min_port) - and [`sidecar_max_port`](/docs/agent/config/agent-config-files#sidecar_max_port). + range specified by [`sidecar_min_port`](/docs/agent/config/config-files#sidecar_min_port) + and [`sidecar_max_port`](/docs/agent/config/config-files#sidecar_max_port). - `kind` - Defaults to `connect-proxy`. This can't be overridden currently. - `check`, `checks` - By default we add a TCP check on the local address and port for the proxy, and a [service alias diff --git a/website/content/docs/discovery/checks.mdx b/website/content/docs/discovery/checks.mdx index 8be31decf..401f447c6 100644 --- a/website/content/docs/discovery/checks.mdx +++ b/website/content/docs/discovery/checks.mdx @@ -34,10 +34,10 @@ There are several different kinds of checks: In Consul 0.9.0 and later, script checks are not enabled by default. To use them you can either use : - - [`enable_local_script_checks`](/docs/agent/config/agent-config-cli#_enable_local_script_checks): + - [`enable_local_script_checks`](/docs/agent/config/cli-flags#_enable_local_script_checks): enable script checks defined in local config files. Script checks defined via the HTTP API will not be allowed. - - [`enable_script_checks`](/docs/agent/config/agent-config-cli#_enable_script_checks): enable + - [`enable_script_checks`](/docs/agent/config/cli-flags#_enable_script_checks): enable script checks regardless of how they are defined. ~> **Security Warning:** Enabling script checks in some configurations may @@ -109,7 +109,7 @@ There are several different kinds of checks: has to be performed is configurable which makes it possible to run containers which have different shells on the same host. Check output for Docker is limited to 4KB. Any output larger than this will be truncated. In Consul 0.9.0 and later, the agent - must be configured with [`enable_script_checks`](/docs/agent/config/agent-config-cli#_enable_script_checks) + must be configured with [`enable_script_checks`](/docs/agent/config/cli-flags#_enable_script_checks) set to `true` in order to enable Docker health checks. - `gRPC + Interval` - These checks are intended for applications that support the standard @@ -467,7 +467,7 @@ This is the only convention that Consul depends on. Any output of the script will be captured and stored in the `output` field. In Consul 0.9.0 and later, the agent must be configured with -[`enable_script_checks`](/docs/agent/config/agent-config-cli#_enable_script_checks) set to `true` +[`enable_script_checks`](/docs/agent/config/cli-flags#_enable_script_checks) set to `true` in order to enable script checks. ## Initial Health Check Status @@ -543,7 +543,7 @@ provided by the node will remain unchanged. ## Agent Certificates for TLS Checks -The [enable_agent_tls_for_checks](/docs/agent/config/agent-config-files#enable_agent_tls_for_checks) +The [enable_agent_tls_for_checks](/docs/agent/config/config-files#enable_agent_tls_for_checks) agent configuration option can be utilized to have HTTP or gRPC health checks to use the agent's credentials when configured for TLS. diff --git a/website/content/docs/discovery/dns.mdx b/website/content/docs/discovery/dns.mdx index 4a671f246..5e24f34da 100644 --- a/website/content/docs/discovery/dns.mdx +++ b/website/content/docs/discovery/dns.mdx @@ -21,9 +21,9 @@ are located in the `us-east-1` datacenter, and have no failing health checks. It's that simple! There are a number of configuration options that are important for the DNS interface, -specifically [`client_addr`](/docs/agent/config/agent-config-files#client_addr),[`ports.dns`](/docs/agent/config/agent-config-files#dns_port), -[`recursors`](/docs/agent/config/agent-config-files#recursors),[`domain`](/docs/agent/config/agent-config-files#domain), -[`alt_domain`](/docs/agent/config/agent-config-files#alt_domain), and [`dns_config`](/docs/agent/config/agent-config-files#dns_config). +specifically [`client_addr`](/docs/agent/config/config-files#client_addr),[`ports.dns`](/docs/agent/config/config-files#dns_port), +[`recursors`](/docs/agent/config/config-files#recursors),[`domain`](/docs/agent/config/config-files#domain), +[`alt_domain`](/docs/agent/config/config-files#alt_domain), and [`dns_config`](/docs/agent/config/config-files#dns_config). By default, Consul will listen on 127.0.0.1:8600 for DNS queries in the `consul.` domain, without support for further DNS recursion. Please consult the [documentation on configuration options](/docs/agent/config), @@ -32,7 +32,7 @@ specifically the configuration items linked above, for more details. There are a few ways to use the DNS interface. One option is to use a custom DNS resolver library and point it at Consul. Another option is to set Consul as the DNS server for a node and provide a -[`recursors`](/docs/agent/config/agent-config-files#recursors) configuration so that non-Consul queries +[`recursors`](/docs/agent/config/config-files#recursors) configuration so that non-Consul queries can also be resolved. The last method is to forward all queries for the "consul." domain to a Consul agent from the existing DNS server. Review the [DNS Forwarding tutorial](https://learn.hashicorp.com/tutorials/consul/dns-forwarding?utm_source=consul.io&utm_medium=docs) for examples. @@ -412,15 +412,15 @@ are not truncated. ## Alternative Domain By default, Consul responds to DNS queries in the `consul` domain, -but you can set a specific domain for responding to DNS queries by configuring the [`domain`](/docs/agent/config/agent-config-files#domain) parameter. +but you can set a specific domain for responding to DNS queries by configuring the [`domain`](/docs/agent/config/config-files#domain) parameter. In some instances, Consul may need to respond to queries in more than one domain, such as during a DNS migration or to distinguish between internal and external queries. Consul versions 1.5.2+ can be configured to respond to DNS queries on an alternative domain -through the [`alt_domain`](/docs/agent/config/agent-config-files#alt_domain) agent configuration +through the [`alt_domain`](/docs/agent/config/config-files#alt_domain) agent configuration option. As of Consul versions 1.11.0+, Consul's DNS response will use the same domain as was used in the query; -in prior versions, the response may use the primary [`domain`](/docs/agent/config/agent-config-files#domain) no matter which +in prior versions, the response may use the primary [`domain`](/docs/agent/config/config-files#domain) no matter which domain was used in the query. In the following example, the `alt_domain` parameter is set to `test-domain`: @@ -448,7 +448,7 @@ machine.node.dc1.test-domain. 0 IN TXT "consul-network-segment=" ``` -> **PTR queries:** Responses to PTR queries (`.in-addr.arpa.`) will always use the -[primary domain](/docs/agent/config/agent-config-files#domain) (not the alternative domain), +[primary domain](/docs/agent/config/config-files#domain) (not the alternative domain), as there is no way for the query to specify a domain. ## Caching @@ -463,8 +463,8 @@ for [DNS caching](https://learn.hashicorp.com/tutorials/consul/dns-caching). By default, Consul DNS queries will return a node's local address, even when being queried from a remote datacenter. If you need to use a different address to reach a node from outside its datacenter, you can configure this behavior -using the [`advertise-wan`](/docs/agent/config/agent-config-cli#_advertise-wan) and -[`translate_wan_addrs`](/docs/agent/config/agent-config-files#translate_wan_addrs) configuration +using the [`advertise-wan`](/docs/agent/config/cli-flags#_advertise-wan) and +[`translate_wan_addrs`](/docs/agent/config/config-files#translate_wan_addrs) configuration options. ## Namespaced/Partitioned Services @@ -480,7 +480,7 @@ services from other namespaces or partitions the following form can be used: This is the canonical name of a Consul Enterprise service. Currently all parts must be present - in a future version (once the -[`prefer_namespace` configuration](/docs/agent/config/agent-config-files#dns_prefer_namespace) has been +[`prefer_namespace` configuration](/docs/agent/config/config-files#dns_prefer_namespace) has been deprecated), the namespace, partition and datacenter components will become optional and may be individually omitted to default to the `default` namespace, local partition or local datacenter respectively. @@ -494,7 +494,7 @@ are enabled, you must first create ACL tokens with the necessary policies. Consul agents resolve DNS requests using one of the preconfigured tokens below, listed in order of precedence: -1. The agent's [`default` token](/docs/agent/config/agent-config-files#acl_tokens_default). +1. The agent's [`default` token](/docs/agent/config/config-files#acl_tokens_default). 2. The built-in [`anonymous` token](/docs/security/acl/acl-system#builtin-tokens). Because the anonymous token is used when any request is made to Consul without explicitly specifying a token, production deployments should not apply policies diff --git a/website/content/docs/dynamic-app-config/kv.mdx b/website/content/docs/dynamic-app-config/kv.mdx index ad8c57a4a..5d4576066 100644 --- a/website/content/docs/dynamic-app-config/kv.mdx +++ b/website/content/docs/dynamic-app-config/kv.mdx @@ -39,7 +39,7 @@ privileges on one key for developers to update the value related to their application. The datastore itself is located on the Consul servers in the [data -directory](/docs/agent/config/agent-config-cli#_data_dir). To ensure data is not lost in +directory](/docs/agent/config/cli-flags#_data_dir). To ensure data is not lost in the event of a complete outage, use the [`consul snapshot`](/commands/snapshot/restore) feature to backup the data. ## Using Consul KV @@ -48,7 +48,7 @@ Objects are opaque to Consul, meaning there are no restrictions on the type of object stored in a key/value entry. The main restriction on an object is size - the maximum is 512 KB. Due to the maximum object size and main use cases, you should not need extra storage; the general [sizing -recommendations](/docs/agent/config/agent-config-files#kv_max_value_size) +recommendations](/docs/agent/config/config-files#kv_max_value_size) are usually sufficient. Keys, like objects are not restricted by type and can include any character. diff --git a/website/content/docs/dynamic-app-config/watches.mdx b/website/content/docs/dynamic-app-config/watches.mdx index a3fe837d5..e9d7ba726 100644 --- a/website/content/docs/dynamic-app-config/watches.mdx +++ b/website/content/docs/dynamic-app-config/watches.mdx @@ -20,7 +20,7 @@ Watches are implemented using blocking queries in the [HTTP API](/api). Agents automatically make the proper API calls to watch for changes and inform a handler when the data view has updated. -Watches can be configured as part of the [agent's configuration](/docs/agent/config/agent-config-files#watches), +Watches can be configured as part of the [agent's configuration](/docs/agent/config/config-files#watches), causing them to run once the agent is initialized. Reloading the agent configuration allows for adding or removing watches dynamically. diff --git a/website/content/docs/enterprise/audit-logging.mdx b/website/content/docs/enterprise/audit-logging.mdx index 155872ae3..27382043e 100644 --- a/website/content/docs/enterprise/audit-logging.mdx +++ b/website/content/docs/enterprise/audit-logging.mdx @@ -25,14 +25,14 @@ For more experience leveraging Consul's audit logging functionality, explore our HashiCorp Learn tutorial [Capture Consul Events with Audit Logging](https://learn.hashicorp.com/tutorials/consul/audit-logging). For detailed configuration information on configuring the Consul Enterprise's audit -logging, review the Consul [Audit Log](/docs/agent/config/agent-config-files#audit) +logging, review the Consul [Audit Log](/docs/agent/config/config-files#audit) documentation. ## Example Configuration Audit logging must be enabled on every agent in order to accurately capture all operations performed through the HTTP API. To enable logging, add -the [`audit`](/docs/agent/config/agent-config-files#audit) stanza to the agent's configuration. +the [`audit`](/docs/agent/config/config-files#audit) stanza to the agent's configuration. -> **Note**: Consul only logs operations which are initiated via the HTTP API. The audit log does not record operations that take place over the internal RPC diff --git a/website/content/docs/enterprise/license/overview.mdx b/website/content/docs/enterprise/license/overview.mdx index ae99a5874..377137248 100644 --- a/website/content/docs/enterprise/license/overview.mdx +++ b/website/content/docs/enterprise/license/overview.mdx @@ -36,7 +36,7 @@ When using these binaries no further action is necessary to configure the licens ### Binaries Without Built In Licenses For Consul Enterprise 1.10.0 or greater, binaries that do not include built in licenses a license must be available at the time the agent starts. -For server agents this means that they must either have the [`license_path`](/docs/agent/config/agent-config-files#license_path) +For server agents this means that they must either have the [`license_path`](/docs/agent/config/config-files#license_path) configuration set or have a license configured in the servers environment with the `CONSUL_LICENSE` or `CONSUL_LICENSE_PATH` environment variables. Both the configuration item and the `CONSUL_LICENSE_PATH` environment variable point to a file containing the license whereas the `CONSUL_LICENSE` environment @@ -55,9 +55,9 @@ to retrieve the license automatically under specific circumstances. When a client agent starts without a license in its configuration or environment, it will try to retrieve the license from the servers via RPCs. That RPC always requires a valid non-anonymous ACL token to authorize the request but the token doesn't need any particular permissions. As the license is required before the client -actually joins the cluster, where to make those RPC requests to is inferred from the [`start_join`](/docs/agent/config/agent-config-files#start_join) -or [`retry_join`](/docs/agent/config/agent-config-files#retry_join) configurations. If those are both unset or no -[`agent` token](/docs/agent/config/agent-config-files#acl_tokens_agent) is set then the client agent will immediately shut itself down. +actually joins the cluster, where to make those RPC requests to is inferred from the [`start_join`](/docs/agent/config/config-files#start_join) +or [`retry_join`](/docs/agent/config/config-files#retry_join) configurations. If those are both unset or no +[`agent` token](/docs/agent/config/config-files#acl_tokens_agent) is set then the client agent will immediately shut itself down. If all preliminary checks pass the client agent will attempt to reach out to any server on its RPC port to request the license. These requests will be retried for up to 5 minutes and if it is unable to retrieve a diff --git a/website/content/docs/enterprise/network-segments.mdx b/website/content/docs/enterprise/network-segments.mdx index d36d121ce..d4a1ffeda 100644 --- a/website/content/docs/enterprise/network-segments.mdx +++ b/website/content/docs/enterprise/network-segments.mdx @@ -15,7 +15,7 @@ description: |- Consul requires full connectivity between all agents (servers and clients) in a -[datacenter](/docs/agent/config/agent-config-cli#_datacenter) within a given +[datacenter](/docs/agent/config/cli-flags#_datacenter) within a given LAN gossip pool. By default, all Consul agents will be a part of one shared Serf LAN gossip pool known as the `` network segment, thus requiring full mesh connectivity within the datacenter. @@ -46,7 +46,7 @@ Consul networking models and their capabilities. **Cluster:** A set of Consul servers forming a Raft quorum along with a collection of Consul clients, all set to the same -[datacenter](/docs/agent/config/agent-config-cli#_datacenter), and joined together to form +[datacenter](/docs/agent/config/cli-flags#_datacenter), and joined together to form what we will call a "local cluster". Consul clients discover the Consul servers in their local cluster through the gossip mechanism and make RPC requests to them. LAN Gossip (OSS) is an open intra-cluster networking model, and Network @@ -72,7 +72,7 @@ group of agents to only connect with the agents in its segment. Server agents are members of all segments. The datacenter includes a `` segment, as well as additional segments defined in the -[`segments`](/docs/agent/config/agent-config-files#segments) server agent configuration option. +[`segments`](/docs/agent/config/config-files#segments) server agent configuration option. Each additional segment is defined by: - a non-empty name @@ -129,19 +129,19 @@ segments = [ -The server [agent configuration](/docs/agent/config/agent-config-files) options relevant to network +The server [agent configuration](/docs/agent/config/config-files) options relevant to network segments are: -- [`ports.serf_lan`](/docs/agent/config/agent-config-files#serf_lan_port): The Serf LAN port on this server +- [`ports.serf_lan`](/docs/agent/config/config-files#serf_lan_port): The Serf LAN port on this server for the `` network segment's gossip pool. -- [`segments`](/docs/agent/config/agent-config-files#segments): A list of user-defined network segments +- [`segments`](/docs/agent/config/config-files#segments): A list of user-defined network segments on this server, including their names and Serf LAN ports. ## Client Configuration Each client agent can only be a member of one segment at a time. This will be the `` segment unless otherwise specified in the agent's -[`segment`](/docs/agent/config/agent-config-cli#segment) agent configuration option. +[`segment`](/docs/agent/config/cli-flags#_segment) agent configuration option. ### Join a Client to a Segment ((#join_a_client_to_a_segment)) @@ -154,14 +154,14 @@ configured segment. Clients A and B specify the same segment S. Client B is already joined to the segment S LAN gossip pool. Client A wants to join via Client B. In order to do so, Client A -must connect to Client B's configured [Serf LAN port](/docs/agent/config/agent-config-files#serf_lan_port). +must connect to Client B's configured [Serf LAN port](/docs/agent/config/config-files#serf_lan_port).     Client A specifies segment S and wants to join the segment S gossip pool via Server 1. In order to do so, Client A must connect to Server 1's configured [Serf LAN port -for segment S](/docs/agent/config/agent-config-files#segment_port). +for segment S](/docs/agent/config/config-files#segment_port). @@ -171,12 +171,12 @@ of precedence: 1. **Specify an explicit port in the join address**. This can be done at the CLI when starting the agent (e.g., `consul agent -retry-join "client-b-address:8303"`), or in the agent's - configuration using the [retry-join option](/docs/agent/config/agent-config-files#retry_join). This method + configuration using the [retry-join option](/docs/agent/config/config-files#retry_join). This method is not compatible with [cloud auto-join](/docs/install/cloud-auto-join#auto-join-with-network-segments). 2. **Specify an alternate Serf LAN port for the agent**. This can be done at the CLI when starting the agent (e.g., `consul agent -retry-join "client-b-address" -serf-lan-port 8303`), or in - the agent's configuration using the [serf_lan](/docs/agent/config/agent-config-files#serf_lan_port) option. + the agent's configuration using the [serf_lan](/docs/agent/config/config-files#serf_lan_port) option. When a Serf LAN port is not explicitly specified in the join address, the agent will attempt to join the target host at the Serf LAN port specified in CLI or agent configuration. @@ -221,15 +221,15 @@ ports = { -The client [agent configuration](/docs/agent/config/agent-config-files) options relevant to network +The client [agent configuration](/docs/agent/config/config-files) options relevant to network segments are: -- [`segment`](/docs/agent/config/agent-config-files#segment-2): The name of the network segment this +- [`segment`](/docs/agent/config/config-files#segment-2): The name of the network segment this client agent belongs to. -- [`ports.serf_lan`](/docs/agent/config/agent-config-files#serf_lan_port): +- [`ports.serf_lan`](/docs/agent/config/config-files#serf_lan_port): Serf LAN port for the above segment on this client. This is not required to match the configured Serf LAN port for other agents on this segment. -- [`retry_join`](/docs/agent/config/agent-config-files#retry_join) or - [`start_join`](/docs/agent/config/agent-config-files#start_join): A list of agent addresses to join +- [`retry_join`](/docs/agent/config/config-files#retry_join) or + [`start_join`](/docs/agent/config/config-files#start_join): A list of agent addresses to join when starting. Ensure the correct Serf LAN port for this segment is used when joining the LAN gossip pool using one of the [available configuration methods](#join_a_client_to_a_segment). diff --git a/website/content/docs/enterprise/read-scale.mdx b/website/content/docs/enterprise/read-scale.mdx index c7b6006b5..3665db34e 100644 --- a/website/content/docs/enterprise/read-scale.mdx +++ b/website/content/docs/enterprise/read-scale.mdx @@ -20,5 +20,5 @@ however, they do not take part in quorum election operations. Expanding your Con reads without impacting write latency. For more details, review the [Consul server configuration](/docs/agent/config) -documentation and the [-read-replica](/docs/agent/config/agent-config-cli#_read_replica) +documentation and the [-read-replica](/docs/agent/config/cli-flags#_read_replica) configuration flag. diff --git a/website/content/docs/install/bootstrapping.mdx b/website/content/docs/install/bootstrapping.mdx index a191be28a..849a3fc3c 100644 --- a/website/content/docs/install/bootstrapping.mdx +++ b/website/content/docs/install/bootstrapping.mdx @@ -30,16 +30,16 @@ as data loss is inevitable in a failure scenario. Please refer to the Manual bootstrapping with `-bootstrap` is not recommended in newer versions of Consul (0.5 and newer) as it is more error-prone. Instead you should use automatic bootstrapping -with [`-bootstrap-expect`](/docs/agent/config/agent-config-cli#_bootstrap_expect). +with [`-bootstrap-expect`](/docs/agent/config/cli-flags#_bootstrap_expect). ## Bootstrapping the Servers -The recommended way to bootstrap the servers is to use the [`-bootstrap-expect`](/docs/agent/config/agent-config-cli#_bootstrap_expect) +The recommended way to bootstrap the servers is to use the [`-bootstrap-expect`](/docs/agent/config/cli-flags#_bootstrap_expect) configuration option. This option informs Consul of the expected number of server nodes and automatically bootstraps when that many servers are available. To prevent inconsistencies and split-brain (clusters where multiple servers consider themselves leader) situations, you should either specify the same value for -[`-bootstrap-expect`](/docs/agent/config/agent-config-cli#_bootstrap_expect) +[`-bootstrap-expect`](/docs/agent/config/cli-flags#_bootstrap_expect) or specify no value at all on all the servers. Only servers that specify a value will attempt to bootstrap the cluster. Suppose we are starting a three server cluster. We can start `Node A`, `Node B`, and `Node C` with each @@ -61,11 +61,11 @@ You can trigger leader election by joining the servers together, to create a clu There are multiple options for joining the servers. Choose the method which best suits your environment and specific use case. - Specify a list of servers with - [-join](/docs/agent/config/agent-config-cli#_join) and - [start_join](/docs/agent/config/agent-config-files#start_join) + [-join](/docs/agent/config/cli-flags#_join) and + [start_join](/docs/agent/config/config-files#start_join) options. -- Specify a list of servers with [-retry-join](/docs/agent/config/agent-config-cli#_retry_join) option. -- Use automatic joining by tag for supported cloud environments with the [-retry-join](/docs/agent/config/agent-config-cli#_retry_join) option. +- Specify a list of servers with [-retry-join](/docs/agent/config/cli-flags#_retry_join) option. +- Use automatic joining by tag for supported cloud environments with the [-retry-join](/docs/agent/config/cli-flags#_retry_join) option. All three methods can be set in the agent configuration file or the command line flag. diff --git a/website/content/docs/install/cloud-auto-join.mdx b/website/content/docs/install/cloud-auto-join.mdx index 78dc2b310..3d6072f9b 100644 --- a/website/content/docs/install/cloud-auto-join.mdx +++ b/website/content/docs/install/cloud-auto-join.mdx @@ -69,7 +69,7 @@ to use port `8303` as its Serf LAN port prior to attempting to join the cluster. The following example configuration overrides the default Serf LAN port using the -[`ports.serf_lan`](/docs/agent/config/agent-config-files#serf_lan_port) configuration option. +[`ports.serf_lan`](/docs/agent/config/config-files#serf_lan_port) configuration option. @@ -85,7 +85,7 @@ ports { The following example overrides the default Serf LAN port using the -[`-serf-lan-port`](/docs/agent/config/agent-config-cli#_serf_lan_port) command line flag. +[`-serf-lan-port`](/docs/agent/config/cli-flags#_serf_lan_port) command line flag. ```shell $ consul agent -serf-lan-port=8303 -retry-join "provider=..." diff --git a/website/content/docs/install/manual-bootstrap.mdx b/website/content/docs/install/manual-bootstrap.mdx index 46f8cab3e..bb72b9aec 100644 --- a/website/content/docs/install/manual-bootstrap.mdx +++ b/website/content/docs/install/manual-bootstrap.mdx @@ -23,7 +23,7 @@ storing the cluster state. The client nodes are mostly stateless and rely on the server nodes, so they can be started easily. Manual bootstrapping requires that the first server that is deployed in a new -datacenter provide the [`-bootstrap` configuration option](/docs/agent/config/agent-config-cli#_bootstrap). +datacenter provide the [`-bootstrap` configuration option](/docs/agent/config/cli-flags#_bootstrap). This option allows the server to assert leadership of the cluster without agreement from any other server. This is necessary because at this point, there are no other servers running in diff --git a/website/content/docs/install/performance.mdx b/website/content/docs/install/performance.mdx index 3be2d3801..e5824963c 100644 --- a/website/content/docs/install/performance.mdx +++ b/website/content/docs/install/performance.mdx @@ -18,7 +18,7 @@ reads work from a fully in-memory data store that is optimized for concurrent ac ## Minimum Server Requirements ((#minimum)) -In Consul 0.7, the default server [performance parameters](/docs/agent/config/agent-config-files#performance) +In Consul 0.7, the default server [performance parameters](/docs/agent/config/config-files#performance) were tuned to allow Consul to run reliably (but relatively slowly) on a server cluster of three [AWS t2.micro](https://aws.amazon.com/ec2/instance-types/) instances. These thresholds were determined empirically using a leader instance that was under sufficient read, write, @@ -43,7 +43,7 @@ The default performance configuration is equivalent to this: ## Production Server Requirements ((#production)) When running Consul 0.7 and later in production, it is recommended to configure the server -[performance parameters](/docs/agent/config/agent-config-files#performance) back to Consul's original +[performance parameters](/docs/agent/config/config-files#performance) back to Consul's original high-performance settings. This will let Consul servers detect a failed leader and complete leader elections much more quickly than the default configuration which extends key Raft timeouts by a factor of 5, so it can be quite slow during these events. @@ -103,14 +103,14 @@ Here are some general recommendations: issues between the servers or insufficient CPU resources. Users in cloud environments often bump their servers up to the next instance class with improved networking and CPU until leader elections stabilize, and in Consul 0.7 or later the [performance - parameters](/docs/agent/config/agent-config-files#performance) configuration now gives you tools + parameters](/docs/agent/config/config-files#performance) configuration now gives you tools to trade off performance instead of upsizing servers. You can use the [`consul.raft.leader.lastContact` telemetry](/docs/agent/telemetry#leadership-changes) to observe how the Raft timing is performing and guide the decision to de-tune Raft performance or add more powerful servers. - For DNS-heavy workloads, configuring all Consul agents in a cluster with the - [`allow_stale`](/docs/agent/config/agent-config-files#allow_stale) configuration option will allow reads to + [`allow_stale`](/docs/agent/config/config-files#allow_stale) configuration option will allow reads to scale across all Consul servers, not just the leader. Consul 0.7 and later enables stale reads for DNS by default. See [Stale Reads](https://learn.hashicorp.com/tutorials/consul/dns-caching#stale-reads) in the [DNS Caching](https://learn.hashicorp.com/tutorials/consul/dns-caching) guide for more details. It's also good to set @@ -121,7 +121,7 @@ Here are some general recommendations: [stale consistency mode](/api-docs/features/consistency#stale) available to allow reads to scale across all the servers and not just be forwarded to the leader. -- In Consul 0.9.3 and later, a new [`limits`](/docs/agent/config/agent-config-files#limits) configuration is +- In Consul 0.9.3 and later, a new [`limits`](/docs/agent/config/config-files#limits) configuration is available on Consul clients to limit the RPC request rate they are allowed to make against the Consul servers. After hitting the limit, requests will start to return rate limit errors until time has passed and more requests are allowed. Configuring this across the cluster can help with @@ -156,11 +156,11 @@ For **write-heavy** workloads, the total RAM available for overhead must approxi RAM NEEDED = number of keys * average key size * 2-3x ``` -Since writes must be synced to disk (persistent storage) on a quorum of servers before they are committed, deploying a disk with high write throughput (or an SSD) will enhance performance on the write side. ([Documentation](/docs/agent/config/agent-config-cli#_data_dir)) +Since writes must be synced to disk (persistent storage) on a quorum of servers before they are committed, deploying a disk with high write throughput (or an SSD) will enhance performance on the write side. ([Documentation](/docs/agent/config/cli-flags#_data_dir)) For a **read-heavy** workload, configure all Consul server agents with the `allow_stale` DNS option, or query the API with the `stale` [consistency mode](/api-docs/features/consistency). By default, all queries made to the server are RPC forwarded to and serviced by the leader. By enabling stale reads, any server will respond to any query, thereby reducing overhead on the leader. Typically, the stale response is `100ms` or less from consistent mode but it drastically improves performance and reduces latency under high load. -If the leader server is out of memory or the disk is full, the server eventually stops responding, loses its election and cannot move past its last commit time. However, by configuring `max_stale` and setting it to a large value, Consul will continue to respond to queries during such outage scenarios. ([max_stale documentation](/docs/agent/config/agent-config-files#max_stale)). +If the leader server is out of memory or the disk is full, the server eventually stops responding, loses its election and cannot move past its last commit time. However, by configuring `max_stale` and setting it to a large value, Consul will continue to respond to queries during such outage scenarios. ([max_stale documentation](/docs/agent/config/config-files#max_stale)). It should be noted that `stale` is not appropriate for coordination where strong consistency is important (i.e. locking or application leader election). For critical cases, the optional `consistent` API query mode is required for true linearizability; the trade off is that this turns a read into a full quorum write so requires more resources and takes longer. @@ -168,7 +168,7 @@ It should be noted that `stale` is not appropriate for coordination where strong Consul’s agents use network sockets for communicating with the other nodes (gossip) and with the server agent. In addition, file descriptors are also opened for watch handlers, health checks, and log files. For a **write heavy** cluster, the `ulimit` size must be increased from the default value (`1024`) to prevent the leader from running out of file descriptors. -To prevent any CPU spikes from a misconfigured client, RPC requests to the server should be [rate limited](/docs/agent/config/agent-config-files#limits) +To prevent any CPU spikes from a misconfigured client, RPC requests to the server should be [rate limited](/docs/agent/config/config-files#limits) ~> **NOTE** Rate limiting is configured on the client agent only. @@ -191,8 +191,8 @@ Smearing requests over 30s is sufficient to bring RPC load to a reasonable level in all but the very largest clusters, but the extra CPU load from cryptographic operations could impact the server's normal work. To limit that, Consul since 1.4.1 exposes two ways to limit the impact Certificate signing has on the leader -[`csr_max_per_second`](/docs/agent/config/agent-config-files#ca_csr_max_per_second) and -[`csr_max_concurrent`](/docs/agent/config/agent-config-files#ca_csr_max_concurrent). +[`csr_max_per_second`](/docs/agent/config/config-files#ca_csr_max_per_second) and +[`csr_max_concurrent`](/docs/agent/config/config-files#ca_csr_max_concurrent). By default we set a limit of 50 per second which is reasonable on modest hardware but may be too low and impact rotation times if more than 1500 service diff --git a/website/content/docs/install/ports.mdx b/website/content/docs/install/ports.mdx index 6cbc9eb82..0923935ba 100644 --- a/website/content/docs/install/ports.mdx +++ b/website/content/docs/install/ports.mdx @@ -55,4 +55,4 @@ the Serf WAN port (TCP/UDP) to be listening on both WAN and LAN interfaces. See **Server RPC** This is used by servers to handle incoming requests from other agents. -Note, the default ports can be changed in the [agent configuration](/docs/agent/config/agent-config-files#ports). +Note, the default ports can be changed in the [agent configuration](/docs/agent/config/config-files#ports). diff --git a/website/content/docs/k8s/connect/connect-ca-provider.mdx b/website/content/docs/k8s/connect/connect-ca-provider.mdx index 5025fcd7b..0fe9d664a 100644 --- a/website/content/docs/k8s/connect/connect-ca-provider.mdx +++ b/website/content/docs/k8s/connect/connect-ca-provider.mdx @@ -200,5 +200,5 @@ To update any settings under these keys, you must use Consul's [Update CA Config To renew the Vault token, use the [`vault token renew`](https://www.vaultproject.io/docs/commands/token/renew) CLI command or API. -[`ca_config`]: /docs/agent/config/agent-config-files#connect_ca_config -[`ca_provider`]: /docs/agent/config/agent-config-files#connect_ca_provider +[`ca_config`]: /docs/agent/config/config-files#connect_ca_config +[`ca_provider`]: /docs/agent/config/config-files#connect_ca_provider diff --git a/website/content/docs/k8s/helm.mdx b/website/content/docs/k8s/helm.mdx index f2ca6d800..f20934631 100644 --- a/website/content/docs/k8s/helm.mdx +++ b/website/content/docs/k8s/helm.mdx @@ -58,7 +58,7 @@ Use these links to navigate to a particular top-level stanza. the prefix will be `-consul`. - `domain` ((#v-global-domain)) (`string: consul`) - The domain Consul will answer DNS queries for - (see `-domain` (https://consul.io/docs/agent/config/agent-config-cli#_domain)) and the domain services synced from + (see `-domain` (https://consul.io/docs/agent/config/cli-flags#_domain)) and the domain services synced from Consul into Kubernetes will have, e.g. `service-name.service.consul`. - `adminPartitions` ((#v-global-adminpartitions)) - Enabling `adminPartitions` allows creation of Admin Partitions in Kubernetes clusters. @@ -261,7 +261,7 @@ Use these links to navigate to a particular top-level stanza. ``` - `gossipEncryption` ((#v-global-gossipencryption)) - Configures Consul's gossip encryption key. - (see `-encrypt` (https://consul.io/docs/agent/config/agent-config-cli#_encrypt)). + (see `-encrypt` (https://consul.io/docs/agent/config/cli-flags#_encrypt)). By default, gossip encryption is not enabled. The gossip encryption key may be set automatically or manually. The recommended method is to automatically generate the key. To automatically generate and set a gossip encryption key, set autoGenerate to true. @@ -292,7 +292,7 @@ Use these links to navigate to a particular top-level stanza. - `recursors` ((#v-global-recursors)) (`array: []`) - A list of addresses of upstream DNS servers that are used to recursively resolve DNS queries. These values are given as `-recursor` flags to Consul servers and clients. - See https://www.consul.io/docs/agent/config/agent-config-cli#_recursor for more details. + See https://www.consul.io/docs/agent/config/cli-flags#_recursor for more details. If this is an empty array (the default), then Consul DNS will only resolve queries for the Consul top level domain (by default `.consul`). - `tls` ((#v-global-tls)) - Enables TLS (https://learn.hashicorp.com/tutorials/consul/tls-encryption-secure) @@ -864,7 +864,7 @@ Use these links to navigate to a particular top-level stanza. - `image` ((#v-client-image)) (`string: null`) - The name of the Docker image (including any tag) for the containers running Consul client agents. - - `join` ((#v-client-join)) (`array: null`) - A list of valid `-retry-join` values (https://consul.io/docs/agent/config/agent-config-files#retry-join). + - `join` ((#v-client-join)) (`array: null`) - A list of valid `-retry-join` values (https://consul.io/docs/agent/config/config-files#retry-join). If this is `null` (default), then the clients will attempt to automatically join the server cluster running within Kubernetes. This means that with `server.enabled` set to true, clients will automatically @@ -885,7 +885,7 @@ Use these links to navigate to a particular top-level stanza. required for Connect. - `nodeMeta` ((#v-client-nodemeta)) - nodeMeta specifies an arbitrary metadata key/value pair to associate with the node - (see https://www.consul.io/docs/agent/config/agent-config-cli#_node_meta) + (see https://www.consul.io/docs/agent/config/cli-flags#_node_meta) - `pod-name` ((#v-client-nodemeta-pod-name)) (`string: ${HOSTNAME}`) @@ -1238,7 +1238,7 @@ Use these links to navigate to a particular top-level stanza. will inherit from `global.metrics.enabled` value. - `provider` ((#v-ui-metrics-provider)) (`string: prometheus`) - Provider for metrics. See - https://www.consul.io/docs/agent/config/agent-config-files#ui_config_metrics_provider + https://www.consul.io/docs/agent/config/config-files#ui_config_metrics_provider This value is only used if `ui.enabled` is set to true. - `baseURL` ((#v-ui-metrics-baseurl)) (`string: http://prometheus-server`) - baseURL is the URL of the prometheus server, usually the service URL. diff --git a/website/content/docs/k8s/installation/deployment-configurations/servers-outside-kubernetes.mdx b/website/content/docs/k8s/installation/deployment-configurations/servers-outside-kubernetes.mdx index 6cc85bb0f..82a7c7ea0 100644 --- a/website/content/docs/k8s/installation/deployment-configurations/servers-outside-kubernetes.mdx +++ b/website/content/docs/k8s/installation/deployment-configurations/servers-outside-kubernetes.mdx @@ -22,7 +22,7 @@ you want the clients to be exposed on the Kubernetes internal node IPs (`true`) their pod IPs (`false`). Finally, `client.join` is set to an array of valid -[`-retry-join` values](/docs/agent/config/agent-config-cli#retry-join). In the +[`-retry-join` values](/docs/agent/config/cli-flags#retry-join). In the example above, a fake [cloud auto-join](/docs/agent/cloud-auto-join) value is specified. This should be set to resolve to the proper addresses of your existing Consul cluster. diff --git a/website/content/docs/k8s/installation/multi-cluster/kubernetes.mdx b/website/content/docs/k8s/installation/multi-cluster/kubernetes.mdx index 1c37161e0..aa68ee50e 100644 --- a/website/content/docs/k8s/installation/multi-cluster/kubernetes.mdx +++ b/website/content/docs/k8s/installation/multi-cluster/kubernetes.mdx @@ -271,8 +271,8 @@ The automatically generated federation secret contains: - **Consul server config** - This is a JSON snippet that must be used as part of the server config for secondary datacenters. It sets: - - [`primary_datacenter`](/docs/agent/config/agent-config-files#primary_datacenter) to the name of the primary datacenter. - - [`primary_gateways`](/docs/agent/config/agent-config-files#primary_gateways) to an array of IPs or hostnames + - [`primary_datacenter`](/docs/agent/config/config-files#primary_datacenter) to the name of the primary datacenter. + - [`primary_gateways`](/docs/agent/config/config-files#primary_gateways) to an array of IPs or hostnames for the mesh gateways in the primary datacenter. These are the addresses that Consul servers in secondary clusters will use to communicate with the primary datacenter. diff --git a/website/content/docs/k8s/installation/multi-cluster/vms-and-kubernetes.mdx b/website/content/docs/k8s/installation/multi-cluster/vms-and-kubernetes.mdx index f792ae115..e031de71b 100644 --- a/website/content/docs/k8s/installation/multi-cluster/vms-and-kubernetes.mdx +++ b/website/content/docs/k8s/installation/multi-cluster/vms-and-kubernetes.mdx @@ -95,7 +95,7 @@ The following sections detail how to export this data. ==> Saved dc1-client-consul-0-key.pem ``` - Or use the [auto_encrypt](/docs/agent/config/agent-config-files#auto_encrypt) feature. + Or use the [auto_encrypt](/docs/agent/config/config-files#auto_encrypt) feature. ### Mesh Gateway Addresses diff --git a/website/content/docs/nia/configuration.mdx b/website/content/docs/nia/configuration.mdx index 52da3e570..54e42ac03 100644 --- a/website/content/docs/nia/configuration.mdx +++ b/website/content/docs/nia/configuration.mdx @@ -61,7 +61,7 @@ tls { The `consul` block is used to configure CTS connection with a Consul agent to perform queries to the Consul Catalog and Consul KV pertaining to task execution. --> **Note:** Use HTTP/2 to improve Consul-Terraform-Sync performance when communicating with the local Consul process. [TLS/HTTPS](/docs/agent/config/agent-config-files) must be configured for the local Consul with the [cert_file](/docs/agent/config/agent-config-filess#cert_file) and [key_file](/docs/agent/config/agent-config-files#key_file) parameters set. For the Consul-Terraform-Sync configuration, set `tls.enabled = true` and set the `address` parameter to the HTTPS URL, e.g., `address = example.consul.com:8501`. If using self-signed certificates for Consul, you will also need to set `tls.verify = false` or add the certificate to `ca_cert` or `ca_path`. +-> **Note:** Use HTTP/2 to improve Consul-Terraform-Sync performance when communicating with the local Consul process. [TLS/HTTPS](/docs/agent/config/config-files) must be configured for the local Consul with the [cert_file](/docs/agent/config/config-filess#cert_file) and [key_file](/docs/agent/config/config-files#key_file) parameters set. For the Consul-Terraform-Sync configuration, set `tls.enabled = true` and set the `address` parameter to the HTTPS URL, e.g., `address = example.consul.com:8501`. If using self-signed certificates for Consul, you will also need to set `tls.verify = false` or add the certificate to `ca_cert` or `ca_path`. To read more on suggestions for configuring the Consul agent, see [run an agent](/docs/nia/installation/requirements#run-an-agent). @@ -80,7 +80,7 @@ consul { - `enabled` - (bool) - `username` - (string) - `password` - (string) -- `tls` - Configure TLS to use a secure client connection with Consul. Using HTTP/2 can solve issues related to hitting Consul's maximum connection limits, as well as improve efficiency when processing many blocking queries. This option is required for Consul-Terraform-Sync when connecting to a [Consul agent with TLS verification enabled for HTTPS connections](/docs/agent/config/agent-config-files#verify_incoming). +- `tls` - Configure TLS to use a secure client connection with Consul. Using HTTP/2 can solve issues related to hitting Consul's maximum connection limits, as well as improve efficiency when processing many blocking queries. This option is required for Consul-Terraform-Sync when connecting to a [Consul agent with TLS verification enabled for HTTPS connections](/docs/agent/config/config-files#verify_incoming). - `enabled` - (bool) Enable TLS. Providing a value for any of the TLS options will enable this parameter implicitly. - `verify` - (bool: true) Enables TLS peer verification. The default is enabled, which will check the global certificate authority (CA) chain to make sure the certificates returned by Consul are valid. - If Consul is using a self-signed certificate that you have not added to the global CA chain, you can set this certificate with `ca_cert` or `ca_path`. Alternatively, you can disable SSL verification by setting `verify` to false. However, disabling verification is a potential security vulnerability. @@ -98,7 +98,7 @@ consul { - `max_idle_conns` - (int: 0) The maximum number of total idle connections across all hosts. The limit is disabled by default. - `max_idle_conns_per_host` - (int: 100) The maximum number of idle connections per remote host. The majority of connections are established with one host, the Consul agent. - To achieve the shortest latency between a Consul service update to a task execution, configure `max_idle_conns_per_host` equal to or greater than the number of services in automation across all tasks. - - This value should be lower than the configured [`http_max_conns_per_client`](/docs/agent/config/agent-config-files#http_max_conns_per_client) for the Consul agent. If `max_idle_conns_per_host` and the number of services in automation is greater than the Consul agent limit, Consul-Terraform-Sync may error due to connection limits (status code 429). You may increase the agent limit with caution. _Note: requests to the Consul agent made by Terraform subprocesses or any other process on the same host as Consul-Terraform-Sync will contribute to the Consul agent connection limit._ + - This value should be lower than the configured [`http_max_conns_per_client`](/docs/agent/config/config-files#http_max_conns_per_client) for the Consul agent. If `max_idle_conns_per_host` and the number of services in automation is greater than the Consul agent limit, Consul-Terraform-Sync may error due to connection limits (status code 429). You may increase the agent limit with caution. _Note: requests to the Consul agent made by Terraform subprocesses or any other process on the same host as Consul-Terraform-Sync will contribute to the Consul agent connection limit._ - `tls_handshake_timeout` - (string: "10s") amount of time to wait to complete the TLS handshake. ## Service diff --git a/website/content/docs/nia/installation/requirements.mdx b/website/content/docs/nia/installation/requirements.mdx index 27f482699..17f13ff5e 100644 --- a/website/content/docs/nia/installation/requirements.mdx +++ b/website/content/docs/nia/installation/requirements.mdx @@ -35,7 +35,7 @@ The Consul agent must be running in order to dynamically update network devices. When running a Consul agent with CTS in production, we suggest to keep a few considerations in mind. CTS uses [blocking queries](/api-docs/features/blocking) to monitor task dependencies, like changes to registered services. This results in multiple long running TCP connections between CTS and the agent to poll changes for each dependency. Monitoring a high number of services may quickly hit the default Consul agent connection limits. -There are 2 ways to fix this issue. The first and recommended fix is to use HTTP/2 (requires HTTPS) to communicate between Consul-Terraform-Sync and the Consul agent. When using HTTP/2 only a single connection is made and reused for all communications. See the [Consul Configuration section](/docs/nia/configuration#consul) for more. The other option is to configure [`limits.http_max_conns_per_client`](/docs/agent/config/agent-config-files#http_max_conns_per_client) for the agent to a reasonable value proportional to the number of services monitored by Consul-Terraform-Sync. +There are 2 ways to fix this issue. The first and recommended fix is to use HTTP/2 (requires HTTPS) to communicate between Consul-Terraform-Sync and the Consul agent. When using HTTP/2 only a single connection is made and reused for all communications. See the [Consul Configuration section](/docs/nia/configuration#consul) for more. The other option is to configure [`limits.http_max_conns_per_client`](/docs/agent/config/config-files#http_max_conns_per_client) for the agent to a reasonable value proportional to the number of services monitored by Consul-Terraform-Sync. ### Register Services diff --git a/website/content/docs/releases/release-notes/v1_9_0.mdx b/website/content/docs/releases/release-notes/v1_9_0.mdx index 1c7610aca..6d9c4b9aa 100644 --- a/website/content/docs/releases/release-notes/v1_9_0.mdx +++ b/website/content/docs/releases/release-notes/v1_9_0.mdx @@ -21,7 +21,7 @@ page_title: 1.9.0 - **Active Health Checks for Consul on Kubernetes:** Consul service mesh now integrates with Kubernetes Readiness probes. This provides the ability to natively detect health status from Kubernetes via Readiness probe, and is then used for directing service mesh traffic. - **Streaming:** This feature introduces a major architectural enhancement in how update notifications for blocking queries are delivered within the cluster. Streaming results in very significant reduction of CPU and network bandwidth usage on Consul servers in large-scale deployments. Streaming is particularly helpful in scaling blocking queries in Consul clusters that have rapid changes in service state. - - Streaming is now available for the service health HTTP endpoint, and can be enabled through the [`use_streaming_backend`](/docs/agent/config/agent-config-files#use_streaming_backend) client configuration option, and [`rpc.enable_streaming`](/docs/agent/config/agent-config-files#rpc_enable_streaming) option on the servers. We will continue to enable streaming in more endpoints in subsequent releases. + - Streaming is now available for the service health HTTP endpoint, and can be enabled through the [`use_streaming_backend`](/docs/agent/config/config-files#use_streaming_backend) client configuration option, and [`rpc.enable_streaming`](/docs/agent/config/config-files#rpc_enable_streaming) option on the servers. We will continue to enable streaming in more endpoints in subsequent releases. ## What's Changed diff --git a/website/content/docs/security/acl/acl-legacy.mdx b/website/content/docs/security/acl/acl-legacy.mdx index 17fcbae22..542d2bbef 100644 --- a/website/content/docs/security/acl/acl-legacy.mdx +++ b/website/content/docs/security/acl/acl-legacy.mdx @@ -89,7 +89,7 @@ and [Policies](/api-docs/acl/policies). ~> **Warning**: In this document we use the deprecated configuration parameter `acl_datacenter`. In Consul 1.4 and newer the -parameter has been updated to [`primary_datacenter`](/docs/agent/config/agent-config-files#primary_datacenter). +parameter has been updated to [`primary_datacenter`](/docs/agent/config/config-files#primary_datacenter). Consul provides an optional Access Control List (ACL) system which can be used to control access to data and APIs. The ACL is @@ -129,7 +129,7 @@ token are automatically applied. The anonymous token is managed using the Tokens are bound to a set of rules that control which Consul resources the token has access to. Policies can be defined in either an allowlist or denylist mode depending on the configuration of -[`acl_default_policy`](/docs/agent/config/agent-config-files#acl_default_policy). If the default +[`acl_default_policy`](/docs/agent/config/config-files#acl_default_policy). If the default policy is to "deny" all actions, then token rules can be set to allowlist specific actions. In the inverse, the "allow" all default behavior is a denylist where rules are used to prohibit actions. By default, Consul will allow all actions. @@ -169,7 +169,7 @@ Constructing rules from these policies is covered in detail in the #### ACL Datacenter All nodes (clients and servers) must be configured with a -[`acl_datacenter`](/docs/agent/config/agent-config-files#acl_datacenter) which enables ACL +[`acl_datacenter`](/docs/agent/config/config-files#acl_datacenter) which enables ACL enforcement but also specifies the authoritative datacenter. Consul relies on [RPC forwarding](/docs/architecture) to support multi-datacenter configurations. However, because requests can be made across datacenter boundaries, @@ -179,14 +179,14 @@ is considered authoritative and stores the canonical set of tokens. When a request is made to an agent in a non-authoritative datacenter, it must be resolved into the appropriate policy. This is done by reading the token from the authoritative server and caching the result for a configurable -[`acl_ttl`](/docs/agent/config/agent-config-files#acl_ttl). The implication of caching is that +[`acl_ttl`](/docs/agent/config/config-files#acl_ttl). The implication of caching is that the cache TTL is an upper bound on the staleness of policy that is enforced. It is possible to set a zero TTL, but this has adverse performance impacts, as every request requires refreshing the policy via an RPC call. During an outage of the ACL datacenter, or loss of connectivity, the cache will be used as long as the TTL is valid, or the cache may be extended if the -[`acl_down_policy`](/docs/agent/config/agent-config-files#acl_down_policy) is set accordingly. +[`acl_down_policy`](/docs/agent/config/config-files#acl_down_policy) is set accordingly. This configuration also allows the ACL system to fail open or closed. [ACL replication](#replication) is also available to allow for the full set of ACL tokens to be replicated for use during an outage. @@ -198,10 +198,10 @@ as to whether they are set on servers, clients, or both. | Configuration Option | Servers | Clients | Purpose | | --------------------------------------------------------------------- | ---------- | ---------- | ----------------------------------------------------------------------------------------- | -| [`acl_datacenter`](/docs/agent/config/agent-config-files#acl_datacenter) | `REQUIRED` | `REQUIRED` | Master control that enables ACLs by defining the authoritative Consul datacenter for ACLs | -| [`acl_default_policy`](/docs/agent/config/agent-config-files#acl_default_policy_legacy) | `OPTIONAL` | `N/A` | Determines allowlist or denylist mode | -| [`acl_down_policy`](/docs/agent/config/agent-config-files#acl_down_policy_legacy) | `OPTIONAL` | `OPTIONAL` | Determines what to do when the ACL datacenter is offline | -| [`acl_ttl`](/docs/agent/config/agent-config-files#acl_ttl_legacy) | `OPTIONAL` | `OPTIONAL` | Determines time-to-live for cached ACLs | +| [`acl_datacenter`](/docs/agent/config/config-files#acl_datacenter) | `REQUIRED` | `REQUIRED` | Master control that enables ACLs by defining the authoritative Consul datacenter for ACLs | +| [`acl_default_policy`](/docs/agent/config/config-files#acl_default_policy_legacy) | `OPTIONAL` | `N/A` | Determines allowlist or denylist mode | +| [`acl_down_policy`](/docs/agent/config/config-files#acl_down_policy_legacy) | `OPTIONAL` | `OPTIONAL` | Determines what to do when the ACL datacenter is offline | +| [`acl_ttl`](/docs/agent/config/config-files#acl_ttl_legacy) | `OPTIONAL` | `OPTIONAL` | Determines time-to-live for cached ACLs | There are some additional configuration items related to [ACL replication](#replication) and [Version 8 ACL support](#version_8_acls). These are discussed in those respective sections @@ -210,19 +210,19 @@ below. A number of special tokens can also be configured which allow for bootstrapping the ACL system, or accessing Consul in special situations: -| Special Token | Servers | Clients | Purpose | -| ----------------------------------------------------------------------------------------------- | ---------- | ---------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| [`acl_agent_master_token`](/docs/agent/config/agent-config-files#acl_agent_master_token_legacy) | `OPTIONAL` | `OPTIONAL` | Special token that can be used to access [Agent API](/api-docs/agent) when the ACL datacenter isn't available, or servers are offline (for clients); used for setting up the cluster such as doing initial join operations, see the [ACL Agent Master Token](#acl-agent-master-token) section for more details | -| [`acl_agent_token`](/docs/agent/config/agent-config-files#acl_agent_token_legacy) | `OPTIONAL` | `OPTIONAL` | Special token that is used for an agent's internal operations, see the [ACL Agent Token](#acl-agent-token) section for more details | -| [`acl_master_token`](/docs/agent/config/agent-config-files#acl_master_token_legacy) | `REQUIRED` | `N/A` | Special token used to bootstrap the ACL system, see the [Bootstrapping ACLs](#bootstrapping-acls) section for more details | -| [`acl_token`](/docs/agent/config/agent-config-files#acl_token_legacy) | `OPTIONAL` | `OPTIONAL` | Default token to use for client requests where no token is supplied; this is often configured with read-only access to services to enable DNS service discovery on agents | +| Special Token | Servers | Clients | Purpose | +| ------------------------------------------------------------------------------------------| ---------- | ---------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| [`acl_agent_master_token`](/docs/agent/config/config-files#acl_agent_master_token_legacy) | `OPTIONAL` | `OPTIONAL` | Special token that can be used to access [Agent API](/api-docs/agent) when the ACL datacenter isn't available, or servers are offline (for clients); used for setting up the cluster such as doing initial join operations, see the [ACL Agent Master Token](#acl-agent-master-token) section for more details | +| [`acl_agent_token`](/docs/agent/config/config-files#acl_agent_token_legacy) | `OPTIONAL` | `OPTIONAL` | Special token that is used for an agent's internal operations, see the [ACL Agent Token](#acl-agent-token) section for more details | +| [`acl_master_token`](/docs/agent/config/config-files#acl_master_token_legacy) | `REQUIRED` | `N/A` | Special token used to bootstrap the ACL system, see the [Bootstrapping ACLs](#bootstrapping-acls) section for more details | +| [`acl_token`](/docs/agent/config/config-files#acl_token_legacy) | `OPTIONAL` | `OPTIONAL` | Default token to use for client requests where no token is supplied; this is often configured with read-only access to services to enable DNS service discovery on agents | In Consul 0.9.1 and later, the agent ACL tokens can be introduced or updated via the [/v1/agent/token API](/api-docs/agent#update-acl-tokens). #### ACL Agent Master Token -Since the [`acl_agent_master_token`](/docs/agent/config/agent-config-files#acl_agent_master_token_legacy) is designed to be used when the Consul servers are not available, its policy is managed locally on the agent and does not need to have a token defined on the Consul servers via the ACL API. Once set, it implicitly has the following policy associated with it (the `node` policy was added in Consul 0.9.0): +Since the [`acl_agent_master_token`](/docs/agent/config/config-files#acl_agent_master_token_legacy) is designed to be used when the Consul servers are not available, its policy is managed locally on the agent and does not need to have a token defined on the Consul servers via the ACL API. Once set, it implicitly has the following policy associated with it (the `node` policy was added in Consul 0.9.0): ```hcl agent "" { @@ -238,7 +238,7 @@ In Consul 0.9.1 and later, the agent ACL tokens can be introduced or updated via #### ACL Agent Token -The [`acl_agent_token`](/docs/agent/config/agent-config-files#acl_agent_token) is a special token that is used for an agent's internal operations. It isn't used directly for any user-initiated operations like the [`acl_token`](/docs/agent/config/agent-config-files#acl_token), though if the `acl_agent_token` isn't configured the `acl_token` will be used. The ACL agent token is used for the following operations by the agent: +The [`acl_agent_token`](/docs/agent/config/config-files#acl_agent_token) is a special token that is used for an agent's internal operations. It isn't used directly for any user-initiated operations like the [`acl_token`](/docs/agent/config/config-files#acl_token), though if the `acl_agent_token` isn't configured the `acl_token` will be used. The ACL agent token is used for the following operations by the agent: 1. Updating the agent's node entry using the [Catalog API](/api-docs/catalog), including updating its node metadata, tagged addresses, and network coordinates 2. Performing [anti-entropy](/docs/architecture/anti-entropy) syncing, in particular reading the node metadata and services registered with the catalog @@ -258,7 +258,7 @@ key "_rexec" { } ``` -The `service` policy needs `read` access for any services that can be registered on the agent. If [remote exec is disabled](/docs/agent/config/agent-config-files#disable_remote_exec), the default, then the `key` policy can be omitted. +The `service` policy needs `read` access for any services that can be registered on the agent. If [remote exec is disabled](/docs/agent/config/config-files#disable_remote_exec), the default, then the `key` policy can be omitted. In Consul 0.9.1 and later, the agent ACL tokens can be introduced or updated via the [/v1/agent/token API](/api-docs/agent#update-acl-tokens). @@ -294,12 +294,12 @@ The servers will need to be restarted to load the new configuration. Please take to start the servers one at a time, and ensure each server has joined and is operating correctly before starting another. -The [`acl_master_token`](/docs/agent/config/agent-config-files#acl_master_token) will be created +The [`acl_master_token`](/docs/agent/config/config-files#acl_master_token) will be created as a "management" type token automatically. The -[`acl_master_token`](/docs/agent/config/agent-config-files#acl_master_token) is only installed when +[`acl_master_token`](/docs/agent/config/config-files#acl_master_token) is only installed when a server acquires cluster leadership. If you would like to install or change the -[`acl_master_token`](/docs/agent/config/agent-config-files#acl_master_token), set the new value for -[`acl_master_token`](/docs/agent/config/agent-config-files#acl_master_token) in the configuration +[`acl_master_token`](/docs/agent/config/config-files#acl_master_token), set the new value for +[`acl_master_token`](/docs/agent/config/config-files#acl_master_token) in the configuration for all servers. Once this is done, restart the current leader to force a leader election. In Consul 0.9.1 and later, you can use the [/v1/acl/bootstrap API](/api-docs/acl#bootstrap-acls) @@ -332,7 +332,7 @@ servers related to permission denied errors: ``` These errors are because the agent doesn't yet have a properly configured -[`acl_agent_token`](/docs/agent/config/agent-config-files#acl_agent_token) that it can use for its +[`acl_agent_token`](/docs/agent/config/config-files#acl_agent_token) that it can use for its own internal operations like updating its node information in the catalog and performing [anti-entropy](/docs/architecture/anti-entropy) syncing. We can create a token using the ACL API, and the ACL master token we set in the previous step: @@ -550,9 +550,9 @@ The next section shows an alternative to the anonymous token. #### Set Agent-Specific Default Tokens (Optional) -An alternative to the anonymous token is the [`acl_token`](/docs/agent/config/agent-config-files#acl_token) +An alternative to the anonymous token is the [`acl_token`](/docs/agent/config/config-files#acl_token) configuration item. When a request is made to a particular Consul agent and no token is -supplied, the [`acl_token`](/docs/agent/config/agent-config-files#acl_token) will be used for the token, +supplied, the [`acl_token`](/docs/agent/config/config-files#acl_token) will be used for the token, instead of being left empty which would normally invoke the anonymous token. In Consul 0.9.1 and later, the agent ACL tokens can be introduced or updated via the @@ -563,7 +563,7 @@ agent, if desired. For example, this allows more fine grained control of what DN given agent can service, or can give the agent read access to some key-value store prefixes by default. -If using [`acl_token`](/docs/agent/config/agent-config-files#acl_token), then it's likely the anonymous +If using [`acl_token`](/docs/agent/config/config-files#acl_token), then it's likely the anonymous token will have a more restrictive policy than shown in the examples here. #### Create Tokens for UI Use (Optional) @@ -727,7 +727,7 @@ starts with "bar". Since [Agent API](/api-docs/agent) utility operations may be required before an agent is joined to a cluster, or during an outage of the Consul servers or ACL datacenter, a special token may be -configured with [`acl_agent_master_token`](/docs/agent/config/agent-config-files#acl_agent_master_token) to allow +configured with [`acl_agent_master_token`](/docs/agent/config/config-files#acl_agent_master_token) to allow write access to these operations even if no ACL resolution capability is available. #### Event Rules @@ -753,7 +753,7 @@ starts with "deploy". The [`consul exec`](/commands/exec) command uses events with the "\_rexec" prefix during operation, so to enable this feature in a Consul environment with ACLs enabled, you will need to give agents a token with access to this event prefix, in addition to configuring -[`disable_remote_exec`](/docs/agent/config/agent-config-files#disable_remote_exec) to `false`. +[`disable_remote_exec`](/docs/agent/config/config-files#disable_remote_exec) to `false`. #### Key/Value Rules @@ -861,13 +861,13 @@ the example above, the rules allow read-only access to any node name with the em read-write access to any node name that starts with "app", and deny all access to any node name that starts with "admin". -Agents need to be configured with an [`acl_agent_token`](/docs/agent/config/agent-config-files#acl_agent_token) +Agents need to be configured with an [`acl_agent_token`](/docs/agent/config/config-files#acl_agent_token) with at least "write" privileges to their own node name in order to register their information with the catalog, such as node metadata and tagged addresses. If this is configured incorrectly, the agent will print an error to the console when it tries to sync its state with the catalog. Consul's DNS interface is also affected by restrictions on node rules. If the -[`acl_token`](/docs/agent/config/agent-config-files#acl_token) used by the agent does not have "read" access to a +[`acl_token`](/docs/agent/config/config-files#acl_token) used by the agent does not have "read" access to a given node, then the DNS interface will return no records when queried for it. When reading from the catalog or retrieving information from the health endpoints, node rules are @@ -880,7 +880,7 @@ periodic [anti-entropy](/docs/architecture/anti-entropy) syncs, which may requir ACL token to complete. To accommodate this, Consul provides two methods of configuring ACL tokens to use for registration events: -1. Using the [acl_token](/docs/agent/config/agent-config-files#acl_token) configuration +1. Using the [acl_token](/docs/agent/config/config-files#acl_token) configuration directive. This allows a single token to be configured globally and used during all check registration operations. 2. Providing an ACL token with service and check definitions at @@ -891,7 +891,7 @@ to use for registration events: [HTTP API](/api) for operations that require them. In addition to ACLs, in Consul 0.9.0 and later, the agent must be configured with -[`enable_script_checks`](/docs/agent/config/agent-config-files#enable_script_checks) set to `true` in order to enable +[`enable_script_checks`](/docs/agent/config/config-files#enable_script_checks) set to `true` in order to enable script checks. #### Operator Rules @@ -1025,7 +1025,7 @@ read-write access to any service name that starts with "app", and deny all acces starts with "admin". Consul's DNS interface is affected by restrictions on service rules. If the -[`acl_token`](/docs/agent/config/agent-config-files#acl_token) used by the agent does not have "read" access to a +[`acl_token`](/docs/agent/config/config-files#acl_token) used by the agent does not have "read" access to a given service, then the DNS interface will return no records when queried for it. When reading from the catalog or retrieving information from the health endpoints, service rules are @@ -1037,7 +1037,7 @@ performs periodic [anti-entropy](/docs/architecture/anti-entropy) syncs, which m ACL token to complete. To accommodate this, Consul provides two methods of configuring ACL tokens to use for registration events: -1. Using the [acl_token](/docs/agent/config/agent-config-files#acl_token) configuration +1. Using the [acl_token](/docs/agent/config/config-files#acl_token) configuration directive. This allows a single token to be configured globally and used during all service and check registration operations. 2. Providing an ACL token with service and check definitions at registration @@ -1048,12 +1048,12 @@ to use for registration events: API](/api) for operations that require them. **Note:** all tokens passed to an agent are persisted on local disk to allow recovery from restarts. See [`-data-dir` flag - documentation](/docs/agent/config/agent-config-files#acl_token) for notes on securing + documentation](/docs/agent/config/config-files#acl_token) for notes on securing access. In addition to ACLs, in Consul 0.9.0 and later, the agent must be configured with -[`enable_script_checks`](/docs/agent/config/agent-config-files#enable_script_checks) or -[`enable_local_script_checks`](/docs/agent/config/agent-config-files#enable_local_script_checks) +[`enable_script_checks`](/docs/agent/config/config-files#enable_script_checks) or +[`enable_local_script_checks`](/docs/agent/config/config-files#enable_local_script_checks) set to `true` in order to enable script checks. #### Session Rules @@ -1084,20 +1084,20 @@ name that starts with "admin". #### Outages and ACL Replication ((#replication)) The Consul ACL system is designed with flexible rules to accommodate for an outage -of the [`acl_datacenter`](/docs/agent/config/agent-config-files#acl_datacenter) or networking +of the [`acl_datacenter`](/docs/agent/config/config-files#acl_datacenter) or networking issues preventing access to it. In this case, it may be impossible for agents in non-authoritative datacenters to resolve tokens. Consul provides -a number of configurable [`acl_down_policy`](/docs/agent/config/agent-config-files#acl_down_policy) +a number of configurable [`acl_down_policy`](/docs/agent/config/config-files#acl_down_policy) choices to tune behavior. It is possible to deny or permit all actions or to ignore cache TTLs and enter a fail-safe mode. The default is to ignore cache TTLs for any previously resolved tokens and to deny any uncached tokens. Consul 0.7 added an ACL Replication capability that can allow non-authoritative datacenter agents to resolve even uncached tokens. This is enabled by setting an -[`acl_replication_token`](/docs/agent/config/agent-config-files#acl_replication_token) in the +[`acl_replication_token`](/docs/agent/config/config-files#acl_replication_token) in the configuration on the servers in the non-authoritative datacenters. In Consul 0.9.1 and later you can enable ACL replication using -[`enable_acl_replication`](/docs/agent/config/agent-config-files#enable_acl_replication) and +[`enable_acl_replication`](/docs/agent/config/config-files#enable_acl_replication) and then set the token later using the [agent token API](/api-docs/agent#update-acl-tokens) on each server. This can also be used to rotate the token without restarting the Consul servers. @@ -1113,7 +1113,7 @@ every 30 seconds. Replicated changes are written at a rate that's throttled to a large set of ACLs. If there's a partition or other outage affecting the authoritative datacenter, -and the [`acl_down_policy`](/docs/agent/config/agent-config-files#acl_down_policy) +and the [`acl_down_policy`](/docs/agent/config/config-files#acl_down_policy) is set to "extend-cache", tokens will be resolved during the outage using the replicated set of ACLs. An [ACL replication status](/api-docs/acl#check-acl-replication) endpoint is available to monitor the health of the replication process. @@ -1123,7 +1123,7 @@ already cached and is expired while similar semantics than "extend-cache". It allows to avoid having issues when connectivity with the authoritative is not completely broken, but very slow. -Locally-resolved ACLs will be cached using the [`acl_ttl`](/docs/agent/config/agent-config-files#acl_ttl) +Locally-resolved ACLs will be cached using the [`acl_ttl`](/docs/agent/config/config-files#acl_ttl) setting of the non-authoritative datacenter, so these entries may persist in the cache for up to the TTL, even after the authoritative datacenter comes back online. @@ -1149,7 +1149,7 @@ Consul 0.8 added many more ACL policy types and brought ACL enforcement to Consu agents for the first time. To ease the transition to Consul 0.8 for existing ACL users, there's a configuration option to disable these new features. To disable support for these new ACLs, set the -[`acl_enforce_version_8`](/docs/agent/config/agent-config-files#acl_enforce_version_8) configuration +[`acl_enforce_version_8`](/docs/agent/config/config-files#acl_enforce_version_8) configuration option to `false` on Consul clients and servers. Here's a summary of the new features: @@ -1172,31 +1172,31 @@ Here's a summary of the new features: Two new configuration options are used once version 8 ACLs are enabled: -- [`acl_agent_master_token`](/docs/agent/config/agent-config-files#acl_agent_master_token) is used as +- [`acl_agent_master_token`](/docs/agent/config/config-files#acl_agent_master_token) is used as a special access token that has `agent` ACL policy `write` privileges on each agent where it is configured, as well as `node` ACL policy `read` privileges for all nodes. This token should only be used by operators during outages when Consul servers aren't available to resolve ACL tokens. Applications should use regular ACL tokens during normal operation. -- [`acl_agent_token`](/docs/agent/config/agent-config-files#acl_agent_token) is used internally by +- [`acl_agent_token`](/docs/agent/config/config-files#acl_agent_token) is used internally by Consul agents to perform operations to the service catalog when registering themselves or sending network coordinates to the servers. This token must at least have `node` ACL policy `write` access to the node name it will register as in order to register any node-level information like metadata or tagged addresses. -Since clients now resolve ACLs locally, the [`acl_down_policy`](/docs/agent/config/agent-config-files#acl_down_policy) +Since clients now resolve ACLs locally, the [`acl_down_policy`](/docs/agent/config/config-files#acl_down_policy) now applies to Consul clients as well as Consul servers. This will determine what the client will do in the event that the servers are down. -Consul clients must have [`acl_datacenter`](/docs/agent/config/agent-config-files#acl_datacenter) configured +Consul clients must have [`acl_datacenter`](/docs/agent/config/config-files#acl_datacenter) configured in order to enable agent-level ACL features. If this is set, the agents will contact the Consul servers to determine if ACLs are enabled at the cluster level. If they detect that ACLs are not enabled, they will check at most every 2 minutes to see if they have become enabled, and will start enforcing ACLs automatically. If an agent has an `acl_datacenter` defined, operators will -need to use the [`acl_agent_master_token`](/docs/agent/config/agent-config-files#acl_agent_master_token) to +need to use the [`acl_agent_master_token`](/docs/agent/config/config-files#acl_agent_master_token) to perform agent-level operations if the Consul servers aren't present (such as for a manual join -to the cluster), unless the [`acl_down_policy`](/docs/agent/config/agent-config-files#acl_down_policy) on the +to the cluster), unless the [`acl_down_policy`](/docs/agent/config/config-files#acl_down_policy) on the agent is set to "allow". Non-server agents do not need to have the -[`acl_master_token`](/docs/agent/config/agent-config-files#acl_master_token) configured; it is not +[`acl_master_token`](/docs/agent/config/config-files#acl_master_token) configured; it is not used by agents in any way. diff --git a/website/content/docs/security/acl/acl-rules.mdx b/website/content/docs/security/acl/acl-rules.mdx index 59c24b31d..5e6762c74 100644 --- a/website/content/docs/security/acl/acl-rules.mdx +++ b/website/content/docs/security/acl/acl-rules.mdx @@ -227,7 +227,7 @@ with `bar`. Since [Agent API](/api-docs/agent) utility operations may be required before an agent is joined to a cluster, or during an outage of the Consul servers or ACL datacenter, a special token may be -configured with [`acl.tokens.agent_recovery`](/docs/agent/config/agent-config-files#acl_tokens_agent_recovery) to allow +configured with [`acl.tokens.agent_recovery`](/docs/agent/config/config-files#acl_tokens_agent_recovery) to allow write access to these operations even if no ACL resolution capability is available. ## Event Rules @@ -272,7 +272,7 @@ read-only access to any event, and firing of the "deploy" event. The [`consul exec`](/commands/exec) command uses events with the "\_rexec" prefix during operation, so to enable this feature in a Consul environment with ACLs enabled, you will need to give agents a token with access to this event prefix, in addition to configuring -[`disable_remote_exec`](/docs/agent/config/agent-config-files#disable_remote_exec) to `false`. +[`disable_remote_exec`](/docs/agent/config/config-files#disable_remote_exec) to `false`. ## Key/Value Rules @@ -640,16 +640,16 @@ node "admin" { Agents must be configured with `write` privileges for their own node name so that the agent can register their node metadata, tagged addresses, and other information in the catalog. If configured incorrectly, the agent will print an error to the console when it tries to sync its state with the catalog. -Configure `write` access in the [`acl.tokens.agent`](/docs/agent/config/agent-config-files#acl_tokens_agent) parameter. +Configure `write` access in the [`acl.tokens.agent`](/docs/agent/config/config-files#acl_tokens_agent) parameter. -The [`acl.token.default`](/docs/agent/config/agent-config-files#acl_tokens_default) used by the agent should have `read` access to a given node so that the DNS interface can be queried. +The [`acl.token.default`](/docs/agent/config/config-files#acl_tokens_default) used by the agent should have `read` access to a given node so that the DNS interface can be queried. Node rules are used to filter query results when reading from the catalog or retrieving information from the health endpoints. This allows for configurations where a token has access to a given service name, but only on an allowed subset of node names. Consul agents check tokens locally when health checks are registered and when Consul performs periodic [anti-entropy](/docs/architecture/anti-entropy) syncs. These actions may required an ACL token to complete. Use the following methods to configure ACL tokens for registration events: -* Configure a global token in the [acl.tokens.default](/docs/agent/config/agent-config-files#acl_tokens_default) parameter. +* Configure a global token in the [acl.tokens.default](/docs/agent/config/config-files#acl_tokens_default) parameter. This allows a single token to be used during all check registration operations. * Provide an ACL token with `service` and `check` definitions at registration time. This allows for greater flexibility and enables the use of multiple tokens on the same agent. @@ -835,7 +835,7 @@ service "admin" { Consul's DNS interface is affected by restrictions on service rules. If the -[`acl.tokens.default`](/docs/agent/config/agent-config-files#acl_tokens_default) used by the agent does not have `read` access to a +[`acl.tokens.default`](/docs/agent/config/config-files#acl_tokens_default) used by the agent does not have `read` access to a given service, then the DNS interface will return no records when queried for it. When reading from the catalog or retrieving information from the health endpoints, service rules are @@ -847,7 +847,7 @@ performs periodic [anti-entropy](/docs/architecture/anti-entropy) syncs, which m ACL token to complete. To accommodate this, Consul provides two methods of configuring ACL tokens to use for registration events: -1. Using the [acl.tokens.default](/docs/agent/config/agent-config-files#acl_tokens_default) configuration +1. Using the [acl.tokens.default](/docs/agent/config/config-files#acl_tokens_default) configuration directive. This allows a single token to be configured globally and used during all service and check registration operations. 2. Providing an ACL token with service and check definitions at registration @@ -858,12 +858,12 @@ to use for registration events: API](/api) for operations that require them. **Note:** all tokens passed to an agent are persisted on local disk to allow recovery from restarts. See [`-data-dir` flag - documentation](/docs/agent/config/agent-config-files#acl_token) for notes on securing + documentation](/docs/agent/config/config-files#acl_token) for notes on securing access. In addition to ACLs, in Consul 0.9.0 and later, the agent must be configured with -[`enable_script_checks`](/docs/agent/config/agent-config-files#enable_script_checks) or -[`enable_local_script_checks`](/docs/agent/config/agent-config-files#enable_local_script_checks) +[`enable_script_checks`](/docs/agent/config/config-files#enable_script_checks) or +[`enable_local_script_checks`](/docs/agent/config/config-files#enable_local_script_checks) set to `true` in order to enable script checks. Service rules are also used to grant read or write access to intentions. The diff --git a/website/content/docs/security/acl/auth-methods/index.mdx b/website/content/docs/security/acl/auth-methods/index.mdx index 253f038a0..0c4750486 100644 --- a/website/content/docs/security/acl/auth-methods/index.mdx +++ b/website/content/docs/security/acl/auth-methods/index.mdx @@ -60,7 +60,7 @@ using the API or command line before they can be used by applications. endpoints](/api-docs/acl/binding-rules). -> **Note** - To configure auth methods in any connected secondary datacenter, -[ACL token replication](/docs/agent/config/agent-config-files#acl_enable_token_replication) +[ACL token replication](/docs/agent/config/config-files#acl_enable_token_replication) must be enabled. Auth methods require the ability to create local tokens which is restricted to the primary datacenter and any secondary datacenters with ACL token replication enabled. diff --git a/website/content/docs/security/encryption.mdx b/website/content/docs/security/encryption.mdx index 3f9c3659b..2b5652641 100644 --- a/website/content/docs/security/encryption.mdx +++ b/website/content/docs/security/encryption.mdx @@ -75,17 +75,17 @@ CA then signs keys for each of the agents, as in ~> Certificates need to be created with x509v3 extendedKeyUsage attributes for both clientAuth and serverAuth since Consul uses a single cert/key pair for both server and client communications. TLS can be used to verify the authenticity of the servers or verify the authenticity of clients. -These modes are controlled by the [`verify_outgoing`](/docs/agent/config/agent-config-files#tls_internal_rpc_verify_outgoing), -[`verify_server_hostname`](/docs/agent/config/agent-config-files#tls_internal_rpc_verify_server_hostname), -and [`verify_incoming`](/docs/agent/config/agent-config-files#tls_internal_rpc_verify_incoming) options, respectively. +These modes are controlled by the [`verify_outgoing`](/docs/agent/config/config-files#tls_internal_rpc_verify_outgoing), +[`verify_server_hostname`](/docs/agent/config/config-files#tls_internal_rpc_verify_server_hostname), +and [`verify_incoming`](/docs/agent/config/config-files#tls_internal_rpc_verify_incoming) options, respectively. -If [`verify_outgoing`](/docs/agent/config/agent-config-files#tls_internal_rpc_verify_outgoing) is set, agents verify the +If [`verify_outgoing`](/docs/agent/config/config-files#tls_internal_rpc_verify_outgoing) is set, agents verify the authenticity of Consul for outgoing connections. Server nodes must present a certificate signed by a common certificate authority present on all agents, set via the agent's -[`ca_file`](/docs/agent/config/agent-config-files#tls_internal_rpc_ca_file) and [`ca_path`](/docs/agent/config/agent-config-files#tls_internal_rpc_ca_path) -options. All server nodes must have an appropriate key pair set using [`cert_file`](/docs/agent/config/agent-config-files#tls_internal_rpc_cert_file) and [`key_file`](/docs/agent/config/agent-config-files#tls_internal_rpc_key_file). +[`ca_file`](/docs/agent/config/config-files#tls_internal_rpc_ca_file) and [`ca_path`](/docs/agent/config/config-files#tls_internal_rpc_ca_path) +options. All server nodes must have an appropriate key pair set using [`cert_file`](/docs/agent/config/config-files#tls_internal_rpc_cert_file) and [`key_file`](/docs/agent/config/config-files#tls_internal_rpc_key_file). -If [`verify_server_hostname`](/docs/agent/config/agent-config-files#tls_internal_rpc_verify_server_hostname) is set, then +If [`verify_server_hostname`](/docs/agent/config/config-files#tls_internal_rpc_verify_server_hostname) is set, then outgoing connections perform hostname verification. All servers must have a certificate valid for `server..` or the client will reject the handshake. This is a new configuration as of 0.5.1, and it is used to prevent a compromised client from being @@ -93,12 +93,12 @@ able to restart in server mode and perform a MITM (Man-In-The-Middle) attack. Ne to true, and generate the proper certificates, but this is defaulted to false to avoid breaking existing deployments. -If [`verify_incoming`](/docs/agent/config/agent-config-files#tls_internal_rpc_verify_incoming) is set, the servers verify the +If [`verify_incoming`](/docs/agent/config/config-files#tls_internal_rpc_verify_incoming) is set, the servers verify the authenticity of all incoming connections. All clients must have a valid key pair set using -[`cert_file`](/docs/agent/config/agent-config-files#tls_internal_rpc_cert_file) and -[`key_file`](/docs/agent/config/agent-config-files#tls_internal_rpc_key_file). Servers will +[`cert_file`](/docs/agent/config/config-files#tls_internal_rpc_cert_file) and +[`key_file`](/docs/agent/config/config-files#tls_internal_rpc_key_file). Servers will also disallow any non-TLS connections. To force clients to use TLS, -[`verify_outgoing`](/docs/agent/config/agent-config-files#tls_internal_rpc_verify_outgoing) must also be set. +[`verify_outgoing`](/docs/agent/config/config-files#tls_internal_rpc_verify_outgoing) must also be set. TLS is used to secure the RPC calls between agents, but gossip between nodes is done over UDP and is secured using a symmetric key. See above for enabling gossip encryption. diff --git a/website/content/docs/security/security-models/core.mdx b/website/content/docs/security/security-models/core.mdx index 59b9a0cdc..815abdfd7 100644 --- a/website/content/docs/security/security-models/core.mdx +++ b/website/content/docs/security/security-models/core.mdx @@ -72,32 +72,32 @@ environment and adapt these configurations accordingly. - **mTLS** - Mutual authentication of both the TLS server and client x509 certificates prevents internal abuse through unauthorized access to Consul agents within the cluster. - - [`tls.defaults.verify_incoming`](/docs/agent/config/agent-config-files#tls_defaults_verify_incoming) - By default this is false, and + - [`tls.defaults.verify_incoming`](/docs/agent/config/config-files#tls_defaults_verify_incoming) - By default this is false, and should almost always be set to true to require TLS verification for incoming client connections. This applies to the internal RPC, HTTPS and gRPC APIs. - - [`tls.https.verify_incoming`](/docs/agent/config/agent-config-files#tls_https_verify_incoming) - By default this is false, and should + - [`tls.https.verify_incoming`](/docs/agent/config/config-files#tls_https_verify_incoming) - By default this is false, and should be set to true to require clients to provide a valid TLS certificate when the Consul HTTPS API is enabled. TLS for the API may be not be necessary if it is exclusively served over a loopback interface such as `localhost`. - - [`tls.internal_rpc.verify_incoming`](/docs/agent/config/agent-config-files#tls_internal_rpc_verify_incoming) - By default this is false, + - [`tls.internal_rpc.verify_incoming`](/docs/agent/config/config-files#tls_internal_rpc_verify_incoming) - By default this is false, and should almost always be set to true to require clients to provide a valid TLS certificate for Consul agent RPCs. - [`tls.grpc.verify_incoming`](/docs/agent/options#tls_grpc_verify_incoming) - By default this is false, and should be set to true to require clients to provide a valid TLS certificate when the Consul gRPC API is enabled. TLS for the API may be not be necessary if it is exclusively served over a loopback interface such as `localhost`. - - [`tls.internal_rpc.verify_outgoing`](/docs/agent/config/agent-config-files#tls_internal_rpc_verify_outgoing) - By default this is false, + - [`tls.internal_rpc.verify_outgoing`](/docs/agent/config/config-files#tls_internal_rpc_verify_outgoing) - By default this is false, and should be set to true to require TLS for outgoing connections from server or client agents. Servers that specify `verify_outgoing = true` will always talk to other servers over TLS, but they still accept non-TLS connections to allow for a transition of all clients to TLS. Currently the only way to enforce that no client can communicate with a server unencrypted is to also enable `verify_incoming` which requires client certificates too. - - [`enable_agent_tls_for_checks`](/docs/agent/config/agent-config-files#enable_agent_tls_for_checks) - By default this is false, and + - [`enable_agent_tls_for_checks`](/docs/agent/config/config-files#enable_agent_tls_for_checks) - By default this is false, and should almost always be set to true to require mTLS to set up the client for HTTP or gRPC health checks. This was added in Consul 1.0.1. - - [`tls.internal_rpc.verify_server_hostname`](/docs/agent/config/agent-config-files#tls_internal_rpc_verify_server_hostname) - By default + - [`tls.internal_rpc.verify_server_hostname`](/docs/agent/config/config-files#tls_internal_rpc_verify_server_hostname) - By default this is false, and should be set to true to require that the TLS certificate presented by the servers matches `server..` hostname for outgoing TLS connections. The default configuration does not verify the hostname of the certificate, only that it is signed by a trusted CA. This setting is critical to prevent a @@ -108,14 +108,14 @@ environment and adapt these configurations accordingly. [CVE-2018-19653](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19653) for more details. This is fixed in 1.4.1. - - [`auto_encrypt`](/docs/agent/config/agent-config-files#auto_encrypt) - Enables automated TLS certificate distribution for client - agent RPC communication using the Connect CA. Using this configuration a [`ca_file`](/docs/agent/config/agent-config-files#tls_defaults_ca_file) + - [`auto_encrypt`](/docs/agent/config/config-files#auto_encrypt) - Enables automated TLS certificate distribution for client + agent RPC communication using the Connect CA. Using this configuration a [`ca_file`](/docs/agent/config/config-files#tls_defaults_ca_file) and ACL token would still need to be distributed to client agents. - - [`allow_tls`](/docs/agent/config/agent-config-files#allow_tls) - By default this is false, and should be set to true on server + - [`allow_tls`](/docs/agent/config/config-files#allow_tls) - By default this is false, and should be set to true on server agents to allow certificates to be automatically generated and distributed from the Connect CA to client agents. - - [`tls`](/docs/agent/config/agent-config-files#tls) - By default this is false, and should be set to true on client agents to + - [`tls`](/docs/agent/config/config-files#tls) - By default this is false, and should be set to true on client agents to automatically request a client TLS certificate from the server's Connect CA. **Example Server Agent TLS Configuration** @@ -161,7 +161,7 @@ environment and adapt these configurations accordingly. } ``` - -> The client agent TLS configuration from above sets [`verify_incoming`](/docs/agent/config/agent-config-files#tls_defaults_verify_incoming) + -> The client agent TLS configuration from above sets [`verify_incoming`](/docs/agent/config/config-files#tls_defaults_verify_incoming) to false which assumes all incoming traffic is restricted to `localhost`. The primary benefit for this configuration would be to avoid provisioning client TLS certificates (in addition to ACL tokens) for all tools or applications using the local Consul agent. In this case ACLs should be enabled to provide authorization and only ACL tokens would @@ -169,7 +169,7 @@ environment and adapt these configurations accordingly. - **ACLs** - The access control list (ACL) system provides a security mechanism for Consul administrators to grant capabilities tied to an individual human, or machine operator identity. To ultimately secure the ACL system, - administrators should configure the [`default_policy`](/docs/agent/config/agent-config-files#acl_default_policy) to "deny". + administrators should configure the [`default_policy`](/docs/agent/config/config-files#acl_default_policy) to "deny". The [system](/docs/security/acl/acl-system) is comprised of five major components: @@ -196,10 +196,10 @@ environment and adapt these configurations accordingly. Two optional gossip encryption options enable Consul servers without gossip encryption to safely upgrade. After upgrading, the verification options should be enabled, or removed to set them to their default state: - - [`encrypt_verify_incoming`](/docs/agent/config/agent-config-files#encrypt_verify_incoming) - By default this is true to enforce + - [`encrypt_verify_incoming`](/docs/agent/config/config-files#encrypt_verify_incoming) - By default this is true to enforce encryption on _incoming_ gossip communications. - - [`encrypt_verify_outgoing`](/docs/agent/config/agent-config-files#encrypt_verify_outgoing) - By default this is true to enforce + - [`encrypt_verify_outgoing`](/docs/agent/config/config-files#encrypt_verify_outgoing) - By default this is true to enforce encryption on _outgoing_ gossip communications. - **Namespaces** - Read and write operations should be scoped to logical namespaces to @@ -240,16 +240,16 @@ environment and adapt these configurations accordingly. - **Linux Security Modules** - Use of security modules that can be directly integrated into operating systems such as AppArmor, SElinux, and Seccomp on Consul agent hosts. -- **Customize TLS Settings** - TLS settings such as the [available cipher suites](/docs/agent/config/agent-config-files#tls_defaults_tls_cipher_suites), +- **Customize TLS Settings** - TLS settings such as the [available cipher suites](/docs/agent/config/config-files#tls_defaults_tls_cipher_suites), should be tuned to fit the needs of your environment. - - [`tls_min_version`](/docs/agent/config/agent-config-files#tls_defaults_tls_min_version) - Used to specify the minimum TLS version to use. + - [`tls_min_version`](/docs/agent/config/config-files#tls_defaults_tls_min_version) - Used to specify the minimum TLS version to use. - - [`tls_cipher_suites`](/docs/agent/config/agent-config-files#tls_defaults_tls_cipher_suites) - Used to specify which TLS cipher suites are allowed. + - [`tls_cipher_suites`](/docs/agent/config/config-files#tls_defaults_tls_cipher_suites) - Used to specify which TLS cipher suites are allowed. - **Customize HTTP Response Headers** - Additional security headers, such as [`X-XSS-Protection`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection), can be - [configured](/docs/agent/config/agent-config-files#response_headers) for HTTP API responses. + [configured](/docs/agent/config/config-files#response_headers) for HTTP API responses. ```hcl http_config { @@ -262,28 +262,28 @@ environment and adapt these configurations accordingly. - **Customize Default Limits** - Consul has a number of builtin features with default connection limits that should be tuned to fit your environment. - - [`http_max_conns_per_client`](/docs/agent/config/agent-config-files#http_max_conns_per_client) - Used to limit concurrent access from + - [`http_max_conns_per_client`](/docs/agent/config/config-files#http_max_conns_per_client) - Used to limit concurrent access from a single client to the HTTP(S) endpoint on Consul agents. - - [`https_handshake_timeout`](/docs/agent/config/agent-config-files#https_handshake_timeout) - Used to timeout TLS connection for the + - [`https_handshake_timeout`](/docs/agent/config/config-files#https_handshake_timeout) - Used to timeout TLS connection for the HTTP(S) endpoint for Consul agents. - - [`rpc_handshake_timeout`](/docs/agent/config/agent-config-files#rpc_handshake_timeout) - Used to timeout TLS connections for the RPC + - [`rpc_handshake_timeout`](/docs/agent/config/config-files#rpc_handshake_timeout) - Used to timeout TLS connections for the RPC endpoint for Consul agents. - - [`rpc_max_conns_per_client`](/docs/agent/config/agent-config-files#rpc_max_conns_per_client) - Used to limit concurrent access from a + - [`rpc_max_conns_per_client`](/docs/agent/config/config-files#rpc_max_conns_per_client) - Used to limit concurrent access from a single client to the RPC endpoint on Consul agents. - - [`rpc_rate`](/docs/agent/config/agent-config-files#rpc_rate) - Disabled by default, this is used to limit (requests/second) for client + - [`rpc_rate`](/docs/agent/config/config-files#rpc_rate) - Disabled by default, this is used to limit (requests/second) for client agents making RPC calls to server agents. - - [`rpc_max_burst`](/docs/agent/config/agent-config-files#rpc_max_burst) - Used as the token bucket size for client agents making RPC + - [`rpc_max_burst`](/docs/agent/config/config-files#rpc_max_burst) - Used as the token bucket size for client agents making RPC calls to server agents. - - [`kv_max_value_size`](/docs/agent/config/agent-config-files#kv_max_value_size) - Used to configure the max number of bytes in a + - [`kv_max_value_size`](/docs/agent/config/config-files#kv_max_value_size) - Used to configure the max number of bytes in a key-value API request. - - [`txn_max_req_len`](/docs/agent/config/agent-config-files#txn_max_req_len) - Used to configure the max number of bytes in a + - [`txn_max_req_len`](/docs/agent/config/config-files#txn_max_req_len) - Used to configure the max number of bytes in a transaction API request. - **Secure UI Access** - Access to Consul’s builtin UI can be secured in various ways: @@ -303,7 +303,7 @@ environment and adapt these configurations accordingly. [Securing Consul with Access Control Lists (ACLs)](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production), which includes a section on [creating ACL tokens that provide a desired level UI access](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production#consul-ui-token). - - **Restrict HTTP Writes** - Using the [`allow_write_http_from`](/docs/agent/config/agent-config-files#allow_write_http_from) + - **Restrict HTTP Writes** - Using the [`allow_write_http_from`](/docs/agent/config/config-files#allow_write_http_from) configuration option to restrict write access for agent endpoints to hosts on the specified list of CIDRs. **Example Agent Configuration** diff --git a/website/content/docs/troubleshoot/common-errors.mdx b/website/content/docs/troubleshoot/common-errors.mdx index ca659196f..2ec8de87c 100644 --- a/website/content/docs/troubleshoot/common-errors.mdx +++ b/website/content/docs/troubleshoot/common-errors.mdx @@ -198,14 +198,14 @@ We recommend raising an issue with the CNI you're using to add support for `host and switching back to `hostPort` eventually. [troubleshooting]: https://learn.hashicorp.com/consul/day-2-operations/advanced-operations/troubleshooting -[node_name]: /docs/agent/config/agent-config-files#node_name -[retry_join]: /docs/agent/config/agent-config-cli#retry-join +[node_name]: /docs/agent/config/config-files#node_name +[retry_join]: /docs/agent/config/cli-flags#retry-join [license]: /commands/license [releases]: https://releases.hashicorp.com/consul/ [files]: https://easyengine.io/tutorials/linux/increase-open-files-limit [certificates]: https://learn.hashicorp.com/consul/advanced/day-1-operations/certificates [systemd]: https://learn.hashicorp.com/consul/advanced/day-1-operations/deployment-guide#configure-systemd [monitoring]: https://learn.hashicorp.com/consul/advanced/day-1-operations/monitoring -[bind]: /docs/agent/config/agent-config-cli#_bind +[bind]: /docs/agent/config/cli-flags#_bind [jq]: https://stedolan.github.io/jq/ [go-sockaddr]: https://godoc.org/github.com/hashicorp/go-sockaddr/template diff --git a/website/content/docs/troubleshoot/faq.mdx b/website/content/docs/troubleshoot/faq.mdx index 7e85ecd23..8c89582ec 100644 --- a/website/content/docs/troubleshoot/faq.mdx +++ b/website/content/docs/troubleshoot/faq.mdx @@ -62,8 +62,8 @@ messages. This anonymous ID can be disabled. In fact, using the Checkpoint service is optional and can be disabled. -See [`disable_anonymous_signature`](/docs/agent/config/agent-config-files#disable_anonymous_signature) -and [`disable_update_check`](/docs/agent/config/agent-config-files#disable_update_check). +See [`disable_anonymous_signature`](/docs/agent/config/config-files#disable_anonymous_signature) +and [`disable_update_check`](/docs/agent/config/config-files#disable_update_check). ### Q: Does Consul rely on UDP Broadcast or Multicast? @@ -116,7 +116,7 @@ as well as race conditions between data updates and watch registrations. ### Q: What network ports does Consul use? -The [Ports Used](/docs/agent/config/agent-config-files#ports) section of the Configuration +The [Ports Used](/docs/agent/config/config-files#ports) section of the Configuration documentation lists all ports that Consul uses. ### Q: Does Consul require certain user process resource limits? @@ -143,7 +143,7 @@ of any excessive resource utilization before arbitrarily increasing the limits. The default recommended limit on a key's value size is 512KB. This is strictly enforced and an HTTP 413 status will be returned to any client that attempts to store more than that limit in a value. The limit can be increased by using the -[`kv_max_value_size`](/docs/agent/config/agent-config-files#kv_max_value_size) configuration option. +[`kv_max_value_size`](/docs/agent/config/config-files#kv_max_value_size) configuration option. It should be noted that the Consul key/value store is not designed to be used as a general purpose database. See diff --git a/website/content/docs/upgrading/instructions/general-process.mdx b/website/content/docs/upgrading/instructions/general-process.mdx index eeed1069a..597279ab4 100644 --- a/website/content/docs/upgrading/instructions/general-process.mdx +++ b/website/content/docs/upgrading/instructions/general-process.mdx @@ -74,7 +74,7 @@ this snapshot somewhere safe. More documentation on snapshot usage is available - [consul.io/commands/snapshot](/commands/snapshot) - -**2.** Temporarily modify your Consul configuration so that its [log_level](/docs/agent/config/agent-config-cli#_log_level) +**2.** Temporarily modify your Consul configuration so that its [log_level](/docs/agent/config/cli-flags#_log_level) is set to `debug`. After doing this, issue the following command on your servers to reload the configuration: @@ -183,7 +183,7 @@ then the following options for further assistance are available: When contacting Hashicorp Support, please include the following information in your ticket: - Consul version you were upgrading FROM and TO. -- [Debug level logs](/docs/agent/config/agent-config-cli#_log_level) from all servers in the cluster +- [Debug level logs](/docs/agent/config/cli-flags#_log_level) from all servers in the cluster that you are having trouble with. These should include logs from prior to the upgrade attempt up through the current time. If your logs were not set at debug level prior to the upgrade, please include those logs as well. Also, update your config to use debug logs, diff --git a/website/content/docs/upgrading/instructions/upgrade-to-1-6-x.mdx b/website/content/docs/upgrading/instructions/upgrade-to-1-6-x.mdx index e1aa4a6b9..fe3531da1 100644 --- a/website/content/docs/upgrading/instructions/upgrade-to-1-6-x.mdx +++ b/website/content/docs/upgrading/instructions/upgrade-to-1-6-x.mdx @@ -51,7 +51,7 @@ Looking through these changes prior to upgrading is highly recommended. Two very notable items are: - 1.6.2 introduced more strict JSON decoding. Invalid JSON that was previously ignored might result in errors now (e.g., `Connect: null` in service definitions). See [[GH#6680](https://github.com/hashicorp/consul/pull/6680)]. -- 1.6.3 introduced the [http_max_conns_per_client](/docs/agent/config/agent-config-files#http_max_conns_per_client) limit. This defaults to 200. Prior to this, connections per client were unbounded. [[GH#7159](https://github.com/hashicorp/consul/issues/7159)] +- 1.6.3 introduced the [http_max_conns_per_client](/docs/agent/config/config-files#http_max_conns_per_client) limit. This defaults to 200. Prior to this, connections per client were unbounded. [[GH#7159](https://github.com/hashicorp/consul/issues/7159)] ## Procedure @@ -202,8 +202,8 @@ update those now to avoid issues when moving to newer versions. These are the changes you will need to make: -- `acl_datacenter` is now named `primary_datacenter` (review our [docs](/docs/agent/config/agent-config-files#primary_datacenter) for more info) -- `acl_default_policy`, `acl_down_policy`, `acl_ttl`, `acl_*_token` and `enable_acl_replication` options are now specified like this (review our [docs](/docs/agent/config/agent-config-files#acl) for more info): +- `acl_datacenter` is now named `primary_datacenter` (review our [docs](/docs/agent/config/config-files#primary_datacenter) for more info) +- `acl_default_policy`, `acl_down_policy`, `acl_ttl`, `acl_*_token` and `enable_acl_replication` options are now specified like this (review our [docs](/docs/agent/config/config-files#acl) for more info): ```hcl acl { enabled = true/false diff --git a/website/content/docs/upgrading/upgrade-specific.mdx b/website/content/docs/upgrading/upgrade-specific.mdx index 551979958..ceb16af11 100644 --- a/website/content/docs/upgrading/upgrade-specific.mdx +++ b/website/content/docs/upgrading/upgrade-specific.mdx @@ -54,7 +54,7 @@ Due to this rename the following endpoint is also deprecated: These config keys are now deprecated: - `audit.sink[].name` - - [`dns_config.dns_prefer_namespace`](/docs/agent/config/agent-config-files#dns_prefer_namespace) + - [`dns_config.dns_prefer_namespace`](/docs/agent/config/config-files#dns_prefer_namespace) ### Deprecated CLI Subcommands @@ -119,8 +119,8 @@ have a license loaded from a configuration file or from their environment the sa agents must have the license specified. Both agents can still perform automatic retrieval of their license but with a few extra stipulations. First, license auto-retrieval now requires that ACLs are on and that the client or snapshot agent is configured with a valid ACL token. Secondly, client -agents require that either the [`start_join`](/docs/agent/config/agent-config-files#start_join) or -[`retry_join`](/docs/agent/config/agent-config-files#retry_join) configurations are set and that they resolve to server +agents require that either the [`start_join`](/docs/agent/config/config-files#start_join) or +[`retry_join`](/docs/agent/config/config-files#retry_join) configurations are set and that they resolve to server agents. If those stipulations are not met, attempting to start the client or snapshot agent will result in it immediately shutting down. @@ -214,7 +214,7 @@ to Consul 1.9.0. ### Changes to Configuration Defaults -The [`enable_central_service_config`](/docs/agent/config/agent-config-files#enable_central_service_config) +The [`enable_central_service_config`](/docs/agent/config/config-files#enable_central_service_config) configuration now defaults to `true`. ### Changes to Intentions @@ -283,7 +283,7 @@ behavior: #### Removal of Deprecated Features -The [`acl_enforce_version_8`](/docs/agent/config/agent-config-files#acl_enforce_version_8) +The [`acl_enforce_version_8`](/docs/agent/config/config-files#acl_enforce_version_8) configuration has been removed (with version 8 ACL support by being on by default). @@ -326,7 +326,7 @@ to more precisely capture the view of _active_ blocking queries. ### Vault: default `http_max_conns_per_client` too low to run Vault properly -Consul 1.7.0 introduced [limiting of connections per client](/docs/agent/config/agent-config-files#http_max_conns_per_client). The default value +Consul 1.7.0 introduced [limiting of connections per client](/docs/agent/config/config-files#http_max_conns_per_client). The default value was 100, but Vault could use up to 128, which caused problems. If you want to use Vault with Consul 1.7.0, you should change the value to 200. Starting with Consul 1.7.1 this is the new default. @@ -334,7 +334,7 @@ Starting with Consul 1.7.1 this is the new default. ### Vault: default `http_max_conns_per_client` too low to run Vault properly -Consul 1.6.3 introduced [limiting of connections per client](/docs/agent/config/agent-config-files#http_max_conns_per_client). The default value +Consul 1.6.3 introduced [limiting of connections per client](/docs/agent/config/config-files#http_max_conns_per_client). The default value was 100, but Vault could use up to 128, which caused problems. If you want to use Vault with Consul 1.6.3 through 1.7.0, you should change the value to 200. Starting with Consul 1.7.1 this is the new default. @@ -373,7 +373,7 @@ datacenter". All configuration is backwards compatible and shouldn't need to change prior to upgrade although it's strongly recommended to migrate ACL configuration to the new syntax soon after upgrade. This includes moving to `primary_datacenter` rather than `acl_datacenter` and `acl_*` to the new [ACL -block](/docs/agent/config/agent-config-files#acl). +block](/docs/agent/config/config-files#acl). Datacenters can be upgraded in any order although secondaries will remain in [Legacy ACL mode](#legacy-acl-mode) until the primary datacenter is fully @@ -500,11 +500,11 @@ The following previously deprecated fields and config options have been removed: Consul 1.0.1 (and earlier versions of Consul) checked for raft snapshots every 5 seconds, and created new snapshots for every 8192 writes. These defaults cause constant disk IO in large busy clusters. Consul 1.1.0 increases these to larger values, -and makes them tunable via the [raft_snapshot_interval](/docs/agent/config/agent-config-files#_raft_snapshot_interval) and -[raft_snapshot_threshold](/docs/agent/config/agent-config-files#_raft_snapshot_threshold) parameters. We recommend +and makes them tunable via the [raft_snapshot_interval](/docs/agent/config/config-files#_raft_snapshot_interval) and +[raft_snapshot_threshold](/docs/agent/config/config-files#_raft_snapshot_threshold) parameters. We recommend keeping the new defaults. However, operators can go back to the old defaults by changing their -config if they prefer more frequent snapshots. See the documentation for [raft_snapshot_interval](/docs/agent/config/agent-config-files#_raft_snapshot_interval) -and [raft_snapshot_threshold](/docs/agent/config/agent-config-files#_raft_snapshot_threshold) to understand the trade-offs +config if they prefer more frequent snapshots. See the documentation for [raft_snapshot_interval](/docs/agent/config/config-files#_raft_snapshot_interval) +and [raft_snapshot_threshold](/docs/agent/config/config-files#_raft_snapshot_threshold) to understand the trade-offs when tuning these. ## Consul 1.0.7 @@ -532,7 +532,7 @@ before proceeding. #### Carefully Check and Remove Stale Servers During Rolling Upgrades Consul 1.0 (and earlier versions of Consul when running with [Raft protocol -3](/docs/agent/config/agent-config-files#_raft_protocol) had an issue where performing +3](/docs/agent/config/config-files#_raft_protocol) had an issue where performing rolling updates of Consul servers could result in an outage from old servers remaining in the cluster. [Autopilot](https://learn.hashicorp.com/tutorials/consul/autopilot-datacenter-operations) @@ -553,7 +553,7 @@ Please be sure to read over all the details here before upgrading. #### Raft Protocol Now Defaults to 3 -The [`-raft-protocol`](/docs/agent/config/agent-config-cli#_raft_protocol) default has +The [`-raft-protocol`](/docs/agent/config/cli-flags#_raft_protocol) default has been changed from 2 to 3, enabling all [Autopilot](https://learn.hashicorp.com/tutorials/consul/autopilot-datacenter-operations) features by default. @@ -582,7 +582,7 @@ servers, and then slowly stand down each of the older servers in a similar fashion. When using Raft protocol version 3, servers are identified by their -[`-node-id`](/docs/agent/config/agent-config-cli#_node_id) instead of their IP address +[`-node-id`](/docs/agent/config/cli-flags#_node_id) instead of their IP address when Consul makes changes to its internal Raft quorum configuration. This means that once a cluster has been upgraded with servers all running Raft protocol version 3, it will no longer allow servers running any older Raft protocol @@ -597,7 +597,7 @@ to map the server to its node ID in the Raft quorum configuration. As part of supporting the [HCL](https://github.com/hashicorp/hcl#syntax) format for Consul's config files, an `.hcl` or `.json` extension is required for all config files loaded by Consul, even when using the -[`-config-file`](/docs/agent/config/agent-config-cli#_config_file) argument to specify a +[`-config-file`](/docs/agent/config/cli-flags#_config_file) argument to specify a file directly. #### Service Definition Parameter Case changed @@ -614,31 +614,31 @@ upgrading. Here's the complete list of removed options and their equivalents: | Removed Option | Equivalent | | ------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| `-dc` | [`-datacenter`](/docs/agent/config/agent-config-cli#_datacenter) | -| `-retry-join-azure-tag-name` | [`-retry-join`](/docs/agent/config/agent-config-cli#_retry_join) | -| `-retry-join-azure-tag-value` | [`-retry-join`](/docs/agent/config/agent-config-cli#_retry_join) | -| `-retry-join-ec2-region` | [`-retry-join`](/docs/agent/config/agent-config-cli#_retry_join) | -| `-retry-join-ec2-tag-key` | [`-retry-join`](/docs/agent/config/agent-config-cli#_retry_join) | -| `-retry-join-ec2-tag-value` | [`-retry-join`](/docs/agent/config/agent-config-cli#_retry_join) | -| `-retry-join-gce-credentials-file` | [`-retry-join`](/docs/agent/config/agent-config-cli#_retry_join) | -| `-retry-join-gce-project-name` | [`-retry-join`](/docs/agent/config/agent-config-cli#_retry_join) | -| `-retry-join-gce-tag-name` | [`-retry-join`](/docs/agent/config/agent-config-cli#_retry_join) | -| `-retry-join-gce-zone-pattern` | [`-retry-join`](/docs/agent/config/agent-config-cli#_retry_join) | +| `-dc` | [`-datacenter`](/docs/agent/config/cli-flags#_datacenter) | +| `-retry-join-azure-tag-name` | [`-retry-join`](/docs/agent/config/cli-flags#_retry_join) | +| `-retry-join-azure-tag-value` | [`-retry-join`](/docs/agent/config/cli-flags#_retry_join) | +| `-retry-join-ec2-region` | [`-retry-join`](/docs/agent/config/cli-flags#_retry_join) | +| `-retry-join-ec2-tag-key` | [`-retry-join`](/docs/agent/config/cli-flags#_retry_join) | +| `-retry-join-ec2-tag-value` | [`-retry-join`](/docs/agent/config/cli-flags#_retry_join) | +| `-retry-join-gce-credentials-file` | [`-retry-join`](/docs/agent/config/cli-flags#_retry_join) | +| `-retry-join-gce-project-name` | [`-retry-join`](/docs/agent/config/cli-flags#_retry_join) | +| `-retry-join-gce-tag-name` | [`-retry-join`](/docs/agent/config/cli-flags#_retry_join) | +| `-retry-join-gce-zone-pattern` | [`-retry-join`](/docs/agent/config/cli-flags#_retry_join) | | `addresses.rpc` | None, the RPC server for CLI commands is no longer supported. | -| `advertise_addrs` | [`ports`](/docs/agent/config/agent-config-files#ports) with [`advertise_addr`](/docs/agent/config/agent-config-files#advertise_addr) and/or [`advertise_addr_wan`](/docs/agent/config/agent-config-files#advertise_addr_wan) | -| `dogstatsd_addr` | [`telemetry.dogstatsd_addr`](/docs/agent/config/agent-config-files#telemetry-dogstatsd_addr) | -| `dogstatsd_tags` | [`telemetry.dogstatsd_tags`](/docs/agent/config/agent-config-files#telemetry-dogstatsd_tags) | -| `http_api_response_headers` | [`http_config.response_headers`](/docs/agent/config/agent-config-files#response_headers) | +| `advertise_addrs` | [`ports`](/docs/agent/config/config-files#ports) with [`advertise_addr`](/docs/agent/config/config-files#advertise_addr) and/or [`advertise_addr_wan`](/docs/agent/config/config-files#advertise_addr_wan) | +| `dogstatsd_addr` | [`telemetry.dogstatsd_addr`](/docs/agent/config/config-files#telemetry-dogstatsd_addr) | +| `dogstatsd_tags` | [`telemetry.dogstatsd_tags`](/docs/agent/config/config-files#telemetry-dogstatsd_tags) | +| `http_api_response_headers` | [`http_config.response_headers`](/docs/agent/config/config-files#response_headers) | | `ports.rpc` | None, the RPC server for CLI commands is no longer supported. | -| `recursor` | [`recursors`](/docs/agent/config/agent-config-files#recursors) | -| `retry_join_azure` | [`retry-join`](/docs/agent/config/agent-config-files#retry_join) | -| `retry_join_ec2` | [`retry-join`](/docs/agent/config/agent-config-files#retry_join) | -| `retry_join_gce` | [`retry-join`](/docs/agent/config/agent-config-files#retry_join) | -| `statsd_addr` | [`telemetry.statsd_address`](/docs/agent/config/agent-config-files#telemetry-statsd_address) | -| `statsite_addr` | [`telemetry.statsite_address`](/docs/agent/config/agent-config-files#telemetry-statsite_address) | -| `statsite_prefix` | [`telemetry.metrics_prefix`](/docs/agent/config/agent-config-files#telemetry-metrics_prefix) | -| `telemetry.statsite_prefix` | [`telemetry.metrics_prefix`](/docs/agent/config/agent-config-files#telemetry-metrics_prefix) | +| `recursor` | [`recursors`](/docs/agent/config/config-files#recursors) | +| `retry_join_azure` | [`retry-join`](/docs/agent/config/config-files#retry_join) | +| `retry_join_ec2` | [`retry-join`](/docs/agent/config/config-files#retry_join) | +| `retry_join_gce` | [`retry-join`](/docs/agent/config/config-files#retry_join) | +| `statsd_addr` | [`telemetry.statsd_address`](/docs/agent/config/config-files#telemetry-statsd_address) | +| `statsite_addr` | [`telemetry.statsite_address`](/docs/agent/config/config-files#telemetry-statsite_address) | +| `statsite_prefix` | [`telemetry.metrics_prefix`](/docs/agent/config/config-files#telemetry-metrics_prefix) | +| `telemetry.statsite_prefix` | [`telemetry.metrics_prefix`](/docs/agent/config/config-files#telemetry-metrics_prefix) | | (service definitions) `serviceid` | [`id`](/api-docs/agent/service#id) | | (service definitions) `dockercontainerid` | [`docker_container_id`](/api-docs/agent/check#dockercontainerid) | | (service definitions) `tlsskipverify` | [`tls_skip_verify`](/api-docs/agent/check#tlsskipverify) | @@ -648,7 +648,7 @@ upgrading. Here's the complete list of removed options and their equivalents: Since the `statsite_prefix` configuration option applied to all telemetry providers, `statsite_prefix` was renamed to -[`metrics_prefix`](/docs/agent/config/agent-config-files#telemetry-metrics_prefix). +[`metrics_prefix`](/docs/agent/config/config-files#telemetry-metrics_prefix). Configuration files will need to be updated when upgrading to this version of Consul. @@ -660,8 +660,8 @@ wrongly stated that you could configure both host and port. #### Escaping Behavior Changed for go-discover Configs -The format for [`-retry-join`](/docs/agent/config/agent-config-cli#retry-join) and -[`-retry-join-wan`](/docs/agent/config/agent-config-cli#retry-join-wan) values that use +The format for [`-retry-join`](/docs/agent/config/cli-flags#retry-join) and +[`-retry-join-wan`](/docs/agent/config/cli-flags#retry-join-wan) values that use [go-discover](https://github.com/hashicorp/go-discover) cloud auto joining has changed. Values in `key=val` sequences must no longer be URL encoded and can be provided as literals as long as they do not contain spaces, backslashes `\` or @@ -779,7 +779,7 @@ invalid health checks would get skipped. #### Script Checks Are Now Opt-In -A new [`enable_script_checks`](/docs/agent/config/agent-config-cli#_enable_script_checks) +A new [`enable_script_checks`](/docs/agent/config/cli-flags#_enable_script_checks) configuration option was added, and defaults to `false`, meaning that in order to allow an agent to run health checks that execute scripts, this will need to be configured and set to `true`. This provides a safer out-of-the-box @@ -801,10 +801,10 @@ for more information. Consul releases will no longer include a `web_ui.zip` file with the compiled web assets. These have been built in to the Consul binary since the 0.7.x -series and can be enabled with the [`-ui`](/docs/agent/config/agent-config-cli#_ui) +series and can be enabled with the [`-ui`](/docs/agent/config/cli-flags#_ui) configuration option. These built-in web assets have always been identical to the contents of the `web_ui.zip` file for each release. The -[`-ui-dir`](/docs/agent/config/agent-config-cli#_ui_dir) option is still available for +[`-ui-dir`](/docs/agent/config/cli-flags#_ui_dir) option is still available for hosting customized versions of the web assets, but the vast majority of Consul users can just use the built in web assets. @@ -836,12 +836,12 @@ to the following commands: #### Version 8 ACLs Are Now Opt-Out -The [`acl_enforce_version_8`](/docs/agent/config/agent-config-files#acl_enforce_version_8) +The [`acl_enforce_version_8`](/docs/agent/config/config-files#acl_enforce_version_8) configuration now defaults to `true` to enable full version 8 ACL support by default. If you are upgrading an existing cluster with ACLs enabled, you will need to set this to `false` during the upgrade on **both Consul agents and Consul servers**. Version 8 ACLs were also changed so that -[`acl_datacenter`](/docs/agent/config/agent-config-files#acl_datacenter) must be set on +[`acl_datacenter`](/docs/agent/config/config-files#acl_datacenter) must be set on agents in order to enable the agent-side enforcement of ACLs. This makes for a smoother experience in clusters where ACLs aren't enabled at all, but where the agents would have to wait to contact a Consul server before learning that. @@ -849,14 +849,14 @@ agents would have to wait to contact a Consul server before learning that. #### Remote Exec Is Now Opt-In The default for -[`disable_remote_exec`](/docs/agent/config/agent-config-files#disable_remote_exec) was +[`disable_remote_exec`](/docs/agent/config/config-files#disable_remote_exec) was changed to "true", so now operators need to opt-in to having agents support running commands remotely via [`consul exec`](/commands/exec). #### Raft Protocol Version Compatibility When upgrading to Consul 0.8.0 from a version lower than 0.7.0, users will need -to set the [`-raft-protocol`](/docs/agent/config/agent-config-cli#_raft_protocol) option +to set the [`-raft-protocol`](/docs/agent/config/cli-flags#_raft_protocol) option to 1 in order to maintain backwards compatibility with the old servers during the upgrade. After the servers have been migrated to version 0.8.0, `-raft-protocol` can be moved up to 2 and the servers restarted to match the @@ -891,7 +891,7 @@ process to reap child processes. #### DNS Resiliency Defaults -The default for [`max_stale`](/docs/agent/config/agent-config-files#max_stale) has been +The default for [`max_stale`](/docs/agent/config/config-files#max_stale) has been increased from 5 seconds to a near-indefinite threshold (10 years) to allow DNS queries to continue to be served in the event of a long outage with no leader. A new telemetry counter was added at `consul.dns.stale_queries` to track when @@ -905,7 +905,7 @@ to be aware of during an upgrade are categorized below. #### Performance Timing Defaults and Tuning Consul 0.7 now defaults the DNS configuration to allow for stale queries by -defaulting [`allow_stale`](/docs/agent/config/agent-config-files#allow_stale) to true for +defaulting [`allow_stale`](/docs/agent/config/config-files#allow_stale) to true for better utilization of available servers. If you want to retain the previous behavior, set the following configuration: @@ -918,7 +918,7 @@ behavior, set the following configuration: ``` Consul also 0.7 introduced support for tuning Raft performance using a new -[performance configuration block](/docs/agent/config/agent-config-files#performance). Also, +[performance configuration block](/docs/agent/config/config-files#performance). Also, the default Raft timing is set to a lower-performance mode suitable for [minimal Consul servers](/docs/install/performance#minimum). @@ -938,8 +938,8 @@ See the [Server Performance](/docs/install/performance) guide for more details. #### Leave-Related Configuration Defaults -The default behavior of [`leave_on_terminate`](/docs/agent/config/agent-config-files#leave_on_terminate) -and [`skip_leave_on_interrupt`](/docs/agent/config/agent-config-files#skip_leave_on_interrupt) +The default behavior of [`leave_on_terminate`](/docs/agent/config/config-files#leave_on_terminate) +and [`skip_leave_on_interrupt`](/docs/agent/config/config-files#skip_leave_on_interrupt) are now dependent on whether or not the agent is acting as a server or client: - For servers, `leave_on_terminate` defaults to "false" and `skip_leave_on_interrupt` @@ -978,7 +978,7 @@ using this feature. #### WAN Address Translation in HTTP Endpoints Consul version 0.7 added support for translating WAN addresses in certain -[HTTP endpoints](/docs/agent/config/agent-config-files#translate_wan_addrs). The servers +[HTTP endpoints](/docs/agent/config/config-files#translate_wan_addrs). The servers and the agents need to be running version 0.7 or later in order to use this feature. @@ -1060,7 +1060,7 @@ which require it: } When the DNS interface is queried, the agent's -[`acl_token`](/docs/agent/config/agent-config-files#acl_token) is used, so be sure +[`acl_token`](/docs/agent/config/config-files#acl_token) is used, so be sure that token has sufficient privileges to return the DNS records you expect to retrieve from it. diff --git a/website/content/partials/http_api_options_client.mdx b/website/content/partials/http_api_options_client.mdx index 516579bba..472c250e6 100644 --- a/website/content/partials/http_api_options_client.mdx +++ b/website/content/partials/http_api_options_client.mdx @@ -20,7 +20,7 @@ used instead. The scheme can also be set to HTTPS by setting the environment variable `CONSUL_HTTP_SSL=true`. This may be a unix domain socket using `unix:///path/to/socket` if the [agent is configured to - listen](/docs/agent/config/agent-config-files#addresses) that way. + listen](/docs/agent/config/config-files#addresses) that way. - `-tls-server-name=` - The server name to use as the SNI host when connecting via TLS. This can also be specified via the `CONSUL_TLS_SERVER_NAME` diff --git a/website/data/docs-nav-data.json b/website/data/docs-nav-data.json index f23305dbb..1538aa9ac 100644 --- a/website/data/docs-nav-data.json +++ b/website/data/docs-nav-data.json @@ -895,11 +895,11 @@ }, { "title": "CLI Reference", - "path": "agent/config/agent-config-cli" + "path": "agent/config/cli-flags" }, { "title": "Configuration Reference", - "path": "agent/config/agent-config-files" + "path": "agent/config/config-files" } ] }, From cd17e98800b706b67eac21349763e19a4dee3e10 Mon Sep 17 00:00:00 2001 From: Natalie Smith Date: Mon, 10 Jan 2022 17:50:06 -0800 Subject: [PATCH 126/785] docs: fix yet more references to agent/options --- .../linux/package/etc/consul.d/consul.hcl | 2 +- CHANGELOG.md | 80 +++++++++---------- agent/config/runtime.go | 6 +- agent/consul/server.go | 2 +- agent/kvs_endpoint.go | 2 +- agent/txn_endpoint.go | 4 +- 6 files changed, 48 insertions(+), 48 deletions(-) diff --git a/.release/linux/package/etc/consul.d/consul.hcl b/.release/linux/package/etc/consul.d/consul.hcl index e1b8e6e19..a064e95af 100644 --- a/.release/linux/package/etc/consul.d/consul.hcl +++ b/.release/linux/package/etc/consul.d/consul.hcl @@ -1,4 +1,4 @@ -# Fullconfiguration options can be found at https://www.consul.io/docs/agent/options.html +# Full configuration options can be found at https://www.consul.io/docs/agent/config # datacenter # This flag controls the datacenter in which the agent is running. If not provided, diff --git a/CHANGELOG.md b/CHANGELOG.md index fd5776250..c9e452af0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -473,7 +473,7 @@ token. [[GH-10795](https://github.com/hashicorp/consul/issues/10795)] KNOWN ISSUES: -* The change to enable streaming by default uncovered an incompatibility between streaming and WAN federation over mesh gateways causing traffic to fall back to attempting a direct WAN connection rather than transiting through the gateways. We currently suggest explicitly setting [`use_streaming_backend=false`](https://www.consul.io/docs/agent/options#use_streaming_backend) if using WAN federation over mesh gateways when upgrading to 1.10.1 and are working to address this issue in a future patch release. +* The change to enable streaming by default uncovered an incompatibility between streaming and WAN federation over mesh gateways causing traffic to fall back to attempting a direct WAN connection rather than transiting through the gateways. We currently suggest explicitly setting [`use_streaming_backend=false`](https://www.consul.io/docs/agent/config/config-files#use_streaming_backend) if using WAN federation over mesh gateways when upgrading to 1.10.1 and are working to address this issue in a future patch release. SECURITY: @@ -1891,7 +1891,7 @@ FEATURES: * **Connect Envoy Supports L7 Routing:** Additional configuration entry types `service-router`, `service-resolver`, and `service-splitter`, allow for configuring Envoy sidecars to enable reliability and deployment patterns at L7 such as HTTP path-based routing, traffic shifting, and advanced failover capabilities. For more information see the [L7 traffic management](https://www.consul.io/docs/connect/l7-traffic-management.html) docs. * **Mesh Gateways:** Envoy can now be run as a gateway to route Connect traffic across datacenters using SNI headers, allowing connectivty across platforms and clouds and other complex network topologies. Read more in the [mesh gateway docs](https://www.consul.io/docs/connect/mesh_gateway.html). -* **Intention & CA Replication:** In order to enable connecitivty for services across datacenters, Connect intentions are now replicated and the Connect CA cross-signs from the [primary_datacenter](/docs/agent/options.html#primary_datacenter). This feature was previously part of Consul Enterprise. +* **Intention & CA Replication:** In order to enable connecitivty for services across datacenters, Connect intentions are now replicated and the Connect CA cross-signs from the [primary_datacenter](/docs/agent/config/config-files.html#primary_datacenter). This feature was previously part of Consul Enterprise. * agent: add `local-only` parameter to operator/keyring list requests to force queries to only hit local servers. [[GH-6279](https://github.com/hashicorp/consul/pull/6279)] * connect: expose an API endpoint to compile the discovery chain [[GH-6248](https://github.com/hashicorp/consul/issues/6248)] * connect: generate the full SNI names for discovery targets in the compiler rather than in the xds package [[GH-6340](https://github.com/hashicorp/consul/issues/6340)] @@ -2327,7 +2327,7 @@ FEATURES: IMPROVEMENTS: * proxy: With `-register` flag, heartbeat failures will only log once service registration succeeds. [[GH-4314](https://github.com/hashicorp/consul/pull/4314)] -* http: 1.0.3 introduced rejection of non-printable chars in HTTP URLs due to a security vulnerability. Some users who had keys written with an older version which are now dissallowed were unable to delete them. A new config option [disable_http_unprintable_char_filter](https://www.consul.io/docs/agent/options.html#disable_http_unprintable_char_filter) is added to allow those users to remove the offending keys. Leaving this new option set long term is strongly discouraged as it bypasses filtering necessary to prevent some known vulnerabilities. [[GH-4442](https://github.com/hashicorp/consul/pull/4442)] +* http: 1.0.3 introduced rejection of non-printable chars in HTTP URLs due to a security vulnerability. Some users who had keys written with an older version which are now dissallowed were unable to delete them. A new config option [disable_http_unprintable_char_filter](https://www.consul.io/docs/agent/config/config-files.html#disable_http_unprintable_char_filter) is added to allow those users to remove the offending keys. Leaving this new option set long term is strongly discouraged as it bypasses filtering necessary to prevent some known vulnerabilities. [[GH-4442](https://github.com/hashicorp/consul/pull/4442)] * agent: Allow for advanced configuration of some gossip related parameters. [[GH-4058](https://github.com/hashicorp/consul/issues/4058)] * agent: Make some Gossip tuneables configurable via the config file [[GH-4444](https://github.com/hashicorp/consul/pull/4444)] * ui: Included searching on `.Tags` when using the freetext search field. [[GH-4383](https://github.com/hashicorp/consul/pull/4383)] @@ -2559,13 +2559,13 @@ IMPROVEMENTS: * agent: (Consul Enterprise) Added [AWS KMS support](http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html) for S3 snapshots using the snapshot agent. * agent: Watches in the Consul agent can now be configured to invoke an HTTP endpoint instead of an executable. [[GH-3305](https://github.com/hashicorp/consul/issues/3305)] -* agent: Added a new [`-config-format`](https://www.consul.io/docs/agent/options.html#_config_format) command line option which can be set to `hcl` or `json` to specify the format of configuration files. This is useful for cases where the file name cannot be controlled in order to provide the required extension. [[GH-3620](https://github.com/hashicorp/consul/issues/3620)] +* agent: Added a new [`-config-format`](https://www.consul.io/docs/agent/config/cli-flags.html#_config_format) command line option which can be set to `hcl` or `json` to specify the format of configuration files. This is useful for cases where the file name cannot be controlled in order to provide the required extension. [[GH-3620](https://github.com/hashicorp/consul/issues/3620)] * agent: DNS recursors can now be specified as [go-sockaddr](https://godoc.org/github.com/hashicorp/go-sockaddr/template) templates. [[GH-2932](https://github.com/hashicorp/consul/issues/2932)] * agent: Serf snapshots no longer save network coordinate information. This enables recovery from errors upon agent restart. [[GH-489](https://github.com/hashicorp/serf/issues/489)] * agent: Added defensive code to prevent out of range ping times from infecting network coordinates. Updates to the coordinate system with negative round trip times or round trip times higher than 10 seconds will log an error but will be ignored. * agent: The agent now warns when there are extra unparsed command line arguments and refuses to start. [[GH-3397](https://github.com/hashicorp/consul/issues/3397)] * agent: Updated go-sockaddr library to get CoreOS route detection fixes and the new `mask` functionality. [[GH-3633](https://github.com/hashicorp/consul/issues/3633)] -* agent: Added a new [`enable_agent_tls_for_checks`](https://www.consul.io/docs/agent/options.html#enable_agent_tls_for_checks) configuration option that allows HTTP health checks for services requiring 2-way TLS to be checked using the agent's credentials. [[GH-3364](https://github.com/hashicorp/consul/issues/3364)] +* agent: Added a new [`enable_agent_tls_for_checks`](https://www.consul.io/docs/agent/config/config-files.html#enable_agent_tls_for_checks) configuration option that allows HTTP health checks for services requiring 2-way TLS to be checked using the agent's credentials. [[GH-3364](https://github.com/hashicorp/consul/issues/3364)] * agent: Made logging of health check status more uniform and moved log entries with full check output from DEBUG to TRACE level for less noise. [[GH-3683](https://github.com/hashicorp/consul/issues/3683)] * build: Consul is now built with Go 1.9.2. [[GH-3663](https://github.com/hashicorp/consul/issues/3663)] @@ -2590,8 +2590,8 @@ SECURITY: BREAKING CHANGES: -* **Raft Protocol Now Defaults to 3:** The [`-raft-protocol`](https://www.consul.io/docs/agent/options.html#_raft_protocol) default has been changed from 2 to 3, enabling all [Autopilot](https://www.consul.io/docs/guides/autopilot.html) features by default. Version 3 requires Consul running 0.8.0 or newer on all servers in order to work, so if you are upgrading with older servers in a cluster then you will need to set this back to 2 in order to upgrade. See [Raft Protocol Version Compatibility](https://www.consul.io/docs/upgrade-specific.html#raft-protocol-version-compatibility) for more details. Also the format of `peers.json` used for outage recovery is different when running with the lastest Raft protocol. See [Manual Recovery Using peers.json](https://www.consul.io/docs/guides/outage.html#manual-recovery-using-peers-json) for a description of the required format. [[GH-3477](https://github.com/hashicorp/consul/issues/3477)] -* **Config Files Require an Extension:** As part of supporting the [HCL](https://github.com/hashicorp/hcl#syntax) format for Consul's config files, an `.hcl` or `.json` extension is required for all config files loaded by Consul, even when using the [`-config-file`](https://www.consul.io/docs/agent/options.html#_config_file) argument to specify a file directly. [[GH-3480](https://github.com/hashicorp/consul/issues/3480)] +* **Raft Protocol Now Defaults to 3:** The [`-raft-protocol`](https://www.consul.io/docs/agent/config/cli-flags.html#_raft_protocol) default has been changed from 2 to 3, enabling all [Autopilot](https://www.consul.io/docs/guides/autopilot.html) features by default. Version 3 requires Consul running 0.8.0 or newer on all servers in order to work, so if you are upgrading with older servers in a cluster then you will need to set this back to 2 in order to upgrade. See [Raft Protocol Version Compatibility](https://www.consul.io/docs/upgrade-specific.html#raft-protocol-version-compatibility) for more details. Also the format of `peers.json` used for outage recovery is different when running with the lastest Raft protocol. See [Manual Recovery Using peers.json](https://www.consul.io/docs/guides/outage.html#manual-recovery-using-peers-json) for a description of the required format. [[GH-3477](https://github.com/hashicorp/consul/issues/3477)] +* **Config Files Require an Extension:** As part of supporting the [HCL](https://github.com/hashicorp/hcl#syntax) format for Consul's config files, an `.hcl` or `.json` extension is required for all config files loaded by Consul, even when using the [`-config-file`](https://www.consul.io/docs/agent/config/cli-flags.html#_config_file) argument to specify a file directly. [[GH-3480](https://github.com/hashicorp/consul/issues/3480)] * **Deprecated Options Have Been Removed:** All of Consul's previously deprecated command line flags and config options have been removed, so these will need to be mapped to their equivalents before upgrading. [[GH-3480](https://github.com/hashicorp/consul/issues/3480)]
    Detailed List of Removed Options and their Equivalents @@ -2602,35 +2602,35 @@ BREAKING CHANGES: | `-atlas-token`| None, Atlas is no longer supported. | | `-atlas-join` | None, Atlas is no longer supported. | | `-atlas-endpoint` | None, Atlas is no longer supported. | - | `-dc` | [`-datacenter`](https://www.consul.io/docs/agent/options.html#_datacenter) | - | `-retry-join-azure-tag-name` | [`-retry-join`](https://www.consul.io/docs/agent/options.html#microsoft-azure) | - | `-retry-join-azure-tag-value` | [`-retry-join`](https://www.consul.io/docs/agent/options.html#microsoft-azure) | - | `-retry-join-ec2-region` | [`-retry-join`](https://www.consul.io/docs/agent/options.html#amazon-ec2) | - | `-retry-join-ec2-tag-key` | [`-retry-join`](https://www.consul.io/docs/agent/options.html#amazon-ec2) | - | `-retry-join-ec2-tag-value` | [`-retry-join`](https://www.consul.io/docs/agent/options.html#amazon-ec2) | - | `-retry-join-gce-credentials-file` | [`-retry-join`](https://www.consul.io/docs/agent/options.html#google-compute-engine) | - | `-retry-join-gce-project-name` | [`-retry-join`](https://www.consul.io/docs/agent/options.html#google-compute-engine) | - | `-retry-join-gce-tag-name` | [`-retry-join`](https://www.consul.io/docs/agent/options.html#google-compute-engine) | - | `-retry-join-gce-zone-pattern` | [`-retry-join`](https://www.consul.io/docs/agent/options.html#google-compute-engine) | + | `-dc` | [`-datacenter`](https://www.consul.io/docs/agent/config/cli-flags.html#_datacenter) | + | `-retry-join-azure-tag-name` | [`-retry-join`](https://www.consul.io/docs/agent/config/cli-flags.html#_retry_join) | + | `-retry-join-azure-tag-value` | [`-retry-join`](https://www.consul.io/docs/agent/config/cli-flags.html#_retry_join) | + | `-retry-join-ec2-region` | [`-retry-join`](https://www.consul.io/docs/agent/config/cli-flags.html#_retry_join) | + | `-retry-join-ec2-tag-key` | [`-retry-join`](https://www.consul.io/docs/agent/config/cli-flags.html#_retry_join) | + | `-retry-join-ec2-tag-value` | [`-retry-join`](https://www.consul.io/docs/agent/config/cli-flags.html#_retry_join) | + | `-retry-join-gce-credentials-file` | [`-retry-join`](https://www.consul.io/docs/agent/config/cli-flags.html#_retry_join) | + | `-retry-join-gce-project-name` | [`-retry-join`](https://www.consul.io/docs/agent/config/cli-flags.html#_retry_join) | + | `-retry-join-gce-tag-name` | [`-retry-join`](https://www.consul.io/docs/agent/config/cli-flags.html#_retry_join) | + | `-retry-join-gce-zone-pattern` | [`-retry-join`](https://www.consul.io/docs/agent/config/cli-flags.html#_retry_join) | | `addresses.rpc` | None, the RPC server for CLI commands is no longer supported. | - | `advertise_addrs` | [`ports`](https://www.consul.io/docs/agent/options.html#ports) with [`advertise_addr`](https://www.consul/io/docs/agent/options.html#advertise_addr) and/or [`advertise_addr_wan`](https://www.consul.io/docs/agent/options.html#advertise_addr_wan) | + | `advertise_addrs` | [`ports`](https://www.consul.io/docs/agent/config/config-files.html#ports) with [`advertise_addr`](https://www.consul/io/docs/agent/config/config-files.html#advertise_addr) and/or [`advertise_addr_wan`](https://www.consul.io/docs/agent/config/config-files.html#advertise_addr_wan) | | `atlas_infrastructure` | None, Atlas is no longer supported. | | `atlas_token` | None, Atlas is no longer supported. | | `atlas_acl_token` | None, Atlas is no longer supported. | | `atlas_join` | None, Atlas is no longer supported. | | `atlas_endpoint` | None, Atlas is no longer supported. | - | `dogstatsd_addr` | [`telemetry.dogstatsd_addr`](https://www.consul.io/docs/agent/options.html#telemetry-dogstatsd_addr) | - | `dogstatsd_tags` | [`telemetry.dogstatsd_tags`](https://www.consul.io/docs/agent/options.html#telemetry-dogstatsd_tags) | - | `http_api_response_headers` | [`http_config.response_headers`](https://www.consul.io/docs/agent/options.html#response_headers) | + | `dogstatsd_addr` | [`telemetry.dogstatsd_addr`](https://www.consul.io/docs/agent/config/config-files.html#telemetry-dogstatsd_addr) | + | `dogstatsd_tags` | [`telemetry.dogstatsd_tags`](https://www.consul.io/docs/agent/config/config-files.html#telemetry-dogstatsd_tags) | + | `http_api_response_headers` | [`http_config.response_headers`](https://www.consul.io/docs/agent/config/config-files.html#response_headers) | | `ports.rpc` | None, the RPC server for CLI commands is no longer supported. | - | `recursor` | [`recursors`](https://github.com/hashicorp/consul/blob/main/website/source/docs/agent/options.html.md#recursors) | - | `retry_join_azure` | [`-retry-join`](https://www.consul.io/docs/agent/options.html#microsoft-azure) | - | `retry_join_ec2` | [`-retry-join`](https://www.consul.io/docs/agent/options.html#amazon-ec2) | - | `retry_join_gce` | [`-retry-join`](https://www.consul.io/docs/agent/options.html#google-compute-engine) | - | `statsd_addr` | [`telemetry.statsd_address`](https://github.com/hashicorp/consul/blob/main/website/source/docs/agent/options.html.md#telemetry-statsd_address) | - | `statsite_addr` | [`telemetry.statsite_address`](https://github.com/hashicorp/consul/blob/main/website/source/docs/agent/options.html.md#telemetry-statsite_address) | - | `statsite_prefix` | [`telemetry.metrics_prefix`](https://www.consul.io/docs/agent/options.html#telemetry-metrics_prefix) | - | `telemetry.statsite_prefix` | [`telemetry.metrics_prefix`](https://www.consul.io/docs/agent/options.html#telemetry-metrics_prefix) | + | `recursor` | [`recursors`](https://github.com/hashicorp/consul/blob/main/website/source/docs/agent/config/config-files.html.md#recursors) | + | `retry_join_azure` | [`-retry-join`](https://www.consul.io/docs/agent/config/cli-flags.html#_retry_join) | + | `retry_join_ec2` | [`-retry-join`](https://www.consul.io/docs/agent/config/cli-flags.html#_retry_join) | + | `retry_join_gce` | [`-retry-join`](https://www.consul.io/docs/agent/config/cli-flags.html#_retry_join) | + | `statsd_addr` | [`telemetry.statsd_address`](https://github.com/hashicorp/consul/blob/main/website/source/docs/agent/config/config-files.html.md#telemetry-statsd_address) | + | `statsite_addr` | [`telemetry.statsite_address`](https://github.com/hashicorp/consul/blob/main/website/source/docs/agent/config/config-files.html.md#telemetry-statsite_address) | + | `statsite_prefix` | [`telemetry.metrics_prefix`](https://www.consul.io/docs/agent/config/config-files.html#telemetry-metrics_prefix) | + | `telemetry.statsite_prefix` | [`telemetry.metrics_prefix`](https://www.consul.io/docs/agent/config/config-files.html#telemetry-metrics_prefix) | | (service definitions) `serviceid` | [`service_id`](https://www.consul.io/docs/agent/services.html) | | (service definitions) `dockercontainerid` | [`docker_container_id`](https://www.consul.io/docs/agent/services.html) | | (service definitions) `tlsskipverify` | [`tls_skip_verify`](https://www.consul.io/docs/agent/services.html) | @@ -2638,9 +2638,9 @@ BREAKING CHANGES:
    -* **`statsite_prefix` Renamed to `metrics_prefix`:** Since the `statsite_prefix` configuration option applied to all telemetry providers, `statsite_prefix` was renamed to [`metrics_prefix`](https://www.consul.io/docs/agent/options.html#telemetry-metrics_prefix). Configuration files will need to be updated when upgrading to this version of Consul. [[GH-3498](https://github.com/hashicorp/consul/issues/3498)] +* **`statsite_prefix` Renamed to `metrics_prefix`:** Since the `statsite_prefix` configuration option applied to all telemetry providers, `statsite_prefix` was renamed to [`metrics_prefix`](https://www.consul.io/docs/agent/config/config-files.html#telemetry-metrics_prefix). Configuration files will need to be updated when upgrading to this version of Consul. [[GH-3498](https://github.com/hashicorp/consul/issues/3498)] * **`advertise_addrs` Removed:** This configuration option was removed since it was redundant with `advertise_addr` and `advertise_addr_wan` in combination with `ports` and also wrongly stated that you could configure both host and port. [[GH-3516](https://github.com/hashicorp/consul/issues/3516)] -* **Escaping Behavior Changed for go-discover Configs:** The format for [`-retry-join`](https://www.consul.io/docs/agent/options.html#retry-join) and [`-retry-join-wan`](https://www.consul.io/docs/agent/options.html#retry-join-wan) values that use [go-discover](https://github.com/hashicorp/go-discover) Cloud auto joining has changed. Values in `key=val` sequences must no longer be URL encoded and can be provided as literals as long as they do not contain spaces, backslashes `\` or double quotes `"`. If values contain these characters then use double quotes as in `"some key"="some value"`. Special characters within a double quoted string can be escaped with a backslash `\`. [[GH-3417](https://github.com/hashicorp/consul/issues/3417)] +* **Escaping Behavior Changed for go-discover Configs:** The format for [`-retry-join`](https://www.consul.io/docs/agent/config/cli-flags.html#_retry_join) and [`-retry-join-wan`](https://www.consul.io/docs/agent/config/cli-flags.html#_retry_join_wan) values that use [go-discover](https://github.com/hashicorp/go-discover) Cloud auto joining has changed. Values in `key=val` sequences must no longer be URL encoded and can be provided as literals as long as they do not contain spaces, backslashes `\` or double quotes `"`. If values contain these characters then use double quotes as in `"some key"="some value"`. Special characters within a double quoted string can be escaped with a backslash `\`. [[GH-3417](https://github.com/hashicorp/consul/issues/3417)] * **HTTP Verbs are Enforced in Many HTTP APIs:** Many endpoints in the HTTP API that previously took any HTTP verb now check for specific HTTP verbs and enforce them. This may break clients relying on the old behavior. [[GH-3405](https://github.com/hashicorp/consul/issues/3405)]
    Detailed List of Updated Endpoints and Required HTTP Verbs @@ -2721,7 +2721,7 @@ BREAKING CHANGES: FEATURES: * **Support for HCL Config Files:** Consul now supports HashiCorp's [HCL](https://github.com/hashicorp/hcl#syntax) format for config files. This is easier to work with than JSON and supports comments. As part of this change, all config files will need to have either an `.hcl` or `.json` extension in order to specify their format. [[GH-3480](https://github.com/hashicorp/consul/issues/3480)] -* **Support for Binding to Multiple Addresses:** Consul now supports binding to multiple addresses for its HTTP, HTTPS, and DNS services. You can provide a space-separated list of addresses to [`-client`](https://www.consul.io/docs/agent/options.html#_client) and [`addresses`](https://www.consul.io/docs/agent/options.html#addresses) configurations, or specify a [go-sockaddr](https://godoc.org/github.com/hashicorp/go-sockaddr/template) template that resolves to multiple addresses. [[GH-3480](https://github.com/hashicorp/consul/issues/3480)] +* **Support for Binding to Multiple Addresses:** Consul now supports binding to multiple addresses for its HTTP, HTTPS, and DNS services. You can provide a space-separated list of addresses to [`-client`](https://www.consul.io/docs/agent/config/cli-flags.html#_client) and [`addresses`](https://www.consul.io/docs/agent/config/config-files.html#addresses) configurations, or specify a [go-sockaddr](https://godoc.org/github.com/hashicorp/go-sockaddr/template) template that resolves to multiple addresses. [[GH-3480](https://github.com/hashicorp/consul/issues/3480)] * **Support for RFC1464 DNS TXT records:** Consul DNS responses now contain the node meta data encoded according to RFC1464 as TXT records. [[GH-3343](https://github.com/hashicorp/consul/issues/3343)] * **Support for Running Subproccesses Directly Without a Shell:** Consul agent checks and watches now support an `args` configuration which is a list of arguments to run for the subprocess, which runs the subprocess directly without a shell. The old `script` and `handler` configurations are now deprecated (specify a shell explicitly if you require one). A `-shell=false` option is also available on `consul lock`, `consul watch`, and `consul exec` to run the subprocesses associated with those without a shell. [[GH-3509](https://github.com/hashicorp/consul/issues/3509)] * **Sentinel Integration:** (Consul Enterprise) Consul's ACL system integrates with [Sentinel](https://www.consul.io/docs/guides/sentinel.html) to enable code policies that apply to KV writes. @@ -2732,7 +2732,7 @@ IMPROVEMENTS: * agent: Improved /v1/operator/raft/configuration endpoint which allows Consul to avoid an extra agent RPC call for the `consul operator raft list-peers` command. [[GH-3449](https://github.com/hashicorp/consul/issues/3449)] * agent: Improved ACL system for the KV store to support list permissions. This behavior can be opted in. For more information, see the [ACL Guide](https://www.consul.io/docs/guides/acl.html#list-policy-for-keys). [[GH-3511](https://github.com/hashicorp/consul/issues/3511)] * agent: Updates miekg/dns library to later version to pick up bug fixes and improvements. [[GH-3547](https://github.com/hashicorp/consul/issues/3547)] -* agent: Added automatic retries to the RPC path, and a brief RPC drain time when servers leave. These changes make Consul more robust during graceful leaves of Consul servers, such as during upgrades, and help shield applications from "no leader" errors. These are configured with new [`performance`](https://www.consul.io/docs/agent/options.html#performance) options. [[GH-3514](https://github.com/hashicorp/consul/issues/3514)] +* agent: Added automatic retries to the RPC path, and a brief RPC drain time when servers leave. These changes make Consul more robust during graceful leaves of Consul servers, such as during upgrades, and help shield applications from "no leader" errors. These are configured with new [`performance`](https://www.consul.io/docs/agent/config/config-files.html#performance) options. [[GH-3514](https://github.com/hashicorp/consul/issues/3514)] * agent: Added a new `discard_check_output` agent-level configuration option that can be used to trade off write load to the Consul servers vs. visibility of health check output. This is reloadable so it can be toggled without fully restarting the agent. [[GH-3562](https://github.com/hashicorp/consul/issues/3562)] * api: Updated the API client to ride out network errors when monitoring locks and semaphores. [[GH-3553](https://github.com/hashicorp/consul/issues/3553)] * build: Updated Go toolchain to version 1.9.1. [[GH-3537](https://github.com/hashicorp/consul/issues/3537)] @@ -2760,7 +2760,7 @@ SECURITY: FEATURES: * **LAN Network Segments:** (Consul Enterprise) Added a new [Network Segments](https://www.consul.io/docs/guides/segments.html) capability which allows users to configure Consul to support segmented LAN topologies with multiple, distinct gossip pools. [[GH-3431](https://github.com/hashicorp/consul/issues/3431)] * **WAN Join for Cloud Providers:** Added WAN support for retry join for Cloud providers via go-discover, including Amazon AWS, Microsoft Azure, Google Cloud, and SoftLayer. This uses the same "provider" syntax supported for `-retry-join` via the `-retry-join-wan` configuration. [[GH-3406](https://github.com/hashicorp/consul/issues/3406)] -* **RPC Rate Limiter:** Consul agents in client mode have a new [`limits`](https://www.consul.io/docs/agent/options.html#limits) configuration that enables a rate limit on RPC calls the agent makes to Consul servers. [[GH-3140](https://github.com/hashicorp/consul/issues/3140)] +* **RPC Rate Limiter:** Consul agents in client mode have a new [`limits`](https://www.consul.io/docs/agent/config/config-files.html#limits) configuration that enables a rate limit on RPC calls the agent makes to Consul servers. [[GH-3140](https://github.com/hashicorp/consul/issues/3140)] IMPROVEMENTS: @@ -2790,13 +2790,13 @@ BUG FIXES: FEATURES: * **Secure ACL Token Introduction:** It's now possible to manage Consul's ACL tokens without having to place any tokens inside configuration files. This supports introduction of tokens as well as rotating. This is enabled with two new APIs: - * A new [`/v1/agent/token`](https://www.consul.io/api/agent.html#update-acl-tokens) API allows an agent's ACL tokens to be introduced without placing them into config files, and to update them without restarting the agent. See the [ACL Guide](https://www.consul.io/docs/guides/acl.html#create-an-agent-token) for an example. This was extended to ACL replication as well, along with a new [`enable_acl_replication`](https://www.consul.io/docs/agent/options.html#enable_acl_replication) config option. [GH-3324,GH-3357] + * A new [`/v1/agent/token`](https://www.consul.io/api/agent.html#update-acl-tokens) API allows an agent's ACL tokens to be introduced without placing them into config files, and to update them without restarting the agent. See the [ACL Guide](https://www.consul.io/docs/guides/acl.html#create-an-agent-token) for an example. This was extended to ACL replication as well, along with a new [`enable_acl_replication`](https://www.consul.io/docs/agent/config/config-files.html#enable_acl_replication) config option. [GH-3324,GH-3357] * A new [`/v1/acl/bootstrap`](https://www.consul.io/api/acl.html#bootstrap-acls) allows a cluster's first management token to be created without using the `acl_master_token` configuration. See the [ACL Guide](https://www.consul.io/docs/guides/acl.html#bootstrapping-acls) for an example. [[GH-3349](https://github.com/hashicorp/consul/issues/3349)] * **Metrics Viewing Endpoint:** A new [`/v1/agent/metrics`](https://www.consul.io/api/agent.html#view-metrics) API displays the current values of internally tracked metrics. [[GH-3369](https://github.com/hashicorp/consul/issues/3369)] IMPROVEMENTS: -* agent: Retry Join for Amazon AWS, Microsoft Azure, Google Cloud, and (new) SoftLayer is now handled through the https://github.com/hashicorp/go-discover library. With this all `-retry-join-{ec2,azure,gce}-*` parameters have been deprecated in favor of a unified configuration. See [`-retry-join`](https://www.consul.io/docs/agent/options.html#_retry_join) for details. [GH-3282,GH-3351] +* agent: Retry Join for Amazon AWS, Microsoft Azure, Google Cloud, and (new) SoftLayer is now handled through the https://github.com/hashicorp/go-discover library. With this all `-retry-join-{ec2,azure,gce}-*` parameters have been deprecated in favor of a unified configuration. See [`-retry-join`](https://www.consul.io/docs/agent/config/cli-flags.html#_retry_join) for details. [GH-3282,GH-3351] * agent: Reports a more detailed error message if the LAN or WAN Serf instance fails to bind to an address. [[GH-3312](https://github.com/hashicorp/consul/issues/3312)] * agent: Added NS records and corrected SOA records to allow Consul's DNS interface to work properly with zone delegation. [[GH-1301](https://github.com/hashicorp/consul/issues/1301)] * agent: Added support for sending metrics with labels/tags to supported backends. [[GH-3369](https://github.com/hashicorp/consul/issues/3369)] @@ -2820,13 +2820,13 @@ BUG FIXES: BREAKING CHANGES: -* agent: Added a new [`enable_script_checks`](https://www.consul.io/docs/agent/options.html#_enable_script_checks) configuration option that defaults to `false`, meaning that in order to allow an agent to run health checks that execute scripts, this will need to be configured and set to `true`. This provides a safer out-of-the-box configuration for Consul where operators must opt-in to allow script-based health checks. [[GH-3087](https://github.com/hashicorp/consul/issues/3087)] +* agent: Added a new [`enable_script_checks`](https://www.consul.io/docs/agent/config/cli-flags.html#_enable_script_checks) configuration option that defaults to `false`, meaning that in order to allow an agent to run health checks that execute scripts, this will need to be configured and set to `true`. This provides a safer out-of-the-box configuration for Consul where operators must opt-in to allow script-based health checks. [[GH-3087](https://github.com/hashicorp/consul/issues/3087)] * api: Reworked `context` support in the API client to more closely match the Go standard library, and added context support to write requests in addition to read requests. [GH-3273, GH-2992] * ui: Since the UI is now bundled with the application we no longer provide a separate UI package for downloading. [[GH-3292](https://github.com/hashicorp/consul/issues/3292)] FEATURES: -* agent: Added a new [`block_endpoints`](https://www.consul.io/docs/agent/options.html#block_endpoints) configuration option that allows blocking HTTP API endpoints by prefix. This allows operators to completely disallow access to specific endpoints on a given agent. [[GH-3252](https://github.com/hashicorp/consul/issues/3252)] +* agent: Added a new [`block_endpoints`](https://www.consul.io/docs/agent/config/config-files.html#block_endpoints) configuration option that allows blocking HTTP API endpoints by prefix. This allows operators to completely disallow access to specific endpoints on a given agent. [[GH-3252](https://github.com/hashicorp/consul/issues/3252)] * cli: Added a new [`consul catalog`](https://www.consul.io/docs/commands/catalog.html) command for reading datacenters, nodes, and services from the catalog. [[GH-3204](https://github.com/hashicorp/consul/issues/3204)] * server: (Consul Enterprise) Added a new [`consul operator area update`](https://www.consul.io/docs/commands/operator/area.html#update) command and corresponding HTTP endpoint to allow for transitioning the TLS setting of network areas at runtime. [[GH-3075](https://github.com/hashicorp/consul/issues/3075)] * server: (Consul Enterprise) Added a new `UpgradeVersionTag` field to the Autopilot config to allow for using the migration feature to roll out configuration or cluster changes, without having to upgrade Consul itself. @@ -2854,7 +2854,7 @@ BUG FIXES: * agent: Fixed an issue in the Docker client where Docker checks would get EOF errors trying to connect to a volume-mounted Docker socket. [[GH-3254](https://github.com/hashicorp/consul/issues/3254)] * agent: Fixed a crash when using Azure auto discovery. [[GH-3193](https://github.com/hashicorp/consul/issues/3193)] * agent: Added `node` read privileges to the `acl_agent_master_token` by default so it can see all nodes, which enables it to be used with operations like `consul members`. [[GH-3113](https://github.com/hashicorp/consul/issues/3113)] -* agent: Fixed an issue where enabling [`-disable-keyring-file`](https://www.consul.io/docs/agent/options.html#_disable_keyring_file) would cause gossip encryption to be disabled. [[GH-3243](https://github.com/hashicorp/consul/issues/3243)] +* agent: Fixed an issue where enabling [`-disable-keyring-file`](https://www.consul.io/docs/agent/config/cli-flags.html#_disable_keyring_file) would cause gossip encryption to be disabled. [[GH-3243](https://github.com/hashicorp/consul/issues/3243)] * agent: Fixed a race condition where checks that are not associated with any existing services were allowed to persist. [[GH-3297](https://github.com/hashicorp/consul/issues/3297)] * agent: Stop docker checks on service deregistration and on shutdown. [GH-3265, GH-3295] * server: Updated the Raft library to pull in a fix where servers that are very far behind in replication can get stuck in a loop trying to install snapshots. [[GH-3201](https://github.com/hashicorp/consul/issues/3201)] @@ -2871,7 +2871,7 @@ BUG FIXES: BREAKING CHANGES: * agent: Parse values given to `?passing` for health endpoints. Previously Consul only checked for the existence of the querystring, not the value. That means using `?passing=false` would actually still include passing values. Consul now parses the value given to passing as a boolean. If no value is provided, the old behavior remains. This may be a breaking change for some users, but the old experience was incorrect and caused enough confusion to warrant changing it. [GH-2212, GH-3136] -* agent: The default value of [`-disable-host-node-id`](https://www.consul.io/docs/agent/options.html#_disable_host_node_id) has been changed from false to true. This means you need to opt-in to host-based node IDs and by default Consul will generate a random node ID. A high number of users struggled to deploy newer versions of Consul with host-based IDs because of various edge cases of how the host IDs work in Docker, on specially-provisioned machines, etc. so changing this from opt-out to opt-in will ease operations for many Consul users. [[GH-3171](https://github.com/hashicorp/consul/issues/3171)] +* agent: The default value of [`-disable-host-node-id`](https://www.consul.io/docs/agent/config/cli-flags.html#_disable_host_node_id) has been changed from false to true. This means you need to opt-in to host-based node IDs and by default Consul will generate a random node ID. A high number of users struggled to deploy newer versions of Consul with host-based IDs because of various edge cases of how the host IDs work in Docker, on specially-provisioned machines, etc. so changing this from opt-out to opt-in will ease operations for many Consul users. [[GH-3171](https://github.com/hashicorp/consul/issues/3171)] IMPROVEMENTS: diff --git a/agent/config/runtime.go b/agent/config/runtime.go index 241f7ca53..548bfe78f 100644 --- a/agent/config/runtime.go +++ b/agent/config/runtime.go @@ -822,7 +822,7 @@ type RuntimeConfig struct { // PrimaryGateways is a list of addresses and/or go-discover expressions to // discovery the mesh gateways in the primary datacenter. See - // https://www.consul.io/docs/agent/options.html#cloud-auto-joining for + // https://www.consul.io/docs/agent/config/cli-flags.html#cloud-auto-joining for // details. // // hcl: primary_gateways = []string @@ -978,7 +978,7 @@ type RuntimeConfig struct { // RetryJoinLAN is a list of addresses and/or go-discover expressions to // join with retry enabled. See - // https://www.consul.io/docs/agent/options.html#cloud-auto-joining for + // https://www.consul.io/docs/agent/config/cli-flags.html#cloud-auto-joining for // details. // // hcl: retry_join = []string @@ -1003,7 +1003,7 @@ type RuntimeConfig struct { // RetryJoinWAN is a list of addresses and/or go-discover expressions to // join -wan with retry enabled. See - // https://www.consul.io/docs/agent/options.html#cloud-auto-joining for + // https://www.consul.io/docs/agent/config/cli-flags.html#cloud-auto-joining for // details. // // hcl: retry_join_wan = []string diff --git a/agent/consul/server.go b/agent/consul/server.go index a3effba97..fb9255f54 100644 --- a/agent/consul/server.go +++ b/agent/consul/server.go @@ -1591,7 +1591,7 @@ const peersInfoContent = ` As of Consul 0.7.0, the peers.json file is only used for recovery after an outage. The format of this file depends on what the server has configured for its Raft protocol version. Please see the agent configuration -page at https://www.consul.io/docs/agent/options.html#_raft_protocol for more +page at https://www.consul.io/docs/agent/config/cli-flags.html#_raft_protocol for more details about this parameter. For Raft protocol version 2 and earlier, this should be formatted as a JSON diff --git a/agent/kvs_endpoint.go b/agent/kvs_endpoint.go index 4b8cc3348..85273aa8e 100644 --- a/agent/kvs_endpoint.go +++ b/agent/kvs_endpoint.go @@ -210,7 +210,7 @@ func (s *HTTPHandlers) KVSPut(resp http.ResponseWriter, req *http.Request, args if req.ContentLength > int64(s.agent.config.KVMaxValueSize) { return nil, EntityTooLargeError{ Reason: fmt.Sprintf("Request body(%d bytes) too large, max size: %d bytes. See %s.", - req.ContentLength, s.agent.config.KVMaxValueSize, "https://www.consul.io/docs/agent/options.html#kv_max_value_size"), + req.ContentLength, s.agent.config.KVMaxValueSize, "https://www.consul.io/docs/agent/config/config-files#kv_max_value_size"), } } diff --git a/agent/txn_endpoint.go b/agent/txn_endpoint.go index 54338c86b..c75d30bcc 100644 --- a/agent/txn_endpoint.go +++ b/agent/txn_endpoint.go @@ -90,7 +90,7 @@ func (s *HTTPHandlers) convertOps(resp http.ResponseWriter, req *http.Request) ( if req.ContentLength > maxTxnLen { return nil, 0, EntityTooLargeError{ Reason: fmt.Sprintf("Request body(%d bytes) too large, max size: %d bytes. See %s.", - req.ContentLength, maxTxnLen, "https://www.consul.io/docs/agent/options.html#txn_max_req_len"), + req.ContentLength, maxTxnLen, "https://www.consul.io/docs/agent/config/config-files#txn_max_req_len"), } } @@ -102,7 +102,7 @@ func (s *HTTPHandlers) convertOps(resp http.ResponseWriter, req *http.Request) ( // if the Content-Length header was not set by the client. return nil, 0, EntityTooLargeError{ Reason: fmt.Sprintf("Request body too large, max size: %d bytes. See %s.", - maxTxnLen, "https://www.consul.io/docs/agent/options.html#txn_max_req_len"), + maxTxnLen, "https://www.consul.io/docs/agent/config/config-files#txn_max_req_len"), } } else { // Note the body is in API format, and not the RPC format. If we can't From 3175bf6b1bcb3db245f0ca91fd3be433e313f219 Mon Sep 17 00:00:00 2001 From: Blake Covarrubias Date: Tue, 15 Mar 2022 18:10:49 -0700 Subject: [PATCH 127/785] Remove .html extensions from docs URLs --- CHANGELOG.md | 46 ++++++++++++++++++++--------------------- agent/config/runtime.go | 6 +++--- agent/consul/server.go | 2 +- 3 files changed, 27 insertions(+), 27 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c9e452af0..b4188590d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1241,7 +1241,7 @@ BUG FIXES: * server: When wan federating via mesh gateways only do heuristic primary DC bypass on the leader. [[GH-9366](https://github.com/hashicorp/consul/issues/9366)] * xds: deduplicate mesh gateway listeners by address in a stable way to prevent some LDS churn [[GH-9650](https://github.com/hashicorp/consul/issues/9650)] * xds: prevent LDS flaps in mesh gateways due to unstable datacenter lists; also prevent some flaps in terminating gateways as well [[GH-9651](https://github.com/hashicorp/consul/issues/9651)] -* +* ## 1.8.8 (January 22, 2021) BUG FIXES: @@ -2559,7 +2559,7 @@ IMPROVEMENTS: * agent: (Consul Enterprise) Added [AWS KMS support](http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html) for S3 snapshots using the snapshot agent. * agent: Watches in the Consul agent can now be configured to invoke an HTTP endpoint instead of an executable. [[GH-3305](https://github.com/hashicorp/consul/issues/3305)] -* agent: Added a new [`-config-format`](https://www.consul.io/docs/agent/config/cli-flags.html#_config_format) command line option which can be set to `hcl` or `json` to specify the format of configuration files. This is useful for cases where the file name cannot be controlled in order to provide the required extension. [[GH-3620](https://github.com/hashicorp/consul/issues/3620)] +* agent: Added a new [`-config-format`](https://www.consul.io/docs/agent/config/cli-flags#_config_format) command line option which can be set to `hcl` or `json` to specify the format of configuration files. This is useful for cases where the file name cannot be controlled in order to provide the required extension. [[GH-3620](https://github.com/hashicorp/consul/issues/3620)] * agent: DNS recursors can now be specified as [go-sockaddr](https://godoc.org/github.com/hashicorp/go-sockaddr/template) templates. [[GH-2932](https://github.com/hashicorp/consul/issues/2932)] * agent: Serf snapshots no longer save network coordinate information. This enables recovery from errors upon agent restart. [[GH-489](https://github.com/hashicorp/serf/issues/489)] * agent: Added defensive code to prevent out of range ping times from infecting network coordinates. Updates to the coordinate system with negative round trip times or round trip times higher than 10 seconds will log an error but will be ignored. @@ -2590,8 +2590,8 @@ SECURITY: BREAKING CHANGES: -* **Raft Protocol Now Defaults to 3:** The [`-raft-protocol`](https://www.consul.io/docs/agent/config/cli-flags.html#_raft_protocol) default has been changed from 2 to 3, enabling all [Autopilot](https://www.consul.io/docs/guides/autopilot.html) features by default. Version 3 requires Consul running 0.8.0 or newer on all servers in order to work, so if you are upgrading with older servers in a cluster then you will need to set this back to 2 in order to upgrade. See [Raft Protocol Version Compatibility](https://www.consul.io/docs/upgrade-specific.html#raft-protocol-version-compatibility) for more details. Also the format of `peers.json` used for outage recovery is different when running with the lastest Raft protocol. See [Manual Recovery Using peers.json](https://www.consul.io/docs/guides/outage.html#manual-recovery-using-peers-json) for a description of the required format. [[GH-3477](https://github.com/hashicorp/consul/issues/3477)] -* **Config Files Require an Extension:** As part of supporting the [HCL](https://github.com/hashicorp/hcl#syntax) format for Consul's config files, an `.hcl` or `.json` extension is required for all config files loaded by Consul, even when using the [`-config-file`](https://www.consul.io/docs/agent/config/cli-flags.html#_config_file) argument to specify a file directly. [[GH-3480](https://github.com/hashicorp/consul/issues/3480)] +* **Raft Protocol Now Defaults to 3:** The [`-raft-protocol`](https://www.consul.io/docs/agent/config/cli-flags#_raft_protocol) default has been changed from 2 to 3, enabling all [Autopilot](https://www.consul.io/docs/guides/autopilot.html) features by default. Version 3 requires Consul running 0.8.0 or newer on all servers in order to work, so if you are upgrading with older servers in a cluster then you will need to set this back to 2 in order to upgrade. See [Raft Protocol Version Compatibility](https://www.consul.io/docs/upgrade-specific.html#raft-protocol-version-compatibility) for more details. Also the format of `peers.json` used for outage recovery is different when running with the lastest Raft protocol. See [Manual Recovery Using peers.json](https://www.consul.io/docs/guides/outage.html#manual-recovery-using-peers-json) for a description of the required format. [[GH-3477](https://github.com/hashicorp/consul/issues/3477)] +* **Config Files Require an Extension:** As part of supporting the [HCL](https://github.com/hashicorp/hcl#syntax) format for Consul's config files, an `.hcl` or `.json` extension is required for all config files loaded by Consul, even when using the [`-config-file`](https://www.consul.io/docs/agent/config/cli-flags#_config_file) argument to specify a file directly. [[GH-3480](https://github.com/hashicorp/consul/issues/3480)] * **Deprecated Options Have Been Removed:** All of Consul's previously deprecated command line flags and config options have been removed, so these will need to be mapped to their equivalents before upgrading. [[GH-3480](https://github.com/hashicorp/consul/issues/3480)]
    Detailed List of Removed Options and their Equivalents @@ -2602,16 +2602,16 @@ BREAKING CHANGES: | `-atlas-token`| None, Atlas is no longer supported. | | `-atlas-join` | None, Atlas is no longer supported. | | `-atlas-endpoint` | None, Atlas is no longer supported. | - | `-dc` | [`-datacenter`](https://www.consul.io/docs/agent/config/cli-flags.html#_datacenter) | - | `-retry-join-azure-tag-name` | [`-retry-join`](https://www.consul.io/docs/agent/config/cli-flags.html#_retry_join) | - | `-retry-join-azure-tag-value` | [`-retry-join`](https://www.consul.io/docs/agent/config/cli-flags.html#_retry_join) | - | `-retry-join-ec2-region` | [`-retry-join`](https://www.consul.io/docs/agent/config/cli-flags.html#_retry_join) | - | `-retry-join-ec2-tag-key` | [`-retry-join`](https://www.consul.io/docs/agent/config/cli-flags.html#_retry_join) | - | `-retry-join-ec2-tag-value` | [`-retry-join`](https://www.consul.io/docs/agent/config/cli-flags.html#_retry_join) | - | `-retry-join-gce-credentials-file` | [`-retry-join`](https://www.consul.io/docs/agent/config/cli-flags.html#_retry_join) | - | `-retry-join-gce-project-name` | [`-retry-join`](https://www.consul.io/docs/agent/config/cli-flags.html#_retry_join) | - | `-retry-join-gce-tag-name` | [`-retry-join`](https://www.consul.io/docs/agent/config/cli-flags.html#_retry_join) | - | `-retry-join-gce-zone-pattern` | [`-retry-join`](https://www.consul.io/docs/agent/config/cli-flags.html#_retry_join) | + | `-dc` | [`-datacenter`](https://www.consul.io/docs/agent/config/cli-flags#_datacenter) | + | `-retry-join-azure-tag-name` | [`-retry-join`](https://www.consul.io/docs/agent/config/cli-flags#_retry_join) | + | `-retry-join-azure-tag-value` | [`-retry-join`](https://www.consul.io/docs/agent/config/cli-flags#_retry_join) | + | `-retry-join-ec2-region` | [`-retry-join`](https://www.consul.io/docs/agent/config/cli-flags#_retry_join) | + | `-retry-join-ec2-tag-key` | [`-retry-join`](https://www.consul.io/docs/agent/config/cli-flags#_retry_join) | + | `-retry-join-ec2-tag-value` | [`-retry-join`](https://www.consul.io/docs/agent/config/cli-flags#_retry_join) | + | `-retry-join-gce-credentials-file` | [`-retry-join`](https://www.consul.io/docs/agent/config/cli-flags#_retry_join) | + | `-retry-join-gce-project-name` | [`-retry-join`](https://www.consul.io/docs/agent/config/cli-flags#_retry_join) | + | `-retry-join-gce-tag-name` | [`-retry-join`](https://www.consul.io/docs/agent/config/cli-flags#_retry_join) | + | `-retry-join-gce-zone-pattern` | [`-retry-join`](https://www.consul.io/docs/agent/config/cli-flags#_retry_join) | | `addresses.rpc` | None, the RPC server for CLI commands is no longer supported. | | `advertise_addrs` | [`ports`](https://www.consul.io/docs/agent/config/config-files.html#ports) with [`advertise_addr`](https://www.consul/io/docs/agent/config/config-files.html#advertise_addr) and/or [`advertise_addr_wan`](https://www.consul.io/docs/agent/config/config-files.html#advertise_addr_wan) | | `atlas_infrastructure` | None, Atlas is no longer supported. | @@ -2624,9 +2624,9 @@ BREAKING CHANGES: | `http_api_response_headers` | [`http_config.response_headers`](https://www.consul.io/docs/agent/config/config-files.html#response_headers) | | `ports.rpc` | None, the RPC server for CLI commands is no longer supported. | | `recursor` | [`recursors`](https://github.com/hashicorp/consul/blob/main/website/source/docs/agent/config/config-files.html.md#recursors) | - | `retry_join_azure` | [`-retry-join`](https://www.consul.io/docs/agent/config/cli-flags.html#_retry_join) | - | `retry_join_ec2` | [`-retry-join`](https://www.consul.io/docs/agent/config/cli-flags.html#_retry_join) | - | `retry_join_gce` | [`-retry-join`](https://www.consul.io/docs/agent/config/cli-flags.html#_retry_join) | + | `retry_join_azure` | [`-retry-join`](https://www.consul.io/docs/agent/config/cli-flags#_retry_join) | + | `retry_join_ec2` | [`-retry-join`](https://www.consul.io/docs/agent/config/cli-flags#_retry_join) | + | `retry_join_gce` | [`-retry-join`](https://www.consul.io/docs/agent/config/cli-flags#_retry_join) | | `statsd_addr` | [`telemetry.statsd_address`](https://github.com/hashicorp/consul/blob/main/website/source/docs/agent/config/config-files.html.md#telemetry-statsd_address) | | `statsite_addr` | [`telemetry.statsite_address`](https://github.com/hashicorp/consul/blob/main/website/source/docs/agent/config/config-files.html.md#telemetry-statsite_address) | | `statsite_prefix` | [`telemetry.metrics_prefix`](https://www.consul.io/docs/agent/config/config-files.html#telemetry-metrics_prefix) | @@ -2640,7 +2640,7 @@ BREAKING CHANGES: * **`statsite_prefix` Renamed to `metrics_prefix`:** Since the `statsite_prefix` configuration option applied to all telemetry providers, `statsite_prefix` was renamed to [`metrics_prefix`](https://www.consul.io/docs/agent/config/config-files.html#telemetry-metrics_prefix). Configuration files will need to be updated when upgrading to this version of Consul. [[GH-3498](https://github.com/hashicorp/consul/issues/3498)] * **`advertise_addrs` Removed:** This configuration option was removed since it was redundant with `advertise_addr` and `advertise_addr_wan` in combination with `ports` and also wrongly stated that you could configure both host and port. [[GH-3516](https://github.com/hashicorp/consul/issues/3516)] -* **Escaping Behavior Changed for go-discover Configs:** The format for [`-retry-join`](https://www.consul.io/docs/agent/config/cli-flags.html#_retry_join) and [`-retry-join-wan`](https://www.consul.io/docs/agent/config/cli-flags.html#_retry_join_wan) values that use [go-discover](https://github.com/hashicorp/go-discover) Cloud auto joining has changed. Values in `key=val` sequences must no longer be URL encoded and can be provided as literals as long as they do not contain spaces, backslashes `\` or double quotes `"`. If values contain these characters then use double quotes as in `"some key"="some value"`. Special characters within a double quoted string can be escaped with a backslash `\`. [[GH-3417](https://github.com/hashicorp/consul/issues/3417)] +* **Escaping Behavior Changed for go-discover Configs:** The format for [`-retry-join`](https://www.consul.io/docs/agent/config/cli-flags#_retry_join) and [`-retry-join-wan`](https://www.consul.io/docs/agent/config/cli-flags#_retry_join_wan) values that use [go-discover](https://github.com/hashicorp/go-discover) Cloud auto joining has changed. Values in `key=val` sequences must no longer be URL encoded and can be provided as literals as long as they do not contain spaces, backslashes `\` or double quotes `"`. If values contain these characters then use double quotes as in `"some key"="some value"`. Special characters within a double quoted string can be escaped with a backslash `\`. [[GH-3417](https://github.com/hashicorp/consul/issues/3417)] * **HTTP Verbs are Enforced in Many HTTP APIs:** Many endpoints in the HTTP API that previously took any HTTP verb now check for specific HTTP verbs and enforce them. This may break clients relying on the old behavior. [[GH-3405](https://github.com/hashicorp/consul/issues/3405)]
    Detailed List of Updated Endpoints and Required HTTP Verbs @@ -2721,7 +2721,7 @@ BREAKING CHANGES: FEATURES: * **Support for HCL Config Files:** Consul now supports HashiCorp's [HCL](https://github.com/hashicorp/hcl#syntax) format for config files. This is easier to work with than JSON and supports comments. As part of this change, all config files will need to have either an `.hcl` or `.json` extension in order to specify their format. [[GH-3480](https://github.com/hashicorp/consul/issues/3480)] -* **Support for Binding to Multiple Addresses:** Consul now supports binding to multiple addresses for its HTTP, HTTPS, and DNS services. You can provide a space-separated list of addresses to [`-client`](https://www.consul.io/docs/agent/config/cli-flags.html#_client) and [`addresses`](https://www.consul.io/docs/agent/config/config-files.html#addresses) configurations, or specify a [go-sockaddr](https://godoc.org/github.com/hashicorp/go-sockaddr/template) template that resolves to multiple addresses. [[GH-3480](https://github.com/hashicorp/consul/issues/3480)] +* **Support for Binding to Multiple Addresses:** Consul now supports binding to multiple addresses for its HTTP, HTTPS, and DNS services. You can provide a space-separated list of addresses to [`-client`](https://www.consul.io/docs/agent/config/cli-flags#_client) and [`addresses`](https://www.consul.io/docs/agent/config/config-files.html#addresses) configurations, or specify a [go-sockaddr](https://godoc.org/github.com/hashicorp/go-sockaddr/template) template that resolves to multiple addresses. [[GH-3480](https://github.com/hashicorp/consul/issues/3480)] * **Support for RFC1464 DNS TXT records:** Consul DNS responses now contain the node meta data encoded according to RFC1464 as TXT records. [[GH-3343](https://github.com/hashicorp/consul/issues/3343)] * **Support for Running Subproccesses Directly Without a Shell:** Consul agent checks and watches now support an `args` configuration which is a list of arguments to run for the subprocess, which runs the subprocess directly without a shell. The old `script` and `handler` configurations are now deprecated (specify a shell explicitly if you require one). A `-shell=false` option is also available on `consul lock`, `consul watch`, and `consul exec` to run the subprocesses associated with those without a shell. [[GH-3509](https://github.com/hashicorp/consul/issues/3509)] * **Sentinel Integration:** (Consul Enterprise) Consul's ACL system integrates with [Sentinel](https://www.consul.io/docs/guides/sentinel.html) to enable code policies that apply to KV writes. @@ -2796,7 +2796,7 @@ FEATURES: IMPROVEMENTS: -* agent: Retry Join for Amazon AWS, Microsoft Azure, Google Cloud, and (new) SoftLayer is now handled through the https://github.com/hashicorp/go-discover library. With this all `-retry-join-{ec2,azure,gce}-*` parameters have been deprecated in favor of a unified configuration. See [`-retry-join`](https://www.consul.io/docs/agent/config/cli-flags.html#_retry_join) for details. [GH-3282,GH-3351] +* agent: Retry Join for Amazon AWS, Microsoft Azure, Google Cloud, and (new) SoftLayer is now handled through the https://github.com/hashicorp/go-discover library. With this all `-retry-join-{ec2,azure,gce}-*` parameters have been deprecated in favor of a unified configuration. See [`-retry-join`](https://www.consul.io/docs/agent/config/cli-flags#_retry_join) for details. [GH-3282,GH-3351] * agent: Reports a more detailed error message if the LAN or WAN Serf instance fails to bind to an address. [[GH-3312](https://github.com/hashicorp/consul/issues/3312)] * agent: Added NS records and corrected SOA records to allow Consul's DNS interface to work properly with zone delegation. [[GH-1301](https://github.com/hashicorp/consul/issues/1301)] * agent: Added support for sending metrics with labels/tags to supported backends. [[GH-3369](https://github.com/hashicorp/consul/issues/3369)] @@ -2820,7 +2820,7 @@ BUG FIXES: BREAKING CHANGES: -* agent: Added a new [`enable_script_checks`](https://www.consul.io/docs/agent/config/cli-flags.html#_enable_script_checks) configuration option that defaults to `false`, meaning that in order to allow an agent to run health checks that execute scripts, this will need to be configured and set to `true`. This provides a safer out-of-the-box configuration for Consul where operators must opt-in to allow script-based health checks. [[GH-3087](https://github.com/hashicorp/consul/issues/3087)] +* agent: Added a new [`enable_script_checks`](https://www.consul.io/docs/agent/config/cli-flags#_enable_script_checks) configuration option that defaults to `false`, meaning that in order to allow an agent to run health checks that execute scripts, this will need to be configured and set to `true`. This provides a safer out-of-the-box configuration for Consul where operators must opt-in to allow script-based health checks. [[GH-3087](https://github.com/hashicorp/consul/issues/3087)] * api: Reworked `context` support in the API client to more closely match the Go standard library, and added context support to write requests in addition to read requests. [GH-3273, GH-2992] * ui: Since the UI is now bundled with the application we no longer provide a separate UI package for downloading. [[GH-3292](https://github.com/hashicorp/consul/issues/3292)] @@ -2854,7 +2854,7 @@ BUG FIXES: * agent: Fixed an issue in the Docker client where Docker checks would get EOF errors trying to connect to a volume-mounted Docker socket. [[GH-3254](https://github.com/hashicorp/consul/issues/3254)] * agent: Fixed a crash when using Azure auto discovery. [[GH-3193](https://github.com/hashicorp/consul/issues/3193)] * agent: Added `node` read privileges to the `acl_agent_master_token` by default so it can see all nodes, which enables it to be used with operations like `consul members`. [[GH-3113](https://github.com/hashicorp/consul/issues/3113)] -* agent: Fixed an issue where enabling [`-disable-keyring-file`](https://www.consul.io/docs/agent/config/cli-flags.html#_disable_keyring_file) would cause gossip encryption to be disabled. [[GH-3243](https://github.com/hashicorp/consul/issues/3243)] +* agent: Fixed an issue where enabling [`-disable-keyring-file`](https://www.consul.io/docs/agent/config/cli-flags#_disable_keyring_file) would cause gossip encryption to be disabled. [[GH-3243](https://github.com/hashicorp/consul/issues/3243)] * agent: Fixed a race condition where checks that are not associated with any existing services were allowed to persist. [[GH-3297](https://github.com/hashicorp/consul/issues/3297)] * agent: Stop docker checks on service deregistration and on shutdown. [GH-3265, GH-3295] * server: Updated the Raft library to pull in a fix where servers that are very far behind in replication can get stuck in a loop trying to install snapshots. [[GH-3201](https://github.com/hashicorp/consul/issues/3201)] @@ -2871,7 +2871,7 @@ BUG FIXES: BREAKING CHANGES: * agent: Parse values given to `?passing` for health endpoints. Previously Consul only checked for the existence of the querystring, not the value. That means using `?passing=false` would actually still include passing values. Consul now parses the value given to passing as a boolean. If no value is provided, the old behavior remains. This may be a breaking change for some users, but the old experience was incorrect and caused enough confusion to warrant changing it. [GH-2212, GH-3136] -* agent: The default value of [`-disable-host-node-id`](https://www.consul.io/docs/agent/config/cli-flags.html#_disable_host_node_id) has been changed from false to true. This means you need to opt-in to host-based node IDs and by default Consul will generate a random node ID. A high number of users struggled to deploy newer versions of Consul with host-based IDs because of various edge cases of how the host IDs work in Docker, on specially-provisioned machines, etc. so changing this from opt-out to opt-in will ease operations for many Consul users. [[GH-3171](https://github.com/hashicorp/consul/issues/3171)] +* agent: The default value of [`-disable-host-node-id`](https://www.consul.io/docs/agent/config/cli-flags#_disable_host_node_id) has been changed from false to true. This means you need to opt-in to host-based node IDs and by default Consul will generate a random node ID. A high number of users struggled to deploy newer versions of Consul with host-based IDs because of various edge cases of how the host IDs work in Docker, on specially-provisioned machines, etc. so changing this from opt-out to opt-in will ease operations for many Consul users. [[GH-3171](https://github.com/hashicorp/consul/issues/3171)] IMPROVEMENTS: diff --git a/agent/config/runtime.go b/agent/config/runtime.go index 548bfe78f..a71dbc387 100644 --- a/agent/config/runtime.go +++ b/agent/config/runtime.go @@ -822,7 +822,7 @@ type RuntimeConfig struct { // PrimaryGateways is a list of addresses and/or go-discover expressions to // discovery the mesh gateways in the primary datacenter. See - // https://www.consul.io/docs/agent/config/cli-flags.html#cloud-auto-joining for + // https://www.consul.io/docs/agent/config/cli-flags#cloud-auto-joining for // details. // // hcl: primary_gateways = []string @@ -978,7 +978,7 @@ type RuntimeConfig struct { // RetryJoinLAN is a list of addresses and/or go-discover expressions to // join with retry enabled. See - // https://www.consul.io/docs/agent/config/cli-flags.html#cloud-auto-joining for + // https://www.consul.io/docs/agent/config/cli-flags#cloud-auto-joining for // details. // // hcl: retry_join = []string @@ -1003,7 +1003,7 @@ type RuntimeConfig struct { // RetryJoinWAN is a list of addresses and/or go-discover expressions to // join -wan with retry enabled. See - // https://www.consul.io/docs/agent/config/cli-flags.html#cloud-auto-joining for + // https://www.consul.io/docs/agent/config/cli-flags#cloud-auto-joining for // details. // // hcl: retry_join_wan = []string diff --git a/agent/consul/server.go b/agent/consul/server.go index fb9255f54..545fe5e1d 100644 --- a/agent/consul/server.go +++ b/agent/consul/server.go @@ -1591,7 +1591,7 @@ const peersInfoContent = ` As of Consul 0.7.0, the peers.json file is only used for recovery after an outage. The format of this file depends on what the server has configured for its Raft protocol version. Please see the agent configuration -page at https://www.consul.io/docs/agent/config/cli-flags.html#_raft_protocol for more +page at https://www.consul.io/docs/agent/config/cli-flags#_raft_protocol for more details about this parameter. For Raft protocol version 2 and earlier, this should be formatted as a JSON From 19cb9779e22f6af535a5026c9228018527b25a7a Mon Sep 17 00:00:00 2001 From: John Cowen Date: Tue, 12 Apr 2022 09:56:54 +0100 Subject: [PATCH 128/785] ui: Adds licensing overview tab (#12706) * Add some utilities/helpers to temporal for formatting etc * Enable the licensing tab * Add licensing page * Add CSS for licensing page * Fixup typo * Remove box shadow from panel --- .../consul-ui/app/helpers/temporal-format.js | 9 ++ .../consul-ui/app/helpers/temporal-within.js | 9 ++ .../consul-ui/app/services/temporal.js | 32 +++- .../app/styles/base/icons/icons/index.scss | 2 +- ui/packages/consul-ui/app/styles/routes.scss | 1 + .../styles/routes/dc/overview/license.scss | 62 +++++++ .../consul-ui/app/templates/dc/show.hbs | 24 ++- .../app/templates/dc/show/license.hbs | 153 ++++++++++++++++++ .../consul-ui/mock-api/v1/operator/license | 4 +- .../consul-ui/translations/routes/en-us.yaml | 34 ++++ 10 files changed, 321 insertions(+), 9 deletions(-) create mode 100644 ui/packages/consul-ui/app/helpers/temporal-format.js create mode 100644 ui/packages/consul-ui/app/helpers/temporal-within.js create mode 100644 ui/packages/consul-ui/app/styles/routes/dc/overview/license.scss create mode 100644 ui/packages/consul-ui/app/templates/dc/show/license.hbs diff --git a/ui/packages/consul-ui/app/helpers/temporal-format.js b/ui/packages/consul-ui/app/helpers/temporal-format.js new file mode 100644 index 000000000..17e7dd2f9 --- /dev/null +++ b/ui/packages/consul-ui/app/helpers/temporal-format.js @@ -0,0 +1,9 @@ +import Helper from '@ember/component/helper'; +import { inject as service } from '@ember/service'; + +export default class TemporalFormatHelper extends Helper { + @service('temporal') temporal; + compute([value], hash) { + return this.temporal.format(value, hash); + } +} diff --git a/ui/packages/consul-ui/app/helpers/temporal-within.js b/ui/packages/consul-ui/app/helpers/temporal-within.js new file mode 100644 index 000000000..a1f328ca8 --- /dev/null +++ b/ui/packages/consul-ui/app/helpers/temporal-within.js @@ -0,0 +1,9 @@ +import Helper from '@ember/component/helper'; +import { inject as service } from '@ember/service'; + +export default class TemporalWithinHelper extends Helper { + @service('temporal') temporal; + compute(params, hash) { + return this.temporal.within(params, hash); + } +} diff --git a/ui/packages/consul-ui/app/services/temporal.js b/ui/packages/consul-ui/app/services/temporal.js index a5b9884ad..82778ddaf 100644 --- a/ui/packages/consul-ui/app/services/temporal.js +++ b/ui/packages/consul-ui/app/services/temporal.js @@ -1,9 +1,31 @@ import format from 'pretty-ms'; +import parse from 'parse-duration'; import { assert } from '@ember/debug'; - +import dayjs from 'dayjs'; +import relativeTime from 'dayjs/plugin/relativeTime'; import Service from '@ember/service'; +dayjs.extend(relativeTime); + export default class TemporalService extends Service { + + format(value, options) { + const djs = dayjs(value); + if(dayjs().isBefore(djs)) { + return dayjs().to(djs, true); + } else { + return dayjs().from(djs, true); + } + } + + within([value, d], options) { + return dayjs(value).isBefore(dayjs().add(d, 'ms')); + } + + parse(value, options) { + return parse(value); + } + durationFrom(value, options = {}) { switch (true) { case typeof value === 'number': @@ -14,8 +36,12 @@ export default class TemporalService extends Service { return format(value / 1000000, { formatSubMilliseconds: true }) .split(' ') .join(''); + case typeof value === 'string': + return value; + default: + assert(`${value} is not a valid type`, false); + return value; + } - assert(`${value} is not a valid type`, false); - return value; } } diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/index.scss index 8eb65d292..064b8a4df 100644 --- a/ui/packages/consul-ui/app/styles/base/icons/icons/index.scss +++ b/ui/packages/consul-ui/app/styles/base/icons/icons/index.scss @@ -304,7 +304,7 @@ // @import './docker-color/index.scss'; // @import './docs/index.scss'; // @import './docs-download/index.scss'; -// @import './docs-link/index.scss'; +@import './docs-link/index.scss'; // @import './dollar-sign/index.scss'; // @import './dot/index.scss'; // @import './dot-half/index.scss'; diff --git a/ui/packages/consul-ui/app/styles/routes.scss b/ui/packages/consul-ui/app/styles/routes.scss index 238790812..624ff4570 100644 --- a/ui/packages/consul-ui/app/styles/routes.scss +++ b/ui/packages/consul-ui/app/styles/routes.scss @@ -4,3 +4,4 @@ @import 'routes/dc/acls/index'; @import 'routes/dc/intentions/index'; @import 'routes/dc/overview/serverstatus'; +@import 'routes/dc/overview/license'; diff --git a/ui/packages/consul-ui/app/styles/routes/dc/overview/license.scss b/ui/packages/consul-ui/app/styles/routes/dc/overview/license.scss new file mode 100644 index 000000000..b07132aa7 --- /dev/null +++ b/ui/packages/consul-ui/app/styles/routes/dc/overview/license.scss @@ -0,0 +1,62 @@ +section[data-route='dc.show.license'] { + @extend %license-route; +} +%license-route .validity { + @extend %license-validity; +} +%license-route aside { + @extend %license-route-learn-more; +} + +%license-route h2 { + @extend %h200; +} + +%license-validity dl { + @extend %horizontal-kv-list; + font-size: var(--typo-size-400); +} +%license-validity dl .expired + dd { + @extend %visually-hidden; +} +%license-validity dl dt::before { + content: ''; + margin-right: 0.250rem; /* 4px */ +} +%license-validity dl .expired::before { + --icon-name: icon-x-circle; + --icon-color: rgb(var(--red-500)); +} +%license-validity dl .warning::before { + --icon-name: icon-alert-circle; + --icon-color: rgb(var(--orange-500)); +} +%license-validity dl .valid:not(.warning)::before { + --icon-name: icon-check-circle; + --icon-color: rgb(var(--green-500)); +} + + +%license-route-learn-more { + @extend %panel; + box-shadow: var(--decor-elevation-000); + padding: var(--padding-y) var(--padding-x); + width: 40%; + min-width: 413px; + margin-top: 1rem; /* 16px */ +} +%license-route-learn-more header > :first-child { + @extend %h300; +} +%license-route-learn-more header { + margin-bottom: 1rem; /* 16px */ +} +%license-route-learn-more li { + margin-bottom: 0.250rem; /* 4px */ +} +%license-route-learn-more a::before { + --icon-name: icon-docs-link; + content: ''; + margin-right: 0.375rem; /* 6px */ +} + diff --git a/ui/packages/consul-ui/app/templates/dc/show.hbs b/ui/packages/consul-ui/app/templates/dc/show.hbs index 6089703a7..1391997da 100644 --- a/ui/packages/consul-ui/app/templates/dc/show.hbs +++ b/ui/packages/consul-ui/app/templates/dc/show.hbs @@ -10,23 +10,38 @@ as |route|> -{{#if false}} + +{{#let + (from-entries (array + (array 'serverstatus' true) + (array 'cataloghealth' false) + (array 'license' (can 'read license')) + )) +as |tabs|}} + + {{#let (without false + (values tabs) + ) as |tabsEnabled|}} + +{{#if (gt tabsEnabled.length 1)}} '') }}/> {{/if}} + + {{/let}} +{{/let}} + + +{{#let + loader.data +as |item|}} + + + + + + {{#if (eq loader.error.status "404")}} + + + Warning! + + +

    + This service has been deregistered and no longer exists in the catalog. +

    +     +     + {{else if (eq loader.error.status "403")}} + + + Error! + + +

    + You no longer have access to this service +

    +     +     + {{else}} + + + Warning! + + +

    + An error was returned whilst loading this data, refresh to try again. +

    +     +     + {{/if}} +     + + +
    +
    +
    +

    + {{compute (fn route.t 'expiry.header')}} +

    +
    + +

    + {{compute (fn route.t 'expiry.${type}.body' + (hash + type=(if item.Valid 'valid' 'expired') + date=(format-time item.License.expiration_time + year='numeric' + month='long' + day='numeric' + ) + time=(format-time item.License.expiration_time + hour12=true + hour='numeric' + hourCycle='h12' + minute='numeric' + second='numeric' + timeZoneName='short' + ) + htmlSafe=true + ) + )}} +

    + +
    +
    + {{compute (fn route.t 'expiry.${type}.header' + (hash + type=(if item.Valid 'valid' 'expired') + ) + )}} +
    +
    + {{temporal-format item.License.expiration_time}} +
    +
    + + + +
    +
    +     +{{/let}} +     + + diff --git a/ui/packages/consul-ui/mock-api/v1/operator/license b/ui/packages/consul-ui/mock-api/v1/operator/license index 08d485fd2..ece7927f1 100644 --- a/ui/packages/consul-ui/mock-api/v1/operator/license +++ b/ui/packages/consul-ui/mock-api/v1/operator/license @@ -1,12 +1,12 @@ { - "Valid": ${fake.random.boolean()}, + "Valid": true, "License": { "license_id": "${fake.random.uuid()}", "customer_id": "${fake.random.uuid()}", "installation_id": "*", "issue_time": "2021-01-13T15:25:19.052900132Z", "start_time": "2021-01-13T00:00:00Z", - "expiration_time": "${env('CONSUL_LICENSE_EXPIRATION', '2022-01-13T23:59:59.999Z')}", + "expiration_time": "${env('CONSUL_LICENSE_EXPIRATION', '2022-05-02T23:59:59.999Z')}", "termination_time": "${env('CONSUL_LICENSE_TERMINATION', '2022-01-13T23:59:59.999Z')}", "product": "consul", "flags": { diff --git a/ui/packages/consul-ui/translations/routes/en-us.yaml b/ui/packages/consul-ui/translations/routes/en-us.yaml index e1b7d3559..735a33f96 100644 --- a/ui/packages/consul-ui/translations/routes/en-us.yaml +++ b/ui/packages/consul-ui/translations/routes/en-us.yaml @@ -16,6 +16,40 @@ dc: title: Health license: title: License + expiry: + header: Expiry + expired: + header: Expired + body: | +

    + Your license expired on {date} at {time}. +

    + valid: + header: '' + body: | +

    + Your license expires on {date} at {time}. +

    + documentation: + title: Learn More + body: | +     nodes: index: From 2a4ca71d3fd6da8c8779d46db91b416d82690831 Mon Sep 17 00:00:00 2001 From: Matt Keeler Date: Tue, 12 Apr 2022 09:47:42 -0400 Subject: [PATCH 129/785] Move to using a shared EventPublisher (#12673) Previously we had 1 EventPublisher per state.Store. When a state store was closed/abandoned such as during a consul snapshot restore, this had the behavior of force closing subscriptions for that topic and evicting event snapshots from the cache. The intention of this commit is to keep all that behavior. To that end, the shared EventPublisher now supports the ability to refresh a topic. That will perform the force close + eviction. The FSM upon abandoning the previous state.Store will call RefreshTopic for all the topics with events generated by the state.Store. --- agent/consul/fsm/fsm.go | 52 ++++++++++ agent/consul/server.go | 38 ++++---- agent/consul/state/catalog_events.go | 96 +++++++++---------- agent/consul/state/catalog_events_test.go | 22 ++--- agent/consul/state/connect_ca_events.go | 32 +++---- agent/consul/state/connect_ca_events_test.go | 5 +- agent/consul/state/memdb.go | 15 +-- agent/consul/state/state_store.go | 34 ++----- agent/consul/state/store_integration_test.go | 52 +++++----- agent/consul/stream/event_publisher.go | 64 ++++++++++++- agent/consul/stream/event_publisher_test.go | 68 +++++++------ agent/consul/stream/noop.go | 4 + agent/consul/subscribe_backend.go | 2 +- .../services/subscribe/subscribe_test.go | 57 ++++++----- .../grpc/public/services/connectca/server.go | 8 +- .../public/services/connectca/server_test.go | 55 ++++++++++- .../public/services/connectca/watch_roots.go | 2 +- .../services/connectca/watch_roots_test.go | 58 +++++------ agent/submatview/store_integration_test.go | 6 +- 19 files changed, 413 insertions(+), 257 deletions(-) diff --git a/agent/consul/fsm/fsm.go b/agent/consul/fsm/fsm.go index 9dcc5f64f..a9de91935 100644 --- a/agent/consul/fsm/fsm.go +++ b/agent/consul/fsm/fsm.go @@ -12,6 +12,7 @@ import ( "github.com/hashicorp/raft" "github.com/hashicorp/consul/agent/consul/state" + "github.com/hashicorp/consul/agent/consul/stream" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/logging" ) @@ -56,6 +57,8 @@ type FSM struct { // Raft side, so doesn't need to lock this. stateLock sync.RWMutex state *state.Store + + publisher *stream.EventPublisher } // New is used to construct a new FSM with a blank state. @@ -77,6 +80,8 @@ type Deps struct { // NewStateStore will be called once when the FSM is created and again any // time Restore() is called. NewStateStore func() *state.Store + + Publisher *stream.EventPublisher } // NewFromDeps creates a new FSM from its dependencies. @@ -101,6 +106,10 @@ func NewFromDeps(deps Deps) *FSM { } fsm.chunker = raftchunking.NewChunkingFSM(fsm, nil) + + // register the streaming snapshot handlers if an event publisher was provided. + fsm.registerStreamSnapshotHandlers() + return fsm } @@ -204,12 +213,28 @@ func (c *FSM) Restore(old io.ReadCloser) error { c.stateLock.Lock() stateOld := c.state c.state = stateNew + + // Tell the EventPublisher to cycle anything watching these topics. Replacement + // of the state store means that indexes could have gone backwards and data changed. + // + // This needs to happen while holding the state lock to ensure its not racey. If we + // did this outside of the locked section closer to where we abandon the old store + // then there would be a possibility for new streams to be opened that would get + // a snapshot from the cache sourced from old data but would be receiving events + // for new data. To prevent that inconsistency we refresh the topics while holding + // the lock which ensures that any subscriptions to topics for FSM generated events + if c.deps.Publisher != nil { + c.deps.Publisher.RefreshTopic(state.EventTopicServiceHealth) + c.deps.Publisher.RefreshTopic(state.EventTopicServiceHealthConnect) + c.deps.Publisher.RefreshTopic(state.EventTopicCARoots) + } c.stateLock.Unlock() // Signal that the old state store has been abandoned. This is required // because we don't operate on it any more, we just throw it away, so // blocking queries won't see any changes and need to be woken up. stateOld.Abandon() + return nil } @@ -244,3 +269,30 @@ func ReadSnapshot(r io.Reader, handler func(header *SnapshotHeader, msg structs. } } } + +func (c *FSM) registerStreamSnapshotHandlers() { + if c.deps.Publisher == nil { + return + } + + err := c.deps.Publisher.RegisterHandler(state.EventTopicServiceHealth, func(req stream.SubscribeRequest, buf stream.SnapshotAppender) (uint64, error) { + return c.State().ServiceHealthSnapshot(req, buf) + }) + if err != nil { + panic(fmt.Errorf("fatal error encountered registering streaming snapshot handlers: %w", err)) + } + + err = c.deps.Publisher.RegisterHandler(state.EventTopicServiceHealthConnect, func(req stream.SubscribeRequest, buf stream.SnapshotAppender) (uint64, error) { + return c.State().ServiceHealthSnapshot(req, buf) + }) + if err != nil { + panic(fmt.Errorf("fatal error encountered registering streaming snapshot handlers: %w", err)) + } + + err = c.deps.Publisher.RegisterHandler(state.EventTopicCARoots, func(req stream.SubscribeRequest, buf stream.SnapshotAppender) (uint64, error) { + return c.State().CARootsSnapshot(req, buf) + }) + if err != nil { + panic(fmt.Errorf("fatal error encountered registering streaming snapshot handlers: %w", err)) + } +} diff --git a/agent/consul/server.go b/agent/consul/server.go index a3effba97..401954d85 100644 --- a/agent/consul/server.go +++ b/agent/consul/server.go @@ -39,6 +39,7 @@ import ( "github.com/hashicorp/consul/agent/consul/authmethod/ssoauth" "github.com/hashicorp/consul/agent/consul/fsm" "github.com/hashicorp/consul/agent/consul/state" + "github.com/hashicorp/consul/agent/consul/stream" "github.com/hashicorp/consul/agent/consul/usagemetrics" "github.com/hashicorp/consul/agent/consul/wanfed" agentgrpc "github.com/hashicorp/consul/agent/grpc/private" @@ -343,6 +344,12 @@ type Server struct { // Manager to handle starting/stopping go routines when establishing/revoking raft leadership leaderRoutineManager *routine.Manager + // publisher is the EventPublisher to be shared amongst various server components. Events from + // modifications to the FSM, autopilot and others will flow through here. If in the future we + // need Events generated outside of the Server and all its components, then we could move + // this into the Deps struct and created it much earlier on. + publisher *stream.EventPublisher + // embedded struct to hold all the enterprise specific data EnterpriseServer } @@ -397,6 +404,16 @@ func NewServer(config *Config, flat Deps, publicGRPCServer *grpc.Server) (*Serve insecureRPCServer = rpc.NewServerWithOpts(rpc.WithServerServiceCallInterceptor(flat.GetNetRPCInterceptorFunc(recorder))) } + eventPublisher := stream.NewEventPublisher(10 * time.Second) + + fsmDeps := fsm.Deps{ + Logger: flat.Logger, + NewStateStore: func() *state.Store { + return state.NewStateStoreWithEventPublisher(gc, eventPublisher) + }, + Publisher: eventPublisher, + } + // Create server. s := &Server{ config: config, @@ -422,9 +439,12 @@ func NewServer(config *Config, flat Deps, publicGRPCServer *grpc.Server) (*Serve shutdownCh: shutdownCh, leaderRoutineManager: routine.NewManager(logger.Named(logging.Leader)), aclAuthMethodValidators: authmethod.NewCache(), - fsm: newFSMFromConfig(flat.Logger, gc, config), + fsm: fsm.NewFromDeps(fsmDeps), + publisher: eventPublisher, } + go s.publisher.Run(&lib.StopChannelContext{StopCh: s.shutdownCh}) + if s.config.ConnectMeshGatewayWANFederationEnabled { s.gatewayLocator = NewGatewayLocator( s.logger, @@ -652,6 +672,7 @@ func NewServer(config *Config, flat Deps, publicGRPCServer *grpc.Server) (*Serve // Initialize public gRPC server - register services on public gRPC server. connectca.NewServer(connectca.Config{ + Publisher: s.publisher, GetStore: func() connectca.StateStore { return s.FSM().State() }, Logger: logger.Named("grpc-api.connect-ca"), ACLResolver: plainACLResolver{s.ACLResolver}, @@ -684,21 +705,6 @@ func NewServer(config *Config, flat Deps, publicGRPCServer *grpc.Server) (*Serve return s, nil } -func newFSMFromConfig(logger hclog.Logger, gc *state.TombstoneGC, config *Config) *fsm.FSM { - deps := fsm.Deps{Logger: logger} - if config.RPCConfig.EnableStreaming { - deps.NewStateStore = func() *state.Store { - return state.NewStateStoreWithEventPublisher(gc) - } - return fsm.NewFromDeps(deps) - } - - deps.NewStateStore = func() *state.Store { - return state.NewStateStore(gc) - } - return fsm.NewFromDeps(deps) -} - func newGRPCHandlerFromConfig(deps Deps, config *Config, s *Server) connHandler { register := func(srv *grpc.Server) { if config.RPCConfig.EnableStreaming { diff --git a/agent/consul/state/catalog_events.go b/agent/consul/state/catalog_events.go index 91e1bf361..13c5c4ba0 100644 --- a/agent/consul/state/catalog_events.go +++ b/agent/consul/state/catalog_events.go @@ -78,50 +78,48 @@ func (e EventPayloadCheckServiceNode) Subject() stream.Subject { // serviceHealthSnapshot returns a stream.SnapshotFunc that provides a snapshot // of stream.Events that describe the current state of a service health query. -func serviceHealthSnapshot(db ReadDB, topic stream.Topic) stream.SnapshotFunc { - return func(req stream.SubscribeRequest, buf stream.SnapshotAppender) (index uint64, err error) { - tx := db.ReadTxn() - defer tx.Abort() +func (s *Store) ServiceHealthSnapshot(req stream.SubscribeRequest, buf stream.SnapshotAppender) (index uint64, err error) { + tx := s.db.ReadTxn() + defer tx.Abort() - connect := topic == topicServiceHealthConnect + connect := req.Topic == EventTopicServiceHealthConnect - subject, ok := req.Subject.(EventSubjectService) - if !ok { - return 0, fmt.Errorf("expected SubscribeRequest.Subject to be a: state.EventSubjectService, was a: %T", req.Subject) - } - - idx, nodes, err := checkServiceNodesTxn(tx, nil, subject.Key, connect, &subject.EnterpriseMeta) - if err != nil { - return 0, err - } - - for i := range nodes { - n := nodes[i] - event := stream.Event{ - Index: idx, - Topic: topic, - Payload: EventPayloadCheckServiceNode{ - Op: pbsubscribe.CatalogOp_Register, - Value: &n, - }, - } - - if !connect { - // append each event as a separate item so that they can be serialized - // separately, to prevent the encoding of one massive message. - buf.Append([]stream.Event{event}) - continue - } - - events, err := connectEventsByServiceKind(tx, event) - if err != nil { - return idx, err - } - buf.Append(events) - } - - return idx, err + subject, ok := req.Subject.(EventSubjectService) + if !ok { + return 0, fmt.Errorf("expected SubscribeRequest.Subject to be a: state.EventSubjectService, was a: %T", req.Subject) } + + idx, nodes, err := checkServiceNodesTxn(tx, nil, subject.Key, connect, &subject.EnterpriseMeta) + if err != nil { + return 0, err + } + + for i := range nodes { + n := nodes[i] + event := stream.Event{ + Index: idx, + Topic: req.Topic, + Payload: EventPayloadCheckServiceNode{ + Op: pbsubscribe.CatalogOp_Register, + Value: &n, + }, + } + + if !connect { + // append each event as a separate item so that they can be serialized + // separately, to prevent the encoding of one massive message. + buf.Append([]stream.Event{event}) + continue + } + + events, err := connectEventsByServiceKind(tx, event) + if err != nil { + return idx, err + } + buf.Append(events) + } + + return idx, err } // TODO: this could use NodeServiceQuery @@ -355,7 +353,7 @@ func ServiceHealthEventsFromChanges(tx ReadTxn, changes Changes) ([]stream.Event for _, sn := range nodes { e := newServiceHealthEventDeregister(changes.Index, sn) - e.Topic = topicServiceHealthConnect + e.Topic = EventTopicServiceHealthConnect payload := e.Payload.(EventPayloadCheckServiceNode) payload.overrideKey = serviceName.Name if gatewayName.EnterpriseMeta.NamespaceOrDefault() != serviceName.EnterpriseMeta.NamespaceOrDefault() { @@ -388,7 +386,7 @@ func ServiceHealthEventsFromChanges(tx ReadTxn, changes Changes) ([]stream.Event return nil, err } - e.Topic = topicServiceHealthConnect + e.Topic = EventTopicServiceHealthConnect payload := e.Payload.(EventPayloadCheckServiceNode) payload.overrideKey = serviceName.Name if gatewayName.EnterpriseMeta.NamespaceOrDefault() != serviceName.EnterpriseMeta.NamespaceOrDefault() { @@ -426,7 +424,7 @@ func isConnectProxyDestinationServiceChange(idx uint64, before, after *structs.S } e := newServiceHealthEventDeregister(idx, before) - e.Topic = topicServiceHealthConnect + e.Topic = EventTopicServiceHealthConnect payload := e.Payload.(EventPayloadCheckServiceNode) payload.overrideKey = payload.Value.Service.Proxy.DestinationServiceName e.Payload = payload @@ -467,7 +465,7 @@ func serviceHealthToConnectEvents( ) ([]stream.Event, error) { var result []stream.Event for _, event := range events { - if event.Topic != topicServiceHealth { // event.Topic == topicServiceHealthConnect + if event.Topic != EventTopicServiceHealth { // event.Topic == topicServiceHealthConnect // Skip non-health or any events already emitted to Connect topic continue } @@ -490,7 +488,7 @@ func connectEventsByServiceKind(tx ReadTxn, origEvent stream.Event) ([]stream.Ev } event := origEvent // shallow copy the event - event.Topic = topicServiceHealthConnect + event.Topic = EventTopicServiceHealthConnect if node.Service.Connect.Native { return []stream.Event{event}, nil @@ -527,7 +525,7 @@ func connectEventsByServiceKind(tx ReadTxn, origEvent stream.Event) ([]stream.Ev } func copyEventForService(event stream.Event, service structs.ServiceName) stream.Event { - event.Topic = topicServiceHealthConnect + event.Topic = EventTopicServiceHealthConnect payload := event.Payload.(EventPayloadCheckServiceNode) payload.overrideKey = service.Name if payload.Value.Service.EnterpriseMeta.NamespaceOrDefault() != service.EnterpriseMeta.NamespaceOrDefault() { @@ -666,7 +664,7 @@ func newServiceHealthEventRegister( Checks: checks, } return stream.Event{ - Topic: topicServiceHealth, + Topic: EventTopicServiceHealth, Index: idx, Payload: EventPayloadCheckServiceNode{ Op: pbsubscribe.CatalogOp_Register, @@ -697,7 +695,7 @@ func newServiceHealthEventDeregister(idx uint64, sn *structs.ServiceNode) stream } return stream.Event{ - Topic: topicServiceHealth, + Topic: EventTopicServiceHealth, Index: idx, Payload: EventPayloadCheckServiceNode{ Op: pbsubscribe.CatalogOp_Deregister, diff --git a/agent/consul/state/catalog_events_test.go b/agent/consul/state/catalog_events_test.go index b85ea5f76..1f6f6d885 100644 --- a/agent/consul/state/catalog_events_test.go +++ b/agent/consul/state/catalog_events_test.go @@ -70,11 +70,10 @@ func TestServiceHealthSnapshot(t *testing.T) { err = store.EnsureRegistration(counter.Next(), testServiceRegistration(t, "web", regNode2)) require.NoError(t, err) - fn := serviceHealthSnapshot((*readDB)(store.db.db), topicServiceHealth) buf := &snapshotAppender{} - req := stream.SubscribeRequest{Subject: EventSubjectService{Key: "web"}} + req := stream.SubscribeRequest{Topic: EventTopicServiceHealth, Subject: EventSubjectService{Key: "web"}} - idx, err := fn(req, buf) + idx, err := store.ServiceHealthSnapshot(req, buf) require.NoError(t, err) require.Equal(t, counter.Last(), idx) @@ -147,11 +146,10 @@ func TestServiceHealthSnapshot_ConnectTopic(t *testing.T) { err = store.EnsureRegistration(counter.Next(), testServiceRegistration(t, "tgate1", regTerminatingGateway)) require.NoError(t, err) - fn := serviceHealthSnapshot((*readDB)(store.db.db), topicServiceHealthConnect) buf := &snapshotAppender{} - req := stream.SubscribeRequest{Subject: EventSubjectService{Key: "web"}, Topic: topicServiceHealthConnect} + req := stream.SubscribeRequest{Subject: EventSubjectService{Key: "web"}, Topic: EventTopicServiceHealthConnect} - idx, err := fn(req, buf) + idx, err := store.ServiceHealthSnapshot(req, buf) require.NoError(t, err) require.Equal(t, counter.Last(), idx) @@ -1743,7 +1741,7 @@ func evServiceTermingGateway(name string) func(e *stream.Event) error { } } - if e.Topic == topicServiceHealthConnect { + if e.Topic == EventTopicServiceHealthConnect { payload := e.Payload.(EventPayloadCheckServiceNode) payload.overrideKey = name e.Payload = payload @@ -2096,7 +2094,7 @@ func evConnectNative(e *stream.Event) error { // depending on which topic they are published to and they determine this from // the event. func evConnectTopic(e *stream.Event) error { - e.Topic = topicServiceHealthConnect + e.Topic = EventTopicServiceHealthConnect return nil } @@ -2135,7 +2133,7 @@ func evSidecar(e *stream.Event) error { csn.Checks[1].ServiceName = svc + "_sidecar_proxy" } - if e.Topic == topicServiceHealthConnect { + if e.Topic == EventTopicServiceHealthConnect { payload := e.Payload.(EventPayloadCheckServiceNode) payload.overrideKey = svc e.Payload = payload @@ -2238,7 +2236,7 @@ func evRenameService(e *stream.Event) error { taggedAddr.Address = "240.0.0.2" csn.Service.TaggedAddresses[structs.TaggedAddressVirtualIP] = taggedAddr - if e.Topic == topicServiceHealthConnect { + if e.Topic == EventTopicServiceHealthConnect { payload := e.Payload.(EventPayloadCheckServiceNode) payload.overrideKey = csn.Service.Proxy.DestinationServiceName e.Payload = payload @@ -2350,7 +2348,7 @@ func newTestEventServiceHealthRegister(index uint64, nodeNum int, svc string) st addr := fmt.Sprintf("10.10.%d.%d", nodeNum/256, nodeNum%256) return stream.Event{ - Topic: topicServiceHealth, + Topic: EventTopicServiceHealth, Index: index, Payload: EventPayloadCheckServiceNode{ Op: pbsubscribe.CatalogOp_Register, @@ -2421,7 +2419,7 @@ func newTestEventServiceHealthRegister(index uint64, nodeNum int, svc string) st // adding too many options to callers. func newTestEventServiceHealthDeregister(index uint64, nodeNum int, svc string) stream.Event { return stream.Event{ - Topic: topicServiceHealth, + Topic: EventTopicServiceHealth, Index: index, Payload: EventPayloadCheckServiceNode{ Op: pbsubscribe.CatalogOp_Deregister, diff --git a/agent/consul/state/connect_ca_events.go b/agent/consul/state/connect_ca_events.go index c6bd135be..6a0bdb974 100644 --- a/agent/consul/state/connect_ca_events.go +++ b/agent/consul/state/connect_ca_events.go @@ -65,23 +65,21 @@ func caRootsChangeEvents(tx ReadTxn, changes Changes) ([]stream.Event, error) { // caRootsSnapshot returns a stream.SnapshotFunc that provides a snapshot of // the current active list of CA Roots. -func caRootsSnapshot(db ReadDB) stream.SnapshotFunc { - return func(_ stream.SubscribeRequest, buf stream.SnapshotAppender) (uint64, error) { - tx := db.ReadTxn() - defer tx.Abort() +func (s *Store) CARootsSnapshot(_ stream.SubscribeRequest, buf stream.SnapshotAppender) (uint64, error) { + tx := s.db.ReadTxn() + defer tx.Abort() - idx, roots, err := caRootsTxn(tx, nil) - if err != nil { - return 0, err - } - - buf.Append([]stream.Event{ - { - Topic: EventTopicCARoots, - Index: idx, - Payload: EventPayloadCARoots{CARoots: roots}, - }, - }) - return idx, nil + idx, roots, err := caRootsTxn(tx, nil) + if err != nil { + return 0, err } + + buf.Append([]stream.Event{ + { + Topic: EventTopicCARoots, + Index: idx, + Payload: EventPayloadCARoots{CARoots: roots}, + }, + }) + return idx, nil } diff --git a/agent/consul/state/connect_ca_events_test.go b/agent/consul/state/connect_ca_events_test.go index 9651e2a47..b5062340a 100644 --- a/agent/consul/state/connect_ca_events_test.go +++ b/agent/consul/state/connect_ca_events_test.go @@ -51,14 +51,13 @@ func TestCARootsEvents(t *testing.T) { func TestCARootsSnapshot(t *testing.T) { store := testStateStore(t) - fn := caRootsSnapshot((*readDB)(store.db.db)) var req stream.SubscribeRequest t.Run("no roots", func(t *testing.T) { buf := &snapshotAppender{} - idx, err := fn(req, buf) + idx, err := store.CARootsSnapshot(req, buf) require.NoError(t, err) require.Equal(t, uint64(0), idx) @@ -77,7 +76,7 @@ func TestCARootsSnapshot(t *testing.T) { _, err := store.CARootSetCAS(1, 0, structs.CARoots{root}) require.NoError(t, err) - idx, err := fn(req, buf) + idx, err := store.CARootsSnapshot(req, buf) require.NoError(t, err) require.Equal(t, uint64(1), idx) diff --git a/agent/consul/state/memdb.go b/agent/consul/state/memdb.go index 936375eb4..3edca1438 100644 --- a/agent/consul/state/memdb.go +++ b/agent/consul/state/memdb.go @@ -1,7 +1,6 @@ package state import ( - "context" "fmt" "github.com/hashicorp/go-memdb" @@ -58,7 +57,7 @@ type changeTrackerDB struct { type EventPublisher interface { Publish([]stream.Event) - Run(context.Context) + RegisterHandler(stream.Topic, stream.SnapshotFunc) error Subscribe(*stream.SubscribeRequest) (*stream.Subscription, error) } @@ -179,8 +178,8 @@ func (db *readDB) ReadTxn() AbortTxn { } var ( - topicServiceHealth = pbsubscribe.Topic_ServiceHealth - topicServiceHealthConnect = pbsubscribe.Topic_ServiceHealthConnect + EventTopicServiceHealth = pbsubscribe.Topic_ServiceHealth + EventTopicServiceHealthConnect = pbsubscribe.Topic_ServiceHealthConnect ) func processDBChanges(tx ReadTxn, changes Changes) ([]stream.Event, error) { @@ -200,11 +199,3 @@ func processDBChanges(tx ReadTxn, changes Changes) ([]stream.Event, error) { } return events, nil } - -func newSnapshotHandlers(db ReadDB) stream.SnapshotHandlers { - return stream.SnapshotHandlers{ - topicServiceHealth: serviceHealthSnapshot(db, topicServiceHealth), - topicServiceHealthConnect: serviceHealthSnapshot(db, topicServiceHealthConnect), - EventTopicCARoots: caRootsSnapshot(db), - } -} diff --git a/agent/consul/state/state_store.go b/agent/consul/state/state_store.go index 39a4371ef..e795b6857 100644 --- a/agent/consul/state/state_store.go +++ b/agent/consul/state/state_store.go @@ -1,10 +1,8 @@ package state import ( - "context" "errors" "fmt" - "time" memdb "github.com/hashicorp/go-memdb" @@ -109,10 +107,6 @@ type Store struct { // abandoned (usually during a restore). This is only ever closed. abandonCh chan struct{} - // TODO: refactor abondonCh to use a context so that both can use the same - // cancel mechanism. - stopEventPublisher func() - // kvsGraveyard manages tombstones for the key value store. kvsGraveyard *Graveyard @@ -159,11 +153,10 @@ func NewStateStore(gc *TombstoneGC) *Store { panic(fmt.Sprintf("failed to create state store: %v", err)) } s := &Store{ - schema: schema, - abandonCh: make(chan struct{}), - kvsGraveyard: NewGraveyard(gc), - lockDelay: NewDelay(), - stopEventPublisher: func() {}, + schema: schema, + abandonCh: make(chan struct{}), + kvsGraveyard: NewGraveyard(gc), + lockDelay: NewDelay(), db: &changeTrackerDB{ db: db, publisher: stream.NoOpEventPublisher{}, @@ -173,24 +166,13 @@ func NewStateStore(gc *TombstoneGC) *Store { return s } -func NewStateStoreWithEventPublisher(gc *TombstoneGC) *Store { +func NewStateStoreWithEventPublisher(gc *TombstoneGC, publisher EventPublisher) *Store { store := NewStateStore(gc) - ctx, cancel := context.WithCancel(context.TODO()) - store.stopEventPublisher = cancel + store.db.publisher = publisher - pub := stream.NewEventPublisher(newSnapshotHandlers((*readDB)(store.db.db)), 10*time.Second) - store.db.publisher = pub - - go pub.Run(ctx) return store } -// EventPublisher returns the stream.EventPublisher used by the Store to -// publish events. -func (s *Store) EventPublisher() EventPublisher { - return s.db.publisher -} - // Snapshot is used to create a point-in-time snapshot of the entire db. func (s *Store) Snapshot() *Snapshot { tx := s.db.Txn(false) @@ -277,11 +259,7 @@ func (s *Store) AbandonCh() <-chan struct{} { // Abandon is used to signal that the given state store has been abandoned. // Calling this more than one time will panic. func (s *Store) Abandon() { - // Note: the order of these operations matters. Subscribers may receive on - // abandonCh to determine whether their subscription was closed because the - // store was abandoned, therefore it's important abandonCh is closed first. close(s.abandonCh) - s.stopEventPublisher() } // maxIndex is a helper used to retrieve the highest known index diff --git a/agent/consul/state/store_integration_test.go b/agent/consul/state/store_integration_test.go index 55c3059ce..421205e14 100644 --- a/agent/consul/state/store_integration_test.go +++ b/agent/consul/state/store_integration_test.go @@ -32,7 +32,8 @@ func TestStore_IntegrationWithEventPublisher_ACLTokenUpdate(t *testing.T) { ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second) defer cancel() - publisher := stream.NewEventPublisher(newTestSnapshotHandlers(s), 0) + publisher := stream.NewEventPublisher(0) + registerTestSnapshotHandlers(t, s, publisher) go publisher.Run(ctx) s.db.publisher = publisher sub, err := publisher.Subscribe(subscription) @@ -119,7 +120,8 @@ func TestStore_IntegrationWithEventPublisher_ACLPolicyUpdate(t *testing.T) { ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second) defer cancel() - publisher := stream.NewEventPublisher(newTestSnapshotHandlers(s), 0) + publisher := stream.NewEventPublisher(0) + registerTestSnapshotHandlers(t, s, publisher) go publisher.Run(ctx) s.db.publisher = publisher sub, err := publisher.Subscribe(subscription) @@ -240,7 +242,8 @@ func TestStore_IntegrationWithEventPublisher_ACLRoleUpdate(t *testing.T) { ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second) defer cancel() - publisher := stream.NewEventPublisher(newTestSnapshotHandlers(s), 0) + publisher := stream.NewEventPublisher(0) + registerTestSnapshotHandlers(t, s, publisher) go publisher.Run(ctx) s.db.publisher = publisher sub, err := publisher.Subscribe(subscription) @@ -393,27 +396,29 @@ func (t topic) String() string { var topicService topic = "test-topic-service" -func newTestSnapshotHandlers(s *Store) stream.SnapshotHandlers { - return stream.SnapshotHandlers{ - topicService: func(req stream.SubscribeRequest, snap stream.SnapshotAppender) (uint64, error) { - key := req.Subject.String() +func (s *Store) topicServiceTestHandler(req stream.SubscribeRequest, snap stream.SnapshotAppender) (uint64, error) { + key := req.Subject.String() - idx, nodes, err := s.ServiceNodes(nil, key, nil) - if err != nil { - return idx, err - } - - for _, node := range nodes { - event := stream.Event{ - Topic: req.Topic, - Index: node.ModifyIndex, - Payload: nodePayload{node: node, key: key}, - } - snap.Append([]stream.Event{event}) - } - return idx, nil - }, + idx, nodes, err := s.ServiceNodes(nil, key, nil) + if err != nil { + return idx, err } + + for _, node := range nodes { + event := stream.Event{ + Topic: req.Topic, + Index: node.ModifyIndex, + Payload: nodePayload{node: node, key: key}, + } + snap.Append([]stream.Event{event}) + } + return idx, nil +} + +func registerTestSnapshotHandlers(t *testing.T, s *Store, publisher EventPublisher) { + t.Helper() + err := publisher.RegisterHandler(topicService, s.topicServiceTestHandler) + require.NoError(t, err) } type nodePayload struct { @@ -460,7 +465,8 @@ func createTokenAndWaitForACLEventPublish(t *testing.T, s *Store) *structs.ACLTo ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second) defer cancel() - publisher := stream.NewEventPublisher(newTestSnapshotHandlers(s), 0) + publisher := stream.NewEventPublisher(0) + registerTestSnapshotHandlers(t, s, publisher) go publisher.Run(ctx) s.db.publisher = publisher diff --git a/agent/consul/stream/event_publisher.go b/agent/consul/stream/event_publisher.go index 06b7b03a2..2cd0564ff 100644 --- a/agent/consul/stream/event_publisher.go +++ b/agent/consul/stream/event_publisher.go @@ -91,7 +91,7 @@ type SnapshotAppender interface { // A goroutine is run in the background to publish events to all subscribes. // Cancelling the context will shutdown the goroutine, to free resources, // and stop all publishing. -func NewEventPublisher(handlers SnapshotHandlers, snapCacheTTL time.Duration) *EventPublisher { +func NewEventPublisher(snapCacheTTL time.Duration) *EventPublisher { e := &EventPublisher{ snapCacheTTL: snapCacheTTL, topicBuffers: make(map[topicSubject]*topicBuffer), @@ -100,12 +100,41 @@ func NewEventPublisher(handlers SnapshotHandlers, snapCacheTTL time.Duration) *E subscriptions: &subscriptions{ byToken: make(map[string]map[*SubscribeRequest]*Subscription), }, - snapshotHandlers: handlers, + snapshotHandlers: make(map[Topic]SnapshotFunc), } return e } +// RegisterHandler will register a new snapshot handler function. The expectation is +// that all handlers get registered prior to the event publisher being Run. Handler +// registration is therefore not concurrency safe and access to handlers is internally +// not synchronized. +func (e *EventPublisher) RegisterHandler(topic Topic, handler SnapshotFunc) error { + if topic.String() == "" { + return fmt.Errorf("the topic cannnot be empty") + } + + if _, found := e.snapshotHandlers[topic]; found { + return fmt.Errorf("a handler is already registered for the topic: %s", topic.String()) + } + + e.snapshotHandlers[topic] = handler + + return nil +} + +func (e *EventPublisher) RefreshTopic(topic Topic) error { + if _, found := e.snapshotHandlers[topic]; !found { + return fmt.Errorf("topic %s is not registered", topic) + } + + e.forceEvictByTopic(topic) + e.subscriptions.closeAllByTopic(topic) + + return nil +} + // Publish events to all subscribers of the event Topic. The events will be shared // with all subscriptions, so the Payload used in Event.Payload must be immutable. func (e *EventPublisher) Publish(events []Event) { @@ -196,14 +225,14 @@ func (e *EventPublisher) bufferForPublishing(key topicSubject) *eventBuffer { // When the caller is finished with the subscription for any reason, it must // call Subscription.Unsubscribe to free ACL tracking resources. func (e *EventPublisher) Subscribe(req *SubscribeRequest) (*Subscription, error) { + e.lock.Lock() + defer e.lock.Unlock() + handler, ok := e.snapshotHandlers[req.Topic] if !ok || req.Topic == nil { return nil, fmt.Errorf("unknown topic %v", req.Topic) } - e.lock.Lock() - defer e.lock.Unlock() - topicBuf := e.bufferForSubscription(req.topicSubject()) topicBuf.refs++ @@ -327,6 +356,19 @@ func (s *subscriptions) closeAll() { } } +func (s *subscriptions) closeAllByTopic(topic Topic) { + s.lock.Lock() + defer s.lock.Unlock() + + for _, byRequest := range s.byToken { + for _, sub := range byRequest { + if sub.req.Topic == topic { + sub.forceClose() + } + } + } +} + // EventPublisher.lock must be held to call this method. func (e *EventPublisher) getCachedSnapshotLocked(req *SubscribeRequest) *eventSnapshot { snap, ok := e.snapCache[req.topicSubject()] @@ -350,3 +392,15 @@ func (e *EventPublisher) setCachedSnapshotLocked(req *SubscribeRequest, snap *ev delete(e.snapCache, req.topicSubject()) }) } + +// forceEvictByTopic will remove all entries from the snapshot cache for a given topic. +// This method should be called while holding the publishers lock. +func (e *EventPublisher) forceEvictByTopic(topic Topic) { + e.lock.Lock() + for key := range e.snapCache { + if key.Topic == topic.String() { + delete(e.snapCache, key) + } + } + e.lock.Unlock() +} diff --git a/agent/consul/stream/event_publisher_test.go b/agent/consul/stream/event_publisher_test.go index c718d5853..fbd253830 100644 --- a/agent/consul/stream/event_publisher_test.go +++ b/agent/consul/stream/event_publisher_test.go @@ -27,7 +27,8 @@ func TestEventPublisher_SubscribeWithIndex0(t *testing.T) { ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second) defer cancel() - publisher := NewEventPublisher(newTestSnapshotHandlers(), 0) + publisher := NewEventPublisher(0) + registerTestSnapshotHandlers(t, publisher) go publisher.Run(ctx) sub, err := publisher.Subscribe(req) @@ -83,16 +84,18 @@ func (p simplePayload) HasReadPermission(acl.Authorizer) bool { func (p simplePayload) Subject() Subject { return stringer(p.key) } -func newTestSnapshotHandlers() SnapshotHandlers { - return SnapshotHandlers{ - testTopic: func(req SubscribeRequest, buf SnapshotAppender) (uint64, error) { - if req.Topic != testTopic { - return 0, fmt.Errorf("unexpected topic: %v", req.Topic) - } - buf.Append([]Event{testSnapshotEvent}) - return 1, nil - }, +func registerTestSnapshotHandlers(t *testing.T, publisher *EventPublisher) { + t.Helper() + + testTopicHandler := func(req SubscribeRequest, buf SnapshotAppender) (uint64, error) { + if req.Topic != testTopic { + return 0, fmt.Errorf("unexpected topic: %v", req.Topic) + } + buf.Append([]Event{testSnapshotEvent}) + return 1, nil } + + require.NoError(t, publisher.RegisterHandler(testTopic, testTopicHandler)) } func runSubscription(ctx context.Context, sub *Subscription) <-chan eventOrErr { @@ -143,14 +146,14 @@ func TestEventPublisher_ShutdownClosesSubscriptions(t *testing.T) { ctx, cancel := context.WithCancel(context.Background()) t.Cleanup(cancel) - handlers := newTestSnapshotHandlers() fn := func(req SubscribeRequest, buf SnapshotAppender) (uint64, error) { return 0, nil } - handlers[intTopic(22)] = fn - handlers[intTopic(33)] = fn - publisher := NewEventPublisher(handlers, time.Second) + publisher := NewEventPublisher(time.Second) + registerTestSnapshotHandlers(t, publisher) + publisher.RegisterHandler(intTopic(22), fn) + publisher.RegisterHandler(intTopic(33), fn) go publisher.Run(ctx) sub1, err := publisher.Subscribe(&SubscribeRequest{Topic: intTopic(22), Subject: SubjectNone}) @@ -190,7 +193,8 @@ func TestEventPublisher_SubscribeWithIndex0_FromCache(t *testing.T) { ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second) defer cancel() - publisher := NewEventPublisher(newTestSnapshotHandlers(), time.Second) + publisher := NewEventPublisher(time.Second) + registerTestSnapshotHandlers(t, publisher) go publisher.Run(ctx) sub, err := publisher.Subscribe(req) @@ -235,7 +239,8 @@ func TestEventPublisher_SubscribeWithIndexNotZero_CanResume(t *testing.T) { ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second) defer cancel() - publisher := NewEventPublisher(newTestSnapshotHandlers(), time.Second) + publisher := NewEventPublisher(time.Second) + registerTestSnapshotHandlers(t, publisher) go publisher.Run(ctx) simulateExistingSubscriber(t, publisher, req) @@ -288,7 +293,8 @@ func TestEventPublisher_SubscribeWithIndexNotZero_NewSnapshot(t *testing.T) { ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second) defer cancel() - publisher := NewEventPublisher(newTestSnapshotHandlers(), 0) + publisher := NewEventPublisher(0) + registerTestSnapshotHandlers(t, publisher) go publisher.Run(ctx) // Include the same event in the topicBuffer publisher.publishEvent([]Event{testSnapshotEvent}) @@ -344,7 +350,8 @@ func TestEventPublisher_SubscribeWithIndexNotZero_NewSnapshotFromCache(t *testin ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second) defer cancel() - publisher := NewEventPublisher(newTestSnapshotHandlers(), time.Second) + publisher := NewEventPublisher(time.Second) + registerTestSnapshotHandlers(t, publisher) go publisher.Run(ctx) simulateExistingSubscriber(t, publisher, req) @@ -417,21 +424,20 @@ func TestEventPublisher_SubscribeWithIndexNotZero_NewSnapshot_WithCache(t *testi Payload: simplePayload{key: "sub-key", value: "event-3"}, } - handlers := SnapshotHandlers{ - testTopic: func(req SubscribeRequest, buf SnapshotAppender) (uint64, error) { - if req.Topic != testTopic { - return 0, fmt.Errorf("unexpected topic: %v", req.Topic) - } - buf.Append([]Event{testSnapshotEvent}) - buf.Append([]Event{nextEvent}) - return 3, nil - }, + testTopicHandler := func(req SubscribeRequest, buf SnapshotAppender) (uint64, error) { + if req.Topic != testTopic { + return 0, fmt.Errorf("unexpected topic: %v", req.Topic) + } + buf.Append([]Event{testSnapshotEvent}) + buf.Append([]Event{nextEvent}) + return 3, nil } ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second) defer cancel() - publisher := NewEventPublisher(handlers, time.Second) + publisher := NewEventPublisher(time.Second) + publisher.RegisterHandler(testTopic, testTopicHandler) go publisher.Run(ctx) simulateExistingSubscriber(t, publisher, req) @@ -498,7 +504,8 @@ func TestEventPublisher_Unsubscribe_ClosesSubscription(t *testing.T) { ctx, cancel := context.WithTimeout(context.Background(), time.Second) defer cancel() - publisher := NewEventPublisher(newTestSnapshotHandlers(), time.Second) + publisher := NewEventPublisher(time.Second) + registerTestSnapshotHandlers(t, publisher) sub, err := publisher.Subscribe(req) require.NoError(t, err) @@ -518,7 +525,8 @@ func TestEventPublisher_Unsubscribe_FreesResourcesWhenThereAreNoSubscribers(t *t Subject: stringer("sub-key"), } - publisher := NewEventPublisher(newTestSnapshotHandlers(), time.Second) + publisher := NewEventPublisher(time.Second) + registerTestSnapshotHandlers(t, publisher) sub1, err := publisher.Subscribe(req) require.NoError(t, err) diff --git a/agent/consul/stream/noop.go b/agent/consul/stream/noop.go index 1b3282dbf..84d6a648d 100644 --- a/agent/consul/stream/noop.go +++ b/agent/consul/stream/noop.go @@ -9,6 +9,10 @@ type NoOpEventPublisher struct{} func (NoOpEventPublisher) Publish([]Event) {} +func (NoOpEventPublisher) RegisterHandler(Topic, SnapshotFunc) error { + return fmt.Errorf("stream event publisher is disabled") +} + func (NoOpEventPublisher) Run(context.Context) {} func (NoOpEventPublisher) Subscribe(*SubscribeRequest) (*Subscription, error) { diff --git a/agent/consul/subscribe_backend.go b/agent/consul/subscribe_backend.go index 94b8671f4..bddbb2e5f 100644 --- a/agent/consul/subscribe_backend.go +++ b/agent/consul/subscribe_backend.go @@ -31,5 +31,5 @@ func (s subscribeBackend) Forward(info structs.RPCInfo, f func(*grpc.ClientConn) } func (s subscribeBackend) Subscribe(req *stream.SubscribeRequest) (*stream.Subscription, error) { - return s.srv.fsm.State().EventPublisher().Subscribe(req) + return s.srv.publisher.Subscribe(req) } diff --git a/agent/grpc/private/services/subscribe/subscribe_test.go b/agent/grpc/private/services/subscribe/subscribe_test.go index d9d8d162d..c31959057 100644 --- a/agent/grpc/private/services/subscribe/subscribe_test.go +++ b/agent/grpc/private/services/subscribe/subscribe_test.go @@ -32,8 +32,7 @@ import ( ) func TestServer_Subscribe_KeyIsRequired(t *testing.T) { - backend, err := newTestBackend() - require.NoError(t, err) + backend := newTestBackend(t) addr := runTestServer(t, NewServer(backend, hclog.New(nil))) @@ -59,8 +58,7 @@ func TestServer_Subscribe_KeyIsRequired(t *testing.T) { } func TestServer_Subscribe_IntegrationWithBackend(t *testing.T) { - backend, err := newTestBackend() - require.NoError(t, err) + backend := newTestBackend(t) addr := runTestServer(t, NewServer(backend, hclog.New(nil))) ids := newCounter() @@ -312,6 +310,7 @@ func getEvent(t *testing.T, ch chan eventOrError) *pbsubscribe.Event { } type testBackend struct { + publisher *stream.EventPublisher store *state.Store authorizer func(token string, entMeta *acl.EnterpriseMeta) acl.Authorizer forwardConn *gogrpc.ClientConn @@ -333,19 +332,33 @@ func (b testBackend) Forward(_ structs.RPCInfo, fn func(*gogrpc.ClientConn) erro } func (b testBackend) Subscribe(req *stream.SubscribeRequest) (*stream.Subscription, error) { - return b.store.EventPublisher().Subscribe(req) + return b.publisher.Subscribe(req) } -func newTestBackend() (*testBackend, error) { +func newTestBackend(t *testing.T) *testBackend { + t.Helper() gc, err := state.NewTombstoneGC(time.Second, time.Millisecond) - if err != nil { - return nil, err - } - store := state.NewStateStoreWithEventPublisher(gc) + require.NoError(t, err) + + publisher := stream.NewEventPublisher(10 * time.Second) + + store := state.NewStateStoreWithEventPublisher(gc, publisher) + + // normally the handlers are registered on the FSM as state stores may come + // and go during snapshot restores. For the purposes of this test backend though we + // just register them directly to + require.NoError(t, publisher.RegisterHandler(state.EventTopicCARoots, store.CARootsSnapshot)) + require.NoError(t, publisher.RegisterHandler(state.EventTopicServiceHealth, store.ServiceHealthSnapshot)) + require.NoError(t, publisher.RegisterHandler(state.EventTopicServiceHealthConnect, store.ServiceHealthSnapshot)) + + ctx, cancel := context.WithCancel(context.Background()) + go publisher.Run(ctx) + t.Cleanup(cancel) + allowAll := func(string, *acl.EnterpriseMeta) acl.Authorizer { return acl.AllowAll() } - return &testBackend{store: store, authorizer: allowAll}, nil + return &testBackend{publisher: publisher, store: store, authorizer: allowAll} } var _ Backend = (*testBackend)(nil) @@ -409,12 +422,10 @@ func raftIndex(ids *counter, created, modified string) *pbcommon.RaftIndex { } func TestServer_Subscribe_IntegrationWithBackend_ForwardToDC(t *testing.T) { - backendLocal, err := newTestBackend() - require.NoError(t, err) + backendLocal := newTestBackend(t) addrLocal := runTestServer(t, NewServer(backendLocal, hclog.New(nil))) - backendRemoteDC, err := newTestBackend() - require.NoError(t, err) + backendRemoteDC := newTestBackend(t) srvRemoteDC := NewServer(backendRemoteDC, hclog.New(nil)) addrRemoteDC := runTestServer(t, srvRemoteDC) @@ -642,8 +653,7 @@ func TestServer_Subscribe_IntegrationWithBackend_FilterEventsByACLToken(t *testi t.Skip("too slow for -short run") } - backend, err := newTestBackend() - require.NoError(t, err) + backend := newTestBackend(t) addr := runTestServer(t, NewServer(backend, hclog.New(nil))) token := "this-token-is-good" @@ -839,8 +849,7 @@ node "node1" { } func TestServer_Subscribe_IntegrationWithBackend_ACLUpdate(t *testing.T) { - backend, err := newTestBackend() - require.NoError(t, err) + backend := newTestBackend(t) addr := runTestServer(t, NewServer(backend, hclog.New(nil))) token := "this-token-is-good" @@ -1100,12 +1109,12 @@ func newPayloadEvents(items ...stream.Event) *stream.PayloadEvents { func newEventFromSubscription(t *testing.T, index uint64) stream.Event { t.Helper() - handlers := map[stream.Topic]stream.SnapshotFunc{ - pbsubscribe.Topic_ServiceHealthConnect: func(stream.SubscribeRequest, stream.SnapshotAppender) (index uint64, err error) { - return 1, nil - }, + serviceHealthConnectHandler := func(stream.SubscribeRequest, stream.SnapshotAppender) (index uint64, err error) { + return 1, nil } - ep := stream.NewEventPublisher(handlers, 0) + + ep := stream.NewEventPublisher(0) + ep.RegisterHandler(pbsubscribe.Topic_ServiceHealthConnect, serviceHealthConnectHandler) req := &stream.SubscribeRequest{Topic: pbsubscribe.Topic_ServiceHealthConnect, Subject: stream.SubjectNone, Index: index} sub, err := ep.Subscribe(req) diff --git a/agent/grpc/public/services/connectca/server.go b/agent/grpc/public/services/connectca/server.go index 002f8e344..86edfdb54 100644 --- a/agent/grpc/public/services/connectca/server.go +++ b/agent/grpc/public/services/connectca/server.go @@ -7,7 +7,7 @@ import ( "github.com/hashicorp/go-memdb" "github.com/hashicorp/consul/acl" - "github.com/hashicorp/consul/agent/consul/state" + "github.com/hashicorp/consul/agent/consul/stream" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/proto-public/pbconnectca" ) @@ -17,13 +17,17 @@ type Server struct { } type Config struct { + Publisher EventPublisher GetStore func() StateStore Logger hclog.Logger ACLResolver ACLResolver } +type EventPublisher interface { + Subscribe(*stream.SubscribeRequest) (*stream.Subscription, error) +} + type StateStore interface { - EventPublisher() state.EventPublisher CAConfig(memdb.WatchSet) (uint64, *structs.CAConfiguration, error) AbandonCh() <-chan struct{} } diff --git a/agent/grpc/public/services/connectca/server_test.go b/agent/grpc/public/services/connectca/server_test.go index 6a4d42fa0..e74b7c094 100644 --- a/agent/grpc/public/services/connectca/server_test.go +++ b/agent/grpc/public/services/connectca/server_test.go @@ -3,6 +3,7 @@ package connectca import ( "context" "net" + "sync" "testing" "time" @@ -10,16 +11,66 @@ import ( "google.golang.org/grpc" "github.com/hashicorp/consul/agent/consul/state" + "github.com/hashicorp/consul/agent/consul/stream" "github.com/hashicorp/consul/proto-public/pbconnectca" ) -func testStateStore(t *testing.T) *state.Store { +func testStateStore(t *testing.T, publisher state.EventPublisher) *state.Store { t.Helper() gc, err := state.NewTombstoneGC(time.Second, time.Millisecond) require.NoError(t, err) - return state.NewStateStoreWithEventPublisher(gc) + return state.NewStateStoreWithEventPublisher(gc, publisher) +} + +type FakeFSM struct { + lock sync.Mutex + store *state.Store + publisher *stream.EventPublisher +} + +func newFakeFSM(t *testing.T, publisher *stream.EventPublisher) *FakeFSM { + t.Helper() + + store := testStateStore(t, publisher) + + fsm := FakeFSM{store: store, publisher: publisher} + + // register handlers + publisher.RegisterHandler(state.EventTopicCARoots, func(req stream.SubscribeRequest, buf stream.SnapshotAppender) (uint64, error) { + return fsm.GetStore().CARootsSnapshot(req, buf) + }) + + return &fsm +} + +func (f *FakeFSM) GetStore() *state.Store { + f.lock.Lock() + defer f.lock.Unlock() + return f.store +} + +func (f *FakeFSM) ReplaceStore(store *state.Store) { + f.lock.Lock() + defer f.lock.Unlock() + oldStore := f.store + f.store = store + oldStore.Abandon() + f.publisher.RefreshTopic(state.EventTopicCARoots) +} + +func setupFSMAndPublisher(t *testing.T) (*FakeFSM, state.EventPublisher) { + t.Helper() + publisher := stream.NewEventPublisher(10 * time.Second) + + fsm := newFakeFSM(t, publisher) + + ctx, cancel := context.WithCancel(context.Background()) + t.Cleanup(cancel) + go publisher.Run(ctx) + + return fsm, publisher } func testClient(t *testing.T, server *Server) pbconnectca.ConnectCAServiceClient { diff --git a/agent/grpc/public/services/connectca/watch_roots.go b/agent/grpc/public/services/connectca/watch_roots.go index eeaf2d8c8..7a7430783 100644 --- a/agent/grpc/public/services/connectca/watch_roots.go +++ b/agent/grpc/public/services/connectca/watch_roots.go @@ -68,7 +68,7 @@ func (s *Server) serveRoots( } // Start the subscription. - sub, err := store.EventPublisher().Subscribe(&stream.SubscribeRequest{ + sub, err := s.Publisher.Subscribe(&stream.SubscribeRequest{ Topic: state.EventTopicCARoots, Subject: stream.SubjectNone, Token: token, diff --git a/agent/grpc/public/services/connectca/watch_roots_test.go b/agent/grpc/public/services/connectca/watch_roots_test.go index d650a4d13..7bce07e1a 100644 --- a/agent/grpc/public/services/connectca/watch_roots_test.go +++ b/agent/grpc/public/services/connectca/watch_roots_test.go @@ -13,7 +13,6 @@ import ( "google.golang.org/grpc/status" "google.golang.org/protobuf/types/known/emptypb" - "github.com/hashicorp/go-hclog" "github.com/hashicorp/go-uuid" "github.com/hashicorp/consul/acl" @@ -22,19 +21,20 @@ import ( "github.com/hashicorp/consul/agent/grpc/public/testutils" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/proto-public/pbconnectca" + "github.com/hashicorp/consul/sdk/testutil" ) const testACLToken = "acl-token" func TestWatchRoots_Success(t *testing.T) { - store := testStateStore(t) + fsm, publisher := setupFSMAndPublisher(t) // Set the initial roots and CA configuration. rootA := connect.TestCA(t, nil) - _, err := store.CARootSetCAS(1, 0, structs.CARoots{rootA}) + _, err := fsm.GetStore().CARootSetCAS(1, 0, structs.CARoots{rootA}) require.NoError(t, err) - err = store.CASetConfig(0, &structs.CAConfiguration{ClusterID: "cluster-id"}) + err = fsm.GetStore().CASetConfig(0, &structs.CAConfiguration{ClusterID: "cluster-id"}) require.NoError(t, err) // Mock the ACL Resolver to return an authorizer with `service:write`. @@ -45,8 +45,9 @@ func TestWatchRoots_Success(t *testing.T) { ctx := public.ContextWithToken(context.Background(), testACLToken) server := NewServer(Config{ - GetStore: func() StateStore { return store }, - Logger: hclog.NewNullLogger(), + Publisher: publisher, + GetStore: func() StateStore { return fsm.GetStore() }, + Logger: testutil.Logger(t), ACLResolver: aclResolver, }) @@ -65,7 +66,7 @@ func TestWatchRoots_Success(t *testing.T) { // Rotate the roots. rootB := connect.TestCA(t, nil) - _, err = store.CARootSetCAS(2, 1, structs.CARoots{rootB}) + _, err = fsm.GetStore().CARootSetCAS(2, 1, structs.CARoots{rootB}) require.NoError(t, err) // Expect another event containing the new roots. @@ -77,10 +78,10 @@ func TestWatchRoots_Success(t *testing.T) { } func TestWatchRoots_InvalidACLToken(t *testing.T) { - store := testStateStore(t) + fsm, publisher := setupFSMAndPublisher(t) // Set the initial CA configuration. - err := store.CASetConfig(0, &structs.CAConfiguration{ClusterID: "cluster-id"}) + err := fsm.GetStore().CASetConfig(0, &structs.CAConfiguration{ClusterID: "cluster-id"}) require.NoError(t, err) // Mock the ACL resolver to return ErrNotFound. @@ -91,8 +92,9 @@ func TestWatchRoots_InvalidACLToken(t *testing.T) { ctx := public.ContextWithToken(context.Background(), testACLToken) server := NewServer(Config{ - GetStore: func() StateStore { return store }, - Logger: hclog.NewNullLogger(), + Publisher: publisher, + GetStore: func() StateStore { return fsm.GetStore() }, + Logger: testutil.Logger(t), ACLResolver: aclResolver, }) @@ -108,14 +110,14 @@ func TestWatchRoots_InvalidACLToken(t *testing.T) { } func TestWatchRoots_ACLTokenInvalidated(t *testing.T) { - store := testStateStore(t) + fsm, publisher := setupFSMAndPublisher(t) // Set the initial roots and CA configuration. rootA := connect.TestCA(t, nil) - _, err := store.CARootSetCAS(1, 0, structs.CARoots{rootA}) + _, err := fsm.GetStore().CARootSetCAS(1, 0, structs.CARoots{rootA}) require.NoError(t, err) - err = store.CASetConfig(2, &structs.CAConfiguration{ClusterID: "cluster-id"}) + err = fsm.GetStore().CASetConfig(2, &structs.CAConfiguration{ClusterID: "cluster-id"}) require.NoError(t, err) // Mock the ACL Resolver to return an authorizer with `service:write` the @@ -127,8 +129,9 @@ func TestWatchRoots_ACLTokenInvalidated(t *testing.T) { ctx := public.ContextWithToken(context.Background(), testACLToken) server := NewServer(Config{ - GetStore: func() StateStore { return store }, - Logger: hclog.NewNullLogger(), + Publisher: publisher, + GetStore: func() StateStore { return fsm.GetStore() }, + Logger: testutil.Logger(t), ACLResolver: aclResolver, }) @@ -144,7 +147,7 @@ func TestWatchRoots_ACLTokenInvalidated(t *testing.T) { // Update the ACL token to cause the subscription to be force-closed. accessorID, err := uuid.GenerateUUID() require.NoError(t, err) - err = store.ACLTokenSet(1, &structs.ACLToken{ + err = fsm.GetStore().ACLTokenSet(1, &structs.ACLToken{ AccessorID: accessorID, SecretID: testACLToken, }) @@ -152,7 +155,7 @@ func TestWatchRoots_ACLTokenInvalidated(t *testing.T) { // Update the roots. rootB := connect.TestCA(t, nil) - _, err = store.CARootSetCAS(3, 1, structs.CARoots{rootB}) + _, err = fsm.GetStore().CARootSetCAS(3, 1, structs.CARoots{rootB}) require.NoError(t, err) // Expect the stream to remain open and to receive the new roots. @@ -163,7 +166,7 @@ func TestWatchRoots_ACLTokenInvalidated(t *testing.T) { Return(acl.DenyAll(), nil) // Update the ACL token to cause the subscription to be force-closed. - err = store.ACLTokenSet(1, &structs.ACLToken{ + err = fsm.GetStore().ACLTokenSet(1, &structs.ACLToken{ AccessorID: accessorID, SecretID: testACLToken, }) @@ -175,14 +178,14 @@ func TestWatchRoots_ACLTokenInvalidated(t *testing.T) { } func TestWatchRoots_StateStoreAbandoned(t *testing.T) { - storeA := testStateStore(t) + fsm, publisher := setupFSMAndPublisher(t) // Set the initial roots and CA configuration. rootA := connect.TestCA(t, nil) - _, err := storeA.CARootSetCAS(1, 0, structs.CARoots{rootA}) + _, err := fsm.GetStore().CARootSetCAS(1, 0, structs.CARoots{rootA}) require.NoError(t, err) - err = storeA.CASetConfig(0, &structs.CAConfiguration{ClusterID: "cluster-a"}) + err = fsm.GetStore().CASetConfig(0, &structs.CAConfiguration{ClusterID: "cluster-a"}) require.NoError(t, err) // Mock the ACL Resolver to return an authorizer with `service:write`. @@ -193,8 +196,9 @@ func TestWatchRoots_StateStoreAbandoned(t *testing.T) { ctx := public.ContextWithToken(context.Background(), testACLToken) server := NewServer(Config{ - GetStore: func() StateStore { return storeA }, - Logger: hclog.NewNullLogger(), + Publisher: publisher, + GetStore: func() StateStore { return fsm.GetStore() }, + Logger: testutil.Logger(t), ACLResolver: aclResolver, }) @@ -208,7 +212,7 @@ func TestWatchRoots_StateStoreAbandoned(t *testing.T) { mustGetRoots(t, rspCh) // Simulate a snapshot restore. - storeB := testStateStore(t) + storeB := testStateStore(t, publisher) rootB := connect.TestCA(t, nil) _, err = storeB.CARootSetCAS(1, 0, structs.CARoots{rootB}) @@ -217,9 +221,7 @@ func TestWatchRoots_StateStoreAbandoned(t *testing.T) { err = storeB.CASetConfig(0, &structs.CAConfiguration{ClusterID: "cluster-b"}) require.NoError(t, err) - server.GetStore = func() StateStore { return storeB } - - storeA.Abandon() + fsm.ReplaceStore(storeB) // Expect to get the new store's roots. newRoots := mustGetRoots(t, rspCh) diff --git a/agent/submatview/store_integration_test.go b/agent/submatview/store_integration_test.go index 49cb67677..e8247b818 100644 --- a/agent/submatview/store_integration_test.go +++ b/agent/submatview/store_integration_test.go @@ -43,10 +43,8 @@ func TestStore_IntegrationWithBackend(t *testing.T) { } sh := snapshotHandler{producers: producers} - handlers := map[stream.Topic]stream.SnapshotFunc{ - pbsubscribe.Topic_ServiceHealth: sh.Snapshot, - } - pub := stream.NewEventPublisher(handlers, 10*time.Millisecond) + pub := stream.NewEventPublisher(10 * time.Millisecond) + pub.RegisterHandler(pbsubscribe.Topic_ServiceHealth, sh.Snapshot) ctx, cancel := context.WithCancel(context.Background()) defer cancel() From a2a9c963d6150284939eb88980ec203c3e8db578 Mon Sep 17 00:00:00 2001 From: John Murret Date: Tue, 12 Apr 2022 10:44:41 -0600 Subject: [PATCH 130/785] Correcting an uncapitalized word setup at the beginning of titles to be capitalized in vault section. (#12759) --- build-support/functions/20-build.sh | 2 +- .../installation/vault/data-integration/bootstrap-token.mdx | 4 ++-- .../k8s/installation/vault/data-integration/connect-ca.mdx | 4 ++-- .../vault/data-integration/enterprise-license.mdx | 4 ++-- .../docs/k8s/installation/vault/data-integration/gossip.mdx | 4 ++-- .../docs/k8s/installation/vault/data-integration/index.mdx | 4 ++-- .../installation/vault/data-integration/partition-token.mdx | 4 ++-- .../installation/vault/data-integration/replication-token.mdx | 4 ++-- .../k8s/installation/vault/data-integration/server-tls.mdx | 4 ++-- .../vault/data-integration/snapshot-agent-config.mdx | 4 ++-- 10 files changed, 19 insertions(+), 19 deletions(-) diff --git a/build-support/functions/20-build.sh b/build-support/functions/20-build.sh index dff71a6bf..c2452bae4 100644 --- a/build-support/functions/20-build.sh +++ b/build-support/functions/20-build.sh @@ -316,7 +316,7 @@ function build_consul { status "Ensuring Go modules are up to date" # ensure our go module cache is correct go_mod_assert || return 1 - # setup to bind mount our hosts module cache into the container + # Setup to bind mount our hosts module cache into the container volume_mount="--mount=type=bind,source=${MAIN_GOPATH}/pkg/mod,target=/go/pkg/mod" fi diff --git a/website/content/docs/k8s/installation/vault/data-integration/bootstrap-token.mdx b/website/content/docs/k8s/installation/vault/data-integration/bootstrap-token.mdx index a3145d775..cf2d47df4 100644 --- a/website/content/docs/k8s/installation/vault/data-integration/bootstrap-token.mdx +++ b/website/content/docs/k8s/installation/vault/data-integration/bootstrap-token.mdx @@ -20,7 +20,7 @@ To use an ACL bootstrap token stored in Vault, we will follow the steps outlined 1. Store the secret in Vault. 1. Create a Vault policy that authorizes the desired level of access to the secret. -### setup per Consul datacenter +### Setup per Consul datacenter 1. Create Vault Kubernetes auth roles that link the policy to each Consul on Kubernetes service account that requires access. 1. Configure the Vault Kubernetes auth role in the Consul on Kubernetes helm chart. @@ -55,7 +55,7 @@ Apply the Vault policy by issuing the `vault policy write` CLI command: $ vault policy write boostrap-token-policy boostrap-token-policy.hcl ``` -## setup per Consul datacenter +## Setup per Consul datacenter ### Create Vault Kubernetes auth roles that link the policy to each Consul on Kubernetes service account that requires access Next, you will create Kubernetes auth roles for the Consul `server-acl-init` container that runs as part of the Consul server statefulset: diff --git a/website/content/docs/k8s/installation/vault/data-integration/connect-ca.mdx b/website/content/docs/k8s/installation/vault/data-integration/connect-ca.mdx index ad7b9c863..6cfc276d2 100644 --- a/website/content/docs/k8s/installation/vault/data-integration/connect-ca.mdx +++ b/website/content/docs/k8s/installation/vault/data-integration/connect-ca.mdx @@ -24,7 +24,7 @@ To use an Vault as the Service Mesh Certificate Provider on Kubernetes, we will ### One time setup in Vault 1. Create a Vault policy that authorizes the desired level of access to the secret. -### setup per Consul datacenter +### Setup per Consul datacenter 1. Create Vault Kubernetes auth roles that link the policy to each Consul on Kubernetes service account that requires access. 1. Configure the Vault Kubernetes auth role in the Consul on Kubernetes helm chart. @@ -40,7 +40,7 @@ you will first need to decide on the type of policy that is suitable for you. To see the permissions that Consul would need in Vault, please see [Vault ACL policies](/docs/connect/ca/vault#vault-acl-policies) documentation. -## setup per Consul datacenter +## Setup per Consul datacenter ### Create Vault Kubernetes auth roles that link the policy to each Consul on Kubernetes service account that requires access Next, you will create Kubernetes auth roles for the Consul servers: diff --git a/website/content/docs/k8s/installation/vault/data-integration/enterprise-license.mdx b/website/content/docs/k8s/installation/vault/data-integration/enterprise-license.mdx index 8f89e4f54..a744f700d 100644 --- a/website/content/docs/k8s/installation/vault/data-integration/enterprise-license.mdx +++ b/website/content/docs/k8s/installation/vault/data-integration/enterprise-license.mdx @@ -19,7 +19,7 @@ To use an enterprise license stored in Vault, we will follow the steps outlined 1. Store the secret in Vault. 1. Create a Vault policy that authorizes the desired level of access to the secret. -### setup per Consul datacenter +### Setup per Consul datacenter 1. Create Vault Kubernetes auth roles that link the policy to each Consul on Kubernetes service account that requires access. 1. Configure the Vault Kubernetes auth role in the Consul on Kubernetes helm chart. @@ -54,7 +54,7 @@ Apply the Vault policy by issuing the `vault policy write` CLI command: $ vault policy write license-policy license-policy.hcl ``` -## setup per Consul datacenter +## Setup per Consul datacenter ### Create Vault Kubernetes auth roles that link the policy to each Consul on Kubernetes service account that requires access Next, you will create Kubernetes auth roles for the Consul server and client: diff --git a/website/content/docs/k8s/installation/vault/data-integration/gossip.mdx b/website/content/docs/k8s/installation/vault/data-integration/gossip.mdx index e0360cc3c..2482559b0 100644 --- a/website/content/docs/k8s/installation/vault/data-integration/gossip.mdx +++ b/website/content/docs/k8s/installation/vault/data-integration/gossip.mdx @@ -19,7 +19,7 @@ To use a gossip encryption key stored in Vault, we will follow the steps outline 1. Store the secret in Vault. 1. Create a Vault policy that authorizes the desired level of access to the secret. -### setup per Consul datacenter +### Setup per Consul datacenter 1. Create Vault Kubernetes auth roles that link the policy to each Consul on Kubernetes service account that requires access. 1. Configure the Vault Kubernetes auth role in the Consul on Kubernetes helm chart. @@ -52,7 +52,7 @@ Apply the Vault policy by issuing the `vault policy write` CLI command: $ vault policy write gossip-policy gossip-policy.hcl ``` -## setup per Consul datacenter +## Setup per Consul datacenter ### Create Vault Kubernetes auth roles that link the policy to each Consul on Kubernetes service account that requires access Next, we will create Kubernetes auth roles for the Consul server and client: diff --git a/website/content/docs/k8s/installation/vault/data-integration/index.mdx b/website/content/docs/k8s/installation/vault/data-integration/index.mdx index e8dea2183..3f9060a81 100644 --- a/website/content/docs/k8s/installation/vault/data-integration/index.mdx +++ b/website/content/docs/k8s/installation/vault/data-integration/index.mdx @@ -20,7 +20,7 @@ Generally, for each secret you wish to store in Vault, the process to integrate 1. Store the secret in Vault. 1. Create a Vault policy that authorizes the desired level of access to the secret. -#### setup per Consul datacenter +#### Setup per Consul datacenter 1. Create Vault Kubernetes auth roles that link the policy to each Consul on Kubernetes service account that requires access. 1. Configure the Vault Kubernetes auth role in the Consul on Kubernetes helm chart. @@ -35,7 +35,7 @@ Following the general integraiton steps, a more detailed workflow for integratio 1. Create a Vault policy that authorizes the desired level of access to the secret. - Create a Vault policy that you name `gossip-policy` which allows `read` access to the path `secret/consul/gossip`. -#### setup per Consul datacenter +#### Setup per Consul datacenter 1. Create Vault Kubernetes auth roles that link the policy to each Consul on Kubernetes service account that requires access. - Both Consul servers and Consul clients need access to the gossip encryption key, so you create two Vault Kubernetes: diff --git a/website/content/docs/k8s/installation/vault/data-integration/partition-token.mdx b/website/content/docs/k8s/installation/vault/data-integration/partition-token.mdx index 0d0f9bb84..704797564 100644 --- a/website/content/docs/k8s/installation/vault/data-integration/partition-token.mdx +++ b/website/content/docs/k8s/installation/vault/data-integration/partition-token.mdx @@ -19,7 +19,7 @@ To use an ACL partition token stored in Vault, we will follow the steps outlined 1. Store the secret in Vault. 1. Create a Vault policy that authorizes the desired level of access to the secret. -### setup per Consul datacenter +### Setup per Consul datacenter 1. Create Vault Kubernetes auth roles that link the policy to each Consul on Kubernetes service account that requires access. 1. Configure the Vault Kubernetes auth role in the Consul on Kubernetes helm chart. @@ -54,7 +54,7 @@ Apply the Vault policy by issuing the `vault policy write` CLI command: $ vault policy write partition-token-policy partition-token-policy.hcl ``` -## setup per Consul datacenter +## Setup per Consul datacenter ### Create Vault Kubernetes auth roles that link the policy to each Consul on Kubernetes service account that requires access Next, you will create Kubernetes auth roles for the Consul `server-acl-init` job: diff --git a/website/content/docs/k8s/installation/vault/data-integration/replication-token.mdx b/website/content/docs/k8s/installation/vault/data-integration/replication-token.mdx index 74b854748..90534df40 100644 --- a/website/content/docs/k8s/installation/vault/data-integration/replication-token.mdx +++ b/website/content/docs/k8s/installation/vault/data-integration/replication-token.mdx @@ -19,7 +19,7 @@ To use an ACL replication token stored in Vault, we will follow the steps outlin 1. Store the secret in Vault. 1. Create a Vault policy that authorizes the desired level of access to the secret. -### setup per Consul datacenter +### Setup per Consul datacenter 1. Create Vault Kubernetes auth roles that link the policy to each Consul on Kubernetes service account that requires access. 1. Configure the Vault Kubernetes auth role in the Consul on Kubernetes helm chart. @@ -54,7 +54,7 @@ Apply the Vault policy by issuing the `vault policy write` CLI command: $ vault policy write replication-token-policy replication-token-policy.hcl ``` -## setup per Consul datacenter +## Setup per Consul datacenter ### Create Vault Kubernetes auth roles that link the policy to each Consul on Kubernetes service account that requires access Next, you will create Kubernetes auth roles for the Consul `server-acl-init` job: diff --git a/website/content/docs/k8s/installation/vault/data-integration/server-tls.mdx b/website/content/docs/k8s/installation/vault/data-integration/server-tls.mdx index 35b187f00..ca362f807 100644 --- a/website/content/docs/k8s/installation/vault/data-integration/server-tls.mdx +++ b/website/content/docs/k8s/installation/vault/data-integration/server-tls.mdx @@ -47,7 +47,7 @@ To use an Vault as the Server TLS Certificate Provider on Kubernetes, we will ne ### One time setup in Vault 1. Create a Vault policy that authorizes the desired level of access to the secret. -### setup per Consul datacenter +### Setup per Consul datacenter 1. (Added) Create a Vault PKI role that establishes the domains that it is allowed to issue certificates for 1. Create Vault Kubernetes auth roles that link the policy to each Consul on Kubernetes service account that requires access. 1. Configure the Vault Kubernetes auth role in the Consul on Kubernetes helm chart. @@ -108,7 +108,7 @@ $ vault policy write ca-policy ca-policy.hcl -> **Note:** The PKI secret path referenced by the above Policy will be your `global.tls.caCert.secretName` Helm value. -## setup per Consul datacenter +## Setup per Consul datacenter ### Create a Vault PKI role that establishes the domains that it is allowed to issue certificates for Next, a Vault role for the PKI engine will set the default certificate issuance parameters: diff --git a/website/content/docs/k8s/installation/vault/data-integration/snapshot-agent-config.mdx b/website/content/docs/k8s/installation/vault/data-integration/snapshot-agent-config.mdx index fee102dcb..6e6d4970c 100644 --- a/website/content/docs/k8s/installation/vault/data-integration/snapshot-agent-config.mdx +++ b/website/content/docs/k8s/installation/vault/data-integration/snapshot-agent-config.mdx @@ -20,7 +20,7 @@ To use an ACL replication token stored in Vault, we will follow the steps outlin 1. Store the secret in Vault. 1. Create a Vault policy that authorizes the desired level of access to the secret. -### setup per Consul datacenter +### Setup per Consul datacenter 1. Create Vault Kubernetes auth roles that link the policy to each Consul on Kubernetes service account that requires access. 1. Configure the Vault Kubernetes auth role in the Consul on Kubernetes helm chart. @@ -56,7 +56,7 @@ Apply the Vault policy by issuing the `vault policy write` CLI command: $ vault policy write snapshot-agent-config-policy snapshot-agent-config-policy.hcl ``` -## setup per Consul datacenter +## Setup per Consul datacenter ### Create Vault Kubernetes auth roles that link the policy to each Consul on Kubernetes service account that requires access Next, you will create a Kubernetes auth role for the Consul snapshot agent: From cf7e6484aa4a9222aa6079e37ca64d720c9b14aa Mon Sep 17 00:00:00 2001 From: FFMMM Date: Tue, 12 Apr 2022 10:50:25 -0700 Subject: [PATCH 131/785] add more labels to RequestRecorder (#12727) Co-authored-by: Daniel Nephin Signed-off-by: FFMMM --- .changelog/12727.txt | 4 + agent/consul/options.go | 2 +- agent/consul/server.go | 41 ++-- agent/consul/server_test.go | 15 +- agent/metrics_test.go | 2 +- agent/rpc/middleware/interceptors.go | 90 ++++++- agent/rpc/middleware/interceptors_test.go | 271 ++++++++++++++++------ 7 files changed, 320 insertions(+), 105 deletions(-) create mode 100644 .changelog/12727.txt diff --git a/.changelog/12727.txt b/.changelog/12727.txt new file mode 100644 index 000000000..9ec5da457 --- /dev/null +++ b/.changelog/12727.txt @@ -0,0 +1,4 @@ +```release-note:improvement +telemetry: Add new `leader` label to `consul.rpc.server.call` and optional `target_datacenter`, `locality`, +`allow_stale`, and `blocking` optional labels. +``` \ No newline at end of file diff --git a/agent/consul/options.go b/agent/consul/options.go index e253864a5..a4cd299e3 100644 --- a/agent/consul/options.go +++ b/agent/consul/options.go @@ -25,7 +25,7 @@ type Deps struct { // the rpc server. GetNetRPCInterceptorFunc func(recorder *middleware.RequestRecorder) rpc.ServerServiceCallInterceptor // NewRequestRecorderFunc provides a middleware.RequestRecorder for the server to use; it cannot be nil - NewRequestRecorderFunc func(logger hclog.Logger) *middleware.RequestRecorder + NewRequestRecorderFunc func(logger hclog.Logger, isLeader func() bool, localDC string) *middleware.RequestRecorder EnterpriseDeps } diff --git a/agent/consul/server.go b/agent/consul/server.go index 401954d85..eaf974032 100644 --- a/agent/consul/server.go +++ b/agent/consul/server.go @@ -386,24 +386,6 @@ func NewServer(config *Config, flat Deps, publicGRPCServer *grpc.Server) (*Serve serverLogger := flat.Logger.NamedIntercept(logging.ConsulServer) loggers := newLoggerStore(serverLogger) - var recorder *middleware.RequestRecorder - if flat.NewRequestRecorderFunc == nil { - return nil, fmt.Errorf("cannot initialize server without an RPC request recorder provider") - } - recorder = flat.NewRequestRecorderFunc(serverLogger) - if recorder == nil { - return nil, fmt.Errorf("cannot initialize server without a non nil RPC request recorder") - } - - var rpcServer, insecureRPCServer *rpc.Server - if flat.GetNetRPCInterceptorFunc == nil { - rpcServer = rpc.NewServer() - insecureRPCServer = rpc.NewServer() - } else { - rpcServer = rpc.NewServerWithOpts(rpc.WithServerServiceCallInterceptor(flat.GetNetRPCInterceptorFunc(recorder))) - insecureRPCServer = rpc.NewServerWithOpts(rpc.WithServerServiceCallInterceptor(flat.GetNetRPCInterceptorFunc(recorder))) - } - eventPublisher := stream.NewEventPublisher(10 * time.Second) fsmDeps := fsm.Deps{ @@ -427,9 +409,6 @@ func NewServer(config *Config, flat Deps, publicGRPCServer *grpc.Server) (*Serve leaveCh: make(chan struct{}), reconcileCh: make(chan serf.Member, reconcileChSize), router: flat.Router, - rpcRecorder: recorder, - rpcServer: rpcServer, - insecureRPCServer: insecureRPCServer, tlsConfigurator: flat.TLSConfigurator, publicGRPCServer: publicGRPCServer, reassertLeaderCh: make(chan chan error), @@ -443,6 +422,26 @@ func NewServer(config *Config, flat Deps, publicGRPCServer *grpc.Server) (*Serve publisher: eventPublisher, } + var recorder *middleware.RequestRecorder + if flat.NewRequestRecorderFunc != nil { + recorder = flat.NewRequestRecorderFunc(serverLogger, s.IsLeader, s.config.Datacenter) + } else { + return nil, fmt.Errorf("cannot initialize server without an RPC request recorder provider") + } + if recorder == nil { + return nil, fmt.Errorf("cannot initialize server with a nil RPC request recorder") + } + + if flat.GetNetRPCInterceptorFunc == nil { + s.rpcServer = rpc.NewServer() + s.insecureRPCServer = rpc.NewServer() + } else { + s.rpcServer = rpc.NewServerWithOpts(rpc.WithServerServiceCallInterceptor(flat.GetNetRPCInterceptorFunc(recorder))) + s.insecureRPCServer = rpc.NewServerWithOpts(rpc.WithServerServiceCallInterceptor(flat.GetNetRPCInterceptorFunc(recorder))) + } + + s.rpcRecorder = recorder + go s.publisher.Run(&lib.StopChannelContext{StopCh: s.shutdownCh}) if s.config.ConnectMeshGatewayWANFederationEnabled { diff --git a/agent/consul/server_test.go b/agent/consul/server_test.go index 5c06fb4d9..0d6a4925b 100644 --- a/agent/consul/server_test.go +++ b/agent/consul/server_test.go @@ -1172,7 +1172,8 @@ func TestServer_RPC_MetricsIntercept_Off(t *testing.T) { // note that there will be "internal" net/rpc calls made // that will still show up; those don't go thru the net/rpc interceptor; // see consul.agent.rpc.middleware.RPCTypeInternal for context - deps.NewRequestRecorderFunc = func(logger hclog.Logger) *middleware.RequestRecorder { + deps.NewRequestRecorderFunc = func(logger hclog.Logger, isLeader func() bool, localDC string) *middleware.RequestRecorder { + // for the purposes of this test, we don't need isLeader or localDC return &middleware.RequestRecorder{ Logger: hclog.NewInterceptLogger(&hclog.LoggerOptions{}), RecorderFunc: simpleRecorderFunc, @@ -1205,7 +1206,8 @@ func TestServer_RPC_MetricsIntercept_Off(t *testing.T) { // note that there will be "internal" net/rpc calls made // that will still show up; those don't go thru the net/rpc interceptor; // see consul.agent.rpc.middleware.RPCTypeInternal for context - deps.NewRequestRecorderFunc = func(logger hclog.Logger) *middleware.RequestRecorder { + deps.NewRequestRecorderFunc = func(logger hclog.Logger, isLeader func() bool, localDC string) *middleware.RequestRecorder { + // for the purposes of this test, we don't need isLeader or localDC return &middleware.RequestRecorder{ Logger: hclog.NewInterceptLogger(&hclog.LoggerOptions{}), RecorderFunc: simpleRecorderFunc, @@ -1265,14 +1267,14 @@ func TestServer_RPC_RequestRecorder(t *testing.T) { t.Run("test nil RequestRecorder", func(t *testing.T) { _, conf := testServerConfig(t) deps := newDefaultDeps(t, conf) - deps.NewRequestRecorderFunc = func(logger hclog.Logger) *middleware.RequestRecorder { + deps.NewRequestRecorderFunc = func(logger hclog.Logger, isLeader func() bool, localDC string) *middleware.RequestRecorder { return nil } s2, err := NewServer(conf, deps, grpc.NewServer()) require.Error(t, err, "need err when RequestRecorder is nil") - require.Equal(t, err.Error(), "cannot initialize server without a non nil RPC request recorder") + require.Equal(t, err.Error(), "cannot initialize server with a nil RPC request recorder") t.Cleanup(func() { if s2 != nil { @@ -1308,7 +1310,8 @@ func TestServer_RPC_MetricsIntercept(t *testing.T) { simpleRecorderFunc := func(key []string, val float32, labels []metrics.Label) { storage[keyMakingFunc(key, labels)] = val } - deps.NewRequestRecorderFunc = func(logger hclog.Logger) *middleware.RequestRecorder { + deps.NewRequestRecorderFunc = func(logger hclog.Logger, isLeader func() bool, localDC string) *middleware.RequestRecorder { + // for the purposes of this test, we don't need isLeader or localDC return &middleware.RequestRecorder{ Logger: hclog.NewInterceptLogger(&hclog.LoggerOptions{}), RecorderFunc: simpleRecorderFunc, @@ -1344,11 +1347,13 @@ func TestServer_RPC_MetricsIntercept(t *testing.T) { {Name: "errored", Value: "false"}, {Name: "request_type", Value: "read"}, {Name: "rpc_type", Value: "test"}, + {Name: "server_role", Value: "unreported"}, } key := keyMakingFunc(middleware.OneTwelveRPCSummary[0].Name, expectedLabels) if _, ok := storage[key]; !ok { + // the compound key will look like: "rpc+server+call+Status.Ping+false+read+test+unreported" t.Fatalf("Did not find key %s in the metrics log, ", key) } }) diff --git a/agent/metrics_test.go b/agent/metrics_test.go index 448694e3e..76b3fff28 100644 --- a/agent/metrics_test.go +++ b/agent/metrics_test.go @@ -199,7 +199,7 @@ func TestAgent_OneTwelveRPCMetrics(t *testing.T) { recordPromMetrics(t, a, respRec) // make sure the labels exist for this metric - assertMetricExistsWithLabels(t, respRec, metricsPrefix+"_rpc_server_call", []string{"errored", "method", "request_type", "rpc_type"}) + assertMetricExistsWithLabels(t, respRec, metricsPrefix+"_rpc_server_call", []string{"errored", "method", "request_type", "rpc_type", "leader"}) // make sure we see 3 Status.Ping metrics corresponding to the calls we made above assertLabelWithValueForMetricExistsNTime(t, respRec, metricsPrefix+"_rpc_server_call", "method", "Status.Ping", 3) }) diff --git a/agent/rpc/middleware/interceptors.go b/agent/rpc/middleware/interceptors.go index ba6747c3a..049283ac2 100644 --- a/agent/rpc/middleware/interceptors.go +++ b/agent/rpc/middleware/interceptors.go @@ -33,33 +33,79 @@ var OneTwelveRPCSummary = []prometheus.SummaryDefinition{ } type RequestRecorder struct { - Logger hclog.Logger - RecorderFunc func(key []string, val float32, labels []metrics.Label) + Logger hclog.Logger + RecorderFunc func(key []string, val float32, labels []metrics.Label) + serverIsLeader func() bool + localDC string } -func NewRequestRecorder(logger hclog.Logger) *RequestRecorder { - return &RequestRecorder{Logger: logger, RecorderFunc: metrics.AddSampleWithLabels} +func NewRequestRecorder(logger hclog.Logger, isLeader func() bool, localDC string) *RequestRecorder { + return &RequestRecorder{ + Logger: logger, + RecorderFunc: metrics.AddSampleWithLabels, + serverIsLeader: isLeader, + localDC: localDC, + } } func (r *RequestRecorder) Record(requestName string, rpcType string, start time.Time, request interface{}, respErrored bool) { elapsed := time.Since(start).Milliseconds() reqType := requestType(request) + isLeader := r.getServerLeadership() labels := []metrics.Label{ {Name: "method", Value: requestName}, {Name: "errored", Value: strconv.FormatBool(respErrored)}, {Name: "request_type", Value: reqType}, {Name: "rpc_type", Value: rpcType}, + {Name: "leader", Value: isLeader}, } + labels = r.addOptionalLabels(request, labels) + // math.MaxInt64 < math.MaxFloat32 is true so we should be good! r.RecorderFunc(metricRPCRequest, float32(elapsed), labels) - r.Logger.Trace(requestLogName, - "method", requestName, - "errored", respErrored, - "request_type", reqType, - "rpc_type", rpcType, - "elapsed", elapsed) + + labelsArr := flattenLabels(labels) + r.Logger.Trace(requestLogName, labelsArr...) + +} + +func flattenLabels(labels []metrics.Label) []interface{} { + + var labelArr []interface{} + for _, label := range labels { + labelArr = append(labelArr, label.Name, label.Value) + } + + return labelArr +} + +func (r *RequestRecorder) addOptionalLabels(request interface{}, labels []metrics.Label) []metrics.Label { + if rq, ok := request.(readQuery); ok { + labels = append(labels, + metrics.Label{ + Name: "allow_stale", + Value: strconv.FormatBool(rq.AllowStaleRead()), + }, + metrics.Label{ + Name: "blocking", + Value: strconv.FormatBool(rq.GetMinQueryIndex() > 0), + }) + } + + if td, ok := request.(targetDC); ok { + requestDC := td.RequestDatacenter() + labels = append(labels, metrics.Label{Name: "target_datacenter", Value: requestDC}) + + if r.localDC == requestDC { + labels = append(labels, metrics.Label{Name: "locality", Value: "local"}) + } else { + labels = append(labels, metrics.Label{Name: "locality", Value: "forwarded"}) + } + } + + return labels } func requestType(req interface{}) string { @@ -77,6 +123,30 @@ func requestType(req interface{}) string { return "unreported" } +func (r *RequestRecorder) getServerLeadership() string { + if r.serverIsLeader != nil { + if r.serverIsLeader() { + return "true" + } else { + return "false" + } + } + + // This logical branch should not happen. If it happens + // it means that we have not plumbed down a way to verify + // whether the server handling the request was a leader or not + return "unreported" +} + +type readQuery interface { + GetMinQueryIndex() uint64 + AllowStaleRead() bool +} + +type targetDC interface { + RequestDatacenter() string +} + func GetNetRPCInterceptor(recorder *RequestRecorder) rpc.ServerServiceCallInterceptor { return func(reqServiceMethod string, argv, replyv reflect.Value, handler func() error) { reqStart := time.Now() diff --git a/agent/rpc/middleware/interceptors_test.go b/agent/rpc/middleware/interceptors_test.go index 63fbefecb..d9676846b 100644 --- a/agent/rpc/middleware/interceptors_test.go +++ b/agent/rpc/middleware/interceptors_test.go @@ -48,6 +48,8 @@ var simpleRecorderFunc = func(key []string, val float32, labels []metrics.Label) type readRequest struct{} type writeRequest struct{} +type readReqWithTD struct{} +type writeReqWithTD struct{} func (rr readRequest) IsRead() bool { return true @@ -57,75 +59,210 @@ func (wr writeRequest) IsRead() bool { return false } -// TestRequestRecorder_SimpleOK tests that the RequestRecorder can record a simple request. -func TestRequestRecorder_SimpleOK(t *testing.T) { - t.Parallel() - - r := RequestRecorder{ - Logger: hclog.NewInterceptLogger(&hclog.LoggerOptions{}), - RecorderFunc: simpleRecorderFunc, - } - - start := time.Now() - r.Record("A.B", RPCTypeInternal, start, struct{}{}, false) - - expectedLabels := []metrics.Label{ - {Name: "method", Value: "A.B"}, - {Name: "errored", Value: "false"}, - {Name: "request_type", Value: "unreported"}, - {Name: "rpc_type", Value: RPCTypeInternal}, - } - - o := store.get(append(metricRPCRequest, expectedLabels[0].Value)) - require.Equal(t, o.key, metricRPCRequest) - require.LessOrEqual(t, o.elapsed, float32(start.Sub(time.Now()).Milliseconds())) - require.Equal(t, o.labels, expectedLabels) +func (r readReqWithTD) IsRead() bool { + return true } -// TestRequestRecorder_ReadRequest tests that RequestRecorder can record a read request AND a responseErrored arg. -func TestRequestRecorder_ReadRequest(t *testing.T) { - t.Parallel() - - r := RequestRecorder{ - Logger: hclog.NewInterceptLogger(&hclog.LoggerOptions{}), - RecorderFunc: simpleRecorderFunc, - } - - start := time.Now() - - r.Record("B.A", RPCTypeNetRPC, start, readRequest{}, true) - - expectedLabels := []metrics.Label{ - {Name: "method", Value: "B.A"}, - {Name: "errored", Value: "true"}, - {Name: "request_type", Value: "read"}, - {Name: "rpc_type", Value: RPCTypeNetRPC}, - } - - o := store.get(append(metricRPCRequest, expectedLabels[0].Value)) - require.Equal(t, o.labels, expectedLabels) +func (r readReqWithTD) RequestDatacenter() string { + return "dc3" } -// TestRequestRecorder_WriteRequest tests that RequestRecorder can record a write request. -func TestRequestRecorder_WriteRequest(t *testing.T) { - t.Parallel() - - r := RequestRecorder{ - Logger: hclog.NewInterceptLogger(&hclog.LoggerOptions{}), - RecorderFunc: simpleRecorderFunc, - } - - start := time.Now() - - r.Record("B.C", RPCTypeNetRPC, start, writeRequest{}, true) - - expectedLabels := []metrics.Label{ - {Name: "method", Value: "B.C"}, - {Name: "errored", Value: "true"}, - {Name: "request_type", Value: "write"}, - {Name: "rpc_type", Value: RPCTypeNetRPC}, - } - - o := store.get(append(metricRPCRequest, expectedLabels[0].Value)) - require.Equal(t, o.labels, expectedLabels) +func (r readReqWithTD) GetMinQueryIndex() uint64 { + return 1 +} +func (r readReqWithTD) AllowStaleRead() bool { + return false +} + +func (w writeReqWithTD) IsRead() bool { + return false +} + +func (w writeReqWithTD) RequestDatacenter() string { + return "dc2" +} + +type testCase struct { + name string + // description is meant for human friendliness + description string + // requestName is encouraged to be unique across tests to + // avoid lock contention + requestName string + requestI interface{} + rpcType string + errored bool + isLeader func() bool + dc string + // the first element in expectedLabels should be the method name + expectedLabels []metrics.Label +} + +var testCases = []testCase{ + { + name: "simple ok", + description: "This is a simple happy path test case. We check for pass through and normal request processing", + requestName: "A.B", + requestI: struct{}{}, + rpcType: RPCTypeInternal, + errored: false, + dc: "dc1", + expectedLabels: []metrics.Label{ + {Name: "method", Value: "A.B"}, + {Name: "errored", Value: "false"}, + {Name: "request_type", Value: "unreported"}, + {Name: "rpc_type", Value: RPCTypeInternal}, + {Name: "leader", Value: "unreported"}, + }, + }, + { + name: "simple ok errored", + description: "Checks that the errored value is populated right.", + requestName: "A.C", + requestI: struct{}{}, + rpcType: "test", + errored: true, + dc: "dc1", + expectedLabels: []metrics.Label{ + {Name: "method", Value: "A.C"}, + {Name: "errored", Value: "true"}, + {Name: "request_type", Value: "unreported"}, + {Name: "rpc_type", Value: "test"}, + {Name: "leader", Value: "unreported"}, + }, + }, + { + name: "read request, rpc type internal", + description: "Checks for read request interface parsing", + requestName: "B.C", + requestI: readRequest{}, + rpcType: RPCTypeInternal, + errored: false, + dc: "dc1", + expectedLabels: []metrics.Label{ + {Name: "method", Value: "B.C"}, + {Name: "errored", Value: "false"}, + {Name: "request_type", Value: "read"}, + {Name: "rpc_type", Value: RPCTypeInternal}, + {Name: "leader", Value: "unreported"}, + }, + }, + { + name: "write request, rpc type net/rpc", + description: "Checks for write request interface, different RPC type", + requestName: "D.E", + requestI: writeRequest{}, + rpcType: RPCTypeNetRPC, + errored: false, + dc: "dc1", + expectedLabels: []metrics.Label{ + {Name: "method", Value: "D.E"}, + {Name: "errored", Value: "false"}, + {Name: "request_type", Value: "write"}, + {Name: "rpc_type", Value: RPCTypeNetRPC}, + {Name: "leader", Value: "unreported"}, + }, + }, + { + name: "read request with blocking stale and target dc", + description: "Checks for locality, blocking status and target dc", + requestName: "E.F", + requestI: readReqWithTD{}, + rpcType: RPCTypeNetRPC, + errored: false, + dc: "dc1", + expectedLabels: []metrics.Label{ + {Name: "method", Value: "E.F"}, + {Name: "errored", Value: "false"}, + {Name: "request_type", Value: "read"}, + {Name: "rpc_type", Value: RPCTypeNetRPC}, + {Name: "leader", Value: "unreported"}, + {Name: "allow_stale", Value: "false"}, + {Name: "blocking", Value: "true"}, + {Name: "target_datacenter", Value: "dc3"}, + {Name: "locality", Value: "forwarded"}, + }, + }, + { + name: "write request with TD, locality local", + description: "Checks for write request with local forwarding and target dc", + requestName: "F.G", + requestI: writeReqWithTD{}, + rpcType: RPCTypeNetRPC, + errored: false, + dc: "dc2", + expectedLabels: []metrics.Label{ + {Name: "method", Value: "F.G"}, + {Name: "errored", Value: "false"}, + {Name: "request_type", Value: "write"}, + {Name: "rpc_type", Value: RPCTypeNetRPC}, + {Name: "leader", Value: "unreported"}, + {Name: "target_datacenter", Value: "dc2"}, + {Name: "locality", Value: "local"}, + }, + }, + { + name: "is leader", + description: "checks for is leader", + requestName: "G.H", + requestI: struct{}{}, + rpcType: "test", + errored: false, + isLeader: func() bool { + return true + }, + expectedLabels: []metrics.Label{ + {Name: "method", Value: "G.H"}, + {Name: "errored", Value: "false"}, + {Name: "request_type", Value: "unreported"}, + {Name: "rpc_type", Value: "test"}, + {Name: "leader", Value: "true"}, + }, + }, + { + name: "is not leader", + description: "checks for is not leader", + requestName: "H.I", + requestI: struct{}{}, + rpcType: "test", + errored: false, + isLeader: func() bool { + return false + }, + expectedLabels: []metrics.Label{ + {Name: "method", Value: "H.I"}, + {Name: "errored", Value: "false"}, + {Name: "request_type", Value: "unreported"}, + {Name: "rpc_type", Value: "test"}, + {Name: "leader", Value: "false"}, + }, + }, +} + +// TestRequestRecorder goes over all the parsing and reporting that RequestRecorder +// is expected to perform. +func TestRequestRecorder(t *testing.T) { + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + + r := RequestRecorder{ + Logger: hclog.NewInterceptLogger(&hclog.LoggerOptions{}), + RecorderFunc: simpleRecorderFunc, + serverIsLeader: tc.isLeader, + localDC: tc.dc, + } + + start := time.Now() + r.Record(tc.requestName, tc.rpcType, start, tc.requestI, tc.errored) + + key := append(metricRPCRequest, tc.expectedLabels[0].Value) + o := store.get(key) + + require.Equal(t, o.key, metricRPCRequest) + require.LessOrEqual(t, o.elapsed, float32(start.Sub(time.Now()).Milliseconds())) + require.Equal(t, o.labels, tc.expectedLabels) + + }) + } } From 005e5f12d802534e2f7e4ba7055e3f9e42dd7e01 Mon Sep 17 00:00:00 2001 From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com> Date: Tue, 12 Apr 2022 13:41:12 -0500 Subject: [PATCH 132/785] deps: update to latest go-discover (#12739) Fixes #11253 $ go mod why -m github.com/dgrijalva/jwt-go # github.com/dgrijalva/jwt-go (main module does not need module github.com/dgrijalva/jwt-go) $ go mod why -m github.com/form3tech-oss/jwt-go # github.com/form3tech-oss/jwt-go github.com/hashicorp/consul/agent github.com/hashicorp/go-discover github.com/hashicorp/go-discover/provider/azure github.com/Azure/go-autorest/autorest github.com/Azure/go-autorest/autorest/adal github.com/form3tech-oss/jwt-go --- .changelog/12739.txt | 3 +++ go.mod | 2 +- go.sum | 20 +++++++++++++------- 3 files changed, 17 insertions(+), 8 deletions(-) create mode 100644 .changelog/12739.txt diff --git a/.changelog/12739.txt b/.changelog/12739.txt new file mode 100644 index 000000000..83ea33c2c --- /dev/null +++ b/.changelog/12739.txt @@ -0,0 +1,3 @@ +```release-note:improvement +deps: update to latest go-discover to fix vulnerable transitive jwt-go dependency +``` diff --git a/go.mod b/go.mod index 47b494c46..8d7134af3 100644 --- a/go.mod +++ b/go.mod @@ -39,7 +39,7 @@ require ( github.com/hashicorp/go-checkpoint v0.5.0 github.com/hashicorp/go-cleanhttp v0.5.1 github.com/hashicorp/go-connlimit v0.3.0 - github.com/hashicorp/go-discover v0.0.0-20210818145131-c573d69da192 + github.com/hashicorp/go-discover v0.0.0-20220411141802-20db45f7f0f9 github.com/hashicorp/go-hclog v0.14.1 github.com/hashicorp/go-memdb v1.3.2 github.com/hashicorp/go-multierror v1.1.1 diff --git a/go.sum b/go.sum index fb093ee1e..9311ff481 100644 --- a/go.sum +++ b/go.sum @@ -35,11 +35,13 @@ github.com/Azure/azure-sdk-for-go v44.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9mo github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs= github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/Azure/go-autorest/autorest v0.9.0/go.mod h1:xyHB1BMZT0cuDHU7I0+g046+BFDTQ8rEZB0s4Yfa6bI= -github.com/Azure/go-autorest/autorest v0.11.0 h1:tnO41Uo+/0sxTMFY/U7aKg2abek3JOnnXcuSuba74jI= github.com/Azure/go-autorest/autorest v0.11.0/go.mod h1:JFgpikqFJ/MleTTxwepExTKnFUKKszPS8UavbQYUMuw= +github.com/Azure/go-autorest/autorest v0.11.18 h1:90Y4srNYrwOtAgVo3ndrQkTYn6kf1Eg/AjTFJ8Is2aM= +github.com/Azure/go-autorest/autorest v0.11.18/go.mod h1:dSiJPy22c3u0OtOKDNttNgqpNFY/GeWa7GH/Pz56QRA= github.com/Azure/go-autorest/autorest/adal v0.5.0/go.mod h1:8Z9fGy2MpX0PvDjB1pEgQTmVqjGhiHBW7RJJEciWzS0= -github.com/Azure/go-autorest/autorest/adal v0.9.0 h1:SigMbuFNuKgc1xcGhaeapbh+8fgsu+GxgDRFyg7f5lM= github.com/Azure/go-autorest/autorest/adal v0.9.0/go.mod h1:/c022QCutn2P7uY+/oQWWNcK9YU+MH96NgK+jErpbcg= +github.com/Azure/go-autorest/autorest/adal v0.9.13 h1:Mp5hbtOePIzM8pJVRa3YLrWWmZtoxRXqUEzCfJt3+/Q= +github.com/Azure/go-autorest/autorest/adal v0.9.13/go.mod h1:W/MM4U6nLxnIskrw4UwWzlHfGjwUS50aOsc/I3yuU8M= github.com/Azure/go-autorest/autorest/azure/auth v0.5.0 h1:nSMjYIe24eBYasAIxt859TxyXef/IqoH+8/g4+LmcVs= github.com/Azure/go-autorest/autorest/azure/auth v0.5.0/go.mod h1:QRTvSZQpxqm8mSErhnbI+tANIBAKP7B+UIE2z4ypUO0= github.com/Azure/go-autorest/autorest/azure/cli v0.4.0 h1:Ml+UCrnlKD+cJmSzrZ/RDcDw86NjkRUpnFh7V5JUhzU= @@ -49,15 +51,17 @@ github.com/Azure/go-autorest/autorest/date v0.3.0 h1:7gUk1U5M/CQbp9WoqinNzJar+8K github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74= github.com/Azure/go-autorest/autorest/mocks v0.1.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0= github.com/Azure/go-autorest/autorest/mocks v0.2.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0= -github.com/Azure/go-autorest/autorest/mocks v0.4.0 h1:z20OWOSG5aCye0HEkDp6TPmP17ZcfeMxPi6HnSALa8c= github.com/Azure/go-autorest/autorest/mocks v0.4.0/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= +github.com/Azure/go-autorest/autorest/mocks v0.4.1 h1:K0laFcLE6VLTOwNgSxaGbUcLPuGXlNkbVvq4cW4nIHk= +github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= github.com/Azure/go-autorest/autorest/to v0.4.0 h1:oXVqrxakqqV1UZdSazDOPOLvOIz+XA683u8EctwboHk= github.com/Azure/go-autorest/autorest/to v0.4.0/go.mod h1:fE8iZBn7LQR7zH/9XU2NcPR4o9jEImooCeWJcYV/zLE= github.com/Azure/go-autorest/autorest/validation v0.3.0 h1:3I9AAI63HfcLtphd9g39ruUwRI+Ca+z/f36KHPFRUss= github.com/Azure/go-autorest/autorest/validation v0.3.0/go.mod h1:yhLgjC0Wda5DYXl6JAsWyUe4KVNffhoDhG0zVzUMo3E= github.com/Azure/go-autorest/logger v0.1.0/go.mod h1:oExouG+K6PryycPJfVSxi/koC6LSNgds39diKLz7Vrc= -github.com/Azure/go-autorest/logger v0.2.0 h1:e4RVHVZKC5p6UANLJHkM4OfR1UKZPj8Wt8Pcx+3oqrE= github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= +github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+ZtXWSmf4Tg= +github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= github.com/Azure/go-autorest/tracing v0.5.0/go.mod h1:r/s2XiOKccPW3HrqB+W0TQzfbtp2fGCgRFtBroKn4Dk= github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo= github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= @@ -143,7 +147,6 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/denverdino/aliyungo v0.0.0-20170926055100-d3308649c661 h1:lrWnAyy/F72MbxIxFUzKmcMCdt9Oi8RzpAxzTNQHD7o= github.com/denverdino/aliyungo v0.0.0-20170926055100-d3308649c661/go.mod h1:dV8lFg6daOBZbT6/BDGIz6Y3WFGn8juu6G+CQ6LHtl0= -github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM= github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= github.com/digitalocean/godo v1.7.5/go.mod h1:h6faOIcZ8lWIwNQ+DN7b3CgX4Kwby5T+nbpNqkUIozU= @@ -174,6 +177,8 @@ github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5Kwzbycv github.com/fatih/color v1.9.0 h1:8xPHl4/q1VyqGIPif1F+1V3Y3lSmrq01EabUW3CoW5s= github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M= +github.com/form3tech-oss/jwt-go v3.2.2+incompatible h1:TcekIExNqud5crz4xD2pavyTgWiPvpYe4Xau31I0PRk= +github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/frankban/quicktest v1.11.0 h1:Yyrghcw93e1jKo4DTZkRFTTFvBsVhzbblBUPNU1vW6Q= github.com/frankban/quicktest v1.11.0/go.mod h1:K+q6oSqb0W0Ininfk863uOk1lMy69l/P6txr3mVT54s= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= @@ -301,8 +306,8 @@ github.com/hashicorp/go-cleanhttp v0.5.1 h1:dH3aiDG9Jvb5r5+bYHsikaOUIpcM0xvgMXVo github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= github.com/hashicorp/go-connlimit v0.3.0 h1:oAojHGjFxUTTTA8c5XXnDqWJ2HLuWbDiBPTpWvNzvqM= github.com/hashicorp/go-connlimit v0.3.0/go.mod h1:OUj9FGL1tPIhl/2RCfzYHrIiWj+VVPGNyVPnUX8AqS0= -github.com/hashicorp/go-discover v0.0.0-20210818145131-c573d69da192 h1:eje2KOX8Sf7aYPiAsLnpWdAIrGRMcpFjN/Go/Exb7Zo= -github.com/hashicorp/go-discover v0.0.0-20210818145131-c573d69da192/go.mod h1:3/4dzY4lR1Hzt9bBqMhBzG7lngZ0GKx/nL6G/ad62wE= +github.com/hashicorp/go-discover v0.0.0-20220411141802-20db45f7f0f9 h1:2GsEkBZf1q4LKZjtd4cO+V0xd85xGCMolX3ebC2+xd4= +github.com/hashicorp/go-discover v0.0.0-20220411141802-20db45f7f0f9/go.mod h1:1xfdKvc3pe5WKxfUUHHOGaKMk7NLGhHY1jkyhKo6098= github.com/hashicorp/go-hclog v0.0.0-20180709165350-ff2cf002a8dd/go.mod h1:9bjs9uLqI8l75knNv3lV1kA55veR+WUPSiKIWcQHudI= github.com/hashicorp/go-hclog v0.9.1/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= @@ -641,6 +646,7 @@ golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a h1:kr2P4QFmQr29mSLA43kwrOcgcReGTfbE9N577tCTuBc= golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= From 0c05f6d2e377a809f35ebfe4155417fcea4b4b5b Mon Sep 17 00:00:00 2001 From: FFMMM Date: Tue, 12 Apr 2022 11:53:30 -0700 Subject: [PATCH 133/785] add docs for new labels (#12757) --- website/content/docs/agent/telemetry.mdx | 25 ++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) diff --git a/website/content/docs/agent/telemetry.mdx b/website/content/docs/agent/telemetry.mdx index 7296ed208..208e3bc5d 100644 --- a/website/content/docs/agent/telemetry.mdx +++ b/website/content/docs/agent/telemetry.mdx @@ -537,12 +537,13 @@ Note that values of the `consul.rpc.server.call` may emit as `0 ms`. That means The the server workload metrics above come with the following labels: -| Label Name | Description | Possible values | -| ------------------------------------- | --------------------------------------------------------- | --------------------------------------- | -| `method` | The name of the RPC method. | The value of any RPC request in Consul. | -| `errored` | Indicates whether the RPC call errored. | `True` or `False`. | -| `request_type` | Whether it is a `read` or `write` request. | `read`, `write` or `unreported`. | -| `rpc_type` | The RPC implementation. | `net/rpc` or `internal`. | +| Label Name | Description | Possible values | +| ------------------------------------- | -------------------------------------------------------------------- | --------------------------------------- | +| `method` | The name of the RPC method. | The value of any RPC request in Consul. | +| `errored` | Indicates whether the RPC call errored. | `true` or `false`. | +| `request_type` | Whether it is a `read` or `write` request. | `read`, `write` or `unreported`. | +| `rpc_type` | The RPC implementation. | `net/rpc` or `internal`. | +| `leader` | Whether the server was a `leader` or not at the time of the request. | `true`, `false` or `unreported`. | #### Label Explanations @@ -551,6 +552,18 @@ Historically, `internal` RPC operation metrics were accounted under the same met The `unreported` value for the `request_type` in the table above refers to RPC requests within Consul where it is difficult to ascertain whether a request is `read` or `write` type. +The `unreported` value for the `leader` label in the table above refers to RPC requests where Consul cannot determine the leadership status for a server. + +#### Read Request Labels + +In addition to the labels above, for read requests, the following may be populated: + +| Label Name | Description | Possible values | +| ------------------------------------- | ------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------ | +| `blocking` | Whether the read request passed in a `MinQueryIndex`. | `true` if a MinQueryIndex was passed, `false` otherwise. | +| `target_datacenter` | The target datacenter for the read request. | The string value of the target datacenter for the request. | +| `locality` | Gives an indication of whether the RPC request is local or has been forwarded. | `local` if current server data center is the same as `target_datacenter`, otherwise `forwarded`. | + Here is a Prometheus style example of an RPC metric and its labels: From 1dd8e24bd11f0b928c0e9a5a0333510fe62334f7 Mon Sep 17 00:00:00 2001 From: Dhia Ayachi Date: Tue, 12 Apr 2022 16:01:35 -0400 Subject: [PATCH 134/785] add changelog for enterprise fix (#12761) --- .changelog/_1728.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 .changelog/_1728.txt diff --git a/.changelog/_1728.txt b/.changelog/_1728.txt new file mode 100644 index 000000000..b85f9a0ff --- /dev/null +++ b/.changelog/_1728.txt @@ -0,0 +1,3 @@ +```release-note:bug +usagemetrics: **(Enterprise only)** Fix a bug where Consul usage metrics stopped being reported when upgrading servers from 1.10 to 1.11 or later. +``` From bd1e80f0c6e0298c0a4e69f2c2c560ffc2e05f10 Mon Sep 17 00:00:00 2001 From: John Cowen Date: Wed, 13 Apr 2022 10:33:31 +0100 Subject: [PATCH 135/785] ui: Don't automatically move rz read-replicas out of the rz (#12740) --- ui/packages/consul-ui/app/services/repository/dc.js | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/ui/packages/consul-ui/app/services/repository/dc.js b/ui/packages/consul-ui/app/services/repository/dc.js index f47dfc683..59887967e 100644 --- a/ui/packages/consul-ui/app/services/repository/dc.js +++ b/ui/packages/consul-ui/app/services/repository/dc.js @@ -130,16 +130,9 @@ export default class DcService extends RepositoryService { // convert the string[] to Server[] Servers: value.Servers.reduce((prev, item) => { const server = body.Servers[item]; - // TODO: It is not currently clear whether we should be - // taking ReadReplicas out of the RedundancyZones when we - // encounter one in a Zone once this is cleared up either - // way we can either remove this comment or make any - // necessary amends here - if(!server.ReadReplica) { - // keep a record of things - grouped.push(server.ID); - prev.push(server); - } + // keep a record of things + grouped.push(server.ID); + prev.push(server); return prev; }, []), } From 83799eaea5d9e7ae2d76eb5d56062231e07e4702 Mon Sep 17 00:00:00 2001 From: John Cowen Date: Wed, 13 Apr 2022 10:34:09 +0100 Subject: [PATCH 136/785] ui: Show read-replica health status (#12758) --- .../consul-ui/app/components/consul/server/card/index.hbs | 2 -- 1 file changed, 2 deletions(-) diff --git a/ui/packages/consul-ui/app/components/consul/server/card/index.hbs b/ui/packages/consul-ui/app/components/consul/server/card/index.hbs index 333ebd667..7c838d829 100644 --- a/ui/packages/consul-ui/app/components/consul/server/card/index.hbs +++ b/ui/packages/consul-ui/app/components/consul/server/card/index.hbs @@ -24,7 +24,6 @@ {{@item.Name}} -{{#if (not @item.ReadReplica)}}
    {{if (contains @item.Status (array 'leader' 'voter')) 'Active voter' 'Backup voter'}} -{{/if}}
    From ef4a250203f3d809254918ebcb6a5a0407537ca1 Mon Sep 17 00:00:00 2001 From: Dhia Ayachi Date: Wed, 13 Apr 2022 10:42:32 -0400 Subject: [PATCH 137/785] add changelog for enterprise bug fix (#12772) --- .changelog/_1737.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 .changelog/_1737.txt diff --git a/.changelog/_1737.txt b/.changelog/_1737.txt new file mode 100644 index 000000000..ec5b4ed53 --- /dev/null +++ b/.changelog/_1737.txt @@ -0,0 +1,3 @@ +```release-note:bug +namespace: **(Enterprise Only)** Unreserve `consul` namespace to allow K8s namespace mirroring when deploying in `consul` K8s namespace . +``` From 4d57b7d5e036a5a1dd9ab42c50e89dd907b604bc Mon Sep 17 00:00:00 2001 From: John Murret Date: Wed, 13 Apr 2022 09:24:35 -0600 Subject: [PATCH 138/785] Setting DOCKER_DEFAULT_PLATFORM in make dev-docker so arm64 can build an amd64 containerwith and amd64 binary. (#12769) --- GNUmakefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/GNUmakefile b/GNUmakefile index 2fd96a9ec..665f1d0a1 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -158,7 +158,7 @@ dev-docker: linux @echo "Pulling consul container image - $(CONSUL_IMAGE_VERSION)" @docker pull consul:$(CONSUL_IMAGE_VERSION) >/dev/null @echo "Building Consul Development container - $(CONSUL_DEV_IMAGE)" - @docker build $(NOCACHE) $(QUIET) -t '$(CONSUL_DEV_IMAGE)' --build-arg CONSUL_IMAGE_VERSION=$(CONSUL_IMAGE_VERSION) $(CURDIR)/pkg/bin/linux_amd64 -f $(CURDIR)/build-support/docker/Consul-Dev.dockerfile + @DOCKER_DEFAULT_PLATFORM=linux/amd64 docker build $(NOCACHE) $(QUIET) -t '$(CONSUL_DEV_IMAGE)' --build-arg CONSUL_IMAGE_VERSION=$(CONSUL_IMAGE_VERSION) $(CURDIR)/pkg/bin/linux_amd64 -f $(CURDIR)/build-support/docker/Consul-Dev.dockerfile # In CircleCI, the linux binary will be attached from a previous step at bin/. This make target # should only run in CI and not locally. From b062f8c2aa3aa98ad7080ce107d3ee90c881824a Mon Sep 17 00:00:00 2001 From: Eric Date: Wed, 13 Apr 2022 11:45:25 -0400 Subject: [PATCH 139/785] Implement routing and intentions for AWS Lambdas --- agent/proxycfg/testing_terminating_gateway.go | 45 +- agent/xds/serverless_plugin_oss_test.go | 13 +- agent/xds/serverlessplugin/lambda_patcher.go | 24 +- ...with-service-resolvers.envoy-1-20-x.golden | 249 ++++++++++ ...with-service-resolvers.envoy-1-20-x.golden | 439 ++++++++++++++++++ ...da-terminating-gateway.envoy-1-20-x.golden | 11 +- ...with-service-resolvers.envoy-1-20-x.golden | 76 +++ agent/xds/xdscommon/xdscommon.go | 8 + agent/xds/xdscommon/xdscommon_oss_test.go | 12 +- 9 files changed, 852 insertions(+), 25 deletions(-) create mode 100644 agent/xds/testdata/serverless_plugin/clusters/lambda-terminating-gateway-with-service-resolvers.envoy-1-20-x.golden create mode 100644 agent/xds/testdata/serverless_plugin/listeners/lambda-terminating-gateway-with-service-resolvers.envoy-1-20-x.golden create mode 100644 agent/xds/testdata/serverless_plugin/routes/lambda-terminating-gateway-with-service-resolvers.envoy-1-20-x.golden diff --git a/agent/proxycfg/testing_terminating_gateway.go b/agent/proxycfg/testing_terminating_gateway.go index 60f27ca84..38c0245a2 100644 --- a/agent/proxycfg/testing_terminating_gateway.go +++ b/agent/proxycfg/testing_terminating_gateway.go @@ -666,20 +666,41 @@ func TestConfigSnapshotTerminatingGatewayIgnoreExtraResolvers(t testing.T) *Conf }) } -func TestConfigSnapshotTerminatingGatewayWithLambdaService(t testing.T) *ConfigSnapshot { +func TestConfigSnapshotTerminatingGatewayWithLambdaService(t testing.T, extraUpdateEvents ...agentcache.UpdateEvent) *ConfigSnapshot { web := structs.NewServiceName("web", nil) - return TestConfigSnapshotTerminatingGateway(t, true, nil, []agentcache.UpdateEvent{ - { - CorrelationID: serviceConfigIDPrefix + web.String(), - Result: &structs.ServiceConfigResponse{ - ProxyConfig: map[string]interface{}{"protocol": "http"}, - Meta: map[string]string{ - "serverless.consul.hashicorp.com/v1alpha1/lambda/enabled": "true", - "serverless.consul.hashicorp.com/v1alpha1/lambda/arn": "lambda-arn", - "serverless.consul.hashicorp.com/v1alpha1/lambda/payload-passthrough": "true", - "serverless.consul.hashicorp.com/v1alpha1/lambda/region": "us-east-1", - }, + updateEvents := append(extraUpdateEvents, agentcache.UpdateEvent{ + CorrelationID: serviceConfigIDPrefix + web.String(), + Result: &structs.ServiceConfigResponse{ + ProxyConfig: map[string]interface{}{"protocol": "http"}, + Meta: map[string]string{ + "serverless.consul.hashicorp.com/v1alpha1/lambda/enabled": "true", + "serverless.consul.hashicorp.com/v1alpha1/lambda/arn": "lambda-arn", + "serverless.consul.hashicorp.com/v1alpha1/lambda/payload-passthrough": "true", + "serverless.consul.hashicorp.com/v1alpha1/lambda/region": "us-east-1", }, }, }) + return TestConfigSnapshotTerminatingGateway(t, true, nil, updateEvents) +} + +func TestConfigSnapshotTerminatingGatewayWithLambdaServiceAndServiceResolvers(t testing.T) *ConfigSnapshot { + web := structs.NewServiceName("web", nil) + + return TestConfigSnapshotTerminatingGatewayWithLambdaService(t, + agentcache.UpdateEvent{ + CorrelationID: serviceResolverIDPrefix + web.String(), + Result: &structs.IndexedConfigEntries{ + Kind: structs.ServiceResolver, + Entries: []structs.ConfigEntry{ + &structs.ServiceResolverConfigEntry{ + Kind: structs.ServiceResolver, + Name: web.String(), + Subsets: map[string]structs.ServiceResolverSubset{ + "canary1": {}, + "canary2": {}, + }, + }, + }, + }, + }) } diff --git a/agent/xds/serverless_plugin_oss_test.go b/agent/xds/serverless_plugin_oss_test.go index 5fbfdc1c6..0f6fdd382 100644 --- a/agent/xds/serverless_plugin_oss_test.go +++ b/agent/xds/serverless_plugin_oss_test.go @@ -10,6 +10,7 @@ import ( envoy_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" + envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" "github.com/golang/protobuf/proto" testinf "github.com/mitchellh/go-testing-interface" "github.com/stretchr/testify/require" @@ -27,8 +28,14 @@ func TestServerlessPluginFromSnapshot(t *testing.T) { create func(t testinf.T) *proxycfg.ConfigSnapshot }{ { - name: "lambda-terminating-gateway", - create: proxycfg.TestConfigSnapshotTerminatingGatewayWithLambdaService, + name: "lambda-terminating-gateway", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotTerminatingGatewayWithLambdaService(t) + }, + }, + { + name: "lambda-terminating-gateway-with-service-resolvers", + create: proxycfg.TestConfigSnapshotTerminatingGatewayWithLambdaServiceAndServiceResolvers, }, } @@ -85,7 +92,7 @@ func TestServerlessPluginFromSnapshot(t *testing.T) { key: xdscommon.RouteType, sorter: func(msgs []proto.Message) func(int, int) bool { return func(i, j int) bool { - return msgs[i].(*envoy_listener_v3.Listener).Name < msgs[j].(*envoy_listener_v3.Listener).Name + return msgs[i].(*envoy_route_v3.RouteConfiguration).Name < msgs[j].(*envoy_route_v3.RouteConfiguration).Name } }, }, diff --git a/agent/xds/serverlessplugin/lambda_patcher.go b/agent/xds/serverlessplugin/lambda_patcher.go index c5d54d9cf..415ae822f 100644 --- a/agent/xds/serverlessplugin/lambda_patcher.go +++ b/agent/xds/serverlessplugin/lambda_patcher.go @@ -167,7 +167,7 @@ func (p lambdaPatcher) PatchFilter(filter *envoy_listener_v3.Filter) (*envoy_lis if config == nil { return filter, false, errors.New("error unmarshalling filter") } - httpFilter, err := makeEnvoyHTTPFilter( + lambdaHttpFilter, err := makeEnvoyHTTPFilter( "envoy.filters.http.aws_lambda", &envoy_lambda_v3.Config{ Arn: p.arn, @@ -179,10 +179,26 @@ func (p lambdaPatcher) PatchFilter(filter *envoy_listener_v3.Filter) (*envoy_lis return filter, false, err } - config.HttpFilters = []*envoy_http_v3.HttpFilter{ - httpFilter, - {Name: "envoy.filters.http.router"}, + var ( + changedFilters = make([]*envoy_http_v3.HttpFilter, 0, len(config.HttpFilters)+1) + changed bool + ) + + // We need to be careful about overwriting http filters completely because + // http filters validates intentions with the RBAC filter. This inserts the + // lambda filter before `envoy.filters.http.router` while keeping everything + // else intact. + for _, httpFilter := range config.HttpFilters { + if httpFilter.Name == "envoy.filters.http.router" { + changedFilters = append(changedFilters, lambdaHttpFilter) + changed = true + } + changedFilters = append(changedFilters, httpFilter) } + if changed { + config.HttpFilters = changedFilters + } + config.StripPortMode = &envoy_http_v3.HttpConnectionManager_StripAnyHostPort{ StripAnyHostPort: true, } diff --git a/agent/xds/testdata/serverless_plugin/clusters/lambda-terminating-gateway-with-service-resolvers.envoy-1-20-x.golden b/agent/xds/testdata/serverless_plugin/clusters/lambda-terminating-gateway-with-service-resolvers.envoy-1-20-x.golden new file mode 100644 index 000000000..13cde2ac9 --- /dev/null +++ b/agent/xds/testdata/serverless_plugin/clusters/lambda-terminating-gateway-with-service-resolvers.envoy-1-20-x.golden @@ -0,0 +1,249 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "type": "LOGICAL_DNS", + "connectTimeout": "5s", + "loadAssignment": { + "clusterName": "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "api.altdomain", + "portValue": 8081 + } + } + }, + "healthStatus": "HEALTHY", + "loadBalancingWeight": 1 + } + ] + } + ] + }, + "dnsRefreshRate": "10s", + "dnsLookupFamily": "V4_ONLY", + "outlierDetection": { + + }, + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "commonTlsContext": { + "tlsParams": { + + }, + "tlsCertificates": [ + { + "certificateChain": { + "filename": "api.cert.pem" + }, + "privateKey": { + "filename": "api.key.pem" + } + } + ], + "validationContext": { + "trustedCa": { + "filename": "ca.cert.pem" + } + } + } + } + } + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "type": "LOGICAL_DNS", + "connectTimeout": "5s", + "loadAssignment": { + "clusterName": "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "cache.mydomain", + "portValue": 8081 + } + } + }, + "healthStatus": "HEALTHY", + "loadBalancingWeight": 1 + } + ] + } + ] + }, + "dnsRefreshRate": "10s", + "dnsLookupFamily": "V4_ONLY", + "outlierDetection": { + + } + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "canary1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "type": "LOGICAL_DNS", + "connectTimeout": "5s", + "loadAssignment": { + "clusterName": "canary1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "lambda.us-east-1.amazonaws.com", + "portValue": 443 + } + } + } + } + ] + } + ] + }, + "dnsLookupFamily": "V4_ONLY", + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "sni": "*.amazonaws.com" + } + }, + "metadata": { + "filterMetadata": { + "com.amazonaws.lambda": { + "egress_gateway": true + } + } + } + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "canary2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "type": "LOGICAL_DNS", + "connectTimeout": "5s", + "loadAssignment": { + "clusterName": "canary2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "lambda.us-east-1.amazonaws.com", + "portValue": 443 + } + } + } + } + ] + } + ] + }, + "dnsLookupFamily": "V4_ONLY", + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "sni": "*.amazonaws.com" + } + }, + "metadata": { + "filterMetadata": { + "com.amazonaws.lambda": { + "egress_gateway": true + } + } + } + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "type": "LOGICAL_DNS", + "connectTimeout": "5s", + "loadAssignment": { + "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "db.mydomain", + "portValue": 8081 + } + } + }, + "healthStatus": "UNHEALTHY", + "loadBalancingWeight": 1 + } + ] + } + ] + }, + "dnsRefreshRate": "10s", + "dnsLookupFamily": "V4_ONLY", + "outlierDetection": { + + } + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "type": "LOGICAL_DNS", + "connectTimeout": "5s", + "loadAssignment": { + "clusterName": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "lambda.us-east-1.amazonaws.com", + "portValue": 443 + } + } + } + } + ] + } + ] + }, + "dnsLookupFamily": "V4_ONLY", + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "sni": "*.amazonaws.com" + } + }, + "metadata": { + "filterMetadata": { + "com.amazonaws.lambda": { + "egress_gateway": true + } + } + } + } + ], + "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xds/testdata/serverless_plugin/listeners/lambda-terminating-gateway-with-service-resolvers.envoy-1-20-x.golden b/agent/xds/testdata/serverless_plugin/listeners/lambda-terminating-gateway-with-service-resolvers.envoy-1-20-x.golden new file mode 100644 index 000000000..a64481e5e --- /dev/null +++ b/agent/xds/testdata/serverless_plugin/listeners/lambda-terminating-gateway-with-service-resolvers.envoy-1-20-x.golden @@ -0,0 +1,439 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "name": "default:1.2.3.4:8443", + "address": { + "socketAddress": { + "address": "1.2.3.4", + "portValue": 8443 + } + }, + "filterChains": [ + { + "filterChainMatch": { + "serverNames": [ + "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + ] + }, + "filters": [ + { + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": { + + }, + "statPrefix": "connect_authz" + } + }, + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.api.default.default.dc1", + "cluster": "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + } + } + ], + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", + "commonTlsContext": { + "tlsParams": { + + }, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICnTCCAkKgAwIBAgIRAJrvEdaRAkSltrotd/l/j2cwCgYIKoZIzj0EAwIwgbgx\nCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj\nbzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw\nFQYDVQQKEw5IYXNoaUNvcnAgSW5jLjE/MD0GA1UEAxM2Q29uc3VsIEFnZW50IENB\nIDk2NjM4NzM1MDkzNTU5NTIwNDk3MTQwOTU3MDY1MTc0OTg3NDMxMB4XDTIwMDQx\nNDIyMzE1MloXDTIxMDQxNDIyMzE1MlowHDEaMBgGA1UEAxMRc2VydmVyLmRjMS5j\nb25zdWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ4v0FoIYI0OWmxE2MR6w5l\n0pWGhc02RpsOPj/6RS1fmXMMu7JzPzwCmkGcR16RlwwhNFKCZsWpvAjVRHf/pTp+\no4HHMIHEMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB\nBQUHAwIwDAYDVR0TAQH/BAIwADApBgNVHQ4EIgQgk7kABFitAy3PluyNtmzYiC7H\njSN8W/K/OXNJQAQAscMwKwYDVR0jBCQwIoAgNKbPPepvRHXSAPTc+a/BXBzFX1qJ\ny+Zi7qtjlFX7qtUwLQYDVR0RBCYwJIIRc2VydmVyLmRjMS5jb25zdWyCCWxvY2Fs\naG9zdIcEfwAAATAKBggqhkjOPQQDAgNJADBGAiEAhP4HmN5BWysWTbQWClXaWUah\nLpBGFrvc/2cCQuyEZKsCIQD6JyYCYMArtWwZ4G499zktxrFlqfX14bqyONrxtA5I\nDw==\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIE3KbKXHdsa0vvC1fysQaGdoJRgjRALIolI4XJanie+coAoGCCqGSM49\nAwEHoUQDQgAEOL9BaCGCNDlpsRNjEesOZdKVhoXNNkabDj4/+kUtX5lzDLuycz88\nAppBnEdekZcMITRSgmbFqbwI1UR3/6U6fg==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" + } + } + }, + "requireClientCertificate": true + } + } + }, + { + "filterChainMatch": { + "serverNames": [ + "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + ] + }, + "filters": [ + { + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": { + + }, + "statPrefix": "connect_authz" + } + }, + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.cache.default.default.dc1", + "cluster": "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + } + } + ], + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", + "commonTlsContext": { + "tlsParams": { + + }, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICmjCCAkGgAwIBAgIQe1ZmC0rzRwer6jaH1YIUIjAKBggqhkjOPQQDAjCBuDEL\nMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv\nMRowGAYDVQQJExExMDEgU2Vjb25kIFN0cmVldDEOMAwGA1UEERMFOTQxMDUxFzAV\nBgNVBAoTDkhhc2hpQ29ycCBJbmMuMT8wPQYDVQQDEzZDb25zdWwgQWdlbnQgQ0Eg\nODE5ODAwNjg0MDM0MTM3ODkyNDYxNTA1MDk0NDU3OTU1MTQxNjEwHhcNMjAwNjE5\nMTU1MjAzWhcNMjEwNjE5MTU1MjAzWjAcMRowGAYDVQQDExFzZXJ2ZXIuZGMxLmNv\nbnN1bDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABH2aWaaa3fpQLBayheHiKlrH\n+z53m0frfGknKjOhOPVYDVHV8x0OE01negswVQbKHAtxPf1M8Zy+WbI9rK7Ua1mj\ngccwgcQwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF\nBQcDAjAMBgNVHRMBAf8EAjAAMCkGA1UdDgQiBCDf9CPBSUwwZvpeW73oJLTmgQE2\ntW1NKpL5t1uq9WFcqDArBgNVHSMEJDAigCCPPd/NxgZB0tq2M8pdVpPj3Cr79iTv\ni4/T1ysodfMb7zAtBgNVHREEJjAkghFzZXJ2ZXIuZGMxLmNvbnN1bIIJbG9jYWxo\nb3N0hwR/AAABMAoGCCqGSM49BAMCA0cAMEQCIFCjFZAoXq0s2ied2eIBv0i1KoW5\nIhCylnKFt6iHkyDeAiBBCByTcjHRgEQmqyPojQKoO584EFiczTub9aWdnf9tEw==\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEINsen3S8xzxMrKcRZIvxXzhKDn43Tw9ttqWEFU9TqS5hoAoGCCqGSM49\nAwEHoUQDQgAEfZpZpprd+lAsFrKF4eIqWsf7PnebR+t8aScqM6E49VgNUdXzHQ4T\nTWd6CzBVBsocC3E9/UzxnL5Zsj2srtRrWQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" + } + } + }, + "requireClientCertificate": true + } + } + }, + { + "filterChainMatch": { + "serverNames": [ + "canary1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + ] + }, + "filters": [ + { + "name": "envoy.filters.network.http_connection_manager", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", + "statPrefix": "upstream.web.default.default.dc1", + "rds": { + "configSource": { + "ads": { + + }, + "resourceApiVersion": "V3" + }, + "routeConfigName": "canary1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + }, + "httpFilters": [ + { + "name": "envoy.filters.http.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", + "rules": { + + } + } + }, + { + "name": "envoy.filters.http.aws_lambda", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.aws_lambda.v3.Config", + "arn": "lambda-arn" + } + }, + { + "name": "envoy.filters.http.router" + } + ], + "tracing": { + "randomSampling": { + + } + }, + "stripAnyHostPort": true + } + } + ], + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", + "commonTlsContext": { + "tlsParams": { + + }, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" + } + } + }, + "requireClientCertificate": true + } + } + }, + { + "filterChainMatch": { + "serverNames": [ + "canary2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + ] + }, + "filters": [ + { + "name": "envoy.filters.network.http_connection_manager", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", + "statPrefix": "upstream.web.default.default.dc1", + "rds": { + "configSource": { + "ads": { + + }, + "resourceApiVersion": "V3" + }, + "routeConfigName": "canary2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + }, + "httpFilters": [ + { + "name": "envoy.filters.http.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", + "rules": { + + } + } + }, + { + "name": "envoy.filters.http.aws_lambda", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.aws_lambda.v3.Config", + "arn": "lambda-arn" + } + }, + { + "name": "envoy.filters.http.router" + } + ], + "tracing": { + "randomSampling": { + + } + }, + "stripAnyHostPort": true + } + } + ], + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", + "commonTlsContext": { + "tlsParams": { + + }, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" + } + } + }, + "requireClientCertificate": true + } + } + }, + { + "filterChainMatch": { + "serverNames": [ + "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + ] + }, + "filters": [ + { + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": { + + }, + "statPrefix": "connect_authz" + } + }, + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.db.default.default.dc1", + "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + } + } + ], + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", + "commonTlsContext": { + "tlsParams": { + + }, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICnTCCAkOgAwIBAgIRAKF+qDJbaOULNL1TIatrsBowCgYIKoZIzj0EAwIwgbkx\nCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj\nbzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw\nFQYDVQQKEw5IYXNoaUNvcnAgSW5jLjFAMD4GA1UEAxM3Q29uc3VsIEFnZW50IENB\nIDE4Nzg3MDAwNjUzMDcxOTYzNTk1ODkwNTE1ODY1NjEzMDA2MTU0NDAeFw0yMDA2\nMTkxNTMxMzRaFw0yMTA2MTkxNTMxMzRaMBwxGjAYBgNVBAMTEXNlcnZlci5kYzEu\nY29uc3VsMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdQ8Igci5f7ZvvCVsxXt9\ntLfvczD+60XHg0OC0+Aka7ZjQfbEjQwZbz/82EwPoS7Dqo3LTK4IuelOimoNNxuk\nkaOBxzCBxDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG\nAQUFBwMCMAwGA1UdEwEB/wQCMAAwKQYDVR0OBCIEILzTLkfJcdWQnTMKUcai/YJq\n0RqH1pjCqtY7SOU4gGOTMCsGA1UdIwQkMCKAIMa2vNcTEC5AGfHIYARJ/4sodX0o\nLzCj3lpw7BcEzPTcMC0GA1UdEQQmMCSCEXNlcnZlci5kYzEuY29uc3Vsgglsb2Nh\nbGhvc3SHBH8AAAEwCgYIKoZIzj0EAwIDSAAwRQIgBZ/Z4GSLEc98WvT/qjTVCNTG\n1WNaAaesVbkRx+J0yl8CIQDAVoqY9ByA5vKHjnQrxWlc/JUtJz8wudg7e/OCRriP\nSg==\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIN1v14FaNxgY4MgjDOOWthen8dgwB0lNMs9/j2TfrnxzoAoGCCqGSM49\nAwEHoUQDQgAEdQ8Igci5f7ZvvCVsxXt9tLfvczD+60XHg0OC0+Aka7ZjQfbEjQwZ\nbz/82EwPoS7Dqo3LTK4IuelOimoNNxukkQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" + } + } + }, + "requireClientCertificate": true + } + } + }, + { + "filterChainMatch": { + "serverNames": [ + "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + ] + }, + "filters": [ + { + "name": "envoy.filters.network.http_connection_manager", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", + "statPrefix": "upstream.web.default.default.dc1", + "rds": { + "configSource": { + "ads": { + + }, + "resourceApiVersion": "V3" + }, + "routeConfigName": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + }, + "httpFilters": [ + { + "name": "envoy.filters.http.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", + "rules": { + + } + } + }, + { + "name": "envoy.filters.http.aws_lambda", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.aws_lambda.v3.Config", + "arn": "lambda-arn" + } + }, + { + "name": "envoy.filters.http.router" + } + ], + "tracing": { + "randomSampling": { + + } + }, + "stripAnyHostPort": true + } + } + ], + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", + "commonTlsContext": { + "tlsParams": { + + }, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" + } + } + }, + "requireClientCertificate": true + } + } + }, + { + "filters": [ + { + "name": "envoy.filters.network.sni_cluster" + }, + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "terminating_gateway.default", + "cluster": "" + } + } + ] + } + ], + "listenerFilters": [ + { + "name": "envoy.filters.listener.tls_inspector" + } + ], + "trafficDirection": "INBOUND" + } + ], + "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xds/testdata/serverless_plugin/listeners/lambda-terminating-gateway.envoy-1-20-x.golden b/agent/xds/testdata/serverless_plugin/listeners/lambda-terminating-gateway.envoy-1-20-x.golden index d412ef5ce..dea85717f 100644 --- a/agent/xds/testdata/serverless_plugin/listeners/lambda-terminating-gateway.envoy-1-20-x.golden +++ b/agent/xds/testdata/serverless_plugin/listeners/lambda-terminating-gateway.envoy-1-20-x.golden @@ -195,6 +195,15 @@ "routeConfigName": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" }, "httpFilters": [ + { + "name": "envoy.filters.http.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", + "rules": { + + } + } + }, { "name": "envoy.filters.http.aws_lambda", "typedConfig": { @@ -269,4 +278,4 @@ ], "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", "nonce": "00000001" -} +} \ No newline at end of file diff --git a/agent/xds/testdata/serverless_plugin/routes/lambda-terminating-gateway-with-service-resolvers.envoy-1-20-x.golden b/agent/xds/testdata/serverless_plugin/routes/lambda-terminating-gateway-with-service-resolvers.envoy-1-20-x.golden new file mode 100644 index 000000000..d7ed2ec78 --- /dev/null +++ b/agent/xds/testdata/serverless_plugin/routes/lambda-terminating-gateway-with-service-resolvers.envoy-1-20-x.golden @@ -0,0 +1,76 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "canary1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "virtualHosts": [ + { + "name": "canary1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "domains": [ + "*" + ], + "routes": [ + { + "match": { + "prefix": "/" + }, + "route": { + "cluster": "canary1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + } + } + ] + } + ], + "validateClusters": true + }, + { + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "canary2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "virtualHosts": [ + { + "name": "canary2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "domains": [ + "*" + ], + "routes": [ + { + "match": { + "prefix": "/" + }, + "route": { + "cluster": "canary2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + } + } + ] + } + ], + "validateClusters": true + }, + { + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "virtualHosts": [ + { + "name": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "domains": [ + "*" + ], + "routes": [ + { + "match": { + "prefix": "/" + }, + "route": { + "cluster": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + } + } + ] + } + ], + "validateClusters": true + } + ], + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xds/xdscommon/xdscommon.go b/agent/xds/xdscommon/xdscommon.go index b1b7da121..0cccba7d8 100644 --- a/agent/xds/xdscommon/xdscommon.go +++ b/agent/xds/xdscommon/xdscommon.go @@ -109,6 +109,14 @@ func MakePluginConfiguration(cfgSnap *proxycfg.ConfigSnapshot) PluginConfigurati envoyID := proxycfg.NewUpstreamIDFromServiceName(svc) envoyIDMappings[envoyID.EnvoyID()] = compoundServiceName + + resolver, hasResolver := cfgSnap.TerminatingGateway.ServiceResolvers[svc] + if hasResolver { + for subsetName := range resolver.Subsets { + sni := connect.ServiceSNI(svc.Name, subsetName, svc.NamespaceOrDefault(), svc.PartitionOrDefault(), cfgSnap.Datacenter, trustDomain) + sniMappings[sni] = compoundServiceName + } + } } } diff --git a/agent/xds/xdscommon/xdscommon_oss_test.go b/agent/xds/xdscommon/xdscommon_oss_test.go index c92be3ba5..a1182f201 100644 --- a/agent/xds/xdscommon/xdscommon_oss_test.go +++ b/agent/xds/xdscommon/xdscommon_oss_test.go @@ -13,7 +13,7 @@ import ( ) func TestMakePluginConfiguration_TerminatingGateway(t *testing.T) { - snap := proxycfg.TestConfigSnapshotTerminatingGatewayWithLambdaService(t) + snap := proxycfg.TestConfigSnapshotTerminatingGatewayWithLambdaServiceAndServiceResolvers(t) webService := api.CompoundServiceName{ Name: "web", @@ -59,10 +59,12 @@ func TestMakePluginConfiguration_TerminatingGateway(t *testing.T) { }, }, SNIToServiceName: map[string]api.CompoundServiceName{ - "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul": apiService, - "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul": cacheService, - "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul": dbService, - "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul": webService, + "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul": apiService, + "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul": cacheService, + "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul": dbService, + "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul": webService, + "canary1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul": webService, + "canary2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul": webService, }, EnvoyIDToServiceName: map[string]api.CompoundServiceName{ "web": webService, From 5eea62b47a9e3ae499cc7bd3364556a70831592d Mon Sep 17 00:00:00 2001 From: Paul Glass Date: Wed, 13 Apr 2022 14:31:37 -0500 Subject: [PATCH 140/785] acl: Adjust region handling in AWS IAM auth method (#12774) * acl: Adjust region handling in AWS IAM auth method --- .changelog/12774.txt | 3 + agent/consul/authmethod/awsauth/aws.go | 4 - agent/consul/authmethod/awsauth/aws_test.go | 13 +-- internal/iamauth/config.go | 13 ++- internal/iamauth/token.go | 78 +++++++++++-- internal/iamauth/token_test.go | 119 ++++++++++++++++++++ internal/iamauth/util.go | 23 +--- 7 files changed, 212 insertions(+), 41 deletions(-) create mode 100644 .changelog/12774.txt diff --git a/.changelog/12774.txt b/.changelog/12774.txt new file mode 100644 index 000000000..d5aca735d --- /dev/null +++ b/.changelog/12774.txt @@ -0,0 +1,3 @@ +```release-note:improvement +acl: Improve handling of region-specific endpoints in the AWS IAM auth method. As part of this, the `STSRegion` field was removed from the auth method config. +``` diff --git a/agent/consul/authmethod/awsauth/aws.go b/agent/consul/authmethod/awsauth/aws.go index 32320e3f7..f3995cdc5 100644 --- a/agent/consul/authmethod/awsauth/aws.go +++ b/agent/consul/authmethod/awsauth/aws.go @@ -57,9 +57,6 @@ type Config struct { // STSEndpoint is the AWS STS endpoint where sts:GetCallerIdentity requests will be sent. // Note that the Host header in a signed request cannot be changed. STSEndpoint string `json:",omitempty"` - // STSRegion is the region for the AWS STS service. This should only be set if STSEndpoint - // is set, and must match the region of the STSEndpoint. - STSRegion string `json:",omitempty"` // AllowedSTSHeaderValues is a list of additional allowed headers on the sts:GetCallerIdentity // request in the bearer token. A default list of necessary headers is allowed in any case. @@ -75,7 +72,6 @@ func (c *Config) convertForLibrary() *iamauth.Config { MaxRetries: c.MaxRetries, IAMEndpoint: c.IAMEndpoint, STSEndpoint: c.STSEndpoint, - STSRegion: c.STSRegion, AllowedSTSHeaderValues: c.AllowedSTSHeaderValues, ServerIDHeaderName: IAMServerIDHeaderName, diff --git a/agent/consul/authmethod/awsauth/aws_test.go b/agent/consul/authmethod/awsauth/aws_test.go index 8ee507692..3025275cf 100644 --- a/agent/consul/authmethod/awsauth/aws_test.go +++ b/agent/consul/authmethod/awsauth/aws_test.go @@ -24,9 +24,8 @@ func TestNewValidator(t *testing.T) { IAMEntityTags: []string{"tag-1"}, ServerIDHeaderValue: "x-some-header", MaxRetries: 3, - IAMEndpoint: "iam-endpoint", - STSEndpoint: "sts-endpoint", - STSRegion: "sts-region", + IAMEndpoint: "http://iam-endpoint", + STSEndpoint: "http://sts-endpoint", AllowedSTSHeaderValues: []string{"header-value"}, ServerIDHeaderName: "X-Consul-IAM-ServerID", GetEntityMethodHeader: "X-Consul-IAM-GetEntity-Method", @@ -44,9 +43,8 @@ func TestNewValidator(t *testing.T) { "IAMEntityTags": []string{"tag-1"}, "ServerIDHeaderValue": "x-some-header", "MaxRetries": 3, - "IAMEndpoint": "iam-endpoint", - "STSEndpoint": "sts-endpoint", - "STSRegion": "sts-region", + "IAMEndpoint": "http://iam-endpoint", + "STSEndpoint": "http://sts-endpoint", "AllowedSTSHeaderValues": []string{"header-value"}, } @@ -224,7 +222,6 @@ func setup(t *testing.T, config map[string]interface{}, server *iamauthtest.Serv fakeAws := iamauthtest.NewTestServer(t, server) config["STSEndpoint"] = fakeAws.URL + "/sts" - config["STSRegion"] = "fake-region" config["IAMEndpoint"] = fakeAws.URL + "/iam" method := &structs.ACLAuthMethod{ @@ -241,7 +238,7 @@ func setup(t *testing.T, config map[string]interface{}, server *iamauthtest.Serv Creds: credentials.NewStaticCredentials("fake", "fake", ""), IncludeIAMEntity: v.config.EnableIAMEntityDetails, STSEndpoint: v.config.STSEndpoint, - STSRegion: v.config.STSRegion, + STSRegion: "fake-region", Logger: nullLogger, ServerIDHeaderValue: v.config.ServerIDHeaderValue, ServerIDHeaderName: v.config.ServerIDHeaderName, diff --git a/internal/iamauth/config.go b/internal/iamauth/config.go index a8a6b61d5..d3c722c55 100644 --- a/internal/iamauth/config.go +++ b/internal/iamauth/config.go @@ -15,7 +15,6 @@ type Config struct { MaxRetries int IAMEndpoint string STSEndpoint string - STSRegion string AllowedSTSHeaderValues []string // Customizable header names @@ -65,5 +64,17 @@ func (c *Config) Validate() error { "GetEntityHeadersHeader, and GetEntityBodyHeader when EnableIAMEntityDetails=true") } + if c.STSEndpoint != "" { + if _, err := parseUrl(c.STSEndpoint); err != nil { + return fmt.Errorf("STSEndpoint is invalid: %s", err) + } + } + + if c.IAMEndpoint != "" { + if _, err := parseUrl(c.IAMEndpoint); err != nil { + return fmt.Errorf("IAMEndpoint is invalid: %s", err) + } + } + return nil } diff --git a/internal/iamauth/token.go b/internal/iamauth/token.go index 91994b510..10422ca6c 100644 --- a/internal/iamauth/token.go +++ b/internal/iamauth/token.go @@ -13,9 +13,7 @@ import ( ) const ( - amzHeaderPrefix = "X-Amz-" - defaultIAMEndpoint = "https://iam.amazonaws.com" - defaultSTSEndpoint = "https://sts.amazonaws.com" + amzHeaderPrefix = "X-Amz-" ) var defaultAllowedSTSRequestHeaders = []string{ @@ -98,6 +96,10 @@ func NewBearerToken(loginToken string, config *Config) (*BearerToken, error) { token.getIAMEntityHeader = header token.parsedIAMEntityURL = parsedUrl + if err := token.validateIAMHostname(); err != nil { + return nil, err + } + reqType, err := token.validateIAMEntityBody() if err != nil { return nil, err @@ -112,6 +114,9 @@ func (t *BearerToken) validate() error { if t.getCallerIdentityMethod != "POST" { return fmt.Errorf("iam_http_request_method must be POST") } + if err := t.validateSTSHostname(); err != nil { + return err + } if err := t.validateGetCallerIdentityBody(); err != nil { return err } @@ -121,6 +126,62 @@ func (t *BearerToken) validate() error { return nil } +// validateSTSHostname checks the CallerIdentityURL in the BearerToken +// either matches the admin configured STSEndpoint or, if STSEndpoint is not set, +// that the URL matches a known Amazon AWS hostname for the STS service, one of: +// +// sts.amazonaws.com +// sts.*.amazonaws.com +// sts-fips.amazonaws.com +// sts-fips.*.amazonaws.com +// +// See https://docs.aws.amazon.com/general/latest/gr/sts.html +func (t *BearerToken) validateSTSHostname() error { + if t.config.STSEndpoint != "" { + // If an STS endpoint is configured, we (elsewhere) send the request to that endpoint. + return nil + } + if t.parsedCallerIdentityURL == nil { + return fmt.Errorf("invalid GetCallerIdentity URL: %v", t.getCallerIdentityURL) + } + + // Otherwise, validate the hostname looks like a known STS endpoint. + host := t.parsedCallerIdentityURL.Hostname() + if strings.HasSuffix(host, ".amazonaws.com") && + (strings.HasPrefix(host, "sts.") || strings.HasPrefix(host, "sts-fips.")) { + return nil + } + return fmt.Errorf("invalid STS hostname: %q", host) +} + +// validateIAMHostname checks the IAMEntityURL in the BearerToken +// either matches the admin configured IAMEndpoint or, if IAMEndpoint is not set, +// that the URL matches a known Amazon AWS hostname for the IAM service, one of: +// +// iam.amazonaws.com +// iam.*.amazonaws.com +// iam-fips.amazonaws.com +// iam-fips.*.amazonaws.com +// +// See https://docs.aws.amazon.com/general/latest/gr/iam-service.html +func (t *BearerToken) validateIAMHostname() error { + if t.config.IAMEndpoint != "" { + // If an IAM endpoint is configured, we (elsewhere) send the request to that endpoint. + return nil + } + if t.parsedIAMEntityURL == nil { + return fmt.Errorf("invalid IAM URL: %v", t.getIAMEntityURL) + } + + // Otherwise, validate the hostname looks like a known IAM endpoint. + host := t.parsedIAMEntityURL.Hostname() + if strings.HasSuffix(host, ".amazonaws.com") && + (strings.HasPrefix(host, "iam.") || strings.HasPrefix(host, "iam-fips.")) { + return nil + } + return fmt.Errorf("invalid IAM hostname: %q", host) +} + // https://github.com/hashicorp/vault/blob/b17e3256dde937a6248c9a2fa56206aac93d07de/builtin/credential/aws/path_login.go#L1439 func (t *BearerToken) validateGetCallerIdentityBody() error { allowedValues := url.Values{ @@ -265,7 +326,7 @@ func parseUrl(s string) (*url.URL, error) { return nil, err } // url.Parse doesn't error on empty string - if u == nil || u.Scheme == "" || u.Host == "" || u.Path == "" { + if u == nil || u.Scheme == "" || u.Host == "" { return nil, fmt.Errorf("url is invalid: %q", s) } return u, nil @@ -275,10 +336,9 @@ func parseUrl(s string) (*url.URL, error) { // from the bearer token. func (t *BearerToken) GetCallerIdentityRequest() (*http.Request, error) { // NOTE: We need to ensure we're calling STS, instead of acting as an unintended network proxy - // The protection against this is that this method will only call the endpoint specified in the - // client config (defaulting to sts.amazonaws.com), so it would require an admin to override - // the endpoint to talk to alternate web addresses - endpoint := defaultSTSEndpoint + // We validate up-front that t.getCallerIdentityURL is a known AWS STS hostname. + // Otherwise, we send to the admin-configured STSEndpoint. + endpoint := t.getCallerIdentityURL if t.config.STSEndpoint != "" { endpoint = t.config.STSEndpoint } @@ -295,7 +355,7 @@ func (t *BearerToken) GetCallerIdentityRequest() (*http.Request, error) { // GetEntityRequest returns the iam:GetUser or iam:GetRole request from the request details, // if present, embedded in the headers of the sts:GetCallerIdentity request. func (t *BearerToken) GetEntityRequest() (*http.Request, error) { - endpoint := defaultIAMEndpoint + endpoint := t.getIAMEntityURL if t.config.IAMEndpoint != "" { endpoint = t.config.IAMEndpoint } diff --git a/internal/iamauth/token_test.go b/internal/iamauth/token_test.go index 4de7ba715..42f81151d 100644 --- a/internal/iamauth/token_test.go +++ b/internal/iamauth/token_test.go @@ -27,6 +27,7 @@ func TestNewBearerToken(t *testing.T) { GetEntityURLHeader: "X-Consul-IAM-GetEntity-URL", GetEntityHeadersHeader: "X-Consul-IAM-GetEntity-Headers", GetEntityBodyHeader: "X-Consul-IAM-GetEntity-Body", + STSEndpoint: validBearerTokenParsed.getCallerIdentityURL, }, expToken: validBearerTokenWithRoleParsed, }, @@ -268,6 +269,124 @@ func TestValidateIAMEntityBody(t *testing.T) { } } +func TestValidateSTSHostname(t *testing.T) { + cases := []struct { + url string + ok bool + }{ + // https://docs.aws.amazon.com/general/latest/gr/sts.html + {"sts.us-east-2.amazonaws.com", true}, + {"sts-fips.us-east-2.amazonaws.com", true}, + {"sts.us-east-1.amazonaws.com", true}, + {"sts-fips.us-east-1.amazonaws.com", true}, + {"sts.us-west-1.amazonaws.com", true}, + {"sts-fips.us-west-1.amazonaws.com", true}, + {"sts.us-west-2.amazonaws.com", true}, + {"sts-fips.us-west-2.amazonaws.com", true}, + {"sts.af-south-1.amazonaws.com", true}, + {"sts.ap-east-1.amazonaws.com", true}, + {"sts.ap-southeast-3.amazonaws.com", true}, + {"sts.ap-south-1.amazonaws.com", true}, + {"sts.ap-northeast-3.amazonaws.com", true}, + {"sts.ap-northeast-2.amazonaws.com", true}, + {"sts.ap-southeast-1.amazonaws.com", true}, + {"sts.ap-southeast-2.amazonaws.com", true}, + {"sts.ap-northeast-1.amazonaws.com", true}, + {"sts.ca-central-1.amazonaws.com", true}, + {"sts.eu-central-1.amazonaws.com", true}, + {"sts.eu-west-1.amazonaws.com", true}, + {"sts.eu-west-2.amazonaws.com", true}, + {"sts.eu-south-1.amazonaws.com", true}, + {"sts.eu-west-3.amazonaws.com", true}, + {"sts.eu-north-1.amazonaws.com", true}, + {"sts.me-south-1.amazonaws.com", true}, + {"sts.sa-east-1.amazonaws.com", true}, + {"sts.us-gov-east-1.amazonaws.com", true}, + {"sts.us-gov-west-1.amazonaws.com", true}, + + // prefix must be either 'sts.' or 'sts-fips.' + {".amazonaws.com", false}, + {"iam.amazonaws.com", false}, + {"other.amazonaws.com", false}, + // suffix must be '.amazonaws.com' and not some other domain + {"stsamazonaws.com", false}, + {"sts-fipsamazonaws.com", false}, + {"sts.stsamazonaws.com", false}, + {"sts.notamazonaws.com", false}, + {"sts-fips.stsamazonaws.com", false}, + {"sts-fips.notamazonaws.com", false}, + {"sts.amazonaws.com.spoof", false}, + {"sts.amazonaws.spoof.com", false}, + {"xyz.sts.amazonaws.com", false}, + } + for _, c := range cases { + t.Run(c.url, func(t *testing.T) { + url := "https://" + c.url + parsedUrl, err := parseUrl(url) + require.NoError(t, err) + + token := &BearerToken{ + config: &Config{}, + getCallerIdentityURL: url, + parsedCallerIdentityURL: parsedUrl, + } + err = token.validateSTSHostname() + if c.ok { + require.NoError(t, err) + } else { + require.Error(t, err) + } + }) + } +} + +func TestValidateIAMHostname(t *testing.T) { + cases := []struct { + url string + ok bool + }{ + // https://docs.aws.amazon.com/general/latest/gr/iam-service.html + {"iam.amazonaws.com", true}, + {"iam-fips.amazonaws.com", true}, + {"iam.us-gov.amazonaws.com", true}, + {"iam-fips.us-gov.amazonaws.com", true}, + + // prefix must be either 'iam.' or 'aim-fips.' + {".amazonaws.com", false}, + {"sts.amazonaws.com", false}, + {"other.amazonaws.com", false}, + // suffix must be '.amazonaws.com' and not some other domain + {"iamamazonaws.com", false}, + {"iam-fipsamazonaws.com", false}, + {"iam.iamamazonaws.com", false}, + {"iam.notamazonaws.com", false}, + {"iam-fips.iamamazonaws.com", false}, + {"iam-fips.notamazonaws.com", false}, + {"iam.amazonaws.com.spoof", false}, + {"iam.amazonaws.spoof.com", false}, + {"xyz.iam.amazonaws.com", false}, + } + for _, c := range cases { + t.Run(c.url, func(t *testing.T) { + url := "https://" + c.url + parsedUrl, err := parseUrl(url) + require.NoError(t, err) + + token := &BearerToken{ + config: &Config{}, + getCallerIdentityURL: url, + parsedIAMEntityURL: parsedUrl, + } + err = token.validateIAMHostname() + if c.ok { + require.NoError(t, err) + } else { + require.Error(t, err) + } + }) + } +} + var ( validBearerTokenJson = `{ "iam_http_request_method":"POST", diff --git a/internal/iamauth/util.go b/internal/iamauth/util.go index bfd5f22d7..b92270cfd 100644 --- a/internal/iamauth/util.go +++ b/internal/iamauth/util.go @@ -39,12 +39,10 @@ type LoginInput struct { func GenerateLoginData(in *LoginInput) (map[string]interface{}, error) { cfg := aws.Config{ Credentials: in.Creds, - Region: aws.String(in.STSRegion), - } - if in.STSEndpoint != "" { - cfg.Endpoint = aws.String(in.STSEndpoint) - } else { - cfg.EndpointResolver = endpoints.ResolverFunc(stsSigningResolver) + // These are empty strings by default (i.e. not enabled) + Region: aws.String(in.STSRegion), + Endpoint: aws.String(in.STSEndpoint), + STSRegionalEndpoint: endpoints.RegionalSTSEndpoint, } stsSession, err := session.NewSessionWithOptions(session.Options{Config: cfg}) @@ -102,19 +100,6 @@ func GenerateLoginData(in *LoginInput) (map[string]interface{}, error) { }, nil } -// STS is a really weird service that used to only have global endpoints but now has regional endpoints as well. -// For backwards compatibility, even if you request a region other than us-east-1, it'll still sign for us-east-1. -// See, e.g., https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#id_credentials_temp_enable-regions_writing_code -// So we have to shim in this EndpointResolver to force it to sign for the right region -func stsSigningResolver(service, region string, optFns ...func(*endpoints.Options)) (endpoints.ResolvedEndpoint, error) { - defaultEndpoint, err := endpoints.DefaultResolver().EndpointFor(service, region, optFns...) - if err != nil { - return defaultEndpoint, err - } - defaultEndpoint.SigningRegion = region - return defaultEndpoint, nil -} - func formatSignedEntityRequest(svc *sts.STS, in *LoginInput) (*request.Request, error) { // We need to retrieve the IAM user or role for the iam:GetRole or iam:GetUser request. // GetCallerIdentity returns this and requires no permissions. From 199f1c72003716ada9424bb9000993ae964ff038 Mon Sep 17 00:00:00 2001 From: Kyle Havlovitz Date: Tue, 12 Apr 2022 10:44:22 -0700 Subject: [PATCH 141/785] Fix namespace default field names in expanded token output --- agent/consul/acl_endpoint.go | 6 ++++++ api/acl.go | 4 ++-- command/acl/token/formatter.go | 6 +++--- command/acl/token/formatter_test.go | 10 +++++----- .../testdata/FormatTokenExpanded/oss/basic.json.golden | 4 ++-- .../FormatTokenExpanded/oss/complex.json.golden | 4 ++-- 6 files changed, 20 insertions(+), 14 deletions(-) diff --git a/agent/consul/acl_endpoint.go b/agent/consul/acl_endpoint.go index 77ca6edf3..658f72a42 100644 --- a/agent/consul/acl_endpoint.go +++ b/agent/consul/acl_endpoint.go @@ -381,6 +381,9 @@ func (a *ACL) lookupExpandedTokenInfo(ws memdb.WatchSet, state *state.Store, tok if err != nil { return tokenInfo, err } + if role == nil { + continue + } for _, policy := range role.Policies { policyIDs[policy.ID] = struct{}{} @@ -404,6 +407,9 @@ func (a *ACL) lookupExpandedTokenInfo(ws memdb.WatchSet, state *state.Store, tok if err != nil { return tokenInfo, err } + if policy == nil { + continue + } policies = append(policies, policy) } for _, policy := range identityPolicies { diff --git a/api/acl.go b/api/acl.go index 9989a50b2..bd6d82563 100644 --- a/api/acl.go +++ b/api/acl.go @@ -66,8 +66,8 @@ type ACLTokenExpanded struct { ExpandedPolicies []ACLPolicy ExpandedRoles []ACLRole - NamespaceDefaultPolicies []string - NamespaceDefaultRoles []string + NamespaceDefaultPolicyIDs []string + NamespaceDefaultRoleIDs []string AgentACLDefaultPolicy string AgentACLDownPolicy string diff --git a/command/acl/token/formatter.go b/command/acl/token/formatter.go index cc5671002..7844c9cc4 100644 --- a/command/acl/token/formatter.go +++ b/command/acl/token/formatter.go @@ -239,17 +239,17 @@ func (f *prettyFormatter) FormatTokenExpanded(token *api.ACLTokenExpanded) (stri buffer.WriteString("=== End of Authorizer Layer 0: Token ===\n") - if len(token.NamespaceDefaultPolicies) > 0 || len(token.NamespaceDefaultRoles) > 0 { + if len(token.NamespaceDefaultPolicyIDs) > 0 || len(token.NamespaceDefaultRoleIDs) > 0 { buffer.WriteString("=== Start of Authorizer Layer 1: Token Namespace’s Defaults (Inherited) ===\n") buffer.WriteString(fmt.Sprintf("Description: ACL Roles inherited by all Tokens in Namespace %q\n\n", token.Namespace)) buffer.WriteString("Namespace Policy Defaults:\n") - for _, policyID := range token.NamespaceDefaultPolicies { + for _, policyID := range token.NamespaceDefaultPolicyIDs { formatPolicy(policies[policyID], WHITESPACE_2) } buffer.WriteString("Namespace Role Defaults:\n") - for _, roleID := range token.NamespaceDefaultRoles { + for _, roleID := range token.NamespaceDefaultRoleIDs { formatRole(roles[roleID], WHITESPACE_2) } diff --git a/command/acl/token/formatter_test.go b/command/acl/token/formatter_test.go index ba93e9dc0..aafe1fcfb 100644 --- a/command/acl/token/formatter_test.go +++ b/command/acl/token/formatter_test.go @@ -408,11 +408,11 @@ var expandedTokenTestCases = map[string]testCase{ }, }, }, - NamespaceDefaultPolicies: []string{"2b582ff1-4a43-457f-8a2b-30a8265e29a5"}, - NamespaceDefaultRoles: []string{"56033f2b-e1a6-4905-b71d-e011c862bc65"}, - AgentACLDefaultPolicy: "deny", - AgentACLDownPolicy: "extend-cache", - ResolvedByAgent: "server-1", + NamespaceDefaultPolicyIDs: []string{"2b582ff1-4a43-457f-8a2b-30a8265e29a5"}, + NamespaceDefaultRoleIDs: []string{"56033f2b-e1a6-4905-b71d-e011c862bc65"}, + AgentACLDefaultPolicy: "deny", + AgentACLDownPolicy: "extend-cache", + ResolvedByAgent: "server-1", ACLToken: api.ACLToken{ AccessorID: "fbd2447f-7479-4329-ad13-b021d74f86ba", SecretID: "869c6e91-4de9-4dab-b56e-87548435f9c6", diff --git a/command/acl/token/testdata/FormatTokenExpanded/oss/basic.json.golden b/command/acl/token/testdata/FormatTokenExpanded/oss/basic.json.golden index cba80e455..d03e47d64 100644 --- a/command/acl/token/testdata/FormatTokenExpanded/oss/basic.json.golden +++ b/command/acl/token/testdata/FormatTokenExpanded/oss/basic.json.golden @@ -22,8 +22,8 @@ } ], "ExpandedRoles": null, - "NamespaceDefaultPolicies": null, - "NamespaceDefaultRoles": null, + "NamespaceDefaultPolicyIDs": null, + "NamespaceDefaultRoleIDs": null, "AgentACLDefaultPolicy": "allow", "AgentACLDownPolicy": "deny", "ResolvedByAgent": "leader", diff --git a/command/acl/token/testdata/FormatTokenExpanded/oss/complex.json.golden b/command/acl/token/testdata/FormatTokenExpanded/oss/complex.json.golden index 36931e219..b0ed45c0d 100644 --- a/command/acl/token/testdata/FormatTokenExpanded/oss/complex.json.golden +++ b/command/acl/token/testdata/FormatTokenExpanded/oss/complex.json.golden @@ -133,10 +133,10 @@ "ModifyIndex": 0 } ], - "NamespaceDefaultPolicies": [ + "NamespaceDefaultPolicyIDs": [ "2b582ff1-4a43-457f-8a2b-30a8265e29a5" ], - "NamespaceDefaultRoles": [ + "NamespaceDefaultRoleIDs": [ "56033f2b-e1a6-4905-b71d-e011c862bc65" ], "AgentACLDefaultPolicy": "deny", From edfbbf1063d7aabefd19b4dbb39330ba4698e7c0 Mon Sep 17 00:00:00 2001 From: FFMMM Date: Wed, 13 Apr 2022 17:38:31 -0700 Subject: [PATCH 142/785] Update latest version on website to 1.11.5 Per the latest release --- website/data/version.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/data/version.js b/website/data/version.js index 27580004a..a5beaddf6 100644 --- a/website/data/version.js +++ b/website/data/version.js @@ -1 +1 @@ -export default '1.11.4' +export default '1.11.5' From 769d1d6e8e8c2e9ee34d310e9ea2f4745ebb3eb3 Mon Sep 17 00:00:00 2001 From: Dan Upton Date: Thu, 14 Apr 2022 14:26:14 +0100 Subject: [PATCH 143/785] ConnectCA.Sign gRPC Endpoint (#12787) Introduces a gRPC endpoint for signing Connect leaf certificates. It's also the first of the public gRPC endpoints to perform leader-forwarding, so establishes the pattern of forwarding over the multiplexed internal RPC port. --- .changelog/12787.txt | 3 + agent/connect/csr.go | 22 ++ agent/consul/connect_ca_endpoint.go | 2 +- agent/consul/grpc_integration_test.go | 84 ++++++ agent/consul/leader_connect_ca.go | 10 +- agent/consul/server.go | 44 ++- .../services/connectca/mock_ACLResolver.go | 13 +- .../services/connectca/mock_CAManager.go | 40 +++ .../grpc/public/services/connectca/server.go | 29 +- .../public/services/connectca/server_test.go | 5 + agent/grpc/public/services/connectca/sign.go | 95 +++++++ .../public/services/connectca/sign_test.go | 252 ++++++++++++++++++ .../public/services/connectca/watch_roots.go | 9 +- .../services/connectca/watch_roots_test.go | 50 ++-- proto-public/pbconnectca/ca.pb.binary.go | 20 ++ proto-public/pbconnectca/ca.pb.go | 219 +++++++++++++-- proto-public/pbconnectca/ca.proto | 18 ++ 17 files changed, 845 insertions(+), 70 deletions(-) create mode 100644 .changelog/12787.txt create mode 100644 agent/consul/grpc_integration_test.go create mode 100644 agent/grpc/public/services/connectca/mock_CAManager.go create mode 100644 agent/grpc/public/services/connectca/sign.go create mode 100644 agent/grpc/public/services/connectca/sign_test.go diff --git a/.changelog/12787.txt b/.changelog/12787.txt new file mode 100644 index 000000000..0e6d7fc6c --- /dev/null +++ b/.changelog/12787.txt @@ -0,0 +1,3 @@ +```release-note:feature +ca: Leaf certificates can now be obtained via the gRPC API: `Sign` +``` diff --git a/agent/connect/csr.go b/agent/connect/csr.go index cc01f991e..f699a5879 100644 --- a/agent/connect/csr.go +++ b/agent/connect/csr.go @@ -9,6 +9,7 @@ import ( "crypto/x509/pkix" "encoding/asn1" "encoding/pem" + "fmt" "net" "net/url" ) @@ -100,3 +101,24 @@ func CreateCAExtension() (pkix.Extension, error) { Value: bitstr, }, nil } + +// InvalidCSRError returns an error with the given fmt.Sprintf-formatted message +// indicating certificate signing failed because the user supplied an invalid CSR. +// +// See: IsInvalidCSRError. +func InvalidCSRError(format string, args ...interface{}) error { + return invalidCSRError{fmt.Sprintf(format, args...)} +} + +// IsInvalidCSRError returns whether the given error indicates that certificate +// signing failed because the user supplied an invalid CSR. +func IsInvalidCSRError(err error) bool { + _, ok := err.(invalidCSRError) + return ok +} + +type invalidCSRError struct { + s string +} + +func (e invalidCSRError) Error() string { return e.s } diff --git a/agent/consul/connect_ca_endpoint.go b/agent/consul/connect_ca_endpoint.go index c325ff123..29cfc38be 100644 --- a/agent/consul/connect_ca_endpoint.go +++ b/agent/consul/connect_ca_endpoint.go @@ -24,7 +24,7 @@ var ( // consul.ErrRateLimited.Error()` which is very sad. Short of replacing our // RPC mechanism it's hard to know how to make that much better though. ErrConnectNotEnabled = errors.New("Connect must be enabled in order to use this endpoint") - ErrRateLimited = errors.New("Rate limit reached, try again later") + ErrRateLimited = errors.New("Rate limit reached, try again later") // Note: we depend on this error message in the gRPC ConnectCA.Sign endpoint (see: isRateLimitError). ErrNotPrimaryDatacenter = errors.New("not the primary datacenter") ErrStateReadOnly = errors.New("CA Provider State is read-only") ) diff --git a/agent/consul/grpc_integration_test.go b/agent/consul/grpc_integration_test.go new file mode 100644 index 000000000..c243ebfee --- /dev/null +++ b/agent/consul/grpc_integration_test.go @@ -0,0 +1,84 @@ +package consul + +import ( + "context" + "net" + "os" + "testing" + + "github.com/stretchr/testify/require" + "google.golang.org/grpc" + + "github.com/hashicorp/consul/agent/connect" + "github.com/hashicorp/consul/proto-public/pbconnectca" + "github.com/hashicorp/consul/testrpc" +) + +func TestGRPCIntegration_ConnectCA_Sign(t *testing.T) { + if testing.Short() { + t.Skip("too slow for testing.Short") + } + + t.Parallel() + + // The gRPC endpoint itself well-tested with mocks. This test checks we're + // correctly wiring everything up in the server by: + // + // * Starting a cluster with multiple servers. + // * Making a request to a follower's public gRPC port. + // * Ensuring that the request is correctly forwarded to the leader. + // * Ensuring we get a valid certificate back (so it went through the CAManager). + dir1, server1 := testServerWithConfig(t, func(c *Config) { + c.Bootstrap = false + c.BootstrapExpect = 2 + }) + defer os.RemoveAll(dir1) + defer server1.Shutdown() + + dir2, server2 := testServerWithConfig(t, func(c *Config) { + c.Bootstrap = false + }) + defer os.RemoveAll(dir2) + defer server2.Shutdown() + + joinLAN(t, server2, server1) + + testrpc.WaitForLeader(t, server1.RPC, "dc1") + + var follower *Server + if server1.IsLeader() { + follower = server2 + } else { + follower = server1 + } + + // publicGRPCServer is bound to a listener by the wrapping agent code, so we + // need to do it ourselves here. + lis, err := net.Listen("tcp", "127.0.0.1:0") + require.NoError(t, err) + go func() { + require.NoError(t, follower.publicGRPCServer.Serve(lis)) + }() + t.Cleanup(follower.publicGRPCServer.Stop) + + conn, err := grpc.Dial(lis.Addr().String(), grpc.WithInsecure()) + require.NoError(t, err) + + client := pbconnectca.NewConnectCAServiceClient(conn) + + csr, _ := connect.TestCSR(t, &connect.SpiffeIDService{ + Host: connect.TestClusterID + ".consul", + Namespace: "default", + Datacenter: "dc1", + Service: "foo", + }) + + // This would fail if it wasn't forwarded to the leader. + rsp, err := client.Sign(context.Background(), &pbconnectca.SignRequest{ + Csr: csr, + }) + require.NoError(t, err) + + _, err = connect.ParseCert(rsp.CertPem) + require.NoError(t, err) +} diff --git a/agent/consul/leader_connect_ca.go b/agent/consul/leader_connect_ca.go index 88d3c5d42..91da428ac 100644 --- a/agent/consul/leader_connect_ca.go +++ b/agent/consul/leader_connect_ca.go @@ -1382,7 +1382,7 @@ func (l *connectSignRateLimiter) getCSRRateLimiterWithLimit(limit rate.Limit) *r func (c *CAManager) AuthorizeAndSignCertificate(csr *x509.CertificateRequest, authz acl.Authorizer) (*structs.IssuedCert, error) { // Parse the SPIFFE ID from the CSR SAN. if len(csr.URIs) == 0 { - return nil, errors.New("CSR SAN does not contain a SPIFFE ID") + return nil, connect.InvalidCSRError("CSR SAN does not contain a SPIFFE ID") } spiffeID, err := connect.ParseCertURI(csr.URIs[0]) if err != nil { @@ -1403,7 +1403,7 @@ func (c *CAManager) AuthorizeAndSignCertificate(csr *x509.CertificateRequest, au // requirement later but being restrictive for now is safer. dc := c.serverConf.Datacenter if v.Datacenter != dc { - return nil, fmt.Errorf("SPIFFE ID in CSR from a different datacenter: %s, "+ + return nil, connect.InvalidCSRError("SPIFFE ID in CSR from a different datacenter: %s, "+ "we are %s", v.Datacenter, dc) } case *connect.SpiffeIDAgent: @@ -1412,7 +1412,7 @@ func (c *CAManager) AuthorizeAndSignCertificate(csr *x509.CertificateRequest, au return nil, err } default: - return nil, errors.New("SPIFFE ID in CSR must be a service or agent ID") + return nil, connect.InvalidCSRError("SPIFFE ID in CSR must be a service or agent ID") } return c.SignCertificate(csr, spiffeID) @@ -1436,13 +1436,13 @@ func (c *CAManager) SignCertificate(csr *x509.CertificateRequest, spiffeID conne serviceID, isService := spiffeID.(*connect.SpiffeIDService) agentID, isAgent := spiffeID.(*connect.SpiffeIDAgent) if !isService && !isAgent { - return nil, fmt.Errorf("SPIFFE ID in CSR must be a service or agent ID") + return nil, connect.InvalidCSRError("SPIFFE ID in CSR must be a service or agent ID") } var entMeta acl.EnterpriseMeta if isService { if !signingID.CanSign(spiffeID) { - return nil, fmt.Errorf("SPIFFE ID in CSR from a different trust domain: %s, "+ + return nil, connect.InvalidCSRError("SPIFFE ID in CSR from a different trust domain: %s, "+ "we are %s", serviceID.Host, signingID.Host()) } entMeta.Merge(serviceID.GetEnterpriseMeta()) diff --git a/agent/consul/server.go b/agent/consul/server.go index e278c2011..d9b4aed6b 100644 --- a/agent/consul/server.go +++ b/agent/consul/server.go @@ -238,6 +238,11 @@ type Server struct { // is only ever closed. leaveCh chan struct{} + // publicConnectCAServer serves the Connect CA service exposed on the public + // gRPC port. It is also exposed on the private multiplexed "server" port to + // enable RPC forwarding. + publicConnectCAServer *connectca.Server + // publicGRPCServer is the gRPC server exposed on the dedicated gRPC port, as // opposed to the multiplexed "server" port which is served by grpcHandler. publicGRPCServer *grpc.Server @@ -657,6 +662,29 @@ func NewServer(config *Config, flat Deps, publicGRPCServer *grpc.Server) (*Serve s.overviewManager = NewOverviewManager(s.logger, s.fsm, s.config.MetricsReportingInterval) go s.overviewManager.Run(&lib.StopChannelContext{StopCh: s.shutdownCh}) + // Initialize public gRPC server - register services on public gRPC server. + s.publicConnectCAServer = connectca.NewServer(connectca.Config{ + Publisher: s.publisher, + GetStore: func() connectca.StateStore { return s.FSM().State() }, + Logger: logger.Named("grpc-api.connect-ca"), + ACLResolver: plainACLResolver{s.ACLResolver}, + CAManager: s.caManager, + ForwardRPC: func(info structs.RPCInfo, fn func(*grpc.ClientConn) error) (bool, error) { + return s.ForwardGRPC(s.grpcConnPool, info, fn) + }, + ConnectEnabled: s.config.ConnectEnabled, + }) + s.publicConnectCAServer.Register(s.publicGRPCServer) + + dataplane.NewServer(dataplane.Config{ + Logger: logger.Named("grpc-api.dataplane"), + ACLResolver: plainACLResolver{s.ACLResolver}, + }).Register(s.publicGRPCServer) + + // Initialize private gRPC server. + // + // Note: some "public" gRPC services are also exposed on the private gRPC server + // to enable RPC forwarding. s.grpcHandler = newGRPCHandlerFromConfig(flat, config, s) s.grpcLeaderForwarder = flat.LeaderForwarder go s.trackLeaderChanges() @@ -669,18 +697,6 @@ func NewServer(config *Config, flat Deps, publicGRPCServer *grpc.Server) (*Serve // since it can fire events when leadership is obtained. go s.monitorLeadership() - // Initialize public gRPC server - register services on public gRPC server. - connectca.NewServer(connectca.Config{ - Publisher: s.publisher, - GetStore: func() connectca.StateStore { return s.FSM().State() }, - Logger: logger.Named("grpc-api.connect-ca"), - ACLResolver: plainACLResolver{s.ACLResolver}, - }).Register(s.publicGRPCServer) - dataplane.NewServer(dataplane.Config{ - Logger: logger.Named("grpc-api.dataplane"), - ACLResolver: plainACLResolver{s.ACLResolver}, - }).Register(s.publicGRPCServer) - // Start listening for RPC requests. go func() { if err := s.grpcHandler.Run(); err != nil { @@ -712,6 +728,10 @@ func newGRPCHandlerFromConfig(deps Deps, config *Config, s *Server) connHandler deps.Logger.Named("grpc-api.subscription"))) } s.registerEnterpriseGRPCServices(deps, srv) + + // Note: this public gRPC service is also exposed on the private server to + // enable RPC forwarding. + s.publicConnectCAServer.Register(srv) } return agentgrpc.NewHandler(deps.Logger, config.RPCAddr, register) diff --git a/agent/grpc/public/services/connectca/mock_ACLResolver.go b/agent/grpc/public/services/connectca/mock_ACLResolver.go index 6b6a6a771..ce21ffdeb 100644 --- a/agent/grpc/public/services/connectca/mock_ACLResolver.go +++ b/agent/grpc/public/services/connectca/mock_ACLResolver.go @@ -3,9 +3,8 @@ package connectca import ( - mock "github.com/stretchr/testify/mock" - acl "github.com/hashicorp/consul/acl" + mock "github.com/stretchr/testify/mock" ) // MockACLResolver is an autogenerated mock type for the ACLResolver type @@ -13,13 +12,13 @@ type MockACLResolver struct { mock.Mock } -// ResolveTokenAndDefaultMeta provides a mock function with given fields: _a0, _a1, _a2 -func (_m *MockACLResolver) ResolveTokenAndDefaultMeta(_a0 string, _a1 *acl.EnterpriseMeta, _a2 *acl.AuthorizerContext) (acl.Authorizer, error) { - ret := _m.Called(_a0, _a1, _a2) +// ResolveTokenAndDefaultMeta provides a mock function with given fields: token, entMeta, authzContext +func (_m *MockACLResolver) ResolveTokenAndDefaultMeta(token string, entMeta *acl.EnterpriseMeta, authzContext *acl.AuthorizerContext) (acl.Authorizer, error) { + ret := _m.Called(token, entMeta, authzContext) var r0 acl.Authorizer if rf, ok := ret.Get(0).(func(string, *acl.EnterpriseMeta, *acl.AuthorizerContext) acl.Authorizer); ok { - r0 = rf(_a0, _a1, _a2) + r0 = rf(token, entMeta, authzContext) } else { if ret.Get(0) != nil { r0 = ret.Get(0).(acl.Authorizer) @@ -28,7 +27,7 @@ func (_m *MockACLResolver) ResolveTokenAndDefaultMeta(_a0 string, _a1 *acl.Enter var r1 error if rf, ok := ret.Get(1).(func(string, *acl.EnterpriseMeta, *acl.AuthorizerContext) error); ok { - r1 = rf(_a0, _a1, _a2) + r1 = rf(token, entMeta, authzContext) } else { r1 = ret.Error(1) } diff --git a/agent/grpc/public/services/connectca/mock_CAManager.go b/agent/grpc/public/services/connectca/mock_CAManager.go new file mode 100644 index 000000000..1034c4b97 --- /dev/null +++ b/agent/grpc/public/services/connectca/mock_CAManager.go @@ -0,0 +1,40 @@ +// Code generated by mockery v1.0.0. DO NOT EDIT. + +package connectca + +import ( + acl "github.com/hashicorp/consul/acl" + mock "github.com/stretchr/testify/mock" + + structs "github.com/hashicorp/consul/agent/structs" + + x509 "crypto/x509" +) + +// MockCAManager is an autogenerated mock type for the CAManager type +type MockCAManager struct { + mock.Mock +} + +// AuthorizeAndSignCertificate provides a mock function with given fields: csr, authz +func (_m *MockCAManager) AuthorizeAndSignCertificate(csr *x509.CertificateRequest, authz acl.Authorizer) (*structs.IssuedCert, error) { + ret := _m.Called(csr, authz) + + var r0 *structs.IssuedCert + if rf, ok := ret.Get(0).(func(*x509.CertificateRequest, acl.Authorizer) *structs.IssuedCert); ok { + r0 = rf(csr, authz) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*structs.IssuedCert) + } + } + + var r1 error + if rf, ok := ret.Get(1).(func(*x509.CertificateRequest, acl.Authorizer) error); ok { + r1 = rf(csr, authz) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} diff --git a/agent/grpc/public/services/connectca/server.go b/agent/grpc/public/services/connectca/server.go index 86edfdb54..1407e42d6 100644 --- a/agent/grpc/public/services/connectca/server.go +++ b/agent/grpc/public/services/connectca/server.go @@ -1,7 +1,11 @@ package connectca import ( + "crypto/x509" + "google.golang.org/grpc" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/status" "github.com/hashicorp/go-hclog" "github.com/hashicorp/go-memdb" @@ -17,10 +21,13 @@ type Server struct { } type Config struct { - Publisher EventPublisher - GetStore func() StateStore - Logger hclog.Logger - ACLResolver ACLResolver + Publisher EventPublisher + GetStore func() StateStore + Logger hclog.Logger + ACLResolver ACLResolver + CAManager CAManager + ForwardRPC func(structs.RPCInfo, func(*grpc.ClientConn) error) (bool, error) + ConnectEnabled bool } type EventPublisher interface { @@ -34,7 +41,12 @@ type StateStore interface { //go:generate mockery -name ACLResolver -inpkg type ACLResolver interface { - ResolveTokenAndDefaultMeta(string, *acl.EnterpriseMeta, *acl.AuthorizerContext) (acl.Authorizer, error) + ResolveTokenAndDefaultMeta(token string, entMeta *acl.EnterpriseMeta, authzContext *acl.AuthorizerContext) (acl.Authorizer, error) +} + +//go:generate mockery -name CAManager -inpkg +type CAManager interface { + AuthorizeAndSignCertificate(csr *x509.CertificateRequest, authz acl.Authorizer) (*structs.IssuedCert, error) } func NewServer(cfg Config) *Server { @@ -44,3 +56,10 @@ func NewServer(cfg Config) *Server { func (s *Server) Register(grpcServer *grpc.Server) { pbconnectca.RegisterConnectCAServiceServer(grpcServer, s) } + +func (s *Server) requireConnect() error { + if s.ConnectEnabled { + return nil + } + return status.Error(codes.FailedPrecondition, "Connect must be enabled in order to use this endpoint") +} diff --git a/agent/grpc/public/services/connectca/server_test.go b/agent/grpc/public/services/connectca/server_test.go index e74b7c094..def654bf8 100644 --- a/agent/grpc/public/services/connectca/server_test.go +++ b/agent/grpc/public/services/connectca/server_test.go @@ -12,9 +12,14 @@ import ( "github.com/hashicorp/consul/agent/consul/state" "github.com/hashicorp/consul/agent/consul/stream" + "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/proto-public/pbconnectca" ) +func noopForwardRPC(structs.RPCInfo, func(*grpc.ClientConn) error) (bool, error) { + return false, nil +} + func testStateStore(t *testing.T, publisher state.EventPublisher) *state.Store { t.Helper() diff --git a/agent/grpc/public/services/connectca/sign.go b/agent/grpc/public/services/connectca/sign.go new file mode 100644 index 000000000..d6a21d616 --- /dev/null +++ b/agent/grpc/public/services/connectca/sign.go @@ -0,0 +1,95 @@ +package connectca + +import ( + "context" + "strings" + + "google.golang.org/grpc" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/status" + + "github.com/hashicorp/consul/acl" + "github.com/hashicorp/consul/agent/connect" + "github.com/hashicorp/consul/agent/grpc/public" + "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/proto-public/pbconnectca" +) + +// Sign a leaf certificate for the service or agent identified by the SPIFFE +// ID in the given CSR's SAN. +func (s *Server) Sign(ctx context.Context, req *pbconnectca.SignRequest) (*pbconnectca.SignResponse, error) { + if err := s.requireConnect(); err != nil { + return nil, err + } + + logger := s.Logger.Named("sign").With("request_id", traceID()) + logger.Trace("request received") + + token := public.TokenFromContext(ctx) + + if req.Csr == "" { + return nil, status.Error(codes.InvalidArgument, "CSR is required") + } + + // For private/internal gRPC handlers, protoc-gen-rpc-glue generates the + // requisite methods to satisfy the structs.RPCInfo interface using fields + // from the pbcommon package. This service is public, so we can't use those + // fields in our proto definition. Instead, we construct our RPCInfo manually. + // + // Embedding WriteRequest ensures RPCs are forwarded to the leader, embedding + // DCSpecificRequest adds the RequestDatacenter method (but as we're not + // setting Datacenter it has the effect of *not* doing DC forwarding). + var rpcInfo struct { + structs.WriteRequest + structs.DCSpecificRequest + } + rpcInfo.Token = token + + var rsp *pbconnectca.SignResponse + handled, err := s.ForwardRPC(&rpcInfo, func(conn *grpc.ClientConn) error { + logger.Trace("forwarding RPC") + var err error + rsp, err = pbconnectca.NewConnectCAServiceClient(conn).Sign(ctx, req) + return err + }) + if handled || err != nil { + return rsp, err + } + + csr, err := connect.ParseCSR(req.Csr) + if err != nil { + return nil, status.Error(codes.InvalidArgument, err.Error()) + } + + authz, err := s.ACLResolver.ResolveTokenAndDefaultMeta(token, nil, nil) + if err != nil { + return nil, status.Error(codes.Unauthenticated, err.Error()) + } + + cert, err := s.CAManager.AuthorizeAndSignCertificate(csr, authz) + switch { + case connect.IsInvalidCSRError(err): + return nil, status.Error(codes.InvalidArgument, err.Error()) + case acl.IsErrPermissionDenied(err): + return nil, status.Error(codes.PermissionDenied, err.Error()) + case isRateLimitError(err): + return nil, status.Error(codes.ResourceExhausted, err.Error()) + case err != nil: + logger.Error("failed to sign leaf certificate", "error", err.Error()) + return nil, status.Error(codes.Internal, "failed to sign leaf certificate") + } + + return &pbconnectca.SignResponse{ + CertPem: cert.CertPEM, + }, nil +} + +// TODO(agentless): CAManager currently lives in the `agent/consul` package and +// returns ErrRateLimited which we can't reference directly here because it'd +// create an import cycle. Checking the error message like this is fragile, but +// because of net/rpc's limited error handling support it's what we already do +// on the client. We should either move the error constant so that can use it +// here, or perhaps make it a typed error? +func isRateLimitError(err error) bool { + return err != nil && strings.Contains(err.Error(), "limit reached") +} diff --git a/agent/grpc/public/services/connectca/sign_test.go b/agent/grpc/public/services/connectca/sign_test.go new file mode 100644 index 000000000..600b1056c --- /dev/null +++ b/agent/grpc/public/services/connectca/sign_test.go @@ -0,0 +1,252 @@ +package connectca + +import ( + "context" + "errors" + "testing" + + "google.golang.org/grpc" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/status" + + "github.com/hashicorp/go-hclog" + "github.com/stretchr/testify/mock" + "github.com/stretchr/testify/require" + + acl "github.com/hashicorp/consul/acl" + "github.com/hashicorp/consul/agent/connect" + "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/proto-public/pbconnectca" +) + +func TestSign_ConnectDisabled(t *testing.T) { + server := NewServer(Config{ConnectEnabled: false}) + + _, err := server.Sign(context.Background(), &pbconnectca.SignRequest{}) + require.Error(t, err) + require.Equal(t, codes.FailedPrecondition.String(), status.Code(err).String()) + require.Contains(t, status.Convert(err).Message(), "Connect") +} + +func TestSign_Validation(t *testing.T) { + aclResolver := &MockACLResolver{} + aclResolver.On("ResolveTokenAndDefaultMeta", mock.Anything, mock.Anything, mock.Anything). + Return(acl.AllowAll(), nil) + + server := NewServer(Config{ + Logger: hclog.NewNullLogger(), + ACLResolver: aclResolver, + ForwardRPC: noopForwardRPC, + ConnectEnabled: true, + }) + + testCases := map[string]struct { + csr, err string + }{ + "no csr": { + csr: "", + err: "CSR is required", + }, + "invalid csr": { + csr: "bogus", + err: "no PEM-encoded data found", + }, + } + for desc, tc := range testCases { + t.Run(desc, func(t *testing.T) { + _, err := server.Sign(context.Background(), &pbconnectca.SignRequest{ + Csr: tc.csr, + }) + require.Error(t, err) + require.Equal(t, codes.InvalidArgument.String(), status.Code(err).String()) + require.Equal(t, tc.err, status.Convert(err).Message()) + }) + } +} + +func TestSign_Unauthenticated(t *testing.T) { + aclResolver := &MockACLResolver{} + aclResolver.On("ResolveTokenAndDefaultMeta", mock.Anything, mock.Anything, mock.Anything). + Return(nil, acl.ErrNotFound) + + server := NewServer(Config{ + Logger: hclog.NewNullLogger(), + ACLResolver: aclResolver, + ForwardRPC: noopForwardRPC, + ConnectEnabled: true, + }) + + csr, _ := connect.TestCSR(t, connect.TestSpiffeIDService(t, "web")) + + _, err := server.Sign(context.Background(), &pbconnectca.SignRequest{ + Csr: csr, + }) + require.Error(t, err) + require.Equal(t, codes.Unauthenticated.String(), status.Code(err).String()) +} + +func TestSign_PermissionDenied(t *testing.T) { + aclResolver := &MockACLResolver{} + aclResolver.On("ResolveTokenAndDefaultMeta", mock.Anything, mock.Anything, mock.Anything). + Return(acl.AllowAll(), nil) + + caManager := &MockCAManager{} + caManager.On("AuthorizeAndSignCertificate", mock.Anything, mock.Anything). + Return(nil, acl.ErrPermissionDenied) + + server := NewServer(Config{ + Logger: hclog.NewNullLogger(), + ACLResolver: aclResolver, + CAManager: caManager, + ForwardRPC: noopForwardRPC, + ConnectEnabled: true, + }) + + csr, _ := connect.TestCSR(t, connect.TestSpiffeIDService(t, "web")) + + _, err := server.Sign(context.Background(), &pbconnectca.SignRequest{ + Csr: csr, + }) + require.Error(t, err) + require.Equal(t, codes.PermissionDenied.String(), status.Code(err).String()) +} + +func TestSign_InvalidCSR(t *testing.T) { + aclResolver := &MockACLResolver{} + aclResolver.On("ResolveTokenAndDefaultMeta", mock.Anything, mock.Anything, mock.Anything). + Return(acl.AllowAll(), nil) + + caManager := &MockCAManager{} + caManager.On("AuthorizeAndSignCertificate", mock.Anything, mock.Anything). + Return(nil, connect.InvalidCSRError("nope")) + + server := NewServer(Config{ + Logger: hclog.NewNullLogger(), + ACLResolver: aclResolver, + CAManager: caManager, + ForwardRPC: noopForwardRPC, + ConnectEnabled: true, + }) + + csr, _ := connect.TestCSR(t, connect.TestSpiffeIDService(t, "web")) + + _, err := server.Sign(context.Background(), &pbconnectca.SignRequest{ + Csr: csr, + }) + require.Error(t, err) + require.Equal(t, codes.InvalidArgument.String(), status.Code(err).String()) +} + +func TestSign_RateLimited(t *testing.T) { + aclResolver := &MockACLResolver{} + aclResolver.On("ResolveTokenAndDefaultMeta", mock.Anything, mock.Anything, mock.Anything). + Return(acl.AllowAll(), nil) + + caManager := &MockCAManager{} + caManager.On("AuthorizeAndSignCertificate", mock.Anything, mock.Anything). + Return(nil, errors.New("Rate limit reached, try again later")) + + server := NewServer(Config{ + Logger: hclog.NewNullLogger(), + ACLResolver: aclResolver, + CAManager: caManager, + ForwardRPC: noopForwardRPC, + ConnectEnabled: true, + }) + + csr, _ := connect.TestCSR(t, connect.TestSpiffeIDService(t, "web")) + + _, err := server.Sign(context.Background(), &pbconnectca.SignRequest{ + Csr: csr, + }) + require.Error(t, err) + require.Equal(t, codes.ResourceExhausted.String(), status.Code(err).String()) +} + +func TestSign_InternalError(t *testing.T) { + aclResolver := &MockACLResolver{} + aclResolver.On("ResolveTokenAndDefaultMeta", mock.Anything, mock.Anything, mock.Anything). + Return(acl.AllowAll(), nil) + + caManager := &MockCAManager{} + caManager.On("AuthorizeAndSignCertificate", mock.Anything, mock.Anything). + Return(nil, errors.New("something went very wrong")) + + server := NewServer(Config{ + Logger: hclog.NewNullLogger(), + ACLResolver: aclResolver, + CAManager: caManager, + ForwardRPC: noopForwardRPC, + ConnectEnabled: true, + }) + + csr, _ := connect.TestCSR(t, connect.TestSpiffeIDService(t, "web")) + + _, err := server.Sign(context.Background(), &pbconnectca.SignRequest{ + Csr: csr, + }) + require.Error(t, err) + require.Equal(t, codes.Internal.String(), status.Code(err).String()) +} + +func TestSign_Success(t *testing.T) { + aclResolver := &MockACLResolver{} + aclResolver.On("ResolveTokenAndDefaultMeta", mock.Anything, mock.Anything, mock.Anything). + Return(acl.AllowAll(), nil) + + caManager := &MockCAManager{} + caManager.On("AuthorizeAndSignCertificate", mock.Anything, mock.Anything). + Return(&structs.IssuedCert{CertPEM: "this is the PEM"}, nil) + + server := NewServer(Config{ + Logger: hclog.NewNullLogger(), + ACLResolver: aclResolver, + CAManager: caManager, + ForwardRPC: noopForwardRPC, + ConnectEnabled: true, + }) + + csr, _ := connect.TestCSR(t, connect.TestSpiffeIDService(t, "web")) + + rsp, err := server.Sign(context.Background(), &pbconnectca.SignRequest{ + Csr: csr, + }) + require.NoError(t, err) + require.Equal(t, "this is the PEM", rsp.CertPem) +} + +func TestSign_RPCForwarding(t *testing.T) { + aclResolver := &MockACLResolver{} + aclResolver.On("ResolveTokenAndDefaultMeta", mock.Anything, mock.Anything, mock.Anything). + Return(acl.AllowAll(), nil) + + caManager := &MockCAManager{} + caManager.On("AuthorizeAndSignCertificate", mock.Anything, mock.Anything). + Return(&structs.IssuedCert{CertPEM: "leader response"}, nil) + + leader := NewServer(Config{ + Logger: hclog.NewNullLogger(), + ACLResolver: aclResolver, + CAManager: caManager, + ForwardRPC: noopForwardRPC, + ConnectEnabled: true, + }) + leaderConn, err := grpc.Dial(runTestServer(t, leader).String(), grpc.WithInsecure()) + require.NoError(t, err) + + follower := NewServer(Config{ + Logger: hclog.NewNullLogger(), + ForwardRPC: func(_ structs.RPCInfo, fn func(*grpc.ClientConn) error) (bool, error) { + return true, fn(leaderConn) + }, + ConnectEnabled: true, + }) + + csr, _ := connect.TestCSR(t, connect.TestSpiffeIDService(t, "web")) + + rsp, err := follower.Sign(context.Background(), &pbconnectca.SignRequest{ + Csr: csr, + }) + require.NoError(t, err) + require.Equal(t, "leader response", rsp.CertPem) +} diff --git a/agent/grpc/public/services/connectca/watch_roots.go b/agent/grpc/public/services/connectca/watch_roots.go index 7a7430783..1d458b558 100644 --- a/agent/grpc/public/services/connectca/watch_roots.go +++ b/agent/grpc/public/services/connectca/watch_roots.go @@ -26,8 +26,11 @@ import ( // Connect CA roots. Current roots are sent immediately at the start of the // stream, and new lists will be sent whenever the roots are rotated. func (s *Server) WatchRoots(_ *emptypb.Empty, serverStream pbconnectca.ConnectCAService_WatchRootsServer) error { - logger := s.Logger.Named("watch-roots").With("stream_id", streamID()) + if err := s.requireConnect(); err != nil { + return err + } + logger := s.Logger.Named("watch-roots").With("stream_id", traceID()) logger.Trace("starting stream") defer logger.Trace("stream closed") @@ -179,8 +182,8 @@ func (s *Server) authorize(token string) error { } // We tag logs with a unique identifier to ease debugging. In the future this -// should probably be an Open Telemetry trace ID. -func streamID() string { +// should probably be a real Open Telemetry trace ID. +func traceID() string { id, err := uuid.GenerateUUID() if err != nil { return "" diff --git a/agent/grpc/public/services/connectca/watch_roots_test.go b/agent/grpc/public/services/connectca/watch_roots_test.go index 7bce07e1a..1106aa35d 100644 --- a/agent/grpc/public/services/connectca/watch_roots_test.go +++ b/agent/grpc/public/services/connectca/watch_roots_test.go @@ -26,6 +26,20 @@ import ( const testACLToken = "acl-token" +func TestWatchRoots_ConnectDisabled(t *testing.T) { + server := NewServer(Config{ConnectEnabled: false}) + + // Begin the stream. + client := testClient(t, server) + stream, err := client.WatchRoots(context.Background(), &emptypb.Empty{}) + require.NoError(t, err) + rspCh := handleRootsStream(t, stream) + + err = mustGetError(t, rspCh) + require.Equal(t, codes.FailedPrecondition.String(), status.Code(err).String()) + require.Contains(t, status.Convert(err).Message(), "Connect") +} + func TestWatchRoots_Success(t *testing.T) { fsm, publisher := setupFSMAndPublisher(t) @@ -45,10 +59,11 @@ func TestWatchRoots_Success(t *testing.T) { ctx := public.ContextWithToken(context.Background(), testACLToken) server := NewServer(Config{ - Publisher: publisher, - GetStore: func() StateStore { return fsm.GetStore() }, - Logger: testutil.Logger(t), - ACLResolver: aclResolver, + Publisher: publisher, + GetStore: func() StateStore { return fsm.GetStore() }, + Logger: testutil.Logger(t), + ACLResolver: aclResolver, + ConnectEnabled: true, }) // Begin the stream. @@ -92,10 +107,11 @@ func TestWatchRoots_InvalidACLToken(t *testing.T) { ctx := public.ContextWithToken(context.Background(), testACLToken) server := NewServer(Config{ - Publisher: publisher, - GetStore: func() StateStore { return fsm.GetStore() }, - Logger: testutil.Logger(t), - ACLResolver: aclResolver, + Publisher: publisher, + GetStore: func() StateStore { return fsm.GetStore() }, + Logger: testutil.Logger(t), + ACLResolver: aclResolver, + ConnectEnabled: true, }) // Start the stream. @@ -129,10 +145,11 @@ func TestWatchRoots_ACLTokenInvalidated(t *testing.T) { ctx := public.ContextWithToken(context.Background(), testACLToken) server := NewServer(Config{ - Publisher: publisher, - GetStore: func() StateStore { return fsm.GetStore() }, - Logger: testutil.Logger(t), - ACLResolver: aclResolver, + Publisher: publisher, + GetStore: func() StateStore { return fsm.GetStore() }, + Logger: testutil.Logger(t), + ACLResolver: aclResolver, + ConnectEnabled: true, }) // Start the stream. @@ -196,10 +213,11 @@ func TestWatchRoots_StateStoreAbandoned(t *testing.T) { ctx := public.ContextWithToken(context.Background(), testACLToken) server := NewServer(Config{ - Publisher: publisher, - GetStore: func() StateStore { return fsm.GetStore() }, - Logger: testutil.Logger(t), - ACLResolver: aclResolver, + Publisher: publisher, + GetStore: func() StateStore { return fsm.GetStore() }, + Logger: testutil.Logger(t), + ACLResolver: aclResolver, + ConnectEnabled: true, }) // Begin the stream. diff --git a/proto-public/pbconnectca/ca.pb.binary.go b/proto-public/pbconnectca/ca.pb.binary.go index e373db9b5..3db6ad209 100644 --- a/proto-public/pbconnectca/ca.pb.binary.go +++ b/proto-public/pbconnectca/ca.pb.binary.go @@ -26,3 +26,23 @@ func (msg *CARoot) MarshalBinary() ([]byte, error) { func (msg *CARoot) UnmarshalBinary(b []byte) error { return proto.Unmarshal(b, msg) } + +// MarshalBinary implements encoding.BinaryMarshaler +func (msg *SignRequest) MarshalBinary() ([]byte, error) { + return proto.Marshal(msg) +} + +// UnmarshalBinary implements encoding.BinaryUnmarshaler +func (msg *SignRequest) UnmarshalBinary(b []byte) error { + return proto.Unmarshal(b, msg) +} + +// MarshalBinary implements encoding.BinaryMarshaler +func (msg *SignResponse) MarshalBinary() ([]byte, error) { + return proto.Marshal(msg) +} + +// UnmarshalBinary implements encoding.BinaryUnmarshaler +func (msg *SignResponse) UnmarshalBinary(b []byte) error { + return proto.Unmarshal(b, msg) +} diff --git a/proto-public/pbconnectca/ca.pb.go b/proto-public/pbconnectca/ca.pb.go index bb966a4de..a3f1d8777 100644 --- a/proto-public/pbconnectca/ca.pb.go +++ b/proto-public/pbconnectca/ca.pb.go @@ -228,6 +228,106 @@ func (x *CARoot) GetRotatedOutAt() *timestamppb.Timestamp { return nil } +type SignRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // csr is the PEM-encoded Certificate Signing Request (CSR). + // + // The CSR's SAN must include a SPIFFE ID that identifies a service or agent + // to which the ACL token provided in the `x-consul-token` metadata has write + // access. + Csr string `protobuf:"bytes,1,opt,name=csr,proto3" json:"csr,omitempty"` +} + +func (x *SignRequest) Reset() { + *x = SignRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_public_pbconnectca_ca_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *SignRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*SignRequest) ProtoMessage() {} + +func (x *SignRequest) ProtoReflect() protoreflect.Message { + mi := &file_proto_public_pbconnectca_ca_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use SignRequest.ProtoReflect.Descriptor instead. +func (*SignRequest) Descriptor() ([]byte, []int) { + return file_proto_public_pbconnectca_ca_proto_rawDescGZIP(), []int{2} +} + +func (x *SignRequest) GetCsr() string { + if x != nil { + return x.Csr + } + return "" +} + +type SignResponse struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // cert_pem is the PEM-encoded leaf certificate. + CertPem string `protobuf:"bytes,2,opt,name=cert_pem,json=certPem,proto3" json:"cert_pem,omitempty"` +} + +func (x *SignResponse) Reset() { + *x = SignResponse{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_public_pbconnectca_ca_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *SignResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*SignResponse) ProtoMessage() {} + +func (x *SignResponse) ProtoReflect() protoreflect.Message { + mi := &file_proto_public_pbconnectca_ca_proto_msgTypes[3] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use SignResponse.ProtoReflect.Descriptor instead. +func (*SignResponse) Descriptor() ([]byte, []int) { + return file_proto_public_pbconnectca_ca_proto_rawDescGZIP(), []int{3} +} + +func (x *SignResponse) GetCertPem() string { + if x != nil { + return x.CertPem + } + return "" +} + var File_proto_public_pbconnectca_ca_proto protoreflect.FileDescriptor var file_proto_public_pbconnectca_ca_proto_rawDesc = []byte{ @@ -264,17 +364,25 @@ var file_proto_public_pbconnectca_ca_proto_rawDesc = []byte{ 0x75, 0x74, 0x5f, 0x61, 0x74, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x0c, 0x72, 0x6f, 0x74, 0x61, 0x74, 0x65, 0x64, - 0x4f, 0x75, 0x74, 0x41, 0x74, 0x32, 0x5b, 0x0a, 0x10, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, - 0x43, 0x41, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x47, 0x0a, 0x0a, 0x57, 0x61, 0x74, - 0x63, 0x68, 0x52, 0x6f, 0x6f, 0x74, 0x73, 0x12, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x1a, - 0x1d, 0x2e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x63, 0x61, 0x2e, 0x57, 0x61, 0x74, 0x63, - 0x68, 0x52, 0x6f, 0x6f, 0x74, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, - 0x30, 0x01, 0x42, 0x36, 0x5a, 0x34, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, - 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, - 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, - 0x62, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x63, 0x61, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x33, + 0x4f, 0x75, 0x74, 0x41, 0x74, 0x22, 0x1f, 0x0a, 0x0b, 0x53, 0x69, 0x67, 0x6e, 0x52, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x63, 0x73, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x03, 0x63, 0x73, 0x72, 0x22, 0x29, 0x0a, 0x0c, 0x53, 0x69, 0x67, 0x6e, 0x52, 0x65, + 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x19, 0x0a, 0x08, 0x63, 0x65, 0x72, 0x74, 0x5f, 0x70, + 0x65, 0x6d, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x63, 0x65, 0x72, 0x74, 0x50, 0x65, + 0x6d, 0x32, 0x96, 0x01, 0x0a, 0x10, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x43, 0x41, 0x53, + 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x47, 0x0a, 0x0a, 0x57, 0x61, 0x74, 0x63, 0x68, 0x52, + 0x6f, 0x6f, 0x74, 0x73, 0x12, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x1a, 0x1d, 0x2e, 0x63, + 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x63, 0x61, 0x2e, 0x57, 0x61, 0x74, 0x63, 0x68, 0x52, 0x6f, + 0x6f, 0x74, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x30, 0x01, 0x12, + 0x39, 0x0a, 0x04, 0x53, 0x69, 0x67, 0x6e, 0x12, 0x16, 0x2e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, + 0x74, 0x63, 0x61, 0x2e, 0x53, 0x69, 0x67, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, + 0x17, 0x2e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x63, 0x61, 0x2e, 0x53, 0x69, 0x67, 0x6e, + 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x42, 0x36, 0x5a, 0x34, 0x67, 0x69, + 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, + 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, + 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, + 0x63, 0x61, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -289,20 +397,24 @@ func file_proto_public_pbconnectca_ca_proto_rawDescGZIP() []byte { return file_proto_public_pbconnectca_ca_proto_rawDescData } -var file_proto_public_pbconnectca_ca_proto_msgTypes = make([]protoimpl.MessageInfo, 2) +var file_proto_public_pbconnectca_ca_proto_msgTypes = make([]protoimpl.MessageInfo, 4) var file_proto_public_pbconnectca_ca_proto_goTypes = []interface{}{ (*WatchRootsResponse)(nil), // 0: connectca.WatchRootsResponse (*CARoot)(nil), // 1: connectca.CARoot - (*timestamppb.Timestamp)(nil), // 2: google.protobuf.Timestamp - (*emptypb.Empty)(nil), // 3: google.protobuf.Empty + (*SignRequest)(nil), // 2: connectca.SignRequest + (*SignResponse)(nil), // 3: connectca.SignResponse + (*timestamppb.Timestamp)(nil), // 4: google.protobuf.Timestamp + (*emptypb.Empty)(nil), // 5: google.protobuf.Empty } var file_proto_public_pbconnectca_ca_proto_depIdxs = []int32{ 1, // 0: connectca.WatchRootsResponse.roots:type_name -> connectca.CARoot - 2, // 1: connectca.CARoot.rotated_out_at:type_name -> google.protobuf.Timestamp - 3, // 2: connectca.ConnectCAService.WatchRoots:input_type -> google.protobuf.Empty - 0, // 3: connectca.ConnectCAService.WatchRoots:output_type -> connectca.WatchRootsResponse - 3, // [3:4] is the sub-list for method output_type - 2, // [2:3] is the sub-list for method input_type + 4, // 1: connectca.CARoot.rotated_out_at:type_name -> google.protobuf.Timestamp + 5, // 2: connectca.ConnectCAService.WatchRoots:input_type -> google.protobuf.Empty + 2, // 3: connectca.ConnectCAService.Sign:input_type -> connectca.SignRequest + 0, // 4: connectca.ConnectCAService.WatchRoots:output_type -> connectca.WatchRootsResponse + 3, // 5: connectca.ConnectCAService.Sign:output_type -> connectca.SignResponse + 4, // [4:6] is the sub-list for method output_type + 2, // [2:4] is the sub-list for method input_type 2, // [2:2] is the sub-list for extension type_name 2, // [2:2] is the sub-list for extension extendee 0, // [0:2] is the sub-list for field type_name @@ -338,6 +450,30 @@ func file_proto_public_pbconnectca_ca_proto_init() { return nil } } + file_proto_public_pbconnectca_ca_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*SignRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_proto_public_pbconnectca_ca_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*SignResponse); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } } type x struct{} out := protoimpl.TypeBuilder{ @@ -345,7 +481,7 @@ func file_proto_public_pbconnectca_ca_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_proto_public_pbconnectca_ca_proto_rawDesc, NumEnums: 0, - NumMessages: 2, + NumMessages: 4, NumExtensions: 0, NumServices: 1, }, @@ -375,6 +511,9 @@ type ConnectCAServiceClient interface { // Connect CA roots. Current roots are sent immediately at the start of the // stream, and new lists will be sent whenever the roots are rotated. WatchRoots(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (ConnectCAService_WatchRootsClient, error) + // Sign a leaf certificate for the service or agent identified by the SPIFFE + // ID in the given CSR's SAN. + Sign(ctx context.Context, in *SignRequest, opts ...grpc.CallOption) (*SignResponse, error) } type connectCAServiceClient struct { @@ -417,12 +556,24 @@ func (x *connectCAServiceWatchRootsClient) Recv() (*WatchRootsResponse, error) { return m, nil } +func (c *connectCAServiceClient) Sign(ctx context.Context, in *SignRequest, opts ...grpc.CallOption) (*SignResponse, error) { + out := new(SignResponse) + err := c.cc.Invoke(ctx, "/connectca.ConnectCAService/Sign", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + // ConnectCAServiceServer is the server API for ConnectCAService service. type ConnectCAServiceServer interface { // WatchRoots provides a stream on which you can receive the list of active // Connect CA roots. Current roots are sent immediately at the start of the // stream, and new lists will be sent whenever the roots are rotated. WatchRoots(*emptypb.Empty, ConnectCAService_WatchRootsServer) error + // Sign a leaf certificate for the service or agent identified by the SPIFFE + // ID in the given CSR's SAN. + Sign(context.Context, *SignRequest) (*SignResponse, error) } // UnimplementedConnectCAServiceServer can be embedded to have forward compatible implementations. @@ -432,6 +583,9 @@ type UnimplementedConnectCAServiceServer struct { func (*UnimplementedConnectCAServiceServer) WatchRoots(*emptypb.Empty, ConnectCAService_WatchRootsServer) error { return status.Errorf(codes.Unimplemented, "method WatchRoots not implemented") } +func (*UnimplementedConnectCAServiceServer) Sign(context.Context, *SignRequest) (*SignResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method Sign not implemented") +} func RegisterConnectCAServiceServer(s *grpc.Server, srv ConnectCAServiceServer) { s.RegisterService(&_ConnectCAService_serviceDesc, srv) @@ -458,10 +612,33 @@ func (x *connectCAServiceWatchRootsServer) Send(m *WatchRootsResponse) error { return x.ServerStream.SendMsg(m) } +func _ConnectCAService_Sign_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(SignRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(ConnectCAServiceServer).Sign(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/connectca.ConnectCAService/Sign", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(ConnectCAServiceServer).Sign(ctx, req.(*SignRequest)) + } + return interceptor(ctx, in, info, handler) +} + var _ConnectCAService_serviceDesc = grpc.ServiceDesc{ ServiceName: "connectca.ConnectCAService", HandlerType: (*ConnectCAServiceServer)(nil), - Methods: []grpc.MethodDesc{}, + Methods: []grpc.MethodDesc{ + { + MethodName: "Sign", + Handler: _ConnectCAService_Sign_Handler, + }, + }, Streams: []grpc.StreamDesc{ { StreamName: "WatchRoots", diff --git a/proto-public/pbconnectca/ca.proto b/proto-public/pbconnectca/ca.proto index fef15fbc1..216a6e43c 100644 --- a/proto-public/pbconnectca/ca.proto +++ b/proto-public/pbconnectca/ca.proto @@ -12,6 +12,10 @@ service ConnectCAService { // Connect CA roots. Current roots are sent immediately at the start of the // stream, and new lists will be sent whenever the roots are rotated. rpc WatchRoots(google.protobuf.Empty) returns (stream WatchRootsResponse) {}; + + // Sign a leaf certificate for the service or agent identified by the SPIFFE + // ID in the given CSR's SAN. + rpc Sign(SignRequest) returns (SignResponse) {}; } message WatchRootsResponse { @@ -70,3 +74,17 @@ message CARoot { // active root. google.protobuf.Timestamp rotated_out_at = 8; } + +message SignRequest { + // csr is the PEM-encoded Certificate Signing Request (CSR). + // + // The CSR's SAN must include a SPIFFE ID that identifies a service or agent + // to which the ACL token provided in the `x-consul-token` metadata has write + // access. + string csr = 1; +} + +message SignResponse { + // cert_pem is the PEM-encoded leaf certificate. + string cert_pem = 2; +} From 7c748851806c46688ed2902d32b69a8829a8bf34 Mon Sep 17 00:00:00 2001 From: John Cowen Date: Thu, 14 Apr 2022 16:58:19 +0100 Subject: [PATCH 144/785] ui: Only show optimistic details in Ent (#12788) --- .../app/styles/routes/dc/overview/serverstatus.scss | 2 +- .../consul-ui/app/templates/dc/show/serverstatus.hbs | 8 ++------ 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/ui/packages/consul-ui/app/styles/routes/dc/overview/serverstatus.scss b/ui/packages/consul-ui/app/styles/routes/dc/overview/serverstatus.scss index 0e035f8a2..7b36bec25 100644 --- a/ui/packages/consul-ui/app/styles/routes/dc/overview/serverstatus.scss +++ b/ui/packages/consul-ui/app/styles/routes/dc/overview/serverstatus.scss @@ -22,7 +22,7 @@ section[data-route='dc.show.serverstatus'] { @extend %panel; box-shadow: var(--decor-elevation-000); padding: var(--padding-y) var(--padding-x); - width: 770px; + max-width: 770px; display: flex; flex-wrap: wrap; } diff --git a/ui/packages/consul-ui/app/templates/dc/show/serverstatus.hbs b/ui/packages/consul-ui/app/templates/dc/show/serverstatus.hbs index 211289c72..36fa0c86e 100644 --- a/ui/packages/consul-ui/app/templates/dc/show/serverstatus.hbs +++ b/ui/packages/consul-ui/app/templates/dc/show/serverstatus.hbs @@ -119,6 +119,7 @@ as |item|}} + {{#if (can 'read zones')}}

    {{compute (fn route.t 'tolerance.optimistic.header')}} - {{#if (not (can 'read zones'))}} - - {{t 'common.ui.enterprisefeature'}} - - {{/if}} 30 seconds between server failures, Consul can restore the Immediate Fault Tolerance by replacing failed active voters with healthy back-up voters when using redundancy zones.'}} > @@ -152,7 +148,7 @@ as |item|}}

    - + {{/if}} {{#if (gt item.RedundancyZones.length 0)}} From 8edb19f97a5e41316783891b4f078ed30546966d Mon Sep 17 00:00:00 2001 From: John Cowen Date: Thu, 14 Apr 2022 17:13:13 +0100 Subject: [PATCH 145/785] ui: Adds support for AWS-IAM Auth Methods (#12786) * ui: Adds support for AWS-IAM Auth Methods * Changelog --- .changelog/12786.txt | 3 + .../components/consul/auth-method/index.scss | 6 ++ .../consul/auth-method/view/index.hbs | 60 +++++++++++++++++-- .../consul-ui/app/components/pill/index.scss | 4 ++ .../dc/acls/auth-methods/show/auth-method.hbs | 2 +- .../acls/auth-methods/show/binding-rules.hbs | 2 +- .../acls/auth-methods/show/nspace-rules.hbs | 8 +-- .../consul-ui/mock-api/v1/acl/auth-methods | 4 +- ui/packages/consul-ui/package.json | 1 + .../consul-ui/translations/common/en-us.yaml | 1 + ui/yarn.lock | 7 +++ 11 files changed, 84 insertions(+), 14 deletions(-) create mode 100644 .changelog/12786.txt diff --git a/.changelog/12786.txt b/.changelog/12786.txt new file mode 100644 index 000000000..ca772829e --- /dev/null +++ b/.changelog/12786.txt @@ -0,0 +1,3 @@ +```release-note:feature +ui: Added support for AWS IAM Auth Methods +``` diff --git a/ui/packages/consul-ui/app/components/consul/auth-method/index.scss b/ui/packages/consul-ui/app/components/consul/auth-method/index.scss index c1b862381..beff18a65 100644 --- a/ui/packages/consul-ui/app/components/consul/auth-method/index.scss +++ b/ui/packages/consul-ui/app/components/consul/auth-method/index.scss @@ -42,6 +42,12 @@ section dl { @extend %tabular-dl; } + section dt { + width: 30%; + } + section dd { + width: 70%; + } } // Binding List diff --git a/ui/packages/consul-ui/app/components/consul/auth-method/view/index.hbs b/ui/packages/consul-ui/app/components/consul/auth-method/view/index.hbs index 396aea1d7..e7f8f319c 100644 --- a/ui/packages/consul-ui/app/components/consul/auth-method/view/index.hbs +++ b/ui/packages/consul-ui/app/components/consul/auth-method/view/index.hbs @@ -37,16 +37,62 @@
    Type
    -
    +
    + +
    + +{{#each (array "MaxTokenTTL" "TokenLocality" "DisplayName" "Description") as |value|}} + {{#if (get @item value)}} - {{#each (array "MaxTokenTTL" "TokenLocality" "DisplayName" "Description") as |value|}} - {{#if (get @item value)}}
    {{t (concat "models.auth-method." value)}}
    {{get @item value}}
    - {{/if}} - {{/each}} - {{#if (eq @item.Type 'jwt')}} + {{/if}} +{{/each}} + + {{#if (eq @item.Type 'aws-iam')}} + +{{#let + @item.Config +as |config|}} + {{#each (array + "BoundIAMPrincipalARNs" + "EnableIAMEntityDetails" + "IAMEntityTags" + "IAMEndpoint" + "MaxRetries" + "STSEndpoint" + "STSRegion" + "AllowedSTSHeaderValues" + "ServerIDHeaderValue" + ) as |value|}} + {{#if (get config value)}} + +
    {{t (concat "models.auth-method." value)}}
    +
    +{{#let + (get config value) +as |item|}} + {{#if (array-is-array item)}} +
      + {{#each item as |jtem|}} +
    • + {{jtem}} +
      • + {{/each}} +
    + {{else}} + {{item}} + {{/if}} +{{/let}} +
    + + {{/if}} + {{/each}} + +{{/let}} + + {{else if (eq @item.Type 'jwt')}} {{#if @item.Config.JWKSURL}}
    {{t 'models.auth-method.Config.JWKSURL'}}
    @@ -164,6 +210,7 @@
    + {{#if (not (eq @item.Type 'aws-iam'))}}
    @@ -250,4 +297,5 @@ {{/if}}
    {{/if}} +{{/if}} \ No newline at end of file diff --git a/ui/packages/consul-ui/app/components/pill/index.scss b/ui/packages/consul-ui/app/components/pill/index.scss index d7da1f0a5..cbeabfff1 100644 --- a/ui/packages/consul-ui/app/components/pill/index.scss +++ b/ui/packages/consul-ui/app/components/pill/index.scss @@ -32,3 +32,7 @@ span.policy-service-identity::before { %pill.kubernetes::before { @extend %with-logo-kubernetes-color-icon, %as-pseudo; } +%pill.aws-iam::before { + --icon-name: icon-aws-color; + content: ''; +} diff --git a/ui/packages/consul-ui/app/templates/dc/acls/auth-methods/show/auth-method.hbs b/ui/packages/consul-ui/app/templates/dc/acls/auth-methods/show/auth-method.hbs index 248122f06..cc28d28f6 100644 --- a/ui/packages/consul-ui/app/templates/dc/acls/auth-methods/show/auth-method.hbs +++ b/ui/packages/consul-ui/app/templates/dc/acls/auth-methods/show/auth-method.hbs @@ -1,5 +1,5 @@
    diff --git a/ui/packages/consul-ui/app/templates/dc/acls/auth-methods/show/binding-rules.hbs b/ui/packages/consul-ui/app/templates/dc/acls/auth-methods/show/binding-rules.hbs index f12f996a0..f1e09e636 100644 --- a/ui/packages/consul-ui/app/templates/dc/acls/auth-methods/show/binding-rules.hbs +++ b/ui/packages/consul-ui/app/templates/dc/acls/auth-methods/show/binding-rules.hbs @@ -1,5 +1,5 @@ {{#let route.model.item @@ -14,13 +14,13 @@ as |item|}}

    - {{t 'routes.dc.acls.auth-methods.show.nspace-rules.index.empty.header'}} + {{compute (fn route.t 'empty.header')}}

    - {{t 'routes.dc.acls.auth-methods.show.nspace-rules.index.empty.body' + {{compute (fn route.t 'empty.body' (hash htmlSafe=true - }} + ))}}
  • diff --git a/ui/packages/consul-ui/mock-api/v1/acl/auth-methods b/ui/packages/consul-ui/mock-api/v1/acl/auth-methods index 69f26fe56..b1a3c3d46 100644 --- a/ui/packages/consul-ui/mock-api/v1/acl/auth-methods +++ b/ui/packages/consul-ui/mock-api/v1/acl/auth-methods @@ -21,9 +21,9 @@ ${typeof location.search.partition !== 'undefined' ? ` "Partition": "${location.search.partition}", ` : ``} ${env('CONSUL_NSPACES_ENABLE', false) ? ` - "Type": "${fake.helpers.randomize(['kubernetes', 'jwt', 'oidc'])}", + "Type": "${fake.helpers.randomize(['kubernetes', 'jwt', 'oidc', 'aws-iam'])}", ` : ` - "Type": "${fake.helpers.randomize(['kubernetes', 'jwt'])}", + "Type": "${fake.helpers.randomize(['kubernetes', 'jwt', 'aws-iam'])}", `} "Description": "${fake.lorem.sentence()}", ${i%2 ? ` diff --git a/ui/packages/consul-ui/package.json b/ui/packages/consul-ui/package.json index 9f0ebe782..bd61e6a91 100644 --- a/ui/packages/consul-ui/package.json +++ b/ui/packages/consul-ui/package.json @@ -90,6 +90,7 @@ "d3-shape": "^2.0.0", "dayjs": "^1.9.3", "deepmerge": "^4.2.2", + "ember-array-fns": "^1.4.0", "ember-assign-helper": "^0.3.0", "ember-auto-import": "^1.5.3", "ember-can": "^4.1.0", diff --git a/ui/packages/consul-ui/translations/common/en-us.yaml b/ui/packages/consul-ui/translations/common/en-us.yaml index 5365996ab..70a1e229d 100644 --- a/ui/packages/consul-ui/translations/common/en-us.yaml +++ b/ui/packages/consul-ui/translations/common/en-us.yaml @@ -5,6 +5,7 @@ brand: nomad: Nomad vault: Vault aws: AWS + aws-iam: AWS IAM kubernetes: Kubernetes jwt: JWT oidc: OIDC diff --git a/ui/yarn.lock b/ui/yarn.lock index 1211ace9d..bf5329450 100644 --- a/ui/yarn.lock +++ b/ui/yarn.lock @@ -6277,6 +6277,13 @@ elliptic@^6.5.3: minimalistic-assert "^1.0.1" minimalistic-crypto-utils "^1.0.1" +ember-array-fns@^1.4.0: + version "1.4.0" + resolved "https://registry.yarnpkg.com/ember-array-fns/-/ember-array-fns-1.4.0.tgz#92188edecb91c0b69c78e411f1b3339dfe0006a5" + integrity sha512-dKQ2wvuh+rVYhGsbR8pk8j9TX/Kqwf3sRehtJ+HqEi3VavH/WPPvsY2sH5nczYEtQwgkV1NAzgSzLr1iYj4uXQ== + dependencies: + ember-cli-babel "^7.7.3" + ember-assign-helper@^0.3.0: version "0.3.0" resolved "https://registry.yarnpkg.com/ember-assign-helper/-/ember-assign-helper-0.3.0.tgz#7a023dd165ef56b28f77f70fd20e88261380aca7" From 7ce5abe9285d9cdd41a599ca23decfa4f00ad472 Mon Sep 17 00:00:00 2001 From: Jake Herschman <91899352+jherschman@users.noreply.github.com> Date: Thu, 14 Apr 2022 12:27:01 -0400 Subject: [PATCH 146/785] fixed text color and added card hover states (#12790) --- .../app/components/consul/server/list/index.scss | 5 +++++ .../consul-ui/app/styles/routes/dc/overview/license.scss | 9 +++++---- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/ui/packages/consul-ui/app/components/consul/server/list/index.scss b/ui/packages/consul-ui/app/components/consul/server/list/index.scss index 4f8256b91..0ec7a33ec 100644 --- a/ui/packages/consul-ui/app/components/consul/server/list/index.scss +++ b/ui/packages/consul-ui/app/components/consul/server/list/index.scss @@ -7,3 +7,8 @@ .consul-server-list { @extend %consul-server-list; } + +%consul-server-list a:hover div { + box-shadow: var(--decor-elevation-800); + --tone-border: var(--tone-gray-500); +} diff --git a/ui/packages/consul-ui/app/styles/routes/dc/overview/license.scss b/ui/packages/consul-ui/app/styles/routes/dc/overview/license.scss index b07132aa7..eaf92dbb8 100644 --- a/ui/packages/consul-ui/app/styles/routes/dc/overview/license.scss +++ b/ui/packages/consul-ui/app/styles/routes/dc/overview/license.scss @@ -12,6 +12,9 @@ section[data-route='dc.show.license'] { @extend %h200; } +%license-validity p { + color: rgb(var(--tone-gray-700)); +} %license-validity dl { @extend %horizontal-kv-list; font-size: var(--typo-size-400); @@ -21,7 +24,7 @@ section[data-route='dc.show.license'] { } %license-validity dl dt::before { content: ''; - margin-right: 0.250rem; /* 4px */ + margin-right: 0.25rem; /* 4px */ } %license-validity dl .expired::before { --icon-name: icon-x-circle; @@ -36,7 +39,6 @@ section[data-route='dc.show.license'] { --icon-color: rgb(var(--green-500)); } - %license-route-learn-more { @extend %panel; box-shadow: var(--decor-elevation-000); @@ -52,11 +54,10 @@ section[data-route='dc.show.license'] { margin-bottom: 1rem; /* 16px */ } %license-route-learn-more li { - margin-bottom: 0.250rem; /* 4px */ + margin-bottom: 0.25rem; /* 4px */ } %license-route-learn-more a::before { --icon-name: icon-docs-link; content: ''; margin-right: 0.375rem; /* 6px */ } - From acf9a9799eed48d37e184c149389b32cedc30b8e Mon Sep 17 00:00:00 2001 From: Dhia Ayachi Date: Thu, 14 Apr 2022 12:48:19 -0400 Subject: [PATCH 147/785] add queryBackend to the api query meta. (#12791) * add queryBackend to the api query meta. * add a changelog * use string type instead of int * Apply suggestions from code review Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> --- .changelog/12791.txt | 3 +++ api/api.go | 13 +++++++++++++ 2 files changed, 16 insertions(+) create mode 100644 .changelog/12791.txt diff --git a/.changelog/12791.txt b/.changelog/12791.txt new file mode 100644 index 000000000..e7e1a7387 --- /dev/null +++ b/.changelog/12791.txt @@ -0,0 +1,3 @@ +```release-note:enhancement +api: add QueryBackend to QueryMeta so an api user can determine if a query was served using which backend (streaming or blocking query). +``` diff --git a/api/api.go b/api/api.go index d97f1879f..8cc771c08 100644 --- a/api/api.go +++ b/api/api.go @@ -80,6 +80,12 @@ const ( // HTTPPartitionEnvName defines an environment variable name which sets // the HTTP Partition to be used by default. This can still be overridden. HTTPPartitionEnvName = "CONSUL_PARTITION" + + // QueryBackendStreaming Query backend of type streaming + QueryBackendStreaming = "streaming" + + // QueryBackendBlockingQuery Query backend of type blocking query + QueryBackendBlockingQuery = "blocking-query" ) type StatusError struct { @@ -277,6 +283,9 @@ type QueryMeta struct { // response is. CacheAge time.Duration + // QueryBackend represent which backend served the request. + QueryBackend string + // DefaultACLPolicy is used to control the ACL interaction when there is no // defined policy. This can be "allow" which means ACLs are used to // deny-list, or "deny" which means ACLs are allow-lists. @@ -1096,6 +1105,10 @@ func parseQueryMeta(resp *http.Response, q *QueryMeta) error { q.CacheAge = time.Duration(age) * time.Second } + switch v := header.Get("X-Consul-Query-Backend"); v { + case QueryBackendStreaming, QueryBackendBlockingQuery: + q.QueryBackend = v + } return nil } From e62745c82c826d3f72c224957f04cb3087ae5e1c Mon Sep 17 00:00:00 2001 From: Evan Culver Date: Thu, 14 Apr 2022 10:44:42 -0700 Subject: [PATCH 148/785] connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) --- .changelog/12777.txt | 3 +++ .circleci/config.yml | 20 +++++++++---------- agent/xds/envoy_versioning.go | 2 +- agent/xds/envoy_versioning_test.go | 2 +- agent/xds/golden_test.go | 8 ++++++-- agent/xds/proxysupport/proxysupport.go | 2 +- ...onnect-proxy-lb-in-resolver.latest.golden} | 0 ...oxy-with-chain-and-failover.latest.golden} | 0 ...xy-with-chain-and-overrides.latest.golden} | 0 ...oxy-with-chain-external-sni.latest.golden} | 0 ...=> connect-proxy-with-chain.latest.golden} | 0 ...ugh-local-gateway-triggered.latest.golden} | 0 ...lover-through-local-gateway.latest.golden} | 0 ...gh-remote-gateway-triggered.latest.golden} | 0 ...over-through-remote-gateway.latest.golden} | 0 ...ugh-local-gateway-triggered.latest.golden} | 0 ...lover-through-local-gateway.latest.golden} | 0 ...gh-remote-gateway-triggered.latest.golden} | 0 ...over-through-remote-gateway.latest.golden} | 0 ...-tls-outgoing-cipher-suites.latest.golden} | 0 ...th-tls-outgoing-max-version.latest.golden} | 0 ...s-outgoing-min-version-auto.latest.golden} | 0 ...th-tls-outgoing-min-version.latest.golden} | 0 ...limits-max-connections-only.latest.golden} | 0 ...> custom-limits-set-to-zero.latest.golden} | 0 ...0-x.golden => custom-limits.latest.golden} | 0 ....golden => custom-local-app.latest.golden} | 0 ...x.golden => custom-timeouts.latest.golden} | 0 ...stom-upstream-default-chain.latest.golden} | 0 ...x.golden => custom-upstream.latest.golden} | 0 ...y-1-20-x.golden => defaults.latest.golden} | 0 ...m-service-with-unix-sockets.latest.golden} | 0 ...aths-grpc-new-cluster-http1.latest.golden} | 0 ...xpose-paths-local-app-paths.latest.golden} | 0 ...ose-paths-new-cluster-http2.latest.golden} | 0 ...ingress-gateway-no-services.latest.golden} | 0 ...-tls-outgoing-cipher-suites.latest.golden} | 0 ...th-tls-outgoing-max-version.latest.golden} | 0 ...th-tls-outgoing-min-version.latest.golden} | 0 ...x.golden => ingress-gateway.latest.golden} | 0 ...n => ingress-lb-in-resolver.latest.golden} | 0 ...listeners-duplicate-service.latest.golden} | 0 ...tter-with-resolver-redirect.latest.golden} | 0 ...ess-with-chain-and-failover.latest.golden} | 0 ...ess-with-chain-external-sni.latest.golden} | 0 ...olden => ingress-with-chain.latest.golden} | 0 ...ugh-local-gateway-triggered.latest.golden} | 0 ...lover-through-local-gateway.latest.golden} | 0 ...gh-remote-gateway-triggered.latest.golden} | 0 ...over-through-remote-gateway.latest.golden} | 0 ...ugh-local-gateway-triggered.latest.golden} | 0 ...lover-through-local-gateway.latest.golden} | 0 ...gh-remote-gateway-triggered.latest.golden} | 0 ...over-through-remote-gateway.latest.golden} | 0 ...esh-gateway-hash-lb-ignored.latest.golden} | 0 ...eway-ignore-extra-resolvers.latest.golden} | 0 ...=> mesh-gateway-no-services.latest.golden} | 0 ...ateway-non-hash-lb-injected.latest.golden} | 0 ...esh-gateway-service-subsets.latest.golden} | 0 ...sh-gateway-service-timeouts.latest.golden} | 0 ...way-using-federation-states.latest.golden} | 0 ...20-x.golden => mesh-gateway.latest.golden} | 0 ...tter-with-resolver-redirect.latest.golden} | 0 ...ay-hostname-service-subsets.latest.golden} | 0 ...eway-ignore-extra-resolvers.latest.golden} | 0 ...rminating-gateway-lb-config.latest.golden} | 0 ...inating-gateway-no-services.latest.golden} | 0 ...ing-gateway-service-subsets.latest.golden} | 0 ... => terminating-gateway-sni.latest.golden} | 0 ...lden => terminating-gateway.latest.golden} | 0 ...y-catalog-destinations-only.latest.golden} | 0 ...oxy-dial-instances-directly.latest.golden} | 0 ...golden => transparent-proxy.latest.golden} | 0 ...oxy-with-chain-and-failover.latest.golden} | 0 ...xy-with-chain-and-overrides.latest.golden} | 0 ...oxy-with-chain-external-sni.latest.golden} | 0 ...=> connect-proxy-with-chain.latest.golden} | 0 ...lt-chain-and-custom-cluster.latest.golden} | 0 ...ugh-local-gateway-triggered.latest.golden} | 0 ...lover-through-local-gateway.latest.golden} | 0 ...gh-remote-gateway-triggered.latest.golden} | 0 ...over-through-remote-gateway.latest.golden} | 0 ...ugh-local-gateway-triggered.latest.golden} | 0 ...lover-through-local-gateway.latest.golden} | 0 ...gh-remote-gateway-triggered.latest.golden} | 0 ...over-through-remote-gateway.latest.golden} | 0 ...y-1-20-x.golden => defaults.latest.golden} | 0 ...ingress-gateway-no-services.latest.golden} | 0 ...x.golden => ingress-gateway.latest.golden} | 0 ...listeners-duplicate-service.latest.golden} | 0 ...tter-with-resolver-redirect.latest.golden} | 0 ...ess-with-chain-and-failover.latest.golden} | 0 ...ess-with-chain-external-sni.latest.golden} | 0 ...olden => ingress-with-chain.latest.golden} | 0 ...ugh-local-gateway-triggered.latest.golden} | 0 ...lover-through-local-gateway.latest.golden} | 0 ...gh-remote-gateway-triggered.latest.golden} | 0 ...over-through-remote-gateway.latest.golden} | 0 ...ugh-local-gateway-triggered.latest.golden} | 0 ...lover-through-local-gateway.latest.golden} | 0 ...gh-remote-gateway-triggered.latest.golden} | 0 ...over-through-remote-gateway.latest.golden} | 0 ...eway-default-service-subset.latest.golden} | 0 ...mation-in-federation-states.latest.golden} | 0 ...=> mesh-gateway-no-services.latest.golden} | 0 ...mation-in-federation-states.latest.golden} | 0 ...esh-gateway-service-subsets.latest.golden} | 0 ...way-using-federation-states.latest.golden} | 0 ...20-x.golden => mesh-gateway.latest.golden} | 0 ...tter-with-resolver-redirect.latest.golden} | 0 ...eway-default-service-subset.latest.golden} | 0 ...inating-gateway-no-services.latest.golden} | 0 ...ing-gateway-service-subsets.latest.golden} | 0 ...lden => terminating-gateway.latest.golden} | 0 ...ect-proxy-upstream-defaults.latest.golden} | 0 ...xy-with-chain-and-overrides.latest.golden} | 0 ...oxy-with-chain-external-sni.latest.golden} | 0 ...nnect-proxy-with-grpc-chain.latest.golden} | 0 ...nnect-proxy-with-http-chain.latest.golden} | 0 ...nect-proxy-with-http2-chain.latest.golden} | 0 ...lover-through-local-gateway.latest.golden} | 0 ...over-through-remote-gateway.latest.golden} | 0 ...onnect-proxy-with-tcp-chain.latest.golden} | 0 ...-tls-incoming-cipher-suites.latest.golden} | 0 ...th-tls-incoming-max-version.latest.golden} | 0 ...th-tls-incoming-min-version.latest.golden} | 0 ...s-outgoing-min-version-auto.latest.golden} | 0 ...stom-public-listener-http-2.latest.golden} | 0 ...ublic-listener-http-missing.latest.golden} | 0 ...custom-public-listener-http.latest.golden} | 0 ...n => custom-public-listener.latest.golden} | 0 ...am-ignored-with-disco-chain.latest.golden} | 0 ...x.golden => custom-upstream.latest.golden} | 0 ...y-1-20-x.golden => defaults.latest.golden} | 0 ...0-x.golden => expose-checks.latest.golden} | 0 ...xpose-paths-local-app-paths.latest.golden} | 0 ...ose-paths-new-cluster-http2.latest.golden} | 0 ...http-listener-with-timeouts.latest.golden} | 0 ...den => http-public-listener.latest.golden} | 0 ...0-x.golden => http-upstream.latest.golden} | 0 ... ingress-gateway-bind-addrs.latest.golden} | 0 ...ingress-gateway-no-services.latest.golden} | 0 ...x.golden => ingress-gateway.latest.golden} | 0 ...ress-http-multiple-services.latest.golden} | 0 ...tter-with-resolver-redirect.latest.golden} | 0 ...ess-with-chain-external-sni.latest.golden} | 0 ...-sds-listener+service-level.latest.golden} | 0 ...-sds-listener-gw-level-http.latest.golden} | 0 ...listener-gw-level-mixed-tls.latest.golden} | 0 ...-with-sds-listener-gw-level.latest.golden} | 0 ...sds-listener-listener-level.latest.golden} | 0 ...-service-level-mixed-no-tls.latest.golden} | 0 ...ress-with-sds-service-level.latest.golden} | 0 ...ss-with-single-tls-listener.latest.golden} | 0 ...lover-through-local-gateway.latest.golden} | 0 ...over-through-remote-gateway.latest.golden} | 0 ...-tls-listener-cipher-suites.latest.golden} | 0 ...th-tls-listener-max-version.latest.golden} | 0 ...th-tls-listener-min-version.latest.golden} | 0 ...> ingress-with-tls-listener.latest.golden} | 0 ...-listeners-gateway-defaults.latest.golden} | 0 ...ss-with-tls-mixed-listeners.latest.golden} | 0 ...mixed-min-version-listeners.latest.golden} | 0 ... listener-bind-address-port.latest.golden} | 0 ...en => listener-bind-address.latest.golden} | 0 ...olden => listener-bind-port.latest.golden} | 0 ...listener-unix-domain-socket.latest.golden} | 0 ...sh-gateway-custom-addresses.latest.golden} | 0 ...=> mesh-gateway-no-services.latest.golden} | 0 ...sh-gateway-tagged-addresses.latest.golden} | 0 ...way-using-federation-states.latest.golden} | 0 ...20-x.golden => mesh-gateway.latest.golden} | 0 ...tter-with-resolver-redirect.latest.golden} | 0 ...custom-and-tagged-addresses.latest.golden} | 0 ...inating-gateway-no-api-cert.latest.golden} | 0 ...inating-gateway-no-services.latest.golden} | 0 ...ing-gateway-service-subsets.latest.golden} | 0 ...-tls-incoming-cipher-suites.latest.golden} | 0 ...th-tls-incoming-max-version.latest.golden} | 0 ...th-tls-incoming-min-version.latest.golden} | 0 ...lden => terminating-gateway.latest.golden} | 0 ...y-catalog-destinations-only.latest.golden} | 0 ...oxy-dial-instances-directly.latest.golden} | 0 ...sparent-proxy-http-upstream.latest.golden} | 0 ...t-proxy-terminating-gateway.latest.golden} | 0 ...golden => transparent-proxy.latest.golden} | 0 ...onnect-proxy-lb-in-resolver.latest.golden} | 0 ...xy-with-chain-and-overrides.latest.golden} | 0 ...proxy-with-chain-and-router.latest.golden} | 0 ...oxy-with-chain-and-splitter.latest.golden} | 0 ...oxy-with-chain-external-sni.latest.golden} | 0 ...=> connect-proxy-with-chain.latest.golden} | 0 ...nect-proxy-with-grpc-router.latest.golden} | 0 ...y-1-20-x.golden => defaults.latest.golden} | 0 ...> ingress-defaults-no-chain.latest.golden} | 0 ...ress-http-multiple-services.latest.golden} | 0 ...n => ingress-lb-in-resolver.latest.golden} | 0 ...tter-with-resolver-redirect.latest.golden} | 0 ...ain-and-router-header-manip.latest.golden} | 0 ...gress-with-chain-and-router.latest.golden} | 0 ...ess-with-chain-and-splitter.latest.golden} | 0 ...ess-with-chain-external-sni.latest.golden} | 0 ...olden => ingress-with-chain.latest.golden} | 0 ...=> ingress-with-grpc-router.latest.golden} | 0 ...sds-listener-level-wildcard.latest.golden} | 0 ...ess-with-sds-listener-level.latest.golden} | 0 ...sds-service-level-mixed-tls.latest.golden} | 0 ...ress-with-sds-service-level.latest.golden} | 0 ...tter-with-resolver-redirect.latest.golden} | 0 ...rminating-gateway-lb-config.latest.golden} | 0 ...eway-with-service-resolvers.latest.golden} | 0 ... lambda-terminating-gateway.latest.golden} | 0 ...eway-with-service-resolvers.latest.golden} | 0 ... lambda-terminating-gateway.latest.golden} | 0 ...eway-with-service-resolvers.latest.golden} | 0 ... lambda-terminating-gateway.latest.golden} | 0 test/integration/connect/envoy/run-tests.sh | 2 +- .../content/docs/connect/proxies/envoy.mdx | 3 ++- 218 files changed, 25 insertions(+), 17 deletions(-) create mode 100644 .changelog/12777.txt rename agent/xds/testdata/clusters/{connect-proxy-lb-in-resolver.envoy-1-20-x.golden => connect-proxy-lb-in-resolver.latest.golden} (100%) rename agent/xds/testdata/clusters/{connect-proxy-with-chain-and-failover.envoy-1-20-x.golden => connect-proxy-with-chain-and-failover.latest.golden} (100%) rename agent/xds/testdata/clusters/{connect-proxy-with-chain-and-overrides.envoy-1-20-x.golden => connect-proxy-with-chain-and-overrides.latest.golden} (100%) rename agent/xds/testdata/clusters/{connect-proxy-with-chain-external-sni.envoy-1-20-x.golden => connect-proxy-with-chain-external-sni.latest.golden} (100%) rename agent/xds/testdata/clusters/{connect-proxy-with-chain.envoy-1-20-x.golden => connect-proxy-with-chain.latest.golden} (100%) rename agent/xds/testdata/clusters/{connect-proxy-with-tcp-chain-double-failover-through-local-gateway-triggered.envoy-1-20-x.golden => connect-proxy-with-tcp-chain-double-failover-through-local-gateway-triggered.latest.golden} (100%) rename agent/xds/testdata/clusters/{connect-proxy-with-tcp-chain-double-failover-through-local-gateway.envoy-1-20-x.golden => connect-proxy-with-tcp-chain-double-failover-through-local-gateway.latest.golden} (100%) rename agent/xds/testdata/clusters/{connect-proxy-with-tcp-chain-double-failover-through-remote-gateway-triggered.envoy-1-20-x.golden => connect-proxy-with-tcp-chain-double-failover-through-remote-gateway-triggered.latest.golden} (100%) rename agent/xds/testdata/clusters/{connect-proxy-with-tcp-chain-double-failover-through-remote-gateway.envoy-1-20-x.golden => connect-proxy-with-tcp-chain-double-failover-through-remote-gateway.latest.golden} (100%) rename agent/xds/testdata/clusters/{connect-proxy-with-tcp-chain-failover-through-local-gateway-triggered.envoy-1-20-x.golden => connect-proxy-with-tcp-chain-failover-through-local-gateway-triggered.latest.golden} (100%) rename agent/xds/testdata/clusters/{connect-proxy-with-tcp-chain-failover-through-local-gateway.envoy-1-20-x.golden => connect-proxy-with-tcp-chain-failover-through-local-gateway.latest.golden} (100%) rename agent/xds/testdata/clusters/{connect-proxy-with-tcp-chain-failover-through-remote-gateway-triggered.envoy-1-20-x.golden => connect-proxy-with-tcp-chain-failover-through-remote-gateway-triggered.latest.golden} (100%) rename agent/xds/testdata/clusters/{connect-proxy-with-tcp-chain-failover-through-remote-gateway.envoy-1-20-x.golden => connect-proxy-with-tcp-chain-failover-through-remote-gateway.latest.golden} (100%) rename agent/xds/testdata/clusters/{connect-proxy-with-tls-outgoing-cipher-suites.envoy-1-20-x.golden => connect-proxy-with-tls-outgoing-cipher-suites.latest.golden} (100%) rename agent/xds/testdata/clusters/{connect-proxy-with-tls-outgoing-max-version.envoy-1-20-x.golden => connect-proxy-with-tls-outgoing-max-version.latest.golden} (100%) rename agent/xds/testdata/clusters/{connect-proxy-with-tls-outgoing-min-version-auto.envoy-1-20-x.golden => connect-proxy-with-tls-outgoing-min-version-auto.latest.golden} (100%) rename agent/xds/testdata/clusters/{connect-proxy-with-tls-outgoing-min-version.envoy-1-20-x.golden => connect-proxy-with-tls-outgoing-min-version.latest.golden} (100%) rename agent/xds/testdata/clusters/{custom-limits-max-connections-only.envoy-1-20-x.golden => custom-limits-max-connections-only.latest.golden} (100%) rename agent/xds/testdata/clusters/{custom-limits-set-to-zero.envoy-1-20-x.golden => custom-limits-set-to-zero.latest.golden} (100%) rename agent/xds/testdata/clusters/{custom-limits.envoy-1-20-x.golden => custom-limits.latest.golden} (100%) rename agent/xds/testdata/clusters/{custom-local-app.envoy-1-20-x.golden => custom-local-app.latest.golden} (100%) rename agent/xds/testdata/clusters/{custom-timeouts.envoy-1-20-x.golden => custom-timeouts.latest.golden} (100%) rename agent/xds/testdata/clusters/{custom-upstream-default-chain.envoy-1-20-x.golden => custom-upstream-default-chain.latest.golden} (100%) rename agent/xds/testdata/clusters/{custom-upstream.envoy-1-20-x.golden => custom-upstream.latest.golden} (100%) rename agent/xds/testdata/clusters/{defaults.envoy-1-20-x.golden => defaults.latest.golden} (100%) rename agent/xds/testdata/clusters/{downstream-service-with-unix-sockets.envoy-1-20-x.golden => downstream-service-with-unix-sockets.latest.golden} (100%) rename agent/xds/testdata/clusters/{expose-paths-grpc-new-cluster-http1.envoy-1-20-x.golden => expose-paths-grpc-new-cluster-http1.latest.golden} (100%) rename agent/xds/testdata/clusters/{expose-paths-local-app-paths.envoy-1-20-x.golden => expose-paths-local-app-paths.latest.golden} (100%) rename agent/xds/testdata/clusters/{expose-paths-new-cluster-http2.envoy-1-20-x.golden => expose-paths-new-cluster-http2.latest.golden} (100%) rename agent/xds/testdata/clusters/{ingress-gateway-no-services.envoy-1-20-x.golden => ingress-gateway-no-services.latest.golden} (100%) rename agent/xds/testdata/clusters/{ingress-gateway-with-tls-outgoing-cipher-suites.envoy-1-20-x.golden => ingress-gateway-with-tls-outgoing-cipher-suites.latest.golden} (100%) rename agent/xds/testdata/clusters/{ingress-gateway-with-tls-outgoing-max-version.envoy-1-20-x.golden => ingress-gateway-with-tls-outgoing-max-version.latest.golden} (100%) rename agent/xds/testdata/clusters/{ingress-gateway-with-tls-outgoing-min-version.envoy-1-20-x.golden => ingress-gateway-with-tls-outgoing-min-version.latest.golden} (100%) rename agent/xds/testdata/clusters/{ingress-gateway.envoy-1-20-x.golden => ingress-gateway.latest.golden} (100%) rename agent/xds/testdata/clusters/{ingress-lb-in-resolver.envoy-1-20-x.golden => ingress-lb-in-resolver.latest.golden} (100%) rename agent/xds/testdata/clusters/{ingress-multiple-listeners-duplicate-service.envoy-1-20-x.golden => ingress-multiple-listeners-duplicate-service.latest.golden} (100%) rename agent/xds/testdata/clusters/{ingress-splitter-with-resolver-redirect.envoy-1-20-x.golden => ingress-splitter-with-resolver-redirect.latest.golden} (100%) rename agent/xds/testdata/clusters/{ingress-with-chain-and-failover.envoy-1-20-x.golden => ingress-with-chain-and-failover.latest.golden} (100%) rename agent/xds/testdata/clusters/{ingress-with-chain-external-sni.envoy-1-20-x.golden => ingress-with-chain-external-sni.latest.golden} (100%) rename agent/xds/testdata/clusters/{ingress-with-chain.envoy-1-20-x.golden => ingress-with-chain.latest.golden} (100%) rename agent/xds/testdata/clusters/{ingress-with-tcp-chain-double-failover-through-local-gateway-triggered.envoy-1-20-x.golden => ingress-with-tcp-chain-double-failover-through-local-gateway-triggered.latest.golden} (100%) rename agent/xds/testdata/clusters/{ingress-with-tcp-chain-double-failover-through-local-gateway.envoy-1-20-x.golden => ingress-with-tcp-chain-double-failover-through-local-gateway.latest.golden} (100%) rename agent/xds/testdata/clusters/{ingress-with-tcp-chain-double-failover-through-remote-gateway-triggered.envoy-1-20-x.golden => ingress-with-tcp-chain-double-failover-through-remote-gateway-triggered.latest.golden} (100%) rename agent/xds/testdata/clusters/{ingress-with-tcp-chain-double-failover-through-remote-gateway.envoy-1-20-x.golden => ingress-with-tcp-chain-double-failover-through-remote-gateway.latest.golden} (100%) rename agent/xds/testdata/clusters/{ingress-with-tcp-chain-failover-through-local-gateway-triggered.envoy-1-20-x.golden => ingress-with-tcp-chain-failover-through-local-gateway-triggered.latest.golden} (100%) rename agent/xds/testdata/clusters/{ingress-with-tcp-chain-failover-through-local-gateway.envoy-1-20-x.golden => ingress-with-tcp-chain-failover-through-local-gateway.latest.golden} (100%) rename agent/xds/testdata/clusters/{ingress-with-tcp-chain-failover-through-remote-gateway-triggered.envoy-1-20-x.golden => ingress-with-tcp-chain-failover-through-remote-gateway-triggered.latest.golden} (100%) rename agent/xds/testdata/clusters/{ingress-with-tcp-chain-failover-through-remote-gateway.envoy-1-20-x.golden => ingress-with-tcp-chain-failover-through-remote-gateway.latest.golden} (100%) rename agent/xds/testdata/clusters/{mesh-gateway-hash-lb-ignored.envoy-1-20-x.golden => mesh-gateway-hash-lb-ignored.latest.golden} (100%) rename agent/xds/testdata/clusters/{mesh-gateway-ignore-extra-resolvers.envoy-1-20-x.golden => mesh-gateway-ignore-extra-resolvers.latest.golden} (100%) rename agent/xds/testdata/clusters/{mesh-gateway-no-services.envoy-1-20-x.golden => mesh-gateway-no-services.latest.golden} (100%) rename agent/xds/testdata/clusters/{mesh-gateway-non-hash-lb-injected.envoy-1-20-x.golden => mesh-gateway-non-hash-lb-injected.latest.golden} (100%) rename agent/xds/testdata/clusters/{mesh-gateway-service-subsets.envoy-1-20-x.golden => mesh-gateway-service-subsets.latest.golden} (100%) rename agent/xds/testdata/clusters/{mesh-gateway-service-timeouts.envoy-1-20-x.golden => mesh-gateway-service-timeouts.latest.golden} (100%) rename agent/xds/testdata/clusters/{mesh-gateway-using-federation-states.envoy-1-20-x.golden => mesh-gateway-using-federation-states.latest.golden} (100%) rename agent/xds/testdata/clusters/{mesh-gateway.envoy-1-20-x.golden => mesh-gateway.latest.golden} (100%) rename agent/xds/testdata/clusters/{splitter-with-resolver-redirect.envoy-1-20-x.golden => splitter-with-resolver-redirect.latest.golden} (100%) rename agent/xds/testdata/clusters/{terminating-gateway-hostname-service-subsets.envoy-1-20-x.golden => terminating-gateway-hostname-service-subsets.latest.golden} (100%) rename agent/xds/testdata/clusters/{terminating-gateway-ignore-extra-resolvers.envoy-1-20-x.golden => terminating-gateway-ignore-extra-resolvers.latest.golden} (100%) rename agent/xds/testdata/clusters/{terminating-gateway-lb-config.envoy-1-20-x.golden => terminating-gateway-lb-config.latest.golden} (100%) rename agent/xds/testdata/clusters/{terminating-gateway-no-services.envoy-1-20-x.golden => terminating-gateway-no-services.latest.golden} (100%) rename agent/xds/testdata/clusters/{terminating-gateway-service-subsets.envoy-1-20-x.golden => terminating-gateway-service-subsets.latest.golden} (100%) rename agent/xds/testdata/clusters/{terminating-gateway-sni.envoy-1-20-x.golden => terminating-gateway-sni.latest.golden} (100%) rename agent/xds/testdata/clusters/{terminating-gateway.envoy-1-20-x.golden => terminating-gateway.latest.golden} (100%) rename agent/xds/testdata/clusters/{transparent-proxy-catalog-destinations-only.envoy-1-20-x.golden => transparent-proxy-catalog-destinations-only.latest.golden} (100%) rename agent/xds/testdata/clusters/{transparent-proxy-dial-instances-directly.envoy-1-20-x.golden => transparent-proxy-dial-instances-directly.latest.golden} (100%) rename agent/xds/testdata/clusters/{transparent-proxy.envoy-1-20-x.golden => transparent-proxy.latest.golden} (100%) rename agent/xds/testdata/endpoints/{connect-proxy-with-chain-and-failover.envoy-1-20-x.golden => connect-proxy-with-chain-and-failover.latest.golden} (100%) rename agent/xds/testdata/endpoints/{connect-proxy-with-chain-and-overrides.envoy-1-20-x.golden => connect-proxy-with-chain-and-overrides.latest.golden} (100%) rename agent/xds/testdata/endpoints/{connect-proxy-with-chain-external-sni.envoy-1-20-x.golden => connect-proxy-with-chain-external-sni.latest.golden} (100%) rename agent/xds/testdata/endpoints/{connect-proxy-with-chain.envoy-1-20-x.golden => connect-proxy-with-chain.latest.golden} (100%) rename agent/xds/testdata/endpoints/{connect-proxy-with-default-chain-and-custom-cluster.envoy-1-20-x.golden => connect-proxy-with-default-chain-and-custom-cluster.latest.golden} (100%) rename agent/xds/testdata/endpoints/{connect-proxy-with-tcp-chain-double-failover-through-local-gateway-triggered.envoy-1-20-x.golden => connect-proxy-with-tcp-chain-double-failover-through-local-gateway-triggered.latest.golden} (100%) rename agent/xds/testdata/endpoints/{connect-proxy-with-tcp-chain-double-failover-through-local-gateway.envoy-1-20-x.golden => connect-proxy-with-tcp-chain-double-failover-through-local-gateway.latest.golden} (100%) rename agent/xds/testdata/endpoints/{connect-proxy-with-tcp-chain-double-failover-through-remote-gateway-triggered.envoy-1-20-x.golden => connect-proxy-with-tcp-chain-double-failover-through-remote-gateway-triggered.latest.golden} (100%) rename agent/xds/testdata/endpoints/{connect-proxy-with-tcp-chain-double-failover-through-remote-gateway.envoy-1-20-x.golden => connect-proxy-with-tcp-chain-double-failover-through-remote-gateway.latest.golden} (100%) rename agent/xds/testdata/endpoints/{connect-proxy-with-tcp-chain-failover-through-local-gateway-triggered.envoy-1-20-x.golden => connect-proxy-with-tcp-chain-failover-through-local-gateway-triggered.latest.golden} (100%) rename agent/xds/testdata/endpoints/{connect-proxy-with-tcp-chain-failover-through-local-gateway.envoy-1-20-x.golden => connect-proxy-with-tcp-chain-failover-through-local-gateway.latest.golden} (100%) rename agent/xds/testdata/endpoints/{connect-proxy-with-tcp-chain-failover-through-remote-gateway-triggered.envoy-1-20-x.golden => connect-proxy-with-tcp-chain-failover-through-remote-gateway-triggered.latest.golden} (100%) rename agent/xds/testdata/endpoints/{connect-proxy-with-tcp-chain-failover-through-remote-gateway.envoy-1-20-x.golden => connect-proxy-with-tcp-chain-failover-through-remote-gateway.latest.golden} (100%) rename agent/xds/testdata/endpoints/{defaults.envoy-1-20-x.golden => defaults.latest.golden} (100%) rename agent/xds/testdata/endpoints/{ingress-gateway-no-services.envoy-1-20-x.golden => ingress-gateway-no-services.latest.golden} (100%) rename agent/xds/testdata/endpoints/{ingress-gateway.envoy-1-20-x.golden => ingress-gateway.latest.golden} (100%) rename agent/xds/testdata/endpoints/{ingress-multiple-listeners-duplicate-service.envoy-1-20-x.golden => ingress-multiple-listeners-duplicate-service.latest.golden} (100%) rename agent/xds/testdata/endpoints/{ingress-splitter-with-resolver-redirect.envoy-1-20-x.golden => ingress-splitter-with-resolver-redirect.latest.golden} (100%) rename agent/xds/testdata/endpoints/{ingress-with-chain-and-failover.envoy-1-20-x.golden => ingress-with-chain-and-failover.latest.golden} (100%) rename agent/xds/testdata/endpoints/{ingress-with-chain-external-sni.envoy-1-20-x.golden => ingress-with-chain-external-sni.latest.golden} (100%) rename agent/xds/testdata/endpoints/{ingress-with-chain.envoy-1-20-x.golden => ingress-with-chain.latest.golden} (100%) rename agent/xds/testdata/endpoints/{ingress-with-tcp-chain-double-failover-through-local-gateway-triggered.envoy-1-20-x.golden => ingress-with-tcp-chain-double-failover-through-local-gateway-triggered.latest.golden} (100%) rename agent/xds/testdata/endpoints/{ingress-with-tcp-chain-double-failover-through-local-gateway.envoy-1-20-x.golden => ingress-with-tcp-chain-double-failover-through-local-gateway.latest.golden} (100%) rename agent/xds/testdata/endpoints/{ingress-with-tcp-chain-double-failover-through-remote-gateway-triggered.envoy-1-20-x.golden => ingress-with-tcp-chain-double-failover-through-remote-gateway-triggered.latest.golden} (100%) rename agent/xds/testdata/endpoints/{ingress-with-tcp-chain-double-failover-through-remote-gateway.envoy-1-20-x.golden => ingress-with-tcp-chain-double-failover-through-remote-gateway.latest.golden} (100%) rename agent/xds/testdata/endpoints/{ingress-with-tcp-chain-failover-through-local-gateway-triggered.envoy-1-20-x.golden => ingress-with-tcp-chain-failover-through-local-gateway-triggered.latest.golden} (100%) rename agent/xds/testdata/endpoints/{ingress-with-tcp-chain-failover-through-local-gateway.envoy-1-20-x.golden => ingress-with-tcp-chain-failover-through-local-gateway.latest.golden} (100%) rename agent/xds/testdata/endpoints/{ingress-with-tcp-chain-failover-through-remote-gateway-triggered.envoy-1-20-x.golden => ingress-with-tcp-chain-failover-through-remote-gateway-triggered.latest.golden} (100%) rename agent/xds/testdata/endpoints/{ingress-with-tcp-chain-failover-through-remote-gateway.envoy-1-20-x.golden => ingress-with-tcp-chain-failover-through-remote-gateway.latest.golden} (100%) rename agent/xds/testdata/endpoints/{mesh-gateway-default-service-subset.envoy-1-20-x.golden => mesh-gateway-default-service-subset.latest.golden} (100%) rename agent/xds/testdata/endpoints/{mesh-gateway-newer-information-in-federation-states.envoy-1-20-x.golden => mesh-gateway-newer-information-in-federation-states.latest.golden} (100%) rename agent/xds/testdata/endpoints/{mesh-gateway-no-services.envoy-1-20-x.golden => mesh-gateway-no-services.latest.golden} (100%) rename agent/xds/testdata/endpoints/{mesh-gateway-older-information-in-federation-states.envoy-1-20-x.golden => mesh-gateway-older-information-in-federation-states.latest.golden} (100%) rename agent/xds/testdata/endpoints/{mesh-gateway-service-subsets.envoy-1-20-x.golden => mesh-gateway-service-subsets.latest.golden} (100%) rename agent/xds/testdata/endpoints/{mesh-gateway-using-federation-states.envoy-1-20-x.golden => mesh-gateway-using-federation-states.latest.golden} (100%) rename agent/xds/testdata/endpoints/{mesh-gateway.envoy-1-20-x.golden => mesh-gateway.latest.golden} (100%) rename agent/xds/testdata/endpoints/{splitter-with-resolver-redirect.envoy-1-20-x.golden => splitter-with-resolver-redirect.latest.golden} (100%) rename agent/xds/testdata/endpoints/{terminating-gateway-default-service-subset.envoy-1-20-x.golden => terminating-gateway-default-service-subset.latest.golden} (100%) rename agent/xds/testdata/endpoints/{terminating-gateway-no-services.envoy-1-20-x.golden => terminating-gateway-no-services.latest.golden} (100%) rename agent/xds/testdata/endpoints/{terminating-gateway-service-subsets.envoy-1-20-x.golden => terminating-gateway-service-subsets.latest.golden} (100%) rename agent/xds/testdata/endpoints/{terminating-gateway.envoy-1-20-x.golden => terminating-gateway.latest.golden} (100%) rename agent/xds/testdata/listeners/{connect-proxy-upstream-defaults.envoy-1-20-x.golden => connect-proxy-upstream-defaults.latest.golden} (100%) rename agent/xds/testdata/listeners/{connect-proxy-with-chain-and-overrides.envoy-1-20-x.golden => connect-proxy-with-chain-and-overrides.latest.golden} (100%) rename agent/xds/testdata/listeners/{connect-proxy-with-chain-external-sni.envoy-1-20-x.golden => connect-proxy-with-chain-external-sni.latest.golden} (100%) rename agent/xds/testdata/listeners/{connect-proxy-with-grpc-chain.envoy-1-20-x.golden => connect-proxy-with-grpc-chain.latest.golden} (100%) rename agent/xds/testdata/listeners/{connect-proxy-with-http-chain.envoy-1-20-x.golden => connect-proxy-with-http-chain.latest.golden} (100%) rename agent/xds/testdata/listeners/{connect-proxy-with-http2-chain.envoy-1-20-x.golden => connect-proxy-with-http2-chain.latest.golden} (100%) rename agent/xds/testdata/listeners/{connect-proxy-with-tcp-chain-failover-through-local-gateway.envoy-1-20-x.golden => connect-proxy-with-tcp-chain-failover-through-local-gateway.latest.golden} (100%) rename agent/xds/testdata/listeners/{connect-proxy-with-tcp-chain-failover-through-remote-gateway.envoy-1-20-x.golden => connect-proxy-with-tcp-chain-failover-through-remote-gateway.latest.golden} (100%) rename agent/xds/testdata/listeners/{connect-proxy-with-tcp-chain.envoy-1-20-x.golden => connect-proxy-with-tcp-chain.latest.golden} (100%) rename agent/xds/testdata/listeners/{connect-proxy-with-tls-incoming-cipher-suites.envoy-1-20-x.golden => connect-proxy-with-tls-incoming-cipher-suites.latest.golden} (100%) rename agent/xds/testdata/listeners/{connect-proxy-with-tls-incoming-max-version.envoy-1-20-x.golden => connect-proxy-with-tls-incoming-max-version.latest.golden} (100%) rename agent/xds/testdata/listeners/{connect-proxy-with-tls-incoming-min-version.envoy-1-20-x.golden => connect-proxy-with-tls-incoming-min-version.latest.golden} (100%) rename agent/xds/testdata/listeners/{connect-proxy-with-tls-outgoing-min-version-auto.envoy-1-20-x.golden => connect-proxy-with-tls-outgoing-min-version-auto.latest.golden} (100%) rename agent/xds/testdata/listeners/{custom-public-listener-http-2.envoy-1-20-x.golden => custom-public-listener-http-2.latest.golden} (100%) rename agent/xds/testdata/listeners/{custom-public-listener-http-missing.envoy-1-20-x.golden => custom-public-listener-http-missing.latest.golden} (100%) rename agent/xds/testdata/listeners/{custom-public-listener-http.envoy-1-20-x.golden => custom-public-listener-http.latest.golden} (100%) rename agent/xds/testdata/listeners/{custom-public-listener.envoy-1-20-x.golden => custom-public-listener.latest.golden} (100%) rename agent/xds/testdata/listeners/{custom-upstream-ignored-with-disco-chain.envoy-1-20-x.golden => custom-upstream-ignored-with-disco-chain.latest.golden} (100%) rename agent/xds/testdata/listeners/{custom-upstream.envoy-1-20-x.golden => custom-upstream.latest.golden} (100%) rename agent/xds/testdata/listeners/{defaults.envoy-1-20-x.golden => defaults.latest.golden} (100%) rename agent/xds/testdata/listeners/{expose-checks.envoy-1-20-x.golden => expose-checks.latest.golden} (100%) rename agent/xds/testdata/listeners/{expose-paths-local-app-paths.envoy-1-20-x.golden => expose-paths-local-app-paths.latest.golden} (100%) rename agent/xds/testdata/listeners/{expose-paths-new-cluster-http2.envoy-1-20-x.golden => expose-paths-new-cluster-http2.latest.golden} (100%) rename agent/xds/testdata/listeners/{http-listener-with-timeouts.envoy-1-20-x.golden => http-listener-with-timeouts.latest.golden} (100%) rename agent/xds/testdata/listeners/{http-public-listener.envoy-1-20-x.golden => http-public-listener.latest.golden} (100%) rename agent/xds/testdata/listeners/{http-upstream.envoy-1-20-x.golden => http-upstream.latest.golden} (100%) rename agent/xds/testdata/listeners/{ingress-gateway-bind-addrs.envoy-1-20-x.golden => ingress-gateway-bind-addrs.latest.golden} (100%) rename agent/xds/testdata/listeners/{ingress-gateway-no-services.envoy-1-20-x.golden => ingress-gateway-no-services.latest.golden} (100%) rename agent/xds/testdata/listeners/{ingress-gateway.envoy-1-20-x.golden => ingress-gateway.latest.golden} (100%) rename agent/xds/testdata/listeners/{ingress-http-multiple-services.envoy-1-20-x.golden => ingress-http-multiple-services.latest.golden} (100%) rename agent/xds/testdata/listeners/{ingress-splitter-with-resolver-redirect.envoy-1-20-x.golden => ingress-splitter-with-resolver-redirect.latest.golden} (100%) rename agent/xds/testdata/listeners/{ingress-with-chain-external-sni.envoy-1-20-x.golden => ingress-with-chain-external-sni.latest.golden} (100%) rename agent/xds/testdata/listeners/{ingress-with-sds-listener+service-level.envoy-1-20-x.golden => ingress-with-sds-listener+service-level.latest.golden} (100%) rename agent/xds/testdata/listeners/{ingress-with-sds-listener-gw-level-http.envoy-1-20-x.golden => ingress-with-sds-listener-gw-level-http.latest.golden} (100%) rename agent/xds/testdata/listeners/{ingress-with-sds-listener-gw-level-mixed-tls.envoy-1-20-x.golden => ingress-with-sds-listener-gw-level-mixed-tls.latest.golden} (100%) rename agent/xds/testdata/listeners/{ingress-with-sds-listener-gw-level.envoy-1-20-x.golden => ingress-with-sds-listener-gw-level.latest.golden} (100%) rename agent/xds/testdata/listeners/{ingress-with-sds-listener-listener-level.envoy-1-20-x.golden => ingress-with-sds-listener-listener-level.latest.golden} (100%) rename agent/xds/testdata/listeners/{ingress-with-sds-service-level-mixed-no-tls.envoy-1-20-x.golden => ingress-with-sds-service-level-mixed-no-tls.latest.golden} (100%) rename agent/xds/testdata/listeners/{ingress-with-sds-service-level.envoy-1-20-x.golden => ingress-with-sds-service-level.latest.golden} (100%) rename agent/xds/testdata/listeners/{ingress-with-single-tls-listener.envoy-1-20-x.golden => ingress-with-single-tls-listener.latest.golden} (100%) rename agent/xds/testdata/listeners/{ingress-with-tcp-chain-failover-through-local-gateway.envoy-1-20-x.golden => ingress-with-tcp-chain-failover-through-local-gateway.latest.golden} (100%) rename agent/xds/testdata/listeners/{ingress-with-tcp-chain-failover-through-remote-gateway.envoy-1-20-x.golden => ingress-with-tcp-chain-failover-through-remote-gateway.latest.golden} (100%) rename agent/xds/testdata/listeners/{ingress-with-tls-listener-cipher-suites.envoy-1-20-x.golden => ingress-with-tls-listener-cipher-suites.latest.golden} (100%) rename agent/xds/testdata/listeners/{ingress-with-tls-listener-max-version.envoy-1-20-x.golden => ingress-with-tls-listener-max-version.latest.golden} (100%) rename agent/xds/testdata/listeners/{ingress-with-tls-listener-min-version.envoy-1-20-x.golden => ingress-with-tls-listener-min-version.latest.golden} (100%) rename agent/xds/testdata/listeners/{ingress-with-tls-listener.envoy-1-20-x.golden => ingress-with-tls-listener.latest.golden} (100%) rename agent/xds/testdata/listeners/{ingress-with-tls-min-version-listeners-gateway-defaults.envoy-1-20-x.golden => ingress-with-tls-min-version-listeners-gateway-defaults.latest.golden} (100%) rename agent/xds/testdata/listeners/{ingress-with-tls-mixed-listeners.envoy-1-20-x.golden => ingress-with-tls-mixed-listeners.latest.golden} (100%) rename agent/xds/testdata/listeners/{ingress-with-tls-mixed-min-version-listeners.envoy-1-20-x.golden => ingress-with-tls-mixed-min-version-listeners.latest.golden} (100%) rename agent/xds/testdata/listeners/{listener-bind-address-port.envoy-1-20-x.golden => listener-bind-address-port.latest.golden} (100%) rename agent/xds/testdata/listeners/{listener-bind-address.envoy-1-20-x.golden => listener-bind-address.latest.golden} (100%) rename agent/xds/testdata/listeners/{listener-bind-port.envoy-1-20-x.golden => listener-bind-port.latest.golden} (100%) rename agent/xds/testdata/listeners/{listener-unix-domain-socket.envoy-1-20-x.golden => listener-unix-domain-socket.latest.golden} (100%) rename agent/xds/testdata/listeners/{mesh-gateway-custom-addresses.envoy-1-20-x.golden => mesh-gateway-custom-addresses.latest.golden} (100%) rename agent/xds/testdata/listeners/{mesh-gateway-no-services.envoy-1-20-x.golden => mesh-gateway-no-services.latest.golden} (100%) rename agent/xds/testdata/listeners/{mesh-gateway-tagged-addresses.envoy-1-20-x.golden => mesh-gateway-tagged-addresses.latest.golden} (100%) rename agent/xds/testdata/listeners/{mesh-gateway-using-federation-states.envoy-1-20-x.golden => mesh-gateway-using-federation-states.latest.golden} (100%) rename agent/xds/testdata/listeners/{mesh-gateway.envoy-1-20-x.golden => mesh-gateway.latest.golden} (100%) rename agent/xds/testdata/listeners/{splitter-with-resolver-redirect.envoy-1-20-x.golden => splitter-with-resolver-redirect.latest.golden} (100%) rename agent/xds/testdata/listeners/{terminating-gateway-custom-and-tagged-addresses.envoy-1-20-x.golden => terminating-gateway-custom-and-tagged-addresses.latest.golden} (100%) rename agent/xds/testdata/listeners/{terminating-gateway-no-api-cert.envoy-1-20-x.golden => terminating-gateway-no-api-cert.latest.golden} (100%) rename agent/xds/testdata/listeners/{terminating-gateway-no-services.envoy-1-20-x.golden => terminating-gateway-no-services.latest.golden} (100%) rename agent/xds/testdata/listeners/{terminating-gateway-service-subsets.envoy-1-20-x.golden => terminating-gateway-service-subsets.latest.golden} (100%) rename agent/xds/testdata/listeners/{terminating-gateway-with-tls-incoming-cipher-suites.envoy-1-20-x.golden => terminating-gateway-with-tls-incoming-cipher-suites.latest.golden} (100%) rename agent/xds/testdata/listeners/{terminating-gateway-with-tls-incoming-max-version.envoy-1-20-x.golden => terminating-gateway-with-tls-incoming-max-version.latest.golden} (100%) rename agent/xds/testdata/listeners/{terminating-gateway-with-tls-incoming-min-version.envoy-1-20-x.golden => terminating-gateway-with-tls-incoming-min-version.latest.golden} (100%) rename agent/xds/testdata/listeners/{terminating-gateway.envoy-1-20-x.golden => terminating-gateway.latest.golden} (100%) rename agent/xds/testdata/listeners/{transparent-proxy-catalog-destinations-only.envoy-1-20-x.golden => transparent-proxy-catalog-destinations-only.latest.golden} (100%) rename agent/xds/testdata/listeners/{transparent-proxy-dial-instances-directly.envoy-1-20-x.golden => transparent-proxy-dial-instances-directly.latest.golden} (100%) rename agent/xds/testdata/listeners/{transparent-proxy-http-upstream.envoy-1-20-x.golden => transparent-proxy-http-upstream.latest.golden} (100%) rename agent/xds/testdata/listeners/{transparent-proxy-terminating-gateway.envoy-1-20-x.golden => transparent-proxy-terminating-gateway.latest.golden} (100%) rename agent/xds/testdata/listeners/{transparent-proxy.envoy-1-20-x.golden => transparent-proxy.latest.golden} (100%) rename agent/xds/testdata/routes/{connect-proxy-lb-in-resolver.envoy-1-20-x.golden => connect-proxy-lb-in-resolver.latest.golden} (100%) rename agent/xds/testdata/routes/{connect-proxy-with-chain-and-overrides.envoy-1-20-x.golden => connect-proxy-with-chain-and-overrides.latest.golden} (100%) rename agent/xds/testdata/routes/{connect-proxy-with-chain-and-router.envoy-1-20-x.golden => connect-proxy-with-chain-and-router.latest.golden} (100%) rename agent/xds/testdata/routes/{connect-proxy-with-chain-and-splitter.envoy-1-20-x.golden => connect-proxy-with-chain-and-splitter.latest.golden} (100%) rename agent/xds/testdata/routes/{connect-proxy-with-chain-external-sni.envoy-1-20-x.golden => connect-proxy-with-chain-external-sni.latest.golden} (100%) rename agent/xds/testdata/routes/{connect-proxy-with-chain.envoy-1-20-x.golden => connect-proxy-with-chain.latest.golden} (100%) rename agent/xds/testdata/routes/{connect-proxy-with-grpc-router.envoy-1-20-x.golden => connect-proxy-with-grpc-router.latest.golden} (100%) rename agent/xds/testdata/routes/{defaults.envoy-1-20-x.golden => defaults.latest.golden} (100%) rename agent/xds/testdata/routes/{ingress-defaults-no-chain.envoy-1-20-x.golden => ingress-defaults-no-chain.latest.golden} (100%) rename agent/xds/testdata/routes/{ingress-http-multiple-services.envoy-1-20-x.golden => ingress-http-multiple-services.latest.golden} (100%) rename agent/xds/testdata/routes/{ingress-lb-in-resolver.envoy-1-20-x.golden => ingress-lb-in-resolver.latest.golden} (100%) rename agent/xds/testdata/routes/{ingress-splitter-with-resolver-redirect.envoy-1-20-x.golden => ingress-splitter-with-resolver-redirect.latest.golden} (100%) rename agent/xds/testdata/routes/{ingress-with-chain-and-router-header-manip.envoy-1-20-x.golden => ingress-with-chain-and-router-header-manip.latest.golden} (100%) rename agent/xds/testdata/routes/{ingress-with-chain-and-router.envoy-1-20-x.golden => ingress-with-chain-and-router.latest.golden} (100%) rename agent/xds/testdata/routes/{ingress-with-chain-and-splitter.envoy-1-20-x.golden => ingress-with-chain-and-splitter.latest.golden} (100%) rename agent/xds/testdata/routes/{ingress-with-chain-external-sni.envoy-1-20-x.golden => ingress-with-chain-external-sni.latest.golden} (100%) rename agent/xds/testdata/routes/{ingress-with-chain.envoy-1-20-x.golden => ingress-with-chain.latest.golden} (100%) rename agent/xds/testdata/routes/{ingress-with-grpc-router.envoy-1-20-x.golden => ingress-with-grpc-router.latest.golden} (100%) rename agent/xds/testdata/routes/{ingress-with-sds-listener-level-wildcard.envoy-1-20-x.golden => ingress-with-sds-listener-level-wildcard.latest.golden} (100%) rename agent/xds/testdata/routes/{ingress-with-sds-listener-level.envoy-1-20-x.golden => ingress-with-sds-listener-level.latest.golden} (100%) rename agent/xds/testdata/routes/{ingress-with-sds-service-level-mixed-tls.envoy-1-20-x.golden => ingress-with-sds-service-level-mixed-tls.latest.golden} (100%) rename agent/xds/testdata/routes/{ingress-with-sds-service-level.envoy-1-20-x.golden => ingress-with-sds-service-level.latest.golden} (100%) rename agent/xds/testdata/routes/{splitter-with-resolver-redirect.envoy-1-20-x.golden => splitter-with-resolver-redirect.latest.golden} (100%) rename agent/xds/testdata/routes/{terminating-gateway-lb-config.envoy-1-20-x.golden => terminating-gateway-lb-config.latest.golden} (100%) rename agent/xds/testdata/serverless_plugin/clusters/{lambda-terminating-gateway-with-service-resolvers.envoy-1-20-x.golden => lambda-terminating-gateway-with-service-resolvers.latest.golden} (100%) rename agent/xds/testdata/serverless_plugin/clusters/{lambda-terminating-gateway.envoy-1-20-x.golden => lambda-terminating-gateway.latest.golden} (100%) rename agent/xds/testdata/serverless_plugin/listeners/{lambda-terminating-gateway-with-service-resolvers.envoy-1-20-x.golden => lambda-terminating-gateway-with-service-resolvers.latest.golden} (100%) rename agent/xds/testdata/serverless_plugin/listeners/{lambda-terminating-gateway.envoy-1-20-x.golden => lambda-terminating-gateway.latest.golden} (100%) rename agent/xds/testdata/serverless_plugin/routes/{lambda-terminating-gateway-with-service-resolvers.envoy-1-20-x.golden => lambda-terminating-gateway-with-service-resolvers.latest.golden} (100%) rename agent/xds/testdata/serverless_plugin/routes/{lambda-terminating-gateway.envoy-1-20-x.golden => lambda-terminating-gateway.latest.golden} (100%) diff --git a/.changelog/12777.txt b/.changelog/12777.txt new file mode 100644 index 000000000..09c9f7c31 --- /dev/null +++ b/.changelog/12777.txt @@ -0,0 +1,3 @@ +```release-note:improvement +connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 +``` diff --git a/.circleci/config.yml b/.circleci/config.yml index bbd7671b1..f5b25f359 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -845,13 +845,13 @@ jobs: command: make test-coverage-ci - run: *notify-slack-failure - envoy-integration-test-1_17_4: &ENVOY_TESTS + envoy-integration-test-1_18_6: &ENVOY_TESTS machine: image: ubuntu-2004:202101-01 parallelism: 4 resource_class: medium environment: - ENVOY_VERSION: "1.17.4" + ENVOY_VERSION: "1.18.6" steps: &ENVOY_INTEGRATION_TEST_STEPS - checkout # Get go binary from workspace @@ -884,11 +884,6 @@ jobs: path: *TEST_RESULTS_DIR - run: *notify-slack-failure - envoy-integration-test-1_18_6: - <<: *ENVOY_TESTS - environment: - ENVOY_VERSION: "1.18.6" - envoy-integration-test-1_19_3: <<: *ENVOY_TESTS environment: @@ -899,6 +894,11 @@ jobs: environment: ENVOY_VERSION: "1.20.2" + envoy-integration-test-1_21_1: + <<: *ENVOY_TESTS + environment: + ENVOY_VERSION: "1.21.1" + # run integration tests for the connect ca providers test-connect-ca-providers: docker: @@ -1140,9 +1140,6 @@ workflows: - nomad-integration-0_8: requires: - dev-build - - envoy-integration-test-1_17_4: - requires: - - dev-build - envoy-integration-test-1_18_6: requires: - dev-build @@ -1152,6 +1149,9 @@ workflows: - envoy-integration-test-1_20_2: requires: - dev-build + - envoy-integration-test-1_21_1: + requires: + - dev-build website: unless: << pipeline.parameters.trigger-load-test >> diff --git a/agent/xds/envoy_versioning.go b/agent/xds/envoy_versioning.go index be0a770fe..1ee579890 100644 --- a/agent/xds/envoy_versioning.go +++ b/agent/xds/envoy_versioning.go @@ -11,7 +11,7 @@ import ( var ( // minSupportedVersion is the oldest mainline version we support. This should always be // the zero'th point release of the last element of proxysupport.EnvoyVersions. - minSupportedVersion = version.Must(version.NewVersion("1.17.0")) + minSupportedVersion = version.Must(version.NewVersion("1.18.0")) minVersionToForceLDSandCDSToAlwaysUseWildcardsOnReconnect = version.Must(version.NewVersion("1.19.0")) diff --git a/agent/xds/envoy_versioning_test.go b/agent/xds/envoy_versioning_test.go index fa1565285..c11bcf76a 100644 --- a/agent/xds/envoy_versioning_test.go +++ b/agent/xds/envoy_versioning_test.go @@ -123,7 +123,6 @@ func TestDetermineSupportedProxyFeaturesFromString(t *testing.T) { // Insert a bunch of valid versions. // Populate feature flags here when appropriate. See consul 1.10.x for reference. for _, v := range []string{ - "1.17.0", "1.17.1", "1.17.2", "1.17.3", "1.17.4", "1.18.0", "1.18.1", "1.18.2", "1.18.3", "1.18.4", "1.18.5", "1.18.6", } { cases[v] = testcase{expect: supportedProxyFeatures{ @@ -133,6 +132,7 @@ func TestDetermineSupportedProxyFeaturesFromString(t *testing.T) { for _, v := range []string{ "1.19.0", "1.19.1", "1.19.2", "1.19.3", "1.20.0", "1.20.1", "1.20.2", + "1.21.1", } { cases[v] = testcase{expect: supportedProxyFeatures{}} } diff --git a/agent/xds/golden_test.go b/agent/xds/golden_test.go index 78baf8baa..0efcc155b 100644 --- a/agent/xds/golden_test.go +++ b/agent/xds/golden_test.go @@ -35,7 +35,11 @@ func goldenEnvoy(t *testing.T, name, envoyVersion, latestEnvoyVersion, got strin // coalescing works below when there is no xDS generated skew across envoy // versions. subname := goldenEnvoyVersionName(t, envoyVersion) - latestSubname := goldenEnvoyVersionName(t, latestEnvoyVersion) + + latestSubname := "latest" + if envoyVersion == latestEnvoyVersion { + subname = "latest" + } return golden(t, name, subname, latestSubname, got) } @@ -85,7 +89,7 @@ func golden(t *testing.T, name, subname, latestSubname, got string) string { if latestSubname != "" && subname != latestSubname { latestGolden := filepath.Join("testdata", fmt.Sprintf("%s.%s.golden", name, latestSubname)) raw, err := ioutil.ReadFile(latestGolden) - require.NoError(t, err) + require.NoError(t, err, "%q %q %q", name, subname, latestSubname) latestExpected = string(raw) } diff --git a/agent/xds/proxysupport/proxysupport.go b/agent/xds/proxysupport/proxysupport.go index aab92fa25..c3a9ba05f 100644 --- a/agent/xds/proxysupport/proxysupport.go +++ b/agent/xds/proxysupport/proxysupport.go @@ -7,8 +7,8 @@ package proxysupport // // see: https://www.consul.io/docs/connect/proxies/envoy#supported-versions var EnvoyVersions = []string{ + "1.21.1", "1.20.2", "1.19.3", "1.18.6", - "1.17.4", } diff --git a/agent/xds/testdata/clusters/connect-proxy-lb-in-resolver.envoy-1-20-x.golden b/agent/xds/testdata/clusters/connect-proxy-lb-in-resolver.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/connect-proxy-lb-in-resolver.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/connect-proxy-lb-in-resolver.latest.golden diff --git a/agent/xds/testdata/clusters/connect-proxy-with-chain-and-failover.envoy-1-20-x.golden b/agent/xds/testdata/clusters/connect-proxy-with-chain-and-failover.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/connect-proxy-with-chain-and-failover.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/connect-proxy-with-chain-and-failover.latest.golden diff --git a/agent/xds/testdata/clusters/connect-proxy-with-chain-and-overrides.envoy-1-20-x.golden b/agent/xds/testdata/clusters/connect-proxy-with-chain-and-overrides.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/connect-proxy-with-chain-and-overrides.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/connect-proxy-with-chain-and-overrides.latest.golden diff --git a/agent/xds/testdata/clusters/connect-proxy-with-chain-external-sni.envoy-1-20-x.golden b/agent/xds/testdata/clusters/connect-proxy-with-chain-external-sni.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/connect-proxy-with-chain-external-sni.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/connect-proxy-with-chain-external-sni.latest.golden diff --git a/agent/xds/testdata/clusters/connect-proxy-with-chain.envoy-1-20-x.golden b/agent/xds/testdata/clusters/connect-proxy-with-chain.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/connect-proxy-with-chain.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/connect-proxy-with-chain.latest.golden diff --git a/agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-double-failover-through-local-gateway-triggered.envoy-1-20-x.golden b/agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-double-failover-through-local-gateway-triggered.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-double-failover-through-local-gateway-triggered.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-double-failover-through-local-gateway-triggered.latest.golden diff --git a/agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-double-failover-through-local-gateway.envoy-1-20-x.golden b/agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-double-failover-through-local-gateway.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-double-failover-through-local-gateway.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-double-failover-through-local-gateway.latest.golden diff --git a/agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-double-failover-through-remote-gateway-triggered.envoy-1-20-x.golden b/agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-double-failover-through-remote-gateway-triggered.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-double-failover-through-remote-gateway-triggered.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-double-failover-through-remote-gateway-triggered.latest.golden diff --git a/agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-double-failover-through-remote-gateway.envoy-1-20-x.golden b/agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-double-failover-through-remote-gateway.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-double-failover-through-remote-gateway.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-double-failover-through-remote-gateway.latest.golden diff --git a/agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-failover-through-local-gateway-triggered.envoy-1-20-x.golden b/agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-failover-through-local-gateway-triggered.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-failover-through-local-gateway-triggered.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-failover-through-local-gateway-triggered.latest.golden diff --git a/agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-failover-through-local-gateway.envoy-1-20-x.golden b/agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-failover-through-local-gateway.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-failover-through-local-gateway.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-failover-through-local-gateway.latest.golden diff --git a/agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-failover-through-remote-gateway-triggered.envoy-1-20-x.golden b/agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-failover-through-remote-gateway-triggered.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-failover-through-remote-gateway-triggered.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-failover-through-remote-gateway-triggered.latest.golden diff --git a/agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-failover-through-remote-gateway.envoy-1-20-x.golden b/agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-failover-through-remote-gateway.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-failover-through-remote-gateway.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-failover-through-remote-gateway.latest.golden diff --git a/agent/xds/testdata/clusters/connect-proxy-with-tls-outgoing-cipher-suites.envoy-1-20-x.golden b/agent/xds/testdata/clusters/connect-proxy-with-tls-outgoing-cipher-suites.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/connect-proxy-with-tls-outgoing-cipher-suites.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/connect-proxy-with-tls-outgoing-cipher-suites.latest.golden diff --git a/agent/xds/testdata/clusters/connect-proxy-with-tls-outgoing-max-version.envoy-1-20-x.golden b/agent/xds/testdata/clusters/connect-proxy-with-tls-outgoing-max-version.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/connect-proxy-with-tls-outgoing-max-version.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/connect-proxy-with-tls-outgoing-max-version.latest.golden diff --git a/agent/xds/testdata/clusters/connect-proxy-with-tls-outgoing-min-version-auto.envoy-1-20-x.golden b/agent/xds/testdata/clusters/connect-proxy-with-tls-outgoing-min-version-auto.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/connect-proxy-with-tls-outgoing-min-version-auto.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/connect-proxy-with-tls-outgoing-min-version-auto.latest.golden diff --git a/agent/xds/testdata/clusters/connect-proxy-with-tls-outgoing-min-version.envoy-1-20-x.golden b/agent/xds/testdata/clusters/connect-proxy-with-tls-outgoing-min-version.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/connect-proxy-with-tls-outgoing-min-version.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/connect-proxy-with-tls-outgoing-min-version.latest.golden diff --git a/agent/xds/testdata/clusters/custom-limits-max-connections-only.envoy-1-20-x.golden b/agent/xds/testdata/clusters/custom-limits-max-connections-only.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/custom-limits-max-connections-only.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/custom-limits-max-connections-only.latest.golden diff --git a/agent/xds/testdata/clusters/custom-limits-set-to-zero.envoy-1-20-x.golden b/agent/xds/testdata/clusters/custom-limits-set-to-zero.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/custom-limits-set-to-zero.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/custom-limits-set-to-zero.latest.golden diff --git a/agent/xds/testdata/clusters/custom-limits.envoy-1-20-x.golden b/agent/xds/testdata/clusters/custom-limits.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/custom-limits.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/custom-limits.latest.golden diff --git a/agent/xds/testdata/clusters/custom-local-app.envoy-1-20-x.golden b/agent/xds/testdata/clusters/custom-local-app.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/custom-local-app.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/custom-local-app.latest.golden diff --git a/agent/xds/testdata/clusters/custom-timeouts.envoy-1-20-x.golden b/agent/xds/testdata/clusters/custom-timeouts.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/custom-timeouts.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/custom-timeouts.latest.golden diff --git a/agent/xds/testdata/clusters/custom-upstream-default-chain.envoy-1-20-x.golden b/agent/xds/testdata/clusters/custom-upstream-default-chain.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/custom-upstream-default-chain.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/custom-upstream-default-chain.latest.golden diff --git a/agent/xds/testdata/clusters/custom-upstream.envoy-1-20-x.golden b/agent/xds/testdata/clusters/custom-upstream.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/custom-upstream.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/custom-upstream.latest.golden diff --git a/agent/xds/testdata/clusters/defaults.envoy-1-20-x.golden b/agent/xds/testdata/clusters/defaults.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/defaults.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/defaults.latest.golden diff --git a/agent/xds/testdata/clusters/downstream-service-with-unix-sockets.envoy-1-20-x.golden b/agent/xds/testdata/clusters/downstream-service-with-unix-sockets.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/downstream-service-with-unix-sockets.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/downstream-service-with-unix-sockets.latest.golden diff --git a/agent/xds/testdata/clusters/expose-paths-grpc-new-cluster-http1.envoy-1-20-x.golden b/agent/xds/testdata/clusters/expose-paths-grpc-new-cluster-http1.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/expose-paths-grpc-new-cluster-http1.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/expose-paths-grpc-new-cluster-http1.latest.golden diff --git a/agent/xds/testdata/clusters/expose-paths-local-app-paths.envoy-1-20-x.golden b/agent/xds/testdata/clusters/expose-paths-local-app-paths.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/expose-paths-local-app-paths.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/expose-paths-local-app-paths.latest.golden diff --git a/agent/xds/testdata/clusters/expose-paths-new-cluster-http2.envoy-1-20-x.golden b/agent/xds/testdata/clusters/expose-paths-new-cluster-http2.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/expose-paths-new-cluster-http2.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/expose-paths-new-cluster-http2.latest.golden diff --git a/agent/xds/testdata/clusters/ingress-gateway-no-services.envoy-1-20-x.golden b/agent/xds/testdata/clusters/ingress-gateway-no-services.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/ingress-gateway-no-services.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/ingress-gateway-no-services.latest.golden diff --git a/agent/xds/testdata/clusters/ingress-gateway-with-tls-outgoing-cipher-suites.envoy-1-20-x.golden b/agent/xds/testdata/clusters/ingress-gateway-with-tls-outgoing-cipher-suites.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/ingress-gateway-with-tls-outgoing-cipher-suites.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/ingress-gateway-with-tls-outgoing-cipher-suites.latest.golden diff --git a/agent/xds/testdata/clusters/ingress-gateway-with-tls-outgoing-max-version.envoy-1-20-x.golden b/agent/xds/testdata/clusters/ingress-gateway-with-tls-outgoing-max-version.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/ingress-gateway-with-tls-outgoing-max-version.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/ingress-gateway-with-tls-outgoing-max-version.latest.golden diff --git a/agent/xds/testdata/clusters/ingress-gateway-with-tls-outgoing-min-version.envoy-1-20-x.golden b/agent/xds/testdata/clusters/ingress-gateway-with-tls-outgoing-min-version.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/ingress-gateway-with-tls-outgoing-min-version.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/ingress-gateway-with-tls-outgoing-min-version.latest.golden diff --git a/agent/xds/testdata/clusters/ingress-gateway.envoy-1-20-x.golden b/agent/xds/testdata/clusters/ingress-gateway.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/ingress-gateway.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/ingress-gateway.latest.golden diff --git a/agent/xds/testdata/clusters/ingress-lb-in-resolver.envoy-1-20-x.golden b/agent/xds/testdata/clusters/ingress-lb-in-resolver.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/ingress-lb-in-resolver.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/ingress-lb-in-resolver.latest.golden diff --git a/agent/xds/testdata/clusters/ingress-multiple-listeners-duplicate-service.envoy-1-20-x.golden b/agent/xds/testdata/clusters/ingress-multiple-listeners-duplicate-service.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/ingress-multiple-listeners-duplicate-service.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/ingress-multiple-listeners-duplicate-service.latest.golden diff --git a/agent/xds/testdata/clusters/ingress-splitter-with-resolver-redirect.envoy-1-20-x.golden b/agent/xds/testdata/clusters/ingress-splitter-with-resolver-redirect.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/ingress-splitter-with-resolver-redirect.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/ingress-splitter-with-resolver-redirect.latest.golden diff --git a/agent/xds/testdata/clusters/ingress-with-chain-and-failover.envoy-1-20-x.golden b/agent/xds/testdata/clusters/ingress-with-chain-and-failover.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/ingress-with-chain-and-failover.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/ingress-with-chain-and-failover.latest.golden diff --git a/agent/xds/testdata/clusters/ingress-with-chain-external-sni.envoy-1-20-x.golden b/agent/xds/testdata/clusters/ingress-with-chain-external-sni.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/ingress-with-chain-external-sni.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/ingress-with-chain-external-sni.latest.golden diff --git a/agent/xds/testdata/clusters/ingress-with-chain.envoy-1-20-x.golden b/agent/xds/testdata/clusters/ingress-with-chain.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/ingress-with-chain.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/ingress-with-chain.latest.golden diff --git a/agent/xds/testdata/clusters/ingress-with-tcp-chain-double-failover-through-local-gateway-triggered.envoy-1-20-x.golden b/agent/xds/testdata/clusters/ingress-with-tcp-chain-double-failover-through-local-gateway-triggered.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/ingress-with-tcp-chain-double-failover-through-local-gateway-triggered.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/ingress-with-tcp-chain-double-failover-through-local-gateway-triggered.latest.golden diff --git a/agent/xds/testdata/clusters/ingress-with-tcp-chain-double-failover-through-local-gateway.envoy-1-20-x.golden b/agent/xds/testdata/clusters/ingress-with-tcp-chain-double-failover-through-local-gateway.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/ingress-with-tcp-chain-double-failover-through-local-gateway.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/ingress-with-tcp-chain-double-failover-through-local-gateway.latest.golden diff --git a/agent/xds/testdata/clusters/ingress-with-tcp-chain-double-failover-through-remote-gateway-triggered.envoy-1-20-x.golden b/agent/xds/testdata/clusters/ingress-with-tcp-chain-double-failover-through-remote-gateway-triggered.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/ingress-with-tcp-chain-double-failover-through-remote-gateway-triggered.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/ingress-with-tcp-chain-double-failover-through-remote-gateway-triggered.latest.golden diff --git a/agent/xds/testdata/clusters/ingress-with-tcp-chain-double-failover-through-remote-gateway.envoy-1-20-x.golden b/agent/xds/testdata/clusters/ingress-with-tcp-chain-double-failover-through-remote-gateway.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/ingress-with-tcp-chain-double-failover-through-remote-gateway.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/ingress-with-tcp-chain-double-failover-through-remote-gateway.latest.golden diff --git a/agent/xds/testdata/clusters/ingress-with-tcp-chain-failover-through-local-gateway-triggered.envoy-1-20-x.golden b/agent/xds/testdata/clusters/ingress-with-tcp-chain-failover-through-local-gateway-triggered.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/ingress-with-tcp-chain-failover-through-local-gateway-triggered.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/ingress-with-tcp-chain-failover-through-local-gateway-triggered.latest.golden diff --git a/agent/xds/testdata/clusters/ingress-with-tcp-chain-failover-through-local-gateway.envoy-1-20-x.golden b/agent/xds/testdata/clusters/ingress-with-tcp-chain-failover-through-local-gateway.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/ingress-with-tcp-chain-failover-through-local-gateway.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/ingress-with-tcp-chain-failover-through-local-gateway.latest.golden diff --git a/agent/xds/testdata/clusters/ingress-with-tcp-chain-failover-through-remote-gateway-triggered.envoy-1-20-x.golden b/agent/xds/testdata/clusters/ingress-with-tcp-chain-failover-through-remote-gateway-triggered.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/ingress-with-tcp-chain-failover-through-remote-gateway-triggered.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/ingress-with-tcp-chain-failover-through-remote-gateway-triggered.latest.golden diff --git a/agent/xds/testdata/clusters/ingress-with-tcp-chain-failover-through-remote-gateway.envoy-1-20-x.golden b/agent/xds/testdata/clusters/ingress-with-tcp-chain-failover-through-remote-gateway.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/ingress-with-tcp-chain-failover-through-remote-gateway.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/ingress-with-tcp-chain-failover-through-remote-gateway.latest.golden diff --git a/agent/xds/testdata/clusters/mesh-gateway-hash-lb-ignored.envoy-1-20-x.golden b/agent/xds/testdata/clusters/mesh-gateway-hash-lb-ignored.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/mesh-gateway-hash-lb-ignored.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/mesh-gateway-hash-lb-ignored.latest.golden diff --git a/agent/xds/testdata/clusters/mesh-gateway-ignore-extra-resolvers.envoy-1-20-x.golden b/agent/xds/testdata/clusters/mesh-gateway-ignore-extra-resolvers.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/mesh-gateway-ignore-extra-resolvers.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/mesh-gateway-ignore-extra-resolvers.latest.golden diff --git a/agent/xds/testdata/clusters/mesh-gateway-no-services.envoy-1-20-x.golden b/agent/xds/testdata/clusters/mesh-gateway-no-services.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/mesh-gateway-no-services.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/mesh-gateway-no-services.latest.golden diff --git a/agent/xds/testdata/clusters/mesh-gateway-non-hash-lb-injected.envoy-1-20-x.golden b/agent/xds/testdata/clusters/mesh-gateway-non-hash-lb-injected.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/mesh-gateway-non-hash-lb-injected.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/mesh-gateway-non-hash-lb-injected.latest.golden diff --git a/agent/xds/testdata/clusters/mesh-gateway-service-subsets.envoy-1-20-x.golden b/agent/xds/testdata/clusters/mesh-gateway-service-subsets.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/mesh-gateway-service-subsets.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/mesh-gateway-service-subsets.latest.golden diff --git a/agent/xds/testdata/clusters/mesh-gateway-service-timeouts.envoy-1-20-x.golden b/agent/xds/testdata/clusters/mesh-gateway-service-timeouts.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/mesh-gateway-service-timeouts.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/mesh-gateway-service-timeouts.latest.golden diff --git a/agent/xds/testdata/clusters/mesh-gateway-using-federation-states.envoy-1-20-x.golden b/agent/xds/testdata/clusters/mesh-gateway-using-federation-states.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/mesh-gateway-using-federation-states.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/mesh-gateway-using-federation-states.latest.golden diff --git a/agent/xds/testdata/clusters/mesh-gateway.envoy-1-20-x.golden b/agent/xds/testdata/clusters/mesh-gateway.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/mesh-gateway.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/mesh-gateway.latest.golden diff --git a/agent/xds/testdata/clusters/splitter-with-resolver-redirect.envoy-1-20-x.golden b/agent/xds/testdata/clusters/splitter-with-resolver-redirect.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/splitter-with-resolver-redirect.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/splitter-with-resolver-redirect.latest.golden diff --git a/agent/xds/testdata/clusters/terminating-gateway-hostname-service-subsets.envoy-1-20-x.golden b/agent/xds/testdata/clusters/terminating-gateway-hostname-service-subsets.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/terminating-gateway-hostname-service-subsets.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/terminating-gateway-hostname-service-subsets.latest.golden diff --git a/agent/xds/testdata/clusters/terminating-gateway-ignore-extra-resolvers.envoy-1-20-x.golden b/agent/xds/testdata/clusters/terminating-gateway-ignore-extra-resolvers.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/terminating-gateway-ignore-extra-resolvers.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/terminating-gateway-ignore-extra-resolvers.latest.golden diff --git a/agent/xds/testdata/clusters/terminating-gateway-lb-config.envoy-1-20-x.golden b/agent/xds/testdata/clusters/terminating-gateway-lb-config.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/terminating-gateway-lb-config.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/terminating-gateway-lb-config.latest.golden diff --git a/agent/xds/testdata/clusters/terminating-gateway-no-services.envoy-1-20-x.golden b/agent/xds/testdata/clusters/terminating-gateway-no-services.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/terminating-gateway-no-services.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/terminating-gateway-no-services.latest.golden diff --git a/agent/xds/testdata/clusters/terminating-gateway-service-subsets.envoy-1-20-x.golden b/agent/xds/testdata/clusters/terminating-gateway-service-subsets.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/terminating-gateway-service-subsets.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/terminating-gateway-service-subsets.latest.golden diff --git a/agent/xds/testdata/clusters/terminating-gateway-sni.envoy-1-20-x.golden b/agent/xds/testdata/clusters/terminating-gateway-sni.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/terminating-gateway-sni.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/terminating-gateway-sni.latest.golden diff --git a/agent/xds/testdata/clusters/terminating-gateway.envoy-1-20-x.golden b/agent/xds/testdata/clusters/terminating-gateway.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/terminating-gateway.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/terminating-gateway.latest.golden diff --git a/agent/xds/testdata/clusters/transparent-proxy-catalog-destinations-only.envoy-1-20-x.golden b/agent/xds/testdata/clusters/transparent-proxy-catalog-destinations-only.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/transparent-proxy-catalog-destinations-only.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/transparent-proxy-catalog-destinations-only.latest.golden diff --git a/agent/xds/testdata/clusters/transparent-proxy-dial-instances-directly.envoy-1-20-x.golden b/agent/xds/testdata/clusters/transparent-proxy-dial-instances-directly.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/transparent-proxy-dial-instances-directly.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/transparent-proxy-dial-instances-directly.latest.golden diff --git a/agent/xds/testdata/clusters/transparent-proxy.envoy-1-20-x.golden b/agent/xds/testdata/clusters/transparent-proxy.latest.golden similarity index 100% rename from agent/xds/testdata/clusters/transparent-proxy.envoy-1-20-x.golden rename to agent/xds/testdata/clusters/transparent-proxy.latest.golden diff --git a/agent/xds/testdata/endpoints/connect-proxy-with-chain-and-failover.envoy-1-20-x.golden b/agent/xds/testdata/endpoints/connect-proxy-with-chain-and-failover.latest.golden similarity index 100% rename from agent/xds/testdata/endpoints/connect-proxy-with-chain-and-failover.envoy-1-20-x.golden rename to agent/xds/testdata/endpoints/connect-proxy-with-chain-and-failover.latest.golden diff --git a/agent/xds/testdata/endpoints/connect-proxy-with-chain-and-overrides.envoy-1-20-x.golden b/agent/xds/testdata/endpoints/connect-proxy-with-chain-and-overrides.latest.golden similarity index 100% rename from agent/xds/testdata/endpoints/connect-proxy-with-chain-and-overrides.envoy-1-20-x.golden rename to agent/xds/testdata/endpoints/connect-proxy-with-chain-and-overrides.latest.golden diff --git a/agent/xds/testdata/endpoints/connect-proxy-with-chain-external-sni.envoy-1-20-x.golden b/agent/xds/testdata/endpoints/connect-proxy-with-chain-external-sni.latest.golden similarity index 100% rename from agent/xds/testdata/endpoints/connect-proxy-with-chain-external-sni.envoy-1-20-x.golden rename to agent/xds/testdata/endpoints/connect-proxy-with-chain-external-sni.latest.golden diff --git a/agent/xds/testdata/endpoints/connect-proxy-with-chain.envoy-1-20-x.golden b/agent/xds/testdata/endpoints/connect-proxy-with-chain.latest.golden similarity index 100% rename from agent/xds/testdata/endpoints/connect-proxy-with-chain.envoy-1-20-x.golden rename to agent/xds/testdata/endpoints/connect-proxy-with-chain.latest.golden diff --git a/agent/xds/testdata/endpoints/connect-proxy-with-default-chain-and-custom-cluster.envoy-1-20-x.golden b/agent/xds/testdata/endpoints/connect-proxy-with-default-chain-and-custom-cluster.latest.golden similarity index 100% rename from agent/xds/testdata/endpoints/connect-proxy-with-default-chain-and-custom-cluster.envoy-1-20-x.golden rename to agent/xds/testdata/endpoints/connect-proxy-with-default-chain-and-custom-cluster.latest.golden diff --git a/agent/xds/testdata/endpoints/connect-proxy-with-tcp-chain-double-failover-through-local-gateway-triggered.envoy-1-20-x.golden b/agent/xds/testdata/endpoints/connect-proxy-with-tcp-chain-double-failover-through-local-gateway-triggered.latest.golden similarity index 100% rename from agent/xds/testdata/endpoints/connect-proxy-with-tcp-chain-double-failover-through-local-gateway-triggered.envoy-1-20-x.golden rename to agent/xds/testdata/endpoints/connect-proxy-with-tcp-chain-double-failover-through-local-gateway-triggered.latest.golden diff --git a/agent/xds/testdata/endpoints/connect-proxy-with-tcp-chain-double-failover-through-local-gateway.envoy-1-20-x.golden b/agent/xds/testdata/endpoints/connect-proxy-with-tcp-chain-double-failover-through-local-gateway.latest.golden similarity index 100% rename from agent/xds/testdata/endpoints/connect-proxy-with-tcp-chain-double-failover-through-local-gateway.envoy-1-20-x.golden rename to agent/xds/testdata/endpoints/connect-proxy-with-tcp-chain-double-failover-through-local-gateway.latest.golden diff --git a/agent/xds/testdata/endpoints/connect-proxy-with-tcp-chain-double-failover-through-remote-gateway-triggered.envoy-1-20-x.golden b/agent/xds/testdata/endpoints/connect-proxy-with-tcp-chain-double-failover-through-remote-gateway-triggered.latest.golden similarity index 100% rename from agent/xds/testdata/endpoints/connect-proxy-with-tcp-chain-double-failover-through-remote-gateway-triggered.envoy-1-20-x.golden rename to agent/xds/testdata/endpoints/connect-proxy-with-tcp-chain-double-failover-through-remote-gateway-triggered.latest.golden diff --git a/agent/xds/testdata/endpoints/connect-proxy-with-tcp-chain-double-failover-through-remote-gateway.envoy-1-20-x.golden b/agent/xds/testdata/endpoints/connect-proxy-with-tcp-chain-double-failover-through-remote-gateway.latest.golden similarity index 100% rename from agent/xds/testdata/endpoints/connect-proxy-with-tcp-chain-double-failover-through-remote-gateway.envoy-1-20-x.golden rename to agent/xds/testdata/endpoints/connect-proxy-with-tcp-chain-double-failover-through-remote-gateway.latest.golden diff --git a/agent/xds/testdata/endpoints/connect-proxy-with-tcp-chain-failover-through-local-gateway-triggered.envoy-1-20-x.golden b/agent/xds/testdata/endpoints/connect-proxy-with-tcp-chain-failover-through-local-gateway-triggered.latest.golden similarity index 100% rename from agent/xds/testdata/endpoints/connect-proxy-with-tcp-chain-failover-through-local-gateway-triggered.envoy-1-20-x.golden rename to agent/xds/testdata/endpoints/connect-proxy-with-tcp-chain-failover-through-local-gateway-triggered.latest.golden diff --git a/agent/xds/testdata/endpoints/connect-proxy-with-tcp-chain-failover-through-local-gateway.envoy-1-20-x.golden b/agent/xds/testdata/endpoints/connect-proxy-with-tcp-chain-failover-through-local-gateway.latest.golden similarity index 100% rename from agent/xds/testdata/endpoints/connect-proxy-with-tcp-chain-failover-through-local-gateway.envoy-1-20-x.golden rename to agent/xds/testdata/endpoints/connect-proxy-with-tcp-chain-failover-through-local-gateway.latest.golden diff --git a/agent/xds/testdata/endpoints/connect-proxy-with-tcp-chain-failover-through-remote-gateway-triggered.envoy-1-20-x.golden b/agent/xds/testdata/endpoints/connect-proxy-with-tcp-chain-failover-through-remote-gateway-triggered.latest.golden similarity index 100% rename from agent/xds/testdata/endpoints/connect-proxy-with-tcp-chain-failover-through-remote-gateway-triggered.envoy-1-20-x.golden rename to agent/xds/testdata/endpoints/connect-proxy-with-tcp-chain-failover-through-remote-gateway-triggered.latest.golden diff --git a/agent/xds/testdata/endpoints/connect-proxy-with-tcp-chain-failover-through-remote-gateway.envoy-1-20-x.golden b/agent/xds/testdata/endpoints/connect-proxy-with-tcp-chain-failover-through-remote-gateway.latest.golden similarity index 100% rename from agent/xds/testdata/endpoints/connect-proxy-with-tcp-chain-failover-through-remote-gateway.envoy-1-20-x.golden rename to agent/xds/testdata/endpoints/connect-proxy-with-tcp-chain-failover-through-remote-gateway.latest.golden diff --git a/agent/xds/testdata/endpoints/defaults.envoy-1-20-x.golden b/agent/xds/testdata/endpoints/defaults.latest.golden similarity index 100% rename from agent/xds/testdata/endpoints/defaults.envoy-1-20-x.golden rename to agent/xds/testdata/endpoints/defaults.latest.golden diff --git a/agent/xds/testdata/endpoints/ingress-gateway-no-services.envoy-1-20-x.golden b/agent/xds/testdata/endpoints/ingress-gateway-no-services.latest.golden similarity index 100% rename from agent/xds/testdata/endpoints/ingress-gateway-no-services.envoy-1-20-x.golden rename to agent/xds/testdata/endpoints/ingress-gateway-no-services.latest.golden diff --git a/agent/xds/testdata/endpoints/ingress-gateway.envoy-1-20-x.golden b/agent/xds/testdata/endpoints/ingress-gateway.latest.golden similarity index 100% rename from agent/xds/testdata/endpoints/ingress-gateway.envoy-1-20-x.golden rename to agent/xds/testdata/endpoints/ingress-gateway.latest.golden diff --git a/agent/xds/testdata/endpoints/ingress-multiple-listeners-duplicate-service.envoy-1-20-x.golden b/agent/xds/testdata/endpoints/ingress-multiple-listeners-duplicate-service.latest.golden similarity index 100% rename from agent/xds/testdata/endpoints/ingress-multiple-listeners-duplicate-service.envoy-1-20-x.golden rename to agent/xds/testdata/endpoints/ingress-multiple-listeners-duplicate-service.latest.golden diff --git a/agent/xds/testdata/endpoints/ingress-splitter-with-resolver-redirect.envoy-1-20-x.golden b/agent/xds/testdata/endpoints/ingress-splitter-with-resolver-redirect.latest.golden similarity index 100% rename from agent/xds/testdata/endpoints/ingress-splitter-with-resolver-redirect.envoy-1-20-x.golden rename to agent/xds/testdata/endpoints/ingress-splitter-with-resolver-redirect.latest.golden diff --git a/agent/xds/testdata/endpoints/ingress-with-chain-and-failover.envoy-1-20-x.golden b/agent/xds/testdata/endpoints/ingress-with-chain-and-failover.latest.golden similarity index 100% rename from agent/xds/testdata/endpoints/ingress-with-chain-and-failover.envoy-1-20-x.golden rename to agent/xds/testdata/endpoints/ingress-with-chain-and-failover.latest.golden diff --git a/agent/xds/testdata/endpoints/ingress-with-chain-external-sni.envoy-1-20-x.golden b/agent/xds/testdata/endpoints/ingress-with-chain-external-sni.latest.golden similarity index 100% rename from agent/xds/testdata/endpoints/ingress-with-chain-external-sni.envoy-1-20-x.golden rename to agent/xds/testdata/endpoints/ingress-with-chain-external-sni.latest.golden diff --git a/agent/xds/testdata/endpoints/ingress-with-chain.envoy-1-20-x.golden b/agent/xds/testdata/endpoints/ingress-with-chain.latest.golden similarity index 100% rename from agent/xds/testdata/endpoints/ingress-with-chain.envoy-1-20-x.golden rename to agent/xds/testdata/endpoints/ingress-with-chain.latest.golden diff --git a/agent/xds/testdata/endpoints/ingress-with-tcp-chain-double-failover-through-local-gateway-triggered.envoy-1-20-x.golden b/agent/xds/testdata/endpoints/ingress-with-tcp-chain-double-failover-through-local-gateway-triggered.latest.golden similarity index 100% rename from agent/xds/testdata/endpoints/ingress-with-tcp-chain-double-failover-through-local-gateway-triggered.envoy-1-20-x.golden rename to agent/xds/testdata/endpoints/ingress-with-tcp-chain-double-failover-through-local-gateway-triggered.latest.golden diff --git a/agent/xds/testdata/endpoints/ingress-with-tcp-chain-double-failover-through-local-gateway.envoy-1-20-x.golden b/agent/xds/testdata/endpoints/ingress-with-tcp-chain-double-failover-through-local-gateway.latest.golden similarity index 100% rename from agent/xds/testdata/endpoints/ingress-with-tcp-chain-double-failover-through-local-gateway.envoy-1-20-x.golden rename to agent/xds/testdata/endpoints/ingress-with-tcp-chain-double-failover-through-local-gateway.latest.golden diff --git a/agent/xds/testdata/endpoints/ingress-with-tcp-chain-double-failover-through-remote-gateway-triggered.envoy-1-20-x.golden b/agent/xds/testdata/endpoints/ingress-with-tcp-chain-double-failover-through-remote-gateway-triggered.latest.golden similarity index 100% rename from agent/xds/testdata/endpoints/ingress-with-tcp-chain-double-failover-through-remote-gateway-triggered.envoy-1-20-x.golden rename to agent/xds/testdata/endpoints/ingress-with-tcp-chain-double-failover-through-remote-gateway-triggered.latest.golden diff --git a/agent/xds/testdata/endpoints/ingress-with-tcp-chain-double-failover-through-remote-gateway.envoy-1-20-x.golden b/agent/xds/testdata/endpoints/ingress-with-tcp-chain-double-failover-through-remote-gateway.latest.golden similarity index 100% rename from agent/xds/testdata/endpoints/ingress-with-tcp-chain-double-failover-through-remote-gateway.envoy-1-20-x.golden rename to agent/xds/testdata/endpoints/ingress-with-tcp-chain-double-failover-through-remote-gateway.latest.golden diff --git a/agent/xds/testdata/endpoints/ingress-with-tcp-chain-failover-through-local-gateway-triggered.envoy-1-20-x.golden b/agent/xds/testdata/endpoints/ingress-with-tcp-chain-failover-through-local-gateway-triggered.latest.golden similarity index 100% rename from agent/xds/testdata/endpoints/ingress-with-tcp-chain-failover-through-local-gateway-triggered.envoy-1-20-x.golden rename to agent/xds/testdata/endpoints/ingress-with-tcp-chain-failover-through-local-gateway-triggered.latest.golden diff --git a/agent/xds/testdata/endpoints/ingress-with-tcp-chain-failover-through-local-gateway.envoy-1-20-x.golden b/agent/xds/testdata/endpoints/ingress-with-tcp-chain-failover-through-local-gateway.latest.golden similarity index 100% rename from agent/xds/testdata/endpoints/ingress-with-tcp-chain-failover-through-local-gateway.envoy-1-20-x.golden rename to agent/xds/testdata/endpoints/ingress-with-tcp-chain-failover-through-local-gateway.latest.golden diff --git a/agent/xds/testdata/endpoints/ingress-with-tcp-chain-failover-through-remote-gateway-triggered.envoy-1-20-x.golden b/agent/xds/testdata/endpoints/ingress-with-tcp-chain-failover-through-remote-gateway-triggered.latest.golden similarity index 100% rename from agent/xds/testdata/endpoints/ingress-with-tcp-chain-failover-through-remote-gateway-triggered.envoy-1-20-x.golden rename to agent/xds/testdata/endpoints/ingress-with-tcp-chain-failover-through-remote-gateway-triggered.latest.golden diff --git a/agent/xds/testdata/endpoints/ingress-with-tcp-chain-failover-through-remote-gateway.envoy-1-20-x.golden b/agent/xds/testdata/endpoints/ingress-with-tcp-chain-failover-through-remote-gateway.latest.golden similarity index 100% rename from agent/xds/testdata/endpoints/ingress-with-tcp-chain-failover-through-remote-gateway.envoy-1-20-x.golden rename to agent/xds/testdata/endpoints/ingress-with-tcp-chain-failover-through-remote-gateway.latest.golden diff --git a/agent/xds/testdata/endpoints/mesh-gateway-default-service-subset.envoy-1-20-x.golden b/agent/xds/testdata/endpoints/mesh-gateway-default-service-subset.latest.golden similarity index 100% rename from agent/xds/testdata/endpoints/mesh-gateway-default-service-subset.envoy-1-20-x.golden rename to agent/xds/testdata/endpoints/mesh-gateway-default-service-subset.latest.golden diff --git a/agent/xds/testdata/endpoints/mesh-gateway-newer-information-in-federation-states.envoy-1-20-x.golden b/agent/xds/testdata/endpoints/mesh-gateway-newer-information-in-federation-states.latest.golden similarity index 100% rename from agent/xds/testdata/endpoints/mesh-gateway-newer-information-in-federation-states.envoy-1-20-x.golden rename to agent/xds/testdata/endpoints/mesh-gateway-newer-information-in-federation-states.latest.golden diff --git a/agent/xds/testdata/endpoints/mesh-gateway-no-services.envoy-1-20-x.golden b/agent/xds/testdata/endpoints/mesh-gateway-no-services.latest.golden similarity index 100% rename from agent/xds/testdata/endpoints/mesh-gateway-no-services.envoy-1-20-x.golden rename to agent/xds/testdata/endpoints/mesh-gateway-no-services.latest.golden diff --git a/agent/xds/testdata/endpoints/mesh-gateway-older-information-in-federation-states.envoy-1-20-x.golden b/agent/xds/testdata/endpoints/mesh-gateway-older-information-in-federation-states.latest.golden similarity index 100% rename from agent/xds/testdata/endpoints/mesh-gateway-older-information-in-federation-states.envoy-1-20-x.golden rename to agent/xds/testdata/endpoints/mesh-gateway-older-information-in-federation-states.latest.golden diff --git a/agent/xds/testdata/endpoints/mesh-gateway-service-subsets.envoy-1-20-x.golden b/agent/xds/testdata/endpoints/mesh-gateway-service-subsets.latest.golden similarity index 100% rename from agent/xds/testdata/endpoints/mesh-gateway-service-subsets.envoy-1-20-x.golden rename to agent/xds/testdata/endpoints/mesh-gateway-service-subsets.latest.golden diff --git a/agent/xds/testdata/endpoints/mesh-gateway-using-federation-states.envoy-1-20-x.golden b/agent/xds/testdata/endpoints/mesh-gateway-using-federation-states.latest.golden similarity index 100% rename from agent/xds/testdata/endpoints/mesh-gateway-using-federation-states.envoy-1-20-x.golden rename to agent/xds/testdata/endpoints/mesh-gateway-using-federation-states.latest.golden diff --git a/agent/xds/testdata/endpoints/mesh-gateway.envoy-1-20-x.golden b/agent/xds/testdata/endpoints/mesh-gateway.latest.golden similarity index 100% rename from agent/xds/testdata/endpoints/mesh-gateway.envoy-1-20-x.golden rename to agent/xds/testdata/endpoints/mesh-gateway.latest.golden diff --git a/agent/xds/testdata/endpoints/splitter-with-resolver-redirect.envoy-1-20-x.golden b/agent/xds/testdata/endpoints/splitter-with-resolver-redirect.latest.golden similarity index 100% rename from agent/xds/testdata/endpoints/splitter-with-resolver-redirect.envoy-1-20-x.golden rename to agent/xds/testdata/endpoints/splitter-with-resolver-redirect.latest.golden diff --git a/agent/xds/testdata/endpoints/terminating-gateway-default-service-subset.envoy-1-20-x.golden b/agent/xds/testdata/endpoints/terminating-gateway-default-service-subset.latest.golden similarity index 100% rename from agent/xds/testdata/endpoints/terminating-gateway-default-service-subset.envoy-1-20-x.golden rename to agent/xds/testdata/endpoints/terminating-gateway-default-service-subset.latest.golden diff --git a/agent/xds/testdata/endpoints/terminating-gateway-no-services.envoy-1-20-x.golden b/agent/xds/testdata/endpoints/terminating-gateway-no-services.latest.golden similarity index 100% rename from agent/xds/testdata/endpoints/terminating-gateway-no-services.envoy-1-20-x.golden rename to agent/xds/testdata/endpoints/terminating-gateway-no-services.latest.golden diff --git a/agent/xds/testdata/endpoints/terminating-gateway-service-subsets.envoy-1-20-x.golden b/agent/xds/testdata/endpoints/terminating-gateway-service-subsets.latest.golden similarity index 100% rename from agent/xds/testdata/endpoints/terminating-gateway-service-subsets.envoy-1-20-x.golden rename to agent/xds/testdata/endpoints/terminating-gateway-service-subsets.latest.golden diff --git a/agent/xds/testdata/endpoints/terminating-gateway.envoy-1-20-x.golden b/agent/xds/testdata/endpoints/terminating-gateway.latest.golden similarity index 100% rename from agent/xds/testdata/endpoints/terminating-gateway.envoy-1-20-x.golden rename to agent/xds/testdata/endpoints/terminating-gateway.latest.golden diff --git a/agent/xds/testdata/listeners/connect-proxy-upstream-defaults.envoy-1-20-x.golden b/agent/xds/testdata/listeners/connect-proxy-upstream-defaults.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/connect-proxy-upstream-defaults.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/connect-proxy-upstream-defaults.latest.golden diff --git a/agent/xds/testdata/listeners/connect-proxy-with-chain-and-overrides.envoy-1-20-x.golden b/agent/xds/testdata/listeners/connect-proxy-with-chain-and-overrides.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/connect-proxy-with-chain-and-overrides.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/connect-proxy-with-chain-and-overrides.latest.golden diff --git a/agent/xds/testdata/listeners/connect-proxy-with-chain-external-sni.envoy-1-20-x.golden b/agent/xds/testdata/listeners/connect-proxy-with-chain-external-sni.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/connect-proxy-with-chain-external-sni.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/connect-proxy-with-chain-external-sni.latest.golden diff --git a/agent/xds/testdata/listeners/connect-proxy-with-grpc-chain.envoy-1-20-x.golden b/agent/xds/testdata/listeners/connect-proxy-with-grpc-chain.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/connect-proxy-with-grpc-chain.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/connect-proxy-with-grpc-chain.latest.golden diff --git a/agent/xds/testdata/listeners/connect-proxy-with-http-chain.envoy-1-20-x.golden b/agent/xds/testdata/listeners/connect-proxy-with-http-chain.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/connect-proxy-with-http-chain.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/connect-proxy-with-http-chain.latest.golden diff --git a/agent/xds/testdata/listeners/connect-proxy-with-http2-chain.envoy-1-20-x.golden b/agent/xds/testdata/listeners/connect-proxy-with-http2-chain.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/connect-proxy-with-http2-chain.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/connect-proxy-with-http2-chain.latest.golden diff --git a/agent/xds/testdata/listeners/connect-proxy-with-tcp-chain-failover-through-local-gateway.envoy-1-20-x.golden b/agent/xds/testdata/listeners/connect-proxy-with-tcp-chain-failover-through-local-gateway.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/connect-proxy-with-tcp-chain-failover-through-local-gateway.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/connect-proxy-with-tcp-chain-failover-through-local-gateway.latest.golden diff --git a/agent/xds/testdata/listeners/connect-proxy-with-tcp-chain-failover-through-remote-gateway.envoy-1-20-x.golden b/agent/xds/testdata/listeners/connect-proxy-with-tcp-chain-failover-through-remote-gateway.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/connect-proxy-with-tcp-chain-failover-through-remote-gateway.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/connect-proxy-with-tcp-chain-failover-through-remote-gateway.latest.golden diff --git a/agent/xds/testdata/listeners/connect-proxy-with-tcp-chain.envoy-1-20-x.golden b/agent/xds/testdata/listeners/connect-proxy-with-tcp-chain.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/connect-proxy-with-tcp-chain.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/connect-proxy-with-tcp-chain.latest.golden diff --git a/agent/xds/testdata/listeners/connect-proxy-with-tls-incoming-cipher-suites.envoy-1-20-x.golden b/agent/xds/testdata/listeners/connect-proxy-with-tls-incoming-cipher-suites.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/connect-proxy-with-tls-incoming-cipher-suites.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/connect-proxy-with-tls-incoming-cipher-suites.latest.golden diff --git a/agent/xds/testdata/listeners/connect-proxy-with-tls-incoming-max-version.envoy-1-20-x.golden b/agent/xds/testdata/listeners/connect-proxy-with-tls-incoming-max-version.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/connect-proxy-with-tls-incoming-max-version.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/connect-proxy-with-tls-incoming-max-version.latest.golden diff --git a/agent/xds/testdata/listeners/connect-proxy-with-tls-incoming-min-version.envoy-1-20-x.golden b/agent/xds/testdata/listeners/connect-proxy-with-tls-incoming-min-version.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/connect-proxy-with-tls-incoming-min-version.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/connect-proxy-with-tls-incoming-min-version.latest.golden diff --git a/agent/xds/testdata/listeners/connect-proxy-with-tls-outgoing-min-version-auto.envoy-1-20-x.golden b/agent/xds/testdata/listeners/connect-proxy-with-tls-outgoing-min-version-auto.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/connect-proxy-with-tls-outgoing-min-version-auto.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/connect-proxy-with-tls-outgoing-min-version-auto.latest.golden diff --git a/agent/xds/testdata/listeners/custom-public-listener-http-2.envoy-1-20-x.golden b/agent/xds/testdata/listeners/custom-public-listener-http-2.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/custom-public-listener-http-2.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/custom-public-listener-http-2.latest.golden diff --git a/agent/xds/testdata/listeners/custom-public-listener-http-missing.envoy-1-20-x.golden b/agent/xds/testdata/listeners/custom-public-listener-http-missing.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/custom-public-listener-http-missing.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/custom-public-listener-http-missing.latest.golden diff --git a/agent/xds/testdata/listeners/custom-public-listener-http.envoy-1-20-x.golden b/agent/xds/testdata/listeners/custom-public-listener-http.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/custom-public-listener-http.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/custom-public-listener-http.latest.golden diff --git a/agent/xds/testdata/listeners/custom-public-listener.envoy-1-20-x.golden b/agent/xds/testdata/listeners/custom-public-listener.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/custom-public-listener.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/custom-public-listener.latest.golden diff --git a/agent/xds/testdata/listeners/custom-upstream-ignored-with-disco-chain.envoy-1-20-x.golden b/agent/xds/testdata/listeners/custom-upstream-ignored-with-disco-chain.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/custom-upstream-ignored-with-disco-chain.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/custom-upstream-ignored-with-disco-chain.latest.golden diff --git a/agent/xds/testdata/listeners/custom-upstream.envoy-1-20-x.golden b/agent/xds/testdata/listeners/custom-upstream.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/custom-upstream.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/custom-upstream.latest.golden diff --git a/agent/xds/testdata/listeners/defaults.envoy-1-20-x.golden b/agent/xds/testdata/listeners/defaults.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/defaults.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/defaults.latest.golden diff --git a/agent/xds/testdata/listeners/expose-checks.envoy-1-20-x.golden b/agent/xds/testdata/listeners/expose-checks.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/expose-checks.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/expose-checks.latest.golden diff --git a/agent/xds/testdata/listeners/expose-paths-local-app-paths.envoy-1-20-x.golden b/agent/xds/testdata/listeners/expose-paths-local-app-paths.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/expose-paths-local-app-paths.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/expose-paths-local-app-paths.latest.golden diff --git a/agent/xds/testdata/listeners/expose-paths-new-cluster-http2.envoy-1-20-x.golden b/agent/xds/testdata/listeners/expose-paths-new-cluster-http2.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/expose-paths-new-cluster-http2.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/expose-paths-new-cluster-http2.latest.golden diff --git a/agent/xds/testdata/listeners/http-listener-with-timeouts.envoy-1-20-x.golden b/agent/xds/testdata/listeners/http-listener-with-timeouts.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/http-listener-with-timeouts.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/http-listener-with-timeouts.latest.golden diff --git a/agent/xds/testdata/listeners/http-public-listener.envoy-1-20-x.golden b/agent/xds/testdata/listeners/http-public-listener.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/http-public-listener.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/http-public-listener.latest.golden diff --git a/agent/xds/testdata/listeners/http-upstream.envoy-1-20-x.golden b/agent/xds/testdata/listeners/http-upstream.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/http-upstream.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/http-upstream.latest.golden diff --git a/agent/xds/testdata/listeners/ingress-gateway-bind-addrs.envoy-1-20-x.golden b/agent/xds/testdata/listeners/ingress-gateway-bind-addrs.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/ingress-gateway-bind-addrs.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/ingress-gateway-bind-addrs.latest.golden diff --git a/agent/xds/testdata/listeners/ingress-gateway-no-services.envoy-1-20-x.golden b/agent/xds/testdata/listeners/ingress-gateway-no-services.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/ingress-gateway-no-services.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/ingress-gateway-no-services.latest.golden diff --git a/agent/xds/testdata/listeners/ingress-gateway.envoy-1-20-x.golden b/agent/xds/testdata/listeners/ingress-gateway.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/ingress-gateway.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/ingress-gateway.latest.golden diff --git a/agent/xds/testdata/listeners/ingress-http-multiple-services.envoy-1-20-x.golden b/agent/xds/testdata/listeners/ingress-http-multiple-services.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/ingress-http-multiple-services.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/ingress-http-multiple-services.latest.golden diff --git a/agent/xds/testdata/listeners/ingress-splitter-with-resolver-redirect.envoy-1-20-x.golden b/agent/xds/testdata/listeners/ingress-splitter-with-resolver-redirect.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/ingress-splitter-with-resolver-redirect.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/ingress-splitter-with-resolver-redirect.latest.golden diff --git a/agent/xds/testdata/listeners/ingress-with-chain-external-sni.envoy-1-20-x.golden b/agent/xds/testdata/listeners/ingress-with-chain-external-sni.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/ingress-with-chain-external-sni.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/ingress-with-chain-external-sni.latest.golden diff --git a/agent/xds/testdata/listeners/ingress-with-sds-listener+service-level.envoy-1-20-x.golden b/agent/xds/testdata/listeners/ingress-with-sds-listener+service-level.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/ingress-with-sds-listener+service-level.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/ingress-with-sds-listener+service-level.latest.golden diff --git a/agent/xds/testdata/listeners/ingress-with-sds-listener-gw-level-http.envoy-1-20-x.golden b/agent/xds/testdata/listeners/ingress-with-sds-listener-gw-level-http.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/ingress-with-sds-listener-gw-level-http.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/ingress-with-sds-listener-gw-level-http.latest.golden diff --git a/agent/xds/testdata/listeners/ingress-with-sds-listener-gw-level-mixed-tls.envoy-1-20-x.golden b/agent/xds/testdata/listeners/ingress-with-sds-listener-gw-level-mixed-tls.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/ingress-with-sds-listener-gw-level-mixed-tls.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/ingress-with-sds-listener-gw-level-mixed-tls.latest.golden diff --git a/agent/xds/testdata/listeners/ingress-with-sds-listener-gw-level.envoy-1-20-x.golden b/agent/xds/testdata/listeners/ingress-with-sds-listener-gw-level.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/ingress-with-sds-listener-gw-level.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/ingress-with-sds-listener-gw-level.latest.golden diff --git a/agent/xds/testdata/listeners/ingress-with-sds-listener-listener-level.envoy-1-20-x.golden b/agent/xds/testdata/listeners/ingress-with-sds-listener-listener-level.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/ingress-with-sds-listener-listener-level.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/ingress-with-sds-listener-listener-level.latest.golden diff --git a/agent/xds/testdata/listeners/ingress-with-sds-service-level-mixed-no-tls.envoy-1-20-x.golden b/agent/xds/testdata/listeners/ingress-with-sds-service-level-mixed-no-tls.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/ingress-with-sds-service-level-mixed-no-tls.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/ingress-with-sds-service-level-mixed-no-tls.latest.golden diff --git a/agent/xds/testdata/listeners/ingress-with-sds-service-level.envoy-1-20-x.golden b/agent/xds/testdata/listeners/ingress-with-sds-service-level.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/ingress-with-sds-service-level.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/ingress-with-sds-service-level.latest.golden diff --git a/agent/xds/testdata/listeners/ingress-with-single-tls-listener.envoy-1-20-x.golden b/agent/xds/testdata/listeners/ingress-with-single-tls-listener.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/ingress-with-single-tls-listener.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/ingress-with-single-tls-listener.latest.golden diff --git a/agent/xds/testdata/listeners/ingress-with-tcp-chain-failover-through-local-gateway.envoy-1-20-x.golden b/agent/xds/testdata/listeners/ingress-with-tcp-chain-failover-through-local-gateway.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/ingress-with-tcp-chain-failover-through-local-gateway.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/ingress-with-tcp-chain-failover-through-local-gateway.latest.golden diff --git a/agent/xds/testdata/listeners/ingress-with-tcp-chain-failover-through-remote-gateway.envoy-1-20-x.golden b/agent/xds/testdata/listeners/ingress-with-tcp-chain-failover-through-remote-gateway.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/ingress-with-tcp-chain-failover-through-remote-gateway.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/ingress-with-tcp-chain-failover-through-remote-gateway.latest.golden diff --git a/agent/xds/testdata/listeners/ingress-with-tls-listener-cipher-suites.envoy-1-20-x.golden b/agent/xds/testdata/listeners/ingress-with-tls-listener-cipher-suites.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/ingress-with-tls-listener-cipher-suites.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/ingress-with-tls-listener-cipher-suites.latest.golden diff --git a/agent/xds/testdata/listeners/ingress-with-tls-listener-max-version.envoy-1-20-x.golden b/agent/xds/testdata/listeners/ingress-with-tls-listener-max-version.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/ingress-with-tls-listener-max-version.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/ingress-with-tls-listener-max-version.latest.golden diff --git a/agent/xds/testdata/listeners/ingress-with-tls-listener-min-version.envoy-1-20-x.golden b/agent/xds/testdata/listeners/ingress-with-tls-listener-min-version.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/ingress-with-tls-listener-min-version.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/ingress-with-tls-listener-min-version.latest.golden diff --git a/agent/xds/testdata/listeners/ingress-with-tls-listener.envoy-1-20-x.golden b/agent/xds/testdata/listeners/ingress-with-tls-listener.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/ingress-with-tls-listener.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/ingress-with-tls-listener.latest.golden diff --git a/agent/xds/testdata/listeners/ingress-with-tls-min-version-listeners-gateway-defaults.envoy-1-20-x.golden b/agent/xds/testdata/listeners/ingress-with-tls-min-version-listeners-gateway-defaults.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/ingress-with-tls-min-version-listeners-gateway-defaults.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/ingress-with-tls-min-version-listeners-gateway-defaults.latest.golden diff --git a/agent/xds/testdata/listeners/ingress-with-tls-mixed-listeners.envoy-1-20-x.golden b/agent/xds/testdata/listeners/ingress-with-tls-mixed-listeners.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/ingress-with-tls-mixed-listeners.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/ingress-with-tls-mixed-listeners.latest.golden diff --git a/agent/xds/testdata/listeners/ingress-with-tls-mixed-min-version-listeners.envoy-1-20-x.golden b/agent/xds/testdata/listeners/ingress-with-tls-mixed-min-version-listeners.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/ingress-with-tls-mixed-min-version-listeners.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/ingress-with-tls-mixed-min-version-listeners.latest.golden diff --git a/agent/xds/testdata/listeners/listener-bind-address-port.envoy-1-20-x.golden b/agent/xds/testdata/listeners/listener-bind-address-port.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/listener-bind-address-port.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/listener-bind-address-port.latest.golden diff --git a/agent/xds/testdata/listeners/listener-bind-address.envoy-1-20-x.golden b/agent/xds/testdata/listeners/listener-bind-address.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/listener-bind-address.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/listener-bind-address.latest.golden diff --git a/agent/xds/testdata/listeners/listener-bind-port.envoy-1-20-x.golden b/agent/xds/testdata/listeners/listener-bind-port.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/listener-bind-port.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/listener-bind-port.latest.golden diff --git a/agent/xds/testdata/listeners/listener-unix-domain-socket.envoy-1-20-x.golden b/agent/xds/testdata/listeners/listener-unix-domain-socket.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/listener-unix-domain-socket.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/listener-unix-domain-socket.latest.golden diff --git a/agent/xds/testdata/listeners/mesh-gateway-custom-addresses.envoy-1-20-x.golden b/agent/xds/testdata/listeners/mesh-gateway-custom-addresses.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/mesh-gateway-custom-addresses.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/mesh-gateway-custom-addresses.latest.golden diff --git a/agent/xds/testdata/listeners/mesh-gateway-no-services.envoy-1-20-x.golden b/agent/xds/testdata/listeners/mesh-gateway-no-services.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/mesh-gateway-no-services.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/mesh-gateway-no-services.latest.golden diff --git a/agent/xds/testdata/listeners/mesh-gateway-tagged-addresses.envoy-1-20-x.golden b/agent/xds/testdata/listeners/mesh-gateway-tagged-addresses.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/mesh-gateway-tagged-addresses.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/mesh-gateway-tagged-addresses.latest.golden diff --git a/agent/xds/testdata/listeners/mesh-gateway-using-federation-states.envoy-1-20-x.golden b/agent/xds/testdata/listeners/mesh-gateway-using-federation-states.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/mesh-gateway-using-federation-states.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/mesh-gateway-using-federation-states.latest.golden diff --git a/agent/xds/testdata/listeners/mesh-gateway.envoy-1-20-x.golden b/agent/xds/testdata/listeners/mesh-gateway.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/mesh-gateway.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/mesh-gateway.latest.golden diff --git a/agent/xds/testdata/listeners/splitter-with-resolver-redirect.envoy-1-20-x.golden b/agent/xds/testdata/listeners/splitter-with-resolver-redirect.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/splitter-with-resolver-redirect.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/splitter-with-resolver-redirect.latest.golden diff --git a/agent/xds/testdata/listeners/terminating-gateway-custom-and-tagged-addresses.envoy-1-20-x.golden b/agent/xds/testdata/listeners/terminating-gateway-custom-and-tagged-addresses.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/terminating-gateway-custom-and-tagged-addresses.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/terminating-gateway-custom-and-tagged-addresses.latest.golden diff --git a/agent/xds/testdata/listeners/terminating-gateway-no-api-cert.envoy-1-20-x.golden b/agent/xds/testdata/listeners/terminating-gateway-no-api-cert.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/terminating-gateway-no-api-cert.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/terminating-gateway-no-api-cert.latest.golden diff --git a/agent/xds/testdata/listeners/terminating-gateway-no-services.envoy-1-20-x.golden b/agent/xds/testdata/listeners/terminating-gateway-no-services.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/terminating-gateway-no-services.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/terminating-gateway-no-services.latest.golden diff --git a/agent/xds/testdata/listeners/terminating-gateway-service-subsets.envoy-1-20-x.golden b/agent/xds/testdata/listeners/terminating-gateway-service-subsets.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/terminating-gateway-service-subsets.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/terminating-gateway-service-subsets.latest.golden diff --git a/agent/xds/testdata/listeners/terminating-gateway-with-tls-incoming-cipher-suites.envoy-1-20-x.golden b/agent/xds/testdata/listeners/terminating-gateway-with-tls-incoming-cipher-suites.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/terminating-gateway-with-tls-incoming-cipher-suites.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/terminating-gateway-with-tls-incoming-cipher-suites.latest.golden diff --git a/agent/xds/testdata/listeners/terminating-gateway-with-tls-incoming-max-version.envoy-1-20-x.golden b/agent/xds/testdata/listeners/terminating-gateway-with-tls-incoming-max-version.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/terminating-gateway-with-tls-incoming-max-version.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/terminating-gateway-with-tls-incoming-max-version.latest.golden diff --git a/agent/xds/testdata/listeners/terminating-gateway-with-tls-incoming-min-version.envoy-1-20-x.golden b/agent/xds/testdata/listeners/terminating-gateway-with-tls-incoming-min-version.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/terminating-gateway-with-tls-incoming-min-version.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/terminating-gateway-with-tls-incoming-min-version.latest.golden diff --git a/agent/xds/testdata/listeners/terminating-gateway.envoy-1-20-x.golden b/agent/xds/testdata/listeners/terminating-gateway.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/terminating-gateway.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/terminating-gateway.latest.golden diff --git a/agent/xds/testdata/listeners/transparent-proxy-catalog-destinations-only.envoy-1-20-x.golden b/agent/xds/testdata/listeners/transparent-proxy-catalog-destinations-only.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/transparent-proxy-catalog-destinations-only.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/transparent-proxy-catalog-destinations-only.latest.golden diff --git a/agent/xds/testdata/listeners/transparent-proxy-dial-instances-directly.envoy-1-20-x.golden b/agent/xds/testdata/listeners/transparent-proxy-dial-instances-directly.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/transparent-proxy-dial-instances-directly.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/transparent-proxy-dial-instances-directly.latest.golden diff --git a/agent/xds/testdata/listeners/transparent-proxy-http-upstream.envoy-1-20-x.golden b/agent/xds/testdata/listeners/transparent-proxy-http-upstream.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/transparent-proxy-http-upstream.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/transparent-proxy-http-upstream.latest.golden diff --git a/agent/xds/testdata/listeners/transparent-proxy-terminating-gateway.envoy-1-20-x.golden b/agent/xds/testdata/listeners/transparent-proxy-terminating-gateway.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/transparent-proxy-terminating-gateway.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/transparent-proxy-terminating-gateway.latest.golden diff --git a/agent/xds/testdata/listeners/transparent-proxy.envoy-1-20-x.golden b/agent/xds/testdata/listeners/transparent-proxy.latest.golden similarity index 100% rename from agent/xds/testdata/listeners/transparent-proxy.envoy-1-20-x.golden rename to agent/xds/testdata/listeners/transparent-proxy.latest.golden diff --git a/agent/xds/testdata/routes/connect-proxy-lb-in-resolver.envoy-1-20-x.golden b/agent/xds/testdata/routes/connect-proxy-lb-in-resolver.latest.golden similarity index 100% rename from agent/xds/testdata/routes/connect-proxy-lb-in-resolver.envoy-1-20-x.golden rename to agent/xds/testdata/routes/connect-proxy-lb-in-resolver.latest.golden diff --git a/agent/xds/testdata/routes/connect-proxy-with-chain-and-overrides.envoy-1-20-x.golden b/agent/xds/testdata/routes/connect-proxy-with-chain-and-overrides.latest.golden similarity index 100% rename from agent/xds/testdata/routes/connect-proxy-with-chain-and-overrides.envoy-1-20-x.golden rename to agent/xds/testdata/routes/connect-proxy-with-chain-and-overrides.latest.golden diff --git a/agent/xds/testdata/routes/connect-proxy-with-chain-and-router.envoy-1-20-x.golden b/agent/xds/testdata/routes/connect-proxy-with-chain-and-router.latest.golden similarity index 100% rename from agent/xds/testdata/routes/connect-proxy-with-chain-and-router.envoy-1-20-x.golden rename to agent/xds/testdata/routes/connect-proxy-with-chain-and-router.latest.golden diff --git a/agent/xds/testdata/routes/connect-proxy-with-chain-and-splitter.envoy-1-20-x.golden b/agent/xds/testdata/routes/connect-proxy-with-chain-and-splitter.latest.golden similarity index 100% rename from agent/xds/testdata/routes/connect-proxy-with-chain-and-splitter.envoy-1-20-x.golden rename to agent/xds/testdata/routes/connect-proxy-with-chain-and-splitter.latest.golden diff --git a/agent/xds/testdata/routes/connect-proxy-with-chain-external-sni.envoy-1-20-x.golden b/agent/xds/testdata/routes/connect-proxy-with-chain-external-sni.latest.golden similarity index 100% rename from agent/xds/testdata/routes/connect-proxy-with-chain-external-sni.envoy-1-20-x.golden rename to agent/xds/testdata/routes/connect-proxy-with-chain-external-sni.latest.golden diff --git a/agent/xds/testdata/routes/connect-proxy-with-chain.envoy-1-20-x.golden b/agent/xds/testdata/routes/connect-proxy-with-chain.latest.golden similarity index 100% rename from agent/xds/testdata/routes/connect-proxy-with-chain.envoy-1-20-x.golden rename to agent/xds/testdata/routes/connect-proxy-with-chain.latest.golden diff --git a/agent/xds/testdata/routes/connect-proxy-with-grpc-router.envoy-1-20-x.golden b/agent/xds/testdata/routes/connect-proxy-with-grpc-router.latest.golden similarity index 100% rename from agent/xds/testdata/routes/connect-proxy-with-grpc-router.envoy-1-20-x.golden rename to agent/xds/testdata/routes/connect-proxy-with-grpc-router.latest.golden diff --git a/agent/xds/testdata/routes/defaults.envoy-1-20-x.golden b/agent/xds/testdata/routes/defaults.latest.golden similarity index 100% rename from agent/xds/testdata/routes/defaults.envoy-1-20-x.golden rename to agent/xds/testdata/routes/defaults.latest.golden diff --git a/agent/xds/testdata/routes/ingress-defaults-no-chain.envoy-1-20-x.golden b/agent/xds/testdata/routes/ingress-defaults-no-chain.latest.golden similarity index 100% rename from agent/xds/testdata/routes/ingress-defaults-no-chain.envoy-1-20-x.golden rename to agent/xds/testdata/routes/ingress-defaults-no-chain.latest.golden diff --git a/agent/xds/testdata/routes/ingress-http-multiple-services.envoy-1-20-x.golden b/agent/xds/testdata/routes/ingress-http-multiple-services.latest.golden similarity index 100% rename from agent/xds/testdata/routes/ingress-http-multiple-services.envoy-1-20-x.golden rename to agent/xds/testdata/routes/ingress-http-multiple-services.latest.golden diff --git a/agent/xds/testdata/routes/ingress-lb-in-resolver.envoy-1-20-x.golden b/agent/xds/testdata/routes/ingress-lb-in-resolver.latest.golden similarity index 100% rename from agent/xds/testdata/routes/ingress-lb-in-resolver.envoy-1-20-x.golden rename to agent/xds/testdata/routes/ingress-lb-in-resolver.latest.golden diff --git a/agent/xds/testdata/routes/ingress-splitter-with-resolver-redirect.envoy-1-20-x.golden b/agent/xds/testdata/routes/ingress-splitter-with-resolver-redirect.latest.golden similarity index 100% rename from agent/xds/testdata/routes/ingress-splitter-with-resolver-redirect.envoy-1-20-x.golden rename to agent/xds/testdata/routes/ingress-splitter-with-resolver-redirect.latest.golden diff --git a/agent/xds/testdata/routes/ingress-with-chain-and-router-header-manip.envoy-1-20-x.golden b/agent/xds/testdata/routes/ingress-with-chain-and-router-header-manip.latest.golden similarity index 100% rename from agent/xds/testdata/routes/ingress-with-chain-and-router-header-manip.envoy-1-20-x.golden rename to agent/xds/testdata/routes/ingress-with-chain-and-router-header-manip.latest.golden diff --git a/agent/xds/testdata/routes/ingress-with-chain-and-router.envoy-1-20-x.golden b/agent/xds/testdata/routes/ingress-with-chain-and-router.latest.golden similarity index 100% rename from agent/xds/testdata/routes/ingress-with-chain-and-router.envoy-1-20-x.golden rename to agent/xds/testdata/routes/ingress-with-chain-and-router.latest.golden diff --git a/agent/xds/testdata/routes/ingress-with-chain-and-splitter.envoy-1-20-x.golden b/agent/xds/testdata/routes/ingress-with-chain-and-splitter.latest.golden similarity index 100% rename from agent/xds/testdata/routes/ingress-with-chain-and-splitter.envoy-1-20-x.golden rename to agent/xds/testdata/routes/ingress-with-chain-and-splitter.latest.golden diff --git a/agent/xds/testdata/routes/ingress-with-chain-external-sni.envoy-1-20-x.golden b/agent/xds/testdata/routes/ingress-with-chain-external-sni.latest.golden similarity index 100% rename from agent/xds/testdata/routes/ingress-with-chain-external-sni.envoy-1-20-x.golden rename to agent/xds/testdata/routes/ingress-with-chain-external-sni.latest.golden diff --git a/agent/xds/testdata/routes/ingress-with-chain.envoy-1-20-x.golden b/agent/xds/testdata/routes/ingress-with-chain.latest.golden similarity index 100% rename from agent/xds/testdata/routes/ingress-with-chain.envoy-1-20-x.golden rename to agent/xds/testdata/routes/ingress-with-chain.latest.golden diff --git a/agent/xds/testdata/routes/ingress-with-grpc-router.envoy-1-20-x.golden b/agent/xds/testdata/routes/ingress-with-grpc-router.latest.golden similarity index 100% rename from agent/xds/testdata/routes/ingress-with-grpc-router.envoy-1-20-x.golden rename to agent/xds/testdata/routes/ingress-with-grpc-router.latest.golden diff --git a/agent/xds/testdata/routes/ingress-with-sds-listener-level-wildcard.envoy-1-20-x.golden b/agent/xds/testdata/routes/ingress-with-sds-listener-level-wildcard.latest.golden similarity index 100% rename from agent/xds/testdata/routes/ingress-with-sds-listener-level-wildcard.envoy-1-20-x.golden rename to agent/xds/testdata/routes/ingress-with-sds-listener-level-wildcard.latest.golden diff --git a/agent/xds/testdata/routes/ingress-with-sds-listener-level.envoy-1-20-x.golden b/agent/xds/testdata/routes/ingress-with-sds-listener-level.latest.golden similarity index 100% rename from agent/xds/testdata/routes/ingress-with-sds-listener-level.envoy-1-20-x.golden rename to agent/xds/testdata/routes/ingress-with-sds-listener-level.latest.golden diff --git a/agent/xds/testdata/routes/ingress-with-sds-service-level-mixed-tls.envoy-1-20-x.golden b/agent/xds/testdata/routes/ingress-with-sds-service-level-mixed-tls.latest.golden similarity index 100% rename from agent/xds/testdata/routes/ingress-with-sds-service-level-mixed-tls.envoy-1-20-x.golden rename to agent/xds/testdata/routes/ingress-with-sds-service-level-mixed-tls.latest.golden diff --git a/agent/xds/testdata/routes/ingress-with-sds-service-level.envoy-1-20-x.golden b/agent/xds/testdata/routes/ingress-with-sds-service-level.latest.golden similarity index 100% rename from agent/xds/testdata/routes/ingress-with-sds-service-level.envoy-1-20-x.golden rename to agent/xds/testdata/routes/ingress-with-sds-service-level.latest.golden diff --git a/agent/xds/testdata/routes/splitter-with-resolver-redirect.envoy-1-20-x.golden b/agent/xds/testdata/routes/splitter-with-resolver-redirect.latest.golden similarity index 100% rename from agent/xds/testdata/routes/splitter-with-resolver-redirect.envoy-1-20-x.golden rename to agent/xds/testdata/routes/splitter-with-resolver-redirect.latest.golden diff --git a/agent/xds/testdata/routes/terminating-gateway-lb-config.envoy-1-20-x.golden b/agent/xds/testdata/routes/terminating-gateway-lb-config.latest.golden similarity index 100% rename from agent/xds/testdata/routes/terminating-gateway-lb-config.envoy-1-20-x.golden rename to agent/xds/testdata/routes/terminating-gateway-lb-config.latest.golden diff --git a/agent/xds/testdata/serverless_plugin/clusters/lambda-terminating-gateway-with-service-resolvers.envoy-1-20-x.golden b/agent/xds/testdata/serverless_plugin/clusters/lambda-terminating-gateway-with-service-resolvers.latest.golden similarity index 100% rename from agent/xds/testdata/serverless_plugin/clusters/lambda-terminating-gateway-with-service-resolvers.envoy-1-20-x.golden rename to agent/xds/testdata/serverless_plugin/clusters/lambda-terminating-gateway-with-service-resolvers.latest.golden diff --git a/agent/xds/testdata/serverless_plugin/clusters/lambda-terminating-gateway.envoy-1-20-x.golden b/agent/xds/testdata/serverless_plugin/clusters/lambda-terminating-gateway.latest.golden similarity index 100% rename from agent/xds/testdata/serverless_plugin/clusters/lambda-terminating-gateway.envoy-1-20-x.golden rename to agent/xds/testdata/serverless_plugin/clusters/lambda-terminating-gateway.latest.golden diff --git a/agent/xds/testdata/serverless_plugin/listeners/lambda-terminating-gateway-with-service-resolvers.envoy-1-20-x.golden b/agent/xds/testdata/serverless_plugin/listeners/lambda-terminating-gateway-with-service-resolvers.latest.golden similarity index 100% rename from agent/xds/testdata/serverless_plugin/listeners/lambda-terminating-gateway-with-service-resolvers.envoy-1-20-x.golden rename to agent/xds/testdata/serverless_plugin/listeners/lambda-terminating-gateway-with-service-resolvers.latest.golden diff --git a/agent/xds/testdata/serverless_plugin/listeners/lambda-terminating-gateway.envoy-1-20-x.golden b/agent/xds/testdata/serverless_plugin/listeners/lambda-terminating-gateway.latest.golden similarity index 100% rename from agent/xds/testdata/serverless_plugin/listeners/lambda-terminating-gateway.envoy-1-20-x.golden rename to agent/xds/testdata/serverless_plugin/listeners/lambda-terminating-gateway.latest.golden diff --git a/agent/xds/testdata/serverless_plugin/routes/lambda-terminating-gateway-with-service-resolvers.envoy-1-20-x.golden b/agent/xds/testdata/serverless_plugin/routes/lambda-terminating-gateway-with-service-resolvers.latest.golden similarity index 100% rename from agent/xds/testdata/serverless_plugin/routes/lambda-terminating-gateway-with-service-resolvers.envoy-1-20-x.golden rename to agent/xds/testdata/serverless_plugin/routes/lambda-terminating-gateway-with-service-resolvers.latest.golden diff --git a/agent/xds/testdata/serverless_plugin/routes/lambda-terminating-gateway.envoy-1-20-x.golden b/agent/xds/testdata/serverless_plugin/routes/lambda-terminating-gateway.latest.golden similarity index 100% rename from agent/xds/testdata/serverless_plugin/routes/lambda-terminating-gateway.envoy-1-20-x.golden rename to agent/xds/testdata/serverless_plugin/routes/lambda-terminating-gateway.latest.golden diff --git a/test/integration/connect/envoy/run-tests.sh b/test/integration/connect/envoy/run-tests.sh index bd33af513..67127c89f 100755 --- a/test/integration/connect/envoy/run-tests.sh +++ b/test/integration/connect/envoy/run-tests.sh @@ -10,7 +10,7 @@ readonly HASHICORP_DOCKER_PROXY="docker.mirror.hashicorp.services" DEBUG=${DEBUG:-} # ENVOY_VERSION to run each test against -ENVOY_VERSION=${ENVOY_VERSION:-"1.20.2"} +ENVOY_VERSION=${ENVOY_VERSION:-"1.21.1"} export ENVOY_VERSION export DOCKER_BUILDKIT=1 diff --git a/website/content/docs/connect/proxies/envoy.mdx b/website/content/docs/connect/proxies/envoy.mdx index 516618877..35d21fad2 100644 --- a/website/content/docs/connect/proxies/envoy.mdx +++ b/website/content/docs/connect/proxies/envoy.mdx @@ -30,12 +30,13 @@ Envoy must be run with the `--max-obj-name-len` option set to `256` or greater f ## Supported Versions -The following matrix describes Envoy compatibility for the currently supported **n-2 major Consul releases**. For previous Consul version compatability please view the respective versioned docs for this page. +The following matrix describes Envoy compatibility for the currently supported **n-2 major Consul releases**. For previous Consul version compatability please view the respective versioned docs for this page. Consul supports **four major Envoy releases** at the beginning of each major Consul release. Consul maintains compatibility with Envoy patch releases for each major version so that users can benefit from bug and security fixes in Envoy. As a policy, Consul will add support for a new major versions of Envoy in a Consul major release. Support for newer versions of Envoy will not be added to existing releases. | Consul Version | Compatible Envoy Versions | | ------------------- | -----------------------------------------------------------------------------------| +| 1.12.x | 1.21.1, 1.20.2, 1.19.3, 1.18.6 | | 1.11.x | 1.20.2, 1.19.3, 1.18.6, 1.17.41 | | 1.10.x | 1.18.6, 1.17.41, 1.16.51 , 1.15.51 | | 1.9.x | 1.16.51, 1.15.51, 1.14.71,2, 1.13.71,2 | From 1e118a5410c064310aa804ff78defa4c52ffa8ca Mon Sep 17 00:00:00 2001 From: John Murret Date: Thu, 14 Apr 2022 12:18:06 -0600 Subject: [PATCH 149/785] set vault namespaces on vault client prior to logging in with the vault auth method --- agent/connect/ca/provider_vault.go | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/agent/connect/ca/provider_vault.go b/agent/connect/ca/provider_vault.go index 787e5a247..dd548b218 100644 --- a/agent/connect/ca/provider_vault.go +++ b/agent/connect/ca/provider_vault.go @@ -103,6 +103,14 @@ func (v *VaultProvider) Configure(cfg ProviderConfig) error { return err } + // We don't want to set the namespace if it's empty to prevent potential + // unknown behavior (what does Vault do with an empty namespace). The Vault + // client also makes sure the inputs are not empty strings so let's do the + // same. + if config.Namespace != "" { + client.SetNamespace(config.Namespace) + } + if config.AuthMethod != nil { loginResp, err := vaultLogin(client, config.AuthMethod) if err != nil { @@ -112,13 +120,6 @@ func (v *VaultProvider) Configure(cfg ProviderConfig) error { } client.SetToken(config.Token) - // We don't want to set the namespace if it's empty to prevent potential - // unknown behavior (what does Vault do with an empty namespace). The Vault - // client also makes sure the inputs are not empty strings so let's do the - // same. - if config.Namespace != "" { - client.SetNamespace(config.Namespace) - } v.config = config v.client = client v.isPrimary = cfg.IsPrimary From 287fcf00720a1c0a434127f2a281abe68c540d85 Mon Sep 17 00:00:00 2001 From: Mark Anderson Date: Thu, 14 Apr 2022 09:23:14 -0700 Subject: [PATCH 150/785] Add changelog Signed-off-by: Mark Anderson --- .changelog/12793.txt | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 .changelog/12793.txt diff --git a/.changelog/12793.txt b/.changelog/12793.txt new file mode 100644 index 000000000..e3563e1d6 --- /dev/null +++ b/.changelog/12793.txt @@ -0,0 +1,5 @@ +```release-note:breaking-change +The Connect CA Vault system now sets the Namespace (if present) prior +to attempting to login to Vault. This means the AuthMethod needs to +be in the specified namespace. Previously the AuthMethod needed to be +in the root namespace to work. From 1a938e4a4933587fa40df11523e54821cb619725 Mon Sep 17 00:00:00 2001 From: Paul Glass Date: Thu, 14 Apr 2022 16:45:35 -0500 Subject: [PATCH 151/785] acl: Fix tag parsing for IAM users and roles in IAM auth method (#12797) * acl: Fix tag parsing on IAM users and roles in IAM auth method * Add changelog --- .changelog/12797.txt | 3 + internal/iamauth/auth_test.go | 5 +- internal/iamauth/iamauthtest/testing.go | 12 +- internal/iamauth/responses/responses.go | 14 +- internal/iamauth/responses/responses_test.go | 136 +++++++++++++++++++ internal/iamauth/responsestest/testing.go | 4 +- 6 files changed, 159 insertions(+), 15 deletions(-) create mode 100644 .changelog/12797.txt diff --git a/.changelog/12797.txt b/.changelog/12797.txt new file mode 100644 index 000000000..d1d8ae932 --- /dev/null +++ b/.changelog/12797.txt @@ -0,0 +1,3 @@ +```release-note:bug +acl: Fix parsing of IAM user and role tags in IAM auth method +``` diff --git a/internal/iamauth/auth_test.go b/internal/iamauth/auth_test.go index 736c3203a..909b64509 100644 --- a/internal/iamauth/auth_test.go +++ b/internal/iamauth/auth_test.go @@ -7,6 +7,7 @@ import ( "github.com/aws/aws-sdk-go/aws/credentials" "github.com/hashicorp/consul/internal/iamauth/iamauthtest" + "github.com/hashicorp/consul/internal/iamauth/responses" "github.com/hashicorp/consul/internal/iamauth/responsestest" "github.com/hashicorp/go-hclog" "github.com/stretchr/testify/require" @@ -18,11 +19,11 @@ func TestValidateLogin(t *testing.T) { var ( serverForRoleMismatchedIds = &iamauthtest.Server{ GetCallerIdentityResponse: f.ServerForRole.GetCallerIdentityResponse, - GetRoleResponse: responsestest.MakeGetRoleResponse(f.RoleARN, "AAAAsomenonmatchingid"), + GetRoleResponse: responsestest.MakeGetRoleResponse(f.RoleARN, "AAAAsomenonmatchingid", responses.Tags{}), } serverForUserMismatchedIds = &iamauthtest.Server{ GetCallerIdentityResponse: f.ServerForUser.GetCallerIdentityResponse, - GetUserResponse: responsestest.MakeGetUserResponse(f.UserARN, "AAAAsomenonmatchingid"), + GetUserResponse: responsestest.MakeGetUserResponse(f.UserARN, "AAAAsomenonmatchingid", responses.Tags{}), } ) diff --git a/internal/iamauth/iamauthtest/testing.go b/internal/iamauth/iamauthtest/testing.go index 4cb8519a9..b2e1fb37c 100644 --- a/internal/iamauth/iamauthtest/testing.go +++ b/internal/iamauth/iamauthtest/testing.go @@ -133,7 +133,7 @@ func MakeFixture() Fixture { f.AssumedRoleARN, f.EntityIDWithSession, f.AccountID, ), GetRoleResponse: responsestest.MakeGetRoleResponse( - f.RoleARN, f.EntityID, toTags(f.RoleTags)..., + f.RoleARN, f.EntityID, toTags(f.RoleTags), ), } @@ -142,7 +142,7 @@ func MakeFixture() Fixture { f.UserARN, f.EntityID, f.AccountID, ), GetUserResponse: responsestest.MakeGetUserResponse( - f.UserARN, f.EntityID, toTags(f.UserTags)..., + f.UserARN, f.EntityID, toTags(f.UserTags), ), } @@ -155,15 +155,15 @@ func (f *Fixture) RoleTagValues() []string { return values(f.RoleTags) } func (f *Fixture) UserTagValues() []string { return values(f.UserTags) } // toTags converts the map to a slice of responses.Tag -func toTags(tags map[string]string) []responses.Tag { - result := []responses.Tag{} +func toTags(tags map[string]string) responses.Tags { + members := []responses.TagMember{} for k, v := range tags { - result = append(result, responses.Tag{ + members = append(members, responses.TagMember{ Key: k, Value: v, }) } - return result + return responses.Tags{Members: members} } diff --git a/internal/iamauth/responses/responses.go b/internal/iamauth/responses/responses.go index e050b7734..ed57ca97b 100644 --- a/internal/iamauth/responses/responses.go +++ b/internal/iamauth/responses/responses.go @@ -45,7 +45,7 @@ type Role struct { Path string `xml:"Path"` RoleId string `xml:"RoleId"` RoleName string `xml:"RoleName"` - Tags []Tag `xml:"Tags"` + Tags Tags `xml:"Tags"` } func (r *Role) EntityPath() string { return r.Path } @@ -69,7 +69,7 @@ type User struct { Path string `xml:"Path"` UserId string `xml:"UserId"` UserName string `xml:"UserName"` - Tags []Tag `xml:"Tags"` + Tags Tags `xml:"Tags"` } func (u *User) EntityPath() string { return u.Path } @@ -78,14 +78,18 @@ func (u *User) EntityName() string { return u.UserName } func (u *User) EntityId() string { return u.UserId } func (u *User) EntityTags() map[string]string { return tagsToMap(u.Tags) } -type Tag struct { +type Tags struct { + Members []TagMember `xml:"member"` +} + +type TagMember struct { Key string `xml:"Key"` Value string `xml:"Value"` } -func tagsToMap(tags []Tag) map[string]string { +func tagsToMap(tags Tags) map[string]string { result := map[string]string{} - for _, tag := range tags { + for _, tag := range tags.Members { result[tag.Key] = tag.Value } return result diff --git a/internal/iamauth/responses/responses_test.go b/internal/iamauth/responses/responses_test.go index df4a9c1e3..a641be45a 100644 --- a/internal/iamauth/responses/responses_test.go +++ b/internal/iamauth/responses/responses_test.go @@ -1,6 +1,7 @@ package responses import ( + "encoding/xml" "testing" "github.com/stretchr/testify/require" @@ -155,3 +156,138 @@ func TestCanonicalArn(t *testing.T) { }) } } + +func TestUnmarshalXML(t *testing.T) { + t.Run("user xml", func(t *testing.T) { + var resp GetUserResponse + err := xml.Unmarshal([]byte(rawUserXML), &resp) + require.NoError(t, err) + require.Equal(t, expectedParsedUserXML, resp) + }) + t.Run("role xml", func(t *testing.T) { + var resp GetRoleResponse + err := xml.Unmarshal([]byte(rawRoleXML), &resp) + require.NoError(t, err) + require.Equal(t, expectedParsedRoleXML, resp) + }) +} + +var ( + rawUserXML = ` + + + / + arn:aws:iam::000000000000:user/my-user + my-user + AIDAexampleuserid + 2021-01-01T00:01:02Z + + + some-value + some-tag + + + another-value + another-tag + + + third-value + third-tag + + + + + + 11815b96-cb16-4d33-b2cf-0042fa4db4cd + +` + + expectedParsedUserXML = GetUserResponse{ + XMLName: xml.Name{ + Space: "https://iam.amazonaws.com/doc/2010-05-08/", + Local: "GetUserResponse", + }, + GetUserResult: []GetUserResult{ + { + User: User{ + Arn: "arn:aws:iam::000000000000:user/my-user", + Path: "/", + UserId: "AIDAexampleuserid", + UserName: "my-user", + Tags: Tags{ + Members: []TagMember{ + {Key: "some-tag", Value: "some-value"}, + {Key: "another-tag", Value: "another-value"}, + {Key: "third-tag", Value: "third-value"}, + }, + }, + }, + }, + }, + ResponseMetadata: []ResponseMetadata{ + {RequestId: "11815b96-cb16-4d33-b2cf-0042fa4db4cd"}, + }, + } + + rawRoleXML = ` + + + / + some-json-document-that-we-ignore + 43200 + AROAsomeuniqueid + + 2022-01-01T01:02:03Z + us-east-1 + + my-role + arn:aws:iam::000000000000:role/my-role + 2020-01-01T00:00:01Z + + + some-value + some-key + + + another-value + another-key + + + a-third-value + third-key + + + + + + a9866067-c0e5-4b5e-86ba-429c1151e2fb + +` + + expectedParsedRoleXML = GetRoleResponse{ + XMLName: xml.Name{ + Space: "https://iam.amazonaws.com/doc/2010-05-08/", + Local: "GetRoleResponse", + }, + GetRoleResult: []GetRoleResult{ + { + Role: Role{ + Arn: "arn:aws:iam::000000000000:role/my-role", + Path: "/", + RoleId: "AROAsomeuniqueid", + RoleName: "my-role", + Tags: Tags{ + Members: []TagMember{ + {Key: "some-key", Value: "some-value"}, + {Key: "another-key", Value: "another-value"}, + {Key: "third-key", Value: "a-third-value"}, + }, + }, + }, + }, + }, + ResponseMetadata: []ResponseMetadata{ + {RequestId: "a9866067-c0e5-4b5e-86ba-429c1151e2fb"}, + }, + } +) diff --git a/internal/iamauth/responsestest/testing.go b/internal/iamauth/responsestest/testing.go index 683308677..7daec0517 100644 --- a/internal/iamauth/responsestest/testing.go +++ b/internal/iamauth/responsestest/testing.go @@ -31,7 +31,7 @@ func MakeGetCallerIdentityResponse(arn, userId, accountId string) responses.GetC } } -func MakeGetRoleResponse(arn, id string, tags ...responses.Tag) responses.GetRoleResponse { +func MakeGetRoleResponse(arn, id string, tags responses.Tags) responses.GetRoleResponse { if strings.Contains(id, ":") { panic("RoleId in GetRole response must not contain ':'") } @@ -51,7 +51,7 @@ func MakeGetRoleResponse(arn, id string, tags ...responses.Tag) responses.GetRol } } -func MakeGetUserResponse(arn, id string, tags ...responses.Tag) responses.GetUserResponse { +func MakeGetUserResponse(arn, id string, tags responses.Tags) responses.GetUserResponse { if strings.Contains(id, ":") { panic("UserId in GetUser resposne must not contain ':'") } From f8e40755465421f5afe0261f80d6c76d2fa0982d Mon Sep 17 00:00:00 2001 From: Mark Anderson Date: Thu, 14 Apr 2022 14:56:44 -0700 Subject: [PATCH 152/785] Update 12793.txt --- .changelog/12793.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.changelog/12793.txt b/.changelog/12793.txt index e3563e1d6..5bc6e0020 100644 --- a/.changelog/12793.txt +++ b/.changelog/12793.txt @@ -1,4 +1,4 @@ -```release-note:breaking-change +```release-note:bugfix The Connect CA Vault system now sets the Namespace (if present) prior to attempting to login to Vault. This means the AuthMethod needs to be in the specified namespace. Previously the AuthMethod needed to be From fa2167a55f03a5bd47422f3d3a763853c3014349 Mon Sep 17 00:00:00 2001 From: Mark Anderson Date: Thu, 14 Apr 2022 14:57:47 -0700 Subject: [PATCH 153/785] Update 12793.txt --- .changelog/12793.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.changelog/12793.txt b/.changelog/12793.txt index 5bc6e0020..e9affecc6 100644 --- a/.changelog/12793.txt +++ b/.changelog/12793.txt @@ -1,4 +1,4 @@ -```release-note:bugfix +```release-note:bug The Connect CA Vault system now sets the Namespace (if present) prior to attempting to login to Vault. This means the AuthMethod needs to be in the specified namespace. Previously the AuthMethod needed to be From da64d6200099f070dc61ea0df7b405d71309d489 Mon Sep 17 00:00:00 2001 From: Boris Korzun Date: Fri, 15 Apr 2022 01:51:00 +0300 Subject: [PATCH 154/785] Fix incorrect severity syslog messages (#12079) Co-authored-by: Evan Culver --- .changelog/12079.txt | 3 ++ .circleci/config.yml | 2 + logging/logger.go | 2 +- logging/syslog.go | 4 +- logging/syslog_test.go | 77 ++++++++++++++++++++++++++++++ logging/syslog_unsupported_test.go | 20 ++++++++ 6 files changed, 105 insertions(+), 3 deletions(-) create mode 100644 .changelog/12079.txt create mode 100644 logging/syslog_test.go create mode 100644 logging/syslog_unsupported_test.go diff --git a/.changelog/12079.txt b/.changelog/12079.txt new file mode 100644 index 000000000..aa5dabb38 --- /dev/null +++ b/.changelog/12079.txt @@ -0,0 +1,3 @@ +```release-note:bug +logging: fix a bug with incorrect severity syslog messages (all messages were sent with NOTICE severity). +``` diff --git a/.circleci/config.yml b/.circleci/config.yml index f5b25f359..005deefb1 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -225,6 +225,8 @@ jobs: - image: *GOLANG_IMAGE environment: <<: *ENVIRONMENT + # tput complains if this isn't set to something. + TERM: ansi steps: - checkout - run: diff --git a/logging/logger.go b/logging/logger.go index 9d6cff74f..39b538336 100644 --- a/logging/logger.go +++ b/logging/logger.go @@ -77,7 +77,7 @@ func Setup(config Config, out io.Writer) (hclog.InterceptLogger, error) { for i := 0; i <= retries; i++ { syslog, err := gsyslog.NewLogger(gsyslog.LOG_NOTICE, config.SyslogFacility, "consul") if err == nil { - writers = append(writers, syslog) + writers = append(writers, &SyslogWrapper{l: syslog}) break } diff --git a/logging/syslog.go b/logging/syslog.go index 7115d0354..6e2c71e26 100644 --- a/logging/syslog.go +++ b/logging/syslog.go @@ -3,7 +3,7 @@ package logging import ( "bytes" - "github.com/hashicorp/go-syslog" + gsyslog "github.com/hashicorp/go-syslog" ) // levelPriority is used to map a log level to a @@ -34,7 +34,7 @@ func (s *SyslogWrapper) Write(p []byte) (int, error) { y := bytes.IndexByte(p[x:], ']') if y >= 0 { level = string(p[x+1 : x+y]) - afterLevel = p[x+y+2:] + afterLevel = bytes.TrimLeft(p[x+y+2:], " ") } } diff --git a/logging/syslog_test.go b/logging/syslog_test.go new file mode 100644 index 000000000..19931e346 --- /dev/null +++ b/logging/syslog_test.go @@ -0,0 +1,77 @@ +//go:build linux || darwin || dragonfly || freebsd || netbsd || openbsd || solaris +// +build linux darwin dragonfly freebsd netbsd openbsd solaris + +package logging + +import ( + "testing" + + gsyslog "github.com/hashicorp/go-syslog" + "github.com/stretchr/testify/require" +) + +// testSyslogFunc is a wrapper for injecting WriteLevel functionality into a Syslogger +// implementation; it gives us a way to inject test assertions into a SyslogWrapper. +type testSyslogWriteLevelFunc func(p gsyslog.Priority, m []byte) error + +// Write is a no-op +func (f testSyslogWriteLevelFunc) Write(p []byte) (int, error) { + return 0, nil +} + +// WriteLevel is a wrapper for the identity to be called +func (f testSyslogWriteLevelFunc) WriteLevel(p gsyslog.Priority, m []byte) error { + return f(p, m) +} + +// Close is a no-op +func (f testSyslogWriteLevelFunc) Close() error { + return nil +} + +func TestSyslog_Wrapper(t *testing.T) { + expectedMsg := []byte("test message") + + // generator for a writer that expects to be written with expectedPriority + writerForPriority := func(expectedPriority gsyslog.Priority) testSyslogWriteLevelFunc { + return func(p gsyslog.Priority, m []byte) error { + require.Equal(t, expectedPriority, p) + require.Equal(t, expectedMsg, m) + return nil + } + } + // [TRACE] is mapped to the LOG_DEBUG priority + debugw := &SyslogWrapper{l: writerForPriority(gsyslog.LOG_DEBUG)} + _, err := debugw.Write([]byte("[TRACE] " + string(expectedMsg))) + require.NoError(t, err) + + // [DEBUG] is mapped to the LOG_INFO priority + infow := &SyslogWrapper{l: writerForPriority(gsyslog.LOG_INFO)} + _, err = infow.Write([]byte("[DEBUG] " + string(expectedMsg))) + require.NoError(t, err) + + // [INFO] is mapped to the LOG_NOTICE priority + noticew := &SyslogWrapper{l: writerForPriority(gsyslog.LOG_NOTICE)} + _, err = noticew.Write([]byte("[INFO] " + string(expectedMsg))) + require.NoError(t, err) + + // [WARN] is mapped to the LOG_WARNING priority + warnw := &SyslogWrapper{l: writerForPriority(gsyslog.LOG_WARNING)} + _, err = warnw.Write([]byte("[WARN] " + string(expectedMsg))) + require.NoError(t, err) + + // [ERROR] is mapped to the LOG_ERR priority + errorw := &SyslogWrapper{l: writerForPriority(gsyslog.LOG_ERR)} + _, err = errorw.Write([]byte("[ERROR] " + string(expectedMsg))) + require.NoError(t, err) + + // [CRIT] is mapped to the LOG_CRIT priority + critw := &SyslogWrapper{l: writerForPriority(gsyslog.LOG_CRIT)} + _, err = critw.Write([]byte("[CRIT] " + string(expectedMsg))) + require.NoError(t, err) + + // unknown levels are written with LOG_NOTICE priority + defaultw := &SyslogWrapper{l: writerForPriority(gsyslog.LOG_NOTICE)} + _, err = defaultw.Write([]byte("[INVALID] " + string(expectedMsg))) + require.NoError(t, err) +} diff --git a/logging/syslog_unsupported_test.go b/logging/syslog_unsupported_test.go new file mode 100644 index 000000000..5a3f4886d --- /dev/null +++ b/logging/syslog_unsupported_test.go @@ -0,0 +1,20 @@ +//go:build windows || plan9 || nacl +// +build windows plan9 nacl + +package logging + +import ( + "testing" + + gsyslog "github.com/hashicorp/go-syslog" + "github.com/stretchr/testify/require" +) + +func TestSyslog_Unsupported(t *testing.T) { + // the role of the underlying go-syslog library is primarily to wrap the + // default log/syslog package such that when running against an unsupported + // OS, a meaningful error is returned, so that's what we'll test here by default. + s, err := gsyslog.NewLogger(gsyslog.LOG_NOTICE, "USER", "consul") + require.Error(t, err) + require.Nil(t, s) +} From 2621beab59cb04862cf588249a975f8c127a36a8 Mon Sep 17 00:00:00 2001 From: Karl Cardenas Date: Fri, 15 Apr 2022 07:18:17 -0700 Subject: [PATCH 155/785] docs: fixed redirect issue --- website/redirects.js | 1 + 1 file changed, 1 insertion(+) diff --git a/website/redirects.js b/website/redirects.js index 777fa471d..ae6267704 100644 --- a/website/redirects.js +++ b/website/redirects.js @@ -1262,6 +1262,7 @@ module.exports = [ { source: '/api/:path*', destination: '/api-docs/:path*', + permanent: true, }, { source: '/docs/agent/options', From 449a0f855c9a856b4eaab4a2a945be5e2c2231ba Mon Sep 17 00:00:00 2001 From: Kyle Havlovitz Date: Fri, 15 Apr 2022 09:55:52 -0700 Subject: [PATCH 156/785] Add an internal env var for managed cluster config in the ui (#12796) --- agent/config/builder.go | 1 + agent/config/runtime.go | 1 + .../TestRuntimeConfig_Sanitize.golden | 1 + agent/uiserver/ui_template_data.go | 1 + agent/uiserver/uiserver_test.go | 31 +++++++++++++++++++ 5 files changed, 35 insertions(+) diff --git a/agent/config/builder.go b/agent/config/builder.go index 695b021cd..c2a8dd878 100644 --- a/agent/config/builder.go +++ b/agent/config/builder.go @@ -1827,6 +1827,7 @@ func (b *builder) uiConfigVal(v RawUIConfig) UIConfig { MetricsProviderOptionsJSON: stringVal(v.MetricsProviderOptionsJSON), MetricsProxy: b.uiMetricsProxyVal(v.MetricsProxy), DashboardURLTemplates: v.DashboardURLTemplates, + HCPEnabled: os.Getenv("CONSUL_HCP_ENABLED") == "true", } } diff --git a/agent/config/runtime.go b/agent/config/runtime.go index a71dbc387..de5004e1a 100644 --- a/agent/config/runtime.go +++ b/agent/config/runtime.go @@ -1433,6 +1433,7 @@ type UIConfig struct { MetricsProviderOptionsJSON string MetricsProxy UIMetricsProxy DashboardURLTemplates map[string]string + HCPEnabled bool } type UIMetricsProxy struct { diff --git a/agent/config/testdata/TestRuntimeConfig_Sanitize.golden b/agent/config/testdata/TestRuntimeConfig_Sanitize.golden index a166dd517..9f4a6a196 100644 --- a/agent/config/testdata/TestRuntimeConfig_Sanitize.golden +++ b/agent/config/testdata/TestRuntimeConfig_Sanitize.golden @@ -438,6 +438,7 @@ "DashboardURLTemplates": {}, "Dir": "", "Enabled": false, + "HCPEnabled": false, "MetricsProvider": "", "MetricsProviderFiles": [], "MetricsProviderOptionsJSON": "", diff --git a/agent/uiserver/ui_template_data.go b/agent/uiserver/ui_template_data.go index bb722f798..bb262861a 100644 --- a/agent/uiserver/ui_template_data.go +++ b/agent/uiserver/ui_template_data.go @@ -19,6 +19,7 @@ func uiTemplateDataFromConfig(cfg *config.RuntimeConfig) (map[string]interface{} // browser. "metrics_proxy_enabled": cfg.UIConfig.MetricsProxy.BaseURL != "", "dashboard_url_templates": cfg.UIConfig.DashboardURLTemplates, + "hcp_enabled": cfg.UIConfig.HCPEnabled, } // Only set this if there is some actual JSON or we'll cause a JSON diff --git a/agent/uiserver/uiserver_test.go b/agent/uiserver/uiserver_test.go index f72514bac..73d38df7c 100644 --- a/agent/uiserver/uiserver_test.go +++ b/agent/uiserver/uiserver_test.go @@ -43,6 +43,7 @@ func TestUIServerIndex(t *testing.T) { "PrimaryDatacenter": "dc1", "ContentPath": "/ui/", "UIConfig": { + "hcp_enabled": false, "metrics_provider": "", "metrics_proxy_enabled": false, "dashboard_url_templates": null @@ -76,6 +77,7 @@ func TestUIServerIndex(t *testing.T) { "PrimaryDatacenter": "dc1", "ContentPath": "/ui/", "UIConfig": { + "hcp_enabled": false, "metrics_provider": "foo", "metrics_provider_options": { "a-very-unlikely-string":1 @@ -97,6 +99,26 @@ func TestUIServerIndex(t *testing.T) { "PrimaryDatacenter": "dc1", "ContentPath": "/ui/", "UIConfig": { + "hcp_enabled": false, + "metrics_provider": "", + "metrics_proxy_enabled": false, + "dashboard_url_templates": null + } + }`, + }, + { + name: "hcp enabled", + cfg: basicUIEnabledConfig(withHCPEnabled()), + path: "/", + wantStatus: http.StatusOK, + wantContains: []string{" [consul-common-errors]: /docs/troubleshoot/common-errors [troubleshooting]: https://learn.hashicorp.com/consul/day-2-operations/advanced-operations/troubleshooting -[install-instructions]: /docs/api-gateway/api-gateway-usage#installation \ No newline at end of file +[install-instructions]: /docs/api-gateway/consul-api-gateway-install#installation \ No newline at end of file diff --git a/website/content/docs/api-gateway/api-gateway-usage.mdx b/website/content/docs/api-gateway/consul-api-gateway-install.mdx similarity index 98% rename from website/content/docs/api-gateway/api-gateway-usage.mdx rename to website/content/docs/api-gateway/consul-api-gateway-install.mdx index ac8474892..814959a1f 100644 --- a/website/content/docs/api-gateway/api-gateway-usage.mdx +++ b/website/content/docs/api-gateway/consul-api-gateway-install.mdx @@ -1,17 +1,17 @@ --- layout: docs -page_title: Consul API Gateway Usage +page_title: Consul API Gateway Install description: >- - Using Consul API gateway functionality + Installing Consul API Gateway --- -# Consul API Gateway Usage +# Installing Consul API Gateway This topic describes how to use the Consul API Gateway add-on module. It includes instructions for installation and configuration. ## Requirements -Refer to [Technical Specifications](/docs/api-gateway/tech-specs) for minimum software requirements. +Ensure that the environment you are deploying Consul API Gateway in meets the requirements listed in the [Technical Specifications](/docs/api-gateway/tech-specs). This includes validating that the requirements for minimum versions of software are met. ## Installation @@ -305,7 +305,6 @@ spec: - ### MeshService The `MeshService` configuration holds a reference to an externally-managed Consul service mesh service and can be used as a `backendRef` for a [`Route`](#route). diff --git a/website/data/docs-nav-data.json b/website/data/docs-nav-data.json index 1538aa9ac..0fa575b63 100644 --- a/website/data/docs-nav-data.json +++ b/website/data/docs-nav-data.json @@ -382,8 +382,8 @@ "path": "api-gateway" }, { - "title": "Usage", - "path": "api-gateway/api-gateway-usage" + "title": "Installation", + "path": "api-gateway/consul-api-gateway-install" }, { "title": "Technical Specifications", diff --git a/website/redirects.js b/website/redirects.js index ae6267704..4f0118b6a 100644 --- a/website/redirects.js +++ b/website/redirects.js @@ -1269,4 +1269,9 @@ module.exports = [ destination: '/docs/agent/config', permanent: true, }, + { + source: '/docs/api-gateway/api-gateway-usage', + destination: '/docs/api-gateway/consul-api-gateway-install', + permanent: true, + }, ] From a050aa39b9be5967abadd03a8e8a4cd7d1bacd5d Mon Sep 17 00:00:00 2001 From: DanStough Date: Thu, 14 Apr 2022 16:55:10 -0400 Subject: [PATCH 159/785] Update go version to 1.18.1 --- .changelog/12808.txt | 3 + .circleci/config.yml | 22 +++---- .github/workflows/build.yml | 20 +++---- GNUmakefile | 4 +- agent/agent_test.go | 73 ++++++++++++++++++++---- agent/connect_ca_endpoint_test.go | 12 +++- agent/consul/leader_connect_ca.go | 17 +++++- api/api_test.go | 41 ++++++++++++- api/go.mod | 1 + api/go.sum | 8 ++- build-support/docker/Build-Go.dockerfile | 2 +- connect/proxy/proxy.go | 7 +-- connect/service_test.go | 20 ++++++- connect/tls.go | 29 ---------- connect/tls_test.go | 9 ++- go.mod | 4 +- go.sum | 7 ++- sdk/go.mod | 2 +- sdk/go.sum | 4 +- test/ca/certindex | 1 + test/ca/myca.conf | 2 +- test/ca/serialfile | 2 +- test/hostname/Alice.cfg | 2 +- test/hostname/Alice.crt | 38 ++++++------ test/hostname/Alice.key | 52 ++++++++--------- test/hostname/Betty.crt | 30 +++++----- test/hostname/Betty.key | 52 ++++++++--------- test/hostname/Bob.crt | 30 +++++----- test/hostname/Bob.key | 52 ++++++++--------- test/hostname/Bonnie.crt | 32 +++++------ test/hostname/Bonnie.key | 52 ++++++++--------- test/hostname/certindex | 10 ++-- test/hostname/myca.conf | 2 +- test/hostname/serialfile | 2 +- test/key/ourdomain.cer | 43 +++++++------- test/key/ourdomain.cfg | 2 +- test/key/ourdomain.key | 52 ++++++++--------- tlsutil/config.go | 6 +- tlsutil/config_test.go | 69 +++++++++++++++++++--- 39 files changed, 486 insertions(+), 330 deletions(-) create mode 100644 .changelog/12808.txt diff --git a/.changelog/12808.txt b/.changelog/12808.txt new file mode 100644 index 000000000..d2f6257bc --- /dev/null +++ b/.changelog/12808.txt @@ -0,0 +1,3 @@ +```release-note:note +dependency: Upgrade to use Go 1.18.1 +``` diff --git a/.circleci/config.yml b/.circleci/config.yml index 005deefb1..905a32801 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -15,7 +15,7 @@ references: images: # When updating the Go version, remember to also update the versions in the # workflows section for go-test-lib jobs. - go: &GOLANG_IMAGE docker.mirror.hashicorp.services/cimg/go:1.17.5 + go: &GOLANG_IMAGE docker.mirror.hashicorp.services/cimg/go:1.18.1 ember: &EMBER_IMAGE docker.mirror.hashicorp.services/circleci/node:14-browsers paths: @@ -188,7 +188,7 @@ jobs: name: Install golangci-lint command: | download=https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh - wget -O- -q $download | sh -x -s -- -d -b /home/circleci/go/bin v1.40.1 + wget -O- -q $download | sh -x -s -- -d -b /home/circleci/go/bin v1.45.2 - run: go mod download - run: name: lint @@ -1060,26 +1060,26 @@ workflows: - dev-build: *filter-ignore-non-go-branches - go-test: requires: [ dev-build ] - - go-test-lib: - name: "go-test-api go1.16" - path: api - go-version: "1.16" - requires: [ dev-build ] - go-test-lib: name: "go-test-api go1.17" path: api go-version: "1.17" requires: [ dev-build ] - go-test-lib: - name: "go-test-sdk go1.16" - path: sdk - go-version: "1.16" - <<: *filter-ignore-non-go-branches + name: "go-test-api go1.18" + path: api + go-version: "1.18" + requires: [ dev-build ] - go-test-lib: name: "go-test-sdk go1.17" path: sdk go-version: "1.17" <<: *filter-ignore-non-go-branches + - go-test-lib: + name: "go-test-sdk go1.18" + path: sdk + go-version: "1.18" + <<: *filter-ignore-non-go-branches - go-test-race: *filter-ignore-non-go-branches - go-test-32bit: *filter-ignore-non-go-branches build-distros: diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a6069e105..a14ce01bc 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -65,15 +65,15 @@ jobs: strategy: matrix: include: - - {go: "1.17.5", goos: "linux", goarch: "386"} - - {go: "1.17.5", goos: "linux", goarch: "amd64"} - - {go: "1.17.5", goos: "linux", goarch: "arm"} - - {go: "1.17.5", goos: "linux", goarch: "arm64"} - - {go: "1.17.5", goos: "freebsd", goarch: "386"} - - {go: "1.17.5", goos: "freebsd", goarch: "amd64"} - - {go: "1.17.5", goos: "windows", goarch: "386"} - - {go: "1.17.5", goos: "windows", goarch: "amd64"} - - {go: "1.17.5", goos: "solaris", goarch: "amd64"} + - {go: "1.18.1", goos: "linux", goarch: "386"} + - {go: "1.18.1", goos: "linux", goarch: "amd64"} + - {go: "1.18.1", goos: "linux", goarch: "arm"} + - {go: "1.18.1", goos: "linux", goarch: "arm64"} + - {go: "1.18.1", goos: "freebsd", goarch: "386"} + - {go: "1.18.1", goos: "freebsd", goarch: "amd64"} + - {go: "1.18.1", goos: "windows", goarch: "386"} + - {go: "1.18.1", goos: "windows", goarch: "amd64"} + - {go: "1.18.1", goos: "solaris", goarch: "amd64"} fail-fast: true name: Go ${{ matrix.go }} ${{ matrix.goos }} ${{ matrix.goarch }} build @@ -173,7 +173,7 @@ jobs: matrix: goos: [ darwin ] goarch: [ "amd64", "arm64" ] - go: [ "1.17.5" ] + go: [ "1.18.1" ] fail-fast: true name: Go ${{ matrix.go }} ${{ matrix.goos }} ${{ matrix.goarch }} build diff --git a/GNUmakefile b/GNUmakefile index 665f1d0a1..3e5fca77a 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -6,7 +6,7 @@ GOTOOLS = \ github.com/elazarl/go-bindata-assetfs/go-bindata-assetfs@master \ github.com/hashicorp/go-bindata/go-bindata@master \ github.com/vektra/mockery/cmd/mockery@master \ - github.com/golangci/golangci-lint/cmd/golangci-lint@v1.40.1 \ + github.com/golangci/golangci-lint/cmd/golangci-lint@v1.45.2 \ github.com/hashicorp/lint-consul-retry@master PROTOC_VERSION=3.15.8 @@ -15,7 +15,7 @@ PROTOC_VERSION=3.15.8 # MOG_VERSION can be either a valid string for "go install @" # or the string @DEV to imply use whatever is currently installed locally. ### -MOG_VERSION='v0.2.0' +MOG_VERSION='v0.3.0' ### # PROTOC_GO_INJECT_TAG_VERSION can be either a valid string for "go install @" # or the string @DEV to imply use whatever is currently installed locally. diff --git a/agent/agent_test.go b/agent/agent_test.go index ba82f127f..d7b118fcb 100644 --- a/agent/agent_test.go +++ b/agent/agent_test.go @@ -16,6 +16,7 @@ import ( "net/http/httptest" "net/url" "os" + "path" "path/filepath" "strconv" "strings" @@ -24,6 +25,8 @@ import ( "time" "github.com/golang/protobuf/jsonpb" + "github.com/google/go-cmp/cmp" + "github.com/google/go-cmp/cmp/cmpopts" "github.com/google/tcpproxy" "github.com/hashicorp/go-hclog" "github.com/hashicorp/serf/coordinate" @@ -3931,9 +3934,11 @@ func TestAgent_ReloadConfigOutgoingRPCConfig(t *testing.T) { a := NewTestAgent(t, hcl) defer a.Shutdown() tlsConf := a.tlsConfigurator.OutgoingRPCConfig() + require.True(t, tlsConf.InsecureSkipVerify) - require.Len(t, tlsConf.ClientCAs.Subjects(), 1) - require.Len(t, tlsConf.RootCAs.Subjects(), 1) + expectedCaPoolByFile := getExpectedCaPoolByFile(t) + assertDeepEqual(t, expectedCaPoolByFile, tlsConf.RootCAs, cmpCertPool) + assertDeepEqual(t, expectedCaPoolByFile, tlsConf.ClientCAs, cmpCertPool) hcl = ` data_dir = "` + dataDir + `" @@ -3946,9 +3951,11 @@ func TestAgent_ReloadConfigOutgoingRPCConfig(t *testing.T) { c := TestConfig(testutil.Logger(t), config.FileSource{Name: t.Name(), Format: "hcl", Data: hcl}) require.NoError(t, a.reloadConfigInternal(c)) tlsConf = a.tlsConfigurator.OutgoingRPCConfig() + require.False(t, tlsConf.InsecureSkipVerify) - require.Len(t, tlsConf.RootCAs.Subjects(), 2) - require.Len(t, tlsConf.ClientCAs.Subjects(), 2) + expectedCaPoolByDir := getExpectedCaPoolByDir(t) + assertDeepEqual(t, expectedCaPoolByDir, tlsConf.RootCAs, cmpCertPool) + assertDeepEqual(t, expectedCaPoolByDir, tlsConf.ClientCAs, cmpCertPool) } func TestAgent_ReloadConfigAndKeepChecksStatus(t *testing.T) { @@ -4018,8 +4025,9 @@ func TestAgent_ReloadConfigIncomingRPCConfig(t *testing.T) { require.NoError(t, err) require.NotNil(t, tlsConf) require.True(t, tlsConf.InsecureSkipVerify) - require.Len(t, tlsConf.ClientCAs.Subjects(), 1) - require.Len(t, tlsConf.RootCAs.Subjects(), 1) + expectedCaPoolByFile := getExpectedCaPoolByFile(t) + assertDeepEqual(t, expectedCaPoolByFile, tlsConf.RootCAs, cmpCertPool) + assertDeepEqual(t, expectedCaPoolByFile, tlsConf.ClientCAs, cmpCertPool) hcl = ` data_dir = "` + dataDir + `" @@ -4034,8 +4042,9 @@ func TestAgent_ReloadConfigIncomingRPCConfig(t *testing.T) { tlsConf, err = tlsConf.GetConfigForClient(nil) require.NoError(t, err) require.False(t, tlsConf.InsecureSkipVerify) - require.Len(t, tlsConf.ClientCAs.Subjects(), 2) - require.Len(t, tlsConf.RootCAs.Subjects(), 2) + expectedCaPoolByDir := getExpectedCaPoolByDir(t) + assertDeepEqual(t, expectedCaPoolByDir, tlsConf.RootCAs, cmpCertPool) + assertDeepEqual(t, expectedCaPoolByDir, tlsConf.ClientCAs, cmpCertPool) } func TestAgent_ReloadConfigTLSConfigFailure(t *testing.T) { @@ -4066,8 +4075,10 @@ func TestAgent_ReloadConfigTLSConfigFailure(t *testing.T) { tlsConf, err := tlsConf.GetConfigForClient(nil) require.NoError(t, err) require.Equal(t, tls.NoClientCert, tlsConf.ClientAuth) - require.Len(t, tlsConf.ClientCAs.Subjects(), 1) - require.Len(t, tlsConf.RootCAs.Subjects(), 1) + + expectedCaPoolByFile := getExpectedCaPoolByFile(t) + assertDeepEqual(t, expectedCaPoolByFile, tlsConf.RootCAs, cmpCertPool) + assertDeepEqual(t, expectedCaPoolByFile, tlsConf.ClientCAs, cmpCertPool) } func TestAgent_consulConfig_AutoEncryptAllowTLS(t *testing.T) { @@ -5845,3 +5856,45 @@ func Test_coalesceTimerTwoPeriods(t *testing.T) { }) } + +func getExpectedCaPoolByFile(t *testing.T) *x509.CertPool { + pool := x509.NewCertPool() + data, err := ioutil.ReadFile("../test/ca/root.cer") + require.NoError(t, err) + if !pool.AppendCertsFromPEM(data) { + t.Fatal("could not add test ca ../test/ca/root.cer to pool") + } + return pool +} + +func getExpectedCaPoolByDir(t *testing.T) *x509.CertPool { + pool := x509.NewCertPool() + entries, err := os.ReadDir("../test/ca_path") + require.NoError(t, err) + + for _, entry := range entries { + filename := path.Join("../test/ca_path", entry.Name()) + + data, err := ioutil.ReadFile(filename) + require.NoError(t, err) + + if !pool.AppendCertsFromPEM(data) { + t.Fatalf("could not add test ca %s to pool", filename) + } + } + + return pool +} + +// lazyCerts has a func field which can't be compared. +var cmpCertPool = cmp.Options{ + cmpopts.IgnoreFields(x509.CertPool{}, "lazyCerts"), + cmp.AllowUnexported(x509.CertPool{}), +} + +func assertDeepEqual(t *testing.T, x, y interface{}, opts ...cmp.Option) { + t.Helper() + if diff := cmp.Diff(x, y, opts...); diff != "" { + t.Fatalf("assertion failed: values are not equal\n--- expected\n+++ actual\n%v", diff) + } +} diff --git a/agent/connect_ca_endpoint_test.go b/agent/connect_ca_endpoint_test.go index 27e916155..2a299bc76 100644 --- a/agent/connect_ca_endpoint_test.go +++ b/agent/connect_ca_endpoint_test.go @@ -3,6 +3,7 @@ package agent import ( "bytes" "crypto/x509" + "encoding/pem" "io/ioutil" "net/http" "net/http/httptest" @@ -288,8 +289,13 @@ func TestConnectCARoots_PEMEncoding(t *testing.T) { data, err := ioutil.ReadAll(resp.Body) require.NoError(t, err) - pool := x509.NewCertPool() - require.True(t, pool.AppendCertsFromPEM(data)) + // expecting the root cert from dc1 and an intermediate in dc2 - require.Len(t, pool.Subjects(), 2) + block, rest := pem.Decode(data) + _, err = x509.ParseCertificate(block.Bytes) + require.NoError(t, err) + + block, _ = pem.Decode(rest) + _, err = x509.ParseCertificate(block.Bytes) + require.NoError(t, err) } diff --git a/agent/consul/leader_connect_ca.go b/agent/consul/leader_connect_ca.go index 91da428ac..2239bc6fd 100644 --- a/agent/consul/leader_connect_ca.go +++ b/agent/consul/leader_connect_ca.go @@ -266,7 +266,7 @@ func newCARoot(pemValue, provider, clusterID string) (*structs.CARoot, error) { } return &structs.CARoot{ ID: connect.CalculateCertFingerprint(primaryCert.Raw), - Name: fmt.Sprintf("%s CA Primary Cert", strings.Title(provider)), + Name: fmt.Sprintf("%s CA Primary Cert", providerPrettyName(provider)), SerialNumber: primaryCert.SerialNumber.Uint64(), SigningKeyID: connect.EncodeSigningKeyID(primaryCert.SubjectKeyId), ExternalTrustDomain: clusterID, @@ -1581,3 +1581,18 @@ func (c *CAManager) isIntermediateUsedToSignLeaf() bool { provider, _ := c.getCAProvider() return primaryUsesIntermediate(provider) } + +func providerPrettyName(provider string) string { + switch provider { + case "consul": + return "Consul" + case "vault": + return "Vault" + case "aws-pca": + return "Aws-Pca" + case "provider-name": + return "Provider-Name" + default: + return provider + } +} diff --git a/api/api_test.go b/api/api_test.go index 8af27f026..3f4e4e325 100644 --- a/api/api_test.go +++ b/api/api_test.go @@ -3,12 +3,14 @@ package api import ( crand "crypto/rand" "crypto/tls" + "crypto/x509" "fmt" "io/ioutil" "net" "net/http" "net/url" "os" + "path" "path/filepath" "reflect" "runtime" @@ -16,6 +18,8 @@ import ( "testing" "time" + "github.com/google/go-cmp/cmp" + "github.com/google/go-cmp/cmp/cmpopts" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -589,9 +593,8 @@ func TestAPI_SetupTLSConfig(t *testing.T) { if err != nil { t.Fatalf("err: %v", err) } - if len(cc.RootCAs.Subjects()) != 2 { - t.Fatalf("didn't load root CAs") - } + expectedCaPoolByDir := getExpectedCaPoolByDir(t) + assertDeepEqual(t, expectedCaPoolByDir, cc.RootCAs, cmpCertPool) // Load certs in-memory certPEM, err := ioutil.ReadFile("../test/hostname/Alice.crt") @@ -1098,3 +1101,35 @@ func TestAPI_GenerateEnvHTTPS(t *testing.T) { require.Equal(t, expected, c.GenerateEnv()) } + +func getExpectedCaPoolByDir(t *testing.T) *x509.CertPool { + pool := x509.NewCertPool() + entries, err := os.ReadDir("../test/ca_path") + require.NoError(t, err) + + for _, entry := range entries { + filename := path.Join("../test/ca_path", entry.Name()) + + data, err := ioutil.ReadFile(filename) + require.NoError(t, err) + + if !pool.AppendCertsFromPEM(data) { + t.Fatalf("could not add test ca %s to pool", filename) + } + } + + return pool +} + +// lazyCerts has a func field which can't be compared. +var cmpCertPool = cmp.Options{ + cmpopts.IgnoreFields(x509.CertPool{}, "lazyCerts"), + cmp.AllowUnexported(x509.CertPool{}), +} + +func assertDeepEqual(t *testing.T, x, y interface{}, opts ...cmp.Option) { + t.Helper() + if diff := cmp.Diff(x, y, opts...); diff != "" { + t.Fatalf("assertion failed: values are not equal\n--- expected\n+++ actual\n%v", diff) + } +} diff --git a/api/go.mod b/api/go.mod index 6a37c10dd..33d9c558c 100644 --- a/api/go.mod +++ b/api/go.mod @@ -5,6 +5,7 @@ go 1.12 replace github.com/hashicorp/consul/sdk => ../sdk require ( + github.com/google/go-cmp v0.5.7 github.com/hashicorp/consul/sdk v0.8.0 github.com/hashicorp/go-cleanhttp v0.5.1 github.com/hashicorp/go-hclog v0.12.0 diff --git a/api/go.sum b/api/go.sum index 45eae683f..ebf25c8c8 100644 --- a/api/go.sum +++ b/api/go.sum @@ -12,6 +12,8 @@ github.com/fatih/color v1.9.0 h1:8xPHl4/q1VyqGIPif1F+1V3Y3lSmrq01EabUW3CoW5s= github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c h1:964Od4U6p2jUkFxvCydnIczKteheJEzHRToSGK3Bnlw= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= +github.com/google/go-cmp v0.5.7 h1:81/ik6ipDQS2aGcBfIN5dHDB36BwrStyeAQquSYCV4o= +github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE= github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/go-cleanhttp v0.5.1 h1:dH3aiDG9Jvb5r5+bYHsikaOUIpcM0xvgMXVoDkXMzJM= @@ -100,12 +102,12 @@ golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200124204421-9fbb57f87de9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44 h1:Bli41pIlzTzf3KEY06n+xnzK/BESIg2ze4Pgfh/aI8c= golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20220412211240-33da011f77ad h1:ntjMns5wyP/fN65tdBD4g8J5w8n015+iIIs9rtjXkY0= +golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= @@ -114,6 +116,8 @@ golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/build-support/docker/Build-Go.dockerfile b/build-support/docker/Build-Go.dockerfile index 39fc6df5c..21f508502 100644 --- a/build-support/docker/Build-Go.dockerfile +++ b/build-support/docker/Build-Go.dockerfile @@ -1,4 +1,4 @@ -ARG GOLANG_VERSION=1.17.5 +ARG GOLANG_VERSION=1.18.1 FROM golang:${GOLANG_VERSION} RUN go install github.com/elazarl/go-bindata-assetfs/go-bindata-assetfs@master diff --git a/connect/proxy/proxy.go b/connect/proxy/proxy.go index 8eb34c499..86cc24d46 100644 --- a/connect/proxy/proxy.go +++ b/connect/proxy/proxy.go @@ -75,12 +75,7 @@ func (p *Proxy) Serve() error { tcfg := service.ServerTLSConfig() cert, _ := tcfg.GetCertificate(nil) leaf, _ := x509.ParseCertificate(cert.Certificate[0]) - roots, err := connect.CommonNamesFromCertPool(tcfg.RootCAs) - if err != nil { - p.logger.Error("Failed to parse root subjects", "error", err) - } else { - p.logger.Info("Parsed TLS identity", "uri", leaf.URIs[0], "roots", roots) - } + p.logger.Info("Parsed TLS identity", "uri", leaf.URIs[0]) // Only start a listener if we have a port set. This allows // the configuration to disable our public listener. diff --git a/connect/service_test.go b/connect/service_test.go index 1897a9097..e72b501ed 100644 --- a/connect/service_test.go +++ b/connect/service_test.go @@ -9,6 +9,8 @@ import ( "io" "io/ioutil" "net/http" + "reflect" + "sort" "strings" "testing" "time" @@ -189,15 +191,15 @@ func TestService_ServerTLSConfig(t *testing.T) { // After some time, both root and leaves should be different but both should // still be correct. - oldRootSubjects := bytes.Join(tlsCfg.RootCAs.Subjects(), []byte(", ")) + oldRootSubjects := getSubjects(tlsCfg.RootCAs) oldLeafSerial := cert.SerialNumber oldLeafKeyID := cert.SubjectKeyId retry.Run(t, func(r *retry.R) { updatedCfg := service.ServerTLSConfig() // Wait until roots are different - rootSubjects := bytes.Join(updatedCfg.RootCAs.Subjects(), []byte(", ")) - if bytes.Equal(oldRootSubjects, rootSubjects) { + rootSubjects := getSubjects(updatedCfg.RootCAs) + if oldRootSubjects == rootSubjects { r.Fatalf("root certificates should have changed, got %s", rootSubjects) } @@ -288,3 +290,15 @@ func TestService_HasDefaultHTTPResolverFromAddr(t *testing.T) { require.NoError(t, err) require.Equal(t, expected, got) } + +func getSubjects(cp *x509.CertPool) string { + subjectsIter := reflect.ValueOf(cp).Elem().FieldByName("byName").MapRange() + subjects := []string{} + for subjectsIter.Next() { + k := subjectsIter.Key() + subjects = append(subjects, k.String()) + } + sort.Strings(subjects) + subjectList := strings.Join(subjects, ",") + return subjectList +} diff --git a/connect/tls.go b/connect/tls.go index a79fe7c8a..dd7fc1869 100644 --- a/connect/tls.go +++ b/connect/tls.go @@ -3,8 +3,6 @@ package connect import ( "crypto/tls" "crypto/x509" - "crypto/x509/pkix" - "encoding/asn1" "errors" "fmt" "io/ioutil" @@ -111,33 +109,6 @@ func devTLSConfigFromFiles(caFile, certFile, return cfg, nil } -// PKIXNameFromRawSubject attempts to parse a DER encoded "Subject" as a PKIX -// Name. It's useful for inspecting root certificates in an x509.CertPool which -// only expose RawSubject via the Subjects method. -func PKIXNameFromRawSubject(raw []byte) (*pkix.Name, error) { - var subject pkix.RDNSequence - if _, err := asn1.Unmarshal(raw, &subject); err != nil { - return nil, err - } - var name pkix.Name - name.FillFromRDNSequence(&subject) - return &name, nil -} - -// CommonNamesFromCertPool returns the common names of the certificates in the -// cert pool. -func CommonNamesFromCertPool(p *x509.CertPool) ([]string, error) { - var names []string - for _, rawSubj := range p.Subjects() { - n, err := PKIXNameFromRawSubject(rawSubj) - if err != nil { - return nil, err - } - names = append(names, n.CommonName) - } - return names, nil -} - // CertURIFromConn is a helper to extract the service identifier URI from a // net.Conn. If the net.Conn is not a *tls.Conn then an error is always // returned. If the *tls.Conn didn't present a valid connect certificate, or is diff --git a/connect/tls_test.go b/connect/tls_test.go index 9659cf5be..1f8307224 100644 --- a/connect/tls_test.go +++ b/connect/tls_test.go @@ -7,6 +7,7 @@ import ( "testing" "github.com/google/go-cmp/cmp" + "github.com/google/go-cmp/cmp/cmpopts" "github.com/stretchr/testify/require" "github.com/hashicorp/consul/agent" @@ -295,9 +296,11 @@ func requireEqualTLSConfig(t *testing.T, expect, got *tls.Config) { // cmpCertPool is a custom comparison for x509.CertPool, because CertPool.lazyCerts // has a func field which can't be compared. -var cmpCertPool = cmp.Comparer(func(x, y *x509.CertPool) bool { - return cmp.Equal(x.Subjects(), y.Subjects()) -}) +// lazyCerts has a func field which can't be compared. +var cmpCertPool = cmp.Options{ + cmpopts.IgnoreFields(x509.CertPool{}, "lazyCerts"), + cmp.AllowUnexported(x509.CertPool{}), +} // requireCorrectVerifier invokes got.VerifyPeerCertificate and expects the // tls.Config arg to be returned on the provided channel. This ensures the diff --git a/go.mod b/go.mod index 8d7134af3..eb848e555 100644 --- a/go.mod +++ b/go.mod @@ -26,7 +26,7 @@ require ( github.com/fsnotify/fsnotify v1.5.1 github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/protobuf v1.4.3 - github.com/google/go-cmp v0.5.6 + github.com/google/go-cmp v0.5.7 github.com/google/go-querystring v1.0.0 // indirect github.com/google/gofuzz v1.2.0 github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22 @@ -89,7 +89,7 @@ require ( golang.org/x/net v0.0.0-20211216030914-fe4d6282115f golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d golang.org/x/sync v0.0.0-20210220032951-036812b2e83c - golang.org/x/sys v0.0.0-20211013075003-97ac67df715c + golang.org/x/sys v0.0.0-20220412211240-33da011f77ad golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e google.golang.org/genproto v0.0.0-20200623002339-fbb79eadd5eb google.golang.org/grpc v1.36.0 diff --git a/go.sum b/go.sum index 9311ff481..bbb6a03a1 100644 --- a/go.sum +++ b/go.sum @@ -253,8 +253,9 @@ github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ= github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.7 h1:81/ik6ipDQS2aGcBfIN5dHDB36BwrStyeAQquSYCV4o= +github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE= github.com/google/go-querystring v0.0.0-20170111101155-53e6ce116135/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/go-querystring v1.0.0 h1:Xkwi/a1rcvNg1PPYe5vI8GbeBY/jrVuDX5ASuANWTrk= github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= @@ -772,7 +773,6 @@ golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200124204421-9fbb57f87de9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -790,8 +790,9 @@ golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210816074244-15123e1e1f71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211013075003-97ac67df715c h1:taxlMj0D/1sOAuv/CbSD+MMDof2vbyPTqz5FNYKpXt8= golang.org/x/sys v0.0.0-20211013075003-97ac67df715c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220412211240-33da011f77ad h1:ntjMns5wyP/fN65tdBD4g8J5w8n015+iIIs9rtjXkY0= +golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= diff --git a/sdk/go.mod b/sdk/go.mod index 6d543bcec..18b289a0e 100644 --- a/sdk/go.mod +++ b/sdk/go.mod @@ -11,7 +11,7 @@ require ( github.com/mattn/go-isatty v0.0.12 // indirect github.com/pkg/errors v0.8.1 github.com/stretchr/testify v1.4.0 - golang.org/x/sys v0.0.0-20200124204421-9fbb57f87de9 + golang.org/x/sys v0.0.0-20220412211240-33da011f77ad gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 // indirect gopkg.in/yaml.v2 v2.2.8 // indirect ) diff --git a/sdk/go.sum b/sdk/go.sum index b9840a641..94ec34ba4 100644 --- a/sdk/go.sum +++ b/sdk/go.sum @@ -34,8 +34,8 @@ golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5h golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200124204421-9fbb57f87de9 h1:1/DFK4b7JH8DmkqhUk48onnSfrPzImPoVxuomtbT2nk= -golang.org/x/sys v0.0.0-20200124204421-9fbb57f87de9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20220412211240-33da011f77ad h1:ntjMns5wyP/fN65tdBD4g8J5w8n015+iIIs9rtjXkY0= +golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/test/ca/certindex b/test/ca/certindex index 8c478a407..4610614a1 100644 --- a/test/ca/certindex +++ b/test/ca/certindex @@ -5,3 +5,4 @@ V 160526220537Z 0D unknown /CN=test.internal/ST=CA/C=US/emailAddress=test@inter V 170604185910Z 0E unknown /CN=testco.internal/ST=California/C=US/emailAddress=test@testco.com/O=Hashicorp Test Cert/OU=Beta V 180606021919Z 0F unknown /CN=testco.internal/ST=California/C=US/emailAddress=james@hashicorp.com/O=End Point/OU=Testing V 21180418091009Z 10 unknown /CN=testco.internal/ST=California/C=US/emailAddress=james@hashicorp.com/O=End Point/OU=Testing +V 21220322142538Z 11 unknown /CN=testco.internal/ST=California/C=US/emailAddress=do-not-reply@hashicorp.com/O=End Point/OU=Testing diff --git a/test/ca/myca.conf b/test/ca/myca.conf index 067beb240..810e06ba3 100644 --- a/test/ca/myca.conf +++ b/test/ca/myca.conf @@ -13,7 +13,7 @@ database = certindex private_key = privkey.pem serial = serialfile default_days = 36500 -default_md = sha1 +default_md = sha512 policy = myca_policy x509_extensions = myca_extensions diff --git a/test/ca/serialfile b/test/ca/serialfile index b4de39476..48082f72f 100644 --- a/test/ca/serialfile +++ b/test/ca/serialfile @@ -1 +1 @@ -11 +12 diff --git a/test/hostname/Alice.cfg b/test/hostname/Alice.cfg index 6bba3002d..dcee8e5f2 100644 --- a/test/hostname/Alice.cfg +++ b/test/hostname/Alice.cfg @@ -9,7 +9,7 @@ ST = California L = Los Angeles O = End Point OU = Testing -emailAddress = james@hashicorp.com +emailAddress = do-not-reply@hashicorp.com CN = Alice [v3_req] diff --git a/test/hostname/Alice.crt b/test/hostname/Alice.crt index 074e8b5b4..42d54de0f 100644 --- a/test/hostname/Alice.crt +++ b/test/hostname/Alice.crt @@ -1,23 +1,23 @@ -----BEGIN CERTIFICATE----- -MIIDyzCCArOgAwIBAgIBGjANBgkqhkiG9w0BAQUFADCBmTELMAkGA1UEBhMCVVMx +MIID0zCCArugAwIBAgIBLjANBgkqhkiG9w0BAQ0FADCBmTELMAkGA1UEBhMCVVMx EzARBgNVBAgTCkNhbGlmb3JuaWExFDASBgNVBAcTC0xvcyBBbmdlbGVzMRkwFwYD VQQKExBIYWhpQ29ycCBUZXN0IENBMQ0wCwYDVQQLEwRUZXN0MREwDwYDVQQDEwhD -ZXJ0QXV0aDEiMCAGCSqGSIb3DQEJARYTamFtZXNAaGFzaGljb3JwLmNvbTAgFw0x -ODA1MTIwOTA0MzJaGA8yMTE4MDQxODA5MDQzMlowfDEOMAwGA1UEAwwFQWxpY2Ux -EzARBgNVBAgMCkNhbGlmb3JuaWExCzAJBgNVBAYTAlVTMSIwIAYJKoZIhvcNAQkB -FhNqYW1lc0BoYXNoaWNvcnAuY29tMRIwEAYDVQQKDAlFbmQgUG9pbnQxEDAOBgNV -BAsMB1Rlc3RpbmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjzkhi -7DQSMX6CBeIJtX3K508fTlvNxs9gYKMGIybyTrWSc5gT76QA7ntnETpcParyoF7K -N7LJnmTZr9uYOxJ9ZkYHzeAoBVbYjvm2jgMt8lTHwqept0ASIYhhe1RBhkIJH9eN -hoY6LgYefelj/leTYu55TUGfPD0kRNs4bG5XCl8TFbACOxKKdcY3uZQTaOXYl/Uv -Nl2Pp9h3v72/WL680Y9kGnmU9wcvBU5RewOTZKtdGe6y3hRmYz16nKxo733KH5Px -RDy2GyJ9mKC7QiyL8TYc7BRSp9FePeAXx5RQOYTL6Z5pgirwOnZkiWyaKBud9T5t -FxeT9QJdd1NsAURdAgMBAAGjODA2MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXgMBwG -A1UdEQQVMBOCEXNlcnZlci5kYzEuY29uc3VsMA0GCSqGSIb3DQEBBQUAA4IBAQBN -xFFMhWl2UtZYrQ5f3GrqTRncoe/oDqXxuAiiBRDo3Gz/XDkz9aFwwK2z7rjaYVrQ -8ZksrA4T/Zr5nGCXCpFjVMzw3eFRWqWbGRFi/nfcifvk5EW7uobT84SOYQ5jrv6y -3kmsd6f2pnYKgWEX7J94XVIE/BeVSHZMHephrK6KC3Gdy66xNk6othKymY6veNxn -70qQbw0yRrud6svdPNmD6GCauz2i3blb7xW1FZMrJqtN0Mw5W2QHMyS1MQFeSeaC -TDv/Os3tocLFtdsoLAECLAqYAL9wAvvm8eNNOWPnFpy644lE2uLupWB8z5m0GbGp -utZXHATEkmGoFKC+dNml +ZXJ0QXV0aDEiMCAGCSqGSIb3DQEJARYTamFtZXNAaGFzaGljb3JwLmNvbTAgFw0y +MjA0MTQyMjQxNTBaGA8yMTIyMDMyMTIyNDE1MFowgYMxDjAMBgNVBAMMBUFsaWNl +MRMwEQYDVQQIDApDYWxpZm9ybmlhMQswCQYDVQQGEwJVUzEpMCcGCSqGSIb3DQEJ +ARYaZG8tbm90LXJlcGx5QGhhc2hpY29ycC5jb20xEjAQBgNVBAoMCUVuZCBQb2lu +dDEQMA4GA1UECwwHVGVzdGluZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBAMadRkCC0SC4FcOGn+Y7L4lTyZpjywbgim081BdWXEQCG/gPlcxZGQEPn2ZA +cglvuNbRlsDYqDs88cn9Nm9xWRJOh3x79erN/1k8AChNSj69nvTzg3cBUYx3Tz8I +5MvuG1XBp6cOK7cyUizllQVF1YX3vM5wZSP3hEe8jxGpMxS6+cKh2MHbhDNtUV78 +t7VFiDqvkT4H85VIiHyBTzK/1lMmHed820Aam8b8b0WSsdVFUZZcxUKuaKAqg6Np +YQE49IPMGJ8zidVZhEm/vZP1K9+uNJSq4mnClFBua+06Z6F7gj2MjGyNn6MlMOKs +EMAmntg4jgm/DznSng0t95XtVKUCAwEAAaM4MDYwCQYDVR0TBAIwADALBgNVHQ8E +BAMCBeAwHAYDVR0RBBUwE4IRc2VydmVyLmRjMS5jb25zdWwwDQYJKoZIhvcNAQEN +BQADggEBAED+jxV3/dWdqUF4O6J0MbJ0i60XRpFHvP9W7ukt8L+cMgVsWTqWPt+d +819gp0L+OAgwAVW0jFXpywi3LkdqurTFMMeG/yc9H4ryuLBAmg6TQSAexaYGznhE +jXZYJR04Wi8ct2e62GRZdAUGCzg9ZxAEr3wPRg+XW1jkYvJvPPFerG5kQPdx1bq/ +C3AQh3ONSK+ZTv1hxWumixkJbHh0aQpnPvy1Mq4AV+mHXlPlJocXfhCFh9gZag3q +DpDQ3Q56fZmDmssRQO9TLd0/+lfZ22aM94DmJyU78Dq+rpLfC4Guh8DfhLGtCK9M +60ixhLIOonbE5/Q0T8fKxW2di6DR+kc= -----END CERTIFICATE----- diff --git a/test/hostname/Alice.key b/test/hostname/Alice.key index 64f286c92..482cb3382 100644 --- a/test/hostname/Alice.key +++ b/test/hostname/Alice.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDjzkhi7DQSMX6C -BeIJtX3K508fTlvNxs9gYKMGIybyTrWSc5gT76QA7ntnETpcParyoF7KN7LJnmTZ -r9uYOxJ9ZkYHzeAoBVbYjvm2jgMt8lTHwqept0ASIYhhe1RBhkIJH9eNhoY6LgYe -felj/leTYu55TUGfPD0kRNs4bG5XCl8TFbACOxKKdcY3uZQTaOXYl/UvNl2Pp9h3 -v72/WL680Y9kGnmU9wcvBU5RewOTZKtdGe6y3hRmYz16nKxo733KH5PxRDy2GyJ9 -mKC7QiyL8TYc7BRSp9FePeAXx5RQOYTL6Z5pgirwOnZkiWyaKBud9T5tFxeT9QJd -d1NsAURdAgMBAAECggEALevYZbCNspktklJTRXfDetJz/bCTCwEnrprsYgFWCYRa -T8JjhqlJGzL3x0gOxqdbvXscgJEHxmLam5M6pg5KZOLn/QzAQfEJl7ACoI0yEOIH -uxj/KVQaY01FK7lru6WvzB0SG6JhjnrWmvDwykpsJvbLccJkFxBSluwWcOJSv9Kj -CQMExsy9s2aVyUcA19aob8tQunBpAZfqIAO/wQxGUbxo7Bk6/o+/jYSoedzm0viY -M7xskskE0CMglC4AkbpWBLAR/aKlgtFiniYm3wp4k7Nbf0WMkESfCfvQtqsBgp0W -vuL2QbVouzxiGtj9XyGA3WqsJDVFL4CD5Aoap+kmgQKBgQDyQYmyOlifQvB95ZWO -GVQ0W4bOqzxOHuQYswIPj2yRjeoD7dYcCQD8i3nKzxrSljIezal49dio3+yBJwY6 -jomzrq7HPtmKMt4eZN1l9Tljiz9+5cxyKc2/qGJoEBkBccBlZXAFVJ99wSfcKQQw -zT4NbVHuXK5lZol6Wjvk/fVXIQKBgQDwut+wKCmsYgsVIJ17I1iHlcJUspPkWB4c -+iES1uGM49Iem2lMNSdRKzlkB5c6+JjIbmhLvh0+PH/7/vkVIrelbLCi4qe3E6m8 -gTOVq8pHohzLJJQAEWG6JlkjxBj+Orgc5qos4eO71yJProGk+xMZARz5n0EKmkpP -Zju/T/7RvQKBgQDyOBMsT+hCPRTmXEIflTW7L/Rm+ZFPbtWT2I/r7PSZyDI+gXQ+ -Dcadu/sni9H+0swEPo//cJiTqWj4bYNt0wzdyn/Ymf+6jUfHTgSMKBecbyMqhyvW -zfN5eSwDbm0CI7FB8J2Dxuu9Of7Xw278OIqdtDtiP+rjWhWFb2lJeZ7v4QKBgQCt -XRdMyI/CelUa4QMos/rEoiByWKzTLHZ7TdNVuvRyP3uJ2UhKvpjTBrrtA95wdKmq -5oAr0/1BXdaZxzTgeMEi3BSVKX+5A+sgOzfIGRCy59euoGgJaHsl0QovDMEnDWic -P63cZs1X8IXgNn9dLgfB4SBZ0MvJc/YCGlD65QRRTQKBgFxqEn90iOZr4AZKYoIR -0qQM0MA8W8Vi1EoKU7O/onuZrBA1rMfOGMjdtGmnTozVDbi/VKR6sjd4IpsIDH9L -WMn7Jm8Y5KYIEs9/DVv+/jPoPa/fQ680h8+QmRrz8P95Ap3xd17s+10qbUtrQdzI -w4xzB0gF0vOT/dCAmN66h/rv +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDGnUZAgtEguBXD +hp/mOy+JU8maY8sG4IptPNQXVlxEAhv4D5XMWRkBD59mQHIJb7jW0ZbA2Kg7PPHJ +/TZvcVkSTod8e/Xqzf9ZPAAoTUo+vZ7084N3AVGMd08/COTL7htVwaenDiu3MlIs +5ZUFRdWF97zOcGUj94RHvI8RqTMUuvnCodjB24QzbVFe/Le1RYg6r5E+B/OVSIh8 +gU8yv9ZTJh3nfNtAGpvG/G9FkrHVRVGWXMVCrmigKoOjaWEBOPSDzBifM4nVWYRJ +v72T9SvfrjSUquJpwpRQbmvtOmehe4I9jIxsjZ+jJTDirBDAJp7YOI4Jvw850p4N +LfeV7VSlAgMBAAECggEAVGkRK2etk5dJAKFdoc6zpEys2OXiqpiRnF2G0ihM7EZt +Np8BDikrvEy0dROco7AMwZev12P9E7gSFsN7+B8XOPWRFXHlkRZdmMIsWvSGQmX6 +gaZg0BoKW4V1c5fHDXizu12jcBdQsvo6/IPSMrx8RASHBMG16nROjuJvd5UOdZdF +wKTlCjLvJNnZsaW9HVsO3YsR1w2m1NbUdx+UYeRzy7sYzKc4Wnm2qA6r1UkzjC1S +6ho3NAy9mX4HlSyYq4qWwLT9ByIqgzjWdWJUbyJ2+ZvCRmbagONoBjGc323Og8LB +6PRswo2nlQSjxHA4G2llQaKp5TAbiwr9tPG+DaupnQKBgQDoQUkwa144jT6Bjn35 +36xl/s00vhT5dfFyEK4RPThTPP7FBKHPp8PO2kPz7z6CoL7xoV/yR2OENZ3ZxIgX +xBIw7cu25B0yp9+yH9wZGd3hNDGiXlnaJKy4oXYrs8pkh9bUXXAUsa+3Jcc29Y5I +MiboquzFMf0JRwHapx0SE9/G7wKBgQDa64Z4DlubX/QhdrQBlyJA/bT7NfTHkRoH +Oo0b9POqrh7ZiVMp8mlNDQY9VZo44UOJRrttNLzNCCl7Sce6H3GA38fp/OcszZTw +Crlfzk0Fm3D9zUUog8BO3sH1WBC1ws2cONIa5AeuNj6GuWE0UueULcGeb7bp5VYe +kN/Cx7u9qwKBgFIMPj7Mr0xrGVnLbNWJHu4pRXUMcXxvHgydt+B/MBa3xYj0SfWB +3rqEgNz796lOACZ8S9jbP1zFVC5KL4m1yndeikjh7S6n/259stNrP+b++UnS6wsV +Sa8v2v81VJqPImWDXMTywJCC2A2iUdFPZk9rkplXP3y3iQAlaS+ptbQhAoGARM49 +x0IL/LudyV67mLxdobubxFDjDE5ItfjrHNxSMVTkkU6d+tMb0YHEckaTYEk8psq6 +YcpvhKmKEBvSUGdNj0nGVX6NUgGTTBayyK/YeWivjLWVhPRT3vYYU/pH1jjR0sXx +E06UM2cNI97j9EQSUPpInnlSLhVMifLSwS9xjF0CgYEAsUd2Cy/sw1D+bv/6ktlz +5FYjAwJA2dcYCQMJ6Cds7yTgkmS0sFcb3bFOMtkTwzS6YShc07kiPlGs5d6P2uIA +cYBQLl/NNxVthCLmz8roY+g9wQH+0Bmwiigbn+vTriN+xA9F11Nie4vn6ZzQqncq +71BwLZBtCekeJsRU+ml+dSI= -----END PRIVATE KEY----- diff --git a/test/hostname/Betty.crt b/test/hostname/Betty.crt index 62dae6fb4..bba0776ce 100644 --- a/test/hostname/Betty.crt +++ b/test/hostname/Betty.crt @@ -1,23 +1,23 @@ -----BEGIN CERTIFICATE----- -MIID7DCCAtSgAwIBAgIBHDANBgkqhkiG9w0BAQUFADCBmTELMAkGA1UEBhMCVVMx +MIID7DCCAtSgAwIBAgIBMDANBgkqhkiG9w0BAQ0FADCBmTELMAkGA1UEBhMCVVMx EzARBgNVBAgTCkNhbGlmb3JuaWExFDASBgNVBAcTC0xvcyBBbmdlbGVzMRkwFwYD VQQKExBIYWhpQ29ycCBUZXN0IENBMQ0wCwYDVQQLEwRUZXN0MREwDwYDVQQDEwhD -ZXJ0QXV0aDEiMCAGCSqGSIb3DQEJARYTamFtZXNAaGFzaGljb3JwLmNvbTAgFw0x -OTEyMTEyMTQzMzlaGA8yMTE5MTExNzIxNDMzOVowgYMxDjAMBgNVBAMMBUJldHR5 +ZXJ0QXV0aDEiMCAGCSqGSIb3DQEJARYTamFtZXNAaGFzaGljb3JwLmNvbTAgFw0y +MjA0MTQyMjQxNTBaGA8yMTIyMDMyMTIyNDE1MFowgYMxDjAMBgNVBAMMBUJldHR5 MRMwEQYDVQQIDApDYWxpZm9ybmlhMQswCQYDVQQGEwJVUzEpMCcGCSqGSIb3DQEJ ARYaZG8tbm90LXJlcGx5QGhhc2hpY29ycC5jb20xEjAQBgNVBAoMCUVuZCBQb2lu dDEQMA4GA1UECwwHVGVzdGluZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC -ggEBAPU04u9/94fgQZMwCHR9gX6yBfJV6m7hTxR7rQv8GXaaCYVVisH2NmW6KcrZ -hjUqsvPpm63vEZasYC2blqlLnQCmJyOemnx9v0WEX9SLM3w8ihjbGhSq6VqaCeGH -s3jaxe9Bx8anR1tWiz2AoEEP1SzHgBQv08swDdWZsFKqnXntwqKqZcegIQMelxW+ -iofAtSRZcwhbQUrpgaarxStuvpxqt1y/rbS27H1cf9U4CLysKClOIIJE3l7rqKCb -R5uYyQd07nZC+R7/83TX1AGFvk55QujB9Pm9p6RbjHJWZ5CLPtpiQhpMwYw1JluN -1KSwnpDDreCWMw+yEchlAnpw3/cCAwEAAaNRME8wCQYDVR0TBAIwADALBgNVHQ8E +ggEBALcRmiQ3lifgSuD1f6Spc6iHSvX1ilRXlo9FJ9MuROyg1ByuxQliU4Wz4XUw +CbpzUncb3B7Sg0Dg2dfMZJoafkVcVi4k6Rv689uasp4LIciK53sL33QfZEXLw5Nt +LizfDM4IV5tb2m7s057ObVwdjjg0ICRkpgXWQgGb2OhkU3ZliPeuo4RnODCThRLR +9SvHenpn8TJldNGunQGERPRFEeF6ekNgSbfM3vjimBUGzHdlqd9L327u+fRrVC/E +k0YXTM7Ummc1NUButUaFFiA9uBFhqU5tI1NnrD+dAmsboXrzI62HsipOmWskoSAX +66gkeyi/yoDsXENd09WiqTxOaqECAwEAAaNRME8wCQYDVR0TBAIwADALBgNVHQ8E BAMCBeAwNQYDVR0RBC4wLIIRc2VydmVyLmRjMi5jb25zdWyCF2JldHR5LnNlcnZl -ci5kYzIuY29uc3VsMA0GCSqGSIb3DQEBBQUAA4IBAQBvGhMpUHmw3j7+sj0D+mCz -+bBhZH6HEpy6TLjS1GfO0/fyO2DIcPMHNTdNqmoDTt33scS53155jEhCI8Wtb6LY -Mvoo0wwnQtGvuqyscnJldAQ++08N2bjJq9iQoG1gB9oPWOxRe4tjbSoJNl1X3a0u -jwjKwOl0HX23WMy3S5mIKuOBuT79/nY/rVlFP1fsna4TKO1ocXjK5JnQ9TKdGTRH -9STT/RPIIQvWg+zeDS+ZlMocZEq7NT63d2BzH2ZiV6VRZM0PSyEixE0fqfxPxA2D -+fqeDl8iRR4tPIifkDFZLoMiHDa7Ciqh1hgdMUk1tkPZpxy+XP+AzI/K/3Tnceer +ci5kYzIuY29uc3VsMA0GCSqGSIb3DQEBDQUAA4IBAQB+hMHxwzY7KpFe/mKhiUCE +bOrVBvXAp/98F5UPoMGbF8Qe4/nNPAhhFGvkG28lAyeai1j7HX+gqx0qxcOMHGMw +uIL/XcpetQijOazNzvCaXo8MqPMjkiFDWkdaJVR7D1BU2kwwDpHJnNpnjynBW3vl +OPkANoo9WX825vErdZ4bEHQRRZziU7v2auqxZuxB8uBf9NJiDQvyUvkDUkQkHu+a +8QAdifeavxCkcIE6aKzPAEfDgVIHylzOjAGQUpZgmaA5344jH5CltTlZ54zh33jO +MmmzFj5e0MCdFJY3JBqKcEfXswTnDdXZIvdF3Iu/kWXTmd8Fnkx2ektNd70MFK0F -----END CERTIFICATE----- diff --git a/test/hostname/Betty.key b/test/hostname/Betty.key index 6b12937c4..2d1fb541b 100644 --- a/test/hostname/Betty.key +++ b/test/hostname/Betty.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQD1NOLvf/eH4EGT -MAh0fYF+sgXyVepu4U8Ue60L/Bl2mgmFVYrB9jZluinK2YY1KrLz6Zut7xGWrGAt -m5apS50Apicjnpp8fb9FhF/UizN8PIoY2xoUqulamgnhh7N42sXvQcfGp0dbVos9 -gKBBD9Usx4AUL9PLMA3VmbBSqp157cKiqmXHoCEDHpcVvoqHwLUkWXMIW0FK6YGm -q8Urbr6cardcv620tux9XH/VOAi8rCgpTiCCRN5e66igm0ebmMkHdO52Qvke//N0 -19QBhb5OeULowfT5vaekW4xyVmeQiz7aYkIaTMGMNSZbjdSksJ6Qw63gljMPshHI -ZQJ6cN/3AgMBAAECggEARpwMHVuENCRnvbK/PIxHlew9uiLzdyp6UzOqCSF3U6fX -xgV0B5aW44RQNJGfDABXt9U1d0i4j+Ljbz62i9myRFWUP7WUVvT+902/Kr1K/iOQ -wMeXIwx0Vhq1bbReAhc9mEAg/xt8eNjbD8LSYunkQRjR0P5UxtX3peKz25o17r3w -U5lpvbYzm/k376Dhr2RBr30jrrf2rh06+FQCc2dF2mK1j7+YKbIHK+BKQYtQeVyg -XYpJfJTsuHFojwZNGXEuidkGApuokTS0HiAuAjrCQsn4cUftXnUtE2HJgsCum/Bp -Kb74ahBbZCITXCRSKZCi6p9oFcHQ30JDCCz4Qy9HgQKBgQD/dzWYKzI29ihQmeLN -ntHRl4RTjO4LfCs6lr8ul5nFOcgGwSwaFaTbqq0oJefCqEH+wmH1Jbd5nfRi7PWr -uGibeZnLdiseHHMsvN8l6PY3tVCm3kJL5Ze2TY+n8/7eUPcmH60CFikqO53ahjV3 -9PtUBr5BUe1xUJ6T4zegqZKWbwKBgQD1uC8PfrIMGLmq9l3x3T2pAbmfz0N3DfUs -ncY+JCQRkBkWJk3oW8ITBZagCwvg4AnhbGvNgbAaPGEQ9HL7f19ieJeHxEaVtTY2 -kKDwelPHT06oCu2AZ8h1Zqfn55O/HtGO/MuTdFa9IKjGYJTUvSBy3VVd8gnK9MBV -fhUtEqNS+QKBgQC33NR18KDzbbcWS6sw0l2wu5xBhezN11BFmrl+jx3dFPkh42Ya -X/mHIBAAFUf4kaDt+nkGN18V6Nk7WdB3BwJC5AIMrb/arB8407bHUiPjdFvXvZ95 -gITwcGI0PyfwWdWHWsTp+4klHENAQ9e3vlok37WOzahXJe78AUzIFUOrgQKBgQCb -qC3Htw67Mv6LGr6wdOKWqY0Ze4bVaHYj6V6oBuUCazI5IdLAmz/6JNQiVl0T+1jH -AJPZ/4m7VPx4bSJZx3p5OsNjMic0tzK8pioNrLBd1hORyDpj2VrXZEyBT+X8cF14 -IxQjONOpw4KnCI+/pH9lxGhLtwQVGa6tec2YW/IyoQKBgQCMr00Z1/+edBh/s+Ho -p87Wwf3vRtRZLniVdc1jVk9raK6azrFS+vBzpkWZatLu5Grtwl/9HYNTu+AnfKGP -jyRkCx0i5qgEQobYkiAJeFocyDVbzaDdZBhTAINN9uaSDH1JpGNlIBxIflzT0adf -OCBbgQ6SaTH+MWvYJ1KJPsQVkw== +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC3EZokN5Yn4Erg +9X+kqXOoh0r19YpUV5aPRSfTLkTsoNQcrsUJYlOFs+F1MAm6c1J3G9we0oNA4NnX +zGSaGn5FXFYuJOkb+vPbmrKeCyHIiud7C990H2RFy8OTbS4s3wzOCFebW9pu7NOe +zm1cHY44NCAkZKYF1kIBm9joZFN2ZYj3rqOEZzgwk4US0fUrx3p6Z/EyZXTRrp0B +hET0RRHhenpDYEm3zN744pgVBsx3ZanfS99u7vn0a1QvxJNGF0zO1JpnNTVAbrVG +hRYgPbgRYalObSNTZ6w/nQJrG6F68yOth7IqTplrJKEgF+uoJHsov8qA7FxDXdPV +oqk8TmqhAgMBAAECggEAcaGcYtSaAIBpGf9oTmXb44Su08KoLTf8vUs4sA1tPM+L +OY6FwRBmNXx0+k9qCnBghIwncn5KeC/ZJ+i3nSvKqvTojVXd179KNEpuikjwnFET +47134tVFYUlcSRsg6Ts98HkfH9DA4c9gf5c0LFQwHdTFCrHql37pk6QP3BfB8p9/ +BHojrxF6dFV04XR5bMTHO0w1b4OstnROiKynZYxP9nxpeMDAWG8A1/7RSCFuaXHO +2m1V7ChAsfGsF26cAcVTBQaQBonlPAaswCOVQUSqVr+PtmjhaT96EJ2mS9Wbz8Wt +Wn/opHuRbmOp7wxJKXgvroD8t0738PyHo9H+EPthQQKBgQDywIXyClZFjDjLIH0c +YhS/ceRcUuhMxI1ZPwAQG72Fxv/HMUa3neSSKKLBKRQqPFxvvfjS0IT0737WtLjK +Mst2ojEKWkveRN54VVwINwXkLTrmM0vpQrBuye7c2le+Pj6QriV4OgIlB6P6huBM +AjiksbGj217H+n67cxwLgWdVOQKBgQDBDz8lc9DpV4WH+rfOx7vBSCqqvleQ3pxV +hO/BndW6/sFo7Go6zRc7mGmEeaJUVATAMTHRsvKZ7VQQH57l8JS88V27uxAepyjz +GV8kRYbfV5mtyoq+3owcaeUbBxVv0wCNB9I5m+SuRgfwe2/FHoV8EMl44LLB+sue +x5i1sDhoqQKBgGKa+43GzyZu//7a0pc97Amb/NPXxY6xZG01HxRsAD8gB3PlO0GI +vHj2Uq49vngtjqrBMxqHIwrPYela/Zj8qxMkbOE0ro650Nh2a+zWVOlLyhoKCjLV +KQ/HrOQ/ONcJN6bTZlsAzTA3e09fjCqz2Ehl+a+Cg2yd/u6rol+2D8BZAoGALc6u +Tvah9Ru9JTyJ7Fhb5kp3RTgQkuEe+vOl56zJj6ruvTSLKBSNlKhfMP2jVJry3Z9O +kNEC2x8CuSinjSt+Py6N7QM/meZTwwqcFoEgtVGVtzS9ovgvCnbd04Hkxjmsgcn/ +SYgBxI/9RkQjiwPo7D0XcMTv5TLaqXv2cfW0DLECgYEAkf+V/kSb667hAr4MNOKn +h030GAnmuvcm/ErbqWFXC7b9VyPDr+SU8tXr+ZZIzoH53ua9gxqTxYjFkUGMIZqM +yhRv3jYpG1ar1xs7Lo7qDCggPsBlZaIUkjZSlT0YX5SZ7U8DFowh7gRID0HUiELe +aqwXam2T6fIjLBVLhkuTWjw= -----END PRIVATE KEY----- diff --git a/test/hostname/Bob.crt b/test/hostname/Bob.crt index d5950f971..7f22c7171 100644 --- a/test/hostname/Bob.crt +++ b/test/hostname/Bob.crt @@ -1,23 +1,23 @@ -----BEGIN CERTIFICATE----- -MIID6DCCAtCgAwIBAgIBGzANBgkqhkiG9w0BAQUFADCBmTELMAkGA1UEBhMCVVMx +MIID6DCCAtCgAwIBAgIBLzANBgkqhkiG9w0BAQ0FADCBmTELMAkGA1UEBhMCVVMx EzARBgNVBAgTCkNhbGlmb3JuaWExFDASBgNVBAcTC0xvcyBBbmdlbGVzMRkwFwYD VQQKExBIYWhpQ29ycCBUZXN0IENBMQ0wCwYDVQQLEwRUZXN0MREwDwYDVQQDEwhD -ZXJ0QXV0aDEiMCAGCSqGSIb3DQEJARYTamFtZXNAaGFzaGljb3JwLmNvbTAgFw0x -OTEyMDQyMDMzMjhaGA8yMTE5MTExMDIwMzMyOFowgYExDDAKBgNVBAMMA0JvYjET +ZXJ0QXV0aDEiMCAGCSqGSIb3DQEJARYTamFtZXNAaGFzaGljb3JwLmNvbTAgFw0y +MjA0MTQyMjQxNTBaGA8yMTIyMDMyMTIyNDE1MFowgYExDDAKBgNVBAMMA0JvYjET MBEGA1UECAwKQ2FsaWZvcm5pYTELMAkGA1UEBhMCVVMxKTAnBgkqhkiG9w0BCQEW GmRvLW5vdC1yZXBseUBoYXNoaWNvcnAuY29tMRIwEAYDVQQKDAlFbmQgUG9pbnQx EDAOBgNVBAsMB1Rlc3RpbmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB -AQC+TMR+iyWgqvEmaqDTS7AaK5M18oPF47dDPm/o6/RbPRDO1KfcXXaJCk14tTd2 -BbgUPHyuOf5CfEQIBc3JgI8Aj4nTY56Fo7Zz0igEOd2tXBe0scx0dXZPrRnnUfg1 -tG8kBJGYL4wR7Bd8N0xCpZK4+6NWyEkGmiTCI+NoVevhadGDrTlLbs+1GvzuufUB -OnVsam28beDfFI7JoGFpV/wbu93C3BUs2yg7wvHrAw2uvA0K5A05Vk+w61gW9bKW -HNGvOzTIr5ZWYFLYO2xNq/9vbmnX/teYiMWd7OkZbwTssbV2L9NJ0hML7fd48Rb9 -3jjXAXCqHQgliqUZ45aTQEqlAgMBAAGjTzBNMAkGA1UdEwQCMAAwCwYDVR0PBAQD +AQDD0RkklDCznxVHo2/jXbeBkCDJBs8CqDeJuGwscPFIZuozR5LoL0ElScYudVwC +nvECbjcwwV0fMUIfRKao+6Akyvpd1zZpUYpifHkULzSnjm0x2ea/1fscIEuoQp+2 +eNDeQ7UAgqUpE2sgtSKuXa1l0zC8xX9eeZ3tKXl+6gXe9gfuFpRCijKt8o21EVnq +Gf8fMYZpLxKcTmf7KdZGKVzqY9JO84xfukBbWvhxpFFgka6NasSxmuqIps1AFs3V +pi2cDGixgJUGsVY4HJzEp/dU5bbr6Uke01VEmNpMn35rkxJtAWkEeWdYuq5ZaVEU +0Wd2i8mOiYtSi4i43wAlh2QjAgMBAAGjTzBNMAkGA1UdEwQCMAAwCwYDVR0PBAQD AgXgMDMGA1UdEQQsMCqCEXNlcnZlci5kYzEuY29uc3VsghVib2Iuc2VydmVyLmRj -MS5jb25zdWwwDQYJKoZIhvcNAQEFBQADggEBAGx4NH6cUIfLf4e/lvBDZFmd2qI9 -+uYC0kjdbf8mZuyVvpbtaWHqVUdfGRXjYJUi6+T7MSzhx5hhtXEwkKRDQWO3DPkE -kOOh+NEfeWm0Qsz41TlEJmZnpZP4sF37qO8uquFL4gVO4fHlybjL43XoaUiGsJ6o -jDQWqPZTArUDKz3SfvRc00VLc2TQ0neLVcAl24m5t3MNaN1UZ4PI2cXfC6HtAiVz -9V7IgRtM38YTYe8MzkiXCwFUVubTSyOOexxtoY8TuYEvyGcUocsz+G+SzK3gieB7 -D4MxZbgQzSOGtlDx9G7K5AWw+rqzReehDuzkI9itFXBAHKjudycE25a3xUQ= +MS5jb25zdWwwDQYJKoZIhvcNAQENBQADggEBAKvTAJffhOQVrm/R0p+YJpSZxis+ +Gg5nH//a6TSuj2qPp56q1V+cbiU/eDGIPkNUMLw1yl/0lhvKrHGR1QysdDcMEtph +bXga4ZwNgwQ4BLJi28J0WJDMCDq/GRhK/6KFd0uLLiOppTe470O59qSHSa2JMjKr +uzs9153jbY461IES147/MY3GDVC5pWGgnsCxmTuFf7vqV+CpRq62QlK+ZlekHaDL +cpwG/bMSUHdHcjCUusASSDyRcbCebGvMYO91zEMGkn7+DOd8ZkQyIX709/ue1uhJ +bqSWozgd383bL8ChNqnZqItOS63PCzbLhquLZJ4oQ8pq4YddGT8PD+Bmqks= -----END CERTIFICATE----- diff --git a/test/hostname/Bob.key b/test/hostname/Bob.key index ee2ebee18..5efa481dd 100644 --- a/test/hostname/Bob.key +++ b/test/hostname/Bob.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC+TMR+iyWgqvEm -aqDTS7AaK5M18oPF47dDPm/o6/RbPRDO1KfcXXaJCk14tTd2BbgUPHyuOf5CfEQI -Bc3JgI8Aj4nTY56Fo7Zz0igEOd2tXBe0scx0dXZPrRnnUfg1tG8kBJGYL4wR7Bd8 -N0xCpZK4+6NWyEkGmiTCI+NoVevhadGDrTlLbs+1GvzuufUBOnVsam28beDfFI7J -oGFpV/wbu93C3BUs2yg7wvHrAw2uvA0K5A05Vk+w61gW9bKWHNGvOzTIr5ZWYFLY -O2xNq/9vbmnX/teYiMWd7OkZbwTssbV2L9NJ0hML7fd48Rb93jjXAXCqHQgliqUZ -45aTQEqlAgMBAAECggEAWrzeAHy2r1py699x2e5ABOp8IgAF5wjCbHTMBaLke9Ct -QAHUHFYQXB2mfQTjcgoeEMAarzSF0QvRoIWr7wW2qgzHKh1ZC93Y9Hbjj8hLtAqy -Xv1cQLd1d15ReKP0Fx920xS+m3Moda8+L4NqgGjUghGye4G6mERNfKiCGVDGzU7F -5ayIHR60BRiwsODJ7jr5ajcXoTHQ34gRLz/hB6S72sLAwEjGedpqpd79LNXkSdiP -axEW9nJVodc286WToR2YSSDezvIKgpZDy9onvBFmIyZIKuALmk10YNTrL1SfgR2C -wIjeHmfukgnlWzNFLB8bx0PBnaINSgxfdDa6ZYaaIQKBgQDmFWvmXUcW+SOidjUV -QTS5gjejYdDmB49y9x4eUffyHwA0wJWpiXE9TCy+PjLi1WIineHiaAmNngEU/IHF -NBi127opbU6CftvW7dGdv2IJxaN2IePSmlsLD8XItD+ZbhcZnHy4bLF8gIdttxXS -GZPHzesY0EqKCyb5ygjQ1wjZmQKBgQDTvCj6cLmVbV89wJMB2rSTglD9B2iwJnHX -wiX7bedc579odjUpTOmbPTxn9aI1MJeE9aKFuQP6NspOSXKQqlXjheXCs4d4jWmD -EQpL8dtHzXVdZf/2+RtuCYafpMRXFvraQjg5TdHT7ezQco74tW3CW2YUVdKyslNn -R1EWlzyY7QKBgQCotlyAdzWBqv5uSq9x/nZi8RFLRJahljmh24LCSOi/KexEwlL8 -FkRq5kiI16MIod9r8smH8zHOHmY8tUuTBzh3Yb+IURaYqd0aJRjny0ZgVAQgw4kD -DRxlaBNnsIRSRV+67/ykX09mM/kagn4Fqaurf1s8vr9pqfPShksgmA1tQQKBgE98 -lLmn9dOl8ppBIC8TBrVVt8e1r1RpqlVAOngQQ0n6aj3yGnT9vbkcnP++E/351vgA -KtoeoeKeDQakxhCPEZ1Pl/im4xWbqN+eVwo5qoNjG0tLznLOA8EkbFikR10WcGfd -cjP5BeuUp1F9oDS4D5NmMoUxzt5s2ais+kEL16DlAoGBAKoyjZDTv8mG0YCv4W92 -Quv8+KxE5+7qGjckDZh1tZGQjU6br1QccPAXZmlRbAJD1c90uUO+Kkx27FFJrB4t -A9jCUpXUv78PyvqX3IUW8H555n/a0M37A0xnkqm91LddkKmAbkQvt6oel5rNbt2+ -QeYzS1O8PX+zTLGf64h8Ajwt +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDD0RkklDCznxVH +o2/jXbeBkCDJBs8CqDeJuGwscPFIZuozR5LoL0ElScYudVwCnvECbjcwwV0fMUIf +RKao+6Akyvpd1zZpUYpifHkULzSnjm0x2ea/1fscIEuoQp+2eNDeQ7UAgqUpE2sg +tSKuXa1l0zC8xX9eeZ3tKXl+6gXe9gfuFpRCijKt8o21EVnqGf8fMYZpLxKcTmf7 +KdZGKVzqY9JO84xfukBbWvhxpFFgka6NasSxmuqIps1AFs3Vpi2cDGixgJUGsVY4 +HJzEp/dU5bbr6Uke01VEmNpMn35rkxJtAWkEeWdYuq5ZaVEU0Wd2i8mOiYtSi4i4 +3wAlh2QjAgMBAAECggEBAJjqspLRMxMieXC/XkIVTpfcYO375i8yBGUFY1x1OseK +rvwqubueI2amLSDcv2TAkH+QaIMnjbwtMHDQoMG39sCkzk34IeKvLb1pbPhpQNpU +rEtQ2hUXWokFY2/bz3Ok95+LCk+Cts3T/0XEjnfSafXprdbM+IFjwgOR7vJAeSM6 +auXQ24FHxSFBMt0m3Zhgp1P1qLBMJCxrEM0PTDKSnfI/HURLmUwJShu9x7+RzEb8 +pMGYGqFrXgkPOMT9gmBTjjgljMNiAYU2NZWsmP1dx3tB8lUHCd8iIp8bwNjqc8Q/ +rSNtniZ9NI+DNTu5xrAHz9KnM2AQgn92bHaerBZ+TikCgYEA53wGSaf4qW9cNBPP +p7DVAcz0FxaFEdzT4RI89KhZvKySj2bmsmywhW41dRpHhqKtBCvPgewTaI6YWGxf +YtUN8AmzrymfXZxPl+A1T6zbfV0AdP9LI/MDj0BcgkAyhdPmo4/jzAFwsRqe6HHi +dcqXBdqimuKottqWixpsJHOyITcCgYEA2I4ObI6Y4xdZfVPqj8xiMq9g1MUNRXLG +palvDGUHV1jl8oBdBCsjWZdd7cIWqLGiMxdWM42AWPZ71QKqEhd4K2z7fzeaXOZb +6Dsruxu3bG6/RNxRuCfTL6YOIpz/m5iIHcFD9g7OnODtKkvAum/8bTYiTjunHQxp +zInhKjYGenUCgYB0ywS5IQC7LC6PL/ezmeq+79Ov2nLlYk+c3YDXyCEOqtt/cuGu +4Fvn1oUuQkYYTfeRhTE7Ugsw09FVu8gcq3ZOx/ZayFtZ9cXK0RrUylgr1kKmxS/6 +QWBoZIbISO+0ygcyOyUqBwf+s3m9ucgSulacY4VrNDT/nSYbpQcvFRio3QKBgH5z +7U5MslAhKVt6rgSMJ2dLa7Ky4j4EeKTx3GuTbwb9XUEO3cH6YqkFL48Pf+W/3GQT +I331CdZpEARhiugHll9dQzqVQGkxBsgEDVQ0KhaCUOQn9vwfHT28rJJftQ6psgoV ++dZr7RBEc5j4JTF5BSDMtJmUUdAvmHQcq0PXyk6lAoGBANPIxjhoJ2tEEQq6aXxF +VeHK/zQAPTbTXE8cS7tf4AU9u5WJ8noKm8KG9NwLJcN8kNKfKj3f8VXaFh4Pg0Be +rDopAQJtk5JJlAv8RKA8Igf8ilLLw5/6AYspZZLrPNSrYYvKVGN6rszbTk83sgOi +qhTPPWMwC0CmLJQ7LDdhM4T3 -----END PRIVATE KEY----- diff --git a/test/hostname/Bonnie.crt b/test/hostname/Bonnie.crt index c13d6def2..bc30780fb 100644 --- a/test/hostname/Bonnie.crt +++ b/test/hostname/Bonnie.crt @@ -1,24 +1,24 @@ -----BEGIN CERTIFICATE----- -MIID7jCCAtagAwIBAgIBHTANBgkqhkiG9w0BAQUFADCBmTELMAkGA1UEBhMCVVMx +MIID7jCCAtagAwIBAgIBMTANBgkqhkiG9w0BAQ0FADCBmTELMAkGA1UEBhMCVVMx EzARBgNVBAgTCkNhbGlmb3JuaWExFDASBgNVBAcTC0xvcyBBbmdlbGVzMRkwFwYD VQQKExBIYWhpQ29ycCBUZXN0IENBMQ0wCwYDVQQLEwRUZXN0MREwDwYDVQQDEwhD -ZXJ0QXV0aDEiMCAGCSqGSIb3DQEJARYTamFtZXNAaGFzaGljb3JwLmNvbTAgFw0x -OTEyMTIyMTA0MzZaGA8yMTE5MTExODIxMDQzNlowgYQxDzANBgNVBAMMBkJvbm5p +ZXJ0QXV0aDEiMCAGCSqGSIb3DQEJARYTamFtZXNAaGFzaGljb3JwLmNvbTAgFw0y +MjA0MTQyMjQxNTBaGA8yMTIyMDMyMTIyNDE1MFowgYQxDzANBgNVBAMMBkJvbm5p ZTETMBEGA1UECAwKQ2FsaWZvcm5pYTELMAkGA1UEBhMCVVMxKTAnBgkqhkiG9w0B CQEWGmRvLW5vdC1yZXBseUBoYXNoaWNvcnAuY29tMRIwEAYDVQQKDAlFbmQgUG9p bnQxEDAOBgNVBAsMB1Rlc3RpbmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK -AoIBAQDpxsOS28WlhI9l3rXf1m8hRJEM/OW3o1Nt/s/G7yCGu+VORmIWZrwgX+TY -B7p7/uWSA20pOPfJjgSxQOY5V3w3Tj6JfjEiknPY0iVVBXT6/EMw8DkXUe4N8Txc -YHV59VeMBg0IwPDQg5RqvAmzCGIqn5wky0DQXu1f62qzotpwTtEvy61MAovoZOCQ -myX4M6eg/eWTG50A9X56ZTuUUo/5teVFZy/7xDt5qASZl00h9vOZ4VAmMpaxOGYh -abPX6pfhROtyjwb28w+f5hoEP0p+FChF5NJL10iFQBXxAnL+Sty1fL8+2Wt2bG3L -iA2PyRCSpTXnS/Z6yBw6b8OUNCzpAgMBAAGjUjBQMAkGA1UdEwQCMAAwCwYDVR0P +AoIBAQDEG4RQDIbyPVcEyX8+uUcc6y5OeS95QlxkDbP5kXDaroV0VLmW3P/bkEtO +10omfCx9PFeedNI+cK6g1q6ByBkcwPmBIcfjWMmlfK5wIqb/smQJwUS2mLtSbkj/ +Eiilh6PR9mNQzosUoYFLKhQbkwYLJl+uHzMZyPVFyg/xbLBpTBkKB+2K4DAw4nAg +pojylOZo/QoC5CCUkprdLWIcvADP0rgqK/sZDrfrNltKM0I4oH2xBKPxICOMWuZD +euIKBB4y13BSMT4rWt1NfnIaVwXOhYcF9D6JXs5oXUymTR3FONm7P4QkMLdNUllW +9WZoSr7WzJ4UoZo2dqCv211t0zvNAgMBAAGjUjBQMAkGA1UdEwQCMAAwCwYDVR0P BAQDAgXgMDYGA1UdEQQvMC2CEXNlcnZlci5kYzMuY29uc3Vsghhib25uaWUuc2Vy -dmVyLmRjMy5jb25zdWwwDQYJKoZIhvcNAQEFBQADggEBABQhVUQmuqwqPLcSOumf -wl0Zr271DM8s/L1+DuOpqhlxRk1EwoEE/ADpy6bQ5RrASx/SEK8ufMu+0Dwil+xR -Oq+JyIreOuRNRrs2vwj9bB/flOm14URjqOo04tOnyfp0EhUlFLGTjBP8tIzZlXqq -CTePLBJi/Lwjo13Q7zGdB8jJ9FC5PS7A3SbeW8dzZyiL/vW5UpNY20tNSnCr8zj4 -/7e9lA5PTW1CLOUEndIhmWb0CKaxikDZiQX/9GK2O6M9+Pi6URVQ3NHP3CEoVrKs -0icCXKyetRx98ipGEEPFQENDx0obZ0Sp93LkFwy9sjSFcV9i/rK4PnNJtNmEFRY9 -SqA= +dmVyLmRjMy5jb25zdWwwDQYJKoZIhvcNAQENBQADggEBADhkLBmIaeSLDOWvRq13 +7Ja3ufHgTIKR8dmyLU/Lmn5KIWOlz7dAk8eP4wbnxUrp3Rn4Mw7esrHtMihSBTVq +XjwpwH6BzGkT50iraaoWdv+3FojySlG10BBTDiyqoKSTfj9g5RQn65tebcxueRMO +KFlKHr3LJui/5PrkFFUDrXNqior2Qbx3ZZOhbpH0J//Rt00tJ5GDPiPV59nWcIgq +4huF7hS4F4hFf8F+Pfs535//zF0EmJYE1J7twU6RC8+XRfLBQaXHNuvLxJbZOD7X +ViqK23b1t4Xn3wYVohAkKo2OoDXj8hoKXxg9ZYPqK2BGEOWCbTPIZjz5EWX0k5vh +yrA= -----END CERTIFICATE----- diff --git a/test/hostname/Bonnie.key b/test/hostname/Bonnie.key index 00ba5d620..82799dffe 100644 --- a/test/hostname/Bonnie.key +++ b/test/hostname/Bonnie.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDpxsOS28WlhI9l -3rXf1m8hRJEM/OW3o1Nt/s/G7yCGu+VORmIWZrwgX+TYB7p7/uWSA20pOPfJjgSx -QOY5V3w3Tj6JfjEiknPY0iVVBXT6/EMw8DkXUe4N8TxcYHV59VeMBg0IwPDQg5Rq -vAmzCGIqn5wky0DQXu1f62qzotpwTtEvy61MAovoZOCQmyX4M6eg/eWTG50A9X56 -ZTuUUo/5teVFZy/7xDt5qASZl00h9vOZ4VAmMpaxOGYhabPX6pfhROtyjwb28w+f -5hoEP0p+FChF5NJL10iFQBXxAnL+Sty1fL8+2Wt2bG3LiA2PyRCSpTXnS/Z6yBw6 -b8OUNCzpAgMBAAECggEBAJg3A0CsOJT9KyF5UZLdXJ6ctpVuVWSsw7XrI/6z1Mnl -rfi5e0R6wCOUTL0cyx/RaEkaUgl1PmHORt/jEgRkIk0gdTexIu0Pzr5ulkA1vWVu -u5Ex2PqGLiqF2HeNlvBB/y79AZ+hgStDgW+939LisohuRIzwitMh/A1oi6FLeE+G -w3JpkomArYWpGDWY9UF5WU/LquriLYDlgqsLFwLiVg73qFHCroN80ZYmQ1DF6x9W -JD6t4INk7brAoDzb2XiJtr246xcz9Fy7bPR59706vQvGS4vUB0W/+x8glVDlSYqi -2gnqHpTRl/0r/MwMwN28tqDd6TNB+qpYOUoCpVnEYcECgYEA/yRhV1wUZh46Bi89 -nq2RRTFsPnNfR/abMwNw3Jz6L3RftqlC6oqUjR9twV3mEYP+X9fHYa/MVASi9YTD -0hIeGcMX6nker0YfYxacc/cfh+8jrh/rMFbfng1fKWESMgyT8v2ZhCAFiqow4JWe -JgKpc9TlnlBSUg+QtaO15gREL4cCgYEA6o/+IKU7eMgEFjBO+BxgYETroBPZwAxy -RTjdISl9qafn8bJw3jfQPRGdEtAhXxniSVatkN3XhQD3kda+g0tMi4L3GgbJci3m -hoaO+YSErX93Grk5KHkyBXhiYp5eezWZgzj3bvXW+AjG9l1/2zOtXEB08vabrrYq -a6mo+bVQfA8CgYAVnU9hxzszK3xe6cGen7We1wEEiWGZBxs+xxvYlLPdMU6qesxg -cj0Dd5Yku3+yHCyAkhch/3Kf64SiqAyuzzodlJmCE6C12IrwKgo3CMhzC59KMQoL -nlBzY06cgsy30Lj37OQEfXH6vVBGtmYfcjpIxdBuCP/wU8E+og/W3KWqIQKBgBDf -Lp5WhEKZ0IFwFB4QnHYQPwqSovUHcCi+gFlkTJ+pbiuadDfnt9jMrYmu4teeWwJ/ -c5iZ/GiauzQISEfVYLogP3nlxxOpbY17nEkiWRDJvF11uUDKBukR0bHaRl2Ca3pe -3J1knYPVzcnmy82OmAesszzOtEAK5l48I+ViP1nNAoGAJMB2QRhrYQqjQtC4oHdp -6tGRBIS2ElgdILlXdHhvUyxvUONWEoymODeBXABMUUgiwLU/kGyt6pcjMMOStJnR -gTfGhjYIT+L5C7Ivz0OQU+CYV2i0W+c4xgjBKbuscisgg2CurS3cF1tera1Qve/Y -UtVBRnZ8/v/NisLFbtum/+Y= +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDEG4RQDIbyPVcE +yX8+uUcc6y5OeS95QlxkDbP5kXDaroV0VLmW3P/bkEtO10omfCx9PFeedNI+cK6g +1q6ByBkcwPmBIcfjWMmlfK5wIqb/smQJwUS2mLtSbkj/Eiilh6PR9mNQzosUoYFL +KhQbkwYLJl+uHzMZyPVFyg/xbLBpTBkKB+2K4DAw4nAgpojylOZo/QoC5CCUkprd +LWIcvADP0rgqK/sZDrfrNltKM0I4oH2xBKPxICOMWuZDeuIKBB4y13BSMT4rWt1N +fnIaVwXOhYcF9D6JXs5oXUymTR3FONm7P4QkMLdNUllW9WZoSr7WzJ4UoZo2dqCv +211t0zvNAgMBAAECggEASeIgGFSP5uXrSfdsREJjo2aLnK8VjrbMvjlXbBg6j3ke ++HQPM+JxVtRnOv3rhtJTpJ8+V4mlyDaF5DzdpDGyHF4r4lXKzEGgPwPZaI/1oPIh +tHcnHzAtquG4CLlbrPmMY8dTJZebWJt8bcgdqUHcDglYFO7WPsmydqepGAkd8Z07 +6Ze6tGhKbxoXYSDLEJ+twjLmWO52gWMUIAlDBawTikJ+ig9uzIO1EmxO7C2dUAHS +eImqoWgo4/uMKWgaFIjwFCvgLPItPmd8ej/tpAx/ASHBzAJbyOpbZM26h3+3RPte +RXwISe8Q9WSk5UnjFvy2+UKZ1KH4B1RutKGK2NM6tQKBgQDrqbzgAnCRbsW+Xy/D +jYh3JLJNpy6t+igMrV3Zzsaxf6rugJrcokvLcySeTjSD41pzkDX2JobJjP90/bAs +CFORm7e8a+M1z71JA/Hk6+nJwSlFpFynfIjPZsjTi7LgupBp+g0EGgv8kpm76l9T +lQRN96VBuePgvx62TtV4EagGGwKBgQDVB+s045fEa/KDAOJWsI1Wf589q+sztifE +02KNXWfgLGUzTDZbkGA5I+A/WTL+btRmUWlr+T9dALX8bI49Jho3CqVwGqkK1HA6 +7UykslGKaySMTcw4jU5jS64MPxCSklbeIAq9myYUESTQX7tidDjT8zMl/egiO7Ye +xMMWx/yENwKBgGPrLOzhu+69w9Pqseq8+K5jfcIU72LOnOp7Gz69QFuD4OqM1pxT +p8VURaNlTzjYTcKP04FRZnbQdIObCHYy9ZPYLTgTmlt3gC8UIBzKte5YGvKvNKXC +1JLzZpTjN223TIHShnBFxu1JDyuwvMhId3HDXWsXsPnart/nXvUwr0gfAoGBAMZm +dZvwSyxYDKgNbr6l9zwT586cCpVClI8u/54A2/lf33CDDi0ArV0KGJNnE6L6vT39 +nF0+6NBJFTReNaqljcytUZ6ydbTsXQnEb5kDqgVr+8Hfws74a4T2usYVBe479EMz +PE2R7UjLHqoiPnZXH4Xl/kDn1AXt7pOBVOAmqPrJAoGAMILgsmVBydvWvoQCYZRH +utnrswIYzDw9DeaLgktI/Sc9QJr1rswbW13Q/xMSb+czsmOV8jhUS7Vk+Xz6gzii +qtoOS9b5ojJP1Y+7gVY8sKVMsEJXm1sTA01HPd6WiN7gzbMpPzO64YzCFHYYZX1E +C+CDwDatWgLJeomG/2UNr68= -----END PRIVATE KEY----- diff --git a/test/hostname/certindex b/test/hostname/certindex index d6a932c66..56c177d36 100644 --- a/test/hostname/certindex +++ b/test/hostname/certindex @@ -1,6 +1,4 @@ -V 180512061548Z 18 unknown /CN=Alice/ST=California/C=US/emailAddress=james@hashicorp.com/O=End Point/OU=Testing -V 190512090339Z 19 unknown /CN=Alice/ST=California/C=US/emailAddress=james@hashicorp.com/O=End Point/OU=Testing -V 21180418090432Z 1A unknown /CN=Alice/ST=California/C=US/emailAddress=james@hashicorp.com/O=End Point/OU=Testing -V 21191110203328Z 1B unknown /CN=Bob/ST=California/C=US/emailAddress=do-not-reply@hashicorp.com/O=End Point/OU=Testing -V 21191117214339Z 1C unknown /CN=Betty/ST=California/C=US/emailAddress=do-not-reply@hashicorp.com/O=End Point/OU=Testing -V 21191118210436Z 1D unknown /CN=Bonnie/ST=California/C=US/emailAddress=do-not-reply@hashicorp.com/O=End Point/OU=Testing +V 21220321224150Z 2E unknown /CN=Alice/ST=California/C=US/emailAddress=do-not-reply@hashicorp.com/O=End Point/OU=Testing +V 21220321224150Z 2F unknown /CN=Bob/ST=California/C=US/emailAddress=do-not-reply@hashicorp.com/O=End Point/OU=Testing +V 21220321224150Z 30 unknown /CN=Betty/ST=California/C=US/emailAddress=do-not-reply@hashicorp.com/O=End Point/OU=Testing +V 21220321224150Z 31 unknown /CN=Bonnie/ST=California/C=US/emailAddress=do-not-reply@hashicorp.com/O=End Point/OU=Testing diff --git a/test/hostname/myca.conf b/test/hostname/myca.conf index 5d7538043..593f092b7 100644 --- a/test/hostname/myca.conf +++ b/test/hostname/myca.conf @@ -13,7 +13,7 @@ database = certindex private_key = privkey.pem serial = serialfile default_days = 36500 -default_md = sha1 +default_md = sha512 policy = myca_policy x509_extensions = myca_extensions diff --git a/test/hostname/serialfile b/test/hostname/serialfile index e28e17eb7..f5c89552b 100644 --- a/test/hostname/serialfile +++ b/test/hostname/serialfile @@ -1 +1 @@ -1E +32 diff --git a/test/key/ourdomain.cer b/test/key/ourdomain.cer index 52d13b59e..bae609085 100644 --- a/test/key/ourdomain.cer +++ b/test/key/ourdomain.cer @@ -1,25 +1,26 @@ -----BEGIN CERTIFICATE----- -MIIERjCCAy6gAwIBAgIBEDANBgkqhkiG9w0BAQUFADCBmDELMAkGA1UEBhMCVVMx +MIIETTCCAzWgAwIBAgIBETANBgkqhkiG9w0BAQ0FADCBmDELMAkGA1UEBhMCVVMx CzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRwwGgYDVQQKExNI YXNoaUNvcnAgVGVzdCBDZXJ0MQwwCgYDVQQLEwNEZXYxFjAUBgNVBAMTDXRlc3Qu -aW50ZXJuYWwxIDAeBgkqhkiG9w0BCQEWEXRlc3RAaW50ZXJuYWwuY29tMCAXDTE4 -MDUxMjA5MTAwOVoYDzIxMTgwNDE4MDkxMDA5WjCBhjEYMBYGA1UEAwwPdGVzdGNv -LmludGVybmFsMRMwEQYDVQQIDApDYWxpZm9ybmlhMQswCQYDVQQGEwJVUzEiMCAG -CSqGSIb3DQEJARYTamFtZXNAaGFzaGljb3JwLmNvbTESMBAGA1UECgwJRW5kIFBv -aW50MRAwDgYDVQQLDAdUZXN0aW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB -CgKCAQEA0X9Ft3q7EbTgyt4W0BwGtZ/kdDw+k2VEXs9GXRh7BG0sjWIu4szAbkau -igKwAdCcAHfZe4fRNTtzlUb7RnYSLB9SJZEbvwM07mfesR1ZpxtIKsCFZ8DjJ6Wo -eAvc+2JTIcWZLXuDIIIMZ6plvPbHN8RRnC5H4fw9Z8L+qmyyn0o7+4SClkhf2AZa -6WmoZCMbrSLMQdhx1MZTO86GeUJpIG0l3XJLb7wnfn5WDG/GZB8TGAycRD1EP5mx -wzgNqJLvL3TgL0d9NIwC0rpQC4qeP6pzngdr0KV0vgFyYoSBLHiU77+HL1C8QFN4 -fWGoBjEfkVPjHKOk323OgJKWizB34wIDAQABo4GoMIGlMAkGA1UdEwQCMAAwHQYD -VR0OBBYEFHJwH4f2QlFTTll+bnNiZZBo1oheMB8GA1UdIwQYMBaAFKP56zn6r23n -tlZJVSiBZckBG7iVMAsGA1UdDwQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYI -KwYBBQUHAwIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3BhdGgudG8uY3JsL215 -Y2EuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQA0ICTh1Dli9siCA5heDl51YCjoCVGa -B7OfoJStOW3BjesingD6kpQUPdbjr0qFzvSsn7IVd8v9IGr/hknBy9gjroPmwoct -gTgTuZpRm727AQiA6KSANnOz+dwb4r0ckdDqIrUTmk4lV7Pdk0lPONtGxfa8c3gY -QjaML7GK9QRU56RmYar+5VV2wI24lqz6cwpwTCa0gpZTRRKorpBONjSpZY4myGT4 -rWRkGTu59XX0POvQxg4i2CL5Lu6WE43APoFRJBCYIQoTqOi7KwlaYqJZG7pa8LU0 -mjDUjW3cNxthYLk2q3cZ4+Or5hbUZGBFhD716+FnChZ/531lgrGWLLMN +aW50ZXJuYWwxIDAeBgkqhkiG9w0BCQEWEXRlc3RAaW50ZXJuYWwuY29tMCAXDTIy +MDQxNTE0MjUzOFoYDzIxMjIwMzIyMTQyNTM4WjCBjTEYMBYGA1UEAwwPdGVzdGNv +LmludGVybmFsMRMwEQYDVQQIDApDYWxpZm9ybmlhMQswCQYDVQQGEwJVUzEpMCcG +CSqGSIb3DQEJARYaZG8tbm90LXJlcGx5QGhhc2hpY29ycC5jb20xEjAQBgNVBAoM +CUVuZCBQb2ludDEQMA4GA1UECwwHVGVzdGluZzCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAK6g0P0eGgLw2B63xyXjRhy5WnbYegJoQJtpnJ0NvgJyZfCz +G6vIw/xjtriyW2rcw9qoEQ7aerN93UdUQaECe3J4QalobFbw9VCGIPJEblBBBKAk +Y8Ek3Ldv6WWO0hWhho11JgjhpGfpFJtDKKs9vZ/tDwiU549ra5tTppMvyZIce+nW +SVkQAlq7zFUshgBu0k1tliU9bOUwZlRnT5xnDTHhKAqyBNGX5pVxhLXv+FM9UMHw +UbCbbucWb3oF1wbARTtLnDsmI0V9PPsUVAbc+sZ4ZQKcNmq92zKq3MjB93Kitfx+ +IdSGCJ+bP8mTQCTDrqDVVCsCaeOZ4Ufa+9kRvcsCAwEAAaOBqDCBpTAJBgNVHRME +AjAAMB0GA1UdDgQWBBTCmo+KBFV1kXzUsiC7xtwK8I9udjAfBgNVHSMEGDAWgBSj ++es5+q9t57ZWSVUogWXJARu4lTALBgNVHQ8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB +BQUHAwEGCCsGAQUFBwMCMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly9wYXRoLnRv +LmNybC9teWNhLmNybDANBgkqhkiG9w0BAQ0FAAOCAQEAr/evKySRc48PNzFovBbx +vWtHgIunJ9JOE8vJyomiuup99AaLvUkRvDIdQjLRac/0rgCD3NXjqQIb5QZPmuVy +w4obNwQaqfJdLys+pQUo1Ly0nPTs5ValIyICDAUf066lcMKNIh6oSn9y9kp/DqBP +feucrJLpwVKHsuUddDCbDPUNwgSbOC6mGvDfA2Q5bd9DMDuBWeRrU7qnfyNCVbem +V2mljJl5TOEc/Yn2vES7rFv987QXOhZGw1Eerhxazi+gwJvxiC1oE5urNk9k1UL/ +byayC5BQiDSee9oyE0YDvKRD9lcvQuk7hVLBv2rY1rqNsPaJKncrnXTtJBqMQHVA +cg== -----END CERTIFICATE----- diff --git a/test/key/ourdomain.cfg b/test/key/ourdomain.cfg index 1b1bbbc92..f20f98b78 100644 --- a/test/key/ourdomain.cfg +++ b/test/key/ourdomain.cfg @@ -8,5 +8,5 @@ ST = California L = Los Angeles O = End Point OU = Testing -emailAddress = james@hashicorp.com +emailAddress = do-not-reply@hashicorp.com CN = testco.internal diff --git a/test/key/ourdomain.key b/test/key/ourdomain.key index d997337c1..7a02cadd0 100644 --- a/test/key/ourdomain.key +++ b/test/key/ourdomain.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDRf0W3ersRtODK -3hbQHAa1n+R0PD6TZURez0ZdGHsEbSyNYi7izMBuRq6KArAB0JwAd9l7h9E1O3OV -RvtGdhIsH1IlkRu/AzTuZ96xHVmnG0gqwIVnwOMnpah4C9z7YlMhxZkte4Mgggxn -qmW89sc3xFGcLkfh/D1nwv6qbLKfSjv7hIKWSF/YBlrpaahkIxutIsxB2HHUxlM7 -zoZ5QmkgbSXdcktvvCd+flYMb8ZkHxMYDJxEPUQ/mbHDOA2oku8vdOAvR300jALS -ulALip4/qnOeB2vQpXS+AXJihIEseJTvv4cvULxAU3h9YagGMR+RU+Mco6Tfbc6A -kpaLMHfjAgMBAAECggEAJeSNaaiLWaKL3mXZXn8TP5rSKawT7XktqrB3G7On3J8a -peASdvdt/wRN4aymxU1ESlljPxLL5oMAXwndvVrx4oUvyJe8mworcsva3dJfOviW -TxVPi/q5m5w9IqmSqO2Z98vT7wQeLa0YLVAG4u0ID7A0yrkcS2XifXgptA3BKUpi -QwukeaVLFJQDIUnokyvNLKryQh6wRd3+qKlKLJCxKVHRBIXafYo+gYarKI9Npjex -3jbf2cTpIEBTOc8vKsUGfJIJg0E6y6LGgCL2I7YUOh3WCJEKag64ufpSvwGcpmi8 -/u2H1YWJn0HzCeWfy+8q9iamLlkc+DcbxV/T5pPqgQKBgQDxCZUmQC3/NBiT11Hr -PT8k8TAW2BbvwIsBa/PhnkRUGHyUZAw/dqoQZzy42g4xa2Rl8ZOCVOEFB726RzOo -KzOIqVUxZFrt6upyU6UB1ypETz0l3dmRwh0pA/7Ko5kxSE0Jy4CJl7d706uVGCTf -5/6KRL2aMxVgCZH9tomCfWJ+wwKBgQDegHiiwUSPgbJwGMPc1OdTSOy6Zn7702T9 -GRDgEzXDRJqFrOh3GkUDRUYXXGWuP9ZydD8Bpah2OE2SzPNQf9SYzu84KLivUUkP -jE/IHx8Avjx+Sj3EvUNuONfWD/Ch043nqpsEQ6WJZuumf3DVu6fJk49o+4n241U6 -pI2mmKDQYQKBgBhYCmtJkhuzTEQqPAjRL75waZX1DyP5w1BKceA4ltgTfQmTrTT/ -rB9p/dUBmOte2E3/fxFrtypF5OCablouus6zo3oQk6pxzmnrjr/H1mn9wsQ/SskQ -3NcWozYeHcu/bKBvoDTFUO+9qhetz5OZn7ihRrD7Nc50SP1h4TN/rGH3AoGBAIvE -iAM1BKxg/IYOCHsgAm/+zzYITJxEHpwesssPRiZzYd220BCBH/j9+xmRoQ3kbAFZ -pHqUZU5d79zXgcB/jDyxQPQ2IE2A8jQiH7vGUONWnQl3+XUsrr7+VhbRzIbbLbjp -Ipd7JvE5Ba6BP5ADYVLurpdz6yZ7h35e/9w25E4BAoGAN6OGNF3wKP9gGMKgxpOu -SemLp6v8WGOTuqbqkhfsbLCd4IR6apYh5AWn2aiIq0cJvkUfgb8/yGAbP/fqsMXd -IvVqiOGKoMHfB4bb6grJk3CdpgHcaOtNowFRDKzXNuXH7f7xNNxSABIdXk6aSmkI -NEBFopxmFg7bQdfXMaciFBE= +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCuoND9HhoC8Nge +t8cl40YcuVp22HoCaECbaZydDb4CcmXwsxuryMP8Y7a4sltq3MPaqBEO2nqzfd1H +VEGhAntyeEGpaGxW8PVQhiDyRG5QQQSgJGPBJNy3b+lljtIVoYaNdSYI4aRn6RSb +QyirPb2f7Q8IlOePa2ubU6aTL8mSHHvp1klZEAJau8xVLIYAbtJNbZYlPWzlMGZU +Z0+cZw0x4SgKsgTRl+aVcYS17/hTPVDB8FGwm27nFm96BdcGwEU7S5w7JiNFfTz7 +FFQG3PrGeGUCnDZqvdsyqtzIwfdyorX8fiHUhgifmz/Jk0Akw66g1VQrAmnjmeFH +2vvZEb3LAgMBAAECggEBAIVRvXwhKRaprTX2dJIWa4auc8RcDPodgYWlIa49uZzA +ndcfxrZltkrQDcYAVQ7GsLgUq8E9R4QVSYSVbO1xqbGA4hBl6qCNoZvyauDLIbUf +jlp8rbPdYqyhQf0JBpcBFGqWz4zkR9IU/mhy42+o2UZpg5q3o/m4txSEzp18VFW5 +KiuArjFmnfrIMvIcL/CEYUCbr1hhPoySOikQZbAObNXgOKurGXR52TgUztMwt32A +oJUAmtLu+ti4Q/ffKhaV0pfRhB0Byqsbm/ONDVTdKUwKDiMrBV8CqRquXunHWJ7D +sqBi8EnM6Ke08ZLqobqQWKmjVMT41rQYAk/1FqEGWJECgYEA3UfggUMX6nysXzVs +MZ7RNbjoSwISa/4I2QGSf3moW7N7G2NTcHPjOM2qhZ2IqR5QTQ8Q9zpPpeOtWquj +3+G45fGCT8aB1A6Pt1d/oTU1g5s7cHn0DzDNB4+5iWwPE+x5XdaZU1kzm6hTS6H6 +Roby7/Hm1PUw+0SXyKSQ9vw4HTcCgYEAygcO5SB0LqjTumRjhAM0OQSRU+rADaJA +X6g5IkjFMm20AH9cA/rg7ZVw3D3ZPZg0yd+qqhE5rIFvVyLUhkaFobZ17i+pUKcf +GH9m5BIuYyg7n78uy/0F9RTZbv2U0nHObUdg5jK4/9PQvhLihEIBEbl7X4RWlgtU +3oZKsP36zg0CgYABUDzn54ML1EOdqQ6EWOH7BKb0UwXS+EYLK7Q353v1V2Jirjs/ +jqCJpMbfVikKf/CQFIfQP9tbK7fKsvwdBxT24HEakh4RKSj3OKC8TzmLF2/J4h9t +u6dr5RF/3FFWl++8e9qbIQtqYBxmdYarxn9Ip1Hsb6wjwat4+GkX3jVjDwKBgQDH +CMkd5ylPRrjBa2G3j0iF3AApQp9PT0hIdX1ET5kno3iw/Mh0i1fJ+W6lLLG3wxpO +wHJs9mdxkltU51WlrBi/RvlMXdxbPyqdgfamP1tACUUkjr/V7ENQPugwNtfFtKWA +d8/5OoOUVuPSPty3HCfdhHUNl12OmT9Vs8wmLzJGiQKBgQDDC8MU/Llbg/Lhl76j +VuOrOci4p6fc5ICagFYBUyms0wsyP7RWseCgFQtthDPuBCArewY4j7AqmRgkDrqa +gOCrJeptdKT2oCkn6AlxBc9kP2Y0N5vLEkwkkrQAbP/3iG/d4raOSTKMOT8voXpv +f4HT3Zolz4FPrtFKVOi0VA3Z5A== -----END PRIVATE KEY----- diff --git a/tlsutil/config.go b/tlsutil/config.go index bf4e9f6c6..da85c2e72 100644 --- a/tlsutil/config.go +++ b/tlsutil/config.go @@ -447,15 +447,19 @@ func (c *Configurator) Base() Config { // find bugs. By accepting a varargs of slices we remove the need for the // caller to append the groups, which should prevent any such bugs. func newX509CertPool(groups ...[]string) (*x509.CertPool, error) { + var haveCerts bool pool := x509.NewCertPool() for _, group := range groups { for _, pem := range group { if !pool.AppendCertsFromPEM([]byte(pem)) { return nil, fmt.Errorf("failed to parse PEM %s", pem) } + if len(pem) > 0 { + haveCerts = true + } } } - if len(pool.Subjects()) == 0 { + if !haveCerts { return nil, nil } return pool, nil diff --git a/tlsutil/config_test.go b/tlsutil/config_test.go index b49bd66bc..75fa83945 100644 --- a/tlsutil/config_test.go +++ b/tlsutil/config_test.go @@ -7,6 +7,8 @@ import ( "io" "io/ioutil" "net" + "os" + "path" "path/filepath" "testing" @@ -1018,15 +1020,16 @@ func TestConfigurator_LoadCAs(t *testing.T) { shouldErr bool isNil bool count int + expectedCaPool *x509.CertPool } variants := []variant{ - {"", "", false, true, 0}, - {"bogus", "", true, true, 0}, - {"", "bogus", true, true, 0}, - {"", "../test/bin", true, true, 0}, - {"../test/ca/root.cer", "", false, false, 1}, - {"", "../test/ca_path", false, false, 2}, - {"../test/ca/root.cer", "../test/ca_path", false, false, 1}, + {"", "", false, true, 0, nil}, + {"bogus", "", true, true, 0, nil}, + {"", "bogus", true, true, 0, nil}, + {"", "../test/bin", true, true, 0, nil}, + {"../test/ca/root.cer", "", false, false, 1, getExpectedCaPoolByFile(t)}, + {"", "../test/ca_path", false, false, 2, getExpectedCaPoolByDir(t)}, + {"../test/ca/root.cer", "../test/ca_path", false, false, 1, getExpectedCaPoolByFile(t)}, } for i, v := range variants { pems, err1 := LoadCAs(v.cafile, v.capath) @@ -1045,7 +1048,7 @@ func TestConfigurator_LoadCAs(t *testing.T) { } else { require.NotEmpty(t, pems, info) require.NotNil(t, pool, info) - require.Len(t, pool.Subjects(), v.count, info) + assertDeepEqual(t, v.expectedCaPool, pool, cmpCertPool) require.Len(t, pems, v.count, info) } } @@ -1325,7 +1328,7 @@ func TestConfigurator_AutoEncryptCert(t *testing.T) { cert, err = loadKeyPair("../test/key/ourdomain.cer", "../test/key/ourdomain.key") require.NoError(t, err) c.autoTLS.cert = cert - require.Equal(t, int64(4679716209), c.AutoEncryptCert().NotAfter.Unix()) + require.Equal(t, int64(4803632738), c.AutoEncryptCert().NotAfter.Unix()) } func TestConfigurator_AuthorizeInternalRPCServerConn(t *testing.T) { @@ -1570,3 +1573,51 @@ func loadFile(t *testing.T, path string) string { require.NoError(t, err) return string(data) } + +func getExpectedCaPoolByFile(t *testing.T) *x509.CertPool { + pool := x509.NewCertPool() + data, err := ioutil.ReadFile("../test/ca/root.cer") + if err != nil { + t.Fatal("could not open test file ../test/ca/root.cer for reading") + } + if !pool.AppendCertsFromPEM(data) { + t.Fatal("could not add test ca ../test/ca/root.cer to pool") + } + return pool +} + +func getExpectedCaPoolByDir(t *testing.T) *x509.CertPool { + pool := x509.NewCertPool() + entries, err := os.ReadDir("../test/ca_path") + if err != nil { + t.Fatal("could not open test dir ../test/ca_path for reading") + } + + for _, entry := range entries { + filename := path.Join("../test/ca_path", entry.Name()) + + data, err := ioutil.ReadFile(filename) + if err != nil { + t.Fatalf("could not open test file %s for reading", filename) + } + + if !pool.AppendCertsFromPEM(data) { + t.Fatalf("could not add test ca %s to pool", filename) + } + } + + return pool +} + +// lazyCerts has a func field which can't be compared. +var cmpCertPool = cmp.Options{ + cmpopts.IgnoreFields(x509.CertPool{}, "lazyCerts"), + cmp.AllowUnexported(x509.CertPool{}), +} + +func assertDeepEqual(t *testing.T, x, y interface{}, opts ...cmp.Option) { + t.Helper() + if diff := cmp.Diff(x, y, opts...); diff != "" { + t.Fatalf("assertion failed: values are not equal\n--- expected\n+++ actual\n%v", diff) + } +} From 05e572215370a558fc454fbc5acb2a3f751a02dc Mon Sep 17 00:00:00 2001 From: Evan Rowe Date: Mon, 18 Apr 2022 09:03:13 -0700 Subject: [PATCH 160/785] ui: Revert to Services route as default (#12804) * ui: Revert to Services route as default * ui: update page navigation tests to match routing change --- ui/packages/consul-ui/app/templates/application.hbs | 4 +++- .../consul-ui/tests/acceptance/dc/forwarding.feature | 2 +- .../tests/acceptance/index-forwarding.feature | 2 +- .../tests/acceptance/page-navigation.feature | 2 +- ui/packages/consul-ui/vendor/consul-ui/routes.js | 12 ++++++------ 5 files changed, 12 insertions(+), 10 deletions(-) diff --git a/ui/packages/consul-ui/app/templates/application.hbs b/ui/packages/consul-ui/app/templates/application.hbs index d1c8a3a23..7932cb0bd 100644 --- a/ui/packages/consul-ui/app/templates/application.hbs +++ b/ui/packages/consul-ui/app/templates/application.hbs @@ -50,7 +50,9 @@ as |source|> {{! until we get to the dc route we don't know any permissions }} {{! as we don't know the dc, any inital permission based }} {{! redirects are in the dc.show route}} - {{did-insert (route-action 'replaceWith' 'dc.show' + +{{! 2022-04-15: Temporarily reverting the services page to the default }} + {{did-insert (route-action 'replaceWith' 'dc.services.index' (hash dc=(env 'CONSUL_DATACENTER_LOCAL') ) diff --git a/ui/packages/consul-ui/tests/acceptance/dc/forwarding.feature b/ui/packages/consul-ui/tests/acceptance/dc/forwarding.feature index 6b73278c8..b5f6db0e5 100644 --- a/ui/packages/consul-ui/tests/acceptance/dc/forwarding.feature +++ b/ui/packages/consul-ui/tests/acceptance/dc/forwarding.feature @@ -10,4 +10,4 @@ Feature: dc / forwarding --- dc: datacenter --- - Then the url should be /datacenter/overview/server-status + Then the url should be /datacenter/services diff --git a/ui/packages/consul-ui/tests/acceptance/index-forwarding.feature b/ui/packages/consul-ui/tests/acceptance/index-forwarding.feature index d21902c00..1405295ab 100644 --- a/ui/packages/consul-ui/tests/acceptance/index-forwarding.feature +++ b/ui/packages/consul-ui/tests/acceptance/index-forwarding.feature @@ -4,4 +4,4 @@ Feature: index-forwarding Scenario: Arriving at the index page when there is only one datacenter Given 1 datacenter model with the value "dc1" When I visit the index page - Then the url should be /dc1/overview/server-status + Then the url should be /dc1/services diff --git a/ui/packages/consul-ui/tests/acceptance/page-navigation.feature b/ui/packages/consul-ui/tests/acceptance/page-navigation.feature index 72b6a971b..73f57caad 100644 --- a/ui/packages/consul-ui/tests/acceptance/page-navigation.feature +++ b/ui/packages/consul-ui/tests/acceptance/page-navigation.feature @@ -10,7 +10,7 @@ Feature: page-navigation --- dc: dc1 --- - Then the url should be /dc1/overview/server-status + Then the url should be /dc1/services Scenario: Clicking [Link] in the navigation takes me to [URL] When I visit the services page for yaml --- diff --git a/ui/packages/consul-ui/vendor/consul-ui/routes.js b/ui/packages/consul-ui/vendor/consul-ui/routes.js index 99b3cfda5..b5bec8a60 100644 --- a/ui/packages/consul-ui/vendor/consul-ui/routes.js +++ b/ui/packages/consul-ui/vendor/consul-ui/routes.js @@ -7,32 +7,32 @@ index: { _options: { path: '/', - redirect: '../show/serverstatus', + redirect: '../services', }, }, show: { _options: { path: '/overview', - abilities: ['access overview'] + abilities: ['access overview'], }, serverstatus: { _options: { path: '/server-status', - abilities: ['access overview', 'read zones'] + abilities: ['access overview', 'read zones'], }, }, cataloghealth: { _options: { path: '/catalog-health', - abilities: ['access overview'] + abilities: ['access overview'], }, }, license: { _options: { path: '/license', - abilities: ['access overview', 'read licence'] + abilities: ['access overview', 'read licence'], }, - } + }, }, services: { _options: { path: '/services' }, From ceb61810634863485088c0d0f0a7effcb82582cb Mon Sep 17 00:00:00 2001 From: John Cowen Date: Mon, 18 Apr 2022 17:08:48 +0100 Subject: [PATCH 161/785] ui: Add documentation link to the Server Fault Tolerance panel (#12792) --- .../app/styles/routes/dc/overview/serverstatus.scss | 5 +++++ .../consul-ui/app/templates/dc/show/serverstatus.hbs | 3 +++ ui/packages/consul-ui/translations/routes/en-us.yaml | 8 +++++--- 3 files changed, 13 insertions(+), 3 deletions(-) diff --git a/ui/packages/consul-ui/app/styles/routes/dc/overview/serverstatus.scss b/ui/packages/consul-ui/app/styles/routes/dc/overview/serverstatus.scss index 7b36bec25..47e8f1288 100644 --- a/ui/packages/consul-ui/app/styles/routes/dc/overview/serverstatus.scss +++ b/ui/packages/consul-ui/app/styles/routes/dc/overview/serverstatus.scss @@ -33,6 +33,11 @@ section[data-route='dc.show.serverstatus'] { border-bottom: var(--decor-border-100); border-color: rgb(var(--tone-border)); } +%server-failure-tolerance > header a { + float: right; + margin-top: 4px; + font-weight: var(--typo-weight-semibold); +} %server-failure-tolerance header em { @extend %pill-200; font-size: 0.812rem; /* 13px */ diff --git a/ui/packages/consul-ui/app/templates/dc/show/serverstatus.hbs b/ui/packages/consul-ui/app/templates/dc/show/serverstatus.hbs index 36fa0c86e..dd2472ec8 100644 --- a/ui/packages/consul-ui/app/templates/dc/show/serverstatus.hbs +++ b/ui/packages/consul-ui/app/templates/dc/show/serverstatus.hbs @@ -87,6 +87,9 @@ as |item|}} >
    + {{compute (fn route.t 'tolerance.link' (hash + htmlSafe=true + ))}}

    {{compute (fn route.t 'tolerance.header')}}

    diff --git a/ui/packages/consul-ui/translations/routes/en-us.yaml b/ui/packages/consul-ui/translations/routes/en-us.yaml index 735a33f96..17b142276 100644 --- a/ui/packages/consul-ui/translations/routes/en-us.yaml +++ b/ui/packages/consul-ui/translations/routes/en-us.yaml @@ -5,6 +5,8 @@ dc: title: Server status unassigned: Unassigned Zones tolerance: + link: | + Learn more header: Server fault tolerance immediate: header: Immediate @@ -35,17 +37,17 @@ dc: body: |
    • - + License expiration
    • - + Renewing a license
    • - + Applying a new license
      • From 9d0b5bf8e95e6084a5637894bcdca690fb40045b Mon Sep 17 00:00:00 2001 From: Evan Culver Date: Mon, 18 Apr 2022 09:36:07 -0700 Subject: [PATCH 162/785] connect: Add Envoy 1.22 to integration tests, remove Envoy 1.18 (#12805) Co-authored-by: R.B. Boyer --- .changelog/12805.txt | 3 + .circleci/config.yml | 20 +++--- agent/xds/delta.go | 10 --- agent/xds/delta_test.go | 66 ----------------- agent/xds/envoy_versioning.go | 23 ++---- agent/xds/envoy_versioning_test.go | 5 ++ agent/xds/listeners.go | 71 +++++++++++++------ agent/xds/proxysupport/proxysupport.go | 2 +- ...oxy-with-chain-and-overrides.latest.golden | 10 ++- ...onnect-proxy-with-grpc-chain.latest.golden | 10 ++- ...onnect-proxy-with-http-chain.latest.golden | 5 +- ...nnect-proxy-with-http2-chain.latest.golden | 5 +- .../listeners/expose-checks.latest.golden | 5 +- ...expose-paths-local-app-paths.latest.golden | 10 ++- ...pose-paths-new-cluster-http2.latest.golden | 10 ++- .../http-listener-with-timeouts.latest.golden | 5 +- .../http-public-listener.latest.golden | 5 +- .../listeners/http-upstream.latest.golden | 5 +- ...gress-http-multiple-services.latest.golden | 10 ++- ...itter-with-resolver-redirect.latest.golden | 5 +- ...h-sds-listener+service-level.latest.golden | 15 +++- ...h-sds-listener-gw-level-http.latest.golden | 5 +- ...s-service-level-mixed-no-tls.latest.golden | 15 +++- ...gress-with-sds-service-level.latest.golden | 15 +++- ...ess-with-single-tls-listener.latest.golden | 10 ++- ...n-listeners-gateway-defaults.latest.golden | 25 +++++-- ...ess-with-tls-mixed-listeners.latest.golden | 10 ++- ...-mixed-min-version-listeners.latest.golden | 15 +++- ...esh-gateway-custom-addresses.latest.golden | 40 ++++++++--- .../mesh-gateway-no-services.latest.golden | 10 ++- ...esh-gateway-tagged-addresses.latest.golden | 20 ++++-- ...eway-using-federation-states.latest.golden | 10 ++- .../listeners/mesh-gateway.latest.golden | 10 ++- ...itter-with-resolver-redirect.latest.golden | 5 +- ...-custom-and-tagged-addresses.latest.golden | 20 ++++-- ...minating-gateway-no-api-cert.latest.golden | 10 ++- ...minating-gateway-no-services.latest.golden | 10 ++- ...ting-gateway-service-subsets.latest.golden | 25 +++++-- ...h-tls-incoming-cipher-suites.latest.golden | 10 ++- ...ith-tls-incoming-max-version.latest.golden | 10 ++- ...ith-tls-incoming-min-version.latest.golden | 10 ++- .../terminating-gateway.latest.golden | 10 ++- ...xy-catalog-destinations-only.latest.golden | 5 +- ...roxy-dial-instances-directly.latest.golden | 5 +- ...nsparent-proxy-http-upstream.latest.golden | 10 ++- ...nt-proxy-terminating-gateway.latest.golden | 5 +- .../listeners/transparent-proxy.latest.golden | 5 +- ...teway-with-service-resolvers.latest.golden | 25 +++++-- .../lambda-terminating-gateway.latest.golden | 15 +++- agent/xds/xds_protocol_helpers_test.go | 19 ++++- command/connect/envoy/bootstrap_config.go | 5 +- .../connect/envoy/bootstrap_config_test.go | 37 +++++++--- .../ingress-gateway-address-specified.golden | 5 +- .../ingress-gateway-no-auto-register.golden | 5 +- ...-register-with-service-and-proxy-id.golden | 5 +- ...ister-with-service-without-proxy-id.golden | 5 +- .../envoy/testdata/ingress-gateway.golden | 5 +- .../envoy/testdata/prometheus-metrics.golden | 5 +- test/integration/connect/envoy/run-tests.sh | 2 +- .../content/docs/connect/proxies/envoy.mdx | 2 +- 60 files changed, 518 insertions(+), 242 deletions(-) create mode 100644 .changelog/12805.txt diff --git a/.changelog/12805.txt b/.changelog/12805.txt new file mode 100644 index 000000000..22f5a5246 --- /dev/null +++ b/.changelog/12805.txt @@ -0,0 +1,3 @@ +```release-note:improvement +connect: Add Envoy 1.22.0 to support matrix, remove 1.18.6 +``` diff --git a/.circleci/config.yml b/.circleci/config.yml index 905a32801..02bbfad1d 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -847,13 +847,13 @@ jobs: command: make test-coverage-ci - run: *notify-slack-failure - envoy-integration-test-1_18_6: &ENVOY_TESTS + envoy-integration-test-1_19_3: &ENVOY_TESTS machine: image: ubuntu-2004:202101-01 parallelism: 4 resource_class: medium environment: - ENVOY_VERSION: "1.18.6" + ENVOY_VERSION: "1.19.3" steps: &ENVOY_INTEGRATION_TEST_STEPS - checkout # Get go binary from workspace @@ -886,11 +886,6 @@ jobs: path: *TEST_RESULTS_DIR - run: *notify-slack-failure - envoy-integration-test-1_19_3: - <<: *ENVOY_TESTS - environment: - ENVOY_VERSION: "1.19.3" - envoy-integration-test-1_20_2: <<: *ENVOY_TESTS environment: @@ -901,6 +896,11 @@ jobs: environment: ENVOY_VERSION: "1.21.1" + envoy-integration-test-1_22_0: + <<: *ENVOY_TESTS + environment: + ENVOY_VERSION: "1.22.0" + # run integration tests for the connect ca providers test-connect-ca-providers: docker: @@ -1142,9 +1142,6 @@ workflows: - nomad-integration-0_8: requires: - dev-build - - envoy-integration-test-1_18_6: - requires: - - dev-build - envoy-integration-test-1_19_3: requires: - dev-build @@ -1154,6 +1151,9 @@ workflows: - envoy-integration-test-1_21_1: requires: - dev-build + - envoy-integration-test-1_22_0: + requires: + - dev-build website: unless: << pipeline.parameters.trigger-load-test >> diff --git a/agent/xds/delta.go b/agent/xds/delta.go index 872ac31aa..5475533dd 100644 --- a/agent/xds/delta.go +++ b/agent/xds/delta.go @@ -470,16 +470,6 @@ func (t *xDSDeltaType) Recv(req *envoy_discovery_v3.DeltaDiscoveryRequest, sf su t.wildcard = len(req.ResourceNamesSubscribe) == 0 t.registered = true registeredThisTime = true - - if sf.ForceLDSandCDSToAlwaysUseWildcardsOnReconnect { - switch t.typeURL { - case xdscommon.ListenerType, xdscommon.ClusterType: - if !t.wildcard { - t.wildcard = true - logger.Trace("fixing Envoy bug fixed in 1.19.0 by inferring wildcard mode for type") - } - } - } } /* diff --git a/agent/xds/delta_test.go b/agent/xds/delta_test.go index c60f5fc02..c094a002b 100644 --- a/agent/xds/delta_test.go +++ b/agent/xds/delta_test.go @@ -657,72 +657,6 @@ func TestServer_DeltaAggregatedResources_v3_SlowEndpointPopulation(t *testing.T) } } -func TestServer_DeltaAggregatedResources_v3_GetAllClusterAfterConsulRestarted(t *testing.T) { - // This illustrates a scenario related to https://github.com/hashicorp/consul/issues/11833 - - aclResolve := func(id string) (acl.Authorizer, error) { - // Allow all - return acl.RootAuthorizer("manage"), nil - } - scenario := newTestServerDeltaScenario(t, aclResolve, "web-sidecar-proxy", "", 0, false) - _, mgr, errCh, envoy := scenario.server, scenario.mgr, scenario.errCh, scenario.envoy - envoy.EnvoyVersion = "1.18.0" - - sid := structs.NewServiceID("web-sidecar-proxy", nil) - - // Register the proxy to create state needed to Watch() on - mgr.RegisterProxy(t, sid) - - var snap *proxycfg.ConfigSnapshot - runStep(t, "get into state after consul restarted", func(t *testing.T) { - snap = newTestSnapshot(t, nil, "") - - // Send initial cluster discover. - // This is to simulate the discovery request call from envoy after disconnected from consul ads stream. - // - // We need to force it to be an older version of envoy so that the logic shifts. - envoy.SendDeltaReq(t, xdscommon.ClusterType, &envoy_discovery_v3.DeltaDiscoveryRequest{ - ResourceNamesSubscribe: []string{ - "local_app", - "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - }, - InitialResourceVersions: map[string]string{ - "local_app": "a948904f2f0f479b8f8197694b30184b0d2ed1c1cd2a1ec0fb85d299a192a447", - "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul": "5891b5b522d5df086d0ff0b110fbd9d21bb4fc7163af34d08286a2e846f6be03", - }, - }) - - // Check no response sent yet - assertDeltaChanBlocked(t, envoy.deltaStream.sendCh) - - requireProtocolVersionGauge(t, scenario, "v3", 1) - - // Deliver a new snapshot - // the config contains 3 clusters: local_app, db, geo-cache. - // this is to simulate the fact that there is one additional (upstream) cluster gets added to the sidecar service - // during the time xds disconnected (consul restarted). - mgr.DeliverConfig(t, sid, snap) - - assertDeltaResponseSent(t, envoy.deltaStream.sendCh, &envoy_discovery_v3.DeltaDiscoveryResponse{ - TypeUrl: xdscommon.ClusterType, - Nonce: hexString(1), - Resources: makeTestResources(t, - makeTestCluster(t, snap, "tcp:local_app"), - makeTestCluster(t, snap, "tcp:db"), - makeTestCluster(t, snap, "tcp:geo-cache"), - ), - }) - }) - - envoy.Close() - select { - case err := <-errCh: - require.NoError(t, err) - case <-time.After(50 * time.Millisecond): - t.Fatalf("timed out waiting for handler to finish") - } -} - func TestServer_DeltaAggregatedResources_v3_BasicProtocol_TCP_clusterChangesImpactEndpoints(t *testing.T) { aclResolve := func(id string) (acl.Authorizer, error) { // Allow all diff --git a/agent/xds/envoy_versioning.go b/agent/xds/envoy_versioning.go index 1ee579890..e0face0bd 100644 --- a/agent/xds/envoy_versioning.go +++ b/agent/xds/envoy_versioning.go @@ -11,9 +11,7 @@ import ( var ( // minSupportedVersion is the oldest mainline version we support. This should always be // the zero'th point release of the last element of proxysupport.EnvoyVersions. - minSupportedVersion = version.Must(version.NewVersion("1.18.0")) - - minVersionToForceLDSandCDSToAlwaysUseWildcardsOnReconnect = version.Must(version.NewVersion("1.19.0")) + minSupportedVersion = version.Must(version.NewVersion("1.19.0")) specificUnsupportedVersions = []unsupportedVersion{} ) @@ -25,19 +23,8 @@ type unsupportedVersion struct { } type supportedProxyFeatures struct { - // Older versions of Envoy incorrectly exploded a wildcard subscription for - // LDS and CDS into specific line items on incremental xDS reconnect. They - // would populate both InitialResourceVersions and ResourceNamesSubscribe - // when they SHOULD have left ResourceNamesSubscribe empty (or used an - // explicit "*" in later Envoy versions) to imply wildcard mode. On - // reconnect, Consul interpreted the lack of the wildcard attribute as - // implying that the Envoy instance should not receive updates for any - // newly created listeners and clusters for the remaining life of that - // Envoy sidecar process. - // - // see: https://github.com/envoyproxy/envoy/issues/16063 - // see: https://github.com/envoyproxy/envoy/pull/16153 - ForceLDSandCDSToAlwaysUseWildcardsOnReconnect bool + // Put feature switches here when necessary. For reference, The most recent remove of a feature flag was removed in + // . } func determineSupportedProxyFeatures(node *envoy_core_v3.Node) (supportedProxyFeatures, error) { @@ -75,9 +62,7 @@ func determineSupportedProxyFeaturesFromVersion(version *version.Version) (suppo sf := supportedProxyFeatures{} - if version.LessThan(minVersionToForceLDSandCDSToAlwaysUseWildcardsOnReconnect) { - sf.ForceLDSandCDSToAlwaysUseWildcardsOnReconnect = true - } + // when feature flags necessary, populate here by calling version.LessThan(...) return sf, nil } diff --git a/agent/xds/envoy_versioning_test.go b/agent/xds/envoy_versioning_test.go index c11bcf76a..8f93c90dd 100644 --- a/agent/xds/envoy_versioning_test.go +++ b/agent/xds/envoy_versioning_test.go @@ -118,10 +118,13 @@ func TestDetermineSupportedProxyFeaturesFromString(t *testing.T) { "1.16.4": {expectErr: "Envoy 1.16.4 " + errTooOld}, "1.16.5": {expectErr: "Envoy 1.16.5 " + errTooOld}, "1.16.6": {expectErr: "Envoy 1.16.6 " + errTooOld}, + "1.17.4": {expectErr: "Envoy 1.17.4 " + errTooOld}, + "1.18.6": {expectErr: "Envoy 1.18.6 " + errTooOld}, } // Insert a bunch of valid versions. // Populate feature flags here when appropriate. See consul 1.10.x for reference. + /* Example from 1.18 for _, v := range []string{ "1.18.0", "1.18.1", "1.18.2", "1.18.3", "1.18.4", "1.18.5", "1.18.6", } { @@ -129,10 +132,12 @@ func TestDetermineSupportedProxyFeaturesFromString(t *testing.T) { ForceLDSandCDSToAlwaysUseWildcardsOnReconnect: true, }} } + */ for _, v := range []string{ "1.19.0", "1.19.1", "1.19.2", "1.19.3", "1.20.0", "1.20.1", "1.20.2", "1.21.1", + "1.22.0", } { cases[v] = testcase{expect: supportedProxyFeatures{}} } diff --git a/agent/xds/listeners.go b/agent/xds/listeners.go index b9b7855b9..5fcc83a91 100644 --- a/agent/xds/listeners.go +++ b/agent/xds/listeners.go @@ -18,8 +18,13 @@ import ( envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" + envoy_grpc_http1_bridge_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/grpc_http1_bridge/v3" envoy_grpc_stats_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/grpc_stats/v3" + envoy_http_router_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/router/v3" + envoy_original_dst_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/listener/original_dst/v3" + envoy_tls_inspector_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/listener/tls_inspector/v3" envoy_http_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" + envoy_sni_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/sni_cluster/v3" envoy_tcp_proxy_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/tcp_proxy/v3" envoy_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" envoy_type_v3 "github.com/envoyproxy/go-control-plane/envoy/type/v3" @@ -80,18 +85,19 @@ func (s *ResourceGenerator) listenersFromSnapshotConnectProxy(cfgSnap *proxycfg. port = cfgSnap.Proxy.TransparentProxy.OutboundListenerPort } + originalDstFilter, err := makeEnvoyListenerFilter("envoy.filters.listener.original_dst", &envoy_original_dst_v3.OriginalDst{}) + if err != nil { + return nil, err + } + outboundListener = makePortListener(OutboundListenerName, "127.0.0.1", port, envoy_core_v3.TrafficDirection_OUTBOUND) outboundListener.FilterChains = make([]*envoy_listener_v3.FilterChain, 0) outboundListener.ListenerFilters = []*envoy_listener_v3.ListenerFilter{ - { - // The original_dst filter is a listener filter that recovers the original destination - // address before the iptables redirection. This filter is needed for transparent - // proxies because they route to upstreams using filter chains that match on the - // destination IP address. If the filter is not present, no chain will match. - // - // TODO(tproxy): Hard-coded until we upgrade the go-control-plane library - Name: "envoy.filters.listener.original_dst", - }, + // The original_dst filter is a listener filter that recovers the original destination + // address before the iptables redirection. This filter is needed for transparent + // proxies because they route to upstreams using filter chains that match on the + // destination IP address. If the filter is not present, no chain will match. + originalDstFilter, } } @@ -1058,9 +1064,15 @@ func (s *ResourceGenerator) makeTerminatingGatewayListener( if err != nil { return nil, err } + + sniCluster, err := makeSNIClusterFilter() + if err != nil { + return nil, err + } + fallback := &envoy_listener_v3.FilterChain{ Filters: []*envoy_listener_v3.Filter{ - {Name: "envoy.filters.network.sni_cluster"}, + sniCluster, tcpProxy, }, } @@ -1383,7 +1395,7 @@ func makeListenerFilter(opts listenerFilterOpts) (*envoy_listener_v3.Filter, err } func makeTLSInspectorListenerFilter() (*envoy_listener_v3.ListenerFilter, error) { - return &envoy_listener_v3.ListenerFilter{Name: "envoy.filters.listener.tls_inspector"}, nil + return makeEnvoyListenerFilter("envoy.filters.listener.tls_inspector", &envoy_tls_inspector_v3.TlsInspector{}) } func makeSNIFilterChainMatch(sniMatches ...string) *envoy_listener_v3.FilterChainMatch { @@ -1393,8 +1405,7 @@ func makeSNIFilterChainMatch(sniMatches ...string) *envoy_listener_v3.FilterChai } func makeSNIClusterFilter() (*envoy_listener_v3.Filter, error) { - // This filter has no config which is why we are not calling make - return &envoy_listener_v3.Filter{Name: "envoy.filters.network.sni_cluster"}, nil + return makeFilter("envoy.filters.network.sni_cluster", &envoy_sni_cluster_v3.SniCluster{}) } func makeTCPProxyFilter(filterName, cluster, statPrefix string) (*envoy_listener_v3.Filter, error) { @@ -1413,13 +1424,16 @@ func makeStatPrefix(prefix, filterName string) string { } func makeHTTPFilter(opts listenerFilterOpts) (*envoy_listener_v3.Filter, error) { + router, err := makeEnvoyHTTPFilter("envoy.filters.http.router", &envoy_http_router_v3.Router{}) + if err != nil { + return nil, err + } + cfg := &envoy_http_v3.HttpConnectionManager{ StatPrefix: makeStatPrefix(opts.statPrefix, opts.filterName), CodecType: envoy_http_v3.HttpConnectionManager_AUTO, HttpFilters: []*envoy_http_v3.HttpFilter{ - { - Name: "envoy.filters.http.router", - }, + router, }, Tracing: &envoy_http_v3.HttpConnectionManager_Tracing{ // Don't trace any requests by default unless the client application @@ -1508,10 +1522,13 @@ func makeHTTPFilter(opts listenerFilterOpts) (*envoy_listener_v3.Filter, error) } if opts.protocol == "grpc" { - // Add grpc bridge before router and authz - cfg.HttpFilters = append([]*envoy_http_v3.HttpFilter{{ - Name: "envoy.filters.http.grpc_http1_bridge", - }}, cfg.HttpFilters...) + grpcHttp1Bridge, err := makeEnvoyHTTPFilter( + "envoy.filters.http.grpc_http1_bridge", + &envoy_grpc_http1_bridge_v3.Config{}, + ) + if err != nil { + return nil, err + } // In envoy 1.14.x the default value "stats_for_all_methods=true" was // deprecated, and was changed to "false" in 1.18.x. Avoid using the @@ -1527,14 +1544,28 @@ func makeHTTPFilter(opts listenerFilterOpts) (*envoy_listener_v3.Filter, error) if err != nil { return nil, err } + + // Add grpc bridge before router and authz, and the stats in front of that. cfg.HttpFilters = append([]*envoy_http_v3.HttpFilter{ grpcStatsFilter, + grpcHttp1Bridge, }, cfg.HttpFilters...) } return makeFilter("envoy.filters.network.http_connection_manager", cfg) } +func makeEnvoyListenerFilter(name string, cfg proto.Message) (*envoy_listener_v3.ListenerFilter, error) { + any, err := ptypes.MarshalAny(cfg) + if err != nil { + return nil, err + } + return &envoy_listener_v3.ListenerFilter{ + Name: name, + ConfigType: &envoy_listener_v3.ListenerFilter_TypedConfig{TypedConfig: any}, + }, nil +} + func makeFilter(name string, cfg proto.Message) (*envoy_listener_v3.Filter, error) { any, err := ptypes.MarshalAny(cfg) if err != nil { diff --git a/agent/xds/proxysupport/proxysupport.go b/agent/xds/proxysupport/proxysupport.go index c3a9ba05f..eb693e632 100644 --- a/agent/xds/proxysupport/proxysupport.go +++ b/agent/xds/proxysupport/proxysupport.go @@ -7,8 +7,8 @@ package proxysupport // // see: https://www.consul.io/docs/connect/proxies/envoy#supported-versions var EnvoyVersions = []string{ + "1.22.0", "1.21.1", "1.20.2", "1.19.3", - "1.18.6", } diff --git a/agent/xds/testdata/listeners/connect-proxy-with-chain-and-overrides.latest.golden b/agent/xds/testdata/listeners/connect-proxy-with-chain-and-overrides.latest.golden index 1410130f8..4e524021f 100644 --- a/agent/xds/testdata/listeners/connect-proxy-with-chain-and-overrides.latest.golden +++ b/agent/xds/testdata/listeners/connect-proxy-with-chain-and-overrides.latest.golden @@ -36,10 +36,16 @@ } }, { - "name": "envoy.filters.http.grpc_http1_bridge" + "name": "envoy.filters.http.grpc_http1_bridge", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.grpc_http1_bridge.v3.Config" + } }, { - "name": "envoy.filters.http.router" + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ], "tracing": { diff --git a/agent/xds/testdata/listeners/connect-proxy-with-grpc-chain.latest.golden b/agent/xds/testdata/listeners/connect-proxy-with-grpc-chain.latest.golden index 1410130f8..4e524021f 100644 --- a/agent/xds/testdata/listeners/connect-proxy-with-grpc-chain.latest.golden +++ b/agent/xds/testdata/listeners/connect-proxy-with-grpc-chain.latest.golden @@ -36,10 +36,16 @@ } }, { - "name": "envoy.filters.http.grpc_http1_bridge" + "name": "envoy.filters.http.grpc_http1_bridge", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.grpc_http1_bridge.v3.Config" + } }, { - "name": "envoy.filters.http.router" + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ], "tracing": { diff --git a/agent/xds/testdata/listeners/connect-proxy-with-http-chain.latest.golden b/agent/xds/testdata/listeners/connect-proxy-with-http-chain.latest.golden index 2ef5af99d..0eed52477 100644 --- a/agent/xds/testdata/listeners/connect-proxy-with-http-chain.latest.golden +++ b/agent/xds/testdata/listeners/connect-proxy-with-http-chain.latest.golden @@ -29,7 +29,10 @@ }, "httpFilters": [ { - "name": "envoy.filters.http.router" + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ], "tracing": { diff --git a/agent/xds/testdata/listeners/connect-proxy-with-http2-chain.latest.golden b/agent/xds/testdata/listeners/connect-proxy-with-http2-chain.latest.golden index 6463f5b1b..56d9ffd88 100644 --- a/agent/xds/testdata/listeners/connect-proxy-with-http2-chain.latest.golden +++ b/agent/xds/testdata/listeners/connect-proxy-with-http2-chain.latest.golden @@ -29,7 +29,10 @@ }, "httpFilters": [ { - "name": "envoy.filters.http.router" + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ], "tracing": { diff --git a/agent/xds/testdata/listeners/expose-checks.latest.golden b/agent/xds/testdata/listeners/expose-checks.latest.golden index a893884f1..518285040 100644 --- a/agent/xds/testdata/listeners/expose-checks.latest.golden +++ b/agent/xds/testdata/listeners/expose-checks.latest.golden @@ -57,7 +57,10 @@ }, "httpFilters": [ { - "name": "envoy.filters.http.router" + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ], "tracing": { diff --git a/agent/xds/testdata/listeners/expose-paths-local-app-paths.latest.golden b/agent/xds/testdata/listeners/expose-paths-local-app-paths.latest.golden index 65bdb30d9..cb7b0d46e 100644 --- a/agent/xds/testdata/listeners/expose-paths-local-app-paths.latest.golden +++ b/agent/xds/testdata/listeners/expose-paths-local-app-paths.latest.golden @@ -41,7 +41,10 @@ }, "httpFilters": [ { - "name": "envoy.filters.http.router" + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ], "tracing": { @@ -96,7 +99,10 @@ }, "httpFilters": [ { - "name": "envoy.filters.http.router" + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ], "tracing": { diff --git a/agent/xds/testdata/listeners/expose-paths-new-cluster-http2.latest.golden b/agent/xds/testdata/listeners/expose-paths-new-cluster-http2.latest.golden index fb860a535..84ef190ad 100644 --- a/agent/xds/testdata/listeners/expose-paths-new-cluster-http2.latest.golden +++ b/agent/xds/testdata/listeners/expose-paths-new-cluster-http2.latest.golden @@ -41,7 +41,10 @@ }, "httpFilters": [ { - "name": "envoy.filters.http.router" + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ], "tracing": { @@ -99,7 +102,10 @@ }, "httpFilters": [ { - "name": "envoy.filters.http.router" + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ], "tracing": { diff --git a/agent/xds/testdata/listeners/http-listener-with-timeouts.latest.golden b/agent/xds/testdata/listeners/http-listener-with-timeouts.latest.golden index 15997388c..0cd9b242b 100644 --- a/agent/xds/testdata/listeners/http-listener-with-timeouts.latest.golden +++ b/agent/xds/testdata/listeners/http-listener-with-timeouts.latest.golden @@ -101,7 +101,10 @@ } }, { - "name": "envoy.filters.http.router" + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ], "tracing": { diff --git a/agent/xds/testdata/listeners/http-public-listener.latest.golden b/agent/xds/testdata/listeners/http-public-listener.latest.golden index 85a5acb53..d0a676eff 100644 --- a/agent/xds/testdata/listeners/http-public-listener.latest.golden +++ b/agent/xds/testdata/listeners/http-public-listener.latest.golden @@ -100,7 +100,10 @@ } }, { - "name": "envoy.filters.http.router" + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ], "tracing": { diff --git a/agent/xds/testdata/listeners/http-upstream.latest.golden b/agent/xds/testdata/listeners/http-upstream.latest.golden index 14046bfcf..717877fcd 100644 --- a/agent/xds/testdata/listeners/http-upstream.latest.golden +++ b/agent/xds/testdata/listeners/http-upstream.latest.golden @@ -41,7 +41,10 @@ }, "httpFilters": [ { - "name": "envoy.filters.http.router" + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ], "tracing": { diff --git a/agent/xds/testdata/listeners/ingress-http-multiple-services.latest.golden b/agent/xds/testdata/listeners/ingress-http-multiple-services.latest.golden index 0ee1474c7..bcdf29c64 100644 --- a/agent/xds/testdata/listeners/ingress-http-multiple-services.latest.golden +++ b/agent/xds/testdata/listeners/ingress-http-multiple-services.latest.golden @@ -29,7 +29,10 @@ }, "httpFilters": [ { - "name": "envoy.filters.http.router" + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ], "tracing": { @@ -72,7 +75,10 @@ }, "httpFilters": [ { - "name": "envoy.filters.http.router" + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ], "tracing": { diff --git a/agent/xds/testdata/listeners/ingress-splitter-with-resolver-redirect.latest.golden b/agent/xds/testdata/listeners/ingress-splitter-with-resolver-redirect.latest.golden index 4f804bc74..ae2f68556 100644 --- a/agent/xds/testdata/listeners/ingress-splitter-with-resolver-redirect.latest.golden +++ b/agent/xds/testdata/listeners/ingress-splitter-with-resolver-redirect.latest.golden @@ -29,7 +29,10 @@ }, "httpFilters": [ { - "name": "envoy.filters.http.router" + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ], "tracing": { diff --git a/agent/xds/testdata/listeners/ingress-with-sds-listener+service-level.latest.golden b/agent/xds/testdata/listeners/ingress-with-sds-listener+service-level.latest.golden index b5531913d..02bcf8d36 100644 --- a/agent/xds/testdata/listeners/ingress-with-sds-listener+service-level.latest.golden +++ b/agent/xds/testdata/listeners/ingress-with-sds-listener+service-level.latest.golden @@ -34,7 +34,10 @@ }, "httpFilters": [ { - "name": "envoy.filters.http.router" + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ], "tracing": { @@ -96,7 +99,10 @@ }, "httpFilters": [ { - "name": "envoy.filters.http.router" + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ], "tracing": { @@ -143,7 +149,10 @@ ], "listenerFilters": [ { - "name": "envoy.filters.listener.tls_inspector" + "name": "envoy.filters.listener.tls_inspector", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" + } } ], "trafficDirection": "OUTBOUND" diff --git a/agent/xds/testdata/listeners/ingress-with-sds-listener-gw-level-http.latest.golden b/agent/xds/testdata/listeners/ingress-with-sds-listener-gw-level-http.latest.golden index e858c2afb..5e197a36e 100644 --- a/agent/xds/testdata/listeners/ingress-with-sds-listener-gw-level-http.latest.golden +++ b/agent/xds/testdata/listeners/ingress-with-sds-listener-gw-level-http.latest.golden @@ -29,7 +29,10 @@ }, "httpFilters": [ { - "name": "envoy.filters.http.router" + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ], "tracing": { diff --git a/agent/xds/testdata/listeners/ingress-with-sds-service-level-mixed-no-tls.latest.golden b/agent/xds/testdata/listeners/ingress-with-sds-service-level-mixed-no-tls.latest.golden index dbfb9f40e..bb017e85d 100644 --- a/agent/xds/testdata/listeners/ingress-with-sds-service-level-mixed-no-tls.latest.golden +++ b/agent/xds/testdata/listeners/ingress-with-sds-service-level-mixed-no-tls.latest.golden @@ -34,7 +34,10 @@ }, "httpFilters": [ { - "name": "envoy.filters.http.router" + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ], "tracing": { @@ -96,7 +99,10 @@ }, "httpFilters": [ { - "name": "envoy.filters.http.router" + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ], "tracing": { @@ -111,7 +117,10 @@ ], "listenerFilters": [ { - "name": "envoy.filters.listener.tls_inspector" + "name": "envoy.filters.listener.tls_inspector", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" + } } ], "trafficDirection": "OUTBOUND" diff --git a/agent/xds/testdata/listeners/ingress-with-sds-service-level.latest.golden b/agent/xds/testdata/listeners/ingress-with-sds-service-level.latest.golden index cc7c0c30c..d89cb9eef 100644 --- a/agent/xds/testdata/listeners/ingress-with-sds-service-level.latest.golden +++ b/agent/xds/testdata/listeners/ingress-with-sds-service-level.latest.golden @@ -34,7 +34,10 @@ }, "httpFilters": [ { - "name": "envoy.filters.http.router" + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ], "tracing": { @@ -101,7 +104,10 @@ }, "httpFilters": [ { - "name": "envoy.filters.http.router" + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ], "tracing": { @@ -148,7 +154,10 @@ ], "listenerFilters": [ { - "name": "envoy.filters.listener.tls_inspector" + "name": "envoy.filters.listener.tls_inspector", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" + } } ], "trafficDirection": "OUTBOUND" diff --git a/agent/xds/testdata/listeners/ingress-with-single-tls-listener.latest.golden b/agent/xds/testdata/listeners/ingress-with-single-tls-listener.latest.golden index 3c0d3cbec..17fef5d07 100644 --- a/agent/xds/testdata/listeners/ingress-with-single-tls-listener.latest.golden +++ b/agent/xds/testdata/listeners/ingress-with-single-tls-listener.latest.golden @@ -29,7 +29,10 @@ }, "httpFilters": [ { - "name": "envoy.filters.http.router" + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ], "tracing": { @@ -72,7 +75,10 @@ }, "httpFilters": [ { - "name": "envoy.filters.http.router" + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ], "tracing": { diff --git a/agent/xds/testdata/listeners/ingress-with-tls-min-version-listeners-gateway-defaults.latest.golden b/agent/xds/testdata/listeners/ingress-with-tls-min-version-listeners-gateway-defaults.latest.golden index 6cce4ea29..af876f885 100644 --- a/agent/xds/testdata/listeners/ingress-with-tls-min-version-listeners-gateway-defaults.latest.golden +++ b/agent/xds/testdata/listeners/ingress-with-tls-min-version-listeners-gateway-defaults.latest.golden @@ -29,7 +29,10 @@ }, "httpFilters": [ { - "name": "envoy.filters.http.router" + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ], "tracing": { @@ -99,7 +102,10 @@ }, "httpFilters": [ { - "name": "envoy.filters.http.router" + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ], "tracing": { @@ -169,7 +175,10 @@ }, "httpFilters": [ { - "name": "envoy.filters.http.router" + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ], "tracing": { @@ -239,7 +248,10 @@ }, "httpFilters": [ { - "name": "envoy.filters.http.router" + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ], "tracing": { @@ -309,7 +321,10 @@ }, "httpFilters": [ { - "name": "envoy.filters.http.router" + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ], "tracing": { diff --git a/agent/xds/testdata/listeners/ingress-with-tls-mixed-listeners.latest.golden b/agent/xds/testdata/listeners/ingress-with-tls-mixed-listeners.latest.golden index e5ba23e89..e504650b3 100644 --- a/agent/xds/testdata/listeners/ingress-with-tls-mixed-listeners.latest.golden +++ b/agent/xds/testdata/listeners/ingress-with-tls-mixed-listeners.latest.golden @@ -29,7 +29,10 @@ }, "httpFilters": [ { - "name": "envoy.filters.http.router" + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ], "tracing": { @@ -99,7 +102,10 @@ }, "httpFilters": [ { - "name": "envoy.filters.http.router" + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ], "tracing": { diff --git a/agent/xds/testdata/listeners/ingress-with-tls-mixed-min-version-listeners.latest.golden b/agent/xds/testdata/listeners/ingress-with-tls-mixed-min-version-listeners.latest.golden index 47b7046a9..1347394a2 100644 --- a/agent/xds/testdata/listeners/ingress-with-tls-mixed-min-version-listeners.latest.golden +++ b/agent/xds/testdata/listeners/ingress-with-tls-mixed-min-version-listeners.latest.golden @@ -29,7 +29,10 @@ }, "httpFilters": [ { - "name": "envoy.filters.http.router" + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ], "tracing": { @@ -99,7 +102,10 @@ }, "httpFilters": [ { - "name": "envoy.filters.http.router" + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ], "tracing": { @@ -169,7 +175,10 @@ }, "httpFilters": [ { - "name": "envoy.filters.http.router" + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ], "tracing": { diff --git a/agent/xds/testdata/listeners/mesh-gateway-custom-addresses.latest.golden b/agent/xds/testdata/listeners/mesh-gateway-custom-addresses.latest.golden index 1d948062e..7c293d43d 100644 --- a/agent/xds/testdata/listeners/mesh-gateway-custom-addresses.latest.golden +++ b/agent/xds/testdata/listeners/mesh-gateway-custom-addresses.latest.golden @@ -65,7 +65,10 @@ { "filters": [ { - "name": "envoy.filters.network.sni_cluster" + "name": "envoy.filters.network.sni_cluster", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster" + } }, { "name": "envoy.filters.network.tcp_proxy", @@ -80,7 +83,10 @@ ], "listenerFilters": [ { - "name": "envoy.filters.listener.tls_inspector" + "name": "envoy.filters.listener.tls_inspector", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" + } } ] }, @@ -148,7 +154,10 @@ { "filters": [ { - "name": "envoy.filters.network.sni_cluster" + "name": "envoy.filters.network.sni_cluster", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster" + } }, { "name": "envoy.filters.network.tcp_proxy", @@ -163,7 +172,10 @@ ], "listenerFilters": [ { - "name": "envoy.filters.listener.tls_inspector" + "name": "envoy.filters.listener.tls_inspector", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" + } } ] }, @@ -231,7 +243,10 @@ { "filters": [ { - "name": "envoy.filters.network.sni_cluster" + "name": "envoy.filters.network.sni_cluster", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster" + } }, { "name": "envoy.filters.network.tcp_proxy", @@ -246,7 +261,10 @@ ], "listenerFilters": [ { - "name": "envoy.filters.listener.tls_inspector" + "name": "envoy.filters.listener.tls_inspector", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" + } } ] }, @@ -314,7 +332,10 @@ { "filters": [ { - "name": "envoy.filters.network.sni_cluster" + "name": "envoy.filters.network.sni_cluster", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster" + } }, { "name": "envoy.filters.network.tcp_proxy", @@ -329,7 +350,10 @@ ], "listenerFilters": [ { - "name": "envoy.filters.listener.tls_inspector" + "name": "envoy.filters.listener.tls_inspector", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" + } } ] } diff --git a/agent/xds/testdata/listeners/mesh-gateway-no-services.latest.golden b/agent/xds/testdata/listeners/mesh-gateway-no-services.latest.golden index f1d2001d3..40d5b919b 100644 --- a/agent/xds/testdata/listeners/mesh-gateway-no-services.latest.golden +++ b/agent/xds/testdata/listeners/mesh-gateway-no-services.latest.golden @@ -14,7 +14,10 @@ { "filters": [ { - "name": "envoy.filters.network.sni_cluster" + "name": "envoy.filters.network.sni_cluster", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster" + } }, { "name": "envoy.filters.network.tcp_proxy", @@ -29,7 +32,10 @@ ], "listenerFilters": [ { - "name": "envoy.filters.listener.tls_inspector" + "name": "envoy.filters.listener.tls_inspector", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" + } } ] } diff --git a/agent/xds/testdata/listeners/mesh-gateway-tagged-addresses.latest.golden b/agent/xds/testdata/listeners/mesh-gateway-tagged-addresses.latest.golden index 99f09630f..4c76beebb 100644 --- a/agent/xds/testdata/listeners/mesh-gateway-tagged-addresses.latest.golden +++ b/agent/xds/testdata/listeners/mesh-gateway-tagged-addresses.latest.golden @@ -65,7 +65,10 @@ { "filters": [ { - "name": "envoy.filters.network.sni_cluster" + "name": "envoy.filters.network.sni_cluster", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster" + } }, { "name": "envoy.filters.network.tcp_proxy", @@ -80,7 +83,10 @@ ], "listenerFilters": [ { - "name": "envoy.filters.listener.tls_inspector" + "name": "envoy.filters.listener.tls_inspector", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" + } } ] }, @@ -148,7 +154,10 @@ { "filters": [ { - "name": "envoy.filters.network.sni_cluster" + "name": "envoy.filters.network.sni_cluster", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster" + } }, { "name": "envoy.filters.network.tcp_proxy", @@ -163,7 +172,10 @@ ], "listenerFilters": [ { - "name": "envoy.filters.listener.tls_inspector" + "name": "envoy.filters.listener.tls_inspector", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" + } } ] } diff --git a/agent/xds/testdata/listeners/mesh-gateway-using-federation-states.latest.golden b/agent/xds/testdata/listeners/mesh-gateway-using-federation-states.latest.golden index 092529f4c..7505e7c20 100644 --- a/agent/xds/testdata/listeners/mesh-gateway-using-federation-states.latest.golden +++ b/agent/xds/testdata/listeners/mesh-gateway-using-federation-states.latest.golden @@ -65,7 +65,10 @@ { "filters": [ { - "name": "envoy.filters.network.sni_cluster" + "name": "envoy.filters.network.sni_cluster", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster" + } }, { "name": "envoy.filters.network.tcp_proxy", @@ -80,7 +83,10 @@ ], "listenerFilters": [ { - "name": "envoy.filters.listener.tls_inspector" + "name": "envoy.filters.listener.tls_inspector", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" + } } ] } diff --git a/agent/xds/testdata/listeners/mesh-gateway.latest.golden b/agent/xds/testdata/listeners/mesh-gateway.latest.golden index 092529f4c..7505e7c20 100644 --- a/agent/xds/testdata/listeners/mesh-gateway.latest.golden +++ b/agent/xds/testdata/listeners/mesh-gateway.latest.golden @@ -65,7 +65,10 @@ { "filters": [ { - "name": "envoy.filters.network.sni_cluster" + "name": "envoy.filters.network.sni_cluster", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster" + } }, { "name": "envoy.filters.network.tcp_proxy", @@ -80,7 +83,10 @@ ], "listenerFilters": [ { - "name": "envoy.filters.listener.tls_inspector" + "name": "envoy.filters.listener.tls_inspector", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" + } } ] } diff --git a/agent/xds/testdata/listeners/splitter-with-resolver-redirect.latest.golden b/agent/xds/testdata/listeners/splitter-with-resolver-redirect.latest.golden index 2ef5af99d..0eed52477 100644 --- a/agent/xds/testdata/listeners/splitter-with-resolver-redirect.latest.golden +++ b/agent/xds/testdata/listeners/splitter-with-resolver-redirect.latest.golden @@ -29,7 +29,10 @@ }, "httpFilters": [ { - "name": "envoy.filters.http.router" + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ], "tracing": { diff --git a/agent/xds/testdata/listeners/terminating-gateway-custom-and-tagged-addresses.latest.golden b/agent/xds/testdata/listeners/terminating-gateway-custom-and-tagged-addresses.latest.golden index 80e0a6045..26f56d3dd 100644 --- a/agent/xds/testdata/listeners/terminating-gateway-custom-and-tagged-addresses.latest.golden +++ b/agent/xds/testdata/listeners/terminating-gateway-custom-and-tagged-addresses.latest.golden @@ -230,7 +230,10 @@ { "filters": [ { - "name": "envoy.filters.network.sni_cluster" + "name": "envoy.filters.network.sni_cluster", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster" + } }, { "name": "envoy.filters.network.tcp_proxy", @@ -245,7 +248,10 @@ ], "listenerFilters": [ { - "name": "envoy.filters.listener.tls_inspector" + "name": "envoy.filters.listener.tls_inspector", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" + } } ], "trafficDirection": "INBOUND" @@ -479,7 +485,10 @@ { "filters": [ { - "name": "envoy.filters.network.sni_cluster" + "name": "envoy.filters.network.sni_cluster", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster" + } }, { "name": "envoy.filters.network.tcp_proxy", @@ -494,7 +503,10 @@ ], "listenerFilters": [ { - "name": "envoy.filters.listener.tls_inspector" + "name": "envoy.filters.listener.tls_inspector", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" + } } ], "trafficDirection": "INBOUND" diff --git a/agent/xds/testdata/listeners/terminating-gateway-no-api-cert.latest.golden b/agent/xds/testdata/listeners/terminating-gateway-no-api-cert.latest.golden index 1c59ad859..acbcc16b4 100644 --- a/agent/xds/testdata/listeners/terminating-gateway-no-api-cert.latest.golden +++ b/agent/xds/testdata/listeners/terminating-gateway-no-api-cert.latest.golden @@ -176,7 +176,10 @@ { "filters": [ { - "name": "envoy.filters.network.sni_cluster" + "name": "envoy.filters.network.sni_cluster", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster" + } }, { "name": "envoy.filters.network.tcp_proxy", @@ -191,7 +194,10 @@ ], "listenerFilters": [ { - "name": "envoy.filters.listener.tls_inspector" + "name": "envoy.filters.listener.tls_inspector", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" + } } ], "trafficDirection": "INBOUND" diff --git a/agent/xds/testdata/listeners/terminating-gateway-no-services.latest.golden b/agent/xds/testdata/listeners/terminating-gateway-no-services.latest.golden index 042527d73..329a0cb6c 100644 --- a/agent/xds/testdata/listeners/terminating-gateway-no-services.latest.golden +++ b/agent/xds/testdata/listeners/terminating-gateway-no-services.latest.golden @@ -14,7 +14,10 @@ { "filters": [ { - "name": "envoy.filters.network.sni_cluster" + "name": "envoy.filters.network.sni_cluster", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster" + } }, { "name": "envoy.filters.network.tcp_proxy", @@ -29,7 +32,10 @@ ], "listenerFilters": [ { - "name": "envoy.filters.listener.tls_inspector" + "name": "envoy.filters.listener.tls_inspector", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" + } } ], "trafficDirection": "INBOUND" diff --git a/agent/xds/testdata/listeners/terminating-gateway-service-subsets.latest.golden b/agent/xds/testdata/listeners/terminating-gateway-service-subsets.latest.golden index f68f73e65..c2ce2223b 100644 --- a/agent/xds/testdata/listeners/terminating-gateway-service-subsets.latest.golden +++ b/agent/xds/testdata/listeners/terminating-gateway-service-subsets.latest.golden @@ -205,7 +205,10 @@ } }, { - "name": "envoy.filters.http.router" + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ], "tracing": { @@ -276,7 +279,10 @@ } }, { - "name": "envoy.filters.http.router" + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ], "tracing": { @@ -347,7 +353,10 @@ } }, { - "name": "envoy.filters.http.router" + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ], "tracing": { @@ -389,7 +398,10 @@ { "filters": [ { - "name": "envoy.filters.network.sni_cluster" + "name": "envoy.filters.network.sni_cluster", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster" + } }, { "name": "envoy.filters.network.tcp_proxy", @@ -404,7 +416,10 @@ ], "listenerFilters": [ { - "name": "envoy.filters.listener.tls_inspector" + "name": "envoy.filters.listener.tls_inspector", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" + } } ], "trafficDirection": "INBOUND" diff --git a/agent/xds/testdata/listeners/terminating-gateway-with-tls-incoming-cipher-suites.latest.golden b/agent/xds/testdata/listeners/terminating-gateway-with-tls-incoming-cipher-suites.latest.golden index 7b8a7eb8f..b3a94c947 100644 --- a/agent/xds/testdata/listeners/terminating-gateway-with-tls-incoming-cipher-suites.latest.golden +++ b/agent/xds/testdata/listeners/terminating-gateway-with-tls-incoming-cipher-suites.latest.golden @@ -242,7 +242,10 @@ { "filters": [ { - "name": "envoy.filters.network.sni_cluster" + "name": "envoy.filters.network.sni_cluster", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster" + } }, { "name": "envoy.filters.network.tcp_proxy", @@ -257,7 +260,10 @@ ], "listenerFilters": [ { - "name": "envoy.filters.listener.tls_inspector" + "name": "envoy.filters.listener.tls_inspector", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" + } } ], "trafficDirection": "INBOUND" diff --git a/agent/xds/testdata/listeners/terminating-gateway-with-tls-incoming-max-version.latest.golden b/agent/xds/testdata/listeners/terminating-gateway-with-tls-incoming-max-version.latest.golden index 433a49902..e2554002e 100644 --- a/agent/xds/testdata/listeners/terminating-gateway-with-tls-incoming-max-version.latest.golden +++ b/agent/xds/testdata/listeners/terminating-gateway-with-tls-incoming-max-version.latest.golden @@ -230,7 +230,10 @@ { "filters": [ { - "name": "envoy.filters.network.sni_cluster" + "name": "envoy.filters.network.sni_cluster", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster" + } }, { "name": "envoy.filters.network.tcp_proxy", @@ -245,7 +248,10 @@ ], "listenerFilters": [ { - "name": "envoy.filters.listener.tls_inspector" + "name": "envoy.filters.listener.tls_inspector", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" + } } ], "trafficDirection": "INBOUND" diff --git a/agent/xds/testdata/listeners/terminating-gateway-with-tls-incoming-min-version.latest.golden b/agent/xds/testdata/listeners/terminating-gateway-with-tls-incoming-min-version.latest.golden index 74a08b900..daf9ca01f 100644 --- a/agent/xds/testdata/listeners/terminating-gateway-with-tls-incoming-min-version.latest.golden +++ b/agent/xds/testdata/listeners/terminating-gateway-with-tls-incoming-min-version.latest.golden @@ -230,7 +230,10 @@ { "filters": [ { - "name": "envoy.filters.network.sni_cluster" + "name": "envoy.filters.network.sni_cluster", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster" + } }, { "name": "envoy.filters.network.tcp_proxy", @@ -245,7 +248,10 @@ ], "listenerFilters": [ { - "name": "envoy.filters.listener.tls_inspector" + "name": "envoy.filters.listener.tls_inspector", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" + } } ], "trafficDirection": "INBOUND" diff --git a/agent/xds/testdata/listeners/terminating-gateway.latest.golden b/agent/xds/testdata/listeners/terminating-gateway.latest.golden index ab610fae3..4af97913f 100644 --- a/agent/xds/testdata/listeners/terminating-gateway.latest.golden +++ b/agent/xds/testdata/listeners/terminating-gateway.latest.golden @@ -230,7 +230,10 @@ { "filters": [ { - "name": "envoy.filters.network.sni_cluster" + "name": "envoy.filters.network.sni_cluster", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster" + } }, { "name": "envoy.filters.network.tcp_proxy", @@ -245,7 +248,10 @@ ], "listenerFilters": [ { - "name": "envoy.filters.listener.tls_inspector" + "name": "envoy.filters.listener.tls_inspector", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" + } } ], "trafficDirection": "INBOUND" diff --git a/agent/xds/testdata/listeners/transparent-proxy-catalog-destinations-only.latest.golden b/agent/xds/testdata/listeners/transparent-proxy-catalog-destinations-only.latest.golden index 394e4eb35..9d6d50037 100644 --- a/agent/xds/testdata/listeners/transparent-proxy-catalog-destinations-only.latest.golden +++ b/agent/xds/testdata/listeners/transparent-proxy-catalog-destinations-only.latest.golden @@ -59,7 +59,10 @@ ], "listenerFilters": [ { - "name": "envoy.filters.listener.original_dst" + "name": "envoy.filters.listener.original_dst", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.listener.original_dst.v3.OriginalDst" + } } ], "trafficDirection": "OUTBOUND" diff --git a/agent/xds/testdata/listeners/transparent-proxy-dial-instances-directly.latest.golden b/agent/xds/testdata/listeners/transparent-proxy-dial-instances-directly.latest.golden index e5afb7538..d6f3ea51d 100644 --- a/agent/xds/testdata/listeners/transparent-proxy-dial-instances-directly.latest.golden +++ b/agent/xds/testdata/listeners/transparent-proxy-dial-instances-directly.latest.golden @@ -115,7 +115,10 @@ ], "listenerFilters": [ { - "name": "envoy.filters.listener.original_dst" + "name": "envoy.filters.listener.original_dst", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.listener.original_dst.v3.OriginalDst" + } } ], "trafficDirection": "OUTBOUND" diff --git a/agent/xds/testdata/listeners/transparent-proxy-http-upstream.latest.golden b/agent/xds/testdata/listeners/transparent-proxy-http-upstream.latest.golden index 612f4669b..b6f00f2cd 100644 --- a/agent/xds/testdata/listeners/transparent-proxy-http-upstream.latest.golden +++ b/agent/xds/testdata/listeners/transparent-proxy-http-upstream.latest.golden @@ -78,7 +78,10 @@ }, "httpFilters": [ { - "name": "envoy.filters.http.router" + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ], "tracing": { @@ -105,7 +108,10 @@ ], "listenerFilters": [ { - "name": "envoy.filters.listener.original_dst" + "name": "envoy.filters.listener.original_dst", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.listener.original_dst.v3.OriginalDst" + } } ], "trafficDirection": "OUTBOUND" diff --git a/agent/xds/testdata/listeners/transparent-proxy-terminating-gateway.latest.golden b/agent/xds/testdata/listeners/transparent-proxy-terminating-gateway.latest.golden index 5267c8558..949e2f8b0 100644 --- a/agent/xds/testdata/listeners/transparent-proxy-terminating-gateway.latest.golden +++ b/agent/xds/testdata/listeners/transparent-proxy-terminating-gateway.latest.golden @@ -79,7 +79,10 @@ ], "listenerFilters": [ { - "name": "envoy.filters.listener.original_dst" + "name": "envoy.filters.listener.original_dst", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.listener.original_dst.v3.OriginalDst" + } } ], "trafficDirection": "OUTBOUND" diff --git a/agent/xds/testdata/listeners/transparent-proxy.latest.golden b/agent/xds/testdata/listeners/transparent-proxy.latest.golden index d390e3d9f..ca8b75eb2 100644 --- a/agent/xds/testdata/listeners/transparent-proxy.latest.golden +++ b/agent/xds/testdata/listeners/transparent-proxy.latest.golden @@ -75,7 +75,10 @@ ], "listenerFilters": [ { - "name": "envoy.filters.listener.original_dst" + "name": "envoy.filters.listener.original_dst", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.listener.original_dst.v3.OriginalDst" + } } ], "trafficDirection": "OUTBOUND" diff --git a/agent/xds/testdata/serverless_plugin/listeners/lambda-terminating-gateway-with-service-resolvers.latest.golden b/agent/xds/testdata/serverless_plugin/listeners/lambda-terminating-gateway-with-service-resolvers.latest.golden index a64481e5e..32cfda120 100644 --- a/agent/xds/testdata/serverless_plugin/listeners/lambda-terminating-gateway-with-service-resolvers.latest.golden +++ b/agent/xds/testdata/serverless_plugin/listeners/lambda-terminating-gateway-with-service-resolvers.latest.golden @@ -158,7 +158,10 @@ } }, { - "name": "envoy.filters.http.router" + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ], "tracing": { @@ -237,7 +240,10 @@ } }, { - "name": "envoy.filters.http.router" + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ], "tracing": { @@ -370,7 +376,10 @@ } }, { - "name": "envoy.filters.http.router" + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ], "tracing": { @@ -413,7 +422,10 @@ { "filters": [ { - "name": "envoy.filters.network.sni_cluster" + "name": "envoy.filters.network.sni_cluster", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster" + } }, { "name": "envoy.filters.network.tcp_proxy", @@ -428,7 +440,10 @@ ], "listenerFilters": [ { - "name": "envoy.filters.listener.tls_inspector" + "name": "envoy.filters.listener.tls_inspector", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" + } } ], "trafficDirection": "INBOUND" diff --git a/agent/xds/testdata/serverless_plugin/listeners/lambda-terminating-gateway.latest.golden b/agent/xds/testdata/serverless_plugin/listeners/lambda-terminating-gateway.latest.golden index dea85717f..f415e40ab 100644 --- a/agent/xds/testdata/serverless_plugin/listeners/lambda-terminating-gateway.latest.golden +++ b/agent/xds/testdata/serverless_plugin/listeners/lambda-terminating-gateway.latest.golden @@ -212,7 +212,10 @@ } }, { - "name": "envoy.filters.http.router" + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ], "tracing": { @@ -255,7 +258,10 @@ { "filters": [ { - "name": "envoy.filters.network.sni_cluster" + "name": "envoy.filters.network.sni_cluster", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster" + } }, { "name": "envoy.filters.network.tcp_proxy", @@ -270,7 +276,10 @@ ], "listenerFilters": [ { - "name": "envoy.filters.listener.tls_inspector" + "name": "envoy.filters.listener.tls_inspector", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" + } } ], "trafficDirection": "INBOUND" diff --git a/agent/xds/xds_protocol_helpers_test.go b/agent/xds/xds_protocol_helpers_test.go index c4d5f8673..544983141 100644 --- a/agent/xds/xds_protocol_helpers_test.go +++ b/agent/xds/xds_protocol_helpers_test.go @@ -14,6 +14,7 @@ import ( envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" envoy_rbac_v3 "github.com/envoyproxy/go-control-plane/envoy/config/rbac/v3" envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" + envoy_http_router_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/router/v3" envoy_http_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" envoy_network_rbac_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/rbac/v3" envoy_tcp_proxy_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/tcp_proxy/v3" @@ -306,6 +307,18 @@ func xdsNewFilter(t *testing.T, name string, cfg proto.Message) *envoy_listener_ return f } +func xdsNewListenerFilter(t *testing.T, name string, cfg proto.Message) *envoy_listener_v3.ListenerFilter { + f, err := makeEnvoyListenerFilter(name, cfg) + require.NoError(t, err) + return f +} + +func xdsNewHttpFilter(t *testing.T, name string, cfg proto.Message) *envoy_http_v3.HttpFilter { + f, err := makeEnvoyHTTPFilter(name, cfg) + require.NoError(t, err) + return f +} + func mustHashResource(t *testing.T, res proto.Message) string { v, err := hashResource(res) require.NoError(t, err) @@ -626,7 +639,7 @@ func makeTestListener(t *testing.T, snap *proxycfg.ConfigSnapshot, fixtureName s Filters: []*envoy_listener_v3.Filter{ xdsNewFilter(t, "envoy.filters.network.http_connection_manager", &envoy_http_v3.HttpConnectionManager{ HttpFilters: []*envoy_http_v3.HttpFilter{ - {Name: "envoy.filters.http.router"}, + xdsNewHttpFilter(t, "envoy.filters.http.router", &envoy_http_router_v3.Router{}), }, RouteSpecifier: &envoy_http_v3.HttpConnectionManager_RouteConfig{ RouteConfig: makeTestRoute(t, "http2:db:inline"), @@ -651,7 +664,7 @@ func makeTestListener(t *testing.T, snap *proxycfg.ConfigSnapshot, fixtureName s Filters: []*envoy_listener_v3.Filter{ xdsNewFilter(t, "envoy.filters.network.http_connection_manager", &envoy_http_v3.HttpConnectionManager{ HttpFilters: []*envoy_http_v3.HttpFilter{ - {Name: "envoy.filters.http.router"}, + xdsNewHttpFilter(t, "envoy.filters.http.router", &envoy_http_router_v3.Router{}), }, RouteSpecifier: &envoy_http_v3.HttpConnectionManager_Rds{ Rds: &envoy_http_v3.Rds{ @@ -679,7 +692,7 @@ func makeTestListener(t *testing.T, snap *proxycfg.ConfigSnapshot, fixtureName s Filters: []*envoy_listener_v3.Filter{ xdsNewFilter(t, "envoy.filters.network.http_connection_manager", &envoy_http_v3.HttpConnectionManager{ HttpFilters: []*envoy_http_v3.HttpFilter{ - {Name: "envoy.filters.http.router"}, + xdsNewHttpFilter(t, "envoy.filters.http.router", &envoy_http_router_v3.Router{}), }, RouteSpecifier: &envoy_http_v3.HttpConnectionManager_Rds{ Rds: &envoy_http_v3.Rds{ diff --git a/command/connect/envoy/bootstrap_config.go b/command/connect/envoy/bootstrap_config.go index 777a02451..9c94eaac7 100644 --- a/command/connect/envoy/bootstrap_config.go +++ b/command/connect/envoy/bootstrap_config.go @@ -686,7 +686,10 @@ func (c *BootstrapConfig) generateListenerConfig(args *BootstrapTplArgs, bindAdd }, "http_filters": [ { - "name": "envoy.filters.http.router" + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ] } diff --git a/command/connect/envoy/bootstrap_config_test.go b/command/connect/envoy/bootstrap_config_test.go index 5a5e0d3dc..f02ae04c5 100644 --- a/command/connect/envoy/bootstrap_config_test.go +++ b/command/connect/envoy/bootstrap_config_test.go @@ -136,10 +136,13 @@ const ( ] } ] - }, - "http_filters": [ + }, + "http_filters": [ { - "name": "envoy.filters.http.router" + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ] } @@ -194,10 +197,13 @@ const ( ] } ] - }, - "http_filters": [ + }, + "http_filters": [ { - "name": "envoy.filters.http.router" + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ] } @@ -252,10 +258,13 @@ const ( ] } ] - }, - "http_filters": [ + }, + "http_filters": [ { - "name": "envoy.filters.http.router" + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ] } @@ -313,7 +322,10 @@ const ( }, "http_filters": [ { - "name": "envoy.filters.http.router" + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ] } @@ -371,7 +383,10 @@ const ( }, "http_filters": [ { - "name": "envoy.filters.http.router" + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ] } diff --git a/command/connect/envoy/testdata/ingress-gateway-address-specified.golden b/command/connect/envoy/testdata/ingress-gateway-address-specified.golden index 81a9c7e69..d0b0be0dc 100644 --- a/command/connect/envoy/testdata/ingress-gateway-address-specified.golden +++ b/command/connect/envoy/testdata/ingress-gateway-address-specified.golden @@ -121,7 +121,10 @@ }, "http_filters": [ { - "name": "envoy.filters.http.router" + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ] } diff --git a/command/connect/envoy/testdata/ingress-gateway-no-auto-register.golden b/command/connect/envoy/testdata/ingress-gateway-no-auto-register.golden index d17a33844..d3cedfb5a 100644 --- a/command/connect/envoy/testdata/ingress-gateway-no-auto-register.golden +++ b/command/connect/envoy/testdata/ingress-gateway-no-auto-register.golden @@ -121,7 +121,10 @@ }, "http_filters": [ { - "name": "envoy.filters.http.router" + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ] } diff --git a/command/connect/envoy/testdata/ingress-gateway-register-with-service-and-proxy-id.golden b/command/connect/envoy/testdata/ingress-gateway-register-with-service-and-proxy-id.golden index acee34c6e..cb98077eb 100644 --- a/command/connect/envoy/testdata/ingress-gateway-register-with-service-and-proxy-id.golden +++ b/command/connect/envoy/testdata/ingress-gateway-register-with-service-and-proxy-id.golden @@ -121,7 +121,10 @@ }, "http_filters": [ { - "name": "envoy.filters.http.router" + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ] } diff --git a/command/connect/envoy/testdata/ingress-gateway-register-with-service-without-proxy-id.golden b/command/connect/envoy/testdata/ingress-gateway-register-with-service-without-proxy-id.golden index 005ab2244..d23864619 100644 --- a/command/connect/envoy/testdata/ingress-gateway-register-with-service-without-proxy-id.golden +++ b/command/connect/envoy/testdata/ingress-gateway-register-with-service-without-proxy-id.golden @@ -121,7 +121,10 @@ }, "http_filters": [ { - "name": "envoy.filters.http.router" + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ] } diff --git a/command/connect/envoy/testdata/ingress-gateway.golden b/command/connect/envoy/testdata/ingress-gateway.golden index 148c56ed1..24dd4392e 100644 --- a/command/connect/envoy/testdata/ingress-gateway.golden +++ b/command/connect/envoy/testdata/ingress-gateway.golden @@ -121,7 +121,10 @@ }, "http_filters": [ { - "name": "envoy.filters.http.router" + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ] } diff --git a/command/connect/envoy/testdata/prometheus-metrics.golden b/command/connect/envoy/testdata/prometheus-metrics.golden index d52d3e7b6..333f9872d 100644 --- a/command/connect/envoy/testdata/prometheus-metrics.golden +++ b/command/connect/envoy/testdata/prometheus-metrics.golden @@ -121,7 +121,10 @@ }, "http_filters": [ { - "name": "envoy.filters.http.router" + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ] } diff --git a/test/integration/connect/envoy/run-tests.sh b/test/integration/connect/envoy/run-tests.sh index 67127c89f..ec1a3b89c 100755 --- a/test/integration/connect/envoy/run-tests.sh +++ b/test/integration/connect/envoy/run-tests.sh @@ -10,7 +10,7 @@ readonly HASHICORP_DOCKER_PROXY="docker.mirror.hashicorp.services" DEBUG=${DEBUG:-} # ENVOY_VERSION to run each test against -ENVOY_VERSION=${ENVOY_VERSION:-"1.21.1"} +ENVOY_VERSION=${ENVOY_VERSION:-"1.22.0"} export ENVOY_VERSION export DOCKER_BUILDKIT=1 diff --git a/website/content/docs/connect/proxies/envoy.mdx b/website/content/docs/connect/proxies/envoy.mdx index 35d21fad2..daa58c8c1 100644 --- a/website/content/docs/connect/proxies/envoy.mdx +++ b/website/content/docs/connect/proxies/envoy.mdx @@ -36,7 +36,7 @@ Consul supports **four major Envoy releases** at the beginning of each major Con | Consul Version | Compatible Envoy Versions | | ------------------- | -----------------------------------------------------------------------------------| -| 1.12.x | 1.21.1, 1.20.2, 1.19.3, 1.18.6 | +| 1.12.x | 1.22.0, 1.21.1, 1.20.2, 1.19.3 | | 1.11.x | 1.20.2, 1.19.3, 1.18.6, 1.17.41 | | 1.10.x | 1.18.6, 1.17.41, 1.16.51 , 1.15.51 | | 1.9.x | 1.16.51, 1.15.51, 1.14.71,2, 1.13.71,2 | From bbb13b026c6f347616f061b34b6a396a1d9989e5 Mon Sep 17 00:00:00 2001 From: Paul Glass Date: Mon, 18 Apr 2022 14:34:37 -0500 Subject: [PATCH 163/785] Docs: IAM auth method (#12779) * Docs: IAM auth method Co-authored-by: Karl Cardenas --- .../security/acl/auth-methods/aws-iam.mdx | 210 ++++++++++++++++++ .../docs/security/acl/auth-methods/index.mdx | 1 + website/data/docs-nav-data.json | 4 + 3 files changed, 215 insertions(+) create mode 100644 website/content/docs/security/acl/auth-methods/aws-iam.mdx diff --git a/website/content/docs/security/acl/auth-methods/aws-iam.mdx b/website/content/docs/security/acl/auth-methods/aws-iam.mdx new file mode 100644 index 000000000..b6422c5f1 --- /dev/null +++ b/website/content/docs/security/acl/auth-methods/aws-iam.mdx @@ -0,0 +1,210 @@ +--- +layout: docs +page_title: AWS IAM Auth Method +description: >- + The AWS IAM auth method type allows for AWS IAM Roles and Users + to be used to authenticate to Consul. +--- + +# AWS IAM Auth Method + + +The AWS Identity and Access Management (IAM) auth method type allows for AWS +IAM Roles and Users to be used to authenticate to Consul in order to obtain +a Consul token. + +This page assumes general knowledge of [AWS +IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html) +and the concepts described in the main [auth method +documentation](/docs/security/acl/auth-methods). + +## Overview + +The AWS IAM auth method for Consul uses a variation on the approach used by the [IAM auth method for +Vault](https://www.vaultproject.io/docs/auth/aws#iam-auth-method). Specifically, the IAM auth method +for Consul avoids the need to configure Consul servers with AWS credentials by requiring clients to +provided pre-signed AWS API requests. + +An IAM role or user authenticates by presenting certain signed AWS API requests in a specific JSON +format. The client signs the necessary AWS API requests with its AWS credentials using the [AWS +Signature v4 algorithm](https://docs.aws.amazon.com/general/latest/gr/sigv4_signing.html). When the +auth method receives the signed AWS API requests, it forwards the requests to AWS. AWS validates the +client's signature and, if the signature is valid, responds with the client's identity details. The +signature validation performed by AWS on the `sts:GetCallerIdentity` request provides the auth +method with a strong guarantee of the client's identity. The auth method compares the Amazon +Resource Name (ARN) of the client with the `BoundIAMPrincipalARNs` list to determine if the client +is permitted to login. + +## Config Parameters + +The following are the auth method [`Config`](/api-docs/acl/auth-methods#config) +parameters for an auth method of type `aws-iam`: + +- `BoundIAMPrincipalARNs` `(array: )` - The list of IAM role or IAM user ARNs + which are permitted to login. A client authenticating to Consul must have an ARN that matches one + of the ARNs in this list. + - If `EnableIAMEntityDetails=false`, then bound ARNs must not contain the full path of the role + or user, and wildcards are not supported. For example, + `arn:aws:iam::123456789012:user/MyUserName` will permit the IAM user named "MyUserName" to log + in, and `arn:aws:iam::123456789012:role/MyRoleName` will permit the IAM role named "MyRoleName" + to log in. + - If `EnableIAMEntityDetails=true`, then bound ARNs with the full path must be used, such as, + `arn:aws:iam::123456789012:role/path/to/MyRoleName`. Additionally, ARNs may contain a single + trailing wildcard. For example, `arn:aws:iam::123456789012:*` will permit any role or user in + the account `123456789012` to login, while `arn:aws:iam::123456789012:role/path/to/roles/*` + will permit only roles at the path `/path/to/roles/`. +- `EnableIAMEntityDetails` `(bool: )` - This enables the auth method to fetch the IAM role or + IAM user details, including tags and the full role or user path. If enabled, clients must pass the + `-aws-include-entity` option to `consul login`. Additionally, an IAM role or user attempting to + login must have an `iam:GetRole` or `iam:GetUser` permission, respectively, to retrieve itself. + This setting is required in order to fetch the full path and tags of the IAM user or role and in + order to use wildcards in the `BoundIAMPrincipalARNs`. +- `IAMEntityTags` `(array: [])` - The list of tag keys retrieved from the IAM role or user + and made available to binding rules. Tags are only supported when `EnableIAMEntityDetails=true`. + By default, no tags are made available to binding rules. Each tag in the `IAMEntityTags` list can + be referenced in binding rules using `entity_tags.`. For example, if `IAMEntityTags` contains + `service-name` and if a `service-name` tag exists on the IAM role or user, then you can reference + the tag value using `entity_tags.service-name` in binding rules. If the tag is not present on the + IAM role or user, then `entity_tags.service-name` evalutes to the empty string in binding rules. +- `ServerIDHeaderValue` `(string: "")` - The value to require in the `X-Consul-IAM-ServerID` header + in login requests. If set, clients must include the `X-Consul-IAM-ServerID` header in the AWS API + requests used to login to the auth method, and the client-provided value for the header must match + this setting in order to successfully log in. If not set, no header is required or validated. This + can be used to protect against different types of replay attacks - for example, a signed request + sent to a dev server being resent to a production server. Consider setting this to the Consul + server's DNS name. When this is set, clients must set pass the `-aws-server-id-header-value` + option to the `consul login` command. +- `MaxRetries` `(integer: 0)` - The maximum number of retries to use for recoverable errors when + making AWS API requests. +- `IAMEndpoint` `(string: "")` - The URL where `iam:GetRole` and `iam:GetUser` requests are sent. + This can be used to send requests to a private endpoint or through a network proxy. +- `STSEndpoint` `(string: "")` - The URL where `sts:GetCallerIdentity` requests are sent. This can + be used to send requests to a private endpoint or through a network proxy. +- `AllowedSTSHeaderValues` `(array: [])` - A list of additional allowed headers on + `sts:GetCallerIdentity` requests. In any case, a default list of headers AWS STS expects are + allowed. + +### Sample + +```json +{ + ...other fields... + "Config": { + "BoundIAMPrincipalARNs": ["arn:aws:iam::123456789012:role/MyRoleName"], + "EnableIAMEntityDetails": true, + "IAMEntityTags": ["consul-namespace"], + "ServerIDHeaderValue": "my.consul.server.example.com", + "MaxRetries": 3, + "IAMEndpoint": "https://iam.amazonaws.com/", + "STSEndpoint": "https://sts.us-east-1.amazonaws.com/", + "AllowedSTSHeaderValues": ["X-Extra-Header"] + } +} +``` + +## Trusted Identity Attributes + +The authentication step returns the following trusted identity attributes for use in binding rule +selectors and bind name interpolation. All of these attributes are strings that can be interpolated +and support the following selector operations: `Equal, Not Equal, In, Not In, Matches, Not Matches` + +| Attribute | Description | Requirement | +| -------------------- | ----------------------------------- | ---------------------------------------------------------------- | +| `entity_name` | Name of IAM role or user | | +| `entity_id` | Unique ID of IAM role or user | | +| `account_id` | AWS account id of IAM role or user | | +| `entity_path` | The path of the IAM role or user | `EnableIAMEntityDetails=true` | +| `entity_tags.` | AWS account id of IAM role or user | `EnableIAMEntityDetails=true` and `IAMEntityTags` contains `` | + +## IAM Policies + +When `EnableIAMEntityDetails=false`, no specific IAM policies are needed. + +When `EnableIAMEntityDetails=true`, an authenticating client must provide either a signed +`iam:GetRole` or `iam:GetUser` request. This request is signed with the client's AWS credentials, so +the client must have permission to fetch the role or user, respectively. + +- If the authenticating client is an IAM role, the client must have an `iam:GetRole` permission to + fetch its own role. The following shows an example of an AWS IAM Policy document which grants this + permission: + + ```json + { + "Statement": [ + { + "Action": ["iam:GetRole"], + "Effect": "Allow", + "Resource": ["arn:aws:iam::123456789012:role/MyRoleName"] + } + ], + "Version": "2012-10-17" + } + ``` + +- If the authenticating client is an IAM user, the client must have an `iam:GetUser` permission to + fetch its own role. The following shows an example of an AWS IAM Policy document which grants this + permission: + + ```json + { + "Statement": [ + { + "Action": ["iam:GetUser"], + "Effect": "Allow", + "Resource": ["arn:aws:iam::123456789012:user/MyUserName"] + } + ], + "Version": "2012-10-17" + } + ``` + +## Authentication Procedure + +If `EnableIAMEntityDetails=false`, a client must log in with the following `consul login` command. + +```shell-session +$ consul login -type aws-iam -aws-auto-bearer-token ... +``` + +- Format and sign an `sts:GetCallerIdentity` request +- Format these request details as JSON to form a bearer token +- Send the bearer token to the IAM auth method to authenticate + +Otherwise, if `EnableIAMEntityDetails=true`, the client must log in with the following `consul login` command, +in order to include a signed `iam:GetRole` or `iam:GetUser` request in the bearer token. + +```shell-session +$ consul login -type aws-iam -aws-auto-bearer-token -aws-include-entity ... +``` + +This command does the following: + +- Make an `sts:GetCallerIdentity` request to determine its own role or user name +- Format a new `sts:GetCallerIdentity` request +- Embed a signed `iam:GetRole` or `iam:GetUser` request in the headers of the + `sts:GetCallerIdentity` request +- Sign the `sts:GetCallerIdentity` request +- Format the request details as JSON to form a bearer token +- Send the bearer token to the IAM auth method to authenticate + +On the Consul servers, the IAM auth method validates a client's identity during the [Login to Auth +Method](/api-docs/acl#login-to-auth-method) API request, using the following steps: + +- Decode the `sts:GetCallerIdentity` request from the bearer token +- Optionally, decode the `iam:GetRole` or `iam:GetUser` request from the bearer token, + if `EnableIAMEntityDetails=true` in the auth method configuration +- Send the `sts:GetCallerIdentity` request to AWS. This request is pre-signed by the client, so no + other credentials or permissions are needed to make this request. AWS validates the client's + signature when it receives the request. If the signature is valid, AWS returns the client's + identity in the response. This is a strong guarantee of the client's identity. +- Optionally, the auth method sends the `iam:GetRole` or `iam:GetUser` request to AWS, + if `EnableIAMEntityDetails=true` in the auth method configuration. This request is pre-signed + by the client, so no other credentials or permisssions are required to make the request. Only the + client needs the `iam:GetRole` or `iam:GetUser` permission. AWS validates the client's signature + when it receives the request. If the signature is valid, AWS returns the IAM role or user details. + This response is not a guarantee of the client's identity - any role or user name may have been + included in the request - so the auth method requires the IAM role or user to have a [unique + id](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-unique-ids) + match with the `sts:GetCallerIdentity` response. +- Finally, the auth method makes an authentication decision. If the client's IAM role or user ARN + matches one of the configured `BoundIAMPrincipalARNs`, then the client is permitted to login. diff --git a/website/content/docs/security/acl/auth-methods/index.mdx b/website/content/docs/security/acl/auth-methods/index.mdx index 0c4750486..b2062fcf1 100644 --- a/website/content/docs/security/acl/auth-methods/index.mdx +++ b/website/content/docs/security/acl/auth-methods/index.mdx @@ -39,6 +39,7 @@ service mesh with minimal operator intervention. | [`kubernetes`](/docs/security/acl/auth-methods/kubernetes) | 1.5.0+ | | [`jwt`](/docs/security/acl/auth-methods/jwt) | 1.8.0+ | | [`oidc`](/docs/security/acl/auth-methods/oidc) | 1.8.0+ | +| [`aws-iam`](/docs/security/acl/auth-methods/aws-iam) | 1.12.0+ | ## Operator Configuration diff --git a/website/data/docs-nav-data.json b/website/data/docs-nav-data.json index 0fa575b63..63727c41d 100644 --- a/website/data/docs-nav-data.json +++ b/website/data/docs-nav-data.json @@ -982,6 +982,10 @@ { "title": "OIDC", "path": "security/acl/auth-methods/oidc" + }, + { + "title": "AWS IAM", + "path": "security/acl/auth-methods/aws-iam" } ] } From 4759db8d4dabb5c07b67763c10ec28f0e56b0c78 Mon Sep 17 00:00:00 2001 From: Jared Kirschner Date: Mon, 18 Apr 2022 12:38:39 -0700 Subject: [PATCH 164/785] ui: fix overview's renew license link --- ui/packages/consul-ui/translations/routes/en-us.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ui/packages/consul-ui/translations/routes/en-us.yaml b/ui/packages/consul-ui/translations/routes/en-us.yaml index 17b142276..9739203ed 100644 --- a/ui/packages/consul-ui/translations/routes/en-us.yaml +++ b/ui/packages/consul-ui/translations/routes/en-us.yaml @@ -42,7 +42,7 @@ dc:
    • - + Renewing a license
      • From 370a979d5cc6e87da6caa046296bd2b9f400314b Mon Sep 17 00:00:00 2001 From: Jake Herschman <91899352+jherschman@users.noreply.github.com> Date: Mon, 18 Apr 2022 16:05:16 -0400 Subject: [PATCH 165/785] ui:fixed bug where license was showing in oss (#12795) Co-authored-by: Evan Rowe * fixed bug where license was showing in oss * ui:disable test for license read temporarily --- ui/packages/consul-ui/app/abilities/license.js | 7 +++++++ ui/packages/consul-ui/tests/unit/abilities/-test.js | 4 ++++ 2 files changed, 11 insertions(+) diff --git a/ui/packages/consul-ui/app/abilities/license.js b/ui/packages/consul-ui/app/abilities/license.js index d1061e4e7..fb4d425c6 100644 --- a/ui/packages/consul-ui/app/abilities/license.js +++ b/ui/packages/consul-ui/app/abilities/license.js @@ -1,6 +1,13 @@ import BaseAbility from './base'; +import { inject as service } from '@ember/service'; export default class LicenseAbility extends BaseAbility { resource = 'operator'; segmented = false; + + @service('env') env; + + get canRead() { + return this.env.var('CONSUL_NSPACES_ENABLED') && super.canRead; + } } diff --git a/ui/packages/consul-ui/tests/unit/abilities/-test.js b/ui/packages/consul-ui/tests/unit/abilities/-test.js index 3ac3cf072..cf7acf5c7 100644 --- a/ui/packages/consul-ui/tests/unit/abilities/-test.js +++ b/ui/packages/consul-ui/tests/unit/abilities/-test.js @@ -52,8 +52,12 @@ module('Unit | Ability | *', function(hooks) { // TODO: We currently hardcode KVs to always be true assert.equal(true, ability[`can${perm}`], `Expected ${item}.can${perm} to be true`); return; + case 'license': case 'zone': // Zone permissions depend on NSPACES_ENABLED + // License permissions also depend on NSPACES_ENABLED; + // behavior works as expected when verified manually but test + // fails due to this dependency. -@evrowe 2022-04-18 return; } assert.equal( From 01d97d37adca98f056d085416fad313b631825c8 Mon Sep 17 00:00:00 2001 From: Evan Culver Date: Mon, 18 Apr 2022 23:13:37 -0700 Subject: [PATCH 166/785] Run arm64 builds on go1.18 (#12818) --- .circleci/config.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 02bbfad1d..9f6121312 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -257,8 +257,8 @@ jobs: - run: command: | sudo rm -rf /usr/local/go - wget https://golang.org/dl/go1.17.5.linux-arm64.tar.gz - sudo tar -C /usr/local -xzvf go1.17.5.linux-arm64.tar.gz + wget https://dl.google.com/go/go1.18.1.linux-arm64.tar.gz + sudo tar -C /usr/local -xzvf go1.18.1.linux-arm64.tar.gz - run: *install-gotestsum - run: go mod download - run: From 3badd4c35c37ee889cc20cb73fb72692efbb0773 Mon Sep 17 00:00:00 2001 From: Matt Keeler Date: Tue, 19 Apr 2022 13:03:03 -0400 Subject: [PATCH 167/785] Add event generation for autopilot state updates (#12626) Whenever autopilot updates its state it notifies Consul. That notification will then trigger Consul to extract out the ready server information. If the ready servers have changed, then an event will be published to notify any subscribers of the full set of ready servers. All these ready server event things are contained within an autopilotevents package instead of the consul package to make importing them into the grpc related packages possible --- agent/consul/autopilot.go | 17 +- agent/consul/autopilot_test.go | 99 +++ .../autopilotevents/mock_Publisher_test.go | 18 + .../autopilotevents/mock_StateStore_test.go | 47 ++ .../autopilotevents/mock_timeProvider_test.go | 28 + .../autopilotevents/ready_servers_events.go | 303 +++++++++ .../ready_servers_events_test.go | 635 ++++++++++++++++++ agent/consul/state/connect_ca_events.go | 8 +- agent/consul/state/store_integration_test.go | 18 +- agent/consul/stream/event.go | 6 +- agent/consul/stream/event_publisher_test.go | 18 +- agent/consul/stream/string_types.go | 11 + agent/consul/stream/subscription_test.go | 4 +- 13 files changed, 1178 insertions(+), 34 deletions(-) create mode 100644 agent/consul/autopilotevents/mock_Publisher_test.go create mode 100644 agent/consul/autopilotevents/mock_StateStore_test.go create mode 100644 agent/consul/autopilotevents/mock_timeProvider_test.go create mode 100644 agent/consul/autopilotevents/ready_servers_events.go create mode 100644 agent/consul/autopilotevents/ready_servers_events_test.go create mode 100644 agent/consul/stream/string_types.go diff --git a/agent/consul/autopilot.go b/agent/consul/autopilot.go index 27471b533..93560979a 100644 --- a/agent/consul/autopilot.go +++ b/agent/consul/autopilot.go @@ -10,6 +10,7 @@ import ( autopilot "github.com/hashicorp/raft-autopilot" "github.com/hashicorp/serf/serf" + "github.com/hashicorp/consul/agent/consul/autopilotevents" "github.com/hashicorp/consul/agent/metadata" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/logging" @@ -29,7 +30,8 @@ var AutopilotGauges = []prometheus.GaugeDefinition{ // AutopilotDelegate is a Consul delegate for autopilot operations. type AutopilotDelegate struct { - server *Server + server *Server + readyServersPublisher *autopilotevents.ReadyServersEventPublisher } func (d *AutopilotDelegate) AutopilotConfig() *autopilot.Config { @@ -51,6 +53,8 @@ func (d *AutopilotDelegate) NotifyState(state *autopilot.State) { } else { metrics.SetGauge([]string{"autopilot", "healthy"}, 0) } + + d.readyServersPublisher.PublishReadyServersEvents(state) } func (d *AutopilotDelegate) RemoveFailedServer(srv *autopilot.Server) { @@ -63,7 +67,13 @@ func (d *AutopilotDelegate) RemoveFailedServer(srv *autopilot.Server) { } func (s *Server) initAutopilot(config *Config) { - apDelegate := &AutopilotDelegate{s} + apDelegate := &AutopilotDelegate{ + server: s, + readyServersPublisher: autopilotevents.NewReadyServersEventPublisher(autopilotevents.Config{ + Publisher: s.publisher, + GetStore: func() autopilotevents.StateStore { return s.fsm.State() }, + }), + } s.autopilot = autopilot.New( s.raft, @@ -74,6 +84,9 @@ func (s *Server) initAutopilot(config *Config) { autopilot.WithPromoter(s.autopilotPromoter()), autopilot.WithReconciliationDisabled(), ) + + // registers a snapshot handler for the event publisher to send as the first event for a new stream + s.publisher.RegisterHandler(autopilotevents.EventTopicReadyServers, apDelegate.readyServersPublisher.HandleSnapshot) } func (s *Server) autopilotServers() map[raft.ServerID]*autopilot.Server { diff --git a/agent/consul/autopilot_test.go b/agent/consul/autopilot_test.go index faf1facc4..2ebd5806b 100644 --- a/agent/consul/autopilot_test.go +++ b/agent/consul/autopilot_test.go @@ -2,6 +2,7 @@ package consul import ( "context" + "fmt" "os" "testing" "time" @@ -10,6 +11,8 @@ import ( "github.com/hashicorp/serf/serf" "github.com/stretchr/testify/require" + "github.com/hashicorp/consul/agent/consul/autopilotevents" + "github.com/hashicorp/consul/agent/consul/stream" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/sdk/testutil/retry" "github.com/hashicorp/consul/testrpc" @@ -522,3 +525,99 @@ func TestAutopilot_MinQuorum(t *testing.T) { } }) } + +func TestAutopilot_EventPublishing(t *testing.T) { + // This is really an integration level test. The general flow this test will follow is: + // + // 1. Start a 3 server cluster + // 2. Subscribe to the ready server events + // 3. Observe the first event which will be pretty immediately ready as it is the + // snapshot event. + // 4. Wait for multiple iterations of the autopilot state updater and ensure no + // other events are seen. The state update interval is 50ms for tests unless + // overridden. + // 5. Add a fouth server. + // 6. Wait for an event to be emitted containing 4 ready servers. + + // 1. create the test cluster + cluster := newTestCluster(t, &testClusterConfig{ + Servers: 3, + ServerConf: testServerACLConfig, + // We want to wait until each server has registered itself in the Catalog. Otherwise + // the first snapshot even we see might have no servers in it while things are being + // initialized. Doing this wait ensure that things are in the right state to start + // the subscription. + }) + + // 2. subscribe to ready server events + req := stream.SubscribeRequest{ + Topic: autopilotevents.EventTopicReadyServers, + Subject: stream.SubjectNone, + Token: TestDefaultInitialManagementToken, + } + sub, err := cluster.Servers[0].publisher.Subscribe(&req) + require.NoError(t, err) + t.Cleanup(sub.Unsubscribe) + + // 3. Observe that an event was generated which should be the snapshot event. + // As we have just bootstrapped the cluster with 3 servers we expect to + // see those 3 here. + validatePayload(t, 3, mustGetEventWithTimeout(t, sub, 50*time.Millisecond)) + + // TODO - its kind of annoying that the EventPublisher doesn't have a mode where + // it knows each event is a full state of the world. The ramifications are that + // we have to expect/ignore the framing events for EndOfSnapshot. + event := mustGetEventWithTimeout(t, sub, 10*time.Millisecond) + require.True(t, event.IsFramingEvent()) + + // 4. Wait for 3 iterations of the ServerHealthInterval to ensure no events + // are being published when the autopilot state is not changing. + eventNotEmitted(t, sub, 150*time.Millisecond) + + // 5. Add a fourth server + _, srv := testServerWithConfig(t, testServerACLConfig, func(c *Config) { + c.Bootstrap = false + c.BootstrapExpect = 0 + }) + joinLAN(t, srv, cluster.Servers[0]) + + // 6. Now wait for the event for the fourth server being added. This may take a little + // while as the joinLAN operation above doesn't wait for the server to actually get + // added to Raft. + validatePayload(t, 4, mustGetEventWithTimeout(t, sub, time.Second)) +} + +// mustGetEventWithTimeout is a helper function for validating that a Subscription.Next call will return +// an event within the given time. It also validates that no error is returned. +func mustGetEventWithTimeout(t *testing.T, subscription *stream.Subscription, timeout time.Duration) stream.Event { + t.Helper() + event, err := getEventWithTimeout(t, subscription, timeout) + require.NoError(t, err) + return event +} + +// getEventWithTimeout is a helper function for retrieving a Event from a Subscription within the specified timeout. +func getEventWithTimeout(t *testing.T, subscription *stream.Subscription, timeout time.Duration) (stream.Event, error) { + t.Helper() + ctx, cancel := context.WithTimeout(context.Background(), timeout) + defer cancel() + event, err := subscription.Next(ctx) + return event, err +} + +// eventNotEmitted is a helper to validate that no Event is emitted for the given Subscription +func eventNotEmitted(t *testing.T, subscription *stream.Subscription, timeout time.Duration) { + t.Helper() + var event stream.Event + var err error + event, err = getEventWithTimeout(t, subscription, timeout) + require.Equal(t, context.DeadlineExceeded, err, fmt.Sprintf("event:%v", event)) +} + +func validatePayload(t *testing.T, expectedNumServers int, event stream.Event) { + t.Helper() + require.Equal(t, autopilotevents.EventTopicReadyServers, event.Topic) + readyServers, ok := event.Payload.(autopilotevents.EventPayloadReadyServers) + require.True(t, ok) + require.Len(t, readyServers, expectedNumServers) +} diff --git a/agent/consul/autopilotevents/mock_Publisher_test.go b/agent/consul/autopilotevents/mock_Publisher_test.go new file mode 100644 index 000000000..45eefcce5 --- /dev/null +++ b/agent/consul/autopilotevents/mock_Publisher_test.go @@ -0,0 +1,18 @@ +// Code generated by mockery v1.0.0. DO NOT EDIT. + +package autopilotevents + +import ( + stream "github.com/hashicorp/consul/agent/consul/stream" + mock "github.com/stretchr/testify/mock" +) + +// MockPublisher is an autogenerated mock type for the Publisher type +type MockPublisher struct { + mock.Mock +} + +// Publish provides a mock function with given fields: _a0 +func (_m *MockPublisher) Publish(_a0 []stream.Event) { + _m.Called(_a0) +} diff --git a/agent/consul/autopilotevents/mock_StateStore_test.go b/agent/consul/autopilotevents/mock_StateStore_test.go new file mode 100644 index 000000000..3683e3ad9 --- /dev/null +++ b/agent/consul/autopilotevents/mock_StateStore_test.go @@ -0,0 +1,47 @@ +// Code generated by mockery v1.0.0. DO NOT EDIT. + +package autopilotevents + +import ( + acl "github.com/hashicorp/consul/acl" + mock "github.com/stretchr/testify/mock" + + structs "github.com/hashicorp/consul/agent/structs" + + types "github.com/hashicorp/consul/types" +) + +// MockStateStore is an autogenerated mock type for the StateStore type +type MockStateStore struct { + mock.Mock +} + +// GetNodeID provides a mock function with given fields: _a0, _a1 +func (_m *MockStateStore) GetNodeID(_a0 types.NodeID, _a1 *acl.EnterpriseMeta) (uint64, *structs.Node, error) { + ret := _m.Called(_a0, _a1) + + var r0 uint64 + if rf, ok := ret.Get(0).(func(types.NodeID, *acl.EnterpriseMeta) uint64); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Get(0).(uint64) + } + + var r1 *structs.Node + if rf, ok := ret.Get(1).(func(types.NodeID, *acl.EnterpriseMeta) *structs.Node); ok { + r1 = rf(_a0, _a1) + } else { + if ret.Get(1) != nil { + r1 = ret.Get(1).(*structs.Node) + } + } + + var r2 error + if rf, ok := ret.Get(2).(func(types.NodeID, *acl.EnterpriseMeta) error); ok { + r2 = rf(_a0, _a1) + } else { + r2 = ret.Error(2) + } + + return r0, r1, r2 +} diff --git a/agent/consul/autopilotevents/mock_timeProvider_test.go b/agent/consul/autopilotevents/mock_timeProvider_test.go new file mode 100644 index 000000000..fcc49e388 --- /dev/null +++ b/agent/consul/autopilotevents/mock_timeProvider_test.go @@ -0,0 +1,28 @@ +// Code generated by mockery v1.0.0. DO NOT EDIT. + +package autopilotevents + +import ( + time "time" + + mock "github.com/stretchr/testify/mock" +) + +// mockTimeProvider is an autogenerated mock type for the timeProvider type +type mockTimeProvider struct { + mock.Mock +} + +// Now provides a mock function with given fields: +func (_m *mockTimeProvider) Now() time.Time { + ret := _m.Called() + + var r0 time.Time + if rf, ok := ret.Get(0).(func() time.Time); ok { + r0 = rf() + } else { + r0 = ret.Get(0).(time.Time) + } + + return r0 +} diff --git a/agent/consul/autopilotevents/ready_servers_events.go b/agent/consul/autopilotevents/ready_servers_events.go new file mode 100644 index 000000000..5f39b7a17 --- /dev/null +++ b/agent/consul/autopilotevents/ready_servers_events.go @@ -0,0 +1,303 @@ +package autopilotevents + +import ( + "fmt" + "net" + "sort" + "sync" + "time" + + "github.com/hashicorp/consul/acl" + "github.com/hashicorp/consul/agent/consul/stream" + "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/types" + autopilot "github.com/hashicorp/raft-autopilot" +) + +const ( + EventTopicReadyServers stream.StringTopic = "ready-servers" +) + +// ReadyServerInfo includes information about a server that is ready +// to handle incoming requests. +type ReadyServerInfo struct { + ID string + Address string + TaggedAddresses map[string]string + Version string +} + +func (info *ReadyServerInfo) Equal(other *ReadyServerInfo) bool { + if info.ID != other.ID { + return false + } + + if info.Version != other.Version { + return false + } + + if info.Address != other.Address { + return false + } + + if len(info.TaggedAddresses) != len(other.TaggedAddresses) { + return false + } + + for tag, infoAddr := range info.TaggedAddresses { + if otherAddr, ok := other.TaggedAddresses[tag]; !ok || infoAddr != otherAddr { + return false + } + } + + return true +} + +// EventPayloadReadyServers +type EventPayloadReadyServers []ReadyServerInfo + +func (e EventPayloadReadyServers) Subject() stream.Subject { return stream.SubjectNone } + +func (e EventPayloadReadyServers) HasReadPermission(authz acl.Authorizer) bool { + // Any service in the mesh will need access to where the servers live. Therefore + // we check if the authorizer grants permissions on any service and if so then + // we allow seeing where the servers are. + var authzContext acl.AuthorizerContext + structs.WildcardEnterpriseMetaInPartition(structs.WildcardSpecifier). + FillAuthzContext(&authzContext) + + return authz.ServiceWriteAny(&authzContext) == acl.Allow +} + +func ExtractEventPayload(event stream.Event) (EventPayloadReadyServers, error) { + if event.Topic != EventTopicReadyServers { + return nil, fmt.Errorf("unexpected topic (%q) for a %q event", event.Topic, EventTopicReadyServers) + } + + if payload, ok := event.Payload.(EventPayloadReadyServers); ok { + return payload, nil + } + + return nil, fmt.Errorf("unexpected payload type %T for %q event", event.Payload, EventTopicReadyServers) +} + +type Config struct { + GetStore func() StateStore + Publisher Publisher + timeProvider timeProvider +} + +// ReadyServersEventPublisher is capable to tracking changes to ready servers +// between consecutive calls to PublishReadyServersEvents. It will then publish +// "ready-servers" events as necessary. +type ReadyServersEventPublisher struct { + Config + previous EventPayloadReadyServers + + snapshotLock sync.RWMutex + snapshot []stream.Event +} + +func NewReadyServersEventPublisher(config Config) *ReadyServersEventPublisher { + return &ReadyServersEventPublisher{ + Config: config, + snapshot: []stream.Event{ + { + Topic: EventTopicReadyServers, + Index: 0, + Payload: EventPayloadReadyServers{}, + }, + }, + } +} + +//go:generate mockery -name StateStore -inpkg -testonly +type StateStore interface { + GetNodeID(types.NodeID, *acl.EnterpriseMeta) (uint64, *structs.Node, error) +} + +//go:generate mockery -name Publisher -inpkg -testonly +type Publisher interface { + Publish([]stream.Event) +} + +//go:generate mockery -name timeProvider -inpkg -testonly +type timeProvider interface { + Now() time.Time +} + +// PublishReadyServersEvents will publish a "ready-servers" event if the list of +// ready servers has changed since the last time events were published. +func (r *ReadyServersEventPublisher) PublishReadyServersEvents(state *autopilot.State) { + if events, ok := r.readyServersEvents(state); ok { + // update the latest snapshot so that any new event subscription will see + // use the latest state. + r.snapshotLock.Lock() + r.snapshot = events + r.snapshotLock.Unlock() + + // if the event publisher were to not be able to keep up with procesing events + // then its possible this blocks. It could cause autopilot to not update its + // state as often as it should. However if this blocks for over 10s then + // not updating the autopilot state as quickly is likely the least of our + // concerns. If we need to make this async then we probably need to single + // flight these to ensure proper event ordering. + r.Publisher.Publish(events) + } +} + +func (r *ReadyServersEventPublisher) readyServersEvents(state *autopilot.State) ([]stream.Event, bool) { + // First, we need to pull all the ready servers out from the autopilot state. + servers := r.autopilotStateToReadyServers(state) + + // Next we, sort the servers list to make comparison easier later on. We do + // this outside of the next length check conditional block to ensure that all + // values of previousReadyServers we store will be sorted and the future + // comparison's will remain valid. + sort.Slice(servers, func(i, j int) bool { + // no two servers can have the same id so this is sufficient + return servers[i].ID < servers[j].ID + }) + + // If the number of ready servers hasn't changed then we need to inspect individual + // servers to see if there are differences. If the number of servers has changed + // we know that an event should be generated and sent. + if len(r.previous) == len(servers) { + diff := false + // We are relying on the fact that both of the slices will be sorted and that + // we don't care what the actual differences are but instead just that they + // have differences. + for i := 0; i < len(servers); i++ { + if !r.previous[i].Equal(&servers[i]) { + diff = true + break + } + } + + // The list of ready servers is identical to the previous ones. Therefore + // we will not send any event. + if !diff { + return nil, false + } + } + + r.previous = servers + + return []stream.Event{r.newReadyServersEvent(servers)}, true +} + +// autopilotStateToReadyServers will iterate through all servers in the autopilot +// state and compile a list of servers which are "ready". Readiness means that +// they would be an acceptable target for stale queries. +func (r *ReadyServersEventPublisher) autopilotStateToReadyServers(state *autopilot.State) EventPayloadReadyServers { + var servers EventPayloadReadyServers + for _, srv := range state.Servers { + // All healthy servers are caught up enough to be included in a ready servers. + // Servers with voting rights that are still healthy according to Serf are + // also included as they have likely just fallen behind the leader a little + // after initially replicating state. They are still acceptable targets + // for most stale queries and clients can bound the staleness if necessary. + // Including them is a means to prevent flapping the list of servers we + // advertise as ready and flooding the network with notifications to all + // dataplanes of server updates. + // + // TODO (agentless) for a non-voting server that is still alive but fell + // behind, should we cause it to be removed. For voters we know they were caught + // up at some point but for non-voters we cannot know the same thing. + if srv.Health.Healthy || (srv.HasVotingRights() && srv.Server.NodeStatus == autopilot.NodeAlive) { + // autopilot information contains addresses in the : form. We only care about the + // the host so we parse it out here and discard the port. + host, err := extractHost(string(srv.Server.Address)) + if err != nil || host == "" { + + continue + } + + servers = append(servers, ReadyServerInfo{ + ID: string(srv.Server.ID), + Address: host, + Version: srv.Server.Version, + TaggedAddresses: r.getTaggedAddresses(srv), + }) + } + } + + return servers +} + +// getTaggedAddresses will get the tagged addresses for the given server or return nil +// if it encounters an error or unregistered server. +func (r *ReadyServersEventPublisher) getTaggedAddresses(srv *autopilot.ServerState) map[string]string { + // we have no callback to lookup the tagged addresses so we can return early + if r.GetStore == nil { + return nil + } + + // Assuming we have been provided a callback to get a state store implementation, then + // we will attempt to lookup the node for the autopilot server. We use this to get the + // tagged addresses so that consumers of these events will be able to distinguish LAN + // vs WAN addresses as well as IP protocol differentiation. At first I thought we may + // need to hook into catalog events so that if the tagged addresses change then + // we can synthesize new events. That would be pretty complex so this code does not + // deal with that. The reasoning why that is probably okay is that autopilot will + // send us the state at least once every 30s. That means that we will grab the nodes + // from the catalog at that often and publish the events. So while its not quite + // as responsive as actually watching for the Catalog changes, its MUCH simpler to + // code and reason about and having those addresses be updated within 30s is good enough. + _, node, err := r.GetStore().GetNodeID(types.NodeID(srv.Server.ID), structs.NodeEnterpriseMetaInDefaultPartition()) + if err != nil || node == nil { + // no catalog information means we should return a nil addres map + return nil + } + + if len(node.TaggedAddresses) == 0 { + return nil + } + + addrs := make(map[string]string) + for tag, address := range node.TaggedAddresses { + // just like for the Nodes main Address, we only care about the IPs and not the + // port so we parse the host out and discard the port. + host, err := extractHost(address) + if err != nil || host == "" { + continue + } + addrs[tag] = host + } + + return addrs +} + +// newReadyServersEvent will create a stream.Event with the provided ready server info. +func (r *ReadyServersEventPublisher) newReadyServersEvent(servers EventPayloadReadyServers) stream.Event { + now := time.Now() + if r.timeProvider != nil { + now = r.timeProvider.Now() + } + return stream.Event{ + Topic: EventTopicReadyServers, + Index: uint64(now.UnixMicro()), + Payload: servers, + } +} + +// HandleSnapshot is the EventPublisher callback to generate a snapshot for the "ready-servers" event streams. +func (r *ReadyServersEventPublisher) HandleSnapshot(_ stream.SubscribeRequest, buf stream.SnapshotAppender) (uint64, error) { + r.snapshotLock.RLock() + defer r.snapshotLock.RUnlock() + buf.Append(r.snapshot) + return r.snapshot[0].Index, nil +} + +// extractHost is a small convenience function to catch errors regarding +// missing ports from the net.SplitHostPort function. +func extractHost(addr string) (string, error) { + host, _, err := net.SplitHostPort(addr) + if err == nil { + return host, nil + } + if ae, ok := err.(*net.AddrError); ok && ae.Err == "missing port in address" { + return addr, nil + } + return "", err +} diff --git a/agent/consul/autopilotevents/ready_servers_events_test.go b/agent/consul/autopilotevents/ready_servers_events_test.go new file mode 100644 index 000000000..b6d930f69 --- /dev/null +++ b/agent/consul/autopilotevents/ready_servers_events_test.go @@ -0,0 +1,635 @@ +package autopilotevents + +import ( + "testing" + time "time" + + "github.com/hashicorp/consul/acl" + "github.com/hashicorp/consul/agent/consul/stream" + structs "github.com/hashicorp/consul/agent/structs" + types "github.com/hashicorp/consul/types" + "github.com/hashicorp/raft" + autopilot "github.com/hashicorp/raft-autopilot" + mock "github.com/stretchr/testify/mock" + "github.com/stretchr/testify/require" +) + +var testTime = time.Date(2022, 4, 14, 10, 56, 00, 0, time.UTC) + +var exampleState = &autopilot.State{ + Servers: map[raft.ServerID]*autopilot.ServerState{ + "792ae13c-d765-470b-852c-e073fdb6e849": { + Health: autopilot.ServerHealth{ + Healthy: true, + }, + State: autopilot.RaftLeader, + Server: autopilot.Server{ + ID: "792ae13c-d765-470b-852c-e073fdb6e849", + Address: "198.18.0.2:8300", + Version: "v1.12.0", + NodeStatus: autopilot.NodeAlive, + }, + }, + "65e79ff4-bbce-467b-a9d6-725c709fa985": { + Health: autopilot.ServerHealth{ + Healthy: true, + }, + State: autopilot.RaftVoter, + Server: autopilot.Server{ + ID: "65e79ff4-bbce-467b-a9d6-725c709fa985", + Address: "198.18.0.3:8300", + Version: "v1.12.0", + NodeStatus: autopilot.NodeAlive, + }, + }, + // this server is up according to Serf but is unhealthy + // due to having an index that is behind + "db11f0ac-0cbe-4215-80cc-b4e843f4df1e": { + Health: autopilot.ServerHealth{ + Healthy: false, + }, + State: autopilot.RaftVoter, + Server: autopilot.Server{ + ID: "db11f0ac-0cbe-4215-80cc-b4e843f4df1e", + Address: "198.18.0.4:8300", + Version: "v1.12.0", + NodeStatus: autopilot.NodeAlive, + }, + }, + // this server is up according to Serf but is unhealthy + // due to having an index that is behind. It is a non-voter + // and thus will be filtered out + "4c48a154-8176-4e14-ba5d-20bf1f784a7e": { + Health: autopilot.ServerHealth{ + Healthy: false, + }, + State: autopilot.RaftNonVoter, + Server: autopilot.Server{ + ID: "4c48a154-8176-4e14-ba5d-20bf1f784a7e", + Address: "198.18.0.5:8300", + Version: "v1.12.0", + NodeStatus: autopilot.NodeAlive, + }, + }, + // this is a voter that has died + "7a22eec8-de85-43a6-a76e-00b427ef6627": { + Health: autopilot.ServerHealth{ + Healthy: false, + }, + State: autopilot.RaftVoter, + Server: autopilot.Server{ + ID: "7a22eec8-de85-43a6-a76e-00b427ef6627", + Address: "198.18.0.6", + Version: "v1.12.0", + NodeStatus: autopilot.NodeFailed, + }, + }, + }, +} + +func TestEventPayloadReadyServers_HasReadPermission(t *testing.T) { + t.Run("no service:write", func(t *testing.T) { + hasRead := EventPayloadReadyServers{}.HasReadPermission(acl.DenyAll()) + require.False(t, hasRead) + }) + + t.Run("has service:write", func(t *testing.T) { + policy, err := acl.NewPolicyFromSource(` + service "foo" { + policy = "write" + } + `, acl.SyntaxCurrent, nil, nil) + require.NoError(t, err) + + authz, err := acl.NewPolicyAuthorizerWithDefaults(acl.DenyAll(), []*acl.Policy{policy}, nil) + require.NoError(t, err) + + hasRead := EventPayloadReadyServers{}.HasReadPermission(authz) + require.True(t, hasRead) + }) +} + +func TestAutopilotStateToReadyServers(t *testing.T) { + expected := EventPayloadReadyServers{ + { + ID: "792ae13c-d765-470b-852c-e073fdb6e849", + Address: "198.18.0.2", + Version: "v1.12.0", + }, + { + ID: "65e79ff4-bbce-467b-a9d6-725c709fa985", + Address: "198.18.0.3", + Version: "v1.12.0", + }, + { + ID: "db11f0ac-0cbe-4215-80cc-b4e843f4df1e", + Address: "198.18.0.4", + Version: "v1.12.0", + }, + } + + r := ReadyServersEventPublisher{} + + actual := r.autopilotStateToReadyServers(exampleState) + require.ElementsMatch(t, expected, actual) +} + +func TestAutopilotStateToReadyServersWithTaggedAddresses(t *testing.T) { + expected := EventPayloadReadyServers{ + { + ID: "792ae13c-d765-470b-852c-e073fdb6e849", + Address: "198.18.0.2", + TaggedAddresses: map[string]string{"wan": "5.4.3.2"}, + Version: "v1.12.0", + }, + { + ID: "65e79ff4-bbce-467b-a9d6-725c709fa985", + Address: "198.18.0.3", + TaggedAddresses: map[string]string{"wan": "1.2.3.4"}, + Version: "v1.12.0", + }, + { + ID: "db11f0ac-0cbe-4215-80cc-b4e843f4df1e", + Address: "198.18.0.4", + TaggedAddresses: map[string]string{"wan": "9.8.7.6"}, + Version: "v1.12.0", + }, + } + + store := &MockStateStore{} + t.Cleanup(func() { store.AssertExpectations(t) }) + store.On("GetNodeID", + types.NodeID("792ae13c-d765-470b-852c-e073fdb6e849"), + structs.NodeEnterpriseMetaInDefaultPartition(), + ).Once().Return( + uint64(0), + &structs.Node{TaggedAddresses: map[string]string{"wan": "5.4.3.2"}}, + nil, + ) + + store.On("GetNodeID", + types.NodeID("65e79ff4-bbce-467b-a9d6-725c709fa985"), + structs.NodeEnterpriseMetaInDefaultPartition(), + ).Once().Return( + uint64(0), + &structs.Node{TaggedAddresses: map[string]string{"wan": "1.2.3.4"}}, + nil, + ) + + store.On("GetNodeID", + types.NodeID("db11f0ac-0cbe-4215-80cc-b4e843f4df1e"), + structs.NodeEnterpriseMetaInDefaultPartition(), + ).Once().Return( + uint64(0), + &structs.Node{TaggedAddresses: map[string]string{"wan": "9.8.7.6"}}, + nil, + ) + + r := NewReadyServersEventPublisher(Config{ + GetStore: func() StateStore { return store }, + }) + + actual := r.autopilotStateToReadyServers(exampleState) + require.ElementsMatch(t, expected, actual) +} + +func TestAutopilotReadyServersEvents(t *testing.T) { + // we have already tested the ReadyServerInfo extraction within the + // TestAutopilotStateToReadyServers test. Therefore this test is going + // to focus only on the change detection. + // + // * - added server + // * - removed server + // * - server with address changed + // * - upgraded server with version change + + expectedServers := EventPayloadReadyServers{ + { + ID: "65e79ff4-bbce-467b-a9d6-725c709fa985", + Address: "198.18.0.3", + Version: "v1.12.0", + }, + { + ID: "792ae13c-d765-470b-852c-e073fdb6e849", + Address: "198.18.0.2", + Version: "v1.12.0", + }, + { + ID: "db11f0ac-0cbe-4215-80cc-b4e843f4df1e", + Address: "198.18.0.4", + Version: "v1.12.0", + }, + } + + type testCase struct { + // The elements of this slice must already be sorted + previous EventPayloadReadyServers + changeDetected bool + } + + cases := map[string]testCase{ + "no-change": { + previous: EventPayloadReadyServers{ + { + ID: "65e79ff4-bbce-467b-a9d6-725c709fa985", + Address: "198.18.0.3", + Version: "v1.12.0", + }, + { + ID: "792ae13c-d765-470b-852c-e073fdb6e849", + Address: "198.18.0.2", + Version: "v1.12.0", + }, + { + ID: "db11f0ac-0cbe-4215-80cc-b4e843f4df1e", + Address: "198.18.0.4", + Version: "v1.12.0", + }, + }, + changeDetected: false, + }, + "server-added": { + previous: EventPayloadReadyServers{ + { + ID: "65e79ff4-bbce-467b-a9d6-725c709fa985", + Address: "198.18.0.3", + Version: "v1.12.0", + }, + { + ID: "792ae13c-d765-470b-852c-e073fdb6e849", + Address: "198.18.0.2", + Version: "v1.12.0", + }, + // server with id db11f0ac-0cbe-4215-80cc-b4e843f4df1e will be added. + }, + changeDetected: true, + }, + "server-removed": { + previous: EventPayloadReadyServers{ + { + ID: "65e79ff4-bbce-467b-a9d6-725c709fa985", + Address: "198.18.0.3", + Version: "v1.12.0", + }, + { + ID: "792ae13c-d765-470b-852c-e073fdb6e849", + Address: "198.18.0.2", + Version: "v1.12.0", + }, + // this server isn't present in the state and will be removed + { + ID: "7e3235de-8a75-4c8d-9ec3-847ca87d07e8", + Address: "198.18.0.5", + Version: "v1.12.0", + }, + { + ID: "db11f0ac-0cbe-4215-80cc-b4e843f4df1e", + Address: "198.18.0.4", + Version: "v1.12.0", + }, + }, + changeDetected: true, + }, + "address-change": { + previous: EventPayloadReadyServers{ + { + ID: "65e79ff4-bbce-467b-a9d6-725c709fa985", + // this value is different from the state and should + // cause an event to be generated + Address: "198.18.0.9", + Version: "v1.12.0", + }, + { + ID: "792ae13c-d765-470b-852c-e073fdb6e849", + Address: "198.18.0.2", + Version: "v1.12.0", + }, + { + ID: "db11f0ac-0cbe-4215-80cc-b4e843f4df1e", + Address: "198.18.0.4", + Version: "v1.12.0", + }, + }, + changeDetected: true, + }, + "upgraded-version": { + previous: EventPayloadReadyServers{ + { + ID: "65e79ff4-bbce-467b-a9d6-725c709fa985", + Address: "198.18.0.3", + // This is v1.12.0 in the state and therefore an + // event should be generated + Version: "v1.11.4", + }, + { + ID: "792ae13c-d765-470b-852c-e073fdb6e849", + Address: "198.18.0.2", + Version: "v1.12.0", + }, + { + ID: "db11f0ac-0cbe-4215-80cc-b4e843f4df1e", + Address: "198.18.0.4", + Version: "v1.12.0", + }, + }, + changeDetected: true, + }, + } + + for name, tcase := range cases { + t.Run(name, func(t *testing.T) { + r := ReadyServersEventPublisher{ + previous: tcase.previous, + } + events, changeDetected := r.readyServersEvents(exampleState) + require.Equal(t, tcase.changeDetected, changeDetected, "servers: %+v", events) + if tcase.changeDetected { + require.Len(t, events, 1) + require.Equal(t, EventTopicReadyServers, events[0].Topic) + payload, ok := events[0].Payload.(EventPayloadReadyServers) + require.True(t, ok) + require.ElementsMatch(t, expectedServers, payload) + } else { + require.Empty(t, events) + } + }) + } +} + +func TestAutopilotPublishReadyServersEvents(t *testing.T) { + t.Run("publish", func(t *testing.T) { + pub := &MockPublisher{} + pub.On("Publish", []stream.Event{ + { + Topic: EventTopicReadyServers, + Index: uint64(testTime.UnixMicro()), + Payload: EventPayloadReadyServers{ + { + ID: "65e79ff4-bbce-467b-a9d6-725c709fa985", + Address: "198.18.0.3", + Version: "v1.12.0", + }, + { + ID: "792ae13c-d765-470b-852c-e073fdb6e849", + Address: "198.18.0.2", + Version: "v1.12.0", + }, + { + ID: "db11f0ac-0cbe-4215-80cc-b4e843f4df1e", + Address: "198.18.0.4", + Version: "v1.12.0", + }, + }, + }, + }) + + mtime := &mockTimeProvider{} + mtime.On("Now").Return(testTime).Once() + + t.Cleanup(func() { + mtime.AssertExpectations(t) + pub.AssertExpectations(t) + }) + + r := NewReadyServersEventPublisher(Config{ + Publisher: pub, + timeProvider: mtime, + }) + + r.PublishReadyServersEvents(exampleState) + }) + + t.Run("suppress", func(t *testing.T) { + pub := &MockPublisher{} + mtime := &mockTimeProvider{} + + t.Cleanup(func() { + mtime.AssertExpectations(t) + pub.AssertExpectations(t) + }) + + r := NewReadyServersEventPublisher(Config{ + Publisher: pub, + timeProvider: mtime, + }) + + r.previous = EventPayloadReadyServers{ + { + ID: "65e79ff4-bbce-467b-a9d6-725c709fa985", + Address: "198.18.0.3", + Version: "v1.12.0", + }, + { + ID: "792ae13c-d765-470b-852c-e073fdb6e849", + Address: "198.18.0.2", + Version: "v1.12.0", + }, + { + ID: "db11f0ac-0cbe-4215-80cc-b4e843f4df1e", + Address: "198.18.0.4", + Version: "v1.12.0", + }, + } + + r.PublishReadyServersEvents(exampleState) + }) +} + +type MockAppender struct { + mock.Mock +} + +func (m *MockAppender) Append(events []stream.Event) { + m.Called(events) +} + +func TestReadyServerEventsSnapshotHandler(t *testing.T) { + buf := MockAppender{} + buf.On("Append", []stream.Event{ + { + Topic: EventTopicReadyServers, + Index: 0, + Payload: EventPayloadReadyServers{}, + }, + }) + buf.On("Append", []stream.Event{ + { + Topic: EventTopicReadyServers, + Index: 1649933760000000, + Payload: EventPayloadReadyServers{ + { + ID: "65e79ff4-bbce-467b-a9d6-725c709fa985", + Address: "198.18.0.3", + TaggedAddresses: map[string]string{"wan": "1.2.3.4"}, + Version: "v1.12.0", + }, + { + ID: "792ae13c-d765-470b-852c-e073fdb6e849", + Address: "198.18.0.2", + TaggedAddresses: map[string]string{"wan": "5.4.3.2"}, + Version: "v1.12.0", + }, + { + ID: "db11f0ac-0cbe-4215-80cc-b4e843f4df1e", + Address: "198.18.0.4", + TaggedAddresses: map[string]string{"wan": "9.8.7.6"}, + Version: "v1.12.0", + }, + }, + }, + }).Once() + + mtime := mockTimeProvider{} + mtime.On("Now").Return(testTime).Once() + + store := &MockStateStore{} + t.Cleanup(func() { store.AssertExpectations(t) }) + store.On("GetNodeID", + types.NodeID("792ae13c-d765-470b-852c-e073fdb6e849"), + structs.NodeEnterpriseMetaInDefaultPartition(), + ).Once().Return( + uint64(0), + &structs.Node{TaggedAddresses: map[string]string{"wan": "5.4.3.2"}}, + nil, + ) + + store.On("GetNodeID", + types.NodeID("65e79ff4-bbce-467b-a9d6-725c709fa985"), + structs.NodeEnterpriseMetaInDefaultPartition(), + ).Once().Return( + uint64(0), + &structs.Node{TaggedAddresses: map[string]string{"wan": "1.2.3.4"}}, + nil, + ) + + store.On("GetNodeID", + types.NodeID("db11f0ac-0cbe-4215-80cc-b4e843f4df1e"), + structs.NodeEnterpriseMetaInDefaultPartition(), + ).Once().Return( + uint64(0), + &structs.Node{TaggedAddresses: map[string]string{"wan": "9.8.7.6"}}, + nil, + ) + + t.Cleanup(func() { + buf.AssertExpectations(t) + store.AssertExpectations(t) + mtime.AssertExpectations(t) + }) + + r := NewReadyServersEventPublisher(Config{ + GetStore: func() StateStore { return store }, + timeProvider: &mtime, + }) + + req := stream.SubscribeRequest{ + Topic: EventTopicReadyServers, + Subject: stream.SubjectNone, + } + + // get the first snapshot that should have the zero value event + _, err := r.HandleSnapshot(req, &buf) + require.NoError(t, err) + + // setup the value to be returned by the snapshot handler + r.snapshot, _ = r.readyServersEvents(exampleState) + + // now get the second snapshot which has actual servers + _, err = r.HandleSnapshot(req, &buf) + require.NoError(t, err) +} + +type fakePayload struct{} + +func (e fakePayload) Subject() stream.Subject { return stream.SubjectNone } + +func (e fakePayload) HasReadPermission(authz acl.Authorizer) bool { + return false +} + +func TestExtractEventPayload(t *testing.T) { + t.Run("wrong-topic", func(t *testing.T) { + payload, err := ExtractEventPayload(stream.NewCloseSubscriptionEvent([]string{"foo"})) + require.Nil(t, payload) + require.Error(t, err) + require.Contains(t, err.Error(), "unexpected topic") + }) + + t.Run("unexpected-payload", func(t *testing.T) { + payload, err := ExtractEventPayload(stream.Event{ + Topic: EventTopicReadyServers, + Payload: fakePayload{}, + }) + require.Nil(t, payload) + require.Error(t, err) + require.Contains(t, err.Error(), "unexpected payload type") + }) + + t.Run("success", func(t *testing.T) { + expected := EventPayloadReadyServers{ + { + ID: "a7c340ae-ce17-47da-895c-af2509767b3d", + Address: "198.18.0.1", + Version: "1.2.3", + }, + } + actual, err := ExtractEventPayload(stream.Event{ + Topic: EventTopicReadyServers, + Payload: expected, + }) + + require.NoError(t, err) + require.Equal(t, expected, actual) + }) +} + +func TestReadyServerInfo_Equal(t *testing.T) { + base := func() *ReadyServerInfo { + return &ReadyServerInfo{ + ID: "0356e5ae-ed6b-4024-b953-e1b6a8f0f81b", + Version: "1.12.0", + Address: "198.18.0.1", + TaggedAddresses: map[string]string{ + "wan": "1.2.3.4", + }, + } + } + type testCase struct { + modify func(i *ReadyServerInfo) + equal bool + } + + cases := map[string]testCase{ + "unmodified": { + equal: true, + }, + "id-mod": { + modify: func(i *ReadyServerInfo) { i.ID = "30f8f451-e54b-4c7e-a533-b55dddb51be6" }, + }, + "version-mod": { + modify: func(i *ReadyServerInfo) { i.Version = "1.12.1" }, + }, + "address-mod": { + modify: func(i *ReadyServerInfo) { i.Address = "198.18.0.2" }, + }, + "tagged-addresses-added": { + modify: func(i *ReadyServerInfo) { i.TaggedAddresses["wan_ipv4"] = "1.2.3.4" }, + }, + "tagged-addresses-mod": { + modify: func(i *ReadyServerInfo) { i.TaggedAddresses["wan"] = "4.3.2.1" }, + }, + } + + for name, tcase := range cases { + t.Run(name, func(t *testing.T) { + original := base() + modified := base() + if tcase.modify != nil { + tcase.modify(modified) + } + + require.Equal(t, tcase.equal, original.Equal(modified)) + + }) + } +} diff --git a/agent/consul/state/connect_ca_events.go b/agent/consul/state/connect_ca_events.go index 6a0bdb974..7d559f695 100644 --- a/agent/consul/state/connect_ca_events.go +++ b/agent/consul/state/connect_ca_events.go @@ -12,13 +12,7 @@ import ( // // Note: topics are ordinarily defined in subscribe.proto, but this one isn't // currently available via the Subscribe endpoint. -const EventTopicCARoots stringer = "CARoots" - -// stringer is a convenience type to turn a regular string into a fmt.Stringer -// so that it can be used as a stream.Topic or stream.Subject. -type stringer string - -func (s stringer) String() string { return string(s) } +const EventTopicCARoots stream.StringTopic = "CARoots" type EventPayloadCARoots struct { CARoots structs.CARoots diff --git a/agent/consul/state/store_integration_test.go b/agent/consul/state/store_integration_test.go index 421205e14..c31b42ecc 100644 --- a/agent/consul/state/store_integration_test.go +++ b/agent/consul/state/store_integration_test.go @@ -26,7 +26,7 @@ func TestStore_IntegrationWithEventPublisher_ACLTokenUpdate(t *testing.T) { // Register the subscription. subscription := &stream.SubscribeRequest{ Topic: topicService, - Subject: stringer("nope"), + Subject: stream.StringSubject("nope"), Token: token.SecretID, } ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second) @@ -73,7 +73,7 @@ func TestStore_IntegrationWithEventPublisher_ACLTokenUpdate(t *testing.T) { // Register another subscription. subscription2 := &stream.SubscribeRequest{ Topic: topicService, - Subject: stringer("nope"), + Subject: stream.StringSubject("nope"), Token: token.SecretID, } sub2, err := publisher.Subscribe(subscription2) @@ -114,7 +114,7 @@ func TestStore_IntegrationWithEventPublisher_ACLPolicyUpdate(t *testing.T) { // Register the subscription. subscription := &stream.SubscribeRequest{ Topic: topicService, - Subject: stringer("nope"), + Subject: stream.StringSubject("nope"), Token: token.SecretID, } ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second) @@ -165,7 +165,7 @@ func TestStore_IntegrationWithEventPublisher_ACLPolicyUpdate(t *testing.T) { // Register another subscription. subscription2 := &stream.SubscribeRequest{ Topic: topicService, - Subject: stringer("nope"), + Subject: stream.StringSubject("nope"), Token: token.SecretID, } sub, err = publisher.Subscribe(subscription2) @@ -194,7 +194,7 @@ func TestStore_IntegrationWithEventPublisher_ACLPolicyUpdate(t *testing.T) { // Register another subscription. subscription3 := &stream.SubscribeRequest{ Topic: topicService, - Subject: stringer("nope"), + Subject: stream.StringSubject("nope"), Token: token.SecretID, } sub, err = publisher.Subscribe(subscription3) @@ -236,7 +236,7 @@ func TestStore_IntegrationWithEventPublisher_ACLRoleUpdate(t *testing.T) { // Register the subscription. subscription := &stream.SubscribeRequest{ Topic: topicService, - Subject: stringer("nope"), + Subject: stream.StringSubject("nope"), Token: token.SecretID, } ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second) @@ -282,7 +282,7 @@ func TestStore_IntegrationWithEventPublisher_ACLRoleUpdate(t *testing.T) { // Register another subscription. subscription2 := &stream.SubscribeRequest{ Topic: topicService, - Subject: stringer("nope"), + Subject: stream.StringSubject("nope"), Token: token.SecretID, } sub, err = publisher.Subscribe(subscription2) @@ -431,7 +431,7 @@ func (p nodePayload) HasReadPermission(acl.Authorizer) bool { } func (p nodePayload) Subject() stream.Subject { - return stringer(p.key) + return stream.StringSubject(p.key) } func createTokenAndWaitForACLEventPublish(t *testing.T, s *Store) *structs.ACLToken { @@ -459,7 +459,7 @@ func createTokenAndWaitForACLEventPublish(t *testing.T, s *Store) *structs.ACLTo // continuing... req := &stream.SubscribeRequest{ Topic: topicService, - Subject: stringer("nope"), + Subject: stream.StringSubject("nope"), Token: token.SecretID, } ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second) diff --git a/agent/consul/stream/event.go b/agent/consul/stream/event.go index b3936a49b..c2223d8e2 100644 --- a/agent/consul/stream/event.go +++ b/agent/consul/stream/event.go @@ -22,11 +22,7 @@ type Subject fmt.Stringer // SubjectNone is used when all events on a given topic are "global" and not // further partitioned by subject. For example: the "CA Roots" topic which is // used to notify subscribers when the global set CA root certificates changes. -const SubjectNone stringer = "none" - -type stringer string - -func (s stringer) String() string { return string(s) } +const SubjectNone StringSubject = "none" // Event is a structure with identifiers and a payload. Events are Published to // EventPublisher and returned to Subscribers. diff --git a/agent/consul/stream/event_publisher_test.go b/agent/consul/stream/event_publisher_test.go index fbd253830..d9f7097a6 100644 --- a/agent/consul/stream/event_publisher_test.go +++ b/agent/consul/stream/event_publisher_test.go @@ -22,7 +22,7 @@ var testTopic Topic = intTopic(999) func TestEventPublisher_SubscribeWithIndex0(t *testing.T) { req := &SubscribeRequest{ Topic: testTopic, - Subject: stringer("sub-key"), + Subject: StringSubject("sub-key"), } ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second) defer cancel() @@ -82,7 +82,7 @@ func (p simplePayload) HasReadPermission(acl.Authorizer) bool { return !p.noReadPerm } -func (p simplePayload) Subject() Subject { return stringer(p.key) } +func (p simplePayload) Subject() Subject { return StringSubject(p.key) } func registerTestSnapshotHandlers(t *testing.T, publisher *EventPublisher) { t.Helper() @@ -188,7 +188,7 @@ func consumeSub(ctx context.Context, sub *Subscription) error { func TestEventPublisher_SubscribeWithIndex0_FromCache(t *testing.T) { req := &SubscribeRequest{ Topic: testTopic, - Subject: stringer("sub-key"), + Subject: StringSubject("sub-key"), } ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second) defer cancel() @@ -234,7 +234,7 @@ func TestEventPublisher_SubscribeWithIndex0_FromCache(t *testing.T) { func TestEventPublisher_SubscribeWithIndexNotZero_CanResume(t *testing.T) { req := &SubscribeRequest{ Topic: testTopic, - Subject: stringer("sub-key"), + Subject: StringSubject("sub-key"), } ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second) defer cancel() @@ -288,7 +288,7 @@ func TestEventPublisher_SubscribeWithIndexNotZero_CanResume(t *testing.T) { func TestEventPublisher_SubscribeWithIndexNotZero_NewSnapshot(t *testing.T) { req := &SubscribeRequest{ Topic: testTopic, - Subject: stringer("sub-key"), + Subject: StringSubject("sub-key"), } ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second) defer cancel() @@ -345,7 +345,7 @@ func TestEventPublisher_SubscribeWithIndexNotZero_NewSnapshot(t *testing.T) { func TestEventPublisher_SubscribeWithIndexNotZero_NewSnapshotFromCache(t *testing.T) { req := &SubscribeRequest{ Topic: testTopic, - Subject: stringer("sub-key"), + Subject: StringSubject("sub-key"), } ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second) defer cancel() @@ -414,7 +414,7 @@ func TestEventPublisher_SubscribeWithIndexNotZero_NewSnapshotFromCache(t *testin func TestEventPublisher_SubscribeWithIndexNotZero_NewSnapshot_WithCache(t *testing.T) { req := &SubscribeRequest{ Topic: testTopic, - Subject: stringer("sub-key"), + Subject: StringSubject("sub-key"), Index: 1, } @@ -499,7 +499,7 @@ func runStep(t *testing.T, name string, fn func(t *testing.T)) { func TestEventPublisher_Unsubscribe_ClosesSubscription(t *testing.T) { req := &SubscribeRequest{ Topic: testTopic, - Subject: stringer("sub-key"), + Subject: StringSubject("sub-key"), } ctx, cancel := context.WithTimeout(context.Background(), time.Second) defer cancel() @@ -522,7 +522,7 @@ func TestEventPublisher_Unsubscribe_ClosesSubscription(t *testing.T) { func TestEventPublisher_Unsubscribe_FreesResourcesWhenThereAreNoSubscribers(t *testing.T) { req := &SubscribeRequest{ Topic: testTopic, - Subject: stringer("sub-key"), + Subject: StringSubject("sub-key"), } publisher := NewEventPublisher(time.Second) diff --git a/agent/consul/stream/string_types.go b/agent/consul/stream/string_types.go new file mode 100644 index 000000000..568f97299 --- /dev/null +++ b/agent/consul/stream/string_types.go @@ -0,0 +1,11 @@ +package stream + +// StringSubject can be used as a Subject for Events sent to the EventPublisher +type StringSubject string + +func (s StringSubject) String() string { return string(s) } + +// StringTopic can be used as a Topic for Events sent to the EventPublisher +type StringTopic string + +func (s StringTopic) String() string { return string(s) } diff --git a/agent/consul/stream/subscription_test.go b/agent/consul/stream/subscription_test.go index b6e0f1a5f..80aed3dbb 100644 --- a/agent/consul/stream/subscription_test.go +++ b/agent/consul/stream/subscription_test.go @@ -29,7 +29,7 @@ func TestSubscription(t *testing.T) { req := SubscribeRequest{ Topic: testTopic, - Subject: stringer("test"), + Subject: StringSubject("test"), } sub := newSubscription(req, startHead, noopUnSub) @@ -103,7 +103,7 @@ func TestSubscription_Close(t *testing.T) { req := SubscribeRequest{ Topic: testTopic, - Subject: stringer("test"), + Subject: StringSubject("test"), } sub := newSubscription(req, startHead, noopUnSub) From 9a61976a3822357f7083fc8ceadbd3cce84694d7 Mon Sep 17 00:00:00 2001 From: Bryce Kalow Date: Tue, 19 Apr 2022 12:32:02 -0500 Subject: [PATCH 168/785] website: remove source code (#12806) --- .circleci/config.yml | 58 - .../basic-hero/img/right-arrow-icon.svg | 1 - website/components/basic-hero/index.jsx | 56 - website/components/basic-hero/style.css | 76 - website/components/block-list/index.tsx | 29 - .../components/block-list/style.module.css | 23 - .../callout-blade/CalloutBlade.module.css | 131 - website/components/callout-blade/index.jsx | 50 - website/components/card-list/index.tsx | 44 - website/components/card-list/style.module.css | 61 - .../case-study-carousel/case-study-slide.jsx | 44 - .../img/active-control-dot.svg | 1 - .../img/inactive-control-dot.svg | 1 - .../img/left-arrow-control.svg | 1 - .../case-study-carousel/img/quote.svg | 3 - .../img/right-arrow-control.svg | 1 - .../components/case-study-carousel/index.jsx | 99 - .../components/case-study-carousel/style.css | 283 - .../components/cloud-offerings-list/index.jsx | 28 - .../components/cloud-offerings-list/style.css | 57 - .../config-entry-reference/index.jsx | 200 - .../images/bg-dots.svg | 3 - .../images/bg-right.svg | 19 - .../images/bg-top.svg | 12 - .../consul-on-kubernetes-hero/index.tsx | 98 - .../style.module.css | 162 - .../components/cta-hero/img/consul-stack.svg | 32 - website/components/cta-hero/index.jsx | 38 - website/components/cta-hero/style.module.css | 123 - website/components/docs-list/index.tsx | 47 - website/components/docs-list/style.module.css | 32 - website/components/downloads-props/index.jsx | 92 - .../consul/img/enterprise_complexity_1.svg | 11 - .../consul/img/enterprise_complexity_2.svg | 27 - .../enterprise-comparison/consul/index.jsx | 44 - .../enterprise-comparison/img/arrow.svg | 4 - .../img/complexity-advanced.png | 3 - .../img/complexity-basic.png | 3 - .../enterprise-comparison/index.jsx | 62 - .../enterprise-comparison/style.css | 92 - website/components/features-list/feature.tsx | 66 - .../images/bottom-left-design.svg | 13 - .../features-list/images/top-right-design.svg | 13 - website/components/features-list/index.tsx | 28 - .../components/features-list/style.module.css | 109 - website/components/footer/index.jsx | 32 - website/components/footer/style.css | 32 - .../HCPCalloutSection.module.css | 82 - .../components/hcp-callout-section/index.jsx | 44 - website/components/homepage-hero/index.jsx | 61 - .../components/homepage-hero/style.module.css | 18 - .../components/io-card-container/index.tsx | 82 - .../io-card-container/style.module.css | 114 - website/components/io-card/index.tsx | 124 - website/components/io-card/product-logos.ts | 34 - website/components/io-card/style.module.css | 148 - website/components/io-dialog/index.tsx | 47 - website/components/io-dialog/style.module.css | 62 - .../io-home-call-to-action/index.tsx | 39 - .../io-home-call-to-action/style.module.css | 12 - .../components/io-home-case-studies/index.tsx | 81 - .../io-home-case-studies/style.module.css | 170 - website/components/io-home-feature/index.tsx | 80 - .../io-home-feature/style.module.css | 79 - website/components/io-home-hero/index.tsx | 135 - .../components/io-home-hero/style.module.css | 148 - .../components/io-home-in-practice/index.tsx | 86 - .../io-home-in-practice/style.module.css | 98 - website/components/io-home-intro/index.tsx | 155 - .../components/io-home-intro/style.module.css | 169 - .../components/io-home-pre-footer/index.tsx | 79 - .../io-home-pre-footer/style.module.css | 122 - .../io-usecase-call-to-action/index.tsx | 69 - .../style.module.css | 66 - .../components/io-usecase-customer/index.tsx | 86 - .../io-usecase-customer/style.module.css | 119 - website/components/io-usecase-hero/index.tsx | 41 - .../components/io-usecase-hero/pattern.svg | 1 - .../io-usecase-hero/style.module.css | 83 - .../components/io-usecase-section/index.tsx | 81 - .../io-usecase-section/style.module.css | 106 - website/components/io-video-callout/index.tsx | 80 - .../components/io-video-callout/play-icon.tsx | 23 - .../io-video-callout/style.module.css | 128 - website/components/mini-cta/index.jsx | 23 - website/components/mini-cta/style.css | 36 - website/components/prefooter-cta/index.jsx | 25 - website/components/side-by-side/index.tsx | 21 - .../components/side-by-side/style.module.css | 61 - .../before-after-diagram.jsx | 80 - .../before-after-diagram.module.css | 351 - .../static-dynamic-diagram/index.tsx | 28 - .../static-dynamic-diagram/style.module.css | 19 - website/components/subnav/index.jsx | 38 - website/components/subnav/style.module.css | 3 - website/components/use-cases-layout/index.jsx | 47 - website/components/use-cases-layout/style.css | 30 - website/data/alert-banner.js | 13 - website/data/metadata.js | 2 - website/data/version.js | 1 - website/layouts/standard/index.tsx | 76 - website/layouts/standard/query.graphql | 6 - website/lib/consent-manager-services/index.ts | 14 - website/lib/utils.ts | 11 - website/package-lock.json | 20998 ++++++---------- website/package.json | 64 +- website/pages/404.jsx | 32 - website/pages/_app.js | 73 - website/pages/_document.js | 29 - website/pages/_error.jsx | 15 - website/pages/api-docs/[[...page]].jsx | 35 - website/pages/commands/[[...page]].jsx | 35 - website/pages/community/index.jsx | 50 - website/pages/community/style.module.css | 9 - .../images/blocks/connecting.svg | 26 - .../images/blocks/monitoring.svg | 23 - .../images/blocks/multi-cluster.svg | 32 - .../images/blocks/securing.svg | 33 - .../images/docs/helm-icon.svg | 1 - .../images/features/multi-platform.svg | 131 - .../images/features/observable.svg | 64 - .../images/features/secure.svg | 76 - .../images/features/workflow.svg | 24 - .../images/hero/poster.png | 3 - website/pages/consul-on-kubernetes/index.tsx | 326 - .../consul-on-kubernetes/style.module.css | 51 - website/pages/docs/[[...page]].jsx | 42 - website/pages/downloads/enterprise.jsx | 38 - website/pages/downloads/index.jsx | 16 - website/pages/downloads/style.module.css | 54 - website/pages/home/index.tsx | 206 - website/pages/home/query.graphql | 135 - website/pages/home/style.module.css | 27 - website/pages/index.tsx | 5 - website/pages/print.css | 229 - website/pages/security.jsx | 10 - website/pages/style.css | 78 - website/pages/use-cases/[slug].tsx | 236 - website/pages/use-cases/query.graphql | 92 - website/pages/use-cases/style.module.css | 34 - website/scripts/index_search_content.js | 3 - 141 files changed, 7094 insertions(+), 22722 deletions(-) delete mode 100644 website/components/basic-hero/img/right-arrow-icon.svg delete mode 100644 website/components/basic-hero/index.jsx delete mode 100644 website/components/basic-hero/style.css delete mode 100644 website/components/block-list/index.tsx delete mode 100644 website/components/block-list/style.module.css delete mode 100644 website/components/callout-blade/CalloutBlade.module.css delete mode 100644 website/components/callout-blade/index.jsx delete mode 100644 website/components/card-list/index.tsx delete mode 100644 website/components/card-list/style.module.css delete mode 100644 website/components/case-study-carousel/case-study-slide.jsx delete mode 100644 website/components/case-study-carousel/img/active-control-dot.svg delete mode 100644 website/components/case-study-carousel/img/inactive-control-dot.svg delete mode 100644 website/components/case-study-carousel/img/left-arrow-control.svg delete mode 100644 website/components/case-study-carousel/img/quote.svg delete mode 100644 website/components/case-study-carousel/img/right-arrow-control.svg delete mode 100644 website/components/case-study-carousel/index.jsx delete mode 100644 website/components/case-study-carousel/style.css delete mode 100644 website/components/cloud-offerings-list/index.jsx delete mode 100644 website/components/cloud-offerings-list/style.css delete mode 100644 website/components/config-entry-reference/index.jsx delete mode 100644 website/components/consul-on-kubernetes-hero/images/bg-dots.svg delete mode 100644 website/components/consul-on-kubernetes-hero/images/bg-right.svg delete mode 100644 website/components/consul-on-kubernetes-hero/images/bg-top.svg delete mode 100644 website/components/consul-on-kubernetes-hero/index.tsx delete mode 100644 website/components/consul-on-kubernetes-hero/style.module.css delete mode 100644 website/components/cta-hero/img/consul-stack.svg delete mode 100644 website/components/cta-hero/index.jsx delete mode 100644 website/components/cta-hero/style.module.css delete mode 100644 website/components/docs-list/index.tsx delete mode 100644 website/components/docs-list/style.module.css delete mode 100644 website/components/downloads-props/index.jsx delete mode 100644 website/components/enterprise-comparison/consul/img/enterprise_complexity_1.svg delete mode 100644 website/components/enterprise-comparison/consul/img/enterprise_complexity_2.svg delete mode 100644 website/components/enterprise-comparison/consul/index.jsx delete mode 100644 website/components/enterprise-comparison/img/arrow.svg delete mode 100644 website/components/enterprise-comparison/img/complexity-advanced.png delete mode 100644 website/components/enterprise-comparison/img/complexity-basic.png delete mode 100644 website/components/enterprise-comparison/index.jsx delete mode 100644 website/components/enterprise-comparison/style.css delete mode 100644 website/components/features-list/feature.tsx delete mode 100644 website/components/features-list/images/bottom-left-design.svg delete mode 100644 website/components/features-list/images/top-right-design.svg delete mode 100644 website/components/features-list/index.tsx delete mode 100644 website/components/features-list/style.module.css delete mode 100644 website/components/footer/index.jsx delete mode 100644 website/components/footer/style.css delete mode 100644 website/components/hcp-callout-section/HCPCalloutSection.module.css delete mode 100644 website/components/hcp-callout-section/index.jsx delete mode 100644 website/components/homepage-hero/index.jsx delete mode 100644 website/components/homepage-hero/style.module.css delete mode 100644 website/components/io-card-container/index.tsx delete mode 100644 website/components/io-card-container/style.module.css delete mode 100644 website/components/io-card/index.tsx delete mode 100644 website/components/io-card/product-logos.ts delete mode 100644 website/components/io-card/style.module.css delete mode 100644 website/components/io-dialog/index.tsx delete mode 100644 website/components/io-dialog/style.module.css delete mode 100644 website/components/io-home-call-to-action/index.tsx delete mode 100644 website/components/io-home-call-to-action/style.module.css delete mode 100644 website/components/io-home-case-studies/index.tsx delete mode 100644 website/components/io-home-case-studies/style.module.css delete mode 100644 website/components/io-home-feature/index.tsx delete mode 100644 website/components/io-home-feature/style.module.css delete mode 100644 website/components/io-home-hero/index.tsx delete mode 100644 website/components/io-home-hero/style.module.css delete mode 100644 website/components/io-home-in-practice/index.tsx delete mode 100644 website/components/io-home-in-practice/style.module.css delete mode 100644 website/components/io-home-intro/index.tsx delete mode 100644 website/components/io-home-intro/style.module.css delete mode 100644 website/components/io-home-pre-footer/index.tsx delete mode 100644 website/components/io-home-pre-footer/style.module.css delete mode 100644 website/components/io-usecase-call-to-action/index.tsx delete mode 100644 website/components/io-usecase-call-to-action/style.module.css delete mode 100644 website/components/io-usecase-customer/index.tsx delete mode 100644 website/components/io-usecase-customer/style.module.css delete mode 100644 website/components/io-usecase-hero/index.tsx delete mode 100644 website/components/io-usecase-hero/pattern.svg delete mode 100644 website/components/io-usecase-hero/style.module.css delete mode 100644 website/components/io-usecase-section/index.tsx delete mode 100644 website/components/io-usecase-section/style.module.css delete mode 100644 website/components/io-video-callout/index.tsx delete mode 100644 website/components/io-video-callout/play-icon.tsx delete mode 100644 website/components/io-video-callout/style.module.css delete mode 100644 website/components/mini-cta/index.jsx delete mode 100644 website/components/mini-cta/style.css delete mode 100644 website/components/prefooter-cta/index.jsx delete mode 100644 website/components/side-by-side/index.tsx delete mode 100644 website/components/side-by-side/style.module.css delete mode 100644 website/components/static-dynamic-diagram/before-after-diagram.jsx delete mode 100644 website/components/static-dynamic-diagram/before-after-diagram.module.css delete mode 100644 website/components/static-dynamic-diagram/index.tsx delete mode 100644 website/components/static-dynamic-diagram/style.module.css delete mode 100644 website/components/subnav/index.jsx delete mode 100644 website/components/subnav/style.module.css delete mode 100644 website/components/use-cases-layout/index.jsx delete mode 100644 website/components/use-cases-layout/style.css delete mode 100644 website/data/alert-banner.js delete mode 100644 website/data/metadata.js delete mode 100644 website/data/version.js delete mode 100644 website/layouts/standard/index.tsx delete mode 100644 website/layouts/standard/query.graphql delete mode 100644 website/lib/consent-manager-services/index.ts delete mode 100644 website/lib/utils.ts delete mode 100644 website/pages/404.jsx delete mode 100644 website/pages/_app.js delete mode 100644 website/pages/_document.js delete mode 100644 website/pages/_error.jsx delete mode 100644 website/pages/api-docs/[[...page]].jsx delete mode 100644 website/pages/commands/[[...page]].jsx delete mode 100644 website/pages/community/index.jsx delete mode 100644 website/pages/community/style.module.css delete mode 100644 website/pages/consul-on-kubernetes/images/blocks/connecting.svg delete mode 100644 website/pages/consul-on-kubernetes/images/blocks/monitoring.svg delete mode 100644 website/pages/consul-on-kubernetes/images/blocks/multi-cluster.svg delete mode 100644 website/pages/consul-on-kubernetes/images/blocks/securing.svg delete mode 100644 website/pages/consul-on-kubernetes/images/docs/helm-icon.svg delete mode 100644 website/pages/consul-on-kubernetes/images/features/multi-platform.svg delete mode 100644 website/pages/consul-on-kubernetes/images/features/observable.svg delete mode 100644 website/pages/consul-on-kubernetes/images/features/secure.svg delete mode 100644 website/pages/consul-on-kubernetes/images/features/workflow.svg delete mode 100644 website/pages/consul-on-kubernetes/images/hero/poster.png delete mode 100644 website/pages/consul-on-kubernetes/index.tsx delete mode 100644 website/pages/consul-on-kubernetes/style.module.css delete mode 100644 website/pages/docs/[[...page]].jsx delete mode 100644 website/pages/downloads/enterprise.jsx delete mode 100644 website/pages/downloads/index.jsx delete mode 100644 website/pages/downloads/style.module.css delete mode 100644 website/pages/home/index.tsx delete mode 100644 website/pages/home/query.graphql delete mode 100644 website/pages/home/style.module.css delete mode 100644 website/pages/index.tsx delete mode 100644 website/pages/print.css delete mode 100644 website/pages/security.jsx delete mode 100644 website/pages/style.css delete mode 100644 website/pages/use-cases/[slug].tsx delete mode 100644 website/pages/use-cases/query.graphql delete mode 100644 website/pages/use-cases/style.module.css delete mode 100644 website/scripts/index_search_content.js diff --git a/.circleci/config.yml b/.circleci/config.yml index 9f6121312..91e75376c 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -596,50 +596,6 @@ jobs: NOMAD_VERSION: main steps: *NOMAD_INTEGRATION_TEST_STEPS - build-website-docker-image: - docker: - - image: docker.mirror.hashicorp.services/circleci/buildpack-deps - shell: /usr/bin/env bash -euo pipefail -c - steps: - - checkout - - setup_remote_docker - - run: - name: Build Docker Image if Necessary - command: | - # Ignore job if running an enterprise build - IMAGE_TAG=$(cat website/Dockerfile website/package-lock.json | sha256sum | awk '{print $1;}') - echo "Using $IMAGE_TAG" - if [ "$CIRCLE_REPOSITORY_URL" != "git@github.com:hashicorp/consul.git" ]; then - echo "Not Consul OSS Repo, not building website docker image" - elif curl https://hub.docker.com/v2/repositories/hashicorp/consul-website/tags/$IMAGE_TAG -fsL > /dev/null; then - echo "Dependencies have not changed, not building a new website docker image." - else - cd website/ - docker build -t hashicorp/consul-website:$IMAGE_TAG . - docker tag hashicorp/consul-website:$IMAGE_TAG hashicorp/consul-website:latest - docker login -u $WEBSITE_DOCKER_USER -p $WEBSITE_DOCKER_PASS - docker push hashicorp/consul-website - fi - - run: *notify-slack-failure - - algolia-index: - docker: - - image: docker.mirror.hashicorp.services/node:14 - steps: - - checkout - - run: - name: Push content to Algolia Index - command: | - if [ "$CIRCLE_REPOSITORY_URL" != "git@github.com:hashicorp/consul.git" ]; then - echo "Not Consul OSS Repo, not indexing Algolia" - exit 0 - fi - cd website/ - npm install -g npm@latest - npm install - node scripts/index_search_content.js - - run: *notify-slack-failure - # build frontend yarn cache frontend-cache: docker: @@ -1155,20 +1111,6 @@ workflows: requires: - dev-build - website: - unless: << pipeline.parameters.trigger-load-test >> - jobs: - - build-website-docker-image: - context: website-docker-image - filters: - branches: - only: - - main - - algolia-index: - filters: - branches: - only: - - stable-website frontend: unless: << pipeline.parameters.trigger-load-test >> jobs: diff --git a/website/components/basic-hero/img/right-arrow-icon.svg b/website/components/basic-hero/img/right-arrow-icon.svg deleted file mode 100644 index 01a621cdc..000000000 --- a/website/components/basic-hero/img/right-arrow-icon.svg +++ /dev/null @@ -1 +0,0 @@ - diff --git a/website/components/basic-hero/index.jsx b/website/components/basic-hero/index.jsx deleted file mode 100644 index a33bcb0c8..000000000 --- a/website/components/basic-hero/index.jsx +++ /dev/null @@ -1,56 +0,0 @@ -import Button from '@hashicorp/react-button' - -export default function BasicHero({ - heading, - content, - links, - brand, - backgroundImage, -}) { - return ( -
      -
      -

      {heading}

      - {content &&

      {content}

      } - {links && links.length > 0 && ( - <> -
      - {links.slice(0, 2).map((link, stableIdx) => { - const buttonVariant = stableIdx === 0 ? 'primary' : 'secondary' - return ( -
      - {links[2] && ( -
      -
      - )} - - )} -
      -
      - ) -} diff --git a/website/components/basic-hero/style.css b/website/components/basic-hero/style.css deleted file mode 100644 index 257d6680f..000000000 --- a/website/components/basic-hero/style.css +++ /dev/null @@ -1,76 +0,0 @@ -.g-basic-hero { - padding: 88px 0; - - & .g-type-display-1 { - color: var(--gray-1); - text-align: center; - margin-left: auto; - margin-right: auto; - margin-top: 0; - max-width: 14em; - } - - & .g-type-body-large { - color: var(--gray-2); - margin: 0 auto 0 auto; - text-align: center; - max-width: 40em; - } - - & .links { - display: flex; - flex-wrap: wrap; - justify-content: center; - - /* - * Margins here compensate for extra 8px margin on buttons - * which are needed to center and space properly regardless of whether - * buttons are wrapping to multiple lines or not. - */ - margin-top: calc(32px - 8px); - margin-bottom: -8px; - @media (--large) { - margin-top: calc(40px - 8px); - } - - & .g-btn { - /* - * This ensures 16px between buttons at all times, while maintaining proper centering - * when buttons wrap to multiple lines. - * There will be an extra 8px space on all sides of the button group. - * The top and bottom are accounted for by the -8px adjustment on `.action` margins. - * The left and right excess is left as is - it's needed for proper centering when wrapping. - */ - margin: 8px; - } - } - - & .third-link { - display: flex; - justify-content: center; - margin-top: 32px; - & a { - color: var(--gray-2); - } - & svg * { - stroke: var(--gray-2) !important; - } - } - - &.has-background { - background-repeat: no-repeat; - background-color: var(--gray-6); - background-image: url(/img/hero/pattern-desktop.svg); - width: 100%; - background-size: cover; - background-position: center; - - @media (max-width: 800px) { - background-image: url(/img/hero/pattern-mobile.svg); - } - - & .g-btn { - background: var(--gray-6); - } - } -} diff --git a/website/components/block-list/index.tsx b/website/components/block-list/index.tsx deleted file mode 100644 index 07e10fffb..000000000 --- a/website/components/block-list/index.tsx +++ /dev/null @@ -1,29 +0,0 @@ -import s from './style.module.css' - -interface Block { - title: string - description: string - image: string -} - -interface BlockListProps { - blocks: Block[] -} - -export default function BlockList({ blocks }: BlockListProps) { - return ( -
      - {blocks.map(({ image, title, description }) => ( -
      -
      - {title} -
      -
      -

      {title}

      -

      {description}

      -
      -
      - ))} -
      - ) -} diff --git a/website/components/block-list/style.module.css b/website/components/block-list/style.module.css deleted file mode 100644 index d6f293826..000000000 --- a/website/components/block-list/style.module.css +++ /dev/null @@ -1,23 +0,0 @@ -.blocksContainer { - display: grid; - row-gap: 64px; - - & .block { - display: flex; - - & .imageContainer { - margin-right: 40px; - } - } -} - -.title { - composes: g-type-display-5 from global; - margin: 0 0 16px 0; -} - -.description { - composes: g-type-body-small from global; - margin: 0; - color: var(--gray-2); -} diff --git a/website/components/callout-blade/CalloutBlade.module.css b/website/components/callout-blade/CalloutBlade.module.css deleted file mode 100644 index cb2e50b60..000000000 --- a/website/components/callout-blade/CalloutBlade.module.css +++ /dev/null @@ -1,131 +0,0 @@ -.calloutBlade { - padding-top: 56px; - padding-bottom: 56px; - - --shadow-level-3: 0 16px 28px rgba(37, 38, 45, 0.12); - - & .contentWrapper { - & > h3 { - margin-top: 0; - margin-bottom: 48px; - @media (max-width: 1000px) { - margin-bottom: 28px; - } - } - } -} - -.contentWrapper { - composes: g-grid-container from global; -} - -.callouts { - display: grid; - list-style: none; - margin: 0; - padding: 0; - - &.twoUp { - grid-template-columns: 1fr 1fr; - grid-gap: 32px; - - & .linkWrap { - padding: 64px 32px; - display: flex; - flex-direction: row; - background: var(--gray-6); - &:hover { - background: var(--gray-5); - box-shadow: var(--shadow-level-3); - } - - & .icon { - margin-right: 48px; - } - @media (max-width: 1200px) { - padding: 48px 32px; - flex-direction: column; - & .icon { - margin-right: 0; - } - } - } - @media (max-width: 900px) { - grid-template-columns: 1fr; - } - } - - &.threeUp { - grid-template-columns: 1fr 1fr 1fr; - grid-gap: 32px; - - & .linkWrap { - padding: 64px 32px; - border: 1px solid var(--gray-5); - border-radius: 2px; - &:hover { - background: var(--gray-6); - box-shadow: var(--shadow-level-3); - border-color: var(--gray-6); - } - } - - @media (max-width: 1220px) { - grid-template-columns: 1fr; - & .linkWrap { - padding: 48px 32px; - } - } - } - - & .linkWrap { - color: inherit; - height: 100%; - transition: all 0.3s ease; - display: flex; - flex-direction: column; - - & .icon { - margin-bottom: 16px; - & svg { - height: 50px; - } - } - - & .flexWrapper { - display: flex; - flex-direction: column; - flex-grow: 1; - justify-content: space-between; - - & .infoWrapper { - display: flex; - flex-direction: column; - - & > h5 { - margin-top: 0; - margin-bottom: 16px; - } - - & > p { - color: var(--gray-3); - margin-top: 0; - margin-bottom: 48px; - } - } - - & .linkWrapper { - & .eyebrow { - margin-bottom: 8px; - } - & :global(.g-btn) { - text-align: left; - } - } - } - } -} - -.eyebrow { - composes: g-type-label from global; -} diff --git a/website/components/callout-blade/index.jsx b/website/components/callout-blade/index.jsx deleted file mode 100644 index e86ad03b9..000000000 --- a/website/components/callout-blade/index.jsx +++ /dev/null @@ -1,50 +0,0 @@ -import classNames from 'classnames' -import styles from './CalloutBlade.module.css' -import Button from '@hashicorp/react-button' -import InlineSvg from '@hashicorp/react-inline-svg' - -export default function CalloutBlade({ title, callouts }) { - return ( -
      -
      -

      {title}

      - -
      -
      - ) -} diff --git a/website/components/card-list/index.tsx b/website/components/card-list/index.tsx deleted file mode 100644 index 7c6a8a068..000000000 --- a/website/components/card-list/index.tsx +++ /dev/null @@ -1,44 +0,0 @@ -import s from './style.module.css' - -interface Card { - heading: string - description: string - url: string - eyebrow: string -} - -interface CardListProps { - title: string - cards: Card[] - className?: string -} - -export default function CardList({ title, cards, className }: CardListProps) { - return ( -
      -

      {title}

      -
      - {cards.map(({ heading, description, url, eyebrow }) => ( - -
      - {eyebrow} - {heading} -

      {description}

      -
      - consul-icon -       - ))} -
      -
      - ) -} diff --git a/website/components/card-list/style.module.css b/website/components/card-list/style.module.css deleted file mode 100644 index 37defd363..000000000 --- a/website/components/card-list/style.module.css +++ /dev/null @@ -1,61 +0,0 @@ -.cardsWrapper { - display: grid; - column-gap: 40px; - row-gap: 40px; - grid-template-columns: repeat(auto-fill, minmax(218px, 1fr)); - - & .card { - border: 1px solid var(--gray-5); - box-shadow: 0 2px 3px rgba(37, 41, 55, 0.08); - border-radius: 1px; - transition: box-shadow 0.25s, transform 0.25s; - display: flex; - flex-direction: column; - padding: 24px 24px 28px; - justify-content: space-between; - - &:hover { - box-shadow: 0 16px 28px rgba(37, 38, 45, 0.12); - transform: translateY(-4px); - } - - & .cardContent { - display: flex; - flex-direction: column; - } - - & .icon { - width: 12px; - } - } -} - -.title { - composes: g-type-display-3 from global; - margin-top: 0; - margin-bottom: 46px; -} - -.eyebrow { - display: flex; - width: 100%; - justify-content: space-between; - align-items: center; - composes: g-type-label from global; - color: var(--gray-2); - margin-bottom: 14px; -} - -.heading { - composes: g-type-display-6 from global; - margin-top: 0; - margin-bottom: 8px; - color: var(--black); -} - -.description { - composes: g-type-body from global; - color: var(--gray-1); - margin-top: 0; - margin-bottom: 17px; -} diff --git a/website/components/case-study-carousel/case-study-slide.jsx b/website/components/case-study-carousel/case-study-slide.jsx deleted file mode 100644 index 315a8504d..000000000 --- a/website/components/case-study-carousel/case-study-slide.jsx +++ /dev/null @@ -1,44 +0,0 @@ -import InlineSvg from '@hashicorp/react-inline-svg' -import Image from '@hashicorp/react-image' -import Button from '@hashicorp/react-button' -import QuoteMarksIcon from './img/quote.svg?include' - -export default function CaseStudySlide({ - caseStudy: { person, quote, company, caseStudyURL }, -}) { - return ( -
      - -

      {quote}

      -
      -
      - {`${person.firstName} -
      -
      - {person.firstName} {person.lastName} -
      -

      - {person.title}, {company.name} -

      -
      -
      - {company.name} -
      -
      - ) -} diff --git a/website/components/case-study-carousel/img/active-control-dot.svg b/website/components/case-study-carousel/img/active-control-dot.svg deleted file mode 100644 index ee15572f4..000000000 --- a/website/components/case-study-carousel/img/active-control-dot.svg +++ /dev/null @@ -1 +0,0 @@ - diff --git a/website/components/case-study-carousel/img/inactive-control-dot.svg b/website/components/case-study-carousel/img/inactive-control-dot.svg deleted file mode 100644 index c28dc9680..000000000 --- a/website/components/case-study-carousel/img/inactive-control-dot.svg +++ /dev/null @@ -1 +0,0 @@ - diff --git a/website/components/case-study-carousel/img/left-arrow-control.svg b/website/components/case-study-carousel/img/left-arrow-control.svg deleted file mode 100644 index 0cec5c4b6..000000000 --- a/website/components/case-study-carousel/img/left-arrow-control.svg +++ /dev/null @@ -1 +0,0 @@ - \ No newline at end of file diff --git a/website/components/case-study-carousel/img/quote.svg b/website/components/case-study-carousel/img/quote.svg deleted file mode 100644 index 4e597a231..000000000 --- a/website/components/case-study-carousel/img/quote.svg +++ /dev/null @@ -1,3 +0,0 @@ - - - \ No newline at end of file diff --git a/website/components/case-study-carousel/img/right-arrow-control.svg b/website/components/case-study-carousel/img/right-arrow-control.svg deleted file mode 100644 index eb390dd7c..000000000 --- a/website/components/case-study-carousel/img/right-arrow-control.svg +++ /dev/null @@ -1 +0,0 @@ - \ No newline at end of file diff --git a/website/components/case-study-carousel/index.jsx b/website/components/case-study-carousel/index.jsx deleted file mode 100644 index 0d2a9358a..000000000 --- a/website/components/case-study-carousel/index.jsx +++ /dev/null @@ -1,99 +0,0 @@ -import { useState } from 'react' -import { isIE } from 'react-device-detect' - -import Carousel from 'nuka-carousel' -import CaseSlide from './case-study-slide' -import Image from '@hashicorp/react-image' -import InlineSvg from '@hashicorp/react-inline-svg' -import ActiveControlDot from './img/active-control-dot.svg?include' -import InactiveControlDot from './img/inactive-control-dot.svg?include' -import LeftArrow from './img/left-arrow-control.svg?include' -import RightArrow from './img/right-arrow-control.svg?include' - -export default function CaseStudyCarousel({ - caseStudies, - title, - logoSection = { grayBackground: false, featuredLogos: [] }, -}) { - const [slideIndex, setSlideIndex] = useState(0) - const { grayBackground, featuredLogos } = logoSection - - const caseStudySlides = caseStudies.map((caseStudy) => ( - - )) - const logoRows = featuredLogos && Math.ceil(featuredLogos.length / 3) - - function renderControls() { - return ( -
      - {caseStudies.map((caseStudy, stableIdx) => { - return ( - - ) - })} -
      - ) - } - - function sideControls(icon, direction) { - return ( - - ) - } - - return ( -
      -

      {title}

      - {!isIE ? ( - renderControls()} - renderCenterLeftControls={({ previousSlide }) => { - return sideControls(LeftArrow, previousSlide) - }} - renderCenterRightControls={({ nextSlide }) => { - return sideControls(RightArrow, nextSlide) - }} - afterSlide={(slideIndex) => setSlideIndex(slideIndex)} - > - {caseStudySlides} - - ) : null} -
      - {featuredLogos && featuredLogos.length > 0 && ( -
      - {featuredLogos.map((featuredLogo) => ( - {featuredLogo.companyName} - ))} -
      - )} -
      -
      - ) -} diff --git a/website/components/case-study-carousel/style.css b/website/components/case-study-carousel/style.css deleted file mode 100644 index e7adad130..000000000 --- a/website/components/case-study-carousel/style.css +++ /dev/null @@ -1,283 +0,0 @@ -.g-case-carousel { - display: flex; - flex-direction: column; - align-items: center; - position: relative; - padding-top: 0 !important; - padding-bottom: 0 !important; - - & h2 { - margin-bottom: 30px; - max-width: 600px; - text-align: center; - white-space: pre-wrap; - - @media (max-width: 800px) { - margin-top: 64px; - white-space: initial; - margin-left: 24px; - margin-right: 24px; - } - } - - &::after { - content: ''; - width: 100%; - height: var(--background-height); - position: absolute; - bottom: 0; - z-index: -1; - } - - &.has-background { - &::after { - content: ''; - background: var(--gray-6); - } - - & .background-section { - background: var(--gray-6); - padding-bottom: 64px; - } - } - - & .background-section { - width: 100%; - - & .mono-logos { - align-items: baseline; - display: flex; - justify-content: center; - max-width: 750px; - margin: 0 auto; - margin-top: 70px; - flex-wrap: wrap; - - & > img { - height: 100%; - max-height: 40px; - width: 33.33%; - padding: 0 30px; - margin: 24px 0; - - @media (max-width: 800px) { - padding: 0 20px; - max-height: 28px; - } - } - - & > picture { - max-height: 40px; - width: 33.33%; - padding: 0 30px; - margin: 24px 0; - - @media (max-width: 800px) { - padding: 0 20px; - max-height: 28px; - } - - & > img { - width: 100%; - height: auto; - display: flex; - } - } - } - } - - & .slider-control-bottomcenter { - bottom: -35px !important; - } - - /* Begin `nuka-carousel` styles */ - & .slider { - max-width: 1200px; - - &:focus { - outline: none !important; - } - - @media (max-width: 800px) { - width: calc(100% - 48px) !important; - } - - & .slider-list { - margin-bottom: 50px !important; - - @media (max-width: 800px) { - margin-bottom: 30px !important; - } - } - - & .slider-frame:focus { - outline: none !important; - } - - & .slider-slide:focus { - outline: none !important; - } - } - - /* End `nuka-carousel` styles */ - - & .side-control { - border: none; - background: none; - margin: 20px; - - &:focus { - outline: none; - } - - &:hover:not([disabled]) { - cursor: pointer; - } - - @media (max-width: 991px) { - display: none; - } - - & svg path { - stroke: var(--gray-2); - } - - &:disabled svg path { - stroke: var(--gray-4); - } - } - - & .case-slide { - display: flex; - flex-wrap: wrap; - width: 100%; - background: var(--white); - padding: 64px; - box-shadow: 0 8px 22px #dedede; - - @media (max-width: 800px) { - box-shadow: none; - border: 1px solid var(--gray-5); - padding: 48px; - } - - @media (--medium-up) { - max-width: 750px; - } - - & button { - margin-top: 24px; - } - - & .quotes { - display: flex; - margin-bottom: 24px; - } - - & h4 { - margin: 0; - - &.case { - min-height: 130px; - margin-bottom: 24px; - color: var(--gray-2); - - @media (max-width: 800px) { - min-height: 155px; - font-size: 22px; - } - - @media (max-width: 650px) { - min-height: 190px; - } - - @media (max-width: 550px) { - font-size: 20px; - } - - @media (max-width: 400px) { - font-size: 18px; - line-height: 28px; - } - } - } - - & p { - margin: 0; - } - - & a { - margin-top: 24px; - } - - & .case-content { - display: flex; - justify-content: space-between; - width: 100%; - align-items: center; - } - - & .person-container { - display: flex; - align-items: center; - - & picture { - display: flex; - } - - & .person-photo { - border-radius: 50%; - max-height: 72px; - margin-right: 24px; - } - - & .person-name { - padding-right: 16px; - - & h5 { - margin: 0; - - @media (max-width: 400px) { - font-size: 16px; - } - } - - @media (max-width: 400px) { - & p { - font-size: 15px; - } - } - } - } - - & .company-logo { - max-height: 40px; - max-width: 180px; - - @media (max-width: 800px) { - display: none; - } - } - - & .case { - color: var(--gray-4); - font-size: 24px; - line-height: 31px; /* Called for within the design, no custom property seemed appropriate */ - } - } - - & .carousel-controls { - width: 100%; - display: flex; - flex-wrap: nowrap; - justify-content: center; - - & .carousel-controls-button { - height: 20px; - background: transparent; - box-shadow: none; - cursor: pointer; - border: none; - } - } -} diff --git a/website/components/cloud-offerings-list/index.jsx b/website/components/cloud-offerings-list/index.jsx deleted file mode 100644 index 7a32e1e9f..000000000 --- a/website/components/cloud-offerings-list/index.jsx +++ /dev/null @@ -1,28 +0,0 @@ -import Button from '@hashicorp/react-button' - -export default function CloudOfferingsList({ offerings }) { - return ( - - ) -} diff --git a/website/components/cloud-offerings-list/style.css b/website/components/cloud-offerings-list/style.css deleted file mode 100644 index a1b0317cd..000000000 --- a/website/components/cloud-offerings-list/style.css +++ /dev/null @@ -1,57 +0,0 @@ -ul.g-cloud-offerings-list { - list-style: none; - padding: 0; - margin: -16px; - display: flex; - - @media (width < 769px) { - flex-direction: column; - } - - & li { - flex-grow: 1; - margin: 16px; - background: var(--white); - border: 1px solid var(--gray-5); - border-radius: 2px; - text-align: center; - transition: box-shadow 0.25s, transform 0.25s, -webkit-transform 0.25s; - - &:hover { - box-shadow: 0 16px 28px rgba(37, 38, 45, 0.12); - transform: translateY(-4px); - cursor: pointer; - } - - & > a { - display: block; - padding: 32px; - color: inherit; - - & > img { - display: block; - width: 400px; - max-width: 100%; - margin-left: auto; - margin-right: auto; - margin-bottom: 14px; - } - - & > span { - color: var(--gray-3); - } - - & > h4 { - text-decoration: none; - margin-top: 8px; - margin-bottom: 0; - } - - & > p { - font-size: 19px; - margin-top: 8px; - margin-bottom: 24px; - } - } - } -} diff --git a/website/components/config-entry-reference/index.jsx b/website/components/config-entry-reference/index.jsx deleted file mode 100644 index 329092371..000000000 --- a/website/components/config-entry-reference/index.jsx +++ /dev/null @@ -1,200 +0,0 @@ -import Tabs, { Tab } from '@hashicorp/react-tabs' -import EnterpriseAlertBase from '@hashicorp/react-enterprise-alert' - -/** - * ConfigEntryReference renders the reference docs for a config entry. - * It creates two tabs, one for HCL docs and one for Kubernetes docs. - * - * @param {array} keys Array of objects, that describe all - * keys that can be set for this config entry. - * @param {boolean} topLevel Indicates this is a reference block that contains - * the top level keys vs a reference block that documents - * nested keys and that is separated out for clarity. - * - * The objects in the keys array support the following keys: - * - name : the name of the HCL key, e.g. Name, Listener. This case sensitive. - * - description : the description of the key. If this key has different descriptions - * for HCL vs. Kube YAML then description can be an object: - * description: { - * hcl: 'HCL description', - * yaml: 'YAML description' - * } - * - hcl : a boolean to indicate if this key should be shown in the HCL - * documentation. Defaults to true. - * - yaml : a boolean to indicate if this key should be shown in the YAML - * documentation. Defaults to true. - * - enterprise : a boolean to indicate if this key is Consul Enterprise - * only. Defaults to false. - * - children : accepts an array of keys that must be set under this key. - * The schema for these keys is the same as the top level keys. - * - type : the type and default of this key, e.g. string: "default". - */ -export default function ConfigEntryReference({ keys, topLevel = true }) { - // Kube needs to have its non-top-level keys nested under a "spec" key. - const kubeKeys = topLevel ? toKubeKeys(keys) : keys - return ( - - {renderKeys(keys, true)} - {renderKeys(kubeKeys, false)} - - ) -} - -/** - * Renders keys as HTML. It works recursively through all keys. - * @param {array} keys - * @param {boolean} isHCLTab - * @returns {JSX.Element|null} - */ -function renderKeys(keys, isHCLTab) { - if (!keys) return null - return
        {keys.map((key) => renderKey(key, isHCLTab))}
      -} - -/** - * Renders a single key as its HTML element. - * - * @param {object} key - * @param {boolean} isHCLTab - * @returns {JSX.Element|null} - */ -function renderKey(key, isHCLTab) { - if (!key.name) return null - if (isHCLTab && key.hcl === false) return null - if (!isHCLTab && key.yaml === false) return null - - const keyName = isHCLTab ? key.name : toYAMLKeyName(key.name) - - let description = '' - if (key.description) { - if (typeof key.description === 'string') { - description = key.description - } else if (!isHCLTab && key.description.yaml) { - description = key.description.yaml - } else if (key.description.hcl) { - description = key.description.hcl - } - } - - const htmlDescription = description && markdownToHtml(' - ' + description) - const type = key.type && {`(${key.type})`} - const enterpriseAlert = key.enterprise && - const keyLower = keyName.toLowerCase() - - // NOTE: This code copies from https://github.com/hashicorp/remark-plugins/blob/df606efc844319a2532ec54e4cf6ff2d575108ff/plugins/anchor-links/index.js - // to ensure the styling of each bullet is correct. The two locations should be kept - // in sync. - return ( -
    • - -

      - - {keyName} - {' '} - {type} - {enterpriseAlert} - -

      - {renderKeys(key.children, isHCLTab)} -
      • - ) -} - -/** - * Constructs a keys object for Kubernetes out of HCL keys. - * Really all this entails is nesting the correct keys under the Kubernetes - * 'spec' key since in HCL there is no 'spec' key. - * - * @param {array} keys - * @returns {array} - */ -function toKubeKeys(keys) { - const topLevelKeys = keys.filter((key) => isTopLevelKubeKey(key.name)) - const keysUnderSpec = keys.filter((key) => !isTopLevelKubeKey(key.name)) - return topLevelKeys.concat([{ name: 'spec', children: keysUnderSpec }]) -} - -/** - * Converts an HCL key name to a kube yaml key name. - * - * Examples: - * - Protocol => protocol - * - MeshGateway => meshGateway - * - ACLToken => aclToken - * - HTTP => http - * - * @param {string} hclKey - * @returns {string} - */ -function toYAMLKeyName(hclKey) { - // Handle something like HTTP. - if (hclKey.toUpperCase() === hclKey) { - return hclKey.toLowerCase() - } - - let indexFirstLowercaseChar = hclKey - .split('') - .findIndex((c) => c === c.toLowerCase()) - // Special case to handle something like ACLToken => aclToken. - if (indexFirstLowercaseChar > 1) { - indexFirstLowercaseChar-- - } - - let lowercasePortion = '' - for (let i = 0; i < indexFirstLowercaseChar; i++) { - lowercasePortion += hclKey[i].toLowerCase() - } - return ( - lowercasePortion + hclKey.split('').slice(indexFirstLowercaseChar).join('') - ) -} - -/** - * Converts a markdown string to its HTML representation. - * Currently it only supports inline code blocks (e.g. `code here`) and - * links (e.g. [link text](http://link-url) because these were the most - * commonly used markdown features in the key descriptions. - * - * @param {string} markdown the input markdown - * @returns {string} - */ -function markdownToHtml(markdown) { - let html = markdown - - // Replace inline code blocks defined by backticks with . - while (html.indexOf('`') > 0) { - html = html.replace('`', '') - if (html.indexOf('`') <= 0) { - throw new Error(`'${markdown} does not have matching '\`' characters`) - } - html = html.replace('`', '') - } - - // Replace links, e.g. [link text](http://link-url), - // with link text. - return html.replace(/\[(.*?)]\((.*?)\)/g, '$1') -} - -/** - * Returns true if key is a key used at the top level of a CRD. By top level we - * mean not nested under any other key. - * - * @param {string} name name of the key - * - * @return {boolean} - */ -function isTopLevelKubeKey(name) { - return ( - name.toLowerCase() === 'metadata' || - name.toLowerCase() === 'kind' || - name.toLowerCase() === 'apiversion' - ) -} - -function EnterpriseAlert(props) { - return -} diff --git a/website/components/consul-on-kubernetes-hero/images/bg-dots.svg b/website/components/consul-on-kubernetes-hero/images/bg-dots.svg deleted file mode 100644 index 4e0be2d9a..000000000 --- a/website/components/consul-on-kubernetes-hero/images/bg-dots.svg +++ /dev/null @@ -1,3 +0,0 @@ - - - diff --git a/website/components/consul-on-kubernetes-hero/images/bg-right.svg b/website/components/consul-on-kubernetes-hero/images/bg-right.svg deleted file mode 100644 index ed32816ae..000000000 --- a/website/components/consul-on-kubernetes-hero/images/bg-right.svg +++ /dev/null @@ -1,19 +0,0 @@ - - - - - - - - - - - - - - - - - - - diff --git a/website/components/consul-on-kubernetes-hero/images/bg-top.svg b/website/components/consul-on-kubernetes-hero/images/bg-top.svg deleted file mode 100644 index 877abcb9f..000000000 --- a/website/components/consul-on-kubernetes-hero/images/bg-top.svg +++ /dev/null @@ -1,12 +0,0 @@ - - - - - - - - - - - - diff --git a/website/components/consul-on-kubernetes-hero/index.tsx b/website/components/consul-on-kubernetes-hero/index.tsx deleted file mode 100644 index 78c062cba..000000000 --- a/website/components/consul-on-kubernetes-hero/index.tsx +++ /dev/null @@ -1,98 +0,0 @@ -import Button from '@hashicorp/react-button' -import ReactPlayer from 'react-player' -import s from './style.module.css' - -interface Cta { - url: string - text: string -} - -interface ConsulOnKubernetesHeroProps { - title: string - description: string - ctas: Cta[] - video: { - src: string - poster: string - } -} - -export default function ConsulOnKubernetesHero({ - title, - description, - ctas, - video, -}: ConsulOnKubernetesHeroProps) { - return ( -
      -
      -
      -

      {title}

      -

      {description}

      -
      - {ctas.map(({ text, url }, idx) => ( -
      -
      -
      - background top - background right - background bottom - background left -
      - - - - - } - /> -
      -
      -
      -
      - ) -} diff --git a/website/components/consul-on-kubernetes-hero/style.module.css b/website/components/consul-on-kubernetes-hero/style.module.css deleted file mode 100644 index 6aae256a0..000000000 --- a/website/components/consul-on-kubernetes-hero/style.module.css +++ /dev/null @@ -1,162 +0,0 @@ -.ckHero { - background-color: var(--black); - color: var(--white); - padding-top: 130px; - padding-bottom: 142px; - overflow: hidden; - - @media (--medium) { - padding-top: 78px; - padding-bottom: 104px; - } - - @media (--small) { - padding-top: 56px; - padding-bottom: 80px; - } -} - -.contentWrapper { - --columns: 1; - - column-gap: 32px; - composes: g-grid-container from global; - display: grid; - grid-template-columns: repeat(var(--columns), minmax(0, 1fr)); - row-gap: 48px; - - @media (--medium-up) { - --columns: 12; - } - - & .headline { - text-align: center; - grid-column: 1 / -1; - margin: 0 auto; - - @media (--large) { - margin: 0; - text-align: left; - grid-column: 1 / 6; - } - - & .buttons { - display: flex; - flex-wrap: wrap; - align-items: center; - justify-content: center; - - @media (--large) { - justify-content: flex-start; - } - - & .button:not(:last-of-type) { - margin-right: 30px; - } - } - } - - & .media { - position: relative; - grid-column: 1 / -1; - - @media (--medium) { - grid-column: 3 / 11; - } - - @media (--large) { - grid-column: 7 / -1; - } - - & > div { - border: 1px var(--gray-3) solid; - border-radius: 4px; - } - - & .video { - background-color: var(--black); - position: relative; - padding-top: 56.25%; - width: 100%; - - & .player { - position: absolute; - top: 0; - left: 0; - - & div { - border-radius: 4px; - } - } - - & iframe { - border-radius: 4px; - } - - & > * { - bottom: 0; - height: 100%; - left: 0; - position: absolute; - right: 0; - top: 0; - width: 100%; - } - } - } -} - -.title { - composes: g-type-display-1 from global; - margin: 0; -} - -.description { - composes: g-type-body-large from global; - margin-top: 16px; - margin-bottom: 40px; - color: var(--gray-5); - max-width: 500px; - - @media (--large) { - max-width: 385px; - } -} - -.backgroundImage { - height: auto; - position: absolute; -} - -.bgTop { - composes: backgroundImage; - left: auto; - right: 0; - top: -130px; - display: none; - width: 75%; - - @media (--large) { - display: block; - } -} - -.bgRight { - composes: backgroundImage; - top: 20%; - left: 99.5%; -} - -.bgBottom { - composes: backgroundImage; - width: auto; - top: 80%; - left: 8%; -} - -.bgLeft { - composes: backgroundImage; - width: auto; - top: 86px; - left: -77px; -} diff --git a/website/components/cta-hero/img/consul-stack.svg b/website/components/cta-hero/img/consul-stack.svg deleted file mode 100644 index 34335e7ac..000000000 --- a/website/components/cta-hero/img/consul-stack.svg +++ /dev/null @@ -1,32 +0,0 @@ - - - - Consul Stack - Created with Sketch. - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/website/components/cta-hero/index.jsx b/website/components/cta-hero/index.jsx deleted file mode 100644 index 9043245e9..000000000 --- a/website/components/cta-hero/index.jsx +++ /dev/null @@ -1,38 +0,0 @@ -import TextSplit from '@hashicorp/react-text-split' -import Button from '@hashicorp/react-button' -import s from './style.module.css' -import InlineSvg from '@hashicorp/react-inline-svg' -import ConsulStack from './img/consul-stack.svg?include' - -export default function CtaHero({ title, description, links, cta }) { - return ( -
      - - - -
      - ) -} - -function CTA({ title, description, link }) { - return ( -
      - -

      {title}

      -

      {description}

      -
      - ) -} diff --git a/website/components/cta-hero/style.module.css b/website/components/cta-hero/style.module.css deleted file mode 100644 index 3bad47d84..000000000 --- a/website/components/cta-hero/style.module.css +++ /dev/null @@ -1,123 +0,0 @@ -.ctaHero { - & :global(.g-text-split) :global(.g-grid-container) { - @media (width < 1120px) { - flex-direction: column-reverse; - } - - & > div { - @media (768px < width < 1120px) { - width: 40em; - } - - &:last-child { - @media (width < 1120px) { - margin-bottom: 64px; - text-align: center; - } - - & p { - @media (width < 1120px) { - margin: 16px auto; - } - } - } - } - - /** - * HACK: - * Overrides the H2 with styling from - * our global g-type-display-1 class. - * - * This was because there's no way to - * override the heading in - * with the designed h1 styling. - * - * TODO: - * Address this at the component - * level or revert to just using h2 - * as is default. - */ - & h2 { - font-size: 2.125rem; - letter-spacing: -0.008em; - line-height: 1.265em; - - @media (--medium-up) { - font-size: 2.625rem; - letter-spacing: -0.01em; - line-height: 1.19em; - } - - @media (--large) { - font-size: 3.125rem; - line-height: 1.2em; - } - } - - & p { - max-width: 440px; - } - } -} - -.cta { - max-width: 525px; - border: var(--gray-5) 1px solid; - padding: 32px; - position: relative; - margin-top: 44px; - margin-left: auto; - margin-right: auto; - - @media (min-width: 1120px) { - margin-top: unset; - margin-left: unset; - margin-right: unset; - - /* Pull this down on Desktop to line the - * buttons up with the other CTA buttons */ - margin-bottom: -38px; - } - - & > h3 { - margin-top: 0; - margin-bottom: 16px; - max-width: 135px; - } - - & > p { - color: var(--gray-3); - margin-top: 28px; - margin-bottom: 40px; - } - - & .stackIcon { - display: block; - margin-left: auto; - margin-right: auto; - - & svg { - position: absolute; - max-width: 100%; - left: 209px; - top: -34px; - - @media (max-width: 600px) { - right: 20px; - left: unset; - } - - @media (max-width: 470px) { - position: unset; - display: block; - margin-left: auto; - margin-right: auto; - margin-bottom: 18px; - } - } - } -} - -.description { - composes: .g-type-body-small from global; -} diff --git a/website/components/docs-list/index.tsx b/website/components/docs-list/index.tsx deleted file mode 100644 index 21366492b..000000000 --- a/website/components/docs-list/index.tsx +++ /dev/null @@ -1,47 +0,0 @@ -import Button from '@hashicorp/react-button' -import s from './style.module.css' -interface Doc { - icon: { - src: string - alt: string - } - description: string - cta: { - text: string - url: string - } -} - -interface DocsListProps { - title: string - docs: Doc[] - className?: string -} - -export default function DocsList({ title, docs, className }: DocsListProps) { - return ( -
      -

      {title}

      -
      - {docs.map(({ icon, description, cta }) => ( -
      -
      - {icon.alt} -
      -

      {description}

      -
      - ))} -
      -
      - ) -} diff --git a/website/components/docs-list/style.module.css b/website/components/docs-list/style.module.css deleted file mode 100644 index 94314758f..000000000 --- a/website/components/docs-list/style.module.css +++ /dev/null @@ -1,32 +0,0 @@ -.docsList { - display: grid; - row-gap: 48px; -} - -.title { - composes: g-type-display-3 from global; - margin-top: 0; - margin-bottom: 46px; -} - -.image { - border: 1px solid var(--gray-5); - box-sizing: border-box; - border-radius: 3px; - width: 64px; - height: 64px; - display: flex; - align-items: center; - justify-content: center; - - & img { - width: 40px; - height: 40px; - } -} - -.description { - composes: g-body from global; - margin-top: 12px; - margin-bottom: 24px; -} diff --git a/website/components/downloads-props/index.jsx b/website/components/downloads-props/index.jsx deleted file mode 100644 index 047db15a0..000000000 --- a/website/components/downloads-props/index.jsx +++ /dev/null @@ -1,92 +0,0 @@ -import Button from '@hashicorp/react-button' -import s from '../../pages/downloads/style.module.css' - -export default function DownloadsProps(preMerchandisingSlot) { - return { - getStartedDescription: - 'Follow step-by-step tutorials on the essentials of Consul.', - getStartedLinks: [ - { - label: 'CLI Quickstart', - href: 'https://learn.hashicorp.com/collections/consul/getting-started', - }, - { - label: 'HCP Consul', - href: - 'https://learn.hashicorp.com/collections/consul/cloud-get-started', - }, - { - label: 'HCS on Azure', - href: 'https://learn.hashicorp.com/collections/consul/hcs-azure', - }, - { - label: 'Kubernetes Quickstart', - href: - 'https://learn.hashicorp.com/collections/consul/gs-consul-service-mesh', - }, - { - label: 'View all Consul tutorials', - href: 'https://learn.hashicorp.com/consul', - }, - ], - tutorialLink: { - href: 'https://learn.hashicorp.com/consul', - label: 'View Tutorials at HashiCorp Learn', - }, - logo: ( - Consul - ), - merchandisingSlot: ( - <> - {preMerchandisingSlot && preMerchandisingSlot} -
      -
      -

      - Looking for a way to secure and automate application networking - without the added complexity of managing the infrastructure? -

      -
      -
      - -

      - » Download Consul Tools -

      - -
      -

      Note for ARM users:

      - -
        -
      • Use Armelv5 for all 32-bit armel systems
        • -
      • Use Armhfv6 for all armhf systems with v6+ architecture
        • -
      • Use Arm64 for all v8 64-bit architectures
        • -
      - -

      - The following commands can help determine the right version for your - system: -

      - - $ uname -m -
      - - $ readelf -a /proc/self/exe | grep -q -c Tag_ABI_VFP_args && echo - "armhf" || echo "armel" - -
      - - ), - } -} diff --git a/website/components/enterprise-comparison/consul/img/enterprise_complexity_1.svg b/website/components/enterprise-comparison/consul/img/enterprise_complexity_1.svg deleted file mode 100644 index 8cf3786cb..000000000 --- a/website/components/enterprise-comparison/consul/img/enterprise_complexity_1.svg +++ /dev/null @@ -1,11 +0,0 @@ - - - - - - - - - - - diff --git a/website/components/enterprise-comparison/consul/img/enterprise_complexity_2.svg b/website/components/enterprise-comparison/consul/img/enterprise_complexity_2.svg deleted file mode 100644 index fc1f1d5de..000000000 --- a/website/components/enterprise-comparison/consul/img/enterprise_complexity_2.svg +++ /dev/null @@ -1,27 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/website/components/enterprise-comparison/consul/index.jsx b/website/components/enterprise-comparison/consul/index.jsx deleted file mode 100644 index 7231adbb6..000000000 --- a/website/components/enterprise-comparison/consul/index.jsx +++ /dev/null @@ -1,44 +0,0 @@ -import EnterpriseComparison from '../../enterprise-comparison' - -export default function ConsulEnterpriseComparison() { - return ( - - ) -} diff --git a/website/components/enterprise-comparison/img/arrow.svg b/website/components/enterprise-comparison/img/arrow.svg deleted file mode 100644 index 0e395bd6f..000000000 --- a/website/components/enterprise-comparison/img/arrow.svg +++ /dev/null @@ -1,4 +0,0 @@ - - - - diff --git a/website/components/enterprise-comparison/img/complexity-advanced.png b/website/components/enterprise-comparison/img/complexity-advanced.png deleted file mode 100644 index d1df7607c..000000000 --- a/website/components/enterprise-comparison/img/complexity-advanced.png +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:1287289fcc365e620fc17ad22e6d4af3b423218f33120d37c01153019e3c0647 -size 5195 diff --git a/website/components/enterprise-comparison/img/complexity-basic.png b/website/components/enterprise-comparison/img/complexity-basic.png deleted file mode 100644 index 3ede413bc..000000000 --- a/website/components/enterprise-comparison/img/complexity-basic.png +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:29faf66977c066371c8db10675d4b2b39acfdcaed5abdb8b8d367b26b0064212 -size 1478 diff --git a/website/components/enterprise-comparison/index.jsx b/website/components/enterprise-comparison/index.jsx deleted file mode 100644 index 810f2acca..000000000 --- a/website/components/enterprise-comparison/index.jsx +++ /dev/null @@ -1,62 +0,0 @@ -import Image from '@hashicorp/react-image' -import Button from '@hashicorp/react-button' -import InlineSvg from '@hashicorp/react-inline-svg' -import ArrowIcon from './img/arrow.svg?include' - -export default function EnterpriseComparison({ - title, - itemOne, - itemTwo, - brand, -}) { - return ( -
      -
      -

      {title}

      - -
      -
      - -
      {itemOne.label}
      -

      {itemOne.title}

      - -

      {itemOne.description}

      - - {itemOne.links.map((link) => ( -
      -
      - ))} -
      -
      -
      - -
      -
      - -
      {itemTwo.label}
      -

      {itemTwo.title}

      - -

      {itemTwo.description}

      - {itemTwo.links.map((link) => ( -
      -
      - ))} -
      -
      -
      -
      - ) -} diff --git a/website/components/enterprise-comparison/style.css b/website/components/enterprise-comparison/style.css deleted file mode 100644 index ac9946b44..000000000 --- a/website/components/enterprise-comparison/style.css +++ /dev/null @@ -1,92 +0,0 @@ -.g-enterprise-comparison { - padding-top: 128px; - padding-bottom: 128px; - background: var(--gray-6); - - & h2 { - text-align: center; - } - - @media (max-width: 800px) { - padding-top: 64px; - padding-bottom: 64px; - } - - & .content-container { - display: flex; - justify-content: space-between; - margin: 0 auto 64px auto; - - @media (max-width: 800px) { - flex-wrap: wrap; - } - & .item { - flex-basis: 50%; - justify-content: center; - text-align: center; - margin-top: 64px; - - @media (max-width: 800px) { - margin-top: 64px; - flex-basis: 100%; - } - - & .g-type-label-strong { - margin-top: 64px; - - @media (max-width: 800px) { - margin-top: 32px; - } - } - - & h4 { - white-space: pre; - margin-top: 24px; - margin-bottom: 8px; - - @media (max-width: 800px) { - margin-top: 16px; - } - } - - & picture { - display: inline-block; - } - - & img { - max-width: 160px; - max-height: 98px; - } - & p { - margin-top: 0; - margin-bottom: 24px; - - @media (max-width: 800px) { - max-width: 600px; - margin-right: auto; - margin-left: auto; - } - } - } - - & .spacer { - & .vertical-spacer { - height: 93px; - } - - & .arrow { - display: flex; - align-items: center; - } - - @media (max-width: 800px) { - display: none; - } - } - } - - & .more-features-link { - display: flex; - justify-content: center; - } -} diff --git a/website/components/features-list/feature.tsx b/website/components/features-list/feature.tsx deleted file mode 100644 index 6be7add94..000000000 --- a/website/components/features-list/feature.tsx +++ /dev/null @@ -1,66 +0,0 @@ -import { ReactNode } from 'react' -import Button from '@hashicorp/react-button' -import s from './style.module.css' - -interface InfoSection { - heading: string - content: ReactNode -} - -interface Cta { - text: string - url: string -} - -export interface FeatureProps { - number: number - title: string - subtitle: string - infoSections: InfoSection[] - cta: Cta - image: string -} - -export default function Feature({ - number, - title, - subtitle, - infoSections, - cta, - image, -}: FeatureProps) { - return ( -
      -
      - {title} -
      -
      -
      - {number} -
      -
      -

      {title}

      -

      {subtitle}

      -
      - {infoSections.map(({ heading, content }) => ( -
      -

      {heading}

      - {content} -
      - ))} -
      -
      -
      -
      - ) -} diff --git a/website/components/features-list/images/bottom-left-design.svg b/website/components/features-list/images/bottom-left-design.svg deleted file mode 100644 index a899b8c2a..000000000 --- a/website/components/features-list/images/bottom-left-design.svg +++ /dev/null @@ -1,13 +0,0 @@ - - - - - - - - - - - - - diff --git a/website/components/features-list/images/top-right-design.svg b/website/components/features-list/images/top-right-design.svg deleted file mode 100644 index f20ec362c..000000000 --- a/website/components/features-list/images/top-right-design.svg +++ /dev/null @@ -1,13 +0,0 @@ - - - - - - - - - - - - - diff --git a/website/components/features-list/index.tsx b/website/components/features-list/index.tsx deleted file mode 100644 index 8599ec739..000000000 --- a/website/components/features-list/index.tsx +++ /dev/null @@ -1,28 +0,0 @@ -import Feature from './feature' -import s from './style.module.css' -import { FeatureProps } from './feature' - -interface FeaturesListProps { - title: string - features: Omit[] -} - -export default function FeaturesList({ title, features }: FeaturesListProps) { - return ( -
      -
      -

      {title}

      -
      - {features.map((feature, i) => ( - - ))} -
      -
      -
      - ) -} diff --git a/website/components/features-list/style.module.css b/website/components/features-list/style.module.css deleted file mode 100644 index f8479110f..000000000 --- a/website/components/features-list/style.module.css +++ /dev/null @@ -1,109 +0,0 @@ -.featureListContainer { - background-color: #000; - padding-top: 128px; - background-position: right top, left bottom; - background-repeat: no-repeat; - color: #fff; -} - -.contentWrapper { - composes: g-grid-container from global; -} - -.featureContainer { - display: flex; - align-items: center; - flex-wrap: wrap; - - & .featureTextContainer { - display: flex; - } - - & .imageContainer { - max-width: 490px; - margin: 0 auto; - padding-bottom: 40px; - - & img { - max-width: 100%; - } - } - - @media (--large) { - flex-wrap: nowrap; - flex-direction: row-reverse; - justify-content: space-between; - - & .featureTextContainer { - margin-right: 60px; - } - - & .featureText { - max-width: 488px; - } - - & .imageContainer { - margin: 0; - } - } -} - -.featuresContainer { - padding-top: 157px; - padding-bottom: 394px; - display: grid; - row-gap: 120px; -} - -.title { - composes: g-type-display-1 from global; - max-width: 488px; - margin: 0; -} - -.listNumber { - composes: g-type-display-5 from global; - min-width: 40px; - height: 40px; - background-color: var(--consul); - display: flex; - justify-content: center; - align-items: center; - margin-right: 64px; - margin-top: 10px; - - @media (--small) { - margin-right: 30px; - margin-top: 6px; - } -} - -.featureTitle { - composes: g-type-display-2 from global; - margin: 0; -} - -.featureSubtitle { - composes: g-type-body-large from global; - margin-top: 16px; - margin-bottom: 0; -} - -.infoTitle { - composes: g-type-display-5 from global; - margin-top: 0; - margin-bottom: 8px; -} - -.infoSection { - composes: g-type-body from global; - margin-top: 32px; - margin-bottom: 40px; - display: grid; - row-gap: 24px; - - & p, - & ul { - margin: 0; - } -} diff --git a/website/components/footer/index.jsx b/website/components/footer/index.jsx deleted file mode 100644 index 6df511233..000000000 --- a/website/components/footer/index.jsx +++ /dev/null @@ -1,32 +0,0 @@ -import Link from 'next/link' - -export default function Footer({ openConsentManager }) { - return ( - - ) -} diff --git a/website/components/footer/style.css b/website/components/footer/style.css deleted file mode 100644 index 5f04743af..000000000 --- a/website/components/footer/style.css +++ /dev/null @@ -1,32 +0,0 @@ -.g-footer { - padding: 25px 0 17px 0; - flex-shrink: 0; - display: flex; - - & .g-grid-container { - display: flex; - justify-content: space-between; - flex-wrap: wrap; - } - - & a { - color: black; - opacity: 0.5; - transition: opacity 0.25s ease; - cursor: pointer; - display: inline-block; - - &:hover { - opacity: 1; - } - } - - & .left > a { - margin-right: 20px; - margin-bottom: 8px; - - &:last-child { - margin-right: 0; - } - } -} diff --git a/website/components/hcp-callout-section/HCPCalloutSection.module.css b/website/components/hcp-callout-section/HCPCalloutSection.module.css deleted file mode 100644 index 461213ad2..000000000 --- a/website/components/hcp-callout-section/HCPCalloutSection.module.css +++ /dev/null @@ -1,82 +0,0 @@ -.hcpCalloutSection { - composes: g-grid-container from global; - padding-top: 88px; - padding-bottom: 88px; - - & .header { - display: flex; - justify-content: center; - margin-bottom: 88px; - @media (max-width: 1120px) { - margin-bottom: 48px; - } - & h2 { - margin: 0; - text-align: center; - max-width: 450px; - } - } - - & .content { - display: flex; - flex-direction: row; - justify-content: space-between; - - @media (max-width: 1120px) { - flex-direction: column-reverse; - - & .info { - margin-top: 32px; - } - } - - & .info { - max-width: 488px; - margin-right: 32px; - - & h1 { - margin-top: 0; - margin-bottom: 8px; - } - & .chin { - color: var(--gray-3); - } - & .description { - color: var(--gray-2); - margin-top: 28px; - margin-bottom: 0; - - @media (max-width: 900px) { - margin-top: 18px; - } - } - & .links { - margin-top: 32px; - display: inline-flex; - flex-direction: column; - - & > * { - &:not(:last-child) { - margin-bottom: 24px; - } - } - } - } - - & > img { - align-self: center; - margin-right: -48px; - @media (max-width: 670px) { - max-width: 100%; - } - } - } -} - -.chin { - composes: g-type-label from global; -} - -.description { - composes: g-type-long-body from global; -} diff --git a/website/components/hcp-callout-section/index.jsx b/website/components/hcp-callout-section/index.jsx deleted file mode 100644 index 605429be3..000000000 --- a/website/components/hcp-callout-section/index.jsx +++ /dev/null @@ -1,44 +0,0 @@ -import styles from './HCPCalloutSection.module.css' -import Button from '@hashicorp/react-button' - -export default function HcpCalloutSection({ - id, - header, - title, - description, - chin, - image, - links, -}) { - return ( -
      -
      -

      {header}

      -
      - -
      -
      -

      {title}

      - {chin} -

      {description}

      -
      - {links.map((link, index) => { - const variant = index === 0 ? 'primary' : 'tertiary' - return ( -
      -
      - ) - })} -
      -
      - {title} -
      -
      - ) -} diff --git a/website/components/homepage-hero/index.jsx b/website/components/homepage-hero/index.jsx deleted file mode 100644 index cadbe232c..000000000 --- a/website/components/homepage-hero/index.jsx +++ /dev/null @@ -1,61 +0,0 @@ -import s from './style.module.css' -import Hero from '@hashicorp/react-hero' - -export default function HomepageHero({ - title, - description, - links, - uiVideo, - cliVideo, - alert, - image, -}) { - return ( -
      - -
      - ) -} diff --git a/website/components/homepage-hero/style.module.css b/website/components/homepage-hero/style.module.css deleted file mode 100644 index 4aa5d4a9e..000000000 --- a/website/components/homepage-hero/style.module.css +++ /dev/null @@ -1,18 +0,0 @@ -.consulHero { - /* Customize the branding */ - & :global(.carousel .controls .control) { - color: var(--gray-2); - & :global(.progress-bar) { - background: var(--gray-5); - & span { - background: var(--consul); - } - } - } - & :global(.g-hero .carousel) { - & :global(.video-wrapper.is-active) { - /* Padding % modifier differs slightly from react-hero to accommodate video heights */ - padding-top: calc((100% * 0.57) + 28px); /* !important; */ - } - } -} diff --git a/website/components/io-card-container/index.tsx b/website/components/io-card-container/index.tsx deleted file mode 100644 index e71ab886e..000000000 --- a/website/components/io-card-container/index.tsx +++ /dev/null @@ -1,82 +0,0 @@ -import * as React from 'react' -import classNames from 'classnames' -import Button from '@hashicorp/react-button' -import IoCard, { IoCardProps } from 'components/io-card' -import s from './style.module.css' - -interface IoCardContaianerProps { - theme?: 'light' | 'dark' - heading?: string - description?: string - label?: string - cta?: { - url: string - text: string - } - cardsPerRow: 3 | 4 - cards: Array -} - -export default function IoCardContaianer({ - theme = 'light', - heading, - description, - label, - cta, - cardsPerRow = 3, - cards, -}: IoCardContaianerProps): React.ReactElement { - return ( -
      - {heading || description ? ( -
      - {heading ?

      {heading}

      : null} - {description ?

      {description}

      : null} -
      - ) : null} - {cards.length ? ( - <> - {label || cta ? ( -
      - {label ?

      {label}

      : null} - {cta ? ( -
      - ) : null} -
        - {cards.map((card, index) => { - return ( - // Index is stable - // eslint-disable-next-line react/no-array-index-key -
      • - -
        • - ) - })} -
      - - ) : null} -
      - ) -} diff --git a/website/components/io-card-container/style.module.css b/website/components/io-card-container/style.module.css deleted file mode 100644 index b7b9b08d2..000000000 --- a/website/components/io-card-container/style.module.css +++ /dev/null @@ -1,114 +0,0 @@ -.cardContainer { - position: relative; - - & + .cardContainer { - margin-top: 64px; - - @media (--medium-up) { - margin-top: 132px; - } - } -} - -.header { - margin: 0 auto 64px; - text-align: center; - max-width: 600px; -} - -.heading { - margin: 0; - composes: g-type-display-2 from global; - - @nest .dark & { - color: var(--white); - } -} - -.description { - margin: 8px 0 0; - composes: g-type-body-large from global; - - @nest .dark & { - color: var(--gray-5); - } -} - -.subHeader { - margin: 0 0 32px; - display: flex; - align-items: center; - justify-content: space-between; - - @nest .dark & { - color: var(--gray-5); - } -} - -.label { - margin: 0; - composes: g-type-display-4 from global; -} - -.cardList { - list-style: none; - - --minCol: 250px; - --columns: var(--length); - - position: relative; - gap: 32px; - padding: 0; - - @media (--small) { - display: flex; - overflow-x: auto; - -ms-overflow-style: none; - scrollbar-width: none; - margin: 0; - padding: 6px 24px; - left: 50%; - margin-left: -50vw; - width: 100vw; - - /* This is to ensure there is overflow padding right on mobile. */ - &::after { - content: ''; - display: block; - width: 1px; - flex-shrink: 0; - } - } - - @media (--medium-up) { - display: grid; - grid-template-columns: repeat(var(--columns), minmax(var(--minCol), 1fr)); - } - - &.threeUp { - @media (--medium-up) { - --columns: 3; - --minCol: 0; - } - } - - &.fourUp { - @media (--medium-up) { - --columns: 3; - --minCol: 0; - } - - @media (--large) { - --columns: 4; - } - } - - & > li { - display: flex; - - @media (--small) { - flex-shrink: 0; - width: 250px; - } - } -} diff --git a/website/components/io-card/index.tsx b/website/components/io-card/index.tsx deleted file mode 100644 index 64baa4081..000000000 --- a/website/components/io-card/index.tsx +++ /dev/null @@ -1,124 +0,0 @@ -import * as React from 'react' -import Link from 'next/link' -import InlineSvg from '@hashicorp/react-inline-svg' -import classNames from 'classnames' -import { IconArrowRight24 } from '@hashicorp/flight-icons/svg-react/arrow-right-24' -import { IconExternalLink24 } from '@hashicorp/flight-icons/svg-react/external-link-24' -import { productLogos } from './product-logos' -import s from './style.module.css' - -export interface IoCardProps { - variant?: 'light' | 'gray' | 'dark' - products?: Array<{ - name: keyof typeof productLogos - }> - link: { - url: string - type: 'inbound' | 'outbound' - } - inset?: 'none' | 'sm' | 'md' - eyebrow?: string - heading?: string - description?: string - children?: React.ReactNode -} - -function IoCard({ - variant = 'light', - products, - link, - inset = 'md', - eyebrow, - heading, - description, - children, -}: IoCardProps): React.ReactElement { - const LinkWrapper = ({ className, children }) => - link.type === 'inbound' ? ( - - {children} - - ) : ( - - {children} - - ) - - return ( -
      - - {children ? ( - children - ) : ( - <> - {eyebrow ? {eyebrow} : null} - {heading ? {heading} : null} - {description ? {description} : null} - - )} -
      - {products && ( -
        - {products.map(({ name }, index) => { - const key = name.toLowerCase() - const version = variant === 'dark' ? 'neutral' : 'color' - return ( - // eslint-disable-next-line react/no-array-index-key -
      • - -
        • - ) - })} -
      - )} - - {link.type === 'inbound' ? ( - - ) : ( - - )} - -
      -       -
      - ) -} - -interface EyebrowProps { - children: string -} - -function Eyebrow({ children }: EyebrowProps) { - return

      {children}

      -} - -interface HeadingProps { - as?: 'h2' | 'h3' | 'h4' - children: React.ReactNode -} - -function Heading({ as: Component = 'h2', children }: HeadingProps) { - return {children} -} - -interface DescriptionProps { - children: string -} - -function Description({ children }: DescriptionProps) { - return

      {children}

      -} - -IoCard.Eyebrow = Eyebrow -IoCard.Heading = Heading -IoCard.Description = Description - -export default IoCard diff --git a/website/components/io-card/product-logos.ts b/website/components/io-card/product-logos.ts deleted file mode 100644 index 9c24e3bf4..000000000 --- a/website/components/io-card/product-logos.ts +++ /dev/null @@ -1,34 +0,0 @@ -export const productLogos = { - boundary: { - color: require('@hashicorp/mktg-logos/product/boundary/logomark/color.svg?include'), - neutral: require('@hashicorp/mktg-logos/product/boundary/logomark/white.svg?include'), - }, - consul: { - color: require('@hashicorp/mktg-logos/product/consul/logomark/color.svg?include'), - neutral: require('@hashicorp/mktg-logos/product/consul/logomark/white.svg?include'), - }, - nomad: { - color: require('@hashicorp/mktg-logos/product/nomad/logomark/color.svg?include'), - neutral: require('@hashicorp/mktg-logos/product/nomad/logomark/white.svg?include'), - }, - packer: { - color: require('@hashicorp/mktg-logos/product/packer/logomark/color.svg?include'), - neutral: require('@hashicorp/mktg-logos/product/packer/logomark/white.svg?include'), - }, - terraform: { - color: require('@hashicorp/mktg-logos/product/terraform/logomark/color.svg?include'), - neutral: require('@hashicorp/mktg-logos/product/terraform/logomark/white.svg?include'), - }, - vagrant: { - color: require('@hashicorp/mktg-logos/product/vagrant/logomark/color.svg?include'), - neutral: require('@hashicorp/mktg-logos/product/vagrant/logomark/white.svg?include'), - }, - vault: { - color: require('@hashicorp/mktg-logos/product/vault/logomark/color.svg?include'), - neutral: require('@hashicorp/mktg-logos/product/vault/logomark/white.svg?include'), - }, - waypoint: { - color: require('@hashicorp/mktg-logos/product/waypoint/logomark/color.svg?include'), - neutral: require('@hashicorp/mktg-logos/product/waypoint/logomark/white.svg?include'), - }, -} diff --git a/website/components/io-card/style.module.css b/website/components/io-card/style.module.css deleted file mode 100644 index 44df36ced..000000000 --- a/website/components/io-card/style.module.css +++ /dev/null @@ -1,148 +0,0 @@ -.card { - /* Radii */ - --token-radius: 6px; - - /* Spacing */ - --token-spacing-03: 8px; - --token-spacing-04: 16px; - --token-spacing-05: 24px; - --token-spacing-06: 32px; - - /* Elevations */ - --token-elevation-mid: 0 2px 3px rgba(101, 106, 118, 0.1), - 0 8px 16px -10px rgba(101, 106, 118, 0.2); - --token-elevation-high: 0 2px 3px rgba(101, 106, 118, 0.15), - 0 16px 16px -10px rgba(101, 106, 118, 0.2); - - /* Transition */ - --token-transition: ease-in-out 0.2s; - - display: flex; - flex-direction: column; - flex-grow: 1; - min-height: 300px; - - & a { - display: flex; - flex-direction: column; - flex-grow: 1; - border-radius: var(--token-radius); - box-shadow: 0 0 0 1px rgba(38, 53, 61, 0.1), var(--token-elevation-mid); - transition: var(--token-transition); - transition-property: background-color, box-shadow; - - &:hover { - box-shadow: 0 0 0 2px rgba(38, 53, 61, 0.15), var(--token-elevation-high); - cursor: pointer; - } - - /* Variants */ - &.dark { - background-color: var(--gray-1); - - &:hover { - background-color: var(--gray-2); - } - } - - &.gray { - background-color: #f9f9fa; - } - - &.light { - background-color: var(--white); - } - - /* Spacing */ - &.none { - padding: 0; - } - - &.sm { - padding: var(--token-spacing-05); - } - - &.md { - padding: var(--token-spacing-06); - } - } -} - -.eyebrow { - margin: 0; - composes: g-type-label-small from global; - color: var(--gray-3); - - @nest .dark & { - color: var(--gray-5); - } -} - -.heading { - margin: 0; - composes: g-type-display-5 from global; - color: var(--black); - - @nest * + & { - margin-top: var(--token-spacing-05); - } - - @nest .dark & { - color: var(--white); - } -} - -.description { - margin: 0; - composes: g-type-body-small from global; - color: var(--gray-3); - - @nest * + & { - margin-top: var(--token-spacing-03); - } - - @nest .dark & { - color: var(--gray-5); - } -} - -.footer { - margin-top: auto; - display: flex; - justify-content: space-between; - align-items: flex-end; - padding-top: 32px; -} - -.products { - display: flex; - gap: 8px; - margin: 0; - padding: 0; - - & > li { - width: 32px; - height: 32px; - display: grid; - place-items: center; - } - - & .logo { - display: flex; - - & svg { - width: 32px; - height: 32px; - } - } -} - -.linkType { - margin-left: auto; - display: flex; - color: var(--black); - - @nest .dark & { - color: var(--white); - } -} diff --git a/website/components/io-dialog/index.tsx b/website/components/io-dialog/index.tsx deleted file mode 100644 index 14298b305..000000000 --- a/website/components/io-dialog/index.tsx +++ /dev/null @@ -1,47 +0,0 @@ -import * as React from 'react' -import { DialogOverlay, DialogContent, DialogOverlayProps } from '@reach/dialog' -import { AnimatePresence, motion } from 'framer-motion' -import s from './style.module.css' - -export interface IoDialogProps extends DialogOverlayProps { - label: string -} - -export default function IoDialog({ - isOpen, - onDismiss, - children, - label, -}: IoDialogProps): React.ReactElement { - const AnimatedDialogOverlay = motion(DialogOverlay) - return ( - - {isOpen && ( - -
      - - - - {children} - - -
      -       - )} -       - ) -} diff --git a/website/components/io-dialog/style.module.css b/website/components/io-dialog/style.module.css deleted file mode 100644 index 306619ac8..000000000 --- a/website/components/io-dialog/style.module.css +++ /dev/null @@ -1,62 +0,0 @@ -.dialogOverlay { - background-color: rgba(0, 0, 0, 0.75); - height: 100%; - left: 0; - overflow-y: auto; - position: fixed; - top: 0; - width: 100%; - z-index: 666666667 /* higher than global nav */; -} - -.dialogWrapper { - display: grid; - min-height: 100vh; - padding: 24px; - place-items: center; -} - -.dialogContent { - background-color: var(--gray-1); - color: var(--white); - max-width: 800px; - outline: none; - overflow-y: auto; - padding: 24px; - position: relative; - width: 100%; - - @media (min-width: 768px) { - padding: 48px; - } -} - -.dialogClose { - appearance: none; - background-color: transparent; - border: 0; - composes: g-type-display-5 from global; - cursor: pointer; - margin: 0; - padding: 0; - position: absolute; - color: var(--white); - right: 24px; - top: 24px; - z-index: 1; - - @media (min-width: 768px) { - right: 48px; - top: 48px; - } - - @nest html[dir='rtl'] & { - left: 24px; - right: auto; - - @media (min-width: 768px) { - left: 48px; - right: auto; - } - } -} diff --git a/website/components/io-home-call-to-action/index.tsx b/website/components/io-home-call-to-action/index.tsx deleted file mode 100644 index 7296b361b..000000000 --- a/website/components/io-home-call-to-action/index.tsx +++ /dev/null @@ -1,39 +0,0 @@ -import ReactCallToAction from '@hashicorp/react-call-to-action' -import { Products } from '@hashicorp/platform-product-meta' -import s from './style.module.css' - -interface IoHomeCallToActionProps { - brand: Products - heading: string - content: string - links: Array<{ - text: string - url: string - }> -} - -export default function IoHomeCallToAction({ - brand, - heading, - content, - links, -}: IoHomeCallToActionProps) { - return ( -
      - { - return { - text, - url, - type: index === 1 ? 'inbound' : null, - } - })} - /> -
      - ) -} diff --git a/website/components/io-home-call-to-action/style.module.css b/website/components/io-home-call-to-action/style.module.css deleted file mode 100644 index 76cb03446..000000000 --- a/website/components/io-home-call-to-action/style.module.css +++ /dev/null @@ -1,12 +0,0 @@ -.callToAction { - margin: 60px auto; - background-image: linear-gradient(52.3deg, #2c2d2f 39.83%, #626264 96.92%); - - @media (--medium-up) { - margin: 120px auto; - } - - & > * { - background-color: transparent; - } -} diff --git a/website/components/io-home-case-studies/index.tsx b/website/components/io-home-case-studies/index.tsx deleted file mode 100644 index 3155749e2..000000000 --- a/website/components/io-home-case-studies/index.tsx +++ /dev/null @@ -1,81 +0,0 @@ -import * as React from 'react' -import Image from 'next/image' -import { IconExternalLink16 } from '@hashicorp/flight-icons/svg-react/external-link-16' -import { IconArrowRight16 } from '@hashicorp/flight-icons/svg-react/arrow-right-16' -import s from './style.module.css' - -interface IoHomeCaseStudiesProps { - isInternalLink: (link: string) => boolean - heading: string - description: string - primary: Array<{ - thumbnail: { - url: string - alt: string - } - link: string - heading: string - }> - secondary: Array<{ - link: string - heading: string - }> -} - -export default function IoHomeCaseStudies({ - isInternalLink, - heading, - description, - primary, - secondary, -}: IoHomeCaseStudiesProps): React.ReactElement { - return ( -
      -
      -
      -

      {heading}

      -

      {description}

      -
      -
      - - - -
      -
      -
      - ) -} diff --git a/website/components/io-home-case-studies/style.module.css b/website/components/io-home-case-studies/style.module.css deleted file mode 100644 index 63ff3102f..000000000 --- a/website/components/io-home-case-studies/style.module.css +++ /dev/null @@ -1,170 +0,0 @@ -.root { - position: relative; - margin: 60px auto; - max-width: 1600px; - - @media (--medium-up) { - margin: 120px auto; - } -} - -.container { - composes: g-grid-container from global; -} - -.header { - margin-bottom: 32px; - - @media (--medium-up) { - max-width: calc(100% * 5 / 12); - } -} - -.heading { - margin: 0; - composes: g-type-display-3 from global; -} - -.description { - margin: 8px 0 0; - composes: g-type-body from global; - color: var(--gray-3); -} - -.caseStudies { - --columns: 1; - - display: grid; - grid-template-columns: repeat(var(--columns), minmax(0, 1fr)); - gap: 32px; - - @media (--medium-up) { - --columns: 12; - } -} - -.primary { - --columns: 1; - - grid-column: 1 / -1; - list-style: none; - margin: 0; - padding: 0; - display: grid; - grid-template-columns: repeat(var(--columns), minmax(0, 1fr)); - gap: 32px; - - @media (--medium-up) { - --columns: 2; - } - - @media (--large) { - grid-column: 1 / 9; - } -} - -.primaryItem { - display: flex; -} - -.card { - position: relative; - overflow: hidden; - display: flex; - flex-direction: column; - flex-grow: 1; - justify-content: flex-end; - padding: 32px; - box-shadow: 0 8px 16px -10px rgba(101, 106, 118, 0.2); - background-color: #000; - border-radius: 6px; - color: var(--white); - transition: ease-in-out 0.2s; - transition-property: box-shadow; - min-height: 300px; - - &::before { - content: ''; - position: absolute; - top: 0; - left: 0; - width: 100%; - height: 100%; - z-index: 10; - border-radius: 6px; - background-image: linear-gradient( - to bottom, - rgba(0, 0, 0, 0), - rgba(0, 0, 0, 0.45) - ); - transition: opacity ease-in-out 0.2s; - } - - &:hover { - box-shadow: 0 2px 3px rgba(101, 106, 118, 0.15), - 0 16px 16px -10px rgba(101, 106, 118, 0.2); - - &::before { - opacity: 0.75; - } - } -} - -.cardThumbnail { - transition: transform 0.4s; - - @nest .card:hover & { - transform: scale(1.04); - } -} - -.cardHeading { - margin: 0; - composes: g-type-display-4 from global; - z-index: 10; -} - -.secondary { - grid-column: 1 / -1; - list-style: none; - margin: 0; - padding: 0; - - @media (--large) { - margin-top: -32px; - grid-column: 9 / -1; - } -} - -.secondaryItem { - border-bottom: 1px solid var(--gray-5); -} - -.link { - display: flex; - width: 100%; - color: var(--black); -} - -.linkInner { - display: flex; - width: 100%; - justify-content: space-between; - padding-top: 32px; - padding-bottom: 32px; - transition: transform ease-in-out 0.2s; - - @nest .link:hover & { - transform: translateX(4px); - } - - & svg { - margin-top: 6px; - flex-shrink: 0; - } -} - -.linkHeading { - margin: 0 32px 0 0; - composes: g-type-display-6 from global; -} diff --git a/website/components/io-home-feature/index.tsx b/website/components/io-home-feature/index.tsx deleted file mode 100644 index f3e910fcd..000000000 --- a/website/components/io-home-feature/index.tsx +++ /dev/null @@ -1,80 +0,0 @@ -import * as React from 'react' -import Image from 'next/image' -import Link from 'next/link' -import { IconArrowRight16 } from '@hashicorp/flight-icons/svg-react/arrow-right-16' -import s from './style.module.css' - -export interface IoHomeFeatureProps { - isInternalLink: (link: string) => boolean - link?: string - image: { - url: string - alt: string - } - heading: string - description: string -} - -export default function IoHomeFeature({ - isInternalLink, - link, - image, - heading, - description, -}: IoHomeFeatureProps): React.ReactElement { - return ( - -
      - {image.alt} -
      -
      -

      {heading}

      -

      {description}

      - {link ? ( - - Learn more{' '} - - - - - ) : null} -
      -       - ) -} - -interface IoHomeFeatureWrapProps { - isInternalLink: (link: string) => boolean - href: string - children: React.ReactNode -} - -function IoHomeFeatureWrap({ - isInternalLink, - href, - children, -}: IoHomeFeatureWrapProps) { - if (!href) { - return
      {children}
      - } - - if (isInternalLink(href)) { - return ( - - {children} - - ) - } - - return ( - - {children} - - ) -} diff --git a/website/components/io-home-feature/style.module.css b/website/components/io-home-feature/style.module.css deleted file mode 100644 index 70c2cc510..000000000 --- a/website/components/io-home-feature/style.module.css +++ /dev/null @@ -1,79 +0,0 @@ -.feature { - display: flex; - align-items: center; - flex-direction: column; - padding: 32px; - gap: 24px 64px; - border-radius: 6px; - background-color: #f9f9fa; - color: var(--black); - box-shadow: 0 2px 3px rgba(101, 106, 118, 0.1), - 0 8px 16px -10px rgba(101, 106, 118, 0.2); - - @media (--medium-up) { - flex-direction: row; - } -} - -.featureLink { - transition: box-shadow ease-in-out 0.2s; - - &:hover { - box-shadow: 0 2px 3px rgba(101, 106, 118, 0.15), - 0 16px 16px -10px rgba(101, 106, 118, 0.2); - } -} - -.featureMedia { - flex-shrink: 0; - display: flex; - width: 100%; - border-radius: 6px; - overflow: hidden; - border: 1px solid var(--gray-5); - - @media (--medium-up) { - width: 300px; - } - - @media (--large) { - width: 400px; - } - - & > * { - width: 100%; - } -} - -.featureContent { - max-width: 520px; -} - -.featureHeading { - margin: 0; - composes: g-type-display-4 from global; -} - -.featureDescription { - margin: 8px 0 24px; - composes: g-type-body-small from global; - color: var(--gray-3); -} - -.featureCta { - display: inline-flex; - align-items: center; - - & > span { - display: flex; - margin-left: 12px; - - & > svg { - transition: transform 0.2s; - } - } - - @nest .feature:hover & span svg { - transform: translateX(2px); - } -} diff --git a/website/components/io-home-hero/index.tsx b/website/components/io-home-hero/index.tsx deleted file mode 100644 index fabaafd37..000000000 --- a/website/components/io-home-hero/index.tsx +++ /dev/null @@ -1,135 +0,0 @@ -import * as React from 'react' -import { Products } from '@hashicorp/platform-product-meta' -import Button from '@hashicorp/react-button' -import classNames from 'classnames' -import s from './style.module.css' - -interface IoHomeHeroProps { - pattern: string - brand: Products | 'neutral' - heading: string - description: string - ctas: Array<{ - title: string - link: string - }> - cards: Array -} - -export default function IoHomeHero({ - pattern, - brand, - heading, - description, - ctas, - cards, -}: IoHomeHeroProps) { - const [loaded, setLoaded] = React.useState(false) - - React.useEffect(() => { - setTimeout(() => { - setLoaded(true) - }, 250) - }, []) - - return ( -
      - -
      -
      -

      {heading}

      -

      {description}

      - {ctas && ( -
      - {ctas.map((cta, index) => { - return ( -
      - )} -
      - {cards && ( -
      - {cards.map((card, index) => { - return ( - - ) - })} -
      - )} -
      -
      - ) -} - -interface IoHomeHeroCardProps { - index?: number - heading: string - description: string - cta: { - title: string - link: string - brand?: 'neutral' | Products - } - subText: string -} - -function IoHomeHeroCard({ - index, - heading, - description, - cta, - subText, -}: IoHomeHeroCardProps): React.ReactElement { - return ( -
      -

      {heading}

      -

      {description}

      -
      - ) -} diff --git a/website/components/io-home-hero/style.module.css b/website/components/io-home-hero/style.module.css deleted file mode 100644 index c7f47026f..000000000 --- a/website/components/io-home-hero/style.module.css +++ /dev/null @@ -1,148 +0,0 @@ -.hero { - position: relative; - padding-top: 64px; - padding-bottom: 64px; - background: linear-gradient(180deg, #f9f9fa 0%, #fff 28.22%, #fff 100%); - - @media (--medium-up) { - padding-top: 128px; - padding-bottom: 128px; - } -} - -.pattern { - position: absolute; - top: 0; - left: 0; - right: 0; - bottom: 0; - max-width: 1600px; - width: 100%; - margin: auto; - - @media (--medium-up) { - background-image: var(--pattern); - background-repeat: no-repeat; - background-position: top right; - } -} - -.container { - --columns: 1; - - composes: g-grid-container from global; - display: grid; - grid-template-columns: repeat(var(--columns), minmax(0, 1fr)); - gap: 48px 32px; - - @media (--medium-up) { - --columns: 12; - } -} - -.content { - grid-column: 1 / -1; - - @media (--medium-up) { - grid-column: 1 / 6; - } - - & > * { - max-width: 415px; - } -} - -.heading { - margin: 0; - composes: g-type-display-1 from global; -} - -.description { - margin: 8px 0 0; - composes: g-type-body-small from global; - color: var(--gray-3); -} - -.ctas { - margin-top: 24px; - display: flex; - flex-direction: column; - align-items: flex-start; - gap: 24px; -} - -.cards { - --columns: 1; - - grid-column: 1 / -1; - align-self: start; - display: grid; - grid-template-columns: repeat(var(--columns), minmax(0, 1fr)); - gap: 32px; - - @media (min-width: 600px) { - --columns: 2; - } - - @media (--medium-up) { - --columns: 1; - - grid-column: 7 / -1; - } - - @media (--large) { - --columns: 2; - - grid-column: 6 / -1; - } -} - -.card { - --token-radius: 6px; - --token-elevation-mid: 0 2px 3px rgba(101, 106, 118, 0.1), - 0 8px 16px -10px rgba(101, 106, 118, 0.2); - - opacity: 0; - padding: 40px 32px; - display: flex; - align-items: flex-start; - flex-direction: column; - flex-grow: 1; - background-color: var(--white); - border-radius: var(--token-radius); - box-shadow: 0 0 0 1px rgba(38, 53, 61, 0.1), var(--token-elevation-mid); - - @nest .loaded & { - animation-name: slideIn; - animation-duration: 0.5s; - animation-delay: calc(var(--index) * 0.1s); - animation-fill-mode: forwards; - } -} - -.cardHeading { - margin: 0; - composes: g-type-display-4 from global; -} - -.cardDescription { - margin: 8px 0 16px; - composes: g-type-display-6 from global; -} - -.cardSubText { - margin: 32px 0 0; - composes: g-type-body-small from global; - color: var(--gray-3); -} - -@keyframes slideIn { - from { - opacity: 0; - transform: translateY(50px); - } - to { - opacity: 1; - transform: translateY(0); - } -} diff --git a/website/components/io-home-in-practice/index.tsx b/website/components/io-home-in-practice/index.tsx deleted file mode 100644 index 6e145b2e9..000000000 --- a/website/components/io-home-in-practice/index.tsx +++ /dev/null @@ -1,86 +0,0 @@ -import * as React from 'react' -import Image from 'next/image' -import Button from '@hashicorp/react-button' -import { Products } from '@hashicorp/platform-product-meta' -import { IoCardProps } from 'components/io-card' -import IoCardContainer from 'components/io-card-container' -import s from './style.module.css' - -interface IoHomeInPracticeProps { - brand: Products - pattern: string - heading: string - description: string - cards: Array - cta: { - heading: string - description: string - link: string - image: { - url: string - alt: string - width: number - height: number - } - } -} - -export default function IoHomeInPractice({ - brand, - pattern, - heading, - description, - cards, - cta, -}: IoHomeInPracticeProps) { - return ( -
      -
      - - - {cta.heading ? ( -
      -
      -

      {cta.heading}

      - {cta.description ? ( -

      {cta.description}

      - ) : null} - {cta.link ? ( -
      - {cta.image?.url ? ( -
      - {cta.image.alt} -
      - ) : null} -
      - ) : null} -
      -
      - ) -} diff --git a/website/components/io-home-in-practice/style.module.css b/website/components/io-home-in-practice/style.module.css deleted file mode 100644 index 13ed2bfd9..000000000 --- a/website/components/io-home-in-practice/style.module.css +++ /dev/null @@ -1,98 +0,0 @@ -.inPractice { - position: relative; - margin: 60px auto; - padding: 64px 0; - max-width: 1600px; - - @media (--medium-up) { - padding: 80px 0; - margin: 120px auto; - } - - &::before { - content: ''; - position: absolute; - top: 0; - left: 0; - right: 0; - bottom: 0; - background: var(--black); - background-image: var(--pattern); - background-repeat: no-repeat; - background-size: 50%; - background-position: top 200px left; - - @media (--large) { - border-radius: 6px; - left: 24px; - right: 24px; - background-size: 35%; - background-position: top 64px left; - } - } -} - -.container { - composes: g-grid-container from global; -} - -.inPracticeCta { - --columns: 1; - - position: relative; - margin-top: 64px; - display: grid; - grid-template-columns: repeat(var(--columns), minmax(0, 1fr)); - gap: 64px 32px; - - @media (--medium-up) { - --columns: 12; - } - - &::before { - content: ''; - position: absolute; - top: 0; - left: 0; - width: 100%; - bottom: -64px; - background-image: radial-gradient( - 42.33% 42.33% at 50% 100%, - #363638 0%, - #000 100% - ); - - @media (--medium-up) { - bottom: -80px; - } - } -} - -.inPracticeCtaContent { - position: relative; - grid-column: 1 / -1; - - @media (--medium-up) { - grid-column: 1 / 5; - } -} - -.inPracticeCtaMedia { - grid-column: 1 / -1; - - @media (--medium-up) { - grid-column: 6 / -1; - } -} - -.inPracticeCtaHeading { - margin: 0; - color: var(--white); - composes: g-type-display-3 from global; -} - -.inPracticeCtaDescription { - margin: 8px 0 32px; - color: var(--gray-5); - composes: g-type-body from global; -} diff --git a/website/components/io-home-intro/index.tsx b/website/components/io-home-intro/index.tsx deleted file mode 100644 index c8081b4f7..000000000 --- a/website/components/io-home-intro/index.tsx +++ /dev/null @@ -1,155 +0,0 @@ -import * as React from 'react' -import Image from 'next/image' -import classNames from 'classnames' -import { Products } from '@hashicorp/platform-product-meta' -import Button from '@hashicorp/react-button' -import IoVideoCallout, { - IoHomeVideoCalloutProps, -} from 'components/io-video-callout' -import IoHomeFeature, { IoHomeFeatureProps } from 'components/io-home-feature' -import s from './style.module.css' - -interface IoHomeIntroProps { - isInternalLink: (link: string) => boolean - brand: Products - heading: string - description: string - features?: Array - offerings?: { - image: { - src: string - width: number - height: number - alt: string - } - list: Array<{ - heading: string - description: string - }> - cta?: { - title: string - link: string - } - } - video?: IoHomeVideoCalloutProps -} - -export default function IoHomeIntro({ - isInternalLink, - brand, - heading, - description, - features, - offerings, - video, -}: IoHomeIntroProps) { - return ( -
      -
      -
      -
      -

      {heading}

      -

      {description}

      -
      -
      -
      - - {features ? ( -
        - {features.map((feature, index) => { - return ( - // Index is stable - // eslint-disable-next-line react/no-array-index-key -
      • -
        - -
        -
        • - ) - })} -
      - ) : null} - - {offerings ? ( -
      - {offerings.image ? ( -
      - {offerings.image.alt} -
      - ) : null} -
      -
        - {offerings.list.map((offering, index) => { - return ( - // Index is stable - // eslint-disable-next-line react/no-array-index-key -
      • -

        - {offering.heading} -

        -

        - {offering.description} -

        -
        • - ) - })} -
      - {offerings.cta ? ( -
      -
      - ) : null} -
      -
      - ) : null} - - {video ? ( -
      - -
      - ) : null} -
      - ) -} diff --git a/website/components/io-home-intro/style.module.css b/website/components/io-home-intro/style.module.css deleted file mode 100644 index 6227a49ba..000000000 --- a/website/components/io-home-intro/style.module.css +++ /dev/null @@ -1,169 +0,0 @@ -.root { - position: relative; - margin-bottom: 60px; - - @media (--medium-up) { - margin-bottom: 120px; - } - - &.withOfferings:not(.withFeatures)::before { - content: ''; - position: absolute; - top: 0; - left: 0; - right: 0; - bottom: 0; - background-image: radial-gradient( - 93.55% 93.55% at 50% 0%, - var(--gray-6) 0%, - rgba(242, 242, 243, 0) 100% - ); - - @media (--large) { - border-radius: 6px; - left: 24px; - right: 24px; - } - } -} - -.container { - composes: g-grid-container from global; -} - -.header { - padding-top: 64px; - padding-bottom: 64px; - text-align: center; - - @nest .withFeatures & { - background-color: var(--brand); - } - - @nest .withFeatures.consul & { - color: var(--white); - } -} - -.headerInner { - margin: auto; - - @media (--medium-up) { - max-width: calc(100% * 7 / 12); - } -} - -.heading { - margin: 0; - composes: g-type-display-2 from global; -} - -.description { - margin: 24px 0 0; - composes: g-type-body-large from global; - - @nest .withOfferings:not(.withFeatures) & { - color: var(--gray-3); - } -} - -/* - * Features - */ - -.features { - list-style: none; - margin: 0; - padding: 0; - display: grid; - gap: 32px; - - & li:first-of-type { - background-image: linear-gradient( - to bottom, - var(--brand) 50%, - var(--white) 50% - ); - } -} - -/* - * Offerings - */ - -.offerings { - --columns: 1; - - composes: g-grid-container from global; - display: grid; - grid-template-columns: repeat(var(--columns), minmax(0, 1fr)); - gap: 64px 32px; - - @media (--medium-up) { - --columns: 12; - } - - @nest .features + & { - margin-top: 60px; - - @media (--medium-up) { - margin-top: 120px; - } - } -} - -.offeringsMedia { - grid-column: 1 / -1; - - @media (--medium-up) { - grid-column: 1 / 6; - } -} - -.offeringsContent { - grid-column: 1 / -1; - - @media (--medium-up) { - grid-column: 7 / -1; - } -} - -.offeringsList { - list-style: none; - margin: 0; - padding: 0; - display: grid; - grid-template-columns: repeat(2, 1fr); - gap: 32px; - - @media (--small) { - grid-template-columns: repeat(1, 1fr); - } -} - -.offeringsListHeading { - margin: 0; - composes: g-type-display-4 from global; -} - -.offeringsListDescription { - margin: 16px 0 0; - composes: g-type-body-small from global; -} - -.offeringsCta { - margin-top: 48px; -} - -/* - * Video - */ - -.video { - margin-top: 60px; - composes: g-grid-container from global; - - @media (--medium-up) { - margin-top: 120px; - } -} diff --git a/website/components/io-home-pre-footer/index.tsx b/website/components/io-home-pre-footer/index.tsx deleted file mode 100644 index 98127443d..000000000 --- a/website/components/io-home-pre-footer/index.tsx +++ /dev/null @@ -1,79 +0,0 @@ -import * as React from 'react' -import classNames from 'classnames' -import { Products } from '@hashicorp/platform-product-meta' -import { IconArrowRight16 } from '@hashicorp/flight-icons/svg-react/arrow-right-16' -import s from './style.module.css' - -interface IoHomePreFooterProps { - brand: Products - heading: string - description: string - ctas: [IoHomePreFooterCard, IoHomePreFooterCard, IoHomePreFooterCard] -} - -export default function IoHomePreFooter({ - brand, - heading, - description, - ctas, -}: IoHomePreFooterProps) { - return ( -
      -
      -
      -

      {heading}

      -

      {description}

      -
      -
      - {ctas.map((cta, index) => { - return ( - - ) - })} -
      -
      -
      - ) -} - -interface IoHomePreFooterCard { - brand?: string - link: string - heading: string - description: string - cta: string -} - -function IoHomePreFooterCard({ - brand, - link, - heading, - description, - cta, -}: IoHomePreFooterCard): React.ReactElement { - return ( - -

      {heading}

      -

      {description}

      - - {cta} - -       - ) -} diff --git a/website/components/io-home-pre-footer/style.module.css b/website/components/io-home-pre-footer/style.module.css deleted file mode 100644 index 1273e2087..000000000 --- a/website/components/io-home-pre-footer/style.module.css +++ /dev/null @@ -1,122 +0,0 @@ -.preFooter { - margin: 60px auto; -} - -.container { - --columns: 1; - - composes: g-grid-container from global; - display: grid; - grid-template-columns: repeat(var(--columns), minmax(0, 1fr)); - gap: 32px; - - @media (--medium-up) { - --columns: 12; - } -} - -.content { - grid-column: 1 / -1; - - @media (--medium-up) { - grid-column: 1 / 6; - } - - @media (--large) { - grid-column: 1 / 4; - } -} - -.heading { - margin: 0; - composes: g-type-display-1 from global; -} - -.description { - margin: 24px 0 0; - composes: g-type-body from global; - color: var(--gray-3); -} - -.cards { - grid-column: 1 / -1; - - --columns: 1; - - display: grid; - grid-template-columns: repeat(var(--columns), minmax(0, 1fr)); - gap: 32px; - - @media (--medium-up) { - --columns: 3; - - grid-column: 1 / -1; - } - - @media (--large) { - grid-column: 5 / -1; - } -} - -.card { - display: flex; - flex-direction: column; - flex-grow: 1; - padding: 32px 24px; - background-color: var(--primary); - color: var(--black); - border-radius: 6px; - box-shadow: 0 2px 3px rgba(101, 106, 118, 0.1), - 0 8px 16px -10px rgba(101, 106, 118, 0.2); - transition: ease-in-out 0.2s; - transition-property: box-shadow; - - &:hover { - box-shadow: 0 2px 3px rgba(101, 106, 118, 0.15), - 0 16px 16px -10px rgba(101, 106, 118, 0.2); - } - - &:nth-of-type(1) { - color: var(--white); - - @nest .vault & { - color: var(--black); - } - } - - &:nth-of-type(2) { - background-color: var(--secondary); - } - - &:nth-of-type(3) { - background-color: var(--gray-6); - } -} - -.cardHeading { - margin: 0; - composes: g-type-display-4 from global; -} - -.cardDescription { - margin: 8px 0 0; - padding-bottom: 48px; - color: inherit; - composes: g-type-display-6 from global; -} - -.cardCta { - margin-top: auto; - display: inline-flex; - align-items: center; - composes: g-type-buttons-and-standalone-links from global; - - & svg { - margin-left: 12px; - transition: transform 0.2s; - } - - @nest .card:hover & svg { - transform: translate(2px); - } -} diff --git a/website/components/io-usecase-call-to-action/index.tsx b/website/components/io-usecase-call-to-action/index.tsx deleted file mode 100644 index 252be27f1..000000000 --- a/website/components/io-usecase-call-to-action/index.tsx +++ /dev/null @@ -1,69 +0,0 @@ -import Image from 'next/image' -import * as React from 'react' -import classNames from 'classnames' -import Button from '@hashicorp/react-button' -import s from './style.module.css' - -interface IoUsecaseCallToActionProps { - brand: string - theme?: 'light' | 'dark' - heading: string - description: string - links: Array<{ - text: string - url: string - }> - pattern: string -} - -export default function IoUsecaseCallToAction({ - brand, - theme, - heading, - description, - links, - pattern, -}: IoUsecaseCallToActionProps): React.ReactElement { - return ( -
      -

      {heading}

      -
      -

      {description}

      -
      - {links.map((link, index) => { - return ( -
      -
      -
      - -
      -
      - ) -} diff --git a/website/components/io-usecase-call-to-action/style.module.css b/website/components/io-usecase-call-to-action/style.module.css deleted file mode 100644 index 1afcb903d..000000000 --- a/website/components/io-usecase-call-to-action/style.module.css +++ /dev/null @@ -1,66 +0,0 @@ -.callToAction { - --columns: 1; - - position: relative; - display: grid; - grid-template-columns: repeat(var(--columns), minmax(0, 1fr)); - gap: 0 32px; - padding: 32px; - background-color: var(--background-color); - border-radius: 6px; - - &.light { - color: var(--black); - } - - &.dark { - color: var(--white); - } - - @media (--medium-up) { - --columns: 12; - - padding: 0; - } -} - -.heading { - grid-column: 1 / -1; - margin: 0 0 16px; - composes: g-type-display-3 from global; - - @media (--medium-up) { - grid-column: 1 / 6; - padding: 88px 32px 88px 64px; - } -} - -.content { - grid-column: 1 / -1; - - @media (--medium-up) { - grid-column: 6 / 11; - padding: 88px 0; - } -} - -.description { - margin: 0 0 32px; - composes: g-type-body-large from global; -} - -.links { - display: flex; - flex-wrap: wrap; - gap: 16px 32px; -} - -.pattern { - position: relative; - display: none; - - @media (--medium-up) { - grid-column: 11 / -1; - display: flex; - } -} diff --git a/website/components/io-usecase-customer/index.tsx b/website/components/io-usecase-customer/index.tsx deleted file mode 100644 index 288b953b8..000000000 --- a/website/components/io-usecase-customer/index.tsx +++ /dev/null @@ -1,86 +0,0 @@ -import * as React from 'react' -import Image from 'next/image' -import Button from '@hashicorp/react-button' -import s from './style.module.css' - -interface IoUsecaseCustomerProps { - media: { - src: string - width: string - height: string - alt: string - } - logo: { - src: string - width: string - height: string - alt: string - } - heading: string - description: string - stats?: Array<{ - value: string - key: string - }> - link: string -} - -export default function IoUsecaseCustomer({ - media, - logo, - heading, - description, - stats, - link, -}: IoUsecaseCustomerProps): React.ReactElement { - return ( -
      -
      -
      -
      - {/* eslint-disable-next-line jsx-a11y/alt-text */} - -
      -
      -
      -
      - {/* eslint-disable-next-line jsx-a11y/alt-text */} - -
      - Customer case study -
      -

      {heading}

      -

      {description}

      - {link ? ( -
      -
      - ) : null} -
      -
      - {stats.length > 0 ? ( -
        - {stats.map(({ key, value }, index) => { - return ( - // Index is stable - // eslint-disable-next-line react/no-array-index-key -
      • -

        {value}

        -

        {key}

        -
        • - ) - })} -
      - ) : null} -
      -
      - ) -} diff --git a/website/components/io-usecase-customer/style.module.css b/website/components/io-usecase-customer/style.module.css deleted file mode 100644 index b88156073..000000000 --- a/website/components/io-usecase-customer/style.module.css +++ /dev/null @@ -1,119 +0,0 @@ -.customer { - position: relative; - background-color: var(--black); - color: var(--white); - padding-bottom: 64px; - - @media (--medium-up) { - padding-bottom: 132px; - } -} - -.container { - composes: g-grid-container from global; -} - -.columns { - --columns: 1; - - display: grid; - grid-template-columns: repeat(var(--columns), minmax(0, 1fr)); - gap: 64px 32px; - - @media (--medium-up) { - --columns: 12; - } -} - -.media { - margin-top: -64px; - grid-column: 1 / -1; - - @media (--medium-up) { - grid-column: 1 / 7; - } -} - -.content { - grid-column: 1 / -1; - - @media (--medium-up) { - padding-top: 64px; - grid-column: 8 / -1; - } -} - -.eyebrow { - display: flex; - align-items: center; -} - -.eyebrowLogo { - display: flex; - max-width: 120px; -} - -.eyebrowLabel { - padding-top: 8px; - padding-bottom: 8px; - padding-left: 12px; - margin-left: 12px; - border-left: 1px solid var(--gray-5); - align-self: center; - composes: g-type-label-small-strong from global; -} - -.heading { - margin: 32px 0 24px; - composes: g-type-display-2 from global; -} - -.description { - margin: 0; - composes: g-type-body from global; -} - -.cta { - margin-top: 32px; -} - -.stats { - --columns: 1; - - list-style: none; - margin: 64px 0 0; - padding: 0; - display: grid; - grid-template-columns: repeat(var(--columns), minmax(0, 1fr)); - gap: 32px; - - @media (--medium-up) { - --columns: 12; - - margin-top: 132px; - } - - & > li { - border-top: 1px solid var(--gray-2); - grid-column: span 4; - } -} - -.value { - margin: 0; - padding-top: 32px; - font-family: var(--font-display); - font-size: 50px; - font-weight: 700; - line-height: 1; - - @media (--large) { - font-size: 80px; - } -} - -.key { - margin: 12px 0 0; - composes: g-type-display-4 from global; - color: var(--gray-3); -} diff --git a/website/components/io-usecase-hero/index.tsx b/website/components/io-usecase-hero/index.tsx deleted file mode 100644 index 4838678e8..000000000 --- a/website/components/io-usecase-hero/index.tsx +++ /dev/null @@ -1,41 +0,0 @@ -import * as React from 'react' -import Image from 'next/image' -import s from './style.module.css' - -interface IoUsecaseHeroProps { - eyebrow: string - heading: string - description: string - pattern?: string -} - -export default function IoUsecaseHero({ - eyebrow, - heading, - description, - pattern, -}: IoUsecaseHeroProps): React.ReactElement { - return ( -
      -
      -
      - {pattern ? ( - - ) : null} -
      -
      -

      {eyebrow}

      -

      {heading}

      -

      {description}

      -
      -
      -
      - ) -} diff --git a/website/components/io-usecase-hero/pattern.svg b/website/components/io-usecase-hero/pattern.svg deleted file mode 100644 index f4b1ef3af..000000000 --- a/website/components/io-usecase-hero/pattern.svg +++ /dev/null @@ -1 +0,0 @@ - \ No newline at end of file diff --git a/website/components/io-usecase-hero/style.module.css b/website/components/io-usecase-hero/style.module.css deleted file mode 100644 index 5fd729c8e..000000000 --- a/website/components/io-usecase-hero/style.module.css +++ /dev/null @@ -1,83 +0,0 @@ -.hero { - position: relative; - max-width: 1600px; - margin-right: auto; - margin-left: auto; - - &::before { - content: ''; - position: absolute; - top: 0; - left: 0; - right: 0; - bottom: 0; - background-image: radial-gradient( - 95.97% 95.97% at 50% 100%, - #f2f2f3 0%, - rgba(242, 242, 243, 0) 100% - ); - - @media (--medium-up) { - border-radius: 6px; - left: 24px; - right: 24px; - } - } -} - -.container { - @media (--medium-up) { - display: grid; - grid-template-columns: 1fr max-content 1fr; - gap: 32px; - } -} - -.pattern { - margin-left: 24px; - transform: translateY(24px); - position: relative; - display: flex; - flex-direction: column; - justify-content: flex-end; - - @media (--small) { - display: none; - } - - @media (--medium) { - & > * { - display: none !important; - } - } -} - -.content { - position: relative; - max-width: 520px; - width: 100%; - margin-right: auto; - margin-left: auto; - padding: 64px 24px; - - @media (--medium-up) { - padding-top: 132px; - padding-bottom: 132px; - } -} - -.eyebrow { - margin: 0; - composes: g-type-label-strong from global; -} - -.heading { - margin: 24px 0; - composes: g-type-display-1 from global; -} - -.description { - margin: 0; - composes: g-type-body-large from global; - color: var(--gray-2); -} diff --git a/website/components/io-usecase-section/index.tsx b/website/components/io-usecase-section/index.tsx deleted file mode 100644 index 11ed7917f..000000000 --- a/website/components/io-usecase-section/index.tsx +++ /dev/null @@ -1,81 +0,0 @@ -import * as React from 'react' -import { Products } from '@hashicorp/platform-product-meta' -import classNames from 'classnames' -import Image from 'next/image' -import Button from '@hashicorp/react-button' -import s from './style.module.css' - -interface IoUsecaseSectionProps { - brand?: Products | 'neutral' - bottomIsFlush?: boolean - eyebrow: string - heading: string - description: string - media?: { - src: string - width: string - height: string - alt: string - } - cta?: { - text: string - link: string - } -} - -export default function IoUsecaseSection({ - brand = 'neutral', - bottomIsFlush = false, - eyebrow, - heading, - description, - media, - cta, -}: IoUsecaseSectionProps): React.ReactElement { - return ( -
      -
      -

      {eyebrow}

      -
      -
      -

      {heading}

      - {media?.src ? ( -
      - ) : null} - {cta?.link && cta?.text ? ( -
      -
      - ) : null} -
      -
      - {media?.src ? ( - // eslint-disable-next-line jsx-a11y/alt-text - - ) : ( -
      - )} -
      -
      -
      -
      - ) -} diff --git a/website/components/io-usecase-section/style.module.css b/website/components/io-usecase-section/style.module.css deleted file mode 100644 index a2b56d1f5..000000000 --- a/website/components/io-usecase-section/style.module.css +++ /dev/null @@ -1,106 +0,0 @@ -.section { - position: relative; - max-width: 1600px; - margin-right: auto; - margin-left: auto; - padding-top: 64px; - padding-bottom: 64px; - - @media (--medium-up) { - padding-top: 132px; - padding-bottom: 132px; - } - - & + .section { - padding-bottom: 132px; - - &::before { - content: ''; - position: absolute; - top: 0; - left: 0; - right: 0; - bottom: 0; - background-color: var(--gray-6); - opacity: 0.4; - - @media (--medium-up) { - border-radius: 6px; - left: 24px; - right: 24px; - } - } - } - - &.isFlush { - padding-bottom: 96px; - - @media (--medium-up) { - padding-bottom: 164px; - } - - &::before { - border-bottom-left-radius: 0; - border-bottom-right-radius: 0; - } - } -} - -.container { - composes: g-grid-container from global; -} - -.columns { - --columns: 1; - - display: grid; - grid-template-columns: repeat(var(--columns), minmax(0, 1fr)); - gap: 32px; - - @media (--medium-up) { - --columns: 12; - } -} - -.column { - &:nth-child(1) { - @media (--medium-up) { - grid-column: 1 / 7; - } - } - - &:nth-child(2) { - @media (--medium-up) { - grid-column: 8 / -1; - padding-top: 16px; - } - } -} - -.eyebrow { - margin: 0; - composes: g-type-display-5 from global; -} - -.heading { - margin: 16px 0 32px; - padding-bottom: 32px; - composes: g-type-display-3 from global; - border-bottom: 1px solid var(--black); -} - -.description { - composes: g-type-body from global; - - & > p { - margin: 0; - - & + p { - margin-top: 16px; - } - } -} - -.cta { - margin-top: 32px; -} diff --git a/website/components/io-video-callout/index.tsx b/website/components/io-video-callout/index.tsx deleted file mode 100644 index 7889348d8..000000000 --- a/website/components/io-video-callout/index.tsx +++ /dev/null @@ -1,80 +0,0 @@ -import * as React from 'react' -import Image from 'next/image' -import ReactPlayer from 'react-player' -import VisuallyHidden from '@reach/visually-hidden' -import IoDialog from 'components/io-dialog' -import PlayIcon from './play-icon' -import s from './style.module.css' - -export interface IoHomeVideoCalloutProps { - youtubeId: string - thumbnail: string - heading: string - description: string - person: { - avatar: string - name: string - description: string - } -} - -export default function IoVideoCallout({ - youtubeId, - thumbnail, - heading, - description, - person, -}: IoHomeVideoCalloutProps): React.ReactElement { - const [showDialog, setShowDialog] = React.useState(false) - const showVideo = () => setShowDialog(true) - const hideVideo = () => setShowDialog(false) - return ( - <> -
      - -
      -

      {heading}

      -

      {description}

      - {person && ( -
      - {person.avatar ? ( -
      - {`${person.name} -
      - ) : null} -
      -

      {person.name}

      -

      {person.description}

      -
      -
      - )} -
      -
      - -

      {heading}

      -
      - -
      -       - - ) -} diff --git a/website/components/io-video-callout/play-icon.tsx b/website/components/io-video-callout/play-icon.tsx deleted file mode 100644 index 37395ba2b..000000000 --- a/website/components/io-video-callout/play-icon.tsx +++ /dev/null @@ -1,23 +0,0 @@ -import * as React from 'react' - -export default function PlayIcon(): React.ReactElement { - return ( - - - - - ) -} diff --git a/website/components/io-video-callout/style.module.css b/website/components/io-video-callout/style.module.css deleted file mode 100644 index 815601ff0..000000000 --- a/website/components/io-video-callout/style.module.css +++ /dev/null @@ -1,128 +0,0 @@ -.videoCallout { - --columns: 1; - - margin: 0; - display: grid; - grid-template-columns: repeat(var(--columns), minmax(0, 1fr)); - gap: 32px; - background-color: var(--black); - border-radius: 6px; - overflow: hidden; - - @media (--medium-up) { - --columns: 12; - } -} - -.thumbnail { - position: relative; - display: grid; - place-items: center; - grid-column: 1 / -1; - background-color: transparent; - border: 0; - cursor: pointer; - padding: 96px 32px; - min-height: 300px; - - @media (--medium-up) { - grid-column: 1 / 7; - } - - @media (--large) { - grid-column: 1 / 9; - } - - & > svg { - position: absolute; - top: 50%; - left: 50%; - transform: translate(-50%, -50%); - z-index: 1; - - @media (--small) { - width: 52px; - height: 52px; - } - } - - &::after { - content: ''; - position: absolute; - top: 0; - left: 0; - width: 100%; - height: 100%; - background-color: #000; - opacity: 0.45; - transition: opacity ease-in-out 0.2s; - } - - &:hover::after { - opacity: 0.2; - } -} - -.content { - padding: 32px; - grid-column: 1 / -1; - - @media (--medium-up) { - padding: 80px 32px; - grid-column: 7 / -1; - } - - @media (--large) { - grid-column: 9 / -1; - } -} - -.heading { - margin: 0; - composes: g-type-display-4 from global; - color: var(--white); -} - -.description { - margin: 8px 0 0; - composes: g-type-body-small from global; - color: var(--white); -} - -.person { - margin-top: 64px; - display: flex; - align-items: center; - gap: 16px; -} - -.personThumbnail { - display: flex; - border-radius: 9999px; - overflow: hidden; -} - -.personName { - margin: 0; - composes: g-type-body-strong from global; - color: var(--white); -} - -.personDescription { - margin: 4px 0 0; - composes: g-type-label-strong from global; - color: var(--gray-3); -} - -.videoHeading { - margin-top: 0; - margin-bottom: 32px; - padding-right: 100px; - composes: g-type-display-4 from global; -} - -.video { - position: relative; - background-color: var(--gray-2); - aspect-ratio: 16 / 9; -} diff --git a/website/components/mini-cta/index.jsx b/website/components/mini-cta/index.jsx deleted file mode 100644 index 02d5faff3..000000000 --- a/website/components/mini-cta/index.jsx +++ /dev/null @@ -1,23 +0,0 @@ -import Button from '@hashicorp/react-button' - -export default function MiniCTA({ title, description, link }) { - return ( -
      -
      -
      -
      {title}
      - {description &&

      {description}

      } -
      -
      - ) -} diff --git a/website/components/mini-cta/style.css b/website/components/mini-cta/style.css deleted file mode 100644 index 8f76813ac..000000000 --- a/website/components/mini-cta/style.css +++ /dev/null @@ -1,36 +0,0 @@ -.g-mini-cta { - background: var(--gray-6); - text-align: center; - padding-bottom: 64px; - padding-top: 48px; - - & hr { - width: 64px; - color: var(--gray-4); - margin: 0 auto 64px auto; - - @media (max-width: 800px) { - margin: 0 auto 24px auto; - } - } - - & h5 { - margin: 0; - margin-bottom: 14px; - } - - & p { - margin: 0; - margin-bottom: 24px; - - @media (max-width: 800px) { - margin-bottom: 16px; - } - } - - & .g-btn { - & span { - font-weight: 500; - } - } -} diff --git a/website/components/prefooter-cta/index.jsx b/website/components/prefooter-cta/index.jsx deleted file mode 100644 index 618058728..000000000 --- a/website/components/prefooter-cta/index.jsx +++ /dev/null @@ -1,25 +0,0 @@ -import CallToAction from '@hashicorp/react-call-to-action' - -export default function PrefooterCTA() { - return ( - - ) -} diff --git a/website/components/side-by-side/index.tsx b/website/components/side-by-side/index.tsx deleted file mode 100644 index c1a29b0ff..000000000 --- a/website/components/side-by-side/index.tsx +++ /dev/null @@ -1,21 +0,0 @@ -import { ReactNode } from 'react' -import classNames from 'classnames' -import s from './style.module.css' - -interface SideBySideProps { - left: ReactNode - right: ReactNode -} - -export default function SideBySide({ left, right }: SideBySideProps) { - return ( -
      -
      -
      {left}
      -
      -
      -
      {right}
      -
      -
      - ) -} diff --git a/website/components/side-by-side/style.module.css b/website/components/side-by-side/style.module.css deleted file mode 100644 index 683a7de24..000000000 --- a/website/components/side-by-side/style.module.css +++ /dev/null @@ -1,61 +0,0 @@ -.sideBySide { - display: flex; - flex-wrap: wrap; - - @media (--large) { - flex-wrap: nowrap; - } - - & .sideWrapper { - padding: 105px 0; - width: 100%; - - @media (--large) { - width: 50%; - padding-bottom: 176px; - } - - &.leftSide { - background: var(--consul-secondary); - - @media (--large) { - padding-left: 48px; - padding-right: 104px; - } - } - - &.rightSide { - @media (--large) { - padding-right: 48px; - padding-left: 75px; - } - } - - & .side { - margin: 0 auto; - - @media (--small) { - max-width: 616px; - padding-left: 24px; - padding-right: 24px; - } - - @media (--medium) { - max-width: 944px; - padding-left: 40px; - padding-right: 40px; - } - - @media (--large) { - margin: 0; - max-width: 490px; - } - } - - &:first-child .side { - @media (--large) { - float: right; - } - } - } -} diff --git a/website/components/static-dynamic-diagram/before-after-diagram.jsx b/website/components/static-dynamic-diagram/before-after-diagram.jsx deleted file mode 100644 index c81124ed4..000000000 --- a/website/components/static-dynamic-diagram/before-after-diagram.jsx +++ /dev/null @@ -1,80 +0,0 @@ -import Image from '@hashicorp/react-image' -import InlineSvg from '@hashicorp/react-inline-svg' -import alertIcon from 'public/img/static-dynamic-diagram/alert.svg?include' -import checkIcon from 'public/img/static-dynamic-diagram/check.svg?include' -import s from './before-after-diagram.module.css' - -export default function BeforeAfterDiagram({ - beforeHeadline, - beforeContent, - beforeImage, - afterHeadline, - afterContent, - afterImage, -}) { - return ( -
      -
      -
      -
      - -
      -
      -
      - - - - -
      - {beforeHeadline && ( -

      - )} - {beforeContent && ( -
      - )} -
      -

      -
      -
      -
      -
      - -
      -
      -
      - - - -
      - {afterHeadline && ( -

      - )} - {afterContent && ( -
      - )} -
      -

      -
      -
      - ) -} diff --git a/website/components/static-dynamic-diagram/before-after-diagram.module.css b/website/components/static-dynamic-diagram/before-after-diagram.module.css deleted file mode 100644 index 49796a3c2..000000000 --- a/website/components/static-dynamic-diagram/before-after-diagram.module.css +++ /dev/null @@ -1,351 +0,0 @@ -.beforeAfterDiagram { - /* CSS custom properties to control theming */ - --product-color: var(--black); - --gray-6-transparent: rgba(210, 212, 219, 0); - --after-bullet-background: url('/img/static-dynamic-diagram/check-square.svg'); - --after-bullet-height: 18px; - - display: flex; - flex-wrap: wrap; - margin: 0 -16px; - position: relative; - - @media (max-width: 1023px) { - margin-left: -12px; - margin-right: -12px; - } - - @media (max-width: 767px) { - flex-direction: column; - margin-left: 40px; - margin-right: 0; - } - - --after-bullet-background: url('/img/static-dynamic-diagram/check-square-consul.svg'); - --after-bullet-height: 19px; -} - -/* Before and after columns */ - -.side { - display: flex; - flex-direction: column; - margin: 0 16px; - position: relative; - width: calc(50% - 32px); - - @media (max-width: 1023px) { - margin: 0 12px; - width: calc(50% - 24px); - } - - @media (max-width: 767px) { - margin: 0; - width: 100%; - } -} - -.beforeSide { - composes: side; - @media (max-width: 767px) { - margin-bottom: 62px; - } -} - -.afterSide { - composes: side; -} - -/* Diagram images */ - -.image { - align-items: flex-end; - display: flex; - height: 320px; - justify-content: center; - margin-bottom: 96px; - - @media (max-width: 767px) { - margin-bottom: 40px; - } - - @media (max-width: 640px) { - height: 284px; - } - - @media (max-width: 540px) { - height: 238px; - } - - @media (max-width: 480px) { - height: 211px; - } - - @media (max-width: 375px) { - height: 163px; - } - - & div { - height: 100%; - text-align: center; - width: 100%; - } - - & picture { - height: 100%; - } - & img, - & svg { - height: 100%; - max-width: 100%; - object-fit: contain; - } - - @media (--medium-up) { - height: unset; - - & div { - height: unset; - } - - & picture { - height: unset; - } - & img, - & svg { - height: unset; - } - } -} - -/* icon / line container above content */ - -.iconLineContainer { - padding: 0; - position: absolute; - right: 0; - top: -75px; - width: 100%; - - @media (max-width: 767px) { - height: 100%; - left: -28px; - right: auto; - top: 28px; - width: auto; - } -} - -/* Line segment above content (before side only) */ - -.lineSegment { - background: black; - display: block; - height: 2px; - left: calc(50% + 30px); - position: absolute; - top: 12px; - width: calc(100% - 24px); - - @media (max-width: 767px) { - height: calc(100% + 375px); - left: auto; - top: 38px; - width: 2px; - } - - @media (max-width: 640px) { - height: calc(100% + 339px); - } - - @media (max-width: 540px) { - height: calc(100% + 293px); - } - - @media (max-width: 480px) { - height: calc(100% + 266px); - } - - @media (max-width: 375px) { - height: calc(100% + 218px); - } - - &::before { - border-radius: 100%; - border-style: solid; - border-width: 5.5px 0 5.5px 8px; - border-width: 2px; - content: ''; - height: 8px; - left: -8px; - position: absolute; - top: -3px; - width: 8px; - - @media (max-width: 767px) { - left: -3px; - top: -8px; - } - } - - &::after { - border-color: transparent transparent transparent var(--product-color); - border-style: solid; - border-width: 6px 0 6px 8px; - content: ''; - height: 0; - position: absolute; - right: -8px; - top: -5px; - width: 0; - - @media (max-width: 767px) { - bottom: -8px; - right: -4px; - top: auto; - transform: rotate(90deg); - } - } -} - -/* Icon above each content container */ - -.contentIcon { - & svg { - left: 50%; - margin: 0 0 0 -11px; - position: absolute; - } -} - -.beforeIcon { - composes: contentIcon; -} - -.afterIcon { - composes: contentIcon; - & svg path:first-child { - fill: var(--product-color); - stroke: var(--product-color); - } -} - -/* Content container */ - -.contentContainer { - border: 1px solid var(--gray-5); - flex-grow: 1; - padding: 24px 32px 20px; - position: relative; - - @media (max-width: 1023px) { - padding-left: 24px; - padding-right: 24px; - } - - @media (max-width: 767px) { - padding-left: 20px; - padding-right: 20px; - } - - &::before, - &::after { - border: solid transparent; - bottom: 100%; - content: ''; - height: 0; - left: 50%; - pointer-events: none; - position: absolute; - width: 0; - } - - &::before { - border-color: rgba(229, 230, 235, 0); - border-bottom-color: var(--gray-5); - border-width: 18px; - margin-left: -18px; - } - - &::after { - border-color: rgba(255, 255, 255, 0); - border-bottom-color: var(--white); - border-width: 17px; - margin-left: -17px; - } - - & > div { - height: 100%; - - & > div { - @media (min-width: 768px) { - margin: 0 auto; - max-width: 480px; - } - } - } -} - -/* Content headline */ - -.contentHeadline { - border-bottom: 1px solid var(--gray-5); - color: var(--black); - composes: g-type-display-3 from global; - margin: 0 0 24px; - padding-bottom: 24px; - text-align: center; -} - -/* Content styles (for rendered markdown) */ - -.content { - & :global(.__permalink-h) { - display: none; - } - - & :global(.g-type-label) { - margin: 24px 0 26px 0; - } - - & ul, - & ol { - list-style: none; - padding-left: 32px; - position: relative; - } - - & li { - margin: 8px 0; - - &::before { - background-repeat: no-repeat; - content: ''; - left: 0; - position: absolute; - } - } -} - -.beforeContent { - composes: content; - - & li::before { - background: url('/img/static-dynamic-diagram/alert-check.svg'); - background-repeat: no-repeat; - height: var(--after-bullet-height); - margin-top: 3px; - width: 20px; - } -} - -.afterContent { - composes: content; - - & li::before { - background: var(--after-bullet-background); - height: var(--after-bullet-height); - margin-top: 4px; - width: 18px; - } -} diff --git a/website/components/static-dynamic-diagram/index.tsx b/website/components/static-dynamic-diagram/index.tsx deleted file mode 100644 index 9b5cf3fad..000000000 --- a/website/components/static-dynamic-diagram/index.tsx +++ /dev/null @@ -1,28 +0,0 @@ -import BeforeAfterDiagram from './before-after-diagram' -import s from './style.module.css' - -export default function StaticDynamicDiagram({ - heading, - description, - diagrams, -}) { - return ( -
      -
      -

      {heading}

      - {description &&

      {description}

      } -
      - -
      - ) -} diff --git a/website/components/static-dynamic-diagram/style.module.css b/website/components/static-dynamic-diagram/style.module.css deleted file mode 100644 index 2b1a7ff2d..000000000 --- a/website/components/static-dynamic-diagram/style.module.css +++ /dev/null @@ -1,19 +0,0 @@ -.staticDynamic { - composes: g-grid-container from global; - display: grid; - grid-gap: 64px; - justify-items: center; -} - -.content { - max-width: 784px; - text-align: center; -} -.description { - composes: g-type-body-large from global; - color: var(--gray-2); -} -.heading { - composes: g-type-display-2 from global; - margin: 0; -} diff --git a/website/components/subnav/index.jsx b/website/components/subnav/index.jsx deleted file mode 100644 index 4a70b89c1..000000000 --- a/website/components/subnav/index.jsx +++ /dev/null @@ -1,38 +0,0 @@ -import Subnav from '@hashicorp/react-subnav' -import { useRouter } from 'next/router' -import s from './style.module.css' - -export default function ConsulSubnav({ menuItems }) { - const router = useRouter() - return ( - - ) -} diff --git a/website/components/subnav/style.module.css b/website/components/subnav/style.module.css deleted file mode 100644 index 5cb3cbccd..000000000 --- a/website/components/subnav/style.module.css +++ /dev/null @@ -1,3 +0,0 @@ -.subnav { - border-top: 1px solid transparent; -} diff --git a/website/components/use-cases-layout/index.jsx b/website/components/use-cases-layout/index.jsx deleted file mode 100644 index 245910711..000000000 --- a/website/components/use-cases-layout/index.jsx +++ /dev/null @@ -1,47 +0,0 @@ -import BasicHero from 'components/basic-hero' -import PrefooterCTA from 'components/prefooter-cta' -import ConsulEnterpriseComparison from 'components/enterprise-comparison/consul' -import Head from 'next/head' -import HashiHead from '@hashicorp/react-head' - -export default function UseCaseLayout({ - title, - description, - guideLink, - children, -}) { - const pageTitle = `Consul ${title}` - return ( - <> - - - - -
      - -
      -

      Features

      -
      - {children} - - -
      - - ) -} diff --git a/website/components/use-cases-layout/style.css b/website/components/use-cases-layout/style.css deleted file mode 100644 index e51ec7e4c..000000000 --- a/website/components/use-cases-layout/style.css +++ /dev/null @@ -1,30 +0,0 @@ -#p-use-case { - & .features-header { - text-align: center; - margin-bottom: 0; - } - - /* Overriding the g-text-split component to have - * a header size closer to a h3 than a h2, as within - * the context of this page this text-split is more deeply - * nested within the page than we normally have it. - * */ - & .g-text-split { - & h2 { - font-size: 1.5rem; - letter-spacing: -0.004em; - line-height: 1.375em; - - @media (--medium-up) { - font-size: 1.75rem; - line-height: 1.321em; - } - - @media (--large) { - font-size: 2rem; - letter-spacing: -0.006em; - line-height: 1.313em; - } - } - } -} diff --git a/website/data/alert-banner.js b/website/data/alert-banner.js deleted file mode 100644 index 6fe988794..000000000 --- a/website/data/alert-banner.js +++ /dev/null @@ -1,13 +0,0 @@ -export const ALERT_BANNER_ACTIVE = false - -// https://github.com/hashicorp/web-components/tree/master/packages/alert-banner -export default { - tag: 'Blog post', - url: 'https://www.hashicorp.com/blog/a-new-chapter-for-hashicorp', - text: - 'HashiCorp shares have begun trading on the Nasdaq. Read the blog from our founders, Mitchell Hashimoto and Armon Dadgar.', - linkText: 'Read the post', - // Set the expirationDate prop with a datetime string (e.g. '2020-01-31T12:00:00-07:00') - // if you'd like the component to stop showing at or after a certain date - expirationDate: '2021-12-17T23:00:00-07:00', -} diff --git a/website/data/metadata.js b/website/data/metadata.js deleted file mode 100644 index 646d7fcec..000000000 --- a/website/data/metadata.js +++ /dev/null @@ -1,2 +0,0 @@ -export const productName = 'Consul' -export const productSlug = 'consul' diff --git a/website/data/version.js b/website/data/version.js deleted file mode 100644 index a5beaddf6..000000000 --- a/website/data/version.js +++ /dev/null @@ -1 +0,0 @@ -export default '1.11.5' diff --git a/website/layouts/standard/index.tsx b/website/layouts/standard/index.tsx deleted file mode 100644 index 38bb3f8c5..000000000 --- a/website/layouts/standard/index.tsx +++ /dev/null @@ -1,76 +0,0 @@ -import query from './query.graphql' -import ProductSubnav from 'components/subnav' -import Footer from 'components/footer' -import { open } from '@hashicorp/react-consent-manager' - -export default function StandardLayout(props: Props): React.ReactElement { - const { useCaseNavItems } = props.data - - return ( - <> - { - return { - text: item.text, - url: `/use-cases/${item.url}`, - } - }), - ].sort((a, b) => a.text.localeCompare(b.text)), - }, - { - text: 'Enterprise', - url: - 'https://www.hashicorp.com/products/consul/?utm_source=oss&utm_medium=header-nav&utm_campaign=consul', - type: 'outbound', - }, - 'divider', - { - text: 'Tutorials', - url: 'https://learn.hashicorp.com/consul', - type: 'outbound', - }, - { - text: 'Docs', - url: '/docs', - type: 'inbound', - }, - { - text: 'API', - url: '/api-docs', - type: 'inbound', - }, - { - text: 'CLI', - url: '/commands', - type: 'inbound,', - }, - { - text: 'Community', - url: '/community', - type: 'inbound', - }, - ]} - /> - {props.children} -
      - - ) -} - -StandardLayout.rivetParams = { - query, - dependencies: [], -} - -interface Props { - children: React.ReactChildren - data: { - useCaseNavItems: Array<{ url: string; text: string }> - } -} diff --git a/website/layouts/standard/query.graphql b/website/layouts/standard/query.graphql deleted file mode 100644 index 6b691e52c..000000000 --- a/website/layouts/standard/query.graphql +++ /dev/null @@ -1,6 +0,0 @@ -query UseCasesQuery { - useCaseNavItems: allConsulUseCases { - url: slug - text: heroHeading - } -} diff --git a/website/lib/consent-manager-services/index.ts b/website/lib/consent-manager-services/index.ts deleted file mode 100644 index ac1232983..000000000 --- a/website/lib/consent-manager-services/index.ts +++ /dev/null @@ -1,14 +0,0 @@ -import { ConsentManagerService } from '@hashicorp/react-consent-manager/types' - -const localConsentManagerServices: ConsentManagerService[] = [ - { - name: 'Demandbase Tag', - description: - 'The Demandbase tag is a tracking service to identify website visitors and measure interest on our website.', - category: 'Analytics', - url: 'https://tag.demandbase.com/960ab0a0f20fb102.min.js', - async: true, - }, -] - -export default localConsentManagerServices diff --git a/website/lib/utils.ts b/website/lib/utils.ts deleted file mode 100644 index aa47f2718..000000000 --- a/website/lib/utils.ts +++ /dev/null @@ -1,11 +0,0 @@ -export const isInternalLink = (link: string): boolean => { - if ( - link.startsWith('/') || - link.startsWith('#') || - link.startsWith('https://consul.io') || - link.startsWith('https://www.consul.io') - ) { - return true - } - return false -} diff --git a/website/package-lock.json b/website/package-lock.json index 9be17cbe7..ec5efe7b6 100644 --- a/website/package-lock.json +++ b/website/package-lock.json @@ -7,191 +7,21 @@ "": { "name": "consul-docs", "version": "0.0.1", - "dependencies": { - "@hashicorp/flight-icons": "^1.3.0", - "@hashicorp/mktg-global-styles": "^4.0.0", - "@hashicorp/mktg-logos": "^1.2.0", - "@hashicorp/platform-analytics": "^0.2.0", - "@hashicorp/platform-cms": "^0.3.0", - "@hashicorp/platform-code-highlighting": "^0.1.2", - "@hashicorp/platform-runtime-error-monitoring": "^0.1.0", - "@hashicorp/platform-util": "^0.1.0", - "@hashicorp/react-alert": "^6.0.1", - "@hashicorp/react-alert-banner": "^7.0.1", - "@hashicorp/react-button": "^6.0.1", - "@hashicorp/react-call-to-action": "^4.0.0", - "@hashicorp/react-callouts": "^8.0.1", - "@hashicorp/react-code-block": "^4.1.5", - "@hashicorp/react-consent-manager": "^7.1.0", - "@hashicorp/react-content": "^8.2.0", - "@hashicorp/react-docs-page": "^14.14.0", - "@hashicorp/react-enterprise-alert": "^6.0.1", - "@hashicorp/react-featured-slider": "^5.0.1", - "@hashicorp/react-hashi-stack-menu": "^2.1.2", - "@hashicorp/react-head": "^3.1.2", - "@hashicorp/react-hero": "^8.0.2", - "@hashicorp/react-image": "^4.0.3", - "@hashicorp/react-inline-svg": "^6.0.3", - "@hashicorp/react-learn-callout": "^2.0.1", - "@hashicorp/react-markdown-page": "^1.4.3", - "@hashicorp/react-product-downloads-page": "^2.7.0", - "@hashicorp/react-product-features-list": "^5.0.0", - "@hashicorp/react-search": "^6.1.1", - "@hashicorp/react-section-header": "^5.0.4", - "@hashicorp/react-stepped-feature-list": "^4.0.3", - "@hashicorp/react-subnav": "^9.3.2", - "@hashicorp/react-tabs": "^7.0.1", - "@hashicorp/react-text-split": "^4.0.0", - "@hashicorp/react-text-split-with-code": "^3.3.8", - "@hashicorp/react-text-split-with-image": "^4.2.5", - "@hashicorp/react-use-cases": "^5.0.0", - "@hashicorp/react-vertical-text-block-list": "^7.0.0", - "@reach/dialog": "^0.16.2", - "ci": "^2.1.1", - "framer-motion": "^5.3.3", - "next": "^11.1.2", - "next-mdx-remote": "3.0.1", - "next-remote-watch": "1.0.0", - "nuka-carousel": "4.7.7", - "react": "^17.0.2", - "react-datocms": "^1.6.6", - "react-device-detect": "1.17.0", - "react-dom": "^17.0.2", - "react-player": "^2.9.0" - }, "devDependencies": { "@hashicorp/platform-cli": "^1.2.0", - "@hashicorp/platform-nextjs-plugin": "^1.0.1", - "@hashicorp/platform-types": "^0.1.1", - "@types/react": "^17.0.3", "dart-linkcheck": "2.0.15", - "husky": "4.3.7", - "prettier": "2.2.1", - "typescript": "^4.3.5" + "husky": "4.3.8", + "prettier": "2.2.1" }, "engines": { "npm": ">=7.0.0" } }, - "node_modules/@algolia/cache-browser-local-storage": { - "version": "4.10.5", - "resolved": "https://registry.npmjs.org/@algolia/cache-browser-local-storage/-/cache-browser-local-storage-4.10.5.tgz", - "integrity": "sha512-cfX2rEKOtuuljcGI5DMDHClwZHdDqd2nT2Ohsc8aHtBiz6bUxKVyIqxr2gaC6tU8AgPtrTVBzcxCA+UavXpKww==", - "dependencies": { - "@algolia/cache-common": "4.10.5" - } - }, - "node_modules/@algolia/cache-common": { - "version": "4.10.5", - "resolved": "https://registry.npmjs.org/@algolia/cache-common/-/cache-common-4.10.5.tgz", - "integrity": "sha512-1mClwdmTHll+OnHkG+yeRoFM17kSxDs4qXkjf6rNZhoZGXDvfYLy3YcZ1FX4Kyz0DJv8aroq5RYGBDsWkHj6Tw==" - }, - "node_modules/@algolia/cache-in-memory": { - "version": "4.10.5", - "resolved": "https://registry.npmjs.org/@algolia/cache-in-memory/-/cache-in-memory-4.10.5.tgz", - "integrity": "sha512-+ciQnfIGi5wjMk02XhEY8fmy2pzy+oY1nIIfu8LBOglaSipCRAtjk6WhHc7/KIbXPiYzIwuDbM2K1+YOwSGjwA==", - "dependencies": { - "@algolia/cache-common": "4.10.5" - } - }, - "node_modules/@algolia/client-account": { - "version": "4.10.5", - "resolved": "https://registry.npmjs.org/@algolia/client-account/-/client-account-4.10.5.tgz", - "integrity": "sha512-I9UkSS2glXm7RBZYZIALjBMmXSQbw/fI/djPcBHxiwXIheNIlqIFl2SNPkvihpPF979BSkzjqdJNRPhE1vku3Q==", - "dependencies": { - "@algolia/client-common": "4.10.5", - "@algolia/client-search": "4.10.5", - "@algolia/transporter": "4.10.5" - } - }, - "node_modules/@algolia/client-analytics": { - "version": "4.10.5", - "resolved": "https://registry.npmjs.org/@algolia/client-analytics/-/client-analytics-4.10.5.tgz", - "integrity": "sha512-h2owwJSkovPxzc+xIsjY1pMl0gj+jdVwP9rcnGjlaTY2fqHbSLrR9yvGyyr6305LvTppxsQnfAbRdE/5Z3eFxw==", - "dependencies": { - "@algolia/client-common": "4.10.5", - "@algolia/client-search": "4.10.5", - "@algolia/requester-common": "4.10.5", - "@algolia/transporter": "4.10.5" - } - }, - "node_modules/@algolia/client-common": { - "version": "4.10.5", - "resolved": "https://registry.npmjs.org/@algolia/client-common/-/client-common-4.10.5.tgz", - "integrity": "sha512-21FAvIai5qm8DVmZHm2Gp4LssQ/a0nWwMchAx+1hIRj1TX7OcdW6oZDPyZ8asQdvTtK7rStQrRnD8a95SCUnzA==", - "dependencies": { - "@algolia/requester-common": "4.10.5", - "@algolia/transporter": "4.10.5" - } - }, - "node_modules/@algolia/client-personalization": { - "version": "4.10.5", - "resolved": "https://registry.npmjs.org/@algolia/client-personalization/-/client-personalization-4.10.5.tgz", - "integrity": "sha512-nH+IyFKBi8tCyzGOanJTbXC5t4dspSovX3+ABfmwKWUYllYzmiQNFUadpb3qo+MLA3jFx5IwBesjneN6dD5o3w==", - "dependencies": { - "@algolia/client-common": "4.10.5", - "@algolia/requester-common": "4.10.5", - "@algolia/transporter": "4.10.5" - } - }, - "node_modules/@algolia/client-search": { - "version": "4.10.5", - "resolved": "https://registry.npmjs.org/@algolia/client-search/-/client-search-4.10.5.tgz", - "integrity": "sha512-1eQFMz9uodrc5OM+9HeT+hHcfR1E1AsgFWXwyJ9Q3xejA2c1c4eObGgOgC9ZoshuHHdptaTN1m3rexqAxXRDBg==", - "dependencies": { - "@algolia/client-common": "4.10.5", - "@algolia/requester-common": "4.10.5", - "@algolia/transporter": "4.10.5" - } - }, - "node_modules/@algolia/logger-common": { - "version": "4.10.5", - "resolved": "https://registry.npmjs.org/@algolia/logger-common/-/logger-common-4.10.5.tgz", - "integrity": "sha512-gRJo9zt1UYP4k3woEmZm4iuEBIQd/FrArIsjzsL/b+ihNoOqIxZKTSuGFU4UUZOEhvmxDReiA4gzvQXG+TMTmA==" - }, - "node_modules/@algolia/logger-console": { - "version": "4.10.5", - "resolved": "https://registry.npmjs.org/@algolia/logger-console/-/logger-console-4.10.5.tgz", - "integrity": "sha512-4WfIbn4253EDU12u9UiYvz+QTvAXDv39mKNg9xSoMCjKE5szcQxfcSczw2byc6pYhahOJ9PmxPBfs1doqsdTKQ==", - "dependencies": { - "@algolia/logger-common": "4.10.5" - } - }, - "node_modules/@algolia/requester-browser-xhr": { - "version": "4.10.5", - "resolved": "https://registry.npmjs.org/@algolia/requester-browser-xhr/-/requester-browser-xhr-4.10.5.tgz", - "integrity": "sha512-53/MURQEqtK+bGdfq4ITSPwTh5hnADU99qzvpAINGQveUFNSFGERipJxHjTJjIrjFz3vxj5kKwjtxDnU6ygO9g==", - "dependencies": { - "@algolia/requester-common": "4.10.5" - } - }, - "node_modules/@algolia/requester-common": { - "version": "4.10.5", - "resolved": "https://registry.npmjs.org/@algolia/requester-common/-/requester-common-4.10.5.tgz", - "integrity": "sha512-UkVa1Oyuj6NPiAEt5ZvrbVopEv1m/mKqjs40KLB+dvfZnNcj+9Fry4Oxnt15HMy/HLORXsx4UwcthAvBuOXE9Q==" - }, - "node_modules/@algolia/requester-node-http": { - "version": "4.10.5", - "resolved": "https://registry.npmjs.org/@algolia/requester-node-http/-/requester-node-http-4.10.5.tgz", - "integrity": "sha512-aNEKVKXL4fiiC+bS7yJwAHdxln81ieBwY3tsMCtM4zF9f5KwCzY2OtN4WKEZa5AAADVcghSAUdyjs4AcGUlO5w==", - "dependencies": { - "@algolia/requester-common": "4.10.5" - } - }, - "node_modules/@algolia/transporter": { - "version": "4.10.5", - "resolved": "https://registry.npmjs.org/@algolia/transporter/-/transporter-4.10.5.tgz", - "integrity": "sha512-F8DLkmIlvCoMwSCZA3FKHtmdjH3o5clbt0pi2ktFStVNpC6ZDmY307HcK619bKP5xW6h8sVJhcvrLB775D2cyA==", - "dependencies": { - "@algolia/cache-common": "4.10.5", - "@algolia/logger-common": "4.10.5", - "@algolia/requester-common": "4.10.5" - } - }, "node_modules/@babel/code-frame": { "version": "7.12.13", "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.12.13.tgz", "integrity": "sha512-HV1Cm0Q3ZrpCR93tkWOYiuYIgLxZXZFVG2VgK+MBWjUqZTundupbfx2aXarXuw5Ko5aMcjtJgbSs4vUGBS5v6g==", + "dev": true, "dependencies": { "@babel/highlight": "^7.12.13" } @@ -200,6 +30,7 @@ "version": "7.12.9", "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.12.9.tgz", "integrity": "sha512-gTXYh3M5wb7FRXQy+FErKFAv90BnlOuNn1QkCK2lREoPAjrQCO49+HVSrFoe5uakFAF5eenS75KbO2vQiLrTMQ==", + "dev": true, "dependencies": { "@babel/code-frame": "^7.10.4", "@babel/generator": "^7.12.5", @@ -230,6 +61,7 @@ "version": "5.7.1", "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz", "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==", + "dev": true, "bin": { "semver": "bin/semver" } @@ -238,6 +70,7 @@ "version": "7.14.3", "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.14.3.tgz", "integrity": "sha512-bn0S6flG/j0xtQdz3hsjJ624h3W0r3llttBMfyHX3YrZ/KtLYr15bjA0FXkgW7FpvrDuTuElXeVjiKlYRpnOFA==", + "dev": true, "dependencies": { "@babel/types": "^7.14.2", "jsesc": "^2.5.1", @@ -248,6 +81,7 @@ "version": "7.14.2", "resolved": "https://registry.npmjs.org/@babel/helper-function-name/-/helper-function-name-7.14.2.tgz", "integrity": "sha512-NYZlkZRydxw+YT56IlhIcS8PAhb+FEUiOzuhFTfqDyPmzAhRge6ua0dQYT/Uh0t/EDHq05/i+e5M2d4XvjgarQ==", + "dev": true, "dependencies": { "@babel/helper-get-function-arity": "^7.12.13", "@babel/template": "^7.12.13", @@ -258,6 +92,7 @@ "version": "7.12.13", "resolved": "https://registry.npmjs.org/@babel/helper-get-function-arity/-/helper-get-function-arity-7.12.13.tgz", "integrity": "sha512-DjEVzQNz5LICkzN0REdpD5prGoidvbdYk1BVgRUOINaWJP2t6avB27X1guXK1kXNrX0WMfsrm1A/ZBthYuIMQg==", + "dev": true, "dependencies": { "@babel/types": "^7.12.13" } @@ -266,6 +101,7 @@ "version": "7.13.12", "resolved": "https://registry.npmjs.org/@babel/helper-member-expression-to-functions/-/helper-member-expression-to-functions-7.13.12.tgz", "integrity": "sha512-48ql1CLL59aKbU94Y88Xgb2VFy7a95ykGRbJJaaVv+LX5U8wFpLfiGXJJGUozsmA1oEh/o5Bp60Voq7ACyA/Sw==", + "dev": true, "dependencies": { "@babel/types": "^7.13.12" } @@ -274,6 +110,7 @@ "version": "7.13.12", "resolved": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.13.12.tgz", "integrity": "sha512-4cVvR2/1B693IuOvSI20xqqa/+bl7lqAMR59R4iu39R9aOX8/JoYY1sFaNvUMyMBGnHdwvJgUrzNLoUZxXypxA==", + "dev": true, "dependencies": { "@babel/types": "^7.13.12" } @@ -282,6 +119,7 @@ "version": "7.14.2", "resolved": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.14.2.tgz", "integrity": "sha512-OznJUda/soKXv0XhpvzGWDnml4Qnwp16GN+D/kZIdLsWoHj05kyu8Rm5kXmMef+rVJZ0+4pSGLkeixdqNUATDA==", + "dev": true, "dependencies": { "@babel/helper-module-imports": "^7.13.12", "@babel/helper-replace-supers": "^7.13.12", @@ -297,6 +135,7 @@ "version": "7.12.13", "resolved": "https://registry.npmjs.org/@babel/helper-optimise-call-expression/-/helper-optimise-call-expression-7.12.13.tgz", "integrity": "sha512-BdWQhoVJkp6nVjB7nkFWcn43dkprYauqtk++Py2eaf/GRDFm5BxRqEIZCiHlZUGAVmtwKcsVL1dC68WmzeFmiA==", + "dev": true, "dependencies": { "@babel/types": "^7.12.13" } @@ -305,6 +144,8 @@ "version": "7.14.5", "resolved": "https://registry.npmjs.org/@babel/helper-plugin-utils/-/helper-plugin-utils-7.14.5.tgz", "integrity": "sha512-/37qQCE3K0vvZKwoK4XU/irIJQdIfCJuhU5eKnNxpFDsOkgFaUAwbv+RYw6eYgsC0E4hS7r5KqGULUogqui0fQ==", + "dev": true, + "peer": true, "engines": { "node": ">=6.9.0" } @@ -313,6 +154,7 @@ "version": "7.14.4", "resolved": "https://registry.npmjs.org/@babel/helper-replace-supers/-/helper-replace-supers-7.14.4.tgz", "integrity": "sha512-zZ7uHCWlxfEAAOVDYQpEf/uyi1dmeC7fX4nCf2iz9drnCwi1zvwXL3HwWWNXUQEJ1k23yVn3VbddiI9iJEXaTQ==", + "dev": true, "dependencies": { "@babel/helper-member-expression-to-functions": "^7.13.12", "@babel/helper-optimise-call-expression": "^7.12.13", @@ -324,6 +166,7 @@ "version": "7.13.12", "resolved": "https://registry.npmjs.org/@babel/helper-simple-access/-/helper-simple-access-7.13.12.tgz", "integrity": "sha512-7FEjbrx5SL9cWvXioDbnlYTppcZGuCY6ow3/D5vMggb2Ywgu4dMrpTJX0JdQAIcRRUElOIxF3yEooa9gUb9ZbA==", + "dev": true, "dependencies": { "@babel/types": "^7.13.12" } @@ -332,6 +175,7 @@ "version": "7.12.13", "resolved": "https://registry.npmjs.org/@babel/helper-split-export-declaration/-/helper-split-export-declaration-7.12.13.tgz", "integrity": "sha512-tCJDltF83htUtXx5NLcaDqRmknv652ZWCHyoTETf1CXYJdPC7nohZohjUgieXhv0hTJdRf2FjDueFehdNucpzg==", + "dev": true, "dependencies": { "@babel/types": "^7.12.13" } @@ -340,6 +184,7 @@ "version": "7.15.7", "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.15.7.tgz", "integrity": "sha512-K4JvCtQqad9OY2+yTU8w+E82ywk/fe+ELNlt1G8z3bVGlZfn/hOcQQsUhGhW/N+tb3fxK800wLtKOE/aM0m72w==", + "dev": true, "engines": { "node": ">=6.9.0" } @@ -348,6 +193,7 @@ "version": "7.14.0", "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.14.0.tgz", "integrity": "sha512-+ufuXprtQ1D1iZTO/K9+EBRn+qPWMJjZSw/S0KlFrxCw4tkrzv9grgpDHkY9MeQTjTY8i2sp7Jep8DfU6tN9Mg==", + "dev": true, "dependencies": { "@babel/template": "^7.12.13", "@babel/traverse": "^7.14.0", @@ -358,6 +204,7 @@ "version": "7.14.0", "resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.14.0.tgz", "integrity": "sha512-YSCOwxvTYEIMSGaBQb5kDDsCopDdiUGsqpatp3fOlI4+2HQSkTmEVWnVuySdAC5EWCqSWWTv0ib63RjR7dTBdg==", + "dev": true, "dependencies": { "@babel/helper-validator-identifier": "^7.14.0", "chalk": "^2.0.0", @@ -368,6 +215,7 @@ "version": "3.2.1", "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz", "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==", + "dev": true, "dependencies": { "color-convert": "^1.9.0" }, @@ -379,6 +227,7 @@ "version": "2.4.2", "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz", "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==", + "dev": true, "dependencies": { "ansi-styles": "^3.2.1", "escape-string-regexp": "^1.0.5", @@ -392,6 +241,7 @@ "version": "1.9.3", "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==", + "dev": true, "dependencies": { "color-name": "1.1.3" } @@ -399,12 +249,14 @@ "node_modules/@babel/highlight/node_modules/color-name": { "version": "1.1.3", "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", - "integrity": "sha1-p9BVi9icQveV3UIyj3QIMcpTvCU=" + "integrity": "sha1-p9BVi9icQveV3UIyj3QIMcpTvCU=", + "dev": true }, "node_modules/@babel/highlight/node_modules/has-flag": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", "integrity": "sha1-tdRU3CGZriJWmfNGfloH87lVuv0=", + "dev": true, "engines": { "node": ">=4" } @@ -413,6 +265,7 @@ "version": "5.5.0", "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==", + "dev": true, "dependencies": { "has-flag": "^3.0.0" }, @@ -421,9 +274,10 @@ } }, "node_modules/@babel/parser": { - "version": "7.14.4", - "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.14.4.tgz", - "integrity": "sha512-ArliyUsWDUqEGfWcmzpGUzNfLxTdTp6WU4IuP6QFSp9gGfWS6boxFCkJSJ/L4+RG8z/FnIU3WxCk6hPL9SSWeA==", + "version": "7.17.9", + "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.17.9.tgz", + "integrity": "sha512-vqUSBLP8dQHFPdPi9bc5GK9vRkYHJ49fsZdtoJ8EQ8ibpwk5rPKfvNIwChB0KVXcIjcepEBBd2VHC5r9Gy8ueg==", + "dev": true, "bin": { "parser": "bin/babel-parser.js" }, @@ -431,23 +285,103 @@ "node": ">=6.0.0" } }, - "node_modules/@babel/plugin-proposal-object-rest-spread": { - "version": "7.12.1", - "resolved": "https://registry.npmjs.org/@babel/plugin-proposal-object-rest-spread/-/plugin-proposal-object-rest-spread-7.12.1.tgz", - "integrity": "sha512-s6SowJIjzlhx8o7lsFx5zmY4At6CTtDvgNQDdPzkBQucle58A6b/TTeEBYtyDgmcXjUTM+vE8YOGHZzzbc/ioA==", + "node_modules/@babel/plugin-syntax-async-generators": { + "version": "7.8.4", + "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-async-generators/-/plugin-syntax-async-generators-7.8.4.tgz", + "integrity": "sha512-tycmZxkGfZaxhMRbXlPXuVFpdWlXpir2W4AMhSJgRKzk/eDlIXOhb2LHWoLpDF7TEHylV5zNhykX6KAgHJmTNw==", + "dev": true, + "peer": true, "dependencies": { - "@babel/helper-plugin-utils": "^7.10.4", - "@babel/plugin-syntax-object-rest-spread": "^7.8.0", - "@babel/plugin-transform-parameters": "^7.12.1" + "@babel/helper-plugin-utils": "^7.8.0" }, "peerDependencies": { "@babel/core": "^7.0.0-0" } }, - "node_modules/@babel/plugin-syntax-jsx": { - "version": "7.12.1", - "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-jsx/-/plugin-syntax-jsx-7.12.1.tgz", - "integrity": "sha512-1yRi7yAtB0ETgxdY9ti/p2TivUxJkTdhu/ZbF9MshVGqOx1TdB3b7xCXs49Fupgg50N45KcAsRP/ZqWjs9SRjg==", + "node_modules/@babel/plugin-syntax-bigint": { + "version": "7.8.3", + "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-bigint/-/plugin-syntax-bigint-7.8.3.tgz", + "integrity": "sha512-wnTnFlG+YxQm3vDxpGE57Pj0srRU4sHE/mDkt1qv2YJJSeUAec2ma4WLUnUPeKjyrfntVwe/N6dCXpU+zL3Npg==", + "dev": true, + "peer": true, + "dependencies": { + "@babel/helper-plugin-utils": "^7.8.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-syntax-class-properties": { + "version": "7.12.13", + "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-class-properties/-/plugin-syntax-class-properties-7.12.13.tgz", + "integrity": "sha512-fm4idjKla0YahUNgFNLCB0qySdsoPiZP3iQE3rky0mBUtMZ23yDJ9SJdg6dXTSDnulOVqiF3Hgr9nbXvXTQZYA==", + "dev": true, + "peer": true, + "dependencies": { + "@babel/helper-plugin-utils": "^7.12.13" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-syntax-import-meta": { + "version": "7.10.4", + "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-import-meta/-/plugin-syntax-import-meta-7.10.4.tgz", + "integrity": "sha512-Yqfm+XDx0+Prh3VSeEQCPU81yC+JWZ2pDPFSS4ZdpfZhp4MkFMaDC1UqseovEKwSUpnIL7+vK+Clp7bfh0iD7g==", + "dev": true, + "peer": true, + "dependencies": { + "@babel/helper-plugin-utils": "^7.10.4" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-syntax-json-strings": { + "version": "7.8.3", + "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-json-strings/-/plugin-syntax-json-strings-7.8.3.tgz", + "integrity": "sha512-lY6kdGpWHvjoe2vk4WrAapEuBR69EMxZl+RoGRhrFGNYVK8mOPAW8VfbT/ZgrFbXlDNiiaxQnAtgVCZ6jv30EA==", + "dev": true, + "peer": true, + "dependencies": { + "@babel/helper-plugin-utils": "^7.8.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-syntax-logical-assignment-operators": { + "version": "7.10.4", + "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-logical-assignment-operators/-/plugin-syntax-logical-assignment-operators-7.10.4.tgz", + "integrity": "sha512-d8waShlpFDinQ5MtvGU9xDAOzKH47+FFoney2baFIoMr952hKOLp1HR7VszoZvOsV/4+RRszNY7D17ba0te0ig==", + "dev": true, + "peer": true, + "dependencies": { + "@babel/helper-plugin-utils": "^7.10.4" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-syntax-nullish-coalescing-operator": { + "version": "7.8.3", + "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-nullish-coalescing-operator/-/plugin-syntax-nullish-coalescing-operator-7.8.3.tgz", + "integrity": "sha512-aSff4zPII1u2QD7y+F8oDsz19ew4IGEJg9SVW+bqwpwtfFleiQDMdzA/R+UlWDzfnHFCxxleFT0PMIrR36XLNQ==", + "dev": true, + "peer": true, + "dependencies": { + "@babel/helper-plugin-utils": "^7.8.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-syntax-numeric-separator": { + "version": "7.10.4", + "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-numeric-separator/-/plugin-syntax-numeric-separator-7.10.4.tgz", + "integrity": "sha512-9H6YdfkcK/uOnY/K7/aA2xpzaAgkQn37yzWUMRK7OaPOqOpGS1+n0H5hxT9AUw9EsSjPW8SVyMJwYRtWs3X3ug==", + "dev": true, + "peer": true, "dependencies": { "@babel/helper-plugin-utils": "^7.10.4" }, @@ -459,6 +393,8 @@ "version": "7.8.3", "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-object-rest-spread/-/plugin-syntax-object-rest-spread-7.8.3.tgz", "integrity": "sha512-XoqMijGZb9y3y2XskN+P1wUGiVwWZ5JmoDRwx5+3GmEplNyVM2s2Dg8ILFQm8rWM48orGy5YpI5Bl8U1y7ydlA==", + "dev": true, + "peer": true, "dependencies": { "@babel/helper-plugin-utils": "^7.8.0" }, @@ -466,12 +402,43 @@ "@babel/core": "^7.0.0-0" } }, - "node_modules/@babel/plugin-transform-parameters": { - "version": "7.14.2", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-parameters/-/plugin-transform-parameters-7.14.2.tgz", - "integrity": "sha512-NxoVmA3APNCC1JdMXkdYXuQS+EMdqy0vIwyDHeKHiJKRxmp1qGSdb0JLEIoPRhkx6H/8Qi3RJ3uqOCYw8giy9A==", + "node_modules/@babel/plugin-syntax-optional-catch-binding": { + "version": "7.8.3", + "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-optional-catch-binding/-/plugin-syntax-optional-catch-binding-7.8.3.tgz", + "integrity": "sha512-6VPD0Pc1lpTqw0aKoeRTMiB+kWhAoT24PA+ksWSBrFtl5SIRVpZlwN3NNPQjehA2E/91FV3RjLWoVTglWcSV3Q==", + "dev": true, + "peer": true, "dependencies": { - "@babel/helper-plugin-utils": "^7.13.0" + "@babel/helper-plugin-utils": "^7.8.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-syntax-optional-chaining": { + "version": "7.8.3", + "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-optional-chaining/-/plugin-syntax-optional-chaining-7.8.3.tgz", + "integrity": "sha512-KoK9ErH1MBlCPxV0VANkXW2/dw4vlbGDrFgz8bmUsBGYkFRcbRwMh6cIJubdPrkxRwuGdtCk0v/wPTKbQgBjkg==", + "dev": true, + "peer": true, + "dependencies": { + "@babel/helper-plugin-utils": "^7.8.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-syntax-top-level-await": { + "version": "7.14.5", + "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-top-level-await/-/plugin-syntax-top-level-await-7.14.5.tgz", + "integrity": "sha512-hx++upLv5U1rgYfwe1xBQUhRmU41NEvpUvrp8jkrSCdvGSnM5/qdRMtylJ6PG5OFkBaHkbTAKTnd3/YyESRHFw==", + "dev": true, + "peer": true, + "dependencies": { + "@babel/helper-plugin-utils": "^7.14.5" + }, + "engines": { + "node": ">=6.9.0" }, "peerDependencies": { "@babel/core": "^7.0.0-0" @@ -481,6 +448,7 @@ "version": "7.15.3", "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.15.3.tgz", "integrity": "sha512-OvwMLqNXkCXSz1kSm58sEsNuhqOx/fKpnUnKnFB5v8uDda5bLNEHNgKPvhDN6IU0LDcnHQ90LlJ0Q6jnyBSIBA==", + "dev": true, "dependencies": { "regenerator-runtime": "^0.13.4" }, @@ -505,6 +473,7 @@ "version": "7.12.13", "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.12.13.tgz", "integrity": "sha512-/7xxiGA57xMo/P2GVvdEumr8ONhFOhfgq2ihK3h1e6THqzTAkHbkXgB0xI9yeTfIUoH3+oAeHhqm/I43OTbbjA==", + "dev": true, "dependencies": { "@babel/code-frame": "^7.12.13", "@babel/parser": "^7.12.13", @@ -515,6 +484,7 @@ "version": "7.14.2", "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.14.2.tgz", "integrity": "sha512-TsdRgvBFHMyHOOzcP9S6QU0QQtjxlRpEYOy3mcCO5RgmC305ki42aSAmfZEMSSYBla2oZ9BMqYlncBaKmD/7iA==", + "dev": true, "dependencies": { "@babel/code-frame": "^7.12.13", "@babel/generator": "^7.14.2", @@ -530,6 +500,7 @@ "version": "7.15.0", "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.15.0.tgz", "integrity": "sha512-OBvfqnllOIdX4ojTHpwZbpvz4j3EWyjkZEdmjH0/cgsd6QOdSgU8rLSk6ard/pcW7rlmjdVSX/AWOaORR1uNOQ==", + "dev": true, "dependencies": { "@babel/helper-validator-identifier": "^7.14.9", "to-fast-properties": "^2.0.0" @@ -538,87 +509,30 @@ "node": ">=6.9.0" } }, - "node_modules/@bugsnag/browser": { - "version": "7.10.5", - "resolved": "https://registry.npmjs.org/@bugsnag/browser/-/browser-7.10.5.tgz", - "integrity": "sha512-LxzQ0g8kbVq2YAoZkLM58pzNGqKWV/JxVTBCudHQVp92Wm9Wl7aFVMNPzUWCjp9T9XrNl3h9lrs6Bb127SomyA==", + "node_modules/@bcoe/v8-coverage": { + "version": "0.2.3", + "resolved": "https://registry.npmjs.org/@bcoe/v8-coverage/-/v8-coverage-0.2.3.tgz", + "integrity": "sha512-0hYQ8SB4Db5zvZB4axdMHGwEaQjkZzFjQiN9LVYvIFB2nSUHW9tYpxWriPrWDASIxiaXax83REcLxuSdnGPZtw==", + "dev": true, + "peer": true + }, + "node_modules/@cnakazawa/watch": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/@cnakazawa/watch/-/watch-1.0.4.tgz", + "integrity": "sha512-v9kIhKwjeZThiWrLmj0y17CWoyddASLj9O2yvbZkbvw/N3rWOYy9zkV66ursAoVr0mV15bL8g0c4QZUE6cdDoQ==", + "dev": true, + "peer": true, "dependencies": { - "@bugsnag/core": "^7.10.0" + "exec-sh": "^0.3.2", + "minimist": "^1.2.0" + }, + "bin": { + "watch": "cli.js" + }, + "engines": { + "node": ">=0.1.95" } }, - "node_modules/@bugsnag/core": { - "version": "7.10.0", - "resolved": "https://registry.npmjs.org/@bugsnag/core/-/core-7.10.0.tgz", - "integrity": "sha512-sDa2nDxwsxHQx2/2/tsBWjYqH0TewCR8N/r5at6B+irwVkI0uts7Qc2JyqDTfiEiBXKVEXFK+fHTz1x9b8tsiA==", - "dependencies": { - "@bugsnag/cuid": "^3.0.0", - "@bugsnag/safe-json-stringify": "^6.0.0", - "error-stack-parser": "^2.0.3", - "iserror": "0.0.2", - "stack-generator": "^2.0.3" - } - }, - "node_modules/@bugsnag/cuid": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/@bugsnag/cuid/-/cuid-3.0.0.tgz", - "integrity": "sha512-LOt8aaBI+KvOQGneBtpuCz3YqzyEAehd1f3nC5yr9TIYW1+IzYKa2xWS4EiMz5pPOnRPHkyyS5t/wmSmN51Gjg==" - }, - "node_modules/@bugsnag/js": { - "version": "7.5.4", - "resolved": "https://registry.npmjs.org/@bugsnag/js/-/js-7.5.4.tgz", - "integrity": "sha512-V1+482YPndAD0c0ju7Ik1dXunyKAssZWUIqOMs7Ff3PtZb1107sJ4Hw1E7ZusQvvI/IjA6FO3ZJkmzjIJjQ+UA==", - "dependencies": { - "@bugsnag/browser": "^7.5.4", - "@bugsnag/node": "^7.5.4" - } - }, - "node_modules/@bugsnag/node": { - "version": "7.10.1", - "resolved": "https://registry.npmjs.org/@bugsnag/node/-/node-7.10.1.tgz", - "integrity": "sha512-kpasrz/im5ljptt2JOqrjbOu4b0i5sAZOYU4L0psWXlD31/wXytk7im11QlNALdI8gZZBxIFsVo8ks6dR6mHzg==", - "dependencies": { - "@bugsnag/core": "^7.10.0", - "byline": "^5.0.0", - "error-stack-parser": "^2.0.2", - "iserror": "^0.0.2", - "pump": "^3.0.0", - "stack-generator": "^2.0.3" - } - }, - "node_modules/@bugsnag/plugin-react": { - "version": "7.5.4", - "resolved": "https://registry.npmjs.org/@bugsnag/plugin-react/-/plugin-react-7.5.4.tgz", - "integrity": "sha512-UFNCae2BbvvetIegAy+h45jlmtQ8k+ZnhpM0wnG4EPzDeZA1AFM+LzqRMWF7GrRRLb8H3W8PoswUN9M1Vr6eog==", - "peerDependencies": { - "@bugsnag/core": "^7.0.0" - } - }, - "node_modules/@bugsnag/safe-json-stringify": { - "version": "6.0.0", - "resolved": "https://registry.npmjs.org/@bugsnag/safe-json-stringify/-/safe-json-stringify-6.0.0.tgz", - "integrity": "sha512-htzFO1Zc57S8kgdRK9mLcPVTW1BY2ijfH7Dk2CeZmspTWKdKqSo1iwmqrq2WtRjFlo8aRZYgLX0wFrDXF/9DLA==" - }, - "node_modules/@csstools/normalize.css": { - "version": "12.0.0", - "resolved": "https://registry.npmjs.org/@csstools/normalize.css/-/normalize.css-12.0.0.tgz", - "integrity": "sha512-M0qqxAcwCsIVfpFQSlGN5XjXWu8l5JDZN+fPt1LeW5SZexQTgnaEvgXAY+CeygRw0EeppWHi12JxESWiWrB0Sg==", - "dev": true - }, - "node_modules/@emotion/is-prop-valid": { - "version": "0.8.8", - "resolved": "https://registry.npmjs.org/@emotion/is-prop-valid/-/is-prop-valid-0.8.8.tgz", - "integrity": "sha512-u5WtneEAr5IDG2Wv65yhunPSMLIpuKsbuOktRojfrEiEvRyC85LgPMZI63cr7NUqT8ZIGdSVg8ZKGxIug4lXcA==", - "optional": true, - "dependencies": { - "@emotion/memoize": "0.7.4" - } - }, - "node_modules/@emotion/memoize": { - "version": "0.7.4", - "resolved": "https://registry.npmjs.org/@emotion/memoize/-/memoize-0.7.4.tgz", - "integrity": "sha512-Ja/Vfqe3HpuzRsG1oBtWTHk2PGZ7GR+2Vz5iYGelAw8dx32K0y7PjVuxK6z1nMpZOqAFsRUPCkK1YjJ56qJlgw==", - "optional": true - }, "node_modules/@eslint/eslintrc": { "version": "0.4.3", "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-0.4.3.tgz", @@ -679,6 +593,8 @@ "version": "5.0.2", "resolved": "https://registry.npmjs.org/@hapi/accept/-/accept-5.0.2.tgz", "integrity": "sha512-CmzBx/bXUR8451fnZRuZAJRlzgm0Jgu5dltTX/bszmR2lheb9BpyN47Q1RbaGTsvFzn0PXAEs+lXDKfshccYZw==", + "dev": true, + "peer": true, "dependencies": { "@hapi/boom": "9.x.x", "@hapi/hoek": "9.x.x" @@ -688,6 +604,8 @@ "version": "9.1.3", "resolved": "https://registry.npmjs.org/@hapi/boom/-/boom-9.1.3.tgz", "integrity": "sha512-RlrGyZ603hE/eRTZtTltocRm50HHmrmL3kGOP0SQ9MasazlW1mt/fkv4C5P/6rnpFXjwld/POFX1C8tMZE3ldg==", + "dev": true, + "peer": true, "dependencies": { "@hapi/hoek": "9.x.x" } @@ -695,116 +613,9 @@ "node_modules/@hapi/hoek": { "version": "9.2.0", "resolved": "https://registry.npmjs.org/@hapi/hoek/-/hoek-9.2.0.tgz", - "integrity": "sha512-sqKVVVOe5ivCaXDWivIJYVSaEgdQK9ul7a4Kity5Iw7u9+wBAPbX1RMSnLLmp7O4Vzj0WOWwMAJsTL00xwaNug==" - }, - "node_modules/@hashicorp/flight-icons": { - "version": "1.3.0", - "resolved": "https://registry.npmjs.org/@hashicorp/flight-icons/-/flight-icons-1.3.0.tgz", - "integrity": "sha512-m4GkuYocXv54cBc+7sCkD+xorSxGPYovACpk8/A8I9rCFwdkX3WSZM8osT2/ws4IkCfeNYoxB1dz6a2SRhRfDg==" - }, - "node_modules/@hashicorp/js-utils": { - "version": "1.0.10", - "resolved": "https://registry.npmjs.org/@hashicorp/js-utils/-/js-utils-1.0.10.tgz", - "integrity": "sha512-59AS4kK3EURCTU9ibJmk8MVT8i3qc5tEHv985dxECZrWTL4+3kKr45u/13OPpcRlpUSIKeWEsN9FL1f5/ztHww==", - "deprecated": "[DEPRECATED] - This package has been moved to @hashicorp/nextjs-scripts. See https://github.com/hashicorp/nextjs-scripts/pull/124 for details.This package is deprecated, and will no longer be maintained. Please check the hashicorp/react-components repository for a list of maintained packages, and file an issue if you need a replacement for this package." - }, - "node_modules/@hashicorp/mktg-global-styles": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/@hashicorp/mktg-global-styles/-/mktg-global-styles-4.0.0.tgz", - "integrity": "sha512-5B0/AUCtqTeGoDR9a5FmkRAC5ubBSN2DQEtDHFy7eOSxXqETRfvMRjHa4Gfv1shfb0PNMufDWKfaDalhuHJ+jA==" - }, - "node_modules/@hashicorp/mktg-logos": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/@hashicorp/mktg-logos/-/mktg-logos-1.2.0.tgz", - "integrity": "sha512-bGPaj1FhidA4NFF0C/KpIPwQL4QXJzvOB4uTdBX9g8zTg9V2Kf2MZBC2lt+TL8Xem4k8qmBaa36w8x6+fmbdRw==" - }, - "node_modules/@hashicorp/next-optimized-images": { - "version": "0.1.0", - "resolved": "https://registry.npmjs.org/@hashicorp/next-optimized-images/-/next-optimized-images-0.1.0.tgz", - "integrity": "sha512-fsjGIrpGZozjKUVrEqVfKYpzQvLkYzV+PnybKnAH7gyEX8xZDZXyM7T710ZAkmNaa9KgszvOQ0o21Z6ukfw3UQ==", + "integrity": "sha512-sqKVVVOe5ivCaXDWivIJYVSaEgdQK9ul7a4Kity5Iw7u9+wBAPbX1RMSnLLmp7O4Vzj0WOWwMAJsTL00xwaNug==", "dev": true, - "dependencies": { - "chalk": "^2.4.2", - "figures": "^3.0.0", - "file-loader": "^3.0.1", - "imagemin": "^6.1.0", - "img-loader": "^3.0.1", - "raw-loader": "^2.0.0", - "url-loader": "^1.1.2" - } - }, - "node_modules/@hashicorp/next-optimized-images/node_modules/ansi-styles": { - "version": "3.2.1", - "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz", - "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==", - "dev": true, - "dependencies": { - "color-convert": "^1.9.0" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/@hashicorp/next-optimized-images/node_modules/chalk": { - "version": "2.4.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz", - "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==", - "dev": true, - "dependencies": { - "ansi-styles": "^3.2.1", - "escape-string-regexp": "^1.0.5", - "supports-color": "^5.3.0" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/@hashicorp/next-optimized-images/node_modules/color-convert": { - "version": "1.9.3", - "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", - "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==", - "dev": true, - "dependencies": { - "color-name": "1.1.3" - } - }, - "node_modules/@hashicorp/next-optimized-images/node_modules/color-name": { - "version": "1.1.3", - "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", - "integrity": "sha1-p9BVi9icQveV3UIyj3QIMcpTvCU=", - "dev": true - }, - "node_modules/@hashicorp/next-optimized-images/node_modules/has-flag": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", - "integrity": "sha1-tdRU3CGZriJWmfNGfloH87lVuv0=", - "dev": true, - "engines": { - "node": ">=4" - } - }, - "node_modules/@hashicorp/next-optimized-images/node_modules/supports-color": { - "version": "5.5.0", - "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", - "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==", - "dev": true, - "dependencies": { - "has-flag": "^3.0.0" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/@hashicorp/platform-analytics": { - "version": "0.2.0", - "resolved": "https://registry.npmjs.org/@hashicorp/platform-analytics/-/platform-analytics-0.2.0.tgz", - "integrity": "sha512-4Pmb4Fy/2eDCZPFu/O4wKK2L5VIqwsXfDPDGX3eA4Dk67ytZ//SXuW9oFtG97ACyW/p1i72EmwoqcrR6usDwtg==", - "dependencies": { - "fathom-client": "^3.2.0" - }, - "peerDependencies": { - "react": ">= 16.x" - } + "peer": true }, "node_modules/@hashicorp/platform-cli": { "version": "1.2.0", @@ -851,1140 +662,378 @@ "version": "0.3.0", "resolved": "https://registry.npmjs.org/@hashicorp/platform-cms/-/platform-cms-0.3.0.tgz", "integrity": "sha512-sRX9A+kDEZvfZy8PvGFbEaHjn5G1mEsHwTri1vDnrmKG8apE+ELlug83b0iEkD5wIJi9OqaewMIb0NrLxg9s5A==", + "dev": true, "dependencies": { "rivet-graphql": "0.3.1" } }, - "node_modules/@hashicorp/platform-code-highlighting": { - "version": "0.1.2", - "resolved": "https://registry.npmjs.org/@hashicorp/platform-code-highlighting/-/platform-code-highlighting-0.1.2.tgz", - "integrity": "sha512-87+BwqKW2kY3TjYj5sgcJMHwjFD2xYhQKcMfbzdyDPC4xJLhg5T7/4tXK5SM/G8stpomlt349CIWL0s+jWk2rw==", - "dependencies": { - "@mapbox/rehype-prism": "0.5.0", - "rehype-parse": "7.0.1", - "rehype-stringify": "8.0.0", - "unified": "9.2.0", - "unist-util-visit": "2.0.3" - } - }, - "node_modules/@hashicorp/platform-docs-mdx": { - "version": "0.1.3", - "resolved": "https://registry.npmjs.org/@hashicorp/platform-docs-mdx/-/platform-docs-mdx-0.1.3.tgz", - "integrity": "sha512-NPVvn3s/JuFfebvymJ9JkOd6CHKfCVISz/QenmPgPim1nzJfe3uXKFeqolYdfMb8k1++XpX7KM70nJMVDyQLpw==", - "dependencies": { - "@hashicorp/react-code-block": "^4.1.0", - "@hashicorp/react-enterprise-alert": "^6.0.1", - "@hashicorp/react-tabs": "^7.0.1", - "@mdx-js/react": "1.6.22" - }, - "peerDependencies": { - "react": ">= 16.x" - } - }, - "node_modules/@hashicorp/platform-markdown-utils": { - "version": "0.1.3", - "resolved": "https://registry.npmjs.org/@hashicorp/platform-markdown-utils/-/platform-markdown-utils-0.1.3.tgz", - "integrity": "sha512-WIVCYljXQAhT+wFb8EtN3AEkgFDcbXMEvF4XkBg8OE/UWlrKWUNICjhrwTN68Q4Vl11ChX/ifH803DmLcSninA==", - "dependencies": { - "@hashicorp/platform-types": "^0.1.0", - "@hashicorp/remark-plugins": "^3.2.0", - "@mapbox/rehype-prism": "^0.6.0", - "@mdx-js/react": "1.6.22", - "rehype-katex": "^5.0.0", - "remark-math": "^4.0.0", - "remark-rehype": "^7.0.0" - }, - "peerDependencies": { - "react": ">= 16.x" - } - }, - "node_modules/@hashicorp/platform-markdown-utils/node_modules/@mapbox/rehype-prism": { - "version": "0.6.0", - "resolved": "https://registry.npmjs.org/@mapbox/rehype-prism/-/rehype-prism-0.6.0.tgz", - "integrity": "sha512-/0Ev/PB4fXdKPT6VDzVpnAPxGpWFIc4Yz3mf/DzLEMxlpIPZpZlCzaFk4V4NGFofQXPc41+GpEcZtWP3VuFWVA==", - "dependencies": { - "hast-util-to-string": "^1.0.4", - "refractor": "^3.3.1", - "unist-util-visit": "^2.0.3" - }, - "engines": { - "node": ">=10" - } - }, - "node_modules/@hashicorp/platform-markdown-utils/node_modules/commander": { - "version": "6.2.1", - "resolved": "https://registry.npmjs.org/commander/-/commander-6.2.1.tgz", - "integrity": "sha512-U7VdrJFnJgo4xjrHpTzu0yrHPGImdsmD95ZlgYSEajAn2JKzDhDTPG9kBTefmObL2w/ngeZnilk+OV9CG3d7UA==", - "engines": { - "node": ">= 6" - } - }, - "node_modules/@hashicorp/platform-markdown-utils/node_modules/katex": { - "version": "0.13.13", - "resolved": "https://registry.npmjs.org/katex/-/katex-0.13.13.tgz", - "integrity": "sha512-cCMcil4jwMm7behpXGiQfXJA29sko/Gd/26iCsr53Dv5Jn2iHbHyEb14dm9uVrIijUXx6Zz1WhlFhHE6DckvkQ==", - "dependencies": { - "commander": "^6.0.0" - }, - "bin": { - "katex": "cli.js" - } - }, - "node_modules/@hashicorp/platform-markdown-utils/node_modules/mdast-util-definitions": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/mdast-util-definitions/-/mdast-util-definitions-3.0.1.tgz", - "integrity": "sha512-BAv2iUm/e6IK/b2/t+Fx69EL/AGcq/IG2S+HxHjDJGfLJtd6i9SZUS76aC9cig+IEucsqxKTR0ot3m933R3iuA==", - "dependencies": { - "unist-util-visit": "^2.0.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" - } - }, - "node_modules/@hashicorp/platform-markdown-utils/node_modules/mdast-util-to-hast": { - "version": "9.1.2", - "resolved": "https://registry.npmjs.org/mdast-util-to-hast/-/mdast-util-to-hast-9.1.2.tgz", - "integrity": "sha512-OpkFLBC2VnNAb2FNKcKWu9FMbJhQKog+FCT8nuKmQNIKXyT1n3SIskE7uWDep6x+cA20QXlK5AETHQtYmQmxtQ==", - "dependencies": { - "@types/mdast": "^3.0.0", - "@types/unist": "^2.0.0", - "mdast-util-definitions": "^3.0.0", - "mdurl": "^1.0.0", - "unist-builder": "^2.0.0", - "unist-util-generated": "^1.0.0", - "unist-util-position": "^3.0.0", - "unist-util-visit": "^2.0.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" - } - }, - "node_modules/@hashicorp/platform-markdown-utils/node_modules/rehype-katex": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/rehype-katex/-/rehype-katex-5.0.0.tgz", - "integrity": "sha512-ksSuEKCql/IiIadOHiKRMjypva9BLhuwQNascMqaoGLDVd0k2NlE2wMvgZ3rpItzRKCd6vs8s7MFbb8pcR0AEg==", - "dependencies": { - "@types/katex": "^0.11.0", - "hast-util-to-text": "^2.0.0", - "katex": "^0.13.0", - "rehype-parse": "^7.0.0", - "unified": "^9.0.0", - "unist-util-visit": "^2.0.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" - } - }, - "node_modules/@hashicorp/platform-markdown-utils/node_modules/remark-rehype": { - "version": "7.0.0", - "resolved": "https://registry.npmjs.org/remark-rehype/-/remark-rehype-7.0.0.tgz", - "integrity": "sha512-uqQ/VbaTdxyu/da6npHAso6hA00cMqhA3a59RziQdOLN2KEIkPykAVy52IcmZEVTuauXO0VtpxkyCey4phtHzQ==", - "dependencies": { - "mdast-util-to-hast": "^9.1.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" - } - }, - "node_modules/@hashicorp/platform-nextjs-plugin": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/@hashicorp/platform-nextjs-plugin/-/platform-nextjs-plugin-1.0.1.tgz", - "integrity": "sha512-gT26wGylFuAUuMHuQ57PRrrL414xWsqaVUfrvlcQcrOXUF9YsUjNnVAWo+JLoo9y37vpdOMhdEPWrwPxXoeItw==", + "node_modules/@istanbuljs/load-nyc-config": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/@istanbuljs/load-nyc-config/-/load-nyc-config-1.1.0.tgz", + "integrity": "sha512-VjeHSlIzpv/NyD3N0YuHfXOPDIixcA1q2ZV98wsMqcYlPmv2n3Yb2lYP9XMElnaFVXg5A7YLTeLu6V84uQDjmQ==", "dev": true, + "peer": true, "dependencies": { - "@hashicorp/next-optimized-images": "0.1.0", - "@next/bundle-analyzer": "10.0.3", - "imagemin-mozjpeg": "9.0.0", - "imagemin-optipng": "8.0.0", - "imagemin-svgo": "8.0.0", - "next-transpile-modules": "^8.0.0", - "postcss-normalize": "10.0.1" - }, - "peerDependencies": { - "next": ">= 11.x" - } - }, - "node_modules/@hashicorp/platform-product-meta": { - "version": "0.1.0", - "resolved": "https://registry.npmjs.org/@hashicorp/platform-product-meta/-/platform-product-meta-0.1.0.tgz", - "integrity": "sha512-UXAiYENDP8I0mD9+LNMyaCksUPthPRkxAIzg12SbERgx5kAjEaBCzYRHKXibL1dZpVQiRfs0i/0ieSw0mP2y+Q==", - "dependencies": { - "@hashicorp/platform-util": "^0.1.0" - }, - "peerDependencies": { - "react": ">= 16.x" - } - }, - "node_modules/@hashicorp/platform-runtime-error-monitoring": { - "version": "0.1.0", - "resolved": "https://registry.npmjs.org/@hashicorp/platform-runtime-error-monitoring/-/platform-runtime-error-monitoring-0.1.0.tgz", - "integrity": "sha512-G6YhBPIu9cPPE2j+uLVoCuamPzxrpEPi45B0ySa+1CTCUmG+3fswvPHXILbyr91ZtpuBsFg1nYJOBwlwEftHdg==", - "dependencies": { - "@bugsnag/js": "7.5.4", - "@bugsnag/plugin-react": "7.5.4" - }, - "peerDependencies": { - "react": ">= 16.x" - } - }, - "node_modules/@hashicorp/platform-types": { - "version": "0.1.1", - "resolved": "https://registry.npmjs.org/@hashicorp/platform-types/-/platform-types-0.1.1.tgz", - "integrity": "sha512-aQU6hyzBpMax7WoZKF6f/OkCER/SxsVn25RBVgU7JHxmebYJB4VfmDXAfa0TyKaPz2cDWPeOgc8MVezGVjouSw==", - "dependencies": { - "@types/segment-analytics": "^0.0.33" - } - }, - "node_modules/@hashicorp/platform-util": { - "version": "0.1.0", - "resolved": "https://registry.npmjs.org/@hashicorp/platform-util/-/platform-util-0.1.0.tgz", - "integrity": "sha512-XGWmQnMThygQKUsB5fPfhWT2KIbAq3Zax1K7TiEarX7IrngpEk7oTpVUR0uEraZgpfsaOfhHGSilvBRZjCZ+Ew==", - "dependencies": { - "nprogress": "0.2.0" - }, - "peerDependencies": { - "next": ">= 9.x", - "react": ">= 16.x" - } - }, - "node_modules/@hashicorp/react-alert": { - "version": "6.0.2", - "resolved": "https://registry.npmjs.org/@hashicorp/react-alert/-/react-alert-6.0.2.tgz", - "integrity": "sha512-8ePxXMYR6kU0cYb4T3WZ74bInPQdbzfM4B+ZWqmW+raEpVAS2MTqDFl7X55L0syWx6JDbBmrlhzYaRzTDf6qug==", - "dependencies": { - "@hashicorp/platform-product-meta": "^0.1.0", - "classnames": "^2.3.1" - }, - "peerDependencies": { - "@hashicorp/mktg-global-styles": ">=3.x", - "react": ">=16.x" - } - }, - "node_modules/@hashicorp/react-alert-banner": { - "version": "7.0.1", - "resolved": "https://registry.npmjs.org/@hashicorp/react-alert-banner/-/react-alert-banner-7.0.1.tgz", - "integrity": "sha512-h6M9NhQQxDJZQwhrT1I+Rwfiko8yGsQGrTp6jF0XUrOnteok69SfuDfc0/Vv50aNG0029R4pnBvgK3e1Xc7TlQ==", - "dependencies": { - "@hashicorp/platform-product-meta": "^0.1.0", - "@hashicorp/react-inline-svg": "^6.0.3", - "@reach/visually-hidden": "^0.16.0", - "js-cookie": "^2.2.1", - "slugify": "^1.6.0" - }, - "peerDependencies": { - "@hashicorp/mktg-global-styles": ">=3.x", - "react": ">=16.x" - } - }, - "node_modules/@hashicorp/react-alert-banner/node_modules/slugify": { - "version": "1.6.0", - "resolved": "https://registry.npmjs.org/slugify/-/slugify-1.6.0.tgz", - "integrity": "sha512-FkMq+MQc5hzYgM86nLuHI98Acwi3p4wX+a5BO9Hhw4JdK4L7WueIiZ4tXEobImPqBz2sVcV0+Mu3GRB30IGang==", - "engines": { - "node": ">=8.0.0" - } - }, - "node_modules/@hashicorp/react-button": { - "version": "6.0.3", - "resolved": "https://registry.npmjs.org/@hashicorp/react-button/-/react-button-6.0.3.tgz", - "integrity": "sha512-CRK93cWw5ap4tGGvMoyr/Ydvvz1Ie1RTyTdBhcpARlH7pCIAmvxHKMK+FCWXWGJNjpM9suKenXfdTJRfz7+KNw==", - "dependencies": { - "@hashicorp/platform-product-meta": "^0.1.0", - "@hashicorp/react-inline-svg": "^6.0.1", - "classnames": "^2.3.1", - "slugify": "^1.6.0" - }, - "peerDependencies": { - "@hashicorp/mktg-global-styles": ">=3.x", - "react": ">=16.x" - } - }, - "node_modules/@hashicorp/react-button/node_modules/slugify": { - "version": "1.6.0", - "resolved": "https://registry.npmjs.org/slugify/-/slugify-1.6.0.tgz", - "integrity": "sha512-FkMq+MQc5hzYgM86nLuHI98Acwi3p4wX+a5BO9Hhw4JdK4L7WueIiZ4tXEobImPqBz2sVcV0+Mu3GRB30IGang==", - "engines": { - "node": ">=8.0.0" - } - }, - "node_modules/@hashicorp/react-call-to-action": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/@hashicorp/react-call-to-action/-/react-call-to-action-4.0.0.tgz", - "integrity": "sha512-SpdyItfcQKCGMzI6RlfT2ZbplyeERd6eK12ZwTT2UDejmDSlD0s0/rauzR6brfCh2RGbyRct3/KjJFYWyVsYaw==", - "dependencies": { - "@hashicorp/react-button": "^6.0.0" - }, - "peerDependencies": { - "@hashicorp/mktg-global-styles": ">=3.x", - "react": ">=16.x" - } - }, - "node_modules/@hashicorp/react-callouts": { - "version": "8.0.1", - "resolved": "https://registry.npmjs.org/@hashicorp/react-callouts/-/react-callouts-8.0.1.tgz", - "integrity": "sha512-KfrEZOO8jWBhHlld2quusPskGbB/6LBuV9bnzsFyS4yn+y7RSBTVk8yovdc8BkFyTaxMq6h/tLW8PgYDLnWPQQ==", - "dependencies": { - "@hashicorp/platform-product-meta": "^0.1.0", - "@hashicorp/react-button": "^6.0.0", - "@hashicorp/react-inline-svg": "^6.0.1", - "classnames": "^2.3.1" - }, - "peerDependencies": { - "@hashicorp/mktg-global-styles": ">=3.x", - "react": ">=16.x" - } - }, - "node_modules/@hashicorp/react-code-block": { - "version": "4.1.5", - "resolved": "https://registry.npmjs.org/@hashicorp/react-code-block/-/react-code-block-4.1.5.tgz", - "integrity": "sha512-94IHagrdqxvoPE130b2FOvyeSZ26DIhaNSnZ3b/isKMpaNdWjoi/uo+nckRu3auiSyxldbMty8W5EXclgGkCEA==", - "dependencies": { - "@hashicorp/react-inline-svg": "^6.0.3", - "@reach/listbox": "0.15.0", - "shellwords": "^0.1.1" - }, - "peerDependencies": { - "@hashicorp/mktg-global-styles": ">=3.x", - "react": ">=16.x" - } - }, - "node_modules/@hashicorp/react-consent-manager": { - "version": "7.1.0", - "resolved": "https://registry.npmjs.org/@hashicorp/react-consent-manager/-/react-consent-manager-7.1.0.tgz", - "integrity": "sha512-Hxs58z80gbyfO2HpdyvQFB1PtXzazWICJnH5Kp1VRL2oQpJPeylG6jUsQ6K6a9kfdclZQjK1EeVKDZg2vVFrhA==", - "dependencies": { - "@hashicorp/react-button": "^6.0.0", - "@hashicorp/react-toggle": "^4.0.1", - "classnames": "^2.3.1", - "js-cookie": "^2.2.1" - }, - "peerDependencies": { - "@hashicorp/mktg-global-styles": ">=3.x", - "next": ">=11.x", - "react": ">=16.x" - } - }, - "node_modules/@hashicorp/react-content": { - "version": "8.2.0", - "resolved": "https://registry.npmjs.org/@hashicorp/react-content/-/react-content-8.2.0.tgz", - "integrity": "sha512-9wKJQodndiOIdnVXb4zQGwm0CZU3WAJgxTwJGHQDDepPgHvh5nXK336PhTpLcjFK5T0Fg5uvYgaNqfNHZaoquQ==", - "dependencies": { - "@hashicorp/platform-product-meta": "^0.1.0", - "classnames": "^2.3.1" - }, - "peerDependencies": { - "@hashicorp/mktg-global-styles": ">=3.2.x", - "react": ">=16.x" - } - }, - "node_modules/@hashicorp/react-docs-page": { - "version": "14.14.0", - "resolved": "https://registry.npmjs.org/@hashicorp/react-docs-page/-/react-docs-page-14.14.0.tgz", - "integrity": "sha512-OwbBmbuE7U3nnF/TWeUKRW6MN0/KIgC8nxUJP3rbqANxZFchCjm/7JEG/owDZu41zJQUAa1ZKvmhI+OUfAAvwA==", - "dependencies": { - "@hashicorp/platform-docs-mdx": "^0.1.3", - "@hashicorp/platform-markdown-utils": "^0.2.0", - "@hashicorp/react-alert": "^6.0.2", - "@hashicorp/react-content": "^8.1.1", - "@hashicorp/react-docs-sidenav": "^8.4.0", - "@hashicorp/react-head": "^3.1.2", - "@hashicorp/react-placeholder": "^0.1.0", - "@hashicorp/react-search": "^6.3.1", - "@hashicorp/react-version-select": "^0.3.0", - "classnames": "^2.3.1", - "fs-exists-sync": "^0.1.0", - "gray-matter": "^4.0.3", - "js-yaml": "^4.1.0", - "line-reader": "^0.4.0", - "moize": "^6.0.3", - "readdirp": "^3.6.0", - "semver": "^7.3.5" - }, - "peerDependencies": { - "@hashicorp/mktg-global-styles": ">=3.x", - "next-mdx-remote": ">=3.x", - "react": ">=16.x" - } - }, - "node_modules/@hashicorp/react-docs-page/node_modules/@hashicorp/platform-markdown-utils": { - "version": "0.2.0", - "resolved": "https://registry.npmjs.org/@hashicorp/platform-markdown-utils/-/platform-markdown-utils-0.2.0.tgz", - "integrity": "sha512-xs/yiP/vcgvGX5wYggvYIhG4WTmTS3e5oUE7QuTtukOHcCN+HmN79z9xn8yCDnJ0GiAm51dv42lmCBiWj3JF6Q==", - "dependencies": { - "@hashicorp/platform-types": "^0.1.0", - "@hashicorp/remark-plugins": "^3.3.1", - "@mapbox/rehype-prism": "^0.6.0", - "@mdx-js/react": "1.6.22", - "rehype-katex": "^5.0.0", - "remark-math": "^4.0.0", - "remark-rehype": "^7.0.0" - }, - "peerDependencies": { - "react": ">= 16.x" - } - }, - "node_modules/@hashicorp/react-docs-page/node_modules/@hashicorp/remark-plugins": { - "version": "3.3.1", - "resolved": "https://registry.npmjs.org/@hashicorp/remark-plugins/-/remark-plugins-3.3.1.tgz", - "integrity": "sha512-7xThpsBFWasdC/E+E/BAjHxMYqyCcQFiTVspvhBzN51meiQIacVCnyAox/lyvwWiP4N3Yj/ruH4UsR2ifskNeA==", - "dependencies": { - "@mdx-js/util": "1.6.22", - "github-slugger": "^1.3.0", - "remark": "12.0.1", - "remark-mdx": "1.6.22", - "to-vfile": "^6.1.0", - "unist-util-flatmap": "^1.0.0", - "unist-util-is": "^4.0.2", - "unist-util-map": "^2.0.1", - "unist-util-visit": "^2.0.3" - } - }, - "node_modules/@hashicorp/react-docs-page/node_modules/@mapbox/rehype-prism": { - "version": "0.6.0", - "resolved": "https://registry.npmjs.org/@mapbox/rehype-prism/-/rehype-prism-0.6.0.tgz", - "integrity": "sha512-/0Ev/PB4fXdKPT6VDzVpnAPxGpWFIc4Yz3mf/DzLEMxlpIPZpZlCzaFk4V4NGFofQXPc41+GpEcZtWP3VuFWVA==", - "dependencies": { - "hast-util-to-string": "^1.0.4", - "refractor": "^3.3.1", - "unist-util-visit": "^2.0.3" - }, - "engines": { - "node": ">=10" - } - }, - "node_modules/@hashicorp/react-docs-page/node_modules/commander": { - "version": "8.3.0", - "resolved": "https://registry.npmjs.org/commander/-/commander-8.3.0.tgz", - "integrity": "sha512-OkTL9umf+He2DZkUq8f8J9of7yL6RJKI24dVITBmNfZBmri9zYZQrKkuXiKhyfPSu8tUhnVBB1iKXevvnlR4Ww==", - "engines": { - "node": ">= 12" - } - }, - "node_modules/@hashicorp/react-docs-page/node_modules/gray-matter": { - "version": "4.0.3", - "resolved": "https://registry.npmjs.org/gray-matter/-/gray-matter-4.0.3.tgz", - "integrity": "sha512-5v6yZd4JK3eMI3FqqCouswVqwugaA9r4dNZB1wwcmrD02QkV5H0y7XBQW8QwQqEaZY1pM9aqORSORhJRdNK44Q==", - "dependencies": { + "camelcase": "^5.3.1", + "find-up": "^4.1.0", + "get-package-type": "^0.1.0", "js-yaml": "^3.13.1", - "kind-of": "^6.0.2", - "section-matter": "^1.0.0", - "strip-bom-string": "^1.0.0" + "resolve-from": "^5.0.0" }, "engines": { - "node": ">=6.0" + "node": ">=8" } }, - "node_modules/@hashicorp/react-docs-page/node_modules/gray-matter/node_modules/js-yaml": { - "version": "3.14.1", - "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", - "integrity": "sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==", - "dependencies": { - "argparse": "^1.0.7", - "esprima": "^4.0.0" - }, - "bin": { - "js-yaml": "bin/js-yaml.js" - } - }, - "node_modules/@hashicorp/react-docs-page/node_modules/js-yaml": { + "node_modules/@istanbuljs/load-nyc-config/node_modules/find-up": { "version": "4.1.0", - "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", - "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==", + "resolved": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", + "integrity": "sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw==", + "dev": true, + "peer": true, "dependencies": { - "argparse": "^2.0.1" - }, - "bin": { - "js-yaml": "bin/js-yaml.js" - } - }, - "node_modules/@hashicorp/react-docs-page/node_modules/js-yaml/node_modules/argparse": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", - "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==" - }, - "node_modules/@hashicorp/react-docs-page/node_modules/katex": { - "version": "0.13.24", - "resolved": "https://registry.npmjs.org/katex/-/katex-0.13.24.tgz", - "integrity": "sha512-jZxYuKCma3VS5UuxOx/rFV1QyGSl3Uy/i0kTJF3HgQ5xMinCQVF8Zd4bMY/9aI9b9A2pjIBOsjSSm68ykTAr8w==", - "funding": [ - "https://opencollective.com/katex", - "https://github.com/sponsors/katex" - ], - "dependencies": { - "commander": "^8.0.0" - }, - "bin": { - "katex": "cli.js" - } - }, - "node_modules/@hashicorp/react-docs-page/node_modules/mdast-util-definitions": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/mdast-util-definitions/-/mdast-util-definitions-3.0.1.tgz", - "integrity": "sha512-BAv2iUm/e6IK/b2/t+Fx69EL/AGcq/IG2S+HxHjDJGfLJtd6i9SZUS76aC9cig+IEucsqxKTR0ot3m933R3iuA==", - "dependencies": { - "unist-util-visit": "^2.0.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" - } - }, - "node_modules/@hashicorp/react-docs-page/node_modules/mdast-util-to-hast": { - "version": "9.1.2", - "resolved": "https://registry.npmjs.org/mdast-util-to-hast/-/mdast-util-to-hast-9.1.2.tgz", - "integrity": "sha512-OpkFLBC2VnNAb2FNKcKWu9FMbJhQKog+FCT8nuKmQNIKXyT1n3SIskE7uWDep6x+cA20QXlK5AETHQtYmQmxtQ==", - "dependencies": { - "@types/mdast": "^3.0.0", - "@types/unist": "^2.0.0", - "mdast-util-definitions": "^3.0.0", - "mdurl": "^1.0.0", - "unist-builder": "^2.0.0", - "unist-util-generated": "^1.0.0", - "unist-util-position": "^3.0.0", - "unist-util-visit": "^2.0.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" - } - }, - "node_modules/@hashicorp/react-docs-page/node_modules/readdirp": { - "version": "3.6.0", - "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz", - "integrity": "sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA==", - "dependencies": { - "picomatch": "^2.2.1" + "locate-path": "^5.0.0", + "path-exists": "^4.0.0" }, "engines": { - "node": ">=8.10.0" + "node": ">=8" } }, - "node_modules/@hashicorp/react-docs-page/node_modules/rehype-katex": { + "node_modules/@istanbuljs/load-nyc-config/node_modules/locate-path": { "version": "5.0.0", - "resolved": "https://registry.npmjs.org/rehype-katex/-/rehype-katex-5.0.0.tgz", - "integrity": "sha512-ksSuEKCql/IiIadOHiKRMjypva9BLhuwQNascMqaoGLDVd0k2NlE2wMvgZ3rpItzRKCd6vs8s7MFbb8pcR0AEg==", + "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", + "integrity": "sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g==", + "dev": true, + "peer": true, "dependencies": { - "@types/katex": "^0.11.0", - "hast-util-to-text": "^2.0.0", - "katex": "^0.13.0", - "rehype-parse": "^7.0.0", - "unified": "^9.0.0", - "unist-util-visit": "^2.0.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" - } - }, - "node_modules/@hashicorp/react-docs-page/node_modules/remark": { - "version": "12.0.1", - "resolved": "https://registry.npmjs.org/remark/-/remark-12.0.1.tgz", - "integrity": "sha512-gS7HDonkdIaHmmP/+shCPejCEEW+liMp/t/QwmF0Xt47Rpuhl32lLtDV1uKWvGoq+kxr5jSgg5oAIpGuyULjUw==", - "dependencies": { - "remark-parse": "^8.0.0", - "remark-stringify": "^8.0.0", - "unified": "^9.0.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" - } - }, - "node_modules/@hashicorp/react-docs-page/node_modules/remark-parse": { - "version": "8.0.3", - "resolved": "https://registry.npmjs.org/remark-parse/-/remark-parse-8.0.3.tgz", - "integrity": "sha512-E1K9+QLGgggHxCQtLt++uXltxEprmWzNfg+MxpfHsZlrddKzZ/hZyWHDbK3/Ap8HJQqYJRXP+jHczdL6q6i85Q==", - "dependencies": { - "ccount": "^1.0.0", - "collapse-white-space": "^1.0.2", - "is-alphabetical": "^1.0.0", - "is-decimal": "^1.0.0", - "is-whitespace-character": "^1.0.0", - "is-word-character": "^1.0.0", - "markdown-escapes": "^1.0.0", - "parse-entities": "^2.0.0", - "repeat-string": "^1.5.4", - "state-toggle": "^1.0.0", - "trim": "0.0.1", - "trim-trailing-lines": "^1.0.0", - "unherit": "^1.0.4", - "unist-util-remove-position": "^2.0.0", - "vfile-location": "^3.0.0", - "xtend": "^4.0.1" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" - } - }, - "node_modules/@hashicorp/react-docs-page/node_modules/remark-rehype": { - "version": "7.0.0", - "resolved": "https://registry.npmjs.org/remark-rehype/-/remark-rehype-7.0.0.tgz", - "integrity": "sha512-uqQ/VbaTdxyu/da6npHAso6hA00cMqhA3a59RziQdOLN2KEIkPykAVy52IcmZEVTuauXO0VtpxkyCey4phtHzQ==", - "dependencies": { - "mdast-util-to-hast": "^9.1.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" - } - }, - "node_modules/@hashicorp/react-docs-page/node_modules/remark-stringify": { - "version": "8.1.1", - "resolved": "https://registry.npmjs.org/remark-stringify/-/remark-stringify-8.1.1.tgz", - "integrity": "sha512-q4EyPZT3PcA3Eq7vPpT6bIdokXzFGp9i85igjmhRyXWmPs0Y6/d2FYwUNotKAWyLch7g0ASZJn/KHHcHZQ163A==", - "dependencies": { - "ccount": "^1.0.0", - "is-alphanumeric": "^1.0.0", - "is-decimal": "^1.0.0", - "is-whitespace-character": "^1.0.0", - "longest-streak": "^2.0.1", - "markdown-escapes": "^1.0.0", - "markdown-table": "^2.0.0", - "mdast-util-compact": "^2.0.0", - "parse-entities": "^2.0.0", - "repeat-string": "^1.5.4", - "state-toggle": "^1.0.0", - "stringify-entities": "^3.0.0", - "unherit": "^1.0.4", - "xtend": "^4.0.1" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" - } - }, - "node_modules/@hashicorp/react-docs-sidenav": { - "version": "8.4.1", - "resolved": "https://registry.npmjs.org/@hashicorp/react-docs-sidenav/-/react-docs-sidenav-8.4.1.tgz", - "integrity": "sha512-X7J19jCrcYiZEa7/ApMn6R5LFmDymJC1/sHSXpaMcXDIW5DD+H0DRYwJKVUPgdJDWhjZ5PXXWeDJTOKcQWBNog==", - "dependencies": { - "@hashicorp/platform-product-meta": "^0.1.0", - "@hashicorp/react-link-wrap": "^3.0.3", - "fuzzysearch": "1.0.3" - }, - "peerDependencies": { - "@hashicorp/mktg-global-styles": ">=3.x", - "react": ">=16.x" - } - }, - "node_modules/@hashicorp/react-enterprise-alert": { - "version": "6.0.1", - "resolved": "https://registry.npmjs.org/@hashicorp/react-enterprise-alert/-/react-enterprise-alert-6.0.1.tgz", - "integrity": "sha512-fIT5A5G7mNW77Iob/B5FRlKukDws8CEtK/pLqYJjYhz1HmwZiPRORWTDcaBDh8XUARqo8gA8lg9gqke2kEv6UQ==", - "dependencies": { - "@hashicorp/platform-product-meta": "^0.1.0", - "classnames": "^2.3.1" - }, - "peerDependencies": { - "@hashicorp/mktg-global-styles": ">=3.x", - "react": ">=16.x" - } - }, - "node_modules/@hashicorp/react-featured-slider": { - "version": "5.0.1", - "resolved": "https://registry.npmjs.org/@hashicorp/react-featured-slider/-/react-featured-slider-5.0.1.tgz", - "integrity": "sha512-AuTZA/C5JHjyb+fCr2nrZcL0iPoDBaj0wGRXxRnNwltV1YOwYnn1p3vzRtrAky+BAjTWtYkh+h4Nebi+pvi+AQ==", - "dependencies": { - "@hashicorp/react-button": "^6.0.0", - "@hashicorp/react-image": "^4.0.1", - "classnames": "^2.3.1" - }, - "peerDependencies": { - "@hashicorp/mktg-global-styles": ">=3.x", - "react": ">=16.x" - } - }, - "node_modules/@hashicorp/react-hashi-stack-menu": { - "version": "2.1.2", - "resolved": "https://registry.npmjs.org/@hashicorp/react-hashi-stack-menu/-/react-hashi-stack-menu-2.1.2.tgz", - "integrity": "sha512-3K6Y2FNSLq6TsMceX3a1pdmxaVx8lRvxCgjxcKL1P6DpmOk0AU5/eL0CvKP8GzXSYstL36xXxIhWFfiaAaF/yQ==", - "dependencies": { - "@hashicorp/react-inline-svg": "^6.0.1", - "@hashicorp/react-link-wrap": "^3.0.3", - "slugify": "1.6.0" - }, - "peerDependencies": { - "@hashicorp/mktg-global-styles": ">=3.x", - "@hashicorp/mktg-logos": ">=1.x", - "react": ">=16.x" - } - }, - "node_modules/@hashicorp/react-hashi-stack-menu/node_modules/slugify": { - "version": "1.6.0", - "resolved": "https://registry.npmjs.org/slugify/-/slugify-1.6.0.tgz", - "integrity": "sha512-FkMq+MQc5hzYgM86nLuHI98Acwi3p4wX+a5BO9Hhw4JdK4L7WueIiZ4tXEobImPqBz2sVcV0+Mu3GRB30IGang==", - "engines": { - "node": ">=8.0.0" - } - }, - "node_modules/@hashicorp/react-head": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/@hashicorp/react-head/-/react-head-3.1.2.tgz", - "integrity": "sha512-DkQt0F2zU2cZ36IafDI8TWQNS6kkCVzaouLMR0Mwb/MYCzOJtutyZYrzrrDU+uQQ5tWSt3vZQKrSqD4M5RMMoQ==", - "peerDependencies": { - "@hashicorp/mktg-global-styles": ">=3.x", - "react": ">=16.x" - } - }, - "node_modules/@hashicorp/react-hero": { - "version": "8.0.2", - "resolved": "https://registry.npmjs.org/@hashicorp/react-hero/-/react-hero-8.0.2.tgz", - "integrity": "sha512-q+XgMk0b2YFcmPL8wNHjlZErUEyfIO1i9/diTebHVvKjCs2AeOVDODU3diSU/Q5mvX5dCx36l/fp1qmyYdP8SQ==", - "dependencies": { - "@hashicorp/js-utils": "^1.0.10", - "@hashicorp/platform-product-meta": "^0.1.0", - "@hashicorp/react-alert": "^6.0.0", - "@hashicorp/react-button": "^6.0.1", - "@hashicorp/react-image": "^4.0.2", - "@hashicorp/react-text-input": "^5.0.0", - "classnames": "^2.3.1", - "formik": "^2.2.9", - "promise-polyfill": "^8.2.0", - "query-string": "^5.1.1" - }, - "peerDependencies": { - "@hashicorp/mktg-global-styles": ">=3.x", - "react": ">=16.x" - } - }, - "node_modules/@hashicorp/react-image": { - "version": "4.0.3", - "resolved": "https://registry.npmjs.org/@hashicorp/react-image/-/react-image-4.0.3.tgz", - "integrity": "sha512-GcTWoIGVwZm8nvxKftqjsQjVfjhhDm4VUDpBcCtRAEj3f/umhrppDV6hFuJYSWSWtGp8hnVCFVAS445nNBgaeg==", - "dependencies": { - "object-assign": "4.1.1", - "query-string": "5.1.1" - }, - "peerDependencies": { - "@hashicorp/mktg-global-styles": ">=3.x", - "react": ">=16.x" - } - }, - "node_modules/@hashicorp/react-inline-svg": { - "version": "6.0.3", - "resolved": "https://registry.npmjs.org/@hashicorp/react-inline-svg/-/react-inline-svg-6.0.3.tgz", - "integrity": "sha512-BKLhVFc0gIRxyd2QZ5KWSAXDyyiOI+dQ4U4HrgAA3f4/JmpOsF/EgQ6Ro+cmNZy1/cn42OM2iqoEvUqYvW+ZfQ==", - "peerDependencies": { - "@hashicorp/mktg-global-styles": ">=3.x", - "react": ">=16.x" - } - }, - "node_modules/@hashicorp/react-learn-callout": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/@hashicorp/react-learn-callout/-/react-learn-callout-2.0.1.tgz", - "integrity": "sha512-Dldn8SfbOFGd8cVdYyLUuCXllGYIQ5A8Txv3J6wYzMnWbvRTRnqjzun4kxk1UTxqHonP5D3fACP7xeM1mlbroQ==", - "dependencies": { - "@hashicorp/platform-product-meta": "^0.1.0", - "@hashicorp/react-button": "^6.0.0", - "classnames": "^2.3.1" - }, - "peerDependencies": { - "@hashicorp/mktg-global-styles": ">=3.x", - "react": ">=16.x" - } - }, - "node_modules/@hashicorp/react-link-wrap": { - "version": "3.0.3", - "resolved": "https://registry.npmjs.org/@hashicorp/react-link-wrap/-/react-link-wrap-3.0.3.tgz", - "integrity": "sha512-G0JM3IowWCUWkc/mW5Llb/9NK50PH81/fySGZmQI6/oakK1gLvA6/fEfWRX7cqa7NoFHLiNnDrXJkc3ShtKNVw==", - "peerDependencies": { - "@hashicorp/mktg-global-styles": ">=3.x", - "react": ">=16.x" - } - }, - "node_modules/@hashicorp/react-markdown-page": { - "version": "1.4.3", - "resolved": "https://registry.npmjs.org/@hashicorp/react-markdown-page/-/react-markdown-page-1.4.3.tgz", - "integrity": "sha512-CBYXek4/p/x9P9MSOtUm24QJjoGVvGufxv26WJlnXCeXspprYxWULikcBatZFXresWSa5hYQjpUqNfk3F+XQyw==", - "dependencies": { - "@hashicorp/platform-markdown-utils": "^0.1.0", - "@hashicorp/react-content": "^8.0.2", - "@hashicorp/react-head": "^3.1.2", - "gray-matter": "4.0.2" - }, - "peerDependencies": { - "@hashicorp/mktg-global-styles": ">=3.x", - "next-mdx-remote": ">=3.x", - "react": ">=16.x" - } - }, - "node_modules/@hashicorp/react-placeholder": { - "version": "0.1.0", - "resolved": "https://registry.npmjs.org/@hashicorp/react-placeholder/-/react-placeholder-0.1.0.tgz", - "integrity": "sha512-Jti+Z4p6fVXiukBZpPIvIFJb/oxRYY3AIXCgrEJxvKemvF8iD84oWSyCB2WPzycmHIn4u8dlSCrc/VhicnieQA==", - "peerDependencies": { - "@hashicorp/mktg-global-styles": ">=3.x", - "react": ">=16.9.0" - } - }, - "node_modules/@hashicorp/react-product-downloads-page": { - "version": "2.7.0", - "resolved": "https://registry.npmjs.org/@hashicorp/react-product-downloads-page/-/react-product-downloads-page-2.7.0.tgz", - "integrity": "sha512-GAw+Ztq4Cr/GJ5kyL3HvpLzs2wtpTFrs0FGDp6TRXjAVgqgfqrQU3cJzthtwkvKAZBmgGmubpQf84bhtfgtvLA==", - "dependencies": { - "@hashicorp/platform-product-meta": "^0.1.0", - "@hashicorp/react-button": "^6.0.0", - "@hashicorp/react-head": "^3.1.2", - "@hashicorp/react-tabs": "^7.0.0", - "semver": "^7.3.5" - }, - "peerDependencies": { - "@hashicorp/mktg-global-styles": ">=3.x", - "react": ">=16.x" - } - }, - "node_modules/@hashicorp/react-product-features-list": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/@hashicorp/react-product-features-list/-/react-product-features-list-5.0.0.tgz", - "integrity": "sha512-H1Pp9wq+xdMQ4QZsBGSOcqPGmXMzOP49Ed/e/tsvOrQWhhdj4tjjVqBIPZFKjx6tHW7Ebjz2/PDw27i1UwoYnQ==", - "dependencies": { - "@hashicorp/react-button": "^6.0.0", - "@hashicorp/react-image": "^4.0.1", - "classnames": "^2.3.1" - }, - "peerDependencies": { - "@hashicorp/mktg-global-styles": ">=3.x", - "react": ">=16.x" - } - }, - "node_modules/@hashicorp/react-search": { - "version": "6.4.0", - "resolved": "https://registry.npmjs.org/@hashicorp/react-search/-/react-search-6.4.0.tgz", - "integrity": "sha512-ITAvD5QEc+B79VTYC27kdx0P1ynGFPUwed1ttUxlAIhvzasWjKeM6sS1rT8oFF+QcUZqoE7rKq7Y8k53sAB2Lw==", - "dependencies": { - "@hashicorp/react-inline-svg": "^6.0.1", - "@hashicorp/remark-plugins": "^3.1.1", - "@reach/visually-hidden": "^0.16.0", - "algoliasearch": "^4.10.3", - "classnames": "^2.3.1", - "dotenv": "^10.0.0", - "glob": "^7.1.7", - "gray-matter": "^4.0.3", - "react-instantsearch-dom": "^6.12.1", - "remark": "^13.0.0", - "search-insights": "^1.7.1", - "unist-util-visit": "^2.0.3" - }, - "peerDependencies": { - "@hashicorp/mktg-global-styles": ">=3.x", - "react": ">=16.x" - } - }, - "node_modules/@hashicorp/react-search/node_modules/gray-matter": { - "version": "4.0.3", - "resolved": "https://registry.npmjs.org/gray-matter/-/gray-matter-4.0.3.tgz", - "integrity": "sha512-5v6yZd4JK3eMI3FqqCouswVqwugaA9r4dNZB1wwcmrD02QkV5H0y7XBQW8QwQqEaZY1pM9aqORSORhJRdNK44Q==", - "dependencies": { - "js-yaml": "^3.13.1", - "kind-of": "^6.0.2", - "section-matter": "^1.0.0", - "strip-bom-string": "^1.0.0" + "p-locate": "^4.1.0" }, "engines": { - "node": ">=6.0" + "node": ">=8" } }, - "node_modules/@hashicorp/react-section-header": { - "version": "5.0.4", - "resolved": "https://registry.npmjs.org/@hashicorp/react-section-header/-/react-section-header-5.0.4.tgz", - "integrity": "sha512-1C1bdgn4qdD2IOVjbL+WqTUmLBQHAnKiNezSwQbO4MvdrSFfAllPhPchA760VuVaEBnMWo0gFQPSybRrv7faVQ==", + "node_modules/@istanbuljs/load-nyc-config/node_modules/p-limit": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", + "integrity": "sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==", + "dev": true, + "peer": true, "dependencies": { - "@hashicorp/js-utils": "^1.0.10" + "p-try": "^2.0.0" }, - "peerDependencies": { - "@hashicorp/mktg-global-styles": ">=3.x", - "react": ">=16.x" + "engines": { + "node": ">=6" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" } }, - "node_modules/@hashicorp/react-select-input": { - "version": "4.0.5", - "resolved": "https://registry.npmjs.org/@hashicorp/react-select-input/-/react-select-input-4.0.5.tgz", - "integrity": "sha512-iN7iq7HZTQh3sa3LViuXbS84Si5hL6eWOqXd4DHfWYcZuuwping88l8SwwPWtqr+HVDcFsRixpVuvOCwgQSX0Q==", + "node_modules/@istanbuljs/load-nyc-config/node_modules/p-locate": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", + "integrity": "sha512-R79ZZ/0wAxKGu3oYMlz8jy/kbhsNrS7SKZ7PxEHBgJ5+F2mtFW2fK2cOtBh1cHYkQsbzFV7I+EoRKe6Yt0oK7A==", + "dev": true, + "peer": true, "dependencies": { - "classnames": "^2.3.1", - "downshift": "3.1.5" + "p-limit": "^2.2.0" }, - "peerDependencies": { - "@hashicorp/mktg-global-styles": ">=3.x", - "react": ">=16.x" + "engines": { + "node": ">=8" } }, - "node_modules/@hashicorp/react-stepped-feature-list": { - "version": "4.0.3", - "resolved": "https://registry.npmjs.org/@hashicorp/react-stepped-feature-list/-/react-stepped-feature-list-4.0.3.tgz", - "integrity": "sha512-s/MwmtnMjBViElSCXVbP+sKtDxy6A8jceSVhfVgLv8Q0+G84yeHO0THaMGgTBoA8wgF6Ad5zChW9zDJojdDrMw==", - "dependencies": { - "nuka-carousel": "^4.7.2" - }, - "peerDependencies": { - "@hashicorp/mktg-global-styles": ">=3.x" + "node_modules/@istanbuljs/load-nyc-config/node_modules/p-try": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/p-try/-/p-try-2.2.0.tgz", + "integrity": "sha512-R4nPAVTAU0B9D35/Gk3uJf/7XYbQcyohSKdvAxIRSNghFl4e71hVoGnBNQz9cWaXxO2I10KTC+3jMdvvoKw6dQ==", + "dev": true, + "peer": true, + "engines": { + "node": ">=6" } }, - "node_modules/@hashicorp/react-subnav": { - "version": "9.3.2", - "resolved": "https://registry.npmjs.org/@hashicorp/react-subnav/-/react-subnav-9.3.2.tgz", - "integrity": "sha512-UoMnQgV/KnqNX/bwKKsnw5ph4egJhQPFHwrnplRlBuRMlHgblMMP5jsPi/07wkpIv4iyV0yc1ttaFN4RPVTa5w==", - "dependencies": { - "@hashicorp/mktg-logos": "^1.0.2", - "@hashicorp/platform-product-meta": "^0.1.0", - "@hashicorp/react-button": "^6.0.3", - "@hashicorp/react-inline-svg": "^6.0.3", - "@hashicorp/react-link-wrap": "^3.0.3", - "@reach/visually-hidden": "^0.16.0", - "camel-case": "^4.1.2", - "classnames": "^2.3.1", - "isomorphic-unfetch": "^3.1.0" - }, - "peerDependencies": { - "@hashicorp/mktg-global-styles": ">=3.x", - "react": ">=16.x" - } - }, - "node_modules/@hashicorp/react-tabs": { - "version": "7.0.1", - "resolved": "https://registry.npmjs.org/@hashicorp/react-tabs/-/react-tabs-7.0.1.tgz", - "integrity": "sha512-qmQscQkIxNhZc/QhWo5RCEu39rKXl4iQHlk0Q0Zk+ClqKSplDuVMMJqg3GtrG056em9xA2p+n7J501EZlOfzGg==", - "dependencies": { - "@hashicorp/react-inline-svg": "^6.0.1", - "@reach/portal": "^0.16.0", - "@reach/tooltip": "^0.16.0", - "classnames": "^2.3.1" - }, - "peerDependencies": { - "@hashicorp/mktg-global-styles": ">=3.x", - "react": ">=16.x" - } - }, - "node_modules/@hashicorp/react-tabs/node_modules/@reach/portal": { - "version": "0.16.0", - "resolved": "https://registry.npmjs.org/@reach/portal/-/portal-0.16.0.tgz", - "integrity": "sha512-vXJ0O9T+72HiSEWHPs2cx7YbSO7pQsTMhgqPc5aaddIYpo2clJx1PnYuS0lSNlVaDO0IxQhwYq43evXaXnmviw==", - "dependencies": { - "@reach/utils": "0.16.0", - "tslib": "^2.3.0" - }, - "peerDependencies": { - "react": "^16.8.0 || 17.x", - "react-dom": "^16.8.0 || 17.x" - } - }, - "node_modules/@hashicorp/react-tabs/node_modules/@reach/utils": { - "version": "0.16.0", - "resolved": "https://registry.npmjs.org/@reach/utils/-/utils-0.16.0.tgz", - "integrity": "sha512-PCggBet3qaQmwFNcmQ/GqHSefadAFyNCUekq9RrWoaU9hh/S4iaFgf2MBMdM47eQj5i/Bk0Mm07cP/XPFlkN+Q==", - "dependencies": { - "tiny-warning": "^1.0.3", - "tslib": "^2.3.0" - }, - "peerDependencies": { - "react": "^16.8.0 || 17.x", - "react-dom": "^16.8.0 || 17.x" - } - }, - "node_modules/@hashicorp/react-tabs/node_modules/tslib": { - "version": "2.3.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.3.1.tgz", - "integrity": "sha512-77EbyPPpMz+FRFRuAFlWMtmgUWGe9UOG2Z25NqCwiIjRhOf5iKGuzSe5P2w1laq+FkRy4p+PCuVkJSGkzTEKVw==" - }, - "node_modules/@hashicorp/react-text-input": { - "version": "5.0.1", - "resolved": "https://registry.npmjs.org/@hashicorp/react-text-input/-/react-text-input-5.0.1.tgz", - "integrity": "sha512-KXY2XloVHKYKJFk/S3LrVZBm0QNtDqdhRsd9wXdxe3dlElfAbNMgxIUQz2bzqmLYxegatlhgGCr6GBU9odkz5A==", - "dependencies": { - "classnames": "^2.3.1", - "uuid": "^8.3.2" - }, - "peerDependencies": { - "@hashicorp/mktg-global-styles": ">=3.x", - "react": ">=16.x" - } - }, - "node_modules/@hashicorp/react-text-input/node_modules/uuid": { - "version": "8.3.2", - "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz", - "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==", - "bin": { - "uuid": "dist/bin/uuid" - } - }, - "node_modules/@hashicorp/react-text-split": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/@hashicorp/react-text-split/-/react-text-split-4.0.0.tgz", - "integrity": "sha512-drBWTG3l7v/GNusn2gy2eW3SjuJ3lldlfzX3lr20IxprP2UcMcpLBDQFL+xrJbaHe7Tn2WjwrdmOS6MtQOopbQ==", - "dependencies": { - "@hashicorp/platform-product-meta": "^0.1.0", - "@hashicorp/react-button": "^6.0.0", - "@hashicorp/react-inline-svg": "^6.0.3", - "classnames": "^2.3.1" - }, - "peerDependencies": { - "@hashicorp/mktg-global-styles": ">=3.x", - "react": ">=16.x" - } - }, - "node_modules/@hashicorp/react-text-split-with-code": { - "version": "3.3.8", - "resolved": "https://registry.npmjs.org/@hashicorp/react-text-split-with-code/-/react-text-split-with-code-3.3.8.tgz", - "integrity": "sha512-aOakwQL+GjrSEsySSOHw7WlJLg0nEiKoIMK5x8aLry64ZwHgTpqqFj5CTQ01RHk0sAfqbCCvrRc2il9CLR83fg==", - "dependencies": { - "@hashicorp/react-code-block": "^4.1.5", - "@hashicorp/react-text-split": "^4.0.0" - }, - "peerDependencies": { - "@hashicorp/mktg-global-styles": ">=3.x", - "react": ">=16.x" - } - }, - "node_modules/@hashicorp/react-text-split-with-image": { - "version": "4.2.5", - "resolved": "https://registry.npmjs.org/@hashicorp/react-text-split-with-image/-/react-text-split-with-image-4.2.5.tgz", - "integrity": "sha512-UJ2hF7xYXcWoIpgAD3MlJijutbouKW5joVScfL9zgTWUPmr1c9cBj6MQf7VNNP00q4CR0ElId74ki2tr/8Vkfw==", - "dependencies": { - "@hashicorp/react-image": "^4.0.3", - "@hashicorp/react-text-split": "^4.0.0" - }, - "peerDependencies": { - "@hashicorp/mktg-global-styles": ">=3.x", - "react": ">=16.x" - } - }, - "node_modules/@hashicorp/react-toggle": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/@hashicorp/react-toggle/-/react-toggle-4.0.1.tgz", - "integrity": "sha512-pPcFs3mlR7qt6j+bbfRnkxr1dEpTInuvLfYZ27L92uEcd83MBLcc+jp6c/idMuzHyLGSFU5aGqrAz5ufhLERZw==", - "dependencies": { - "classnames": "^2.3.1" - }, - "peerDependencies": { - "@hashicorp/mktg-global-styles": ">=3.x", - "react": ">=16.x" - } - }, - "node_modules/@hashicorp/react-use-cases": { + "node_modules/@istanbuljs/load-nyc-config/node_modules/resolve-from": { "version": "5.0.0", - "resolved": "https://registry.npmjs.org/@hashicorp/react-use-cases/-/react-use-cases-5.0.0.tgz", - "integrity": "sha512-doiU9Wpo5c1r5XhsiIWNStPd+P3D/9BqMoYn+MrCrfFvD19pbAuH5GEJslC/XBJt7M4uumAb9e803XKJAayZww==", - "dependencies": { - "@hashicorp/react-image": "^4.0.3", - "@hashicorp/react-inline-svg": "^6.0.3", - "classnames": "^2.3.1" - }, - "peerDependencies": { - "@hashicorp/mktg-global-styles": ">=3.x", - "react": ">=16.x" + "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-5.0.0.tgz", + "integrity": "sha512-qYg9KP24dD5qka9J47d0aVky0N+b4fTU89LN9iDnjB5waksiC49rvMB0PrUJQGoTmH50XPiqOvAjDfaijGxYZw==", + "dev": true, + "peer": true, + "engines": { + "node": ">=8" } }, - "node_modules/@hashicorp/react-version-select": { - "version": "0.3.0", - "resolved": "https://registry.npmjs.org/@hashicorp/react-version-select/-/react-version-select-0.3.0.tgz", - "integrity": "sha512-wd708z+ftdUkK+jKBLFHdHE3U4a0g37LTOxH9X68LzFDWPUT9gTAI5dPEfT0Os/DeJxWcRvUoaS8Fbtd7SQPmg==", - "dependencies": { - "@hashicorp/react-select-input": ">=4.x" - }, - "peerDependencies": { - "react": ">=16.8.x" + "node_modules/@istanbuljs/schema": { + "version": "0.1.3", + "resolved": "https://registry.npmjs.org/@istanbuljs/schema/-/schema-0.1.3.tgz", + "integrity": "sha512-ZXRY4jNvVgSVQ8DL3LTcakaAtXwTVUxE81hslsyD2AtoXW/wVob10HkOJ1X/pAlcI7D+2YoZKg5do8G/w6RYgA==", + "dev": true, + "peer": true, + "engines": { + "node": ">=8" } }, - "node_modules/@hashicorp/react-vertical-text-block-list": { - "version": "7.0.0", - "resolved": "https://registry.npmjs.org/@hashicorp/react-vertical-text-block-list/-/react-vertical-text-block-list-7.0.0.tgz", - "integrity": "sha512-RYFO/HXEiB4Adj6zdmuLCL19gfTh7MZc53Kp9FqZ7dWR7ggW24tMCwIsgqvk4NjubBkJ0Lx/DnhiQ3ATZVMC6w==", + "node_modules/@jest/console": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/@jest/console/-/console-26.6.2.tgz", + "integrity": "sha512-IY1R2i2aLsLr7Id3S6p2BA82GNWryt4oSvEXLAKc+L2zdi89dSkE8xC1C+0kpATG4JhBJREnQOH7/zmccM2B0g==", + "dev": true, + "peer": true, "dependencies": { - "@hashicorp/platform-product-meta": "^0.1.0", - "@hashicorp/react-image": "^4.0.1", - "@hashicorp/react-link-wrap": "^3.0.1", - "classnames": "^2.3.1" + "@jest/types": "^26.6.2", + "@types/node": "*", + "chalk": "^4.0.0", + "jest-message-util": "^26.6.2", + "jest-util": "^26.6.2", + "slash": "^3.0.0" }, - "peerDependencies": { - "@hashicorp/mktg-global-styles": ">=3.x", - "react": ">=16.x" + "engines": { + "node": ">= 10.14.2" } }, - "node_modules/@hashicorp/remark-plugins": { - "version": "3.2.0", - "resolved": "https://registry.npmjs.org/@hashicorp/remark-plugins/-/remark-plugins-3.2.0.tgz", - "integrity": "sha512-kHY0Uq/6TnqXkIKGo4oIhhvVDfynlNzLxNRxMYMi6yOyGSI407j9M0sTfJWwoQom4NWFd3aOlwJV8IAhF7deJQ==", + "node_modules/@jest/core": { + "version": "26.6.3", + "resolved": "https://registry.npmjs.org/@jest/core/-/core-26.6.3.tgz", + "integrity": "sha512-xvV1kKbhfUqFVuZ8Cyo+JPpipAHHAV3kcDBftiduK8EICXmTFddryy3P7NfZt8Pv37rA9nEJBKCCkglCPt/Xjw==", + "dev": true, + "peer": true, "dependencies": { - "@mdx-js/util": "1.6.22", - "github-slugger": "^1.3.0", - "remark": "12.0.1", - "remark-mdx": "1.6.22", - "to-vfile": "^6.1.0", - "unist-util-flatmap": "^1.0.0", - "unist-util-is": "^4.0.2", - "unist-util-map": "^2.0.1", - "unist-util-visit": "^2.0.3" + "@jest/console": "^26.6.2", + "@jest/reporters": "^26.6.2", + "@jest/test-result": "^26.6.2", + "@jest/transform": "^26.6.2", + "@jest/types": "^26.6.2", + "@types/node": "*", + "ansi-escapes": "^4.2.1", + "chalk": "^4.0.0", + "exit": "^0.1.2", + "graceful-fs": "^4.2.4", + "jest-changed-files": "^26.6.2", + "jest-config": "^26.6.3", + "jest-haste-map": "^26.6.2", + "jest-message-util": "^26.6.2", + "jest-regex-util": "^26.0.0", + "jest-resolve": "^26.6.2", + "jest-resolve-dependencies": "^26.6.3", + "jest-runner": "^26.6.3", + "jest-runtime": "^26.6.3", + "jest-snapshot": "^26.6.2", + "jest-util": "^26.6.2", + "jest-validate": "^26.6.2", + "jest-watcher": "^26.6.2", + "micromatch": "^4.0.2", + "p-each-series": "^2.1.0", + "rimraf": "^3.0.0", + "slash": "^3.0.0", + "strip-ansi": "^6.0.0" + }, + "engines": { + "node": ">= 10.14.2" } }, - "node_modules/@hashicorp/remark-plugins/node_modules/remark": { - "version": "12.0.1", - "resolved": "https://registry.npmjs.org/remark/-/remark-12.0.1.tgz", - "integrity": "sha512-gS7HDonkdIaHmmP/+shCPejCEEW+liMp/t/QwmF0Xt47Rpuhl32lLtDV1uKWvGoq+kxr5jSgg5oAIpGuyULjUw==", + "node_modules/@jest/environment": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/@jest/environment/-/environment-26.6.2.tgz", + "integrity": "sha512-nFy+fHl28zUrRsCeMB61VDThV1pVTtlEokBRgqPrcT1JNq4yRNIyTHfyht6PqtUvY9IsuLGTrbG8kPXjSZIZwA==", + "dev": true, + "peer": true, "dependencies": { - "remark-parse": "^8.0.0", - "remark-stringify": "^8.0.0", - "unified": "^9.0.0" + "@jest/fake-timers": "^26.6.2", + "@jest/types": "^26.6.2", + "@types/node": "*", + "jest-mock": "^26.6.2" }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" + "engines": { + "node": ">= 10.14.2" } }, - "node_modules/@hashicorp/remark-plugins/node_modules/remark-parse": { - "version": "8.0.3", - "resolved": "https://registry.npmjs.org/remark-parse/-/remark-parse-8.0.3.tgz", - "integrity": "sha512-E1K9+QLGgggHxCQtLt++uXltxEprmWzNfg+MxpfHsZlrddKzZ/hZyWHDbK3/Ap8HJQqYJRXP+jHczdL6q6i85Q==", + "node_modules/@jest/fake-timers": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/@jest/fake-timers/-/fake-timers-26.6.2.tgz", + "integrity": "sha512-14Uleatt7jdzefLPYM3KLcnUl1ZNikaKq34enpb5XG9i81JpppDb5muZvonvKyrl7ftEHkKS5L5/eB/kxJ+bvA==", + "dev": true, + "peer": true, "dependencies": { - "ccount": "^1.0.0", - "collapse-white-space": "^1.0.2", - "is-alphabetical": "^1.0.0", - "is-decimal": "^1.0.0", - "is-whitespace-character": "^1.0.0", - "is-word-character": "^1.0.0", - "markdown-escapes": "^1.0.0", - "parse-entities": "^2.0.0", - "repeat-string": "^1.5.4", - "state-toggle": "^1.0.0", - "trim": "0.0.1", - "trim-trailing-lines": "^1.0.0", - "unherit": "^1.0.4", - "unist-util-remove-position": "^2.0.0", - "vfile-location": "^3.0.0", - "xtend": "^4.0.1" + "@jest/types": "^26.6.2", + "@sinonjs/fake-timers": "^6.0.1", + "@types/node": "*", + "jest-message-util": "^26.6.2", + "jest-mock": "^26.6.2", + "jest-util": "^26.6.2" }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" + "engines": { + "node": ">= 10.14.2" } }, - "node_modules/@hashicorp/remark-plugins/node_modules/remark-stringify": { - "version": "8.1.1", - "resolved": "https://registry.npmjs.org/remark-stringify/-/remark-stringify-8.1.1.tgz", - "integrity": "sha512-q4EyPZT3PcA3Eq7vPpT6bIdokXzFGp9i85igjmhRyXWmPs0Y6/d2FYwUNotKAWyLch7g0ASZJn/KHHcHZQ163A==", + "node_modules/@jest/globals": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/@jest/globals/-/globals-26.6.2.tgz", + "integrity": "sha512-85Ltnm7HlB/KesBUuALwQ68YTU72w9H2xW9FjZ1eL1U3lhtefjjl5c2MiUbpXt/i6LaPRvoOFJ22yCBSfQ0JIA==", + "dev": true, + "peer": true, "dependencies": { - "ccount": "^1.0.0", - "is-alphanumeric": "^1.0.0", - "is-decimal": "^1.0.0", - "is-whitespace-character": "^1.0.0", - "longest-streak": "^2.0.1", - "markdown-escapes": "^1.0.0", - "markdown-table": "^2.0.0", - "mdast-util-compact": "^2.0.0", - "parse-entities": "^2.0.0", - "repeat-string": "^1.5.4", - "state-toggle": "^1.0.0", - "stringify-entities": "^3.0.0", - "unherit": "^1.0.4", - "xtend": "^4.0.1" + "@jest/environment": "^26.6.2", + "@jest/types": "^26.6.2", + "expect": "^26.6.2" }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" + "engines": { + "node": ">= 10.14.2" + } + }, + "node_modules/@jest/reporters": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/@jest/reporters/-/reporters-26.6.2.tgz", + "integrity": "sha512-h2bW53APG4HvkOnVMo8q3QXa6pcaNt1HkwVsOPMBV6LD/q9oSpxNSYZQYkAnjdMjrJ86UuYeLo+aEZClV6opnw==", + "dev": true, + "peer": true, + "dependencies": { + "@bcoe/v8-coverage": "^0.2.3", + "@jest/console": "^26.6.2", + "@jest/test-result": "^26.6.2", + "@jest/transform": "^26.6.2", + "@jest/types": "^26.6.2", + "chalk": "^4.0.0", + "collect-v8-coverage": "^1.0.0", + "exit": "^0.1.2", + "glob": "^7.1.2", + "graceful-fs": "^4.2.4", + "istanbul-lib-coverage": "^3.0.0", + "istanbul-lib-instrument": "^4.0.3", + "istanbul-lib-report": "^3.0.0", + "istanbul-lib-source-maps": "^4.0.0", + "istanbul-reports": "^3.0.2", + "jest-haste-map": "^26.6.2", + "jest-resolve": "^26.6.2", + "jest-util": "^26.6.2", + "jest-worker": "^26.6.2", + "slash": "^3.0.0", + "source-map": "^0.6.0", + "string-length": "^4.0.1", + "terminal-link": "^2.0.0", + "v8-to-istanbul": "^7.0.0" + }, + "engines": { + "node": ">= 10.14.2" + }, + "optionalDependencies": { + "node-notifier": "^8.0.0" + } + }, + "node_modules/@jest/reporters/node_modules/jest-worker": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/jest-worker/-/jest-worker-26.6.2.tgz", + "integrity": "sha512-KWYVV1c4i+jbMpaBC+U++4Va0cp8OisU185o73T1vo99hqi7w8tSJfUXYswwqqrjzwxa6KpRK54WhPvwf5w6PQ==", + "dev": true, + "peer": true, + "dependencies": { + "@types/node": "*", + "merge-stream": "^2.0.0", + "supports-color": "^7.0.0" + }, + "engines": { + "node": ">= 10.13.0" + } + }, + "node_modules/@jest/reporters/node_modules/source-map": { + "version": "0.6.1", + "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", + "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==", + "dev": true, + "peer": true, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/@jest/source-map": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/@jest/source-map/-/source-map-26.6.2.tgz", + "integrity": "sha512-YwYcCwAnNmOVsZ8mr3GfnzdXDAl4LaenZP5z+G0c8bzC9/dugL8zRmxZzdoTl4IaS3CryS1uWnROLPFmb6lVvA==", + "dev": true, + "peer": true, + "dependencies": { + "callsites": "^3.0.0", + "graceful-fs": "^4.2.4", + "source-map": "^0.6.0" + }, + "engines": { + "node": ">= 10.14.2" + } + }, + "node_modules/@jest/source-map/node_modules/source-map": { + "version": "0.6.1", + "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", + "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==", + "dev": true, + "peer": true, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/@jest/test-result": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/@jest/test-result/-/test-result-26.6.2.tgz", + "integrity": "sha512-5O7H5c/7YlojphYNrK02LlDIV2GNPYisKwHm2QTKjNZeEzezCbwYs9swJySv2UfPMyZ0VdsmMv7jIlD/IKYQpQ==", + "dev": true, + "peer": true, + "dependencies": { + "@jest/console": "^26.6.2", + "@jest/types": "^26.6.2", + "@types/istanbul-lib-coverage": "^2.0.0", + "collect-v8-coverage": "^1.0.0" + }, + "engines": { + "node": ">= 10.14.2" + } + }, + "node_modules/@jest/test-sequencer": { + "version": "26.6.3", + "resolved": "https://registry.npmjs.org/@jest/test-sequencer/-/test-sequencer-26.6.3.tgz", + "integrity": "sha512-YHlVIjP5nfEyjlrSr8t/YdNfU/1XEt7c5b4OxcXCjyRhjzLYu/rO69/WHPuYcbCWkz8kAeZVZp2N2+IOLLEPGw==", + "dev": true, + "peer": true, + "dependencies": { + "@jest/test-result": "^26.6.2", + "graceful-fs": "^4.2.4", + "jest-haste-map": "^26.6.2", + "jest-runner": "^26.6.3", + "jest-runtime": "^26.6.3" + }, + "engines": { + "node": ">= 10.14.2" + } + }, + "node_modules/@jest/transform": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/@jest/transform/-/transform-26.6.2.tgz", + "integrity": "sha512-E9JjhUgNzvuQ+vVAL21vlyfy12gP0GhazGgJC4h6qUt1jSdUXGWJ1wfu/X7Sd8etSgxV4ovT1pb9v5D6QW4XgA==", + "dev": true, + "peer": true, + "dependencies": { + "@babel/core": "^7.1.0", + "@jest/types": "^26.6.2", + "babel-plugin-istanbul": "^6.0.0", + "chalk": "^4.0.0", + "convert-source-map": "^1.4.0", + "fast-json-stable-stringify": "^2.0.0", + "graceful-fs": "^4.2.4", + "jest-haste-map": "^26.6.2", + "jest-regex-util": "^26.0.0", + "jest-util": "^26.6.2", + "micromatch": "^4.0.2", + "pirates": "^4.0.1", + "slash": "^3.0.0", + "source-map": "^0.6.1", + "write-file-atomic": "^3.0.0" + }, + "engines": { + "node": ">= 10.14.2" + } + }, + "node_modules/@jest/transform/node_modules/source-map": { + "version": "0.6.1", + "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", + "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==", + "dev": true, + "peer": true, + "engines": { + "node": ">=0.10.0" } }, "node_modules/@jest/types": { @@ -2003,134 +1052,19 @@ "node": ">= 10.14.2" } }, - "node_modules/@mapbox/rehype-prism": { - "version": "0.5.0", - "resolved": "https://registry.npmjs.org/@mapbox/rehype-prism/-/rehype-prism-0.5.0.tgz", - "integrity": "sha512-sE5EetmSR6At7AU2s3N2rFUUqm8BpvxUcGcesgfTZgqF7bQoekqsKxLX8gunIDjZs34acZJ6fgPFHepEWnYKCQ==", - "dependencies": { - "hast-util-to-string": "^1.0.3", - "refractor": "^3.0.0", - "unist-util-visit": "^2.0.2" - }, - "engines": { - "node": ">=10" - } - }, - "node_modules/@mdx-js/mdx": { - "version": "1.6.22", - "resolved": "https://registry.npmjs.org/@mdx-js/mdx/-/mdx-1.6.22.tgz", - "integrity": "sha512-AMxuLxPz2j5/6TpF/XSdKpQP1NlG0z11dFOlq+2IP/lSgl11GY8ji6S/rgsViN/L0BDvHvUMruRb7ub+24LUYA==", - "dependencies": { - "@babel/core": "7.12.9", - "@babel/plugin-syntax-jsx": "7.12.1", - "@babel/plugin-syntax-object-rest-spread": "7.8.3", - "@mdx-js/util": "1.6.22", - "babel-plugin-apply-mdx-type-prop": "1.6.22", - "babel-plugin-extract-import-names": "1.6.22", - "camelcase-css": "2.0.1", - "detab": "2.0.4", - "hast-util-raw": "6.0.1", - "lodash.uniq": "4.5.0", - "mdast-util-to-hast": "10.0.1", - "remark-footnotes": "2.0.0", - "remark-mdx": "1.6.22", - "remark-parse": "8.0.3", - "remark-squeeze-paragraphs": "4.0.0", - "style-to-object": "0.3.0", - "unified": "9.2.0", - "unist-builder": "2.0.3", - "unist-util-visit": "2.0.3" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" - } - }, - "node_modules/@mdx-js/mdx/node_modules/remark-parse": { - "version": "8.0.3", - "resolved": "https://registry.npmjs.org/remark-parse/-/remark-parse-8.0.3.tgz", - "integrity": "sha512-E1K9+QLGgggHxCQtLt++uXltxEprmWzNfg+MxpfHsZlrddKzZ/hZyWHDbK3/Ap8HJQqYJRXP+jHczdL6q6i85Q==", - "dependencies": { - "ccount": "^1.0.0", - "collapse-white-space": "^1.0.2", - "is-alphabetical": "^1.0.0", - "is-decimal": "^1.0.0", - "is-whitespace-character": "^1.0.0", - "is-word-character": "^1.0.0", - "markdown-escapes": "^1.0.0", - "parse-entities": "^2.0.0", - "repeat-string": "^1.5.4", - "state-toggle": "^1.0.0", - "trim": "0.0.1", - "trim-trailing-lines": "^1.0.0", - "unherit": "^1.0.4", - "unist-util-remove-position": "^2.0.0", - "vfile-location": "^3.0.0", - "xtend": "^4.0.1" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" - } - }, - "node_modules/@mdx-js/react": { - "version": "1.6.22", - "resolved": "https://registry.npmjs.org/@mdx-js/react/-/react-1.6.22.tgz", - "integrity": "sha512-TDoPum4SHdfPiGSAaRBw7ECyI8VaHpK8GJugbJIJuqyh6kzw9ZLJZW3HGL3NNrJGxcAixUvqROm+YuQOo5eXtg==", - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" - }, - "peerDependencies": { - "react": "^16.13.1 || ^17.0.0" - } - }, - "node_modules/@mdx-js/util": { - "version": "1.6.22", - "resolved": "https://registry.npmjs.org/@mdx-js/util/-/util-1.6.22.tgz", - "integrity": "sha512-H1rQc1ZOHANWBvPcW+JpGwr+juXSxM8Q8YCkm3GhZd8REu1fHR3z99CErO1p9pkcfcxZnMdIZdIsXkOHY0NilA==", - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" - } - }, - "node_modules/@mrmlnc/readdir-enhanced": { - "version": "2.2.1", - "resolved": "https://registry.npmjs.org/@mrmlnc/readdir-enhanced/-/readdir-enhanced-2.2.1.tgz", - "integrity": "sha512-bPHp6Ji8b41szTOcaP63VlnbbO5Ny6dwAATtY6JTjh5N2OLrb5Qk/Th5cRkRQhkWCt+EJsYrNB0MiL+Gpn6e3g==", - "dev": true, - "dependencies": { - "call-me-maybe": "^1.0.1", - "glob-to-regexp": "^0.3.0" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/@mrmlnc/readdir-enhanced/node_modules/glob-to-regexp": { - "version": "0.3.0", - "resolved": "https://registry.npmjs.org/glob-to-regexp/-/glob-to-regexp-0.3.0.tgz", - "integrity": "sha1-jFoUlNIGbFcMw7/kSWF1rMTVAqs=", - "dev": true - }, "node_modules/@napi-rs/triples": { "version": "1.0.3", "resolved": "https://registry.npmjs.org/@napi-rs/triples/-/triples-1.0.3.tgz", - "integrity": "sha512-jDJTpta+P4p1NZTFVLHJ/TLFVYVcOqv6l8xwOeBKNPMgY/zDYH/YH7SJbvrr/h1RcS9GzbPcLKGzpuK9cV56UA==" - }, - "node_modules/@next/bundle-analyzer": { - "version": "10.0.3", - "resolved": "https://registry.npmjs.org/@next/bundle-analyzer/-/bundle-analyzer-10.0.3.tgz", - "integrity": "sha512-+RtvLLpNkTLnq5ICli2hCBI6oZZ1lrrLLa6Dcaitadvly1IuspgwkwyBVlufm2barV+QSHJ2GlX26+NuLbisyg==", + "integrity": "sha512-jDJTpta+P4p1NZTFVLHJ/TLFVYVcOqv6l8xwOeBKNPMgY/zDYH/YH7SJbvrr/h1RcS9GzbPcLKGzpuK9cV56UA==", "dev": true, - "dependencies": { - "webpack-bundle-analyzer": "3.6.1" - } + "peer": true }, "node_modules/@next/env": { "version": "11.1.2", "resolved": "https://registry.npmjs.org/@next/env/-/env-11.1.2.tgz", - "integrity": "sha512-+fteyVdQ7C/OoulfcF6vd1Yk0FEli4453gr8kSFbU8sKseNSizYq6df5MKz/AjwLptsxrUeIkgBdAzbziyJ3mA==" + "integrity": "sha512-+fteyVdQ7C/OoulfcF6vd1Yk0FEli4453gr8kSFbU8sKseNSizYq6df5MKz/AjwLptsxrUeIkgBdAzbziyJ3mA==", + "dev": true, + "peer": true }, "node_modules/@next/eslint-plugin-next": { "version": "11.1.2", @@ -2144,12 +1078,16 @@ "node_modules/@next/polyfill-module": { "version": "11.1.2", "resolved": "https://registry.npmjs.org/@next/polyfill-module/-/polyfill-module-11.1.2.tgz", - "integrity": "sha512-xZmixqADM3xxtqBV0TpAwSFzWJP0MOQzRfzItHXf1LdQHWb0yofHHC+7eOrPFic8+ZGz5y7BdPkkgR1S25OymA==" + "integrity": "sha512-xZmixqADM3xxtqBV0TpAwSFzWJP0MOQzRfzItHXf1LdQHWb0yofHHC+7eOrPFic8+ZGz5y7BdPkkgR1S25OymA==", + "dev": true, + "peer": true }, "node_modules/@next/react-dev-overlay": { "version": "11.1.2", "resolved": "https://registry.npmjs.org/@next/react-dev-overlay/-/react-dev-overlay-11.1.2.tgz", "integrity": "sha512-rDF/mGY2NC69mMg2vDqzVpCOlWqnwPUXB2zkARhvknUHyS6QJphPYv9ozoPJuoT/QBs49JJd9KWaAzVBvq920A==", + "dev": true, + "peer": true, "dependencies": { "@babel/code-frame": "7.12.11", "anser": "1.4.9", @@ -2172,6 +1110,8 @@ "version": "7.12.11", "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.12.11.tgz", "integrity": "sha512-Zt1yodBx1UcyiePMSkWnU4hPqhwq7hGi2nFL1LeA3EUl+q2LQx16MISgJ0+z7dnmgvP9QtIleuETGOiOH1RcIw==", + "dev": true, + "peer": true, "dependencies": { "@babel/highlight": "^7.10.4" } @@ -2180,6 +1120,8 @@ "version": "4.0.0", "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.0.0.tgz", "integrity": "sha512-N9oWFcegS0sFr9oh1oz2d7Npos6vNoWW9HvtCg5N1KRFpUhaAhvTv5Y58g880fZaEYSNm3qDz8SU1UrGvp+n7A==", + "dev": true, + "peer": true, "dependencies": { "ansi-styles": "^4.1.0", "supports-color": "^7.1.0" @@ -2194,12 +1136,16 @@ "node_modules/@next/react-dev-overlay/node_modules/classnames": { "version": "2.2.6", "resolved": "https://registry.npmjs.org/classnames/-/classnames-2.2.6.tgz", - "integrity": "sha512-JR/iSQOSt+LQIWwrwEzJ9uk0xfN3mTVYMwt1Ir5mUcSN6pU+V4zQFFaJsclJbPuAUQH+yfWef6tm7l1quW3C8Q==" + "integrity": "sha512-JR/iSQOSt+LQIWwrwEzJ9uk0xfN3mTVYMwt1Ir5mUcSN6pU+V4zQFFaJsclJbPuAUQH+yfWef6tm7l1quW3C8Q==", + "dev": true, + "peer": true }, "node_modules/@next/react-dev-overlay/node_modules/source-map": { "version": "0.8.0-beta.0", "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.8.0-beta.0.tgz", "integrity": "sha512-2ymg6oRBpebeZi9UUNsgQ89bhx01TcTkmNTGnNO88imTmbSgy4nfujrgVEFKWpMTEGA11EDkTt7mqObTPdigIA==", + "dev": true, + "peer": true, "dependencies": { "whatwg-url": "^7.0.0" }, @@ -2211,6 +1157,8 @@ "version": "11.1.2", "resolved": "https://registry.npmjs.org/@next/react-refresh-utils/-/react-refresh-utils-11.1.2.tgz", "integrity": "sha512-hsoJmPfhVqjZ8w4IFzoo8SyECVnN+8WMnImTbTKrRUHOVJcYMmKLL7xf7T0ft00tWwAl/3f3Q3poWIN2Ueql/Q==", + "dev": true, + "peer": true, "peerDependencies": { "react-refresh": "0.8.3", "webpack": "^4 || ^5" @@ -2225,13 +1173,11 @@ "version": "11.1.2", "resolved": "https://registry.npmjs.org/@next/swc-darwin-arm64/-/swc-darwin-arm64-11.1.2.tgz", "integrity": "sha512-hZuwOlGOwBZADA8EyDYyjx3+4JGIGjSHDHWrmpI7g5rFmQNltjlbaefAbiU5Kk7j3BUSDwt30quJRFv3nyJQ0w==", - "cpu": [ - "arm64" - ], + "cpu": ["arm64"], + "dev": true, "optional": true, - "os": [ - "darwin" - ], + "os": ["darwin"], + "peer": true, "engines": { "node": ">= 10" } @@ -2240,13 +1186,11 @@ "version": "11.1.2", "resolved": "https://registry.npmjs.org/@next/swc-darwin-x64/-/swc-darwin-x64-11.1.2.tgz", "integrity": "sha512-PGOp0E1GisU+EJJlsmJVGE+aPYD0Uh7zqgsrpD3F/Y3766Ptfbe1lEPPWnRDl+OzSSrSrX1lkyM/Jlmh5OwNvA==", - "cpu": [ - "x64" - ], + "cpu": ["x64"], + "dev": true, "optional": true, - "os": [ - "darwin" - ], + "os": ["darwin"], + "peer": true, "engines": { "node": ">= 10" } @@ -2255,13 +1199,11 @@ "version": "11.1.2", "resolved": "https://registry.npmjs.org/@next/swc-linux-x64-gnu/-/swc-linux-x64-gnu-11.1.2.tgz", "integrity": "sha512-YcDHTJjn/8RqvyJVB6pvEKXihDcdrOwga3GfMv/QtVeLphTouY4BIcEUfrG5+26Nf37MP1ywN3RRl1TxpurAsQ==", - "cpu": [ - "x64" - ], + "cpu": ["x64"], + "dev": true, "optional": true, - "os": [ - "linux" - ], + "os": ["linux"], + "peer": true, "engines": { "node": ">= 10" } @@ -2270,13 +1212,11 @@ "version": "11.1.2", "resolved": "https://registry.npmjs.org/@next/swc-win32-x64-msvc/-/swc-win32-x64-msvc-11.1.2.tgz", "integrity": "sha512-e/pIKVdB+tGQYa1cW3sAeHm8gzEri/HYLZHT4WZojrUxgWXqx8pk7S7Xs47uBcFTqBDRvK3EcQpPLf3XdVsDdg==", - "cpu": [ - "x64" - ], + "cpu": ["x64"], + "dev": true, "optional": true, - "os": [ - "win32" - ], + "os": ["win32"], + "peer": true, "engines": { "node": ">= 10" } @@ -2285,6 +1225,8 @@ "version": "1.2.1", "resolved": "https://registry.npmjs.org/@node-rs/helper/-/helper-1.2.1.tgz", "integrity": "sha512-R5wEmm8nbuQU0YGGmYVjEc0OHtYsuXdpRG+Ut/3wZ9XAvQWyThN08bTh2cBJgoZxHQUPtvRfeQuxcAgLuiBISg==", + "dev": true, + "peer": true, "dependencies": { "@napi-rs/triples": "^1.0.3" } @@ -2324,320 +1266,30 @@ "node": ">= 8" } }, - "node_modules/@reach/auto-id": { - "version": "0.15.0", - "resolved": "https://registry.npmjs.org/@reach/auto-id/-/auto-id-0.15.0.tgz", - "integrity": "sha512-iACaCcZeqAhDf4OOwJpmHHS/LaRj9z3Ip8JmlhpCrFWV2YOIiiZk42amlBZX6CKH66Md+eriYZQk3TyAjk6Oxg==", - "dependencies": { - "@reach/utils": "0.15.0", - "tslib": "^2.1.0" - }, - "peerDependencies": { - "react": "^16.8.0 || 17.x", - "react-dom": "^16.8.0 || 17.x" - } - }, - "node_modules/@reach/auto-id/node_modules/tslib": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.3.0.tgz", - "integrity": "sha512-N82ooyxVNm6h1riLCoyS9e3fuJ3AMG2zIZs2Gd1ATcSFjSA23Q0fzjjZeh0jbJvWVDZ0cJT8yaNNaaXHzueNjg==" - }, - "node_modules/@reach/descendants": { - "version": "0.15.0", - "resolved": "https://registry.npmjs.org/@reach/descendants/-/descendants-0.15.0.tgz", - "integrity": "sha512-MGs+7sGjx07sm29Wc2d/Ya72qwatNVHofnYwwHMT6LImv99kE5TQMCgkMSDeRwqQxHURmcjb4I7Tab+ahvCGiw==", - "dependencies": { - "@reach/utils": "0.15.0", - "tslib": "^2.1.0" - }, - "peerDependencies": { - "react": "^16.8.0 || 17.x", - "react-dom": "^16.8.0 || 17.x" - } - }, - "node_modules/@reach/descendants/node_modules/tslib": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.3.0.tgz", - "integrity": "sha512-N82ooyxVNm6h1riLCoyS9e3fuJ3AMG2zIZs2Gd1ATcSFjSA23Q0fzjjZeh0jbJvWVDZ0cJT8yaNNaaXHzueNjg==" - }, - "node_modules/@reach/dialog": { - "version": "0.16.2", - "resolved": "https://registry.npmjs.org/@reach/dialog/-/dialog-0.16.2.tgz", - "integrity": "sha512-qq8oX0cROgTb8LjOKWzzNm4SqaN9b89lJHr7UyVo2aQ6WbeNzZBxqXhGywFP7dkR+hNqOJnrA59PXFWhfttA9A==", - "dependencies": { - "@reach/portal": "0.16.2", - "@reach/utils": "0.16.0", - "prop-types": "^15.7.2", - "react-focus-lock": "^2.5.2", - "react-remove-scroll": "^2.4.3", - "tslib": "^2.3.0" - }, - "peerDependencies": { - "react": "^16.8.0 || 17.x", - "react-dom": "^16.8.0 || 17.x" - } - }, - "node_modules/@reach/dialog/node_modules/@reach/portal": { - "version": "0.16.2", - "resolved": "https://registry.npmjs.org/@reach/portal/-/portal-0.16.2.tgz", - "integrity": "sha512-9ur/yxNkuVYTIjAcfi46LdKUvH0uYZPfEp4usWcpt6PIp+WDF57F/5deMe/uGi/B/nfDweQu8VVwuMVrCb97JQ==", - "dependencies": { - "@reach/utils": "0.16.0", - "tiny-warning": "^1.0.3", - "tslib": "^2.3.0" - }, - "peerDependencies": { - "react": "^16.8.0 || 17.x", - "react-dom": "^16.8.0 || 17.x" - } - }, - "node_modules/@reach/dialog/node_modules/@reach/utils": { - "version": "0.16.0", - "resolved": "https://registry.npmjs.org/@reach/utils/-/utils-0.16.0.tgz", - "integrity": "sha512-PCggBet3qaQmwFNcmQ/GqHSefadAFyNCUekq9RrWoaU9hh/S4iaFgf2MBMdM47eQj5i/Bk0Mm07cP/XPFlkN+Q==", - "dependencies": { - "tiny-warning": "^1.0.3", - "tslib": "^2.3.0" - }, - "peerDependencies": { - "react": "^16.8.0 || 17.x", - "react-dom": "^16.8.0 || 17.x" - } - }, - "node_modules/@reach/dialog/node_modules/tslib": { - "version": "2.3.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.3.1.tgz", - "integrity": "sha512-77EbyPPpMz+FRFRuAFlWMtmgUWGe9UOG2Z25NqCwiIjRhOf5iKGuzSe5P2w1laq+FkRy4p+PCuVkJSGkzTEKVw==" - }, - "node_modules/@reach/listbox": { - "version": "0.15.0", - "resolved": "https://registry.npmjs.org/@reach/listbox/-/listbox-0.15.0.tgz", - "integrity": "sha512-3Vvpte0HQkfo3sT4Cz6gG9h+E/La2IwbtLQDTesEmDzToQ8bk9rOfuFDVp7IXUyOdDggfDCOEz/ZphsuniADWA==", - "dependencies": { - "@reach/auto-id": "0.15.0", - "@reach/descendants": "0.15.0", - "@reach/machine": "0.15.0", - "@reach/popover": "0.15.0", - "@reach/utils": "0.15.0", - "prop-types": "^15.7.2" - }, - "peerDependencies": { - "react": "^16.8.0 || 17.x", - "react-dom": "^16.8.0 || 17.x" - } - }, - "node_modules/@reach/machine": { - "version": "0.15.0", - "resolved": "https://registry.npmjs.org/@reach/machine/-/machine-0.15.0.tgz", - "integrity": "sha512-o3vvqsTQyj7apxpbSuIn4xKYlqNagcjhlMnroJ2uqgJfFwy1tLrsQo4Sr8GnZu4hitPbNAfqGExYjV8ZV8SHpA==", - "dependencies": { - "@reach/utils": "0.15.0", - "@xstate/fsm": "1.4.0", - "tslib": "^2.1.0" - }, - "peerDependencies": { - "react": "^16.8.0 || 17.x", - "react-dom": "^16.8.0 || 17.x" - } - }, - "node_modules/@reach/machine/node_modules/tslib": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.3.0.tgz", - "integrity": "sha512-N82ooyxVNm6h1riLCoyS9e3fuJ3AMG2zIZs2Gd1ATcSFjSA23Q0fzjjZeh0jbJvWVDZ0cJT8yaNNaaXHzueNjg==" - }, - "node_modules/@reach/observe-rect": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/@reach/observe-rect/-/observe-rect-1.2.0.tgz", - "integrity": "sha512-Ba7HmkFgfQxZqqaeIWWkNK0rEhpxVQHIoVyW1YDSkGsGIXzcaW4deC8B0pZrNSSyLTdIk7y+5olKt5+g0GmFIQ==" - }, - "node_modules/@reach/popover": { - "version": "0.15.0", - "resolved": "https://registry.npmjs.org/@reach/popover/-/popover-0.15.0.tgz", - "integrity": "sha512-nBR6ZlULF7ZZIqkN47QEWmdqUX2Zd6FSeYJku1il9OkiMnWzI3aTOyu1B+IJfYeIqg28D/aeF4ff0oVu1VUrqQ==", - "dependencies": { - "@reach/portal": "0.15.0", - "@reach/rect": "0.15.0", - "@reach/utils": "0.15.0", - "tabbable": "^4.0.0", - "tslib": "^2.1.0" - }, - "peerDependencies": { - "react": "^16.8.0 || 17.x", - "react-dom": "^16.8.0 || 17.x" - } - }, - "node_modules/@reach/popover/node_modules/tslib": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.3.0.tgz", - "integrity": "sha512-N82ooyxVNm6h1riLCoyS9e3fuJ3AMG2zIZs2Gd1ATcSFjSA23Q0fzjjZeh0jbJvWVDZ0cJT8yaNNaaXHzueNjg==" - }, - "node_modules/@reach/portal": { - "version": "0.15.0", - "resolved": "https://registry.npmjs.org/@reach/portal/-/portal-0.15.0.tgz", - "integrity": "sha512-Aulqjk/PIRu+R7yhINYAAYfYh++ZdC30qwHDWDtGk2cmTEJT7m9AlvBX+W7T+Q3Ux6Wy5f37eV+TTGid1CcjFw==", - "dependencies": { - "@reach/utils": "0.15.0", - "tslib": "^2.1.0" - }, - "peerDependencies": { - "react": "^16.8.0 || 17.x", - "react-dom": "^16.8.0 || 17.x" - } - }, - "node_modules/@reach/portal/node_modules/tslib": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.3.0.tgz", - "integrity": "sha512-N82ooyxVNm6h1riLCoyS9e3fuJ3AMG2zIZs2Gd1ATcSFjSA23Q0fzjjZeh0jbJvWVDZ0cJT8yaNNaaXHzueNjg==" - }, - "node_modules/@reach/rect": { - "version": "0.15.0", - "resolved": "https://registry.npmjs.org/@reach/rect/-/rect-0.15.0.tgz", - "integrity": "sha512-Nu0zG4Xq8Z0C3Yr3wbjtj7fvII1q2KopHDStNtmL26oWPzlaZJ9A1K6rZSPIqxKkx1hvl6AUTeom7eHTIKhHjA==", - "dependencies": { - "@reach/observe-rect": "1.2.0", - "@reach/utils": "0.15.0", - "prop-types": "^15.7.2", - "tiny-warning": "^1.0.3", - "tslib": "^2.1.0" - }, - "peerDependencies": { - "react": "^16.8.0 || 17.x", - "react-dom": "^16.8.0 || 17.x" - } - }, - "node_modules/@reach/rect/node_modules/tslib": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.3.0.tgz", - "integrity": "sha512-N82ooyxVNm6h1riLCoyS9e3fuJ3AMG2zIZs2Gd1ATcSFjSA23Q0fzjjZeh0jbJvWVDZ0cJT8yaNNaaXHzueNjg==" - }, - "node_modules/@reach/tooltip": { - "version": "0.16.0", - "resolved": "https://registry.npmjs.org/@reach/tooltip/-/tooltip-0.16.0.tgz", - "integrity": "sha512-kZr/OqfmmBQVBxJh+OQRCq++T5f6iQaWinpLnwD5FlG5HRKPwNzTnsy+hpyY9pR2mabk+96POp/TsT4Dv3K/qQ==", - "dependencies": { - "@reach/auto-id": "0.16.0", - "@reach/portal": "0.16.0", - "@reach/rect": "0.16.0", - "@reach/utils": "0.16.0", - "@reach/visually-hidden": "0.16.0", - "prop-types": "^15.7.2", - "tiny-warning": "^1.0.3", - "tslib": "^2.3.0" - }, - "peerDependencies": { - "react": "^16.8.0 || 17.x", - "react-dom": "^16.8.0 || 17.x" - } - }, - "node_modules/@reach/tooltip/node_modules/@reach/auto-id": { - "version": "0.16.0", - "resolved": "https://registry.npmjs.org/@reach/auto-id/-/auto-id-0.16.0.tgz", - "integrity": "sha512-5ssbeP5bCkM39uVsfQCwBBL+KT8YColdnMN5/Eto6Rj7929ql95R3HZUOkKIvj7mgPtEb60BLQxd1P3o6cjbmg==", - "dependencies": { - "@reach/utils": "0.16.0", - "tslib": "^2.3.0" - }, - "peerDependencies": { - "react": "^16.8.0 || 17.x", - "react-dom": "^16.8.0 || 17.x" - } - }, - "node_modules/@reach/tooltip/node_modules/@reach/portal": { - "version": "0.16.0", - "resolved": "https://registry.npmjs.org/@reach/portal/-/portal-0.16.0.tgz", - "integrity": "sha512-vXJ0O9T+72HiSEWHPs2cx7YbSO7pQsTMhgqPc5aaddIYpo2clJx1PnYuS0lSNlVaDO0IxQhwYq43evXaXnmviw==", - "dependencies": { - "@reach/utils": "0.16.0", - "tslib": "^2.3.0" - }, - "peerDependencies": { - "react": "^16.8.0 || 17.x", - "react-dom": "^16.8.0 || 17.x" - } - }, - "node_modules/@reach/tooltip/node_modules/@reach/rect": { - "version": "0.16.0", - "resolved": "https://registry.npmjs.org/@reach/rect/-/rect-0.16.0.tgz", - "integrity": "sha512-/qO9jQDzpOCdrSxVPR6l674mRHNTqfEjkaxZHluwJ/2qGUtYsA0GSZiF/+wX/yOWeBif1ycxJDa6HusAMJZC5Q==", - "dependencies": { - "@reach/observe-rect": "1.2.0", - "@reach/utils": "0.16.0", - "prop-types": "^15.7.2", - "tiny-warning": "^1.0.3", - "tslib": "^2.3.0" - }, - "peerDependencies": { - "react": "^16.8.0 || 17.x", - "react-dom": "^16.8.0 || 17.x" - } - }, - "node_modules/@reach/tooltip/node_modules/@reach/utils": { - "version": "0.16.0", - "resolved": "https://registry.npmjs.org/@reach/utils/-/utils-0.16.0.tgz", - "integrity": "sha512-PCggBet3qaQmwFNcmQ/GqHSefadAFyNCUekq9RrWoaU9hh/S4iaFgf2MBMdM47eQj5i/Bk0Mm07cP/XPFlkN+Q==", - "dependencies": { - "tiny-warning": "^1.0.3", - "tslib": "^2.3.0" - }, - "peerDependencies": { - "react": "^16.8.0 || 17.x", - "react-dom": "^16.8.0 || 17.x" - } - }, - "node_modules/@reach/tooltip/node_modules/tslib": { - "version": "2.3.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.3.1.tgz", - "integrity": "sha512-77EbyPPpMz+FRFRuAFlWMtmgUWGe9UOG2Z25NqCwiIjRhOf5iKGuzSe5P2w1laq+FkRy4p+PCuVkJSGkzTEKVw==" - }, - "node_modules/@reach/utils": { - "version": "0.15.0", - "resolved": "https://registry.npmjs.org/@reach/utils/-/utils-0.15.0.tgz", - "integrity": "sha512-JHHN7T5ucFiuQbqkgv8ECbRWKfRiJxrO/xHR3fHf+f2C7mVs/KkJHhYtovS1iEapR4silygX9PY0+QUmHPOTYw==", - "dependencies": { - "tiny-warning": "^1.0.3", - "tslib": "^2.1.0" - }, - "peerDependencies": { - "react": "^16.8.0 || 17.x", - "react-dom": "^16.8.0 || 17.x" - } - }, - "node_modules/@reach/utils/node_modules/tslib": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.3.0.tgz", - "integrity": "sha512-N82ooyxVNm6h1riLCoyS9e3fuJ3AMG2zIZs2Gd1ATcSFjSA23Q0fzjjZeh0jbJvWVDZ0cJT8yaNNaaXHzueNjg==" - }, - "node_modules/@reach/visually-hidden": { - "version": "0.16.0", - "resolved": "https://registry.npmjs.org/@reach/visually-hidden/-/visually-hidden-0.16.0.tgz", - "integrity": "sha512-IIayZ3jzJtI5KfcfRVtOMFkw2ef/1dMT8D9BUuFcU2ORZAWLNvnzj1oXNoIfABKl5wtsLjY6SGmkYQ+tMPN8TA==", - "dependencies": { - "prop-types": "^15.7.2", - "tslib": "^2.3.0" - }, - "peerDependencies": { - "react": "^16.8.0 || 17.x", - "react-dom": "^16.8.0 || 17.x" - } - }, - "node_modules/@reach/visually-hidden/node_modules/tslib": { - "version": "2.3.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.3.1.tgz", - "integrity": "sha512-77EbyPPpMz+FRFRuAFlWMtmgUWGe9UOG2Z25NqCwiIjRhOf5iKGuzSe5P2w1laq+FkRy4p+PCuVkJSGkzTEKVw==" - }, "node_modules/@rushstack/eslint-patch": { "version": "1.0.7", "resolved": "https://registry.npmjs.org/@rushstack/eslint-patch/-/eslint-patch-1.0.7.tgz", "integrity": "sha512-3Zi2LGbCLDz4IIL7ir6wD0u/ggHotLkK5SlVzFzTcYaNgPR4MAt/9JYZqXWKcofPWEoptfpnCJU8Bq9sxw8QUg==", "dev": true }, - "node_modules/@sindresorhus/is": { - "version": "0.7.0", - "resolved": "https://registry.npmjs.org/@sindresorhus/is/-/is-0.7.0.tgz", - "integrity": "sha512-ONhaKPIufzzrlNbqtWFFd+jlnemX6lJAgq9ZeiZtS7I1PIf/la7CW4m83rTXRnVnsMbW2k56pGYu7AUFJD9Pow==", + "node_modules/@sinonjs/commons": { + "version": "1.8.3", + "resolved": "https://registry.npmjs.org/@sinonjs/commons/-/commons-1.8.3.tgz", + "integrity": "sha512-xkNcLAn/wZaX14RPlwizcKicDk9G3F8m2nU3L7Ukm5zBgTwiT0wsoFAHx9Jq56fJA1z/7uKGtCRu16sOUCLIHQ==", "dev": true, - "engines": { - "node": ">=4" + "peer": true, + "dependencies": { + "type-detect": "4.0.8" + } + }, + "node_modules/@sinonjs/fake-timers": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-6.0.1.tgz", + "integrity": "sha512-MZPUxrmFubI36XS1DI3qmI0YdN1gks62JtFZvxR67ljjSNCeK6U08Zx4msEWOXuofgqUt6zPHSi1H9fbjR/NRA==", + "dev": true, + "peer": true, + "dependencies": { + "@sinonjs/commons": "^1.7.0" } }, "node_modules/@stylelint/postcss-css-in-js": { @@ -2668,12 +1320,69 @@ "postcss-syntax": ">=0.36.2" } }, - "node_modules/@types/hast": { - "version": "2.3.1", - "resolved": "https://registry.npmjs.org/@types/hast/-/hast-2.3.1.tgz", - "integrity": "sha512-viwwrB+6xGzw+G1eWpF9geV3fnsDgXqHG+cqgiHrvQfDUW5hzhCyV7Sy3UJxhfRFBsgky2SSW33qi/YrIkjX5Q==", + "node_modules/@tootallnate/once": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/@tootallnate/once/-/once-1.1.2.tgz", + "integrity": "sha512-RbzJvlNzmRq5c3O09UipeuXno4tA1FE6ikOjxZK0tuxVv3412l64l5t1W5pj4+rJq9vpkm/kwiR07aZXnsKPxw==", + "dev": true, + "peer": true, + "engines": { + "node": ">= 6" + } + }, + "node_modules/@types/babel__core": { + "version": "7.1.19", + "resolved": "https://registry.npmjs.org/@types/babel__core/-/babel__core-7.1.19.tgz", + "integrity": "sha512-WEOTgRsbYkvA/KCsDwVEGkd7WAr1e3g31VHQ8zy5gul/V1qKullU/BU5I68X5v7V3GnB9eotmom4v5a5gjxorw==", + "dev": true, + "peer": true, "dependencies": { - "@types/unist": "*" + "@babel/parser": "^7.1.0", + "@babel/types": "^7.0.0", + "@types/babel__generator": "*", + "@types/babel__template": "*", + "@types/babel__traverse": "*" + } + }, + "node_modules/@types/babel__generator": { + "version": "7.6.4", + "resolved": "https://registry.npmjs.org/@types/babel__generator/-/babel__generator-7.6.4.tgz", + "integrity": "sha512-tFkciB9j2K755yrTALxD44McOrk+gfpIpvC3sxHjRawj6PfnQxrse4Clq5y/Rq+G3mrBurMax/lG8Qn2t9mSsg==", + "dev": true, + "peer": true, + "dependencies": { + "@babel/types": "^7.0.0" + } + }, + "node_modules/@types/babel__template": { + "version": "7.4.1", + "resolved": "https://registry.npmjs.org/@types/babel__template/-/babel__template-7.4.1.tgz", + "integrity": "sha512-azBFKemX6kMg5Io+/rdGT0dkGreboUVR0Cdm3fz9QJWpaQGJRQXl7C+6hOTCZcMll7KFyEQpgbYI2lHdsS4U7g==", + "dev": true, + "peer": true, + "dependencies": { + "@babel/parser": "^7.1.0", + "@babel/types": "^7.0.0" + } + }, + "node_modules/@types/babel__traverse": { + "version": "7.17.0", + "resolved": "https://registry.npmjs.org/@types/babel__traverse/-/babel__traverse-7.17.0.tgz", + "integrity": "sha512-r8aveDbd+rzGP+ykSdF3oPuTVRWRfbBiHl0rVDM2yNEmSMXfkObQLV46b4RnCv3Lra51OlfnZhkkFaDl2MIRaA==", + "dev": true, + "peer": true, + "dependencies": { + "@babel/types": "^7.3.0" + } + }, + "node_modules/@types/graceful-fs": { + "version": "4.1.5", + "resolved": "https://registry.npmjs.org/@types/graceful-fs/-/graceful-fs-4.1.5.tgz", + "integrity": "sha512-anKkLmZZ+xm4p8JWBf4hElkM4XR+EZeA2M9BAkkTldmcyDY4mbdIJnRghDJH3Ov5ooY7/UAoENtmdMSkaAd7Cw==", + "dev": true, + "peer": true, + "dependencies": { + "@types/node": "*" } }, "node_modules/@types/istanbul-lib-coverage": { @@ -2712,15 +1421,11 @@ "integrity": "sha1-7ihweulOEdK4J7y+UnC86n8+ce4=", "dev": true }, - "node_modules/@types/katex": { - "version": "0.11.0", - "resolved": "https://registry.npmjs.org/@types/katex/-/katex-0.11.0.tgz", - "integrity": "sha512-27BfE8zASRLYfSBNMk5/+KIjr2CBBrH0i5lhsO04fca4TGirIIMay73v3zNkzqmsaeIa/Mi5kejWDcxPLAmkvA==" - }, "node_modules/@types/mdast": { "version": "3.0.3", "resolved": "https://registry.npmjs.org/@types/mdast/-/mdast-3.0.3.tgz", "integrity": "sha512-SXPBMnFVQg1s00dlMCc/jCdvPqdE4mXaMMCeRlxLDmTAEoegHT53xKtkDnzDTOcmMHUfcjyf36/YYZ6SxRdnsw==", + "dev": true, "dependencies": { "@types/unist": "*" } @@ -2734,7 +1439,8 @@ "node_modules/@types/node": { "version": "16.4.1", "resolved": "https://registry.npmjs.org/@types/node/-/node-16.4.1.tgz", - "integrity": "sha512-UW7cbLqf/Wu5XH2RKKY1cHwUNLicIDRLMraYKz+HHAerJ0ZffUEk+fMnd8qU2JaS6cAy0r8tsaf7yqHASf/Y0Q==" + "integrity": "sha512-UW7cbLqf/Wu5XH2RKKY1cHwUNLicIDRLMraYKz+HHAerJ0ZffUEk+fMnd8qU2JaS6cAy0r8tsaf7yqHASf/Y0Q==", + "dev": true }, "node_modules/@types/normalize-package-data": { "version": "2.4.1", @@ -2748,49 +1454,25 @@ "integrity": "sha512-//oorEZjL6sbPcKUaCdIGlIUeH26mgzimjBB77G6XRgnDl/L5wOnpyBGRe/Mmf5CVW3PwEBE1NjiMZ/ssFh4wA==", "dev": true }, - "node_modules/@types/parse5": { - "version": "5.0.3", - "resolved": "https://registry.npmjs.org/@types/parse5/-/parse5-5.0.3.tgz", - "integrity": "sha512-kUNnecmtkunAoQ3CnjmMkzNU/gtxG8guhi+Fk2U/kOpIKjIMKnXGp4IJCgQJrXSgMsWYimYG4TGjz/UzbGEBTw==" + "node_modules/@types/prettier": { + "version": "2.6.0", + "resolved": "https://registry.npmjs.org/@types/prettier/-/prettier-2.6.0.tgz", + "integrity": "sha512-G/AdOadiZhnJp0jXCaBQU449W2h716OW/EoXeYkCytxKL06X1WCXB4DZpp8TpZ8eyIJVS1cw4lrlkkSYU21cDw==", + "dev": true, + "peer": true }, - "node_modules/@types/prop-types": { - "version": "15.7.3", - "resolved": "https://registry.npmjs.org/@types/prop-types/-/prop-types-15.7.3.tgz", - "integrity": "sha512-KfRL3PuHmqQLOG+2tGpRO26Ctg+Cq1E01D2DMriKEATHgWLfeNDmq9e29Q9WIky0dQ3NPkd1mzYH8Lm936Z9qw==", - "devOptional": true - }, - "node_modules/@types/q": { - "version": "1.5.5", - "resolved": "https://registry.npmjs.org/@types/q/-/q-1.5.5.tgz", - "integrity": "sha512-L28j2FcJfSZOnL1WBjDYp2vUHCeIFlyYI/53EwD/rKUBQ7MtUUfbQWiyKJGpcnv4/WgrhWsFKrcPstcAt/J0tQ==", - "dev": true - }, - "node_modules/@types/react": { - "version": "17.0.11", - "resolved": "https://registry.npmjs.org/@types/react/-/react-17.0.11.tgz", - "integrity": "sha512-yFRQbD+whVonItSk7ZzP/L+gPTJVBkL/7shLEF+i9GC/1cV3JmUxEQz6+9ylhUpWSDuqo1N9qEvqS6vTj4USUA==", - "devOptional": true, - "dependencies": { - "@types/prop-types": "*", - "@types/scheduler": "*", - "csstype": "^3.0.2" - } - }, - "node_modules/@types/scheduler": { - "version": "0.16.1", - "resolved": "https://registry.npmjs.org/@types/scheduler/-/scheduler-0.16.1.tgz", - "integrity": "sha512-EaCxbanVeyxDRTQBkdLb3Bvl/HK7PBK6UJjsSixB0iHKoWxE5uu2Q/DgtpOhPIojN0Zl1whvOd7PoHs2P0s5eA==", - "devOptional": true - }, - "node_modules/@types/segment-analytics": { - "version": "0.0.33", - "resolved": "https://registry.npmjs.org/@types/segment-analytics/-/segment-analytics-0.0.33.tgz", - "integrity": "sha512-8OB3OhKGuIkItHeQxgQpzldyaL1dVKzJQF9ujfVLmO0MJyIhXZTiOIZtkSHF6jhptEQZqm8EyTuceIAR36OS3A==" + "node_modules/@types/stack-utils": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/@types/stack-utils/-/stack-utils-2.0.1.tgz", + "integrity": "sha512-Hl219/BT5fLAaz6NDkSuhzasy49dwQS/DSdu4MdggFB8zcXv7vflBI3xp7FEmkmdDkBUI2bPUNeMttp2knYdxw==", + "dev": true, + "peer": true }, "node_modules/@types/unist": { "version": "2.0.3", "resolved": "https://registry.npmjs.org/@types/unist/-/unist-2.0.3.tgz", - "integrity": "sha512-FvUupuM3rlRsRtCN+fDudtmytGO6iHJuuRKS1Ss0pG5z8oX0diNEw94UEL7hgDbpN94rgaK5R7sWm6RrSkZuAQ==" + "integrity": "sha512-FvUupuM3rlRsRtCN+fDudtmytGO6iHJuuRKS1Ss0pG5z8oX0diNEw94UEL7hgDbpN94rgaK5R7sWm6RrSkZuAQ==", + "dev": true }, "node_modules/@types/yargs": { "version": "15.0.14", @@ -2964,22 +1646,12 @@ "url": "https://opencollective.com/typescript-eslint" } }, - "node_modules/@xstate/fsm": { - "version": "1.4.0", - "resolved": "https://registry.npmjs.org/@xstate/fsm/-/fsm-1.4.0.tgz", - "integrity": "sha512-uTHDeu2xI5E1IFwf37JFQM31RrH7mY7877RqPBS4ZqSNUwoLDuct8AhBWaXGnVizBAYyimVwgCyGa9z/NiRhXA==" - }, - "node_modules/accepts": { - "version": "1.3.7", - "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.7.tgz", - "integrity": "sha512-Il80Qs2WjYlJIBNzNkK6KYqlVMTbZLXgHx2oT0pU/fjRHyEp+PEfEPY0R3WCwAGVOtauxh1hOxNgIf5bv7dQpA==", - "dependencies": { - "mime-types": "~2.1.24", - "negotiator": "0.6.2" - }, - "engines": { - "node": ">= 0.6" - } + "node_modules/abab": { + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/abab/-/abab-2.0.5.tgz", + "integrity": "sha512-9IK9EadsbHo6jLWIpxpR6pL0sazTXV6+SQv25ZB+F7Bj9mJNaOc4nCRabwd5M/JwmUa8idz6Eci6eKfJryPs6Q==", + "dev": true, + "peer": true }, "node_modules/acorn": { "version": "7.4.1", @@ -2993,6 +1665,17 @@ "node": ">=0.4.0" } }, + "node_modules/acorn-globals": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/acorn-globals/-/acorn-globals-6.0.0.tgz", + "integrity": "sha512-ZQl7LOWaF5ePqqcX4hLuv/bLXYQNfNWw2c0/yX/TsPRKamzHcTGQnlCjHT3TsmkOUVEPS3crCxiPfdzE/Trlhg==", + "dev": true, + "peer": true, + "dependencies": { + "acorn": "^7.1.1", + "acorn-walk": "^7.1.1" + } + }, "node_modules/acorn-jsx": { "version": "5.3.2", "resolved": "https://registry.npmjs.org/acorn-jsx/-/acorn-jsx-5.3.2.tgz", @@ -3007,10 +1690,24 @@ "resolved": "https://registry.npmjs.org/acorn-walk/-/acorn-walk-7.2.0.tgz", "integrity": "sha512-OPdCF6GsMIP+Az+aWfAAOEt2/+iVDKE7oy6lJ098aoe59oAmK76qV6Gw60SbZ8jHuG2wH058GF4pLFbYamYrVA==", "dev": true, + "peer": true, "engines": { "node": ">=0.4.0" } }, + "node_modules/agent-base": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-6.0.2.tgz", + "integrity": "sha512-RZNwNclF7+MS/8bDg70amg32dyeZGZxiDuQmZxKLAlQjr3jGyLx+4Kkk58UO7D2QdgFIQCovuSuZESne6RG6XQ==", + "dev": true, + "peer": true, + "dependencies": { + "debug": "4" + }, + "engines": { + "node": ">= 6.0.0" + } + }, "node_modules/aggregate-error": { "version": "3.1.0", "resolved": "https://registry.npmjs.org/aggregate-error/-/aggregate-error-3.1.0.tgz", @@ -3040,68 +1737,12 @@ "url": "https://github.com/sponsors/epoberezkin" } }, - "node_modules/ajv-errors": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/ajv-errors/-/ajv-errors-1.0.1.tgz", - "integrity": "sha512-DCRfO/4nQ+89p/RK43i8Ezd41EqdGIU4ld7nGF8OQ14oc/we5rEntLCUa7+jrn3nn83BosfwZA0wb4pon2o8iQ==", - "dev": true, - "peerDependencies": { - "ajv": ">=5.0.0" - } - }, - "node_modules/ajv-keywords": { - "version": "3.5.2", - "resolved": "https://registry.npmjs.org/ajv-keywords/-/ajv-keywords-3.5.2.tgz", - "integrity": "sha512-5p6WTN0DdTGVQk6VjcEju19IgaHudalcfabD7yhDGeA6bcQnmL+CpveLJq/3hvfwd1aof6L386Ougkx6RfyMIQ==", - "dev": true, - "peerDependencies": { - "ajv": "^6.9.1" - } - }, - "node_modules/algoliasearch": { - "version": "4.10.5", - "resolved": "https://registry.npmjs.org/algoliasearch/-/algoliasearch-4.10.5.tgz", - "integrity": "sha512-KmH2XkiN+8FxhND4nWFbQDkIoU6g2OjfeU9kIv4Lb+EiOOs3Gpp7jvd+JnatsCisAZsnWQdjd7zVlW7I/85QvQ==", - "dependencies": { - "@algolia/cache-browser-local-storage": "4.10.5", - "@algolia/cache-common": "4.10.5", - "@algolia/cache-in-memory": "4.10.5", - "@algolia/client-account": "4.10.5", - "@algolia/client-analytics": "4.10.5", - "@algolia/client-common": "4.10.5", - "@algolia/client-personalization": "4.10.5", - "@algolia/client-search": "4.10.5", - "@algolia/logger-common": "4.10.5", - "@algolia/logger-console": "4.10.5", - "@algolia/requester-browser-xhr": "4.10.5", - "@algolia/requester-common": "4.10.5", - "@algolia/requester-node-http": "4.10.5", - "@algolia/transporter": "4.10.5" - } - }, - "node_modules/algoliasearch-helper": { - "version": "3.6.0", - "resolved": "https://registry.npmjs.org/algoliasearch-helper/-/algoliasearch-helper-3.6.0.tgz", - "integrity": "sha512-F4Smiq+Vyv/JJytuKNFuzXndPSb4pjtiHZSkEztQCcB+SORu71A8grgt2NSJhbB5VhqHW19QDtlPKbdYdcNrLg==", - "dependencies": { - "events": "^1.1.1" - }, - "peerDependencies": { - "algoliasearch": ">= 3.1 < 5" - } - }, - "node_modules/algoliasearch-helper/node_modules/events": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/events/-/events-1.1.1.tgz", - "integrity": "sha1-nr23Y1rQmccNzEwqH1AEKI6L2SQ=", - "engines": { - "node": ">=0.4.x" - } - }, "node_modules/anser": { "version": "1.4.9", "resolved": "https://registry.npmjs.org/anser/-/anser-1.4.9.tgz", - "integrity": "sha512-AI+BjTeGt2+WFk4eWcqbQ7snZpDBt8SaLlj0RT2h5xfdWaiy51OjYvqwMrNzJLGy8iOAL6nKDITWO+rd4MkYEA==" + "integrity": "sha512-AI+BjTeGt2+WFk4eWcqbQ7snZpDBt8SaLlj0RT2h5xfdWaiy51OjYvqwMrNzJLGy8iOAL6nKDITWO+rd4MkYEA==", + "dev": true, + "peer": true }, "node_modules/ansi-colors": { "version": "4.1.1", @@ -3143,6 +1784,7 @@ "version": "5.0.1", "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", + "dev": true, "engines": { "node": ">=8" } @@ -3151,6 +1793,7 @@ "version": "4.3.0", "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==", + "dev": true, "dependencies": { "color-convert": "^2.0.1" }, @@ -3165,6 +1808,8 @@ "version": "3.1.2", "resolved": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.2.tgz", "integrity": "sha512-P43ePfOAIupkguHUycrc4qJ9kz8ZiuOUijaETwX7THt0Y/GNK7v0aa8rY816xWjZ7rJdA5XdMcpVFTKMq+RvWg==", + "dev": true, + "peer": true, "dependencies": { "normalize-path": "^3.0.0", "picomatch": "^2.0.4" @@ -3173,51 +1818,11 @@ "node": ">= 8" } }, - "node_modules/arch": { - "version": "2.2.0", - "resolved": "https://registry.npmjs.org/arch/-/arch-2.2.0.tgz", - "integrity": "sha512-Of/R0wqp83cgHozfIYLbBMnej79U/SVGOOyuB3VVFv1NRM/PSFMK12x9KVtiYzJqmnU5WR2qp0Z5rHb7sWGnFQ==", - "dev": true, - "funding": [ - { - "type": "github", - "url": "https://github.com/sponsors/feross" - }, - { - "type": "patreon", - "url": "https://www.patreon.com/feross" - }, - { - "type": "consulting", - "url": "https://feross.org/support" - } - ] - }, - "node_modules/archive-type": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/archive-type/-/archive-type-4.0.0.tgz", - "integrity": "sha1-+S5yIzBW38aWlHJ0nCZ72wRrHXA=", - "dev": true, - "dependencies": { - "file-type": "^4.2.0" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/archive-type/node_modules/file-type": { - "version": "4.4.0", - "resolved": "https://registry.npmjs.org/file-type/-/file-type-4.4.0.tgz", - "integrity": "sha1-G2AOX8ofvcboDApwxxyNul95BsU=", - "dev": true, - "engines": { - "node": ">=4" - } - }, "node_modules/argparse": { "version": "1.0.10", "resolved": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz", "integrity": "sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==", + "dev": true, "dependencies": { "sprintf-js": "~1.0.2" } @@ -3240,6 +1845,7 @@ "resolved": "https://registry.npmjs.org/arr-diff/-/arr-diff-4.0.0.tgz", "integrity": "sha1-1kYQdP6/7HHn4VI1dhoyml3HxSA=", "dev": true, + "peer": true, "engines": { "node": ">=0.10.0" } @@ -3249,6 +1855,7 @@ "resolved": "https://registry.npmjs.org/arr-flatten/-/arr-flatten-1.1.0.tgz", "integrity": "sha512-L3hKV5R/p5o81R7O02IGnwpDmkp6E982XhtbuwSe3O4qOtMMMtodicASA1Cny2U+aCXcNpml+m4dPsvsJ3jatg==", "dev": true, + "peer": true, "engines": { "node": ">=0.10.0" } @@ -3258,24 +1865,11 @@ "resolved": "https://registry.npmjs.org/arr-union/-/arr-union-3.1.0.tgz", "integrity": "sha1-45sJrqne+Gao8gbiiK9jkZuuOcQ=", "dev": true, + "peer": true, "engines": { "node": ">=0.10.0" } }, - "node_modules/array-find-index": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/array-find-index/-/array-find-index-1.0.2.tgz", - "integrity": "sha1-3wEKoSh+Fku9pvlyOwqWoexBh6E=", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/array-flatten": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz", - "integrity": "sha1-ml9pkFGx5wczKPKgCJaLZOopVdI=" - }, "node_modules/array-includes": { "version": "3.1.3", "resolved": "https://registry.npmjs.org/array-includes/-/array-includes-3.1.3.tgz", @@ -3304,20 +1898,12 @@ "node": ">=8" } }, - "node_modules/array-uniq": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/array-uniq/-/array-uniq-1.0.3.tgz", - "integrity": "sha1-r2rId6Jcx/dOBYiUdThY39sk/bY=", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/array-unique": { "version": "0.3.2", "resolved": "https://registry.npmjs.org/array-unique/-/array-unique-0.3.2.tgz", "integrity": "sha1-qJS3XUvE9s1nnvMkSp/Y9Gri1Cg=", "dev": true, + "peer": true, "engines": { "node": ">=0.10.0" } @@ -3370,6 +1956,8 @@ "version": "5.4.1", "resolved": "https://registry.npmjs.org/asn1.js/-/asn1.js-5.4.1.tgz", "integrity": "sha512-+I//4cYPccV8LdmBLiX8CYvf9Sp3vQsrqu2QNXRcrbiWvcx/UdlFiqUJJzxRQxgsZmvhXhn4cSKeSmoFjVdupA==", + "dev": true, + "peer": true, "dependencies": { "bn.js": "^4.0.0", "inherits": "^2.0.1", @@ -3380,12 +1968,16 @@ "node_modules/asn1.js/node_modules/bn.js": { "version": "4.12.0", "resolved": "https://registry.npmjs.org/bn.js/-/bn.js-4.12.0.tgz", - "integrity": "sha512-c98Bf3tPniI+scsdk237ku1Dc3ujXQTSgyiPUDEOe7tRkhrqridvh8klBv0HCEso1OLOYcHuCv/cS6DNxKH+ZA==" + "integrity": "sha512-c98Bf3tPniI+scsdk237ku1Dc3ujXQTSgyiPUDEOe7tRkhrqridvh8klBv0HCEso1OLOYcHuCv/cS6DNxKH+ZA==", + "dev": true, + "peer": true }, "node_modules/assert": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/assert/-/assert-2.0.0.tgz", "integrity": "sha512-se5Cd+js9dXJnu6Ag2JFc00t+HmHOen+8Q+L7O9zI0PqQXr20uk2J0XQqMxZEeo5U50o8Nvmmx7dZrl+Ufr35A==", + "dev": true, + "peer": true, "dependencies": { "es6-object-assign": "^1.1.0", "is-nan": "^1.2.1", @@ -3398,6 +1990,7 @@ "resolved": "https://registry.npmjs.org/assign-symbols/-/assign-symbols-1.0.0.tgz", "integrity": "sha1-WWZ/QfrdTyDMvCu5a41Pf3jsA2c=", "dev": true, + "peer": true, "engines": { "node": ">=0.10.0" } @@ -3406,6 +1999,8 @@ "version": "0.13.2", "resolved": "https://registry.npmjs.org/ast-types/-/ast-types-0.13.2.tgz", "integrity": "sha512-uWMHxJxtfj/1oZClOxDEV1sQ1HCDkA4MG8Gr69KKeBjEVH0R84WlejZ0y2DcwyBlpAEMltmVYkVgqfLFb2oyiA==", + "dev": true, + "peer": true, "engines": { "node": ">=4" } @@ -3431,16 +2026,11 @@ "integrity": "sha1-rqdNXmHB+JlhO/ZL2mbUx48v0X0=", "dev": true }, - "node_modules/async-limiter": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/async-limiter/-/async-limiter-1.0.1.tgz", - "integrity": "sha512-csOlWGAcRFJaI6m+F2WKdnMKr4HhdhFVBk0H/QbJFMCr+uO2kwohwXQPxw/9OCxp05r5ghVBFSyioixx3gfkNQ==", - "dev": true - }, "node_modules/asynckit": { "version": "0.4.0", "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", - "integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k=" + "integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k=", + "dev": true }, "node_modules/at-least-node": { "version": "1.0.0", @@ -3456,6 +2046,7 @@ "resolved": "https://registry.npmjs.org/atob/-/atob-2.1.2.tgz", "integrity": "sha512-Wm6ukoaOGJi/73p/cl2GvLjTI5JM1k/O14isD73YML8StrH/7/lRFgmg8nICZgD3bZZvjwCGxtMOD3wWNAu8cg==", "dev": true, + "peer": true, "bin": { "atob": "bin/atob.js" }, @@ -3590,6 +2181,8 @@ "version": "1.0.4", "resolved": "https://registry.npmjs.org/available-typed-arrays/-/available-typed-arrays-1.0.4.tgz", "integrity": "sha512-SA5mXJWrId1TaQjfxUYghbqQ/hYioKmLJvPJyDuYRtXXenFNMjj4hSSt1Cf1xsuXSXrtxrVC5Ot4eU6cOtBDdA==", + "dev": true, + "peer": true, "engines": { "node": ">= 0.4" }, @@ -3642,48 +2235,135 @@ "node": ">=4" } }, - "node_modules/babel-plugin-apply-mdx-type-prop": { - "version": "1.6.22", - "resolved": "https://registry.npmjs.org/babel-plugin-apply-mdx-type-prop/-/babel-plugin-apply-mdx-type-prop-1.6.22.tgz", - "integrity": "sha512-VefL+8o+F/DfK24lPZMtJctrCVOfgbqLAGZSkxwhazQv4VxPg3Za/i40fu22KR2m8eEda+IfSOlPLUSIiLcnCQ==", + "node_modules/babel-jest": { + "version": "26.6.3", + "resolved": "https://registry.npmjs.org/babel-jest/-/babel-jest-26.6.3.tgz", + "integrity": "sha512-pl4Q+GAVOHwvjrck6jKjvmGhnO3jHX/xuB9d27f+EJZ/6k+6nMuPjorrYp7s++bKKdANwzElBWnLWaObvTnaZA==", + "dev": true, + "peer": true, "dependencies": { - "@babel/helper-plugin-utils": "7.10.4", - "@mdx-js/util": "1.6.22" + "@jest/transform": "^26.6.2", + "@jest/types": "^26.6.2", + "@types/babel__core": "^7.1.7", + "babel-plugin-istanbul": "^6.0.0", + "babel-preset-jest": "^26.6.2", + "chalk": "^4.0.0", + "graceful-fs": "^4.2.4", + "slash": "^3.0.0" }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" + "engines": { + "node": ">= 10.14.2" }, "peerDependencies": { - "@babel/core": "^7.11.6" + "@babel/core": "^7.0.0" } }, - "node_modules/babel-plugin-apply-mdx-type-prop/node_modules/@babel/helper-plugin-utils": { - "version": "7.10.4", - "resolved": "https://registry.npmjs.org/@babel/helper-plugin-utils/-/helper-plugin-utils-7.10.4.tgz", - "integrity": "sha512-O4KCvQA6lLiMU9l2eawBPMf1xPP8xPfB3iEQw150hOVTqj/rfXz0ThTb4HEzqQfs2Bmo5Ay8BzxfzVtBrr9dVg==" - }, - "node_modules/babel-plugin-extract-import-names": { - "version": "1.6.22", - "resolved": "https://registry.npmjs.org/babel-plugin-extract-import-names/-/babel-plugin-extract-import-names-1.6.22.tgz", - "integrity": "sha512-yJ9BsJaISua7d8zNT7oRG1ZLBJCIdZ4PZqmH8qa9N5AK01ifk3fnkc98AXhtzE7UkfCsEumvoQWgoYLhOnJ7jQ==", + "node_modules/babel-plugin-istanbul": { + "version": "6.1.1", + "resolved": "https://registry.npmjs.org/babel-plugin-istanbul/-/babel-plugin-istanbul-6.1.1.tgz", + "integrity": "sha512-Y1IQok9821cC9onCx5otgFfRm7Lm+I+wwxOx738M/WLPZ9Q42m4IG5W0FNX8WLL2gYMZo3JkuXIH2DOpWM+qwA==", + "dev": true, + "peer": true, "dependencies": { - "@babel/helper-plugin-utils": "7.10.4" + "@babel/helper-plugin-utils": "^7.0.0", + "@istanbuljs/load-nyc-config": "^1.0.0", + "@istanbuljs/schema": "^0.1.2", + "istanbul-lib-instrument": "^5.0.4", + "test-exclude": "^6.0.0" }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" + "engines": { + "node": ">=8" } }, - "node_modules/babel-plugin-extract-import-names/node_modules/@babel/helper-plugin-utils": { - "version": "7.10.4", - "resolved": "https://registry.npmjs.org/@babel/helper-plugin-utils/-/helper-plugin-utils-7.10.4.tgz", - "integrity": "sha512-O4KCvQA6lLiMU9l2eawBPMf1xPP8xPfB3iEQw150hOVTqj/rfXz0ThTb4HEzqQfs2Bmo5Ay8BzxfzVtBrr9dVg==" + "node_modules/babel-plugin-istanbul/node_modules/istanbul-lib-instrument": { + "version": "5.1.0", + "resolved": "https://registry.npmjs.org/istanbul-lib-instrument/-/istanbul-lib-instrument-5.1.0.tgz", + "integrity": "sha512-czwUz525rkOFDJxfKK6mYfIs9zBKILyrZQxjz3ABhjQXhbhFsSbo1HW/BFcsDnfJYJWA6thRR5/TUY2qs5W99Q==", + "dev": true, + "peer": true, + "dependencies": { + "@babel/core": "^7.12.3", + "@babel/parser": "^7.14.7", + "@istanbuljs/schema": "^0.1.2", + "istanbul-lib-coverage": "^3.2.0", + "semver": "^6.3.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/babel-plugin-istanbul/node_modules/semver": { + "version": "6.3.0", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz", + "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==", + "dev": true, + "peer": true, + "bin": { + "semver": "bin/semver.js" + } + }, + "node_modules/babel-plugin-jest-hoist": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/babel-plugin-jest-hoist/-/babel-plugin-jest-hoist-26.6.2.tgz", + "integrity": "sha512-PO9t0697lNTmcEHH69mdtYiOIkkOlj9fySqfO3K1eCcdISevLAE0xY59VLLUj0SoiPiTX/JU2CYFpILydUa5Lw==", + "dev": true, + "peer": true, + "dependencies": { + "@babel/template": "^7.3.3", + "@babel/types": "^7.3.3", + "@types/babel__core": "^7.0.0", + "@types/babel__traverse": "^7.0.6" + }, + "engines": { + "node": ">= 10.14.2" + } + }, + "node_modules/babel-preset-current-node-syntax": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/babel-preset-current-node-syntax/-/babel-preset-current-node-syntax-1.0.1.tgz", + "integrity": "sha512-M7LQ0bxarkxQoN+vz5aJPsLBn77n8QgTFmo8WK0/44auK2xlCXrYcUxHFxgU7qW5Yzw/CjmLRK2uJzaCd7LvqQ==", + "dev": true, + "peer": true, + "dependencies": { + "@babel/plugin-syntax-async-generators": "^7.8.4", + "@babel/plugin-syntax-bigint": "^7.8.3", + "@babel/plugin-syntax-class-properties": "^7.8.3", + "@babel/plugin-syntax-import-meta": "^7.8.3", + "@babel/plugin-syntax-json-strings": "^7.8.3", + "@babel/plugin-syntax-logical-assignment-operators": "^7.8.3", + "@babel/plugin-syntax-nullish-coalescing-operator": "^7.8.3", + "@babel/plugin-syntax-numeric-separator": "^7.8.3", + "@babel/plugin-syntax-object-rest-spread": "^7.8.3", + "@babel/plugin-syntax-optional-catch-binding": "^7.8.3", + "@babel/plugin-syntax-optional-chaining": "^7.8.3", + "@babel/plugin-syntax-top-level-await": "^7.8.3" + }, + "peerDependencies": { + "@babel/core": "^7.0.0" + } + }, + "node_modules/babel-preset-jest": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/babel-preset-jest/-/babel-preset-jest-26.6.2.tgz", + "integrity": "sha512-YvdtlVm9t3k777c5NPQIv6cxFFFapys25HiUmuSgHwIZhfifweR5c5Sf5nwE3MAbfu327CYSvps8Yx6ANLyleQ==", + "dev": true, + "peer": true, + "dependencies": { + "babel-plugin-jest-hoist": "^26.6.2", + "babel-preset-current-node-syntax": "^1.0.0" + }, + "engines": { + "node": ">= 10.14.2" + }, + "peerDependencies": { + "@babel/core": "^7.0.0" + } }, "node_modules/bail": { "version": "1.0.5", "resolved": "https://registry.npmjs.org/bail/-/bail-1.0.5.tgz", "integrity": "sha512-xFbRxM1tahm08yHBP16MMjVUAvDaBMD38zsM9EMAUN61omwLmKlOpB/Zku5QkjZ8TZ4vn53pj+t518cH0S03RQ==", + "dev": true, "funding": { "type": "github", "url": "https://github.com/sponsors/wooorm" @@ -3692,13 +2372,15 @@ "node_modules/balanced-match": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", - "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==" + "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==", + "dev": true }, "node_modules/base": { "version": "0.11.2", "resolved": "https://registry.npmjs.org/base/-/base-0.11.2.tgz", "integrity": "sha512-5T6P4xPgpp0YDFvSWwEZ4NoE3aM4QBQXDzmVbraCkFj8zHM+mba8SyqB5DbZWyR7mYHo6Y7BdQo3MoA4m0TeQg==", "dev": true, + "peer": true, "dependencies": { "cache-base": "^1.0.1", "class-utils": "^0.3.5", @@ -3717,6 +2399,7 @@ "resolved": "https://registry.npmjs.org/define-property/-/define-property-1.0.0.tgz", "integrity": "sha1-dp66rz9KY6rTr56NMEybvnm/sOY=", "dev": true, + "peer": true, "dependencies": { "is-descriptor": "^1.0.0" }, @@ -3728,6 +2411,7 @@ "version": "1.5.1", "resolved": "https://registry.npmjs.org/base64-js/-/base64-js-1.5.1.tgz", "integrity": "sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA==", + "dev": true, "funding": [ { "type": "github", @@ -3741,755 +2425,41 @@ "type": "consulting", "url": "https://feross.org/support" } - ] - }, - "node_modules/bfj": { - "version": "6.1.2", - "resolved": "https://registry.npmjs.org/bfj/-/bfj-6.1.2.tgz", - "integrity": "sha512-BmBJa4Lip6BPRINSZ0BPEIfB1wUY/9rwbwvIHQA1KjX9om29B6id0wnWXq7m3bn5JrUVjeOTnVuhPT1FiHwPGw==", - "dev": true, - "dependencies": { - "bluebird": "^3.5.5", - "check-types": "^8.0.3", - "hoopy": "^0.1.4", - "tryer": "^1.0.1" - }, - "engines": { - "node": ">= 6.0.0" - } + ], + "peer": true }, "node_modules/big.js": { "version": "5.2.2", "resolved": "https://registry.npmjs.org/big.js/-/big.js-5.2.2.tgz", "integrity": "sha512-vyL2OymJxmarO8gxMr0mhChsO9QGwhynfuu4+MHTAW6czfq9humCB7rKpUjDd9YUiDPU4mzpyupFSvOClAwbmQ==", + "dev": true, + "peer": true, "engines": { "node": "*" } }, - "node_modules/bin-build": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/bin-build/-/bin-build-3.0.0.tgz", - "integrity": "sha512-jcUOof71/TNAI2uM5uoUaDq2ePcVBQ3R/qhxAz1rX7UfvduAL/RXD3jXzvn8cVcDJdGVkiR1shal3OH0ImpuhA==", - "dev": true, - "dependencies": { - "decompress": "^4.0.0", - "download": "^6.2.2", - "execa": "^0.7.0", - "p-map-series": "^1.0.0", - "tempfile": "^2.0.0" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/bin-build/node_modules/cross-spawn": { - "version": "5.1.0", - "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-5.1.0.tgz", - "integrity": "sha1-6L0O/uWPz/b4+UUQoKVUu/ojVEk=", - "dev": true, - "dependencies": { - "lru-cache": "^4.0.1", - "shebang-command": "^1.2.0", - "which": "^1.2.9" - } - }, - "node_modules/bin-build/node_modules/execa": { - "version": "0.7.0", - "resolved": "https://registry.npmjs.org/execa/-/execa-0.7.0.tgz", - "integrity": "sha1-lEvs00zEHuMqY6n68nrVpl/Fl3c=", - "dev": true, - "dependencies": { - "cross-spawn": "^5.0.1", - "get-stream": "^3.0.0", - "is-stream": "^1.1.0", - "npm-run-path": "^2.0.0", - "p-finally": "^1.0.0", - "signal-exit": "^3.0.0", - "strip-eof": "^1.0.0" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/bin-build/node_modules/get-stream": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-3.0.0.tgz", - "integrity": "sha1-jpQ9E1jcN1VQVOy+LtsFqhdO3hQ=", - "dev": true, - "engines": { - "node": ">=4" - } - }, - "node_modules/bin-build/node_modules/is-stream": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-1.1.0.tgz", - "integrity": "sha1-EtSj3U5o4Lec6428hBc66A2RykQ=", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/bin-build/node_modules/lru-cache": { - "version": "4.1.5", - "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-4.1.5.tgz", - "integrity": "sha512-sWZlbEP2OsHNkXrMl5GYk/jKk70MBng6UU4YI/qGDYbgf6YbP4EvmqISbXCoJiRKs+1bSpFHVgQxvJ17F2li5g==", - "dev": true, - "dependencies": { - "pseudomap": "^1.0.2", - "yallist": "^2.1.2" - } - }, - "node_modules/bin-build/node_modules/npm-run-path": { - "version": "2.0.2", - "resolved": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-2.0.2.tgz", - "integrity": "sha1-NakjLfo11wZ7TLLd8jV7GHFTbF8=", - "dev": true, - "dependencies": { - "path-key": "^2.0.0" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/bin-build/node_modules/path-key": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/path-key/-/path-key-2.0.1.tgz", - "integrity": "sha1-QRyttXTFoUDTpLGRDUDYDMn0C0A=", - "dev": true, - "engines": { - "node": ">=4" - } - }, - "node_modules/bin-build/node_modules/shebang-command": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-1.2.0.tgz", - "integrity": "sha1-RKrGW2lbAzmJaMOfNj/uXer98eo=", - "dev": true, - "dependencies": { - "shebang-regex": "^1.0.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/bin-build/node_modules/shebang-regex": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-1.0.0.tgz", - "integrity": "sha1-2kL0l0DAtC2yypcoVxyxkMmO/qM=", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/bin-build/node_modules/which": { - "version": "1.3.1", - "resolved": "https://registry.npmjs.org/which/-/which-1.3.1.tgz", - "integrity": "sha512-HxJdYWq1MTIQbJ3nw0cqssHoTNU267KlrDuGZ1WYlxDStUtKUhOaJmh112/TZmHxxUfuJqPXSOm7tDyas0OSIQ==", - "dev": true, - "dependencies": { - "isexe": "^2.0.0" - }, - "bin": { - "which": "bin/which" - } - }, - "node_modules/bin-build/node_modules/yallist": { - "version": "2.1.2", - "resolved": "https://registry.npmjs.org/yallist/-/yallist-2.1.2.tgz", - "integrity": "sha1-HBH5IY8HYImkfdUS+TxmmaaoHVI=", - "dev": true - }, - "node_modules/bin-check": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/bin-check/-/bin-check-4.1.0.tgz", - "integrity": "sha512-b6weQyEUKsDGFlACWSIOfveEnImkJyK/FGW6FAG42loyoquvjdtOIqO6yBFzHyqyVVhNgNkQxxx09SFLK28YnA==", - "dev": true, - "dependencies": { - "execa": "^0.7.0", - "executable": "^4.1.0" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/bin-check/node_modules/cross-spawn": { - "version": "5.1.0", - "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-5.1.0.tgz", - "integrity": "sha1-6L0O/uWPz/b4+UUQoKVUu/ojVEk=", - "dev": true, - "dependencies": { - "lru-cache": "^4.0.1", - "shebang-command": "^1.2.0", - "which": "^1.2.9" - } - }, - "node_modules/bin-check/node_modules/execa": { - "version": "0.7.0", - "resolved": "https://registry.npmjs.org/execa/-/execa-0.7.0.tgz", - "integrity": "sha1-lEvs00zEHuMqY6n68nrVpl/Fl3c=", - "dev": true, - "dependencies": { - "cross-spawn": "^5.0.1", - "get-stream": "^3.0.0", - "is-stream": "^1.1.0", - "npm-run-path": "^2.0.0", - "p-finally": "^1.0.0", - "signal-exit": "^3.0.0", - "strip-eof": "^1.0.0" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/bin-check/node_modules/get-stream": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-3.0.0.tgz", - "integrity": "sha1-jpQ9E1jcN1VQVOy+LtsFqhdO3hQ=", - "dev": true, - "engines": { - "node": ">=4" - } - }, - "node_modules/bin-check/node_modules/is-stream": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-1.1.0.tgz", - "integrity": "sha1-EtSj3U5o4Lec6428hBc66A2RykQ=", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/bin-check/node_modules/lru-cache": { - "version": "4.1.5", - "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-4.1.5.tgz", - "integrity": "sha512-sWZlbEP2OsHNkXrMl5GYk/jKk70MBng6UU4YI/qGDYbgf6YbP4EvmqISbXCoJiRKs+1bSpFHVgQxvJ17F2li5g==", - "dev": true, - "dependencies": { - "pseudomap": "^1.0.2", - "yallist": "^2.1.2" - } - }, - "node_modules/bin-check/node_modules/npm-run-path": { - "version": "2.0.2", - "resolved": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-2.0.2.tgz", - "integrity": "sha1-NakjLfo11wZ7TLLd8jV7GHFTbF8=", - "dev": true, - "dependencies": { - "path-key": "^2.0.0" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/bin-check/node_modules/path-key": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/path-key/-/path-key-2.0.1.tgz", - "integrity": "sha1-QRyttXTFoUDTpLGRDUDYDMn0C0A=", - "dev": true, - "engines": { - "node": ">=4" - } - }, - "node_modules/bin-check/node_modules/shebang-command": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-1.2.0.tgz", - "integrity": "sha1-RKrGW2lbAzmJaMOfNj/uXer98eo=", - "dev": true, - "dependencies": { - "shebang-regex": "^1.0.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/bin-check/node_modules/shebang-regex": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-1.0.0.tgz", - "integrity": "sha1-2kL0l0DAtC2yypcoVxyxkMmO/qM=", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/bin-check/node_modules/which": { - "version": "1.3.1", - "resolved": "https://registry.npmjs.org/which/-/which-1.3.1.tgz", - "integrity": "sha512-HxJdYWq1MTIQbJ3nw0cqssHoTNU267KlrDuGZ1WYlxDStUtKUhOaJmh112/TZmHxxUfuJqPXSOm7tDyas0OSIQ==", - "dev": true, - "dependencies": { - "isexe": "^2.0.0" - }, - "bin": { - "which": "bin/which" - } - }, - "node_modules/bin-check/node_modules/yallist": { - "version": "2.1.2", - "resolved": "https://registry.npmjs.org/yallist/-/yallist-2.1.2.tgz", - "integrity": "sha1-HBH5IY8HYImkfdUS+TxmmaaoHVI=", - "dev": true - }, - "node_modules/bin-version": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/bin-version/-/bin-version-3.1.0.tgz", - "integrity": "sha512-Mkfm4iE1VFt4xd4vH+gx+0/71esbfus2LsnCGe8Pi4mndSPyT+NGES/Eg99jx8/lUGWfu3z2yuB/bt5UB+iVbQ==", - "dev": true, - "dependencies": { - "execa": "^1.0.0", - "find-versions": "^3.0.0" - }, - "engines": { - "node": ">=6" - } - }, - "node_modules/bin-version-check": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/bin-version-check/-/bin-version-check-4.0.0.tgz", - "integrity": "sha512-sR631OrhC+1f8Cvs8WyVWOA33Y8tgwjETNPyyD/myRBXLkfS/vl74FmH/lFcRl9KY3zwGh7jFhvyk9vV3/3ilQ==", - "dev": true, - "dependencies": { - "bin-version": "^3.0.0", - "semver": "^5.6.0", - "semver-truncate": "^1.1.2" - }, - "engines": { - "node": ">=6" - } - }, - "node_modules/bin-version-check/node_modules/semver": { - "version": "5.7.1", - "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz", - "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==", - "dev": true, - "bin": { - "semver": "bin/semver" - } - }, - "node_modules/bin-version/node_modules/cross-spawn": { - "version": "6.0.5", - "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-6.0.5.tgz", - "integrity": "sha512-eTVLrBSt7fjbDygz805pMnstIs2VTBNkRm0qxZd+M7A5XDdxVRWO5MxGBXZhjY4cqLYLdtrGqRf8mBPmzwSpWQ==", - "dev": true, - "dependencies": { - "nice-try": "^1.0.4", - "path-key": "^2.0.1", - "semver": "^5.5.0", - "shebang-command": "^1.2.0", - "which": "^1.2.9" - }, - "engines": { - "node": ">=4.8" - } - }, - "node_modules/bin-version/node_modules/execa": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/execa/-/execa-1.0.0.tgz", - "integrity": "sha512-adbxcyWV46qiHyvSp50TKt05tB4tK3HcmF7/nxfAdhnox83seTDbwnaqKO4sXRy7roHAIFqJP/Rw/AuEbX61LA==", - "dev": true, - "dependencies": { - "cross-spawn": "^6.0.0", - "get-stream": "^4.0.0", - "is-stream": "^1.1.0", - "npm-run-path": "^2.0.0", - "p-finally": "^1.0.0", - "signal-exit": "^3.0.0", - "strip-eof": "^1.0.0" - }, - "engines": { - "node": ">=6" - } - }, - "node_modules/bin-version/node_modules/find-versions": { - "version": "3.2.0", - "resolved": "https://registry.npmjs.org/find-versions/-/find-versions-3.2.0.tgz", - "integrity": "sha512-P8WRou2S+oe222TOCHitLy8zj+SIsVJh52VP4lvXkaFVnOFFdoWv1H1Jjvel1aI6NCFOAaeAVm8qrI0odiLcww==", - "dev": true, - "dependencies": { - "semver-regex": "^2.0.0" - }, - "engines": { - "node": ">=6" - } - }, - "node_modules/bin-version/node_modules/get-stream": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-4.1.0.tgz", - "integrity": "sha512-GMat4EJ5161kIy2HevLlr4luNjBgvmj413KaQA7jt4V8B4RDsfpHk7WQ9GVqfYyyx8OS/L66Kox+rJRNklLK7w==", - "dev": true, - "dependencies": { - "pump": "^3.0.0" - }, - "engines": { - "node": ">=6" - } - }, - "node_modules/bin-version/node_modules/is-stream": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-1.1.0.tgz", - "integrity": "sha1-EtSj3U5o4Lec6428hBc66A2RykQ=", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/bin-version/node_modules/npm-run-path": { - "version": "2.0.2", - "resolved": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-2.0.2.tgz", - "integrity": "sha1-NakjLfo11wZ7TLLd8jV7GHFTbF8=", - "dev": true, - "dependencies": { - "path-key": "^2.0.0" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/bin-version/node_modules/path-key": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/path-key/-/path-key-2.0.1.tgz", - "integrity": "sha1-QRyttXTFoUDTpLGRDUDYDMn0C0A=", - "dev": true, - "engines": { - "node": ">=4" - } - }, - "node_modules/bin-version/node_modules/semver": { - "version": "5.7.1", - "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz", - "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==", - "dev": true, - "bin": { - "semver": "bin/semver" - } - }, - "node_modules/bin-version/node_modules/semver-regex": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/semver-regex/-/semver-regex-2.0.0.tgz", - "integrity": "sha512-mUdIBBvdn0PLOeP3TEkMH7HHeUP3GjsXCwKarjv/kGmUFOYg1VqEemKhoQpWMu6X2I8kHeuVdGibLGkVK+/5Qw==", - "dev": true, - "engines": { - "node": ">=6" - } - }, - "node_modules/bin-version/node_modules/shebang-command": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-1.2.0.tgz", - "integrity": "sha1-RKrGW2lbAzmJaMOfNj/uXer98eo=", - "dev": true, - "dependencies": { - "shebang-regex": "^1.0.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/bin-version/node_modules/shebang-regex": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-1.0.0.tgz", - "integrity": "sha1-2kL0l0DAtC2yypcoVxyxkMmO/qM=", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/bin-version/node_modules/which": { - "version": "1.3.1", - "resolved": "https://registry.npmjs.org/which/-/which-1.3.1.tgz", - "integrity": "sha512-HxJdYWq1MTIQbJ3nw0cqssHoTNU267KlrDuGZ1WYlxDStUtKUhOaJmh112/TZmHxxUfuJqPXSOm7tDyas0OSIQ==", - "dev": true, - "dependencies": { - "isexe": "^2.0.0" - }, - "bin": { - "which": "bin/which" - } - }, - "node_modules/bin-wrapper": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/bin-wrapper/-/bin-wrapper-4.1.0.tgz", - "integrity": "sha512-hfRmo7hWIXPkbpi0ZltboCMVrU+0ClXR/JgbCKKjlDjQf6igXa7OwdqNcFWQZPZTgiY7ZpzE3+LjjkLiTN2T7Q==", - "dev": true, - "dependencies": { - "bin-check": "^4.1.0", - "bin-version-check": "^4.0.0", - "download": "^7.1.0", - "import-lazy": "^3.1.0", - "os-filter-obj": "^2.0.0", - "pify": "^4.0.1" - }, - "engines": { - "node": ">=6" - } - }, - "node_modules/bin-wrapper/node_modules/download": { - "version": "7.1.0", - "resolved": "https://registry.npmjs.org/download/-/download-7.1.0.tgz", - "integrity": "sha512-xqnBTVd/E+GxJVrX5/eUJiLYjCGPwMpdL+jGhGU57BvtcA7wwhtHVbXBeUk51kOpW3S7Jn3BQbN9Q1R1Km2qDQ==", - "dev": true, - "dependencies": { - "archive-type": "^4.0.0", - "caw": "^2.0.1", - "content-disposition": "^0.5.2", - "decompress": "^4.2.0", - "ext-name": "^5.0.0", - "file-type": "^8.1.0", - "filenamify": "^2.0.0", - "get-stream": "^3.0.0", - "got": "^8.3.1", - "make-dir": "^1.2.0", - "p-event": "^2.1.0", - "pify": "^3.0.0" - }, - "engines": { - "node": ">=6" - } - }, - "node_modules/bin-wrapper/node_modules/download/node_modules/pify": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/pify/-/pify-3.0.0.tgz", - "integrity": "sha1-5aSs0sEB/fPZpNB/DbxNtJ3SgXY=", - "dev": true, - "engines": { - "node": ">=4" - } - }, - "node_modules/bin-wrapper/node_modules/file-type": { - "version": "8.1.0", - "resolved": "https://registry.npmjs.org/file-type/-/file-type-8.1.0.tgz", - "integrity": "sha512-qyQ0pzAy78gVoJsmYeNgl8uH8yKhr1lVhW7JbzJmnlRi0I4R2eEDEJZVKG8agpDnLpacwNbDhLNG/LMdxHD2YQ==", - "dev": true, - "engines": { - "node": ">=6" - } - }, - "node_modules/bin-wrapper/node_modules/get-stream": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-3.0.0.tgz", - "integrity": "sha1-jpQ9E1jcN1VQVOy+LtsFqhdO3hQ=", - "dev": true, - "engines": { - "node": ">=4" - } - }, - "node_modules/bin-wrapper/node_modules/got": { - "version": "8.3.2", - "resolved": "https://registry.npmjs.org/got/-/got-8.3.2.tgz", - "integrity": "sha512-qjUJ5U/hawxosMryILofZCkm3C84PLJS/0grRIpjAwu+Lkxxj5cxeCU25BG0/3mDSpXKTyZr8oh8wIgLaH0QCw==", - "dev": true, - "dependencies": { - "@sindresorhus/is": "^0.7.0", - "cacheable-request": "^2.1.1", - "decompress-response": "^3.3.0", - "duplexer3": "^0.1.4", - "get-stream": "^3.0.0", - "into-stream": "^3.1.0", - "is-retry-allowed": "^1.1.0", - "isurl": "^1.0.0-alpha5", - "lowercase-keys": "^1.0.0", - "mimic-response": "^1.0.0", - "p-cancelable": "^0.4.0", - "p-timeout": "^2.0.1", - "pify": "^3.0.0", - "safe-buffer": "^5.1.1", - "timed-out": "^4.0.1", - "url-parse-lax": "^3.0.0", - "url-to-options": "^1.0.1" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/bin-wrapper/node_modules/got/node_modules/pify": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/pify/-/pify-3.0.0.tgz", - "integrity": "sha1-5aSs0sEB/fPZpNB/DbxNtJ3SgXY=", - "dev": true, - "engines": { - "node": ">=4" - } - }, - "node_modules/bin-wrapper/node_modules/import-lazy": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/import-lazy/-/import-lazy-3.1.0.tgz", - "integrity": "sha512-8/gvXvX2JMn0F+CDlSC4l6kOmVaLOO3XLkksI7CI3Ud95KDYJuYur2b9P/PUt/i/pDAMd/DulQsNbbbmRRsDIQ==", - "dev": true, - "engines": { - "node": ">=6" - } - }, - "node_modules/bin-wrapper/node_modules/p-cancelable": { - "version": "0.4.1", - "resolved": "https://registry.npmjs.org/p-cancelable/-/p-cancelable-0.4.1.tgz", - "integrity": "sha512-HNa1A8LvB1kie7cERyy21VNeHb2CWJJYqyyC2o3klWFfMGlFmWv2Z7sFgZH8ZiaYL95ydToKTFVXgMV/Os0bBQ==", - "dev": true, - "engines": { - "node": ">=4" - } - }, - "node_modules/bin-wrapper/node_modules/p-event": { - "version": "2.3.1", - "resolved": "https://registry.npmjs.org/p-event/-/p-event-2.3.1.tgz", - "integrity": "sha512-NQCqOFhbpVTMX4qMe8PF8lbGtzZ+LCiN7pcNrb/413Na7+TRoe1xkKUzuWa/YEJdGQ0FvKtj35EEbDoVPO2kbA==", - "dev": true, - "dependencies": { - "p-timeout": "^2.0.1" - }, - "engines": { - "node": ">=6" - } - }, - "node_modules/bin-wrapper/node_modules/p-timeout": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/p-timeout/-/p-timeout-2.0.1.tgz", - "integrity": "sha512-88em58dDVB/KzPEx1X0N3LwFfYZPyDc4B6eF38M1rk9VTZMbxXXgjugz8mmwpS9Ox4BDZ+t6t3QP5+/gazweIA==", - "dev": true, - "dependencies": { - "p-finally": "^1.0.0" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/bin-wrapper/node_modules/pify": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/pify/-/pify-4.0.1.tgz", - "integrity": "sha512-uB80kBFb/tfd68bVleG9T5GGsGPjJrLAUpR5PZIrhBnIaRTQRjqdJSsIKkOP6OAIFbj7GOrcudc5pNjZ+geV2g==", - "dev": true, - "engines": { - "node": ">=6" - } - }, - "node_modules/bin-wrapper/node_modules/prepend-http": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/prepend-http/-/prepend-http-2.0.0.tgz", - "integrity": "sha1-6SQ0v6XqjBn0HN/UAddBo8gZ2Jc=", - "dev": true, - "engines": { - "node": ">=4" - } - }, - "node_modules/bin-wrapper/node_modules/url-parse-lax": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/url-parse-lax/-/url-parse-lax-3.0.0.tgz", - "integrity": "sha1-FrXK/Afb42dsGxmZF3gj1lA6yww=", - "dev": true, - "dependencies": { - "prepend-http": "^2.0.0" - }, - "engines": { - "node": ">=4" - } - }, "node_modules/binary-extensions": { "version": "2.2.0", "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.2.0.tgz", "integrity": "sha512-jDctJ/IVQbZoJykoeHbhXpOlNBqGNcwXJKJog42E5HDPUwQTSdjCHdihjj0DlnheQ7blbT6dHOafNAiS8ooQKA==", + "dev": true, + "peer": true, "engines": { "node": ">=8" } }, - "node_modules/bl": { - "version": "1.2.3", - "resolved": "https://registry.npmjs.org/bl/-/bl-1.2.3.tgz", - "integrity": "sha512-pvcNpa0UU69UT341rO6AYy4FVAIkUHuZXRIWbq+zHnsVcRzDDjIAhGuuYoi0d//cwIwtt4pkpKycWEfjdV+vww==", - "dev": true, - "dependencies": { - "readable-stream": "^2.3.5", - "safe-buffer": "^5.1.1" - } - }, - "node_modules/bl/node_modules/readable-stream": { - "version": "2.3.7", - "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.7.tgz", - "integrity": "sha512-Ebho8K4jIbHAxnuxi7o42OrZgF/ZTNcsZj6nRKyUmkhLFq8CHItp/fy6hQZuZmP/n3yZ9VBUbp4zz/mX8hmYPw==", - "dev": true, - "dependencies": { - "core-util-is": "~1.0.0", - "inherits": "~2.0.3", - "isarray": "~1.0.0", - "process-nextick-args": "~2.0.0", - "safe-buffer": "~5.1.1", - "string_decoder": "~1.1.1", - "util-deprecate": "~1.0.1" - } - }, - "node_modules/bl/node_modules/string_decoder": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", - "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==", - "dev": true, - "dependencies": { - "safe-buffer": "~5.1.0" - } - }, - "node_modules/bluebird": { - "version": "3.7.2", - "resolved": "https://registry.npmjs.org/bluebird/-/bluebird-3.7.2.tgz", - "integrity": "sha512-XpNj6GDQzdfW+r2Wnn7xiSAd7TM3jzkxGXBGTtWKuSXv1xUV+azxAm8jdWZN06QTQk+2N2XB9jRDkvbmQmcRtg==", - "dev": true - }, "node_modules/bn.js": { "version": "5.2.0", "resolved": "https://registry.npmjs.org/bn.js/-/bn.js-5.2.0.tgz", - "integrity": "sha512-D7iWRBvnZE8ecXiLj/9wbxH7Tk79fAh8IHaTNq1RWRixsS02W+5qS+iE9yq6RYl0asXx5tw0bLhmT5pIfbSquw==" - }, - "node_modules/body-parser": { - "version": "1.19.0", - "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.19.0.tgz", - "integrity": "sha512-dhEPs72UPbDnAQJ9ZKMNTP6ptJaionhP5cBb541nXPlW60Jepo9RV/a4fX4XWW9CuFNK22krhrj1+rgzifNCsw==", - "dependencies": { - "bytes": "3.1.0", - "content-type": "~1.0.4", - "debug": "2.6.9", - "depd": "~1.1.2", - "http-errors": "1.7.2", - "iconv-lite": "0.4.24", - "on-finished": "~2.3.0", - "qs": "6.7.0", - "raw-body": "2.4.0", - "type-is": "~1.6.17" - }, - "engines": { - "node": ">= 0.8" - } - }, - "node_modules/body-parser/node_modules/debug": { - "version": "2.6.9", - "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", - "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", - "dependencies": { - "ms": "2.0.0" - } - }, - "node_modules/body-parser/node_modules/ms": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", - "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=" - }, - "node_modules/body-parser/node_modules/raw-body": { - "version": "2.4.0", - "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.4.0.tgz", - "integrity": "sha512-4Oz8DUIwdvoa5qMJelxipzi/iJIi40O5cGV1wNYp5hvZP8ZN0T+jiNkL0QepXs+EsQ9XJ8ipEDoiH70ySUJP3Q==", - "dependencies": { - "bytes": "3.1.0", - "http-errors": "1.7.2", - "iconv-lite": "0.4.24", - "unpipe": "1.0.0" - }, - "engines": { - "node": ">= 0.8" - } - }, - "node_modules/boolbase": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/boolbase/-/boolbase-1.0.0.tgz", - "integrity": "sha1-aN/1++YMUes3cl6p4+0xDcwed24=", - "dev": true + "integrity": "sha512-D7iWRBvnZE8ecXiLj/9wbxH7Tk79fAh8IHaTNq1RWRixsS02W+5qS+iE9yq6RYl0asXx5tw0bLhmT5pIfbSquw==", + "dev": true, + "peer": true }, "node_modules/brace-expansion": { "version": "1.1.11", "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==", + "dev": true, "dependencies": { "balanced-match": "^1.0.0", "concat-map": "0.0.1" @@ -4499,6 +2469,7 @@ "version": "3.0.2", "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz", "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==", + "dev": true, "dependencies": { "fill-range": "^7.0.1" }, @@ -4509,12 +2480,23 @@ "node_modules/brorand": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/brorand/-/brorand-1.1.0.tgz", - "integrity": "sha1-EsJe/kCkXjwyPrhnWgoM5XsiNx8=" + "integrity": "sha1-EsJe/kCkXjwyPrhnWgoM5XsiNx8=", + "dev": true, + "peer": true + }, + "node_modules/browser-process-hrtime": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/browser-process-hrtime/-/browser-process-hrtime-1.0.0.tgz", + "integrity": "sha512-9o5UecI3GhkpM6DrXr69PblIuWxPKk9Y0jHBRhdocZ2y7YECBFCsHm79Pr3OyR2AvjhDkabFJaDJMYRazHgsow==", + "dev": true, + "peer": true }, "node_modules/browserify-aes": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/browserify-aes/-/browserify-aes-1.2.0.tgz", "integrity": "sha512-+7CHXqGuspUn/Sl5aO7Ea0xWGAtETPXNSAjHo48JfLdPWcMng33Xe4znFvQweqc/uzk5zSOI3H52CYnjCfb5hA==", + "dev": true, + "peer": true, "dependencies": { "buffer-xor": "^1.0.3", "cipher-base": "^1.0.0", @@ -4528,6 +2510,8 @@ "version": "1.0.1", "resolved": "https://registry.npmjs.org/browserify-cipher/-/browserify-cipher-1.0.1.tgz", "integrity": "sha512-sPhkz0ARKbf4rRQt2hTpAHqn47X3llLkUGn+xEJzLjwY8LRs2p0v7ljvI5EyoRO/mexrNunNECisZs+gw2zz1w==", + "dev": true, + "peer": true, "dependencies": { "browserify-aes": "^1.0.4", "browserify-des": "^1.0.0", @@ -4538,6 +2522,8 @@ "version": "1.0.2", "resolved": "https://registry.npmjs.org/browserify-des/-/browserify-des-1.0.2.tgz", "integrity": "sha512-BioO1xf3hFwz4kc6iBhI3ieDFompMhrMlnDFC4/0/vd5MokpuAc3R+LYbwTA9A5Yc9pq9UYPqffKpW2ObuwX5A==", + "dev": true, + "peer": true, "dependencies": { "cipher-base": "^1.0.1", "des.js": "^1.0.0", @@ -4549,6 +2535,8 @@ "version": "4.1.0", "resolved": "https://registry.npmjs.org/browserify-rsa/-/browserify-rsa-4.1.0.tgz", "integrity": "sha512-AdEER0Hkspgno2aR97SAf6vi0y0k8NuOpGnVH3O99rcA5Q6sh8QxcngtHuJ6uXwnfAXNM4Gn1Gb7/MV1+Ymbog==", + "dev": true, + "peer": true, "dependencies": { "bn.js": "^5.0.0", "randombytes": "^2.0.1" @@ -4558,6 +2546,8 @@ "version": "4.2.1", "resolved": "https://registry.npmjs.org/browserify-sign/-/browserify-sign-4.2.1.tgz", "integrity": "sha512-/vrA5fguVAKKAVTNJjgSm1tRQDHUU6DbwO9IROu/0WAzC8PKhucDSh18J0RMvVeHAn5puMd+QHC2erPRNf8lmg==", + "dev": true, + "peer": true, "dependencies": { "bn.js": "^5.1.1", "browserify-rsa": "^4.0.1", @@ -4574,6 +2564,7 @@ "version": "5.2.1", "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==", + "dev": true, "funding": [ { "type": "github", @@ -4587,12 +2578,15 @@ "type": "consulting", "url": "https://feross.org/support" } - ] + ], + "peer": true }, "node_modules/browserify-zlib": { "version": "0.2.0", "resolved": "https://registry.npmjs.org/browserify-zlib/-/browserify-zlib-0.2.0.tgz", "integrity": "sha512-Z942RysHXmJrhqk88FmKBVq/v5tqmSkDz7p54G/MGyjMnCFFnC79XWNbg+Vta8W6Wb2qtSZTSxIGkJrRpCFEiA==", + "dev": true, + "peer": true, "dependencies": { "pako": "~1.0.5" } @@ -4601,6 +2595,7 @@ "version": "4.16.6", "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.16.6.tgz", "integrity": "sha512-Wspk/PqO+4W9qp5iUTJsa1B/QrYn1keNCcEP5OvP7WBwT4KaDly0uONYmC6Xa3Z5IqnUgS0KcgLYu1l74x0ZXQ==", + "dev": true, "dependencies": { "caniuse-lite": "^1.0.30001219", "colorette": "^1.2.2", @@ -4631,61 +2626,16 @@ "node": ">= 6" } }, - "node_modules/buffer": { - "version": "5.7.1", - "resolved": "https://registry.npmjs.org/buffer/-/buffer-5.7.1.tgz", - "integrity": "sha512-EHcyIPBQ4BSGlvjB16k5KgAJ27CIsHY/2JBmCRReo48y9rQ3MaUzWX3KVlBa4U7MyX02HdVj0K7C3WaB3ju7FQ==", + "node_modules/bser": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/bser/-/bser-2.1.1.tgz", + "integrity": "sha512-gQxTNE/GAfIIrmHLUE3oJyp5FO6HRBfhjnw4/wMmA63ZGDJnWBmgY/lyQBpnDUkGmAhbSe39tx2d/iTOAfglwQ==", "dev": true, - "funding": [ - { - "type": "github", - "url": "https://github.com/sponsors/feross" - }, - { - "type": "patreon", - "url": "https://www.patreon.com/feross" - }, - { - "type": "consulting", - "url": "https://feross.org/support" - } - ], + "peer": true, "dependencies": { - "base64-js": "^1.3.1", - "ieee754": "^1.1.13" + "node-int64": "^0.4.0" } }, - "node_modules/buffer-alloc": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/buffer-alloc/-/buffer-alloc-1.2.0.tgz", - "integrity": "sha512-CFsHQgjtW1UChdXgbyJGtnm+O/uLQeZdtbDo8mfUgYXCHSM1wgrVxXm6bSyrUuErEb+4sYVGCzASBRot7zyrow==", - "dev": true, - "dependencies": { - "buffer-alloc-unsafe": "^1.1.0", - "buffer-fill": "^1.0.0" - } - }, - "node_modules/buffer-alloc-unsafe": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/buffer-alloc-unsafe/-/buffer-alloc-unsafe-1.1.0.tgz", - "integrity": "sha512-TEM2iMIEQdJ2yjPJoSIsldnleVaAk1oW3DBVUykyOLsEsFmEc9kn+SFFPz+gl54KQNxlDnAwCXosOS9Okx2xAg==", - "dev": true - }, - "node_modules/buffer-crc32": { - "version": "0.2.13", - "resolved": "https://registry.npmjs.org/buffer-crc32/-/buffer-crc32-0.2.13.tgz", - "integrity": "sha1-DTM+PwDqxQqhRUq9MO+MKl2ackI=", - "dev": true, - "engines": { - "node": "*" - } - }, - "node_modules/buffer-fill": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/buffer-fill/-/buffer-fill-1.0.0.tgz", - "integrity": "sha1-+PeLdniYiO858gXNY39o5wISKyw=", - "dev": true - }, "node_modules/buffer-from": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.1.tgz", @@ -4695,25 +2645,23 @@ "node_modules/buffer-xor": { "version": "1.0.3", "resolved": "https://registry.npmjs.org/buffer-xor/-/buffer-xor-1.0.3.tgz", - "integrity": "sha1-JuYe0UIvtw3ULm42cp7VHYVf6Nk=" + "integrity": "sha1-JuYe0UIvtw3ULm42cp7VHYVf6Nk=", + "dev": true, + "peer": true }, "node_modules/builtin-status-codes": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/builtin-status-codes/-/builtin-status-codes-3.0.0.tgz", - "integrity": "sha1-hZgoeOIbmOHGZCXgPQF0eI9Wnug=" - }, - "node_modules/byline": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/byline/-/byline-5.0.0.tgz", - "integrity": "sha1-dBxSFkaOrcRXsDQQEYrXfejB3bE=", - "engines": { - "node": ">=0.10.0" - } + "integrity": "sha1-hZgoeOIbmOHGZCXgPQF0eI9Wnug=", + "dev": true, + "peer": true }, "node_modules/bytes": { "version": "3.1.0", "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.0.tgz", "integrity": "sha512-zauLjrfCG+xvoyaqLoV8bLVXXNGC4JqlxFCutSDWA6fJrTo2ZuvLYTqZ7aHBLZSMOopbzwv8f+wZcVzfVTI2Dg==", + "dev": true, + "peer": true, "engines": { "node": ">= 0.8" } @@ -4723,6 +2671,7 @@ "resolved": "https://registry.npmjs.org/cache-base/-/cache-base-1.0.1.tgz", "integrity": "sha512-AKcdTnFSWATd5/GCPRxr2ChwIJ85CeyrEyjRHlKxQ56d4XJMGym0uAiKn0xbLOGOl3+yRpOTi484dVCEc5AUzQ==", "dev": true, + "peer": true, "dependencies": { "collection-visit": "^1.0.0", "component-emitter": "^1.2.1", @@ -4738,43 +2687,11 @@ "node": ">=0.10.0" } }, - "node_modules/cacheable-request": { - "version": "2.1.4", - "resolved": "https://registry.npmjs.org/cacheable-request/-/cacheable-request-2.1.4.tgz", - "integrity": "sha1-DYCIAbY0KtM8kd+dC0TcCbkeXD0=", - "dev": true, - "dependencies": { - "clone-response": "1.0.2", - "get-stream": "3.0.0", - "http-cache-semantics": "3.8.1", - "keyv": "3.0.0", - "lowercase-keys": "1.0.0", - "normalize-url": "2.0.1", - "responselike": "1.0.2" - } - }, - "node_modules/cacheable-request/node_modules/get-stream": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-3.0.0.tgz", - "integrity": "sha1-jpQ9E1jcN1VQVOy+LtsFqhdO3hQ=", - "dev": true, - "engines": { - "node": ">=4" - } - }, - "node_modules/cacheable-request/node_modules/lowercase-keys": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/lowercase-keys/-/lowercase-keys-1.0.0.tgz", - "integrity": "sha1-TjNms55/VFfjXxMkvfb4jQv8cwY=", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/call-bind": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.2.tgz", "integrity": "sha512-7O+FbCihrB5WGbFYesctwmTKae6rOiIzmz1icreWJ+0aA7LJfuqhEso2T9ncpcFtzMQtzXf2QGGueWJGTYsqrA==", + "dev": true, "dependencies": { "function-bind": "^1.1.1", "get-intrinsic": "^1.0.2" @@ -4783,12 +2700,6 @@ "url": "https://github.com/sponsors/ljharb" } }, - "node_modules/call-me-maybe": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/call-me-maybe/-/call-me-maybe-1.0.1.tgz", - "integrity": "sha1-JtII6onje1y95gJQoV8DHBak1ms=", - "dev": true - }, "node_modules/callsites": { "version": "3.1.0", "resolved": "https://registry.npmjs.org/callsites/-/callsites-3.1.0.tgz", @@ -4798,20 +2709,6 @@ "node": ">=6" } }, - "node_modules/camel-case": { - "version": "4.1.2", - "resolved": "https://registry.npmjs.org/camel-case/-/camel-case-4.1.2.tgz", - "integrity": "sha512-gxGWBrTT1JuMx6R+o5PTXMmUnhnVzLQ9SNutD4YqKtI6ap897t3tKECYla6gCWEkplXnlNybEkZg9GEGxKFCgw==", - "dependencies": { - "pascal-case": "^3.1.2", - "tslib": "^2.0.3" - } - }, - "node_modules/camel-case/node_modules/tslib": { - "version": "2.3.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.3.1.tgz", - "integrity": "sha512-77EbyPPpMz+FRFRuAFlWMtmgUWGe9UOG2Z25NqCwiIjRhOf5iKGuzSe5P2w1laq+FkRy4p+PCuVkJSGkzTEKVw==" - }, "node_modules/camelcase": { "version": "5.3.1", "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-5.3.1.tgz", @@ -4821,14 +2718,6 @@ "node": ">=6" } }, - "node_modules/camelcase-css": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/camelcase-css/-/camelcase-css-2.0.1.tgz", - "integrity": "sha512-QOSvevhslijgYwRx6Rv7zKdMF8lbRmx+uQGx2+vDc+KI/eBnsy9kit5aj23AgGu3pa4t9AgwbnXWqS+iOY+2aA==", - "engines": { - "node": ">= 6" - } - }, "node_modules/camelcase-keys": { "version": "6.2.2", "resolved": "https://registry.npmjs.org/camelcase-keys/-/camelcase-keys-6.2.2.tgz", @@ -4850,39 +2739,30 @@ "version": "1.0.30001246", "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001246.tgz", "integrity": "sha512-Tc+ff0Co/nFNbLOrziBXmMVtpt9S2c2Y+Z9Nk9Khj09J+0zR9ejvIW5qkZAErCbOrVODCx/MN+GpB5FNBs5GFA==", + "dev": true, "funding": { "type": "opencollective", "url": "https://opencollective.com/browserslist" } }, - "node_modules/caw": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/caw/-/caw-2.0.1.tgz", - "integrity": "sha512-Cg8/ZSBEa8ZVY9HspcGUYaK63d/bN7rqS3CYCzEGUxuYv6UlmcjzDUz2fCFFHyTvUW5Pk0I+3hkA3iXlIj6guA==", + "node_modules/capture-exit": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/capture-exit/-/capture-exit-2.0.0.tgz", + "integrity": "sha512-PiT/hQmTonHhl/HFGN+Lx3JJUznrVYJ3+AQsnthneZbvW7x+f08Tk7yLJTLEOUvBTbduLeeBkxEaYXUOUrRq6g==", "dev": true, + "peer": true, "dependencies": { - "get-proxy": "^2.0.0", - "isurl": "^1.0.0-alpha5", - "tunnel-agent": "^0.6.0", - "url-to-options": "^1.0.1" + "rsvp": "^4.8.4" }, "engines": { - "node": ">=4" - } - }, - "node_modules/ccount": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/ccount/-/ccount-1.1.0.tgz", - "integrity": "sha512-vlNK021QdI7PNeiUh/lKkC/mNHHfV0m/Ad5JoI0TYtlBnJAslM/JIkm/tGC88bkLIwO6OQ5uV6ztS6kVAtCDlg==", - "funding": { - "type": "github", - "url": "https://github.com/sponsors/wooorm" + "node": "6.* || 8.* || >= 10.*" } }, "node_modules/chalk": { "version": "4.1.0", "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.0.tgz", "integrity": "sha512-qwx12AxXe2Q5xQ43Ac//I6v5aXTipYrSESdOgzrN+9XjgEpyjpKuvSGaN4qE93f7TQTlerQQ8S+EQ0EyDoVL1A==", + "dev": true, "dependencies": { "ansi-styles": "^4.1.0", "supports-color": "^7.1.0" @@ -4894,19 +2774,21 @@ "url": "https://github.com/chalk/chalk?sponsor=1" } }, + "node_modules/char-regex": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/char-regex/-/char-regex-1.0.2.tgz", + "integrity": "sha512-kWWXztvZ5SBQV+eRgKFeh8q5sLuZY2+8WUIzlxWVTg+oGwY14qylx1KbKzHd8P6ZYkAg0xyIDU9JMHhyJMZ1jw==", + "dev": true, + "peer": true, + "engines": { + "node": ">=10" + } + }, "node_modules/character-entities": { "version": "1.2.4", "resolved": "https://registry.npmjs.org/character-entities/-/character-entities-1.2.4.tgz", "integrity": "sha512-iBMyeEHxfVnIakwOuDXpVkc54HijNgCyQB2w0VfGQThle6NXn50zU6V/u+LDhxHcDUPojn6Kpga3PTAD8W1bQw==", - "funding": { - "type": "github", - "url": "https://github.com/sponsors/wooorm" - } - }, - "node_modules/character-entities-html4": { - "version": "1.1.4", - "resolved": "https://registry.npmjs.org/character-entities-html4/-/character-entities-html4-1.1.4.tgz", - "integrity": "sha512-HRcDxZuZqMx3/a+qrzxdBKBPUpxWEq9xw2OPZ3a/174ihfrQKVsFhqtthBInFy1zZ9GgZyFXOatNujm8M+El3g==", + "dev": true, "funding": { "type": "github", "url": "https://github.com/sponsors/wooorm" @@ -4916,6 +2798,7 @@ "version": "1.1.4", "resolved": "https://registry.npmjs.org/character-entities-legacy/-/character-entities-legacy-1.1.4.tgz", "integrity": "sha512-3Xnr+7ZFS1uxeiUDvV02wQ+QDbc55o97tIV5zHScSPJpcLm/r0DFPcoY3tYRp+VZukxuMeKgXYmsXQHO05zQeA==", + "dev": true, "funding": { "type": "github", "url": "https://github.com/sponsors/wooorm" @@ -4925,6 +2808,7 @@ "version": "1.1.4", "resolved": "https://registry.npmjs.org/character-reference-invalid/-/character-reference-invalid-1.1.4.tgz", "integrity": "sha512-mKKUkUbhPpQlCOfIuZkvSEgktjPFIsZKRRbC6KWVEMvlzblj3i3asQv5ODsrwt0N3pHAEvjP8KTQPHkp0+6jOg==", + "dev": true, "funding": { "type": "github", "url": "https://github.com/sponsors/wooorm" @@ -4936,16 +2820,12 @@ "integrity": "sha512-mT8iDcrh03qDGRRmoA2hmBJnxpllMR+0/0qlzjqZES6NdiWDcZkCNAk4rPFZ9Q85r27unkiNNg8ZOiwZXBHwcA==", "dev": true }, - "node_modules/check-types": { - "version": "8.0.3", - "resolved": "https://registry.npmjs.org/check-types/-/check-types-8.0.3.tgz", - "integrity": "sha512-YpeKZngUmG65rLudJ4taU7VLkOCTMhNl/u4ctNC56LQS/zJTyNH0Lrtwm1tfTsbLlwvlfsA2d1c8vCf/Kh2KwQ==", - "dev": true - }, "node_modules/chokidar": { "version": "3.5.1", "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.5.1.tgz", "integrity": "sha512-9+s+Od+W0VJJzawDma/gvBNQqkTiqYTWLuZoyAsivsI4AaWTCzHG06/TMjsf1cYe9Cb97UCEhjz7HvnPk2p/tw==", + "dev": true, + "peer": true, "dependencies": { "anymatch": "~3.1.1", "braces": "~3.0.2", @@ -4962,17 +2842,6 @@ "fsevents": "~2.3.1" } }, - "node_modules/ci": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/ci/-/ci-2.1.1.tgz", - "integrity": "sha512-StBCU1G9zbhgVBqvslvOpT601zme9YfyZaUSjgXCtfnIynPuDBHX85WwnXv5cnh74bYo8S3xfPpI41yk1jZmRw==", - "bin": { - "ci": "ci.js" - }, - "funding": { - "url": "https://github.com/privatenumber/ci?sponsor=1" - } - }, "node_modules/ci-info": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/ci-info/-/ci-info-2.0.0.tgz", @@ -4983,16 +2852,26 @@ "version": "1.0.4", "resolved": "https://registry.npmjs.org/cipher-base/-/cipher-base-1.0.4.tgz", "integrity": "sha512-Kkht5ye6ZGmwv40uUDZztayT2ThLQGfnj/T71N/XzeZeo3nf8foyW7zGTsPYkEya3m5f3cAypH+qe7YOrM1U2Q==", + "dev": true, + "peer": true, "dependencies": { "inherits": "^2.0.1", "safe-buffer": "^5.0.1" } }, + "node_modules/cjs-module-lexer": { + "version": "0.6.0", + "resolved": "https://registry.npmjs.org/cjs-module-lexer/-/cjs-module-lexer-0.6.0.tgz", + "integrity": "sha512-uc2Vix1frTfnuzxxu1Hp4ktSvM3QaI4oXl4ZUqL1wjTu/BGki9TrCWoqLTg/drR1KwAEarXuRFCG2Svr1GxPFw==", + "dev": true, + "peer": true + }, "node_modules/class-utils": { "version": "0.3.6", "resolved": "https://registry.npmjs.org/class-utils/-/class-utils-0.3.6.tgz", "integrity": "sha512-qOhPa/Fj7s6TY8H8esGu5QNpMMQxz79h+urzrNYN6mn+9BnxlDGf5QZ+XeCDsxSjPqsSR56XOZOJmpeurnLMeg==", "dev": true, + "peer": true, "dependencies": { "arr-union": "^3.1.0", "define-property": "^0.2.5", @@ -5008,6 +2887,7 @@ "resolved": "https://registry.npmjs.org/define-property/-/define-property-0.2.5.tgz", "integrity": "sha1-w1se+RjsPJkPmlvFe+BKrOxcgRY=", "dev": true, + "peer": true, "dependencies": { "is-descriptor": "^0.1.0" }, @@ -5020,6 +2900,7 @@ "resolved": "https://registry.npmjs.org/is-accessor-descriptor/-/is-accessor-descriptor-0.1.6.tgz", "integrity": "sha1-qeEss66Nh2cn7u84Q/igiXtcmNY=", "dev": true, + "peer": true, "dependencies": { "kind-of": "^3.0.2" }, @@ -5032,6 +2913,7 @@ "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", "integrity": "sha1-MeohpzS6ubuw8yRm2JOupR5KPGQ=", "dev": true, + "peer": true, "dependencies": { "is-buffer": "^1.1.5" }, @@ -5043,13 +2925,15 @@ "version": "1.1.6", "resolved": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.6.tgz", "integrity": "sha512-NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w==", - "dev": true + "dev": true, + "peer": true }, "node_modules/class-utils/node_modules/is-data-descriptor": { "version": "0.1.4", "resolved": "https://registry.npmjs.org/is-data-descriptor/-/is-data-descriptor-0.1.4.tgz", "integrity": "sha1-C17mSDiOLIYCgueT8YVv7D8wG1Y=", "dev": true, + "peer": true, "dependencies": { "kind-of": "^3.0.2" }, @@ -5062,6 +2946,7 @@ "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", "integrity": "sha1-MeohpzS6ubuw8yRm2JOupR5KPGQ=", "dev": true, + "peer": true, "dependencies": { "is-buffer": "^1.1.5" }, @@ -5074,6 +2959,7 @@ "resolved": "https://registry.npmjs.org/is-descriptor/-/is-descriptor-0.1.6.tgz", "integrity": "sha512-avDYr0SB3DwO9zsMov0gKCESFYqCnE4hq/4z3TdUlukEy5t9C0YRq7HLrsN52NAcqXKaepeCD0n+B0arnVG3Hg==", "dev": true, + "peer": true, "dependencies": { "is-accessor-descriptor": "^0.1.6", "is-data-descriptor": "^0.1.4", @@ -5088,15 +2974,11 @@ "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-5.1.0.tgz", "integrity": "sha512-NGEErnH6F2vUuXDh+OlbcKW7/wOcfdRHaZ7VWtqCztfHri/++YKmP51OdWeGPuqCOba6kk2OTe5d02VmTB80Pw==", "dev": true, + "peer": true, "engines": { "node": ">=0.10.0" } }, - "node_modules/classnames": { - "version": "2.3.1", - "resolved": "https://registry.npmjs.org/classnames/-/classnames-2.3.1.tgz", - "integrity": "sha512-OlQdbZ7gLfGarSqxesMesDa5uz7KFbID8Kpq/SxIoNGDqY8lSYs0D+hhtBXhcdB3rcbXArFr7vlHheLk1voeNA==" - }, "node_modules/clean-stack": { "version": "2.2.0", "resolved": "https://registry.npmjs.org/clean-stack/-/clean-stack-2.2.0.tgz", @@ -5143,6 +3025,33 @@ "node": ">= 10" } }, + "node_modules/cliui": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/cliui/-/cliui-6.0.0.tgz", + "integrity": "sha512-t6wbgtoCXvAzst7QgXxJYqPt0usEfbgQdftEPbLL/cvv6HPE5VgvqCuAIDR0NgU52ds6rFwqrgakNLrHEjCbrQ==", + "dev": true, + "peer": true, + "dependencies": { + "string-width": "^4.2.0", + "strip-ansi": "^6.0.0", + "wrap-ansi": "^6.2.0" + } + }, + "node_modules/cliui/node_modules/wrap-ansi": { + "version": "6.2.0", + "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-6.2.0.tgz", + "integrity": "sha512-r6lPcBGxZXlIcymEu7InxDMhdW0KDxpLgoFLcguasxCaJ/SOIZwINatK9KY/tf+ZrlywOKU0UDj3ATXUBfxJXA==", + "dev": true, + "peer": true, + "dependencies": { + "ansi-styles": "^4.0.0", + "string-width": "^4.1.0", + "strip-ansi": "^6.0.0" + }, + "engines": { + "node": ">=8" + } + }, "node_modules/clone-regexp": { "version": "2.2.0", "resolved": "https://registry.npmjs.org/clone-regexp/-/clone-regexp-2.2.0.tgz", @@ -5164,105 +3073,30 @@ "node": ">=6" } }, - "node_modules/clone-response": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/clone-response/-/clone-response-1.0.2.tgz", - "integrity": "sha1-0dyXOSAxTfZ/vrlCI7TuNQI56Ws=", + "node_modules/co": { + "version": "4.6.0", + "resolved": "https://registry.npmjs.org/co/-/co-4.6.0.tgz", + "integrity": "sha1-bqa989hTrlTMuOR7+gvz+QMfsYQ=", "dev": true, - "dependencies": { - "mimic-response": "^1.0.0" - } - }, - "node_modules/coa": { - "version": "2.0.2", - "resolved": "https://registry.npmjs.org/coa/-/coa-2.0.2.tgz", - "integrity": "sha512-q5/jG+YQnSy4nRTV4F7lPepBJZ8qBNJJDBuJdoejDyLXgmL7IEo+Le2JDZudFTFt7mrCqIRaSjws4ygRCTCAXA==", - "dev": true, - "dependencies": { - "@types/q": "^1.5.1", - "chalk": "^2.4.1", - "q": "^1.1.2" - }, + "peer": true, "engines": { - "node": ">= 4.0" + "iojs": ">= 1.0.0", + "node": ">= 0.12.0" } }, - "node_modules/coa/node_modules/ansi-styles": { - "version": "3.2.1", - "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz", - "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==", + "node_modules/collect-v8-coverage": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/collect-v8-coverage/-/collect-v8-coverage-1.0.1.tgz", + "integrity": "sha512-iBPtljfCNcTKNAto0KEtDfZ3qzjJvqE3aTGZsbhjSBlorqpXJlaWWtPO35D+ZImoC3KWejX64o+yPGxhWSTzfg==", "dev": true, - "dependencies": { - "color-convert": "^1.9.0" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/coa/node_modules/chalk": { - "version": "2.4.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz", - "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==", - "dev": true, - "dependencies": { - "ansi-styles": "^3.2.1", - "escape-string-regexp": "^1.0.5", - "supports-color": "^5.3.0" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/coa/node_modules/color-convert": { - "version": "1.9.3", - "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", - "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==", - "dev": true, - "dependencies": { - "color-name": "1.1.3" - } - }, - "node_modules/coa/node_modules/color-name": { - "version": "1.1.3", - "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", - "integrity": "sha1-p9BVi9icQveV3UIyj3QIMcpTvCU=", - "dev": true - }, - "node_modules/coa/node_modules/has-flag": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", - "integrity": "sha1-tdRU3CGZriJWmfNGfloH87lVuv0=", - "dev": true, - "engines": { - "node": ">=4" - } - }, - "node_modules/coa/node_modules/supports-color": { - "version": "5.5.0", - "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", - "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==", - "dev": true, - "dependencies": { - "has-flag": "^3.0.0" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/collapse-white-space": { - "version": "1.0.6", - "resolved": "https://registry.npmjs.org/collapse-white-space/-/collapse-white-space-1.0.6.tgz", - "integrity": "sha512-jEovNnrhMuqyCcjfEJA56v0Xq8SkIoPKDyaHahwo3POf4qcSXqMYuwNcOTzp74vTsR9Tn08z4MxWqAhcekogkQ==", - "funding": { - "type": "github", - "url": "https://github.com/sponsors/wooorm" - } + "peer": true }, "node_modules/collection-visit": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/collection-visit/-/collection-visit-1.0.0.tgz", "integrity": "sha1-S8A3PBZLwykbTTaMgpzxqApZ3KA=", "dev": true, + "peer": true, "dependencies": { "map-visit": "^1.0.0", "object-visit": "^1.0.0" @@ -5275,6 +3109,7 @@ "version": "2.0.1", "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==", + "dev": true, "dependencies": { "color-name": "~1.1.4" }, @@ -5285,17 +3120,20 @@ "node_modules/color-name": { "version": "1.1.4", "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", - "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==" + "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==", + "dev": true }, "node_modules/colorette": { "version": "1.4.0", "resolved": "https://registry.npmjs.org/colorette/-/colorette-1.4.0.tgz", - "integrity": "sha512-Y2oEozpomLn7Q3HFP7dpww7AtMJplbM9lGZP6RDfHqmbeRjiwRg4n6VM6j4KLmRke85uWEI7JqF17f3pqdRA0g==" + "integrity": "sha512-Y2oEozpomLn7Q3HFP7dpww7AtMJplbM9lGZP6RDfHqmbeRjiwRg4n6VM6j4KLmRke85uWEI7JqF17f3pqdRA0g==", + "dev": true }, "node_modules/combined-stream": { "version": "1.0.8", "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==", + "dev": true, "dependencies": { "delayed-stream": "~1.0.0" }, @@ -5303,15 +3141,6 @@ "node": ">= 0.8" } }, - "node_modules/comma-separated-tokens": { - "version": "1.0.8", - "resolved": "https://registry.npmjs.org/comma-separated-tokens/-/comma-separated-tokens-1.0.8.tgz", - "integrity": "sha512-GHuDRO12Sypu2cV70d1dkA2EUmXHgntrzbpvOB+Qy+49ypNfGgFQIC2fhhXbnyrJRynDCAARsT7Ou0M6hirpfw==", - "funding": { - "type": "github", - "url": "https://github.com/sponsors/wooorm" - } - }, "node_modules/commander": { "version": "7.2.0", "resolved": "https://registry.npmjs.org/commander/-/commander-7.2.0.tgz", @@ -5324,7 +3153,9 @@ "node_modules/commondir": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/commondir/-/commondir-1.0.1.tgz", - "integrity": "sha1-3dgA2gxmEnOTzKWVDqloo6rxJTs=" + "integrity": "sha1-3dgA2gxmEnOTzKWVDqloo6rxJTs=", + "dev": true, + "peer": true }, "node_modules/compare-versions": { "version": "3.6.0", @@ -5336,89 +3167,44 @@ "version": "1.3.0", "resolved": "https://registry.npmjs.org/component-emitter/-/component-emitter-1.3.0.tgz", "integrity": "sha512-Rd3se6QB+sO1TwqZjscQrurpEPIfO0/yYnSin6Q/rD3mOutHvUrCAhJub3r90uNb+SESBuE0QYoB90YdfatsRg==", - "dev": true - }, - "node_modules/compute-scroll-into-view": { - "version": "1.0.17", - "resolved": "https://registry.npmjs.org/compute-scroll-into-view/-/compute-scroll-into-view-1.0.17.tgz", - "integrity": "sha512-j4dx+Fb0URmzbwwMUrhqWM2BEWHdFGx+qZ9qqASHRPqvTYdqvWnHg0H1hIbcyLnvgnoNAVMlwkepyqM3DaIFUg==" + "dev": true, + "peer": true }, "node_modules/concat-map": { "version": "0.0.1", "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", - "integrity": "sha1-2Klr13/Wjfd5OnMDajug1UBdR3s=" - }, - "node_modules/config-chain": { - "version": "1.1.13", - "resolved": "https://registry.npmjs.org/config-chain/-/config-chain-1.1.13.tgz", - "integrity": "sha512-qj+f8APARXHrM0hraqXYb2/bOVSV4PvJQlNZ/DVj0QrmNM2q2euizkeuVckQ57J+W0mRH6Hvi+k50M4Jul2VRQ==", - "dev": true, - "dependencies": { - "ini": "^1.3.4", - "proto-list": "~1.2.1" - } + "integrity": "sha1-2Klr13/Wjfd5OnMDajug1UBdR3s=", + "dev": true }, "node_modules/console-browserify": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/console-browserify/-/console-browserify-1.2.0.tgz", - "integrity": "sha512-ZMkYO/LkF17QvCPqM0gxw8yUzigAOZOSWSHg91FH6orS7vcEj5dVZTidN2fQ14yBSdg97RqhSNwLUXInd52OTA==" - }, - "node_modules/console-stream": { - "version": "0.1.1", - "resolved": "https://registry.npmjs.org/console-stream/-/console-stream-0.1.1.tgz", - "integrity": "sha1-oJX+B7IEZZVfL6/Si11yvM2UnUQ=", - "dev": true + "integrity": "sha512-ZMkYO/LkF17QvCPqM0gxw8yUzigAOZOSWSHg91FH6orS7vcEj5dVZTidN2fQ14yBSdg97RqhSNwLUXInd52OTA==", + "dev": true, + "peer": true }, "node_modules/constants-browserify": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/constants-browserify/-/constants-browserify-1.0.0.tgz", - "integrity": "sha1-wguW2MYXdIqvHBYCF2DNJ/y4y3U=" - }, - "node_modules/content-disposition": { - "version": "0.5.3", - "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.3.tgz", - "integrity": "sha512-ExO0774ikEObIAEV9kDo50o+79VCUdEB6n6lzKgGwupcVeRlhrj3qGAfwq8G6uBJjkqLrhT0qEYFcWng8z1z0g==", - "dependencies": { - "safe-buffer": "5.1.2" - }, - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/content-type": { - "version": "1.0.4", - "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.4.tgz", - "integrity": "sha512-hIP3EEPs8tB9AT1L+NUqtwOAps4mk2Zob89MWXMHjHWg9milF/j4osnnQLXBCBFBk/tvIG/tUc9mOUJiPBhPXA==", - "engines": { - "node": ">= 0.6" - } + "integrity": "sha1-wguW2MYXdIqvHBYCF2DNJ/y4y3U=", + "dev": true, + "peer": true }, "node_modules/convert-source-map": { "version": "1.7.0", "resolved": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-1.7.0.tgz", "integrity": "sha512-4FJkXzKXEDB1snCFZlLP4gpC3JILicCpGbzG9f9G7tGqGCzETQ2hWPrcinA9oU4wtf2biUaEH5065UnMeR33oA==", + "dev": true, "dependencies": { "safe-buffer": "~5.1.1" } }, - "node_modules/cookie": { - "version": "0.4.0", - "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.4.0.tgz", - "integrity": "sha512-+Hp8fLp57wnUSt0tY0tHEXh4voZRDnoIrZPqlo3DPiI4y9lwg/jqx+1Om94/W6ZaPDOUbnjOt/99w66zk+l1Xg==", - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/cookie-signature": { - "version": "1.0.6", - "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz", - "integrity": "sha1-4wOogrNCzD7oylE6eZmXNNqzriw=" - }, "node_modules/copy-descriptor": { "version": "0.1.1", "resolved": "https://registry.npmjs.org/copy-descriptor/-/copy-descriptor-0.1.1.tgz", "integrity": "sha1-Z29us8OZl8LuGsOpJP1hJHSPV40=", "dev": true, + "peer": true, "engines": { "node": ">=0.10.0" } @@ -5437,7 +3223,9 @@ "node_modules/core-util-is": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.2.tgz", - "integrity": "sha1-tf1UIgqivFq1eqtxQMlAdUUDwac=" + "integrity": "sha1-tf1UIgqivFq1eqtxQMlAdUUDwac=", + "dev": true, + "peer": true }, "node_modules/cosmiconfig": { "version": "7.0.0", @@ -5459,6 +3247,8 @@ "version": "4.0.4", "resolved": "https://registry.npmjs.org/create-ecdh/-/create-ecdh-4.0.4.tgz", "integrity": "sha512-mf+TCx8wWc9VpuxfP2ht0iSISLZnt0JgWlrOKZiNqyUZWnjIaCIVNQArMHnCZKfEYRg6IM7A+NeJoN8gf/Ws0A==", + "dev": true, + "peer": true, "dependencies": { "bn.js": "^4.1.0", "elliptic": "^6.5.3" @@ -5467,12 +3257,16 @@ "node_modules/create-ecdh/node_modules/bn.js": { "version": "4.12.0", "resolved": "https://registry.npmjs.org/bn.js/-/bn.js-4.12.0.tgz", - "integrity": "sha512-c98Bf3tPniI+scsdk237ku1Dc3ujXQTSgyiPUDEOe7tRkhrqridvh8klBv0HCEso1OLOYcHuCv/cS6DNxKH+ZA==" + "integrity": "sha512-c98Bf3tPniI+scsdk237ku1Dc3ujXQTSgyiPUDEOe7tRkhrqridvh8klBv0HCEso1OLOYcHuCv/cS6DNxKH+ZA==", + "dev": true, + "peer": true }, "node_modules/create-hash": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/create-hash/-/create-hash-1.2.0.tgz", "integrity": "sha512-z00bCGNHDG8mHAkP7CtT1qVu+bFQUPjYq/4Iv3C3kWjTFV10zIjfSoeqXo9Asws8gwSHDGj/hl2u4OGIjapeCg==", + "dev": true, + "peer": true, "dependencies": { "cipher-base": "^1.0.1", "inherits": "^2.0.1", @@ -5485,6 +3279,8 @@ "version": "1.1.7", "resolved": "https://registry.npmjs.org/create-hmac/-/create-hmac-1.1.7.tgz", "integrity": "sha512-MJG9liiZ+ogc4TzUwuvbER1JRdgvUFSB5+VR/g5h82fGaIRWMWddtKBHi7/sVhfjQZ6SehlyhvQYrcYkaUIpLg==", + "dev": true, + "peer": true, "dependencies": { "cipher-base": "^1.0.3", "create-hash": "^1.1.0", @@ -5498,6 +3294,7 @@ "version": "3.1.4", "resolved": "https://registry.npmjs.org/cross-fetch/-/cross-fetch-3.1.4.tgz", "integrity": "sha512-1eAtFWdIubi6T4XPy6ei9iUFoKpUkIF971QLN8lIvvvwueI65+Nw5haMNKUwfJxabqlIIDODJKGrQ66gxC0PbQ==", + "dev": true, "dependencies": { "node-fetch": "2.6.1" } @@ -5520,6 +3317,8 @@ "version": "3.12.0", "resolved": "https://registry.npmjs.org/crypto-browserify/-/crypto-browserify-3.12.0.tgz", "integrity": "sha512-fz4spIh+znjO2VjL+IdhEpRJ3YN6sMzITSBijk6FK2UvTqruSQW+/cCZTSNsMiZNvUeq0CqurF+dAbyiGOY6Wg==", + "dev": true, + "peer": true, "dependencies": { "browserify-cipher": "^1.0.0", "browserify-sign": "^4.0.0", @@ -5537,62 +3336,12 @@ "node": "*" } }, - "node_modules/css-select": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/css-select/-/css-select-2.1.0.tgz", - "integrity": "sha512-Dqk7LQKpwLoH3VovzZnkzegqNSuAziQyNZUcrdDM401iY+R5NkGBXGmtO05/yaXQziALuPogeG0b7UAgjnTJTQ==", - "dev": true, - "dependencies": { - "boolbase": "^1.0.0", - "css-what": "^3.2.1", - "domutils": "^1.7.0", - "nth-check": "^1.0.2" - } - }, - "node_modules/css-select-base-adapter": { - "version": "0.1.1", - "resolved": "https://registry.npmjs.org/css-select-base-adapter/-/css-select-base-adapter-0.1.1.tgz", - "integrity": "sha512-jQVeeRG70QI08vSTwf1jHxp74JoZsr2XSgETae8/xC8ovSnL2WF87GTLO86Sbwdt2lK4Umg4HnnwMO4YF3Ce7w==", - "dev": true - }, - "node_modules/css-tree": { - "version": "1.0.0-alpha.37", - "resolved": "https://registry.npmjs.org/css-tree/-/css-tree-1.0.0-alpha.37.tgz", - "integrity": "sha512-DMxWJg0rnz7UgxKT0Q1HU/L9BeJI0M6ksor0OgqOnF+aRCDWg/N2641HmVyU9KVIu0OVVWOb2IpC9A+BJRnejg==", - "dev": true, - "dependencies": { - "mdn-data": "2.0.4", - "source-map": "^0.6.1" - }, - "engines": { - "node": ">=8.0.0" - } - }, - "node_modules/css-tree/node_modules/source-map": { - "version": "0.6.1", - "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", - "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/css-what": { - "version": "3.4.2", - "resolved": "https://registry.npmjs.org/css-what/-/css-what-3.4.2.tgz", - "integrity": "sha512-ACUm3L0/jiZTqfzRM3Hi9Q8eZqd6IK37mMWPLz9PJxkLWllYeRf+EHUSHYEtFop2Eqytaq1FizFVh7XfBnXCDQ==", - "dev": true, - "engines": { - "node": ">= 6" - }, - "funding": { - "url": "https://github.com/sponsors/fb55" - } - }, "node_modules/css.escape": { "version": "1.5.1", "resolved": "https://registry.npmjs.org/css.escape/-/css.escape-1.5.1.tgz", - "integrity": "sha1-QuJ9T6BK4y+TGktNQZH6nN3ul8s=" + "integrity": "sha1-QuJ9T6BK4y+TGktNQZH6nN3ul8s=", + "dev": true, + "peer": true }, "node_modules/cssesc": { "version": "3.0.0", @@ -5610,6 +3359,8 @@ "version": "3.0.0", "resolved": "https://registry.npmjs.org/cssnano-preset-simple/-/cssnano-preset-simple-3.0.0.tgz", "integrity": "sha512-vxQPeoMRqUT3c/9f0vWeVa2nKQIHFpogtoBvFdW4GQ3IvEJ6uauCP6p3Y5zQDLFcI7/+40FTgX12o7XUL0Ko+w==", + "dev": true, + "peer": true, "dependencies": { "caniuse-lite": "^1.0.30001202" }, @@ -5621,6 +3372,8 @@ "version": "3.0.0", "resolved": "https://registry.npmjs.org/cssnano-simple/-/cssnano-simple-3.0.0.tgz", "integrity": "sha512-oU3ueli5Dtwgh0DyeohcIEE00QVfbPR3HzyXdAl89SfnQG3y0/qcpfLVW+jPIh3/rgMZGwuW96rejZGaYE9eUg==", + "dev": true, + "peer": true, "dependencies": { "cssnano-preset-simple": "^3.0.0" }, @@ -5633,73 +3386,32 @@ } } }, - "node_modules/csso": { - "version": "4.2.0", - "resolved": "https://registry.npmjs.org/csso/-/csso-4.2.0.tgz", - "integrity": "sha512-wvlcdIbf6pwKEk7vHj8/Bkc0B4ylXZruLvOgs9doS5eOsOpuodOV2zJChSpkp+pRpYQLQMeF04nr3Z68Sta9jA==", + "node_modules/cssom": { + "version": "0.4.4", + "resolved": "https://registry.npmjs.org/cssom/-/cssom-0.4.4.tgz", + "integrity": "sha512-p3pvU7r1MyyqbTk+WbNJIgJjG2VmTIaB10rI93LzVPrmDJKkzKYMtxxyAvQXR/NS6otuzveI7+7BBq3SjBS2mw==", "dev": true, + "peer": true + }, + "node_modules/cssstyle": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/cssstyle/-/cssstyle-2.3.0.tgz", + "integrity": "sha512-AZL67abkUzIuvcHqk7c09cezpGNcxUxU4Ioi/05xHk4DQeTkWmGYftIE6ctU6AEt+Gn4n1lDStOtj7FKycP71A==", + "dev": true, + "peer": true, "dependencies": { - "css-tree": "^1.1.2" + "cssom": "~0.3.6" }, "engines": { - "node": ">=8.0.0" + "node": ">=8" } }, - "node_modules/csso/node_modules/css-tree": { - "version": "1.1.3", - "resolved": "https://registry.npmjs.org/css-tree/-/css-tree-1.1.3.tgz", - "integrity": "sha512-tRpdppF7TRazZrjJ6v3stzv93qxRcSsFmW6cX0Zm2NVKpxE1WV1HblnghVv9TreireHkqI/VDEsfolRF1p6y7Q==", + "node_modules/cssstyle/node_modules/cssom": { + "version": "0.3.8", + "resolved": "https://registry.npmjs.org/cssom/-/cssom-0.3.8.tgz", + "integrity": "sha512-b0tGHbfegbhPJpxpiBPU2sCkigAqtM9O121le6bbOlgyV+NyGyCmVfJ6QW9eRjz8CpNfWEOYBIMIGRYkLwsIYg==", "dev": true, - "dependencies": { - "mdn-data": "2.0.14", - "source-map": "^0.6.1" - }, - "engines": { - "node": ">=8.0.0" - } - }, - "node_modules/csso/node_modules/mdn-data": { - "version": "2.0.14", - "resolved": "https://registry.npmjs.org/mdn-data/-/mdn-data-2.0.14.tgz", - "integrity": "sha512-dn6wd0uw5GsdswPFfsgMp5NSB0/aDe6fK94YJV/AJDYXL6HVLWBsxeq7js7Ad+mU2K9LAlwpk6kN2D5mwCPVow==", - "dev": true - }, - "node_modules/csso/node_modules/source-map": { - "version": "0.6.1", - "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", - "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/csstype": { - "version": "3.0.8", - "resolved": "https://registry.npmjs.org/csstype/-/csstype-3.0.8.tgz", - "integrity": "sha512-jXKhWqXPmlUeoQnF/EhTtTl4C9SnrxSH/jZUih3jmO6lBKr99rP3/+FmrMj4EFpOXzMtXHAZkd3x0E6h6Fgflw==", - "devOptional": true - }, - "node_modules/currently-unhandled": { - "version": "0.4.1", - "resolved": "https://registry.npmjs.org/currently-unhandled/-/currently-unhandled-0.4.1.tgz", - "integrity": "sha1-mI3zP+qxke95mmE2nddsF635V+o=", - "dev": true, - "dependencies": { - "array-find-index": "^1.0.1" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/d3-ease": { - "version": "1.0.7", - "resolved": "https://registry.npmjs.org/d3-ease/-/d3-ease-1.0.7.tgz", - "integrity": "sha512-lx14ZPYkhNx0s/2HX5sLFUI3mbasHjSSpwO/KaaNACweVwxUruKyWVcb293wMv1RqTPZyZ8kSZ2NogUZNcLOFQ==" - }, - "node_modules/d3-timer": { - "version": "1.0.10", - "resolved": "https://registry.npmjs.org/d3-timer/-/d3-timer-1.0.10.tgz", - "integrity": "sha512-B1JDm0XDaQC+uvo4DT79H0XmBskgS3l6Ve+1SBCfxgmtIb1AVrPIoqd+nPSv+loMX8szQ0sVUhGngL7D5QPiXw==" + "peer": true }, "node_modules/damerau-levenshtein": { "version": "1.0.7", @@ -5722,40 +3434,70 @@ "version": "3.0.1", "resolved": "https://registry.npmjs.org/data-uri-to-buffer/-/data-uri-to-buffer-3.0.1.tgz", "integrity": "sha512-WboRycPNsVw3B3TL559F7kuBUM4d8CgMEvk6xEJlOp7OBPjt6G7z8WMWlD2rOFZLk6OYfFIUGsCOWzcQH9K2og==", + "dev": true, + "peer": true, "engines": { "node": ">= 6" } }, - "node_modules/datocms-listen": { - "version": "0.1.6", - "resolved": "https://registry.npmjs.org/datocms-listen/-/datocms-listen-0.1.6.tgz", - "integrity": "sha512-B3lJqobSV4fzkY7CYgYMcK0k2Hvy7/8g+LLnxiQ9Fgm+ETsQbRjHvF2neEX6kDWXNiP6pn0Fq5lkxyeGFjXU7w==" - }, - "node_modules/datocms-structured-text-generic-html-renderer": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/datocms-structured-text-generic-html-renderer/-/datocms-structured-text-generic-html-renderer-1.2.0.tgz", - "integrity": "sha512-77w/bfO0GE43ck4ClhkeNs7vG3zmsgo1uyBLEomeALtfj0rlbCWS5jI33svMl3ek1BbBukTVdqLaliyrxCwpWg==", + "node_modules/data-urls": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/data-urls/-/data-urls-2.0.0.tgz", + "integrity": "sha512-X5eWTSXO/BJmpdIKCRuKUgSCgAN0OwliVK3yPKbwIWU1Tdw5BRajxlzMidvh+gwko9AfQ9zIj52pzF91Q3YAvQ==", + "dev": true, + "peer": true, "dependencies": { - "datocms-structured-text-utils": "^1.2.0" + "abab": "^2.0.3", + "whatwg-mimetype": "^2.3.0", + "whatwg-url": "^8.0.0" + }, + "engines": { + "node": ">=10" } }, - "node_modules/datocms-structured-text-utils": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/datocms-structured-text-utils/-/datocms-structured-text-utils-1.2.0.tgz", - "integrity": "sha512-8qfpSWU/nVrMr8C0aT5n16WN0/KQbtYD2GJXd9WDf01bfr+WzJCi5szZF1dBLhD2zhs41A4gtO3aM4J1CQe4wA==", + "node_modules/data-urls/node_modules/tr46": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/tr46/-/tr46-2.1.0.tgz", + "integrity": "sha512-15Ih7phfcdP5YxqiB+iDtLoaTz4Nd35+IiAv0kQ5FNKHzXgdWqPoTIqEDDJmXceQt4JZk6lVPT8lnDlPpGDppw==", + "dev": true, + "peer": true, "dependencies": { - "array-flatten": "^3.0.0" + "punycode": "^2.1.1" + }, + "engines": { + "node": ">=8" } }, - "node_modules/datocms-structured-text-utils/node_modules/array-flatten": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-3.0.0.tgz", - "integrity": "sha512-zPMVc3ZYlGLNk4mpK1NzP2wg0ml9t7fUgDsayR5Y5rSzxQilzR9FGu/EH2jQOcKSAeAfWeylyW8juy3OkWRvNA==" + "node_modules/data-urls/node_modules/webidl-conversions": { + "version": "6.1.0", + "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-6.1.0.tgz", + "integrity": "sha512-qBIvFLGiBpLjfwmYAaHPXsn+ho5xZnGvyGvsarywGNc8VyQJUMHJ8OBKGGrPER0okBeMDaan4mNBlgBROxuI8w==", + "dev": true, + "peer": true, + "engines": { + "node": ">=10.4" + } + }, + "node_modules/data-urls/node_modules/whatwg-url": { + "version": "8.7.0", + "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-8.7.0.tgz", + "integrity": "sha512-gAojqb/m9Q8a5IV96E3fHJM70AzCkgt4uXYX2O7EmuyOnLrViCQlsEBmF9UQIu3/aeAIp2U17rtbpZWNntQqdg==", + "dev": true, + "peer": true, + "dependencies": { + "lodash": "^4.7.0", + "tr46": "^2.1.0", + "webidl-conversions": "^6.1.0" + }, + "engines": { + "node": ">=10" + } }, "node_modules/debug": { "version": "4.3.1", "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.1.tgz", "integrity": "sha512-doEwdvm4PCeK4K3RQN2ZC2BYUBaxwLARCqZmMjtF8a51J2Rb0xpVloFRnCODwqjpwnAoao4pelN8l3RJdv3gRQ==", + "dev": true, "dependencies": { "ms": "2.1.2" }, @@ -5799,198 +3541,34 @@ "node": ">=0.10.0" } }, + "node_modules/decimal.js": { + "version": "10.3.1", + "resolved": "https://registry.npmjs.org/decimal.js/-/decimal.js-10.3.1.tgz", + "integrity": "sha512-V0pfhfr8suzyPGOx3nmq4aHqabehUZn6Ch9kyFpV79TGDTWFmHqUqXdabR7QHqxzrYolF4+tVmJhUG4OURg5dQ==", + "dev": true, + "peer": true + }, "node_modules/decode-uri-component": { "version": "0.2.0", "resolved": "https://registry.npmjs.org/decode-uri-component/-/decode-uri-component-0.2.0.tgz", "integrity": "sha1-6zkTMzRYd1y4TNGh+uBiEGu4dUU=", + "dev": true, + "peer": true, "engines": { "node": ">=0.10" } }, - "node_modules/decompress": { - "version": "4.2.1", - "resolved": "https://registry.npmjs.org/decompress/-/decompress-4.2.1.tgz", - "integrity": "sha512-e48kc2IjU+2Zw8cTb6VZcJQ3lgVbS4uuB1TfCHbiZIP/haNXm+SVyhu+87jts5/3ROpd82GSVCoNs/z8l4ZOaQ==", - "dev": true, - "dependencies": { - "decompress-tar": "^4.0.0", - "decompress-tarbz2": "^4.0.0", - "decompress-targz": "^4.0.0", - "decompress-unzip": "^4.0.1", - "graceful-fs": "^4.1.10", - "make-dir": "^1.0.0", - "pify": "^2.3.0", - "strip-dirs": "^2.0.0" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/decompress-response": { - "version": "3.3.0", - "resolved": "https://registry.npmjs.org/decompress-response/-/decompress-response-3.3.0.tgz", - "integrity": "sha1-gKTdMjdIOEv6JICDYirt7Jgq3/M=", - "dev": true, - "dependencies": { - "mimic-response": "^1.0.0" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/decompress-tar": { - "version": "4.1.1", - "resolved": "https://registry.npmjs.org/decompress-tar/-/decompress-tar-4.1.1.tgz", - "integrity": "sha512-JdJMaCrGpB5fESVyxwpCx4Jdj2AagLmv3y58Qy4GE6HMVjWz1FeVQk1Ct4Kye7PftcdOo/7U7UKzYBJgqnGeUQ==", - "dev": true, - "dependencies": { - "file-type": "^5.2.0", - "is-stream": "^1.1.0", - "tar-stream": "^1.5.2" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/decompress-tar/node_modules/is-stream": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-1.1.0.tgz", - "integrity": "sha1-EtSj3U5o4Lec6428hBc66A2RykQ=", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/decompress-tarbz2": { - "version": "4.1.1", - "resolved": "https://registry.npmjs.org/decompress-tarbz2/-/decompress-tarbz2-4.1.1.tgz", - "integrity": "sha512-s88xLzf1r81ICXLAVQVzaN6ZmX4A6U4z2nMbOwobxkLoIIfjVMBg7TeguTUXkKeXni795B6y5rnvDw7rxhAq9A==", - "dev": true, - "dependencies": { - "decompress-tar": "^4.1.0", - "file-type": "^6.1.0", - "is-stream": "^1.1.0", - "seek-bzip": "^1.0.5", - "unbzip2-stream": "^1.0.9" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/decompress-tarbz2/node_modules/file-type": { - "version": "6.2.0", - "resolved": "https://registry.npmjs.org/file-type/-/file-type-6.2.0.tgz", - "integrity": "sha512-YPcTBDV+2Tm0VqjybVd32MHdlEGAtuxS3VAYsumFokDSMG+ROT5wawGlnHDoz7bfMcMDt9hxuXvXwoKUx2fkOg==", - "dev": true, - "engines": { - "node": ">=4" - } - }, - "node_modules/decompress-tarbz2/node_modules/is-stream": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-1.1.0.tgz", - "integrity": "sha1-EtSj3U5o4Lec6428hBc66A2RykQ=", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/decompress-targz": { - "version": "4.1.1", - "resolved": "https://registry.npmjs.org/decompress-targz/-/decompress-targz-4.1.1.tgz", - "integrity": "sha512-4z81Znfr6chWnRDNfFNqLwPvm4db3WuZkqV+UgXQzSngG3CEKdBkw5jrv3axjjL96glyiiKjsxJG3X6WBZwX3w==", - "dev": true, - "dependencies": { - "decompress-tar": "^4.1.1", - "file-type": "^5.2.0", - "is-stream": "^1.1.0" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/decompress-targz/node_modules/is-stream": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-1.1.0.tgz", - "integrity": "sha1-EtSj3U5o4Lec6428hBc66A2RykQ=", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/decompress-unzip": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/decompress-unzip/-/decompress-unzip-4.0.1.tgz", - "integrity": "sha1-3qrM39FK6vhVePczroIQ+bSEj2k=", - "dev": true, - "dependencies": { - "file-type": "^3.8.0", - "get-stream": "^2.2.0", - "pify": "^2.3.0", - "yauzl": "^2.4.2" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/decompress-unzip/node_modules/file-type": { - "version": "3.9.0", - "resolved": "https://registry.npmjs.org/file-type/-/file-type-3.9.0.tgz", - "integrity": "sha1-JXoHg4TR24CHvESdEH1SpSZyuek=", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/decompress-unzip/node_modules/get-stream": { - "version": "2.3.1", - "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-2.3.1.tgz", - "integrity": "sha1-Xzj5PzRgCWZu4BUKBUFn+Rvdld4=", - "dev": true, - "dependencies": { - "object-assign": "^4.0.1", - "pinkie-promise": "^2.0.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/decompress-unzip/node_modules/pify": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/pify/-/pify-2.3.0.tgz", - "integrity": "sha1-7RQaasBDqEnqWISY59yosVMw6Qw=", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/decompress/node_modules/pify": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/pify/-/pify-2.3.0.tgz", - "integrity": "sha1-7RQaasBDqEnqWISY59yosVMw6Qw=", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/deep-is": { "version": "0.1.3", "resolved": "https://registry.npmjs.org/deep-is/-/deep-is-0.1.3.tgz", "integrity": "sha1-s2nW+128E+7PUk+RsHD+7cNXzzQ=", "dev": true }, - "node_modules/deepmerge": { - "version": "2.2.1", - "resolved": "https://registry.npmjs.org/deepmerge/-/deepmerge-2.2.1.tgz", - "integrity": "sha512-R9hc1Xa/NOBi9WRVUWg19rl1UB7Tt4kuPd+thNJgFZoxXsTz7ncaPaeIm+40oSGuP33DfMb4sZt1QIGiJzC4EA==", - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/define-properties": { "version": "1.1.3", "resolved": "https://registry.npmjs.org/define-properties/-/define-properties-1.1.3.tgz", "integrity": "sha512-3MqfYKj2lLzdMSf8ZIZE/V+Zuy+BgD6f164e8K2w7dgnpKArBDerGYpM46IYYcjnkdPNMjPk9A6VFB8+3SKlXQ==", + "dev": true, "dependencies": { "object-keys": "^1.0.12" }, @@ -6003,6 +3581,7 @@ "resolved": "https://registry.npmjs.org/define-property/-/define-property-2.0.2.tgz", "integrity": "sha512-jwK2UV4cnPpbcG7+VRARKTZPUWowwXA8bzH5NP6ud0oeAxyYPuGZUAC7hMugpCdz4BeSZl2Dl9k66CHJ/46ZYQ==", "dev": true, + "peer": true, "dependencies": { "is-descriptor": "^1.0.2", "isobject": "^3.0.1" @@ -6015,6 +3594,7 @@ "version": "1.0.0", "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", "integrity": "sha1-3zrhmayt+31ECqrgsp4icrJOxhk=", + "dev": true, "engines": { "node": ">=0.4.0" } @@ -6023,53 +3603,49 @@ "version": "1.1.2", "resolved": "https://registry.npmjs.org/depd/-/depd-1.1.2.tgz", "integrity": "sha1-m81S4UwJd2PnSbJ0xDRu0uVgtak=", + "dev": true, + "peer": true, "engines": { "node": ">= 0.6" } }, - "node_modules/dequal": { - "version": "2.0.2", - "resolved": "https://registry.npmjs.org/dequal/-/dequal-2.0.2.tgz", - "integrity": "sha512-q9K8BlJVxK7hQYqa6XISGmBZbtQQWVXSrRrWreHC94rMt1QL/Impruc+7p2CYSYuVIUr+YCt6hjrs1kkdJRTug==", - "engines": { - "node": ">=6" - } - }, "node_modules/des.js": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/des.js/-/des.js-1.0.1.tgz", "integrity": "sha512-Q0I4pfFrv2VPd34/vfLrFOoRmlYj3OV50i7fskps1jZWK1kApMWWT9G6RRUeYedLcBDIhnSDaUvJMb3AhUlaEA==", + "dev": true, + "peer": true, "dependencies": { "inherits": "^2.0.1", "minimalistic-assert": "^1.0.0" } }, - "node_modules/destroy": { - "version": "1.0.4", - "resolved": "https://registry.npmjs.org/destroy/-/destroy-1.0.4.tgz", - "integrity": "sha1-l4hXRCxEdJ5CBmE+N5RiBYJqvYA=" - }, - "node_modules/detab": { - "version": "2.0.4", - "resolved": "https://registry.npmjs.org/detab/-/detab-2.0.4.tgz", - "integrity": "sha512-8zdsQA5bIkoRECvCrNKPla84lyoR7DSAyf7p0YgXzBO9PDJx8KntPUay7NS6yp+KdxdVtiE5SpHKtbp2ZQyA9g==", - "dependencies": { - "repeat-string": "^1.5.4" - }, - "funding": { - "type": "github", - "url": "https://github.com/sponsors/wooorm" + "node_modules/detect-newline": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/detect-newline/-/detect-newline-3.1.0.tgz", + "integrity": "sha512-TLz+x/vEXm/Y7P7wn1EJFNLxYpUD4TgMosxY6fAVJUnJMbupHBOncxyWUG9OpTaH9EBD7uFI5LfEgmMOc54DsA==", + "dev": true, + "peer": true, + "engines": { + "node": ">=8" } }, - "node_modules/detect-node-es": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/detect-node-es/-/detect-node-es-1.1.0.tgz", - "integrity": "sha512-ypdmJU/TbBby2Dxibuv7ZLW3Bs1QEmM7nHjEANfohJLvE0XVujisn1qPJcZxg+qDucsr+bP6fLD1rPS3AhJ7EQ==" + "node_modules/diff-sequences": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/diff-sequences/-/diff-sequences-26.6.2.tgz", + "integrity": "sha512-Mv/TDa3nZ9sbc5soK+OoA74BsS3mL37yixCvUAQkiuA4Wz6YtwP/K47n2rv2ovzHZvoiQeA5FTQOschKkEwB0Q==", + "dev": true, + "peer": true, + "engines": { + "node": ">= 10.14.2" + } }, "node_modules/diffie-hellman": { "version": "5.0.3", "resolved": "https://registry.npmjs.org/diffie-hellman/-/diffie-hellman-5.0.3.tgz", "integrity": "sha512-kqag/Nl+f3GwyK25fhUMYj81BUOrZ9IuJsjIcDE5icNM9FJHAVm3VcUDxdLPoQtTuUylWm6ZIknYJwwaPxsUzg==", + "dev": true, + "peer": true, "dependencies": { "bn.js": "^4.1.0", "miller-rabin": "^4.0.0", @@ -6079,7 +3655,9 @@ "node_modules/diffie-hellman/node_modules/bn.js": { "version": "4.12.0", "resolved": "https://registry.npmjs.org/bn.js/-/bn.js-4.12.0.tgz", - "integrity": "sha512-c98Bf3tPniI+scsdk237ku1Dc3ujXQTSgyiPUDEOe7tRkhrqridvh8klBv0HCEso1OLOYcHuCv/cS6DNxKH+ZA==" + "integrity": "sha512-c98Bf3tPniI+scsdk237ku1Dc3ujXQTSgyiPUDEOe7tRkhrqridvh8klBv0HCEso1OLOYcHuCv/cS6DNxKH+ZA==", + "dev": true, + "peer": true }, "node_modules/dir-glob": { "version": "3.0.1", @@ -6140,6 +3718,8 @@ "version": "4.19.0", "resolved": "https://registry.npmjs.org/domain-browser/-/domain-browser-4.19.0.tgz", "integrity": "sha512-fRA+BaAWOR/yr/t7T9E9GJztHPeFjj8U35ajyAjCDtAAnTn1Rc1f6W6VGPJrO1tkQv9zWu+JRof7z6oQtiYVFQ==", + "dev": true, + "peer": true, "engines": { "node": ">=10" }, @@ -6153,6 +3733,29 @@ "integrity": "sha512-BSKB+TSpMpFI/HOxCNr1O8aMOTZ8hT3pM3GQ0w/mWRmkhEDSFJkkyzz4XQsBV44BChwGkrDfMyjVD0eA2aFV3w==", "dev": true }, + "node_modules/domexception": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/domexception/-/domexception-2.0.1.tgz", + "integrity": "sha512-yxJ2mFy/sibVQlu5qHjOkf9J3K6zgmCxgJ94u2EdvDOV09H+32LtRswEcUsmUWN72pVLOEnTSRaIVVzVQgS0dg==", + "dev": true, + "peer": true, + "dependencies": { + "webidl-conversions": "^5.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/domexception/node_modules/webidl-conversions": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-5.0.0.tgz", + "integrity": "sha512-VlZwKPCkYKxQgeSbH5EyngOmRp7Ww7I9rQLERETtf5ofd9pGeswWiOtogpEO850jziPRarreGxn5QIiTqpb2wA==", + "dev": true, + "peer": true, + "engines": { + "node": ">=8" + } + }, "node_modules/domhandler": { "version": "2.4.2", "resolved": "https://registry.npmjs.org/domhandler/-/domhandler-2.4.2.tgz", @@ -6172,76 +3775,6 @@ "domelementtype": "1" } }, - "node_modules/dotenv": { - "version": "10.0.0", - "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-10.0.0.tgz", - "integrity": "sha512-rlBi9d8jpv9Sf1klPjNfFAuWDjKLwTIJJ/VxtoTwIR6hnZxcEOQCZg2oIL3MWBYw5GpUDKOEnND7LXTbIpQ03Q==", - "engines": { - "node": ">=10" - } - }, - "node_modules/download": { - "version": "6.2.5", - "resolved": "https://registry.npmjs.org/download/-/download-6.2.5.tgz", - "integrity": "sha512-DpO9K1sXAST8Cpzb7kmEhogJxymyVUd5qz/vCOSyvwtp2Klj2XcDt5YUuasgxka44SxF0q5RriKIwJmQHG2AuA==", - "dev": true, - "dependencies": { - "caw": "^2.0.0", - "content-disposition": "^0.5.2", - "decompress": "^4.0.0", - "ext-name": "^5.0.0", - "file-type": "5.2.0", - "filenamify": "^2.0.0", - "get-stream": "^3.0.0", - "got": "^7.0.0", - "make-dir": "^1.0.0", - "p-event": "^1.0.0", - "pify": "^3.0.0" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/download/node_modules/get-stream": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-3.0.0.tgz", - "integrity": "sha1-jpQ9E1jcN1VQVOy+LtsFqhdO3hQ=", - "dev": true, - "engines": { - "node": ">=4" - } - }, - "node_modules/downshift": { - "version": "3.1.5", - "resolved": "https://registry.npmjs.org/downshift/-/downshift-3.1.5.tgz", - "integrity": "sha512-2PpR4+A0WiF0R+Q6sq79sSG+sAy4KBlH5FwnU8FtD5zkeZH/UQZm/QS7kq/CglSH8vl1qpPoaap4Z2Oe9Swcrg==", - "dependencies": { - "@babel/runtime": "^7.1.2", - "compute-scroll-into-view": "^1.0.9", - "prop-types": "^15.6.0", - "react-is": "^16.5.2" - }, - "peerDependencies": { - "react": ">=0.14.9" - } - }, - "node_modules/duplexer": { - "version": "0.1.2", - "resolved": "https://registry.npmjs.org/duplexer/-/duplexer-0.1.2.tgz", - "integrity": "sha512-jtD6YG370ZCIi/9GTaJKQxWTZD045+4R4hTk/x1UyoqadyJ9x9CgSi1RlVDQF8U2sxLLSnFkCaMihqljHIWgMg==", - "dev": true - }, - "node_modules/duplexer3": { - "version": "0.1.4", - "resolved": "https://registry.npmjs.org/duplexer3/-/duplexer3-0.1.4.tgz", - "integrity": "sha1-7gHdHKwO08vH/b6jfcCo8c4ALOI=", - "dev": true - }, - "node_modules/ee-first": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz", - "integrity": "sha1-WQxhFWsK4vTwJVcyoViyZrxWsh0=" - }, "node_modules/ejs": { "version": "3.1.5", "resolved": "https://registry.npmjs.org/ejs/-/ejs-3.1.5.tgz", @@ -6260,12 +3793,15 @@ "node_modules/electron-to-chromium": { "version": "1.3.785", "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.3.785.tgz", - "integrity": "sha512-WmCgAeURsMFiyoJ646eUaJQ7GNfvMRLXo+GamUyKVNEM4MqTAsXyC0f38JEB4N3BtbD0tlAKozGP5E2T9K3YGg==" + "integrity": "sha512-WmCgAeURsMFiyoJ646eUaJQ7GNfvMRLXo+GamUyKVNEM4MqTAsXyC0f38JEB4N3BtbD0tlAKozGP5E2T9K3YGg==", + "dev": true }, "node_modules/elliptic": { "version": "6.5.4", "resolved": "https://registry.npmjs.org/elliptic/-/elliptic-6.5.4.tgz", "integrity": "sha512-iLhC6ULemrljPZb+QutR5TQGB+pdW6KGD5RSegS+8sorOZT+rdQFbsQFJgvN3eRqNALqJer4oQ16YvJHlU8hzQ==", + "dev": true, + "peer": true, "dependencies": { "bn.js": "^4.11.9", "brorand": "^1.1.0", @@ -6279,7 +3815,22 @@ "node_modules/elliptic/node_modules/bn.js": { "version": "4.12.0", "resolved": "https://registry.npmjs.org/bn.js/-/bn.js-4.12.0.tgz", - "integrity": "sha512-c98Bf3tPniI+scsdk237ku1Dc3ujXQTSgyiPUDEOe7tRkhrqridvh8klBv0HCEso1OLOYcHuCv/cS6DNxKH+ZA==" + "integrity": "sha512-c98Bf3tPniI+scsdk237ku1Dc3ujXQTSgyiPUDEOe7tRkhrqridvh8klBv0HCEso1OLOYcHuCv/cS6DNxKH+ZA==", + "dev": true, + "peer": true + }, + "node_modules/emittery": { + "version": "0.7.2", + "resolved": "https://registry.npmjs.org/emittery/-/emittery-0.7.2.tgz", + "integrity": "sha512-A8OG5SR/ij3SsJdWDJdkkSYUjQdCUx6APQXem0SaEePBSRg4eymGYwBkKo1Y6DU+af/Jn2dBQqDBvjnr9Vi8nQ==", + "dev": true, + "peer": true, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sindresorhus/emittery?sponsor=1" + } }, "node_modules/emoji-regex": { "version": "8.0.0", @@ -6287,27 +3838,12 @@ "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==", "dev": true }, - "node_modules/emojis-list": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/emojis-list/-/emojis-list-3.0.0.tgz", - "integrity": "sha512-/kyM18EfinwXZbno9FyUGeFh87KC8HRQBQGildHZbEuRyWFOmv1U10o9BBp8XVZDVNNuQKyIGIu5ZYAAXJ0V2Q==", - "dev": true, - "engines": { - "node": ">= 4" - } - }, - "node_modules/encodeurl": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz", - "integrity": "sha1-rT/0yG7C0CkyL1oCw6mmBslbP1k=", - "engines": { - "node": ">= 0.8" - } - }, "node_modules/encoding": { "version": "0.1.13", "resolved": "https://registry.npmjs.org/encoding/-/encoding-0.1.13.tgz", "integrity": "sha512-ETBauow1T35Y/WZMkio9jiM0Z5xjHHmJ4XmjZOq1l/dXz3lr2sRn87nJy20RupqSh1F2m3HHPSp8ShIPQJrJ3A==", + "dev": true, + "peer": true, "dependencies": { "iconv-lite": "^0.6.2" } @@ -6316,6 +3852,8 @@ "version": "0.6.3", "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.6.3.tgz", "integrity": "sha512-4fCk79wshMdzMp2rH06qWrJE4iolqLhCUH+OiuIgU++RB0+94NlDL81atO7GX55uUKueo0txHNtvEyI6D7WdMw==", + "dev": true, + "peer": true, "dependencies": { "safer-buffer": ">= 2.1.2 < 3.0.0" }, @@ -6327,23 +3865,12 @@ "version": "1.4.4", "resolved": "https://registry.npmjs.org/end-of-stream/-/end-of-stream-1.4.4.tgz", "integrity": "sha512-+uw1inIHVPQoaVuHzRyXd21icM+cnt4CzD5rW+NC1wjOUSTOs+Te7FOv7AhN7vS9x/oIyhLP5PR1H+phQAHu5Q==", + "dev": true, + "peer": true, "dependencies": { "once": "^1.4.0" } }, - "node_modules/enhanced-resolve": { - "version": "5.8.3", - "resolved": "https://registry.npmjs.org/enhanced-resolve/-/enhanced-resolve-5.8.3.tgz", - "integrity": "sha512-EGAbGvH7j7Xt2nc0E7D99La1OiEs8LnyimkRgwExpUMScN6O+3x9tIWs7PLQZVNx4YD+00skHXPXi1yQHpAmZA==", - "dev": true, - "dependencies": { - "graceful-fs": "^4.2.4", - "tapable": "^2.2.0" - }, - "engines": { - "node": ">=10.13.0" - } - }, "node_modules/enquirer": { "version": "2.3.6", "resolved": "https://registry.npmjs.org/enquirer/-/enquirer-2.3.6.tgz", @@ -6371,18 +3898,11 @@ "is-arrayish": "^0.2.1" } }, - "node_modules/error-stack-parser": { - "version": "2.0.6", - "resolved": "https://registry.npmjs.org/error-stack-parser/-/error-stack-parser-2.0.6.tgz", - "integrity": "sha512-d51brTeqC+BHlwF0BhPtcYgF5nlzf9ZZ0ZIUQNZpc9ZB9qw5IJ2diTrBY9jlCJkTLITYPjmiX6OWCwH+fuyNgQ==", - "dependencies": { - "stackframe": "^1.1.1" - } - }, "node_modules/es-abstract": { "version": "1.18.3", "resolved": "https://registry.npmjs.org/es-abstract/-/es-abstract-1.18.3.tgz", "integrity": "sha512-nQIr12dxV7SSxE6r6f1l3DtAeEYdsGpps13dR0TwJg1S8gyp4ZPgy3FZcHBgbiQqnoqSTb+oC+kO4UQ0C/J8vw==", + "dev": true, "dependencies": { "call-bind": "^1.0.2", "es-to-primitive": "^1.2.1", @@ -6412,6 +3932,7 @@ "version": "1.2.1", "resolved": "https://registry.npmjs.org/es-to-primitive/-/es-to-primitive-1.2.1.tgz", "integrity": "sha512-QCOllgZJtaUo9miYBcLChTUaHNjJF3PYs1VidD7AwiEj1kYxKeQTctLAezAOH5ZKRH0g2IgPn6KwB4IT8iRpvA==", + "dev": true, "dependencies": { "is-callable": "^1.1.4", "is-date-object": "^1.0.1", @@ -6427,38 +3948,127 @@ "node_modules/es6-object-assign": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/es6-object-assign/-/es6-object-assign-1.1.0.tgz", - "integrity": "sha1-wsNYJlYkfDnqEHyx5mUrb58kUjw=" - }, - "node_modules/esbuild": { - "version": "0.11.23", - "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.11.23.tgz", - "integrity": "sha512-iaiZZ9vUF5wJV8ob1tl+5aJTrwDczlvGP0JoMmnpC2B0ppiMCu8n8gmy5ZTGl5bcG081XBVn+U+jP+mPFm5T5Q==", - "hasInstallScript": true, - "bin": { - "esbuild": "bin/esbuild" - } + "integrity": "sha1-wsNYJlYkfDnqEHyx5mUrb58kUjw=", + "dev": true, + "peer": true }, "node_modules/escalade": { "version": "3.1.1", "resolved": "https://registry.npmjs.org/escalade/-/escalade-3.1.1.tgz", "integrity": "sha512-k0er2gUkLf8O0zKJiAhmkTnJlTvINGv7ygDNPbeIsX/TJjGJZHuh9B2UxbsaEkmlEo9MfhrSzmhIlhRlI2GXnw==", + "dev": true, "engines": { "node": ">=6" } }, - "node_modules/escape-html": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz", - "integrity": "sha1-Aljq5NPQwJdN4cFpGI7wBR0dGYg=" - }, "node_modules/escape-string-regexp": { "version": "1.0.5", "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", "integrity": "sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ=", + "dev": true, "engines": { "node": ">=0.8.0" } }, + "node_modules/escodegen": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/escodegen/-/escodegen-2.0.0.tgz", + "integrity": "sha512-mmHKys/C8BFUGI+MAWNcSYoORYLMdPzjrknd2Vc+bUsjN5bXcr8EhrNB+UTqfL1y3I9c4fw2ihgtMPQLBRiQxw==", + "dev": true, + "peer": true, + "dependencies": { + "esprima": "^4.0.1", + "estraverse": "^5.2.0", + "esutils": "^2.0.2", + "optionator": "^0.8.1" + }, + "bin": { + "escodegen": "bin/escodegen.js", + "esgenerate": "bin/esgenerate.js" + }, + "engines": { + "node": ">=6.0" + }, + "optionalDependencies": { + "source-map": "~0.6.1" + } + }, + "node_modules/escodegen/node_modules/estraverse": { + "version": "5.3.0", + "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-5.3.0.tgz", + "integrity": "sha512-MMdARuVEQziNTeJD8DgMqmhwR11BRQ/cBP+pLtYdSTnf3MIO8fFeiINEbX36ZdNlfU/7A9f3gUw49B3oQsvwBA==", + "dev": true, + "peer": true, + "engines": { + "node": ">=4.0" + } + }, + "node_modules/escodegen/node_modules/levn": { + "version": "0.3.0", + "resolved": "https://registry.npmjs.org/levn/-/levn-0.3.0.tgz", + "integrity": "sha1-OwmSTt+fCDwEkP3UwLxEIeBHZO4=", + "dev": true, + "peer": true, + "dependencies": { + "prelude-ls": "~1.1.2", + "type-check": "~0.3.2" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/escodegen/node_modules/optionator": { + "version": "0.8.3", + "resolved": "https://registry.npmjs.org/optionator/-/optionator-0.8.3.tgz", + "integrity": "sha512-+IW9pACdk3XWmmTXG8m3upGUJst5XRGzxMRjXzAuJ1XnIFNvfhjjIuYkDvysnPQ7qzqVzLt78BCruntqRhWQbA==", + "dev": true, + "peer": true, + "dependencies": { + "deep-is": "~0.1.3", + "fast-levenshtein": "~2.0.6", + "levn": "~0.3.0", + "prelude-ls": "~1.1.2", + "type-check": "~0.3.2", + "word-wrap": "~1.2.3" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/escodegen/node_modules/prelude-ls": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/prelude-ls/-/prelude-ls-1.1.2.tgz", + "integrity": "sha1-IZMqVJ9eUv/ZqCf1cOBL5iqX2lQ=", + "dev": true, + "peer": true, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/escodegen/node_modules/source-map": { + "version": "0.6.1", + "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", + "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==", + "dev": true, + "optional": true, + "peer": true, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/escodegen/node_modules/type-check": { + "version": "0.3.2", + "resolved": "https://registry.npmjs.org/type-check/-/type-check-0.3.2.tgz", + "integrity": "sha1-WITKtRLPHTVeP7eE8wgEsrUg23I=", + "dev": true, + "peer": true, + "dependencies": { + "prelude-ls": "~1.1.2" + }, + "engines": { + "node": ">= 0.8.0" + } + }, "node_modules/eslint": { "version": "7.23.0", "resolved": "https://registry.npmjs.org/eslint/-/eslint-7.23.0.tgz", @@ -7237,6 +4847,7 @@ "version": "4.0.1", "resolved": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz", "integrity": "sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A==", + "dev": true, "bin": { "esparse": "bin/esparse.js", "esvalidate": "bin/esvalidate.js" @@ -7309,6 +4920,8 @@ "version": "1.8.1", "resolved": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz", "integrity": "sha1-Qa4u62XvpiJorr/qg6x9eSmbCIc=", + "dev": true, + "peer": true, "engines": { "node": ">= 0.6" } @@ -7317,6 +4930,8 @@ "version": "3.3.0", "resolved": "https://registry.npmjs.org/events/-/events-3.3.0.tgz", "integrity": "sha512-mQw+2fkQbALzQ7V0MY0IqdnXNOeTtP4r0lN9z7AAawCXgqea7bDii20AYrIBrFd/Hx0M2Ocz6S111CaFkUcb0Q==", + "dev": true, + "peer": true, "engines": { "node": ">=0.8.x" } @@ -7325,161 +4940,26 @@ "version": "1.0.3", "resolved": "https://registry.npmjs.org/evp_bytestokey/-/evp_bytestokey-1.0.3.tgz", "integrity": "sha512-/f2Go4TognH/KvCISP7OUsHn85hT9nUkxxA9BEWxFn+Oj9o8ZNLm/40hdlgSLyuOimsrTKLUMEorQexp/aPQeA==", + "dev": true, + "peer": true, "dependencies": { "md5.js": "^1.3.4", "safe-buffer": "^5.1.1" } }, - "node_modules/exec-buffer": { - "version": "3.2.0", - "resolved": "https://registry.npmjs.org/exec-buffer/-/exec-buffer-3.2.0.tgz", - "integrity": "sha512-wsiD+2Tp6BWHoVv3B+5Dcx6E7u5zky+hUwOHjuH2hKSLR3dvRmX8fk8UD8uqQixHs4Wk6eDmiegVrMPjKj7wpA==", + "node_modules/exec-sh": { + "version": "0.3.6", + "resolved": "https://registry.npmjs.org/exec-sh/-/exec-sh-0.3.6.tgz", + "integrity": "sha512-nQn+hI3yp+oD0huYhKwvYI32+JFeq+XkNcD1GAo3Y/MjxsfVGmrrzrnzjWiNY6f+pUCP440fThsFh5gZrRAU/w==", "dev": true, - "dependencies": { - "execa": "^0.7.0", - "p-finally": "^1.0.0", - "pify": "^3.0.0", - "rimraf": "^2.5.4", - "tempfile": "^2.0.0" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/exec-buffer/node_modules/cross-spawn": { - "version": "5.1.0", - "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-5.1.0.tgz", - "integrity": "sha1-6L0O/uWPz/b4+UUQoKVUu/ojVEk=", - "dev": true, - "dependencies": { - "lru-cache": "^4.0.1", - "shebang-command": "^1.2.0", - "which": "^1.2.9" - } - }, - "node_modules/exec-buffer/node_modules/execa": { - "version": "0.7.0", - "resolved": "https://registry.npmjs.org/execa/-/execa-0.7.0.tgz", - "integrity": "sha1-lEvs00zEHuMqY6n68nrVpl/Fl3c=", - "dev": true, - "dependencies": { - "cross-spawn": "^5.0.1", - "get-stream": "^3.0.0", - "is-stream": "^1.1.0", - "npm-run-path": "^2.0.0", - "p-finally": "^1.0.0", - "signal-exit": "^3.0.0", - "strip-eof": "^1.0.0" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/exec-buffer/node_modules/get-stream": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-3.0.0.tgz", - "integrity": "sha1-jpQ9E1jcN1VQVOy+LtsFqhdO3hQ=", - "dev": true, - "engines": { - "node": ">=4" - } - }, - "node_modules/exec-buffer/node_modules/is-stream": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-1.1.0.tgz", - "integrity": "sha1-EtSj3U5o4Lec6428hBc66A2RykQ=", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/exec-buffer/node_modules/lru-cache": { - "version": "4.1.5", - "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-4.1.5.tgz", - "integrity": "sha512-sWZlbEP2OsHNkXrMl5GYk/jKk70MBng6UU4YI/qGDYbgf6YbP4EvmqISbXCoJiRKs+1bSpFHVgQxvJ17F2li5g==", - "dev": true, - "dependencies": { - "pseudomap": "^1.0.2", - "yallist": "^2.1.2" - } - }, - "node_modules/exec-buffer/node_modules/npm-run-path": { - "version": "2.0.2", - "resolved": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-2.0.2.tgz", - "integrity": "sha1-NakjLfo11wZ7TLLd8jV7GHFTbF8=", - "dev": true, - "dependencies": { - "path-key": "^2.0.0" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/exec-buffer/node_modules/path-key": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/path-key/-/path-key-2.0.1.tgz", - "integrity": "sha1-QRyttXTFoUDTpLGRDUDYDMn0C0A=", - "dev": true, - "engines": { - "node": ">=4" - } - }, - "node_modules/exec-buffer/node_modules/rimraf": { - "version": "2.7.1", - "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-2.7.1.tgz", - "integrity": "sha512-uWjbaKIK3T1OSVptzX7Nl6PvQ3qAGtKEtVRjRuazjfL3Bx5eI409VZSqgND+4UNnmzLVdPj9FqFJNPqBZFve4w==", - "dev": true, - "dependencies": { - "glob": "^7.1.3" - }, - "bin": { - "rimraf": "bin.js" - } - }, - "node_modules/exec-buffer/node_modules/shebang-command": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-1.2.0.tgz", - "integrity": "sha1-RKrGW2lbAzmJaMOfNj/uXer98eo=", - "dev": true, - "dependencies": { - "shebang-regex": "^1.0.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/exec-buffer/node_modules/shebang-regex": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-1.0.0.tgz", - "integrity": "sha1-2kL0l0DAtC2yypcoVxyxkMmO/qM=", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/exec-buffer/node_modules/which": { - "version": "1.3.1", - "resolved": "https://registry.npmjs.org/which/-/which-1.3.1.tgz", - "integrity": "sha512-HxJdYWq1MTIQbJ3nw0cqssHoTNU267KlrDuGZ1WYlxDStUtKUhOaJmh112/TZmHxxUfuJqPXSOm7tDyas0OSIQ==", - "dev": true, - "dependencies": { - "isexe": "^2.0.0" - }, - "bin": { - "which": "bin/which" - } - }, - "node_modules/exec-buffer/node_modules/yallist": { - "version": "2.1.2", - "resolved": "https://registry.npmjs.org/yallist/-/yallist-2.1.2.tgz", - "integrity": "sha1-HBH5IY8HYImkfdUS+TxmmaaoHVI=", - "dev": true + "peer": true }, "node_modules/execa": { "version": "4.1.0", "resolved": "https://registry.npmjs.org/execa/-/execa-4.1.0.tgz", "integrity": "sha512-j5W0//W7f8UxAn8hXVnwG8tLwdiUy4FJLcSupCg6maBYZDpyBvTApK7KyuI4bKj8KOh1r2YH+6ucuYtJv1bTZA==", "dev": true, + "peer": true, "dependencies": { "cross-spawn": "^7.0.0", "get-stream": "^5.0.0", @@ -7510,37 +4990,22 @@ "node": ">=8" } }, - "node_modules/executable": { - "version": "4.1.1", - "resolved": "https://registry.npmjs.org/executable/-/executable-4.1.1.tgz", - "integrity": "sha512-8iA79xD3uAch729dUG8xaaBBFGaEa0wdD2VkYLFHwlqosEj/jT66AzcreRDSgV7ehnNLBW2WR5jIXwGKjVdTLg==", + "node_modules/exit": { + "version": "0.1.2", + "resolved": "https://registry.npmjs.org/exit/-/exit-0.1.2.tgz", + "integrity": "sha1-BjJjj42HfMghB9MKD/8aF8uhzQw=", "dev": true, - "dependencies": { - "pify": "^2.2.0" - }, + "peer": true, "engines": { - "node": ">=4" + "node": ">= 0.8.0" } }, - "node_modules/executable/node_modules/pify": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/pify/-/pify-2.3.0.tgz", - "integrity": "sha1-7RQaasBDqEnqWISY59yosVMw6Qw=", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/exenv": { - "version": "1.2.2", - "resolved": "https://registry.npmjs.org/exenv/-/exenv-1.2.2.tgz", - "integrity": "sha1-KueOhdmJQVhnCwPUe+wfA72Ru50=" - }, "node_modules/expand-brackets": { "version": "2.1.4", "resolved": "https://registry.npmjs.org/expand-brackets/-/expand-brackets-2.1.4.tgz", "integrity": "sha1-t3c14xXOMPa27/D4OwQVGiJEliI=", "dev": true, + "peer": true, "dependencies": { "debug": "^2.3.3", "define-property": "^0.2.5", @@ -7559,6 +5024,7 @@ "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", "dev": true, + "peer": true, "dependencies": { "ms": "2.0.0" } @@ -7568,6 +5034,7 @@ "resolved": "https://registry.npmjs.org/define-property/-/define-property-0.2.5.tgz", "integrity": "sha1-w1se+RjsPJkPmlvFe+BKrOxcgRY=", "dev": true, + "peer": true, "dependencies": { "is-descriptor": "^0.1.0" }, @@ -7580,6 +5047,7 @@ "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz", "integrity": "sha1-Ua99YUrZqfYQ6huvu5idaxxWiQ8=", "dev": true, + "peer": true, "dependencies": { "is-extendable": "^0.1.0" }, @@ -7592,6 +5060,7 @@ "resolved": "https://registry.npmjs.org/is-accessor-descriptor/-/is-accessor-descriptor-0.1.6.tgz", "integrity": "sha1-qeEss66Nh2cn7u84Q/igiXtcmNY=", "dev": true, + "peer": true, "dependencies": { "kind-of": "^3.0.2" }, @@ -7604,6 +5073,7 @@ "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", "integrity": "sha1-MeohpzS6ubuw8yRm2JOupR5KPGQ=", "dev": true, + "peer": true, "dependencies": { "is-buffer": "^1.1.5" }, @@ -7615,13 +5085,15 @@ "version": "1.1.6", "resolved": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.6.tgz", "integrity": "sha512-NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w==", - "dev": true + "dev": true, + "peer": true }, "node_modules/expand-brackets/node_modules/is-data-descriptor": { "version": "0.1.4", "resolved": "https://registry.npmjs.org/is-data-descriptor/-/is-data-descriptor-0.1.4.tgz", "integrity": "sha1-C17mSDiOLIYCgueT8YVv7D8wG1Y=", "dev": true, + "peer": true, "dependencies": { "kind-of": "^3.0.2" }, @@ -7634,6 +5106,7 @@ "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", "integrity": "sha1-MeohpzS6ubuw8yRm2JOupR5KPGQ=", "dev": true, + "peer": true, "dependencies": { "is-buffer": "^1.1.5" }, @@ -7646,6 +5119,7 @@ "resolved": "https://registry.npmjs.org/is-descriptor/-/is-descriptor-0.1.6.tgz", "integrity": "sha512-avDYr0SB3DwO9zsMov0gKCESFYqCnE4hq/4z3TdUlukEy5t9C0YRq7HLrsN52NAcqXKaepeCD0n+B0arnVG3Hg==", "dev": true, + "peer": true, "dependencies": { "is-accessor-descriptor": "^0.1.6", "is-data-descriptor": "^0.1.4", @@ -7660,6 +5134,7 @@ "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-5.1.0.tgz", "integrity": "sha512-NGEErnH6F2vUuXDh+OlbcKW7/wOcfdRHaZ7VWtqCztfHri/++YKmP51OdWeGPuqCOba6kk2OTe5d02VmTB80Pw==", "dev": true, + "peer": true, "engines": { "node": ">=0.10.0" } @@ -7668,101 +5143,39 @@ "version": "2.0.0", "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=", - "dev": true - }, - "node_modules/express": { - "version": "4.17.1", - "resolved": "https://registry.npmjs.org/express/-/express-4.17.1.tgz", - "integrity": "sha512-mHJ9O79RqluphRrcw2X/GTh3k9tVv8YcoyY4Kkh4WDMUYKRZUq0h1o0w2rrrxBqM7VoeUVqgb27xlEMXTnYt4g==", - "dependencies": { - "accepts": "~1.3.7", - "array-flatten": "1.1.1", - "body-parser": "1.19.0", - "content-disposition": "0.5.3", - "content-type": "~1.0.4", - "cookie": "0.4.0", - "cookie-signature": "1.0.6", - "debug": "2.6.9", - "depd": "~1.1.2", - "encodeurl": "~1.0.2", - "escape-html": "~1.0.3", - "etag": "~1.8.1", - "finalhandler": "~1.1.2", - "fresh": "0.5.2", - "merge-descriptors": "1.0.1", - "methods": "~1.1.2", - "on-finished": "~2.3.0", - "parseurl": "~1.3.3", - "path-to-regexp": "0.1.7", - "proxy-addr": "~2.0.5", - "qs": "6.7.0", - "range-parser": "~1.2.1", - "safe-buffer": "5.1.2", - "send": "0.17.1", - "serve-static": "1.14.1", - "setprototypeof": "1.1.1", - "statuses": "~1.5.0", - "type-is": "~1.6.18", - "utils-merge": "1.0.1", - "vary": "~1.1.2" - }, - "engines": { - "node": ">= 0.10.0" - } - }, - "node_modules/express/node_modules/debug": { - "version": "2.6.9", - "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", - "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", - "dependencies": { - "ms": "2.0.0" - } - }, - "node_modules/express/node_modules/ms": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", - "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=" - }, - "node_modules/express/node_modules/path-to-regexp": { - "version": "0.1.7", - "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz", - "integrity": "sha1-32BBeABfUi8V60SQ5yR6G/qmf4w=" - }, - "node_modules/ext-list": { - "version": "2.2.2", - "resolved": "https://registry.npmjs.org/ext-list/-/ext-list-2.2.2.tgz", - "integrity": "sha512-u+SQgsubraE6zItfVA0tBuCBhfU9ogSRnsvygI7wht9TS510oLkBRXBsqopeUG/GBOIQyKZO9wjTqIu/sf5zFA==", "dev": true, - "dependencies": { - "mime-db": "^1.28.0" - }, - "engines": { - "node": ">=0.10.0" - } + "peer": true }, - "node_modules/ext-name": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/ext-name/-/ext-name-5.0.0.tgz", - "integrity": "sha512-yblEwXAbGv1VQDmow7s38W77hzAgJAO50ztBLMcUyUBfxv1HC+LGwtiEN+Co6LtlqT/5uwVOxsD4TNIilWhwdQ==", + "node_modules/expect": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/expect/-/expect-26.6.2.tgz", + "integrity": "sha512-9/hlOBkQl2l/PLHJx6JjoDF6xPKcJEsUlWKb23rKE7KzeDqUZKXKNMW27KIue5JMdBV9HgmoJPcc8HtO85t9IA==", "dev": true, + "peer": true, "dependencies": { - "ext-list": "^2.0.0", - "sort-keys-length": "^1.0.0" + "@jest/types": "^26.6.2", + "ansi-styles": "^4.0.0", + "jest-get-type": "^26.3.0", + "jest-matcher-utils": "^26.6.2", + "jest-message-util": "^26.6.2", + "jest-regex-util": "^26.0.0" }, "engines": { - "node": ">=4" + "node": ">= 10.14.2" } }, "node_modules/extend": { "version": "3.0.2", "resolved": "https://registry.npmjs.org/extend/-/extend-3.0.2.tgz", - "integrity": "sha512-fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g==" + "integrity": "sha512-fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g==", + "dev": true }, "node_modules/extend-shallow": { "version": "3.0.2", "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-3.0.2.tgz", "integrity": "sha1-Jqcarwc7OfshJxcnRhMcJwQCjbg=", "dev": true, + "peer": true, "dependencies": { "assign-symbols": "^1.0.0", "is-extendable": "^1.0.1" @@ -7776,6 +5189,7 @@ "resolved": "https://registry.npmjs.org/is-extendable/-/is-extendable-1.0.1.tgz", "integrity": "sha512-arnXMxT1hhoKo9k1LZdmlNyJdDDfy2v0fXjFlmok4+i8ul/6WlbVge9bhM74OpNPQPMGUToDtz+KXa1PneJxOA==", "dev": true, + "peer": true, "dependencies": { "is-plain-object": "^2.0.4" }, @@ -7802,6 +5216,7 @@ "resolved": "https://registry.npmjs.org/extglob/-/extglob-2.0.4.tgz", "integrity": "sha512-Nmb6QXkELsuBr24CJSkilo6UHHgbekK5UiZgfE6UHD3Eb27YC6oD+bhcT+tJ6cl8dmsgdQxnWlcry8ksBIBLpw==", "dev": true, + "peer": true, "dependencies": { "array-unique": "^0.3.2", "define-property": "^1.0.0", @@ -7821,6 +5236,7 @@ "resolved": "https://registry.npmjs.org/define-property/-/define-property-1.0.0.tgz", "integrity": "sha1-dp66rz9KY6rTr56NMEybvnm/sOY=", "dev": true, + "peer": true, "dependencies": { "is-descriptor": "^1.0.0" }, @@ -7833,6 +5249,7 @@ "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz", "integrity": "sha1-Ua99YUrZqfYQ6huvu5idaxxWiQ8=", "dev": true, + "peer": true, "dependencies": { "is-extendable": "^0.1.0" }, @@ -7844,6 +5261,7 @@ "version": "9.0.0", "resolved": "https://registry.npmjs.org/extract-files/-/extract-files-9.0.0.tgz", "integrity": "sha512-CvdFfHkC95B4bBBk36hcEmvdR2awOdhhVUYH6S/zrVj3477zven/fJMYg7121h4T1xHZC+tetUpubpAhxwI7hQ==", + "dev": true, "engines": { "node": "^10.17.0 || ^12.0.0 || >= 13.7.0" }, @@ -7863,11 +5281,6 @@ "integrity": "sha512-xJuoT5+L99XlZ8twedaRf6Ax2TgQVxvgZOYoPKqZufmJib0tL2tegPBOZb1pVNgIhlqDlA0eO0c3wBvQcmzx4w==", "dev": true }, - "node_modules/fast-equals": { - "version": "2.0.4", - "resolved": "https://registry.npmjs.org/fast-equals/-/fast-equals-2.0.4.tgz", - "integrity": "sha512-caj/ZmjHljPrZtbzJ3kfH5ia/k4mTJe/qSiXAGzxZWRZgsgDV0cvNaQULqUX8t0/JVlzzEdYOwCN5DmzTxoD4w==" - }, "node_modules/fast-glob": { "version": "3.2.7", "resolved": "https://registry.npmjs.org/fast-glob/-/fast-glob-3.2.7.tgz", @@ -7896,19 +5309,6 @@ "integrity": "sha1-PYpcZog6FqMMqGQ+hR8Zuqd5eRc=", "dev": true }, - "node_modules/fast-xml-parser": { - "version": "3.19.0", - "resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-3.19.0.tgz", - "integrity": "sha512-4pXwmBplsCPv8FOY1WRakF970TjNGnGnfbOnLqjlYvMiF1SR3yOHyxMR/YCXpPTOspNF5gwudqktIP4VsWkvBg==", - "dev": true, - "bin": { - "xml2js": "cli.js" - }, - "funding": { - "type": "paypal", - "url": "https://paypal.me/naturalintelligence" - } - }, "node_modules/fastest-levenshtein": { "version": "1.0.12", "resolved": "https://registry.npmjs.org/fastest-levenshtein/-/fastest-levenshtein-1.0.12.tgz", @@ -7924,18 +5324,14 @@ "reusify": "^1.0.4" } }, - "node_modules/fathom-client": { - "version": "3.2.0", - "resolved": "https://registry.npmjs.org/fathom-client/-/fathom-client-3.2.0.tgz", - "integrity": "sha512-WF/qA5wXYSuA5K8uiIhGNbErOcTAmfLEWrBxWP2px2dEc9waH9zxjdh9k0F907VCBhdJrv+f7V3HT/Pmro40zA==" - }, - "node_modules/fd-slicer": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/fd-slicer/-/fd-slicer-1.1.0.tgz", - "integrity": "sha1-JcfInLH5B3+IkbvmHY85Dq4lbx4=", + "node_modules/fb-watchman": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/fb-watchman/-/fb-watchman-2.0.1.tgz", + "integrity": "sha512-DkPJKQeY6kKwmuMretBhr7G6Vodr7bFwDYTXIkfG1gjvNpaxBTQV3PbXg6bR1c1UP4jPOX0jHUbbHANL9vRjVg==", "dev": true, + "peer": true, "dependencies": { - "pend": "~1.2.0" + "bser": "2.1.1" } }, "node_modules/figures": { @@ -7965,31 +5361,6 @@ "node": "^10.12.0 || >=12.0.0" } }, - "node_modules/file-loader": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/file-loader/-/file-loader-3.0.1.tgz", - "integrity": "sha512-4sNIOXgtH/9WZq4NvlfU3Opn5ynUsqBwSLyM+I7UOwdGigTBYfVVQEwe/msZNX/j4pCJTIM14Fsw66Svo1oVrw==", - "dev": true, - "dependencies": { - "loader-utils": "^1.0.2", - "schema-utils": "^1.0.0" - }, - "engines": { - "node": ">= 6.9.0" - }, - "peerDependencies": { - "webpack": "^4.0.0" - } - }, - "node_modules/file-type": { - "version": "5.2.0", - "resolved": "https://registry.npmjs.org/file-type/-/file-type-5.2.0.tgz", - "integrity": "sha1-LdvqfHP/42No365J3DOMBYwritY=", - "dev": true, - "engines": { - "node": ">=4" - } - }, "node_modules/filelist": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/filelist/-/filelist-1.0.2.tgz", @@ -7999,42 +5370,11 @@ "minimatch": "^3.0.4" } }, - "node_modules/filename-reserved-regex": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/filename-reserved-regex/-/filename-reserved-regex-2.0.0.tgz", - "integrity": "sha1-q/c9+rc10EVECr/qLZHzieu/oik=", - "dev": true, - "engines": { - "node": ">=4" - } - }, - "node_modules/filenamify": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/filenamify/-/filenamify-2.1.0.tgz", - "integrity": "sha512-ICw7NTT6RsDp2rnYKVd8Fu4cr6ITzGy3+u4vUujPkabyaz+03F24NWEX7fs5fp+kBonlaqPH8fAO2NM+SXt/JA==", - "dev": true, - "dependencies": { - "filename-reserved-regex": "^2.0.0", - "strip-outer": "^1.0.0", - "trim-repeated": "^1.0.0" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/filesize": { - "version": "3.6.1", - "resolved": "https://registry.npmjs.org/filesize/-/filesize-3.6.1.tgz", - "integrity": "sha512-7KjR1vv6qnicaPMi1iiTcI85CyYwRO/PSFCu6SvqL8jN2Wjt/NIYQTFtFs7fSDCYOstUkEWIQGFUg5YZQfjlcg==", - "dev": true, - "engines": { - "node": ">= 0.4.0" - } - }, "node_modules/fill-range": { "version": "7.0.1", "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz", "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==", + "dev": true, "dependencies": { "to-regex-range": "^5.0.1" }, @@ -8042,40 +5382,12 @@ "node": ">=8" } }, - "node_modules/finalhandler": { - "version": "1.1.2", - "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.1.2.tgz", - "integrity": "sha512-aAWcW57uxVNrQZqFXjITpW3sIUQmHGG3qSb9mUah9MgMC4NeWhNOlNjXEYq3HjRAvL6arUviZGGJsBg6z0zsWA==", - "dependencies": { - "debug": "2.6.9", - "encodeurl": "~1.0.2", - "escape-html": "~1.0.3", - "on-finished": "~2.3.0", - "parseurl": "~1.3.3", - "statuses": "~1.5.0", - "unpipe": "~1.0.0" - }, - "engines": { - "node": ">= 0.8" - } - }, - "node_modules/finalhandler/node_modules/debug": { - "version": "2.6.9", - "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", - "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", - "dependencies": { - "ms": "2.0.0" - } - }, - "node_modules/finalhandler/node_modules/ms": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", - "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=" - }, "node_modules/find-cache-dir": { "version": "3.3.1", "resolved": "https://registry.npmjs.org/find-cache-dir/-/find-cache-dir-3.3.1.tgz", "integrity": "sha512-t2GDMt3oGC/v+BMwzmllWDuJF/xcDtE5j/fCGbqDD7OLuJkj0cfh1YSA5VKPvwMeLFLNDBkwOKZ2X85jGLVftQ==", + "dev": true, + "peer": true, "dependencies": { "commondir": "^1.0.1", "make-dir": "^3.0.2", @@ -8092,6 +5404,8 @@ "version": "4.1.0", "resolved": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", "integrity": "sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw==", + "dev": true, + "peer": true, "dependencies": { "locate-path": "^5.0.0", "path-exists": "^4.0.0" @@ -8104,6 +5418,8 @@ "version": "5.0.0", "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", "integrity": "sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g==", + "dev": true, + "peer": true, "dependencies": { "p-locate": "^4.1.0" }, @@ -8115,6 +5431,8 @@ "version": "3.1.0", "resolved": "https://registry.npmjs.org/make-dir/-/make-dir-3.1.0.tgz", "integrity": "sha512-g3FeP20LNwhALb/6Cz6Dd4F2ngze0jz7tbzrD2wAV+o9FeNHe4rL+yK2md0J/fiSf1sa1ADhXqi5+oVwOM/eGw==", + "dev": true, + "peer": true, "dependencies": { "semver": "^6.0.0" }, @@ -8129,6 +5447,8 @@ "version": "2.3.0", "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", "integrity": "sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==", + "dev": true, + "peer": true, "dependencies": { "p-try": "^2.0.0" }, @@ -8143,6 +5463,8 @@ "version": "4.1.0", "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", "integrity": "sha512-R79ZZ/0wAxKGu3oYMlz8jy/kbhsNrS7SKZ7PxEHBgJ5+F2mtFW2fK2cOtBh1cHYkQsbzFV7I+EoRKe6Yt0oK7A==", + "dev": true, + "peer": true, "dependencies": { "p-limit": "^2.2.0" }, @@ -8154,6 +5476,8 @@ "version": "2.2.0", "resolved": "https://registry.npmjs.org/p-try/-/p-try-2.2.0.tgz", "integrity": "sha512-R4nPAVTAU0B9D35/Gk3uJf/7XYbQcyohSKdvAxIRSNghFl4e71hVoGnBNQz9cWaXxO2I10KTC+3jMdvvoKw6dQ==", + "dev": true, + "peer": true, "engines": { "node": ">=6" } @@ -8162,6 +5486,8 @@ "version": "4.2.0", "resolved": "https://registry.npmjs.org/pkg-dir/-/pkg-dir-4.2.0.tgz", "integrity": "sha512-HRDzbaKjC+AOWVXxAU/x54COGeIv9eb+6CkDSQoNTt4XyWoIJvuPsXizxu/Fr23EiekbtZwmh1IcIG/l/a10GQ==", + "dev": true, + "peer": true, "dependencies": { "find-up": "^4.0.0" }, @@ -8173,6 +5499,8 @@ "version": "6.3.0", "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz", "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==", + "dev": true, + "peer": true, "bin": { "semver": "bin/semver.js" } @@ -8181,6 +5509,7 @@ "version": "5.0.0", "resolved": "https://registry.npmjs.org/find-up/-/find-up-5.0.0.tgz", "integrity": "sha512-78/PXT1wlLLDgTzDs7sjq9hzz0vXD+zn+7wypEe4fXQxCmdmqfGsEPQxmiCSQI3ajFV91bVSsvNtrJRiW6nGng==", + "dev": true, "dependencies": { "locate-path": "^6.0.0", "path-exists": "^4.0.0" @@ -8226,27 +5555,12 @@ "integrity": "sha512-OMQjaErSFHmHqZe+PSidH5n8j3O0F2DdnVh8JB4j4eUQ2k6KvB0qGfrKIhapvez5JerBbmWkaLYUYWISaESoXg==", "dev": true }, - "node_modules/focus-lock": { - "version": "0.9.2", - "resolved": "https://registry.npmjs.org/focus-lock/-/focus-lock-0.9.2.tgz", - "integrity": "sha512-YtHxjX7a0IC0ZACL5wsX8QdncXofWpGPNoVMuI/nZUrPGp6LmNI6+D5j0pPj+v8Kw5EpweA+T5yImK0rnWf7oQ==", - "dependencies": { - "tslib": "^2.0.3" - }, - "engines": { - "node": ">=10" - } - }, - "node_modules/focus-lock/node_modules/tslib": { - "version": "2.3.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.3.1.tgz", - "integrity": "sha512-77EbyPPpMz+FRFRuAFlWMtmgUWGe9UOG2Z25NqCwiIjRhOf5iKGuzSe5P2w1laq+FkRy4p+PCuVkJSGkzTEKVw==" - }, "node_modules/for-in": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/for-in/-/for-in-1.0.2.tgz", "integrity": "sha1-gQaNKVqBQuwKxybG4iAMMPttXoA=", "dev": true, + "peer": true, "engines": { "node": ">=0.10.0" } @@ -8254,12 +5568,15 @@ "node_modules/foreach": { "version": "2.0.5", "resolved": "https://registry.npmjs.org/foreach/-/foreach-2.0.5.tgz", - "integrity": "sha1-C+4AUBiusmDQo6865ljdATbsG5k=" + "integrity": "sha1-C+4AUBiusmDQo6865ljdATbsG5k=", + "dev": true, + "peer": true }, "node_modules/form-data": { "version": "3.0.1", "resolved": "https://registry.npmjs.org/form-data/-/form-data-3.0.1.tgz", "integrity": "sha512-RHkBKtLWUVwd7SqRIvCZMEvAMoGUp0XU+seQiZejj0COz3RI3hWP4sCv3gZWWLjJTd7rGwcsF5eKZGii0r/hbg==", + "dev": true, "dependencies": { "asynckit": "^0.4.0", "combined-stream": "^1.0.8", @@ -8269,42 +5586,12 @@ "node": ">= 6" } }, - "node_modules/formik": { - "version": "2.2.9", - "resolved": "https://registry.npmjs.org/formik/-/formik-2.2.9.tgz", - "integrity": "sha512-LQLcISMmf1r5at4/gyJigGn0gOwFbeEAlji+N9InZF6LIMXnFNkO42sCI8Jt84YZggpD4cPWObAZaxpEFtSzNA==", - "funding": [ - { - "type": "individual", - "url": "https://opencollective.com/formik" - } - ], - "dependencies": { - "deepmerge": "^2.1.1", - "hoist-non-react-statics": "^3.3.0", - "lodash": "^4.17.21", - "lodash-es": "^4.17.21", - "react-fast-compare": "^2.0.1", - "tiny-warning": "^1.0.2", - "tslib": "^1.10.0" - }, - "peerDependencies": { - "react": ">=16.8.0" - } - }, - "node_modules/forwarded": { - "version": "0.2.0", - "resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz", - "integrity": "sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow==", - "engines": { - "node": ">= 0.6" - } - }, "node_modules/fragment-cache": { "version": "0.2.1", "resolved": "https://registry.npmjs.org/fragment-cache/-/fragment-cache-0.2.1.tgz", "integrity": "sha1-QpD60n8T6Jvn8zeZxrxaCr//DRk=", "dev": true, + "peer": true, "dependencies": { "map-cache": "^0.2.2" }, @@ -8312,99 +5599,6 @@ "node": ">=0.10.0" } }, - "node_modules/framer-motion": { - "version": "5.3.3", - "resolved": "https://registry.npmjs.org/framer-motion/-/framer-motion-5.3.3.tgz", - "integrity": "sha512-s4mz0E4/TPTKXqKnpb578S0Jp/0JhAyvDpULFe95kHnWs1lOCKf2+EEl6yAX+1wfPLUYokZzudiK9jam0ZAVdQ==", - "dependencies": { - "framesync": "6.0.1", - "hey-listen": "^1.0.8", - "popmotion": "11.0.0", - "style-value-types": "5.0.0", - "tslib": "^2.1.0" - }, - "optionalDependencies": { - "@emotion/is-prop-valid": "^0.8.2" - }, - "peerDependencies": { - "react": ">=16.8 || ^17.0.0", - "react-dom": ">=16.8 || ^17.0.0" - } - }, - "node_modules/framer-motion/node_modules/tslib": { - "version": "2.3.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.3.1.tgz", - "integrity": "sha512-77EbyPPpMz+FRFRuAFlWMtmgUWGe9UOG2Z25NqCwiIjRhOf5iKGuzSe5P2w1laq+FkRy4p+PCuVkJSGkzTEKVw==" - }, - "node_modules/framesync": { - "version": "6.0.1", - "resolved": "https://registry.npmjs.org/framesync/-/framesync-6.0.1.tgz", - "integrity": "sha512-fUY88kXvGiIItgNC7wcTOl0SNRCVXMKSWW2Yzfmn7EKNc+MpCzcz9DhdHcdjbrtN3c6R4H5dTY2jiCpPdysEjA==", - "dependencies": { - "tslib": "^2.1.0" - } - }, - "node_modules/framesync/node_modules/tslib": { - "version": "2.3.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.3.1.tgz", - "integrity": "sha512-77EbyPPpMz+FRFRuAFlWMtmgUWGe9UOG2Z25NqCwiIjRhOf5iKGuzSe5P2w1laq+FkRy4p+PCuVkJSGkzTEKVw==" - }, - "node_modules/fresh": { - "version": "0.5.2", - "resolved": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz", - "integrity": "sha1-PYyt2Q2XZWn6g1qx+OSyOhBWBac=", - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/from2": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/from2/-/from2-2.3.0.tgz", - "integrity": "sha1-i/tVAr3kpNNs/e6gB/zKIdfjgq8=", - "dev": true, - "dependencies": { - "inherits": "^2.0.1", - "readable-stream": "^2.0.0" - } - }, - "node_modules/from2/node_modules/readable-stream": { - "version": "2.3.7", - "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.7.tgz", - "integrity": "sha512-Ebho8K4jIbHAxnuxi7o42OrZgF/ZTNcsZj6nRKyUmkhLFq8CHItp/fy6hQZuZmP/n3yZ9VBUbp4zz/mX8hmYPw==", - "dev": true, - "dependencies": { - "core-util-is": "~1.0.0", - "inherits": "~2.0.3", - "isarray": "~1.0.0", - "process-nextick-args": "~2.0.0", - "safe-buffer": "~5.1.1", - "string_decoder": "~1.1.1", - "util-deprecate": "~1.0.1" - } - }, - "node_modules/from2/node_modules/string_decoder": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", - "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==", - "dev": true, - "dependencies": { - "safe-buffer": "~5.1.0" - } - }, - "node_modules/fs-constants": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/fs-constants/-/fs-constants-1.0.0.tgz", - "integrity": "sha512-y6OAwoSIf7FyjMIv94u+b5rdheZEjzR63GTyZJm5qh4Bi+2YgwLCcI/fPFZkL5PSixOt6ZNKm+w+Hfp/Bciwow==", - "dev": true - }, - "node_modules/fs-exists-sync": { - "version": "0.1.0", - "resolved": "https://registry.npmjs.org/fs-exists-sync/-/fs-exists-sync-0.1.0.tgz", - "integrity": "sha1-mC1ok6+RjnLQjeyehnP/K1qNat0=", - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/fs-extra": { "version": "9.0.1", "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-9.0.1.tgz", @@ -8423,17 +5617,18 @@ "node_modules/fs.realpath": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz", - "integrity": "sha1-FQStJSMVjKpA20onh8sBQRmU6k8=" + "integrity": "sha1-FQStJSMVjKpA20onh8sBQRmU6k8=", + "dev": true }, "node_modules/fsevents": { "version": "2.3.2", "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz", "integrity": "sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==", + "dev": true, "hasInstallScript": true, "optional": true, - "os": [ - "darwin" - ], + "os": ["darwin"], + "peer": true, "engines": { "node": "^8.16.0 || ^10.6.0 || >=11.0.0" } @@ -8441,7 +5636,8 @@ "node_modules/function-bind": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.1.tgz", - "integrity": "sha512-yIovAzMX49sF8Yl58fSCWJ5svSLuaibPxXQJFLmBObTuCr0Mf1KiPopGM9NiFjiYBCbfaa2Fh6breQ6ANVTI0A==" + "integrity": "sha512-yIovAzMX49sF8Yl58fSCWJ5svSLuaibPxXQJFLmBObTuCr0Mf1KiPopGM9NiFjiYBCbfaa2Fh6breQ6ANVTI0A==", + "dev": true }, "node_modules/functional-red-black-tree": { "version": "1.0.1", @@ -8449,23 +5645,30 @@ "integrity": "sha1-GwqzvVU7Kg1jmdKcDj6gslIHgyc=", "dev": true }, - "node_modules/fuzzysearch": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/fuzzysearch/-/fuzzysearch-1.0.3.tgz", - "integrity": "sha1-3/yA9tawQiPyImqnndGUIxCW0Ag=" - }, "node_modules/gensync": { "version": "1.0.0-beta.2", "resolved": "https://registry.npmjs.org/gensync/-/gensync-1.0.0-beta.2.tgz", "integrity": "sha512-3hN7NaskYvMDLQY55gnW3NQ+mesEAepTqlg+VEbj7zzqEMBVNhzcGYYeqFo/TlYz6eQiFcp1HcsCZO+nGgS8zg==", + "dev": true, "engines": { "node": ">=6.9.0" } }, + "node_modules/get-caller-file": { + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz", + "integrity": "sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==", + "dev": true, + "peer": true, + "engines": { + "node": "6.* || 8.* || >= 10.*" + } + }, "node_modules/get-intrinsic": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.1.1.tgz", "integrity": "sha512-kWZrnVM42QCiEA2Ig1bG8zjoIMOgxWwYCEeNdwY6Tv/cOSeGpcoX4pXHfKUxNKVoArnrEr2e9srnAxxGIraS9Q==", + "dev": true, "dependencies": { "function-bind": "^1.1.1", "has": "^1.0.3", @@ -8475,18 +5678,12 @@ "url": "https://github.com/sponsors/ljharb" } }, - "node_modules/get-nonce": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/get-nonce/-/get-nonce-1.0.1.tgz", - "integrity": "sha512-FJhYRoDaiatfEkUK8HKlicmu/3SGFD51q3itKDGoSTysQJBnfOcxU5GxnhE1E6soB76MbT0MBtnKJuXyAx+96Q==", - "engines": { - "node": ">=6" - } - }, "node_modules/get-orientation": { "version": "1.1.2", "resolved": "https://registry.npmjs.org/get-orientation/-/get-orientation-1.1.2.tgz", "integrity": "sha512-/pViTfifW+gBbh/RnlFYHINvELT9Znt+SYyDKAUL6uV6By019AK/s+i9XP4jSwq7lwP38Fd8HVeTxym3+hkwmQ==", + "dev": true, + "peer": true, "dependencies": { "stream-parser": "^0.3.1" } @@ -8497,16 +5694,14 @@ "integrity": "sha512-I0UBV/XOz1XkIJHEUDMZAbzCThU/H8DxmSfmdGcKPnVhu2VfFqr34jr9777IyaTYvxjedWhqVIilEDsCdP5G6g==", "dev": true }, - "node_modules/get-proxy": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/get-proxy/-/get-proxy-2.1.0.tgz", - "integrity": "sha512-zmZIaQTWnNQb4R4fJUEp/FC51eZsc6EkErspy3xtIYStaq8EB/hDIWipxsal+E8rz0qD7f2sL/NA9Xee4RInJw==", + "node_modules/get-package-type": { + "version": "0.1.0", + "resolved": "https://registry.npmjs.org/get-package-type/-/get-package-type-0.1.0.tgz", + "integrity": "sha512-pjzuKtY64GYfWizNAJ0fr9VqttZkNiK2iS430LtIHzjBEr6bX8Am2zm4sW4Ro5wjWW5cAlRL1qAMTcXbjNAO2Q==", "dev": true, - "dependencies": { - "npm-conf": "^1.1.0" - }, + "peer": true, "engines": { - "node": ">=4" + "node": ">=8.0.0" } }, "node_modules/get-stdin": { @@ -8526,6 +5721,7 @@ "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-5.2.0.tgz", "integrity": "sha512-nBF+F1rAZVCu/p7rjzgA+Yb4lfYXrpl7a6VmJrU8wF9I1CKvP/QwPNZHnOlwbTkY6dvtFIzFMSyQXbLoTQPRpA==", "dev": true, + "peer": true, "dependencies": { "pump": "^3.0.0" }, @@ -8541,27 +5737,16 @@ "resolved": "https://registry.npmjs.org/get-value/-/get-value-2.0.6.tgz", "integrity": "sha1-3BXKHGcjh8p2vTesCjlbogQqLCg=", "dev": true, + "peer": true, "engines": { "node": ">=0.10.0" } }, - "node_modules/github-slugger": { - "version": "1.3.0", - "resolved": "https://registry.npmjs.org/github-slugger/-/github-slugger-1.3.0.tgz", - "integrity": "sha512-gwJScWVNhFYSRDvURk/8yhcFBee6aFjye2a7Lhb2bUyRulpIoek9p0I9Kt7PT67d/nUlZbFu8L9RLiA0woQN8Q==", - "dependencies": { - "emoji-regex": ">=6.0.0 <=6.1.1" - } - }, - "node_modules/github-slugger/node_modules/emoji-regex": { - "version": "6.1.1", - "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-6.1.1.tgz", - "integrity": "sha1-xs0OwbBkLio8Z6ETfvxeeW2k+I4=" - }, "node_modules/glob": { "version": "7.1.7", "resolved": "https://registry.npmjs.org/glob/-/glob-7.1.7.tgz", "integrity": "sha512-OvD9ENzPLbegENnYP5UUfJIirTg4+XwMWGaQfQTY0JenxNvvIKP3U3/tAQSPIu/lHxXYSZmpXlUHeqAIdKzBLQ==", + "dev": true, "dependencies": { "fs.realpath": "^1.0.0", "inflight": "^1.0.4", @@ -8581,6 +5766,7 @@ "version": "5.1.2", "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==", + "dev": true, "dependencies": { "is-glob": "^4.0.1" }, @@ -8591,7 +5777,9 @@ "node_modules/glob-to-regexp": { "version": "0.4.1", "resolved": "https://registry.npmjs.org/glob-to-regexp/-/glob-to-regexp-0.4.1.tgz", - "integrity": "sha512-lkX1HJXwyMcprw/5YUZc2s7DrpAiHB21/V+E1rHUrVNokkvB6bqMzT0VfV6/86ZNabt1k14YOIaT7nDvOX3Iiw==" + "integrity": "sha512-lkX1HJXwyMcprw/5YUZc2s7DrpAiHB21/V+E1rHUrVNokkvB6bqMzT0VfV6/86ZNabt1k14YOIaT7nDvOX3Iiw==", + "dev": true, + "peer": true }, "node_modules/global-modules": { "version": "2.0.0", @@ -8635,6 +5823,7 @@ "version": "11.12.0", "resolved": "https://registry.npmjs.org/globals/-/globals-11.12.0.tgz", "integrity": "sha512-WOBp/EEGUiIsJSp7wcv/y6MO+lV9UoncWqxuFfm8eBwzWNgyfBd6Gz+IeKQ9jCmyhoH99g15M3T+QaVHFjizVA==", + "dev": true, "engines": { "node": ">=4" } @@ -8680,58 +5869,17 @@ "node": ">=0.6.0" } }, - "node_modules/got": { - "version": "7.1.0", - "resolved": "https://registry.npmjs.org/got/-/got-7.1.0.tgz", - "integrity": "sha512-Y5WMo7xKKq1muPsxD+KmrR8DH5auG7fBdDVueZwETwV6VytKyU9OX/ddpq2/1hp1vIPvVb4T81dKQz3BivkNLw==", - "dev": true, - "dependencies": { - "decompress-response": "^3.2.0", - "duplexer3": "^0.1.4", - "get-stream": "^3.0.0", - "is-plain-obj": "^1.1.0", - "is-retry-allowed": "^1.0.0", - "is-stream": "^1.0.0", - "isurl": "^1.0.0-alpha5", - "lowercase-keys": "^1.0.0", - "p-cancelable": "^0.3.0", - "p-timeout": "^1.1.1", - "safe-buffer": "^5.0.1", - "timed-out": "^4.0.0", - "url-parse-lax": "^1.0.0", - "url-to-options": "^1.0.1" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/got/node_modules/get-stream": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-3.0.0.tgz", - "integrity": "sha1-jpQ9E1jcN1VQVOy+LtsFqhdO3hQ=", - "dev": true, - "engines": { - "node": ">=4" - } - }, - "node_modules/got/node_modules/is-stream": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-1.1.0.tgz", - "integrity": "sha1-EtSj3U5o4Lec6428hBc66A2RykQ=", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/graceful-fs": { "version": "4.2.6", "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.6.tgz", - "integrity": "sha512-nTnJ528pbqxYanhpDYsi4Rd8MAeaBA67+RZ10CM1m3bTAVFEDcd5AuA4a6W5YkGZ1iNXHzZz8T6TBKLeBuNriQ==" + "integrity": "sha512-nTnJ528pbqxYanhpDYsi4Rd8MAeaBA67+RZ10CM1m3bTAVFEDcd5AuA4a6W5YkGZ1iNXHzZz8T6TBKLeBuNriQ==", + "dev": true }, "node_modules/graphql": { "version": "15.6.0", "resolved": "https://registry.npmjs.org/graphql/-/graphql-15.6.0.tgz", "integrity": "sha512-WJR872Zlc9hckiEPhXgyUftXH48jp2EjO5tgBBOyNMRJZ9fviL2mJBD6CAysk6N5S0r9BTs09Qk39nnJBkvOXQ==", + "dev": true, "engines": { "node": ">= 10.x" } @@ -8740,6 +5888,7 @@ "version": "3.5.0", "resolved": "https://registry.npmjs.org/graphql-request/-/graphql-request-3.5.0.tgz", "integrity": "sha512-Io89QpfU4rqiMbqM/KwMBzKaDLOppi8FU8sEccCE4JqCgz95W9Q8bvxQ4NfPALLSMvg9nafgg8AkYRmgKSlukA==", + "dev": true, "dependencies": { "cross-fetch": "^3.0.6", "extract-files": "^9.0.0", @@ -8749,41 +5898,13 @@ "graphql": "14.x || 15.x" } }, - "node_modules/gray-matter": { - "version": "4.0.2", - "resolved": "https://registry.npmjs.org/gray-matter/-/gray-matter-4.0.2.tgz", - "integrity": "sha512-7hB/+LxrOjq/dd8APlK0r24uL/67w7SkYnfwhNFwg/VDIGWGmduTDYf3WNstLW2fbbmRwrDGCVSJ2isuf2+4Hw==", - "dependencies": { - "js-yaml": "^3.11.0", - "kind-of": "^6.0.2", - "section-matter": "^1.0.0", - "strip-bom-string": "^1.0.0" - }, - "engines": { - "node": ">=6.0" - } - }, - "node_modules/gzip-size": { - "version": "5.1.1", - "resolved": "https://registry.npmjs.org/gzip-size/-/gzip-size-5.1.1.tgz", - "integrity": "sha512-FNHi6mmoHvs1mxZAds4PpdCS6QG8B4C1krxJsMutgxl5t3+GlRTzzI3NEkifXx2pVsOvJdOGSmIgDhQ55FwdPA==", + "node_modules/growly": { + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/growly/-/growly-1.3.0.tgz", + "integrity": "sha1-8QdIy+dq+WS3yWyTxrzCivEgwIE=", "dev": true, - "dependencies": { - "duplexer": "^0.1.1", - "pify": "^4.0.1" - }, - "engines": { - "node": ">=6" - } - }, - "node_modules/gzip-size/node_modules/pify": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/pify/-/pify-4.0.1.tgz", - "integrity": "sha512-uB80kBFb/tfd68bVleG9T5GGsGPjJrLAUpR5PZIrhBnIaRTQRjqdJSsIKkOP6OAIFbj7GOrcudc5pNjZ+geV2g==", - "dev": true, - "engines": { - "node": ">=6" - } + "optional": true, + "peer": true }, "node_modules/hard-rejection": { "version": "2.1.0", @@ -8798,6 +5919,7 @@ "version": "1.0.3", "resolved": "https://registry.npmjs.org/has/-/has-1.0.3.tgz", "integrity": "sha512-f2dvO0VU6Oej7RkWJGrehjbzMAjFp5/VKPp5tTpWIV4JHHZK1/BxbFRtf/siA2SWTe09caDmVtYYzWEIbBS4zw==", + "dev": true, "dependencies": { "function-bind": "^1.1.1" }, @@ -8805,31 +5927,11 @@ "node": ">= 0.4.0" } }, - "node_modules/has-ansi": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/has-ansi/-/has-ansi-2.0.0.tgz", - "integrity": "sha1-NPUEnOHs3ysGSa8+8k5F7TVBbZE=", - "dev": true, - "dependencies": { - "ansi-regex": "^2.0.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/has-ansi/node_modules/ansi-regex": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz", - "integrity": "sha1-w7M6te42DYbg5ijwRorn7yfWVN8=", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/has-bigints": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/has-bigints/-/has-bigints-1.0.1.tgz", "integrity": "sha512-LSBS2LjbNBTf6287JEbEzvJgftkF5qFkmCo9hDRpAzKhUOlJ+hx8dd4USs00SgsUNwc4617J9ki5YtEClM2ffA==", + "dev": true, "funding": { "url": "https://github.com/sponsors/ljharb" } @@ -8838,23 +5940,16 @@ "version": "4.0.0", "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz", "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==", - "engines": { - "node": ">=8" - } - }, - "node_modules/has-symbol-support-x": { - "version": "1.4.2", - "resolved": "https://registry.npmjs.org/has-symbol-support-x/-/has-symbol-support-x-1.4.2.tgz", - "integrity": "sha512-3ToOva++HaW+eCpgqZrCfN51IPB+7bJNVT6CUATzueB5Heb8o6Nam0V3HG5dlDvZU1Gn5QLcbahiKw/XVk5JJw==", "dev": true, "engines": { - "node": "*" + "node": ">=8" } }, "node_modules/has-symbols": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.0.2.tgz", "integrity": "sha512-chXa79rL/UC2KlX17jo3vRGz0azaWEx5tGqZg5pO3NUyEJVB17dMruQlzCCOfUvElghKcm5194+BCRvi2Rv/Gw==", + "dev": true, "engines": { "node": ">= 0.4" }, @@ -8862,23 +5957,12 @@ "url": "https://github.com/sponsors/ljharb" } }, - "node_modules/has-to-string-tag-x": { - "version": "1.4.1", - "resolved": "https://registry.npmjs.org/has-to-string-tag-x/-/has-to-string-tag-x-1.4.1.tgz", - "integrity": "sha512-vdbKfmw+3LoOYVr+mtxHaX5a96+0f3DljYd8JOqvOLsf5mw2Otda2qCDT9qRqLAhrjyQ0h7ual5nOiASpsGNFw==", - "dev": true, - "dependencies": { - "has-symbol-support-x": "^1.4.1" - }, - "engines": { - "node": "*" - } - }, "node_modules/has-value": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/has-value/-/has-value-1.0.0.tgz", "integrity": "sha1-GLKB2lhbHFxR3vJMkw7SmgvmsXc=", "dev": true, + "peer": true, "dependencies": { "get-value": "^2.0.6", "has-values": "^1.0.0", @@ -8893,6 +5977,7 @@ "resolved": "https://registry.npmjs.org/has-values/-/has-values-1.0.0.tgz", "integrity": "sha1-lbC2P+whRmGab+V/51Yo1aOe/k8=", "dev": true, + "peer": true, "dependencies": { "is-number": "^3.0.0", "kind-of": "^4.0.0" @@ -8905,13 +5990,15 @@ "version": "1.1.6", "resolved": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.6.tgz", "integrity": "sha512-NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w==", - "dev": true + "dev": true, + "peer": true }, "node_modules/has-values/node_modules/is-number": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/is-number/-/is-number-3.0.0.tgz", "integrity": "sha1-JP1iAaR4LPUFYcgQJ2r8fRLXEZU=", "dev": true, + "peer": true, "dependencies": { "kind-of": "^3.0.2" }, @@ -8924,6 +6011,7 @@ "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", "integrity": "sha1-MeohpzS6ubuw8yRm2JOupR5KPGQ=", "dev": true, + "peer": true, "dependencies": { "is-buffer": "^1.1.5" }, @@ -8936,6 +6024,7 @@ "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-4.0.0.tgz", "integrity": "sha1-IIE989cSkosgc3hpGkUGb65y3Vc=", "dev": true, + "peer": true, "dependencies": { "is-buffer": "^1.1.5" }, @@ -8947,6 +6036,8 @@ "version": "3.1.0", "resolved": "https://registry.npmjs.org/hash-base/-/hash-base-3.1.0.tgz", "integrity": "sha512-1nmYp/rhMDiE7AYkDw+lLwlAzz0AntGIe51F3RfFfEqyQ3feY2eI/NcwC6umIQVOASPMsWJLJScWKSSvzL9IVA==", + "dev": true, + "peer": true, "dependencies": { "inherits": "^2.0.4", "readable-stream": "^3.6.0", @@ -8960,6 +6051,7 @@ "version": "5.2.1", "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==", + "dev": true, "funding": [ { "type": "github", @@ -8973,216 +6065,42 @@ "type": "consulting", "url": "https://feross.org/support" } - ] + ], + "peer": true }, "node_modules/hash.js": { "version": "1.1.7", "resolved": "https://registry.npmjs.org/hash.js/-/hash.js-1.1.7.tgz", "integrity": "sha512-taOaskGt4z4SOANNseOviYDvjEJinIkRgmp7LbKP2YTTmVxWBl87s/uzK9r+44BclBSp2X7K1hqeNfz9JbBeXA==", + "dev": true, + "peer": true, "dependencies": { "inherits": "^2.0.3", "minimalistic-assert": "^1.0.1" } }, - "node_modules/hast-to-hyperscript": { - "version": "9.0.1", - "resolved": "https://registry.npmjs.org/hast-to-hyperscript/-/hast-to-hyperscript-9.0.1.tgz", - "integrity": "sha512-zQgLKqF+O2F72S1aa4y2ivxzSlko3MAvxkwG8ehGmNiqd98BIN3JM1rAJPmplEyLmGLO2QZYJtIneOSZ2YbJuA==", - "dependencies": { - "@types/unist": "^2.0.3", - "comma-separated-tokens": "^1.0.0", - "property-information": "^5.3.0", - "space-separated-tokens": "^1.0.0", - "style-to-object": "^0.3.0", - "unist-util-is": "^4.0.0", - "web-namespaces": "^1.0.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" - } - }, - "node_modules/hast-util-from-parse5": { - "version": "6.0.1", - "resolved": "https://registry.npmjs.org/hast-util-from-parse5/-/hast-util-from-parse5-6.0.1.tgz", - "integrity": "sha512-jeJUWiN5pSxW12Rh01smtVkZgZr33wBokLzKLwinYOUfSzm1Nl/c3GUGebDyOKjdsRgMvoVbV0VpAcpjF4NrJA==", - "dependencies": { - "@types/parse5": "^5.0.0", - "hastscript": "^6.0.0", - "property-information": "^5.0.0", - "vfile": "^4.0.0", - "vfile-location": "^3.2.0", - "web-namespaces": "^1.0.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" - } - }, - "node_modules/hast-util-is-element": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/hast-util-is-element/-/hast-util-is-element-1.1.0.tgz", - "integrity": "sha512-oUmNua0bFbdrD/ELDSSEadRVtWZOf3iF6Lbv81naqsIV99RnSCieTbWuWCY8BAeEfKJTKl0gRdokv+dELutHGQ==", - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" - } - }, - "node_modules/hast-util-parse-selector": { - "version": "2.2.5", - "resolved": "https://registry.npmjs.org/hast-util-parse-selector/-/hast-util-parse-selector-2.2.5.tgz", - "integrity": "sha512-7j6mrk/qqkSehsM92wQjdIgWM2/BW61u/53G6xmC8i1OmEdKLHbk419QKQUjz6LglWsfqoiHmyMRkP1BGjecNQ==", - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" - } - }, - "node_modules/hast-util-raw": { - "version": "6.0.1", - "resolved": "https://registry.npmjs.org/hast-util-raw/-/hast-util-raw-6.0.1.tgz", - "integrity": "sha512-ZMuiYA+UF7BXBtsTBNcLBF5HzXzkyE6MLzJnL605LKE8GJylNjGc4jjxazAHUtcwT5/CEt6afRKViYB4X66dig==", - "dependencies": { - "@types/hast": "^2.0.0", - "hast-util-from-parse5": "^6.0.0", - "hast-util-to-parse5": "^6.0.0", - "html-void-elements": "^1.0.0", - "parse5": "^6.0.0", - "unist-util-position": "^3.0.0", - "vfile": "^4.0.0", - "web-namespaces": "^1.0.0", - "xtend": "^4.0.0", - "zwitch": "^1.0.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" - } - }, - "node_modules/hast-util-to-html": { - "version": "7.1.3", - "resolved": "https://registry.npmjs.org/hast-util-to-html/-/hast-util-to-html-7.1.3.tgz", - "integrity": "sha512-yk2+1p3EJTEE9ZEUkgHsUSVhIpCsL/bvT8E5GzmWc+N1Po5gBw+0F8bo7dpxXR0nu0bQVxVZGX2lBGF21CmeDw==", - "dependencies": { - "ccount": "^1.0.0", - "comma-separated-tokens": "^1.0.0", - "hast-util-is-element": "^1.0.0", - "hast-util-whitespace": "^1.0.0", - "html-void-elements": "^1.0.0", - "property-information": "^5.0.0", - "space-separated-tokens": "^1.0.0", - "stringify-entities": "^3.0.1", - "unist-util-is": "^4.0.0", - "xtend": "^4.0.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" - } - }, - "node_modules/hast-util-to-parse5": { - "version": "6.0.0", - "resolved": "https://registry.npmjs.org/hast-util-to-parse5/-/hast-util-to-parse5-6.0.0.tgz", - "integrity": "sha512-Lu5m6Lgm/fWuz8eWnrKezHtVY83JeRGaNQ2kn9aJgqaxvVkFCZQBEhgodZUDUvoodgyROHDb3r5IxAEdl6suJQ==", - "dependencies": { - "hast-to-hyperscript": "^9.0.0", - "property-information": "^5.0.0", - "web-namespaces": "^1.0.0", - "xtend": "^4.0.0", - "zwitch": "^1.0.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" - } - }, - "node_modules/hast-util-to-string": { - "version": "1.0.4", - "resolved": "https://registry.npmjs.org/hast-util-to-string/-/hast-util-to-string-1.0.4.tgz", - "integrity": "sha512-eK0MxRX47AV2eZ+Lyr18DCpQgodvaS3fAQO2+b9Two9F5HEoRPhiUMNzoXArMJfZi2yieFzUBMRl3HNJ3Jus3w==", - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" - } - }, - "node_modules/hast-util-to-text": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/hast-util-to-text/-/hast-util-to-text-2.0.1.tgz", - "integrity": "sha512-8nsgCARfs6VkwH2jJU9b8LNTuR4700na+0h3PqCaEk4MAnMDeu5P0tP8mjk9LLNGxIeQRLbiDbZVw6rku+pYsQ==", - "dependencies": { - "hast-util-is-element": "^1.0.0", - "repeat-string": "^1.0.0", - "unist-util-find-after": "^3.0.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" - } - }, - "node_modules/hast-util-whitespace": { - "version": "1.0.4", - "resolved": "https://registry.npmjs.org/hast-util-whitespace/-/hast-util-whitespace-1.0.4.tgz", - "integrity": "sha512-I5GTdSfhYfAPNztx2xJRQpG8cuDSNt599/7YUn7Gx/WxNMsG+a835k97TDkFgk123cwjfwINaZknkKkphx/f2A==", - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" - } - }, - "node_modules/hastscript": { - "version": "6.0.0", - "resolved": "https://registry.npmjs.org/hastscript/-/hastscript-6.0.0.tgz", - "integrity": "sha512-nDM6bvd7lIqDUiYEiu5Sl/+6ReP0BMk/2f4U/Rooccxkj0P5nm+acM5PrGJ/t5I8qPGiqZSE6hVAwZEdZIvP4w==", - "dependencies": { - "@types/hast": "^2.0.0", - "comma-separated-tokens": "^1.0.0", - "hast-util-parse-selector": "^2.0.0", - "property-information": "^5.0.0", - "space-separated-tokens": "^1.0.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" - } - }, "node_modules/he": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/he/-/he-1.2.0.tgz", "integrity": "sha512-F/1DnUGPopORZi0ni+CvrCgHQ5FyEAHRLSApuYWMmrbSwoN2Mn/7k+Gl38gJnR7yyDZk6WLXwiGod1JOWNDKGw==", + "dev": true, + "peer": true, "bin": { "he": "bin/he" } }, - "node_modules/hey-listen": { - "version": "1.0.8", - "resolved": "https://registry.npmjs.org/hey-listen/-/hey-listen-1.0.8.tgz", - "integrity": "sha512-COpmrF2NOg4TBWUJ5UVyaCU2A88wEMkUPK4hNqyCkqHbxT92BbvfjoSozkAIIm6XhicGlJHhFdullInrdhwU8Q==" - }, "node_modules/hmac-drbg": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/hmac-drbg/-/hmac-drbg-1.0.1.tgz", "integrity": "sha1-0nRXAQJabHdabFRXk+1QL8DGSaE=", + "dev": true, + "peer": true, "dependencies": { "hash.js": "^1.0.3", "minimalistic-assert": "^1.0.0", "minimalistic-crypto-utils": "^1.0.1" } }, - "node_modules/hoist-non-react-statics": { - "version": "3.3.2", - "resolved": "https://registry.npmjs.org/hoist-non-react-statics/-/hoist-non-react-statics-3.3.2.tgz", - "integrity": "sha512-/gGivxi8JPKWNm/W0jSmzcMPpfpPLc3dY/6GxhX2hQ9iGj3aDfklV4ET7NjKpSinLpJ5vafa9iiGIEZg10SfBw==", - "dependencies": { - "react-is": "^16.7.0" - } - }, - "node_modules/hoopy": { - "version": "0.1.4", - "resolved": "https://registry.npmjs.org/hoopy/-/hoopy-0.1.4.tgz", - "integrity": "sha512-HRcs+2mr52W0K+x8RzcLzuPPmVIKMSv97RGHy0Ea9y/mpcaK+xTrjICA04KAHi4GRzxliNqNJEFYWHghy3rSfQ==", - "dev": true, - "engines": { - "node": ">= 6.0.0" - } - }, "node_modules/hosted-git-info": { "version": "4.0.2", "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-4.0.2.tgz", @@ -9195,6 +6113,26 @@ "node": ">=10" } }, + "node_modules/html-encoding-sniffer": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/html-encoding-sniffer/-/html-encoding-sniffer-2.0.1.tgz", + "integrity": "sha512-D5JbOMBIR/TVZkubHT+OyT2705QvogUW4IBn6nHd756OwieSF9aDYFj4dv6HHEVGYbHaLETa3WggZYWWMyy3ZQ==", + "dev": true, + "peer": true, + "dependencies": { + "whatwg-encoding": "^1.0.5" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/html-escaper": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/html-escaper/-/html-escaper-2.0.2.tgz", + "integrity": "sha512-H2iMtd0I4Mt5eYiapRdIDjp+XzelXQ0tFE4JS7YFwFevXXMmOp9myNrUvCg0D6ws8iqkRPBfKHgbwig1SmlLfg==", + "dev": true, + "peer": true + }, "node_modules/html-tags": { "version": "3.1.0", "resolved": "https://registry.npmjs.org/html-tags/-/html-tags-3.1.0.tgz", @@ -9204,15 +6142,6 @@ "node": ">=8" } }, - "node_modules/html-void-elements": { - "version": "1.0.5", - "resolved": "https://registry.npmjs.org/html-void-elements/-/html-void-elements-1.0.5.tgz", - "integrity": "sha512-uE/TxKuyNIcx44cIWnjr/rfIATDH7ZaOMmstu0CwhFG1Dunhlp4OC6/NMbhiwoq5BpW0ubi303qnEk/PZj614w==", - "funding": { - "type": "github", - "url": "https://github.com/sponsors/wooorm" - } - }, "node_modules/htmlparser2": { "version": "3.10.1", "resolved": "https://registry.npmjs.org/htmlparser2/-/htmlparser2-3.10.1.tgz", @@ -9227,50 +6156,56 @@ "readable-stream": "^3.1.1" } }, - "node_modules/http-cache-semantics": { - "version": "3.8.1", - "resolved": "https://registry.npmjs.org/http-cache-semantics/-/http-cache-semantics-3.8.1.tgz", - "integrity": "sha512-5ai2iksyV8ZXmnZhHH4rWPoxxistEexSi5936zIQ1bnNTW5VnA85B6P/VpXiRM017IgRvb2kKo1a//y+0wSp3w==", - "dev": true - }, - "node_modules/http-errors": { - "version": "1.7.2", - "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-1.7.2.tgz", - "integrity": "sha512-uUQBt3H/cSIVfch6i1EuPNy/YsRSOUBXTVfZ+yR7Zjez3qjBz6i9+i4zjNaoqcoFVI4lQJ5plg63TvGfRSDCRg==", + "node_modules/http-proxy-agent": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/http-proxy-agent/-/http-proxy-agent-4.0.1.tgz", + "integrity": "sha512-k0zdNgqWTGA6aeIRVpvfVob4fL52dTfaehylg0Y4UvSySvOq/Y+BOyPrgpUrA7HylqvU8vIZGsRuXmspskV0Tg==", + "dev": true, + "peer": true, "dependencies": { - "depd": "~1.1.2", - "inherits": "2.0.3", - "setprototypeof": "1.1.1", - "statuses": ">= 1.5.0 < 2", - "toidentifier": "1.0.0" + "@tootallnate/once": "1", + "agent-base": "6", + "debug": "4" }, "engines": { - "node": ">= 0.6" + "node": ">= 6" } }, - "node_modules/http-errors/node_modules/inherits": { - "version": "2.0.3", - "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.3.tgz", - "integrity": "sha1-Yzwsg+PaQqUC9SRmAiSA9CCCYd4=" - }, "node_modules/https-browserify": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/https-browserify/-/https-browserify-1.0.0.tgz", - "integrity": "sha1-7AbBDgo0wPL68Zn3/X/Hj//QPHM=" + "integrity": "sha1-7AbBDgo0wPL68Zn3/X/Hj//QPHM=", + "dev": true, + "peer": true + }, + "node_modules/https-proxy-agent": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-5.0.1.tgz", + "integrity": "sha512-dFcAjpTQFgoLMzC2VwU+C/CbS7uRL0lWmxDITmqm7C+7F0Odmj6s9l6alZc6AELXhrnggM2CeWSXHGOdX2YtwA==", + "dev": true, + "peer": true, + "dependencies": { + "agent-base": "6", + "debug": "4" + }, + "engines": { + "node": ">= 6" + } }, "node_modules/human-signals": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/human-signals/-/human-signals-1.1.1.tgz", "integrity": "sha512-SEQu7vl8KjNL2eoGBLF3+wAjpsNfA9XMlXAYj/3EdaNfAlxKthD1xjEQfGOUhllCGGJVNY34bRr6lPINhNjyZw==", "dev": true, + "peer": true, "engines": { "node": ">=8.12.0" } }, "node_modules/husky": { - "version": "4.3.7", - "resolved": "https://registry.npmjs.org/husky/-/husky-4.3.7.tgz", - "integrity": "sha512-0fQlcCDq/xypoyYSJvEuzbDPHFf8ZF9IXKJxlrnvxABTSzK1VPT2RKYQKrcgJ+YD39swgoB6sbzywUqFxUiqjw==", + "version": "4.3.8", + "resolved": "https://registry.npmjs.org/husky/-/husky-4.3.8.tgz", + "integrity": "sha512-LCqqsB0PzJQ/AlCgfrfzRe3e3+NvmefAdKQhRYpxS4u6clblBoDdzzvHi8fmxKRzvMxPY/1WZWzomPZww0Anow==", "dev": true, "hasInstallScript": true, "dependencies": { @@ -9301,6 +6236,7 @@ "version": "0.4.24", "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz", "integrity": "sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==", + "dev": true, "dependencies": { "safer-buffer": ">= 2.1.2 < 3" }, @@ -9312,6 +6248,7 @@ "version": "1.2.1", "resolved": "https://registry.npmjs.org/ieee754/-/ieee754-1.2.1.tgz", "integrity": "sha512-dcyqhDvX1C46lXZcVqCpK+FtMRQVdIMN6/Df5js2zouUsqG7I6sFxitIC+7KYK29KdXOLHdu9zL4sFnoVQnqaA==", + "dev": true, "funding": [ { "type": "github", @@ -9325,7 +6262,8 @@ "type": "consulting", "url": "https://feross.org/support" } - ] + ], + "peer": true }, "node_modules/ignore": { "version": "5.1.8", @@ -9340,6 +6278,8 @@ "version": "1.0.0", "resolved": "https://registry.npmjs.org/image-size/-/image-size-1.0.0.tgz", "integrity": "sha512-JLJ6OwBfO1KcA+TvJT+v8gbE6iWbj24LyDNFgFEN0lzegn6cC6a/p3NIDaepMsJjQjlUWqIC7wJv8lBFxPNjcw==", + "dev": true, + "peer": true, "dependencies": { "queue": "6.0.2" }, @@ -9350,360 +6290,6 @@ "node": ">=12.0.0" } }, - "node_modules/imagemin": { - "version": "6.1.0", - "resolved": "https://registry.npmjs.org/imagemin/-/imagemin-6.1.0.tgz", - "integrity": "sha512-8ryJBL1CN5uSHpiBMX0rJw79C9F9aJqMnjGnrd/1CafegpNuA81RBAAru/jQQEOWlOJJlpRnlcVFF6wq+Ist0A==", - "dev": true, - "dependencies": { - "file-type": "^10.7.0", - "globby": "^8.0.1", - "make-dir": "^1.0.0", - "p-pipe": "^1.1.0", - "pify": "^4.0.1", - "replace-ext": "^1.0.0" - }, - "engines": { - "node": ">=6" - } - }, - "node_modules/imagemin-mozjpeg": { - "version": "9.0.0", - "resolved": "https://registry.npmjs.org/imagemin-mozjpeg/-/imagemin-mozjpeg-9.0.0.tgz", - "integrity": "sha512-TwOjTzYqCFRgROTWpVSt5UTT0JeCuzF1jswPLKALDd89+PmrJ2PdMMYeDLYZ1fs9cTovI9GJd68mRSnuVt691w==", - "dev": true, - "dependencies": { - "execa": "^4.0.0", - "is-jpg": "^2.0.0", - "mozjpeg": "^7.0.0" - }, - "engines": { - "node": ">=10" - } - }, - "node_modules/imagemin-optipng": { - "version": "8.0.0", - "resolved": "https://registry.npmjs.org/imagemin-optipng/-/imagemin-optipng-8.0.0.tgz", - "integrity": "sha512-CUGfhfwqlPjAC0rm8Fy+R2DJDBGjzy2SkfyT09L8rasnF9jSoHFqJ1xxSZWK6HVPZBMhGPMxCTL70OgTHlLF5A==", - "dev": true, - "dependencies": { - "exec-buffer": "^3.0.0", - "is-png": "^2.0.0", - "optipng-bin": "^7.0.0" - }, - "engines": { - "node": ">=10" - } - }, - "node_modules/imagemin-svgo": { - "version": "8.0.0", - "resolved": "https://registry.npmjs.org/imagemin-svgo/-/imagemin-svgo-8.0.0.tgz", - "integrity": "sha512-++fDnnxsLT+4rpt8babwiIbzapgBzeS2Kgcy+CwgBvgSRFltBFhX2WnpCziMtxhRCzqJcCE9EcHWZP/sj+G3rQ==", - "dev": true, - "dependencies": { - "is-svg": "^4.2.1", - "svgo": "^1.3.2" - }, - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/sindresorhus/imagemin-svgo?sponsor=1" - } - }, - "node_modules/imagemin/node_modules/@nodelib/fs.stat": { - "version": "1.1.3", - "resolved": "https://registry.npmjs.org/@nodelib/fs.stat/-/fs.stat-1.1.3.tgz", - "integrity": "sha512-shAmDyaQC4H92APFoIaVDHCx5bStIocgvbwQyxPRrbUY20V1EYTbSDchWbuwlMG3V17cprZhA6+78JfB+3DTPw==", - "dev": true, - "engines": { - "node": ">= 6" - } - }, - "node_modules/imagemin/node_modules/array-union": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/array-union/-/array-union-1.0.2.tgz", - "integrity": "sha1-mjRBDk9OPaI96jdb5b5w8kd47Dk=", - "dev": true, - "dependencies": { - "array-uniq": "^1.0.1" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/imagemin/node_modules/braces": { - "version": "2.3.2", - "resolved": "https://registry.npmjs.org/braces/-/braces-2.3.2.tgz", - "integrity": "sha512-aNdbnj9P8PjdXU4ybaWLK2IF3jc/EoDYbC7AazW6to3TRsfXxscC9UXOB5iDiEQrkyIbWp2SLQda4+QAa7nc3w==", - "dev": true, - "dependencies": { - "arr-flatten": "^1.1.0", - "array-unique": "^0.3.2", - "extend-shallow": "^2.0.1", - "fill-range": "^4.0.0", - "isobject": "^3.0.1", - "repeat-element": "^1.1.2", - "snapdragon": "^0.8.1", - "snapdragon-node": "^2.0.1", - "split-string": "^3.0.2", - "to-regex": "^3.0.1" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/imagemin/node_modules/braces/node_modules/extend-shallow": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz", - "integrity": "sha1-Ua99YUrZqfYQ6huvu5idaxxWiQ8=", - "dev": true, - "dependencies": { - "is-extendable": "^0.1.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/imagemin/node_modules/dir-glob": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/dir-glob/-/dir-glob-2.0.0.tgz", - "integrity": "sha512-37qirFDz8cA5fimp9feo43fSuRo2gHwaIn6dXL8Ber1dGwUosDrGZeCCXq57WnIqE4aQ+u3eQZzsk1yOzhdwag==", - "dev": true, - "dependencies": { - "arrify": "^1.0.1", - "path-type": "^3.0.0" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/imagemin/node_modules/fast-glob": { - "version": "2.2.7", - "resolved": "https://registry.npmjs.org/fast-glob/-/fast-glob-2.2.7.tgz", - "integrity": "sha512-g1KuQwHOZAmOZMuBtHdxDtju+T2RT8jgCC9aANsbpdiDDTSnjgfuVsIBNKbUeJI3oKMRExcfNDtJl4OhbffMsw==", - "dev": true, - "dependencies": { - "@mrmlnc/readdir-enhanced": "^2.2.1", - "@nodelib/fs.stat": "^1.1.2", - "glob-parent": "^3.1.0", - "is-glob": "^4.0.0", - "merge2": "^1.2.3", - "micromatch": "^3.1.10" - }, - "engines": { - "node": ">=4.0.0" - } - }, - "node_modules/imagemin/node_modules/file-type": { - "version": "10.11.0", - "resolved": "https://registry.npmjs.org/file-type/-/file-type-10.11.0.tgz", - "integrity": "sha512-uzk64HRpUZyTGZtVuvrjP0FYxzQrBf4rojot6J65YMEbwBLB0CWm0CLojVpwpmFmxcE/lkvYICgfcGozbBq6rw==", - "dev": true, - "engines": { - "node": ">=6" - } - }, - "node_modules/imagemin/node_modules/fill-range": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-4.0.0.tgz", - "integrity": "sha1-1USBHUKPmOsGpj3EAtJAPDKMOPc=", - "dev": true, - "dependencies": { - "extend-shallow": "^2.0.1", - "is-number": "^3.0.0", - "repeat-string": "^1.6.1", - "to-regex-range": "^2.1.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/imagemin/node_modules/fill-range/node_modules/extend-shallow": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz", - "integrity": "sha1-Ua99YUrZqfYQ6huvu5idaxxWiQ8=", - "dev": true, - "dependencies": { - "is-extendable": "^0.1.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/imagemin/node_modules/glob-parent": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-3.1.0.tgz", - "integrity": "sha1-nmr2KZ2NO9K9QEMIMr0RPfkGxa4=", - "dev": true, - "dependencies": { - "is-glob": "^3.1.0", - "path-dirname": "^1.0.0" - } - }, - "node_modules/imagemin/node_modules/glob-parent/node_modules/is-glob": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-3.1.0.tgz", - "integrity": "sha1-e6WuJCF4BKxwcHuWkiVnSGzD6Eo=", - "dev": true, - "dependencies": { - "is-extglob": "^2.1.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/imagemin/node_modules/globby": { - "version": "8.0.2", - "resolved": "https://registry.npmjs.org/globby/-/globby-8.0.2.tgz", - "integrity": "sha512-yTzMmKygLp8RUpG1Ymu2VXPSJQZjNAZPD4ywgYEaG7e4tBJeUQBO8OpXrf1RCNcEs5alsoJYPAMiIHP0cmeC7w==", - "dev": true, - "dependencies": { - "array-union": "^1.0.1", - "dir-glob": "2.0.0", - "fast-glob": "^2.0.2", - "glob": "^7.1.2", - "ignore": "^3.3.5", - "pify": "^3.0.0", - "slash": "^1.0.0" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/imagemin/node_modules/globby/node_modules/pify": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/pify/-/pify-3.0.0.tgz", - "integrity": "sha1-5aSs0sEB/fPZpNB/DbxNtJ3SgXY=", - "dev": true, - "engines": { - "node": ">=4" - } - }, - "node_modules/imagemin/node_modules/ignore": { - "version": "3.3.10", - "resolved": "https://registry.npmjs.org/ignore/-/ignore-3.3.10.tgz", - "integrity": "sha512-Pgs951kaMm5GXP7MOvxERINe3gsaVjUWFm+UZPSq9xYriQAksyhg0csnS0KXSNRD5NmNdapXEpjxG49+AKh/ug==", - "dev": true - }, - "node_modules/imagemin/node_modules/is-buffer": { - "version": "1.1.6", - "resolved": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.6.tgz", - "integrity": "sha512-NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w==", - "dev": true - }, - "node_modules/imagemin/node_modules/is-number": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/is-number/-/is-number-3.0.0.tgz", - "integrity": "sha1-JP1iAaR4LPUFYcgQJ2r8fRLXEZU=", - "dev": true, - "dependencies": { - "kind-of": "^3.0.2" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/imagemin/node_modules/is-number/node_modules/kind-of": { - "version": "3.2.2", - "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", - "integrity": "sha1-MeohpzS6ubuw8yRm2JOupR5KPGQ=", - "dev": true, - "dependencies": { - "is-buffer": "^1.1.5" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/imagemin/node_modules/micromatch": { - "version": "3.1.10", - "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-3.1.10.tgz", - "integrity": "sha512-MWikgl9n9M3w+bpsY3He8L+w9eF9338xRl8IAO5viDizwSzziFEyUzo2xrrloB64ADbTf8uA8vRqqttDTOmccg==", - "dev": true, - "dependencies": { - "arr-diff": "^4.0.0", - "array-unique": "^0.3.2", - "braces": "^2.3.1", - "define-property": "^2.0.2", - "extend-shallow": "^3.0.2", - "extglob": "^2.0.4", - "fragment-cache": "^0.2.1", - "kind-of": "^6.0.2", - "nanomatch": "^1.2.9", - "object.pick": "^1.3.0", - "regex-not": "^1.0.0", - "snapdragon": "^0.8.1", - "to-regex": "^3.0.2" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/imagemin/node_modules/path-type": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/path-type/-/path-type-3.0.0.tgz", - "integrity": "sha512-T2ZUsdZFHgA3u4e5PfPbjd7HDDpxPnQb5jN0SrDsjNSuVXHJqtwTnWqG0B1jZrgmJ/7lj1EmVIByWt1gxGkWvg==", - "dev": true, - "dependencies": { - "pify": "^3.0.0" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/imagemin/node_modules/path-type/node_modules/pify": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/pify/-/pify-3.0.0.tgz", - "integrity": "sha1-5aSs0sEB/fPZpNB/DbxNtJ3SgXY=", - "dev": true, - "engines": { - "node": ">=4" - } - }, - "node_modules/imagemin/node_modules/pify": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/pify/-/pify-4.0.1.tgz", - "integrity": "sha512-uB80kBFb/tfd68bVleG9T5GGsGPjJrLAUpR5PZIrhBnIaRTQRjqdJSsIKkOP6OAIFbj7GOrcudc5pNjZ+geV2g==", - "dev": true, - "engines": { - "node": ">=6" - } - }, - "node_modules/imagemin/node_modules/slash": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/slash/-/slash-1.0.0.tgz", - "integrity": "sha1-xB8vbDn8FtHNF61LXYlhFK5HDVU=", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/imagemin/node_modules/to-regex-range": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-2.1.1.tgz", - "integrity": "sha1-fIDBe53+vlmeJzZ+DU3VWQFB2zg=", - "dev": true, - "dependencies": { - "is-number": "^3.0.0", - "repeat-string": "^1.6.1" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/img-loader": { - "version": "3.0.2", - "resolved": "https://registry.npmjs.org/img-loader/-/img-loader-3.0.2.tgz", - "integrity": "sha512-rSriLKgvi85Km7ppSF+AEAM3nU4fxpvCkaXtC/IoCEU7jfks55bEANFs0bB9YXYkxY9JurZQIZFtXh5Gue3upw==", - "dev": true, - "dependencies": { - "loader-utils": "^1.1.0" - }, - "peerDependencies": { - "imagemin": "^5.0.0 || ^6.0.0 || ^7.0.0" - } - }, "node_modules/import-fresh": { "version": "3.3.0", "resolved": "https://registry.npmjs.org/import-fresh/-/import-fresh-3.3.0.tgz", @@ -9729,6 +6315,105 @@ "node": ">=8" } }, + "node_modules/import-local": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/import-local/-/import-local-3.1.0.tgz", + "integrity": "sha512-ASB07uLtnDs1o6EHjKpX34BKYDSqnFerfTOJL2HvMqF70LnxpjkzDB8J44oT9pu4AMPkQwf8jl6szgvNd2tRIg==", + "dev": true, + "peer": true, + "dependencies": { + "pkg-dir": "^4.2.0", + "resolve-cwd": "^3.0.0" + }, + "bin": { + "import-local-fixture": "fixtures/cli.js" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/import-local/node_modules/find-up": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", + "integrity": "sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw==", + "dev": true, + "peer": true, + "dependencies": { + "locate-path": "^5.0.0", + "path-exists": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/import-local/node_modules/locate-path": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", + "integrity": "sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g==", + "dev": true, + "peer": true, + "dependencies": { + "p-locate": "^4.1.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/import-local/node_modules/p-limit": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", + "integrity": "sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==", + "dev": true, + "peer": true, + "dependencies": { + "p-try": "^2.0.0" + }, + "engines": { + "node": ">=6" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/import-local/node_modules/p-locate": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", + "integrity": "sha512-R79ZZ/0wAxKGu3oYMlz8jy/kbhsNrS7SKZ7PxEHBgJ5+F2mtFW2fK2cOtBh1cHYkQsbzFV7I+EoRKe6Yt0oK7A==", + "dev": true, + "peer": true, + "dependencies": { + "p-limit": "^2.2.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/import-local/node_modules/p-try": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/p-try/-/p-try-2.2.0.tgz", + "integrity": "sha512-R4nPAVTAU0B9D35/Gk3uJf/7XYbQcyohSKdvAxIRSNghFl4e71hVoGnBNQz9cWaXxO2I10KTC+3jMdvvoKw6dQ==", + "dev": true, + "peer": true, + "engines": { + "node": ">=6" + } + }, + "node_modules/import-local/node_modules/pkg-dir": { + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/pkg-dir/-/pkg-dir-4.2.0.tgz", + "integrity": "sha512-HRDzbaKjC+AOWVXxAU/x54COGeIv9eb+6CkDSQoNTt4XyWoIJvuPsXizxu/Fr23EiekbtZwmh1IcIG/l/a10GQ==", + "dev": true, + "peer": true, + "dependencies": { + "find-up": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, "node_modules/imurmurhash": { "version": "0.1.4", "resolved": "https://registry.npmjs.org/imurmurhash/-/imurmurhash-0.1.4.tgz", @@ -9751,6 +6436,7 @@ "version": "1.0.6", "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz", "integrity": "sha1-Sb1jMdfQLQwJvJEKEHW6gWW1bfk=", + "dev": true, "dependencies": { "once": "^1.3.0", "wrappy": "1" @@ -9759,7 +6445,8 @@ "node_modules/inherits": { "version": "2.0.4", "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", - "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==" + "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==", + "dev": true }, "node_modules/ini": { "version": "1.3.8", @@ -9767,11 +6454,6 @@ "integrity": "sha512-JV/yugV2uzW5iMRSiZAyDtQd+nxtUnjeLt0acNdw98kKLrvuRVyB80tsREOE7yvGVgalhZ6RNXCmEHkUKBKxew==", "dev": true }, - "node_modules/inline-style-parser": { - "version": "0.1.1", - "resolved": "https://registry.npmjs.org/inline-style-parser/-/inline-style-parser-0.1.1.tgz", - "integrity": "sha512-7NXolsK4CAS5+xvdj5OMMbI962hU/wvwoxk+LWR9Ek9bVtyuuYScDN6eS0rUm6TxApFpw7CX1o4uJzcd4AyD3Q==" - }, "node_modules/inquirer": { "version": "7.3.3", "resolved": "https://registry.npmjs.org/inquirer/-/inquirer-7.3.3.tgz", @@ -9810,32 +6492,6 @@ "node": ">= 0.4" } }, - "node_modules/intersection-observer": { - "version": "0.12.0", - "resolved": "https://registry.npmjs.org/intersection-observer/-/intersection-observer-0.12.0.tgz", - "integrity": "sha512-2Vkz8z46Dv401zTWudDGwO7KiGHNDkMv417T5ItcNYfmvHR/1qCTVBO9vwH8zZmQ0WkA/1ARwpysR9bsnop4NQ==" - }, - "node_modules/into-stream": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/into-stream/-/into-stream-3.1.0.tgz", - "integrity": "sha1-lvsKk2wSur1v8XUqF9BWFqvQlMY=", - "dev": true, - "dependencies": { - "from2": "^2.1.1", - "p-is-promise": "^1.1.0" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/invariant": { - "version": "2.2.4", - "resolved": "https://registry.npmjs.org/invariant/-/invariant-2.2.4.tgz", - "integrity": "sha512-phJfQVBuaJM5raOpJjSfkiD6BpbCE4Ns//LaXl6wGYtUBY83nWS6Rf9tXm2e8VaK60JEjYldbPif/A2B1C2gNA==", - "dependencies": { - "loose-envify": "^1.0.0" - } - }, "node_modules/ip-regex": { "version": "4.3.0", "resolved": "https://registry.npmjs.org/ip-regex/-/ip-regex-4.3.0.tgz", @@ -9845,19 +6501,12 @@ "node": ">=8" } }, - "node_modules/ipaddr.js": { - "version": "1.9.1", - "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz", - "integrity": "sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==", - "engines": { - "node": ">= 0.10" - } - }, "node_modules/is-accessor-descriptor": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/is-accessor-descriptor/-/is-accessor-descriptor-1.0.0.tgz", "integrity": "sha512-m5hnHTkcVsPfqx3AKlyttIPb7J+XykHvJP2B9bZDjlhLIoEq4XoK64Vg7boZlVWYK6LUY94dYPEE7Lh0ZkZKcQ==", "dev": true, + "peer": true, "dependencies": { "kind-of": "^6.0.0" }, @@ -9869,23 +6518,17 @@ "version": "1.0.4", "resolved": "https://registry.npmjs.org/is-alphabetical/-/is-alphabetical-1.0.4.tgz", "integrity": "sha512-DwzsA04LQ10FHTZuL0/grVDk4rFoVH1pjAToYwBrHSxcrBIGQuXrQMtD5U1b0U2XVgKZCTLLP8u2Qxqhy3l2Vg==", + "dev": true, "funding": { "type": "github", "url": "https://github.com/sponsors/wooorm" } }, - "node_modules/is-alphanumeric": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/is-alphanumeric/-/is-alphanumeric-1.0.0.tgz", - "integrity": "sha1-Spzvcdr0wAHB2B1j0UDPU/1oifQ=", - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/is-alphanumerical": { "version": "1.0.4", "resolved": "https://registry.npmjs.org/is-alphanumerical/-/is-alphanumerical-1.0.4.tgz", "integrity": "sha512-UzoZUr+XfVz3t3v4KyGEniVL9BDRoQtY7tOyrRybkVNjDFWyo1yhXNGrrBTQxp3ib9BLAWs7k2YKBQsFRkZG9A==", + "dev": true, "dependencies": { "is-alphabetical": "^1.0.0", "is-decimal": "^1.0.0" @@ -9899,6 +6542,8 @@ "version": "1.1.0", "resolved": "https://registry.npmjs.org/is-arguments/-/is-arguments-1.1.0.tgz", "integrity": "sha512-1Ij4lOMPl/xB5kBDn7I+b2ttPMKa8szhEIrXDuXQD/oe3HJLTLhqhgGspwgyGd6MOywBUqVvYicF72lkgDnIHg==", + "dev": true, + "peer": true, "dependencies": { "call-bind": "^1.0.0" }, @@ -9919,6 +6564,7 @@ "version": "1.0.2", "resolved": "https://registry.npmjs.org/is-bigint/-/is-bigint-1.0.2.tgz", "integrity": "sha512-0JV5+SOCQkIdzjBK9buARcV804Ddu7A0Qet6sHi3FimE9ne6m4BGQZfRn+NZiXbBk4F4XmHfDZIipLj9pX8dSA==", + "dev": true, "funding": { "url": "https://github.com/sponsors/ljharb" } @@ -9927,6 +6573,8 @@ "version": "2.1.0", "resolved": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz", "integrity": "sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw==", + "dev": true, + "peer": true, "dependencies": { "binary-extensions": "^2.0.0" }, @@ -9938,6 +6586,7 @@ "version": "1.1.1", "resolved": "https://registry.npmjs.org/is-boolean-object/-/is-boolean-object-1.1.1.tgz", "integrity": "sha512-bXdQWkECBUIAcCkeH1unwJLIpZYaa5VvuygSyS/c2lf719mTKZDU5UdDRlpd01UjADgmW8RfqaP+mRaVPdr/Ng==", + "dev": true, "dependencies": { "call-bind": "^1.0.2" }, @@ -9952,6 +6601,7 @@ "version": "2.0.5", "resolved": "https://registry.npmjs.org/is-buffer/-/is-buffer-2.0.5.tgz", "integrity": "sha512-i2R6zNFDwgEHJyQUtJEk0XFi1i0dPFn/oqjK3/vPCcDeJvW5NQ83V8QbicfF1SupOaB0h8ntgBC2YiE7dfyctQ==", + "dev": true, "funding": [ { "type": "github", @@ -9974,6 +6624,7 @@ "version": "1.2.3", "resolved": "https://registry.npmjs.org/is-callable/-/is-callable-1.2.3.tgz", "integrity": "sha512-J1DcMe8UYTBSrKezuIUTUwjXsho29693unXM2YhJUTR2txK/eG47bvNa/wipPFmZFgr/N6f1GA66dv0mEyTIyQ==", + "dev": true, "engines": { "node": ">= 0.4" }, @@ -9997,6 +6648,7 @@ "version": "2.7.0", "resolved": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.7.0.tgz", "integrity": "sha512-ByY+tjCciCr+9nLryBYcSD50EOGWt95c7tIsKTG1J2ixKKXPvF7Ej3AVd+UfDydAJom3biBGDBALaO79ktwgEQ==", + "dev": true, "dependencies": { "has": "^1.0.3" }, @@ -10009,6 +6661,7 @@ "resolved": "https://registry.npmjs.org/is-data-descriptor/-/is-data-descriptor-1.0.0.tgz", "integrity": "sha512-jbRXy1FmtAoCjQkVmIVYwuuqDFUbaOeDjmed1tOGPrsMhtJA4rD9tkgA0F1qJ3gRFRXcHYVkdeaP50Q5rE/jLQ==", "dev": true, + "peer": true, "dependencies": { "kind-of": "^6.0.0" }, @@ -10020,6 +6673,7 @@ "version": "1.0.4", "resolved": "https://registry.npmjs.org/is-date-object/-/is-date-object-1.0.4.tgz", "integrity": "sha512-/b4ZVsG7Z5XVtIxs/h9W8nvfLgSAyKYdtGWQLbqy6jA1icmgjf8WCoTKgeS4wy5tYaPePouzFMANbnj94c2Z+A==", + "dev": true, "engines": { "node": ">= 0.4" }, @@ -10031,6 +6685,7 @@ "version": "1.0.4", "resolved": "https://registry.npmjs.org/is-decimal/-/is-decimal-1.0.4.tgz", "integrity": "sha512-RGdriMmQQvZ2aqaQq3awNA6dCGtKpiDFcOzrTWrDAT2MiWrKQVPmxLGHl7Y2nNu6led0kEyoX0enY0qXYsv9zw==", + "dev": true, "funding": { "type": "github", "url": "https://github.com/sponsors/wooorm" @@ -10041,6 +6696,7 @@ "resolved": "https://registry.npmjs.org/is-descriptor/-/is-descriptor-1.0.2.tgz", "integrity": "sha512-2eis5WqQGV7peooDyLmNEPUrps9+SXX5c9pL3xEB+4e9HnGuDa7mB7kHxHw4CbqS9k1T2hOH3miL8n8WtiYVtg==", "dev": true, + "peer": true, "dependencies": { "is-accessor-descriptor": "^1.0.0", "is-data-descriptor": "^1.0.0", @@ -10069,6 +6725,8 @@ "version": "0.1.1", "resolved": "https://registry.npmjs.org/is-extendable/-/is-extendable-0.1.1.tgz", "integrity": "sha1-YrEQ4omkcUGOPsNqYX1HLjAd/Ik=", + "dev": true, + "peer": true, "engines": { "node": ">=0.10.0" } @@ -10077,20 +6735,9 @@ "version": "2.1.1", "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz", "integrity": "sha1-qIwCU1eR8C7TfHahueqXc8gz+MI=", - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/is-finite": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/is-finite/-/is-finite-1.1.0.tgz", - "integrity": "sha512-cdyMtqX/BOqqNBBiKlIVkytNHm49MtMlYyn1zxzvJKWmFMlGzm+ry5BBfYyeY9YmNKbRSo/o7OX9w9ale0wg3w==", "dev": true, "engines": { "node": ">=0.10.0" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" } }, "node_modules/is-fullwidth-code-point": { @@ -10102,10 +6749,22 @@ "node": ">=8" } }, + "node_modules/is-generator-fn": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/is-generator-fn/-/is-generator-fn-2.1.0.tgz", + "integrity": "sha512-cTIB4yPYL/Grw0EaSzASzg6bBy9gqCofvWN8okThAYIxKJZC+udlRAmGbM0XLeniEJSs8uEgHPGuHSe1XsOLSQ==", + "dev": true, + "peer": true, + "engines": { + "node": ">=6" + } + }, "node_modules/is-generator-function": { "version": "1.0.9", "resolved": "https://registry.npmjs.org/is-generator-function/-/is-generator-function-1.0.9.tgz", "integrity": "sha512-ZJ34p1uvIfptHCN7sFTjGibB9/oBg17sHqzDLfuwhvmN/qLVvIQXRQ8licZQ35WJ8KuEQt/etnnzQFI9C9Ue/A==", + "dev": true, + "peer": true, "engines": { "node": ">= 0.4" }, @@ -10117,6 +6776,7 @@ "version": "4.0.1", "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.1.tgz", "integrity": "sha512-5G0tKtBTFImOqDnLB2hG6Bp2qcKEFduo4tZu9MT/H6NQv/ghhy30o55ufafxJ/LdH79LLs2Kfrn85TLKyA7BUg==", + "dev": true, "dependencies": { "is-extglob": "^2.1.1" }, @@ -10128,24 +6788,18 @@ "version": "1.0.4", "resolved": "https://registry.npmjs.org/is-hexadecimal/-/is-hexadecimal-1.0.4.tgz", "integrity": "sha512-gyPJuv83bHMpocVYoqof5VDiZveEoGoFL8m3BXNb2VW8Xs+rz9kqO8LOQ5DH6EsuvilT1ApazU0pyl+ytbPtlw==", + "dev": true, "funding": { "type": "github", "url": "https://github.com/sponsors/wooorm" } }, - "node_modules/is-jpg": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/is-jpg/-/is-jpg-2.0.0.tgz", - "integrity": "sha1-LhmX+m6RZuqsAkLarkQ0A+TvHZc=", - "dev": true, - "engines": { - "node": ">=6" - } - }, "node_modules/is-nan": { "version": "1.3.2", "resolved": "https://registry.npmjs.org/is-nan/-/is-nan-1.3.2.tgz", "integrity": "sha512-E+zBKpQ2t6MEo1VsonYmluk9NxGrbzpeeLC2xIViuO2EjU2xsXsBPwTr3Ykv9l08UYEVEdWeRZNouaZqF6RN0w==", + "dev": true, + "peer": true, "dependencies": { "call-bind": "^1.0.0", "define-properties": "^1.1.3" @@ -10157,16 +6811,11 @@ "url": "https://github.com/sponsors/ljharb" } }, - "node_modules/is-natural-number": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/is-natural-number/-/is-natural-number-4.0.1.tgz", - "integrity": "sha1-q5124dtM7VHjXeDHLr7PCfc0zeg=", - "dev": true - }, "node_modules/is-negative-zero": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/is-negative-zero/-/is-negative-zero-2.0.1.tgz", "integrity": "sha512-2z6JzQvZRa9A2Y7xC6dQQm4FSTSTNWjKIYYTt4246eMTJmIo0Q+ZyOsU66X8lxK1AbB92dFeglPLrhwpeRKO6w==", + "dev": true, "engines": { "node": ">= 0.4" }, @@ -10178,6 +6827,7 @@ "version": "7.0.0", "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz", "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==", + "dev": true, "engines": { "node": ">=0.12.0" } @@ -10186,6 +6836,7 @@ "version": "1.0.5", "resolved": "https://registry.npmjs.org/is-number-object/-/is-number-object-1.0.5.tgz", "integrity": "sha512-RU0lI/n95pMoUKu9v1BZP5MBcZuNSVJkMkAG2dJqC4z2GlkGUNeH68SuHuBKBD/XFe+LHZ+f9BKkLET60Niedw==", + "dev": true, "engines": { "node": ">= 0.4" }, @@ -10202,15 +6853,6 @@ "node": ">=0.10.0" } }, - "node_modules/is-object": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/is-object/-/is-object-1.0.2.tgz", - "integrity": "sha512-2rRIahhZr2UWb45fIOuvZGpFtz0TyOZLf32KxBbSoUCeZR495zCKlWUKKUByk3geS2eAs7ZAABt0Y/Rx0GiQGA==", - "dev": true, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, "node_modules/is-plain-obj": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-1.1.0.tgz", @@ -10225,6 +6867,7 @@ "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-2.0.4.tgz", "integrity": "sha512-h5PpgXkWitc38BBMYawTYMWJHFZJVnBquFE57xFpjB8pJFiF6gZ+bU+WyI/yqXiFR5mdLsgYNaPe8uao6Uv9Og==", "dev": true, + "peer": true, "dependencies": { "isobject": "^3.0.1" }, @@ -10232,19 +6875,18 @@ "node": ">=0.10.0" } }, - "node_modules/is-png": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/is-png/-/is-png-2.0.0.tgz", - "integrity": "sha512-4KPGizaVGj2LK7xwJIz8o5B2ubu1D/vcQsgOGFEDlpcvgZHto4gBnyd0ig7Ws+67ixmwKoNmu0hYnpo6AaKb5g==", + "node_modules/is-potential-custom-element-name": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/is-potential-custom-element-name/-/is-potential-custom-element-name-1.0.1.tgz", + "integrity": "sha512-bCYeRA2rVibKZd+s2625gGnGF/t7DSqDs4dP7CrLA1m7jKWz6pps0LpYLJN8Q64HtmPKJ1hrN3nzPNKFEKOUiQ==", "dev": true, - "engines": { - "node": ">=8" - } + "peer": true }, "node_modules/is-regex": { "version": "1.1.3", "resolved": "https://registry.npmjs.org/is-regex/-/is-regex-1.1.3.tgz", "integrity": "sha512-qSVXFz28HM7y+IWX6vLCsexdlvzT1PJNFSBuaQLQ5o0IEw8UDYW6/2+eCMVyIsbM8CNLX2a/QWmSpyxYEHY7CQ==", + "dev": true, "dependencies": { "call-bind": "^1.0.2", "has-symbols": "^1.0.2" @@ -10265,15 +6907,6 @@ "node": ">=0.10.0" } }, - "node_modules/is-retry-allowed": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/is-retry-allowed/-/is-retry-allowed-1.2.0.tgz", - "integrity": "sha512-RUbUeKwvm3XG2VYamhJL1xFktgjvPzL0Hq8C+6yrWIswDy3BIXGqCxhxkc30N9jqK311gVU137K8Ei55/zVJRg==", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/is-stream": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-2.0.0.tgz", @@ -10287,6 +6920,7 @@ "version": "1.0.6", "resolved": "https://registry.npmjs.org/is-string/-/is-string-1.0.6.tgz", "integrity": "sha512-2gdzbKUuqtQ3lYNrUTQYoClPhm7oQu4UdpSZMp1/DGgkHBT8E2Z1l0yMdb6D4zNAxwDiMv8MdulKROJGNl0Q0w==", + "dev": true, "engines": { "node": ">= 0.4" }, @@ -10294,25 +6928,11 @@ "url": "https://github.com/sponsors/ljharb" } }, - "node_modules/is-svg": { - "version": "4.3.1", - "resolved": "https://registry.npmjs.org/is-svg/-/is-svg-4.3.1.tgz", - "integrity": "sha512-h2CGs+yPUyvkgTJQS9cJzo9lYK06WgRiXUqBBHtglSzVKAuH4/oWsqk7LGfbSa1hGk9QcZ0SyQtVggvBA8LZXA==", - "dev": true, - "dependencies": { - "fast-xml-parser": "^3.19.0" - }, - "engines": { - "node": ">=6" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, "node_modules/is-symbol": { "version": "1.0.4", "resolved": "https://registry.npmjs.org/is-symbol/-/is-symbol-1.0.4.tgz", "integrity": "sha512-C/CPBqKWnvdcxqIARxyOh4v1UUEOCHpgDa0WYgpKDFMszcrPcffg5uhwSgPCLD2WWxmq6isisz87tzT01tuGhg==", + "dev": true, "dependencies": { "has-symbols": "^1.0.2" }, @@ -10327,6 +6947,8 @@ "version": "1.1.5", "resolved": "https://registry.npmjs.org/is-typed-array/-/is-typed-array-1.1.5.tgz", "integrity": "sha512-S+GRDgJlR3PyEbsX/Fobd9cqpZBuvUS+8asRqYDMLCb2qMzt1oz5m5oxQCxOgUDxiWsOVNi4yaF+/uvdlHlYug==", + "dev": true, + "peer": true, "dependencies": { "available-typed-arrays": "^1.0.2", "call-bind": "^1.0.2", @@ -10371,39 +6993,16 @@ "node": ">=8" } }, - "node_modules/is-utf8": { - "version": "0.2.1", - "resolved": "https://registry.npmjs.org/is-utf8/-/is-utf8-0.2.1.tgz", - "integrity": "sha1-Sw2hRCEE0bM2NA6AeX6GXPOffXI=", - "dev": true - }, - "node_modules/is-whitespace-character": { - "version": "1.0.4", - "resolved": "https://registry.npmjs.org/is-whitespace-character/-/is-whitespace-character-1.0.4.tgz", - "integrity": "sha512-SDweEzfIZM0SJV0EUga669UTKlmL0Pq8Lno0QDQsPnvECB3IM2aP0gdx5TrU0A01MAPfViaZiI2V1QMZLaKK5w==", - "funding": { - "type": "github", - "url": "https://github.com/sponsors/wooorm" - } - }, "node_modules/is-windows": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/is-windows/-/is-windows-1.0.2.tgz", "integrity": "sha512-eXK1UInq2bPmjyX6e3VHIzMLobc4J94i4AWn+Hpq3OU5KkrRC96OAcR3PRJ/pGu6m8TRnBHP9dkXQVsT/COVIA==", "dev": true, + "peer": true, "engines": { "node": ">=0.10.0" } }, - "node_modules/is-word-character": { - "version": "1.0.4", - "resolved": "https://registry.npmjs.org/is-word-character/-/is-word-character-1.0.4.tgz", - "integrity": "sha512-5SMO8RVennx3nZrqtKwCGyyetPE9VDba5ugvKLaD4KopPG5kR4mQ7tNt/r7feL5yt5h3lpuBbIUmCOG2eSzXHA==", - "funding": { - "type": "github", - "url": "https://github.com/sponsors/wooorm" - } - }, "node_modules/is-wsl": { "version": "2.2.0", "resolved": "https://registry.npmjs.org/is-wsl/-/is-wsl-2.2.0.tgz", @@ -10419,12 +7018,9 @@ "node_modules/isarray": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz", - "integrity": "sha1-u5NdSFgsuhaMBoNJV6VKPgcSTxE=" - }, - "node_modules/iserror": { - "version": "0.0.2", - "resolved": "https://registry.npmjs.org/iserror/-/iserror-0.0.2.tgz", - "integrity": "sha1-vVNFH+L2aLnyQCwZZnh6qix8C/U=" + "integrity": "sha1-u5NdSFgsuhaMBoNJV6VKPgcSTxE=", + "dev": true, + "peer": true }, "node_modules/isexe": { "version": "2.0.0", @@ -10437,30 +7033,125 @@ "resolved": "https://registry.npmjs.org/isobject/-/isobject-3.0.1.tgz", "integrity": "sha1-TkMekrEalzFjaqH5yNHMvP2reN8=", "dev": true, + "peer": true, "engines": { "node": ">=0.10.0" } }, - "node_modules/isomorphic-unfetch": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/isomorphic-unfetch/-/isomorphic-unfetch-3.1.0.tgz", - "integrity": "sha512-geDJjpoZ8N0kWexiwkX8F9NkTsXhetLPVbZFQ+JTW239QNOwvB0gniuR1Wc6f0AMTn7/mFGyXvHTifrCp/GH8Q==", - "dependencies": { - "node-fetch": "^2.6.1", - "unfetch": "^4.2.0" + "node_modules/istanbul-lib-coverage": { + "version": "3.2.0", + "resolved": "https://registry.npmjs.org/istanbul-lib-coverage/-/istanbul-lib-coverage-3.2.0.tgz", + "integrity": "sha512-eOeJ5BHCmHYvQK7xt9GkdHuzuCGS1Y6g9Gvnx3Ym33fz/HpLRYxiS0wHNr+m/MBC8B647Xt608vCDEvhl9c6Mw==", + "dev": true, + "peer": true, + "engines": { + "node": ">=8" } }, - "node_modules/isurl": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/isurl/-/isurl-1.0.0.tgz", - "integrity": "sha512-1P/yWsxPlDtn7QeRD+ULKQPaIaN6yF368GZ2vDfv0AL0NwpStafjWCDDdn0k8wgFMWpVAqG7oJhxHnlud42i9w==", + "node_modules/istanbul-lib-instrument": { + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/istanbul-lib-instrument/-/istanbul-lib-instrument-4.0.3.tgz", + "integrity": "sha512-BXgQl9kf4WTCPCCpmFGoJkz/+uhvm7h7PFKUYxh7qarQd3ER33vHG//qaE8eN25l07YqZPpHXU9I09l/RD5aGQ==", "dev": true, + "peer": true, "dependencies": { - "has-to-string-tag-x": "^1.2.0", - "is-object": "^1.0.1" + "@babel/core": "^7.7.5", + "@istanbuljs/schema": "^0.1.2", + "istanbul-lib-coverage": "^3.0.0", + "semver": "^6.3.0" }, "engines": { - "node": ">= 4" + "node": ">=8" + } + }, + "node_modules/istanbul-lib-instrument/node_modules/semver": { + "version": "6.3.0", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz", + "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==", + "dev": true, + "peer": true, + "bin": { + "semver": "bin/semver.js" + } + }, + "node_modules/istanbul-lib-report": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/istanbul-lib-report/-/istanbul-lib-report-3.0.0.tgz", + "integrity": "sha512-wcdi+uAKzfiGT2abPpKZ0hSU1rGQjUQnLvtY5MpQ7QCTahD3VODhcu4wcfY1YtkGaDD5yuydOLINXsfbus9ROw==", + "dev": true, + "peer": true, + "dependencies": { + "istanbul-lib-coverage": "^3.0.0", + "make-dir": "^3.0.0", + "supports-color": "^7.1.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/istanbul-lib-report/node_modules/make-dir": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/make-dir/-/make-dir-3.1.0.tgz", + "integrity": "sha512-g3FeP20LNwhALb/6Cz6Dd4F2ngze0jz7tbzrD2wAV+o9FeNHe4rL+yK2md0J/fiSf1sa1ADhXqi5+oVwOM/eGw==", + "dev": true, + "peer": true, + "dependencies": { + "semver": "^6.0.0" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/istanbul-lib-report/node_modules/semver": { + "version": "6.3.0", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz", + "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==", + "dev": true, + "peer": true, + "bin": { + "semver": "bin/semver.js" + } + }, + "node_modules/istanbul-lib-source-maps": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/istanbul-lib-source-maps/-/istanbul-lib-source-maps-4.0.1.tgz", + "integrity": "sha512-n3s8EwkdFIJCG3BPKBYvskgXGoy88ARzvegkitk60NxRdwltLOTaH7CUiMRXvwYorl0Q712iEjcWB+fK/MrWVw==", + "dev": true, + "peer": true, + "dependencies": { + "debug": "^4.1.1", + "istanbul-lib-coverage": "^3.0.0", + "source-map": "^0.6.1" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/istanbul-lib-source-maps/node_modules/source-map": { + "version": "0.6.1", + "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", + "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==", + "dev": true, + "peer": true, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/istanbul-reports": { + "version": "3.1.4", + "resolved": "https://registry.npmjs.org/istanbul-reports/-/istanbul-reports-3.1.4.tgz", + "integrity": "sha512-r1/DshN4KSE7xWEknZLLLLDn5CJybV3nw01VTkp6D5jzLuELlcbudfj/eSQFvrKsJuTVCGnePO7ho82Nw9zzfw==", + "dev": true, + "peer": true, + "dependencies": { + "html-escaper": "^2.0.0", + "istanbul-lib-report": "^3.0.0" + }, + "engines": { + "node": ">=8" } }, "node_modules/jake": { @@ -10543,6 +7234,550 @@ "node": ">=4" } }, + "node_modules/jest": { + "version": "26.6.3", + "resolved": "https://registry.npmjs.org/jest/-/jest-26.6.3.tgz", + "integrity": "sha512-lGS5PXGAzR4RF7V5+XObhqz2KZIDUA1yD0DG6pBVmy10eh0ZIXQImRuzocsI/N2XZ1GrLFwTS27In2i2jlpq1Q==", + "dev": true, + "peer": true, + "dependencies": { + "@jest/core": "^26.6.3", + "import-local": "^3.0.2", + "jest-cli": "^26.6.3" + }, + "bin": { + "jest": "bin/jest.js" + }, + "engines": { + "node": ">= 10.14.2" + } + }, + "node_modules/jest-changed-files": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/jest-changed-files/-/jest-changed-files-26.6.2.tgz", + "integrity": "sha512-fDS7szLcY9sCtIip8Fjry9oGf3I2ht/QT21bAHm5Dmf0mD4X3ReNUf17y+bO6fR8WgbIZTlbyG1ak/53cbRzKQ==", + "dev": true, + "peer": true, + "dependencies": { + "@jest/types": "^26.6.2", + "execa": "^4.0.0", + "throat": "^5.0.0" + }, + "engines": { + "node": ">= 10.14.2" + } + }, + "node_modules/jest-cli": { + "version": "26.6.3", + "resolved": "https://registry.npmjs.org/jest-cli/-/jest-cli-26.6.3.tgz", + "integrity": "sha512-GF9noBSa9t08pSyl3CY4frMrqp+aQXFGFkf5hEPbh/pIUFYWMK6ZLTfbmadxJVcJrdRoChlWQsA2VkJcDFK8hg==", + "dev": true, + "peer": true, + "dependencies": { + "@jest/core": "^26.6.3", + "@jest/test-result": "^26.6.2", + "@jest/types": "^26.6.2", + "chalk": "^4.0.0", + "exit": "^0.1.2", + "graceful-fs": "^4.2.4", + "import-local": "^3.0.2", + "is-ci": "^2.0.0", + "jest-config": "^26.6.3", + "jest-util": "^26.6.2", + "jest-validate": "^26.6.2", + "prompts": "^2.0.1", + "yargs": "^15.4.1" + }, + "bin": { + "jest": "bin/jest.js" + }, + "engines": { + "node": ">= 10.14.2" + } + }, + "node_modules/jest-config": { + "version": "26.6.3", + "resolved": "https://registry.npmjs.org/jest-config/-/jest-config-26.6.3.tgz", + "integrity": "sha512-t5qdIj/bCj2j7NFVHb2nFB4aUdfucDn3JRKgrZnplb8nieAirAzRSHP8uDEd+qV6ygzg9Pz4YG7UTJf94LPSyg==", + "dev": true, + "peer": true, + "dependencies": { + "@babel/core": "^7.1.0", + "@jest/test-sequencer": "^26.6.3", + "@jest/types": "^26.6.2", + "babel-jest": "^26.6.3", + "chalk": "^4.0.0", + "deepmerge": "^4.2.2", + "glob": "^7.1.1", + "graceful-fs": "^4.2.4", + "jest-environment-jsdom": "^26.6.2", + "jest-environment-node": "^26.6.2", + "jest-get-type": "^26.3.0", + "jest-jasmine2": "^26.6.3", + "jest-regex-util": "^26.0.0", + "jest-resolve": "^26.6.2", + "jest-util": "^26.6.2", + "jest-validate": "^26.6.2", + "micromatch": "^4.0.2", + "pretty-format": "^26.6.2" + }, + "engines": { + "node": ">= 10.14.2" + }, + "peerDependencies": { + "ts-node": ">=9.0.0" + }, + "peerDependenciesMeta": { + "ts-node": { + "optional": true + } + } + }, + "node_modules/jest-config/node_modules/deepmerge": { + "version": "4.2.2", + "resolved": "https://registry.npmjs.org/deepmerge/-/deepmerge-4.2.2.tgz", + "integrity": "sha512-FJ3UgI4gIl+PHZm53knsuSFpE+nESMr7M4v9QcgB7S63Kj/6WqMiFQJpBBYz1Pt+66bZpP3Q7Lye0Oo9MPKEdg==", + "dev": true, + "peer": true, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/jest-diff": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/jest-diff/-/jest-diff-26.6.2.tgz", + "integrity": "sha512-6m+9Z3Gv9wN0WFVasqjCL/06+EFCMTqDEUl/b87HYK2rAPTyfz4ZIuSlPhY51PIQRWx5TaxeF1qmXKe9gfN3sA==", + "dev": true, + "peer": true, + "dependencies": { + "chalk": "^4.0.0", + "diff-sequences": "^26.6.2", + "jest-get-type": "^26.3.0", + "pretty-format": "^26.6.2" + }, + "engines": { + "node": ">= 10.14.2" + } + }, + "node_modules/jest-docblock": { + "version": "26.0.0", + "resolved": "https://registry.npmjs.org/jest-docblock/-/jest-docblock-26.0.0.tgz", + "integrity": "sha512-RDZ4Iz3QbtRWycd8bUEPxQsTlYazfYn/h5R65Fc6gOfwozFhoImx+affzky/FFBuqISPTqjXomoIGJVKBWoo0w==", + "dev": true, + "peer": true, + "dependencies": { + "detect-newline": "^3.0.0" + }, + "engines": { + "node": ">= 10.14.2" + } + }, + "node_modules/jest-each": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/jest-each/-/jest-each-26.6.2.tgz", + "integrity": "sha512-Mer/f0KaATbjl8MCJ+0GEpNdqmnVmDYqCTJYTvoo7rqmRiDllmp2AYN+06F93nXcY3ur9ShIjS+CO/uD+BbH4A==", + "dev": true, + "peer": true, + "dependencies": { + "@jest/types": "^26.6.2", + "chalk": "^4.0.0", + "jest-get-type": "^26.3.0", + "jest-util": "^26.6.2", + "pretty-format": "^26.6.2" + }, + "engines": { + "node": ">= 10.14.2" + } + }, + "node_modules/jest-environment-jsdom": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/jest-environment-jsdom/-/jest-environment-jsdom-26.6.2.tgz", + "integrity": "sha512-jgPqCruTlt3Kwqg5/WVFyHIOJHsiAvhcp2qiR2QQstuG9yWox5+iHpU3ZrcBxW14T4fe5Z68jAfLRh7joCSP2Q==", + "dev": true, + "peer": true, + "dependencies": { + "@jest/environment": "^26.6.2", + "@jest/fake-timers": "^26.6.2", + "@jest/types": "^26.6.2", + "@types/node": "*", + "jest-mock": "^26.6.2", + "jest-util": "^26.6.2", + "jsdom": "^16.4.0" + }, + "engines": { + "node": ">= 10.14.2" + } + }, + "node_modules/jest-environment-node": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/jest-environment-node/-/jest-environment-node-26.6.2.tgz", + "integrity": "sha512-zhtMio3Exty18dy8ee8eJ9kjnRyZC1N4C1Nt/VShN1apyXc8rWGtJ9lI7vqiWcyyXS4BVSEn9lxAM2D+07/Tag==", + "dev": true, + "peer": true, + "dependencies": { + "@jest/environment": "^26.6.2", + "@jest/fake-timers": "^26.6.2", + "@jest/types": "^26.6.2", + "@types/node": "*", + "jest-mock": "^26.6.2", + "jest-util": "^26.6.2" + }, + "engines": { + "node": ">= 10.14.2" + } + }, + "node_modules/jest-get-type": { + "version": "26.3.0", + "resolved": "https://registry.npmjs.org/jest-get-type/-/jest-get-type-26.3.0.tgz", + "integrity": "sha512-TpfaviN1R2pQWkIihlfEanwOXK0zcxrKEE4MlU6Tn7keoXdN6/3gK/xl0yEh8DOunn5pOVGKf8hB4R9gVh04ig==", + "dev": true, + "peer": true, + "engines": { + "node": ">= 10.14.2" + } + }, + "node_modules/jest-haste-map": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/jest-haste-map/-/jest-haste-map-26.6.2.tgz", + "integrity": "sha512-easWIJXIw71B2RdR8kgqpjQrbMRWQBgiBwXYEhtGUTaX+doCjBheluShdDMeR8IMfJiTqH4+zfhtg29apJf/8w==", + "dev": true, + "peer": true, + "dependencies": { + "@jest/types": "^26.6.2", + "@types/graceful-fs": "^4.1.2", + "@types/node": "*", + "anymatch": "^3.0.3", + "fb-watchman": "^2.0.0", + "graceful-fs": "^4.2.4", + "jest-regex-util": "^26.0.0", + "jest-serializer": "^26.6.2", + "jest-util": "^26.6.2", + "jest-worker": "^26.6.2", + "micromatch": "^4.0.2", + "sane": "^4.0.3", + "walker": "^1.0.7" + }, + "engines": { + "node": ">= 10.14.2" + }, + "optionalDependencies": { + "fsevents": "^2.1.2" + } + }, + "node_modules/jest-haste-map/node_modules/jest-worker": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/jest-worker/-/jest-worker-26.6.2.tgz", + "integrity": "sha512-KWYVV1c4i+jbMpaBC+U++4Va0cp8OisU185o73T1vo99hqi7w8tSJfUXYswwqqrjzwxa6KpRK54WhPvwf5w6PQ==", + "dev": true, + "peer": true, + "dependencies": { + "@types/node": "*", + "merge-stream": "^2.0.0", + "supports-color": "^7.0.0" + }, + "engines": { + "node": ">= 10.13.0" + } + }, + "node_modules/jest-jasmine2": { + "version": "26.6.3", + "resolved": "https://registry.npmjs.org/jest-jasmine2/-/jest-jasmine2-26.6.3.tgz", + "integrity": "sha512-kPKUrQtc8aYwBV7CqBg5pu+tmYXlvFlSFYn18ev4gPFtrRzB15N2gW/Roew3187q2w2eHuu0MU9TJz6w0/nPEg==", + "dev": true, + "peer": true, + "dependencies": { + "@babel/traverse": "^7.1.0", + "@jest/environment": "^26.6.2", + "@jest/source-map": "^26.6.2", + "@jest/test-result": "^26.6.2", + "@jest/types": "^26.6.2", + "@types/node": "*", + "chalk": "^4.0.0", + "co": "^4.6.0", + "expect": "^26.6.2", + "is-generator-fn": "^2.0.0", + "jest-each": "^26.6.2", + "jest-matcher-utils": "^26.6.2", + "jest-message-util": "^26.6.2", + "jest-runtime": "^26.6.3", + "jest-snapshot": "^26.6.2", + "jest-util": "^26.6.2", + "pretty-format": "^26.6.2", + "throat": "^5.0.0" + }, + "engines": { + "node": ">= 10.14.2" + } + }, + "node_modules/jest-leak-detector": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/jest-leak-detector/-/jest-leak-detector-26.6.2.tgz", + "integrity": "sha512-i4xlXpsVSMeKvg2cEKdfhh0H39qlJlP5Ex1yQxwF9ubahboQYMgTtz5oML35AVA3B4Eu+YsmwaiKVev9KCvLxg==", + "dev": true, + "peer": true, + "dependencies": { + "jest-get-type": "^26.3.0", + "pretty-format": "^26.6.2" + }, + "engines": { + "node": ">= 10.14.2" + } + }, + "node_modules/jest-matcher-utils": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/jest-matcher-utils/-/jest-matcher-utils-26.6.2.tgz", + "integrity": "sha512-llnc8vQgYcNqDrqRDXWwMr9i7rS5XFiCwvh6DTP7Jqa2mqpcCBBlpCbn+trkG0KNhPu/h8rzyBkriOtBstvWhw==", + "dev": true, + "peer": true, + "dependencies": { + "chalk": "^4.0.0", + "jest-diff": "^26.6.2", + "jest-get-type": "^26.3.0", + "pretty-format": "^26.6.2" + }, + "engines": { + "node": ">= 10.14.2" + } + }, + "node_modules/jest-message-util": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/jest-message-util/-/jest-message-util-26.6.2.tgz", + "integrity": "sha512-rGiLePzQ3AzwUshu2+Rn+UMFk0pHN58sOG+IaJbk5Jxuqo3NYO1U2/MIR4S1sKgsoYSXSzdtSa0TgrmtUwEbmA==", + "dev": true, + "peer": true, + "dependencies": { + "@babel/code-frame": "^7.0.0", + "@jest/types": "^26.6.2", + "@types/stack-utils": "^2.0.0", + "chalk": "^4.0.0", + "graceful-fs": "^4.2.4", + "micromatch": "^4.0.2", + "pretty-format": "^26.6.2", + "slash": "^3.0.0", + "stack-utils": "^2.0.2" + }, + "engines": { + "node": ">= 10.14.2" + } + }, + "node_modules/jest-mock": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/jest-mock/-/jest-mock-26.6.2.tgz", + "integrity": "sha512-YyFjePHHp1LzpzYcmgqkJ0nm0gg/lJx2aZFzFy1S6eUqNjXsOqTK10zNRff2dNfssgokjkG65OlWNcIlgd3zew==", + "dev": true, + "peer": true, + "dependencies": { + "@jest/types": "^26.6.2", + "@types/node": "*" + }, + "engines": { + "node": ">= 10.14.2" + } + }, + "node_modules/jest-pnp-resolver": { + "version": "1.2.2", + "resolved": "https://registry.npmjs.org/jest-pnp-resolver/-/jest-pnp-resolver-1.2.2.tgz", + "integrity": "sha512-olV41bKSMm8BdnuMsewT4jqlZ8+3TCARAXjZGT9jcoSnrfUnRCqnMoF9XEeoWjbzObpqF9dRhHQj0Xb9QdF6/w==", + "dev": true, + "peer": true, + "engines": { + "node": ">=6" + }, + "peerDependencies": { + "jest-resolve": "*" + }, + "peerDependenciesMeta": { + "jest-resolve": { + "optional": true + } + } + }, + "node_modules/jest-regex-util": { + "version": "26.0.0", + "resolved": "https://registry.npmjs.org/jest-regex-util/-/jest-regex-util-26.0.0.tgz", + "integrity": "sha512-Gv3ZIs/nA48/Zvjrl34bf+oD76JHiGDUxNOVgUjh3j890sblXryjY4rss71fPtD/njchl6PSE2hIhvyWa1eT0A==", + "dev": true, + "peer": true, + "engines": { + "node": ">= 10.14.2" + } + }, + "node_modules/jest-resolve": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/jest-resolve/-/jest-resolve-26.6.2.tgz", + "integrity": "sha512-sOxsZOq25mT1wRsfHcbtkInS+Ek7Q8jCHUB0ZUTP0tc/c41QHriU/NunqMfCUWsL4H3MHpvQD4QR9kSYhS7UvQ==", + "dev": true, + "peer": true, + "dependencies": { + "@jest/types": "^26.6.2", + "chalk": "^4.0.0", + "graceful-fs": "^4.2.4", + "jest-pnp-resolver": "^1.2.2", + "jest-util": "^26.6.2", + "read-pkg-up": "^7.0.1", + "resolve": "^1.18.1", + "slash": "^3.0.0" + }, + "engines": { + "node": ">= 10.14.2" + } + }, + "node_modules/jest-resolve-dependencies": { + "version": "26.6.3", + "resolved": "https://registry.npmjs.org/jest-resolve-dependencies/-/jest-resolve-dependencies-26.6.3.tgz", + "integrity": "sha512-pVwUjJkxbhe4RY8QEWzN3vns2kqyuldKpxlxJlzEYfKSvY6/bMvxoFrYYzUO1Gx28yKWN37qyV7rIoIp2h8fTg==", + "dev": true, + "peer": true, + "dependencies": { + "@jest/types": "^26.6.2", + "jest-regex-util": "^26.0.0", + "jest-snapshot": "^26.6.2" + }, + "engines": { + "node": ">= 10.14.2" + } + }, + "node_modules/jest-runner": { + "version": "26.6.3", + "resolved": "https://registry.npmjs.org/jest-runner/-/jest-runner-26.6.3.tgz", + "integrity": "sha512-atgKpRHnaA2OvByG/HpGA4g6CSPS/1LK0jK3gATJAoptC1ojltpmVlYC3TYgdmGp+GLuhzpH30Gvs36szSL2JQ==", + "dev": true, + "peer": true, + "dependencies": { + "@jest/console": "^26.6.2", + "@jest/environment": "^26.6.2", + "@jest/test-result": "^26.6.2", + "@jest/types": "^26.6.2", + "@types/node": "*", + "chalk": "^4.0.0", + "emittery": "^0.7.1", + "exit": "^0.1.2", + "graceful-fs": "^4.2.4", + "jest-config": "^26.6.3", + "jest-docblock": "^26.0.0", + "jest-haste-map": "^26.6.2", + "jest-leak-detector": "^26.6.2", + "jest-message-util": "^26.6.2", + "jest-resolve": "^26.6.2", + "jest-runtime": "^26.6.3", + "jest-util": "^26.6.2", + "jest-worker": "^26.6.2", + "source-map-support": "^0.5.6", + "throat": "^5.0.0" + }, + "engines": { + "node": ">= 10.14.2" + } + }, + "node_modules/jest-runner/node_modules/jest-worker": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/jest-worker/-/jest-worker-26.6.2.tgz", + "integrity": "sha512-KWYVV1c4i+jbMpaBC+U++4Va0cp8OisU185o73T1vo99hqi7w8tSJfUXYswwqqrjzwxa6KpRK54WhPvwf5w6PQ==", + "dev": true, + "peer": true, + "dependencies": { + "@types/node": "*", + "merge-stream": "^2.0.0", + "supports-color": "^7.0.0" + }, + "engines": { + "node": ">= 10.13.0" + } + }, + "node_modules/jest-runtime": { + "version": "26.6.3", + "resolved": "https://registry.npmjs.org/jest-runtime/-/jest-runtime-26.6.3.tgz", + "integrity": "sha512-lrzyR3N8sacTAMeonbqpnSka1dHNux2uk0qqDXVkMv2c/A3wYnvQ4EXuI013Y6+gSKSCxdaczvf4HF0mVXHRdw==", + "dev": true, + "peer": true, + "dependencies": { + "@jest/console": "^26.6.2", + "@jest/environment": "^26.6.2", + "@jest/fake-timers": "^26.6.2", + "@jest/globals": "^26.6.2", + "@jest/source-map": "^26.6.2", + "@jest/test-result": "^26.6.2", + "@jest/transform": "^26.6.2", + "@jest/types": "^26.6.2", + "@types/yargs": "^15.0.0", + "chalk": "^4.0.0", + "cjs-module-lexer": "^0.6.0", + "collect-v8-coverage": "^1.0.0", + "exit": "^0.1.2", + "glob": "^7.1.3", + "graceful-fs": "^4.2.4", + "jest-config": "^26.6.3", + "jest-haste-map": "^26.6.2", + "jest-message-util": "^26.6.2", + "jest-mock": "^26.6.2", + "jest-regex-util": "^26.0.0", + "jest-resolve": "^26.6.2", + "jest-snapshot": "^26.6.2", + "jest-util": "^26.6.2", + "jest-validate": "^26.6.2", + "slash": "^3.0.0", + "strip-bom": "^4.0.0", + "yargs": "^15.4.1" + }, + "bin": { + "jest-runtime": "bin/jest-runtime.js" + }, + "engines": { + "node": ">= 10.14.2" + } + }, + "node_modules/jest-runtime/node_modules/strip-bom": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/strip-bom/-/strip-bom-4.0.0.tgz", + "integrity": "sha512-3xurFv5tEgii33Zi8Jtp55wEIILR9eh34FAW00PZf+JnSsTmV/ioewSgQl97JHvgjoRGwPShsWm+IdrxB35d0w==", + "dev": true, + "peer": true, + "engines": { + "node": ">=8" + } + }, + "node_modules/jest-serializer": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/jest-serializer/-/jest-serializer-26.6.2.tgz", + "integrity": "sha512-S5wqyz0DXnNJPd/xfIzZ5Xnp1HrJWBczg8mMfMpN78OJ5eDxXyf+Ygld9wX1DnUWbIbhM1YDY95NjR4CBXkb2g==", + "dev": true, + "peer": true, + "dependencies": { + "@types/node": "*", + "graceful-fs": "^4.2.4" + }, + "engines": { + "node": ">= 10.14.2" + } + }, + "node_modules/jest-snapshot": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/jest-snapshot/-/jest-snapshot-26.6.2.tgz", + "integrity": "sha512-OLhxz05EzUtsAmOMzuupt1lHYXCNib0ECyuZ/PZOx9TrZcC8vL0x+DUG3TL+GLX3yHG45e6YGjIm0XwDc3q3og==", + "dev": true, + "peer": true, + "dependencies": { + "@babel/types": "^7.0.0", + "@jest/types": "^26.6.2", + "@types/babel__traverse": "^7.0.4", + "@types/prettier": "^2.0.0", + "chalk": "^4.0.0", + "expect": "^26.6.2", + "graceful-fs": "^4.2.4", + "jest-diff": "^26.6.2", + "jest-get-type": "^26.3.0", + "jest-haste-map": "^26.6.2", + "jest-matcher-utils": "^26.6.2", + "jest-message-util": "^26.6.2", + "jest-resolve": "^26.6.2", + "natural-compare": "^1.4.0", + "pretty-format": "^26.6.2", + "semver": "^7.3.2" + }, + "engines": { + "node": ">= 10.14.2" + } + }, "node_modules/jest-util": { "version": "26.6.2", "resolved": "https://registry.npmjs.org/jest-util/-/jest-util-26.6.2.tgz", @@ -10560,10 +7795,62 @@ "node": ">= 10.14.2" } }, + "node_modules/jest-validate": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/jest-validate/-/jest-validate-26.6.2.tgz", + "integrity": "sha512-NEYZ9Aeyj0i5rQqbq+tpIOom0YS1u2MVu6+euBsvpgIme+FOfRmoC4R5p0JiAUpaFvFy24xgrpMknarR/93XjQ==", + "dev": true, + "peer": true, + "dependencies": { + "@jest/types": "^26.6.2", + "camelcase": "^6.0.0", + "chalk": "^4.0.0", + "jest-get-type": "^26.3.0", + "leven": "^3.1.0", + "pretty-format": "^26.6.2" + }, + "engines": { + "node": ">= 10.14.2" + } + }, + "node_modules/jest-validate/node_modules/camelcase": { + "version": "6.3.0", + "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz", + "integrity": "sha512-Gmy6FhYlCY7uOElZUSbxo2UCDH8owEk996gkbrpsgGtrJLM3J7jGxl9Ic7Qwwj4ivOE5AWZWRMecDdF7hqGjFA==", + "dev": true, + "peer": true, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/jest-watcher": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/jest-watcher/-/jest-watcher-26.6.2.tgz", + "integrity": "sha512-WKJob0P/Em2csiVthsI68p6aGKTIcsfjH9Gsx1f0A3Italz43e3ho0geSAVsmj09RWOELP1AZ/DXyJgOgDKxXQ==", + "dev": true, + "peer": true, + "dependencies": { + "@jest/test-result": "^26.6.2", + "@jest/types": "^26.6.2", + "@types/node": "*", + "ansi-escapes": "^4.2.1", + "chalk": "^4.0.0", + "jest-util": "^26.6.2", + "string-length": "^4.0.1" + }, + "engines": { + "node": ">= 10.14.2" + } + }, "node_modules/jest-worker": { "version": "27.0.0-next.5", "resolved": "https://registry.npmjs.org/jest-worker/-/jest-worker-27.0.0-next.5.tgz", "integrity": "sha512-mk0umAQ5lT+CaOJ+Qp01N6kz48sJG2kr2n1rX0koqKf6FIygQV0qLOdN9SCYID4IVeSigDOcPeGLozdMLYfb5g==", + "dev": true, + "peer": true, "dependencies": { "@types/node": "*", "merge-stream": "^2.0.0", @@ -10577,6 +7864,8 @@ "version": "8.1.1", "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-8.1.1.tgz", "integrity": "sha512-MpUEN2OodtUzxvKQl72cUF7RQ5EiHsGvSsVG0ia9c5RbWGL2CI4C7EpPS8UTBIplnlzZiNuV56w+FuNxy3ty2Q==", + "dev": true, + "peer": true, "dependencies": { "has-flag": "^4.0.0" }, @@ -10587,20 +7876,17 @@ "url": "https://github.com/chalk/supports-color?sponsor=1" } }, - "node_modules/js-cookie": { - "version": "2.2.1", - "resolved": "https://registry.npmjs.org/js-cookie/-/js-cookie-2.2.1.tgz", - "integrity": "sha512-HvdH2LzI/EAZcUwA8+0nKNtWHqS+ZmijLA30RwZA0bo7ToCckjK5MkGhjED9KoRcXO6BaGI3I9UIzSA1FKFPOQ==" - }, "node_modules/js-tokens": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz", - "integrity": "sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==" + "integrity": "sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==", + "dev": true }, "node_modules/js-yaml": { "version": "3.14.1", "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", "integrity": "sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==", + "dev": true, "dependencies": { "argparse": "^1.0.7", "esprima": "^4.0.0" @@ -10609,10 +7895,131 @@ "js-yaml": "bin/js-yaml.js" } }, + "node_modules/jsdom": { + "version": "16.7.0", + "resolved": "https://registry.npmjs.org/jsdom/-/jsdom-16.7.0.tgz", + "integrity": "sha512-u9Smc2G1USStM+s/x1ru5Sxrl6mPYCbByG1U/hUmqaVsm4tbNyS7CicOSRyuGQYZhTu0h84qkZZQ/I+dzizSVw==", + "dev": true, + "peer": true, + "dependencies": { + "abab": "^2.0.5", + "acorn": "^8.2.4", + "acorn-globals": "^6.0.0", + "cssom": "^0.4.4", + "cssstyle": "^2.3.0", + "data-urls": "^2.0.0", + "decimal.js": "^10.2.1", + "domexception": "^2.0.1", + "escodegen": "^2.0.0", + "form-data": "^3.0.0", + "html-encoding-sniffer": "^2.0.1", + "http-proxy-agent": "^4.0.1", + "https-proxy-agent": "^5.0.0", + "is-potential-custom-element-name": "^1.0.1", + "nwsapi": "^2.2.0", + "parse5": "6.0.1", + "saxes": "^5.0.1", + "symbol-tree": "^3.2.4", + "tough-cookie": "^4.0.0", + "w3c-hr-time": "^1.0.2", + "w3c-xmlserializer": "^2.0.0", + "webidl-conversions": "^6.1.0", + "whatwg-encoding": "^1.0.5", + "whatwg-mimetype": "^2.3.0", + "whatwg-url": "^8.5.0", + "ws": "^7.4.6", + "xml-name-validator": "^3.0.0" + }, + "engines": { + "node": ">=10" + }, + "peerDependencies": { + "canvas": "^2.5.0" + }, + "peerDependenciesMeta": { + "canvas": { + "optional": true + } + } + }, + "node_modules/jsdom/node_modules/acorn": { + "version": "8.7.0", + "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.7.0.tgz", + "integrity": "sha512-V/LGr1APy+PXIwKebEWrkZPwoeoF+w1jiOBUmuxuiUIaOHtob8Qc9BTrYo7VuI5fR8tqsy+buA2WFooR5olqvQ==", + "dev": true, + "peer": true, + "bin": { + "acorn": "bin/acorn" + }, + "engines": { + "node": ">=0.4.0" + } + }, + "node_modules/jsdom/node_modules/tr46": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/tr46/-/tr46-2.1.0.tgz", + "integrity": "sha512-15Ih7phfcdP5YxqiB+iDtLoaTz4Nd35+IiAv0kQ5FNKHzXgdWqPoTIqEDDJmXceQt4JZk6lVPT8lnDlPpGDppw==", + "dev": true, + "peer": true, + "dependencies": { + "punycode": "^2.1.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/jsdom/node_modules/webidl-conversions": { + "version": "6.1.0", + "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-6.1.0.tgz", + "integrity": "sha512-qBIvFLGiBpLjfwmYAaHPXsn+ho5xZnGvyGvsarywGNc8VyQJUMHJ8OBKGGrPER0okBeMDaan4mNBlgBROxuI8w==", + "dev": true, + "peer": true, + "engines": { + "node": ">=10.4" + } + }, + "node_modules/jsdom/node_modules/whatwg-url": { + "version": "8.7.0", + "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-8.7.0.tgz", + "integrity": "sha512-gAojqb/m9Q8a5IV96E3fHJM70AzCkgt4uXYX2O7EmuyOnLrViCQlsEBmF9UQIu3/aeAIp2U17rtbpZWNntQqdg==", + "dev": true, + "peer": true, + "dependencies": { + "lodash": "^4.7.0", + "tr46": "^2.1.0", + "webidl-conversions": "^6.1.0" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/jsdom/node_modules/ws": { + "version": "7.5.7", + "resolved": "https://registry.npmjs.org/ws/-/ws-7.5.7.tgz", + "integrity": "sha512-KMvVuFzpKBuiIXW3E4u3mySRO2/mCHSyZDJQM5NQ9Q9KHWHWh0NHgfbRMLLrceUK5qAL4ytALJbpRMjixFZh8A==", + "dev": true, + "peer": true, + "engines": { + "node": ">=8.3.0" + }, + "peerDependencies": { + "bufferutil": "^4.0.1", + "utf-8-validate": "^5.0.2" + }, + "peerDependenciesMeta": { + "bufferutil": { + "optional": true + }, + "utf-8-validate": { + "optional": true + } + } + }, "node_modules/jsesc": { "version": "2.5.2", "resolved": "https://registry.npmjs.org/jsesc/-/jsesc-2.5.2.tgz", "integrity": "sha512-OYu7XEzjkCQ3C5Ps3QIZsQfNpqoJyZZA99wd9aWd05NCtC5pWOkShK2mkL6HXQR6/Cy2lbNdPlZBpuQHXE63gA==", + "dev": true, "bin": { "jsesc": "bin/jsesc" }, @@ -10620,12 +8027,6 @@ "node": ">=4" } }, - "node_modules/json-buffer": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/json-buffer/-/json-buffer-3.0.0.tgz", - "integrity": "sha1-Wx85evx11ne96Lz8Dkfh+aPZqJg=", - "dev": true - }, "node_modules/json-parse-better-errors": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/json-parse-better-errors/-/json-parse-better-errors-1.0.2.tgz", @@ -10654,6 +8055,7 @@ "version": "2.2.0", "resolved": "https://registry.npmjs.org/json5/-/json5-2.2.0.tgz", "integrity": "sha512-f+8cldu7X/y7RAJurMEJmdoKXGB/X550w2Nr3tTbezL6RwEE/iMcm+tZnXeoZtKuOq6ft8+CqzEkrIgx1fPoQA==", + "dev": true, "dependencies": { "minimist": "^1.2.5" }, @@ -10698,47 +8100,25 @@ "node": ">=4.0" } }, - "node_modules/kapellmeister": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/kapellmeister/-/kapellmeister-3.0.1.tgz", - "integrity": "sha512-S7+gYcziMREv8RxG46138mb1O4Xf9II/bCxEJPYkhlZ7PgGWTlicgsyNad/DGc5oEAlWGLXE5ExLbTDVvJmgDA==", - "dependencies": { - "d3-timer": "^1.0.9" - } - }, - "node_modules/katex": { - "version": "0.12.0", - "resolved": "https://registry.npmjs.org/katex/-/katex-0.12.0.tgz", - "integrity": "sha512-y+8btoc/CK70XqcHqjxiGWBOeIL8upbS0peTPXTvgrh21n1RiWWcIpSWM+4uXq+IAgNh9YYQWdc7LVDPDAEEAg==", - "dependencies": { - "commander": "^2.19.0" - }, - "bin": { - "katex": "cli.js" - } - }, - "node_modules/katex/node_modules/commander": { - "version": "2.20.3", - "resolved": "https://registry.npmjs.org/commander/-/commander-2.20.3.tgz", - "integrity": "sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ==" - }, - "node_modules/keyv": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/keyv/-/keyv-3.0.0.tgz", - "integrity": "sha512-eguHnq22OE3uVoSYG0LVWNP+4ppamWr9+zWBe1bsNcovIMy6huUJFPgy4mGwCd/rnl3vOLGW1MTlu4c57CT1xA==", - "dev": true, - "dependencies": { - "json-buffer": "3.0.0" - } - }, "node_modules/kind-of": { "version": "6.0.3", "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-6.0.3.tgz", "integrity": "sha512-dcS1ul+9tmeD95T+x28/ehLgd9mENa3LsvDTtzm3vyBEO7RPptvAD+t44WVXaUjTBRcrpFeFlC8WCruUR456hw==", + "dev": true, "engines": { "node": ">=0.10.0" } }, + "node_modules/kleur": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/kleur/-/kleur-3.0.3.tgz", + "integrity": "sha512-eTIzlVOSUR+JxdDFepEYcBMtZ9Qqdef+rnzWdRZuMbOywu5tO2w2N7rqjoANZ5k9vywhL6Br1VRjUIgTQx4E8w==", + "dev": true, + "peer": true, + "engines": { + "node": ">=6" + } + }, "node_modules/known-css-properties": { "version": "0.20.0", "resolved": "https://registry.npmjs.org/known-css-properties/-/known-css-properties-0.20.0.tgz", @@ -10760,6 +8140,16 @@ "language-subtag-registry": "~0.3.2" } }, + "node_modules/leven": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/leven/-/leven-3.1.0.tgz", + "integrity": "sha512-qsda+H8jTaUaN/x5vzW2rzc+8Rw4TAQ/4KjB46IwK5VH+IlVeeeje/EoZRpiXvIqjFgK84QffqPztGI3VBLG1A==", + "dev": true, + "peer": true, + "engines": { + "node": ">=6" + } + }, "node_modules/levn": { "version": "0.4.1", "resolved": "https://registry.npmjs.org/levn/-/levn-0.4.1.tgz", @@ -10773,11 +8163,6 @@ "node": ">= 0.8.0" } }, - "node_modules/line-reader": { - "version": "0.4.0", - "resolved": "https://registry.npmjs.org/line-reader/-/line-reader-0.4.0.tgz", - "integrity": "sha1-F+RIGNoKwzVnW6MAlU+U72cOZv0=" - }, "node_modules/lines-and-columns": { "version": "1.1.6", "resolved": "https://registry.npmjs.org/lines-and-columns/-/lines-and-columns-1.1.6.tgz", @@ -10921,41 +8306,11 @@ "node": ">=4" } }, - "node_modules/load-script": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/load-script/-/load-script-1.0.0.tgz", - "integrity": "sha1-BJGTngvuVkPuSUp+PaPSuscMbKQ=" - }, - "node_modules/loader-utils": { - "version": "1.4.0", - "resolved": "https://registry.npmjs.org/loader-utils/-/loader-utils-1.4.0.tgz", - "integrity": "sha512-qH0WSMBtn/oHuwjy/NucEgbx5dbxxnxup9s4PVXJUDHZBQY+s0NWA9rJf53RBnQZxfch7euUui7hpoAPvALZdA==", - "dev": true, - "dependencies": { - "big.js": "^5.2.2", - "emojis-list": "^3.0.0", - "json5": "^1.0.1" - }, - "engines": { - "node": ">=4.0.0" - } - }, - "node_modules/loader-utils/node_modules/json5": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/json5/-/json5-1.0.1.tgz", - "integrity": "sha512-aKS4WQjPenRxiQsC93MNfjx+nbF4PAdYzmd/1JIj8HYzqfbu86beTuNgXDzPknWk0n0uARlyewZo4s++ES36Ow==", - "dev": true, - "dependencies": { - "minimist": "^1.2.0" - }, - "bin": { - "json5": "lib/cli.js" - } - }, "node_modules/locate-path": { "version": "6.0.0", "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-6.0.0.tgz", "integrity": "sha512-iPZK6eYjbxRu3uB4/WZ3EsEIMJFMqAoopl3R+zuq0UjcAm/MO6KCweDgPfP3elTztoKP3KtnVHxTn2NHBSDVUw==", + "dev": true, "dependencies": { "p-locate": "^5.0.0" }, @@ -10969,12 +8324,8 @@ "node_modules/lodash": { "version": "4.17.21", "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", - "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==" - }, - "node_modules/lodash-es": { - "version": "4.17.21", - "resolved": "https://registry.npmjs.org/lodash-es/-/lodash-es-4.17.21.tgz", - "integrity": "sha512-mKnC+QJ9pWVzv+C4/U3rRsHapFfHvQFoFB92e52xeyGMcX6/OlIl78je1u8vePzYZSkkogMPJ2yjxxsb89cxyw==" + "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==", + "dev": true }, "node_modules/lodash.clonedeep": { "version": "4.5.0", @@ -10985,7 +8336,9 @@ "node_modules/lodash.sortby": { "version": "4.7.0", "resolved": "https://registry.npmjs.org/lodash.sortby/-/lodash.sortby-4.7.0.tgz", - "integrity": "sha1-7dFMgk4sycHgsKG0K7UhBRakJDg=" + "integrity": "sha1-7dFMgk4sycHgsKG0K7UhBRakJDg=", + "dev": true, + "peer": true }, "node_modules/lodash.truncate": { "version": "4.4.2", @@ -10993,11 +8346,6 @@ "integrity": "sha1-WjUNoLERO4N+z//VgSy+WNbq4ZM=", "dev": true }, - "node_modules/lodash.uniq": { - "version": "4.5.0", - "resolved": "https://registry.npmjs.org/lodash.uniq/-/lodash.uniq-4.5.0.tgz", - "integrity": "sha1-0CJTc662Uq3BvILklFM5qEJ1R3M=" - }, "node_modules/log-symbols": { "version": "4.1.0", "resolved": "https://registry.npmjs.org/log-symbols/-/log-symbols-4.1.0.tgz", @@ -11063,45 +8411,11 @@ "node": ">=8" } }, - "node_modules/logalot": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/logalot/-/logalot-2.1.0.tgz", - "integrity": "sha1-X46MkNME7fElMJUaVVSruMXj9VI=", - "dev": true, - "dependencies": { - "figures": "^1.3.5", - "squeak": "^1.0.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/logalot/node_modules/figures": { - "version": "1.7.0", - "resolved": "https://registry.npmjs.org/figures/-/figures-1.7.0.tgz", - "integrity": "sha1-y+Hjr/zxzUS4DK3+0o3Hk6lwHS4=", - "dev": true, - "dependencies": { - "escape-string-regexp": "^1.0.5", - "object-assign": "^4.1.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/longest": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/longest/-/longest-1.0.1.tgz", - "integrity": "sha1-MKCy2jj3N3DoKUoNIuZiXtd9AJc=", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/longest-streak": { "version": "2.0.4", "resolved": "https://registry.npmjs.org/longest-streak/-/longest-streak-2.0.4.tgz", "integrity": "sha512-vM6rUVCVUJJt33bnmHiZEvr7wPT78ztX7rojL+LW51bHtLh6HTjx84LA5W4+oa6aKEJA7jJu5LR6vQRBpA5DVg==", + "dev": true, "funding": { "type": "github", "url": "https://github.com/sponsors/wooorm" @@ -11111,6 +8425,7 @@ "version": "1.4.0", "resolved": "https://registry.npmjs.org/loose-envify/-/loose-envify-1.4.0.tgz", "integrity": "sha512-lyuxPGr/Wfhrlem2CL/UcnUc1zcqKAImBDzukY7Y5F/yQiNdko6+fRLevlw1HgMySw7f611UIY408EtxRSoK3Q==", + "dev": true, "dependencies": { "js-tokens": "^3.0.0 || ^4.0.0" }, @@ -11118,315 +8433,11 @@ "loose-envify": "cli.js" } }, - "node_modules/loud-rejection": { - "version": "1.6.0", - "resolved": "https://registry.npmjs.org/loud-rejection/-/loud-rejection-1.6.0.tgz", - "integrity": "sha1-W0b4AUft7leIcPCG0Eghz5mOVR8=", - "dev": true, - "dependencies": { - "currently-unhandled": "^0.4.1", - "signal-exit": "^3.0.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/lower-case": { - "version": "2.0.2", - "resolved": "https://registry.npmjs.org/lower-case/-/lower-case-2.0.2.tgz", - "integrity": "sha512-7fm3l3NAF9WfN6W3JOmf5drwpVqX78JtoGJ3A6W0a6ZnldM41w2fV5D490psKFTpMds8TJse/eHLFFsNHHjHgg==", - "dependencies": { - "tslib": "^2.0.3" - } - }, - "node_modules/lower-case/node_modules/tslib": { - "version": "2.3.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.3.1.tgz", - "integrity": "sha512-77EbyPPpMz+FRFRuAFlWMtmgUWGe9UOG2Z25NqCwiIjRhOf5iKGuzSe5P2w1laq+FkRy4p+PCuVkJSGkzTEKVw==" - }, - "node_modules/lowercase-keys": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/lowercase-keys/-/lowercase-keys-1.0.1.tgz", - "integrity": "sha512-G2Lj61tXDnVFFOi8VZds+SoQjtQC3dgokKdDG2mTm1tx4m50NUHBOZSBwQQHyy0V12A0JTG4icfZQH+xPyh8VA==", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/lpad-align": { - "version": "1.1.2", - "resolved": "https://registry.npmjs.org/lpad-align/-/lpad-align-1.1.2.tgz", - "integrity": "sha1-IfYArBwwlcPG5JfuZyce4ISB/p4=", - "dev": true, - "dependencies": { - "get-stdin": "^4.0.1", - "indent-string": "^2.1.0", - "longest": "^1.0.0", - "meow": "^3.3.0" - }, - "bin": { - "lpad-align": "cli.js" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/lpad-align/node_modules/camelcase": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-2.1.1.tgz", - "integrity": "sha1-fB0W1nmhu+WcoCys7PsBHiAfWh8=", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/lpad-align/node_modules/camelcase-keys": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/camelcase-keys/-/camelcase-keys-2.1.0.tgz", - "integrity": "sha1-MIvur/3ygRkFHvodkyITyRuPkuc=", - "dev": true, - "dependencies": { - "camelcase": "^2.0.0", - "map-obj": "^1.0.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/lpad-align/node_modules/find-up": { - "version": "1.1.2", - "resolved": "https://registry.npmjs.org/find-up/-/find-up-1.1.2.tgz", - "integrity": "sha1-ay6YIrGizgpgq2TWEOzK1TyyTQ8=", - "dev": true, - "dependencies": { - "path-exists": "^2.0.0", - "pinkie-promise": "^2.0.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/lpad-align/node_modules/get-stdin": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/get-stdin/-/get-stdin-4.0.1.tgz", - "integrity": "sha1-uWjGsKBDhDJJAui/Gl3zJXmkUP4=", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/lpad-align/node_modules/hosted-git-info": { - "version": "2.8.9", - "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-2.8.9.tgz", - "integrity": "sha512-mxIDAb9Lsm6DoOJ7xH+5+X4y1LU/4Hi50L9C5sIswK3JzULS4bwk1FvjdBgvYR4bzT4tuUQiC15FE2f5HbLvYw==", - "dev": true - }, - "node_modules/lpad-align/node_modules/indent-string": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/indent-string/-/indent-string-2.1.0.tgz", - "integrity": "sha1-ji1INIdCEhtKghi3oTfppSBJ3IA=", - "dev": true, - "dependencies": { - "repeating": "^2.0.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/lpad-align/node_modules/load-json-file": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/load-json-file/-/load-json-file-1.1.0.tgz", - "integrity": "sha1-lWkFcI1YtLq0wiYbBPWfMcmTdMA=", - "dev": true, - "dependencies": { - "graceful-fs": "^4.1.2", - "parse-json": "^2.2.0", - "pify": "^2.0.0", - "pinkie-promise": "^2.0.0", - "strip-bom": "^2.0.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/lpad-align/node_modules/map-obj": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/map-obj/-/map-obj-1.0.1.tgz", - "integrity": "sha1-2TPOuSBdgr3PSIb2dCvcK03qFG0=", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/lpad-align/node_modules/meow": { - "version": "3.7.0", - "resolved": "https://registry.npmjs.org/meow/-/meow-3.7.0.tgz", - "integrity": "sha1-cstmi0JSKCkKu/qFaJJYcwioAfs=", - "dev": true, - "dependencies": { - "camelcase-keys": "^2.0.0", - "decamelize": "^1.1.2", - "loud-rejection": "^1.0.0", - "map-obj": "^1.0.1", - "minimist": "^1.1.3", - "normalize-package-data": "^2.3.4", - "object-assign": "^4.0.1", - "read-pkg-up": "^1.0.1", - "redent": "^1.0.0", - "trim-newlines": "^1.0.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/lpad-align/node_modules/normalize-package-data": { - "version": "2.5.0", - "resolved": "https://registry.npmjs.org/normalize-package-data/-/normalize-package-data-2.5.0.tgz", - "integrity": "sha512-/5CMN3T0R4XTj4DcGaexo+roZSdSFW/0AOOTROrjxzCG1wrWXEsGbRKevjlIL+ZDE4sZlJr5ED4YW0yqmkK+eA==", - "dev": true, - "dependencies": { - "hosted-git-info": "^2.1.4", - "resolve": "^1.10.0", - "semver": "2 || 3 || 4 || 5", - "validate-npm-package-license": "^3.0.1" - } - }, - "node_modules/lpad-align/node_modules/parse-json": { - "version": "2.2.0", - "resolved": "https://registry.npmjs.org/parse-json/-/parse-json-2.2.0.tgz", - "integrity": "sha1-9ID0BDTvgHQfhGkJn43qGPVaTck=", - "dev": true, - "dependencies": { - "error-ex": "^1.2.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/lpad-align/node_modules/path-exists": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-2.1.0.tgz", - "integrity": "sha1-D+tsZPD8UY2adU3V77YscCJ2H0s=", - "dev": true, - "dependencies": { - "pinkie-promise": "^2.0.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/lpad-align/node_modules/path-type": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/path-type/-/path-type-1.1.0.tgz", - "integrity": "sha1-WcRPfuSR2nBNpBXaWkBwuk+P5EE=", - "dev": true, - "dependencies": { - "graceful-fs": "^4.1.2", - "pify": "^2.0.0", - "pinkie-promise": "^2.0.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/lpad-align/node_modules/pify": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/pify/-/pify-2.3.0.tgz", - "integrity": "sha1-7RQaasBDqEnqWISY59yosVMw6Qw=", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/lpad-align/node_modules/read-pkg": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/read-pkg/-/read-pkg-1.1.0.tgz", - "integrity": "sha1-9f+qXs0pyzHAR0vKfXVra7KePyg=", - "dev": true, - "dependencies": { - "load-json-file": "^1.0.0", - "normalize-package-data": "^2.3.2", - "path-type": "^1.0.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/lpad-align/node_modules/read-pkg-up": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/read-pkg-up/-/read-pkg-up-1.0.1.tgz", - "integrity": "sha1-nWPBMnbAZZGNV/ACpX9AobZD+wI=", - "dev": true, - "dependencies": { - "find-up": "^1.0.0", - "read-pkg": "^1.0.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/lpad-align/node_modules/redent": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/redent/-/redent-1.0.0.tgz", - "integrity": "sha1-z5Fqsf1fHxbfsggi3W7H9zDCr94=", - "dev": true, - "dependencies": { - "indent-string": "^2.1.0", - "strip-indent": "^1.0.1" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/lpad-align/node_modules/semver": { - "version": "5.7.1", - "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz", - "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==", - "dev": true, - "bin": { - "semver": "bin/semver" - } - }, - "node_modules/lpad-align/node_modules/strip-bom": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/strip-bom/-/strip-bom-2.0.0.tgz", - "integrity": "sha1-YhmoVhZSBJHzV4i9vxRHqZx+aw4=", - "dev": true, - "dependencies": { - "is-utf8": "^0.2.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/lpad-align/node_modules/strip-indent": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/strip-indent/-/strip-indent-1.0.1.tgz", - "integrity": "sha1-DHlipq3vp7vUrDZkYKY4VSrhoKI=", - "dev": true, - "dependencies": { - "get-stdin": "^4.0.1" - }, - "bin": { - "strip-indent": "cli.js" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/lpad-align/node_modules/trim-newlines": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/trim-newlines/-/trim-newlines-1.0.0.tgz", - "integrity": "sha1-WIeWa7WCpFA6QetST301ARgVphM=", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/lru-cache": { "version": "6.0.0", "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==", + "dev": true, "dependencies": { "yallist": "^4.0.0" }, @@ -11434,29 +8445,28 @@ "node": ">=10" } }, - "node_modules/make-dir": { - "version": "1.3.0", - "resolved": "https://registry.npmjs.org/make-dir/-/make-dir-1.3.0.tgz", - "integrity": "sha512-2w31R7SJtieJJnQtGc7RVL2StM2vGYVfqUOvUDxH6bC6aJTxPxTF0GnIgCyu7tjockiUWAYQRbxa7vKn34s5sQ==", - "dev": true, - "dependencies": { - "pify": "^3.0.0" - }, - "engines": { - "node": ">=4" - } - }, "node_modules/make-error": { "version": "1.3.6", "resolved": "https://registry.npmjs.org/make-error/-/make-error-1.3.6.tgz", "integrity": "sha512-s8UhlNe7vPKomQhC1qFelMokr/Sc3AgNbso3n74mVPA5LTZwkB9NlXf4XPamLxJE8h0gh73rM94xvwRT2CVInw==", "dev": true }, + "node_modules/makeerror": { + "version": "1.0.12", + "resolved": "https://registry.npmjs.org/makeerror/-/makeerror-1.0.12.tgz", + "integrity": "sha512-JmqCvUhmt43madlpFzG4BQzG2Z3m6tvQDNKdClZnO3VbIudJYmxsT0FNJMeiB2+JTSlTQTSbU8QdesVmwJcmLg==", + "dev": true, + "peer": true, + "dependencies": { + "tmpl": "1.0.5" + } + }, "node_modules/map-cache": { "version": "0.2.2", "resolved": "https://registry.npmjs.org/map-cache/-/map-cache-0.2.2.tgz", "integrity": "sha1-wyq9C9ZSXZsFFkW7TyasXcmKDb8=", "dev": true, + "peer": true, "engines": { "node": ">=0.10.0" } @@ -11478,6 +8488,7 @@ "resolved": "https://registry.npmjs.org/map-visit/-/map-visit-1.0.0.tgz", "integrity": "sha1-7Nyo8TFE5mDxtb1B8S80edmN+48=", "dev": true, + "peer": true, "dependencies": { "object-visit": "^1.0.0" }, @@ -11485,27 +8496,6 @@ "node": ">=0.10.0" } }, - "node_modules/markdown-escapes": { - "version": "1.0.4", - "resolved": "https://registry.npmjs.org/markdown-escapes/-/markdown-escapes-1.0.4.tgz", - "integrity": "sha512-8z4efJYk43E0upd0NbVXwgSTQs6cT3T06etieCMEg7dRbzCbxUCK/GHlX8mhHRDcp+OLlHkPKsvqQTCvsRl2cg==", - "funding": { - "type": "github", - "url": "https://github.com/sponsors/wooorm" - } - }, - "node_modules/markdown-table": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/markdown-table/-/markdown-table-2.0.0.tgz", - "integrity": "sha512-Ezda85ToJUBhM6WGaG6veasyym+Tbs3cMAw/ZhOPqXiYsr0jgocBV3j3nx+4lk47plLlIqjwuTm/ywVI+zjJ/A==", - "dependencies": { - "repeat-string": "^1.0.0" - }, - "funding": { - "type": "github", - "url": "https://github.com/sponsors/wooorm" - } - }, "node_modules/mathml-tag-names": { "version": "2.1.3", "resolved": "https://registry.npmjs.org/mathml-tag-names/-/mathml-tag-names-2.1.3.tgz", @@ -11520,52 +8510,19 @@ "version": "1.3.5", "resolved": "https://registry.npmjs.org/md5.js/-/md5.js-1.3.5.tgz", "integrity": "sha512-xitP+WxNPcTTOgnTJcrhM0xvdPepipPSf3I8EIpGKeFLjt3PlJLIDG3u8EX53ZIubkb+5U2+3rELYpEhHhzdkg==", + "dev": true, + "peer": true, "dependencies": { "hash-base": "^3.0.0", "inherits": "^2.0.1", "safe-buffer": "^5.1.2" } }, - "node_modules/mdast-squeeze-paragraphs": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/mdast-squeeze-paragraphs/-/mdast-squeeze-paragraphs-4.0.0.tgz", - "integrity": "sha512-zxdPn69hkQ1rm4J+2Cs2j6wDEv7O17TfXTJ33tl/+JPIoEmtV9t2ZzBM5LPHE8QlHsmVD8t3vPKCyY3oH+H8MQ==", - "dependencies": { - "unist-util-remove": "^2.0.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" - } - }, - "node_modules/mdast-util-compact": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/mdast-util-compact/-/mdast-util-compact-2.0.1.tgz", - "integrity": "sha512-7GlnT24gEwDrdAwEHrU4Vv5lLWrEer4KOkAiKT9nYstsTad7Oc1TwqT2zIMKRdZF7cTuaf+GA1E4Kv7jJh8mPA==", - "dependencies": { - "unist-util-visit": "^2.0.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" - } - }, - "node_modules/mdast-util-definitions": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/mdast-util-definitions/-/mdast-util-definitions-4.0.0.tgz", - "integrity": "sha512-k8AJ6aNnUkB7IE+5azR9h81O5EQ/cTDXtWdMq9Kk5KcEW/8ritU5CeLg/9HhOC++nALHBlaogJ5jz0Ybk3kPMQ==", - "dependencies": { - "unist-util-visit": "^2.0.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" - } - }, "node_modules/mdast-util-from-markdown": { "version": "0.8.5", "resolved": "https://registry.npmjs.org/mdast-util-from-markdown/-/mdast-util-from-markdown-0.8.5.tgz", "integrity": "sha512-2hkTXtYYnr+NubD/g6KGBS/0mFmBcifAsI0yIWRiRo0PjVs6SSOSOdtzbp6kSGnShDN6G5aWZpKQ2lWRy27mWQ==", + "dev": true, "dependencies": { "@types/mdast": "^3.0.0", "mdast-util-to-string": "^2.0.0", @@ -11578,43 +8535,11 @@ "url": "https://opencollective.com/unified" } }, - "node_modules/mdast-util-math": { - "version": "0.1.2", - "resolved": "https://registry.npmjs.org/mdast-util-math/-/mdast-util-math-0.1.2.tgz", - "integrity": "sha512-fogAitds+wH+QRas78Yr1TwmQGN4cW/G2WRw5ePuNoJbBSPJCxIOCE8MTzHgWHVSpgkRaPQTgfzXRE1CrwWSlg==", - "dependencies": { - "longest-streak": "^2.0.0", - "mdast-util-to-markdown": "^0.6.0", - "repeat-string": "^1.0.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" - } - }, - "node_modules/mdast-util-to-hast": { - "version": "10.0.1", - "resolved": "https://registry.npmjs.org/mdast-util-to-hast/-/mdast-util-to-hast-10.0.1.tgz", - "integrity": "sha512-BW3LM9SEMnjf4HXXVApZMt8gLQWVNXc3jryK0nJu/rOXPOnlkUjmdkDlmxMirpbU9ILncGFIwLH/ubnWBbcdgA==", - "dependencies": { - "@types/mdast": "^3.0.0", - "@types/unist": "^2.0.0", - "mdast-util-definitions": "^4.0.0", - "mdurl": "^1.0.0", - "unist-builder": "^2.0.0", - "unist-util-generated": "^1.0.0", - "unist-util-position": "^3.0.0", - "unist-util-visit": "^2.0.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" - } - }, "node_modules/mdast-util-to-markdown": { "version": "0.6.5", "resolved": "https://registry.npmjs.org/mdast-util-to-markdown/-/mdast-util-to-markdown-0.6.5.tgz", "integrity": "sha512-XeV9sDE7ZlOQvs45C9UKMtfTcctcaj/pGwH8YLbMHoMOXNNCn2LsqVQOqrF1+/NU8lKDAqozme9SCXWyo9oAcQ==", + "dev": true, "dependencies": { "@types/unist": "^2.0.0", "longest-streak": "^2.0.0", @@ -11632,35 +8557,12 @@ "version": "2.0.0", "resolved": "https://registry.npmjs.org/mdast-util-to-string/-/mdast-util-to-string-2.0.0.tgz", "integrity": "sha512-AW4DRS3QbBayY/jJmD8437V1Gombjf8RSOUCMFBuo5iHi58AGEgVCKQ+ezHkZZDpAQS75hcBMpLqjpJTjtUL7w==", + "dev": true, "funding": { "type": "opencollective", "url": "https://opencollective.com/unified" } }, - "node_modules/mdn-data": { - "version": "2.0.4", - "resolved": "https://registry.npmjs.org/mdn-data/-/mdn-data-2.0.4.tgz", - "integrity": "sha512-iV3XNKw06j5Q7mi6h+9vbx23Tv7JkjEVgKHW4pimwyDGWm0OIQntJJ+u1C6mg6mK1EaTv42XQ7w76yuzH7M2cA==", - "dev": true - }, - "node_modules/mdurl": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/mdurl/-/mdurl-1.0.1.tgz", - "integrity": "sha1-/oWy7HWlkDfyrf7BAP1sYBdhFS4=" - }, - "node_modules/media-typer": { - "version": "0.3.0", - "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz", - "integrity": "sha1-hxDXrwqmJvj/+hzgAWhUUmMlV0g=", - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/memoize-one": { - "version": "5.2.1", - "resolved": "https://registry.npmjs.org/memoize-one/-/memoize-one-5.2.1.tgz", - "integrity": "sha512-zYiwtZUcYyXKo/np96AGZAckk+FWWsUdJ3cHGGmld7+AhvcWmQyGCYUh1hc4Q/pkOhb65dQR/pqCyK0cOaHz4Q==" - }, "node_modules/meow": { "version": "8.1.2", "resolved": "https://registry.npmjs.org/meow/-/meow-8.1.2.tgz", @@ -11698,15 +8600,11 @@ "url": "https://github.com/sponsors/sindresorhus" } }, - "node_modules/merge-descriptors": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.1.tgz", - "integrity": "sha1-sAqqVW3YtEVoFQ7J0blT8/kMu2E=" - }, "node_modules/merge-stream": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/merge-stream/-/merge-stream-2.0.0.tgz", - "integrity": "sha512-abv/qOcuPfk3URPfDzmZU1LKmuw8kT+0nIHvKrKgFrwifol/doWcdA4ZqsWQ8ENrFKkd67Mfpo/LovbIUsbt3w==" + "integrity": "sha512-abv/qOcuPfk3URPfDzmZU1LKmuw8kT+0nIHvKrKgFrwifol/doWcdA4ZqsWQ8ENrFKkd67Mfpo/LovbIUsbt3w==", + "dev": true }, "node_modules/merge2": { "version": "1.4.1", @@ -11717,23 +8615,11 @@ "node": ">= 8" } }, - "node_modules/methods": { - "version": "1.1.2", - "resolved": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz", - "integrity": "sha1-VSmk1nZUE07cxSZmVoNbD4Ua/O4=", - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/micro-memoize": { - "version": "4.0.9", - "resolved": "https://registry.npmjs.org/micro-memoize/-/micro-memoize-4.0.9.tgz", - "integrity": "sha512-Z2uZi/IUMGQDCXASdujXRqrXXEwSY0XffUrAOllhqzQI3wpUyZbiZTiE2JuYC0HSG2G7DbCS5jZmsEKEGZuemg==" - }, "node_modules/micromark": { "version": "2.11.4", "resolved": "https://registry.npmjs.org/micromark/-/micromark-2.11.4.tgz", "integrity": "sha512-+WoovN/ppKolQOFIAajxi7Lu9kInbPxFuTBVEavFcL8eAfVstoc5MocPmqBeAdBOJV00uaVjegzH4+MA0DN/uA==", + "dev": true, "funding": [ { "type": "GitHub Sponsors", @@ -11749,19 +8635,6 @@ "parse-entities": "^2.0.0" } }, - "node_modules/micromark-extension-math": { - "version": "0.1.2", - "resolved": "https://registry.npmjs.org/micromark-extension-math/-/micromark-extension-math-0.1.2.tgz", - "integrity": "sha512-ZJXsT2eVPM8VTmcw0CPSDeyonOn9SziGK3Z+nkf9Vb6xMPeU+4JMEnO6vzDL10562Favw8Vste74f54rxJ/i6Q==", - "dependencies": { - "katex": "^0.12.0", - "micromark": "~2.11.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" - } - }, "node_modules/micromatch": { "version": "4.0.4", "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.4.tgz", @@ -11779,6 +8652,8 @@ "version": "4.0.1", "resolved": "https://registry.npmjs.org/miller-rabin/-/miller-rabin-4.0.1.tgz", "integrity": "sha512-115fLhvZVqWwHPbClyntxEVfVDfl9DLLTuJvq3g2O/Oxi8AiNouAHvDSzHS0viUJc+V5vm3eq91Xwqn9dp4jRA==", + "dev": true, + "peer": true, "dependencies": { "bn.js": "^4.0.0", "brorand": "^1.0.1" @@ -11790,23 +8665,15 @@ "node_modules/miller-rabin/node_modules/bn.js": { "version": "4.12.0", "resolved": "https://registry.npmjs.org/bn.js/-/bn.js-4.12.0.tgz", - "integrity": "sha512-c98Bf3tPniI+scsdk237ku1Dc3ujXQTSgyiPUDEOe7tRkhrqridvh8klBv0HCEso1OLOYcHuCv/cS6DNxKH+ZA==" - }, - "node_modules/mime": { - "version": "1.6.0", - "resolved": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz", - "integrity": "sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg==", - "bin": { - "mime": "cli.js" - }, - "engines": { - "node": ">=4" - } + "integrity": "sha512-c98Bf3tPniI+scsdk237ku1Dc3ujXQTSgyiPUDEOe7tRkhrqridvh8klBv0HCEso1OLOYcHuCv/cS6DNxKH+ZA==", + "dev": true, + "peer": true }, "node_modules/mime-db": { "version": "1.48.0", "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.48.0.tgz", "integrity": "sha512-FM3QwxV+TnZYQ2aRqhlKBMHxk10lTbMt3bBkMAp54ddrNeVSfcQYOOKuGuy3Ddrm38I04If834fOUSq1yzslJQ==", + "dev": true, "engines": { "node": ">= 0.6" } @@ -11815,6 +8682,7 @@ "version": "2.1.31", "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.31.tgz", "integrity": "sha512-XGZnNzm3QvgKxa8dpzyhFTHmpP3l5YNusmne07VUOXxou9CqUqYa/HBy124RqtVh/O2pECas/MOcsDgpilPOPg==", + "dev": true, "dependencies": { "mime-db": "1.48.0" }, @@ -11831,15 +8699,6 @@ "node": ">=6" } }, - "node_modules/mimic-response": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/mimic-response/-/mimic-response-1.0.1.tgz", - "integrity": "sha512-j5EctnkH7amfV/q5Hgmoal1g2QHFJRraOtmx0JpIqkxhBhI/lJSl1nMpQ45hVarwNETOoWEimndZ4QK0RHxuxQ==", - "dev": true, - "engines": { - "node": ">=4" - } - }, "node_modules/min-indent": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/min-indent/-/min-indent-1.0.1.tgz", @@ -11852,17 +8711,22 @@ "node_modules/minimalistic-assert": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/minimalistic-assert/-/minimalistic-assert-1.0.1.tgz", - "integrity": "sha512-UtJcAD4yEaGtjPezWuO9wC4nwUnVH/8/Im3yEHQP4b67cXlD/Qr9hdITCU1xDbSEXg2XKNaP8jsReV7vQd00/A==" + "integrity": "sha512-UtJcAD4yEaGtjPezWuO9wC4nwUnVH/8/Im3yEHQP4b67cXlD/Qr9hdITCU1xDbSEXg2XKNaP8jsReV7vQd00/A==", + "dev": true, + "peer": true }, "node_modules/minimalistic-crypto-utils": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/minimalistic-crypto-utils/-/minimalistic-crypto-utils-1.0.1.tgz", - "integrity": "sha1-9sAMHAsIIkblxNmd+4x8CDsrWCo=" + "integrity": "sha1-9sAMHAsIIkblxNmd+4x8CDsrWCo=", + "dev": true, + "peer": true }, "node_modules/minimatch": { "version": "3.0.4", "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.4.tgz", "integrity": "sha512-yJHVQEhyqPLUTgt9B83PXu6W3rx4MvvHvSUvToogpwoGDOUQ+yDrR0HRot+yOCdCO7u4hX3pWft6kWBBcqh0UA==", + "dev": true, "dependencies": { "brace-expansion": "^1.1.7" }, @@ -11873,7 +8737,8 @@ "node_modules/minimist": { "version": "1.2.5", "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.5.tgz", - "integrity": "sha512-FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw==" + "integrity": "sha512-FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw==", + "dev": true }, "node_modules/minimist-options": { "version": "4.1.0", @@ -11894,6 +8759,7 @@ "resolved": "https://registry.npmjs.org/mixin-deep/-/mixin-deep-1.3.2.tgz", "integrity": "sha512-WRoDn//mXBiJ1H40rqa3vH0toePwSsGb45iInWlTySa+Uu4k3tYUSxa2v1KqAiLtvlrSzaExqS1gtk96A9zvEA==", "dev": true, + "peer": true, "dependencies": { "for-in": "^1.0.2", "is-extendable": "^1.0.1" @@ -11907,6 +8773,7 @@ "resolved": "https://registry.npmjs.org/is-extendable/-/is-extendable-1.0.1.tgz", "integrity": "sha512-arnXMxT1hhoKo9k1LZdmlNyJdDDfy2v0fXjFlmok4+i8ul/6WlbVge9bhM74OpNPQPMGUToDtz+KXa1PneJxOA==", "dev": true, + "peer": true, "dependencies": { "is-plain-object": "^2.0.4" }, @@ -11926,37 +8793,11 @@ "node": ">=10" } }, - "node_modules/moize": { - "version": "6.1.0", - "resolved": "https://registry.npmjs.org/moize/-/moize-6.1.0.tgz", - "integrity": "sha512-WrMcM+C2Jy+qyOC/UMhA3BCHGowxV34dhDZnDNfxsREW/8N+33SFjmc23Q61Xv1WUthUA1vYopTitP1sZ5jkeg==", - "dependencies": { - "fast-equals": "^2.0.1", - "micro-memoize": "^4.0.9" - } - }, - "node_modules/mozjpeg": { - "version": "7.1.0", - "resolved": "https://registry.npmjs.org/mozjpeg/-/mozjpeg-7.1.0.tgz", - "integrity": "sha512-A6nVpI33DVi04HxatRx3PZTeVAOP1AC/T/5kXEvP0U8F+J11mmFFDv46BM2j5/cEyzDDtK8ptHeBSphNMrQLqA==", - "dev": true, - "hasInstallScript": true, - "dependencies": { - "bin-build": "^3.0.0", - "bin-wrapper": "^4.0.0", - "logalot": "^2.1.0" - }, - "bin": { - "mozjpeg": "cli.js" - }, - "engines": { - "node": ">=10" - } - }, "node_modules/ms": { "version": "2.1.2", "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", - "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==" + "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==", + "dev": true }, "node_modules/mute-stream": { "version": "0.0.8", @@ -11968,6 +8809,8 @@ "version": "3.1.23", "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.1.23.tgz", "integrity": "sha512-FiB0kzdP0FFVGDKlRLEQ1BgDzU87dy5NnzjeW9YZNt+/c3+q82EQDUwniSAUxp/F0gFNI1ZhKU1FqYsMuqZVnw==", + "dev": true, + "peer": true, "bin": { "nanoid": "bin/nanoid.cjs" }, @@ -11980,6 +8823,7 @@ "resolved": "https://registry.npmjs.org/nanomatch/-/nanomatch-1.2.13.tgz", "integrity": "sha512-fpoe2T0RbHwBTBUOftAfBPaDEi06ufaUai0mE6Yn1kacc3SnTErfb/h+X94VXzI64rKFHYImXSvdwGGCmwOqCA==", "dev": true, + "peer": true, "dependencies": { "arr-diff": "^4.0.0", "array-unique": "^0.3.2", @@ -12001,6 +8845,8 @@ "version": "0.3.4", "resolved": "https://registry.npmjs.org/native-url/-/native-url-0.3.4.tgz", "integrity": "sha512-6iM8R99ze45ivyH8vybJ7X0yekIcPf5GgLV5K0ENCbmRcaRIDoj37BC8iLEmaaBfqqb8enuZ5p0uhY+lVAbAcA==", + "dev": true, + "peer": true, "dependencies": { "querystring": "^0.2.0" } @@ -12011,18 +8857,12 @@ "integrity": "sha1-Sr6/7tdUHywnrPspvbvRXI1bpPc=", "dev": true }, - "node_modules/negotiator": { - "version": "0.6.2", - "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.2.tgz", - "integrity": "sha512-hZXc7K2e+PgeI1eDBe/10Ard4ekbfrrqG8Ep+8Jmf4JID2bNg7NvCPOZN+kfF574pFQI7mum2AUqDidoKqcTOw==", - "engines": { - "node": ">= 0.6" - } - }, "node_modules/next": { "version": "11.1.2", "resolved": "https://registry.npmjs.org/next/-/next-11.1.2.tgz", "integrity": "sha512-azEYL0L+wFjv8lstLru3bgvrzPvK0P7/bz6B/4EJ9sYkXeW8r5Bjh78D/Ol7VOg0EIPz0CXoe72hzAlSAXo9hw==", + "dev": true, + "peer": true, "dependencies": { "@babel/runtime": "7.15.3", "@hapi/accept": "5.0.2", @@ -12106,58 +8946,12 @@ } } }, - "node_modules/next-mdx-remote": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/next-mdx-remote/-/next-mdx-remote-3.0.1.tgz", - "integrity": "sha512-sV1sM6CkdYP5aPND1+vrF3wr8TU8NJwVlcFe2rPjVHR5J/9M2bl9zlhF6AF+GOKHA7d5kUdwHoLbApEGofD8hA==", - "dependencies": { - "@mdx-js/mdx": "^1.6.22", - "@mdx-js/react": "^1.6.22", - "esbuild": "^0.11.12", - "pkg-dir": "^5.0.0" - }, - "peerDependencies": { - "react": ">=16.x <=17.x", - "react-dom": ">=16.x <=17.x" - } - }, - "node_modules/next-remote-watch": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/next-remote-watch/-/next-remote-watch-1.0.0.tgz", - "integrity": "sha512-kV+pglCwcnKyqJIXPHUUrnZr9d3rCqCIEQWBkFYC02GDXHyKVmcFytoY6q0+wMIQqh/izIAQL1x6OKXZhksjLA==", - "dependencies": { - "body-parser": "^1.19.0", - "chalk": "^4.0.0", - "chokidar": "^3.4.0", - "commander": "^5.0.0", - "express": "^4.17.1" - }, - "bin": { - "next-remote-watch": "bin/next-remote-watch" - } - }, - "node_modules/next-remote-watch/node_modules/commander": { - "version": "5.1.0", - "resolved": "https://registry.npmjs.org/commander/-/commander-5.1.0.tgz", - "integrity": "sha512-P0CysNDQ7rtVw4QIQtm+MRxV66vKFSvlsQvGYXZWR3qFU0jlMKHZZZgw8e+8DSah4UDKMqnknRDQz+xuQXQ/Zg==", - "engines": { - "node": ">= 6" - } - }, - "node_modules/next-transpile-modules": { - "version": "8.0.0", - "resolved": "https://registry.npmjs.org/next-transpile-modules/-/next-transpile-modules-8.0.0.tgz", - "integrity": "sha512-Q2f2yB0zMJ8KJbIYAeZoIxG6cSfVk813zr6B5HzsLMBVcJ3FaF8lKr7WG66n0KlHCwjLSmf/6EkgI6QQVWHrDw==", - "dev": true, - "dependencies": { - "enhanced-resolve": "^5.7.0", - "escalade": "^3.1.1" - } - }, "node_modules/next/node_modules/ansi-styles": { "version": "3.2.1", "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz", "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==", + "dev": true, + "peer": true, "dependencies": { "color-convert": "^1.9.0" }, @@ -12169,6 +8963,8 @@ "version": "5.6.0", "resolved": "https://registry.npmjs.org/buffer/-/buffer-5.6.0.tgz", "integrity": "sha512-/gDYp/UtU0eA1ys8bOs9J6a+E/KWIY+DZ+Q2WESNUA0jFRsJOc0SNUO6xJ5SGA1xueg3NL65W6s+NY5l9cunuw==", + "dev": true, + "peer": true, "dependencies": { "base64-js": "^1.0.2", "ieee754": "^1.1.4" @@ -12178,6 +8974,8 @@ "version": "2.4.2", "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz", "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==", + "dev": true, + "peer": true, "dependencies": { "ansi-styles": "^3.2.1", "escape-string-regexp": "^1.0.5", @@ -12191,6 +8989,8 @@ "version": "1.9.3", "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==", + "dev": true, + "peer": true, "dependencies": { "color-name": "1.1.3" } @@ -12198,12 +8998,16 @@ "node_modules/next/node_modules/color-name": { "version": "1.1.3", "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", - "integrity": "sha1-p9BVi9icQveV3UIyj3QIMcpTvCU=" + "integrity": "sha1-p9BVi9icQveV3UIyj3QIMcpTvCU=", + "dev": true, + "peer": true }, "node_modules/next/node_modules/has-flag": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", "integrity": "sha1-tdRU3CGZriJWmfNGfloH87lVuv0=", + "dev": true, + "peer": true, "engines": { "node": ">=4" } @@ -12211,12 +9015,16 @@ "node_modules/next/node_modules/react-is": { "version": "17.0.2", "resolved": "https://registry.npmjs.org/react-is/-/react-is-17.0.2.tgz", - "integrity": "sha512-w2GsyukL62IJnlaff/nRegPQR94C/XXamvMWmSHRJ4y7Ts/4ocGRmTHvOs8PSE6pB3dWOrD/nueuU5sduBsQ4w==" + "integrity": "sha512-w2GsyukL62IJnlaff/nRegPQR94C/XXamvMWmSHRJ4y7Ts/4ocGRmTHvOs8PSE6pB3dWOrD/nueuU5sduBsQ4w==", + "dev": true, + "peer": true }, "node_modules/next/node_modules/supports-color": { "version": "5.5.0", "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==", + "dev": true, + "peer": true, "dependencies": { "has-flag": "^3.0.0" }, @@ -12228,26 +9036,14 @@ "version": "1.0.5", "resolved": "https://registry.npmjs.org/nice-try/-/nice-try-1.0.5.tgz", "integrity": "sha512-1nh45deeb5olNY7eX82BkPO7SSxR5SSYJiPTrTdFUVYwAl8CKMA5N9PjTYkHiRjisVcxcQ1HXdLhx2qxxJzLNQ==", - "dev": true - }, - "node_modules/no-case": { - "version": "3.0.4", - "resolved": "https://registry.npmjs.org/no-case/-/no-case-3.0.4.tgz", - "integrity": "sha512-fgAN3jGAh+RoxUGZHTSOLJIqUc2wmoBwGR4tbpNAKmmovFoWq0OdRkb0VkldReO2a2iBT/OEulG9XSUc10r3zg==", - "dependencies": { - "lower-case": "^2.0.2", - "tslib": "^2.0.3" - } - }, - "node_modules/no-case/node_modules/tslib": { - "version": "2.3.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.3.1.tgz", - "integrity": "sha512-77EbyPPpMz+FRFRuAFlWMtmgUWGe9UOG2Z25NqCwiIjRhOf5iKGuzSe5P2w1laq+FkRy4p+PCuVkJSGkzTEKVw==" + "dev": true, + "peer": true }, "node_modules/node-fetch": { "version": "2.6.1", "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.1.tgz", "integrity": "sha512-V4aYg89jEoVRxRb2fJdAg8FHvI7cEyYdVAh94HH0UIK8oJxUfkjlDQN9RbMx+bEjP7+ggMiFRprSti032Oipxw==", + "dev": true, "engines": { "node": "4.x || >=6.0.0" } @@ -12256,14 +9052,25 @@ "version": "1.4.9", "resolved": "https://registry.npmjs.org/node-html-parser/-/node-html-parser-1.4.9.tgz", "integrity": "sha512-UVcirFD1Bn0O+TSmloHeHqZZCxHjvtIeGdVdGMhyZ8/PWlEiZaZ5iJzR189yKZr8p0FXN58BUeC7RHRkf/KYGw==", + "dev": true, + "peer": true, "dependencies": { "he": "1.2.0" } }, + "node_modules/node-int64": { + "version": "0.4.0", + "resolved": "https://registry.npmjs.org/node-int64/-/node-int64-0.4.0.tgz", + "integrity": "sha1-h6kGXNs1XTGC2PlM4RGIuCXGijs=", + "dev": true, + "peer": true + }, "node_modules/node-libs-browser": { "version": "2.2.1", "resolved": "https://registry.npmjs.org/node-libs-browser/-/node-libs-browser-2.2.1.tgz", "integrity": "sha512-h/zcD8H9kaDZ9ALUWwlBUDo6TKF8a7qBSCSEGfjTVIYeqsioSKaAX+BN7NgiMGp6iSIXZ3PxgCu8KS3b71YK5Q==", + "dev": true, + "peer": true, "dependencies": { "assert": "^1.1.1", "browserify-zlib": "^0.2.0", @@ -12294,6 +9101,8 @@ "version": "1.5.0", "resolved": "https://registry.npmjs.org/assert/-/assert-1.5.0.tgz", "integrity": "sha512-EDsgawzwoun2CZkCgtxJbv392v4nbk9XDD06zI+kQYoBM/3RBWLlEyJARDOmhAAosBjWACEkKL6S+lIZtcAubA==", + "dev": true, + "peer": true, "dependencies": { "object-assign": "^4.1.1", "util": "0.10.3" @@ -12303,6 +9112,8 @@ "version": "0.10.3", "resolved": "https://registry.npmjs.org/util/-/util-0.10.3.tgz", "integrity": "sha1-evsa/lCAUkZInj23/g7TeTNqwPk=", + "dev": true, + "peer": true, "dependencies": { "inherits": "2.0.1" } @@ -12311,6 +9122,8 @@ "version": "4.9.2", "resolved": "https://registry.npmjs.org/buffer/-/buffer-4.9.2.tgz", "integrity": "sha512-xq+q3SRMOxGivLhBNaUdC64hDTQwejJ+H0T/NB1XMtTVEwNTrfFF3gAxiyW0Bu/xWEGhjVKgUcMhCrUy2+uCWg==", + "dev": true, + "peer": true, "dependencies": { "base64-js": "^1.0.2", "ieee754": "^1.1.4", @@ -12321,6 +9134,8 @@ "version": "1.2.0", "resolved": "https://registry.npmjs.org/domain-browser/-/domain-browser-1.2.0.tgz", "integrity": "sha512-jnjyiM6eRyZl2H+W8Q/zLMA481hzi0eszAaBUzIVnmYVDBbnLxVNnfu1HgEBvCbL+71FrxMl3E6lpKH7Ge3OXA==", + "dev": true, + "peer": true, "engines": { "node": ">=0.4", "npm": ">=1.2" @@ -12329,22 +9144,30 @@ "node_modules/node-libs-browser/node_modules/inherits": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.1.tgz", - "integrity": "sha1-sX0I0ya0Qj5Wjv9xn5GwscvfafE=" + "integrity": "sha1-sX0I0ya0Qj5Wjv9xn5GwscvfafE=", + "dev": true, + "peer": true }, "node_modules/node-libs-browser/node_modules/path-browserify": { "version": "0.0.1", "resolved": "https://registry.npmjs.org/path-browserify/-/path-browserify-0.0.1.tgz", - "integrity": "sha512-BapA40NHICOS+USX9SN4tyhq+A2RrN/Ws5F0Z5aMHDp98Fl86lX8Oti8B7uN93L4Ifv4fHOEA+pQw87gmMO/lQ==" + "integrity": "sha512-BapA40NHICOS+USX9SN4tyhq+A2RrN/Ws5F0Z5aMHDp98Fl86lX8Oti8B7uN93L4Ifv4fHOEA+pQw87gmMO/lQ==", + "dev": true, + "peer": true }, "node_modules/node-libs-browser/node_modules/punycode": { "version": "1.4.1", "resolved": "https://registry.npmjs.org/punycode/-/punycode-1.4.1.tgz", - "integrity": "sha1-wNWmOycYgArY4esPpSachN1BhF4=" + "integrity": "sha1-wNWmOycYgArY4esPpSachN1BhF4=", + "dev": true, + "peer": true }, "node_modules/node-libs-browser/node_modules/readable-stream": { "version": "2.3.7", "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.7.tgz", "integrity": "sha512-Ebho8K4jIbHAxnuxi7o42OrZgF/ZTNcsZj6nRKyUmkhLFq8CHItp/fy6hQZuZmP/n3yZ9VBUbp4zz/mX8hmYPw==", + "dev": true, + "peer": true, "dependencies": { "core-util-is": "~1.0.0", "inherits": "~2.0.3", @@ -12358,12 +9181,16 @@ "node_modules/node-libs-browser/node_modules/readable-stream/node_modules/inherits": { "version": "2.0.4", "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", - "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==" + "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==", + "dev": true, + "peer": true }, "node_modules/node-libs-browser/node_modules/readable-stream/node_modules/string_decoder": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==", + "dev": true, + "peer": true, "dependencies": { "safe-buffer": "~5.1.0" } @@ -12372,6 +9199,8 @@ "version": "2.0.2", "resolved": "https://registry.npmjs.org/stream-browserify/-/stream-browserify-2.0.2.tgz", "integrity": "sha512-nX6hmklHs/gr2FuxYDltq8fJA1GDlxKQCz8O/IM4atRqBH8OORmBNgfvW5gG10GT/qQ9u0CzIvr2X5Pkt6ntqg==", + "dev": true, + "peer": true, "dependencies": { "inherits": "~2.0.1", "readable-stream": "^2.0.2" @@ -12381,6 +9210,8 @@ "version": "2.8.3", "resolved": "https://registry.npmjs.org/stream-http/-/stream-http-2.8.3.tgz", "integrity": "sha512-+TSkfINHDo4J+ZobQLWiMouQYB+UVYFttRA94FpEzzJ7ZdqcL4uUUQ7WkdkI4DSozGmgBUE/a47L+38PenXhUw==", + "dev": true, + "peer": true, "dependencies": { "builtin-status-codes": "^3.0.0", "inherits": "^2.0.1", @@ -12392,12 +9223,16 @@ "node_modules/node-libs-browser/node_modules/tty-browserify": { "version": "0.0.0", "resolved": "https://registry.npmjs.org/tty-browserify/-/tty-browserify-0.0.0.tgz", - "integrity": "sha1-oVe6QC2iTpv5V/mqadUk7tQpAaY=" + "integrity": "sha1-oVe6QC2iTpv5V/mqadUk7tQpAaY=", + "dev": true, + "peer": true }, "node_modules/node-libs-browser/node_modules/util": { "version": "0.11.1", "resolved": "https://registry.npmjs.org/util/-/util-0.11.1.tgz", "integrity": "sha512-HShAsny+zS2TZfaXxD9tYj4HQGlBezXZMZuM/S5PKLLoZkShZiGk9o5CzukI1LVHZvjdvZ2Sj1aW/Ndn2NB/HQ==", + "dev": true, + "peer": true, "dependencies": { "inherits": "2.0.3" } @@ -12405,12 +9240,42 @@ "node_modules/node-libs-browser/node_modules/util/node_modules/inherits": { "version": "2.0.3", "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.3.tgz", - "integrity": "sha1-Yzwsg+PaQqUC9SRmAiSA9CCCYd4=" + "integrity": "sha1-Yzwsg+PaQqUC9SRmAiSA9CCCYd4=", + "dev": true, + "peer": true + }, + "node_modules/node-notifier": { + "version": "8.0.2", + "resolved": "https://registry.npmjs.org/node-notifier/-/node-notifier-8.0.2.tgz", + "integrity": "sha512-oJP/9NAdd9+x2Q+rfphB2RJCHjod70RcRLjosiPMMu5gjIfwVnOUGq2nbTjTUbmy0DJ/tFIVT30+Qe3nzl4TJg==", + "dev": true, + "optional": true, + "peer": true, + "dependencies": { + "growly": "^1.3.0", + "is-wsl": "^2.2.0", + "semver": "^7.3.2", + "shellwords": "^0.1.1", + "uuid": "^8.3.0", + "which": "^2.0.2" + } + }, + "node_modules/node-notifier/node_modules/uuid": { + "version": "8.3.2", + "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz", + "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==", + "dev": true, + "optional": true, + "peer": true, + "bin": { + "uuid": "dist/bin/uuid" + } }, "node_modules/node-releases": { "version": "1.1.73", "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-1.1.73.tgz", - "integrity": "sha512-uW7fodD6pyW2FZNZnp/Z3hvWKeEW1Y8R1+1CnErE8cXFXzl5blBOoVB41CvMer6P6Q0S5FXDwcHgFd1Wj0U9zg==" + "integrity": "sha512-uW7fodD6pyW2FZNZnp/Z3hvWKeEW1Y8R1+1CnErE8cXFXzl5blBOoVB41CvMer6P6Q0S5FXDwcHgFd1Wj0U9zg==", + "dev": true }, "node_modules/normalize-package-data": { "version": "3.0.2", @@ -12431,6 +9296,7 @@ "version": "3.0.0", "resolved": "https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz", "integrity": "sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==", + "dev": true, "engines": { "node": ">=0.10.0" } @@ -12450,54 +9316,6 @@ "integrity": "sha1-0LFF62kRicY6eNIB3E/bEpPvDAM=", "dev": true }, - "node_modules/normalize-url": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/normalize-url/-/normalize-url-2.0.1.tgz", - "integrity": "sha512-D6MUW4K/VzoJ4rJ01JFKxDrtY1v9wrgzCX5f2qj/lzH1m/lW6MhUZFKerVsnyjOhOsYzI9Kqqak+10l4LvLpMw==", - "dev": true, - "dependencies": { - "prepend-http": "^2.0.0", - "query-string": "^5.0.1", - "sort-keys": "^2.0.0" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/normalize-url/node_modules/prepend-http": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/prepend-http/-/prepend-http-2.0.0.tgz", - "integrity": "sha1-6SQ0v6XqjBn0HN/UAddBo8gZ2Jc=", - "dev": true, - "engines": { - "node": ">=4" - } - }, - "node_modules/normalize-url/node_modules/sort-keys": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/sort-keys/-/sort-keys-2.0.0.tgz", - "integrity": "sha1-ZYU1WEhh7JfXMNbPQYIuH1ZoQSg=", - "dev": true, - "dependencies": { - "is-plain-obj": "^1.0.0" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/npm-conf": { - "version": "1.1.3", - "resolved": "https://registry.npmjs.org/npm-conf/-/npm-conf-1.1.3.tgz", - "integrity": "sha512-Yic4bZHJOt9RCFbRP3GgpqhScOY4HH3V2P8yBj6CeYq118Qr+BLXqT2JvpJ00mryLESpgOxf5XlFv4ZjXxLScw==", - "dev": true, - "dependencies": { - "config-chain": "^1.1.11", - "pify": "^3.0.0" - }, - "engines": { - "node": ">=4" - } - }, "node_modules/npm-run-path": { "version": "4.0.1", "resolved": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-4.0.1.tgz", @@ -12510,52 +9328,24 @@ "node": ">=8" } }, - "node_modules/nprogress": { - "version": "0.2.0", - "resolved": "https://registry.npmjs.org/nprogress/-/nprogress-0.2.0.tgz", - "integrity": "sha1-y480xTIT2JVyP8urkH6UIq28r7E=" - }, - "node_modules/nth-check": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/nth-check/-/nth-check-1.0.2.tgz", - "integrity": "sha512-WeBOdju8SnzPN5vTUJYxYUxLeXpCaVP5i5e0LF8fg7WORF2Wd7wFX/pk0tYZk7s8T+J7VLy0Da6J1+wCT0AtHg==", - "dev": true, - "dependencies": { - "boolbase": "~1.0.0" - } - }, - "node_modules/nuka-carousel": { - "version": "4.7.7", - "resolved": "https://registry.npmjs.org/nuka-carousel/-/nuka-carousel-4.7.7.tgz", - "integrity": "sha512-v0qvvtJdnr6ZhaT529Y/RcdxBdVo6Eab3Xfqt9UfMyXMYIYtEmyTXOW1MRLKagF4woWDhjyG3ju8XX7u+QE10g==", - "dependencies": { - "csstype": "^2.6.6", - "d3-ease": "^1.0.3", - "exenv": "^1.2.0", - "prop-types": "^15.6.0", - "react-move": "^6.1.0", - "wicg-inert": "^3.1.0" - }, - "peerDependencies": { - "react": "^0.14.9 || ^15.3.0 || ^16.0.0", - "react-dom": "^0.14.9 || ^15.3.0 || ^16.0.0" - } - }, - "node_modules/nuka-carousel/node_modules/csstype": { - "version": "2.6.17", - "resolved": "https://registry.npmjs.org/csstype/-/csstype-2.6.17.tgz", - "integrity": "sha512-u1wmTI1jJGzCJzWndZo8mk4wnPTZd1eOIYTYvuEyOQGfmDl3TrabCCfKnOC86FZwW/9djqTl933UF/cS425i9A==" - }, "node_modules/num2fraction": { "version": "1.2.2", "resolved": "https://registry.npmjs.org/num2fraction/-/num2fraction-1.2.2.tgz", "integrity": "sha1-b2gragJ6Tp3fpFZM0lidHU5mnt4=", "dev": true }, + "node_modules/nwsapi": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/nwsapi/-/nwsapi-2.2.0.tgz", + "integrity": "sha512-h2AatdwYH+JHiZpv7pt/gSX1XoRGb7L/qSIeuqA6GwYoF9w1vP1cw42TO0aI2pNyshRK5893hNSl+1//vHK7hQ==", + "dev": true, + "peer": true + }, "node_modules/object-assign": { "version": "4.1.1", "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz", "integrity": "sha1-IQmtx5ZYh8/AXLvUQsrIv7s2CGM=", + "dev": true, "engines": { "node": ">=0.10.0" } @@ -12565,6 +9355,7 @@ "resolved": "https://registry.npmjs.org/object-copy/-/object-copy-0.1.0.tgz", "integrity": "sha1-fn2Fi3gb18mRpBupde04EnVOmYw=", "dev": true, + "peer": true, "dependencies": { "copy-descriptor": "^0.1.0", "define-property": "^0.2.5", @@ -12579,6 +9370,7 @@ "resolved": "https://registry.npmjs.org/define-property/-/define-property-0.2.5.tgz", "integrity": "sha1-w1se+RjsPJkPmlvFe+BKrOxcgRY=", "dev": true, + "peer": true, "dependencies": { "is-descriptor": "^0.1.0" }, @@ -12591,6 +9383,7 @@ "resolved": "https://registry.npmjs.org/is-accessor-descriptor/-/is-accessor-descriptor-0.1.6.tgz", "integrity": "sha1-qeEss66Nh2cn7u84Q/igiXtcmNY=", "dev": true, + "peer": true, "dependencies": { "kind-of": "^3.0.2" }, @@ -12602,13 +9395,15 @@ "version": "1.1.6", "resolved": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.6.tgz", "integrity": "sha512-NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w==", - "dev": true + "dev": true, + "peer": true }, "node_modules/object-copy/node_modules/is-data-descriptor": { "version": "0.1.4", "resolved": "https://registry.npmjs.org/is-data-descriptor/-/is-data-descriptor-0.1.4.tgz", "integrity": "sha1-C17mSDiOLIYCgueT8YVv7D8wG1Y=", "dev": true, + "peer": true, "dependencies": { "kind-of": "^3.0.2" }, @@ -12621,6 +9416,7 @@ "resolved": "https://registry.npmjs.org/is-descriptor/-/is-descriptor-0.1.6.tgz", "integrity": "sha512-avDYr0SB3DwO9zsMov0gKCESFYqCnE4hq/4z3TdUlukEy5t9C0YRq7HLrsN52NAcqXKaepeCD0n+B0arnVG3Hg==", "dev": true, + "peer": true, "dependencies": { "is-accessor-descriptor": "^0.1.6", "is-data-descriptor": "^0.1.4", @@ -12635,6 +9431,7 @@ "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-5.1.0.tgz", "integrity": "sha512-NGEErnH6F2vUuXDh+OlbcKW7/wOcfdRHaZ7VWtqCztfHri/++YKmP51OdWeGPuqCOba6kk2OTe5d02VmTB80Pw==", "dev": true, + "peer": true, "engines": { "node": ">=0.10.0" } @@ -12644,6 +9441,7 @@ "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", "integrity": "sha1-MeohpzS6ubuw8yRm2JOupR5KPGQ=", "dev": true, + "peer": true, "dependencies": { "is-buffer": "^1.1.5" }, @@ -12655,6 +9453,7 @@ "version": "1.11.0", "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.11.0.tgz", "integrity": "sha512-jp7ikS6Sd3GxQfZJPyH3cjcbJF6GZPClgdV+EFygjFLQ5FmW/dRUnTd9PQ9k0JhoNDabWFbpF1yCdSWCC6gexg==", + "dev": true, "funding": { "url": "https://github.com/sponsors/ljharb" } @@ -12663,6 +9462,8 @@ "version": "1.1.5", "resolved": "https://registry.npmjs.org/object-is/-/object-is-1.1.5.tgz", "integrity": "sha512-3cyDsyHgtmi7I7DfSSI2LDp6SK2lwvtbg0p0R1e0RvTqF5ceGx+K2dfSjm1bKDMVCFEDAQvy+o8c6a7VujOddw==", + "dev": true, + "peer": true, "dependencies": { "call-bind": "^1.0.2", "define-properties": "^1.1.3" @@ -12678,6 +9479,7 @@ "version": "1.1.1", "resolved": "https://registry.npmjs.org/object-keys/-/object-keys-1.1.1.tgz", "integrity": "sha512-NuAESUOUMrlIXOfHKzD6bpPu3tYt3xvjNdRIQ+FeT0lNb4K8WR70CaDxhuNguS2XG+GjkyMwOzsN5ZktImfhLA==", + "dev": true, "engines": { "node": ">= 0.4" } @@ -12687,6 +9489,7 @@ "resolved": "https://registry.npmjs.org/object-visit/-/object-visit-1.0.1.tgz", "integrity": "sha1-95xEk68MU3e1n+OdOV5BBC3QRbs=", "dev": true, + "peer": true, "dependencies": { "isobject": "^3.0.0" }, @@ -12698,6 +9501,7 @@ "version": "4.1.2", "resolved": "https://registry.npmjs.org/object.assign/-/object.assign-4.1.2.tgz", "integrity": "sha512-ixT2L5THXsApyiUPYKmW+2EHpXXe5Ii3M+f4e+aJFAHao5amFRW6J0OO6c/LU8Be47utCx2GL89hxGB6XSmKuQ==", + "dev": true, "dependencies": { "call-bind": "^1.0.0", "define-properties": "^1.1.3", @@ -12743,23 +9547,6 @@ "url": "https://github.com/sponsors/ljharb" } }, - "node_modules/object.getownpropertydescriptors": { - "version": "2.1.2", - "resolved": "https://registry.npmjs.org/object.getownpropertydescriptors/-/object.getownpropertydescriptors-2.1.2.tgz", - "integrity": "sha512-WtxeKSzfBjlzL+F9b7M7hewDzMwy+C8NRssHd1YrNlzHzIDrXcXiNOMrezdAEM4UXixgV+vvnyBeN7Rygl2ttQ==", - "dev": true, - "dependencies": { - "call-bind": "^1.0.2", - "define-properties": "^1.1.3", - "es-abstract": "^1.18.0-next.2" - }, - "engines": { - "node": ">= 0.8" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, "node_modules/object.hasown": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/object.hasown/-/object.hasown-1.0.0.tgz", @@ -12778,6 +9565,7 @@ "resolved": "https://registry.npmjs.org/object.pick/-/object.pick-1.3.0.tgz", "integrity": "sha1-h6EKxMFpS9Lhy/U1kaZhQftd10c=", "dev": true, + "peer": true, "dependencies": { "isobject": "^3.0.1" }, @@ -12802,21 +9590,11 @@ "url": "https://github.com/sponsors/ljharb" } }, - "node_modules/on-finished": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.3.0.tgz", - "integrity": "sha1-IPEzZIGwg811M3mSoWlxqi2QaUc=", - "dependencies": { - "ee-first": "1.1.1" - }, - "engines": { - "node": ">= 0.8" - } - }, "node_modules/once": { "version": "1.4.0", "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", "integrity": "sha1-WDsap3WWHUsROsF9nFC6753Xa9E=", + "dev": true, "dependencies": { "wrappy": "1" } @@ -12861,15 +9639,6 @@ "opencollective-postinstall": "index.js" } }, - "node_modules/opener": { - "version": "1.5.2", - "resolved": "https://registry.npmjs.org/opener/-/opener-1.5.2.tgz", - "integrity": "sha512-ur5UIdyw5Y7yEj9wLzhqXiy6GZ3Mwx0yGI+5sMn2r0N0v3cKJvUmFH5yPP+WXh9e0xfyzyJX95D8l088DNFj7A==", - "dev": true, - "bin": { - "opener": "bin/opener-bin.js" - } - }, "node_modules/optionator": { "version": "0.9.1", "resolved": "https://registry.npmjs.org/optionator/-/optionator-0.9.1.tgz", @@ -12887,40 +9656,12 @@ "node": ">= 0.8.0" } }, - "node_modules/optipng-bin": { - "version": "7.0.0", - "resolved": "https://registry.npmjs.org/optipng-bin/-/optipng-bin-7.0.0.tgz", - "integrity": "sha512-mesUAwfedu5p9gRQwlYgD6Svw5IH3VUIWDJj/9cNpP3yFNbbEVqkTMWYhrIEn/cxmbGA3LpZrdoV2Yl8OfmnIA==", - "dev": true, - "hasInstallScript": true, - "dependencies": { - "bin-build": "^3.0.0", - "bin-wrapper": "^4.0.0", - "logalot": "^2.0.0" - }, - "bin": { - "optipng": "cli.js" - }, - "engines": { - "node": ">=10" - } - }, "node_modules/os-browserify": { "version": "0.3.0", "resolved": "https://registry.npmjs.org/os-browserify/-/os-browserify-0.3.0.tgz", - "integrity": "sha1-hUNzx/XCMVkU/Jv8a9gjj92h7Cc=" - }, - "node_modules/os-filter-obj": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/os-filter-obj/-/os-filter-obj-2.0.0.tgz", - "integrity": "sha512-uksVLsqG3pVdzzPvmAHpBK0wKxYItuzZr7SziusRPoz67tGV8rL1szZ6IdeUrbqLjGDwApBtN29eEE3IqGHOjg==", + "integrity": "sha1-hUNzx/XCMVkU/Jv8a9gjj92h7Cc=", "dev": true, - "dependencies": { - "arch": "^2.1.0" - }, - "engines": { - "node": ">=4" - } + "peer": true }, "node_modules/os-tmpdir": { "version": "1.0.2", @@ -12931,25 +9672,17 @@ "node": ">=0.10.0" } }, - "node_modules/p-cancelable": { - "version": "0.3.0", - "resolved": "https://registry.npmjs.org/p-cancelable/-/p-cancelable-0.3.0.tgz", - "integrity": "sha512-RVbZPLso8+jFeq1MfNvgXtCRED2raz/dKpacfTNxsx6pLEpEomM7gah6VeHSYV3+vo0OAi4MkArtQcWWXuQoyw==", + "node_modules/p-each-series": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/p-each-series/-/p-each-series-2.2.0.tgz", + "integrity": "sha512-ycIL2+1V32th+8scbpTvyHNaHe02z0sjgh91XXjAk+ZeXoPN4Z46DVUnzdso0aX4KckKw0FNNFHdjZ2UsZvxiA==", "dev": true, + "peer": true, "engines": { - "node": ">=4" - } - }, - "node_modules/p-event": { - "version": "1.3.0", - "resolved": "https://registry.npmjs.org/p-event/-/p-event-1.3.0.tgz", - "integrity": "sha1-jmtPT2XHK8W2/ii3XtqHT5akoIU=", - "dev": true, - "dependencies": { - "p-timeout": "^1.1.1" + "node": ">=8" }, - "engines": { - "node": ">=4" + "funding": { + "url": "https://github.com/sponsors/sindresorhus" } }, "node_modules/p-finally": { @@ -12957,15 +9690,7 @@ "resolved": "https://registry.npmjs.org/p-finally/-/p-finally-1.0.0.tgz", "integrity": "sha1-P7z7FbiZpEEjs0ttzBi3JDNqLK4=", "dev": true, - "engines": { - "node": ">=4" - } - }, - "node_modules/p-is-promise": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/p-is-promise/-/p-is-promise-1.1.0.tgz", - "integrity": "sha1-nJRWmJ6fZYgBewQ01WCXZ1w9oF4=", - "dev": true, + "peer": true, "engines": { "node": ">=4" } @@ -12974,6 +9699,7 @@ "version": "3.1.0", "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz", "integrity": "sha512-TYOanM3wGwNGsZN2cVTYPArw454xnXj5qmWF1bEoAc4+cU/ol7GVh7odevjp1FNHduHc3KZMcFduxU5Xc6uJRQ==", + "dev": true, "dependencies": { "yocto-queue": "^0.1.0" }, @@ -12988,6 +9714,7 @@ "version": "5.0.0", "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-5.0.0.tgz", "integrity": "sha512-LaNjtRWUBY++zB5nE/NwcaoMylSPk+S+ZHNB1TzdbMJMny6dynpAGt7X/tl/QYq3TIeE6nxHppbo2LGymrG5Pw==", + "dev": true, "dependencies": { "p-limit": "^3.0.2" }, @@ -13013,48 +9740,6 @@ "url": "https://github.com/sponsors/sindresorhus" } }, - "node_modules/p-map-series": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/p-map-series/-/p-map-series-1.0.0.tgz", - "integrity": "sha1-v5j+V1cFZYqeE1G++4WuTB8Hvco=", - "dev": true, - "dependencies": { - "p-reduce": "^1.0.0" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/p-pipe": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/p-pipe/-/p-pipe-1.2.0.tgz", - "integrity": "sha1-SxoROZoRUgpneQ7loMHViB1r7+k=", - "dev": true, - "engines": { - "node": ">=4" - } - }, - "node_modules/p-reduce": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/p-reduce/-/p-reduce-1.0.0.tgz", - "integrity": "sha1-GMKw3ZNqRpClKfgjH1ig/bakffo=", - "dev": true, - "engines": { - "node": ">=4" - } - }, - "node_modules/p-timeout": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/p-timeout/-/p-timeout-1.2.1.tgz", - "integrity": "sha1-XrOzU7f86Z8QGhA4iAuwVOu+o4Y=", - "dev": true, - "dependencies": { - "p-finally": "^1.0.0" - }, - "engines": { - "node": ">=4" - } - }, "node_modules/p-try": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/p-try/-/p-try-1.0.0.tgz", @@ -13067,7 +9752,9 @@ "node_modules/pako": { "version": "1.0.11", "resolved": "https://registry.npmjs.org/pako/-/pako-1.0.11.tgz", - "integrity": "sha512-4hLB8Py4zZce5s4yd9XzopqwVv/yGNhV1Bl8NTmCq1763HeK2+EwVTv+leGeL13Dnh2wfbqowVPXCIO0z4taYw==" + "integrity": "sha512-4hLB8Py4zZce5s4yd9XzopqwVv/yGNhV1Bl8NTmCq1763HeK2+EwVTv+leGeL13Dnh2wfbqowVPXCIO0z4taYw==", + "dev": true, + "peer": true }, "node_modules/parent-module": { "version": "1.0.1", @@ -13085,6 +9772,8 @@ "version": "5.1.6", "resolved": "https://registry.npmjs.org/parse-asn1/-/parse-asn1-5.1.6.tgz", "integrity": "sha512-RnZRo1EPU6JBnra2vGHj0yhp6ebyjBZpmUCLHWiFhxlzvBCCpAuZ7elsBp1PVAbQN0/04VD/19rfzlBSwLstMw==", + "dev": true, + "peer": true, "dependencies": { "asn1.js": "^5.2.0", "browserify-aes": "^1.0.0", @@ -13097,6 +9786,7 @@ "version": "2.0.0", "resolved": "https://registry.npmjs.org/parse-entities/-/parse-entities-2.0.0.tgz", "integrity": "sha512-kkywGpCcRYhqQIchaWqZ875wzpS/bMKhz5HnN3p7wveJTkTtyAB/AlnS0f8DFSqYW1T82t6yEAkEcB+A1I3MbQ==", + "dev": true, "dependencies": { "character-entities": "^1.0.0", "character-entities-legacy": "^1.0.0", @@ -13131,35 +9821,16 @@ "node_modules/parse5": { "version": "6.0.1", "resolved": "https://registry.npmjs.org/parse5/-/parse5-6.0.1.tgz", - "integrity": "sha512-Ofn/CTFzRGTTxwpNEs9PP93gXShHcTq255nzRYSKe8AkVpZY7e1fpmTfOyoIvjP5HG7Z2ZM7VS9PPhQGW2pOpw==" - }, - "node_modules/parseurl": { - "version": "1.3.3", - "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz", - "integrity": "sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ==", - "engines": { - "node": ">= 0.8" - } - }, - "node_modules/pascal-case": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/pascal-case/-/pascal-case-3.1.2.tgz", - "integrity": "sha512-uWlGT3YSnK9x3BQJaOdcZwrnV6hPpd8jFH1/ucpiLRPh/2zCVJKS19E4GvYHvaCcACn3foXZ0cLB9Wrx1KGe5g==", - "dependencies": { - "no-case": "^3.0.4", - "tslib": "^2.0.3" - } - }, - "node_modules/pascal-case/node_modules/tslib": { - "version": "2.3.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.3.1.tgz", - "integrity": "sha512-77EbyPPpMz+FRFRuAFlWMtmgUWGe9UOG2Z25NqCwiIjRhOf5iKGuzSe5P2w1laq+FkRy4p+PCuVkJSGkzTEKVw==" + "integrity": "sha512-Ofn/CTFzRGTTxwpNEs9PP93gXShHcTq255nzRYSKe8AkVpZY7e1fpmTfOyoIvjP5HG7Z2ZM7VS9PPhQGW2pOpw==", + "dev": true, + "peer": true }, "node_modules/pascalcase": { "version": "0.1.1", "resolved": "https://registry.npmjs.org/pascalcase/-/pascalcase-0.1.1.tgz", "integrity": "sha1-s2PlXoAGym/iF4TS2yK9FdeRfxQ=", "dev": true, + "peer": true, "engines": { "node": ">=0.10.0" } @@ -13167,18 +9838,15 @@ "node_modules/path-browserify": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/path-browserify/-/path-browserify-1.0.1.tgz", - "integrity": "sha512-b7uo2UCUOYZcnF/3ID0lulOJi/bafxa1xPe7ZPsammBSpjSWQkjNxlt635YGS2MiR9GjvuXCtz2emr3jbsz98g==" - }, - "node_modules/path-dirname": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/path-dirname/-/path-dirname-1.0.2.tgz", - "integrity": "sha1-zDPSTVJeCZpTiMAzbG4yuRYGCeA=", - "dev": true + "integrity": "sha512-b7uo2UCUOYZcnF/3ID0lulOJi/bafxa1xPe7ZPsammBSpjSWQkjNxlt635YGS2MiR9GjvuXCtz2emr3jbsz98g==", + "dev": true, + "peer": true }, "node_modules/path-exists": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz", "integrity": "sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==", + "dev": true, "engines": { "node": ">=8" } @@ -13187,6 +9855,7 @@ "version": "1.0.1", "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz", "integrity": "sha1-F0uSaHNVNP+8es5r9TpanhtcX18=", + "dev": true, "engines": { "node": ">=0.10.0" } @@ -13203,7 +9872,8 @@ "node_modules/path-parse": { "version": "1.0.7", "resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz", - "integrity": "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==" + "integrity": "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==", + "dev": true }, "node_modules/path-type": { "version": "4.0.0", @@ -13218,6 +9888,8 @@ "version": "3.1.2", "resolved": "https://registry.npmjs.org/pbkdf2/-/pbkdf2-3.1.2.tgz", "integrity": "sha512-iuh7L6jA7JEGu2WxDwtQP1ddOpaJNC4KlDEFfdQajSGgGPNi4OyDc2R7QnbY2bR9QjBVGwgvTdNJZoE7RaxUMA==", + "dev": true, + "peer": true, "dependencies": { "create-hash": "^1.1.2", "create-hmac": "^1.1.4", @@ -13229,16 +9901,11 @@ "node": ">=0.12" } }, - "node_modules/pend": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/pend/-/pend-1.2.0.tgz", - "integrity": "sha1-elfrVQpng/kRUzH89GY9XI4AelA=", - "dev": true - }, "node_modules/picomatch": { "version": "2.3.0", "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.0.tgz", "integrity": "sha512-lY1Q/PiJGC2zOv/z391WOTD+Z02bCgsFfvxoXXf6h7kv9o+WmsmzYqrAwY63sNgOxE4xEdq0WyUnXfKeBrSvYw==", + "dev": true, "engines": { "node": ">=8.6" }, @@ -13255,25 +9922,14 @@ "node": ">=4" } }, - "node_modules/pinkie": { - "version": "2.0.4", - "resolved": "https://registry.npmjs.org/pinkie/-/pinkie-2.0.4.tgz", - "integrity": "sha1-clVrgM+g1IqXToDnckjoDtT3+HA=", + "node_modules/pirates": { + "version": "4.0.5", + "resolved": "https://registry.npmjs.org/pirates/-/pirates-4.0.5.tgz", + "integrity": "sha512-8V9+HQPupnaXMA23c5hvl69zXvTwTzyAYasnkb0Tts4XvO4CliqONMOnvlq26rkhLC3nWDFBJf73LU1e1VZLaQ==", "dev": true, + "peer": true, "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/pinkie-promise": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/pinkie-promise/-/pinkie-promise-2.0.1.tgz", - "integrity": "sha1-ITXW36ejWMBprJsXh3YogihFD/o=", - "dev": true, - "dependencies": { - "pinkie": "^2.0.0" - }, - "engines": { - "node": ">=0.10.0" + "node": ">= 6" } }, "node_modules/pkg-conf": { @@ -13351,6 +10007,7 @@ "version": "5.0.0", "resolved": "https://registry.npmjs.org/pkg-dir/-/pkg-dir-5.0.0.tgz", "integrity": "sha512-NPE8TDbzl/3YQYY7CSS228s3g2ollTFnc+Qi3tqmqJp9Vg2ovUpixcJEo2HJScN2Ez+kEaal6y70c0ehqJBJeA==", + "dev": true, "dependencies": { "find-up": "^5.0.0" }, @@ -13431,7 +10088,9 @@ "node_modules/platform": { "version": "1.3.6", "resolved": "https://registry.npmjs.org/platform/-/platform-1.3.6.tgz", - "integrity": "sha512-fnWVljUchTro6RiCFvCXBbNhJc2NijN7oIQxbwsyL0buWJPG85v81ehlHI9fXrJsMNgTofEoWIQeClKpgxFLrg==" + "integrity": "sha512-fnWVljUchTro6RiCFvCXBbNhJc2NijN7oIQxbwsyL0buWJPG85v81ehlHI9fXrJsMNgTofEoWIQeClKpgxFLrg==", + "dev": true, + "peer": true }, "node_modules/please-upgrade-node": { "version": "3.2.0", @@ -13446,6 +10105,8 @@ "version": "1.6.4", "resolved": "https://registry.npmjs.org/pnp-webpack-plugin/-/pnp-webpack-plugin-1.6.4.tgz", "integrity": "sha512-7Wjy+9E3WwLOEL30D+m8TSTF7qJJUJLONBnwQp0518siuMxUQUbgZwssaFX+QKlZkjHZcw/IpZCt/H0srrntSg==", + "dev": true, + "peer": true, "dependencies": { "ts-pnp": "^1.1.6" }, @@ -13453,27 +10114,12 @@ "node": ">=6" } }, - "node_modules/popmotion": { - "version": "11.0.0", - "resolved": "https://registry.npmjs.org/popmotion/-/popmotion-11.0.0.tgz", - "integrity": "sha512-kJDyaG00TtcANP5JZ51od+DCqopxBm2a/Txh3Usu23L9qntjY5wumvcVf578N8qXEHR1a+jx9XCv8zOntdYalQ==", - "dependencies": { - "framesync": "^6.0.1", - "hey-listen": "^1.0.8", - "style-value-types": "5.0.0", - "tslib": "^2.1.0" - } - }, - "node_modules/popmotion/node_modules/tslib": { - "version": "2.3.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.3.1.tgz", - "integrity": "sha512-77EbyPPpMz+FRFRuAFlWMtmgUWGe9UOG2Z25NqCwiIjRhOf5iKGuzSe5P2w1laq+FkRy4p+PCuVkJSGkzTEKVw==" - }, "node_modules/posix-character-classes": { "version": "0.1.1", "resolved": "https://registry.npmjs.org/posix-character-classes/-/posix-character-classes-0.1.1.tgz", "integrity": "sha1-AerA/jta9xoqbAL+q7jB/vfgDqs=", "dev": true, + "peer": true, "engines": { "node": ">=0.10.0" } @@ -13482,6 +10128,8 @@ "version": "8.2.15", "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.2.15.tgz", "integrity": "sha512-2zO3b26eJD/8rb106Qu2o7Qgg52ND5HPjcyQiK2B98O388h43A448LCslC0dI2P97wCAQRJsFvwTRcXxTKds+Q==", + "dev": true, + "peer": true, "dependencies": { "colorette": "^1.2.2", "nanoid": "^3.1.23", @@ -13495,19 +10143,6 @@ "url": "https://opencollective.com/postcss/" } }, - "node_modules/postcss-browser-comments": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/postcss-browser-comments/-/postcss-browser-comments-4.0.0.tgz", - "integrity": "sha512-X9X9/WN3KIvY9+hNERUqX9gncsgBA25XaeR+jshHz2j8+sYyHktHw1JdKuMjeLpGktXidqDhA7b/qm1mrBDmgg==", - "dev": true, - "engines": { - "node": ">=8" - }, - "peerDependencies": { - "browserslist": ">=4", - "postcss": ">=8" - } - }, "node_modules/postcss-html": { "version": "0.36.0", "resolved": "https://registry.npmjs.org/postcss-html/-/postcss-html-0.36.0.tgz", @@ -13640,24 +10275,6 @@ "integrity": "sha1-J7Ocb02U+Bsac7j3Y1HGCeXO8kQ=", "dev": true }, - "node_modules/postcss-normalize": { - "version": "10.0.1", - "resolved": "https://registry.npmjs.org/postcss-normalize/-/postcss-normalize-10.0.1.tgz", - "integrity": "sha512-+5w18/rDev5mqERcG3W5GZNMJa1eoYYNGo8gB7tEwaos0ajk3ZXAI4mHGcNT47NE+ZnZD1pEpUOFLvltIwmeJA==", - "dev": true, - "dependencies": { - "@csstools/normalize.css": "*", - "postcss-browser-comments": "^4", - "sanitize.css": "*" - }, - "engines": { - "node": ">= 12" - }, - "peerDependencies": { - "browserslist": ">= 4", - "postcss": ">= 8" - } - }, "node_modules/postcss-resolve-nested-selector": { "version": "0.1.1", "resolved": "https://registry.npmjs.org/postcss-resolve-nested-selector/-/postcss-resolve-nested-selector-0.1.1.tgz", @@ -14263,6 +10880,8 @@ "version": "0.6.1", "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==", + "dev": true, + "peer": true, "engines": { "node": ">=0.10.0" } @@ -14276,15 +10895,6 @@ "node": ">= 0.8.0" } }, - "node_modules/prepend-http": { - "version": "1.0.4", - "resolved": "https://registry.npmjs.org/prepend-http/-/prepend-http-1.0.4.tgz", - "integrity": "sha1-1PRWKwzjaW5BrFLQ4ALlemNdxtw=", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/prettier": { "version": "2.2.1", "resolved": "https://registry.npmjs.org/prettier/-/prettier-2.2.1.tgz", @@ -14309,15 +10919,35 @@ "node": ">=6.0.0" } }, - "node_modules/prismjs": { - "version": "1.24.1", - "resolved": "https://registry.npmjs.org/prismjs/-/prismjs-1.24.1.tgz", - "integrity": "sha512-mNPsedLuk90RVJioIky8ANZEwYm5w9LcvCXrxHlwf4fNVSn8jEipMybMkWUyyF0JhnC+C4VcOVSBuHRKs1L5Ow==" + "node_modules/pretty-format": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/pretty-format/-/pretty-format-26.6.2.tgz", + "integrity": "sha512-7AeGuCYNGmycyQbCqd/3PWH4eOoX/OiCa0uphp57NVTeAGdJGaAliecxwBDHYQCIvrW7aDBZCYeNTP/WX69mkg==", + "dev": true, + "peer": true, + "dependencies": { + "@jest/types": "^26.6.2", + "ansi-regex": "^5.0.0", + "ansi-styles": "^4.0.0", + "react-is": "^17.0.1" + }, + "engines": { + "node": ">= 10" + } + }, + "node_modules/pretty-format/node_modules/react-is": { + "version": "17.0.2", + "resolved": "https://registry.npmjs.org/react-is/-/react-is-17.0.2.tgz", + "integrity": "sha512-w2GsyukL62IJnlaff/nRegPQR94C/XXamvMWmSHRJ4y7Ts/4ocGRmTHvOs8PSE6pB3dWOrD/nueuU5sduBsQ4w==", + "dev": true, + "peer": true }, "node_modules/process": { "version": "0.11.10", "resolved": "https://registry.npmjs.org/process/-/process-0.11.10.tgz", "integrity": "sha1-czIwDoQBYb2j5podHZGn1LwW8YI=", + "dev": true, + "peer": true, "engines": { "node": ">= 0.6.0" } @@ -14325,7 +10955,9 @@ "node_modules/process-nextick-args": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.1.tgz", - "integrity": "sha512-3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag==" + "integrity": "sha512-3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag==", + "dev": true, + "peer": true }, "node_modules/progress": { "version": "2.0.3", @@ -14336,61 +10968,44 @@ "node": ">=0.4.0" } }, - "node_modules/promise-polyfill": { - "version": "8.2.0", - "resolved": "https://registry.npmjs.org/promise-polyfill/-/promise-polyfill-8.2.0.tgz", - "integrity": "sha512-k/TC0mIcPVF6yHhUvwAp7cvL6I2fFV7TzF1DuGPI8mBh4QQazf36xCKEHKTZKRysEoTQoQdKyP25J8MPJp7j5g==" + "node_modules/prompts": { + "version": "2.4.2", + "resolved": "https://registry.npmjs.org/prompts/-/prompts-2.4.2.tgz", + "integrity": "sha512-NxNv/kLguCA7p3jE8oL2aEBsrJWgAakBpgmgK6lpPWV+WuOmY6r2/zbAVnP+T8bQlA0nzHXSJSJW0Hq7ylaD2Q==", + "dev": true, + "peer": true, + "dependencies": { + "kleur": "^3.0.3", + "sisteransi": "^1.0.5" + }, + "engines": { + "node": ">= 6" + } }, "node_modules/prop-types": { "version": "15.7.2", "resolved": "https://registry.npmjs.org/prop-types/-/prop-types-15.7.2.tgz", "integrity": "sha512-8QQikdH7//R2vurIJSutZ1smHYTcLpRWEOlHnzcWHmBYrOGUysKwSsrC89BCiFj3CbrfJ/nXFdJepOVrY1GCHQ==", + "dev": true, "dependencies": { "loose-envify": "^1.4.0", "object-assign": "^4.1.1", "react-is": "^16.8.1" } }, - "node_modules/property-information": { - "version": "5.6.0", - "resolved": "https://registry.npmjs.org/property-information/-/property-information-5.6.0.tgz", - "integrity": "sha512-YUHSPk+A30YPv+0Qf8i9Mbfe/C0hdPXk1s1jPVToV8pk8BQtpw10ct89Eo7OWkutrwqvT0eicAxlOg3dOAu8JA==", - "dependencies": { - "xtend": "^4.0.0" - }, - "funding": { - "type": "github", - "url": "https://github.com/sponsors/wooorm" - } - }, - "node_modules/proto-list": { - "version": "1.2.4", - "resolved": "https://registry.npmjs.org/proto-list/-/proto-list-1.2.4.tgz", - "integrity": "sha1-IS1b/hMYMGpCD2QCuOJv85ZHqEk=", - "dev": true - }, - "node_modules/proxy-addr": { - "version": "2.0.7", - "resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz", - "integrity": "sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==", - "dependencies": { - "forwarded": "0.2.0", - "ipaddr.js": "1.9.1" - }, - "engines": { - "node": ">= 0.10" - } - }, - "node_modules/pseudomap": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/pseudomap/-/pseudomap-1.0.2.tgz", - "integrity": "sha1-8FKijacOYYkX7wqKw0wa5aaChrM=", - "dev": true + "node_modules/psl": { + "version": "1.8.0", + "resolved": "https://registry.npmjs.org/psl/-/psl-1.8.0.tgz", + "integrity": "sha512-RIdOzyoavK+hA18OGGWDqUTsCLhtA7IcZ/6NCs4fFJaHBDab+pDDmDIByWFRQJq2Cd7r1OoQxBGKOaztq+hjIQ==", + "dev": true, + "peer": true }, "node_modules/public-encrypt": { "version": "4.0.3", "resolved": "https://registry.npmjs.org/public-encrypt/-/public-encrypt-4.0.3.tgz", "integrity": "sha512-zVpa8oKZSz5bTMTFClc1fQOnyyEzpl5ozpi1B5YcvBrdohMjH2rfsBtyXcuNuwjsDIXmBYlF2N5FlJYhR29t8Q==", + "dev": true, + "peer": true, "dependencies": { "bn.js": "^4.1.0", "browserify-rsa": "^4.0.0", @@ -14403,12 +11018,16 @@ "node_modules/public-encrypt/node_modules/bn.js": { "version": "4.12.0", "resolved": "https://registry.npmjs.org/bn.js/-/bn.js-4.12.0.tgz", - "integrity": "sha512-c98Bf3tPniI+scsdk237ku1Dc3ujXQTSgyiPUDEOe7tRkhrqridvh8klBv0HCEso1OLOYcHuCv/cS6DNxKH+ZA==" + "integrity": "sha512-c98Bf3tPniI+scsdk237ku1Dc3ujXQTSgyiPUDEOe7tRkhrqridvh8klBv0HCEso1OLOYcHuCv/cS6DNxKH+ZA==", + "dev": true, + "peer": true }, "node_modules/pump": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/pump/-/pump-3.0.0.tgz", "integrity": "sha512-LwZy+p3SFs1Pytd/jYct4wpv49HiYCqd9Rlc5ZVdk0V+8Yzv6jR5Blk3TRmPL1ft69TxP0IMZGJ+WPFU2BFhww==", + "dev": true, + "peer": true, "dependencies": { "end-of-stream": "^1.1.0", "once": "^1.3.1" @@ -14418,39 +11037,9 @@ "version": "2.1.1", "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.1.1.tgz", "integrity": "sha512-XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A==", - "engines": { - "node": ">=6" - } - }, - "node_modules/q": { - "version": "1.5.1", - "resolved": "https://registry.npmjs.org/q/-/q-1.5.1.tgz", - "integrity": "sha1-fjL3W0E4EpHQRhHxvxQQmsAGUdc=", "dev": true, "engines": { - "node": ">=0.6.0", - "teleport": ">=0.2.0" - } - }, - "node_modules/qs": { - "version": "6.7.0", - "resolved": "https://registry.npmjs.org/qs/-/qs-6.7.0.tgz", - "integrity": "sha512-VCdBRNFTX1fyE7Nb6FYoURo/SPe62QCaAyzJvUjwRaIsc+NePBEniHlvxFmmX56+HZphIGtV0XeCirBtpDrTyQ==", - "engines": { - "node": ">=0.6" - } - }, - "node_modules/query-string": { - "version": "5.1.1", - "resolved": "https://registry.npmjs.org/query-string/-/query-string-5.1.1.tgz", - "integrity": "sha512-gjWOsm2SoGlgLEdAGt7a6slVOk9mGiXmPFMqrEhLQ68rhQuBnpfs3+EmlvqKyxnCo9/PPlF+9MtY02S1aFg+Jw==", - "dependencies": { - "decode-uri-component": "^0.2.0", - "object-assign": "^4.1.0", - "strict-uri-encode": "^1.0.0" - }, - "engines": { - "node": ">=0.10.0" + "node": ">=6" } }, "node_modules/querystring": { @@ -14458,6 +11047,8 @@ "resolved": "https://registry.npmjs.org/querystring/-/querystring-0.2.1.tgz", "integrity": "sha512-wkvS7mL/JMugcup3/rMitHmd9ecIGd2lhFhK9N3UUQ450h66d1r3Y9nvXzQAW1Lq+wyx61k/1pfKS5KuKiyEbg==", "deprecated": "The querystring API is considered Legacy. new code should use the URLSearchParams API instead.", + "dev": true, + "peer": true, "engines": { "node": ">=0.4.x" } @@ -14466,6 +11057,8 @@ "version": "0.2.1", "resolved": "https://registry.npmjs.org/querystring-es3/-/querystring-es3-0.2.1.tgz", "integrity": "sha1-nsYfeQSYdXB9aUFFlv2Qek1xHnM=", + "dev": true, + "peer": true, "engines": { "node": ">=0.4.x" } @@ -14474,6 +11067,8 @@ "version": "6.0.2", "resolved": "https://registry.npmjs.org/queue/-/queue-6.0.2.tgz", "integrity": "sha512-iHZWu+q3IdFZFX36ro/lKBkSvfkztY5Y7HMiPlOUjhupPcG2JMfst2KKEpu5XndviX/3UhFbRngUPNKtgvtZiA==", + "dev": true, + "peer": true, "dependencies": { "inherits": "~2.0.3" } @@ -14511,6 +11106,8 @@ "version": "2.1.0", "resolved": "https://registry.npmjs.org/randombytes/-/randombytes-2.1.0.tgz", "integrity": "sha512-vYl3iOX+4CKUWuxGi9Ukhie6fsqXqS9FE2Zaic4tNFD2N2QQaXOMFbuKK4QmDHC0JO6B1Zp41J0LpT0oR68amQ==", + "dev": true, + "peer": true, "dependencies": { "safe-buffer": "^5.1.0" } @@ -14519,23 +11116,19 @@ "version": "1.0.4", "resolved": "https://registry.npmjs.org/randomfill/-/randomfill-1.0.4.tgz", "integrity": "sha512-87lcbR8+MhcWcUiQ+9e+Rwx8MyR2P7qnt15ynUlbm3TU/fjbgz4GsvfSUDTemtCCtVCqb4ZcEFlyPNTh9bBTLw==", + "dev": true, + "peer": true, "dependencies": { "randombytes": "^2.0.5", "safe-buffer": "^5.1.0" } }, - "node_modules/range-parser": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz", - "integrity": "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==", - "engines": { - "node": ">= 0.6" - } - }, "node_modules/raw-body": { "version": "2.4.1", "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.4.1.tgz", "integrity": "sha512-9WmIKF6mkvA0SLmA2Knm9+qj89e+j1zqgyn8aXGd7+nAduPoqgI9lO57SAZNn/Byzo5P7JhXTyg9PzaJbH73bA==", + "dev": true, + "peer": true, "dependencies": { "bytes": "3.1.0", "http-errors": "1.7.3", @@ -14550,6 +11143,8 @@ "version": "1.7.3", "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-1.7.3.tgz", "integrity": "sha512-ZTTX0MWrsQ2ZAhA1cejAwDLycFsd7I7nVtnkT3Ol0aqodaKW+0CTZDQ1uBv5whptCnc8e8HeRRJxRs0kmm/Qfw==", + "dev": true, + "peer": true, "dependencies": { "depd": "~1.1.2", "inherits": "2.0.4", @@ -14561,26 +11156,12 @@ "node": ">= 0.6" } }, - "node_modules/raw-loader": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/raw-loader/-/raw-loader-2.0.0.tgz", - "integrity": "sha512-kZnO5MoIyrojfrPWqrhFNLZemIAX8edMOCp++yC5RKxzFB3m92DqKNhKlU6+FvpOhWtvyh3jOaD7J6/9tpdIKg==", - "dev": true, - "dependencies": { - "loader-utils": "^1.1.0", - "schema-utils": "^1.0.0" - }, - "engines": { - "node": ">= 6.9.0" - }, - "peerDependencies": { - "webpack": "^4.3.0" - } - }, "node_modules/react": { "version": "17.0.2", "resolved": "https://registry.npmjs.org/react/-/react-17.0.2.tgz", "integrity": "sha512-gnhPt75i/dq/z3/6q/0asP78D0u592D5L1pd7M8P+dck6Fu/jJeL6iVVK23fptSUZj8Vjf++7wXA8UNclGQcbA==", + "dev": true, + "peer": true, "dependencies": { "loose-envify": "^1.1.0", "object-assign": "^4.1.1" @@ -14589,49 +11170,12 @@ "node": ">=0.10.0" } }, - "node_modules/react-clientside-effect": { - "version": "1.2.5", - "resolved": "https://registry.npmjs.org/react-clientside-effect/-/react-clientside-effect-1.2.5.tgz", - "integrity": "sha512-2bL8qFW1TGBHozGGbVeyvnggRpMjibeZM2536AKNENLECutp2yfs44IL8Hmpn8qjFQ2K7A9PnYf3vc7aQq/cPA==", - "dependencies": { - "@babel/runtime": "^7.12.13" - }, - "peerDependencies": { - "react": "^15.3.0 || ^16.0.0 || ^17.0.0" - } - }, - "node_modules/react-datocms": { - "version": "1.6.6", - "resolved": "https://registry.npmjs.org/react-datocms/-/react-datocms-1.6.6.tgz", - "integrity": "sha512-7k8HziRVkTLGz5MM+MmdO815rSEUJb1xPv0dNRJoCJBh+UDkB3hRBCwDZgVPJMK5AH9DSshcu6bN1gAhLpHRtw==", - "dependencies": { - "datocms-listen": "^0.1.6", - "datocms-structured-text-generic-html-renderer": "^1.1.0", - "datocms-structured-text-utils": "^1.1.0", - "intersection-observer": "^0.12.0", - "react-intersection-observer": "^8.31.1", - "use-deep-compare-effect": "^1.6.1" - }, - "peerDependencies": { - "react": ">= 16.12.0" - } - }, - "node_modules/react-device-detect": { - "version": "1.17.0", - "resolved": "https://registry.npmjs.org/react-device-detect/-/react-device-detect-1.17.0.tgz", - "integrity": "sha512-bBblIStwpHmoS281JFIVqeimcN3LhpoP5YKDWzxQdBIUP8S2xPvHDgizLDhUq2ScguLfVPmwfF5y268EEQR60w==", - "dependencies": { - "ua-parser-js": "^0.7.24" - }, - "peerDependencies": { - "react": ">= 0.14.0 < 18.0.0", - "react-dom": ">= 0.14.0 < 18.0.0" - } - }, "node_modules/react-dom": { "version": "17.0.2", "resolved": "https://registry.npmjs.org/react-dom/-/react-dom-17.0.2.tgz", "integrity": "sha512-s4h96KtLDUQlsENhMn1ar8t2bEa+q/YAtj8pPPdIjPDGBDIVNsrD9aXNWqspUe6AzKCIG0C1HZZLqLV7qpOBGA==", + "dev": true, + "peer": true, "dependencies": { "loose-envify": "^1.1.0", "object-assign": "^4.1.1", @@ -14641,198 +11185,22 @@ "react": "17.0.2" } }, - "node_modules/react-fast-compare": { - "version": "2.0.4", - "resolved": "https://registry.npmjs.org/react-fast-compare/-/react-fast-compare-2.0.4.tgz", - "integrity": "sha512-suNP+J1VU1MWFKcyt7RtjiSWUjvidmQSlqu+eHslq+342xCbGTYmC0mEhPCOHxlW0CywylOC1u2DFAT+bv4dBw==" - }, - "node_modules/react-focus-lock": { - "version": "2.6.0", - "resolved": "https://registry.npmjs.org/react-focus-lock/-/react-focus-lock-2.6.0.tgz", - "integrity": "sha512-2yB5KWyaefbvFDgqvsg/KpIjbqVlhIY2c/dyDcokDLhB3Ib7I4bjsrta5OkI5euUoIu5xBTyBwIQZPykUJAr1g==", - "dependencies": { - "@babel/runtime": "^7.0.0", - "focus-lock": "^0.9.2", - "prop-types": "^15.6.2", - "react-clientside-effect": "^1.2.5", - "use-callback-ref": "^1.2.5", - "use-sidecar": "^1.0.5" - }, - "peerDependencies": { - "react": "^16.8.0 || ^17.0.0 || ^18.0.0" - } - }, - "node_modules/react-instantsearch-core": { - "version": "6.12.1", - "resolved": "https://registry.npmjs.org/react-instantsearch-core/-/react-instantsearch-core-6.12.1.tgz", - "integrity": "sha512-X4OqakDI3DOcFiS1S46z+cciKEQcKBmH8HGQLztzW14hoHRqFfZzuqWydlSxfJZN5WksMMm78EmL2jvoqIHd/A==", - "dependencies": { - "@babel/runtime": "^7.1.2", - "algoliasearch-helper": "^3.5.3", - "prop-types": "^15.6.2", - "react-fast-compare": "^3.0.0" - }, - "peerDependencies": { - "algoliasearch": ">= 3.1 < 5", - "react": ">= 16.3.0 < 18" - } - }, - "node_modules/react-instantsearch-core/node_modules/react-fast-compare": { - "version": "3.2.0", - "resolved": "https://registry.npmjs.org/react-fast-compare/-/react-fast-compare-3.2.0.tgz", - "integrity": "sha512-rtGImPZ0YyLrscKI9xTpV8psd6I8VAtjKCzQDlzyDvqJA8XOW78TXYQwNRNd8g8JZnDu8q9Fu/1v4HPAVwVdHA==" - }, - "node_modules/react-instantsearch-dom": { - "version": "6.12.1", - "resolved": "https://registry.npmjs.org/react-instantsearch-dom/-/react-instantsearch-dom-6.12.1.tgz", - "integrity": "sha512-KXk2UDmJ3OP9B57owPC0+7fdcVtmYAA6/UWimR9CXhvFGCMi11xlR/wscYMYxdPuxs9IkmnnLDIJSjSGADYnow==", - "dependencies": { - "@babel/runtime": "^7.1.2", - "algoliasearch-helper": "^3.5.3", - "classnames": "^2.2.5", - "prop-types": "^15.6.2", - "react-fast-compare": "^3.0.0", - "react-instantsearch-core": "^6.12.1" - }, - "peerDependencies": { - "react": ">= 16.3.0 < 18", - "react-dom": ">= 16.3.0 < 18" - } - }, - "node_modules/react-instantsearch-dom/node_modules/react-fast-compare": { - "version": "3.2.0", - "resolved": "https://registry.npmjs.org/react-fast-compare/-/react-fast-compare-3.2.0.tgz", - "integrity": "sha512-rtGImPZ0YyLrscKI9xTpV8psd6I8VAtjKCzQDlzyDvqJA8XOW78TXYQwNRNd8g8JZnDu8q9Fu/1v4HPAVwVdHA==" - }, - "node_modules/react-intersection-observer": { - "version": "8.32.5", - "resolved": "https://registry.npmjs.org/react-intersection-observer/-/react-intersection-observer-8.32.5.tgz", - "integrity": "sha512-4xKdUWRNdPueXXxTyMOV41w6qIa4tsV7BbWOW+IYsvGPP7wxOj9V6o3cKywie+/VDr5Qs7pCzi5Wom78dUxj1w==", - "peerDependencies": { - "react": "^15.0.0 || ^16.0.0 || ^17.0.0|| ^18.0.0" - } - }, "node_modules/react-is": { "version": "16.13.1", "resolved": "https://registry.npmjs.org/react-is/-/react-is-16.13.1.tgz", - "integrity": "sha512-24e6ynE2H+OKt4kqsOvNd8kBpV65zoxbA4BVsEOB3ARVWQki/DHzaUoC5KuON/BiccDaCCTZBuOcfZs70kR8bQ==" - }, - "node_modules/react-move": { - "version": "6.4.0", - "resolved": "https://registry.npmjs.org/react-move/-/react-move-6.4.0.tgz", - "integrity": "sha512-TNyDQESDZ0xsejnxFTQ9CKarJQN6NbgpImrvIEzOVe7+jt8y7uTjJwWxqFTfmvwskIs+RmUbCWdN7PAbGyhrdA==", - "dependencies": { - "@babel/runtime": "^7.10.3", - "kapellmeister": "^3.0.1", - "prop-types": "^15.7.2" - }, - "peerDependencies": { - "react": "^16.3.0" - } - }, - "node_modules/react-player": { - "version": "2.9.0", - "resolved": "https://registry.npmjs.org/react-player/-/react-player-2.9.0.tgz", - "integrity": "sha512-jNUkTfMmUhwPPAktAdIqiBcVUKsFKrVGH6Ocutj6535CNfM91yrvWxHg6fvIX8Y/fjYUPoejddwh7qboNV9vGA==", - "dependencies": { - "deepmerge": "^4.0.0", - "load-script": "^1.0.0", - "memoize-one": "^5.1.1", - "prop-types": "^15.7.2", - "react-fast-compare": "^3.0.1" - }, - "peerDependencies": { - "react": ">=16.6.0" - } - }, - "node_modules/react-player/node_modules/deepmerge": { - "version": "4.2.2", - "resolved": "https://registry.npmjs.org/deepmerge/-/deepmerge-4.2.2.tgz", - "integrity": "sha512-FJ3UgI4gIl+PHZm53knsuSFpE+nESMr7M4v9QcgB7S63Kj/6WqMiFQJpBBYz1Pt+66bZpP3Q7Lye0Oo9MPKEdg==", - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/react-player/node_modules/react-fast-compare": { - "version": "3.2.0", - "resolved": "https://registry.npmjs.org/react-fast-compare/-/react-fast-compare-3.2.0.tgz", - "integrity": "sha512-rtGImPZ0YyLrscKI9xTpV8psd6I8VAtjKCzQDlzyDvqJA8XOW78TXYQwNRNd8g8JZnDu8q9Fu/1v4HPAVwVdHA==" + "integrity": "sha512-24e6ynE2H+OKt4kqsOvNd8kBpV65zoxbA4BVsEOB3ARVWQki/DHzaUoC5KuON/BiccDaCCTZBuOcfZs70kR8bQ==", + "dev": true }, "node_modules/react-refresh": { "version": "0.8.3", "resolved": "https://registry.npmjs.org/react-refresh/-/react-refresh-0.8.3.tgz", "integrity": "sha512-X8jZHc7nCMjaCqoU+V2I0cOhNW+QMBwSUkeXnTi8IPe6zaRWfn60ZzvFDZqWPfmSJfjub7dDW1SP0jaHWLu/hg==", + "dev": true, + "peer": true, "engines": { "node": ">=0.10.0" } }, - "node_modules/react-remove-scroll": { - "version": "2.4.3", - "resolved": "https://registry.npmjs.org/react-remove-scroll/-/react-remove-scroll-2.4.3.tgz", - "integrity": "sha512-lGWYXfV6jykJwbFpsuPdexKKzp96f3RbvGapDSIdcyGvHb7/eqyn46C7/6h+rUzYar1j5mdU+XECITHXCKBk9Q==", - "dependencies": { - "react-remove-scroll-bar": "^2.1.0", - "react-style-singleton": "^2.1.0", - "tslib": "^1.0.0", - "use-callback-ref": "^1.2.3", - "use-sidecar": "^1.0.1" - }, - "engines": { - "node": ">=8.5.0" - }, - "peerDependencies": { - "@types/react": "^16.8.0 || ^17.0.0", - "react": "^16.8.0 || ^17.0.0" - }, - "peerDependenciesMeta": { - "@types/react": { - "optional": true - } - } - }, - "node_modules/react-remove-scroll-bar": { - "version": "2.2.0", - "resolved": "https://registry.npmjs.org/react-remove-scroll-bar/-/react-remove-scroll-bar-2.2.0.tgz", - "integrity": "sha512-UU9ZBP1wdMR8qoUs7owiVcpaPwsQxUDC2lypP6mmixaGlARZa7ZIBx1jcuObLdhMOvCsnZcvetOho0wzPa9PYg==", - "dependencies": { - "react-style-singleton": "^2.1.0", - "tslib": "^1.0.0" - }, - "engines": { - "node": ">=8.5.0" - }, - "peerDependencies": { - "@types/react": "^16.8.0 || ^17.0.0", - "react": "^16.8.0 || ^17.0.0" - }, - "peerDependenciesMeta": { - "@types/react": { - "optional": true - } - } - }, - "node_modules/react-style-singleton": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/react-style-singleton/-/react-style-singleton-2.1.1.tgz", - "integrity": "sha512-jNRp07Jza6CBqdRKNgGhT3u9umWvils1xsuMOjZlghBDH2MU0PL2WZor4PGYjXpnRCa9DQSlHMs/xnABWOwYbA==", - "dependencies": { - "get-nonce": "^1.0.0", - "invariant": "^2.2.4", - "tslib": "^1.0.0" - }, - "engines": { - "node": ">=8.5.0" - }, - "peerDependencies": { - "@types/react": "^16.8.0 || ^17.0.0", - "react": "^16.8.0 || ^17.0.0" - }, - "peerDependenciesMeta": { - "@types/react": { - "optional": true - } - } - }, "node_modules/read-pkg": { "version": "5.2.0", "resolved": "https://registry.npmjs.org/read-pkg/-/read-pkg-5.2.0.tgz", @@ -14966,6 +11334,7 @@ "version": "3.6.0", "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.0.tgz", "integrity": "sha512-BViHy7LKeTz4oNnkcLJ+lVSL6vpiFeX6/d3oSH8zCW7UxP2onchk+vTGB143xuFjHS3deTgkKoXXymXqymiIdA==", + "dev": true, "dependencies": { "inherits": "^2.0.3", "string_decoder": "^1.1.1", @@ -14979,6 +11348,7 @@ "version": "3.5.0", "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-3.5.0.tgz", "integrity": "sha512-cMhu7c/8rdhkHXWsY+osBhfSy0JikwpHK/5+imo+LpeasTF8ouErHrlYkwT0++njiyuDvc7OFY5T3ukvZ8qmFQ==", + "dev": true, "dependencies": { "picomatch": "^2.2.1" }, @@ -14999,30 +11369,18 @@ "node": ">=8" } }, - "node_modules/refractor": { - "version": "3.4.0", - "resolved": "https://registry.npmjs.org/refractor/-/refractor-3.4.0.tgz", - "integrity": "sha512-dBeD02lC5eytm9Gld2Mx0cMcnR+zhSnsTfPpWqFaMgUMJfC9A6bcN3Br/NaXrnBJcuxnLFR90k1jrkaSyV8umg==", - "dependencies": { - "hastscript": "^6.0.0", - "parse-entities": "^2.0.0", - "prismjs": "~1.24.0" - }, - "funding": { - "type": "github", - "url": "https://github.com/sponsors/wooorm" - } - }, "node_modules/regenerator-runtime": { "version": "0.13.7", "resolved": "https://registry.npmjs.org/regenerator-runtime/-/regenerator-runtime-0.13.7.tgz", - "integrity": "sha512-a54FxoJDIr27pgf7IgeQGxmqUNYrcV338lf/6gH456HZ/PhX+5BcwHXG9ajESmwe6WRO0tAzRUrRmNONWgkrew==" + "integrity": "sha512-a54FxoJDIr27pgf7IgeQGxmqUNYrcV338lf/6gH456HZ/PhX+5BcwHXG9ajESmwe6WRO0tAzRUrRmNONWgkrew==", + "dev": true }, "node_modules/regex-not": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/regex-not/-/regex-not-1.0.2.tgz", "integrity": "sha512-J6SDjUgDxQj5NusnOtdFxDwN/+HWykR8GELwctJ7mdqhcyy1xEc4SRFHUXvxTp661YaVKAjfRLZ9cCqS6tn32A==", "dev": true, + "peer": true, "dependencies": { "extend-shallow": "^3.0.2", "safe-regex": "^1.1.0" @@ -15059,35 +11417,11 @@ "url": "https://github.com/sponsors/mysticatea" } }, - "node_modules/rehype-parse": { - "version": "7.0.1", - "resolved": "https://registry.npmjs.org/rehype-parse/-/rehype-parse-7.0.1.tgz", - "integrity": "sha512-fOiR9a9xH+Le19i4fGzIEowAbwG7idy2Jzs4mOrFWBSJ0sNUgy0ev871dwWnbOo371SjgjG4pwzrbgSVrKxecw==", - "dependencies": { - "hast-util-from-parse5": "^6.0.0", - "parse5": "^6.0.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" - } - }, - "node_modules/rehype-stringify": { - "version": "8.0.0", - "resolved": "https://registry.npmjs.org/rehype-stringify/-/rehype-stringify-8.0.0.tgz", - "integrity": "sha512-VkIs18G0pj2xklyllrPSvdShAV36Ff3yE5PUO9u36f6+2qJFnn22Z5gKwBOwgXviux4UC7K+/j13AnZfPICi/g==", - "dependencies": { - "hast-util-to-html": "^7.1.1" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" - } - }, "node_modules/remark": { "version": "13.0.0", "resolved": "https://registry.npmjs.org/remark/-/remark-13.0.0.tgz", "integrity": "sha512-HDz1+IKGtOyWN+QgBiAT0kn+2s6ovOxHyPAFGKVE81VSzJ+mq7RwHFledEvB5F1p4iJvOah/LOKdFuzvRnNLCA==", + "dev": true, "dependencies": { "remark-parse": "^9.0.0", "remark-stringify": "^9.0.0", @@ -15098,83 +11432,11 @@ "url": "https://opencollective.com/unified" } }, - "node_modules/remark-footnotes": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/remark-footnotes/-/remark-footnotes-2.0.0.tgz", - "integrity": "sha512-3Clt8ZMH75Ayjp9q4CorNeyjwIxHFcTkaektplKGl2A1jNGEUey8cKL0ZC5vJwfcD5GFGsNLImLG/NGzWIzoMQ==", - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" - } - }, - "node_modules/remark-math": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/remark-math/-/remark-math-4.0.0.tgz", - "integrity": "sha512-lH7SoQenXtQrvL0bm+mjZbvOk//YWNuyR+MxV18Qyv8rgFmMEGNuB0TSCQDkoDaiJ40FCnG8lxErc/zhcedYbw==", - "dependencies": { - "mdast-util-math": "^0.1.0", - "micromark-extension-math": "^0.1.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" - } - }, - "node_modules/remark-mdx": { - "version": "1.6.22", - "resolved": "https://registry.npmjs.org/remark-mdx/-/remark-mdx-1.6.22.tgz", - "integrity": "sha512-phMHBJgeV76uyFkH4rvzCftLfKCr2RZuF+/gmVcaKrpsihyzmhXjA0BEMDaPTXG5y8qZOKPVo83NAOX01LPnOQ==", - "dependencies": { - "@babel/core": "7.12.9", - "@babel/helper-plugin-utils": "7.10.4", - "@babel/plugin-proposal-object-rest-spread": "7.12.1", - "@babel/plugin-syntax-jsx": "7.12.1", - "@mdx-js/util": "1.6.22", - "is-alphabetical": "1.0.4", - "remark-parse": "8.0.3", - "unified": "9.2.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" - } - }, - "node_modules/remark-mdx/node_modules/@babel/helper-plugin-utils": { - "version": "7.10.4", - "resolved": "https://registry.npmjs.org/@babel/helper-plugin-utils/-/helper-plugin-utils-7.10.4.tgz", - "integrity": "sha512-O4KCvQA6lLiMU9l2eawBPMf1xPP8xPfB3iEQw150hOVTqj/rfXz0ThTb4HEzqQfs2Bmo5Ay8BzxfzVtBrr9dVg==" - }, - "node_modules/remark-mdx/node_modules/remark-parse": { - "version": "8.0.3", - "resolved": "https://registry.npmjs.org/remark-parse/-/remark-parse-8.0.3.tgz", - "integrity": "sha512-E1K9+QLGgggHxCQtLt++uXltxEprmWzNfg+MxpfHsZlrddKzZ/hZyWHDbK3/Ap8HJQqYJRXP+jHczdL6q6i85Q==", - "dependencies": { - "ccount": "^1.0.0", - "collapse-white-space": "^1.0.2", - "is-alphabetical": "^1.0.0", - "is-decimal": "^1.0.0", - "is-whitespace-character": "^1.0.0", - "is-word-character": "^1.0.0", - "markdown-escapes": "^1.0.0", - "parse-entities": "^2.0.0", - "repeat-string": "^1.5.4", - "state-toggle": "^1.0.0", - "trim": "0.0.1", - "trim-trailing-lines": "^1.0.0", - "unherit": "^1.0.4", - "unist-util-remove-position": "^2.0.0", - "vfile-location": "^3.0.0", - "xtend": "^4.0.1" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" - } - }, "node_modules/remark-parse": { "version": "9.0.0", "resolved": "https://registry.npmjs.org/remark-parse/-/remark-parse-9.0.0.tgz", "integrity": "sha512-geKatMwSzEXKHuzBNU1z676sGcDcFoChMK38TgdHJNAYfFtsfHDQG7MoJAjs6sgYMqyLduCYWDIWZIxiPeafEw==", + "dev": true, "dependencies": { "mdast-util-from-markdown": "^0.8.0" }, @@ -15183,22 +11445,11 @@ "url": "https://opencollective.com/unified" } }, - "node_modules/remark-squeeze-paragraphs": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/remark-squeeze-paragraphs/-/remark-squeeze-paragraphs-4.0.0.tgz", - "integrity": "sha512-8qRqmL9F4nuLPIgl92XUuxI3pFxize+F1H0e/W3llTk0UsjJaj01+RrirkMw7P21RKe4X6goQhYRSvNWX+70Rw==", - "dependencies": { - "mdast-squeeze-paragraphs": "^4.0.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" - } - }, "node_modules/remark-stringify": { "version": "9.0.1", "resolved": "https://registry.npmjs.org/remark-stringify/-/remark-stringify-9.0.1.tgz", "integrity": "sha512-mWmNg3ZtESvZS8fv5PTvaPckdL4iNlCHTt8/e/8oN08nArHRHjNZMKzA/YW3+p7/lYqIw4nx1XsjCBo/AxNChg==", + "dev": true, "dependencies": { "mdast-util-to-markdown": "^0.6.0" }, @@ -15207,11 +11458,19 @@ "url": "https://opencollective.com/unified" } }, + "node_modules/remove-trailing-separator": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/remove-trailing-separator/-/remove-trailing-separator-1.1.0.tgz", + "integrity": "sha1-wkvOKig62tW8P1jg1IJJuSN52O8=", + "dev": true, + "peer": true + }, "node_modules/repeat-element": { "version": "1.1.4", "resolved": "https://registry.npmjs.org/repeat-element/-/repeat-element-1.1.4.tgz", "integrity": "sha512-LFiNfRcSu7KK3evMyYOuCzv3L10TW7yC1G2/+StMjK8Y6Vqd2MG7r/Qjw4ghtuCOjFvlnms/iMmLqpvW/ES/WQ==", "dev": true, + "peer": true, "engines": { "node": ">=0.10.0" } @@ -15220,31 +11479,21 @@ "version": "1.6.1", "resolved": "https://registry.npmjs.org/repeat-string/-/repeat-string-1.6.1.tgz", "integrity": "sha1-jcrkcOHIirwtYA//Sndihtp15jc=", + "dev": true, "engines": { "node": ">=0.10" } }, - "node_modules/repeating": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/repeating/-/repeating-2.0.1.tgz", - "integrity": "sha1-UhTFOpJtNVJwdSf7q0FdvAjQbdo=", + "node_modules/require-directory": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz", + "integrity": "sha1-jGStX9MNqxyXbiNE/+f3kqam30I=", "dev": true, - "dependencies": { - "is-finite": "^1.0.0" - }, + "peer": true, "engines": { "node": ">=0.10.0" } }, - "node_modules/replace-ext": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/replace-ext/-/replace-ext-1.0.1.tgz", - "integrity": "sha512-yD5BHCe7quCgBph4rMQ+0KkIRKwWCrHDOX1p1Gp6HwjPM5kVoCdKGNhN7ydqqsX6lJEnQDKZ/tFMiEdQ1dvPEw==", - "dev": true, - "engines": { - "node": ">= 0.10" - } - }, "node_modules/require-from-string": { "version": "2.0.2", "resolved": "https://registry.npmjs.org/require-from-string/-/require-from-string-2.0.2.tgz", @@ -15254,10 +11503,18 @@ "node": ">=0.10.0" } }, + "node_modules/require-main-filename": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/require-main-filename/-/require-main-filename-2.0.0.tgz", + "integrity": "sha512-NKN5kMDylKuldxYLSUfrbo5Tuzh4hd+2E8NPPX02mZtn1VuREQToYe/ZdlJy+J3uCpfaiGF05e7B8W0iXbQHmg==", + "dev": true, + "peer": true + }, "node_modules/resolve": { "version": "1.20.0", "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.20.0.tgz", "integrity": "sha512-wENBPt4ySzg4ybFQW2TT1zMQucPK95HSh/nq2CFTZVOGut2+pQvSsgtda4d26YrYcr067wjbmzOG8byDPBX63A==", + "dev": true, "dependencies": { "is-core-module": "^2.2.0", "path-parse": "^1.0.6" @@ -15266,6 +11523,29 @@ "url": "https://github.com/sponsors/ljharb" } }, + "node_modules/resolve-cwd": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/resolve-cwd/-/resolve-cwd-3.0.0.tgz", + "integrity": "sha512-OrZaX2Mb+rJCpH/6CpSqt9xFVpN++x01XnN2ie9g6P5/3xelLAkXWVADpdz1IHD/KFfEXyE6V0U01OQ3UO2rEg==", + "dev": true, + "peer": true, + "dependencies": { + "resolve-from": "^5.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/resolve-cwd/node_modules/resolve-from": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-5.0.0.tgz", + "integrity": "sha512-qYg9KP24dD5qka9J47d0aVky0N+b4fTU89LN9iDnjB5waksiC49rvMB0PrUJQGoTmH50XPiqOvAjDfaijGxYZw==", + "dev": true, + "peer": true, + "engines": { + "node": ">=8" + } + }, "node_modules/resolve-from": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-4.0.0.tgz", @@ -15280,16 +11560,8 @@ "resolved": "https://registry.npmjs.org/resolve-url/-/resolve-url-0.2.1.tgz", "integrity": "sha1-LGN/53yJOv0qZj/iGqkIAGjiBSo=", "deprecated": "https://github.com/lydell/resolve-url#deprecated", - "dev": true - }, - "node_modules/responselike": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/responselike/-/responselike-1.0.2.tgz", - "integrity": "sha1-kYcg7ztjHFZCvgaPFa3lpG9Loec=", "dev": true, - "dependencies": { - "lowercase-keys": "^1.0.0" - } + "peer": true }, "node_modules/restore-cursor": { "version": "3.1.0", @@ -15309,6 +11581,7 @@ "resolved": "https://registry.npmjs.org/ret/-/ret-0.1.15.tgz", "integrity": "sha512-TTlYpa+OL+vMMNG24xSlQGEJ3B/RzEfUlLct7b5G/ytav+wPrplCpVMFuwzXbkecJrb6IYo1iFb0S9v37754mg==", "dev": true, + "peer": true, "engines": { "node": ">=0.12" } @@ -15342,6 +11615,8 @@ "version": "2.0.2", "resolved": "https://registry.npmjs.org/ripemd160/-/ripemd160-2.0.2.tgz", "integrity": "sha512-ii4iagi25WusVoiC4B4lq7pbXfAp3D9v5CwfkY33vffw2+pkDjY1D8GaN7spsxvCSx8dkPqOZCEZyfxcmJG2IA==", + "dev": true, + "peer": true, "dependencies": { "hash-base": "^3.0.0", "inherits": "^2.0.1" @@ -15351,11 +11626,22 @@ "version": "0.3.1", "resolved": "https://registry.npmjs.org/rivet-graphql/-/rivet-graphql-0.3.1.tgz", "integrity": "sha512-HEov02XhZ6H1jOME+mO8CZwliu/UtgZSHixYUwvQ7HSx3gk8EOVaQY5c3zscOYjZECvP8cR4+1Ob3KHWJRWEMw==", + "dev": true, "dependencies": { "graphql": "^15.3.0", "graphql-request": "^3.0.0" } }, + "node_modules/rsvp": { + "version": "4.8.5", + "resolved": "https://registry.npmjs.org/rsvp/-/rsvp-4.8.5.tgz", + "integrity": "sha512-nfMOlASu9OnRJo1mbEk2cz0D56a1MBNrJ7orjRZQG10XDyuvwksKbuXNp6qa+kbn839HwjwhBzhFmdsaEAfauA==", + "dev": true, + "peer": true, + "engines": { + "node": "6.* || >= 7.*" + } + }, "node_modules/run-async": { "version": "2.4.1", "resolved": "https://registry.npmjs.org/run-async/-/run-async-2.4.1.tgz", @@ -15403,13 +11689,15 @@ "node_modules/safe-buffer": { "version": "5.1.2", "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz", - "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==" + "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==", + "dev": true }, "node_modules/safe-regex": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/safe-regex/-/safe-regex-1.1.0.tgz", "integrity": "sha1-QKNmnzsHfR6UPURinhV91IAjvy4=", "dev": true, + "peer": true, "dependencies": { "ret": "~0.1.10" } @@ -15417,67 +11705,73 @@ "node_modules/safer-buffer": { "version": "2.1.2", "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz", - "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==" - }, - "node_modules/sanitize.css": { - "version": "13.0.0", - "resolved": "https://registry.npmjs.org/sanitize.css/-/sanitize.css-13.0.0.tgz", - "integrity": "sha512-ZRwKbh/eQ6w9vmTjkuG0Ioi3HBwPFce0O+v//ve+aOq1oeCy7jMV2qzzAlpsNuqpqCBjjriM1lbtZbF/Q8jVyA==", + "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==", "dev": true }, - "node_modules/sax": { - "version": "1.2.4", - "resolved": "https://registry.npmjs.org/sax/-/sax-1.2.4.tgz", - "integrity": "sha512-NqVDv9TpANUjFm0N8uM5GxL36UgKi9/atZw+x7YFnQ8ckwFGKrl4xX4yWtrey3UJm5nP1kUbnYgLopqWNSRhWw==", - "dev": true - }, - "node_modules/scheduler": { - "version": "0.20.2", - "resolved": "https://registry.npmjs.org/scheduler/-/scheduler-0.20.2.tgz", - "integrity": "sha512-2eWfGgAqqWFGqtdMmcL5zCMK1U8KlXv8SQFGglL3CEtd0aDVDWgeF/YoCmvln55m5zSk3J/20hTaSBeSObsQDQ==", - "dependencies": { - "loose-envify": "^1.1.0", - "object-assign": "^4.1.1" - } - }, - "node_modules/schema-utils": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-1.0.0.tgz", - "integrity": "sha512-i27Mic4KovM/lnGsy8whRCHhc7VicJajAjTrYg11K9zfZXnYIt4k5F+kZkwjnrhKzLic/HLU4j11mjsz2G/75g==", + "node_modules/sane": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/sane/-/sane-4.1.0.tgz", + "integrity": "sha512-hhbzAgTIX8O7SHfp2c8/kREfEn4qO/9q8C9beyY6+tvZ87EpoZ3i1RIEvp27YBswnNbY9mWd6paKVmKbAgLfZA==", + "deprecated": "some dependency vulnerabilities fixed, support for node < 10 dropped, and newer ECMAScript syntax/features added", "dev": true, + "peer": true, "dependencies": { - "ajv": "^6.1.0", - "ajv-errors": "^1.0.0", - "ajv-keywords": "^3.1.0" + "@cnakazawa/watch": "^1.0.3", + "anymatch": "^2.0.0", + "capture-exit": "^2.0.0", + "exec-sh": "^0.3.2", + "execa": "^1.0.0", + "fb-watchman": "^2.0.0", + "micromatch": "^3.1.4", + "minimist": "^1.1.1", + "walker": "~1.0.5" + }, + "bin": { + "sane": "src/cli.js" }, "engines": { - "node": ">= 4" + "node": "6.* || 8.* || >= 10.*" } }, - "node_modules/search-insights": { - "version": "1.8.0", - "resolved": "https://registry.npmjs.org/search-insights/-/search-insights-1.8.0.tgz", - "integrity": "sha512-4sd6oS/sLH/UxiZ4vMoDbcpJP01pcoNI4mm3ZsUfDAMCPKxDda1R8SFZUv618og3NYBvvWvwmf8VRC0rNYuTkg==", - "engines": { - "node": ">=8.16.0" - } - }, - "node_modules/section-matter": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/section-matter/-/section-matter-1.0.0.tgz", - "integrity": "sha512-vfD3pmTzGpufjScBh50YHKzEu2lxBWhVEHsNGoEXmCmn2hKGfeNLYMzCJpe8cD7gqX7TJluOVpBkAequ6dgMmA==", + "node_modules/sane/node_modules/anymatch": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/anymatch/-/anymatch-2.0.0.tgz", + "integrity": "sha512-5teOsQWABXHHBFP9y3skS5P3d/WfWXpv3FUpy+LorMrNYaT9pI4oLMQX7jzQ2KklNpGpWHzdCXTDT2Y3XGlZBw==", + "dev": true, + "peer": true, "dependencies": { + "micromatch": "^3.1.4", + "normalize-path": "^2.1.1" + } + }, + "node_modules/sane/node_modules/braces": { + "version": "2.3.2", + "resolved": "https://registry.npmjs.org/braces/-/braces-2.3.2.tgz", + "integrity": "sha512-aNdbnj9P8PjdXU4ybaWLK2IF3jc/EoDYbC7AazW6to3TRsfXxscC9UXOB5iDiEQrkyIbWp2SLQda4+QAa7nc3w==", + "dev": true, + "peer": true, + "dependencies": { + "arr-flatten": "^1.1.0", + "array-unique": "^0.3.2", "extend-shallow": "^2.0.1", - "kind-of": "^6.0.0" + "fill-range": "^4.0.0", + "isobject": "^3.0.1", + "repeat-element": "^1.1.2", + "snapdragon": "^0.8.1", + "snapdragon-node": "^2.0.1", + "split-string": "^3.0.2", + "to-regex": "^3.0.1" }, "engines": { - "node": ">=4" + "node": ">=0.10.0" } }, - "node_modules/section-matter/node_modules/extend-shallow": { + "node_modules/sane/node_modules/braces/node_modules/extend-shallow": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz", "integrity": "sha1-Ua99YUrZqfYQ6huvu5idaxxWiQ8=", + "dev": true, + "peer": true, "dependencies": { "is-extendable": "^0.1.0" }, @@ -15485,29 +11779,277 @@ "node": ">=0.10.0" } }, - "node_modules/seek-bzip": { - "version": "1.0.6", - "resolved": "https://registry.npmjs.org/seek-bzip/-/seek-bzip-1.0.6.tgz", - "integrity": "sha512-e1QtP3YL5tWww8uKaOCQ18UxIT2laNBXHjV/S2WYCiK4udiv8lkG89KRIoCjUagnAmCBurjF4zEVX2ByBbnCjQ==", + "node_modules/sane/node_modules/cross-spawn": { + "version": "6.0.5", + "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-6.0.5.tgz", + "integrity": "sha512-eTVLrBSt7fjbDygz805pMnstIs2VTBNkRm0qxZd+M7A5XDdxVRWO5MxGBXZhjY4cqLYLdtrGqRf8mBPmzwSpWQ==", "dev": true, + "peer": true, "dependencies": { - "commander": "^2.8.1" + "nice-try": "^1.0.4", + "path-key": "^2.0.1", + "semver": "^5.5.0", + "shebang-command": "^1.2.0", + "which": "^1.2.9" }, - "bin": { - "seek-bunzip": "bin/seek-bunzip", - "seek-table": "bin/seek-bzip-table" + "engines": { + "node": ">=4.8" } }, - "node_modules/seek-bzip/node_modules/commander": { - "version": "2.20.3", - "resolved": "https://registry.npmjs.org/commander/-/commander-2.20.3.tgz", - "integrity": "sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ==", - "dev": true + "node_modules/sane/node_modules/execa": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/execa/-/execa-1.0.0.tgz", + "integrity": "sha512-adbxcyWV46qiHyvSp50TKt05tB4tK3HcmF7/nxfAdhnox83seTDbwnaqKO4sXRy7roHAIFqJP/Rw/AuEbX61LA==", + "dev": true, + "peer": true, + "dependencies": { + "cross-spawn": "^6.0.0", + "get-stream": "^4.0.0", + "is-stream": "^1.1.0", + "npm-run-path": "^2.0.0", + "p-finally": "^1.0.0", + "signal-exit": "^3.0.0", + "strip-eof": "^1.0.0" + }, + "engines": { + "node": ">=6" + } + }, + "node_modules/sane/node_modules/fill-range": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-4.0.0.tgz", + "integrity": "sha1-1USBHUKPmOsGpj3EAtJAPDKMOPc=", + "dev": true, + "peer": true, + "dependencies": { + "extend-shallow": "^2.0.1", + "is-number": "^3.0.0", + "repeat-string": "^1.6.1", + "to-regex-range": "^2.1.0" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/sane/node_modules/fill-range/node_modules/extend-shallow": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz", + "integrity": "sha1-Ua99YUrZqfYQ6huvu5idaxxWiQ8=", + "dev": true, + "peer": true, + "dependencies": { + "is-extendable": "^0.1.0" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/sane/node_modules/get-stream": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-4.1.0.tgz", + "integrity": "sha512-GMat4EJ5161kIy2HevLlr4luNjBgvmj413KaQA7jt4V8B4RDsfpHk7WQ9GVqfYyyx8OS/L66Kox+rJRNklLK7w==", + "dev": true, + "peer": true, + "dependencies": { + "pump": "^3.0.0" + }, + "engines": { + "node": ">=6" + } + }, + "node_modules/sane/node_modules/is-buffer": { + "version": "1.1.6", + "resolved": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.6.tgz", + "integrity": "sha512-NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w==", + "dev": true, + "peer": true + }, + "node_modules/sane/node_modules/is-number": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/is-number/-/is-number-3.0.0.tgz", + "integrity": "sha1-JP1iAaR4LPUFYcgQJ2r8fRLXEZU=", + "dev": true, + "peer": true, + "dependencies": { + "kind-of": "^3.0.2" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/sane/node_modules/is-number/node_modules/kind-of": { + "version": "3.2.2", + "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", + "integrity": "sha1-MeohpzS6ubuw8yRm2JOupR5KPGQ=", + "dev": true, + "peer": true, + "dependencies": { + "is-buffer": "^1.1.5" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/sane/node_modules/is-stream": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-1.1.0.tgz", + "integrity": "sha1-EtSj3U5o4Lec6428hBc66A2RykQ=", + "dev": true, + "peer": true, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/sane/node_modules/micromatch": { + "version": "3.1.10", + "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-3.1.10.tgz", + "integrity": "sha512-MWikgl9n9M3w+bpsY3He8L+w9eF9338xRl8IAO5viDizwSzziFEyUzo2xrrloB64ADbTf8uA8vRqqttDTOmccg==", + "dev": true, + "peer": true, + "dependencies": { + "arr-diff": "^4.0.0", + "array-unique": "^0.3.2", + "braces": "^2.3.1", + "define-property": "^2.0.2", + "extend-shallow": "^3.0.2", + "extglob": "^2.0.4", + "fragment-cache": "^0.2.1", + "kind-of": "^6.0.2", + "nanomatch": "^1.2.9", + "object.pick": "^1.3.0", + "regex-not": "^1.0.0", + "snapdragon": "^0.8.1", + "to-regex": "^3.0.2" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/sane/node_modules/normalize-path": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/normalize-path/-/normalize-path-2.1.1.tgz", + "integrity": "sha1-GrKLVW4Zg2Oowab35vogE3/mrtk=", + "dev": true, + "peer": true, + "dependencies": { + "remove-trailing-separator": "^1.0.1" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/sane/node_modules/npm-run-path": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-2.0.2.tgz", + "integrity": "sha1-NakjLfo11wZ7TLLd8jV7GHFTbF8=", + "dev": true, + "peer": true, + "dependencies": { + "path-key": "^2.0.0" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/sane/node_modules/path-key": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/path-key/-/path-key-2.0.1.tgz", + "integrity": "sha1-QRyttXTFoUDTpLGRDUDYDMn0C0A=", + "dev": true, + "peer": true, + "engines": { + "node": ">=4" + } + }, + "node_modules/sane/node_modules/semver": { + "version": "5.7.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz", + "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==", + "dev": true, + "peer": true, + "bin": { + "semver": "bin/semver" + } + }, + "node_modules/sane/node_modules/shebang-command": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-1.2.0.tgz", + "integrity": "sha1-RKrGW2lbAzmJaMOfNj/uXer98eo=", + "dev": true, + "peer": true, + "dependencies": { + "shebang-regex": "^1.0.0" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/sane/node_modules/shebang-regex": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-1.0.0.tgz", + "integrity": "sha1-2kL0l0DAtC2yypcoVxyxkMmO/qM=", + "dev": true, + "peer": true, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/sane/node_modules/to-regex-range": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-2.1.1.tgz", + "integrity": "sha1-fIDBe53+vlmeJzZ+DU3VWQFB2zg=", + "dev": true, + "peer": true, + "dependencies": { + "is-number": "^3.0.0", + "repeat-string": "^1.6.1" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/sane/node_modules/which": { + "version": "1.3.1", + "resolved": "https://registry.npmjs.org/which/-/which-1.3.1.tgz", + "integrity": "sha512-HxJdYWq1MTIQbJ3nw0cqssHoTNU267KlrDuGZ1WYlxDStUtKUhOaJmh112/TZmHxxUfuJqPXSOm7tDyas0OSIQ==", + "dev": true, + "peer": true, + "dependencies": { + "isexe": "^2.0.0" + }, + "bin": { + "which": "bin/which" + } + }, + "node_modules/saxes": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/saxes/-/saxes-5.0.1.tgz", + "integrity": "sha512-5LBh1Tls8c9xgGjw3QrMwETmTMVk0oFgvrFSvWx62llR2hcEInrKNZ2GZCCuuy2lvWrdl5jhbpeqc5hRYKFOcw==", + "dev": true, + "peer": true, + "dependencies": { + "xmlchars": "^2.2.0" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/scheduler": { + "version": "0.20.2", + "resolved": "https://registry.npmjs.org/scheduler/-/scheduler-0.20.2.tgz", + "integrity": "sha512-2eWfGgAqqWFGqtdMmcL5zCMK1U8KlXv8SQFGglL3CEtd0aDVDWgeF/YoCmvln55m5zSk3J/20hTaSBeSObsQDQ==", + "dev": true, + "peer": true, + "dependencies": { + "loose-envify": "^1.1.0", + "object-assign": "^4.1.1" + } }, "node_modules/semver": { "version": "7.3.5", "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.5.tgz", "integrity": "sha512-PoeGJYh8HK4BTO/a9Tf6ZG3veo/A7ZVsYrSA6J8ny9nb3B1VrpkuN+z9OE5wfE5p6H4LchYZsegiQgbJD94ZFQ==", + "dev": true, "dependencies": { "lru-cache": "^6.0.0" }, @@ -15536,87 +12078,19 @@ "url": "https://github.com/sponsors/sindresorhus" } }, - "node_modules/semver-truncate": { - "version": "1.1.2", - "resolved": "https://registry.npmjs.org/semver-truncate/-/semver-truncate-1.1.2.tgz", - "integrity": "sha1-V/Qd5pcHpicJp+AQS6IRcQnqR+g=", - "dev": true, - "dependencies": { - "semver": "^5.3.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/semver-truncate/node_modules/semver": { - "version": "5.7.1", - "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz", - "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==", - "dev": true, - "bin": { - "semver": "bin/semver" - } - }, - "node_modules/send": { - "version": "0.17.1", - "resolved": "https://registry.npmjs.org/send/-/send-0.17.1.tgz", - "integrity": "sha512-BsVKsiGcQMFwT8UxypobUKyv7irCNRHk1T0G680vk88yf6LBByGcZJOTJCrTP2xVN6yI+XjPJcNuE3V4fT9sAg==", - "dependencies": { - "debug": "2.6.9", - "depd": "~1.1.2", - "destroy": "~1.0.4", - "encodeurl": "~1.0.2", - "escape-html": "~1.0.3", - "etag": "~1.8.1", - "fresh": "0.5.2", - "http-errors": "~1.7.2", - "mime": "1.6.0", - "ms": "2.1.1", - "on-finished": "~2.3.0", - "range-parser": "~1.2.1", - "statuses": "~1.5.0" - }, - "engines": { - "node": ">= 0.8.0" - } - }, - "node_modules/send/node_modules/debug": { - "version": "2.6.9", - "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", - "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", - "dependencies": { - "ms": "2.0.0" - } - }, - "node_modules/send/node_modules/debug/node_modules/ms": { + "node_modules/set-blocking": { "version": "2.0.0", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", - "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=" - }, - "node_modules/send/node_modules/ms": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.1.tgz", - "integrity": "sha512-tgp+dl5cGk28utYktBsrFqA7HKgrhgPsg6Z/EfhWI4gl1Hwq8B/GmY/0oXZ6nF8hDVesS/FpnYaD/kOWhYQvyg==" - }, - "node_modules/serve-static": { - "version": "1.14.1", - "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-1.14.1.tgz", - "integrity": "sha512-JMrvUwE54emCYWlTI+hGrGv5I8dEwmco/00EvkzIIsR7MqrHonbD9pO2MOfFnpFntl7ecpZs+3mW+XbQZu9QCg==", - "dependencies": { - "encodeurl": "~1.0.2", - "escape-html": "~1.0.3", - "parseurl": "~1.3.3", - "send": "0.17.1" - }, - "engines": { - "node": ">= 0.8.0" - } + "resolved": "https://registry.npmjs.org/set-blocking/-/set-blocking-2.0.0.tgz", + "integrity": "sha1-BF+XgtARrppoA93TgrJDkrPYkPc=", + "dev": true, + "peer": true }, "node_modules/set-value": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/set-value/-/set-value-2.0.1.tgz", "integrity": "sha512-JxHc1weCN68wRY0fhCoXpyK55m/XPHafOmK4UWD7m2CI14GMcFypt4w/0+NV5f/ZMby2F6S2wwA7fgynh9gWSw==", "dev": true, + "peer": true, "dependencies": { "extend-shallow": "^2.0.1", "is-extendable": "^0.1.1", @@ -15632,6 +12106,7 @@ "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz", "integrity": "sha1-Ua99YUrZqfYQ6huvu5idaxxWiQ8=", "dev": true, + "peer": true, "dependencies": { "is-extendable": "^0.1.0" }, @@ -15642,17 +12117,23 @@ "node_modules/setimmediate": { "version": "1.0.5", "resolved": "https://registry.npmjs.org/setimmediate/-/setimmediate-1.0.5.tgz", - "integrity": "sha1-KQy7Iy4waULX1+qbg3Mqt4VvgoU=" + "integrity": "sha1-KQy7Iy4waULX1+qbg3Mqt4VvgoU=", + "dev": true, + "peer": true }, "node_modules/setprototypeof": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.1.1.tgz", - "integrity": "sha512-JvdAWfbXeIGaZ9cILp38HntZSFSo3mWg6xGcJJsd+d4aRMOqauag1C63dJfDw7OaMYwEbHMOxEZ1lqVRYP2OAw==" + "integrity": "sha512-JvdAWfbXeIGaZ9cILp38HntZSFSo3mWg6xGcJJsd+d4aRMOqauag1C63dJfDw7OaMYwEbHMOxEZ1lqVRYP2OAw==", + "dev": true, + "peer": true }, "node_modules/sha.js": { "version": "2.4.11", "resolved": "https://registry.npmjs.org/sha.js/-/sha.js-2.4.11.tgz", "integrity": "sha512-QMEp5B7cftE7APOjk5Y6xgrbWu+WkLVQwk8JNjZ8nKRciZaByEW6MubieAiToS7+dwvrjGhH8jRXz3MVd0AYqQ==", + "dev": true, + "peer": true, "dependencies": { "inherits": "^2.0.1", "safe-buffer": "^5.0.1" @@ -15685,12 +12166,17 @@ "node_modules/shell-quote": { "version": "1.7.2", "resolved": "https://registry.npmjs.org/shell-quote/-/shell-quote-1.7.2.tgz", - "integrity": "sha512-mRz/m/JVscCrkMyPqHc/bczi3OQHkLTqXHEFu0zDhK/qfv3UcOA4SVmRCLmos4bhjr9ekVQubj/R7waKapmiQg==" + "integrity": "sha512-mRz/m/JVscCrkMyPqHc/bczi3OQHkLTqXHEFu0zDhK/qfv3UcOA4SVmRCLmos4bhjr9ekVQubj/R7waKapmiQg==", + "dev": true, + "peer": true }, "node_modules/shellwords": { "version": "0.1.1", "resolved": "https://registry.npmjs.org/shellwords/-/shellwords-0.1.1.tgz", - "integrity": "sha512-vFwSUfQvqybiICwZY5+DAWIPLKsWO31Q91JSKl3UYv+K5c2QRPzn0qzec6QPu1Qc9eHYItiP3NdJqNVqetYAww==" + "integrity": "sha512-vFwSUfQvqybiICwZY5+DAWIPLKsWO31Q91JSKl3UYv+K5c2QRPzn0qzec6QPu1Qc9eHYItiP3NdJqNVqetYAww==", + "dev": true, + "optional": true, + "peer": true }, "node_modules/side-channel": { "version": "1.0.4", @@ -15800,6 +12286,13 @@ "node": ">=4" } }, + "node_modules/sisteransi": { + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/sisteransi/-/sisteransi-1.0.5.tgz", + "integrity": "sha512-bLGGlR1QxBcynn2d5YmDX4MGjlZvy2MRBDRNHLJ8VI6l6+9FUiyTFNJ0IveOSP0bcXgVDPRcfGqA0pjaqUpfVg==", + "dev": true, + "peer": true + }, "node_modules/slash": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/slash/-/slash-3.0.0.tgz", @@ -15837,6 +12330,7 @@ "resolved": "https://registry.npmjs.org/snapdragon/-/snapdragon-0.8.2.tgz", "integrity": "sha512-FtyOnWN/wCHTVXOMwvSv26d+ko5vWlIDD6zoUJ7LW8vh+ZBC8QdljveRP+crNrtBwioEUWy/4dMtbBjA4ioNlg==", "dev": true, + "peer": true, "dependencies": { "base": "^0.11.1", "debug": "^2.2.0", @@ -15856,6 +12350,7 @@ "resolved": "https://registry.npmjs.org/snapdragon-node/-/snapdragon-node-2.1.1.tgz", "integrity": "sha512-O27l4xaMYt/RSQ5TR3vpWCAB5Kb/czIcqUFOM/C4fYcLnbZUc1PkjTAMjof2pBWaSTwOUd6qUHcFGVGj7aIwnw==", "dev": true, + "peer": true, "dependencies": { "define-property": "^1.0.0", "isobject": "^3.0.0", @@ -15870,6 +12365,7 @@ "resolved": "https://registry.npmjs.org/define-property/-/define-property-1.0.0.tgz", "integrity": "sha1-dp66rz9KY6rTr56NMEybvnm/sOY=", "dev": true, + "peer": true, "dependencies": { "is-descriptor": "^1.0.0" }, @@ -15882,6 +12378,7 @@ "resolved": "https://registry.npmjs.org/snapdragon-util/-/snapdragon-util-3.0.1.tgz", "integrity": "sha512-mbKkMdQKsjX4BAL4bRYTj21edOf8cN7XHdYUJEe+Zn99hVEYcMvKPct1IqNe7+AZPirn8BCDOQBHQZknqmKlZQ==", "dev": true, + "peer": true, "dependencies": { "kind-of": "^3.2.0" }, @@ -15893,13 +12390,15 @@ "version": "1.1.6", "resolved": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.6.tgz", "integrity": "sha512-NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w==", - "dev": true + "dev": true, + "peer": true }, "node_modules/snapdragon-util/node_modules/kind-of": { "version": "3.2.2", "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", "integrity": "sha1-MeohpzS6ubuw8yRm2JOupR5KPGQ=", "dev": true, + "peer": true, "dependencies": { "is-buffer": "^1.1.5" }, @@ -15912,6 +12411,7 @@ "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", "dev": true, + "peer": true, "dependencies": { "ms": "2.0.0" } @@ -15921,6 +12421,7 @@ "resolved": "https://registry.npmjs.org/define-property/-/define-property-0.2.5.tgz", "integrity": "sha1-w1se+RjsPJkPmlvFe+BKrOxcgRY=", "dev": true, + "peer": true, "dependencies": { "is-descriptor": "^0.1.0" }, @@ -15933,6 +12434,7 @@ "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz", "integrity": "sha1-Ua99YUrZqfYQ6huvu5idaxxWiQ8=", "dev": true, + "peer": true, "dependencies": { "is-extendable": "^0.1.0" }, @@ -15945,6 +12447,7 @@ "resolved": "https://registry.npmjs.org/is-accessor-descriptor/-/is-accessor-descriptor-0.1.6.tgz", "integrity": "sha1-qeEss66Nh2cn7u84Q/igiXtcmNY=", "dev": true, + "peer": true, "dependencies": { "kind-of": "^3.0.2" }, @@ -15957,6 +12460,7 @@ "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", "integrity": "sha1-MeohpzS6ubuw8yRm2JOupR5KPGQ=", "dev": true, + "peer": true, "dependencies": { "is-buffer": "^1.1.5" }, @@ -15968,13 +12472,15 @@ "version": "1.1.6", "resolved": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.6.tgz", "integrity": "sha512-NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w==", - "dev": true + "dev": true, + "peer": true }, "node_modules/snapdragon/node_modules/is-data-descriptor": { "version": "0.1.4", "resolved": "https://registry.npmjs.org/is-data-descriptor/-/is-data-descriptor-0.1.4.tgz", "integrity": "sha1-C17mSDiOLIYCgueT8YVv7D8wG1Y=", "dev": true, + "peer": true, "dependencies": { "kind-of": "^3.0.2" }, @@ -15987,6 +12493,7 @@ "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", "integrity": "sha1-MeohpzS6ubuw8yRm2JOupR5KPGQ=", "dev": true, + "peer": true, "dependencies": { "is-buffer": "^1.1.5" }, @@ -15999,6 +12506,7 @@ "resolved": "https://registry.npmjs.org/is-descriptor/-/is-descriptor-0.1.6.tgz", "integrity": "sha512-avDYr0SB3DwO9zsMov0gKCESFYqCnE4hq/4z3TdUlukEy5t9C0YRq7HLrsN52NAcqXKaepeCD0n+B0arnVG3Hg==", "dev": true, + "peer": true, "dependencies": { "is-accessor-descriptor": "^0.1.6", "is-data-descriptor": "^0.1.4", @@ -16013,6 +12521,7 @@ "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-5.1.0.tgz", "integrity": "sha512-NGEErnH6F2vUuXDh+OlbcKW7/wOcfdRHaZ7VWtqCztfHri/++YKmP51OdWeGPuqCOba6kk2OTe5d02VmTB80Pw==", "dev": true, + "peer": true, "engines": { "node": ">=0.10.0" } @@ -16021,36 +12530,14 @@ "version": "2.0.0", "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=", - "dev": true - }, - "node_modules/sort-keys": { - "version": "1.1.2", - "resolved": "https://registry.npmjs.org/sort-keys/-/sort-keys-1.1.2.tgz", - "integrity": "sha1-RBttTTRnmPG05J6JIK37oOVD+a0=", "dev": true, - "dependencies": { - "is-plain-obj": "^1.0.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/sort-keys-length": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/sort-keys-length/-/sort-keys-length-1.0.1.tgz", - "integrity": "sha1-nLb09OnkgVWmqgZx7dM2/xR5oYg=", - "dev": true, - "dependencies": { - "sort-keys": "^1.0.0" - }, - "engines": { - "node": ">=0.10.0" - } + "peer": true }, "node_modules/source-map": { "version": "0.5.7", "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.5.7.tgz", "integrity": "sha1-igOdLRAh0i0eoUyA2OpGi6LvP8w=", + "dev": true, "engines": { "node": ">=0.10.0" } @@ -16061,6 +12548,7 @@ "integrity": "sha512-Htz+RnsXWk5+P2slx5Jh3Q66vhQj1Cllm0zvnaY98+NFx+Dv2CF/f5O/t8x+KaNdrdIAsruNzoh/KpialbqAnw==", "deprecated": "See https://github.com/lydell/source-map-resolve#deprecated", "dev": true, + "peer": true, "dependencies": { "atob": "^2.1.2", "decode-uri-component": "^0.2.0", @@ -16069,21 +12557,34 @@ "urix": "^0.1.0" } }, + "node_modules/source-map-support": { + "version": "0.5.21", + "resolved": "https://registry.npmjs.org/source-map-support/-/source-map-support-0.5.21.tgz", + "integrity": "sha512-uBHU3L3czsIyYXKX88fdrGovxdSCoTGDRZ6SYXtSRxLZUzHg5P/66Ht6uoUlHu9EZod+inXhKo3qQgwXUT/y1w==", + "dev": true, + "peer": true, + "dependencies": { + "buffer-from": "^1.0.0", + "source-map": "^0.6.0" + } + }, + "node_modules/source-map-support/node_modules/source-map": { + "version": "0.6.1", + "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", + "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==", + "dev": true, + "peer": true, + "engines": { + "node": ">=0.10.0" + } + }, "node_modules/source-map-url": { "version": "0.4.1", "resolved": "https://registry.npmjs.org/source-map-url/-/source-map-url-0.4.1.tgz", "integrity": "sha512-cPiFOTLUKvJFIg4SKVScy4ilPPW6rFgMgfuZJPNoDuMs3nC1HbMUycBoJw77xFIp6z1UJQJOfx6C9GMH80DiTw==", "deprecated": "See https://github.com/lydell/source-map-url#deprecated", - "dev": true - }, - "node_modules/space-separated-tokens": { - "version": "1.1.5", - "resolved": "https://registry.npmjs.org/space-separated-tokens/-/space-separated-tokens-1.1.5.tgz", - "integrity": "sha512-q/JSVd1Lptzhf5bkYm4ob4iWPjx0KiRe3sRFBNrVqbJkFaBm5vbbowy1mymoPNLRa52+oadOhJ+K49wsSeSjTA==", - "funding": { - "type": "github", - "url": "https://github.com/sponsors/wooorm" - } + "dev": true, + "peer": true }, "node_modules/spdx-correct": { "version": "3.1.1", @@ -16131,6 +12632,7 @@ "resolved": "https://registry.npmjs.org/split-string/-/split-string-3.1.0.tgz", "integrity": "sha512-NzNVhJDYpwceVVii8/Hu6DKfD2G+NrQHlS/V/qgv763EYudVwEcMQNxd2lh+0VrUByXN/oJkl5grOhYWvQUYiw==", "dev": true, + "peer": true, "dependencies": { "extend-shallow": "^3.0.0" }, @@ -16141,100 +12643,38 @@ "node_modules/sprintf-js": { "version": "1.0.3", "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", - "integrity": "sha1-BOaSb2YolTVPPdAVIDYzuFcpfiw=" - }, - "node_modules/squeak": { - "version": "1.3.0", - "resolved": "https://registry.npmjs.org/squeak/-/squeak-1.3.0.tgz", - "integrity": "sha1-MwRQN7ZDiLVnZ0uEMiplIQc5FsM=", - "dev": true, - "dependencies": { - "chalk": "^1.0.0", - "console-stream": "^0.1.1", - "lpad-align": "^1.0.1" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/squeak/node_modules/ansi-regex": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz", - "integrity": "sha1-w7M6te42DYbg5ijwRorn7yfWVN8=", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/squeak/node_modules/ansi-styles": { - "version": "2.2.1", - "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-2.2.1.tgz", - "integrity": "sha1-tDLdM1i2NM914eRmQ2gkBTPB3b4=", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/squeak/node_modules/chalk": { - "version": "1.1.3", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz", - "integrity": "sha1-qBFcVeSnAv5NFQq9OHKCKn4J/Jg=", - "dev": true, - "dependencies": { - "ansi-styles": "^2.2.1", - "escape-string-regexp": "^1.0.2", - "has-ansi": "^2.0.0", - "strip-ansi": "^3.0.0", - "supports-color": "^2.0.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/squeak/node_modules/strip-ansi": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-3.0.1.tgz", - "integrity": "sha1-ajhfuIU9lS1f8F0Oiq+UJ43GPc8=", - "dev": true, - "dependencies": { - "ansi-regex": "^2.0.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/squeak/node_modules/supports-color": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-2.0.0.tgz", - "integrity": "sha1-U10EXOa2Nj+kARcIRimZXp3zJMc=", - "dev": true, - "engines": { - "node": ">=0.8.0" - } - }, - "node_modules/stable": { - "version": "0.1.8", - "resolved": "https://registry.npmjs.org/stable/-/stable-0.1.8.tgz", - "integrity": "sha512-ji9qxRnOVfcuLDySj9qzhGSEFVobyt1kIOSkj1qZzYLzq7Tos/oUUWvotUPQLlrsidqsK6tBH89Bc9kL5zHA6w==", + "integrity": "sha1-BOaSb2YolTVPPdAVIDYzuFcpfiw=", "dev": true }, - "node_modules/stack-generator": { + "node_modules/stack-utils": { "version": "2.0.5", - "resolved": "https://registry.npmjs.org/stack-generator/-/stack-generator-2.0.5.tgz", - "integrity": "sha512-/t1ebrbHkrLrDuNMdeAcsvynWgoH/i4o8EGGfX7dEYDoTXOYVAkEpFdtshlvabzc6JlJ8Kf9YdFEoz7JkzGN9Q==", + "resolved": "https://registry.npmjs.org/stack-utils/-/stack-utils-2.0.5.tgz", + "integrity": "sha512-xrQcmYhOsn/1kX+Vraq+7j4oE2j/6BFscZ0etmYg81xuM8Gq0022Pxb8+IqgOFUIaxHs0KaSb7T1+OegiNrNFA==", + "dev": true, + "peer": true, "dependencies": { - "stackframe": "^1.1.1" + "escape-string-regexp": "^2.0.0" + }, + "engines": { + "node": ">=10" } }, - "node_modules/stackframe": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/stackframe/-/stackframe-1.2.0.tgz", - "integrity": "sha512-GrdeshiRmS1YLMYgzF16olf2jJ/IzxXY9lhKOskuVziubpTYcYqyOwYeJKzQkwy7uN0fYSsbsC4RQaXf9LCrYA==" + "node_modules/stack-utils/node_modules/escape-string-regexp": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-2.0.0.tgz", + "integrity": "sha512-UpzcLCXolUWcNu5HtVMHYdXJjArjsF9C0aNnquZYY4uW/Vu0miy5YoWvbV345HauVvcAUnpRuhMMcqTcGOY2+w==", + "dev": true, + "peer": true, + "engines": { + "node": ">=8" + } }, "node_modules/stacktrace-parser": { "version": "0.1.10", "resolved": "https://registry.npmjs.org/stacktrace-parser/-/stacktrace-parser-0.1.10.tgz", "integrity": "sha512-KJP1OCML99+8fhOHxwwzyWrlUuVX5GQ0ZpJTd1DFXhdkrvg1szxfHhawXUZ3g9TkXORQd4/WG68jMlQZ2p8wlg==", + "dev": true, + "peer": true, "dependencies": { "type-fest": "^0.7.1" }, @@ -16246,24 +12686,18 @@ "version": "0.7.1", "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.7.1.tgz", "integrity": "sha512-Ne2YiiGN8bmrmJJEuTWTLJR32nh/JdL1+PSicowtNb0WFpn59GK8/lfD61bVtzguz7b3PBt74nxpv/Pw5po5Rg==", + "dev": true, + "peer": true, "engines": { "node": ">=8" } }, - "node_modules/state-toggle": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/state-toggle/-/state-toggle-1.0.3.tgz", - "integrity": "sha512-d/5Z4/2iiCnHw6Xzghyhb+GcmF89bxwgXG60wjIiZaxnymbyOmI8Hk4VqHXiVVp6u2ysaskFfXg3ekCj4WNftQ==", - "funding": { - "type": "github", - "url": "https://github.com/sponsors/wooorm" - } - }, "node_modules/static-extend": { "version": "0.1.2", "resolved": "https://registry.npmjs.org/static-extend/-/static-extend-0.1.2.tgz", "integrity": "sha1-YICcOcv/VTNyJv1eC1IPNB8ftcY=", "dev": true, + "peer": true, "dependencies": { "define-property": "^0.2.5", "object-copy": "^0.1.0" @@ -16277,6 +12711,7 @@ "resolved": "https://registry.npmjs.org/define-property/-/define-property-0.2.5.tgz", "integrity": "sha1-w1se+RjsPJkPmlvFe+BKrOxcgRY=", "dev": true, + "peer": true, "dependencies": { "is-descriptor": "^0.1.0" }, @@ -16289,6 +12724,7 @@ "resolved": "https://registry.npmjs.org/is-accessor-descriptor/-/is-accessor-descriptor-0.1.6.tgz", "integrity": "sha1-qeEss66Nh2cn7u84Q/igiXtcmNY=", "dev": true, + "peer": true, "dependencies": { "kind-of": "^3.0.2" }, @@ -16301,6 +12737,7 @@ "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", "integrity": "sha1-MeohpzS6ubuw8yRm2JOupR5KPGQ=", "dev": true, + "peer": true, "dependencies": { "is-buffer": "^1.1.5" }, @@ -16312,13 +12749,15 @@ "version": "1.1.6", "resolved": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.6.tgz", "integrity": "sha512-NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w==", - "dev": true + "dev": true, + "peer": true }, "node_modules/static-extend/node_modules/is-data-descriptor": { "version": "0.1.4", "resolved": "https://registry.npmjs.org/is-data-descriptor/-/is-data-descriptor-0.1.4.tgz", "integrity": "sha1-C17mSDiOLIYCgueT8YVv7D8wG1Y=", "dev": true, + "peer": true, "dependencies": { "kind-of": "^3.0.2" }, @@ -16331,6 +12770,7 @@ "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", "integrity": "sha1-MeohpzS6ubuw8yRm2JOupR5KPGQ=", "dev": true, + "peer": true, "dependencies": { "is-buffer": "^1.1.5" }, @@ -16343,6 +12783,7 @@ "resolved": "https://registry.npmjs.org/is-descriptor/-/is-descriptor-0.1.6.tgz", "integrity": "sha512-avDYr0SB3DwO9zsMov0gKCESFYqCnE4hq/4z3TdUlukEy5t9C0YRq7HLrsN52NAcqXKaepeCD0n+B0arnVG3Hg==", "dev": true, + "peer": true, "dependencies": { "is-accessor-descriptor": "^0.1.6", "is-data-descriptor": "^0.1.4", @@ -16357,6 +12798,7 @@ "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-5.1.0.tgz", "integrity": "sha512-NGEErnH6F2vUuXDh+OlbcKW7/wOcfdRHaZ7VWtqCztfHri/++YKmP51OdWeGPuqCOba6kk2OTe5d02VmTB80Pw==", "dev": true, + "peer": true, "engines": { "node": ">=0.10.0" } @@ -16365,6 +12807,8 @@ "version": "1.5.0", "resolved": "https://registry.npmjs.org/statuses/-/statuses-1.5.0.tgz", "integrity": "sha1-Fhx9rBd2Wf2YEfQ3cfqZOBR4Yow=", + "dev": true, + "peer": true, "engines": { "node": ">= 0.6" } @@ -16373,6 +12817,8 @@ "version": "3.0.0", "resolved": "https://registry.npmjs.org/stream-browserify/-/stream-browserify-3.0.0.tgz", "integrity": "sha512-H73RAHsVBapbim0tU2JwwOiXUj+fikfiaoYAKHF3VJfA0pe2BCzkhAHBlLG6REzE+2WNZcxOXjK7lkso+9euLA==", + "dev": true, + "peer": true, "dependencies": { "inherits": "~2.0.4", "readable-stream": "^3.5.0" @@ -16382,6 +12828,8 @@ "version": "3.1.1", "resolved": "https://registry.npmjs.org/stream-http/-/stream-http-3.1.1.tgz", "integrity": "sha512-S7OqaYu0EkFpgeGFb/NPOoPLxFko7TPqtEeFg5DXPB4v/KETHG0Ln6fRFrNezoelpaDKmycEmmZ81cC9DAwgYg==", + "dev": true, + "peer": true, "dependencies": { "builtin-status-codes": "^3.0.0", "inherits": "^2.0.4", @@ -16393,6 +12841,8 @@ "version": "0.3.1", "resolved": "https://registry.npmjs.org/stream-parser/-/stream-parser-0.3.1.tgz", "integrity": "sha1-FhhUhpRCACGhGC/wrxkRwSl2F3M=", + "dev": true, + "peer": true, "dependencies": { "debug": "2" } @@ -16401,6 +12851,8 @@ "version": "2.6.9", "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", + "dev": true, + "peer": true, "dependencies": { "ms": "2.0.0" } @@ -16408,20 +12860,15 @@ "node_modules/stream-parser/node_modules/ms": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", - "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=" - }, - "node_modules/strict-uri-encode": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/strict-uri-encode/-/strict-uri-encode-1.1.0.tgz", - "integrity": "sha1-J5siXfHVgrH1TmWt3UNS4Y+qBxM=", - "engines": { - "node": ">=0.10.0" - } + "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=", + "dev": true, + "peer": true }, "node_modules/string_decoder": { "version": "1.3.0", "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.3.0.tgz", "integrity": "sha512-hkRX8U1WjJFd8LsDJ2yQ/wWWxaopEsABU1XfkM8A+j0+85JAGppt16cr1Whg6KIbb4okU6Mql6BOj+uup/wKeA==", + "dev": true, "dependencies": { "safe-buffer": "~5.2.0" } @@ -16430,6 +12877,7 @@ "version": "5.2.1", "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==", + "dev": true, "funding": [ { "type": "github", @@ -16457,7 +12905,23 @@ "node_modules/string-hash": { "version": "1.1.3", "resolved": "https://registry.npmjs.org/string-hash/-/string-hash-1.1.3.tgz", - "integrity": "sha1-6Kr8CsGFW0Zmkp7X3RJ1311sgRs=" + "integrity": "sha1-6Kr8CsGFW0Zmkp7X3RJ1311sgRs=", + "dev": true, + "peer": true + }, + "node_modules/string-length": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/string-length/-/string-length-4.0.2.tgz", + "integrity": "sha512-+l6rNN5fYHNhZZy41RXsYptCjA2Igmq4EG7kZAYFQI1E1VTXarr6ZPXBg6eq7Y6eK4FEhY6AJlyuFIb/v/S0VQ==", + "dev": true, + "peer": true, + "dependencies": { + "char-regex": "^1.0.2", + "strip-ansi": "^6.0.0" + }, + "engines": { + "node": ">=10" + } }, "node_modules/string-width": { "version": "4.2.3", @@ -16508,6 +12972,7 @@ "version": "1.0.4", "resolved": "https://registry.npmjs.org/string.prototype.trimend/-/string.prototype.trimend-1.0.4.tgz", "integrity": "sha512-y9xCjw1P23Awk8EvTpcyL2NIr1j7wJ39f+k6lvRnSMz+mz9CGz9NYPelDk42kOz6+ql8xjfK8oYzy3jAP5QU5A==", + "dev": true, "dependencies": { "call-bind": "^1.0.2", "define-properties": "^1.1.3" @@ -16520,6 +12985,7 @@ "version": "1.0.4", "resolved": "https://registry.npmjs.org/string.prototype.trimstart/-/string.prototype.trimstart-1.0.4.tgz", "integrity": "sha512-jh6e984OBfvxS50tdY2nRZnoC5/mLFKOREQfw8t5yytkoUsJRNxvI/E39qu1sD0OtWI3OC0XgKSmcWwziwYuZw==", + "dev": true, "dependencies": { "call-bind": "^1.0.2", "define-properties": "^1.1.3" @@ -16528,20 +12994,6 @@ "url": "https://github.com/sponsors/ljharb" } }, - "node_modules/stringify-entities": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/stringify-entities/-/stringify-entities-3.1.0.tgz", - "integrity": "sha512-3FP+jGMmMV/ffZs86MoghGqAoqXAdxLrJP4GUdrDN1aIScYih5tuIO3eF4To5AJZ79KDZ8Fpdy7QJnK8SsL1Vg==", - "dependencies": { - "character-entities-html4": "^1.0.0", - "character-entities-legacy": "^1.0.0", - "xtend": "^4.0.0" - }, - "funding": { - "type": "github", - "url": "https://github.com/sponsors/wooorm" - } - }, "node_modules/stringify-object": { "version": "3.3.0", "resolved": "https://registry.npmjs.org/stringify-object/-/stringify-object-3.3.0.tgz", @@ -16560,6 +13012,7 @@ "version": "6.0.0", "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.0.tgz", "integrity": "sha512-AuvKTrTfQNYNIctbR1K/YGTR1756GycPsg7b9bdV9Duqur4gv6aKqHXah67Z8ImS7WEz5QVcOtlfW2rZEugt6w==", + "dev": true, "dependencies": { "ansi-regex": "^5.0.0" }, @@ -16576,28 +13029,12 @@ "node": ">=4" } }, - "node_modules/strip-bom-string": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/strip-bom-string/-/strip-bom-string-1.0.0.tgz", - "integrity": "sha1-5SEekiQ2n7uB1jOi8ABE3IztrZI=", - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/strip-dirs": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/strip-dirs/-/strip-dirs-2.1.0.tgz", - "integrity": "sha512-JOCxOeKLm2CAS73y/U4ZeZPTkE+gNVCzKt7Eox84Iej1LT/2pTWYpZKJuxwQpvX1LiZb1xokNR7RLfuBAa7T3g==", - "dev": true, - "dependencies": { - "is-natural-number": "^4.0.1" - } - }, "node_modules/strip-eof": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/strip-eof/-/strip-eof-1.0.0.tgz", "integrity": "sha1-u0P/VZim6wXYm1n80SnJgzE2Br8=", "dev": true, + "peer": true, "engines": { "node": ">=0.10.0" } @@ -16635,50 +13072,18 @@ "url": "https://github.com/sponsors/sindresorhus" } }, - "node_modules/strip-outer": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/strip-outer/-/strip-outer-1.0.1.tgz", - "integrity": "sha512-k55yxKHwaXnpYGsOzg4Vl8+tDrWylxDEpknGjhTiZB8dFRU5rTo9CAzeycivxV3s+zlTKwrs6WxMxR95n26kwg==", - "dev": true, - "dependencies": { - "escape-string-regexp": "^1.0.2" - }, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/style-search": { "version": "0.1.0", "resolved": "https://registry.npmjs.org/style-search/-/style-search-0.1.0.tgz", "integrity": "sha1-eVjHk+R+MuB9K1yv5cC/jhLneQI=", "dev": true }, - "node_modules/style-to-object": { - "version": "0.3.0", - "resolved": "https://registry.npmjs.org/style-to-object/-/style-to-object-0.3.0.tgz", - "integrity": "sha512-CzFnRRXhzWIdItT3OmF8SQfWyahHhjq3HwcMNCNLn+N7klOOqPjMeG/4JSu77D7ypZdGvSzvkrbyeTMizz2VrA==", - "dependencies": { - "inline-style-parser": "0.1.1" - } - }, - "node_modules/style-value-types": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/style-value-types/-/style-value-types-5.0.0.tgz", - "integrity": "sha512-08yq36Ikn4kx4YU6RD7jWEv27v4V+PUsOGa4n/as8Et3CuODMJQ00ENeAVXAeydX4Z2j1XHZF1K2sX4mGl18fA==", - "dependencies": { - "hey-listen": "^1.0.8", - "tslib": "^2.1.0" - } - }, - "node_modules/style-value-types/node_modules/tslib": { - "version": "2.3.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.3.1.tgz", - "integrity": "sha512-77EbyPPpMz+FRFRuAFlWMtmgUWGe9UOG2Z25NqCwiIjRhOf5iKGuzSe5P2w1laq+FkRy4p+PCuVkJSGkzTEKVw==" - }, "node_modules/styled-jsx": { "version": "4.0.1", "resolved": "https://registry.npmjs.org/styled-jsx/-/styled-jsx-4.0.1.tgz", "integrity": "sha512-Gcb49/dRB1k8B4hdK8vhW27Rlb2zujCk1fISrizCcToIs+55B4vmUM0N9Gi4nnVfFZWe55jRdWpAqH1ldAKWvQ==", + "dev": true, + "peer": true, "dependencies": { "@babel/plugin-syntax-jsx": "7.14.5", "@babel/types": "7.15.0", @@ -16705,6 +13110,8 @@ "version": "7.14.5", "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-jsx/-/plugin-syntax-jsx-7.14.5.tgz", "integrity": "sha512-ohuFIsOMXJnbOMRfX7/w7LocdR6R7whhuRD4ax8IipLcLPlZGJKkBxgHp++U4N/vKyU16/YDQr2f5seajD3jIw==", + "dev": true, + "peer": true, "dependencies": { "@babel/helper-plugin-utils": "^7.14.5" }, @@ -16719,6 +13126,8 @@ "version": "2.1.0", "resolved": "https://registry.npmjs.org/emojis-list/-/emojis-list-2.1.0.tgz", "integrity": "sha1-TapNnbAPmBmIDHn6RXrlsJof04k=", + "dev": true, + "peer": true, "engines": { "node": ">= 0.10" } @@ -16727,6 +13136,8 @@ "version": "1.0.1", "resolved": "https://registry.npmjs.org/json5/-/json5-1.0.1.tgz", "integrity": "sha512-aKS4WQjPenRxiQsC93MNfjx+nbF4PAdYzmd/1JIj8HYzqfbu86beTuNgXDzPknWk0n0uARlyewZo4s++ES36Ow==", + "dev": true, + "peer": true, "dependencies": { "minimist": "^1.2.0" }, @@ -16738,6 +13149,8 @@ "version": "1.2.3", "resolved": "https://registry.npmjs.org/loader-utils/-/loader-utils-1.2.3.tgz", "integrity": "sha512-fkpz8ejdnEMG3s37wGL07iSBDg99O9D5yflE9RGNH3hRdx9SOwYfnGYdZOUIZitN8E+E2vkq3MUMYMvPYl5ZZA==", + "dev": true, + "peer": true, "dependencies": { "big.js": "^5.2.2", "emojis-list": "^2.0.0", @@ -16751,6 +13164,8 @@ "version": "0.7.3", "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.7.3.tgz", "integrity": "sha512-CkCj6giN3S+n9qrYiBTX5gystlENnRW5jZeNLHpe6aue+SrHcG5VYwujhW9s4dY31mEGsxBDrHR6oI69fTXsaQ==", + "dev": true, + "peer": true, "engines": { "node": ">= 8" } @@ -17135,12 +13550,16 @@ "node_modules/stylis": { "version": "3.5.4", "resolved": "https://registry.npmjs.org/stylis/-/stylis-3.5.4.tgz", - "integrity": "sha512-8/3pSmthWM7lsPBKv7NXkzn2Uc9W7NotcwGNpJaa3k7WMM1XDCA4MgT5k/8BIexd5ydZdboXtU90XH9Ec4Bv/Q==" + "integrity": "sha512-8/3pSmthWM7lsPBKv7NXkzn2Uc9W7NotcwGNpJaa3k7WMM1XDCA4MgT5k/8BIexd5ydZdboXtU90XH9Ec4Bv/Q==", + "dev": true, + "peer": true }, "node_modules/stylis-rule-sheet": { "version": "0.0.10", "resolved": "https://registry.npmjs.org/stylis-rule-sheet/-/stylis-rule-sheet-0.0.10.tgz", "integrity": "sha512-nTbZoaqoBnmK+ptANthb10ZRZOGC+EmTLLUxeYIuHNkEKcmKgXX1XWKkUBT2Ac4es3NybooPe0SmvKdhKJZAuw==", + "dev": true, + "peer": true, "peerDependencies": { "stylis": "^3.5.0" } @@ -17259,6 +13678,7 @@ "version": "7.2.0", "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==", + "dev": true, "dependencies": { "has-flag": "^4.0.0" }, @@ -17266,118 +13686,32 @@ "node": ">=8" } }, + "node_modules/supports-hyperlinks": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/supports-hyperlinks/-/supports-hyperlinks-2.2.0.tgz", + "integrity": "sha512-6sXEzV5+I5j8Bmq9/vUphGRM/RJNT9SCURJLjwfOg51heRtguGWDzcaBlgAzKhQa0EVNpPEKzQuBwZ8S8WaCeQ==", + "dev": true, + "peer": true, + "dependencies": { + "has-flag": "^4.0.0", + "supports-color": "^7.0.0" + }, + "engines": { + "node": ">=8" + } + }, "node_modules/svg-tags": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/svg-tags/-/svg-tags-1.0.0.tgz", "integrity": "sha1-WPcc7jvVGbWdSyqEO2x95krAR2Q=", "dev": true }, - "node_modules/svgo": { - "version": "1.3.2", - "resolved": "https://registry.npmjs.org/svgo/-/svgo-1.3.2.tgz", - "integrity": "sha512-yhy/sQYxR5BkC98CY7o31VGsg014AKLEPxdfhora76l36hD9Rdy5NZA/Ocn6yayNPgSamYdtX2rFJdcv07AYVw==", - "deprecated": "This SVGO version is no longer supported. Upgrade to v2.x.x.", + "node_modules/symbol-tree": { + "version": "3.2.4", + "resolved": "https://registry.npmjs.org/symbol-tree/-/symbol-tree-3.2.4.tgz", + "integrity": "sha512-9QNk5KwDF+Bvz+PyObkmSYjI5ksVUYtjW7AU22r2NKcfLJcXp96hkDWU3+XndOsUb+AQ9QhfzfCT2O+CNWT5Tw==", "dev": true, - "dependencies": { - "chalk": "^2.4.1", - "coa": "^2.0.2", - "css-select": "^2.0.0", - "css-select-base-adapter": "^0.1.1", - "css-tree": "1.0.0-alpha.37", - "csso": "^4.0.2", - "js-yaml": "^3.13.1", - "mkdirp": "~0.5.1", - "object.values": "^1.1.0", - "sax": "~1.2.4", - "stable": "^0.1.8", - "unquote": "~1.1.1", - "util.promisify": "~1.0.0" - }, - "bin": { - "svgo": "bin/svgo" - }, - "engines": { - "node": ">=4.0.0" - } - }, - "node_modules/svgo/node_modules/ansi-styles": { - "version": "3.2.1", - "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz", - "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==", - "dev": true, - "dependencies": { - "color-convert": "^1.9.0" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/svgo/node_modules/chalk": { - "version": "2.4.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz", - "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==", - "dev": true, - "dependencies": { - "ansi-styles": "^3.2.1", - "escape-string-regexp": "^1.0.5", - "supports-color": "^5.3.0" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/svgo/node_modules/color-convert": { - "version": "1.9.3", - "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", - "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==", - "dev": true, - "dependencies": { - "color-name": "1.1.3" - } - }, - "node_modules/svgo/node_modules/color-name": { - "version": "1.1.3", - "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", - "integrity": "sha1-p9BVi9icQveV3UIyj3QIMcpTvCU=", - "dev": true - }, - "node_modules/svgo/node_modules/has-flag": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", - "integrity": "sha1-tdRU3CGZriJWmfNGfloH87lVuv0=", - "dev": true, - "engines": { - "node": ">=4" - } - }, - "node_modules/svgo/node_modules/mkdirp": { - "version": "0.5.5", - "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.5.tgz", - "integrity": "sha512-NKmAlESf6jMGym1++R0Ra7wvhV+wFW63FaSOFPwRahvea0gMUcGUhVeAg/0BC0wiv9ih5NYPB1Wn1UEI1/L+xQ==", - "dev": true, - "dependencies": { - "minimist": "^1.2.5" - }, - "bin": { - "mkdirp": "bin/cmd.js" - } - }, - "node_modules/svgo/node_modules/supports-color": { - "version": "5.5.0", - "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", - "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==", - "dev": true, - "dependencies": { - "has-flag": "^3.0.0" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/tabbable": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/tabbable/-/tabbable-4.0.0.tgz", - "integrity": "sha512-H1XoH1URcBOa/rZZWxLxHCtOdVUEev+9vo5YdYhC9tCY4wnybX+VQrCYuy9ubkg69fCBxCONJOSLGfw0DWMffQ==" + "peer": true }, "node_modules/table": { "version": "6.7.1", @@ -17435,77 +13769,36 @@ "url": "https://github.com/chalk/slice-ansi?sponsor=1" } }, - "node_modules/tapable": { - "version": "2.2.1", - "resolved": "https://registry.npmjs.org/tapable/-/tapable-2.2.1.tgz", - "integrity": "sha512-GNzQvQTOIP6RyTfE2Qxb8ZVlNmw0n88vp1szwWRimP02mnTsx3Wtn5qRdqY9w2XduFNUgvOwhNnQsjwCp+kqaQ==", - "dev": true, - "engines": { - "node": ">=6" - } - }, - "node_modules/tar-stream": { - "version": "1.6.2", - "resolved": "https://registry.npmjs.org/tar-stream/-/tar-stream-1.6.2.tgz", - "integrity": "sha512-rzS0heiNf8Xn7/mpdSVVSMAWAoy9bfb1WOTYC78Z0UQKeKa/CWS8FOq0lKGNa8DWKAn9gxjCvMLYc5PGXYlK2A==", + "node_modules/terminal-link": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/terminal-link/-/terminal-link-2.1.1.tgz", + "integrity": "sha512-un0FmiRUQNr5PJqy9kP7c40F5BOfpGlYTrxonDChEZB7pzZxRNp/bt+ymiy9/npwXya9KH99nJ/GXFIiUkYGFQ==", "dev": true, + "peer": true, "dependencies": { - "bl": "^1.0.0", - "buffer-alloc": "^1.2.0", - "end-of-stream": "^1.0.0", - "fs-constants": "^1.0.0", - "readable-stream": "^2.3.0", - "to-buffer": "^1.1.1", - "xtend": "^4.0.0" + "ansi-escapes": "^4.2.1", + "supports-hyperlinks": "^2.0.0" }, "engines": { - "node": ">= 0.8.0" + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" } }, - "node_modules/tar-stream/node_modules/readable-stream": { - "version": "2.3.7", - "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.7.tgz", - "integrity": "sha512-Ebho8K4jIbHAxnuxi7o42OrZgF/ZTNcsZj6nRKyUmkhLFq8CHItp/fy6hQZuZmP/n3yZ9VBUbp4zz/mX8hmYPw==", + "node_modules/test-exclude": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/test-exclude/-/test-exclude-6.0.0.tgz", + "integrity": "sha512-cAGWPIyOHU6zlmg88jwm7VRyXnMN7iV68OGAbYDk/Mh/xC/pzVPlQtY6ngoIH/5/tciuhGfvESU8GrHrcxD56w==", "dev": true, + "peer": true, "dependencies": { - "core-util-is": "~1.0.0", - "inherits": "~2.0.3", - "isarray": "~1.0.0", - "process-nextick-args": "~2.0.0", - "safe-buffer": "~5.1.1", - "string_decoder": "~1.1.1", - "util-deprecate": "~1.0.1" - } - }, - "node_modules/tar-stream/node_modules/string_decoder": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", - "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==", - "dev": true, - "dependencies": { - "safe-buffer": "~5.1.0" - } - }, - "node_modules/temp-dir": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/temp-dir/-/temp-dir-1.0.0.tgz", - "integrity": "sha1-CnwOom06Oa+n4OvqnB/AvE2qAR0=", - "dev": true, - "engines": { - "node": ">=4" - } - }, - "node_modules/tempfile": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/tempfile/-/tempfile-2.0.0.tgz", - "integrity": "sha1-awRGhWqbERTRhW/8vlCczLCXcmU=", - "dev": true, - "dependencies": { - "temp-dir": "^1.0.0", - "uuid": "^3.0.1" + "@istanbuljs/schema": "^0.1.2", + "glob": "^7.1.4", + "minimatch": "^3.0.4" }, "engines": { - "node": ">=4" + "node": ">=8" } }, "node_modules/text-table": { @@ -17514,25 +13807,25 @@ "integrity": "sha1-f17oI66AUgfACvLfSoTsP8+lcLQ=", "dev": true }, + "node_modules/throat": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/throat/-/throat-5.0.0.tgz", + "integrity": "sha512-fcwX4mndzpLQKBS1DVYhGAcYaYt7vsHNIvQV+WXMvnow5cgjPphq5CaayLaGsjRdSCKZFNGt7/GYAuXaNOiYCA==", + "dev": true, + "peer": true + }, "node_modules/through": { "version": "2.3.8", "resolved": "https://registry.npmjs.org/through/-/through-2.3.8.tgz", "integrity": "sha1-DdTJ/6q8NXlgsbckEV1+Doai4fU=", "dev": true }, - "node_modules/timed-out": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/timed-out/-/timed-out-4.0.1.tgz", - "integrity": "sha1-8y6srFoXW+ol1/q1Zas+2HQe9W8=", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/timers-browserify": { "version": "2.0.12", "resolved": "https://registry.npmjs.org/timers-browserify/-/timers-browserify-2.0.12.tgz", "integrity": "sha512-9phl76Cqm6FhSX9Xe1ZUAMLtm1BLkKj2Qd5ApyWkXzsMRaA7dgr81kf4wJmQf/hAvg8EEyJxDo3du/0KlhPiKQ==", + "dev": true, + "peer": true, "dependencies": { "setimmediate": "^1.0.4" }, @@ -17540,11 +13833,6 @@ "node": ">=0.6.0" } }, - "node_modules/tiny-warning": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/tiny-warning/-/tiny-warning-1.0.3.tgz", - "integrity": "sha512-lBN9zLN/oAf68o3zNXYrdCt1kP8WsiGW8Oo2ka41b2IM5JL/S1CTyX1rW0mb/zSuJun0ZUrDxx4sqvYS2FWzPA==" - }, "node_modules/tlds": { "version": "1.221.1", "resolved": "https://registry.npmjs.org/tlds/-/tlds-1.221.1.tgz", @@ -17566,21 +13854,25 @@ "node": ">=0.6.0" } }, + "node_modules/tmpl": { + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/tmpl/-/tmpl-1.0.5.tgz", + "integrity": "sha512-3f0uOEAQwIqGuWW2MVzYg8fV/QNnc/IpuJNG837rLuczAaLVHslWHZQj4IGiEl5Hs3kkbhwL9Ab7Hrsmuj+Smw==", + "dev": true, + "peer": true + }, "node_modules/to-arraybuffer": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/to-arraybuffer/-/to-arraybuffer-1.0.1.tgz", - "integrity": "sha1-fSKbH8xjfkZsoIEYCDanqr/4P0M=" - }, - "node_modules/to-buffer": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/to-buffer/-/to-buffer-1.1.1.tgz", - "integrity": "sha512-lx9B5iv7msuFYE3dytT+KE5tap+rNYw+K4jVkb9R/asAb+pbBSM17jtunHplhBe6RRJdZx3Pn2Jph24O32mOVg==", - "dev": true + "integrity": "sha1-fSKbH8xjfkZsoIEYCDanqr/4P0M=", + "dev": true, + "peer": true }, "node_modules/to-fast-properties": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/to-fast-properties/-/to-fast-properties-2.0.0.tgz", "integrity": "sha1-3F5pjL0HkmW8c+A3doGk5Og/YW4=", + "dev": true, "engines": { "node": ">=4" } @@ -17590,6 +13882,7 @@ "resolved": "https://registry.npmjs.org/to-object-path/-/to-object-path-0.3.0.tgz", "integrity": "sha1-KXWIt7Dn4KwI4E5nL4XB9JmeF68=", "dev": true, + "peer": true, "dependencies": { "kind-of": "^3.0.2" }, @@ -17601,13 +13894,15 @@ "version": "1.1.6", "resolved": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.6.tgz", "integrity": "sha512-NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w==", - "dev": true + "dev": true, + "peer": true }, "node_modules/to-object-path/node_modules/kind-of": { "version": "3.2.2", "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", "integrity": "sha1-MeohpzS6ubuw8yRm2JOupR5KPGQ=", "dev": true, + "peer": true, "dependencies": { "is-buffer": "^1.1.5" }, @@ -17620,6 +13915,7 @@ "resolved": "https://registry.npmjs.org/to-regex/-/to-regex-3.0.2.tgz", "integrity": "sha512-FWtleNAtZ/Ki2qtqej2CXTOayOH9bHDQF+Q48VpWyDXjbYxA4Yz8iDB31zXOBUlOHHKidDbqGVrTUvQMPmBGBw==", "dev": true, + "peer": true, "dependencies": { "define-property": "^2.0.2", "extend-shallow": "^3.0.2", @@ -17634,6 +13930,7 @@ "version": "5.0.1", "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==", + "dev": true, "dependencies": { "is-number": "^7.0.0" }, @@ -17641,40 +13938,51 @@ "node": ">=8.0" } }, - "node_modules/to-vfile": { - "version": "6.1.0", - "resolved": "https://registry.npmjs.org/to-vfile/-/to-vfile-6.1.0.tgz", - "integrity": "sha512-BxX8EkCxOAZe+D/ToHdDsJcVI4HqQfmw0tCkp31zf3dNP/XWIAjU4CmeuSwsSoOzOTqHPOL0KUzyZqJplkD0Qw==", - "dependencies": { - "is-buffer": "^2.0.0", - "vfile": "^4.0.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" - } - }, "node_modules/toidentifier": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.0.tgz", "integrity": "sha512-yaOH/Pk/VEhBWWTlhI+qXxDFXlejDGcQipMlyxda9nthulaxLZUNcUqFxokp0vcYnvteJln5FNQDRrxj3YcbVw==", + "dev": true, + "peer": true, "engines": { "node": ">=0.6" } }, + "node_modules/tough-cookie": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-4.0.0.tgz", + "integrity": "sha512-tHdtEpQCMrc1YLrMaqXXcj6AxhYi/xgit6mZu1+EDWUn+qhUf8wMQoFIy9NXuq23zAwtcB0t/MjACGR18pcRbg==", + "dev": true, + "peer": true, + "dependencies": { + "psl": "^1.1.33", + "punycode": "^2.1.1", + "universalify": "^0.1.2" + }, + "engines": { + "node": ">=6" + } + }, + "node_modules/tough-cookie/node_modules/universalify": { + "version": "0.1.2", + "resolved": "https://registry.npmjs.org/universalify/-/universalify-0.1.2.tgz", + "integrity": "sha512-rBJeI5CXAlmy1pV+617WB9J63U6XcazHHF2f2dbJix4XzpUF0RS3Zbj0FGIOCAva5P/d/GBOYaACQ1w+0azUkg==", + "dev": true, + "peer": true, + "engines": { + "node": ">= 4.0.0" + } + }, "node_modules/tr46": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/tr46/-/tr46-1.0.1.tgz", "integrity": "sha1-qLE/1r/SSJUZZ0zN5VujaTtwbQk=", + "dev": true, + "peer": true, "dependencies": { "punycode": "^2.1.0" } }, - "node_modules/trim": { - "version": "0.0.1", - "resolved": "https://registry.npmjs.org/trim/-/trim-0.0.1.tgz", - "integrity": "sha1-WFhUf2spB1fulczMZm+1AITEYN0=" - }, "node_modules/trim-newlines": { "version": "3.0.1", "resolved": "https://registry.npmjs.org/trim-newlines/-/trim-newlines-3.0.1.tgz", @@ -17684,42 +13992,16 @@ "node": ">=8" } }, - "node_modules/trim-repeated": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/trim-repeated/-/trim-repeated-1.0.0.tgz", - "integrity": "sha1-42RqLqTokTEr9+rObPsFOAvAHCE=", - "dev": true, - "dependencies": { - "escape-string-regexp": "^1.0.2" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/trim-trailing-lines": { - "version": "1.1.4", - "resolved": "https://registry.npmjs.org/trim-trailing-lines/-/trim-trailing-lines-1.1.4.tgz", - "integrity": "sha512-rjUWSqnfTNrjbB9NQWfPMH/xRK1deHeGsHoVfpxJ++XeYXE0d6B1En37AHfw3jtfTU7dzMzZL2jjpe8Qb5gLIQ==", - "funding": { - "type": "github", - "url": "https://github.com/sponsors/wooorm" - } - }, "node_modules/trough": { "version": "1.0.5", "resolved": "https://registry.npmjs.org/trough/-/trough-1.0.5.tgz", "integrity": "sha512-rvuRbTarPXmMb79SmzEp8aqXNKcK+y0XaB298IXueQ8I2PsrATcPBCSPyK/dDNa2iWOhKlfNnOjdAOTBU/nkFA==", + "dev": true, "funding": { "type": "github", "url": "https://github.com/sponsors/wooorm" } }, - "node_modules/tryer": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/tryer/-/tryer-1.0.1.tgz", - "integrity": "sha512-c3zayb8/kWWpycWYg87P71E1S1ZL6b6IJxfb5fvsUgsf0S2MVGaDhDXXjDMpdCpfWXqptc+4mXwmiy1ypXqRAA==", - "dev": true - }, "node_modules/ts-jest": { "version": "26.5.6", "resolved": "https://registry.npmjs.org/ts-jest/-/ts-jest-26.5.6.tgz", @@ -17752,6 +14034,8 @@ "version": "1.2.0", "resolved": "https://registry.npmjs.org/ts-pnp/-/ts-pnp-1.2.0.tgz", "integrity": "sha512-csd+vJOb/gkzvcCHgTGSChYpy5f1/XKNsmvBGO4JXS+z1v2HobugDz4s1IeFXM3wZB44uczs+eazB5Q/ccdhQw==", + "dev": true, + "peer": true, "engines": { "node": ">=6" }, @@ -17788,7 +14072,8 @@ "node_modules/tslib": { "version": "1.14.1", "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", - "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==" + "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==", + "dev": true }, "node_modules/tsutils": { "version": "3.21.0", @@ -17808,19 +14093,9 @@ "node_modules/tty-browserify": { "version": "0.0.1", "resolved": "https://registry.npmjs.org/tty-browserify/-/tty-browserify-0.0.1.tgz", - "integrity": "sha512-C3TaO7K81YvjCgQH9Q1S3R3P3BtN3RIM8n+OvX4il1K1zgE8ZhI0op7kClgkxtutIE8hQrcrHBXvIheqKUUCxw==" - }, - "node_modules/tunnel-agent": { - "version": "0.6.0", - "resolved": "https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.6.0.tgz", - "integrity": "sha1-J6XeoGs2sEoKmWZ3SykIaPD8QP0=", + "integrity": "sha512-C3TaO7K81YvjCgQH9Q1S3R3P3BtN3RIM8n+OvX4il1K1zgE8ZhI0op7kClgkxtutIE8hQrcrHBXvIheqKUUCxw==", "dev": true, - "dependencies": { - "safe-buffer": "^5.0.1" - }, - "engines": { - "node": "*" - } + "peer": true }, "node_modules/type-check": { "version": "0.4.0", @@ -17834,6 +14109,16 @@ "node": ">= 0.8.0" } }, + "node_modules/type-detect": { + "version": "4.0.8", + "resolved": "https://registry.npmjs.org/type-detect/-/type-detect-4.0.8.tgz", + "integrity": "sha512-0fr/mIH1dlO+x7TlcMy+bIDqKPsw/70tVyeHW787goQjhmqaZe10uwLujubK9q9Lg6Fiho1KUKDYz0Z7k7g5/g==", + "dev": true, + "peer": true, + "engines": { + "node": ">=4" + } + }, "node_modules/type-fest": { "version": "0.8.1", "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.8.1.tgz", @@ -17843,18 +14128,6 @@ "node": ">=8" } }, - "node_modules/type-is": { - "version": "1.6.18", - "resolved": "https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz", - "integrity": "sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g==", - "dependencies": { - "media-typer": "0.3.0", - "mime-types": "~2.1.24" - }, - "engines": { - "node": ">= 0.6" - } - }, "node_modules/typedarray-to-buffer": { "version": "3.1.5", "resolved": "https://registry.npmjs.org/typedarray-to-buffer/-/typedarray-to-buffer-3.1.5.tgz", @@ -17869,6 +14142,7 @@ "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.3.5.tgz", "integrity": "sha512-DqQgihaQ9cUrskJo9kIyW/+g0Vxsk8cDtZ52a3NGh0YNTfpUSArXSohyUGnvbPazEPLu398C0UxmKSOrPumUzA==", "dev": true, + "peer": true, "bin": { "tsc": "bin/tsc", "tsserver": "bin/tsserver" @@ -17877,28 +14151,11 @@ "node": ">=4.2.0" } }, - "node_modules/ua-parser-js": { - "version": "0.7.28", - "resolved": "https://registry.npmjs.org/ua-parser-js/-/ua-parser-js-0.7.28.tgz", - "integrity": "sha512-6Gurc1n//gjp9eQNXjD9O3M/sMwVtN5S8Lv9bvOYBfKfDNiIIhqiyi01vMBO45u4zkDE420w/e0se7Vs+sIg+g==", - "funding": [ - { - "type": "opencollective", - "url": "https://opencollective.com/ua-parser-js" - }, - { - "type": "paypal", - "url": "https://paypal.me/faisalman" - } - ], - "engines": { - "node": "*" - } - }, "node_modules/unbox-primitive": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/unbox-primitive/-/unbox-primitive-1.0.1.tgz", "integrity": "sha512-tZU/3NqK3dA5gpE1KtyiJUrEB0lxnGkMFHptJ7q6ewdZ8s12QrODwNbhIJStmJkd1QDXa1NRA8aF2A1zk/Ypyw==", + "dev": true, "dependencies": { "function-bind": "^1.1.1", "has-bigints": "^1.0.1", @@ -17909,38 +14166,11 @@ "url": "https://github.com/sponsors/ljharb" } }, - "node_modules/unbzip2-stream": { - "version": "1.4.3", - "resolved": "https://registry.npmjs.org/unbzip2-stream/-/unbzip2-stream-1.4.3.tgz", - "integrity": "sha512-mlExGW4w71ebDJviH16lQLtZS32VKqsSfk80GCfUlwT/4/hNRFsoscrF/c++9xinkMzECL1uL9DDwXqFWkruPg==", - "dev": true, - "dependencies": { - "buffer": "^5.2.1", - "through": "^2.3.8" - } - }, - "node_modules/unfetch": { - "version": "4.2.0", - "resolved": "https://registry.npmjs.org/unfetch/-/unfetch-4.2.0.tgz", - "integrity": "sha512-F9p7yYCn6cIW9El1zi0HI6vqpeIvBsr3dSuRO6Xuppb1u5rXpCPmMvLSyECLhybr9isec8Ohl0hPekMVrEinDA==" - }, - "node_modules/unherit": { - "version": "1.1.3", - "resolved": "https://registry.npmjs.org/unherit/-/unherit-1.1.3.tgz", - "integrity": "sha512-Ft16BJcnapDKp0+J/rqFC3Rrk6Y/Ng4nzsC028k2jdDII/rdZ7Wd3pPT/6+vIIxRagwRc9K0IUX0Ra4fKvw+WQ==", - "dependencies": { - "inherits": "^2.0.0", - "xtend": "^4.0.0" - }, - "funding": { - "type": "github", - "url": "https://github.com/sponsors/wooorm" - } - }, "node_modules/unified": { "version": "9.2.0", "resolved": "https://registry.npmjs.org/unified/-/unified-9.2.0.tgz", "integrity": "sha512-vx2Z0vY+a3YoTj8+pttM3tiJHCwY5UFbYdiWrwBEbHmK8pvsPj2rtAX2BFfgXen8T39CJWblWRDT4L5WGXtDdg==", + "dev": true, "dependencies": { "bail": "^1.0.0", "extend": "^3.0.0", @@ -17958,6 +14188,7 @@ "version": "2.1.0", "resolved": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-2.1.0.tgz", "integrity": "sha512-YWnfyRwxL/+SsrWYfOpUtz5b3YD+nyfkHvjbcanzk8zgyO4ASD67uVMRt8k5bM4lLMDnXfriRhOpemw+NfT1eA==", + "dev": true, "engines": { "node": ">=8" } @@ -17967,6 +14198,7 @@ "resolved": "https://registry.npmjs.org/union-value/-/union-value-1.0.1.tgz", "integrity": "sha512-tJfXmxMeWYnczCVs7XAEvIV7ieppALdyepWMkHkwciRpZraG/xwT+s2JN8+pr1+8jCRf80FFzvr+MpQeeoF4Xg==", "dev": true, + "peer": true, "dependencies": { "arr-union": "^3.1.0", "get-value": "^2.0.6", @@ -17977,27 +14209,6 @@ "node": ">=0.10.0" } }, - "node_modules/unist-builder": { - "version": "2.0.3", - "resolved": "https://registry.npmjs.org/unist-builder/-/unist-builder-2.0.3.tgz", - "integrity": "sha512-f98yt5pnlMWlzP539tPc4grGMsFaQQlP/vM396b00jngsiINumNmsY8rkXjfoi1c6QaM8nQ3vaGDuoKWbe/1Uw==", - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" - } - }, - "node_modules/unist-util-find-after": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/unist-util-find-after/-/unist-util-find-after-3.0.0.tgz", - "integrity": "sha512-ojlBqfsBftYXExNu3+hHLfJQ/X1jYY/9vdm4yZWjIbf0VuWF6CRufci1ZyoD/wV2TYMKxXUoNuoqwy+CkgzAiQ==", - "dependencies": { - "unist-util-is": "^4.0.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" - } - }, "node_modules/unist-util-find-all-after": { "version": "3.0.2", "resolved": "https://registry.npmjs.org/unist-util-find-all-after/-/unist-util-find-all-after-3.0.2.tgz", @@ -18011,70 +14222,11 @@ "url": "https://opencollective.com/unified" } }, - "node_modules/unist-util-flatmap": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/unist-util-flatmap/-/unist-util-flatmap-1.0.0.tgz", - "integrity": "sha512-IG32jcKJlhARCYT2LsYPJWdoXYkzz3ESAdl1aa2hn9Auh+cgUmU6wgkII4yCc/1GgeWibRdELdCZh/p3QKQ1dQ==" - }, - "node_modules/unist-util-generated": { - "version": "1.1.6", - "resolved": "https://registry.npmjs.org/unist-util-generated/-/unist-util-generated-1.1.6.tgz", - "integrity": "sha512-cln2Mm1/CZzN5ttGK7vkoGw+RZ8VcUH6BtGbq98DDtRGquAAOXig1mrBQYelOwMXYS8rK+vZDyyojSjp7JX+Lg==", - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" - } - }, "node_modules/unist-util-is": { "version": "4.1.0", "resolved": "https://registry.npmjs.org/unist-util-is/-/unist-util-is-4.1.0.tgz", "integrity": "sha512-ZOQSsnce92GrxSqlnEEseX0gi7GH9zTJZ0p9dtu87WRb/37mMPO2Ilx1s/t9vBHrFhbgweUwb+t7cIn5dxPhZg==", - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" - } - }, - "node_modules/unist-util-map": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/unist-util-map/-/unist-util-map-2.0.1.tgz", - "integrity": "sha512-VdNvk4BQUUU9Rgr8iUOvclHa/iN9O+6Dt66FKij8l9OVezGG37gGWCPU5KSax1R2degqXFvl3kWTkvzL79e9tQ==", - "dependencies": { - "@types/mdast": "^3.0.0", - "object-assign": "^4.0.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" - } - }, - "node_modules/unist-util-position": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/unist-util-position/-/unist-util-position-3.1.0.tgz", - "integrity": "sha512-w+PkwCbYSFw8vpgWD0v7zRCl1FpY3fjDSQ3/N/wNd9Ffa4gPi8+4keqt99N3XW6F99t/mUzp2xAhNmfKWp95QA==", - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" - } - }, - "node_modules/unist-util-remove": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/unist-util-remove/-/unist-util-remove-2.1.0.tgz", - "integrity": "sha512-J8NYPyBm4baYLdCbjmf1bhPu45Cr1MWTm77qd9istEkzWpnN6O9tMsEbB2JhNnBCqGENRqEWomQ+He6au0B27Q==", - "dependencies": { - "unist-util-is": "^4.0.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" - } - }, - "node_modules/unist-util-remove-position": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/unist-util-remove-position/-/unist-util-remove-position-2.0.1.tgz", - "integrity": "sha512-fDZsLYIe2uT+oGFnuZmy73K6ZxOPG/Qcm+w7jbEjaFcJgbQ6cqjs/eSPzXhsmGpAsWPkqZM9pYjww5QTn3LHMA==", - "dependencies": { - "unist-util-visit": "^2.0.0" - }, + "dev": true, "funding": { "type": "opencollective", "url": "https://opencollective.com/unified" @@ -18084,6 +14236,7 @@ "version": "2.0.3", "resolved": "https://registry.npmjs.org/unist-util-stringify-position/-/unist-util-stringify-position-2.0.3.tgz", "integrity": "sha512-3faScn5I+hy9VleOq/qNbAd6pAx7iH5jYBMS9I1HgQVijz/4mv5Bvw5iw1sC/90CODiKo81G/ps8AJrISn687g==", + "dev": true, "dependencies": { "@types/unist": "^2.0.2" }, @@ -18092,33 +14245,6 @@ "url": "https://opencollective.com/unified" } }, - "node_modules/unist-util-visit": { - "version": "2.0.3", - "resolved": "https://registry.npmjs.org/unist-util-visit/-/unist-util-visit-2.0.3.tgz", - "integrity": "sha512-iJ4/RczbJMkD0712mGktuGpm/U4By4FfDonL7N/9tATGIF4imikjOuagyMY53tnZq3NP6BcmlrHhEKAfGWjh7Q==", - "dependencies": { - "@types/unist": "^2.0.0", - "unist-util-is": "^4.0.0", - "unist-util-visit-parents": "^3.0.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" - } - }, - "node_modules/unist-util-visit-parents": { - "version": "3.1.1", - "resolved": "https://registry.npmjs.org/unist-util-visit-parents/-/unist-util-visit-parents-3.1.1.tgz", - "integrity": "sha512-1KROIZWo6bcMrZEwiH2UrXDyalAa0uqzWCxCJj6lPOvTve2WkfgCytoDTPaMnodXh1WrXOq0haVYHj99ynJlsg==", - "dependencies": { - "@types/unist": "^2.0.0", - "unist-util-is": "^4.0.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" - } - }, "node_modules/universalify": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/universalify/-/universalify-1.0.0.tgz", @@ -18132,21 +14258,18 @@ "version": "1.0.0", "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz", "integrity": "sha1-sr9O6FFKrmFltIF4KdIbLvSZBOw=", + "dev": true, + "peer": true, "engines": { "node": ">= 0.8" } }, - "node_modules/unquote": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/unquote/-/unquote-1.1.1.tgz", - "integrity": "sha1-j97XMk7G6IoP+LkF58CYzcCG1UQ=", - "dev": true - }, "node_modules/unset-value": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/unset-value/-/unset-value-1.0.0.tgz", "integrity": "sha1-g3aHP30jNRef+x5vw6jtDfyKtVk=", "dev": true, + "peer": true, "dependencies": { "has-value": "^0.3.1", "isobject": "^3.0.0" @@ -18160,6 +14283,7 @@ "resolved": "https://registry.npmjs.org/has-value/-/has-value-0.3.1.tgz", "integrity": "sha1-ex9YutpiyoJ+wKIHgCVlSEWZXh8=", "dev": true, + "peer": true, "dependencies": { "get-value": "^2.0.3", "has-values": "^0.1.4", @@ -18174,6 +14298,7 @@ "resolved": "https://registry.npmjs.org/isobject/-/isobject-2.1.0.tgz", "integrity": "sha1-8GVWEJaj8dou9GJy+BXIQNh+DIk=", "dev": true, + "peer": true, "dependencies": { "isarray": "1.0.0" }, @@ -18186,6 +14311,7 @@ "resolved": "https://registry.npmjs.org/has-values/-/has-values-0.1.4.tgz", "integrity": "sha1-bWHeldkd/Km5oCCJrThL/49it3E=", "dev": true, + "peer": true, "engines": { "node": ">=0.10.0" } @@ -18204,58 +14330,20 @@ "resolved": "https://registry.npmjs.org/urix/-/urix-0.1.0.tgz", "integrity": "sha1-2pN/emLiH+wf0Y1Js1wpNQZ6bHI=", "deprecated": "Please see https://github.com/lydell/urix#deprecated", - "dev": true + "dev": true, + "peer": true }, "node_modules/url": { "version": "0.11.0", "resolved": "https://registry.npmjs.org/url/-/url-0.11.0.tgz", "integrity": "sha1-ODjpfPxgUh63PFJajlW/3Z4uKPE=", + "dev": true, + "peer": true, "dependencies": { "punycode": "1.3.2", "querystring": "0.2.0" } }, - "node_modules/url-loader": { - "version": "1.1.2", - "resolved": "https://registry.npmjs.org/url-loader/-/url-loader-1.1.2.tgz", - "integrity": "sha512-dXHkKmw8FhPqu8asTc1puBfe3TehOCo2+RmOOev5suNCIYBcT626kxiWg1NBVkwc4rO8BGa7gP70W7VXuqHrjg==", - "dev": true, - "dependencies": { - "loader-utils": "^1.1.0", - "mime": "^2.0.3", - "schema-utils": "^1.0.0" - }, - "engines": { - "node": ">= 6.9.0" - }, - "peerDependencies": { - "webpack": "^3.0.0 || ^4.0.0" - } - }, - "node_modules/url-loader/node_modules/mime": { - "version": "2.5.2", - "resolved": "https://registry.npmjs.org/mime/-/mime-2.5.2.tgz", - "integrity": "sha512-tqkh47FzKeCPD2PUiPB6pkbMzsCasjxAfC62/Wap5qrUWcb+sFasXUC5I3gYM5iBM8v/Qpn4UK0x+j0iHyFPDg==", - "dev": true, - "bin": { - "mime": "cli.js" - }, - "engines": { - "node": ">=4.0.0" - } - }, - "node_modules/url-parse-lax": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/url-parse-lax/-/url-parse-lax-1.0.0.tgz", - "integrity": "sha1-evjzA2Rem9eaJy56FKxovAYJ2nM=", - "dev": true, - "dependencies": { - "prepend-http": "^1.0.1" - }, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/url-regex": { "version": "5.0.0", "resolved": "https://registry.npmjs.org/url-regex/-/url-regex-5.0.0.tgz", @@ -18269,25 +14357,20 @@ "node": ">=8" } }, - "node_modules/url-to-options": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/url-to-options/-/url-to-options-1.0.1.tgz", - "integrity": "sha1-FQWgOiiaSMvXpDTvuu7FBV9WM6k=", - "dev": true, - "engines": { - "node": ">= 4" - } - }, "node_modules/url/node_modules/punycode": { "version": "1.3.2", "resolved": "https://registry.npmjs.org/punycode/-/punycode-1.3.2.tgz", - "integrity": "sha1-llOgNvt8HuQjQvIyXM7v6jkmxI0=" + "integrity": "sha1-llOgNvt8HuQjQvIyXM7v6jkmxI0=", + "dev": true, + "peer": true }, "node_modules/url/node_modules/querystring": { "version": "0.2.0", "resolved": "https://registry.npmjs.org/querystring/-/querystring-0.2.0.tgz", "integrity": "sha1-sgmEkgO7Jd+CDadW50cAWHhSFiA=", "deprecated": "The querystring API is considered Legacy. new code should use the URLSearchParams API instead.", + "dev": true, + "peer": true, "engines": { "node": ">=0.4.x" } @@ -18297,62 +14380,17 @@ "resolved": "https://registry.npmjs.org/use/-/use-3.1.1.tgz", "integrity": "sha512-cwESVXlO3url9YWlFW/TA9cshCEhtu7IKJ/p5soJ/gGpj7vbvFrAY/eIioQ6Dw23KjZhYgiIo8HOs1nQ2vr/oQ==", "dev": true, + "peer": true, "engines": { "node": ">=0.10.0" } }, - "node_modules/use-callback-ref": { - "version": "1.2.5", - "resolved": "https://registry.npmjs.org/use-callback-ref/-/use-callback-ref-1.2.5.tgz", - "integrity": "sha512-gN3vgMISAgacF7sqsLPByqoePooY3n2emTH59Ur5d/M8eg4WTWu1xp8i8DHjohftIyEx0S08RiYxbffr4j8Peg==", - "engines": { - "node": ">=8.5.0" - }, - "peerDependencies": { - "@types/react": "^16.8.0 || ^17.0.0", - "react": "^16.8.0 || ^17.0.0" - }, - "peerDependenciesMeta": { - "@types/react": { - "optional": true - } - } - }, - "node_modules/use-deep-compare-effect": { - "version": "1.8.1", - "resolved": "https://registry.npmjs.org/use-deep-compare-effect/-/use-deep-compare-effect-1.8.1.tgz", - "integrity": "sha512-kbeNVZ9Zkc0RFGpfMN3MNfaKNvcLNyxOAAd9O4CBZ+kCBXXscn9s/4I+8ytUER4RDpEYs5+O6Rs4PqiZ+rHr5Q==", - "dependencies": { - "@babel/runtime": "^7.12.5", - "dequal": "^2.0.2" - }, - "engines": { - "node": ">=10", - "npm": ">=6" - }, - "peerDependencies": { - "react": ">=16.13" - } - }, - "node_modules/use-sidecar": { - "version": "1.0.5", - "resolved": "https://registry.npmjs.org/use-sidecar/-/use-sidecar-1.0.5.tgz", - "integrity": "sha512-k9jnrjYNwN6xYLj1iaGhonDghfvmeTmYjAiGvOr7clwKfPjMXJf4/HOr7oT5tJwYafgp2tG2l3eZEOfoELiMcA==", - "dependencies": { - "detect-node-es": "^1.1.0", - "tslib": "^1.9.3" - }, - "engines": { - "node": ">=8.5.0" - }, - "peerDependencies": { - "react": "^16.8.0 || ^17.0.0" - } - }, "node_modules/use-subscription": { "version": "1.5.1", "resolved": "https://registry.npmjs.org/use-subscription/-/use-subscription-1.5.1.tgz", "integrity": "sha512-Xv2a1P/yReAjAbhylMfFplFKj9GssgTwN7RlcTxBujFQcloStWNDQdc4g4NRWH9xS4i/FDk04vQBptAXoF3VcA==", + "dev": true, + "peer": true, "dependencies": { "object-assign": "^4.1.1" }, @@ -18364,6 +14402,8 @@ "version": "0.12.4", "resolved": "https://registry.npmjs.org/util/-/util-0.12.4.tgz", "integrity": "sha512-bxZ9qtSlGUWSOy9Qa9Xgk11kSslpuZwaxCg4sNIDj6FLucDab2JxnHwyNTCpHMtK1MjoQiWQ6DiUMZYbSrO+Sw==", + "dev": true, + "peer": true, "dependencies": { "inherits": "^2.0.3", "is-arguments": "^1.0.4", @@ -18376,40 +14416,8 @@ "node_modules/util-deprecate": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz", - "integrity": "sha1-RQ1Nyfpw3nMnYvvS1KKJgUGaDM8=" - }, - "node_modules/util.promisify": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/util.promisify/-/util.promisify-1.0.1.tgz", - "integrity": "sha512-g9JpC/3He3bm38zsLupWryXHoEcS22YHthuPQSJdMy6KNrzIRzWqcsHzD/WUnqe45whVou4VIsPew37DoXWNrA==", - "dev": true, - "dependencies": { - "define-properties": "^1.1.3", - "es-abstract": "^1.17.2", - "has-symbols": "^1.0.1", - "object.getownpropertydescriptors": "^2.1.0" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/utils-merge": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz", - "integrity": "sha1-n5VxD1CiZ5R7LMwSR0HBAoQn5xM=", - "engines": { - "node": ">= 0.4.0" - } - }, - "node_modules/uuid": { - "version": "3.4.0", - "resolved": "https://registry.npmjs.org/uuid/-/uuid-3.4.0.tgz", - "integrity": "sha512-HjSDRw6gZE5JMggctHBcjVak08+KEVhSIiDzFnT9S9aegmp85S/bReBVTb4QTFaRNptJ9kuYaNhnbNEOkbKb/A==", - "deprecated": "Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.", - "dev": true, - "bin": { - "uuid": "bin/uuid" - } + "integrity": "sha1-RQ1Nyfpw3nMnYvvS1KKJgUGaDM8=", + "dev": true }, "node_modules/v8-compile-cache": { "version": "2.3.0", @@ -18417,6 +14425,31 @@ "integrity": "sha512-l8lCEmLcLYZh4nbunNZvQCJc5pv7+RCwa8q/LdUx8u7lsWvPDKmpodJAJNwkAhJC//dFY48KuIEmjtd4RViDrA==", "dev": true }, + "node_modules/v8-to-istanbul": { + "version": "7.1.2", + "resolved": "https://registry.npmjs.org/v8-to-istanbul/-/v8-to-istanbul-7.1.2.tgz", + "integrity": "sha512-TxNb7YEUwkLXCQYeudi6lgQ/SZrzNO4kMdlqVxaZPUIUjCv6iSSypUQX70kNBSERpQ8fk48+d61FXk+tgqcWow==", + "dev": true, + "peer": true, + "dependencies": { + "@types/istanbul-lib-coverage": "^2.0.1", + "convert-source-map": "^1.6.0", + "source-map": "^0.7.3" + }, + "engines": { + "node": ">=10.10.0" + } + }, + "node_modules/v8-to-istanbul/node_modules/source-map": { + "version": "0.7.3", + "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.7.3.tgz", + "integrity": "sha512-CkCj6giN3S+n9qrYiBTX5gystlENnRW5jZeNLHpe6aue+SrHcG5VYwujhW9s4dY31mEGsxBDrHR6oI69fTXsaQ==", + "dev": true, + "peer": true, + "engines": { + "node": ">= 8" + } + }, "node_modules/validate-npm-package-license": { "version": "3.0.4", "resolved": "https://registry.npmjs.org/validate-npm-package-license/-/validate-npm-package-license-3.0.4.tgz", @@ -18427,18 +14460,11 @@ "spdx-expression-parse": "^3.0.0" } }, - "node_modules/vary": { - "version": "1.1.2", - "resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz", - "integrity": "sha1-IpnwLG3tMNSllhsLn3RSShj2NPw=", - "engines": { - "node": ">= 0.8" - } - }, "node_modules/vfile": { "version": "4.2.1", "resolved": "https://registry.npmjs.org/vfile/-/vfile-4.2.1.tgz", "integrity": "sha512-O6AE4OskCG5S1emQ/4gl8zK586RqA3srz3nfK/Viy0UPToBc5Trp9BVFb1u0CjsKrAWwnpr4ifM/KBXPWwJbCA==", + "dev": true, "dependencies": { "@types/unist": "^2.0.0", "is-buffer": "^2.0.0", @@ -18450,19 +14476,11 @@ "url": "https://opencollective.com/unified" } }, - "node_modules/vfile-location": { - "version": "3.2.0", - "resolved": "https://registry.npmjs.org/vfile-location/-/vfile-location-3.2.0.tgz", - "integrity": "sha512-aLEIZKv/oxuCDZ8lkJGhuhztf/BW4M+iHdCwglA/eWc+vtuRFJj8EtgceYFX4LRjOhCAAiNHsKGssC6onJ+jbA==", - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" - } - }, "node_modules/vfile-message": { "version": "2.0.4", "resolved": "https://registry.npmjs.org/vfile-message/-/vfile-message-2.0.4.tgz", "integrity": "sha512-DjssxRGkMvifUOJre00juHoP9DPWuzjxKuMDrhNbk2TdaYYBNMStsNhEOt3idrtI12VQYM/1+iM0KOzXi4pxwQ==", + "dev": true, "dependencies": { "@types/unist": "^2.0.0", "unist-util-stringify-position": "^2.0.0" @@ -18475,12 +14493,49 @@ "node_modules/vm-browserify": { "version": "1.1.2", "resolved": "https://registry.npmjs.org/vm-browserify/-/vm-browserify-1.1.2.tgz", - "integrity": "sha512-2ham8XPWTONajOR0ohOKOHXkm3+gaBmGut3SRuu75xLd/RRaY6vqgh8NBYYk7+RW3u5AtzPQZG8F10LHkl0lAQ==" + "integrity": "sha512-2ham8XPWTONajOR0ohOKOHXkm3+gaBmGut3SRuu75xLd/RRaY6vqgh8NBYYk7+RW3u5AtzPQZG8F10LHkl0lAQ==", + "dev": true, + "peer": true + }, + "node_modules/w3c-hr-time": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/w3c-hr-time/-/w3c-hr-time-1.0.2.tgz", + "integrity": "sha512-z8P5DvDNjKDoFIHK7q8r8lackT6l+jo/Ye3HOle7l9nICP9lf1Ci25fy9vHd0JOWewkIFzXIEig3TdKT7JQ5fQ==", + "dev": true, + "peer": true, + "dependencies": { + "browser-process-hrtime": "^1.0.0" + } + }, + "node_modules/w3c-xmlserializer": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/w3c-xmlserializer/-/w3c-xmlserializer-2.0.0.tgz", + "integrity": "sha512-4tzD0mF8iSiMiNs30BiLO3EpfGLZUT2MSX/G+o7ZywDzliWQ3OPtTZ0PTC3B3ca1UAf4cJMHB+2Bf56EriJuRA==", + "dev": true, + "peer": true, + "dependencies": { + "xml-name-validator": "^3.0.0" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/walker": { + "version": "1.0.8", + "resolved": "https://registry.npmjs.org/walker/-/walker-1.0.8.tgz", + "integrity": "sha512-ts/8E8l5b7kY0vlWLewOkDXMmPdLcVV4GmOQLyxuSswIJsweeFZtAsMF7k1Nszz+TYBQrlYRmzOnr398y1JemQ==", + "dev": true, + "peer": true, + "dependencies": { + "makeerror": "1.0.12" + } }, "node_modules/watchpack": { "version": "2.1.1", "resolved": "https://registry.npmjs.org/watchpack/-/watchpack-2.1.1.tgz", "integrity": "sha512-Oo7LXCmc1eE1AjyuSBmtC3+Wy4HcV8PxWh2kP6fOl8yTlNS7r0K9l1ao2lrrUza7V39Y3D/BbJgY8VeSlc5JKw==", + "dev": true, + "peer": true, "dependencies": { "glob-to-regexp": "^0.4.1", "graceful-fs": "^4.1.2" @@ -18489,141 +14544,36 @@ "node": ">=10.13.0" } }, - "node_modules/web-namespaces": { - "version": "1.1.4", - "resolved": "https://registry.npmjs.org/web-namespaces/-/web-namespaces-1.1.4.tgz", - "integrity": "sha512-wYxSGajtmoP4WxfejAPIr4l0fVh+jeMXZb08wNc0tMg6xsfZXj3cECqIK0G7ZAqUq0PP8WlMDtaOGVBTAWztNw==", - "funding": { - "type": "github", - "url": "https://github.com/sponsors/wooorm" - } - }, "node_modules/webidl-conversions": { "version": "4.0.2", "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-4.0.2.tgz", - "integrity": "sha512-YQ+BmxuTgd6UXZW3+ICGfyqRyHXVlD5GtQr5+qjiNW7bF0cqrzX500HVXPBOvgXb5YnzDd+h0zqyv61KUD7+Sg==" - }, - "node_modules/webpack-bundle-analyzer": { - "version": "3.6.1", - "resolved": "https://registry.npmjs.org/webpack-bundle-analyzer/-/webpack-bundle-analyzer-3.6.1.tgz", - "integrity": "sha512-Nfd8HDwfSx1xBwC+P8QMGvHAOITxNBSvu/J/mCJvOwv+G4VWkU7zir9SSenTtyCi0LnVtmsc7G5SZo1uV+bxRw==", + "integrity": "sha512-YQ+BmxuTgd6UXZW3+ICGfyqRyHXVlD5GtQr5+qjiNW7bF0cqrzX500HVXPBOvgXb5YnzDd+h0zqyv61KUD7+Sg==", "dev": true, + "peer": true + }, + "node_modules/whatwg-encoding": { + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/whatwg-encoding/-/whatwg-encoding-1.0.5.tgz", + "integrity": "sha512-b5lim54JOPN9HtzvK9HFXvBma/rnfFeqsic0hSpjtDbVxR3dJKLc+KB4V6GgiGOvl7CY/KNh8rxSo9DKQrnUEw==", + "dev": true, + "peer": true, "dependencies": { - "acorn": "^7.1.1", - "acorn-walk": "^7.1.1", - "bfj": "^6.1.1", - "chalk": "^2.4.1", - "commander": "^2.18.0", - "ejs": "^2.6.1", - "express": "^4.16.3", - "filesize": "^3.6.1", - "gzip-size": "^5.0.0", - "lodash": "^4.17.15", - "mkdirp": "^0.5.1", - "opener": "^1.5.1", - "ws": "^6.0.0" - }, - "bin": { - "webpack-bundle-analyzer": "lib/bin/analyzer.js" - }, - "engines": { - "node": ">= 6.14.4" + "iconv-lite": "0.4.24" } }, - "node_modules/webpack-bundle-analyzer/node_modules/ansi-styles": { - "version": "3.2.1", - "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz", - "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==", + "node_modules/whatwg-mimetype": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/whatwg-mimetype/-/whatwg-mimetype-2.3.0.tgz", + "integrity": "sha512-M4yMwr6mAnQz76TbJm914+gPpB/nCwvZbJU28cUD6dR004SAxDLOOSUaB1JDRqLtaOV/vi0IC5lEAGFgrjGv/g==", "dev": true, - "dependencies": { - "color-convert": "^1.9.0" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/webpack-bundle-analyzer/node_modules/chalk": { - "version": "2.4.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz", - "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==", - "dev": true, - "dependencies": { - "ansi-styles": "^3.2.1", - "escape-string-regexp": "^1.0.5", - "supports-color": "^5.3.0" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/webpack-bundle-analyzer/node_modules/color-convert": { - "version": "1.9.3", - "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", - "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==", - "dev": true, - "dependencies": { - "color-name": "1.1.3" - } - }, - "node_modules/webpack-bundle-analyzer/node_modules/color-name": { - "version": "1.1.3", - "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", - "integrity": "sha1-p9BVi9icQveV3UIyj3QIMcpTvCU=", - "dev": true - }, - "node_modules/webpack-bundle-analyzer/node_modules/commander": { - "version": "2.20.3", - "resolved": "https://registry.npmjs.org/commander/-/commander-2.20.3.tgz", - "integrity": "sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ==", - "dev": true - }, - "node_modules/webpack-bundle-analyzer/node_modules/ejs": { - "version": "2.7.4", - "resolved": "https://registry.npmjs.org/ejs/-/ejs-2.7.4.tgz", - "integrity": "sha512-7vmuyh5+kuUyJKePhQfRQBhXV5Ce+RnaeeQArKu1EAMpL3WbgMt5WG6uQZpEVvYSSsxMXRKOewtDk9RaTKXRlA==", - "dev": true, - "hasInstallScript": true, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/webpack-bundle-analyzer/node_modules/has-flag": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", - "integrity": "sha1-tdRU3CGZriJWmfNGfloH87lVuv0=", - "dev": true, - "engines": { - "node": ">=4" - } - }, - "node_modules/webpack-bundle-analyzer/node_modules/mkdirp": { - "version": "0.5.5", - "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.5.tgz", - "integrity": "sha512-NKmAlESf6jMGym1++R0Ra7wvhV+wFW63FaSOFPwRahvea0gMUcGUhVeAg/0BC0wiv9ih5NYPB1Wn1UEI1/L+xQ==", - "dev": true, - "dependencies": { - "minimist": "^1.2.5" - }, - "bin": { - "mkdirp": "bin/cmd.js" - } - }, - "node_modules/webpack-bundle-analyzer/node_modules/supports-color": { - "version": "5.5.0", - "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", - "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==", - "dev": true, - "dependencies": { - "has-flag": "^3.0.0" - }, - "engines": { - "node": ">=4" - } + "peer": true }, "node_modules/whatwg-url": { "version": "7.1.0", "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-7.1.0.tgz", "integrity": "sha512-WUu7Rg1DroM7oQvGWfOiAK21n74Gg+T4elXEQYkOhtyLeWiJFoOGLXPKI/9gzIie9CtwVLm8wtw6YJdKyxSjeg==", + "dev": true, + "peer": true, "dependencies": { "lodash.sortby": "^4.7.0", "tr46": "^1.0.1", @@ -18649,6 +14599,7 @@ "version": "1.0.2", "resolved": "https://registry.npmjs.org/which-boxed-primitive/-/which-boxed-primitive-1.0.2.tgz", "integrity": "sha512-bwZdv0AKLpplFY2KZRX6TvyuN7ojjr7lwkg6ml0roIy9YeuSr7JS372qlNW18UQYzgYK9ziGcerWqZOmEn9VNg==", + "dev": true, "dependencies": { "is-bigint": "^1.0.1", "is-boolean-object": "^1.1.0", @@ -18660,6 +14611,13 @@ "url": "https://github.com/sponsors/ljharb" } }, + "node_modules/which-module": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/which-module/-/which-module-2.0.0.tgz", + "integrity": "sha1-2e8H3Od7mQK4o6j6SzHD4/fm6Ho=", + "dev": true, + "peer": true + }, "node_modules/which-pm-runs": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/which-pm-runs/-/which-pm-runs-1.0.0.tgz", @@ -18670,6 +14628,8 @@ "version": "1.1.4", "resolved": "https://registry.npmjs.org/which-typed-array/-/which-typed-array-1.1.4.tgz", "integrity": "sha512-49E0SpUe90cjpoc7BOJwyPHRqSAd12c10Qm2amdEZrJPCY2NDxaW01zHITrem+rnETY3dwrbH3UUrUwagfCYDA==", + "dev": true, + "peer": true, "dependencies": { "available-typed-arrays": "^1.0.2", "call-bind": "^1.0.0", @@ -18686,11 +14646,6 @@ "url": "https://github.com/sponsors/ljharb" } }, - "node_modules/wicg-inert": { - "version": "3.1.1", - "resolved": "https://registry.npmjs.org/wicg-inert/-/wicg-inert-3.1.1.tgz", - "integrity": "sha512-PhBaNh8ur9Xm4Ggy4umelwNIP6pPP1bv3EaWaKqfb/QNme2rdLjm7wIInvV4WhxVHhzA4Spgw9qNSqWtB/ca2A==" - }, "node_modules/word-wrap": { "version": "1.2.3", "resolved": "https://registry.npmjs.org/word-wrap/-/word-wrap-1.2.3.tgz", @@ -18720,7 +14675,8 @@ "node_modules/wrappy": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", - "integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8=" + "integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8=", + "dev": true }, "node_modules/write-file-atomic": { "version": "3.0.3", @@ -18734,27 +14690,42 @@ "typedarray-to-buffer": "^3.1.5" } }, - "node_modules/ws": { - "version": "6.2.2", - "resolved": "https://registry.npmjs.org/ws/-/ws-6.2.2.tgz", - "integrity": "sha512-zmhltoSR8u1cnDsD43TX59mzoMZsLKqUweyYBAIvTngR3shc0W6aOZylZmq/7hqyVxPdi+5Ud2QInblgyE72fw==", + "node_modules/xml-name-validator": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/xml-name-validator/-/xml-name-validator-3.0.0.tgz", + "integrity": "sha512-A5CUptxDsvxKJEU3yO6DuWBSJz/qizqzJKOMIfUJHETbBw/sFaDxgd6fxm1ewUaM0jZ444Fc5vC5ROYurg/4Pw==", "dev": true, - "dependencies": { - "async-limiter": "~1.0.0" - } + "peer": true + }, + "node_modules/xmlchars": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/xmlchars/-/xmlchars-2.2.0.tgz", + "integrity": "sha512-JZnDKK8B0RCDw84FNdDAIpZK+JuJw+s7Lz8nksI7SIuU3UXJJslUthsi+uWBUYOwPFwW7W7PRLRfUKpxjtjFCw==", + "dev": true, + "peer": true }, "node_modules/xtend": { "version": "4.0.2", "resolved": "https://registry.npmjs.org/xtend/-/xtend-4.0.2.tgz", "integrity": "sha512-LKYU1iAXJXUgAXn9URjiu+MWhyUXHsvfp7mcuYm9dSUKK0/CjtrUwFAxD82/mCWbtLsGjFIad0wIsod4zrTAEQ==", + "dev": true, + "peer": true, "engines": { "node": ">=0.4" } }, + "node_modules/y18n": { + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/y18n/-/y18n-4.0.3.tgz", + "integrity": "sha512-JKhqTOwSrqNA1NY5lSztJ1GrBiUodLMmIZuLiDaMRJ+itFd+ABVE8XBjOvIWL+rSqNDC74LCSFmlb/U4UZ4hJQ==", + "dev": true, + "peer": true + }, "node_modules/yallist": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", - "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==" + "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==", + "dev": true }, "node_modules/yaml": { "version": "1.10.2", @@ -18765,6 +14736,29 @@ "node": ">= 6" } }, + "node_modules/yargs": { + "version": "15.4.1", + "resolved": "https://registry.npmjs.org/yargs/-/yargs-15.4.1.tgz", + "integrity": "sha512-aePbxDmcYW++PaqBsJ+HYUFwCdv4LVvdnhBy78E57PIor8/OVvhMrADFFEDh8DHDFRv/O9i3lPhsENjO7QX0+A==", + "dev": true, + "peer": true, + "dependencies": { + "cliui": "^6.0.0", + "decamelize": "^1.2.0", + "find-up": "^4.1.0", + "get-caller-file": "^2.0.1", + "require-directory": "^2.1.1", + "require-main-filename": "^2.0.0", + "set-blocking": "^2.0.0", + "string-width": "^4.2.0", + "which-module": "^2.0.0", + "y18n": "^4.0.0", + "yargs-parser": "^18.1.2" + }, + "engines": { + "node": ">=8" + } + }, "node_modules/yargs-parser": { "version": "20.2.9", "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-20.2.9.tgz", @@ -18774,20 +14768,91 @@ "node": ">=10" } }, - "node_modules/yauzl": { - "version": "2.10.0", - "resolved": "https://registry.npmjs.org/yauzl/-/yauzl-2.10.0.tgz", - "integrity": "sha1-x+sXyT4RLLEIb6bY5R+wZnt5pfk=", + "node_modules/yargs/node_modules/find-up": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", + "integrity": "sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw==", "dev": true, + "peer": true, "dependencies": { - "buffer-crc32": "~0.2.3", - "fd-slicer": "~1.1.0" + "locate-path": "^5.0.0", + "path-exists": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/yargs/node_modules/locate-path": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", + "integrity": "sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g==", + "dev": true, + "peer": true, + "dependencies": { + "p-locate": "^4.1.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/yargs/node_modules/p-limit": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", + "integrity": "sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==", + "dev": true, + "peer": true, + "dependencies": { + "p-try": "^2.0.0" + }, + "engines": { + "node": ">=6" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/yargs/node_modules/p-locate": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", + "integrity": "sha512-R79ZZ/0wAxKGu3oYMlz8jy/kbhsNrS7SKZ7PxEHBgJ5+F2mtFW2fK2cOtBh1cHYkQsbzFV7I+EoRKe6Yt0oK7A==", + "dev": true, + "peer": true, + "dependencies": { + "p-limit": "^2.2.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/yargs/node_modules/p-try": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/p-try/-/p-try-2.2.0.tgz", + "integrity": "sha512-R4nPAVTAU0B9D35/Gk3uJf/7XYbQcyohSKdvAxIRSNghFl4e71hVoGnBNQz9cWaXxO2I10KTC+3jMdvvoKw6dQ==", + "dev": true, + "peer": true, + "engines": { + "node": ">=6" + } + }, + "node_modules/yargs/node_modules/yargs-parser": { + "version": "18.1.3", + "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-18.1.3.tgz", + "integrity": "sha512-o50j0JeToy/4K6OZcaQmW6lyXXKhq7csREXcDwk2omFPJEwUNOVtJKvmDr9EI1fAJZUyZcRF7kxGBWmRXudrCQ==", + "dev": true, + "peer": true, + "dependencies": { + "camelcase": "^5.0.0", + "decamelize": "^1.2.0" + }, + "engines": { + "node": ">=6" } }, "node_modules/yocto-queue": { "version": "0.1.0", "resolved": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz", "integrity": "sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==", + "dev": true, "engines": { "node": ">=10" }, @@ -18799,6 +14864,7 @@ "version": "1.0.5", "resolved": "https://registry.npmjs.org/zwitch/-/zwitch-1.0.5.tgz", "integrity": "sha512-V50KMwwzqJV0NpZIZFwfOD5/lyny3WlSzRiXgA0G7VUnRlqttta1L6UQIHzd6EuBY/cHGfwTIck7w1yH6Q5zUw==", + "dev": true, "funding": { "type": "github", "url": "https://github.com/sponsors/wooorm" @@ -18806,125 +14872,11 @@ } }, "dependencies": { - "@algolia/cache-browser-local-storage": { - "version": "4.10.5", - "resolved": "https://registry.npmjs.org/@algolia/cache-browser-local-storage/-/cache-browser-local-storage-4.10.5.tgz", - "integrity": "sha512-cfX2rEKOtuuljcGI5DMDHClwZHdDqd2nT2Ohsc8aHtBiz6bUxKVyIqxr2gaC6tU8AgPtrTVBzcxCA+UavXpKww==", - "requires": { - "@algolia/cache-common": "4.10.5" - } - }, - "@algolia/cache-common": { - "version": "4.10.5", - "resolved": "https://registry.npmjs.org/@algolia/cache-common/-/cache-common-4.10.5.tgz", - "integrity": "sha512-1mClwdmTHll+OnHkG+yeRoFM17kSxDs4qXkjf6rNZhoZGXDvfYLy3YcZ1FX4Kyz0DJv8aroq5RYGBDsWkHj6Tw==" - }, - "@algolia/cache-in-memory": { - "version": "4.10.5", - "resolved": "https://registry.npmjs.org/@algolia/cache-in-memory/-/cache-in-memory-4.10.5.tgz", - "integrity": "sha512-+ciQnfIGi5wjMk02XhEY8fmy2pzy+oY1nIIfu8LBOglaSipCRAtjk6WhHc7/KIbXPiYzIwuDbM2K1+YOwSGjwA==", - "requires": { - "@algolia/cache-common": "4.10.5" - } - }, - "@algolia/client-account": { - "version": "4.10.5", - "resolved": "https://registry.npmjs.org/@algolia/client-account/-/client-account-4.10.5.tgz", - "integrity": "sha512-I9UkSS2glXm7RBZYZIALjBMmXSQbw/fI/djPcBHxiwXIheNIlqIFl2SNPkvihpPF979BSkzjqdJNRPhE1vku3Q==", - "requires": { - "@algolia/client-common": "4.10.5", - "@algolia/client-search": "4.10.5", - "@algolia/transporter": "4.10.5" - } - }, - "@algolia/client-analytics": { - "version": "4.10.5", - "resolved": "https://registry.npmjs.org/@algolia/client-analytics/-/client-analytics-4.10.5.tgz", - "integrity": "sha512-h2owwJSkovPxzc+xIsjY1pMl0gj+jdVwP9rcnGjlaTY2fqHbSLrR9yvGyyr6305LvTppxsQnfAbRdE/5Z3eFxw==", - "requires": { - "@algolia/client-common": "4.10.5", - "@algolia/client-search": "4.10.5", - "@algolia/requester-common": "4.10.5", - "@algolia/transporter": "4.10.5" - } - }, - "@algolia/client-common": { - "version": "4.10.5", - "resolved": "https://registry.npmjs.org/@algolia/client-common/-/client-common-4.10.5.tgz", - "integrity": "sha512-21FAvIai5qm8DVmZHm2Gp4LssQ/a0nWwMchAx+1hIRj1TX7OcdW6oZDPyZ8asQdvTtK7rStQrRnD8a95SCUnzA==", - "requires": { - "@algolia/requester-common": "4.10.5", - "@algolia/transporter": "4.10.5" - } - }, - "@algolia/client-personalization": { - "version": "4.10.5", - "resolved": "https://registry.npmjs.org/@algolia/client-personalization/-/client-personalization-4.10.5.tgz", - "integrity": "sha512-nH+IyFKBi8tCyzGOanJTbXC5t4dspSovX3+ABfmwKWUYllYzmiQNFUadpb3qo+MLA3jFx5IwBesjneN6dD5o3w==", - "requires": { - "@algolia/client-common": "4.10.5", - "@algolia/requester-common": "4.10.5", - "@algolia/transporter": "4.10.5" - } - }, - "@algolia/client-search": { - "version": "4.10.5", - "resolved": "https://registry.npmjs.org/@algolia/client-search/-/client-search-4.10.5.tgz", - "integrity": "sha512-1eQFMz9uodrc5OM+9HeT+hHcfR1E1AsgFWXwyJ9Q3xejA2c1c4eObGgOgC9ZoshuHHdptaTN1m3rexqAxXRDBg==", - "requires": { - "@algolia/client-common": "4.10.5", - "@algolia/requester-common": "4.10.5", - "@algolia/transporter": "4.10.5" - } - }, - "@algolia/logger-common": { - "version": "4.10.5", - "resolved": "https://registry.npmjs.org/@algolia/logger-common/-/logger-common-4.10.5.tgz", - "integrity": "sha512-gRJo9zt1UYP4k3woEmZm4iuEBIQd/FrArIsjzsL/b+ihNoOqIxZKTSuGFU4UUZOEhvmxDReiA4gzvQXG+TMTmA==" - }, - "@algolia/logger-console": { - "version": "4.10.5", - "resolved": "https://registry.npmjs.org/@algolia/logger-console/-/logger-console-4.10.5.tgz", - "integrity": "sha512-4WfIbn4253EDU12u9UiYvz+QTvAXDv39mKNg9xSoMCjKE5szcQxfcSczw2byc6pYhahOJ9PmxPBfs1doqsdTKQ==", - "requires": { - "@algolia/logger-common": "4.10.5" - } - }, - "@algolia/requester-browser-xhr": { - "version": "4.10.5", - "resolved": "https://registry.npmjs.org/@algolia/requester-browser-xhr/-/requester-browser-xhr-4.10.5.tgz", - "integrity": "sha512-53/MURQEqtK+bGdfq4ITSPwTh5hnADU99qzvpAINGQveUFNSFGERipJxHjTJjIrjFz3vxj5kKwjtxDnU6ygO9g==", - "requires": { - "@algolia/requester-common": "4.10.5" - } - }, - "@algolia/requester-common": { - "version": "4.10.5", - "resolved": "https://registry.npmjs.org/@algolia/requester-common/-/requester-common-4.10.5.tgz", - "integrity": "sha512-UkVa1Oyuj6NPiAEt5ZvrbVopEv1m/mKqjs40KLB+dvfZnNcj+9Fry4Oxnt15HMy/HLORXsx4UwcthAvBuOXE9Q==" - }, - "@algolia/requester-node-http": { - "version": "4.10.5", - "resolved": "https://registry.npmjs.org/@algolia/requester-node-http/-/requester-node-http-4.10.5.tgz", - "integrity": "sha512-aNEKVKXL4fiiC+bS7yJwAHdxln81ieBwY3tsMCtM4zF9f5KwCzY2OtN4WKEZa5AAADVcghSAUdyjs4AcGUlO5w==", - "requires": { - "@algolia/requester-common": "4.10.5" - } - }, - "@algolia/transporter": { - "version": "4.10.5", - "resolved": "https://registry.npmjs.org/@algolia/transporter/-/transporter-4.10.5.tgz", - "integrity": "sha512-F8DLkmIlvCoMwSCZA3FKHtmdjH3o5clbt0pi2ktFStVNpC6ZDmY307HcK619bKP5xW6h8sVJhcvrLB775D2cyA==", - "requires": { - "@algolia/cache-common": "4.10.5", - "@algolia/logger-common": "4.10.5", - "@algolia/requester-common": "4.10.5" - } - }, "@babel/code-frame": { "version": "7.12.13", "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.12.13.tgz", "integrity": "sha512-HV1Cm0Q3ZrpCR93tkWOYiuYIgLxZXZFVG2VgK+MBWjUqZTundupbfx2aXarXuw5Ko5aMcjtJgbSs4vUGBS5v6g==", + "dev": true, "requires": { "@babel/highlight": "^7.12.13" } @@ -18933,6 +14885,7 @@ "version": "7.12.9", "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.12.9.tgz", "integrity": "sha512-gTXYh3M5wb7FRXQy+FErKFAv90BnlOuNn1QkCK2lREoPAjrQCO49+HVSrFoe5uakFAF5eenS75KbO2vQiLrTMQ==", + "dev": true, "requires": { "@babel/code-frame": "^7.10.4", "@babel/generator": "^7.12.5", @@ -18955,7 +14908,8 @@ "semver": { "version": "5.7.1", "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz", - "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==" + "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==", + "dev": true } } }, @@ -18963,6 +14917,7 @@ "version": "7.14.3", "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.14.3.tgz", "integrity": "sha512-bn0S6flG/j0xtQdz3hsjJ624h3W0r3llttBMfyHX3YrZ/KtLYr15bjA0FXkgW7FpvrDuTuElXeVjiKlYRpnOFA==", + "dev": true, "requires": { "@babel/types": "^7.14.2", "jsesc": "^2.5.1", @@ -18973,6 +14928,7 @@ "version": "7.14.2", "resolved": "https://registry.npmjs.org/@babel/helper-function-name/-/helper-function-name-7.14.2.tgz", "integrity": "sha512-NYZlkZRydxw+YT56IlhIcS8PAhb+FEUiOzuhFTfqDyPmzAhRge6ua0dQYT/Uh0t/EDHq05/i+e5M2d4XvjgarQ==", + "dev": true, "requires": { "@babel/helper-get-function-arity": "^7.12.13", "@babel/template": "^7.12.13", @@ -18983,6 +14939,7 @@ "version": "7.12.13", "resolved": "https://registry.npmjs.org/@babel/helper-get-function-arity/-/helper-get-function-arity-7.12.13.tgz", "integrity": "sha512-DjEVzQNz5LICkzN0REdpD5prGoidvbdYk1BVgRUOINaWJP2t6avB27X1guXK1kXNrX0WMfsrm1A/ZBthYuIMQg==", + "dev": true, "requires": { "@babel/types": "^7.12.13" } @@ -18991,6 +14948,7 @@ "version": "7.13.12", "resolved": "https://registry.npmjs.org/@babel/helper-member-expression-to-functions/-/helper-member-expression-to-functions-7.13.12.tgz", "integrity": "sha512-48ql1CLL59aKbU94Y88Xgb2VFy7a95ykGRbJJaaVv+LX5U8wFpLfiGXJJGUozsmA1oEh/o5Bp60Voq7ACyA/Sw==", + "dev": true, "requires": { "@babel/types": "^7.13.12" } @@ -18999,6 +14957,7 @@ "version": "7.13.12", "resolved": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.13.12.tgz", "integrity": "sha512-4cVvR2/1B693IuOvSI20xqqa/+bl7lqAMR59R4iu39R9aOX8/JoYY1sFaNvUMyMBGnHdwvJgUrzNLoUZxXypxA==", + "dev": true, "requires": { "@babel/types": "^7.13.12" } @@ -19007,6 +14966,7 @@ "version": "7.14.2", "resolved": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.14.2.tgz", "integrity": "sha512-OznJUda/soKXv0XhpvzGWDnml4Qnwp16GN+D/kZIdLsWoHj05kyu8Rm5kXmMef+rVJZ0+4pSGLkeixdqNUATDA==", + "dev": true, "requires": { "@babel/helper-module-imports": "^7.13.12", "@babel/helper-replace-supers": "^7.13.12", @@ -19022,6 +14982,7 @@ "version": "7.12.13", "resolved": "https://registry.npmjs.org/@babel/helper-optimise-call-expression/-/helper-optimise-call-expression-7.12.13.tgz", "integrity": "sha512-BdWQhoVJkp6nVjB7nkFWcn43dkprYauqtk++Py2eaf/GRDFm5BxRqEIZCiHlZUGAVmtwKcsVL1dC68WmzeFmiA==", + "dev": true, "requires": { "@babel/types": "^7.12.13" } @@ -19029,12 +14990,15 @@ "@babel/helper-plugin-utils": { "version": "7.14.5", "resolved": "https://registry.npmjs.org/@babel/helper-plugin-utils/-/helper-plugin-utils-7.14.5.tgz", - "integrity": "sha512-/37qQCE3K0vvZKwoK4XU/irIJQdIfCJuhU5eKnNxpFDsOkgFaUAwbv+RYw6eYgsC0E4hS7r5KqGULUogqui0fQ==" + "integrity": "sha512-/37qQCE3K0vvZKwoK4XU/irIJQdIfCJuhU5eKnNxpFDsOkgFaUAwbv+RYw6eYgsC0E4hS7r5KqGULUogqui0fQ==", + "dev": true, + "peer": true }, "@babel/helper-replace-supers": { "version": "7.14.4", "resolved": "https://registry.npmjs.org/@babel/helper-replace-supers/-/helper-replace-supers-7.14.4.tgz", "integrity": "sha512-zZ7uHCWlxfEAAOVDYQpEf/uyi1dmeC7fX4nCf2iz9drnCwi1zvwXL3HwWWNXUQEJ1k23yVn3VbddiI9iJEXaTQ==", + "dev": true, "requires": { "@babel/helper-member-expression-to-functions": "^7.13.12", "@babel/helper-optimise-call-expression": "^7.12.13", @@ -19046,6 +15010,7 @@ "version": "7.13.12", "resolved": "https://registry.npmjs.org/@babel/helper-simple-access/-/helper-simple-access-7.13.12.tgz", "integrity": "sha512-7FEjbrx5SL9cWvXioDbnlYTppcZGuCY6ow3/D5vMggb2Ywgu4dMrpTJX0JdQAIcRRUElOIxF3yEooa9gUb9ZbA==", + "dev": true, "requires": { "@babel/types": "^7.13.12" } @@ -19054,6 +15019,7 @@ "version": "7.12.13", "resolved": "https://registry.npmjs.org/@babel/helper-split-export-declaration/-/helper-split-export-declaration-7.12.13.tgz", "integrity": "sha512-tCJDltF83htUtXx5NLcaDqRmknv652ZWCHyoTETf1CXYJdPC7nohZohjUgieXhv0hTJdRf2FjDueFehdNucpzg==", + "dev": true, "requires": { "@babel/types": "^7.12.13" } @@ -19061,12 +15027,14 @@ "@babel/helper-validator-identifier": { "version": "7.15.7", "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.15.7.tgz", - "integrity": "sha512-K4JvCtQqad9OY2+yTU8w+E82ywk/fe+ELNlt1G8z3bVGlZfn/hOcQQsUhGhW/N+tb3fxK800wLtKOE/aM0m72w==" + "integrity": "sha512-K4JvCtQqad9OY2+yTU8w+E82ywk/fe+ELNlt1G8z3bVGlZfn/hOcQQsUhGhW/N+tb3fxK800wLtKOE/aM0m72w==", + "dev": true }, "@babel/helpers": { "version": "7.14.0", "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.14.0.tgz", "integrity": "sha512-+ufuXprtQ1D1iZTO/K9+EBRn+qPWMJjZSw/S0KlFrxCw4tkrzv9grgpDHkY9MeQTjTY8i2sp7Jep8DfU6tN9Mg==", + "dev": true, "requires": { "@babel/template": "^7.12.13", "@babel/traverse": "^7.14.0", @@ -19077,324 +15045,12 @@ "version": "7.14.0", "resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.14.0.tgz", "integrity": "sha512-YSCOwxvTYEIMSGaBQb5kDDsCopDdiUGsqpatp3fOlI4+2HQSkTmEVWnVuySdAC5EWCqSWWTv0ib63RjR7dTBdg==", + "dev": true, "requires": { "@babel/helper-validator-identifier": "^7.14.0", "chalk": "^2.0.0", "js-tokens": "^4.0.0" }, - "dependencies": { - "ansi-styles": { - "version": "3.2.1", - "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz", - "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==", - "requires": { - "color-convert": "^1.9.0" - } - }, - "chalk": { - "version": "2.4.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz", - "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==", - "requires": { - "ansi-styles": "^3.2.1", - "escape-string-regexp": "^1.0.5", - "supports-color": "^5.3.0" - } - }, - "color-convert": { - "version": "1.9.3", - "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", - "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==", - "requires": { - "color-name": "1.1.3" - } - }, - "color-name": { - "version": "1.1.3", - "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", - "integrity": "sha1-p9BVi9icQveV3UIyj3QIMcpTvCU=" - }, - "has-flag": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", - "integrity": "sha1-tdRU3CGZriJWmfNGfloH87lVuv0=" - }, - "supports-color": { - "version": "5.5.0", - "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", - "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==", - "requires": { - "has-flag": "^3.0.0" - } - } - } - }, - "@babel/parser": { - "version": "7.14.4", - "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.14.4.tgz", - "integrity": "sha512-ArliyUsWDUqEGfWcmzpGUzNfLxTdTp6WU4IuP6QFSp9gGfWS6boxFCkJSJ/L4+RG8z/FnIU3WxCk6hPL9SSWeA==" - }, - "@babel/plugin-proposal-object-rest-spread": { - "version": "7.12.1", - "resolved": "https://registry.npmjs.org/@babel/plugin-proposal-object-rest-spread/-/plugin-proposal-object-rest-spread-7.12.1.tgz", - "integrity": "sha512-s6SowJIjzlhx8o7lsFx5zmY4At6CTtDvgNQDdPzkBQucle58A6b/TTeEBYtyDgmcXjUTM+vE8YOGHZzzbc/ioA==", - "requires": { - "@babel/helper-plugin-utils": "^7.10.4", - "@babel/plugin-syntax-object-rest-spread": "^7.8.0", - "@babel/plugin-transform-parameters": "^7.12.1" - } - }, - "@babel/plugin-syntax-jsx": { - "version": "7.12.1", - "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-jsx/-/plugin-syntax-jsx-7.12.1.tgz", - "integrity": "sha512-1yRi7yAtB0ETgxdY9ti/p2TivUxJkTdhu/ZbF9MshVGqOx1TdB3b7xCXs49Fupgg50N45KcAsRP/ZqWjs9SRjg==", - "requires": { - "@babel/helper-plugin-utils": "^7.10.4" - } - }, - "@babel/plugin-syntax-object-rest-spread": { - "version": "7.8.3", - "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-object-rest-spread/-/plugin-syntax-object-rest-spread-7.8.3.tgz", - "integrity": "sha512-XoqMijGZb9y3y2XskN+P1wUGiVwWZ5JmoDRwx5+3GmEplNyVM2s2Dg8ILFQm8rWM48orGy5YpI5Bl8U1y7ydlA==", - "requires": { - "@babel/helper-plugin-utils": "^7.8.0" - } - }, - "@babel/plugin-transform-parameters": { - "version": "7.14.2", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-parameters/-/plugin-transform-parameters-7.14.2.tgz", - "integrity": "sha512-NxoVmA3APNCC1JdMXkdYXuQS+EMdqy0vIwyDHeKHiJKRxmp1qGSdb0JLEIoPRhkx6H/8Qi3RJ3uqOCYw8giy9A==", - "requires": { - "@babel/helper-plugin-utils": "^7.13.0" - } - }, - "@babel/runtime": { - "version": "7.15.3", - "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.15.3.tgz", - "integrity": "sha512-OvwMLqNXkCXSz1kSm58sEsNuhqOx/fKpnUnKnFB5v8uDda5bLNEHNgKPvhDN6IU0LDcnHQ90LlJ0Q6jnyBSIBA==", - "requires": { - "regenerator-runtime": "^0.13.4" - } - }, - "@babel/runtime-corejs3": { - "version": "7.14.8", - "resolved": "https://registry.npmjs.org/@babel/runtime-corejs3/-/runtime-corejs3-7.14.8.tgz", - "integrity": "sha512-4dMD5QRBkumn45oweR0SxoNtt15oz3BUBAQ8cIx7HJqZTtE8zjpM0My8aHJHVnyf4XfRg6DNzaE1080WLBiC1w==", - "dev": true, - "requires": { - "core-js-pure": "^3.15.0", - "regenerator-runtime": "^0.13.4" - } - }, - "@babel/template": { - "version": "7.12.13", - "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.12.13.tgz", - "integrity": "sha512-/7xxiGA57xMo/P2GVvdEumr8ONhFOhfgq2ihK3h1e6THqzTAkHbkXgB0xI9yeTfIUoH3+oAeHhqm/I43OTbbjA==", - "requires": { - "@babel/code-frame": "^7.12.13", - "@babel/parser": "^7.12.13", - "@babel/types": "^7.12.13" - } - }, - "@babel/traverse": { - "version": "7.14.2", - "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.14.2.tgz", - "integrity": "sha512-TsdRgvBFHMyHOOzcP9S6QU0QQtjxlRpEYOy3mcCO5RgmC305ki42aSAmfZEMSSYBla2oZ9BMqYlncBaKmD/7iA==", - "requires": { - "@babel/code-frame": "^7.12.13", - "@babel/generator": "^7.14.2", - "@babel/helper-function-name": "^7.14.2", - "@babel/helper-split-export-declaration": "^7.12.13", - "@babel/parser": "^7.14.2", - "@babel/types": "^7.14.2", - "debug": "^4.1.0", - "globals": "^11.1.0" - } - }, - "@babel/types": { - "version": "7.15.0", - "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.15.0.tgz", - "integrity": "sha512-OBvfqnllOIdX4ojTHpwZbpvz4j3EWyjkZEdmjH0/cgsd6QOdSgU8rLSk6ard/pcW7rlmjdVSX/AWOaORR1uNOQ==", - "requires": { - "@babel/helper-validator-identifier": "^7.14.9", - "to-fast-properties": "^2.0.0" - } - }, - "@bugsnag/browser": { - "version": "7.10.5", - "resolved": "https://registry.npmjs.org/@bugsnag/browser/-/browser-7.10.5.tgz", - "integrity": "sha512-LxzQ0g8kbVq2YAoZkLM58pzNGqKWV/JxVTBCudHQVp92Wm9Wl7aFVMNPzUWCjp9T9XrNl3h9lrs6Bb127SomyA==", - "requires": { - "@bugsnag/core": "^7.10.0" - } - }, - "@bugsnag/core": { - "version": "7.10.0", - "resolved": "https://registry.npmjs.org/@bugsnag/core/-/core-7.10.0.tgz", - "integrity": "sha512-sDa2nDxwsxHQx2/2/tsBWjYqH0TewCR8N/r5at6B+irwVkI0uts7Qc2JyqDTfiEiBXKVEXFK+fHTz1x9b8tsiA==", - "requires": { - "@bugsnag/cuid": "^3.0.0", - "@bugsnag/safe-json-stringify": "^6.0.0", - "error-stack-parser": "^2.0.3", - "iserror": "0.0.2", - "stack-generator": "^2.0.3" - } - }, - "@bugsnag/cuid": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/@bugsnag/cuid/-/cuid-3.0.0.tgz", - "integrity": "sha512-LOt8aaBI+KvOQGneBtpuCz3YqzyEAehd1f3nC5yr9TIYW1+IzYKa2xWS4EiMz5pPOnRPHkyyS5t/wmSmN51Gjg==" - }, - "@bugsnag/js": { - "version": "7.5.4", - "resolved": "https://registry.npmjs.org/@bugsnag/js/-/js-7.5.4.tgz", - "integrity": "sha512-V1+482YPndAD0c0ju7Ik1dXunyKAssZWUIqOMs7Ff3PtZb1107sJ4Hw1E7ZusQvvI/IjA6FO3ZJkmzjIJjQ+UA==", - "requires": { - "@bugsnag/browser": "^7.5.4", - "@bugsnag/node": "^7.5.4" - } - }, - "@bugsnag/node": { - "version": "7.10.1", - "resolved": "https://registry.npmjs.org/@bugsnag/node/-/node-7.10.1.tgz", - "integrity": "sha512-kpasrz/im5ljptt2JOqrjbOu4b0i5sAZOYU4L0psWXlD31/wXytk7im11QlNALdI8gZZBxIFsVo8ks6dR6mHzg==", - "requires": { - "@bugsnag/core": "^7.10.0", - "byline": "^5.0.0", - "error-stack-parser": "^2.0.2", - "iserror": "^0.0.2", - "pump": "^3.0.0", - "stack-generator": "^2.0.3" - } - }, - "@bugsnag/plugin-react": { - "version": "7.5.4", - "resolved": "https://registry.npmjs.org/@bugsnag/plugin-react/-/plugin-react-7.5.4.tgz", - "integrity": "sha512-UFNCae2BbvvetIegAy+h45jlmtQ8k+ZnhpM0wnG4EPzDeZA1AFM+LzqRMWF7GrRRLb8H3W8PoswUN9M1Vr6eog==", - "requires": {} - }, - "@bugsnag/safe-json-stringify": { - "version": "6.0.0", - "resolved": "https://registry.npmjs.org/@bugsnag/safe-json-stringify/-/safe-json-stringify-6.0.0.tgz", - "integrity": "sha512-htzFO1Zc57S8kgdRK9mLcPVTW1BY2ijfH7Dk2CeZmspTWKdKqSo1iwmqrq2WtRjFlo8aRZYgLX0wFrDXF/9DLA==" - }, - "@csstools/normalize.css": { - "version": "12.0.0", - "resolved": "https://registry.npmjs.org/@csstools/normalize.css/-/normalize.css-12.0.0.tgz", - "integrity": "sha512-M0qqxAcwCsIVfpFQSlGN5XjXWu8l5JDZN+fPt1LeW5SZexQTgnaEvgXAY+CeygRw0EeppWHi12JxESWiWrB0Sg==", - "dev": true - }, - "@emotion/is-prop-valid": { - "version": "0.8.8", - "resolved": "https://registry.npmjs.org/@emotion/is-prop-valid/-/is-prop-valid-0.8.8.tgz", - "integrity": "sha512-u5WtneEAr5IDG2Wv65yhunPSMLIpuKsbuOktRojfrEiEvRyC85LgPMZI63cr7NUqT8ZIGdSVg8ZKGxIug4lXcA==", - "optional": true, - "requires": { - "@emotion/memoize": "0.7.4" - } - }, - "@emotion/memoize": { - "version": "0.7.4", - "resolved": "https://registry.npmjs.org/@emotion/memoize/-/memoize-0.7.4.tgz", - "integrity": "sha512-Ja/Vfqe3HpuzRsG1oBtWTHk2PGZ7GR+2Vz5iYGelAw8dx32K0y7PjVuxK6z1nMpZOqAFsRUPCkK1YjJ56qJlgw==", - "optional": true - }, - "@eslint/eslintrc": { - "version": "0.4.3", - "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-0.4.3.tgz", - "integrity": "sha512-J6KFFz5QCYUJq3pf0mjEcCJVERbzv71PUIDczuh9JkwGEzced6CO5ADLHB1rbf/+oPBtoPfMYNOpGDzCANlbXw==", - "dev": true, - "requires": { - "ajv": "^6.12.4", - "debug": "^4.1.1", - "espree": "^7.3.0", - "globals": "^13.9.0", - "ignore": "^4.0.6", - "import-fresh": "^3.2.1", - "js-yaml": "^3.13.1", - "minimatch": "^3.0.4", - "strip-json-comments": "^3.1.1" - }, - "dependencies": { - "globals": { - "version": "13.11.0", - "resolved": "https://registry.npmjs.org/globals/-/globals-13.11.0.tgz", - "integrity": "sha512-08/xrJ7wQjK9kkkRoI3OFUBbLx4f+6x3SGwcPvQ0QH6goFDrOU2oyAWrmh3dJezu65buo+HBMzAMQy6rovVC3g==", - "dev": true, - "requires": { - "type-fest": "^0.20.2" - } - }, - "ignore": { - "version": "4.0.6", - "resolved": "https://registry.npmjs.org/ignore/-/ignore-4.0.6.tgz", - "integrity": "sha512-cyFDKrqc/YdcWFniJhzI42+AzS+gNwmUzOSFcRCQYwySuBBBy/KjuxWLZ/FHEH6Moq1NizMOBWyTcv8O4OZIMg==", - "dev": true - }, - "type-fest": { - "version": "0.20.2", - "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.20.2.tgz", - "integrity": "sha512-Ne+eE4r0/iWnpAxD852z3A+N0Bt5RN//NjJwRd2VFHEmrywxf5vsZlh4R6lixl6B+wz/8d+maTSAkN1FIkI3LQ==", - "dev": true - } - } - }, - "@hapi/accept": { - "version": "5.0.2", - "resolved": "https://registry.npmjs.org/@hapi/accept/-/accept-5.0.2.tgz", - "integrity": "sha512-CmzBx/bXUR8451fnZRuZAJRlzgm0Jgu5dltTX/bszmR2lheb9BpyN47Q1RbaGTsvFzn0PXAEs+lXDKfshccYZw==", - "requires": { - "@hapi/boom": "9.x.x", - "@hapi/hoek": "9.x.x" - } - }, - "@hapi/boom": { - "version": "9.1.3", - "resolved": "https://registry.npmjs.org/@hapi/boom/-/boom-9.1.3.tgz", - "integrity": "sha512-RlrGyZ603hE/eRTZtTltocRm50HHmrmL3kGOP0SQ9MasazlW1mt/fkv4C5P/6rnpFXjwld/POFX1C8tMZE3ldg==", - "requires": { - "@hapi/hoek": "9.x.x" - } - }, - "@hapi/hoek": { - "version": "9.2.0", - "resolved": "https://registry.npmjs.org/@hapi/hoek/-/hoek-9.2.0.tgz", - "integrity": "sha512-sqKVVVOe5ivCaXDWivIJYVSaEgdQK9ul7a4Kity5Iw7u9+wBAPbX1RMSnLLmp7O4Vzj0WOWwMAJsTL00xwaNug==" - }, - "@hashicorp/flight-icons": { - "version": "1.3.0", - "resolved": "https://registry.npmjs.org/@hashicorp/flight-icons/-/flight-icons-1.3.0.tgz", - "integrity": "sha512-m4GkuYocXv54cBc+7sCkD+xorSxGPYovACpk8/A8I9rCFwdkX3WSZM8osT2/ws4IkCfeNYoxB1dz6a2SRhRfDg==" - }, - "@hashicorp/js-utils": { - "version": "1.0.10", - "resolved": "https://registry.npmjs.org/@hashicorp/js-utils/-/js-utils-1.0.10.tgz", - "integrity": "sha512-59AS4kK3EURCTU9ibJmk8MVT8i3qc5tEHv985dxECZrWTL4+3kKr45u/13OPpcRlpUSIKeWEsN9FL1f5/ztHww==" - }, - "@hashicorp/mktg-global-styles": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/@hashicorp/mktg-global-styles/-/mktg-global-styles-4.0.0.tgz", - "integrity": "sha512-5B0/AUCtqTeGoDR9a5FmkRAC5ubBSN2DQEtDHFy7eOSxXqETRfvMRjHa4Gfv1shfb0PNMufDWKfaDalhuHJ+jA==" - }, - "@hashicorp/mktg-logos": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/@hashicorp/mktg-logos/-/mktg-logos-1.2.0.tgz", - "integrity": "sha512-bGPaj1FhidA4NFF0C/KpIPwQL4QXJzvOB4uTdBX9g8zTg9V2Kf2MZBC2lt+TL8Xem4k8qmBaa36w8x6+fmbdRw==" - }, - "@hashicorp/next-optimized-images": { - "version": "0.1.0", - "resolved": "https://registry.npmjs.org/@hashicorp/next-optimized-images/-/next-optimized-images-0.1.0.tgz", - "integrity": "sha512-fsjGIrpGZozjKUVrEqVfKYpzQvLkYzV+PnybKnAH7gyEX8xZDZXyM7T710ZAkmNaa9KgszvOQ0o21Z6ukfw3UQ==", - "dev": true, - "requires": { - "chalk": "^2.4.2", - "figures": "^3.0.0", - "file-loader": "^3.0.1", - "imagemin": "^6.1.0", - "img-loader": "^3.0.1", - "raw-loader": "^2.0.0", - "url-loader": "^1.1.2" - }, "dependencies": { "ansi-styles": { "version": "3.2.1", @@ -19448,14 +15104,274 @@ } } }, - "@hashicorp/platform-analytics": { - "version": "0.2.0", - "resolved": "https://registry.npmjs.org/@hashicorp/platform-analytics/-/platform-analytics-0.2.0.tgz", - "integrity": "sha512-4Pmb4Fy/2eDCZPFu/O4wKK2L5VIqwsXfDPDGX3eA4Dk67ytZ//SXuW9oFtG97ACyW/p1i72EmwoqcrR6usDwtg==", + "@babel/parser": { + "version": "7.17.9", + "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.17.9.tgz", + "integrity": "sha512-vqUSBLP8dQHFPdPi9bc5GK9vRkYHJ49fsZdtoJ8EQ8ibpwk5rPKfvNIwChB0KVXcIjcepEBBd2VHC5r9Gy8ueg==", + "dev": true + }, + "@babel/plugin-syntax-async-generators": { + "version": "7.8.4", + "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-async-generators/-/plugin-syntax-async-generators-7.8.4.tgz", + "integrity": "sha512-tycmZxkGfZaxhMRbXlPXuVFpdWlXpir2W4AMhSJgRKzk/eDlIXOhb2LHWoLpDF7TEHylV5zNhykX6KAgHJmTNw==", + "dev": true, + "peer": true, "requires": { - "fathom-client": "^3.2.0" + "@babel/helper-plugin-utils": "^7.8.0" } }, + "@babel/plugin-syntax-bigint": { + "version": "7.8.3", + "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-bigint/-/plugin-syntax-bigint-7.8.3.tgz", + "integrity": "sha512-wnTnFlG+YxQm3vDxpGE57Pj0srRU4sHE/mDkt1qv2YJJSeUAec2ma4WLUnUPeKjyrfntVwe/N6dCXpU+zL3Npg==", + "dev": true, + "peer": true, + "requires": { + "@babel/helper-plugin-utils": "^7.8.0" + } + }, + "@babel/plugin-syntax-class-properties": { + "version": "7.12.13", + "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-class-properties/-/plugin-syntax-class-properties-7.12.13.tgz", + "integrity": "sha512-fm4idjKla0YahUNgFNLCB0qySdsoPiZP3iQE3rky0mBUtMZ23yDJ9SJdg6dXTSDnulOVqiF3Hgr9nbXvXTQZYA==", + "dev": true, + "peer": true, + "requires": { + "@babel/helper-plugin-utils": "^7.12.13" + } + }, + "@babel/plugin-syntax-import-meta": { + "version": "7.10.4", + "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-import-meta/-/plugin-syntax-import-meta-7.10.4.tgz", + "integrity": "sha512-Yqfm+XDx0+Prh3VSeEQCPU81yC+JWZ2pDPFSS4ZdpfZhp4MkFMaDC1UqseovEKwSUpnIL7+vK+Clp7bfh0iD7g==", + "dev": true, + "peer": true, + "requires": { + "@babel/helper-plugin-utils": "^7.10.4" + } + }, + "@babel/plugin-syntax-json-strings": { + "version": "7.8.3", + "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-json-strings/-/plugin-syntax-json-strings-7.8.3.tgz", + "integrity": "sha512-lY6kdGpWHvjoe2vk4WrAapEuBR69EMxZl+RoGRhrFGNYVK8mOPAW8VfbT/ZgrFbXlDNiiaxQnAtgVCZ6jv30EA==", + "dev": true, + "peer": true, + "requires": { + "@babel/helper-plugin-utils": "^7.8.0" + } + }, + "@babel/plugin-syntax-logical-assignment-operators": { + "version": "7.10.4", + "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-logical-assignment-operators/-/plugin-syntax-logical-assignment-operators-7.10.4.tgz", + "integrity": "sha512-d8waShlpFDinQ5MtvGU9xDAOzKH47+FFoney2baFIoMr952hKOLp1HR7VszoZvOsV/4+RRszNY7D17ba0te0ig==", + "dev": true, + "peer": true, + "requires": { + "@babel/helper-plugin-utils": "^7.10.4" + } + }, + "@babel/plugin-syntax-nullish-coalescing-operator": { + "version": "7.8.3", + "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-nullish-coalescing-operator/-/plugin-syntax-nullish-coalescing-operator-7.8.3.tgz", + "integrity": "sha512-aSff4zPII1u2QD7y+F8oDsz19ew4IGEJg9SVW+bqwpwtfFleiQDMdzA/R+UlWDzfnHFCxxleFT0PMIrR36XLNQ==", + "dev": true, + "peer": true, + "requires": { + "@babel/helper-plugin-utils": "^7.8.0" + } + }, + "@babel/plugin-syntax-numeric-separator": { + "version": "7.10.4", + "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-numeric-separator/-/plugin-syntax-numeric-separator-7.10.4.tgz", + "integrity": "sha512-9H6YdfkcK/uOnY/K7/aA2xpzaAgkQn37yzWUMRK7OaPOqOpGS1+n0H5hxT9AUw9EsSjPW8SVyMJwYRtWs3X3ug==", + "dev": true, + "peer": true, + "requires": { + "@babel/helper-plugin-utils": "^7.10.4" + } + }, + "@babel/plugin-syntax-object-rest-spread": { + "version": "7.8.3", + "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-object-rest-spread/-/plugin-syntax-object-rest-spread-7.8.3.tgz", + "integrity": "sha512-XoqMijGZb9y3y2XskN+P1wUGiVwWZ5JmoDRwx5+3GmEplNyVM2s2Dg8ILFQm8rWM48orGy5YpI5Bl8U1y7ydlA==", + "dev": true, + "peer": true, + "requires": { + "@babel/helper-plugin-utils": "^7.8.0" + } + }, + "@babel/plugin-syntax-optional-catch-binding": { + "version": "7.8.3", + "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-optional-catch-binding/-/plugin-syntax-optional-catch-binding-7.8.3.tgz", + "integrity": "sha512-6VPD0Pc1lpTqw0aKoeRTMiB+kWhAoT24PA+ksWSBrFtl5SIRVpZlwN3NNPQjehA2E/91FV3RjLWoVTglWcSV3Q==", + "dev": true, + "peer": true, + "requires": { + "@babel/helper-plugin-utils": "^7.8.0" + } + }, + "@babel/plugin-syntax-optional-chaining": { + "version": "7.8.3", + "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-optional-chaining/-/plugin-syntax-optional-chaining-7.8.3.tgz", + "integrity": "sha512-KoK9ErH1MBlCPxV0VANkXW2/dw4vlbGDrFgz8bmUsBGYkFRcbRwMh6cIJubdPrkxRwuGdtCk0v/wPTKbQgBjkg==", + "dev": true, + "peer": true, + "requires": { + "@babel/helper-plugin-utils": "^7.8.0" + } + }, + "@babel/plugin-syntax-top-level-await": { + "version": "7.14.5", + "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-top-level-await/-/plugin-syntax-top-level-await-7.14.5.tgz", + "integrity": "sha512-hx++upLv5U1rgYfwe1xBQUhRmU41NEvpUvrp8jkrSCdvGSnM5/qdRMtylJ6PG5OFkBaHkbTAKTnd3/YyESRHFw==", + "dev": true, + "peer": true, + "requires": { + "@babel/helper-plugin-utils": "^7.14.5" + } + }, + "@babel/runtime": { + "version": "7.15.3", + "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.15.3.tgz", + "integrity": "sha512-OvwMLqNXkCXSz1kSm58sEsNuhqOx/fKpnUnKnFB5v8uDda5bLNEHNgKPvhDN6IU0LDcnHQ90LlJ0Q6jnyBSIBA==", + "dev": true, + "requires": { + "regenerator-runtime": "^0.13.4" + } + }, + "@babel/runtime-corejs3": { + "version": "7.14.8", + "resolved": "https://registry.npmjs.org/@babel/runtime-corejs3/-/runtime-corejs3-7.14.8.tgz", + "integrity": "sha512-4dMD5QRBkumn45oweR0SxoNtt15oz3BUBAQ8cIx7HJqZTtE8zjpM0My8aHJHVnyf4XfRg6DNzaE1080WLBiC1w==", + "dev": true, + "requires": { + "core-js-pure": "^3.15.0", + "regenerator-runtime": "^0.13.4" + } + }, + "@babel/template": { + "version": "7.12.13", + "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.12.13.tgz", + "integrity": "sha512-/7xxiGA57xMo/P2GVvdEumr8ONhFOhfgq2ihK3h1e6THqzTAkHbkXgB0xI9yeTfIUoH3+oAeHhqm/I43OTbbjA==", + "dev": true, + "requires": { + "@babel/code-frame": "^7.12.13", + "@babel/parser": "^7.12.13", + "@babel/types": "^7.12.13" + } + }, + "@babel/traverse": { + "version": "7.14.2", + "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.14.2.tgz", + "integrity": "sha512-TsdRgvBFHMyHOOzcP9S6QU0QQtjxlRpEYOy3mcCO5RgmC305ki42aSAmfZEMSSYBla2oZ9BMqYlncBaKmD/7iA==", + "dev": true, + "requires": { + "@babel/code-frame": "^7.12.13", + "@babel/generator": "^7.14.2", + "@babel/helper-function-name": "^7.14.2", + "@babel/helper-split-export-declaration": "^7.12.13", + "@babel/parser": "^7.14.2", + "@babel/types": "^7.14.2", + "debug": "^4.1.0", + "globals": "^11.1.0" + } + }, + "@babel/types": { + "version": "7.15.0", + "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.15.0.tgz", + "integrity": "sha512-OBvfqnllOIdX4ojTHpwZbpvz4j3EWyjkZEdmjH0/cgsd6QOdSgU8rLSk6ard/pcW7rlmjdVSX/AWOaORR1uNOQ==", + "dev": true, + "requires": { + "@babel/helper-validator-identifier": "^7.14.9", + "to-fast-properties": "^2.0.0" + } + }, + "@bcoe/v8-coverage": { + "version": "0.2.3", + "resolved": "https://registry.npmjs.org/@bcoe/v8-coverage/-/v8-coverage-0.2.3.tgz", + "integrity": "sha512-0hYQ8SB4Db5zvZB4axdMHGwEaQjkZzFjQiN9LVYvIFB2nSUHW9tYpxWriPrWDASIxiaXax83REcLxuSdnGPZtw==", + "dev": true, + "peer": true + }, + "@cnakazawa/watch": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/@cnakazawa/watch/-/watch-1.0.4.tgz", + "integrity": "sha512-v9kIhKwjeZThiWrLmj0y17CWoyddASLj9O2yvbZkbvw/N3rWOYy9zkV66ursAoVr0mV15bL8g0c4QZUE6cdDoQ==", + "dev": true, + "peer": true, + "requires": { + "exec-sh": "^0.3.2", + "minimist": "^1.2.0" + } + }, + "@eslint/eslintrc": { + "version": "0.4.3", + "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-0.4.3.tgz", + "integrity": "sha512-J6KFFz5QCYUJq3pf0mjEcCJVERbzv71PUIDczuh9JkwGEzced6CO5ADLHB1rbf/+oPBtoPfMYNOpGDzCANlbXw==", + "dev": true, + "requires": { + "ajv": "^6.12.4", + "debug": "^4.1.1", + "espree": "^7.3.0", + "globals": "^13.9.0", + "ignore": "^4.0.6", + "import-fresh": "^3.2.1", + "js-yaml": "^3.13.1", + "minimatch": "^3.0.4", + "strip-json-comments": "^3.1.1" + }, + "dependencies": { + "globals": { + "version": "13.11.0", + "resolved": "https://registry.npmjs.org/globals/-/globals-13.11.0.tgz", + "integrity": "sha512-08/xrJ7wQjK9kkkRoI3OFUBbLx4f+6x3SGwcPvQ0QH6goFDrOU2oyAWrmh3dJezu65buo+HBMzAMQy6rovVC3g==", + "dev": true, + "requires": { + "type-fest": "^0.20.2" + } + }, + "ignore": { + "version": "4.0.6", + "resolved": "https://registry.npmjs.org/ignore/-/ignore-4.0.6.tgz", + "integrity": "sha512-cyFDKrqc/YdcWFniJhzI42+AzS+gNwmUzOSFcRCQYwySuBBBy/KjuxWLZ/FHEH6Moq1NizMOBWyTcv8O4OZIMg==", + "dev": true + }, + "type-fest": { + "version": "0.20.2", + "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.20.2.tgz", + "integrity": "sha512-Ne+eE4r0/iWnpAxD852z3A+N0Bt5RN//NjJwRd2VFHEmrywxf5vsZlh4R6lixl6B+wz/8d+maTSAkN1FIkI3LQ==", + "dev": true + } + } + }, + "@hapi/accept": { + "version": "5.0.2", + "resolved": "https://registry.npmjs.org/@hapi/accept/-/accept-5.0.2.tgz", + "integrity": "sha512-CmzBx/bXUR8451fnZRuZAJRlzgm0Jgu5dltTX/bszmR2lheb9BpyN47Q1RbaGTsvFzn0PXAEs+lXDKfshccYZw==", + "dev": true, + "peer": true, + "requires": { + "@hapi/boom": "9.x.x", + "@hapi/hoek": "9.x.x" + } + }, + "@hapi/boom": { + "version": "9.1.3", + "resolved": "https://registry.npmjs.org/@hapi/boom/-/boom-9.1.3.tgz", + "integrity": "sha512-RlrGyZ603hE/eRTZtTltocRm50HHmrmL3kGOP0SQ9MasazlW1mt/fkv4C5P/6rnpFXjwld/POFX1C8tMZE3ldg==", + "dev": true, + "peer": true, + "requires": { + "@hapi/hoek": "9.x.x" + } + }, + "@hapi/hoek": { + "version": "9.2.0", + "resolved": "https://registry.npmjs.org/@hapi/hoek/-/hoek-9.2.0.tgz", + "integrity": "sha512-sqKVVVOe5ivCaXDWivIJYVSaEgdQK9ul7a4Kity5Iw7u9+wBAPbX1RMSnLLmp7O4Vzj0WOWwMAJsTL00xwaNug==", + "dev": true, + "peer": true + }, "@hashicorp/platform-cli": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/@hashicorp/platform-cli/-/platform-cli-1.2.0.tgz", @@ -19498,880 +15414,314 @@ "version": "0.3.0", "resolved": "https://registry.npmjs.org/@hashicorp/platform-cms/-/platform-cms-0.3.0.tgz", "integrity": "sha512-sRX9A+kDEZvfZy8PvGFbEaHjn5G1mEsHwTri1vDnrmKG8apE+ELlug83b0iEkD5wIJi9OqaewMIb0NrLxg9s5A==", + "dev": true, "requires": { "rivet-graphql": "0.3.1" } }, - "@hashicorp/platform-code-highlighting": { - "version": "0.1.2", - "resolved": "https://registry.npmjs.org/@hashicorp/platform-code-highlighting/-/platform-code-highlighting-0.1.2.tgz", - "integrity": "sha512-87+BwqKW2kY3TjYj5sgcJMHwjFD2xYhQKcMfbzdyDPC4xJLhg5T7/4tXK5SM/G8stpomlt349CIWL0s+jWk2rw==", - "requires": { - "@mapbox/rehype-prism": "0.5.0", - "rehype-parse": "7.0.1", - "rehype-stringify": "8.0.0", - "unified": "9.2.0", - "unist-util-visit": "2.0.3" - } - }, - "@hashicorp/platform-docs-mdx": { - "version": "0.1.3", - "resolved": "https://registry.npmjs.org/@hashicorp/platform-docs-mdx/-/platform-docs-mdx-0.1.3.tgz", - "integrity": "sha512-NPVvn3s/JuFfebvymJ9JkOd6CHKfCVISz/QenmPgPim1nzJfe3uXKFeqolYdfMb8k1++XpX7KM70nJMVDyQLpw==", - "requires": { - "@hashicorp/react-code-block": "^4.1.0", - "@hashicorp/react-enterprise-alert": "^6.0.1", - "@hashicorp/react-tabs": "^7.0.1", - "@mdx-js/react": "1.6.22" - } - }, - "@hashicorp/platform-markdown-utils": { - "version": "0.1.3", - "resolved": "https://registry.npmjs.org/@hashicorp/platform-markdown-utils/-/platform-markdown-utils-0.1.3.tgz", - "integrity": "sha512-WIVCYljXQAhT+wFb8EtN3AEkgFDcbXMEvF4XkBg8OE/UWlrKWUNICjhrwTN68Q4Vl11ChX/ifH803DmLcSninA==", - "requires": { - "@hashicorp/platform-types": "^0.1.0", - "@hashicorp/remark-plugins": "^3.2.0", - "@mapbox/rehype-prism": "^0.6.0", - "@mdx-js/react": "1.6.22", - "rehype-katex": "^5.0.0", - "remark-math": "^4.0.0", - "remark-rehype": "^7.0.0" - }, - "dependencies": { - "@mapbox/rehype-prism": { - "version": "0.6.0", - "resolved": "https://registry.npmjs.org/@mapbox/rehype-prism/-/rehype-prism-0.6.0.tgz", - "integrity": "sha512-/0Ev/PB4fXdKPT6VDzVpnAPxGpWFIc4Yz3mf/DzLEMxlpIPZpZlCzaFk4V4NGFofQXPc41+GpEcZtWP3VuFWVA==", - "requires": { - "hast-util-to-string": "^1.0.4", - "refractor": "^3.3.1", - "unist-util-visit": "^2.0.3" - } - }, - "commander": { - "version": "6.2.1", - "resolved": "https://registry.npmjs.org/commander/-/commander-6.2.1.tgz", - "integrity": "sha512-U7VdrJFnJgo4xjrHpTzu0yrHPGImdsmD95ZlgYSEajAn2JKzDhDTPG9kBTefmObL2w/ngeZnilk+OV9CG3d7UA==" - }, - "katex": { - "version": "0.13.13", - "resolved": "https://registry.npmjs.org/katex/-/katex-0.13.13.tgz", - "integrity": "sha512-cCMcil4jwMm7behpXGiQfXJA29sko/Gd/26iCsr53Dv5Jn2iHbHyEb14dm9uVrIijUXx6Zz1WhlFhHE6DckvkQ==", - "requires": { - "commander": "^6.0.0" - } - }, - "mdast-util-definitions": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/mdast-util-definitions/-/mdast-util-definitions-3.0.1.tgz", - "integrity": "sha512-BAv2iUm/e6IK/b2/t+Fx69EL/AGcq/IG2S+HxHjDJGfLJtd6i9SZUS76aC9cig+IEucsqxKTR0ot3m933R3iuA==", - "requires": { - "unist-util-visit": "^2.0.0" - } - }, - "mdast-util-to-hast": { - "version": "9.1.2", - "resolved": "https://registry.npmjs.org/mdast-util-to-hast/-/mdast-util-to-hast-9.1.2.tgz", - "integrity": "sha512-OpkFLBC2VnNAb2FNKcKWu9FMbJhQKog+FCT8nuKmQNIKXyT1n3SIskE7uWDep6x+cA20QXlK5AETHQtYmQmxtQ==", - "requires": { - "@types/mdast": "^3.0.0", - "@types/unist": "^2.0.0", - "mdast-util-definitions": "^3.0.0", - "mdurl": "^1.0.0", - "unist-builder": "^2.0.0", - "unist-util-generated": "^1.0.0", - "unist-util-position": "^3.0.0", - "unist-util-visit": "^2.0.0" - } - }, - "rehype-katex": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/rehype-katex/-/rehype-katex-5.0.0.tgz", - "integrity": "sha512-ksSuEKCql/IiIadOHiKRMjypva9BLhuwQNascMqaoGLDVd0k2NlE2wMvgZ3rpItzRKCd6vs8s7MFbb8pcR0AEg==", - "requires": { - "@types/katex": "^0.11.0", - "hast-util-to-text": "^2.0.0", - "katex": "^0.13.0", - "rehype-parse": "^7.0.0", - "unified": "^9.0.0", - "unist-util-visit": "^2.0.0" - } - }, - "remark-rehype": { - "version": "7.0.0", - "resolved": "https://registry.npmjs.org/remark-rehype/-/remark-rehype-7.0.0.tgz", - "integrity": "sha512-uqQ/VbaTdxyu/da6npHAso6hA00cMqhA3a59RziQdOLN2KEIkPykAVy52IcmZEVTuauXO0VtpxkyCey4phtHzQ==", - "requires": { - "mdast-util-to-hast": "^9.1.0" - } - } - } - }, - "@hashicorp/platform-nextjs-plugin": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/@hashicorp/platform-nextjs-plugin/-/platform-nextjs-plugin-1.0.1.tgz", - "integrity": "sha512-gT26wGylFuAUuMHuQ57PRrrL414xWsqaVUfrvlcQcrOXUF9YsUjNnVAWo+JLoo9y37vpdOMhdEPWrwPxXoeItw==", + "@istanbuljs/load-nyc-config": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/@istanbuljs/load-nyc-config/-/load-nyc-config-1.1.0.tgz", + "integrity": "sha512-VjeHSlIzpv/NyD3N0YuHfXOPDIixcA1q2ZV98wsMqcYlPmv2n3Yb2lYP9XMElnaFVXg5A7YLTeLu6V84uQDjmQ==", "dev": true, + "peer": true, "requires": { - "@hashicorp/next-optimized-images": "0.1.0", - "@next/bundle-analyzer": "10.0.3", - "imagemin-mozjpeg": "9.0.0", - "imagemin-optipng": "8.0.0", - "imagemin-svgo": "8.0.0", - "next-transpile-modules": "^8.0.0", - "postcss-normalize": "10.0.1" - } - }, - "@hashicorp/platform-product-meta": { - "version": "0.1.0", - "resolved": "https://registry.npmjs.org/@hashicorp/platform-product-meta/-/platform-product-meta-0.1.0.tgz", - "integrity": "sha512-UXAiYENDP8I0mD9+LNMyaCksUPthPRkxAIzg12SbERgx5kAjEaBCzYRHKXibL1dZpVQiRfs0i/0ieSw0mP2y+Q==", - "requires": { - "@hashicorp/platform-util": "^0.1.0" - } - }, - "@hashicorp/platform-runtime-error-monitoring": { - "version": "0.1.0", - "resolved": "https://registry.npmjs.org/@hashicorp/platform-runtime-error-monitoring/-/platform-runtime-error-monitoring-0.1.0.tgz", - "integrity": "sha512-G6YhBPIu9cPPE2j+uLVoCuamPzxrpEPi45B0ySa+1CTCUmG+3fswvPHXILbyr91ZtpuBsFg1nYJOBwlwEftHdg==", - "requires": { - "@bugsnag/js": "7.5.4", - "@bugsnag/plugin-react": "7.5.4" - } - }, - "@hashicorp/platform-types": { - "version": "0.1.1", - "resolved": "https://registry.npmjs.org/@hashicorp/platform-types/-/platform-types-0.1.1.tgz", - "integrity": "sha512-aQU6hyzBpMax7WoZKF6f/OkCER/SxsVn25RBVgU7JHxmebYJB4VfmDXAfa0TyKaPz2cDWPeOgc8MVezGVjouSw==", - "requires": { - "@types/segment-analytics": "^0.0.33" - } - }, - "@hashicorp/platform-util": { - "version": "0.1.0", - "resolved": "https://registry.npmjs.org/@hashicorp/platform-util/-/platform-util-0.1.0.tgz", - "integrity": "sha512-XGWmQnMThygQKUsB5fPfhWT2KIbAq3Zax1K7TiEarX7IrngpEk7oTpVUR0uEraZgpfsaOfhHGSilvBRZjCZ+Ew==", - "requires": { - "nprogress": "0.2.0" - } - }, - "@hashicorp/react-alert": { - "version": "6.0.2", - "resolved": "https://registry.npmjs.org/@hashicorp/react-alert/-/react-alert-6.0.2.tgz", - "integrity": "sha512-8ePxXMYR6kU0cYb4T3WZ74bInPQdbzfM4B+ZWqmW+raEpVAS2MTqDFl7X55L0syWx6JDbBmrlhzYaRzTDf6qug==", - "requires": { - "@hashicorp/platform-product-meta": "^0.1.0", - "classnames": "^2.3.1" - } - }, - "@hashicorp/react-alert-banner": { - "version": "7.0.1", - "resolved": "https://registry.npmjs.org/@hashicorp/react-alert-banner/-/react-alert-banner-7.0.1.tgz", - "integrity": "sha512-h6M9NhQQxDJZQwhrT1I+Rwfiko8yGsQGrTp6jF0XUrOnteok69SfuDfc0/Vv50aNG0029R4pnBvgK3e1Xc7TlQ==", - "requires": { - "@hashicorp/platform-product-meta": "^0.1.0", - "@hashicorp/react-inline-svg": "^6.0.3", - "@reach/visually-hidden": "^0.16.0", - "js-cookie": "^2.2.1", - "slugify": "^1.6.0" + "camelcase": "^5.3.1", + "find-up": "^4.1.0", + "get-package-type": "^0.1.0", + "js-yaml": "^3.13.1", + "resolve-from": "^5.0.0" }, "dependencies": { - "slugify": { - "version": "1.6.0", - "resolved": "https://registry.npmjs.org/slugify/-/slugify-1.6.0.tgz", - "integrity": "sha512-FkMq+MQc5hzYgM86nLuHI98Acwi3p4wX+a5BO9Hhw4JdK4L7WueIiZ4tXEobImPqBz2sVcV0+Mu3GRB30IGang==" - } - } - }, - "@hashicorp/react-button": { - "version": "6.0.3", - "resolved": "https://registry.npmjs.org/@hashicorp/react-button/-/react-button-6.0.3.tgz", - "integrity": "sha512-CRK93cWw5ap4tGGvMoyr/Ydvvz1Ie1RTyTdBhcpARlH7pCIAmvxHKMK+FCWXWGJNjpM9suKenXfdTJRfz7+KNw==", - "requires": { - "@hashicorp/platform-product-meta": "^0.1.0", - "@hashicorp/react-inline-svg": "^6.0.1", - "classnames": "^2.3.1", - "slugify": "^1.6.0" - }, - "dependencies": { - "slugify": { - "version": "1.6.0", - "resolved": "https://registry.npmjs.org/slugify/-/slugify-1.6.0.tgz", - "integrity": "sha512-FkMq+MQc5hzYgM86nLuHI98Acwi3p4wX+a5BO9Hhw4JdK4L7WueIiZ4tXEobImPqBz2sVcV0+Mu3GRB30IGang==" - } - } - }, - "@hashicorp/react-call-to-action": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/@hashicorp/react-call-to-action/-/react-call-to-action-4.0.0.tgz", - "integrity": "sha512-SpdyItfcQKCGMzI6RlfT2ZbplyeERd6eK12ZwTT2UDejmDSlD0s0/rauzR6brfCh2RGbyRct3/KjJFYWyVsYaw==", - "requires": { - "@hashicorp/react-button": "^6.0.0" - } - }, - "@hashicorp/react-callouts": { - "version": "8.0.1", - "resolved": "https://registry.npmjs.org/@hashicorp/react-callouts/-/react-callouts-8.0.1.tgz", - "integrity": "sha512-KfrEZOO8jWBhHlld2quusPskGbB/6LBuV9bnzsFyS4yn+y7RSBTVk8yovdc8BkFyTaxMq6h/tLW8PgYDLnWPQQ==", - "requires": { - "@hashicorp/platform-product-meta": "^0.1.0", - "@hashicorp/react-button": "^6.0.0", - "@hashicorp/react-inline-svg": "^6.0.1", - "classnames": "^2.3.1" - } - }, - "@hashicorp/react-code-block": { - "version": "4.1.5", - "resolved": "https://registry.npmjs.org/@hashicorp/react-code-block/-/react-code-block-4.1.5.tgz", - "integrity": "sha512-94IHagrdqxvoPE130b2FOvyeSZ26DIhaNSnZ3b/isKMpaNdWjoi/uo+nckRu3auiSyxldbMty8W5EXclgGkCEA==", - "requires": { - "@hashicorp/react-inline-svg": "^6.0.3", - "@reach/listbox": "0.15.0", - "shellwords": "^0.1.1" - } - }, - "@hashicorp/react-consent-manager": { - "version": "7.1.0", - "resolved": "https://registry.npmjs.org/@hashicorp/react-consent-manager/-/react-consent-manager-7.1.0.tgz", - "integrity": "sha512-Hxs58z80gbyfO2HpdyvQFB1PtXzazWICJnH5Kp1VRL2oQpJPeylG6jUsQ6K6a9kfdclZQjK1EeVKDZg2vVFrhA==", - "requires": { - "@hashicorp/react-button": "^6.0.0", - "@hashicorp/react-toggle": "^4.0.1", - "classnames": "^2.3.1", - "js-cookie": "^2.2.1" - } - }, - "@hashicorp/react-content": { - "version": "8.2.0", - "resolved": "https://registry.npmjs.org/@hashicorp/react-content/-/react-content-8.2.0.tgz", - "integrity": "sha512-9wKJQodndiOIdnVXb4zQGwm0CZU3WAJgxTwJGHQDDepPgHvh5nXK336PhTpLcjFK5T0Fg5uvYgaNqfNHZaoquQ==", - "requires": { - "@hashicorp/platform-product-meta": "^0.1.0", - "classnames": "^2.3.1" - } - }, - "@hashicorp/react-docs-page": { - "version": "14.14.0", - "resolved": "https://registry.npmjs.org/@hashicorp/react-docs-page/-/react-docs-page-14.14.0.tgz", - "integrity": "sha512-OwbBmbuE7U3nnF/TWeUKRW6MN0/KIgC8nxUJP3rbqANxZFchCjm/7JEG/owDZu41zJQUAa1ZKvmhI+OUfAAvwA==", - "requires": { - "@hashicorp/platform-docs-mdx": "^0.1.3", - "@hashicorp/platform-markdown-utils": "^0.2.0", - "@hashicorp/react-alert": "^6.0.2", - "@hashicorp/react-content": "^8.1.1", - "@hashicorp/react-docs-sidenav": "^8.4.0", - "@hashicorp/react-head": "^3.1.2", - "@hashicorp/react-placeholder": "^0.1.0", - "@hashicorp/react-search": "^6.3.1", - "@hashicorp/react-version-select": "^0.3.0", - "classnames": "^2.3.1", - "fs-exists-sync": "^0.1.0", - "gray-matter": "^4.0.3", - "js-yaml": "^4.1.0", - "line-reader": "^0.4.0", - "moize": "^6.0.3", - "readdirp": "^3.6.0", - "semver": "^7.3.5" - }, - "dependencies": { - "@hashicorp/platform-markdown-utils": { - "version": "0.2.0", - "resolved": "https://registry.npmjs.org/@hashicorp/platform-markdown-utils/-/platform-markdown-utils-0.2.0.tgz", - "integrity": "sha512-xs/yiP/vcgvGX5wYggvYIhG4WTmTS3e5oUE7QuTtukOHcCN+HmN79z9xn8yCDnJ0GiAm51dv42lmCBiWj3JF6Q==", - "requires": { - "@hashicorp/platform-types": "^0.1.0", - "@hashicorp/remark-plugins": "^3.3.1", - "@mapbox/rehype-prism": "^0.6.0", - "@mdx-js/react": "1.6.22", - "rehype-katex": "^5.0.0", - "remark-math": "^4.0.0", - "remark-rehype": "^7.0.0" - } - }, - "@hashicorp/remark-plugins": { - "version": "3.3.1", - "resolved": "https://registry.npmjs.org/@hashicorp/remark-plugins/-/remark-plugins-3.3.1.tgz", - "integrity": "sha512-7xThpsBFWasdC/E+E/BAjHxMYqyCcQFiTVspvhBzN51meiQIacVCnyAox/lyvwWiP4N3Yj/ruH4UsR2ifskNeA==", - "requires": { - "@mdx-js/util": "1.6.22", - "github-slugger": "^1.3.0", - "remark": "12.0.1", - "remark-mdx": "1.6.22", - "to-vfile": "^6.1.0", - "unist-util-flatmap": "^1.0.0", - "unist-util-is": "^4.0.2", - "unist-util-map": "^2.0.1", - "unist-util-visit": "^2.0.3" - } - }, - "@mapbox/rehype-prism": { - "version": "0.6.0", - "resolved": "https://registry.npmjs.org/@mapbox/rehype-prism/-/rehype-prism-0.6.0.tgz", - "integrity": "sha512-/0Ev/PB4fXdKPT6VDzVpnAPxGpWFIc4Yz3mf/DzLEMxlpIPZpZlCzaFk4V4NGFofQXPc41+GpEcZtWP3VuFWVA==", - "requires": { - "hast-util-to-string": "^1.0.4", - "refractor": "^3.3.1", - "unist-util-visit": "^2.0.3" - } - }, - "commander": { - "version": "8.3.0", - "resolved": "https://registry.npmjs.org/commander/-/commander-8.3.0.tgz", - "integrity": "sha512-OkTL9umf+He2DZkUq8f8J9of7yL6RJKI24dVITBmNfZBmri9zYZQrKkuXiKhyfPSu8tUhnVBB1iKXevvnlR4Ww==" - }, - "gray-matter": { - "version": "4.0.3", - "resolved": "https://registry.npmjs.org/gray-matter/-/gray-matter-4.0.3.tgz", - "integrity": "sha512-5v6yZd4JK3eMI3FqqCouswVqwugaA9r4dNZB1wwcmrD02QkV5H0y7XBQW8QwQqEaZY1pM9aqORSORhJRdNK44Q==", - "requires": { - "js-yaml": "^3.13.1", - "kind-of": "^6.0.2", - "section-matter": "^1.0.0", - "strip-bom-string": "^1.0.0" - }, - "dependencies": { - "js-yaml": { - "version": "3.14.1", - "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", - "integrity": "sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==", - "requires": { - "argparse": "^1.0.7", - "esprima": "^4.0.0" - } - } - } - }, - "js-yaml": { + "find-up": { "version": "4.1.0", - "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", - "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==", + "resolved": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", + "integrity": "sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw==", + "dev": true, + "peer": true, "requires": { - "argparse": "^2.0.1" - }, - "dependencies": { - "argparse": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", - "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==" - } + "locate-path": "^5.0.0", + "path-exists": "^4.0.0" } }, - "katex": { - "version": "0.13.24", - "resolved": "https://registry.npmjs.org/katex/-/katex-0.13.24.tgz", - "integrity": "sha512-jZxYuKCma3VS5UuxOx/rFV1QyGSl3Uy/i0kTJF3HgQ5xMinCQVF8Zd4bMY/9aI9b9A2pjIBOsjSSm68ykTAr8w==", - "requires": { - "commander": "^8.0.0" - } - }, - "mdast-util-definitions": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/mdast-util-definitions/-/mdast-util-definitions-3.0.1.tgz", - "integrity": "sha512-BAv2iUm/e6IK/b2/t+Fx69EL/AGcq/IG2S+HxHjDJGfLJtd6i9SZUS76aC9cig+IEucsqxKTR0ot3m933R3iuA==", - "requires": { - "unist-util-visit": "^2.0.0" - } - }, - "mdast-util-to-hast": { - "version": "9.1.2", - "resolved": "https://registry.npmjs.org/mdast-util-to-hast/-/mdast-util-to-hast-9.1.2.tgz", - "integrity": "sha512-OpkFLBC2VnNAb2FNKcKWu9FMbJhQKog+FCT8nuKmQNIKXyT1n3SIskE7uWDep6x+cA20QXlK5AETHQtYmQmxtQ==", - "requires": { - "@types/mdast": "^3.0.0", - "@types/unist": "^2.0.0", - "mdast-util-definitions": "^3.0.0", - "mdurl": "^1.0.0", - "unist-builder": "^2.0.0", - "unist-util-generated": "^1.0.0", - "unist-util-position": "^3.0.0", - "unist-util-visit": "^2.0.0" - } - }, - "readdirp": { - "version": "3.6.0", - "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz", - "integrity": "sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA==", - "requires": { - "picomatch": "^2.2.1" - } - }, - "rehype-katex": { + "locate-path": { "version": "5.0.0", - "resolved": "https://registry.npmjs.org/rehype-katex/-/rehype-katex-5.0.0.tgz", - "integrity": "sha512-ksSuEKCql/IiIadOHiKRMjypva9BLhuwQNascMqaoGLDVd0k2NlE2wMvgZ3rpItzRKCd6vs8s7MFbb8pcR0AEg==", + "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", + "integrity": "sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g==", + "dev": true, + "peer": true, "requires": { - "@types/katex": "^0.11.0", - "hast-util-to-text": "^2.0.0", - "katex": "^0.13.0", - "rehype-parse": "^7.0.0", - "unified": "^9.0.0", - "unist-util-visit": "^2.0.0" + "p-locate": "^4.1.0" } }, - "remark": { - "version": "12.0.1", - "resolved": "https://registry.npmjs.org/remark/-/remark-12.0.1.tgz", - "integrity": "sha512-gS7HDonkdIaHmmP/+shCPejCEEW+liMp/t/QwmF0Xt47Rpuhl32lLtDV1uKWvGoq+kxr5jSgg5oAIpGuyULjUw==", + "p-limit": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", + "integrity": "sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==", + "dev": true, + "peer": true, "requires": { - "remark-parse": "^8.0.0", - "remark-stringify": "^8.0.0", - "unified": "^9.0.0" + "p-try": "^2.0.0" } }, - "remark-parse": { - "version": "8.0.3", - "resolved": "https://registry.npmjs.org/remark-parse/-/remark-parse-8.0.3.tgz", - "integrity": "sha512-E1K9+QLGgggHxCQtLt++uXltxEprmWzNfg+MxpfHsZlrddKzZ/hZyWHDbK3/Ap8HJQqYJRXP+jHczdL6q6i85Q==", + "p-locate": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", + "integrity": "sha512-R79ZZ/0wAxKGu3oYMlz8jy/kbhsNrS7SKZ7PxEHBgJ5+F2mtFW2fK2cOtBh1cHYkQsbzFV7I+EoRKe6Yt0oK7A==", + "dev": true, + "peer": true, "requires": { - "ccount": "^1.0.0", - "collapse-white-space": "^1.0.2", - "is-alphabetical": "^1.0.0", - "is-decimal": "^1.0.0", - "is-whitespace-character": "^1.0.0", - "is-word-character": "^1.0.0", - "markdown-escapes": "^1.0.0", - "parse-entities": "^2.0.0", - "repeat-string": "^1.5.4", - "state-toggle": "^1.0.0", - "trim": "0.0.1", - "trim-trailing-lines": "^1.0.0", - "unherit": "^1.0.4", - "unist-util-remove-position": "^2.0.0", - "vfile-location": "^3.0.0", - "xtend": "^4.0.1" + "p-limit": "^2.2.0" } }, - "remark-rehype": { - "version": "7.0.0", - "resolved": "https://registry.npmjs.org/remark-rehype/-/remark-rehype-7.0.0.tgz", - "integrity": "sha512-uqQ/VbaTdxyu/da6npHAso6hA00cMqhA3a59RziQdOLN2KEIkPykAVy52IcmZEVTuauXO0VtpxkyCey4phtHzQ==", - "requires": { - "mdast-util-to-hast": "^9.1.0" - } + "p-try": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/p-try/-/p-try-2.2.0.tgz", + "integrity": "sha512-R4nPAVTAU0B9D35/Gk3uJf/7XYbQcyohSKdvAxIRSNghFl4e71hVoGnBNQz9cWaXxO2I10KTC+3jMdvvoKw6dQ==", + "dev": true, + "peer": true }, - "remark-stringify": { - "version": "8.1.1", - "resolved": "https://registry.npmjs.org/remark-stringify/-/remark-stringify-8.1.1.tgz", - "integrity": "sha512-q4EyPZT3PcA3Eq7vPpT6bIdokXzFGp9i85igjmhRyXWmPs0Y6/d2FYwUNotKAWyLch7g0ASZJn/KHHcHZQ163A==", - "requires": { - "ccount": "^1.0.0", - "is-alphanumeric": "^1.0.0", - "is-decimal": "^1.0.0", - "is-whitespace-character": "^1.0.0", - "longest-streak": "^2.0.1", - "markdown-escapes": "^1.0.0", - "markdown-table": "^2.0.0", - "mdast-util-compact": "^2.0.0", - "parse-entities": "^2.0.0", - "repeat-string": "^1.5.4", - "state-toggle": "^1.0.0", - "stringify-entities": "^3.0.0", - "unherit": "^1.0.4", - "xtend": "^4.0.1" - } + "resolve-from": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-5.0.0.tgz", + "integrity": "sha512-qYg9KP24dD5qka9J47d0aVky0N+b4fTU89LN9iDnjB5waksiC49rvMB0PrUJQGoTmH50XPiqOvAjDfaijGxYZw==", + "dev": true, + "peer": true } } }, - "@hashicorp/react-docs-sidenav": { - "version": "8.4.1", - "resolved": "https://registry.npmjs.org/@hashicorp/react-docs-sidenav/-/react-docs-sidenav-8.4.1.tgz", - "integrity": "sha512-X7J19jCrcYiZEa7/ApMn6R5LFmDymJC1/sHSXpaMcXDIW5DD+H0DRYwJKVUPgdJDWhjZ5PXXWeDJTOKcQWBNog==", + "@istanbuljs/schema": { + "version": "0.1.3", + "resolved": "https://registry.npmjs.org/@istanbuljs/schema/-/schema-0.1.3.tgz", + "integrity": "sha512-ZXRY4jNvVgSVQ8DL3LTcakaAtXwTVUxE81hslsyD2AtoXW/wVob10HkOJ1X/pAlcI7D+2YoZKg5do8G/w6RYgA==", + "dev": true, + "peer": true + }, + "@jest/console": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/@jest/console/-/console-26.6.2.tgz", + "integrity": "sha512-IY1R2i2aLsLr7Id3S6p2BA82GNWryt4oSvEXLAKc+L2zdi89dSkE8xC1C+0kpATG4JhBJREnQOH7/zmccM2B0g==", + "dev": true, + "peer": true, "requires": { - "@hashicorp/platform-product-meta": "^0.1.0", - "@hashicorp/react-link-wrap": "^3.0.3", - "fuzzysearch": "1.0.3" + "@jest/types": "^26.6.2", + "@types/node": "*", + "chalk": "^4.0.0", + "jest-message-util": "^26.6.2", + "jest-util": "^26.6.2", + "slash": "^3.0.0" } }, - "@hashicorp/react-enterprise-alert": { - "version": "6.0.1", - "resolved": "https://registry.npmjs.org/@hashicorp/react-enterprise-alert/-/react-enterprise-alert-6.0.1.tgz", - "integrity": "sha512-fIT5A5G7mNW77Iob/B5FRlKukDws8CEtK/pLqYJjYhz1HmwZiPRORWTDcaBDh8XUARqo8gA8lg9gqke2kEv6UQ==", + "@jest/core": { + "version": "26.6.3", + "resolved": "https://registry.npmjs.org/@jest/core/-/core-26.6.3.tgz", + "integrity": "sha512-xvV1kKbhfUqFVuZ8Cyo+JPpipAHHAV3kcDBftiduK8EICXmTFddryy3P7NfZt8Pv37rA9nEJBKCCkglCPt/Xjw==", + "dev": true, + "peer": true, "requires": { - "@hashicorp/platform-product-meta": "^0.1.0", - "classnames": "^2.3.1" + "@jest/console": "^26.6.2", + "@jest/reporters": "^26.6.2", + "@jest/test-result": "^26.6.2", + "@jest/transform": "^26.6.2", + "@jest/types": "^26.6.2", + "@types/node": "*", + "ansi-escapes": "^4.2.1", + "chalk": "^4.0.0", + "exit": "^0.1.2", + "graceful-fs": "^4.2.4", + "jest-changed-files": "^26.6.2", + "jest-config": "^26.6.3", + "jest-haste-map": "^26.6.2", + "jest-message-util": "^26.6.2", + "jest-regex-util": "^26.0.0", + "jest-resolve": "^26.6.2", + "jest-resolve-dependencies": "^26.6.3", + "jest-runner": "^26.6.3", + "jest-runtime": "^26.6.3", + "jest-snapshot": "^26.6.2", + "jest-util": "^26.6.2", + "jest-validate": "^26.6.2", + "jest-watcher": "^26.6.2", + "micromatch": "^4.0.2", + "p-each-series": "^2.1.0", + "rimraf": "^3.0.0", + "slash": "^3.0.0", + "strip-ansi": "^6.0.0" } }, - "@hashicorp/react-featured-slider": { - "version": "5.0.1", - "resolved": "https://registry.npmjs.org/@hashicorp/react-featured-slider/-/react-featured-slider-5.0.1.tgz", - "integrity": "sha512-AuTZA/C5JHjyb+fCr2nrZcL0iPoDBaj0wGRXxRnNwltV1YOwYnn1p3vzRtrAky+BAjTWtYkh+h4Nebi+pvi+AQ==", + "@jest/environment": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/@jest/environment/-/environment-26.6.2.tgz", + "integrity": "sha512-nFy+fHl28zUrRsCeMB61VDThV1pVTtlEokBRgqPrcT1JNq4yRNIyTHfyht6PqtUvY9IsuLGTrbG8kPXjSZIZwA==", + "dev": true, + "peer": true, "requires": { - "@hashicorp/react-button": "^6.0.0", - "@hashicorp/react-image": "^4.0.1", - "classnames": "^2.3.1" + "@jest/fake-timers": "^26.6.2", + "@jest/types": "^26.6.2", + "@types/node": "*", + "jest-mock": "^26.6.2" } }, - "@hashicorp/react-hashi-stack-menu": { - "version": "2.1.2", - "resolved": "https://registry.npmjs.org/@hashicorp/react-hashi-stack-menu/-/react-hashi-stack-menu-2.1.2.tgz", - "integrity": "sha512-3K6Y2FNSLq6TsMceX3a1pdmxaVx8lRvxCgjxcKL1P6DpmOk0AU5/eL0CvKP8GzXSYstL36xXxIhWFfiaAaF/yQ==", + "@jest/fake-timers": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/@jest/fake-timers/-/fake-timers-26.6.2.tgz", + "integrity": "sha512-14Uleatt7jdzefLPYM3KLcnUl1ZNikaKq34enpb5XG9i81JpppDb5muZvonvKyrl7ftEHkKS5L5/eB/kxJ+bvA==", + "dev": true, + "peer": true, "requires": { - "@hashicorp/react-inline-svg": "^6.0.1", - "@hashicorp/react-link-wrap": "^3.0.3", - "slugify": "1.6.0" + "@jest/types": "^26.6.2", + "@sinonjs/fake-timers": "^6.0.1", + "@types/node": "*", + "jest-message-util": "^26.6.2", + "jest-mock": "^26.6.2", + "jest-util": "^26.6.2" + } + }, + "@jest/globals": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/@jest/globals/-/globals-26.6.2.tgz", + "integrity": "sha512-85Ltnm7HlB/KesBUuALwQ68YTU72w9H2xW9FjZ1eL1U3lhtefjjl5c2MiUbpXt/i6LaPRvoOFJ22yCBSfQ0JIA==", + "dev": true, + "peer": true, + "requires": { + "@jest/environment": "^26.6.2", + "@jest/types": "^26.6.2", + "expect": "^26.6.2" + } + }, + "@jest/reporters": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/@jest/reporters/-/reporters-26.6.2.tgz", + "integrity": "sha512-h2bW53APG4HvkOnVMo8q3QXa6pcaNt1HkwVsOPMBV6LD/q9oSpxNSYZQYkAnjdMjrJ86UuYeLo+aEZClV6opnw==", + "dev": true, + "peer": true, + "requires": { + "@bcoe/v8-coverage": "^0.2.3", + "@jest/console": "^26.6.2", + "@jest/test-result": "^26.6.2", + "@jest/transform": "^26.6.2", + "@jest/types": "^26.6.2", + "chalk": "^4.0.0", + "collect-v8-coverage": "^1.0.0", + "exit": "^0.1.2", + "glob": "^7.1.2", + "graceful-fs": "^4.2.4", + "istanbul-lib-coverage": "^3.0.0", + "istanbul-lib-instrument": "^4.0.3", + "istanbul-lib-report": "^3.0.0", + "istanbul-lib-source-maps": "^4.0.0", + "istanbul-reports": "^3.0.2", + "jest-haste-map": "^26.6.2", + "jest-resolve": "^26.6.2", + "jest-util": "^26.6.2", + "jest-worker": "^26.6.2", + "node-notifier": "^8.0.0", + "slash": "^3.0.0", + "source-map": "^0.6.0", + "string-length": "^4.0.1", + "terminal-link": "^2.0.0", + "v8-to-istanbul": "^7.0.0" }, "dependencies": { - "slugify": { - "version": "1.6.0", - "resolved": "https://registry.npmjs.org/slugify/-/slugify-1.6.0.tgz", - "integrity": "sha512-FkMq+MQc5hzYgM86nLuHI98Acwi3p4wX+a5BO9Hhw4JdK4L7WueIiZ4tXEobImPqBz2sVcV0+Mu3GRB30IGang==" + "jest-worker": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/jest-worker/-/jest-worker-26.6.2.tgz", + "integrity": "sha512-KWYVV1c4i+jbMpaBC+U++4Va0cp8OisU185o73T1vo99hqi7w8tSJfUXYswwqqrjzwxa6KpRK54WhPvwf5w6PQ==", + "dev": true, + "peer": true, + "requires": { + "@types/node": "*", + "merge-stream": "^2.0.0", + "supports-color": "^7.0.0" + } + }, + "source-map": { + "version": "0.6.1", + "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", + "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==", + "dev": true, + "peer": true } } }, - "@hashicorp/react-head": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/@hashicorp/react-head/-/react-head-3.1.2.tgz", - "integrity": "sha512-DkQt0F2zU2cZ36IafDI8TWQNS6kkCVzaouLMR0Mwb/MYCzOJtutyZYrzrrDU+uQQ5tWSt3vZQKrSqD4M5RMMoQ==", - "requires": {} - }, - "@hashicorp/react-hero": { - "version": "8.0.2", - "resolved": "https://registry.npmjs.org/@hashicorp/react-hero/-/react-hero-8.0.2.tgz", - "integrity": "sha512-q+XgMk0b2YFcmPL8wNHjlZErUEyfIO1i9/diTebHVvKjCs2AeOVDODU3diSU/Q5mvX5dCx36l/fp1qmyYdP8SQ==", + "@jest/source-map": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/@jest/source-map/-/source-map-26.6.2.tgz", + "integrity": "sha512-YwYcCwAnNmOVsZ8mr3GfnzdXDAl4LaenZP5z+G0c8bzC9/dugL8zRmxZzdoTl4IaS3CryS1uWnROLPFmb6lVvA==", + "dev": true, + "peer": true, "requires": { - "@hashicorp/js-utils": "^1.0.10", - "@hashicorp/platform-product-meta": "^0.1.0", - "@hashicorp/react-alert": "^6.0.0", - "@hashicorp/react-button": "^6.0.1", - "@hashicorp/react-image": "^4.0.2", - "@hashicorp/react-text-input": "^5.0.0", - "classnames": "^2.3.1", - "formik": "^2.2.9", - "promise-polyfill": "^8.2.0", - "query-string": "^5.1.1" - } - }, - "@hashicorp/react-image": { - "version": "4.0.3", - "resolved": "https://registry.npmjs.org/@hashicorp/react-image/-/react-image-4.0.3.tgz", - "integrity": "sha512-GcTWoIGVwZm8nvxKftqjsQjVfjhhDm4VUDpBcCtRAEj3f/umhrppDV6hFuJYSWSWtGp8hnVCFVAS445nNBgaeg==", - "requires": { - "object-assign": "4.1.1", - "query-string": "5.1.1" - } - }, - "@hashicorp/react-inline-svg": { - "version": "6.0.3", - "resolved": "https://registry.npmjs.org/@hashicorp/react-inline-svg/-/react-inline-svg-6.0.3.tgz", - "integrity": "sha512-BKLhVFc0gIRxyd2QZ5KWSAXDyyiOI+dQ4U4HrgAA3f4/JmpOsF/EgQ6Ro+cmNZy1/cn42OM2iqoEvUqYvW+ZfQ==", - "requires": {} - }, - "@hashicorp/react-learn-callout": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/@hashicorp/react-learn-callout/-/react-learn-callout-2.0.1.tgz", - "integrity": "sha512-Dldn8SfbOFGd8cVdYyLUuCXllGYIQ5A8Txv3J6wYzMnWbvRTRnqjzun4kxk1UTxqHonP5D3fACP7xeM1mlbroQ==", - "requires": { - "@hashicorp/platform-product-meta": "^0.1.0", - "@hashicorp/react-button": "^6.0.0", - "classnames": "^2.3.1" - } - }, - "@hashicorp/react-link-wrap": { - "version": "3.0.3", - "resolved": "https://registry.npmjs.org/@hashicorp/react-link-wrap/-/react-link-wrap-3.0.3.tgz", - "integrity": "sha512-G0JM3IowWCUWkc/mW5Llb/9NK50PH81/fySGZmQI6/oakK1gLvA6/fEfWRX7cqa7NoFHLiNnDrXJkc3ShtKNVw==", - "requires": {} - }, - "@hashicorp/react-markdown-page": { - "version": "1.4.3", - "resolved": "https://registry.npmjs.org/@hashicorp/react-markdown-page/-/react-markdown-page-1.4.3.tgz", - "integrity": "sha512-CBYXek4/p/x9P9MSOtUm24QJjoGVvGufxv26WJlnXCeXspprYxWULikcBatZFXresWSa5hYQjpUqNfk3F+XQyw==", - "requires": { - "@hashicorp/platform-markdown-utils": "^0.1.0", - "@hashicorp/react-content": "^8.0.2", - "@hashicorp/react-head": "^3.1.2", - "gray-matter": "4.0.2" - } - }, - "@hashicorp/react-placeholder": { - "version": "0.1.0", - "resolved": "https://registry.npmjs.org/@hashicorp/react-placeholder/-/react-placeholder-0.1.0.tgz", - "integrity": "sha512-Jti+Z4p6fVXiukBZpPIvIFJb/oxRYY3AIXCgrEJxvKemvF8iD84oWSyCB2WPzycmHIn4u8dlSCrc/VhicnieQA==", - "requires": {} - }, - "@hashicorp/react-product-downloads-page": { - "version": "2.7.0", - "resolved": "https://registry.npmjs.org/@hashicorp/react-product-downloads-page/-/react-product-downloads-page-2.7.0.tgz", - "integrity": "sha512-GAw+Ztq4Cr/GJ5kyL3HvpLzs2wtpTFrs0FGDp6TRXjAVgqgfqrQU3cJzthtwkvKAZBmgGmubpQf84bhtfgtvLA==", - "requires": { - "@hashicorp/platform-product-meta": "^0.1.0", - "@hashicorp/react-button": "^6.0.0", - "@hashicorp/react-head": "^3.1.2", - "@hashicorp/react-tabs": "^7.0.0", - "semver": "^7.3.5" - } - }, - "@hashicorp/react-product-features-list": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/@hashicorp/react-product-features-list/-/react-product-features-list-5.0.0.tgz", - "integrity": "sha512-H1Pp9wq+xdMQ4QZsBGSOcqPGmXMzOP49Ed/e/tsvOrQWhhdj4tjjVqBIPZFKjx6tHW7Ebjz2/PDw27i1UwoYnQ==", - "requires": { - "@hashicorp/react-button": "^6.0.0", - "@hashicorp/react-image": "^4.0.1", - "classnames": "^2.3.1" - } - }, - "@hashicorp/react-search": { - "version": "6.4.0", - "resolved": "https://registry.npmjs.org/@hashicorp/react-search/-/react-search-6.4.0.tgz", - "integrity": "sha512-ITAvD5QEc+B79VTYC27kdx0P1ynGFPUwed1ttUxlAIhvzasWjKeM6sS1rT8oFF+QcUZqoE7rKq7Y8k53sAB2Lw==", - "requires": { - "@hashicorp/react-inline-svg": "^6.0.1", - "@hashicorp/remark-plugins": "^3.1.1", - "@reach/visually-hidden": "^0.16.0", - "algoliasearch": "^4.10.3", - "classnames": "^2.3.1", - "dotenv": "^10.0.0", - "glob": "^7.1.7", - "gray-matter": "^4.0.3", - "react-instantsearch-dom": "^6.12.1", - "remark": "^13.0.0", - "search-insights": "^1.7.1", - "unist-util-visit": "^2.0.3" + "callsites": "^3.0.0", + "graceful-fs": "^4.2.4", + "source-map": "^0.6.0" }, "dependencies": { - "gray-matter": { - "version": "4.0.3", - "resolved": "https://registry.npmjs.org/gray-matter/-/gray-matter-4.0.3.tgz", - "integrity": "sha512-5v6yZd4JK3eMI3FqqCouswVqwugaA9r4dNZB1wwcmrD02QkV5H0y7XBQW8QwQqEaZY1pM9aqORSORhJRdNK44Q==", - "requires": { - "js-yaml": "^3.13.1", - "kind-of": "^6.0.2", - "section-matter": "^1.0.0", - "strip-bom-string": "^1.0.0" - } + "source-map": { + "version": "0.6.1", + "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", + "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==", + "dev": true, + "peer": true } } }, - "@hashicorp/react-section-header": { - "version": "5.0.4", - "resolved": "https://registry.npmjs.org/@hashicorp/react-section-header/-/react-section-header-5.0.4.tgz", - "integrity": "sha512-1C1bdgn4qdD2IOVjbL+WqTUmLBQHAnKiNezSwQbO4MvdrSFfAllPhPchA760VuVaEBnMWo0gFQPSybRrv7faVQ==", + "@jest/test-result": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/@jest/test-result/-/test-result-26.6.2.tgz", + "integrity": "sha512-5O7H5c/7YlojphYNrK02LlDIV2GNPYisKwHm2QTKjNZeEzezCbwYs9swJySv2UfPMyZ0VdsmMv7jIlD/IKYQpQ==", + "dev": true, + "peer": true, "requires": { - "@hashicorp/js-utils": "^1.0.10" + "@jest/console": "^26.6.2", + "@jest/types": "^26.6.2", + "@types/istanbul-lib-coverage": "^2.0.0", + "collect-v8-coverage": "^1.0.0" } }, - "@hashicorp/react-select-input": { - "version": "4.0.5", - "resolved": "https://registry.npmjs.org/@hashicorp/react-select-input/-/react-select-input-4.0.5.tgz", - "integrity": "sha512-iN7iq7HZTQh3sa3LViuXbS84Si5hL6eWOqXd4DHfWYcZuuwping88l8SwwPWtqr+HVDcFsRixpVuvOCwgQSX0Q==", + "@jest/test-sequencer": { + "version": "26.6.3", + "resolved": "https://registry.npmjs.org/@jest/test-sequencer/-/test-sequencer-26.6.3.tgz", + "integrity": "sha512-YHlVIjP5nfEyjlrSr8t/YdNfU/1XEt7c5b4OxcXCjyRhjzLYu/rO69/WHPuYcbCWkz8kAeZVZp2N2+IOLLEPGw==", + "dev": true, + "peer": true, "requires": { - "classnames": "^2.3.1", - "downshift": "3.1.5" + "@jest/test-result": "^26.6.2", + "graceful-fs": "^4.2.4", + "jest-haste-map": "^26.6.2", + "jest-runner": "^26.6.3", + "jest-runtime": "^26.6.3" } }, - "@hashicorp/react-stepped-feature-list": { - "version": "4.0.3", - "resolved": "https://registry.npmjs.org/@hashicorp/react-stepped-feature-list/-/react-stepped-feature-list-4.0.3.tgz", - "integrity": "sha512-s/MwmtnMjBViElSCXVbP+sKtDxy6A8jceSVhfVgLv8Q0+G84yeHO0THaMGgTBoA8wgF6Ad5zChW9zDJojdDrMw==", + "@jest/transform": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/@jest/transform/-/transform-26.6.2.tgz", + "integrity": "sha512-E9JjhUgNzvuQ+vVAL21vlyfy12gP0GhazGgJC4h6qUt1jSdUXGWJ1wfu/X7Sd8etSgxV4ovT1pb9v5D6QW4XgA==", + "dev": true, + "peer": true, "requires": { - "nuka-carousel": "^4.7.2" - } - }, - "@hashicorp/react-subnav": { - "version": "9.3.2", - "resolved": "https://registry.npmjs.org/@hashicorp/react-subnav/-/react-subnav-9.3.2.tgz", - "integrity": "sha512-UoMnQgV/KnqNX/bwKKsnw5ph4egJhQPFHwrnplRlBuRMlHgblMMP5jsPi/07wkpIv4iyV0yc1ttaFN4RPVTa5w==", - "requires": { - "@hashicorp/mktg-logos": "^1.0.2", - "@hashicorp/platform-product-meta": "^0.1.0", - "@hashicorp/react-button": "^6.0.3", - "@hashicorp/react-inline-svg": "^6.0.3", - "@hashicorp/react-link-wrap": "^3.0.3", - "@reach/visually-hidden": "^0.16.0", - "camel-case": "^4.1.2", - "classnames": "^2.3.1", - "isomorphic-unfetch": "^3.1.0" - } - }, - "@hashicorp/react-tabs": { - "version": "7.0.1", - "resolved": "https://registry.npmjs.org/@hashicorp/react-tabs/-/react-tabs-7.0.1.tgz", - "integrity": "sha512-qmQscQkIxNhZc/QhWo5RCEu39rKXl4iQHlk0Q0Zk+ClqKSplDuVMMJqg3GtrG056em9xA2p+n7J501EZlOfzGg==", - "requires": { - "@hashicorp/react-inline-svg": "^6.0.1", - "@reach/portal": "^0.16.0", - "@reach/tooltip": "^0.16.0", - "classnames": "^2.3.1" + "@babel/core": "^7.1.0", + "@jest/types": "^26.6.2", + "babel-plugin-istanbul": "^6.0.0", + "chalk": "^4.0.0", + "convert-source-map": "^1.4.0", + "fast-json-stable-stringify": "^2.0.0", + "graceful-fs": "^4.2.4", + "jest-haste-map": "^26.6.2", + "jest-regex-util": "^26.0.0", + "jest-util": "^26.6.2", + "micromatch": "^4.0.2", + "pirates": "^4.0.1", + "slash": "^3.0.0", + "source-map": "^0.6.1", + "write-file-atomic": "^3.0.0" }, "dependencies": { - "@reach/portal": { - "version": "0.16.0", - "resolved": "https://registry.npmjs.org/@reach/portal/-/portal-0.16.0.tgz", - "integrity": "sha512-vXJ0O9T+72HiSEWHPs2cx7YbSO7pQsTMhgqPc5aaddIYpo2clJx1PnYuS0lSNlVaDO0IxQhwYq43evXaXnmviw==", - "requires": { - "@reach/utils": "0.16.0", - "tslib": "^2.3.0" - } - }, - "@reach/utils": { - "version": "0.16.0", - "resolved": "https://registry.npmjs.org/@reach/utils/-/utils-0.16.0.tgz", - "integrity": "sha512-PCggBet3qaQmwFNcmQ/GqHSefadAFyNCUekq9RrWoaU9hh/S4iaFgf2MBMdM47eQj5i/Bk0Mm07cP/XPFlkN+Q==", - "requires": { - "tiny-warning": "^1.0.3", - "tslib": "^2.3.0" - } - }, - "tslib": { - "version": "2.3.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.3.1.tgz", - "integrity": "sha512-77EbyPPpMz+FRFRuAFlWMtmgUWGe9UOG2Z25NqCwiIjRhOf5iKGuzSe5P2w1laq+FkRy4p+PCuVkJSGkzTEKVw==" - } - } - }, - "@hashicorp/react-text-input": { - "version": "5.0.1", - "resolved": "https://registry.npmjs.org/@hashicorp/react-text-input/-/react-text-input-5.0.1.tgz", - "integrity": "sha512-KXY2XloVHKYKJFk/S3LrVZBm0QNtDqdhRsd9wXdxe3dlElfAbNMgxIUQz2bzqmLYxegatlhgGCr6GBU9odkz5A==", - "requires": { - "classnames": "^2.3.1", - "uuid": "^8.3.2" - }, - "dependencies": { - "uuid": { - "version": "8.3.2", - "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz", - "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==" - } - } - }, - "@hashicorp/react-text-split": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/@hashicorp/react-text-split/-/react-text-split-4.0.0.tgz", - "integrity": "sha512-drBWTG3l7v/GNusn2gy2eW3SjuJ3lldlfzX3lr20IxprP2UcMcpLBDQFL+xrJbaHe7Tn2WjwrdmOS6MtQOopbQ==", - "requires": { - "@hashicorp/platform-product-meta": "^0.1.0", - "@hashicorp/react-button": "^6.0.0", - "@hashicorp/react-inline-svg": "^6.0.3", - "classnames": "^2.3.1" - } - }, - "@hashicorp/react-text-split-with-code": { - "version": "3.3.8", - "resolved": "https://registry.npmjs.org/@hashicorp/react-text-split-with-code/-/react-text-split-with-code-3.3.8.tgz", - "integrity": "sha512-aOakwQL+GjrSEsySSOHw7WlJLg0nEiKoIMK5x8aLry64ZwHgTpqqFj5CTQ01RHk0sAfqbCCvrRc2il9CLR83fg==", - "requires": { - "@hashicorp/react-code-block": "^4.1.5", - "@hashicorp/react-text-split": "^4.0.0" - } - }, - "@hashicorp/react-text-split-with-image": { - "version": "4.2.5", - "resolved": "https://registry.npmjs.org/@hashicorp/react-text-split-with-image/-/react-text-split-with-image-4.2.5.tgz", - "integrity": "sha512-UJ2hF7xYXcWoIpgAD3MlJijutbouKW5joVScfL9zgTWUPmr1c9cBj6MQf7VNNP00q4CR0ElId74ki2tr/8Vkfw==", - "requires": { - "@hashicorp/react-image": "^4.0.3", - "@hashicorp/react-text-split": "^4.0.0" - } - }, - "@hashicorp/react-toggle": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/@hashicorp/react-toggle/-/react-toggle-4.0.1.tgz", - "integrity": "sha512-pPcFs3mlR7qt6j+bbfRnkxr1dEpTInuvLfYZ27L92uEcd83MBLcc+jp6c/idMuzHyLGSFU5aGqrAz5ufhLERZw==", - "requires": { - "classnames": "^2.3.1" - } - }, - "@hashicorp/react-use-cases": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/@hashicorp/react-use-cases/-/react-use-cases-5.0.0.tgz", - "integrity": "sha512-doiU9Wpo5c1r5XhsiIWNStPd+P3D/9BqMoYn+MrCrfFvD19pbAuH5GEJslC/XBJt7M4uumAb9e803XKJAayZww==", - "requires": { - "@hashicorp/react-image": "^4.0.3", - "@hashicorp/react-inline-svg": "^6.0.3", - "classnames": "^2.3.1" - } - }, - "@hashicorp/react-version-select": { - "version": "0.3.0", - "resolved": "https://registry.npmjs.org/@hashicorp/react-version-select/-/react-version-select-0.3.0.tgz", - "integrity": "sha512-wd708z+ftdUkK+jKBLFHdHE3U4a0g37LTOxH9X68LzFDWPUT9gTAI5dPEfT0Os/DeJxWcRvUoaS8Fbtd7SQPmg==", - "requires": { - "@hashicorp/react-select-input": ">=4.x" - } - }, - "@hashicorp/react-vertical-text-block-list": { - "version": "7.0.0", - "resolved": "https://registry.npmjs.org/@hashicorp/react-vertical-text-block-list/-/react-vertical-text-block-list-7.0.0.tgz", - "integrity": "sha512-RYFO/HXEiB4Adj6zdmuLCL19gfTh7MZc53Kp9FqZ7dWR7ggW24tMCwIsgqvk4NjubBkJ0Lx/DnhiQ3ATZVMC6w==", - "requires": { - "@hashicorp/platform-product-meta": "^0.1.0", - "@hashicorp/react-image": "^4.0.1", - "@hashicorp/react-link-wrap": "^3.0.1", - "classnames": "^2.3.1" - } - }, - "@hashicorp/remark-plugins": { - "version": "3.2.0", - "resolved": "https://registry.npmjs.org/@hashicorp/remark-plugins/-/remark-plugins-3.2.0.tgz", - "integrity": "sha512-kHY0Uq/6TnqXkIKGo4oIhhvVDfynlNzLxNRxMYMi6yOyGSI407j9M0sTfJWwoQom4NWFd3aOlwJV8IAhF7deJQ==", - "requires": { - "@mdx-js/util": "1.6.22", - "github-slugger": "^1.3.0", - "remark": "12.0.1", - "remark-mdx": "1.6.22", - "to-vfile": "^6.1.0", - "unist-util-flatmap": "^1.0.0", - "unist-util-is": "^4.0.2", - "unist-util-map": "^2.0.1", - "unist-util-visit": "^2.0.3" - }, - "dependencies": { - "remark": { - "version": "12.0.1", - "resolved": "https://registry.npmjs.org/remark/-/remark-12.0.1.tgz", - "integrity": "sha512-gS7HDonkdIaHmmP/+shCPejCEEW+liMp/t/QwmF0Xt47Rpuhl32lLtDV1uKWvGoq+kxr5jSgg5oAIpGuyULjUw==", - "requires": { - "remark-parse": "^8.0.0", - "remark-stringify": "^8.0.0", - "unified": "^9.0.0" - } - }, - "remark-parse": { - "version": "8.0.3", - "resolved": "https://registry.npmjs.org/remark-parse/-/remark-parse-8.0.3.tgz", - "integrity": "sha512-E1K9+QLGgggHxCQtLt++uXltxEprmWzNfg+MxpfHsZlrddKzZ/hZyWHDbK3/Ap8HJQqYJRXP+jHczdL6q6i85Q==", - "requires": { - "ccount": "^1.0.0", - "collapse-white-space": "^1.0.2", - "is-alphabetical": "^1.0.0", - "is-decimal": "^1.0.0", - "is-whitespace-character": "^1.0.0", - "is-word-character": "^1.0.0", - "markdown-escapes": "^1.0.0", - "parse-entities": "^2.0.0", - "repeat-string": "^1.5.4", - "state-toggle": "^1.0.0", - "trim": "0.0.1", - "trim-trailing-lines": "^1.0.0", - "unherit": "^1.0.4", - "unist-util-remove-position": "^2.0.0", - "vfile-location": "^3.0.0", - "xtend": "^4.0.1" - } - }, - "remark-stringify": { - "version": "8.1.1", - "resolved": "https://registry.npmjs.org/remark-stringify/-/remark-stringify-8.1.1.tgz", - "integrity": "sha512-q4EyPZT3PcA3Eq7vPpT6bIdokXzFGp9i85igjmhRyXWmPs0Y6/d2FYwUNotKAWyLch7g0ASZJn/KHHcHZQ163A==", - "requires": { - "ccount": "^1.0.0", - "is-alphanumeric": "^1.0.0", - "is-decimal": "^1.0.0", - "is-whitespace-character": "^1.0.0", - "longest-streak": "^2.0.1", - "markdown-escapes": "^1.0.0", - "markdown-table": "^2.0.0", - "mdast-util-compact": "^2.0.0", - "parse-entities": "^2.0.0", - "repeat-string": "^1.5.4", - "state-toggle": "^1.0.0", - "stringify-entities": "^3.0.0", - "unherit": "^1.0.4", - "xtend": "^4.0.1" - } + "source-map": { + "version": "0.6.1", + "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", + "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==", + "dev": true, + "peer": true } } }, @@ -20388,114 +15738,19 @@ "chalk": "^4.0.0" } }, - "@mapbox/rehype-prism": { - "version": "0.5.0", - "resolved": "https://registry.npmjs.org/@mapbox/rehype-prism/-/rehype-prism-0.5.0.tgz", - "integrity": "sha512-sE5EetmSR6At7AU2s3N2rFUUqm8BpvxUcGcesgfTZgqF7bQoekqsKxLX8gunIDjZs34acZJ6fgPFHepEWnYKCQ==", - "requires": { - "hast-util-to-string": "^1.0.3", - "refractor": "^3.0.0", - "unist-util-visit": "^2.0.2" - } - }, - "@mdx-js/mdx": { - "version": "1.6.22", - "resolved": "https://registry.npmjs.org/@mdx-js/mdx/-/mdx-1.6.22.tgz", - "integrity": "sha512-AMxuLxPz2j5/6TpF/XSdKpQP1NlG0z11dFOlq+2IP/lSgl11GY8ji6S/rgsViN/L0BDvHvUMruRb7ub+24LUYA==", - "requires": { - "@babel/core": "7.12.9", - "@babel/plugin-syntax-jsx": "7.12.1", - "@babel/plugin-syntax-object-rest-spread": "7.8.3", - "@mdx-js/util": "1.6.22", - "babel-plugin-apply-mdx-type-prop": "1.6.22", - "babel-plugin-extract-import-names": "1.6.22", - "camelcase-css": "2.0.1", - "detab": "2.0.4", - "hast-util-raw": "6.0.1", - "lodash.uniq": "4.5.0", - "mdast-util-to-hast": "10.0.1", - "remark-footnotes": "2.0.0", - "remark-mdx": "1.6.22", - "remark-parse": "8.0.3", - "remark-squeeze-paragraphs": "4.0.0", - "style-to-object": "0.3.0", - "unified": "9.2.0", - "unist-builder": "2.0.3", - "unist-util-visit": "2.0.3" - }, - "dependencies": { - "remark-parse": { - "version": "8.0.3", - "resolved": "https://registry.npmjs.org/remark-parse/-/remark-parse-8.0.3.tgz", - "integrity": "sha512-E1K9+QLGgggHxCQtLt++uXltxEprmWzNfg+MxpfHsZlrddKzZ/hZyWHDbK3/Ap8HJQqYJRXP+jHczdL6q6i85Q==", - "requires": { - "ccount": "^1.0.0", - "collapse-white-space": "^1.0.2", - "is-alphabetical": "^1.0.0", - "is-decimal": "^1.0.0", - "is-whitespace-character": "^1.0.0", - "is-word-character": "^1.0.0", - "markdown-escapes": "^1.0.0", - "parse-entities": "^2.0.0", - "repeat-string": "^1.5.4", - "state-toggle": "^1.0.0", - "trim": "0.0.1", - "trim-trailing-lines": "^1.0.0", - "unherit": "^1.0.4", - "unist-util-remove-position": "^2.0.0", - "vfile-location": "^3.0.0", - "xtend": "^4.0.1" - } - } - } - }, - "@mdx-js/react": { - "version": "1.6.22", - "resolved": "https://registry.npmjs.org/@mdx-js/react/-/react-1.6.22.tgz", - "integrity": "sha512-TDoPum4SHdfPiGSAaRBw7ECyI8VaHpK8GJugbJIJuqyh6kzw9ZLJZW3HGL3NNrJGxcAixUvqROm+YuQOo5eXtg==", - "requires": {} - }, - "@mdx-js/util": { - "version": "1.6.22", - "resolved": "https://registry.npmjs.org/@mdx-js/util/-/util-1.6.22.tgz", - "integrity": "sha512-H1rQc1ZOHANWBvPcW+JpGwr+juXSxM8Q8YCkm3GhZd8REu1fHR3z99CErO1p9pkcfcxZnMdIZdIsXkOHY0NilA==" - }, - "@mrmlnc/readdir-enhanced": { - "version": "2.2.1", - "resolved": "https://registry.npmjs.org/@mrmlnc/readdir-enhanced/-/readdir-enhanced-2.2.1.tgz", - "integrity": "sha512-bPHp6Ji8b41szTOcaP63VlnbbO5Ny6dwAATtY6JTjh5N2OLrb5Qk/Th5cRkRQhkWCt+EJsYrNB0MiL+Gpn6e3g==", - "dev": true, - "requires": { - "call-me-maybe": "^1.0.1", - "glob-to-regexp": "^0.3.0" - }, - "dependencies": { - "glob-to-regexp": { - "version": "0.3.0", - "resolved": "https://registry.npmjs.org/glob-to-regexp/-/glob-to-regexp-0.3.0.tgz", - "integrity": "sha1-jFoUlNIGbFcMw7/kSWF1rMTVAqs=", - "dev": true - } - } - }, "@napi-rs/triples": { "version": "1.0.3", "resolved": "https://registry.npmjs.org/@napi-rs/triples/-/triples-1.0.3.tgz", - "integrity": "sha512-jDJTpta+P4p1NZTFVLHJ/TLFVYVcOqv6l8xwOeBKNPMgY/zDYH/YH7SJbvrr/h1RcS9GzbPcLKGzpuK9cV56UA==" - }, - "@next/bundle-analyzer": { - "version": "10.0.3", - "resolved": "https://registry.npmjs.org/@next/bundle-analyzer/-/bundle-analyzer-10.0.3.tgz", - "integrity": "sha512-+RtvLLpNkTLnq5ICli2hCBI6oZZ1lrrLLa6Dcaitadvly1IuspgwkwyBVlufm2barV+QSHJ2GlX26+NuLbisyg==", + "integrity": "sha512-jDJTpta+P4p1NZTFVLHJ/TLFVYVcOqv6l8xwOeBKNPMgY/zDYH/YH7SJbvrr/h1RcS9GzbPcLKGzpuK9cV56UA==", "dev": true, - "requires": { - "webpack-bundle-analyzer": "3.6.1" - } + "peer": true }, "@next/env": { "version": "11.1.2", "resolved": "https://registry.npmjs.org/@next/env/-/env-11.1.2.tgz", - "integrity": "sha512-+fteyVdQ7C/OoulfcF6vd1Yk0FEli4453gr8kSFbU8sKseNSizYq6df5MKz/AjwLptsxrUeIkgBdAzbziyJ3mA==" + "integrity": "sha512-+fteyVdQ7C/OoulfcF6vd1Yk0FEli4453gr8kSFbU8sKseNSizYq6df5MKz/AjwLptsxrUeIkgBdAzbziyJ3mA==", + "dev": true, + "peer": true }, "@next/eslint-plugin-next": { "version": "11.1.2", @@ -20509,12 +15764,16 @@ "@next/polyfill-module": { "version": "11.1.2", "resolved": "https://registry.npmjs.org/@next/polyfill-module/-/polyfill-module-11.1.2.tgz", - "integrity": "sha512-xZmixqADM3xxtqBV0TpAwSFzWJP0MOQzRfzItHXf1LdQHWb0yofHHC+7eOrPFic8+ZGz5y7BdPkkgR1S25OymA==" + "integrity": "sha512-xZmixqADM3xxtqBV0TpAwSFzWJP0MOQzRfzItHXf1LdQHWb0yofHHC+7eOrPFic8+ZGz5y7BdPkkgR1S25OymA==", + "dev": true, + "peer": true }, "@next/react-dev-overlay": { "version": "11.1.2", "resolved": "https://registry.npmjs.org/@next/react-dev-overlay/-/react-dev-overlay-11.1.2.tgz", "integrity": "sha512-rDF/mGY2NC69mMg2vDqzVpCOlWqnwPUXB2zkARhvknUHyS6QJphPYv9ozoPJuoT/QBs49JJd9KWaAzVBvq920A==", + "dev": true, + "peer": true, "requires": { "@babel/code-frame": "7.12.11", "anser": "1.4.9", @@ -20533,6 +15792,8 @@ "version": "7.12.11", "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.12.11.tgz", "integrity": "sha512-Zt1yodBx1UcyiePMSkWnU4hPqhwq7hGi2nFL1LeA3EUl+q2LQx16MISgJ0+z7dnmgvP9QtIleuETGOiOH1RcIw==", + "dev": true, + "peer": true, "requires": { "@babel/highlight": "^7.10.4" } @@ -20541,6 +15802,8 @@ "version": "4.0.0", "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.0.0.tgz", "integrity": "sha512-N9oWFcegS0sFr9oh1oz2d7Npos6vNoWW9HvtCg5N1KRFpUhaAhvTv5Y58g880fZaEYSNm3qDz8SU1UrGvp+n7A==", + "dev": true, + "peer": true, "requires": { "ansi-styles": "^4.1.0", "supports-color": "^7.1.0" @@ -20549,12 +15812,16 @@ "classnames": { "version": "2.2.6", "resolved": "https://registry.npmjs.org/classnames/-/classnames-2.2.6.tgz", - "integrity": "sha512-JR/iSQOSt+LQIWwrwEzJ9uk0xfN3mTVYMwt1Ir5mUcSN6pU+V4zQFFaJsclJbPuAUQH+yfWef6tm7l1quW3C8Q==" + "integrity": "sha512-JR/iSQOSt+LQIWwrwEzJ9uk0xfN3mTVYMwt1Ir5mUcSN6pU+V4zQFFaJsclJbPuAUQH+yfWef6tm7l1quW3C8Q==", + "dev": true, + "peer": true }, "source-map": { "version": "0.8.0-beta.0", "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.8.0-beta.0.tgz", "integrity": "sha512-2ymg6oRBpebeZi9UUNsgQ89bhx01TcTkmNTGnNO88imTmbSgy4nfujrgVEFKWpMTEGA11EDkTt7mqObTPdigIA==", + "dev": true, + "peer": true, "requires": { "whatwg-url": "^7.0.0" } @@ -20565,36 +15832,48 @@ "version": "11.1.2", "resolved": "https://registry.npmjs.org/@next/react-refresh-utils/-/react-refresh-utils-11.1.2.tgz", "integrity": "sha512-hsoJmPfhVqjZ8w4IFzoo8SyECVnN+8WMnImTbTKrRUHOVJcYMmKLL7xf7T0ft00tWwAl/3f3Q3poWIN2Ueql/Q==", + "dev": true, + "peer": true, "requires": {} }, "@next/swc-darwin-arm64": { "version": "11.1.2", "resolved": "https://registry.npmjs.org/@next/swc-darwin-arm64/-/swc-darwin-arm64-11.1.2.tgz", "integrity": "sha512-hZuwOlGOwBZADA8EyDYyjx3+4JGIGjSHDHWrmpI7g5rFmQNltjlbaefAbiU5Kk7j3BUSDwt30quJRFv3nyJQ0w==", - "optional": true + "dev": true, + "optional": true, + "peer": true }, "@next/swc-darwin-x64": { "version": "11.1.2", "resolved": "https://registry.npmjs.org/@next/swc-darwin-x64/-/swc-darwin-x64-11.1.2.tgz", "integrity": "sha512-PGOp0E1GisU+EJJlsmJVGE+aPYD0Uh7zqgsrpD3F/Y3766Ptfbe1lEPPWnRDl+OzSSrSrX1lkyM/Jlmh5OwNvA==", - "optional": true + "dev": true, + "optional": true, + "peer": true }, "@next/swc-linux-x64-gnu": { "version": "11.1.2", "resolved": "https://registry.npmjs.org/@next/swc-linux-x64-gnu/-/swc-linux-x64-gnu-11.1.2.tgz", "integrity": "sha512-YcDHTJjn/8RqvyJVB6pvEKXihDcdrOwga3GfMv/QtVeLphTouY4BIcEUfrG5+26Nf37MP1ywN3RRl1TxpurAsQ==", - "optional": true + "dev": true, + "optional": true, + "peer": true }, "@next/swc-win32-x64-msvc": { "version": "11.1.2", "resolved": "https://registry.npmjs.org/@next/swc-win32-x64-msvc/-/swc-win32-x64-msvc-11.1.2.tgz", "integrity": "sha512-e/pIKVdB+tGQYa1cW3sAeHm8gzEri/HYLZHT4WZojrUxgWXqx8pk7S7Xs47uBcFTqBDRvK3EcQpPLf3XdVsDdg==", - "optional": true + "dev": true, + "optional": true, + "peer": true }, "@node-rs/helper": { "version": "1.2.1", "resolved": "https://registry.npmjs.org/@node-rs/helper/-/helper-1.2.1.tgz", "integrity": "sha512-R5wEmm8nbuQU0YGGmYVjEc0OHtYsuXdpRG+Ut/3wZ9XAvQWyThN08bTh2cBJgoZxHQUPtvRfeQuxcAgLuiBISg==", + "dev": true, + "peer": true, "requires": { "@napi-rs/triples": "^1.0.3" } @@ -20625,270 +15904,31 @@ "fastq": "^1.6.0" } }, - "@reach/auto-id": { - "version": "0.15.0", - "resolved": "https://registry.npmjs.org/@reach/auto-id/-/auto-id-0.15.0.tgz", - "integrity": "sha512-iACaCcZeqAhDf4OOwJpmHHS/LaRj9z3Ip8JmlhpCrFWV2YOIiiZk42amlBZX6CKH66Md+eriYZQk3TyAjk6Oxg==", - "requires": { - "@reach/utils": "0.15.0", - "tslib": "^2.1.0" - }, - "dependencies": { - "tslib": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.3.0.tgz", - "integrity": "sha512-N82ooyxVNm6h1riLCoyS9e3fuJ3AMG2zIZs2Gd1ATcSFjSA23Q0fzjjZeh0jbJvWVDZ0cJT8yaNNaaXHzueNjg==" - } - } - }, - "@reach/descendants": { - "version": "0.15.0", - "resolved": "https://registry.npmjs.org/@reach/descendants/-/descendants-0.15.0.tgz", - "integrity": "sha512-MGs+7sGjx07sm29Wc2d/Ya72qwatNVHofnYwwHMT6LImv99kE5TQMCgkMSDeRwqQxHURmcjb4I7Tab+ahvCGiw==", - "requires": { - "@reach/utils": "0.15.0", - "tslib": "^2.1.0" - }, - "dependencies": { - "tslib": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.3.0.tgz", - "integrity": "sha512-N82ooyxVNm6h1riLCoyS9e3fuJ3AMG2zIZs2Gd1ATcSFjSA23Q0fzjjZeh0jbJvWVDZ0cJT8yaNNaaXHzueNjg==" - } - } - }, - "@reach/dialog": { - "version": "0.16.2", - "resolved": "https://registry.npmjs.org/@reach/dialog/-/dialog-0.16.2.tgz", - "integrity": "sha512-qq8oX0cROgTb8LjOKWzzNm4SqaN9b89lJHr7UyVo2aQ6WbeNzZBxqXhGywFP7dkR+hNqOJnrA59PXFWhfttA9A==", - "requires": { - "@reach/portal": "0.16.2", - "@reach/utils": "0.16.0", - "prop-types": "^15.7.2", - "react-focus-lock": "^2.5.2", - "react-remove-scroll": "^2.4.3", - "tslib": "^2.3.0" - }, - "dependencies": { - "@reach/portal": { - "version": "0.16.2", - "resolved": "https://registry.npmjs.org/@reach/portal/-/portal-0.16.2.tgz", - "integrity": "sha512-9ur/yxNkuVYTIjAcfi46LdKUvH0uYZPfEp4usWcpt6PIp+WDF57F/5deMe/uGi/B/nfDweQu8VVwuMVrCb97JQ==", - "requires": { - "@reach/utils": "0.16.0", - "tiny-warning": "^1.0.3", - "tslib": "^2.3.0" - } - }, - "@reach/utils": { - "version": "0.16.0", - "resolved": "https://registry.npmjs.org/@reach/utils/-/utils-0.16.0.tgz", - "integrity": "sha512-PCggBet3qaQmwFNcmQ/GqHSefadAFyNCUekq9RrWoaU9hh/S4iaFgf2MBMdM47eQj5i/Bk0Mm07cP/XPFlkN+Q==", - "requires": { - "tiny-warning": "^1.0.3", - "tslib": "^2.3.0" - } - }, - "tslib": { - "version": "2.3.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.3.1.tgz", - "integrity": "sha512-77EbyPPpMz+FRFRuAFlWMtmgUWGe9UOG2Z25NqCwiIjRhOf5iKGuzSe5P2w1laq+FkRy4p+PCuVkJSGkzTEKVw==" - } - } - }, - "@reach/listbox": { - "version": "0.15.0", - "resolved": "https://registry.npmjs.org/@reach/listbox/-/listbox-0.15.0.tgz", - "integrity": "sha512-3Vvpte0HQkfo3sT4Cz6gG9h+E/La2IwbtLQDTesEmDzToQ8bk9rOfuFDVp7IXUyOdDggfDCOEz/ZphsuniADWA==", - "requires": { - "@reach/auto-id": "0.15.0", - "@reach/descendants": "0.15.0", - "@reach/machine": "0.15.0", - "@reach/popover": "0.15.0", - "@reach/utils": "0.15.0", - "prop-types": "^15.7.2" - } - }, - "@reach/machine": { - "version": "0.15.0", - "resolved": "https://registry.npmjs.org/@reach/machine/-/machine-0.15.0.tgz", - "integrity": "sha512-o3vvqsTQyj7apxpbSuIn4xKYlqNagcjhlMnroJ2uqgJfFwy1tLrsQo4Sr8GnZu4hitPbNAfqGExYjV8ZV8SHpA==", - "requires": { - "@reach/utils": "0.15.0", - "@xstate/fsm": "1.4.0", - "tslib": "^2.1.0" - }, - "dependencies": { - "tslib": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.3.0.tgz", - "integrity": "sha512-N82ooyxVNm6h1riLCoyS9e3fuJ3AMG2zIZs2Gd1ATcSFjSA23Q0fzjjZeh0jbJvWVDZ0cJT8yaNNaaXHzueNjg==" - } - } - }, - "@reach/observe-rect": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/@reach/observe-rect/-/observe-rect-1.2.0.tgz", - "integrity": "sha512-Ba7HmkFgfQxZqqaeIWWkNK0rEhpxVQHIoVyW1YDSkGsGIXzcaW4deC8B0pZrNSSyLTdIk7y+5olKt5+g0GmFIQ==" - }, - "@reach/popover": { - "version": "0.15.0", - "resolved": "https://registry.npmjs.org/@reach/popover/-/popover-0.15.0.tgz", - "integrity": "sha512-nBR6ZlULF7ZZIqkN47QEWmdqUX2Zd6FSeYJku1il9OkiMnWzI3aTOyu1B+IJfYeIqg28D/aeF4ff0oVu1VUrqQ==", - "requires": { - "@reach/portal": "0.15.0", - "@reach/rect": "0.15.0", - "@reach/utils": "0.15.0", - "tabbable": "^4.0.0", - "tslib": "^2.1.0" - }, - "dependencies": { - "tslib": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.3.0.tgz", - "integrity": "sha512-N82ooyxVNm6h1riLCoyS9e3fuJ3AMG2zIZs2Gd1ATcSFjSA23Q0fzjjZeh0jbJvWVDZ0cJT8yaNNaaXHzueNjg==" - } - } - }, - "@reach/portal": { - "version": "0.15.0", - "resolved": "https://registry.npmjs.org/@reach/portal/-/portal-0.15.0.tgz", - "integrity": "sha512-Aulqjk/PIRu+R7yhINYAAYfYh++ZdC30qwHDWDtGk2cmTEJT7m9AlvBX+W7T+Q3Ux6Wy5f37eV+TTGid1CcjFw==", - "requires": { - "@reach/utils": "0.15.0", - "tslib": "^2.1.0" - }, - "dependencies": { - "tslib": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.3.0.tgz", - "integrity": "sha512-N82ooyxVNm6h1riLCoyS9e3fuJ3AMG2zIZs2Gd1ATcSFjSA23Q0fzjjZeh0jbJvWVDZ0cJT8yaNNaaXHzueNjg==" - } - } - }, - "@reach/rect": { - "version": "0.15.0", - "resolved": "https://registry.npmjs.org/@reach/rect/-/rect-0.15.0.tgz", - "integrity": "sha512-Nu0zG4Xq8Z0C3Yr3wbjtj7fvII1q2KopHDStNtmL26oWPzlaZJ9A1K6rZSPIqxKkx1hvl6AUTeom7eHTIKhHjA==", - "requires": { - "@reach/observe-rect": "1.2.0", - "@reach/utils": "0.15.0", - "prop-types": "^15.7.2", - "tiny-warning": "^1.0.3", - "tslib": "^2.1.0" - }, - "dependencies": { - "tslib": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.3.0.tgz", - "integrity": "sha512-N82ooyxVNm6h1riLCoyS9e3fuJ3AMG2zIZs2Gd1ATcSFjSA23Q0fzjjZeh0jbJvWVDZ0cJT8yaNNaaXHzueNjg==" - } - } - }, - "@reach/tooltip": { - "version": "0.16.0", - "resolved": "https://registry.npmjs.org/@reach/tooltip/-/tooltip-0.16.0.tgz", - "integrity": "sha512-kZr/OqfmmBQVBxJh+OQRCq++T5f6iQaWinpLnwD5FlG5HRKPwNzTnsy+hpyY9pR2mabk+96POp/TsT4Dv3K/qQ==", - "requires": { - "@reach/auto-id": "0.16.0", - "@reach/portal": "0.16.0", - "@reach/rect": "0.16.0", - "@reach/utils": "0.16.0", - "@reach/visually-hidden": "0.16.0", - "prop-types": "^15.7.2", - "tiny-warning": "^1.0.3", - "tslib": "^2.3.0" - }, - "dependencies": { - "@reach/auto-id": { - "version": "0.16.0", - "resolved": "https://registry.npmjs.org/@reach/auto-id/-/auto-id-0.16.0.tgz", - "integrity": "sha512-5ssbeP5bCkM39uVsfQCwBBL+KT8YColdnMN5/Eto6Rj7929ql95R3HZUOkKIvj7mgPtEb60BLQxd1P3o6cjbmg==", - "requires": { - "@reach/utils": "0.16.0", - "tslib": "^2.3.0" - } - }, - "@reach/portal": { - "version": "0.16.0", - "resolved": "https://registry.npmjs.org/@reach/portal/-/portal-0.16.0.tgz", - "integrity": "sha512-vXJ0O9T+72HiSEWHPs2cx7YbSO7pQsTMhgqPc5aaddIYpo2clJx1PnYuS0lSNlVaDO0IxQhwYq43evXaXnmviw==", - "requires": { - "@reach/utils": "0.16.0", - "tslib": "^2.3.0" - } - }, - "@reach/rect": { - "version": "0.16.0", - "resolved": "https://registry.npmjs.org/@reach/rect/-/rect-0.16.0.tgz", - "integrity": "sha512-/qO9jQDzpOCdrSxVPR6l674mRHNTqfEjkaxZHluwJ/2qGUtYsA0GSZiF/+wX/yOWeBif1ycxJDa6HusAMJZC5Q==", - "requires": { - "@reach/observe-rect": "1.2.0", - "@reach/utils": "0.16.0", - "prop-types": "^15.7.2", - "tiny-warning": "^1.0.3", - "tslib": "^2.3.0" - } - }, - "@reach/utils": { - "version": "0.16.0", - "resolved": "https://registry.npmjs.org/@reach/utils/-/utils-0.16.0.tgz", - "integrity": "sha512-PCggBet3qaQmwFNcmQ/GqHSefadAFyNCUekq9RrWoaU9hh/S4iaFgf2MBMdM47eQj5i/Bk0Mm07cP/XPFlkN+Q==", - "requires": { - "tiny-warning": "^1.0.3", - "tslib": "^2.3.0" - } - }, - "tslib": { - "version": "2.3.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.3.1.tgz", - "integrity": "sha512-77EbyPPpMz+FRFRuAFlWMtmgUWGe9UOG2Z25NqCwiIjRhOf5iKGuzSe5P2w1laq+FkRy4p+PCuVkJSGkzTEKVw==" - } - } - }, - "@reach/utils": { - "version": "0.15.0", - "resolved": "https://registry.npmjs.org/@reach/utils/-/utils-0.15.0.tgz", - "integrity": "sha512-JHHN7T5ucFiuQbqkgv8ECbRWKfRiJxrO/xHR3fHf+f2C7mVs/KkJHhYtovS1iEapR4silygX9PY0+QUmHPOTYw==", - "requires": { - "tiny-warning": "^1.0.3", - "tslib": "^2.1.0" - }, - "dependencies": { - "tslib": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.3.0.tgz", - "integrity": "sha512-N82ooyxVNm6h1riLCoyS9e3fuJ3AMG2zIZs2Gd1ATcSFjSA23Q0fzjjZeh0jbJvWVDZ0cJT8yaNNaaXHzueNjg==" - } - } - }, - "@reach/visually-hidden": { - "version": "0.16.0", - "resolved": "https://registry.npmjs.org/@reach/visually-hidden/-/visually-hidden-0.16.0.tgz", - "integrity": "sha512-IIayZ3jzJtI5KfcfRVtOMFkw2ef/1dMT8D9BUuFcU2ORZAWLNvnzj1oXNoIfABKl5wtsLjY6SGmkYQ+tMPN8TA==", - "requires": { - "prop-types": "^15.7.2", - "tslib": "^2.3.0" - }, - "dependencies": { - "tslib": { - "version": "2.3.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.3.1.tgz", - "integrity": "sha512-77EbyPPpMz+FRFRuAFlWMtmgUWGe9UOG2Z25NqCwiIjRhOf5iKGuzSe5P2w1laq+FkRy4p+PCuVkJSGkzTEKVw==" - } - } - }, "@rushstack/eslint-patch": { "version": "1.0.7", "resolved": "https://registry.npmjs.org/@rushstack/eslint-patch/-/eslint-patch-1.0.7.tgz", "integrity": "sha512-3Zi2LGbCLDz4IIL7ir6wD0u/ggHotLkK5SlVzFzTcYaNgPR4MAt/9JYZqXWKcofPWEoptfpnCJU8Bq9sxw8QUg==", "dev": true }, - "@sindresorhus/is": { - "version": "0.7.0", - "resolved": "https://registry.npmjs.org/@sindresorhus/is/-/is-0.7.0.tgz", - "integrity": "sha512-ONhaKPIufzzrlNbqtWFFd+jlnemX6lJAgq9ZeiZtS7I1PIf/la7CW4m83rTXRnVnsMbW2k56pGYu7AUFJD9Pow==", - "dev": true + "@sinonjs/commons": { + "version": "1.8.3", + "resolved": "https://registry.npmjs.org/@sinonjs/commons/-/commons-1.8.3.tgz", + "integrity": "sha512-xkNcLAn/wZaX14RPlwizcKicDk9G3F8m2nU3L7Ukm5zBgTwiT0wsoFAHx9Jq56fJA1z/7uKGtCRu16sOUCLIHQ==", + "dev": true, + "peer": true, + "requires": { + "type-detect": "4.0.8" + } + }, + "@sinonjs/fake-timers": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-6.0.1.tgz", + "integrity": "sha512-MZPUxrmFubI36XS1DI3qmI0YdN1gks62JtFZvxR67ljjSNCeK6U08Zx4msEWOXuofgqUt6zPHSi1H9fbjR/NRA==", + "dev": true, + "peer": true, + "requires": { + "@sinonjs/commons": "^1.7.0" + } }, "@stylelint/postcss-css-in-js": { "version": "0.37.2", @@ -20909,12 +15949,66 @@ "unist-util-find-all-after": "^3.0.2" } }, - "@types/hast": { - "version": "2.3.1", - "resolved": "https://registry.npmjs.org/@types/hast/-/hast-2.3.1.tgz", - "integrity": "sha512-viwwrB+6xGzw+G1eWpF9geV3fnsDgXqHG+cqgiHrvQfDUW5hzhCyV7Sy3UJxhfRFBsgky2SSW33qi/YrIkjX5Q==", + "@tootallnate/once": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/@tootallnate/once/-/once-1.1.2.tgz", + "integrity": "sha512-RbzJvlNzmRq5c3O09UipeuXno4tA1FE6ikOjxZK0tuxVv3412l64l5t1W5pj4+rJq9vpkm/kwiR07aZXnsKPxw==", + "dev": true, + "peer": true + }, + "@types/babel__core": { + "version": "7.1.19", + "resolved": "https://registry.npmjs.org/@types/babel__core/-/babel__core-7.1.19.tgz", + "integrity": "sha512-WEOTgRsbYkvA/KCsDwVEGkd7WAr1e3g31VHQ8zy5gul/V1qKullU/BU5I68X5v7V3GnB9eotmom4v5a5gjxorw==", + "dev": true, + "peer": true, "requires": { - "@types/unist": "*" + "@babel/parser": "^7.1.0", + "@babel/types": "^7.0.0", + "@types/babel__generator": "*", + "@types/babel__template": "*", + "@types/babel__traverse": "*" + } + }, + "@types/babel__generator": { + "version": "7.6.4", + "resolved": "https://registry.npmjs.org/@types/babel__generator/-/babel__generator-7.6.4.tgz", + "integrity": "sha512-tFkciB9j2K755yrTALxD44McOrk+gfpIpvC3sxHjRawj6PfnQxrse4Clq5y/Rq+G3mrBurMax/lG8Qn2t9mSsg==", + "dev": true, + "peer": true, + "requires": { + "@babel/types": "^7.0.0" + } + }, + "@types/babel__template": { + "version": "7.4.1", + "resolved": "https://registry.npmjs.org/@types/babel__template/-/babel__template-7.4.1.tgz", + "integrity": "sha512-azBFKemX6kMg5Io+/rdGT0dkGreboUVR0Cdm3fz9QJWpaQGJRQXl7C+6hOTCZcMll7KFyEQpgbYI2lHdsS4U7g==", + "dev": true, + "peer": true, + "requires": { + "@babel/parser": "^7.1.0", + "@babel/types": "^7.0.0" + } + }, + "@types/babel__traverse": { + "version": "7.17.0", + "resolved": "https://registry.npmjs.org/@types/babel__traverse/-/babel__traverse-7.17.0.tgz", + "integrity": "sha512-r8aveDbd+rzGP+ykSdF3oPuTVRWRfbBiHl0rVDM2yNEmSMXfkObQLV46b4RnCv3Lra51OlfnZhkkFaDl2MIRaA==", + "dev": true, + "peer": true, + "requires": { + "@babel/types": "^7.3.0" + } + }, + "@types/graceful-fs": { + "version": "4.1.5", + "resolved": "https://registry.npmjs.org/@types/graceful-fs/-/graceful-fs-4.1.5.tgz", + "integrity": "sha512-anKkLmZZ+xm4p8JWBf4hElkM4XR+EZeA2M9BAkkTldmcyDY4mbdIJnRghDJH3Ov5ooY7/UAoENtmdMSkaAd7Cw==", + "dev": true, + "peer": true, + "requires": { + "@types/node": "*" } }, "@types/istanbul-lib-coverage": { @@ -20953,15 +16047,11 @@ "integrity": "sha1-7ihweulOEdK4J7y+UnC86n8+ce4=", "dev": true }, - "@types/katex": { - "version": "0.11.0", - "resolved": "https://registry.npmjs.org/@types/katex/-/katex-0.11.0.tgz", - "integrity": "sha512-27BfE8zASRLYfSBNMk5/+KIjr2CBBrH0i5lhsO04fca4TGirIIMay73v3zNkzqmsaeIa/Mi5kejWDcxPLAmkvA==" - }, "@types/mdast": { "version": "3.0.3", "resolved": "https://registry.npmjs.org/@types/mdast/-/mdast-3.0.3.tgz", "integrity": "sha512-SXPBMnFVQg1s00dlMCc/jCdvPqdE4mXaMMCeRlxLDmTAEoegHT53xKtkDnzDTOcmMHUfcjyf36/YYZ6SxRdnsw==", + "dev": true, "requires": { "@types/unist": "*" } @@ -20975,7 +16065,8 @@ "@types/node": { "version": "16.4.1", "resolved": "https://registry.npmjs.org/@types/node/-/node-16.4.1.tgz", - "integrity": "sha512-UW7cbLqf/Wu5XH2RKKY1cHwUNLicIDRLMraYKz+HHAerJ0ZffUEk+fMnd8qU2JaS6cAy0r8tsaf7yqHASf/Y0Q==" + "integrity": "sha512-UW7cbLqf/Wu5XH2RKKY1cHwUNLicIDRLMraYKz+HHAerJ0ZffUEk+fMnd8qU2JaS6cAy0r8tsaf7yqHASf/Y0Q==", + "dev": true }, "@types/normalize-package-data": { "version": "2.4.1", @@ -20989,49 +16080,25 @@ "integrity": "sha512-//oorEZjL6sbPcKUaCdIGlIUeH26mgzimjBB77G6XRgnDl/L5wOnpyBGRe/Mmf5CVW3PwEBE1NjiMZ/ssFh4wA==", "dev": true }, - "@types/parse5": { - "version": "5.0.3", - "resolved": "https://registry.npmjs.org/@types/parse5/-/parse5-5.0.3.tgz", - "integrity": "sha512-kUNnecmtkunAoQ3CnjmMkzNU/gtxG8guhi+Fk2U/kOpIKjIMKnXGp4IJCgQJrXSgMsWYimYG4TGjz/UzbGEBTw==" + "@types/prettier": { + "version": "2.6.0", + "resolved": "https://registry.npmjs.org/@types/prettier/-/prettier-2.6.0.tgz", + "integrity": "sha512-G/AdOadiZhnJp0jXCaBQU449W2h716OW/EoXeYkCytxKL06X1WCXB4DZpp8TpZ8eyIJVS1cw4lrlkkSYU21cDw==", + "dev": true, + "peer": true }, - "@types/prop-types": { - "version": "15.7.3", - "resolved": "https://registry.npmjs.org/@types/prop-types/-/prop-types-15.7.3.tgz", - "integrity": "sha512-KfRL3PuHmqQLOG+2tGpRO26Ctg+Cq1E01D2DMriKEATHgWLfeNDmq9e29Q9WIky0dQ3NPkd1mzYH8Lm936Z9qw==", - "devOptional": true - }, - "@types/q": { - "version": "1.5.5", - "resolved": "https://registry.npmjs.org/@types/q/-/q-1.5.5.tgz", - "integrity": "sha512-L28j2FcJfSZOnL1WBjDYp2vUHCeIFlyYI/53EwD/rKUBQ7MtUUfbQWiyKJGpcnv4/WgrhWsFKrcPstcAt/J0tQ==", - "dev": true - }, - "@types/react": { - "version": "17.0.11", - "resolved": "https://registry.npmjs.org/@types/react/-/react-17.0.11.tgz", - "integrity": "sha512-yFRQbD+whVonItSk7ZzP/L+gPTJVBkL/7shLEF+i9GC/1cV3JmUxEQz6+9ylhUpWSDuqo1N9qEvqS6vTj4USUA==", - "devOptional": true, - "requires": { - "@types/prop-types": "*", - "@types/scheduler": "*", - "csstype": "^3.0.2" - } - }, - "@types/scheduler": { - "version": "0.16.1", - "resolved": "https://registry.npmjs.org/@types/scheduler/-/scheduler-0.16.1.tgz", - "integrity": "sha512-EaCxbanVeyxDRTQBkdLb3Bvl/HK7PBK6UJjsSixB0iHKoWxE5uu2Q/DgtpOhPIojN0Zl1whvOd7PoHs2P0s5eA==", - "devOptional": true - }, - "@types/segment-analytics": { - "version": "0.0.33", - "resolved": "https://registry.npmjs.org/@types/segment-analytics/-/segment-analytics-0.0.33.tgz", - "integrity": "sha512-8OB3OhKGuIkItHeQxgQpzldyaL1dVKzJQF9ujfVLmO0MJyIhXZTiOIZtkSHF6jhptEQZqm8EyTuceIAR36OS3A==" + "@types/stack-utils": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/@types/stack-utils/-/stack-utils-2.0.1.tgz", + "integrity": "sha512-Hl219/BT5fLAaz6NDkSuhzasy49dwQS/DSdu4MdggFB8zcXv7vflBI3xp7FEmkmdDkBUI2bPUNeMttp2knYdxw==", + "dev": true, + "peer": true }, "@types/unist": { "version": "2.0.3", "resolved": "https://registry.npmjs.org/@types/unist/-/unist-2.0.3.tgz", - "integrity": "sha512-FvUupuM3rlRsRtCN+fDudtmytGO6iHJuuRKS1Ss0pG5z8oX0diNEw94UEL7hgDbpN94rgaK5R7sWm6RrSkZuAQ==" + "integrity": "sha512-FvUupuM3rlRsRtCN+fDudtmytGO6iHJuuRKS1Ss0pG5z8oX0diNEw94UEL7hgDbpN94rgaK5R7sWm6RrSkZuAQ==", + "dev": true }, "@types/yargs": { "version": "15.0.14", @@ -21131,19 +16198,12 @@ "eslint-visitor-keys": "^2.0.0" } }, - "@xstate/fsm": { - "version": "1.4.0", - "resolved": "https://registry.npmjs.org/@xstate/fsm/-/fsm-1.4.0.tgz", - "integrity": "sha512-uTHDeu2xI5E1IFwf37JFQM31RrH7mY7877RqPBS4ZqSNUwoLDuct8AhBWaXGnVizBAYyimVwgCyGa9z/NiRhXA==" - }, - "accepts": { - "version": "1.3.7", - "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.7.tgz", - "integrity": "sha512-Il80Qs2WjYlJIBNzNkK6KYqlVMTbZLXgHx2oT0pU/fjRHyEp+PEfEPY0R3WCwAGVOtauxh1hOxNgIf5bv7dQpA==", - "requires": { - "mime-types": "~2.1.24", - "negotiator": "0.6.2" - } + "abab": { + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/abab/-/abab-2.0.5.tgz", + "integrity": "sha512-9IK9EadsbHo6jLWIpxpR6pL0sazTXV6+SQv25ZB+F7Bj9mJNaOc4nCRabwd5M/JwmUa8idz6Eci6eKfJryPs6Q==", + "dev": true, + "peer": true }, "acorn": { "version": "7.4.1", @@ -21151,6 +16211,17 @@ "integrity": "sha512-nQyp0o1/mNdbTO1PO6kHkwSrmgZ0MT/jCCpNiwbUjGoRN4dlBhqJtoQuCnEOKzgTVwg0ZWiCoQy6SxMebQVh8A==", "dev": true }, + "acorn-globals": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/acorn-globals/-/acorn-globals-6.0.0.tgz", + "integrity": "sha512-ZQl7LOWaF5ePqqcX4hLuv/bLXYQNfNWw2c0/yX/TsPRKamzHcTGQnlCjHT3TsmkOUVEPS3crCxiPfdzE/Trlhg==", + "dev": true, + "peer": true, + "requires": { + "acorn": "^7.1.1", + "acorn-walk": "^7.1.1" + } + }, "acorn-jsx": { "version": "5.3.2", "resolved": "https://registry.npmjs.org/acorn-jsx/-/acorn-jsx-5.3.2.tgz", @@ -21162,7 +16233,18 @@ "version": "7.2.0", "resolved": "https://registry.npmjs.org/acorn-walk/-/acorn-walk-7.2.0.tgz", "integrity": "sha512-OPdCF6GsMIP+Az+aWfAAOEt2/+iVDKE7oy6lJ098aoe59oAmK76qV6Gw60SbZ8jHuG2wH058GF4pLFbYamYrVA==", - "dev": true + "dev": true, + "peer": true + }, + "agent-base": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-6.0.2.tgz", + "integrity": "sha512-RZNwNclF7+MS/8bDg70amg32dyeZGZxiDuQmZxKLAlQjr3jGyLx+4Kkk58UO7D2QdgFIQCovuSuZESne6RG6XQ==", + "dev": true, + "peer": true, + "requires": { + "debug": "4" + } }, "aggregate-error": { "version": "3.1.0", @@ -21186,60 +16268,12 @@ "uri-js": "^4.2.2" } }, - "ajv-errors": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/ajv-errors/-/ajv-errors-1.0.1.tgz", - "integrity": "sha512-DCRfO/4nQ+89p/RK43i8Ezd41EqdGIU4ld7nGF8OQ14oc/we5rEntLCUa7+jrn3nn83BosfwZA0wb4pon2o8iQ==", - "dev": true, - "requires": {} - }, - "ajv-keywords": { - "version": "3.5.2", - "resolved": "https://registry.npmjs.org/ajv-keywords/-/ajv-keywords-3.5.2.tgz", - "integrity": "sha512-5p6WTN0DdTGVQk6VjcEju19IgaHudalcfabD7yhDGeA6bcQnmL+CpveLJq/3hvfwd1aof6L386Ougkx6RfyMIQ==", - "dev": true, - "requires": {} - }, - "algoliasearch": { - "version": "4.10.5", - "resolved": "https://registry.npmjs.org/algoliasearch/-/algoliasearch-4.10.5.tgz", - "integrity": "sha512-KmH2XkiN+8FxhND4nWFbQDkIoU6g2OjfeU9kIv4Lb+EiOOs3Gpp7jvd+JnatsCisAZsnWQdjd7zVlW7I/85QvQ==", - "requires": { - "@algolia/cache-browser-local-storage": "4.10.5", - "@algolia/cache-common": "4.10.5", - "@algolia/cache-in-memory": "4.10.5", - "@algolia/client-account": "4.10.5", - "@algolia/client-analytics": "4.10.5", - "@algolia/client-common": "4.10.5", - "@algolia/client-personalization": "4.10.5", - "@algolia/client-search": "4.10.5", - "@algolia/logger-common": "4.10.5", - "@algolia/logger-console": "4.10.5", - "@algolia/requester-browser-xhr": "4.10.5", - "@algolia/requester-common": "4.10.5", - "@algolia/requester-node-http": "4.10.5", - "@algolia/transporter": "4.10.5" - } - }, - "algoliasearch-helper": { - "version": "3.6.0", - "resolved": "https://registry.npmjs.org/algoliasearch-helper/-/algoliasearch-helper-3.6.0.tgz", - "integrity": "sha512-F4Smiq+Vyv/JJytuKNFuzXndPSb4pjtiHZSkEztQCcB+SORu71A8grgt2NSJhbB5VhqHW19QDtlPKbdYdcNrLg==", - "requires": { - "events": "^1.1.1" - }, - "dependencies": { - "events": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/events/-/events-1.1.1.tgz", - "integrity": "sha1-nr23Y1rQmccNzEwqH1AEKI6L2SQ=" - } - } - }, "anser": { "version": "1.4.9", "resolved": "https://registry.npmjs.org/anser/-/anser-1.4.9.tgz", - "integrity": "sha512-AI+BjTeGt2+WFk4eWcqbQ7snZpDBt8SaLlj0RT2h5xfdWaiy51OjYvqwMrNzJLGy8iOAL6nKDITWO+rd4MkYEA==" + "integrity": "sha512-AI+BjTeGt2+WFk4eWcqbQ7snZpDBt8SaLlj0RT2h5xfdWaiy51OjYvqwMrNzJLGy8iOAL6nKDITWO+rd4MkYEA==", + "dev": true, + "peer": true }, "ansi-colors": { "version": "4.1.1", @@ -21267,12 +16301,14 @@ "ansi-regex": { "version": "5.0.1", "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", - "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==" + "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", + "dev": true }, "ansi-styles": { "version": "4.3.0", "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==", + "dev": true, "requires": { "color-convert": "^2.0.1" } @@ -21281,38 +16317,18 @@ "version": "3.1.2", "resolved": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.2.tgz", "integrity": "sha512-P43ePfOAIupkguHUycrc4qJ9kz8ZiuOUijaETwX7THt0Y/GNK7v0aa8rY816xWjZ7rJdA5XdMcpVFTKMq+RvWg==", + "dev": true, + "peer": true, "requires": { "normalize-path": "^3.0.0", "picomatch": "^2.0.4" } }, - "arch": { - "version": "2.2.0", - "resolved": "https://registry.npmjs.org/arch/-/arch-2.2.0.tgz", - "integrity": "sha512-Of/R0wqp83cgHozfIYLbBMnej79U/SVGOOyuB3VVFv1NRM/PSFMK12x9KVtiYzJqmnU5WR2qp0Z5rHb7sWGnFQ==", - "dev": true - }, - "archive-type": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/archive-type/-/archive-type-4.0.0.tgz", - "integrity": "sha1-+S5yIzBW38aWlHJ0nCZ72wRrHXA=", - "dev": true, - "requires": { - "file-type": "^4.2.0" - }, - "dependencies": { - "file-type": { - "version": "4.4.0", - "resolved": "https://registry.npmjs.org/file-type/-/file-type-4.4.0.tgz", - "integrity": "sha1-G2AOX8ofvcboDApwxxyNul95BsU=", - "dev": true - } - } - }, "argparse": { "version": "1.0.10", "resolved": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz", "integrity": "sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==", + "dev": true, "requires": { "sprintf-js": "~1.0.2" } @@ -21331,30 +16347,22 @@ "version": "4.0.0", "resolved": "https://registry.npmjs.org/arr-diff/-/arr-diff-4.0.0.tgz", "integrity": "sha1-1kYQdP6/7HHn4VI1dhoyml3HxSA=", - "dev": true + "dev": true, + "peer": true }, "arr-flatten": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/arr-flatten/-/arr-flatten-1.1.0.tgz", "integrity": "sha512-L3hKV5R/p5o81R7O02IGnwpDmkp6E982XhtbuwSe3O4qOtMMMtodicASA1Cny2U+aCXcNpml+m4dPsvsJ3jatg==", - "dev": true + "dev": true, + "peer": true }, "arr-union": { "version": "3.1.0", "resolved": "https://registry.npmjs.org/arr-union/-/arr-union-3.1.0.tgz", "integrity": "sha1-45sJrqne+Gao8gbiiK9jkZuuOcQ=", - "dev": true - }, - "array-find-index": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/array-find-index/-/array-find-index-1.0.2.tgz", - "integrity": "sha1-3wEKoSh+Fku9pvlyOwqWoexBh6E=", - "dev": true - }, - "array-flatten": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz", - "integrity": "sha1-ml9pkFGx5wczKPKgCJaLZOopVdI=" + "dev": true, + "peer": true }, "array-includes": { "version": "3.1.3", @@ -21375,17 +16383,12 @@ "integrity": "sha512-HGyxoOTYUyCM6stUe6EJgnd4EoewAI7zMdfqO+kGjnlZmBDz/cR5pf8r/cR4Wq60sL/p0IkcjUEEPwS3GFrIyw==", "dev": true }, - "array-uniq": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/array-uniq/-/array-uniq-1.0.3.tgz", - "integrity": "sha1-r2rId6Jcx/dOBYiUdThY39sk/bY=", - "dev": true - }, "array-unique": { "version": "0.3.2", "resolved": "https://registry.npmjs.org/array-unique/-/array-unique-0.3.2.tgz", "integrity": "sha1-qJS3XUvE9s1nnvMkSp/Y9Gri1Cg=", - "dev": true + "dev": true, + "peer": true }, "array.prototype.flat": { "version": "1.2.4", @@ -21420,6 +16423,8 @@ "version": "5.4.1", "resolved": "https://registry.npmjs.org/asn1.js/-/asn1.js-5.4.1.tgz", "integrity": "sha512-+I//4cYPccV8LdmBLiX8CYvf9Sp3vQsrqu2QNXRcrbiWvcx/UdlFiqUJJzxRQxgsZmvhXhn4cSKeSmoFjVdupA==", + "dev": true, + "peer": true, "requires": { "bn.js": "^4.0.0", "inherits": "^2.0.1", @@ -21430,7 +16435,9 @@ "bn.js": { "version": "4.12.0", "resolved": "https://registry.npmjs.org/bn.js/-/bn.js-4.12.0.tgz", - "integrity": "sha512-c98Bf3tPniI+scsdk237ku1Dc3ujXQTSgyiPUDEOe7tRkhrqridvh8klBv0HCEso1OLOYcHuCv/cS6DNxKH+ZA==" + "integrity": "sha512-c98Bf3tPniI+scsdk237ku1Dc3ujXQTSgyiPUDEOe7tRkhrqridvh8klBv0HCEso1OLOYcHuCv/cS6DNxKH+ZA==", + "dev": true, + "peer": true } } }, @@ -21438,6 +16445,8 @@ "version": "2.0.0", "resolved": "https://registry.npmjs.org/assert/-/assert-2.0.0.tgz", "integrity": "sha512-se5Cd+js9dXJnu6Ag2JFc00t+HmHOen+8Q+L7O9zI0PqQXr20uk2J0XQqMxZEeo5U50o8Nvmmx7dZrl+Ufr35A==", + "dev": true, + "peer": true, "requires": { "es6-object-assign": "^1.1.0", "is-nan": "^1.2.1", @@ -21449,12 +16458,15 @@ "version": "1.0.0", "resolved": "https://registry.npmjs.org/assign-symbols/-/assign-symbols-1.0.0.tgz", "integrity": "sha1-WWZ/QfrdTyDMvCu5a41Pf3jsA2c=", - "dev": true + "dev": true, + "peer": true }, "ast-types": { "version": "0.13.2", "resolved": "https://registry.npmjs.org/ast-types/-/ast-types-0.13.2.tgz", - "integrity": "sha512-uWMHxJxtfj/1oZClOxDEV1sQ1HCDkA4MG8Gr69KKeBjEVH0R84WlejZ0y2DcwyBlpAEMltmVYkVgqfLFb2oyiA==" + "integrity": "sha512-uWMHxJxtfj/1oZClOxDEV1sQ1HCDkA4MG8Gr69KKeBjEVH0R84WlejZ0y2DcwyBlpAEMltmVYkVgqfLFb2oyiA==", + "dev": true, + "peer": true }, "ast-types-flow": { "version": "0.0.7", @@ -21474,16 +16486,11 @@ "integrity": "sha1-rqdNXmHB+JlhO/ZL2mbUx48v0X0=", "dev": true }, - "async-limiter": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/async-limiter/-/async-limiter-1.0.1.tgz", - "integrity": "sha512-csOlWGAcRFJaI6m+F2WKdnMKr4HhdhFVBk0H/QbJFMCr+uO2kwohwXQPxw/9OCxp05r5ghVBFSyioixx3gfkNQ==", - "dev": true - }, "asynckit": { "version": "0.4.0", "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", - "integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k=" + "integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k=", + "dev": true }, "at-least-node": { "version": "1.0.0", @@ -21495,7 +16502,8 @@ "version": "2.1.2", "resolved": "https://registry.npmjs.org/atob/-/atob-2.1.2.tgz", "integrity": "sha512-Wm6ukoaOGJi/73p/cl2GvLjTI5JM1k/O14isD73YML8StrH/7/lRFgmg8nICZgD3bZZvjwCGxtMOD3wWNAu8cg==", - "dev": true + "dev": true, + "peer": true }, "autoprefixer": { "version": "9.8.6", @@ -21595,7 +16603,9 @@ "available-typed-arrays": { "version": "1.0.4", "resolved": "https://registry.npmjs.org/available-typed-arrays/-/available-typed-arrays-1.0.4.tgz", - "integrity": "sha512-SA5mXJWrId1TaQjfxUYghbqQ/hYioKmLJvPJyDuYRtXXenFNMjj4hSSt1Cf1xsuXSXrtxrVC5Ot4eU6cOtBDdA==" + "integrity": "sha512-SA5mXJWrId1TaQjfxUYghbqQ/hYioKmLJvPJyDuYRtXXenFNMjj4hSSt1Cf1xsuXSXrtxrVC5Ot4eU6cOtBDdA==", + "dev": true, + "peer": true }, "axe-core": { "version": "4.3.1", @@ -21631,52 +16641,123 @@ } } }, - "babel-plugin-apply-mdx-type-prop": { - "version": "1.6.22", - "resolved": "https://registry.npmjs.org/babel-plugin-apply-mdx-type-prop/-/babel-plugin-apply-mdx-type-prop-1.6.22.tgz", - "integrity": "sha512-VefL+8o+F/DfK24lPZMtJctrCVOfgbqLAGZSkxwhazQv4VxPg3Za/i40fu22KR2m8eEda+IfSOlPLUSIiLcnCQ==", + "babel-jest": { + "version": "26.6.3", + "resolved": "https://registry.npmjs.org/babel-jest/-/babel-jest-26.6.3.tgz", + "integrity": "sha512-pl4Q+GAVOHwvjrck6jKjvmGhnO3jHX/xuB9d27f+EJZ/6k+6nMuPjorrYp7s++bKKdANwzElBWnLWaObvTnaZA==", + "dev": true, + "peer": true, "requires": { - "@babel/helper-plugin-utils": "7.10.4", - "@mdx-js/util": "1.6.22" + "@jest/transform": "^26.6.2", + "@jest/types": "^26.6.2", + "@types/babel__core": "^7.1.7", + "babel-plugin-istanbul": "^6.0.0", + "babel-preset-jest": "^26.6.2", + "chalk": "^4.0.0", + "graceful-fs": "^4.2.4", + "slash": "^3.0.0" + } + }, + "babel-plugin-istanbul": { + "version": "6.1.1", + "resolved": "https://registry.npmjs.org/babel-plugin-istanbul/-/babel-plugin-istanbul-6.1.1.tgz", + "integrity": "sha512-Y1IQok9821cC9onCx5otgFfRm7Lm+I+wwxOx738M/WLPZ9Q42m4IG5W0FNX8WLL2gYMZo3JkuXIH2DOpWM+qwA==", + "dev": true, + "peer": true, + "requires": { + "@babel/helper-plugin-utils": "^7.0.0", + "@istanbuljs/load-nyc-config": "^1.0.0", + "@istanbuljs/schema": "^0.1.2", + "istanbul-lib-instrument": "^5.0.4", + "test-exclude": "^6.0.0" }, "dependencies": { - "@babel/helper-plugin-utils": { - "version": "7.10.4", - "resolved": "https://registry.npmjs.org/@babel/helper-plugin-utils/-/helper-plugin-utils-7.10.4.tgz", - "integrity": "sha512-O4KCvQA6lLiMU9l2eawBPMf1xPP8xPfB3iEQw150hOVTqj/rfXz0ThTb4HEzqQfs2Bmo5Ay8BzxfzVtBrr9dVg==" + "istanbul-lib-instrument": { + "version": "5.1.0", + "resolved": "https://registry.npmjs.org/istanbul-lib-instrument/-/istanbul-lib-instrument-5.1.0.tgz", + "integrity": "sha512-czwUz525rkOFDJxfKK6mYfIs9zBKILyrZQxjz3ABhjQXhbhFsSbo1HW/BFcsDnfJYJWA6thRR5/TUY2qs5W99Q==", + "dev": true, + "peer": true, + "requires": { + "@babel/core": "^7.12.3", + "@babel/parser": "^7.14.7", + "@istanbuljs/schema": "^0.1.2", + "istanbul-lib-coverage": "^3.2.0", + "semver": "^6.3.0" + } + }, + "semver": { + "version": "6.3.0", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz", + "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==", + "dev": true, + "peer": true } } }, - "babel-plugin-extract-import-names": { - "version": "1.6.22", - "resolved": "https://registry.npmjs.org/babel-plugin-extract-import-names/-/babel-plugin-extract-import-names-1.6.22.tgz", - "integrity": "sha512-yJ9BsJaISua7d8zNT7oRG1ZLBJCIdZ4PZqmH8qa9N5AK01ifk3fnkc98AXhtzE7UkfCsEumvoQWgoYLhOnJ7jQ==", + "babel-plugin-jest-hoist": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/babel-plugin-jest-hoist/-/babel-plugin-jest-hoist-26.6.2.tgz", + "integrity": "sha512-PO9t0697lNTmcEHH69mdtYiOIkkOlj9fySqfO3K1eCcdISevLAE0xY59VLLUj0SoiPiTX/JU2CYFpILydUa5Lw==", + "dev": true, + "peer": true, "requires": { - "@babel/helper-plugin-utils": "7.10.4" - }, - "dependencies": { - "@babel/helper-plugin-utils": { - "version": "7.10.4", - "resolved": "https://registry.npmjs.org/@babel/helper-plugin-utils/-/helper-plugin-utils-7.10.4.tgz", - "integrity": "sha512-O4KCvQA6lLiMU9l2eawBPMf1xPP8xPfB3iEQw150hOVTqj/rfXz0ThTb4HEzqQfs2Bmo5Ay8BzxfzVtBrr9dVg==" - } + "@babel/template": "^7.3.3", + "@babel/types": "^7.3.3", + "@types/babel__core": "^7.0.0", + "@types/babel__traverse": "^7.0.6" + } + }, + "babel-preset-current-node-syntax": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/babel-preset-current-node-syntax/-/babel-preset-current-node-syntax-1.0.1.tgz", + "integrity": "sha512-M7LQ0bxarkxQoN+vz5aJPsLBn77n8QgTFmo8WK0/44auK2xlCXrYcUxHFxgU7qW5Yzw/CjmLRK2uJzaCd7LvqQ==", + "dev": true, + "peer": true, + "requires": { + "@babel/plugin-syntax-async-generators": "^7.8.4", + "@babel/plugin-syntax-bigint": "^7.8.3", + "@babel/plugin-syntax-class-properties": "^7.8.3", + "@babel/plugin-syntax-import-meta": "^7.8.3", + "@babel/plugin-syntax-json-strings": "^7.8.3", + "@babel/plugin-syntax-logical-assignment-operators": "^7.8.3", + "@babel/plugin-syntax-nullish-coalescing-operator": "^7.8.3", + "@babel/plugin-syntax-numeric-separator": "^7.8.3", + "@babel/plugin-syntax-object-rest-spread": "^7.8.3", + "@babel/plugin-syntax-optional-catch-binding": "^7.8.3", + "@babel/plugin-syntax-optional-chaining": "^7.8.3", + "@babel/plugin-syntax-top-level-await": "^7.8.3" + } + }, + "babel-preset-jest": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/babel-preset-jest/-/babel-preset-jest-26.6.2.tgz", + "integrity": "sha512-YvdtlVm9t3k777c5NPQIv6cxFFFapys25HiUmuSgHwIZhfifweR5c5Sf5nwE3MAbfu327CYSvps8Yx6ANLyleQ==", + "dev": true, + "peer": true, + "requires": { + "babel-plugin-jest-hoist": "^26.6.2", + "babel-preset-current-node-syntax": "^1.0.0" } }, "bail": { "version": "1.0.5", "resolved": "https://registry.npmjs.org/bail/-/bail-1.0.5.tgz", - "integrity": "sha512-xFbRxM1tahm08yHBP16MMjVUAvDaBMD38zsM9EMAUN61omwLmKlOpB/Zku5QkjZ8TZ4vn53pj+t518cH0S03RQ==" + "integrity": "sha512-xFbRxM1tahm08yHBP16MMjVUAvDaBMD38zsM9EMAUN61omwLmKlOpB/Zku5QkjZ8TZ4vn53pj+t518cH0S03RQ==", + "dev": true }, "balanced-match": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", - "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==" + "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==", + "dev": true }, "base": { "version": "0.11.2", "resolved": "https://registry.npmjs.org/base/-/base-0.11.2.tgz", "integrity": "sha512-5T6P4xPgpp0YDFvSWwEZ4NoE3aM4QBQXDzmVbraCkFj8zHM+mba8SyqB5DbZWyR7mYHo6Y7BdQo3MoA4m0TeQg==", "dev": true, + "peer": true, "requires": { "cache-base": "^1.0.1", "class-utils": "^0.3.5", @@ -21692,6 +16773,7 @@ "resolved": "https://registry.npmjs.org/define-property/-/define-property-1.0.0.tgz", "integrity": "sha1-dp66rz9KY6rTr56NMEybvnm/sOY=", "dev": true, + "peer": true, "requires": { "is-descriptor": "^1.0.0" } @@ -21701,617 +16783,36 @@ "base64-js": { "version": "1.5.1", "resolved": "https://registry.npmjs.org/base64-js/-/base64-js-1.5.1.tgz", - "integrity": "sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA==" - }, - "bfj": { - "version": "6.1.2", - "resolved": "https://registry.npmjs.org/bfj/-/bfj-6.1.2.tgz", - "integrity": "sha512-BmBJa4Lip6BPRINSZ0BPEIfB1wUY/9rwbwvIHQA1KjX9om29B6id0wnWXq7m3bn5JrUVjeOTnVuhPT1FiHwPGw==", + "integrity": "sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA==", "dev": true, - "requires": { - "bluebird": "^3.5.5", - "check-types": "^8.0.3", - "hoopy": "^0.1.4", - "tryer": "^1.0.1" - } + "peer": true }, "big.js": { "version": "5.2.2", "resolved": "https://registry.npmjs.org/big.js/-/big.js-5.2.2.tgz", - "integrity": "sha512-vyL2OymJxmarO8gxMr0mhChsO9QGwhynfuu4+MHTAW6czfq9humCB7rKpUjDd9YUiDPU4mzpyupFSvOClAwbmQ==" - }, - "bin-build": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/bin-build/-/bin-build-3.0.0.tgz", - "integrity": "sha512-jcUOof71/TNAI2uM5uoUaDq2ePcVBQ3R/qhxAz1rX7UfvduAL/RXD3jXzvn8cVcDJdGVkiR1shal3OH0ImpuhA==", + "integrity": "sha512-vyL2OymJxmarO8gxMr0mhChsO9QGwhynfuu4+MHTAW6czfq9humCB7rKpUjDd9YUiDPU4mzpyupFSvOClAwbmQ==", "dev": true, - "requires": { - "decompress": "^4.0.0", - "download": "^6.2.2", - "execa": "^0.7.0", - "p-map-series": "^1.0.0", - "tempfile": "^2.0.0" - }, - "dependencies": { - "cross-spawn": { - "version": "5.1.0", - "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-5.1.0.tgz", - "integrity": "sha1-6L0O/uWPz/b4+UUQoKVUu/ojVEk=", - "dev": true, - "requires": { - "lru-cache": "^4.0.1", - "shebang-command": "^1.2.0", - "which": "^1.2.9" - } - }, - "execa": { - "version": "0.7.0", - "resolved": "https://registry.npmjs.org/execa/-/execa-0.7.0.tgz", - "integrity": "sha1-lEvs00zEHuMqY6n68nrVpl/Fl3c=", - "dev": true, - "requires": { - "cross-spawn": "^5.0.1", - "get-stream": "^3.0.0", - "is-stream": "^1.1.0", - "npm-run-path": "^2.0.0", - "p-finally": "^1.0.0", - "signal-exit": "^3.0.0", - "strip-eof": "^1.0.0" - } - }, - "get-stream": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-3.0.0.tgz", - "integrity": "sha1-jpQ9E1jcN1VQVOy+LtsFqhdO3hQ=", - "dev": true - }, - "is-stream": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-1.1.0.tgz", - "integrity": "sha1-EtSj3U5o4Lec6428hBc66A2RykQ=", - "dev": true - }, - "lru-cache": { - "version": "4.1.5", - "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-4.1.5.tgz", - "integrity": "sha512-sWZlbEP2OsHNkXrMl5GYk/jKk70MBng6UU4YI/qGDYbgf6YbP4EvmqISbXCoJiRKs+1bSpFHVgQxvJ17F2li5g==", - "dev": true, - "requires": { - "pseudomap": "^1.0.2", - "yallist": "^2.1.2" - } - }, - "npm-run-path": { - "version": "2.0.2", - "resolved": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-2.0.2.tgz", - "integrity": "sha1-NakjLfo11wZ7TLLd8jV7GHFTbF8=", - "dev": true, - "requires": { - "path-key": "^2.0.0" - } - }, - "path-key": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/path-key/-/path-key-2.0.1.tgz", - "integrity": "sha1-QRyttXTFoUDTpLGRDUDYDMn0C0A=", - "dev": true - }, - "shebang-command": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-1.2.0.tgz", - "integrity": "sha1-RKrGW2lbAzmJaMOfNj/uXer98eo=", - "dev": true, - "requires": { - "shebang-regex": "^1.0.0" - } - }, - "shebang-regex": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-1.0.0.tgz", - "integrity": "sha1-2kL0l0DAtC2yypcoVxyxkMmO/qM=", - "dev": true - }, - "which": { - "version": "1.3.1", - "resolved": "https://registry.npmjs.org/which/-/which-1.3.1.tgz", - "integrity": "sha512-HxJdYWq1MTIQbJ3nw0cqssHoTNU267KlrDuGZ1WYlxDStUtKUhOaJmh112/TZmHxxUfuJqPXSOm7tDyas0OSIQ==", - "dev": true, - "requires": { - "isexe": "^2.0.0" - } - }, - "yallist": { - "version": "2.1.2", - "resolved": "https://registry.npmjs.org/yallist/-/yallist-2.1.2.tgz", - "integrity": "sha1-HBH5IY8HYImkfdUS+TxmmaaoHVI=", - "dev": true - } - } - }, - "bin-check": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/bin-check/-/bin-check-4.1.0.tgz", - "integrity": "sha512-b6weQyEUKsDGFlACWSIOfveEnImkJyK/FGW6FAG42loyoquvjdtOIqO6yBFzHyqyVVhNgNkQxxx09SFLK28YnA==", - "dev": true, - "requires": { - "execa": "^0.7.0", - "executable": "^4.1.0" - }, - "dependencies": { - "cross-spawn": { - "version": "5.1.0", - "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-5.1.0.tgz", - "integrity": "sha1-6L0O/uWPz/b4+UUQoKVUu/ojVEk=", - "dev": true, - "requires": { - "lru-cache": "^4.0.1", - "shebang-command": "^1.2.0", - "which": "^1.2.9" - } - }, - "execa": { - "version": "0.7.0", - "resolved": "https://registry.npmjs.org/execa/-/execa-0.7.0.tgz", - "integrity": "sha1-lEvs00zEHuMqY6n68nrVpl/Fl3c=", - "dev": true, - "requires": { - "cross-spawn": "^5.0.1", - "get-stream": "^3.0.0", - "is-stream": "^1.1.0", - "npm-run-path": "^2.0.0", - "p-finally": "^1.0.0", - "signal-exit": "^3.0.0", - "strip-eof": "^1.0.0" - } - }, - "get-stream": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-3.0.0.tgz", - "integrity": "sha1-jpQ9E1jcN1VQVOy+LtsFqhdO3hQ=", - "dev": true - }, - "is-stream": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-1.1.0.tgz", - "integrity": "sha1-EtSj3U5o4Lec6428hBc66A2RykQ=", - "dev": true - }, - "lru-cache": { - "version": "4.1.5", - "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-4.1.5.tgz", - "integrity": "sha512-sWZlbEP2OsHNkXrMl5GYk/jKk70MBng6UU4YI/qGDYbgf6YbP4EvmqISbXCoJiRKs+1bSpFHVgQxvJ17F2li5g==", - "dev": true, - "requires": { - "pseudomap": "^1.0.2", - "yallist": "^2.1.2" - } - }, - "npm-run-path": { - "version": "2.0.2", - "resolved": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-2.0.2.tgz", - "integrity": "sha1-NakjLfo11wZ7TLLd8jV7GHFTbF8=", - "dev": true, - "requires": { - "path-key": "^2.0.0" - } - }, - "path-key": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/path-key/-/path-key-2.0.1.tgz", - "integrity": "sha1-QRyttXTFoUDTpLGRDUDYDMn0C0A=", - "dev": true - }, - "shebang-command": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-1.2.0.tgz", - "integrity": "sha1-RKrGW2lbAzmJaMOfNj/uXer98eo=", - "dev": true, - "requires": { - "shebang-regex": "^1.0.0" - } - }, - "shebang-regex": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-1.0.0.tgz", - "integrity": "sha1-2kL0l0DAtC2yypcoVxyxkMmO/qM=", - "dev": true - }, - "which": { - "version": "1.3.1", - "resolved": "https://registry.npmjs.org/which/-/which-1.3.1.tgz", - "integrity": "sha512-HxJdYWq1MTIQbJ3nw0cqssHoTNU267KlrDuGZ1WYlxDStUtKUhOaJmh112/TZmHxxUfuJqPXSOm7tDyas0OSIQ==", - "dev": true, - "requires": { - "isexe": "^2.0.0" - } - }, - "yallist": { - "version": "2.1.2", - "resolved": "https://registry.npmjs.org/yallist/-/yallist-2.1.2.tgz", - "integrity": "sha1-HBH5IY8HYImkfdUS+TxmmaaoHVI=", - "dev": true - } - } - }, - "bin-version": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/bin-version/-/bin-version-3.1.0.tgz", - "integrity": "sha512-Mkfm4iE1VFt4xd4vH+gx+0/71esbfus2LsnCGe8Pi4mndSPyT+NGES/Eg99jx8/lUGWfu3z2yuB/bt5UB+iVbQ==", - "dev": true, - "requires": { - "execa": "^1.0.0", - "find-versions": "^3.0.0" - }, - "dependencies": { - "cross-spawn": { - "version": "6.0.5", - "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-6.0.5.tgz", - "integrity": "sha512-eTVLrBSt7fjbDygz805pMnstIs2VTBNkRm0qxZd+M7A5XDdxVRWO5MxGBXZhjY4cqLYLdtrGqRf8mBPmzwSpWQ==", - "dev": true, - "requires": { - "nice-try": "^1.0.4", - "path-key": "^2.0.1", - "semver": "^5.5.0", - "shebang-command": "^1.2.0", - "which": "^1.2.9" - } - }, - "execa": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/execa/-/execa-1.0.0.tgz", - "integrity": "sha512-adbxcyWV46qiHyvSp50TKt05tB4tK3HcmF7/nxfAdhnox83seTDbwnaqKO4sXRy7roHAIFqJP/Rw/AuEbX61LA==", - "dev": true, - "requires": { - "cross-spawn": "^6.0.0", - "get-stream": "^4.0.0", - "is-stream": "^1.1.0", - "npm-run-path": "^2.0.0", - "p-finally": "^1.0.0", - "signal-exit": "^3.0.0", - "strip-eof": "^1.0.0" - } - }, - "find-versions": { - "version": "3.2.0", - "resolved": "https://registry.npmjs.org/find-versions/-/find-versions-3.2.0.tgz", - "integrity": "sha512-P8WRou2S+oe222TOCHitLy8zj+SIsVJh52VP4lvXkaFVnOFFdoWv1H1Jjvel1aI6NCFOAaeAVm8qrI0odiLcww==", - "dev": true, - "requires": { - "semver-regex": "^2.0.0" - } - }, - "get-stream": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-4.1.0.tgz", - "integrity": "sha512-GMat4EJ5161kIy2HevLlr4luNjBgvmj413KaQA7jt4V8B4RDsfpHk7WQ9GVqfYyyx8OS/L66Kox+rJRNklLK7w==", - "dev": true, - "requires": { - "pump": "^3.0.0" - } - }, - "is-stream": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-1.1.0.tgz", - "integrity": "sha1-EtSj3U5o4Lec6428hBc66A2RykQ=", - "dev": true - }, - "npm-run-path": { - "version": "2.0.2", - "resolved": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-2.0.2.tgz", - "integrity": "sha1-NakjLfo11wZ7TLLd8jV7GHFTbF8=", - "dev": true, - "requires": { - "path-key": "^2.0.0" - } - }, - "path-key": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/path-key/-/path-key-2.0.1.tgz", - "integrity": "sha1-QRyttXTFoUDTpLGRDUDYDMn0C0A=", - "dev": true - }, - "semver": { - "version": "5.7.1", - "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz", - "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==", - "dev": true - }, - "semver-regex": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/semver-regex/-/semver-regex-2.0.0.tgz", - "integrity": "sha512-mUdIBBvdn0PLOeP3TEkMH7HHeUP3GjsXCwKarjv/kGmUFOYg1VqEemKhoQpWMu6X2I8kHeuVdGibLGkVK+/5Qw==", - "dev": true - }, - "shebang-command": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-1.2.0.tgz", - "integrity": "sha1-RKrGW2lbAzmJaMOfNj/uXer98eo=", - "dev": true, - "requires": { - "shebang-regex": "^1.0.0" - } - }, - "shebang-regex": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-1.0.0.tgz", - "integrity": "sha1-2kL0l0DAtC2yypcoVxyxkMmO/qM=", - "dev": true - }, - "which": { - "version": "1.3.1", - "resolved": "https://registry.npmjs.org/which/-/which-1.3.1.tgz", - "integrity": "sha512-HxJdYWq1MTIQbJ3nw0cqssHoTNU267KlrDuGZ1WYlxDStUtKUhOaJmh112/TZmHxxUfuJqPXSOm7tDyas0OSIQ==", - "dev": true, - "requires": { - "isexe": "^2.0.0" - } - } - } - }, - "bin-version-check": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/bin-version-check/-/bin-version-check-4.0.0.tgz", - "integrity": "sha512-sR631OrhC+1f8Cvs8WyVWOA33Y8tgwjETNPyyD/myRBXLkfS/vl74FmH/lFcRl9KY3zwGh7jFhvyk9vV3/3ilQ==", - "dev": true, - "requires": { - "bin-version": "^3.0.0", - "semver": "^5.6.0", - "semver-truncate": "^1.1.2" - }, - "dependencies": { - "semver": { - "version": "5.7.1", - "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz", - "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==", - "dev": true - } - } - }, - "bin-wrapper": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/bin-wrapper/-/bin-wrapper-4.1.0.tgz", - "integrity": "sha512-hfRmo7hWIXPkbpi0ZltboCMVrU+0ClXR/JgbCKKjlDjQf6igXa7OwdqNcFWQZPZTgiY7ZpzE3+LjjkLiTN2T7Q==", - "dev": true, - "requires": { - "bin-check": "^4.1.0", - "bin-version-check": "^4.0.0", - "download": "^7.1.0", - "import-lazy": "^3.1.0", - "os-filter-obj": "^2.0.0", - "pify": "^4.0.1" - }, - "dependencies": { - "download": { - "version": "7.1.0", - "resolved": "https://registry.npmjs.org/download/-/download-7.1.0.tgz", - "integrity": "sha512-xqnBTVd/E+GxJVrX5/eUJiLYjCGPwMpdL+jGhGU57BvtcA7wwhtHVbXBeUk51kOpW3S7Jn3BQbN9Q1R1Km2qDQ==", - "dev": true, - "requires": { - "archive-type": "^4.0.0", - "caw": "^2.0.1", - "content-disposition": "^0.5.2", - "decompress": "^4.2.0", - "ext-name": "^5.0.0", - "file-type": "^8.1.0", - "filenamify": "^2.0.0", - "get-stream": "^3.0.0", - "got": "^8.3.1", - "make-dir": "^1.2.0", - "p-event": "^2.1.0", - "pify": "^3.0.0" - }, - "dependencies": { - "pify": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/pify/-/pify-3.0.0.tgz", - "integrity": "sha1-5aSs0sEB/fPZpNB/DbxNtJ3SgXY=", - "dev": true - } - } - }, - "file-type": { - "version": "8.1.0", - "resolved": "https://registry.npmjs.org/file-type/-/file-type-8.1.0.tgz", - "integrity": "sha512-qyQ0pzAy78gVoJsmYeNgl8uH8yKhr1lVhW7JbzJmnlRi0I4R2eEDEJZVKG8agpDnLpacwNbDhLNG/LMdxHD2YQ==", - "dev": true - }, - "get-stream": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-3.0.0.tgz", - "integrity": "sha1-jpQ9E1jcN1VQVOy+LtsFqhdO3hQ=", - "dev": true - }, - "got": { - "version": "8.3.2", - "resolved": "https://registry.npmjs.org/got/-/got-8.3.2.tgz", - "integrity": "sha512-qjUJ5U/hawxosMryILofZCkm3C84PLJS/0grRIpjAwu+Lkxxj5cxeCU25BG0/3mDSpXKTyZr8oh8wIgLaH0QCw==", - "dev": true, - "requires": { - "@sindresorhus/is": "^0.7.0", - "cacheable-request": "^2.1.1", - "decompress-response": "^3.3.0", - "duplexer3": "^0.1.4", - "get-stream": "^3.0.0", - "into-stream": "^3.1.0", - "is-retry-allowed": "^1.1.0", - "isurl": "^1.0.0-alpha5", - "lowercase-keys": "^1.0.0", - "mimic-response": "^1.0.0", - "p-cancelable": "^0.4.0", - "p-timeout": "^2.0.1", - "pify": "^3.0.0", - "safe-buffer": "^5.1.1", - "timed-out": "^4.0.1", - "url-parse-lax": "^3.0.0", - "url-to-options": "^1.0.1" - }, - "dependencies": { - "pify": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/pify/-/pify-3.0.0.tgz", - "integrity": "sha1-5aSs0sEB/fPZpNB/DbxNtJ3SgXY=", - "dev": true - } - } - }, - "import-lazy": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/import-lazy/-/import-lazy-3.1.0.tgz", - "integrity": "sha512-8/gvXvX2JMn0F+CDlSC4l6kOmVaLOO3XLkksI7CI3Ud95KDYJuYur2b9P/PUt/i/pDAMd/DulQsNbbbmRRsDIQ==", - "dev": true - }, - "p-cancelable": { - "version": "0.4.1", - "resolved": "https://registry.npmjs.org/p-cancelable/-/p-cancelable-0.4.1.tgz", - "integrity": "sha512-HNa1A8LvB1kie7cERyy21VNeHb2CWJJYqyyC2o3klWFfMGlFmWv2Z7sFgZH8ZiaYL95ydToKTFVXgMV/Os0bBQ==", - "dev": true - }, - "p-event": { - "version": "2.3.1", - "resolved": "https://registry.npmjs.org/p-event/-/p-event-2.3.1.tgz", - "integrity": "sha512-NQCqOFhbpVTMX4qMe8PF8lbGtzZ+LCiN7pcNrb/413Na7+TRoe1xkKUzuWa/YEJdGQ0FvKtj35EEbDoVPO2kbA==", - "dev": true, - "requires": { - "p-timeout": "^2.0.1" - } - }, - "p-timeout": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/p-timeout/-/p-timeout-2.0.1.tgz", - "integrity": "sha512-88em58dDVB/KzPEx1X0N3LwFfYZPyDc4B6eF38M1rk9VTZMbxXXgjugz8mmwpS9Ox4BDZ+t6t3QP5+/gazweIA==", - "dev": true, - "requires": { - "p-finally": "^1.0.0" - } - }, - "pify": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/pify/-/pify-4.0.1.tgz", - "integrity": "sha512-uB80kBFb/tfd68bVleG9T5GGsGPjJrLAUpR5PZIrhBnIaRTQRjqdJSsIKkOP6OAIFbj7GOrcudc5pNjZ+geV2g==", - "dev": true - }, - "prepend-http": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/prepend-http/-/prepend-http-2.0.0.tgz", - "integrity": "sha1-6SQ0v6XqjBn0HN/UAddBo8gZ2Jc=", - "dev": true - }, - "url-parse-lax": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/url-parse-lax/-/url-parse-lax-3.0.0.tgz", - "integrity": "sha1-FrXK/Afb42dsGxmZF3gj1lA6yww=", - "dev": true, - "requires": { - "prepend-http": "^2.0.0" - } - } - } + "peer": true }, "binary-extensions": { "version": "2.2.0", "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.2.0.tgz", - "integrity": "sha512-jDctJ/IVQbZoJykoeHbhXpOlNBqGNcwXJKJog42E5HDPUwQTSdjCHdihjj0DlnheQ7blbT6dHOafNAiS8ooQKA==" - }, - "bl": { - "version": "1.2.3", - "resolved": "https://registry.npmjs.org/bl/-/bl-1.2.3.tgz", - "integrity": "sha512-pvcNpa0UU69UT341rO6AYy4FVAIkUHuZXRIWbq+zHnsVcRzDDjIAhGuuYoi0d//cwIwtt4pkpKycWEfjdV+vww==", + "integrity": "sha512-jDctJ/IVQbZoJykoeHbhXpOlNBqGNcwXJKJog42E5HDPUwQTSdjCHdihjj0DlnheQ7blbT6dHOafNAiS8ooQKA==", "dev": true, - "requires": { - "readable-stream": "^2.3.5", - "safe-buffer": "^5.1.1" - }, - "dependencies": { - "readable-stream": { - "version": "2.3.7", - "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.7.tgz", - "integrity": "sha512-Ebho8K4jIbHAxnuxi7o42OrZgF/ZTNcsZj6nRKyUmkhLFq8CHItp/fy6hQZuZmP/n3yZ9VBUbp4zz/mX8hmYPw==", - "dev": true, - "requires": { - "core-util-is": "~1.0.0", - "inherits": "~2.0.3", - "isarray": "~1.0.0", - "process-nextick-args": "~2.0.0", - "safe-buffer": "~5.1.1", - "string_decoder": "~1.1.1", - "util-deprecate": "~1.0.1" - } - }, - "string_decoder": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", - "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==", - "dev": true, - "requires": { - "safe-buffer": "~5.1.0" - } - } - } - }, - "bluebird": { - "version": "3.7.2", - "resolved": "https://registry.npmjs.org/bluebird/-/bluebird-3.7.2.tgz", - "integrity": "sha512-XpNj6GDQzdfW+r2Wnn7xiSAd7TM3jzkxGXBGTtWKuSXv1xUV+azxAm8jdWZN06QTQk+2N2XB9jRDkvbmQmcRtg==", - "dev": true + "peer": true }, "bn.js": { "version": "5.2.0", "resolved": "https://registry.npmjs.org/bn.js/-/bn.js-5.2.0.tgz", - "integrity": "sha512-D7iWRBvnZE8ecXiLj/9wbxH7Tk79fAh8IHaTNq1RWRixsS02W+5qS+iE9yq6RYl0asXx5tw0bLhmT5pIfbSquw==" - }, - "body-parser": { - "version": "1.19.0", - "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.19.0.tgz", - "integrity": "sha512-dhEPs72UPbDnAQJ9ZKMNTP6ptJaionhP5cBb541nXPlW60Jepo9RV/a4fX4XWW9CuFNK22krhrj1+rgzifNCsw==", - "requires": { - "bytes": "3.1.0", - "content-type": "~1.0.4", - "debug": "2.6.9", - "depd": "~1.1.2", - "http-errors": "1.7.2", - "iconv-lite": "0.4.24", - "on-finished": "~2.3.0", - "qs": "6.7.0", - "raw-body": "2.4.0", - "type-is": "~1.6.17" - }, - "dependencies": { - "debug": { - "version": "2.6.9", - "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", - "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", - "requires": { - "ms": "2.0.0" - } - }, - "ms": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", - "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=" - }, - "raw-body": { - "version": "2.4.0", - "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.4.0.tgz", - "integrity": "sha512-4Oz8DUIwdvoa5qMJelxipzi/iJIi40O5cGV1wNYp5hvZP8ZN0T+jiNkL0QepXs+EsQ9XJ8ipEDoiH70ySUJP3Q==", - "requires": { - "bytes": "3.1.0", - "http-errors": "1.7.2", - "iconv-lite": "0.4.24", - "unpipe": "1.0.0" - } - } - } - }, - "boolbase": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/boolbase/-/boolbase-1.0.0.tgz", - "integrity": "sha1-aN/1++YMUes3cl6p4+0xDcwed24=", - "dev": true + "integrity": "sha512-D7iWRBvnZE8ecXiLj/9wbxH7Tk79fAh8IHaTNq1RWRixsS02W+5qS+iE9yq6RYl0asXx5tw0bLhmT5pIfbSquw==", + "dev": true, + "peer": true }, "brace-expansion": { "version": "1.1.11", "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==", + "dev": true, "requires": { "balanced-match": "^1.0.0", "concat-map": "0.0.1" @@ -22321,6 +16822,7 @@ "version": "3.0.2", "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz", "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==", + "dev": true, "requires": { "fill-range": "^7.0.1" } @@ -22328,12 +16830,23 @@ "brorand": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/brorand/-/brorand-1.1.0.tgz", - "integrity": "sha1-EsJe/kCkXjwyPrhnWgoM5XsiNx8=" + "integrity": "sha1-EsJe/kCkXjwyPrhnWgoM5XsiNx8=", + "dev": true, + "peer": true + }, + "browser-process-hrtime": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/browser-process-hrtime/-/browser-process-hrtime-1.0.0.tgz", + "integrity": "sha512-9o5UecI3GhkpM6DrXr69PblIuWxPKk9Y0jHBRhdocZ2y7YECBFCsHm79Pr3OyR2AvjhDkabFJaDJMYRazHgsow==", + "dev": true, + "peer": true }, "browserify-aes": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/browserify-aes/-/browserify-aes-1.2.0.tgz", "integrity": "sha512-+7CHXqGuspUn/Sl5aO7Ea0xWGAtETPXNSAjHo48JfLdPWcMng33Xe4znFvQweqc/uzk5zSOI3H52CYnjCfb5hA==", + "dev": true, + "peer": true, "requires": { "buffer-xor": "^1.0.3", "cipher-base": "^1.0.0", @@ -22347,6 +16860,8 @@ "version": "1.0.1", "resolved": "https://registry.npmjs.org/browserify-cipher/-/browserify-cipher-1.0.1.tgz", "integrity": "sha512-sPhkz0ARKbf4rRQt2hTpAHqn47X3llLkUGn+xEJzLjwY8LRs2p0v7ljvI5EyoRO/mexrNunNECisZs+gw2zz1w==", + "dev": true, + "peer": true, "requires": { "browserify-aes": "^1.0.4", "browserify-des": "^1.0.0", @@ -22357,6 +16872,8 @@ "version": "1.0.2", "resolved": "https://registry.npmjs.org/browserify-des/-/browserify-des-1.0.2.tgz", "integrity": "sha512-BioO1xf3hFwz4kc6iBhI3ieDFompMhrMlnDFC4/0/vd5MokpuAc3R+LYbwTA9A5Yc9pq9UYPqffKpW2ObuwX5A==", + "dev": true, + "peer": true, "requires": { "cipher-base": "^1.0.1", "des.js": "^1.0.0", @@ -22368,6 +16885,8 @@ "version": "4.1.0", "resolved": "https://registry.npmjs.org/browserify-rsa/-/browserify-rsa-4.1.0.tgz", "integrity": "sha512-AdEER0Hkspgno2aR97SAf6vi0y0k8NuOpGnVH3O99rcA5Q6sh8QxcngtHuJ6uXwnfAXNM4Gn1Gb7/MV1+Ymbog==", + "dev": true, + "peer": true, "requires": { "bn.js": "^5.0.0", "randombytes": "^2.0.1" @@ -22377,6 +16896,8 @@ "version": "4.2.1", "resolved": "https://registry.npmjs.org/browserify-sign/-/browserify-sign-4.2.1.tgz", "integrity": "sha512-/vrA5fguVAKKAVTNJjgSm1tRQDHUU6DbwO9IROu/0WAzC8PKhucDSh18J0RMvVeHAn5puMd+QHC2erPRNf8lmg==", + "dev": true, + "peer": true, "requires": { "bn.js": "^5.1.1", "browserify-rsa": "^4.0.1", @@ -22392,7 +16913,9 @@ "safe-buffer": { "version": "5.2.1", "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", - "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==" + "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==", + "dev": true, + "peer": true } } }, @@ -22400,6 +16923,8 @@ "version": "0.2.0", "resolved": "https://registry.npmjs.org/browserify-zlib/-/browserify-zlib-0.2.0.tgz", "integrity": "sha512-Z942RysHXmJrhqk88FmKBVq/v5tqmSkDz7p54G/MGyjMnCFFnC79XWNbg+Vta8W6Wb2qtSZTSxIGkJrRpCFEiA==", + "dev": true, + "peer": true, "requires": { "pako": "~1.0.5" } @@ -22408,6 +16933,7 @@ "version": "4.16.6", "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.16.6.tgz", "integrity": "sha512-Wspk/PqO+4W9qp5iUTJsa1B/QrYn1keNCcEP5OvP7WBwT4KaDly0uONYmC6Xa3Z5IqnUgS0KcgLYu1l74x0ZXQ==", + "dev": true, "requires": { "caniuse-lite": "^1.0.30001219", "colorette": "^1.2.2", @@ -22425,44 +16951,16 @@ "fast-json-stable-stringify": "2.x" } }, - "buffer": { - "version": "5.7.1", - "resolved": "https://registry.npmjs.org/buffer/-/buffer-5.7.1.tgz", - "integrity": "sha512-EHcyIPBQ4BSGlvjB16k5KgAJ27CIsHY/2JBmCRReo48y9rQ3MaUzWX3KVlBa4U7MyX02HdVj0K7C3WaB3ju7FQ==", + "bser": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/bser/-/bser-2.1.1.tgz", + "integrity": "sha512-gQxTNE/GAfIIrmHLUE3oJyp5FO6HRBfhjnw4/wMmA63ZGDJnWBmgY/lyQBpnDUkGmAhbSe39tx2d/iTOAfglwQ==", "dev": true, + "peer": true, "requires": { - "base64-js": "^1.3.1", - "ieee754": "^1.1.13" + "node-int64": "^0.4.0" } }, - "buffer-alloc": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/buffer-alloc/-/buffer-alloc-1.2.0.tgz", - "integrity": "sha512-CFsHQgjtW1UChdXgbyJGtnm+O/uLQeZdtbDo8mfUgYXCHSM1wgrVxXm6bSyrUuErEb+4sYVGCzASBRot7zyrow==", - "dev": true, - "requires": { - "buffer-alloc-unsafe": "^1.1.0", - "buffer-fill": "^1.0.0" - } - }, - "buffer-alloc-unsafe": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/buffer-alloc-unsafe/-/buffer-alloc-unsafe-1.1.0.tgz", - "integrity": "sha512-TEM2iMIEQdJ2yjPJoSIsldnleVaAk1oW3DBVUykyOLsEsFmEc9kn+SFFPz+gl54KQNxlDnAwCXosOS9Okx2xAg==", - "dev": true - }, - "buffer-crc32": { - "version": "0.2.13", - "resolved": "https://registry.npmjs.org/buffer-crc32/-/buffer-crc32-0.2.13.tgz", - "integrity": "sha1-DTM+PwDqxQqhRUq9MO+MKl2ackI=", - "dev": true - }, - "buffer-fill": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/buffer-fill/-/buffer-fill-1.0.0.tgz", - "integrity": "sha1-+PeLdniYiO858gXNY39o5wISKyw=", - "dev": true - }, "buffer-from": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.1.tgz", @@ -22472,28 +16970,30 @@ "buffer-xor": { "version": "1.0.3", "resolved": "https://registry.npmjs.org/buffer-xor/-/buffer-xor-1.0.3.tgz", - "integrity": "sha1-JuYe0UIvtw3ULm42cp7VHYVf6Nk=" + "integrity": "sha1-JuYe0UIvtw3ULm42cp7VHYVf6Nk=", + "dev": true, + "peer": true }, "builtin-status-codes": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/builtin-status-codes/-/builtin-status-codes-3.0.0.tgz", - "integrity": "sha1-hZgoeOIbmOHGZCXgPQF0eI9Wnug=" - }, - "byline": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/byline/-/byline-5.0.0.tgz", - "integrity": "sha1-dBxSFkaOrcRXsDQQEYrXfejB3bE=" + "integrity": "sha1-hZgoeOIbmOHGZCXgPQF0eI9Wnug=", + "dev": true, + "peer": true }, "bytes": { "version": "3.1.0", "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.0.tgz", - "integrity": "sha512-zauLjrfCG+xvoyaqLoV8bLVXXNGC4JqlxFCutSDWA6fJrTo2ZuvLYTqZ7aHBLZSMOopbzwv8f+wZcVzfVTI2Dg==" + "integrity": "sha512-zauLjrfCG+xvoyaqLoV8bLVXXNGC4JqlxFCutSDWA6fJrTo2ZuvLYTqZ7aHBLZSMOopbzwv8f+wZcVzfVTI2Dg==", + "dev": true, + "peer": true }, "cache-base": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/cache-base/-/cache-base-1.0.1.tgz", "integrity": "sha512-AKcdTnFSWATd5/GCPRxr2ChwIJ85CeyrEyjRHlKxQ56d4XJMGym0uAiKn0xbLOGOl3+yRpOTi484dVCEc5AUzQ==", "dev": true, + "peer": true, "requires": { "collection-visit": "^1.0.0", "component-emitter": "^1.2.1", @@ -22506,83 +17006,28 @@ "unset-value": "^1.0.0" } }, - "cacheable-request": { - "version": "2.1.4", - "resolved": "https://registry.npmjs.org/cacheable-request/-/cacheable-request-2.1.4.tgz", - "integrity": "sha1-DYCIAbY0KtM8kd+dC0TcCbkeXD0=", - "dev": true, - "requires": { - "clone-response": "1.0.2", - "get-stream": "3.0.0", - "http-cache-semantics": "3.8.1", - "keyv": "3.0.0", - "lowercase-keys": "1.0.0", - "normalize-url": "2.0.1", - "responselike": "1.0.2" - }, - "dependencies": { - "get-stream": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-3.0.0.tgz", - "integrity": "sha1-jpQ9E1jcN1VQVOy+LtsFqhdO3hQ=", - "dev": true - }, - "lowercase-keys": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/lowercase-keys/-/lowercase-keys-1.0.0.tgz", - "integrity": "sha1-TjNms55/VFfjXxMkvfb4jQv8cwY=", - "dev": true - } - } - }, "call-bind": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.2.tgz", "integrity": "sha512-7O+FbCihrB5WGbFYesctwmTKae6rOiIzmz1icreWJ+0aA7LJfuqhEso2T9ncpcFtzMQtzXf2QGGueWJGTYsqrA==", + "dev": true, "requires": { "function-bind": "^1.1.1", "get-intrinsic": "^1.0.2" } }, - "call-me-maybe": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/call-me-maybe/-/call-me-maybe-1.0.1.tgz", - "integrity": "sha1-JtII6onje1y95gJQoV8DHBak1ms=", - "dev": true - }, "callsites": { "version": "3.1.0", "resolved": "https://registry.npmjs.org/callsites/-/callsites-3.1.0.tgz", "integrity": "sha512-P8BjAsXvZS+VIDUI11hHCQEv74YT67YUi5JJFNWIqL235sBmjX4+qx9Muvls5ivyNENctx46xQLQ3aTuE7ssaQ==", "dev": true }, - "camel-case": { - "version": "4.1.2", - "resolved": "https://registry.npmjs.org/camel-case/-/camel-case-4.1.2.tgz", - "integrity": "sha512-gxGWBrTT1JuMx6R+o5PTXMmUnhnVzLQ9SNutD4YqKtI6ap897t3tKECYla6gCWEkplXnlNybEkZg9GEGxKFCgw==", - "requires": { - "pascal-case": "^3.1.2", - "tslib": "^2.0.3" - }, - "dependencies": { - "tslib": { - "version": "2.3.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.3.1.tgz", - "integrity": "sha512-77EbyPPpMz+FRFRuAFlWMtmgUWGe9UOG2Z25NqCwiIjRhOf5iKGuzSe5P2w1laq+FkRy4p+PCuVkJSGkzTEKVw==" - } - } - }, "camelcase": { "version": "5.3.1", "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-5.3.1.tgz", "integrity": "sha512-L28STB170nwWS63UjtlEOE3dldQApaJXZkOI1uMFfzf3rRuPegHaHesyee+YxQ+W6SvRDQV6UrdOdRiR153wJg==", "dev": true }, - "camelcase-css": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/camelcase-css/-/camelcase-css-2.0.1.tgz", - "integrity": "sha512-QOSvevhslijgYwRx6Rv7zKdMF8lbRmx+uQGx2+vDc+KI/eBnsy9kit5aj23AgGu3pa4t9AgwbnXWqS+iOY+2aA==" - }, "camelcase-keys": { "version": "6.2.2", "resolved": "https://registry.npmjs.org/camelcase-keys/-/camelcase-keys-6.2.2.tgz", @@ -22597,53 +17042,53 @@ "caniuse-lite": { "version": "1.0.30001246", "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001246.tgz", - "integrity": "sha512-Tc+ff0Co/nFNbLOrziBXmMVtpt9S2c2Y+Z9Nk9Khj09J+0zR9ejvIW5qkZAErCbOrVODCx/MN+GpB5FNBs5GFA==" + "integrity": "sha512-Tc+ff0Co/nFNbLOrziBXmMVtpt9S2c2Y+Z9Nk9Khj09J+0zR9ejvIW5qkZAErCbOrVODCx/MN+GpB5FNBs5GFA==", + "dev": true }, - "caw": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/caw/-/caw-2.0.1.tgz", - "integrity": "sha512-Cg8/ZSBEa8ZVY9HspcGUYaK63d/bN7rqS3CYCzEGUxuYv6UlmcjzDUz2fCFFHyTvUW5Pk0I+3hkA3iXlIj6guA==", + "capture-exit": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/capture-exit/-/capture-exit-2.0.0.tgz", + "integrity": "sha512-PiT/hQmTonHhl/HFGN+Lx3JJUznrVYJ3+AQsnthneZbvW7x+f08Tk7yLJTLEOUvBTbduLeeBkxEaYXUOUrRq6g==", "dev": true, + "peer": true, "requires": { - "get-proxy": "^2.0.0", - "isurl": "^1.0.0-alpha5", - "tunnel-agent": "^0.6.0", - "url-to-options": "^1.0.1" + "rsvp": "^4.8.4" } }, - "ccount": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/ccount/-/ccount-1.1.0.tgz", - "integrity": "sha512-vlNK021QdI7PNeiUh/lKkC/mNHHfV0m/Ad5JoI0TYtlBnJAslM/JIkm/tGC88bkLIwO6OQ5uV6ztS6kVAtCDlg==" - }, "chalk": { "version": "4.1.0", "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.0.tgz", "integrity": "sha512-qwx12AxXe2Q5xQ43Ac//I6v5aXTipYrSESdOgzrN+9XjgEpyjpKuvSGaN4qE93f7TQTlerQQ8S+EQ0EyDoVL1A==", + "dev": true, "requires": { "ansi-styles": "^4.1.0", "supports-color": "^7.1.0" } }, + "char-regex": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/char-regex/-/char-regex-1.0.2.tgz", + "integrity": "sha512-kWWXztvZ5SBQV+eRgKFeh8q5sLuZY2+8WUIzlxWVTg+oGwY14qylx1KbKzHd8P6ZYkAg0xyIDU9JMHhyJMZ1jw==", + "dev": true, + "peer": true + }, "character-entities": { "version": "1.2.4", "resolved": "https://registry.npmjs.org/character-entities/-/character-entities-1.2.4.tgz", - "integrity": "sha512-iBMyeEHxfVnIakwOuDXpVkc54HijNgCyQB2w0VfGQThle6NXn50zU6V/u+LDhxHcDUPojn6Kpga3PTAD8W1bQw==" - }, - "character-entities-html4": { - "version": "1.1.4", - "resolved": "https://registry.npmjs.org/character-entities-html4/-/character-entities-html4-1.1.4.tgz", - "integrity": "sha512-HRcDxZuZqMx3/a+qrzxdBKBPUpxWEq9xw2OPZ3a/174ihfrQKVsFhqtthBInFy1zZ9GgZyFXOatNujm8M+El3g==" + "integrity": "sha512-iBMyeEHxfVnIakwOuDXpVkc54HijNgCyQB2w0VfGQThle6NXn50zU6V/u+LDhxHcDUPojn6Kpga3PTAD8W1bQw==", + "dev": true }, "character-entities-legacy": { "version": "1.1.4", "resolved": "https://registry.npmjs.org/character-entities-legacy/-/character-entities-legacy-1.1.4.tgz", - "integrity": "sha512-3Xnr+7ZFS1uxeiUDvV02wQ+QDbc55o97tIV5zHScSPJpcLm/r0DFPcoY3tYRp+VZukxuMeKgXYmsXQHO05zQeA==" + "integrity": "sha512-3Xnr+7ZFS1uxeiUDvV02wQ+QDbc55o97tIV5zHScSPJpcLm/r0DFPcoY3tYRp+VZukxuMeKgXYmsXQHO05zQeA==", + "dev": true }, "character-reference-invalid": { "version": "1.1.4", "resolved": "https://registry.npmjs.org/character-reference-invalid/-/character-reference-invalid-1.1.4.tgz", - "integrity": "sha512-mKKUkUbhPpQlCOfIuZkvSEgktjPFIsZKRRbC6KWVEMvlzblj3i3asQv5ODsrwt0N3pHAEvjP8KTQPHkp0+6jOg==" + "integrity": "sha512-mKKUkUbhPpQlCOfIuZkvSEgktjPFIsZKRRbC6KWVEMvlzblj3i3asQv5ODsrwt0N3pHAEvjP8KTQPHkp0+6jOg==", + "dev": true }, "chardet": { "version": "0.7.0", @@ -22651,16 +17096,12 @@ "integrity": "sha512-mT8iDcrh03qDGRRmoA2hmBJnxpllMR+0/0qlzjqZES6NdiWDcZkCNAk4rPFZ9Q85r27unkiNNg8ZOiwZXBHwcA==", "dev": true }, - "check-types": { - "version": "8.0.3", - "resolved": "https://registry.npmjs.org/check-types/-/check-types-8.0.3.tgz", - "integrity": "sha512-YpeKZngUmG65rLudJ4taU7VLkOCTMhNl/u4ctNC56LQS/zJTyNH0Lrtwm1tfTsbLlwvlfsA2d1c8vCf/Kh2KwQ==", - "dev": true - }, "chokidar": { "version": "3.5.1", "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.5.1.tgz", "integrity": "sha512-9+s+Od+W0VJJzawDma/gvBNQqkTiqYTWLuZoyAsivsI4AaWTCzHG06/TMjsf1cYe9Cb97UCEhjz7HvnPk2p/tw==", + "dev": true, + "peer": true, "requires": { "anymatch": "~3.1.1", "braces": "~3.0.2", @@ -22672,11 +17113,6 @@ "readdirp": "~3.5.0" } }, - "ci": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/ci/-/ci-2.1.1.tgz", - "integrity": "sha512-StBCU1G9zbhgVBqvslvOpT601zme9YfyZaUSjgXCtfnIynPuDBHX85WwnXv5cnh74bYo8S3xfPpI41yk1jZmRw==" - }, "ci-info": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/ci-info/-/ci-info-2.0.0.tgz", @@ -22687,16 +17123,26 @@ "version": "1.0.4", "resolved": "https://registry.npmjs.org/cipher-base/-/cipher-base-1.0.4.tgz", "integrity": "sha512-Kkht5ye6ZGmwv40uUDZztayT2ThLQGfnj/T71N/XzeZeo3nf8foyW7zGTsPYkEya3m5f3cAypH+qe7YOrM1U2Q==", + "dev": true, + "peer": true, "requires": { "inherits": "^2.0.1", "safe-buffer": "^5.0.1" } }, + "cjs-module-lexer": { + "version": "0.6.0", + "resolved": "https://registry.npmjs.org/cjs-module-lexer/-/cjs-module-lexer-0.6.0.tgz", + "integrity": "sha512-uc2Vix1frTfnuzxxu1Hp4ktSvM3QaI4oXl4ZUqL1wjTu/BGki9TrCWoqLTg/drR1KwAEarXuRFCG2Svr1GxPFw==", + "dev": true, + "peer": true + }, "class-utils": { "version": "0.3.6", "resolved": "https://registry.npmjs.org/class-utils/-/class-utils-0.3.6.tgz", "integrity": "sha512-qOhPa/Fj7s6TY8H8esGu5QNpMMQxz79h+urzrNYN6mn+9BnxlDGf5QZ+XeCDsxSjPqsSR56XOZOJmpeurnLMeg==", "dev": true, + "peer": true, "requires": { "arr-union": "^3.1.0", "define-property": "^0.2.5", @@ -22709,6 +17155,7 @@ "resolved": "https://registry.npmjs.org/define-property/-/define-property-0.2.5.tgz", "integrity": "sha1-w1se+RjsPJkPmlvFe+BKrOxcgRY=", "dev": true, + "peer": true, "requires": { "is-descriptor": "^0.1.0" } @@ -22718,6 +17165,7 @@ "resolved": "https://registry.npmjs.org/is-accessor-descriptor/-/is-accessor-descriptor-0.1.6.tgz", "integrity": "sha1-qeEss66Nh2cn7u84Q/igiXtcmNY=", "dev": true, + "peer": true, "requires": { "kind-of": "^3.0.2" }, @@ -22727,6 +17175,7 @@ "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", "integrity": "sha1-MeohpzS6ubuw8yRm2JOupR5KPGQ=", "dev": true, + "peer": true, "requires": { "is-buffer": "^1.1.5" } @@ -22737,13 +17186,15 @@ "version": "1.1.6", "resolved": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.6.tgz", "integrity": "sha512-NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w==", - "dev": true + "dev": true, + "peer": true }, "is-data-descriptor": { "version": "0.1.4", "resolved": "https://registry.npmjs.org/is-data-descriptor/-/is-data-descriptor-0.1.4.tgz", "integrity": "sha1-C17mSDiOLIYCgueT8YVv7D8wG1Y=", "dev": true, + "peer": true, "requires": { "kind-of": "^3.0.2" }, @@ -22753,6 +17204,7 @@ "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", "integrity": "sha1-MeohpzS6ubuw8yRm2JOupR5KPGQ=", "dev": true, + "peer": true, "requires": { "is-buffer": "^1.1.5" } @@ -22764,6 +17216,7 @@ "resolved": "https://registry.npmjs.org/is-descriptor/-/is-descriptor-0.1.6.tgz", "integrity": "sha512-avDYr0SB3DwO9zsMov0gKCESFYqCnE4hq/4z3TdUlukEy5t9C0YRq7HLrsN52NAcqXKaepeCD0n+B0arnVG3Hg==", "dev": true, + "peer": true, "requires": { "is-accessor-descriptor": "^0.1.6", "is-data-descriptor": "^0.1.4", @@ -22774,15 +17227,11 @@ "version": "5.1.0", "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-5.1.0.tgz", "integrity": "sha512-NGEErnH6F2vUuXDh+OlbcKW7/wOcfdRHaZ7VWtqCztfHri/++YKmP51OdWeGPuqCOba6kk2OTe5d02VmTB80Pw==", - "dev": true + "dev": true, + "peer": true } } }, - "classnames": { - "version": "2.3.1", - "resolved": "https://registry.npmjs.org/classnames/-/classnames-2.3.1.tgz", - "integrity": "sha512-OlQdbZ7gLfGarSqxesMesDa5uz7KFbID8Kpq/SxIoNGDqY8lSYs0D+hhtBXhcdB3rcbXArFr7vlHheLk1voeNA==" - }, "clean-stack": { "version": "2.2.0", "resolved": "https://registry.npmjs.org/clean-stack/-/clean-stack-2.2.0.tgz", @@ -22814,6 +17263,32 @@ "integrity": "sha512-FxqpkPPwu1HjuN93Omfm4h8uIanXofW0RxVEW3k5RKx+mJJYSthzNhp32Kzxxy3YAEZ/Dc/EWN1vZRY0+kOhbw==", "dev": true }, + "cliui": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/cliui/-/cliui-6.0.0.tgz", + "integrity": "sha512-t6wbgtoCXvAzst7QgXxJYqPt0usEfbgQdftEPbLL/cvv6HPE5VgvqCuAIDR0NgU52ds6rFwqrgakNLrHEjCbrQ==", + "dev": true, + "peer": true, + "requires": { + "string-width": "^4.2.0", + "strip-ansi": "^6.0.0", + "wrap-ansi": "^6.2.0" + }, + "dependencies": { + "wrap-ansi": { + "version": "6.2.0", + "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-6.2.0.tgz", + "integrity": "sha512-r6lPcBGxZXlIcymEu7InxDMhdW0KDxpLgoFLcguasxCaJ/SOIZwINatK9KY/tf+ZrlywOKU0UDj3ATXUBfxJXA==", + "dev": true, + "peer": true, + "requires": { + "ansi-styles": "^4.0.0", + "string-width": "^4.1.0", + "strip-ansi": "^6.0.0" + } + } + } + }, "clone-regexp": { "version": "2.2.0", "resolved": "https://registry.npmjs.org/clone-regexp/-/clone-regexp-2.2.0.tgz", @@ -22831,88 +17306,26 @@ } } }, - "clone-response": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/clone-response/-/clone-response-1.0.2.tgz", - "integrity": "sha1-0dyXOSAxTfZ/vrlCI7TuNQI56Ws=", + "co": { + "version": "4.6.0", + "resolved": "https://registry.npmjs.org/co/-/co-4.6.0.tgz", + "integrity": "sha1-bqa989hTrlTMuOR7+gvz+QMfsYQ=", "dev": true, - "requires": { - "mimic-response": "^1.0.0" - } + "peer": true }, - "coa": { - "version": "2.0.2", - "resolved": "https://registry.npmjs.org/coa/-/coa-2.0.2.tgz", - "integrity": "sha512-q5/jG+YQnSy4nRTV4F7lPepBJZ8qBNJJDBuJdoejDyLXgmL7IEo+Le2JDZudFTFt7mrCqIRaSjws4ygRCTCAXA==", + "collect-v8-coverage": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/collect-v8-coverage/-/collect-v8-coverage-1.0.1.tgz", + "integrity": "sha512-iBPtljfCNcTKNAto0KEtDfZ3qzjJvqE3aTGZsbhjSBlorqpXJlaWWtPO35D+ZImoC3KWejX64o+yPGxhWSTzfg==", "dev": true, - "requires": { - "@types/q": "^1.5.1", - "chalk": "^2.4.1", - "q": "^1.1.2" - }, - "dependencies": { - "ansi-styles": { - "version": "3.2.1", - "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz", - "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==", - "dev": true, - "requires": { - "color-convert": "^1.9.0" - } - }, - "chalk": { - "version": "2.4.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz", - "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==", - "dev": true, - "requires": { - "ansi-styles": "^3.2.1", - "escape-string-regexp": "^1.0.5", - "supports-color": "^5.3.0" - } - }, - "color-convert": { - "version": "1.9.3", - "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", - "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==", - "dev": true, - "requires": { - "color-name": "1.1.3" - } - }, - "color-name": { - "version": "1.1.3", - "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", - "integrity": "sha1-p9BVi9icQveV3UIyj3QIMcpTvCU=", - "dev": true - }, - "has-flag": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", - "integrity": "sha1-tdRU3CGZriJWmfNGfloH87lVuv0=", - "dev": true - }, - "supports-color": { - "version": "5.5.0", - "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", - "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==", - "dev": true, - "requires": { - "has-flag": "^3.0.0" - } - } - } - }, - "collapse-white-space": { - "version": "1.0.6", - "resolved": "https://registry.npmjs.org/collapse-white-space/-/collapse-white-space-1.0.6.tgz", - "integrity": "sha512-jEovNnrhMuqyCcjfEJA56v0Xq8SkIoPKDyaHahwo3POf4qcSXqMYuwNcOTzp74vTsR9Tn08z4MxWqAhcekogkQ==" + "peer": true }, "collection-visit": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/collection-visit/-/collection-visit-1.0.0.tgz", "integrity": "sha1-S8A3PBZLwykbTTaMgpzxqApZ3KA=", "dev": true, + "peer": true, "requires": { "map-visit": "^1.0.0", "object-visit": "^1.0.0" @@ -22922,6 +17335,7 @@ "version": "2.0.1", "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==", + "dev": true, "requires": { "color-name": "~1.1.4" } @@ -22929,26 +17343,24 @@ "color-name": { "version": "1.1.4", "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", - "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==" + "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==", + "dev": true }, "colorette": { "version": "1.4.0", "resolved": "https://registry.npmjs.org/colorette/-/colorette-1.4.0.tgz", - "integrity": "sha512-Y2oEozpomLn7Q3HFP7dpww7AtMJplbM9lGZP6RDfHqmbeRjiwRg4n6VM6j4KLmRke85uWEI7JqF17f3pqdRA0g==" + "integrity": "sha512-Y2oEozpomLn7Q3HFP7dpww7AtMJplbM9lGZP6RDfHqmbeRjiwRg4n6VM6j4KLmRke85uWEI7JqF17f3pqdRA0g==", + "dev": true }, "combined-stream": { "version": "1.0.8", "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==", + "dev": true, "requires": { "delayed-stream": "~1.0.0" } }, - "comma-separated-tokens": { - "version": "1.0.8", - "resolved": "https://registry.npmjs.org/comma-separated-tokens/-/comma-separated-tokens-1.0.8.tgz", - "integrity": "sha512-GHuDRO12Sypu2cV70d1dkA2EUmXHgntrzbpvOB+Qy+49ypNfGgFQIC2fhhXbnyrJRynDCAARsT7Ou0M6hirpfw==" - }, "commander": { "version": "7.2.0", "resolved": "https://registry.npmjs.org/commander/-/commander-7.2.0.tgz", @@ -22958,7 +17370,9 @@ "commondir": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/commondir/-/commondir-1.0.1.tgz", - "integrity": "sha1-3dgA2gxmEnOTzKWVDqloo6rxJTs=" + "integrity": "sha1-3dgA2gxmEnOTzKWVDqloo6rxJTs=", + "dev": true, + "peer": true }, "compare-versions": { "version": "3.6.0", @@ -22970,80 +17384,44 @@ "version": "1.3.0", "resolved": "https://registry.npmjs.org/component-emitter/-/component-emitter-1.3.0.tgz", "integrity": "sha512-Rd3se6QB+sO1TwqZjscQrurpEPIfO0/yYnSin6Q/rD3mOutHvUrCAhJub3r90uNb+SESBuE0QYoB90YdfatsRg==", - "dev": true - }, - "compute-scroll-into-view": { - "version": "1.0.17", - "resolved": "https://registry.npmjs.org/compute-scroll-into-view/-/compute-scroll-into-view-1.0.17.tgz", - "integrity": "sha512-j4dx+Fb0URmzbwwMUrhqWM2BEWHdFGx+qZ9qqASHRPqvTYdqvWnHg0H1hIbcyLnvgnoNAVMlwkepyqM3DaIFUg==" + "dev": true, + "peer": true }, "concat-map": { "version": "0.0.1", "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", - "integrity": "sha1-2Klr13/Wjfd5OnMDajug1UBdR3s=" - }, - "config-chain": { - "version": "1.1.13", - "resolved": "https://registry.npmjs.org/config-chain/-/config-chain-1.1.13.tgz", - "integrity": "sha512-qj+f8APARXHrM0hraqXYb2/bOVSV4PvJQlNZ/DVj0QrmNM2q2euizkeuVckQ57J+W0mRH6Hvi+k50M4Jul2VRQ==", - "dev": true, - "requires": { - "ini": "^1.3.4", - "proto-list": "~1.2.1" - } + "integrity": "sha1-2Klr13/Wjfd5OnMDajug1UBdR3s=", + "dev": true }, "console-browserify": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/console-browserify/-/console-browserify-1.2.0.tgz", - "integrity": "sha512-ZMkYO/LkF17QvCPqM0gxw8yUzigAOZOSWSHg91FH6orS7vcEj5dVZTidN2fQ14yBSdg97RqhSNwLUXInd52OTA==" - }, - "console-stream": { - "version": "0.1.1", - "resolved": "https://registry.npmjs.org/console-stream/-/console-stream-0.1.1.tgz", - "integrity": "sha1-oJX+B7IEZZVfL6/Si11yvM2UnUQ=", - "dev": true + "integrity": "sha512-ZMkYO/LkF17QvCPqM0gxw8yUzigAOZOSWSHg91FH6orS7vcEj5dVZTidN2fQ14yBSdg97RqhSNwLUXInd52OTA==", + "dev": true, + "peer": true }, "constants-browserify": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/constants-browserify/-/constants-browserify-1.0.0.tgz", - "integrity": "sha1-wguW2MYXdIqvHBYCF2DNJ/y4y3U=" - }, - "content-disposition": { - "version": "0.5.3", - "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.3.tgz", - "integrity": "sha512-ExO0774ikEObIAEV9kDo50o+79VCUdEB6n6lzKgGwupcVeRlhrj3qGAfwq8G6uBJjkqLrhT0qEYFcWng8z1z0g==", - "requires": { - "safe-buffer": "5.1.2" - } - }, - "content-type": { - "version": "1.0.4", - "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.4.tgz", - "integrity": "sha512-hIP3EEPs8tB9AT1L+NUqtwOAps4mk2Zob89MWXMHjHWg9milF/j4osnnQLXBCBFBk/tvIG/tUc9mOUJiPBhPXA==" + "integrity": "sha1-wguW2MYXdIqvHBYCF2DNJ/y4y3U=", + "dev": true, + "peer": true }, "convert-source-map": { "version": "1.7.0", "resolved": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-1.7.0.tgz", "integrity": "sha512-4FJkXzKXEDB1snCFZlLP4gpC3JILicCpGbzG9f9G7tGqGCzETQ2hWPrcinA9oU4wtf2biUaEH5065UnMeR33oA==", + "dev": true, "requires": { "safe-buffer": "~5.1.1" } }, - "cookie": { - "version": "0.4.0", - "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.4.0.tgz", - "integrity": "sha512-+Hp8fLp57wnUSt0tY0tHEXh4voZRDnoIrZPqlo3DPiI4y9lwg/jqx+1Om94/W6ZaPDOUbnjOt/99w66zk+l1Xg==" - }, - "cookie-signature": { - "version": "1.0.6", - "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz", - "integrity": "sha1-4wOogrNCzD7oylE6eZmXNNqzriw=" - }, "copy-descriptor": { "version": "0.1.1", "resolved": "https://registry.npmjs.org/copy-descriptor/-/copy-descriptor-0.1.1.tgz", "integrity": "sha1-Z29us8OZl8LuGsOpJP1hJHSPV40=", - "dev": true + "dev": true, + "peer": true }, "core-js-pure": { "version": "3.15.2", @@ -23054,7 +17432,9 @@ "core-util-is": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.2.tgz", - "integrity": "sha1-tf1UIgqivFq1eqtxQMlAdUUDwac=" + "integrity": "sha1-tf1UIgqivFq1eqtxQMlAdUUDwac=", + "dev": true, + "peer": true }, "cosmiconfig": { "version": "7.0.0", @@ -23073,6 +17453,8 @@ "version": "4.0.4", "resolved": "https://registry.npmjs.org/create-ecdh/-/create-ecdh-4.0.4.tgz", "integrity": "sha512-mf+TCx8wWc9VpuxfP2ht0iSISLZnt0JgWlrOKZiNqyUZWnjIaCIVNQArMHnCZKfEYRg6IM7A+NeJoN8gf/Ws0A==", + "dev": true, + "peer": true, "requires": { "bn.js": "^4.1.0", "elliptic": "^6.5.3" @@ -23081,7 +17463,9 @@ "bn.js": { "version": "4.12.0", "resolved": "https://registry.npmjs.org/bn.js/-/bn.js-4.12.0.tgz", - "integrity": "sha512-c98Bf3tPniI+scsdk237ku1Dc3ujXQTSgyiPUDEOe7tRkhrqridvh8klBv0HCEso1OLOYcHuCv/cS6DNxKH+ZA==" + "integrity": "sha512-c98Bf3tPniI+scsdk237ku1Dc3ujXQTSgyiPUDEOe7tRkhrqridvh8klBv0HCEso1OLOYcHuCv/cS6DNxKH+ZA==", + "dev": true, + "peer": true } } }, @@ -23089,6 +17473,8 @@ "version": "1.2.0", "resolved": "https://registry.npmjs.org/create-hash/-/create-hash-1.2.0.tgz", "integrity": "sha512-z00bCGNHDG8mHAkP7CtT1qVu+bFQUPjYq/4Iv3C3kWjTFV10zIjfSoeqXo9Asws8gwSHDGj/hl2u4OGIjapeCg==", + "dev": true, + "peer": true, "requires": { "cipher-base": "^1.0.1", "inherits": "^2.0.1", @@ -23101,6 +17487,8 @@ "version": "1.1.7", "resolved": "https://registry.npmjs.org/create-hmac/-/create-hmac-1.1.7.tgz", "integrity": "sha512-MJG9liiZ+ogc4TzUwuvbER1JRdgvUFSB5+VR/g5h82fGaIRWMWddtKBHi7/sVhfjQZ6SehlyhvQYrcYkaUIpLg==", + "dev": true, + "peer": true, "requires": { "cipher-base": "^1.0.3", "create-hash": "^1.1.0", @@ -23114,6 +17502,7 @@ "version": "3.1.4", "resolved": "https://registry.npmjs.org/cross-fetch/-/cross-fetch-3.1.4.tgz", "integrity": "sha512-1eAtFWdIubi6T4XPy6ei9iUFoKpUkIF971QLN8lIvvvwueI65+Nw5haMNKUwfJxabqlIIDODJKGrQ66gxC0PbQ==", + "dev": true, "requires": { "node-fetch": "2.6.1" } @@ -23133,6 +17522,8 @@ "version": "3.12.0", "resolved": "https://registry.npmjs.org/crypto-browserify/-/crypto-browserify-3.12.0.tgz", "integrity": "sha512-fz4spIh+znjO2VjL+IdhEpRJ3YN6sMzITSBijk6FK2UvTqruSQW+/cCZTSNsMiZNvUeq0CqurF+dAbyiGOY6Wg==", + "dev": true, + "peer": true, "requires": { "browserify-cipher": "^1.0.0", "browserify-sign": "^4.0.0", @@ -23147,52 +17538,12 @@ "randomfill": "^1.0.3" } }, - "css-select": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/css-select/-/css-select-2.1.0.tgz", - "integrity": "sha512-Dqk7LQKpwLoH3VovzZnkzegqNSuAziQyNZUcrdDM401iY+R5NkGBXGmtO05/yaXQziALuPogeG0b7UAgjnTJTQ==", - "dev": true, - "requires": { - "boolbase": "^1.0.0", - "css-what": "^3.2.1", - "domutils": "^1.7.0", - "nth-check": "^1.0.2" - } - }, - "css-select-base-adapter": { - "version": "0.1.1", - "resolved": "https://registry.npmjs.org/css-select-base-adapter/-/css-select-base-adapter-0.1.1.tgz", - "integrity": "sha512-jQVeeRG70QI08vSTwf1jHxp74JoZsr2XSgETae8/xC8ovSnL2WF87GTLO86Sbwdt2lK4Umg4HnnwMO4YF3Ce7w==", - "dev": true - }, - "css-tree": { - "version": "1.0.0-alpha.37", - "resolved": "https://registry.npmjs.org/css-tree/-/css-tree-1.0.0-alpha.37.tgz", - "integrity": "sha512-DMxWJg0rnz7UgxKT0Q1HU/L9BeJI0M6ksor0OgqOnF+aRCDWg/N2641HmVyU9KVIu0OVVWOb2IpC9A+BJRnejg==", - "dev": true, - "requires": { - "mdn-data": "2.0.4", - "source-map": "^0.6.1" - }, - "dependencies": { - "source-map": { - "version": "0.6.1", - "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", - "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==", - "dev": true - } - } - }, - "css-what": { - "version": "3.4.2", - "resolved": "https://registry.npmjs.org/css-what/-/css-what-3.4.2.tgz", - "integrity": "sha512-ACUm3L0/jiZTqfzRM3Hi9Q8eZqd6IK37mMWPLz9PJxkLWllYeRf+EHUSHYEtFop2Eqytaq1FizFVh7XfBnXCDQ==", - "dev": true - }, "css.escape": { "version": "1.5.1", "resolved": "https://registry.npmjs.org/css.escape/-/css.escape-1.5.1.tgz", - "integrity": "sha1-QuJ9T6BK4y+TGktNQZH6nN3ul8s=" + "integrity": "sha1-QuJ9T6BK4y+TGktNQZH6nN3ul8s=", + "dev": true, + "peer": true }, "cssesc": { "version": "3.0.0", @@ -23204,6 +17555,8 @@ "version": "3.0.0", "resolved": "https://registry.npmjs.org/cssnano-preset-simple/-/cssnano-preset-simple-3.0.0.tgz", "integrity": "sha512-vxQPeoMRqUT3c/9f0vWeVa2nKQIHFpogtoBvFdW4GQ3IvEJ6uauCP6p3Y5zQDLFcI7/+40FTgX12o7XUL0Ko+w==", + "dev": true, + "peer": true, "requires": { "caniuse-lite": "^1.0.30001202" } @@ -23212,68 +17565,38 @@ "version": "3.0.0", "resolved": "https://registry.npmjs.org/cssnano-simple/-/cssnano-simple-3.0.0.tgz", "integrity": "sha512-oU3ueli5Dtwgh0DyeohcIEE00QVfbPR3HzyXdAl89SfnQG3y0/qcpfLVW+jPIh3/rgMZGwuW96rejZGaYE9eUg==", + "dev": true, + "peer": true, "requires": { "cssnano-preset-simple": "^3.0.0" } }, - "csso": { - "version": "4.2.0", - "resolved": "https://registry.npmjs.org/csso/-/csso-4.2.0.tgz", - "integrity": "sha512-wvlcdIbf6pwKEk7vHj8/Bkc0B4ylXZruLvOgs9doS5eOsOpuodOV2zJChSpkp+pRpYQLQMeF04nr3Z68Sta9jA==", + "cssom": { + "version": "0.4.4", + "resolved": "https://registry.npmjs.org/cssom/-/cssom-0.4.4.tgz", + "integrity": "sha512-p3pvU7r1MyyqbTk+WbNJIgJjG2VmTIaB10rI93LzVPrmDJKkzKYMtxxyAvQXR/NS6otuzveI7+7BBq3SjBS2mw==", "dev": true, + "peer": true + }, + "cssstyle": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/cssstyle/-/cssstyle-2.3.0.tgz", + "integrity": "sha512-AZL67abkUzIuvcHqk7c09cezpGNcxUxU4Ioi/05xHk4DQeTkWmGYftIE6ctU6AEt+Gn4n1lDStOtj7FKycP71A==", + "dev": true, + "peer": true, "requires": { - "css-tree": "^1.1.2" + "cssom": "~0.3.6" }, "dependencies": { - "css-tree": { - "version": "1.1.3", - "resolved": "https://registry.npmjs.org/css-tree/-/css-tree-1.1.3.tgz", - "integrity": "sha512-tRpdppF7TRazZrjJ6v3stzv93qxRcSsFmW6cX0Zm2NVKpxE1WV1HblnghVv9TreireHkqI/VDEsfolRF1p6y7Q==", + "cssom": { + "version": "0.3.8", + "resolved": "https://registry.npmjs.org/cssom/-/cssom-0.3.8.tgz", + "integrity": "sha512-b0tGHbfegbhPJpxpiBPU2sCkigAqtM9O121le6bbOlgyV+NyGyCmVfJ6QW9eRjz8CpNfWEOYBIMIGRYkLwsIYg==", "dev": true, - "requires": { - "mdn-data": "2.0.14", - "source-map": "^0.6.1" - } - }, - "mdn-data": { - "version": "2.0.14", - "resolved": "https://registry.npmjs.org/mdn-data/-/mdn-data-2.0.14.tgz", - "integrity": "sha512-dn6wd0uw5GsdswPFfsgMp5NSB0/aDe6fK94YJV/AJDYXL6HVLWBsxeq7js7Ad+mU2K9LAlwpk6kN2D5mwCPVow==", - "dev": true - }, - "source-map": { - "version": "0.6.1", - "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", - "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==", - "dev": true + "peer": true } } }, - "csstype": { - "version": "3.0.8", - "resolved": "https://registry.npmjs.org/csstype/-/csstype-3.0.8.tgz", - "integrity": "sha512-jXKhWqXPmlUeoQnF/EhTtTl4C9SnrxSH/jZUih3jmO6lBKr99rP3/+FmrMj4EFpOXzMtXHAZkd3x0E6h6Fgflw==", - "devOptional": true - }, - "currently-unhandled": { - "version": "0.4.1", - "resolved": "https://registry.npmjs.org/currently-unhandled/-/currently-unhandled-0.4.1.tgz", - "integrity": "sha1-mI3zP+qxke95mmE2nddsF635V+o=", - "dev": true, - "requires": { - "array-find-index": "^1.0.1" - } - }, - "d3-ease": { - "version": "1.0.7", - "resolved": "https://registry.npmjs.org/d3-ease/-/d3-ease-1.0.7.tgz", - "integrity": "sha512-lx14ZPYkhNx0s/2HX5sLFUI3mbasHjSSpwO/KaaNACweVwxUruKyWVcb293wMv1RqTPZyZ8kSZ2NogUZNcLOFQ==" - }, - "d3-timer": { - "version": "1.0.10", - "resolved": "https://registry.npmjs.org/d3-timer/-/d3-timer-1.0.10.tgz", - "integrity": "sha512-B1JDm0XDaQC+uvo4DT79H0XmBskgS3l6Ve+1SBCfxgmtIb1AVrPIoqd+nPSv+loMX8szQ0sVUhGngL7D5QPiXw==" - }, "damerau-levenshtein": { "version": "1.0.7", "resolved": "https://registry.npmjs.org/damerau-levenshtein/-/damerau-levenshtein-1.0.7.tgz", @@ -23289,33 +17612,50 @@ "data-uri-to-buffer": { "version": "3.0.1", "resolved": "https://registry.npmjs.org/data-uri-to-buffer/-/data-uri-to-buffer-3.0.1.tgz", - "integrity": "sha512-WboRycPNsVw3B3TL559F7kuBUM4d8CgMEvk6xEJlOp7OBPjt6G7z8WMWlD2rOFZLk6OYfFIUGsCOWzcQH9K2og==" + "integrity": "sha512-WboRycPNsVw3B3TL559F7kuBUM4d8CgMEvk6xEJlOp7OBPjt6G7z8WMWlD2rOFZLk6OYfFIUGsCOWzcQH9K2og==", + "dev": true, + "peer": true }, - "datocms-listen": { - "version": "0.1.6", - "resolved": "https://registry.npmjs.org/datocms-listen/-/datocms-listen-0.1.6.tgz", - "integrity": "sha512-B3lJqobSV4fzkY7CYgYMcK0k2Hvy7/8g+LLnxiQ9Fgm+ETsQbRjHvF2neEX6kDWXNiP6pn0Fq5lkxyeGFjXU7w==" - }, - "datocms-structured-text-generic-html-renderer": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/datocms-structured-text-generic-html-renderer/-/datocms-structured-text-generic-html-renderer-1.2.0.tgz", - "integrity": "sha512-77w/bfO0GE43ck4ClhkeNs7vG3zmsgo1uyBLEomeALtfj0rlbCWS5jI33svMl3ek1BbBukTVdqLaliyrxCwpWg==", + "data-urls": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/data-urls/-/data-urls-2.0.0.tgz", + "integrity": "sha512-X5eWTSXO/BJmpdIKCRuKUgSCgAN0OwliVK3yPKbwIWU1Tdw5BRajxlzMidvh+gwko9AfQ9zIj52pzF91Q3YAvQ==", + "dev": true, + "peer": true, "requires": { - "datocms-structured-text-utils": "^1.2.0" - } - }, - "datocms-structured-text-utils": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/datocms-structured-text-utils/-/datocms-structured-text-utils-1.2.0.tgz", - "integrity": "sha512-8qfpSWU/nVrMr8C0aT5n16WN0/KQbtYD2GJXd9WDf01bfr+WzJCi5szZF1dBLhD2zhs41A4gtO3aM4J1CQe4wA==", - "requires": { - "array-flatten": "^3.0.0" + "abab": "^2.0.3", + "whatwg-mimetype": "^2.3.0", + "whatwg-url": "^8.0.0" }, "dependencies": { - "array-flatten": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-3.0.0.tgz", - "integrity": "sha512-zPMVc3ZYlGLNk4mpK1NzP2wg0ml9t7fUgDsayR5Y5rSzxQilzR9FGu/EH2jQOcKSAeAfWeylyW8juy3OkWRvNA==" + "tr46": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/tr46/-/tr46-2.1.0.tgz", + "integrity": "sha512-15Ih7phfcdP5YxqiB+iDtLoaTz4Nd35+IiAv0kQ5FNKHzXgdWqPoTIqEDDJmXceQt4JZk6lVPT8lnDlPpGDppw==", + "dev": true, + "peer": true, + "requires": { + "punycode": "^2.1.1" + } + }, + "webidl-conversions": { + "version": "6.1.0", + "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-6.1.0.tgz", + "integrity": "sha512-qBIvFLGiBpLjfwmYAaHPXsn+ho5xZnGvyGvsarywGNc8VyQJUMHJ8OBKGGrPER0okBeMDaan4mNBlgBROxuI8w==", + "dev": true, + "peer": true + }, + "whatwg-url": { + "version": "8.7.0", + "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-8.7.0.tgz", + "integrity": "sha512-gAojqb/m9Q8a5IV96E3fHJM70AzCkgt4uXYX2O7EmuyOnLrViCQlsEBmF9UQIu3/aeAIp2U17rtbpZWNntQqdg==", + "dev": true, + "peer": true, + "requires": { + "lodash": "^4.7.0", + "tr46": "^2.1.0", + "webidl-conversions": "^6.1.0" + } } } }, @@ -23323,6 +17663,7 @@ "version": "4.3.1", "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.1.tgz", "integrity": "sha512-doEwdvm4PCeK4K3RQN2ZC2BYUBaxwLARCqZmMjtF8a51J2Rb0xpVloFRnCODwqjpwnAoao4pelN8l3RJdv3gRQ==", + "dev": true, "requires": { "ms": "2.1.2" } @@ -23351,144 +17692,19 @@ } } }, + "decimal.js": { + "version": "10.3.1", + "resolved": "https://registry.npmjs.org/decimal.js/-/decimal.js-10.3.1.tgz", + "integrity": "sha512-V0pfhfr8suzyPGOx3nmq4aHqabehUZn6Ch9kyFpV79TGDTWFmHqUqXdabR7QHqxzrYolF4+tVmJhUG4OURg5dQ==", + "dev": true, + "peer": true + }, "decode-uri-component": { "version": "0.2.0", "resolved": "https://registry.npmjs.org/decode-uri-component/-/decode-uri-component-0.2.0.tgz", - "integrity": "sha1-6zkTMzRYd1y4TNGh+uBiEGu4dUU=" - }, - "decompress": { - "version": "4.2.1", - "resolved": "https://registry.npmjs.org/decompress/-/decompress-4.2.1.tgz", - "integrity": "sha512-e48kc2IjU+2Zw8cTb6VZcJQ3lgVbS4uuB1TfCHbiZIP/haNXm+SVyhu+87jts5/3ROpd82GSVCoNs/z8l4ZOaQ==", + "integrity": "sha1-6zkTMzRYd1y4TNGh+uBiEGu4dUU=", "dev": true, - "requires": { - "decompress-tar": "^4.0.0", - "decompress-tarbz2": "^4.0.0", - "decompress-targz": "^4.0.0", - "decompress-unzip": "^4.0.1", - "graceful-fs": "^4.1.10", - "make-dir": "^1.0.0", - "pify": "^2.3.0", - "strip-dirs": "^2.0.0" - }, - "dependencies": { - "pify": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/pify/-/pify-2.3.0.tgz", - "integrity": "sha1-7RQaasBDqEnqWISY59yosVMw6Qw=", - "dev": true - } - } - }, - "decompress-response": { - "version": "3.3.0", - "resolved": "https://registry.npmjs.org/decompress-response/-/decompress-response-3.3.0.tgz", - "integrity": "sha1-gKTdMjdIOEv6JICDYirt7Jgq3/M=", - "dev": true, - "requires": { - "mimic-response": "^1.0.0" - } - }, - "decompress-tar": { - "version": "4.1.1", - "resolved": "https://registry.npmjs.org/decompress-tar/-/decompress-tar-4.1.1.tgz", - "integrity": "sha512-JdJMaCrGpB5fESVyxwpCx4Jdj2AagLmv3y58Qy4GE6HMVjWz1FeVQk1Ct4Kye7PftcdOo/7U7UKzYBJgqnGeUQ==", - "dev": true, - "requires": { - "file-type": "^5.2.0", - "is-stream": "^1.1.0", - "tar-stream": "^1.5.2" - }, - "dependencies": { - "is-stream": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-1.1.0.tgz", - "integrity": "sha1-EtSj3U5o4Lec6428hBc66A2RykQ=", - "dev": true - } - } - }, - "decompress-tarbz2": { - "version": "4.1.1", - "resolved": "https://registry.npmjs.org/decompress-tarbz2/-/decompress-tarbz2-4.1.1.tgz", - "integrity": "sha512-s88xLzf1r81ICXLAVQVzaN6ZmX4A6U4z2nMbOwobxkLoIIfjVMBg7TeguTUXkKeXni795B6y5rnvDw7rxhAq9A==", - "dev": true, - "requires": { - "decompress-tar": "^4.1.0", - "file-type": "^6.1.0", - "is-stream": "^1.1.0", - "seek-bzip": "^1.0.5", - "unbzip2-stream": "^1.0.9" - }, - "dependencies": { - "file-type": { - "version": "6.2.0", - "resolved": "https://registry.npmjs.org/file-type/-/file-type-6.2.0.tgz", - "integrity": "sha512-YPcTBDV+2Tm0VqjybVd32MHdlEGAtuxS3VAYsumFokDSMG+ROT5wawGlnHDoz7bfMcMDt9hxuXvXwoKUx2fkOg==", - "dev": true - }, - "is-stream": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-1.1.0.tgz", - "integrity": "sha1-EtSj3U5o4Lec6428hBc66A2RykQ=", - "dev": true - } - } - }, - "decompress-targz": { - "version": "4.1.1", - "resolved": "https://registry.npmjs.org/decompress-targz/-/decompress-targz-4.1.1.tgz", - "integrity": "sha512-4z81Znfr6chWnRDNfFNqLwPvm4db3WuZkqV+UgXQzSngG3CEKdBkw5jrv3axjjL96glyiiKjsxJG3X6WBZwX3w==", - "dev": true, - "requires": { - "decompress-tar": "^4.1.1", - "file-type": "^5.2.0", - "is-stream": "^1.1.0" - }, - "dependencies": { - "is-stream": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-1.1.0.tgz", - "integrity": "sha1-EtSj3U5o4Lec6428hBc66A2RykQ=", - "dev": true - } - } - }, - "decompress-unzip": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/decompress-unzip/-/decompress-unzip-4.0.1.tgz", - "integrity": "sha1-3qrM39FK6vhVePczroIQ+bSEj2k=", - "dev": true, - "requires": { - "file-type": "^3.8.0", - "get-stream": "^2.2.0", - "pify": "^2.3.0", - "yauzl": "^2.4.2" - }, - "dependencies": { - "file-type": { - "version": "3.9.0", - "resolved": "https://registry.npmjs.org/file-type/-/file-type-3.9.0.tgz", - "integrity": "sha1-JXoHg4TR24CHvESdEH1SpSZyuek=", - "dev": true - }, - "get-stream": { - "version": "2.3.1", - "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-2.3.1.tgz", - "integrity": "sha1-Xzj5PzRgCWZu4BUKBUFn+Rvdld4=", - "dev": true, - "requires": { - "object-assign": "^4.0.1", - "pinkie-promise": "^2.0.0" - } - }, - "pify": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/pify/-/pify-2.3.0.tgz", - "integrity": "sha1-7RQaasBDqEnqWISY59yosVMw6Qw=", - "dev": true - } - } + "peer": true }, "deep-is": { "version": "0.1.3", @@ -23496,15 +17712,11 @@ "integrity": "sha1-s2nW+128E+7PUk+RsHD+7cNXzzQ=", "dev": true }, - "deepmerge": { - "version": "2.2.1", - "resolved": "https://registry.npmjs.org/deepmerge/-/deepmerge-2.2.1.tgz", - "integrity": "sha512-R9hc1Xa/NOBi9WRVUWg19rl1UB7Tt4kuPd+thNJgFZoxXsTz7ncaPaeIm+40oSGuP33DfMb4sZt1QIGiJzC4EA==" - }, "define-properties": { "version": "1.1.3", "resolved": "https://registry.npmjs.org/define-properties/-/define-properties-1.1.3.tgz", "integrity": "sha512-3MqfYKj2lLzdMSf8ZIZE/V+Zuy+BgD6f164e8K2w7dgnpKArBDerGYpM46IYYcjnkdPNMjPk9A6VFB8+3SKlXQ==", + "dev": true, "requires": { "object-keys": "^1.0.12" } @@ -23514,6 +17726,7 @@ "resolved": "https://registry.npmjs.org/define-property/-/define-property-2.0.2.tgz", "integrity": "sha512-jwK2UV4cnPpbcG7+VRARKTZPUWowwXA8bzH5NP6ud0oeAxyYPuGZUAC7hMugpCdz4BeSZl2Dl9k66CHJ/46ZYQ==", "dev": true, + "peer": true, "requires": { "is-descriptor": "^1.0.2", "isobject": "^3.0.1" @@ -23522,49 +17735,47 @@ "delayed-stream": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", - "integrity": "sha1-3zrhmayt+31ECqrgsp4icrJOxhk=" + "integrity": "sha1-3zrhmayt+31ECqrgsp4icrJOxhk=", + "dev": true }, "depd": { "version": "1.1.2", "resolved": "https://registry.npmjs.org/depd/-/depd-1.1.2.tgz", - "integrity": "sha1-m81S4UwJd2PnSbJ0xDRu0uVgtak=" - }, - "dequal": { - "version": "2.0.2", - "resolved": "https://registry.npmjs.org/dequal/-/dequal-2.0.2.tgz", - "integrity": "sha512-q9K8BlJVxK7hQYqa6XISGmBZbtQQWVXSrRrWreHC94rMt1QL/Impruc+7p2CYSYuVIUr+YCt6hjrs1kkdJRTug==" + "integrity": "sha1-m81S4UwJd2PnSbJ0xDRu0uVgtak=", + "dev": true, + "peer": true }, "des.js": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/des.js/-/des.js-1.0.1.tgz", "integrity": "sha512-Q0I4pfFrv2VPd34/vfLrFOoRmlYj3OV50i7fskps1jZWK1kApMWWT9G6RRUeYedLcBDIhnSDaUvJMb3AhUlaEA==", + "dev": true, + "peer": true, "requires": { "inherits": "^2.0.1", "minimalistic-assert": "^1.0.0" } }, - "destroy": { - "version": "1.0.4", - "resolved": "https://registry.npmjs.org/destroy/-/destroy-1.0.4.tgz", - "integrity": "sha1-l4hXRCxEdJ5CBmE+N5RiBYJqvYA=" + "detect-newline": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/detect-newline/-/detect-newline-3.1.0.tgz", + "integrity": "sha512-TLz+x/vEXm/Y7P7wn1EJFNLxYpUD4TgMosxY6fAVJUnJMbupHBOncxyWUG9OpTaH9EBD7uFI5LfEgmMOc54DsA==", + "dev": true, + "peer": true }, - "detab": { - "version": "2.0.4", - "resolved": "https://registry.npmjs.org/detab/-/detab-2.0.4.tgz", - "integrity": "sha512-8zdsQA5bIkoRECvCrNKPla84lyoR7DSAyf7p0YgXzBO9PDJx8KntPUay7NS6yp+KdxdVtiE5SpHKtbp2ZQyA9g==", - "requires": { - "repeat-string": "^1.5.4" - } - }, - "detect-node-es": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/detect-node-es/-/detect-node-es-1.1.0.tgz", - "integrity": "sha512-ypdmJU/TbBby2Dxibuv7ZLW3Bs1QEmM7nHjEANfohJLvE0XVujisn1qPJcZxg+qDucsr+bP6fLD1rPS3AhJ7EQ==" + "diff-sequences": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/diff-sequences/-/diff-sequences-26.6.2.tgz", + "integrity": "sha512-Mv/TDa3nZ9sbc5soK+OoA74BsS3mL37yixCvUAQkiuA4Wz6YtwP/K47n2rv2ovzHZvoiQeA5FTQOschKkEwB0Q==", + "dev": true, + "peer": true }, "diffie-hellman": { "version": "5.0.3", "resolved": "https://registry.npmjs.org/diffie-hellman/-/diffie-hellman-5.0.3.tgz", "integrity": "sha512-kqag/Nl+f3GwyK25fhUMYj81BUOrZ9IuJsjIcDE5icNM9FJHAVm3VcUDxdLPoQtTuUylWm6ZIknYJwwaPxsUzg==", + "dev": true, + "peer": true, "requires": { "bn.js": "^4.1.0", "miller-rabin": "^4.0.0", @@ -23574,7 +17785,9 @@ "bn.js": { "version": "4.12.0", "resolved": "https://registry.npmjs.org/bn.js/-/bn.js-4.12.0.tgz", - "integrity": "sha512-c98Bf3tPniI+scsdk237ku1Dc3ujXQTSgyiPUDEOe7tRkhrqridvh8klBv0HCEso1OLOYcHuCv/cS6DNxKH+ZA==" + "integrity": "sha512-c98Bf3tPniI+scsdk237ku1Dc3ujXQTSgyiPUDEOe7tRkhrqridvh8klBv0HCEso1OLOYcHuCv/cS6DNxKH+ZA==", + "dev": true, + "peer": true } } }, @@ -23623,7 +17836,9 @@ "domain-browser": { "version": "4.19.0", "resolved": "https://registry.npmjs.org/domain-browser/-/domain-browser-4.19.0.tgz", - "integrity": "sha512-fRA+BaAWOR/yr/t7T9E9GJztHPeFjj8U35ajyAjCDtAAnTn1Rc1f6W6VGPJrO1tkQv9zWu+JRof7z6oQtiYVFQ==" + "integrity": "sha512-fRA+BaAWOR/yr/t7T9E9GJztHPeFjj8U35ajyAjCDtAAnTn1Rc1f6W6VGPJrO1tkQv9zWu+JRof7z6oQtiYVFQ==", + "dev": true, + "peer": true }, "domelementtype": { "version": "1.3.1", @@ -23631,6 +17846,25 @@ "integrity": "sha512-BSKB+TSpMpFI/HOxCNr1O8aMOTZ8hT3pM3GQ0w/mWRmkhEDSFJkkyzz4XQsBV44BChwGkrDfMyjVD0eA2aFV3w==", "dev": true }, + "domexception": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/domexception/-/domexception-2.0.1.tgz", + "integrity": "sha512-yxJ2mFy/sibVQlu5qHjOkf9J3K6zgmCxgJ94u2EdvDOV09H+32LtRswEcUsmUWN72pVLOEnTSRaIVVzVQgS0dg==", + "dev": true, + "peer": true, + "requires": { + "webidl-conversions": "^5.0.0" + }, + "dependencies": { + "webidl-conversions": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-5.0.0.tgz", + "integrity": "sha512-VlZwKPCkYKxQgeSbH5EyngOmRp7Ww7I9rQLERETtf5ofd9pGeswWiOtogpEO850jziPRarreGxn5QIiTqpb2wA==", + "dev": true, + "peer": true + } + } + }, "domhandler": { "version": "2.4.2", "resolved": "https://registry.npmjs.org/domhandler/-/domhandler-2.4.2.tgz", @@ -23650,66 +17884,6 @@ "domelementtype": "1" } }, - "dotenv": { - "version": "10.0.0", - "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-10.0.0.tgz", - "integrity": "sha512-rlBi9d8jpv9Sf1klPjNfFAuWDjKLwTIJJ/VxtoTwIR6hnZxcEOQCZg2oIL3MWBYw5GpUDKOEnND7LXTbIpQ03Q==" - }, - "download": { - "version": "6.2.5", - "resolved": "https://registry.npmjs.org/download/-/download-6.2.5.tgz", - "integrity": "sha512-DpO9K1sXAST8Cpzb7kmEhogJxymyVUd5qz/vCOSyvwtp2Klj2XcDt5YUuasgxka44SxF0q5RriKIwJmQHG2AuA==", - "dev": true, - "requires": { - "caw": "^2.0.0", - "content-disposition": "^0.5.2", - "decompress": "^4.0.0", - "ext-name": "^5.0.0", - "file-type": "5.2.0", - "filenamify": "^2.0.0", - "get-stream": "^3.0.0", - "got": "^7.0.0", - "make-dir": "^1.0.0", - "p-event": "^1.0.0", - "pify": "^3.0.0" - }, - "dependencies": { - "get-stream": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-3.0.0.tgz", - "integrity": "sha1-jpQ9E1jcN1VQVOy+LtsFqhdO3hQ=", - "dev": true - } - } - }, - "downshift": { - "version": "3.1.5", - "resolved": "https://registry.npmjs.org/downshift/-/downshift-3.1.5.tgz", - "integrity": "sha512-2PpR4+A0WiF0R+Q6sq79sSG+sAy4KBlH5FwnU8FtD5zkeZH/UQZm/QS7kq/CglSH8vl1qpPoaap4Z2Oe9Swcrg==", - "requires": { - "@babel/runtime": "^7.1.2", - "compute-scroll-into-view": "^1.0.9", - "prop-types": "^15.6.0", - "react-is": "^16.5.2" - } - }, - "duplexer": { - "version": "0.1.2", - "resolved": "https://registry.npmjs.org/duplexer/-/duplexer-0.1.2.tgz", - "integrity": "sha512-jtD6YG370ZCIi/9GTaJKQxWTZD045+4R4hTk/x1UyoqadyJ9x9CgSi1RlVDQF8U2sxLLSnFkCaMihqljHIWgMg==", - "dev": true - }, - "duplexer3": { - "version": "0.1.4", - "resolved": "https://registry.npmjs.org/duplexer3/-/duplexer3-0.1.4.tgz", - "integrity": "sha1-7gHdHKwO08vH/b6jfcCo8c4ALOI=", - "dev": true - }, - "ee-first": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz", - "integrity": "sha1-WQxhFWsK4vTwJVcyoViyZrxWsh0=" - }, "ejs": { "version": "3.1.5", "resolved": "https://registry.npmjs.org/ejs/-/ejs-3.1.5.tgz", @@ -23722,12 +17896,15 @@ "electron-to-chromium": { "version": "1.3.785", "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.3.785.tgz", - "integrity": "sha512-WmCgAeURsMFiyoJ646eUaJQ7GNfvMRLXo+GamUyKVNEM4MqTAsXyC0f38JEB4N3BtbD0tlAKozGP5E2T9K3YGg==" + "integrity": "sha512-WmCgAeURsMFiyoJ646eUaJQ7GNfvMRLXo+GamUyKVNEM4MqTAsXyC0f38JEB4N3BtbD0tlAKozGP5E2T9K3YGg==", + "dev": true }, "elliptic": { "version": "6.5.4", "resolved": "https://registry.npmjs.org/elliptic/-/elliptic-6.5.4.tgz", "integrity": "sha512-iLhC6ULemrljPZb+QutR5TQGB+pdW6KGD5RSegS+8sorOZT+rdQFbsQFJgvN3eRqNALqJer4oQ16YvJHlU8hzQ==", + "dev": true, + "peer": true, "requires": { "bn.js": "^4.11.9", "brorand": "^1.1.0", @@ -23741,31 +17918,31 @@ "bn.js": { "version": "4.12.0", "resolved": "https://registry.npmjs.org/bn.js/-/bn.js-4.12.0.tgz", - "integrity": "sha512-c98Bf3tPniI+scsdk237ku1Dc3ujXQTSgyiPUDEOe7tRkhrqridvh8klBv0HCEso1OLOYcHuCv/cS6DNxKH+ZA==" + "integrity": "sha512-c98Bf3tPniI+scsdk237ku1Dc3ujXQTSgyiPUDEOe7tRkhrqridvh8klBv0HCEso1OLOYcHuCv/cS6DNxKH+ZA==", + "dev": true, + "peer": true } } }, + "emittery": { + "version": "0.7.2", + "resolved": "https://registry.npmjs.org/emittery/-/emittery-0.7.2.tgz", + "integrity": "sha512-A8OG5SR/ij3SsJdWDJdkkSYUjQdCUx6APQXem0SaEePBSRg4eymGYwBkKo1Y6DU+af/Jn2dBQqDBvjnr9Vi8nQ==", + "dev": true, + "peer": true + }, "emoji-regex": { "version": "8.0.0", "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==", "dev": true }, - "emojis-list": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/emojis-list/-/emojis-list-3.0.0.tgz", - "integrity": "sha512-/kyM18EfinwXZbno9FyUGeFh87KC8HRQBQGildHZbEuRyWFOmv1U10o9BBp8XVZDVNNuQKyIGIu5ZYAAXJ0V2Q==", - "dev": true - }, - "encodeurl": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz", - "integrity": "sha1-rT/0yG7C0CkyL1oCw6mmBslbP1k=" - }, "encoding": { "version": "0.1.13", "resolved": "https://registry.npmjs.org/encoding/-/encoding-0.1.13.tgz", "integrity": "sha512-ETBauow1T35Y/WZMkio9jiM0Z5xjHHmJ4XmjZOq1l/dXz3lr2sRn87nJy20RupqSh1F2m3HHPSp8ShIPQJrJ3A==", + "dev": true, + "peer": true, "requires": { "iconv-lite": "^0.6.2" }, @@ -23774,6 +17951,8 @@ "version": "0.6.3", "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.6.3.tgz", "integrity": "sha512-4fCk79wshMdzMp2rH06qWrJE4iolqLhCUH+OiuIgU++RB0+94NlDL81atO7GX55uUKueo0txHNtvEyI6D7WdMw==", + "dev": true, + "peer": true, "requires": { "safer-buffer": ">= 2.1.2 < 3.0.0" } @@ -23784,20 +17963,12 @@ "version": "1.4.4", "resolved": "https://registry.npmjs.org/end-of-stream/-/end-of-stream-1.4.4.tgz", "integrity": "sha512-+uw1inIHVPQoaVuHzRyXd21icM+cnt4CzD5rW+NC1wjOUSTOs+Te7FOv7AhN7vS9x/oIyhLP5PR1H+phQAHu5Q==", + "dev": true, + "peer": true, "requires": { "once": "^1.4.0" } }, - "enhanced-resolve": { - "version": "5.8.3", - "resolved": "https://registry.npmjs.org/enhanced-resolve/-/enhanced-resolve-5.8.3.tgz", - "integrity": "sha512-EGAbGvH7j7Xt2nc0E7D99La1OiEs8LnyimkRgwExpUMScN6O+3x9tIWs7PLQZVNx4YD+00skHXPXi1yQHpAmZA==", - "dev": true, - "requires": { - "graceful-fs": "^4.2.4", - "tapable": "^2.2.0" - } - }, "enquirer": { "version": "2.3.6", "resolved": "https://registry.npmjs.org/enquirer/-/enquirer-2.3.6.tgz", @@ -23822,18 +17993,11 @@ "is-arrayish": "^0.2.1" } }, - "error-stack-parser": { - "version": "2.0.6", - "resolved": "https://registry.npmjs.org/error-stack-parser/-/error-stack-parser-2.0.6.tgz", - "integrity": "sha512-d51brTeqC+BHlwF0BhPtcYgF5nlzf9ZZ0ZIUQNZpc9ZB9qw5IJ2diTrBY9jlCJkTLITYPjmiX6OWCwH+fuyNgQ==", - "requires": { - "stackframe": "^1.1.1" - } - }, "es-abstract": { "version": "1.18.3", "resolved": "https://registry.npmjs.org/es-abstract/-/es-abstract-1.18.3.tgz", "integrity": "sha512-nQIr12dxV7SSxE6r6f1l3DtAeEYdsGpps13dR0TwJg1S8gyp4ZPgy3FZcHBgbiQqnoqSTb+oC+kO4UQ0C/J8vw==", + "dev": true, "requires": { "call-bind": "^1.0.2", "es-to-primitive": "^1.2.1", @@ -23857,6 +18021,7 @@ "version": "1.2.1", "resolved": "https://registry.npmjs.org/es-to-primitive/-/es-to-primitive-1.2.1.tgz", "integrity": "sha512-QCOllgZJtaUo9miYBcLChTUaHNjJF3PYs1VidD7AwiEj1kYxKeQTctLAezAOH5ZKRH0g2IgPn6KwB4IT8iRpvA==", + "dev": true, "requires": { "is-callable": "^1.1.4", "is-date-object": "^1.0.1", @@ -23866,27 +18031,95 @@ "es6-object-assign": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/es6-object-assign/-/es6-object-assign-1.1.0.tgz", - "integrity": "sha1-wsNYJlYkfDnqEHyx5mUrb58kUjw=" - }, - "esbuild": { - "version": "0.11.23", - "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.11.23.tgz", - "integrity": "sha512-iaiZZ9vUF5wJV8ob1tl+5aJTrwDczlvGP0JoMmnpC2B0ppiMCu8n8gmy5ZTGl5bcG081XBVn+U+jP+mPFm5T5Q==" + "integrity": "sha1-wsNYJlYkfDnqEHyx5mUrb58kUjw=", + "dev": true, + "peer": true }, "escalade": { "version": "3.1.1", "resolved": "https://registry.npmjs.org/escalade/-/escalade-3.1.1.tgz", - "integrity": "sha512-k0er2gUkLf8O0zKJiAhmkTnJlTvINGv7ygDNPbeIsX/TJjGJZHuh9B2UxbsaEkmlEo9MfhrSzmhIlhRlI2GXnw==" - }, - "escape-html": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz", - "integrity": "sha1-Aljq5NPQwJdN4cFpGI7wBR0dGYg=" + "integrity": "sha512-k0er2gUkLf8O0zKJiAhmkTnJlTvINGv7ygDNPbeIsX/TJjGJZHuh9B2UxbsaEkmlEo9MfhrSzmhIlhRlI2GXnw==", + "dev": true }, "escape-string-regexp": { "version": "1.0.5", "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", - "integrity": "sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ=" + "integrity": "sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ=", + "dev": true + }, + "escodegen": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/escodegen/-/escodegen-2.0.0.tgz", + "integrity": "sha512-mmHKys/C8BFUGI+MAWNcSYoORYLMdPzjrknd2Vc+bUsjN5bXcr8EhrNB+UTqfL1y3I9c4fw2ihgtMPQLBRiQxw==", + "dev": true, + "peer": true, + "requires": { + "esprima": "^4.0.1", + "estraverse": "^5.2.0", + "esutils": "^2.0.2", + "optionator": "^0.8.1", + "source-map": "~0.6.1" + }, + "dependencies": { + "estraverse": { + "version": "5.3.0", + "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-5.3.0.tgz", + "integrity": "sha512-MMdARuVEQziNTeJD8DgMqmhwR11BRQ/cBP+pLtYdSTnf3MIO8fFeiINEbX36ZdNlfU/7A9f3gUw49B3oQsvwBA==", + "dev": true, + "peer": true + }, + "levn": { + "version": "0.3.0", + "resolved": "https://registry.npmjs.org/levn/-/levn-0.3.0.tgz", + "integrity": "sha1-OwmSTt+fCDwEkP3UwLxEIeBHZO4=", + "dev": true, + "peer": true, + "requires": { + "prelude-ls": "~1.1.2", + "type-check": "~0.3.2" + } + }, + "optionator": { + "version": "0.8.3", + "resolved": "https://registry.npmjs.org/optionator/-/optionator-0.8.3.tgz", + "integrity": "sha512-+IW9pACdk3XWmmTXG8m3upGUJst5XRGzxMRjXzAuJ1XnIFNvfhjjIuYkDvysnPQ7qzqVzLt78BCruntqRhWQbA==", + "dev": true, + "peer": true, + "requires": { + "deep-is": "~0.1.3", + "fast-levenshtein": "~2.0.6", + "levn": "~0.3.0", + "prelude-ls": "~1.1.2", + "type-check": "~0.3.2", + "word-wrap": "~1.2.3" + } + }, + "prelude-ls": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/prelude-ls/-/prelude-ls-1.1.2.tgz", + "integrity": "sha1-IZMqVJ9eUv/ZqCf1cOBL5iqX2lQ=", + "dev": true, + "peer": true + }, + "source-map": { + "version": "0.6.1", + "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", + "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==", + "dev": true, + "optional": true, + "peer": true + }, + "type-check": { + "version": "0.3.2", + "resolved": "https://registry.npmjs.org/type-check/-/type-check-0.3.2.tgz", + "integrity": "sha1-WITKtRLPHTVeP7eE8wgEsrUg23I=", + "dev": true, + "peer": true, + "requires": { + "prelude-ls": "~1.1.2" + } + } + } }, "eslint": { "version": "7.23.0", @@ -24464,7 +18697,8 @@ "esprima": { "version": "4.0.1", "resolved": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz", - "integrity": "sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A==" + "integrity": "sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A==", + "dev": true }, "esquery": { "version": "1.4.0", @@ -24515,144 +18749,41 @@ "etag": { "version": "1.8.1", "resolved": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz", - "integrity": "sha1-Qa4u62XvpiJorr/qg6x9eSmbCIc=" + "integrity": "sha1-Qa4u62XvpiJorr/qg6x9eSmbCIc=", + "dev": true, + "peer": true }, "events": { "version": "3.3.0", "resolved": "https://registry.npmjs.org/events/-/events-3.3.0.tgz", - "integrity": "sha512-mQw+2fkQbALzQ7V0MY0IqdnXNOeTtP4r0lN9z7AAawCXgqea7bDii20AYrIBrFd/Hx0M2Ocz6S111CaFkUcb0Q==" + "integrity": "sha512-mQw+2fkQbALzQ7V0MY0IqdnXNOeTtP4r0lN9z7AAawCXgqea7bDii20AYrIBrFd/Hx0M2Ocz6S111CaFkUcb0Q==", + "dev": true, + "peer": true }, "evp_bytestokey": { "version": "1.0.3", "resolved": "https://registry.npmjs.org/evp_bytestokey/-/evp_bytestokey-1.0.3.tgz", "integrity": "sha512-/f2Go4TognH/KvCISP7OUsHn85hT9nUkxxA9BEWxFn+Oj9o8ZNLm/40hdlgSLyuOimsrTKLUMEorQexp/aPQeA==", + "dev": true, + "peer": true, "requires": { "md5.js": "^1.3.4", "safe-buffer": "^5.1.1" } }, - "exec-buffer": { - "version": "3.2.0", - "resolved": "https://registry.npmjs.org/exec-buffer/-/exec-buffer-3.2.0.tgz", - "integrity": "sha512-wsiD+2Tp6BWHoVv3B+5Dcx6E7u5zky+hUwOHjuH2hKSLR3dvRmX8fk8UD8uqQixHs4Wk6eDmiegVrMPjKj7wpA==", + "exec-sh": { + "version": "0.3.6", + "resolved": "https://registry.npmjs.org/exec-sh/-/exec-sh-0.3.6.tgz", + "integrity": "sha512-nQn+hI3yp+oD0huYhKwvYI32+JFeq+XkNcD1GAo3Y/MjxsfVGmrrzrnzjWiNY6f+pUCP440fThsFh5gZrRAU/w==", "dev": true, - "requires": { - "execa": "^0.7.0", - "p-finally": "^1.0.0", - "pify": "^3.0.0", - "rimraf": "^2.5.4", - "tempfile": "^2.0.0" - }, - "dependencies": { - "cross-spawn": { - "version": "5.1.0", - "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-5.1.0.tgz", - "integrity": "sha1-6L0O/uWPz/b4+UUQoKVUu/ojVEk=", - "dev": true, - "requires": { - "lru-cache": "^4.0.1", - "shebang-command": "^1.2.0", - "which": "^1.2.9" - } - }, - "execa": { - "version": "0.7.0", - "resolved": "https://registry.npmjs.org/execa/-/execa-0.7.0.tgz", - "integrity": "sha1-lEvs00zEHuMqY6n68nrVpl/Fl3c=", - "dev": true, - "requires": { - "cross-spawn": "^5.0.1", - "get-stream": "^3.0.0", - "is-stream": "^1.1.0", - "npm-run-path": "^2.0.0", - "p-finally": "^1.0.0", - "signal-exit": "^3.0.0", - "strip-eof": "^1.0.0" - } - }, - "get-stream": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-3.0.0.tgz", - "integrity": "sha1-jpQ9E1jcN1VQVOy+LtsFqhdO3hQ=", - "dev": true - }, - "is-stream": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-1.1.0.tgz", - "integrity": "sha1-EtSj3U5o4Lec6428hBc66A2RykQ=", - "dev": true - }, - "lru-cache": { - "version": "4.1.5", - "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-4.1.5.tgz", - "integrity": "sha512-sWZlbEP2OsHNkXrMl5GYk/jKk70MBng6UU4YI/qGDYbgf6YbP4EvmqISbXCoJiRKs+1bSpFHVgQxvJ17F2li5g==", - "dev": true, - "requires": { - "pseudomap": "^1.0.2", - "yallist": "^2.1.2" - } - }, - "npm-run-path": { - "version": "2.0.2", - "resolved": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-2.0.2.tgz", - "integrity": "sha1-NakjLfo11wZ7TLLd8jV7GHFTbF8=", - "dev": true, - "requires": { - "path-key": "^2.0.0" - } - }, - "path-key": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/path-key/-/path-key-2.0.1.tgz", - "integrity": "sha1-QRyttXTFoUDTpLGRDUDYDMn0C0A=", - "dev": true - }, - "rimraf": { - "version": "2.7.1", - "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-2.7.1.tgz", - "integrity": "sha512-uWjbaKIK3T1OSVptzX7Nl6PvQ3qAGtKEtVRjRuazjfL3Bx5eI409VZSqgND+4UNnmzLVdPj9FqFJNPqBZFve4w==", - "dev": true, - "requires": { - "glob": "^7.1.3" - } - }, - "shebang-command": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-1.2.0.tgz", - "integrity": "sha1-RKrGW2lbAzmJaMOfNj/uXer98eo=", - "dev": true, - "requires": { - "shebang-regex": "^1.0.0" - } - }, - "shebang-regex": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-1.0.0.tgz", - "integrity": "sha1-2kL0l0DAtC2yypcoVxyxkMmO/qM=", - "dev": true - }, - "which": { - "version": "1.3.1", - "resolved": "https://registry.npmjs.org/which/-/which-1.3.1.tgz", - "integrity": "sha512-HxJdYWq1MTIQbJ3nw0cqssHoTNU267KlrDuGZ1WYlxDStUtKUhOaJmh112/TZmHxxUfuJqPXSOm7tDyas0OSIQ==", - "dev": true, - "requires": { - "isexe": "^2.0.0" - } - }, - "yallist": { - "version": "2.1.2", - "resolved": "https://registry.npmjs.org/yallist/-/yallist-2.1.2.tgz", - "integrity": "sha1-HBH5IY8HYImkfdUS+TxmmaaoHVI=", - "dev": true - } - } + "peer": true }, "execa": { "version": "4.1.0", "resolved": "https://registry.npmjs.org/execa/-/execa-4.1.0.tgz", "integrity": "sha512-j5W0//W7f8UxAn8hXVnwG8tLwdiUy4FJLcSupCg6maBYZDpyBvTApK7KyuI4bKj8KOh1r2YH+6ucuYtJv1bTZA==", "dev": true, + "peer": true, "requires": { "cross-spawn": "^7.0.0", "get-stream": "^5.0.0", @@ -24674,33 +18805,19 @@ "clone-regexp": "^2.1.0" } }, - "executable": { - "version": "4.1.1", - "resolved": "https://registry.npmjs.org/executable/-/executable-4.1.1.tgz", - "integrity": "sha512-8iA79xD3uAch729dUG8xaaBBFGaEa0wdD2VkYLFHwlqosEj/jT66AzcreRDSgV7ehnNLBW2WR5jIXwGKjVdTLg==", + "exit": { + "version": "0.1.2", + "resolved": "https://registry.npmjs.org/exit/-/exit-0.1.2.tgz", + "integrity": "sha1-BjJjj42HfMghB9MKD/8aF8uhzQw=", "dev": true, - "requires": { - "pify": "^2.2.0" - }, - "dependencies": { - "pify": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/pify/-/pify-2.3.0.tgz", - "integrity": "sha1-7RQaasBDqEnqWISY59yosVMw6Qw=", - "dev": true - } - } - }, - "exenv": { - "version": "1.2.2", - "resolved": "https://registry.npmjs.org/exenv/-/exenv-1.2.2.tgz", - "integrity": "sha1-KueOhdmJQVhnCwPUe+wfA72Ru50=" + "peer": true }, "expand-brackets": { "version": "2.1.4", "resolved": "https://registry.npmjs.org/expand-brackets/-/expand-brackets-2.1.4.tgz", "integrity": "sha1-t3c14xXOMPa27/D4OwQVGiJEliI=", "dev": true, + "peer": true, "requires": { "debug": "^2.3.3", "define-property": "^0.2.5", @@ -24716,6 +18833,7 @@ "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", "dev": true, + "peer": true, "requires": { "ms": "2.0.0" } @@ -24725,6 +18843,7 @@ "resolved": "https://registry.npmjs.org/define-property/-/define-property-0.2.5.tgz", "integrity": "sha1-w1se+RjsPJkPmlvFe+BKrOxcgRY=", "dev": true, + "peer": true, "requires": { "is-descriptor": "^0.1.0" } @@ -24734,6 +18853,7 @@ "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz", "integrity": "sha1-Ua99YUrZqfYQ6huvu5idaxxWiQ8=", "dev": true, + "peer": true, "requires": { "is-extendable": "^0.1.0" } @@ -24743,6 +18863,7 @@ "resolved": "https://registry.npmjs.org/is-accessor-descriptor/-/is-accessor-descriptor-0.1.6.tgz", "integrity": "sha1-qeEss66Nh2cn7u84Q/igiXtcmNY=", "dev": true, + "peer": true, "requires": { "kind-of": "^3.0.2" }, @@ -24752,6 +18873,7 @@ "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", "integrity": "sha1-MeohpzS6ubuw8yRm2JOupR5KPGQ=", "dev": true, + "peer": true, "requires": { "is-buffer": "^1.1.5" } @@ -24762,13 +18884,15 @@ "version": "1.1.6", "resolved": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.6.tgz", "integrity": "sha512-NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w==", - "dev": true + "dev": true, + "peer": true }, "is-data-descriptor": { "version": "0.1.4", "resolved": "https://registry.npmjs.org/is-data-descriptor/-/is-data-descriptor-0.1.4.tgz", "integrity": "sha1-C17mSDiOLIYCgueT8YVv7D8wG1Y=", "dev": true, + "peer": true, "requires": { "kind-of": "^3.0.2" }, @@ -24778,6 +18902,7 @@ "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", "integrity": "sha1-MeohpzS6ubuw8yRm2JOupR5KPGQ=", "dev": true, + "peer": true, "requires": { "is-buffer": "^1.1.5" } @@ -24789,6 +18914,7 @@ "resolved": "https://registry.npmjs.org/is-descriptor/-/is-descriptor-0.1.6.tgz", "integrity": "sha512-avDYr0SB3DwO9zsMov0gKCESFYqCnE4hq/4z3TdUlukEy5t9C0YRq7HLrsN52NAcqXKaepeCD0n+B0arnVG3Hg==", "dev": true, + "peer": true, "requires": { "is-accessor-descriptor": "^0.1.6", "is-data-descriptor": "^0.1.4", @@ -24799,102 +18925,45 @@ "version": "5.1.0", "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-5.1.0.tgz", "integrity": "sha512-NGEErnH6F2vUuXDh+OlbcKW7/wOcfdRHaZ7VWtqCztfHri/++YKmP51OdWeGPuqCOba6kk2OTe5d02VmTB80Pw==", - "dev": true + "dev": true, + "peer": true }, "ms": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=", - "dev": true + "dev": true, + "peer": true } } }, - "express": { - "version": "4.17.1", - "resolved": "https://registry.npmjs.org/express/-/express-4.17.1.tgz", - "integrity": "sha512-mHJ9O79RqluphRrcw2X/GTh3k9tVv8YcoyY4Kkh4WDMUYKRZUq0h1o0w2rrrxBqM7VoeUVqgb27xlEMXTnYt4g==", - "requires": { - "accepts": "~1.3.7", - "array-flatten": "1.1.1", - "body-parser": "1.19.0", - "content-disposition": "0.5.3", - "content-type": "~1.0.4", - "cookie": "0.4.0", - "cookie-signature": "1.0.6", - "debug": "2.6.9", - "depd": "~1.1.2", - "encodeurl": "~1.0.2", - "escape-html": "~1.0.3", - "etag": "~1.8.1", - "finalhandler": "~1.1.2", - "fresh": "0.5.2", - "merge-descriptors": "1.0.1", - "methods": "~1.1.2", - "on-finished": "~2.3.0", - "parseurl": "~1.3.3", - "path-to-regexp": "0.1.7", - "proxy-addr": "~2.0.5", - "qs": "6.7.0", - "range-parser": "~1.2.1", - "safe-buffer": "5.1.2", - "send": "0.17.1", - "serve-static": "1.14.1", - "setprototypeof": "1.1.1", - "statuses": "~1.5.0", - "type-is": "~1.6.18", - "utils-merge": "1.0.1", - "vary": "~1.1.2" - }, - "dependencies": { - "debug": { - "version": "2.6.9", - "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", - "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", - "requires": { - "ms": "2.0.0" - } - }, - "ms": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", - "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=" - }, - "path-to-regexp": { - "version": "0.1.7", - "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz", - "integrity": "sha1-32BBeABfUi8V60SQ5yR6G/qmf4w=" - } - } - }, - "ext-list": { - "version": "2.2.2", - "resolved": "https://registry.npmjs.org/ext-list/-/ext-list-2.2.2.tgz", - "integrity": "sha512-u+SQgsubraE6zItfVA0tBuCBhfU9ogSRnsvygI7wht9TS510oLkBRXBsqopeUG/GBOIQyKZO9wjTqIu/sf5zFA==", + "expect": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/expect/-/expect-26.6.2.tgz", + "integrity": "sha512-9/hlOBkQl2l/PLHJx6JjoDF6xPKcJEsUlWKb23rKE7KzeDqUZKXKNMW27KIue5JMdBV9HgmoJPcc8HtO85t9IA==", "dev": true, + "peer": true, "requires": { - "mime-db": "^1.28.0" - } - }, - "ext-name": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/ext-name/-/ext-name-5.0.0.tgz", - "integrity": "sha512-yblEwXAbGv1VQDmow7s38W77hzAgJAO50ztBLMcUyUBfxv1HC+LGwtiEN+Co6LtlqT/5uwVOxsD4TNIilWhwdQ==", - "dev": true, - "requires": { - "ext-list": "^2.0.0", - "sort-keys-length": "^1.0.0" + "@jest/types": "^26.6.2", + "ansi-styles": "^4.0.0", + "jest-get-type": "^26.3.0", + "jest-matcher-utils": "^26.6.2", + "jest-message-util": "^26.6.2", + "jest-regex-util": "^26.0.0" } }, "extend": { "version": "3.0.2", "resolved": "https://registry.npmjs.org/extend/-/extend-3.0.2.tgz", - "integrity": "sha512-fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g==" + "integrity": "sha512-fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g==", + "dev": true }, "extend-shallow": { "version": "3.0.2", "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-3.0.2.tgz", "integrity": "sha1-Jqcarwc7OfshJxcnRhMcJwQCjbg=", "dev": true, + "peer": true, "requires": { "assign-symbols": "^1.0.0", "is-extendable": "^1.0.1" @@ -24905,6 +18974,7 @@ "resolved": "https://registry.npmjs.org/is-extendable/-/is-extendable-1.0.1.tgz", "integrity": "sha512-arnXMxT1hhoKo9k1LZdmlNyJdDDfy2v0fXjFlmok4+i8ul/6WlbVge9bhM74OpNPQPMGUToDtz+KXa1PneJxOA==", "dev": true, + "peer": true, "requires": { "is-plain-object": "^2.0.4" } @@ -24927,6 +18997,7 @@ "resolved": "https://registry.npmjs.org/extglob/-/extglob-2.0.4.tgz", "integrity": "sha512-Nmb6QXkELsuBr24CJSkilo6UHHgbekK5UiZgfE6UHD3Eb27YC6oD+bhcT+tJ6cl8dmsgdQxnWlcry8ksBIBLpw==", "dev": true, + "peer": true, "requires": { "array-unique": "^0.3.2", "define-property": "^1.0.0", @@ -24943,6 +19014,7 @@ "resolved": "https://registry.npmjs.org/define-property/-/define-property-1.0.0.tgz", "integrity": "sha1-dp66rz9KY6rTr56NMEybvnm/sOY=", "dev": true, + "peer": true, "requires": { "is-descriptor": "^1.0.0" } @@ -24952,6 +19024,7 @@ "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz", "integrity": "sha1-Ua99YUrZqfYQ6huvu5idaxxWiQ8=", "dev": true, + "peer": true, "requires": { "is-extendable": "^0.1.0" } @@ -24961,7 +19034,8 @@ "extract-files": { "version": "9.0.0", "resolved": "https://registry.npmjs.org/extract-files/-/extract-files-9.0.0.tgz", - "integrity": "sha512-CvdFfHkC95B4bBBk36hcEmvdR2awOdhhVUYH6S/zrVj3477zven/fJMYg7121h4T1xHZC+tetUpubpAhxwI7hQ==" + "integrity": "sha512-CvdFfHkC95B4bBBk36hcEmvdR2awOdhhVUYH6S/zrVj3477zven/fJMYg7121h4T1xHZC+tetUpubpAhxwI7hQ==", + "dev": true }, "fast-deep-equal": { "version": "3.1.3", @@ -24975,11 +19049,6 @@ "integrity": "sha512-xJuoT5+L99XlZ8twedaRf6Ax2TgQVxvgZOYoPKqZufmJib0tL2tegPBOZb1pVNgIhlqDlA0eO0c3wBvQcmzx4w==", "dev": true }, - "fast-equals": { - "version": "2.0.4", - "resolved": "https://registry.npmjs.org/fast-equals/-/fast-equals-2.0.4.tgz", - "integrity": "sha512-caj/ZmjHljPrZtbzJ3kfH5ia/k4mTJe/qSiXAGzxZWRZgsgDV0cvNaQULqUX8t0/JVlzzEdYOwCN5DmzTxoD4w==" - }, "fast-glob": { "version": "3.2.7", "resolved": "https://registry.npmjs.org/fast-glob/-/fast-glob-3.2.7.tgz", @@ -25005,12 +19074,6 @@ "integrity": "sha1-PYpcZog6FqMMqGQ+hR8Zuqd5eRc=", "dev": true }, - "fast-xml-parser": { - "version": "3.19.0", - "resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-3.19.0.tgz", - "integrity": "sha512-4pXwmBplsCPv8FOY1WRakF970TjNGnGnfbOnLqjlYvMiF1SR3yOHyxMR/YCXpPTOspNF5gwudqktIP4VsWkvBg==", - "dev": true - }, "fastest-levenshtein": { "version": "1.0.12", "resolved": "https://registry.npmjs.org/fastest-levenshtein/-/fastest-levenshtein-1.0.12.tgz", @@ -25026,18 +19089,14 @@ "reusify": "^1.0.4" } }, - "fathom-client": { - "version": "3.2.0", - "resolved": "https://registry.npmjs.org/fathom-client/-/fathom-client-3.2.0.tgz", - "integrity": "sha512-WF/qA5wXYSuA5K8uiIhGNbErOcTAmfLEWrBxWP2px2dEc9waH9zxjdh9k0F907VCBhdJrv+f7V3HT/Pmro40zA==" - }, - "fd-slicer": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/fd-slicer/-/fd-slicer-1.1.0.tgz", - "integrity": "sha1-JcfInLH5B3+IkbvmHY85Dq4lbx4=", + "fb-watchman": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/fb-watchman/-/fb-watchman-2.0.1.tgz", + "integrity": "sha512-DkPJKQeY6kKwmuMretBhr7G6Vodr7bFwDYTXIkfG1gjvNpaxBTQV3PbXg6bR1c1UP4jPOX0jHUbbHANL9vRjVg==", "dev": true, + "peer": true, "requires": { - "pend": "~1.2.0" + "bser": "2.1.1" } }, "figures": { @@ -25058,22 +19117,6 @@ "flat-cache": "^3.0.4" } }, - "file-loader": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/file-loader/-/file-loader-3.0.1.tgz", - "integrity": "sha512-4sNIOXgtH/9WZq4NvlfU3Opn5ynUsqBwSLyM+I7UOwdGigTBYfVVQEwe/msZNX/j4pCJTIM14Fsw66Svo1oVrw==", - "dev": true, - "requires": { - "loader-utils": "^1.0.2", - "schema-utils": "^1.0.0" - } - }, - "file-type": { - "version": "5.2.0", - "resolved": "https://registry.npmjs.org/file-type/-/file-type-5.2.0.tgz", - "integrity": "sha1-LdvqfHP/42No365J3DOMBYwritY=", - "dev": true - }, "filelist": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/filelist/-/filelist-1.0.2.tgz", @@ -25083,70 +19126,21 @@ "minimatch": "^3.0.4" } }, - "filename-reserved-regex": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/filename-reserved-regex/-/filename-reserved-regex-2.0.0.tgz", - "integrity": "sha1-q/c9+rc10EVECr/qLZHzieu/oik=", - "dev": true - }, - "filenamify": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/filenamify/-/filenamify-2.1.0.tgz", - "integrity": "sha512-ICw7NTT6RsDp2rnYKVd8Fu4cr6ITzGy3+u4vUujPkabyaz+03F24NWEX7fs5fp+kBonlaqPH8fAO2NM+SXt/JA==", - "dev": true, - "requires": { - "filename-reserved-regex": "^2.0.0", - "strip-outer": "^1.0.0", - "trim-repeated": "^1.0.0" - } - }, - "filesize": { - "version": "3.6.1", - "resolved": "https://registry.npmjs.org/filesize/-/filesize-3.6.1.tgz", - "integrity": "sha512-7KjR1vv6qnicaPMi1iiTcI85CyYwRO/PSFCu6SvqL8jN2Wjt/NIYQTFtFs7fSDCYOstUkEWIQGFUg5YZQfjlcg==", - "dev": true - }, "fill-range": { "version": "7.0.1", "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz", "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==", + "dev": true, "requires": { "to-regex-range": "^5.0.1" } }, - "finalhandler": { - "version": "1.1.2", - "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.1.2.tgz", - "integrity": "sha512-aAWcW57uxVNrQZqFXjITpW3sIUQmHGG3qSb9mUah9MgMC4NeWhNOlNjXEYq3HjRAvL6arUviZGGJsBg6z0zsWA==", - "requires": { - "debug": "2.6.9", - "encodeurl": "~1.0.2", - "escape-html": "~1.0.3", - "on-finished": "~2.3.0", - "parseurl": "~1.3.3", - "statuses": "~1.5.0", - "unpipe": "~1.0.0" - }, - "dependencies": { - "debug": { - "version": "2.6.9", - "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", - "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", - "requires": { - "ms": "2.0.0" - } - }, - "ms": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", - "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=" - } - } - }, "find-cache-dir": { "version": "3.3.1", "resolved": "https://registry.npmjs.org/find-cache-dir/-/find-cache-dir-3.3.1.tgz", "integrity": "sha512-t2GDMt3oGC/v+BMwzmllWDuJF/xcDtE5j/fCGbqDD7OLuJkj0cfh1YSA5VKPvwMeLFLNDBkwOKZ2X85jGLVftQ==", + "dev": true, + "peer": true, "requires": { "commondir": "^1.0.1", "make-dir": "^3.0.2", @@ -25157,6 +19151,8 @@ "version": "4.1.0", "resolved": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", "integrity": "sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw==", + "dev": true, + "peer": true, "requires": { "locate-path": "^5.0.0", "path-exists": "^4.0.0" @@ -25166,6 +19162,8 @@ "version": "5.0.0", "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", "integrity": "sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g==", + "dev": true, + "peer": true, "requires": { "p-locate": "^4.1.0" } @@ -25174,6 +19172,8 @@ "version": "3.1.0", "resolved": "https://registry.npmjs.org/make-dir/-/make-dir-3.1.0.tgz", "integrity": "sha512-g3FeP20LNwhALb/6Cz6Dd4F2ngze0jz7tbzrD2wAV+o9FeNHe4rL+yK2md0J/fiSf1sa1ADhXqi5+oVwOM/eGw==", + "dev": true, + "peer": true, "requires": { "semver": "^6.0.0" } @@ -25182,6 +19182,8 @@ "version": "2.3.0", "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", "integrity": "sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==", + "dev": true, + "peer": true, "requires": { "p-try": "^2.0.0" } @@ -25190,6 +19192,8 @@ "version": "4.1.0", "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", "integrity": "sha512-R79ZZ/0wAxKGu3oYMlz8jy/kbhsNrS7SKZ7PxEHBgJ5+F2mtFW2fK2cOtBh1cHYkQsbzFV7I+EoRKe6Yt0oK7A==", + "dev": true, + "peer": true, "requires": { "p-limit": "^2.2.0" } @@ -25197,12 +19201,16 @@ "p-try": { "version": "2.2.0", "resolved": "https://registry.npmjs.org/p-try/-/p-try-2.2.0.tgz", - "integrity": "sha512-R4nPAVTAU0B9D35/Gk3uJf/7XYbQcyohSKdvAxIRSNghFl4e71hVoGnBNQz9cWaXxO2I10KTC+3jMdvvoKw6dQ==" + "integrity": "sha512-R4nPAVTAU0B9D35/Gk3uJf/7XYbQcyohSKdvAxIRSNghFl4e71hVoGnBNQz9cWaXxO2I10KTC+3jMdvvoKw6dQ==", + "dev": true, + "peer": true }, "pkg-dir": { "version": "4.2.0", "resolved": "https://registry.npmjs.org/pkg-dir/-/pkg-dir-4.2.0.tgz", "integrity": "sha512-HRDzbaKjC+AOWVXxAU/x54COGeIv9eb+6CkDSQoNTt4XyWoIJvuPsXizxu/Fr23EiekbtZwmh1IcIG/l/a10GQ==", + "dev": true, + "peer": true, "requires": { "find-up": "^4.0.0" } @@ -25210,7 +19218,9 @@ "semver": { "version": "6.3.0", "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz", - "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==" + "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==", + "dev": true, + "peer": true } } }, @@ -25218,6 +19228,7 @@ "version": "5.0.0", "resolved": "https://registry.npmjs.org/find-up/-/find-up-5.0.0.tgz", "integrity": "sha512-78/PXT1wlLLDgTzDs7sjq9hzz0vXD+zn+7wypEe4fXQxCmdmqfGsEPQxmiCSQI3ajFV91bVSsvNtrJRiW6nGng==", + "dev": true, "requires": { "locate-path": "^6.0.0", "path-exists": "^4.0.0" @@ -25248,157 +19259,41 @@ "integrity": "sha512-OMQjaErSFHmHqZe+PSidH5n8j3O0F2DdnVh8JB4j4eUQ2k6KvB0qGfrKIhapvez5JerBbmWkaLYUYWISaESoXg==", "dev": true }, - "focus-lock": { - "version": "0.9.2", - "resolved": "https://registry.npmjs.org/focus-lock/-/focus-lock-0.9.2.tgz", - "integrity": "sha512-YtHxjX7a0IC0ZACL5wsX8QdncXofWpGPNoVMuI/nZUrPGp6LmNI6+D5j0pPj+v8Kw5EpweA+T5yImK0rnWf7oQ==", - "requires": { - "tslib": "^2.0.3" - }, - "dependencies": { - "tslib": { - "version": "2.3.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.3.1.tgz", - "integrity": "sha512-77EbyPPpMz+FRFRuAFlWMtmgUWGe9UOG2Z25NqCwiIjRhOf5iKGuzSe5P2w1laq+FkRy4p+PCuVkJSGkzTEKVw==" - } - } - }, "for-in": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/for-in/-/for-in-1.0.2.tgz", "integrity": "sha1-gQaNKVqBQuwKxybG4iAMMPttXoA=", - "dev": true + "dev": true, + "peer": true }, "foreach": { "version": "2.0.5", "resolved": "https://registry.npmjs.org/foreach/-/foreach-2.0.5.tgz", - "integrity": "sha1-C+4AUBiusmDQo6865ljdATbsG5k=" + "integrity": "sha1-C+4AUBiusmDQo6865ljdATbsG5k=", + "dev": true, + "peer": true }, "form-data": { "version": "3.0.1", "resolved": "https://registry.npmjs.org/form-data/-/form-data-3.0.1.tgz", "integrity": "sha512-RHkBKtLWUVwd7SqRIvCZMEvAMoGUp0XU+seQiZejj0COz3RI3hWP4sCv3gZWWLjJTd7rGwcsF5eKZGii0r/hbg==", + "dev": true, "requires": { "asynckit": "^0.4.0", "combined-stream": "^1.0.8", "mime-types": "^2.1.12" } }, - "formik": { - "version": "2.2.9", - "resolved": "https://registry.npmjs.org/formik/-/formik-2.2.9.tgz", - "integrity": "sha512-LQLcISMmf1r5at4/gyJigGn0gOwFbeEAlji+N9InZF6LIMXnFNkO42sCI8Jt84YZggpD4cPWObAZaxpEFtSzNA==", - "requires": { - "deepmerge": "^2.1.1", - "hoist-non-react-statics": "^3.3.0", - "lodash": "^4.17.21", - "lodash-es": "^4.17.21", - "react-fast-compare": "^2.0.1", - "tiny-warning": "^1.0.2", - "tslib": "^1.10.0" - } - }, - "forwarded": { - "version": "0.2.0", - "resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz", - "integrity": "sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow==" - }, "fragment-cache": { "version": "0.2.1", "resolved": "https://registry.npmjs.org/fragment-cache/-/fragment-cache-0.2.1.tgz", "integrity": "sha1-QpD60n8T6Jvn8zeZxrxaCr//DRk=", "dev": true, + "peer": true, "requires": { "map-cache": "^0.2.2" } }, - "framer-motion": { - "version": "5.3.3", - "resolved": "https://registry.npmjs.org/framer-motion/-/framer-motion-5.3.3.tgz", - "integrity": "sha512-s4mz0E4/TPTKXqKnpb578S0Jp/0JhAyvDpULFe95kHnWs1lOCKf2+EEl6yAX+1wfPLUYokZzudiK9jam0ZAVdQ==", - "requires": { - "@emotion/is-prop-valid": "^0.8.2", - "framesync": "6.0.1", - "hey-listen": "^1.0.8", - "popmotion": "11.0.0", - "style-value-types": "5.0.0", - "tslib": "^2.1.0" - }, - "dependencies": { - "tslib": { - "version": "2.3.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.3.1.tgz", - "integrity": "sha512-77EbyPPpMz+FRFRuAFlWMtmgUWGe9UOG2Z25NqCwiIjRhOf5iKGuzSe5P2w1laq+FkRy4p+PCuVkJSGkzTEKVw==" - } - } - }, - "framesync": { - "version": "6.0.1", - "resolved": "https://registry.npmjs.org/framesync/-/framesync-6.0.1.tgz", - "integrity": "sha512-fUY88kXvGiIItgNC7wcTOl0SNRCVXMKSWW2Yzfmn7EKNc+MpCzcz9DhdHcdjbrtN3c6R4H5dTY2jiCpPdysEjA==", - "requires": { - "tslib": "^2.1.0" - }, - "dependencies": { - "tslib": { - "version": "2.3.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.3.1.tgz", - "integrity": "sha512-77EbyPPpMz+FRFRuAFlWMtmgUWGe9UOG2Z25NqCwiIjRhOf5iKGuzSe5P2w1laq+FkRy4p+PCuVkJSGkzTEKVw==" - } - } - }, - "fresh": { - "version": "0.5.2", - "resolved": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz", - "integrity": "sha1-PYyt2Q2XZWn6g1qx+OSyOhBWBac=" - }, - "from2": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/from2/-/from2-2.3.0.tgz", - "integrity": "sha1-i/tVAr3kpNNs/e6gB/zKIdfjgq8=", - "dev": true, - "requires": { - "inherits": "^2.0.1", - "readable-stream": "^2.0.0" - }, - "dependencies": { - "readable-stream": { - "version": "2.3.7", - "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.7.tgz", - "integrity": "sha512-Ebho8K4jIbHAxnuxi7o42OrZgF/ZTNcsZj6nRKyUmkhLFq8CHItp/fy6hQZuZmP/n3yZ9VBUbp4zz/mX8hmYPw==", - "dev": true, - "requires": { - "core-util-is": "~1.0.0", - "inherits": "~2.0.3", - "isarray": "~1.0.0", - "process-nextick-args": "~2.0.0", - "safe-buffer": "~5.1.1", - "string_decoder": "~1.1.1", - "util-deprecate": "~1.0.1" - } - }, - "string_decoder": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", - "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==", - "dev": true, - "requires": { - "safe-buffer": "~5.1.0" - } - } - } - }, - "fs-constants": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/fs-constants/-/fs-constants-1.0.0.tgz", - "integrity": "sha512-y6OAwoSIf7FyjMIv94u+b5rdheZEjzR63GTyZJm5qh4Bi+2YgwLCcI/fPFZkL5PSixOt6ZNKm+w+Hfp/Bciwow==", - "dev": true - }, - "fs-exists-sync": { - "version": "0.1.0", - "resolved": "https://registry.npmjs.org/fs-exists-sync/-/fs-exists-sync-0.1.0.tgz", - "integrity": "sha1-mC1ok6+RjnLQjeyehnP/K1qNat0=" - }, "fs-extra": { "version": "9.0.1", "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-9.0.1.tgz", @@ -25414,18 +19309,22 @@ "fs.realpath": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz", - "integrity": "sha1-FQStJSMVjKpA20onh8sBQRmU6k8=" + "integrity": "sha1-FQStJSMVjKpA20onh8sBQRmU6k8=", + "dev": true }, "fsevents": { "version": "2.3.2", "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz", "integrity": "sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==", - "optional": true + "dev": true, + "optional": true, + "peer": true }, "function-bind": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.1.tgz", - "integrity": "sha512-yIovAzMX49sF8Yl58fSCWJ5svSLuaibPxXQJFLmBObTuCr0Mf1KiPopGM9NiFjiYBCbfaa2Fh6breQ6ANVTI0A==" + "integrity": "sha512-yIovAzMX49sF8Yl58fSCWJ5svSLuaibPxXQJFLmBObTuCr0Mf1KiPopGM9NiFjiYBCbfaa2Fh6breQ6ANVTI0A==", + "dev": true }, "functional-red-black-tree": { "version": "1.0.1", @@ -25433,35 +19332,36 @@ "integrity": "sha1-GwqzvVU7Kg1jmdKcDj6gslIHgyc=", "dev": true }, - "fuzzysearch": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/fuzzysearch/-/fuzzysearch-1.0.3.tgz", - "integrity": "sha1-3/yA9tawQiPyImqnndGUIxCW0Ag=" - }, "gensync": { "version": "1.0.0-beta.2", "resolved": "https://registry.npmjs.org/gensync/-/gensync-1.0.0-beta.2.tgz", - "integrity": "sha512-3hN7NaskYvMDLQY55gnW3NQ+mesEAepTqlg+VEbj7zzqEMBVNhzcGYYeqFo/TlYz6eQiFcp1HcsCZO+nGgS8zg==" + "integrity": "sha512-3hN7NaskYvMDLQY55gnW3NQ+mesEAepTqlg+VEbj7zzqEMBVNhzcGYYeqFo/TlYz6eQiFcp1HcsCZO+nGgS8zg==", + "dev": true + }, + "get-caller-file": { + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz", + "integrity": "sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==", + "dev": true, + "peer": true }, "get-intrinsic": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.1.1.tgz", "integrity": "sha512-kWZrnVM42QCiEA2Ig1bG8zjoIMOgxWwYCEeNdwY6Tv/cOSeGpcoX4pXHfKUxNKVoArnrEr2e9srnAxxGIraS9Q==", + "dev": true, "requires": { "function-bind": "^1.1.1", "has": "^1.0.3", "has-symbols": "^1.0.1" } }, - "get-nonce": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/get-nonce/-/get-nonce-1.0.1.tgz", - "integrity": "sha512-FJhYRoDaiatfEkUK8HKlicmu/3SGFD51q3itKDGoSTysQJBnfOcxU5GxnhE1E6soB76MbT0MBtnKJuXyAx+96Q==" - }, "get-orientation": { "version": "1.1.2", "resolved": "https://registry.npmjs.org/get-orientation/-/get-orientation-1.1.2.tgz", "integrity": "sha512-/pViTfifW+gBbh/RnlFYHINvELT9Znt+SYyDKAUL6uV6By019AK/s+i9XP4jSwq7lwP38Fd8HVeTxym3+hkwmQ==", + "dev": true, + "peer": true, "requires": { "stream-parser": "^0.3.1" } @@ -25472,14 +19372,12 @@ "integrity": "sha512-I0UBV/XOz1XkIJHEUDMZAbzCThU/H8DxmSfmdGcKPnVhu2VfFqr34jr9777IyaTYvxjedWhqVIilEDsCdP5G6g==", "dev": true }, - "get-proxy": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/get-proxy/-/get-proxy-2.1.0.tgz", - "integrity": "sha512-zmZIaQTWnNQb4R4fJUEp/FC51eZsc6EkErspy3xtIYStaq8EB/hDIWipxsal+E8rz0qD7f2sL/NA9Xee4RInJw==", + "get-package-type": { + "version": "0.1.0", + "resolved": "https://registry.npmjs.org/get-package-type/-/get-package-type-0.1.0.tgz", + "integrity": "sha512-pjzuKtY64GYfWizNAJ0fr9VqttZkNiK2iS430LtIHzjBEr6bX8Am2zm4sW4Ro5wjWW5cAlRL1qAMTcXbjNAO2Q==", "dev": true, - "requires": { - "npm-conf": "^1.1.0" - } + "peer": true }, "get-stdin": { "version": "8.0.0", @@ -25492,6 +19390,7 @@ "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-5.2.0.tgz", "integrity": "sha512-nBF+F1rAZVCu/p7rjzgA+Yb4lfYXrpl7a6VmJrU8wF9I1CKvP/QwPNZHnOlwbTkY6dvtFIzFMSyQXbLoTQPRpA==", "dev": true, + "peer": true, "requires": { "pump": "^3.0.0" } @@ -25500,27 +19399,14 @@ "version": "2.0.6", "resolved": "https://registry.npmjs.org/get-value/-/get-value-2.0.6.tgz", "integrity": "sha1-3BXKHGcjh8p2vTesCjlbogQqLCg=", - "dev": true - }, - "github-slugger": { - "version": "1.3.0", - "resolved": "https://registry.npmjs.org/github-slugger/-/github-slugger-1.3.0.tgz", - "integrity": "sha512-gwJScWVNhFYSRDvURk/8yhcFBee6aFjye2a7Lhb2bUyRulpIoek9p0I9Kt7PT67d/nUlZbFu8L9RLiA0woQN8Q==", - "requires": { - "emoji-regex": ">=6.0.0 <=6.1.1" - }, - "dependencies": { - "emoji-regex": { - "version": "6.1.1", - "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-6.1.1.tgz", - "integrity": "sha1-xs0OwbBkLio8Z6ETfvxeeW2k+I4=" - } - } + "dev": true, + "peer": true }, "glob": { "version": "7.1.7", "resolved": "https://registry.npmjs.org/glob/-/glob-7.1.7.tgz", "integrity": "sha512-OvD9ENzPLbegENnYP5UUfJIirTg4+XwMWGaQfQTY0JenxNvvIKP3U3/tAQSPIu/lHxXYSZmpXlUHeqAIdKzBLQ==", + "dev": true, "requires": { "fs.realpath": "^1.0.0", "inflight": "^1.0.4", @@ -25534,6 +19420,7 @@ "version": "5.1.2", "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==", + "dev": true, "requires": { "is-glob": "^4.0.1" } @@ -25541,7 +19428,9 @@ "glob-to-regexp": { "version": "0.4.1", "resolved": "https://registry.npmjs.org/glob-to-regexp/-/glob-to-regexp-0.4.1.tgz", - "integrity": "sha512-lkX1HJXwyMcprw/5YUZc2s7DrpAiHB21/V+E1rHUrVNokkvB6bqMzT0VfV6/86ZNabt1k14YOIaT7nDvOX3Iiw==" + "integrity": "sha512-lkX1HJXwyMcprw/5YUZc2s7DrpAiHB21/V+E1rHUrVNokkvB6bqMzT0VfV6/86ZNabt1k14YOIaT7nDvOX3Iiw==", + "dev": true, + "peer": true }, "global-modules": { "version": "2.0.0", @@ -25577,7 +19466,8 @@ "globals": { "version": "11.12.0", "resolved": "https://registry.npmjs.org/globals/-/globals-11.12.0.tgz", - "integrity": "sha512-WOBp/EEGUiIsJSp7wcv/y6MO+lV9UoncWqxuFfm8eBwzWNgyfBd6Gz+IeKQ9jCmyhoH99g15M3T+QaVHFjizVA==" + "integrity": "sha512-WOBp/EEGUiIsJSp7wcv/y6MO+lV9UoncWqxuFfm8eBwzWNgyfBd6Gz+IeKQ9jCmyhoH99g15M3T+QaVHFjizVA==", + "dev": true }, "globby": { "version": "11.0.1", @@ -25608,90 +19498,36 @@ "minimist": "^1.2.5" } }, - "got": { - "version": "7.1.0", - "resolved": "https://registry.npmjs.org/got/-/got-7.1.0.tgz", - "integrity": "sha512-Y5WMo7xKKq1muPsxD+KmrR8DH5auG7fBdDVueZwETwV6VytKyU9OX/ddpq2/1hp1vIPvVb4T81dKQz3BivkNLw==", - "dev": true, - "requires": { - "decompress-response": "^3.2.0", - "duplexer3": "^0.1.4", - "get-stream": "^3.0.0", - "is-plain-obj": "^1.1.0", - "is-retry-allowed": "^1.0.0", - "is-stream": "^1.0.0", - "isurl": "^1.0.0-alpha5", - "lowercase-keys": "^1.0.0", - "p-cancelable": "^0.3.0", - "p-timeout": "^1.1.1", - "safe-buffer": "^5.0.1", - "timed-out": "^4.0.0", - "url-parse-lax": "^1.0.0", - "url-to-options": "^1.0.1" - }, - "dependencies": { - "get-stream": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-3.0.0.tgz", - "integrity": "sha1-jpQ9E1jcN1VQVOy+LtsFqhdO3hQ=", - "dev": true - }, - "is-stream": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-1.1.0.tgz", - "integrity": "sha1-EtSj3U5o4Lec6428hBc66A2RykQ=", - "dev": true - } - } - }, "graceful-fs": { "version": "4.2.6", "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.6.tgz", - "integrity": "sha512-nTnJ528pbqxYanhpDYsi4Rd8MAeaBA67+RZ10CM1m3bTAVFEDcd5AuA4a6W5YkGZ1iNXHzZz8T6TBKLeBuNriQ==" + "integrity": "sha512-nTnJ528pbqxYanhpDYsi4Rd8MAeaBA67+RZ10CM1m3bTAVFEDcd5AuA4a6W5YkGZ1iNXHzZz8T6TBKLeBuNriQ==", + "dev": true }, "graphql": { "version": "15.6.0", "resolved": "https://registry.npmjs.org/graphql/-/graphql-15.6.0.tgz", - "integrity": "sha512-WJR872Zlc9hckiEPhXgyUftXH48jp2EjO5tgBBOyNMRJZ9fviL2mJBD6CAysk6N5S0r9BTs09Qk39nnJBkvOXQ==" + "integrity": "sha512-WJR872Zlc9hckiEPhXgyUftXH48jp2EjO5tgBBOyNMRJZ9fviL2mJBD6CAysk6N5S0r9BTs09Qk39nnJBkvOXQ==", + "dev": true }, "graphql-request": { "version": "3.5.0", "resolved": "https://registry.npmjs.org/graphql-request/-/graphql-request-3.5.0.tgz", "integrity": "sha512-Io89QpfU4rqiMbqM/KwMBzKaDLOppi8FU8sEccCE4JqCgz95W9Q8bvxQ4NfPALLSMvg9nafgg8AkYRmgKSlukA==", + "dev": true, "requires": { "cross-fetch": "^3.0.6", "extract-files": "^9.0.0", "form-data": "^3.0.0" } }, - "gray-matter": { - "version": "4.0.2", - "resolved": "https://registry.npmjs.org/gray-matter/-/gray-matter-4.0.2.tgz", - "integrity": "sha512-7hB/+LxrOjq/dd8APlK0r24uL/67w7SkYnfwhNFwg/VDIGWGmduTDYf3WNstLW2fbbmRwrDGCVSJ2isuf2+4Hw==", - "requires": { - "js-yaml": "^3.11.0", - "kind-of": "^6.0.2", - "section-matter": "^1.0.0", - "strip-bom-string": "^1.0.0" - } - }, - "gzip-size": { - "version": "5.1.1", - "resolved": "https://registry.npmjs.org/gzip-size/-/gzip-size-5.1.1.tgz", - "integrity": "sha512-FNHi6mmoHvs1mxZAds4PpdCS6QG8B4C1krxJsMutgxl5t3+GlRTzzI3NEkifXx2pVsOvJdOGSmIgDhQ55FwdPA==", + "growly": { + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/growly/-/growly-1.3.0.tgz", + "integrity": "sha1-8QdIy+dq+WS3yWyTxrzCivEgwIE=", "dev": true, - "requires": { - "duplexer": "^0.1.1", - "pify": "^4.0.1" - }, - "dependencies": { - "pify": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/pify/-/pify-4.0.1.tgz", - "integrity": "sha512-uB80kBFb/tfd68bVleG9T5GGsGPjJrLAUpR5PZIrhBnIaRTQRjqdJSsIKkOP6OAIFbj7GOrcudc5pNjZ+geV2g==", - "dev": true - } - } + "optional": true, + "peer": true }, "hard-rejection": { "version": "2.1.0", @@ -25703,62 +19539,35 @@ "version": "1.0.3", "resolved": "https://registry.npmjs.org/has/-/has-1.0.3.tgz", "integrity": "sha512-f2dvO0VU6Oej7RkWJGrehjbzMAjFp5/VKPp5tTpWIV4JHHZK1/BxbFRtf/siA2SWTe09caDmVtYYzWEIbBS4zw==", - "requires": { - "function-bind": "^1.1.1" - } - }, - "has-ansi": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/has-ansi/-/has-ansi-2.0.0.tgz", - "integrity": "sha1-NPUEnOHs3ysGSa8+8k5F7TVBbZE=", "dev": true, "requires": { - "ansi-regex": "^2.0.0" - }, - "dependencies": { - "ansi-regex": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz", - "integrity": "sha1-w7M6te42DYbg5ijwRorn7yfWVN8=", - "dev": true - } + "function-bind": "^1.1.1" } }, "has-bigints": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/has-bigints/-/has-bigints-1.0.1.tgz", - "integrity": "sha512-LSBS2LjbNBTf6287JEbEzvJgftkF5qFkmCo9hDRpAzKhUOlJ+hx8dd4USs00SgsUNwc4617J9ki5YtEClM2ffA==" + "integrity": "sha512-LSBS2LjbNBTf6287JEbEzvJgftkF5qFkmCo9hDRpAzKhUOlJ+hx8dd4USs00SgsUNwc4617J9ki5YtEClM2ffA==", + "dev": true }, "has-flag": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz", - "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==" - }, - "has-symbol-support-x": { - "version": "1.4.2", - "resolved": "https://registry.npmjs.org/has-symbol-support-x/-/has-symbol-support-x-1.4.2.tgz", - "integrity": "sha512-3ToOva++HaW+eCpgqZrCfN51IPB+7bJNVT6CUATzueB5Heb8o6Nam0V3HG5dlDvZU1Gn5QLcbahiKw/XVk5JJw==", + "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==", "dev": true }, "has-symbols": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.0.2.tgz", - "integrity": "sha512-chXa79rL/UC2KlX17jo3vRGz0azaWEx5tGqZg5pO3NUyEJVB17dMruQlzCCOfUvElghKcm5194+BCRvi2Rv/Gw==" - }, - "has-to-string-tag-x": { - "version": "1.4.1", - "resolved": "https://registry.npmjs.org/has-to-string-tag-x/-/has-to-string-tag-x-1.4.1.tgz", - "integrity": "sha512-vdbKfmw+3LoOYVr+mtxHaX5a96+0f3DljYd8JOqvOLsf5mw2Otda2qCDT9qRqLAhrjyQ0h7ual5nOiASpsGNFw==", - "dev": true, - "requires": { - "has-symbol-support-x": "^1.4.1" - } + "integrity": "sha512-chXa79rL/UC2KlX17jo3vRGz0azaWEx5tGqZg5pO3NUyEJVB17dMruQlzCCOfUvElghKcm5194+BCRvi2Rv/Gw==", + "dev": true }, "has-value": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/has-value/-/has-value-1.0.0.tgz", "integrity": "sha1-GLKB2lhbHFxR3vJMkw7SmgvmsXc=", "dev": true, + "peer": true, "requires": { "get-value": "^2.0.6", "has-values": "^1.0.0", @@ -25770,6 +19579,7 @@ "resolved": "https://registry.npmjs.org/has-values/-/has-values-1.0.0.tgz", "integrity": "sha1-lbC2P+whRmGab+V/51Yo1aOe/k8=", "dev": true, + "peer": true, "requires": { "is-number": "^3.0.0", "kind-of": "^4.0.0" @@ -25779,13 +19589,15 @@ "version": "1.1.6", "resolved": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.6.tgz", "integrity": "sha512-NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w==", - "dev": true + "dev": true, + "peer": true }, "is-number": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/is-number/-/is-number-3.0.0.tgz", "integrity": "sha1-JP1iAaR4LPUFYcgQJ2r8fRLXEZU=", "dev": true, + "peer": true, "requires": { "kind-of": "^3.0.2" }, @@ -25795,6 +19607,7 @@ "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", "integrity": "sha1-MeohpzS6ubuw8yRm2JOupR5KPGQ=", "dev": true, + "peer": true, "requires": { "is-buffer": "^1.1.5" } @@ -25806,6 +19619,7 @@ "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-4.0.0.tgz", "integrity": "sha1-IIE989cSkosgc3hpGkUGb65y3Vc=", "dev": true, + "peer": true, "requires": { "is-buffer": "^1.1.5" } @@ -25816,6 +19630,8 @@ "version": "3.1.0", "resolved": "https://registry.npmjs.org/hash-base/-/hash-base-3.1.0.tgz", "integrity": "sha512-1nmYp/rhMDiE7AYkDw+lLwlAzz0AntGIe51F3RfFfEqyQ3feY2eI/NcwC6umIQVOASPMsWJLJScWKSSvzL9IVA==", + "dev": true, + "peer": true, "requires": { "inherits": "^2.0.4", "readable-stream": "^3.6.0", @@ -25825,7 +19641,9 @@ "safe-buffer": { "version": "5.2.1", "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", - "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==" + "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==", + "dev": true, + "peer": true } } }, @@ -25833,160 +19651,32 @@ "version": "1.1.7", "resolved": "https://registry.npmjs.org/hash.js/-/hash.js-1.1.7.tgz", "integrity": "sha512-taOaskGt4z4SOANNseOviYDvjEJinIkRgmp7LbKP2YTTmVxWBl87s/uzK9r+44BclBSp2X7K1hqeNfz9JbBeXA==", + "dev": true, + "peer": true, "requires": { "inherits": "^2.0.3", "minimalistic-assert": "^1.0.1" } }, - "hast-to-hyperscript": { - "version": "9.0.1", - "resolved": "https://registry.npmjs.org/hast-to-hyperscript/-/hast-to-hyperscript-9.0.1.tgz", - "integrity": "sha512-zQgLKqF+O2F72S1aa4y2ivxzSlko3MAvxkwG8ehGmNiqd98BIN3JM1rAJPmplEyLmGLO2QZYJtIneOSZ2YbJuA==", - "requires": { - "@types/unist": "^2.0.3", - "comma-separated-tokens": "^1.0.0", - "property-information": "^5.3.0", - "space-separated-tokens": "^1.0.0", - "style-to-object": "^0.3.0", - "unist-util-is": "^4.0.0", - "web-namespaces": "^1.0.0" - } - }, - "hast-util-from-parse5": { - "version": "6.0.1", - "resolved": "https://registry.npmjs.org/hast-util-from-parse5/-/hast-util-from-parse5-6.0.1.tgz", - "integrity": "sha512-jeJUWiN5pSxW12Rh01smtVkZgZr33wBokLzKLwinYOUfSzm1Nl/c3GUGebDyOKjdsRgMvoVbV0VpAcpjF4NrJA==", - "requires": { - "@types/parse5": "^5.0.0", - "hastscript": "^6.0.0", - "property-information": "^5.0.0", - "vfile": "^4.0.0", - "vfile-location": "^3.2.0", - "web-namespaces": "^1.0.0" - } - }, - "hast-util-is-element": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/hast-util-is-element/-/hast-util-is-element-1.1.0.tgz", - "integrity": "sha512-oUmNua0bFbdrD/ELDSSEadRVtWZOf3iF6Lbv81naqsIV99RnSCieTbWuWCY8BAeEfKJTKl0gRdokv+dELutHGQ==" - }, - "hast-util-parse-selector": { - "version": "2.2.5", - "resolved": "https://registry.npmjs.org/hast-util-parse-selector/-/hast-util-parse-selector-2.2.5.tgz", - "integrity": "sha512-7j6mrk/qqkSehsM92wQjdIgWM2/BW61u/53G6xmC8i1OmEdKLHbk419QKQUjz6LglWsfqoiHmyMRkP1BGjecNQ==" - }, - "hast-util-raw": { - "version": "6.0.1", - "resolved": "https://registry.npmjs.org/hast-util-raw/-/hast-util-raw-6.0.1.tgz", - "integrity": "sha512-ZMuiYA+UF7BXBtsTBNcLBF5HzXzkyE6MLzJnL605LKE8GJylNjGc4jjxazAHUtcwT5/CEt6afRKViYB4X66dig==", - "requires": { - "@types/hast": "^2.0.0", - "hast-util-from-parse5": "^6.0.0", - "hast-util-to-parse5": "^6.0.0", - "html-void-elements": "^1.0.0", - "parse5": "^6.0.0", - "unist-util-position": "^3.0.0", - "vfile": "^4.0.0", - "web-namespaces": "^1.0.0", - "xtend": "^4.0.0", - "zwitch": "^1.0.0" - } - }, - "hast-util-to-html": { - "version": "7.1.3", - "resolved": "https://registry.npmjs.org/hast-util-to-html/-/hast-util-to-html-7.1.3.tgz", - "integrity": "sha512-yk2+1p3EJTEE9ZEUkgHsUSVhIpCsL/bvT8E5GzmWc+N1Po5gBw+0F8bo7dpxXR0nu0bQVxVZGX2lBGF21CmeDw==", - "requires": { - "ccount": "^1.0.0", - "comma-separated-tokens": "^1.0.0", - "hast-util-is-element": "^1.0.0", - "hast-util-whitespace": "^1.0.0", - "html-void-elements": "^1.0.0", - "property-information": "^5.0.0", - "space-separated-tokens": "^1.0.0", - "stringify-entities": "^3.0.1", - "unist-util-is": "^4.0.0", - "xtend": "^4.0.0" - } - }, - "hast-util-to-parse5": { - "version": "6.0.0", - "resolved": "https://registry.npmjs.org/hast-util-to-parse5/-/hast-util-to-parse5-6.0.0.tgz", - "integrity": "sha512-Lu5m6Lgm/fWuz8eWnrKezHtVY83JeRGaNQ2kn9aJgqaxvVkFCZQBEhgodZUDUvoodgyROHDb3r5IxAEdl6suJQ==", - "requires": { - "hast-to-hyperscript": "^9.0.0", - "property-information": "^5.0.0", - "web-namespaces": "^1.0.0", - "xtend": "^4.0.0", - "zwitch": "^1.0.0" - } - }, - "hast-util-to-string": { - "version": "1.0.4", - "resolved": "https://registry.npmjs.org/hast-util-to-string/-/hast-util-to-string-1.0.4.tgz", - "integrity": "sha512-eK0MxRX47AV2eZ+Lyr18DCpQgodvaS3fAQO2+b9Two9F5HEoRPhiUMNzoXArMJfZi2yieFzUBMRl3HNJ3Jus3w==" - }, - "hast-util-to-text": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/hast-util-to-text/-/hast-util-to-text-2.0.1.tgz", - "integrity": "sha512-8nsgCARfs6VkwH2jJU9b8LNTuR4700na+0h3PqCaEk4MAnMDeu5P0tP8mjk9LLNGxIeQRLbiDbZVw6rku+pYsQ==", - "requires": { - "hast-util-is-element": "^1.0.0", - "repeat-string": "^1.0.0", - "unist-util-find-after": "^3.0.0" - } - }, - "hast-util-whitespace": { - "version": "1.0.4", - "resolved": "https://registry.npmjs.org/hast-util-whitespace/-/hast-util-whitespace-1.0.4.tgz", - "integrity": "sha512-I5GTdSfhYfAPNztx2xJRQpG8cuDSNt599/7YUn7Gx/WxNMsG+a835k97TDkFgk123cwjfwINaZknkKkphx/f2A==" - }, - "hastscript": { - "version": "6.0.0", - "resolved": "https://registry.npmjs.org/hastscript/-/hastscript-6.0.0.tgz", - "integrity": "sha512-nDM6bvd7lIqDUiYEiu5Sl/+6ReP0BMk/2f4U/Rooccxkj0P5nm+acM5PrGJ/t5I8qPGiqZSE6hVAwZEdZIvP4w==", - "requires": { - "@types/hast": "^2.0.0", - "comma-separated-tokens": "^1.0.0", - "hast-util-parse-selector": "^2.0.0", - "property-information": "^5.0.0", - "space-separated-tokens": "^1.0.0" - } - }, "he": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/he/-/he-1.2.0.tgz", - "integrity": "sha512-F/1DnUGPopORZi0ni+CvrCgHQ5FyEAHRLSApuYWMmrbSwoN2Mn/7k+Gl38gJnR7yyDZk6WLXwiGod1JOWNDKGw==" - }, - "hey-listen": { - "version": "1.0.8", - "resolved": "https://registry.npmjs.org/hey-listen/-/hey-listen-1.0.8.tgz", - "integrity": "sha512-COpmrF2NOg4TBWUJ5UVyaCU2A88wEMkUPK4hNqyCkqHbxT92BbvfjoSozkAIIm6XhicGlJHhFdullInrdhwU8Q==" + "integrity": "sha512-F/1DnUGPopORZi0ni+CvrCgHQ5FyEAHRLSApuYWMmrbSwoN2Mn/7k+Gl38gJnR7yyDZk6WLXwiGod1JOWNDKGw==", + "dev": true, + "peer": true }, "hmac-drbg": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/hmac-drbg/-/hmac-drbg-1.0.1.tgz", "integrity": "sha1-0nRXAQJabHdabFRXk+1QL8DGSaE=", + "dev": true, + "peer": true, "requires": { "hash.js": "^1.0.3", "minimalistic-assert": "^1.0.0", "minimalistic-crypto-utils": "^1.0.1" } }, - "hoist-non-react-statics": { - "version": "3.3.2", - "resolved": "https://registry.npmjs.org/hoist-non-react-statics/-/hoist-non-react-statics-3.3.2.tgz", - "integrity": "sha512-/gGivxi8JPKWNm/W0jSmzcMPpfpPLc3dY/6GxhX2hQ9iGj3aDfklV4ET7NjKpSinLpJ5vafa9iiGIEZg10SfBw==", - "requires": { - "react-is": "^16.7.0" - } - }, - "hoopy": { - "version": "0.1.4", - "resolved": "https://registry.npmjs.org/hoopy/-/hoopy-0.1.4.tgz", - "integrity": "sha512-HRcs+2mr52W0K+x8RzcLzuPPmVIKMSv97RGHy0Ea9y/mpcaK+xTrjICA04KAHi4GRzxliNqNJEFYWHghy3rSfQ==", - "dev": true - }, "hosted-git-info": { "version": "4.0.2", "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-4.0.2.tgz", @@ -25996,17 +19686,29 @@ "lru-cache": "^6.0.0" } }, + "html-encoding-sniffer": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/html-encoding-sniffer/-/html-encoding-sniffer-2.0.1.tgz", + "integrity": "sha512-D5JbOMBIR/TVZkubHT+OyT2705QvogUW4IBn6nHd756OwieSF9aDYFj4dv6HHEVGYbHaLETa3WggZYWWMyy3ZQ==", + "dev": true, + "peer": true, + "requires": { + "whatwg-encoding": "^1.0.5" + } + }, + "html-escaper": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/html-escaper/-/html-escaper-2.0.2.tgz", + "integrity": "sha512-H2iMtd0I4Mt5eYiapRdIDjp+XzelXQ0tFE4JS7YFwFevXXMmOp9myNrUvCg0D6ws8iqkRPBfKHgbwig1SmlLfg==", + "dev": true, + "peer": true + }, "html-tags": { "version": "3.1.0", "resolved": "https://registry.npmjs.org/html-tags/-/html-tags-3.1.0.tgz", "integrity": "sha512-1qYz89hW3lFDEazhjW0yVAV87lw8lVkrJocr72XmBkMKsoSVJCQx3W8BXsC7hO2qAt8BoVjYjtAcZ9perqGnNg==", "dev": true }, - "html-void-elements": { - "version": "1.0.5", - "resolved": "https://registry.npmjs.org/html-void-elements/-/html-void-elements-1.0.5.tgz", - "integrity": "sha512-uE/TxKuyNIcx44cIWnjr/rfIATDH7ZaOMmstu0CwhFG1Dunhlp4OC6/NMbhiwoq5BpW0ubi303qnEk/PZj614w==" - }, "htmlparser2": { "version": "3.10.1", "resolved": "https://registry.npmjs.org/htmlparser2/-/htmlparser2-3.10.1.tgz", @@ -26021,46 +19723,47 @@ "readable-stream": "^3.1.1" } }, - "http-cache-semantics": { - "version": "3.8.1", - "resolved": "https://registry.npmjs.org/http-cache-semantics/-/http-cache-semantics-3.8.1.tgz", - "integrity": "sha512-5ai2iksyV8ZXmnZhHH4rWPoxxistEexSi5936zIQ1bnNTW5VnA85B6P/VpXiRM017IgRvb2kKo1a//y+0wSp3w==", - "dev": true - }, - "http-errors": { - "version": "1.7.2", - "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-1.7.2.tgz", - "integrity": "sha512-uUQBt3H/cSIVfch6i1EuPNy/YsRSOUBXTVfZ+yR7Zjez3qjBz6i9+i4zjNaoqcoFVI4lQJ5plg63TvGfRSDCRg==", + "http-proxy-agent": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/http-proxy-agent/-/http-proxy-agent-4.0.1.tgz", + "integrity": "sha512-k0zdNgqWTGA6aeIRVpvfVob4fL52dTfaehylg0Y4UvSySvOq/Y+BOyPrgpUrA7HylqvU8vIZGsRuXmspskV0Tg==", + "dev": true, + "peer": true, "requires": { - "depd": "~1.1.2", - "inherits": "2.0.3", - "setprototypeof": "1.1.1", - "statuses": ">= 1.5.0 < 2", - "toidentifier": "1.0.0" - }, - "dependencies": { - "inherits": { - "version": "2.0.3", - "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.3.tgz", - "integrity": "sha1-Yzwsg+PaQqUC9SRmAiSA9CCCYd4=" - } + "@tootallnate/once": "1", + "agent-base": "6", + "debug": "4" } }, "https-browserify": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/https-browserify/-/https-browserify-1.0.0.tgz", - "integrity": "sha1-7AbBDgo0wPL68Zn3/X/Hj//QPHM=" + "integrity": "sha1-7AbBDgo0wPL68Zn3/X/Hj//QPHM=", + "dev": true, + "peer": true + }, + "https-proxy-agent": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-5.0.1.tgz", + "integrity": "sha512-dFcAjpTQFgoLMzC2VwU+C/CbS7uRL0lWmxDITmqm7C+7F0Odmj6s9l6alZc6AELXhrnggM2CeWSXHGOdX2YtwA==", + "dev": true, + "peer": true, + "requires": { + "agent-base": "6", + "debug": "4" + } }, "human-signals": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/human-signals/-/human-signals-1.1.1.tgz", "integrity": "sha512-SEQu7vl8KjNL2eoGBLF3+wAjpsNfA9XMlXAYj/3EdaNfAlxKthD1xjEQfGOUhllCGGJVNY34bRr6lPINhNjyZw==", - "dev": true + "dev": true, + "peer": true }, "husky": { - "version": "4.3.7", - "resolved": "https://registry.npmjs.org/husky/-/husky-4.3.7.tgz", - "integrity": "sha512-0fQlcCDq/xypoyYSJvEuzbDPHFf8ZF9IXKJxlrnvxABTSzK1VPT2RKYQKrcgJ+YD39swgoB6sbzywUqFxUiqjw==", + "version": "4.3.8", + "resolved": "https://registry.npmjs.org/husky/-/husky-4.3.8.tgz", + "integrity": "sha512-LCqqsB0PzJQ/AlCgfrfzRe3e3+NvmefAdKQhRYpxS4u6clblBoDdzzvHi8fmxKRzvMxPY/1WZWzomPZww0Anow==", "dev": true, "requires": { "chalk": "^4.0.0", @@ -26079,6 +19782,7 @@ "version": "0.4.24", "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz", "integrity": "sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==", + "dev": true, "requires": { "safer-buffer": ">= 2.1.2 < 3" } @@ -26086,7 +19790,9 @@ "ieee754": { "version": "1.2.1", "resolved": "https://registry.npmjs.org/ieee754/-/ieee754-1.2.1.tgz", - "integrity": "sha512-dcyqhDvX1C46lXZcVqCpK+FtMRQVdIMN6/Df5js2zouUsqG7I6sFxitIC+7KYK29KdXOLHdu9zL4sFnoVQnqaA==" + "integrity": "sha512-dcyqhDvX1C46lXZcVqCpK+FtMRQVdIMN6/Df5js2zouUsqG7I6sFxitIC+7KYK29KdXOLHdu9zL4sFnoVQnqaA==", + "dev": true, + "peer": true }, "ignore": { "version": "5.1.8", @@ -26098,300 +19804,12 @@ "version": "1.0.0", "resolved": "https://registry.npmjs.org/image-size/-/image-size-1.0.0.tgz", "integrity": "sha512-JLJ6OwBfO1KcA+TvJT+v8gbE6iWbj24LyDNFgFEN0lzegn6cC6a/p3NIDaepMsJjQjlUWqIC7wJv8lBFxPNjcw==", + "dev": true, + "peer": true, "requires": { "queue": "6.0.2" } }, - "imagemin": { - "version": "6.1.0", - "resolved": "https://registry.npmjs.org/imagemin/-/imagemin-6.1.0.tgz", - "integrity": "sha512-8ryJBL1CN5uSHpiBMX0rJw79C9F9aJqMnjGnrd/1CafegpNuA81RBAAru/jQQEOWlOJJlpRnlcVFF6wq+Ist0A==", - "dev": true, - "requires": { - "file-type": "^10.7.0", - "globby": "^8.0.1", - "make-dir": "^1.0.0", - "p-pipe": "^1.1.0", - "pify": "^4.0.1", - "replace-ext": "^1.0.0" - }, - "dependencies": { - "@nodelib/fs.stat": { - "version": "1.1.3", - "resolved": "https://registry.npmjs.org/@nodelib/fs.stat/-/fs.stat-1.1.3.tgz", - "integrity": "sha512-shAmDyaQC4H92APFoIaVDHCx5bStIocgvbwQyxPRrbUY20V1EYTbSDchWbuwlMG3V17cprZhA6+78JfB+3DTPw==", - "dev": true - }, - "array-union": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/array-union/-/array-union-1.0.2.tgz", - "integrity": "sha1-mjRBDk9OPaI96jdb5b5w8kd47Dk=", - "dev": true, - "requires": { - "array-uniq": "^1.0.1" - } - }, - "braces": { - "version": "2.3.2", - "resolved": "https://registry.npmjs.org/braces/-/braces-2.3.2.tgz", - "integrity": "sha512-aNdbnj9P8PjdXU4ybaWLK2IF3jc/EoDYbC7AazW6to3TRsfXxscC9UXOB5iDiEQrkyIbWp2SLQda4+QAa7nc3w==", - "dev": true, - "requires": { - "arr-flatten": "^1.1.0", - "array-unique": "^0.3.2", - "extend-shallow": "^2.0.1", - "fill-range": "^4.0.0", - "isobject": "^3.0.1", - "repeat-element": "^1.1.2", - "snapdragon": "^0.8.1", - "snapdragon-node": "^2.0.1", - "split-string": "^3.0.2", - "to-regex": "^3.0.1" - }, - "dependencies": { - "extend-shallow": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz", - "integrity": "sha1-Ua99YUrZqfYQ6huvu5idaxxWiQ8=", - "dev": true, - "requires": { - "is-extendable": "^0.1.0" - } - } - } - }, - "dir-glob": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/dir-glob/-/dir-glob-2.0.0.tgz", - "integrity": "sha512-37qirFDz8cA5fimp9feo43fSuRo2gHwaIn6dXL8Ber1dGwUosDrGZeCCXq57WnIqE4aQ+u3eQZzsk1yOzhdwag==", - "dev": true, - "requires": { - "arrify": "^1.0.1", - "path-type": "^3.0.0" - } - }, - "fast-glob": { - "version": "2.2.7", - "resolved": "https://registry.npmjs.org/fast-glob/-/fast-glob-2.2.7.tgz", - "integrity": "sha512-g1KuQwHOZAmOZMuBtHdxDtju+T2RT8jgCC9aANsbpdiDDTSnjgfuVsIBNKbUeJI3oKMRExcfNDtJl4OhbffMsw==", - "dev": true, - "requires": { - "@mrmlnc/readdir-enhanced": "^2.2.1", - "@nodelib/fs.stat": "^1.1.2", - "glob-parent": "^3.1.0", - "is-glob": "^4.0.0", - "merge2": "^1.2.3", - "micromatch": "^3.1.10" - } - }, - "file-type": { - "version": "10.11.0", - "resolved": "https://registry.npmjs.org/file-type/-/file-type-10.11.0.tgz", - "integrity": "sha512-uzk64HRpUZyTGZtVuvrjP0FYxzQrBf4rojot6J65YMEbwBLB0CWm0CLojVpwpmFmxcE/lkvYICgfcGozbBq6rw==", - "dev": true - }, - "fill-range": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-4.0.0.tgz", - "integrity": "sha1-1USBHUKPmOsGpj3EAtJAPDKMOPc=", - "dev": true, - "requires": { - "extend-shallow": "^2.0.1", - "is-number": "^3.0.0", - "repeat-string": "^1.6.1", - "to-regex-range": "^2.1.0" - }, - "dependencies": { - "extend-shallow": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz", - "integrity": "sha1-Ua99YUrZqfYQ6huvu5idaxxWiQ8=", - "dev": true, - "requires": { - "is-extendable": "^0.1.0" - } - } - } - }, - "glob-parent": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-3.1.0.tgz", - "integrity": "sha1-nmr2KZ2NO9K9QEMIMr0RPfkGxa4=", - "dev": true, - "requires": { - "is-glob": "^3.1.0", - "path-dirname": "^1.0.0" - }, - "dependencies": { - "is-glob": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-3.1.0.tgz", - "integrity": "sha1-e6WuJCF4BKxwcHuWkiVnSGzD6Eo=", - "dev": true, - "requires": { - "is-extglob": "^2.1.0" - } - } - } - }, - "globby": { - "version": "8.0.2", - "resolved": "https://registry.npmjs.org/globby/-/globby-8.0.2.tgz", - "integrity": "sha512-yTzMmKygLp8RUpG1Ymu2VXPSJQZjNAZPD4ywgYEaG7e4tBJeUQBO8OpXrf1RCNcEs5alsoJYPAMiIHP0cmeC7w==", - "dev": true, - "requires": { - "array-union": "^1.0.1", - "dir-glob": "2.0.0", - "fast-glob": "^2.0.2", - "glob": "^7.1.2", - "ignore": "^3.3.5", - "pify": "^3.0.0", - "slash": "^1.0.0" - }, - "dependencies": { - "pify": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/pify/-/pify-3.0.0.tgz", - "integrity": "sha1-5aSs0sEB/fPZpNB/DbxNtJ3SgXY=", - "dev": true - } - } - }, - "ignore": { - "version": "3.3.10", - "resolved": "https://registry.npmjs.org/ignore/-/ignore-3.3.10.tgz", - "integrity": "sha512-Pgs951kaMm5GXP7MOvxERINe3gsaVjUWFm+UZPSq9xYriQAksyhg0csnS0KXSNRD5NmNdapXEpjxG49+AKh/ug==", - "dev": true - }, - "is-buffer": { - "version": "1.1.6", - "resolved": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.6.tgz", - "integrity": "sha512-NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w==", - "dev": true - }, - "is-number": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/is-number/-/is-number-3.0.0.tgz", - "integrity": "sha1-JP1iAaR4LPUFYcgQJ2r8fRLXEZU=", - "dev": true, - "requires": { - "kind-of": "^3.0.2" - }, - "dependencies": { - "kind-of": { - "version": "3.2.2", - "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", - "integrity": "sha1-MeohpzS6ubuw8yRm2JOupR5KPGQ=", - "dev": true, - "requires": { - "is-buffer": "^1.1.5" - } - } - } - }, - "micromatch": { - "version": "3.1.10", - "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-3.1.10.tgz", - "integrity": "sha512-MWikgl9n9M3w+bpsY3He8L+w9eF9338xRl8IAO5viDizwSzziFEyUzo2xrrloB64ADbTf8uA8vRqqttDTOmccg==", - "dev": true, - "requires": { - "arr-diff": "^4.0.0", - "array-unique": "^0.3.2", - "braces": "^2.3.1", - "define-property": "^2.0.2", - "extend-shallow": "^3.0.2", - "extglob": "^2.0.4", - "fragment-cache": "^0.2.1", - "kind-of": "^6.0.2", - "nanomatch": "^1.2.9", - "object.pick": "^1.3.0", - "regex-not": "^1.0.0", - "snapdragon": "^0.8.1", - "to-regex": "^3.0.2" - } - }, - "path-type": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/path-type/-/path-type-3.0.0.tgz", - "integrity": "sha512-T2ZUsdZFHgA3u4e5PfPbjd7HDDpxPnQb5jN0SrDsjNSuVXHJqtwTnWqG0B1jZrgmJ/7lj1EmVIByWt1gxGkWvg==", - "dev": true, - "requires": { - "pify": "^3.0.0" - }, - "dependencies": { - "pify": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/pify/-/pify-3.0.0.tgz", - "integrity": "sha1-5aSs0sEB/fPZpNB/DbxNtJ3SgXY=", - "dev": true - } - } - }, - "pify": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/pify/-/pify-4.0.1.tgz", - "integrity": "sha512-uB80kBFb/tfd68bVleG9T5GGsGPjJrLAUpR5PZIrhBnIaRTQRjqdJSsIKkOP6OAIFbj7GOrcudc5pNjZ+geV2g==", - "dev": true - }, - "slash": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/slash/-/slash-1.0.0.tgz", - "integrity": "sha1-xB8vbDn8FtHNF61LXYlhFK5HDVU=", - "dev": true - }, - "to-regex-range": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-2.1.1.tgz", - "integrity": "sha1-fIDBe53+vlmeJzZ+DU3VWQFB2zg=", - "dev": true, - "requires": { - "is-number": "^3.0.0", - "repeat-string": "^1.6.1" - } - } - } - }, - "imagemin-mozjpeg": { - "version": "9.0.0", - "resolved": "https://registry.npmjs.org/imagemin-mozjpeg/-/imagemin-mozjpeg-9.0.0.tgz", - "integrity": "sha512-TwOjTzYqCFRgROTWpVSt5UTT0JeCuzF1jswPLKALDd89+PmrJ2PdMMYeDLYZ1fs9cTovI9GJd68mRSnuVt691w==", - "dev": true, - "requires": { - "execa": "^4.0.0", - "is-jpg": "^2.0.0", - "mozjpeg": "^7.0.0" - } - }, - "imagemin-optipng": { - "version": "8.0.0", - "resolved": "https://registry.npmjs.org/imagemin-optipng/-/imagemin-optipng-8.0.0.tgz", - "integrity": "sha512-CUGfhfwqlPjAC0rm8Fy+R2DJDBGjzy2SkfyT09L8rasnF9jSoHFqJ1xxSZWK6HVPZBMhGPMxCTL70OgTHlLF5A==", - "dev": true, - "requires": { - "exec-buffer": "^3.0.0", - "is-png": "^2.0.0", - "optipng-bin": "^7.0.0" - } - }, - "imagemin-svgo": { - "version": "8.0.0", - "resolved": "https://registry.npmjs.org/imagemin-svgo/-/imagemin-svgo-8.0.0.tgz", - "integrity": "sha512-++fDnnxsLT+4rpt8babwiIbzapgBzeS2Kgcy+CwgBvgSRFltBFhX2WnpCziMtxhRCzqJcCE9EcHWZP/sj+G3rQ==", - "dev": true, - "requires": { - "is-svg": "^4.2.1", - "svgo": "^1.3.2" - } - }, - "img-loader": { - "version": "3.0.2", - "resolved": "https://registry.npmjs.org/img-loader/-/img-loader-3.0.2.tgz", - "integrity": "sha512-rSriLKgvi85Km7ppSF+AEAM3nU4fxpvCkaXtC/IoCEU7jfks55bEANFs0bB9YXYkxY9JurZQIZFtXh5Gue3upw==", - "dev": true, - "requires": { - "loader-utils": "^1.1.0" - } - }, "import-fresh": { "version": "3.3.0", "resolved": "https://registry.npmjs.org/import-fresh/-/import-fresh-3.3.0.tgz", @@ -26408,6 +19826,77 @@ "integrity": "sha512-rKtvo6a868b5Hu3heneU+L4yEQ4jYKLtjpnPeUdK7h0yzXGmyBTypknlkCvHFBqfX9YlorEiMM6Dnq/5atfHkw==", "dev": true }, + "import-local": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/import-local/-/import-local-3.1.0.tgz", + "integrity": "sha512-ASB07uLtnDs1o6EHjKpX34BKYDSqnFerfTOJL2HvMqF70LnxpjkzDB8J44oT9pu4AMPkQwf8jl6szgvNd2tRIg==", + "dev": true, + "peer": true, + "requires": { + "pkg-dir": "^4.2.0", + "resolve-cwd": "^3.0.0" + }, + "dependencies": { + "find-up": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", + "integrity": "sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw==", + "dev": true, + "peer": true, + "requires": { + "locate-path": "^5.0.0", + "path-exists": "^4.0.0" + } + }, + "locate-path": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", + "integrity": "sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g==", + "dev": true, + "peer": true, + "requires": { + "p-locate": "^4.1.0" + } + }, + "p-limit": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", + "integrity": "sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==", + "dev": true, + "peer": true, + "requires": { + "p-try": "^2.0.0" + } + }, + "p-locate": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", + "integrity": "sha512-R79ZZ/0wAxKGu3oYMlz8jy/kbhsNrS7SKZ7PxEHBgJ5+F2mtFW2fK2cOtBh1cHYkQsbzFV7I+EoRKe6Yt0oK7A==", + "dev": true, + "peer": true, + "requires": { + "p-limit": "^2.2.0" + } + }, + "p-try": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/p-try/-/p-try-2.2.0.tgz", + "integrity": "sha512-R4nPAVTAU0B9D35/Gk3uJf/7XYbQcyohSKdvAxIRSNghFl4e71hVoGnBNQz9cWaXxO2I10KTC+3jMdvvoKw6dQ==", + "dev": true, + "peer": true + }, + "pkg-dir": { + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/pkg-dir/-/pkg-dir-4.2.0.tgz", + "integrity": "sha512-HRDzbaKjC+AOWVXxAU/x54COGeIv9eb+6CkDSQoNTt4XyWoIJvuPsXizxu/Fr23EiekbtZwmh1IcIG/l/a10GQ==", + "dev": true, + "peer": true, + "requires": { + "find-up": "^4.0.0" + } + } + } + }, "imurmurhash": { "version": "0.1.4", "resolved": "https://registry.npmjs.org/imurmurhash/-/imurmurhash-0.1.4.tgz", @@ -26424,6 +19913,7 @@ "version": "1.0.6", "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz", "integrity": "sha1-Sb1jMdfQLQwJvJEKEHW6gWW1bfk=", + "dev": true, "requires": { "once": "^1.3.0", "wrappy": "1" @@ -26432,7 +19922,8 @@ "inherits": { "version": "2.0.4", "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", - "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==" + "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==", + "dev": true }, "ini": { "version": "1.3.8", @@ -26440,11 +19931,6 @@ "integrity": "sha512-JV/yugV2uzW5iMRSiZAyDtQd+nxtUnjeLt0acNdw98kKLrvuRVyB80tsREOE7yvGVgalhZ6RNXCmEHkUKBKxew==", "dev": true }, - "inline-style-parser": { - "version": "0.1.1", - "resolved": "https://registry.npmjs.org/inline-style-parser/-/inline-style-parser-0.1.1.tgz", - "integrity": "sha512-7NXolsK4CAS5+xvdj5OMMbI962hU/wvwoxk+LWR9Ek9bVtyuuYScDN6eS0rUm6TxApFpw7CX1o4uJzcd4AyD3Q==" - }, "inquirer": { "version": "7.3.3", "resolved": "https://registry.npmjs.org/inquirer/-/inquirer-7.3.3.tgz", @@ -26477,45 +19963,18 @@ "side-channel": "^1.0.4" } }, - "intersection-observer": { - "version": "0.12.0", - "resolved": "https://registry.npmjs.org/intersection-observer/-/intersection-observer-0.12.0.tgz", - "integrity": "sha512-2Vkz8z46Dv401zTWudDGwO7KiGHNDkMv417T5ItcNYfmvHR/1qCTVBO9vwH8zZmQ0WkA/1ARwpysR9bsnop4NQ==" - }, - "into-stream": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/into-stream/-/into-stream-3.1.0.tgz", - "integrity": "sha1-lvsKk2wSur1v8XUqF9BWFqvQlMY=", - "dev": true, - "requires": { - "from2": "^2.1.1", - "p-is-promise": "^1.1.0" - } - }, - "invariant": { - "version": "2.2.4", - "resolved": "https://registry.npmjs.org/invariant/-/invariant-2.2.4.tgz", - "integrity": "sha512-phJfQVBuaJM5raOpJjSfkiD6BpbCE4Ns//LaXl6wGYtUBY83nWS6Rf9tXm2e8VaK60JEjYldbPif/A2B1C2gNA==", - "requires": { - "loose-envify": "^1.0.0" - } - }, "ip-regex": { "version": "4.3.0", "resolved": "https://registry.npmjs.org/ip-regex/-/ip-regex-4.3.0.tgz", "integrity": "sha512-B9ZWJxHHOHUhUjCPrMpLD4xEq35bUTClHM1S6CBU5ixQnkZmwipwgc96vAd7AAGM9TGHvJR+Uss+/Ak6UphK+Q==", "dev": true }, - "ipaddr.js": { - "version": "1.9.1", - "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz", - "integrity": "sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==" - }, "is-accessor-descriptor": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/is-accessor-descriptor/-/is-accessor-descriptor-1.0.0.tgz", "integrity": "sha512-m5hnHTkcVsPfqx3AKlyttIPb7J+XykHvJP2B9bZDjlhLIoEq4XoK64Vg7boZlVWYK6LUY94dYPEE7Lh0ZkZKcQ==", "dev": true, + "peer": true, "requires": { "kind-of": "^6.0.0" } @@ -26523,17 +19982,14 @@ "is-alphabetical": { "version": "1.0.4", "resolved": "https://registry.npmjs.org/is-alphabetical/-/is-alphabetical-1.0.4.tgz", - "integrity": "sha512-DwzsA04LQ10FHTZuL0/grVDk4rFoVH1pjAToYwBrHSxcrBIGQuXrQMtD5U1b0U2XVgKZCTLLP8u2Qxqhy3l2Vg==" - }, - "is-alphanumeric": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/is-alphanumeric/-/is-alphanumeric-1.0.0.tgz", - "integrity": "sha1-Spzvcdr0wAHB2B1j0UDPU/1oifQ=" + "integrity": "sha512-DwzsA04LQ10FHTZuL0/grVDk4rFoVH1pjAToYwBrHSxcrBIGQuXrQMtD5U1b0U2XVgKZCTLLP8u2Qxqhy3l2Vg==", + "dev": true }, "is-alphanumerical": { "version": "1.0.4", "resolved": "https://registry.npmjs.org/is-alphanumerical/-/is-alphanumerical-1.0.4.tgz", "integrity": "sha512-UzoZUr+XfVz3t3v4KyGEniVL9BDRoQtY7tOyrRybkVNjDFWyo1yhXNGrrBTQxp3ib9BLAWs7k2YKBQsFRkZG9A==", + "dev": true, "requires": { "is-alphabetical": "^1.0.0", "is-decimal": "^1.0.0" @@ -26543,6 +19999,8 @@ "version": "1.1.0", "resolved": "https://registry.npmjs.org/is-arguments/-/is-arguments-1.1.0.tgz", "integrity": "sha512-1Ij4lOMPl/xB5kBDn7I+b2ttPMKa8szhEIrXDuXQD/oe3HJLTLhqhgGspwgyGd6MOywBUqVvYicF72lkgDnIHg==", + "dev": true, + "peer": true, "requires": { "call-bind": "^1.0.0" } @@ -26556,12 +20014,15 @@ "is-bigint": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/is-bigint/-/is-bigint-1.0.2.tgz", - "integrity": "sha512-0JV5+SOCQkIdzjBK9buARcV804Ddu7A0Qet6sHi3FimE9ne6m4BGQZfRn+NZiXbBk4F4XmHfDZIipLj9pX8dSA==" + "integrity": "sha512-0JV5+SOCQkIdzjBK9buARcV804Ddu7A0Qet6sHi3FimE9ne6m4BGQZfRn+NZiXbBk4F4XmHfDZIipLj9pX8dSA==", + "dev": true }, "is-binary-path": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz", "integrity": "sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw==", + "dev": true, + "peer": true, "requires": { "binary-extensions": "^2.0.0" } @@ -26570,6 +20031,7 @@ "version": "1.1.1", "resolved": "https://registry.npmjs.org/is-boolean-object/-/is-boolean-object-1.1.1.tgz", "integrity": "sha512-bXdQWkECBUIAcCkeH1unwJLIpZYaa5VvuygSyS/c2lf719mTKZDU5UdDRlpd01UjADgmW8RfqaP+mRaVPdr/Ng==", + "dev": true, "requires": { "call-bind": "^1.0.2" } @@ -26577,12 +20039,14 @@ "is-buffer": { "version": "2.0.5", "resolved": "https://registry.npmjs.org/is-buffer/-/is-buffer-2.0.5.tgz", - "integrity": "sha512-i2R6zNFDwgEHJyQUtJEk0XFi1i0dPFn/oqjK3/vPCcDeJvW5NQ83V8QbicfF1SupOaB0h8ntgBC2YiE7dfyctQ==" + "integrity": "sha512-i2R6zNFDwgEHJyQUtJEk0XFi1i0dPFn/oqjK3/vPCcDeJvW5NQ83V8QbicfF1SupOaB0h8ntgBC2YiE7dfyctQ==", + "dev": true }, "is-callable": { "version": "1.2.3", "resolved": "https://registry.npmjs.org/is-callable/-/is-callable-1.2.3.tgz", - "integrity": "sha512-J1DcMe8UYTBSrKezuIUTUwjXsho29693unXM2YhJUTR2txK/eG47bvNa/wipPFmZFgr/N6f1GA66dv0mEyTIyQ==" + "integrity": "sha512-J1DcMe8UYTBSrKezuIUTUwjXsho29693unXM2YhJUTR2txK/eG47bvNa/wipPFmZFgr/N6f1GA66dv0mEyTIyQ==", + "dev": true }, "is-ci": { "version": "2.0.0", @@ -26597,6 +20061,7 @@ "version": "2.7.0", "resolved": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.7.0.tgz", "integrity": "sha512-ByY+tjCciCr+9nLryBYcSD50EOGWt95c7tIsKTG1J2ixKKXPvF7Ej3AVd+UfDydAJom3biBGDBALaO79ktwgEQ==", + "dev": true, "requires": { "has": "^1.0.3" } @@ -26606,6 +20071,7 @@ "resolved": "https://registry.npmjs.org/is-data-descriptor/-/is-data-descriptor-1.0.0.tgz", "integrity": "sha512-jbRXy1FmtAoCjQkVmIVYwuuqDFUbaOeDjmed1tOGPrsMhtJA4rD9tkgA0F1qJ3gRFRXcHYVkdeaP50Q5rE/jLQ==", "dev": true, + "peer": true, "requires": { "kind-of": "^6.0.0" } @@ -26613,18 +20079,21 @@ "is-date-object": { "version": "1.0.4", "resolved": "https://registry.npmjs.org/is-date-object/-/is-date-object-1.0.4.tgz", - "integrity": "sha512-/b4ZVsG7Z5XVtIxs/h9W8nvfLgSAyKYdtGWQLbqy6jA1icmgjf8WCoTKgeS4wy5tYaPePouzFMANbnj94c2Z+A==" + "integrity": "sha512-/b4ZVsG7Z5XVtIxs/h9W8nvfLgSAyKYdtGWQLbqy6jA1icmgjf8WCoTKgeS4wy5tYaPePouzFMANbnj94c2Z+A==", + "dev": true }, "is-decimal": { "version": "1.0.4", "resolved": "https://registry.npmjs.org/is-decimal/-/is-decimal-1.0.4.tgz", - "integrity": "sha512-RGdriMmQQvZ2aqaQq3awNA6dCGtKpiDFcOzrTWrDAT2MiWrKQVPmxLGHl7Y2nNu6led0kEyoX0enY0qXYsv9zw==" + "integrity": "sha512-RGdriMmQQvZ2aqaQq3awNA6dCGtKpiDFcOzrTWrDAT2MiWrKQVPmxLGHl7Y2nNu6led0kEyoX0enY0qXYsv9zw==", + "dev": true }, "is-descriptor": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/is-descriptor/-/is-descriptor-1.0.2.tgz", "integrity": "sha512-2eis5WqQGV7peooDyLmNEPUrps9+SXX5c9pL3xEB+4e9HnGuDa7mB7kHxHw4CbqS9k1T2hOH3miL8n8WtiYVtg==", "dev": true, + "peer": true, "requires": { "is-accessor-descriptor": "^1.0.0", "is-data-descriptor": "^1.0.0", @@ -26640,17 +20109,14 @@ "is-extendable": { "version": "0.1.1", "resolved": "https://registry.npmjs.org/is-extendable/-/is-extendable-0.1.1.tgz", - "integrity": "sha1-YrEQ4omkcUGOPsNqYX1HLjAd/Ik=" + "integrity": "sha1-YrEQ4omkcUGOPsNqYX1HLjAd/Ik=", + "dev": true, + "peer": true }, "is-extglob": { "version": "2.1.1", "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz", - "integrity": "sha1-qIwCU1eR8C7TfHahueqXc8gz+MI=" - }, - "is-finite": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/is-finite/-/is-finite-1.1.0.tgz", - "integrity": "sha512-cdyMtqX/BOqqNBBiKlIVkytNHm49MtMlYyn1zxzvJKWmFMlGzm+ry5BBfYyeY9YmNKbRSo/o7OX9w9ale0wg3w==", + "integrity": "sha1-qIwCU1eR8C7TfHahueqXc8gz+MI=", "dev": true }, "is-fullwidth-code-point": { @@ -26659,15 +20125,25 @@ "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==", "dev": true }, + "is-generator-fn": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/is-generator-fn/-/is-generator-fn-2.1.0.tgz", + "integrity": "sha512-cTIB4yPYL/Grw0EaSzASzg6bBy9gqCofvWN8okThAYIxKJZC+udlRAmGbM0XLeniEJSs8uEgHPGuHSe1XsOLSQ==", + "dev": true, + "peer": true + }, "is-generator-function": { "version": "1.0.9", "resolved": "https://registry.npmjs.org/is-generator-function/-/is-generator-function-1.0.9.tgz", - "integrity": "sha512-ZJ34p1uvIfptHCN7sFTjGibB9/oBg17sHqzDLfuwhvmN/qLVvIQXRQ8licZQ35WJ8KuEQt/etnnzQFI9C9Ue/A==" + "integrity": "sha512-ZJ34p1uvIfptHCN7sFTjGibB9/oBg17sHqzDLfuwhvmN/qLVvIQXRQ8licZQ35WJ8KuEQt/etnnzQFI9C9Ue/A==", + "dev": true, + "peer": true }, "is-glob": { "version": "4.0.1", "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.1.tgz", "integrity": "sha512-5G0tKtBTFImOqDnLB2hG6Bp2qcKEFduo4tZu9MT/H6NQv/ghhy30o55ufafxJ/LdH79LLs2Kfrn85TLKyA7BUg==", + "dev": true, "requires": { "is-extglob": "^2.1.1" } @@ -26675,43 +20151,37 @@ "is-hexadecimal": { "version": "1.0.4", "resolved": "https://registry.npmjs.org/is-hexadecimal/-/is-hexadecimal-1.0.4.tgz", - "integrity": "sha512-gyPJuv83bHMpocVYoqof5VDiZveEoGoFL8m3BXNb2VW8Xs+rz9kqO8LOQ5DH6EsuvilT1ApazU0pyl+ytbPtlw==" - }, - "is-jpg": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/is-jpg/-/is-jpg-2.0.0.tgz", - "integrity": "sha1-LhmX+m6RZuqsAkLarkQ0A+TvHZc=", + "integrity": "sha512-gyPJuv83bHMpocVYoqof5VDiZveEoGoFL8m3BXNb2VW8Xs+rz9kqO8LOQ5DH6EsuvilT1ApazU0pyl+ytbPtlw==", "dev": true }, "is-nan": { "version": "1.3.2", "resolved": "https://registry.npmjs.org/is-nan/-/is-nan-1.3.2.tgz", "integrity": "sha512-E+zBKpQ2t6MEo1VsonYmluk9NxGrbzpeeLC2xIViuO2EjU2xsXsBPwTr3Ykv9l08UYEVEdWeRZNouaZqF6RN0w==", + "dev": true, + "peer": true, "requires": { "call-bind": "^1.0.0", "define-properties": "^1.1.3" } }, - "is-natural-number": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/is-natural-number/-/is-natural-number-4.0.1.tgz", - "integrity": "sha1-q5124dtM7VHjXeDHLr7PCfc0zeg=", - "dev": true - }, "is-negative-zero": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/is-negative-zero/-/is-negative-zero-2.0.1.tgz", - "integrity": "sha512-2z6JzQvZRa9A2Y7xC6dQQm4FSTSTNWjKIYYTt4246eMTJmIo0Q+ZyOsU66X8lxK1AbB92dFeglPLrhwpeRKO6w==" + "integrity": "sha512-2z6JzQvZRa9A2Y7xC6dQQm4FSTSTNWjKIYYTt4246eMTJmIo0Q+ZyOsU66X8lxK1AbB92dFeglPLrhwpeRKO6w==", + "dev": true }, "is-number": { "version": "7.0.0", "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz", - "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==" + "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==", + "dev": true }, "is-number-object": { "version": "1.0.5", "resolved": "https://registry.npmjs.org/is-number-object/-/is-number-object-1.0.5.tgz", - "integrity": "sha512-RU0lI/n95pMoUKu9v1BZP5MBcZuNSVJkMkAG2dJqC4z2GlkGUNeH68SuHuBKBD/XFe+LHZ+f9BKkLET60Niedw==" + "integrity": "sha512-RU0lI/n95pMoUKu9v1BZP5MBcZuNSVJkMkAG2dJqC4z2GlkGUNeH68SuHuBKBD/XFe+LHZ+f9BKkLET60Niedw==", + "dev": true }, "is-obj": { "version": "1.0.1", @@ -26719,12 +20189,6 @@ "integrity": "sha1-PkcprB9f3gJc19g6iW2rn09n2w8=", "dev": true }, - "is-object": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/is-object/-/is-object-1.0.2.tgz", - "integrity": "sha512-2rRIahhZr2UWb45fIOuvZGpFtz0TyOZLf32KxBbSoUCeZR495zCKlWUKKUByk3geS2eAs7ZAABt0Y/Rx0GiQGA==", - "dev": true - }, "is-plain-obj": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-1.1.0.tgz", @@ -26736,20 +20200,23 @@ "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-2.0.4.tgz", "integrity": "sha512-h5PpgXkWitc38BBMYawTYMWJHFZJVnBquFE57xFpjB8pJFiF6gZ+bU+WyI/yqXiFR5mdLsgYNaPe8uao6Uv9Og==", "dev": true, + "peer": true, "requires": { "isobject": "^3.0.1" } }, - "is-png": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/is-png/-/is-png-2.0.0.tgz", - "integrity": "sha512-4KPGizaVGj2LK7xwJIz8o5B2ubu1D/vcQsgOGFEDlpcvgZHto4gBnyd0ig7Ws+67ixmwKoNmu0hYnpo6AaKb5g==", - "dev": true + "is-potential-custom-element-name": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/is-potential-custom-element-name/-/is-potential-custom-element-name-1.0.1.tgz", + "integrity": "sha512-bCYeRA2rVibKZd+s2625gGnGF/t7DSqDs4dP7CrLA1m7jKWz6pps0LpYLJN8Q64HtmPKJ1hrN3nzPNKFEKOUiQ==", + "dev": true, + "peer": true }, "is-regex": { "version": "1.1.3", "resolved": "https://registry.npmjs.org/is-regex/-/is-regex-1.1.3.tgz", "integrity": "sha512-qSVXFz28HM7y+IWX6vLCsexdlvzT1PJNFSBuaQLQ5o0IEw8UDYW6/2+eCMVyIsbM8CNLX2a/QWmSpyxYEHY7CQ==", + "dev": true, "requires": { "call-bind": "^1.0.2", "has-symbols": "^1.0.2" @@ -26761,12 +20228,6 @@ "integrity": "sha1-/S2INUXEa6xaYz57mgnof6LLUGk=", "dev": true }, - "is-retry-allowed": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/is-retry-allowed/-/is-retry-allowed-1.2.0.tgz", - "integrity": "sha512-RUbUeKwvm3XG2VYamhJL1xFktgjvPzL0Hq8C+6yrWIswDy3BIXGqCxhxkc30N9jqK311gVU137K8Ei55/zVJRg==", - "dev": true - }, "is-stream": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-2.0.0.tgz", @@ -26776,21 +20237,14 @@ "is-string": { "version": "1.0.6", "resolved": "https://registry.npmjs.org/is-string/-/is-string-1.0.6.tgz", - "integrity": "sha512-2gdzbKUuqtQ3lYNrUTQYoClPhm7oQu4UdpSZMp1/DGgkHBT8E2Z1l0yMdb6D4zNAxwDiMv8MdulKROJGNl0Q0w==" - }, - "is-svg": { - "version": "4.3.1", - "resolved": "https://registry.npmjs.org/is-svg/-/is-svg-4.3.1.tgz", - "integrity": "sha512-h2CGs+yPUyvkgTJQS9cJzo9lYK06WgRiXUqBBHtglSzVKAuH4/oWsqk7LGfbSa1hGk9QcZ0SyQtVggvBA8LZXA==", - "dev": true, - "requires": { - "fast-xml-parser": "^3.19.0" - } + "integrity": "sha512-2gdzbKUuqtQ3lYNrUTQYoClPhm7oQu4UdpSZMp1/DGgkHBT8E2Z1l0yMdb6D4zNAxwDiMv8MdulKROJGNl0Q0w==", + "dev": true }, "is-symbol": { "version": "1.0.4", "resolved": "https://registry.npmjs.org/is-symbol/-/is-symbol-1.0.4.tgz", "integrity": "sha512-C/CPBqKWnvdcxqIARxyOh4v1UUEOCHpgDa0WYgpKDFMszcrPcffg5uhwSgPCLD2WWxmq6isisz87tzT01tuGhg==", + "dev": true, "requires": { "has-symbols": "^1.0.2" } @@ -26799,6 +20253,8 @@ "version": "1.1.5", "resolved": "https://registry.npmjs.org/is-typed-array/-/is-typed-array-1.1.5.tgz", "integrity": "sha512-S+GRDgJlR3PyEbsX/Fobd9cqpZBuvUS+8asRqYDMLCb2qMzt1oz5m5oxQCxOgUDxiWsOVNi4yaF+/uvdlHlYug==", + "dev": true, + "peer": true, "requires": { "available-typed-arrays": "^1.0.2", "call-bind": "^1.0.2", @@ -26828,27 +20284,12 @@ "url-regex": "^5.0.0" } }, - "is-utf8": { - "version": "0.2.1", - "resolved": "https://registry.npmjs.org/is-utf8/-/is-utf8-0.2.1.tgz", - "integrity": "sha1-Sw2hRCEE0bM2NA6AeX6GXPOffXI=", - "dev": true - }, - "is-whitespace-character": { - "version": "1.0.4", - "resolved": "https://registry.npmjs.org/is-whitespace-character/-/is-whitespace-character-1.0.4.tgz", - "integrity": "sha512-SDweEzfIZM0SJV0EUga669UTKlmL0Pq8Lno0QDQsPnvECB3IM2aP0gdx5TrU0A01MAPfViaZiI2V1QMZLaKK5w==" - }, "is-windows": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/is-windows/-/is-windows-1.0.2.tgz", "integrity": "sha512-eXK1UInq2bPmjyX6e3VHIzMLobc4J94i4AWn+Hpq3OU5KkrRC96OAcR3PRJ/pGu6m8TRnBHP9dkXQVsT/COVIA==", - "dev": true - }, - "is-word-character": { - "version": "1.0.4", - "resolved": "https://registry.npmjs.org/is-word-character/-/is-word-character-1.0.4.tgz", - "integrity": "sha512-5SMO8RVennx3nZrqtKwCGyyetPE9VDba5ugvKLaD4KopPG5kR4mQ7tNt/r7feL5yt5h3lpuBbIUmCOG2eSzXHA==" + "dev": true, + "peer": true }, "is-wsl": { "version": "2.2.0", @@ -26862,12 +20303,9 @@ "isarray": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz", - "integrity": "sha1-u5NdSFgsuhaMBoNJV6VKPgcSTxE=" - }, - "iserror": { - "version": "0.0.2", - "resolved": "https://registry.npmjs.org/iserror/-/iserror-0.0.2.tgz", - "integrity": "sha1-vVNFH+L2aLnyQCwZZnh6qix8C/U=" + "integrity": "sha1-u5NdSFgsuhaMBoNJV6VKPgcSTxE=", + "dev": true, + "peer": true }, "isexe": { "version": "2.0.0", @@ -26879,25 +20317,99 @@ "version": "3.0.1", "resolved": "https://registry.npmjs.org/isobject/-/isobject-3.0.1.tgz", "integrity": "sha1-TkMekrEalzFjaqH5yNHMvP2reN8=", - "dev": true + "dev": true, + "peer": true }, - "isomorphic-unfetch": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/isomorphic-unfetch/-/isomorphic-unfetch-3.1.0.tgz", - "integrity": "sha512-geDJjpoZ8N0kWexiwkX8F9NkTsXhetLPVbZFQ+JTW239QNOwvB0gniuR1Wc6f0AMTn7/mFGyXvHTifrCp/GH8Q==", + "istanbul-lib-coverage": { + "version": "3.2.0", + "resolved": "https://registry.npmjs.org/istanbul-lib-coverage/-/istanbul-lib-coverage-3.2.0.tgz", + "integrity": "sha512-eOeJ5BHCmHYvQK7xt9GkdHuzuCGS1Y6g9Gvnx3Ym33fz/HpLRYxiS0wHNr+m/MBC8B647Xt608vCDEvhl9c6Mw==", + "dev": true, + "peer": true + }, + "istanbul-lib-instrument": { + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/istanbul-lib-instrument/-/istanbul-lib-instrument-4.0.3.tgz", + "integrity": "sha512-BXgQl9kf4WTCPCCpmFGoJkz/+uhvm7h7PFKUYxh7qarQd3ER33vHG//qaE8eN25l07YqZPpHXU9I09l/RD5aGQ==", + "dev": true, + "peer": true, "requires": { - "node-fetch": "^2.6.1", - "unfetch": "^4.2.0" + "@babel/core": "^7.7.5", + "@istanbuljs/schema": "^0.1.2", + "istanbul-lib-coverage": "^3.0.0", + "semver": "^6.3.0" + }, + "dependencies": { + "semver": { + "version": "6.3.0", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz", + "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==", + "dev": true, + "peer": true + } } }, - "isurl": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/isurl/-/isurl-1.0.0.tgz", - "integrity": "sha512-1P/yWsxPlDtn7QeRD+ULKQPaIaN6yF368GZ2vDfv0AL0NwpStafjWCDDdn0k8wgFMWpVAqG7oJhxHnlud42i9w==", + "istanbul-lib-report": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/istanbul-lib-report/-/istanbul-lib-report-3.0.0.tgz", + "integrity": "sha512-wcdi+uAKzfiGT2abPpKZ0hSU1rGQjUQnLvtY5MpQ7QCTahD3VODhcu4wcfY1YtkGaDD5yuydOLINXsfbus9ROw==", "dev": true, + "peer": true, "requires": { - "has-to-string-tag-x": "^1.2.0", - "is-object": "^1.0.1" + "istanbul-lib-coverage": "^3.0.0", + "make-dir": "^3.0.0", + "supports-color": "^7.1.0" + }, + "dependencies": { + "make-dir": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/make-dir/-/make-dir-3.1.0.tgz", + "integrity": "sha512-g3FeP20LNwhALb/6Cz6Dd4F2ngze0jz7tbzrD2wAV+o9FeNHe4rL+yK2md0J/fiSf1sa1ADhXqi5+oVwOM/eGw==", + "dev": true, + "peer": true, + "requires": { + "semver": "^6.0.0" + } + }, + "semver": { + "version": "6.3.0", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz", + "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==", + "dev": true, + "peer": true + } + } + }, + "istanbul-lib-source-maps": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/istanbul-lib-source-maps/-/istanbul-lib-source-maps-4.0.1.tgz", + "integrity": "sha512-n3s8EwkdFIJCG3BPKBYvskgXGoy88ARzvegkitk60NxRdwltLOTaH7CUiMRXvwYorl0Q712iEjcWB+fK/MrWVw==", + "dev": true, + "peer": true, + "requires": { + "debug": "^4.1.1", + "istanbul-lib-coverage": "^3.0.0", + "source-map": "^0.6.1" + }, + "dependencies": { + "source-map": { + "version": "0.6.1", + "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", + "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==", + "dev": true, + "peer": true + } + } + }, + "istanbul-reports": { + "version": "3.1.4", + "resolved": "https://registry.npmjs.org/istanbul-reports/-/istanbul-reports-3.1.4.tgz", + "integrity": "sha512-r1/DshN4KSE7xWEknZLLLLDn5CJybV3nw01VTkp6D5jzLuELlcbudfj/eSQFvrKsJuTVCGnePO7ho82Nw9zzfw==", + "dev": true, + "peer": true, + "requires": { + "html-escaper": "^2.0.0", + "istanbul-lib-report": "^3.0.0" } }, "jake": { @@ -26964,6 +20476,448 @@ } } }, + "jest": { + "version": "26.6.3", + "resolved": "https://registry.npmjs.org/jest/-/jest-26.6.3.tgz", + "integrity": "sha512-lGS5PXGAzR4RF7V5+XObhqz2KZIDUA1yD0DG6pBVmy10eh0ZIXQImRuzocsI/N2XZ1GrLFwTS27In2i2jlpq1Q==", + "dev": true, + "peer": true, + "requires": { + "@jest/core": "^26.6.3", + "import-local": "^3.0.2", + "jest-cli": "^26.6.3" + } + }, + "jest-changed-files": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/jest-changed-files/-/jest-changed-files-26.6.2.tgz", + "integrity": "sha512-fDS7szLcY9sCtIip8Fjry9oGf3I2ht/QT21bAHm5Dmf0mD4X3ReNUf17y+bO6fR8WgbIZTlbyG1ak/53cbRzKQ==", + "dev": true, + "peer": true, + "requires": { + "@jest/types": "^26.6.2", + "execa": "^4.0.0", + "throat": "^5.0.0" + } + }, + "jest-cli": { + "version": "26.6.3", + "resolved": "https://registry.npmjs.org/jest-cli/-/jest-cli-26.6.3.tgz", + "integrity": "sha512-GF9noBSa9t08pSyl3CY4frMrqp+aQXFGFkf5hEPbh/pIUFYWMK6ZLTfbmadxJVcJrdRoChlWQsA2VkJcDFK8hg==", + "dev": true, + "peer": true, + "requires": { + "@jest/core": "^26.6.3", + "@jest/test-result": "^26.6.2", + "@jest/types": "^26.6.2", + "chalk": "^4.0.0", + "exit": "^0.1.2", + "graceful-fs": "^4.2.4", + "import-local": "^3.0.2", + "is-ci": "^2.0.0", + "jest-config": "^26.6.3", + "jest-util": "^26.6.2", + "jest-validate": "^26.6.2", + "prompts": "^2.0.1", + "yargs": "^15.4.1" + } + }, + "jest-config": { + "version": "26.6.3", + "resolved": "https://registry.npmjs.org/jest-config/-/jest-config-26.6.3.tgz", + "integrity": "sha512-t5qdIj/bCj2j7NFVHb2nFB4aUdfucDn3JRKgrZnplb8nieAirAzRSHP8uDEd+qV6ygzg9Pz4YG7UTJf94LPSyg==", + "dev": true, + "peer": true, + "requires": { + "@babel/core": "^7.1.0", + "@jest/test-sequencer": "^26.6.3", + "@jest/types": "^26.6.2", + "babel-jest": "^26.6.3", + "chalk": "^4.0.0", + "deepmerge": "^4.2.2", + "glob": "^7.1.1", + "graceful-fs": "^4.2.4", + "jest-environment-jsdom": "^26.6.2", + "jest-environment-node": "^26.6.2", + "jest-get-type": "^26.3.0", + "jest-jasmine2": "^26.6.3", + "jest-regex-util": "^26.0.0", + "jest-resolve": "^26.6.2", + "jest-util": "^26.6.2", + "jest-validate": "^26.6.2", + "micromatch": "^4.0.2", + "pretty-format": "^26.6.2" + }, + "dependencies": { + "deepmerge": { + "version": "4.2.2", + "resolved": "https://registry.npmjs.org/deepmerge/-/deepmerge-4.2.2.tgz", + "integrity": "sha512-FJ3UgI4gIl+PHZm53knsuSFpE+nESMr7M4v9QcgB7S63Kj/6WqMiFQJpBBYz1Pt+66bZpP3Q7Lye0Oo9MPKEdg==", + "dev": true, + "peer": true + } + } + }, + "jest-diff": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/jest-diff/-/jest-diff-26.6.2.tgz", + "integrity": "sha512-6m+9Z3Gv9wN0WFVasqjCL/06+EFCMTqDEUl/b87HYK2rAPTyfz4ZIuSlPhY51PIQRWx5TaxeF1qmXKe9gfN3sA==", + "dev": true, + "peer": true, + "requires": { + "chalk": "^4.0.0", + "diff-sequences": "^26.6.2", + "jest-get-type": "^26.3.0", + "pretty-format": "^26.6.2" + } + }, + "jest-docblock": { + "version": "26.0.0", + "resolved": "https://registry.npmjs.org/jest-docblock/-/jest-docblock-26.0.0.tgz", + "integrity": "sha512-RDZ4Iz3QbtRWycd8bUEPxQsTlYazfYn/h5R65Fc6gOfwozFhoImx+affzky/FFBuqISPTqjXomoIGJVKBWoo0w==", + "dev": true, + "peer": true, + "requires": { + "detect-newline": "^3.0.0" + } + }, + "jest-each": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/jest-each/-/jest-each-26.6.2.tgz", + "integrity": "sha512-Mer/f0KaATbjl8MCJ+0GEpNdqmnVmDYqCTJYTvoo7rqmRiDllmp2AYN+06F93nXcY3ur9ShIjS+CO/uD+BbH4A==", + "dev": true, + "peer": true, + "requires": { + "@jest/types": "^26.6.2", + "chalk": "^4.0.0", + "jest-get-type": "^26.3.0", + "jest-util": "^26.6.2", + "pretty-format": "^26.6.2" + } + }, + "jest-environment-jsdom": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/jest-environment-jsdom/-/jest-environment-jsdom-26.6.2.tgz", + "integrity": "sha512-jgPqCruTlt3Kwqg5/WVFyHIOJHsiAvhcp2qiR2QQstuG9yWox5+iHpU3ZrcBxW14T4fe5Z68jAfLRh7joCSP2Q==", + "dev": true, + "peer": true, + "requires": { + "@jest/environment": "^26.6.2", + "@jest/fake-timers": "^26.6.2", + "@jest/types": "^26.6.2", + "@types/node": "*", + "jest-mock": "^26.6.2", + "jest-util": "^26.6.2", + "jsdom": "^16.4.0" + } + }, + "jest-environment-node": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/jest-environment-node/-/jest-environment-node-26.6.2.tgz", + "integrity": "sha512-zhtMio3Exty18dy8ee8eJ9kjnRyZC1N4C1Nt/VShN1apyXc8rWGtJ9lI7vqiWcyyXS4BVSEn9lxAM2D+07/Tag==", + "dev": true, + "peer": true, + "requires": { + "@jest/environment": "^26.6.2", + "@jest/fake-timers": "^26.6.2", + "@jest/types": "^26.6.2", + "@types/node": "*", + "jest-mock": "^26.6.2", + "jest-util": "^26.6.2" + } + }, + "jest-get-type": { + "version": "26.3.0", + "resolved": "https://registry.npmjs.org/jest-get-type/-/jest-get-type-26.3.0.tgz", + "integrity": "sha512-TpfaviN1R2pQWkIihlfEanwOXK0zcxrKEE4MlU6Tn7keoXdN6/3gK/xl0yEh8DOunn5pOVGKf8hB4R9gVh04ig==", + "dev": true, + "peer": true + }, + "jest-haste-map": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/jest-haste-map/-/jest-haste-map-26.6.2.tgz", + "integrity": "sha512-easWIJXIw71B2RdR8kgqpjQrbMRWQBgiBwXYEhtGUTaX+doCjBheluShdDMeR8IMfJiTqH4+zfhtg29apJf/8w==", + "dev": true, + "peer": true, + "requires": { + "@jest/types": "^26.6.2", + "@types/graceful-fs": "^4.1.2", + "@types/node": "*", + "anymatch": "^3.0.3", + "fb-watchman": "^2.0.0", + "fsevents": "^2.1.2", + "graceful-fs": "^4.2.4", + "jest-regex-util": "^26.0.0", + "jest-serializer": "^26.6.2", + "jest-util": "^26.6.2", + "jest-worker": "^26.6.2", + "micromatch": "^4.0.2", + "sane": "^4.0.3", + "walker": "^1.0.7" + }, + "dependencies": { + "jest-worker": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/jest-worker/-/jest-worker-26.6.2.tgz", + "integrity": "sha512-KWYVV1c4i+jbMpaBC+U++4Va0cp8OisU185o73T1vo99hqi7w8tSJfUXYswwqqrjzwxa6KpRK54WhPvwf5w6PQ==", + "dev": true, + "peer": true, + "requires": { + "@types/node": "*", + "merge-stream": "^2.0.0", + "supports-color": "^7.0.0" + } + } + } + }, + "jest-jasmine2": { + "version": "26.6.3", + "resolved": "https://registry.npmjs.org/jest-jasmine2/-/jest-jasmine2-26.6.3.tgz", + "integrity": "sha512-kPKUrQtc8aYwBV7CqBg5pu+tmYXlvFlSFYn18ev4gPFtrRzB15N2gW/Roew3187q2w2eHuu0MU9TJz6w0/nPEg==", + "dev": true, + "peer": true, + "requires": { + "@babel/traverse": "^7.1.0", + "@jest/environment": "^26.6.2", + "@jest/source-map": "^26.6.2", + "@jest/test-result": "^26.6.2", + "@jest/types": "^26.6.2", + "@types/node": "*", + "chalk": "^4.0.0", + "co": "^4.6.0", + "expect": "^26.6.2", + "is-generator-fn": "^2.0.0", + "jest-each": "^26.6.2", + "jest-matcher-utils": "^26.6.2", + "jest-message-util": "^26.6.2", + "jest-runtime": "^26.6.3", + "jest-snapshot": "^26.6.2", + "jest-util": "^26.6.2", + "pretty-format": "^26.6.2", + "throat": "^5.0.0" + } + }, + "jest-leak-detector": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/jest-leak-detector/-/jest-leak-detector-26.6.2.tgz", + "integrity": "sha512-i4xlXpsVSMeKvg2cEKdfhh0H39qlJlP5Ex1yQxwF9ubahboQYMgTtz5oML35AVA3B4Eu+YsmwaiKVev9KCvLxg==", + "dev": true, + "peer": true, + "requires": { + "jest-get-type": "^26.3.0", + "pretty-format": "^26.6.2" + } + }, + "jest-matcher-utils": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/jest-matcher-utils/-/jest-matcher-utils-26.6.2.tgz", + "integrity": "sha512-llnc8vQgYcNqDrqRDXWwMr9i7rS5XFiCwvh6DTP7Jqa2mqpcCBBlpCbn+trkG0KNhPu/h8rzyBkriOtBstvWhw==", + "dev": true, + "peer": true, + "requires": { + "chalk": "^4.0.0", + "jest-diff": "^26.6.2", + "jest-get-type": "^26.3.0", + "pretty-format": "^26.6.2" + } + }, + "jest-message-util": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/jest-message-util/-/jest-message-util-26.6.2.tgz", + "integrity": "sha512-rGiLePzQ3AzwUshu2+Rn+UMFk0pHN58sOG+IaJbk5Jxuqo3NYO1U2/MIR4S1sKgsoYSXSzdtSa0TgrmtUwEbmA==", + "dev": true, + "peer": true, + "requires": { + "@babel/code-frame": "^7.0.0", + "@jest/types": "^26.6.2", + "@types/stack-utils": "^2.0.0", + "chalk": "^4.0.0", + "graceful-fs": "^4.2.4", + "micromatch": "^4.0.2", + "pretty-format": "^26.6.2", + "slash": "^3.0.0", + "stack-utils": "^2.0.2" + } + }, + "jest-mock": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/jest-mock/-/jest-mock-26.6.2.tgz", + "integrity": "sha512-YyFjePHHp1LzpzYcmgqkJ0nm0gg/lJx2aZFzFy1S6eUqNjXsOqTK10zNRff2dNfssgokjkG65OlWNcIlgd3zew==", + "dev": true, + "peer": true, + "requires": { + "@jest/types": "^26.6.2", + "@types/node": "*" + } + }, + "jest-pnp-resolver": { + "version": "1.2.2", + "resolved": "https://registry.npmjs.org/jest-pnp-resolver/-/jest-pnp-resolver-1.2.2.tgz", + "integrity": "sha512-olV41bKSMm8BdnuMsewT4jqlZ8+3TCARAXjZGT9jcoSnrfUnRCqnMoF9XEeoWjbzObpqF9dRhHQj0Xb9QdF6/w==", + "dev": true, + "peer": true, + "requires": {} + }, + "jest-regex-util": { + "version": "26.0.0", + "resolved": "https://registry.npmjs.org/jest-regex-util/-/jest-regex-util-26.0.0.tgz", + "integrity": "sha512-Gv3ZIs/nA48/Zvjrl34bf+oD76JHiGDUxNOVgUjh3j890sblXryjY4rss71fPtD/njchl6PSE2hIhvyWa1eT0A==", + "dev": true, + "peer": true + }, + "jest-resolve": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/jest-resolve/-/jest-resolve-26.6.2.tgz", + "integrity": "sha512-sOxsZOq25mT1wRsfHcbtkInS+Ek7Q8jCHUB0ZUTP0tc/c41QHriU/NunqMfCUWsL4H3MHpvQD4QR9kSYhS7UvQ==", + "dev": true, + "peer": true, + "requires": { + "@jest/types": "^26.6.2", + "chalk": "^4.0.0", + "graceful-fs": "^4.2.4", + "jest-pnp-resolver": "^1.2.2", + "jest-util": "^26.6.2", + "read-pkg-up": "^7.0.1", + "resolve": "^1.18.1", + "slash": "^3.0.0" + } + }, + "jest-resolve-dependencies": { + "version": "26.6.3", + "resolved": "https://registry.npmjs.org/jest-resolve-dependencies/-/jest-resolve-dependencies-26.6.3.tgz", + "integrity": "sha512-pVwUjJkxbhe4RY8QEWzN3vns2kqyuldKpxlxJlzEYfKSvY6/bMvxoFrYYzUO1Gx28yKWN37qyV7rIoIp2h8fTg==", + "dev": true, + "peer": true, + "requires": { + "@jest/types": "^26.6.2", + "jest-regex-util": "^26.0.0", + "jest-snapshot": "^26.6.2" + } + }, + "jest-runner": { + "version": "26.6.3", + "resolved": "https://registry.npmjs.org/jest-runner/-/jest-runner-26.6.3.tgz", + "integrity": "sha512-atgKpRHnaA2OvByG/HpGA4g6CSPS/1LK0jK3gATJAoptC1ojltpmVlYC3TYgdmGp+GLuhzpH30Gvs36szSL2JQ==", + "dev": true, + "peer": true, + "requires": { + "@jest/console": "^26.6.2", + "@jest/environment": "^26.6.2", + "@jest/test-result": "^26.6.2", + "@jest/types": "^26.6.2", + "@types/node": "*", + "chalk": "^4.0.0", + "emittery": "^0.7.1", + "exit": "^0.1.2", + "graceful-fs": "^4.2.4", + "jest-config": "^26.6.3", + "jest-docblock": "^26.0.0", + "jest-haste-map": "^26.6.2", + "jest-leak-detector": "^26.6.2", + "jest-message-util": "^26.6.2", + "jest-resolve": "^26.6.2", + "jest-runtime": "^26.6.3", + "jest-util": "^26.6.2", + "jest-worker": "^26.6.2", + "source-map-support": "^0.5.6", + "throat": "^5.0.0" + }, + "dependencies": { + "jest-worker": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/jest-worker/-/jest-worker-26.6.2.tgz", + "integrity": "sha512-KWYVV1c4i+jbMpaBC+U++4Va0cp8OisU185o73T1vo99hqi7w8tSJfUXYswwqqrjzwxa6KpRK54WhPvwf5w6PQ==", + "dev": true, + "peer": true, + "requires": { + "@types/node": "*", + "merge-stream": "^2.0.0", + "supports-color": "^7.0.0" + } + } + } + }, + "jest-runtime": { + "version": "26.6.3", + "resolved": "https://registry.npmjs.org/jest-runtime/-/jest-runtime-26.6.3.tgz", + "integrity": "sha512-lrzyR3N8sacTAMeonbqpnSka1dHNux2uk0qqDXVkMv2c/A3wYnvQ4EXuI013Y6+gSKSCxdaczvf4HF0mVXHRdw==", + "dev": true, + "peer": true, + "requires": { + "@jest/console": "^26.6.2", + "@jest/environment": "^26.6.2", + "@jest/fake-timers": "^26.6.2", + "@jest/globals": "^26.6.2", + "@jest/source-map": "^26.6.2", + "@jest/test-result": "^26.6.2", + "@jest/transform": "^26.6.2", + "@jest/types": "^26.6.2", + "@types/yargs": "^15.0.0", + "chalk": "^4.0.0", + "cjs-module-lexer": "^0.6.0", + "collect-v8-coverage": "^1.0.0", + "exit": "^0.1.2", + "glob": "^7.1.3", + "graceful-fs": "^4.2.4", + "jest-config": "^26.6.3", + "jest-haste-map": "^26.6.2", + "jest-message-util": "^26.6.2", + "jest-mock": "^26.6.2", + "jest-regex-util": "^26.0.0", + "jest-resolve": "^26.6.2", + "jest-snapshot": "^26.6.2", + "jest-util": "^26.6.2", + "jest-validate": "^26.6.2", + "slash": "^3.0.0", + "strip-bom": "^4.0.0", + "yargs": "^15.4.1" + }, + "dependencies": { + "strip-bom": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/strip-bom/-/strip-bom-4.0.0.tgz", + "integrity": "sha512-3xurFv5tEgii33Zi8Jtp55wEIILR9eh34FAW00PZf+JnSsTmV/ioewSgQl97JHvgjoRGwPShsWm+IdrxB35d0w==", + "dev": true, + "peer": true + } + } + }, + "jest-serializer": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/jest-serializer/-/jest-serializer-26.6.2.tgz", + "integrity": "sha512-S5wqyz0DXnNJPd/xfIzZ5Xnp1HrJWBczg8mMfMpN78OJ5eDxXyf+Ygld9wX1DnUWbIbhM1YDY95NjR4CBXkb2g==", + "dev": true, + "peer": true, + "requires": { + "@types/node": "*", + "graceful-fs": "^4.2.4" + } + }, + "jest-snapshot": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/jest-snapshot/-/jest-snapshot-26.6.2.tgz", + "integrity": "sha512-OLhxz05EzUtsAmOMzuupt1lHYXCNib0ECyuZ/PZOx9TrZcC8vL0x+DUG3TL+GLX3yHG45e6YGjIm0XwDc3q3og==", + "dev": true, + "peer": true, + "requires": { + "@babel/types": "^7.0.0", + "@jest/types": "^26.6.2", + "@types/babel__traverse": "^7.0.4", + "@types/prettier": "^2.0.0", + "chalk": "^4.0.0", + "expect": "^26.6.2", + "graceful-fs": "^4.2.4", + "jest-diff": "^26.6.2", + "jest-get-type": "^26.3.0", + "jest-haste-map": "^26.6.2", + "jest-matcher-utils": "^26.6.2", + "jest-message-util": "^26.6.2", + "jest-resolve": "^26.6.2", + "natural-compare": "^1.4.0", + "pretty-format": "^26.6.2", + "semver": "^7.3.2" + } + }, "jest-util": { "version": "26.6.2", "resolved": "https://registry.npmjs.org/jest-util/-/jest-util-26.6.2.tgz", @@ -26978,10 +20932,52 @@ "micromatch": "^4.0.2" } }, + "jest-validate": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/jest-validate/-/jest-validate-26.6.2.tgz", + "integrity": "sha512-NEYZ9Aeyj0i5rQqbq+tpIOom0YS1u2MVu6+euBsvpgIme+FOfRmoC4R5p0JiAUpaFvFy24xgrpMknarR/93XjQ==", + "dev": true, + "peer": true, + "requires": { + "@jest/types": "^26.6.2", + "camelcase": "^6.0.0", + "chalk": "^4.0.0", + "jest-get-type": "^26.3.0", + "leven": "^3.1.0", + "pretty-format": "^26.6.2" + }, + "dependencies": { + "camelcase": { + "version": "6.3.0", + "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz", + "integrity": "sha512-Gmy6FhYlCY7uOElZUSbxo2UCDH8owEk996gkbrpsgGtrJLM3J7jGxl9Ic7Qwwj4ivOE5AWZWRMecDdF7hqGjFA==", + "dev": true, + "peer": true + } + } + }, + "jest-watcher": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/jest-watcher/-/jest-watcher-26.6.2.tgz", + "integrity": "sha512-WKJob0P/Em2csiVthsI68p6aGKTIcsfjH9Gsx1f0A3Italz43e3ho0geSAVsmj09RWOELP1AZ/DXyJgOgDKxXQ==", + "dev": true, + "peer": true, + "requires": { + "@jest/test-result": "^26.6.2", + "@jest/types": "^26.6.2", + "@types/node": "*", + "ansi-escapes": "^4.2.1", + "chalk": "^4.0.0", + "jest-util": "^26.6.2", + "string-length": "^4.0.1" + } + }, "jest-worker": { "version": "27.0.0-next.5", "resolved": "https://registry.npmjs.org/jest-worker/-/jest-worker-27.0.0-next.5.tgz", "integrity": "sha512-mk0umAQ5lT+CaOJ+Qp01N6kz48sJG2kr2n1rX0koqKf6FIygQV0qLOdN9SCYID4IVeSigDOcPeGLozdMLYfb5g==", + "dev": true, + "peer": true, "requires": { "@types/node": "*", "merge-stream": "^2.0.0", @@ -26992,40 +20988,116 @@ "version": "8.1.1", "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-8.1.1.tgz", "integrity": "sha512-MpUEN2OodtUzxvKQl72cUF7RQ5EiHsGvSsVG0ia9c5RbWGL2CI4C7EpPS8UTBIplnlzZiNuV56w+FuNxy3ty2Q==", + "dev": true, + "peer": true, "requires": { "has-flag": "^4.0.0" } } } }, - "js-cookie": { - "version": "2.2.1", - "resolved": "https://registry.npmjs.org/js-cookie/-/js-cookie-2.2.1.tgz", - "integrity": "sha512-HvdH2LzI/EAZcUwA8+0nKNtWHqS+ZmijLA30RwZA0bo7ToCckjK5MkGhjED9KoRcXO6BaGI3I9UIzSA1FKFPOQ==" - }, "js-tokens": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz", - "integrity": "sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==" + "integrity": "sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==", + "dev": true }, "js-yaml": { "version": "3.14.1", "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", "integrity": "sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==", + "dev": true, "requires": { "argparse": "^1.0.7", "esprima": "^4.0.0" } }, + "jsdom": { + "version": "16.7.0", + "resolved": "https://registry.npmjs.org/jsdom/-/jsdom-16.7.0.tgz", + "integrity": "sha512-u9Smc2G1USStM+s/x1ru5Sxrl6mPYCbByG1U/hUmqaVsm4tbNyS7CicOSRyuGQYZhTu0h84qkZZQ/I+dzizSVw==", + "dev": true, + "peer": true, + "requires": { + "abab": "^2.0.5", + "acorn": "^8.2.4", + "acorn-globals": "^6.0.0", + "cssom": "^0.4.4", + "cssstyle": "^2.3.0", + "data-urls": "^2.0.0", + "decimal.js": "^10.2.1", + "domexception": "^2.0.1", + "escodegen": "^2.0.0", + "form-data": "^3.0.0", + "html-encoding-sniffer": "^2.0.1", + "http-proxy-agent": "^4.0.1", + "https-proxy-agent": "^5.0.0", + "is-potential-custom-element-name": "^1.0.1", + "nwsapi": "^2.2.0", + "parse5": "6.0.1", + "saxes": "^5.0.1", + "symbol-tree": "^3.2.4", + "tough-cookie": "^4.0.0", + "w3c-hr-time": "^1.0.2", + "w3c-xmlserializer": "^2.0.0", + "webidl-conversions": "^6.1.0", + "whatwg-encoding": "^1.0.5", + "whatwg-mimetype": "^2.3.0", + "whatwg-url": "^8.5.0", + "ws": "^7.4.6", + "xml-name-validator": "^3.0.0" + }, + "dependencies": { + "acorn": { + "version": "8.7.0", + "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.7.0.tgz", + "integrity": "sha512-V/LGr1APy+PXIwKebEWrkZPwoeoF+w1jiOBUmuxuiUIaOHtob8Qc9BTrYo7VuI5fR8tqsy+buA2WFooR5olqvQ==", + "dev": true, + "peer": true + }, + "tr46": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/tr46/-/tr46-2.1.0.tgz", + "integrity": "sha512-15Ih7phfcdP5YxqiB+iDtLoaTz4Nd35+IiAv0kQ5FNKHzXgdWqPoTIqEDDJmXceQt4JZk6lVPT8lnDlPpGDppw==", + "dev": true, + "peer": true, + "requires": { + "punycode": "^2.1.1" + } + }, + "webidl-conversions": { + "version": "6.1.0", + "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-6.1.0.tgz", + "integrity": "sha512-qBIvFLGiBpLjfwmYAaHPXsn+ho5xZnGvyGvsarywGNc8VyQJUMHJ8OBKGGrPER0okBeMDaan4mNBlgBROxuI8w==", + "dev": true, + "peer": true + }, + "whatwg-url": { + "version": "8.7.0", + "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-8.7.0.tgz", + "integrity": "sha512-gAojqb/m9Q8a5IV96E3fHJM70AzCkgt4uXYX2O7EmuyOnLrViCQlsEBmF9UQIu3/aeAIp2U17rtbpZWNntQqdg==", + "dev": true, + "peer": true, + "requires": { + "lodash": "^4.7.0", + "tr46": "^2.1.0", + "webidl-conversions": "^6.1.0" + } + }, + "ws": { + "version": "7.5.7", + "resolved": "https://registry.npmjs.org/ws/-/ws-7.5.7.tgz", + "integrity": "sha512-KMvVuFzpKBuiIXW3E4u3mySRO2/mCHSyZDJQM5NQ9Q9KHWHWh0NHgfbRMLLrceUK5qAL4ytALJbpRMjixFZh8A==", + "dev": true, + "peer": true, + "requires": {} + } + } + }, "jsesc": { "version": "2.5.2", "resolved": "https://registry.npmjs.org/jsesc/-/jsesc-2.5.2.tgz", - "integrity": "sha512-OYu7XEzjkCQ3C5Ps3QIZsQfNpqoJyZZA99wd9aWd05NCtC5pWOkShK2mkL6HXQR6/Cy2lbNdPlZBpuQHXE63gA==" - }, - "json-buffer": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/json-buffer/-/json-buffer-3.0.0.tgz", - "integrity": "sha1-Wx85evx11ne96Lz8Dkfh+aPZqJg=", + "integrity": "sha512-OYu7XEzjkCQ3C5Ps3QIZsQfNpqoJyZZA99wd9aWd05NCtC5pWOkShK2mkL6HXQR6/Cy2lbNdPlZBpuQHXE63gA==", "dev": true }, "json-parse-better-errors": { @@ -27056,6 +21128,7 @@ "version": "2.2.0", "resolved": "https://registry.npmjs.org/json5/-/json5-2.2.0.tgz", "integrity": "sha512-f+8cldu7X/y7RAJurMEJmdoKXGB/X550w2Nr3tTbezL6RwEE/iMcm+tZnXeoZtKuOq6ft8+CqzEkrIgx1fPoQA==", + "dev": true, "requires": { "minimist": "^1.2.5" } @@ -27088,42 +21161,18 @@ "object.assign": "^4.1.2" } }, - "kapellmeister": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/kapellmeister/-/kapellmeister-3.0.1.tgz", - "integrity": "sha512-S7+gYcziMREv8RxG46138mb1O4Xf9II/bCxEJPYkhlZ7PgGWTlicgsyNad/DGc5oEAlWGLXE5ExLbTDVvJmgDA==", - "requires": { - "d3-timer": "^1.0.9" - } - }, - "katex": { - "version": "0.12.0", - "resolved": "https://registry.npmjs.org/katex/-/katex-0.12.0.tgz", - "integrity": "sha512-y+8btoc/CK70XqcHqjxiGWBOeIL8upbS0peTPXTvgrh21n1RiWWcIpSWM+4uXq+IAgNh9YYQWdc7LVDPDAEEAg==", - "requires": { - "commander": "^2.19.0" - }, - "dependencies": { - "commander": { - "version": "2.20.3", - "resolved": "https://registry.npmjs.org/commander/-/commander-2.20.3.tgz", - "integrity": "sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ==" - } - } - }, - "keyv": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/keyv/-/keyv-3.0.0.tgz", - "integrity": "sha512-eguHnq22OE3uVoSYG0LVWNP+4ppamWr9+zWBe1bsNcovIMy6huUJFPgy4mGwCd/rnl3vOLGW1MTlu4c57CT1xA==", - "dev": true, - "requires": { - "json-buffer": "3.0.0" - } - }, "kind-of": { "version": "6.0.3", "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-6.0.3.tgz", - "integrity": "sha512-dcS1ul+9tmeD95T+x28/ehLgd9mENa3LsvDTtzm3vyBEO7RPptvAD+t44WVXaUjTBRcrpFeFlC8WCruUR456hw==" + "integrity": "sha512-dcS1ul+9tmeD95T+x28/ehLgd9mENa3LsvDTtzm3vyBEO7RPptvAD+t44WVXaUjTBRcrpFeFlC8WCruUR456hw==", + "dev": true + }, + "kleur": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/kleur/-/kleur-3.0.3.tgz", + "integrity": "sha512-eTIzlVOSUR+JxdDFepEYcBMtZ9Qqdef+rnzWdRZuMbOywu5tO2w2N7rqjoANZ5k9vywhL6Br1VRjUIgTQx4E8w==", + "dev": true, + "peer": true }, "known-css-properties": { "version": "0.20.0", @@ -27146,6 +21195,13 @@ "language-subtag-registry": "~0.3.2" } }, + "leven": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/leven/-/leven-3.1.0.tgz", + "integrity": "sha512-qsda+H8jTaUaN/x5vzW2rzc+8Rw4TAQ/4KjB46IwK5VH+IlVeeeje/EoZRpiXvIqjFgK84QffqPztGI3VBLG1A==", + "dev": true, + "peer": true + }, "levn": { "version": "0.4.1", "resolved": "https://registry.npmjs.org/levn/-/levn-0.4.1.tgz", @@ -27156,11 +21212,6 @@ "type-check": "~0.4.0" } }, - "line-reader": { - "version": "0.4.0", - "resolved": "https://registry.npmjs.org/line-reader/-/line-reader-0.4.0.tgz", - "integrity": "sha1-F+RIGNoKwzVnW6MAlU+U72cOZv0=" - }, "lines-and-columns": { "version": "1.1.6", "resolved": "https://registry.npmjs.org/lines-and-columns/-/lines-and-columns-1.1.6.tgz", @@ -27269,37 +21320,11 @@ } } }, - "load-script": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/load-script/-/load-script-1.0.0.tgz", - "integrity": "sha1-BJGTngvuVkPuSUp+PaPSuscMbKQ=" - }, - "loader-utils": { - "version": "1.4.0", - "resolved": "https://registry.npmjs.org/loader-utils/-/loader-utils-1.4.0.tgz", - "integrity": "sha512-qH0WSMBtn/oHuwjy/NucEgbx5dbxxnxup9s4PVXJUDHZBQY+s0NWA9rJf53RBnQZxfch7euUui7hpoAPvALZdA==", - "dev": true, - "requires": { - "big.js": "^5.2.2", - "emojis-list": "^3.0.0", - "json5": "^1.0.1" - }, - "dependencies": { - "json5": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/json5/-/json5-1.0.1.tgz", - "integrity": "sha512-aKS4WQjPenRxiQsC93MNfjx+nbF4PAdYzmd/1JIj8HYzqfbu86beTuNgXDzPknWk0n0uARlyewZo4s++ES36Ow==", - "dev": true, - "requires": { - "minimist": "^1.2.0" - } - } - } - }, "locate-path": { "version": "6.0.0", "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-6.0.0.tgz", "integrity": "sha512-iPZK6eYjbxRu3uB4/WZ3EsEIMJFMqAoopl3R+zuq0UjcAm/MO6KCweDgPfP3elTztoKP3KtnVHxTn2NHBSDVUw==", + "dev": true, "requires": { "p-locate": "^5.0.0" } @@ -27307,12 +21332,8 @@ "lodash": { "version": "4.17.21", "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", - "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==" - }, - "lodash-es": { - "version": "4.17.21", - "resolved": "https://registry.npmjs.org/lodash-es/-/lodash-es-4.17.21.tgz", - "integrity": "sha512-mKnC+QJ9pWVzv+C4/U3rRsHapFfHvQFoFB92e52xeyGMcX6/OlIl78je1u8vePzYZSkkogMPJ2yjxxsb89cxyw==" + "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==", + "dev": true }, "lodash.clonedeep": { "version": "4.5.0", @@ -27323,7 +21344,9 @@ "lodash.sortby": { "version": "4.7.0", "resolved": "https://registry.npmjs.org/lodash.sortby/-/lodash.sortby-4.7.0.tgz", - "integrity": "sha1-7dFMgk4sycHgsKG0K7UhBRakJDg=" + "integrity": "sha1-7dFMgk4sycHgsKG0K7UhBRakJDg=", + "dev": true, + "peer": true }, "lodash.truncate": { "version": "4.4.2", @@ -27331,11 +21354,6 @@ "integrity": "sha1-WjUNoLERO4N+z//VgSy+WNbq4ZM=", "dev": true }, - "lodash.uniq": { - "version": "4.5.0", - "resolved": "https://registry.npmjs.org/lodash.uniq/-/lodash.uniq-4.5.0.tgz", - "integrity": "sha1-0CJTc662Uq3BvILklFM5qEJ1R3M=" - }, "log-symbols": { "version": "4.1.0", "resolved": "https://registry.npmjs.org/log-symbols/-/log-symbols-4.1.0.tgz", @@ -27382,299 +21400,28 @@ } } }, - "logalot": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/logalot/-/logalot-2.1.0.tgz", - "integrity": "sha1-X46MkNME7fElMJUaVVSruMXj9VI=", - "dev": true, - "requires": { - "figures": "^1.3.5", - "squeak": "^1.0.0" - }, - "dependencies": { - "figures": { - "version": "1.7.0", - "resolved": "https://registry.npmjs.org/figures/-/figures-1.7.0.tgz", - "integrity": "sha1-y+Hjr/zxzUS4DK3+0o3Hk6lwHS4=", - "dev": true, - "requires": { - "escape-string-regexp": "^1.0.5", - "object-assign": "^4.1.0" - } - } - } - }, - "longest": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/longest/-/longest-1.0.1.tgz", - "integrity": "sha1-MKCy2jj3N3DoKUoNIuZiXtd9AJc=", - "dev": true - }, "longest-streak": { "version": "2.0.4", "resolved": "https://registry.npmjs.org/longest-streak/-/longest-streak-2.0.4.tgz", - "integrity": "sha512-vM6rUVCVUJJt33bnmHiZEvr7wPT78ztX7rojL+LW51bHtLh6HTjx84LA5W4+oa6aKEJA7jJu5LR6vQRBpA5DVg==" + "integrity": "sha512-vM6rUVCVUJJt33bnmHiZEvr7wPT78ztX7rojL+LW51bHtLh6HTjx84LA5W4+oa6aKEJA7jJu5LR6vQRBpA5DVg==", + "dev": true }, "loose-envify": { "version": "1.4.0", "resolved": "https://registry.npmjs.org/loose-envify/-/loose-envify-1.4.0.tgz", "integrity": "sha512-lyuxPGr/Wfhrlem2CL/UcnUc1zcqKAImBDzukY7Y5F/yQiNdko6+fRLevlw1HgMySw7f611UIY408EtxRSoK3Q==", + "dev": true, "requires": { "js-tokens": "^3.0.0 || ^4.0.0" } }, - "loud-rejection": { - "version": "1.6.0", - "resolved": "https://registry.npmjs.org/loud-rejection/-/loud-rejection-1.6.0.tgz", - "integrity": "sha1-W0b4AUft7leIcPCG0Eghz5mOVR8=", - "dev": true, - "requires": { - "currently-unhandled": "^0.4.1", - "signal-exit": "^3.0.0" - } - }, - "lower-case": { - "version": "2.0.2", - "resolved": "https://registry.npmjs.org/lower-case/-/lower-case-2.0.2.tgz", - "integrity": "sha512-7fm3l3NAF9WfN6W3JOmf5drwpVqX78JtoGJ3A6W0a6ZnldM41w2fV5D490psKFTpMds8TJse/eHLFFsNHHjHgg==", - "requires": { - "tslib": "^2.0.3" - }, - "dependencies": { - "tslib": { - "version": "2.3.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.3.1.tgz", - "integrity": "sha512-77EbyPPpMz+FRFRuAFlWMtmgUWGe9UOG2Z25NqCwiIjRhOf5iKGuzSe5P2w1laq+FkRy4p+PCuVkJSGkzTEKVw==" - } - } - }, - "lowercase-keys": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/lowercase-keys/-/lowercase-keys-1.0.1.tgz", - "integrity": "sha512-G2Lj61tXDnVFFOi8VZds+SoQjtQC3dgokKdDG2mTm1tx4m50NUHBOZSBwQQHyy0V12A0JTG4icfZQH+xPyh8VA==", - "dev": true - }, - "lpad-align": { - "version": "1.1.2", - "resolved": "https://registry.npmjs.org/lpad-align/-/lpad-align-1.1.2.tgz", - "integrity": "sha1-IfYArBwwlcPG5JfuZyce4ISB/p4=", - "dev": true, - "requires": { - "get-stdin": "^4.0.1", - "indent-string": "^2.1.0", - "longest": "^1.0.0", - "meow": "^3.3.0" - }, - "dependencies": { - "camelcase": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-2.1.1.tgz", - "integrity": "sha1-fB0W1nmhu+WcoCys7PsBHiAfWh8=", - "dev": true - }, - "camelcase-keys": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/camelcase-keys/-/camelcase-keys-2.1.0.tgz", - "integrity": "sha1-MIvur/3ygRkFHvodkyITyRuPkuc=", - "dev": true, - "requires": { - "camelcase": "^2.0.0", - "map-obj": "^1.0.0" - } - }, - "find-up": { - "version": "1.1.2", - "resolved": "https://registry.npmjs.org/find-up/-/find-up-1.1.2.tgz", - "integrity": "sha1-ay6YIrGizgpgq2TWEOzK1TyyTQ8=", - "dev": true, - "requires": { - "path-exists": "^2.0.0", - "pinkie-promise": "^2.0.0" - } - }, - "get-stdin": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/get-stdin/-/get-stdin-4.0.1.tgz", - "integrity": "sha1-uWjGsKBDhDJJAui/Gl3zJXmkUP4=", - "dev": true - }, - "hosted-git-info": { - "version": "2.8.9", - "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-2.8.9.tgz", - "integrity": "sha512-mxIDAb9Lsm6DoOJ7xH+5+X4y1LU/4Hi50L9C5sIswK3JzULS4bwk1FvjdBgvYR4bzT4tuUQiC15FE2f5HbLvYw==", - "dev": true - }, - "indent-string": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/indent-string/-/indent-string-2.1.0.tgz", - "integrity": "sha1-ji1INIdCEhtKghi3oTfppSBJ3IA=", - "dev": true, - "requires": { - "repeating": "^2.0.0" - } - }, - "load-json-file": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/load-json-file/-/load-json-file-1.1.0.tgz", - "integrity": "sha1-lWkFcI1YtLq0wiYbBPWfMcmTdMA=", - "dev": true, - "requires": { - "graceful-fs": "^4.1.2", - "parse-json": "^2.2.0", - "pify": "^2.0.0", - "pinkie-promise": "^2.0.0", - "strip-bom": "^2.0.0" - } - }, - "map-obj": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/map-obj/-/map-obj-1.0.1.tgz", - "integrity": "sha1-2TPOuSBdgr3PSIb2dCvcK03qFG0=", - "dev": true - }, - "meow": { - "version": "3.7.0", - "resolved": "https://registry.npmjs.org/meow/-/meow-3.7.0.tgz", - "integrity": "sha1-cstmi0JSKCkKu/qFaJJYcwioAfs=", - "dev": true, - "requires": { - "camelcase-keys": "^2.0.0", - "decamelize": "^1.1.2", - "loud-rejection": "^1.0.0", - "map-obj": "^1.0.1", - "minimist": "^1.1.3", - "normalize-package-data": "^2.3.4", - "object-assign": "^4.0.1", - "read-pkg-up": "^1.0.1", - "redent": "^1.0.0", - "trim-newlines": "^1.0.0" - } - }, - "normalize-package-data": { - "version": "2.5.0", - "resolved": "https://registry.npmjs.org/normalize-package-data/-/normalize-package-data-2.5.0.tgz", - "integrity": "sha512-/5CMN3T0R4XTj4DcGaexo+roZSdSFW/0AOOTROrjxzCG1wrWXEsGbRKevjlIL+ZDE4sZlJr5ED4YW0yqmkK+eA==", - "dev": true, - "requires": { - "hosted-git-info": "^2.1.4", - "resolve": "^1.10.0", - "semver": "2 || 3 || 4 || 5", - "validate-npm-package-license": "^3.0.1" - } - }, - "parse-json": { - "version": "2.2.0", - "resolved": "https://registry.npmjs.org/parse-json/-/parse-json-2.2.0.tgz", - "integrity": "sha1-9ID0BDTvgHQfhGkJn43qGPVaTck=", - "dev": true, - "requires": { - "error-ex": "^1.2.0" - } - }, - "path-exists": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-2.1.0.tgz", - "integrity": "sha1-D+tsZPD8UY2adU3V77YscCJ2H0s=", - "dev": true, - "requires": { - "pinkie-promise": "^2.0.0" - } - }, - "path-type": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/path-type/-/path-type-1.1.0.tgz", - "integrity": "sha1-WcRPfuSR2nBNpBXaWkBwuk+P5EE=", - "dev": true, - "requires": { - "graceful-fs": "^4.1.2", - "pify": "^2.0.0", - "pinkie-promise": "^2.0.0" - } - }, - "pify": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/pify/-/pify-2.3.0.tgz", - "integrity": "sha1-7RQaasBDqEnqWISY59yosVMw6Qw=", - "dev": true - }, - "read-pkg": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/read-pkg/-/read-pkg-1.1.0.tgz", - "integrity": "sha1-9f+qXs0pyzHAR0vKfXVra7KePyg=", - "dev": true, - "requires": { - "load-json-file": "^1.0.0", - "normalize-package-data": "^2.3.2", - "path-type": "^1.0.0" - } - }, - "read-pkg-up": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/read-pkg-up/-/read-pkg-up-1.0.1.tgz", - "integrity": "sha1-nWPBMnbAZZGNV/ACpX9AobZD+wI=", - "dev": true, - "requires": { - "find-up": "^1.0.0", - "read-pkg": "^1.0.0" - } - }, - "redent": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/redent/-/redent-1.0.0.tgz", - "integrity": "sha1-z5Fqsf1fHxbfsggi3W7H9zDCr94=", - "dev": true, - "requires": { - "indent-string": "^2.1.0", - "strip-indent": "^1.0.1" - } - }, - "semver": { - "version": "5.7.1", - "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz", - "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==", - "dev": true - }, - "strip-bom": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/strip-bom/-/strip-bom-2.0.0.tgz", - "integrity": "sha1-YhmoVhZSBJHzV4i9vxRHqZx+aw4=", - "dev": true, - "requires": { - "is-utf8": "^0.2.0" - } - }, - "strip-indent": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/strip-indent/-/strip-indent-1.0.1.tgz", - "integrity": "sha1-DHlipq3vp7vUrDZkYKY4VSrhoKI=", - "dev": true, - "requires": { - "get-stdin": "^4.0.1" - } - }, - "trim-newlines": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/trim-newlines/-/trim-newlines-1.0.0.tgz", - "integrity": "sha1-WIeWa7WCpFA6QetST301ARgVphM=", - "dev": true - } - } - }, "lru-cache": { "version": "6.0.0", "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==", - "requires": { - "yallist": "^4.0.0" - } - }, - "make-dir": { - "version": "1.3.0", - "resolved": "https://registry.npmjs.org/make-dir/-/make-dir-1.3.0.tgz", - "integrity": "sha512-2w31R7SJtieJJnQtGc7RVL2StM2vGYVfqUOvUDxH6bC6aJTxPxTF0GnIgCyu7tjockiUWAYQRbxa7vKn34s5sQ==", "dev": true, "requires": { - "pify": "^3.0.0" + "yallist": "^4.0.0" } }, "make-error": { @@ -27683,11 +21430,22 @@ "integrity": "sha512-s8UhlNe7vPKomQhC1qFelMokr/Sc3AgNbso3n74mVPA5LTZwkB9NlXf4XPamLxJE8h0gh73rM94xvwRT2CVInw==", "dev": true }, + "makeerror": { + "version": "1.0.12", + "resolved": "https://registry.npmjs.org/makeerror/-/makeerror-1.0.12.tgz", + "integrity": "sha512-JmqCvUhmt43madlpFzG4BQzG2Z3m6tvQDNKdClZnO3VbIudJYmxsT0FNJMeiB2+JTSlTQTSbU8QdesVmwJcmLg==", + "dev": true, + "peer": true, + "requires": { + "tmpl": "1.0.5" + } + }, "map-cache": { "version": "0.2.2", "resolved": "https://registry.npmjs.org/map-cache/-/map-cache-0.2.2.tgz", "integrity": "sha1-wyq9C9ZSXZsFFkW7TyasXcmKDb8=", - "dev": true + "dev": true, + "peer": true }, "map-obj": { "version": "4.2.1", @@ -27700,23 +21458,11 @@ "resolved": "https://registry.npmjs.org/map-visit/-/map-visit-1.0.0.tgz", "integrity": "sha1-7Nyo8TFE5mDxtb1B8S80edmN+48=", "dev": true, + "peer": true, "requires": { "object-visit": "^1.0.0" } }, - "markdown-escapes": { - "version": "1.0.4", - "resolved": "https://registry.npmjs.org/markdown-escapes/-/markdown-escapes-1.0.4.tgz", - "integrity": "sha512-8z4efJYk43E0upd0NbVXwgSTQs6cT3T06etieCMEg7dRbzCbxUCK/GHlX8mhHRDcp+OLlHkPKsvqQTCvsRl2cg==" - }, - "markdown-table": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/markdown-table/-/markdown-table-2.0.0.tgz", - "integrity": "sha512-Ezda85ToJUBhM6WGaG6veasyym+Tbs3cMAw/ZhOPqXiYsr0jgocBV3j3nx+4lk47plLlIqjwuTm/ywVI+zjJ/A==", - "requires": { - "repeat-string": "^1.0.0" - } - }, "mathml-tag-names": { "version": "2.1.3", "resolved": "https://registry.npmjs.org/mathml-tag-names/-/mathml-tag-names-2.1.3.tgz", @@ -27727,40 +21473,19 @@ "version": "1.3.5", "resolved": "https://registry.npmjs.org/md5.js/-/md5.js-1.3.5.tgz", "integrity": "sha512-xitP+WxNPcTTOgnTJcrhM0xvdPepipPSf3I8EIpGKeFLjt3PlJLIDG3u8EX53ZIubkb+5U2+3rELYpEhHhzdkg==", + "dev": true, + "peer": true, "requires": { "hash-base": "^3.0.0", "inherits": "^2.0.1", "safe-buffer": "^5.1.2" } }, - "mdast-squeeze-paragraphs": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/mdast-squeeze-paragraphs/-/mdast-squeeze-paragraphs-4.0.0.tgz", - "integrity": "sha512-zxdPn69hkQ1rm4J+2Cs2j6wDEv7O17TfXTJ33tl/+JPIoEmtV9t2ZzBM5LPHE8QlHsmVD8t3vPKCyY3oH+H8MQ==", - "requires": { - "unist-util-remove": "^2.0.0" - } - }, - "mdast-util-compact": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/mdast-util-compact/-/mdast-util-compact-2.0.1.tgz", - "integrity": "sha512-7GlnT24gEwDrdAwEHrU4Vv5lLWrEer4KOkAiKT9nYstsTad7Oc1TwqT2zIMKRdZF7cTuaf+GA1E4Kv7jJh8mPA==", - "requires": { - "unist-util-visit": "^2.0.0" - } - }, - "mdast-util-definitions": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/mdast-util-definitions/-/mdast-util-definitions-4.0.0.tgz", - "integrity": "sha512-k8AJ6aNnUkB7IE+5azR9h81O5EQ/cTDXtWdMq9Kk5KcEW/8ritU5CeLg/9HhOC++nALHBlaogJ5jz0Ybk3kPMQ==", - "requires": { - "unist-util-visit": "^2.0.0" - } - }, "mdast-util-from-markdown": { "version": "0.8.5", "resolved": "https://registry.npmjs.org/mdast-util-from-markdown/-/mdast-util-from-markdown-0.8.5.tgz", "integrity": "sha512-2hkTXtYYnr+NubD/g6KGBS/0mFmBcifAsI0yIWRiRo0PjVs6SSOSOdtzbp6kSGnShDN6G5aWZpKQ2lWRy27mWQ==", + "dev": true, "requires": { "@types/mdast": "^3.0.0", "mdast-util-to-string": "^2.0.0", @@ -27769,35 +21494,11 @@ "unist-util-stringify-position": "^2.0.0" } }, - "mdast-util-math": { - "version": "0.1.2", - "resolved": "https://registry.npmjs.org/mdast-util-math/-/mdast-util-math-0.1.2.tgz", - "integrity": "sha512-fogAitds+wH+QRas78Yr1TwmQGN4cW/G2WRw5ePuNoJbBSPJCxIOCE8MTzHgWHVSpgkRaPQTgfzXRE1CrwWSlg==", - "requires": { - "longest-streak": "^2.0.0", - "mdast-util-to-markdown": "^0.6.0", - "repeat-string": "^1.0.0" - } - }, - "mdast-util-to-hast": { - "version": "10.0.1", - "resolved": "https://registry.npmjs.org/mdast-util-to-hast/-/mdast-util-to-hast-10.0.1.tgz", - "integrity": "sha512-BW3LM9SEMnjf4HXXVApZMt8gLQWVNXc3jryK0nJu/rOXPOnlkUjmdkDlmxMirpbU9ILncGFIwLH/ubnWBbcdgA==", - "requires": { - "@types/mdast": "^3.0.0", - "@types/unist": "^2.0.0", - "mdast-util-definitions": "^4.0.0", - "mdurl": "^1.0.0", - "unist-builder": "^2.0.0", - "unist-util-generated": "^1.0.0", - "unist-util-position": "^3.0.0", - "unist-util-visit": "^2.0.0" - } - }, "mdast-util-to-markdown": { "version": "0.6.5", "resolved": "https://registry.npmjs.org/mdast-util-to-markdown/-/mdast-util-to-markdown-0.6.5.tgz", "integrity": "sha512-XeV9sDE7ZlOQvs45C9UKMtfTcctcaj/pGwH8YLbMHoMOXNNCn2LsqVQOqrF1+/NU8lKDAqozme9SCXWyo9oAcQ==", + "dev": true, "requires": { "@types/unist": "^2.0.0", "longest-streak": "^2.0.0", @@ -27810,29 +21511,9 @@ "mdast-util-to-string": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/mdast-util-to-string/-/mdast-util-to-string-2.0.0.tgz", - "integrity": "sha512-AW4DRS3QbBayY/jJmD8437V1Gombjf8RSOUCMFBuo5iHi58AGEgVCKQ+ezHkZZDpAQS75hcBMpLqjpJTjtUL7w==" - }, - "mdn-data": { - "version": "2.0.4", - "resolved": "https://registry.npmjs.org/mdn-data/-/mdn-data-2.0.4.tgz", - "integrity": "sha512-iV3XNKw06j5Q7mi6h+9vbx23Tv7JkjEVgKHW4pimwyDGWm0OIQntJJ+u1C6mg6mK1EaTv42XQ7w76yuzH7M2cA==", + "integrity": "sha512-AW4DRS3QbBayY/jJmD8437V1Gombjf8RSOUCMFBuo5iHi58AGEgVCKQ+ezHkZZDpAQS75hcBMpLqjpJTjtUL7w==", "dev": true }, - "mdurl": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/mdurl/-/mdurl-1.0.1.tgz", - "integrity": "sha1-/oWy7HWlkDfyrf7BAP1sYBdhFS4=" - }, - "media-typer": { - "version": "0.3.0", - "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz", - "integrity": "sha1-hxDXrwqmJvj/+hzgAWhUUmMlV0g=" - }, - "memoize-one": { - "version": "5.2.1", - "resolved": "https://registry.npmjs.org/memoize-one/-/memoize-one-5.2.1.tgz", - "integrity": "sha512-zYiwtZUcYyXKo/np96AGZAckk+FWWsUdJ3cHGGmld7+AhvcWmQyGCYUh1hc4Q/pkOhb65dQR/pqCyK0cOaHz4Q==" - }, "meow": { "version": "8.1.2", "resolved": "https://registry.npmjs.org/meow/-/meow-8.1.2.tgz", @@ -27860,15 +21541,11 @@ } } }, - "merge-descriptors": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.1.tgz", - "integrity": "sha1-sAqqVW3YtEVoFQ7J0blT8/kMu2E=" - }, "merge-stream": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/merge-stream/-/merge-stream-2.0.0.tgz", - "integrity": "sha512-abv/qOcuPfk3URPfDzmZU1LKmuw8kT+0nIHvKrKgFrwifol/doWcdA4ZqsWQ8ENrFKkd67Mfpo/LovbIUsbt3w==" + "integrity": "sha512-abv/qOcuPfk3URPfDzmZU1LKmuw8kT+0nIHvKrKgFrwifol/doWcdA4ZqsWQ8ENrFKkd67Mfpo/LovbIUsbt3w==", + "dev": true }, "merge2": { "version": "1.4.1", @@ -27876,34 +21553,16 @@ "integrity": "sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg==", "dev": true }, - "methods": { - "version": "1.1.2", - "resolved": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz", - "integrity": "sha1-VSmk1nZUE07cxSZmVoNbD4Ua/O4=" - }, - "micro-memoize": { - "version": "4.0.9", - "resolved": "https://registry.npmjs.org/micro-memoize/-/micro-memoize-4.0.9.tgz", - "integrity": "sha512-Z2uZi/IUMGQDCXASdujXRqrXXEwSY0XffUrAOllhqzQI3wpUyZbiZTiE2JuYC0HSG2G7DbCS5jZmsEKEGZuemg==" - }, "micromark": { "version": "2.11.4", "resolved": "https://registry.npmjs.org/micromark/-/micromark-2.11.4.tgz", "integrity": "sha512-+WoovN/ppKolQOFIAajxi7Lu9kInbPxFuTBVEavFcL8eAfVstoc5MocPmqBeAdBOJV00uaVjegzH4+MA0DN/uA==", + "dev": true, "requires": { "debug": "^4.0.0", "parse-entities": "^2.0.0" } }, - "micromark-extension-math": { - "version": "0.1.2", - "resolved": "https://registry.npmjs.org/micromark-extension-math/-/micromark-extension-math-0.1.2.tgz", - "integrity": "sha512-ZJXsT2eVPM8VTmcw0CPSDeyonOn9SziGK3Z+nkf9Vb6xMPeU+4JMEnO6vzDL10562Favw8Vste74f54rxJ/i6Q==", - "requires": { - "katex": "^0.12.0", - "micromark": "~2.11.0" - } - }, "micromatch": { "version": "4.0.4", "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.4.tgz", @@ -27918,6 +21577,8 @@ "version": "4.0.1", "resolved": "https://registry.npmjs.org/miller-rabin/-/miller-rabin-4.0.1.tgz", "integrity": "sha512-115fLhvZVqWwHPbClyntxEVfVDfl9DLLTuJvq3g2O/Oxi8AiNouAHvDSzHS0viUJc+V5vm3eq91Xwqn9dp4jRA==", + "dev": true, + "peer": true, "requires": { "bn.js": "^4.0.0", "brorand": "^1.0.1" @@ -27926,24 +21587,23 @@ "bn.js": { "version": "4.12.0", "resolved": "https://registry.npmjs.org/bn.js/-/bn.js-4.12.0.tgz", - "integrity": "sha512-c98Bf3tPniI+scsdk237ku1Dc3ujXQTSgyiPUDEOe7tRkhrqridvh8klBv0HCEso1OLOYcHuCv/cS6DNxKH+ZA==" + "integrity": "sha512-c98Bf3tPniI+scsdk237ku1Dc3ujXQTSgyiPUDEOe7tRkhrqridvh8klBv0HCEso1OLOYcHuCv/cS6DNxKH+ZA==", + "dev": true, + "peer": true } } }, - "mime": { - "version": "1.6.0", - "resolved": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz", - "integrity": "sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg==" - }, "mime-db": { "version": "1.48.0", "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.48.0.tgz", - "integrity": "sha512-FM3QwxV+TnZYQ2aRqhlKBMHxk10lTbMt3bBkMAp54ddrNeVSfcQYOOKuGuy3Ddrm38I04If834fOUSq1yzslJQ==" + "integrity": "sha512-FM3QwxV+TnZYQ2aRqhlKBMHxk10lTbMt3bBkMAp54ddrNeVSfcQYOOKuGuy3Ddrm38I04If834fOUSq1yzslJQ==", + "dev": true }, "mime-types": { "version": "2.1.31", "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.31.tgz", "integrity": "sha512-XGZnNzm3QvgKxa8dpzyhFTHmpP3l5YNusmne07VUOXxou9CqUqYa/HBy124RqtVh/O2pECas/MOcsDgpilPOPg==", + "dev": true, "requires": { "mime-db": "1.48.0" } @@ -27954,12 +21614,6 @@ "integrity": "sha512-OqbOk5oEQeAZ8WXWydlu9HJjz9WVdEIvamMCcXmuqUYjTknH/sqsWvhQ3vgwKFRR1HpjvNBKQ37nbJgYzGqGcg==", "dev": true }, - "mimic-response": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/mimic-response/-/mimic-response-1.0.1.tgz", - "integrity": "sha512-j5EctnkH7amfV/q5Hgmoal1g2QHFJRraOtmx0JpIqkxhBhI/lJSl1nMpQ45hVarwNETOoWEimndZ4QK0RHxuxQ==", - "dev": true - }, "min-indent": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/min-indent/-/min-indent-1.0.1.tgz", @@ -27969,17 +21623,22 @@ "minimalistic-assert": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/minimalistic-assert/-/minimalistic-assert-1.0.1.tgz", - "integrity": "sha512-UtJcAD4yEaGtjPezWuO9wC4nwUnVH/8/Im3yEHQP4b67cXlD/Qr9hdITCU1xDbSEXg2XKNaP8jsReV7vQd00/A==" + "integrity": "sha512-UtJcAD4yEaGtjPezWuO9wC4nwUnVH/8/Im3yEHQP4b67cXlD/Qr9hdITCU1xDbSEXg2XKNaP8jsReV7vQd00/A==", + "dev": true, + "peer": true }, "minimalistic-crypto-utils": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/minimalistic-crypto-utils/-/minimalistic-crypto-utils-1.0.1.tgz", - "integrity": "sha1-9sAMHAsIIkblxNmd+4x8CDsrWCo=" + "integrity": "sha1-9sAMHAsIIkblxNmd+4x8CDsrWCo=", + "dev": true, + "peer": true }, "minimatch": { "version": "3.0.4", "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.4.tgz", "integrity": "sha512-yJHVQEhyqPLUTgt9B83PXu6W3rx4MvvHvSUvToogpwoGDOUQ+yDrR0HRot+yOCdCO7u4hX3pWft6kWBBcqh0UA==", + "dev": true, "requires": { "brace-expansion": "^1.1.7" } @@ -27987,7 +21646,8 @@ "minimist": { "version": "1.2.5", "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.5.tgz", - "integrity": "sha512-FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw==" + "integrity": "sha512-FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw==", + "dev": true }, "minimist-options": { "version": "4.1.0", @@ -28005,6 +21665,7 @@ "resolved": "https://registry.npmjs.org/mixin-deep/-/mixin-deep-1.3.2.tgz", "integrity": "sha512-WRoDn//mXBiJ1H40rqa3vH0toePwSsGb45iInWlTySa+Uu4k3tYUSxa2v1KqAiLtvlrSzaExqS1gtk96A9zvEA==", "dev": true, + "peer": true, "requires": { "for-in": "^1.0.2", "is-extendable": "^1.0.1" @@ -28015,6 +21676,7 @@ "resolved": "https://registry.npmjs.org/is-extendable/-/is-extendable-1.0.1.tgz", "integrity": "sha512-arnXMxT1hhoKo9k1LZdmlNyJdDDfy2v0fXjFlmok4+i8ul/6WlbVge9bhM74OpNPQPMGUToDtz+KXa1PneJxOA==", "dev": true, + "peer": true, "requires": { "is-plain-object": "^2.0.4" } @@ -28027,30 +21689,11 @@ "integrity": "sha512-vVqVZQyf3WLx2Shd0qJ9xuvqgAyKPLAiqITEtqW0oIUjzo3PePDd6fW9iFz30ef7Ysp/oiWqbhszeGWW2T6Gzw==", "dev": true }, - "moize": { - "version": "6.1.0", - "resolved": "https://registry.npmjs.org/moize/-/moize-6.1.0.tgz", - "integrity": "sha512-WrMcM+C2Jy+qyOC/UMhA3BCHGowxV34dhDZnDNfxsREW/8N+33SFjmc23Q61Xv1WUthUA1vYopTitP1sZ5jkeg==", - "requires": { - "fast-equals": "^2.0.1", - "micro-memoize": "^4.0.9" - } - }, - "mozjpeg": { - "version": "7.1.0", - "resolved": "https://registry.npmjs.org/mozjpeg/-/mozjpeg-7.1.0.tgz", - "integrity": "sha512-A6nVpI33DVi04HxatRx3PZTeVAOP1AC/T/5kXEvP0U8F+J11mmFFDv46BM2j5/cEyzDDtK8ptHeBSphNMrQLqA==", - "dev": true, - "requires": { - "bin-build": "^3.0.0", - "bin-wrapper": "^4.0.0", - "logalot": "^2.1.0" - } - }, "ms": { "version": "2.1.2", "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", - "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==" + "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==", + "dev": true }, "mute-stream": { "version": "0.0.8", @@ -28061,13 +21704,16 @@ "nanoid": { "version": "3.1.23", "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.1.23.tgz", - "integrity": "sha512-FiB0kzdP0FFVGDKlRLEQ1BgDzU87dy5NnzjeW9YZNt+/c3+q82EQDUwniSAUxp/F0gFNI1ZhKU1FqYsMuqZVnw==" + "integrity": "sha512-FiB0kzdP0FFVGDKlRLEQ1BgDzU87dy5NnzjeW9YZNt+/c3+q82EQDUwniSAUxp/F0gFNI1ZhKU1FqYsMuqZVnw==", + "dev": true, + "peer": true }, "nanomatch": { "version": "1.2.13", "resolved": "https://registry.npmjs.org/nanomatch/-/nanomatch-1.2.13.tgz", "integrity": "sha512-fpoe2T0RbHwBTBUOftAfBPaDEi06ufaUai0mE6Yn1kacc3SnTErfb/h+X94VXzI64rKFHYImXSvdwGGCmwOqCA==", "dev": true, + "peer": true, "requires": { "arr-diff": "^4.0.0", "array-unique": "^0.3.2", @@ -28086,6 +21732,8 @@ "version": "0.3.4", "resolved": "https://registry.npmjs.org/native-url/-/native-url-0.3.4.tgz", "integrity": "sha512-6iM8R99ze45ivyH8vybJ7X0yekIcPf5GgLV5K0ENCbmRcaRIDoj37BC8iLEmaaBfqqb8enuZ5p0uhY+lVAbAcA==", + "dev": true, + "peer": true, "requires": { "querystring": "^0.2.0" } @@ -28096,15 +21744,12 @@ "integrity": "sha1-Sr6/7tdUHywnrPspvbvRXI1bpPc=", "dev": true }, - "negotiator": { - "version": "0.6.2", - "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.2.tgz", - "integrity": "sha512-hZXc7K2e+PgeI1eDBe/10Ard4ekbfrrqG8Ep+8Jmf4JID2bNg7NvCPOZN+kfF574pFQI7mum2AUqDidoKqcTOw==" - }, "next": { "version": "11.1.2", "resolved": "https://registry.npmjs.org/next/-/next-11.1.2.tgz", "integrity": "sha512-azEYL0L+wFjv8lstLru3bgvrzPvK0P7/bz6B/4EJ9sYkXeW8r5Bjh78D/Ol7VOg0EIPz0CXoe72hzAlSAXo9hw==", + "dev": true, + "peer": true, "requires": { "@babel/runtime": "7.15.3", "@hapi/accept": "5.0.2", @@ -28166,6 +21811,8 @@ "version": "3.2.1", "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz", "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==", + "dev": true, + "peer": true, "requires": { "color-convert": "^1.9.0" } @@ -28174,6 +21821,8 @@ "version": "5.6.0", "resolved": "https://registry.npmjs.org/buffer/-/buffer-5.6.0.tgz", "integrity": "sha512-/gDYp/UtU0eA1ys8bOs9J6a+E/KWIY+DZ+Q2WESNUA0jFRsJOc0SNUO6xJ5SGA1xueg3NL65W6s+NY5l9cunuw==", + "dev": true, + "peer": true, "requires": { "base64-js": "^1.0.2", "ieee754": "^1.1.4" @@ -28183,6 +21832,8 @@ "version": "2.4.2", "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz", "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==", + "dev": true, + "peer": true, "requires": { "ansi-styles": "^3.2.1", "escape-string-regexp": "^1.0.5", @@ -28193,6 +21844,8 @@ "version": "1.9.3", "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==", + "dev": true, + "peer": true, "requires": { "color-name": "1.1.3" } @@ -28200,107 +21853,72 @@ "color-name": { "version": "1.1.3", "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", - "integrity": "sha1-p9BVi9icQveV3UIyj3QIMcpTvCU=" + "integrity": "sha1-p9BVi9icQveV3UIyj3QIMcpTvCU=", + "dev": true, + "peer": true }, "has-flag": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", - "integrity": "sha1-tdRU3CGZriJWmfNGfloH87lVuv0=" + "integrity": "sha1-tdRU3CGZriJWmfNGfloH87lVuv0=", + "dev": true, + "peer": true }, "react-is": { "version": "17.0.2", "resolved": "https://registry.npmjs.org/react-is/-/react-is-17.0.2.tgz", - "integrity": "sha512-w2GsyukL62IJnlaff/nRegPQR94C/XXamvMWmSHRJ4y7Ts/4ocGRmTHvOs8PSE6pB3dWOrD/nueuU5sduBsQ4w==" + "integrity": "sha512-w2GsyukL62IJnlaff/nRegPQR94C/XXamvMWmSHRJ4y7Ts/4ocGRmTHvOs8PSE6pB3dWOrD/nueuU5sduBsQ4w==", + "dev": true, + "peer": true }, "supports-color": { "version": "5.5.0", "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==", + "dev": true, + "peer": true, "requires": { "has-flag": "^3.0.0" } } } }, - "next-mdx-remote": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/next-mdx-remote/-/next-mdx-remote-3.0.1.tgz", - "integrity": "sha512-sV1sM6CkdYP5aPND1+vrF3wr8TU8NJwVlcFe2rPjVHR5J/9M2bl9zlhF6AF+GOKHA7d5kUdwHoLbApEGofD8hA==", - "requires": { - "@mdx-js/mdx": "^1.6.22", - "@mdx-js/react": "^1.6.22", - "esbuild": "^0.11.12", - "pkg-dir": "^5.0.0" - } - }, - "next-remote-watch": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/next-remote-watch/-/next-remote-watch-1.0.0.tgz", - "integrity": "sha512-kV+pglCwcnKyqJIXPHUUrnZr9d3rCqCIEQWBkFYC02GDXHyKVmcFytoY6q0+wMIQqh/izIAQL1x6OKXZhksjLA==", - "requires": { - "body-parser": "^1.19.0", - "chalk": "^4.0.0", - "chokidar": "^3.4.0", - "commander": "^5.0.0", - "express": "^4.17.1" - }, - "dependencies": { - "commander": { - "version": "5.1.0", - "resolved": "https://registry.npmjs.org/commander/-/commander-5.1.0.tgz", - "integrity": "sha512-P0CysNDQ7rtVw4QIQtm+MRxV66vKFSvlsQvGYXZWR3qFU0jlMKHZZZgw8e+8DSah4UDKMqnknRDQz+xuQXQ/Zg==" - } - } - }, - "next-transpile-modules": { - "version": "8.0.0", - "resolved": "https://registry.npmjs.org/next-transpile-modules/-/next-transpile-modules-8.0.0.tgz", - "integrity": "sha512-Q2f2yB0zMJ8KJbIYAeZoIxG6cSfVk813zr6B5HzsLMBVcJ3FaF8lKr7WG66n0KlHCwjLSmf/6EkgI6QQVWHrDw==", - "dev": true, - "requires": { - "enhanced-resolve": "^5.7.0", - "escalade": "^3.1.1" - } - }, "nice-try": { "version": "1.0.5", "resolved": "https://registry.npmjs.org/nice-try/-/nice-try-1.0.5.tgz", "integrity": "sha512-1nh45deeb5olNY7eX82BkPO7SSxR5SSYJiPTrTdFUVYwAl8CKMA5N9PjTYkHiRjisVcxcQ1HXdLhx2qxxJzLNQ==", - "dev": true - }, - "no-case": { - "version": "3.0.4", - "resolved": "https://registry.npmjs.org/no-case/-/no-case-3.0.4.tgz", - "integrity": "sha512-fgAN3jGAh+RoxUGZHTSOLJIqUc2wmoBwGR4tbpNAKmmovFoWq0OdRkb0VkldReO2a2iBT/OEulG9XSUc10r3zg==", - "requires": { - "lower-case": "^2.0.2", - "tslib": "^2.0.3" - }, - "dependencies": { - "tslib": { - "version": "2.3.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.3.1.tgz", - "integrity": "sha512-77EbyPPpMz+FRFRuAFlWMtmgUWGe9UOG2Z25NqCwiIjRhOf5iKGuzSe5P2w1laq+FkRy4p+PCuVkJSGkzTEKVw==" - } - } + "dev": true, + "peer": true }, "node-fetch": { "version": "2.6.1", "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.1.tgz", - "integrity": "sha512-V4aYg89jEoVRxRb2fJdAg8FHvI7cEyYdVAh94HH0UIK8oJxUfkjlDQN9RbMx+bEjP7+ggMiFRprSti032Oipxw==" + "integrity": "sha512-V4aYg89jEoVRxRb2fJdAg8FHvI7cEyYdVAh94HH0UIK8oJxUfkjlDQN9RbMx+bEjP7+ggMiFRprSti032Oipxw==", + "dev": true }, "node-html-parser": { "version": "1.4.9", "resolved": "https://registry.npmjs.org/node-html-parser/-/node-html-parser-1.4.9.tgz", "integrity": "sha512-UVcirFD1Bn0O+TSmloHeHqZZCxHjvtIeGdVdGMhyZ8/PWlEiZaZ5iJzR189yKZr8p0FXN58BUeC7RHRkf/KYGw==", + "dev": true, + "peer": true, "requires": { "he": "1.2.0" } }, + "node-int64": { + "version": "0.4.0", + "resolved": "https://registry.npmjs.org/node-int64/-/node-int64-0.4.0.tgz", + "integrity": "sha1-h6kGXNs1XTGC2PlM4RGIuCXGijs=", + "dev": true, + "peer": true + }, "node-libs-browser": { "version": "2.2.1", "resolved": "https://registry.npmjs.org/node-libs-browser/-/node-libs-browser-2.2.1.tgz", "integrity": "sha512-h/zcD8H9kaDZ9ALUWwlBUDo6TKF8a7qBSCSEGfjTVIYeqsioSKaAX+BN7NgiMGp6iSIXZ3PxgCu8KS3b71YK5Q==", + "dev": true, + "peer": true, "requires": { "assert": "^1.1.1", "browserify-zlib": "^0.2.0", @@ -28331,6 +21949,8 @@ "version": "1.5.0", "resolved": "https://registry.npmjs.org/assert/-/assert-1.5.0.tgz", "integrity": "sha512-EDsgawzwoun2CZkCgtxJbv392v4nbk9XDD06zI+kQYoBM/3RBWLlEyJARDOmhAAosBjWACEkKL6S+lIZtcAubA==", + "dev": true, + "peer": true, "requires": { "object-assign": "^4.1.1", "util": "0.10.3" @@ -28340,6 +21960,8 @@ "version": "0.10.3", "resolved": "https://registry.npmjs.org/util/-/util-0.10.3.tgz", "integrity": "sha1-evsa/lCAUkZInj23/g7TeTNqwPk=", + "dev": true, + "peer": true, "requires": { "inherits": "2.0.1" } @@ -28350,6 +21972,8 @@ "version": "4.9.2", "resolved": "https://registry.npmjs.org/buffer/-/buffer-4.9.2.tgz", "integrity": "sha512-xq+q3SRMOxGivLhBNaUdC64hDTQwejJ+H0T/NB1XMtTVEwNTrfFF3gAxiyW0Bu/xWEGhjVKgUcMhCrUy2+uCWg==", + "dev": true, + "peer": true, "requires": { "base64-js": "^1.0.2", "ieee754": "^1.1.4", @@ -28359,27 +21983,37 @@ "domain-browser": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/domain-browser/-/domain-browser-1.2.0.tgz", - "integrity": "sha512-jnjyiM6eRyZl2H+W8Q/zLMA481hzi0eszAaBUzIVnmYVDBbnLxVNnfu1HgEBvCbL+71FrxMl3E6lpKH7Ge3OXA==" + "integrity": "sha512-jnjyiM6eRyZl2H+W8Q/zLMA481hzi0eszAaBUzIVnmYVDBbnLxVNnfu1HgEBvCbL+71FrxMl3E6lpKH7Ge3OXA==", + "dev": true, + "peer": true }, "inherits": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.1.tgz", - "integrity": "sha1-sX0I0ya0Qj5Wjv9xn5GwscvfafE=" + "integrity": "sha1-sX0I0ya0Qj5Wjv9xn5GwscvfafE=", + "dev": true, + "peer": true }, "path-browserify": { "version": "0.0.1", "resolved": "https://registry.npmjs.org/path-browserify/-/path-browserify-0.0.1.tgz", - "integrity": "sha512-BapA40NHICOS+USX9SN4tyhq+A2RrN/Ws5F0Z5aMHDp98Fl86lX8Oti8B7uN93L4Ifv4fHOEA+pQw87gmMO/lQ==" + "integrity": "sha512-BapA40NHICOS+USX9SN4tyhq+A2RrN/Ws5F0Z5aMHDp98Fl86lX8Oti8B7uN93L4Ifv4fHOEA+pQw87gmMO/lQ==", + "dev": true, + "peer": true }, "punycode": { "version": "1.4.1", "resolved": "https://registry.npmjs.org/punycode/-/punycode-1.4.1.tgz", - "integrity": "sha1-wNWmOycYgArY4esPpSachN1BhF4=" + "integrity": "sha1-wNWmOycYgArY4esPpSachN1BhF4=", + "dev": true, + "peer": true }, "readable-stream": { "version": "2.3.7", "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.7.tgz", "integrity": "sha512-Ebho8K4jIbHAxnuxi7o42OrZgF/ZTNcsZj6nRKyUmkhLFq8CHItp/fy6hQZuZmP/n3yZ9VBUbp4zz/mX8hmYPw==", + "dev": true, + "peer": true, "requires": { "core-util-is": "~1.0.0", "inherits": "~2.0.3", @@ -28393,12 +22027,16 @@ "inherits": { "version": "2.0.4", "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", - "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==" + "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==", + "dev": true, + "peer": true }, "string_decoder": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==", + "dev": true, + "peer": true, "requires": { "safe-buffer": "~5.1.0" } @@ -28409,6 +22047,8 @@ "version": "2.0.2", "resolved": "https://registry.npmjs.org/stream-browserify/-/stream-browserify-2.0.2.tgz", "integrity": "sha512-nX6hmklHs/gr2FuxYDltq8fJA1GDlxKQCz8O/IM4atRqBH8OORmBNgfvW5gG10GT/qQ9u0CzIvr2X5Pkt6ntqg==", + "dev": true, + "peer": true, "requires": { "inherits": "~2.0.1", "readable-stream": "^2.0.2" @@ -28418,6 +22058,8 @@ "version": "2.8.3", "resolved": "https://registry.npmjs.org/stream-http/-/stream-http-2.8.3.tgz", "integrity": "sha512-+TSkfINHDo4J+ZobQLWiMouQYB+UVYFttRA94FpEzzJ7ZdqcL4uUUQ7WkdkI4DSozGmgBUE/a47L+38PenXhUw==", + "dev": true, + "peer": true, "requires": { "builtin-status-codes": "^3.0.0", "inherits": "^2.0.1", @@ -28429,12 +22071,16 @@ "tty-browserify": { "version": "0.0.0", "resolved": "https://registry.npmjs.org/tty-browserify/-/tty-browserify-0.0.0.tgz", - "integrity": "sha1-oVe6QC2iTpv5V/mqadUk7tQpAaY=" + "integrity": "sha1-oVe6QC2iTpv5V/mqadUk7tQpAaY=", + "dev": true, + "peer": true }, "util": { "version": "0.11.1", "resolved": "https://registry.npmjs.org/util/-/util-0.11.1.tgz", "integrity": "sha512-HShAsny+zS2TZfaXxD9tYj4HQGlBezXZMZuM/S5PKLLoZkShZiGk9o5CzukI1LVHZvjdvZ2Sj1aW/Ndn2NB/HQ==", + "dev": true, + "peer": true, "requires": { "inherits": "2.0.3" }, @@ -28442,16 +22088,45 @@ "inherits": { "version": "2.0.3", "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.3.tgz", - "integrity": "sha1-Yzwsg+PaQqUC9SRmAiSA9CCCYd4=" + "integrity": "sha1-Yzwsg+PaQqUC9SRmAiSA9CCCYd4=", + "dev": true, + "peer": true } } } } }, + "node-notifier": { + "version": "8.0.2", + "resolved": "https://registry.npmjs.org/node-notifier/-/node-notifier-8.0.2.tgz", + "integrity": "sha512-oJP/9NAdd9+x2Q+rfphB2RJCHjod70RcRLjosiPMMu5gjIfwVnOUGq2nbTjTUbmy0DJ/tFIVT30+Qe3nzl4TJg==", + "dev": true, + "optional": true, + "peer": true, + "requires": { + "growly": "^1.3.0", + "is-wsl": "^2.2.0", + "semver": "^7.3.2", + "shellwords": "^0.1.1", + "uuid": "^8.3.0", + "which": "^2.0.2" + }, + "dependencies": { + "uuid": { + "version": "8.3.2", + "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz", + "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==", + "dev": true, + "optional": true, + "peer": true + } + } + }, "node-releases": { "version": "1.1.73", "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-1.1.73.tgz", - "integrity": "sha512-uW7fodD6pyW2FZNZnp/Z3hvWKeEW1Y8R1+1CnErE8cXFXzl5blBOoVB41CvMer6P6Q0S5FXDwcHgFd1Wj0U9zg==" + "integrity": "sha512-uW7fodD6pyW2FZNZnp/Z3hvWKeEW1Y8R1+1CnErE8cXFXzl5blBOoVB41CvMer6P6Q0S5FXDwcHgFd1Wj0U9zg==", + "dev": true }, "normalize-package-data": { "version": "3.0.2", @@ -28468,7 +22143,8 @@ "normalize-path": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz", - "integrity": "sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==" + "integrity": "sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==", + "dev": true }, "normalize-range": { "version": "0.1.2", @@ -28482,44 +22158,6 @@ "integrity": "sha1-0LFF62kRicY6eNIB3E/bEpPvDAM=", "dev": true }, - "normalize-url": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/normalize-url/-/normalize-url-2.0.1.tgz", - "integrity": "sha512-D6MUW4K/VzoJ4rJ01JFKxDrtY1v9wrgzCX5f2qj/lzH1m/lW6MhUZFKerVsnyjOhOsYzI9Kqqak+10l4LvLpMw==", - "dev": true, - "requires": { - "prepend-http": "^2.0.0", - "query-string": "^5.0.1", - "sort-keys": "^2.0.0" - }, - "dependencies": { - "prepend-http": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/prepend-http/-/prepend-http-2.0.0.tgz", - "integrity": "sha1-6SQ0v6XqjBn0HN/UAddBo8gZ2Jc=", - "dev": true - }, - "sort-keys": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/sort-keys/-/sort-keys-2.0.0.tgz", - "integrity": "sha1-ZYU1WEhh7JfXMNbPQYIuH1ZoQSg=", - "dev": true, - "requires": { - "is-plain-obj": "^1.0.0" - } - } - } - }, - "npm-conf": { - "version": "1.1.3", - "resolved": "https://registry.npmjs.org/npm-conf/-/npm-conf-1.1.3.tgz", - "integrity": "sha512-Yic4bZHJOt9RCFbRP3GgpqhScOY4HH3V2P8yBj6CeYq118Qr+BLXqT2JvpJ00mryLESpgOxf5XlFv4ZjXxLScw==", - "dev": true, - "requires": { - "config-chain": "^1.1.11", - "pify": "^3.0.0" - } - }, "npm-run-path": { "version": "4.0.1", "resolved": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-4.0.1.tgz", @@ -28529,56 +22167,31 @@ "path-key": "^3.0.0" } }, - "nprogress": { - "version": "0.2.0", - "resolved": "https://registry.npmjs.org/nprogress/-/nprogress-0.2.0.tgz", - "integrity": "sha1-y480xTIT2JVyP8urkH6UIq28r7E=" - }, - "nth-check": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/nth-check/-/nth-check-1.0.2.tgz", - "integrity": "sha512-WeBOdju8SnzPN5vTUJYxYUxLeXpCaVP5i5e0LF8fg7WORF2Wd7wFX/pk0tYZk7s8T+J7VLy0Da6J1+wCT0AtHg==", - "dev": true, - "requires": { - "boolbase": "~1.0.0" - } - }, - "nuka-carousel": { - "version": "4.7.7", - "resolved": "https://registry.npmjs.org/nuka-carousel/-/nuka-carousel-4.7.7.tgz", - "integrity": "sha512-v0qvvtJdnr6ZhaT529Y/RcdxBdVo6Eab3Xfqt9UfMyXMYIYtEmyTXOW1MRLKagF4woWDhjyG3ju8XX7u+QE10g==", - "requires": { - "csstype": "^2.6.6", - "d3-ease": "^1.0.3", - "exenv": "^1.2.0", - "prop-types": "^15.6.0", - "react-move": "^6.1.0", - "wicg-inert": "^3.1.0" - }, - "dependencies": { - "csstype": { - "version": "2.6.17", - "resolved": "https://registry.npmjs.org/csstype/-/csstype-2.6.17.tgz", - "integrity": "sha512-u1wmTI1jJGzCJzWndZo8mk4wnPTZd1eOIYTYvuEyOQGfmDl3TrabCCfKnOC86FZwW/9djqTl933UF/cS425i9A==" - } - } - }, "num2fraction": { "version": "1.2.2", "resolved": "https://registry.npmjs.org/num2fraction/-/num2fraction-1.2.2.tgz", "integrity": "sha1-b2gragJ6Tp3fpFZM0lidHU5mnt4=", "dev": true }, + "nwsapi": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/nwsapi/-/nwsapi-2.2.0.tgz", + "integrity": "sha512-h2AatdwYH+JHiZpv7pt/gSX1XoRGb7L/qSIeuqA6GwYoF9w1vP1cw42TO0aI2pNyshRK5893hNSl+1//vHK7hQ==", + "dev": true, + "peer": true + }, "object-assign": { "version": "4.1.1", "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz", - "integrity": "sha1-IQmtx5ZYh8/AXLvUQsrIv7s2CGM=" + "integrity": "sha1-IQmtx5ZYh8/AXLvUQsrIv7s2CGM=", + "dev": true }, "object-copy": { "version": "0.1.0", "resolved": "https://registry.npmjs.org/object-copy/-/object-copy-0.1.0.tgz", "integrity": "sha1-fn2Fi3gb18mRpBupde04EnVOmYw=", "dev": true, + "peer": true, "requires": { "copy-descriptor": "^0.1.0", "define-property": "^0.2.5", @@ -28590,6 +22203,7 @@ "resolved": "https://registry.npmjs.org/define-property/-/define-property-0.2.5.tgz", "integrity": "sha1-w1se+RjsPJkPmlvFe+BKrOxcgRY=", "dev": true, + "peer": true, "requires": { "is-descriptor": "^0.1.0" } @@ -28599,6 +22213,7 @@ "resolved": "https://registry.npmjs.org/is-accessor-descriptor/-/is-accessor-descriptor-0.1.6.tgz", "integrity": "sha1-qeEss66Nh2cn7u84Q/igiXtcmNY=", "dev": true, + "peer": true, "requires": { "kind-of": "^3.0.2" } @@ -28607,13 +22222,15 @@ "version": "1.1.6", "resolved": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.6.tgz", "integrity": "sha512-NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w==", - "dev": true + "dev": true, + "peer": true }, "is-data-descriptor": { "version": "0.1.4", "resolved": "https://registry.npmjs.org/is-data-descriptor/-/is-data-descriptor-0.1.4.tgz", "integrity": "sha1-C17mSDiOLIYCgueT8YVv7D8wG1Y=", "dev": true, + "peer": true, "requires": { "kind-of": "^3.0.2" } @@ -28623,6 +22240,7 @@ "resolved": "https://registry.npmjs.org/is-descriptor/-/is-descriptor-0.1.6.tgz", "integrity": "sha512-avDYr0SB3DwO9zsMov0gKCESFYqCnE4hq/4z3TdUlukEy5t9C0YRq7HLrsN52NAcqXKaepeCD0n+B0arnVG3Hg==", "dev": true, + "peer": true, "requires": { "is-accessor-descriptor": "^0.1.6", "is-data-descriptor": "^0.1.4", @@ -28633,7 +22251,8 @@ "version": "5.1.0", "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-5.1.0.tgz", "integrity": "sha512-NGEErnH6F2vUuXDh+OlbcKW7/wOcfdRHaZ7VWtqCztfHri/++YKmP51OdWeGPuqCOba6kk2OTe5d02VmTB80Pw==", - "dev": true + "dev": true, + "peer": true } } }, @@ -28642,6 +22261,7 @@ "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", "integrity": "sha1-MeohpzS6ubuw8yRm2JOupR5KPGQ=", "dev": true, + "peer": true, "requires": { "is-buffer": "^1.1.5" } @@ -28651,12 +22271,15 @@ "object-inspect": { "version": "1.11.0", "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.11.0.tgz", - "integrity": "sha512-jp7ikS6Sd3GxQfZJPyH3cjcbJF6GZPClgdV+EFygjFLQ5FmW/dRUnTd9PQ9k0JhoNDabWFbpF1yCdSWCC6gexg==" + "integrity": "sha512-jp7ikS6Sd3GxQfZJPyH3cjcbJF6GZPClgdV+EFygjFLQ5FmW/dRUnTd9PQ9k0JhoNDabWFbpF1yCdSWCC6gexg==", + "dev": true }, "object-is": { "version": "1.1.5", "resolved": "https://registry.npmjs.org/object-is/-/object-is-1.1.5.tgz", "integrity": "sha512-3cyDsyHgtmi7I7DfSSI2LDp6SK2lwvtbg0p0R1e0RvTqF5ceGx+K2dfSjm1bKDMVCFEDAQvy+o8c6a7VujOddw==", + "dev": true, + "peer": true, "requires": { "call-bind": "^1.0.2", "define-properties": "^1.1.3" @@ -28665,13 +22288,15 @@ "object-keys": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/object-keys/-/object-keys-1.1.1.tgz", - "integrity": "sha512-NuAESUOUMrlIXOfHKzD6bpPu3tYt3xvjNdRIQ+FeT0lNb4K8WR70CaDxhuNguS2XG+GjkyMwOzsN5ZktImfhLA==" + "integrity": "sha512-NuAESUOUMrlIXOfHKzD6bpPu3tYt3xvjNdRIQ+FeT0lNb4K8WR70CaDxhuNguS2XG+GjkyMwOzsN5ZktImfhLA==", + "dev": true }, "object-visit": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/object-visit/-/object-visit-1.0.1.tgz", "integrity": "sha1-95xEk68MU3e1n+OdOV5BBC3QRbs=", "dev": true, + "peer": true, "requires": { "isobject": "^3.0.0" } @@ -28680,6 +22305,7 @@ "version": "4.1.2", "resolved": "https://registry.npmjs.org/object.assign/-/object.assign-4.1.2.tgz", "integrity": "sha512-ixT2L5THXsApyiUPYKmW+2EHpXXe5Ii3M+f4e+aJFAHao5amFRW6J0OO6c/LU8Be47utCx2GL89hxGB6XSmKuQ==", + "dev": true, "requires": { "call-bind": "^1.0.0", "define-properties": "^1.1.3", @@ -28710,17 +22336,6 @@ "has": "^1.0.3" } }, - "object.getownpropertydescriptors": { - "version": "2.1.2", - "resolved": "https://registry.npmjs.org/object.getownpropertydescriptors/-/object.getownpropertydescriptors-2.1.2.tgz", - "integrity": "sha512-WtxeKSzfBjlzL+F9b7M7hewDzMwy+C8NRssHd1YrNlzHzIDrXcXiNOMrezdAEM4UXixgV+vvnyBeN7Rygl2ttQ==", - "dev": true, - "requires": { - "call-bind": "^1.0.2", - "define-properties": "^1.1.3", - "es-abstract": "^1.18.0-next.2" - } - }, "object.hasown": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/object.hasown/-/object.hasown-1.0.0.tgz", @@ -28736,6 +22351,7 @@ "resolved": "https://registry.npmjs.org/object.pick/-/object.pick-1.3.0.tgz", "integrity": "sha1-h6EKxMFpS9Lhy/U1kaZhQftd10c=", "dev": true, + "peer": true, "requires": { "isobject": "^3.0.1" } @@ -28751,18 +22367,11 @@ "es-abstract": "^1.18.2" } }, - "on-finished": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.3.0.tgz", - "integrity": "sha1-IPEzZIGwg811M3mSoWlxqi2QaUc=", - "requires": { - "ee-first": "1.1.1" - } - }, "once": { "version": "1.4.0", "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", "integrity": "sha1-WDsap3WWHUsROsF9nFC6753Xa9E=", + "dev": true, "requires": { "wrappy": "1" } @@ -28792,12 +22401,6 @@ "integrity": "sha512-8AV/sCtuzUeTo8gQK5qDZzARrulB3egtLzFgteqB2tcT4Mw7B8Kt7JcDHmltjz6FOAHsvTevk70gZEbhM4ZS9Q==", "dev": true }, - "opener": { - "version": "1.5.2", - "resolved": "https://registry.npmjs.org/opener/-/opener-1.5.2.tgz", - "integrity": "sha512-ur5UIdyw5Y7yEj9wLzhqXiy6GZ3Mwx0yGI+5sMn2r0N0v3cKJvUmFH5yPP+WXh9e0xfyzyJX95D8l088DNFj7A==", - "dev": true - }, "optionator": { "version": "0.9.1", "resolved": "https://registry.npmjs.org/optionator/-/optionator-0.9.1.tgz", @@ -28812,30 +22415,12 @@ "word-wrap": "^1.2.3" } }, - "optipng-bin": { - "version": "7.0.0", - "resolved": "https://registry.npmjs.org/optipng-bin/-/optipng-bin-7.0.0.tgz", - "integrity": "sha512-mesUAwfedu5p9gRQwlYgD6Svw5IH3VUIWDJj/9cNpP3yFNbbEVqkTMWYhrIEn/cxmbGA3LpZrdoV2Yl8OfmnIA==", - "dev": true, - "requires": { - "bin-build": "^3.0.0", - "bin-wrapper": "^4.0.0", - "logalot": "^2.0.0" - } - }, "os-browserify": { "version": "0.3.0", "resolved": "https://registry.npmjs.org/os-browserify/-/os-browserify-0.3.0.tgz", - "integrity": "sha1-hUNzx/XCMVkU/Jv8a9gjj92h7Cc=" - }, - "os-filter-obj": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/os-filter-obj/-/os-filter-obj-2.0.0.tgz", - "integrity": "sha512-uksVLsqG3pVdzzPvmAHpBK0wKxYItuzZr7SziusRPoz67tGV8rL1szZ6IdeUrbqLjGDwApBtN29eEE3IqGHOjg==", + "integrity": "sha1-hUNzx/XCMVkU/Jv8a9gjj92h7Cc=", "dev": true, - "requires": { - "arch": "^2.1.0" - } + "peer": true }, "os-tmpdir": { "version": "1.0.2", @@ -28843,37 +22428,25 @@ "integrity": "sha1-u+Z0BseaqFxc/sdm/lc0VV36EnQ=", "dev": true }, - "p-cancelable": { - "version": "0.3.0", - "resolved": "https://registry.npmjs.org/p-cancelable/-/p-cancelable-0.3.0.tgz", - "integrity": "sha512-RVbZPLso8+jFeq1MfNvgXtCRED2raz/dKpacfTNxsx6pLEpEomM7gah6VeHSYV3+vo0OAi4MkArtQcWWXuQoyw==", - "dev": true - }, - "p-event": { - "version": "1.3.0", - "resolved": "https://registry.npmjs.org/p-event/-/p-event-1.3.0.tgz", - "integrity": "sha1-jmtPT2XHK8W2/ii3XtqHT5akoIU=", + "p-each-series": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/p-each-series/-/p-each-series-2.2.0.tgz", + "integrity": "sha512-ycIL2+1V32th+8scbpTvyHNaHe02z0sjgh91XXjAk+ZeXoPN4Z46DVUnzdso0aX4KckKw0FNNFHdjZ2UsZvxiA==", "dev": true, - "requires": { - "p-timeout": "^1.1.1" - } + "peer": true }, "p-finally": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/p-finally/-/p-finally-1.0.0.tgz", "integrity": "sha1-P7z7FbiZpEEjs0ttzBi3JDNqLK4=", - "dev": true - }, - "p-is-promise": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/p-is-promise/-/p-is-promise-1.1.0.tgz", - "integrity": "sha1-nJRWmJ6fZYgBewQ01WCXZ1w9oF4=", - "dev": true + "dev": true, + "peer": true }, "p-limit": { "version": "3.1.0", "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz", "integrity": "sha512-TYOanM3wGwNGsZN2cVTYPArw454xnXj5qmWF1bEoAc4+cU/ol7GVh7odevjp1FNHduHc3KZMcFduxU5Xc6uJRQ==", + "dev": true, "requires": { "yocto-queue": "^0.1.0" } @@ -28882,6 +22455,7 @@ "version": "5.0.0", "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-5.0.0.tgz", "integrity": "sha512-LaNjtRWUBY++zB5nE/NwcaoMylSPk+S+ZHNB1TzdbMJMny6dynpAGt7X/tl/QYq3TIeE6nxHppbo2LGymrG5Pw==", + "dev": true, "requires": { "p-limit": "^3.0.2" } @@ -28895,36 +22469,6 @@ "aggregate-error": "^3.0.0" } }, - "p-map-series": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/p-map-series/-/p-map-series-1.0.0.tgz", - "integrity": "sha1-v5j+V1cFZYqeE1G++4WuTB8Hvco=", - "dev": true, - "requires": { - "p-reduce": "^1.0.0" - } - }, - "p-pipe": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/p-pipe/-/p-pipe-1.2.0.tgz", - "integrity": "sha1-SxoROZoRUgpneQ7loMHViB1r7+k=", - "dev": true - }, - "p-reduce": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/p-reduce/-/p-reduce-1.0.0.tgz", - "integrity": "sha1-GMKw3ZNqRpClKfgjH1ig/bakffo=", - "dev": true - }, - "p-timeout": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/p-timeout/-/p-timeout-1.2.1.tgz", - "integrity": "sha1-XrOzU7f86Z8QGhA4iAuwVOu+o4Y=", - "dev": true, - "requires": { - "p-finally": "^1.0.0" - } - }, "p-try": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/p-try/-/p-try-1.0.0.tgz", @@ -28934,7 +22478,9 @@ "pako": { "version": "1.0.11", "resolved": "https://registry.npmjs.org/pako/-/pako-1.0.11.tgz", - "integrity": "sha512-4hLB8Py4zZce5s4yd9XzopqwVv/yGNhV1Bl8NTmCq1763HeK2+EwVTv+leGeL13Dnh2wfbqowVPXCIO0z4taYw==" + "integrity": "sha512-4hLB8Py4zZce5s4yd9XzopqwVv/yGNhV1Bl8NTmCq1763HeK2+EwVTv+leGeL13Dnh2wfbqowVPXCIO0z4taYw==", + "dev": true, + "peer": true }, "parent-module": { "version": "1.0.1", @@ -28949,6 +22495,8 @@ "version": "5.1.6", "resolved": "https://registry.npmjs.org/parse-asn1/-/parse-asn1-5.1.6.tgz", "integrity": "sha512-RnZRo1EPU6JBnra2vGHj0yhp6ebyjBZpmUCLHWiFhxlzvBCCpAuZ7elsBp1PVAbQN0/04VD/19rfzlBSwLstMw==", + "dev": true, + "peer": true, "requires": { "asn1.js": "^5.2.0", "browserify-aes": "^1.0.0", @@ -28961,6 +22509,7 @@ "version": "2.0.0", "resolved": "https://registry.npmjs.org/parse-entities/-/parse-entities-2.0.0.tgz", "integrity": "sha512-kkywGpCcRYhqQIchaWqZ875wzpS/bMKhz5HnN3p7wveJTkTtyAB/AlnS0f8DFSqYW1T82t6yEAkEcB+A1I3MbQ==", + "dev": true, "requires": { "character-entities": "^1.0.0", "character-entities-legacy": "^1.0.0", @@ -28985,55 +22534,35 @@ "parse5": { "version": "6.0.1", "resolved": "https://registry.npmjs.org/parse5/-/parse5-6.0.1.tgz", - "integrity": "sha512-Ofn/CTFzRGTTxwpNEs9PP93gXShHcTq255nzRYSKe8AkVpZY7e1fpmTfOyoIvjP5HG7Z2ZM7VS9PPhQGW2pOpw==" - }, - "parseurl": { - "version": "1.3.3", - "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz", - "integrity": "sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ==" - }, - "pascal-case": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/pascal-case/-/pascal-case-3.1.2.tgz", - "integrity": "sha512-uWlGT3YSnK9x3BQJaOdcZwrnV6hPpd8jFH1/ucpiLRPh/2zCVJKS19E4GvYHvaCcACn3foXZ0cLB9Wrx1KGe5g==", - "requires": { - "no-case": "^3.0.4", - "tslib": "^2.0.3" - }, - "dependencies": { - "tslib": { - "version": "2.3.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.3.1.tgz", - "integrity": "sha512-77EbyPPpMz+FRFRuAFlWMtmgUWGe9UOG2Z25NqCwiIjRhOf5iKGuzSe5P2w1laq+FkRy4p+PCuVkJSGkzTEKVw==" - } - } + "integrity": "sha512-Ofn/CTFzRGTTxwpNEs9PP93gXShHcTq255nzRYSKe8AkVpZY7e1fpmTfOyoIvjP5HG7Z2ZM7VS9PPhQGW2pOpw==", + "dev": true, + "peer": true }, "pascalcase": { "version": "0.1.1", "resolved": "https://registry.npmjs.org/pascalcase/-/pascalcase-0.1.1.tgz", "integrity": "sha1-s2PlXoAGym/iF4TS2yK9FdeRfxQ=", - "dev": true + "dev": true, + "peer": true }, "path-browserify": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/path-browserify/-/path-browserify-1.0.1.tgz", - "integrity": "sha512-b7uo2UCUOYZcnF/3ID0lulOJi/bafxa1xPe7ZPsammBSpjSWQkjNxlt635YGS2MiR9GjvuXCtz2emr3jbsz98g==" - }, - "path-dirname": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/path-dirname/-/path-dirname-1.0.2.tgz", - "integrity": "sha1-zDPSTVJeCZpTiMAzbG4yuRYGCeA=", - "dev": true + "integrity": "sha512-b7uo2UCUOYZcnF/3ID0lulOJi/bafxa1xPe7ZPsammBSpjSWQkjNxlt635YGS2MiR9GjvuXCtz2emr3jbsz98g==", + "dev": true, + "peer": true }, "path-exists": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz", - "integrity": "sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==" + "integrity": "sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==", + "dev": true }, "path-is-absolute": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz", - "integrity": "sha1-F0uSaHNVNP+8es5r9TpanhtcX18=" + "integrity": "sha1-F0uSaHNVNP+8es5r9TpanhtcX18=", + "dev": true }, "path-key": { "version": "3.1.1", @@ -29044,7 +22573,8 @@ "path-parse": { "version": "1.0.7", "resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz", - "integrity": "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==" + "integrity": "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==", + "dev": true }, "path-type": { "version": "4.0.0", @@ -29056,6 +22586,8 @@ "version": "3.1.2", "resolved": "https://registry.npmjs.org/pbkdf2/-/pbkdf2-3.1.2.tgz", "integrity": "sha512-iuh7L6jA7JEGu2WxDwtQP1ddOpaJNC4KlDEFfdQajSGgGPNi4OyDc2R7QnbY2bR9QjBVGwgvTdNJZoE7RaxUMA==", + "dev": true, + "peer": true, "requires": { "create-hash": "^1.1.2", "create-hmac": "^1.1.4", @@ -29064,16 +22596,11 @@ "sha.js": "^2.4.8" } }, - "pend": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/pend/-/pend-1.2.0.tgz", - "integrity": "sha1-elfrVQpng/kRUzH89GY9XI4AelA=", - "dev": true - }, "picomatch": { "version": "2.3.0", "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.0.tgz", - "integrity": "sha512-lY1Q/PiJGC2zOv/z391WOTD+Z02bCgsFfvxoXXf6h7kv9o+WmsmzYqrAwY63sNgOxE4xEdq0WyUnXfKeBrSvYw==" + "integrity": "sha512-lY1Q/PiJGC2zOv/z391WOTD+Z02bCgsFfvxoXXf6h7kv9o+WmsmzYqrAwY63sNgOxE4xEdq0WyUnXfKeBrSvYw==", + "dev": true }, "pify": { "version": "3.0.0", @@ -29081,20 +22608,12 @@ "integrity": "sha1-5aSs0sEB/fPZpNB/DbxNtJ3SgXY=", "dev": true }, - "pinkie": { - "version": "2.0.4", - "resolved": "https://registry.npmjs.org/pinkie/-/pinkie-2.0.4.tgz", - "integrity": "sha1-clVrgM+g1IqXToDnckjoDtT3+HA=", - "dev": true - }, - "pinkie-promise": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/pinkie-promise/-/pinkie-promise-2.0.1.tgz", - "integrity": "sha1-ITXW36ejWMBprJsXh3YogihFD/o=", + "pirates": { + "version": "4.0.5", + "resolved": "https://registry.npmjs.org/pirates/-/pirates-4.0.5.tgz", + "integrity": "sha512-8V9+HQPupnaXMA23c5hvl69zXvTwTzyAYasnkb0Tts4XvO4CliqONMOnvlq26rkhLC3nWDFBJf73LU1e1VZLaQ==", "dev": true, - "requires": { - "pinkie": "^2.0.0" - } + "peer": true }, "pkg-conf": { "version": "2.1.0", @@ -29155,6 +22674,7 @@ "version": "5.0.0", "resolved": "https://registry.npmjs.org/pkg-dir/-/pkg-dir-5.0.0.tgz", "integrity": "sha512-NPE8TDbzl/3YQYY7CSS228s3g2ollTFnc+Qi3tqmqJp9Vg2ovUpixcJEo2HJScN2Ez+kEaal6y70c0ehqJBJeA==", + "dev": true, "requires": { "find-up": "^5.0.0" } @@ -29216,7 +22736,9 @@ "platform": { "version": "1.3.6", "resolved": "https://registry.npmjs.org/platform/-/platform-1.3.6.tgz", - "integrity": "sha512-fnWVljUchTro6RiCFvCXBbNhJc2NijN7oIQxbwsyL0buWJPG85v81ehlHI9fXrJsMNgTofEoWIQeClKpgxFLrg==" + "integrity": "sha512-fnWVljUchTro6RiCFvCXBbNhJc2NijN7oIQxbwsyL0buWJPG85v81ehlHI9fXrJsMNgTofEoWIQeClKpgxFLrg==", + "dev": true, + "peer": true }, "please-upgrade-node": { "version": "3.2.0", @@ -29231,38 +22753,25 @@ "version": "1.6.4", "resolved": "https://registry.npmjs.org/pnp-webpack-plugin/-/pnp-webpack-plugin-1.6.4.tgz", "integrity": "sha512-7Wjy+9E3WwLOEL30D+m8TSTF7qJJUJLONBnwQp0518siuMxUQUbgZwssaFX+QKlZkjHZcw/IpZCt/H0srrntSg==", + "dev": true, + "peer": true, "requires": { "ts-pnp": "^1.1.6" } }, - "popmotion": { - "version": "11.0.0", - "resolved": "https://registry.npmjs.org/popmotion/-/popmotion-11.0.0.tgz", - "integrity": "sha512-kJDyaG00TtcANP5JZ51od+DCqopxBm2a/Txh3Usu23L9qntjY5wumvcVf578N8qXEHR1a+jx9XCv8zOntdYalQ==", - "requires": { - "framesync": "^6.0.1", - "hey-listen": "^1.0.8", - "style-value-types": "5.0.0", - "tslib": "^2.1.0" - }, - "dependencies": { - "tslib": { - "version": "2.3.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.3.1.tgz", - "integrity": "sha512-77EbyPPpMz+FRFRuAFlWMtmgUWGe9UOG2Z25NqCwiIjRhOf5iKGuzSe5P2w1laq+FkRy4p+PCuVkJSGkzTEKVw==" - } - } - }, "posix-character-classes": { "version": "0.1.1", "resolved": "https://registry.npmjs.org/posix-character-classes/-/posix-character-classes-0.1.1.tgz", "integrity": "sha1-AerA/jta9xoqbAL+q7jB/vfgDqs=", - "dev": true + "dev": true, + "peer": true }, "postcss": { "version": "8.2.15", "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.2.15.tgz", "integrity": "sha512-2zO3b26eJD/8rb106Qu2o7Qgg52ND5HPjcyQiK2B98O388h43A448LCslC0dI2P97wCAQRJsFvwTRcXxTKds+Q==", + "dev": true, + "peer": true, "requires": { "colorette": "^1.2.2", "nanoid": "^3.1.23", @@ -29272,17 +22781,12 @@ "source-map": { "version": "0.6.1", "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", - "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==" + "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==", + "dev": true, + "peer": true } } }, - "postcss-browser-comments": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/postcss-browser-comments/-/postcss-browser-comments-4.0.0.tgz", - "integrity": "sha512-X9X9/WN3KIvY9+hNERUqX9gncsgBA25XaeR+jshHz2j8+sYyHktHw1JdKuMjeLpGktXidqDhA7b/qm1mrBDmgg==", - "dev": true, - "requires": {} - }, "postcss-html": { "version": "0.36.0", "resolved": "https://registry.npmjs.org/postcss-html/-/postcss-html-0.36.0.tgz", @@ -29387,17 +22891,6 @@ "integrity": "sha1-J7Ocb02U+Bsac7j3Y1HGCeXO8kQ=", "dev": true }, - "postcss-normalize": { - "version": "10.0.1", - "resolved": "https://registry.npmjs.org/postcss-normalize/-/postcss-normalize-10.0.1.tgz", - "integrity": "sha512-+5w18/rDev5mqERcG3W5GZNMJa1eoYYNGo8gB7tEwaos0ajk3ZXAI4mHGcNT47NE+ZnZD1pEpUOFLvltIwmeJA==", - "dev": true, - "requires": { - "@csstools/normalize.css": "*", - "postcss-browser-comments": "^4", - "sanitize.css": "*" - } - }, "postcss-resolve-nested-selector": { "version": "0.1.1", "resolved": "https://registry.npmjs.org/postcss-resolve-nested-selector/-/postcss-resolve-nested-selector-0.1.1.tgz", @@ -29885,12 +23378,6 @@ "integrity": "sha512-vkcDPrRZo1QZLbn5RLGPpg/WmIQ65qoWWhcGKf/b5eplkkarX0m9z8ppCat4mlOqUsWpyNuYgO3VRyrYHSzX5g==", "dev": true }, - "prepend-http": { - "version": "1.0.4", - "resolved": "https://registry.npmjs.org/prepend-http/-/prepend-http-1.0.4.tgz", - "integrity": "sha1-1PRWKwzjaW5BrFLQ4ALlemNdxtw=", - "dev": true - }, "prettier": { "version": "2.2.1", "resolved": "https://registry.npmjs.org/prettier/-/prettier-2.2.1.tgz", @@ -29906,20 +23393,41 @@ "fast-diff": "^1.1.2" } }, - "prismjs": { - "version": "1.24.1", - "resolved": "https://registry.npmjs.org/prismjs/-/prismjs-1.24.1.tgz", - "integrity": "sha512-mNPsedLuk90RVJioIky8ANZEwYm5w9LcvCXrxHlwf4fNVSn8jEipMybMkWUyyF0JhnC+C4VcOVSBuHRKs1L5Ow==" + "pretty-format": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/pretty-format/-/pretty-format-26.6.2.tgz", + "integrity": "sha512-7AeGuCYNGmycyQbCqd/3PWH4eOoX/OiCa0uphp57NVTeAGdJGaAliecxwBDHYQCIvrW7aDBZCYeNTP/WX69mkg==", + "dev": true, + "peer": true, + "requires": { + "@jest/types": "^26.6.2", + "ansi-regex": "^5.0.0", + "ansi-styles": "^4.0.0", + "react-is": "^17.0.1" + }, + "dependencies": { + "react-is": { + "version": "17.0.2", + "resolved": "https://registry.npmjs.org/react-is/-/react-is-17.0.2.tgz", + "integrity": "sha512-w2GsyukL62IJnlaff/nRegPQR94C/XXamvMWmSHRJ4y7Ts/4ocGRmTHvOs8PSE6pB3dWOrD/nueuU5sduBsQ4w==", + "dev": true, + "peer": true + } + } }, "process": { "version": "0.11.10", "resolved": "https://registry.npmjs.org/process/-/process-0.11.10.tgz", - "integrity": "sha1-czIwDoQBYb2j5podHZGn1LwW8YI=" + "integrity": "sha1-czIwDoQBYb2j5podHZGn1LwW8YI=", + "dev": true, + "peer": true }, "process-nextick-args": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.1.tgz", - "integrity": "sha512-3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag==" + "integrity": "sha512-3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag==", + "dev": true, + "peer": true }, "progress": { "version": "2.0.3", @@ -29927,54 +23435,41 @@ "integrity": "sha512-7PiHtLll5LdnKIMw100I+8xJXR5gW2QwWYkT6iJva0bXitZKa/XMrSbdmg3r2Xnaidz9Qumd0VPaMrZlF9V9sA==", "dev": true }, - "promise-polyfill": { - "version": "8.2.0", - "resolved": "https://registry.npmjs.org/promise-polyfill/-/promise-polyfill-8.2.0.tgz", - "integrity": "sha512-k/TC0mIcPVF6yHhUvwAp7cvL6I2fFV7TzF1DuGPI8mBh4QQazf36xCKEHKTZKRysEoTQoQdKyP25J8MPJp7j5g==" + "prompts": { + "version": "2.4.2", + "resolved": "https://registry.npmjs.org/prompts/-/prompts-2.4.2.tgz", + "integrity": "sha512-NxNv/kLguCA7p3jE8oL2aEBsrJWgAakBpgmgK6lpPWV+WuOmY6r2/zbAVnP+T8bQlA0nzHXSJSJW0Hq7ylaD2Q==", + "dev": true, + "peer": true, + "requires": { + "kleur": "^3.0.3", + "sisteransi": "^1.0.5" + } }, "prop-types": { "version": "15.7.2", "resolved": "https://registry.npmjs.org/prop-types/-/prop-types-15.7.2.tgz", "integrity": "sha512-8QQikdH7//R2vurIJSutZ1smHYTcLpRWEOlHnzcWHmBYrOGUysKwSsrC89BCiFj3CbrfJ/nXFdJepOVrY1GCHQ==", + "dev": true, "requires": { "loose-envify": "^1.4.0", "object-assign": "^4.1.1", "react-is": "^16.8.1" } }, - "property-information": { - "version": "5.6.0", - "resolved": "https://registry.npmjs.org/property-information/-/property-information-5.6.0.tgz", - "integrity": "sha512-YUHSPk+A30YPv+0Qf8i9Mbfe/C0hdPXk1s1jPVToV8pk8BQtpw10ct89Eo7OWkutrwqvT0eicAxlOg3dOAu8JA==", - "requires": { - "xtend": "^4.0.0" - } - }, - "proto-list": { - "version": "1.2.4", - "resolved": "https://registry.npmjs.org/proto-list/-/proto-list-1.2.4.tgz", - "integrity": "sha1-IS1b/hMYMGpCD2QCuOJv85ZHqEk=", - "dev": true - }, - "proxy-addr": { - "version": "2.0.7", - "resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz", - "integrity": "sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==", - "requires": { - "forwarded": "0.2.0", - "ipaddr.js": "1.9.1" - } - }, - "pseudomap": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/pseudomap/-/pseudomap-1.0.2.tgz", - "integrity": "sha1-8FKijacOYYkX7wqKw0wa5aaChrM=", - "dev": true + "psl": { + "version": "1.8.0", + "resolved": "https://registry.npmjs.org/psl/-/psl-1.8.0.tgz", + "integrity": "sha512-RIdOzyoavK+hA18OGGWDqUTsCLhtA7IcZ/6NCs4fFJaHBDab+pDDmDIByWFRQJq2Cd7r1OoQxBGKOaztq+hjIQ==", + "dev": true, + "peer": true }, "public-encrypt": { "version": "4.0.3", "resolved": "https://registry.npmjs.org/public-encrypt/-/public-encrypt-4.0.3.tgz", "integrity": "sha512-zVpa8oKZSz5bTMTFClc1fQOnyyEzpl5ozpi1B5YcvBrdohMjH2rfsBtyXcuNuwjsDIXmBYlF2N5FlJYhR29t8Q==", + "dev": true, + "peer": true, "requires": { "bn.js": "^4.1.0", "browserify-rsa": "^4.0.0", @@ -29987,7 +23482,9 @@ "bn.js": { "version": "4.12.0", "resolved": "https://registry.npmjs.org/bn.js/-/bn.js-4.12.0.tgz", - "integrity": "sha512-c98Bf3tPniI+scsdk237ku1Dc3ujXQTSgyiPUDEOe7tRkhrqridvh8klBv0HCEso1OLOYcHuCv/cS6DNxKH+ZA==" + "integrity": "sha512-c98Bf3tPniI+scsdk237ku1Dc3ujXQTSgyiPUDEOe7tRkhrqridvh8klBv0HCEso1OLOYcHuCv/cS6DNxKH+ZA==", + "dev": true, + "peer": true } } }, @@ -29995,6 +23492,8 @@ "version": "3.0.0", "resolved": "https://registry.npmjs.org/pump/-/pump-3.0.0.tgz", "integrity": "sha512-LwZy+p3SFs1Pytd/jYct4wpv49HiYCqd9Rlc5ZVdk0V+8Yzv6jR5Blk3TRmPL1ft69TxP0IMZGJ+WPFU2BFhww==", + "dev": true, + "peer": true, "requires": { "end-of-stream": "^1.1.0", "once": "^1.3.1" @@ -30003,43 +23502,29 @@ "punycode": { "version": "2.1.1", "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.1.1.tgz", - "integrity": "sha512-XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A==" - }, - "q": { - "version": "1.5.1", - "resolved": "https://registry.npmjs.org/q/-/q-1.5.1.tgz", - "integrity": "sha1-fjL3W0E4EpHQRhHxvxQQmsAGUdc=", + "integrity": "sha512-XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A==", "dev": true }, - "qs": { - "version": "6.7.0", - "resolved": "https://registry.npmjs.org/qs/-/qs-6.7.0.tgz", - "integrity": "sha512-VCdBRNFTX1fyE7Nb6FYoURo/SPe62QCaAyzJvUjwRaIsc+NePBEniHlvxFmmX56+HZphIGtV0XeCirBtpDrTyQ==" - }, - "query-string": { - "version": "5.1.1", - "resolved": "https://registry.npmjs.org/query-string/-/query-string-5.1.1.tgz", - "integrity": "sha512-gjWOsm2SoGlgLEdAGt7a6slVOk9mGiXmPFMqrEhLQ68rhQuBnpfs3+EmlvqKyxnCo9/PPlF+9MtY02S1aFg+Jw==", - "requires": { - "decode-uri-component": "^0.2.0", - "object-assign": "^4.1.0", - "strict-uri-encode": "^1.0.0" - } - }, "querystring": { "version": "0.2.1", "resolved": "https://registry.npmjs.org/querystring/-/querystring-0.2.1.tgz", - "integrity": "sha512-wkvS7mL/JMugcup3/rMitHmd9ecIGd2lhFhK9N3UUQ450h66d1r3Y9nvXzQAW1Lq+wyx61k/1pfKS5KuKiyEbg==" + "integrity": "sha512-wkvS7mL/JMugcup3/rMitHmd9ecIGd2lhFhK9N3UUQ450h66d1r3Y9nvXzQAW1Lq+wyx61k/1pfKS5KuKiyEbg==", + "dev": true, + "peer": true }, "querystring-es3": { "version": "0.2.1", "resolved": "https://registry.npmjs.org/querystring-es3/-/querystring-es3-0.2.1.tgz", - "integrity": "sha1-nsYfeQSYdXB9aUFFlv2Qek1xHnM=" + "integrity": "sha1-nsYfeQSYdXB9aUFFlv2Qek1xHnM=", + "dev": true, + "peer": true }, "queue": { "version": "6.0.2", "resolved": "https://registry.npmjs.org/queue/-/queue-6.0.2.tgz", "integrity": "sha512-iHZWu+q3IdFZFX36ro/lKBkSvfkztY5Y7HMiPlOUjhupPcG2JMfst2KKEpu5XndviX/3UhFbRngUPNKtgvtZiA==", + "dev": true, + "peer": true, "requires": { "inherits": "~2.0.3" } @@ -30060,6 +23545,8 @@ "version": "2.1.0", "resolved": "https://registry.npmjs.org/randombytes/-/randombytes-2.1.0.tgz", "integrity": "sha512-vYl3iOX+4CKUWuxGi9Ukhie6fsqXqS9FE2Zaic4tNFD2N2QQaXOMFbuKK4QmDHC0JO6B1Zp41J0LpT0oR68amQ==", + "dev": true, + "peer": true, "requires": { "safe-buffer": "^5.1.0" } @@ -30068,20 +23555,19 @@ "version": "1.0.4", "resolved": "https://registry.npmjs.org/randomfill/-/randomfill-1.0.4.tgz", "integrity": "sha512-87lcbR8+MhcWcUiQ+9e+Rwx8MyR2P7qnt15ynUlbm3TU/fjbgz4GsvfSUDTemtCCtVCqb4ZcEFlyPNTh9bBTLw==", + "dev": true, + "peer": true, "requires": { "randombytes": "^2.0.5", "safe-buffer": "^5.1.0" } }, - "range-parser": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz", - "integrity": "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==" - }, "raw-body": { "version": "2.4.1", "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.4.1.tgz", "integrity": "sha512-9WmIKF6mkvA0SLmA2Knm9+qj89e+j1zqgyn8aXGd7+nAduPoqgI9lO57SAZNn/Byzo5P7JhXTyg9PzaJbH73bA==", + "dev": true, + "peer": true, "requires": { "bytes": "3.1.0", "http-errors": "1.7.3", @@ -30093,6 +23579,8 @@ "version": "1.7.3", "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-1.7.3.tgz", "integrity": "sha512-ZTTX0MWrsQ2ZAhA1cejAwDLycFsd7I7nVtnkT3Ol0aqodaKW+0CTZDQ1uBv5whptCnc8e8HeRRJxRs0kmm/Qfw==", + "dev": true, + "peer": true, "requires": { "depd": "~1.1.2", "inherits": "2.0.4", @@ -30103,200 +23591,41 @@ } } }, - "raw-loader": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/raw-loader/-/raw-loader-2.0.0.tgz", - "integrity": "sha512-kZnO5MoIyrojfrPWqrhFNLZemIAX8edMOCp++yC5RKxzFB3m92DqKNhKlU6+FvpOhWtvyh3jOaD7J6/9tpdIKg==", - "dev": true, - "requires": { - "loader-utils": "^1.1.0", - "schema-utils": "^1.0.0" - } - }, "react": { "version": "17.0.2", "resolved": "https://registry.npmjs.org/react/-/react-17.0.2.tgz", "integrity": "sha512-gnhPt75i/dq/z3/6q/0asP78D0u592D5L1pd7M8P+dck6Fu/jJeL6iVVK23fptSUZj8Vjf++7wXA8UNclGQcbA==", + "dev": true, + "peer": true, "requires": { "loose-envify": "^1.1.0", "object-assign": "^4.1.1" } }, - "react-clientside-effect": { - "version": "1.2.5", - "resolved": "https://registry.npmjs.org/react-clientside-effect/-/react-clientside-effect-1.2.5.tgz", - "integrity": "sha512-2bL8qFW1TGBHozGGbVeyvnggRpMjibeZM2536AKNENLECutp2yfs44IL8Hmpn8qjFQ2K7A9PnYf3vc7aQq/cPA==", - "requires": { - "@babel/runtime": "^7.12.13" - } - }, - "react-datocms": { - "version": "1.6.6", - "resolved": "https://registry.npmjs.org/react-datocms/-/react-datocms-1.6.6.tgz", - "integrity": "sha512-7k8HziRVkTLGz5MM+MmdO815rSEUJb1xPv0dNRJoCJBh+UDkB3hRBCwDZgVPJMK5AH9DSshcu6bN1gAhLpHRtw==", - "requires": { - "datocms-listen": "^0.1.6", - "datocms-structured-text-generic-html-renderer": "^1.1.0", - "datocms-structured-text-utils": "^1.1.0", - "intersection-observer": "^0.12.0", - "react-intersection-observer": "^8.31.1", - "use-deep-compare-effect": "^1.6.1" - } - }, - "react-device-detect": { - "version": "1.17.0", - "resolved": "https://registry.npmjs.org/react-device-detect/-/react-device-detect-1.17.0.tgz", - "integrity": "sha512-bBblIStwpHmoS281JFIVqeimcN3LhpoP5YKDWzxQdBIUP8S2xPvHDgizLDhUq2ScguLfVPmwfF5y268EEQR60w==", - "requires": { - "ua-parser-js": "^0.7.24" - } - }, "react-dom": { "version": "17.0.2", "resolved": "https://registry.npmjs.org/react-dom/-/react-dom-17.0.2.tgz", "integrity": "sha512-s4h96KtLDUQlsENhMn1ar8t2bEa+q/YAtj8pPPdIjPDGBDIVNsrD9aXNWqspUe6AzKCIG0C1HZZLqLV7qpOBGA==", + "dev": true, + "peer": true, "requires": { "loose-envify": "^1.1.0", "object-assign": "^4.1.1", "scheduler": "^0.20.2" } }, - "react-fast-compare": { - "version": "2.0.4", - "resolved": "https://registry.npmjs.org/react-fast-compare/-/react-fast-compare-2.0.4.tgz", - "integrity": "sha512-suNP+J1VU1MWFKcyt7RtjiSWUjvidmQSlqu+eHslq+342xCbGTYmC0mEhPCOHxlW0CywylOC1u2DFAT+bv4dBw==" - }, - "react-focus-lock": { - "version": "2.6.0", - "resolved": "https://registry.npmjs.org/react-focus-lock/-/react-focus-lock-2.6.0.tgz", - "integrity": "sha512-2yB5KWyaefbvFDgqvsg/KpIjbqVlhIY2c/dyDcokDLhB3Ib7I4bjsrta5OkI5euUoIu5xBTyBwIQZPykUJAr1g==", - "requires": { - "@babel/runtime": "^7.0.0", - "focus-lock": "^0.9.2", - "prop-types": "^15.6.2", - "react-clientside-effect": "^1.2.5", - "use-callback-ref": "^1.2.5", - "use-sidecar": "^1.0.5" - } - }, - "react-instantsearch-core": { - "version": "6.12.1", - "resolved": "https://registry.npmjs.org/react-instantsearch-core/-/react-instantsearch-core-6.12.1.tgz", - "integrity": "sha512-X4OqakDI3DOcFiS1S46z+cciKEQcKBmH8HGQLztzW14hoHRqFfZzuqWydlSxfJZN5WksMMm78EmL2jvoqIHd/A==", - "requires": { - "@babel/runtime": "^7.1.2", - "algoliasearch-helper": "^3.5.3", - "prop-types": "^15.6.2", - "react-fast-compare": "^3.0.0" - }, - "dependencies": { - "react-fast-compare": { - "version": "3.2.0", - "resolved": "https://registry.npmjs.org/react-fast-compare/-/react-fast-compare-3.2.0.tgz", - "integrity": "sha512-rtGImPZ0YyLrscKI9xTpV8psd6I8VAtjKCzQDlzyDvqJA8XOW78TXYQwNRNd8g8JZnDu8q9Fu/1v4HPAVwVdHA==" - } - } - }, - "react-instantsearch-dom": { - "version": "6.12.1", - "resolved": "https://registry.npmjs.org/react-instantsearch-dom/-/react-instantsearch-dom-6.12.1.tgz", - "integrity": "sha512-KXk2UDmJ3OP9B57owPC0+7fdcVtmYAA6/UWimR9CXhvFGCMi11xlR/wscYMYxdPuxs9IkmnnLDIJSjSGADYnow==", - "requires": { - "@babel/runtime": "^7.1.2", - "algoliasearch-helper": "^3.5.3", - "classnames": "^2.2.5", - "prop-types": "^15.6.2", - "react-fast-compare": "^3.0.0", - "react-instantsearch-core": "^6.12.1" - }, - "dependencies": { - "react-fast-compare": { - "version": "3.2.0", - "resolved": "https://registry.npmjs.org/react-fast-compare/-/react-fast-compare-3.2.0.tgz", - "integrity": "sha512-rtGImPZ0YyLrscKI9xTpV8psd6I8VAtjKCzQDlzyDvqJA8XOW78TXYQwNRNd8g8JZnDu8q9Fu/1v4HPAVwVdHA==" - } - } - }, - "react-intersection-observer": { - "version": "8.32.5", - "resolved": "https://registry.npmjs.org/react-intersection-observer/-/react-intersection-observer-8.32.5.tgz", - "integrity": "sha512-4xKdUWRNdPueXXxTyMOV41w6qIa4tsV7BbWOW+IYsvGPP7wxOj9V6o3cKywie+/VDr5Qs7pCzi5Wom78dUxj1w==", - "requires": {} - }, "react-is": { "version": "16.13.1", "resolved": "https://registry.npmjs.org/react-is/-/react-is-16.13.1.tgz", - "integrity": "sha512-24e6ynE2H+OKt4kqsOvNd8kBpV65zoxbA4BVsEOB3ARVWQki/DHzaUoC5KuON/BiccDaCCTZBuOcfZs70kR8bQ==" - }, - "react-move": { - "version": "6.4.0", - "resolved": "https://registry.npmjs.org/react-move/-/react-move-6.4.0.tgz", - "integrity": "sha512-TNyDQESDZ0xsejnxFTQ9CKarJQN6NbgpImrvIEzOVe7+jt8y7uTjJwWxqFTfmvwskIs+RmUbCWdN7PAbGyhrdA==", - "requires": { - "@babel/runtime": "^7.10.3", - "kapellmeister": "^3.0.1", - "prop-types": "^15.7.2" - } - }, - "react-player": { - "version": "2.9.0", - "resolved": "https://registry.npmjs.org/react-player/-/react-player-2.9.0.tgz", - "integrity": "sha512-jNUkTfMmUhwPPAktAdIqiBcVUKsFKrVGH6Ocutj6535CNfM91yrvWxHg6fvIX8Y/fjYUPoejddwh7qboNV9vGA==", - "requires": { - "deepmerge": "^4.0.0", - "load-script": "^1.0.0", - "memoize-one": "^5.1.1", - "prop-types": "^15.7.2", - "react-fast-compare": "^3.0.1" - }, - "dependencies": { - "deepmerge": { - "version": "4.2.2", - "resolved": "https://registry.npmjs.org/deepmerge/-/deepmerge-4.2.2.tgz", - "integrity": "sha512-FJ3UgI4gIl+PHZm53knsuSFpE+nESMr7M4v9QcgB7S63Kj/6WqMiFQJpBBYz1Pt+66bZpP3Q7Lye0Oo9MPKEdg==" - }, - "react-fast-compare": { - "version": "3.2.0", - "resolved": "https://registry.npmjs.org/react-fast-compare/-/react-fast-compare-3.2.0.tgz", - "integrity": "sha512-rtGImPZ0YyLrscKI9xTpV8psd6I8VAtjKCzQDlzyDvqJA8XOW78TXYQwNRNd8g8JZnDu8q9Fu/1v4HPAVwVdHA==" - } - } + "integrity": "sha512-24e6ynE2H+OKt4kqsOvNd8kBpV65zoxbA4BVsEOB3ARVWQki/DHzaUoC5KuON/BiccDaCCTZBuOcfZs70kR8bQ==", + "dev": true }, "react-refresh": { "version": "0.8.3", "resolved": "https://registry.npmjs.org/react-refresh/-/react-refresh-0.8.3.tgz", - "integrity": "sha512-X8jZHc7nCMjaCqoU+V2I0cOhNW+QMBwSUkeXnTi8IPe6zaRWfn60ZzvFDZqWPfmSJfjub7dDW1SP0jaHWLu/hg==" - }, - "react-remove-scroll": { - "version": "2.4.3", - "resolved": "https://registry.npmjs.org/react-remove-scroll/-/react-remove-scroll-2.4.3.tgz", - "integrity": "sha512-lGWYXfV6jykJwbFpsuPdexKKzp96f3RbvGapDSIdcyGvHb7/eqyn46C7/6h+rUzYar1j5mdU+XECITHXCKBk9Q==", - "requires": { - "react-remove-scroll-bar": "^2.1.0", - "react-style-singleton": "^2.1.0", - "tslib": "^1.0.0", - "use-callback-ref": "^1.2.3", - "use-sidecar": "^1.0.1" - } - }, - "react-remove-scroll-bar": { - "version": "2.2.0", - "resolved": "https://registry.npmjs.org/react-remove-scroll-bar/-/react-remove-scroll-bar-2.2.0.tgz", - "integrity": "sha512-UU9ZBP1wdMR8qoUs7owiVcpaPwsQxUDC2lypP6mmixaGlARZa7ZIBx1jcuObLdhMOvCsnZcvetOho0wzPa9PYg==", - "requires": { - "react-style-singleton": "^2.1.0", - "tslib": "^1.0.0" - } - }, - "react-style-singleton": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/react-style-singleton/-/react-style-singleton-2.1.1.tgz", - "integrity": "sha512-jNRp07Jza6CBqdRKNgGhT3u9umWvils1xsuMOjZlghBDH2MU0PL2WZor4PGYjXpnRCa9DQSlHMs/xnABWOwYbA==", - "requires": { - "get-nonce": "^1.0.0", - "invariant": "^2.2.4", - "tslib": "^1.0.0" - } + "integrity": "sha512-X8jZHc7nCMjaCqoU+V2I0cOhNW+QMBwSUkeXnTi8IPe6zaRWfn60ZzvFDZqWPfmSJfjub7dDW1SP0jaHWLu/hg==", + "dev": true, + "peer": true }, "read-pkg": { "version": "5.2.0", @@ -30402,6 +23731,7 @@ "version": "3.6.0", "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.0.tgz", "integrity": "sha512-BViHy7LKeTz4oNnkcLJ+lVSL6vpiFeX6/d3oSH8zCW7UxP2onchk+vTGB143xuFjHS3deTgkKoXXymXqymiIdA==", + "dev": true, "requires": { "inherits": "^2.0.3", "string_decoder": "^1.1.1", @@ -30412,6 +23742,7 @@ "version": "3.5.0", "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-3.5.0.tgz", "integrity": "sha512-cMhu7c/8rdhkHXWsY+osBhfSy0JikwpHK/5+imo+LpeasTF8ouErHrlYkwT0++njiyuDvc7OFY5T3ukvZ8qmFQ==", + "dev": true, "requires": { "picomatch": "^2.2.1" } @@ -30426,26 +23757,18 @@ "strip-indent": "^3.0.0" } }, - "refractor": { - "version": "3.4.0", - "resolved": "https://registry.npmjs.org/refractor/-/refractor-3.4.0.tgz", - "integrity": "sha512-dBeD02lC5eytm9Gld2Mx0cMcnR+zhSnsTfPpWqFaMgUMJfC9A6bcN3Br/NaXrnBJcuxnLFR90k1jrkaSyV8umg==", - "requires": { - "hastscript": "^6.0.0", - "parse-entities": "^2.0.0", - "prismjs": "~1.24.0" - } - }, "regenerator-runtime": { "version": "0.13.7", "resolved": "https://registry.npmjs.org/regenerator-runtime/-/regenerator-runtime-0.13.7.tgz", - "integrity": "sha512-a54FxoJDIr27pgf7IgeQGxmqUNYrcV338lf/6gH456HZ/PhX+5BcwHXG9ajESmwe6WRO0tAzRUrRmNONWgkrew==" + "integrity": "sha512-a54FxoJDIr27pgf7IgeQGxmqUNYrcV338lf/6gH456HZ/PhX+5BcwHXG9ajESmwe6WRO0tAzRUrRmNONWgkrew==", + "dev": true }, "regex-not": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/regex-not/-/regex-not-1.0.2.tgz", "integrity": "sha512-J6SDjUgDxQj5NusnOtdFxDwN/+HWykR8GELwctJ7mdqhcyy1xEc4SRFHUXvxTp661YaVKAjfRLZ9cCqS6tn32A==", "dev": true, + "peer": true, "requires": { "extend-shallow": "^3.0.2", "safe-regex": "^1.1.0" @@ -30467,157 +23790,104 @@ "integrity": "sha512-pq2bWo9mVD43nbts2wGv17XLiNLya+GklZ8kaDLV2Z08gDCsGpnKn9BFMepvWuHCbyVvY7J5o5+BVvoQbmlJLg==", "dev": true }, - "rehype-parse": { - "version": "7.0.1", - "resolved": "https://registry.npmjs.org/rehype-parse/-/rehype-parse-7.0.1.tgz", - "integrity": "sha512-fOiR9a9xH+Le19i4fGzIEowAbwG7idy2Jzs4mOrFWBSJ0sNUgy0ev871dwWnbOo371SjgjG4pwzrbgSVrKxecw==", - "requires": { - "hast-util-from-parse5": "^6.0.0", - "parse5": "^6.0.0" - } - }, - "rehype-stringify": { - "version": "8.0.0", - "resolved": "https://registry.npmjs.org/rehype-stringify/-/rehype-stringify-8.0.0.tgz", - "integrity": "sha512-VkIs18G0pj2xklyllrPSvdShAV36Ff3yE5PUO9u36f6+2qJFnn22Z5gKwBOwgXviux4UC7K+/j13AnZfPICi/g==", - "requires": { - "hast-util-to-html": "^7.1.1" - } - }, "remark": { "version": "13.0.0", "resolved": "https://registry.npmjs.org/remark/-/remark-13.0.0.tgz", "integrity": "sha512-HDz1+IKGtOyWN+QgBiAT0kn+2s6ovOxHyPAFGKVE81VSzJ+mq7RwHFledEvB5F1p4iJvOah/LOKdFuzvRnNLCA==", + "dev": true, "requires": { "remark-parse": "^9.0.0", "remark-stringify": "^9.0.0", "unified": "^9.1.0" } }, - "remark-footnotes": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/remark-footnotes/-/remark-footnotes-2.0.0.tgz", - "integrity": "sha512-3Clt8ZMH75Ayjp9q4CorNeyjwIxHFcTkaektplKGl2A1jNGEUey8cKL0ZC5vJwfcD5GFGsNLImLG/NGzWIzoMQ==" - }, - "remark-math": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/remark-math/-/remark-math-4.0.0.tgz", - "integrity": "sha512-lH7SoQenXtQrvL0bm+mjZbvOk//YWNuyR+MxV18Qyv8rgFmMEGNuB0TSCQDkoDaiJ40FCnG8lxErc/zhcedYbw==", - "requires": { - "mdast-util-math": "^0.1.0", - "micromark-extension-math": "^0.1.0" - } - }, - "remark-mdx": { - "version": "1.6.22", - "resolved": "https://registry.npmjs.org/remark-mdx/-/remark-mdx-1.6.22.tgz", - "integrity": "sha512-phMHBJgeV76uyFkH4rvzCftLfKCr2RZuF+/gmVcaKrpsihyzmhXjA0BEMDaPTXG5y8qZOKPVo83NAOX01LPnOQ==", - "requires": { - "@babel/core": "7.12.9", - "@babel/helper-plugin-utils": "7.10.4", - "@babel/plugin-proposal-object-rest-spread": "7.12.1", - "@babel/plugin-syntax-jsx": "7.12.1", - "@mdx-js/util": "1.6.22", - "is-alphabetical": "1.0.4", - "remark-parse": "8.0.3", - "unified": "9.2.0" - }, - "dependencies": { - "@babel/helper-plugin-utils": { - "version": "7.10.4", - "resolved": "https://registry.npmjs.org/@babel/helper-plugin-utils/-/helper-plugin-utils-7.10.4.tgz", - "integrity": "sha512-O4KCvQA6lLiMU9l2eawBPMf1xPP8xPfB3iEQw150hOVTqj/rfXz0ThTb4HEzqQfs2Bmo5Ay8BzxfzVtBrr9dVg==" - }, - "remark-parse": { - "version": "8.0.3", - "resolved": "https://registry.npmjs.org/remark-parse/-/remark-parse-8.0.3.tgz", - "integrity": "sha512-E1K9+QLGgggHxCQtLt++uXltxEprmWzNfg+MxpfHsZlrddKzZ/hZyWHDbK3/Ap8HJQqYJRXP+jHczdL6q6i85Q==", - "requires": { - "ccount": "^1.0.0", - "collapse-white-space": "^1.0.2", - "is-alphabetical": "^1.0.0", - "is-decimal": "^1.0.0", - "is-whitespace-character": "^1.0.0", - "is-word-character": "^1.0.0", - "markdown-escapes": "^1.0.0", - "parse-entities": "^2.0.0", - "repeat-string": "^1.5.4", - "state-toggle": "^1.0.0", - "trim": "0.0.1", - "trim-trailing-lines": "^1.0.0", - "unherit": "^1.0.4", - "unist-util-remove-position": "^2.0.0", - "vfile-location": "^3.0.0", - "xtend": "^4.0.1" - } - } - } - }, "remark-parse": { "version": "9.0.0", "resolved": "https://registry.npmjs.org/remark-parse/-/remark-parse-9.0.0.tgz", "integrity": "sha512-geKatMwSzEXKHuzBNU1z676sGcDcFoChMK38TgdHJNAYfFtsfHDQG7MoJAjs6sgYMqyLduCYWDIWZIxiPeafEw==", + "dev": true, "requires": { "mdast-util-from-markdown": "^0.8.0" } }, - "remark-squeeze-paragraphs": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/remark-squeeze-paragraphs/-/remark-squeeze-paragraphs-4.0.0.tgz", - "integrity": "sha512-8qRqmL9F4nuLPIgl92XUuxI3pFxize+F1H0e/W3llTk0UsjJaj01+RrirkMw7P21RKe4X6goQhYRSvNWX+70Rw==", - "requires": { - "mdast-squeeze-paragraphs": "^4.0.0" - } - }, "remark-stringify": { "version": "9.0.1", "resolved": "https://registry.npmjs.org/remark-stringify/-/remark-stringify-9.0.1.tgz", "integrity": "sha512-mWmNg3ZtESvZS8fv5PTvaPckdL4iNlCHTt8/e/8oN08nArHRHjNZMKzA/YW3+p7/lYqIw4nx1XsjCBo/AxNChg==", + "dev": true, "requires": { "mdast-util-to-markdown": "^0.6.0" } }, + "remove-trailing-separator": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/remove-trailing-separator/-/remove-trailing-separator-1.1.0.tgz", + "integrity": "sha1-wkvOKig62tW8P1jg1IJJuSN52O8=", + "dev": true, + "peer": true + }, "repeat-element": { "version": "1.1.4", "resolved": "https://registry.npmjs.org/repeat-element/-/repeat-element-1.1.4.tgz", "integrity": "sha512-LFiNfRcSu7KK3evMyYOuCzv3L10TW7yC1G2/+StMjK8Y6Vqd2MG7r/Qjw4ghtuCOjFvlnms/iMmLqpvW/ES/WQ==", - "dev": true + "dev": true, + "peer": true }, "repeat-string": { "version": "1.6.1", "resolved": "https://registry.npmjs.org/repeat-string/-/repeat-string-1.6.1.tgz", - "integrity": "sha1-jcrkcOHIirwtYA//Sndihtp15jc=" - }, - "repeating": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/repeating/-/repeating-2.0.1.tgz", - "integrity": "sha1-UhTFOpJtNVJwdSf7q0FdvAjQbdo=", - "dev": true, - "requires": { - "is-finite": "^1.0.0" - } - }, - "replace-ext": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/replace-ext/-/replace-ext-1.0.1.tgz", - "integrity": "sha512-yD5BHCe7quCgBph4rMQ+0KkIRKwWCrHDOX1p1Gp6HwjPM5kVoCdKGNhN7ydqqsX6lJEnQDKZ/tFMiEdQ1dvPEw==", + "integrity": "sha1-jcrkcOHIirwtYA//Sndihtp15jc=", "dev": true }, + "require-directory": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz", + "integrity": "sha1-jGStX9MNqxyXbiNE/+f3kqam30I=", + "dev": true, + "peer": true + }, "require-from-string": { "version": "2.0.2", "resolved": "https://registry.npmjs.org/require-from-string/-/require-from-string-2.0.2.tgz", "integrity": "sha512-Xf0nWe6RseziFMu+Ap9biiUbmplq6S9/p+7w7YXP/JBHhrUDDUhwa+vANyubuqfZWTveU//DYVGsDG7RKL/vEw==", "dev": true }, + "require-main-filename": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/require-main-filename/-/require-main-filename-2.0.0.tgz", + "integrity": "sha512-NKN5kMDylKuldxYLSUfrbo5Tuzh4hd+2E8NPPX02mZtn1VuREQToYe/ZdlJy+J3uCpfaiGF05e7B8W0iXbQHmg==", + "dev": true, + "peer": true + }, "resolve": { "version": "1.20.0", "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.20.0.tgz", "integrity": "sha512-wENBPt4ySzg4ybFQW2TT1zMQucPK95HSh/nq2CFTZVOGut2+pQvSsgtda4d26YrYcr067wjbmzOG8byDPBX63A==", + "dev": true, "requires": { "is-core-module": "^2.2.0", "path-parse": "^1.0.6" } }, + "resolve-cwd": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/resolve-cwd/-/resolve-cwd-3.0.0.tgz", + "integrity": "sha512-OrZaX2Mb+rJCpH/6CpSqt9xFVpN++x01XnN2ie9g6P5/3xelLAkXWVADpdz1IHD/KFfEXyE6V0U01OQ3UO2rEg==", + "dev": true, + "peer": true, + "requires": { + "resolve-from": "^5.0.0" + }, + "dependencies": { + "resolve-from": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-5.0.0.tgz", + "integrity": "sha512-qYg9KP24dD5qka9J47d0aVky0N+b4fTU89LN9iDnjB5waksiC49rvMB0PrUJQGoTmH50XPiqOvAjDfaijGxYZw==", + "dev": true, + "peer": true + } + } + }, "resolve-from": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-4.0.0.tgz", @@ -30628,16 +23898,8 @@ "version": "0.2.1", "resolved": "https://registry.npmjs.org/resolve-url/-/resolve-url-0.2.1.tgz", "integrity": "sha1-LGN/53yJOv0qZj/iGqkIAGjiBSo=", - "dev": true - }, - "responselike": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/responselike/-/responselike-1.0.2.tgz", - "integrity": "sha1-kYcg7ztjHFZCvgaPFa3lpG9Loec=", "dev": true, - "requires": { - "lowercase-keys": "^1.0.0" - } + "peer": true }, "restore-cursor": { "version": "3.1.0", @@ -30653,7 +23915,8 @@ "version": "0.1.15", "resolved": "https://registry.npmjs.org/ret/-/ret-0.1.15.tgz", "integrity": "sha512-TTlYpa+OL+vMMNG24xSlQGEJ3B/RzEfUlLct7b5G/ytav+wPrplCpVMFuwzXbkecJrb6IYo1iFb0S9v37754mg==", - "dev": true + "dev": true, + "peer": true }, "reusify": { "version": "1.0.4", @@ -30674,6 +23937,8 @@ "version": "2.0.2", "resolved": "https://registry.npmjs.org/ripemd160/-/ripemd160-2.0.2.tgz", "integrity": "sha512-ii4iagi25WusVoiC4B4lq7pbXfAp3D9v5CwfkY33vffw2+pkDjY1D8GaN7spsxvCSx8dkPqOZCEZyfxcmJG2IA==", + "dev": true, + "peer": true, "requires": { "hash-base": "^3.0.0", "inherits": "^2.0.1" @@ -30683,11 +23948,19 @@ "version": "0.3.1", "resolved": "https://registry.npmjs.org/rivet-graphql/-/rivet-graphql-0.3.1.tgz", "integrity": "sha512-HEov02XhZ6H1jOME+mO8CZwliu/UtgZSHixYUwvQ7HSx3gk8EOVaQY5c3zscOYjZECvP8cR4+1Ob3KHWJRWEMw==", + "dev": true, "requires": { "graphql": "^15.3.0", "graphql-request": "^3.0.0" } }, + "rsvp": { + "version": "4.8.5", + "resolved": "https://registry.npmjs.org/rsvp/-/rsvp-4.8.5.tgz", + "integrity": "sha512-nfMOlASu9OnRJo1mbEk2cz0D56a1MBNrJ7orjRZQG10XDyuvwksKbuXNp6qa+kbn839HwjwhBzhFmdsaEAfauA==", + "dev": true, + "peer": true + }, "run-async": { "version": "2.4.1", "resolved": "https://registry.npmjs.org/run-async/-/run-async-2.4.1.tgz", @@ -30715,13 +23988,15 @@ "safe-buffer": { "version": "5.1.2", "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz", - "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==" + "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==", + "dev": true }, "safe-regex": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/safe-regex/-/safe-regex-1.1.0.tgz", "integrity": "sha1-QKNmnzsHfR6UPURinhV91IAjvy4=", "dev": true, + "peer": true, "requires": { "ret": "~0.1.10" } @@ -30729,85 +24004,292 @@ "safer-buffer": { "version": "2.1.2", "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz", - "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==" - }, - "sanitize.css": { - "version": "13.0.0", - "resolved": "https://registry.npmjs.org/sanitize.css/-/sanitize.css-13.0.0.tgz", - "integrity": "sha512-ZRwKbh/eQ6w9vmTjkuG0Ioi3HBwPFce0O+v//ve+aOq1oeCy7jMV2qzzAlpsNuqpqCBjjriM1lbtZbF/Q8jVyA==", + "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==", "dev": true }, - "sax": { - "version": "1.2.4", - "resolved": "https://registry.npmjs.org/sax/-/sax-1.2.4.tgz", - "integrity": "sha512-NqVDv9TpANUjFm0N8uM5GxL36UgKi9/atZw+x7YFnQ8ckwFGKrl4xX4yWtrey3UJm5nP1kUbnYgLopqWNSRhWw==", - "dev": true + "sane": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/sane/-/sane-4.1.0.tgz", + "integrity": "sha512-hhbzAgTIX8O7SHfp2c8/kREfEn4qO/9q8C9beyY6+tvZ87EpoZ3i1RIEvp27YBswnNbY9mWd6paKVmKbAgLfZA==", + "dev": true, + "peer": true, + "requires": { + "@cnakazawa/watch": "^1.0.3", + "anymatch": "^2.0.0", + "capture-exit": "^2.0.0", + "exec-sh": "^0.3.2", + "execa": "^1.0.0", + "fb-watchman": "^2.0.0", + "micromatch": "^3.1.4", + "minimist": "^1.1.1", + "walker": "~1.0.5" + }, + "dependencies": { + "anymatch": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/anymatch/-/anymatch-2.0.0.tgz", + "integrity": "sha512-5teOsQWABXHHBFP9y3skS5P3d/WfWXpv3FUpy+LorMrNYaT9pI4oLMQX7jzQ2KklNpGpWHzdCXTDT2Y3XGlZBw==", + "dev": true, + "peer": true, + "requires": { + "micromatch": "^3.1.4", + "normalize-path": "^2.1.1" + } + }, + "braces": { + "version": "2.3.2", + "resolved": "https://registry.npmjs.org/braces/-/braces-2.3.2.tgz", + "integrity": "sha512-aNdbnj9P8PjdXU4ybaWLK2IF3jc/EoDYbC7AazW6to3TRsfXxscC9UXOB5iDiEQrkyIbWp2SLQda4+QAa7nc3w==", + "dev": true, + "peer": true, + "requires": { + "arr-flatten": "^1.1.0", + "array-unique": "^0.3.2", + "extend-shallow": "^2.0.1", + "fill-range": "^4.0.0", + "isobject": "^3.0.1", + "repeat-element": "^1.1.2", + "snapdragon": "^0.8.1", + "snapdragon-node": "^2.0.1", + "split-string": "^3.0.2", + "to-regex": "^3.0.1" + }, + "dependencies": { + "extend-shallow": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz", + "integrity": "sha1-Ua99YUrZqfYQ6huvu5idaxxWiQ8=", + "dev": true, + "peer": true, + "requires": { + "is-extendable": "^0.1.0" + } + } + } + }, + "cross-spawn": { + "version": "6.0.5", + "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-6.0.5.tgz", + "integrity": "sha512-eTVLrBSt7fjbDygz805pMnstIs2VTBNkRm0qxZd+M7A5XDdxVRWO5MxGBXZhjY4cqLYLdtrGqRf8mBPmzwSpWQ==", + "dev": true, + "peer": true, + "requires": { + "nice-try": "^1.0.4", + "path-key": "^2.0.1", + "semver": "^5.5.0", + "shebang-command": "^1.2.0", + "which": "^1.2.9" + } + }, + "execa": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/execa/-/execa-1.0.0.tgz", + "integrity": "sha512-adbxcyWV46qiHyvSp50TKt05tB4tK3HcmF7/nxfAdhnox83seTDbwnaqKO4sXRy7roHAIFqJP/Rw/AuEbX61LA==", + "dev": true, + "peer": true, + "requires": { + "cross-spawn": "^6.0.0", + "get-stream": "^4.0.0", + "is-stream": "^1.1.0", + "npm-run-path": "^2.0.0", + "p-finally": "^1.0.0", + "signal-exit": "^3.0.0", + "strip-eof": "^1.0.0" + } + }, + "fill-range": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-4.0.0.tgz", + "integrity": "sha1-1USBHUKPmOsGpj3EAtJAPDKMOPc=", + "dev": true, + "peer": true, + "requires": { + "extend-shallow": "^2.0.1", + "is-number": "^3.0.0", + "repeat-string": "^1.6.1", + "to-regex-range": "^2.1.0" + }, + "dependencies": { + "extend-shallow": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz", + "integrity": "sha1-Ua99YUrZqfYQ6huvu5idaxxWiQ8=", + "dev": true, + "peer": true, + "requires": { + "is-extendable": "^0.1.0" + } + } + } + }, + "get-stream": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-4.1.0.tgz", + "integrity": "sha512-GMat4EJ5161kIy2HevLlr4luNjBgvmj413KaQA7jt4V8B4RDsfpHk7WQ9GVqfYyyx8OS/L66Kox+rJRNklLK7w==", + "dev": true, + "peer": true, + "requires": { + "pump": "^3.0.0" + } + }, + "is-buffer": { + "version": "1.1.6", + "resolved": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.6.tgz", + "integrity": "sha512-NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w==", + "dev": true, + "peer": true + }, + "is-number": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/is-number/-/is-number-3.0.0.tgz", + "integrity": "sha1-JP1iAaR4LPUFYcgQJ2r8fRLXEZU=", + "dev": true, + "peer": true, + "requires": { + "kind-of": "^3.0.2" + }, + "dependencies": { + "kind-of": { + "version": "3.2.2", + "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", + "integrity": "sha1-MeohpzS6ubuw8yRm2JOupR5KPGQ=", + "dev": true, + "peer": true, + "requires": { + "is-buffer": "^1.1.5" + } + } + } + }, + "is-stream": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-1.1.0.tgz", + "integrity": "sha1-EtSj3U5o4Lec6428hBc66A2RykQ=", + "dev": true, + "peer": true + }, + "micromatch": { + "version": "3.1.10", + "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-3.1.10.tgz", + "integrity": "sha512-MWikgl9n9M3w+bpsY3He8L+w9eF9338xRl8IAO5viDizwSzziFEyUzo2xrrloB64ADbTf8uA8vRqqttDTOmccg==", + "dev": true, + "peer": true, + "requires": { + "arr-diff": "^4.0.0", + "array-unique": "^0.3.2", + "braces": "^2.3.1", + "define-property": "^2.0.2", + "extend-shallow": "^3.0.2", + "extglob": "^2.0.4", + "fragment-cache": "^0.2.1", + "kind-of": "^6.0.2", + "nanomatch": "^1.2.9", + "object.pick": "^1.3.0", + "regex-not": "^1.0.0", + "snapdragon": "^0.8.1", + "to-regex": "^3.0.2" + } + }, + "normalize-path": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/normalize-path/-/normalize-path-2.1.1.tgz", + "integrity": "sha1-GrKLVW4Zg2Oowab35vogE3/mrtk=", + "dev": true, + "peer": true, + "requires": { + "remove-trailing-separator": "^1.0.1" + } + }, + "npm-run-path": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-2.0.2.tgz", + "integrity": "sha1-NakjLfo11wZ7TLLd8jV7GHFTbF8=", + "dev": true, + "peer": true, + "requires": { + "path-key": "^2.0.0" + } + }, + "path-key": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/path-key/-/path-key-2.0.1.tgz", + "integrity": "sha1-QRyttXTFoUDTpLGRDUDYDMn0C0A=", + "dev": true, + "peer": true + }, + "semver": { + "version": "5.7.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz", + "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==", + "dev": true, + "peer": true + }, + "shebang-command": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-1.2.0.tgz", + "integrity": "sha1-RKrGW2lbAzmJaMOfNj/uXer98eo=", + "dev": true, + "peer": true, + "requires": { + "shebang-regex": "^1.0.0" + } + }, + "shebang-regex": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-1.0.0.tgz", + "integrity": "sha1-2kL0l0DAtC2yypcoVxyxkMmO/qM=", + "dev": true, + "peer": true + }, + "to-regex-range": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-2.1.1.tgz", + "integrity": "sha1-fIDBe53+vlmeJzZ+DU3VWQFB2zg=", + "dev": true, + "peer": true, + "requires": { + "is-number": "^3.0.0", + "repeat-string": "^1.6.1" + } + }, + "which": { + "version": "1.3.1", + "resolved": "https://registry.npmjs.org/which/-/which-1.3.1.tgz", + "integrity": "sha512-HxJdYWq1MTIQbJ3nw0cqssHoTNU267KlrDuGZ1WYlxDStUtKUhOaJmh112/TZmHxxUfuJqPXSOm7tDyas0OSIQ==", + "dev": true, + "peer": true, + "requires": { + "isexe": "^2.0.0" + } + } + } + }, + "saxes": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/saxes/-/saxes-5.0.1.tgz", + "integrity": "sha512-5LBh1Tls8c9xgGjw3QrMwETmTMVk0oFgvrFSvWx62llR2hcEInrKNZ2GZCCuuy2lvWrdl5jhbpeqc5hRYKFOcw==", + "dev": true, + "peer": true, + "requires": { + "xmlchars": "^2.2.0" + } }, "scheduler": { "version": "0.20.2", "resolved": "https://registry.npmjs.org/scheduler/-/scheduler-0.20.2.tgz", "integrity": "sha512-2eWfGgAqqWFGqtdMmcL5zCMK1U8KlXv8SQFGglL3CEtd0aDVDWgeF/YoCmvln55m5zSk3J/20hTaSBeSObsQDQ==", + "dev": true, + "peer": true, "requires": { "loose-envify": "^1.1.0", "object-assign": "^4.1.1" } }, - "schema-utils": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-1.0.0.tgz", - "integrity": "sha512-i27Mic4KovM/lnGsy8whRCHhc7VicJajAjTrYg11K9zfZXnYIt4k5F+kZkwjnrhKzLic/HLU4j11mjsz2G/75g==", - "dev": true, - "requires": { - "ajv": "^6.1.0", - "ajv-errors": "^1.0.0", - "ajv-keywords": "^3.1.0" - } - }, - "search-insights": { - "version": "1.8.0", - "resolved": "https://registry.npmjs.org/search-insights/-/search-insights-1.8.0.tgz", - "integrity": "sha512-4sd6oS/sLH/UxiZ4vMoDbcpJP01pcoNI4mm3ZsUfDAMCPKxDda1R8SFZUv618og3NYBvvWvwmf8VRC0rNYuTkg==" - }, - "section-matter": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/section-matter/-/section-matter-1.0.0.tgz", - "integrity": "sha512-vfD3pmTzGpufjScBh50YHKzEu2lxBWhVEHsNGoEXmCmn2hKGfeNLYMzCJpe8cD7gqX7TJluOVpBkAequ6dgMmA==", - "requires": { - "extend-shallow": "^2.0.1", - "kind-of": "^6.0.0" - }, - "dependencies": { - "extend-shallow": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz", - "integrity": "sha1-Ua99YUrZqfYQ6huvu5idaxxWiQ8=", - "requires": { - "is-extendable": "^0.1.0" - } - } - } - }, - "seek-bzip": { - "version": "1.0.6", - "resolved": "https://registry.npmjs.org/seek-bzip/-/seek-bzip-1.0.6.tgz", - "integrity": "sha512-e1QtP3YL5tWww8uKaOCQ18UxIT2laNBXHjV/S2WYCiK4udiv8lkG89KRIoCjUagnAmCBurjF4zEVX2ByBbnCjQ==", - "dev": true, - "requires": { - "commander": "^2.8.1" - }, - "dependencies": { - "commander": { - "version": "2.20.3", - "resolved": "https://registry.npmjs.org/commander/-/commander-2.20.3.tgz", - "integrity": "sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ==", - "dev": true - } - } - }, "semver": { "version": "7.3.5", "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.5.tgz", "integrity": "sha512-PoeGJYh8HK4BTO/a9Tf6ZG3veo/A7ZVsYrSA6J8ny9nb3B1VrpkuN+z9OE5wfE5p6H4LchYZsegiQgbJD94ZFQ==", + "dev": true, "requires": { "lru-cache": "^6.0.0" } @@ -30824,81 +24306,19 @@ "integrity": "sha512-bXWyL6EAKOJa81XG1OZ/Yyuq+oT0b2YLlxx7c+mrdYPaPbnj6WgVULXhinMIeZGufuUBu/eVRqXEhiv4imfwxA==", "dev": true }, - "semver-truncate": { - "version": "1.1.2", - "resolved": "https://registry.npmjs.org/semver-truncate/-/semver-truncate-1.1.2.tgz", - "integrity": "sha1-V/Qd5pcHpicJp+AQS6IRcQnqR+g=", + "set-blocking": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/set-blocking/-/set-blocking-2.0.0.tgz", + "integrity": "sha1-BF+XgtARrppoA93TgrJDkrPYkPc=", "dev": true, - "requires": { - "semver": "^5.3.0" - }, - "dependencies": { - "semver": { - "version": "5.7.1", - "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz", - "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==", - "dev": true - } - } - }, - "send": { - "version": "0.17.1", - "resolved": "https://registry.npmjs.org/send/-/send-0.17.1.tgz", - "integrity": "sha512-BsVKsiGcQMFwT8UxypobUKyv7irCNRHk1T0G680vk88yf6LBByGcZJOTJCrTP2xVN6yI+XjPJcNuE3V4fT9sAg==", - "requires": { - "debug": "2.6.9", - "depd": "~1.1.2", - "destroy": "~1.0.4", - "encodeurl": "~1.0.2", - "escape-html": "~1.0.3", - "etag": "~1.8.1", - "fresh": "0.5.2", - "http-errors": "~1.7.2", - "mime": "1.6.0", - "ms": "2.1.1", - "on-finished": "~2.3.0", - "range-parser": "~1.2.1", - "statuses": "~1.5.0" - }, - "dependencies": { - "debug": { - "version": "2.6.9", - "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", - "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", - "requires": { - "ms": "2.0.0" - }, - "dependencies": { - "ms": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", - "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=" - } - } - }, - "ms": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.1.tgz", - "integrity": "sha512-tgp+dl5cGk28utYktBsrFqA7HKgrhgPsg6Z/EfhWI4gl1Hwq8B/GmY/0oXZ6nF8hDVesS/FpnYaD/kOWhYQvyg==" - } - } - }, - "serve-static": { - "version": "1.14.1", - "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-1.14.1.tgz", - "integrity": "sha512-JMrvUwE54emCYWlTI+hGrGv5I8dEwmco/00EvkzIIsR7MqrHonbD9pO2MOfFnpFntl7ecpZs+3mW+XbQZu9QCg==", - "requires": { - "encodeurl": "~1.0.2", - "escape-html": "~1.0.3", - "parseurl": "~1.3.3", - "send": "0.17.1" - } + "peer": true }, "set-value": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/set-value/-/set-value-2.0.1.tgz", "integrity": "sha512-JxHc1weCN68wRY0fhCoXpyK55m/XPHafOmK4UWD7m2CI14GMcFypt4w/0+NV5f/ZMby2F6S2wwA7fgynh9gWSw==", "dev": true, + "peer": true, "requires": { "extend-shallow": "^2.0.1", "is-extendable": "^0.1.1", @@ -30911,6 +24331,7 @@ "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz", "integrity": "sha1-Ua99YUrZqfYQ6huvu5idaxxWiQ8=", "dev": true, + "peer": true, "requires": { "is-extendable": "^0.1.0" } @@ -30920,17 +24341,23 @@ "setimmediate": { "version": "1.0.5", "resolved": "https://registry.npmjs.org/setimmediate/-/setimmediate-1.0.5.tgz", - "integrity": "sha1-KQy7Iy4waULX1+qbg3Mqt4VvgoU=" + "integrity": "sha1-KQy7Iy4waULX1+qbg3Mqt4VvgoU=", + "dev": true, + "peer": true }, "setprototypeof": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.1.1.tgz", - "integrity": "sha512-JvdAWfbXeIGaZ9cILp38HntZSFSo3mWg6xGcJJsd+d4aRMOqauag1C63dJfDw7OaMYwEbHMOxEZ1lqVRYP2OAw==" + "integrity": "sha512-JvdAWfbXeIGaZ9cILp38HntZSFSo3mWg6xGcJJsd+d4aRMOqauag1C63dJfDw7OaMYwEbHMOxEZ1lqVRYP2OAw==", + "dev": true, + "peer": true }, "sha.js": { "version": "2.4.11", "resolved": "https://registry.npmjs.org/sha.js/-/sha.js-2.4.11.tgz", "integrity": "sha512-QMEp5B7cftE7APOjk5Y6xgrbWu+WkLVQwk8JNjZ8nKRciZaByEW6MubieAiToS7+dwvrjGhH8jRXz3MVd0AYqQ==", + "dev": true, + "peer": true, "requires": { "inherits": "^2.0.1", "safe-buffer": "^5.0.1" @@ -30954,12 +24381,17 @@ "shell-quote": { "version": "1.7.2", "resolved": "https://registry.npmjs.org/shell-quote/-/shell-quote-1.7.2.tgz", - "integrity": "sha512-mRz/m/JVscCrkMyPqHc/bczi3OQHkLTqXHEFu0zDhK/qfv3UcOA4SVmRCLmos4bhjr9ekVQubj/R7waKapmiQg==" + "integrity": "sha512-mRz/m/JVscCrkMyPqHc/bczi3OQHkLTqXHEFu0zDhK/qfv3UcOA4SVmRCLmos4bhjr9ekVQubj/R7waKapmiQg==", + "dev": true, + "peer": true }, "shellwords": { "version": "0.1.1", "resolved": "https://registry.npmjs.org/shellwords/-/shellwords-0.1.1.tgz", - "integrity": "sha512-vFwSUfQvqybiICwZY5+DAWIPLKsWO31Q91JSKl3UYv+K5c2QRPzn0qzec6QPu1Qc9eHYItiP3NdJqNVqetYAww==" + "integrity": "sha512-vFwSUfQvqybiICwZY5+DAWIPLKsWO31Q91JSKl3UYv+K5c2QRPzn0qzec6QPu1Qc9eHYItiP3NdJqNVqetYAww==", + "dev": true, + "optional": true, + "peer": true }, "side-channel": { "version": "1.0.4", @@ -31050,6 +24482,13 @@ } } }, + "sisteransi": { + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/sisteransi/-/sisteransi-1.0.5.tgz", + "integrity": "sha512-bLGGlR1QxBcynn2d5YmDX4MGjlZvy2MRBDRNHLJ8VI6l6+9FUiyTFNJ0IveOSP0bcXgVDPRcfGqA0pjaqUpfVg==", + "dev": true, + "peer": true + }, "slash": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/slash/-/slash-3.0.0.tgz", @@ -31078,6 +24517,7 @@ "resolved": "https://registry.npmjs.org/snapdragon/-/snapdragon-0.8.2.tgz", "integrity": "sha512-FtyOnWN/wCHTVXOMwvSv26d+ko5vWlIDD6zoUJ7LW8vh+ZBC8QdljveRP+crNrtBwioEUWy/4dMtbBjA4ioNlg==", "dev": true, + "peer": true, "requires": { "base": "^0.11.1", "debug": "^2.2.0", @@ -31094,6 +24534,7 @@ "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", "dev": true, + "peer": true, "requires": { "ms": "2.0.0" } @@ -31103,6 +24544,7 @@ "resolved": "https://registry.npmjs.org/define-property/-/define-property-0.2.5.tgz", "integrity": "sha1-w1se+RjsPJkPmlvFe+BKrOxcgRY=", "dev": true, + "peer": true, "requires": { "is-descriptor": "^0.1.0" } @@ -31112,6 +24554,7 @@ "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz", "integrity": "sha1-Ua99YUrZqfYQ6huvu5idaxxWiQ8=", "dev": true, + "peer": true, "requires": { "is-extendable": "^0.1.0" } @@ -31121,6 +24564,7 @@ "resolved": "https://registry.npmjs.org/is-accessor-descriptor/-/is-accessor-descriptor-0.1.6.tgz", "integrity": "sha1-qeEss66Nh2cn7u84Q/igiXtcmNY=", "dev": true, + "peer": true, "requires": { "kind-of": "^3.0.2" }, @@ -31130,6 +24574,7 @@ "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", "integrity": "sha1-MeohpzS6ubuw8yRm2JOupR5KPGQ=", "dev": true, + "peer": true, "requires": { "is-buffer": "^1.1.5" } @@ -31140,13 +24585,15 @@ "version": "1.1.6", "resolved": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.6.tgz", "integrity": "sha512-NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w==", - "dev": true + "dev": true, + "peer": true }, "is-data-descriptor": { "version": "0.1.4", "resolved": "https://registry.npmjs.org/is-data-descriptor/-/is-data-descriptor-0.1.4.tgz", "integrity": "sha1-C17mSDiOLIYCgueT8YVv7D8wG1Y=", "dev": true, + "peer": true, "requires": { "kind-of": "^3.0.2" }, @@ -31156,6 +24603,7 @@ "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", "integrity": "sha1-MeohpzS6ubuw8yRm2JOupR5KPGQ=", "dev": true, + "peer": true, "requires": { "is-buffer": "^1.1.5" } @@ -31167,6 +24615,7 @@ "resolved": "https://registry.npmjs.org/is-descriptor/-/is-descriptor-0.1.6.tgz", "integrity": "sha512-avDYr0SB3DwO9zsMov0gKCESFYqCnE4hq/4z3TdUlukEy5t9C0YRq7HLrsN52NAcqXKaepeCD0n+B0arnVG3Hg==", "dev": true, + "peer": true, "requires": { "is-accessor-descriptor": "^0.1.6", "is-data-descriptor": "^0.1.4", @@ -31177,13 +24626,15 @@ "version": "5.1.0", "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-5.1.0.tgz", "integrity": "sha512-NGEErnH6F2vUuXDh+OlbcKW7/wOcfdRHaZ7VWtqCztfHri/++YKmP51OdWeGPuqCOba6kk2OTe5d02VmTB80Pw==", - "dev": true + "dev": true, + "peer": true }, "ms": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=", - "dev": true + "dev": true, + "peer": true } } }, @@ -31192,6 +24643,7 @@ "resolved": "https://registry.npmjs.org/snapdragon-node/-/snapdragon-node-2.1.1.tgz", "integrity": "sha512-O27l4xaMYt/RSQ5TR3vpWCAB5Kb/czIcqUFOM/C4fYcLnbZUc1PkjTAMjof2pBWaSTwOUd6qUHcFGVGj7aIwnw==", "dev": true, + "peer": true, "requires": { "define-property": "^1.0.0", "isobject": "^3.0.0", @@ -31203,6 +24655,7 @@ "resolved": "https://registry.npmjs.org/define-property/-/define-property-1.0.0.tgz", "integrity": "sha1-dp66rz9KY6rTr56NMEybvnm/sOY=", "dev": true, + "peer": true, "requires": { "is-descriptor": "^1.0.0" } @@ -31214,6 +24667,7 @@ "resolved": "https://registry.npmjs.org/snapdragon-util/-/snapdragon-util-3.0.1.tgz", "integrity": "sha512-mbKkMdQKsjX4BAL4bRYTj21edOf8cN7XHdYUJEe+Zn99hVEYcMvKPct1IqNe7+AZPirn8BCDOQBHQZknqmKlZQ==", "dev": true, + "peer": true, "requires": { "kind-of": "^3.2.0" }, @@ -31222,47 +24676,33 @@ "version": "1.1.6", "resolved": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.6.tgz", "integrity": "sha512-NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w==", - "dev": true + "dev": true, + "peer": true }, "kind-of": { "version": "3.2.2", "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", "integrity": "sha1-MeohpzS6ubuw8yRm2JOupR5KPGQ=", "dev": true, + "peer": true, "requires": { "is-buffer": "^1.1.5" } } } }, - "sort-keys": { - "version": "1.1.2", - "resolved": "https://registry.npmjs.org/sort-keys/-/sort-keys-1.1.2.tgz", - "integrity": "sha1-RBttTTRnmPG05J6JIK37oOVD+a0=", - "dev": true, - "requires": { - "is-plain-obj": "^1.0.0" - } - }, - "sort-keys-length": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/sort-keys-length/-/sort-keys-length-1.0.1.tgz", - "integrity": "sha1-nLb09OnkgVWmqgZx7dM2/xR5oYg=", - "dev": true, - "requires": { - "sort-keys": "^1.0.0" - } - }, "source-map": { "version": "0.5.7", "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.5.7.tgz", - "integrity": "sha1-igOdLRAh0i0eoUyA2OpGi6LvP8w=" + "integrity": "sha1-igOdLRAh0i0eoUyA2OpGi6LvP8w=", + "dev": true }, "source-map-resolve": { "version": "0.5.3", "resolved": "https://registry.npmjs.org/source-map-resolve/-/source-map-resolve-0.5.3.tgz", "integrity": "sha512-Htz+RnsXWk5+P2slx5Jh3Q66vhQj1Cllm0zvnaY98+NFx+Dv2CF/f5O/t8x+KaNdrdIAsruNzoh/KpialbqAnw==", "dev": true, + "peer": true, "requires": { "atob": "^2.1.2", "decode-uri-component": "^0.2.0", @@ -31271,16 +24711,32 @@ "urix": "^0.1.0" } }, + "source-map-support": { + "version": "0.5.21", + "resolved": "https://registry.npmjs.org/source-map-support/-/source-map-support-0.5.21.tgz", + "integrity": "sha512-uBHU3L3czsIyYXKX88fdrGovxdSCoTGDRZ6SYXtSRxLZUzHg5P/66Ht6uoUlHu9EZod+inXhKo3qQgwXUT/y1w==", + "dev": true, + "peer": true, + "requires": { + "buffer-from": "^1.0.0", + "source-map": "^0.6.0" + }, + "dependencies": { + "source-map": { + "version": "0.6.1", + "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", + "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==", + "dev": true, + "peer": true + } + } + }, "source-map-url": { "version": "0.4.1", "resolved": "https://registry.npmjs.org/source-map-url/-/source-map-url-0.4.1.tgz", "integrity": "sha512-cPiFOTLUKvJFIg4SKVScy4ilPPW6rFgMgfuZJPNoDuMs3nC1HbMUycBoJw77xFIp6z1UJQJOfx6C9GMH80DiTw==", - "dev": true - }, - "space-separated-tokens": { - "version": "1.1.5", - "resolved": "https://registry.npmjs.org/space-separated-tokens/-/space-separated-tokens-1.1.5.tgz", - "integrity": "sha512-q/JSVd1Lptzhf5bkYm4ob4iWPjx0KiRe3sRFBNrVqbJkFaBm5vbbowy1mymoPNLRa52+oadOhJ+K49wsSeSjTA==" + "dev": true, + "peer": true }, "spdx-correct": { "version": "3.1.1", @@ -31325,6 +24781,7 @@ "resolved": "https://registry.npmjs.org/split-string/-/split-string-3.1.0.tgz", "integrity": "sha512-NzNVhJDYpwceVVii8/Hu6DKfD2G+NrQHlS/V/qgv763EYudVwEcMQNxd2lh+0VrUByXN/oJkl5grOhYWvQUYiw==", "dev": true, + "peer": true, "requires": { "extend-shallow": "^3.0.0" } @@ -31332,84 +24789,34 @@ "sprintf-js": { "version": "1.0.3", "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", - "integrity": "sha1-BOaSb2YolTVPPdAVIDYzuFcpfiw=" - }, - "squeak": { - "version": "1.3.0", - "resolved": "https://registry.npmjs.org/squeak/-/squeak-1.3.0.tgz", - "integrity": "sha1-MwRQN7ZDiLVnZ0uEMiplIQc5FsM=", - "dev": true, - "requires": { - "chalk": "^1.0.0", - "console-stream": "^0.1.1", - "lpad-align": "^1.0.1" - }, - "dependencies": { - "ansi-regex": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz", - "integrity": "sha1-w7M6te42DYbg5ijwRorn7yfWVN8=", - "dev": true - }, - "ansi-styles": { - "version": "2.2.1", - "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-2.2.1.tgz", - "integrity": "sha1-tDLdM1i2NM914eRmQ2gkBTPB3b4=", - "dev": true - }, - "chalk": { - "version": "1.1.3", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz", - "integrity": "sha1-qBFcVeSnAv5NFQq9OHKCKn4J/Jg=", - "dev": true, - "requires": { - "ansi-styles": "^2.2.1", - "escape-string-regexp": "^1.0.2", - "has-ansi": "^2.0.0", - "strip-ansi": "^3.0.0", - "supports-color": "^2.0.0" - } - }, - "strip-ansi": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-3.0.1.tgz", - "integrity": "sha1-ajhfuIU9lS1f8F0Oiq+UJ43GPc8=", - "dev": true, - "requires": { - "ansi-regex": "^2.0.0" - } - }, - "supports-color": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-2.0.0.tgz", - "integrity": "sha1-U10EXOa2Nj+kARcIRimZXp3zJMc=", - "dev": true - } - } - }, - "stable": { - "version": "0.1.8", - "resolved": "https://registry.npmjs.org/stable/-/stable-0.1.8.tgz", - "integrity": "sha512-ji9qxRnOVfcuLDySj9qzhGSEFVobyt1kIOSkj1qZzYLzq7Tos/oUUWvotUPQLlrsidqsK6tBH89Bc9kL5zHA6w==", + "integrity": "sha1-BOaSb2YolTVPPdAVIDYzuFcpfiw=", "dev": true }, - "stack-generator": { + "stack-utils": { "version": "2.0.5", - "resolved": "https://registry.npmjs.org/stack-generator/-/stack-generator-2.0.5.tgz", - "integrity": "sha512-/t1ebrbHkrLrDuNMdeAcsvynWgoH/i4o8EGGfX7dEYDoTXOYVAkEpFdtshlvabzc6JlJ8Kf9YdFEoz7JkzGN9Q==", + "resolved": "https://registry.npmjs.org/stack-utils/-/stack-utils-2.0.5.tgz", + "integrity": "sha512-xrQcmYhOsn/1kX+Vraq+7j4oE2j/6BFscZ0etmYg81xuM8Gq0022Pxb8+IqgOFUIaxHs0KaSb7T1+OegiNrNFA==", + "dev": true, + "peer": true, "requires": { - "stackframe": "^1.1.1" + "escape-string-regexp": "^2.0.0" + }, + "dependencies": { + "escape-string-regexp": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-2.0.0.tgz", + "integrity": "sha512-UpzcLCXolUWcNu5HtVMHYdXJjArjsF9C0aNnquZYY4uW/Vu0miy5YoWvbV345HauVvcAUnpRuhMMcqTcGOY2+w==", + "dev": true, + "peer": true + } } }, - "stackframe": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/stackframe/-/stackframe-1.2.0.tgz", - "integrity": "sha512-GrdeshiRmS1YLMYgzF16olf2jJ/IzxXY9lhKOskuVziubpTYcYqyOwYeJKzQkwy7uN0fYSsbsC4RQaXf9LCrYA==" - }, "stacktrace-parser": { "version": "0.1.10", "resolved": "https://registry.npmjs.org/stacktrace-parser/-/stacktrace-parser-0.1.10.tgz", "integrity": "sha512-KJP1OCML99+8fhOHxwwzyWrlUuVX5GQ0ZpJTd1DFXhdkrvg1szxfHhawXUZ3g9TkXORQd4/WG68jMlQZ2p8wlg==", + "dev": true, + "peer": true, "requires": { "type-fest": "^0.7.1" }, @@ -31417,20 +24824,18 @@ "type-fest": { "version": "0.7.1", "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.7.1.tgz", - "integrity": "sha512-Ne2YiiGN8bmrmJJEuTWTLJR32nh/JdL1+PSicowtNb0WFpn59GK8/lfD61bVtzguz7b3PBt74nxpv/Pw5po5Rg==" + "integrity": "sha512-Ne2YiiGN8bmrmJJEuTWTLJR32nh/JdL1+PSicowtNb0WFpn59GK8/lfD61bVtzguz7b3PBt74nxpv/Pw5po5Rg==", + "dev": true, + "peer": true } } }, - "state-toggle": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/state-toggle/-/state-toggle-1.0.3.tgz", - "integrity": "sha512-d/5Z4/2iiCnHw6Xzghyhb+GcmF89bxwgXG60wjIiZaxnymbyOmI8Hk4VqHXiVVp6u2ysaskFfXg3ekCj4WNftQ==" - }, "static-extend": { "version": "0.1.2", "resolved": "https://registry.npmjs.org/static-extend/-/static-extend-0.1.2.tgz", "integrity": "sha1-YICcOcv/VTNyJv1eC1IPNB8ftcY=", "dev": true, + "peer": true, "requires": { "define-property": "^0.2.5", "object-copy": "^0.1.0" @@ -31441,6 +24846,7 @@ "resolved": "https://registry.npmjs.org/define-property/-/define-property-0.2.5.tgz", "integrity": "sha1-w1se+RjsPJkPmlvFe+BKrOxcgRY=", "dev": true, + "peer": true, "requires": { "is-descriptor": "^0.1.0" } @@ -31450,6 +24856,7 @@ "resolved": "https://registry.npmjs.org/is-accessor-descriptor/-/is-accessor-descriptor-0.1.6.tgz", "integrity": "sha1-qeEss66Nh2cn7u84Q/igiXtcmNY=", "dev": true, + "peer": true, "requires": { "kind-of": "^3.0.2" }, @@ -31459,6 +24866,7 @@ "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", "integrity": "sha1-MeohpzS6ubuw8yRm2JOupR5KPGQ=", "dev": true, + "peer": true, "requires": { "is-buffer": "^1.1.5" } @@ -31469,13 +24877,15 @@ "version": "1.1.6", "resolved": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.6.tgz", "integrity": "sha512-NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w==", - "dev": true + "dev": true, + "peer": true }, "is-data-descriptor": { "version": "0.1.4", "resolved": "https://registry.npmjs.org/is-data-descriptor/-/is-data-descriptor-0.1.4.tgz", "integrity": "sha1-C17mSDiOLIYCgueT8YVv7D8wG1Y=", "dev": true, + "peer": true, "requires": { "kind-of": "^3.0.2" }, @@ -31485,6 +24895,7 @@ "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", "integrity": "sha1-MeohpzS6ubuw8yRm2JOupR5KPGQ=", "dev": true, + "peer": true, "requires": { "is-buffer": "^1.1.5" } @@ -31496,6 +24907,7 @@ "resolved": "https://registry.npmjs.org/is-descriptor/-/is-descriptor-0.1.6.tgz", "integrity": "sha512-avDYr0SB3DwO9zsMov0gKCESFYqCnE4hq/4z3TdUlukEy5t9C0YRq7HLrsN52NAcqXKaepeCD0n+B0arnVG3Hg==", "dev": true, + "peer": true, "requires": { "is-accessor-descriptor": "^0.1.6", "is-data-descriptor": "^0.1.4", @@ -31506,19 +24918,24 @@ "version": "5.1.0", "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-5.1.0.tgz", "integrity": "sha512-NGEErnH6F2vUuXDh+OlbcKW7/wOcfdRHaZ7VWtqCztfHri/++YKmP51OdWeGPuqCOba6kk2OTe5d02VmTB80Pw==", - "dev": true + "dev": true, + "peer": true } } }, "statuses": { "version": "1.5.0", "resolved": "https://registry.npmjs.org/statuses/-/statuses-1.5.0.tgz", - "integrity": "sha1-Fhx9rBd2Wf2YEfQ3cfqZOBR4Yow=" + "integrity": "sha1-Fhx9rBd2Wf2YEfQ3cfqZOBR4Yow=", + "dev": true, + "peer": true }, "stream-browserify": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/stream-browserify/-/stream-browserify-3.0.0.tgz", "integrity": "sha512-H73RAHsVBapbim0tU2JwwOiXUj+fikfiaoYAKHF3VJfA0pe2BCzkhAHBlLG6REzE+2WNZcxOXjK7lkso+9euLA==", + "dev": true, + "peer": true, "requires": { "inherits": "~2.0.4", "readable-stream": "^3.5.0" @@ -31528,6 +24945,8 @@ "version": "3.1.1", "resolved": "https://registry.npmjs.org/stream-http/-/stream-http-3.1.1.tgz", "integrity": "sha512-S7OqaYu0EkFpgeGFb/NPOoPLxFko7TPqtEeFg5DXPB4v/KETHG0Ln6fRFrNezoelpaDKmycEmmZ81cC9DAwgYg==", + "dev": true, + "peer": true, "requires": { "builtin-status-codes": "^3.0.0", "inherits": "^2.0.4", @@ -31539,6 +24958,8 @@ "version": "0.3.1", "resolved": "https://registry.npmjs.org/stream-parser/-/stream-parser-0.3.1.tgz", "integrity": "sha1-FhhUhpRCACGhGC/wrxkRwSl2F3M=", + "dev": true, + "peer": true, "requires": { "debug": "2" }, @@ -31547,6 +24968,8 @@ "version": "2.6.9", "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", + "dev": true, + "peer": true, "requires": { "ms": "2.0.0" } @@ -31554,19 +24977,17 @@ "ms": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", - "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=" + "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=", + "dev": true, + "peer": true } } }, - "strict-uri-encode": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/strict-uri-encode/-/strict-uri-encode-1.1.0.tgz", - "integrity": "sha1-J5siXfHVgrH1TmWt3UNS4Y+qBxM=" - }, "string_decoder": { "version": "1.3.0", "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.3.0.tgz", "integrity": "sha512-hkRX8U1WjJFd8LsDJ2yQ/wWWxaopEsABU1XfkM8A+j0+85JAGppt16cr1Whg6KIbb4okU6Mql6BOj+uup/wKeA==", + "dev": true, "requires": { "safe-buffer": "~5.2.0" }, @@ -31574,7 +24995,8 @@ "safe-buffer": { "version": "5.2.1", "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", - "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==" + "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==", + "dev": true } } }, @@ -31587,7 +25009,20 @@ "string-hash": { "version": "1.1.3", "resolved": "https://registry.npmjs.org/string-hash/-/string-hash-1.1.3.tgz", - "integrity": "sha1-6Kr8CsGFW0Zmkp7X3RJ1311sgRs=" + "integrity": "sha1-6Kr8CsGFW0Zmkp7X3RJ1311sgRs=", + "dev": true, + "peer": true + }, + "string-length": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/string-length/-/string-length-4.0.2.tgz", + "integrity": "sha512-+l6rNN5fYHNhZZy41RXsYptCjA2Igmq4EG7kZAYFQI1E1VTXarr6ZPXBg6eq7Y6eK4FEhY6AJlyuFIb/v/S0VQ==", + "dev": true, + "peer": true, + "requires": { + "char-regex": "^1.0.2", + "strip-ansi": "^6.0.0" + } }, "string-width": { "version": "4.2.3", @@ -31631,6 +25066,7 @@ "version": "1.0.4", "resolved": "https://registry.npmjs.org/string.prototype.trimend/-/string.prototype.trimend-1.0.4.tgz", "integrity": "sha512-y9xCjw1P23Awk8EvTpcyL2NIr1j7wJ39f+k6lvRnSMz+mz9CGz9NYPelDk42kOz6+ql8xjfK8oYzy3jAP5QU5A==", + "dev": true, "requires": { "call-bind": "^1.0.2", "define-properties": "^1.1.3" @@ -31640,21 +25076,12 @@ "version": "1.0.4", "resolved": "https://registry.npmjs.org/string.prototype.trimstart/-/string.prototype.trimstart-1.0.4.tgz", "integrity": "sha512-jh6e984OBfvxS50tdY2nRZnoC5/mLFKOREQfw8t5yytkoUsJRNxvI/E39qu1sD0OtWI3OC0XgKSmcWwziwYuZw==", + "dev": true, "requires": { "call-bind": "^1.0.2", "define-properties": "^1.1.3" } }, - "stringify-entities": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/stringify-entities/-/stringify-entities-3.1.0.tgz", - "integrity": "sha512-3FP+jGMmMV/ffZs86MoghGqAoqXAdxLrJP4GUdrDN1aIScYih5tuIO3eF4To5AJZ79KDZ8Fpdy7QJnK8SsL1Vg==", - "requires": { - "character-entities-html4": "^1.0.0", - "character-entities-legacy": "^1.0.0", - "xtend": "^4.0.0" - } - }, "stringify-object": { "version": "3.3.0", "resolved": "https://registry.npmjs.org/stringify-object/-/stringify-object-3.3.0.tgz", @@ -31670,6 +25097,7 @@ "version": "6.0.0", "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.0.tgz", "integrity": "sha512-AuvKTrTfQNYNIctbR1K/YGTR1756GycPsg7b9bdV9Duqur4gv6aKqHXah67Z8ImS7WEz5QVcOtlfW2rZEugt6w==", + "dev": true, "requires": { "ansi-regex": "^5.0.0" } @@ -31680,25 +25108,12 @@ "integrity": "sha1-IzTBjpx1n3vdVv3vfprj1YjmjtM=", "dev": true }, - "strip-bom-string": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/strip-bom-string/-/strip-bom-string-1.0.0.tgz", - "integrity": "sha1-5SEekiQ2n7uB1jOi8ABE3IztrZI=" - }, - "strip-dirs": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/strip-dirs/-/strip-dirs-2.1.0.tgz", - "integrity": "sha512-JOCxOeKLm2CAS73y/U4ZeZPTkE+gNVCzKt7Eox84Iej1LT/2pTWYpZKJuxwQpvX1LiZb1xokNR7RLfuBAa7T3g==", - "dev": true, - "requires": { - "is-natural-number": "^4.0.1" - } - }, "strip-eof": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/strip-eof/-/strip-eof-1.0.0.tgz", "integrity": "sha1-u0P/VZim6wXYm1n80SnJgzE2Br8=", - "dev": true + "dev": true, + "peer": true }, "strip-final-newline": { "version": "2.0.0", @@ -31721,49 +25136,18 @@ "integrity": "sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==", "dev": true }, - "strip-outer": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/strip-outer/-/strip-outer-1.0.1.tgz", - "integrity": "sha512-k55yxKHwaXnpYGsOzg4Vl8+tDrWylxDEpknGjhTiZB8dFRU5rTo9CAzeycivxV3s+zlTKwrs6WxMxR95n26kwg==", - "dev": true, - "requires": { - "escape-string-regexp": "^1.0.2" - } - }, "style-search": { "version": "0.1.0", "resolved": "https://registry.npmjs.org/style-search/-/style-search-0.1.0.tgz", "integrity": "sha1-eVjHk+R+MuB9K1yv5cC/jhLneQI=", "dev": true }, - "style-to-object": { - "version": "0.3.0", - "resolved": "https://registry.npmjs.org/style-to-object/-/style-to-object-0.3.0.tgz", - "integrity": "sha512-CzFnRRXhzWIdItT3OmF8SQfWyahHhjq3HwcMNCNLn+N7klOOqPjMeG/4JSu77D7ypZdGvSzvkrbyeTMizz2VrA==", - "requires": { - "inline-style-parser": "0.1.1" - } - }, - "style-value-types": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/style-value-types/-/style-value-types-5.0.0.tgz", - "integrity": "sha512-08yq36Ikn4kx4YU6RD7jWEv27v4V+PUsOGa4n/as8Et3CuODMJQ00ENeAVXAeydX4Z2j1XHZF1K2sX4mGl18fA==", - "requires": { - "hey-listen": "^1.0.8", - "tslib": "^2.1.0" - }, - "dependencies": { - "tslib": { - "version": "2.3.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.3.1.tgz", - "integrity": "sha512-77EbyPPpMz+FRFRuAFlWMtmgUWGe9UOG2Z25NqCwiIjRhOf5iKGuzSe5P2w1laq+FkRy4p+PCuVkJSGkzTEKVw==" - } - } - }, "styled-jsx": { "version": "4.0.1", "resolved": "https://registry.npmjs.org/styled-jsx/-/styled-jsx-4.0.1.tgz", "integrity": "sha512-Gcb49/dRB1k8B4hdK8vhW27Rlb2zujCk1fISrizCcToIs+55B4vmUM0N9Gi4nnVfFZWe55jRdWpAqH1ldAKWvQ==", + "dev": true, + "peer": true, "requires": { "@babel/plugin-syntax-jsx": "7.14.5", "@babel/types": "7.15.0", @@ -31779,6 +25163,8 @@ "version": "7.14.5", "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-jsx/-/plugin-syntax-jsx-7.14.5.tgz", "integrity": "sha512-ohuFIsOMXJnbOMRfX7/w7LocdR6R7whhuRD4ax8IipLcLPlZGJKkBxgHp++U4N/vKyU16/YDQr2f5seajD3jIw==", + "dev": true, + "peer": true, "requires": { "@babel/helper-plugin-utils": "^7.14.5" } @@ -31786,12 +25172,16 @@ "emojis-list": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/emojis-list/-/emojis-list-2.1.0.tgz", - "integrity": "sha1-TapNnbAPmBmIDHn6RXrlsJof04k=" + "integrity": "sha1-TapNnbAPmBmIDHn6RXrlsJof04k=", + "dev": true, + "peer": true }, "json5": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/json5/-/json5-1.0.1.tgz", "integrity": "sha512-aKS4WQjPenRxiQsC93MNfjx+nbF4PAdYzmd/1JIj8HYzqfbu86beTuNgXDzPknWk0n0uARlyewZo4s++ES36Ow==", + "dev": true, + "peer": true, "requires": { "minimist": "^1.2.0" } @@ -31800,6 +25190,8 @@ "version": "1.2.3", "resolved": "https://registry.npmjs.org/loader-utils/-/loader-utils-1.2.3.tgz", "integrity": "sha512-fkpz8ejdnEMG3s37wGL07iSBDg99O9D5yflE9RGNH3hRdx9SOwYfnGYdZOUIZitN8E+E2vkq3MUMYMvPYl5ZZA==", + "dev": true, + "peer": true, "requires": { "big.js": "^5.2.2", "emojis-list": "^2.0.0", @@ -31809,7 +25201,9 @@ "source-map": { "version": "0.7.3", "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.7.3.tgz", - "integrity": "sha512-CkCj6giN3S+n9qrYiBTX5gystlENnRW5jZeNLHpe6aue+SrHcG5VYwujhW9s4dY31mEGsxBDrHR6oI69fTXsaQ==" + "integrity": "sha512-CkCj6giN3S+n9qrYiBTX5gystlENnRW5jZeNLHpe6aue+SrHcG5VYwujhW9s4dY31mEGsxBDrHR6oI69fTXsaQ==", + "dev": true, + "peer": true } } }, @@ -32104,12 +25498,16 @@ "stylis": { "version": "3.5.4", "resolved": "https://registry.npmjs.org/stylis/-/stylis-3.5.4.tgz", - "integrity": "sha512-8/3pSmthWM7lsPBKv7NXkzn2Uc9W7NotcwGNpJaa3k7WMM1XDCA4MgT5k/8BIexd5ydZdboXtU90XH9Ec4Bv/Q==" + "integrity": "sha512-8/3pSmthWM7lsPBKv7NXkzn2Uc9W7NotcwGNpJaa3k7WMM1XDCA4MgT5k/8BIexd5ydZdboXtU90XH9Ec4Bv/Q==", + "dev": true, + "peer": true }, "stylis-rule-sheet": { "version": "0.0.10", "resolved": "https://registry.npmjs.org/stylis-rule-sheet/-/stylis-rule-sheet-0.0.10.tgz", "integrity": "sha512-nTbZoaqoBnmK+ptANthb10ZRZOGC+EmTLLUxeYIuHNkEKcmKgXX1XWKkUBT2Ac4es3NybooPe0SmvKdhKJZAuw==", + "dev": true, + "peer": true, "requires": {} }, "sugarss": { @@ -32205,102 +25603,34 @@ "version": "7.2.0", "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==", + "dev": true, "requires": { "has-flag": "^4.0.0" } }, + "supports-hyperlinks": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/supports-hyperlinks/-/supports-hyperlinks-2.2.0.tgz", + "integrity": "sha512-6sXEzV5+I5j8Bmq9/vUphGRM/RJNT9SCURJLjwfOg51heRtguGWDzcaBlgAzKhQa0EVNpPEKzQuBwZ8S8WaCeQ==", + "dev": true, + "peer": true, + "requires": { + "has-flag": "^4.0.0", + "supports-color": "^7.0.0" + } + }, "svg-tags": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/svg-tags/-/svg-tags-1.0.0.tgz", "integrity": "sha1-WPcc7jvVGbWdSyqEO2x95krAR2Q=", "dev": true }, - "svgo": { - "version": "1.3.2", - "resolved": "https://registry.npmjs.org/svgo/-/svgo-1.3.2.tgz", - "integrity": "sha512-yhy/sQYxR5BkC98CY7o31VGsg014AKLEPxdfhora76l36hD9Rdy5NZA/Ocn6yayNPgSamYdtX2rFJdcv07AYVw==", + "symbol-tree": { + "version": "3.2.4", + "resolved": "https://registry.npmjs.org/symbol-tree/-/symbol-tree-3.2.4.tgz", + "integrity": "sha512-9QNk5KwDF+Bvz+PyObkmSYjI5ksVUYtjW7AU22r2NKcfLJcXp96hkDWU3+XndOsUb+AQ9QhfzfCT2O+CNWT5Tw==", "dev": true, - "requires": { - "chalk": "^2.4.1", - "coa": "^2.0.2", - "css-select": "^2.0.0", - "css-select-base-adapter": "^0.1.1", - "css-tree": "1.0.0-alpha.37", - "csso": "^4.0.2", - "js-yaml": "^3.13.1", - "mkdirp": "~0.5.1", - "object.values": "^1.1.0", - "sax": "~1.2.4", - "stable": "^0.1.8", - "unquote": "~1.1.1", - "util.promisify": "~1.0.0" - }, - "dependencies": { - "ansi-styles": { - "version": "3.2.1", - "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz", - "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==", - "dev": true, - "requires": { - "color-convert": "^1.9.0" - } - }, - "chalk": { - "version": "2.4.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz", - "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==", - "dev": true, - "requires": { - "ansi-styles": "^3.2.1", - "escape-string-regexp": "^1.0.5", - "supports-color": "^5.3.0" - } - }, - "color-convert": { - "version": "1.9.3", - "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", - "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==", - "dev": true, - "requires": { - "color-name": "1.1.3" - } - }, - "color-name": { - "version": "1.1.3", - "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", - "integrity": "sha1-p9BVi9icQveV3UIyj3QIMcpTvCU=", - "dev": true - }, - "has-flag": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", - "integrity": "sha1-tdRU3CGZriJWmfNGfloH87lVuv0=", - "dev": true - }, - "mkdirp": { - "version": "0.5.5", - "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.5.tgz", - "integrity": "sha512-NKmAlESf6jMGym1++R0Ra7wvhV+wFW63FaSOFPwRahvea0gMUcGUhVeAg/0BC0wiv9ih5NYPB1Wn1UEI1/L+xQ==", - "dev": true, - "requires": { - "minimist": "^1.2.5" - } - }, - "supports-color": { - "version": "5.5.0", - "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", - "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==", - "dev": true, - "requires": { - "has-flag": "^3.0.0" - } - } - } - }, - "tabbable": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/tabbable/-/tabbable-4.0.0.tgz", - "integrity": "sha512-H1XoH1URcBOa/rZZWxLxHCtOdVUEev+9vo5YdYhC9tCY4wnybX+VQrCYuy9ubkg69fCBxCONJOSLGfw0DWMffQ==" + "peer": true }, "table": { "version": "6.7.1", @@ -32347,67 +25677,27 @@ } } }, - "tapable": { - "version": "2.2.1", - "resolved": "https://registry.npmjs.org/tapable/-/tapable-2.2.1.tgz", - "integrity": "sha512-GNzQvQTOIP6RyTfE2Qxb8ZVlNmw0n88vp1szwWRimP02mnTsx3Wtn5qRdqY9w2XduFNUgvOwhNnQsjwCp+kqaQ==", - "dev": true - }, - "tar-stream": { - "version": "1.6.2", - "resolved": "https://registry.npmjs.org/tar-stream/-/tar-stream-1.6.2.tgz", - "integrity": "sha512-rzS0heiNf8Xn7/mpdSVVSMAWAoy9bfb1WOTYC78Z0UQKeKa/CWS8FOq0lKGNa8DWKAn9gxjCvMLYc5PGXYlK2A==", + "terminal-link": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/terminal-link/-/terminal-link-2.1.1.tgz", + "integrity": "sha512-un0FmiRUQNr5PJqy9kP7c40F5BOfpGlYTrxonDChEZB7pzZxRNp/bt+ymiy9/npwXya9KH99nJ/GXFIiUkYGFQ==", "dev": true, + "peer": true, "requires": { - "bl": "^1.0.0", - "buffer-alloc": "^1.2.0", - "end-of-stream": "^1.0.0", - "fs-constants": "^1.0.0", - "readable-stream": "^2.3.0", - "to-buffer": "^1.1.1", - "xtend": "^4.0.0" - }, - "dependencies": { - "readable-stream": { - "version": "2.3.7", - "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.7.tgz", - "integrity": "sha512-Ebho8K4jIbHAxnuxi7o42OrZgF/ZTNcsZj6nRKyUmkhLFq8CHItp/fy6hQZuZmP/n3yZ9VBUbp4zz/mX8hmYPw==", - "dev": true, - "requires": { - "core-util-is": "~1.0.0", - "inherits": "~2.0.3", - "isarray": "~1.0.0", - "process-nextick-args": "~2.0.0", - "safe-buffer": "~5.1.1", - "string_decoder": "~1.1.1", - "util-deprecate": "~1.0.1" - } - }, - "string_decoder": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", - "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==", - "dev": true, - "requires": { - "safe-buffer": "~5.1.0" - } - } + "ansi-escapes": "^4.2.1", + "supports-hyperlinks": "^2.0.0" } }, - "temp-dir": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/temp-dir/-/temp-dir-1.0.0.tgz", - "integrity": "sha1-CnwOom06Oa+n4OvqnB/AvE2qAR0=", - "dev": true - }, - "tempfile": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/tempfile/-/tempfile-2.0.0.tgz", - "integrity": "sha1-awRGhWqbERTRhW/8vlCczLCXcmU=", + "test-exclude": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/test-exclude/-/test-exclude-6.0.0.tgz", + "integrity": "sha512-cAGWPIyOHU6zlmg88jwm7VRyXnMN7iV68OGAbYDk/Mh/xC/pzVPlQtY6ngoIH/5/tciuhGfvESU8GrHrcxD56w==", "dev": true, + "peer": true, "requires": { - "temp-dir": "^1.0.0", - "uuid": "^3.0.1" + "@istanbuljs/schema": "^0.1.2", + "glob": "^7.1.4", + "minimatch": "^3.0.4" } }, "text-table": { @@ -32416,31 +25706,29 @@ "integrity": "sha1-f17oI66AUgfACvLfSoTsP8+lcLQ=", "dev": true }, + "throat": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/throat/-/throat-5.0.0.tgz", + "integrity": "sha512-fcwX4mndzpLQKBS1DVYhGAcYaYt7vsHNIvQV+WXMvnow5cgjPphq5CaayLaGsjRdSCKZFNGt7/GYAuXaNOiYCA==", + "dev": true, + "peer": true + }, "through": { "version": "2.3.8", "resolved": "https://registry.npmjs.org/through/-/through-2.3.8.tgz", "integrity": "sha1-DdTJ/6q8NXlgsbckEV1+Doai4fU=", "dev": true }, - "timed-out": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/timed-out/-/timed-out-4.0.1.tgz", - "integrity": "sha1-8y6srFoXW+ol1/q1Zas+2HQe9W8=", - "dev": true - }, "timers-browserify": { "version": "2.0.12", "resolved": "https://registry.npmjs.org/timers-browserify/-/timers-browserify-2.0.12.tgz", "integrity": "sha512-9phl76Cqm6FhSX9Xe1ZUAMLtm1BLkKj2Qd5ApyWkXzsMRaA7dgr81kf4wJmQf/hAvg8EEyJxDo3du/0KlhPiKQ==", + "dev": true, + "peer": true, "requires": { "setimmediate": "^1.0.4" } }, - "tiny-warning": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/tiny-warning/-/tiny-warning-1.0.3.tgz", - "integrity": "sha512-lBN9zLN/oAf68o3zNXYrdCt1kP8WsiGW8Oo2ka41b2IM5JL/S1CTyX1rW0mb/zSuJun0ZUrDxx4sqvYS2FWzPA==" - }, "tlds": { "version": "1.221.1", "resolved": "https://registry.npmjs.org/tlds/-/tlds-1.221.1.tgz", @@ -32456,27 +25744,32 @@ "os-tmpdir": "~1.0.2" } }, + "tmpl": { + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/tmpl/-/tmpl-1.0.5.tgz", + "integrity": "sha512-3f0uOEAQwIqGuWW2MVzYg8fV/QNnc/IpuJNG837rLuczAaLVHslWHZQj4IGiEl5Hs3kkbhwL9Ab7Hrsmuj+Smw==", + "dev": true, + "peer": true + }, "to-arraybuffer": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/to-arraybuffer/-/to-arraybuffer-1.0.1.tgz", - "integrity": "sha1-fSKbH8xjfkZsoIEYCDanqr/4P0M=" - }, - "to-buffer": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/to-buffer/-/to-buffer-1.1.1.tgz", - "integrity": "sha512-lx9B5iv7msuFYE3dytT+KE5tap+rNYw+K4jVkb9R/asAb+pbBSM17jtunHplhBe6RRJdZx3Pn2Jph24O32mOVg==", - "dev": true + "integrity": "sha1-fSKbH8xjfkZsoIEYCDanqr/4P0M=", + "dev": true, + "peer": true }, "to-fast-properties": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/to-fast-properties/-/to-fast-properties-2.0.0.tgz", - "integrity": "sha1-3F5pjL0HkmW8c+A3doGk5Og/YW4=" + "integrity": "sha1-3F5pjL0HkmW8c+A3doGk5Og/YW4=", + "dev": true }, "to-object-path": { "version": "0.3.0", "resolved": "https://registry.npmjs.org/to-object-path/-/to-object-path-0.3.0.tgz", "integrity": "sha1-KXWIt7Dn4KwI4E5nL4XB9JmeF68=", "dev": true, + "peer": true, "requires": { "kind-of": "^3.0.2" }, @@ -32485,13 +25778,15 @@ "version": "1.1.6", "resolved": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.6.tgz", "integrity": "sha512-NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w==", - "dev": true + "dev": true, + "peer": true }, "kind-of": { "version": "3.2.2", "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", "integrity": "sha1-MeohpzS6ubuw8yRm2JOupR5KPGQ=", "dev": true, + "peer": true, "requires": { "is-buffer": "^1.1.5" } @@ -32503,6 +25798,7 @@ "resolved": "https://registry.npmjs.org/to-regex/-/to-regex-3.0.2.tgz", "integrity": "sha512-FWtleNAtZ/Ki2qtqej2CXTOayOH9bHDQF+Q48VpWyDXjbYxA4Yz8iDB31zXOBUlOHHKidDbqGVrTUvQMPmBGBw==", "dev": true, + "peer": true, "requires": { "define-property": "^2.0.2", "extend-shallow": "^3.0.2", @@ -32514,66 +25810,59 @@ "version": "5.0.1", "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==", + "dev": true, "requires": { "is-number": "^7.0.0" } }, - "to-vfile": { - "version": "6.1.0", - "resolved": "https://registry.npmjs.org/to-vfile/-/to-vfile-6.1.0.tgz", - "integrity": "sha512-BxX8EkCxOAZe+D/ToHdDsJcVI4HqQfmw0tCkp31zf3dNP/XWIAjU4CmeuSwsSoOzOTqHPOL0KUzyZqJplkD0Qw==", - "requires": { - "is-buffer": "^2.0.0", - "vfile": "^4.0.0" - } - }, "toidentifier": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.0.tgz", - "integrity": "sha512-yaOH/Pk/VEhBWWTlhI+qXxDFXlejDGcQipMlyxda9nthulaxLZUNcUqFxokp0vcYnvteJln5FNQDRrxj3YcbVw==" + "integrity": "sha512-yaOH/Pk/VEhBWWTlhI+qXxDFXlejDGcQipMlyxda9nthulaxLZUNcUqFxokp0vcYnvteJln5FNQDRrxj3YcbVw==", + "dev": true, + "peer": true + }, + "tough-cookie": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-4.0.0.tgz", + "integrity": "sha512-tHdtEpQCMrc1YLrMaqXXcj6AxhYi/xgit6mZu1+EDWUn+qhUf8wMQoFIy9NXuq23zAwtcB0t/MjACGR18pcRbg==", + "dev": true, + "peer": true, + "requires": { + "psl": "^1.1.33", + "punycode": "^2.1.1", + "universalify": "^0.1.2" + }, + "dependencies": { + "universalify": { + "version": "0.1.2", + "resolved": "https://registry.npmjs.org/universalify/-/universalify-0.1.2.tgz", + "integrity": "sha512-rBJeI5CXAlmy1pV+617WB9J63U6XcazHHF2f2dbJix4XzpUF0RS3Zbj0FGIOCAva5P/d/GBOYaACQ1w+0azUkg==", + "dev": true, + "peer": true + } + } }, "tr46": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/tr46/-/tr46-1.0.1.tgz", "integrity": "sha1-qLE/1r/SSJUZZ0zN5VujaTtwbQk=", + "dev": true, + "peer": true, "requires": { "punycode": "^2.1.0" } }, - "trim": { - "version": "0.0.1", - "resolved": "https://registry.npmjs.org/trim/-/trim-0.0.1.tgz", - "integrity": "sha1-WFhUf2spB1fulczMZm+1AITEYN0=" - }, "trim-newlines": { "version": "3.0.1", "resolved": "https://registry.npmjs.org/trim-newlines/-/trim-newlines-3.0.1.tgz", "integrity": "sha512-c1PTsA3tYrIsLGkJkzHF+w9F2EyxfXGo4UyJc4pFL++FMjnq0HJS69T3M7d//gKrFKwy429bouPescbjecU+Zw==", "dev": true }, - "trim-repeated": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/trim-repeated/-/trim-repeated-1.0.0.tgz", - "integrity": "sha1-42RqLqTokTEr9+rObPsFOAvAHCE=", - "dev": true, - "requires": { - "escape-string-regexp": "^1.0.2" - } - }, - "trim-trailing-lines": { - "version": "1.1.4", - "resolved": "https://registry.npmjs.org/trim-trailing-lines/-/trim-trailing-lines-1.1.4.tgz", - "integrity": "sha512-rjUWSqnfTNrjbB9NQWfPMH/xRK1deHeGsHoVfpxJ++XeYXE0d6B1En37AHfw3jtfTU7dzMzZL2jjpe8Qb5gLIQ==" - }, "trough": { "version": "1.0.5", "resolved": "https://registry.npmjs.org/trough/-/trough-1.0.5.tgz", - "integrity": "sha512-rvuRbTarPXmMb79SmzEp8aqXNKcK+y0XaB298IXueQ8I2PsrATcPBCSPyK/dDNa2iWOhKlfNnOjdAOTBU/nkFA==" - }, - "tryer": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/tryer/-/tryer-1.0.1.tgz", - "integrity": "sha512-c3zayb8/kWWpycWYg87P71E1S1ZL6b6IJxfb5fvsUgsf0S2MVGaDhDXXjDMpdCpfWXqptc+4mXwmiy1ypXqRAA==", + "integrity": "sha512-rvuRbTarPXmMb79SmzEp8aqXNKcK+y0XaB298IXueQ8I2PsrATcPBCSPyK/dDNa2iWOhKlfNnOjdAOTBU/nkFA==", "dev": true }, "ts-jest": { @@ -32597,7 +25886,9 @@ "ts-pnp": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/ts-pnp/-/ts-pnp-1.2.0.tgz", - "integrity": "sha512-csd+vJOb/gkzvcCHgTGSChYpy5f1/XKNsmvBGO4JXS+z1v2HobugDz4s1IeFXM3wZB44uczs+eazB5Q/ccdhQw==" + "integrity": "sha512-csd+vJOb/gkzvcCHgTGSChYpy5f1/XKNsmvBGO4JXS+z1v2HobugDz4s1IeFXM3wZB44uczs+eazB5Q/ccdhQw==", + "dev": true, + "peer": true }, "tsconfig-paths": { "version": "3.11.0", @@ -32625,7 +25916,8 @@ "tslib": { "version": "1.14.1", "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", - "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==" + "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==", + "dev": true }, "tsutils": { "version": "3.21.0", @@ -32639,16 +25931,9 @@ "tty-browserify": { "version": "0.0.1", "resolved": "https://registry.npmjs.org/tty-browserify/-/tty-browserify-0.0.1.tgz", - "integrity": "sha512-C3TaO7K81YvjCgQH9Q1S3R3P3BtN3RIM8n+OvX4il1K1zgE8ZhI0op7kClgkxtutIE8hQrcrHBXvIheqKUUCxw==" - }, - "tunnel-agent": { - "version": "0.6.0", - "resolved": "https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.6.0.tgz", - "integrity": "sha1-J6XeoGs2sEoKmWZ3SykIaPD8QP0=", + "integrity": "sha512-C3TaO7K81YvjCgQH9Q1S3R3P3BtN3RIM8n+OvX4il1K1zgE8ZhI0op7kClgkxtutIE8hQrcrHBXvIheqKUUCxw==", "dev": true, - "requires": { - "safe-buffer": "^5.0.1" - } + "peer": true }, "type-check": { "version": "0.4.0", @@ -32659,21 +25944,19 @@ "prelude-ls": "^1.2.1" } }, + "type-detect": { + "version": "4.0.8", + "resolved": "https://registry.npmjs.org/type-detect/-/type-detect-4.0.8.tgz", + "integrity": "sha512-0fr/mIH1dlO+x7TlcMy+bIDqKPsw/70tVyeHW787goQjhmqaZe10uwLujubK9q9Lg6Fiho1KUKDYz0Z7k7g5/g==", + "dev": true, + "peer": true + }, "type-fest": { "version": "0.8.1", "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.8.1.tgz", "integrity": "sha512-4dbzIzqvjtgiM5rw1k5rEHtBANKmdudhGyBEajN01fEyhaAIhsoKNy6y7+IN93IfpFtwY9iqi7kD+xwKhQsNJA==", "dev": true }, - "type-is": { - "version": "1.6.18", - "resolved": "https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz", - "integrity": "sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g==", - "requires": { - "media-typer": "0.3.0", - "mime-types": "~2.1.24" - } - }, "typedarray-to-buffer": { "version": "3.1.5", "resolved": "https://registry.npmjs.org/typedarray-to-buffer/-/typedarray-to-buffer-3.1.5.tgz", @@ -32687,17 +25970,14 @@ "version": "4.3.5", "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.3.5.tgz", "integrity": "sha512-DqQgihaQ9cUrskJo9kIyW/+g0Vxsk8cDtZ52a3NGh0YNTfpUSArXSohyUGnvbPazEPLu398C0UxmKSOrPumUzA==", - "dev": true - }, - "ua-parser-js": { - "version": "0.7.28", - "resolved": "https://registry.npmjs.org/ua-parser-js/-/ua-parser-js-0.7.28.tgz", - "integrity": "sha512-6Gurc1n//gjp9eQNXjD9O3M/sMwVtN5S8Lv9bvOYBfKfDNiIIhqiyi01vMBO45u4zkDE420w/e0se7Vs+sIg+g==" + "dev": true, + "peer": true }, "unbox-primitive": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/unbox-primitive/-/unbox-primitive-1.0.1.tgz", "integrity": "sha512-tZU/3NqK3dA5gpE1KtyiJUrEB0lxnGkMFHptJ7q6ewdZ8s12QrODwNbhIJStmJkd1QDXa1NRA8aF2A1zk/Ypyw==", + "dev": true, "requires": { "function-bind": "^1.1.1", "has-bigints": "^1.0.1", @@ -32705,34 +25985,11 @@ "which-boxed-primitive": "^1.0.2" } }, - "unbzip2-stream": { - "version": "1.4.3", - "resolved": "https://registry.npmjs.org/unbzip2-stream/-/unbzip2-stream-1.4.3.tgz", - "integrity": "sha512-mlExGW4w71ebDJviH16lQLtZS32VKqsSfk80GCfUlwT/4/hNRFsoscrF/c++9xinkMzECL1uL9DDwXqFWkruPg==", - "dev": true, - "requires": { - "buffer": "^5.2.1", - "through": "^2.3.8" - } - }, - "unfetch": { - "version": "4.2.0", - "resolved": "https://registry.npmjs.org/unfetch/-/unfetch-4.2.0.tgz", - "integrity": "sha512-F9p7yYCn6cIW9El1zi0HI6vqpeIvBsr3dSuRO6Xuppb1u5rXpCPmMvLSyECLhybr9isec8Ohl0hPekMVrEinDA==" - }, - "unherit": { - "version": "1.1.3", - "resolved": "https://registry.npmjs.org/unherit/-/unherit-1.1.3.tgz", - "integrity": "sha512-Ft16BJcnapDKp0+J/rqFC3Rrk6Y/Ng4nzsC028k2jdDII/rdZ7Wd3pPT/6+vIIxRagwRc9K0IUX0Ra4fKvw+WQ==", - "requires": { - "inherits": "^2.0.0", - "xtend": "^4.0.0" - } - }, "unified": { "version": "9.2.0", "resolved": "https://registry.npmjs.org/unified/-/unified-9.2.0.tgz", "integrity": "sha512-vx2Z0vY+a3YoTj8+pttM3tiJHCwY5UFbYdiWrwBEbHmK8pvsPj2rtAX2BFfgXen8T39CJWblWRDT4L5WGXtDdg==", + "dev": true, "requires": { "bail": "^1.0.0", "extend": "^3.0.0", @@ -32745,7 +26002,8 @@ "is-plain-obj": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-2.1.0.tgz", - "integrity": "sha512-YWnfyRwxL/+SsrWYfOpUtz5b3YD+nyfkHvjbcanzk8zgyO4ASD67uVMRt8k5bM4lLMDnXfriRhOpemw+NfT1eA==" + "integrity": "sha512-YWnfyRwxL/+SsrWYfOpUtz5b3YD+nyfkHvjbcanzk8zgyO4ASD67uVMRt8k5bM4lLMDnXfriRhOpemw+NfT1eA==", + "dev": true } } }, @@ -32754,6 +26012,7 @@ "resolved": "https://registry.npmjs.org/union-value/-/union-value-1.0.1.tgz", "integrity": "sha512-tJfXmxMeWYnczCVs7XAEvIV7ieppALdyepWMkHkwciRpZraG/xwT+s2JN8+pr1+8jCRf80FFzvr+MpQeeoF4Xg==", "dev": true, + "peer": true, "requires": { "arr-union": "^3.1.0", "get-value": "^2.0.6", @@ -32761,19 +26020,6 @@ "set-value": "^2.0.1" } }, - "unist-builder": { - "version": "2.0.3", - "resolved": "https://registry.npmjs.org/unist-builder/-/unist-builder-2.0.3.tgz", - "integrity": "sha512-f98yt5pnlMWlzP539tPc4grGMsFaQQlP/vM396b00jngsiINumNmsY8rkXjfoi1c6QaM8nQ3vaGDuoKWbe/1Uw==" - }, - "unist-util-find-after": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/unist-util-find-after/-/unist-util-find-after-3.0.0.tgz", - "integrity": "sha512-ojlBqfsBftYXExNu3+hHLfJQ/X1jYY/9vdm4yZWjIbf0VuWF6CRufci1ZyoD/wV2TYMKxXUoNuoqwy+CkgzAiQ==", - "requires": { - "unist-util-is": "^4.0.0" - } - }, "unist-util-find-all-after": { "version": "3.0.2", "resolved": "https://registry.npmjs.org/unist-util-find-all-after/-/unist-util-find-all-after-3.0.2.tgz", @@ -32783,78 +26029,21 @@ "unist-util-is": "^4.0.0" } }, - "unist-util-flatmap": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/unist-util-flatmap/-/unist-util-flatmap-1.0.0.tgz", - "integrity": "sha512-IG32jcKJlhARCYT2LsYPJWdoXYkzz3ESAdl1aa2hn9Auh+cgUmU6wgkII4yCc/1GgeWibRdELdCZh/p3QKQ1dQ==" - }, - "unist-util-generated": { - "version": "1.1.6", - "resolved": "https://registry.npmjs.org/unist-util-generated/-/unist-util-generated-1.1.6.tgz", - "integrity": "sha512-cln2Mm1/CZzN5ttGK7vkoGw+RZ8VcUH6BtGbq98DDtRGquAAOXig1mrBQYelOwMXYS8rK+vZDyyojSjp7JX+Lg==" - }, "unist-util-is": { "version": "4.1.0", "resolved": "https://registry.npmjs.org/unist-util-is/-/unist-util-is-4.1.0.tgz", - "integrity": "sha512-ZOQSsnce92GrxSqlnEEseX0gi7GH9zTJZ0p9dtu87WRb/37mMPO2Ilx1s/t9vBHrFhbgweUwb+t7cIn5dxPhZg==" - }, - "unist-util-map": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/unist-util-map/-/unist-util-map-2.0.1.tgz", - "integrity": "sha512-VdNvk4BQUUU9Rgr8iUOvclHa/iN9O+6Dt66FKij8l9OVezGG37gGWCPU5KSax1R2degqXFvl3kWTkvzL79e9tQ==", - "requires": { - "@types/mdast": "^3.0.0", - "object-assign": "^4.0.0" - } - }, - "unist-util-position": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/unist-util-position/-/unist-util-position-3.1.0.tgz", - "integrity": "sha512-w+PkwCbYSFw8vpgWD0v7zRCl1FpY3fjDSQ3/N/wNd9Ffa4gPi8+4keqt99N3XW6F99t/mUzp2xAhNmfKWp95QA==" - }, - "unist-util-remove": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/unist-util-remove/-/unist-util-remove-2.1.0.tgz", - "integrity": "sha512-J8NYPyBm4baYLdCbjmf1bhPu45Cr1MWTm77qd9istEkzWpnN6O9tMsEbB2JhNnBCqGENRqEWomQ+He6au0B27Q==", - "requires": { - "unist-util-is": "^4.0.0" - } - }, - "unist-util-remove-position": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/unist-util-remove-position/-/unist-util-remove-position-2.0.1.tgz", - "integrity": "sha512-fDZsLYIe2uT+oGFnuZmy73K6ZxOPG/Qcm+w7jbEjaFcJgbQ6cqjs/eSPzXhsmGpAsWPkqZM9pYjww5QTn3LHMA==", - "requires": { - "unist-util-visit": "^2.0.0" - } + "integrity": "sha512-ZOQSsnce92GrxSqlnEEseX0gi7GH9zTJZ0p9dtu87WRb/37mMPO2Ilx1s/t9vBHrFhbgweUwb+t7cIn5dxPhZg==", + "dev": true }, "unist-util-stringify-position": { "version": "2.0.3", "resolved": "https://registry.npmjs.org/unist-util-stringify-position/-/unist-util-stringify-position-2.0.3.tgz", "integrity": "sha512-3faScn5I+hy9VleOq/qNbAd6pAx7iH5jYBMS9I1HgQVijz/4mv5Bvw5iw1sC/90CODiKo81G/ps8AJrISn687g==", + "dev": true, "requires": { "@types/unist": "^2.0.2" } }, - "unist-util-visit": { - "version": "2.0.3", - "resolved": "https://registry.npmjs.org/unist-util-visit/-/unist-util-visit-2.0.3.tgz", - "integrity": "sha512-iJ4/RczbJMkD0712mGktuGpm/U4By4FfDonL7N/9tATGIF4imikjOuagyMY53tnZq3NP6BcmlrHhEKAfGWjh7Q==", - "requires": { - "@types/unist": "^2.0.0", - "unist-util-is": "^4.0.0", - "unist-util-visit-parents": "^3.0.0" - } - }, - "unist-util-visit-parents": { - "version": "3.1.1", - "resolved": "https://registry.npmjs.org/unist-util-visit-parents/-/unist-util-visit-parents-3.1.1.tgz", - "integrity": "sha512-1KROIZWo6bcMrZEwiH2UrXDyalAa0uqzWCxCJj6lPOvTve2WkfgCytoDTPaMnodXh1WrXOq0haVYHj99ynJlsg==", - "requires": { - "@types/unist": "^2.0.0", - "unist-util-is": "^4.0.0" - } - }, "universalify": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/universalify/-/universalify-1.0.0.tgz", @@ -32864,19 +26053,16 @@ "unpipe": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz", - "integrity": "sha1-sr9O6FFKrmFltIF4KdIbLvSZBOw=" - }, - "unquote": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/unquote/-/unquote-1.1.1.tgz", - "integrity": "sha1-j97XMk7G6IoP+LkF58CYzcCG1UQ=", - "dev": true + "integrity": "sha1-sr9O6FFKrmFltIF4KdIbLvSZBOw=", + "dev": true, + "peer": true }, "unset-value": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/unset-value/-/unset-value-1.0.0.tgz", "integrity": "sha1-g3aHP30jNRef+x5vw6jtDfyKtVk=", "dev": true, + "peer": true, "requires": { "has-value": "^0.3.1", "isobject": "^3.0.0" @@ -32887,6 +26073,7 @@ "resolved": "https://registry.npmjs.org/has-value/-/has-value-0.3.1.tgz", "integrity": "sha1-ex9YutpiyoJ+wKIHgCVlSEWZXh8=", "dev": true, + "peer": true, "requires": { "get-value": "^2.0.3", "has-values": "^0.1.4", @@ -32898,6 +26085,7 @@ "resolved": "https://registry.npmjs.org/isobject/-/isobject-2.1.0.tgz", "integrity": "sha1-8GVWEJaj8dou9GJy+BXIQNh+DIk=", "dev": true, + "peer": true, "requires": { "isarray": "1.0.0" } @@ -32908,7 +26096,8 @@ "version": "0.1.4", "resolved": "https://registry.npmjs.org/has-values/-/has-values-0.1.4.tgz", "integrity": "sha1-bWHeldkd/Km5oCCJrThL/49it3E=", - "dev": true + "dev": true, + "peer": true } } }, @@ -32925,12 +26114,15 @@ "version": "0.1.0", "resolved": "https://registry.npmjs.org/urix/-/urix-0.1.0.tgz", "integrity": "sha1-2pN/emLiH+wf0Y1Js1wpNQZ6bHI=", - "dev": true + "dev": true, + "peer": true }, "url": { "version": "0.11.0", "resolved": "https://registry.npmjs.org/url/-/url-0.11.0.tgz", "integrity": "sha1-ODjpfPxgUh63PFJajlW/3Z4uKPE=", + "dev": true, + "peer": true, "requires": { "punycode": "1.3.2", "querystring": "0.2.0" @@ -32939,43 +26131,19 @@ "punycode": { "version": "1.3.2", "resolved": "https://registry.npmjs.org/punycode/-/punycode-1.3.2.tgz", - "integrity": "sha1-llOgNvt8HuQjQvIyXM7v6jkmxI0=" + "integrity": "sha1-llOgNvt8HuQjQvIyXM7v6jkmxI0=", + "dev": true, + "peer": true }, "querystring": { "version": "0.2.0", "resolved": "https://registry.npmjs.org/querystring/-/querystring-0.2.0.tgz", - "integrity": "sha1-sgmEkgO7Jd+CDadW50cAWHhSFiA=" + "integrity": "sha1-sgmEkgO7Jd+CDadW50cAWHhSFiA=", + "dev": true, + "peer": true } } }, - "url-loader": { - "version": "1.1.2", - "resolved": "https://registry.npmjs.org/url-loader/-/url-loader-1.1.2.tgz", - "integrity": "sha512-dXHkKmw8FhPqu8asTc1puBfe3TehOCo2+RmOOev5suNCIYBcT626kxiWg1NBVkwc4rO8BGa7gP70W7VXuqHrjg==", - "dev": true, - "requires": { - "loader-utils": "^1.1.0", - "mime": "^2.0.3", - "schema-utils": "^1.0.0" - }, - "dependencies": { - "mime": { - "version": "2.5.2", - "resolved": "https://registry.npmjs.org/mime/-/mime-2.5.2.tgz", - "integrity": "sha512-tqkh47FzKeCPD2PUiPB6pkbMzsCasjxAfC62/Wap5qrUWcb+sFasXUC5I3gYM5iBM8v/Qpn4UK0x+j0iHyFPDg==", - "dev": true - } - } - }, - "url-parse-lax": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/url-parse-lax/-/url-parse-lax-1.0.0.tgz", - "integrity": "sha1-evjzA2Rem9eaJy56FKxovAYJ2nM=", - "dev": true, - "requires": { - "prepend-http": "^1.0.1" - } - }, "url-regex": { "version": "5.0.0", "resolved": "https://registry.npmjs.org/url-regex/-/url-regex-5.0.0.tgz", @@ -32986,46 +26154,19 @@ "tlds": "^1.203.0" } }, - "url-to-options": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/url-to-options/-/url-to-options-1.0.1.tgz", - "integrity": "sha1-FQWgOiiaSMvXpDTvuu7FBV9WM6k=", - "dev": true - }, "use": { "version": "3.1.1", "resolved": "https://registry.npmjs.org/use/-/use-3.1.1.tgz", "integrity": "sha512-cwESVXlO3url9YWlFW/TA9cshCEhtu7IKJ/p5soJ/gGpj7vbvFrAY/eIioQ6Dw23KjZhYgiIo8HOs1nQ2vr/oQ==", - "dev": true - }, - "use-callback-ref": { - "version": "1.2.5", - "resolved": "https://registry.npmjs.org/use-callback-ref/-/use-callback-ref-1.2.5.tgz", - "integrity": "sha512-gN3vgMISAgacF7sqsLPByqoePooY3n2emTH59Ur5d/M8eg4WTWu1xp8i8DHjohftIyEx0S08RiYxbffr4j8Peg==", - "requires": {} - }, - "use-deep-compare-effect": { - "version": "1.8.1", - "resolved": "https://registry.npmjs.org/use-deep-compare-effect/-/use-deep-compare-effect-1.8.1.tgz", - "integrity": "sha512-kbeNVZ9Zkc0RFGpfMN3MNfaKNvcLNyxOAAd9O4CBZ+kCBXXscn9s/4I+8ytUER4RDpEYs5+O6Rs4PqiZ+rHr5Q==", - "requires": { - "@babel/runtime": "^7.12.5", - "dequal": "^2.0.2" - } - }, - "use-sidecar": { - "version": "1.0.5", - "resolved": "https://registry.npmjs.org/use-sidecar/-/use-sidecar-1.0.5.tgz", - "integrity": "sha512-k9jnrjYNwN6xYLj1iaGhonDghfvmeTmYjAiGvOr7clwKfPjMXJf4/HOr7oT5tJwYafgp2tG2l3eZEOfoELiMcA==", - "requires": { - "detect-node-es": "^1.1.0", - "tslib": "^1.9.3" - } + "dev": true, + "peer": true }, "use-subscription": { "version": "1.5.1", "resolved": "https://registry.npmjs.org/use-subscription/-/use-subscription-1.5.1.tgz", "integrity": "sha512-Xv2a1P/yReAjAbhylMfFplFKj9GssgTwN7RlcTxBujFQcloStWNDQdc4g4NRWH9xS4i/FDk04vQBptAXoF3VcA==", + "dev": true, + "peer": true, "requires": { "object-assign": "^4.1.1" } @@ -33034,6 +26175,8 @@ "version": "0.12.4", "resolved": "https://registry.npmjs.org/util/-/util-0.12.4.tgz", "integrity": "sha512-bxZ9qtSlGUWSOy9Qa9Xgk11kSslpuZwaxCg4sNIDj6FLucDab2JxnHwyNTCpHMtK1MjoQiWQ6DiUMZYbSrO+Sw==", + "dev": true, + "peer": true, "requires": { "inherits": "^2.0.3", "is-arguments": "^1.0.4", @@ -33046,29 +26189,7 @@ "util-deprecate": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz", - "integrity": "sha1-RQ1Nyfpw3nMnYvvS1KKJgUGaDM8=" - }, - "util.promisify": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/util.promisify/-/util.promisify-1.0.1.tgz", - "integrity": "sha512-g9JpC/3He3bm38zsLupWryXHoEcS22YHthuPQSJdMy6KNrzIRzWqcsHzD/WUnqe45whVou4VIsPew37DoXWNrA==", - "dev": true, - "requires": { - "define-properties": "^1.1.3", - "es-abstract": "^1.17.2", - "has-symbols": "^1.0.1", - "object.getownpropertydescriptors": "^2.1.0" - } - }, - "utils-merge": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz", - "integrity": "sha1-n5VxD1CiZ5R7LMwSR0HBAoQn5xM=" - }, - "uuid": { - "version": "3.4.0", - "resolved": "https://registry.npmjs.org/uuid/-/uuid-3.4.0.tgz", - "integrity": "sha512-HjSDRw6gZE5JMggctHBcjVak08+KEVhSIiDzFnT9S9aegmp85S/bReBVTb4QTFaRNptJ9kuYaNhnbNEOkbKb/A==", + "integrity": "sha1-RQ1Nyfpw3nMnYvvS1KKJgUGaDM8=", "dev": true }, "v8-compile-cache": { @@ -33077,6 +26198,27 @@ "integrity": "sha512-l8lCEmLcLYZh4nbunNZvQCJc5pv7+RCwa8q/LdUx8u7lsWvPDKmpodJAJNwkAhJC//dFY48KuIEmjtd4RViDrA==", "dev": true }, + "v8-to-istanbul": { + "version": "7.1.2", + "resolved": "https://registry.npmjs.org/v8-to-istanbul/-/v8-to-istanbul-7.1.2.tgz", + "integrity": "sha512-TxNb7YEUwkLXCQYeudi6lgQ/SZrzNO4kMdlqVxaZPUIUjCv6iSSypUQX70kNBSERpQ8fk48+d61FXk+tgqcWow==", + "dev": true, + "peer": true, + "requires": { + "@types/istanbul-lib-coverage": "^2.0.1", + "convert-source-map": "^1.6.0", + "source-map": "^0.7.3" + }, + "dependencies": { + "source-map": { + "version": "0.7.3", + "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.7.3.tgz", + "integrity": "sha512-CkCj6giN3S+n9qrYiBTX5gystlENnRW5jZeNLHpe6aue+SrHcG5VYwujhW9s4dY31mEGsxBDrHR6oI69fTXsaQ==", + "dev": true, + "peer": true + } + } + }, "validate-npm-package-license": { "version": "3.0.4", "resolved": "https://registry.npmjs.org/validate-npm-package-license/-/validate-npm-package-license-3.0.4.tgz", @@ -33087,15 +26229,11 @@ "spdx-expression-parse": "^3.0.0" } }, - "vary": { - "version": "1.1.2", - "resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz", - "integrity": "sha1-IpnwLG3tMNSllhsLn3RSShj2NPw=" - }, "vfile": { "version": "4.2.1", "resolved": "https://registry.npmjs.org/vfile/-/vfile-4.2.1.tgz", "integrity": "sha512-O6AE4OskCG5S1emQ/4gl8zK586RqA3srz3nfK/Viy0UPToBc5Trp9BVFb1u0CjsKrAWwnpr4ifM/KBXPWwJbCA==", + "dev": true, "requires": { "@types/unist": "^2.0.0", "is-buffer": "^2.0.0", @@ -33103,15 +26241,11 @@ "vfile-message": "^2.0.0" } }, - "vfile-location": { - "version": "3.2.0", - "resolved": "https://registry.npmjs.org/vfile-location/-/vfile-location-3.2.0.tgz", - "integrity": "sha512-aLEIZKv/oxuCDZ8lkJGhuhztf/BW4M+iHdCwglA/eWc+vtuRFJj8EtgceYFX4LRjOhCAAiNHsKGssC6onJ+jbA==" - }, "vfile-message": { "version": "2.0.4", "resolved": "https://registry.npmjs.org/vfile-message/-/vfile-message-2.0.4.tgz", "integrity": "sha512-DjssxRGkMvifUOJre00juHoP9DPWuzjxKuMDrhNbk2TdaYYBNMStsNhEOt3idrtI12VQYM/1+iM0KOzXi4pxwQ==", + "dev": true, "requires": { "@types/unist": "^2.0.0", "unist-util-stringify-position": "^2.0.0" @@ -33120,125 +26254,81 @@ "vm-browserify": { "version": "1.1.2", "resolved": "https://registry.npmjs.org/vm-browserify/-/vm-browserify-1.1.2.tgz", - "integrity": "sha512-2ham8XPWTONajOR0ohOKOHXkm3+gaBmGut3SRuu75xLd/RRaY6vqgh8NBYYk7+RW3u5AtzPQZG8F10LHkl0lAQ==" + "integrity": "sha512-2ham8XPWTONajOR0ohOKOHXkm3+gaBmGut3SRuu75xLd/RRaY6vqgh8NBYYk7+RW3u5AtzPQZG8F10LHkl0lAQ==", + "dev": true, + "peer": true + }, + "w3c-hr-time": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/w3c-hr-time/-/w3c-hr-time-1.0.2.tgz", + "integrity": "sha512-z8P5DvDNjKDoFIHK7q8r8lackT6l+jo/Ye3HOle7l9nICP9lf1Ci25fy9vHd0JOWewkIFzXIEig3TdKT7JQ5fQ==", + "dev": true, + "peer": true, + "requires": { + "browser-process-hrtime": "^1.0.0" + } + }, + "w3c-xmlserializer": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/w3c-xmlserializer/-/w3c-xmlserializer-2.0.0.tgz", + "integrity": "sha512-4tzD0mF8iSiMiNs30BiLO3EpfGLZUT2MSX/G+o7ZywDzliWQ3OPtTZ0PTC3B3ca1UAf4cJMHB+2Bf56EriJuRA==", + "dev": true, + "peer": true, + "requires": { + "xml-name-validator": "^3.0.0" + } + }, + "walker": { + "version": "1.0.8", + "resolved": "https://registry.npmjs.org/walker/-/walker-1.0.8.tgz", + "integrity": "sha512-ts/8E8l5b7kY0vlWLewOkDXMmPdLcVV4GmOQLyxuSswIJsweeFZtAsMF7k1Nszz+TYBQrlYRmzOnr398y1JemQ==", + "dev": true, + "peer": true, + "requires": { + "makeerror": "1.0.12" + } }, "watchpack": { "version": "2.1.1", "resolved": "https://registry.npmjs.org/watchpack/-/watchpack-2.1.1.tgz", "integrity": "sha512-Oo7LXCmc1eE1AjyuSBmtC3+Wy4HcV8PxWh2kP6fOl8yTlNS7r0K9l1ao2lrrUza7V39Y3D/BbJgY8VeSlc5JKw==", + "dev": true, + "peer": true, "requires": { "glob-to-regexp": "^0.4.1", "graceful-fs": "^4.1.2" } }, - "web-namespaces": { - "version": "1.1.4", - "resolved": "https://registry.npmjs.org/web-namespaces/-/web-namespaces-1.1.4.tgz", - "integrity": "sha512-wYxSGajtmoP4WxfejAPIr4l0fVh+jeMXZb08wNc0tMg6xsfZXj3cECqIK0G7ZAqUq0PP8WlMDtaOGVBTAWztNw==" - }, "webidl-conversions": { "version": "4.0.2", "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-4.0.2.tgz", - "integrity": "sha512-YQ+BmxuTgd6UXZW3+ICGfyqRyHXVlD5GtQr5+qjiNW7bF0cqrzX500HVXPBOvgXb5YnzDd+h0zqyv61KUD7+Sg==" - }, - "webpack-bundle-analyzer": { - "version": "3.6.1", - "resolved": "https://registry.npmjs.org/webpack-bundle-analyzer/-/webpack-bundle-analyzer-3.6.1.tgz", - "integrity": "sha512-Nfd8HDwfSx1xBwC+P8QMGvHAOITxNBSvu/J/mCJvOwv+G4VWkU7zir9SSenTtyCi0LnVtmsc7G5SZo1uV+bxRw==", + "integrity": "sha512-YQ+BmxuTgd6UXZW3+ICGfyqRyHXVlD5GtQr5+qjiNW7bF0cqrzX500HVXPBOvgXb5YnzDd+h0zqyv61KUD7+Sg==", "dev": true, + "peer": true + }, + "whatwg-encoding": { + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/whatwg-encoding/-/whatwg-encoding-1.0.5.tgz", + "integrity": "sha512-b5lim54JOPN9HtzvK9HFXvBma/rnfFeqsic0hSpjtDbVxR3dJKLc+KB4V6GgiGOvl7CY/KNh8rxSo9DKQrnUEw==", + "dev": true, + "peer": true, "requires": { - "acorn": "^7.1.1", - "acorn-walk": "^7.1.1", - "bfj": "^6.1.1", - "chalk": "^2.4.1", - "commander": "^2.18.0", - "ejs": "^2.6.1", - "express": "^4.16.3", - "filesize": "^3.6.1", - "gzip-size": "^5.0.0", - "lodash": "^4.17.15", - "mkdirp": "^0.5.1", - "opener": "^1.5.1", - "ws": "^6.0.0" - }, - "dependencies": { - "ansi-styles": { - "version": "3.2.1", - "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz", - "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==", - "dev": true, - "requires": { - "color-convert": "^1.9.0" - } - }, - "chalk": { - "version": "2.4.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz", - "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==", - "dev": true, - "requires": { - "ansi-styles": "^3.2.1", - "escape-string-regexp": "^1.0.5", - "supports-color": "^5.3.0" - } - }, - "color-convert": { - "version": "1.9.3", - "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", - "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==", - "dev": true, - "requires": { - "color-name": "1.1.3" - } - }, - "color-name": { - "version": "1.1.3", - "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", - "integrity": "sha1-p9BVi9icQveV3UIyj3QIMcpTvCU=", - "dev": true - }, - "commander": { - "version": "2.20.3", - "resolved": "https://registry.npmjs.org/commander/-/commander-2.20.3.tgz", - "integrity": "sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ==", - "dev": true - }, - "ejs": { - "version": "2.7.4", - "resolved": "https://registry.npmjs.org/ejs/-/ejs-2.7.4.tgz", - "integrity": "sha512-7vmuyh5+kuUyJKePhQfRQBhXV5Ce+RnaeeQArKu1EAMpL3WbgMt5WG6uQZpEVvYSSsxMXRKOewtDk9RaTKXRlA==", - "dev": true - }, - "has-flag": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", - "integrity": "sha1-tdRU3CGZriJWmfNGfloH87lVuv0=", - "dev": true - }, - "mkdirp": { - "version": "0.5.5", - "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.5.tgz", - "integrity": "sha512-NKmAlESf6jMGym1++R0Ra7wvhV+wFW63FaSOFPwRahvea0gMUcGUhVeAg/0BC0wiv9ih5NYPB1Wn1UEI1/L+xQ==", - "dev": true, - "requires": { - "minimist": "^1.2.5" - } - }, - "supports-color": { - "version": "5.5.0", - "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", - "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==", - "dev": true, - "requires": { - "has-flag": "^3.0.0" - } - } + "iconv-lite": "0.4.24" } }, + "whatwg-mimetype": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/whatwg-mimetype/-/whatwg-mimetype-2.3.0.tgz", + "integrity": "sha512-M4yMwr6mAnQz76TbJm914+gPpB/nCwvZbJU28cUD6dR004SAxDLOOSUaB1JDRqLtaOV/vi0IC5lEAGFgrjGv/g==", + "dev": true, + "peer": true + }, "whatwg-url": { "version": "7.1.0", "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-7.1.0.tgz", "integrity": "sha512-WUu7Rg1DroM7oQvGWfOiAK21n74Gg+T4elXEQYkOhtyLeWiJFoOGLXPKI/9gzIie9CtwVLm8wtw6YJdKyxSjeg==", + "dev": true, + "peer": true, "requires": { "lodash.sortby": "^4.7.0", "tr46": "^1.0.1", @@ -33258,6 +26348,7 @@ "version": "1.0.2", "resolved": "https://registry.npmjs.org/which-boxed-primitive/-/which-boxed-primitive-1.0.2.tgz", "integrity": "sha512-bwZdv0AKLpplFY2KZRX6TvyuN7ojjr7lwkg6ml0roIy9YeuSr7JS372qlNW18UQYzgYK9ziGcerWqZOmEn9VNg==", + "dev": true, "requires": { "is-bigint": "^1.0.1", "is-boolean-object": "^1.1.0", @@ -33266,6 +26357,13 @@ "is-symbol": "^1.0.3" } }, + "which-module": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/which-module/-/which-module-2.0.0.tgz", + "integrity": "sha1-2e8H3Od7mQK4o6j6SzHD4/fm6Ho=", + "dev": true, + "peer": true + }, "which-pm-runs": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/which-pm-runs/-/which-pm-runs-1.0.0.tgz", @@ -33276,6 +26374,8 @@ "version": "1.1.4", "resolved": "https://registry.npmjs.org/which-typed-array/-/which-typed-array-1.1.4.tgz", "integrity": "sha512-49E0SpUe90cjpoc7BOJwyPHRqSAd12c10Qm2amdEZrJPCY2NDxaW01zHITrem+rnETY3dwrbH3UUrUwagfCYDA==", + "dev": true, + "peer": true, "requires": { "available-typed-arrays": "^1.0.2", "call-bind": "^1.0.0", @@ -33286,11 +26386,6 @@ "is-typed-array": "^1.1.3" } }, - "wicg-inert": { - "version": "3.1.1", - "resolved": "https://registry.npmjs.org/wicg-inert/-/wicg-inert-3.1.1.tgz", - "integrity": "sha512-PhBaNh8ur9Xm4Ggy4umelwNIP6pPP1bv3EaWaKqfb/QNme2rdLjm7wIInvV4WhxVHhzA4Spgw9qNSqWtB/ca2A==" - }, "word-wrap": { "version": "1.2.3", "resolved": "https://registry.npmjs.org/word-wrap/-/word-wrap-1.2.3.tgz", @@ -33311,7 +26406,8 @@ "wrappy": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", - "integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8=" + "integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8=", + "dev": true }, "write-file-atomic": { "version": "3.0.3", @@ -33325,24 +26421,39 @@ "typedarray-to-buffer": "^3.1.5" } }, - "ws": { - "version": "6.2.2", - "resolved": "https://registry.npmjs.org/ws/-/ws-6.2.2.tgz", - "integrity": "sha512-zmhltoSR8u1cnDsD43TX59mzoMZsLKqUweyYBAIvTngR3shc0W6aOZylZmq/7hqyVxPdi+5Ud2QInblgyE72fw==", + "xml-name-validator": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/xml-name-validator/-/xml-name-validator-3.0.0.tgz", + "integrity": "sha512-A5CUptxDsvxKJEU3yO6DuWBSJz/qizqzJKOMIfUJHETbBw/sFaDxgd6fxm1ewUaM0jZ444Fc5vC5ROYurg/4Pw==", "dev": true, - "requires": { - "async-limiter": "~1.0.0" - } + "peer": true + }, + "xmlchars": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/xmlchars/-/xmlchars-2.2.0.tgz", + "integrity": "sha512-JZnDKK8B0RCDw84FNdDAIpZK+JuJw+s7Lz8nksI7SIuU3UXJJslUthsi+uWBUYOwPFwW7W7PRLRfUKpxjtjFCw==", + "dev": true, + "peer": true }, "xtend": { "version": "4.0.2", "resolved": "https://registry.npmjs.org/xtend/-/xtend-4.0.2.tgz", - "integrity": "sha512-LKYU1iAXJXUgAXn9URjiu+MWhyUXHsvfp7mcuYm9dSUKK0/CjtrUwFAxD82/mCWbtLsGjFIad0wIsod4zrTAEQ==" + "integrity": "sha512-LKYU1iAXJXUgAXn9URjiu+MWhyUXHsvfp7mcuYm9dSUKK0/CjtrUwFAxD82/mCWbtLsGjFIad0wIsod4zrTAEQ==", + "dev": true, + "peer": true + }, + "y18n": { + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/y18n/-/y18n-4.0.3.tgz", + "integrity": "sha512-JKhqTOwSrqNA1NY5lSztJ1GrBiUodLMmIZuLiDaMRJ+itFd+ABVE8XBjOvIWL+rSqNDC74LCSFmlb/U4UZ4hJQ==", + "dev": true, + "peer": true }, "yallist": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", - "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==" + "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==", + "dev": true }, "yaml": { "version": "1.10.2", @@ -33350,31 +26461,104 @@ "integrity": "sha512-r3vXyErRCYJ7wg28yvBY5VSoAF8ZvlcW9/BwUzEtUsjvX/DKs24dIkuwjtuprwJJHsbyUbLApepYTR1BN4uHrg==", "dev": true }, + "yargs": { + "version": "15.4.1", + "resolved": "https://registry.npmjs.org/yargs/-/yargs-15.4.1.tgz", + "integrity": "sha512-aePbxDmcYW++PaqBsJ+HYUFwCdv4LVvdnhBy78E57PIor8/OVvhMrADFFEDh8DHDFRv/O9i3lPhsENjO7QX0+A==", + "dev": true, + "peer": true, + "requires": { + "cliui": "^6.0.0", + "decamelize": "^1.2.0", + "find-up": "^4.1.0", + "get-caller-file": "^2.0.1", + "require-directory": "^2.1.1", + "require-main-filename": "^2.0.0", + "set-blocking": "^2.0.0", + "string-width": "^4.2.0", + "which-module": "^2.0.0", + "y18n": "^4.0.0", + "yargs-parser": "^18.1.2" + }, + "dependencies": { + "find-up": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", + "integrity": "sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw==", + "dev": true, + "peer": true, + "requires": { + "locate-path": "^5.0.0", + "path-exists": "^4.0.0" + } + }, + "locate-path": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", + "integrity": "sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g==", + "dev": true, + "peer": true, + "requires": { + "p-locate": "^4.1.0" + } + }, + "p-limit": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", + "integrity": "sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==", + "dev": true, + "peer": true, + "requires": { + "p-try": "^2.0.0" + } + }, + "p-locate": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", + "integrity": "sha512-R79ZZ/0wAxKGu3oYMlz8jy/kbhsNrS7SKZ7PxEHBgJ5+F2mtFW2fK2cOtBh1cHYkQsbzFV7I+EoRKe6Yt0oK7A==", + "dev": true, + "peer": true, + "requires": { + "p-limit": "^2.2.0" + } + }, + "p-try": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/p-try/-/p-try-2.2.0.tgz", + "integrity": "sha512-R4nPAVTAU0B9D35/Gk3uJf/7XYbQcyohSKdvAxIRSNghFl4e71hVoGnBNQz9cWaXxO2I10KTC+3jMdvvoKw6dQ==", + "dev": true, + "peer": true + }, + "yargs-parser": { + "version": "18.1.3", + "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-18.1.3.tgz", + "integrity": "sha512-o50j0JeToy/4K6OZcaQmW6lyXXKhq7csREXcDwk2omFPJEwUNOVtJKvmDr9EI1fAJZUyZcRF7kxGBWmRXudrCQ==", + "dev": true, + "peer": true, + "requires": { + "camelcase": "^5.0.0", + "decamelize": "^1.2.0" + } + } + } + }, "yargs-parser": { "version": "20.2.9", "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-20.2.9.tgz", "integrity": "sha512-y11nGElTIV+CT3Zv9t7VKl+Q3hTQoT9a1Qzezhhl6Rp21gJ/IVTW7Z3y9EWXhuUBC2Shnf+DX0antecpAwSP8w==", "dev": true }, - "yauzl": { - "version": "2.10.0", - "resolved": "https://registry.npmjs.org/yauzl/-/yauzl-2.10.0.tgz", - "integrity": "sha1-x+sXyT4RLLEIb6bY5R+wZnt5pfk=", - "dev": true, - "requires": { - "buffer-crc32": "~0.2.3", - "fd-slicer": "~1.1.0" - } - }, "yocto-queue": { "version": "0.1.0", "resolved": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz", - "integrity": "sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==" + "integrity": "sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==", + "dev": true }, "zwitch": { "version": "1.0.5", "resolved": "https://registry.npmjs.org/zwitch/-/zwitch-1.0.5.tgz", - "integrity": "sha512-V50KMwwzqJV0NpZIZFwfOD5/lyny3WlSzRiXgA0G7VUnRlqttta1L6UQIHzd6EuBY/cHGfwTIck7w1yH6Q5zUw==" + "integrity": "sha512-V50KMwwzqJV0NpZIZFwfOD5/lyny3WlSzRiXgA0G7VUnRlqttta1L6UQIHzd6EuBY/cHGfwTIck7w1yH6Q5zUw==", + "dev": true } } } diff --git a/website/package.json b/website/package.json index e8067cee0..b01884c91 100644 --- a/website/package.json +++ b/website/package.json @@ -3,67 +3,12 @@ "description": "Description of your website", "version": "0.0.1", "author": "HashiCorp", - "dependencies": { - "@hashicorp/flight-icons": "^1.3.0", - "@hashicorp/mktg-global-styles": "^4.0.0", - "@hashicorp/mktg-logos": "^1.2.0", - "@hashicorp/platform-analytics": "^0.2.0", - "@hashicorp/platform-cms": "^0.3.0", - "@hashicorp/platform-code-highlighting": "^0.1.2", - "@hashicorp/platform-runtime-error-monitoring": "^0.1.0", - "@hashicorp/platform-util": "^0.1.0", - "@hashicorp/react-alert": "^6.0.1", - "@hashicorp/react-alert-banner": "^7.0.1", - "@hashicorp/react-button": "^6.0.1", - "@hashicorp/react-call-to-action": "^4.0.0", - "@hashicorp/react-callouts": "^8.0.1", - "@hashicorp/react-code-block": "^4.1.5", - "@hashicorp/react-consent-manager": "^7.1.0", - "@hashicorp/react-content": "^8.2.0", - "@hashicorp/react-docs-page": "^14.14.0", - "@hashicorp/react-enterprise-alert": "^6.0.1", - "@hashicorp/react-featured-slider": "^5.0.1", - "@hashicorp/react-hashi-stack-menu": "^2.1.2", - "@hashicorp/react-head": "^3.1.2", - "@hashicorp/react-hero": "^8.0.2", - "@hashicorp/react-image": "^4.0.3", - "@hashicorp/react-inline-svg": "^6.0.3", - "@hashicorp/react-learn-callout": "^2.0.1", - "@hashicorp/react-markdown-page": "^1.4.3", - "@hashicorp/react-product-downloads-page": "^2.7.0", - "@hashicorp/react-product-features-list": "^5.0.0", - "@hashicorp/react-search": "^6.1.1", - "@hashicorp/react-section-header": "^5.0.4", - "@hashicorp/react-stepped-feature-list": "^4.0.3", - "@hashicorp/react-subnav": "^9.3.2", - "@hashicorp/react-tabs": "^7.0.1", - "@hashicorp/react-text-split": "^4.0.0", - "@hashicorp/react-text-split-with-code": "^3.3.8", - "@hashicorp/react-text-split-with-image": "^4.2.5", - "@hashicorp/react-use-cases": "^5.0.0", - "@hashicorp/react-vertical-text-block-list": "^7.0.0", - "@reach/dialog": "^0.16.2", - "ci": "^2.1.1", - "framer-motion": "^5.3.3", - "next": "^11.1.2", - "next-mdx-remote": "3.0.1", - "next-remote-watch": "1.0.0", - "nuka-carousel": "4.7.7", - "react": "^17.0.2", - "react-datocms": "^1.6.6", - "react-device-detect": "1.17.0", - "react-dom": "^17.0.2", - "react-player": "^2.9.0" - }, + "dependencies": {}, "devDependencies": { "@hashicorp/platform-cli": "^1.2.0", - "@hashicorp/platform-nextjs-plugin": "^1.0.1", - "@hashicorp/platform-types": "^0.1.1", - "@types/react": "^17.0.3", "dart-linkcheck": "2.0.15", - "husky": "4.3.7", - "prettier": "2.2.1", - "typescript": "^4.3.5" + "husky": "4.3.8", + "prettier": "2.2.1" }, "husky": { "hooks": { @@ -73,14 +18,11 @@ "main": "index.js", "scripts": { "build": "./scripts/website-build.sh", - "dynamic": "NODE_ENV=production next build && next start", - "export": "node --max-old-space-size=4096 ./node_modules/.bin/next export", "format": "next-hashicorp format", "generate:component": "next-hashicorp generate component", "generate:readme": "next-hashicorp markdown-blocks README.md", "lint": "next-hashicorp lint", "start": "./scripts/website-start.sh", - "static": "npm run build && npm run export && cp _redirects out/.", "linkcheck": "linkcheck https://consul.io" }, "engines": { diff --git a/website/pages/404.jsx b/website/pages/404.jsx deleted file mode 100644 index 02e551ae7..000000000 --- a/website/pages/404.jsx +++ /dev/null @@ -1,32 +0,0 @@ -import Link from 'next/link' -import { useEffect } from 'react' - -export default function NotFound() { - useEffect(() => { - if ( - typeof window !== 'undefined' && - typeof window?.analytics?.track === 'function' && - typeof window?.document?.referrer === 'string' && - typeof window?.location?.href === 'string' - ) - window.analytics.track(window.location.href, { - category: '404 Response', - label: window.document.referrer || 'No Referrer', - }) - }, []) - - return ( -
      -

      Page Not Found

      -

      - We‘re sorry but we can‘t find the page you‘re looking - for. -

      -

      - - Back to Home - -

      -
      - ) -} diff --git a/website/pages/_app.js b/website/pages/_app.js deleted file mode 100644 index 6df3e895c..000000000 --- a/website/pages/_app.js +++ /dev/null @@ -1,73 +0,0 @@ -import './style.css' -import '@hashicorp/platform-util/nprogress/style.css' - -import useFathomAnalytics from '@hashicorp/platform-analytics' -import Router from 'next/router' -import Head from 'next/head' -import rivetQuery from '@hashicorp/platform-cms' -import NProgress from '@hashicorp/platform-util/nprogress' -import { ErrorBoundary } from '@hashicorp/platform-runtime-error-monitoring' -import createConsentManager from '@hashicorp/react-consent-manager/loader' -import localConsentManagerServices from 'lib/consent-manager-services' -import useAnchorLinkAnalytics from '@hashicorp/platform-util/anchor-link-analytics' -import HashiHead from '@hashicorp/react-head' -import AlertBanner from '@hashicorp/react-alert-banner' -import alertBannerData, { ALERT_BANNER_ACTIVE } from '../data/alert-banner' -import Error from './_error' -import StandardLayout from 'layouts/standard' - -NProgress({ Router }) -const { ConsentManager } = createConsentManager({ - preset: 'oss', - otherServices: [...localConsentManagerServices], -}) - -export default function App({ Component, pageProps, layoutData }) { - useFathomAnalytics() - useAnchorLinkAnalytics() - - const Layout = Component.layout ?? StandardLayout - - return ( - - - - - {ALERT_BANNER_ACTIVE && ( - - )} - -
      - -
      -       - -       - ) -} - -App.getInitialProps = async ({ Component, ctx }) => { - const layoutQuery = Component.layout - ? Component.layout?.rivetParams ?? null - : StandardLayout.rivetParams - - const layoutData = layoutQuery ? await rivetQuery(layoutQuery) : null - - let pageProps = {} - - if (Component.getInitialProps) { - pageProps = await Component.getInitialProps(ctx) - } - return { pageProps, layoutData } -} diff --git a/website/pages/_document.js b/website/pages/_document.js deleted file mode 100644 index 3d7c07aed..000000000 --- a/website/pages/_document.js +++ /dev/null @@ -1,29 +0,0 @@ -import Document, { Html, Head, Main, NextScript } from 'next/document' -import HashiHead from '@hashicorp/react-head' - -export default class MyDocument extends Document { - static async getInitialProps(ctx) { - const initialProps = await Document.getInitialProps(ctx) - return { ...initialProps } - } - - render() { - return ( - - - - - -
      - - + + + + + + +{{if .ACLsEnabled}} + +{{end}} +{{if .PartitionsEnabled}} + + +{{end}} +{{if .NamespacesEnabled}} + +{{end}} + + + + + + + {{ range .ExtraScripts }} {{ end }} + + + +
      + + diff --git a/agent/uiserver/dist/oidc/callback b/agent/uiserver/dist/oidc/callback new file mode 100644 index 000000000..ad9923478 --- /dev/null +++ b/agent/uiserver/dist/oidc/callback @@ -0,0 +1,19 @@ + + + + + Consul + + + diff --git a/agent/uiserver/dist/robots.txt b/agent/uiserver/dist/robots.txt new file mode 100644 index 000000000..217b42f0e --- /dev/null +++ b/agent/uiserver/dist/robots.txt @@ -0,0 +1,3 @@ +# http://www.robotstxt.org +User-agent: * +Disallow: / diff --git a/agent/uiserver/dist/torii/redirect.html b/agent/uiserver/dist/torii/redirect.html new file mode 100644 index 000000000..b58b7a268 --- /dev/null +++ b/agent/uiserver/dist/torii/redirect.html @@ -0,0 +1,19 @@ + + + + + Torii OAuth Redirect + + + diff --git a/agent/uiserver/redirect_fs.go b/agent/uiserver/redirect_fs.go index 106f00452..3f6a8956d 100644 --- a/agent/uiserver/redirect_fs.go +++ b/agent/uiserver/redirect_fs.go @@ -1,21 +1,23 @@ package uiserver -import "net/http" +import ( + "io/fs" +) -// redirectFS is an http.FS that serves the index.html file for any path that is +// redirectFS is an fs.FS that serves the index.html file for any path that is // not found on the underlying FS. // // TODO: it seems better to actually 404 bad paths or at least redirect them // rather than pretend index.html is everywhere but this is behavior changing // so I don't want to take it on as part of this refactor. type redirectFS struct { - fs http.FileSystem + fs fs.FS } -func (fs *redirectFS) Open(name string) (http.File, error) { +func (fs *redirectFS) Open(name string) (fs.File, error) { file, err := fs.fs.Open(name) if err != nil { - file, err = fs.fs.Open("/index.html") + file, err = fs.fs.Open("index.html") } return file, err } diff --git a/agent/uiserver/uiserver.go b/agent/uiserver/uiserver.go index 8a8bf7d01..7393a6ead 100644 --- a/agent/uiserver/uiserver.go +++ b/agent/uiserver/uiserver.go @@ -2,9 +2,11 @@ package uiserver import ( "bytes" + "embed" "encoding/json" "fmt" - "io/ioutil" + "io" + "io/fs" "net/http" "os" "path" @@ -22,8 +24,11 @@ const ( compiledProviderJSPath = "assets/compiled-metrics-providers.js" ) +//go:embed dist +var dist embed.FS + // Handler is the http.Handler that serves the Consul UI. It may serve from the -// compiled-in AssetFS or from and external dir. It provides a few important +// embedded fs.FS or from an external directory. It provides a few important // transformations on the index.html file and includes a proxy for metrics // backends. type Handler struct { @@ -87,15 +92,20 @@ func (h *Handler) ReloadConfig(newCfg *config.RuntimeConfig) error { func (h *Handler) handleIndex() (http.Handler, error) { cfg := h.getRuntimeConfig() - var fs http.FileSystem + var fsys fs.FS if cfg.UIConfig.Dir == "" { - fs = assetFS() + // strip the dist/ prefix + sub, err := fs.Sub(dist, "dist") + if err != nil { + return nil, err + } + fsys = sub } else { - fs = http.Dir(cfg.UIConfig.Dir) + fsys = os.DirFS(cfg.UIConfig.Dir) } // Render a new index.html with the new config values ready to serve. - buf, info, err := h.renderIndex(cfg, fs) + buf, err := h.renderIndexFile(cfg, fsys) if _, ok := err.(*os.PathError); ok && cfg.UIConfig.Dir != "" { // A Path error indicates that there is no index.html. This could happen if // the user configured their own UI dir and is serving something that is not @@ -105,24 +115,23 @@ func (h *Handler) handleIndex() (http.Handler, error) { // breaking change although quite an edge case. Instead, continue but just // return a 404 response for the index.html and log a warning. h.logger.Warn("ui_config.dir does not contain an index.html. Index templating and redirects to index.html are disabled.") - return http.FileServer(fs), nil + return http.FileServer(http.FS(fsys)), nil } if err != nil { return nil, err } - // Create a new fs that serves the rendered index file or falls back to the + // Create a new fsys that serves the rendered index file or falls back to the // underlying FS. - fs = &bufIndexFS{ - fs: fs, - indexRendered: buf, - indexInfo: info, + fsys = &bufIndexFS{ + fs: fsys, + bufIndex: buf, } // Wrap the buffering FS our redirect FS. This needs to happen later so that // redirected requests for /index.html get served the rendered version not the // original. - return http.FileServer(&redirectFS{fs: fs}), nil + return http.FileServer(http.FS(&redirectFS{fs: fsys})), nil } // getRuntimeConfig is a helper to atomically access the runtime config. @@ -186,33 +195,34 @@ func concatFile(buf *bytes.Buffer, file string) error { return nil } -func (h *Handler) renderIndex(cfg *config.RuntimeConfig, fs http.FileSystem) ([]byte, os.FileInfo, error) { +func (h *Handler) renderIndexFile(cfg *config.RuntimeConfig, fsys fs.FS) (fs.File, error) { // Open the original index.html - f, err := fs.Open("/index.html") + f, err := fsys.Open("index.html") if err != nil { - return nil, nil, err + return nil, err } defer f.Close() - content, err := ioutil.ReadAll(f) + content, err := io.ReadAll(f) if err != nil { - return nil, nil, fmt.Errorf("failed reading index.html: %w", err) + return nil, fmt.Errorf("failed reading index.html: %w", err) } + info, err := f.Stat() if err != nil { - return nil, nil, fmt.Errorf("failed reading metadata for index.html: %w", err) + return nil, fmt.Errorf("failed reading metadata for index.html: %w", err) } // Create template data from the current config. tplData, err := uiTemplateDataFromConfig(cfg) if err != nil { - return nil, nil, fmt.Errorf("failed loading UI config for template: %w", err) + return nil, fmt.Errorf("failed loading UI config for template: %w", err) } // Allow caller to apply additional data transformations if needed. if h.transform != nil { if err := h.transform(tplData); err != nil { - return nil, nil, fmt.Errorf("failed running transform: %w", err) + return nil, fmt.Errorf("failed running transform: %w", err) } } @@ -226,15 +236,16 @@ func (h *Handler) renderIndex(cfg *config.RuntimeConfig, fs http.FileSystem) ([] }, }).Parse(string(content)) if err != nil { - return nil, nil, fmt.Errorf("failed parsing index.html template: %w", err) + return nil, fmt.Errorf("failed parsing index.html template: %w", err) } var buf bytes.Buffer err = tpl.Execute(&buf, tplData) if err != nil { - return nil, nil, fmt.Errorf("failed to render index.html: %w", err) + return nil, fmt.Errorf("failed to render index.html: %w", err) } - return buf.Bytes(), info, nil + file := newBufferedFile(&buf, info) + return file, nil } diff --git a/build-support/docker/Build-Go.dockerfile b/build-support/docker/Build-Go.dockerfile index 21f508502..52512a1df 100644 --- a/build-support/docker/Build-Go.dockerfile +++ b/build-support/docker/Build-Go.dockerfile @@ -1,7 +1,4 @@ ARG GOLANG_VERSION=1.18.1 FROM golang:${GOLANG_VERSION} -RUN go install github.com/elazarl/go-bindata-assetfs/go-bindata-assetfs@master -RUN go install github.com/hashicorp/go-bindata/go-bindata@master - WORKDIR /consul diff --git a/build-support/functions/20-build.sh b/build-support/functions/20-build.sh index c2452bae4..dee61aea1 100644 --- a/build-support/functions/20-build.sh +++ b/build-support/functions/20-build.sh @@ -139,59 +139,14 @@ function build_ui { # Copy UI over ready to be packaged into the binary if test ${ret} -eq 0 then - rm -rf ${1}/pkg/web_ui - mkdir -p ${1}/pkg - cp -r ${1}/ui/dist ${1}/pkg/web_ui + rm -rf ${1}/agent/uiserver/dist + cp -r ${1}/ui/dist ${1}/agent/uiserver/ fi popd > /dev/null return $ret } -function build_assetfs { - # Arguments: - # $1 - Path to the top level Consul source - # $2 - The docker image to run the build within (optional) - # - # Returns: - # 0 - success - # * - error - # - # Note: - # The GIT_COMMIT and GIT_DIRTY environment variables will be used if present - - if ! test -d "$1" - then - err "ERROR: '$1' is not a directory. build_assetfs must be called with the path to the top level source as the first argument'" - return 1 - fi - - local sdir="$1" - local image_name=${GO_BUILD_CONTAINER_DEFAULT} - if test -n "$2" - then - image_name="$2" - fi - - pushd ${sdir} > /dev/null - status "Creating the Go Build Container with image: ${image_name}" - local container_id=$(docker create -it -e GIT_COMMIT=${GIT_COMMIT} -e GIT_DIRTY=${GIT_DIRTY} ${image_name} make static-assets ASSETFS_PATH=bindata_assetfs.go) - local ret=$? - if test $ret -eq 0 - then - status "Copying the sources from '${sdir}/(pkg/web_ui|GNUmakefile)' to /consul/pkg" - ( - tar -c pkg/web_ui GNUmakefile | docker cp - ${container_id}:/consul && - status "Running build in container" && docker start -i ${container_id} && - status "Copying back artifacts" && docker cp ${container_id}:/consul/bindata_assetfs.go ${sdir}/agent/uiserver/bindata_assetfs.go - ) - ret=$? - docker rm ${container_id} > /dev/null - fi - popd >/dev/null - return $ret -} - function build_consul_post { # Arguments # $1 - Path to the top level Consul source diff --git a/build-support/functions/30-release.sh b/build-support/functions/30-release.sh index 37135f48e..f5c7c5e23 100644 --- a/build-support/functions/30-release.sh +++ b/build-support/functions/30-release.sh @@ -465,25 +465,17 @@ function build_release { err "ERROR: Failed to build the ui" return 1 fi - status "UI Built with Version: $(ui_version "${sdir}/pkg/web_ui/index.html")" - - status_stage "==> Building Static Assets for version ${vers}" - build_assetfs "${sdir}" "${GO_BUILD_TAG}" - if test $? -ne 0 - then - err "ERROR: Failed to build the static assets" - return 1 - fi - + if is_set "${do_tag}" then - git add "${sdir}/agent/uiserver/bindata_assetfs.go" + git add "${sdir}/agent/uiserver/dist" if test $? -ne 0 then - err "ERROR: Failed to git add the assetfs file" + err "ERROR: Failed to git add /agent/uiserver/dist directory" return 1 fi fi + status "UI Built with Version: $(ui_version "${sdir}/agent/uiserver/dist/index.html")" fi if is_set "${do_tag}" diff --git a/build-support/scripts/build-docker.sh b/build-support/scripts/build-docker.sh index 83aa3f1cc..5600a78bf 100755 --- a/build-support/scripts/build-docker.sh +++ b/build-support/scripts/build-docker.sh @@ -9,7 +9,7 @@ source "${SCRIPT_DIR}/functions.sh" function usage { cat <<-EOF -Usage: ${SCRIPT_NAME} (consul|ui|static-assets) [] +Usage: ${SCRIPT_NAME} (consul|ui) [] Description: This script will build the various Consul components within docker containers @@ -76,7 +76,7 @@ function main { refresh=1 shift ;; - consul | ui | static-assets ) + consul | ui ) command="$1" shift ;; @@ -104,16 +104,6 @@ function main { status_stage "==> Building Consul" build_consul "${sdir}" "" "${image}" || return 1 ;; - static-assets ) - if is_set "${refresh}" - then - status_stage "==> Refreshing Consul build container image" - export GO_BUILD_TAG="${image:-${GO_BUILD_CONTAINER_DEFAULT}}" - refresh_docker_images "${sdir}" go-build-image || return 1 - fi - status_stage "==> Building Static Assets" - build_assetfs "${sdir}" "${image}" || return 1 - ;; ui ) if is_set "${refresh}" then @@ -123,7 +113,7 @@ function main { fi status_stage "==> Building UI" build_ui "${sdir}" "${image}" || return 1 - status "==> UI Built with Version: $(ui_version ${sdir}/pkg/web_ui/index.html), Logo: $(ui_logo_type ${sdir}/pkg/web_ui/index.html)" + status "==> UI Built with Version: $(ui_version ${sdir}/agent/uiserver/dist/index.html), Logo: $(ui_logo_type ${sdir}/agent/uiserver/dist/index.html)" ;; * ) err_usage "ERROR: Unknown command: '${command}'" diff --git a/build-support/scripts/devtools.sh b/build-support/scripts/devtools.sh index 0f3aeb691..4ab5ba39d 100644 --- a/build-support/scripts/devtools.sh +++ b/build-support/scripts/devtools.sh @@ -21,7 +21,6 @@ Description: Options: -protobuf Just install tools for protobuf. -lint Just install tools for linting. - -bindata Just install tools for static assets. -h | --help Print this help text. EOF } @@ -40,10 +39,6 @@ function main { proto_tools_install return 0 ;; - -bindata ) - bindata_install - return 0 - ;; -lint ) lint_install return 0 @@ -132,16 +127,6 @@ function lint_install { 'github.com/golangci/golangci-lint/cmd/golangci-lint' } -function bindata_install { - install_unversioned_tool \ - 'go-bindata' \ - 'github.com/hashicorp/go-bindata/go-bindata@bf7910a' - - install_unversioned_tool \ - 'go-bindata-assetfs' \ - 'github.com/elazarl/go-bindata-assetfs/go-bindata-assetfs@38087fe' -} - function tools_install { local mockery_version @@ -154,7 +139,6 @@ function tools_install { 'github.com/vektra/mockery/v2' lint_install - bindata_install proto_tools_install return 0 diff --git a/build-support/scripts/release.sh b/build-support/scripts/release.sh index ca1ccbd2e..cd0a7c1ce 100755 --- a/build-support/scripts/release.sh +++ b/build-support/scripts/release.sh @@ -20,7 +20,7 @@ Description: * Update version/version*.go files * Update CHANGELOG.md to put things into release mode * Create a release commit. It changes in the commit include the CHANGELOG.md - version files and the assetfs. + version files. * Tag the release * Generate the SHA256SUMS file for the binaries * Sign the SHA256SUMS file with a GPG key @@ -35,7 +35,7 @@ Options: release mode Defaults to 1. - -b | --build BOOL Whether to perform the build of the ui's, assetfs and + -b | --build BOOL Whether to perform the build of the ui's and binaries. Defaults to 1. -S | --sign BOOL Whether to sign the generated SHA256SUMS file. diff --git a/go.mod b/go.mod index 9f4e69c00..96f2f8478 100644 --- a/go.mod +++ b/go.mod @@ -17,7 +17,6 @@ require ( github.com/coredns/coredns v1.1.2 github.com/coreos/go-oidc v2.1.0+incompatible github.com/docker/go-connections v0.3.0 - github.com/elazarl/go-bindata-assetfs v0.0.0-20160803192304-e1a2a7ec64b0 github.com/envoyproxy/go-control-plane v0.10.1 github.com/fsnotify/fsnotify v1.5.1 github.com/golang/protobuf v1.5.0 diff --git a/go.sum b/go.sum index 4d684567b..7467ff229 100644 --- a/go.sum +++ b/go.sum @@ -159,8 +159,6 @@ github.com/docker/go-connections v0.3.0 h1:3lOnM9cSzgGwx8VfK/NGOW5fLQ0GjIlCkaktF github.com/docker/go-connections v0.3.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec= github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM= github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= -github.com/elazarl/go-bindata-assetfs v0.0.0-20160803192304-e1a2a7ec64b0 h1:ZoRgc53qJCfSLimXqJDrmBhnt5GChDsExMCK7t48o0Y= -github.com/elazarl/go-bindata-assetfs v0.0.0-20160803192304-e1a2a7ec64b0/go.mod h1:v+YaWX3bdea5J/mo8dSETolEo7R71Vk1u8bnjau5yw4= github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= From d4a04457e1dc690b6aaa70f01555ae8f52883de1 Mon Sep 17 00:00:00 2001 From: Dhia Ayachi Date: Tue, 31 May 2022 16:20:12 -0400 Subject: [PATCH 424/785] update gateway-services table with endpoints (#13217) * update gateway-services table with endpoints * fix failing test * remove unneeded config in test * rename "endpoint" to "destination" * more endpoint renaming to destination in tests * update isDestination based on service-defaults config entry creation * use a 3 state kind to be able to set the kind to unknown (when neither a service or a destination exist) * set unknown state to empty to avoid modifying alot of tests * fix logic to set the kind correctly on CRUD * fix failing tests * add missing tests and fix service delete * fix failing test * Apply suggestions from code review Co-authored-by: Dan Stough * fix a bug with kind and add relevant test * fix compile error * fix failing tests * add kind to clone * fix failing tests * fix failing tests in catalog endpoint * fix service dump test * Apply suggestions from code review Co-authored-by: Dan Stough * remove duplicate tests * rename consts and fix kind when no destination is defined in the service-defaults. * rename Kind to ServiceKind and change switch to use .(type) Co-authored-by: Dan Stough --- agent/consul/catalog_endpoint_test.go | 5 + agent/consul/internal_endpoint_test.go | 2 + agent/consul/state/catalog.go | 124 +++++- agent/consul/state/catalog_events_test.go | 110 +++++ agent/consul/state/catalog_test.go | 30 +- agent/consul/state/config_entry.go | 42 ++ agent/consul/state/config_entry_test.go | 493 +++++++++++++++++++++- agent/structs/config_entry.go | 20 +- agent/structs/config_entry_gateways.go | 27 +- agent/structs/config_entry_test.go | 42 +- api/config_entry.go | 6 +- api/config_entry_test.go | 16 +- command/config/write/config_write_test.go | 12 +- 13 files changed, 858 insertions(+), 71 deletions(-) diff --git a/agent/consul/catalog_endpoint_test.go b/agent/consul/catalog_endpoint_test.go index 78ac4c36b..67929575a 100644 --- a/agent/consul/catalog_endpoint_test.go +++ b/agent/consul/catalog_endpoint_test.go @@ -3054,6 +3054,7 @@ func TestCatalog_GatewayServices_TerminatingGateway(t *testing.T) { CertFile: "api/client.crt", KeyFile: "api/client.key", SNI: "my-domain", + ServiceKind: structs.GatewayServiceKindService, }, { Service: structs.NewServiceName("db", nil), @@ -3062,6 +3063,7 @@ func TestCatalog_GatewayServices_TerminatingGateway(t *testing.T) { CAFile: "", CertFile: "", KeyFile: "", + ServiceKind: structs.GatewayServiceKindService, }, { Service: structs.NewServiceName("redis", nil), @@ -3206,6 +3208,7 @@ func TestCatalog_GatewayServices_BothGateways(t *testing.T) { Service: structs.NewServiceName("api", nil), Gateway: structs.NewServiceName("gateway", nil), GatewayKind: structs.ServiceKindTerminatingGateway, + ServiceKind: structs.GatewayServiceKindService, }, } @@ -3428,11 +3431,13 @@ service "gateway" { Service: structs.NewServiceName("db", nil), Gateway: structs.NewServiceName("gateway", nil), GatewayKind: structs.ServiceKindTerminatingGateway, + ServiceKind: structs.GatewayServiceKindService, }, { Service: structs.NewServiceName("db_replica", nil), Gateway: structs.NewServiceName("gateway", nil), GatewayKind: structs.ServiceKindTerminatingGateway, + ServiceKind: structs.GatewayServiceKindUnknown, }, } diff --git a/agent/consul/internal_endpoint_test.go b/agent/consul/internal_endpoint_test.go index 07cc8587c..9354b4f66 100644 --- a/agent/consul/internal_endpoint_test.go +++ b/agent/consul/internal_endpoint_test.go @@ -1122,6 +1122,7 @@ func TestInternal_GatewayServiceDump_Terminating(t *testing.T) { Gateway: structs.NewServiceName("terminating-gateway", nil), Service: structs.NewServiceName("db", nil), GatewayKind: "terminating-gateway", + ServiceKind: structs.GatewayServiceKindService, }, }, { @@ -1155,6 +1156,7 @@ func TestInternal_GatewayServiceDump_Terminating(t *testing.T) { Gateway: structs.NewServiceName("terminating-gateway", nil), Service: structs.NewServiceName("db", nil), GatewayKind: "terminating-gateway", + ServiceKind: structs.GatewayServiceKindService, }, }, { diff --git a/agent/consul/state/catalog.go b/agent/consul/state/catalog.go index 255bd9bf0..ae16267e4 100644 --- a/agent/consul/state/catalog.go +++ b/agent/consul/state/catalog.go @@ -846,9 +846,16 @@ func ensureServiceTxn(tx WriteTxn, idx uint64, node string, preserveIndexes bool } if svc.PeerName == "" { - // Check if this service is covered by a gateway's wildcard specifier - if err = checkGatewayWildcardsAndUpdate(tx, idx, svc); err != nil { - return fmt.Errorf("failed updating gateway mapping: %s", err) + // Do not associate non-typical services with gateways or consul services + if svc.Kind == structs.ServiceKindTypical && svc.Service != "consul" { + // Check if this service is covered by a gateway's wildcard specifier, we force the service kind to a gateway-service here as that take precedence + sn := structs.NewServiceName(svc.Service, &svc.EnterpriseMeta) + if err = checkGatewayWildcardsAndUpdate(tx, idx, &sn, structs.GatewayServiceKindService); err != nil { + return fmt.Errorf("failed updating gateway mapping: %s", err) + } + if err = checkGatewayAndUpdate(tx, idx, &sn, structs.GatewayServiceKindService); err != nil { + return fmt.Errorf("failed updating gateway mapping: %s", err) + } } } if err := upsertKindServiceName(tx, idx, svc.Kind, svc.CompoundServiceName()); err != nil { @@ -3484,6 +3491,10 @@ func terminatingConfigGatewayServices( var gatewayServices structs.GatewayServices for _, svc := range entry.Services { + kind, err := GatewayServiceKind(tx, svc.Name, &svc.EnterpriseMeta) + if err != nil { + return false, nil, fmt.Errorf("failed to get gateway service kind for service %s: %v", svc.Name, err) + } mapping := &structs.GatewayService{ Gateway: gateway, Service: structs.NewServiceName(svc.Name, &svc.EnterpriseMeta), @@ -3492,6 +3503,7 @@ func terminatingConfigGatewayServices( CertFile: svc.CertFile, CAFile: svc.CAFile, SNI: svc.SNI, + ServiceKind: kind, } gatewayServices = append(gatewayServices, mapping) @@ -3499,6 +3511,34 @@ func terminatingConfigGatewayServices( return false, gatewayServices, nil } +func GatewayServiceKind(tx ReadTxn, name string, entMeta *acl.EnterpriseMeta) (structs.GatewayServiceKind, error) { + serviceIter, err := tx.First(tableServices, indexService, Query{ + Value: name, + EnterpriseMeta: *entMeta, + }) + if err != nil { + return structs.GatewayServiceKindUnknown, err + } + if serviceIter != nil { + return structs.GatewayServiceKindService, err + } + + _, entry, err := configEntryTxn(tx, nil, structs.ServiceDefaults, name, entMeta) + if err != nil { + return structs.GatewayServiceKindUnknown, err + } + if entry != nil { + sd, ok := entry.(*structs.ServiceConfigEntry) + if !ok { + return structs.GatewayServiceKindUnknown, fmt.Errorf("invalid config entry type %T", entry) + } + if sd.Destination != nil { + return structs.GatewayServiceKindDestination, nil + } + } + return structs.GatewayServiceKindUnknown, nil +} + // updateGatewayNamespace is used to target all services within a namespace func updateGatewayNamespace(tx WriteTxn, idx uint64, service *structs.GatewayService, entMeta *acl.EnterpriseMeta) error { if entMeta == nil { @@ -3539,6 +3579,41 @@ func updateGatewayNamespace(tx WriteTxn, idx uint64, service *structs.GatewaySer return err } } + entries, err := tx.Get(tableConfigEntries, indexID+"_prefix", ConfigEntryKindQuery{Kind: structs.ServiceDefaults, EnterpriseMeta: *entMeta}) + if err != nil { + return fmt.Errorf("failed querying entries: %s", err) + } + for entry := entries.Next(); entry != nil; entry = entries.Next() { + e := entry.(*structs.ServiceConfigEntry) + if e.Destination == nil { + continue + } + + sn := structs.ServiceName{ + Name: e.Name, + EnterpriseMeta: e.EnterpriseMeta, + } + existing, err := tx.First(tableGatewayServices, indexID, service.Gateway, sn, service.Port) + if err != nil { + return fmt.Errorf("gateway service lookup failed: %s", err) + } + if existing != nil { + // If there's an existing service associated with this gateway then we skip it. + // This means the service was specified on its own, and the service entry overrides the wildcard entry. + continue + } + + mapping := service.Clone() + + mapping.Service = structs.NewServiceName(e.Name, &service.Service.EnterpriseMeta) + mapping.ServiceKind = structs.GatewayServiceKindDestination + mapping.FromWildcard = true + + err = updateGatewayService(tx, idx, mapping) + if err != nil { + return err + } + } // Also store a mapping for the wildcard so that the TLS creds can be pulled // for new services registered in its namespace @@ -3586,16 +3661,11 @@ func updateGatewayService(tx WriteTxn, idx uint64, mapping *structs.GatewayServi // checkWildcardForGatewaysAndUpdate checks whether a service matches a // wildcard definition in gateway config entries and if so adds it the the // gateway-services table. -func checkGatewayWildcardsAndUpdate(tx WriteTxn, idx uint64, svc *structs.NodeService) error { - // Do not associate non-typical services with gateways or consul services - if svc.Kind != structs.ServiceKindTypical || svc.Service == "consul" { - return nil - } - +func checkGatewayWildcardsAndUpdate(tx WriteTxn, idx uint64, svc *structs.ServiceName, kind structs.GatewayServiceKind) error { sn := structs.ServiceName{Name: structs.WildcardSpecifier, EnterpriseMeta: svc.EnterpriseMeta} svcGateways, err := tx.Get(tableGatewayServices, indexService, sn) if err != nil { - return fmt.Errorf("failed gateway lookup for %q: %s", svc.Service, err) + return fmt.Errorf("failed gateway lookup for %q: %s", svc.Name, err) } for service := svcGateways.Next(); service != nil; service = svcGateways.Next() { if wildcardSvc, ok := service.(*structs.GatewayService); ok && wildcardSvc != nil { @@ -3603,8 +3673,9 @@ func checkGatewayWildcardsAndUpdate(tx WriteTxn, idx uint64, svc *structs.NodeSe // Copy the wildcard mapping and modify it gatewaySvc := wildcardSvc.Clone() - gatewaySvc.Service = structs.NewServiceName(svc.Service, &svc.EnterpriseMeta) + gatewaySvc.Service = structs.NewServiceName(svc.Name, &svc.EnterpriseMeta) gatewaySvc.FromWildcard = true + gatewaySvc.ServiceKind = kind if err = updateGatewayService(tx, idx, gatewaySvc); err != nil { return fmt.Errorf("Failed to associate service %q with gateway %q", gatewaySvc.Service.String(), gatewaySvc.Gateway.String()) @@ -3614,6 +3685,31 @@ func checkGatewayWildcardsAndUpdate(tx WriteTxn, idx uint64, svc *structs.NodeSe return nil } +// checkGatewayAndUpdate checks whether a service matches a +// wildcard definition in gateway config entries and if so adds it the the +// gateway-services table. +func checkGatewayAndUpdate(tx WriteTxn, idx uint64, svc *structs.ServiceName, kind structs.GatewayServiceKind) error { + sn := structs.ServiceName{Name: svc.Name, EnterpriseMeta: svc.EnterpriseMeta} + svcGateways, err := tx.First(tableGatewayServices, indexService, sn) + if err != nil { + return fmt.Errorf("failed gateway lookup for %q: %s", svc.Name, err) + } + + if service, ok := svcGateways.(*structs.GatewayService); ok && service != nil { + // Copy the wildcard mapping and modify it + gatewaySvc := service.Clone() + + gatewaySvc.Service = structs.NewServiceName(svc.Name, &svc.EnterpriseMeta) + gatewaySvc.ServiceKind = kind + + if err = updateGatewayService(tx, idx, gatewaySvc); err != nil { + return fmt.Errorf("Failed to associate service %q with gateway %q", gatewaySvc.Service.String(), gatewaySvc.Gateway.String()) + } + } + + return nil +} + func cleanupGatewayWildcards(tx WriteTxn, idx uint64, svc *structs.ServiceNode) error { // Clean up association between service name and gateways if needed sn := structs.ServiceName{Name: svc.ServiceName, EnterpriseMeta: svc.EnterpriseMeta} @@ -3644,6 +3740,12 @@ func cleanupGatewayWildcards(tx WriteTxn, idx uint64, svc *structs.ServiceNode) if err := deleteGatewayServiceTopologyMapping(tx, idx, m); err != nil { return fmt.Errorf("failed to reconcile mesh topology for gateway: %v", err) } + } else { + kind, err := GatewayServiceKind(tx, m.Service.Name, &m.Service.EnterpriseMeta) + if err != nil { + return fmt.Errorf("failed to get gateway service kind for service %s: %v", svc.ServiceName, err) + } + checkGatewayAndUpdate(tx, idx, &structs.ServiceName{Name: m.Service.Name, EnterpriseMeta: m.Service.EnterpriseMeta}, kind) } } return nil diff --git a/agent/consul/state/catalog_events_test.go b/agent/consul/state/catalog_events_test.go index 0b455543e..129b834b8 100644 --- a/agent/consul/state/catalog_events_test.go +++ b/agent/consul/state/catalog_events_test.go @@ -1473,6 +1473,18 @@ func TestServiceHealthEventsFromChanges(t *testing.T) { }, WantEvents: []stream.Event{ testServiceHealthEvent(t, "srv1", evNodeUnchanged), + testServiceHealthDeregistrationEvent(t, + "tgate1", + evConnectTopic, + evServiceTermingGateway("srv1"), + evTerminatingGatewayVirtualIPs("srv1"), + ), + testServiceHealthEvent(t, + "tgate1", + evConnectTopic, + evNodeUnchanged, + evServiceUnchanged, + evServiceTermingGateway("srv1")), }, }) run(t, eventsTestCase{ @@ -1505,6 +1517,18 @@ func TestServiceHealthEventsFromChanges(t *testing.T) { }, WantEvents: []stream.Event{ testServiceHealthDeregistrationEvent(t, "srv1"), + testServiceHealthDeregistrationEvent(t, + "tgate1", + evConnectTopic, + evServiceTermingGateway("srv1"), + evTerminatingGatewayVirtualIPs("srv1"), + ), + testServiceHealthEvent(t, + "tgate1", + evConnectTopic, + evNodeUnchanged, + evServiceUnchanged, + evServiceTermingGateway("srv1")), }, }) run(t, eventsTestCase{ @@ -1625,6 +1649,92 @@ func TestServiceHealthEventsFromChanges(t *testing.T) { evTerminatingGatewayVirtualIPs("srv1", "srv2")), }, }) + run(t, eventsTestCase{ + Name: "terminating gateway destination service-defaults", + Setup: func(s *Store, tx *txn) error { + configEntry := &structs.TerminatingGatewayConfigEntry{ + Kind: structs.TerminatingGateway, + Name: "tgate1", + Services: []structs.LinkedService{ + { + Name: "destination1", + EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(), + }, + }, + EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(), + } + err := ensureConfigEntryTxn(tx, tx.Index, configEntry) + if err != nil { + return err + } + return s.ensureRegistrationTxn(tx, tx.Index, false, + testServiceRegistration(t, "tgate1", regTerminatingGateway), false) + }, + Mutate: func(s *Store, tx *txn) error { + configEntryDest := &structs.ServiceConfigEntry{ + Kind: structs.ServiceDefaults, + Name: "destination1", + Destination: &structs.DestinationConfig{Port: 9000, Address: "kafka.test.com"}, + } + return ensureConfigEntryTxn(tx, tx.Index, configEntryDest) + }, + WantEvents: []stream.Event{ + testServiceHealthDeregistrationEvent(t, + "tgate1", + evConnectTopic, + evServiceTermingGateway("destination1"), + evTerminatingGatewayVirtualIPs("destination1")), + testServiceHealthEvent(t, + "tgate1", + evConnectTopic, + evNodeUnchanged, + evServiceUnchanged, + evServiceTermingGateway("destination1"), + evTerminatingGatewayVirtualIPs("destination1"), + ), + }, + }) + + run(t, eventsTestCase{ + Name: "terminating gateway destination service-defaults wildcard", + Setup: func(s *Store, tx *txn) error { + configEntry := &structs.TerminatingGatewayConfigEntry{ + Kind: structs.TerminatingGateway, + Name: "tgate1", + Services: []structs.LinkedService{ + { + Name: "*", + EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(), + }, + }, + EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(), + } + err := ensureConfigEntryTxn(tx, tx.Index, configEntry) + if err != nil { + return err + } + return s.ensureRegistrationTxn(tx, tx.Index, false, + testServiceRegistration(t, "tgate1", regTerminatingGateway), false) + }, + Mutate: func(s *Store, tx *txn) error { + configEntryDest := &structs.ServiceConfigEntry{ + Kind: structs.ServiceDefaults, + Name: "destination1", + Destination: &structs.DestinationConfig{Port: 9000, Address: "kafka.test.com"}, + } + return ensureConfigEntryTxn(tx, tx.Index, configEntryDest) + }, + WantEvents: []stream.Event{ + testServiceHealthEvent(t, + "tgate1", + evConnectTopic, + evNodeUnchanged, + evServiceUnchanged, + evServiceTermingGateway("destination1"), + evTerminatingGatewayVirtualIPs("*"), + ), + }, + }) } func (tc eventsTestCase) run(t *testing.T) { diff --git a/agent/consul/state/catalog_test.go b/agent/consul/state/catalog_test.go index fb7167437..b48e0a04d 100644 --- a/agent/consul/state/catalog_test.go +++ b/agent/consul/state/catalog_test.go @@ -5038,6 +5038,7 @@ func TestStateStore_GatewayServices_Terminating(t *testing.T) { CreateIndex: 21, ModifyIndex: 21, }, + ServiceKind: structs.GatewayServiceKindService, }, { Service: structs.NewServiceName("db", nil), @@ -5047,6 +5048,7 @@ func TestStateStore_GatewayServices_Terminating(t *testing.T) { CreateIndex: 21, ModifyIndex: 21, }, + ServiceKind: structs.GatewayServiceKindService, }, } assert.Equal(t, expect, out) @@ -5080,6 +5082,7 @@ func TestStateStore_GatewayServices_Terminating(t *testing.T) { CreateIndex: 21, ModifyIndex: 21, }, + ServiceKind: structs.GatewayServiceKindService, }, { Service: structs.NewServiceName("db", nil), @@ -5089,6 +5092,7 @@ func TestStateStore_GatewayServices_Terminating(t *testing.T) { CreateIndex: 21, ModifyIndex: 21, }, + ServiceKind: structs.GatewayServiceKindService, }, } assert.Equal(t, expect, out) @@ -5139,6 +5143,7 @@ func TestStateStore_GatewayServices_Terminating(t *testing.T) { CreateIndex: 22, ModifyIndex: 22, }, + ServiceKind: structs.GatewayServiceKindService, }, { Service: structs.NewServiceName("db", nil), @@ -5148,6 +5153,7 @@ func TestStateStore_GatewayServices_Terminating(t *testing.T) { CreateIndex: 22, ModifyIndex: 22, }, + ServiceKind: structs.GatewayServiceKindService, }, } assert.Equal(t, expect, out) @@ -5175,6 +5181,7 @@ func TestStateStore_GatewayServices_Terminating(t *testing.T) { CreateIndex: 22, ModifyIndex: 22, }, + ServiceKind: structs.GatewayServiceKindService, }, { Service: structs.NewServiceName("db", nil), @@ -5184,6 +5191,7 @@ func TestStateStore_GatewayServices_Terminating(t *testing.T) { CreateIndex: 22, ModifyIndex: 22, }, + ServiceKind: structs.GatewayServiceKindService, }, { Service: structs.NewServiceName("redis", nil), @@ -5198,6 +5206,7 @@ func TestStateStore_GatewayServices_Terminating(t *testing.T) { CreateIndex: 23, ModifyIndex: 23, }, + ServiceKind: structs.GatewayServiceKindService, }, } assert.Equal(t, expect, out) @@ -5225,6 +5234,7 @@ func TestStateStore_GatewayServices_Terminating(t *testing.T) { CreateIndex: 22, ModifyIndex: 22, }, + ServiceKind: structs.GatewayServiceKindService, }, { Service: structs.NewServiceName("db", nil), @@ -5234,6 +5244,7 @@ func TestStateStore_GatewayServices_Terminating(t *testing.T) { CreateIndex: 22, ModifyIndex: 22, }, + ServiceKind: structs.GatewayServiceKindService, }, } assert.Equal(t, expect, out) @@ -5265,6 +5276,7 @@ func TestStateStore_GatewayServices_Terminating(t *testing.T) { CreateIndex: 25, ModifyIndex: 25, }, + ServiceKind: structs.GatewayServiceKindService, }, } assert.Equal(t, expect, out) @@ -5392,6 +5404,7 @@ func TestStateStore_GatewayServices_ServiceDeletion(t *testing.T) { CreateIndex: 19, ModifyIndex: 19, }, + ServiceKind: structs.GatewayServiceKindService, }, } assert.Equal(t, expect, out) @@ -5430,8 +5443,8 @@ func TestStateStore_GatewayServices_ServiceDeletion(t *testing.T) { // Delete a service specified directly. assert.Nil(t, s.DeleteService(20, "foo", "db", nil, "")) - // Only the watch for other-gateway should fire, since its association to db came from a wildcard - assert.False(t, watchFired(ws)) + // The watch will fire because we need to update the gateway-services kind + assert.True(t, watchFired(ws)) assert.True(t, watchFired(otherWS)) // db should remain in the original gateway @@ -5448,7 +5461,7 @@ func TestStateStore_GatewayServices_ServiceDeletion(t *testing.T) { CAFile: "my_ca.pem", RaftIndex: structs.RaftIndex{ CreateIndex: 19, - ModifyIndex: 19, + ModifyIndex: 20, }, }, } @@ -6329,6 +6342,7 @@ func TestStateStore_DumpGatewayServices(t *testing.T) { CreateIndex: 21, ModifyIndex: 21, }, + ServiceKind: structs.GatewayServiceKindService, }, { Service: structs.NewServiceName("db", nil), @@ -6338,6 +6352,7 @@ func TestStateStore_DumpGatewayServices(t *testing.T) { CreateIndex: 21, ModifyIndex: 21, }, + ServiceKind: structs.GatewayServiceKindService, }, } assert.Equal(t, expect, out) @@ -6388,6 +6403,7 @@ func TestStateStore_DumpGatewayServices(t *testing.T) { CreateIndex: 21, ModifyIndex: 21, }, + ServiceKind: structs.GatewayServiceKindService, }, { Service: structs.NewServiceName("db", nil), @@ -6397,6 +6413,7 @@ func TestStateStore_DumpGatewayServices(t *testing.T) { CreateIndex: 21, ModifyIndex: 21, }, + ServiceKind: structs.GatewayServiceKindService, }, } assert.Equal(t, expect, out) @@ -6426,6 +6443,7 @@ func TestStateStore_DumpGatewayServices(t *testing.T) { CreateIndex: 21, ModifyIndex: 21, }, + ServiceKind: structs.GatewayServiceKindService, }, { Service: structs.NewServiceName("db", nil), @@ -6435,6 +6453,7 @@ func TestStateStore_DumpGatewayServices(t *testing.T) { CreateIndex: 21, ModifyIndex: 21, }, + ServiceKind: structs.GatewayServiceKindService, }, { Service: structs.NewServiceName("redis", nil), @@ -6449,6 +6468,7 @@ func TestStateStore_DumpGatewayServices(t *testing.T) { CreateIndex: 22, ModifyIndex: 22, }, + ServiceKind: structs.GatewayServiceKindService, }, } assert.Equal(t, expect, out) @@ -6478,6 +6498,7 @@ func TestStateStore_DumpGatewayServices(t *testing.T) { CreateIndex: 21, ModifyIndex: 21, }, + ServiceKind: structs.GatewayServiceKindService, }, { Service: structs.NewServiceName("db", nil), @@ -6487,6 +6508,7 @@ func TestStateStore_DumpGatewayServices(t *testing.T) { CreateIndex: 21, ModifyIndex: 21, }, + ServiceKind: structs.GatewayServiceKindService, }, } assert.Equal(t, expect, out) @@ -6520,6 +6542,7 @@ func TestStateStore_DumpGatewayServices(t *testing.T) { CreateIndex: 24, ModifyIndex: 24, }, + ServiceKind: structs.GatewayServiceKindService, }, } assert.Equal(t, expect, out) @@ -6577,6 +6600,7 @@ func TestStateStore_DumpGatewayServices(t *testing.T) { CreateIndex: 24, ModifyIndex: 24, }, + ServiceKind: structs.GatewayServiceKindService, }, { Service: structs.NewServiceName("api", nil), diff --git a/agent/consul/state/config_entry.go b/agent/consul/state/config_entry.go index 4743e3255..195cc3b91 100644 --- a/agent/consul/state/config_entry.go +++ b/agent/consul/state/config_entry.go @@ -344,6 +344,27 @@ func deleteConfigEntryTxn(tx WriteTxn, idx uint64, kind, name string, entMeta *a return fmt.Errorf("failed updating gateway-services index: %v", err) } } + + c := existing.(structs.ConfigEntry) + switch x := c.(type) { + case *structs.ServiceConfigEntry: + if x.Destination != nil { + gsKind, err := GatewayServiceKind(tx, sn.Name, &sn.EnterpriseMeta) + if err != nil { + return fmt.Errorf("failed to get gateway service kind for service %s: %v", sn.Name, err) + } + if gsKind == structs.GatewayServiceKindDestination { + gsKind = structs.GatewayServiceKindUnknown + } + if err := checkGatewayWildcardsAndUpdate(tx, idx, &structs.ServiceName{Name: c.GetName(), EnterpriseMeta: *c.GetEnterpriseMeta()}, gsKind); err != nil { + return fmt.Errorf("failed updating gateway mapping: %s", err) + } + if err := checkGatewayAndUpdate(tx, idx, &structs.ServiceName{Name: c.GetName(), EnterpriseMeta: *c.GetEnterpriseMeta()}, gsKind); err != nil { + return fmt.Errorf("failed updating gateway mapping: %s", err) + } + } + } + // Also clean up associations in the mesh topology table for ingress gateways if kind == structs.IngressGateway { if _, err := tx.DeleteAll(tableMeshTopology, indexDownstream, sn); err != nil { @@ -376,6 +397,7 @@ func insertConfigEntryWithTxn(tx WriteTxn, idx uint64, conf structs.ConfigEntry) } // If the config entry is for a terminating or ingress gateway we update the memdb table // that associates gateways <-> services. + if conf.GetKind() == structs.TerminatingGateway || conf.GetKind() == structs.IngressGateway { err := updateGatewayServices(tx, idx, conf, conf.GetEnterpriseMeta()) if err != nil { @@ -383,6 +405,26 @@ func insertConfigEntryWithTxn(tx WriteTxn, idx uint64, conf structs.ConfigEntry) } } + switch conf.GetKind() { + case structs.ServiceDefaults: + if conf.(*structs.ServiceConfigEntry).Destination != nil { + sn := structs.ServiceName{Name: conf.GetName(), EnterpriseMeta: *conf.GetEnterpriseMeta()} + gsKind, err := GatewayServiceKind(tx, sn.Name, &sn.EnterpriseMeta) + if gsKind == structs.GatewayServiceKindUnknown { + gsKind = structs.GatewayServiceKindDestination + } + if err != nil { + return fmt.Errorf("failed updating gateway mapping: %s", err) + } + if err := checkGatewayWildcardsAndUpdate(tx, idx, &sn, gsKind); err != nil { + return fmt.Errorf("failed updating gateway mapping: %s", err) + } + if err := checkGatewayAndUpdate(tx, idx, &sn, gsKind); err != nil { + return fmt.Errorf("failed updating gateway mapping: %s", err) + } + } + } + // Insert the config entry and update the index if err := tx.Insert(tableConfigEntries, conf); err != nil { return fmt.Errorf("failed inserting config entry: %s", err) diff --git a/agent/consul/state/config_entry_test.go b/agent/consul/state/config_entry_test.go index 8cb4d8f51..5d2cdf9fd 100644 --- a/agent/consul/state/config_entry_test.go +++ b/agent/consul/state/config_entry_test.go @@ -73,8 +73,8 @@ func TestStore_ConfigEntry(t *testing.T) { serviceConf.Protocol = "http" require.NoError(t, s.EnsureConfigEntry(5, serviceConf)) require.True(t, watchFired(ws)) -} +} func TestStore_ConfigEntryCAS(t *testing.T) { s := testConfigStateStore(t) @@ -310,6 +310,497 @@ func TestStore_ConfigEntries(t *testing.T) { Protocol: "tcp", })) require.True(t, watchFired(ws)) + +} + +func TestStore_ServiceDefaults_Kind_Destination(t *testing.T) { + s := testConfigStateStore(t) + + Gtwy := &structs.TerminatingGatewayConfigEntry{ + Kind: structs.TerminatingGateway, + Name: "Gtwy1", + Services: []structs.LinkedService{ + { + Name: "dest1", + }, + }, + } + + // Create + require.NoError(t, s.EnsureConfigEntry(0, Gtwy)) + + destination := &structs.ServiceConfigEntry{ + Kind: structs.ServiceDefaults, + Name: "dest1", + Destination: &structs.DestinationConfig{}, + } + + _, gatewayServices, err := s.GatewayServices(nil, "Gtwy1", nil) + require.NoError(t, err) + require.Len(t, gatewayServices, 1) + require.Equal(t, gatewayServices[0].ServiceKind, structs.GatewayServiceKindUnknown) + + ws := memdb.NewWatchSet() + _, _, err = s.GatewayServices(ws, "Gtwy1", nil) + require.NoError(t, err) + + // Create + require.NoError(t, s.EnsureConfigEntry(0, destination)) + + //Watch is fired because we transitioned to a destination, by default we assume it's not. + require.True(t, watchFired(ws)) + + _, gatewayServices, err = s.GatewayServices(ws, "Gtwy1", nil) + require.NoError(t, err) + require.Len(t, gatewayServices, 1) + require.Equal(t, gatewayServices[0].ServiceKind, structs.GatewayServiceKindDestination) + + ws = memdb.NewWatchSet() + _, _, err = s.GatewayServices(ws, "Gtwy1", nil) + require.NoError(t, err) + + require.NoError(t, s.DeleteConfigEntry(6, structs.ServiceDefaults, destination.Name, &destination.EnterpriseMeta)) + + //Watch is fired because we transitioned to a destination, by default we assume it's not. + require.True(t, watchFired(ws)) + + _, gatewayServices, err = s.GatewayServices(ws, "Gtwy1", nil) + require.NoError(t, err) + require.Len(t, gatewayServices, 1) + require.Equal(t, gatewayServices[0].ServiceKind, structs.GatewayServiceKindUnknown) + +} + +func TestStore_ServiceDefaults_Kind_NotDestination(t *testing.T) { + s := testConfigStateStore(t) + + Gtwy := &structs.TerminatingGatewayConfigEntry{ + Kind: structs.TerminatingGateway, + Name: "Gtwy1", + Services: []structs.LinkedService{ + { + Name: "dest1", + }, + }, + } + + // Create + require.NoError(t, s.EnsureConfigEntry(0, Gtwy)) + + destination := &structs.ServiceConfigEntry{ + Kind: structs.ServiceDefaults, + Name: "dest1", + } + + _, gatewayServices, err := s.GatewayServices(nil, "Gtwy1", nil) + require.NoError(t, err) + require.Len(t, gatewayServices, 1) + require.Equal(t, gatewayServices[0].ServiceKind, structs.GatewayServiceKindUnknown) + + ws := memdb.NewWatchSet() + _, _, err = s.GatewayServices(ws, "Gtwy1", nil) + require.NoError(t, err) + + // Create + require.NoError(t, s.EnsureConfigEntry(0, destination)) + + //Watch is fired because we transitioned to a destination, by default we assume it's not. + require.False(t, watchFired(ws)) + + _, gatewayServices, err = s.GatewayServices(ws, "Gtwy1", nil) + require.NoError(t, err) + require.Len(t, gatewayServices, 1) + require.Equal(t, gatewayServices[0].ServiceKind, structs.GatewayServiceKindUnknown) + + ws = memdb.NewWatchSet() + _, _, err = s.GatewayServices(ws, "Gtwy1", nil) + require.NoError(t, err) + + require.NoError(t, s.DeleteConfigEntry(6, structs.ServiceDefaults, destination.Name, &destination.EnterpriseMeta)) + + //Watch is fired because we transitioned to a destination, by default we assume it's not. + require.False(t, watchFired(ws)) + + _, gatewayServices, err = s.GatewayServices(ws, "Gtwy1", nil) + require.NoError(t, err) + require.Len(t, gatewayServices, 1) + require.Equal(t, gatewayServices[0].ServiceKind, structs.GatewayServiceKindUnknown) + +} + +func TestStore_Service_TerminatingGateway_Kind_Service_Destination(t *testing.T) { + s := testConfigStateStore(t) + + Gtwy := &structs.TerminatingGatewayConfigEntry{ + Kind: structs.TerminatingGateway, + Name: "Gtwy1", + Services: []structs.LinkedService{ + { + Name: "web", + }, + }, + } + + // Create + require.NoError(t, s.EnsureConfigEntry(0, Gtwy)) + + service := &structs.NodeService{ + Kind: structs.ServiceKindTypical, + Service: "web", + } + destination := &structs.ServiceConfigEntry{ + Kind: structs.ServiceDefaults, + Name: "web", + Destination: &structs.DestinationConfig{}, + } + + _, gatewayServices, err := s.GatewayServices(nil, "Gtwy1", nil) + require.NoError(t, err) + require.Len(t, gatewayServices, 1) + require.Equal(t, gatewayServices[0].ServiceKind, structs.GatewayServiceKindUnknown) + + ws := memdb.NewWatchSet() + _, _, err = s.GatewayServices(ws, "Gtwy1", nil) + require.NoError(t, err) + + // Create + require.NoError(t, s.EnsureNode(0, &structs.Node{Node: "node1"})) + require.NoError(t, s.EnsureService(0, "node1", service)) + + //Watch is fired because we transitioned to a destination, by default we assume it's not. + require.True(t, watchFired(ws)) + + _, gatewayServices, err = s.GatewayServices(ws, "Gtwy1", nil) + require.NoError(t, err) + require.Len(t, gatewayServices, 1) + require.Equal(t, gatewayServices[0].ServiceKind, structs.GatewayServiceKindService) + + require.NoError(t, s.EnsureConfigEntry(0, destination)) + + _, gatewayServices, err = s.GatewayServices(nil, "Gtwy1", nil) + require.NoError(t, err) + require.Len(t, gatewayServices, 1) + require.Equal(t, gatewayServices[0].ServiceKind, structs.GatewayServiceKindService) + + ws = memdb.NewWatchSet() + _, _, err = s.GatewayServices(ws, "Gtwy1", nil) + require.NoError(t, err) + + require.NoError(t, s.DeleteService(6, "node1", service.ID, &service.EnterpriseMeta, "")) + + //Watch is fired because we transitioned to a destination, by default we assume it's not. + require.True(t, watchFired(ws)) + + _, gatewayServices, err = s.GatewayServices(ws, "Gtwy1", nil) + require.NoError(t, err) + require.Len(t, gatewayServices, 1) + require.Equal(t, gatewayServices[0].ServiceKind, structs.GatewayServiceKindDestination) + +} + +func TestStore_Service_TerminatingGateway_Kind_Destination_Service(t *testing.T) { + s := testConfigStateStore(t) + + Gtwy := &structs.TerminatingGatewayConfigEntry{ + Kind: structs.TerminatingGateway, + Name: "Gtwy1", + Services: []structs.LinkedService{ + { + Name: "web", + }, + }, + } + + // Create + require.NoError(t, s.EnsureConfigEntry(0, Gtwy)) + + service := &structs.NodeService{ + Kind: structs.ServiceKindTypical, + Service: "web", + } + destination := &structs.ServiceConfigEntry{ + Kind: structs.ServiceDefaults, + Name: "web", + Destination: &structs.DestinationConfig{}, + } + + _, gatewayServices, err := s.GatewayServices(nil, "Gtwy1", nil) + require.NoError(t, err) + require.Len(t, gatewayServices, 1) + require.Equal(t, gatewayServices[0].ServiceKind, structs.GatewayServiceKindUnknown) + + ws := memdb.NewWatchSet() + _, _, err = s.GatewayServices(ws, "Gtwy1", nil) + require.NoError(t, err) + + // Create + require.NoError(t, s.EnsureConfigEntry(0, destination)) + + _, gatewayServices, err = s.GatewayServices(nil, "Gtwy1", nil) + require.NoError(t, err) + require.Len(t, gatewayServices, 1) + require.Equal(t, gatewayServices[0].ServiceKind, structs.GatewayServiceKindDestination) + + require.NoError(t, s.EnsureNode(0, &structs.Node{Node: "node1"})) + require.NoError(t, s.EnsureService(0, "node1", service)) + + //Watch is fired because we transitioned to a destination, by default we assume it's not. + require.True(t, watchFired(ws)) + + _, gatewayServices, err = s.GatewayServices(ws, "Gtwy1", nil) + require.NoError(t, err) + require.Len(t, gatewayServices, 1) + require.Equal(t, gatewayServices[0].ServiceKind, structs.GatewayServiceKindService) + + ws = memdb.NewWatchSet() + _, _, err = s.GatewayServices(ws, "Gtwy1", nil) + require.NoError(t, err) + + require.NoError(t, s.DeleteService(6, "node1", service.ID, &service.EnterpriseMeta, "")) + + //Watch is fired because we transitioned to a destination, by default we assume it's not. + require.True(t, watchFired(ws)) + + _, gatewayServices, err = s.GatewayServices(ws, "Gtwy1", nil) + require.NoError(t, err) + require.Len(t, gatewayServices, 1) + require.Equal(t, gatewayServices[0].ServiceKind, structs.GatewayServiceKindDestination) + +} + +func TestStore_Service_TerminatingGateway_Kind_Service(t *testing.T) { + s := testConfigStateStore(t) + + Gtwy := &structs.TerminatingGatewayConfigEntry{ + Kind: structs.TerminatingGateway, + Name: "Gtwy1", + Services: []structs.LinkedService{ + { + Name: "web", + }, + }, + } + + // Create + require.NoError(t, s.EnsureConfigEntry(0, Gtwy)) + + service := &structs.NodeService{ + Kind: structs.ServiceKindTypical, + Service: "web", + } + + _, gatewayServices, err := s.GatewayServices(nil, "Gtwy1", nil) + require.NoError(t, err) + require.Len(t, gatewayServices, 1) + require.Equal(t, gatewayServices[0].ServiceKind, structs.GatewayServiceKindUnknown) + + ws := memdb.NewWatchSet() + _, _, err = s.GatewayServices(ws, "Gtwy1", nil) + require.NoError(t, err) + + // Create + require.NoError(t, s.EnsureNode(0, &structs.Node{Node: "node1"})) + require.NoError(t, s.EnsureService(0, "node1", service)) + + //Watch is fired because we transitioned to a destination, by default we assume it's not. + require.True(t, watchFired(ws)) + + _, gatewayServices, err = s.GatewayServices(ws, "Gtwy1", nil) + require.NoError(t, err) + require.Len(t, gatewayServices, 1) + require.Equal(t, gatewayServices[0].ServiceKind, structs.GatewayServiceKindService) + + ws = memdb.NewWatchSet() + _, _, err = s.GatewayServices(ws, "Gtwy1", nil) + require.NoError(t, err) + + require.NoError(t, s.DeleteService(6, "node1", service.ID, &service.EnterpriseMeta, "")) + + //Watch is fired because we transitioned to a destination, by default we assume it's not. + require.True(t, watchFired(ws)) + + _, gatewayServices, err = s.GatewayServices(ws, "Gtwy1", nil) + require.NoError(t, err) + require.Len(t, gatewayServices, 1) + require.Equal(t, gatewayServices[0].ServiceKind, structs.GatewayServiceKindUnknown) + +} + +func TestStore_ServiceDefaults_Kind_Destination_Wildcard(t *testing.T) { + s := testConfigStateStore(t) + + Gtwy := &structs.TerminatingGatewayConfigEntry{ + Kind: structs.TerminatingGateway, + Name: "Gtwy1", + Services: []structs.LinkedService{ + { + Name: "*", + }, + }, + } + + // Create + require.NoError(t, s.EnsureConfigEntry(0, Gtwy)) + + destination := &structs.ServiceConfigEntry{ + Kind: structs.ServiceDefaults, + Name: "dest1", + Destination: &structs.DestinationConfig{}, + } + + _, gatewayServices, err := s.GatewayServices(nil, "Gtwy1", nil) + require.NoError(t, err) + require.Len(t, gatewayServices, 0) + + ws := memdb.NewWatchSet() + _, _, err = s.GatewayServices(ws, "Gtwy1", nil) + // Create + require.NoError(t, s.EnsureConfigEntry(0, destination)) + require.NoError(t, err) + + require.True(t, watchFired(ws)) + + _, gatewayServices, err = s.GatewayServices(ws, "Gtwy1", nil) + require.NoError(t, err) + require.Len(t, gatewayServices, 1) + require.Equal(t, gatewayServices[0].ServiceKind, structs.GatewayServiceKindDestination) + + ws = memdb.NewWatchSet() + _, _, err = s.GatewayServices(ws, "Gtwy1", nil) + require.NoError(t, err) + + require.NoError(t, s.DeleteConfigEntry(6, structs.ServiceDefaults, destination.Name, &destination.EnterpriseMeta)) + + //Watch is fired because we transitioned to a destination, by default we assume it's not. + require.True(t, watchFired(ws)) + + _, gatewayServices, err = s.GatewayServices(ws, "Gtwy1", nil) + require.NoError(t, err) + require.Len(t, gatewayServices, 1) + require.Equal(t, gatewayServices[0].ServiceKind, structs.GatewayServiceKindUnknown) +} + +func TestStore_Service_TerminatingGateway_Kind_Service_Wildcard(t *testing.T) { + s := testConfigStateStore(t) + + Gtwy := &structs.TerminatingGatewayConfigEntry{ + Kind: structs.TerminatingGateway, + Name: "Gtwy1", + Services: []structs.LinkedService{ + { + Name: "*", + }, + }, + } + + // Create + require.NoError(t, s.EnsureConfigEntry(0, Gtwy)) + + service := &structs.NodeService{ + Kind: structs.ServiceKindTypical, + Service: "web", + } + + _, gatewayServices, err := s.GatewayServices(nil, "Gtwy1", nil) + require.NoError(t, err) + require.Len(t, gatewayServices, 0) + + ws := memdb.NewWatchSet() + _, _, err = s.GatewayServices(ws, "Gtwy1", nil) + require.NoError(t, err) + + // Create + require.NoError(t, s.EnsureNode(0, &structs.Node{Node: "node1"})) + require.NoError(t, s.EnsureService(0, "node1", service)) + + //Watch is fired because we transitioned to a destination, by default we assume it's not. + require.True(t, watchFired(ws)) + + _, gatewayServices, err = s.GatewayServices(ws, "Gtwy1", nil) + require.NoError(t, err) + require.Len(t, gatewayServices, 1) + require.Equal(t, gatewayServices[0].ServiceKind, structs.GatewayServiceKindService) + + ws = memdb.NewWatchSet() + _, _, err = s.GatewayServices(ws, "Gtwy1", nil) + require.NoError(t, err) + + require.NoError(t, s.DeleteService(6, "node1", service.ID, &service.EnterpriseMeta, "")) + + //Watch is fired because we transitioned to a destination, by default we assume it's not. + require.True(t, watchFired(ws)) + + _, gatewayServices, err = s.GatewayServices(ws, "Gtwy1", nil) + require.NoError(t, err) + require.Len(t, gatewayServices, 0) +} + +func TestStore_Service_TerminatingGateway_Kind_Service_Destination_Wildcard(t *testing.T) { + s := testConfigStateStore(t) + + Gtwy := &structs.TerminatingGatewayConfigEntry{ + Kind: structs.TerminatingGateway, + Name: "Gtwy1", + Services: []structs.LinkedService{ + { + Name: "*", + }, + }, + } + + // Create + require.NoError(t, s.EnsureConfigEntry(0, Gtwy)) + + service := &structs.NodeService{ + Kind: structs.ServiceKindTypical, + Service: "web", + } + destination := &structs.ServiceConfigEntry{ + Kind: structs.ServiceDefaults, + Name: "web", + Destination: &structs.DestinationConfig{}, + } + + _, gatewayServices, err := s.GatewayServices(nil, "Gtwy1", nil) + require.NoError(t, err) + require.Len(t, gatewayServices, 0) + + ws := memdb.NewWatchSet() + _, _, err = s.GatewayServices(ws, "Gtwy1", nil) + require.NoError(t, err) + + // Create + require.NoError(t, s.EnsureConfigEntry(0, destination)) + + _, gatewayServices, err = s.GatewayServices(nil, "Gtwy1", nil) + require.NoError(t, err) + require.Len(t, gatewayServices, 1) + require.Equal(t, gatewayServices[0].ServiceKind, structs.GatewayServiceKindDestination) + + require.NoError(t, s.EnsureNode(0, &structs.Node{Node: "node1"})) + require.NoError(t, s.EnsureService(0, "node1", service)) + + //Watch is fired because we transitioned to a destination, by default we assume it's not. + require.True(t, watchFired(ws)) + + _, gatewayServices, err = s.GatewayServices(ws, "Gtwy1", nil) + require.NoError(t, err) + require.Len(t, gatewayServices, 1) + require.Equal(t, gatewayServices[0].ServiceKind, structs.GatewayServiceKindService) + + ws = memdb.NewWatchSet() + _, _, err = s.GatewayServices(ws, "Gtwy1", nil) + require.NoError(t, err) + + require.NoError(t, s.DeleteService(6, "node1", service.ID, &service.EnterpriseMeta, "")) + + //Watch is fired because we transitioned to a destination, by default we assume it's not. + require.True(t, watchFired(ws)) + + _, gatewayServices, err = s.GatewayServices(ws, "Gtwy1", nil) + require.NoError(t, err) + require.Len(t, gatewayServices, 0) + } func TestStore_ConfigEntry_GraphValidation(t *testing.T) { diff --git a/agent/structs/config_entry.go b/agent/structs/config_entry.go index d8953205e..5382da3af 100644 --- a/agent/structs/config_entry.go +++ b/agent/structs/config_entry.go @@ -105,7 +105,7 @@ type ServiceConfigEntry struct { Expose ExposeConfig `json:",omitempty"` ExternalSNI string `json:",omitempty" alias:"external_sni"` UpstreamConfig *UpstreamConfiguration `json:",omitempty" alias:"upstream_config"` - Endpoint *EndpointConfig `json:",omitempty"` + Destination *DestinationConfig `json:",omitempty"` MaxInboundConnections int `json:",omitempty" alias:"max_inbound_connections"` Meta map[string]string `json:",omitempty"` @@ -180,8 +180,8 @@ func (e *ServiceConfigEntry) Validate() error { validationErr := validateConfigEntryMeta(e.Meta) // External endpoints are invalid with an existing service's upstream configuration - if e.UpstreamConfig != nil && e.Endpoint != nil { - validationErr = multierror.Append(validationErr, errors.New("UpstreamConfig and Endpoint are mutually exclusive for service defaults")) + if e.UpstreamConfig != nil && e.Destination != nil { + validationErr = multierror.Append(validationErr, errors.New("UpstreamConfig and Destination are mutually exclusive for service defaults")) return validationErr } @@ -200,13 +200,13 @@ func (e *ServiceConfigEntry) Validate() error { } } - if e.Endpoint != nil { - if err := validateEndpointAddress(e.Endpoint.Address); err != nil { - validationErr = multierror.Append(validationErr, fmt.Errorf("Endpoint address is invalid %w", err)) + if e.Destination != nil { + if err := validateEndpointAddress(e.Destination.Address); err != nil { + validationErr = multierror.Append(validationErr, fmt.Errorf("Destination address is invalid %w", err)) } - if e.Endpoint.Port < 1 || e.Endpoint.Port > 65535 { - validationErr = multierror.Append(validationErr, fmt.Errorf("Invalid Port number %d", e.Endpoint.Port)) + if e.Destination.Port < 1 || e.Destination.Port > 65535 { + validationErr = multierror.Append(validationErr, fmt.Errorf("Invalid Port number %d", e.Destination.Port)) } } @@ -292,8 +292,8 @@ func (c *UpstreamConfiguration) Clone() *UpstreamConfiguration { return &c2 } -// EndpointConfig represents a virtual service, i.e. one that is external to Consul -type EndpointConfig struct { +// DestinationConfig represents a virtual service, i.e. one that is external to Consul +type DestinationConfig struct { // Address of the endpoint; hostname, IP, or CIDR Address string `json:",omitempty"` diff --git a/agent/structs/config_entry_gateways.go b/agent/structs/config_entry_gateways.go index 0f8917098..c0abcd59d 100644 --- a/agent/structs/config_entry_gateways.go +++ b/agent/structs/config_entry_gateways.go @@ -586,19 +586,28 @@ func (e *TerminatingGatewayConfigEntry) Warnings() []string { return warnings } +type GatewayServiceKind string + +const ( + GatewayServiceKindUnknown GatewayServiceKind = "" + GatewayServiceKindDestination GatewayServiceKind = "destination" + GatewayServiceKindService GatewayServiceKind = "service" +) + // GatewayService is used to associate gateways with their linked services. type GatewayService struct { Gateway ServiceName Service ServiceName GatewayKind ServiceKind - Port int `json:",omitempty"` - Protocol string `json:",omitempty"` - Hosts []string `json:",omitempty"` - CAFile string `json:",omitempty"` - CertFile string `json:",omitempty"` - KeyFile string `json:",omitempty"` - SNI string `json:",omitempty"` - FromWildcard bool `json:",omitempty"` + Port int `json:",omitempty"` + Protocol string `json:",omitempty"` + Hosts []string `json:",omitempty"` + CAFile string `json:",omitempty"` + CertFile string `json:",omitempty"` + KeyFile string `json:",omitempty"` + SNI string `json:",omitempty"` + FromWildcard bool `json:",omitempty"` + ServiceKind GatewayServiceKind `json:",omitempty"` RaftIndex } @@ -635,6 +644,7 @@ func (g *GatewayService) IsSame(o *GatewayService) bool { g.CertFile == o.CertFile && g.KeyFile == o.KeyFile && g.SNI == o.SNI && + g.ServiceKind == o.ServiceKind && g.FromWildcard == o.FromWildcard } @@ -653,5 +663,6 @@ func (g *GatewayService) Clone() *GatewayService { SNI: g.SNI, FromWildcard: g.FromWildcard, RaftIndex: g.RaftIndex, + ServiceKind: g.ServiceKind, } } diff --git a/agent/structs/config_entry_test.go b/agent/structs/config_entry_test.go index 70db92aaa..afbd737f8 100644 --- a/agent/structs/config_entry_test.go +++ b/agent/structs/config_entry_test.go @@ -428,12 +428,12 @@ func TestDecodeConfigEntry(t *testing.T) { }, }, { - name: "service-defaults-with-endpoint", + name: "service-defaults-with-destination", snake: ` kind = "service-defaults" name = "external" protocol = "tcp" - endpoint { + destination { address = "1.2.3.4/24" port = 8080 } @@ -442,7 +442,7 @@ func TestDecodeConfigEntry(t *testing.T) { Kind = "service-defaults" Name = "external" Protocol = "tcp" - Endpoint { + Destination { Address = "1.2.3.4/24" Port = 8080 } @@ -451,7 +451,7 @@ func TestDecodeConfigEntry(t *testing.T) { Kind: "service-defaults", Name: "external", Protocol: "tcp", - Endpoint: &EndpointConfig{ + Destination: &DestinationConfig{ Address: "1.2.3.4/24", Port: 8080, }, @@ -2421,79 +2421,79 @@ func TestServiceConfigEntry(t *testing.T) { EnterpriseMeta: *DefaultEnterpriseMetaInDefaultPartition(), }, }, - "validate: missing endpoint address": { + "validate: missing destination address": { entry: &ServiceConfigEntry{ Kind: ServiceDefaults, Name: "external", Protocol: "tcp", - Endpoint: &EndpointConfig{ + Destination: &DestinationConfig{ Address: "", Port: 443, }, }, validateErr: "Could not validate address", }, - "validate: endpoint ipv4 address": { + "validate: destination ipv4 address": { entry: &ServiceConfigEntry{ Kind: ServiceDefaults, Name: "external", Protocol: "tcp", - Endpoint: &EndpointConfig{ + Destination: &DestinationConfig{ Address: "1.2.3.4", Port: 443, }, }, }, - "validate: endpoint ipv4 CIDR address": { + "validate: destination ipv4 CIDR address": { entry: &ServiceConfigEntry{ Kind: ServiceDefaults, Name: "external", Protocol: "tcp", - Endpoint: &EndpointConfig{ + Destination: &DestinationConfig{ Address: "10.0.0.1/16", Port: 8080, }, }, }, - "validate: endpoint ipv6 address": { + "validate: destination ipv6 address": { entry: &ServiceConfigEntry{ Kind: ServiceDefaults, Name: "external", Protocol: "tcp", - Endpoint: &EndpointConfig{ + Destination: &DestinationConfig{ Address: "2001:0db8:0000:8a2e:0370:7334:1234:5678", Port: 443, }, }, }, - "valid endpoint shortened ipv6 address": { + "valid destination shortened ipv6 address": { entry: &ServiceConfigEntry{ Kind: ServiceDefaults, Name: "external", Protocol: "tcp", - Endpoint: &EndpointConfig{ + Destination: &DestinationConfig{ Address: "2001:db8::8a2e:370:7334", Port: 443, }, }, }, - "validate: endpoint ipv6 CIDR address": { + "validate: destination ipv6 CIDR address": { entry: &ServiceConfigEntry{ Kind: ServiceDefaults, Name: "external", Protocol: "tcp", - Endpoint: &EndpointConfig{ + Destination: &DestinationConfig{ Address: "2001:db8::8a2e:370:7334/64", Port: 443, }, }, }, - "validate: invalid endpoint port": { + "validate: invalid destination port": { entry: &ServiceConfigEntry{ Kind: ServiceDefaults, Name: "external", Protocol: "tcp", - Endpoint: &EndpointConfig{ + Destination: &DestinationConfig{ Address: "2001:db8::8a2e:370:7334/64", }, }, @@ -2504,7 +2504,7 @@ func TestServiceConfigEntry(t *testing.T) { Kind: ServiceDefaults, Name: "external", Protocol: "tcp", - Endpoint: &EndpointConfig{ + Destination: &DestinationConfig{ Address: "*external.com", Port: 443, }, @@ -2516,7 +2516,7 @@ func TestServiceConfigEntry(t *testing.T) { Kind: ServiceDefaults, Name: "external", Protocol: "tcp", - Endpoint: &EndpointConfig{ + Destination: &DestinationConfig{ Address: "..hello.", Port: 443, }, @@ -2528,7 +2528,7 @@ func TestServiceConfigEntry(t *testing.T) { Kind: ServiceDefaults, Name: "external", Protocol: "http", - Endpoint: &EndpointConfig{ + Destination: &DestinationConfig{ Address: "*", Port: 443, }, diff --git a/api/config_entry.go b/api/config_entry.go index ac88c1d56..79c50b62e 100644 --- a/api/config_entry.go +++ b/api/config_entry.go @@ -179,8 +179,8 @@ type UpstreamConfig struct { MeshGateway MeshGatewayConfig `json:",omitempty" alias:"mesh_gateway" ` } -// EndpointConfig represents a virtual service, i.e. one that is external to Consul -type EndpointConfig struct { +// DestinationConfig represents a virtual service, i.e. one that is external to Consul +type DestinationConfig struct { // Address of the endpoint; hostname, IP, or CIDR Address string `json:",omitempty"` @@ -229,7 +229,7 @@ type ServiceConfigEntry struct { Expose ExposeConfig `json:",omitempty"` ExternalSNI string `json:",omitempty" alias:"external_sni"` UpstreamConfig *UpstreamConfiguration `json:",omitempty" alias:"upstream_config"` - Endpoint *EndpointConfig `json:",omitempty"` + Destination *DestinationConfig `json:",omitempty"` Meta map[string]string `json:",omitempty"` CreateIndex uint64 ModifyIndex uint64 diff --git a/api/config_entry_test.go b/api/config_entry_test.go index 5b93783db..a7b02c3a8 100644 --- a/api/config_entry_test.go +++ b/api/config_entry_test.go @@ -106,16 +106,16 @@ func TestAPI_ConfigEntries(t *testing.T) { }, } - endpoint := &EndpointConfig{ + dest := &DestinationConfig{ Address: "my.example.com", Port: 80, } service2 := &ServiceConfigEntry{ - Kind: ServiceDefaults, - Name: "bar", - Protocol: "tcp", - Endpoint: endpoint, + Kind: ServiceDefaults, + Name: "bar", + Protocol: "tcp", + Destination: dest, } // set it @@ -191,7 +191,7 @@ func TestAPI_ConfigEntries(t *testing.T) { require.Equal(t, service2.Kind, readService.Kind) require.Equal(t, service2.Name, readService.Name) require.Equal(t, service2.Protocol, readService.Protocol) - require.Equal(t, endpoint, readService.Endpoint) + require.Equal(t, dest, readService.Destination) } } @@ -530,7 +530,7 @@ func TestDecodeConfigEntry(t *testing.T) { "Kind": "service-defaults", "Name": "external", "Protocol": "http", - "Endpoint": { + "Destination": { "Address": "1.2.3.4/24", "Port": 443 } @@ -540,7 +540,7 @@ func TestDecodeConfigEntry(t *testing.T) { Kind: "service-defaults", Name: "external", Protocol: "http", - Endpoint: &EndpointConfig{ + Destination: &DestinationConfig{ Address: "1.2.3.4/24", Port: 443, }, diff --git a/command/config/write/config_write_test.go b/command/config/write/config_write_test.go index 7ff60620d..566e2ab9b 100644 --- a/command/config/write/config_write_test.go +++ b/command/config/write/config_write_test.go @@ -793,7 +793,7 @@ func TestParseConfigEntry(t *testing.T) { }, }, { - name: "service-defaults: kitchen sink (endpoint edition)", + name: "service-defaults: kitchen sink (destination edition)", snake: ` kind = "service-defaults" name = "main" @@ -810,7 +810,7 @@ func TestParseConfigEntry(t *testing.T) { outbound_listener_port = 10101 dialed_directly = true } - endpoint = { + destination = { address = "10.0.0.0/16", port = 443 } @@ -831,7 +831,7 @@ func TestParseConfigEntry(t *testing.T) { outbound_listener_port = 10101 dialed_directly = true } - Endpoint = { + Destination = { Address = "10.0.0.0/16", Port = 443 } @@ -853,7 +853,7 @@ func TestParseConfigEntry(t *testing.T) { "outbound_listener_port": 10101, "dialed_directly": true }, - "endpoint": { + "destination": { "address": "10.0.0.0/16", "port": 443 } @@ -876,7 +876,7 @@ func TestParseConfigEntry(t *testing.T) { "OutboundListenerPort": 10101, "DialedDirectly": true }, - "Endpoint": { + "Destination": { "Address": "10.0.0.0/16", "Port": 443 } @@ -898,7 +898,7 @@ func TestParseConfigEntry(t *testing.T) { OutboundListenerPort: 10101, DialedDirectly: true, }, - Endpoint: &api.EndpointConfig{ + Destination: &api.DestinationConfig{ Address: "10.0.0.0/16", Port: 443, }, From 23e7c5b5fdd93da1310295b0790edbdb37706276 Mon Sep 17 00:00:00 2001 From: "Chris S. Kim" Date: Tue, 31 May 2022 16:58:17 -0400 Subject: [PATCH 425/785] Fix broken CI step (#13314) --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 6e135ecdc..eebc8adfa 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -687,7 +687,7 @@ jobs: name: move compiled ui files to agent/uiserver command: | rm -rf agent/uiserver/dist - mv ui/packages/consul-ui/dist agent/uiserver + mv packages/consul-ui/dist agent/uiserver - run: name: commit agent/uiserver/dist/ if there are UI changes command: | From 3046ad707b23d40dcb097db959b4373867ed452b Mon Sep 17 00:00:00 2001 From: Mark Anderson Date: Tue, 31 May 2022 16:57:50 -0700 Subject: [PATCH 426/785] yUpdate website/content/docs/connect/ca/vault.mdx Port some changes that were made to the backport branch but not in the original PR. Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Signed-off-by: Mark Anderson --- website/content/docs/connect/ca/vault.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/website/content/docs/connect/ca/vault.mdx b/website/content/docs/connect/ca/vault.mdx index 02294c2c2..7ab597ffc 100644 --- a/website/content/docs/connect/ca/vault.mdx +++ b/website/content/docs/connect/ca/vault.mdx @@ -137,7 +137,7 @@ The configuration options are listed below. that authorized it. - `RootPKINamespace` / `root_pki_namespace` (`string: `) - The absolute namespace - that the `RootPKIPath` is in. Setting this overrides the `Namespace` option for the `RootPKIPath`. Introduced in 1.12.1 + that the `RootPKIPath` is in. Setting this parameter overrides the `Namespace` option for the `RootPKIPath`. Introduced in 1.12.1. - `IntermediatePKIPath` / `intermediate_pki_path` (`string: `) - The path to a PKI secrets engine for the generated intermediate certificate. @@ -149,7 +149,7 @@ The configuration options are listed below. datacenter must specify a unique `intermediate_pki_path`. - `IntermediatePKINamespace` / `intermediate_pki_namespace` (`string: `) - The absolute namespace - that the `IntermediatePKIPath` is in. Setting this overrides the `Namespace` option for the `IntermediatePKIPath`. Introduced in 1.12.1 + that the `IntermediatePKIPath` is in. Setting this parameter overrides the `Namespace` option for the `IntermediatePKIPath`. Introduced in 1.12.1. - `CAFile` / `ca_file` (`string: ""`) - Specifies an optional path to the CA certificate used for Vault communication. If unspecified, this will fallback From b0e5573f3094ed19b7d5ee2932625c075108e168 Mon Sep 17 00:00:00 2001 From: Michele Degges Date: Tue, 31 May 2022 22:44:53 -0700 Subject: [PATCH 427/785] [Fix typo] Backport-reminder (#13313) --- .github/workflows/backport-reminder.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/backport-reminder.yml b/.github/workflows/backport-reminder.yml index 3e4fef81e..359451269 100644 --- a/.github/workflows/backport-reminder.yml +++ b/.github/workflows/backport-reminder.yml @@ -19,7 +19,7 @@ jobs: steps: - name: Comment on PR run: | - github_message="After merging, confirm that you see linked PRs AND check that them for CI errors." + github_message="After merging, confirm that you see linked PRs AND check them for CI errors." curl -s -H "Authorization: token ${{ secrets.PR_COMMENT_TOKEN }}" \ -X POST \ -d "{ \"body\": \"${github_message}\"}" \ From 44a318ef73f9f5297aa64e4a1481c4169d05170b Mon Sep 17 00:00:00 2001 From: "Chris S. Kim" Date: Wed, 1 Jun 2022 11:09:51 -0400 Subject: [PATCH 428/785] Reimplement fs.FileInfo interface (#13315) Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> --- agent/uiserver/buffered_file.go | 44 +++++++++++++++++++++++++++------ 1 file changed, 36 insertions(+), 8 deletions(-) diff --git a/agent/uiserver/buffered_file.go b/agent/uiserver/buffered_file.go index a956dab16..f5ebf0cf5 100644 --- a/agent/uiserver/buffered_file.go +++ b/agent/uiserver/buffered_file.go @@ -1,20 +1,31 @@ package uiserver import ( - "io" + "bytes" "io/fs" + "os" + "time" ) // bufferedFile implements fs.File and allows us to modify a file from disk by // writing out the new version into a buffer and then serving file reads from // that. type bufferedFile struct { - buf io.Reader + buf *bytes.Buffer info fs.FileInfo } +var _ fs.FileInfo = (*bufferedFile)(nil) + +func newBufferedFile(buf *bytes.Buffer, info fs.FileInfo) *bufferedFile { + return &bufferedFile{ + buf: buf, + info: info, + } +} + func (b *bufferedFile) Stat() (fs.FileInfo, error) { - return b.info, nil + return b, nil } func (b *bufferedFile) Read(bytes []byte) (int, error) { @@ -25,9 +36,26 @@ func (b *bufferedFile) Close() error { return nil } -func newBufferedFile(buf io.Reader, info fs.FileInfo) *bufferedFile { - return &bufferedFile{ - buf: buf, - info: info, - } +func (b *bufferedFile) Name() string { + return b.info.Name() +} + +func (b *bufferedFile) Size() int64 { + return int64(b.buf.Len()) +} + +func (b *bufferedFile) Mode() os.FileMode { + return b.info.Mode() +} + +func (b *bufferedFile) ModTime() time.Time { + return b.info.ModTime() +} + +func (b *bufferedFile) IsDir() bool { + return false +} + +func (b *bufferedFile) Sys() any { + return nil } From e6dc26e0879a246a42ec64073a0f8d4d3a9ad8d8 Mon Sep 17 00:00:00 2001 From: Dan Upton Date: Wed, 1 Jun 2022 16:18:06 +0100 Subject: [PATCH 429/785] proxycfg: replace direct agent cache usage with interfaces (#13320) This is the OSS portion of enterprise PRs 1904, 1905, 1906, 1907, 1949, and 1971. It replaces the proxycfg manager's direct dependency on the agent cache with interfaces that will be implemented differently when serving xDS sessions from a Consul server. --- agent/agent.go | 27 ++- agent/agent_oss.go | 3 + agent/proxycfg-glue/glue.go | 153 ++++++++++++ agent/proxycfg/connect_proxy.go | 16 +- agent/proxycfg/data_sources.go | 162 +++++++++++++ agent/proxycfg/data_sources_oss.go | 6 + agent/proxycfg/glue.go | 60 ----- agent/proxycfg/ingress_gateway.go | 10 +- agent/proxycfg/manager.go | 13 +- agent/proxycfg/manager_test.go | 134 +++++------ agent/proxycfg/mesh_gateway.go | 17 +- agent/proxycfg/state.go | 35 +-- agent/proxycfg/state_oss_test.go | 6 + agent/proxycfg/state_test.go | 331 +++++++++++--------------- agent/proxycfg/terminating_gateway.go | 16 +- agent/proxycfg/testing.go | 238 +++++++++++++----- agent/proxycfg/testing_oss.go | 12 + agent/proxycfg/upstreams.go | 17 +- 18 files changed, 787 insertions(+), 469 deletions(-) create mode 100644 agent/proxycfg-glue/glue.go create mode 100644 agent/proxycfg/data_sources.go create mode 100644 agent/proxycfg/data_sources_oss.go delete mode 100644 agent/proxycfg/glue.go create mode 100644 agent/proxycfg/state_oss_test.go create mode 100644 agent/proxycfg/testing_oss.go diff --git a/agent/agent.go b/agent/agent.go index 578563bd8..6b0911ba5 100644 --- a/agent/agent.go +++ b/agent/agent.go @@ -20,7 +20,6 @@ import ( "github.com/armon/go-metrics" "github.com/armon/go-metrics/prometheus" - "github.com/hashicorp/consul/proto/pbpeering" "github.com/hashicorp/go-connlimit" "github.com/hashicorp/go-hclog" "github.com/hashicorp/go-memdb" @@ -41,6 +40,7 @@ import ( publicgrpc "github.com/hashicorp/consul/agent/grpc/public" "github.com/hashicorp/consul/agent/local" "github.com/hashicorp/consul/agent/proxycfg" + proxycfgglue "github.com/hashicorp/consul/agent/proxycfg-glue" catalogproxycfg "github.com/hashicorp/consul/agent/proxycfg-sources/catalog" localproxycfg "github.com/hashicorp/consul/agent/proxycfg-sources/local" "github.com/hashicorp/consul/agent/rpcclient/health" @@ -56,6 +56,7 @@ import ( "github.com/hashicorp/consul/lib/mutex" "github.com/hashicorp/consul/lib/routine" "github.com/hashicorp/consul/logging" + "github.com/hashicorp/consul/proto/pbpeering" "github.com/hashicorp/consul/tlsutil" "github.com/hashicorp/consul/types" ) @@ -627,10 +628,28 @@ func (a *Agent) Start(ctx context.Context) error { go a.baseDeps.ViewStore.Run(&lib.StopChannelContext{StopCh: a.shutdownCh}) // Start the proxy config manager. + proxyDataSources := proxycfg.DataSources{ + CARoots: proxycfgglue.CacheCARoots(a.cache), + CompiledDiscoveryChain: proxycfgglue.CacheCompiledDiscoveryChain(a.cache), + ConfigEntry: proxycfgglue.CacheConfigEntry(a.cache), + ConfigEntryList: proxycfgglue.CacheConfigEntryList(a.cache), + Datacenters: proxycfgglue.CacheDatacenters(a.cache), + FederationStateListMeshGateways: proxycfgglue.CacheFederationStateListMeshGateways(a.cache), + GatewayServices: proxycfgglue.CacheGatewayServices(a.cache), + Health: proxycfgglue.Health(a.rpcClientHealth), + HTTPChecks: proxycfgglue.CacheHTTPChecks(a.cache), + Intentions: proxycfgglue.CacheIntentions(a.cache), + IntentionUpstreams: proxycfgglue.CacheIntentionUpstreams(a.cache), + InternalServiceDump: proxycfgglue.CacheInternalServiceDump(a.cache), + LeafCertificate: proxycfgglue.CacheLeafCertificate(a.cache), + PreparedQuery: proxycfgglue.CachePrepraredQuery(a.cache), + ResolvedServiceConfig: proxycfgglue.CacheResolvedServiceConfig(a.cache), + ServiceList: proxycfgglue.CacheServiceList(a.cache), + } + a.fillEnterpriseProxyDataSources(&proxyDataSources) a.proxyConfig, err = proxycfg.NewManager(proxycfg.ManagerConfig{ - Cache: &proxycfg.CacheWrapper{Cache: a.cache}, - Health: &proxycfg.HealthWrapper{Health: a.rpcClientHealth}, - Logger: a.logger.Named(logging.ProxyConfig), + DataSources: proxyDataSources, + Logger: a.logger.Named(logging.ProxyConfig), Source: &structs.QuerySource{ Datacenter: a.config.Datacenter, Segment: a.config.SegmentName, diff --git a/agent/agent_oss.go b/agent/agent_oss.go index 43de920a5..39adbef81 100644 --- a/agent/agent_oss.go +++ b/agent/agent_oss.go @@ -9,6 +9,7 @@ import ( "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/config" "github.com/hashicorp/consul/agent/consul" + "github.com/hashicorp/consul/agent/proxycfg" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" ) @@ -58,3 +59,5 @@ func (a *Agent) AgentEnterpriseMeta() *acl.EnterpriseMeta { } func (a *Agent) registerEntCache() {} + +func (*Agent) fillEnterpriseProxyDataSources(*proxycfg.DataSources) {} diff --git a/agent/proxycfg-glue/glue.go b/agent/proxycfg-glue/glue.go new file mode 100644 index 000000000..7dd7a8846 --- /dev/null +++ b/agent/proxycfg-glue/glue.go @@ -0,0 +1,153 @@ +package proxycfgglue + +import ( + "context" + + "github.com/hashicorp/consul/agent/cache" + cachetype "github.com/hashicorp/consul/agent/cache-types" + "github.com/hashicorp/consul/agent/proxycfg" + "github.com/hashicorp/consul/agent/rpcclient/health" + "github.com/hashicorp/consul/agent/structs" +) + +// CacheCARoots satisfies the proxycfg.CARoots interface by sourcing data from +// the agent cache. +func CacheCARoots(c *cache.Cache) proxycfg.CARoots { + return &cacheProxyDataSource[*structs.DCSpecificRequest]{c, cachetype.ConnectCARootName} +} + +// CacheCompiledDiscoveryChain satisfies the proxycfg.CompiledDiscoveryChain +// interface by sourcing data from the agent cache. +func CacheCompiledDiscoveryChain(c *cache.Cache) proxycfg.CompiledDiscoveryChain { + return &cacheProxyDataSource[*structs.DiscoveryChainRequest]{c, cachetype.CompiledDiscoveryChainName} +} + +// CacheConfigEntry satisfies the proxycfg.ConfigEntry interface by sourcing +// data from the agent cache. +func CacheConfigEntry(c *cache.Cache) proxycfg.ConfigEntry { + return &cacheProxyDataSource[*structs.ConfigEntryQuery]{c, cachetype.ConfigEntryName} +} + +// CacheConfigEntryList satisfies the proxycfg.ConfigEntryList interface by +// sourcing data from the agent cache. +func CacheConfigEntryList(c *cache.Cache) proxycfg.ConfigEntryList { + return &cacheProxyDataSource[*structs.ConfigEntryQuery]{c, cachetype.ConfigEntryListName} +} + +// CacheDatacenters satisfies the proxycfg.Datacenters interface by sourcing +// data from the agent cache. +func CacheDatacenters(c *cache.Cache) proxycfg.Datacenters { + return &cacheProxyDataSource[*structs.DatacentersRequest]{c, cachetype.CatalogDatacentersName} +} + +// CacheFederationStateListMeshGateways satisfies the proxycfg.FederationStateListMeshGateways +// interface by sourcing data from the agent cache. +func CacheFederationStateListMeshGateways(c *cache.Cache) proxycfg.FederationStateListMeshGateways { + return &cacheProxyDataSource[*structs.DCSpecificRequest]{c, cachetype.FederationStateListMeshGatewaysName} +} + +// CacheGatewayServices satisfies the proxycfg.GatewayServices interface by +// sourcing data from the agent cache. +func CacheGatewayServices(c *cache.Cache) proxycfg.GatewayServices { + return &cacheProxyDataSource[*structs.ServiceSpecificRequest]{c, cachetype.GatewayServicesName} +} + +// CacheHTTPChecks satisifies the proxycfg.HTTPChecks interface by sourcing +// data from the agent cache. +func CacheHTTPChecks(c *cache.Cache) proxycfg.HTTPChecks { + return &cacheProxyDataSource[*cachetype.ServiceHTTPChecksRequest]{c, cachetype.ServiceHTTPChecksName} +} + +// CacheIntentions satisfies the proxycfg.Intentions interface by sourcing data +// from the agent cache. +func CacheIntentions(c *cache.Cache) proxycfg.Intentions { + return &cacheProxyDataSource[*structs.IntentionQueryRequest]{c, cachetype.IntentionMatchName} +} + +// CacheIntentionUpstreams satisfies the proxycfg.IntentionUpstreams interface +// by sourcing data from the agent cache. +func CacheIntentionUpstreams(c *cache.Cache) proxycfg.IntentionUpstreams { + return &cacheProxyDataSource[*structs.ServiceSpecificRequest]{c, cachetype.IntentionUpstreamsName} +} + +// CacheInternalServiceDump satisfies the proxycfg.InternalServiceDump +// interface by sourcing data from the agent cache. +func CacheInternalServiceDump(c *cache.Cache) proxycfg.InternalServiceDump { + return &cacheProxyDataSource[*structs.ServiceDumpRequest]{c, cachetype.InternalServiceDumpName} +} + +// CacheLeafCertificate satisifies the proxycfg.LeafCertificate interface by +// sourcing data from the agent cache. +func CacheLeafCertificate(c *cache.Cache) proxycfg.LeafCertificate { + return &cacheProxyDataSource[*cachetype.ConnectCALeafRequest]{c, cachetype.ConnectCALeafName} +} + +// CachePrepraredQuery satisfies the proxycfg.PreparedQuery interface by +// sourcing data from the agent cache. +func CachePrepraredQuery(c *cache.Cache) proxycfg.PreparedQuery { + return &cacheProxyDataSource[*structs.PreparedQueryExecuteRequest]{c, cachetype.PreparedQueryName} +} + +// CacheResolvedServiceConfig satisfies the proxycfg.ResolvedServiceConfig +// interface by sourcing data from the agent cache. +func CacheResolvedServiceConfig(c *cache.Cache) proxycfg.ResolvedServiceConfig { + return &cacheProxyDataSource[*structs.ServiceConfigRequest]{c, cachetype.ResolvedServiceConfigName} +} + +// CacheServiceList satisfies the proxycfg.ServiceList interface by sourcing +// data from the agent cache. +func CacheServiceList(c *cache.Cache) proxycfg.ServiceList { + return &cacheProxyDataSource[*structs.DCSpecificRequest]{c, cachetype.CatalogServiceListName} +} + +// cacheProxyDataSource implements a generic wrapper around the agent cache to +// provide data to the proxycfg.Manager. +type cacheProxyDataSource[ReqType cache.Request] struct { + c *cache.Cache + t string +} + +// Notify satisfies the interfaces used by proxycfg.Manager to source data by +// subscribing to notifications from the agent cache. +func (c *cacheProxyDataSource[ReqType]) Notify( + ctx context.Context, + req ReqType, + correlationID string, + ch chan<- proxycfg.UpdateEvent, +) error { + return c.c.NotifyCallback(ctx, c.t, req, correlationID, dispatchCacheUpdate(ctx, ch)) +} + +// Health wraps health.Client so that the proxycfg package doesn't need to +// reference cache.UpdateEvent directly. +func Health(client *health.Client) proxycfg.Health { + return &healthWrapper{client} +} + +type healthWrapper struct { + client *health.Client +} + +func (h *healthWrapper) Notify( + ctx context.Context, + req *structs.ServiceSpecificRequest, + correlationID string, + ch chan<- proxycfg.UpdateEvent, +) error { + return h.client.Notify(ctx, *req, correlationID, dispatchCacheUpdate(ctx, ch)) +} + +func dispatchCacheUpdate(ctx context.Context, ch chan<- proxycfg.UpdateEvent) cache.Callback { + return func(ctx context.Context, e cache.UpdateEvent) { + u := proxycfg.UpdateEvent{ + CorrelationID: e.CorrelationID, + Result: e.Result, + Err: e.Err, + } + + select { + case ch <- u: + case <-ctx.Done(): + } + } +} diff --git a/agent/proxycfg/connect_proxy.go b/agent/proxycfg/connect_proxy.go index f5d469d2e..8138a0ac0 100644 --- a/agent/proxycfg/connect_proxy.go +++ b/agent/proxycfg/connect_proxy.go @@ -32,7 +32,7 @@ func (s *handlerConnectProxy) initialize(ctx context.Context) (ConfigSnapshot, e snap.ConnectProxy.PassthroughIndices = make(map[string]indexedTarget) // Watch for root changes - err := s.cache.Notify(ctx, cachetype.ConnectCARootName, &structs.DCSpecificRequest{ + err := s.dataSources.CARoots.Notify(ctx, &structs.DCSpecificRequest{ Datacenter: s.source.Datacenter, QueryOptions: structs.QueryOptions{Token: s.token}, Source: *s.source, @@ -42,7 +42,7 @@ func (s *handlerConnectProxy) initialize(ctx context.Context) (ConfigSnapshot, e } // Watch the leaf cert - err = s.cache.Notify(ctx, cachetype.ConnectCALeafName, &cachetype.ConnectCALeafRequest{ + err = s.dataSources.LeafCertificate.Notify(ctx, &cachetype.ConnectCALeafRequest{ Datacenter: s.source.Datacenter, Token: s.token, Service: s.proxyCfg.DestinationServiceName, @@ -53,7 +53,7 @@ func (s *handlerConnectProxy) initialize(ctx context.Context) (ConfigSnapshot, e } // Watch for intention updates - err = s.cache.Notify(ctx, cachetype.IntentionMatchName, &structs.IntentionQueryRequest{ + err = s.dataSources.Intentions.Notify(ctx, &structs.IntentionQueryRequest{ Datacenter: s.source.Datacenter, QueryOptions: structs.QueryOptions{Token: s.token}, Match: &structs.IntentionQueryMatch{ @@ -72,7 +72,7 @@ func (s *handlerConnectProxy) initialize(ctx context.Context) (ConfigSnapshot, e } // Get information about the entire service mesh. - err = s.cache.Notify(ctx, cachetype.ConfigEntryName, &structs.ConfigEntryQuery{ + err = s.dataSources.ConfigEntry.Notify(ctx, &structs.ConfigEntryQuery{ Kind: structs.MeshConfig, Name: structs.MeshConfigMesh, Datacenter: s.source.Datacenter, @@ -84,7 +84,7 @@ func (s *handlerConnectProxy) initialize(ctx context.Context) (ConfigSnapshot, e } // Watch for service check updates - err = s.cache.Notify(ctx, cachetype.ServiceHTTPChecksName, &cachetype.ServiceHTTPChecksRequest{ + err = s.dataSources.HTTPChecks.Notify(ctx, &cachetype.ServiceHTTPChecksRequest{ ServiceID: s.proxyCfg.DestinationServiceID, EnterpriseMeta: s.proxyID.EnterpriseMeta, }, svcChecksWatchIDPrefix+structs.ServiceIDString(s.proxyCfg.DestinationServiceID, &s.proxyID.EnterpriseMeta), s.ch) @@ -94,7 +94,7 @@ func (s *handlerConnectProxy) initialize(ctx context.Context) (ConfigSnapshot, e if s.proxyCfg.Mode == structs.ProxyModeTransparent { // When in transparent proxy we will infer upstreams from intentions with this source - err := s.cache.Notify(ctx, cachetype.IntentionUpstreamsName, &structs.ServiceSpecificRequest{ + err := s.dataSources.IntentionUpstreams.Notify(ctx, &structs.ServiceSpecificRequest{ Datacenter: s.source.Datacenter, QueryOptions: structs.QueryOptions{Token: s.token}, ServiceName: s.proxyCfg.DestinationServiceName, @@ -156,7 +156,7 @@ func (s *handlerConnectProxy) initialize(ctx context.Context) (ConfigSnapshot, e switch u.DestinationType { case structs.UpstreamDestTypePreparedQuery: - err = s.cache.Notify(ctx, cachetype.PreparedQueryName, &structs.PreparedQueryExecuteRequest{ + err = s.dataSources.PreparedQuery.Notify(ctx, &structs.PreparedQueryExecuteRequest{ Datacenter: dc, QueryOptions: structs.QueryOptions{Token: s.token, MaxAge: defaultPreparedQueryPollInterval}, QueryIDOrName: u.DestinationName, @@ -196,7 +196,7 @@ func (s *handlerConnectProxy) initialize(ctx context.Context) (ConfigSnapshot, e continue } - err = s.cache.Notify(ctx, cachetype.CompiledDiscoveryChainName, &structs.DiscoveryChainRequest{ + err = s.dataSources.CompiledDiscoveryChain.Notify(ctx, &structs.DiscoveryChainRequest{ Datacenter: s.source.Datacenter, QueryOptions: structs.QueryOptions{Token: s.token}, Name: u.DestinationName, diff --git a/agent/proxycfg/data_sources.go b/agent/proxycfg/data_sources.go new file mode 100644 index 000000000..694c3cbf1 --- /dev/null +++ b/agent/proxycfg/data_sources.go @@ -0,0 +1,162 @@ +package proxycfg + +import ( + "context" + + cachetype "github.com/hashicorp/consul/agent/cache-types" + "github.com/hashicorp/consul/agent/structs" +) + +// UpdateEvent contains new data for a resource we are subscribed to (e.g. an +// agent cache entry). +type UpdateEvent struct { + CorrelationID string + Result interface{} + Err error +} + +// DataSources contains the dependencies used to consume data used to configure +// proxies. +type DataSources struct { + // CARoots provides updates about the CA root certificates on a notification + // channel. + CARoots CARoots + // CompiledDiscoveryChain provides updates about a service's discovery chain + // on a notification channel. + CompiledDiscoveryChain CompiledDiscoveryChain + // ConfigEntry provides updates about a single config entry on a notification + // channel. + ConfigEntry ConfigEntry + // ConfigEntryList provides updates about a list of config entries on a + // notification channel. + ConfigEntryList ConfigEntryList + // Datacenters provides updates about federated datacenters on a notification + // channel. + Datacenters Datacenters + // FederationStateListMeshGateways is the interface used to consume updates + // about mesh gateways from the federation state. + FederationStateListMeshGateways FederationStateListMeshGateways + // GatewayServices provides updates about a gateway's upstream services on a + // notification channel. + GatewayServices GatewayServices + // Health provides service health updates on a notification channel. + Health Health + // HTTPChecks provides updates about a service's HTTP and gRPC checks on a + // notification channel. + HTTPChecks HTTPChecks + // Intentions provides intention updates on a notification channel. + Intentions Intentions + // IntentionUpstreams provides intention-inferred upstream updates on a + // notification channel. + IntentionUpstreams IntentionUpstreams + // InternalServiceDump provides updates about a (gateway) service on a + // notification channel. + InternalServiceDump InternalServiceDump + // LeafCertificate provides updates about the service's leaf certificate on a + // notification channel. + LeafCertificate LeafCertificate + // PreparedQuery provides updates about the results of a prepared query. + PreparedQuery PreparedQuery + // ResolvedServiceConfig provides updates about a service's resolved config. + ResolvedServiceConfig ResolvedServiceConfig + // ServiceList provides updates about the list of all services in a datacenter + // on a notification channel. + ServiceList ServiceList + + DataSourcesEnterprise +} + +// CARoots is the interface used to consume updates about the CA root +// certificates. +type CARoots interface { + Notify(ctx context.Context, req *structs.DCSpecificRequest, correlationID string, ch chan<- UpdateEvent) error +} + +// CompiledDiscoveryChain is the interface used to consume updates about the +// compiled discovery chain for a service. +type CompiledDiscoveryChain interface { + Notify(ctx context.Context, req *structs.DiscoveryChainRequest, correlationID string, ch chan<- UpdateEvent) error +} + +// ConfigEntry is the interface used to consume updates about a single config +// entry. +type ConfigEntry interface { + Notify(ctx context.Context, req *structs.ConfigEntryQuery, correlationID string, ch chan<- UpdateEvent) error +} + +// ConfigEntry is the interface used to consume updates about a list of config +// entries. +type ConfigEntryList interface { + Notify(ctx context.Context, req *structs.ConfigEntryQuery, correlationID string, ch chan<- UpdateEvent) error +} + +// Datacenters is the interface used to consume updates about federated +// datacenters. +type Datacenters interface { + Notify(ctx context.Context, req *structs.DatacentersRequest, correlationID string, ch chan<- UpdateEvent) error +} + +// FederationStateListMeshGateways is the interface used to consume updates +// about mesh gateways from the federation state. +type FederationStateListMeshGateways interface { + Notify(ctx context.Context, req *structs.DCSpecificRequest, correlationID string, ch chan<- UpdateEvent) error +} + +// GatewayServices is the interface used to consume updates about a gateway's +// upstream services. +type GatewayServices interface { + Notify(ctx context.Context, req *structs.ServiceSpecificRequest, correlationID string, ch chan<- UpdateEvent) error +} + +// Health is the interface used to consume service health updates. +type Health interface { + Notify(ctx context.Context, req *structs.ServiceSpecificRequest, correlationID string, ch chan<- UpdateEvent) error +} + +// HTTPChecks is the interface used to consume updates about a service's HTTP +// and gRPC-based checks (in order to determine which paths to expose through +// the proxy). +type HTTPChecks interface { + Notify(ctx context.Context, req *cachetype.ServiceHTTPChecksRequest, correlationID string, ch chan<- UpdateEvent) error +} + +// Intentions is the interface used to consume intention updates. +type Intentions interface { + Notify(ctx context.Context, req *structs.IntentionQueryRequest, correlationID string, ch chan<- UpdateEvent) error +} + +// IntentionUpstreams is the interface used to consume updates about upstreams +// inferred from service intentions. +type IntentionUpstreams interface { + Notify(ctx context.Context, req *structs.ServiceSpecificRequest, correlationID string, ch chan<- UpdateEvent) error +} + +// InternalServiceDump is the interface used to consume updates about a (gateway) +// service via the internal ServiceDump RPC. +type InternalServiceDump interface { + Notify(ctx context.Context, req *structs.ServiceDumpRequest, correlationID string, ch chan<- UpdateEvent) error +} + +// LeafCertificate is the interface used to consume updates about a service's +// leaf certificate. +type LeafCertificate interface { + Notify(ctx context.Context, req *cachetype.ConnectCALeafRequest, correlationID string, ch chan<- UpdateEvent) error +} + +// PreparedQuery is the interface used to consume updates about the results of +// a prepared query. +type PreparedQuery interface { + Notify(ctx context.Context, req *structs.PreparedQueryExecuteRequest, correlationID string, ch chan<- UpdateEvent) error +} + +// ResolvedServiceConfig is the interface used to consume updates about a +// service's resolved config. +type ResolvedServiceConfig interface { + Notify(ctx context.Context, req *structs.ServiceConfigRequest, correlationID string, ch chan<- UpdateEvent) error +} + +// ServiceList is the interface used to consume updates about the list of +// all services in a datacenter. +type ServiceList interface { + Notify(ctx context.Context, req *structs.DCSpecificRequest, correlationID string, ch chan<- UpdateEvent) error +} diff --git a/agent/proxycfg/data_sources_oss.go b/agent/proxycfg/data_sources_oss.go new file mode 100644 index 000000000..e5e23d177 --- /dev/null +++ b/agent/proxycfg/data_sources_oss.go @@ -0,0 +1,6 @@ +//go:build !consulent +// +build !consulent + +package proxycfg + +type DataSourcesEnterprise struct{} diff --git a/agent/proxycfg/glue.go b/agent/proxycfg/glue.go deleted file mode 100644 index 8a25da2f8..000000000 --- a/agent/proxycfg/glue.go +++ /dev/null @@ -1,60 +0,0 @@ -// TODO(agentless): these glue types belong in the agent package, but moving -// them is a little tricky because the proxycfg tests use them. It should be -// easier to break apart once we no longer depend on cache.Notify directly. -package proxycfg - -import ( - "context" - - "github.com/hashicorp/consul/agent/cache" - "github.com/hashicorp/consul/agent/rpcclient/health" - "github.com/hashicorp/consul/agent/structs" -) - -// HealthWrapper wraps health.Client so that the rest of the proxycfg package -// doesn't need to reference cache.UpdateEvent (it will be extracted into a -// shared library in the future). -type HealthWrapper struct { - Health *health.Client -} - -func (w *HealthWrapper) Notify( - ctx context.Context, - req structs.ServiceSpecificRequest, - correlationID string, - ch chan<- UpdateEvent, -) error { - return w.Health.Notify(ctx, req, correlationID, dispatchCacheUpdate(ctx, ch)) -} - -// CacheWrapper wraps cache.Cache so that the rest of the proxycfg package -// doesn't need to reference cache.UpdateEvent (it will be extracted into a -// shared library in the future). -type CacheWrapper struct { - Cache *cache.Cache -} - -func (w *CacheWrapper) Notify( - ctx context.Context, - t string, - req cache.Request, - correlationID string, - ch chan<- UpdateEvent, -) error { - return w.Cache.NotifyCallback(ctx, t, req, correlationID, dispatchCacheUpdate(ctx, ch)) -} - -func dispatchCacheUpdate(ctx context.Context, ch chan<- UpdateEvent) cache.Callback { - return func(ctx context.Context, e cache.UpdateEvent) { - u := UpdateEvent{ - CorrelationID: e.CorrelationID, - Result: e.Result, - Err: e.Err, - } - - select { - case ch <- u: - case <-ctx.Done(): - } - } -} diff --git a/agent/proxycfg/ingress_gateway.go b/agent/proxycfg/ingress_gateway.go index 5ae299866..3fb67ddab 100644 --- a/agent/proxycfg/ingress_gateway.go +++ b/agent/proxycfg/ingress_gateway.go @@ -15,7 +15,7 @@ type handlerIngressGateway struct { func (s *handlerIngressGateway) initialize(ctx context.Context) (ConfigSnapshot, error) { snap := newConfigSnapshotFromServiceInstance(s.serviceInstance, s.stateConfig) // Watch for root changes - err := s.cache.Notify(ctx, cachetype.ConnectCARootName, &structs.DCSpecificRequest{ + err := s.dataSources.CARoots.Notify(ctx, &structs.DCSpecificRequest{ Datacenter: s.source.Datacenter, QueryOptions: structs.QueryOptions{Token: s.token}, Source: *s.source, @@ -25,7 +25,7 @@ func (s *handlerIngressGateway) initialize(ctx context.Context) (ConfigSnapshot, } // Get information about the entire service mesh. - err = s.cache.Notify(ctx, cachetype.ConfigEntryName, &structs.ConfigEntryQuery{ + err = s.dataSources.ConfigEntry.Notify(ctx, &structs.ConfigEntryQuery{ Kind: structs.MeshConfig, Name: structs.MeshConfigMesh, Datacenter: s.source.Datacenter, @@ -37,7 +37,7 @@ func (s *handlerIngressGateway) initialize(ctx context.Context) (ConfigSnapshot, } // Watch this ingress gateway's config entry - err = s.cache.Notify(ctx, cachetype.ConfigEntryName, &structs.ConfigEntryQuery{ + err = s.dataSources.ConfigEntry.Notify(ctx, &structs.ConfigEntryQuery{ Kind: structs.IngressGateway, Name: s.service, Datacenter: s.source.Datacenter, @@ -49,7 +49,7 @@ func (s *handlerIngressGateway) initialize(ctx context.Context) (ConfigSnapshot, } // Watch the ingress-gateway's list of upstreams - err = s.cache.Notify(ctx, cachetype.GatewayServicesName, &structs.ServiceSpecificRequest{ + err = s.dataSources.GatewayServices.Notify(ctx, &structs.ServiceSpecificRequest{ Datacenter: s.source.Datacenter, QueryOptions: structs.QueryOptions{Token: s.token}, ServiceName: s.service, @@ -195,7 +195,7 @@ func (s *handlerIngressGateway) watchIngressLeafCert(ctx context.Context, snap * snap.IngressGateway.LeafCertWatchCancel() } ctx, cancel := context.WithCancel(ctx) - err := s.cache.Notify(ctx, cachetype.ConnectCALeafName, &cachetype.ConnectCALeafRequest{ + err := s.dataSources.LeafCertificate.Notify(ctx, &cachetype.ConnectCALeafRequest{ Datacenter: s.source.Datacenter, Token: s.token, Service: s.service, diff --git a/agent/proxycfg/manager.go b/agent/proxycfg/manager.go index 5723808f5..3de11b3f8 100644 --- a/agent/proxycfg/manager.go +++ b/agent/proxycfg/manager.go @@ -57,11 +57,9 @@ type Manager struct { // panic. The ManagerConfig is passed by value to NewManager so the passed value // can be mutated safely. type ManagerConfig struct { - // Cache is the agent's cache instance that can be used to retrieve, store and - // monitor state for the proxies. - Cache CacheNotifier - // Health provides service health updates on a notification channel. - Health Health + // DataSources contains the dependencies used to consume data used to configure + // proxies. + DataSources DataSources // source describes the current agent's identity, it's used directly for // prepared query discovery but also indirectly as a way to pass current // Datacenter name into other request types that need it. This is sufficient @@ -81,7 +79,7 @@ type ManagerConfig struct { // NewManager constructs a Manager. func NewManager(cfg ManagerConfig) (*Manager, error) { - if cfg.Cache == nil || cfg.Source == nil || cfg.Logger == nil { + if cfg.Source == nil || cfg.Logger == nil { return nil, errors.New("all ManagerConfig fields must be provided") } m := &Manager{ @@ -135,8 +133,7 @@ func (m *Manager) Register(id ProxyID, ns *structs.NodeService, source ProxySour // TODO: move to a function that translates ManagerConfig->stateConfig stateConfig := stateConfig{ logger: m.Logger.With("service_id", id.String()), - cache: m.Cache, - health: m.Health, + dataSources: m.DataSources, source: m.Source, dnsConfig: m.DNSConfig, intentionDefaultAllow: m.IntentionDefaultAllow, diff --git a/agent/proxycfg/manager_test.go b/agent/proxycfg/manager_test.go index 2e8b305d1..402b48bc8 100644 --- a/agent/proxycfg/manager_test.go +++ b/agent/proxycfg/manager_test.go @@ -2,20 +2,16 @@ package proxycfg import ( "context" - "path" "testing" "time" "github.com/mitchellh/copystructure" "github.com/stretchr/testify/require" - "golang.org/x/time/rate" "github.com/hashicorp/consul/acl" - "github.com/hashicorp/consul/agent/cache" cachetype "github.com/hashicorp/consul/agent/cache-types" "github.com/hashicorp/consul/agent/connect" "github.com/hashicorp/consul/agent/consul/discoverychain" - "github.com/hashicorp/consul/agent/rpcclient/health" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/sdk/testutil" @@ -31,25 +27,22 @@ func mustCopyProxyConfig(t *testing.T, ns *structs.NodeService) structs.ConnectP // assertLastReqArgs verifies that each request type had the correct source // parameters (e.g. Datacenter name) and token. -func assertLastReqArgs(t *testing.T, types *TestCacheTypes, token string, source *structs.QuerySource) { +func assertLastReqArgs(t *testing.T, dataSources *TestDataSources, token string, source *structs.QuerySource) { t.Helper() // Roots needs correct DC and token - rootReq := types.roots.lastReq.Load() - require.IsType(t, rootReq, &structs.DCSpecificRequest{}) - require.Equal(t, token, rootReq.(*structs.DCSpecificRequest).Token) - require.Equal(t, source.Datacenter, rootReq.(*structs.DCSpecificRequest).Datacenter) + rootReq := dataSources.CARoots.LastReq() + require.Equal(t, token, rootReq.Token) + require.Equal(t, source.Datacenter, rootReq.Datacenter) // Leaf needs correct DC and token - leafReq := types.leaf.lastReq.Load() - require.IsType(t, leafReq, &cachetype.ConnectCALeafRequest{}) - require.Equal(t, token, leafReq.(*cachetype.ConnectCALeafRequest).Token) - require.Equal(t, source.Datacenter, leafReq.(*cachetype.ConnectCALeafRequest).Datacenter) + leafReq := dataSources.LeafCertificate.LastReq() + require.Equal(t, token, leafReq.Token) + require.Equal(t, source.Datacenter, leafReq.Datacenter) // Intentions needs correct DC and token - intReq := types.intentions.lastReq.Load() - require.IsType(t, intReq, &structs.IntentionQueryRequest{}) - require.Equal(t, token, intReq.(*structs.IntentionQueryRequest).Token) - require.Equal(t, source.Datacenter, intReq.(*structs.IntentionQueryRequest).Datacenter) + intReq := dataSources.Intentions.LastReq() + require.Equal(t, token, intReq.Token) + require.Equal(t, source.Datacenter, intReq.Datacenter) } func TestManager_BasicLifecycle(t *testing.T) { @@ -125,16 +118,17 @@ func TestManager_BasicLifecycle(t *testing.T) { }, } - rootsCacheKey := testGenCacheKey(&structs.DCSpecificRequest{ + rootsReq := &structs.DCSpecificRequest{ Datacenter: "dc1", QueryOptions: structs.QueryOptions{Token: "my-token"}, - }) - leafCacheKey := testGenCacheKey(&cachetype.ConnectCALeafRequest{ + } + leafReq := &cachetype.ConnectCALeafRequest{ Datacenter: "dc1", Token: "my-token", Service: "web", - }) - intentionCacheKey := testGenCacheKey(&structs.IntentionQueryRequest{ + } + + intentionReq := &structs.IntentionQueryRequest{ Datacenter: "dc1", QueryOptions: structs.QueryOptions{Token: "my-token"}, Match: &structs.IntentionQueryMatch{ @@ -147,16 +141,17 @@ func TestManager_BasicLifecycle(t *testing.T) { }, }, }, - }) - meshCacheKey := testGenCacheKey(&structs.ConfigEntryQuery{ + } + + meshConfigReq := &structs.ConfigEntryQuery{ Datacenter: "dc1", QueryOptions: structs.QueryOptions{Token: "my-token"}, Kind: structs.MeshConfig, Name: structs.MeshConfigMesh, EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(), - }) + } - dbChainCacheKey := testGenCacheKey(&structs.DiscoveryChainRequest{ + dbChainReq := &structs.DiscoveryChainRequest{ Name: "db", EvaluateInDatacenter: "dc1", EvaluateInNamespace: "default", @@ -166,16 +161,16 @@ func TestManager_BasicLifecycle(t *testing.T) { OverrideConnectTimeout: 1 * time.Second, Datacenter: "dc1", QueryOptions: structs.QueryOptions{Token: "my-token"}, - }) + } - dbHealthCacheKey := testGenCacheKey(&structs.ServiceSpecificRequest{ + dbHealthReq := &structs.ServiceSpecificRequest{ Datacenter: "dc1", QueryOptions: structs.QueryOptions{Token: "my-token", Filter: ""}, ServiceName: "db", Connect: true, EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(), - }) - db_v1_HealthCacheKey := testGenCacheKey(&structs.ServiceSpecificRequest{ + } + db_v1_HealthReq := &structs.ServiceSpecificRequest{ Datacenter: "dc1", QueryOptions: structs.QueryOptions{Token: "my-token", Filter: "Service.Meta.version == v1", @@ -183,8 +178,8 @@ func TestManager_BasicLifecycle(t *testing.T) { ServiceName: "db", Connect: true, EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(), - }) - db_v2_HealthCacheKey := testGenCacheKey(&structs.ServiceSpecificRequest{ + } + db_v2_HealthReq := &structs.ServiceSpecificRequest{ Datacenter: "dc1", QueryOptions: structs.QueryOptions{Token: "my-token", Filter: "Service.Meta.version == v2", @@ -192,7 +187,7 @@ func TestManager_BasicLifecycle(t *testing.T) { ServiceName: "db", Connect: true, EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(), - }) + } db := structs.NewServiceName("db", nil) dbUID := NewUpstreamIDFromServiceName(db) @@ -201,12 +196,12 @@ func TestManager_BasicLifecycle(t *testing.T) { tests := []*testcase_BasicLifecycle{ { name: "simple-default-resolver", - setup: func(t *testing.T, types *TestCacheTypes) { + setup: func(t *testing.T, dataSources *TestDataSources) { // Note that we deliberately leave the 'geo-cache' prepared query to time out - types.health.Set(dbHealthCacheKey, &structs.IndexedCheckServiceNodes{ + dataSources.Health.Set(dbHealthReq, &structs.IndexedCheckServiceNodes{ Nodes: TestUpstreamNodes(t, db.Name), }) - types.compiledChain.Set(dbChainCacheKey, &structs.DiscoveryChainResponse{ + dataSources.CompiledDiscoveryChain.Set(dbChainReq, &structs.DiscoveryChainResponse{ Chain: dbDefaultChain(), }) }, @@ -257,15 +252,15 @@ func TestManager_BasicLifecycle(t *testing.T) { }, { name: "chain-resolver-with-version-split", - setup: func(t *testing.T, types *TestCacheTypes) { + setup: func(t *testing.T, dataSources *TestDataSources) { // Note that we deliberately leave the 'geo-cache' prepared query to time out - types.health.Set(db_v1_HealthCacheKey, &structs.IndexedCheckServiceNodes{ + dataSources.Health.Set(db_v1_HealthReq, &structs.IndexedCheckServiceNodes{ Nodes: TestUpstreamNodes(t, db.Name), }) - types.health.Set(db_v2_HealthCacheKey, &structs.IndexedCheckServiceNodes{ + dataSources.Health.Set(db_v2_HealthReq, &structs.IndexedCheckServiceNodes{ Nodes: TestUpstreamNodesAlternate(t), }) - types.compiledChain.Set(dbChainCacheKey, &structs.DiscoveryChainResponse{ + dataSources.CompiledDiscoveryChain.Set(dbChainReq, &structs.DiscoveryChainResponse{ Chain: dbSplitChain(), }) }, @@ -322,15 +317,13 @@ func TestManager_BasicLifecycle(t *testing.T) { require.NotNil(t, tt.setup) require.NotNil(t, tt.expectSnap) - // Use a mocked cache to make life simpler - types := NewTestCacheTypes(t) - // Setup initial values - types.roots.Set(rootsCacheKey, roots) - types.leaf.Set(leafCacheKey, leaf) - types.intentions.Set(intentionCacheKey, TestIntentions()) - types.configEntry.Set(meshCacheKey, &structs.ConfigEntryResponse{Entry: nil}) - tt.setup(t, types) + dataSources := NewTestDataSources() + dataSources.LeafCertificate.Set(leafReq, leaf) + dataSources.CARoots.Set(rootsReq, roots) + dataSources.Intentions.Set(intentionReq, TestIntentions()) + dataSources.ConfigEntry.Set(meshConfigReq, &structs.ConfigEntryResponse{Entry: nil}) + tt.setup(t, dataSources) expectSnapCopy, err := copystructure.Copy(tt.expectSnap) require.NoError(t, err) @@ -338,8 +331,9 @@ func TestManager_BasicLifecycle(t *testing.T) { webProxyCopy, err := copystructure.Copy(webProxy) require.NoError(t, err) - testManager_BasicLifecycle(t, types, - rootsCacheKey, leafCacheKey, + testManager_BasicLifecycle(t, + dataSources, + rootsReq, leafReq, roots, webProxyCopy.(*structs.NodeService), expectSnapCopy.(*ConfigSnapshot), @@ -350,30 +344,28 @@ func TestManager_BasicLifecycle(t *testing.T) { type testcase_BasicLifecycle struct { name string - setup func(t *testing.T, types *TestCacheTypes) + setup func(t *testing.T, dataSources *TestDataSources) webProxy *structs.NodeService expectSnap *ConfigSnapshot } func testManager_BasicLifecycle( t *testing.T, - types *TestCacheTypes, - rootsCacheKey, leafCacheKey string, + dataSources *TestDataSources, + rootsReq *structs.DCSpecificRequest, + leafReq *cachetype.ConnectCALeafRequest, roots *structs.IndexedCARoots, webProxy *structs.NodeService, expectSnap *ConfigSnapshot, ) { - c := TestCacheWithTypes(t, types) - logger := testutil.Logger(t) source := &structs.QuerySource{Datacenter: "dc1"} // Create manager m, err := NewManager(ManagerConfig{ - Cache: &CacheWrapper{c}, - Health: &HealthWrapper{&health.Client{Cache: c, CacheName: cachetype.HealthServicesName}}, - Source: source, - Logger: logger, + Source: source, + Logger: logger, + DataSources: dataSources.ToDataSources(), }) require.NoError(t, err) @@ -396,7 +388,7 @@ func testManager_BasicLifecycle( assertWatchChanRecvs(t, wCh, expectSnap) require.True(t, time.Since(start) >= coalesceTimeout) - assertLastReqArgs(t, types, "my-token", source) + assertLastReqArgs(t, dataSources, "my-token", source) // Update NodeConfig webProxy.Port = 7777 @@ -420,11 +412,11 @@ func testManager_BasicLifecycle( // This is actually sort of timing dependent - the cache background fetcher // will still be fetching with the old token, but we rely on the fact that our // mock type will have been blocked on those for a while. - assertLastReqArgs(t, types, "other-token", source) + assertLastReqArgs(t, dataSources, "other-token", source) // Update roots newRoots, newLeaf := TestCerts(t) newRoots.Roots = append(newRoots.Roots, roots.Roots...) - types.roots.Set(rootsCacheKey, newRoots) + dataSources.CARoots.Set(rootsReq, newRoots) // Expect new roots in snapshot expectSnap.Roots = newRoots @@ -432,7 +424,7 @@ func testManager_BasicLifecycle( assertWatchChanRecvs(t, wCh2, expectSnap) // Update leaf - types.leaf.Set(leafCacheKey, newLeaf) + dataSources.LeafCertificate.Set(leafReq, newLeaf) // Expect new roots in snapshot expectSnap.ConnectProxy.Leaf = newLeaf @@ -500,7 +492,6 @@ func TestManager_deliverLatest(t *testing.T) { // None of these need to do anything to test this method just be valid logger := testutil.Logger(t) cfg := ManagerConfig{ - Cache: &CacheWrapper{cache.New(cache.Options{EntryFetchRate: rate.Inf, EntryFetchMaxBurst: 2})}, Source: &structs.QuerySource{ Node: "node1", Datacenter: "dc1", @@ -555,21 +546,14 @@ func TestManager_deliverLatest(t *testing.T) { require.Equal(t, snap2, <-ch5) } -func testGenCacheKey(req cache.Request) string { - info := req.CacheInfo() - return path.Join(info.Key, info.Datacenter) -} - func TestManager_SyncState_No_Notify(t *testing.T) { - types := NewTestCacheTypes(t) - c := TestCacheWithTypes(t, types) + dataSources := NewTestDataSources() logger := testutil.Logger(t) m, err := NewManager(ManagerConfig{ - Cache: &CacheWrapper{c}, - Health: &HealthWrapper{&health.Client{Cache: c, CacheName: cachetype.HealthServicesName}}, - Source: &structs.QuerySource{Datacenter: "dc1"}, - Logger: logger, + Source: &structs.QuerySource{Datacenter: "dc1"}, + Logger: logger, + DataSources: dataSources.ToDataSources(), }) require.NoError(t, err) defer m.Close() diff --git a/agent/proxycfg/mesh_gateway.go b/agent/proxycfg/mesh_gateway.go index fb212a2f4..45b80b552 100644 --- a/agent/proxycfg/mesh_gateway.go +++ b/agent/proxycfg/mesh_gateway.go @@ -6,7 +6,6 @@ import ( "strings" "time" - cachetype "github.com/hashicorp/consul/agent/cache-types" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/logging" ) @@ -19,7 +18,7 @@ type handlerMeshGateway struct { func (s *handlerMeshGateway) initialize(ctx context.Context) (ConfigSnapshot, error) { snap := newConfigSnapshotFromServiceInstance(s.serviceInstance, s.stateConfig) // Watch for root changes - err := s.cache.Notify(ctx, cachetype.ConnectCARootName, &structs.DCSpecificRequest{ + err := s.dataSources.CARoots.Notify(ctx, &structs.DCSpecificRequest{ Datacenter: s.source.Datacenter, QueryOptions: structs.QueryOptions{Token: s.token}, Source: *s.source, @@ -34,7 +33,7 @@ func (s *handlerMeshGateway) initialize(ctx context.Context) (ConfigSnapshot, er // Eventually we will have to watch connect enabled instances for each service as well as the // destination services themselves but those notifications will be setup later. // We cannot setup those watches until we know what the services are. - err = s.cache.Notify(ctx, cachetype.CatalogServiceListName, &structs.DCSpecificRequest{ + err = s.dataSources.ServiceList.Notify(ctx, &structs.DCSpecificRequest{ Datacenter: s.source.Datacenter, QueryOptions: structs.QueryOptions{Token: s.token}, Source: *s.source, @@ -46,7 +45,7 @@ func (s *handlerMeshGateway) initialize(ctx context.Context) (ConfigSnapshot, er } // Watch service-resolvers so we can setup service subset clusters - err = s.cache.Notify(ctx, cachetype.ConfigEntryListName, &structs.ConfigEntryQuery{ + err = s.dataSources.ConfigEntryList.Notify(ctx, &structs.ConfigEntryQuery{ Datacenter: s.source.Datacenter, QueryOptions: structs.QueryOptions{Token: s.token}, Kind: structs.ServiceResolver, @@ -85,7 +84,7 @@ func (s *handlerMeshGateway) initializeCrossDCWatches(ctx context.Context) error // Conveniently we can just use this service meta attribute in one // place here to set the machinery in motion and leave the conditional // behavior out of the rest of the package. - err := s.cache.Notify(ctx, cachetype.FederationStateListMeshGatewaysName, &structs.DCSpecificRequest{ + err := s.dataSources.FederationStateListMeshGateways.Notify(ctx, &structs.DCSpecificRequest{ Datacenter: s.source.Datacenter, QueryOptions: structs.QueryOptions{Token: s.token}, Source: *s.source, @@ -94,7 +93,7 @@ func (s *handlerMeshGateway) initializeCrossDCWatches(ctx context.Context) error return err } - err = s.health.Notify(ctx, structs.ServiceSpecificRequest{ + err = s.dataSources.Health.Notify(ctx, &structs.ServiceSpecificRequest{ Datacenter: s.source.Datacenter, QueryOptions: structs.QueryOptions{Token: s.token}, ServiceName: structs.ConsulServiceName, @@ -104,7 +103,7 @@ func (s *handlerMeshGateway) initializeCrossDCWatches(ctx context.Context) error } } - err := s.cache.Notify(ctx, cachetype.CatalogDatacentersName, &structs.DatacentersRequest{ + err := s.dataSources.Datacenters.Notify(ctx, &structs.DatacentersRequest{ QueryOptions: structs.QueryOptions{Token: s.token, MaxAge: 30 * time.Second}, }, datacentersWatchID, s.ch) if err != nil { @@ -168,7 +167,7 @@ func (s *handlerMeshGateway) handleUpdate(ctx context.Context, u UpdateEvent, sn if _, ok := snap.MeshGateway.WatchedServices[svc]; !ok { ctx, cancel := context.WithCancel(ctx) - err := s.health.Notify(ctx, structs.ServiceSpecificRequest{ + err := s.dataSources.Health.Notify(ctx, &structs.ServiceSpecificRequest{ Datacenter: s.source.Datacenter, QueryOptions: structs.QueryOptions{Token: s.token}, ServiceName: svc.Name, @@ -220,7 +219,7 @@ func (s *handlerMeshGateway) handleUpdate(ctx context.Context, u UpdateEvent, sn if _, ok := snap.MeshGateway.WatchedGateways[gk.String()]; !ok { ctx, cancel := context.WithCancel(ctx) - err := s.cache.Notify(ctx, cachetype.InternalServiceDumpName, &structs.ServiceDumpRequest{ + err := s.dataSources.InternalServiceDump.Notify(ctx, &structs.ServiceDumpRequest{ Datacenter: dc, QueryOptions: structs.QueryOptions{Token: s.token}, ServiceKind: structs.ServiceKindMeshGateway, diff --git a/agent/proxycfg/state.go b/agent/proxycfg/state.go index 5a844fea9..4ac17ebd7 100644 --- a/agent/proxycfg/state.go +++ b/agent/proxycfg/state.go @@ -11,29 +11,11 @@ import ( "github.com/hashicorp/go-hclog" "github.com/mitchellh/copystructure" - "github.com/hashicorp/consul/agent/cache" cachetype "github.com/hashicorp/consul/agent/cache-types" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/logging" ) -// UpdateEvent contains new data for a resource we are subscribed to (e.g. an -// agent cache entry). -type UpdateEvent struct { - CorrelationID string - Result interface{} - Err error -} - -type CacheNotifier interface { - Notify(ctx context.Context, t string, r cache.Request, - correlationID string, ch chan<- UpdateEvent) error -} - -type Health interface { - Notify(ctx context.Context, req structs.ServiceSpecificRequest, correlationID string, ch chan<- UpdateEvent) error -} - const ( coalesceTimeout = 200 * time.Millisecond rootsWatchID = "roots" @@ -61,8 +43,7 @@ const ( type stateConfig struct { logger hclog.Logger source *structs.QuerySource - cache CacheNotifier - health Health + dataSources DataSources dnsConfig DNSConfig serverSNIFn ServerSNIFunc intentionDefaultAllow bool @@ -458,16 +439,16 @@ func hostnameEndpoints(logger hclog.Logger, localKey GatewayKey, nodes structs.C } type gatewayWatchOpts struct { - notifier CacheNotifier - notifyCh chan UpdateEvent - source structs.QuerySource - token string - key GatewayKey - upstreamID UpstreamID + internalServiceDump InternalServiceDump + notifyCh chan UpdateEvent + source structs.QuerySource + token string + key GatewayKey + upstreamID UpstreamID } func watchMeshGateway(ctx context.Context, opts gatewayWatchOpts) error { - return opts.notifier.Notify(ctx, cachetype.InternalServiceDumpName, &structs.ServiceDumpRequest{ + return opts.internalServiceDump.Notify(ctx, &structs.ServiceDumpRequest{ Datacenter: opts.key.Datacenter, QueryOptions: structs.QueryOptions{Token: opts.token}, ServiceKind: structs.ServiceKindMeshGateway, diff --git a/agent/proxycfg/state_oss_test.go b/agent/proxycfg/state_oss_test.go new file mode 100644 index 000000000..0034041f7 --- /dev/null +++ b/agent/proxycfg/state_oss_test.go @@ -0,0 +1,6 @@ +//go:build !consulent +// +build !consulent + +package proxycfg + +func recordWatchesEnterprise(*stateConfig, *watchRecorder) {} diff --git a/agent/proxycfg/state_test.go b/agent/proxycfg/state_test.go index a165b263e..a2fa5914f 100644 --- a/agent/proxycfg/state_test.go +++ b/agent/proxycfg/state_test.go @@ -11,10 +11,8 @@ import ( "github.com/stretchr/testify/require" "github.com/hashicorp/consul/acl" - "github.com/hashicorp/consul/agent/cache" cachetype "github.com/hashicorp/consul/agent/cache-types" "github.com/hashicorp/consul/agent/consul/discoverychain" - "github.com/hashicorp/consul/agent/rpcclient/health" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/sdk/testutil" ) @@ -114,100 +112,89 @@ func TestStateChanged(t *testing.T) { } } -type testCacheNotifierRequest struct { - cacheType string - request cache.Request - cb func(UpdateEvent) +func recordWatches(sc *stateConfig) *watchRecorder { + wr := newWatchRecorder() + + sc.dataSources = DataSources{ + CARoots: typedWatchRecorder[*structs.DCSpecificRequest]{wr}, + CompiledDiscoveryChain: typedWatchRecorder[*structs.DiscoveryChainRequest]{wr}, + ConfigEntry: typedWatchRecorder[*structs.ConfigEntryQuery]{wr}, + ConfigEntryList: typedWatchRecorder[*structs.ConfigEntryQuery]{wr}, + Datacenters: typedWatchRecorder[*structs.DatacentersRequest]{wr}, + FederationStateListMeshGateways: typedWatchRecorder[*structs.DCSpecificRequest]{wr}, + GatewayServices: typedWatchRecorder[*structs.ServiceSpecificRequest]{wr}, + Health: typedWatchRecorder[*structs.ServiceSpecificRequest]{wr}, + HTTPChecks: typedWatchRecorder[*cachetype.ServiceHTTPChecksRequest]{wr}, + Intentions: typedWatchRecorder[*structs.IntentionQueryRequest]{wr}, + IntentionUpstreams: typedWatchRecorder[*structs.ServiceSpecificRequest]{wr}, + InternalServiceDump: typedWatchRecorder[*structs.ServiceDumpRequest]{wr}, + LeafCertificate: typedWatchRecorder[*cachetype.ConnectCALeafRequest]{wr}, + PreparedQuery: typedWatchRecorder[*structs.PreparedQueryExecuteRequest]{wr}, + ResolvedServiceConfig: typedWatchRecorder[*structs.ServiceConfigRequest]{wr}, + ServiceList: typedWatchRecorder[*structs.DCSpecificRequest]{wr}, + } + recordWatchesEnterprise(sc, wr) + + return wr } -type testCacheNotifier struct { - lock sync.RWMutex - notifiers map[string]testCacheNotifierRequest -} - -func newTestCacheNotifier() *testCacheNotifier { - return &testCacheNotifier{ - notifiers: make(map[string]testCacheNotifierRequest), +func newWatchRecorder() *watchRecorder { + return &watchRecorder{ + watches: make(map[string]any), } } -func (cn *testCacheNotifier) Notify(ctx context.Context, t string, r cache.Request, correlationId string, ch chan<- UpdateEvent) error { - cn.lock.Lock() - cn.notifiers[correlationId] = testCacheNotifierRequest{t, r, func(event UpdateEvent) { ch <- event }} - cn.lock.Unlock() +type watchRecorder struct { + mu sync.Mutex + watches map[string]any +} + +func (r *watchRecorder) record(correlationID string, req any) { + r.mu.Lock() + r.watches[correlationID] = req + r.mu.Unlock() +} + +func (r *watchRecorder) verify(t *testing.T, correlationID string, verifyFn verifyWatchRequest) { + t.Helper() + + r.mu.Lock() + req, ok := r.watches[correlationID] + r.mu.Unlock() + + require.True(t, ok, "No such watch for Correlation ID: %q", correlationID) + + if verifyFn != nil { + verifyFn(t, req) + } +} + +type typedWatchRecorder[ReqType any] struct { + recorder *watchRecorder +} + +func (r typedWatchRecorder[ReqType]) Notify(_ context.Context, req ReqType, correlationID string, _ chan<- UpdateEvent) error { + r.recorder.record(correlationID, req) return nil } -// NotifyCallback satisfies the health.CacheGetter interface. -func (cn *testCacheNotifier) NotifyCallback(ctx context.Context, t string, r cache.Request, correlationId string, cb cache.Callback) error { - cn.lock.Lock() - cn.notifiers[correlationId] = testCacheNotifierRequest{t, r, func(event UpdateEvent) { - cb(ctx, cache.UpdateEvent{ - CorrelationID: event.CorrelationID, - Result: event.Result, - Err: event.Err, - }) - }} - cn.lock.Unlock() - return nil -} - -func (cn *testCacheNotifier) Get(ctx context.Context, t string, r cache.Request) (interface{}, cache.ResultMeta, error) { - panic("Get: not implemented") -} - -func (cn *testCacheNotifier) getNotifierRequest(t testing.TB, correlationId string) testCacheNotifierRequest { - cn.lock.RLock() - req, ok := cn.notifiers[correlationId] - cn.lock.RUnlock() - require.True(t, ok, "Correlation ID: %s is missing", correlationId) - return req -} - -func (cn *testCacheNotifier) sendNotification(t testing.TB, correlationId string, event UpdateEvent) { - req := cn.getNotifierRequest(t, correlationId) - require.NotNil(t, req.cb) - req.cb(event) -} - -func (cn *testCacheNotifier) verifyWatch(t testing.TB, correlationId string) (string, cache.Request) { - // t.Logf("Watches: %+v", cn.notifiers) - req := cn.getNotifierRequest(t, correlationId) - require.NotNil(t, req.cb) - return req.cacheType, req.request -} - -type verifyWatchRequest func(t testing.TB, cacheType string, request cache.Request) - -func genVerifyDCSpecificWatch(expectedCacheType string, expectedDatacenter string) verifyWatchRequest { - return func(t testing.TB, cacheType string, request cache.Request) { - require.Equal(t, expectedCacheType, cacheType) +type verifyWatchRequest func(t testing.TB, request any) +func genVerifyDCSpecificWatch(expectedDatacenter string) verifyWatchRequest { + return func(t testing.TB, request any) { reqReal, ok := request.(*structs.DCSpecificRequest) require.True(t, ok) require.Equal(t, expectedDatacenter, reqReal.Datacenter) } } -func genVerifyRootsWatch(expectedDatacenter string) verifyWatchRequest { - return genVerifyDCSpecificWatch(cachetype.ConnectCARootName, expectedDatacenter) -} - -func genVerifyListServicesWatch(expectedDatacenter string) verifyWatchRequest { - return genVerifyDCSpecificWatch(cachetype.CatalogServiceListName, expectedDatacenter) -} - -func verifyDatacentersWatch(t testing.TB, cacheType string, request cache.Request) { - require.Equal(t, cachetype.CatalogDatacentersName, cacheType) - +func verifyDatacentersWatch(t testing.TB, request any) { _, ok := request.(*structs.DatacentersRequest) require.True(t, ok) } func genVerifyLeafWatchWithDNSSANs(expectedService string, expectedDatacenter string, expectedDNSSANs []string) verifyWatchRequest { - return func(t testing.TB, cacheType string, request cache.Request) { - require.Equal(t, cachetype.ConnectCALeafName, cacheType) - + return func(t testing.TB, request any) { reqReal, ok := request.(*cachetype.ConnectCALeafRequest) require.True(t, ok) require.Equal(t, expectedDatacenter, reqReal.Datacenter) @@ -221,9 +208,7 @@ func genVerifyLeafWatch(expectedService string, expectedDatacenter string) verif } func genVerifyResolverWatch(expectedService, expectedDatacenter, expectedKind string) verifyWatchRequest { - return func(t testing.TB, cacheType string, request cache.Request) { - require.Equal(t, cachetype.ConfigEntryName, cacheType) - + return func(t testing.TB, request any) { reqReal, ok := request.(*structs.ConfigEntryQuery) require.True(t, ok) require.Equal(t, expectedDatacenter, reqReal.Datacenter) @@ -233,9 +218,7 @@ func genVerifyResolverWatch(expectedService, expectedDatacenter, expectedKind st } func genVerifyResolvedConfigWatch(expectedService string, expectedDatacenter string) verifyWatchRequest { - return func(t testing.TB, cacheType string, request cache.Request) { - require.Equal(t, cachetype.ResolvedServiceConfigName, cacheType) - + return func(t testing.TB, request any) { reqReal, ok := request.(*structs.ServiceConfigRequest) require.True(t, ok) require.Equal(t, expectedDatacenter, reqReal.Datacenter) @@ -244,9 +227,7 @@ func genVerifyResolvedConfigWatch(expectedService string, expectedDatacenter str } func genVerifyIntentionWatch(expectedService string, expectedDatacenter string) verifyWatchRequest { - return func(t testing.TB, cacheType string, request cache.Request) { - require.Equal(t, cachetype.IntentionMatchName, cacheType) - + return func(t testing.TB, request any) { reqReal, ok := request.(*structs.IntentionQueryRequest) require.True(t, ok) require.Equal(t, expectedDatacenter, reqReal.Datacenter) @@ -258,21 +239,8 @@ func genVerifyIntentionWatch(expectedService string, expectedDatacenter string) } } -func genVerifyIntentionUpstreamsWatch(expectedService string, expectedDatacenter string) verifyWatchRequest { - return func(t testing.TB, cacheType string, request cache.Request) { - require.Equal(t, cachetype.IntentionUpstreamsName, cacheType) - - reqReal, ok := request.(*structs.ServiceSpecificRequest) - require.True(t, ok) - require.Equal(t, expectedDatacenter, reqReal.Datacenter) - require.Equal(t, expectedService, reqReal.ServiceName) - } -} - func genVerifyPreparedQueryWatch(expectedName string, expectedDatacenter string) verifyWatchRequest { - return func(t testing.TB, cacheType string, request cache.Request) { - require.Equal(t, cachetype.PreparedQueryName, cacheType) - + return func(t testing.TB, request any) { reqReal, ok := request.(*structs.PreparedQueryExecuteRequest) require.True(t, ok) require.Equal(t, expectedDatacenter, reqReal.Datacenter) @@ -282,9 +250,7 @@ func genVerifyPreparedQueryWatch(expectedName string, expectedDatacenter string) } func genVerifyDiscoveryChainWatch(expected *structs.DiscoveryChainRequest) verifyWatchRequest { - return func(t testing.TB, cacheType string, request cache.Request) { - require.Equal(t, cachetype.CompiledDiscoveryChainName, cacheType) - + return func(t testing.TB, request any) { reqReal, ok := request.(*structs.DiscoveryChainRequest) require.True(t, ok) require.Equal(t, expected, reqReal) @@ -292,9 +258,7 @@ func genVerifyDiscoveryChainWatch(expected *structs.DiscoveryChainRequest) verif } func genVerifyMeshConfigWatch(expectedDatacenter string) verifyWatchRequest { - return func(t testing.TB, cacheType string, request cache.Request) { - require.Equal(t, cachetype.ConfigEntryName, cacheType) - + return func(t testing.TB, request any) { reqReal, ok := request.(*structs.ConfigEntryQuery) require.True(t, ok) require.Equal(t, expectedDatacenter, reqReal.Datacenter) @@ -304,9 +268,7 @@ func genVerifyMeshConfigWatch(expectedDatacenter string) verifyWatchRequest { } func genVerifyGatewayWatch(expectedDatacenter string) verifyWatchRequest { - return func(t testing.TB, cacheType string, request cache.Request) { - require.Equal(t, cachetype.InternalServiceDumpName, cacheType) - + return func(t testing.TB, request any) { reqReal, ok := request.(*structs.ServiceDumpRequest) require.True(t, ok) require.Equal(t, expectedDatacenter, reqReal.Datacenter) @@ -316,10 +278,8 @@ func genVerifyGatewayWatch(expectedDatacenter string) verifyWatchRequest { } } -func genVerifyServiceSpecificRequest(expectedCacheType, expectedService, expectedFilter, expectedDatacenter string, connect bool) verifyWatchRequest { - return func(t testing.TB, cacheType string, request cache.Request) { - require.Equal(t, expectedCacheType, cacheType) - +func genVerifyServiceSpecificRequest(expectedService, expectedFilter, expectedDatacenter string, connect bool) verifyWatchRequest { + return func(t testing.TB, request any) { reqReal, ok := request.(*structs.ServiceSpecificRequest) require.True(t, ok) require.Equal(t, expectedDatacenter, reqReal.Datacenter) @@ -329,18 +289,12 @@ func genVerifyServiceSpecificRequest(expectedCacheType, expectedService, expecte } } -func genVerifyServiceWatch(expectedService, expectedFilter, expectedDatacenter string, connect bool) verifyWatchRequest { - return genVerifyServiceSpecificRequest(cachetype.HealthServicesName, expectedService, expectedFilter, expectedDatacenter, connect) -} - func genVerifyGatewayServiceWatch(expectedService, expectedDatacenter string) verifyWatchRequest { - return genVerifyServiceSpecificRequest(cachetype.GatewayServicesName, expectedService, "", expectedDatacenter, false) + return genVerifyServiceSpecificRequest(expectedService, "", expectedDatacenter, false) } func genVerifyConfigEntryWatch(expectedKind, expectedName, expectedDatacenter string) verifyWatchRequest { - return func(t testing.TB, cacheType string, request cache.Request) { - require.Equal(t, cachetype.ConfigEntryName, cacheType) - + return func(t testing.TB, request any) { reqReal, ok := request.(*structs.ConfigEntryQuery) require.True(t, ok) require.Equal(t, expectedKind, reqReal.Kind) @@ -507,11 +461,8 @@ func TestState_WatchesAndUpdates(t *testing.T) { stage0 := verificationStage{ requiredWatches: map[string]verifyWatchRequest{ - rootsWatchID: genVerifyRootsWatch("dc1"), - leafWatchID: genVerifyLeafWatch("web", "dc1"), - intentionsWatchID: genVerifyIntentionWatch("web", "dc1"), - meshConfigEntryID: genVerifyMeshConfigWatch("dc1"), - "upstream:" + pqUID.String(): genVerifyPreparedQueryWatch("query", "dc1"), + intentionsWatchID: genVerifyIntentionWatch("web", "dc1"), + meshConfigEntryID: genVerifyMeshConfigWatch("dc1"), fmt.Sprintf("discovery-chain:%s", apiUID.String()): genVerifyDiscoveryChainWatch(&structs.DiscoveryChainRequest{ Name: "api", EvaluateInDatacenter: "dc1", @@ -562,6 +513,9 @@ func TestState_WatchesAndUpdates(t *testing.T) { Mode: meshGatewayProxyConfigValue, }, }), + "upstream:" + pqUID.String(): genVerifyPreparedQueryWatch("query", "dc1"), + rootsWatchID: genVerifyDCSpecificWatch("dc1"), + leafWatchID: genVerifyLeafWatch("web", "dc1"), }, events: []UpdateEvent{ rootWatchEvent(), @@ -660,10 +614,10 @@ func TestState_WatchesAndUpdates(t *testing.T) { stage1 := verificationStage{ requiredWatches: map[string]verifyWatchRequest{ - fmt.Sprintf("upstream-target:api.default.default.dc1:%s", apiUID.String()): genVerifyServiceWatch("api", "", "dc1", true), - fmt.Sprintf("upstream-target:api-failover-remote.default.default.dc2:%s-failover-remote?dc=dc2", apiUID.String()): genVerifyServiceWatch("api-failover-remote", "", "dc2", true), - fmt.Sprintf("upstream-target:api-failover-local.default.default.dc2:%s-failover-local?dc=dc2", apiUID.String()): genVerifyServiceWatch("api-failover-local", "", "dc2", true), - fmt.Sprintf("upstream-target:api-failover-direct.default.default.dc2:%s-failover-direct?dc=dc2", apiUID.String()): genVerifyServiceWatch("api-failover-direct", "", "dc2", true), + fmt.Sprintf("upstream-target:api.default.default.dc1:%s", apiUID.String()): genVerifyServiceSpecificRequest("api", "", "dc1", true), + fmt.Sprintf("upstream-target:api-failover-remote.default.default.dc2:%s-failover-remote?dc=dc2", apiUID.String()): genVerifyServiceSpecificRequest("api-failover-remote", "", "dc2", true), + fmt.Sprintf("upstream-target:api-failover-local.default.default.dc2:%s-failover-local?dc=dc2", apiUID.String()): genVerifyServiceSpecificRequest("api-failover-local", "", "dc2", true), + fmt.Sprintf("upstream-target:api-failover-direct.default.default.dc2:%s-failover-direct?dc=dc2", apiUID.String()): genVerifyServiceSpecificRequest("api-failover-direct", "", "dc2", true), fmt.Sprintf("mesh-gateway:dc2:%s-failover-remote?dc=dc2", apiUID.String()): genVerifyGatewayWatch("dc2"), fmt.Sprintf("mesh-gateway:dc1:%s-failover-local?dc=dc2", apiUID.String()): genVerifyGatewayWatch("dc1"), }, @@ -743,9 +697,9 @@ func TestState_WatchesAndUpdates(t *testing.T) { stages: []verificationStage{ { requiredWatches: map[string]verifyWatchRequest{ - rootsWatchID: genVerifyRootsWatch("dc1"), - serviceListWatchID: genVerifyListServicesWatch("dc1"), datacentersWatchID: verifyDatacentersWatch, + serviceListWatchID: genVerifyDCSpecificWatch("dc1"), + rootsWatchID: genVerifyDCSpecificWatch("dc1"), }, verifySnapshot: func(t testing.TB, snap *ConfigSnapshot) { require.False(t, snap.Valid(), "gateway without root is not valid") @@ -804,9 +758,9 @@ func TestState_WatchesAndUpdates(t *testing.T) { stages: []verificationStage{ { requiredWatches: map[string]verifyWatchRequest{ - rootsWatchID: genVerifyRootsWatch("dc1"), - serviceListWatchID: genVerifyListServicesWatch("dc1"), datacentersWatchID: verifyDatacentersWatch, + serviceListWatchID: genVerifyDCSpecificWatch("dc1"), + rootsWatchID: genVerifyDCSpecificWatch("dc1"), }, events: []UpdateEvent{ rootWatchEvent(), @@ -948,9 +902,9 @@ func TestState_WatchesAndUpdates(t *testing.T) { stages: []verificationStage{ { requiredWatches: map[string]verifyWatchRequest{ - rootsWatchID: genVerifyRootsWatch("dc1"), meshConfigEntryID: genVerifyMeshConfigWatch("dc1"), gatewayConfigWatchID: genVerifyConfigEntryWatch(structs.IngressGateway, "ingress-gateway", "dc1"), + rootsWatchID: genVerifyDCSpecificWatch("dc1"), gatewayServicesWatchID: genVerifyGatewayServiceWatch("ingress-gateway", "dc1"), }, verifySnapshot: func(t testing.TB, snap *ConfigSnapshot) { @@ -1061,7 +1015,7 @@ func TestState_WatchesAndUpdates(t *testing.T) { }, { requiredWatches: map[string]verifyWatchRequest{ - "upstream-target:api.default.default.dc1:" + apiUID.String(): genVerifyServiceWatch("api", "", "dc1", true), + "upstream-target:api.default.default.dc1:" + apiUID.String(): genVerifyServiceSpecificRequest("api", "", "dc1", true), }, events: []UpdateEvent{ { @@ -1117,9 +1071,9 @@ func TestState_WatchesAndUpdates(t *testing.T) { stages: []verificationStage{ { requiredWatches: map[string]verifyWatchRequest{ - rootsWatchID: genVerifyRootsWatch("dc1"), meshConfigEntryID: genVerifyMeshConfigWatch("dc1"), gatewayConfigWatchID: genVerifyConfigEntryWatch(structs.IngressGateway, "ingress-gateway", "dc1"), + rootsWatchID: genVerifyDCSpecificWatch("dc1"), gatewayServicesWatchID: genVerifyGatewayServiceWatch("ingress-gateway", "dc1"), }, events: []UpdateEvent{ @@ -1197,9 +1151,9 @@ func TestState_WatchesAndUpdates(t *testing.T) { stages: []verificationStage{ { requiredWatches: map[string]verifyWatchRequest{ - rootsWatchID: genVerifyRootsWatch("dc1"), meshConfigEntryID: genVerifyMeshConfigWatch("dc1"), gatewayConfigWatchID: genVerifyConfigEntryWatch(structs.IngressGateway, "ingress-gateway", "dc1"), + rootsWatchID: genVerifyDCSpecificWatch("dc1"), gatewayServicesWatchID: genVerifyGatewayServiceWatch("ingress-gateway", "dc1"), }, events: []UpdateEvent{ @@ -1290,10 +1244,9 @@ func TestState_WatchesAndUpdates(t *testing.T) { stages: []verificationStage{ { requiredWatches: map[string]verifyWatchRequest{ - rootsWatchID: genVerifyRootsWatch("dc1"), - meshConfigEntryID: genVerifyMeshConfigWatch("dc1"), - gatewayServicesWatchID: genVerifyServiceSpecificRequest(gatewayServicesWatchID, - "terminating-gateway", "", "dc1", false), + meshConfigEntryID: genVerifyMeshConfigWatch("dc1"), + rootsWatchID: genVerifyDCSpecificWatch("dc1"), + gatewayServicesWatchID: genVerifyGatewayServiceWatch("terminating-gateway", "dc1"), }, verifySnapshot: func(t testing.TB, snap *ConfigSnapshot) { require.False(t, snap.Valid(), "gateway without root is not valid") @@ -1333,10 +1286,9 @@ func TestState_WatchesAndUpdates(t *testing.T) { stages: []verificationStage{ { requiredWatches: map[string]verifyWatchRequest{ - rootsWatchID: genVerifyRootsWatch("dc1"), - meshConfigEntryID: genVerifyMeshConfigWatch("dc1"), - gatewayServicesWatchID: genVerifyServiceSpecificRequest(gatewayServicesWatchID, - "terminating-gateway", "", "dc1", false), + meshConfigEntryID: genVerifyMeshConfigWatch("dc1"), + rootsWatchID: genVerifyDCSpecificWatch("dc1"), + gatewayServicesWatchID: genVerifyGatewayServiceWatch("terminating-gateway", "dc1"), }, events: []UpdateEvent{ rootWatchEvent(), @@ -1425,7 +1377,7 @@ func TestState_WatchesAndUpdates(t *testing.T) { }, { requiredWatches: map[string]verifyWatchRequest{ - "external-service:" + db.String(): genVerifyServiceWatch("db", "", "dc1", false), + "external-service:" + db.String(): genVerifyServiceSpecificRequest("db", "", "dc1", false), }, events: []UpdateEvent{ { @@ -1470,7 +1422,7 @@ func TestState_WatchesAndUpdates(t *testing.T) { }, { requiredWatches: map[string]verifyWatchRequest{ - "external-service:" + api.String(): genVerifyServiceWatch("api", "", "dc1", false), + "external-service:" + api.String(): genVerifyServiceSpecificRequest("api", "", "dc1", false), }, events: []UpdateEvent{ { @@ -1706,12 +1658,11 @@ func TestState_WatchesAndUpdates(t *testing.T) { stages: []verificationStage{ { requiredWatches: map[string]verifyWatchRequest{ - rootsWatchID: genVerifyRootsWatch("dc1"), - intentionUpstreamsID: genVerifyServiceSpecificRequest(intentionUpstreamsID, - "api", "", "dc1", false), - leafWatchID: genVerifyLeafWatch("api", "dc1"), - intentionsWatchID: genVerifyIntentionWatch("api", "dc1"), - meshConfigEntryID: genVerifyMeshConfigWatch("dc1"), + intentionsWatchID: genVerifyIntentionWatch("api", "dc1"), + intentionUpstreamsID: genVerifyServiceSpecificRequest("api", "", "dc1", false), + meshConfigEntryID: genVerifyMeshConfigWatch("dc1"), + rootsWatchID: genVerifyDCSpecificWatch("dc1"), + leafWatchID: genVerifyLeafWatch("api", "dc1"), }, verifySnapshot: func(t testing.TB, snap *ConfigSnapshot) { require.False(t, snap.Valid(), "proxy without roots/leaf/intentions is not valid") @@ -1792,12 +1743,11 @@ func TestState_WatchesAndUpdates(t *testing.T) { // Empty on initialization { requiredWatches: map[string]verifyWatchRequest{ - rootsWatchID: genVerifyRootsWatch("dc1"), - intentionUpstreamsID: genVerifyServiceSpecificRequest(intentionUpstreamsID, - "api", "", "dc1", false), - leafWatchID: genVerifyLeafWatch("api", "dc1"), - intentionsWatchID: genVerifyIntentionWatch("api", "dc1"), - meshConfigEntryID: genVerifyMeshConfigWatch("dc1"), + intentionsWatchID: genVerifyIntentionWatch("api", "dc1"), + intentionUpstreamsID: genVerifyServiceSpecificRequest("api", "", "dc1", false), + meshConfigEntryID: genVerifyMeshConfigWatch("dc1"), + rootsWatchID: genVerifyDCSpecificWatch("dc1"), + leafWatchID: genVerifyLeafWatch("api", "dc1"), }, verifySnapshot: func(t testing.TB, snap *ConfigSnapshot) { require.False(t, snap.Valid(), "proxy without roots/leaf/intentions is not valid") @@ -1852,11 +1802,10 @@ func TestState_WatchesAndUpdates(t *testing.T) { // Receiving an intention should lead to spinning up a discovery chain watch { requiredWatches: map[string]verifyWatchRequest{ - rootsWatchID: genVerifyRootsWatch("dc1"), - intentionUpstreamsID: genVerifyServiceSpecificRequest(intentionUpstreamsID, - "api", "", "dc1", false), - leafWatchID: genVerifyLeafWatch("api", "dc1"), - intentionsWatchID: genVerifyIntentionWatch("api", "dc1"), + intentionsWatchID: genVerifyIntentionWatch("api", "dc1"), + intentionUpstreamsID: genVerifyServiceSpecificRequest("api", "", "dc1", false), + rootsWatchID: genVerifyDCSpecificWatch("dc1"), + leafWatchID: genVerifyLeafWatch("api", "dc1"), }, events: []UpdateEvent{ { @@ -1917,7 +1866,7 @@ func TestState_WatchesAndUpdates(t *testing.T) { }, { requiredWatches: map[string]verifyWatchRequest{ - "upstream-target:db.default.default.dc1:" + dbUID.String(): genVerifyServiceWatch("db", "", "dc1", true), + "upstream-target:db.default.default.dc1:" + dbUID.String(): genVerifyServiceSpecificRequest("db", "", "dc1", true), }, events: []UpdateEvent{ { @@ -2284,11 +2233,10 @@ func TestState_WatchesAndUpdates(t *testing.T) { { // Empty list of upstreams should clean up map keys requiredWatches: map[string]verifyWatchRequest{ - rootsWatchID: genVerifyRootsWatch("dc1"), - intentionUpstreamsID: genVerifyServiceSpecificRequest(intentionUpstreamsID, - "api", "", "dc1", false), - leafWatchID: genVerifyLeafWatch("api", "dc1"), - intentionsWatchID: genVerifyIntentionWatch("api", "dc1"), + intentionsWatchID: genVerifyIntentionWatch("api", "dc1"), + intentionUpstreamsID: genVerifyServiceSpecificRequest("api", "", "dc1", false), + rootsWatchID: genVerifyDCSpecificWatch("dc1"), + leafWatchID: genVerifyLeafWatch("api", "dc1"), }, events: []UpdateEvent{ { @@ -2351,12 +2299,9 @@ func TestState_WatchesAndUpdates(t *testing.T) { // Empty on initialization { requiredWatches: map[string]verifyWatchRequest{ - rootsWatchID: genVerifyRootsWatch("dc1"), - intentionUpstreamsID: genVerifyServiceSpecificRequest(intentionUpstreamsID, - "api", "", "dc1", false), - leafWatchID: genVerifyLeafWatch("api", "dc1"), - intentionsWatchID: genVerifyIntentionWatch("api", "dc1"), - meshConfigEntryID: genVerifyMeshConfigWatch("dc1"), + intentionsWatchID: genVerifyIntentionWatch("api", "dc1"), + intentionUpstreamsID: genVerifyServiceSpecificRequest("api", "", "dc1", false), + meshConfigEntryID: genVerifyMeshConfigWatch("dc1"), "discovery-chain:" + upstreamIDForDC2(dbUID).String(): genVerifyDiscoveryChainWatch(&structs.DiscoveryChainRequest{ Name: "db", EvaluateInDatacenter: "dc2", @@ -2365,6 +2310,8 @@ func TestState_WatchesAndUpdates(t *testing.T) { Datacenter: "dc1", OverrideMeshGateway: structs.MeshGatewayConfig{Mode: structs.MeshGatewayModeLocal}, }), + rootsWatchID: genVerifyDCSpecificWatch("dc1"), + leafWatchID: genVerifyLeafWatch("api", "dc1"), }, verifySnapshot: func(t testing.TB, snap *ConfigSnapshot) { require.False(t, snap.Valid(), "proxy without roots/leaf/intentions is not valid") @@ -2452,11 +2399,8 @@ func TestState_WatchesAndUpdates(t *testing.T) { // be deleted from the snapshot. { requiredWatches: map[string]verifyWatchRequest{ - rootsWatchID: genVerifyRootsWatch("dc1"), - intentionUpstreamsID: genVerifyServiceSpecificRequest(intentionUpstreamsID, - "api", "", "dc1", false), - leafWatchID: genVerifyLeafWatch("api", "dc1"), - intentionsWatchID: genVerifyIntentionWatch("api", "dc1"), + intentionsWatchID: genVerifyIntentionWatch("api", "dc1"), + intentionUpstreamsID: genVerifyServiceSpecificRequest("api", "", "dc1", false), "discovery-chain:" + upstreamIDForDC2(dbUID).String(): genVerifyDiscoveryChainWatch(&structs.DiscoveryChainRequest{ Name: "db", EvaluateInDatacenter: "dc2", @@ -2465,6 +2409,8 @@ func TestState_WatchesAndUpdates(t *testing.T) { Datacenter: "dc1", OverrideMeshGateway: structs.MeshGatewayConfig{Mode: structs.MeshGatewayModeLocal}, }), + rootsWatchID: genVerifyDCSpecificWatch("dc1"), + leafWatchID: genVerifyLeafWatch("api", "dc1"), }, events: []UpdateEvent{ { @@ -2526,8 +2472,6 @@ func TestState_WatchesAndUpdates(t *testing.T) { // First evaluate peered upstream { requiredWatches: map[string]verifyWatchRequest{ - rootsWatchID: genVerifyRootsWatch("dc1"), - leafWatchID: genVerifyLeafWatch("web", "dc1"), fmt.Sprintf("discovery-chain:%s", apiUID.String()): genVerifyDiscoveryChainWatch(&structs.DiscoveryChainRequest{ Name: "api", EvaluateInDatacenter: "dc1", @@ -2535,6 +2479,8 @@ func TestState_WatchesAndUpdates(t *testing.T) { EvaluateInPartition: "default", Datacenter: "dc1", }), + rootsWatchID: genVerifyDCSpecificWatch("dc1"), + leafWatchID: genVerifyLeafWatch("web", "dc1"), // No Peering watch }, verifySnapshot: func(t testing.TB, snap *ConfigSnapshot) { @@ -2604,12 +2550,10 @@ func TestState_WatchesAndUpdates(t *testing.T) { for name, tc := range cases { t.Run(name, func(t *testing.T) { - cn := newTestCacheNotifier() proxyID := ProxyID{ServiceID: tc.ns.CompoundServiceID()} - state, err := newState(proxyID, &tc.ns, testSource, "", stateConfig{ + + sc := stateConfig{ logger: testutil.Logger(t), - cache: cn, - health: &HealthWrapper{&health.Client{Cache: cn, CacheName: cachetype.HealthServicesName}}, source: &structs.QuerySource{ Datacenter: tc.sourceDC, }, @@ -2617,7 +2561,10 @@ func TestState_WatchesAndUpdates(t *testing.T) { Domain: "consul.", AltDomain: "alt.consul.", }, - }) + } + wr := recordWatches(&sc) + + state, err := newState(proxyID, &tc.ns, testSource, "", sc) // verify building the initial state worked require.NoError(t, err) @@ -2644,13 +2591,7 @@ func TestState_WatchesAndUpdates(t *testing.T) { require.True(t, t.Run(fmt.Sprintf("stage-%d", idx), func(t *testing.T) { for correlationId, verifier := range stage.requiredWatches { require.True(t, t.Run(correlationId, func(t *testing.T) { - // verify that the watch was initiated - cacheType, request := cn.verifyWatch(t, correlationId) - - // run the verifier if any - if verifier != nil { - verifier(t, cacheType, request) - } + wr.verify(t, correlationId, verifier) })) } diff --git a/agent/proxycfg/terminating_gateway.go b/agent/proxycfg/terminating_gateway.go index b27dbe8c0..a9dbdb391 100644 --- a/agent/proxycfg/terminating_gateway.go +++ b/agent/proxycfg/terminating_gateway.go @@ -17,7 +17,7 @@ type handlerTerminatingGateway struct { func (s *handlerTerminatingGateway) initialize(ctx context.Context) (ConfigSnapshot, error) { snap := newConfigSnapshotFromServiceInstance(s.serviceInstance, s.stateConfig) // Watch for root changes - err := s.cache.Notify(ctx, cachetype.ConnectCARootName, &structs.DCSpecificRequest{ + err := s.dataSources.CARoots.Notify(ctx, &structs.DCSpecificRequest{ Datacenter: s.source.Datacenter, QueryOptions: structs.QueryOptions{Token: s.token}, Source: *s.source, @@ -28,7 +28,7 @@ func (s *handlerTerminatingGateway) initialize(ctx context.Context) (ConfigSnaps } // Get information about the entire service mesh. - err = s.cache.Notify(ctx, cachetype.ConfigEntryName, &structs.ConfigEntryQuery{ + err = s.dataSources.ConfigEntry.Notify(ctx, &structs.ConfigEntryQuery{ Kind: structs.MeshConfig, Name: structs.MeshConfigMesh, Datacenter: s.source.Datacenter, @@ -40,7 +40,7 @@ func (s *handlerTerminatingGateway) initialize(ctx context.Context) (ConfigSnaps } // Watch for the terminating-gateway's linked services - err = s.cache.Notify(ctx, cachetype.GatewayServicesName, &structs.ServiceSpecificRequest{ + err = s.dataSources.GatewayServices.Notify(ctx, &structs.ServiceSpecificRequest{ Datacenter: s.source.Datacenter, QueryOptions: structs.QueryOptions{Token: s.token}, ServiceName: s.service, @@ -116,7 +116,7 @@ func (s *handlerTerminatingGateway) handleUpdate(ctx context.Context, u UpdateEv // Watch the health endpoint to discover endpoints for the service if _, ok := snap.TerminatingGateway.WatchedServices[svc.Service]; !ok { ctx, cancel := context.WithCancel(ctx) - err := s.health.Notify(ctx, structs.ServiceSpecificRequest{ + err := s.dataSources.Health.Notify(ctx, &structs.ServiceSpecificRequest{ Datacenter: s.source.Datacenter, QueryOptions: structs.QueryOptions{Token: s.token}, ServiceName: svc.Service.Name, @@ -141,7 +141,7 @@ func (s *handlerTerminatingGateway) handleUpdate(ctx context.Context, u UpdateEv // The gateway will enforce intentions for connections to the service if _, ok := snap.TerminatingGateway.WatchedIntentions[svc.Service]; !ok { ctx, cancel := context.WithCancel(ctx) - err := s.cache.Notify(ctx, cachetype.IntentionMatchName, &structs.IntentionQueryRequest{ + err := s.dataSources.Intentions.Notify(ctx, &structs.IntentionQueryRequest{ Datacenter: s.source.Datacenter, QueryOptions: structs.QueryOptions{Token: s.token}, Match: &structs.IntentionQueryMatch{ @@ -171,7 +171,7 @@ func (s *handlerTerminatingGateway) handleUpdate(ctx context.Context, u UpdateEv // This cert is used to terminate mTLS connections on the service's behalf if _, ok := snap.TerminatingGateway.WatchedLeaves[svc.Service]; !ok { ctx, cancel := context.WithCancel(ctx) - err := s.cache.Notify(ctx, cachetype.ConnectCALeafName, &cachetype.ConnectCALeafRequest{ + err := s.dataSources.LeafCertificate.Notify(ctx, &cachetype.ConnectCALeafRequest{ Datacenter: s.source.Datacenter, Token: s.token, Service: svc.Service.Name, @@ -193,7 +193,7 @@ func (s *handlerTerminatingGateway) handleUpdate(ctx context.Context, u UpdateEv // These are used to determine the protocol for the target service. if _, ok := snap.TerminatingGateway.WatchedConfigs[svc.Service]; !ok { ctx, cancel := context.WithCancel(ctx) - err := s.cache.Notify(ctx, cachetype.ResolvedServiceConfigName, &structs.ServiceConfigRequest{ + err := s.dataSources.ResolvedServiceConfig.Notify(ctx, &structs.ServiceConfigRequest{ Datacenter: s.source.Datacenter, QueryOptions: structs.QueryOptions{Token: s.token}, Name: svc.Service.Name, @@ -215,7 +215,7 @@ func (s *handlerTerminatingGateway) handleUpdate(ctx context.Context, u UpdateEv // These are used to create clusters and endpoints for the service subsets if _, ok := snap.TerminatingGateway.WatchedResolvers[svc.Service]; !ok { ctx, cancel := context.WithCancel(ctx) - err := s.cache.Notify(ctx, cachetype.ConfigEntryName, &structs.ConfigEntryQuery{ + err := s.dataSources.ConfigEntry.Notify(ctx, &structs.ConfigEntryQuery{ Datacenter: s.source.Datacenter, QueryOptions: structs.QueryOptions{Token: s.token}, Kind: structs.ServiceResolver, diff --git a/agent/proxycfg/testing.go b/agent/proxycfg/testing.go index 73320108d..1edbfd0a3 100644 --- a/agent/proxycfg/testing.go +++ b/agent/proxycfg/testing.go @@ -22,53 +22,6 @@ import ( "github.com/hashicorp/consul/api" ) -// TestCacheTypes encapsulates all the different cache types proxycfg.State will -// watch/request for controlling one during testing. -type TestCacheTypes struct { - roots *ControllableCacheType - leaf *ControllableCacheType - intentions *ControllableCacheType - health *ControllableCacheType - query *ControllableCacheType - compiledChain *ControllableCacheType - serviceHTTPChecks *ControllableCacheType - configEntry *ControllableCacheType -} - -// NewTestCacheTypes creates a set of ControllableCacheTypes for all types that -// proxycfg will watch suitable for testing a proxycfg.State or Manager. -func NewTestCacheTypes(t testing.T) *TestCacheTypes { - t.Helper() - ct := &TestCacheTypes{ - roots: NewControllableCacheType(t), - leaf: NewControllableCacheType(t), - intentions: NewControllableCacheType(t), - health: NewControllableCacheType(t), - query: NewControllableCacheType(t), - compiledChain: NewControllableCacheType(t), - serviceHTTPChecks: NewControllableCacheType(t), - configEntry: NewControllableCacheType(t), - } - ct.query.blocking = false - return ct -} - -// TestCacheWithTypes registers ControllableCacheTypes for all types that -// proxycfg will watch suitable for testing a proxycfg.State or Manager. -func TestCacheWithTypes(t testing.T, types *TestCacheTypes) *cache.Cache { - c := cache.New(cache.Options{}) - c.RegisterType(cachetype.ConnectCARootName, types.roots) - c.RegisterType(cachetype.ConnectCALeafName, types.leaf) - c.RegisterType(cachetype.IntentionMatchName, types.intentions) - c.RegisterType(cachetype.HealthServicesName, types.health) - c.RegisterType(cachetype.PreparedQueryName, types.query) - c.RegisterType(cachetype.CompiledDiscoveryChainName, types.compiledChain) - c.RegisterType(cachetype.ServiceHTTPChecksName, types.serviceHTTPChecks) - c.RegisterType(cachetype.ConfigEntryName, types.configEntry) - - return c -} - // TestCerts generates a CA and Leaf suitable for returning as mock CA // root/leaf cache requests. func TestCerts(t testing.T) (*structs.IndexedCARoots, *structs.IssuedCert) { @@ -668,19 +621,9 @@ func TestGatewayServiceGroupFooDC1(t testing.T) structs.CheckServiceNodes { } } -type noopCacheNotifier struct{} +type noopDataSource[ReqType any] struct{} -var _ CacheNotifier = (*noopCacheNotifier)(nil) - -func (*noopCacheNotifier) Notify(_ context.Context, _ string, _ cache.Request, _ string, _ chan<- UpdateEvent) error { - return nil -} - -type noopHealth struct{} - -var _ Health = (*noopHealth)(nil) - -func (*noopHealth) Notify(_ context.Context, _ structs.ServiceSpecificRequest, _ string, _ chan<- UpdateEvent) error { +func (*noopDataSource[ReqType]) Notify(context.Context, ReqType, string, chan<- UpdateEvent) error { return nil } @@ -711,8 +654,24 @@ func testConfigSnapshotFixture( source: &structs.QuerySource{ Datacenter: "dc1", }, - cache: &noopCacheNotifier{}, - health: &noopHealth{}, + dataSources: DataSources{ + CARoots: &noopDataSource[*structs.DCSpecificRequest]{}, + CompiledDiscoveryChain: &noopDataSource[*structs.DiscoveryChainRequest]{}, + ConfigEntry: &noopDataSource[*structs.ConfigEntryQuery]{}, + ConfigEntryList: &noopDataSource[*structs.ConfigEntryQuery]{}, + Datacenters: &noopDataSource[*structs.DatacentersRequest]{}, + FederationStateListMeshGateways: &noopDataSource[*structs.DCSpecificRequest]{}, + GatewayServices: &noopDataSource[*structs.ServiceSpecificRequest]{}, + Health: &noopDataSource[*structs.ServiceSpecificRequest]{}, + HTTPChecks: &noopDataSource[*cachetype.ServiceHTTPChecksRequest]{}, + Intentions: &noopDataSource[*structs.IntentionQueryRequest]{}, + IntentionUpstreams: &noopDataSource[*structs.ServiceSpecificRequest]{}, + InternalServiceDump: &noopDataSource[*structs.ServiceDumpRequest]{}, + LeafCertificate: &noopDataSource[*cachetype.ConnectCALeafRequest]{}, + PreparedQuery: &noopDataSource[*structs.PreparedQueryExecuteRequest]{}, + ResolvedServiceConfig: &noopDataSource[*structs.ServiceConfigRequest]{}, + ServiceList: &noopDataSource[*structs.DCSpecificRequest]{}, + }, dnsConfig: DNSConfig{ // TODO: make configurable Domain: "consul", AltDomain: "", @@ -720,6 +679,7 @@ func testConfigSnapshotFixture( serverSNIFn: serverSNIFn, intentionDefaultAllow: false, // TODO: make configurable } + testConfigSnapshotFixtureEnterprise(&config) s, err := newServiceInstanceFromNodeService(ProxyID{ServiceID: ns.CompoundServiceID()}, ns, token) if err != nil { t.Fatalf("err: %v", err) @@ -889,3 +849,159 @@ func projectRoot() string { _, base, _, _ := runtime.Caller(0) return filepath.Dir(base) } + +// NewTestDataSources creates a set of data sources that can be used to provide +// the Manager with data in tests. +func NewTestDataSources() *TestDataSources { + srcs := &TestDataSources{ + CARoots: NewTestDataSource[*structs.DCSpecificRequest, *structs.IndexedCARoots](), + CompiledDiscoveryChain: NewTestDataSource[*structs.DiscoveryChainRequest, *structs.DiscoveryChainResponse](), + ConfigEntry: NewTestDataSource[*structs.ConfigEntryQuery, *structs.ConfigEntryResponse](), + ConfigEntryList: NewTestDataSource[*structs.ConfigEntryQuery, *structs.IndexedConfigEntries](), + Datacenters: NewTestDataSource[*structs.DatacentersRequest, *[]string](), + FederationStateListMeshGateways: NewTestDataSource[*structs.DCSpecificRequest, *structs.DatacenterIndexedCheckServiceNodes](), + GatewayServices: NewTestDataSource[*structs.ServiceSpecificRequest, *structs.IndexedGatewayServices](), + Health: NewTestDataSource[*structs.ServiceSpecificRequest, *structs.IndexedCheckServiceNodes](), + HTTPChecks: NewTestDataSource[*cachetype.ServiceHTTPChecksRequest, []structs.CheckType](), + Intentions: NewTestDataSource[*structs.IntentionQueryRequest, *structs.IndexedIntentionMatches](), + IntentionUpstreams: NewTestDataSource[*structs.ServiceSpecificRequest, *structs.IndexedServiceList](), + InternalServiceDump: NewTestDataSource[*structs.ServiceDumpRequest, *structs.IndexedNodesWithGateways](), + LeafCertificate: NewTestDataSource[*cachetype.ConnectCALeafRequest, *structs.IssuedCert](), + PreparedQuery: NewTestDataSource[*structs.PreparedQueryExecuteRequest, *structs.PreparedQueryExecuteResponse](), + ResolvedServiceConfig: NewTestDataSource[*structs.ServiceConfigRequest, *structs.ServiceConfigResponse](), + ServiceList: NewTestDataSource[*structs.DCSpecificRequest, *structs.IndexedServiceList](), + } + srcs.buildEnterpriseSources() + return srcs +} + +type TestDataSources struct { + CARoots *TestDataSource[*structs.DCSpecificRequest, *structs.IndexedCARoots] + CompiledDiscoveryChain *TestDataSource[*structs.DiscoveryChainRequest, *structs.DiscoveryChainResponse] + ConfigEntry *TestDataSource[*structs.ConfigEntryQuery, *structs.ConfigEntryResponse] + ConfigEntryList *TestDataSource[*structs.ConfigEntryQuery, *structs.IndexedConfigEntries] + FederationStateListMeshGateways *TestDataSource[*structs.DCSpecificRequest, *structs.DatacenterIndexedCheckServiceNodes] + Datacenters *TestDataSource[*structs.DatacentersRequest, *[]string] + GatewayServices *TestDataSource[*structs.ServiceSpecificRequest, *structs.IndexedGatewayServices] + Health *TestDataSource[*structs.ServiceSpecificRequest, *structs.IndexedCheckServiceNodes] + HTTPChecks *TestDataSource[*cachetype.ServiceHTTPChecksRequest, []structs.CheckType] + Intentions *TestDataSource[*structs.IntentionQueryRequest, *structs.IndexedIntentionMatches] + IntentionUpstreams *TestDataSource[*structs.ServiceSpecificRequest, *structs.IndexedServiceList] + InternalServiceDump *TestDataSource[*structs.ServiceDumpRequest, *structs.IndexedNodesWithGateways] + LeafCertificate *TestDataSource[*cachetype.ConnectCALeafRequest, *structs.IssuedCert] + PreparedQuery *TestDataSource[*structs.PreparedQueryExecuteRequest, *structs.PreparedQueryExecuteResponse] + ResolvedServiceConfig *TestDataSource[*structs.ServiceConfigRequest, *structs.ServiceConfigResponse] + ServiceList *TestDataSource[*structs.DCSpecificRequest, *structs.IndexedServiceList] + + TestDataSourcesEnterprise +} + +func (t *TestDataSources) ToDataSources() DataSources { + ds := DataSources{ + CARoots: t.CARoots, + CompiledDiscoveryChain: t.CompiledDiscoveryChain, + ConfigEntry: t.ConfigEntry, + ConfigEntryList: t.ConfigEntryList, + Datacenters: t.Datacenters, + GatewayServices: t.GatewayServices, + Health: t.Health, + HTTPChecks: t.HTTPChecks, + Intentions: t.Intentions, + IntentionUpstreams: t.IntentionUpstreams, + InternalServiceDump: t.InternalServiceDump, + LeafCertificate: t.LeafCertificate, + PreparedQuery: t.PreparedQuery, + ResolvedServiceConfig: t.ResolvedServiceConfig, + ServiceList: t.ServiceList, + } + t.fillEnterpriseDataSources(&ds) + return ds +} + +// NewTestDataSource creates a test data source that accepts requests to Notify +// of type RequestType and dispatches UpdateEvents with a result of type ValType. +// +// TODO(agentless): we still depend on cache.Request here because it provides the +// CacheInfo method used for hashing the request - this won't work when we extract +// this package into a shared library. +func NewTestDataSource[ReqType cache.Request, ValType any]() *TestDataSource[ReqType, ValType] { + return &TestDataSource[ReqType, ValType]{ + data: make(map[string]ValType), + trigger: make(chan struct{}), + } +} + +type TestDataSource[ReqType cache.Request, ValType any] struct { + mu sync.Mutex + data map[string]ValType + lastReq ReqType + + // Note: trigger is currently global for all requests of the given type, so + // Manager may receive duplicate events - as the dispatch goroutine will be + // woken up whenever *any* requested data changes. + trigger chan struct{} +} + +// Notify satisfies the interfaces used by Manager to subscribe to data. +func (t *TestDataSource[ReqType, ValType]) Notify(ctx context.Context, req ReqType, correlationID string, ch chan<- UpdateEvent) error { + t.mu.Lock() + t.lastReq = req + t.mu.Unlock() + + go t.dispatch(ctx, correlationID, t.reqKey(req), ch) + + return nil +} + +func (t *TestDataSource[ReqType, ValType]) dispatch(ctx context.Context, correlationID, key string, ch chan<- UpdateEvent) { + for { + t.mu.Lock() + val, ok := t.data[key] + trigger := t.trigger + t.mu.Unlock() + + if ok { + event := UpdateEvent{ + CorrelationID: correlationID, + Result: val, + } + + select { + case ch <- event: + case <-ctx.Done(): + } + } + + select { + case <-trigger: + case <-ctx.Done(): + return + } + } +} + +func (t *TestDataSource[ReqType, ValType]) reqKey(req ReqType) string { + return req.CacheInfo().Key +} + +// Set broadcasts the given value to consumers that subscribed with the given +// request. +func (t *TestDataSource[ReqType, ValType]) Set(req ReqType, val ValType) error { + t.mu.Lock() + t.data[t.reqKey(req)] = val + oldTrigger := t.trigger + t.trigger = make(chan struct{}) + t.mu.Unlock() + + close(oldTrigger) + + return nil +} + +// LastReq returns the request from the last call to Notify that was received. +func (t *TestDataSource[ReqType, ValType]) LastReq() ReqType { + t.mu.Lock() + defer t.mu.Unlock() + + return t.lastReq +} diff --git a/agent/proxycfg/testing_oss.go b/agent/proxycfg/testing_oss.go new file mode 100644 index 000000000..11f9a6ade --- /dev/null +++ b/agent/proxycfg/testing_oss.go @@ -0,0 +1,12 @@ +//go:build !consulent +// +build !consulent + +package proxycfg + +type TestDataSourcesEnterprise struct{} + +func (*TestDataSources) buildEnterpriseSources() {} + +func (*TestDataSources) fillEnterpriseDataSources(*DataSources) {} + +func testConfigSnapshotFixtureEnterprise(*stateConfig) {} diff --git a/agent/proxycfg/upstreams.go b/agent/proxycfg/upstreams.go index 1ed36c0e4..3e887caf1 100644 --- a/agent/proxycfg/upstreams.go +++ b/agent/proxycfg/upstreams.go @@ -9,7 +9,6 @@ import ( "github.com/mitchellh/mapstructure" "github.com/hashicorp/consul/acl" - cachetype "github.com/hashicorp/consul/agent/cache-types" "github.com/hashicorp/consul/agent/structs" ) @@ -314,12 +313,12 @@ func (s *handlerUpstreams) resetWatchesFromChain( ctx, cancel := context.WithCancel(ctx) opts := gatewayWatchOpts{ - notifier: s.cache, - notifyCh: s.ch, - source: *s.source, - token: s.token, - key: gwKey, - upstreamID: uid, + internalServiceDump: s.dataSources.InternalServiceDump, + notifyCh: s.ch, + source: *s.source, + token: s.token, + key: gwKey, + upstreamID: uid, } err := watchMeshGateway(ctx, opts) if err != nil { @@ -372,7 +371,7 @@ func (s *handlerUpstreams) watchUpstreamTarget(ctx context.Context, snap *Config correlationID := "upstream-target:" + opts.chainID + ":" + opts.upstreamID.String() ctx, cancel := context.WithCancel(ctx) - err := s.health.Notify(ctx, structs.ServiceSpecificRequest{ + err := s.dataSources.Health.Notify(ctx, &structs.ServiceSpecificRequest{ PeerName: opts.upstreamID.Peer, Datacenter: opts.datacenter, QueryOptions: structs.QueryOptions{ @@ -413,7 +412,7 @@ func (s *handlerUpstreams) watchDiscoveryChain(ctx context.Context, snap *Config } ctx, cancel := context.WithCancel(ctx) - err := s.cache.Notify(ctx, cachetype.CompiledDiscoveryChainName, &structs.DiscoveryChainRequest{ + err := s.dataSources.CompiledDiscoveryChain.Notify(ctx, &structs.DiscoveryChainRequest{ Datacenter: s.source.Datacenter, QueryOptions: structs.QueryOptions{Token: s.token}, Name: opts.name, From 58ffa0488defae2f9c28f5bbe881ff78457b26a2 Mon Sep 17 00:00:00 2001 From: "Chris S. Kim" Date: Wed, 1 Jun 2022 13:17:14 -0400 Subject: [PATCH 430/785] Revert getPathSuffixUnescaped (#13256) --- .changelog/13256.txt | 3 ++ agent/acl_endpoint.go | 35 +++--------- agent/agent_endpoint.go | 86 +++++++----------------------- agent/catalog_endpoint.go | 25 ++------- agent/config_endpoint.go | 10 +--- agent/coordinate_endpoint.go | 6 +-- agent/discovery_chain_endpoint.go | 7 +-- agent/event_endpoint.go | 7 +-- agent/federation_state_endpoint.go | 6 +-- agent/health_endpoint.go | 25 ++------- agent/http.go | 12 ----- agent/http_test.go | 39 -------------- agent/intentions_endpoint.go | 5 +- agent/kvs_endpoint.go | 7 +-- agent/peering_endpoint.go | 6 +-- agent/prepared_query_endpoint.go | 5 +- agent/session_endpoint.go | 25 ++------- agent/ui_endpoint.go | 29 ++-------- 18 files changed, 66 insertions(+), 272 deletions(-) create mode 100644 .changelog/13256.txt diff --git a/.changelog/13256.txt b/.changelog/13256.txt new file mode 100644 index 000000000..cfc8096e3 --- /dev/null +++ b/.changelog/13256.txt @@ -0,0 +1,3 @@ +```release-note:bug +agent: Fixed a bug in HTTP handlers where URLs were being decoded twice +``` \ No newline at end of file diff --git a/agent/acl_endpoint.go b/agent/acl_endpoint.go index ef859f84e..23e43ba5c 100644 --- a/agent/acl_endpoint.go +++ b/agent/acl_endpoint.go @@ -122,10 +122,7 @@ func (s *HTTPHandlers) ACLPolicyCRUD(resp http.ResponseWriter, req *http.Request return nil, MethodNotAllowedError{req.Method, []string{"GET", "PUT", "DELETE"}} } - policyID, err := getPathSuffixUnescaped(req.URL.Path, "/v1/acl/policy/") - if err != nil { - return nil, err - } + policyID := strings.TrimPrefix(req.URL.Path, "/v1/acl/policy/") if policyID == "" && req.Method != "PUT" { return nil, HTTPError{StatusCode: http.StatusBadRequest, Reason: "Missing policy ID"} } @@ -170,10 +167,7 @@ func (s *HTTPHandlers) ACLPolicyReadByName(resp http.ResponseWriter, req *http.R return nil, aclDisabled } - policyName, err := getPathSuffixUnescaped(req.URL.Path, "/v1/acl/policy/name/") - if err != nil { - return nil, err - } + policyName := strings.TrimPrefix(req.URL.Path, "/v1/acl/policy/name/") if policyName == "" { return nil, HTTPError{StatusCode: http.StatusBadRequest, Reason: "Missing policy Name"} } @@ -308,10 +302,7 @@ func (s *HTTPHandlers) ACLTokenCRUD(resp http.ResponseWriter, req *http.Request) return nil, MethodNotAllowedError{req.Method, []string{"GET", "PUT", "DELETE"}} } - tokenID, err := getPathSuffixUnescaped(req.URL.Path, "/v1/acl/token/") - if err != nil { - return nil, err - } + tokenID := strings.TrimPrefix(req.URL.Path, "/v1/acl/token/") if strings.HasSuffix(tokenID, "/clone") && req.Method == "PUT" { tokenID = tokenID[:len(tokenID)-6] fn = s.ACLTokenClone @@ -541,10 +532,7 @@ func (s *HTTPHandlers) ACLRoleCRUD(resp http.ResponseWriter, req *http.Request) return nil, MethodNotAllowedError{req.Method, []string{"GET", "PUT", "DELETE"}} } - roleID, err := getPathSuffixUnescaped(req.URL.Path, "/v1/acl/role/") - if err != nil { - return nil, err - } + roleID := strings.TrimPrefix(req.URL.Path, "/v1/acl/role/") if roleID == "" && req.Method != "PUT" { return nil, HTTPError{StatusCode: http.StatusBadRequest, Reason: "Missing role ID"} } @@ -557,10 +545,7 @@ func (s *HTTPHandlers) ACLRoleReadByName(resp http.ResponseWriter, req *http.Req return nil, aclDisabled } - roleName, err := getPathSuffixUnescaped(req.URL.Path, "/v1/acl/role/name/") - if err != nil { - return nil, err - } + roleName := strings.TrimPrefix(req.URL.Path, "/v1/acl/role/name/") if roleName == "" { return nil, HTTPError{StatusCode: http.StatusBadRequest, Reason: "Missing role Name"} } @@ -711,10 +696,7 @@ func (s *HTTPHandlers) ACLBindingRuleCRUD(resp http.ResponseWriter, req *http.Re return nil, MethodNotAllowedError{req.Method, []string{"GET", "PUT", "DELETE"}} } - bindingRuleID, err := getPathSuffixUnescaped(req.URL.Path, "/v1/acl/binding-rule/") - if err != nil { - return nil, err - } + bindingRuleID := strings.TrimPrefix(req.URL.Path, "/v1/acl/binding-rule/") if bindingRuleID == "" && req.Method != "PUT" { return nil, HTTPError{StatusCode: http.StatusBadRequest, Reason: "Missing binding rule ID"} } @@ -857,10 +839,7 @@ func (s *HTTPHandlers) ACLAuthMethodCRUD(resp http.ResponseWriter, req *http.Req return nil, MethodNotAllowedError{req.Method, []string{"GET", "PUT", "DELETE"}} } - methodName, err := getPathSuffixUnescaped(req.URL.Path, "/v1/acl/auth-method/") - if err != nil { - return nil, err - } + methodName := strings.TrimPrefix(req.URL.Path, "/v1/acl/auth-method/") if methodName == "" && req.Method != "PUT" { return nil, HTTPError{StatusCode: http.StatusBadRequest, Reason: "Missing auth method name"} } diff --git a/agent/agent_endpoint.go b/agent/agent_endpoint.go index 87805a24a..86197f462 100644 --- a/agent/agent_endpoint.go +++ b/agent/agent_endpoint.go @@ -382,10 +382,7 @@ func (s *HTTPHandlers) AgentServices(resp http.ResponseWriter, req *http.Request // blocking watch using hash-based blocking. func (s *HTTPHandlers) AgentService(resp http.ResponseWriter, req *http.Request) (interface{}, error) { // Get the proxy ID. Note that this is the ID of a proxy's service instance. - id, err := getPathSuffixUnescaped(req.URL.Path, "/v1/agent/service/") - if err != nil { - return nil, err - } + id := strings.TrimPrefix(req.URL.Path, "/v1/agent/service/") // Maybe block var queryOpts structs.QueryOptions @@ -404,7 +401,7 @@ func (s *HTTPHandlers) AgentService(resp http.ResponseWriter, req *http.Request) } // need to resolve to default the meta - _, err = s.agent.delegate.ResolveTokenAndDefaultMeta(token, &entMeta, nil) + _, err := s.agent.delegate.ResolveTokenAndDefaultMeta(token, &entMeta, nil) if err != nil { return nil, err } @@ -640,10 +637,7 @@ func (s *HTTPHandlers) AgentJoin(resp http.ResponseWriter, req *http.Request) (i } // Get the address - addr, err := getPathSuffixUnescaped(req.URL.Path, "/v1/agent/join/") - if err != nil { - return nil, err - } + addr := strings.TrimPrefix(req.URL.Path, "/v1/agent/join/") if wan { if s.agent.config.ConnectMeshGatewayWANFederationEnabled { @@ -703,10 +697,7 @@ func (s *HTTPHandlers) AgentForceLeave(resp http.ResponseWriter, req *http.Reque // Check if the WAN is being queried _, wan := req.URL.Query()["wan"] - addr, err := getPathSuffixUnescaped(req.URL.Path, "/v1/agent/force-leave/") - if err != nil { - return nil, err - } + addr := strings.TrimPrefix(req.URL.Path, "/v1/agent/force-leave/") if wan { return nil, s.agent.ForceLeaveWAN(addr, prune, entMeta) } else { @@ -792,11 +783,8 @@ func (s *HTTPHandlers) AgentRegisterCheck(resp http.ResponseWriter, req *http.Re } func (s *HTTPHandlers) AgentDeregisterCheck(resp http.ResponseWriter, req *http.Request) (interface{}, error) { - ID, err := getPathSuffixUnescaped(req.URL.Path, "/v1/agent/check/deregister/") - if err != nil { - return nil, err - } - checkID := structs.NewCheckID(types.CheckID(ID), nil) + id := strings.TrimPrefix(req.URL.Path, "/v1/agent/check/deregister/") + checkID := structs.NewCheckID(types.CheckID(id), nil) // Get the provided token, if any, and vet against any ACL policies. var token string @@ -829,21 +817,15 @@ func (s *HTTPHandlers) AgentDeregisterCheck(resp http.ResponseWriter, req *http. } func (s *HTTPHandlers) AgentCheckPass(resp http.ResponseWriter, req *http.Request) (interface{}, error) { - ID, err := getPathSuffixUnescaped(req.URL.Path, "/v1/agent/check/pass/") - if err != nil { - return nil, err - } - checkID := types.CheckID(ID) + id := strings.TrimPrefix(req.URL.Path, "/v1/agent/check/pass/") + checkID := types.CheckID(id) note := req.URL.Query().Get("note") return s.agentCheckUpdate(resp, req, checkID, api.HealthPassing, note) } func (s *HTTPHandlers) AgentCheckWarn(resp http.ResponseWriter, req *http.Request) (interface{}, error) { - ID, err := getPathSuffixUnescaped(req.URL.Path, "/v1/agent/check/warn/") - if err != nil { - return nil, err - } - checkID := types.CheckID(ID) + id := strings.TrimPrefix(req.URL.Path, "/v1/agent/check/warn/") + checkID := types.CheckID(id) note := req.URL.Query().Get("note") return s.agentCheckUpdate(resp, req, checkID, api.HealthWarning, note) @@ -851,11 +833,8 @@ func (s *HTTPHandlers) AgentCheckWarn(resp http.ResponseWriter, req *http.Reques } func (s *HTTPHandlers) AgentCheckFail(resp http.ResponseWriter, req *http.Request) (interface{}, error) { - ID, err := getPathSuffixUnescaped(req.URL.Path, "/v1/agent/check/fail/") - if err != nil { - return nil, err - } - checkID := types.CheckID(ID) + id := strings.TrimPrefix(req.URL.Path, "/v1/agent/check/fail/") + checkID := types.CheckID(id) note := req.URL.Query().Get("note") return s.agentCheckUpdate(resp, req, checkID, api.HealthCritical, note) @@ -890,12 +869,8 @@ func (s *HTTPHandlers) AgentCheckUpdate(resp http.ResponseWriter, req *http.Requ return nil, HTTPError{StatusCode: http.StatusBadRequest, Reason: fmt.Sprintf("Invalid check status: '%s'", update.Status)} } - ID, err := getPathSuffixUnescaped(req.URL.Path, "/v1/agent/check/update/") - if err != nil { - return nil, err - } - - checkID := types.CheckID(ID) + id := strings.TrimPrefix(req.URL.Path, "/v1/agent/check/update/") + checkID := types.CheckID(id) return s.agentCheckUpdate(resp, req, checkID, update.Status, update.Output) } @@ -977,10 +952,7 @@ func returnTextPlain(req *http.Request) bool { // AgentHealthServiceByID return the local Service Health given its ID func (s *HTTPHandlers) AgentHealthServiceByID(resp http.ResponseWriter, req *http.Request) (interface{}, error) { // Pull out the service id (service id since there may be several instance of the same service on this host) - serviceID, err := getPathSuffixUnescaped(req.URL.Path, "/v1/agent/health/service/id/") - if err != nil { - return nil, err - } + serviceID := strings.TrimPrefix(req.URL.Path, "/v1/agent/health/service/id/") if serviceID == "" { return nil, &HTTPError{StatusCode: http.StatusBadRequest, Reason: "Missing serviceID"} } @@ -1038,11 +1010,7 @@ func (s *HTTPHandlers) AgentHealthServiceByID(resp http.ResponseWriter, req *htt // AgentHealthServiceByName return the worse status of all the services with given name on an agent func (s *HTTPHandlers) AgentHealthServiceByName(resp http.ResponseWriter, req *http.Request) (interface{}, error) { // Pull out the service name - serviceName, err := getPathSuffixUnescaped(req.URL.Path, "/v1/agent/health/service/name/") - if err != nil { - return nil, err - } - + serviceName := strings.TrimPrefix(req.URL.Path, "/v1/agent/health/service/name/") if serviceName == "" { return nil, &HTTPError{StatusCode: http.StatusBadRequest, Reason: "Missing service Name"} } @@ -1247,11 +1215,7 @@ func (s *HTTPHandlers) AgentRegisterService(resp http.ResponseWriter, req *http. } func (s *HTTPHandlers) AgentDeregisterService(resp http.ResponseWriter, req *http.Request) (interface{}, error) { - serviceID, err := getPathSuffixUnescaped(req.URL.Path, "/v1/agent/service/deregister/") - if err != nil { - return nil, err - } - + serviceID := strings.TrimPrefix(req.URL.Path, "/v1/agent/service/deregister/") sid := structs.NewServiceID(serviceID, nil) // Get the provided token, if any, and vet against any ACL policies. @@ -1287,11 +1251,7 @@ func (s *HTTPHandlers) AgentDeregisterService(resp http.ResponseWriter, req *htt func (s *HTTPHandlers) AgentServiceMaintenance(resp http.ResponseWriter, req *http.Request) (interface{}, error) { // Ensure we have a service ID - serviceID, err := getPathSuffixUnescaped(req.URL.Path, "/v1/agent/service/maintenance/") - if err != nil { - return nil, err - } - + serviceID := strings.TrimPrefix(req.URL.Path, "/v1/agent/service/maintenance/") sid := structs.NewServiceID(serviceID, nil) if sid.ID == "" { @@ -1489,10 +1449,7 @@ func (s *HTTPHandlers) AgentToken(resp http.ResponseWriter, req *http.Request) ( } // Figure out the target token. - target, err := getPathSuffixUnescaped(req.URL.Path, "/v1/agent/token/") - if err != nil { - return nil, err - } + target := strings.TrimPrefix(req.URL.Path, "/v1/agent/token/") err = s.agent.tokens.WithPersistenceLock(func() error { triggerAntiEntropySync := false @@ -1565,10 +1522,7 @@ func (s *HTTPHandlers) AgentConnectCARoots(resp http.ResponseWriter, req *http.R func (s *HTTPHandlers) AgentConnectCALeafCert(resp http.ResponseWriter, req *http.Request) (interface{}, error) { // Get the service name. Note that this is the name of the service, // not the ID of the service instance. - serviceName, err := getPathSuffixUnescaped(req.URL.Path, "/v1/agent/connect/ca/leaf/") - if err != nil { - return nil, err - } + serviceName := strings.TrimPrefix(req.URL.Path, "/v1/agent/connect/ca/leaf/") args := cachetype.ConnectCALeafRequest{ Service: serviceName, // Need name not ID diff --git a/agent/catalog_endpoint.go b/agent/catalog_endpoint.go index 3617a3d3a..fbee9cbfc 100644 --- a/agent/catalog_endpoint.go +++ b/agent/catalog_endpoint.go @@ -3,6 +3,7 @@ package agent import ( "fmt" "net/http" + "strings" metrics "github.com/armon/go-metrics" "github.com/armon/go-metrics/prometheus" @@ -361,11 +362,7 @@ func (s *HTTPHandlers) catalogServiceNodes(resp http.ResponseWriter, req *http.R } // Pull out the service name - var err error - args.ServiceName, err = getPathSuffixUnescaped(req.URL.Path, pathPrefix) - if err != nil { - return nil, err - } + args.ServiceName = strings.TrimPrefix(req.URL.Path, pathPrefix) if args.ServiceName == "" { return nil, HTTPError{StatusCode: http.StatusBadRequest, Reason: "Missing service name"} } @@ -436,11 +433,7 @@ func (s *HTTPHandlers) CatalogNodeServices(resp http.ResponseWriter, req *http.R } // Pull out the node name - var err error - args.Node, err = getPathSuffixUnescaped(req.URL.Path, "/v1/catalog/node/") - if err != nil { - return nil, err - } + args.Node = strings.TrimPrefix(req.URL.Path, "/v1/catalog/node/") if args.Node == "" { return nil, HTTPError{StatusCode: http.StatusBadRequest, Reason: "Missing node name"} } @@ -501,11 +494,7 @@ func (s *HTTPHandlers) CatalogNodeServiceList(resp http.ResponseWriter, req *htt } // Pull out the node name - var err error - args.Node, err = getPathSuffixUnescaped(req.URL.Path, "/v1/catalog/node-services/") - if err != nil { - return nil, err - } + args.Node = strings.TrimPrefix(req.URL.Path, "/v1/catalog/node-services/") if args.Node == "" { return nil, HTTPError{StatusCode: http.StatusBadRequest, Reason: "Missing node name"} } @@ -552,11 +541,7 @@ func (s *HTTPHandlers) CatalogGatewayServices(resp http.ResponseWriter, req *htt } // Pull out the gateway's service name - var err error - args.ServiceName, err = getPathSuffixUnescaped(req.URL.Path, "/v1/catalog/gateway-services/") - if err != nil { - return nil, err - } + args.ServiceName = strings.TrimPrefix(req.URL.Path, "/v1/catalog/gateway-services/") if args.ServiceName == "" { return nil, HTTPError{StatusCode: http.StatusBadRequest, Reason: "Missing gateway name"} } diff --git a/agent/config_endpoint.go b/agent/config_endpoint.go index b51c1e273..7e67d851a 100644 --- a/agent/config_endpoint.go +++ b/agent/config_endpoint.go @@ -33,10 +33,7 @@ func (s *HTTPHandlers) configGet(resp http.ResponseWriter, req *http.Request) (i if done := s.parse(resp, req, &args.Datacenter, &args.QueryOptions); done { return nil, nil } - kindAndName, err := getPathSuffixUnescaped(req.URL.Path, "/v1/config/") - if err != nil { - return nil, err - } + kindAndName := strings.TrimPrefix(req.URL.Path, "/v1/config/") pathArgs := strings.SplitN(kindAndName, "/", 2) switch len(pathArgs) { @@ -84,10 +81,7 @@ func (s *HTTPHandlers) configDelete(resp http.ResponseWriter, req *http.Request) var args structs.ConfigEntryRequest s.parseDC(req, &args.Datacenter) s.parseToken(req, &args.Token) - kindAndName, err := getPathSuffixUnescaped(req.URL.Path, "/v1/config/") - if err != nil { - return nil, err - } + kindAndName := strings.TrimPrefix(req.URL.Path, "/v1/config/") pathArgs := strings.SplitN(kindAndName, "/", 2) if len(pathArgs) != 2 { diff --git a/agent/coordinate_endpoint.go b/agent/coordinate_endpoint.go index 14176ab1e..bb4f328ed 100644 --- a/agent/coordinate_endpoint.go +++ b/agent/coordinate_endpoint.go @@ -4,6 +4,7 @@ import ( "fmt" "net/http" "sort" + "strings" "github.com/hashicorp/consul/agent/structs" ) @@ -99,10 +100,7 @@ func (s *HTTPHandlers) CoordinateNode(resp http.ResponseWriter, req *http.Reques return nil, err } - node, err := getPathSuffixUnescaped(req.URL.Path, "/v1/coordinate/node/") - if err != nil { - return nil, err - } + node := strings.TrimPrefix(req.URL.Path, "/v1/coordinate/node/") args := structs.NodeSpecificRequest{Node: node} if done := s.parse(resp, req, &args.Datacenter, &args.QueryOptions); done { return nil, nil diff --git a/agent/discovery_chain_endpoint.go b/agent/discovery_chain_endpoint.go index 475ef02d6..4f762faf0 100644 --- a/agent/discovery_chain_endpoint.go +++ b/agent/discovery_chain_endpoint.go @@ -3,6 +3,7 @@ package agent import ( "fmt" "net/http" + "strings" "time" "github.com/mitchellh/mapstructure" @@ -19,11 +20,7 @@ func (s *HTTPHandlers) DiscoveryChainRead(resp http.ResponseWriter, req *http.Re return nil, nil } - var err error - args.Name, err = getPathSuffixUnescaped(req.URL.Path, "/v1/discovery-chain/") - if err != nil { - return nil, err - } + args.Name = strings.TrimPrefix(req.URL.Path, "/v1/discovery-chain/") if args.Name == "" { return nil, HTTPError{StatusCode: http.StatusBadRequest, Reason: "Missing chain name"} } diff --git a/agent/event_endpoint.go b/agent/event_endpoint.go index 78be383d8..971cb9deb 100644 --- a/agent/event_endpoint.go +++ b/agent/event_endpoint.go @@ -5,6 +5,7 @@ import ( "io" "net/http" "strconv" + "strings" "time" "github.com/hashicorp/consul/acl" @@ -19,11 +20,7 @@ func (s *HTTPHandlers) EventFire(resp http.ResponseWriter, req *http.Request) (i s.parseDC(req, &dc) event := &UserEvent{} - var err error - event.Name, err = getPathSuffixUnescaped(req.URL.Path, "/v1/event/fire/") - if err != nil { - return nil, err - } + event.Name = strings.TrimPrefix(req.URL.Path, "/v1/event/fire/") if event.Name == "" { return nil, HTTPError{StatusCode: http.StatusBadRequest, Reason: "Missing name"} } diff --git a/agent/federation_state_endpoint.go b/agent/federation_state_endpoint.go index aecb58ff3..4b7757ef8 100644 --- a/agent/federation_state_endpoint.go +++ b/agent/federation_state_endpoint.go @@ -2,16 +2,14 @@ package agent import ( "net/http" + "strings" "github.com/hashicorp/consul/agent/structs" ) // GET /v1/internal/federation-state/ func (s *HTTPHandlers) FederationStateGet(resp http.ResponseWriter, req *http.Request) (interface{}, error) { - datacenterName, err := getPathSuffixUnescaped(req.URL.Path, "/v1/internal/federation-state/") - if err != nil { - return nil, err - } + datacenterName := strings.TrimPrefix(req.URL.Path, "/v1/internal/federation-state/") if datacenterName == "" { return nil, HTTPError{StatusCode: http.StatusBadRequest, Reason: "Missing datacenter name"} } diff --git a/agent/health_endpoint.go b/agent/health_endpoint.go index c8b8cf15c..6ea64528b 100644 --- a/agent/health_endpoint.go +++ b/agent/health_endpoint.go @@ -4,6 +4,7 @@ import ( "net/http" "net/url" "strconv" + "strings" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" @@ -28,11 +29,7 @@ func (s *HTTPHandlers) HealthChecksInState(resp http.ResponseWriter, req *http.R } // Pull out the service name - var err error - args.State, err = getPathSuffixUnescaped(req.URL.Path, "/v1/health/state/") - if err != nil { - return nil, err - } + args.State = strings.TrimPrefix(req.URL.Path, "/v1/health/state/") if args.State == "" { return nil, HTTPError{StatusCode: http.StatusBadRequest, Reason: "Missing check state"} } @@ -76,11 +73,7 @@ func (s *HTTPHandlers) HealthNodeChecks(resp http.ResponseWriter, req *http.Requ } // Pull out the service name - var err error - args.Node, err = getPathSuffixUnescaped(req.URL.Path, "/v1/health/node/") - if err != nil { - return nil, err - } + args.Node = strings.TrimPrefix(req.URL.Path, "/v1/health/node/") if args.Node == "" { return nil, HTTPError{StatusCode: http.StatusBadRequest, Reason: "Missing node name"} } @@ -126,11 +119,7 @@ func (s *HTTPHandlers) HealthServiceChecks(resp http.ResponseWriter, req *http.R } // Pull out the service name - var err error - args.ServiceName, err = getPathSuffixUnescaped(req.URL.Path, "/v1/health/checks/") - if err != nil { - return nil, err - } + args.ServiceName = strings.TrimPrefix(req.URL.Path, "/v1/health/checks/") if args.ServiceName == "" { return nil, HTTPError{StatusCode: http.StatusBadRequest, Reason: "Missing service name"} } @@ -222,11 +211,7 @@ func (s *HTTPHandlers) healthServiceNodes(resp http.ResponseWriter, req *http.Re } // Pull out the service name - var err error - args.ServiceName, err = getPathSuffixUnescaped(req.URL.Path, prefix) - if err != nil { - return nil, err - } + args.ServiceName = strings.TrimPrefix(req.URL.Path, prefix) if args.ServiceName == "" { return nil, HTTPError{StatusCode: http.StatusBadRequest, Reason: "Missing service name"} } diff --git a/agent/http.go b/agent/http.go index 9bb5ed340..5dbcdf00b 100644 --- a/agent/http.go +++ b/agent/http.go @@ -1139,18 +1139,6 @@ func (s *HTTPHandlers) parseFilter(req *http.Request, filter *string) { } } -func getPathSuffixUnescaped(path string, prefixToTrim string) (string, error) { - // The suffix may be URL-encoded, so attempt to decode - suffixRaw := strings.TrimPrefix(path, prefixToTrim) - suffixUnescaped, err := url.PathUnescape(suffixRaw) - - if err != nil { - return suffixRaw, fmt.Errorf("failure in unescaping path param %q: %v", suffixRaw, err) - } - - return suffixUnescaped, nil -} - func setMetaProtobuf(resp http.ResponseWriter, queryMeta *pbcommon.QueryMeta) { qm := new(structs.QueryMeta) pbcommon.QueryMetaToStructs(queryMeta, qm) diff --git a/agent/http_test.go b/agent/http_test.go index 525c4675a..a42a93230 100644 --- a/agent/http_test.go +++ b/agent/http_test.go @@ -1686,42 +1686,3 @@ func TestRPC_HTTPSMaxConnsPerClient(t *testing.T) { }) } } - -func TestGetPathSuffixUnescaped(t *testing.T) { - t.Parallel() - - cases := []struct { - name string - pathInput string - pathPrefix string - suffixResult string - errString string - }{ - // No decoding required (resource name must be unaffected by the decode) - {"Normal Valid", "/foo/bar/resource-1", "/foo/bar/", "resource-1", ""}, - // This function is not responsible for enforcing a valid URL, just for decoding escaped values. - // If there's an invalid URL segment in the path, it will be returned as is. - {"Unencoded Invalid", "/foo/bar/resource 1", "/foo/bar/", "resource 1", ""}, - // Decode the encoded value properly - {"Encoded Valid", "/foo/bar/re%2Fsource%201", "/foo/bar/", "re/source 1", ""}, - // Fail to decode an invalidly encoded input - {"Encoded Invalid", "/foo/bar/re%Fsource%201", "/foo/bar/", "re%Fsource%201", "failure in unescaping path param"}, - } - - for _, tc := range cases { - tc := tc - t.Run(tc.name, func(t *testing.T) { - - suffixResult, err := getPathSuffixUnescaped(tc.pathInput, tc.pathPrefix) - - require.Equal(t, suffixResult, tc.suffixResult) - - if tc.errString == "" { - require.NoError(t, err) - } else { - require.Error(t, err) - require.Contains(t, err.Error(), tc.errString) - } - }) - } -} diff --git a/agent/intentions_endpoint.go b/agent/intentions_endpoint.go index ff720e900..d21833a8f 100644 --- a/agent/intentions_endpoint.go +++ b/agent/intentions_endpoint.go @@ -486,10 +486,7 @@ func parseIntentionStringComponent(input string, entMeta *acl.EnterpriseMeta) (s // IntentionSpecific handles the endpoint for /v1/connect/intentions/:id. // Deprecated: use IntentionExact. func (s *HTTPHandlers) IntentionSpecific(resp http.ResponseWriter, req *http.Request) (interface{}, error) { - id, err := getPathSuffixUnescaped(req.URL.Path, "/v1/connect/intentions/") - if err != nil { - return nil, err - } + id := strings.TrimPrefix(req.URL.Path, "/v1/connect/intentions/") switch req.Method { case "GET": diff --git a/agent/kvs_endpoint.go b/agent/kvs_endpoint.go index 4ac9f4119..bcb874588 100644 --- a/agent/kvs_endpoint.go +++ b/agent/kvs_endpoint.go @@ -6,6 +6,7 @@ import ( "io" "net/http" "strconv" + "strings" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" @@ -19,11 +20,7 @@ func (s *HTTPHandlers) KVSEndpoint(resp http.ResponseWriter, req *http.Request) } // Pull out the key name, validation left to each sub-handler - var err error - args.Key, err = getPathSuffixUnescaped(req.URL.Path, "/v1/kv/") - if err != nil { - return nil, err - } + args.Key = strings.TrimPrefix(req.URL.Path, "/v1/kv/") // Check for a key list keyList := false diff --git a/agent/peering_endpoint.go b/agent/peering_endpoint.go index 569c8ca4a..162d8985e 100644 --- a/agent/peering_endpoint.go +++ b/agent/peering_endpoint.go @@ -3,6 +3,7 @@ package agent import ( "fmt" "net/http" + "strings" "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/api" @@ -12,10 +13,7 @@ import ( // PeeringEndpoint handles GET, DELETE on v1/peering/name func (s *HTTPHandlers) PeeringEndpoint(resp http.ResponseWriter, req *http.Request) (interface{}, error) { - name, err := getPathSuffixUnescaped(req.URL.Path, "/v1/peering/") - if err != nil { - return nil, err - } + name := strings.TrimPrefix(req.URL.Path, "/v1/peering/") if name == "" { return nil, HTTPError{StatusCode: http.StatusBadRequest, Reason: "Must specify a name to fetch."} } diff --git a/agent/prepared_query_endpoint.go b/agent/prepared_query_endpoint.go index f6cbe6494..6f5e7a9c2 100644 --- a/agent/prepared_query_endpoint.go +++ b/agent/prepared_query_endpoint.go @@ -309,10 +309,7 @@ func (s *HTTPHandlers) PreparedQuerySpecific(resp http.ResponseWriter, req *http } path := req.URL.Path - id, err := getPathSuffixUnescaped(path, "/v1/query/") - if err != nil { - return nil, err - } + id := strings.TrimPrefix(path, "/v1/query/") switch { case strings.HasSuffix(path, "/execute"): diff --git a/agent/session_endpoint.go b/agent/session_endpoint.go index 74228cbb1..d1b6dd7cf 100644 --- a/agent/session_endpoint.go +++ b/agent/session_endpoint.go @@ -3,6 +3,7 @@ package agent import ( "fmt" "net/http" + "strings" "time" "github.com/hashicorp/consul/agent/structs" @@ -69,11 +70,7 @@ func (s *HTTPHandlers) SessionDestroy(resp http.ResponseWriter, req *http.Reques } // Pull out the session id - var err error - args.Session.ID, err = getPathSuffixUnescaped(req.URL.Path, "/v1/session/destroy/") - if err != nil { - return nil, err - } + args.Session.ID = strings.TrimPrefix(req.URL.Path, "/v1/session/destroy/") if args.Session.ID == "" { return nil, HTTPError{StatusCode: http.StatusBadRequest, Reason: "Missing session"} } @@ -96,11 +93,7 @@ func (s *HTTPHandlers) SessionRenew(resp http.ResponseWriter, req *http.Request) } // Pull out the session id - var err error - args.SessionID, err = getPathSuffixUnescaped(req.URL.Path, "/v1/session/renew/") - if err != nil { - return nil, err - } + args.SessionID = strings.TrimPrefix(req.URL.Path, "/v1/session/renew/") args.Session = args.SessionID if args.SessionID == "" { return nil, HTTPError{StatusCode: http.StatusBadRequest, Reason: "Missing session"} @@ -127,11 +120,7 @@ func (s *HTTPHandlers) SessionGet(resp http.ResponseWriter, req *http.Request) ( } // Pull out the session id - var err error - args.SessionID, err = getPathSuffixUnescaped(req.URL.Path, "/v1/session/info/") - if err != nil { - return nil, err - } + args.SessionID = strings.TrimPrefix(req.URL.Path, "/v1/session/info/") args.Session = args.SessionID if args.SessionID == "" { return nil, HTTPError{StatusCode: http.StatusBadRequest, Reason: "Missing session"} @@ -184,11 +173,7 @@ func (s *HTTPHandlers) SessionsForNode(resp http.ResponseWriter, req *http.Reque } // Pull out the node name - var err error - args.Node, err = getPathSuffixUnescaped(req.URL.Path, "/v1/session/node/") - if err != nil { - return nil, err - } + args.Node = strings.TrimPrefix(req.URL.Path, "/v1/session/node/") if args.Node == "" { return nil, HTTPError{StatusCode: http.StatusBadRequest, Reason: "Missing node name"} } diff --git a/agent/ui_endpoint.go b/agent/ui_endpoint.go index 1a8d5591a..70d5d9def 100644 --- a/agent/ui_endpoint.go +++ b/agent/ui_endpoint.go @@ -134,11 +134,7 @@ func (s *HTTPHandlers) UINodeInfo(resp http.ResponseWriter, req *http.Request) ( } // Verify we have some DC, or use the default - var err error - args.Node, err = getPathSuffixUnescaped(req.URL.Path, "/v1/internal/ui/node/") - if err != nil { - return nil, err - } + args.Node = strings.TrimPrefix(req.URL.Path, "/v1/internal/ui/node/") if args.Node == "" { return nil, HTTPError{StatusCode: http.StatusBadRequest, Reason: "Missing node name"} } @@ -266,11 +262,7 @@ func (s *HTTPHandlers) UIGatewayServicesNodes(resp http.ResponseWriter, req *htt } // Pull out the service name - var err error - args.ServiceName, err = getPathSuffixUnescaped(req.URL.Path, "/v1/internal/ui/gateway-services-nodes/") - if err != nil { - return nil, err - } + args.ServiceName = strings.TrimPrefix(req.URL.Path, "/v1/internal/ui/gateway-services-nodes/") if args.ServiceName == "" { return nil, HTTPError{StatusCode: http.StatusBadRequest, Reason: "Missing gateway name"} } @@ -310,11 +302,7 @@ func (s *HTTPHandlers) UIServiceTopology(resp http.ResponseWriter, req *http.Req return nil, err } - var err error - args.ServiceName, err = getPathSuffixUnescaped(req.URL.Path, "/v1/internal/ui/service-topology/") - if err != nil { - return nil, err - } + args.ServiceName = strings.TrimPrefix(req.URL.Path, "/v1/internal/ui/service-topology/") if args.ServiceName == "" { return nil, HTTPError{StatusCode: http.StatusBadRequest, Reason: "Missing service name"} } @@ -588,11 +576,7 @@ func (s *HTTPHandlers) UIGatewayIntentions(resp http.ResponseWriter, req *http.R } // Pull out the service name - var err error - name, err := getPathSuffixUnescaped(req.URL.Path, "/v1/internal/ui/gateway-intentions/") - if err != nil { - return nil, err - } + name := strings.TrimPrefix(req.URL.Path, "/v1/internal/ui/gateway-intentions/") if name == "" { return nil, HTTPError{StatusCode: http.StatusBadRequest, Reason: "Missing gateway name"} } @@ -674,10 +658,7 @@ func (s *HTTPHandlers) UIMetricsProxy(resp http.ResponseWriter, req *http.Reques // here. // Replace prefix in the path - subPath, err := getPathSuffixUnescaped(req.URL.Path, "/v1/internal/ui/metrics-proxy") - if err != nil { - return nil, err - } + subPath := strings.TrimPrefix(req.URL.Path, "/v1/internal/ui/metrics-proxy") // Append that to the BaseURL (which might contain a path prefix component) newURL := cfg.BaseURL + subPath From ac747888fd7008827afc1dbcbba9768eceafebd4 Mon Sep 17 00:00:00 2001 From: Mike Morris Date: Wed, 1 Jun 2022 13:56:22 -0400 Subject: [PATCH 431/785] docs(consul-api-gateway): add GatewayClassConfig deployment.defaultInstances --- website/content/docs/api-gateway/consul-api-gateway-install.mdx | 1 + 1 file changed, 1 insertion(+) diff --git a/website/content/docs/api-gateway/consul-api-gateway-install.mdx b/website/content/docs/api-gateway/consul-api-gateway-install.mdx index 087c0e70e..2f8b1ac33 100644 --- a/website/content/docs/api-gateway/consul-api-gateway-install.mdx +++ b/website/content/docs/api-gateway/consul-api-gateway-install.mdx @@ -168,6 +168,7 @@ The following table describes the allowed parameters for the `spec` array: | `consul.ports.http` | Specifies the port for Consul's HTTP server. | Integer | `8500` | | `consul.scheme` | Specifies the scheme to use for connecting to Consul. The supported values are `"http"` and `"https"`. | String | `"http"` | | `copyAnnotations.service` | List of annotations to copy to the gateway service. | Array | `["external-dns.alpha.kubernetes.io/hostname"]` | +| `deployment.defaultInstances` | Specifies the number of gateway instances that should be deployed by default. | Integer | 1 | | `image.consulAPIGateway` | The image to use for consul-api-gateway. View available image tags on [DockerHub](https://hub.docker.com/r/hashicorp/consul-api-gateway/tags). | String | `"hashicorp/consul-api-gateway:RELEASE_VERSION"` | | `image.envoy` | Specifies the container image to use for Envoy. View available image tags on [DockerHub](https://hub.docker.com/r/envoyproxy/envoy/tags). | String | `"envoyproxy/envoy:RELEASE_VERSION"` | | `logLevel` | Specifies the error reporting level for logs. You can specify the following values: `error`, `warning`, `info`, `debug`, `trace`. | String | `"info"` | From df1666765a466fde750f11561432e42414102ad1 Mon Sep 17 00:00:00 2001 From: Mike Morris Date: Wed, 1 Jun 2022 13:59:50 -0400 Subject: [PATCH 432/785] docs(consul-api-gateway): add GatewayClassConfig deployment.maxInstances and deployment.minInstances --- website/content/docs/api-gateway/consul-api-gateway-install.mdx | 2 ++ 1 file changed, 2 insertions(+) diff --git a/website/content/docs/api-gateway/consul-api-gateway-install.mdx b/website/content/docs/api-gateway/consul-api-gateway-install.mdx index 2f8b1ac33..405c917ee 100644 --- a/website/content/docs/api-gateway/consul-api-gateway-install.mdx +++ b/website/content/docs/api-gateway/consul-api-gateway-install.mdx @@ -169,6 +169,8 @@ The following table describes the allowed parameters for the `spec` array: | `consul.scheme` | Specifies the scheme to use for connecting to Consul. The supported values are `"http"` and `"https"`. | String | `"http"` | | `copyAnnotations.service` | List of annotations to copy to the gateway service. | Array | `["external-dns.alpha.kubernetes.io/hostname"]` | | `deployment.defaultInstances` | Specifies the number of gateway instances that should be deployed by default. | Integer | 1 | +| `deployment.maxInstances` | Specifies the maximum allowed number of gateway instances. | Integer | 8 | +| `deployment.minInstances` | Specifies the minimum allowed number of gateway instances. | Integer | 1 | | `image.consulAPIGateway` | The image to use for consul-api-gateway. View available image tags on [DockerHub](https://hub.docker.com/r/hashicorp/consul-api-gateway/tags). | String | `"hashicorp/consul-api-gateway:RELEASE_VERSION"` | | `image.envoy` | Specifies the container image to use for Envoy. View available image tags on [DockerHub](https://hub.docker.com/r/envoyproxy/envoy/tags). | String | `"envoyproxy/envoy:RELEASE_VERSION"` | | `logLevel` | Specifies the error reporting level for logs. You can specify the following values: `error`, `warning`, `info`, `debug`, `trace`. | String | `"info"` | From 601c13eefec8ca37fefab4a1c33fe8abf31f4425 Mon Sep 17 00:00:00 2001 From: Mike Morris Date: Wed, 1 Jun 2022 14:06:18 -0400 Subject: [PATCH 433/785] docs(consul-api-gateway): gateway instances -> instances per gateway --- .../content/docs/api-gateway/consul-api-gateway-install.mdx | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/website/content/docs/api-gateway/consul-api-gateway-install.mdx b/website/content/docs/api-gateway/consul-api-gateway-install.mdx index 405c917ee..c231083ab 100644 --- a/website/content/docs/api-gateway/consul-api-gateway-install.mdx +++ b/website/content/docs/api-gateway/consul-api-gateway-install.mdx @@ -168,9 +168,9 @@ The following table describes the allowed parameters for the `spec` array: | `consul.ports.http` | Specifies the port for Consul's HTTP server. | Integer | `8500` | | `consul.scheme` | Specifies the scheme to use for connecting to Consul. The supported values are `"http"` and `"https"`. | String | `"http"` | | `copyAnnotations.service` | List of annotations to copy to the gateway service. | Array | `["external-dns.alpha.kubernetes.io/hostname"]` | -| `deployment.defaultInstances` | Specifies the number of gateway instances that should be deployed by default. | Integer | 1 | -| `deployment.maxInstances` | Specifies the maximum allowed number of gateway instances. | Integer | 8 | -| `deployment.minInstances` | Specifies the minimum allowed number of gateway instances. | Integer | 1 | +| `deployment.defaultInstances` | Specifies the number of instances per gateway that should be deployed by default. | Integer | 1 | +| `deployment.maxInstances` | Specifies the maximum allowed number of instances per gateway. | Integer | 8 | +| `deployment.minInstances` | Specifies the minimum allowed number of instances per gateway. | Integer | 1 | | `image.consulAPIGateway` | The image to use for consul-api-gateway. View available image tags on [DockerHub](https://hub.docker.com/r/hashicorp/consul-api-gateway/tags). | String | `"hashicorp/consul-api-gateway:RELEASE_VERSION"` | | `image.envoy` | Specifies the container image to use for Envoy. View available image tags on [DockerHub](https://hub.docker.com/r/envoyproxy/envoy/tags). | String | `"envoyproxy/envoy:RELEASE_VERSION"` | | `logLevel` | Specifies the error reporting level for logs. You can specify the following values: `error`, `warning`, `info`, `debug`, `trace`. | String | `"info"` | From b2045c0cd0c620f27aeb6cc8f4d5e50a91119d2f Mon Sep 17 00:00:00 2001 From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com> Date: Wed, 1 Jun 2022 13:34:44 -0500 Subject: [PATCH 434/785] ci: nomad main is now on go 1.18 (#13329) The nomad integration tests that use main need to be updated to reflect hashicorp/nomad#13036 --- .circleci/config.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index eebc8adfa..a59d4855a 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -557,17 +557,17 @@ jobs: # Run integration tests on nomad/v0.8.7 nomad-integration-0_8: docker: - - image: docker.mirror.hashicorp.services/circleci/golang:1.10 + - image: docker.mirror.hashicorp.services/cimg/go:1.10 environment: <<: *ENVIRONMENT - NOMAD_WORKING_DIR: &NOMAD_WORKING_DIR /go/src/github.com/hashicorp/nomad + NOMAD_WORKING_DIR: &NOMAD_WORKING_DIR /home/circleci/go/src/github.com/hashicorp/nomad NOMAD_VERSION: v0.8.7 steps: &NOMAD_INTEGRATION_TEST_STEPS - run: git clone https://github.com/hashicorp/nomad.git --branch ${NOMAD_VERSION} ${NOMAD_WORKING_DIR} # get consul binary - attach_workspace: - at: /go/bin + at: /home/circleci/go/bin # make dev build of nomad - run: @@ -597,10 +597,10 @@ jobs: # run integration tests on nomad/main nomad-integration-main: docker: - - image: docker.mirror.hashicorp.services/circleci/golang:1.17 # TODO: replace with cimg/go (requires steps update) + - image: docker.mirror.hashicorp.services/cimg/go:1.18 environment: <<: *ENVIRONMENT - NOMAD_WORKING_DIR: /go/src/github.com/hashicorp/nomad + NOMAD_WORKING_DIR: /home/circleci/go/src/github.com/hashicorp/nomad NOMAD_VERSION: main steps: *NOMAD_INTEGRATION_TEST_STEPS From 2601a7d5633eaf8033bd74e1bef872f5f1cb1535 Mon Sep 17 00:00:00 2001 From: Mike Morris Date: Wed, 1 Jun 2022 14:42:08 -0400 Subject: [PATCH 435/785] docs(consul-api-gateway): add Gateway scaling section --- .../consul-api-gateway-install.mdx | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/website/content/docs/api-gateway/consul-api-gateway-install.mdx b/website/content/docs/api-gateway/consul-api-gateway-install.mdx index c231083ab..3e2e6be97 100644 --- a/website/content/docs/api-gateway/consul-api-gateway-install.mdx +++ b/website/content/docs/api-gateway/consul-api-gateway-install.mdx @@ -266,6 +266,25 @@ Add the `listener` object to the `gateway` configuration and specify the followi Refer to the [Kubernetes Gateway API documentation](https://gateway-api.sigs.k8s.io/v1alpha2/references/spec/#gateway.networking.k8s.io/v1alpha2.Listener) for details about configuring listeners. +#### Scaling + +A logical gateway object can be scaled to multiple instances within the bounds set in its associated GatewayClassConfig by using the [`kubectl scale`](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#scaling-a-deployment) command. + +``` +> kubectl get deployment --selector api-gateway.consul.hashicorp.com/name=example-gateway +NAME READY UP-TO-DATE AVAILABLE +example-gateway 1/1 1 1 +``` +``` +> kubectl scale deployment/example-gateway --replicas=3 +deployment.apps/api-gateway scaled +``` +``` +> k get deployment -n consul --selector api-gateway.consul.hashicorp.com/name=api-gateway +NAME READY UP-TO-DATE AVAILABLE +api-gateway 3/3 3 3 +``` + ### Route Routes are independent configuration objects that are associated with specific listeners. From 75166b6fbd88502ffb7bcf1b3c4f121b7b529b30 Mon Sep 17 00:00:00 2001 From: Mike Morris Date: Wed, 1 Jun 2022 15:00:06 -0400 Subject: [PATCH 436/785] docs(consul-api-gateway): fixup CLI prompt to match convention --- .../content/docs/api-gateway/consul-api-gateway-install.mdx | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/website/content/docs/api-gateway/consul-api-gateway-install.mdx b/website/content/docs/api-gateway/consul-api-gateway-install.mdx index 3e2e6be97..99b1ea676 100644 --- a/website/content/docs/api-gateway/consul-api-gateway-install.mdx +++ b/website/content/docs/api-gateway/consul-api-gateway-install.mdx @@ -271,16 +271,16 @@ Refer to the [Kubernetes Gateway API documentation](https://gateway-api.sigs.k8s A logical gateway object can be scaled to multiple instances within the bounds set in its associated GatewayClassConfig by using the [`kubectl scale`](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#scaling-a-deployment) command. ``` -> kubectl get deployment --selector api-gateway.consul.hashicorp.com/name=example-gateway +$ kubectl get deployment --selector api-gateway.consul.hashicorp.com/name=example-gateway NAME READY UP-TO-DATE AVAILABLE example-gateway 1/1 1 1 ``` ``` -> kubectl scale deployment/example-gateway --replicas=3 +$ kubectl scale deployment/example-gateway --replicas=3 deployment.apps/api-gateway scaled ``` ``` -> k get deployment -n consul --selector api-gateway.consul.hashicorp.com/name=api-gateway +$ k get deployment -n consul --selector api-gateway.consul.hashicorp.com/name=api-gateway NAME READY UP-TO-DATE AVAILABLE api-gateway 3/3 3 3 ``` From 39a450bb75f2fbdc5f083c658afa234872db44bf Mon Sep 17 00:00:00 2001 From: Mike Morris Date: Wed, 1 Jun 2022 15:01:17 -0400 Subject: [PATCH 437/785] docs(consul-api-gateway): fixup code snippets in gateway scaling section --- .../docs/api-gateway/consul-api-gateway-install.mdx | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/website/content/docs/api-gateway/consul-api-gateway-install.mdx b/website/content/docs/api-gateway/consul-api-gateway-install.mdx index 99b1ea676..6aed5da1d 100644 --- a/website/content/docs/api-gateway/consul-api-gateway-install.mdx +++ b/website/content/docs/api-gateway/consul-api-gateway-install.mdx @@ -277,12 +277,12 @@ example-gateway 1/1 1 1 ``` ``` $ kubectl scale deployment/example-gateway --replicas=3 -deployment.apps/api-gateway scaled +deployment.apps/example-gateway scaled ``` ``` -$ k get deployment -n consul --selector api-gateway.consul.hashicorp.com/name=api-gateway -NAME READY UP-TO-DATE AVAILABLE -api-gateway 3/3 3 3 +$ kubectl get deployment --selector api-gateway.consul.hashicorp.com/name=example-gateway +NAME READY UP-TO-DATE AVAILABLE +example-gateway 3/3 3 3 ``` ### Route From 4479d9e6df058b56fe52d8bdeeee1094c348077f Mon Sep 17 00:00:00 2001 From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com> Date: Wed, 1 Jun 2022 14:16:17 -0500 Subject: [PATCH 438/785] build: add 'make help' to simply list available make targets (#13322) --- GNUmakefile | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/GNUmakefile b/GNUmakefile index 8611ccb30..353948076 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -393,6 +393,12 @@ envoy-regen: @find "command/connect/envoy/testdata" -name '*.golden' -delete @go test -tags '$(GOTAGS)' ./command/connect/envoy -update +.PHONY: help +help: + $(info available make targets) + $(info ----------------------) + @grep "^[a-z0-9-][a-z0-9.-]*:" GNUmakefile | cut -d':' -f1 | sort + .PHONY: all bin dev dist cov test test-internal cover lint ui tools .PHONY: docker-images go-build-image ui-build-image consul-docker ui-docker .PHONY: version test-envoy-integ From addfef506584c0f74fa98d24cdb28852543ab4ee Mon Sep 17 00:00:00 2001 From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com> Date: Wed, 1 Jun 2022 15:17:03 -0500 Subject: [PATCH 439/785] test: regenerate golden files (#13336) make envoy-regen go test ./agent/config -update --- agent/config/testdata/TestRuntimeConfig_Sanitize.golden | 2 +- .../ingress-grpc-multiple-services.latest.golden | 8 ++++++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/agent/config/testdata/TestRuntimeConfig_Sanitize.golden b/agent/config/testdata/TestRuntimeConfig_Sanitize.golden index 159f600d2..e49398b8d 100644 --- a/agent/config/testdata/TestRuntimeConfig_Sanitize.golden +++ b/agent/config/testdata/TestRuntimeConfig_Sanitize.golden @@ -418,7 +418,6 @@ "DisableHostname": false, "DogstatsdAddr": "", "DogstatsdTags": [], - "RetryFailedConfiguration": false, "FilterDefault": false, "MetricsPrefix": "", "PrometheusOpts": { @@ -429,6 +428,7 @@ "Registerer": null, "SummaryDefinitions": [] }, + "RetryFailedConfiguration": false, "StatsdAddr": "", "StatsiteAddr": "" }, diff --git a/agent/xds/testdata/listeners/ingress-grpc-multiple-services.latest.golden b/agent/xds/testdata/listeners/ingress-grpc-multiple-services.latest.golden index 6d1f1790c..abad99195 100644 --- a/agent/xds/testdata/listeners/ingress-grpc-multiple-services.latest.golden +++ b/agent/xds/testdata/listeners/ingress-grpc-multiple-services.latest.golden @@ -49,9 +49,13 @@ } ], "tracing": { - "randomSampling": {} + "randomSampling": { + + } }, - "http2ProtocolOptions": {} + "http2ProtocolOptions": { + + } } } ] From 211b62e9b29feb9c197f2924009565145d6350f6 Mon Sep 17 00:00:00 2001 From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com> Date: Wed, 1 Jun 2022 15:24:45 -0500 Subject: [PATCH 440/785] build: ensure tools match go toolchain version (#13338) --- build-support/scripts/devtools.sh | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) mode change 100644 => 100755 build-support/scripts/devtools.sh diff --git a/build-support/scripts/devtools.sh b/build-support/scripts/devtools.sh old mode 100644 new mode 100755 index 4ab5ba39d..32aea96bd --- a/build-support/scripts/devtools.sh +++ b/build-support/scripts/devtools.sh @@ -165,7 +165,10 @@ function install_versioned_tool { local installbase="$4" local should_install= + local install_reason= local got + local vgot + local vneed local expect="${module}@${version}" local install="${installbase}@${version}" @@ -189,13 +192,25 @@ function install_versioned_tool { awk '{print $2 "@" $3}')" if [[ "$expect" != "$got" ]]; then should_install=1 + install_reason="upgrade" + fi + + # check that they were compiled with the current version of go + set +o pipefail + vgot="$(go version -m $(which "${command}") | head -n 1 | grep -o 'go[0-9.]\+')" + vneed="$(go version | head -n 1 | awk '{print $3}')" + set -o pipefail + if [[ "$vgot" != "$vneed" ]]; then + should_install=1 + install_reason="go toolchain upgrade" fi else should_install=1 + install_reason="install" fi if [[ -n $should_install ]]; then - status_stage "installing tool: ${install}" + status_stage "installing tool (${install_reason}): ${install}" go install "${install}" else debug "skipping tool: ${install} (installed)" From b43799eee1dd88115bd5b551fb56a4f135dc0ab6 Mon Sep 17 00:00:00 2001 From: Freddy Date: Wed, 1 Jun 2022 14:42:33 -0600 Subject: [PATCH 441/785] [OSS] Pull split ns/partition var out of testing file (#13337) The api module previously had defaultPartition and defaultNamespace vars for when we need default/empty split usage between ent/oss respectively. This commit moves those two variables out of test code so that they can be used for the service exports config entry's `GetNamespace()` method. Previously `GetNamespace()` would return "default" in both OSS and enterprise, which can trip up automation that passes the result of this method as the namespace to write a config entry. The split vars are kept private to prevent external usage, and prefixed with `split` for more clarity about their behavior. --- api/agent_test.go | 16 +++++------ api/catalog_test.go | 18 ++++++------- api/config_entry_discoverychain_test.go | 36 ++++++++++++------------- api/config_entry_exports.go | 2 +- api/config_entry_exports_test.go | 6 ++--- api/config_entry_test.go | 4 +-- api/coordinate_test.go | 2 +- api/health_test.go | 4 +-- api/oss.go | 10 +++++++ api/oss_test.go | 7 ----- api/txn_test.go | 22 +++++++-------- 11 files changed, 65 insertions(+), 62 deletions(-) create mode 100644 api/oss.go delete mode 100644 api/oss_test.go diff --git a/api/agent_test.go b/api/agent_test.go index 0c1660b1e..d67aba7b8 100644 --- a/api/agent_test.go +++ b/api/agent_test.go @@ -363,7 +363,7 @@ func TestAPI_AgentServicesWithFilterOpts(t *testing.T) { } require.NoError(t, agent.ServiceRegister(reg)) - opts := &QueryOptions{Namespace: defaultNamespace} + opts := &QueryOptions{Namespace: splitDefaultNamespace} services, err := agent.ServicesWithFilterOpts("foo in Tags", opts) require.NoError(t, err) require.Len(t, services, 1) @@ -791,8 +791,8 @@ func TestAPI_AgentService(t *testing.T) { Warning: 1, }, Meta: map[string]string{}, - Namespace: defaultNamespace, - Partition: defaultPartition, + Namespace: splitDefaultNamespace, + Partition: splitDefaultPartition, Datacenter: "dc1", } require.Equal(t, expect, got) @@ -932,7 +932,7 @@ func TestAPI_AgentUpdateTTLOpts(t *testing.T) { } } - opts := &QueryOptions{Namespace: defaultNamespace} + opts := &QueryOptions{Namespace: splitDefaultNamespace} if err := agent.UpdateTTLOpts("service:foo", "foo", HealthWarning, opts); err != nil { t.Fatalf("err: %v", err) @@ -1007,7 +1007,7 @@ func TestAPI_AgentChecksWithFilterOpts(t *testing.T) { reg.TTL = "15s" require.NoError(t, agent.CheckRegister(reg)) - opts := &QueryOptions{Namespace: defaultNamespace} + opts := &QueryOptions{Namespace: splitDefaultNamespace} checks, err := agent.ChecksWithFilterOpts("Name == foo", opts) require.NoError(t, err) require.Len(t, checks, 1) @@ -1382,7 +1382,7 @@ func TestAPI_ServiceMaintenanceOpts(t *testing.T) { } // Specify namespace in query option - opts := &QueryOptions{Namespace: defaultNamespace} + opts := &QueryOptions{Namespace: splitDefaultNamespace} // Enable maintenance mode if err := agent.EnableServiceMaintenanceOpts("redis", "broken", opts); err != nil { @@ -1701,7 +1701,7 @@ func TestAPI_AgentHealthServiceOpts(t *testing.T) { requireServiceHealthID := func(t *testing.T, serviceID, expected string, shouldExist bool) { msg := fmt.Sprintf("service id:%s, shouldExist:%v, expectedStatus:%s : bad %%s", serviceID, shouldExist, expected) - opts := &QueryOptions{Namespace: defaultNamespace} + opts := &QueryOptions{Namespace: splitDefaultNamespace} state, out, err := agent.AgentHealthServiceByIDOpts(serviceID, opts) require.Nil(t, err, msg, "err") require.Equal(t, expected, state, msg, "state") @@ -1715,7 +1715,7 @@ func TestAPI_AgentHealthServiceOpts(t *testing.T) { requireServiceHealthName := func(t *testing.T, serviceName, expected string, shouldExist bool) { msg := fmt.Sprintf("service name:%s, shouldExist:%v, expectedStatus:%s : bad %%s", serviceName, shouldExist, expected) - opts := &QueryOptions{Namespace: defaultNamespace} + opts := &QueryOptions{Namespace: splitDefaultNamespace} state, outs, err := agent.AgentHealthServiceByNameOpts(serviceName, opts) require.Nil(t, err, msg, "err") require.Equal(t, expected, state, msg, "state") diff --git a/api/catalog_test.go b/api/catalog_test.go index c24d7ccf5..2639be6f4 100644 --- a/api/catalog_test.go +++ b/api/catalog_test.go @@ -51,7 +51,7 @@ func TestAPI_CatalogNodes(t *testing.T) { { ID: s.Config.NodeID, Node: s.Config.NodeName, - Partition: defaultPartition, + Partition: splitDefaultPartition, Address: "127.0.0.1", Datacenter: "dc1", TaggedAddresses: map[string]string{ @@ -1152,8 +1152,8 @@ func TestAPI_CatalogGatewayServices_Terminating(t *testing.T) { expect := []*GatewayService{ { - Service: CompoundServiceName{Name: "api", Namespace: defaultNamespace, Partition: defaultPartition}, - Gateway: CompoundServiceName{Name: "terminating", Namespace: defaultNamespace, Partition: defaultPartition}, + Service: CompoundServiceName{Name: "api", Namespace: splitDefaultNamespace, Partition: splitDefaultPartition}, + Gateway: CompoundServiceName{Name: "terminating", Namespace: splitDefaultNamespace, Partition: splitDefaultPartition}, GatewayKind: ServiceKindTerminatingGateway, CAFile: "api/ca.crt", CertFile: "api/client.crt", @@ -1161,8 +1161,8 @@ func TestAPI_CatalogGatewayServices_Terminating(t *testing.T) { SNI: "my-domain", }, { - Service: CompoundServiceName{Name: "redis", Namespace: defaultNamespace, Partition: defaultPartition}, - Gateway: CompoundServiceName{Name: "terminating", Namespace: defaultNamespace, Partition: defaultPartition}, + Service: CompoundServiceName{Name: "redis", Namespace: splitDefaultNamespace, Partition: splitDefaultPartition}, + Gateway: CompoundServiceName{Name: "terminating", Namespace: splitDefaultNamespace, Partition: splitDefaultPartition}, GatewayKind: ServiceKindTerminatingGateway, CAFile: "ca.crt", CertFile: "client.crt", @@ -1220,15 +1220,15 @@ func TestAPI_CatalogGatewayServices_Ingress(t *testing.T) { expect := []*GatewayService{ { - Service: CompoundServiceName{Name: "api", Namespace: defaultNamespace, Partition: defaultPartition}, - Gateway: CompoundServiceName{Name: "ingress", Namespace: defaultNamespace, Partition: defaultPartition}, + Service: CompoundServiceName{Name: "api", Namespace: splitDefaultNamespace, Partition: splitDefaultPartition}, + Gateway: CompoundServiceName{Name: "ingress", Namespace: splitDefaultNamespace, Partition: splitDefaultPartition}, GatewayKind: ServiceKindIngressGateway, Protocol: "tcp", Port: 8888, }, { - Service: CompoundServiceName{Name: "redis", Namespace: defaultNamespace, Partition: defaultPartition}, - Gateway: CompoundServiceName{Name: "ingress", Namespace: defaultNamespace, Partition: defaultPartition}, + Service: CompoundServiceName{Name: "redis", Namespace: splitDefaultNamespace, Partition: splitDefaultPartition}, + Gateway: CompoundServiceName{Name: "ingress", Namespace: splitDefaultNamespace, Partition: splitDefaultPartition}, GatewayKind: ServiceKindIngressGateway, Protocol: "tcp", Port: 9999, diff --git a/api/config_entry_discoverychain_test.go b/api/config_entry_discoverychain_test.go index b56372a26..95dc54280 100644 --- a/api/config_entry_discoverychain_test.go +++ b/api/config_entry_discoverychain_test.go @@ -139,8 +139,8 @@ func TestAPI_ConfigEntry_DiscoveryChain(t *testing.T) { entry: &ServiceResolverConfigEntry{ Kind: ServiceResolver, Name: "test-failover", - Partition: defaultPartition, - Namespace: defaultNamespace, + Partition: splitDefaultPartition, + Namespace: splitDefaultNamespace, DefaultSubset: "v1", Subsets: map[string]ServiceResolverSubset{ "v1": { @@ -156,7 +156,7 @@ func TestAPI_ConfigEntry_DiscoveryChain(t *testing.T) { }, "v1": { Service: "alternate", - Namespace: defaultNamespace, + Namespace: splitDefaultNamespace, }, }, ConnectTimeout: 5 * time.Second, @@ -172,12 +172,12 @@ func TestAPI_ConfigEntry_DiscoveryChain(t *testing.T) { entry: &ServiceResolverConfigEntry{ Kind: ServiceResolver, Name: "test-redirect", - Partition: defaultPartition, - Namespace: defaultNamespace, + Partition: splitDefaultPartition, + Namespace: splitDefaultNamespace, Redirect: &ServiceResolverRedirect{ Service: "test-failover", ServiceSubset: "v2", - Namespace: defaultNamespace, + Namespace: splitDefaultNamespace, Datacenter: "d", }, }, @@ -188,14 +188,14 @@ func TestAPI_ConfigEntry_DiscoveryChain(t *testing.T) { entry: &ServiceSplitterConfigEntry{ Kind: ServiceSplitter, Name: "test-split", - Partition: defaultPartition, - Namespace: defaultNamespace, + Partition: splitDefaultPartition, + Namespace: splitDefaultNamespace, Splits: []ServiceSplit{ { Weight: 90, Service: "test-failover", ServiceSubset: "v1", - Namespace: defaultNamespace, + Namespace: splitDefaultNamespace, RequestHeaders: &HTTPHeaderModifiers{ Set: map[string]string{ "x-foo": "bar", @@ -208,7 +208,7 @@ func TestAPI_ConfigEntry_DiscoveryChain(t *testing.T) { { Weight: 10, Service: "test-redirect", - Namespace: defaultNamespace, + Namespace: splitDefaultNamespace, }, }, Meta: map[string]string{ @@ -223,8 +223,8 @@ func TestAPI_ConfigEntry_DiscoveryChain(t *testing.T) { entry: &ServiceRouterConfigEntry{ Kind: ServiceRouter, Name: "test-route", - Partition: defaultPartition, - Namespace: defaultNamespace, + Partition: splitDefaultPartition, + Namespace: splitDefaultNamespace, Routes: []ServiceRoute{ { Match: &ServiceRouteMatch{ @@ -241,8 +241,8 @@ func TestAPI_ConfigEntry_DiscoveryChain(t *testing.T) { Destination: &ServiceRouteDestination{ Service: "test-failover", ServiceSubset: "v2", - Namespace: defaultNamespace, - Partition: defaultPartition, + Namespace: splitDefaultNamespace, + Partition: splitDefaultPartition, PrefixRewrite: "/", RequestTimeout: 5 * time.Second, NumRetries: 5, @@ -334,8 +334,8 @@ func TestAPI_ConfigEntry_ServiceResolver_LoadBalancer(t *testing.T) { entry: &ServiceResolverConfigEntry{ Kind: ServiceResolver, Name: "test-least-req", - Partition: defaultPartition, - Namespace: defaultNamespace, + Partition: splitDefaultPartition, + Namespace: splitDefaultNamespace, LoadBalancer: &LoadBalancer{ Policy: "least_request", LeastRequestConfig: &LeastRequestConfig{ChoiceCount: 10}, @@ -348,8 +348,8 @@ func TestAPI_ConfigEntry_ServiceResolver_LoadBalancer(t *testing.T) { entry: &ServiceResolverConfigEntry{ Kind: ServiceResolver, Name: "test-ring-hash", - Namespace: defaultNamespace, - Partition: defaultPartition, + Namespace: splitDefaultNamespace, + Partition: splitDefaultPartition, LoadBalancer: &LoadBalancer{ Policy: "ring_hash", RingHashConfig: &RingHashConfig{ diff --git a/api/config_entry_exports.go b/api/config_entry_exports.go index 4193358ab..e162b5fa6 100644 --- a/api/config_entry_exports.go +++ b/api/config_entry_exports.go @@ -57,7 +57,7 @@ type ServiceConsumer struct { func (e *ExportedServicesConfigEntry) GetKind() string { return ExportedServices } func (e *ExportedServicesConfigEntry) GetName() string { return e.Name } func (e *ExportedServicesConfigEntry) GetPartition() string { return e.Name } -func (e *ExportedServicesConfigEntry) GetNamespace() string { return IntentionDefaultNamespace } +func (e *ExportedServicesConfigEntry) GetNamespace() string { return splitDefaultNamespace } func (e *ExportedServicesConfigEntry) GetMeta() map[string]string { return e.Meta } func (e *ExportedServicesConfigEntry) GetCreateIndex() uint64 { return e.CreateIndex } func (e *ExportedServicesConfigEntry) GetModifyIndex() uint64 { return e.ModifyIndex } diff --git a/api/config_entry_exports_test.go b/api/config_entry_exports_test.go index 4a6f3c7a2..8d56be0ab 100644 --- a/api/config_entry_exports_test.go +++ b/api/config_entry_exports_test.go @@ -17,7 +17,7 @@ func TestAPI_ConfigEntries_ExportedServices(t *testing.T) { testutil.RunStep(t, "set and get", func(t *testing.T) { exports := &ExportedServicesConfigEntry{ Name: PartitionDefaultName, - Partition: defaultPartition, + Partition: splitDefaultPartition, Meta: map[string]string{ "gir": "zim", }, @@ -48,7 +48,7 @@ func TestAPI_ConfigEntries_ExportedServices(t *testing.T) { Services: []ExportedService{ { Name: "db", - Namespace: defaultNamespace, + Namespace: splitDefaultNamespace, Consumers: []ServiceConsumer{ { PeerName: "alpha", @@ -60,7 +60,7 @@ func TestAPI_ConfigEntries_ExportedServices(t *testing.T) { "foo": "bar", "gir": "zim", }, - Partition: defaultPartition, + Partition: splitDefaultPartition, } _, wm, err := entries.Set(updated, nil) diff --git a/api/config_entry_test.go b/api/config_entry_test.go index a7b02c3a8..f43cc7935 100644 --- a/api/config_entry_test.go +++ b/api/config_entry_test.go @@ -213,8 +213,8 @@ func TestAPI_ConfigEntries(t *testing.T) { "foo": "bar", "gir": "zim", }, - Partition: defaultPartition, - Namespace: defaultNamespace, + Partition: splitDefaultPartition, + Namespace: splitDefaultNamespace, } ce := c.ConfigEntries() diff --git a/api/coordinate_test.go b/api/coordinate_test.go index 071b1f99e..984167e17 100644 --- a/api/coordinate_test.go +++ b/api/coordinate_test.go @@ -87,7 +87,7 @@ func TestAPI_CoordinateUpdate(t *testing.T) { newCoord.Height = 0.5 entry := &CoordinateEntry{ Node: node, - Partition: defaultPartition, + Partition: splitDefaultPartition, Coord: newCoord, } _, err = coord.Update(entry, nil) diff --git a/api/health_test.go b/api/health_test.go index b69e9275f..7fc7a3f12 100644 --- a/api/health_test.go +++ b/api/health_test.go @@ -223,8 +223,8 @@ func TestAPI_HealthChecks(t *testing.T) { ServiceName: "foo", ServiceTags: []string{"bar"}, Type: "ttl", - Partition: defaultPartition, - Namespace: defaultNamespace, + Partition: splitDefaultPartition, + Namespace: splitDefaultNamespace, }, } diff --git a/api/oss.go b/api/oss.go new file mode 100644 index 000000000..93d639e69 --- /dev/null +++ b/api/oss.go @@ -0,0 +1,10 @@ +//go:build !consulent +// +build !consulent + +package api + +// The following defaults return "default" in enterprise and "" in OSS. +// This constant is useful when a default value is needed for an +// operation that will reject non-empty values in OSS. +const splitDefaultNamespace = "" +const splitDefaultPartition = "" diff --git a/api/oss_test.go b/api/oss_test.go deleted file mode 100644 index 7006385f7..000000000 --- a/api/oss_test.go +++ /dev/null @@ -1,7 +0,0 @@ -//go:build !consulent -// +build !consulent - -package api - -var defaultNamespace = "" -var defaultPartition = "" diff --git a/api/txn_test.go b/api/txn_test.go index e418062e0..cab3b4ff5 100644 --- a/api/txn_test.go +++ b/api/txn_test.go @@ -153,7 +153,7 @@ func TestAPI_ClientTxn(t *testing.T) { CreateIndex: ret.Results[0].KV.CreateIndex, ModifyIndex: ret.Results[0].KV.ModifyIndex, Namespace: ret.Results[0].KV.Namespace, - Partition: defaultPartition, + Partition: splitDefaultPartition, }, }, &TxnResult{ @@ -165,14 +165,14 @@ func TestAPI_ClientTxn(t *testing.T) { CreateIndex: ret.Results[1].KV.CreateIndex, ModifyIndex: ret.Results[1].KV.ModifyIndex, Namespace: ret.Results[0].KV.Namespace, - Partition: defaultPartition, + Partition: splitDefaultPartition, }, }, &TxnResult{ Node: &Node{ ID: nodeID, Node: "foo", - Partition: defaultPartition, + Partition: splitDefaultPartition, Address: "2.2.2.2", Datacenter: "dc1", CreateIndex: ret.Results[2].Node.CreateIndex, @@ -184,8 +184,8 @@ func TestAPI_ClientTxn(t *testing.T) { ID: "foo1", CreateIndex: ret.Results[3].Service.CreateIndex, ModifyIndex: ret.Results[3].Service.CreateIndex, - Partition: defaultPartition, - Namespace: defaultNamespace, + Partition: splitDefaultPartition, + Namespace: splitDefaultNamespace, }, }, &TxnResult{ @@ -203,8 +203,8 @@ func TestAPI_ClientTxn(t *testing.T) { DeregisterCriticalServiceAfterDuration: 20 * time.Second, }, Type: "tcp", - Partition: defaultPartition, - Namespace: defaultNamespace, + Partition: splitDefaultPartition, + Namespace: splitDefaultNamespace, CreateIndex: ret.Results[4].Check.CreateIndex, ModifyIndex: ret.Results[4].Check.CreateIndex, }, @@ -224,8 +224,8 @@ func TestAPI_ClientTxn(t *testing.T) { DeregisterCriticalServiceAfterDuration: 160 * time.Second, }, Type: "tcp", - Partition: defaultPartition, - Namespace: defaultNamespace, + Partition: splitDefaultPartition, + Namespace: splitDefaultNamespace, CreateIndex: ret.Results[4].Check.CreateIndex, ModifyIndex: ret.Results[4].Check.CreateIndex, }, @@ -266,14 +266,14 @@ func TestAPI_ClientTxn(t *testing.T) { CreateIndex: ret.Results[0].KV.CreateIndex, ModifyIndex: ret.Results[0].KV.ModifyIndex, Namespace: ret.Results[0].KV.Namespace, - Partition: defaultPartition, + Partition: splitDefaultPartition, }, }, &TxnResult{ Node: &Node{ ID: s.Config.NodeID, Node: s.Config.NodeName, - Partition: defaultPartition, + Partition: splitDefaultPartition, Address: "127.0.0.1", Datacenter: "dc1", TaggedAddresses: map[string]string{ From 6ef38eaea7d41324dc71630fbe5d306d19467bde Mon Sep 17 00:00:00 2001 From: Freddy Date: Wed, 1 Jun 2022 15:53:52 -0600 Subject: [PATCH 442/785] Configure upstream TLS context with peer root certs (#13321) For mTLS to work between two proxies in peered clusters with different root CAs, proxies need to configure their outbound listener to use different root certificates for validation. Up until peering was introduced proxies would only ever use one set of root certificates to validate all mesh traffic, both inbound and outbound. Now an upstream proxy may have a leaf certificate signed by a CA that's different from the dialing proxy's. This PR makes changes to proxycfg and xds so that the upstream TLS validation uses different root certificates depending on which cluster is being dialed. --- agent/agent.go | 5 +- .../mock_TrustBundleReader_test.go | 60 ++++++++++ agent/cache-types/trust_bundle.go | 51 +++++++++ agent/cache-types/trust_bundle_test.go | 104 ++++++++++++++++++ agent/connect/ca/common.go | 13 --- agent/connect/ca/provider_aws.go | 13 ++- agent/connect/ca/provider_vault.go | 15 +-- agent/consul/leader_connect_ca.go | 3 +- agent/consul/leader_connect_ca_test.go | 9 +- agent/consul/server_connect.go | 4 +- agent/proxycfg-glue/glue.go | 5 + agent/proxycfg/connect_proxy.go | 28 +++++ agent/proxycfg/data_sources.go | 25 +++++ agent/proxycfg/manager_test.go | 13 ++- agent/proxycfg/snapshot.go | 21 ++++ agent/proxycfg/state.go | 1 + agent/proxycfg/state_test.go | 27 ++++- agent/proxycfg/testing.go | 56 +++++++++- agent/proxycfg/testing_peering.go | 9 +- agent/xds/clusters.go | 24 ++-- agent/xds/endpoints.go | 6 + agent/xds/listeners.go | 29 ++--- agent/xds/listeners_ingress.go | 2 +- ...-proxy-with-peered-upstreams.latest.golden | 6 +- lib/strings.go | 18 +++ proto/pbpeering/peering.go | 47 ++++++++ 26 files changed, 521 insertions(+), 73 deletions(-) create mode 100644 agent/cache-types/mock_TrustBundleReader_test.go create mode 100644 agent/cache-types/trust_bundle.go create mode 100644 agent/cache-types/trust_bundle_test.go create mode 100644 lib/strings.go diff --git a/agent/agent.go b/agent/agent.go index 6b0911ba5..cb6ba1a94 100644 --- a/agent/agent.go +++ b/agent/agent.go @@ -645,6 +645,7 @@ func (a *Agent) Start(ctx context.Context) error { PreparedQuery: proxycfgglue.CachePrepraredQuery(a.cache), ResolvedServiceConfig: proxycfgglue.CacheResolvedServiceConfig(a.cache), ServiceList: proxycfgglue.CacheServiceList(a.cache), + TrustBundle: proxycfgglue.CacheTrustBundle(a.cache), } a.fillEnterpriseProxyDataSources(&proxyDataSources) a.proxyConfig, err = proxycfg.NewManager(proxycfg.ManagerConfig{ @@ -3819,7 +3820,7 @@ func (a *Agent) reloadConfig(autoReload bool) error { // breaking some existing behavior. newCfg.NodeID = a.config.NodeID - //if auto reload is enabled, make sure we have the right certs file watched. + // if auto reload is enabled, make sure we have the right certs file watched. if autoReload { for _, f := range []struct { oldCfg tlsutil.ProtocolConfig @@ -4097,6 +4098,8 @@ func (a *Agent) registerCache() { a.cache.RegisterType(cachetype.ServiceHTTPChecksName, &cachetype.ServiceHTTPChecks{Agent: a}) + a.cache.RegisterType(cachetype.TrustBundleReadName, &cachetype.TrustBundle{Client: a.rpcClientPeering}) + a.cache.RegisterType(cachetype.FederationStateListMeshGatewaysName, &cachetype.FederationStateListMeshGateways{RPC: a}) diff --git a/agent/cache-types/mock_TrustBundleReader_test.go b/agent/cache-types/mock_TrustBundleReader_test.go new file mode 100644 index 000000000..7ea636b3d --- /dev/null +++ b/agent/cache-types/mock_TrustBundleReader_test.go @@ -0,0 +1,60 @@ +// Code generated by mockery v2.12.2. DO NOT EDIT. + +package cachetype + +import ( + context "context" + + grpc "google.golang.org/grpc" + + mock "github.com/stretchr/testify/mock" + + pbpeering "github.com/hashicorp/consul/proto/pbpeering" + + testing "testing" +) + +// MockTrustBundleReader is an autogenerated mock type for the TrustBundleReader type +type MockTrustBundleReader struct { + mock.Mock +} + +// TrustBundleRead provides a mock function with given fields: ctx, in, opts +func (_m *MockTrustBundleReader) TrustBundleRead(ctx context.Context, in *pbpeering.TrustBundleReadRequest, opts ...grpc.CallOption) (*pbpeering.TrustBundleReadResponse, error) { + _va := make([]interface{}, len(opts)) + for _i := range opts { + _va[_i] = opts[_i] + } + var _ca []interface{} + _ca = append(_ca, ctx, in) + _ca = append(_ca, _va...) + ret := _m.Called(_ca...) + + var r0 *pbpeering.TrustBundleReadResponse + if rf, ok := ret.Get(0).(func(context.Context, *pbpeering.TrustBundleReadRequest, ...grpc.CallOption) *pbpeering.TrustBundleReadResponse); ok { + r0 = rf(ctx, in, opts...) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*pbpeering.TrustBundleReadResponse) + } + } + + var r1 error + if rf, ok := ret.Get(1).(func(context.Context, *pbpeering.TrustBundleReadRequest, ...grpc.CallOption) error); ok { + r1 = rf(ctx, in, opts...) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// NewMockTrustBundleReader creates a new instance of MockTrustBundleReader. It also registers the testing.TB interface on the mock and a cleanup function to assert the mocks expectations. +func NewMockTrustBundleReader(t testing.TB) *MockTrustBundleReader { + mock := &MockTrustBundleReader{} + mock.Mock.Test(t) + + t.Cleanup(func() { mock.AssertExpectations(t) }) + + return mock +} diff --git a/agent/cache-types/trust_bundle.go b/agent/cache-types/trust_bundle.go new file mode 100644 index 000000000..6539a1ae8 --- /dev/null +++ b/agent/cache-types/trust_bundle.go @@ -0,0 +1,51 @@ +package cachetype + +import ( + "context" + "fmt" + + "github.com/hashicorp/consul/agent/cache" + "github.com/hashicorp/consul/proto/pbpeering" + "google.golang.org/grpc" +) + +// Recommended name for registration. +const TrustBundleReadName = "peer-trust-bundle" + +// TrustBundle supports fetching discovering service instances via prepared +// queries. +type TrustBundle struct { + RegisterOptionsNoRefresh + Client TrustBundleReader +} + +//go:generate mockery --name TrustBundleReader --inpackage --testonly +type TrustBundleReader interface { + TrustBundleRead( + ctx context.Context, in *pbpeering.TrustBundleReadRequest, opts ...grpc.CallOption, + ) (*pbpeering.TrustBundleReadResponse, error) +} + +func (t *TrustBundle) Fetch(_ cache.FetchOptions, req cache.Request) (cache.FetchResult, error) { + var result cache.FetchResult + + // The request should be a TrustBundleReadRequest. + // We do not need to make a copy of this request type like in other cache types + // because the RequestInfo is synthetic. + reqReal, ok := req.(*pbpeering.TrustBundleReadRequest) + if !ok { + return result, fmt.Errorf( + "Internal cache failure: request wrong type: %T", req) + } + + // Fetch + reply, err := t.Client.TrustBundleRead(context.Background(), reqReal) + if err != nil { + return result, err + } + + result.Value = reply + result.Index = reply.Index + + return result, nil +} diff --git a/agent/cache-types/trust_bundle_test.go b/agent/cache-types/trust_bundle_test.go new file mode 100644 index 000000000..8e18e69fe --- /dev/null +++ b/agent/cache-types/trust_bundle_test.go @@ -0,0 +1,104 @@ +package cachetype + +import ( + "context" + "testing" + "time" + + "github.com/hashicorp/consul/agent/cache" + "github.com/hashicorp/consul/proto/pbpeering" + "github.com/stretchr/testify/mock" + "github.com/stretchr/testify/require" +) + +func TestTrustBundles(t *testing.T) { + client := NewMockTrustBundleReader(t) + typ := &TrustBundle{Client: client} + + resp := &pbpeering.TrustBundleReadResponse{ + Index: 48, + Bundle: &pbpeering.PeeringTrustBundle{ + PeerName: "peer1", + RootPEMs: []string{"peer1-roots"}, + }, + } + + // Expect the proper call. + // This also returns the canned response above. + client.On("TrustBundleRead", mock.Anything, mock.Anything). + Run(func(args mock.Arguments) { + req := args.Get(1).(*pbpeering.TrustBundleReadRequest) + require.Equal(t, "foo", req.Name) + }). + Return(resp, nil) + + // Fetch and assert against the result. + result, err := typ.Fetch(cache.FetchOptions{}, &pbpeering.TrustBundleReadRequest{ + Name: "foo", + }) + require.NoError(t, err) + require.Equal(t, cache.FetchResult{ + Value: resp, + Index: 48, + }, result) +} + +func TestTrustBundles_badReqType(t *testing.T) { + client := pbpeering.NewPeeringServiceClient(nil) + typ := &TrustBundle{Client: client} + + // Fetch + _, err := typ.Fetch(cache.FetchOptions{}, cache.TestRequest( + t, cache.RequestInfo{Key: "foo", MinIndex: 64})) + require.Error(t, err) + require.Contains(t, err.Error(), "wrong type") +} + +// This test asserts that we can continuously poll this cache type, given that it doesn't support blocking. +func TestTrustBundles_MultipleUpdates(t *testing.T) { + c := cache.New(cache.Options{}) + + client := NewMockTrustBundleReader(t) + + // On each mock client call to TrustBundleList by service we will increment the index by 1 + // to simulate new data arriving. + resp := &pbpeering.TrustBundleReadResponse{ + Index: uint64(0), + } + + client.On("TrustBundleRead", mock.Anything, mock.Anything). + Run(func(args mock.Arguments) { + req := args.Get(1).(*pbpeering.TrustBundleReadRequest) + require.Equal(t, "foo", req.Name) + + // Increment on each call. + resp.Index++ + }). + Return(resp, nil) + + c.RegisterType(TrustBundleReadName, &TrustBundle{Client: client}) + + ch := make(chan cache.UpdateEvent) + ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) + t.Cleanup(cancel) + + err := c.Notify(ctx, TrustBundleReadName, &pbpeering.TrustBundleReadRequest{Name: "foo"}, "updates", ch) + require.NoError(t, err) + + i := uint64(1) + for { + select { + case <-ctx.Done(): + return + case update := <-ch: + // Expect to receive updates for increasing indexes serially. + resp := update.Result.(*pbpeering.TrustBundleReadResponse) + require.Equal(t, i, resp.Index) + i++ + + if i > 3 { + return + } + } + } +} diff --git a/agent/connect/ca/common.go b/agent/connect/ca/common.go index cef412bd3..848a4fa7b 100644 --- a/agent/connect/ca/common.go +++ b/agent/connect/ca/common.go @@ -4,7 +4,6 @@ import ( "bytes" "crypto/x509" "fmt" - "strings" "github.com/hashicorp/consul/agent/connect" ) @@ -92,15 +91,3 @@ func validateSignIntermediate(csr *x509.CertificateRequest, spiffeID *connect.Sp } return nil } - -// EnsureTrailingNewline this is used to fix a case where the provider do not return a new line after -// the certificate as per the specification see GH-8178 for more context -func EnsureTrailingNewline(cert string) string { - if cert == "" { - return cert - } - if strings.HasSuffix(cert, "\n") { - return cert - } - return fmt.Sprintf("%s\n", cert) -} diff --git a/agent/connect/ca/provider_aws.go b/agent/connect/ca/provider_aws.go index 25786ab40..cef0c7ddb 100644 --- a/agent/connect/ca/provider_aws.go +++ b/agent/connect/ca/provider_aws.go @@ -18,6 +18,7 @@ import ( "github.com/hashicorp/consul/agent/connect" "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/lib" ) const ( @@ -363,15 +364,15 @@ func (a *AWSProvider) loadCACerts() error { if a.isPrimary { // Just use the cert as a root - a.rootPEM = EnsureTrailingNewline(*output.Certificate) + a.rootPEM = lib.EnsureTrailingNewline(*output.Certificate) } else { - a.intermediatePEM = EnsureTrailingNewline(*output.Certificate) + a.intermediatePEM = lib.EnsureTrailingNewline(*output.Certificate) // TODO(banks) support user-supplied CA being a Subordinate even in the // primary DC. For now this assumes there is only one cert in the chain if output.CertificateChain == nil { return fmt.Errorf("Subordinate CA %s returned no chain", a.arn) } - a.rootPEM = EnsureTrailingNewline(*output.CertificateChain) + a.rootPEM = lib.EnsureTrailingNewline(*output.CertificateChain) } return nil } @@ -489,7 +490,7 @@ func (a *AWSProvider) signCSR(csrPEM string, templateARN string, ttl time.Durati } if certOutput.Certificate != nil { - return true, EnsureTrailingNewline(*certOutput.Certificate), nil + return true, lib.EnsureTrailingNewline(*certOutput.Certificate), nil } return false, "", nil @@ -532,8 +533,8 @@ func (a *AWSProvider) SetIntermediate(intermediatePEM string, rootPEM string) er } // We successfully initialized, keep track of the root and intermediate certs. - a.rootPEM = EnsureTrailingNewline(rootPEM) - a.intermediatePEM = EnsureTrailingNewline(intermediatePEM) + a.rootPEM = lib.EnsureTrailingNewline(rootPEM) + a.intermediatePEM = lib.EnsureTrailingNewline(intermediatePEM) return nil } diff --git a/agent/connect/ca/provider_vault.go b/agent/connect/ca/provider_vault.go index 5c0c76608..270d53a01 100644 --- a/agent/connect/ca/provider_vault.go +++ b/agent/connect/ca/provider_vault.go @@ -13,14 +13,15 @@ import ( "sync" "time" - "github.com/hashicorp/consul/lib/decode" - "github.com/hashicorp/consul/lib/retry" "github.com/hashicorp/go-hclog" vaultapi "github.com/hashicorp/vault/api" "github.com/mitchellh/mapstructure" "github.com/hashicorp/consul/agent/connect" "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/lib" + "github.com/hashicorp/consul/lib/decode" + "github.com/hashicorp/consul/lib/retry" ) const ( @@ -506,7 +507,7 @@ func (v *VaultProvider) getCA(namespace, path string) (string, error) { return "", err } - root := EnsureTrailingNewline(string(bytes)) + root := lib.EnsureTrailingNewline(string(bytes)) if root == "" { return "", ErrBackendNotInitialized } @@ -535,7 +536,7 @@ func (v *VaultProvider) getCAChain(namespace, path string) (string, error) { return "", err } - root := EnsureTrailingNewline(string(raw)) + root := lib.EnsureTrailingNewline(string(raw)) return root, nil } @@ -600,7 +601,7 @@ func (v *VaultProvider) Sign(csr *x509.CertificateRequest) (string, error) { if !ok { return "", fmt.Errorf("certificate was not a string") } - return EnsureTrailingNewline(cert), nil + return lib.EnsureTrailingNewline(cert), nil } // SignIntermediate returns a signed CA certificate with a path length constraint @@ -637,7 +638,7 @@ func (v *VaultProvider) SignIntermediate(csr *x509.CertificateRequest) (string, return "", fmt.Errorf("signed intermediate result is not a string") } - return EnsureTrailingNewline(intermediate), nil + return lib.EnsureTrailingNewline(intermediate), nil } // CrossSignCA takes a CA certificate and cross-signs it to form a trust chain @@ -677,7 +678,7 @@ func (v *VaultProvider) CrossSignCA(cert *x509.Certificate) (string, error) { return "", fmt.Errorf("certificate was not a string") } - return EnsureTrailingNewline(xcCert), nil + return lib.EnsureTrailingNewline(xcCert), nil } // SupportsCrossSigning implements Provider diff --git a/agent/consul/leader_connect_ca.go b/agent/consul/leader_connect_ca.go index 2239bc6fd..53b185678 100644 --- a/agent/consul/leader_connect_ca.go +++ b/agent/consul/leader_connect_ca.go @@ -22,6 +22,7 @@ import ( "github.com/hashicorp/consul/agent/connect/ca" "github.com/hashicorp/consul/agent/consul/state" "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/lib" "github.com/hashicorp/consul/lib/routine" ) @@ -1522,7 +1523,7 @@ func (c *CAManager) SignCertificate(csr *x509.CertificateRequest, spiffeID conne // Append any intermediates needed by this root. for _, p := range caRoot.IntermediateCerts { - pem = pem + ca.EnsureTrailingNewline(p) + pem = pem + lib.EnsureTrailingNewline(p) } modIdx, err := c.delegate.ApplyCALeafRequest() diff --git a/agent/consul/leader_connect_ca_test.go b/agent/consul/leader_connect_ca_test.go index e30ded8ed..37756eb20 100644 --- a/agent/consul/leader_connect_ca_test.go +++ b/agent/consul/leader_connect_ca_test.go @@ -30,6 +30,7 @@ import ( "github.com/hashicorp/consul/agent/consul/state" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/agent/token" + "github.com/hashicorp/consul/lib" "github.com/hashicorp/consul/sdk/testutil" "github.com/hashicorp/consul/sdk/testutil/retry" "github.com/hashicorp/consul/testrpc" @@ -1001,7 +1002,7 @@ func generateExternalRootCA(t *testing.T, client *vaultapi.Client) string { "ttl": "2400h", }) require.NoError(t, err, "failed to generate root") - return ca.EnsureTrailingNewline(resp.Data["certificate"].(string)) + return lib.EnsureTrailingNewline(resp.Data["certificate"].(string)) } func setupPrimaryCA(t *testing.T, client *vaultapi.Client, path string, rootPEM string) string { @@ -1033,12 +1034,12 @@ func setupPrimaryCA(t *testing.T, client *vaultapi.Client, path string, rootPEM require.NoError(t, err, "failed to sign intermediate") var buf strings.Builder - buf.WriteString(ca.EnsureTrailingNewline(intermediate.Data["certificate"].(string))) - buf.WriteString(ca.EnsureTrailingNewline(rootPEM)) + buf.WriteString(lib.EnsureTrailingNewline(intermediate.Data["certificate"].(string))) + buf.WriteString(lib.EnsureTrailingNewline(rootPEM)) _, err = client.Logical().Write(path+"/intermediate/set-signed", map[string]interface{}{ "certificate": buf.String(), }) require.NoError(t, err, "failed to set signed intermediate") - return ca.EnsureTrailingNewline(buf.String()) + return lib.EnsureTrailingNewline(buf.String()) } diff --git a/agent/consul/server_connect.go b/agent/consul/server_connect.go index 5010eda7f..9193604d6 100644 --- a/agent/consul/server_connect.go +++ b/agent/consul/server_connect.go @@ -6,9 +6,9 @@ import ( "github.com/hashicorp/go-memdb" "github.com/hashicorp/consul/agent/connect" - "github.com/hashicorp/consul/agent/connect/ca" "github.com/hashicorp/consul/agent/consul/state" "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/lib" ) func (s *Server) getCARoots(ws memdb.WatchSet, state *state.Store) (*structs.IndexedCARoots, error) { @@ -59,7 +59,7 @@ func (s *Server) getCARoots(ws memdb.WatchSet, state *state.Store) (*structs.Ind ExternalTrustDomain: r.ExternalTrustDomain, NotBefore: r.NotBefore, NotAfter: r.NotAfter, - RootCert: ca.EnsureTrailingNewline(r.RootCert), + RootCert: lib.EnsureTrailingNewline(r.RootCert), IntermediateCerts: intermediates, RaftIndex: r.RaftIndex, Active: r.Active, diff --git a/agent/proxycfg-glue/glue.go b/agent/proxycfg-glue/glue.go index 7dd7a8846..b18c6487f 100644 --- a/agent/proxycfg-glue/glue.go +++ b/agent/proxycfg-glue/glue.go @@ -8,6 +8,7 @@ import ( "github.com/hashicorp/consul/agent/proxycfg" "github.com/hashicorp/consul/agent/rpcclient/health" "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/proto/pbpeering" ) // CacheCARoots satisfies the proxycfg.CARoots interface by sourcing data from @@ -100,6 +101,10 @@ func CacheServiceList(c *cache.Cache) proxycfg.ServiceList { return &cacheProxyDataSource[*structs.DCSpecificRequest]{c, cachetype.CatalogServiceListName} } +func CacheTrustBundle(c *cache.Cache) proxycfg.TrustBundle { + return &cacheProxyDataSource[*pbpeering.TrustBundleReadRequest]{c, cachetype.TrustBundleReadName} +} + // cacheProxyDataSource implements a generic wrapper around the agent cache to // provide data to the proxycfg.Manager. type cacheProxyDataSource[ReqType cache.Request] struct { diff --git a/agent/proxycfg/connect_proxy.go b/agent/proxycfg/connect_proxy.go index 8138a0ac0..923b15b73 100644 --- a/agent/proxycfg/connect_proxy.go +++ b/agent/proxycfg/connect_proxy.go @@ -9,6 +9,7 @@ import ( "github.com/hashicorp/consul/agent/configentry" "github.com/hashicorp/consul/agent/consul/discoverychain" "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/proto/pbpeering" ) type handlerConnectProxy struct { @@ -23,6 +24,8 @@ func (s *handlerConnectProxy) initialize(ctx context.Context) (ConfigSnapshot, e snap.ConnectProxy.WatchedDiscoveryChains = make(map[UpstreamID]context.CancelFunc) snap.ConnectProxy.WatchedUpstreams = make(map[UpstreamID]map[string]context.CancelFunc) snap.ConnectProxy.WatchedUpstreamEndpoints = make(map[UpstreamID]map[string]structs.CheckServiceNodes) + snap.ConnectProxy.WatchedPeerTrustBundles = make(map[string]context.CancelFunc) + snap.ConnectProxy.PeerTrustBundles = make(map[string]*pbpeering.PeeringTrustBundle) snap.ConnectProxy.WatchedGateways = make(map[UpstreamID]map[string]context.CancelFunc) snap.ConnectProxy.WatchedGatewayEndpoints = make(map[UpstreamID]map[string]structs.CheckServiceNodes) snap.ConnectProxy.WatchedServiceChecks = make(map[structs.ServiceID][]structs.CheckType) @@ -193,6 +196,20 @@ func (s *handlerConnectProxy) initialize(ctx context.Context) (ConfigSnapshot, e if err := (*handlerUpstreams)(s).resetWatchesFromChain(ctx, uid, chain, &snap.ConnectProxy.ConfigSnapshotUpstreams); err != nil { return snap, fmt.Errorf("error while resetting watches from chain: %w", err) } + + // Check whether a watch for this peer exists to avoid duplicates. + if _, ok := snap.ConnectProxy.WatchedPeerTrustBundles[uid.Peer]; !ok { + peerCtx, cancel := context.WithCancel(ctx) + if err := s.dataSources.TrustBundle.Notify(peerCtx, &pbpeering.TrustBundleReadRequest{ + Name: uid.Peer, + Partition: uid.PartitionOrDefault(), + }, peerTrustBundleIDPrefix+uid.Peer, s.ch); err != nil { + cancel() + return snap, fmt.Errorf("error while watching trust bundle for peer %q: %w", uid.Peer, err) + } + + snap.ConnectProxy.WatchedPeerTrustBundles[uid.Peer] = cancel + } continue } @@ -231,6 +248,17 @@ func (s *handlerConnectProxy) handleUpdate(ctx context.Context, u UpdateEvent, s return fmt.Errorf("invalid type for response: %T", u.Result) } snap.Roots = roots + + case strings.HasPrefix(u.CorrelationID, peerTrustBundleIDPrefix): + resp, ok := u.Result.(*pbpeering.TrustBundleReadResponse) + if !ok { + return fmt.Errorf("invalid type for response: %T", u.Result) + } + peer := strings.TrimPrefix(u.CorrelationID, peerTrustBundleIDPrefix) + if resp.Bundle != nil { + snap.ConnectProxy.PeerTrustBundles[peer] = resp.Bundle + } + case u.CorrelationID == intentionsWatchID: resp, ok := u.Result.(*structs.IndexedIntentionMatches) if !ok { diff --git a/agent/proxycfg/data_sources.go b/agent/proxycfg/data_sources.go index 694c3cbf1..1f48c15d8 100644 --- a/agent/proxycfg/data_sources.go +++ b/agent/proxycfg/data_sources.go @@ -5,6 +5,7 @@ import ( cachetype "github.com/hashicorp/consul/agent/cache-types" "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/proto/pbpeering" ) // UpdateEvent contains new data for a resource we are subscribed to (e.g. an @@ -21,48 +22,66 @@ type DataSources struct { // CARoots provides updates about the CA root certificates on a notification // channel. CARoots CARoots + // CompiledDiscoveryChain provides updates about a service's discovery chain // on a notification channel. CompiledDiscoveryChain CompiledDiscoveryChain + // ConfigEntry provides updates about a single config entry on a notification // channel. ConfigEntry ConfigEntry + // ConfigEntryList provides updates about a list of config entries on a // notification channel. ConfigEntryList ConfigEntryList + // Datacenters provides updates about federated datacenters on a notification // channel. Datacenters Datacenters + // FederationStateListMeshGateways is the interface used to consume updates // about mesh gateways from the federation state. FederationStateListMeshGateways FederationStateListMeshGateways + // GatewayServices provides updates about a gateway's upstream services on a // notification channel. GatewayServices GatewayServices + // Health provides service health updates on a notification channel. Health Health + // HTTPChecks provides updates about a service's HTTP and gRPC checks on a // notification channel. HTTPChecks HTTPChecks + // Intentions provides intention updates on a notification channel. Intentions Intentions + // IntentionUpstreams provides intention-inferred upstream updates on a // notification channel. IntentionUpstreams IntentionUpstreams + // InternalServiceDump provides updates about a (gateway) service on a // notification channel. InternalServiceDump InternalServiceDump + // LeafCertificate provides updates about the service's leaf certificate on a // notification channel. LeafCertificate LeafCertificate + // PreparedQuery provides updates about the results of a prepared query. PreparedQuery PreparedQuery + // ResolvedServiceConfig provides updates about a service's resolved config. ResolvedServiceConfig ResolvedServiceConfig + // ServiceList provides updates about the list of all services in a datacenter // on a notification channel. ServiceList ServiceList + // TrustBundle provides updates about the trust bundle for a single peer. + TrustBundle TrustBundle + DataSourcesEnterprise } @@ -160,3 +179,9 @@ type ResolvedServiceConfig interface { type ServiceList interface { Notify(ctx context.Context, req *structs.DCSpecificRequest, correlationID string, ch chan<- UpdateEvent) error } + +// TrustBundle is the interface used to consume updates about a single +// peer's trust bundle. +type TrustBundle interface { + Notify(ctx context.Context, req *pbpeering.TrustBundleReadRequest, correlationID string, ch chan<- UpdateEvent) error +} diff --git a/agent/proxycfg/manager_test.go b/agent/proxycfg/manager_test.go index 402b48bc8..5d511c59b 100644 --- a/agent/proxycfg/manager_test.go +++ b/agent/proxycfg/manager_test.go @@ -5,6 +5,7 @@ import ( "testing" "time" + "github.com/hashicorp/consul/proto/pbpeering" "github.com/mitchellh/copystructure" "github.com/stretchr/testify/require" @@ -238,8 +239,10 @@ func TestManager_BasicLifecycle(t *testing.T) { NewUpstreamID(&upstreams[1]): &upstreams[1], NewUpstreamID(&upstreams[2]): &upstreams[2], }, - PassthroughUpstreams: map[UpstreamID]map[string]map[string]struct{}{}, - PassthroughIndices: map[string]indexedTarget{}, + PassthroughUpstreams: map[UpstreamID]map[string]map[string]struct{}{}, + PassthroughIndices: map[string]indexedTarget{}, + WatchedPeerTrustBundles: map[string]context.CancelFunc{}, + PeerTrustBundles: map[string]*pbpeering.PeeringTrustBundle{}, }, PreparedQueryEndpoints: map[UpstreamID]structs.CheckServiceNodes{}, WatchedServiceChecks: map[structs.ServiceID][]structs.CheckType{}, @@ -298,8 +301,10 @@ func TestManager_BasicLifecycle(t *testing.T) { NewUpstreamID(&upstreams[1]): &upstreams[1], NewUpstreamID(&upstreams[2]): &upstreams[2], }, - PassthroughUpstreams: map[UpstreamID]map[string]map[string]struct{}{}, - PassthroughIndices: map[string]indexedTarget{}, + PassthroughUpstreams: map[UpstreamID]map[string]map[string]struct{}{}, + PassthroughIndices: map[string]indexedTarget{}, + WatchedPeerTrustBundles: map[string]context.CancelFunc{}, + PeerTrustBundles: map[string]*pbpeering.PeeringTrustBundle{}, }, PreparedQueryEndpoints: map[UpstreamID]structs.CheckServiceNodes{}, WatchedServiceChecks: map[structs.ServiceID][]structs.CheckType{}, diff --git a/agent/proxycfg/snapshot.go b/agent/proxycfg/snapshot.go index 34e0bf6d3..cd8afd2ce 100644 --- a/agent/proxycfg/snapshot.go +++ b/agent/proxycfg/snapshot.go @@ -6,6 +6,8 @@ import ( "sort" "strings" + "github.com/hashicorp/consul/lib" + "github.com/hashicorp/consul/proto/pbpeering" "github.com/mitchellh/copystructure" "github.com/hashicorp/consul/acl" @@ -42,6 +44,14 @@ type ConfigSnapshotUpstreams struct { // endpoints of an upstream. WatchedUpstreamEndpoints map[UpstreamID]map[string]structs.CheckServiceNodes + // WatchedPeerTrustBundles is a map of (PeerName -> CancelFunc) in order to cancel + // watches for peer trust bundles any time the list of upstream peers changes. + WatchedPeerTrustBundles map[string]context.CancelFunc + + // PeerTrustBundles is a map of (PeerName -> PeeringTrustBundle). + // It is used to store trust bundles for upstream TLS transport sockets. + PeerTrustBundles map[string]*pbpeering.PeeringTrustBundle + // WatchedGateways is a map of UpstreamID -> (map of GatewayKey.String() -> // CancelFunc) in order to cancel watches for mesh gateways WatchedGateways map[UpstreamID]map[string]context.CancelFunc @@ -133,6 +143,8 @@ func (c *configSnapshotConnectProxy) isEmpty() bool { len(c.WatchedDiscoveryChains) == 0 && len(c.WatchedUpstreams) == 0 && len(c.WatchedUpstreamEndpoints) == 0 && + len(c.WatchedPeerTrustBundles) == 0 && + len(c.PeerTrustBundles) == 0 && len(c.WatchedGateways) == 0 && len(c.WatchedGatewayEndpoints) == 0 && len(c.WatchedServiceChecks) == 0 && @@ -532,6 +544,15 @@ func (s *ConfigSnapshot) Leaf() *structs.IssuedCert { } } +// RootPEMs returns all PEM-encoded public certificates for the root CA. +func (s *ConfigSnapshot) RootPEMs() string { + var rootPEMs string + for _, root := range s.Roots.Roots { + rootPEMs += lib.EnsureTrailingNewline(root.RootCert) + } + return rootPEMs +} + func (s *ConfigSnapshot) MeshConfig() *structs.MeshConfigEntry { switch s.Kind { case structs.ServiceKindConnectProxy: diff --git a/agent/proxycfg/state.go b/agent/proxycfg/state.go index 4ac17ebd7..de0eec236 100644 --- a/agent/proxycfg/state.go +++ b/agent/proxycfg/state.go @@ -20,6 +20,7 @@ const ( coalesceTimeout = 200 * time.Millisecond rootsWatchID = "roots" leafWatchID = "leaf" + peerTrustBundleIDPrefix = "peer-trust-bundle:" intentionsWatchID = "intentions" serviceListWatchID = "service-list" federationStateListGatewaysWatchID = "federation-state-list-mesh-gateways" diff --git a/agent/proxycfg/state_test.go b/agent/proxycfg/state_test.go index a2fa5914f..7ca93da66 100644 --- a/agent/proxycfg/state_test.go +++ b/agent/proxycfg/state_test.go @@ -7,6 +7,7 @@ import ( "testing" "time" + "github.com/hashicorp/consul/proto/pbpeering" "github.com/hashicorp/go-hclog" "github.com/stretchr/testify/require" @@ -132,6 +133,7 @@ func recordWatches(sc *stateConfig) *watchRecorder { PreparedQuery: typedWatchRecorder[*structs.PreparedQueryExecuteRequest]{wr}, ResolvedServiceConfig: typedWatchRecorder[*structs.ServiceConfigRequest]{wr}, ServiceList: typedWatchRecorder[*structs.DCSpecificRequest]{wr}, + TrustBundle: typedWatchRecorder[*pbpeering.TrustBundleReadRequest]{wr}, } recordWatchesEnterprise(sc, wr) @@ -193,6 +195,14 @@ func verifyDatacentersWatch(t testing.TB, request any) { require.True(t, ok) } +func genVerifyTrustBundleReadWatch(peer string) verifyWatchRequest { + return func(t testing.TB, request any) { + reqReal, ok := request.(*pbpeering.TrustBundleReadRequest) + require.True(t, ok) + require.Equal(t, peer, reqReal.Name) + } +} + func genVerifyLeafWatchWithDNSSANs(expectedService string, expectedDatacenter string, expectedDNSSANs []string) verifyWatchRequest { return func(t testing.TB, request any) { reqReal, ok := request.(*cachetype.ConnectCALeafRequest) @@ -359,6 +369,7 @@ func TestState_WatchesAndUpdates(t *testing.T) { t.Parallel() indexedRoots, issuedCert := TestCerts(t) + peerTrustBundles := TestPeerTrustBundles(t) // Used to account for differences in OSS/ent implementations of ServiceID.String() var ( @@ -2479,8 +2490,9 @@ func TestState_WatchesAndUpdates(t *testing.T) { EvaluateInPartition: "default", Datacenter: "dc1", }), - rootsWatchID: genVerifyDCSpecificWatch("dc1"), - leafWatchID: genVerifyLeafWatch("web", "dc1"), + rootsWatchID: genVerifyDCSpecificWatch("dc1"), + leafWatchID: genVerifyLeafWatch("web", "dc1"), + peerTrustBundleIDPrefix + "peer-a": genVerifyTrustBundleReadWatch("peer-a"), // No Peering watch }, verifySnapshot: func(t testing.TB, snap *ConfigSnapshot) { @@ -2497,6 +2509,8 @@ func TestState_WatchesAndUpdates(t *testing.T) { require.Len(t, snap.ConnectProxy.WatchedUpstreamEndpoints, 1, "%+v", snap.ConnectProxy.WatchedUpstreamEndpoints) require.Len(t, snap.ConnectProxy.WatchedGateways, 1, "%+v", snap.ConnectProxy.WatchedGateways) require.Len(t, snap.ConnectProxy.WatchedGatewayEndpoints, 1, "%+v", snap.ConnectProxy.WatchedGatewayEndpoints) + require.Contains(t, snap.ConnectProxy.WatchedPeerTrustBundles, "peer-a", "%+v", snap.ConnectProxy.WatchedPeerTrustBundles) + require.Len(t, snap.ConnectProxy.PeerTrustBundles, 0, "%+v", snap.ConnectProxy.PeerTrustBundles) require.Len(t, snap.ConnectProxy.WatchedServiceChecks, 0, "%+v", snap.ConnectProxy.WatchedServiceChecks) require.Len(t, snap.ConnectProxy.PreparedQueryEndpoints, 0, "%+v", snap.ConnectProxy.PreparedQueryEndpoints) @@ -2527,6 +2541,12 @@ func TestState_WatchesAndUpdates(t *testing.T) { }, Err: nil, }, + { + CorrelationID: peerTrustBundleIDPrefix + "peer-a", + Result: &pbpeering.TrustBundleReadResponse{ + Bundle: peerTrustBundles.Bundles[0], + }, + }, }, verifySnapshot: func(t testing.TB, snap *ConfigSnapshot) { require.True(t, snap.Valid()) @@ -2540,6 +2560,9 @@ func TestState_WatchesAndUpdates(t *testing.T) { require.Len(t, snap.ConnectProxy.WatchedGateways, 2, "%+v", snap.ConnectProxy.WatchedGateways) require.Len(t, snap.ConnectProxy.WatchedGatewayEndpoints, 2, "%+v", snap.ConnectProxy.WatchedGatewayEndpoints) + require.Contains(t, snap.ConnectProxy.WatchedPeerTrustBundles, "peer-a", "%+v", snap.ConnectProxy.WatchedPeerTrustBundles) + require.Equal(t, peerTrustBundles.Bundles[0], snap.ConnectProxy.PeerTrustBundles["peer-a"], "%+v", snap.ConnectProxy.WatchedPeerTrustBundles) + require.Len(t, snap.ConnectProxy.WatchedServiceChecks, 0, "%+v", snap.ConnectProxy.WatchedServiceChecks) require.Len(t, snap.ConnectProxy.PreparedQueryEndpoints, 0, "%+v", snap.ConnectProxy.PreparedQueryEndpoints) }, diff --git a/agent/proxycfg/testing.go b/agent/proxycfg/testing.go index 1edbfd0a3..8f12ec8f3 100644 --- a/agent/proxycfg/testing.go +++ b/agent/proxycfg/testing.go @@ -20,8 +20,58 @@ import ( "github.com/hashicorp/consul/agent/connect" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" + "github.com/hashicorp/consul/proto/pbpeering" ) +func TestPeerTrustBundles(t testing.T) *pbpeering.TrustBundleListByServiceResponse { + t.Helper() + + return &pbpeering.TrustBundleListByServiceResponse{ + Bundles: []*pbpeering.PeeringTrustBundle{ + { + PeerName: "peer-a", + TrustDomain: "1c053652-8512-4373-90cf-5a7f6263a994.consul", + RootPEMs: []string{`-----BEGIN CERTIFICATE----- +MIICczCCAdwCCQC3BLnEmLCrSjANBgkqhkiG9w0BAQsFADB+MQswCQYDVQQGEwJV +UzELMAkGA1UECAwCQVoxEjAQBgNVBAcMCUZsYWdzdGFmZjEMMAoGA1UECgwDRm9v +MRAwDgYDVQQLDAdleGFtcGxlMQ8wDQYDVQQDDAZwZWVyLWExHTAbBgkqhkiG9w0B +CQEWDmZvb0BwZWVyLWEuY29tMB4XDTIyMDUyNjAxMDQ0NFoXDTIzMDUyNjAxMDQ0 +NFowfjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkFaMRIwEAYDVQQHDAlGbGFnc3Rh +ZmYxDDAKBgNVBAoMA0ZvbzEQMA4GA1UECwwHZXhhbXBsZTEPMA0GA1UEAwwGcGVl +ci1hMR0wGwYJKoZIhvcNAQkBFg5mb29AcGVlci1hLmNvbTCBnzANBgkqhkiG9w0B +AQEFAAOBjQAwgYkCgYEA2zFYGTbXDAntT5pLTpZ2+VTiqx4J63VRJH1kdu11f0FV +c2jl1pqCuYDbQXknDU0Pv1Q5y0+nSAihD2KqGS571r+vHQiPtKYPYRqPEe9FzAhR +2KhWH6v/tk5DG1HqOjV9/zWRKB12gdFNZZqnw/e7NjLNq3wZ2UAwxXip5uJ8uwMC +AwEAATANBgkqhkiG9w0BAQsFAAOBgQC/CJ9Syf4aL91wZizKTejwouRYoWv4gRAk +yto45ZcNMHfJ0G2z+XAMl9ZbQsLgXmzAx4IM6y5Jckq8pKC4PEijCjlKTktLHlEy +0ggmFxtNB1tid2NC8dOzcQ3l45+gDjDqdILhAvLDjlAIebdkqVqb2CfFNW/I2CQH +ZAuKN1aoKA== +-----END CERTIFICATE-----`}, + }, + { + PeerName: "peer-b", + TrustDomain: "d89ac423-e95a-475d-94f2-1c557c57bf31.consul", + RootPEMs: []string{`-----BEGIN CERTIFICATE----- +MIICcTCCAdoCCQDyGxC08cD0BDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJV +UzELMAkGA1UECAwCQ0ExETAPBgNVBAcMCENhcmxzYmFkMQwwCgYDVQQKDANGb28x +EDAOBgNVBAsMB2V4YW1wbGUxDzANBgNVBAMMBnBlZXItYjEdMBsGCSqGSIb3DQEJ +ARYOZm9vQHBlZXItYi5jb20wHhcNMjIwNTI2MDExNjE2WhcNMjMwNTI2MDExNjE2 +WjB9MQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExETAPBgNVBAcMCENhcmxzYmFk +MQwwCgYDVQQKDANGb28xEDAOBgNVBAsMB2V4YW1wbGUxDzANBgNVBAMMBnBlZXIt +YjEdMBsGCSqGSIb3DQEJARYOZm9vQHBlZXItYi5jb20wgZ8wDQYJKoZIhvcNAQEB +BQADgY0AMIGJAoGBAL4i5erdZ5vKk3mzW9Qt6Wvw/WN/IpMDlL0a28wz9oDCtMLN +cD/XQB9yT5jUwb2s4mD1lCDZtee8MHeD8zygICozufWVB+u2KvMaoA50T9GMQD0E +z/0nz/Z703I4q13VHeTpltmEpYcfxw/7nJ3leKA34+Nj3zteJ70iqvD/TNBBAgMB +AAEwDQYJKoZIhvcNAQELBQADgYEAbL04gicH+EIznDNhZJEb1guMBtBBJ8kujPyU +ao8xhlUuorDTLwhLpkKsOhD8619oSS8KynjEBichidQRkwxIaze0a2mrGT+tGBMf +pVz6UeCkqpde6bSJ/ozEe/2seQzKqYvRT1oUjLwYvY7OIh2DzYibOAxh6fewYAmU +5j5qNLc= +-----END CERTIFICATE-----`}, + }, + }, + } +} + // TestCerts generates a CA and Leaf suitable for returning as mock CA // root/leaf cache requests. func TestCerts(t testing.T) (*structs.IndexedCARoots, *structs.IssuedCert) { @@ -671,6 +721,7 @@ func testConfigSnapshotFixture( PreparedQuery: &noopDataSource[*structs.PreparedQueryExecuteRequest]{}, ResolvedServiceConfig: &noopDataSource[*structs.ServiceConfigRequest]{}, ServiceList: &noopDataSource[*structs.DCSpecificRequest]{}, + TrustBundle: &noopDataSource[*pbpeering.TrustBundleReadRequest]{}, }, dnsConfig: DNSConfig{ // TODO: make configurable Domain: "consul", @@ -870,6 +921,7 @@ func NewTestDataSources() *TestDataSources { PreparedQuery: NewTestDataSource[*structs.PreparedQueryExecuteRequest, *structs.PreparedQueryExecuteResponse](), ResolvedServiceConfig: NewTestDataSource[*structs.ServiceConfigRequest, *structs.ServiceConfigResponse](), ServiceList: NewTestDataSource[*structs.DCSpecificRequest, *structs.IndexedServiceList](), + TrustBundle: NewTestDataSource[*pbpeering.TrustBundleReadRequest, *pbpeering.TrustBundleReadResponse](), } srcs.buildEnterpriseSources() return srcs @@ -892,8 +944,7 @@ type TestDataSources struct { PreparedQuery *TestDataSource[*structs.PreparedQueryExecuteRequest, *structs.PreparedQueryExecuteResponse] ResolvedServiceConfig *TestDataSource[*structs.ServiceConfigRequest, *structs.ServiceConfigResponse] ServiceList *TestDataSource[*structs.DCSpecificRequest, *structs.IndexedServiceList] - - TestDataSourcesEnterprise + TrustBundle *TestDataSource[*pbpeering.TrustBundleReadRequest, *pbpeering.TrustBundleReadResponse] } func (t *TestDataSources) ToDataSources() DataSources { @@ -913,6 +964,7 @@ func (t *TestDataSources) ToDataSources() DataSources { PreparedQuery: t.PreparedQuery, ResolvedServiceConfig: t.ResolvedServiceConfig, ServiceList: t.ServiceList, + TrustBundle: t.TrustBundle, } t.fillEnterpriseDataSources(&ds) return ds diff --git a/agent/proxycfg/testing_peering.go b/agent/proxycfg/testing_peering.go index 3b469f79d..09043c342 100644 --- a/agent/proxycfg/testing_peering.go +++ b/agent/proxycfg/testing_peering.go @@ -4,6 +4,7 @@ import ( "github.com/mitchellh/go-testing-interface" "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/proto/pbpeering" ) func TestConfigSnapshotPeering(t testing.T) *ConfigSnapshot { @@ -29,6 +30,12 @@ func TestConfigSnapshotPeering(t testing.T) *ConfigSnapshot { refundsUpstream, } }, []UpdateEvent{ + { + CorrelationID: peerTrustBundleIDPrefix + "cloud", + Result: &pbpeering.TrustBundleReadResponse{ + Bundle: TestPeerTrustBundles(t).Bundles[0], + }, + }, { CorrelationID: "upstream-target:payments.default.default.dc1:" + paymentsUID.String(), Result: &structs.IndexedCheckServiceNodes{ @@ -67,7 +74,7 @@ func TestConfigSnapshotPeering(t testing.T) *ConfigSnapshot { Port: 443, Connect: structs.ServiceConnect{ PeerMeta: &structs.PeeringServiceMeta{ - SpiffeID: []string{"spiffe://d89ac423-e95a-475d-94f2-1c557c57bf31.consul/ns/default/dc/cloud-dc/svc/refunds"}, + SpiffeID: []string{"spiffe://1c053652-8512-4373-90cf-5a7f6263a994.consul/ns/default/dc/cloud-dc/svc/refunds"}, }, }, }, diff --git a/agent/xds/clusters.go b/agent/xds/clusters.go index e4847bec4..b07a2c808 100644 --- a/agent/xds/clusters.go +++ b/agent/xds/clusters.go @@ -13,7 +13,6 @@ import ( envoy_upstreams_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/upstreams/http/v3" envoy_matcher_v3 "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3" envoy_type_v3 "github.com/envoyproxy/go-control-plane/envoy/type/v3" - "github.com/golang/protobuf/jsonpb" "github.com/golang/protobuf/proto" "github.com/golang/protobuf/ptypes/any" @@ -79,6 +78,8 @@ func (s *ResourceGenerator) clustersFromSnapshotConnectProxy(cfgSnap *proxycfg.C clusters = append(clusters, passthroughs...) } + // NOTE: Any time we skip a chain below we MUST also skip that discovery chain in endpoints.go + // so that the sets of endpoints generated matches the sets of clusters. for uid, chain := range cfgSnap.ConnectProxy.DiscoveryChain { upstreamCfg := cfgSnap.ConnectProxy.UpstreamConfig[uid] @@ -87,6 +88,10 @@ func (s *ResourceGenerator) clustersFromSnapshotConnectProxy(cfgSnap *proxycfg.C // Discovery chain is not associated with a known explicit or implicit upstream so it is skipped. continue } + if _, ok := cfgSnap.ConnectProxy.PeerTrustBundles[uid.Peer]; uid.Peer != "" && !ok { + // The trust bundle for this upstream is not available yet, skip for now. + continue + } chainEndpoints, ok := cfgSnap.ConnectProxy.WatchedUpstreamEndpoints[uid] if !ok { @@ -210,9 +215,9 @@ func makePassthroughClusters(cfgSnap *proxycfg.ConfigSnapshot) ([]proto.Message, Service: uid.Name, } - commonTLSContext := makeCommonTLSContextFromLeaf( - cfgSnap, + commonTLSContext := makeCommonTLSContext( cfgSnap.Leaf(), + cfgSnap.RootPEMs(), makeTLSParametersFromProxyTLSConfig(cfgSnap.MeshConfigTLSOutgoing()), ) err := injectSANMatcher(commonTLSContext, spiffeID.URI().String()) @@ -598,9 +603,9 @@ func (s *ResourceGenerator) makeUpstreamClusterForPreparedQuery(upstream structs } // Enable TLS upstream with the configured client certificate. - commonTLSContext := makeCommonTLSContextFromLeaf( - cfgSnap, + commonTLSContext := makeCommonTLSContext( cfgSnap.Leaf(), + cfgSnap.RootPEMs(), makeTLSParametersFromProxyTLSConfig(cfgSnap.MeshConfigTLSOutgoing()), ) err = injectSANMatcher(commonTLSContext, spiffeIDs...) @@ -794,9 +799,13 @@ func (s *ResourceGenerator) makeUpstreamClustersForDiscoveryChain( } } - commonTLSContext := makeCommonTLSContextFromLeaf( - cfgSnap, + rootPEMs := cfgSnap.RootPEMs() + if uid.Peer != "" { + rootPEMs = cfgSnap.ConnectProxy.PeerTrustBundles[uid.Peer].ConcatenatedRootPEMs() + } + commonTLSContext := makeCommonTLSContext( cfgSnap.Leaf(), + rootPEMs, makeTLSParametersFromProxyTLSConfig(cfgSnap.MeshConfigTLSOutgoing()), ) @@ -809,7 +818,6 @@ func (s *ResourceGenerator) makeUpstreamClustersForDiscoveryChain( CommonTlsContext: commonTLSContext, Sni: sni, } - transportSocket, err := makeUpstreamTLSTransportSocket(tlsContext) if err != nil { return nil, err diff --git a/agent/xds/endpoints.go b/agent/xds/endpoints.go index 711f854b2..dd415062e 100644 --- a/agent/xds/endpoints.go +++ b/agent/xds/endpoints.go @@ -48,6 +48,8 @@ func (s *ResourceGenerator) endpointsFromSnapshotConnectProxy(cfgSnap *proxycfg. resources := make([]proto.Message, 0, len(cfgSnap.ConnectProxy.PreparedQueryEndpoints)+len(cfgSnap.ConnectProxy.WatchedUpstreamEndpoints)) + // NOTE: Any time we skip a chain below we MUST also skip that discovery chain in clusters.go + // so that the sets of endpoints generated matches the sets of clusters. for uid, chain := range cfgSnap.ConnectProxy.DiscoveryChain { upstreamCfg := cfgSnap.ConnectProxy.UpstreamConfig[uid] @@ -56,6 +58,10 @@ func (s *ResourceGenerator) endpointsFromSnapshotConnectProxy(cfgSnap *proxycfg. // Discovery chain is not associated with a known explicit or implicit upstream so it is skipped. continue } + if _, ok := cfgSnap.ConnectProxy.PeerTrustBundles[uid.Peer]; uid.Peer != "" && !ok { + // The trust bundle for this upstream is not available yet, skip for now. + continue + } es := s.endpointsFromDiscoveryChain( uid, diff --git a/agent/xds/listeners.go b/agent/xds/listeners.go index 6b03122e8..01df37641 100644 --- a/agent/xds/listeners.go +++ b/agent/xds/listeners.go @@ -12,7 +12,7 @@ import ( "time" "github.com/hashicorp/consul/acl" - "github.com/hashicorp/consul/agent/connect/ca" + "github.com/hashicorp/consul/lib" "github.com/hashicorp/consul/types" "google.golang.org/protobuf/types/known/durationpb" "google.golang.org/protobuf/types/known/wrapperspb" @@ -761,9 +761,9 @@ func injectHTTPFilterOnFilterChains( func (s *ResourceGenerator) injectConnectTLSOnFilterChains(cfgSnap *proxycfg.ConfigSnapshot, listener *envoy_listener_v3.Listener) error { for idx := range listener.FilterChains { tlsContext := &envoy_tls_v3.DownstreamTlsContext{ - CommonTlsContext: makeCommonTLSContextFromLeaf( - cfgSnap, + CommonTlsContext: makeCommonTLSContext( cfgSnap.Leaf(), + cfgSnap.RootPEMs(), makeTLSParametersFromProxyTLSConfig(cfgSnap.MeshConfigTLSIncoming()), ), RequireClientCertificate: &wrappers.BoolValue{Value: true}, @@ -1109,9 +1109,9 @@ func (s *ResourceGenerator) makeFilterChainTerminatingGateway( protocol string, ) (*envoy_listener_v3.FilterChain, error) { tlsContext := &envoy_tls_v3.DownstreamTlsContext{ - CommonTlsContext: makeCommonTLSContextFromLeaf( - cfgSnap, + CommonTlsContext: makeCommonTLSContext( cfgSnap.TerminatingGateway.ServiceLeaves[service], + cfgSnap.RootPEMs(), makeTLSParametersFromProxyTLSConfig(cfgSnap.MeshConfigTLSIncoming()), ), RequireClientCertificate: &wrappers.BoolValue{Value: true}, @@ -1637,21 +1637,14 @@ func makeEnvoyHTTPFilter(name string, cfg proto.Message) (*envoy_http_v3.HttpFil }, nil } -func makeCommonTLSContextFromLeaf( - cfgSnap *proxycfg.ConfigSnapshot, +func makeCommonTLSContext( leaf *structs.IssuedCert, + rootPEMs string, tlsParams *envoy_tls_v3.TlsParameters, ) *envoy_tls_v3.CommonTlsContext { - // Concatenate all the root PEMs into one. - if cfgSnap.Roots == nil { + if rootPEMs == "" { return nil } - - rootPEMS := "" - for _, root := range cfgSnap.Roots.Roots { - rootPEMS += ca.EnsureTrailingNewline(root.RootCert) - } - if tlsParams == nil { tlsParams = &envoy_tls_v3.TlsParameters{} } @@ -1662,12 +1655,12 @@ func makeCommonTLSContextFromLeaf( { CertificateChain: &envoy_core_v3.DataSource{ Specifier: &envoy_core_v3.DataSource_InlineString{ - InlineString: ca.EnsureTrailingNewline(leaf.CertPEM), + InlineString: lib.EnsureTrailingNewline(leaf.CertPEM), }, }, PrivateKey: &envoy_core_v3.DataSource{ Specifier: &envoy_core_v3.DataSource_InlineString{ - InlineString: ca.EnsureTrailingNewline(leaf.PrivateKeyPEM), + InlineString: lib.EnsureTrailingNewline(leaf.PrivateKeyPEM), }, }, }, @@ -1677,7 +1670,7 @@ func makeCommonTLSContextFromLeaf( // TODO(banks): later for L7 support we may need to configure ALPN here. TrustedCa: &envoy_core_v3.DataSource{ Specifier: &envoy_core_v3.DataSource_InlineString{ - InlineString: rootPEMS, + InlineString: rootPEMs, }, }, }, diff --git a/agent/xds/listeners_ingress.go b/agent/xds/listeners_ingress.go index 5261bdb50..ba2019b43 100644 --- a/agent/xds/listeners_ingress.go +++ b/agent/xds/listeners_ingress.go @@ -180,7 +180,7 @@ func makeCommonTLSContextFromSnapshotListenerConfig(cfgSnap *proxycfg.ConfigSnap // Set up listener TLS from SDS tlsContext = makeCommonTLSContextFromGatewayTLSConfig(*tlsCfg) } else if connectTLSEnabled { - tlsContext = makeCommonTLSContextFromLeaf(cfgSnap, cfgSnap.Leaf(), makeTLSParametersFromGatewayTLSConfig(*tlsCfg)) + tlsContext = makeCommonTLSContext(cfgSnap.Leaf(), cfgSnap.RootPEMs(), makeTLSParametersFromGatewayTLSConfig(*tlsCfg)) } return tlsContext, nil diff --git a/agent/xds/testdata/clusters/connect-proxy-with-peered-upstreams.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-peered-upstreams.latest.golden index befaa062d..be0a0ef5a 100644 --- a/agent/xds/testdata/clusters/connect-proxy-with-peered-upstreams.latest.golden +++ b/agent/xds/testdata/clusters/connect-proxy-with-peered-upstreams.latest.golden @@ -71,7 +71,7 @@ ], "validationContext": { "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICczCCAdwCCQC3BLnEmLCrSjANBgkqhkiG9w0BAQsFADB+MQswCQYDVQQGEwJV\nUzELMAkGA1UECAwCQVoxEjAQBgNVBAcMCUZsYWdzdGFmZjEMMAoGA1UECgwDRm9v\nMRAwDgYDVQQLDAdleGFtcGxlMQ8wDQYDVQQDDAZwZWVyLWExHTAbBgkqhkiG9w0B\nCQEWDmZvb0BwZWVyLWEuY29tMB4XDTIyMDUyNjAxMDQ0NFoXDTIzMDUyNjAxMDQ0\nNFowfjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkFaMRIwEAYDVQQHDAlGbGFnc3Rh\nZmYxDDAKBgNVBAoMA0ZvbzEQMA4GA1UECwwHZXhhbXBsZTEPMA0GA1UEAwwGcGVl\nci1hMR0wGwYJKoZIhvcNAQkBFg5mb29AcGVlci1hLmNvbTCBnzANBgkqhkiG9w0B\nAQEFAAOBjQAwgYkCgYEA2zFYGTbXDAntT5pLTpZ2+VTiqx4J63VRJH1kdu11f0FV\nc2jl1pqCuYDbQXknDU0Pv1Q5y0+nSAihD2KqGS571r+vHQiPtKYPYRqPEe9FzAhR\n2KhWH6v/tk5DG1HqOjV9/zWRKB12gdFNZZqnw/e7NjLNq3wZ2UAwxXip5uJ8uwMC\nAwEAATANBgkqhkiG9w0BAQsFAAOBgQC/CJ9Syf4aL91wZizKTejwouRYoWv4gRAk\nyto45ZcNMHfJ0G2z+XAMl9ZbQsLgXmzAx4IM6y5Jckq8pKC4PEijCjlKTktLHlEy\n0ggmFxtNB1tid2NC8dOzcQ3l45+gDjDqdILhAvLDjlAIebdkqVqb2CfFNW/I2CQH\nZAuKN1aoKA==\n-----END CERTIFICATE-----\n" }, "matchSubjectAltNames": [ { @@ -129,11 +129,11 @@ ], "validationContext": { "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICczCCAdwCCQC3BLnEmLCrSjANBgkqhkiG9w0BAQsFADB+MQswCQYDVQQGEwJV\nUzELMAkGA1UECAwCQVoxEjAQBgNVBAcMCUZsYWdzdGFmZjEMMAoGA1UECgwDRm9v\nMRAwDgYDVQQLDAdleGFtcGxlMQ8wDQYDVQQDDAZwZWVyLWExHTAbBgkqhkiG9w0B\nCQEWDmZvb0BwZWVyLWEuY29tMB4XDTIyMDUyNjAxMDQ0NFoXDTIzMDUyNjAxMDQ0\nNFowfjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkFaMRIwEAYDVQQHDAlGbGFnc3Rh\nZmYxDDAKBgNVBAoMA0ZvbzEQMA4GA1UECwwHZXhhbXBsZTEPMA0GA1UEAwwGcGVl\nci1hMR0wGwYJKoZIhvcNAQkBFg5mb29AcGVlci1hLmNvbTCBnzANBgkqhkiG9w0B\nAQEFAAOBjQAwgYkCgYEA2zFYGTbXDAntT5pLTpZ2+VTiqx4J63VRJH1kdu11f0FV\nc2jl1pqCuYDbQXknDU0Pv1Q5y0+nSAihD2KqGS571r+vHQiPtKYPYRqPEe9FzAhR\n2KhWH6v/tk5DG1HqOjV9/zWRKB12gdFNZZqnw/e7NjLNq3wZ2UAwxXip5uJ8uwMC\nAwEAATANBgkqhkiG9w0BAQsFAAOBgQC/CJ9Syf4aL91wZizKTejwouRYoWv4gRAk\nyto45ZcNMHfJ0G2z+XAMl9ZbQsLgXmzAx4IM6y5Jckq8pKC4PEijCjlKTktLHlEy\n0ggmFxtNB1tid2NC8dOzcQ3l45+gDjDqdILhAvLDjlAIebdkqVqb2CfFNW/I2CQH\nZAuKN1aoKA==\n-----END CERTIFICATE-----\n" }, "matchSubjectAltNames": [ { - "exact": "spiffe://d89ac423-e95a-475d-94f2-1c557c57bf31.consul/ns/default/dc/cloud-dc/svc/refunds" + "exact": "spiffe://1c053652-8512-4373-90cf-5a7f6263a994.consul/ns/default/dc/cloud-dc/svc/refunds" } ] } diff --git a/lib/strings.go b/lib/strings.go new file mode 100644 index 000000000..fea1cf58b --- /dev/null +++ b/lib/strings.go @@ -0,0 +1,18 @@ +package lib + +import ( + "strings" +) + +// EnsureTrailingNewline adds a newline suffix to the input if not present. +// This is typically used to fix a case where the CA provider does not return a new line +// after certificates as per the specification. See GH-8178 for more context. +func EnsureTrailingNewline(str string) string { + if str == "" { + return str + } + if strings.HasSuffix(str, "\n") { + return str + } + return str + "\n" +} diff --git a/proto/pbpeering/peering.go b/proto/pbpeering/peering.go index b9da132f8..f19650f3c 100644 --- a/proto/pbpeering/peering.go +++ b/proto/pbpeering/peering.go @@ -1,9 +1,14 @@ package pbpeering import ( + "strconv" "time" + "github.com/mitchellh/hashstructure" + + "github.com/hashicorp/consul/agent/cache" "github.com/hashicorp/consul/api" + "github.com/hashicorp/consul/lib" ) // TODO(peering): These are byproducts of not embedding @@ -88,6 +93,48 @@ func (x ReplicationMessage_Response_Operation) GoString() string { return x.String() } +func (r *TrustBundleReadRequest) CacheInfo() cache.RequestInfo { + info := cache.RequestInfo{ + // TODO(peering): Revisit whether this is the token to use once request types accept a token. + Token: r.Token(), + Datacenter: r.Datacenter, + MinIndex: 0, + Timeout: 0, + MustRevalidate: false, + + // TODO(peering): Cache.notifyPollingQuery polls at this interval. We need to revisit how that polling works. + // Using an exponential backoff when the result hasn't changed may be preferable. + MaxAge: 1 * time.Second, + } + + v, err := hashstructure.Hash([]interface{}{ + r.Partition, + r.Name, + }, nil) + if err == nil { + // If there is an error, we don't set the key. A blank key forces + // no cache for this request so the request is forwarded directly + // to the server. + info.Key = strconv.FormatUint(v, 10) + } + + return info +} + +// ConcatenatedRootPEMs concatenates and returns all PEM-encoded public certificates +// in a peer's trust bundle. +func (b *PeeringTrustBundle) ConcatenatedRootPEMs() string { + if b == nil { + return "" + } + + var rootPEMs string + for _, pem := range b.RootPEMs { + rootPEMs += lib.EnsureTrailingNewline(pem) + } + return rootPEMs +} + // enumcover:PeeringState func PeeringStateToAPI(s PeeringState) api.PeeringState { switch s { From 073c9e3a91542a8894d696f500850dcc4d93619c Mon Sep 17 00:00:00 2001 From: freddygv Date: Mon, 23 May 2022 10:16:39 -0600 Subject: [PATCH 443/785] Update assumptions around exported-service config Given that the exported-services config entry can use wildcards, the precedence for wildcards is handled as with intentions. The most exact match is the match that applies for any given service. We do not take the union of all that apply. Another update that was made was to reflect that only one exported-services config entry applies to any given service in a partition. This is a pre-existing constraint that gets enforced by the Normalize() method on that config entry type. --- agent/consul/state/config_entry.go | 67 +-------- agent/consul/state/config_entry_oss_test.go | 154 ++++++++++---------- agent/consul/state/peering.go | 123 ++++++++++------ agent/consul/state/peering_test.go | 79 +++++----- agent/rpc/peering/service_test.go | 90 ++++++------ agent/structs/peering.go | 6 - 6 files changed, 240 insertions(+), 279 deletions(-) diff --git a/agent/consul/state/config_entry.go b/agent/consul/state/config_entry.go index 195cc3b91..e2cd8600f 100644 --- a/agent/consul/state/config_entry.go +++ b/agent/consul/state/config_entry.go @@ -603,6 +603,10 @@ func validateProposedConfigEntryInServiceGraph( wildcardEntMeta := kindName.WithWildcardNamespace() switch kindName.Kind { + case structs.ExportedServices, structs.MeshConfig: + // Exported services and mesh config do not influence discovery chains. + return nil + case structs.ProxyDefaults: // Check anything that has a discovery chain entry. In the future we could // somehow omit the ones that have a default protocol configured. @@ -1414,52 +1418,6 @@ func configEntryWithOverridesTxn( return configEntryTxn(tx, ws, kind, name, entMeta) } -// getExportedServicesConfigEntriesTxn fetches exported-service config entries and -// filters their exported services to only those that match serviceName and entMeta. -// Because the resulting config entries may have had their exported services modified, -// they *should not* be used in subsequent writes. -func getExportedServiceConfigEntriesTxn( - tx ReadTxn, - ws memdb.WatchSet, - serviceName string, - entMeta *acl.EnterpriseMeta, -) (uint64, []*structs.ExportedServicesConfigEntry, error) { - var exportedServicesEntries []*structs.ExportedServicesConfigEntry - // slice of names to match config entries against - matchCandidates := getExportedServicesMatchServiceNames(serviceName, entMeta) - // matcher func generator for currying the matcher func over EnterpriseMeta values - // from the associated config entry - matchFunc := func(matchMeta *acl.EnterpriseMeta) func(structs.ExportedService) bool { - return func(exportedService structs.ExportedService) bool { - matchSvcName := structs.NewServiceName(exportedService.Name, matchMeta) - for _, candidate := range matchCandidates { - if candidate.Matches(matchSvcName) { - return true - } - } - return false - } - } - idx, entries, err := configEntriesByKindTxn(tx, ws, structs.ExportedServices, entMeta) - if err != nil { - return 0, nil, err - } - for _, entry := range entries { - esEntry, ok := entry.(*structs.ExportedServicesConfigEntry) - if !ok { - return 0, nil, fmt.Errorf("type %T is not a %s config entry", esEntry, structs.ExportedServices) - } - // get a copy of the config entry with Services filtered to match serviceName - newEntry := filterExportedServices(esEntry, matchFunc(entry.GetEnterpriseMeta())) - // the filter will return a new entry, so checking to see if its services is empty says that there - // were matches and that we should include it in the results - if len(newEntry.Services) > 0 { - exportedServicesEntries = append(exportedServicesEntries, newEntry) - } - } - return idx, exportedServicesEntries, nil -} - // protocolForService returns the service graph protocol associated to the // provided service, checking all relevant config entries. func protocolForService( @@ -1502,23 +1460,6 @@ func protocolForService( return maxIdx, chain.Protocol, nil } -// filterExportedServices returns the slice of ExportedService that matc ffor matching service names -// returning a copy of entry with only the services that match one of the -// services in candidates. -func filterExportedServices( - entry *structs.ExportedServicesConfigEntry, - testFunc func(structs.ExportedService) bool, -) *structs.ExportedServicesConfigEntry { - newEntry := *entry - newEntry.Services = []structs.ExportedService{} - for _, ceSvc := range entry.Services { - if testFunc(ceSvc) { - newEntry.Services = append(newEntry.Services, ceSvc) - } - } - return &newEntry -} - func newConfigEntryQuery(c structs.ConfigEntry) configentry.KindName { return configentry.NewKindName(c.GetKind(), c.GetName(), c.GetEnterpriseMeta()) } diff --git a/agent/consul/state/config_entry_oss_test.go b/agent/consul/state/config_entry_oss_test.go index 9f6a1ef44..4d121ba32 100644 --- a/agent/consul/state/config_entry_oss_test.go +++ b/agent/consul/state/config_entry_oss_test.go @@ -40,120 +40,124 @@ func testIndexerTableConfigEntries() map[string]indexerTestCase { } } -func TestStore_ExportedServices(t *testing.T) { +func TestStore_peersForService(t *testing.T) { + queryName := "foo" + type testCase struct { name string - write []structs.ConfigEntry - query string - expect []*structs.ExportedServicesConfigEntry + write structs.ConfigEntry + expect []string } cases := []testCase{ { name: "empty everything", - write: []structs.ConfigEntry{}, - query: "foo", - expect: []*structs.ExportedServicesConfigEntry{}, + expect: nil, }, { - name: "no matching exported services", - write: []structs.ConfigEntry{ - &structs.ProxyConfigEntry{Name: "foo"}, - &structs.ProxyConfigEntry{Name: "bar"}, - &structs.ExportedServicesConfigEntry{ - Name: "baz", - Services: []structs.ExportedService{ - {Name: "baz"}, + name: "service is not exported", + write: &structs.ExportedServicesConfigEntry{ + Name: "default", + Services: []structs.ExportedService{ + { + Name: "not-" + queryName, + Consumers: []structs.ServiceConsumer{ + { + PeerName: "zip", + }, + }, }, }, }, - query: "foo", - expect: []*structs.ExportedServicesConfigEntry{}, + expect: nil, }, { - name: "exact match service name", - write: []structs.ConfigEntry{ - &structs.ExportedServicesConfigEntry{ - Name: "foo", - Services: []structs.ExportedService{ - {Name: "foo"}, + name: "wildcard name matches", + write: &structs.ExportedServicesConfigEntry{ + Name: "default", + Services: []structs.ExportedService{ + { + Name: "not-" + queryName, + Consumers: []structs.ServiceConsumer{ + { + PeerName: "zip", + }, + }, }, - }, - &structs.ExportedServicesConfigEntry{ - Name: "bar", - Services: []structs.ExportedService{ - {Name: "bar"}, - }, - }, - }, - query: "bar", - expect: []*structs.ExportedServicesConfigEntry{ - { - Name: "bar", - Services: []structs.ExportedService{ - {Name: "bar"}, + { + Name: structs.WildcardSpecifier, + Consumers: []structs.ServiceConsumer{ + { + PeerName: "bar", + }, + { + PeerName: "baz", + }, + }, }, }, }, + expect: []string{"bar", "baz"}, }, { - name: "wildcard match on service name", - write: []structs.ConfigEntry{ - &structs.ExportedServicesConfigEntry{ - Name: "foo", - Services: []structs.ExportedService{ - {Name: "foo"}, + name: "exact name takes precedence over wildcard", + write: &structs.ExportedServicesConfigEntry{ + Name: "default", + Services: []structs.ExportedService{ + { + Name: queryName, + Consumers: []structs.ServiceConsumer{ + { + PeerName: "baz", + }, + }, }, - }, - &structs.ExportedServicesConfigEntry{ - Name: "wildcard", - Services: []structs.ExportedService{ - {Name: structs.WildcardSpecifier}, - }, - }, - }, - query: "foo", - expect: []*structs.ExportedServicesConfigEntry{ - { - Name: "foo", - Services: []structs.ExportedService{ - {Name: "foo"}, - }, - }, - { - Name: "wildcard", - Services: []structs.ExportedService{ - {Name: structs.WildcardSpecifier}, + { + Name: structs.WildcardSpecifier, + Consumers: []structs.ServiceConsumer{ + { + PeerName: "zip", + }, + }, }, }, }, + expect: []string{"baz"}, }, } for _, tc := range cases { t.Run(tc.name, func(t *testing.T) { s := testStateStore(t) + var lastIdx uint64 - // Write the entries. - for idx, entry := range tc.write { - require.NoError(t, s.EnsureConfigEntry(uint64(idx+1), entry)) + // Write the entry. + if tc.write != nil { + require.NoError(t, tc.write.Normalize()) + require.NoError(t, tc.write.Validate()) + + lastIdx++ + require.NoError(t, s.EnsureConfigEntry(lastIdx, tc.write)) } // Read the entries back. tx := s.db.ReadTxn() defer tx.Abort() - idx, entries, err := getExportedServiceConfigEntriesTxn(tx, nil, tc.query, acl.DefaultEnterpriseMeta()) + + idx, peers, err := peersForServiceTxn(tx, nil, queryName, acl.DefaultEnterpriseMeta()) require.NoError(t, err) - require.Equal(t, uint64(len(tc.write)), idx) + + // This is a little weird, but when there are no results, the index returned should be the max index for the + // config entries table so that the caller can watch for changes to it + if len(peers) == 0 { + require.Equal(t, maxIndexTxn(tx, tableConfigEntries), idx) + } else { + require.Equal(t, lastIdx, idx) + } // Verify the result. - require.Len(t, entries, len(tc.expect)) - for idx, got := range entries { - // ignore raft fields - got.ModifyIndex = 0 - got.CreateIndex = 0 - require.Equal(t, tc.expect[idx], got) - } + require.Len(t, peers, len(tc.expect)) + require.Equal(t, tc.expect, peers) }) } } diff --git a/agent/consul/state/peering.go b/agent/consul/state/peering.go index e566532b6..835e9642d 100644 --- a/agent/consul/state/peering.go +++ b/agent/consul/state/peering.go @@ -439,35 +439,37 @@ func (s *Store) exportedServicesForPeerTxn(ws memdb.WatchSet, tx ReadTxn, peerin // PeeringsForService returns the list of peerings that are associated with the service name provided in the query. // This is used to configure connect proxies for a given service. The result is generated by querying for exported // service config entries and filtering for those that match the given service. +// // TODO(peering): this implementation does all of the work on read to materialize this list of peerings, we should explore // writing to a separate index that has service peerings prepared ahead of time should this become a performance bottleneck. func (s *Store) PeeringsForService(ws memdb.WatchSet, serviceName string, entMeta acl.EnterpriseMeta) (uint64, []*pbpeering.Peering, error) { tx := s.db.ReadTxn() defer tx.Abort() - // short-circuit if the service does not exist in the context of the query -- this prevents "leaking" services + // Short-circuit if the service does not exist in the context of the query -- this prevents "leaking" services // when there are wildcard rules in place. if svcIdx, svcExists, err := serviceExists(tx, ws, serviceName, &entMeta, ""); err != nil { return 0, nil, fmt.Errorf("failed to check if service exists: %w", err) + } else if !svcExists { - // if the service does not exist, return the max index for the services table so caller can watch for changes + // If the service does not exist, return the max index for the services table so caller can watch for changes. return svcIdx, nil, nil + } - // config entries must be defined in the default namespace, so we only need the partition here - meta := structs.DefaultEnterpriseMetaInPartition(entMeta.PartitionOrDefault()) - // return the idx of the config entry that was last modified so caller can watch for changes - idx, peeredServices, err := readPeeredServicesFromConfigEntriesTxn(tx, ws, serviceName, meta) + + // Return the idx of the config entry so the caller can watch for changes. + idx, peerNames, err := peersForServiceTxn(tx, ws, serviceName, &entMeta) if err != nil { - return 0, nil, fmt.Errorf("failed to read peered services for service name: %w", err) + return 0, nil, fmt.Errorf("failed to read peers for service name %q: %w", serviceName, err) } var peerings []*pbpeering.Peering - // lookup the peering for each matching peered service - for _, peeredService := range peeredServices { + // Lookup and return the peering corresponding to each name. + for _, name := range peerNames { readQuery := Query{ - Value: peeredService.PeerName, - EnterpriseMeta: peeredService.Name.EnterpriseMeta, + Value: name, + EnterpriseMeta: *structs.NodeEnterpriseMetaInPartition(entMeta.PartitionOrDefault()), } _, peering, err := peeringReadTxn(tx, ws, readQuery) if err != nil { @@ -478,7 +480,6 @@ func (s *Store) PeeringsForService(ws memdb.WatchSet, serviceName string, entMet } peerings = append(peerings, peering) } - // see note above about idx return idx, peerings, nil } @@ -597,50 +598,80 @@ func (r *Restore) PeeringTrustBundle(ptb *pbpeering.PeeringTrustBundle) error { return nil } -// readPeeredServicesFromConfigEntriesTxn queries exported-service config entries to return peers for serviceName -// in the form of a []structs.PeeredService. -func readPeeredServicesFromConfigEntriesTxn( +// peersForServiceTxn returns the names of all peers that a service is exported to. +func peersForServiceTxn( tx ReadTxn, ws memdb.WatchSet, serviceName string, entMeta *acl.EnterpriseMeta, -) (uint64, []structs.PeeredService, error) { - var results []structs.PeeredService +) (uint64, []string, error) { + // Exported service config entries are scoped to partitions so they are in the default namespace. + partitionMeta := structs.DefaultEnterpriseMetaInPartition(entMeta.PartitionOrDefault()) - // Get all exported-service config entries for that have exports for serviceName. This assumes the result - // has exported services filtered to only those matching serviceName so no futher filtering is needed. - idx, exportedServicesEntries, err := getExportedServiceConfigEntriesTxn(tx, ws, serviceName, entMeta) + idx, rawEntry, err := configEntryTxn(tx, ws, structs.ExportedServices, partitionMeta.PartitionOrDefault(), partitionMeta) if err != nil { return 0, nil, err } + if rawEntry == nil { + return idx, nil, err + } - // dedupe results by peer name - resultSet := make(map[string]struct{}) - // filter entries to only those that have a peer consumer defined - for _, entry := range exportedServicesEntries { - for _, service := range entry.Services { - // entries must have consumers - if service.Consumers == nil || len(service.Consumers) == 0 { - continue - } - for _, consumer := range service.Consumers { - // and consumers must have a peer - if consumer.PeerName == "" { - continue - } - // if we get here, we have a peer consumer, but we should dedupe peer names, so skip if it's already in the set - if _, ok := resultSet[consumer.PeerName]; ok { - continue - } + entry, ok := rawEntry.(*structs.ExportedServicesConfigEntry) + if !ok { + return 0, nil, fmt.Errorf("unexpected type %T for pbpeering.Peering index", rawEntry) + } - // if we got here, we can add to the result set - resultSet[consumer.PeerName] = struct{}{} - result := structs.PeeredService{ - Name: structs.NewServiceName(serviceName, entry.GetEnterpriseMeta()), - PeerName: consumer.PeerName, - } - results = append(results, result) - } + var ( + wildcardNamespaceIdx = -1 + wildcardServiceIdx = -1 + exactMatchIdx = -1 + ) + + // Ensure the metadata is defaulted since we make assertions against potentially empty values below. + // In OSS this is a no-op. + if entMeta == nil { + entMeta = acl.DefaultEnterpriseMeta() + } + entMeta.Normalize() + + // Services can be exported via wildcards or by their exact name: + // Namespace: *, Service: * + // Namespace: Exact, Service: * + // Namespace: Exact, Service: Exact + for i, service := range entry.Services { + switch { + case service.Namespace == structs.WildcardSpecifier: + wildcardNamespaceIdx = i + + case service.Name == structs.WildcardSpecifier && service.Namespace == entMeta.NamespaceOrEmpty(): + wildcardServiceIdx = i + + case service.Name == serviceName && service.Namespace == entMeta.NamespaceOrEmpty(): + exactMatchIdx = i + } + } + + var results []string + + // Prefer the exact match over the wildcard match. This matches how we handle intention precedence. + var targetIdx int + switch { + case exactMatchIdx >= 0: + targetIdx = exactMatchIdx + + case wildcardServiceIdx >= 0: + targetIdx = wildcardServiceIdx + + case wildcardNamespaceIdx >= 0: + targetIdx = wildcardNamespaceIdx + + default: + return idx, results, nil + } + + for _, c := range entry.Services[targetIdx].Consumers { + if c.PeerName != "" { + results = append(results, c.PeerName) } } return idx, results, nil diff --git a/agent/consul/state/peering_test.go b/agent/consul/state/peering_test.go index 53b80cb9c..018cf8164 100644 --- a/agent/consul/state/peering_test.go +++ b/agent/consul/state/peering_test.go @@ -907,7 +907,7 @@ func TestStateStore_PeeringsForService(t *testing.T) { name string services []structs.ServiceName peerings []*pbpeering.Peering - entries []*structs.ExportedServicesConfigEntry + entry *structs.ExportedServicesConfigEntry query []string expect [][]*pbpeering.Peering expectIdx uint64 @@ -945,9 +945,10 @@ func TestStateStore_PeeringsForService(t *testing.T) { } // Write the config entries. - for _, entry := range tc.entries { + if tc.entry != nil { lastIdx++ - require.NoError(t, s.EnsureConfigEntry(lastIdx, entry)) + require.NoError(t, tc.entry.Normalize()) + require.NoError(t, s.EnsureConfigEntry(lastIdx, tc.entry)) } // Query for peers. @@ -976,7 +977,7 @@ func TestStateStore_PeeringsForService(t *testing.T) { {Name: "foo"}, }, peerings: []*pbpeering.Peering{}, - entries: []*structs.ExportedServicesConfigEntry{}, + entry: nil, query: []string{"foo"}, expect: [][]*pbpeering.Peering{{}}, }, @@ -986,7 +987,7 @@ func TestStateStore_PeeringsForService(t *testing.T) { {Name: "foo"}, }, peerings: []*pbpeering.Peering{}, - entries: []*structs.ExportedServicesConfigEntry{}, + entry: nil, query: []string{"bar"}, expect: [][]*pbpeering.Peering{{}}, expectIdx: uint64(2), // catalog services max index @@ -1001,24 +1002,22 @@ func TestStateStore_PeeringsForService(t *testing.T) { {Name: "peer1", State: pbpeering.PeeringState_INITIAL}, {Name: "peer2", State: pbpeering.PeeringState_INITIAL}, }, - entries: []*structs.ExportedServicesConfigEntry{ - { - Name: "ce1", - Services: []structs.ExportedService{ - { - Name: "foo", - Consumers: []structs.ServiceConsumer{ - { - PeerName: "peer1", - }, + entry: &structs.ExportedServicesConfigEntry{ + Name: "default", + Services: []structs.ExportedService{ + { + Name: "foo", + Consumers: []structs.ServiceConsumer{ + { + PeerName: "peer1", }, }, - { - Name: "bar", - Consumers: []structs.ServiceConsumer{ - { - PeerName: "peer2", - }, + }, + { + Name: "bar", + Consumers: []structs.ServiceConsumer{ + { + PeerName: "peer2", }, }, }, @@ -1046,27 +1045,25 @@ func TestStateStore_PeeringsForService(t *testing.T) { {Name: "peer2", State: pbpeering.PeeringState_INITIAL}, {Name: "peer3", State: pbpeering.PeeringState_INITIAL}, }, - entries: []*structs.ExportedServicesConfigEntry{ - { - Name: "ce1", - Services: []structs.ExportedService{ - { - Name: "*", - Consumers: []structs.ServiceConsumer{ - { - PeerName: "peer1", - }, - { - PeerName: "peer2", - }, + entry: &structs.ExportedServicesConfigEntry{ + Name: "default", + Services: []structs.ExportedService{ + { + Name: "*", + Consumers: []structs.ServiceConsumer{ + { + PeerName: "peer1", + }, + { + PeerName: "peer2", }, }, - { - Name: "bar", - Consumers: []structs.ServiceConsumer{ - { - PeerName: "peer3", - }, + }, + { + Name: "bar", + Consumers: []structs.ServiceConsumer{ + { + PeerName: "peer3", }, }, }, @@ -1079,8 +1076,6 @@ func TestStateStore_PeeringsForService(t *testing.T) { {Name: "peer2", State: pbpeering.PeeringState_INITIAL}, }, { - {Name: "peer1", State: pbpeering.PeeringState_INITIAL}, - {Name: "peer2", State: pbpeering.PeeringState_INITIAL}, {Name: "peer3", State: pbpeering.PeeringState_INITIAL}, }, }, diff --git a/agent/rpc/peering/service_test.go b/agent/rpc/peering/service_test.go index 0d30987da..c1bb121ec 100644 --- a/agent/rpc/peering/service_test.go +++ b/agent/rpc/peering/service_test.go @@ -359,24 +359,22 @@ func TestPeeringService_TrustBundleRead(t *testing.T) { } func TestPeeringService_TrustBundleListByService(t *testing.T) { - // test executes the following scenario: - // 0 - initial setup test server, state store, RPC client, verify empty results - // 1 - create a service, verify results still empty - // 2 - create a peering, verify results still empty - // 3 - create a config entry, verify results still empty - // 4 - create trust bundles, verify bundles are returned - // 5 - delete the config entry, verify results empty - // 6 - restore config entry, verify bundles are returned - // 7 - add peering, trust bundles, wildcard config entry, verify updated results are present - // 8 - delete first config entry, verify bundles are returned - // 9 - delete the service, verify results empty + // Test executes the following scenario: + // 0 - Initial setup test server, state store, RPC client, verify empty results + // 1 - Create a service, verify results still empty + // 2 - Create a peering, verify results still empty + // 3 - Create a config entry, verify results still empty + // 4 - Create trust bundles, verify bundles are returned + // 5 - Delete the config entry, verify results empty + // 6 - Restore config entry, verify bundles are returned + // 7 - Add a second peering that the test service is not exported to + // 8 - Export the service to the new peering + // 9 - Delete the service // Note: these steps are dependent on each other by design so that we can verify that // combinations of services, peerings, trust bundles, and config entries all affect results - // fixed for the test nodeName := "test-node" - // keep track of index across steps var lastIdx uint64 // Create test server @@ -445,6 +443,7 @@ func TestPeeringService_TrustBundleListByService(t *testing.T) { // Write any config entries for _, entry := range deps.entries { idx++ + require.NoError(t, entry.Normalize()) require.NoError(t, store.EnsureConfigEntry(idx, entry)) } @@ -460,6 +459,8 @@ func TestPeeringService_TrustBundleListByService(t *testing.T) { // TODO(peering): see note on newTestServer, once we have a better server mock, // we should add functionality here to verify errors from backend verify := func(t *testing.T, tc *testCase) { + t.Helper() + ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) t.Cleanup(cancel) @@ -478,7 +479,7 @@ func TestPeeringService_TrustBundleListByService(t *testing.T) { // Execute scenario steps // ---------------------- - // 0 - initial empty state + // 0 - Initial empty state. // ----------------------- verify(t, &testCase{ req: &pbpeering.TrustBundleListByServiceRequest{ @@ -489,7 +490,7 @@ func TestPeeringService_TrustBundleListByService(t *testing.T) { }, }) - // 1 - create a service, verify results still empty + // 1 - Create a service, verify results still empty. // ------------------------------------------------ lastIdx = setup(t, lastIdx, testDeps{services: []string{"foo"}}) verify(t, &testCase{ @@ -501,7 +502,7 @@ func TestPeeringService_TrustBundleListByService(t *testing.T) { }, }) - // 2 - create a peering, verify results still empty + // 2 - Create a peering, verify results still empty. // ------------------------------------------------ lastIdx = setup(t, lastIdx, testDeps{ peerings: []*pbpeering.Peering{ @@ -522,12 +523,12 @@ func TestPeeringService_TrustBundleListByService(t *testing.T) { }, }) - // 3 - create a config entry, verify results still empty + // 3 - Create a config entry, verify results still empty. // ----------------------------------------------------- lastIdx = setup(t, lastIdx, testDeps{ entries: []*structs.ExportedServicesConfigEntry{ { - Name: "export-foo", + Name: "default", Services: []structs.ExportedService{ { Name: "foo", @@ -550,7 +551,7 @@ func TestPeeringService_TrustBundleListByService(t *testing.T) { }, }) - // 4 - create trust bundles, verify bundles are returned + // 4 - Create trust bundles, verify bundles are returned. // ----------------------------------------------------- lastIdx = setup(t, lastIdx, testDeps{ bundles: []*pbpeering.PeeringTrustBundle{ @@ -576,10 +577,10 @@ func TestPeeringService_TrustBundleListByService(t *testing.T) { }, }) - // 5 - delete the config entry, verify results empty + // 5 - Delete the config entry, verify results empty. // ------------------------------------------------- lastIdx++ - require.NoError(t, store.DeleteConfigEntry(lastIdx, structs.ExportedServices, "export-foo", nil)) + require.NoError(t, store.DeleteConfigEntry(lastIdx, structs.ExportedServices, "default", nil)) verify(t, &testCase{ req: &pbpeering.TrustBundleListByServiceRequest{ ServiceName: "foo", @@ -589,12 +590,12 @@ func TestPeeringService_TrustBundleListByService(t *testing.T) { }, }) - // 6 - restore config entry, verify bundles are returned + // 6 - Restore config entry, verify bundles are returned. // ----------------------------------------------------- lastIdx = setup(t, lastIdx, testDeps{ entries: []*structs.ExportedServicesConfigEntry{ { - Name: "export-foo", + Name: "default", Services: []structs.ExportedService{ { Name: "foo", @@ -621,10 +622,9 @@ func TestPeeringService_TrustBundleListByService(t *testing.T) { }, }) - // 7 - add peering, trust bundles, wildcard config entry, verify updated results are present + // 7 - Add new peer and trust bundle. It should be ignored because foo is not exported to it. // ----------------------------------------------------------------------------------------- lastIdx = setup(t, lastIdx, testDeps{ - services: []string{"bar"}, peerings: []*pbpeering.Peering{ { Name: "peer2", @@ -633,20 +633,6 @@ func TestPeeringService_TrustBundleListByService(t *testing.T) { PeerServerAddresses: []string{"peer2-addr"}, }, }, - entries: []*structs.ExportedServicesConfigEntry{ - { - Name: "export-all", - Services: []structs.ExportedService{ - { - Name: structs.WildcardSpecifier, - Consumers: []structs.ServiceConsumer{ - {PeerName: "peer1"}, - {PeerName: "peer2"}, - }, - }, - }, - }, - }, bundles: []*pbpeering.PeeringTrustBundle{ { TrustDomain: "peer2.com", @@ -666,18 +652,28 @@ func TestPeeringService_TrustBundleListByService(t *testing.T) { PeerName: "peer1", RootPEMs: []string{"peer1-root-1"}, }, - { - TrustDomain: "peer2.com", - PeerName: "peer2", - RootPEMs: []string{"peer2-root-1"}, - }, }, }, }) - // 8 - delete first config entry, verify bundles are returned - lastIdx++ - require.NoError(t, store.DeleteConfigEntry(lastIdx, structs.ExportedServices, "export-foo", nil)) + // 8 - Replace config entry to export all services to both peers + // ----------------------------------------------------------------------------------------- + lastIdx = setup(t, lastIdx, testDeps{ + entries: []*structs.ExportedServicesConfigEntry{ + { + Name: "default", + Services: []structs.ExportedService{ + { + Name: structs.WildcardSpecifier, + Consumers: []structs.ServiceConsumer{ + {PeerName: "peer1"}, + {PeerName: "peer2"}, + }, + }, + }, + }, + }, + }) verify(t, &testCase{ req: &pbpeering.TrustBundleListByServiceRequest{ ServiceName: "foo", diff --git a/agent/structs/peering.go b/agent/structs/peering.go index bd0351bb3..1cf74bdaa 100644 --- a/agent/structs/peering.go +++ b/agent/structs/peering.go @@ -8,12 +8,6 @@ type PeeringToken struct { PeerID string } -// PeeredService is a service that has been configured with an exported-service config entry to be exported to a peer. -type PeeredService struct { - Name ServiceName - PeerName string -} - // NOTE: this is not serialized via msgpack so it can be changed without concern. type ExportedServiceList struct { // Services is a list of exported services that apply to both standard From ad6dbe081a2f069dcaedee79022526bf151bf2ff Mon Sep 17 00:00:00 2001 From: freddygv Date: Mon, 23 May 2022 17:57:42 -0600 Subject: [PATCH 444/785] Add agent cache-type for TrustBundleListByService There are a handful of changes in this commit: * When querying trust bundles for a service we need to be able to specify the namespace of the service. * The endpoint needs to track the index because the cache watches use it. * Extracted bulk of the endpoint's logic to a state store function so that index tracking could be tested more easily. * Removed check for service existence, deferring that sort of work to ACL authz * Added the cache type --- acl/enterprisemeta_oss.go | 4 + agent/agent.go | 2 + agent/cache-types/trust_bundle_test.go | 6 +- agent/cache-types/trust_bundles.go | 50 +++ agent/cache-types/trust_bundles_test.go | 152 +++++++++ agent/consul/state/catalog.go | 18 -- agent/consul/state/peering.go | 61 +++- agent/consul/state/peering_test.go | 227 +++++++++++++- agent/rpc/peering/service.go | 29 +- agent/rpc/peering/service_test.go | 399 +++++------------------- proto/pbpeering/peering.go | 29 ++ proto/pbpeering/peering.pb.go | 399 +++++++++++++----------- proto/pbpeering/peering.proto | 8 +- 13 files changed, 794 insertions(+), 590 deletions(-) create mode 100644 agent/cache-types/trust_bundles.go create mode 100644 agent/cache-types/trust_bundles_test.go diff --git a/acl/enterprisemeta_oss.go b/acl/enterprisemeta_oss.go index 44075a44f..7623709a9 100644 --- a/acl/enterprisemeta_oss.go +++ b/acl/enterprisemeta_oss.go @@ -58,6 +58,10 @@ func (m *EnterpriseMeta) NamespaceOrDefault() string { return DefaultNamespaceName } +func EqualNamespaces(_, _ string) bool { + return true +} + func NamespaceOrDefault(_ string) string { return DefaultNamespaceName } diff --git a/agent/agent.go b/agent/agent.go index cb6ba1a94..ebaa339f1 100644 --- a/agent/agent.go +++ b/agent/agent.go @@ -4103,6 +4103,8 @@ func (a *Agent) registerCache() { a.cache.RegisterType(cachetype.FederationStateListMeshGatewaysName, &cachetype.FederationStateListMeshGateways{RPC: a}) + a.cache.RegisterType(cachetype.TrustBundleListName, &cachetype.TrustBundles{Client: a.rpcClientPeering}) + a.registerEntCache() } diff --git a/agent/cache-types/trust_bundle_test.go b/agent/cache-types/trust_bundle_test.go index 8e18e69fe..fa3d016a2 100644 --- a/agent/cache-types/trust_bundle_test.go +++ b/agent/cache-types/trust_bundle_test.go @@ -11,7 +11,7 @@ import ( "github.com/stretchr/testify/require" ) -func TestTrustBundles(t *testing.T) { +func TestTrustBundle(t *testing.T) { client := NewMockTrustBundleReader(t) typ := &TrustBundle{Client: client} @@ -43,7 +43,7 @@ func TestTrustBundles(t *testing.T) { }, result) } -func TestTrustBundles_badReqType(t *testing.T) { +func TestTrustBundle_badReqType(t *testing.T) { client := pbpeering.NewPeeringServiceClient(nil) typ := &TrustBundle{Client: client} @@ -55,7 +55,7 @@ func TestTrustBundles_badReqType(t *testing.T) { } // This test asserts that we can continuously poll this cache type, given that it doesn't support blocking. -func TestTrustBundles_MultipleUpdates(t *testing.T) { +func TestTrustBundle_MultipleUpdates(t *testing.T) { c := cache.New(cache.Options{}) client := NewMockTrustBundleReader(t) diff --git a/agent/cache-types/trust_bundles.go b/agent/cache-types/trust_bundles.go new file mode 100644 index 000000000..f4cd2d3c1 --- /dev/null +++ b/agent/cache-types/trust_bundles.go @@ -0,0 +1,50 @@ +package cachetype + +import ( + "context" + "fmt" + + "github.com/hashicorp/consul/agent/cache" + "github.com/hashicorp/consul/proto/pbpeering" + "google.golang.org/grpc" +) + +// Recommended name for registration. +const TrustBundleListName = "trust-bundles" + +// TrustBundles supports fetching discovering service instances via prepared +// queries. +type TrustBundles struct { + RegisterOptionsNoRefresh + Client TrustBundleLister +} + +type TrustBundleLister interface { + TrustBundleListByService( + ctx context.Context, in *pbpeering.TrustBundleListByServiceRequest, opts ...grpc.CallOption, + ) (*pbpeering.TrustBundleListByServiceResponse, error) +} + +func (t *TrustBundles) Fetch(_ cache.FetchOptions, req cache.Request) (cache.FetchResult, error) { + var result cache.FetchResult + + // The request should be a TrustBundleListByServiceRequest. + // We do not need to make a copy of this request type like in other cache types + // because the RequestInfo is synthetic. + reqReal, ok := req.(*pbpeering.TrustBundleListByServiceRequest) + if !ok { + return result, fmt.Errorf( + "Internal cache failure: request wrong type: %T", req) + } + + // Fetch + reply, err := t.Client.TrustBundleListByService(context.Background(), reqReal) + if err != nil { + return result, err + } + + result.Value = reply + result.Index = reply.Index + + return result, nil +} diff --git a/agent/cache-types/trust_bundles_test.go b/agent/cache-types/trust_bundles_test.go new file mode 100644 index 000000000..451508b0d --- /dev/null +++ b/agent/cache-types/trust_bundles_test.go @@ -0,0 +1,152 @@ +package cachetype + +import ( + "context" + "testing" + "time" + + "github.com/hashicorp/consul/agent/cache" + "github.com/hashicorp/consul/proto/pbpeering" + "github.com/stretchr/testify/mock" + "github.com/stretchr/testify/require" + "google.golang.org/grpc" +) + +func TestTrustBundles(t *testing.T) { + client := NewMockTrustBundleLister(t) + typ := &TrustBundles{Client: client} + + resp := &pbpeering.TrustBundleListByServiceResponse{ + Index: 48, + Bundles: []*pbpeering.PeeringTrustBundle{ + { + PeerName: "peer1", + RootPEMs: []string{"peer1-roots"}, + }, + }, + } + + // Expect the proper call. + // This also returns the canned response above. + client.On("TrustBundleListByService", mock.Anything, mock.Anything). + Run(func(args mock.Arguments) { + req := args.Get(1).(*pbpeering.TrustBundleListByServiceRequest) + require.Equal(t, "foo", req.ServiceName) + }). + Return(resp, nil) + + // Fetch and assert against the result. + result, err := typ.Fetch(cache.FetchOptions{}, &pbpeering.TrustBundleListByServiceRequest{ + ServiceName: "foo", + }) + require.NoError(t, err) + require.Equal(t, cache.FetchResult{ + Value: resp, + Index: 48, + }, result) +} + +func TestTrustBundles_badReqType(t *testing.T) { + client := pbpeering.NewPeeringServiceClient(nil) + typ := &TrustBundles{Client: client} + + // Fetch + _, err := typ.Fetch(cache.FetchOptions{}, cache.TestRequest( + t, cache.RequestInfo{Key: "foo", MinIndex: 64})) + require.Error(t, err) + require.Contains(t, err.Error(), "wrong type") +} + +// This test asserts that we can continuously poll this cache type, given that it doesn't support blocking. +func TestTrustBundles_MultipleUpdates(t *testing.T) { + c := cache.New(cache.Options{}) + + client := NewMockTrustBundleLister(t) + + // On each mock client call to TrustBundleList by service we will increment the index by 1 + // to simulate new data arriving. + resp := &pbpeering.TrustBundleListByServiceResponse{ + Index: uint64(0), + } + + client.On("TrustBundleListByService", mock.Anything, mock.Anything). + Run(func(args mock.Arguments) { + req := args.Get(1).(*pbpeering.TrustBundleListByServiceRequest) + require.Equal(t, "foo", req.ServiceName) + + // Increment on each call. + resp.Index++ + }). + Return(resp, nil) + + c.RegisterType(TrustBundleListName, &TrustBundles{Client: client}) + + ch := make(chan cache.UpdateEvent) + ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) + t.Cleanup(cancel) + + err := c.Notify(ctx, TrustBundleListName, &pbpeering.TrustBundleListByServiceRequest{ServiceName: "foo"}, "updates", ch) + require.NoError(t, err) + + i := uint64(1) + for { + select { + case <-ctx.Done(): + return + case update := <-ch: + // Expect to receive updates for increasing indexes serially. + resp := update.Result.(*pbpeering.TrustBundleListByServiceResponse) + require.Equal(t, i, resp.Index) + i++ + + if i > 3 { + return + } + } + } +} + +// MockTrustBundleLister is an autogenerated mock type for the TrustBundleLister type +type MockTrustBundleLister struct { + mock.Mock +} + +// TrustBundleListByService provides a mock function with given fields: ctx, in, opts +func (_m *MockTrustBundleLister) TrustBundleListByService(ctx context.Context, in *pbpeering.TrustBundleListByServiceRequest, opts ...grpc.CallOption) (*pbpeering.TrustBundleListByServiceResponse, error) { + _va := make([]interface{}, len(opts)) + for _i := range opts { + _va[_i] = opts[_i] + } + var _ca []interface{} + _ca = append(_ca, ctx, in) + _ca = append(_ca, _va...) + ret := _m.Called(_ca...) + + var r0 *pbpeering.TrustBundleListByServiceResponse + if rf, ok := ret.Get(0).(func(context.Context, *pbpeering.TrustBundleListByServiceRequest, ...grpc.CallOption) *pbpeering.TrustBundleListByServiceResponse); ok { + r0 = rf(ctx, in, opts...) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*pbpeering.TrustBundleListByServiceResponse) + } + } + + var r1 error + if rf, ok := ret.Get(1).(func(context.Context, *pbpeering.TrustBundleListByServiceRequest, ...grpc.CallOption) error); ok { + r1 = rf(ctx, in, opts...) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// NewMockTrustBundleLister creates a new instance of MockTrustBundleLister. It also registers the testing.TB interface on the mock and a cleanup function to assert the mocks expectations. +func NewMockTrustBundleLister(t testing.TB) *MockTrustBundleLister { + mock := &MockTrustBundleLister{} + mock.Mock.Test(t) + + t.Cleanup(func() { mock.AssertExpectations(t) }) + + return mock +} diff --git a/agent/consul/state/catalog.go b/agent/consul/state/catalog.go index ae16267e4..ab4797fda 100644 --- a/agent/consul/state/catalog.go +++ b/agent/consul/state/catalog.go @@ -1164,24 +1164,6 @@ func serviceListTxn(tx ReadTxn, ws memdb.WatchSet, entMeta *acl.EnterpriseMeta, return idx, results, nil } -func serviceExists(tx ReadTxn, ws memdb.WatchSet, name string, entMeta *acl.EnterpriseMeta, peerName string) (uint64, bool, error) { - idx := catalogServicesMaxIndex(tx, entMeta, peerName) - q := Query{ - Value: name, - EnterpriseMeta: *entMeta, - PeerName: peerName, - } - watchCh, existing, err := tx.FirstWatch(tableServices, indexService, q) - if err != nil { - return idx, false, fmt.Errorf("failed querying for service: %s", err) - } - ws.Add(watchCh) - if existing == nil { - return idx, false, nil - } - return idx, true, nil -} - // ServicesByNodeMeta returns all services, filtered by the given node metadata. func (s *Store) ServicesByNodeMeta(ws memdb.WatchSet, filters map[string]string, entMeta *acl.EnterpriseMeta, peerName string) (uint64, structs.Services, error) { tx := s.db.Txn(false) diff --git a/agent/consul/state/peering.go b/agent/consul/state/peering.go index 835e9642d..d18d0ab80 100644 --- a/agent/consul/state/peering.go +++ b/agent/consul/state/peering.go @@ -2,6 +2,7 @@ package state import ( "fmt" + "strings" "github.com/golang/protobuf/proto" "github.com/hashicorp/go-memdb" @@ -446,19 +447,12 @@ func (s *Store) PeeringsForService(ws memdb.WatchSet, serviceName string, entMet tx := s.db.ReadTxn() defer tx.Abort() - // Short-circuit if the service does not exist in the context of the query -- this prevents "leaking" services - // when there are wildcard rules in place. - if svcIdx, svcExists, err := serviceExists(tx, ws, serviceName, &entMeta, ""); err != nil { - return 0, nil, fmt.Errorf("failed to check if service exists: %w", err) - - } else if !svcExists { - // If the service does not exist, return the max index for the services table so caller can watch for changes. - return svcIdx, nil, nil - - } + return peeringsForServiceTxn(tx, ws, serviceName, entMeta) +} +func peeringsForServiceTxn(tx ReadTxn, ws memdb.WatchSet, serviceName string, entMeta acl.EnterpriseMeta) (uint64, []*pbpeering.Peering, error) { // Return the idx of the config entry so the caller can watch for changes. - idx, peerNames, err := peersForServiceTxn(tx, ws, serviceName, &entMeta) + maxIdx, peerNames, err := peersForServiceTxn(tx, ws, serviceName, &entMeta) if err != nil { return 0, nil, fmt.Errorf("failed to read peers for service name %q: %w", serviceName, err) } @@ -471,16 +465,49 @@ func (s *Store) PeeringsForService(ws memdb.WatchSet, serviceName string, entMet Value: name, EnterpriseMeta: *structs.NodeEnterpriseMetaInPartition(entMeta.PartitionOrDefault()), } - _, peering, err := peeringReadTxn(tx, ws, readQuery) + idx, peering, err := peeringReadTxn(tx, ws, readQuery) if err != nil { return 0, nil, fmt.Errorf("failed to read peering: %w", err) } + if idx > maxIdx { + maxIdx = idx + } if peering == nil { continue } peerings = append(peerings, peering) } - return idx, peerings, nil + return maxIdx, peerings, nil +} + +// TrustBundleListByService returns the trust bundles for all peers that the given service is exported to. +func (s *Store) TrustBundleListByService(ws memdb.WatchSet, service string, entMeta acl.EnterpriseMeta) (uint64, []*pbpeering.PeeringTrustBundle, error) { + tx := s.db.ReadTxn() + defer tx.Abort() + + maxIdx, peers, err := peeringsForServiceTxn(tx, ws, service, entMeta) + if err != nil { + return 0, nil, fmt.Errorf("failed to get peers for service %s: %v", service, err) + } + + var resp []*pbpeering.PeeringTrustBundle + for _, peer := range peers { + pq := Query{ + Value: strings.ToLower(peer.Name), + EnterpriseMeta: *structs.NodeEnterpriseMetaInPartition(entMeta.PartitionOrDefault()), + } + idx, trustBundle, err := peeringTrustBundleReadTxn(tx, ws, pq) + if err != nil { + return 0, nil, fmt.Errorf("failed to read trust bundle for peer %s: %v", peer.Name, err) + } + if idx > maxIdx { + maxIdx = idx + } + if trustBundle != nil { + resp = append(resp, trustBundle) + } + } + return maxIdx, resp, nil } // PeeringTrustBundleRead returns the peering trust bundle for the peer name given as the query value. @@ -488,6 +515,10 @@ func (s *Store) PeeringTrustBundleRead(ws memdb.WatchSet, q Query) (uint64, *pbp tx := s.db.ReadTxn() defer tx.Abort() + return peeringTrustBundleReadTxn(tx, ws, q) +} + +func peeringTrustBundleReadTxn(tx ReadTxn, ws memdb.WatchSet, q Query) (uint64, *pbpeering.PeeringTrustBundle, error) { watchCh, ptbRaw, err := tx.FirstWatch(tablePeeringTrustBundles, indexID, q) if err != nil { return 0, nil, fmt.Errorf("failed peering trust bundle lookup: %w", err) @@ -643,10 +674,10 @@ func peersForServiceTxn( case service.Namespace == structs.WildcardSpecifier: wildcardNamespaceIdx = i - case service.Name == structs.WildcardSpecifier && service.Namespace == entMeta.NamespaceOrEmpty(): + case service.Name == structs.WildcardSpecifier && acl.EqualNamespaces(service.Namespace, entMeta.NamespaceOrDefault()): wildcardServiceIdx = i - case service.Name == serviceName && service.Namespace == entMeta.NamespaceOrEmpty(): + case service.Name == serviceName && acl.EqualNamespaces(service.Namespace, entMeta.NamespaceOrDefault()): exactMatchIdx = i } } diff --git a/agent/consul/state/peering_test.go b/agent/consul/state/peering_test.go index 018cf8164..8056f77ec 100644 --- a/agent/consul/state/peering_test.go +++ b/agent/consul/state/peering_test.go @@ -981,17 +981,6 @@ func TestStateStore_PeeringsForService(t *testing.T) { query: []string{"foo"}, expect: [][]*pbpeering.Peering{{}}, }, - { - name: "service does not exist", - services: []structs.ServiceName{ - {Name: "foo"}, - }, - peerings: []*pbpeering.Peering{}, - entry: nil, - query: []string{"bar"}, - expect: [][]*pbpeering.Peering{{}}, - expectIdx: uint64(2), // catalog services max index - }, { name: "config entry with exact service name", services: []structs.ServiceName{ @@ -1089,3 +1078,219 @@ func TestStateStore_PeeringsForService(t *testing.T) { }) } } + +func TestStore_TrustBundleListByService(t *testing.T) { + store := testStateStore(t) + entMeta := *acl.DefaultEnterpriseMeta() + + var lastIdx uint64 + ws := memdb.NewWatchSet() + + testutil.RunStep(t, "no results on initial setup", func(t *testing.T) { + idx, resp, err := store.TrustBundleListByService(ws, "foo", entMeta) + require.NoError(t, err) + require.Equal(t, lastIdx, idx) + require.Len(t, resp, 0) + }) + + testutil.RunStep(t, "registering service does not yield trust bundles", func(t *testing.T) { + lastIdx++ + require.NoError(t, store.EnsureNode(lastIdx, &structs.Node{ + Node: "my-node", + Address: "127.0.0.1", + })) + + lastIdx++ + require.NoError(t, store.EnsureService(lastIdx, "my-node", &structs.NodeService{ + ID: "foo-1", + Service: "foo", + Port: 8000, + })) + + require.False(t, watchFired(ws)) + + idx, resp, err := store.TrustBundleListByService(ws, "foo", entMeta) + require.NoError(t, err) + require.Len(t, resp, 0) + require.Equal(t, lastIdx-2, idx) + }) + + testutil.RunStep(t, "creating peering does not yield trust bundles", func(t *testing.T) { + lastIdx++ + require.NoError(t, store.PeeringWrite(lastIdx, &pbpeering.Peering{ + Name: "peer1", + })) + + // The peering is only watched after the service is exported via config entry. + require.False(t, watchFired(ws)) + + idx, resp, err := store.TrustBundleListByService(ws, "foo", entMeta) + require.NoError(t, err) + require.Equal(t, uint64(0), idx) + require.Len(t, resp, 0) + }) + + testutil.RunStep(t, "exporting the service does not yield trust bundles", func(t *testing.T) { + lastIdx++ + require.NoError(t, store.EnsureConfigEntry(lastIdx, &structs.ExportedServicesConfigEntry{ + Name: "default", + Services: []structs.ExportedService{ + { + Name: "foo", + Consumers: []structs.ServiceConsumer{ + { + PeerName: "peer1", + }, + }, + }, + }, + })) + + // The config entry is watched. + require.True(t, watchFired(ws)) + ws = memdb.NewWatchSet() + + idx, resp, err := store.TrustBundleListByService(ws, "foo", entMeta) + require.NoError(t, err) + require.Equal(t, lastIdx, idx) + require.Len(t, resp, 0) + }) + + testutil.RunStep(t, "trust bundles are returned after they are created", func(t *testing.T) { + lastIdx++ + require.NoError(t, store.PeeringTrustBundleWrite(lastIdx, &pbpeering.PeeringTrustBundle{ + TrustDomain: "peer1.com", + PeerName: "peer1", + RootPEMs: []string{"peer-root-1"}, + })) + + require.True(t, watchFired(ws)) + ws = memdb.NewWatchSet() + + idx, resp, err := store.TrustBundleListByService(ws, "foo", entMeta) + require.NoError(t, err) + require.Equal(t, lastIdx, idx) + require.Len(t, resp, 1) + require.Equal(t, []string{"peer-root-1"}, resp[0].RootPEMs) + }) + + testutil.RunStep(t, "trust bundles are not returned after unexporting service", func(t *testing.T) { + lastIdx++ + require.NoError(t, store.DeleteConfigEntry(lastIdx, structs.ExportedServices, "default", &entMeta)) + + require.True(t, watchFired(ws)) + ws = memdb.NewWatchSet() + + idx, resp, err := store.TrustBundleListByService(ws, "foo", entMeta) + require.NoError(t, err) + require.Equal(t, lastIdx, idx) + require.Len(t, resp, 0) + }) + + testutil.RunStep(t, "trust bundles are returned after config entry is restored", func(t *testing.T) { + lastIdx++ + require.NoError(t, store.EnsureConfigEntry(lastIdx, &structs.ExportedServicesConfigEntry{ + Name: "default", + Services: []structs.ExportedService{ + { + Name: "foo", + Consumers: []structs.ServiceConsumer{ + { + PeerName: "peer1", + }, + }, + }, + }, + })) + + require.True(t, watchFired(ws)) + ws = memdb.NewWatchSet() + + idx, resp, err := store.TrustBundleListByService(ws, "foo", entMeta) + require.NoError(t, err) + require.Equal(t, lastIdx, idx) + require.Len(t, resp, 1) + require.Equal(t, []string{"peer-root-1"}, resp[0].RootPEMs) + }) + + testutil.RunStep(t, "bundles for other peers are ignored", func(t *testing.T) { + lastIdx++ + require.NoError(t, store.PeeringWrite(lastIdx, &pbpeering.Peering{ + Name: "peer2", + })) + + lastIdx++ + require.NoError(t, store.PeeringTrustBundleWrite(lastIdx, &pbpeering.PeeringTrustBundle{ + TrustDomain: "peer2.com", + PeerName: "peer2", + RootPEMs: []string{"peer-root-2"}, + })) + + // No relevant changes. + require.False(t, watchFired(ws)) + ws = memdb.NewWatchSet() + + idx, resp, err := store.TrustBundleListByService(ws, "foo", entMeta) + require.NoError(t, err) + require.Equal(t, lastIdx-2, idx) + require.Len(t, resp, 1) + require.Equal(t, []string{"peer-root-1"}, resp[0].RootPEMs) + }) + + testutil.RunStep(t, "second bundle is returned when service is exported to that peer", func(t *testing.T) { + lastIdx++ + require.NoError(t, store.EnsureConfigEntry(lastIdx, &structs.ExportedServicesConfigEntry{ + Name: "default", + Services: []structs.ExportedService{ + { + Name: "foo", + Consumers: []structs.ServiceConsumer{ + { + PeerName: "peer1", + }, + { + PeerName: "peer2", + }, + }, + }, + }, + })) + + require.True(t, watchFired(ws)) + ws = memdb.NewWatchSet() + + idx, resp, err := store.TrustBundleListByService(ws, "foo", entMeta) + require.NoError(t, err) + require.Equal(t, lastIdx, idx) + require.Len(t, resp, 2) + require.Equal(t, []string{"peer-root-1"}, resp[0].RootPEMs) + require.Equal(t, []string{"peer-root-2"}, resp[1].RootPEMs) + }) + + testutil.RunStep(t, "deleting the peering excludes its trust bundle", func(t *testing.T) { + lastIdx++ + require.NoError(t, store.PeeringDelete(lastIdx, Query{Value: "peer1"})) + + require.True(t, watchFired(ws)) + ws = memdb.NewWatchSet() + + idx, resp, err := store.TrustBundleListByService(ws, "foo", entMeta) + require.NoError(t, err) + require.Equal(t, lastIdx, idx) + require.Len(t, resp, 1) + require.Equal(t, []string{"peer-root-2"}, resp[0].RootPEMs) + }) + + testutil.RunStep(t, "deleting the service does not excludes its trust bundle", func(t *testing.T) { + lastIdx++ + require.NoError(t, store.DeleteService(lastIdx, "my-node", "foo-1", &entMeta, "")) + + require.False(t, watchFired(ws)) + + idx, resp, err := store.TrustBundleListByService(ws, "foo", entMeta) + require.NoError(t, err) + require.Equal(t, lastIdx-1, idx) + require.Len(t, resp, 1) + require.Equal(t, []string{"peer-root-2"}, resp[0].RootPEMs) + }) +} diff --git a/agent/rpc/peering/service.go b/agent/rpc/peering/service.go index 1ff2b0fa0..8e1dcbee3 100644 --- a/agent/rpc/peering/service.go +++ b/agent/rpc/peering/service.go @@ -130,9 +130,9 @@ type Store interface { PeeringList(ws memdb.WatchSet, entMeta acl.EnterpriseMeta) (uint64, []*pbpeering.Peering, error) PeeringTrustBundleRead(ws memdb.WatchSet, q state.Query) (uint64, *pbpeering.PeeringTrustBundle, error) ExportedServicesForPeer(ws memdb.WatchSet, peerID string) (uint64, *structs.ExportedServiceList, error) - PeeringsForService(ws memdb.WatchSet, serviceName string, entMeta acl.EnterpriseMeta) (uint64, []*pbpeering.Peering, error) ServiceDump(ws memdb.WatchSet, kind structs.ServiceKind, useKind bool, entMeta *acl.EnterpriseMeta, peerName string) (uint64, structs.CheckServiceNodes, error) CAConfig(ws memdb.WatchSet) (uint64, *structs.CAConfiguration, error) + TrustBundleListByService(ws memdb.WatchSet, service string, entMeta acl.EnterpriseMeta) (uint64, []*pbpeering.PeeringTrustBundle, error) AbandonCh() <-chan struct{} } @@ -450,33 +450,16 @@ func (s *Service) TrustBundleListByService(ctx context.Context, req *pbpeering.T } defer metrics.MeasureSince([]string{"peering", "trust_bundle_list_by_service"}, time.Now()) - // TODO(peering): ACL check request token + // TODO(peering): ACL check request token for service:write on the service name // TODO(peering): handle blocking queries - entMeta := *structs.NodeEnterpriseMetaInPartition(req.Partition) - // TODO(peering): we're throwing away the index here that would tell us how to execute a blocking query - _, peers, err := s.Backend.Store().PeeringsForService(nil, req.ServiceName, entMeta) + entMeta := acl.NewEnterpriseMetaWithPartition(req.Partition, req.Namespace) + idx, bundles, err := s.Backend.Store().TrustBundleListByService(nil, req.ServiceName, entMeta) if err != nil { - return nil, fmt.Errorf("failed to get peers for service %s: %v", req.ServiceName, err) + return nil, err } - - trustBundles := []*pbpeering.PeeringTrustBundle{} - for _, peer := range peers { - q := state.Query{ - Value: strings.ToLower(peer.Name), - EnterpriseMeta: *structs.NodeEnterpriseMetaInPartition(req.Partition), - } - _, trustBundle, err := s.Backend.Store().PeeringTrustBundleRead(nil, q) - if err != nil { - return nil, fmt.Errorf("failed to read trust bundle for peer %s: %v", peer.Name, err) - } - - if trustBundle != nil { - trustBundles = append(trustBundles, trustBundle) - } - } - return &pbpeering.TrustBundleListByServiceResponse{Bundles: trustBundles}, nil + return &pbpeering.TrustBundleListByServiceResponse{Index: idx, Bundles: bundles}, nil } type BidirectionalStream interface { diff --git a/agent/rpc/peering/service_test.go b/agent/rpc/peering/service_test.go index c1bb121ec..fc67b65ba 100644 --- a/agent/rpc/peering/service_test.go +++ b/agent/rpc/peering/service_test.go @@ -358,353 +358,98 @@ func TestPeeringService_TrustBundleRead(t *testing.T) { prototest.AssertDeepEqual(t, bundle, resp.Bundle) } +// Setup: +// - Peerings "foo" and "bar" with trust bundles saved +// - "api" service exported to both "foo" and "bar" +// - "web" service exported to "baz" func TestPeeringService_TrustBundleListByService(t *testing.T) { - // Test executes the following scenario: - // 0 - Initial setup test server, state store, RPC client, verify empty results - // 1 - Create a service, verify results still empty - // 2 - Create a peering, verify results still empty - // 3 - Create a config entry, verify results still empty - // 4 - Create trust bundles, verify bundles are returned - // 5 - Delete the config entry, verify results empty - // 6 - Restore config entry, verify bundles are returned - // 7 - Add a second peering that the test service is not exported to - // 8 - Export the service to the new peering - // 9 - Delete the service - // Note: these steps are dependent on each other by design so that we can verify that - // combinations of services, peerings, trust bundles, and config entries all affect results + s := newTestServer(t, nil) + store := s.Server.FSM().State() - nodeName := "test-node" + var lastIdx uint64 = 10 - var lastIdx uint64 - - // Create test server - // TODO(peering): see note on newTestServer, refactor to not use this - srv := newTestServer(t, nil) - store := srv.Server.FSM().State() - client := pbpeering.NewPeeringServiceClient(srv.ClientConn(t)) - - // Create a node up-front so that we can assign services to it if needed - svcNode := &structs.Node{Node: nodeName, Address: "127.0.0.1"} lastIdx++ - require.NoError(t, store.EnsureNode(lastIdx, svcNode)) + require.NoError(t, s.Server.FSM().State().PeeringWrite(lastIdx, &pbpeering.Peering{ + Name: "foo", + State: pbpeering.PeeringState_INITIAL, + PeerServerName: "test", + PeerServerAddresses: []string{"addr1"}, + })) - type testDeps struct { - services []string - peerings []*pbpeering.Peering - entries []*structs.ExportedServicesConfigEntry - bundles []*pbpeering.PeeringTrustBundle - } + lastIdx++ + require.NoError(t, s.Server.FSM().State().PeeringWrite(lastIdx, &pbpeering.Peering{ + Name: "bar", + State: pbpeering.PeeringState_INITIAL, + PeerServerName: "test-bar", + PeerServerAddresses: []string{"addr2"}, + })) - setup := func(t *testing.T, idx uint64, deps testDeps) uint64 { - // Create any services (and node) - if len(deps.services) >= 0 { - svcNode := &structs.Node{Node: nodeName, Address: "127.0.0.1"} - idx++ - require.NoError(t, store.EnsureNode(idx, svcNode)) + lastIdx++ + require.NoError(t, store.PeeringTrustBundleWrite(lastIdx, &pbpeering.PeeringTrustBundle{ + TrustDomain: "foo.com", + PeerName: "foo", + RootPEMs: []string{"foo-root-1"}, + })) - // Create the test services - for _, svc := range deps.services { - idx++ - require.NoError(t, store.EnsureService(idx, svcNode.Node, &structs.NodeService{ - ID: svc, - Service: svc, - Port: int(8000 + idx), - })) - } - } + lastIdx++ + require.NoError(t, store.PeeringTrustBundleWrite(lastIdx, &pbpeering.PeeringTrustBundle{ + TrustDomain: "bar.com", + PeerName: "bar", + RootPEMs: []string{"bar-root-1"}, + })) - // Insert any peerings - for _, peering := range deps.peerings { - idx++ - require.NoError(t, store.PeeringWrite(idx, peering)) + lastIdx++ + require.NoError(t, store.EnsureNode(lastIdx, &structs.Node{ + Node: "my-node", Address: "127.0.0.1", + })) - // make sure it got created - q := state.Query{Value: peering.Name} - _, p, err := store.PeeringRead(nil, q) - require.NoError(t, err) - require.NotNil(t, p) - } + lastIdx++ + require.NoError(t, store.EnsureService(lastIdx, "my-node", &structs.NodeService{ + ID: "api", + Service: "api", + Port: 8000, + })) - // Insert any trust bundles - for _, bundle := range deps.bundles { - idx++ - require.NoError(t, store.PeeringTrustBundleWrite(idx, bundle)) - - q := state.Query{ - Value: bundle.PeerName, - EnterpriseMeta: *structs.NodeEnterpriseMetaInPartition(bundle.Partition), - } - gotIdx, ptb, err := store.PeeringTrustBundleRead(nil, q) - require.NoError(t, err) - require.NotNil(t, ptb) - require.Equal(t, gotIdx, idx) - } - - // Write any config entries - for _, entry := range deps.entries { - idx++ - require.NoError(t, entry.Normalize()) - require.NoError(t, store.EnsureConfigEntry(idx, entry)) - } - - return idx - } - - type testCase struct { - req *pbpeering.TrustBundleListByServiceRequest - expect *pbpeering.TrustBundleListByServiceResponse - expectErr string - } - - // TODO(peering): see note on newTestServer, once we have a better server mock, - // we should add functionality here to verify errors from backend - verify := func(t *testing.T, tc *testCase) { - t.Helper() - - ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) - t.Cleanup(cancel) - - resp, err := client.TrustBundleListByService(ctx, tc.req) - require.NoError(t, err) - // ignore raft fields - if resp.Bundles != nil { - for _, b := range resp.Bundles { - b.CreateIndex = 0 - b.ModifyIndex = 0 - } - } - prototest.AssertDeepEqual(t, tc.expect, resp) - } - - // Execute scenario steps - // ---------------------- - - // 0 - Initial empty state. - // ----------------------- - verify(t, &testCase{ - req: &pbpeering.TrustBundleListByServiceRequest{ - ServiceName: "foo", - }, - expect: &pbpeering.TrustBundleListByServiceResponse{ - Bundles: nil, - }, - }) - - // 1 - Create a service, verify results still empty. - // ------------------------------------------------ - lastIdx = setup(t, lastIdx, testDeps{services: []string{"foo"}}) - verify(t, &testCase{ - req: &pbpeering.TrustBundleListByServiceRequest{ - ServiceName: "foo", - }, - expect: &pbpeering.TrustBundleListByServiceResponse{ - Bundles: []*pbpeering.PeeringTrustBundle{}, - }, - }) - - // 2 - Create a peering, verify results still empty. - // ------------------------------------------------ - lastIdx = setup(t, lastIdx, testDeps{ - peerings: []*pbpeering.Peering{ + entry := structs.ExportedServicesConfigEntry{ + Name: "default", + Services: []structs.ExportedService{ { - Name: "peer1", - State: pbpeering.PeeringState_ACTIVE, - PeerServerName: "peer1-name", - PeerServerAddresses: []string{"peer1-addr"}, - }, - }, - }) - verify(t, &testCase{ - req: &pbpeering.TrustBundleListByServiceRequest{ - ServiceName: "foo", - }, - expect: &pbpeering.TrustBundleListByServiceResponse{ - Bundles: []*pbpeering.PeeringTrustBundle{}, - }, - }) - - // 3 - Create a config entry, verify results still empty. - // ----------------------------------------------------- - lastIdx = setup(t, lastIdx, testDeps{ - entries: []*structs.ExportedServicesConfigEntry{ - { - Name: "default", - Services: []structs.ExportedService{ + Name: "api", + Consumers: []structs.ServiceConsumer{ { - Name: "foo", - Consumers: []structs.ServiceConsumer{ - { - PeerName: "peer1", - }, - }, + PeerName: "foo", + }, + { + PeerName: "bar", + }, + }, + }, + { + Name: "web", + Consumers: []structs.ServiceConsumer{ + { + PeerName: "baz", }, }, }, }, - }) - verify(t, &testCase{ - req: &pbpeering.TrustBundleListByServiceRequest{ - ServiceName: "foo", - }, - expect: &pbpeering.TrustBundleListByServiceResponse{ - Bundles: []*pbpeering.PeeringTrustBundle{}, - }, - }) + } + require.NoError(t, entry.Normalize()) + require.NoError(t, entry.Validate()) - // 4 - Create trust bundles, verify bundles are returned. - // ----------------------------------------------------- - lastIdx = setup(t, lastIdx, testDeps{ - bundles: []*pbpeering.PeeringTrustBundle{ - { - TrustDomain: "peer1.com", - PeerName: "peer1", - RootPEMs: []string{"peer1-root-1"}, - }, - }, - }) - verify(t, &testCase{ - req: &pbpeering.TrustBundleListByServiceRequest{ - ServiceName: "foo", - }, - expect: &pbpeering.TrustBundleListByServiceResponse{ - Bundles: []*pbpeering.PeeringTrustBundle{ - { - TrustDomain: "peer1.com", - PeerName: "peer1", - RootPEMs: []string{"peer1-root-1"}, - }, - }, - }, - }) - - // 5 - Delete the config entry, verify results empty. - // ------------------------------------------------- lastIdx++ - require.NoError(t, store.DeleteConfigEntry(lastIdx, structs.ExportedServices, "default", nil)) - verify(t, &testCase{ - req: &pbpeering.TrustBundleListByServiceRequest{ - ServiceName: "foo", - }, - expect: &pbpeering.TrustBundleListByServiceResponse{ - Bundles: []*pbpeering.PeeringTrustBundle{}, - }, - }) + require.NoError(t, store.EnsureConfigEntry(lastIdx, &entry)) - // 6 - Restore config entry, verify bundles are returned. - // ----------------------------------------------------- - lastIdx = setup(t, lastIdx, testDeps{ - entries: []*structs.ExportedServicesConfigEntry{ - { - Name: "default", - Services: []structs.ExportedService{ - { - Name: "foo", - Consumers: []structs.ServiceConsumer{ - {PeerName: "peer1"}, - }, - }, - }, - }, - }, - }) - verify(t, &testCase{ - req: &pbpeering.TrustBundleListByServiceRequest{ - ServiceName: "foo", - }, - expect: &pbpeering.TrustBundleListByServiceResponse{ - Bundles: []*pbpeering.PeeringTrustBundle{ - { - TrustDomain: "peer1.com", - PeerName: "peer1", - RootPEMs: []string{"peer1-root-1"}, - }, - }, - }, - }) + client := pbpeering.NewPeeringServiceClient(s.ClientConn(t)) - // 7 - Add new peer and trust bundle. It should be ignored because foo is not exported to it. - // ----------------------------------------------------------------------------------------- - lastIdx = setup(t, lastIdx, testDeps{ - peerings: []*pbpeering.Peering{ - { - Name: "peer2", - State: pbpeering.PeeringState_ACTIVE, - PeerServerName: "peer2-name", - PeerServerAddresses: []string{"peer2-addr"}, - }, - }, - bundles: []*pbpeering.PeeringTrustBundle{ - { - TrustDomain: "peer2.com", - PeerName: "peer2", - RootPEMs: []string{"peer2-root-1"}, - }, - }, - }) - verify(t, &testCase{ - req: &pbpeering.TrustBundleListByServiceRequest{ - ServiceName: "foo", - }, - expect: &pbpeering.TrustBundleListByServiceResponse{ - Bundles: []*pbpeering.PeeringTrustBundle{ - { - TrustDomain: "peer1.com", - PeerName: "peer1", - RootPEMs: []string{"peer1-root-1"}, - }, - }, - }, - }) - - // 8 - Replace config entry to export all services to both peers - // ----------------------------------------------------------------------------------------- - lastIdx = setup(t, lastIdx, testDeps{ - entries: []*structs.ExportedServicesConfigEntry{ - { - Name: "default", - Services: []structs.ExportedService{ - { - Name: structs.WildcardSpecifier, - Consumers: []structs.ServiceConsumer{ - {PeerName: "peer1"}, - {PeerName: "peer2"}, - }, - }, - }, - }, - }, - }) - verify(t, &testCase{ - req: &pbpeering.TrustBundleListByServiceRequest{ - ServiceName: "foo", - }, - expect: &pbpeering.TrustBundleListByServiceResponse{ - Bundles: []*pbpeering.PeeringTrustBundle{ - { - TrustDomain: "peer1.com", - PeerName: "peer1", - RootPEMs: []string{"peer1-root-1"}, - }, - { - TrustDomain: "peer2.com", - PeerName: "peer2", - RootPEMs: []string{"peer2-root-1"}, - }, - }, - }, - }) - - // 9 - delete the service, verify results empty - lastIdx++ - require.NoError(t, store.DeleteService(lastIdx, nodeName, "foo", nil, "")) - verify(t, &testCase{ - req: &pbpeering.TrustBundleListByServiceRequest{ - ServiceName: "foo", - }, - expect: &pbpeering.TrustBundleListByServiceResponse{ - Bundles: []*pbpeering.PeeringTrustBundle{}, - }, - }) + req := pbpeering.TrustBundleListByServiceRequest{ + ServiceName: "api", + } + resp, err := client.TrustBundleListByService(context.Background(), &req) + require.NoError(t, err) + require.Len(t, resp.Bundles, 2) + require.Equal(t, []string{"foo-root-1"}, resp.Bundles[0].RootPEMs) + require.Equal(t, []string{"bar-root-1"}, resp.Bundles[1].RootPEMs) } func Test_StreamHandler_UpsertServices(t *testing.T) { diff --git a/proto/pbpeering/peering.go b/proto/pbpeering/peering.go index f19650f3c..4c4265021 100644 --- a/proto/pbpeering/peering.go +++ b/proto/pbpeering/peering.go @@ -219,3 +219,32 @@ func NewInitiateRequestFromAPI(req *api.PeeringInitiateRequest) *InitiateRequest InitiateRequestFromAPI(req, t) return t } + +func (r *TrustBundleListByServiceRequest) CacheInfo() cache.RequestInfo { + info := cache.RequestInfo{ + // TODO(peering): Revisit whether this is the token to use once request types accept a token. + Token: r.Token(), + Datacenter: r.Datacenter, + MinIndex: 0, + Timeout: 0, + MustRevalidate: false, + + // TODO(peering): Cache.notifyPollingQuery polls at this interval. We need to revisit how that polling works. + // Using an exponential backoff when the result hasn't changed may be preferable. + MaxAge: 1 * time.Second, + } + + v, err := hashstructure.Hash([]interface{}{ + r.Partition, + r.Namespace, + r.ServiceName, + }, nil) + if err == nil { + // If there is an error, we don't set the key. A blank key forces + // no cache for this request so the request is forwarded directly + // to the server. + info.Key = strconv.FormatUint(v, 10) + } + + return info +} diff --git a/proto/pbpeering/peering.pb.go b/proto/pbpeering/peering.pb.go index c9d232012..12e0a84fb 100644 --- a/proto/pbpeering/peering.pb.go +++ b/proto/pbpeering/peering.pb.go @@ -813,10 +813,11 @@ type TrustBundleListByServiceRequest struct { unknownFields protoimpl.UnknownFields ServiceName string `protobuf:"bytes,1,opt,name=ServiceName,proto3" json:"ServiceName,omitempty"` - Partition string `protobuf:"bytes,2,opt,name=Partition,proto3" json:"Partition,omitempty"` + Namespace string `protobuf:"bytes,2,opt,name=Namespace,proto3" json:"Namespace,omitempty"` + Partition string `protobuf:"bytes,3,opt,name=Partition,proto3" json:"Partition,omitempty"` // these are common fields required for implementing structs.RPCInfo methods // that are used to forward requests - Datacenter string `protobuf:"bytes,3,opt,name=Datacenter,proto3" json:"Datacenter,omitempty"` + Datacenter string `protobuf:"bytes,4,opt,name=Datacenter,proto3" json:"Datacenter,omitempty"` } func (x *TrustBundleListByServiceRequest) Reset() { @@ -858,6 +859,13 @@ func (x *TrustBundleListByServiceRequest) GetServiceName() string { return "" } +func (x *TrustBundleListByServiceRequest) GetNamespace() string { + if x != nil { + return x.Namespace + } + return "" +} + func (x *TrustBundleListByServiceRequest) GetPartition() string { if x != nil { return x.Partition @@ -877,7 +885,8 @@ type TrustBundleListByServiceResponse struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Bundles []*PeeringTrustBundle `protobuf:"bytes,1,rep,name=Bundles,proto3" json:"Bundles,omitempty"` + Index uint64 `protobuf:"varint,1,opt,name=Index,proto3" json:"Index,omitempty"` + Bundles []*PeeringTrustBundle `protobuf:"bytes,2,rep,name=Bundles,proto3" json:"Bundles,omitempty"` } func (x *TrustBundleListByServiceResponse) Reset() { @@ -912,6 +921,13 @@ func (*TrustBundleListByServiceResponse) Descriptor() ([]byte, []int) { return file_proto_pbpeering_peering_proto_rawDescGZIP(), []int{11} } +func (x *TrustBundleListByServiceResponse) GetIndex() uint64 { + if x != nil { + return x.Index + } + return 0 +} + func (x *TrustBundleListByServiceResponse) GetBundles() []*PeeringTrustBundle { if x != nil { return x.Bundles @@ -2003,201 +2019,204 @@ var file_proto_pbpeering_peering_proto_rawDesc = []byte{ 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x22, 0x17, 0x0a, 0x15, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x52, 0x65, 0x73, - 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x81, 0x01, 0x0a, 0x1f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, + 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x9f, 0x01, 0x0a, 0x1f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x42, 0x79, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x20, 0x0a, 0x0b, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, - 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x50, - 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, - 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1e, 0x0a, 0x0a, 0x44, 0x61, 0x74, - 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x44, - 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x22, 0x59, 0x0a, 0x20, 0x54, 0x72, 0x75, - 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x42, 0x79, 0x53, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x35, 0x0a, - 0x07, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1b, - 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, - 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x07, 0x42, 0x75, 0x6e, - 0x64, 0x6c, 0x65, 0x73, 0x22, 0x6a, 0x0a, 0x16, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, - 0x64, 0x6c, 0x65, 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x12, - 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, - 0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, - 0x12, 0x1e, 0x0a, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x03, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, - 0x22, 0x64, 0x0a, 0x17, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, - 0x65, 0x61, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x49, + 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x4e, + 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, + 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, + 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, + 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1e, 0x0a, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, + 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x44, 0x61, 0x74, + 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x22, 0x6f, 0x0a, 0x20, 0x54, 0x72, 0x75, 0x73, 0x74, + 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x42, 0x79, 0x53, 0x65, 0x72, 0x76, + 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x05, 0x49, 0x6e, 0x64, 0x65, - 0x78, 0x12, 0x33, 0x0a, 0x06, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x1b, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, - 0x69, 0x6e, 0x67, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x06, - 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x22, 0x2d, 0x0a, 0x1b, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, - 0x67, 0x54, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x74, 0x65, 0x42, 0x79, 0x49, 0x44, 0x52, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x02, 0x49, 0x44, 0x22, 0x1e, 0x0a, 0x1c, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, - 0x54, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x74, 0x65, 0x42, 0x79, 0x49, 0x44, 0x52, 0x65, 0x73, - 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x8d, 0x01, 0x0a, 0x1e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, - 0x67, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x57, 0x72, 0x69, 0x74, - 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x4b, 0x0a, 0x12, 0x50, 0x65, 0x65, 0x72, - 0x69, 0x6e, 0x67, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, - 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, - 0x65, 0x52, 0x12, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, - 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x12, 0x1e, 0x0a, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, - 0x74, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, - 0x65, 0x6e, 0x74, 0x65, 0x72, 0x22, 0x21, 0x0a, 0x1f, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, - 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x57, 0x72, 0x69, 0x74, 0x65, - 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x73, 0x0a, 0x1f, 0x50, 0x65, 0x65, 0x72, - 0x69, 0x6e, 0x67, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x44, 0x65, - 0x6c, 0x65, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x4e, - 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, - 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1e, 0x0a, - 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x22, 0x22, 0x0a, - 0x20, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, - 0x64, 0x6c, 0x65, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, - 0x65, 0x22, 0xfc, 0x01, 0x0a, 0x14, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x54, 0x6f, - 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x50, 0x65, - 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x50, 0x65, - 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, + 0x78, 0x12, 0x35, 0x0a, 0x07, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, + 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, + 0x72, 0x69, 0x6e, 0x67, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, + 0x07, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x22, 0x6a, 0x0a, 0x16, 0x54, 0x72, 0x75, 0x73, + 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1e, 0x0a, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, - 0x6e, 0x74, 0x65, 0x72, 0x12, 0x14, 0x0a, 0x05, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x04, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x05, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x3b, 0x0a, 0x04, 0x4d, 0x65, - 0x74, 0x61, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, - 0x6e, 0x67, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, - 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, - 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, - 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, - 0x22, 0x3b, 0x0a, 0x15, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x54, 0x6f, 0x6b, 0x65, - 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x22, 0x0a, 0x0c, 0x50, 0x65, 0x65, - 0x72, 0x69, 0x6e, 0x67, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x0c, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x22, 0x96, 0x02, - 0x0a, 0x0f, 0x49, 0x6e, 0x69, 0x74, 0x69, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, - 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x50, 0x65, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x08, 0x50, 0x65, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x22, 0x0a, - 0x0c, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, + 0x6e, 0x74, 0x65, 0x72, 0x22, 0x64, 0x0a, 0x17, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, + 0x64, 0x6c, 0x65, 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, + 0x14, 0x0a, 0x05, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x05, + 0x49, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x33, 0x0a, 0x06, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, + 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, + 0x6c, 0x65, 0x52, 0x06, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x22, 0x2d, 0x0a, 0x1b, 0x50, 0x65, + 0x65, 0x72, 0x69, 0x6e, 0x67, 0x54, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x74, 0x65, 0x42, 0x79, + 0x49, 0x44, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x49, 0x44, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x49, 0x44, 0x22, 0x1e, 0x0a, 0x1c, 0x50, 0x65, 0x65, + 0x72, 0x69, 0x6e, 0x67, 0x54, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x74, 0x65, 0x42, 0x79, 0x49, + 0x44, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x8d, 0x01, 0x0a, 0x1e, 0x50, 0x65, + 0x65, 0x72, 0x69, 0x6e, 0x67, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, + 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x4b, 0x0a, 0x12, + 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, + 0x6c, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, + 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, + 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x12, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x54, 0x72, + 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x12, 0x1e, 0x0a, 0x0a, 0x44, 0x61, 0x74, + 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x44, + 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x22, 0x21, 0x0a, 0x1f, 0x50, 0x65, 0x65, + 0x72, 0x69, 0x6e, 0x67, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x57, + 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x73, 0x0a, 0x1f, + 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, + 0x6c, 0x65, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, + 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, + 0x61, 0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, + 0x6e, 0x12, 0x1e, 0x0a, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, + 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, + 0x72, 0x22, 0x22, 0x0a, 0x20, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x54, 0x72, 0x75, 0x73, + 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x52, 0x65, 0x73, + 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0xfc, 0x01, 0x0a, 0x14, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, + 0x74, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1a, + 0x0a, 0x08, 0x50, 0x65, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x08, 0x50, 0x65, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, + 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, + 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1e, 0x0a, 0x0a, 0x44, 0x61, 0x74, 0x61, + 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x44, 0x61, + 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x14, 0x0a, 0x05, 0x54, 0x6f, 0x6b, 0x65, + 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x3b, + 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x70, + 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x54, + 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x4d, 0x65, 0x74, 0x61, + 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x1a, 0x37, 0x0a, 0x09, 0x4d, + 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, + 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, + 0x3a, 0x02, 0x38, 0x01, 0x22, 0x3b, 0x0a, 0x15, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, + 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x22, 0x0a, + 0x0c, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x54, 0x6f, 0x6b, 0x65, - 0x6e, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, - 0x1e, 0x0a, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x04, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x12, - 0x14, 0x0a, 0x05, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, - 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x36, 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x06, 0x20, - 0x03, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x49, 0x6e, - 0x69, 0x74, 0x69, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x4d, 0x65, - 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x1a, 0x37, 0x0a, - 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, - 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, - 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, - 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x12, 0x0a, 0x10, 0x49, 0x6e, 0x69, 0x74, 0x69, 0x61, - 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x94, 0x05, 0x0a, 0x12, 0x52, - 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, - 0x65, 0x12, 0x3f, 0x0a, 0x07, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x52, 0x65, 0x70, - 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x2e, - 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x48, 0x00, 0x52, 0x07, 0x72, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x12, 0x42, 0x0a, 0x08, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x52, - 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, - 0x65, 0x2e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x48, 0x00, 0x52, 0x08, 0x72, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x48, 0x0a, 0x0a, 0x74, 0x65, 0x72, 0x6d, 0x69, 0x6e, - 0x61, 0x74, 0x65, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x70, 0x65, 0x65, - 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x2e, 0x54, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x74, - 0x65, 0x64, 0x48, 0x00, 0x52, 0x0a, 0x74, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x74, 0x65, 0x64, - 0x1a, 0x7f, 0x0a, 0x07, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x50, - 0x65, 0x65, 0x72, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x50, 0x65, 0x65, - 0x72, 0x49, 0x44, 0x12, 0x14, 0x0a, 0x05, 0x4e, 0x6f, 0x6e, 0x63, 0x65, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x05, 0x4e, 0x6f, 0x6e, 0x63, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x52, 0x65, 0x73, - 0x6f, 0x75, 0x72, 0x63, 0x65, 0x55, 0x52, 0x4c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, - 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x55, 0x52, 0x4c, 0x12, 0x24, 0x0a, 0x05, 0x45, - 0x72, 0x72, 0x6f, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x73, 0x74, 0x61, - 0x74, 0x75, 0x73, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x05, 0x45, 0x72, 0x72, 0x6f, - 0x72, 0x1a, 0x94, 0x02, 0x0a, 0x08, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x14, - 0x0a, 0x05, 0x4e, 0x6f, 0x6e, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x4e, - 0x6f, 0x6e, 0x63, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, - 0x55, 0x52, 0x4c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x52, 0x65, 0x73, 0x6f, 0x75, - 0x72, 0x63, 0x65, 0x55, 0x52, 0x4c, 0x12, 0x1e, 0x0a, 0x0a, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, - 0x63, 0x65, 0x49, 0x44, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x52, 0x65, 0x73, 0x6f, - 0x75, 0x72, 0x63, 0x65, 0x49, 0x44, 0x12, 0x30, 0x0a, 0x08, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, - 0x63, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, - 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x41, 0x6e, 0x79, 0x52, 0x08, - 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x4c, 0x0a, 0x09, 0x6f, 0x70, 0x65, 0x72, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2e, 0x2e, 0x70, 0x65, - 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x2e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, - 0x65, 0x2e, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x09, 0x6f, 0x70, 0x65, - 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x30, 0x0a, 0x09, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x6e, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x10, 0x00, - 0x12, 0x0a, 0x0a, 0x06, 0x55, 0x50, 0x53, 0x45, 0x52, 0x54, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, - 0x44, 0x45, 0x4c, 0x45, 0x54, 0x45, 0x10, 0x02, 0x1a, 0x0c, 0x0a, 0x0a, 0x54, 0x65, 0x72, 0x6d, - 0x69, 0x6e, 0x61, 0x74, 0x65, 0x64, 0x42, 0x09, 0x0a, 0x07, 0x50, 0x61, 0x79, 0x6c, 0x6f, 0x61, - 0x64, 0x2a, 0x53, 0x0a, 0x0c, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x53, 0x74, 0x61, 0x74, - 0x65, 0x12, 0x0d, 0x0a, 0x09, 0x55, 0x4e, 0x44, 0x45, 0x46, 0x49, 0x4e, 0x45, 0x44, 0x10, 0x00, - 0x12, 0x0b, 0x0a, 0x07, 0x49, 0x4e, 0x49, 0x54, 0x49, 0x41, 0x4c, 0x10, 0x01, 0x12, 0x0a, 0x0a, - 0x06, 0x41, 0x43, 0x54, 0x49, 0x56, 0x45, 0x10, 0x02, 0x12, 0x0b, 0x0a, 0x07, 0x46, 0x41, 0x49, - 0x4c, 0x49, 0x4e, 0x47, 0x10, 0x03, 0x12, 0x0e, 0x0a, 0x0a, 0x54, 0x45, 0x52, 0x4d, 0x49, 0x4e, - 0x41, 0x54, 0x45, 0x44, 0x10, 0x04, 0x32, 0xea, 0x05, 0x0a, 0x0e, 0x50, 0x65, 0x65, 0x72, 0x69, - 0x6e, 0x67, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x4e, 0x0a, 0x0d, 0x47, 0x65, 0x6e, - 0x65, 0x72, 0x61, 0x74, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x1d, 0x2e, 0x70, 0x65, 0x65, - 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x54, 0x6f, 0x6b, - 0x65, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1e, 0x2e, 0x70, 0x65, 0x65, 0x72, - 0x69, 0x6e, 0x67, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x54, 0x6f, 0x6b, 0x65, - 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x3f, 0x0a, 0x08, 0x49, 0x6e, 0x69, - 0x74, 0x69, 0x61, 0x74, 0x65, 0x12, 0x18, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, - 0x49, 0x6e, 0x69, 0x74, 0x69, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, - 0x19, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x49, 0x6e, 0x69, 0x74, 0x69, 0x61, - 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x48, 0x0a, 0x0b, 0x50, 0x65, - 0x65, 0x72, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x61, 0x64, 0x12, 0x1b, 0x2e, 0x70, 0x65, 0x65, 0x72, - 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x61, 0x64, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, - 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, 0x73, 0x70, - 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x48, 0x0a, 0x0b, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x4c, - 0x69, 0x73, 0x74, 0x12, 0x1b, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, - 0x65, 0x72, 0x69, 0x6e, 0x67, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, - 0x1a, 0x1c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, - 0x6e, 0x67, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x4e, - 0x0a, 0x0d, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x12, - 0x1d, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, - 0x67, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1e, - 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, - 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x4b, - 0x0a, 0x0c, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x57, 0x72, 0x69, 0x74, 0x65, 0x12, 0x1c, - 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, - 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1d, 0x2e, 0x70, - 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x57, 0x72, - 0x69, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x6f, 0x0a, 0x18, 0x54, - 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x42, 0x79, - 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x28, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, - 0x67, 0x2e, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x4c, 0x69, 0x73, - 0x74, 0x42, 0x79, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, - 0x74, 0x1a, 0x29, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x54, 0x72, 0x75, 0x73, - 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x42, 0x79, 0x53, 0x65, 0x72, - 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x54, 0x0a, 0x0f, - 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x65, 0x61, 0x64, 0x12, - 0x1f, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, - 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, - 0x1a, 0x20, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x54, 0x72, 0x75, 0x73, 0x74, - 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, - 0x73, 0x65, 0x12, 0x4f, 0x0a, 0x0f, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x52, 0x65, 0x73, 0x6f, - 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, 0x1b, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, - 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x73, 0x61, - 0x67, 0x65, 0x1a, 0x1b, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x52, 0x65, 0x70, - 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x28, - 0x01, 0x30, 0x01, 0x42, 0x84, 0x01, 0x0a, 0x0b, 0x63, 0x6f, 0x6d, 0x2e, 0x70, 0x65, 0x65, 0x72, - 0x69, 0x6e, 0x67, 0x42, 0x0c, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x50, 0x72, 0x6f, 0x74, - 0x6f, 0x50, 0x01, 0x5a, 0x2b, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, - 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, - 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, - 0xa2, 0x02, 0x03, 0x50, 0x58, 0x58, 0xaa, 0x02, 0x07, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, - 0xca, 0x02, 0x07, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0xe2, 0x02, 0x13, 0x50, 0x65, 0x65, - 0x72, 0x69, 0x6e, 0x67, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, - 0xea, 0x02, 0x07, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x33, + 0x6e, 0x22, 0x96, 0x02, 0x0a, 0x0f, 0x49, 0x6e, 0x69, 0x74, 0x69, 0x61, 0x74, 0x65, 0x52, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x50, 0x65, 0x65, 0x72, 0x4e, 0x61, 0x6d, + 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x50, 0x65, 0x65, 0x72, 0x4e, 0x61, 0x6d, + 0x65, 0x12, 0x22, 0x0a, 0x0c, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x54, 0x6f, 0x6b, 0x65, + 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, + 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, + 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, + 0x69, 0x6f, 0x6e, 0x12, 0x1e, 0x0a, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, + 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, + 0x74, 0x65, 0x72, 0x12, 0x14, 0x0a, 0x05, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x05, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x05, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x36, 0x0a, 0x04, 0x4d, 0x65, 0x74, + 0x61, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, + 0x67, 0x2e, 0x49, 0x6e, 0x69, 0x74, 0x69, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, + 0x74, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, + 0x61, 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, + 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, + 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x12, 0x0a, 0x10, 0x49, 0x6e, + 0x69, 0x74, 0x69, 0x61, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x94, + 0x05, 0x0a, 0x12, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, + 0x73, 0x73, 0x61, 0x67, 0x65, 0x12, 0x3f, 0x0a, 0x07, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, + 0x2e, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x73, + 0x61, 0x67, 0x65, 0x2e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x48, 0x00, 0x52, 0x07, 0x72, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x42, 0x0a, 0x08, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, + 0x73, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, + 0x6e, 0x67, 0x2e, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, + 0x73, 0x73, 0x61, 0x67, 0x65, 0x2e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x48, 0x00, + 0x52, 0x08, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x48, 0x0a, 0x0a, 0x74, 0x65, + 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x74, 0x65, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, + 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x2e, 0x54, 0x65, 0x72, 0x6d, + 0x69, 0x6e, 0x61, 0x74, 0x65, 0x64, 0x48, 0x00, 0x52, 0x0a, 0x74, 0x65, 0x72, 0x6d, 0x69, 0x6e, + 0x61, 0x74, 0x65, 0x64, 0x1a, 0x7f, 0x0a, 0x07, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, + 0x16, 0x0a, 0x06, 0x50, 0x65, 0x65, 0x72, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x06, 0x50, 0x65, 0x65, 0x72, 0x49, 0x44, 0x12, 0x14, 0x0a, 0x05, 0x4e, 0x6f, 0x6e, 0x63, 0x65, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x4e, 0x6f, 0x6e, 0x63, 0x65, 0x12, 0x20, 0x0a, + 0x0b, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x55, 0x52, 0x4c, 0x18, 0x03, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x0b, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x55, 0x52, 0x4c, 0x12, + 0x24, 0x0a, 0x05, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0e, + 0x2e, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x05, + 0x45, 0x72, 0x72, 0x6f, 0x72, 0x1a, 0x94, 0x02, 0x0a, 0x08, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, + 0x73, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x4e, 0x6f, 0x6e, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x05, 0x4e, 0x6f, 0x6e, 0x63, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x52, 0x65, 0x73, 0x6f, + 0x75, 0x72, 0x63, 0x65, 0x55, 0x52, 0x4c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x52, + 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x55, 0x52, 0x4c, 0x12, 0x1e, 0x0a, 0x0a, 0x52, 0x65, + 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x44, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, + 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x44, 0x12, 0x30, 0x0a, 0x08, 0x52, 0x65, + 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x67, + 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x41, + 0x6e, 0x79, 0x52, 0x08, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x4c, 0x0a, 0x09, + 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0e, 0x32, + 0x2e, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x2e, 0x52, 0x65, 0x73, + 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x2e, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, + 0x09, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x30, 0x0a, 0x09, 0x4f, 0x70, + 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x6e, 0x6b, 0x6e, 0x6f, + 0x77, 0x6e, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x55, 0x50, 0x53, 0x45, 0x52, 0x54, 0x10, 0x01, + 0x12, 0x0a, 0x0a, 0x06, 0x44, 0x45, 0x4c, 0x45, 0x54, 0x45, 0x10, 0x02, 0x1a, 0x0c, 0x0a, 0x0a, + 0x54, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x74, 0x65, 0x64, 0x42, 0x09, 0x0a, 0x07, 0x50, 0x61, + 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x2a, 0x53, 0x0a, 0x0c, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, + 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x0d, 0x0a, 0x09, 0x55, 0x4e, 0x44, 0x45, 0x46, 0x49, 0x4e, + 0x45, 0x44, 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07, 0x49, 0x4e, 0x49, 0x54, 0x49, 0x41, 0x4c, 0x10, + 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x41, 0x43, 0x54, 0x49, 0x56, 0x45, 0x10, 0x02, 0x12, 0x0b, 0x0a, + 0x07, 0x46, 0x41, 0x49, 0x4c, 0x49, 0x4e, 0x47, 0x10, 0x03, 0x12, 0x0e, 0x0a, 0x0a, 0x54, 0x45, + 0x52, 0x4d, 0x49, 0x4e, 0x41, 0x54, 0x45, 0x44, 0x10, 0x04, 0x32, 0xea, 0x05, 0x0a, 0x0e, 0x50, + 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x4e, 0x0a, + 0x0d, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x1d, + 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, + 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1e, 0x2e, + 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, + 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x3f, 0x0a, + 0x08, 0x49, 0x6e, 0x69, 0x74, 0x69, 0x61, 0x74, 0x65, 0x12, 0x18, 0x2e, 0x70, 0x65, 0x65, 0x72, + 0x69, 0x6e, 0x67, 0x2e, 0x49, 0x6e, 0x69, 0x74, 0x69, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, + 0x65, 0x73, 0x74, 0x1a, 0x19, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x49, 0x6e, + 0x69, 0x74, 0x69, 0x61, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x48, + 0x0a, 0x0b, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x61, 0x64, 0x12, 0x1b, 0x2e, + 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x52, + 0x65, 0x61, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1c, 0x2e, 0x70, 0x65, 0x65, + 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x61, 0x64, + 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x48, 0x0a, 0x0b, 0x50, 0x65, 0x65, 0x72, + 0x69, 0x6e, 0x67, 0x4c, 0x69, 0x73, 0x74, 0x12, 0x1b, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, + 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, + 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, + 0x73, 0x65, 0x12, 0x4e, 0x0a, 0x0d, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x44, 0x65, 0x6c, + 0x65, 0x74, 0x65, 0x12, 0x1d, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, + 0x65, 0x72, 0x69, 0x6e, 0x67, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x1a, 0x1e, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, + 0x72, 0x69, 0x6e, 0x67, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, + 0x73, 0x65, 0x12, 0x4b, 0x0a, 0x0c, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x57, 0x72, 0x69, + 0x74, 0x65, 0x12, 0x1c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, + 0x72, 0x69, 0x6e, 0x67, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, + 0x1a, 0x1d, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, + 0x6e, 0x67, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, + 0x6f, 0x0a, 0x18, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x4c, 0x69, + 0x73, 0x74, 0x42, 0x79, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x28, 0x2e, 0x70, 0x65, + 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, + 0x65, 0x4c, 0x69, 0x73, 0x74, 0x42, 0x79, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x29, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, + 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x42, + 0x79, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, + 0x12, 0x54, 0x0a, 0x0f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, + 0x65, 0x61, 0x64, 0x12, 0x1f, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x54, 0x72, + 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x1a, 0x20, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x54, + 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, + 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x4f, 0x0a, 0x0f, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, + 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, 0x1b, 0x2e, 0x70, 0x65, 0x65, 0x72, + 0x69, 0x6e, 0x67, 0x2e, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, + 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x1a, 0x1b, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, + 0x2e, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x73, + 0x61, 0x67, 0x65, 0x28, 0x01, 0x30, 0x01, 0x42, 0x84, 0x01, 0x0a, 0x0b, 0x63, 0x6f, 0x6d, 0x2e, + 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x42, 0x0c, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, + 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2b, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, + 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, + 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x70, 0x65, 0x65, + 0x72, 0x69, 0x6e, 0x67, 0xa2, 0x02, 0x03, 0x50, 0x58, 0x58, 0xaa, 0x02, 0x07, 0x50, 0x65, 0x65, + 0x72, 0x69, 0x6e, 0x67, 0xca, 0x02, 0x07, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0xe2, 0x02, + 0x13, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, + 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x07, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x62, 0x06, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/proto/pbpeering/peering.proto b/proto/pbpeering/peering.proto index 2103c3fe6..8ac8e353f 100644 --- a/proto/pbpeering/peering.proto +++ b/proto/pbpeering/peering.proto @@ -181,15 +181,17 @@ message PeeringDeleteResponse {} // @consul-rpc-glue: Datacenter,ReadTODO message TrustBundleListByServiceRequest { string ServiceName = 1; - string Partition = 2; + string Namespace = 2; + string Partition = 3; // these are common fields required for implementing structs.RPCInfo methods // that are used to forward requests - string Datacenter = 3; + string Datacenter = 4; } message TrustBundleListByServiceResponse { - repeated PeeringTrustBundle Bundles = 1; + uint64 Index = 1; + repeated PeeringTrustBundle Bundles = 2; } // @consul-rpc-glue: Datacenter,ReadTODO From 137bfbb02b95b6c377f69179e4d0f278fc019836 Mon Sep 17 00:00:00 2001 From: Freddy Date: Wed, 1 Jun 2022 14:31:37 -0600 Subject: [PATCH 445/785] Update public listener with SPIFFE Validator Envoy's SPIFFE certificate validation extension allows for us to validate against different root certificates depending on the trust domain of the dialing proxy. If there are any trust bundles from peers in the config snapshot then we use the SPIFFE validator as the validation context, rather than the usual TrustedCA. The injected validation config includes the local root certificates as well. --- agent/agent.go | 1 + agent/proxycfg-glue/glue.go | 8 ++ agent/proxycfg/connect_proxy.go | 20 ++++ agent/proxycfg/data_sources.go | 10 ++ agent/proxycfg/snapshot.go | 8 +- agent/proxycfg/state.go | 1 + agent/proxycfg/state_test.go | 21 +++- agent/proxycfg/testing.go | 8 +- agent/xds/listeners.go | 103 +++++++++++++++++- agent/xds/listeners_test.go | 16 ++- ...nect-proxy-exported-to-peers.latest.golden | 92 ++++++++++++++++ proto/prototest/testing.go | 2 +- 12 files changed, 279 insertions(+), 11 deletions(-) create mode 100644 agent/xds/testdata/listeners/connect-proxy-exported-to-peers.latest.golden diff --git a/agent/agent.go b/agent/agent.go index ebaa339f1..8fee06587 100644 --- a/agent/agent.go +++ b/agent/agent.go @@ -646,6 +646,7 @@ func (a *Agent) Start(ctx context.Context) error { ResolvedServiceConfig: proxycfgglue.CacheResolvedServiceConfig(a.cache), ServiceList: proxycfgglue.CacheServiceList(a.cache), TrustBundle: proxycfgglue.CacheTrustBundle(a.cache), + TrustBundleList: proxycfgglue.CacheTrustBundleList(a.cache), } a.fillEnterpriseProxyDataSources(&proxyDataSources) a.proxyConfig, err = proxycfg.NewManager(proxycfg.ManagerConfig{ diff --git a/agent/proxycfg-glue/glue.go b/agent/proxycfg-glue/glue.go index b18c6487f..5538aab5b 100644 --- a/agent/proxycfg-glue/glue.go +++ b/agent/proxycfg-glue/glue.go @@ -101,10 +101,18 @@ func CacheServiceList(c *cache.Cache) proxycfg.ServiceList { return &cacheProxyDataSource[*structs.DCSpecificRequest]{c, cachetype.CatalogServiceListName} } +// CacheTrustBundle satisfies the proxycfg.TrustBundle interface by sourcing +// data from the agent cache. func CacheTrustBundle(c *cache.Cache) proxycfg.TrustBundle { return &cacheProxyDataSource[*pbpeering.TrustBundleReadRequest]{c, cachetype.TrustBundleReadName} } +// CacheTrustBundleList satisfies the proxycfg.TrustBundleList interface by sourcing +// data from the agent cache. +func CacheTrustBundleList(c *cache.Cache) proxycfg.TrustBundleList { + return &cacheProxyDataSource[*pbpeering.TrustBundleListByServiceRequest]{c, cachetype.TrustBundleListName} +} + // cacheProxyDataSource implements a generic wrapper around the agent cache to // provide data to the proxycfg.Manager. type cacheProxyDataSource[ReqType cache.Request] struct { diff --git a/agent/proxycfg/connect_proxy.go b/agent/proxycfg/connect_proxy.go index 923b15b73..d2931cf27 100644 --- a/agent/proxycfg/connect_proxy.go +++ b/agent/proxycfg/connect_proxy.go @@ -44,6 +44,16 @@ func (s *handlerConnectProxy) initialize(ctx context.Context) (ConfigSnapshot, e return snap, err } + err = s.dataSources.TrustBundleList.Notify(ctx, &pbpeering.TrustBundleListByServiceRequest{ + // TODO(peering): Pass ACL token + ServiceName: s.proxyCfg.DestinationServiceName, + Namespace: s.proxyID.NamespaceOrDefault(), + Partition: s.proxyID.PartitionOrDefault(), + }, peeringTrustBundlesWatchID, s.ch) + if err != nil { + return snap, err + } + // Watch the leaf cert err = s.dataSources.LeafCertificate.Notify(ctx, &cachetype.ConnectCALeafRequest{ Datacenter: s.source.Datacenter, @@ -259,6 +269,16 @@ func (s *handlerConnectProxy) handleUpdate(ctx context.Context, u UpdateEvent, s snap.ConnectProxy.PeerTrustBundles[peer] = resp.Bundle } + case u.CorrelationID == peeringTrustBundlesWatchID: + resp, ok := u.Result.(*pbpeering.TrustBundleListByServiceResponse) + if !ok { + return fmt.Errorf("invalid type for response: %T", u.Result) + } + if len(resp.Bundles) > 0 { + snap.ConnectProxy.PeeringTrustBundles = resp.Bundles + } + snap.ConnectProxy.PeeringTrustBundlesSet = true + case u.CorrelationID == intentionsWatchID: resp, ok := u.Result.(*structs.IndexedIntentionMatches) if !ok { diff --git a/agent/proxycfg/data_sources.go b/agent/proxycfg/data_sources.go index 1f48c15d8..c454c2052 100644 --- a/agent/proxycfg/data_sources.go +++ b/agent/proxycfg/data_sources.go @@ -82,6 +82,10 @@ type DataSources struct { // TrustBundle provides updates about the trust bundle for a single peer. TrustBundle TrustBundle + // TrustBundleList provides updates about the list of trust bundles for + // peered clusters that the given proxy is exported to. + TrustBundleList TrustBundleList + DataSourcesEnterprise } @@ -185,3 +189,9 @@ type ServiceList interface { type TrustBundle interface { Notify(ctx context.Context, req *pbpeering.TrustBundleReadRequest, correlationID string, ch chan<- UpdateEvent) error } + +// TrustBundleList is the interface used to consume updates about trust bundles +// for peered clusters that the given proxy is exported to. +type TrustBundleList interface { + Notify(ctx context.Context, req *pbpeering.TrustBundleListByServiceRequest, correlationID string, ch chan<- UpdateEvent) error +} diff --git a/agent/proxycfg/snapshot.go b/agent/proxycfg/snapshot.go index cd8afd2ce..45a250b48 100644 --- a/agent/proxycfg/snapshot.go +++ b/agent/proxycfg/snapshot.go @@ -6,12 +6,12 @@ import ( "sort" "strings" - "github.com/hashicorp/consul/lib" - "github.com/hashicorp/consul/proto/pbpeering" "github.com/mitchellh/copystructure" "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/lib" + "github.com/hashicorp/consul/proto/pbpeering" ) // TODO(ingress): Can we think of a better for this bag of data? @@ -122,6 +122,9 @@ func gatewayKeyFromString(s string) GatewayKey { type configSnapshotConnectProxy struct { ConfigSnapshotUpstreams + PeeringTrustBundlesSet bool + PeeringTrustBundles []*pbpeering.PeeringTrustBundle + WatchedServiceChecks map[structs.ServiceID][]structs.CheckType // TODO: missing garbage collection PreparedQueryEndpoints map[UpstreamID]structs.CheckServiceNodes // DEPRECATED:see:WatchedUpstreamEndpoints @@ -152,6 +155,7 @@ func (c *configSnapshotConnectProxy) isEmpty() bool { len(c.UpstreamConfig) == 0 && len(c.PassthroughUpstreams) == 0 && len(c.IntentionUpstreams) == 0 && + !c.PeeringTrustBundlesSet && !c.MeshConfigSet } diff --git a/agent/proxycfg/state.go b/agent/proxycfg/state.go index de0eec236..bce6510d4 100644 --- a/agent/proxycfg/state.go +++ b/agent/proxycfg/state.go @@ -19,6 +19,7 @@ import ( const ( coalesceTimeout = 200 * time.Millisecond rootsWatchID = "roots" + peeringTrustBundlesWatchID = "peering-trust-bundles" leafWatchID = "leaf" peerTrustBundleIDPrefix = "peer-trust-bundle:" intentionsWatchID = "intentions" diff --git a/agent/proxycfg/state_test.go b/agent/proxycfg/state_test.go index 7ca93da66..20446b2da 100644 --- a/agent/proxycfg/state_test.go +++ b/agent/proxycfg/state_test.go @@ -7,7 +7,6 @@ import ( "testing" "time" - "github.com/hashicorp/consul/proto/pbpeering" "github.com/hashicorp/go-hclog" "github.com/stretchr/testify/require" @@ -15,6 +14,8 @@ import ( cachetype "github.com/hashicorp/consul/agent/cache-types" "github.com/hashicorp/consul/agent/consul/discoverychain" "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/proto/pbpeering" + "github.com/hashicorp/consul/proto/prototest" "github.com/hashicorp/consul/sdk/testutil" ) @@ -134,6 +135,7 @@ func recordWatches(sc *stateConfig) *watchRecorder { ResolvedServiceConfig: typedWatchRecorder[*structs.ServiceConfigRequest]{wr}, ServiceList: typedWatchRecorder[*structs.DCSpecificRequest]{wr}, TrustBundle: typedWatchRecorder[*pbpeering.TrustBundleReadRequest]{wr}, + TrustBundleList: typedWatchRecorder[*pbpeering.TrustBundleListByServiceRequest]{wr}, } recordWatchesEnterprise(sc, wr) @@ -217,6 +219,14 @@ func genVerifyLeafWatch(expectedService string, expectedDatacenter string) verif return genVerifyLeafWatchWithDNSSANs(expectedService, expectedDatacenter, nil) } +func genVerifyTrustBundleListWatch(service string) verifyWatchRequest { + return func(t testing.TB, request any) { + reqReal, ok := request.(*pbpeering.TrustBundleListByServiceRequest) + require.True(t, ok) + require.Equal(t, service, reqReal.ServiceName) + } +} + func genVerifyResolverWatch(expectedService, expectedDatacenter, expectedKind string) verifyWatchRequest { return func(t testing.TB, request any) { reqReal, ok := request.(*structs.ConfigEntryQuery) @@ -2492,6 +2502,7 @@ func TestState_WatchesAndUpdates(t *testing.T) { }), rootsWatchID: genVerifyDCSpecificWatch("dc1"), leafWatchID: genVerifyLeafWatch("web", "dc1"), + peeringTrustBundlesWatchID: genVerifyTrustBundleListWatch("web"), peerTrustBundleIDPrefix + "peer-a": genVerifyTrustBundleReadWatch("peer-a"), // No Peering watch }, @@ -2514,12 +2525,18 @@ func TestState_WatchesAndUpdates(t *testing.T) { require.Len(t, snap.ConnectProxy.WatchedServiceChecks, 0, "%+v", snap.ConnectProxy.WatchedServiceChecks) require.Len(t, snap.ConnectProxy.PreparedQueryEndpoints, 0, "%+v", snap.ConnectProxy.PreparedQueryEndpoints) + require.Len(t, snap.ConnectProxy.PeeringTrustBundles, 0, "%+v", snap.ConnectProxy.PeeringTrustBundles) + require.False(t, snap.ConnectProxy.PeeringTrustBundlesSet) }, }, { // This time add the events events: []UpdateEvent{ rootWatchEvent(), + { + CorrelationID: peeringTrustBundlesWatchID, + Result: peerTrustBundles, + }, { CorrelationID: leafWatchID, Result: issuedCert, @@ -2551,8 +2568,10 @@ func TestState_WatchesAndUpdates(t *testing.T) { verifySnapshot: func(t testing.TB, snap *ConfigSnapshot) { require.True(t, snap.Valid()) require.True(t, snap.MeshGateway.isEmpty()) + require.Equal(t, indexedRoots, snap.Roots) require.Equal(t, issuedCert, snap.ConnectProxy.Leaf) + prototest.AssertDeepEqual(t, peerTrustBundles.Bundles, snap.ConnectProxy.PeeringTrustBundles) require.Len(t, snap.ConnectProxy.DiscoveryChain, 2, "%+v", snap.ConnectProxy.DiscoveryChain) require.Len(t, snap.ConnectProxy.WatchedUpstreams, 2, "%+v", snap.ConnectProxy.WatchedUpstreams) diff --git a/agent/proxycfg/testing.go b/agent/proxycfg/testing.go index 8f12ec8f3..77eb84eb0 100644 --- a/agent/proxycfg/testing.go +++ b/agent/proxycfg/testing.go @@ -24,8 +24,6 @@ import ( ) func TestPeerTrustBundles(t testing.T) *pbpeering.TrustBundleListByServiceResponse { - t.Helper() - return &pbpeering.TrustBundleListByServiceResponse{ Bundles: []*pbpeering.PeeringTrustBundle{ { @@ -722,6 +720,7 @@ func testConfigSnapshotFixture( ResolvedServiceConfig: &noopDataSource[*structs.ServiceConfigRequest]{}, ServiceList: &noopDataSource[*structs.DCSpecificRequest]{}, TrustBundle: &noopDataSource[*pbpeering.TrustBundleReadRequest]{}, + TrustBundleList: &noopDataSource[*pbpeering.TrustBundleListByServiceRequest]{}, }, dnsConfig: DNSConfig{ // TODO: make configurable Domain: "consul", @@ -922,6 +921,7 @@ func NewTestDataSources() *TestDataSources { ResolvedServiceConfig: NewTestDataSource[*structs.ServiceConfigRequest, *structs.ServiceConfigResponse](), ServiceList: NewTestDataSource[*structs.DCSpecificRequest, *structs.IndexedServiceList](), TrustBundle: NewTestDataSource[*pbpeering.TrustBundleReadRequest, *pbpeering.TrustBundleReadResponse](), + TrustBundleList: NewTestDataSource[*pbpeering.TrustBundleListByServiceRequest, *pbpeering.TrustBundleListByServiceResponse](), } srcs.buildEnterpriseSources() return srcs @@ -945,6 +945,9 @@ type TestDataSources struct { ResolvedServiceConfig *TestDataSource[*structs.ServiceConfigRequest, *structs.ServiceConfigResponse] ServiceList *TestDataSource[*structs.DCSpecificRequest, *structs.IndexedServiceList] TrustBundle *TestDataSource[*pbpeering.TrustBundleReadRequest, *pbpeering.TrustBundleReadResponse] + TrustBundleList *TestDataSource[*pbpeering.TrustBundleListByServiceRequest, *pbpeering.TrustBundleListByServiceResponse] + + TestDataSourcesEnterprise } func (t *TestDataSources) ToDataSources() DataSources { @@ -965,6 +968,7 @@ func (t *TestDataSources) ToDataSources() DataSources { ResolvedServiceConfig: t.ResolvedServiceConfig, ServiceList: t.ServiceList, TrustBundle: t.TrustBundle, + TrustBundleList: t.TrustBundleList, } t.fillEnterpriseDataSources(&ds) return ds diff --git a/agent/xds/listeners.go b/agent/xds/listeners.go index 01df37641..62d70a7f6 100644 --- a/agent/xds/listeners.go +++ b/agent/xds/listeners.go @@ -11,9 +11,6 @@ import ( "strings" "time" - "github.com/hashicorp/consul/acl" - "github.com/hashicorp/consul/lib" - "github.com/hashicorp/consul/types" "google.golang.org/protobuf/types/known/durationpb" "google.golang.org/protobuf/types/known/wrapperspb" @@ -39,10 +36,14 @@ import ( "github.com/golang/protobuf/ptypes/any" "github.com/golang/protobuf/ptypes/wrappers" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/connect" "github.com/hashicorp/consul/agent/proxycfg" "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/lib" + "github.com/hashicorp/consul/proto/pbpeering" "github.com/hashicorp/consul/sdk/iptables" + "github.com/hashicorp/consul/types" ) const virtualIPTag = "virtual" @@ -777,6 +778,100 @@ func (s *ResourceGenerator) injectConnectTLSOnFilterChains(cfgSnap *proxycfg.Con return nil } +// +// NOTE: This method MUST only be used for connect proxy public listeners, +// since TLS validation will be done against root certs for all peers +// that might dial this proxy. +func (s *ResourceGenerator) injectConnectTLSForPublicListener(cfgSnap *proxycfg.ConfigSnapshot, listener *envoy_listener_v3.Listener) error { + if cfgSnap.Kind != structs.ServiceKindConnectProxy { + return fmt.Errorf("cannot inject peering trust bundles for kind %q", cfgSnap.Kind) + } + + // Create TLS validation context for mTLS with leaf certificate and root certs. + tlsContext := makeCommonTLSContext( + cfgSnap.Leaf(), + cfgSnap.RootPEMs(), + makeTLSParametersFromProxyTLSConfig(cfgSnap.MeshConfigTLSIncoming()), + ) + + // Inject peering trust bundles if this service is exported to peered clusters. + if len(cfgSnap.ConnectProxy.PeeringTrustBundles) > 0 { + spiffeConfig, err := makeSpiffeValidatorConfig(cfgSnap.Roots.TrustDomain, cfgSnap.RootPEMs(), cfgSnap.ConnectProxy.PeeringTrustBundles) + if err != nil { + return err + } + + typ, ok := tlsContext.ValidationContextType.(*envoy_tls_v3.CommonTlsContext_ValidationContext) + if !ok { + return fmt.Errorf("unexpected type for TLS context validation: %T", tlsContext.ValidationContextType) + } + + // makeCommonTLSFromLead injects the local trust domain's CA root certs as the TrustedCA. + // We nil it out here since the local roots are included in the SPIFFE validator config. + typ.ValidationContext.TrustedCa = nil + typ.ValidationContext.CustomValidatorConfig = &envoy_core_v3.TypedExtensionConfig{ + // The typed config name is hard-coded because it is not available as a wellknown var in the control plane lib. + Name: "envoy.tls.cert_validator.spiffe", + TypedConfig: spiffeConfig, + } + } + + transportSocket, err := makeDownstreamTLSTransportSocket(&envoy_tls_v3.DownstreamTlsContext{ + CommonTlsContext: tlsContext, + RequireClientCertificate: &wrappers.BoolValue{Value: true}, + }) + if err != nil { + return err + } + + for idx := range listener.FilterChains { + listener.FilterChains[idx].TransportSocket = transportSocket + } + return nil +} + +// SPIFFECertValidatorConfig is used to validate certificates from trust domains other than our own. +// With cluster peering we expect peered clusters to have independent certificate authorities. +// This means that we cannot use a single set of root CA certificates to validate client certificates for mTLS, +// but rather we need to validate against different roots depending on the trust domain of the certificate presented. +func makeSpiffeValidatorConfig(trustDomain, roots string, peerBundles []*pbpeering.PeeringTrustBundle) (*any.Any, error) { + // Store the trust bundle for the local trust domain. + bundles := map[string]string{trustDomain: roots} + + // Store the trust bundle for each trust domain of the peers this proxy is exported to. + // This allows us to validate traffic from other trust domains. + for _, b := range peerBundles { + var pems string + for _, pem := range b.RootPEMs { + pems += lib.EnsureTrailingNewline(pem) + } + bundles[b.TrustDomain] = pems + } + + cfg := &envoy_tls_v3.SPIFFECertValidatorConfig{ + TrustDomains: make([]*envoy_tls_v3.SPIFFECertValidatorConfig_TrustDomain, 0, len(bundles)), + } + + for domain, bundle := range bundles { + cfg.TrustDomains = append(cfg.TrustDomains, &envoy_tls_v3.SPIFFECertValidatorConfig_TrustDomain{ + Name: domain, + TrustBundle: &envoy_core_v3.DataSource{ + Specifier: &envoy_core_v3.DataSource_InlineString{ + InlineString: bundle, + }, + }, + }) + } + + // Sort the trust domains so that the output is stable. + // This benefits tests but also prevents Envoy from mistakenly thinking the listener + // changed and needs to be drained only because this ordering is different. + sort.Slice(cfg.TrustDomains, func(i int, j int) bool { + return cfg.TrustDomains[i].Name < cfg.TrustDomains[j].Name + }) + return ptypes.MarshalAny(cfg) +} + func (s *ResourceGenerator) makeInboundListener(cfgSnap *proxycfg.ConfigSnapshot, name string) (proto.Message, error) { var l *envoy_listener_v3.Listener var err error @@ -899,7 +994,7 @@ func (s *ResourceGenerator) finalizePublicListenerFromConfig(l *envoy_listener_v } // Always apply TLS certificates - if err := s.injectConnectTLSOnFilterChains(cfgSnap, l); err != nil { + if err := s.injectConnectTLSForPublicListener(cfgSnap, l); err != nil { return nil } diff --git a/agent/xds/listeners_test.go b/agent/xds/listeners_test.go index 8fb1cbddc..b43b5c0b2 100644 --- a/agent/xds/listeners_test.go +++ b/agent/xds/listeners_test.go @@ -9,7 +9,6 @@ import ( "time" envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" - testinf "github.com/mitchellh/go-testing-interface" "github.com/stretchr/testify/require" @@ -42,6 +41,21 @@ func TestListenersFromSnapshot(t *testing.T) { return proxycfg.TestConfigSnapshot(t, nil, nil) }, }, + { + name: "connect-proxy-exported-to-peers", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { + // This test is only concerned about the SPIFFE cert validator config in the public listener + // so we empty out the upstreams to avoid generating unnecessary upstream listeners. + ns.Proxy.Upstreams = structs.Upstreams{} + }, []proxycfg.UpdateEvent{ + { + CorrelationID: "peering-trust-bundles", + Result: proxycfg.TestPeerTrustBundles(t), + }, + }) + }, + }, { name: "connect-proxy-with-tls-outgoing-min-version-auto", create: func(t testinf.T) *proxycfg.ConfigSnapshot { diff --git a/agent/xds/testdata/listeners/connect-proxy-exported-to-peers.latest.golden b/agent/xds/testdata/listeners/connect-proxy-exported-to-peers.latest.golden new file mode 100644 index 000000000..c61cb12d7 --- /dev/null +++ b/agent/xds/testdata/listeners/connect-proxy-exported-to-peers.latest.golden @@ -0,0 +1,92 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "name": "public_listener:0.0.0.0:9999", + "address": { + "socketAddress": { + "address": "0.0.0.0", + "portValue": 9999 + } + }, + "filterChains": [ + { + "filters": [ + { + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": { + + }, + "statPrefix": "connect_authz" + } + }, + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "public_listener", + "cluster": "local_app" + } + } + ], + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", + "commonTlsContext": { + "tlsParams": { + + }, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "customValidatorConfig": { + "name": "envoy.tls.cert_validator.spiffe", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.SPIFFECertValidatorConfig", + "trustDomains": [ + { + "name": "11111111-2222-3333-4444-555555555555.consul", + "trustBundle": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" + } + }, + { + "name": "1c053652-8512-4373-90cf-5a7f6263a994.consul", + "trustBundle": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICczCCAdwCCQC3BLnEmLCrSjANBgkqhkiG9w0BAQsFADB+MQswCQYDVQQGEwJV\nUzELMAkGA1UECAwCQVoxEjAQBgNVBAcMCUZsYWdzdGFmZjEMMAoGA1UECgwDRm9v\nMRAwDgYDVQQLDAdleGFtcGxlMQ8wDQYDVQQDDAZwZWVyLWExHTAbBgkqhkiG9w0B\nCQEWDmZvb0BwZWVyLWEuY29tMB4XDTIyMDUyNjAxMDQ0NFoXDTIzMDUyNjAxMDQ0\nNFowfjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkFaMRIwEAYDVQQHDAlGbGFnc3Rh\nZmYxDDAKBgNVBAoMA0ZvbzEQMA4GA1UECwwHZXhhbXBsZTEPMA0GA1UEAwwGcGVl\nci1hMR0wGwYJKoZIhvcNAQkBFg5mb29AcGVlci1hLmNvbTCBnzANBgkqhkiG9w0B\nAQEFAAOBjQAwgYkCgYEA2zFYGTbXDAntT5pLTpZ2+VTiqx4J63VRJH1kdu11f0FV\nc2jl1pqCuYDbQXknDU0Pv1Q5y0+nSAihD2KqGS571r+vHQiPtKYPYRqPEe9FzAhR\n2KhWH6v/tk5DG1HqOjV9/zWRKB12gdFNZZqnw/e7NjLNq3wZ2UAwxXip5uJ8uwMC\nAwEAATANBgkqhkiG9w0BAQsFAAOBgQC/CJ9Syf4aL91wZizKTejwouRYoWv4gRAk\nyto45ZcNMHfJ0G2z+XAMl9ZbQsLgXmzAx4IM6y5Jckq8pKC4PEijCjlKTktLHlEy\n0ggmFxtNB1tid2NC8dOzcQ3l45+gDjDqdILhAvLDjlAIebdkqVqb2CfFNW/I2CQH\nZAuKN1aoKA==\n-----END CERTIFICATE-----\n" + } + }, + { + "name": "d89ac423-e95a-475d-94f2-1c557c57bf31.consul", + "trustBundle": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICcTCCAdoCCQDyGxC08cD0BDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJV\nUzELMAkGA1UECAwCQ0ExETAPBgNVBAcMCENhcmxzYmFkMQwwCgYDVQQKDANGb28x\nEDAOBgNVBAsMB2V4YW1wbGUxDzANBgNVBAMMBnBlZXItYjEdMBsGCSqGSIb3DQEJ\nARYOZm9vQHBlZXItYi5jb20wHhcNMjIwNTI2MDExNjE2WhcNMjMwNTI2MDExNjE2\nWjB9MQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExETAPBgNVBAcMCENhcmxzYmFk\nMQwwCgYDVQQKDANGb28xEDAOBgNVBAsMB2V4YW1wbGUxDzANBgNVBAMMBnBlZXIt\nYjEdMBsGCSqGSIb3DQEJARYOZm9vQHBlZXItYi5jb20wgZ8wDQYJKoZIhvcNAQEB\nBQADgY0AMIGJAoGBAL4i5erdZ5vKk3mzW9Qt6Wvw/WN/IpMDlL0a28wz9oDCtMLN\ncD/XQB9yT5jUwb2s4mD1lCDZtee8MHeD8zygICozufWVB+u2KvMaoA50T9GMQD0E\nz/0nz/Z703I4q13VHeTpltmEpYcfxw/7nJ3leKA34+Nj3zteJ70iqvD/TNBBAgMB\nAAEwDQYJKoZIhvcNAQELBQADgYEAbL04gicH+EIznDNhZJEb1guMBtBBJ8kujPyU\nao8xhlUuorDTLwhLpkKsOhD8619oSS8KynjEBichidQRkwxIaze0a2mrGT+tGBMf\npVz6UeCkqpde6bSJ/ozEe/2seQzKqYvRT1oUjLwYvY7OIh2DzYibOAxh6fewYAmU\n5j5qNLc=\n-----END CERTIFICATE-----\n" + } + } + ] + } + } + } + }, + "requireClientCertificate": true + } + } + } + ], + "trafficDirection": "INBOUND" + } + ], + "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", + "nonce": "00000001" +} \ No newline at end of file diff --git a/proto/prototest/testing.go b/proto/prototest/testing.go index b17f359b3..c196d77b3 100644 --- a/proto/prototest/testing.go +++ b/proto/prototest/testing.go @@ -7,7 +7,7 @@ import ( "google.golang.org/protobuf/testing/protocmp" ) -func AssertDeepEqual(t *testing.T, x, y interface{}, opts ...cmp.Option) { +func AssertDeepEqual(t testing.TB, x, y interface{}, opts ...cmp.Option) { t.Helper() opts = append(opts, protocmp.Transform()) From 8a7dfbaa7dae8c6f0f50b1706cfdc107c38c222d Mon Sep 17 00:00:00 2001 From: "Chris S. Kim" Date: Thu, 2 Jun 2022 12:26:18 -0400 Subject: [PATCH 446/785] Fix KVSGet method to handle QueryOptions properly (#13344) --- .changelog/13344.txt | 3 +++ agent/kvs_endpoint.go | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) create mode 100644 .changelog/13344.txt diff --git a/.changelog/13344.txt b/.changelog/13344.txt new file mode 100644 index 000000000..18569b40f --- /dev/null +++ b/.changelog/13344.txt @@ -0,0 +1,3 @@ +```release-note:bug +kvs: Fixed a bug where query options were not being applied to KVS.Get RPC operations. +``` \ No newline at end of file diff --git a/agent/kvs_endpoint.go b/agent/kvs_endpoint.go index bcb874588..1aed8178a 100644 --- a/agent/kvs_endpoint.go +++ b/agent/kvs_endpoint.go @@ -69,7 +69,7 @@ func (s *HTTPHandlers) KVSGet(resp http.ResponseWriter, req *http.Request, args // Make the RPC var out structs.IndexedDirEntries - if err := s.agent.RPC(method, &args, &out); err != nil { + if err := s.agent.RPC(method, args, &out); err != nil { return nil, err } setMeta(resp, &out.QueryMeta) From bc906625f6fd4063cf3020b34fe1da5ced54adb4 Mon Sep 17 00:00:00 2001 From: Kyle Schochenmaier Date: Thu, 2 Jun 2022 11:46:35 -0500 Subject: [PATCH 447/785] update multicluster docs (#13334) --- .../k8s/installation/multi-cluster/index.mdx | 20 +++++++++++-------- .../installation/multi-cluster/kubernetes.mdx | 10 ++++------ 2 files changed, 16 insertions(+), 14 deletions(-) diff --git a/website/content/docs/k8s/installation/multi-cluster/index.mdx b/website/content/docs/k8s/installation/multi-cluster/index.mdx index 877cb6c65..9b889557e 100644 --- a/website/content/docs/k8s/installation/multi-cluster/index.mdx +++ b/website/content/docs/k8s/installation/multi-cluster/index.mdx @@ -57,15 +57,19 @@ federated with Consul datacenters running on virtual machines (and vice versa). Because the communication between clusters is end-to-end encrypted, mesh gateways can even be exposed on the public internet. -The only requirement is that the mesh gateways for each cluster can route to -one another. For example, if using a load balancer service in front of each cluster's -mesh gateway, the load balancer IP must be routable from the other mesh gateway pods. +There are three networking requirements: +1. When Consul servers in secondary datacenters first start up, they must be able to make calls directly to the + primary datacenter's mesh gateways. +1. Once the Consul servers in secondary datacenters have made that initial call to the primary datacenter's mesh + gateways, the mesh gateways in the secondary datacenter will be able to start. From this point onwards, all + communication between servers will flow first to the local mesh gateways, and then to the remote mesh gateways. + This means all mesh gateways across datacenters must be able to route to one another. -If using a public load balancer, this is guaranteed. If using a private load balancer -then you'll need to make sure that its IP is routable from your other clusters. - -In addition, if ACLs are enabled, primary clusters must be able to make requests to the Kubernetes API URL of -secondary clusters. + For example, if using a load balancer service in front of each cluster's mesh gateway pods, the load balancer IP + must be routable from the other mesh gateway pods. + If using a public load balancer, this is guaranteed. If using a private load balancer + then you'll need to make sure that its IP/DNS address is routable from your other clusters. +1. If ACLs are enabled, primary clusters must be able to make requests to the Kubernetes API URLs of secondary clusters. ## Next Steps diff --git a/website/content/docs/k8s/installation/multi-cluster/kubernetes.mdx b/website/content/docs/k8s/installation/multi-cluster/kubernetes.mdx index a59966876..29f8da341 100644 --- a/website/content/docs/k8s/installation/multi-cluster/kubernetes.mdx +++ b/website/content/docs/k8s/installation/multi-cluster/kubernetes.mdx @@ -289,14 +289,13 @@ The automatically generated federation secret contains: ## Kubernetes API URL -If ACLs are enabled, you must next determine the Kubernetes API URL for the secondary cluster. The API URL of the primary cluster -must be specified in the config files for all secondary clusters because secondary clusters need +If ACLs are enabled, you must next determine the Kubernetes API URL for each secondary cluster. The API URL of the secondary cluster must be specified in the config files for each secondary cluster because they need to create global Consul ACL tokens (tokens that are valid in all datacenters) and these tokens can only be created by the primary datacenter. By setting the API URL, the secondary cluster will configure a [Consul auth method](/docs/security/acl/auth-methods) in the primary cluster so that components in the secondary cluster can use their Kubernetes ServiceAccount tokens to retrieve global Consul ACL tokens from the primary. -To determine the Kubernetes API URL, first get the cluster name in your kubeconfig: +To determine the Kubernetes API URL, first get the cluster name in your kubeconfig for your secondary: ```shell-session $ export CLUSTER=$(kubectl config view -o jsonpath="{.contexts[?(@.name == \"$(kubectl config current-context)\")].context.cluster}") @@ -352,7 +351,7 @@ global: federation: enabled: true - k8sAuthMethodHost: + k8sAuthMethodHost: primaryDatacenter: dc1 gossipEncryption: secretName: consul-federation @@ -380,8 +379,7 @@ server: Modifications: -1. If ACLs are enabled, change the value of `global.federation.k8sAuthMethodHost` to the full URL (including `https://`) of this cluster's - Kubernetes API. +1. If ACLs are enabled, change the value of `global.federation.k8sAuthMethodHost` to the full URL (including `https://`) of the secondary cluster's Kubernetes API. 1. `global.federation.primaryDatacenter` must be set to the name of the primary datacenter. 1. The Consul datacenter name for the datacenter in this example is `dc2`. The datacenter name in **each** federated cluster **must be unique**. 1. ACLs are enabled in the above config file. They can be disabled by removing From 5825f3e1f6b21a81fd36d56f8b819c00e58e83d7 Mon Sep 17 00:00:00 2001 From: alex <8968914+acpana@users.noreply.github.com> Date: Thu, 2 Jun 2022 09:51:22 -0700 Subject: [PATCH 448/785] chore: remove broken link from pr template (#13343) --- .github/pull_request_template.md | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 5c2b044e1..43b3ac713 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -16,4 +16,3 @@ Please be mindful not to leak any customer or confidential information. HashiCor * [ ] updated test coverage * [ ] external facing docs updated * [ ] not a security concern -* [ ] checklist [folder](./../docs/config) consulted From a6079aa190aa759e09eaf055b5c8b64cbf3cd2ff Mon Sep 17 00:00:00 2001 From: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com> Date: Thu, 2 Jun 2022 18:04:17 -0400 Subject: [PATCH 449/785] docs: show HCP Consul supports CTS enterprise --- website/content/docs/enterprise/index.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/content/docs/enterprise/index.mdx b/website/content/docs/enterprise/index.mdx index 4dd288651..8375a3237 100644 --- a/website/content/docs/enterprise/index.mdx +++ b/website/content/docs/enterprise/index.mdx @@ -79,7 +79,7 @@ Available enterprise features per Consul form and license include: | [Redundancy Zones](/docs/enterprise/redundancy) | Not applicable | Yes | With Global Visibility, Routing, and Scale module | | [Read Replicas](/docs/enterprise/read-scale) | No | Yes | With Global Visibility, Routing, and Scale module | | [Automated Upgrades](/docs/enterprise/upgrades) | All tiers | Yes | Yes | -| [Consul-Terraform-Sync Enterprise](/docs/nia/enterprise) | No | Yes | Yes | +| [Consul-Terraform-Sync Enterprise](/docs/nia/enterprise) | All tiers | Yes | Yes | | [Network Areas](/docs/enterprise/federation) | No | Yes | With Global Visibility, Routing, and Scale module | | [Network Segments](/docs/enterprise/network-segments) | No | Yes | With Global Visibility, Routing, and Scale module | | [OIDC Auth Method](/docs/acl/auth-methods/oidc) | No | Yes | Yes | From bd3a4dfeabbad6047881af23e63f5fa8bdd9d43a Mon Sep 17 00:00:00 2001 From: cskh Date: Fri, 3 Jun 2022 13:07:37 -0400 Subject: [PATCH 450/785] Add isLeader metric to track if a server is a leader (#13304) CTIA-21: sdd is_leader metric to track if a server is a leader Co-authored-by: alex <8968914+acpana@users.noreply.github.com> --- .changelog/13304.txt | 3 + .circleci/config.yml | 5 +- GNUmakefile | 7 + agent/consul/leader.go | 6 + agent/metrics_test.go | 51 +++- agent/setup.go | 8 + test/integration/consul-container/go.mod | 9 +- test/integration/consul-container/go.sum | 253 +++++++++++++++++- .../consul-container/libs/cluster/cluster.go | 39 +++ .../libs/utils/version_oss.go | 9 + .../consul-container/metrics/leader_test.go | 114 ++++++++ .../upgrade/healthcheck_test.go | 50 ++-- .../consul-container/upgrade/util_test.go | 47 ---- .../consul-container/upgrade/version_oss.go | 9 - website/content/docs/agent/telemetry.mdx | 2 + 15 files changed, 517 insertions(+), 95 deletions(-) create mode 100644 .changelog/13304.txt create mode 100644 test/integration/consul-container/libs/utils/version_oss.go create mode 100644 test/integration/consul-container/metrics/leader_test.go delete mode 100644 test/integration/consul-container/upgrade/util_test.go delete mode 100644 test/integration/consul-container/upgrade/version_oss.go diff --git a/.changelog/13304.txt b/.changelog/13304.txt new file mode 100644 index 000000000..7fe9c1ef0 --- /dev/null +++ b/.changelog/13304.txt @@ -0,0 +1,3 @@ +```release-note:improvement +telemetry: Added a `consul.server.isLeader` metric to track if a server is a leader or not. +``` \ No newline at end of file diff --git a/.circleci/config.yml b/.circleci/config.yml index a59d4855a..c6c7e2a7e 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -825,11 +825,12 @@ jobs: subtests=$(ls -d test/integration/consul-container/*/ | grep -v libs | xargs -n 1 basename | circleci tests split) echo "Running $(echo $subtests | wc -w) subtests" echo "$subtests" - subtests_pipe_sepr=$(echo "$subtests" | xargs | sed 's/ /|/g') + subtests_formatted=$(echo "$subtests" | sed 's/^/.\//g' | xargs) mkdir -p /tmp/test-results/ docker run consul:local consul version cd ./test/integration/consul-container - gotestsum -- -timeout=30m ./$subtests_pipe_sepr --target-version local --latest-version latest + echo "$subtests_formatted" + gotestsum -- -timeout=30m ./$subtests_formatted --target-version local --latest-version latest ls -lrt environment: # this is needed because of incompatibility between RYUK container and circleci diff --git a/GNUmakefile b/GNUmakefile index 353948076..069a7bc2f 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -339,6 +339,13 @@ else go test -v -timeout=30m ./upgrade --tags $(GOTAGS) --target-version local --latest-version latest endif +.PHONY: test-metrics-integ +test-metrics-integ: dev-docker + @docker tag consul-dev:latest consul:local + @docker run --rm -t consul:local consul version + @cd ./test/integration/consul-container && \ + go test -v -timeout=7m ./metrics --target-version local + test-connect-ca-providers: ifeq ("$(CIRCLECI)","true") # Run in CI diff --git a/agent/consul/leader.go b/agent/consul/leader.go index aedcb032f..0d9359c14 100644 --- a/agent/consul/leader.go +++ b/agent/consul/leader.go @@ -72,6 +72,12 @@ func (s *Server) monitorLeadership() { var leaderLoop sync.WaitGroup for { select { + case <-time.After(s.config.MetricsReportingInterval): + if s.IsLeader() { + metrics.SetGauge([]string{"server", "isLeader"}, float32(1)) + } else { + metrics.SetGauge([]string{"server", "isLeader"}, float32(0)) + } case isLeader := <-raftNotifyCh: switch { case isLeader: diff --git a/agent/metrics_test.go b/agent/metrics_test.go index 76b3fff28..c4364a677 100644 --- a/agent/metrics_test.go +++ b/agent/metrics_test.go @@ -1,6 +1,7 @@ package agent import ( + "context" "crypto/x509" "fmt" "io/ioutil" @@ -9,12 +10,14 @@ import ( "path/filepath" "strings" "testing" + "time" + // "github.com/hashicorp/consul/agent/config" "github.com/hashicorp/consul/agent/rpc/middleware" + "github.com/hashicorp/consul/lib/retry" "github.com/hashicorp/consul/sdk/testutil" "github.com/hashicorp/consul/testrpc" "github.com/hashicorp/consul/tlsutil" - "github.com/stretchr/testify/require" ) @@ -205,6 +208,52 @@ func TestAgent_OneTwelveRPCMetrics(t *testing.T) { }) } +func TestHTTPHandlers_AgentMetrics_LeaderShipMetrics(t *testing.T) { + skipIfShortTesting(t) + // This test cannot use t.Parallel() since we modify global state, ie the global metrics instance + + t.Run("check that metric isLeader is set properly on server", func(t *testing.T) { + hcl := ` + telemetry = { + prometheus_retention_time = "5s", + metrics_prefix = "agent_is_leader" + } + ` + + a := StartTestAgent(t, TestAgent{HCL: hcl}) + defer a.Shutdown() + + retryWithBackoff := func(expectedStr string) error { + waiter := &retry.Waiter{ + MaxWait: 1 * time.Minute, + } + ctx := context.Background() + for { + if waiter.Failures() > 7 { + return fmt.Errorf("reach max failure: %d", waiter.Failures()) + } + respRec := httptest.NewRecorder() + recordPromMetrics(t, a, respRec) + + out := respRec.Body.String() + if strings.Contains(out, expectedStr) { + return nil + } + waiter.Wait(ctx) + } + } + // agent hasn't become a leader + err := retryWithBackoff("isLeader 0") + require.NoError(t, err, "non-leader server should have isLeader 0") + + testrpc.WaitForLeader(t, a.RPC, "dc1") + + // Verify agent's isLeader metrics is 1 + err = retryWithBackoff("isLeader 1") + require.NoError(t, err, "leader should have isLeader 1") + }) +} + // TestHTTPHandlers_AgentMetrics_ConsulAutopilot_Prometheus adds testing around // the published autopilot metrics on https://www.consul.io/docs/agent/telemetry#autopilot func TestHTTPHandlers_AgentMetrics_ConsulAutopilot_Prometheus(t *testing.T) { diff --git a/agent/setup.go b/agent/setup.go index 6e96f468f..b09537a1e 100644 --- a/agent/setup.go +++ b/agent/setup.go @@ -202,6 +202,13 @@ func getPrometheusDefs(cfg lib.TelemetryConfig, isServer bool) ([]prometheus.Gau }, } + serverGauges := []prometheus.GaugeDefinition{ + { + Name: []string{"server", "isLeader"}, + Help: "Tracks if the server is a leader.", + }, + } + // Build slice of slices for all gauge definitions var gauges = [][]prometheus.GaugeDefinition{ cache.Gauges, @@ -214,6 +221,7 @@ func getPrometheusDefs(cfg lib.TelemetryConfig, isServer bool) ([]prometheus.Gau CertExpirationGauges, Gauges, raftGauges, + serverGauges, } // TODO(ffmmm): conditionally add only leader specific metrics to gauges, counters, summaries, etc diff --git a/test/integration/consul-container/go.mod b/test/integration/consul-container/go.mod index 886be129b..aa61209c1 100644 --- a/test/integration/consul-container/go.mod +++ b/test/integration/consul-container/go.mod @@ -3,25 +3,18 @@ module github.com/hashicorp/consul/integration/consul-container go 1.16 require ( - github.com/armon/go-metrics v0.3.10 // indirect github.com/docker/docker v20.10.11+incompatible + github.com/hashicorp/consul v1.12.1 github.com/hashicorp/consul/api v1.11.0 github.com/hashicorp/consul/sdk v0.8.0 github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-hclog v0.16.2 // indirect github.com/hashicorp/go-immutable-radix v1.3.1 // indirect - github.com/hashicorp/go-msgpack v0.5.5 // indirect - github.com/hashicorp/go-multierror v1.1.1 // indirect - github.com/hashicorp/go-sockaddr v1.0.2 // indirect github.com/hashicorp/go-uuid v1.0.2 - github.com/hashicorp/golang-lru v0.5.4 // indirect - github.com/hashicorp/memberlist v0.3.1 // indirect - github.com/kr/text v0.2.0 // indirect github.com/mitchellh/mapstructure v1.4.2 // indirect github.com/stretchr/testify v1.7.0 github.com/testcontainers/testcontainers-go v0.13.0 - golang.org/x/net v0.0.0-20211209124913-491a49abca63 // indirect google.golang.org/grpc v1.41.0 // indirect ) diff --git a/test/integration/consul-container/go.sum b/test/integration/consul-container/go.sum index 40ef073b9..6193ea998 100644 --- a/test/integration/consul-container/go.sum +++ b/test/integration/consul-container/go.sum @@ -10,35 +10,61 @@ cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6T cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4= cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M= cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc= +cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk= +cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs= +cloud.google.com/go v0.59.0/go.mod h1:qJxNOVCRTxHfwLhvDxxSI9vQc1zI59b9pEglp1Iv60E= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= +cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= +cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= +cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= +cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= +cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= github.com/Azure/azure-sdk-for-go v16.2.1+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= +github.com/Azure/azure-sdk-for-go v44.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8= github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/Azure/go-autorest v10.8.1+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= +github.com/Azure/go-autorest/autorest v0.9.0/go.mod h1:xyHB1BMZT0cuDHU7I0+g046+BFDTQ8rEZB0s4Yfa6bI= +github.com/Azure/go-autorest/autorest v0.11.0/go.mod h1:JFgpikqFJ/MleTTxwepExTKnFUKKszPS8UavbQYUMuw= github.com/Azure/go-autorest/autorest v0.11.1/go.mod h1:JFgpikqFJ/MleTTxwepExTKnFUKKszPS8UavbQYUMuw= +github.com/Azure/go-autorest/autorest v0.11.18/go.mod h1:dSiJPy22c3u0OtOKDNttNgqpNFY/GeWa7GH/Pz56QRA= +github.com/Azure/go-autorest/autorest/adal v0.5.0/go.mod h1:8Z9fGy2MpX0PvDjB1pEgQTmVqjGhiHBW7RJJEciWzS0= github.com/Azure/go-autorest/autorest/adal v0.9.0/go.mod h1:/c022QCutn2P7uY+/oQWWNcK9YU+MH96NgK+jErpbcg= github.com/Azure/go-autorest/autorest/adal v0.9.5/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A= +github.com/Azure/go-autorest/autorest/adal v0.9.13/go.mod h1:W/MM4U6nLxnIskrw4UwWzlHfGjwUS50aOsc/I3yuU8M= +github.com/Azure/go-autorest/autorest/azure/auth v0.5.0/go.mod h1:QRTvSZQpxqm8mSErhnbI+tANIBAKP7B+UIE2z4ypUO0= +github.com/Azure/go-autorest/autorest/azure/cli v0.4.0/go.mod h1:JljT387FplPzBA31vUcvsetLKF3pec5bdAxjVU4kI2s= +github.com/Azure/go-autorest/autorest/date v0.1.0/go.mod h1:plvfp3oPSKwf2DNjlBjWF/7vwR+cUD/ELuzDCXwHUVA= github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74= +github.com/Azure/go-autorest/autorest/mocks v0.1.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0= +github.com/Azure/go-autorest/autorest/mocks v0.2.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0= github.com/Azure/go-autorest/autorest/mocks v0.4.0/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= +github.com/Azure/go-autorest/autorest/to v0.4.0/go.mod h1:fE8iZBn7LQR7zH/9XU2NcPR4o9jEImooCeWJcYV/zLE= +github.com/Azure/go-autorest/autorest/validation v0.3.0/go.mod h1:yhLgjC0Wda5DYXl6JAsWyUe4KVNffhoDhG0zVzUMo3E= +github.com/Azure/go-autorest/logger v0.1.0/go.mod h1:oExouG+K6PryycPJfVSxi/koC6LSNgds39diKLz7Vrc= github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= +github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= +github.com/Azure/go-autorest/tracing v0.5.0/go.mod h1:r/s2XiOKccPW3HrqB+W0TQzfbtp2fGCgRFtBroKn4Dk= github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= +github.com/DataDog/datadog-go v2.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= +github.com/Microsoft/go-winio v0.4.3/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA= github.com/Microsoft/go-winio v0.4.11/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA= github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA= github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw= @@ -60,10 +86,15 @@ github.com/Microsoft/hcsshim v0.8.23/go.mod h1:4zegtUJth7lAvFyc6cH2gGQ5B3OFQim01 github.com/Microsoft/hcsshim/test v0.0.0-20201218223536-d3e5debf77da/go.mod h1:5hlzMzRKMLyo42nCZ9oml8AdTlq/0cvIaBv6tK1RehU= github.com/Microsoft/hcsshim/test v0.0.0-20210227013316-43a75bb4edd3/go.mod h1:mw7qgWloBUl75W/gVH3cQszUg1+gUITj7D6NY7ywVnY= github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= +github.com/NYTimes/gziphandler v1.0.1/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= +github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= +github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ= +github.com/StackExchange/wmi v1.2.1/go.mod h1:rcmrprowKIVzvc+NUiLncP2uuArMWLCbu9SBzvHz7e8= +github.com/abdullin/seq v0.0.0-20160510034733-d5467c17e7af/go.mod h1:5Jv4cbFiHJMsVxt52+i0Ha45fjshj6wxYr1r19tB9bw= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= @@ -73,12 +104,18 @@ github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kd github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= +github.com/armon/go-metrics v0.0.0-20190430140413-ec5e00d3c878/go.mod h1:3AMJUQhVx52RsWOnlkpikZr01T/yAVN2gn0861vByNg= +github.com/armon/go-metrics v0.3.0/go.mod h1:zXjbSimjXTd7vOpY8B0/2LpvNvDoXBuplAD+gJD3GYs= +github.com/armon/go-metrics v0.3.8/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc= github.com/armon/go-metrics v0.3.10 h1:FR+drcQStOe+32sYyJYyZ7FIdgoGGBnwLl+flodp8Uo= github.com/armon/go-metrics v0.3.10/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc= github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= github.com/aws/aws-sdk-go v1.15.11/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0= +github.com/aws/aws-sdk-go v1.25.37/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= +github.com/aws/aws-sdk-go v1.25.41/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= +github.com/aws/aws-sdk-go v1.42.34/go.mod h1:OGr6lGMAKGlG9CVrYnWYDKIyb829c6EVBRjxqjmPepc= github.com/beorn7/perks v0.0.0-20160804104726-4c0e84591b9a/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= @@ -89,6 +126,7 @@ github.com/bits-and-blooms/bitset v1.2.0/go.mod h1:gIdJ4wp64HaoK2YrL1Q5/N7Y16edY github.com/blang/semver v3.1.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869/go.mod h1:Ekp36dRnpXw/yCqJaO+ZrUyxD+3VXMFFr56k5XYrpB4= +github.com/boltdb/bolt v1.3.1/go.mod h1:clJnj/oiGkjum5o1McbSZDSLxVThjynRyGBgiAx27Ps= github.com/bshuster-repo/logrus-logstash-hook v0.4.1/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk= github.com/buger/jsonparser v0.0.0-20180808090653-f4dd9f5a6b44/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd/go.mod h1:2oa8nejYd4cQ/b0hMIopN0lCRxU0bueqREvZLWFrtK8= @@ -115,7 +153,9 @@ github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= +github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cockroachdb/apd v1.1.0/go.mod h1:8Sl8LxpKi29FqWXR16WEFZRNSz3SoPzUzeMeY4+DwBQ= github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= github.com/containerd/aufs v0.0.0-20200908144142-dab0cbea06f4/go.mod h1:nukgQABAEopAHvB6j7cnP5zJ+/3aVcE7hCYqvIwAHyE= github.com/containerd/aufs v0.0.0-20201003224125-76a6863f2989/go.mod h1:AkGGQs9NM2vtYHaUen+NljV0/baGCAPELGm2q9ZXpWU= @@ -203,8 +243,10 @@ github.com/containernetworking/plugins v0.9.1/go.mod h1:xP/idU2ldlzN6m4p5LmGiwRD github.com/containers/ocicrypt v1.0.1/go.mod h1:MeJDzk1RJHv89LjsH0Sp5KTY3ZYkjXO/C+bKAeWFIrc= github.com/containers/ocicrypt v1.1.0/go.mod h1:b8AOe0YR67uU8OqfVNcznfFpAzu3rdgUV4GP9qXPfu4= github.com/containers/ocicrypt v1.1.1/go.mod h1:Dm55fwWm1YZAjYRaJ94z2mfZikIyIN4B0oB3dj3jFxY= +github.com/coredns/coredns v1.1.2/go.mod h1:zASH/MVDgR6XZTbxvOnsZfffS+31vg6Ackf/wo1+AM0= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= +github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk= github.com/coreos/go-iptables v0.4.5/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU= github.com/coreos/go-iptables v0.5.0/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU= github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= @@ -218,6 +260,7 @@ github.com/coreos/go-systemd/v22 v22.1.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+ github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= +github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= @@ -232,10 +275,14 @@ github.com/d2g/hardwareaddr v0.0.0-20190221164911-e7d9fbe030e4/go.mod h1:bMl4RjI github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/denverdino/aliyungo v0.0.0-20170926055100-d3308649c661/go.mod h1:dV8lFg6daOBZbT6/BDGIz6Y3WFGn8juu6G+CQ6LHtl0= github.com/denverdino/aliyungo v0.0.0-20190125010748-a747050bb1ba/go.mod h1:dV8lFg6daOBZbT6/BDGIz6Y3WFGn8juu6G+CQ6LHtl0= github.com/dgrijalva/jwt-go v0.0.0-20170104182250-a601269ab70c/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= +github.com/digitalocean/godo v1.7.5/go.mod h1:h6faOIcZ8lWIwNQ+DN7b3CgX4Kwby5T+nbpNqkUIozU= +github.com/digitalocean/godo v1.10.0/go.mod h1:h6faOIcZ8lWIwNQ+DN7b3CgX4Kwby5T+nbpNqkUIozU= +github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8= github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E= github.com/dnephin/pflag v1.0.7/go.mod h1:uxE91IoWURlOiTUIA8Mq5ZZkAv3dPUfZNaT80Zm7OQE= github.com/docker/distribution v0.0.0-20190905152932-14b96e55d84c/go.mod h1:0+TTO4EOBfRPhZXAeF1Vu+W3hHZ8eLp8PgKVZlcvtFY= @@ -244,6 +291,7 @@ github.com/docker/distribution v2.7.1+incompatible h1:a5mlkVzth6W5A4fOsS3D2EO5BU github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/docker v20.10.11+incompatible h1:OqzI/g/W54LczvhnccGqniFoQghHx3pklbLuhfXpqGo= github.com/docker/docker v20.10.11+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/go-connections v0.3.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec= github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ= github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec= github.com/docker/go-events v0.0.0-20170721190031-9461782956ad/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA= @@ -257,6 +305,7 @@ github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZ github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= +github.com/elazarl/go-bindata-assetfs v0.0.0-20160803192304-e1a2a7ec64b0/go.mod h1:v+YaWX3bdea5J/mo8dSETolEo7R71Vk1u8bnjau5yw4= github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= @@ -264,36 +313,49 @@ github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymF github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= +github.com/envoyproxy/go-control-plane v0.9.9/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= +github.com/evanphx/json-patch v4.2.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= github.com/fatih/color v1.10.0 h1:s36xzo75JdqLaaWoiEHk767eHiwo0598uUxyfiPkDsg= github.com/fatih/color v1.10.0/go.mod h1:ELkj/draVOlAH/xkhN6mQ50Qd0MPOk5AAr3maGEBuJM= +github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M= github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= +github.com/frankban/quicktest v1.11.0/go.mod h1:K+q6oSqb0W0Ininfk863uOk1lMy69l/P6txr3mVT54s= github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= +github.com/fsnotify/fsnotify v1.5.1/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5Ai1i3InKU= github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA= github.com/garyburd/redigo v0.0.0-20150301180006-535138d7bcd7/go.mod h1:NR3MbYisc3/PwhQ00EMzDiPmrwpPxAn5GI05/YaO1SY= github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= +github.com/go-asn1-ber/asn1-ber v1.3.1/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-ini/ini v1.25.4/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= +github.com/go-ldap/ldap/v3 v3.1.3/go.mod h1:3rbOH3jRS2u6jg2rJnKAMLE/xQyCKIveG2Sa/Cohzb8= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= +github.com/go-ole/go-ole v1.2.5/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0= +github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0= +github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0= github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg= github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= +github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9/go.mod h1:W3Z9FmVs9qj+KR4zFKmDPGiLdk1D9Rlm7cyMvf57TTg= github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc= github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8= +github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501/go.mod h1:J8+jY1nAiCcj+friV/PDoE1/3eeccG9LYBs0tYvLOWc= github.com/go-openapi/spec v0.19.3/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8Lj9mJglo= +github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dpr1UfpPtxFw+EFuQ41HhCWZfha5jSVRG7C7I= github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= github.com/go-redis/redis v6.15.9+incompatible h1:K0pv1D7EQUjfyoMql+r/jZqCLizCGKFlFgcHWWmHQjg= @@ -301,6 +363,8 @@ github.com/go-redis/redis v6.15.9+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8w github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE= github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= +github.com/go-test/deep v1.0.2-0.20181118220953-042da051cf31/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= +github.com/go-test/deep v1.0.2/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= github.com/godbus/dbus v0.0.0-20151105175453-c7fdd8b5cd55/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw= github.com/godbus/dbus v0.0.0-20180201030542-885f9cc04c9c/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw= github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e/go.mod h1:bBOAhwG1umN6/6ZUMtDFBMQR8jRg9O75tm9K00oMsK4= @@ -327,6 +391,8 @@ github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfb github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= +github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= +github.com/golang/protobuf v0.0.0-20161109072736-4bd1920723d7/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= @@ -344,6 +410,7 @@ github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0 h1:0udJVsspx3VBr5FwtLhQQtuAsVc79tTq0ocGIPAU6qo= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= @@ -351,23 +418,32 @@ github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5a github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.7 h1:81/ik6ipDQS2aGcBfIN5dHDB36BwrStyeAQquSYCV4o= github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE= +github.com/google/go-querystring v0.0.0-20170111101155-53e6ce116135/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= +github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20200507031123-427632fa3b1c/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= +github.com/google/tcpproxy v0.0.0-20180808230851-dfa16c61dad2/go.mod h1:DavVbd41y+b7ukKDmlnPR4nGYmkWXR6vHUkjQNiHPBs= github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= @@ -376,7 +452,11 @@ github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= +github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= +github.com/googleapis/gnostic v0.1.0/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= +github.com/googleapis/gnostic v0.2.0/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg= +github.com/gophercloud/gophercloud v0.1.0/go.mod h1:vxM41WHh5uqHVBMZHzuwNOHh8XEoIEcSTewFxm1c5g8= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/gorilla/handlers v0.0.0-20150720190736-60c7bfde3e33/go.mod h1:Qkdc/uu4tH4g6mTK6auzZ766c4CA0Ng8+o/OAirnOIQ= github.com/gorilla/mux v1.7.2 h1:zoNxOV7WjqXptQOVngLmcSQgXmgk4NMz1HibBchjl/I= @@ -391,20 +471,34 @@ github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgf github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= +github.com/hashicorp/consul v1.12.1 h1:g6mHxbw704X7qbYuRd88n9h9nQB+uc1GcNyJ4PU1Jfg= +github.com/hashicorp/consul v1.12.1/go.mod h1:Mm/CJn9O0phrihUVSfn/UtGhwR50FUNHNIQIzSGv+40= +github.com/hashicorp/consul-net-rpc v0.0.0-20220307172752-3602954411b4/go.mod h1:vWEAHAeAqfOwB3pSgHMQpIu8VH1jL+Ltg54Tw0wt/NI= github.com/hashicorp/errwrap v0.0.0-20141028054710-7554cd9344ce/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= +github.com/hashicorp/go-bexpr v0.1.2/go.mod h1:ANbpTX1oAql27TZkKVeW8p1w8NTdnyzPe/0qqPCKohU= +github.com/hashicorp/go-checkpoint v0.5.0/go.mod h1:7nfLNL10NsxqO4iWuW6tWW0HjZuDrwkBuEQsVcpCOgg= github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= +github.com/hashicorp/go-connlimit v0.3.0/go.mod h1:OUj9FGL1tPIhl/2RCfzYHrIiWj+VVPGNyVPnUX8AqS0= +github.com/hashicorp/go-discover v0.0.0-20220411141802-20db45f7f0f9/go.mod h1:1xfdKvc3pe5WKxfUUHHOGaKMk7NLGhHY1jkyhKo6098= +github.com/hashicorp/go-hclog v0.0.0-20180709165350-ff2cf002a8dd/go.mod h1:9bjs9uLqI8l75knNv3lV1kA55veR+WUPSiKIWcQHudI= +github.com/hashicorp/go-hclog v0.9.1/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= +github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= github.com/hashicorp/go-hclog v0.12.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= +github.com/hashicorp/go-hclog v0.14.1/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= github.com/hashicorp/go-hclog v0.16.2 h1:K4ev2ib4LdQETX5cSZBG0DVLk1jwGqSPXBjdah3veNs= github.com/hashicorp/go-hclog v0.16.2/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= +github.com/hashicorp/go-immutable-radix v1.3.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= github.com/hashicorp/go-immutable-radix v1.3.1 h1:DKHmCUm2hRBK510BaiZlwvpD40f8bJFeZnpfm2KLowc= github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= +github.com/hashicorp/go-kms-wrapping/entropy v0.1.0/go.mod h1:d1g9WGtAunDNpek8jUIEJnBlbgKS1N2Q61QkHiZyR1g= +github.com/hashicorp/go-memdb v1.3.2/go.mod h1:Mluclgwib3R93Hk5fxEfiRhB+6Dar64wWh71LpNSe3g= github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= github.com/hashicorp/go-msgpack v0.5.5 h1:i9R9JSrqIz0QVLz3sz+i3YJdT7TTSLcfLLzJi9aZTuI= github.com/hashicorp/go-msgpack v0.5.5/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= @@ -413,7 +507,11 @@ github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHh github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA= github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= +github.com/hashicorp/go-plugin v1.0.1/go.mod h1:++UyYGoz3o5w9ZzAdZxtQKrWWP+iqPBn3cQptSMzBuY= +github.com/hashicorp/go-raftchunking v0.6.2/go.mod h1:cGlg3JtDy7qy6c/3Bu660Mic1JF+7lWqIwCFSb08fX0= github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs= +github.com/hashicorp/go-retryablehttp v0.6.6/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= +github.com/hashicorp/go-retryablehttp v0.6.7/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc= github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU= @@ -424,33 +522,63 @@ github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/b github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.2 h1:cfejS+Tpcp13yd5nYHWDI6qVCny6wyX2Mt5SGur2IGE= github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= +github.com/hashicorp/go-version v1.1.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= +github.com/hashicorp/go-version v1.2.1/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc= github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= +github.com/hashicorp/hil v0.0.0-20200423225030-a18a1cd20038/go.mod h1:n2TSygSNwsLJ76m8qFXTSc7beTb+auJxYdqrnoqwZWE= github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= +github.com/hashicorp/mdns v1.0.1/go.mod h1:4gW7WsVCke5TE7EPeYliwHlRUyBtfCwuFwuMg2DmyNY= github.com/hashicorp/mdns v1.0.4/go.mod h1:mtBihi+LeNXGtG8L9dX59gAEa12BDtBQSp4v/YAJqrc= github.com/hashicorp/memberlist v0.3.0/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOnAH9VT3Sh9MUE= github.com/hashicorp/memberlist v0.3.1 h1:MXgUXLqva1QvpVEDQW1IQLG0wivQAtmFlHRQ+1vWZfM= github.com/hashicorp/memberlist v0.3.1/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOnAH9VT3Sh9MUE= -github.com/hashicorp/serf v0.9.6 h1:uuEX1kLR6aoda1TBttmJQKDLZE1Ob7KN0NPdE7EtCDc= +github.com/hashicorp/raft v1.1.0/go.mod h1:4Ak7FSPnuvmb0GV6vgIAJ4vYT4bek9bb6Q+7HVbyzqM= +github.com/hashicorp/raft v1.1.1/go.mod h1:vPAJM8Asw6u8LxC3eJCUZmRP/E4QmUGE1R7g7k8sG/8= +github.com/hashicorp/raft v1.2.0/go.mod h1:vPAJM8Asw6u8LxC3eJCUZmRP/E4QmUGE1R7g7k8sG/8= +github.com/hashicorp/raft v1.3.6/go.mod h1:4Ak7FSPnuvmb0GV6vgIAJ4vYT4bek9bb6Q+7HVbyzqM= +github.com/hashicorp/raft-autopilot v0.1.6/go.mod h1:Af4jZBwaNOI+tXfIqIdbcAnh/UyyqIMj/pOISIfhArw= +github.com/hashicorp/raft-boltdb v0.0.0-20171010151810-6e5ba93211ea/go.mod h1:pNv7Wc3ycL6F5oOWn+tPGo2gWD4a5X+yp/ntwdKLjRk= +github.com/hashicorp/raft-boltdb v0.0.0-20210409134258-03c10cc3d4ea/go.mod h1:qRd6nFJYYS6Iqnc/8HcUmko2/2Gw8qTFEmxDLii6W5I= +github.com/hashicorp/raft-boltdb v0.0.0-20211202195631-7d34b9fb3f42/go.mod h1:wcXL8otVu5cpJVLjcmq7pmfdRCdaP+xnvu7WQcKJAhs= +github.com/hashicorp/raft-boltdb/v2 v2.2.2/go.mod h1:N8YgaZgNJLpZC+h+by7vDu5rzsRgONThTEeUS3zWbfY= github.com/hashicorp/serf v0.9.6/go.mod h1:TXZNMjZQijwlDvp+r0b63xZ45H7JmCmgg4gpTwn9UV4= +github.com/hashicorp/serf v0.9.7 h1:hkdgbqizGQHuU5IPqYM1JdSMV8nKfpuOnZYXssk9muY= +github.com/hashicorp/serf v0.9.7/go.mod h1:TXZNMjZQijwlDvp+r0b63xZ45H7JmCmgg4gpTwn9UV4= +github.com/hashicorp/vault/api v1.0.5-0.20200717191844-f687267c8086/go.mod h1:R3Umvhlxi2TN7Ex2hzOowyeNb+SfbVWI973N+ctaFMk= +github.com/hashicorp/vault/sdk v0.1.14-0.20200519221838-e0cfd64bc267/go.mod h1:WX57W2PwkrOPQ6rVQk+dy5/htHIaB4aBM70EwKThu10= +github.com/hashicorp/vic v1.5.1-0.20190403131502-bbfe86ec9443/go.mod h1:bEpDU35nTu0ey1EXjwNwPjI9xErAsoOCmcMb9GKvyxo= +github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM= +github.com/hashicorp/yamux v0.0.0-20210826001029-26ff87cf9493/go.mod h1:CtWFDAQgb7dxtzFs4tWbplKIe2jSi3+5vKbgIO0SLnQ= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= +github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= +github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.10/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/j-keck/arping v0.0.0-20160618110441-2cf9dc699c56/go.mod h1:ymszkNOg6tORTn+6F6j+Jc8TOr5osrynvN6ivFWZ2GA= +github.com/jackc/fake v0.0.0-20150926172116-812a484cc733/go.mod h1:WrMFNQdiFJ80sQsxDoMokWK1W5TQtxBFNpzWTD84ibQ= +github.com/jackc/pgx v3.3.0+incompatible/go.mod h1:0ZGrqGqkRlliWnWB4zKnWtjbSWbGkVEFm4TeybAXq+I= +github.com/jarcoal/httpmock v0.0.0-20180424175123-9c70cfe4a1da/go.mod h1:ks+b9deReOc7jgqp+e7LuFiCBH6Rm5hL32cLcEAArb4= github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/jmespath/go-jmespath v0.0.0-20160803190731-bd40a432e4c7/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= +github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= +github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= +github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8= +github.com/joyent/triton-go v0.0.0-20180628001255-830d2b111e62/go.mod h1:U+RSyWxWd04xTqnuOQxnai7XGS2PrPY2cfGoDKtMHjA= +github.com/joyent/triton-go v1.7.1-0.20200416154420-6801d15b779f/go.mod h1:KDSfL7qe5ZfQqvlDMkVjCztbmcpp/c8M77vhQP8ZPvk= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= +github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= @@ -476,9 +604,13 @@ github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= +github.com/linode/linodego v0.7.1/go.mod h1:ga11n3ivecUrPCHN0rANxKmfWBJVkOXfLMZinAbj2sY= +github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0/go.mod h1:zJYVVT2jmtg6P3p1VtQj7WsuWi/y4VnjVBn7F8KPB3I= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/magiconair/properties v1.8.5 h1:b6kJs+EmPFMYGkow9GiUyCyOvIwYetYJ3fSaWak/Gls= github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60= +github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs= @@ -496,9 +628,11 @@ github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOA github.com/mattn/go-isatty v0.0.12 h1:wuysRhFDzyxgEmMf5xjvJ2M9dZoWAXNNr5LSBS7uHXY= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= +github.com/mattn/go-runewidth v0.0.3/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= github.com/mattn/go-shellwords v1.0.3/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= +github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso= github.com/miekg/dns v1.1.41 h1:WMszZWJG0XmzbK9FEmzH2TVcqYzFesusSIB41b8KHxY= github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI= @@ -506,14 +640,25 @@ github.com/miekg/pkcs11 v1.0.3/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WT github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible/go.mod h1:8AuVvqP/mXw1px98n46wfvcGfQ4ci2FwoAjKYxuo3Z4= github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= github.com/mitchellh/cli v1.1.0/go.mod h1:xcISNoH86gajksDmfB23e/pu+B+GeFRMYmoHXxx3xhI= +github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= +github.com/mitchellh/go-testing-interface v0.0.0-20171004221916-a61a99592b77/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= +github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= +github.com/mitchellh/go-testing-interface v1.14.0/go.mod h1:gfgS7OtZj6MA4U1UrDRp04twqAjfvlZyCfX3sDjEym8= github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo= +github.com/mitchellh/hashstructure v0.0.0-20170609045927-2bca23e0e452/go.mod h1:QjSHrPWS+BGUVBYkbTZWEnOh3G1DutKwClXU/ABz6AQ= +github.com/mitchellh/hashstructure/v2 v2.0.2/go.mod h1:MG3aRVU/N29oo/V/IhBX8GR/zz4kQkprJgF2EVszyDE= github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= +github.com/mitchellh/mapstructure v1.3.2/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= +github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.4.2 h1:6h7AQ0yhTcIsmFmnAwQls75jp2Gzs4iB8W7pjMO+rqo= github.com/mitchellh/mapstructure v1.4.2/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/osext v0.0.0-20151018003038-5e2d6d41470f/go.mod h1:OkQIRizQZAeMln+1tSwduZz7+Af5oFlKirV/MSYes2A= +github.com/mitchellh/pointerstructure v1.2.1/go.mod h1:BRAsLI5zgXmw97Lf6s25bs8ohIXc3tViBH44KcwB2g4= +github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= +github.com/mitchellh/reflectwalk v1.0.1/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc= github.com/moby/sys/mount v0.2.0 h1:WhCW5B355jtxndN5ovugJlMFJawbUODuW8fSnEH6SSM= github.com/moby/sys/mount v0.2.0/go.mod h1:aAivFE2LB3W4bACsUXChRHQ0qKWsetY4Y9V7sxOougM= @@ -537,9 +682,12 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8m github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= github.com/ncw/swift v1.0.47/go.mod h1:23YIA4yWVnGwv2dQlN4bB7egfYX6YLn0Yo/S6zZO/ZM= +github.com/nicolai86/scaleway-sdk v1.10.2-0.20180628010248-798f60e20bb2/go.mod h1:TLb2Sg7HQcgGdloNxkrmtgDNR9uVYF3lfdFIN4Ro6Sk= github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= +github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo= +github.com/olekukonko/tablewriter v0.0.0-20180130162743-b8a9be070da4/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo= github.com/onsi/ginkgo v0.0.0-20151202141238-7f8ab55aaf3b/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= @@ -579,12 +727,16 @@ github.com/opencontainers/runtime-tools v0.0.0-20181011054405-1d69bd0f9c39/go.mo github.com/opencontainers/selinux v1.6.0/go.mod h1:VVGKuOLlE7v4PJyT6h7mNWvq1rzqiriPsEqVhc+svHE= github.com/opencontainers/selinux v1.8.0/go.mod h1:RScLhm78qiWa2gbVCcGkC7tCGdgk3ogry1nUQF8Evvo= github.com/opencontainers/selinux v1.8.2/go.mod h1:MUIHuUEvKB1wtJjQdOyYRgOnLD2xAPP8dBsCoU0KuF8= +github.com/packethost/packngo v0.1.1-0.20180711074735-b9cb5096f54c/go.mod h1:otzZQXgoO96RTzDB/Hycg0qZcXZsWJGJRSXbmEIJ+4M= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pascaldekloe/goe v0.1.0 h1:cBOtyMzM9HTpWjXfbbunk26uA6nG3a8n06Wieeh0MwY= github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= +github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ= github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= github.com/pelletier/go-toml v1.8.1/go.mod h1:T2/BmBdy8dvIRq1a/8aqjN41wvWlN4lrapLU/GW4pbc= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= +github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= +github.com/pierrec/lz4 v2.5.2+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1-0.20171018195549-f15c970de5b7/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= @@ -595,8 +747,10 @@ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZN github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s= github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA= +github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA= github.com/prometheus/client_golang v0.0.0-20180209125602-c332b6f63c06/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= +github.com/prometheus/client_golang v0.9.2/go.mod h1:OsXs2jCmiKlQ1lTBmv21f2mNfw4xf/QclQDMrYNZzcM= github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g= @@ -609,6 +763,7 @@ github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1: github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/common v0.0.0-20180110214958-89604d197083/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= +github.com/prometheus/common v0.0.0-20181126121408-4724e9255275/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc= @@ -616,6 +771,7 @@ github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8b github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= github.com/prometheus/procfs v0.0.0-20180125133057-cb4147076ac7/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= +github.com/prometheus/procfs v0.0.0-20181204211112-1dc9a6cbc91a/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.0-20190522114515-bc1a522cf7b1/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= @@ -626,17 +782,27 @@ github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4O github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= +github.com/rboyer/safeio v0.2.1/go.mod h1:Cq/cEPK+YXFn622lsQ0K4KsPZSPtaptHHEldsy7Fmig= +github.com/renier/xmlrpc v0.0.0-20170708154548-ce4a1a486c03/go.mod h1:gRAiPF5C5Nd0eyyRdqIu9qTiFSoZzpTq727b5B8fkkU= github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= +github.com/rs/zerolog v1.4.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU= +github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= +github.com/ryanuber/columnize v2.1.2+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= +github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc= github.com/safchain/ethtool v0.0.0-20190326074333-42ed695e3de8/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4= github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= +github.com/sean-/conswriter v0.0.0-20180208195008-f5ae3917a627/go.mod h1:7zjs06qF79/FKAJpBvFx3P8Ww4UTIMAe+lpNXDHziac= +github.com/sean-/pager v0.0.0-20180208200047-666be9bf53b5/go.mod h1:BeybITEsBEg6qbIiqJ6/Bqeq25bCLbL7YFmpaFfJDuM= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 h1:nn5Wsu0esKSJiIVhscUtVbo7ada43DJhG55ua/hjS5I= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= github.com/seccomp/libseccomp-golang v0.9.1/go.mod h1:GbW5+tmTXfcxTToHLXlScSlAvWlF4P2Ca7zGrPiEpWo= +github.com/shirou/gopsutil/v3 v3.21.10/go.mod h1:t75NhzCZ/dYyPQjyQmrAYP6c8+LCdFANeBMdLPCNnew= +github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24/go.mod h1:M+9NzErvs504Cn4c5DxATwIqPbtswREoFCre64PpcG4= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= github.com/sirupsen/logrus v1.0.4-0.20170822132746-89742aefa4b2/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc= github.com/sirupsen/logrus v1.0.6/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc= @@ -649,13 +815,16 @@ github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= +github.com/softlayer/softlayer-go v0.0.0-20180806151055-260589d94c7d/go.mod h1:Cw4GTlQccdRGSEf6KiMju767x0NEHE0YIVPJSaXjlsw= github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= +github.com/spf13/afero v1.2.1/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cobra v0.0.2-0.20171109065643-2da4a54c5cee/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= +github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU= github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE= github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= @@ -663,6 +832,7 @@ github.com/spf13/pflag v1.0.1-0.20171106142849-4c012f6dcd95/go.mod h1:DYY7MBk1bd github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s= github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE= github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980/go.mod h1:AO3tvPzVZ/ayst6UlUKUv6rcPQInYe3IknH3jYhAKu8= github.com/stretchr/objx v0.0.0-20180129172003-8a3f7159479f/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= @@ -682,12 +852,16 @@ github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8/go.mod h1:hkRG github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/tchap/go-patricia v2.2.6+incompatible/go.mod h1:bmLyhP68RS6kStMGxByiQ23RP/odRBOTVjwp2cDyi6I= +github.com/tencentcloud/tencentcloud-sdk-go v1.0.162/go.mod h1:asUz5BPXxgoPGaRgZaVm1iGcUAuHyYUo1nXqKa83cvI= github.com/testcontainers/testcontainers-go v0.13.0 h1:OUujSlEGsXVo/ykPVZk3KanBNGN0TYb/7oKIPVn15JA= github.com/testcontainers/testcontainers-go v0.13.0/go.mod h1:z1abufU633Eb/FmSBTzV6ntZAC1eZBYPtaFsn4nPuDk= +github.com/tklauser/go-sysconf v0.3.9/go.mod h1:11DU/5sG7UexIrp/O6g35hrWzu0JxlwQ3LSFUzyeuhs= +github.com/tklauser/numcpus v0.3.0/go.mod h1:yFGUr7TUHQRAhyqBcEg0Ge34zDBAsIvJJcyE6boqnA8= github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM= github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= +github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= github.com/urfave/cli v0.0.0-20171014202726-7bc6a0acffa5/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= @@ -698,6 +872,7 @@ github.com/vishvananda/netlink v1.1.1-0.20201029203352-d40f9887b852/go.mod h1:tw github.com/vishvananda/netns v0.0.0-20180720170159-13995c7128cc/go.mod h1:ZjcWmFBXmLKZu9Nxj3WKYEafiSqer2rnvPr0en9UNpI= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0= +github.com/vmware/govmomi v0.18.0/go.mod h1:URlwyTFZX72RmxtxuaFL2Uj3fD1JTvZdx59bHWk6aFU= github.com/willf/bitset v1.1.11-0.20200630133818-d5bec3311243/go.mod h1:RjeCKbqT1RxIR/KWY6phxZiaY1IyutSBfGjNPySAYV4= github.com/willf/bitset v1.1.11/go.mod h1:83CECat5yLh5zVOf4P1ErAgKA5UDvKtgyUABdr3+MjI= github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= @@ -705,6 +880,7 @@ github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1: github.com/xeipuuv/gojsonschema v0.0.0-20180618132009-1d523034197f/go.mod h1:5yf86TLmAcydyeJq5YvxkGPE2fm/u4myDekKRoLuqhs= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= +github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43/go.mod h1:aX5oPXxHm3bOH+xeAttToC8pqch2ScQN/JoXYupl6xs= @@ -723,22 +899,29 @@ go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= +go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= golang.org/x/crypto v0.0.0-20171113213409-9f005a07e0d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181009213950-7c1a557ab941/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/crypto v0.0.0-20190211182817-74369b46fc67/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20190418165655-df01cb2cc480/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE= golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= +golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -769,11 +952,14 @@ golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzB golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181011144130-49bb7cea24b1/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -798,6 +984,11 @@ golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200602114024-627f9648deb9/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20201006153459-a7d1128ccaa0/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= @@ -807,8 +998,8 @@ golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8= golang.org/x/net v0.0.0-20211108170745-6635138e15ea/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20211209124913-491a49abca63 h1:iocB37TsdFuN6IBRZ+ry36wrkoV51/tl5vOWqkcPGvY= -golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20211216030914-fe4d6282115f h1:hEYJvxw1lSnWIl8X9ofsYMklzaDs90JI2az5YMd4fPM= +golang.org/x/net v0.0.0-20211216030914-fe4d6282115f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -820,25 +1011,34 @@ golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190129075346-302c3dd5f1cc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190209173611-3b5209105503/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190403152447-81d4e9dc473e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190514135907-3a4b5fb9f71f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190515120540-06a5c4944438/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190522044717-8097e1b27ff5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190523142557-0e01d883c5c5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190602015325-4c4f7f33c9ed/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -874,6 +1074,11 @@ golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200622214017-ed371f2e16b4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -896,11 +1101,15 @@ golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210426230700-d19ff857e887/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210816074244-15123e1e1f71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211013075003-97ac67df715c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220412211240-33da011f77ad h1:ntjMns5wyP/fN65tdBD4g8J5w8n015+iIIs9rtjXkY0= golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -913,10 +1122,12 @@ golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxb golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20200416051211-89c76fbcd5d1/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e h1:EHBhcS0mlXEAVwNyO2dLfjToGsyY4j24pTs2ScHnX7s= golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= @@ -936,6 +1147,7 @@ golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= @@ -950,8 +1162,15 @@ golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapK golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= +golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= +golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= +golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200622203043-20e05c1c8ffa/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -969,12 +1188,17 @@ google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsb google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= +google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/cloud v0.0.0-20151119220103-975617b05ea8/go.mod h1:0H1ncTHf11KCFhTc/+EFRbzSCOZx+VUbRMk55Yv5MYk= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= @@ -995,16 +1219,25 @@ google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvx google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA= google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= +google.golang.org/genproto v0.0.0-20200623002339-fbb79eadd5eb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201110150050-8816d57aaa9a h1:pOwg4OoaRYScjmR4LlLgdtnyoHYTSAVhhqe5uPdpII8= google.golang.org/genproto v0.0.0-20201110150050-8816d57aaa9a/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/grpc v0.0.0-20160317175043-d3ddb4469d5a/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= +google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= +google.golang.org/grpc v1.22.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.24.0/go.mod h1:XDChyiUovWa60DnaeDeZmSW86xtLtjtZbwvSiRnRtcA= @@ -1012,6 +1245,8 @@ google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQ google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= +google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60= +google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= @@ -1074,15 +1309,19 @@ honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= +honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= +k8s.io/api v0.18.2/go.mod h1:SJCWI7OLzhZSvbY7U8zwNl9UA4o1fizoug34OV/2r78= k8s.io/api v0.20.1/go.mod h1:KqwcCVogGxQY3nBlRpwt+wpAMF/KjaCc7RpywacvqUo= k8s.io/api v0.20.4/go.mod h1:++lNL1AJMkDymriNniQsWRkMDzRaX2Y/POTUi8yvqYQ= k8s.io/api v0.20.6/go.mod h1:X9e8Qag6JV/bL5G6bU8sdVRltWKmdHsFUGS3eVndqE8= +k8s.io/apimachinery v0.18.2/go.mod h1:9SnR/e11v5IbyPCGbvJViimtJ0SwHG4nfZFjU77ftcA= k8s.io/apimachinery v0.20.1/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU= k8s.io/apimachinery v0.20.4/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU= k8s.io/apimachinery v0.20.6/go.mod h1:ejZXtW1Ra6V1O5H8xPBGz+T3+4gfkTCeExAHKU57MAc= k8s.io/apiserver v0.20.1/go.mod h1:ro5QHeQkgMS7ZGpvf4tSMx6bBOgPfE+f52KwvXfScaU= k8s.io/apiserver v0.20.4/go.mod h1:Mc80thBKOyy7tbvFtB4kJv1kbdD0eIH8k8vianJcbFM= k8s.io/apiserver v0.20.6/go.mod h1:QIJXNt6i6JB+0YQRNcS0hdRHJlMhflFmsBDeSgT1r8Q= +k8s.io/client-go v0.18.2/go.mod h1:Xcm5wVGXX9HAA2JJ2sSBUn3tCJ+4SVlCbl2MNNv+CIU= k8s.io/client-go v0.20.1/go.mod h1:/zcHdt1TeWSd5HoUe6elJmHSQ6uLLgp4bIJHVEuy+/Y= k8s.io/client-go v0.20.4/go.mod h1:LiMv25ND1gLUdBeYxBIwKpkSC5IsozMMmOOeSJboP+k= k8s.io/client-go v0.20.6/go.mod h1:nNQMnOvEUEsOzRRFIIkdmYOjAZrC8bgq0ExboWSU1I0= @@ -1093,17 +1332,25 @@ k8s.io/cri-api v0.17.3/go.mod h1:X1sbHmuXhwaHs9xxYffLqJogVsnI+f6cPRcgPel7ywM= k8s.io/cri-api v0.20.1/go.mod h1:2JRbKt+BFLTjtrILYVqQK5jqhI+XNdF6UiGMgczeBCI= k8s.io/cri-api v0.20.4/go.mod h1:2JRbKt+BFLTjtrILYVqQK5jqhI+XNdF6UiGMgczeBCI= k8s.io/cri-api v0.20.6/go.mod h1:ew44AjNXwyn1s0U4xCKGodU7J1HzBeZ1MpGrpa5r8Yc= +k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= +k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= +k8s.io/klog v0.3.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= +k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.4.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= +k8s.io/kube-openapi v0.0.0-20200121204235-bf4fb3bd569c/go.mod h1:GRQhZsXIAJ1xR0C9bd8UpWHZ5plfAS9fzPjJuQ6JL3E= k8s.io/kube-openapi v0.0.0-20201113171705-d219536bb9fd/go.mod h1:WOJ3KddDSol4tAGcJo0Tvi+dK12EcqSLqcWsryKMpfM= k8s.io/kubernetes v1.13.0/go.mod h1:ocZa8+6APFNC2tX1DZASIbocyYT5jHzqFVsY5aoB7Jk= +k8s.io/utils v0.0.0-20200324210504-a9aa75ae1b89/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew= k8s.io/utils v0.0.0-20201110183641-67b214c5f920/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.14/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.15/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg= +sigs.k8s.io/structured-merge-diff/v3 v3.0.0-20200116222232-67a7b8c61874/go.mod h1:PlARxl6Hbt/+BC80dRLi1qAmnMqwqDg62YvvVkZjemw= +sigs.k8s.io/structured-merge-diff/v3 v3.0.0/go.mod h1:PlARxl6Hbt/+BC80dRLi1qAmnMqwqDg62YvvVkZjemw= sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= sigs.k8s.io/structured-merge-diff/v4 v4.0.3/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= diff --git a/test/integration/consul-container/libs/cluster/cluster.go b/test/integration/consul-container/libs/cluster/cluster.go index 2f2f81607..46fd18d6c 100644 --- a/test/integration/consul-container/libs/cluster/cluster.go +++ b/test/integration/consul-container/libs/cluster/cluster.go @@ -6,9 +6,13 @@ import ( "encoding/base64" "fmt" "strings" + "testing" + "time" "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/integration/consul-container/libs/node" + "github.com/hashicorp/consul/sdk/testutil/retry" + "github.com/stretchr/testify/require" ) // Cluster provides an interface for creating and controlling a Consul cluster @@ -122,3 +126,38 @@ func GetLeader(client *api.Client) (string, error) { } return leaderAdd, nil } + +const retryTimeout = 20 * time.Second +const retryFrequency = 500 * time.Millisecond + +func LongFailer() *retry.Timer { + return &retry.Timer{Timeout: retryTimeout, Wait: retryFrequency} +} + +func WaitForLeader(t *testing.T, cluster *Cluster, client *api.Client) { + retry.RunWith(LongFailer(), t, func(r *retry.R) { + leader, err := cluster.Leader() + require.NoError(r, err) + require.NotEmpty(r, leader) + }) + + if client != nil { + waitForLeaderFromClient(t, client) + } +} + +func waitForLeaderFromClient(t *testing.T, client *api.Client) { + retry.RunWith(LongFailer(), t, func(r *retry.R) { + leader, err := GetLeader(client) + require.NoError(r, err) + require.NotEmpty(r, leader) + }) +} + +func WaitForMembers(t *testing.T, client *api.Client, expectN int) { + retry.RunWith(LongFailer(), t, func(r *retry.R) { + members, err := client.Agent().Members(false) + require.NoError(r, err) + require.Len(r, members, expectN) + }) +} diff --git a/test/integration/consul-container/libs/utils/version_oss.go b/test/integration/consul-container/libs/utils/version_oss.go new file mode 100644 index 000000000..7a8450e7d --- /dev/null +++ b/test/integration/consul-container/libs/utils/version_oss.go @@ -0,0 +1,9 @@ +//go:build !consulent +// +build !consulent + +package utils + +import "flag" + +var TargetImage = flag.String("target-version", "local", "docker image to be used as UUT (unit under test)") +var LatestImage = flag.String("latest-version", "1.11", "docker image to be used as latest") diff --git a/test/integration/consul-container/metrics/leader_test.go b/test/integration/consul-container/metrics/leader_test.go new file mode 100644 index 000000000..95389a63e --- /dev/null +++ b/test/integration/consul-container/metrics/leader_test.go @@ -0,0 +1,114 @@ +package metrics + +import ( + "context" + "fmt" + "io/ioutil" + "net/http" + "net/url" + "strings" + "testing" + "time" + + "github.com/stretchr/testify/require" + + libcluster "github.com/hashicorp/consul/integration/consul-container/libs/cluster" + "github.com/hashicorp/consul/integration/consul-container/libs/node" + "github.com/hashicorp/consul/integration/consul-container/libs/utils" + "github.com/hashicorp/consul/lib/retry" +) + +// Given a 3-server cluster, when the leader is elected, then leader's isLeader is 1 and non-leader's 0 +func TestLeadershipMetrics(t *testing.T) { + var configs []node.Config + configs = append(configs, + node.Config{ + HCL: `node_name="` + utils.RandName("consul-server") + `" + log_level="TRACE" + server=true + telemetry { + statsite_address = "127.0.0.1:2180" + }`, + Cmd: []string{"agent", "-client=0.0.0.0"}, + Version: *utils.TargetImage, + }) + + numServer := 3 + for i := 1; i < numServer; i++ { + configs = append(configs, + node.Config{ + HCL: `node_name="` + utils.RandName("consul-server") + `" + log_level="TRACE" + bootstrap_expect=3 + server=true`, + Cmd: []string{"agent", "-client=0.0.0.0"}, + Version: *utils.TargetImage, + }) + + } + + cluster, err := libcluster.New(configs) + require.NoError(t, err) + defer terminate(t, cluster) + + svrCli := cluster.Nodes[0].GetClient() + libcluster.WaitForLeader(t, cluster, svrCli) + libcluster.WaitForMembers(t, svrCli, 3) + + retryWithBackoff := func(agentNode node.Node, expectedStr string) error { + waiter := &retry.Waiter{ + MaxWait: 5 * time.Minute, + } + _, port := agentNode.GetAddr() + ctx := context.Background() + for { + if waiter.Failures() > 5 { + return fmt.Errorf("reach max failure: %d", waiter.Failures()) + } + + metricsStr, err := getMetrics(t, "127.0.0.1", port, "/v1/agent/metrics") + if err != nil { + return fmt.Errorf("error get metrics: %v", err) + } + if strings.Contains(metricsStr, expectedStr) { + return nil + } + waiter.Wait(ctx) + } + } + + leaderNode, err := cluster.Leader() + require.NoError(t, err) + leadAddr, leaderPort := leaderNode.GetAddr() + + for i, n := range cluster.Nodes { + addr, port := n.GetAddr() + if addr == leadAddr && port == leaderPort { + err = retryWithBackoff(leaderNode, ".server.isLeader\",\"Value\":1,") + require.NoError(t, err, "%dth node(leader): could not find the metric %q in the /v1/agent/metrics response", i, ".server.isLeader\",\"Value\":1,") + } else { + err = retryWithBackoff(n, ".server.isLeader\",\"Value\":0,") + require.NoError(t, err, "%dth node(non-leader): could not find the metric %q in the /v1/agent/metrics response", i, ".server.isLeader\",\"Value\":0,") + } + } +} + +func getMetrics(t *testing.T, addr string, port int, path string) (string, error) { + u, err := url.Parse(fmt.Sprintf("http://%s:%d", addr, port)) + require.NoError(t, err) + u.Path = path + resp, err := http.Get(u.String()) + if err != nil { + return "", fmt.Errorf("error get metrics: %v", err) + } + body, err := ioutil.ReadAll(resp.Body) + if err != nil { + return "nil", fmt.Errorf("error read metrics: %v", err) + } + return string(body), nil +} + +func terminate(t *testing.T, cluster *libcluster.Cluster) { + err := cluster.Terminate() + require.NoError(t, err) +} diff --git a/test/integration/consul-container/upgrade/healthcheck_test.go b/test/integration/consul-container/upgrade/healthcheck_test.go index 5a287ab7a..73c8a807b 100644 --- a/test/integration/consul-container/upgrade/healthcheck_test.go +++ b/test/integration/consul-container/upgrade/healthcheck_test.go @@ -9,7 +9,7 @@ import ( "github.com/stretchr/testify/require" "github.com/hashicorp/consul/api" - "github.com/hashicorp/consul/integration/consul-container/libs/cluster" + libcluster "github.com/hashicorp/consul/integration/consul-container/libs/cluster" "github.com/hashicorp/consul/integration/consul-container/libs/node" "github.com/hashicorp/consul/integration/consul-container/libs/utils" ) @@ -21,17 +21,17 @@ func TestTargetServersWithLatestGAClients(t *testing.T) { numClients = 1 ) - cluster := serversCluster(t, numServers, *targetImage) - defer Terminate(t, cluster) + cluster := serversCluster(t, numServers, *utils.TargetImage) + defer terminate(t, cluster) - clients := clientsCreate(t, numClients, *latestImage, cluster.EncryptKey) + clients := clientsCreate(t, numClients, *utils.LatestImage, cluster.EncryptKey) require.NoError(t, cluster.AddNodes(clients)) client := cluster.Nodes[0].GetClient() - waitForLeader(t, cluster, client) - waitForMembers(t, client, 4) + libcluster.WaitForLeader(t, cluster, client) + libcluster.WaitForMembers(t, client, 4) serviceName := "api" index := serviceCreate(t, client, serviceName) @@ -77,7 +77,7 @@ func TestMixedServersMajorityLatestGAClient(t *testing.T) { log_level="TRACE" server=true`, Cmd: []string{"agent", "-client=0.0.0.0"}, - Version: *targetImage, + Version: *utils.TargetImage, }) for i := 1; i < 3; i++ { @@ -88,27 +88,27 @@ func TestMixedServersMajorityLatestGAClient(t *testing.T) { bootstrap_expect=3 server=true`, Cmd: []string{"agent", "-client=0.0.0.0"}, - Version: *latestImage, + Version: *utils.LatestImage, }) } - cluster, err := cluster.New(configs) + cluster, err := libcluster.New(configs) require.NoError(t, err) - defer Terminate(t, cluster) + defer terminate(t, cluster) const ( numClients = 1 ) - clients := clientsCreate(t, numClients, *latestImage, cluster.EncryptKey) + clients := clientsCreate(t, numClients, *utils.LatestImage, cluster.EncryptKey) require.NoError(t, cluster.AddNodes(clients)) client := clients[0].GetClient() - waitForLeader(t, cluster, client) - waitForMembers(t, client, 4) + libcluster.WaitForLeader(t, cluster, client) + libcluster.WaitForMembers(t, client, 4) serviceName := "api" index := serviceCreate(t, client, serviceName) @@ -155,7 +155,7 @@ func TestMixedServersMajorityTargetGAClient(t *testing.T) { bootstrap_expect=3 server=true`, Cmd: []string{"agent", "-client=0.0.0.0"}, - Version: *targetImage, + Version: *utils.TargetImage, }) } @@ -165,25 +165,25 @@ func TestMixedServersMajorityTargetGAClient(t *testing.T) { log_level="TRACE" server=true`, Cmd: []string{"agent", "-client=0.0.0.0"}, - Version: *latestImage, + Version: *utils.LatestImage, }) - cluster, err := cluster.New(configs) + cluster, err := libcluster.New(configs) require.NoError(t, err) - defer Terminate(t, cluster) + defer terminate(t, cluster) const ( numClients = 1 ) - clients := clientsCreate(t, numClients, *latestImage, cluster.EncryptKey) + clients := clientsCreate(t, numClients, *utils.LatestImage, cluster.EncryptKey) require.NoError(t, cluster.AddNodes(clients)) client := clients[0].GetClient() - waitForLeader(t, cluster, client) - waitForMembers(t, client, 4) + libcluster.WaitForLeader(t, cluster, client) + libcluster.WaitForMembers(t, client, 4) serviceName := "api" index := serviceCreate(t, client, serviceName) @@ -250,7 +250,7 @@ func serviceCreate(t *testing.T, client *api.Client, serviceName string) uint64 return meta.LastIndex } -func serversCluster(t *testing.T, numServers int, version string) *cluster.Cluster { +func serversCluster(t *testing.T, numServers int, version string) *libcluster.Cluster { var configs []node.Config for i := 0; i < numServers; i++ { configs = append(configs, node.Config{ @@ -262,16 +262,16 @@ func serversCluster(t *testing.T, numServers int, version string) *cluster.Clust Version: version, }) } - cluster, err := cluster.New(configs) + cluster, err := libcluster.New(configs) require.NoError(t, err) - waitForLeader(t, cluster, nil) - waitForMembers(t, cluster.Nodes[0].GetClient(), numServers) + libcluster.WaitForLeader(t, cluster, nil) + libcluster.WaitForMembers(t, cluster.Nodes[0].GetClient(), numServers) return cluster } -func Terminate(t *testing.T, cluster *cluster.Cluster) { +func terminate(t *testing.T, cluster *libcluster.Cluster) { err := cluster.Terminate() require.NoError(t, err) } diff --git a/test/integration/consul-container/upgrade/util_test.go b/test/integration/consul-container/upgrade/util_test.go deleted file mode 100644 index e7d80abc2..000000000 --- a/test/integration/consul-container/upgrade/util_test.go +++ /dev/null @@ -1,47 +0,0 @@ -package upgrade - -import ( - "testing" - "time" - - "github.com/stretchr/testify/require" - - "github.com/hashicorp/consul/api" - "github.com/hashicorp/consul/integration/consul-container/libs/cluster" - "github.com/hashicorp/consul/sdk/testutil/retry" -) - -const retryTimeout = 20 * time.Second -const retryFrequency = 500 * time.Millisecond - -func LongFailer() *retry.Timer { - return &retry.Timer{Timeout: retryTimeout, Wait: retryFrequency} -} - -func waitForLeader(t *testing.T, Cluster *cluster.Cluster, client *api.Client) { - retry.RunWith(LongFailer(), t, func(r *retry.R) { - leader, err := Cluster.Leader() - require.NoError(r, err) - require.NotEmpty(r, leader) - }) - - if client != nil { - waitForLeaderFromClient(t, client) - } -} - -func waitForLeaderFromClient(t *testing.T, client *api.Client) { - retry.RunWith(LongFailer(), t, func(r *retry.R) { - leader, err := cluster.GetLeader(client) - require.NoError(r, err) - require.NotEmpty(r, leader) - }) -} - -func waitForMembers(t *testing.T, client *api.Client, expectN int) { - retry.RunWith(LongFailer(), t, func(r *retry.R) { - members, err := client.Agent().Members(false) - require.NoError(r, err) - require.Len(r, members, expectN) - }) -} diff --git a/test/integration/consul-container/upgrade/version_oss.go b/test/integration/consul-container/upgrade/version_oss.go deleted file mode 100644 index 82a9230af..000000000 --- a/test/integration/consul-container/upgrade/version_oss.go +++ /dev/null @@ -1,9 +0,0 @@ -//go:build !consulent -// +build !consulent - -package upgrade - -import "flag" - -var targetImage = flag.String("target-version", "local", "docker image to be used as UUT (unit under test)") -var latestImage = flag.String("latest-version", "1.11", "docker image to be used as latest") diff --git a/website/content/docs/agent/telemetry.mdx b/website/content/docs/agent/telemetry.mdx index cd3345499..0435a42c8 100644 --- a/website/content/docs/agent/telemetry.mdx +++ b/website/content/docs/agent/telemetry.mdx @@ -85,6 +85,7 @@ These are some metrics emitted that can help you understand the health of your c | `consul.raft.leader.lastContact` | Measures the time since the leader was last able to contact the follower nodes when checking its leader lease. | ms | timer | | `consul.raft.state.candidate` | Increments whenever a Consul server starts an election. | elections | counter | | `consul.raft.state.leader` | Increments whenever a Consul server becomes a leader. | leaders | counter | +| `consul.server.isLeader` | Track if a server is a leader(1) or not(0). | 1 or 0 | gauge | **Why they're important:** Normally, your Consul cluster should have a stable leader. If there are frequent elections or leadership changes, it would likely indicate network issues between the Consul servers, or that the Consul servers themselves are unable to keep up with the load. @@ -480,6 +481,7 @@ These metrics are used to monitor the health of the Consul servers. | `consul.rpc.accept_conn` | Increments when a server accepts an RPC connection. | connections | counter | | `consul.catalog.register` | Measures the time it takes to complete a catalog register operation. | ms | timer | | `consul.catalog.deregister` | Measures the time it takes to complete a catalog deregister operation. | ms | timer | +| `consul.server.isLeader` | Track if a server is a leader(1) or not(0) | 1 or 0 | gauge | | `consul.fsm.register` | Measures the time it takes to apply a catalog register operation to the FSM. | ms | timer | | `consul.fsm.deregister` | Measures the time it takes to apply a catalog deregister operation to the FSM. | ms | timer | | `consul.fsm.session.` | Measures the time it takes to apply the given session operation to the FSM. | ms | timer | From 4c781d1e15c3ec492cb709af0cdb8deb040db87e Mon Sep 17 00:00:00 2001 From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com> Date: Fri, 3 Jun 2022 16:42:50 -0500 Subject: [PATCH 451/785] peering: update how cross-peer upstreams and represented in proxycfg and rendered in xds (#13362) This removes unnecessary, vestigal remnants of discovery chains. --- agent/proxycfg/connect_proxy.go | 45 +++---- agent/proxycfg/manager_test.go | 27 ++-- agent/proxycfg/snapshot.go | 55 +++++++- agent/proxycfg/state.go | 1 + agent/proxycfg/state_test.go | 79 +++++++++--- agent/proxycfg/testing_peering.go | 22 +++- agent/proxycfg/upstreams.go | 17 +++ agent/rpc/peering/subscription_manager.go | 9 ++ agent/structs/structs.go | 7 ++ agent/xds/clusters.go | 119 +++++++++++++++++- agent/xds/endpoints.go | 45 ++++++- agent/xds/listeners.go | 113 ++++++++++++++++- ...-proxy-with-peered-upstreams.latest.golden | 12 +- agent/xds/xdscommon/xdscommon.go | 2 + 14 files changed, 471 insertions(+), 82 deletions(-) diff --git a/agent/proxycfg/connect_proxy.go b/agent/proxycfg/connect_proxy.go index d2931cf27..4bbc00201 100644 --- a/agent/proxycfg/connect_proxy.go +++ b/agent/proxycfg/connect_proxy.go @@ -6,8 +6,6 @@ import ( "strings" cachetype "github.com/hashicorp/consul/agent/cache-types" - "github.com/hashicorp/consul/agent/configentry" - "github.com/hashicorp/consul/agent/consul/discoverychain" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/proto/pbpeering" ) @@ -33,6 +31,7 @@ func (s *handlerConnectProxy) initialize(ctx context.Context) (ConfigSnapshot, e snap.ConnectProxy.UpstreamConfig = make(map[UpstreamID]*structs.Upstream) snap.ConnectProxy.PassthroughUpstreams = make(map[UpstreamID]map[string]map[string]struct{}) snap.ConnectProxy.PassthroughIndices = make(map[string]indexedTarget) + snap.ConnectProxy.PeerUpstreamEndpoints = make(map[UpstreamID]structs.CheckServiceNodes) // Watch for root changes err := s.dataSources.CARoots.Notify(ctx, &structs.DCSpecificRequest{ @@ -184,27 +183,31 @@ func (s *handlerConnectProxy) initialize(ctx context.Context) (ConfigSnapshot, e fallthrough case "": - // If DestinationPeer is not empty, insert a default discovery chain directly to the snapshot if u.DestinationPeer != "" { - req := discoverychain.CompileRequest{ - ServiceName: u.DestinationName, - EvaluateInNamespace: u.DestinationNamespace, - EvaluateInPartition: u.DestinationPartition, - EvaluateInDatacenter: dc, - EvaluateInTrustDomain: "trustdomain.consul", // TODO(peering): where to evaluate this? - Entries: configentry.NewDiscoveryChainSet(), - } - chain, err := discoverychain.Compile(req) + // NOTE: An upstream that points to a peer by definition will + // only ever watch a single catalog query, so a map key of just + // "UID" is sufficient to cover the peer data watches here. + + s.logger.Trace("initializing watch of peered upstream", "upstream", uid) + + // TODO(peering): We'll need to track a CancelFunc for this + // once the tproxy support lands. + err := s.dataSources.Health.Notify(ctx, &structs.ServiceSpecificRequest{ + PeerName: uid.Peer, + Datacenter: dc, + QueryOptions: structs.QueryOptions{ + Token: s.token, + }, + ServiceName: u.DestinationName, + Connect: true, + // Note that Identifier doesn't type-prefix for service any more as it's + // the default and makes metrics and other things much cleaner. It's + // simpler for us if we have the type to make things unambiguous. + Source: *s.source, + EnterpriseMeta: uid.EnterpriseMeta, + }, upstreamPeerWatchIDPrefix+uid.String(), s.ch) if err != nil { - return snap, fmt.Errorf("error while compiling default discovery chain: %w", err) - } - - // Directly insert chain and empty function into the discovery chain maps - snap.ConnectProxy.ConfigSnapshotUpstreams.DiscoveryChain[uid] = chain - snap.ConnectProxy.ConfigSnapshotUpstreams.WatchedDiscoveryChains[uid] = func() {} - - if err := (*handlerUpstreams)(s).resetWatchesFromChain(ctx, uid, chain, &snap.ConnectProxy.ConfigSnapshotUpstreams); err != nil { - return snap, fmt.Errorf("error while resetting watches from chain: %w", err) + return snap, err } // Check whether a watch for this peer exists to avoid duplicates. diff --git a/agent/proxycfg/manager_test.go b/agent/proxycfg/manager_test.go index 5d511c59b..af28c5578 100644 --- a/agent/proxycfg/manager_test.go +++ b/agent/proxycfg/manager_test.go @@ -1,11 +1,9 @@ package proxycfg import ( - "context" "testing" "time" - "github.com/hashicorp/consul/proto/pbpeering" "github.com/mitchellh/copystructure" "github.com/stretchr/testify/require" @@ -15,6 +13,7 @@ import ( "github.com/hashicorp/consul/agent/consul/discoverychain" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" + "github.com/hashicorp/consul/proto/pbpeering" "github.com/hashicorp/consul/sdk/testutil" ) @@ -223,8 +222,6 @@ func TestManager_BasicLifecycle(t *testing.T) { DiscoveryChain: map[UpstreamID]*structs.CompiledDiscoveryChain{ dbUID: dbDefaultChain(), }, - WatchedDiscoveryChains: map[UpstreamID]context.CancelFunc{}, - WatchedUpstreams: nil, // Clone() clears this out WatchedUpstreamEndpoints: map[UpstreamID]map[string]structs.CheckServiceNodes{ dbUID: { "db.default.default.dc1": TestUpstreamNodes(t, db.Name), @@ -239,10 +236,10 @@ func TestManager_BasicLifecycle(t *testing.T) { NewUpstreamID(&upstreams[1]): &upstreams[1], NewUpstreamID(&upstreams[2]): &upstreams[2], }, - PassthroughUpstreams: map[UpstreamID]map[string]map[string]struct{}{}, - PassthroughIndices: map[string]indexedTarget{}, - WatchedPeerTrustBundles: map[string]context.CancelFunc{}, - PeerTrustBundles: map[string]*pbpeering.PeeringTrustBundle{}, + PassthroughUpstreams: map[UpstreamID]map[string]map[string]struct{}{}, + PassthroughIndices: map[string]indexedTarget{}, + PeerTrustBundles: map[string]*pbpeering.PeeringTrustBundle{}, + PeerUpstreamEndpoints: map[UpstreamID]structs.CheckServiceNodes{}, }, PreparedQueryEndpoints: map[UpstreamID]structs.CheckServiceNodes{}, WatchedServiceChecks: map[structs.ServiceID][]structs.CheckType{}, @@ -284,8 +281,6 @@ func TestManager_BasicLifecycle(t *testing.T) { DiscoveryChain: map[UpstreamID]*structs.CompiledDiscoveryChain{ dbUID: dbSplitChain(), }, - WatchedDiscoveryChains: map[UpstreamID]context.CancelFunc{}, - WatchedUpstreams: nil, // Clone() clears this out WatchedUpstreamEndpoints: map[UpstreamID]map[string]structs.CheckServiceNodes{ dbUID: { "v1.db.default.default.dc1": TestUpstreamNodes(t, db.Name), @@ -301,10 +296,10 @@ func TestManager_BasicLifecycle(t *testing.T) { NewUpstreamID(&upstreams[1]): &upstreams[1], NewUpstreamID(&upstreams[2]): &upstreams[2], }, - PassthroughUpstreams: map[UpstreamID]map[string]map[string]struct{}{}, - PassthroughIndices: map[string]indexedTarget{}, - WatchedPeerTrustBundles: map[string]context.CancelFunc{}, - PeerTrustBundles: map[string]*pbpeering.PeeringTrustBundle{}, + PassthroughUpstreams: map[UpstreamID]map[string]map[string]struct{}{}, + PassthroughIndices: map[string]indexedTarget{}, + PeerTrustBundles: map[string]*pbpeering.PeeringTrustBundle{}, + PeerUpstreamEndpoints: map[UpstreamID]structs.CheckServiceNodes{}, }, PreparedQueryEndpoints: map[UpstreamID]structs.CheckServiceNodes{}, WatchedServiceChecks: map[structs.ServiceID][]structs.CheckType{}, @@ -330,7 +325,7 @@ func TestManager_BasicLifecycle(t *testing.T) { dataSources.ConfigEntry.Set(meshConfigReq, &structs.ConfigEntryResponse{Entry: nil}) tt.setup(t, dataSources) - expectSnapCopy, err := copystructure.Copy(tt.expectSnap) + expectSnapCopy, err := tt.expectSnap.Clone() require.NoError(t, err) webProxyCopy, err := copystructure.Copy(webProxy) @@ -341,7 +336,7 @@ func TestManager_BasicLifecycle(t *testing.T) { rootsReq, leafReq, roots, webProxyCopy.(*structs.NodeService), - expectSnapCopy.(*ConfigSnapshot), + expectSnapCopy, ) }) } diff --git a/agent/proxycfg/snapshot.go b/agent/proxycfg/snapshot.go index 45a250b48..02cdf0580 100644 --- a/agent/proxycfg/snapshot.go +++ b/agent/proxycfg/snapshot.go @@ -79,6 +79,11 @@ type ConfigSnapshotUpstreams struct { // // This list only applies to proxies registered in 'transparent' mode. IntentionUpstreams map[UpstreamID]struct{} + + // PeerUpstreamEndpoints is a map of UpstreamID -> (set of IP addresses) + // and used to determine the backing endpoints of an upstream in another + // peer. + PeerUpstreamEndpoints map[UpstreamID]structs.CheckServiceNodes } // indexedTarget is used to associate the Raft modify index of a resource @@ -156,7 +161,8 @@ func (c *configSnapshotConnectProxy) isEmpty() bool { len(c.PassthroughUpstreams) == 0 && len(c.IntentionUpstreams) == 0 && !c.PeeringTrustBundlesSet && - !c.MeshConfigSet + !c.MeshConfigSet && + len(c.PeerUpstreamEndpoints) == 0 } type configSnapshotTerminatingGateway struct { @@ -516,8 +522,11 @@ func (s *ConfigSnapshot) Clone() (*ConfigSnapshot, error) { // nil these out as anything receiving one of these clones does not need them and should never "cancel" our watches switch s.Kind { case structs.ServiceKindConnectProxy: + // common with connect-proxy and ingress-gateway snap.ConnectProxy.WatchedUpstreams = nil snap.ConnectProxy.WatchedGateways = nil + snap.ConnectProxy.WatchedDiscoveryChains = nil + snap.ConnectProxy.WatchedPeerTrustBundles = nil case structs.ServiceKindTerminatingGateway: snap.TerminatingGateway.WatchedServices = nil snap.TerminatingGateway.WatchedIntentions = nil @@ -528,9 +537,12 @@ func (s *ConfigSnapshot) Clone() (*ConfigSnapshot, error) { snap.MeshGateway.WatchedGateways = nil snap.MeshGateway.WatchedServices = nil case structs.ServiceKindIngressGateway: + // common with connect-proxy and ingress-gateway snap.IngressGateway.WatchedUpstreams = nil snap.IngressGateway.WatchedGateways = nil snap.IngressGateway.WatchedDiscoveryChains = nil + snap.IngressGateway.WatchedPeerTrustBundles = nil + // only ingress-gateway snap.IngressGateway.LeafCertWatchCancel = nil } @@ -585,3 +597,44 @@ func (s *ConfigSnapshot) MeshConfigTLSOutgoing() *structs.MeshDirectionalTLSConf } return mesh.TLS.Outgoing } + +func (u *ConfigSnapshotUpstreams) UpstreamPeerMeta(uid UpstreamID) structs.PeeringServiceMeta { + nodes := u.PeerUpstreamEndpoints[uid] + if len(nodes) == 0 { + return structs.PeeringServiceMeta{} + } + + // In agent/rpc/peering/subscription_manager.go we denormalize the + // PeeringServiceMeta data onto each replicated service instance to convey + // this information back to the importing side of the peering. + // + // This data is guaranteed (subject to any eventual consistency lag around + // updates) to be the same across all instances, so we only need to take + // the first item. + // + // TODO(peering): consider replicating this "common to all instances" data + // using a different replication type and persist it separately in the + // catalog to avoid this weird construction. + csn := nodes[0] + if csn.Service == nil { + return structs.PeeringServiceMeta{} + } + return *csn.Service.Connect.PeerMeta +} + +func (u *ConfigSnapshotUpstreams) PeeredUpstreamIDs() []UpstreamID { + out := make([]UpstreamID, 0, len(u.UpstreamConfig)) + for uid := range u.UpstreamConfig { + if uid.Peer == "" { + continue + } + + if _, ok := u.PeerTrustBundles[uid.Peer]; uid.Peer != "" && !ok { + // The trust bundle for this upstream is not available yet, skip for now. + continue + } + + out = append(out, uid) + } + return out +} diff --git a/agent/proxycfg/state.go b/agent/proxycfg/state.go index bce6510d4..7b27e1dd7 100644 --- a/agent/proxycfg/state.go +++ b/agent/proxycfg/state.go @@ -36,6 +36,7 @@ const ( serviceResolverIDPrefix = "service-resolver:" serviceIntentionsIDPrefix = "service-intentions:" intentionUpstreamsID = "intention-upstreams" + upstreamPeerWatchIDPrefix = "upstream-peer:" meshConfigEntryID = "mesh" svcChecksWatchIDPrefix = cachetype.ServiceHTTPChecksName + ":" preparedQueryIDPrefix = string(structs.UpstreamDestTypePreparedQuery) + ":" diff --git a/agent/proxycfg/state_test.go b/agent/proxycfg/state_test.go index 20446b2da..a449a9973 100644 --- a/agent/proxycfg/state_test.go +++ b/agent/proxycfg/state_test.go @@ -299,10 +299,15 @@ func genVerifyGatewayWatch(expectedDatacenter string) verifyWatchRequest { } func genVerifyServiceSpecificRequest(expectedService, expectedFilter, expectedDatacenter string, connect bool) verifyWatchRequest { + return genVerifyServiceSpecificPeeredRequest(expectedService, expectedFilter, expectedDatacenter, "", connect) +} + +func genVerifyServiceSpecificPeeredRequest(expectedService, expectedFilter, expectedDatacenter, expectedPeer string, connect bool) verifyWatchRequest { return func(t testing.TB, request any) { reqReal, ok := request.(*structs.ServiceSpecificRequest) require.True(t, ok) require.Equal(t, expectedDatacenter, reqReal.Datacenter) + require.Equal(t, expectedPeer, reqReal.PeerName) require.Equal(t, expectedService, reqReal.ServiceName) require.Equal(t, expectedFilter, reqReal.QueryOptions.Filter) require.Equal(t, connect, reqReal.Connect) @@ -396,6 +401,8 @@ func TestState_WatchesAndUpdates(t *testing.T) { // TODO(peering): NewUpstreamIDFromServiceName should take a PeerName extApiUID.Peer = "peer-a" + const peerTrustDomain = "1c053652-8512-4373-90cf-5a7f6263a994.consul" + rootWatchEvent := func() UpdateEvent { return UpdateEvent{ CorrelationID: rootsWatchID, @@ -2500,29 +2507,28 @@ func TestState_WatchesAndUpdates(t *testing.T) { EvaluateInPartition: "default", Datacenter: "dc1", }), - rootsWatchID: genVerifyDCSpecificWatch("dc1"), - leafWatchID: genVerifyLeafWatch("web", "dc1"), - peeringTrustBundlesWatchID: genVerifyTrustBundleListWatch("web"), - peerTrustBundleIDPrefix + "peer-a": genVerifyTrustBundleReadWatch("peer-a"), - // No Peering watch + rootsWatchID: genVerifyDCSpecificWatch("dc1"), + leafWatchID: genVerifyLeafWatch("web", "dc1"), + peeringTrustBundlesWatchID: genVerifyTrustBundleListWatch("web"), + peerTrustBundleIDPrefix + "peer-a": genVerifyTrustBundleReadWatch("peer-a"), + upstreamPeerWatchIDPrefix + extApiUID.String(): genVerifyServiceSpecificPeeredRequest("api-a", "", "dc1", "peer-a", true), }, verifySnapshot: func(t testing.TB, snap *ConfigSnapshot) { require.False(t, snap.Valid(), "should not be valid") require.True(t, snap.MeshGateway.isEmpty()) - // Even though there were no events to trigger the watches, - // the peered upstream is written to the maps - require.Len(t, snap.ConnectProxy.DiscoveryChain, 1, "%+v", snap.ConnectProxy.DiscoveryChain) - require.NotNil(t, snap.ConnectProxy.DiscoveryChain[extApiUID]) - require.Len(t, snap.ConnectProxy.WatchedDiscoveryChains, 1, "%+v", snap.ConnectProxy.WatchedDiscoveryChains) - require.NotNil(t, snap.ConnectProxy.WatchedDiscoveryChains[extApiUID]) - require.Len(t, snap.ConnectProxy.WatchedUpstreams, 1, "%+v", snap.ConnectProxy.WatchedUpstreams) - require.Len(t, snap.ConnectProxy.WatchedUpstreamEndpoints, 1, "%+v", snap.ConnectProxy.WatchedUpstreamEndpoints) - require.Len(t, snap.ConnectProxy.WatchedGateways, 1, "%+v", snap.ConnectProxy.WatchedGateways) - require.Len(t, snap.ConnectProxy.WatchedGatewayEndpoints, 1, "%+v", snap.ConnectProxy.WatchedGatewayEndpoints) + require.Len(t, snap.ConnectProxy.DiscoveryChain, 0, "%+v", snap.ConnectProxy.DiscoveryChain) + require.Len(t, snap.ConnectProxy.WatchedDiscoveryChains, 0, "%+v", snap.ConnectProxy.WatchedDiscoveryChains) + require.Len(t, snap.ConnectProxy.WatchedUpstreams, 0, "%+v", snap.ConnectProxy.WatchedUpstreams) + require.Len(t, snap.ConnectProxy.WatchedUpstreamEndpoints, 0, "%+v", snap.ConnectProxy.WatchedUpstreamEndpoints) + require.Len(t, snap.ConnectProxy.WatchedGateways, 0, "%+v", snap.ConnectProxy.WatchedGateways) + require.Len(t, snap.ConnectProxy.WatchedGatewayEndpoints, 0, "%+v", snap.ConnectProxy.WatchedGatewayEndpoints) + require.Contains(t, snap.ConnectProxy.WatchedPeerTrustBundles, "peer-a", "%+v", snap.ConnectProxy.WatchedPeerTrustBundles) require.Len(t, snap.ConnectProxy.PeerTrustBundles, 0, "%+v", snap.ConnectProxy.PeerTrustBundles) + require.Len(t, snap.ConnectProxy.PeerUpstreamEndpoints, 0, "%+v", snap.ConnectProxy.PeerUpstreamEndpoints) + require.Len(t, snap.ConnectProxy.WatchedServiceChecks, 0, "%+v", snap.ConnectProxy.WatchedServiceChecks) require.Len(t, snap.ConnectProxy.PreparedQueryEndpoints, 0, "%+v", snap.ConnectProxy.PreparedQueryEndpoints) require.Len(t, snap.ConnectProxy.PeeringTrustBundles, 0, "%+v", snap.ConnectProxy.PeeringTrustBundles) @@ -2564,6 +2570,36 @@ func TestState_WatchesAndUpdates(t *testing.T) { Bundle: peerTrustBundles.Bundles[0], }, }, + { + CorrelationID: upstreamPeerWatchIDPrefix + extApiUID.String(), + Result: &structs.IndexedCheckServiceNodes{ + Nodes: structs.CheckServiceNodes{ + { + Node: &structs.Node{ + Node: "node1", + Address: "127.0.0.1", + PeerName: "peer-a", + }, + Service: &structs.NodeService{ + ID: "api-a-1", + Service: "api-a", + PeerName: "peer-a", + Connect: structs.ServiceConnect{ + PeerMeta: &structs.PeeringServiceMeta{ + SNI: []string{ + "payments.default.default.cloud.external." + peerTrustDomain, + }, + SpiffeID: []string{ + "spiffe://" + peerTrustDomain + "/ns/default/dc/cloud-dc/svc/payments", + }, + Protocol: "tcp", + }, + }, + }, + }, + }, + }, + }, }, verifySnapshot: func(t testing.TB, snap *ConfigSnapshot) { require.True(t, snap.Valid()) @@ -2573,15 +2609,18 @@ func TestState_WatchesAndUpdates(t *testing.T) { require.Equal(t, issuedCert, snap.ConnectProxy.Leaf) prototest.AssertDeepEqual(t, peerTrustBundles.Bundles, snap.ConnectProxy.PeeringTrustBundles) - require.Len(t, snap.ConnectProxy.DiscoveryChain, 2, "%+v", snap.ConnectProxy.DiscoveryChain) - require.Len(t, snap.ConnectProxy.WatchedUpstreams, 2, "%+v", snap.ConnectProxy.WatchedUpstreams) - require.Len(t, snap.ConnectProxy.WatchedUpstreamEndpoints, 2, "%+v", snap.ConnectProxy.WatchedUpstreamEndpoints) - require.Len(t, snap.ConnectProxy.WatchedGateways, 2, "%+v", snap.ConnectProxy.WatchedGateways) - require.Len(t, snap.ConnectProxy.WatchedGatewayEndpoints, 2, "%+v", snap.ConnectProxy.WatchedGatewayEndpoints) + require.Len(t, snap.ConnectProxy.DiscoveryChain, 1, "%+v", snap.ConnectProxy.DiscoveryChain) + require.Len(t, snap.ConnectProxy.WatchedUpstreams, 1, "%+v", snap.ConnectProxy.WatchedUpstreams) + require.Len(t, snap.ConnectProxy.WatchedUpstreamEndpoints, 1, "%+v", snap.ConnectProxy.WatchedUpstreamEndpoints) + require.Len(t, snap.ConnectProxy.WatchedGateways, 1, "%+v", snap.ConnectProxy.WatchedGateways) + require.Len(t, snap.ConnectProxy.WatchedGatewayEndpoints, 1, "%+v", snap.ConnectProxy.WatchedGatewayEndpoints) require.Contains(t, snap.ConnectProxy.WatchedPeerTrustBundles, "peer-a", "%+v", snap.ConnectProxy.WatchedPeerTrustBundles) require.Equal(t, peerTrustBundles.Bundles[0], snap.ConnectProxy.PeerTrustBundles["peer-a"], "%+v", snap.ConnectProxy.WatchedPeerTrustBundles) + require.Len(t, snap.ConnectProxy.PeerUpstreamEndpoints, 1, "%+v", snap.ConnectProxy.PeerUpstreamEndpoints) + require.NotNil(t, snap.ConnectProxy.PeerUpstreamEndpoints[extApiUID]) + require.Len(t, snap.ConnectProxy.WatchedServiceChecks, 0, "%+v", snap.ConnectProxy.WatchedServiceChecks) require.Len(t, snap.ConnectProxy.PreparedQueryEndpoints, 0, "%+v", snap.ConnectProxy.PreparedQueryEndpoints) }, diff --git a/agent/proxycfg/testing_peering.go b/agent/proxycfg/testing_peering.go index 09043c342..db113869b 100644 --- a/agent/proxycfg/testing_peering.go +++ b/agent/proxycfg/testing_peering.go @@ -24,6 +24,8 @@ func TestConfigSnapshotPeering(t testing.T) *ConfigSnapshot { refundsUID = NewUpstreamID(&refundsUpstream) ) + const peerTrustDomain = "1c053652-8512-4373-90cf-5a7f6263a994.consul" + return TestConfigSnapshot(t, func(ns *structs.NodeService) { ns.Proxy.Upstreams = structs.Upstreams{ paymentsUpstream, @@ -37,7 +39,7 @@ func TestConfigSnapshotPeering(t testing.T) *ConfigSnapshot { }, }, { - CorrelationID: "upstream-target:payments.default.default.dc1:" + paymentsUID.String(), + CorrelationID: upstreamPeerWatchIDPrefix + paymentsUID.String(), Result: &structs.IndexedCheckServiceNodes{ Nodes: []structs.CheckServiceNode{ { @@ -51,7 +53,13 @@ func TestConfigSnapshotPeering(t testing.T) *ConfigSnapshot { Port: 443, Connect: structs.ServiceConnect{ PeerMeta: &structs.PeeringServiceMeta{ - SpiffeID: []string{"spiffe://1c053652-8512-4373-90cf-5a7f6263a994.consul/ns/default/dc/cloud-dc/svc/payments"}, + SNI: []string{ + "payments.default.default.cloud.external." + peerTrustDomain, + }, + SpiffeID: []string{ + "spiffe://" + peerTrustDomain + "/ns/default/dc/cloud-dc/svc/payments", + }, + Protocol: "tcp", }, }, }, @@ -60,7 +68,7 @@ func TestConfigSnapshotPeering(t testing.T) *ConfigSnapshot { }, }, { - CorrelationID: "upstream-target:refunds.default.default.dc1:" + refundsUID.String(), + CorrelationID: upstreamPeerWatchIDPrefix + refundsUID.String(), Result: &structs.IndexedCheckServiceNodes{ Nodes: []structs.CheckServiceNode{ { @@ -74,7 +82,13 @@ func TestConfigSnapshotPeering(t testing.T) *ConfigSnapshot { Port: 443, Connect: structs.ServiceConnect{ PeerMeta: &structs.PeeringServiceMeta{ - SpiffeID: []string{"spiffe://1c053652-8512-4373-90cf-5a7f6263a994.consul/ns/default/dc/cloud-dc/svc/refunds"}, + SNI: []string{ + "refunds.default.default.cloud.external." + peerTrustDomain, + }, + SpiffeID: []string{ + "spiffe://" + peerTrustDomain + "/ns/default/dc/cloud-dc/svc/refunds", + }, + Protocol: "tcp", }, }, }, diff --git a/agent/proxycfg/upstreams.go b/agent/proxycfg/upstreams.go index 3e887caf1..66f65a41e 100644 --- a/agent/proxycfg/upstreams.go +++ b/agent/proxycfg/upstreams.go @@ -88,6 +88,23 @@ func (s *handlerUpstreams) handleUpdateUpstreams(ctx context.Context, u UpdateEv return err } + case strings.HasPrefix(u.CorrelationID, upstreamPeerWatchIDPrefix): + resp, ok := u.Result.(*structs.IndexedCheckServiceNodes) + if !ok { + return fmt.Errorf("invalid type for response: %T", u.Result) + } + uidString := strings.TrimPrefix(u.CorrelationID, upstreamPeerWatchIDPrefix) + + uid := UpstreamIDFromString(uidString) + + upstreamsSnapshot.PeerUpstreamEndpoints[uid] = resp.Nodes + + if s.kind != structs.ServiceKindConnectProxy || s.proxyCfg.Mode != structs.ProxyModeTransparent { + return nil + } + + s.logger.Warn("skipping transparent proxy update for peered upstream") + case strings.HasPrefix(u.CorrelationID, "upstream-target:"): resp, ok := u.Result.(*structs.IndexedCheckServiceNodes) if !ok { diff --git a/agent/rpc/peering/subscription_manager.go b/agent/rpc/peering/subscription_manager.go index 7e443e919..0c00a2ca7 100644 --- a/agent/rpc/peering/subscription_manager.go +++ b/agent/rpc/peering/subscription_manager.go @@ -208,8 +208,17 @@ func (m *subscriptionManager) handleEvent(ctx context.Context, state *subscripti Datacenter: m.config.Datacenter, Service: sn.Name, } + sni := connect.PeeredServiceSNI( + sn.Name, + sn.NamespaceOrDefault(), + sn.PartitionOrDefault(), + state.peerName, + m.trustDomain, + ) peerMeta := &pbservice.PeeringServiceMeta{ + SNI: []string{sni}, SpiffeID: []string{spiffeID.URI().String()}, + Protocol: "tcp", } // skip checks since we just generated one from scratch diff --git a/agent/structs/structs.go b/agent/structs/structs.go index 1eb428e59..d53644ed7 100644 --- a/agent/structs/structs.go +++ b/agent/structs/structs.go @@ -1253,6 +1253,13 @@ type PeeringServiceMeta struct { Protocol string `json:",omitempty"` } +func (m *PeeringServiceMeta) PrimarySNI() string { + if m == nil || len(m.SNI) == 0 { + return "" + } + return m.SNI[0] +} + func (ns *NodeService) BestAddress(wan bool) (string, int) { addr := ns.Address port := ns.Port diff --git a/agent/xds/clusters.go b/agent/xds/clusters.go index b07a2c808..ae586a540 100644 --- a/agent/xds/clusters.go +++ b/agent/xds/clusters.go @@ -88,10 +88,6 @@ func (s *ResourceGenerator) clustersFromSnapshotConnectProxy(cfgSnap *proxycfg.C // Discovery chain is not associated with a known explicit or implicit upstream so it is skipped. continue } - if _, ok := cfgSnap.ConnectProxy.PeerTrustBundles[uid.Peer]; uid.Peer != "" && !ok { - // The trust bundle for this upstream is not available yet, skip for now. - continue - } chainEndpoints, ok := cfgSnap.ConnectProxy.WatchedUpstreamEndpoints[uid] if !ok { @@ -109,6 +105,29 @@ func (s *ResourceGenerator) clustersFromSnapshotConnectProxy(cfgSnap *proxycfg.C } } + // NOTE: Any time we skip an upstream below we MUST also skip that same + // upstream in endpoints.go so that the sets of endpoints generated matches + // the sets of clusters. + // + // TODO(peering): make this work for tproxy + for _, uid := range cfgSnap.ConnectProxy.PeeredUpstreamIDs() { + upstreamCfg := cfgSnap.ConnectProxy.UpstreamConfig[uid] + + explicit := upstreamCfg.HasLocalPortOrSocket() + if _, implicit := cfgSnap.ConnectProxy.IntentionUpstreams[uid]; !implicit && !explicit { + // Not associated with a known explicit or implicit upstream so it is skipped. + continue + } + + peerMeta := cfgSnap.ConnectProxy.UpstreamPeerMeta(uid) + + upstreamCluster, err := s.makeUpstreamClusterForPeerService(upstreamCfg, peerMeta, cfgSnap) + if err != nil { + return nil, err + } + clusters = append(clusters, upstreamCluster) + } + for _, u := range cfgSnap.Proxy.Upstreams { if u.DestinationType != structs.UpstreamDestTypePreparedQuery { continue @@ -525,6 +544,96 @@ func (s *ResourceGenerator) makeAppCluster(cfgSnap *proxycfg.ConfigSnapshot, nam return c, err } +func (s *ResourceGenerator) makeUpstreamClusterForPeerService( + upstream *structs.Upstream, + peerMeta structs.PeeringServiceMeta, + cfgSnap *proxycfg.ConfigSnapshot, +) (*envoy_cluster_v3.Cluster, error) { + var ( + c *envoy_cluster_v3.Cluster + err error + ) + + uid := proxycfg.NewUpstreamID(upstream) + + cfg := s.getAndModifyUpstreamConfigForPeeredListener(uid, upstream, peerMeta) + if cfg.EnvoyClusterJSON != "" { + c, err = makeClusterFromUserConfig(cfg.EnvoyClusterJSON) + if err != nil { + return c, err + } + // In the happy path don't return yet as we need to inject TLS config still. + } + + // TODO(peering): if we replicated service metadata separately from the + // instances we wouldn't have to flip/flop this cluster name like this. + clusterName := peerMeta.PrimarySNI() + if clusterName == "" { + clusterName = uid.EnvoyID() + } + + s.Logger.Trace("generating cluster for", "cluster", clusterName) + if c == nil { + c = &envoy_cluster_v3.Cluster{ + Name: clusterName, + AltStatName: clusterName, + ConnectTimeout: durationpb.New(time.Duration(cfg.ConnectTimeoutMs) * time.Millisecond), + ClusterDiscoveryType: &envoy_cluster_v3.Cluster_Type{Type: envoy_cluster_v3.Cluster_EDS}, + CommonLbConfig: &envoy_cluster_v3.Cluster_CommonLbConfig{ + HealthyPanicThreshold: &envoy_type_v3.Percent{ + Value: 0, // disable panic threshold + }, + }, + EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + EdsConfig: &envoy_core_v3.ConfigSource{ + ResourceApiVersion: envoy_core_v3.ApiVersion_V3, + ConfigSourceSpecifier: &envoy_core_v3.ConfigSource_Ads{ + Ads: &envoy_core_v3.AggregatedConfigSource{}, + }, + }, + }, + CircuitBreakers: &envoy_cluster_v3.CircuitBreakers{ + Thresholds: makeThresholdsIfNeeded(cfg.Limits), + }, + OutlierDetection: ToOutlierDetection(cfg.PassiveHealthCheck), + } + if cfg.Protocol == "http2" || cfg.Protocol == "grpc" { + if err := s.setHttp2ProtocolOptions(c); err != nil { + return c, err + } + } + } + + rootPEMs := cfgSnap.RootPEMs() + if uid.Peer != "" { + rootPEMs = cfgSnap.ConnectProxy.PeerTrustBundles[uid.Peer].ConcatenatedRootPEMs() + } + + // Enable TLS upstream with the configured client certificate. + commonTLSContext := makeCommonTLSContext( + cfgSnap.Leaf(), + rootPEMs, + makeTLSParametersFromProxyTLSConfig(cfgSnap.MeshConfigTLSOutgoing()), + ) + err = injectSANMatcher(commonTLSContext, peerMeta.SpiffeID...) + if err != nil { + return nil, fmt.Errorf("failed to inject SAN matcher rules for cluster %q: %v", clusterName, err) + } + + tlsContext := &envoy_tls_v3.UpstreamTlsContext{ + CommonTlsContext: commonTLSContext, + Sni: peerMeta.PrimarySNI(), + } + + transportSocket, err := makeUpstreamTLSTransportSocket(tlsContext) + if err != nil { + return nil, err + } + c.TransportSocket = transportSocket + + return c, nil +} + func (s *ResourceGenerator) makeUpstreamClusterForPreparedQuery(upstream structs.Upstream, cfgSnap *proxycfg.ConfigSnapshot) (*envoy_cluster_v3.Cluster, error) { var c *envoy_cluster_v3.Cluster var err error @@ -751,7 +860,7 @@ func (s *ResourceGenerator) makeUpstreamClustersForDiscoveryChain( } sort.Strings(spiffeIDs) - s.Logger.Debug("generating cluster for", "cluster", clusterName) + s.Logger.Trace("generating cluster for", "cluster", clusterName) c := &envoy_cluster_v3.Cluster{ Name: clusterName, AltStatName: clusterName, diff --git a/agent/xds/endpoints.go b/agent/xds/endpoints.go index dd415062e..0122feb4e 100644 --- a/agent/xds/endpoints.go +++ b/agent/xds/endpoints.go @@ -45,8 +45,11 @@ func (s *ResourceGenerator) endpointsFromSnapshot(cfgSnap *proxycfg.ConfigSnapsh // endpointsFromSnapshotConnectProxy returns the xDS API representation of the "endpoints" // (upstream instances) in the snapshot. func (s *ResourceGenerator) endpointsFromSnapshotConnectProxy(cfgSnap *proxycfg.ConfigSnapshot) ([]proto.Message, error) { + // TODO: this estimate is wrong resources := make([]proto.Message, 0, - len(cfgSnap.ConnectProxy.PreparedQueryEndpoints)+len(cfgSnap.ConnectProxy.WatchedUpstreamEndpoints)) + len(cfgSnap.ConnectProxy.PreparedQueryEndpoints)+ + len(cfgSnap.ConnectProxy.PeerUpstreamEndpoints)+ + len(cfgSnap.ConnectProxy.WatchedUpstreamEndpoints)) // NOTE: Any time we skip a chain below we MUST also skip that discovery chain in clusters.go // so that the sets of endpoints generated matches the sets of clusters. @@ -58,10 +61,6 @@ func (s *ResourceGenerator) endpointsFromSnapshotConnectProxy(cfgSnap *proxycfg. // Discovery chain is not associated with a known explicit or implicit upstream so it is skipped. continue } - if _, ok := cfgSnap.ConnectProxy.PeerTrustBundles[uid.Peer]; uid.Peer != "" && !ok { - // The trust bundle for this upstream is not available yet, skip for now. - continue - } es := s.endpointsFromDiscoveryChain( uid, @@ -74,6 +73,42 @@ func (s *ResourceGenerator) endpointsFromSnapshotConnectProxy(cfgSnap *proxycfg. resources = append(resources, es...) } + // NOTE: Any time we skip an upstream below we MUST also skip that same + // upstream in clusters.go so that the sets of endpoints generated matches + // the sets of clusters. + // + // TODO(peering): make this work for tproxy + for _, uid := range cfgSnap.ConnectProxy.PeeredUpstreamIDs() { + upstreamCfg := cfgSnap.ConnectProxy.UpstreamConfig[uid] + + explicit := upstreamCfg.HasLocalPortOrSocket() + if _, implicit := cfgSnap.ConnectProxy.IntentionUpstreams[uid]; !implicit && !explicit { + // Not associated with a known explicit or implicit upstream so it is skipped. + continue + } + + peerMeta := cfgSnap.ConnectProxy.UpstreamPeerMeta(uid) + + // TODO(peering): if we replicated service metadata separately from the + // instances we wouldn't have to flip/flop this cluster name like this. + clusterName := peerMeta.PrimarySNI() + if clusterName == "" { + clusterName = uid.EnvoyID() + } + + endpoints, ok := cfgSnap.ConnectProxy.PeerUpstreamEndpoints[uid] + if ok { + la := makeLoadAssignment( + clusterName, + []loadAssignmentEndpointGroup{ + {Endpoints: endpoints}, + }, + cfgSnap.Locality, + ) + resources = append(resources, la) + } + } + // Looping over explicit upstreams is only needed for prepared queries because they do not have discovery chains for _, u := range cfgSnap.Proxy.Upstreams { if u.DestinationType != structs.UpstreamDestTypePreparedQuery { diff --git a/agent/xds/listeners.go b/agent/xds/listeners.go index 62d70a7f6..b3b98d5c2 100644 --- a/agent/xds/listeners.go +++ b/agent/xds/listeners.go @@ -11,9 +11,6 @@ import ( "strings" "time" - "google.golang.org/protobuf/types/known/durationpb" - "google.golang.org/protobuf/types/known/wrapperspb" - envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" @@ -22,7 +19,6 @@ import ( envoy_http_router_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/router/v3" envoy_original_dst_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/listener/original_dst/v3" envoy_tls_inspector_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/listener/tls_inspector/v3" - envoy_connection_limit_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/connection_limit/v3" envoy_http_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" envoy_sni_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/sni_cluster/v3" @@ -35,6 +31,8 @@ import ( "github.com/golang/protobuf/ptypes" "github.com/golang/protobuf/ptypes/any" "github.com/golang/protobuf/ptypes/wrappers" + "google.golang.org/protobuf/types/known/durationpb" + "google.golang.org/protobuf/types/known/wrapperspb" "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/connect" @@ -226,6 +224,73 @@ func (s *ResourceGenerator) listenersFromSnapshotConnectProxy(cfgSnap *proxycfg. } } + // Looping over explicit upstreams is only needed for cross-peer because + // they do not have discovery chains. + // + // TODO(peering): make this work for tproxy + for _, uid := range cfgSnap.ConnectProxy.PeeredUpstreamIDs() { + upstreamCfg := cfgSnap.ConnectProxy.UpstreamConfig[uid] + + explicit := upstreamCfg.HasLocalPortOrSocket() + if _, implicit := cfgSnap.ConnectProxy.IntentionUpstreams[uid]; !implicit && !explicit { + // Not associated with a known explicit or implicit upstream so it is skipped. + continue + } + + peerMeta := cfgSnap.ConnectProxy.UpstreamPeerMeta(uid) + cfg := s.getAndModifyUpstreamConfigForPeeredListener(uid, upstreamCfg, peerMeta) + + // If escape hatch is present, create a listener from it and move on to the next + if cfg.EnvoyListenerJSON != "" { + upstreamListener, err := makeListenerFromUserConfig(cfg.EnvoyListenerJSON) + if err != nil { + s.Logger.Error("failed to parse envoy_listener_json", + "upstream", uid, + "error", err) + continue + } + resources = append(resources, upstreamListener) + continue + } + + // TODO(peering): if we replicated service metadata separately from the + // instances we wouldn't have to flip/flop this cluster name like this. + clusterName := peerMeta.PrimarySNI() + if clusterName == "" { + clusterName = uid.EnvoyID() + } + + // Generate the upstream listeners for when they are explicitly set with a local bind port or socket path + if upstreamCfg != nil && upstreamCfg.HasLocalPortOrSocket() { + filterChain, err := s.makeUpstreamFilterChain(filterChainOpts{ + clusterName: clusterName, + filterName: uid.EnvoyID(), + routeName: uid.EnvoyID(), + protocol: cfg.Protocol, + useRDS: false, + }) + if err != nil { + return nil, err + } + + upstreamListener := makeListener(uid.EnvoyID(), upstreamCfg, envoy_core_v3.TrafficDirection_OUTBOUND) + upstreamListener.FilterChains = []*envoy_listener_v3.FilterChain{ + filterChain, + } + resources = append(resources, upstreamListener) + + // Avoid creating filter chains below for upstreams that have dedicated listeners + continue + } + + // The rest of this loop is used exclusively for transparent proxies. + // Below we create a filter chain per upstream, rather than a listener per upstream + // as we do for explicit upstreams above. + + // TODO(peering): tproxy + + } + if outboundListener != nil { // Add a passthrough for every mesh endpoint that can be dialed directly, // as opposed to via a virtual IP. @@ -1486,6 +1551,46 @@ func (s *ResourceGenerator) getAndModifyUpstreamConfigForListener( return cfg } +func (s *ResourceGenerator) getAndModifyUpstreamConfigForPeeredListener( + uid proxycfg.UpstreamID, + u *structs.Upstream, + peerMeta structs.PeeringServiceMeta, +) structs.UpstreamConfig { + var ( + cfg structs.UpstreamConfig + err error + ) + + configMap := make(map[string]interface{}) + if u != nil { + configMap = u.Config + } + + cfg, err = structs.ParseUpstreamConfigNoDefaults(configMap) + if err != nil { + // Don't hard fail on a config typo, just warn. The parse func returns + // default config if there is an error so it's safe to continue. + s.Logger.Warn("failed to parse", "upstream", uid, "error", err) + } + + protocol := cfg.Protocol + if protocol == "" { + protocol = peerMeta.Protocol + } + if protocol == "" { + protocol = "tcp" + } + + // set back on the config so that we can use it from return value + cfg.Protocol = protocol + + if cfg.ConnectTimeoutMs == 0 { + cfg.ConnectTimeoutMs = 5000 + } + + return cfg +} + type listenerFilterOpts struct { useRDS bool protocol string diff --git a/agent/xds/testdata/clusters/connect-proxy-with-peered-upstreams.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-peered-upstreams.latest.golden index be0a0ef5a..c2606f659 100644 --- a/agent/xds/testdata/clusters/connect-proxy-with-peered-upstreams.latest.golden +++ b/agent/xds/testdata/clusters/connect-proxy-with-peered-upstreams.latest.golden @@ -28,8 +28,8 @@ }, { "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "name": "payments.default.dc1.internal.trustdomain.consul", - "altStatName": "payments.default.dc1.internal.trustdomain.consul", + "name": "payments.default.default.cloud.external.1c053652-8512-4373-90cf-5a7f6263a994.consul", + "altStatName": "payments.default.default.cloud.external.1c053652-8512-4373-90cf-5a7f6263a994.consul", "type": "EDS", "edsClusterConfig": { "edsConfig": { @@ -80,14 +80,14 @@ ] } }, - "sni": "payments.default.dc1.internal.trustdomain.consul" + "sni": "payments.default.default.cloud.external.1c053652-8512-4373-90cf-5a7f6263a994.consul" } } }, { "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "name": "refunds.default.dc1.internal.trustdomain.consul", - "altStatName": "refunds.default.dc1.internal.trustdomain.consul", + "name": "refunds.default.default.cloud.external.1c053652-8512-4373-90cf-5a7f6263a994.consul", + "altStatName": "refunds.default.default.cloud.external.1c053652-8512-4373-90cf-5a7f6263a994.consul", "type": "EDS", "edsClusterConfig": { "edsConfig": { @@ -138,7 +138,7 @@ ] } }, - "sni": "refunds.default.dc1.internal.trustdomain.consul" + "sni": "refunds.default.default.cloud.external.1c053652-8512-4373-90cf-5a7f6263a994.consul" } } } diff --git a/agent/xds/xdscommon/xdscommon.go b/agent/xds/xdscommon/xdscommon.go index 251b94e63..d624c5471 100644 --- a/agent/xds/xdscommon/xdscommon.go +++ b/agent/xds/xdscommon/xdscommon.go @@ -113,6 +113,8 @@ func MakePluginConfiguration(cfgSnap *proxycfg.ConfigSnapshot) PluginConfigurati } } + // TODO(peering): consider PeerUpstreamEndpoints in addition to DiscoveryChain + for uid, dc := range cfgSnap.ConnectProxy.DiscoveryChain { if _, ok := connectProxies[uid]; !ok { continue From 5cd31933d1b3295f7e52fbebfa8a281b805bd518 Mon Sep 17 00:00:00 2001 From: Dan Upton Date: Mon, 6 Jun 2022 15:15:33 +0100 Subject: [PATCH 452/785] xds: remove HTTPCheckFetcher dependency (#13366) This is the OSS portion of enterprise PR 1994 Rather than directly interrogating the agent-local state for HTTP checks using the `HTTPCheckFetcher` interface, we now rely on the config snapshot containing the checks. This reduces the number of changes required to support server xDS sessions. It's not clear why the fetching approach was introduced in 931d167ebb2300839b218d08871f22323c60175d. --- agent/agent.go | 1 - agent/proxycfg/testing_connect_proxy.go | 30 +++++++++++++++++++++ agent/xds/clusters.go | 2 +- agent/xds/clusters_test.go | 2 +- agent/xds/delta.go | 1 - agent/xds/endpoints_test.go | 2 +- agent/xds/listeners.go | 2 +- agent/xds/listeners_test.go | 36 +++---------------------- agent/xds/resources.go | 3 --- agent/xds/routes_test.go | 2 +- agent/xds/server.go | 9 ------- agent/xds/serverless_plugin_oss_test.go | 2 +- agent/xds/xds_protocol_helpers_test.go | 1 - 13 files changed, 39 insertions(+), 54 deletions(-) diff --git a/agent/agent.go b/agent/agent.go index 8fee06587..eed01ca5d 100644 --- a/agent/agent.go +++ b/agent/agent.go @@ -824,7 +824,6 @@ func (a *Agent) listenAndServeGRPC() error { return a.delegate.ResolveTokenAndDefaultMeta(id, nil, nil) }, a, - a, ) a.xdsServer.Register(a.publicGRPCServer) diff --git a/agent/proxycfg/testing_connect_proxy.go b/agent/proxycfg/testing_connect_proxy.go index 2e34e7d35..297208c8b 100644 --- a/agent/proxycfg/testing_connect_proxy.go +++ b/agent/proxycfg/testing_connect_proxy.go @@ -1,12 +1,15 @@ package proxycfg import ( + "time" + "github.com/mitchellh/go-testing-interface" "github.com/stretchr/testify/assert" "github.com/hashicorp/consul/agent/connect" "github.com/hashicorp/consul/agent/consul/discoverychain" "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/types" ) // TestConfigSnapshot returns a fully populated snapshot @@ -222,6 +225,33 @@ func TestConfigSnapshotExposeConfig(t testing.T, nsFn func(ns *structs.NodeServi }, nsFn, nil, baseEvents) } +func TestConfigSnapshotExposeChecks(t testing.T) *ConfigSnapshot { + return TestConfigSnapshot(t, + func(ns *structs.NodeService) { + ns.Address = "1.2.3.4" + ns.Port = 8080 + ns.Proxy.Upstreams = nil + ns.Proxy.Expose = structs.ExposeConfig{ + Checks: true, + } + }, + []UpdateEvent{ + { + CorrelationID: svcChecksWatchIDPrefix + structs.ServiceIDString("web", nil), + Result: []structs.CheckType{{ + CheckID: types.CheckID("http"), + Name: "http", + HTTP: "http://127.0.0.1:8181/debug", + ProxyHTTP: "http://:21500/debug", + Method: "GET", + Interval: 10 * time.Second, + Timeout: 1 * time.Second, + }}, + }, + }, + ) +} + func TestConfigSnapshotGRPCExposeHTTP1(t testing.T) *ConfigSnapshot { roots, leaf := TestCerts(t) diff --git a/agent/xds/clusters.go b/agent/xds/clusters.go index ae586a540..7adaf7cf3 100644 --- a/agent/xds/clusters.go +++ b/agent/xds/clusters.go @@ -146,7 +146,7 @@ func (s *ResourceGenerator) clustersFromSnapshotConnectProxy(cfgSnap *proxycfg.C // Add service health checks to the list of paths to create clusters for if needed if cfgSnap.Proxy.Expose.Checks { psid := structs.NewServiceID(cfgSnap.Proxy.DestinationServiceID, &cfgSnap.ProxyID.EnterpriseMeta) - for _, check := range s.CheckFetcher.ServiceHTTPBasedChecks(psid) { + for _, check := range cfgSnap.ConnectProxy.WatchedServiceChecks[psid] { p, err := parseCheckPath(check) if err != nil { s.Logger.Warn("failed to create cluster for", "check", check.CheckID, "error", err) diff --git a/agent/xds/clusters_test.go b/agent/xds/clusters_test.go index 7d89dfc1e..1897d134e 100644 --- a/agent/xds/clusters_test.go +++ b/agent/xds/clusters_test.go @@ -638,7 +638,7 @@ func TestClustersFromSnapshot(t *testing.T) { setupTLSRootsAndLeaf(t, snap) // Need server just for logger dependency - g := newResourceGenerator(testutil.Logger(t), nil, nil, false) + g := newResourceGenerator(testutil.Logger(t), nil, false) g.ProxyFeatures = sf clusters, err := g.clustersFromSnapshot(snap) diff --git a/agent/xds/delta.go b/agent/xds/delta.go index 3d5326dd9..cdc6e53d6 100644 --- a/agent/xds/delta.go +++ b/agent/xds/delta.go @@ -106,7 +106,6 @@ func (s *Server) processDelta(stream ADSDeltaStream, reqCh <-chan *envoy_discove generator := newResourceGenerator( s.Logger.Named(logging.XDS).With("xdsVersion", "v3"), - s.CheckFetcher, s.CfgFetcher, true, ) diff --git a/agent/xds/endpoints_test.go b/agent/xds/endpoints_test.go index ca40d2cdb..c1e99949d 100644 --- a/agent/xds/endpoints_test.go +++ b/agent/xds/endpoints_test.go @@ -504,7 +504,7 @@ func TestEndpointsFromSnapshot(t *testing.T) { setupTLSRootsAndLeaf(t, snap) // Need server just for logger dependency - g := newResourceGenerator(testutil.Logger(t), nil, nil, false) + g := newResourceGenerator(testutil.Logger(t), nil, false) g.ProxyFeatures = sf endpoints, err := g.endpointsFromSnapshot(snap) diff --git a/agent/xds/listeners.go b/agent/xds/listeners.go index b3b98d5c2..bcbf28063 100644 --- a/agent/xds/listeners.go +++ b/agent/xds/listeners.go @@ -398,7 +398,7 @@ func (s *ResourceGenerator) listenersFromSnapshotConnectProxy(cfgSnap *proxycfg. // Add service health checks to the list of paths to create listeners for if needed if cfgSnap.Proxy.Expose.Checks { psid := structs.NewServiceID(cfgSnap.Proxy.DestinationServiceID, &cfgSnap.ProxyID.EnterpriseMeta) - for _, check := range s.CheckFetcher.ServiceHTTPBasedChecks(psid) { + for _, check := range cfgSnap.ConnectProxy.WatchedServiceChecks[psid] { p, err := parseCheckPath(check) if err != nil { s.Logger.Warn("failed to create listener for", "check", check.CheckID, "error", err) diff --git a/agent/xds/listeners_test.go b/agent/xds/listeners_test.go index b43b5c0b2..39d779d21 100644 --- a/agent/xds/listeners_test.go +++ b/agent/xds/listeners_test.go @@ -6,7 +6,6 @@ import ( "sort" "testing" "text/template" - "time" envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" testinf "github.com/mitchellh/go-testing-interface" @@ -451,33 +450,12 @@ func TestListenersFromSnapshot(t *testing.T) { // NOTE: if IPv6 is not supported in the kernel per // kernelSupportsIPv6() then this test will fail because the golden // files were generated assuming ipv6 support was present - name: "expose-checks", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotExposeConfig(t, func(ns *structs.NodeService) { - ns.Proxy.Expose = structs.ExposeConfig{ - Checks: true, - } - }) - }, + name: "expose-checks", + create: proxycfg.TestConfigSnapshotExposeChecks, generatorSetup: func(s *ResourceGenerator) { s.CfgFetcher = configFetcherFunc(func() string { return "192.0.2.1" }) - - s.CheckFetcher = httpCheckFetcherFunc(func(sid structs.ServiceID) []structs.CheckType { - if sid != structs.NewServiceID("web", nil) { - return nil - } - return []structs.CheckType{{ - CheckID: types.CheckID("http"), - Name: "http", - HTTP: "http://127.0.0.1:8181/debug", - ProxyHTTP: "http://:21500/debug", - Method: "GET", - Interval: 10 * time.Second, - Timeout: 1 * time.Second, - }} - }) }, }, { @@ -838,7 +816,7 @@ func TestListenersFromSnapshot(t *testing.T) { } // Need server just for logger dependency - g := newResourceGenerator(testutil.Logger(t), nil, nil, false) + g := newResourceGenerator(testutil.Logger(t), nil, false) g.ProxyFeatures = sf if tt.generatorSetup != nil { tt.generatorSetup(g) @@ -988,14 +966,6 @@ func customHTTPListenerJSON(t testinf.T, opts customHTTPListenerJSONOptions) str return buf.String() } -type httpCheckFetcherFunc func(serviceID structs.ServiceID) []structs.CheckType - -var _ HTTPCheckFetcher = (httpCheckFetcherFunc)(nil) - -func (f httpCheckFetcherFunc) ServiceHTTPBasedChecks(serviceID structs.ServiceID) []structs.CheckType { - return f(serviceID) -} - type configFetcherFunc func() string var _ ConfigFetcher = (configFetcherFunc)(nil) diff --git a/agent/xds/resources.go b/agent/xds/resources.go index c2bb43b3a..31a5769ab 100644 --- a/agent/xds/resources.go +++ b/agent/xds/resources.go @@ -14,7 +14,6 @@ import ( // resources for a single client. type ResourceGenerator struct { Logger hclog.Logger - CheckFetcher HTTPCheckFetcher CfgFetcher ConfigFetcher IncrementalXDS bool @@ -23,13 +22,11 @@ type ResourceGenerator struct { func newResourceGenerator( logger hclog.Logger, - checkFetcher HTTPCheckFetcher, cfgFetcher ConfigFetcher, incrementalXDS bool, ) *ResourceGenerator { return &ResourceGenerator{ Logger: logger, - CheckFetcher: checkFetcher, CfgFetcher: cfgFetcher, IncrementalXDS: incrementalXDS, } diff --git a/agent/xds/routes_test.go b/agent/xds/routes_test.go index 80a75ef1b..90c699c16 100644 --- a/agent/xds/routes_test.go +++ b/agent/xds/routes_test.go @@ -197,7 +197,7 @@ func TestRoutesFromSnapshot(t *testing.T) { // golden files for every test case and so not be any use! setupTLSRootsAndLeaf(t, snap) - g := newResourceGenerator(testutil.Logger(t), nil, nil, false) + g := newResourceGenerator(testutil.Logger(t), nil, false) g.ProxyFeatures = sf routes, err := g.routesFromSnapshot(snap) diff --git a/agent/xds/server.go b/agent/xds/server.go index a3f7d5913..adbe9a62f 100644 --- a/agent/xds/server.go +++ b/agent/xds/server.go @@ -85,12 +85,6 @@ const ( // coupling this to the agent. type ACLResolverFunc func(id string) (acl.Authorizer, error) -// HTTPCheckFetcher is the interface the agent needs to expose -// for the xDS server to fetch a service's HTTP check definitions -type HTTPCheckFetcher interface { - ServiceHTTPBasedChecks(serviceID structs.ServiceID) []structs.CheckType -} - // ConfigFetcher is the interface the agent needs to expose // for the xDS server to fetch agent config, currently only one field is fetched type ConfigFetcher interface { @@ -113,7 +107,6 @@ type Server struct { Logger hclog.Logger CfgSrc ProxyConfigSource ResolveToken ACLResolverFunc - CheckFetcher HTTPCheckFetcher CfgFetcher ConfigFetcher // AuthCheckFrequency is how often we should re-check the credentials used @@ -165,7 +158,6 @@ func NewServer( serverlessPluginEnabled bool, cfgMgr ProxyConfigSource, resolveToken ACLResolverFunc, - checkFetcher HTTPCheckFetcher, cfgFetcher ConfigFetcher, ) *Server { return &Server{ @@ -173,7 +165,6 @@ func NewServer( Logger: logger, CfgSrc: cfgMgr, ResolveToken: resolveToken, - CheckFetcher: checkFetcher, CfgFetcher: cfgFetcher, AuthCheckFrequency: DefaultAuthCheckFrequency, activeStreams: &activeStreamCounters{}, diff --git a/agent/xds/serverless_plugin_oss_test.go b/agent/xds/serverless_plugin_oss_test.go index 334905d4a..0a520c7f0 100644 --- a/agent/xds/serverless_plugin_oss_test.go +++ b/agent/xds/serverless_plugin_oss_test.go @@ -73,7 +73,7 @@ func TestServerlessPluginFromSnapshot(t *testing.T) { // golden files for every test case and so not be any use! setupTLSRootsAndLeaf(t, snap) - g := newResourceGenerator(testutil.Logger(t), nil, nil, false) + g := newResourceGenerator(testutil.Logger(t), nil, false) g.ProxyFeatures = sf res, err := g.allResourcesFromSnapshot(snap) diff --git a/agent/xds/xds_protocol_helpers_test.go b/agent/xds/xds_protocol_helpers_test.go index 5e56f0269..a27eaba2f 100644 --- a/agent/xds/xds_protocol_helpers_test.go +++ b/agent/xds/xds_protocol_helpers_test.go @@ -160,7 +160,6 @@ func newTestServerDeltaScenario( serverlessPluginEnabled, mgr, resolveToken, - nil, /*checkFetcher HTTPCheckFetcher*/ nil, /*cfgFetcher ConfigFetcher*/ ) if authCheckFrequency > 0 { From 802eda2af68046cb6cf39eb7258279aa2ffa8bef Mon Sep 17 00:00:00 2001 From: modrake <12264057+modrake@users.noreply.github.com> Date: Mon, 6 Jun 2022 08:57:15 -0700 Subject: [PATCH 453/785] add codeowners to protect release dirs (#13261) * add codeowners to protect release dirs --- .github/CODEOWNERS | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 839a65192..31495d064 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -5,3 +5,6 @@ /website/content/api-docs/ @hashicorp/consul-docs +# release configuration +/.release/ @hashicorp/release-engineering @hashicorp/github-consul-core +/.github/workflows/build.yml @hashicorp/release-engineering @hashicorp/github-consul-core From 6132f1a845a76c56bfce46e385ce0d326abfd143 Mon Sep 17 00:00:00 2001 From: Riddhi Shah Date: Mon, 6 Jun 2022 09:23:08 -0700 Subject: [PATCH 454/785] [OSS] consul connect envoy command changes for agentless (#13361) Changes the sourcing of the envoy bootstrap configuration to not use agent APIs and instead use the catalog(server) API. This is done by passing a node-name flag to the command, (which can only be used with proxy-id). Also fixes a bug where the golden envoy bootstrap config files used for tests did not use the expected destination service name in certain places for connect proxy kind. --- command/connect/envoy/bootstrap_tpl.go | 6 + command/connect/envoy/envoy.go | 115 ++++--- command/connect/envoy/envoy_test.go | 99 +++++- ..._ADDR-with-https-scheme-enables-tls.golden | 6 +- .../envoy/testdata/access-log-path.golden | 6 +- .../envoy/testdata/custom-bootstrap.golden | 2 +- .../envoy/testdata/defaults-nodemeta.golden | 193 ++++++++++++ .../connect/envoy/testdata/defaults.golden | 6 +- .../deprecated-grpc-addr-config.golden | 6 +- .../envoy/testdata/existing-ca-file.golden | 6 +- .../envoy/testdata/existing-ca-path.golden | 6 +- .../envoy/testdata/extra_-multiple.golden | 6 +- .../envoy/testdata/extra_-single.golden | 6 +- .../envoy/testdata/grpc-addr-env.golden | 6 +- .../envoy/testdata/grpc-addr-flag.golden | 6 +- .../envoy/testdata/grpc-addr-unix.golden | 6 +- .../testdata/ingress-gateway-nodemeta.golden | 282 ++++++++++++++++++ .../envoy/testdata/prometheus-metrics.golden | 6 +- .../testdata/stats-config-override.golden | 2 +- .../connect/envoy/testdata/token-arg.golden | 6 +- .../connect/envoy/testdata/token-env.golden | 6 +- .../envoy/testdata/token-file-arg.golden | 6 +- .../envoy/testdata/token-file-env.golden | 6 +- .../envoy/testdata/xds-addr-config.golden | 6 +- .../testdata/zipkin-tracing-config.golden | 6 +- 25 files changed, 711 insertions(+), 96 deletions(-) create mode 100644 command/connect/envoy/testdata/defaults-nodemeta.golden create mode 100644 command/connect/envoy/testdata/ingress-gateway-nodemeta.golden diff --git a/command/connect/envoy/bootstrap_tpl.go b/command/connect/envoy/bootstrap_tpl.go index 9c3f38ee0..6cb238d49 100644 --- a/command/connect/envoy/bootstrap_tpl.go +++ b/command/connect/envoy/bootstrap_tpl.go @@ -14,6 +14,9 @@ type BootstrapTplArgs struct { // the agent to deliver the correct configuration. ProxyID string + // NodeName is the name of the node on which the proxy service instance is registered. + NodeName string + // ProxySourceService is the Consul service name to report for this proxy // instance's source service label. For sidecars it should be the // Proxy.DestinationServiceName. For gateways and similar it is the service @@ -140,6 +143,9 @@ const bootstrapTemplate = `{ "cluster": "{{ .ProxyCluster }}", "id": "{{ .ProxyID }}", "metadata": { + {{- if .NodeName }} + "node_name": "{{ .NodeName }}", + {{- end }} "namespace": "{{if ne .Namespace ""}}{{ .Namespace }}{{else}}default{{end}}", "partition": "{{if ne .Partition ""}}{{ .Partition }}{{else}}default{{end}}" } diff --git a/command/connect/envoy/envoy.go b/command/connect/envoy/envoy.go index 61ace0fad..8b86aac1d 100644 --- a/command/connect/envoy/envoy.go +++ b/command/connect/envoy/envoy.go @@ -41,6 +41,7 @@ type cmd struct { meshGateway bool gateway string proxyID string + nodeName string sidecarFor string adminAccessLogPath string adminBind string @@ -81,6 +82,9 @@ func (c *cmd) init() { c.flags.StringVar(&c.proxyID, "proxy-id", os.Getenv("CONNECT_PROXY_ID"), "The proxy's ID on the local agent.") + c.flags.StringVar(&c.nodeName, "node-name", "", + "[Experimental] The node name where the proxy service is registered. It requires proxy-id to be specified. ") + // Deprecated in favor of `gateway` c.flags.BoolVar(&c.meshGateway, "mesh-gateway", false, "Configure Envoy as a Mesh Gateway.") @@ -231,6 +235,12 @@ func (c *cmd) Run(args []string) int { } func (c *cmd) run(args []string) int { + + if c.nodeName != "" && c.proxyID == "" { + c.UI.Error("'-node-name' requires '-proxy-id'") + return 1 + } + // Fixup for deprecated mesh-gateway flag if c.meshGateway && c.gateway != "" { c.UI.Error("The mesh-gateway flag is deprecated and cannot be used alongside the gateway flag") @@ -297,6 +307,10 @@ func (c *cmd) run(args []string) int { } if c.register { + if c.nodeName != "" { + c.UI.Error("'-register' cannot be used with '-node-name'") + return 1 + } if c.gateway == "" { c.UI.Error("Auto-Registration can only be used for gateways") return 1 @@ -478,6 +492,7 @@ func (c *cmd) templateArgs() (*BootstrapTplArgs, error) { GRPC: xdsAddr, ProxyCluster: cluster, ProxyID: c.proxyID, + NodeName: c.nodeName, ProxySourceService: proxySourceService, AgentCAPEM: caPEM, AdminAccessLogPath: adminAccessLogPath, @@ -501,6 +516,67 @@ func (c *cmd) generateConfig() ([]byte, error) { var bsCfg BootstrapConfig + // Fetch any customization from the registration + var svcProxyConfig *api.AgentServiceConnectProxyConfig + var serviceName, ns, partition, datacenter string + if c.nodeName == "" { + svc, _, err := c.client.Agent().Service(c.proxyID, nil) + if err != nil { + return nil, fmt.Errorf("failed fetch proxy config from local agent: %s", err) + } + svcProxyConfig = svc.Proxy + serviceName = svc.Service + ns = svc.Namespace + partition = svc.Partition + datacenter = svc.Datacenter + } else { + filter := fmt.Sprintf("ID == %q", c.proxyID) + svcList, _, err := c.client.Catalog().NodeServiceList(c.nodeName, &api.QueryOptions{Filter: filter}) + if err != nil { + return nil, fmt.Errorf("failed to fetch proxy config from catalog for node %q: %w", c.nodeName, err) + } + if len(svcList.Services) != 1 { + return nil, fmt.Errorf("expected to find only one proxy service with ID: %q", c.proxyID) + } + svcProxyConfig = svcList.Services[0].Proxy + serviceName = svcList.Services[0].Service + ns = svcList.Services[0].Namespace + partition = svcList.Services[0].Partition + datacenter = svcList.Node.Datacenter + c.gatewayKind = svcList.Services[0].Kind + } + if svcProxyConfig == nil { + return nil, errors.New("service is not a Connect proxy or gateway") + } + + if svcProxyConfig.DestinationServiceName != "" { + // Override cluster now we know the actual service name + args.ProxyCluster = svcProxyConfig.DestinationServiceName + args.ProxySourceService = svcProxyConfig.DestinationServiceName + } else { + // Set the source service name from the proxy's own registration + args.ProxySourceService = serviceName + } + + // In most cases where namespaces and partitions are enabled they will already be set + // correctly because the http client that fetched this will provide them explicitly. + // However, if these arguments were not provided, they will be empty even + // though Namespaces and Partitions are actually being used. + // Overriding them ensures that we always set the Namespace and Partition args + // if the cluster is using them. This prevents us from defaulting to the "default" + // when a non-default partition or namespace was inferred from the ACL token. + if ns != "" { + args.Namespace = ns + } + if partition != "" { + args.Partition = partition + } + + if datacenter != "" { + // The agent will definitely have the definitive answer here. + args.Datacenter = datacenter + } + // Setup ready listener for ingress gateway to pass healthcheck if c.gatewayKind == api.ServiceKindIngressGateway { lanAddr := c.lanAddress.String() @@ -512,46 +588,9 @@ func (c *cmd) generateConfig() ([]byte, error) { bsCfg.ReadyBindAddr = lanAddr } - // Fetch any customization from the registration - svc, _, err := c.client.Agent().Service(c.proxyID, nil) - if err != nil { - return nil, fmt.Errorf("failed fetch proxy config from local agent: %s", err) - } - if svc.Proxy == nil { - return nil, errors.New("service is not a Connect proxy or gateway") - } - - if svc.Proxy.DestinationServiceName != "" { - // Override cluster now we know the actual service name - args.ProxyCluster = svc.Proxy.DestinationServiceName - args.ProxySourceService = svc.Proxy.DestinationServiceName - } else { - // Set the source service name from the proxy's own registration - args.ProxySourceService = svc.Service - } - - // In most cases where namespaces and partitions are enabled they will already be set - // correctly because the http client that fetched this will provide them explicitly. - // However, if these arguments were not provided, they will be empty even - // though Namespaces and Partitions are actually being used. - // Overriding them ensures that we always set the Namespace and Partition args - // if the cluster is using them. This prevents us from defaulting to the "default" - // when a non-default partition or namespace was inferred from the ACL token. - if svc.Namespace != "" { - args.Namespace = svc.Namespace - } - if svc.Partition != "" { - args.Partition = svc.Partition - } - - if svc.Datacenter != "" { - // The agent will definitely have the definitive answer here. - args.Datacenter = svc.Datacenter - } - if !c.disableCentralConfig { // Parse the bootstrap config - if err := mapstructure.WeakDecode(svc.Proxy.Config, &bsCfg); err != nil { + if err := mapstructure.WeakDecode(svcProxyConfig.Config, &bsCfg); err != nil { return nil, fmt.Errorf("failed parsing Proxy.Config: %s", err) } } diff --git a/command/connect/envoy/envoy_test.go b/command/connect/envoy/envoy_test.go index a419569df..0e29a6934 100644 --- a/command/connect/envoy/envoy_test.go +++ b/command/connect/envoy/envoy_test.go @@ -55,6 +55,11 @@ func TestEnvoyGateway_Validation(t *testing.T) { []string{""}, "No proxy ID specified", }, + { + "-register with nodename", + []string{"-register", "-proxy-id", "gw-svc-id", "-node-name", "gw-node"}, + "'-register' cannot be used with '-node-name'", + }, } for _, tc := range cases { @@ -130,6 +135,11 @@ func TestGenerateConfig(t *testing.T) { Env: []string{}, WantErr: "No proxy ID specified", }, + { + Name: "node-name without proxy-id", + Flags: []string{"-node-name", "test-node"}, + WantErr: "'-node-name' requires '-proxy-id'", + }, { Name: "defaults", Flags: []string{"-proxy-id", "test-proxy"}, @@ -151,6 +161,28 @@ func TestGenerateConfig(t *testing.T) { PrometheusScrapePath: "/metrics", }, }, + { + Name: "defaults-nodemeta", + Flags: []string{"-proxy-id", "test-proxy", "-node-name", "test-node"}, + WantArgs: BootstrapTplArgs{ + ProxyCluster: "test-proxy", + ProxyID: "test-proxy", + NodeName: "test-node", + // We don't know this til after the lookup so it will be empty in the + // initial args call we are testing here. + ProxySourceService: "", + GRPC: GRPC{ + AgentAddress: "127.0.0.1", + AgentPort: "8502", // Note this is the gRPC port + }, + AdminAccessLogPath: "/dev/null", + AdminBindAddress: "127.0.0.1", + AdminBindPort: "19000", + LocalAgentClusterName: xds.LocalAgentClusterName, + PrometheusBackendPort: "", + PrometheusScrapePath: "/metrics", + }, + }, { Name: "prometheus-metrics", Flags: []string{"-proxy-id", "test-proxy", @@ -764,6 +796,24 @@ func TestGenerateConfig(t *testing.T) { PrometheusScrapePath: "/metrics", }, }, + { + Name: "ingress-gateway-nodemeta", + Flags: []string{"-proxy-id", "ingress-gateway-1", "-node-name", "test-node"}, + WantArgs: BootstrapTplArgs{ + ProxyCluster: "ingress-gateway-1", + ProxyID: "ingress-gateway-1", + NodeName: "test-node", + GRPC: GRPC{ + AgentAddress: "127.0.0.1", + AgentPort: "8502", + }, + AdminAccessLogPath: "/dev/null", + AdminBindAddress: "127.0.0.1", + AdminBindPort: "19000", + LocalAgentClusterName: xds.LocalAgentClusterName, + PrometheusScrapePath: "/metrics", + }, + }, { Name: "ingress-gateway-address-specified", Flags: []string{"-proxy-id", "ingress-gateway", "-gateway", "ingress", "-address", "1.2.3.4:7777"}, @@ -1011,7 +1061,8 @@ func TestEnvoy_GatewayRegistration(t *testing.T) { } // testMockAgent combines testMockAgentProxyConfig and testMockAgentSelf, -// routing /agent/service/... requests to testMockAgentProxyConfig and +// routing /agent/service/... requests to testMockAgentProxyConfig, +// routing /catalog/node-services/... requests to testMockCatalogNodeServiceList // routing /agent/self requests to testMockAgentSelf. func testMockAgent(tc generateConfigTestCase) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { @@ -1022,6 +1073,8 @@ func testMockAgent(tc generateConfigTestCase) http.HandlerFunc { testMockAgentProxyConfig(tc.ProxyConfig, tc.NamespacesEnabled)(w, r) case strings.Contains(r.URL.Path, "/agent/self"): testMockAgentSelf(tc.XDSPort, tc.AgentSelf110)(w, r) + case strings.Contains(r.URL.Path, "/catalog/node-services"): + testMockCatalogNodeServiceList()(w, r) default: http.NotFound(w, r) } @@ -1090,7 +1143,7 @@ func testMockAgentProxyConfig(cfg map[string]interface{}, namespacesEnabled bool // Parse the proxy-id from the end of the URL (blindly assuming it's correct // format) proxyID := strings.TrimPrefix(r.URL.Path, "/v1/agent/service/") - serviceID := strings.TrimSuffix(proxyID, "-sidecar-proxy") + serviceID := strings.TrimSuffix(proxyID, "-proxy") svc := api.AgentService{ Kind: api.ServiceKindConnectProxy, @@ -1119,6 +1172,48 @@ func testMockAgentProxyConfig(cfg map[string]interface{}, namespacesEnabled bool } } +func testMockCatalogNodeServiceList() http.HandlerFunc { + return func(w http.ResponseWriter, r *http.Request) { + quotedProxyID := strings.TrimPrefix(r.URL.Query().Get("filter"), "ID == ") + proxyID := quotedProxyID[1 : len(quotedProxyID)-1] + serviceID := strings.TrimSuffix(proxyID, "-proxy") + + var svcKind api.ServiceKind + if strings.Contains(proxyID, "ingress-gateway") { + svcKind = api.ServiceKindIngressGateway + } else { + svcKind = api.ServiceKindConnectProxy + } + + var svcProxy api.AgentServiceConnectProxyConfig + if svcKind == api.ServiceKindConnectProxy { + svcProxy = api.AgentServiceConnectProxyConfig{ + DestinationServiceName: serviceID, + DestinationServiceID: serviceID, + } + } + svc := api.AgentService{ + Kind: svcKind, + ID: proxyID, + Service: proxyID, + Proxy: &svcProxy, + } + + nodeSvc := api.CatalogNodeServiceList{ + Node: &api.Node{Datacenter: "dc1"}, + Services: []*api.AgentService{&svc}, + } + + cfgJSON, err := json.Marshal(nodeSvc) + if err != nil { + w.WriteHeader(500) + w.Write([]byte(err.Error())) + return + } + w.Write(cfgJSON) + } +} + func TestEnvoyCommand_canBindInternal(t *testing.T) { t.Parallel() type testCheck struct { diff --git a/command/connect/envoy/testdata/CONSUL_HTTP_ADDR-with-https-scheme-enables-tls.golden b/command/connect/envoy/testdata/CONSUL_HTTP_ADDR-with-https-scheme-enables-tls.golden index e9560a50c..cfa96e5ef 100644 --- a/command/connect/envoy/testdata/CONSUL_HTTP_ADDR-with-https-scheme-enables-tls.golden +++ b/command/connect/envoy/testdata/CONSUL_HTTP_ADDR-with-https-scheme-enables-tls.golden @@ -9,7 +9,7 @@ } }, "node": { - "cluster": "test-proxy", + "cluster": "test", "id": "test-proxy", "metadata": { "namespace": "default", @@ -155,11 +155,11 @@ }, { "tag_name": "local_cluster", - "fixed_value": "test-proxy" + "fixed_value": "test" }, { "tag_name": "consul.source.service", - "fixed_value": "test-proxy" + "fixed_value": "test" }, { "tag_name": "consul.source.namespace", diff --git a/command/connect/envoy/testdata/access-log-path.golden b/command/connect/envoy/testdata/access-log-path.golden index b47c55f63..a874cb698 100644 --- a/command/connect/envoy/testdata/access-log-path.golden +++ b/command/connect/envoy/testdata/access-log-path.golden @@ -9,7 +9,7 @@ } }, "node": { - "cluster": "test-proxy", + "cluster": "test", "id": "test-proxy", "metadata": { "namespace": "default", @@ -142,11 +142,11 @@ }, { "tag_name": "local_cluster", - "fixed_value": "test-proxy" + "fixed_value": "test" }, { "tag_name": "consul.source.service", - "fixed_value": "test-proxy" + "fixed_value": "test" }, { "tag_name": "consul.source.namespace", diff --git a/command/connect/envoy/testdata/custom-bootstrap.golden b/command/connect/envoy/testdata/custom-bootstrap.golden index fa7e55398..59bc467f6 100644 --- a/command/connect/envoy/testdata/custom-bootstrap.golden +++ b/command/connect/envoy/testdata/custom-bootstrap.golden @@ -9,7 +9,7 @@ } }, "node": { - "cluster": "test-proxy", + "cluster": "test", "id": "test-proxy" }, "custom_field": "foo" diff --git a/command/connect/envoy/testdata/defaults-nodemeta.golden b/command/connect/envoy/testdata/defaults-nodemeta.golden new file mode 100644 index 000000000..62adc0032 --- /dev/null +++ b/command/connect/envoy/testdata/defaults-nodemeta.golden @@ -0,0 +1,193 @@ +{ + "admin": { + "access_log_path": "/dev/null", + "address": { + "socket_address": { + "address": "127.0.0.1", + "port_value": 19000 + } + } + }, + "node": { + "cluster": "test", + "id": "test-proxy", + "metadata": { + "node_name": "test-node", + "namespace": "default", + "partition": "default" + } + }, + "static_resources": { + "clusters": [ + { + "name": "local_agent", + "ignore_health_on_host_removal": false, + "connect_timeout": "1s", + "type": "STATIC", + "http2_protocol_options": {}, + "loadAssignment": { + "clusterName": "local_agent", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socket_address": { + "address": "127.0.0.1", + "port_value": 8502 + } + } + } + } + ] + } + ] + } + } + ] + }, + "stats_config": { + "stats_tags": [ + { + "regex": "^cluster\\.(?:passthrough~)?((?:([^.]+)~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.(?:[^.]+\\.)?[^.]+\\.[^.]+\\.[^.]+\\.consul\\.)", + "tag_name": "consul.destination.custom_hash" + }, + { + "regex": "^cluster\\.(?:passthrough~)?((?:[^.]+~)?(?:([^.]+)\\.)?[^.]+\\.[^.]+\\.(?:[^.]+\\.)?[^.]+\\.[^.]+\\.[^.]+\\.consul\\.)", + "tag_name": "consul.destination.service_subset" + }, + { + "regex": "^cluster\\.(?:passthrough~)?((?:[^.]+~)?(?:[^.]+\\.)?([^.]+)\\.[^.]+\\.(?:[^.]+\\.)?[^.]+\\.[^.]+\\.[^.]+\\.consul\\.)", + "tag_name": "consul.destination.service" + }, + { + "regex": "^cluster\\.(?:passthrough~)?((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.([^.]+)\\.(?:[^.]+\\.)?[^.]+\\.[^.]+\\.[^.]+\\.consul\\.)", + "tag_name": "consul.destination.namespace" + }, + { + "regex": "^cluster\\.(?:passthrough~)?((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.(?:([^.]+)\\.)?[^.]+\\.[^.]+\\.[^.]+\\.consul\\.)", + "tag_name": "consul.destination.partition" + }, + { + "regex": "^cluster\\.(?:passthrough~)?((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.(?:[^.]+\\.)?([^.]+)\\.[^.]+\\.[^.]+\\.consul\\.)", + "tag_name": "consul.destination.datacenter" + }, + { + "regex": "^cluster\\.(?:passthrough~)?((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.(?:[^.]+\\.)?[^.]+\\.([^.]+)\\.[^.]+\\.consul\\.)", + "tag_name": "consul.destination.routing_type" + }, + { + "regex": "^cluster\\.(?:passthrough~)?((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.(?:[^.]+\\.)?[^.]+\\.[^.]+\\.([^.]+)\\.consul\\.)", + "tag_name": "consul.destination.trust_domain" + }, + { + "regex": "^cluster\\.(?:passthrough~)?(((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.(?:[^.]+\\.)?[^.]+)\\.[^.]+\\.[^.]+\\.consul\\.)", + "tag_name": "consul.destination.target" + }, + { + "regex": "^cluster\\.(?:passthrough~)?(((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.(?:[^.]+\\.)?[^.]+\\.[^.]+\\.[^.]+)\\.consul\\.)", + "tag_name": "consul.destination.full_target" + }, + { + "regex": "^(?:tcp|http)\\.upstream\\.(([^.]+)(?:\\.[^.]+)?(?:\\.[^.]+)?\\.[^.]+\\.)", + "tag_name": "consul.upstream.service" + }, + { + "regex": "^(?:tcp|http)\\.upstream\\.([^.]+(?:\\.[^.]+)?(?:\\.[^.]+)?\\.([^.]+)\\.)", + "tag_name": "consul.upstream.datacenter" + }, + { + "regex": "^(?:tcp|http)\\.upstream\\.([^.]+(?:\\.([^.]+))?(?:\\.[^.]+)?\\.[^.]+\\.)", + "tag_name": "consul.upstream.namespace" + }, + { + "regex": "^(?:tcp|http)\\.upstream\\.([^.]+(?:\\.[^.]+)?(?:\\.([^.]+))?\\.[^.]+\\.)", + "tag_name": "consul.upstream.partition" + }, + { + "regex": "^cluster\\.((?:([^.]+)~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.(?:[^.]+\\.)?[^.]+\\.[^.]+\\.[^.]+\\.consul\\.)", + "tag_name": "consul.custom_hash" + }, + { + "regex": "^cluster\\.((?:[^.]+~)?(?:([^.]+)\\.)?[^.]+\\.[^.]+\\.(?:[^.]+\\.)?[^.]+\\.[^.]+\\.[^.]+\\.consul\\.)", + "tag_name": "consul.service_subset" + }, + { + "regex": "^cluster\\.((?:[^.]+~)?(?:[^.]+\\.)?([^.]+)\\.[^.]+\\.(?:[^.]+\\.)?[^.]+\\.[^.]+\\.[^.]+\\.consul\\.)", + "tag_name": "consul.service" + }, + { + "regex": "^cluster\\.((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.([^.]+)\\.(?:[^.]+\\.)?[^.]+\\.[^.]+\\.[^.]+\\.consul\\.)", + "tag_name": "consul.namespace" + }, + { + "regex": "^cluster\\.((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.(?:[^.]+\\.)?([^.]+)\\.[^.]+\\.[^.]+\\.consul\\.)", + "tag_name": "consul.datacenter" + }, + { + "regex": "^cluster\\.((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.(?:[^.]+\\.)?[^.]+\\.([^.]+)\\.[^.]+\\.consul\\.)", + "tag_name": "consul.routing_type" + }, + { + "regex": "^cluster\\.((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.(?:[^.]+\\.)?[^.]+\\.[^.]+\\.([^.]+)\\.consul\\.)", + "tag_name": "consul.trust_domain" + }, + { + "regex": "^cluster\\.(((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.(?:[^.]+\\.)?[^.]+)\\.[^.]+\\.[^.]+\\.consul\\.)", + "tag_name": "consul.target" + }, + { + "regex": "^cluster\\.(((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.(?:[^.]+\\.)?[^.]+\\.[^.]+\\.[^.]+)\\.consul\\.)", + "tag_name": "consul.full_target" + }, + { + "tag_name": "local_cluster", + "fixed_value": "test" + }, + { + "tag_name": "consul.source.service", + "fixed_value": "test" + }, + { + "tag_name": "consul.source.namespace", + "fixed_value": "default" + }, + { + "tag_name": "consul.source.partition", + "fixed_value": "default" + }, + { + "tag_name": "consul.source.datacenter", + "fixed_value": "dc1" + } + ], + "use_all_default_tags": true + }, + "dynamic_resources": { + "lds_config": { + "ads": {}, + "resource_api_version": "V3" + }, + "cds_config": { + "ads": {}, + "resource_api_version": "V3" + }, + "ads_config": { + "api_type": "DELTA_GRPC", + "transport_api_version": "V3", + "grpc_services": { + "initial_metadata": [ + { + "key": "x-consul-token", + "value": "" + } + ], + "envoy_grpc": { + "cluster_name": "local_agent" + } + } + } + } +} + diff --git a/command/connect/envoy/testdata/defaults.golden b/command/connect/envoy/testdata/defaults.golden index 19f44d547..1c3b452ff 100644 --- a/command/connect/envoy/testdata/defaults.golden +++ b/command/connect/envoy/testdata/defaults.golden @@ -9,7 +9,7 @@ } }, "node": { - "cluster": "test-proxy", + "cluster": "test", "id": "test-proxy", "metadata": { "namespace": "default", @@ -142,11 +142,11 @@ }, { "tag_name": "local_cluster", - "fixed_value": "test-proxy" + "fixed_value": "test" }, { "tag_name": "consul.source.service", - "fixed_value": "test-proxy" + "fixed_value": "test" }, { "tag_name": "consul.source.namespace", diff --git a/command/connect/envoy/testdata/deprecated-grpc-addr-config.golden b/command/connect/envoy/testdata/deprecated-grpc-addr-config.golden index c4b70fa7f..f59a782ed 100644 --- a/command/connect/envoy/testdata/deprecated-grpc-addr-config.golden +++ b/command/connect/envoy/testdata/deprecated-grpc-addr-config.golden @@ -9,7 +9,7 @@ } }, "node": { - "cluster": "test-proxy", + "cluster": "test", "id": "test-proxy", "metadata": { "namespace": "default", @@ -142,11 +142,11 @@ }, { "tag_name": "local_cluster", - "fixed_value": "test-proxy" + "fixed_value": "test" }, { "tag_name": "consul.source.service", - "fixed_value": "test-proxy" + "fixed_value": "test" }, { "tag_name": "consul.source.namespace", diff --git a/command/connect/envoy/testdata/existing-ca-file.golden b/command/connect/envoy/testdata/existing-ca-file.golden index 62c65881b..ff0945848 100644 --- a/command/connect/envoy/testdata/existing-ca-file.golden +++ b/command/connect/envoy/testdata/existing-ca-file.golden @@ -9,7 +9,7 @@ } }, "node": { - "cluster": "test-proxy", + "cluster": "test", "id": "test-proxy", "metadata": { "namespace": "default", @@ -155,11 +155,11 @@ }, { "tag_name": "local_cluster", - "fixed_value": "test-proxy" + "fixed_value": "test" }, { "tag_name": "consul.source.service", - "fixed_value": "test-proxy" + "fixed_value": "test" }, { "tag_name": "consul.source.namespace", diff --git a/command/connect/envoy/testdata/existing-ca-path.golden b/command/connect/envoy/testdata/existing-ca-path.golden index d0de2eae0..a9fc080fd 100644 --- a/command/connect/envoy/testdata/existing-ca-path.golden +++ b/command/connect/envoy/testdata/existing-ca-path.golden @@ -9,7 +9,7 @@ } }, "node": { - "cluster": "test-proxy", + "cluster": "test", "id": "test-proxy", "metadata": { "namespace": "default", @@ -155,11 +155,11 @@ }, { "tag_name": "local_cluster", - "fixed_value": "test-proxy" + "fixed_value": "test" }, { "tag_name": "consul.source.service", - "fixed_value": "test-proxy" + "fixed_value": "test" }, { "tag_name": "consul.source.namespace", diff --git a/command/connect/envoy/testdata/extra_-multiple.golden b/command/connect/envoy/testdata/extra_-multiple.golden index 3d1fb43d5..b0689e23b 100644 --- a/command/connect/envoy/testdata/extra_-multiple.golden +++ b/command/connect/envoy/testdata/extra_-multiple.golden @@ -9,7 +9,7 @@ } }, "node": { - "cluster": "test-proxy", + "cluster": "test", "id": "test-proxy", "metadata": { "namespace": "default", @@ -164,11 +164,11 @@ }, { "tag_name": "local_cluster", - "fixed_value": "test-proxy" + "fixed_value": "test" }, { "tag_name": "consul.source.service", - "fixed_value": "test-proxy" + "fixed_value": "test" }, { "tag_name": "consul.source.namespace", diff --git a/command/connect/envoy/testdata/extra_-single.golden b/command/connect/envoy/testdata/extra_-single.golden index 56c2f480d..6a33f0c29 100644 --- a/command/connect/envoy/testdata/extra_-single.golden +++ b/command/connect/envoy/testdata/extra_-single.golden @@ -9,7 +9,7 @@ } }, "node": { - "cluster": "test-proxy", + "cluster": "test", "id": "test-proxy", "metadata": { "namespace": "default", @@ -155,11 +155,11 @@ }, { "tag_name": "local_cluster", - "fixed_value": "test-proxy" + "fixed_value": "test" }, { "tag_name": "consul.source.service", - "fixed_value": "test-proxy" + "fixed_value": "test" }, { "tag_name": "consul.source.namespace", diff --git a/command/connect/envoy/testdata/grpc-addr-env.golden b/command/connect/envoy/testdata/grpc-addr-env.golden index c4b70fa7f..f59a782ed 100644 --- a/command/connect/envoy/testdata/grpc-addr-env.golden +++ b/command/connect/envoy/testdata/grpc-addr-env.golden @@ -9,7 +9,7 @@ } }, "node": { - "cluster": "test-proxy", + "cluster": "test", "id": "test-proxy", "metadata": { "namespace": "default", @@ -142,11 +142,11 @@ }, { "tag_name": "local_cluster", - "fixed_value": "test-proxy" + "fixed_value": "test" }, { "tag_name": "consul.source.service", - "fixed_value": "test-proxy" + "fixed_value": "test" }, { "tag_name": "consul.source.namespace", diff --git a/command/connect/envoy/testdata/grpc-addr-flag.golden b/command/connect/envoy/testdata/grpc-addr-flag.golden index c4b70fa7f..f59a782ed 100644 --- a/command/connect/envoy/testdata/grpc-addr-flag.golden +++ b/command/connect/envoy/testdata/grpc-addr-flag.golden @@ -9,7 +9,7 @@ } }, "node": { - "cluster": "test-proxy", + "cluster": "test", "id": "test-proxy", "metadata": { "namespace": "default", @@ -142,11 +142,11 @@ }, { "tag_name": "local_cluster", - "fixed_value": "test-proxy" + "fixed_value": "test" }, { "tag_name": "consul.source.service", - "fixed_value": "test-proxy" + "fixed_value": "test" }, { "tag_name": "consul.source.namespace", diff --git a/command/connect/envoy/testdata/grpc-addr-unix.golden b/command/connect/envoy/testdata/grpc-addr-unix.golden index e92d84846..4386445f8 100644 --- a/command/connect/envoy/testdata/grpc-addr-unix.golden +++ b/command/connect/envoy/testdata/grpc-addr-unix.golden @@ -9,7 +9,7 @@ } }, "node": { - "cluster": "test-proxy", + "cluster": "test", "id": "test-proxy", "metadata": { "namespace": "default", @@ -141,11 +141,11 @@ }, { "tag_name": "local_cluster", - "fixed_value": "test-proxy" + "fixed_value": "test" }, { "tag_name": "consul.source.service", - "fixed_value": "test-proxy" + "fixed_value": "test" }, { "tag_name": "consul.source.namespace", diff --git a/command/connect/envoy/testdata/ingress-gateway-nodemeta.golden b/command/connect/envoy/testdata/ingress-gateway-nodemeta.golden new file mode 100644 index 000000000..45a024653 --- /dev/null +++ b/command/connect/envoy/testdata/ingress-gateway-nodemeta.golden @@ -0,0 +1,282 @@ +{ + "admin": { + "access_log_path": "/dev/null", + "address": { + "socket_address": { + "address": "127.0.0.1", + "port_value": 19000 + } + } + }, + "node": { + "cluster": "ingress-gateway-1", + "id": "ingress-gateway-1", + "metadata": { + "node_name": "test-node", + "namespace": "default", + "partition": "default" + } + }, + "static_resources": { + "clusters": [ + { + "name": "local_agent", + "ignore_health_on_host_removal": false, + "connect_timeout": "1s", + "type": "STATIC", + "http2_protocol_options": {}, + "loadAssignment": { + "clusterName": "local_agent", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socket_address": { + "address": "127.0.0.1", + "port_value": 8502 + } + } + } + } + ] + } + ] + } + }, + { + "name": "self_admin", + "ignore_health_on_host_removal": false, + "connect_timeout": "5s", + "type": "STATIC", + "http_protocol_options": {}, + "loadAssignment": { + "clusterName": "self_admin", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socket_address": { + "address": "127.0.0.1", + "port_value": 19000 + } + } + } + } + ] + } + ] + } + } + ], + "listeners": [ + { + "name": "envoy_ready_listener", + "address": { + "socket_address": { + "address": "127.0.0.1", + "port_value": 8443 + } + }, + "filter_chains": [ + { + "filters": [ + { + "name": "envoy.filters.network.http_connection_manager", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", + "stat_prefix": "envoy_ready", + "codec_type": "HTTP1", + "route_config": { + "name": "self_admin_route", + "virtual_hosts": [ + { + "name": "self_admin", + "domains": [ + "*" + ], + "routes": [ + { + "match": { + "path": "/ready" + }, + "route": { + "cluster": "self_admin", + "prefix_rewrite": "/ready" + } + }, + { + "match": { + "prefix": "/" + }, + "direct_response": { + "status": 404 + } + } + ] + } + ] + }, + "http_filters": [ + { + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } + } + ] + } + } + ] + } + ] + } + ] + }, + "stats_config": { + "stats_tags": [ + { + "regex": "^cluster\\.(?:passthrough~)?((?:([^.]+)~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.(?:[^.]+\\.)?[^.]+\\.[^.]+\\.[^.]+\\.consul\\.)", + "tag_name": "consul.destination.custom_hash" + }, + { + "regex": "^cluster\\.(?:passthrough~)?((?:[^.]+~)?(?:([^.]+)\\.)?[^.]+\\.[^.]+\\.(?:[^.]+\\.)?[^.]+\\.[^.]+\\.[^.]+\\.consul\\.)", + "tag_name": "consul.destination.service_subset" + }, + { + "regex": "^cluster\\.(?:passthrough~)?((?:[^.]+~)?(?:[^.]+\\.)?([^.]+)\\.[^.]+\\.(?:[^.]+\\.)?[^.]+\\.[^.]+\\.[^.]+\\.consul\\.)", + "tag_name": "consul.destination.service" + }, + { + "regex": "^cluster\\.(?:passthrough~)?((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.([^.]+)\\.(?:[^.]+\\.)?[^.]+\\.[^.]+\\.[^.]+\\.consul\\.)", + "tag_name": "consul.destination.namespace" + }, + { + "regex": "^cluster\\.(?:passthrough~)?((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.(?:([^.]+)\\.)?[^.]+\\.[^.]+\\.[^.]+\\.consul\\.)", + "tag_name": "consul.destination.partition" + }, + { + "regex": "^cluster\\.(?:passthrough~)?((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.(?:[^.]+\\.)?([^.]+)\\.[^.]+\\.[^.]+\\.consul\\.)", + "tag_name": "consul.destination.datacenter" + }, + { + "regex": "^cluster\\.(?:passthrough~)?((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.(?:[^.]+\\.)?[^.]+\\.([^.]+)\\.[^.]+\\.consul\\.)", + "tag_name": "consul.destination.routing_type" + }, + { + "regex": "^cluster\\.(?:passthrough~)?((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.(?:[^.]+\\.)?[^.]+\\.[^.]+\\.([^.]+)\\.consul\\.)", + "tag_name": "consul.destination.trust_domain" + }, + { + "regex": "^cluster\\.(?:passthrough~)?(((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.(?:[^.]+\\.)?[^.]+)\\.[^.]+\\.[^.]+\\.consul\\.)", + "tag_name": "consul.destination.target" + }, + { + "regex": "^cluster\\.(?:passthrough~)?(((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.(?:[^.]+\\.)?[^.]+\\.[^.]+\\.[^.]+)\\.consul\\.)", + "tag_name": "consul.destination.full_target" + }, + { + "regex": "^(?:tcp|http)\\.upstream\\.(([^.]+)(?:\\.[^.]+)?(?:\\.[^.]+)?\\.[^.]+\\.)", + "tag_name": "consul.upstream.service" + }, + { + "regex": "^(?:tcp|http)\\.upstream\\.([^.]+(?:\\.[^.]+)?(?:\\.[^.]+)?\\.([^.]+)\\.)", + "tag_name": "consul.upstream.datacenter" + }, + { + "regex": "^(?:tcp|http)\\.upstream\\.([^.]+(?:\\.([^.]+))?(?:\\.[^.]+)?\\.[^.]+\\.)", + "tag_name": "consul.upstream.namespace" + }, + { + "regex": "^(?:tcp|http)\\.upstream\\.([^.]+(?:\\.[^.]+)?(?:\\.([^.]+))?\\.[^.]+\\.)", + "tag_name": "consul.upstream.partition" + }, + { + "regex": "^cluster\\.((?:([^.]+)~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.(?:[^.]+\\.)?[^.]+\\.[^.]+\\.[^.]+\\.consul\\.)", + "tag_name": "consul.custom_hash" + }, + { + "regex": "^cluster\\.((?:[^.]+~)?(?:([^.]+)\\.)?[^.]+\\.[^.]+\\.(?:[^.]+\\.)?[^.]+\\.[^.]+\\.[^.]+\\.consul\\.)", + "tag_name": "consul.service_subset" + }, + { + "regex": "^cluster\\.((?:[^.]+~)?(?:[^.]+\\.)?([^.]+)\\.[^.]+\\.(?:[^.]+\\.)?[^.]+\\.[^.]+\\.[^.]+\\.consul\\.)", + "tag_name": "consul.service" + }, + { + "regex": "^cluster\\.((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.([^.]+)\\.(?:[^.]+\\.)?[^.]+\\.[^.]+\\.[^.]+\\.consul\\.)", + "tag_name": "consul.namespace" + }, + { + "regex": "^cluster\\.((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.(?:[^.]+\\.)?([^.]+)\\.[^.]+\\.[^.]+\\.consul\\.)", + "tag_name": "consul.datacenter" + }, + { + "regex": "^cluster\\.((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.(?:[^.]+\\.)?[^.]+\\.([^.]+)\\.[^.]+\\.consul\\.)", + "tag_name": "consul.routing_type" + }, + { + "regex": "^cluster\\.((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.(?:[^.]+\\.)?[^.]+\\.[^.]+\\.([^.]+)\\.consul\\.)", + "tag_name": "consul.trust_domain" + }, + { + "regex": "^cluster\\.(((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.(?:[^.]+\\.)?[^.]+)\\.[^.]+\\.[^.]+\\.consul\\.)", + "tag_name": "consul.target" + }, + { + "regex": "^cluster\\.(((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.(?:[^.]+\\.)?[^.]+\\.[^.]+\\.[^.]+)\\.consul\\.)", + "tag_name": "consul.full_target" + }, + { + "tag_name": "local_cluster", + "fixed_value": "ingress-gateway-1" + }, + { + "tag_name": "consul.source.service", + "fixed_value": "ingress-gateway-1" + }, + { + "tag_name": "consul.source.namespace", + "fixed_value": "default" + }, + { + "tag_name": "consul.source.partition", + "fixed_value": "default" + }, + { + "tag_name": "consul.source.datacenter", + "fixed_value": "dc1" + } + ], + "use_all_default_tags": true + }, + "dynamic_resources": { + "lds_config": { + "ads": {}, + "resource_api_version": "V3" + }, + "cds_config": { + "ads": {}, + "resource_api_version": "V3" + }, + "ads_config": { + "api_type": "DELTA_GRPC", + "transport_api_version": "V3", + "grpc_services": { + "initial_metadata": [ + { + "key": "x-consul-token", + "value": "" + } + ], + "envoy_grpc": { + "cluster_name": "local_agent" + } + } + } + } +} + diff --git a/command/connect/envoy/testdata/prometheus-metrics.golden b/command/connect/envoy/testdata/prometheus-metrics.golden index 333f9872d..004ed7489 100644 --- a/command/connect/envoy/testdata/prometheus-metrics.golden +++ b/command/connect/envoy/testdata/prometheus-metrics.golden @@ -9,7 +9,7 @@ } }, "node": { - "cluster": "test-proxy", + "cluster": "test", "id": "test-proxy", "metadata": { "namespace": "default", @@ -231,11 +231,11 @@ }, { "tag_name": "local_cluster", - "fixed_value": "test-proxy" + "fixed_value": "test" }, { "tag_name": "consul.source.service", - "fixed_value": "test-proxy" + "fixed_value": "test" }, { "tag_name": "consul.source.namespace", diff --git a/command/connect/envoy/testdata/stats-config-override.golden b/command/connect/envoy/testdata/stats-config-override.golden index cfe5d9133..62c890125 100644 --- a/command/connect/envoy/testdata/stats-config-override.golden +++ b/command/connect/envoy/testdata/stats-config-override.golden @@ -9,7 +9,7 @@ } }, "node": { - "cluster": "test-proxy", + "cluster": "test", "id": "test-proxy", "metadata": { "namespace": "default", diff --git a/command/connect/envoy/testdata/token-arg.golden b/command/connect/envoy/testdata/token-arg.golden index e1be2a292..c5a54a871 100644 --- a/command/connect/envoy/testdata/token-arg.golden +++ b/command/connect/envoy/testdata/token-arg.golden @@ -9,7 +9,7 @@ } }, "node": { - "cluster": "test-proxy", + "cluster": "test", "id": "test-proxy", "metadata": { "namespace": "default", @@ -142,11 +142,11 @@ }, { "tag_name": "local_cluster", - "fixed_value": "test-proxy" + "fixed_value": "test" }, { "tag_name": "consul.source.service", - "fixed_value": "test-proxy" + "fixed_value": "test" }, { "tag_name": "consul.source.namespace", diff --git a/command/connect/envoy/testdata/token-env.golden b/command/connect/envoy/testdata/token-env.golden index e1be2a292..c5a54a871 100644 --- a/command/connect/envoy/testdata/token-env.golden +++ b/command/connect/envoy/testdata/token-env.golden @@ -9,7 +9,7 @@ } }, "node": { - "cluster": "test-proxy", + "cluster": "test", "id": "test-proxy", "metadata": { "namespace": "default", @@ -142,11 +142,11 @@ }, { "tag_name": "local_cluster", - "fixed_value": "test-proxy" + "fixed_value": "test" }, { "tag_name": "consul.source.service", - "fixed_value": "test-proxy" + "fixed_value": "test" }, { "tag_name": "consul.source.namespace", diff --git a/command/connect/envoy/testdata/token-file-arg.golden b/command/connect/envoy/testdata/token-file-arg.golden index e1be2a292..c5a54a871 100644 --- a/command/connect/envoy/testdata/token-file-arg.golden +++ b/command/connect/envoy/testdata/token-file-arg.golden @@ -9,7 +9,7 @@ } }, "node": { - "cluster": "test-proxy", + "cluster": "test", "id": "test-proxy", "metadata": { "namespace": "default", @@ -142,11 +142,11 @@ }, { "tag_name": "local_cluster", - "fixed_value": "test-proxy" + "fixed_value": "test" }, { "tag_name": "consul.source.service", - "fixed_value": "test-proxy" + "fixed_value": "test" }, { "tag_name": "consul.source.namespace", diff --git a/command/connect/envoy/testdata/token-file-env.golden b/command/connect/envoy/testdata/token-file-env.golden index e1be2a292..c5a54a871 100644 --- a/command/connect/envoy/testdata/token-file-env.golden +++ b/command/connect/envoy/testdata/token-file-env.golden @@ -9,7 +9,7 @@ } }, "node": { - "cluster": "test-proxy", + "cluster": "test", "id": "test-proxy", "metadata": { "namespace": "default", @@ -142,11 +142,11 @@ }, { "tag_name": "local_cluster", - "fixed_value": "test-proxy" + "fixed_value": "test" }, { "tag_name": "consul.source.service", - "fixed_value": "test-proxy" + "fixed_value": "test" }, { "tag_name": "consul.source.namespace", diff --git a/command/connect/envoy/testdata/xds-addr-config.golden b/command/connect/envoy/testdata/xds-addr-config.golden index c4b70fa7f..f59a782ed 100644 --- a/command/connect/envoy/testdata/xds-addr-config.golden +++ b/command/connect/envoy/testdata/xds-addr-config.golden @@ -9,7 +9,7 @@ } }, "node": { - "cluster": "test-proxy", + "cluster": "test", "id": "test-proxy", "metadata": { "namespace": "default", @@ -142,11 +142,11 @@ }, { "tag_name": "local_cluster", - "fixed_value": "test-proxy" + "fixed_value": "test" }, { "tag_name": "consul.source.service", - "fixed_value": "test-proxy" + "fixed_value": "test" }, { "tag_name": "consul.source.namespace", diff --git a/command/connect/envoy/testdata/zipkin-tracing-config.golden b/command/connect/envoy/testdata/zipkin-tracing-config.golden index 2fa890b8f..8c84471a3 100644 --- a/command/connect/envoy/testdata/zipkin-tracing-config.golden +++ b/command/connect/envoy/testdata/zipkin-tracing-config.golden @@ -9,7 +9,7 @@ } }, "node": { - "cluster": "test-proxy", + "cluster": "test", "id": "test-proxy", "metadata": { "namespace": "default", @@ -166,11 +166,11 @@ }, { "tag_name": "local_cluster", - "fixed_value": "test-proxy" + "fixed_value": "test" }, { "tag_name": "consul.source.service", - "fixed_value": "test-proxy" + "fixed_value": "test" }, { "tag_name": "consul.source.namespace", From ff2ad3ba0c1c02e9a34e3dd65a6b622543870d38 Mon Sep 17 00:00:00 2001 From: alex <8968914+acpana@users.noreply.github.com> Date: Mon, 6 Jun 2022 10:00:38 -0700 Subject: [PATCH 455/785] peering: send leader addr (#13342) Signed-off-by: acpana <8968914+acpana@users.noreply.github.com> --- agent/consul/peering_backend.go | 16 +- agent/consul/server.go | 2 +- agent/consul/server_test.go | 10 +- agent/rpc/peering/service.go | 38 ++-- agent/rpc/peering/stream_test.go | 50 ++++-- proto/pbpeering/peering.pb.binary.go | 10 ++ proto/pbpeering/peering.pb.go | 248 +++++++++++++++++---------- proto/pbpeering/peering.proto | 7 + 8 files changed, 253 insertions(+), 128 deletions(-) diff --git a/agent/consul/peering_backend.go b/agent/consul/peering_backend.go index b82f52f23..0aa0e3f3a 100644 --- a/agent/consul/peering_backend.go +++ b/agent/consul/peering_backend.go @@ -20,7 +20,7 @@ type peeringBackend struct { srv *Server connPool GRPCClientConner apply *peeringApply - monitor *leadershipMonitor + addr *leaderAddr } var _ peering.Backend = (*peeringBackend)(nil) @@ -31,7 +31,7 @@ func NewPeeringBackend(srv *Server, connPool GRPCClientConner) peering.Backend { srv: srv, connPool: connPool, apply: &peeringApply{srv: srv}, - monitor: &leadershipMonitor{}, + addr: &leaderAddr{}, } } @@ -104,8 +104,8 @@ func (b *peeringBackend) Apply() peering.Apply { return b.apply } -func (b *peeringBackend) LeadershipMonitor() peering.LeadershipMonitor { - return b.monitor +func (b *peeringBackend) LeaderAddress() peering.LeaderAddress { + return b.addr } func (b *peeringBackend) EnterpriseCheckPartitions(partition string) error { @@ -116,19 +116,19 @@ func (b *peeringBackend) IsLeader() bool { return b.srv.IsLeader() } -type leadershipMonitor struct { +type leaderAddr struct { lock sync.RWMutex leaderAddr string } -func (m *leadershipMonitor) UpdateLeaderAddr(addr string) { +func (m *leaderAddr) Set(addr string) { m.lock.Lock() defer m.lock.Unlock() m.leaderAddr = addr } -func (m *leadershipMonitor) GetLeaderAddr() string { +func (m *leaderAddr) Get() string { m.lock.RLock() defer m.lock.RUnlock() @@ -166,4 +166,4 @@ func (a *peeringApply) CatalogRegister(req *structs.RegisterRequest) error { } var _ peering.Apply = (*peeringApply)(nil) -var _ peering.LeadershipMonitor = (*leadershipMonitor)(nil) +var _ peering.LeaderAddress = (*leaderAddr)(nil) diff --git a/agent/consul/server.go b/agent/consul/server.go index 16cc22baf..344efb167 100644 --- a/agent/consul/server.go +++ b/agent/consul/server.go @@ -1659,7 +1659,7 @@ func (s *Server) trackLeaderChanges() { } s.grpcLeaderForwarder.UpdateLeaderAddr(s.config.Datacenter, string(leaderObs.LeaderAddr)) - s.peeringService.Backend.LeadershipMonitor().UpdateLeaderAddr(string(leaderObs.LeaderAddr)) + s.peeringService.Backend.LeaderAddress().Set(string(leaderObs.LeaderAddr)) case <-s.shutdownCh: s.raft.DeregisterObserver(observer) return diff --git a/agent/consul/server_test.go b/agent/consul/server_test.go index 9cd9762d3..c2d9c96c2 100644 --- a/agent/consul/server_test.go +++ b/agent/consul/server_test.go @@ -1952,9 +1952,9 @@ func TestServer_RPC_RateLimit(t *testing.T) { }) } -// TestServer_Peering_LeadershipMonitor tests that a peering service can receive the leader address -// through the LeadershipMonitor IRL. -func TestServer_Peering_LeadershipMonitor(t *testing.T) { +// TestServer_Peering_LeadershipCheck tests that a peering service can receive the leader address +// through the LeaderAddress IRL. +func TestServer_Peering_LeadershipCheck(t *testing.T) { if testing.Short() { t.Skip("too slow for testing.Short") } @@ -1991,8 +1991,8 @@ func TestServer_Peering_LeadershipMonitor(t *testing.T) { // the actual tests // when leadership has been established s2 should have the address of s1 - // in its leadership monitor in the peering service - peeringLeaderAddr := s2.peeringService.Backend.LeadershipMonitor().GetLeaderAddr() + // in the peering service + peeringLeaderAddr := s2.peeringService.Backend.LeaderAddress().Get() require.Equal(t, s1.config.RPCAddr.String(), peeringLeaderAddr) // test corollary by transitivity to future-proof against any setup bugs diff --git a/agent/rpc/peering/service.go b/agent/rpc/peering/service.go index 8e1dcbee3..84d65a4b6 100644 --- a/agent/rpc/peering/service.go +++ b/agent/rpc/peering/service.go @@ -107,20 +107,20 @@ type Backend interface { Store() Store Apply() Apply - LeadershipMonitor() LeadershipMonitor + LeaderAddress() LeaderAddress } -// LeadershipMonitor provides a way for the consul server to update the peering service about +// LeaderAddress provides a way for the consul server to update the peering service about // the server's leadership status. // Server addresses should look like: ip:port -type LeadershipMonitor interface { - // UpdateLeaderAddr is called on a raft.LeaderObservation in a go routine in the consul server; +type LeaderAddress interface { + // Set is called on a raft.LeaderObservation in a go routine in the consul server; // see trackLeaderChanges() - UpdateLeaderAddr(leaderAddr string) + Set(leaderAddr string) - // GetLeaderAddr provides the best hint for the current address of the leader. + // Get provides the best hint for the current address of the leader. // There is no guarantee that this is the actual address of the leader. - GetLeaderAddr() string + Get() string } // Store provides a read-only interface for querying Peering data. @@ -473,9 +473,17 @@ func (s *Service) StreamResources(stream pbpeering.PeeringService_StreamResource if !s.Backend.IsLeader() { // we are not the leader so we will hang up on the dialer - // TODO(peering): in the future we want to indicate the address of the leader server as a message to the dialer (best effort, non blocking) s.logger.Error("cannot establish a peering stream on a follower node") - return grpcstatus.Error(codes.FailedPrecondition, "cannot establish a peering stream on a follower node") + + st, err := grpcstatus.New(codes.FailedPrecondition, + "cannot establish a peering stream on a follower node").WithDetails( + &pbpeering.LeaderAddress{Address: s.Backend.LeaderAddress().Get()}) + if err != nil { + s.logger.Error(fmt.Sprintf("failed to marshal the leader address in response; err: %v", err)) + return grpcstatus.Error(codes.FailedPrecondition, "cannot establish a peering stream on a follower node") + } else { + return st.Err() + } } // Initial message on a new stream must be a new subscription request. @@ -660,9 +668,17 @@ func (s *Service) HandleStream(req HandleStreamRequest) error { if !s.Backend.IsLeader() { // we are not the leader anymore so we will hang up on the dialer - // TODO(peering): in the future we want to indicate the address of the leader server as a message to the dialer (best effort, non blocking) logger.Error("node is not a leader anymore; cannot continue streaming") - return grpcstatus.Error(codes.FailedPrecondition, "node is not a leader anymore; cannot continue streaming") + + st, err := grpcstatus.New(codes.FailedPrecondition, + "node is not a leader anymore; cannot continue streaming").WithDetails( + &pbpeering.LeaderAddress{Address: s.Backend.LeaderAddress().Get()}) + if err != nil { + s.logger.Error(fmt.Sprintf("failed to marshal the leader address in response; err: %v", err)) + return grpcstatus.Error(codes.FailedPrecondition, "node is not a leader anymore; cannot continue streaming") + } else { + return st.Err() + } } if req := msg.GetRequest(); req != nil { diff --git a/agent/rpc/peering/stream_test.go b/agent/rpc/peering/stream_test.go index e8568f727..db42e1374 100644 --- a/agent/rpc/peering/stream_test.go +++ b/agent/rpc/peering/stream_test.go @@ -47,6 +47,9 @@ func TestStreamResources_Server_Follower(t *testing.T) { leader: func() bool { return false }, + leaderAddress: &leaderAddress{ + addr: "expected:address", + }, }) client := NewMockClient(context.Background()) @@ -63,10 +66,20 @@ func TestStreamResources_Server_Follower(t *testing.T) { } }() + // expect error msg, err := client.Recv() require.Nil(t, msg) require.Error(t, err) require.EqualError(t, err, "rpc error: code = FailedPrecondition desc = cannot establish a peering stream on a follower node") + + // expect a status error + st, ok := status.FromError(err) + require.True(t, ok, "need to get back a grpc status error") + deets := st.Details() + + // expect a LeaderAddress message + exp := []interface{}{&pbpeering.LeaderAddress{Address: "expected:address"}} + prototest.AssertDeepEqual(t, exp, deets) } // TestStreamResources_Server_LeaderBecomesFollower simulates a srv that is a leader when the @@ -94,6 +107,9 @@ func TestStreamResources_Server_LeaderBecomesFollower(t *testing.T) { store: store, pub: publisher, leader: leaderFunc, + leaderAddress: &leaderAddress{ + addr: "expected:address", + }, }) client := NewMockClient(context.Background()) @@ -147,10 +163,20 @@ func TestStreamResources_Server_LeaderBecomesFollower(t *testing.T) { err2 := client.Send(input2) require.NoError(t, err2) + // expect error msg2, err2 := client.Recv() require.Nil(t, msg2) require.Error(t, err2) require.EqualError(t, err2, "rpc error: code = FailedPrecondition desc = node is not a leader anymore; cannot continue streaming") + + // expect a status error + st, ok := status.FromError(err2) + require.True(t, ok, "need to get back a grpc status error") + deets := st.Details() + + // expect a LeaderAddress message + exp := []interface{}{&pbpeering.LeaderAddress{Address: "expected:address"}} + prototest.AssertDeepEqual(t, exp, deets) } func TestStreamResources_Server_FirstRequest(t *testing.T) { @@ -901,28 +927,28 @@ func makeClient( } type testStreamBackend struct { - pub state.EventPublisher - store *state.Store - leader func() bool - leadershipMonitor *leadershipMonitor + pub state.EventPublisher + store *state.Store + leader func() bool + leaderAddress *leaderAddress } -var _ LeadershipMonitor = (*leadershipMonitor)(nil) +var _ LeaderAddress = (*leaderAddress)(nil) -type leadershipMonitor struct { +type leaderAddress struct { + addr string } -func (l *leadershipMonitor) UpdateLeaderAddr(addr string) { +func (l *leaderAddress) Set(addr string) { // noop } -func (l *leadershipMonitor) GetLeaderAddr() string { - // noop - return "" +func (l *leaderAddress) Get() string { + return l.addr } -func (b *testStreamBackend) LeadershipMonitor() LeadershipMonitor { - return b.leadershipMonitor +func (b *testStreamBackend) LeaderAddress() LeaderAddress { + return b.leaderAddress } func (b *testStreamBackend) IsLeader() bool { diff --git a/proto/pbpeering/peering.pb.binary.go b/proto/pbpeering/peering.pb.binary.go index c63e6216d..05ceed595 100644 --- a/proto/pbpeering/peering.pb.binary.go +++ b/proto/pbpeering/peering.pb.binary.go @@ -286,3 +286,13 @@ func (msg *ReplicationMessage_Terminated) MarshalBinary() ([]byte, error) { func (msg *ReplicationMessage_Terminated) UnmarshalBinary(b []byte) error { return proto.Unmarshal(b, msg) } + +// MarshalBinary implements encoding.BinaryMarshaler +func (msg *LeaderAddress) MarshalBinary() ([]byte, error) { + return proto.Marshal(msg) +} + +// UnmarshalBinary implements encoding.BinaryUnmarshaler +func (msg *LeaderAddress) UnmarshalBinary(b []byte) error { + return proto.Unmarshal(b, msg) +} diff --git a/proto/pbpeering/peering.pb.go b/proto/pbpeering/peering.pb.go index 12e0a84fb..fad138cad 100644 --- a/proto/pbpeering/peering.pb.go +++ b/proto/pbpeering/peering.pb.go @@ -1720,6 +1720,56 @@ func (*ReplicationMessage_Response_) isReplicationMessage_Payload() {} func (*ReplicationMessage_Terminated_) isReplicationMessage_Payload() {} +// LeaderAddress is sent when the peering service runs on a consul node +// that is not a leader. The node either lost leadership, or never was a leader. +type LeaderAddress struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // address is an ip:port best effort hint at what could be the cluster leader's address + Address string `protobuf:"bytes,1,opt,name=address,proto3" json:"address,omitempty"` +} + +func (x *LeaderAddress) Reset() { + *x = LeaderAddress{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_pbpeering_peering_proto_msgTypes[25] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *LeaderAddress) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*LeaderAddress) ProtoMessage() {} + +func (x *LeaderAddress) ProtoReflect() protoreflect.Message { + mi := &file_proto_pbpeering_peering_proto_msgTypes[25] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use LeaderAddress.ProtoReflect.Descriptor instead. +func (*LeaderAddress) Descriptor() ([]byte, []int) { + return file_proto_pbpeering_peering_proto_rawDescGZIP(), []int{25} +} + +func (x *LeaderAddress) GetAddress() string { + if x != nil { + return x.Address + } + return "" +} + // A Request requests to subscribe to a resource of a given type. type ReplicationMessage_Request struct { state protoimpl.MessageState @@ -1743,7 +1793,7 @@ type ReplicationMessage_Request struct { func (x *ReplicationMessage_Request) Reset() { *x = ReplicationMessage_Request{} if protoimpl.UnsafeEnabled { - mi := &file_proto_pbpeering_peering_proto_msgTypes[29] + mi := &file_proto_pbpeering_peering_proto_msgTypes[30] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1756,7 +1806,7 @@ func (x *ReplicationMessage_Request) String() string { func (*ReplicationMessage_Request) ProtoMessage() {} func (x *ReplicationMessage_Request) ProtoReflect() protoreflect.Message { - mi := &file_proto_pbpeering_peering_proto_msgTypes[29] + mi := &file_proto_pbpeering_peering_proto_msgTypes[30] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1822,7 +1872,7 @@ type ReplicationMessage_Response struct { func (x *ReplicationMessage_Response) Reset() { *x = ReplicationMessage_Response{} if protoimpl.UnsafeEnabled { - mi := &file_proto_pbpeering_peering_proto_msgTypes[30] + mi := &file_proto_pbpeering_peering_proto_msgTypes[31] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1835,7 +1885,7 @@ func (x *ReplicationMessage_Response) String() string { func (*ReplicationMessage_Response) ProtoMessage() {} func (x *ReplicationMessage_Response) ProtoReflect() protoreflect.Message { - mi := &file_proto_pbpeering_peering_proto_msgTypes[30] + mi := &file_proto_pbpeering_peering_proto_msgTypes[31] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1897,7 +1947,7 @@ type ReplicationMessage_Terminated struct { func (x *ReplicationMessage_Terminated) Reset() { *x = ReplicationMessage_Terminated{} if protoimpl.UnsafeEnabled { - mi := &file_proto_pbpeering_peering_proto_msgTypes[31] + mi := &file_proto_pbpeering_peering_proto_msgTypes[32] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1910,7 +1960,7 @@ func (x *ReplicationMessage_Terminated) String() string { func (*ReplicationMessage_Terminated) ProtoMessage() {} func (x *ReplicationMessage_Terminated) ProtoReflect() protoreflect.Message { - mi := &file_proto_pbpeering_peering_proto_msgTypes[31] + mi := &file_proto_pbpeering_peering_proto_msgTypes[32] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2155,68 +2205,71 @@ var file_proto_pbpeering_peering_proto_rawDesc = []byte{ 0x77, 0x6e, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x55, 0x50, 0x53, 0x45, 0x52, 0x54, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x44, 0x45, 0x4c, 0x45, 0x54, 0x45, 0x10, 0x02, 0x1a, 0x0c, 0x0a, 0x0a, 0x54, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x74, 0x65, 0x64, 0x42, 0x09, 0x0a, 0x07, 0x50, 0x61, - 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x2a, 0x53, 0x0a, 0x0c, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, - 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x0d, 0x0a, 0x09, 0x55, 0x4e, 0x44, 0x45, 0x46, 0x49, 0x4e, - 0x45, 0x44, 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07, 0x49, 0x4e, 0x49, 0x54, 0x49, 0x41, 0x4c, 0x10, - 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x41, 0x43, 0x54, 0x49, 0x56, 0x45, 0x10, 0x02, 0x12, 0x0b, 0x0a, - 0x07, 0x46, 0x41, 0x49, 0x4c, 0x49, 0x4e, 0x47, 0x10, 0x03, 0x12, 0x0e, 0x0a, 0x0a, 0x54, 0x45, - 0x52, 0x4d, 0x49, 0x4e, 0x41, 0x54, 0x45, 0x44, 0x10, 0x04, 0x32, 0xea, 0x05, 0x0a, 0x0e, 0x50, - 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x4e, 0x0a, - 0x0d, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x1d, - 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, - 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1e, 0x2e, - 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, - 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x3f, 0x0a, - 0x08, 0x49, 0x6e, 0x69, 0x74, 0x69, 0x61, 0x74, 0x65, 0x12, 0x18, 0x2e, 0x70, 0x65, 0x65, 0x72, - 0x69, 0x6e, 0x67, 0x2e, 0x49, 0x6e, 0x69, 0x74, 0x69, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, - 0x65, 0x73, 0x74, 0x1a, 0x19, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x49, 0x6e, - 0x69, 0x74, 0x69, 0x61, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x48, - 0x0a, 0x0b, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x61, 0x64, 0x12, 0x1b, 0x2e, - 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x52, - 0x65, 0x61, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1c, 0x2e, 0x70, 0x65, 0x65, - 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x61, 0x64, - 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x48, 0x0a, 0x0b, 0x50, 0x65, 0x65, 0x72, - 0x69, 0x6e, 0x67, 0x4c, 0x69, 0x73, 0x74, 0x12, 0x1b, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, - 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x71, - 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, - 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, - 0x73, 0x65, 0x12, 0x4e, 0x0a, 0x0d, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x44, 0x65, 0x6c, - 0x65, 0x74, 0x65, 0x12, 0x1d, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, - 0x65, 0x72, 0x69, 0x6e, 0x67, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x1a, 0x1e, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, - 0x72, 0x69, 0x6e, 0x67, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, - 0x73, 0x65, 0x12, 0x4b, 0x0a, 0x0c, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x57, 0x72, 0x69, - 0x74, 0x65, 0x12, 0x1c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, - 0x72, 0x69, 0x6e, 0x67, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, - 0x1a, 0x1d, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, - 0x6e, 0x67, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, - 0x6f, 0x0a, 0x18, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x4c, 0x69, - 0x73, 0x74, 0x42, 0x79, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x28, 0x2e, 0x70, 0x65, - 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, - 0x65, 0x4c, 0x69, 0x73, 0x74, 0x42, 0x79, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x29, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, - 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x42, - 0x79, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, - 0x12, 0x54, 0x0a, 0x0f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, - 0x65, 0x61, 0x64, 0x12, 0x1f, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x54, 0x72, - 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, 0x71, - 0x75, 0x65, 0x73, 0x74, 0x1a, 0x20, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x54, - 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x4f, 0x0a, 0x0f, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, - 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, 0x1b, 0x2e, 0x70, 0x65, 0x65, 0x72, - 0x69, 0x6e, 0x67, 0x2e, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, - 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x1a, 0x1b, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, - 0x2e, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x73, - 0x61, 0x67, 0x65, 0x28, 0x01, 0x30, 0x01, 0x42, 0x84, 0x01, 0x0a, 0x0b, 0x63, 0x6f, 0x6d, 0x2e, - 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x42, 0x0c, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, - 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2b, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, - 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, - 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x70, 0x65, 0x65, - 0x72, 0x69, 0x6e, 0x67, 0xa2, 0x02, 0x03, 0x50, 0x58, 0x58, 0xaa, 0x02, 0x07, 0x50, 0x65, 0x65, - 0x72, 0x69, 0x6e, 0x67, 0xca, 0x02, 0x07, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0xe2, 0x02, - 0x13, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, - 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x07, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x62, 0x06, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x22, 0x29, 0x0a, 0x0d, 0x4c, 0x65, 0x61, 0x64, 0x65, 0x72, 0x41, + 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, + 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, + 0x2a, 0x53, 0x0a, 0x0c, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x53, 0x74, 0x61, 0x74, 0x65, + 0x12, 0x0d, 0x0a, 0x09, 0x55, 0x4e, 0x44, 0x45, 0x46, 0x49, 0x4e, 0x45, 0x44, 0x10, 0x00, 0x12, + 0x0b, 0x0a, 0x07, 0x49, 0x4e, 0x49, 0x54, 0x49, 0x41, 0x4c, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, + 0x41, 0x43, 0x54, 0x49, 0x56, 0x45, 0x10, 0x02, 0x12, 0x0b, 0x0a, 0x07, 0x46, 0x41, 0x49, 0x4c, + 0x49, 0x4e, 0x47, 0x10, 0x03, 0x12, 0x0e, 0x0a, 0x0a, 0x54, 0x45, 0x52, 0x4d, 0x49, 0x4e, 0x41, + 0x54, 0x45, 0x44, 0x10, 0x04, 0x32, 0xea, 0x05, 0x0a, 0x0e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, + 0x67, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x4e, 0x0a, 0x0d, 0x47, 0x65, 0x6e, 0x65, + 0x72, 0x61, 0x74, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x1d, 0x2e, 0x70, 0x65, 0x65, 0x72, + 0x69, 0x6e, 0x67, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x54, 0x6f, 0x6b, 0x65, + 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1e, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, + 0x6e, 0x67, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, + 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x3f, 0x0a, 0x08, 0x49, 0x6e, 0x69, 0x74, + 0x69, 0x61, 0x74, 0x65, 0x12, 0x18, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x49, + 0x6e, 0x69, 0x74, 0x69, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x19, + 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x49, 0x6e, 0x69, 0x74, 0x69, 0x61, 0x74, + 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x48, 0x0a, 0x0b, 0x50, 0x65, 0x65, + 0x72, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x61, 0x64, 0x12, 0x1b, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, + 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, + 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, + 0x6e, 0x73, 0x65, 0x12, 0x48, 0x0a, 0x0b, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x4c, 0x69, + 0x73, 0x74, 0x12, 0x1b, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, + 0x72, 0x69, 0x6e, 0x67, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, + 0x1c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, + 0x67, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x4e, 0x0a, + 0x0d, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x12, 0x1d, + 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, + 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1e, 0x2e, + 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x44, + 0x65, 0x6c, 0x65, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x4b, 0x0a, + 0x0c, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x57, 0x72, 0x69, 0x74, 0x65, 0x12, 0x1c, 0x2e, + 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x57, + 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1d, 0x2e, 0x70, 0x65, + 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x57, 0x72, 0x69, + 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x6f, 0x0a, 0x18, 0x54, 0x72, + 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x42, 0x79, 0x53, + 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x28, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, + 0x2e, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x4c, 0x69, 0x73, 0x74, + 0x42, 0x79, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, + 0x1a, 0x29, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x54, 0x72, 0x75, 0x73, 0x74, + 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x42, 0x79, 0x53, 0x65, 0x72, 0x76, + 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x54, 0x0a, 0x0f, 0x54, + 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x65, 0x61, 0x64, 0x12, 0x1f, + 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, + 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, + 0x20, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, + 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, + 0x65, 0x12, 0x4f, 0x0a, 0x0f, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x52, 0x65, 0x73, 0x6f, 0x75, + 0x72, 0x63, 0x65, 0x73, 0x12, 0x1b, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x52, + 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, + 0x65, 0x1a, 0x1b, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x52, 0x65, 0x70, 0x6c, + 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x28, 0x01, + 0x30, 0x01, 0x42, 0x84, 0x01, 0x0a, 0x0b, 0x63, 0x6f, 0x6d, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, + 0x6e, 0x67, 0x42, 0x0c, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x50, 0x72, 0x6f, 0x74, 0x6f, + 0x50, 0x01, 0x5a, 0x2b, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, + 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0xa2, + 0x02, 0x03, 0x50, 0x58, 0x58, 0xaa, 0x02, 0x07, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0xca, + 0x02, 0x07, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0xe2, 0x02, 0x13, 0x50, 0x65, 0x65, 0x72, + 0x69, 0x6e, 0x67, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, + 0x02, 0x07, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x33, } var ( @@ -2232,7 +2285,7 @@ func file_proto_pbpeering_peering_proto_rawDescGZIP() []byte { } var file_proto_pbpeering_peering_proto_enumTypes = make([]protoimpl.EnumInfo, 2) -var file_proto_pbpeering_peering_proto_msgTypes = make([]protoimpl.MessageInfo, 32) +var file_proto_pbpeering_peering_proto_msgTypes = make([]protoimpl.MessageInfo, 33) var file_proto_pbpeering_peering_proto_goTypes = []interface{}{ (PeeringState)(0), // 0: peering.PeeringState (ReplicationMessage_Response_Operation)(0), // 1: peering.ReplicationMessage.Response.Operation @@ -2261,33 +2314,34 @@ var file_proto_pbpeering_peering_proto_goTypes = []interface{}{ (*InitiateRequest)(nil), // 24: peering.InitiateRequest (*InitiateResponse)(nil), // 25: peering.InitiateResponse (*ReplicationMessage)(nil), // 26: peering.ReplicationMessage - nil, // 27: peering.Peering.MetaEntry - nil, // 28: peering.PeeringWriteRequest.MetaEntry - nil, // 29: peering.GenerateTokenRequest.MetaEntry - nil, // 30: peering.InitiateRequest.MetaEntry - (*ReplicationMessage_Request)(nil), // 31: peering.ReplicationMessage.Request - (*ReplicationMessage_Response)(nil), // 32: peering.ReplicationMessage.Response - (*ReplicationMessage_Terminated)(nil), // 33: peering.ReplicationMessage.Terminated - (*pbstatus.Status)(nil), // 34: status.Status - (*anypb.Any)(nil), // 35: google.protobuf.Any + (*LeaderAddress)(nil), // 27: peering.LeaderAddress + nil, // 28: peering.Peering.MetaEntry + nil, // 29: peering.PeeringWriteRequest.MetaEntry + nil, // 30: peering.GenerateTokenRequest.MetaEntry + nil, // 31: peering.InitiateRequest.MetaEntry + (*ReplicationMessage_Request)(nil), // 32: peering.ReplicationMessage.Request + (*ReplicationMessage_Response)(nil), // 33: peering.ReplicationMessage.Response + (*ReplicationMessage_Terminated)(nil), // 34: peering.ReplicationMessage.Terminated + (*pbstatus.Status)(nil), // 35: status.Status + (*anypb.Any)(nil), // 36: google.protobuf.Any } var file_proto_pbpeering_peering_proto_depIdxs = []int32{ - 27, // 0: peering.Peering.Meta:type_name -> peering.Peering.MetaEntry + 28, // 0: peering.Peering.Meta:type_name -> peering.Peering.MetaEntry 0, // 1: peering.Peering.State:type_name -> peering.PeeringState 2, // 2: peering.PeeringReadResponse.Peering:type_name -> peering.Peering 2, // 3: peering.PeeringListResponse.Peerings:type_name -> peering.Peering 2, // 4: peering.PeeringWriteRequest.Peering:type_name -> peering.Peering - 28, // 5: peering.PeeringWriteRequest.Meta:type_name -> peering.PeeringWriteRequest.MetaEntry + 29, // 5: peering.PeeringWriteRequest.Meta:type_name -> peering.PeeringWriteRequest.MetaEntry 3, // 6: peering.TrustBundleListByServiceResponse.Bundles:type_name -> peering.PeeringTrustBundle 3, // 7: peering.TrustBundleReadResponse.Bundle:type_name -> peering.PeeringTrustBundle 3, // 8: peering.PeeringTrustBundleWriteRequest.PeeringTrustBundle:type_name -> peering.PeeringTrustBundle - 29, // 9: peering.GenerateTokenRequest.Meta:type_name -> peering.GenerateTokenRequest.MetaEntry - 30, // 10: peering.InitiateRequest.Meta:type_name -> peering.InitiateRequest.MetaEntry - 31, // 11: peering.ReplicationMessage.request:type_name -> peering.ReplicationMessage.Request - 32, // 12: peering.ReplicationMessage.response:type_name -> peering.ReplicationMessage.Response - 33, // 13: peering.ReplicationMessage.terminated:type_name -> peering.ReplicationMessage.Terminated - 34, // 14: peering.ReplicationMessage.Request.Error:type_name -> status.Status - 35, // 15: peering.ReplicationMessage.Response.Resource:type_name -> google.protobuf.Any + 30, // 9: peering.GenerateTokenRequest.Meta:type_name -> peering.GenerateTokenRequest.MetaEntry + 31, // 10: peering.InitiateRequest.Meta:type_name -> peering.InitiateRequest.MetaEntry + 32, // 11: peering.ReplicationMessage.request:type_name -> peering.ReplicationMessage.Request + 33, // 12: peering.ReplicationMessage.response:type_name -> peering.ReplicationMessage.Response + 34, // 13: peering.ReplicationMessage.terminated:type_name -> peering.ReplicationMessage.Terminated + 35, // 14: peering.ReplicationMessage.Request.Error:type_name -> status.Status + 36, // 15: peering.ReplicationMessage.Response.Resource:type_name -> google.protobuf.Any 1, // 16: peering.ReplicationMessage.Response.operation:type_name -> peering.ReplicationMessage.Response.Operation 22, // 17: peering.PeeringService.GenerateToken:input_type -> peering.GenerateTokenRequest 24, // 18: peering.PeeringService.Initiate:input_type -> peering.InitiateRequest @@ -2620,8 +2674,8 @@ func file_proto_pbpeering_peering_proto_init() { return nil } } - file_proto_pbpeering_peering_proto_msgTypes[29].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ReplicationMessage_Request); i { + file_proto_pbpeering_peering_proto_msgTypes[25].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*LeaderAddress); i { case 0: return &v.state case 1: @@ -2633,7 +2687,7 @@ func file_proto_pbpeering_peering_proto_init() { } } file_proto_pbpeering_peering_proto_msgTypes[30].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ReplicationMessage_Response); i { + switch v := v.(*ReplicationMessage_Request); i { case 0: return &v.state case 1: @@ -2645,6 +2699,18 @@ func file_proto_pbpeering_peering_proto_init() { } } file_proto_pbpeering_peering_proto_msgTypes[31].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ReplicationMessage_Response); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_proto_pbpeering_peering_proto_msgTypes[32].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*ReplicationMessage_Terminated); i { case 0: return &v.state @@ -2668,7 +2734,7 @@ func file_proto_pbpeering_peering_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_proto_pbpeering_peering_proto_rawDesc, NumEnums: 2, - NumMessages: 32, + NumMessages: 33, NumExtensions: 0, NumServices: 1, }, diff --git a/proto/pbpeering/peering.proto b/proto/pbpeering/peering.proto index 8ac8e353f..8bddadf5e 100644 --- a/proto/pbpeering/peering.proto +++ b/proto/pbpeering/peering.proto @@ -365,3 +365,10 @@ message ReplicationMessage { // This message signals to the peer that they should clean up their local state about the peering. message Terminated {} } + +// LeaderAddress is sent when the peering service runs on a consul node +// that is not a leader. The node either lost leadership, or never was a leader. +message LeaderAddress { + // address is an ip:port best effort hint at what could be the cluster leader's address + string address = 1; +} From 6ba124d163b80fe33937a0ca52e351ab8fdb2d8e Mon Sep 17 00:00:00 2001 From: Evan Culver Date: Mon, 6 Jun 2022 11:52:13 -0700 Subject: [PATCH 456/785] Add latest changelog entries (#13363) --- CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index d306b2e11..04ac1f240 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,9 @@ +## 1.12.2 (June 3, 2022) + +BUG FIXES: + +* kvs: Fixed a bug where query options were not being applied to KVS.Get RPC operations. [[GH-13344](https://github.com/hashicorp/consul/issues/13344)] + ## 1.12.1 (May 25, 2022) FEATURES: From 977b39cde1f2b586d8c4ac262caf0fb9a402ae87 Mon Sep 17 00:00:00 2001 From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com> Date: Mon, 6 Jun 2022 14:12:49 -0500 Subject: [PATCH 457/785] test: use a go mod replace trick for the compat test dependency on the main repo (#13371) --- test/integration/consul-container/go.mod | 52 ++++- test/integration/consul-container/go.sum | 259 +---------------------- 2 files changed, 50 insertions(+), 261 deletions(-) diff --git a/test/integration/consul-container/go.mod b/test/integration/consul-container/go.mod index aa61209c1..980e82602 100644 --- a/test/integration/consul-container/go.mod +++ b/test/integration/consul-container/go.mod @@ -1,23 +1,67 @@ module github.com/hashicorp/consul/integration/consul-container -go 1.16 +go 1.18 require ( github.com/docker/docker v20.10.11+incompatible github.com/hashicorp/consul v1.12.1 github.com/hashicorp/consul/api v1.11.0 github.com/hashicorp/consul/sdk v0.8.0 + github.com/hashicorp/go-uuid v1.0.2 + github.com/stretchr/testify v1.7.0 + github.com/testcontainers/testcontainers-go v0.13.0 +) + +require ( + github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect + github.com/Microsoft/go-winio v0.4.17 // indirect + github.com/Microsoft/hcsshim v0.8.23 // indirect + github.com/armon/go-metrics v0.3.10 // indirect + github.com/cenkalti/backoff/v4 v4.1.2 // indirect + github.com/containerd/cgroups v1.0.1 // indirect + github.com/containerd/containerd v1.5.9 // indirect + github.com/davecgh/go-spew v1.1.1 // indirect + github.com/docker/distribution v2.7.1+incompatible // indirect + github.com/docker/go-connections v0.4.0 // indirect + github.com/docker/go-units v0.4.0 // indirect + github.com/fatih/color v1.10.0 // indirect + github.com/gogo/protobuf v1.3.2 // indirect + github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e // indirect + github.com/golang/protobuf v1.5.2 // indirect + github.com/google/uuid v1.3.0 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-hclog v0.16.2 // indirect github.com/hashicorp/go-immutable-radix v1.3.1 // indirect - github.com/hashicorp/go-uuid v1.0.2 + github.com/hashicorp/go-rootcerts v1.0.2 // indirect + github.com/hashicorp/golang-lru v0.5.4 // indirect + github.com/hashicorp/serf v0.9.8 // indirect + github.com/magiconair/properties v1.8.5 // indirect + github.com/mattn/go-colorable v0.1.8 // indirect + github.com/mattn/go-isatty v0.0.12 // indirect + github.com/mitchellh/go-homedir v1.1.0 // indirect github.com/mitchellh/mapstructure v1.4.2 // indirect - github.com/stretchr/testify v1.7.0 - github.com/testcontainers/testcontainers-go v0.13.0 + github.com/moby/sys/mount v0.2.0 // indirect + github.com/moby/sys/mountinfo v0.5.0 // indirect + github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6 // indirect + github.com/morikuni/aec v0.0.0-20170113033406-39771216ff4c // indirect + github.com/opencontainers/go-digest v1.0.0 // indirect + github.com/opencontainers/image-spec v1.0.2 // indirect + github.com/opencontainers/runc v1.0.2 // indirect + github.com/pkg/errors v0.9.1 // indirect + github.com/pmezard/go-difflib v1.0.0 // indirect + github.com/sirupsen/logrus v1.8.1 // indirect + go.opencensus.io v0.22.3 // indirect + golang.org/x/net v0.0.0-20211216030914-fe4d6282115f // indirect + golang.org/x/sys v0.0.0-20220412211240-33da011f77ad // indirect + google.golang.org/genproto v0.0.0-20201110150050-8816d57aaa9a // indirect google.golang.org/grpc v1.41.0 // indirect + google.golang.org/protobuf v1.27.1 // indirect + gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect ) +replace github.com/hashicorp/consul => ../../.. + replace github.com/hashicorp/consul/api => ../../../api replace github.com/hashicorp/consul/sdk => ../../../sdk diff --git a/test/integration/consul-container/go.sum b/test/integration/consul-container/go.sum index 6193ea998..c68661ac4 100644 --- a/test/integration/consul-container/go.sum +++ b/test/integration/consul-container/go.sum @@ -10,61 +10,35 @@ cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6T cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4= cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M= cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc= -cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk= -cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs= -cloud.google.com/go v0.59.0/go.mod h1:qJxNOVCRTxHfwLhvDxxSI9vQc1zI59b9pEglp1Iv60E= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= -cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= -cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= -cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= -cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= -cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= github.com/Azure/azure-sdk-for-go v16.2.1+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= -github.com/Azure/azure-sdk-for-go v44.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8= github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/Azure/go-autorest v10.8.1+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= -github.com/Azure/go-autorest/autorest v0.9.0/go.mod h1:xyHB1BMZT0cuDHU7I0+g046+BFDTQ8rEZB0s4Yfa6bI= -github.com/Azure/go-autorest/autorest v0.11.0/go.mod h1:JFgpikqFJ/MleTTxwepExTKnFUKKszPS8UavbQYUMuw= github.com/Azure/go-autorest/autorest v0.11.1/go.mod h1:JFgpikqFJ/MleTTxwepExTKnFUKKszPS8UavbQYUMuw= -github.com/Azure/go-autorest/autorest v0.11.18/go.mod h1:dSiJPy22c3u0OtOKDNttNgqpNFY/GeWa7GH/Pz56QRA= -github.com/Azure/go-autorest/autorest/adal v0.5.0/go.mod h1:8Z9fGy2MpX0PvDjB1pEgQTmVqjGhiHBW7RJJEciWzS0= github.com/Azure/go-autorest/autorest/adal v0.9.0/go.mod h1:/c022QCutn2P7uY+/oQWWNcK9YU+MH96NgK+jErpbcg= github.com/Azure/go-autorest/autorest/adal v0.9.5/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A= -github.com/Azure/go-autorest/autorest/adal v0.9.13/go.mod h1:W/MM4U6nLxnIskrw4UwWzlHfGjwUS50aOsc/I3yuU8M= -github.com/Azure/go-autorest/autorest/azure/auth v0.5.0/go.mod h1:QRTvSZQpxqm8mSErhnbI+tANIBAKP7B+UIE2z4ypUO0= -github.com/Azure/go-autorest/autorest/azure/cli v0.4.0/go.mod h1:JljT387FplPzBA31vUcvsetLKF3pec5bdAxjVU4kI2s= -github.com/Azure/go-autorest/autorest/date v0.1.0/go.mod h1:plvfp3oPSKwf2DNjlBjWF/7vwR+cUD/ELuzDCXwHUVA= github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74= -github.com/Azure/go-autorest/autorest/mocks v0.1.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0= -github.com/Azure/go-autorest/autorest/mocks v0.2.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0= github.com/Azure/go-autorest/autorest/mocks v0.4.0/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= -github.com/Azure/go-autorest/autorest/to v0.4.0/go.mod h1:fE8iZBn7LQR7zH/9XU2NcPR4o9jEImooCeWJcYV/zLE= -github.com/Azure/go-autorest/autorest/validation v0.3.0/go.mod h1:yhLgjC0Wda5DYXl6JAsWyUe4KVNffhoDhG0zVzUMo3E= -github.com/Azure/go-autorest/logger v0.1.0/go.mod h1:oExouG+K6PryycPJfVSxi/koC6LSNgds39diKLz7Vrc= github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= -github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= -github.com/Azure/go-autorest/tracing v0.5.0/go.mod h1:r/s2XiOKccPW3HrqB+W0TQzfbtp2fGCgRFtBroKn4Dk= github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= -github.com/DataDog/datadog-go v2.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= -github.com/Microsoft/go-winio v0.4.3/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA= github.com/Microsoft/go-winio v0.4.11/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA= github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA= github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw= @@ -86,15 +60,10 @@ github.com/Microsoft/hcsshim v0.8.23/go.mod h1:4zegtUJth7lAvFyc6cH2gGQ5B3OFQim01 github.com/Microsoft/hcsshim/test v0.0.0-20201218223536-d3e5debf77da/go.mod h1:5hlzMzRKMLyo42nCZ9oml8AdTlq/0cvIaBv6tK1RehU= github.com/Microsoft/hcsshim/test v0.0.0-20210227013316-43a75bb4edd3/go.mod h1:mw7qgWloBUl75W/gVH3cQszUg1+gUITj7D6NY7ywVnY= github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= -github.com/NYTimes/gziphandler v1.0.1/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= -github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= -github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ= -github.com/StackExchange/wmi v1.2.1/go.mod h1:rcmrprowKIVzvc+NUiLncP2uuArMWLCbu9SBzvHz7e8= -github.com/abdullin/seq v0.0.0-20160510034733-d5467c17e7af/go.mod h1:5Jv4cbFiHJMsVxt52+i0Ha45fjshj6wxYr1r19tB9bw= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= @@ -104,18 +73,12 @@ github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kd github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= -github.com/armon/go-metrics v0.0.0-20190430140413-ec5e00d3c878/go.mod h1:3AMJUQhVx52RsWOnlkpikZr01T/yAVN2gn0861vByNg= -github.com/armon/go-metrics v0.3.0/go.mod h1:zXjbSimjXTd7vOpY8B0/2LpvNvDoXBuplAD+gJD3GYs= -github.com/armon/go-metrics v0.3.8/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc= github.com/armon/go-metrics v0.3.10 h1:FR+drcQStOe+32sYyJYyZ7FIdgoGGBnwLl+flodp8Uo= github.com/armon/go-metrics v0.3.10/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc= github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= github.com/aws/aws-sdk-go v1.15.11/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0= -github.com/aws/aws-sdk-go v1.25.37/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= -github.com/aws/aws-sdk-go v1.25.41/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= -github.com/aws/aws-sdk-go v1.42.34/go.mod h1:OGr6lGMAKGlG9CVrYnWYDKIyb829c6EVBRjxqjmPepc= github.com/beorn7/perks v0.0.0-20160804104726-4c0e84591b9a/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= @@ -126,7 +89,6 @@ github.com/bits-and-blooms/bitset v1.2.0/go.mod h1:gIdJ4wp64HaoK2YrL1Q5/N7Y16edY github.com/blang/semver v3.1.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869/go.mod h1:Ekp36dRnpXw/yCqJaO+ZrUyxD+3VXMFFr56k5XYrpB4= -github.com/boltdb/bolt v1.3.1/go.mod h1:clJnj/oiGkjum5o1McbSZDSLxVThjynRyGBgiAx27Ps= github.com/bshuster-repo/logrus-logstash-hook v0.4.1/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk= github.com/buger/jsonparser v0.0.0-20180808090653-f4dd9f5a6b44/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd/go.mod h1:2oa8nejYd4cQ/b0hMIopN0lCRxU0bueqREvZLWFrtK8= @@ -153,9 +115,7 @@ github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= -github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cockroachdb/apd v1.1.0/go.mod h1:8Sl8LxpKi29FqWXR16WEFZRNSz3SoPzUzeMeY4+DwBQ= github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= github.com/containerd/aufs v0.0.0-20200908144142-dab0cbea06f4/go.mod h1:nukgQABAEopAHvB6j7cnP5zJ+/3aVcE7hCYqvIwAHyE= github.com/containerd/aufs v0.0.0-20201003224125-76a6863f2989/go.mod h1:AkGGQs9NM2vtYHaUen+NljV0/baGCAPELGm2q9ZXpWU= @@ -243,10 +203,8 @@ github.com/containernetworking/plugins v0.9.1/go.mod h1:xP/idU2ldlzN6m4p5LmGiwRD github.com/containers/ocicrypt v1.0.1/go.mod h1:MeJDzk1RJHv89LjsH0Sp5KTY3ZYkjXO/C+bKAeWFIrc= github.com/containers/ocicrypt v1.1.0/go.mod h1:b8AOe0YR67uU8OqfVNcznfFpAzu3rdgUV4GP9qXPfu4= github.com/containers/ocicrypt v1.1.1/go.mod h1:Dm55fwWm1YZAjYRaJ94z2mfZikIyIN4B0oB3dj3jFxY= -github.com/coredns/coredns v1.1.2/go.mod h1:zASH/MVDgR6XZTbxvOnsZfffS+31vg6Ackf/wo1+AM0= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= -github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk= github.com/coreos/go-iptables v0.4.5/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU= github.com/coreos/go-iptables v0.5.0/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU= github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= @@ -260,11 +218,9 @@ github.com/coreos/go-systemd/v22 v22.1.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+ github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= -github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= -github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.11 h1:07n33Z8lZxZ2qwegKbObQohDhXDQxiMMz1NOUGYlesw= github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/cyphar/filepath-securejoin v0.2.2/go.mod h1:FpkQEhXnPnOthhzymB7CGsFk2G9VLXONKD9G7QGMM+4= @@ -275,14 +231,10 @@ github.com/d2g/hardwareaddr v0.0.0-20190221164911-e7d9fbe030e4/go.mod h1:bMl4RjI github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/denverdino/aliyungo v0.0.0-20170926055100-d3308649c661/go.mod h1:dV8lFg6daOBZbT6/BDGIz6Y3WFGn8juu6G+CQ6LHtl0= github.com/denverdino/aliyungo v0.0.0-20190125010748-a747050bb1ba/go.mod h1:dV8lFg6daOBZbT6/BDGIz6Y3WFGn8juu6G+CQ6LHtl0= github.com/dgrijalva/jwt-go v0.0.0-20170104182250-a601269ab70c/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= -github.com/digitalocean/godo v1.7.5/go.mod h1:h6faOIcZ8lWIwNQ+DN7b3CgX4Kwby5T+nbpNqkUIozU= -github.com/digitalocean/godo v1.10.0/go.mod h1:h6faOIcZ8lWIwNQ+DN7b3CgX4Kwby5T+nbpNqkUIozU= -github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8= github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E= github.com/dnephin/pflag v1.0.7/go.mod h1:uxE91IoWURlOiTUIA8Mq5ZZkAv3dPUfZNaT80Zm7OQE= github.com/docker/distribution v0.0.0-20190905152932-14b96e55d84c/go.mod h1:0+TTO4EOBfRPhZXAeF1Vu+W3hHZ8eLp8PgKVZlcvtFY= @@ -291,7 +243,6 @@ github.com/docker/distribution v2.7.1+incompatible h1:a5mlkVzth6W5A4fOsS3D2EO5BU github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/docker v20.10.11+incompatible h1:OqzI/g/W54LczvhnccGqniFoQghHx3pklbLuhfXpqGo= github.com/docker/docker v20.10.11+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -github.com/docker/go-connections v0.3.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec= github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ= github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec= github.com/docker/go-events v0.0.0-20170721190031-9461782956ad/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA= @@ -305,7 +256,6 @@ github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZ github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= -github.com/elazarl/go-bindata-assetfs v0.0.0-20160803192304-e1a2a7ec64b0/go.mod h1:v+YaWX3bdea5J/mo8dSETolEo7R71Vk1u8bnjau5yw4= github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= @@ -313,49 +263,36 @@ github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymF github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= -github.com/envoyproxy/go-control-plane v0.9.9/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/evanphx/json-patch v4.2.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= github.com/fatih/color v1.10.0 h1:s36xzo75JdqLaaWoiEHk767eHiwo0598uUxyfiPkDsg= github.com/fatih/color v1.10.0/go.mod h1:ELkj/draVOlAH/xkhN6mQ50Qd0MPOk5AAr3maGEBuJM= -github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M= github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= -github.com/frankban/quicktest v1.11.0/go.mod h1:K+q6oSqb0W0Ininfk863uOk1lMy69l/P6txr3mVT54s= github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= -github.com/fsnotify/fsnotify v1.5.1/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5Ai1i3InKU= github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA= github.com/garyburd/redigo v0.0.0-20150301180006-535138d7bcd7/go.mod h1:NR3MbYisc3/PwhQ00EMzDiPmrwpPxAn5GI05/YaO1SY= github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= -github.com/go-asn1-ber/asn1-ber v1.3.1/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-ini/ini v1.25.4/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= -github.com/go-ldap/ldap/v3 v3.1.3/go.mod h1:3rbOH3jRS2u6jg2rJnKAMLE/xQyCKIveG2Sa/Cohzb8= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= -github.com/go-ole/go-ole v1.2.5/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0= -github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0= -github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0= github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg= github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= -github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9/go.mod h1:W3Z9FmVs9qj+KR4zFKmDPGiLdk1D9Rlm7cyMvf57TTg= github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc= github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8= -github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501/go.mod h1:J8+jY1nAiCcj+friV/PDoE1/3eeccG9LYBs0tYvLOWc= github.com/go-openapi/spec v0.19.3/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8Lj9mJglo= -github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dpr1UfpPtxFw+EFuQ41HhCWZfha5jSVRG7C7I= github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= github.com/go-redis/redis v6.15.9+incompatible h1:K0pv1D7EQUjfyoMql+r/jZqCLizCGKFlFgcHWWmHQjg= @@ -363,8 +300,6 @@ github.com/go-redis/redis v6.15.9+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8w github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE= github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= -github.com/go-test/deep v1.0.2-0.20181118220953-042da051cf31/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= -github.com/go-test/deep v1.0.2/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= github.com/godbus/dbus v0.0.0-20151105175453-c7fdd8b5cd55/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw= github.com/godbus/dbus v0.0.0-20180201030542-885f9cc04c9c/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw= github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e/go.mod h1:bBOAhwG1umN6/6ZUMtDFBMQR8jRg9O75tm9K00oMsK4= @@ -391,8 +326,6 @@ github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfb github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/protobuf v0.0.0-20161109072736-4bd1920723d7/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= @@ -410,7 +343,6 @@ github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0 h1:0udJVsspx3VBr5FwtLhQQtuAsVc79tTq0ocGIPAU6qo= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= @@ -418,32 +350,23 @@ github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5a github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.7 h1:81/ik6ipDQS2aGcBfIN5dHDB36BwrStyeAQquSYCV4o= github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE= -github.com/google/go-querystring v0.0.0-20170111101155-53e6ce116135/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= -github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200507031123-427632fa3b1c/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= -github.com/google/tcpproxy v0.0.0-20180808230851-dfa16c61dad2/go.mod h1:DavVbd41y+b7ukKDmlnPR4nGYmkWXR6vHUkjQNiHPBs= github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= @@ -452,11 +375,7 @@ github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= -github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= -github.com/googleapis/gnostic v0.1.0/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= -github.com/googleapis/gnostic v0.2.0/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg= -github.com/gophercloud/gophercloud v0.1.0/go.mod h1:vxM41WHh5uqHVBMZHzuwNOHh8XEoIEcSTewFxm1c5g8= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/gorilla/handlers v0.0.0-20150720190736-60c7bfde3e33/go.mod h1:Qkdc/uu4tH4g6mTK6auzZ766c4CA0Ng8+o/OAirnOIQ= github.com/gorilla/mux v1.7.2 h1:zoNxOV7WjqXptQOVngLmcSQgXmgk4NMz1HibBchjl/I= @@ -471,114 +390,63 @@ github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgf github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= -github.com/hashicorp/consul v1.12.1 h1:g6mHxbw704X7qbYuRd88n9h9nQB+uc1GcNyJ4PU1Jfg= -github.com/hashicorp/consul v1.12.1/go.mod h1:Mm/CJn9O0phrihUVSfn/UtGhwR50FUNHNIQIzSGv+40= -github.com/hashicorp/consul-net-rpc v0.0.0-20220307172752-3602954411b4/go.mod h1:vWEAHAeAqfOwB3pSgHMQpIu8VH1jL+Ltg54Tw0wt/NI= github.com/hashicorp/errwrap v0.0.0-20141028054710-7554cd9344ce/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= -github.com/hashicorp/go-bexpr v0.1.2/go.mod h1:ANbpTX1oAql27TZkKVeW8p1w8NTdnyzPe/0qqPCKohU= -github.com/hashicorp/go-checkpoint v0.5.0/go.mod h1:7nfLNL10NsxqO4iWuW6tWW0HjZuDrwkBuEQsVcpCOgg= github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= -github.com/hashicorp/go-connlimit v0.3.0/go.mod h1:OUj9FGL1tPIhl/2RCfzYHrIiWj+VVPGNyVPnUX8AqS0= -github.com/hashicorp/go-discover v0.0.0-20220411141802-20db45f7f0f9/go.mod h1:1xfdKvc3pe5WKxfUUHHOGaKMk7NLGhHY1jkyhKo6098= -github.com/hashicorp/go-hclog v0.0.0-20180709165350-ff2cf002a8dd/go.mod h1:9bjs9uLqI8l75knNv3lV1kA55veR+WUPSiKIWcQHudI= -github.com/hashicorp/go-hclog v0.9.1/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= -github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= github.com/hashicorp/go-hclog v0.12.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= -github.com/hashicorp/go-hclog v0.14.1/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= github.com/hashicorp/go-hclog v0.16.2 h1:K4ev2ib4LdQETX5cSZBG0DVLk1jwGqSPXBjdah3veNs= github.com/hashicorp/go-hclog v0.16.2/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= -github.com/hashicorp/go-immutable-radix v1.3.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= github.com/hashicorp/go-immutable-radix v1.3.1 h1:DKHmCUm2hRBK510BaiZlwvpD40f8bJFeZnpfm2KLowc= github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= -github.com/hashicorp/go-kms-wrapping/entropy v0.1.0/go.mod h1:d1g9WGtAunDNpek8jUIEJnBlbgKS1N2Q61QkHiZyR1g= -github.com/hashicorp/go-memdb v1.3.2/go.mod h1:Mluclgwib3R93Hk5fxEfiRhB+6Dar64wWh71LpNSe3g= github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= github.com/hashicorp/go-msgpack v0.5.5 h1:i9R9JSrqIz0QVLz3sz+i3YJdT7TTSLcfLLzJi9aZTuI= -github.com/hashicorp/go-msgpack v0.5.5/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= github.com/hashicorp/go-multierror v0.0.0-20161216184304-ed905158d874/go.mod h1:JMRHfdO9jKNzS/+BTlxCjKNQHg/jZAft8U7LloJvN7I= github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA= github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= -github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= -github.com/hashicorp/go-plugin v1.0.1/go.mod h1:++UyYGoz3o5w9ZzAdZxtQKrWWP+iqPBn3cQptSMzBuY= -github.com/hashicorp/go-raftchunking v0.6.2/go.mod h1:cGlg3JtDy7qy6c/3Bu660Mic1JF+7lWqIwCFSb08fX0= github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs= -github.com/hashicorp/go-retryablehttp v0.6.6/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= -github.com/hashicorp/go-retryablehttp v0.6.7/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc= github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU= github.com/hashicorp/go-sockaddr v1.0.2 h1:ztczhD1jLxIRjVejw8gFomI1BQZOe2WoVOu0SyteCQc= -github.com/hashicorp/go-sockaddr v1.0.2/go.mod h1:rB4wwRAUzs07qva3c5SdrY/NEtAUjGlgmH/UkBUC97A= github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4= github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.2 h1:cfejS+Tpcp13yd5nYHWDI6qVCny6wyX2Mt5SGur2IGE= github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= -github.com/hashicorp/go-version v1.1.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= -github.com/hashicorp/go-version v1.2.1/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc= github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= -github.com/hashicorp/hil v0.0.0-20200423225030-a18a1cd20038/go.mod h1:n2TSygSNwsLJ76m8qFXTSc7beTb+auJxYdqrnoqwZWE= github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= -github.com/hashicorp/mdns v1.0.1/go.mod h1:4gW7WsVCke5TE7EPeYliwHlRUyBtfCwuFwuMg2DmyNY= github.com/hashicorp/mdns v1.0.4/go.mod h1:mtBihi+LeNXGtG8L9dX59gAEa12BDtBQSp4v/YAJqrc= github.com/hashicorp/memberlist v0.3.0/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOnAH9VT3Sh9MUE= github.com/hashicorp/memberlist v0.3.1 h1:MXgUXLqva1QvpVEDQW1IQLG0wivQAtmFlHRQ+1vWZfM= -github.com/hashicorp/memberlist v0.3.1/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOnAH9VT3Sh9MUE= -github.com/hashicorp/raft v1.1.0/go.mod h1:4Ak7FSPnuvmb0GV6vgIAJ4vYT4bek9bb6Q+7HVbyzqM= -github.com/hashicorp/raft v1.1.1/go.mod h1:vPAJM8Asw6u8LxC3eJCUZmRP/E4QmUGE1R7g7k8sG/8= -github.com/hashicorp/raft v1.2.0/go.mod h1:vPAJM8Asw6u8LxC3eJCUZmRP/E4QmUGE1R7g7k8sG/8= -github.com/hashicorp/raft v1.3.6/go.mod h1:4Ak7FSPnuvmb0GV6vgIAJ4vYT4bek9bb6Q+7HVbyzqM= -github.com/hashicorp/raft-autopilot v0.1.6/go.mod h1:Af4jZBwaNOI+tXfIqIdbcAnh/UyyqIMj/pOISIfhArw= -github.com/hashicorp/raft-boltdb v0.0.0-20171010151810-6e5ba93211ea/go.mod h1:pNv7Wc3ycL6F5oOWn+tPGo2gWD4a5X+yp/ntwdKLjRk= -github.com/hashicorp/raft-boltdb v0.0.0-20210409134258-03c10cc3d4ea/go.mod h1:qRd6nFJYYS6Iqnc/8HcUmko2/2Gw8qTFEmxDLii6W5I= -github.com/hashicorp/raft-boltdb v0.0.0-20211202195631-7d34b9fb3f42/go.mod h1:wcXL8otVu5cpJVLjcmq7pmfdRCdaP+xnvu7WQcKJAhs= -github.com/hashicorp/raft-boltdb/v2 v2.2.2/go.mod h1:N8YgaZgNJLpZC+h+by7vDu5rzsRgONThTEeUS3zWbfY= github.com/hashicorp/serf v0.9.6/go.mod h1:TXZNMjZQijwlDvp+r0b63xZ45H7JmCmgg4gpTwn9UV4= -github.com/hashicorp/serf v0.9.7 h1:hkdgbqizGQHuU5IPqYM1JdSMV8nKfpuOnZYXssk9muY= -github.com/hashicorp/serf v0.9.7/go.mod h1:TXZNMjZQijwlDvp+r0b63xZ45H7JmCmgg4gpTwn9UV4= -github.com/hashicorp/vault/api v1.0.5-0.20200717191844-f687267c8086/go.mod h1:R3Umvhlxi2TN7Ex2hzOowyeNb+SfbVWI973N+ctaFMk= -github.com/hashicorp/vault/sdk v0.1.14-0.20200519221838-e0cfd64bc267/go.mod h1:WX57W2PwkrOPQ6rVQk+dy5/htHIaB4aBM70EwKThu10= -github.com/hashicorp/vic v1.5.1-0.20190403131502-bbfe86ec9443/go.mod h1:bEpDU35nTu0ey1EXjwNwPjI9xErAsoOCmcMb9GKvyxo= -github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM= -github.com/hashicorp/yamux v0.0.0-20210826001029-26ff87cf9493/go.mod h1:CtWFDAQgb7dxtzFs4tWbplKIe2jSi3+5vKbgIO0SLnQ= +github.com/hashicorp/serf v0.9.8 h1:JGklO/2Drf1QGa312EieQN3zhxQ+aJg6pG+aC3MFaVo= +github.com/hashicorp/serf v0.9.8/go.mod h1:TXZNMjZQijwlDvp+r0b63xZ45H7JmCmgg4gpTwn9UV4= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= -github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= -github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.10/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/j-keck/arping v0.0.0-20160618110441-2cf9dc699c56/go.mod h1:ymszkNOg6tORTn+6F6j+Jc8TOr5osrynvN6ivFWZ2GA= -github.com/jackc/fake v0.0.0-20150926172116-812a484cc733/go.mod h1:WrMFNQdiFJ80sQsxDoMokWK1W5TQtxBFNpzWTD84ibQ= -github.com/jackc/pgx v3.3.0+incompatible/go.mod h1:0ZGrqGqkRlliWnWB4zKnWtjbSWbGkVEFm4TeybAXq+I= -github.com/jarcoal/httpmock v0.0.0-20180424175123-9c70cfe4a1da/go.mod h1:ks+b9deReOc7jgqp+e7LuFiCBH6Rm5hL32cLcEAArb4= github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/jmespath/go-jmespath v0.0.0-20160803190731-bd40a432e4c7/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= -github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= -github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= -github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8= -github.com/joyent/triton-go v0.0.0-20180628001255-830d2b111e62/go.mod h1:U+RSyWxWd04xTqnuOQxnai7XGS2PrPY2cfGoDKtMHjA= -github.com/joyent/triton-go v1.7.1-0.20200416154420-6801d15b779f/go.mod h1:KDSfL7qe5ZfQqvlDMkVjCztbmcpp/c8M77vhQP8ZPvk= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= @@ -603,14 +471,9 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= -github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= -github.com/linode/linodego v0.7.1/go.mod h1:ga11n3ivecUrPCHN0rANxKmfWBJVkOXfLMZinAbj2sY= -github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0/go.mod h1:zJYVVT2jmtg6P3p1VtQj7WsuWi/y4VnjVBn7F8KPB3I= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/magiconair/properties v1.8.5 h1:b6kJs+EmPFMYGkow9GiUyCyOvIwYetYJ3fSaWak/Gls= github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60= -github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs= @@ -628,37 +491,22 @@ github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOA github.com/mattn/go-isatty v0.0.12 h1:wuysRhFDzyxgEmMf5xjvJ2M9dZoWAXNNr5LSBS7uHXY= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= -github.com/mattn/go-runewidth v0.0.3/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= github.com/mattn/go-shellwords v1.0.3/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= -github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso= github.com/miekg/dns v1.1.41 h1:WMszZWJG0XmzbK9FEmzH2TVcqYzFesusSIB41b8KHxY= github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI= github.com/miekg/pkcs11 v1.0.3/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible/go.mod h1:8AuVvqP/mXw1px98n46wfvcGfQ4ci2FwoAjKYxuo3Z4= -github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= github.com/mitchellh/cli v1.1.0/go.mod h1:xcISNoH86gajksDmfB23e/pu+B+GeFRMYmoHXxx3xhI= -github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= -github.com/mitchellh/go-testing-interface v0.0.0-20171004221916-a61a99592b77/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= -github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= -github.com/mitchellh/go-testing-interface v1.14.0/go.mod h1:gfgS7OtZj6MA4U1UrDRp04twqAjfvlZyCfX3sDjEym8= -github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo= -github.com/mitchellh/hashstructure v0.0.0-20170609045927-2bca23e0e452/go.mod h1:QjSHrPWS+BGUVBYkbTZWEnOh3G1DutKwClXU/ABz6AQ= -github.com/mitchellh/hashstructure/v2 v2.0.2/go.mod h1:MG3aRVU/N29oo/V/IhBX8GR/zz4kQkprJgF2EVszyDE= github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= -github.com/mitchellh/mapstructure v1.3.2/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= -github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.4.2 h1:6h7AQ0yhTcIsmFmnAwQls75jp2Gzs4iB8W7pjMO+rqo= github.com/mitchellh/mapstructure v1.4.2/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/osext v0.0.0-20151018003038-5e2d6d41470f/go.mod h1:OkQIRizQZAeMln+1tSwduZz7+Af5oFlKirV/MSYes2A= -github.com/mitchellh/pointerstructure v1.2.1/go.mod h1:BRAsLI5zgXmw97Lf6s25bs8ohIXc3tViBH44KcwB2g4= -github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= -github.com/mitchellh/reflectwalk v1.0.1/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc= github.com/moby/sys/mount v0.2.0 h1:WhCW5B355jtxndN5ovugJlMFJawbUODuW8fSnEH6SSM= github.com/moby/sys/mount v0.2.0/go.mod h1:aAivFE2LB3W4bACsUXChRHQ0qKWsetY4Y9V7sxOougM= @@ -682,12 +530,9 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8m github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= github.com/ncw/swift v1.0.47/go.mod h1:23YIA4yWVnGwv2dQlN4bB7egfYX6YLn0Yo/S6zZO/ZM= -github.com/nicolai86/scaleway-sdk v1.10.2-0.20180628010248-798f60e20bb2/go.mod h1:TLb2Sg7HQcgGdloNxkrmtgDNR9uVYF3lfdFIN4Ro6Sk= github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= -github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo= -github.com/olekukonko/tablewriter v0.0.0-20180130162743-b8a9be070da4/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo= github.com/onsi/ginkgo v0.0.0-20151202141238-7f8ab55aaf3b/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= @@ -727,16 +572,12 @@ github.com/opencontainers/runtime-tools v0.0.0-20181011054405-1d69bd0f9c39/go.mo github.com/opencontainers/selinux v1.6.0/go.mod h1:VVGKuOLlE7v4PJyT6h7mNWvq1rzqiriPsEqVhc+svHE= github.com/opencontainers/selinux v1.8.0/go.mod h1:RScLhm78qiWa2gbVCcGkC7tCGdgk3ogry1nUQF8Evvo= github.com/opencontainers/selinux v1.8.2/go.mod h1:MUIHuUEvKB1wtJjQdOyYRgOnLD2xAPP8dBsCoU0KuF8= -github.com/packethost/packngo v0.1.1-0.20180711074735-b9cb5096f54c/go.mod h1:otzZQXgoO96RTzDB/Hycg0qZcXZsWJGJRSXbmEIJ+4M= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pascaldekloe/goe v0.1.0 h1:cBOtyMzM9HTpWjXfbbunk26uA6nG3a8n06Wieeh0MwY= github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= -github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ= github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= github.com/pelletier/go-toml v1.8.1/go.mod h1:T2/BmBdy8dvIRq1a/8aqjN41wvWlN4lrapLU/GW4pbc= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= -github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= -github.com/pierrec/lz4 v2.5.2+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1-0.20171018195549-f15c970de5b7/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= @@ -747,10 +588,8 @@ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZN github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s= github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA= -github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA= github.com/prometheus/client_golang v0.0.0-20180209125602-c332b6f63c06/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= -github.com/prometheus/client_golang v0.9.2/go.mod h1:OsXs2jCmiKlQ1lTBmv21f2mNfw4xf/QclQDMrYNZzcM= github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g= @@ -763,7 +602,6 @@ github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1: github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/common v0.0.0-20180110214958-89604d197083/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= -github.com/prometheus/common v0.0.0-20181126121408-4724e9255275/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc= @@ -771,7 +609,6 @@ github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8b github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= github.com/prometheus/procfs v0.0.0-20180125133057-cb4147076ac7/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= -github.com/prometheus/procfs v0.0.0-20181204211112-1dc9a6cbc91a/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.0-20190522114515-bc1a522cf7b1/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= @@ -782,27 +619,16 @@ github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4O github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= -github.com/rboyer/safeio v0.2.1/go.mod h1:Cq/cEPK+YXFn622lsQ0K4KsPZSPtaptHHEldsy7Fmig= -github.com/renier/xmlrpc v0.0.0-20170708154548-ce4a1a486c03/go.mod h1:gRAiPF5C5Nd0eyyRdqIu9qTiFSoZzpTq727b5B8fkkU= github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= -github.com/rs/zerolog v1.4.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU= -github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= -github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= -github.com/ryanuber/columnize v2.1.2+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= -github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc= github.com/safchain/ethtool v0.0.0-20190326074333-42ed695e3de8/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4= github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= -github.com/sean-/conswriter v0.0.0-20180208195008-f5ae3917a627/go.mod h1:7zjs06qF79/FKAJpBvFx3P8Ww4UTIMAe+lpNXDHziac= -github.com/sean-/pager v0.0.0-20180208200047-666be9bf53b5/go.mod h1:BeybITEsBEg6qbIiqJ6/Bqeq25bCLbL7YFmpaFfJDuM= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 h1:nn5Wsu0esKSJiIVhscUtVbo7ada43DJhG55ua/hjS5I= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= github.com/seccomp/libseccomp-golang v0.9.1/go.mod h1:GbW5+tmTXfcxTToHLXlScSlAvWlF4P2Ca7zGrPiEpWo= -github.com/shirou/gopsutil/v3 v3.21.10/go.mod h1:t75NhzCZ/dYyPQjyQmrAYP6c8+LCdFANeBMdLPCNnew= -github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24/go.mod h1:M+9NzErvs504Cn4c5DxATwIqPbtswREoFCre64PpcG4= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= github.com/sirupsen/logrus v1.0.4-0.20170822132746-89742aefa4b2/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc= github.com/sirupsen/logrus v1.0.6/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc= @@ -815,16 +641,13 @@ github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= -github.com/softlayer/softlayer-go v0.0.0-20180806151055-260589d94c7d/go.mod h1:Cw4GTlQccdRGSEf6KiMju767x0NEHE0YIVPJSaXjlsw= github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= -github.com/spf13/afero v1.2.1/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cobra v0.0.2-0.20171109065643-2da4a54c5cee/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= -github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU= github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE= github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= @@ -832,7 +655,6 @@ github.com/spf13/pflag v1.0.1-0.20171106142849-4c012f6dcd95/go.mod h1:DYY7MBk1bd github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= -github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s= github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE= github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980/go.mod h1:AO3tvPzVZ/ayst6UlUKUv6rcPQInYe3IknH3jYhAKu8= github.com/stretchr/objx v0.0.0-20180129172003-8a3f7159479f/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= @@ -852,16 +674,12 @@ github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8/go.mod h1:hkRG github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/tchap/go-patricia v2.2.6+incompatible/go.mod h1:bmLyhP68RS6kStMGxByiQ23RP/odRBOTVjwp2cDyi6I= -github.com/tencentcloud/tencentcloud-sdk-go v1.0.162/go.mod h1:asUz5BPXxgoPGaRgZaVm1iGcUAuHyYUo1nXqKa83cvI= github.com/testcontainers/testcontainers-go v0.13.0 h1:OUujSlEGsXVo/ykPVZk3KanBNGN0TYb/7oKIPVn15JA= github.com/testcontainers/testcontainers-go v0.13.0/go.mod h1:z1abufU633Eb/FmSBTzV6ntZAC1eZBYPtaFsn4nPuDk= -github.com/tklauser/go-sysconf v0.3.9/go.mod h1:11DU/5sG7UexIrp/O6g35hrWzu0JxlwQ3LSFUzyeuhs= -github.com/tklauser/numcpus v0.3.0/go.mod h1:yFGUr7TUHQRAhyqBcEg0Ge34zDBAsIvJJcyE6boqnA8= github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM= github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= -github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= github.com/urfave/cli v0.0.0-20171014202726-7bc6a0acffa5/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= @@ -872,7 +690,6 @@ github.com/vishvananda/netlink v1.1.1-0.20201029203352-d40f9887b852/go.mod h1:tw github.com/vishvananda/netns v0.0.0-20180720170159-13995c7128cc/go.mod h1:ZjcWmFBXmLKZu9Nxj3WKYEafiSqer2rnvPr0en9UNpI= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0= -github.com/vmware/govmomi v0.18.0/go.mod h1:URlwyTFZX72RmxtxuaFL2Uj3fD1JTvZdx59bHWk6aFU= github.com/willf/bitset v1.1.11-0.20200630133818-d5bec3311243/go.mod h1:RjeCKbqT1RxIR/KWY6phxZiaY1IyutSBfGjNPySAYV4= github.com/willf/bitset v1.1.11/go.mod h1:83CECat5yLh5zVOf4P1ErAgKA5UDvKtgyUABdr3+MjI= github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= @@ -880,7 +697,6 @@ github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1: github.com/xeipuuv/gojsonschema v0.0.0-20180618132009-1d523034197f/go.mod h1:5yf86TLmAcydyeJq5YvxkGPE2fm/u4myDekKRoLuqhs= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= -github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43/go.mod h1:aX5oPXxHm3bOH+xeAttToC8pqch2ScQN/JoXYupl6xs= @@ -899,29 +715,22 @@ go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= -go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= golang.org/x/crypto v0.0.0-20171113213409-9f005a07e0d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181009213950-7c1a557ab941/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20190211182817-74369b46fc67/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190418165655-df01cb2cc480/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE= golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= -golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -952,14 +761,11 @@ golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzB golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181011144130-49bb7cea24b1/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -984,11 +790,6 @@ golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200602114024-627f9648deb9/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20201006153459-a7d1128ccaa0/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= @@ -1011,34 +812,25 @@ golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190129075346-302c3dd5f1cc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190209173611-3b5209105503/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190403152447-81d4e9dc473e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190514135907-3a4b5fb9f71f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190515120540-06a5c4944438/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190522044717-8097e1b27ff5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190523142557-0e01d883c5c5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190602015325-4c4f7f33c9ed/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -1074,11 +866,6 @@ golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200622214017-ed371f2e16b4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -1101,15 +888,11 @@ golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210426230700-d19ff857e887/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210816074244-15123e1e1f71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211013075003-97ac67df715c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220412211240-33da011f77ad h1:ntjMns5wyP/fN65tdBD4g8J5w8n015+iIIs9rtjXkY0= golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -1122,12 +905,10 @@ golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxb golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20200416051211-89c76fbcd5d1/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e h1:EHBhcS0mlXEAVwNyO2dLfjToGsyY4j24pTs2ScHnX7s= golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= @@ -1147,7 +928,6 @@ golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= @@ -1162,15 +942,8 @@ golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapK golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= -golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= -golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= -golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200622203043-20e05c1c8ffa/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -1188,17 +961,12 @@ google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsb google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= -google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/cloud v0.0.0-20151119220103-975617b05ea8/go.mod h1:0H1ncTHf11KCFhTc/+EFRbzSCOZx+VUbRMk55Yv5MYk= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= @@ -1219,25 +987,16 @@ google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvx google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA= google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20200623002339-fbb79eadd5eb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201110150050-8816d57aaa9a h1:pOwg4OoaRYScjmR4LlLgdtnyoHYTSAVhhqe5uPdpII8= google.golang.org/genproto v0.0.0-20201110150050-8816d57aaa9a/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/grpc v0.0.0-20160317175043-d3ddb4469d5a/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= -google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= -google.golang.org/grpc v1.22.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.24.0/go.mod h1:XDChyiUovWa60DnaeDeZmSW86xtLtjtZbwvSiRnRtcA= @@ -1245,8 +1004,6 @@ google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQ google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60= -google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= @@ -1309,19 +1066,15 @@ honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.18.2/go.mod h1:SJCWI7OLzhZSvbY7U8zwNl9UA4o1fizoug34OV/2r78= k8s.io/api v0.20.1/go.mod h1:KqwcCVogGxQY3nBlRpwt+wpAMF/KjaCc7RpywacvqUo= k8s.io/api v0.20.4/go.mod h1:++lNL1AJMkDymriNniQsWRkMDzRaX2Y/POTUi8yvqYQ= k8s.io/api v0.20.6/go.mod h1:X9e8Qag6JV/bL5G6bU8sdVRltWKmdHsFUGS3eVndqE8= -k8s.io/apimachinery v0.18.2/go.mod h1:9SnR/e11v5IbyPCGbvJViimtJ0SwHG4nfZFjU77ftcA= k8s.io/apimachinery v0.20.1/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU= k8s.io/apimachinery v0.20.4/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU= k8s.io/apimachinery v0.20.6/go.mod h1:ejZXtW1Ra6V1O5H8xPBGz+T3+4gfkTCeExAHKU57MAc= k8s.io/apiserver v0.20.1/go.mod h1:ro5QHeQkgMS7ZGpvf4tSMx6bBOgPfE+f52KwvXfScaU= k8s.io/apiserver v0.20.4/go.mod h1:Mc80thBKOyy7tbvFtB4kJv1kbdD0eIH8k8vianJcbFM= k8s.io/apiserver v0.20.6/go.mod h1:QIJXNt6i6JB+0YQRNcS0hdRHJlMhflFmsBDeSgT1r8Q= -k8s.io/client-go v0.18.2/go.mod h1:Xcm5wVGXX9HAA2JJ2sSBUn3tCJ+4SVlCbl2MNNv+CIU= k8s.io/client-go v0.20.1/go.mod h1:/zcHdt1TeWSd5HoUe6elJmHSQ6uLLgp4bIJHVEuy+/Y= k8s.io/client-go v0.20.4/go.mod h1:LiMv25ND1gLUdBeYxBIwKpkSC5IsozMMmOOeSJboP+k= k8s.io/client-go v0.20.6/go.mod h1:nNQMnOvEUEsOzRRFIIkdmYOjAZrC8bgq0ExboWSU1I0= @@ -1332,25 +1085,17 @@ k8s.io/cri-api v0.17.3/go.mod h1:X1sbHmuXhwaHs9xxYffLqJogVsnI+f6cPRcgPel7ywM= k8s.io/cri-api v0.20.1/go.mod h1:2JRbKt+BFLTjtrILYVqQK5jqhI+XNdF6UiGMgczeBCI= k8s.io/cri-api v0.20.4/go.mod h1:2JRbKt+BFLTjtrILYVqQK5jqhI+XNdF6UiGMgczeBCI= k8s.io/cri-api v0.20.6/go.mod h1:ew44AjNXwyn1s0U4xCKGodU7J1HzBeZ1MpGrpa5r8Yc= -k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= -k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= -k8s.io/klog v0.3.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= -k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.4.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= -k8s.io/kube-openapi v0.0.0-20200121204235-bf4fb3bd569c/go.mod h1:GRQhZsXIAJ1xR0C9bd8UpWHZ5plfAS9fzPjJuQ6JL3E= k8s.io/kube-openapi v0.0.0-20201113171705-d219536bb9fd/go.mod h1:WOJ3KddDSol4tAGcJo0Tvi+dK12EcqSLqcWsryKMpfM= k8s.io/kubernetes v1.13.0/go.mod h1:ocZa8+6APFNC2tX1DZASIbocyYT5jHzqFVsY5aoB7Jk= -k8s.io/utils v0.0.0-20200324210504-a9aa75ae1b89/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew= k8s.io/utils v0.0.0-20201110183641-67b214c5f920/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.14/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.15/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg= -sigs.k8s.io/structured-merge-diff/v3 v3.0.0-20200116222232-67a7b8c61874/go.mod h1:PlARxl6Hbt/+BC80dRLi1qAmnMqwqDg62YvvVkZjemw= -sigs.k8s.io/structured-merge-diff/v3 v3.0.0/go.mod h1:PlARxl6Hbt/+BC80dRLi1qAmnMqwqDg62YvvVkZjemw= sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= sigs.k8s.io/structured-merge-diff/v4 v4.0.3/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= From f155ff347ccd5b51022fba25d58188c7c11f9d65 Mon Sep 17 00:00:00 2001 From: Fulvio Date: Mon, 6 Jun 2022 21:13:19 +0200 Subject: [PATCH 458/785] UDP check for service stanza #12221 (#12722) * UDP check for service stanza #12221 * add pass status on timeout condition * delete useless files * Update check_test.go improve comment in test * fix test * fix requested changes and update TestRuntimeConfig_Sanitize.golden * add freeport to TestCheckUDPCritical * improve comment for CheckUDP struct * fix requested changes * fix requested changes * fix requested changes * add UDP to proto * add UDP to proto and add a changelog * add requested test on agent_endpoint_test.go * add test for given endpoints * fix failing tests * add documentation for udp healthcheck * regenerate proto using buf * Update website/content/api-docs/agent/check.mdx Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Update website/content/api-docs/agent/check.mdx Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Update website/content/docs/discovery/checks.mdx Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Update website/content/docs/ecs/configuration-reference.mdx Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Update website/content/docs/ecs/configuration-reference.mdx Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * add debug echo * add debug circle-ci * add debug circle-ci bash * use echo instead of status_stage * remove debug and status from devtools script and use echo instead * Update website/content/api-docs/agent/check.mdx Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com> * fix test * replace status_stage with status * replace functions with echo Co-authored-by: Dhia Ayachi Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com> --- .changelog/12722.txt | 3 + agent/agent.go | 36 + agent/agent_endpoint_test.go | 784 +++++++++++++++++- agent/catalog_endpoint_test.go | 57 ++ agent/checks/check.go | 130 +++ agent/checks/check_test.go | 151 ++++ agent/config/config.go | 1 + .../TestRuntimeConfig_Sanitize.golden | 6 +- agent/structs/check_definition.go | 2 + agent/structs/check_type.go | 11 +- agent/structs/structs.go | 4 +- api/agent.go | 1 + api/health.go | 1 + api/txn_test.go | 78 +- build-support/scripts/devtools.sh | 10 +- proto/pbservice/healthcheck.gen.go | 4 + proto/pbservice/healthcheck.pb.go | 268 +++--- proto/pbservice/healthcheck.proto | 3 + website/content/api-docs/agent/check.mdx | 11 +- website/content/docs/discovery/checks.mdx | 37 +- .../docs/ecs/configuration-reference.mdx | 5 +- 21 files changed, 1458 insertions(+), 145 deletions(-) create mode 100644 .changelog/12722.txt diff --git a/.changelog/12722.txt b/.changelog/12722.txt new file mode 100644 index 000000000..6c42e7984 --- /dev/null +++ b/.changelog/12722.txt @@ -0,0 +1,3 @@ +```release-note:feature +checks: add UDP health checks.. +``` diff --git a/agent/agent.go b/agent/agent.go index eed01ca5d..2056c8a5e 100644 --- a/agent/agent.go +++ b/agent/agent.go @@ -248,6 +248,9 @@ type Agent struct { // checkTCPs maps the check ID to an associated TCP check checkTCPs map[structs.CheckID]*checks.CheckTCP + // checkUDPs maps the check ID to an associated UDP check + checkUDPs map[structs.CheckID]*checks.CheckUDP + // checkGRPCs maps the check ID to an associated GRPC check checkGRPCs map[structs.CheckID]*checks.CheckGRPC @@ -401,6 +404,7 @@ func New(bd BaseDeps) (*Agent, error) { checkHTTPs: make(map[structs.CheckID]*checks.CheckHTTP), checkH2PINGs: make(map[structs.CheckID]*checks.CheckH2PING), checkTCPs: make(map[structs.CheckID]*checks.CheckTCP), + checkUDPs: make(map[structs.CheckID]*checks.CheckUDP), checkGRPCs: make(map[structs.CheckID]*checks.CheckGRPC), checkDockers: make(map[structs.CheckID]*checks.CheckDocker), checkAliases: make(map[structs.CheckID]*checks.CheckAlias), @@ -1497,6 +1501,9 @@ func (a *Agent) ShutdownAgent() error { for _, chk := range a.checkTCPs { chk.Stop() } + for _, chk := range a.checkUDPs { + chk.Stop() + } for _, chk := range a.checkGRPCs { chk.Stop() } @@ -2796,6 +2803,31 @@ func (a *Agent) addCheck(check *structs.HealthCheck, chkType *structs.CheckType, tcp.Start() a.checkTCPs[cid] = tcp + case chkType.IsUDP(): + if existing, ok := a.checkUDPs[cid]; ok { + existing.Stop() + delete(a.checkUDPs, cid) + } + if chkType.Interval < checks.MinInterval { + a.logger.Warn("check has interval below minimum", + "check", cid.String(), + "minimum_interval", checks.MinInterval, + ) + chkType.Interval = checks.MinInterval + } + + udp := &checks.CheckUDP{ + CheckID: cid, + ServiceID: sid, + UDP: chkType.UDP, + Interval: chkType.Interval, + Timeout: chkType.Timeout, + Logger: a.logger, + StatusHandler: statusHandler, + } + udp.Start() + a.checkUDPs[cid] = udp + case chkType.IsGRPC(): if existing, ok := a.checkGRPCs[cid]; ok { existing.Stop() @@ -3095,6 +3127,10 @@ func (a *Agent) cancelCheckMonitors(checkID structs.CheckID) { check.Stop() delete(a.checkTCPs, checkID) } + if check, ok := a.checkUDPs[checkID]; ok { + check.Stop() + delete(a.checkUDPs, checkID) + } if check, ok := a.checkGRPCs[checkID]; ok { check.Stop() delete(a.checkGRPCs, checkID) diff --git a/agent/agent_endpoint_test.go b/agent/agent_endpoint_test.go index cfb7d0aa9..b8b96f3f7 100644 --- a/agent/agent_endpoint_test.go +++ b/agent/agent_endpoint_test.go @@ -2514,6 +2514,48 @@ func TestAgent_RegisterCheck(t *testing.T) { } } +func TestAgent_RegisterCheck_UDP(t *testing.T) { + if testing.Short() { + t.Skip("too slow for testing.Short") + } + + t.Parallel() + a := NewTestAgent(t, "") + defer a.Shutdown() + testrpc.WaitForTestAgent(t, a.RPC, "dc1") + + args := &structs.CheckDefinition{ + UDP: "1.1.1.1", + Name: "test", + Interval: 10 * time.Second, + } + req, _ := http.NewRequest("PUT", "/v1/agent/check/register?token=abc123", jsonReader(args)) + resp := httptest.NewRecorder() + a.srv.h.ServeHTTP(resp, req) + require.Equal(t, http.StatusOK, resp.Code) + + // Ensure we have a check mapping + checkID := structs.NewCheckID("test", nil) + if existing := a.State.Check(checkID); existing == nil { + t.Fatalf("missing test check") + } + + if _, ok := a.checkUDPs[checkID]; !ok { + t.Fatalf("missing test check udp") + } + + // Ensure the token was configured + if token := a.State.CheckToken(checkID); token == "" { + t.Fatalf("missing token") + } + + // By default, checks start in critical state. + state := a.State.Check(checkID) + if state.Status != api.HealthCritical { + t.Fatalf("bad: %v", state) + } +} + // This verifies all the forms of the new args-style check that we need to // support as a result of https://github.com/hashicorp/consul/issues/3587. func TestAgent_RegisterCheck_Scripts(t *testing.T) { @@ -3276,6 +3318,10 @@ func testAgent_RegisterService(t *testing.T, extraHCL string) { { TTL: 30 * time.Second, }, + { + UDP: "1.1.1.1", + Interval: 5 * time.Second, + }, }, Weights: &structs.Weights{ Passing: 100, @@ -3307,12 +3353,12 @@ func testAgent_RegisterService(t *testing.T, extraHCL string) { // Ensure we have a check mapping checks := a.State.Checks(structs.WildcardEnterpriseMetaInDefaultPartition()) - if len(checks) != 3 { + if len(checks) != 4 { t.Fatalf("bad: %v", checks) } for _, c := range checks { - if c.Type != "ttl" { - t.Fatalf("expected ttl check type, got %s", c.Type) + if c.Type != "ttl" && c.Type != "udp" { + t.Fatalf("expected ttl or udp check type, got %s", c.Type) } } @@ -3362,6 +3408,11 @@ func testAgent_RegisterService_ReRegister(t *testing.T, extraHCL string) { CheckID: types.CheckID("check_2"), TTL: 30 * time.Second, }, + { + CheckID: types.CheckID("check_3"), + UDP: "1.1.1.1", + Interval: 5 * time.Second, + }, }, Weights: &structs.Weights{ Passing: 100, @@ -3387,6 +3438,11 @@ func testAgent_RegisterService_ReRegister(t *testing.T, extraHCL string) { CheckID: types.CheckID("check_3"), TTL: 30 * time.Second, }, + { + CheckID: types.CheckID("check_3"), + UDP: "1.1.1.1", + Interval: 5 * time.Second, + }, }, Weights: &structs.Weights{ Passing: 100, @@ -3714,6 +3770,231 @@ func testAgent_RegisterService_TranslateKeys(t *testing.T, extraHCL string) { } } +func TestAgent_RegisterService_TranslateKeys_UDP(t *testing.T) { + if testing.Short() { + t.Skip("too slow for testing.Short") + } + + t.Run("normal", func(t *testing.T) { + t.Parallel() + testAgent_RegisterService_TranslateKeys(t, "enable_central_service_config = false") + }) + t.Run("service manager", func(t *testing.T) { + t.Parallel() + testAgent_RegisterService_TranslateKeys(t, "enable_central_service_config = true") + }) +} + +func testAgent_RegisterService_TranslateKeys_UDP(t *testing.T, extraHCL string) { + t.Helper() + + tests := []struct { + ip string + expectedUDPCheckStart string + }{ + {"127.0.0.1", "127.0.0.1:"}, // private network address + {"::1", "[::1]:"}, // shared address space + } + for _, tt := range tests { + t.Run(tt.ip, func(t *testing.T) { + a := NewTestAgent(t, ` + connect {} +`+extraHCL) + defer a.Shutdown() + testrpc.WaitForTestAgent(t, a.RPC, "dc1") + + json := ` + { + "name":"test", + "port":8000, + "enable_tag_override": true, + "tagged_addresses": { + "lan": { + "address": "1.2.3.4", + "port": 5353 + }, + "wan": { + "address": "2.3.4.5", + "port": 53 + } + }, + "meta": { + "some": "meta", + "enable_tag_override": "meta is 'opaque' so should not get translated" + }, + "kind": "connect-proxy",` + + // Note the uppercase P is important here - it ensures translation works + // correctly in case-insensitive way. Without it this test can pass even + // when translation is broken for other valid inputs. + `"Proxy": { + "destination_service_name": "web", + "destination_service_id": "web", + "local_service_port": 1234, + "local_service_address": "` + tt.ip + `", + "config": { + "destination_type": "proxy.config is 'opaque' so should not get translated" + }, + "upstreams": [ + { + "destination_type": "service", + "destination_namespace": "default", + "destination_partition": "default", + "destination_name": "db", + "local_bind_address": "` + tt.ip + `", + "local_bind_port": 1234, + "config": { + "destination_type": "proxy.upstreams.config is 'opaque' so should not get translated" + } + } + ] + }, + "connect": { + "sidecar_service": { + "name":"test-proxy", + "port":8001, + "enable_tag_override": true, + "meta": { + "some": "meta", + "enable_tag_override": "sidecar_service.meta is 'opaque' so should not get translated" + }, + "kind": "connect-proxy", + "proxy": { + "destination_service_name": "test", + "destination_service_id": "test", + "local_service_port": 4321, + "local_service_address": "` + tt.ip + `", + "upstreams": [ + { + "destination_type": "service", + "destination_namespace": "default", + "destination_partition": "default", + "destination_name": "db", + "local_bind_address": "` + tt.ip + `", + "local_bind_port": 1234, + "config": { + "destination_type": "sidecar_service.proxy.upstreams.config is 'opaque' so should not get translated" + } + } + ] + } + } + }, + "weights":{ + "passing": 16 + } + }` + req, _ := http.NewRequest("PUT", "/v1/agent/service/register", strings.NewReader(json)) + + rr := httptest.NewRecorder() + a.srv.h.ServeHTTP(rr, req) + require.Equal(t, 200, rr.Code, "body: %s", rr.Body) + + svc := &structs.NodeService{ + ID: "test", + Service: "test", + TaggedAddresses: map[string]structs.ServiceAddress{ + "lan": { + Address: "1.2.3.4", + Port: 5353, + }, + "wan": { + Address: "2.3.4.5", + Port: 53, + }, + }, + Meta: map[string]string{ + "some": "meta", + "enable_tag_override": "meta is 'opaque' so should not get translated", + }, + Port: 8000, + EnableTagOverride: true, + Weights: &structs.Weights{Passing: 16, Warning: 0}, + Kind: structs.ServiceKindConnectProxy, + Proxy: structs.ConnectProxyConfig{ + DestinationServiceName: "web", + DestinationServiceID: "web", + LocalServiceAddress: tt.ip, + LocalServicePort: 1234, + Config: map[string]interface{}{ + "destination_type": "proxy.config is 'opaque' so should not get translated", + }, + Upstreams: structs.Upstreams{ + { + DestinationType: structs.UpstreamDestTypeService, + DestinationName: "db", + DestinationNamespace: "default", + DestinationPartition: "default", + LocalBindAddress: tt.ip, + LocalBindPort: 1234, + Config: map[string]interface{}{ + "destination_type": "proxy.upstreams.config is 'opaque' so should not get translated", + }, + }, + }, + }, + Connect: structs.ServiceConnect{ + // The sidecar service is nilled since it is only config sugar and + // shouldn't be represented in state. We assert that the translations + // there worked by inspecting the registered sidecar below. + SidecarService: nil, + }, + EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(), + } + + got := a.State.Service(structs.NewServiceID("test", nil)) + require.Equal(t, svc, got) + + sidecarSvc := &structs.NodeService{ + Kind: structs.ServiceKindConnectProxy, + ID: "test-sidecar-proxy", + Service: "test-proxy", + Meta: map[string]string{ + "some": "meta", + "enable_tag_override": "sidecar_service.meta is 'opaque' so should not get translated", + }, + TaggedAddresses: map[string]structs.ServiceAddress{}, + Port: 8001, + EnableTagOverride: true, + Weights: &structs.Weights{Passing: 1, Warning: 1}, + LocallyRegisteredAsSidecar: true, + Proxy: structs.ConnectProxyConfig{ + DestinationServiceName: "test", + DestinationServiceID: "test", + LocalServiceAddress: tt.ip, + LocalServicePort: 4321, + Upstreams: structs.Upstreams{ + { + DestinationType: structs.UpstreamDestTypeService, + DestinationName: "db", + DestinationNamespace: "default", + DestinationPartition: "default", + LocalBindAddress: tt.ip, + LocalBindPort: 1234, + Config: map[string]interface{}{ + "destination_type": "sidecar_service.proxy.upstreams.config is 'opaque' so should not get translated", + }, + }, + }, + }, + EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(), + } + gotSidecar := a.State.Service(structs.NewServiceID("test-sidecar-proxy", nil)) + hasNoCorrectUDPCheck := true + for _, v := range a.checkUDPs { + if strings.HasPrefix(v.UDP, tt.expectedUDPCheckStart) { + hasNoCorrectUDPCheck = false + break + } + fmt.Println("UDP Check:= ", v) + } + if hasNoCorrectUDPCheck { + t.Fatalf("Did not find the expected UDP Healtcheck '%s' in %#v ", tt.expectedUDPCheckStart, a.checkUDPs) + } + require.Equal(t, sidecarSvc, gotSidecar) + }) + } +} + func TestAgent_RegisterService_ACLDeny(t *testing.T) { if testing.Short() { t.Skip("too slow for testing.Short") @@ -4463,6 +4744,503 @@ func testAgent_RegisterServiceDeregisterService_Sidecar(t *testing.T, extraHCL s } } +// This tests local agent service registration with a sidecar service. Note we +// only test simple defaults for the sidecar here since the actual logic for +// handling sidecar defaults and port assignment is tested thoroughly in +// TestAgent_sidecarServiceFromNodeService. Note it also tests Deregister +// explicitly too since setup is identical. +func TestAgent_RegisterServiceDeregisterService_Sidecar_UDP(t *testing.T) { + if testing.Short() { + t.Skip("too slow for testing.Short") + } + + t.Run("normal", func(t *testing.T) { + t.Parallel() + testAgent_RegisterServiceDeregisterService_Sidecar_UDP(t, "enable_central_service_config = false") + }) + t.Run("service manager", func(t *testing.T) { + t.Parallel() + testAgent_RegisterServiceDeregisterService_Sidecar_UDP(t, "enable_central_service_config = true") + }) +} + +func testAgent_RegisterServiceDeregisterService_Sidecar_UDP(t *testing.T, extraHCL string) { + t.Helper() + + tests := []struct { + name string + preRegister, preRegister2 *structs.NodeService + // Use raw JSON payloads rather than encoding to avoid subtleties with some + // internal representations and different ways they encode and decode. We + // rely on the payload being Unmarshalable to structs.ServiceDefinition + // directly. + json string + enableACL bool + tokenRules string + wantNS *structs.NodeService + wantErr string + wantSidecarIDLeftAfterDereg bool + assertStateFn func(t *testing.T, state *local.State) + }{ + { + name: "sanity check no sidecar case", + json: ` + { + "name": "web", + "port": 1111 + } + `, + wantNS: nil, + wantErr: "", + }, + { + name: "default sidecar", + json: ` + { + "name": "web", + "port": 1111, + "connect": { + "SidecarService": {} + } + } + `, + wantNS: testDefaultSidecar("web", 1111), + wantErr: "", + }, + { + name: "ACL OK defaults", + json: ` + { + "name": "web", + "port": 1111, + "connect": { + "SidecarService": {} + } + } + `, + enableACL: true, + tokenRules: ` + service "web-sidecar-proxy" { + policy = "write" + } + service "web" { + policy = "write" + }`, + wantNS: testDefaultSidecar("web", 1111), + wantErr: "", + }, + { + name: "ACL denied", + json: ` + { + "name": "web", + "port": 1111, + "connect": { + "SidecarService": {} + } + } + `, + enableACL: true, + tokenRules: ``, // No token rules means no valid token + wantNS: nil, + wantErr: "Permission denied", + }, + { + name: "ACL OK for service but not for sidecar", + json: ` + { + "name": "web", + "port": 1111, + "connect": { + "SidecarService": {} + } + } + `, + enableACL: true, + // This will become more common/reasonable when ACLs support exact match. + tokenRules: ` + service "web-sidecar-proxy" { + policy = "deny" + } + service "web" { + policy = "write" + }`, + wantNS: nil, + wantErr: "Permission denied", + }, + { + name: "ACL OK for service and sidecar but not sidecar's overridden destination", + json: ` + { + "name": "web", + "port": 1111, + "connect": { + "SidecarService": { + "proxy": { + "DestinationServiceName": "foo" + } + } + } + } + `, + enableACL: true, + tokenRules: ` + service "web-sidecar-proxy" { + policy = "write" + } + service "web" { + policy = "write" + }`, + wantNS: nil, + wantErr: "Permission denied", + }, + { + name: "ACL OK for service but not for overridden sidecar", + json: ` + { + "name": "web", + "port": 1111, + "connect": { + "SidecarService": { + "name": "foo-sidecar-proxy" + } + } + } + `, + enableACL: true, + tokenRules: ` + service "web-sidecar-proxy" { + policy = "write" + } + service "web" { + policy = "write" + }`, + wantNS: nil, + wantErr: "Permission denied", + }, + { + name: "ACL OK for service but and overridden for sidecar", + // This test ensures that if the sidecar embeds it's own token with + // different privs from the main request token it will be honored for the + // sidecar registration. We use the test root token since that should have + // permission. + json: ` + { + "name": "web", + "port": 1111, + "connect": { + "SidecarService": { + "name": "foo", + "token": "root" + } + } + } + `, + enableACL: true, + tokenRules: ` + service "web-sidecar-proxy" { + policy = "write" + } + service "web" { + policy = "write" + }`, + wantNS: testDefaultSidecar("web", 1111, func(ns *structs.NodeService) { + ns.Service = "foo" + }), + wantErr: "", + }, + { + name: "invalid check definition in sidecar", + // Note no interval in the UDP check should fail validation + json: ` + { + "name": "web", + "port": 1111, + "connect": { + "SidecarService": { + "check": { + "UDP": "foo" + } + } + } + } + `, + wantNS: nil, + wantErr: "invalid check in sidecar_service", + }, + { + name: "invalid checks definitions in sidecar", + // Note no interval in the UDP check should fail validation + json: ` + { + "name": "web", + "port": 1111, + "connect": { + "SidecarService": { + "checks": [{ + "UDP": "foo" + }] + } + } + } + `, + wantNS: nil, + wantErr: "invalid check in sidecar_service", + }, + { + name: "invalid check status in sidecar", + // Note no interval in the UDP check should fail validation + json: ` + { + "name": "web", + "port": 1111, + "connect": { + "SidecarService": { + "check": { + "UDP": "foo", + "Interval": 10, + "Status": "unsupported-status" + } + } + } + } + `, + wantNS: nil, + wantErr: "Status for checks must 'passing', 'warning', 'critical'", + }, + { + name: "invalid checks status in sidecar", + // Note no interval in the UDP check should fail validation + json: ` + { + "name": "web", + "port": 1111, + "connect": { + "SidecarService": { + "checks": [{ + "UDP": "foo", + "Interval": 10, + "Status": "unsupported-status" + }] + } + } + } + `, + wantNS: nil, + wantErr: "Status for checks must 'passing', 'warning', 'critical'", + }, + { + name: "another service registered with same ID as a sidecar should not be deregistered", + // Add another service with the same ID that a sidecar for web would have + preRegister: &structs.NodeService{ + ID: "web-sidecar-proxy", + Service: "fake-sidecar", + Port: 9999, + }, + // Register web with NO SIDECAR + json: ` + { + "name": "web", + "port": 1111 + } + `, + // Note here that although the registration here didn't register it, we + // should still see the NodeService we pre-registered here. + wantNS: &structs.NodeService{ + ID: "web-sidecar-proxy", + Service: "fake-sidecar", + Port: 9999, + TaggedAddresses: map[string]structs.ServiceAddress{}, + Weights: &structs.Weights{ + Passing: 1, + Warning: 1, + }, + EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(), + }, + // After we deregister the web service above, the fake sidecar with + // clashing ID SHOULD NOT have been removed since it wasn't part of the + // original registration. + wantSidecarIDLeftAfterDereg: true, + }, + { + name: "updates to sidecar should work", + // Add a valid sidecar already registered + preRegister: &structs.NodeService{ + ID: "web-sidecar-proxy", + Service: "web-sidecar-proxy", + LocallyRegisteredAsSidecar: true, + Port: 9999, + }, + // Register web with Sidecar on different port + json: ` + { + "name": "web", + "port": 1111, + "connect": { + "SidecarService": { + "Port": 6666 + } + } + } + `, + // Note here that although the registration here didn't register it, we + // should still see the NodeService we pre-registered here. + wantNS: &structs.NodeService{ + Kind: "connect-proxy", + ID: "web-sidecar-proxy", + Service: "web-sidecar-proxy", + LocallyRegisteredAsSidecar: true, + Port: 6666, + TaggedAddresses: map[string]structs.ServiceAddress{}, + Weights: &structs.Weights{ + Passing: 1, + Warning: 1, + }, + Proxy: structs.ConnectProxyConfig{ + DestinationServiceName: "web", + DestinationServiceID: "web", + LocalServiceAddress: "127.0.0.1", + LocalServicePort: 1111, + }, + EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(), + }, + }, + { + name: "update that removes sidecar should NOT deregister it", + // Add web with a valid sidecar already registered + preRegister: &structs.NodeService{ + ID: "web", + Service: "web", + Port: 1111, + }, + preRegister2: testDefaultSidecar("web", 1111), + // Register (update) web and remove sidecar (and port for sanity check) + json: ` + { + "name": "web", + "port": 2222 + } + `, + // Sidecar should still be there such that API can update registration + // without accidentally removing a sidecar. This is equivalent to embedded + // checks which are not removed by just not being included in an update. + // We will document that sidecar registrations via API must be explicitiy + // deregistered. + wantNS: testDefaultSidecar("web", 1111), + // Sanity check the rest of the update happened though. + assertStateFn: func(t *testing.T, state *local.State) { + svc := state.Service(structs.NewServiceID("web", nil)) + require.NotNil(t, svc) + require.Equal(t, 2222, svc.Port) + }, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + + // Constrain auto ports to 1 available to make it deterministic + hcl := `ports { + sidecar_min_port = 2222 + sidecar_max_port = 2222 + } + ` + if tt.enableACL { + hcl = hcl + TestACLConfig() + } + + a := NewTestAgent(t, hcl+" "+extraHCL) + defer a.Shutdown() + testrpc.WaitForLeader(t, a.RPC, "dc1") + + if tt.preRegister != nil { + require.NoError(t, a.addServiceFromSource(tt.preRegister, nil, false, "", ConfigSourceLocal)) + } + if tt.preRegister2 != nil { + require.NoError(t, a.addServiceFromSource(tt.preRegister2, nil, false, "", ConfigSourceLocal)) + } + + // Create an ACL token with require policy + var token string + if tt.enableACL && tt.tokenRules != "" { + token = testCreateToken(t, a, tt.tokenRules) + } + + br := bytes.NewBufferString(tt.json) + + req, _ := http.NewRequest("PUT", "/v1/agent/service/register?token="+token, br) + resp := httptest.NewRecorder() + a.srv.h.ServeHTTP(resp, req) + if tt.wantErr != "" { + require.Contains(t, strings.ToLower(resp.Body.String()), strings.ToLower(tt.wantErr)) + return + } + require.Equal(t, 200, resp.Code, "request failed with body: %s", + resp.Body.String()) + + // Sanity the target service registration + svcs := a.State.AllServices() + + // Parse the expected definition into a ServiceDefinition + var sd structs.ServiceDefinition + err := json.Unmarshal([]byte(tt.json), &sd) + require.NoError(t, err) + require.NotEmpty(t, sd.Name) + + svcID := sd.ID + if svcID == "" { + svcID = sd.Name + } + sid := structs.NewServiceID(svcID, nil) + svc, ok := svcs[sid] + require.True(t, ok, "has service "+sid.String()) + assert.Equal(t, sd.Name, svc.Service) + assert.Equal(t, sd.Port, svc.Port) + // Ensure that the actual registered service _doesn't_ still have it's + // sidecar info since it's duplicate and we don't want that synced up to + // the catalog or included in responses particularly - it's just + // registration syntax sugar. + assert.Nil(t, svc.Connect.SidecarService) + + if tt.wantNS == nil { + // Sanity check that there was no service registered, we rely on there + // being no services at start of test so we can just use the count. + assert.Len(t, svcs, 1, "should be no sidecar registered") + return + } + + // Ensure sidecar + svc, ok = svcs[structs.NewServiceID(tt.wantNS.ID, nil)] + require.True(t, ok, "no sidecar registered at "+tt.wantNS.ID) + assert.Equal(t, tt.wantNS, svc) + + if tt.assertStateFn != nil { + tt.assertStateFn(t, a.State) + } + + // Now verify deregistration also removes sidecar (if there was one and it + // was added via sidecar not just coincidental ID clash) + { + req := httptest.NewRequest("PUT", + "/v1/agent/service/deregister/"+svcID+"?token="+token, nil) + resp := httptest.NewRecorder() + a.srv.h.ServeHTTP(resp, req) + require.Equal(t, http.StatusOK, resp.Code) + + svcs := a.State.AllServices() + _, ok = svcs[structs.NewServiceID(tt.wantNS.ID, nil)] + if tt.wantSidecarIDLeftAfterDereg { + require.True(t, ok, "removed non-sidecar service at "+tt.wantNS.ID) + } else { + require.False(t, ok, "sidecar not deregistered with service "+svcID) + } + } + }) + } +} + +// END HERE + // This tests that connect proxy validation is done for local agent // registration. This doesn't need to test validation exhaustively since // that is done via a table test in the structs package. diff --git a/agent/catalog_endpoint_test.go b/agent/catalog_endpoint_test.go index ff45a10cb..eb1b509e0 100644 --- a/agent/catalog_endpoint_test.go +++ b/agent/catalog_endpoint_test.go @@ -603,6 +603,63 @@ func TestCatalogRegister_checkRegistration(t *testing.T) { }) } +func TestCatalogRegister_checkRegistration_UDP(t *testing.T) { + if testing.Short() { + t.Skip("too slow for testing.Short") + } + + t.Parallel() + a := NewTestAgent(t, "") + defer a.Shutdown() + + // Register node with a service and check + check := structs.HealthCheck{ + Node: "foo", + CheckID: "foo-check", + Name: "foo check", + ServiceID: "api", + Definition: structs.HealthCheckDefinition{ + UDP: "localhost:8888", + Interval: 5 * time.Second, + }, + } + + args := &structs.RegisterRequest{ + Datacenter: "dc1", + Node: "foo", + Address: "127.0.0.1", + Service: &structs.NodeService{ + Service: "api", + }, + Check: &check, + } + + var out struct{} + if err := a.RPC("Catalog.Register", args, &out); err != nil { + t.Fatalf("err: %v", err) + } + + retry.Run(t, func(r *retry.R) { + req, _ := http.NewRequest("GET", "/v1/health/checks/api", nil) + resp := httptest.NewRecorder() + obj, err := a.srv.HealthServiceChecks(resp, req) + if err != nil { + r.Fatalf("err: %v", err) + } + + checks := obj.(structs.HealthChecks) + if len(checks) != 1 { + r.Fatalf("expected 1 check, got: %d", len(checks)) + } + if checks[0].CheckID != check.CheckID { + r.Fatalf("expected check id %s, got %s", check.Type, checks[0].Type) + } + if checks[0].Type != "udp" { + r.Fatalf("expected check type udp, got %s", checks[0].Type) + } + }) +} + func TestCatalogServiceNodes(t *testing.T) { if testing.Short() { t.Skip("too slow for testing.Short") diff --git a/agent/checks/check.go b/agent/checks/check.go index 3e3ce44f8..3712b31b8 100644 --- a/agent/checks/check.go +++ b/agent/checks/check.go @@ -1,6 +1,7 @@ package checks import ( + "bufio" "context" "crypto/tls" "fmt" @@ -703,6 +704,135 @@ func (c *CheckTCP) check() { c.StatusHandler.updateCheck(c.CheckID, api.HealthPassing, fmt.Sprintf("TCP connect %s: Success", c.TCP)) } +// CheckUDP is used to periodically send a UDP datagram to determine the health of a given check. +// The check is passing if the connection succeeds, the response is bytes.Equal to the bytes passed +// in or if the error returned is a timeout error +// The check is critical if: the connection succeeds but the response is not equal to the bytes passed in, +// the connection succeeds but the error returned is not a timeout error or the connection fails +type CheckUDP struct { + CheckID structs.CheckID + ServiceID structs.ServiceID + UDP string + Message string + Interval time.Duration + Timeout time.Duration + Logger hclog.Logger + StatusHandler *StatusHandler + + dialer *net.Dialer + stop bool + stopCh chan struct{} + stopLock sync.Mutex +} + +func (c *CheckUDP) Start() { + c.stopLock.Lock() + defer c.stopLock.Unlock() + + if c.dialer == nil { + // Create the socket dialer + c.dialer = &net.Dialer{ + Timeout: 10 * time.Second, + } + if c.Timeout > 0 { + c.dialer.Timeout = c.Timeout + } + } + + c.stop = false + c.stopCh = make(chan struct{}) + go c.run() +} + +func (c *CheckUDP) Stop() { + c.stopLock.Lock() + defer c.stopLock.Unlock() + if !c.stop { + c.stop = true + close(c.stopCh) + } +} + +func (c *CheckUDP) run() { + // Get the randomized initial pause time + initialPauseTime := lib.RandomStagger(c.Interval) + next := time.After(initialPauseTime) + for { + select { + case <-next: + c.check() + next = time.After(c.Interval) + case <-c.stopCh: + return + } + } + +} + +func (c *CheckUDP) check() { + + conn, err := c.dialer.Dial(`udp`, c.UDP) + + if err != nil { + if e, ok := err.(net.Error); ok && e.Timeout() { + c.StatusHandler.updateCheck(c.CheckID, api.HealthPassing, fmt.Sprintf("UDP connect %s: Success", c.UDP)) + return + } else { + c.Logger.Warn("Check socket connection failed", + "check", c.CheckID.String(), + "error", err, + ) + c.StatusHandler.updateCheck(c.CheckID, api.HealthCritical, err.Error()) + return + } + } + defer conn.Close() + + n, err := fmt.Fprintf(conn, c.Message) + if err != nil { + c.Logger.Warn("Check socket write failed", + "check", c.CheckID.String(), + "error", err, + ) + c.StatusHandler.updateCheck(c.CheckID, api.HealthCritical, err.Error()) + return + } + + if n != len(c.Message) { + c.Logger.Warn("Check socket short write", + "check", c.CheckID.String(), + "error", err, + ) + c.StatusHandler.updateCheck(c.CheckID, api.HealthCritical, err.Error()) + return + } + + if err != nil { + c.Logger.Warn("Check socket write failed", + "check", c.CheckID.String(), + "error", err, + ) + c.StatusHandler.updateCheck(c.CheckID, api.HealthCritical, err.Error()) + return + } + _, err = bufio.NewReader(conn).Read(make([]byte, 1)) + if err != nil { + if strings.Contains(err.Error(), "i/o timeout") { + c.StatusHandler.updateCheck(c.CheckID, api.HealthPassing, fmt.Sprintf("UDP connect %s: Success", c.UDP)) + return + } else { + c.Logger.Warn("Check socket read failed", + "check", c.CheckID.String(), + "error", err, + ) + c.StatusHandler.updateCheck(c.CheckID, api.HealthCritical, err.Error()) + return + } + } else if err == nil { + c.StatusHandler.updateCheck(c.CheckID, api.HealthPassing, fmt.Sprintf("UDP connect %s: Success", c.UDP)) + } +} + // CheckDocker is used to periodically invoke a script to // determine the health of an application running inside a // Docker Container. We assume that the script is compatible diff --git a/agent/checks/check_test.go b/agent/checks/check_test.go index caddee424..b8f16d890 100644 --- a/agent/checks/check_test.go +++ b/agent/checks/check_test.go @@ -2,20 +2,25 @@ package checks import ( "bytes" + "context" "fmt" + "log" "net" "net/http" "net/http/httptest" "os" "reflect" "regexp" + "strconv" "strings" + "sync" "testing" "time" "github.com/hashicorp/consul/agent/mock" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" + "github.com/hashicorp/consul/sdk/freeport" "github.com/hashicorp/consul/sdk/testutil" "github.com/hashicorp/consul/sdk/testutil/retry" "github.com/hashicorp/go-uuid" @@ -1141,6 +1146,152 @@ func TestCheckTCPPassing(t *testing.T) { tcpServer.Close() } +func sendResponse(conn *net.UDPConn, addr *net.UDPAddr) { + _, err := conn.WriteToUDP([]byte("healthy"), addr) + if err != nil { + fmt.Printf("Couldn't send response %v", err) + } +} + +func mockUDPServer(ctx context.Context, network string, port int) { + + b := make([]byte, 1024) + addr := fmt.Sprintf(`127.0.0.1:%d`, port) + + udpAddr, err := net.ResolveUDPAddr(network, addr) + if err != nil { + log.Fatal("Error resolving UDP address: ", err) + } + + ser, err := net.ListenUDP("udp", udpAddr) + if err != nil { + log.Fatal("Error listening UDP: ", err) + } + defer ser.Close() + + chClose := make(chan interface{}) + wg := sync.WaitGroup{} + wg.Add(1) + + go func() { + for { + log.Print("Waiting for UDP message") + _, remoteaddr, err := ser.ReadFromUDP(b) + log.Printf("Read a message from %v %s \n", remoteaddr, b) + if err != nil { + log.Fatalf("Error reading from UDP %s", err.Error()) + } + sendResponse(ser, remoteaddr) + select { + case <-chClose: + fmt.Println("cancelled") + wg.Done() + return + default: + } + } + }() + + select { + case <-ctx.Done(): + fmt.Println("cancelled") + close(chClose) + } + wg.Wait() + return +} + +func expectUDPStatus(t *testing.T, udp string, status string) { + notif := mock.NewNotify() + logger := testutil.Logger(t) + statusHandler := NewStatusHandler(notif, logger, 0, 0, 0) + cid := structs.NewCheckID("foo", nil) + + check := &CheckUDP{ + CheckID: cid, + UDP: udp, + Interval: 10 * time.Millisecond, + Logger: logger, + StatusHandler: statusHandler, + } + check.Start() + defer check.Stop() + retry.Run(t, func(r *retry.R) { + if got, want := notif.Updates(cid), 2; got < want { + r.Fatalf("got %d updates want at least %d", got, want) + } + if got, want := notif.State(cid), status; got != want { + r.Fatalf("got state %q want %q", got, want) + } + }) +} + +func expectUDPTimeout(t *testing.T, udp string, status string) { + notif := mock.NewNotify() + logger := testutil.Logger(t) + statusHandler := NewStatusHandler(notif, logger, 0, 0, 0) + cid := structs.NewCheckID("foo", nil) + + check := &CheckUDP{ + CheckID: cid, + UDP: udp, + Interval: 10 * time.Millisecond, + Timeout: 5 * time.Nanosecond, + Logger: logger, + StatusHandler: statusHandler, + } + check.Start() + defer check.Stop() + retry.Run(t, func(r *retry.R) { + if got, want := notif.Updates(cid), 2; got < want { + r.Fatalf("got %d updates want at least %d", got, want) + } + if got, want := notif.State(cid), status; got != want { + r.Fatalf("got state %q want %q", got, want) + } + }) +} + +func TestCheckUDPTimeoutPassing(t *testing.T) { + t.Parallel() + + ctx, cancel := context.WithCancel(context.Background()) + defer cancel() + + port := freeport.GetOne(t) + serverUrl := "127.0.0.1:" + strconv.Itoa(port) + + go mockUDPServer(ctx, `udp`, port) + expectUDPTimeout(t, serverUrl, api.HealthPassing) // Should pass since timeout is handled as success, from specification +} +func TestCheckUDPCritical(t *testing.T) { + t.Parallel() + + ctx, cancel := context.WithCancel(context.Background()) + defer cancel() + + port := freeport.GetOne(t) + notExistentPort := freeport.GetOne(t) + serverUrl := "127.0.0.1:" + strconv.Itoa(notExistentPort) + + go mockUDPServer(ctx, `udp`, port) + + expectUDPStatus(t, serverUrl, api.HealthCritical) // Should be unhealthy since we never connect to mocked udp server. +} + +func TestCheckUDPPassing(t *testing.T) { + t.Parallel() + + ctx, cancel := context.WithCancel(context.Background()) + defer cancel() + + port := freeport.GetOne(t) + serverUrl := "127.0.0.1:" + strconv.Itoa(port) + + go mockUDPServer(ctx, `udp`, port) + expectUDPStatus(t, serverUrl, api.HealthPassing) +} + func TestCheckH2PING(t *testing.T) { t.Parallel() diff --git a/agent/config/config.go b/agent/config/config.go index 0bb16cda5..dbca8e1cf 100644 --- a/agent/config/config.go +++ b/agent/config/config.go @@ -403,6 +403,7 @@ type CheckDefinition struct { DisableRedirects *bool `mapstructure:"disable_redirects"` OutputMaxSize *int `mapstructure:"output_max_size"` TCP *string `mapstructure:"tcp"` + UDP *string `mapstructure:"udp"` Interval *string `mapstructure:"interval"` DockerContainerID *string `mapstructure:"docker_container_id" alias:"dockercontainerid"` Shell *string `mapstructure:"shell"` diff --git a/agent/config/testdata/TestRuntimeConfig_Sanitize.golden b/agent/config/testdata/TestRuntimeConfig_Sanitize.golden index e49398b8d..090a7191a 100644 --- a/agent/config/testdata/TestRuntimeConfig_Sanitize.golden +++ b/agent/config/testdata/TestRuntimeConfig_Sanitize.golden @@ -118,7 +118,8 @@ "TLSSkipVerify": false, "TTL": "0s", "Timeout": "0s", - "Token": "hidden" + "Token": "hidden", + "UDP": "" } ], "ClientAddrs": [], @@ -324,7 +325,8 @@ "TLSServerName": "", "TLSSkipVerify": false, "TTL": "0s", - "Timeout": "0s" + "Timeout": "0s", + "UDP": "" }, "Checks": [], "Connect": null, diff --git a/agent/structs/check_definition.go b/agent/structs/check_definition.go index c991c993c..5f204ebf6 100644 --- a/agent/structs/check_definition.go +++ b/agent/structs/check_definition.go @@ -33,6 +33,7 @@ type CheckDefinition struct { Body string DisableRedirects bool TCP string + UDP string Interval time.Duration DockerContainerID string Shell string @@ -215,6 +216,7 @@ func (c *CheckDefinition) CheckType() *CheckType { DisableRedirects: c.DisableRedirects, OutputMaxSize: c.OutputMaxSize, TCP: c.TCP, + UDP: c.UDP, Interval: c.Interval, DockerContainerID: c.DockerContainerID, Shell: c.Shell, diff --git a/agent/structs/check_type.go b/agent/structs/check_type.go index 0c89a00f2..797895503 100644 --- a/agent/structs/check_type.go +++ b/agent/structs/check_type.go @@ -39,6 +39,7 @@ type CheckType struct { Body string DisableRedirects bool TCP string + UDP string Interval time.Duration AliasNode string AliasService string @@ -179,13 +180,13 @@ func (t *CheckType) UnmarshalJSON(data []byte) (err error) { // Validate returns an error message if the check is invalid func (c *CheckType) Validate() error { - intervalCheck := c.IsScript() || c.HTTP != "" || c.TCP != "" || c.GRPC != "" || c.H2PING != "" + intervalCheck := c.IsScript() || c.HTTP != "" || c.TCP != "" || c.UDP != "" || c.GRPC != "" || c.H2PING != "" if c.Interval > 0 && c.TTL > 0 { return fmt.Errorf("Interval and TTL cannot both be specified") } if intervalCheck && c.Interval <= 0 { - return fmt.Errorf("Interval must be > 0 for Script, HTTP, H2PING, or TCP checks") + return fmt.Errorf("Interval must be > 0 for Script, HTTP, H2PING, TCP or UDP checks") } if intervalCheck && c.IsAlias() { return fmt.Errorf("Interval cannot be set for Alias checks") @@ -241,6 +242,10 @@ func (c *CheckType) IsTCP() bool { return c.TCP != "" && c.Interval > 0 } +func (c *CheckType) IsUDP() bool { + return c.UDP != "" && c.Interval > 0 +} + // IsDocker returns true when checking a docker container. func (c *CheckType) IsDocker() bool { return c.IsScript() && c.DockerContainerID != "" && c.Interval > 0 @@ -266,6 +271,8 @@ func (c *CheckType) Type() string { return "ttl" case c.IsTCP(): return "tcp" + case c.IsUDP(): + return "udp" case c.IsAlias(): return "alias" case c.IsDocker(): diff --git a/agent/structs/structs.go b/agent/structs/structs.go index d53644ed7..94c425610 100644 --- a/agent/structs/structs.go +++ b/agent/structs/structs.go @@ -1670,7 +1670,7 @@ type HealthCheck struct { ServiceID string // optional associated service ServiceName string // optional service name ServiceTags []string // optional service tags - Type string // Check type: http/ttl/tcp/etc + Type string // Check type: http/ttl/tcp/udp/etc Interval string // from definition Timeout string // from definition @@ -1735,6 +1735,7 @@ type HealthCheckDefinition struct { Body string `json:",omitempty"` DisableRedirects bool `json:",omitempty"` TCP string `json:",omitempty"` + UDP string `json:",omitempty"` H2PING string `json:",omitempty"` H2PingUseTLS bool `json:",omitempty"` Interval time.Duration `json:",omitempty"` @@ -1885,6 +1886,7 @@ func (c *HealthCheck) CheckType() *CheckType { Body: c.Definition.Body, DisableRedirects: c.Definition.DisableRedirects, TCP: c.Definition.TCP, + UDP: c.Definition.UDP, H2PING: c.Definition.H2PING, H2PingUseTLS: c.Definition.H2PingUseTLS, Interval: c.Definition.Interval, diff --git a/api/agent.go b/api/agent.go index 724767556..61e829a64 100644 --- a/api/agent.go +++ b/api/agent.go @@ -333,6 +333,7 @@ type AgentServiceCheck struct { Method string `json:",omitempty"` Body string `json:",omitempty"` TCP string `json:",omitempty"` + UDP string `json:",omitempty"` Status string `json:",omitempty"` Notes string `json:",omitempty"` TLSServerName string `json:",omitempty"` diff --git a/api/health.go b/api/health.go index e70861c8a..2bcb3cb52 100644 --- a/api/health.go +++ b/api/health.go @@ -62,6 +62,7 @@ type HealthCheckDefinition struct { TLSServerName string TLSSkipVerify bool TCP string + UDP string GRPC string GRPCUseTLS bool IntervalDuration time.Duration `json:"-"` diff --git a/api/txn_test.go b/api/txn_test.go index cab3b4ff5..bf69b7bc8 100644 --- a/api/txn_test.go +++ b/api/txn_test.go @@ -56,6 +56,28 @@ func TestAPI_ClientTxn(t *testing.T) { DeregisterCriticalServiceAfter: ReadableDuration(160 * time.Second), }, }, + { + CheckID: "bor", + Status: "critical", + Definition: HealthCheckDefinition{ + UDP: "1.1.1.1", + Interval: ReadableDuration(5 * time.Second), + Timeout: ReadableDuration(10 * time.Second), + DeregisterCriticalServiceAfter: ReadableDuration(20 * time.Second), + }, + Type: "udp", + }, + { + CheckID: "bur", + Status: "passing", + Definition: HealthCheckDefinition{ + UDP: "2.2.2.2", + Interval: ReadableDuration(5 * time.Second), + Timeout: ReadableDuration(10 * time.Second), + DeregisterCriticalServiceAfter: ReadableDuration(20 * time.Second), + }, + Type: "udp", + }, }, } _, err = catalog.Register(reg, nil) @@ -115,6 +137,18 @@ func TestAPI_ClientTxn(t *testing.T) { Check: HealthCheck{Node: "foo", CheckID: "baz"}, }, }, + &TxnOp{ + Check: &CheckTxnOp{ + Verb: CheckGet, + Check: HealthCheck{Node: "foo", CheckID: "bor"}, + }, + }, + &TxnOp{ + Check: &CheckTxnOp{ + Verb: CheckGet, + Check: HealthCheck{Node: "foo", CheckID: "bur"}, + }, + }, } ok, ret, _, err := txn.Txn(ops, nil) if err != nil { @@ -141,7 +175,7 @@ func TestAPI_ClientTxn(t *testing.T) { t.Fatalf("transaction failure") } - if ret == nil || len(ret.Errors) != 0 || len(ret.Results) != 6 { + if ret == nil || len(ret.Errors) != 0 || len(ret.Results) != 8 { t.Fatalf("bad: %v", ret) } expected := TxnResults{ @@ -230,6 +264,48 @@ func TestAPI_ClientTxn(t *testing.T) { ModifyIndex: ret.Results[4].Check.CreateIndex, }, }, + &TxnResult{ + Check: &HealthCheck{ + Node: "foo", + CheckID: "bor", + Status: "critical", + Definition: HealthCheckDefinition{ + UDP: "1.1.1.1", + Interval: ReadableDuration(5 * time.Second), + IntervalDuration: 5 * time.Second, + Timeout: ReadableDuration(10 * time.Second), + TimeoutDuration: 10 * time.Second, + DeregisterCriticalServiceAfter: ReadableDuration(20 * time.Second), + DeregisterCriticalServiceAfterDuration: 20 * time.Second, + }, + Type: "udp", + Partition: splitDefaultPartition, + Namespace: splitDefaultNamespace, + CreateIndex: ret.Results[4].Check.CreateIndex, + ModifyIndex: ret.Results[4].Check.CreateIndex, + }, + }, + &TxnResult{ + Check: &HealthCheck{ + Node: "foo", + CheckID: "bur", + Status: "passing", + Definition: HealthCheckDefinition{ + UDP: "2.2.2.2", + Interval: ReadableDuration(5 * time.Second), + IntervalDuration: 5 * time.Second, + Timeout: ReadableDuration(10 * time.Second), + TimeoutDuration: 10 * time.Second, + DeregisterCriticalServiceAfter: ReadableDuration(20 * time.Second), + DeregisterCriticalServiceAfterDuration: 20 * time.Second, + }, + Type: "udp", + Partition: splitDefaultPartition, + Namespace: splitDefaultNamespace, + CreateIndex: ret.Results[4].Check.CreateIndex, + ModifyIndex: ret.Results[4].Check.CreateIndex, + }, + }, } require.Equal(t, expected, ret.Results) diff --git a/build-support/scripts/devtools.sh b/build-support/scripts/devtools.sh index 32aea96bd..1d2078abc 100755 --- a/build-support/scripts/devtools.sh +++ b/build-support/scripts/devtools.sh @@ -149,10 +149,10 @@ function install_unversioned_tool { local install="$2" if ! command -v "${command}" &>/dev/null ; then - status_stage "installing tool: ${install}" + echo "installing tool: ${install}" go install "${install}" else - debug "skipping tool: ${install} (installed)" + echo "skipping tool: ${install} (installed)" fi return 0 @@ -183,7 +183,7 @@ function install_versioned_tool { err "dev version of '${command}' requested but not installed" return 1 fi - status "skipping tool: ${installbase} (using development version)" + echo "skipping tool: ${installbase} (using development version)" return 0 fi @@ -210,10 +210,10 @@ function install_versioned_tool { fi if [[ -n $should_install ]]; then - status_stage "installing tool (${install_reason}): ${install}" + echo "installing tool (${install_reason}): ${install}" go install "${install}" else - debug "skipping tool: ${install} (installed)" + echo "skipping tool: ${install} (installed)" fi return 0 } diff --git a/proto/pbservice/healthcheck.gen.go b/proto/pbservice/healthcheck.gen.go index 4eef24bef..cfaadc2b4 100644 --- a/proto/pbservice/healthcheck.gen.go +++ b/proto/pbservice/healthcheck.gen.go @@ -21,6 +21,7 @@ func CheckTypeToStructs(s *CheckType, t *structs.CheckType) { t.Body = s.Body t.DisableRedirects = s.DisableRedirects t.TCP = s.TCP + t.UDP = s.UDP t.Interval = structs.DurationFromProto(s.Interval) t.AliasNode = s.AliasNode t.AliasService = s.AliasService @@ -57,6 +58,7 @@ func CheckTypeFromStructs(t *structs.CheckType, s *CheckType) { s.Body = t.Body s.DisableRedirects = t.DisableRedirects s.TCP = t.TCP + s.UDP = t.UDP s.Interval = structs.DurationToProto(t.Interval) s.AliasNode = t.AliasNode s.AliasService = t.AliasService @@ -138,6 +140,7 @@ func HealthCheckDefinitionToStructs(s *HealthCheckDefinition, t *structs.HealthC t.Body = s.Body t.DisableRedirects = s.DisableRedirects t.TCP = s.TCP + t.UDP = s.UDP t.H2PING = s.H2PING t.H2PingUseTLS = s.H2PingUseTLS t.Interval = structs.DurationFromProto(s.Interval) @@ -165,6 +168,7 @@ func HealthCheckDefinitionFromStructs(t *structs.HealthCheckDefinition, s *Healt s.Body = t.Body s.DisableRedirects = t.DisableRedirects s.TCP = t.TCP + s.UDP = t.UDP s.H2PING = t.H2PING s.H2PingUseTLS = t.H2PingUseTLS s.Interval = structs.DurationToProto(t.Interval) diff --git a/proto/pbservice/healthcheck.pb.go b/proto/pbservice/healthcheck.pb.go index 317f7f6db..964ee2257 100644 --- a/proto/pbservice/healthcheck.pb.go +++ b/proto/pbservice/healthcheck.pb.go @@ -276,6 +276,7 @@ type HealthCheckDefinition struct { Body string `protobuf:"bytes,18,opt,name=Body,proto3" json:"Body,omitempty"` DisableRedirects bool `protobuf:"varint,22,opt,name=DisableRedirects,proto3" json:"DisableRedirects,omitempty"` TCP string `protobuf:"bytes,5,opt,name=TCP,proto3" json:"TCP,omitempty"` + UDP string `protobuf:"bytes,23,opt,name=UDP,proto3" json:"UDP,omitempty"` // mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto Interval *durationpb.Duration `protobuf:"bytes,6,opt,name=Interval,proto3" json:"Interval,omitempty"` // mog: func-to=uint func-from=uint32 @@ -385,6 +386,13 @@ func (x *HealthCheckDefinition) GetTCP() string { return "" } +func (x *HealthCheckDefinition) GetUDP() string { + if x != nil { + return x.UDP + } + return "" +} + func (x *HealthCheckDefinition) GetInterval() *durationpb.Duration { if x != nil { return x.Interval @@ -513,6 +521,7 @@ type CheckType struct { Body string `protobuf:"bytes,26,opt,name=Body,proto3" json:"Body,omitempty"` DisableRedirects bool `protobuf:"varint,31,opt,name=DisableRedirects,proto3" json:"DisableRedirects,omitempty"` TCP string `protobuf:"bytes,8,opt,name=TCP,proto3" json:"TCP,omitempty"` + UDP string `protobuf:"bytes,32,opt,name=UDP,proto3" json:"UDP,omitempty"` // mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto Interval *durationpb.Duration `protobuf:"bytes,9,opt,name=Interval,proto3" json:"Interval,omitempty"` AliasNode string `protobuf:"bytes,10,opt,name=AliasNode,proto3" json:"AliasNode,omitempty"` @@ -656,6 +665,13 @@ func (x *CheckType) GetTCP() string { return "" } +func (x *CheckType) GetUDP() string { + if x != nil { + return x.UDP + } + return "" +} + func (x *CheckType) GetInterval() *durationpb.Duration { if x != nil { return x.Interval @@ -843,7 +859,7 @@ var file_proto_pbservice_healthcheck_proto_rawDesc = []byte{ 0x28, 0x09, 0x52, 0x08, 0x50, 0x65, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x22, 0x23, 0x0a, 0x0b, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x05, 0x56, 0x61, 0x6c, 0x75, - 0x65, 0x22, 0xae, 0x07, 0x0a, 0x15, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, + 0x65, 0x22, 0xc0, 0x07, 0x0a, 0x15, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x44, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x48, 0x54, 0x54, 0x50, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x48, 0x54, 0x54, 0x50, 0x12, 0x24, 0x0a, 0x0d, 0x54, 0x4c, 0x53, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, @@ -861,134 +877,136 @@ var file_proto_pbservice_healthcheck_proto_rawDesc = []byte{ 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x73, 0x18, 0x16, 0x20, 0x01, 0x28, 0x08, 0x52, 0x10, 0x44, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x73, 0x12, 0x10, 0x0a, 0x03, 0x54, 0x43, 0x50, 0x18, 0x05, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x54, 0x43, 0x50, 0x12, 0x35, 0x0a, 0x08, 0x49, 0x6e, 0x74, - 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, - 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, - 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x08, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, - 0x12, 0x24, 0x0a, 0x0d, 0x4f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x4d, 0x61, 0x78, 0x53, 0x69, 0x7a, - 0x65, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0d, 0x4f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x4d, - 0x61, 0x78, 0x53, 0x69, 0x7a, 0x65, 0x12, 0x33, 0x0a, 0x07, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, - 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x52, 0x07, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x61, 0x0a, 0x1e, 0x44, - 0x65, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x43, 0x72, 0x69, 0x74, 0x69, 0x63, 0x61, - 0x6c, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x41, 0x66, 0x74, 0x65, 0x72, 0x18, 0x08, 0x20, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x54, 0x43, 0x50, 0x12, 0x10, 0x0a, 0x03, 0x55, 0x44, 0x50, + 0x18, 0x17, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x55, 0x44, 0x50, 0x12, 0x35, 0x0a, 0x08, 0x49, + 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, + 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, + 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x08, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, + 0x61, 0x6c, 0x12, 0x24, 0x0a, 0x0d, 0x4f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x4d, 0x61, 0x78, 0x53, + 0x69, 0x7a, 0x65, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0d, 0x4f, 0x75, 0x74, 0x70, 0x75, + 0x74, 0x4d, 0x61, 0x78, 0x53, 0x69, 0x7a, 0x65, 0x12, 0x33, 0x0a, 0x07, 0x54, 0x69, 0x6d, 0x65, + 0x6f, 0x75, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, + 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x07, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x61, 0x0a, + 0x1e, 0x44, 0x65, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x43, 0x72, 0x69, 0x74, 0x69, + 0x63, 0x61, 0x6c, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x41, 0x66, 0x74, 0x65, 0x72, 0x18, + 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x52, 0x1e, 0x44, 0x65, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x43, 0x72, 0x69, 0x74, + 0x69, 0x63, 0x61, 0x6c, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x41, 0x66, 0x74, 0x65, 0x72, + 0x12, 0x1e, 0x0a, 0x0a, 0x53, 0x63, 0x72, 0x69, 0x70, 0x74, 0x41, 0x72, 0x67, 0x73, 0x18, 0x0a, + 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x53, 0x63, 0x72, 0x69, 0x70, 0x74, 0x41, 0x72, 0x67, 0x73, + 0x12, 0x2c, 0x0a, 0x11, 0x44, 0x6f, 0x63, 0x6b, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, + 0x6e, 0x65, 0x72, 0x49, 0x44, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x44, 0x6f, 0x63, + 0x6b, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x49, 0x44, 0x12, 0x14, + 0x0a, 0x05, 0x53, 0x68, 0x65, 0x6c, 0x6c, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x53, + 0x68, 0x65, 0x6c, 0x6c, 0x12, 0x16, 0x0a, 0x06, 0x48, 0x32, 0x50, 0x49, 0x4e, 0x47, 0x18, 0x14, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x48, 0x32, 0x50, 0x49, 0x4e, 0x47, 0x12, 0x22, 0x0a, 0x0c, + 0x48, 0x32, 0x50, 0x69, 0x6e, 0x67, 0x55, 0x73, 0x65, 0x54, 0x4c, 0x53, 0x18, 0x15, 0x20, 0x01, + 0x28, 0x08, 0x52, 0x0c, 0x48, 0x32, 0x50, 0x69, 0x6e, 0x67, 0x55, 0x73, 0x65, 0x54, 0x4c, 0x53, + 0x12, 0x12, 0x0a, 0x04, 0x47, 0x52, 0x50, 0x43, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, + 0x47, 0x52, 0x50, 0x43, 0x12, 0x1e, 0x0a, 0x0a, 0x47, 0x52, 0x50, 0x43, 0x55, 0x73, 0x65, 0x54, + 0x4c, 0x53, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x47, 0x52, 0x50, 0x43, 0x55, 0x73, + 0x65, 0x54, 0x4c, 0x53, 0x12, 0x1c, 0x0a, 0x09, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x4e, 0x6f, 0x64, + 0x65, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x4e, 0x6f, + 0x64, 0x65, 0x12, 0x22, 0x0a, 0x0c, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x53, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0x18, 0x10, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x53, + 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x2b, 0x0a, 0x03, 0x54, 0x54, 0x4c, 0x18, 0x11, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x1e, - 0x44, 0x65, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x43, 0x72, 0x69, 0x74, 0x69, 0x63, - 0x61, 0x6c, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x41, 0x66, 0x74, 0x65, 0x72, 0x12, 0x1e, - 0x0a, 0x0a, 0x53, 0x63, 0x72, 0x69, 0x70, 0x74, 0x41, 0x72, 0x67, 0x73, 0x18, 0x0a, 0x20, 0x03, - 0x28, 0x09, 0x52, 0x0a, 0x53, 0x63, 0x72, 0x69, 0x70, 0x74, 0x41, 0x72, 0x67, 0x73, 0x12, 0x2c, - 0x0a, 0x11, 0x44, 0x6f, 0x63, 0x6b, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, - 0x72, 0x49, 0x44, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x44, 0x6f, 0x63, 0x6b, 0x65, - 0x72, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x49, 0x44, 0x12, 0x14, 0x0a, 0x05, - 0x53, 0x68, 0x65, 0x6c, 0x6c, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x53, 0x68, 0x65, - 0x6c, 0x6c, 0x12, 0x16, 0x0a, 0x06, 0x48, 0x32, 0x50, 0x49, 0x4e, 0x47, 0x18, 0x14, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x06, 0x48, 0x32, 0x50, 0x49, 0x4e, 0x47, 0x12, 0x22, 0x0a, 0x0c, 0x48, 0x32, - 0x50, 0x69, 0x6e, 0x67, 0x55, 0x73, 0x65, 0x54, 0x4c, 0x53, 0x18, 0x15, 0x20, 0x01, 0x28, 0x08, - 0x52, 0x0c, 0x48, 0x32, 0x50, 0x69, 0x6e, 0x67, 0x55, 0x73, 0x65, 0x54, 0x4c, 0x53, 0x12, 0x12, - 0x0a, 0x04, 0x47, 0x52, 0x50, 0x43, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x47, 0x52, - 0x50, 0x43, 0x12, 0x1e, 0x0a, 0x0a, 0x47, 0x52, 0x50, 0x43, 0x55, 0x73, 0x65, 0x54, 0x4c, 0x53, - 0x18, 0x0e, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x47, 0x52, 0x50, 0x43, 0x55, 0x73, 0x65, 0x54, - 0x4c, 0x53, 0x12, 0x1c, 0x0a, 0x09, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x4e, 0x6f, 0x64, 0x65, 0x18, - 0x0f, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x4e, 0x6f, 0x64, 0x65, - 0x12, 0x22, 0x0a, 0x0c, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, - 0x18, 0x10, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x53, 0x65, 0x72, - 0x76, 0x69, 0x63, 0x65, 0x12, 0x2b, 0x0a, 0x03, 0x54, 0x54, 0x4c, 0x18, 0x11, 0x20, 0x01, 0x28, + 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x03, + 0x54, 0x54, 0x4c, 0x1a, 0x4f, 0x0a, 0x0b, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x45, 0x6e, 0x74, + 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x03, 0x6b, 0x65, 0x79, 0x12, 0x2a, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x48, 0x65, + 0x61, 0x64, 0x65, 0x72, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, + 0x3a, 0x02, 0x38, 0x01, 0x22, 0xe2, 0x09, 0x0a, 0x09, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x54, 0x79, + 0x70, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x49, 0x44, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x07, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x49, 0x44, 0x12, 0x12, 0x0a, 0x04, + 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, + 0x12, 0x16, 0x0a, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x14, 0x0a, 0x05, 0x4e, 0x6f, 0x74, 0x65, + 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x4e, 0x6f, 0x74, 0x65, 0x73, 0x12, 0x1e, + 0x0a, 0x0a, 0x53, 0x63, 0x72, 0x69, 0x70, 0x74, 0x41, 0x72, 0x67, 0x73, 0x18, 0x05, 0x20, 0x03, + 0x28, 0x09, 0x52, 0x0a, 0x53, 0x63, 0x72, 0x69, 0x70, 0x74, 0x41, 0x72, 0x67, 0x73, 0x12, 0x12, + 0x0a, 0x04, 0x48, 0x54, 0x54, 0x50, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x48, 0x54, + 0x54, 0x50, 0x12, 0x36, 0x0a, 0x06, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x18, 0x14, 0x20, 0x03, + 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x43, 0x68, 0x65, + 0x63, 0x6b, 0x54, 0x79, 0x70, 0x65, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x45, 0x6e, 0x74, + 0x72, 0x79, 0x52, 0x06, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12, 0x16, 0x0a, 0x06, 0x4d, 0x65, + 0x74, 0x68, 0x6f, 0x64, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x4d, 0x65, 0x74, 0x68, + 0x6f, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x42, 0x6f, 0x64, 0x79, 0x18, 0x1a, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x04, 0x42, 0x6f, 0x64, 0x79, 0x12, 0x2a, 0x0a, 0x10, 0x44, 0x69, 0x73, 0x61, 0x62, 0x6c, + 0x65, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x73, 0x18, 0x1f, 0x20, 0x01, 0x28, 0x08, + 0x52, 0x10, 0x44, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, + 0x74, 0x73, 0x12, 0x10, 0x0a, 0x03, 0x54, 0x43, 0x50, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x03, 0x54, 0x43, 0x50, 0x12, 0x10, 0x0a, 0x03, 0x55, 0x44, 0x50, 0x18, 0x20, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x03, 0x55, 0x44, 0x50, 0x12, 0x35, 0x0a, 0x08, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, + 0x61, 0x6c, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, + 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x52, 0x08, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, 0x1c, 0x0a, + 0x09, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x4e, 0x6f, 0x64, 0x65, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x09, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x4e, 0x6f, 0x64, 0x65, 0x12, 0x22, 0x0a, 0x0c, 0x41, + 0x6c, 0x69, 0x61, 0x73, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x18, 0x0b, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x0c, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, + 0x2c, 0x0a, 0x11, 0x44, 0x6f, 0x63, 0x6b, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, + 0x65, 0x72, 0x49, 0x44, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x44, 0x6f, 0x63, 0x6b, + 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x49, 0x44, 0x12, 0x14, 0x0a, + 0x05, 0x53, 0x68, 0x65, 0x6c, 0x6c, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x53, 0x68, + 0x65, 0x6c, 0x6c, 0x12, 0x16, 0x0a, 0x06, 0x48, 0x32, 0x50, 0x49, 0x4e, 0x47, 0x18, 0x1c, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x06, 0x48, 0x32, 0x50, 0x49, 0x4e, 0x47, 0x12, 0x22, 0x0a, 0x0c, 0x48, + 0x32, 0x50, 0x69, 0x6e, 0x67, 0x55, 0x73, 0x65, 0x54, 0x4c, 0x53, 0x18, 0x1e, 0x20, 0x01, 0x28, + 0x08, 0x52, 0x0c, 0x48, 0x32, 0x50, 0x69, 0x6e, 0x67, 0x55, 0x73, 0x65, 0x54, 0x4c, 0x53, 0x12, + 0x12, 0x0a, 0x04, 0x47, 0x52, 0x50, 0x43, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x47, + 0x52, 0x50, 0x43, 0x12, 0x1e, 0x0a, 0x0a, 0x47, 0x52, 0x50, 0x43, 0x55, 0x73, 0x65, 0x54, 0x4c, + 0x53, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x47, 0x52, 0x50, 0x43, 0x55, 0x73, 0x65, + 0x54, 0x4c, 0x53, 0x12, 0x24, 0x0a, 0x0d, 0x54, 0x4c, 0x53, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, + 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x1b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x54, 0x4c, 0x53, 0x53, + 0x65, 0x72, 0x76, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x24, 0x0a, 0x0d, 0x54, 0x4c, 0x53, + 0x53, 0x6b, 0x69, 0x70, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x18, 0x10, 0x20, 0x01, 0x28, 0x08, + 0x52, 0x0d, 0x54, 0x4c, 0x53, 0x53, 0x6b, 0x69, 0x70, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x12, + 0x33, 0x0a, 0x07, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x11, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, + 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x07, 0x54, 0x69, 0x6d, + 0x65, 0x6f, 0x75, 0x74, 0x12, 0x2b, 0x0a, 0x03, 0x54, 0x54, 0x4c, 0x18, 0x12, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x03, 0x54, 0x54, - 0x4c, 0x1a, 0x4f, 0x0a, 0x0b, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x45, 0x6e, 0x74, 0x72, 0x79, - 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, - 0x65, 0x79, 0x12, 0x2a, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x14, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x48, 0x65, 0x61, 0x64, - 0x65, 0x72, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, - 0x38, 0x01, 0x22, 0xd0, 0x09, 0x0a, 0x09, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x54, 0x79, 0x70, 0x65, - 0x12, 0x18, 0x0a, 0x07, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x07, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x49, 0x44, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, - 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x16, - 0x0a, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, - 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x14, 0x0a, 0x05, 0x4e, 0x6f, 0x74, 0x65, 0x73, 0x18, - 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x4e, 0x6f, 0x74, 0x65, 0x73, 0x12, 0x1e, 0x0a, 0x0a, - 0x53, 0x63, 0x72, 0x69, 0x70, 0x74, 0x41, 0x72, 0x67, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, - 0x52, 0x0a, 0x53, 0x63, 0x72, 0x69, 0x70, 0x74, 0x41, 0x72, 0x67, 0x73, 0x12, 0x12, 0x0a, 0x04, - 0x48, 0x54, 0x54, 0x50, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x48, 0x54, 0x54, 0x50, - 0x12, 0x36, 0x0a, 0x06, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x18, 0x14, 0x20, 0x03, 0x28, 0x0b, - 0x32, 0x1e, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x43, 0x68, 0x65, 0x63, 0x6b, - 0x54, 0x79, 0x70, 0x65, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x45, 0x6e, 0x74, 0x72, 0x79, - 0x52, 0x06, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12, 0x16, 0x0a, 0x06, 0x4d, 0x65, 0x74, 0x68, - 0x6f, 0x64, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, - 0x12, 0x12, 0x0a, 0x04, 0x42, 0x6f, 0x64, 0x79, 0x18, 0x1a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, - 0x42, 0x6f, 0x64, 0x79, 0x12, 0x2a, 0x0a, 0x10, 0x44, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x52, - 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x73, 0x18, 0x1f, 0x20, 0x01, 0x28, 0x08, 0x52, 0x10, - 0x44, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x73, - 0x12, 0x10, 0x0a, 0x03, 0x54, 0x43, 0x50, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x54, - 0x43, 0x50, 0x12, 0x35, 0x0a, 0x08, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x09, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, - 0x08, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, 0x1c, 0x0a, 0x09, 0x41, 0x6c, 0x69, - 0x61, 0x73, 0x4e, 0x6f, 0x64, 0x65, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x41, 0x6c, - 0x69, 0x61, 0x73, 0x4e, 0x6f, 0x64, 0x65, 0x12, 0x22, 0x0a, 0x0c, 0x41, 0x6c, 0x69, 0x61, 0x73, - 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x41, - 0x6c, 0x69, 0x61, 0x73, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x2c, 0x0a, 0x11, 0x44, - 0x6f, 0x63, 0x6b, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x49, 0x44, - 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x44, 0x6f, 0x63, 0x6b, 0x65, 0x72, 0x43, 0x6f, - 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x49, 0x44, 0x12, 0x14, 0x0a, 0x05, 0x53, 0x68, 0x65, - 0x6c, 0x6c, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x53, 0x68, 0x65, 0x6c, 0x6c, 0x12, - 0x16, 0x0a, 0x06, 0x48, 0x32, 0x50, 0x49, 0x4e, 0x47, 0x18, 0x1c, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x06, 0x48, 0x32, 0x50, 0x49, 0x4e, 0x47, 0x12, 0x22, 0x0a, 0x0c, 0x48, 0x32, 0x50, 0x69, 0x6e, - 0x67, 0x55, 0x73, 0x65, 0x54, 0x4c, 0x53, 0x18, 0x1e, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0c, 0x48, - 0x32, 0x50, 0x69, 0x6e, 0x67, 0x55, 0x73, 0x65, 0x54, 0x4c, 0x53, 0x12, 0x12, 0x0a, 0x04, 0x47, - 0x52, 0x50, 0x43, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x47, 0x52, 0x50, 0x43, 0x12, - 0x1e, 0x0a, 0x0a, 0x47, 0x52, 0x50, 0x43, 0x55, 0x73, 0x65, 0x54, 0x4c, 0x53, 0x18, 0x0f, 0x20, - 0x01, 0x28, 0x08, 0x52, 0x0a, 0x47, 0x52, 0x50, 0x43, 0x55, 0x73, 0x65, 0x54, 0x4c, 0x53, 0x12, - 0x24, 0x0a, 0x0d, 0x54, 0x4c, 0x53, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, - 0x18, 0x1b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x54, 0x4c, 0x53, 0x53, 0x65, 0x72, 0x76, 0x65, - 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x24, 0x0a, 0x0d, 0x54, 0x4c, 0x53, 0x53, 0x6b, 0x69, 0x70, - 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x18, 0x10, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0d, 0x54, 0x4c, - 0x53, 0x53, 0x6b, 0x69, 0x70, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x12, 0x33, 0x0a, 0x07, 0x54, - 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x11, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, - 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, - 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x07, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, - 0x12, 0x2b, 0x0a, 0x03, 0x54, 0x54, 0x4c, 0x18, 0x12, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, - 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, - 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x03, 0x54, 0x54, 0x4c, 0x12, 0x32, 0x0a, + 0x4c, 0x12, 0x32, 0x0a, 0x14, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x42, 0x65, 0x66, 0x6f, + 0x72, 0x65, 0x50, 0x61, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x18, 0x15, 0x20, 0x01, 0x28, 0x05, 0x52, 0x14, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x42, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x50, 0x61, - 0x73, 0x73, 0x69, 0x6e, 0x67, 0x18, 0x15, 0x20, 0x01, 0x28, 0x05, 0x52, 0x14, 0x53, 0x75, 0x63, - 0x63, 0x65, 0x73, 0x73, 0x42, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x50, 0x61, 0x73, 0x73, 0x69, 0x6e, - 0x67, 0x12, 0x34, 0x0a, 0x15, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x73, 0x42, 0x65, 0x66, - 0x6f, 0x72, 0x65, 0x57, 0x61, 0x72, 0x6e, 0x69, 0x6e, 0x67, 0x18, 0x1d, 0x20, 0x01, 0x28, 0x05, - 0x52, 0x15, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x73, 0x42, 0x65, 0x66, 0x6f, 0x72, 0x65, - 0x57, 0x61, 0x72, 0x6e, 0x69, 0x6e, 0x67, 0x12, 0x36, 0x0a, 0x16, 0x46, 0x61, 0x69, 0x6c, 0x75, - 0x72, 0x65, 0x73, 0x42, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x43, 0x72, 0x69, 0x74, 0x69, 0x63, 0x61, - 0x6c, 0x18, 0x16, 0x20, 0x01, 0x28, 0x05, 0x52, 0x16, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, - 0x73, 0x42, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x43, 0x72, 0x69, 0x74, 0x69, 0x63, 0x61, 0x6c, 0x12, - 0x1c, 0x0a, 0x09, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x48, 0x54, 0x54, 0x50, 0x18, 0x17, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x09, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x48, 0x54, 0x54, 0x50, 0x12, 0x1c, 0x0a, - 0x09, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x47, 0x52, 0x50, 0x43, 0x18, 0x18, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x09, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x47, 0x52, 0x50, 0x43, 0x12, 0x61, 0x0a, 0x1e, 0x44, - 0x65, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x43, 0x72, 0x69, 0x74, 0x69, 0x63, 0x61, - 0x6c, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x41, 0x66, 0x74, 0x65, 0x72, 0x18, 0x13, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x1e, - 0x44, 0x65, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x43, 0x72, 0x69, 0x74, 0x69, 0x63, - 0x61, 0x6c, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x41, 0x66, 0x74, 0x65, 0x72, 0x12, 0x24, - 0x0a, 0x0d, 0x4f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x4d, 0x61, 0x78, 0x53, 0x69, 0x7a, 0x65, 0x18, - 0x19, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0d, 0x4f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x4d, 0x61, 0x78, - 0x53, 0x69, 0x7a, 0x65, 0x1a, 0x4f, 0x0a, 0x0b, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x45, 0x6e, - 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x2a, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x48, - 0x65, 0x61, 0x64, 0x65, 0x72, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, - 0x65, 0x3a, 0x02, 0x38, 0x01, 0x42, 0x88, 0x01, 0x0a, 0x0b, 0x63, 0x6f, 0x6d, 0x2e, 0x73, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x42, 0x10, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x63, 0x68, 0x65, - 0x63, 0x6b, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2b, 0x67, 0x69, 0x74, 0x68, 0x75, - 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, - 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x73, - 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0xa2, 0x02, 0x03, 0x53, 0x58, 0x58, 0xaa, 0x02, 0x07, 0x53, - 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0xca, 0x02, 0x07, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, - 0xe2, 0x02, 0x13, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, - 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x07, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, - 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x73, 0x73, 0x69, 0x6e, 0x67, 0x12, 0x34, 0x0a, 0x15, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, + 0x73, 0x42, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x57, 0x61, 0x72, 0x6e, 0x69, 0x6e, 0x67, 0x18, 0x1d, + 0x20, 0x01, 0x28, 0x05, 0x52, 0x15, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x73, 0x42, 0x65, + 0x66, 0x6f, 0x72, 0x65, 0x57, 0x61, 0x72, 0x6e, 0x69, 0x6e, 0x67, 0x12, 0x36, 0x0a, 0x16, 0x46, + 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x73, 0x42, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x43, 0x72, 0x69, + 0x74, 0x69, 0x63, 0x61, 0x6c, 0x18, 0x16, 0x20, 0x01, 0x28, 0x05, 0x52, 0x16, 0x46, 0x61, 0x69, + 0x6c, 0x75, 0x72, 0x65, 0x73, 0x42, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x43, 0x72, 0x69, 0x74, 0x69, + 0x63, 0x61, 0x6c, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x48, 0x54, 0x54, 0x50, + 0x18, 0x17, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x48, 0x54, 0x54, + 0x50, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x47, 0x52, 0x50, 0x43, 0x18, 0x18, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x47, 0x52, 0x50, 0x43, 0x12, + 0x61, 0x0a, 0x1e, 0x44, 0x65, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x43, 0x72, 0x69, + 0x74, 0x69, 0x63, 0x61, 0x6c, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x41, 0x66, 0x74, 0x65, + 0x72, 0x18, 0x13, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x52, 0x1e, 0x44, 0x65, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x43, 0x72, + 0x69, 0x74, 0x69, 0x63, 0x61, 0x6c, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x41, 0x66, 0x74, + 0x65, 0x72, 0x12, 0x24, 0x0a, 0x0d, 0x4f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x4d, 0x61, 0x78, 0x53, + 0x69, 0x7a, 0x65, 0x18, 0x19, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0d, 0x4f, 0x75, 0x74, 0x70, 0x75, + 0x74, 0x4d, 0x61, 0x78, 0x53, 0x69, 0x7a, 0x65, 0x1a, 0x4f, 0x0a, 0x0b, 0x48, 0x65, 0x61, 0x64, + 0x65, 0x72, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x2a, 0x0a, 0x05, 0x76, 0x61, 0x6c, + 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x05, + 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x42, 0x88, 0x01, 0x0a, 0x0b, 0x63, 0x6f, + 0x6d, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x42, 0x10, 0x48, 0x65, 0x61, 0x6c, 0x74, + 0x68, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2b, 0x67, + 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, + 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x2f, 0x70, 0x62, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0xa2, 0x02, 0x03, 0x53, 0x58, 0x58, + 0xaa, 0x02, 0x07, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0xca, 0x02, 0x07, 0x53, 0x65, 0x72, + 0x76, 0x69, 0x63, 0x65, 0xe2, 0x02, 0x13, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5c, 0x47, + 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x07, 0x53, 0x65, 0x72, + 0x76, 0x69, 0x63, 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/proto/pbservice/healthcheck.proto b/proto/pbservice/healthcheck.proto index 4ce8f8ec7..a284d7cdb 100644 --- a/proto/pbservice/healthcheck.proto +++ b/proto/pbservice/healthcheck.proto @@ -63,6 +63,7 @@ message HealthCheckDefinition { string Body = 18; bool DisableRedirects = 22; string TCP = 5; + string UDP = 23; // mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto google.protobuf.Duration Interval = 6; @@ -112,6 +113,7 @@ message CheckType { string Body = 26; bool DisableRedirects = 31; string TCP = 8; + string UDP = 32; // mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto google.protobuf.Duration Interval = 9; @@ -125,6 +127,7 @@ message CheckType { bool GRPCUseTLS = 15; string TLSServerName = 27; bool TLSSkipVerify = 16; + // mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto google.protobuf.Duration Timeout = 17; // mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto diff --git a/website/content/api-docs/agent/check.mdx b/website/content/api-docs/agent/check.mdx index 7d5ddf3cb..eafbb17c4 100644 --- a/website/content/api-docs/agent/check.mdx +++ b/website/content/api-docs/agent/check.mdx @@ -98,7 +98,7 @@ the following selectors and filter operations being supported: ## Register Check This endpoint adds a new check to the local agent. Checks may be of script, -HTTP, TCP, or TTL type. The agent is responsible for managing the status of the +HTTP, TCP, UDP, or TTL type. The agent is responsible for managing the status of the check and keeping the Catalog in sync. | Method | Path | Produces | @@ -133,7 +133,7 @@ The table below shows this endpoint's support for one of several [other methods to specify the namespace](#methods-to-specify-namespace). - `Interval` `(string: "")` - Specifies the frequency at which to run this - check. This is required for HTTP and TCP checks. + check. This is required for HTTP, TCP, and UDP checks. - `Notes` `(string: "")` - Specifies arbitrary information for humans. This is not used by Consul internally. @@ -212,7 +212,7 @@ The table below shows this endpoint's support for be set for `HTTP` checks. Each header can have multiple values. - `Timeout` `(duration: 10s)` - Specifies a timeout for outgoing connections in the - case of a Script, HTTP, TCP, or gRPC check. Can be specified in the form of "10s" + case of a Script, HTTP, TCP, UDP, or gRPC check. Can be specified in the form of "10s" or "5m" (i.e., 10 seconds or 5 minutes, respectively). - `OutputMaxSize` `(positive int: 4096)` - Allow to put a maximum size of text @@ -237,6 +237,11 @@ The table below shows this endpoint's support for made to both addresses, and the first successful connection attempt will result in a successful check. +- `UDP` `(string: "")` - Specifies a `UDP` IP address/hostname and port. +The check sends datagrams to the value specified at the interval specified in the `Interval` configuration. +If the datagram is sent successfully or a timeout is returned, the check is set to the `passing` state. +The check is logged as `critical` if the datagram is sent unsuccessfully. + - `TTL` `(duration: 10s)` - Specifies this is a TTL check, and the TTL endpoint must be used periodically to update the state of the check. If the check is not set to passing within the specified duration, then the check will be set to the failed state. diff --git a/website/content/docs/discovery/checks.mdx b/website/content/docs/discovery/checks.mdx index 20aba4b9a..5a2149579 100644 --- a/website/content/docs/discovery/checks.mdx +++ b/website/content/docs/discovery/checks.mdx @@ -85,6 +85,12 @@ There are several different kinds of checks: It is possible to configure a custom TCP check timeout value by specifying the `timeout` field in the check definition. +- `UDP + Interval` - These checks direct the client to periodically send UDP datagrams + to the specified IP/hostname and port. The duration specified in the `interval` field sets the amount of time + between attempts, such as `30s` to indicate 30 seconds. The check is logged as healthy if any response from the UDP server is received. Any other result sets the status to `critical`. + The default interval for, UDP checks is `10s`, but you can configure a custom UDP check timeout value by specifying the + `timeout` field in the check definition. If any timeout on read exists, the check is still considered healthy. + - `Time to Live (TTL)` ((#ttl)) - These checks retain their last known state for a given TTL. The state of the check must be updated periodically over the HTTP interface. If an external system fails to update the status within a given TTL, @@ -243,6 +249,35 @@ check = { +A UDP check: + + + +```hcl +check = { + id = "dns" + name = "DNS UDP on port 53" + udp = "localhost:53" + interval = "10s" + timeout = "1s" +} + +``` + +```json +{ + "check": { + "id": "dns", + "name": "DNS UDP on port 53", + "udp": "localhost:53", + "interval": "10s", + "timeout": "1s" + } +} +``` + + + A TTL check: @@ -429,7 +464,7 @@ used for any interaction with the catalog for the check, including For Alias checks, this token is used if a remote blocking query is necessary to watch the state of the aliased node or service. -Script, TCP, HTTP, Docker, and gRPC checks must include an `interval` field. This +Script, TCP, UDP, HTTP, Docker, and gRPC checks must include an `interval` field. This field is parsed by Go's `time` package, and has the following [formatting specification](https://golang.org/pkg/time/#ParseDuration): diff --git a/website/content/docs/ecs/configuration-reference.mdx b/website/content/docs/ecs/configuration-reference.mdx index 8e39efb93..54b4c2c0f 100644 --- a/website/content/docs/ecs/configuration-reference.mdx +++ b/website/content/docs/ecs/configuration-reference.mdx @@ -82,14 +82,15 @@ Defines the Consul checks for the service. Each check may contain these fields. | `h2pingUseTls` | `boolean` | optional | Specifies whether TLS is used for an h2ping check. | | `header` | `object` | optional | Specifies a set of headers that should be set for HTTP checks. Each header can have multiple values. | | `http` | `string` | optional | Specifies this is an HTTP check. Must be a URL against which request is performed every `interval`. | -| `interval` | `string` | optional | Specifies the frequency at which to run this check. Required for HTTP and TCP checks. | +| `interval` | `string` | optional | Specifies the frequency at which to run this check. Required for HTTP, TCP, and UDP checks. | | `method` | `string` | optional | Specifies the HTTP method to be used for an HTTP check. When no value is specified, `GET` is used. | | `name` | `string` | optional | The name of the check. | | `notes` | `string` | optional | Specifies arbitrary information for humans. This is not used by Consul internally. | | `status` | `string` | optional | Specifies the initial status the health check. Must be one of `passing`, `warning`, `critical`, `maintenance`, or`null`. | | `successBeforePassing` | `integer` | optional | Specifies the number of consecutive successful results required before check status transitions to passing. | | `tcp` | `string` | optional | Specifies this is a TCP check. Must be an IP/hostname plus port to which a TCP connection is made every `interval`. | -| `timeout` | `string` | optional | Specifies a timeout for outgoing connections in the case of a Script, HTTP, TCP, or gRPC check. Must be a duration string, such as `10s` or `5m`. | +| `udp` | `string` | optional | Specifies this is a UDP check. Must be an IP/hostname plus port to which UDP datagrams are sent every `interval`. | +| `timeout` | `string` | optional | Specifies a timeout for outgoing connections. Applies to script, HTTP, TCP, UDP, and gRPC checks. Must be a duration string, such as `10s` or `5m`. | | `tlsServerName` | `string` | optional | Specifies an optional string used to set the SNI host when connecting via TLS. | | `tlsSkipVerify` | `boolean` | optional | Specifies if the certificate for an HTTPS check should not be verified. | | `ttl` | `string` | optional | Specifies this is a TTL check. Must be a duration string, such as `10s` or `5m`. | From 0681f3571d96b778598daf3df06193ec1faf396d Mon Sep 17 00:00:00 2001 From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com> Date: Mon, 6 Jun 2022 14:20:41 -0500 Subject: [PATCH 459/785] peering: allow mesh gateways to proxy L4 peered traffic (#13339) Mesh gateways will now enable tcp connections with SNI names including peering information so that those connections may be proxied. Note: this does not change the callers to use these mesh gateways. --- agent/agent.go | 3 + agent/cache-types/exported_peered_services.go | 51 ++++++ .../exported_peered_services_test.go | 69 ++++++++ agent/consul/acl.go | 10 ++ agent/consul/internal_endpoint.go | 33 ++++ agent/consul/state/peering.go | 27 ++++ agent/proxycfg-glue/glue.go | 6 + agent/proxycfg/data_sources.go | 10 ++ agent/proxycfg/mesh_gateway.go | 108 +++++++++++++ agent/proxycfg/snapshot.go | 47 +++++- agent/proxycfg/state.go | 1 + agent/proxycfg/state_test.go | 27 +++- agent/proxycfg/testing.go | 1 + agent/proxycfg/testing_mesh_gateway.go | 53 +++++++ agent/rpc/peering/subscription_manager.go | 7 + agent/structs/peering.go | 5 + agent/xds/listeners.go | 53 +++++++ agent/xds/listeners_test.go | 6 + ...ith-exported-peered-services.latest.golden | 147 ++++++++++++++++++ 19 files changed, 656 insertions(+), 8 deletions(-) create mode 100644 agent/cache-types/exported_peered_services.go create mode 100644 agent/cache-types/exported_peered_services_test.go create mode 100644 agent/xds/testdata/listeners/mesh-gateway-with-exported-peered-services.latest.golden diff --git a/agent/agent.go b/agent/agent.go index 2056c8a5e..f0b345f95 100644 --- a/agent/agent.go +++ b/agent/agent.go @@ -651,6 +651,7 @@ func (a *Agent) Start(ctx context.Context) error { ServiceList: proxycfgglue.CacheServiceList(a.cache), TrustBundle: proxycfgglue.CacheTrustBundle(a.cache), TrustBundleList: proxycfgglue.CacheTrustBundleList(a.cache), + ExportedPeeredServices: proxycfgglue.CacheExportedPeeredServices(a.cache), } a.fillEnterpriseProxyDataSources(&proxyDataSources) a.proxyConfig, err = proxycfg.NewManager(proxycfg.ManagerConfig{ @@ -4136,6 +4137,8 @@ func (a *Agent) registerCache() { a.cache.RegisterType(cachetype.TrustBundleReadName, &cachetype.TrustBundle{Client: a.rpcClientPeering}) + a.cache.RegisterType(cachetype.ExportedPeeredServicesName, &cachetype.ExportedPeeredServices{RPC: a}) + a.cache.RegisterType(cachetype.FederationStateListMeshGatewaysName, &cachetype.FederationStateListMeshGateways{RPC: a}) diff --git a/agent/cache-types/exported_peered_services.go b/agent/cache-types/exported_peered_services.go new file mode 100644 index 000000000..02bc46a4c --- /dev/null +++ b/agent/cache-types/exported_peered_services.go @@ -0,0 +1,51 @@ +package cachetype + +import ( + "fmt" + + "github.com/hashicorp/consul/agent/cache" + "github.com/hashicorp/consul/agent/structs" +) + +// Recommended name for registration. +const ExportedPeeredServicesName = "exported-peered-services" + +type ExportedPeeredServices struct { + RegisterOptionsBlockingRefresh + RPC RPC +} + +func (c *ExportedPeeredServices) Fetch(opts cache.FetchOptions, req cache.Request) (cache.FetchResult, error) { + var result cache.FetchResult + + // The request should be a DCSpecificRequest. + reqReal, ok := req.(*structs.DCSpecificRequest) + if !ok { + return result, fmt.Errorf( + "Internal cache failure: request wrong type: %T", req) + } + + // Lightweight copy this object so that manipulating QueryOptions doesn't race. + dup := *reqReal + reqReal = &dup + + // Set the minimum query index to our current index so we block + reqReal.QueryOptions.MinQueryIndex = opts.MinIndex + reqReal.QueryOptions.MaxQueryTime = opts.Timeout + + // Always allow stale - there's no point in hitting leader if the request is + // going to be served from cache and end up arbitrarily stale anyway. This + // allows cached service-discover to automatically read scale across all + // servers too. + reqReal.AllowStale = true + + // Fetch + var reply structs.IndexedExportedServiceList + if err := c.RPC.RPC("Internal.ExportedPeeredServices", reqReal, &reply); err != nil { + return result, err + } + + result.Value = &reply + result.Index = reply.QueryMeta.Index + return result, nil +} diff --git a/agent/cache-types/exported_peered_services_test.go b/agent/cache-types/exported_peered_services_test.go new file mode 100644 index 000000000..74b0cd7b3 --- /dev/null +++ b/agent/cache-types/exported_peered_services_test.go @@ -0,0 +1,69 @@ +package cachetype + +import ( + "testing" + "time" + + "github.com/stretchr/testify/mock" + "github.com/stretchr/testify/require" + + "github.com/hashicorp/consul/agent/cache" + "github.com/hashicorp/consul/agent/structs" +) + +func TestExportedPeeredServices(t *testing.T) { + rpc := TestRPC(t) + typ := &ExportedPeeredServices{RPC: rpc} + + // Expect the proper RPC call. This also sets the expected value + // since that is return-by-pointer in the arguments. + var resp *structs.IndexedExportedServiceList + rpc.On("RPC", "Internal.ExportedPeeredServices", mock.Anything, mock.Anything).Return(nil). + Run(func(args mock.Arguments) { + req := args.Get(1).(*structs.DCSpecificRequest) + require.Equal(t, uint64(24), req.QueryOptions.MinQueryIndex) + require.Equal(t, 1*time.Second, req.QueryOptions.MaxQueryTime) + require.True(t, req.AllowStale) + + reply := args.Get(2).(*structs.IndexedExportedServiceList) + reply.Services = map[string]structs.ServiceList{ + "my-peer": { + structs.ServiceName{ + Name: "foo", + }, + structs.ServiceName{ + Name: "bar", + }, + }, + } + reply.QueryMeta.Index = 48 + resp = reply + }) + + // Fetch + resultA, err := typ.Fetch(cache.FetchOptions{ + MinIndex: 24, + Timeout: 1 * time.Second, + }, &structs.DCSpecificRequest{ + Datacenter: "dc1", + }) + require.NoError(t, err) + require.Equal(t, cache.FetchResult{ + Value: resp, + Index: 48, + }, resultA) + + rpc.AssertExpectations(t) +} + +func TestExportedPeeredServices_badReqType(t *testing.T) { + rpc := TestRPC(t) + typ := &ExportedPeeredServices{RPC: rpc} + + // Fetch + _, err := typ.Fetch(cache.FetchOptions{}, cache.TestRequest( + t, cache.RequestInfo{Key: "foo", MinIndex: 64})) + require.Error(t, err) + require.Contains(t, err.Error(), "wrong type") + rpc.AssertExpectations(t) +} diff --git a/agent/consul/acl.go b/agent/consul/acl.go index 8543b7f51..efa9b2665 100644 --- a/agent/consul/acl.go +++ b/agent/consul/acl.go @@ -1940,6 +1940,16 @@ func filterACLWithAuthorizer(logger hclog.Logger, authorizer acl.Authorizer, sub case *structs.IndexedServiceList: v.QueryMeta.ResultsFilteredByACLs = filt.filterServiceList(&v.Services) + case *structs.IndexedExportedServiceList: + for peer, peerServices := range v.Services { + v.QueryMeta.ResultsFilteredByACLs = filt.filterServiceList(&peerServices) + if len(peerServices) == 0 { + delete(v.Services, peer) + } else { + v.Services[peer] = peerServices + } + } + case *structs.IndexedGatewayServices: v.QueryMeta.ResultsFilteredByACLs = filt.filterGatewayServices(&v.Services) diff --git a/agent/consul/internal_endpoint.go b/agent/consul/internal_endpoint.go index 718002889..20169562d 100644 --- a/agent/consul/internal_endpoint.go +++ b/agent/consul/internal_endpoint.go @@ -435,6 +435,39 @@ func (m *Internal) GatewayIntentions(args *structs.IntentionQueryRequest, reply ) } +// ExportedPeeredServices is used to query the exported services for peers. +// Returns services as a map of ServiceNames by peer. +func (m *Internal) ExportedPeeredServices(args *structs.DCSpecificRequest, reply *structs.IndexedExportedServiceList) error { + if done, err := m.srv.ForwardRPC("Internal.ExportedPeeredServices", args, reply); done { + return err + } + + authz, err := m.srv.ResolveTokenAndDefaultMeta(args.Token, &args.EnterpriseMeta, nil) + if err != nil { + return err + } + + if err := m.srv.validateEnterpriseRequest(&args.EnterpriseMeta, false); err != nil { + return err + } + + // TODO(peering): acls: mesh gateway needs appropriate wildcard service:read + + return m.srv.blockingQuery( + &args.QueryOptions, + &reply.QueryMeta, + func(ws memdb.WatchSet, state *state.Store) error { + index, serviceMap, err := state.ExportedServicesForAllPeersByName(ws, args.EnterpriseMeta) + if err != nil { + return err + } + + reply.Index, reply.Services = index, serviceMap + m.srv.filterACLWithAuthorizer(authz, reply) + return nil + }) +} + // EventFire is a bit of an odd endpoint, but it allows for a cross-DC RPC // call to fire an event. The primary use case is to enable user events being // triggered in a remote DC. diff --git a/agent/consul/state/peering.go b/agent/consul/state/peering.go index d18d0ab80..f53ce6081 100644 --- a/agent/consul/state/peering.go +++ b/agent/consul/state/peering.go @@ -310,6 +310,33 @@ func (s *Store) ExportedServicesForPeer(ws memdb.WatchSet, peerID string) (uint6 return s.exportedServicesForPeerTxn(ws, tx, peering) } +func (s *Store) ExportedServicesForAllPeersByName(ws memdb.WatchSet, entMeta acl.EnterpriseMeta) (uint64, map[string]structs.ServiceList, error) { + tx := s.db.ReadTxn() + defer tx.Abort() + + maxIdx, peerings, err := s.peeringListTxn(ws, tx, entMeta) + if err != nil { + return 0, nil, fmt.Errorf("failed to list peerings: %w", err) + } + + out := make(map[string]structs.ServiceList) + for _, peering := range peerings { + idx, list, err := s.exportedServicesForPeerTxn(ws, tx, peering) + if err != nil { + return 0, nil, fmt.Errorf("failed to list exported services for peer %q: %w", peering.ID, err) + } + if idx > maxIdx { + maxIdx = idx + } + m := list.ListAllDiscoveryChains() + if len(m) > 0 { + out[peering.Name] = maps.SliceOfKeys(m) + } + } + + return maxIdx, out, nil +} + func (s *Store) exportedServicesForPeerTxn(ws memdb.WatchSet, tx ReadTxn, peering *pbpeering.Peering) (uint64, *structs.ExportedServiceList, error) { maxIdx := peering.ModifyIndex diff --git a/agent/proxycfg-glue/glue.go b/agent/proxycfg-glue/glue.go index 5538aab5b..c047da48f 100644 --- a/agent/proxycfg-glue/glue.go +++ b/agent/proxycfg-glue/glue.go @@ -113,6 +113,12 @@ func CacheTrustBundleList(c *cache.Cache) proxycfg.TrustBundleList { return &cacheProxyDataSource[*pbpeering.TrustBundleListByServiceRequest]{c, cachetype.TrustBundleListName} } +// CacheExportedPeeredServices satisfies the proxycfg.ExportedPeeredServices +// interface by sourcing data from the agent cache. +func CacheExportedPeeredServices(c *cache.Cache) proxycfg.ExportedPeeredServices { + return &cacheProxyDataSource[*structs.DCSpecificRequest]{c, cachetype.ExportedPeeredServicesName} +} + // cacheProxyDataSource implements a generic wrapper around the agent cache to // provide data to the proxycfg.Manager. type cacheProxyDataSource[ReqType cache.Request] struct { diff --git a/agent/proxycfg/data_sources.go b/agent/proxycfg/data_sources.go index c454c2052..5e2da0ad2 100644 --- a/agent/proxycfg/data_sources.go +++ b/agent/proxycfg/data_sources.go @@ -86,6 +86,10 @@ type DataSources struct { // peered clusters that the given proxy is exported to. TrustBundleList TrustBundleList + // ExportedPeeredServices provides updates about the list of all exported + // services in a datacenter on a notification channel. + ExportedPeeredServices ExportedPeeredServices + DataSourcesEnterprise } @@ -195,3 +199,9 @@ type TrustBundle interface { type TrustBundleList interface { Notify(ctx context.Context, req *pbpeering.TrustBundleListByServiceRequest, correlationID string, ch chan<- UpdateEvent) error } + +// ExportedPeeredServices is the interface used to consume updates about the +// list of all services exported to peers in a datacenter. +type ExportedPeeredServices interface { + Notify(ctx context.Context, req *structs.DCSpecificRequest, correlationID string, ch chan<- UpdateEvent) error +} diff --git a/agent/proxycfg/mesh_gateway.go b/agent/proxycfg/mesh_gateway.go index 45b80b552..725c1c0c7 100644 --- a/agent/proxycfg/mesh_gateway.go +++ b/agent/proxycfg/mesh_gateway.go @@ -3,10 +3,12 @@ package proxycfg import ( "context" "fmt" + "sort" "strings" "time" "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/lib/maps" "github.com/hashicorp/consul/logging" ) @@ -67,12 +69,26 @@ func (s *handlerMeshGateway) initialize(ctx context.Context) (ConfigSnapshot, er return snap, err } + // Watch for all exported services from this mesh gateway's partition in any peering. + err = s.dataSources.ExportedPeeredServices.Notify(ctx, &structs.DCSpecificRequest{ + Datacenter: s.source.Datacenter, + QueryOptions: structs.QueryOptions{Token: s.token}, + Source: *s.source, + EnterpriseMeta: s.proxyID.EnterpriseMeta, + }, exportedServiceListWatchID, s.ch) + if err != nil { + return snap, err + } + snap.MeshGateway.WatchedServices = make(map[structs.ServiceName]context.CancelFunc) snap.MeshGateway.WatchedGateways = make(map[string]context.CancelFunc) snap.MeshGateway.ServiceGroups = make(map[structs.ServiceName]structs.CheckServiceNodes) snap.MeshGateway.GatewayGroups = make(map[string]structs.CheckServiceNodes) snap.MeshGateway.ServiceResolvers = make(map[structs.ServiceName]*structs.ServiceResolverConfigEntry) snap.MeshGateway.HostnameDatacenters = make(map[string]structs.CheckServiceNodes) + snap.MeshGateway.ExportedServicesWithPeers = make(map[structs.ServiceName][]string) + snap.MeshGateway.DiscoveryChain = make(map[structs.ServiceName]*structs.CompiledDiscoveryChain) + snap.MeshGateway.WatchedDiscoveryChains = make(map[structs.ServiceName]context.CancelFunc) // there is no need to initialize the map of service resolvers as we // fully rebuild it every time we get updates @@ -295,6 +311,80 @@ func (s *handlerMeshGateway) handleUpdate(ctx context.Context, u UpdateEvent, sn snap.MeshGateway.ConsulServers = resp.Nodes + case exportedServiceListWatchID: + exportedServices, ok := u.Result.(*structs.IndexedExportedServiceList) + if !ok { + return fmt.Errorf("invalid type for response: %T", u.Result) + } + + seenServices := make(map[structs.ServiceName][]string) // svc -> peername slice + for peerName, services := range exportedServices.Services { + for _, svc := range services { + seenServices[svc] = append(seenServices[svc], peerName) + } + } + // Sort the peer names so ultimately xDS has a stable output. + for svc := range seenServices { + sort.Strings(seenServices[svc]) + } + peeredServiceList := maps.SliceOfKeys(seenServices) + structs.ServiceList(peeredServiceList).Sort() + + snap.MeshGateway.ExportedServicesSlice = peeredServiceList + snap.MeshGateway.ExportedServicesWithPeers = seenServices + snap.MeshGateway.WatchedExportedServices = exportedServices.Services + snap.MeshGateway.WatchedExportedServicesSet = true + + // For each service that we should be exposing, also watch disco chains + // in the same manner as an ingress gateway would. + + for _, svc := range snap.MeshGateway.ExportedServicesSlice { + if _, ok := snap.MeshGateway.WatchedDiscoveryChains[svc]; ok { + continue + } + + ctx, cancel := context.WithCancel(ctx) + err := s.dataSources.CompiledDiscoveryChain.Notify(ctx, &structs.DiscoveryChainRequest{ + Datacenter: s.source.Datacenter, + QueryOptions: structs.QueryOptions{Token: s.token}, + Name: svc.Name, + EvaluateInDatacenter: s.source.Datacenter, + EvaluateInNamespace: svc.NamespaceOrDefault(), + EvaluateInPartition: svc.PartitionOrDefault(), + }, "discovery-chain:"+svc.String(), s.ch) + if err != nil { + meshLogger.Error("failed to register watch for discovery chain", + "service", svc.String(), + "error", err, + ) + cancel() + return err + } + + snap.MeshGateway.WatchedDiscoveryChains[svc] = cancel + } + + // Clean up data from services that were not in the update + + for svc, cancelFn := range snap.MeshGateway.WatchedDiscoveryChains { + if _, ok := seenServices[svc]; !ok { + cancelFn() + delete(snap.MeshGateway.WatchedDiscoveryChains, svc) + } + } + + // These entries are intentionally handled separately from the + // WatchedDiscoveryChains above. There have been situations where a + // discovery watch was cancelled, then fired. That update event then + // re-populated the DiscoveryChain map entry, which wouldn't get + // cleaned up since there was no known watch for it. + + for svc := range snap.MeshGateway.DiscoveryChain { + if _, ok := seenServices[svc]; !ok { + delete(snap.MeshGateway.DiscoveryChain, svc) + } + } + default: switch { case strings.HasPrefix(u.CorrelationID, "connect-service:"): @@ -330,6 +420,24 @@ func (s *handlerMeshGateway) handleUpdate(ctx context.Context, u UpdateEvent, sn ) } + case strings.HasPrefix(u.CorrelationID, "discovery-chain:"): + resp, ok := u.Result.(*structs.DiscoveryChainResponse) + if !ok { + return fmt.Errorf("invalid type for response: %T", u.Result) + } + svcString := strings.TrimPrefix(u.CorrelationID, "discovery-chain:") + svc := structs.ServiceNameFromString(svcString) + + if !snap.MeshGateway.IsServiceExported(svc) { + delete(snap.MeshGateway.DiscoveryChain, svc) + s.logger.Trace("discovery-chain watch fired for unknown service", "service", svc) + return nil + } + + snap.MeshGateway.DiscoveryChain[svc] = resp.Chain + + // TODO(peering): we need to do this if we are going to setup a cross-partition or cross-datacenter target + default: if err := s.handleEntUpdate(meshLogger, ctx, u, snap); err != nil { return err diff --git a/agent/proxycfg/snapshot.go b/agent/proxycfg/snapshot.go index 02cdf0580..1bcf05f88 100644 --- a/agent/proxycfg/snapshot.go +++ b/agent/proxycfg/snapshot.go @@ -331,6 +331,33 @@ type configSnapshotMeshGateway struct { // HostnameDatacenters is a map of datacenters to mesh gateway instances with a hostname as the address. // If hostnames are configured they must be provided to Envoy via CDS not EDS. HostnameDatacenters map[string]structs.CheckServiceNodes + + // TODO(peering): + ExportedServicesSlice []structs.ServiceName + + // TODO(peering): svc -> peername slice + ExportedServicesWithPeers map[structs.ServiceName][]string + + // TODO(peering): discard this maybe + WatchedExportedServices map[string]structs.ServiceList + + // TODO(peering): + WatchedExportedServicesSet bool + + // TODO(peering): + DiscoveryChain map[structs.ServiceName]*structs.CompiledDiscoveryChain + + // TODO(peering): + WatchedDiscoveryChains map[structs.ServiceName]context.CancelFunc +} + +func (c *configSnapshotMeshGateway) IsServiceExported(svc structs.ServiceName) bool { + if c == nil || len(c.ExportedServicesWithPeers) == 0 { + return false + } + + _, ok := c.ExportedServicesWithPeers[svc] + return ok } func (c *configSnapshotMeshGateway) GatewayKeys() []GatewayKey { @@ -376,7 +403,22 @@ func (c *configSnapshotMeshGateway) isEmpty() bool { len(c.GatewayGroups) == 0 && len(c.FedStateGateways) == 0 && len(c.ConsulServers) == 0 && - len(c.HostnameDatacenters) == 0 + len(c.HostnameDatacenters) == 0 && + c.isEmptyPeering() +} + +// isEmptyPeering is a test helper +func (c *configSnapshotMeshGateway) isEmptyPeering() bool { + if c == nil { + return true + } + + return len(c.ExportedServicesSlice) == 0 && + len(c.ExportedServicesWithPeers) == 0 && + len(c.WatchedExportedServices) == 0 && + !c.WatchedExportedServicesSet && + len(c.DiscoveryChain) == 0 && + len(c.WatchedDiscoveryChains) == 0 } type configSnapshotIngressGateway struct { @@ -496,7 +538,8 @@ func (s *ConfigSnapshot) Valid() bool { } } return s.Roots != nil && - (s.MeshGateway.WatchedServicesSet || len(s.MeshGateway.ServiceGroups) > 0) + (s.MeshGateway.WatchedServicesSet || len(s.MeshGateway.ServiceGroups) > 0) && + s.MeshGateway.WatchedExportedServicesSet case structs.ServiceKindIngressGateway: return s.Roots != nil && diff --git a/agent/proxycfg/state.go b/agent/proxycfg/state.go index 7b27e1dd7..9fc5c88f6 100644 --- a/agent/proxycfg/state.go +++ b/agent/proxycfg/state.go @@ -37,6 +37,7 @@ const ( serviceIntentionsIDPrefix = "service-intentions:" intentionUpstreamsID = "intention-upstreams" upstreamPeerWatchIDPrefix = "upstream-peer:" + exportedServiceListWatchID = "exported-service-list" meshConfigEntryID = "mesh" svcChecksWatchIDPrefix = cachetype.ServiceHTTPChecksName + ":" preparedQueryIDPrefix = string(structs.UpstreamDestTypePreparedQuery) + ":" diff --git a/agent/proxycfg/state_test.go b/agent/proxycfg/state_test.go index a449a9973..b95e41b04 100644 --- a/agent/proxycfg/state_test.go +++ b/agent/proxycfg/state_test.go @@ -136,6 +136,7 @@ func recordWatches(sc *stateConfig) *watchRecorder { ServiceList: typedWatchRecorder[*structs.DCSpecificRequest]{wr}, TrustBundle: typedWatchRecorder[*pbpeering.TrustBundleReadRequest]{wr}, TrustBundleList: typedWatchRecorder[*pbpeering.TrustBundleListByServiceRequest]{wr}, + ExportedPeeredServices: typedWatchRecorder[*structs.DCSpecificRequest]{wr}, } recordWatchesEnterprise(sc, wr) @@ -725,9 +726,10 @@ func TestState_WatchesAndUpdates(t *testing.T) { stages: []verificationStage{ { requiredWatches: map[string]verifyWatchRequest{ - datacentersWatchID: verifyDatacentersWatch, - serviceListWatchID: genVerifyDCSpecificWatch("dc1"), - rootsWatchID: genVerifyDCSpecificWatch("dc1"), + datacentersWatchID: verifyDatacentersWatch, + serviceListWatchID: genVerifyDCSpecificWatch("dc1"), + rootsWatchID: genVerifyDCSpecificWatch("dc1"), + exportedServiceListWatchID: genVerifyDCSpecificWatch("dc1"), }, verifySnapshot: func(t testing.TB, snap *ConfigSnapshot) { require.False(t, snap.Valid(), "gateway without root is not valid") @@ -737,6 +739,12 @@ func TestState_WatchesAndUpdates(t *testing.T) { { events: []UpdateEvent{ rootWatchEvent(), + { + CorrelationID: exportedServiceListWatchID, + Result: &structs.IndexedExportedServiceList{ + Services: nil, + }, + }, }, verifySnapshot: func(t testing.TB, snap *ConfigSnapshot) { require.False(t, snap.Valid(), "gateway without services is valid") @@ -786,12 +794,19 @@ func TestState_WatchesAndUpdates(t *testing.T) { stages: []verificationStage{ { requiredWatches: map[string]verifyWatchRequest{ - datacentersWatchID: verifyDatacentersWatch, - serviceListWatchID: genVerifyDCSpecificWatch("dc1"), - rootsWatchID: genVerifyDCSpecificWatch("dc1"), + datacentersWatchID: verifyDatacentersWatch, + serviceListWatchID: genVerifyDCSpecificWatch("dc1"), + rootsWatchID: genVerifyDCSpecificWatch("dc1"), + exportedServiceListWatchID: genVerifyDCSpecificWatch("dc1"), }, events: []UpdateEvent{ rootWatchEvent(), + { + CorrelationID: exportedServiceListWatchID, + Result: &structs.IndexedExportedServiceList{ + Services: nil, + }, + }, { CorrelationID: serviceListWatchID, Result: &structs.IndexedServiceList{ diff --git a/agent/proxycfg/testing.go b/agent/proxycfg/testing.go index 77eb84eb0..f032a86e7 100644 --- a/agent/proxycfg/testing.go +++ b/agent/proxycfg/testing.go @@ -721,6 +721,7 @@ func testConfigSnapshotFixture( ServiceList: &noopDataSource[*structs.DCSpecificRequest]{}, TrustBundle: &noopDataSource[*pbpeering.TrustBundleReadRequest]{}, TrustBundleList: &noopDataSource[*pbpeering.TrustBundleListByServiceRequest]{}, + ExportedPeeredServices: &noopDataSource[*structs.DCSpecificRequest]{}, }, dnsConfig: DNSConfig{ // TODO: make configurable Domain: "consul", diff --git a/agent/proxycfg/testing_mesh_gateway.go b/agent/proxycfg/testing_mesh_gateway.go index c5baaea2f..270816127 100644 --- a/agent/proxycfg/testing_mesh_gateway.go +++ b/agent/proxycfg/testing_mesh_gateway.go @@ -5,7 +5,10 @@ import ( "time" "github.com/mitchellh/go-testing-interface" + "github.com/stretchr/testify/assert" + "github.com/hashicorp/consul/agent/connect" + "github.com/hashicorp/consul/agent/consul/discoverychain" "github.com/hashicorp/consul/agent/structs" ) @@ -20,6 +23,50 @@ func TestConfigSnapshotMeshGateway(t testing.T, variant string, nsFn func(ns *st switch variant { case "default": + case "peered-services": + var ( + fooSN = structs.NewServiceName("foo", nil) + barSN = structs.NewServiceName("bar", nil) + girSN = structs.NewServiceName("gir", nil) + + fooChain = discoverychain.TestCompileConfigEntries(t, "foo", "default", "default", "dc1", connect.TestClusterID+".consul", nil) + barChain = discoverychain.TestCompileConfigEntries(t, "bar", "default", "default", "dc1", connect.TestClusterID+".consul", nil) + girChain = discoverychain.TestCompileConfigEntries(t, "gir", "default", "default", "dc1", connect.TestClusterID+".consul", nil) + ) + + assert.True(t, fooChain.Default) + assert.True(t, barChain.Default) + assert.True(t, girChain.Default) + + extraUpdates = append(extraUpdates, + UpdateEvent{ + CorrelationID: exportedServiceListWatchID, + Result: &structs.IndexedExportedServiceList{ + Services: map[string]structs.ServiceList{ + "peer1": []structs.ServiceName{fooSN, barSN}, + "peer2": []structs.ServiceName{girSN}, + }, + }, + }, + UpdateEvent{ + CorrelationID: "discovery-chain:" + fooSN.String(), + Result: &structs.DiscoveryChainResponse{ + Chain: fooChain, + }, + }, + UpdateEvent{ + CorrelationID: "discovery-chain:" + barSN.String(), + Result: &structs.DiscoveryChainResponse{ + Chain: barChain, + }, + }, + UpdateEvent{ + CorrelationID: "discovery-chain:" + girSN.String(), + Result: &structs.DiscoveryChainResponse{ + Chain: girChain, + }, + }, + ) case "federation-states": populateServices = true useFederationStates = true @@ -257,6 +304,12 @@ func TestConfigSnapshotMeshGateway(t testing.T, variant string, nsFn func(ns *st CorrelationID: rootsWatchID, Result: roots, }, + { + CorrelationID: exportedServiceListWatchID, + Result: &structs.IndexedExportedServiceList{ + Services: nil, + }, + }, { CorrelationID: serviceListWatchID, Result: &structs.IndexedServiceList{ diff --git a/agent/rpc/peering/subscription_manager.go b/agent/rpc/peering/subscription_manager.go index 0c00a2ca7..42409fd14 100644 --- a/agent/rpc/peering/subscription_manager.go +++ b/agent/rpc/peering/subscription_manager.go @@ -181,6 +181,13 @@ func (m *subscriptionManager) handleEvent(ctx context.Context, state *subscripti // skip checks since we just generated one from scratch } + // Scrub raft indexes + for _, instance := range csn.Nodes { + instance.Node.RaftIndex = nil + instance.Service.RaftIndex = nil + // skip checks since we just generated one from scratch + } + id := servicePayloadIDPrefix + strings.TrimPrefix(u.CorrelationID, subExportedService) // Just ferry this one directly along to the destination. diff --git a/agent/structs/peering.go b/agent/structs/peering.go index 1cf74bdaa..70a59c486 100644 --- a/agent/structs/peering.go +++ b/agent/structs/peering.go @@ -8,6 +8,11 @@ type PeeringToken struct { PeerID string } +type IndexedExportedServiceList struct { + Services map[string]ServiceList + QueryMeta +} + // NOTE: this is not serialized via msgpack so it can be changed without concern. type ExportedServiceList struct { // Services is a list of exported services that apply to both standard diff --git a/agent/xds/listeners.go b/agent/xds/listeners.go index bcbf28063..2c66ba3a0 100644 --- a/agent/xds/listeners.go +++ b/agent/xds/listeners.go @@ -1371,6 +1371,59 @@ func (s *ResourceGenerator) makeMeshGatewayListener(name, addr string, port int, l := makePortListener(name, addr, port, envoy_core_v3.TrafficDirection_UNSPECIFIED) l.ListenerFilters = []*envoy_listener_v3.ListenerFilter{tlsInspector} + // Add in TCP filter chains for plain peered passthrough. + // + // TODO(peering): make this work for L7 as well + // TODO(peering): make failover work + for _, svc := range cfgSnap.MeshGateway.ExportedServicesSlice { + peerNames, ok := cfgSnap.MeshGateway.ExportedServicesWithPeers[svc] + if !ok { + continue // not possible + } + chain, ok := cfgSnap.MeshGateway.DiscoveryChain[svc] + if !ok { + continue // ignore; not ready + } + + if structs.IsProtocolHTTPLike(chain.Protocol) { + continue // temporary skip + } + + target, err := simpleChainTarget(chain) + if err != nil { + return nil, err + } + clusterName := CustomizeClusterName(target.Name, chain) + + filterName := fmt.Sprintf("%s.%s.%s.%s", chain.ServiceName, chain.Namespace, chain.Partition, chain.Datacenter) + + dcTCPProxy, err := makeTCPProxyFilter(filterName, clusterName, "mesh_gateway_local_peered.") + if err != nil { + return nil, err + } + + var peeredServerNames []string + for _, peerName := range peerNames { + peeredSNI := connect.PeeredServiceSNI( + svc.Name, + svc.NamespaceOrDefault(), + svc.PartitionOrDefault(), + peerName, + cfgSnap.Roots.TrustDomain, + ) + peeredServerNames = append(peeredServerNames, peeredSNI) + } + + l.FilterChains = append(l.FilterChains, &envoy_listener_v3.FilterChain{ + FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + ServerNames: peeredServerNames, + }, + Filters: []*envoy_listener_v3.Filter{ + dcTCPProxy, + }, + }) + } + // We need 1 Filter Chain per remote cluster keys := cfgSnap.MeshGateway.GatewayKeys() for _, key := range keys { diff --git a/agent/xds/listeners_test.go b/agent/xds/listeners_test.go index 39d779d21..d1c3cdf16 100644 --- a/agent/xds/listeners_test.go +++ b/agent/xds/listeners_test.go @@ -476,6 +476,12 @@ func TestListenersFromSnapshot(t *testing.T) { return proxycfg.TestConfigSnapshotMeshGateway(t, "no-services", nil, nil) }, }, + { + name: "mesh-gateway-with-exported-peered-services", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotMeshGateway(t, "peered-services", nil, nil) + }, + }, { name: "mesh-gateway-tagged-addresses", create: func(t testinf.T) *proxycfg.ConfigSnapshot { diff --git a/agent/xds/testdata/listeners/mesh-gateway-with-exported-peered-services.latest.golden b/agent/xds/testdata/listeners/mesh-gateway-with-exported-peered-services.latest.golden new file mode 100644 index 000000000..287bc4aa5 --- /dev/null +++ b/agent/xds/testdata/listeners/mesh-gateway-with-exported-peered-services.latest.golden @@ -0,0 +1,147 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "name": "default:1.2.3.4:8443", + "address": { + "socketAddress": { + "address": "1.2.3.4", + "portValue": 8443 + } + }, + "filterChains": [ + { + "filterChainMatch": { + "serverNames": [ + "bar.default.default.peer1.external.11111111-2222-3333-4444-555555555555.consul" + ] + }, + "filters": [ + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "mesh_gateway_local_peered.bar.default.default.dc1", + "cluster": "bar.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + } + } + ] + }, + { + "filterChainMatch": { + "serverNames": [ + "foo.default.default.peer1.external.11111111-2222-3333-4444-555555555555.consul" + ] + }, + "filters": [ + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "mesh_gateway_local_peered.foo.default.default.dc1", + "cluster": "foo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + } + } + ] + }, + { + "filterChainMatch": { + "serverNames": [ + "gir.default.default.peer2.external.11111111-2222-3333-4444-555555555555.consul" + ] + }, + "filters": [ + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "mesh_gateway_local_peered.gir.default.default.dc1", + "cluster": "gir.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + } + } + ] + }, + { + "filterChainMatch": { + "serverNames": [ + "*.dc2.internal.11111111-2222-3333-4444-555555555555.consul" + ] + }, + "filters": [ + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "mesh_gateway_remote.default.dc2", + "cluster": "dc2.internal.11111111-2222-3333-4444-555555555555.consul" + } + } + ] + }, + { + "filterChainMatch": { + "serverNames": [ + "*.dc4.internal.11111111-2222-3333-4444-555555555555.consul" + ] + }, + "filters": [ + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "mesh_gateway_remote.default.dc4", + "cluster": "dc4.internal.11111111-2222-3333-4444-555555555555.consul" + } + } + ] + }, + { + "filterChainMatch": { + "serverNames": [ + "*.dc6.internal.11111111-2222-3333-4444-555555555555.consul" + ] + }, + "filters": [ + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "mesh_gateway_remote.default.dc6", + "cluster": "dc6.internal.11111111-2222-3333-4444-555555555555.consul" + } + } + ] + }, + { + "filters": [ + { + "name": "envoy.filters.network.sni_cluster", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster" + } + }, + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "mesh_gateway_local.default", + "cluster": "" + } + } + ] + } + ], + "listenerFilters": [ + { + "name": "envoy.filters.listener.tls_inspector", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" + } + } + ] + } + ], + "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", + "nonce": "00000001" +} \ No newline at end of file From db48b4f5a2f9d9560e8d152388287cd09e0a8efe Mon Sep 17 00:00:00 2001 From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com> Date: Mon, 6 Jun 2022 16:06:39 -0500 Subject: [PATCH 460/785] test: break dep on main consul module (#13373) The main consul module is not a great library and complicates some oss/ent module issues. This undoes #13371 --- test/integration/consul-container/go.mod | 3 - test/integration/consul-container/go.sum | 10 +-- .../consul-container/libs/utils/retry.go | 75 +++++++++++++++++++ .../consul-container/metrics/leader_test.go | 3 +- 4 files changed, 81 insertions(+), 10 deletions(-) create mode 100644 test/integration/consul-container/libs/utils/retry.go diff --git a/test/integration/consul-container/go.mod b/test/integration/consul-container/go.mod index 980e82602..b5a7b1738 100644 --- a/test/integration/consul-container/go.mod +++ b/test/integration/consul-container/go.mod @@ -4,7 +4,6 @@ go 1.18 require ( github.com/docker/docker v20.10.11+incompatible - github.com/hashicorp/consul v1.12.1 github.com/hashicorp/consul/api v1.11.0 github.com/hashicorp/consul/sdk v0.8.0 github.com/hashicorp/go-uuid v1.0.2 @@ -60,8 +59,6 @@ require ( gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect ) -replace github.com/hashicorp/consul => ../../.. - replace github.com/hashicorp/consul/api => ../../../api replace github.com/hashicorp/consul/sdk => ../../../sdk diff --git a/test/integration/consul-container/go.sum b/test/integration/consul-container/go.sum index c68661ac4..7d67cf3ca 100644 --- a/test/integration/consul-container/go.sum +++ b/test/integration/consul-container/go.sum @@ -404,17 +404,17 @@ github.com/hashicorp/go-hclog v0.16.2/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39 github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= github.com/hashicorp/go-immutable-radix v1.3.1 h1:DKHmCUm2hRBK510BaiZlwvpD40f8bJFeZnpfm2KLowc= github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= +github.com/hashicorp/go-msgpack v0.5.3 h1:zKjpN5BK/P5lMYrLmBHdBULWbJ0XpYR+7NGzqkZzoD4= github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= -github.com/hashicorp/go-msgpack v0.5.5 h1:i9R9JSrqIz0QVLz3sz+i3YJdT7TTSLcfLLzJi9aZTuI= github.com/hashicorp/go-multierror v0.0.0-20161216184304-ed905158d874/go.mod h1:JMRHfdO9jKNzS/+BTlxCjKNQHg/jZAft8U7LloJvN7I= github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= +github.com/hashicorp/go-multierror v1.1.0 h1:B9UzwGQJehnUY1yNrnwREHc3fGbC2xefo8g4TbElacI= github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA= -github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs= github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc= github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= +github.com/hashicorp/go-sockaddr v1.0.0 h1:GeH6tui99pF4NJgfnhp+L6+FfobzVW3Ah46sLo0ICXs= github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU= -github.com/hashicorp/go-sockaddr v1.0.2 h1:ztczhD1jLxIRjVejw8gFomI1BQZOe2WoVOu0SyteCQc= github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4= github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= @@ -427,8 +427,8 @@ github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uG github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= github.com/hashicorp/mdns v1.0.4/go.mod h1:mtBihi+LeNXGtG8L9dX59gAEa12BDtBQSp4v/YAJqrc= +github.com/hashicorp/memberlist v0.3.0 h1:8+567mCcFDnS5ADl7lrpxPMWiFCElyUEeW0gtj34fMA= github.com/hashicorp/memberlist v0.3.0/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOnAH9VT3Sh9MUE= -github.com/hashicorp/memberlist v0.3.1 h1:MXgUXLqva1QvpVEDQW1IQLG0wivQAtmFlHRQ+1vWZfM= github.com/hashicorp/serf v0.9.6/go.mod h1:TXZNMjZQijwlDvp+r0b63xZ45H7JmCmgg4gpTwn9UV4= github.com/hashicorp/serf v0.9.8 h1:JGklO/2Drf1QGa312EieQN3zhxQ+aJg6pG+aC3MFaVo= github.com/hashicorp/serf v0.9.8/go.mod h1:TXZNMjZQijwlDvp+r0b63xZ45H7JmCmgg4gpTwn9UV4= @@ -469,8 +469,8 @@ github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA= +github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= -github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/magiconair/properties v1.8.5 h1:b6kJs+EmPFMYGkow9GiUyCyOvIwYetYJ3fSaWak/Gls= github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60= diff --git a/test/integration/consul-container/libs/utils/retry.go b/test/integration/consul-container/libs/utils/retry.go new file mode 100644 index 000000000..7cb47bac0 --- /dev/null +++ b/test/integration/consul-container/libs/utils/retry.go @@ -0,0 +1,75 @@ +package utils + +import ( + "context" + "time" +) + +// NOTE: copied from github.com/hashicorp/consul/lib/retry to avoid a heavy dependency +// NOTE2: Jitter was removed + +// Waiter records the number of failures and performs exponential backoff when +// when there are consecutive failures. +type Waiter struct { + // MinFailures before exponential backoff starts. Any failures before + // MinFailures is reached will wait MinWait time. + MinFailures uint + // MinWait time. Returned after the first failure. + MinWait time.Duration + // MaxWait time. + MaxWait time.Duration + // Factor is the multiplier to use when calculating the delay. Defaults to + // 1 second. + Factor time.Duration + failures uint +} + +// delay calculates the time to wait based on the number of failures +func (w *Waiter) delay() time.Duration { + if w.failures <= w.MinFailures { + return w.MinWait + } + factor := w.Factor + if factor == 0 { + factor = time.Second + } + + shift := w.failures - w.MinFailures - 1 + waitTime := w.MaxWait + if shift < 31 { + waitTime = (1 << shift) * factor + } + if w.MaxWait != 0 && waitTime > w.MaxWait { + waitTime = w.MaxWait + } + if waitTime < w.MinWait { + return w.MinWait + } + return waitTime +} + +// Reset the failure count to 0. +func (w *Waiter) Reset() { + w.failures = 0 +} + +// Failures returns the count of consecutive failures. +func (w *Waiter) Failures() int { + return int(w.failures) +} + +// Wait increase the number of failures by one, and then blocks until the context +// is cancelled, or until the wait time is reached. +// The wait time increases exponentially as the number of failures increases. +// Wait will return ctx.Err() if the context is cancelled. +func (w *Waiter) Wait(ctx context.Context) error { + w.failures++ + timer := time.NewTimer(w.delay()) + select { + case <-ctx.Done(): + timer.Stop() + return ctx.Err() + case <-timer.C: + return nil + } +} diff --git a/test/integration/consul-container/metrics/leader_test.go b/test/integration/consul-container/metrics/leader_test.go index 95389a63e..9bea12592 100644 --- a/test/integration/consul-container/metrics/leader_test.go +++ b/test/integration/consul-container/metrics/leader_test.go @@ -15,7 +15,6 @@ import ( libcluster "github.com/hashicorp/consul/integration/consul-container/libs/cluster" "github.com/hashicorp/consul/integration/consul-container/libs/node" "github.com/hashicorp/consul/integration/consul-container/libs/utils" - "github.com/hashicorp/consul/lib/retry" ) // Given a 3-server cluster, when the leader is elected, then leader's isLeader is 1 and non-leader's 0 @@ -56,7 +55,7 @@ func TestLeadershipMetrics(t *testing.T) { libcluster.WaitForMembers(t, svrCli, 3) retryWithBackoff := func(agentNode node.Node, expectedStr string) error { - waiter := &retry.Waiter{ + waiter := &utils.Waiter{ MaxWait: 5 * time.Minute, } _, port := agentNode.GetAddr() From 28ec70953b6acfc384ceda2e8a870b7dd41dbdae Mon Sep 17 00:00:00 2001 From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com> Date: Mon, 6 Jun 2022 16:06:55 -0500 Subject: [PATCH 461/785] test: retry the compat tests as often as other tests (#13369) The upgrade compatibility tests need frequent retrying to pass because they are slightly flaky. To alleviate manual work borrow similar gotestsum logic from the main go tests CI job to rerun them automatically here. --- .circleci/config.yml | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index c6c7e2a7e..0286ec367 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -822,15 +822,19 @@ jobs: - run: name: Compatibility Integration Tests command: | - subtests=$(ls -d test/integration/consul-container/*/ | grep -v libs | xargs -n 1 basename | circleci tests split) - echo "Running $(echo $subtests | wc -w) subtests" - echo "$subtests" - subtests_formatted=$(echo "$subtests" | sed 's/^/.\//g' | xargs) mkdir -p /tmp/test-results/ - docker run consul:local consul version cd ./test/integration/consul-container - echo "$subtests_formatted" - gotestsum -- -timeout=30m ./$subtests_formatted --target-version local --latest-version latest + docker run --rm consul:local consul version + gotestsum \ + --format=short-verbose \ + --debug \ + --rerun-fails=3 \ + --packages="./..." \ + -- \ + -timeout=30m \ + ./... \ + --target-version local \ + --latest-version latest ls -lrt environment: # this is needed because of incompatibility between RYUK container and circleci From dcb511e78a398b75ef5cf47b94dc8f33abc7746a Mon Sep 17 00:00:00 2001 From: Evan Culver Date: Mon, 6 Jun 2022 14:42:11 -0700 Subject: [PATCH 462/785] ci: Add package verifications to build workflow (#13294) Co-authored-by: cskh --- .github/scripts/docker_smoke.sh | 23 --- .github/scripts/verify_artifact.sh | 240 +++++++++++++++++++++++++++++ .github/scripts/verify_bin.sh | 44 ++++++ .github/scripts/verify_deb.sh | 57 +++++++ .github/scripts/verify_docker.sh | 44 ++++++ .github/scripts/verify_rpm.sh | 52 +++++++ .github/workflows/build.yml | 147 ++++++++++-------- 7 files changed, 524 insertions(+), 83 deletions(-) delete mode 100755 .github/scripts/docker_smoke.sh create mode 100755 .github/scripts/verify_artifact.sh create mode 100755 .github/scripts/verify_bin.sh create mode 100755 .github/scripts/verify_deb.sh create mode 100755 .github/scripts/verify_docker.sh create mode 100755 .github/scripts/verify_rpm.sh diff --git a/.github/scripts/docker_smoke.sh b/.github/scripts/docker_smoke.sh deleted file mode 100755 index 0ab412651..000000000 --- a/.github/scripts/docker_smoke.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash - -set -euo pipefail - -function main { - local image_name="${1:-${IMAGE_NAME:-}}" - local test_version - - if [[ -z "${image_name}" ]]; then - echo "ERROR: IMAGE_NAME environment var or argument is required" - exit 1 - fi - - test_version="$(docker run "${image_name}" version | head -n1 | awk '{print $2}')" - if [ "${test_version}" != "v${version}" ]; then - echo "Test FAILED" - echo "Got: ${test_version}, Want: ${version}" - exit 1 - fi - echo "Test PASSED" -} - -main "$@" diff --git a/.github/scripts/verify_artifact.sh b/.github/scripts/verify_artifact.sh new file mode 100755 index 000000000..71de52c38 --- /dev/null +++ b/.github/scripts/verify_artifact.sh @@ -0,0 +1,240 @@ +#!/bin/bash + +set -euo pipefail + +# verify_artifact.sh is the top-level script that implements the logic to decide +# which individual verification script to invoke. It decides which verification +# script to use based on artifact name it is given. By putting the logic in here, +# it keeps the workflow file simpler and easier to manage. It also doubles as a means +# to run verifications locally when necessary. + +# set this so we can locate and execute the individual verification scripts. +SCRIPT_DIR="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" + +function usage { + echo "verify_artifact.sh " +} + +# Arguments: +# $1 - artifact path (eg. /artifacts/consul-1.13.0~dev-1.i386.rpm) +# $2 - expected version to match against (eg. v1.13.0-dev) +function main { + local artifact_path="${1:-}" + local expect_version="${2:-}" + + if [[ -z "${artifact_path}" ]]; then + echo "ERROR: artifact path argument is required" + usage + exit 1 + fi + + if [[ -z "${expect_version}" ]]; then + echo "ERROR: expected version argument is required" + usage + exit 1 + fi + + if [[ ! -e "${artifact_path}" ]]; then + echo "ERROR: ${artifact_path} does not exist" + usage + exit 1 + fi + + # match against the various artifact names: + # deb packages: consul_${version}-1_${arch}.deb + # rpm packages: consul-${version}-1.${arch}.rpm + # zip packages: consul_${version}_${os}_${arch}.zip + case "${artifact_path}" in + *.rpm) verify_rpm "${artifact_path}" "${expect_version}";; + *.deb) verify_deb "${artifact_path}" "${expect_version}";; + *.zip) verify_zip "${artifact_path}" "${expect_version}";; + *) + echo "${artifact_path} did not match known patterns" + exit 1 + ;; + esac +} + +# Arguments: +# $1 - path to rpm (eg. consul-1.13.0~dev-1.aarch64.rpm) +# $2 - expected version to match against (eg. v1.13.0-dev) +function verify_rpm { + local artifact_path="${1:-}" + local expect_version="${2:-}" + local docker_image + local docker_platform + + case "${artifact_path}" in + *.i386.rpm) + docker_platform="linux/386" + docker_image="i386/centos:7" + ;; + *.x86_64.rpm) + docker_platform="linux/amd64" + docker_image="amd64/centos:7" + ;; + *.arm.rpm) + docker_platform="linux/arm/v7" + docker_image="arm32v7/fedora:36" + ;; + *.aarch64.rpm) + docker_platform="linux/arm64" + docker_image="arm64v8/fedora:36" + ;; + *) + echo "${artifact_path} did not match known patterns for rpms" + exit 1 + ;; + esac + + echo "executing RPM verification in Docker with these parameters:" + echo "PLATFORM=${docker_platform}" + echo "IMAGE=${docker_image}" + + docker run \ + --platform=${docker_platform} \ + -v $(pwd):/workdir \ + -v ${SCRIPT_DIR}:/scripts \ + -w /workdir \ + ${docker_image} \ + /scripts/verify_rpm.sh \ + "/workdir/${artifact_path}" \ + "${expect_version}" +} + +# Arguments: +# $1 - path to deb (eg. consul_1.13.0~dev-1_arm64.deb) +# $2 - expected version to match against (eg. v1.13.0-dev) +function verify_deb { + local artifact_path="${1:-}" + local expect_version="${2:-}" + local docker_image + local docker_platform + + case "${artifact_path}" in + *_i386.deb) + docker_platform="linux/386" + docker_image="i386/debian:bullseye" + ;; + *_amd64.deb) + docker_platform="linux/amd64" + docker_image="amd64/debian:bullseye" + ;; + *_arm.deb) + docker_platform="linux/arm/v7" + docker_image="arm32v7/debian:bullseye" + ;; + *_arm64.deb) + docker_platform="linux/arm64" + docker_image="arm64v8/debian:bullseye" + ;; + *) + echo "${artifact_path} did not match known patterns for debs" + exit 1 + ;; + esac + + echo "executing DEB verification in Docker with these parameters:" + echo "PLATFORM=${docker_platform}" + echo "IMAGE=${docker_image}" + + docker run \ + --platform=${docker_platform} \ + -v $(pwd):/workdir \ + -v ${SCRIPT_DIR}:/scripts \ + -w /workdir \ + ${docker_image} \ + /scripts/verify_deb.sh \ + "/workdir/${artifact_path}" \ + "${expect_version}" +} + +# Arguments: +# $1 - path to zip (eg. consul_1.13.0-dev_linux_amd64.zip) +# $2 - expected version to match against (eg. v1.13.0-dev) +function verify_zip { + local artifact_path="${1:-}" + local expect_version="${2:-}" + local machine_os=$(uname -s) + local machine_arch=$(uname -m) + + unzip "${artifact_path}" + + if [[ ! -e ./consul ]]; then + echo "ERROR: ${artifact_path} did not contain a consul binary" + exit 1 + fi + + case "${artifact_path}" in + + *_darwin_amd64.zip) + if [[ "${machine_os}" = 'Darwin' ]]; then + # run the darwin binary if the host is Darwin. + ${SCRIPT_DIR}/verify_bin.sh ./consul ${expect_version} + else + echo "cannot run darwin binary on a non-darwin host (${machine_os})" + fi + ;; + + *_linux_386.zip | *_linux_amd64.zip) + if [[ "${machine_os}" = 'Linux' && "${machine_arch}" = "x86_64" ]]; then + # run the binary directly on the host when it's x86_64 Linux + ${SCRIPT_DIR}/verify_bin.sh ./consul ${expect_version} + else + # otherwise, use Docker/QEMU + docker run \ + --platform=linux/amd64 \ + -v $(pwd):/workdir \ + -v ${SCRIPT_DIR}:/scripts \ + -w /workdir \ + amd64/debian \ + /scripts/verify_bin.sh \ + ./consul \ + "${expect_version}" + fi + ;; + + *_linux_arm.zip) + if [[ "${machine_os}" = 'Linux' && "${machine_arch}" = arm* ]]; then + # run the binary directly on the host when it's x86_64 Linux + ${SCRIPT_DIR}/verify_bin.sh ./consul ${expect_version} + else + # otherwise, use Docker/QEMU + docker run \ + --platform=linux/arm/v7 \ + -v $(pwd):/workdir \ + -v ${SCRIPT_DIR}:/scripts \ + -w /workdir \ + arm32v7/debian \ + /scripts/verify_bin.sh \ + ./consul \ + "${expect_version}" + fi + ;; + + *_linux_arm64.zip) + if [[ "${machine_os}" = 'Linux' && "${machine_arch}" = arm* ]]; then + # run the binary directly on the host when it's x86_64 Linux + ${SCRIPT_DIR}/verify_bin.sh ./consul ${expect_version} + else + # otherwise, use Docker/QEMU + docker run \ + --platform=linux/arm64 \ + -v $(pwd):/workdir \ + -v ${SCRIPT_DIR}:/scripts \ + -w /workdir \ + arm64v8/debian \ + /scripts/verify_bin.sh \ + ./consul \ + "${expect_version}" + fi + ;; + + *) + echo "${artifact_path} did not match known patterns for zips" + exit 1 + ;; + esac +} + +main "$@" diff --git a/.github/scripts/verify_bin.sh b/.github/scripts/verify_bin.sh new file mode 100755 index 000000000..6f7017271 --- /dev/null +++ b/.github/scripts/verify_bin.sh @@ -0,0 +1,44 @@ +#!/bin/bash + +set -euo pipefail + +# verify_bin.sh validates the file at the path given and then runs `./consul version` and inspects its output. If its +# output doesn't match the version given, the script will exit 1 and report why it failed. +# This is meant to be run as part of the build workflow to verify the built .zip meets some basic criteria for validity. + +function usage { + echo "./verify_bin.sh " +} + +function main { + local bin_path="${1:-}" + local expect_version="${2:-}" + local got_version + + if [[ -z "${bin_path}" ]]; then + echo "ERROR: path to binary argument is required" + usage + exit 1 + fi + + if [[ -z "${expect_version}" ]]; then + echo "ERROR: expected version argument is required" + usage + exit 1 + fi + + if [[ ! -e "${bin_path}" ]]; then + echo "ERROR: package at ${bin_path} does not exist." + exit 1 + fi + + got_version="$( awk '{print $2}' <(head -n1 <(${bin_path} version)) )" + if [ "${got_version}" != "${expect_version}" ]; then + echo "Test FAILED" + echo "Got: ${got_version}, Want: ${expect_version}" + exit 1 + fi + echo "Test PASSED" +} + +main "$@" diff --git a/.github/scripts/verify_deb.sh b/.github/scripts/verify_deb.sh new file mode 100755 index 000000000..e4a22a261 --- /dev/null +++ b/.github/scripts/verify_deb.sh @@ -0,0 +1,57 @@ +#!/bin/bash + +set -euo pipefail + +# verify_deb.sh tries to install the .deb package at the path given before running `consul version` +# to inspect its output. If its output doesn't match the version given, the script will exit 1 and +# report why it failed. This is meant to be run as part of the build workflow to verify the built +# .deb meets some basic criteria for validity. + +# set this so we can locate and execute the verify_bin.sh script for verifying version output +SCRIPT_DIR="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" + +function usage { + echo "./verify_deb.sh " +} + +function main { + local deb_path="${1:-}" + local expect_version="${2:-}" + local got_version + + if [[ -z "${deb_path}" ]]; then + echo "ERROR: package path argument is required" + usage + exit 1 + fi + + if [[ -z "${expect_version}" ]]; then + echo "ERROR: expected version argument is required" + usage + exit 1 + fi + + # expand globs for path names, if this fails, the script will exit + deb_path=$(echo ${deb_path}) + + if [[ ! -e "${deb_path}" ]]; then + echo "ERROR: package at ${deb_path} does not exist." + usage + exit 1 + fi + + # we have to install the 'arm' architecture in order to install the 'arm' + # package, otherwise we will git a 'package architecture does not match system' error + if [[ ${deb_path} = *_arm.deb ]]; then + dpkg --add-architecture arm + fi + + apt -y update + apt -y install openssl + dpkg -i ${deb_path} + + # use the script that should be located next to this one for verifying the output + exec "${SCRIPT_DIR}/verify_bin.sh" $(which consul) "${expect_version}" +} + +main "$@" diff --git a/.github/scripts/verify_docker.sh b/.github/scripts/verify_docker.sh new file mode 100755 index 000000000..725bf92b9 --- /dev/null +++ b/.github/scripts/verify_docker.sh @@ -0,0 +1,44 @@ +#!/bin/bash + +set -euo pipefail + +# verify_docker.sh invokes the given Docker image to run `consul version` and inspect its output. +# If its output doesn't match the version given, the script will exit 1 and report why it failed. +# This is meant to be run as part of the build workflow to verify the built image meets some basic +# criteria for validity. +# +# Because this is meant to be run as the `smoke_test` for the docker-build workflow, the script expects +# the image name parameter to be provided by the `IMAGE_NAME` environment variable, rather than a +# positional argument. + +function usage { + echo "IMAGE_NAME= ./verify_docker.sh " +} + +function main { + local image_name="${IMAGE_NAME:-}" + local expect_version="${1:-}" + local got_version + + if [[ -z "${image_name}" ]]; then + echo "ERROR: IMAGE_NAME is not set" + usage + exit 1 + fi + + if [[ -z "${expect_version}" ]]; then + echo "ERROR: expected version argument is required" + usage + exit 1 + fi + + got_version="$( awk '{print $2}' <(head -n1 <(docker run "${image_name}" version)) )" + if [ "${got_version}" != "${expect_version}" ]; then + echo "Test FAILED" + echo "Got: ${got_version}, Want: ${expect_version}" + exit 1 + fi + echo "Test PASSED" +} + +main "$@" diff --git a/.github/scripts/verify_rpm.sh b/.github/scripts/verify_rpm.sh new file mode 100755 index 000000000..75a63bcbc --- /dev/null +++ b/.github/scripts/verify_rpm.sh @@ -0,0 +1,52 @@ +#!/bin/bash + +set -euo pipefail + +# verify_rpm.sh tries to install the .rpm package at the path given before running `consul version` +# to inspect its output. If its output doesn't match the version given, the script will exit 1 and +# report why it failed. This is meant to be run as part of the build workflow to verify the built +# .rpm meets some basic criteria for validity. + +# set this so we can locate and execute the verify_bin.sh script for verifying version output +SCRIPT_DIR="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" + +function usage { + echo "./verify_rpm.sh " +} + +function main { + local rpm_path="${1:-}" + local expect_version="${2:-}" + local got_version + + if [[ -z "${rpm_path}" ]]; then + echo "ERROR: package path argument is required" + usage + exit 1 + fi + + if [[ -z "${expect_version}" ]]; then + echo "ERROR: expected version argument is required" + usage + exit 1 + fi + + # expand globs for path names, if this fails, the script will exit + rpm_path=$(echo ${rpm_path}) + + if [[ ! -e "${rpm_path}" ]]; then + echo "ERROR: package at ${rpm_path} does not exist." + usage + exit 1 + fi + + yum -y clean all + yum -y update + yum -y install which openssl + rpm --ignorearch -i ${rpm_path} + + # use the script that should be located next to this one for verifying the output + exec "${SCRIPT_DIR}/verify_bin.sh" $(which consul) "${expect_version}" +} + +main "$@" diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e7bee8304..cb0e6ee07 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -218,22 +218,13 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - arch: ["arm", "arm64", "386", "amd64"] + arch: ["386", "amd64", "arm", "arm64"] env: repo: ${{github.event.repository.name}} version: ${{needs.get-product-version.outputs.product-version}} steps: - uses: actions/checkout@v2 - - name: Download artifact for arm verification - uses: actions/download-artifact@v2 - if: ${{ matrix.arch == 'arm64' || matrix.arch == 'arm' }} - with: - name: ${{ env.PKG_NAME }}_${{env.version}}_linux_${{ matrix.arch }}.zip - - name: Unzip for ${{ matrix.arch }} linux zip - if: ${{ matrix.arch == 'arm64' || matrix.arch == 'arm' }} - run: | - unzip ${{ env.PKG_NAME }}_${{ env.version }}_linux_${{ matrix.arch }}.zip - name: Docker Build (Action) uses: hashicorp/actions-docker-build@v1 with: @@ -246,17 +237,7 @@ jobs: dev_tags: | docker.io/hashicorppreview/${{ env.repo }}:${{ env.version }} docker.io/hashicorppreview/${{ env.repo }}:${{ env.version }}-${{ github.sha }} - smoke_test: .github/scripts/docker_smoke.sh - - name: Run verification in qemu docker for ${{ matrix.arch }} linux zip - if: ${{ matrix.arch == 'arm64' }} - run: | - docker run --platform=linux/arm64 -v $(pwd):/workdir -w /workdir \ - arm64v8/debian ./consul version - - name: Run verification in qemu docker for ${{ matrix.arch }} linux zip - if: ${{ matrix.arch == 'arm' }} - run: | - docker run --platform=linux/arm/v7 -v $(pwd):/workdir -w /workdir \ - arm32v7/debian ./consul version + smoke_test: .github/scripts/verify_docker.sh v${{ env.version }} build-docker-redhat: name: Docker Build UBI Image for RedHat @@ -276,29 +257,39 @@ jobs: target: ubi arch: amd64 redhat_tag: scan.connect.redhat.com/ospid-612d01d49f14588c41ebf67c/${{env.repo}}:${{env.version}}-ubi - smoke_test: .github/scripts/docker_smoke.sh - verify: + smoke_test: .github/scripts/verify_docker.sh v${{ env.version }} + + verify-linux: needs: - get-product-version - build runs-on: ubuntu-latest strategy: matrix: - arch: ["386", "amd64"] + arch: ["386", "amd64", "arm", "arm64"] fail-fast: true env: - version: ${{needs.get-product-version.outputs.product-version}} - name: Verify ${{ matrix.arch }} linux zip + version: ${{ needs.get-product-version.outputs.product-version }} + zip_name: consul_${{ needs.get-product-version.outputs.product-version }}_linux_${{ matrix.arch }}.zip + + name: Verify ${{ matrix.arch }} linux binary steps: - uses: actions/checkout@v2 - - name: Download artifact - uses: actions/download-artifact@v2 + + - name: Download ${{ matrix.arch }} zip + uses: actions/download-artifact@v3 with: - name: ${{ env.PKG_NAME }}_${{ env.version }}_linux_${{ matrix.arch }}.zip - - name: Run verification for ${{ matrix.arch }} linux zip - run: | - unzip ${{ env.PKG_NAME }}_${{env.version}}_linux_${{ matrix.arch }}.zip - ./consul version + name: ${{ env.zip_name }} + + - name: Set up QEMU + uses: docker/setup-qemu-action@v1 + if: ${{ matrix.arch == 'arm' || matrix.arch == 'arm64' }} + with: + # this should be a comma-separated string as opposed to an array + platforms: arm,arm64 + + - name: Run verification for ${{ matrix.arch }} binary + run: .github/scripts/verify_artifact.sh ${{ env.zip_name }} v${{ env.version }} verify-darwin: needs: @@ -306,60 +297,96 @@ jobs: - build-darwin runs-on: macos-latest strategy: - matrix: - arch: ["amd64", "arm64"] fail-fast: true env: version: ${{needs.get-product-version.outputs.product-version}} - name: Verify ${{ matrix.arch }} darwin zip + zip_name: consul_${{ needs.get-product-version.outputs.product-version }}_darwin_amd64.zip + + name: Verify amd64 darwin binary steps: - uses: actions/checkout@v2 - - name: Download artifact - uses: actions/download-artifact@v2 + + - name: Download amd64 darwin zip + uses: actions/download-artifact@v3 with: - name: ${{ env.PKG_NAME }}_${{env.version}}_darwin_${{ matrix.arch }}.zip - - name: Run verification for ${{ matrix.arch }} linux zip - if: ${{ matrix.arch == 'amd64' }} - run: | - unzip ${{ env.PKG_NAME }}_${{env.version}}_darwin_${{ matrix.arch }}.zip - ./consul version + name: ${{ env.zip_name }} + + - name: Unzip amd64 darwin zip + run: unzip ${{ env.zip_name }} + + - name: Run verification for amd64 darwin binary + run: .github/scripts/verify_bin.sh ./consul v${{ env.version }} verify-linux-packages-deb: - needs: build + needs: + - build + - get-product-version runs-on: ubuntu-latest strategy: matrix: - arch: [ "amd64", "arm", "arm64", "i386" ] - fail-fast: true + arch: ["i386", "amd64", "arm", "arm64"] + # fail-fast: true + env: + version: ${{ needs.get-product-version.outputs.product-version }} name: Verify ${{ matrix.arch }} debian package steps: - uses: actions/checkout@v2 - - - name: Download ${{ matrix.arch }} debian package + + - name: Set package version run: | - echo "TODO: download ${{ matrix.arch }} debian package" + echo "pkg_version=$(echo ${{ needs.get-product-version.outputs.product-version }} | sed 's/\-/~/g')" >> $GITHUB_ENV + + - name: Set package name + run: | + echo "pkg_name=consul_${{ env.pkg_version }}-1_${{ matrix.arch }}.deb" >> $GITHUB_ENV + + - name: Download workflow artifacts + uses: actions/download-artifact@v3 + with: + name: ${{ env.pkg_name }} + + - name: Set up QEMU + uses: docker/setup-qemu-action@v1 + with: + platforms: all - name: Verify ${{ matrix.arch }} debian package - run: | - echo "TODO: run verification for ${{ matrix.arch }} debian package" + run: ./.github/scripts/verify_artifact.sh ${{ env.pkg_name }} v${{ env.version }} verify-linux-packages-rpm: - needs: build + needs: + - build + - get-product-version runs-on: ubuntu-latest strategy: matrix: - arch: [ "aarch64", "arm", "i386", "x86_64" ] - fail-fast: true + arch: ["i386", "x86_64", "arm", "aarch64"] + # fail-fast: true + env: + version: ${{ needs.get-product-version.outputs.product-version }} - name: Verify ${{ matrix.arch }} rpm package + name: Verify ${{ matrix.arch }} rpm steps: - uses: actions/checkout@v2 - - name: Download ${{ matrix.arch }} rpm package + - name: Set package version run: | - echo "TODO: download ${{ matrix.arch }} rpm package" + echo "pkg_version=$(echo ${{ needs.get-product-version.outputs.product-version }} | sed 's/\-/~/g')" >> $GITHUB_ENV - - name: Verify ${{ matrix.arch }} rpm package + - name: Set package name run: | - echo "TODO: run verification for ${{ matrix.arch }} rpm package" + echo "pkg_name=consul-${{ env.pkg_version }}-1.${{ matrix.arch }}.rpm" >> $GITHUB_ENV + + - name: Download workflow artifacts + uses: actions/download-artifact@v3 + with: + name: ${{ env.pkg_name }} + + - name: Set up QEMU + uses: docker/setup-qemu-action@v1 + with: + platforms: all + + - name: Verify ${{ matrix.arch }} rpm + run: ./.github/scripts/verify_artifact.sh ${{ env.pkg_name }} v${{ env.version }} From 7602b6ebf2928830462235ed440b56f5cf51e2fb Mon Sep 17 00:00:00 2001 From: Dhia Ayachi Date: Tue, 7 Jun 2022 15:03:59 -0400 Subject: [PATCH 463/785] Egress gtw/connect destination intentions (#13341) * update gateway-services table with endpoints * fix failing test * remove unneeded config in test * rename "endpoint" to "destination" * more endpoint renaming to destination in tests * update isDestination based on service-defaults config entry creation * use a 3 state kind to be able to set the kind to unknown (when neither a service or a destination exist) * set unknown state to empty to avoid modifying alot of tests * fix logic to set the kind correctly on CRUD * fix failing tests * add missing tests and fix service delete * fix failing test * Apply suggestions from code review Co-authored-by: Dan Stough * fix a bug with kind and add relevant test * fix compile error * fix failing tests * add kind to clone * fix failing tests * fix failing tests in catalog endpoint * fix service dump test * Apply suggestions from code review Co-authored-by: Dan Stough * remove duplicate tests * first draft of destinations intention in connect proxy * remove ServiceDestinationList * fix failing tests * fix agent/consul failing tests * change to filter intentions in the state store instead of adding a field. * fix failing tests * fix comment * fix comments * store service kind destination and add relevant tests * changes based on review * filter on destinations when querying source match * Apply suggestions from code review Co-authored-by: alex <8968914+acpana@users.noreply.github.com> * fix style * Apply suggestions from code review Co-authored-by: Dan Stough * rename destinationType to targetType. Co-authored-by: Dan Stough Co-authored-by: alex <8968914+acpana@users.noreply.github.com> Co-authored-by: github-team-consul-core --- agent/consul/intention_endpoint.go | 2 +- agent/consul/internal_endpoint.go | 2 +- agent/consul/state/catalog.go | 18 +------ agent/consul/state/config_entry.go | 12 ++++- agent/consul/state/config_entry_intention.go | 49 +++++++++++++++----- agent/consul/state/config_entry_test.go | 39 ++++++++++++++++ agent/consul/state/intention.go | 39 ++++++++++++---- agent/consul/state/intention_test.go | 4 +- agent/structs/intention.go | 9 ++++ agent/structs/structs.go | 5 ++ 10 files changed, 137 insertions(+), 42 deletions(-) diff --git a/agent/consul/intention_endpoint.go b/agent/consul/intention_endpoint.go index fc6db87db..b2c2d49c0 100644 --- a/agent/consul/intention_endpoint.go +++ b/agent/consul/intention_endpoint.go @@ -764,7 +764,7 @@ func (s *Intention) Check(args *structs.IntentionQueryRequest, reply *structs.In Partition: query.SourcePartition, Name: query.SourceName, } - _, intentions, err := store.IntentionMatchOne(nil, entry, structs.IntentionMatchSource) + _, intentions, err := store.IntentionMatchOne(nil, entry, structs.IntentionMatchSource, structs.IntentionTargetService) if err != nil { return fmt.Errorf("failed to query intentions for %s/%s", query.SourceNS, query.SourceName) } diff --git a/agent/consul/internal_endpoint.go b/agent/consul/internal_endpoint.go index 20169562d..113abd2dd 100644 --- a/agent/consul/internal_endpoint.go +++ b/agent/consul/internal_endpoint.go @@ -405,7 +405,7 @@ func (m *Internal) GatewayIntentions(args *structs.IntentionQueryRequest, reply Partition: gs.Service.PartitionOrDefault(), Name: gs.Service.Name, } - idx, intentions, err := state.IntentionMatchOne(ws, entry, structs.IntentionMatchDestination) + idx, intentions, err := state.IntentionMatchOne(ws, entry, structs.IntentionMatchDestination, structs.IntentionTargetService) if err != nil { return err } diff --git a/agent/consul/state/catalog.go b/agent/consul/state/catalog.go index ab4797fda..ee1623956 100644 --- a/agent/consul/state/catalog.go +++ b/agent/consul/state/catalog.go @@ -4009,14 +4009,7 @@ func (s *Store) ServiceTopology( Partition: entMeta.PartitionOrDefault(), Name: service, } - _, srcIntentions, err := compatIntentionMatchOneTxn( - tx, - ws, - matchEntry, - - // The given service is a source relative to its upstreams - structs.IntentionMatchSource, - ) + _, srcIntentions, err := compatIntentionMatchOneTxn(tx, ws, matchEntry, structs.IntentionMatchSource, structs.IntentionTargetService) if err != nil { return 0, nil, fmt.Errorf("failed to query intentions for %s", sn.String()) } @@ -4128,14 +4121,7 @@ func (s *Store) ServiceTopology( downstreamSources[svc.Name.String()] = source } - _, dstIntentions, err := compatIntentionMatchOneTxn( - tx, - ws, - matchEntry, - - // The given service is a destination relative to its downstreams - structs.IntentionMatchDestination, - ) + _, dstIntentions, err := compatIntentionMatchOneTxn(tx, ws, matchEntry, structs.IntentionMatchDestination, structs.IntentionTargetService) if err != nil { return 0, nil, fmt.Errorf("failed to query intentions for %s", sn.String()) } diff --git a/agent/consul/state/config_entry.go b/agent/consul/state/config_entry.go index e2cd8600f..f0e4c069e 100644 --- a/agent/consul/state/config_entry.go +++ b/agent/consul/state/config_entry.go @@ -356,12 +356,16 @@ func deleteConfigEntryTxn(tx WriteTxn, idx uint64, kind, name string, entMeta *a if gsKind == structs.GatewayServiceKindDestination { gsKind = structs.GatewayServiceKindUnknown } - if err := checkGatewayWildcardsAndUpdate(tx, idx, &structs.ServiceName{Name: c.GetName(), EnterpriseMeta: *c.GetEnterpriseMeta()}, gsKind); err != nil { + serviceName := structs.NewServiceName(c.GetName(), c.GetEnterpriseMeta()) + if err := checkGatewayWildcardsAndUpdate(tx, idx, &serviceName, gsKind); err != nil { return fmt.Errorf("failed updating gateway mapping: %s", err) } - if err := checkGatewayAndUpdate(tx, idx, &structs.ServiceName{Name: c.GetName(), EnterpriseMeta: *c.GetEnterpriseMeta()}, gsKind); err != nil { + if err := checkGatewayAndUpdate(tx, idx, &serviceName, gsKind); err != nil { return fmt.Errorf("failed updating gateway mapping: %s", err) } + if err := cleanupKindServiceName(tx, idx, serviceName, structs.ServiceKindDestination); err != nil { + return fmt.Errorf("failed to cleanup service name: \"%s\"; err: %v", serviceName, err) + } } } @@ -422,6 +426,10 @@ func insertConfigEntryWithTxn(tx WriteTxn, idx uint64, conf structs.ConfigEntry) if err := checkGatewayAndUpdate(tx, idx, &sn, gsKind); err != nil { return fmt.Errorf("failed updating gateway mapping: %s", err) } + + if err := upsertKindServiceName(tx, idx, structs.ServiceKindDestination, sn); err != nil { + return fmt.Errorf("failed to persist service name: %v", err) + } } } diff --git a/agent/consul/state/config_entry_intention.go b/agent/consul/state/config_entry_intention.go index 27c4912e6..bd539489a 100644 --- a/agent/consul/state/config_entry_intention.go +++ b/agent/consul/state/config_entry_intention.go @@ -208,7 +208,7 @@ func (s *Store) configIntentionMatchTxn(tx ReadTxn, ws memdb.WatchSet, args *str // improving that in the future, the test cases shouldn't have to // change for that. - index, ixns, err := configIntentionMatchOneTxn(tx, ws, entry, args.Type) + index, ixns, err := configIntentionMatchOneTxn(tx, ws, entry, args.Type, structs.IntentionTargetService) if err != nil { return 0, nil, err } @@ -224,14 +224,15 @@ func (s *Store) configIntentionMatchTxn(tx ReadTxn, ws memdb.WatchSet, args *str } func configIntentionMatchOneTxn( - tx ReadTxn, - ws memdb.WatchSet, + tx ReadTxn, ws memdb.WatchSet, matchEntry structs.IntentionMatchEntry, matchType structs.IntentionMatchType, + targetType structs.IntentionTargetType, ) (uint64, structs.Intentions, error) { switch matchType { + // targetType is only relevant for Source matches as egress Destinations can only be Intention Destinations in the mesh case structs.IntentionMatchSource: - return readSourceIntentionsFromConfigEntriesTxn(tx, ws, matchEntry.Name, matchEntry.GetEnterpriseMeta()) + return readSourceIntentionsFromConfigEntriesTxn(tx, ws, matchEntry.Name, matchEntry.GetEnterpriseMeta(), targetType) case structs.IntentionMatchDestination: return readDestinationIntentionsFromConfigEntriesTxn(tx, ws, matchEntry.Name, matchEntry.GetEnterpriseMeta()) default: @@ -239,7 +240,13 @@ func configIntentionMatchOneTxn( } } -func readSourceIntentionsFromConfigEntriesTxn(tx ReadTxn, ws memdb.WatchSet, serviceName string, entMeta *acl.EnterpriseMeta) (uint64, structs.Intentions, error) { +func readSourceIntentionsFromConfigEntriesTxn( + tx ReadTxn, + ws memdb.WatchSet, + serviceName string, + entMeta *acl.EnterpriseMeta, + targetType structs.IntentionTargetType, +) (uint64, structs.Intentions, error) { idx := maxIndexTxn(tx, tableConfigEntries) var ( @@ -249,9 +256,7 @@ func readSourceIntentionsFromConfigEntriesTxn(tx ReadTxn, ws memdb.WatchSet, ser names := getIntentionPrecedenceMatchServiceNames(serviceName, entMeta) for _, sn := range names { - results, err = readSourceIntentionsFromConfigEntriesForServiceTxn( - tx, ws, sn.Name, &sn.EnterpriseMeta, results, - ) + results, err = readSourceIntentionsFromConfigEntriesForServiceTxn(tx, ws, sn.Name, &sn.EnterpriseMeta, results, targetType) if err != nil { return 0, nil, err } @@ -263,7 +268,14 @@ func readSourceIntentionsFromConfigEntriesTxn(tx ReadTxn, ws memdb.WatchSet, ser return idx, results, nil } -func readSourceIntentionsFromConfigEntriesForServiceTxn(tx ReadTxn, ws memdb.WatchSet, serviceName string, entMeta *acl.EnterpriseMeta, results structs.Intentions) (structs.Intentions, error) { +func readSourceIntentionsFromConfigEntriesForServiceTxn( + tx ReadTxn, + ws memdb.WatchSet, + serviceName string, + entMeta *acl.EnterpriseMeta, + results structs.Intentions, + targetType structs.IntentionTargetType, +) (structs.Intentions, error) { sn := structs.NewServiceName(serviceName, entMeta) iter, err := tx.Get(tableConfigEntries, indexSource, sn) @@ -276,7 +288,23 @@ func readSourceIntentionsFromConfigEntriesForServiceTxn(tx ReadTxn, ws memdb.Wat entry := v.(*structs.ServiceIntentionsConfigEntry) for _, src := range entry.Sources { if src.SourceServiceName() == sn { - results = append(results, entry.ToIntention(src)) + entMeta := entry.DestinationServiceName().EnterpriseMeta + kind, err := GatewayServiceKind(tx, entry.DestinationServiceName().Name, &entMeta) + if err != nil { + return nil, err + } + switch targetType { + case structs.IntentionTargetService: + if kind == structs.GatewayServiceKindService || kind == structs.GatewayServiceKindUnknown { + results = append(results, entry.ToIntention(src)) + } + case structs.IntentionTargetDestination: + if kind == structs.GatewayServiceKindDestination { + results = append(results, entry.ToIntention(src)) + } + default: + return nil, fmt.Errorf("invalid target type") + } } } } @@ -298,7 +326,6 @@ func readDestinationIntentionsFromConfigEntriesTxn(tx ReadTxn, ws memdb.WatchSet results = append(results, entry.ToIntentions()...) } } - // Sort the results by precedence sort.Sort(structs.IntentionPrecedenceSorter(results)) diff --git a/agent/consul/state/config_entry_test.go b/agent/consul/state/config_entry_test.go index 5d2cdf9fd..b874f41af 100644 --- a/agent/consul/state/config_entry_test.go +++ b/agent/consul/state/config_entry_test.go @@ -355,6 +355,11 @@ func TestStore_ServiceDefaults_Kind_Destination(t *testing.T) { require.Len(t, gatewayServices, 1) require.Equal(t, gatewayServices[0].ServiceKind, structs.GatewayServiceKindDestination) + _, kindServices, err := s.ServiceNamesOfKind(ws, structs.ServiceKindDestination) + require.NoError(t, err) + require.Len(t, kindServices, 1) + require.Equal(t, kindServices[0].Kind, structs.ServiceKindDestination) + ws = memdb.NewWatchSet() _, _, err = s.GatewayServices(ws, "Gtwy1", nil) require.NoError(t, err) @@ -369,6 +374,10 @@ func TestStore_ServiceDefaults_Kind_Destination(t *testing.T) { require.Len(t, gatewayServices, 1) require.Equal(t, gatewayServices[0].ServiceKind, structs.GatewayServiceKindUnknown) + _, kindServices, err = s.ServiceNamesOfKind(ws, structs.ServiceKindDestination) + require.NoError(t, err) + require.Len(t, kindServices, 0) + } func TestStore_ServiceDefaults_Kind_NotDestination(t *testing.T) { @@ -475,6 +484,11 @@ func TestStore_Service_TerminatingGateway_Kind_Service_Destination(t *testing.T) require.Len(t, gatewayServices, 1) require.Equal(t, gatewayServices[0].ServiceKind, structs.GatewayServiceKindService) + _, kindServices, err := s.ServiceNamesOfKind(ws, structs.ServiceKindTypical) + require.NoError(t, err) + require.Len(t, kindServices, 1) + require.Equal(t, kindServices[0].Kind, structs.ServiceKindTypical) + require.NoError(t, s.EnsureConfigEntry(0, destination)) _, gatewayServices, err = s.GatewayServices(nil, "Gtwy1", nil) @@ -482,6 +496,11 @@ func TestStore_Service_TerminatingGateway_Kind_Service_Destination(t *testing.T) require.Len(t, gatewayServices, 1) require.Equal(t, gatewayServices[0].ServiceKind, structs.GatewayServiceKindService) + _, kindServices, err = s.ServiceNamesOfKind(ws, structs.ServiceKindTypical) + require.NoError(t, err) + require.Len(t, kindServices, 1) + require.Equal(t, kindServices[0].Kind, structs.ServiceKindTypical) + ws = memdb.NewWatchSet() _, _, err = s.GatewayServices(ws, "Gtwy1", nil) require.NoError(t, err) @@ -496,6 +515,11 @@ func TestStore_Service_TerminatingGateway_Kind_Service_Destination(t *testing.T) require.Len(t, gatewayServices, 1) require.Equal(t, gatewayServices[0].ServiceKind, structs.GatewayServiceKindDestination) + _, kindServices, err = s.ServiceNamesOfKind(ws, structs.ServiceKindDestination) + require.NoError(t, err) + require.Len(t, kindServices, 1) + require.Equal(t, kindServices[0].Kind, structs.ServiceKindDestination) + } func TestStore_Service_TerminatingGateway_Kind_Destination_Service(t *testing.T) { @@ -541,6 +565,11 @@ func TestStore_Service_TerminatingGateway_Kind_Destination_Service(t *testing.T) require.Len(t, gatewayServices, 1) require.Equal(t, gatewayServices[0].ServiceKind, structs.GatewayServiceKindDestination) + _, kindServices, err := s.ServiceNamesOfKind(ws, structs.ServiceKindDestination) + require.NoError(t, err) + require.Len(t, kindServices, 1) + require.Equal(t, kindServices[0].Kind, structs.ServiceKindDestination) + require.NoError(t, s.EnsureNode(0, &structs.Node{Node: "node1"})) require.NoError(t, s.EnsureService(0, "node1", service)) @@ -552,6 +581,11 @@ func TestStore_Service_TerminatingGateway_Kind_Destination_Service(t *testing.T) require.Len(t, gatewayServices, 1) require.Equal(t, gatewayServices[0].ServiceKind, structs.GatewayServiceKindService) + _, kindServices, err = s.ServiceNamesOfKind(ws, structs.ServiceKindTypical) + require.NoError(t, err) + require.Len(t, kindServices, 1) + require.Equal(t, kindServices[0].Kind, structs.ServiceKindTypical) + ws = memdb.NewWatchSet() _, _, err = s.GatewayServices(ws, "Gtwy1", nil) require.NoError(t, err) @@ -566,6 +600,11 @@ func TestStore_Service_TerminatingGateway_Kind_Destination_Service(t *testing.T) require.Len(t, gatewayServices, 1) require.Equal(t, gatewayServices[0].ServiceKind, structs.GatewayServiceKindDestination) + _, kindServices, err = s.ServiceNamesOfKind(ws, structs.ServiceKindDestination) + require.NoError(t, err) + require.Len(t, kindServices, 1) + require.Equal(t, kindServices[0].Kind, structs.ServiceKindDestination) + } func TestStore_Service_TerminatingGateway_Kind_Service(t *testing.T) { diff --git a/agent/consul/state/intention.go b/agent/consul/state/intention.go index 821288f3b..89f7304f6 100644 --- a/agent/consul/state/intention.go +++ b/agent/consul/state/intention.go @@ -600,6 +600,7 @@ func legacyIntentionGetTxn(tx ReadTxn, ws memdb.WatchSet, id string) (uint64, *s // Convert the interface{} if it is non-nil var result *structs.Intention + if intention != nil { result = intention.(*structs.Intention) } @@ -842,11 +843,12 @@ func (s *Store) IntentionMatchOne( ws memdb.WatchSet, entry structs.IntentionMatchEntry, matchType structs.IntentionMatchType, + destinationType structs.IntentionTargetType, ) (uint64, structs.Intentions, error) { tx := s.db.Txn(false) defer tx.Abort() - return compatIntentionMatchOneTxn(tx, ws, entry, matchType) + return compatIntentionMatchOneTxn(tx, ws, entry, matchType, destinationType) } func compatIntentionMatchOneTxn( @@ -854,6 +856,7 @@ func compatIntentionMatchOneTxn( ws memdb.WatchSet, entry structs.IntentionMatchEntry, matchType structs.IntentionMatchType, + destinationType structs.IntentionTargetType, ) (uint64, structs.Intentions, error) { usingConfigEntries, err := areIntentionsInConfigEntries(tx, ws) @@ -863,7 +866,7 @@ func compatIntentionMatchOneTxn( if !usingConfigEntries { return legacyIntentionMatchOneTxn(tx, ws, entry, matchType) } - return configIntentionMatchOneTxn(tx, ws, entry, matchType) + return configIntentionMatchOneTxn(tx, ws, entry, matchType, destinationType) } func legacyIntentionMatchOneTxn( @@ -949,8 +952,12 @@ type ServiceWithDecision struct { // IntentionTopology returns the upstreams or downstreams of a service. Upstreams and downstreams are inferred from // intentions. If intentions allow a connection from the target to some candidate service, the candidate service is considered // an upstream of the target. -func (s *Store) IntentionTopology(ws memdb.WatchSet, - target structs.ServiceName, downstreams bool, defaultDecision acl.EnforcementDecision) (uint64, structs.ServiceList, error) { +func (s *Store) IntentionTopology( + ws memdb.WatchSet, + target structs.ServiceName, + downstreams bool, + defaultDecision acl.EnforcementDecision, +) (uint64, structs.ServiceList, error) { tx := s.db.ReadTxn() defer tx.Abort() @@ -965,13 +972,17 @@ func (s *Store) IntentionTopology(ws memdb.WatchSet, resp := make(structs.ServiceList, 0) for _, svc := range services { - resp = append(resp, svc.Name) + resp = append(resp, structs.ServiceName{Name: svc.Name.Name, EnterpriseMeta: svc.Name.EnterpriseMeta}) } return idx, resp, nil } -func (s *Store) intentionTopologyTxn(tx ReadTxn, ws memdb.WatchSet, - target structs.ServiceName, downstreams bool, defaultDecision acl.EnforcementDecision) (uint64, []ServiceWithDecision, error) { +func (s *Store) intentionTopologyTxn( + tx ReadTxn, ws memdb.WatchSet, + target structs.ServiceName, + downstreams bool, + defaultDecision acl.EnforcementDecision, +) (uint64, []ServiceWithDecision, error) { var maxIdx uint64 @@ -987,7 +998,7 @@ func (s *Store) intentionTopologyTxn(tx ReadTxn, ws memdb.WatchSet, Partition: target.PartitionOrDefault(), Name: target.Name, } - index, intentions, err := compatIntentionMatchOneTxn(tx, ws, entry, intentionMatchType) + index, intentions, err := compatIntentionMatchOneTxn(tx, ws, entry, intentionMatchType, structs.IntentionTargetService) if err != nil { return 0, nil, fmt.Errorf("failed to query intentions for %s", target.String()) } @@ -1017,6 +1028,16 @@ func (s *Store) intentionTopologyTxn(tx ReadTxn, ws memdb.WatchSet, maxIdx = index } services = append(services, ingress...) + } else { + // destinations can only ever be upstream, since they are only allowed as intention destination. + index, destinations, err := serviceNamesOfKindTxn(tx, ws, structs.ServiceKindDestination, *wildcardMeta) + if err != nil { + return index, nil, fmt.Errorf("failed to list destination names: %v", err) + } + if index > maxIdx { + maxIdx = index + } + services = append(services, destinations...) } // When checking authorization to upstreams, the match type for the decision is `destination` because we are deciding @@ -1056,7 +1077,7 @@ func (s *Store) intentionTopologyTxn(tx ReadTxn, ws memdb.WatchSet, } result = append(result, ServiceWithDecision{ - Name: candidate, + Name: structs.ServiceName{Name: candidate.Name, EnterpriseMeta: candidate.EnterpriseMeta}, Decision: decision, }) } diff --git a/agent/consul/state/intention_test.go b/agent/consul/state/intention_test.go index fde26d1d9..4a369d166 100644 --- a/agent/consul/state/intention_test.go +++ b/agent/consul/state/intention_test.go @@ -1533,7 +1533,7 @@ func TestStore_IntentionMatchOne_table(t *testing.T) { Namespace: "default", Name: query, } - _, matches, err := s.IntentionMatchOne(nil, entry, typ) + _, matches, err := s.IntentionMatchOne(nil, entry, typ, structs.IntentionTargetService) require.NoError(t, err) // Verify matches @@ -1873,7 +1873,7 @@ func TestStore_IntentionDecision(t *testing.T) { Partition: acl.DefaultPartitionName, Name: tc.src, } - _, intentions, err := s.IntentionMatchOne(nil, entry, structs.IntentionMatchSource) + _, intentions, err := s.IntentionMatchOne(nil, entry, structs.IntentionMatchSource, structs.IntentionTargetService) if err != nil { require.NoError(t, err) } diff --git a/agent/structs/intention.go b/agent/structs/intention.go index feefc5672..ee1f89c0a 100644 --- a/agent/structs/intention.go +++ b/agent/structs/intention.go @@ -494,6 +494,15 @@ const ( IntentionSourceConsul IntentionSourceType = "consul" ) +type IntentionTargetType string + +const ( + // IntentionTargetService is a service within the Consul catalog. + IntentionTargetService IntentionTargetType = "service" + // IntentionTargetDestination is a destination defined through a service-default config entry. + IntentionTargetDestination IntentionTargetType = "destination" +) + // Intentions is a list of intentions. type Intentions []*Intention diff --git a/agent/structs/structs.go b/agent/structs/structs.go index 94c425610..a7b4dcd73 100644 --- a/agent/structs/structs.go +++ b/agent/structs/structs.go @@ -1178,6 +1178,11 @@ const ( // This service allows external traffic to enter the mesh based on // centralized configuration. ServiceKindIngressGateway ServiceKind = "ingress-gateway" + + // ServiceKindDestination is a Destination for the Connect feature. + // This service allows external traffic to exit the mesh through a terminating gateway + //based on centralized configuration. + ServiceKindDestination ServiceKind = "destination" ) // Type to hold a address and port of a service From 3deaf767f2141bcbb9472fd7c210353d7fcb93bb Mon Sep 17 00:00:00 2001 From: Dhia Ayachi Date: Tue, 7 Jun 2022 15:55:02 -0400 Subject: [PATCH 464/785] Egress gtw/intention rpc endpoint (#13354) * update gateway-services table with endpoints * fix failing test * remove unneeded config in test * rename "endpoint" to "destination" * more endpoint renaming to destination in tests * update isDestination based on service-defaults config entry creation * use a 3 state kind to be able to set the kind to unknown (when neither a service or a destination exist) * set unknown state to empty to avoid modifying alot of tests * fix logic to set the kind correctly on CRUD * fix failing tests * add missing tests and fix service delete * fix failing test * Apply suggestions from code review Co-authored-by: Dan Stough * fix a bug with kind and add relevant test * fix compile error * fix failing tests * add kind to clone * fix failing tests * fix failing tests in catalog endpoint * fix service dump test * Apply suggestions from code review Co-authored-by: Dan Stough * remove duplicate tests * first draft of destinations intention in connect proxy * remove ServiceDestinationList * fix failing tests * fix agent/consul failing tests * change to filter intentions in the state store instead of adding a field. * fix failing tests * fix comment * fix comments * store service kind destination and add relevant tests * changes based on review * filter on destinations when querying source match * change state store API to get an IntentionTarget parameter * add intentions tests * add destination upstream endpoint * fix failing test * fix failing test and a bug with wildcard intentions * fix failing test * Apply suggestions from code review Co-authored-by: alex <8968914+acpana@users.noreply.github.com> * add missing test and clarify doc * fix style * gofmt intention.go * fix merge introduced issue Co-authored-by: Dan Stough Co-authored-by: alex <8968914+acpana@users.noreply.github.com> Co-authored-by: github-team-consul-core --- .../intention_upstreams_destination.go | 52 +++++ .../intention_upstreams_destination_test.go | 52 +++++ agent/consul/helper_test.go | 48 ++++- agent/consul/internal_endpoint.go | 27 ++- agent/consul/internal_endpoint_test.go | 44 ++++ agent/consul/state/catalog.go | 4 +- agent/consul/state/config_entry_intention.go | 3 +- agent/consul/state/intention.go | 24 +-- agent/consul/state/intention_test.go | 200 +++++++++++++++++- 9 files changed, 429 insertions(+), 25 deletions(-) create mode 100644 agent/cache-types/intention_upstreams_destination.go create mode 100644 agent/cache-types/intention_upstreams_destination_test.go diff --git a/agent/cache-types/intention_upstreams_destination.go b/agent/cache-types/intention_upstreams_destination.go new file mode 100644 index 000000000..ae1012c35 --- /dev/null +++ b/agent/cache-types/intention_upstreams_destination.go @@ -0,0 +1,52 @@ +package cachetype + +import ( + "fmt" + + "github.com/hashicorp/consul/agent/cache" + "github.com/hashicorp/consul/agent/structs" +) + +// IntentionUpstreamsDestinationName Recommended name for registration. +const IntentionUpstreamsDestinationName = "intention-upstreams-destination" + +// IntentionUpstreamsDestination supports fetching upstreams for a given gateway name. +type IntentionUpstreamsDestination struct { + RegisterOptionsBlockingRefresh + RPC RPC +} + +func (i *IntentionUpstreamsDestination) Fetch(opts cache.FetchOptions, req cache.Request) (cache.FetchResult, error) { + var result cache.FetchResult + + // The request should be a ServiceSpecificRequest. + reqReal, ok := req.(*structs.ServiceSpecificRequest) + if !ok { + return result, fmt.Errorf( + "Internal cache failure: request wrong type: %T", req) + } + + // Lightweight copy this object so that manipulating QueryOptions doesn't race. + dup := *reqReal + reqReal = &dup + + // Set the minimum query index to our current index so we block + reqReal.QueryOptions.MinQueryIndex = opts.MinIndex + reqReal.QueryOptions.MaxQueryTime = opts.Timeout + + // Always allow stale - there's no point in hitting leader if the request is + // going to be served from cache and end up arbitrarily stale anyway. This + // allows cached service-discover to automatically read scale across all + // servers too. + reqReal.AllowStale = true + + // Fetch + var reply structs.IndexedServiceList + if err := i.RPC.RPC("Internal.IntentionUpstreamsDestination", reqReal, &reply); err != nil { + return result, err + } + + result.Value = &reply + result.Index = reply.QueryMeta.Index + return result, nil +} diff --git a/agent/cache-types/intention_upstreams_destination_test.go b/agent/cache-types/intention_upstreams_destination_test.go new file mode 100644 index 000000000..7aa2d02ef --- /dev/null +++ b/agent/cache-types/intention_upstreams_destination_test.go @@ -0,0 +1,52 @@ +package cachetype + +import ( + "testing" + "time" + + "github.com/hashicorp/consul/agent/cache" + "github.com/hashicorp/consul/agent/structs" + "github.com/stretchr/testify/mock" + "github.com/stretchr/testify/require" +) + +func TestIntentionUpstreamsDestination(t *testing.T) { + rpc := TestRPC(t) + typ := &IntentionUpstreamsDestination{RPC: rpc} + + // Expect the proper RPC call. This also sets the expected value + // since that is return-by-pointer in the arguments. + var resp *structs.IndexedServiceList + rpc.On("RPC", "Internal.IntentionUpstreamsDestination", mock.Anything, mock.Anything).Return(nil). + Run(func(args mock.Arguments) { + req := args.Get(1).(*structs.ServiceSpecificRequest) + require.Equal(t, uint64(24), req.QueryOptions.MinQueryIndex) + require.Equal(t, 1*time.Second, req.QueryOptions.MaxQueryTime) + require.True(t, req.AllowStale) + require.Equal(t, "foo", req.ServiceName) + + services := structs.ServiceList{ + {Name: "foo"}, + } + reply := args.Get(2).(*structs.IndexedServiceList) + reply.Services = services + reply.QueryMeta.Index = 48 + resp = reply + }) + + // Fetch + resultA, err := typ.Fetch(cache.FetchOptions{ + MinIndex: 24, + Timeout: 1 * time.Second, + }, &structs.ServiceSpecificRequest{ + Datacenter: "dc1", + ServiceName: "foo", + }) + require.NoError(t, err) + require.Equal(t, cache.FetchResult{ + Value: resp, + Index: 48, + }, resultA) + + rpc.AssertExpectations(t) +} diff --git a/agent/consul/helper_test.go b/agent/consul/helper_test.go index 807bb8be2..75048b913 100644 --- a/agent/consul/helper_test.go +++ b/agent/consul/helper_test.go @@ -1307,7 +1307,7 @@ func registerIntentionUpstreamEntries(t *testing.T, codec rpc.ClientCodec, token } registerTestCatalogEntriesMap(t, codec, registrations) - // Add intentions: deny all and web -> api + // Add intentions: deny all and web -> api and web -> api.example.com entries := []structs.ConfigEntryRequest{ { Datacenter: "dc1", @@ -1323,6 +1323,20 @@ func registerIntentionUpstreamEntries(t *testing.T, codec rpc.ClientCodec, token }, WriteRequest: structs.WriteRequest{Token: token}, }, + { + Datacenter: "dc1", + Entry: &structs.ServiceIntentionsConfigEntry{ + Kind: structs.ServiceIntentions, + Name: "api.example.com", + Sources: []*structs.SourceIntention{ + { + Name: "web", + Action: structs.IntentionActionAllow, + }, + }, + }, + WriteRequest: structs.WriteRequest{Token: token}, + }, { Datacenter: "dc1", Entry: &structs.ServiceIntentionsConfigEntry{ @@ -1342,4 +1356,36 @@ func registerIntentionUpstreamEntries(t *testing.T, codec rpc.ClientCodec, token var out bool require.NoError(t, msgpackrpc.CallWithCodec(codec, "ConfigEntry.Apply", &req, &out)) } + + // Add destinations + dests := []structs.ConfigEntryRequest{ + { + Datacenter: "dc1", + Entry: &structs.ServiceConfigEntry{ + Kind: structs.ServiceDefaults, + Name: "api.example.com", + Destination: &structs.DestinationConfig{ + Address: "api.example.com", + Port: 443, + }, + }, + WriteRequest: structs.WriteRequest{Token: token}, + }, + { + Datacenter: "dc1", + Entry: &structs.ServiceConfigEntry{ + Kind: structs.ServiceDefaults, + Name: "kafka.store.com", + Destination: &structs.DestinationConfig{ + Address: "172.168.2.1", + Port: 9003, + }, + }, + WriteRequest: structs.WriteRequest{Token: token}, + }, + } + for _, req := range dests { + var out bool + require.NoError(t, msgpackrpc.CallWithCodec(codec, "ConfigEntry.Apply", &req, &out)) + } } diff --git a/agent/consul/internal_endpoint.go b/agent/consul/internal_endpoint.go index 113abd2dd..f1fda470f 100644 --- a/agent/consul/internal_endpoint.go +++ b/agent/consul/internal_endpoint.go @@ -224,6 +224,27 @@ func (m *Internal) IntentionUpstreams(args *structs.ServiceSpecificRequest, repl if done, err := m.srv.ForwardRPC("Internal.IntentionUpstreams", args, reply); done { return err } + return m.internalUpstreams(args, reply, structs.IntentionTargetService) +} + +// IntentionUpstreamsDestination returns the upstreams of a service. Upstreams are inferred from intentions. +// If intentions allow a connection from the target to some candidate destination, the candidate destination is considered +// an upstream of the target.this is performs the same logic as IntentionUpstreams endpoint but for destination upstreams only. +func (m *Internal) IntentionUpstreamsDestination(args *structs.ServiceSpecificRequest, reply *structs.IndexedServiceList) error { + // Exit early if Connect hasn't been enabled. + if !m.srv.config.ConnectEnabled { + return ErrConnectNotEnabled + } + if args.ServiceName == "" { + return fmt.Errorf("Must provide a service name") + } + if done, err := m.srv.ForwardRPC("Internal.IntentionUpstreamsDestination", args, reply); done { + return err + } + return m.internalUpstreams(args, reply, structs.IntentionTargetDestination) +} + +func (m *Internal) internalUpstreams(args *structs.ServiceSpecificRequest, reply *structs.IndexedServiceList, intentionTarget structs.IntentionTargetType) error { authz, err := m.srv.ResolveTokenAndDefaultMeta(args.Token, &args.EnterpriseMeta, nil) if err != nil { @@ -244,7 +265,7 @@ func (m *Internal) IntentionUpstreams(args *structs.ServiceSpecificRequest, repl defaultDecision := authz.IntentionDefaultAllow(nil) sn := structs.NewServiceName(args.ServiceName, &args.EnterpriseMeta) - index, services, err := state.IntentionTopology(ws, sn, false, defaultDecision) + index, services, err := state.IntentionTopology(ws, sn, false, defaultDecision, intentionTarget) if err != nil { return err } @@ -272,7 +293,7 @@ func (m *Internal) IntentionUpstreams(args *structs.ServiceSpecificRequest, repl }) } -// GatewayServiceNodes returns all the nodes for services associated with a gateway along with their gateway config +// GatewayServiceDump returns all the nodes for services associated with a gateway along with their gateway config func (m *Internal) GatewayServiceDump(args *structs.ServiceSpecificRequest, reply *structs.IndexedServiceDump) error { if done, err := m.srv.ForwardRPC("Internal.GatewayServiceDump", args, reply); done { return err @@ -350,7 +371,7 @@ func (m *Internal) GatewayServiceDump(args *structs.ServiceSpecificRequest, repl return err } -// Match returns the set of intentions that match the given source/destination. +// GatewayIntentions Match returns the set of intentions that match the given source/destination. func (m *Internal) GatewayIntentions(args *structs.IntentionQueryRequest, reply *structs.IndexedIntentions) error { // Forward if necessary if done, err := m.srv.ForwardRPC("Internal.GatewayIntentions", args, reply); done { diff --git a/agent/consul/internal_endpoint_test.go b/agent/consul/internal_endpoint_test.go index 9354b4f66..3737f3a08 100644 --- a/agent/consul/internal_endpoint_test.go +++ b/agent/consul/internal_endpoint_test.go @@ -2323,6 +2323,50 @@ func TestInternal_IntentionUpstreams(t *testing.T) { }) } +func TestInternal_IntentionUpstreamsDestination(t *testing.T) { + if testing.Short() { + t.Skip("too slow for testing.Short") + } + + t.Parallel() + dir1, s1 := testServer(t) + defer os.RemoveAll(dir1) + defer s1.Shutdown() + + testrpc.WaitForLeader(t, s1.RPC, "dc1") + + codec := rpcClient(t, s1) + defer codec.Close() + + // Services: + // api and api-proxy on node foo + // web and web-proxy on node foo + // + // Intentions + // * -> * (deny) intention + // web -> api (allow) + registerIntentionUpstreamEntries(t, codec, "") + + t.Run("api.example.com", func(t *testing.T) { + retry.Run(t, func(r *retry.R) { + args := structs.ServiceSpecificRequest{ + Datacenter: "dc1", + ServiceName: "web", + } + var out structs.IndexedServiceList + require.NoError(r, msgpackrpc.CallWithCodec(codec, "Internal.IntentionUpstreamsDestination", &args, &out)) + + // foo/api + require.Len(r, out.Services, 1) + + expectUp := structs.ServiceList{ + structs.NewServiceName("api.example.com", structs.DefaultEnterpriseMetaInDefaultPartition()), + } + require.Equal(r, expectUp, out.Services) + }) + }) +} + func TestInternal_IntentionUpstreams_BlockOnNoChange(t *testing.T) { if testing.Short() { t.Skip("too slow for testing.Short") diff --git a/agent/consul/state/catalog.go b/agent/consul/state/catalog.go index ee1623956..d76f87bf6 100644 --- a/agent/consul/state/catalog.go +++ b/agent/consul/state/catalog.go @@ -3975,7 +3975,7 @@ func (s *Store) ServiceTopology( // Only transparent proxies / connect native services have upstreams from intentions if hasTransparent || connectNative { - idx, intentionUpstreams, err := s.intentionTopologyTxn(tx, ws, sn, false, defaultAllow) + idx, intentionUpstreams, err := s.intentionTopologyTxn(tx, ws, sn, false, defaultAllow, structs.IntentionTargetService) if err != nil { return 0, nil, err } @@ -4092,7 +4092,7 @@ func (s *Store) ServiceTopology( downstreamSources[dn.String()] = structs.TopologySourceRegistration } - idx, intentionDownstreams, err := s.intentionTopologyTxn(tx, ws, sn, true, defaultAllow) + idx, intentionDownstreams, err := s.intentionTopologyTxn(tx, ws, sn, true, defaultAllow, structs.IntentionTargetService) if err != nil { return 0, nil, err } diff --git a/agent/consul/state/config_entry_intention.go b/agent/consul/state/config_entry_intention.go index bd539489a..ebbc9e7b7 100644 --- a/agent/consul/state/config_entry_intention.go +++ b/agent/consul/state/config_entry_intention.go @@ -299,7 +299,8 @@ func readSourceIntentionsFromConfigEntriesForServiceTxn( results = append(results, entry.ToIntention(src)) } case structs.IntentionTargetDestination: - if kind == structs.GatewayServiceKindDestination { + // wildcard is needed here to be able to consider destinations in the wildcard intentions + if kind == structs.GatewayServiceKindDestination || entry.HasWildcardDestination() { results = append(results, entry.ToIntention(src)) } default: diff --git a/agent/consul/state/intention.go b/agent/consul/state/intention.go index 89f7304f6..cff5ed353 100644 --- a/agent/consul/state/intention.go +++ b/agent/consul/state/intention.go @@ -957,11 +957,12 @@ func (s *Store) IntentionTopology( target structs.ServiceName, downstreams bool, defaultDecision acl.EnforcementDecision, + intentionTarget structs.IntentionTargetType, ) (uint64, structs.ServiceList, error) { tx := s.db.ReadTxn() defer tx.Abort() - idx, services, err := s.intentionTopologyTxn(tx, ws, target, downstreams, defaultDecision) + idx, services, err := s.intentionTopologyTxn(tx, ws, target, downstreams, defaultDecision, intentionTarget) if err != nil { requested := "upstreams" if downstreams { @@ -982,6 +983,7 @@ func (s *Store) intentionTopologyTxn( target structs.ServiceName, downstreams bool, defaultDecision acl.EnforcementDecision, + intentionTarget structs.IntentionTargetType, ) (uint64, []ServiceWithDecision, error) { var maxIdx uint64 @@ -998,7 +1000,7 @@ func (s *Store) intentionTopologyTxn( Partition: target.PartitionOrDefault(), Name: target.Name, } - index, intentions, err := compatIntentionMatchOneTxn(tx, ws, entry, intentionMatchType, structs.IntentionTargetService) + index, intentions, err := compatIntentionMatchOneTxn(tx, ws, entry, intentionMatchType, intentionTarget) if err != nil { return 0, nil, fmt.Errorf("failed to query intentions for %s", target.String()) } @@ -1010,7 +1012,13 @@ func (s *Store) intentionTopologyTxn( // Ideally those should be excluded as well, since they can't be upstreams/downstreams without a proxy. // Maybe narrow serviceNamesOfKindTxn to services represented by proxies? (ingress, sidecar- wildcardMeta := structs.WildcardEnterpriseMetaInPartition(structs.WildcardSpecifier) - index, services, err := serviceNamesOfKindTxn(tx, ws, structs.ServiceKindTypical, *wildcardMeta) + var services []*KindServiceName + if intentionTarget == structs.IntentionTargetService { + index, services, err = serviceNamesOfKindTxn(tx, ws, structs.ServiceKindTypical, *wildcardMeta) + } else { + // destinations can only ever be upstream, since they are only allowed as intention destination. + index, services, err = serviceNamesOfKindTxn(tx, ws, structs.ServiceKindDestination, *wildcardMeta) + } if err != nil { return index, nil, fmt.Errorf("failed to list ingress service names: %v", err) } @@ -1028,16 +1036,6 @@ func (s *Store) intentionTopologyTxn( maxIdx = index } services = append(services, ingress...) - } else { - // destinations can only ever be upstream, since they are only allowed as intention destination. - index, destinations, err := serviceNamesOfKindTxn(tx, ws, structs.ServiceKindDestination, *wildcardMeta) - if err != nil { - return index, nil, fmt.Errorf("failed to list destination names: %v", err) - } - if index > maxIdx { - maxIdx = index - } - services = append(services, destinations...) } // When checking authorization to upstreams, the match type for the decision is `destination` because we are deciding diff --git a/agent/consul/state/intention_test.go b/agent/consul/state/intention_test.go index 4a369d166..18ba63914 100644 --- a/agent/consul/state/intention_test.go +++ b/agent/consul/state/intention_test.go @@ -2185,7 +2185,197 @@ func TestStore_IntentionTopology(t *testing.T) { idx++ } - idx, got, err := s.IntentionTopology(nil, tt.target, tt.downstreams, tt.defaultDecision) + idx, got, err := s.IntentionTopology(nil, tt.target, tt.downstreams, tt.defaultDecision, structs.IntentionTargetService) + require.NoError(t, err) + require.Equal(t, tt.expect.idx, idx) + + // ServiceList is from a map, so it is not deterministically sorted + sort.Slice(got, func(i, j int) bool { + return got[i].String() < got[j].String() + }) + require.Equal(t, tt.expect.services, got) + }) + } +} + +func TestStore_IntentionTopology_Destination(t *testing.T) { + node := structs.Node{ + Node: "foo", + Address: "127.0.0.1", + } + + services := []structs.NodeService{ + { + ID: structs.ConsulServiceID, + Service: structs.ConsulServiceName, + EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(), + }, + { + ID: "web-1", + Service: "web", + EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(), + }, + { + ID: "mysql-1", + Service: "mysql", + EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(), + }, + } + destinations := []structs.ServiceConfigEntry{ + { + Name: "api.test.com", + Destination: &structs.DestinationConfig{}, + EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(), + }, + { + Name: "kafka.store.org", + Destination: &structs.DestinationConfig{}, + EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(), + }, + } + + type expect struct { + idx uint64 + services structs.ServiceList + } + tests := []struct { + name string + defaultDecision acl.EnforcementDecision + intentions []structs.ServiceIntentionsConfigEntry + target structs.ServiceName + downstreams bool + expect expect + }{ + { + name: "(upstream) acl allow all but intentions deny one, destination target", + defaultDecision: acl.Allow, + intentions: []structs.ServiceIntentionsConfigEntry{ + { + Kind: structs.ServiceIntentions, + Name: "api.test.com", + Sources: []*structs.SourceIntention{ + { + Name: "web", + Action: structs.IntentionActionDeny, + }, + }, + }, + }, + target: structs.NewServiceName("web", nil), + downstreams: false, + expect: expect{ + idx: 7, + services: structs.ServiceList{ + { + Name: "kafka.store.org", + EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(), + }, + }, + }, + }, + { + name: "(upstream) acl deny all intentions allow one, destination target", + defaultDecision: acl.Deny, + intentions: []structs.ServiceIntentionsConfigEntry{ + { + Kind: structs.ServiceIntentions, + Name: "kafka.store.org", + Sources: []*structs.SourceIntention{ + { + Name: "web", + Action: structs.IntentionActionAllow, + }, + }, + }, + }, + target: structs.NewServiceName("web", nil), + downstreams: false, + expect: expect{ + idx: 7, + services: structs.ServiceList{ + { + Name: "kafka.store.org", + EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(), + }, + }, + }, + }, + { + name: "(upstream) acl deny all check only destinations show, service target", + defaultDecision: acl.Deny, + intentions: []structs.ServiceIntentionsConfigEntry{ + { + Kind: structs.ServiceIntentions, + Name: "api", + Sources: []*structs.SourceIntention{ + { + Name: "web", + Action: structs.IntentionActionAllow, + }, + }, + }, + }, + target: structs.NewServiceName("web", nil), + downstreams: false, + expect: expect{ + idx: 7, + services: structs.ServiceList{}, + }, + }, + { + name: "(upstream) acl allow all check only destinations show, service target", + defaultDecision: acl.Allow, + intentions: []structs.ServiceIntentionsConfigEntry{ + { + Kind: structs.ServiceIntentions, + Name: "api", + Sources: []*structs.SourceIntention{ + { + Name: "web", + Action: structs.IntentionActionAllow, + }, + }, + }, + }, + target: structs.NewServiceName("web", nil), + downstreams: false, + expect: expect{ + idx: 7, + services: structs.ServiceList{ + { + Name: "api.test.com", + EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(), + }, + { + Name: "kafka.store.org", + EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(), + }, + }, + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + s := testConfigStateStore(t) + + var idx uint64 = 1 + require.NoError(t, s.EnsureNode(idx, &node)) + idx++ + + for _, svc := range services { + require.NoError(t, s.EnsureService(idx, "foo", &svc)) + idx++ + } + for _, d := range destinations { + require.NoError(t, s.EnsureConfigEntry(idx, &d)) + idx++ + } + for _, ixn := range tt.intentions { + require.NoError(t, s.EnsureConfigEntry(idx, &ixn)) + idx++ + } + + idx, got, err := s.IntentionTopology(nil, tt.target, tt.downstreams, tt.defaultDecision, structs.IntentionTargetDestination) require.NoError(t, err) require.Equal(t, tt.expect.idx, idx) @@ -2211,7 +2401,7 @@ func TestStore_IntentionTopology_Watches(t *testing.T) { target := structs.NewServiceName("web", structs.DefaultEnterpriseMetaInDefaultPartition()) ws := memdb.NewWatchSet() - index, got, err := s.IntentionTopology(ws, target, false, acl.Deny) + index, got, err := s.IntentionTopology(ws, target, false, acl.Deny, structs.IntentionTargetService) require.NoError(t, err) require.Equal(t, uint64(0), index) require.Empty(t, got) @@ -2233,7 +2423,7 @@ func TestStore_IntentionTopology_Watches(t *testing.T) { // Reset the WatchSet ws = memdb.NewWatchSet() - index, got, err = s.IntentionTopology(ws, target, false, acl.Deny) + index, got, err = s.IntentionTopology(ws, target, false, acl.Deny, structs.IntentionTargetService) require.NoError(t, err) require.Equal(t, uint64(2), index) require.Empty(t, got) @@ -2255,7 +2445,7 @@ func TestStore_IntentionTopology_Watches(t *testing.T) { // require.False(t, watchFired(ws)) // Result should not have changed - index, got, err = s.IntentionTopology(ws, target, false, acl.Deny) + index, got, err = s.IntentionTopology(ws, target, false, acl.Deny, structs.IntentionTargetService) require.NoError(t, err) require.Equal(t, uint64(3), index) require.Empty(t, got) @@ -2270,7 +2460,7 @@ func TestStore_IntentionTopology_Watches(t *testing.T) { require.True(t, watchFired(ws)) // Reset the WatchSet - index, got, err = s.IntentionTopology(nil, target, false, acl.Deny) + index, got, err = s.IntentionTopology(nil, target, false, acl.Deny, structs.IntentionTargetService) require.NoError(t, err) require.Equal(t, uint64(4), index) From 00cdae18d513ec16b1f1cd0d47d7884faf5aa5d6 Mon Sep 17 00:00:00 2001 From: Mike Morris Date: Tue, 7 Jun 2022 16:17:45 -0400 Subject: [PATCH 465/785] Update website/content/docs/api-gateway/consul-api-gateway-install.mdx Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> --- website/content/docs/api-gateway/consul-api-gateway-install.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/content/docs/api-gateway/consul-api-gateway-install.mdx b/website/content/docs/api-gateway/consul-api-gateway-install.mdx index 6aed5da1d..00938dff2 100644 --- a/website/content/docs/api-gateway/consul-api-gateway-install.mdx +++ b/website/content/docs/api-gateway/consul-api-gateway-install.mdx @@ -268,7 +268,7 @@ Refer to the [Kubernetes Gateway API documentation](https://gateway-api.sigs.k8s #### Scaling -A logical gateway object can be scaled to multiple instances within the bounds set in its associated GatewayClassConfig by using the [`kubectl scale`](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#scaling-a-deployment) command. +You can scale a logical gateway object to multiple instances with the [`kubectl scale`](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#scaling-a-deployment) command. The object scales according to the bounds set in GatewayClassConfig. ``` $ kubectl get deployment --selector api-gateway.consul.hashicorp.com/name=example-gateway From 24ca62ef1c0bdc7795904aefb98e7772b7a559d9 Mon Sep 17 00:00:00 2001 From: Mike Morris Date: Tue, 7 Jun 2022 16:24:35 -0400 Subject: [PATCH 466/785] Update website/content/docs/api-gateway/consul-api-gateway-install.mdx Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> --- website/content/docs/api-gateway/consul-api-gateway-install.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/content/docs/api-gateway/consul-api-gateway-install.mdx b/website/content/docs/api-gateway/consul-api-gateway-install.mdx index 00938dff2..74fd062b0 100644 --- a/website/content/docs/api-gateway/consul-api-gateway-install.mdx +++ b/website/content/docs/api-gateway/consul-api-gateway-install.mdx @@ -168,7 +168,7 @@ The following table describes the allowed parameters for the `spec` array: | `consul.ports.http` | Specifies the port for Consul's HTTP server. | Integer | `8500` | | `consul.scheme` | Specifies the scheme to use for connecting to Consul. The supported values are `"http"` and `"https"`. | String | `"http"` | | `copyAnnotations.service` | List of annotations to copy to the gateway service. | Array | `["external-dns.alpha.kubernetes.io/hostname"]` | -| `deployment.defaultInstances` | Specifies the number of instances per gateway that should be deployed by default. | Integer | 1 | +| `deployment.defaultInstances` | Specifies the number of instances to deploy by default for each gateway. | Integer | 1 | | `deployment.maxInstances` | Specifies the maximum allowed number of instances per gateway. | Integer | 8 | | `deployment.minInstances` | Specifies the minimum allowed number of instances per gateway. | Integer | 1 | | `image.consulAPIGateway` | The image to use for consul-api-gateway. View available image tags on [DockerHub](https://hub.docker.com/r/hashicorp/consul-api-gateway/tags). | String | `"hashicorp/consul-api-gateway:RELEASE_VERSION"` | From bf647bc9d2ff03ac2f182efd50d95d7c1621cde2 Mon Sep 17 00:00:00 2001 From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com> Date: Tue, 7 Jun 2022 16:29:09 -0500 Subject: [PATCH 467/785] peering: avoid a race between peering establishment and termination (#13389) --- agent/consul/client_test.go | 2 +- agent/consul/leader_peering.go | 37 ++++++++++++++++++++++++++++++++-- proto/pbpeering/peering.go | 4 ++++ 3 files changed, 40 insertions(+), 3 deletions(-) diff --git a/agent/consul/client_test.go b/agent/consul/client_test.go index d8f0fbd4d..5c35e3f33 100644 --- a/agent/consul/client_test.go +++ b/agent/consul/client_test.go @@ -510,7 +510,7 @@ func newDefaultDeps(t *testing.T, c *Config) Deps { logger := hclog.NewInterceptLogger(&hclog.LoggerOptions{ Name: c.NodeName, - Level: hclog.Trace, + Level: testutil.TestLogLevel, Output: testutil.NewLogBuffer(t), }) diff --git a/agent/consul/leader_peering.go b/agent/consul/leader_peering.go index c0f69b168..41736e3d0 100644 --- a/agent/consul/leader_peering.go +++ b/agent/consul/leader_peering.go @@ -8,7 +8,6 @@ import ( "fmt" "net" - "github.com/hashicorp/consul/agent/rpc/peering" "github.com/hashicorp/go-hclog" "github.com/hashicorp/go-memdb" "github.com/hashicorp/go-multierror" @@ -17,6 +16,7 @@ import ( "google.golang.org/grpc/credentials" "github.com/hashicorp/consul/agent/pool" + "github.com/hashicorp/consul/agent/rpc/peering" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/proto/pbpeering" ) @@ -50,6 +50,39 @@ func (s *Server) stopPeeringStreamSync() { // syncPeeringsAndBlock is a long-running goroutine that is responsible for watching // changes to peerings in the state store and managing streams to those peers. func (s *Server) syncPeeringsAndBlock(ctx context.Context, logger hclog.Logger, cancelFns map[string]context.CancelFunc) error { + // We have to be careful not to introduce a data race here. We want to + // compare the current known peerings in the state store with known + // connected streams to know when we should TERMINATE stray peerings. + // + // If you read the current peerings from the state store, then read the + // current established streams you could lose the data race and have the + // sequence of events be: + // + // 1. list peerings [A,B,C] + // 2. persist new peering [D] + // 3. accept new stream for [D] + // 4. list streams [A,B,C,D] + // 5. terminate [D] + // + // Which is wrong. If we instead ensure that (4) happens before (1), given + // that you can't get an established stream without first passing a "does + // this peering exist in the state store?" inquiry then this happens: + // + // 1. list streams [A,B,C] + // 2. list peerings [A,B,C] + // 3. persist new peering [D] + // 4. accept new stream for [D] + // 5. terminate [] + // + // Or even this is fine: + // + // 1. list streams [A,B,C] + // 2. persist new peering [D] + // 3. accept new stream for [D] + // 4. list peerings [A,B,C,D] + // 5. terminate [] + connectedStreams := s.peeringService.ConnectedStreams() + state := s.fsm.State() // Pull the state store contents and set up to block for changes. @@ -121,7 +154,7 @@ func (s *Server) syncPeeringsAndBlock(ctx context.Context, logger hclog.Logger, // Clean up active streams of peerings that were deleted from the state store. // TODO(peering): This is going to trigger shutting down peerings we generated a token for. Is that OK? - for stream, doneCh := range s.peeringService.ConnectedStreams() { + for stream, doneCh := range connectedStreams { if _, ok := stored[stream]; ok { // Active stream is in the state store, nothing to do. continue diff --git a/proto/pbpeering/peering.go b/proto/pbpeering/peering.go index 4c4265021..e52affe4a 100644 --- a/proto/pbpeering/peering.go +++ b/proto/pbpeering/peering.go @@ -93,6 +93,10 @@ func (x ReplicationMessage_Response_Operation) GoString() string { return x.String() } +func (x PeeringState) GoString() string { + return x.String() +} + func (r *TrustBundleReadRequest) CacheInfo() cache.RequestInfo { info := cache.RequestInfo{ // TODO(peering): Revisit whether this is the token to use once request types accept a token. From 744265f028e7b3c593fabf4503a87f6a0046bea9 Mon Sep 17 00:00:00 2001 From: Daniel Kimsey Date: Tue, 10 May 2022 09:59:03 -0500 Subject: [PATCH 468/785] Update go-grpc/grpc to resolve conection memory leak Reported in #12288 The initial test reported was ported and accurately reproduced the issue. However, since it is a test of an upstream library's internal behavior it won't be codified in our test suite. Refer to the ticket/PR for details on how to demonstrate the behavior. --- .changelog/13051.txt | 3 +++ go.mod | 2 +- go.sum | 4 +++- 3 files changed, 7 insertions(+), 2 deletions(-) create mode 100644 .changelog/13051.txt diff --git a/.changelog/13051.txt b/.changelog/13051.txt new file mode 100644 index 000000000..61a7db951 --- /dev/null +++ b/.changelog/13051.txt @@ -0,0 +1,3 @@ +```release-note:bug +deps: Update go-grpc/grpc, resolving connection memory leak +``` diff --git a/go.mod b/go.mod index 96f2f8478..0f71dff66 100644 --- a/go.mod +++ b/go.mod @@ -80,7 +80,7 @@ require ( golang.org/x/sys v0.0.0-20220412211240-33da011f77ad golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e google.golang.org/genproto v0.0.0-20200623002339-fbb79eadd5eb - google.golang.org/grpc v1.36.0 + google.golang.org/grpc v1.37.1 google.golang.org/protobuf v1.27.1 gopkg.in/square/go-jose.v2 v2.5.1 gotest.tools/v3 v3.0.3 diff --git a/go.sum b/go.sum index 7467ff229..722d90784 100644 --- a/go.sum +++ b/go.sum @@ -165,6 +165,7 @@ github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymF github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= +github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/go-control-plane v0.10.1 h1:cgDRLG7bs59Zd+apAWuzLQL95obVYAymNJek76W3mgw= github.com/envoyproxy/go-control-plane v0.10.1/go.mod h1:AY7fTTXNdv/aJ2O5jwpxAPOWUZ7hQAEvzN5Pf27BkQQ= github.com/envoyproxy/protoc-gen-validate v0.1.0 h1:EQciDnbrYxy13PgWoY8AqoxGiPrpgBZ1R8UNe3ddc+A= @@ -924,8 +925,9 @@ google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8 google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60= google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0= -google.golang.org/grpc v1.36.0 h1:o1bcQ6imQMIOpdrO3SWf2z5RV72WbDwdXuK0MDlc8As= google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= +google.golang.org/grpc v1.37.1 h1:ARnQJNWxGyYJpdf/JXscNlQr/uv607ZPU9Z7ogHi+iI= +google.golang.org/grpc v1.37.1/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= From 80556c9ffc6909105974b3278faa05bc1c73b6c3 Mon Sep 17 00:00:00 2001 From: Dhia Ayachi Date: Wed, 8 Jun 2022 10:38:55 -0400 Subject: [PATCH 469/785] Fix intentions wildcard dest (#13397) * when enterprise meta are wildcard assume it's a service intention * fix partition and namespace * move kind outside the loops * get the kind check outside the loop and add a comment Co-authored-by: github-team-consul-core --- agent/consul/state/config_entry_intention.go | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/agent/consul/state/config_entry_intention.go b/agent/consul/state/config_entry_intention.go index ebbc9e7b7..4f1a883c0 100644 --- a/agent/consul/state/config_entry_intention.go +++ b/agent/consul/state/config_entry_intention.go @@ -286,13 +286,18 @@ func readSourceIntentionsFromConfigEntriesForServiceTxn( for v := iter.Next(); v != nil; v = iter.Next() { entry := v.(*structs.ServiceIntentionsConfigEntry) + entMeta := entry.DestinationServiceName().EnterpriseMeta + // if we have a wildcard namespace or partition assume we are querying a service intention + // as destination intentions will never be queried as wildcard + kind := structs.GatewayServiceKindService + if entMeta.NamespaceOrDefault() != acl.WildcardName && entMeta.PartitionOrDefault() != acl.WildcardName { + kind, err = GatewayServiceKind(tx, entry.DestinationServiceName().Name, &entMeta) + if err != nil { + return nil, err + } + } for _, src := range entry.Sources { if src.SourceServiceName() == sn { - entMeta := entry.DestinationServiceName().EnterpriseMeta - kind, err := GatewayServiceKind(tx, entry.DestinationServiceName().Name, &entMeta) - if err != nil { - return nil, err - } switch targetType { case structs.IntentionTargetService: if kind == structs.GatewayServiceKindService || kind == structs.GatewayServiceKindUnknown { From f58fca2048d58aeb233f064e617eabf1b9b84b21 Mon Sep 17 00:00:00 2001 From: Michael Klein Date: Wed, 8 Jun 2022 17:07:51 +0200 Subject: [PATCH 470/785] ui: upgrade ember composable helper (#13394) Upgrade ember-composable-helpers to version 5.x. This version contains the pick-helper which makes composition in the template layer easier with Octane. {{!-- this is usually hard to do with Octane --}} Version 5.x also fixes a regression with sort-by that according to @johncowen was the reason why the version was pinned to 4.0.0 at the moment. Version 5 of ember-composable-helpers removes the contains-helper in favor of includes which I changed all occurences for. --- .changelog/13394.txt | 3 +++ .../consul/lock-session/notifications/README.mdx | 2 +- .../components/consul/nspace/search-bar/index.hbs | 2 +- .../consul/partition/search-bar/index.hbs | 2 +- .../consul/auth-method/search-bar/index.hbs | 10 +++++----- .../consul/health-check/search-bar/index.hbs | 8 ++++---- .../consul/intention/permission/form/index.hbs | 2 +- .../consul/intention/search-bar/index.hbs | 4 ++-- .../app/components/consul/kv/search-bar/index.hbs | 4 ++-- .../components/consul/node/search-bar/index.hbs | 4 ++-- .../components/consul/policy/search-bar/index.hbs | 6 +++--- .../components/consul/role/search-bar/index.hbs | 2 +- .../app/components/consul/server/card/index.hbs | 4 ++-- .../consul/service-instance/search-bar/index.hbs | 6 +++--- .../components/consul/service/search-bar/index.hbs | 14 +++++++------- .../components/consul/token/search-bar/index.hbs | 4 ++-- .../consul/upstream-instance/search-bar/index.hbs | 2 +- .../consul/upstream/search-bar/index.hbs | 4 ++-- .../app/components/disclosure-menu/menu/index.hbs | 2 +- .../app/components/form-group/element/index.hbs | 2 +- .../consul-ui/app/components/policy-form/index.hbs | 2 +- .../consul-ui/app/styles/base/icons/README.mdx | 2 +- .../consul-ui/app/templates/application.hbs | 2 +- .../app/templates/dc/services/show/topology.hbs | 2 +- ui/packages/consul-ui/package.json | 2 +- ui/yarn.lock | 14 +++++++------- 26 files changed, 57 insertions(+), 54 deletions(-) create mode 100644 .changelog/13394.txt diff --git a/.changelog/13394.txt b/.changelog/13394.txt new file mode 100644 index 000000000..c00759f44 --- /dev/null +++ b/.changelog/13394.txt @@ -0,0 +1,3 @@ +```release-note:improvement +ui: upgrade ember-composable-helpers to v5.x +``` diff --git a/ui/packages/consul-lock-sessions/app/components/consul/lock-session/notifications/README.mdx b/ui/packages/consul-lock-sessions/app/components/consul/lock-session/notifications/README.mdx index 6d90f0fff..07ee84b1c 100644 --- a/ui/packages/consul-lock-sessions/app/components/consul/lock-session/notifications/README.mdx +++ b/ui/packages/consul-lock-sessions/app/components/consul/lock-session/notifications/README.mdx @@ -30,7 +30,7 @@ A Notification component specifically for LockSessions. {{#let components.Optgroup components.Option as |Optgroup Option|}} {{#each @filter.searchproperty.default as |prop|}} - {{/each}} diff --git a/ui/packages/consul-partitions/app/components/consul/partition/search-bar/index.hbs b/ui/packages/consul-partitions/app/components/consul/partition/search-bar/index.hbs index 1d2999c9b..b0f15ec30 100644 --- a/ui/packages/consul-partitions/app/components/consul/partition/search-bar/index.hbs +++ b/ui/packages/consul-partitions/app/components/consul/partition/search-bar/index.hbs @@ -55,7 +55,7 @@ as |key value|}} {{#let components.Optgroup components.Option as |Optgroup Option|}} {{#each @filter.searchproperty.default as |prop|}} - {{/each}} diff --git a/ui/packages/consul-ui/app/components/consul/auth-method/search-bar/index.hbs b/ui/packages/consul-ui/app/components/consul/auth-method/search-bar/index.hbs index ec8b98336..be122a1d8 100644 --- a/ui/packages/consul-ui/app/components/consul/auth-method/search-bar/index.hbs +++ b/ui/packages/consul-ui/app/components/consul/auth-method/search-bar/index.hbs @@ -55,7 +55,7 @@ as |key value|}} {{#let components.Optgroup components.Option as |Optgroup Option|}} {{#each @filter.searchproperty.default as |prop|}} - {{/each}} @@ -78,10 +78,10 @@ as |key value|}} {{#let components.Optgroup components.Option as |Optgroup Option|}} - - + + {{#if (env 'CONSUL_SSO_ENABLED')}} - + {{/if}} {{/let}} @@ -100,7 +100,7 @@ as |key value|}} {{#let components.Optgroup components.Option as |Optgroup Option|}} {{#each (array "local" "global") as |option|}} - {{/each}} diff --git a/ui/packages/consul-ui/app/components/consul/health-check/search-bar/index.hbs b/ui/packages/consul-ui/app/components/consul/health-check/search-bar/index.hbs index 78392f665..9c784527a 100644 --- a/ui/packages/consul-ui/app/components/consul/health-check/search-bar/index.hbs +++ b/ui/packages/consul-ui/app/components/consul/health-check/search-bar/index.hbs @@ -55,7 +55,7 @@ as |key value|}} {{#let components.Optgroup components.Option as |Optgroup Option|}} {{#each @filter.searchproperty.default as |prop|}} - {{/each}} @@ -80,7 +80,7 @@ as |key value|}} {{#let components.Optgroup components.Option as |Optgroup Option|}} {{#each (array "passing" "warning" "critical" "empty") as |state|}} -
      diff --git a/ui/packages/consul-ui/app/templates/dc/acls/tokens/edit.hbs b/ui/packages/consul-ui/app/templates/dc/acls/tokens/edit.hbs index 111a1f345..e1f4c7929 100644 --- a/ui/packages/consul-ui/app/templates/dc/acls/tokens/edit.hbs +++ b/ui/packages/consul-ui/app/templates/dc/acls/tokens/edit.hbs @@ -91,11 +91,18 @@ as |dc partition nspace item create|}}
      AccessorID
      - {{item.AccessorID}} +
      Token
      - {{item.SecretID}} +
      {{#if (and (not (token/is-legacy item)) (not create))}}
      Scope
      diff --git a/ui/packages/consul-ui/tests/integration/components/secret-button-test.js b/ui/packages/consul-ui/tests/integration/components/secret-button-test.js deleted file mode 100644 index b0f0ee13b..000000000 --- a/ui/packages/consul-ui/tests/integration/components/secret-button-test.js +++ /dev/null @@ -1,33 +0,0 @@ -import { module, test } from 'qunit'; -import { setupRenderingTest } from 'ember-qunit'; -import { render, find } from '@ember/test-helpers'; -import hbs from 'htmlbars-inline-precompile'; - -module('Integration | Component | secret button', function(hooks) { - setupRenderingTest(hooks); - - test('it renders', async function(assert) { - // Set any properties with this.set('myProperty', 'value'); - // Handle any actions with this.on('myAction', function(val) { ... }); - - await render(hbs`{{secret-button}}`); - - assert.ok( - find('*') - .textContent.trim() - .indexOf('Reveal') !== -1 - ); - - // Template block usage: - await render(hbs` - {{#secret-button}} - {{/secret-button}} - `); - - assert.ok( - find('*') - .textContent.trim() - .indexOf('Reveal') !== -1 - ); - }); -}); From 8c0da8fdfb106ccae7acacabb45f464c52e11a9d Mon Sep 17 00:00:00 2001 From: John Cowen Date: Thu, 7 Jul 2022 18:23:26 +0100 Subject: [PATCH 707/785] ui: Peer Deletion (#13665) * ui: Peer Deletion (#13665) * ui: Add sorting peer listing by State (#13684) * ui: Add filtering peer listing by State (#13685) --- .../components/consul/peer/components.scss | 76 ++++++++ .../app/components/consul/peer/index.scss | 4 + .../components/consul/peer/list/README.mdx | 26 +++ .../app/components/consul/peer/list/index.hbs | 93 +++++++++ .../consul/peer/notifications/README.mdx | 19 ++ .../consul/peer/notifications/index.hbs | 16 ++ .../consul/peer/search-bar/index.hbs | 42 ++++ .../consul/peer/search-bar/index.scss | 24 +++ .../consul-ui/app/filter/predicates/peer.js | 10 + ui/packages/consul-ui/app/helpers/require.js | 13 +- ui/packages/consul-ui/app/models/peer.js | 13 ++ .../consul-ui/app/routes/dc/peers/index.js | 1 + .../app/services/data-sink/protocols/http.js | 11 +- ui/packages/consul-ui/app/services/filter.js | 2 + .../consul-ui/app/services/repository/peer.js | 26 +++ .../consul-ui/app/sort/comparators/peer.js | 25 ++- .../app/styles/base/icons/icons/index.scss | 4 +- .../consul-ui/app/styles/components.scss | 3 +- .../app/templates/dc/peers/index.hbs | 183 ++++++++---------- .../translations/components/consul/en-us.yaml | 16 ++ 20 files changed, 495 insertions(+), 112 deletions(-) create mode 100644 ui/packages/consul-ui/app/components/consul/peer/components.scss create mode 100644 ui/packages/consul-ui/app/components/consul/peer/index.scss create mode 100644 ui/packages/consul-ui/app/components/consul/peer/list/README.mdx create mode 100644 ui/packages/consul-ui/app/components/consul/peer/list/index.hbs create mode 100644 ui/packages/consul-ui/app/components/consul/peer/notifications/README.mdx create mode 100644 ui/packages/consul-ui/app/components/consul/peer/notifications/index.hbs create mode 100644 ui/packages/consul-ui/app/components/consul/peer/search-bar/index.scss create mode 100644 ui/packages/consul-ui/app/filter/predicates/peer.js diff --git a/ui/packages/consul-ui/app/components/consul/peer/components.scss b/ui/packages/consul-ui/app/components/consul/peer/components.scss new file mode 100644 index 000000000..d4fdbe081 --- /dev/null +++ b/ui/packages/consul-ui/app/components/consul/peer/components.scss @@ -0,0 +1,76 @@ +%pill-pending::before, +%pill-establishing::before, +%pill-active::before, +%pill-failing::before, +%pill-terminated::before, +%pill-deleting::before { + --icon-size: icon-000; + content: ''; +} +%pill-pending, +%pill-establishing, +%pill-active, +%pill-failing, +%pill-terminated, +%pill-deleting { + font-weight: var(--typo-weight-medium); + font-size: var(--typo-size-700); +} + +%pill-pending::before { + --icon-name: icon-running; + --icon-color: rgb(var(--tone-gray-800)); +} +%pill-pending { + background-color: rgb(var(--tone-strawberry-050)); + color: rgb(var(--tone-strawberry-500)); +} + +%pill-establishing::before { + --icon-name: icon-running; + --icon-color: rgb(var(--tone-gray-800)); +} +%pill-establishing { + background-color: rgb(var(--tone-blue-050)); + color: rgb(var(--tone-blue-500)); +} + +%pill-active::before { + --icon-name: icon-check; + --icon-color: rgb(var(--tone-green-800)); +} +%pill-active { + background-color: rgb(var(--tone-green-050)); + color: rgb(var(--tone-green-600)); +} + +%pill-failing::before { + --icon-name: icon-x; + --icon-color: rgb(var(--tone-red-500)); +} +%pill-failing { + background-color: rgb(var(--tone-red-050)); + color: rgb(var(--tone-red-500)); +} + +%pill-terminated::before { + --icon-name: icon-x-square; + --icon-color: rgb(var(--tone-gray-800)); +} +%pill-terminated { + background-color: rgb(var(--tone-gray-150)); + color: rgb(var(--tone-gray-800)); +} + + +%pill-deleting::before { + --icon-name: icon-loading; + --icon-color: rgb(var(--tone-green-800)); +} +%pill-deleting { + background-color: rgb(var(--tone-yellow-050)); + color: rgb(var(--tone-yellow-800)); +} + + + diff --git a/ui/packages/consul-ui/app/components/consul/peer/index.scss b/ui/packages/consul-ui/app/components/consul/peer/index.scss new file mode 100644 index 000000000..9fdaee0ec --- /dev/null +++ b/ui/packages/consul-ui/app/components/consul/peer/index.scss @@ -0,0 +1,4 @@ +@import './components'; + +@import './search-bar'; + diff --git a/ui/packages/consul-ui/app/components/consul/peer/list/README.mdx b/ui/packages/consul-ui/app/components/consul/peer/list/README.mdx new file mode 100644 index 000000000..f3a4694e5 --- /dev/null +++ b/ui/packages/consul-ui/app/components/consul/peer/list/README.mdx @@ -0,0 +1,26 @@ +# Consul::Peer::List + +A presentational component for rendering Consul Peers + +```hbs preview-template + + + +``` + + +## Arguments + +| Argument/Attribute | Type | Default | Description | +| --- | --- | --- | --- | +| `items` | `array` | | An array of Peers | +| `ondelete` | `function` | | An action to execute when the `Delete` action is clicked | + +## See + +- [Template Source Code](./index.hbs) + +--- diff --git a/ui/packages/consul-ui/app/components/consul/peer/list/index.hbs b/ui/packages/consul-ui/app/components/consul/peer/list/index.hbs new file mode 100644 index 000000000..249c5a976 --- /dev/null +++ b/ui/packages/consul-ui/app/components/consul/peer/list/index.hbs @@ -0,0 +1,93 @@ + + +{{#if (can 'delete peer' item=item)}} + + {{item.Name}} + +{{else}} +

      + {{item.Name}} +

      +{{/if}} +       + +
      + + +
      + {{t 'routes.dc.peers.index.detail.imported.count' + count=(format-number item.ImportedServiceCount) + }} +
      + +
      + {{t 'routes.dc.peers.index.detail.exported.count' + count=(format-number item.ExportedServiceCount) + }} +
      + +
      +       + +{{#if (can 'delete peer' item=item)}} + + + + + View + + + + + Delete + + + + + Confirm delete + + +

      + Are you sure you want to delete this peer? +

      +       + + + Delete + + +       +       +       +       +{{/if}} +       +       + diff --git a/ui/packages/consul-ui/app/components/consul/peer/notifications/README.mdx b/ui/packages/consul-ui/app/components/consul/peer/notifications/README.mdx new file mode 100644 index 000000000..a4a9fcc6d --- /dev/null +++ b/ui/packages/consul-ui/app/components/consul/peer/notifications/README.mdx @@ -0,0 +1,19 @@ +# Consul::Peer::Notifications + +A Notification component specifically for Peers. This is only a component as we currently use this in two places and if we need to add more types we can do so in one place. + +We currently one have one 'remove' type due to the fact that Peers can't use the default 'delete' notification as they get 'marked for deletion' instead. + +```hbs preview-template + +``` + + + +## See + +- [Template Source Code](./index.hbs) + +--- diff --git a/ui/packages/consul-ui/app/components/consul/peer/notifications/index.hbs b/ui/packages/consul-ui/app/components/consul/peer/notifications/index.hbs new file mode 100644 index 000000000..972c5c10e --- /dev/null +++ b/ui/packages/consul-ui/app/components/consul/peer/notifications/index.hbs @@ -0,0 +1,16 @@ +{{#if (eq @type 'remove')}} + + + Success! + + +

      + Your Peer has been marked for deletion. +

      +       +       +{{/if}} diff --git a/ui/packages/consul-ui/app/components/consul/peer/search-bar/index.hbs b/ui/packages/consul-ui/app/components/consul/peer/search-bar/index.hbs index 07b0ae51d..b7fbf40ff 100644 --- a/ui/packages/consul-ui/app/components/consul/peer/search-bar/index.hbs +++ b/ui/packages/consul-ui/app/components/consul/peer/search-bar/index.hbs @@ -64,6 +64,42 @@ as |key value|}} + <:filter as |search|> + + + + {{t "components.consul.peer.search-bar.state.name"}} + + + + {{#let components.Optgroup components.Option as |Optgroup Option|}} + {{#each + (get + (require '/models/peer' + path='schema' + from='/components/consul/peer/search-bar' + ) + 'State.allowedValues' + ) as |upperState|}} + {{#let + (string-to-lower-case upperState) + as |state|}} + + {{/let}} + {{/each}} + {{/let}} + + + <:sort as |search|> {{#let components.Optgroup components.Option as |Optgroup Option|}} + + + + diff --git a/ui/packages/consul-ui/app/components/consul/peer/search-bar/index.scss b/ui/packages/consul-ui/app/components/consul/peer/search-bar/index.scss new file mode 100644 index 000000000..0e9e3c1ff --- /dev/null +++ b/ui/packages/consul-ui/app/components/consul/peer/search-bar/index.scss @@ -0,0 +1,24 @@ +.consul-peer-search-bar { + li button span { + @extend %pill-500; + } + .value-pending span { + @extend %pill-pending; + } + .value-establishing span { + @extend %pill-establishing; + } + .value-active span { + @extend %pill-active; + } + .value-failing span { + @extend %pill-failing; + } + .value-terminated span { + @extend %pill-terminated; + } + .value-deleting span { + @extend %pill-deleting; + } +} + diff --git a/ui/packages/consul-ui/app/filter/predicates/peer.js b/ui/packages/consul-ui/app/filter/predicates/peer.js new file mode 100644 index 000000000..7bafa7fa2 --- /dev/null +++ b/ui/packages/consul-ui/app/filter/predicates/peer.js @@ -0,0 +1,10 @@ +export default { + state: { + pending: (item, value) => item.State.toLowerCase() === value, + establishing: (item, value) => item.State.toLowerCase() === value, + active: (item, value) => item.State.toLowerCase() === value, + failing: (item, value) => item.State.toLowerCase() === value, + terminated: (item, value) => item.State.toLowerCase() === value, + deleting: (item, value) => item.State.toLowerCase() === value, + }, +}; diff --git a/ui/packages/consul-ui/app/helpers/require.js b/ui/packages/consul-ui/app/helpers/require.js index 59f360658..c3b39e869 100644 --- a/ui/packages/consul-ui/app/helpers/require.js +++ b/ui/packages/consul-ui/app/helpers/require.js @@ -12,12 +12,15 @@ const container = new Map(); // `css` already has a caching mechanism under the hood so rely on that, plus // we get the advantage of laziness here, i.e. we only call css as and when we // need to -export default helper(([path = ''], { from }) => { - const fullPath = resolve(`${appName}${from}`, path); +export default helper(([path = ''], options) => { + let fullPath = resolve(`${appName}${options.from}`, path); + if(path.charAt(0) === '/') { + fullPath = `${appName}${fullPath}`; + } let module; if(require.has(fullPath)) { - module = require(fullPath).default; + module = require(fullPath)[options.export || 'default']; } else { throw new Error(`Unable to resolve '${fullPath}' does the file exist?`) } @@ -27,7 +30,7 @@ export default helper(([path = ''], { from }) => { return module(css); case fullPath.endsWith('.xstate'): return module; - default: { + case fullPath.endsWith('.element'): { if(container.has(fullPath)) { return container.get(fullPath); } @@ -35,5 +38,7 @@ export default helper(([path = ''], { from }) => { container.set(fullPath, component); return component; } + default: + return module; } }); diff --git a/ui/packages/consul-ui/app/models/peer.js b/ui/packages/consul-ui/app/models/peer.js index 89c70177e..5b2c6a01a 100644 --- a/ui/packages/consul-ui/app/models/peer.js +++ b/ui/packages/consul-ui/app/models/peer.js @@ -1,5 +1,18 @@ import Model, { attr } from '@ember-data/model'; +export const schema = { + State: { + defaultValue: 'PENDING', + allowedValues: [ + 'PENDING', + 'ESTABLISHING', + 'ACTIVE', + 'FAILING', + 'TERMINATED', + 'DELETING' + ], + }, +}; export default class Peer extends Model { @attr('string') uri; @attr() meta; diff --git a/ui/packages/consul-ui/app/routes/dc/peers/index.js b/ui/packages/consul-ui/app/routes/dc/peers/index.js index 5b0973e29..5281a07f5 100644 --- a/ui/packages/consul-ui/app/routes/dc/peers/index.js +++ b/ui/packages/consul-ui/app/routes/dc/peers/index.js @@ -3,6 +3,7 @@ import Route from 'consul-ui/routing/route'; export default class PeersRoute extends Route { queryParams = { sortBy: 'sort', + state: 'state', searchproperty: { as: 'searchproperty', empty: [['Name']], diff --git a/ui/packages/consul-ui/app/services/data-sink/protocols/http.js b/ui/packages/consul-ui/app/services/data-sink/protocols/http.js index 21467648b..9a99eb796 100644 --- a/ui/packages/consul-ui/app/services/data-sink/protocols/http.js +++ b/ui/packages/consul-ui/app/services/data-sink/protocols/http.js @@ -2,11 +2,14 @@ import Service, { inject as service } from '@ember/service'; import { setProperties } from '@ember/object'; export default class HttpService extends Service { + @service('client/http') client; + @service('settings') settings; @service('repository/intention') intention; @service('repository/kv') kv; @service('repository/nspace') nspace; @service('repository/partition') partition; + @service('repository/peer') peer; @service('repository/session') session; prepare(sink, data, instance) { @@ -24,12 +27,16 @@ export default class HttpService extends Service { persist(sink, instance) { const [, , , , model] = sink.split('/'); const repo = this[model]; - return repo.persist(instance); + return this.client.request( + request => repo.persist(instance, request) + ); } remove(sink, instance) { const [, , , , model] = sink.split('/'); const repo = this[model]; - return repo.remove(instance); + return this.client.request( + request => repo.remove(instance, request) + ); } } diff --git a/ui/packages/consul-ui/app/services/filter.js b/ui/packages/consul-ui/app/services/filter.js index 1ba36ec48..bf78151a7 100644 --- a/ui/packages/consul-ui/app/services/filter.js +++ b/ui/packages/consul-ui/app/services/filter.js @@ -10,6 +10,7 @@ import intention from 'consul-ui/filter/predicates/intention'; import token from 'consul-ui/filter/predicates/token'; import policy from 'consul-ui/filter/predicates/policy'; import authMethod from 'consul-ui/filter/predicates/auth-method'; +import peer from 'consul-ui/filter/predicates/peer'; const predicates = { service: andOr(service), @@ -21,6 +22,7 @@ const predicates = { intention: andOr(intention), token: andOr(token), policy: andOr(policy), + peer: andOr(peer), }; export default class FilterService extends Service { diff --git a/ui/packages/consul-ui/app/services/repository/peer.js b/ui/packages/consul-ui/app/services/repository/peer.js index 5154a7250..fdd8b762f 100644 --- a/ui/packages/consul-ui/app/services/repository/peer.js +++ b/ui/packages/consul-ui/app/services/repository/peer.js @@ -70,4 +70,30 @@ export default class PeerService extends RepositoryService { }; }); } + + async remove(item, request) { + // soft delete + // we just return the item we want to delete + // but mark it as DELETING ourselves as the request is successfull + // and we don't have blocking queries here to get immediate updates + return (await request` + DELETE /v1/peering/${item.Name} + `)((headers, body, cache) => { + const partition = item.Partition; + const ns = item.Namespace; + const dc = item.Datacenter; + return { + meta: { + version: 2, + }, + body: cache( + { + ...item, + State: 'DELETING' + }, + uri => uri`peer:///${partition}/${ns}/${dc}/peer/${item.Name}` + ) + }; + }); + } } diff --git a/ui/packages/consul-ui/app/sort/comparators/peer.js b/ui/packages/consul-ui/app/sort/comparators/peer.js index 1ec2b1a99..912d23140 100644 --- a/ui/packages/consul-ui/app/sort/comparators/peer.js +++ b/ui/packages/consul-ui/app/sort/comparators/peer.js @@ -1,3 +1,26 @@ -export default ({ properties }) => key => { +import { schema } from 'consul-ui/models/peer'; + +export default ({ properties }) => (key = 'State:asc') => { + if (key.startsWith('State:')) { + return function(itemA, itemB) { + const [, dir] = key.split(':'); + let a, b; + if (dir === 'asc') { + b = itemA; + a = itemB; + } else { + a = itemA; + b = itemB; + } + switch (true) { + case schema.State.allowedValues.indexOf(a.State) < schema.State.allowedValues.indexOf(b.State): + return 1; + case schema.State.allowedValues.indexOf(a.State) > schema.State.allowedValues.indexOf(b.State): + return -1; + case schema.State.allowedValues.indexOf(a.State) === schema.State.allowedValues.indexOf(b.State): + return 0; + } + }; + } return properties(['Name'])(key); }; diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/index.scss index ecac9fc4a..74559e892 100644 --- a/ui/packages/consul-ui/app/styles/base/icons/icons/index.scss +++ b/ui/packages/consul-ui/app/styles/base/icons/icons/index.scss @@ -501,7 +501,7 @@ // @import './rotate-ccw/index.scss'; // @import './rotate-cw/index.scss'; // @import './rss/index.scss'; -// @import './running/index.scss'; +@import './running/index.scss'; // @import './save/index.scss'; // @import './scissors/index.scss'; // @import './search/index.scss'; @@ -620,7 +620,7 @@ // @import './x-diamond-fill/index.scss'; // @import './x-hexagon/index.scss'; // @import './x-hexagon-fill/index.scss'; -// @import './x-square/index.scss'; +@import './x-square/index.scss'; // @import './x-square-fill/index.scss'; // @import './youtube/index.scss'; // @import './youtube-color/index.scss'; diff --git a/ui/packages/consul-ui/app/styles/components.scss b/ui/packages/consul-ui/app/styles/components.scss index ad39f2418..234b6793a 100644 --- a/ui/packages/consul-ui/app/styles/components.scss +++ b/ui/packages/consul-ui/app/styles/components.scss @@ -103,7 +103,8 @@ @import 'consul-ui/components/topology-metrics/series'; @import 'consul-ui/components/topology-metrics/stats'; @import 'consul-ui/components/topology-metrics/status'; +@import 'consul-ui/components/consul/intention/list/table'; +@import 'consul-ui/components/consul/peer'; @import 'consul-ui/components/peerings/badge'; @import 'consul-ui/components/consul/node/peer-info'; -@import 'consul-ui/components/consul/intention/list/table'; @import 'consul-ui/components/consul/service/peer-info'; diff --git a/ui/packages/consul-ui/app/templates/dc/peers/index.hbs b/ui/packages/consul-ui/app/templates/dc/peers/index.hbs index 9b040c12f..c9fd41e36 100644 --- a/ui/packages/consul-ui/app/templates/dc/peers/index.hbs +++ b/ui/packages/consul-ui/app/templates/dc/peers/index.hbs @@ -20,11 +20,15 @@ {{#let (hash - value=(or sortBy "Name:asc") + value=(or sortBy "State:asc") change=(action (mut sortBy) value="target.selected") ) (hash + state=(hash + value=(if state (split state ',') undefined) + change=(action (mut state) value="target.selectedItems") + ) searchproperty=(hash value=(if (not-eq searchproperty undefined) (split searchproperty ',') @@ -58,111 +62,86 @@ as |sort filters items|}} - - + @label="Peer" + @ondelete={{refresh-route}} + as |writer|> + + + + + + - - -

      {{item.Name}}

      -       - -
      - + -
      - {{t 'routes.dc.peers.index.detail.imported.count' - count=(format-number item.ImportedServiceCount) - }} -
      - -
      - {{t 'routes.dc.peers.index.detail.exported.count' - count=(format-number item.ExportedServiceCount) - }} -
      - -
      -       - - {{#if (can 'delete peer' item=item)}} - - - {{#if true}} - - - View - - - {{/if}} - - {{/if}} - -       - -       - - {{!-- TODO: do we need to check permissions here or will we receive an error automatically? --}} - - -

      - {{#if (gt items.length 0)}} - No peers found - {{else}} - Welcome to Peers - {{/if}} -

      -       - - {{#if (gt items.length 0)}} - No peers where found matching that search, or you may not have access to view the peers you are searching for. - {{else}} - Peering allows an admin partition in one datacenter to communicate with a partition in a different - datacenter. There don't seem to be any peers for this admin partition, or you may not have - peering:read permissions to - access this view. - {{/if}} - - -
    • - {{!-- what's the docs for peering?--}} - - Documentation on Peers - -
      • -
    • - - Take the tutorial - -
      • -       -       -       -       +       + + {{!-- TODO: do we need to check permissions here or will we receive an error automatically? --}} + + +

      + {{#if (gt items.length 0)}} + No peers found + {{else}} + Welcome to Peers + {{/if}} +

      +       + + {{#if (gt items.length 0)}} + No peers where found matching that search, or you may not have access to view the peers you are searching for. + {{else}} + Peering allows an admin partition in one datacenter to communicate with a partition in a different + datacenter. There don't seem to be any peers for this admin partition, or you may not have + peering:read permissions to + access this view. + {{/if}} + + +
    • + {{!-- what's the docs for peering?--}} + + Documentation on Peers + +
      • +
    • + + Take the tutorial + +
      • +       +       +       +       +       + - {{/let}} diff --git a/ui/packages/consul-ui/translations/components/consul/en-us.yaml b/ui/packages/consul-ui/translations/components/consul/en-us.yaml index 48975d53d..0809332f4 100644 --- a/ui/packages/consul-ui/translations/components/consul/en-us.yaml +++ b/ui/packages/consul-ui/translations/components/consul/en-us.yaml @@ -1,3 +1,19 @@ +peer: + search-bar: + state: + name: Status + options: + pending: Pending + establishing: Establishing + active: Active + failing: Failing + terminated: Terminated + deleting: Deleting + sort: + state: + name: Status + asc: Pending to Deleting + desc: Deleting to Pending service: search-bar: kind: Service Type From 40c5c7eee21244eb454e454c039b0899fd767f80 Mon Sep 17 00:00:00 2001 From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com> Date: Thu, 7 Jul 2022 13:55:41 -0500 Subject: [PATCH 708/785] server: broadcast the public grpc port using lan serf and update the consul service in the catalog with the same data (#13687) Currently servers exchange information about their WAN serf port and RPC port with serf tags, so that they all learn of each other's addressing information. We intend to make larger use of the new public-facing gRPC port exposed on all of the servers, so this PR addresses that by passing around the gRPC port via serf tags and then ensuring the generated consul service in the catalog has metadata about that new port as well for ease of non-serf-based lookup. --- .changelog/13687.txt | 3 + agent/agent.go | 2 + agent/consul/config.go | 3 + agent/consul/leader.go | 5 + agent/consul/server_serf.go | 3 + agent/consul/server_test.go | 29 ++-- agent/metadata/server.go | 88 ++++++----- agent/metadata/server_test.go | 282 +++++++++++++++------------------- 8 files changed, 208 insertions(+), 207 deletions(-) create mode 100644 .changelog/13687.txt diff --git a/.changelog/13687.txt b/.changelog/13687.txt new file mode 100644 index 000000000..53d7a08e3 --- /dev/null +++ b/.changelog/13687.txt @@ -0,0 +1,3 @@ +```release-note:feature +server: broadcast the public grpc port using lan serf and update the consul service in the catalog with the same data +``` diff --git a/agent/agent.go b/agent/agent.go index ba1d56641..326565688 100644 --- a/agent/agent.go +++ b/agent/agent.go @@ -1193,6 +1193,8 @@ func newConsulConfig(runtimeCfg *config.RuntimeConfig, logger hclog.Logger) (*co cfg.RPCAddr = runtimeCfg.RPCBindAddr cfg.RPCAdvertise = runtimeCfg.RPCAdvertiseAddr + cfg.GRPCPort = runtimeCfg.GRPCPort + cfg.Segment = runtimeCfg.SegmentName if len(runtimeCfg.Segments) > 0 { segments, err := segmentConfig(runtimeCfg) diff --git a/agent/consul/config.go b/agent/consul/config.go index 40d627bed..50235c681 100644 --- a/agent/consul/config.go +++ b/agent/consul/config.go @@ -130,6 +130,9 @@ type Config struct { // RPCSrcAddr is the source address for outgoing RPC connections. RPCSrcAddr *net.TCPAddr + // GRPCPort is the port the public gRPC server listens on. + GRPCPort int + // (Enterprise-only) The network segment this agent is part of. Segment string diff --git a/agent/consul/leader.go b/agent/consul/leader.go index 85aca70ac..eb197deb3 100644 --- a/agent/consul/leader.go +++ b/agent/consul/leader.go @@ -1069,6 +1069,11 @@ func (s *Server) handleAliveMember(member serf.Member, nodeEntMeta *acl.Enterpri }, } + grpcPortStr := member.Tags["grpc_port"] + if v, err := strconv.Atoi(grpcPortStr); err == nil && v > 0 { + service.Meta["grpc_port"] = grpcPortStr + } + // Attempt to join the consul server if err := s.joinConsulServer(member, parts); err != nil { return err diff --git a/agent/consul/server_serf.go b/agent/consul/server_serf.go index 3db25c155..5e29b47dd 100644 --- a/agent/consul/server_serf.go +++ b/agent/consul/server_serf.go @@ -103,6 +103,9 @@ func (s *Server) setupSerfConfig(opts setupSerfOptions) (*serf.Config, error) { conf.Tags["build"] = s.config.Build addr := opts.Listener.Addr().(*net.TCPAddr) conf.Tags["port"] = fmt.Sprintf("%d", addr.Port) + if s.config.GRPCPort > 0 { + conf.Tags["grpc_port"] = fmt.Sprintf("%d", s.config.GRPCPort) + } if s.config.Bootstrap { conf.Tags["bootstrap"] = "1" } diff --git a/agent/consul/server_test.go b/agent/consul/server_test.go index c2d9c96c2..22b17d5c2 100644 --- a/agent/consul/server_test.go +++ b/agent/consul/server_test.go @@ -111,7 +111,7 @@ func testServerConfig(t *testing.T) (string, *Config) { dir := testutil.TempDir(t, "consul") config := DefaultConfig() - ports := freeport.GetN(t, 3) + ports := freeport.GetN(t, 4) // {server, serf_lan, serf_wan, grpc} config.NodeName = uniqueNodeName(t.Name()) config.Bootstrap = true config.Datacenter = "dc1" @@ -167,6 +167,8 @@ func testServerConfig(t *testing.T) (string, *Config) { // looks like several depend on it. config.RPCHoldTimeout = 10 * time.Second + config.GRPCPort = ports[3] + config.ConnectEnabled = true config.CAConfig = &structs.CAConfiguration{ ClusterID: connect.TestClusterID, @@ -239,6 +241,19 @@ func testServerWithConfig(t *testing.T, configOpts ...func(*Config)) (string, *S }) t.Cleanup(func() { srv.Shutdown() }) + if srv.config.GRPCPort > 0 { + // Normally the gRPC server listener is created at the agent level and + // passed down into the Server creation. + publicGRPCAddr := fmt.Sprintf("127.0.0.1:%d", srv.config.GRPCPort) + + ln, err := net.Listen("tcp", publicGRPCAddr) + require.NoError(t, err) + go func() { + _ = srv.publicGRPCServer.Serve(ln) + }() + t.Cleanup(srv.publicGRPCServer.Stop) + } + return dir, srv } @@ -262,16 +277,8 @@ func testACLServerWithConfig(t *testing.T, cb func(*Config), initReplicationToke func testGRPCIntegrationServer(t *testing.T, cb func(*Config)) (*Server, *grpc.ClientConn, rpc.ClientCodec) { _, srv, codec := testACLServerWithConfig(t, cb, false) - // Normally the gRPC server listener is created at the agent level and passed down into - // the Server creation. For our tests, we need to ensure - ln, err := net.Listen("tcp", "127.0.0.1:0") - require.NoError(t, err) - go func() { - _ = srv.publicGRPCServer.Serve(ln) - }() - t.Cleanup(srv.publicGRPCServer.Stop) - - conn, err := grpc.Dial(ln.Addr().String(), grpc.WithInsecure()) + grpcAddr := fmt.Sprintf("127.0.0.1:%d", srv.config.GRPCPort) + conn, err := grpc.Dial(grpcAddr, grpc.WithInsecure()) require.NoError(t, err) t.Cleanup(func() { _ = conn.Close() }) diff --git a/agent/metadata/server.go b/agent/metadata/server.go index 3715032c6..8d8c00f10 100644 --- a/agent/metadata/server.go +++ b/agent/metadata/server.go @@ -23,25 +23,26 @@ func (k *Key) Equal(x *Key) bool { // Server is used to return details of a consul server type Server struct { - Name string // . - ShortName string // - ID string - Datacenter string - Segment string - Port int - SegmentAddrs map[string]string - SegmentPorts map[string]int - WanJoinPort int - LanJoinPort int - Bootstrap bool - Expect int - Build version.Version - Version int - RaftVersion int - Addr net.Addr - Status serf.MemberStatus - ReadReplica bool - FeatureFlags map[string]int + Name string // . + ShortName string // + ID string + Datacenter string + Segment string + Port int + SegmentAddrs map[string]string + SegmentPorts map[string]int + WanJoinPort int + LanJoinPort int + PublicGRPCPort int + Bootstrap bool + Expect int + Build version.Version + Version int + RaftVersion int + Addr net.Addr + Status serf.MemberStatus + ReadReplica bool + FeatureFlags map[string]int // If true, use TLS when connecting to this server UseTLS bool @@ -136,6 +137,18 @@ func IsConsulServer(m serf.Member) (bool, *Server) { } } + publicGRPCPort := 0 + publicGRPCPortStr, ok := m.Tags["grpc_port"] + if ok { + publicGRPCPort, err = strconv.Atoi(publicGRPCPortStr) + if err != nil { + return false, nil + } + if publicGRPCPort < 1 { + return false, nil + } + } + vsnStr := m.Tags["vsn"] vsn, err := strconv.Atoi(vsnStr) if err != nil { @@ -160,24 +173,25 @@ func IsConsulServer(m serf.Member) (bool, *Server) { addr := &net.TCPAddr{IP: m.Addr, Port: port} parts := &Server{ - Name: m.Name, - ShortName: strings.TrimSuffix(m.Name, "."+datacenter), - ID: m.Tags["id"], - Datacenter: datacenter, - Segment: segment, - Port: port, - SegmentAddrs: segmentAddrs, - SegmentPorts: segmentPorts, - WanJoinPort: wanJoinPort, - LanJoinPort: int(m.Port), - Bootstrap: bootstrap, - Expect: expect, - Addr: addr, - Build: *buildVersion, - Version: vsn, - RaftVersion: raftVsn, - Status: m.Status, - UseTLS: useTLS, + Name: m.Name, + ShortName: strings.TrimSuffix(m.Name, "."+datacenter), + ID: m.Tags["id"], + Datacenter: datacenter, + Segment: segment, + Port: port, + SegmentAddrs: segmentAddrs, + SegmentPorts: segmentPorts, + WanJoinPort: wanJoinPort, + LanJoinPort: int(m.Port), + PublicGRPCPort: publicGRPCPort, + Bootstrap: bootstrap, + Expect: expect, + Addr: addr, + Build: *buildVersion, + Version: vsn, + RaftVersion: raftVsn, + Status: m.Status, + UseTLS: useTLS, // DEPRECATED - remove nonVoter check once support for that tag is removed ReadReplica: nonVoter || readReplica, FeatureFlags: featureFlags, diff --git a/agent/metadata/server_test.go b/agent/metadata/server_test.go index e83a4b087..373bad682 100644 --- a/agent/metadata/server_test.go +++ b/agent/metadata/server_test.go @@ -4,6 +4,7 @@ import ( "net" "testing" + "github.com/hashicorp/go-version" "github.com/hashicorp/serf/serf" "github.com/stretchr/testify/require" @@ -53,173 +54,136 @@ func TestServer_Key_params(t *testing.T) { } func TestIsConsulServer(t *testing.T) { - m := serf.Member{ - Name: "foo", - Addr: net.IP([]byte{127, 0, 0, 1}), - Tags: map[string]string{ - "role": "consul", - "id": "asdf", - "dc": "east-aws", - "port": "10000", - "build": "0.8.0", - "wan_join_port": "1234", - "vsn": "1", - "expect": "3", - "raft_vsn": "3", - "use_tls": "1", - "read_replica": "1", - }, - Status: serf.StatusLeft, - } - ok, parts := metadata.IsConsulServer(m) - if !ok || parts.Datacenter != "east-aws" || parts.Port != 10000 { - t.Fatalf("bad: %v %v", ok, parts) - } - if parts.Name != "foo" { - t.Fatalf("bad: %v", parts) - } - if parts.ID != "asdf" { - t.Fatalf("bad: %v", parts.ID) - } - if parts.Bootstrap { - t.Fatalf("unexpected bootstrap") - } - if parts.Expect != 3 { - t.Fatalf("bad: %v", parts.Expect) - } - if parts.Port != 10000 { - t.Fatalf("bad: %v", parts.Port) - } - if parts.WanJoinPort != 1234 { - t.Fatalf("bad: %v", parts.WanJoinPort) - } - if parts.RaftVersion != 3 { - t.Fatalf("bad: %v", parts.RaftVersion) - } - if parts.Status != serf.StatusLeft { - t.Fatalf("bad: %v", parts.Status) - } - if !parts.UseTLS { - t.Fatalf("bad: %v", parts.UseTLS) - } - if !parts.ReadReplica { - t.Fatalf("unexpected voter") - } - m.Tags["bootstrap"] = "1" - m.Tags["disabled"] = "1" - ok, parts = metadata.IsConsulServer(m) - if !ok { - t.Fatalf("expected a valid consul server") - } - if !parts.Bootstrap { - t.Fatalf("expected bootstrap") - } - if parts.Addr.String() != "127.0.0.1:10000" { - t.Fatalf("bad addr: %v", parts.Addr) - } - if parts.Version != 1 { - t.Fatalf("bad: %v", parts) - } - m.Tags["expect"] = "3" - delete(m.Tags, "bootstrap") - delete(m.Tags, "disabled") - ok, parts = metadata.IsConsulServer(m) - if !ok || parts.Expect != 3 { - t.Fatalf("bad: %v", parts.Expect) - } - if parts.Bootstrap { - t.Fatalf("unexpected bootstrap") + mustVersion := func(s string) *version.Version { + v, err := version.NewVersion(s) + require.NoError(t, err) + return v } - delete(m.Tags, "read_replica") - ok, parts = metadata.IsConsulServer(m) - if !ok || parts.ReadReplica { - t.Fatalf("unexpected read replica") - } + newCase := func(variant string) (in serf.Member, expect *metadata.Server) { + m := serf.Member{ + Name: "foo", + Addr: net.IP([]byte{127, 0, 0, 1}), + Port: 5454, + Tags: map[string]string{ + "role": "consul", + "id": "asdf", + "dc": "east-aws", + "port": "10000", + "build": "0.8.0", + "wan_join_port": "1234", + "grpc_port": "9876", + "vsn": "1", + "expect": "3", + "raft_vsn": "3", + "use_tls": "1", + }, + Status: serf.StatusLeft, + } - m.Tags["nonvoter"] = "1" - ok, parts = metadata.IsConsulServer(m) - if !ok || !parts.ReadReplica { - t.Fatalf("expected read replica") - } + expected := &metadata.Server{ + Name: "foo", + ShortName: "foo", + ID: "asdf", + Datacenter: "east-aws", + Segment: "", + Port: 10000, + SegmentAddrs: map[string]string{}, + SegmentPorts: map[string]int{}, + WanJoinPort: 1234, + LanJoinPort: 5454, + PublicGRPCPort: 9876, + Bootstrap: false, + Expect: 3, + Addr: &net.TCPAddr{ + IP: net.IP([]byte{127, 0, 0, 1}), + Port: 10000, + }, + Build: *mustVersion("0.8.0"), + Version: 1, + RaftVersion: 3, + Status: serf.StatusLeft, + UseTLS: true, + ReadReplica: false, + FeatureFlags: map[string]int{}, + } - delete(m.Tags, "role") - ok, _ = metadata.IsConsulServer(m) - require.False(t, ok, "expected to not be a consul server") -} - -func TestIsConsulServer_Optional(t *testing.T) { - m := serf.Member{ - Name: "foo", - Addr: net.IP([]byte{127, 0, 0, 1}), - Tags: map[string]string{ - "role": "consul", - "id": "asdf", - "dc": "east-aws", - "port": "10000", - "vsn": "1", - "build": "0.8.0", - // wan_join_port, raft_vsn, and expect are optional and + switch variant { + case "normal": + case "read-replica": + m.Tags["read_replica"] = "1" + expected.ReadReplica = true + case "non-voter": + m.Tags["nonvoter"] = "1" + expected.ReadReplica = true + case "expect-3": + m.Tags["expect"] = "3" + expected.Expect = 3 + case "bootstrapped": + m.Tags["bootstrap"] = "1" + m.Tags["disabled"] = "1" + expected.Bootstrap = true + case "optionals": + // grpc_port, wan_join_port, raft_vsn, and expect are optional and // should default to zero. - }, - } - ok, parts := metadata.IsConsulServer(m) - if !ok || parts.Datacenter != "east-aws" || parts.Port != 10000 { - t.Fatalf("bad: %v %v", ok, parts) - } - if parts.Name != "foo" { - t.Fatalf("bad: %v", parts) - } - if parts.ID != "asdf" { - t.Fatalf("bad: %v", parts.ID) - } - if parts.Bootstrap { - t.Fatalf("unexpected bootstrap") - } - if parts.Expect != 0 { - t.Fatalf("bad: %v", parts.Expect) - } - if parts.Port != 10000 { - t.Fatalf("bad: %v", parts.Port) - } - if parts.WanJoinPort != 0 { - t.Fatalf("bad: %v", parts.WanJoinPort) - } - if parts.RaftVersion != 0 { - t.Fatalf("bad: %v", parts.RaftVersion) + delete(m.Tags, "grpc_port") + delete(m.Tags, "wan_join_port") + delete(m.Tags, "raft_vsn") + delete(m.Tags, "expect") + expected.RaftVersion = 0 + expected.Expect = 0 + expected.WanJoinPort = 0 + expected.PublicGRPCPort = 0 + case "feature-namespaces": + m.Tags["ft_ns"] = "1" + expected.FeatureFlags = map[string]int{"ns": 1} + // + case "bad-grpc-port": + m.Tags["grpc_port"] = "three" + case "negative-grpc-port": + m.Tags["grpc_port"] = "-1" + case "zero-grpc-port": + m.Tags["grpc_port"] = "0" + case "no-role": + delete(m.Tags, "role") + default: + t.Fatalf("unhandled variant: %s", variant) + } + + return m, expected } - m.Tags["bootstrap"] = "1" - m.Tags["disabled"] = "1" - m.Tags["ft_ns"] = "1" - ok, parts = metadata.IsConsulServer(m) - if !ok { - t.Fatalf("expected a valid consul server") - } - if !parts.Bootstrap { - t.Fatalf("expected bootstrap") - } - if parts.Addr.String() != "127.0.0.1:10000" { - t.Fatalf("bad addr: %v", parts.Addr) - } - if parts.Version != 1 { - t.Fatalf("bad: %v", parts) - } - expectedFlags := map[string]int{"ns": 1} - require.Equal(t, expectedFlags, parts.FeatureFlags) + run := func(t *testing.T, variant string, expectOK bool) { + m, expected := newCase(variant) + ok, parts := metadata.IsConsulServer(m) - m.Tags["expect"] = "3" - delete(m.Tags, "bootstrap") - delete(m.Tags, "disabled") - ok, parts = metadata.IsConsulServer(m) - if !ok || parts.Expect != 3 { - t.Fatalf("bad: %v", parts.Expect) - } - if parts.Bootstrap { - t.Fatalf("unexpected bootstrap") + if expectOK { + require.True(t, ok, "expected a valid consul server") + require.Equal(t, expected, parts) + } else { + ok, _ := metadata.IsConsulServer(m) + require.False(t, ok, "expected to not be a consul server") + } } - delete(m.Tags, "role") - ok, _ = metadata.IsConsulServer(m) - require.False(t, ok, "expected to not be a consul server") + cases := map[string]bool{ + "normal": true, + "read-replica": true, + "non-voter": true, + "expect-3": true, + "bootstrapped": true, + "optionals": true, + "feature-namespaces": true, + // + "no-role": false, + "bad-grpc-port": false, + "negative-grpc-port": false, + "zero-grpc-port": false, + } + + for variant, expectOK := range cases { + t.Run(variant, func(t *testing.T) { + run(t, variant, expectOK) + }) + } } From 27c239b59617847f951aea716daabfe2a19315d4 Mon Sep 17 00:00:00 2001 From: Chris Thain <32781396+cthain@users.noreply.github.com> Date: Thu, 7 Jul 2022 13:30:19 -0700 Subject: [PATCH 709/785] Docs: Fix path to consul-ecs Terraform modules (#13689) --- website/content/docs/ecs/compatibility.mdx | 2 -- website/content/docs/ecs/enterprise.mdx | 4 ++-- website/content/docs/ecs/terraform/migrate-existing-tasks.mdx | 2 +- website/content/docs/ecs/terraform/secure-configuration.mdx | 4 ++-- 4 files changed, 5 insertions(+), 7 deletions(-) diff --git a/website/content/docs/ecs/compatibility.mdx b/website/content/docs/ecs/compatibility.mdx index 4c329ba6b..3967b4b51 100644 --- a/website/content/docs/ecs/compatibility.mdx +++ b/website/content/docs/ecs/compatibility.mdx @@ -10,8 +10,6 @@ For every release of Consul on ECS, the `consul-ecs` binary and `consul-ecs` Ter ## Supported Consul versions - - | Consul Version | Compatible consul-ecs Versions | | -------------- | ------------------------------- | | 1.12.x | 0.5.x | diff --git a/website/content/docs/ecs/enterprise.mdx b/website/content/docs/ecs/enterprise.mdx index 9350fc6db..29bd1a315 100644 --- a/website/content/docs/ecs/enterprise.mdx +++ b/website/content/docs/ecs/enterprise.mdx @@ -84,7 +84,7 @@ is not provided when `consul_partitions_enabled = true`, will default to the `de ```hcl module "acl_controller" { - source = "hashicorp/consul/aws//modules/acl-controller" + source = "hashicorp/consul-ecs/aws//modules/acl-controller" ... @@ -109,7 +109,7 @@ The following example demonstrates how to create a `mesh-task` assigned to the a ```hcl module "my_task" { - source = "hashicorp/consul/aws//modules/mesh-task" + source = "hashicorp/consul-ecs/aws//modules/mesh-task" family = "my_task" ... diff --git a/website/content/docs/ecs/terraform/migrate-existing-tasks.mdx b/website/content/docs/ecs/terraform/migrate-existing-tasks.mdx index 574e1fda0..fa39683f9 100644 --- a/website/content/docs/ecs/terraform/migrate-existing-tasks.mdx +++ b/website/content/docs/ecs/terraform/migrate-existing-tasks.mdx @@ -68,7 +68,7 @@ The `mesh-task` module is used as follows: ```hcl module "my_task" { - source = "hashicorp/consul/aws//modules/mesh-task" + source = "hashicorp/consul-ecs/aws//modules/mesh-task" version = "" family = "my_task" diff --git a/website/content/docs/ecs/terraform/secure-configuration.mdx b/website/content/docs/ecs/terraform/secure-configuration.mdx index 24e3e165c..81e508d44 100644 --- a/website/content/docs/ecs/terraform/secure-configuration.mdx +++ b/website/content/docs/ecs/terraform/secure-configuration.mdx @@ -80,7 +80,7 @@ the AWS IAM auth method. ```hcl module "acl_controller" { - source = "hashicorp/consul/aws//modules/acl-controller" + source = "hashicorp/consul-ecs/aws//modules/acl-controller" version = "" consul_bootstrap_token_secret_arn = aws_secretsmanager_secret.bootstrap_token.arn @@ -141,7 +141,7 @@ should be the same as the `name_prefix` you provide to the ACL controller module ```hcl module "my_task" { - source = "hashicorp/consul/aws//modules/mesh-task" + source = "hashicorp/consul-ecs/aws//modules/mesh-task" version = "" ... From 7384eefff056e0a7a5a7c5b75fe07fa533ff092e Mon Sep 17 00:00:00 2001 From: boruszak Date: Thu, 7 Jul 2022 16:10:21 -0500 Subject: [PATCH 710/785] Clarification around "peering_token.json" and adding Partition names --- .../docs/connect/cluster-peering/create-manage-peering.mdx | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/website/content/docs/connect/cluster-peering/create-manage-peering.mdx b/website/content/docs/connect/cluster-peering/create-manage-peering.mdx index 087d8ffe8..72b872151 100644 --- a/website/content/docs/connect/cluster-peering/create-manage-peering.mdx +++ b/website/content/docs/connect/cluster-peering/create-manage-peering.mdx @@ -47,15 +47,13 @@ Create a JSON file that contains the first cluster's name and the peering token. ## Establish a connection between clusters -Next, use the peering token to establish a secure connection between the clusters. In the client agents of "cluster-02," establish the peering connection using the HTTP API. This endpoint does not generate an output unless there is an error. +Next, use `peering_token.json` to establish a secure connection between the clusters. In the client agents of "cluster-02," establish the peering connection using the HTTP API. This endpoint does not generate an output unless there is an error. ```shell-session $ curl --request POST --data @peering_token.json http://127.0.0.1:8500/v1/peering/establish ``` -In the peer parameter, specify a name for the first cluster. The `PeeringToken` parameter should include the entire peering token created in the first cluster. - -When you connect server agents through cluster peering, they will peer their default partitions. To establish peering connections for other partitions through server agents, you must specify the partitions you want to peer using the `Partition` field of the request body. +When you connect server agents through cluster peering, they peer their default partitions. To establish peering connections for other partitions through server agents, you must add the `Partition` field to `peering_token.json` and specify the partitions you want to peer. For additional configuration information, refer to [Cluster Peering - HTTP API](/api-docs/peering). ## Export service endpoints From 28d2ee5ada8170583c2bf6e8f3df9d6d81323f1a Mon Sep 17 00:00:00 2001 From: Mike Morris Date: Thu, 7 Jul 2022 17:37:12 -0400 Subject: [PATCH 711/785] Update website/content/docs/api-gateway/consul-api-gateway-install.mdx Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> --- website/content/docs/api-gateway/consul-api-gateway-install.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/content/docs/api-gateway/consul-api-gateway-install.mdx b/website/content/docs/api-gateway/consul-api-gateway-install.mdx index 283a9e28c..62873a381 100644 --- a/website/content/docs/api-gateway/consul-api-gateway-install.mdx +++ b/website/content/docs/api-gateway/consul-api-gateway-install.mdx @@ -15,7 +15,7 @@ Ensure that the environment you are deploying Consul API Gateway in meets the re ## Installation -1. Set the version of Consul API Gateway you are installing as an environment variable. The following steps use this environment variable to template the version into commands and configuration. +1. Set the version of Consul API Gateway you are installing as an environment variable. The following steps use this environment variable in commands and configurations. ```shell-session $ export VERSION=0.3.0 From fc8fbda641437fbf2931792309381f9d2b9a8303 Mon Sep 17 00:00:00 2001 From: Mike Morris Date: Thu, 7 Jul 2022 17:38:30 -0400 Subject: [PATCH 712/785] Update website/content/docs/api-gateway/consul-api-gateway-install.mdx Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> --- website/content/docs/api-gateway/consul-api-gateway-install.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/content/docs/api-gateway/consul-api-gateway-install.mdx b/website/content/docs/api-gateway/consul-api-gateway-install.mdx index 62873a381..a25564a4d 100644 --- a/website/content/docs/api-gateway/consul-api-gateway-install.mdx +++ b/website/content/docs/api-gateway/consul-api-gateway-install.mdx @@ -27,7 +27,7 @@ Ensure that the environment you are deploying Consul API Gateway in meets the re $ kubectl apply --kustomize="github.com/hashicorp/consul-api-gateway/config/crd?ref=v$VERSION" ``` -1. Create a `values.yaml` file for your Consul API Gateway deployment. Copy the content below and run it in a shell where you've set the `VERSION` environment variable to create a `values.yaml` file. The `values.yaml` will be used by the Consul Helm chart. Available versions of the [Consul](https://hub.docker.com/r/hashicorp/consul/tags) and [Consul API Gateway](https://hub.docker.com/r/hashicorp/consul-api-gateway/tags) Docker images can be found on DockerHub, with additional context on version compatibility published in [GitHub releases](https://github.com/hashicorp/consul-api-gateway/releases). See [Helm Chart Configuration - apiGateway](https://www.consul.io/docs/k8s/helm#apigateway) for more available options on how to configure your Consul API Gateway deployment via the Helm chart. +1. Create a `values.yaml` file for your Consul API Gateway deployment by copying the following content and running it in the environment where you set the `VERSION` environment variable. The Consul Helm chart uses this `values.yaml` file to deploy the API Gateway. Available versions of the [Consul](https://hub.docker.com/r/hashicorp/consul/tags) and [Consul API Gateway](https://hub.docker.com/r/hashicorp/consul-api-gateway/tags) Docker images can be found on DockerHub, with additional context on version compatibility published in [GitHub releases](https://github.com/hashicorp/consul-api-gateway/releases). For more options to configure your Consul API Gateway deployment through the Helm chat, refer to [Helm Chart Configuration - apiGateway](https://www.consul.io/docs/k8s/helm#apigateway). From 5b801db24be314a18e734164a4c0fb8a50d5ddf4 Mon Sep 17 00:00:00 2001 From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com> Date: Fri, 8 Jul 2022 12:01:13 -0500 Subject: [PATCH 713/785] peering: move peer replication to the external gRPC port (#13698) Peer replication is intended to be between separate Consul installs and effectively should be considered "external". This PR moves the peer stream replication bidirectional RPC endpoint to the external gRPC server and ensures that things continue to function. --- agent/consul/leader_peering.go | 40 +- agent/consul/leader_peering_test.go | 10 +- agent/consul/peering_backend.go | 131 +- agent/consul/peering_backend_oss.go | 4 +- agent/consul/server.go | 57 +- agent/consul/server_test.go | 13 +- .../services/peerstream}/health_snapshot.go | 2 +- .../peerstream}/health_snapshot_test.go | 2 +- .../services/peerstream/mock_ACLResolver.go | 48 + .../services/peerstream}/replication.go | 97 +- .../grpc/public/services/peerstream/server.go | 101 ++ .../services/peerstream/stream_resources.go | 390 ++++++ .../services/peerstream}/stream_test.go | 648 ++++----- .../services/peerstream}/stream_tracker.go | 88 +- .../peerstream}/stream_tracker_test.go | 63 +- .../peerstream}/subscription_blocking.go | 10 +- .../peerstream}/subscription_manager.go | 8 +- .../peerstream}/subscription_manager_test.go | 18 +- .../peerstream}/subscription_state.go | 2 +- .../peerstream}/subscription_state_test.go | 2 +- .../services/peerstream}/subscription_view.go | 2 +- .../peerstream}/subscription_view_test.go | 2 +- .../public/services/peerstream/testing.go | 128 ++ agent/peering_endpoint_test.go | 2 +- agent/rpc/peering/service.go | 512 +------- agent/rpc/peering/service_test.go | 473 +------ agent/rpc/peering/testing.go | 123 -- proto/pbpeering/generate.go | 9 - proto/pbpeering/peering.go | 4 - proto/pbpeering/peering.pb.binary.go | 50 - proto/pbpeering/peering.pb.go | 1159 +++++------------ proto/pbpeering/peering.proto | 80 -- proto/pbpeering/peering_grpc.pb.go | 81 +- proto/pbpeerstream/peerstream.go | 5 + proto/pbpeerstream/peerstream.pb.binary.go | 58 + proto/pbpeerstream/peerstream.pb.go | 635 +++++++++ proto/pbpeerstream/peerstream.proto | 91 ++ proto/pbpeerstream/peerstream_grpc.pb.go | 145 +++ proto/{pbpeering => pbpeerstream}/types.go | 2 +- sdk/testutil/server.go | 6 +- test/integration/connect/envoy/run-tests.sh | 10 +- 41 files changed, 2592 insertions(+), 2719 deletions(-) rename agent/{rpc/peering => grpc/public/services/peerstream}/health_snapshot.go (99%) rename agent/{rpc/peering => grpc/public/services/peerstream}/health_snapshot_test.go (99%) create mode 100644 agent/grpc/public/services/peerstream/mock_ACLResolver.go rename agent/{rpc/peering => grpc/public/services/peerstream}/replication.go (84%) create mode 100644 agent/grpc/public/services/peerstream/server.go create mode 100644 agent/grpc/public/services/peerstream/stream_resources.go rename agent/{rpc/peering => grpc/public/services/peerstream}/stream_test.go (78%) rename agent/{rpc/peering => grpc/public/services/peerstream}/stream_tracker.go (66%) rename agent/{rpc/peering => grpc/public/services/peerstream}/stream_tracker_test.go (68%) rename agent/{rpc/peering => grpc/public/services/peerstream}/subscription_blocking.go (91%) rename agent/{rpc/peering => grpc/public/services/peerstream}/subscription_manager.go (99%) rename agent/{rpc/peering => grpc/public/services/peerstream}/subscription_manager_test.go (99%) rename agent/{rpc/peering => grpc/public/services/peerstream}/subscription_state.go (99%) rename agent/{rpc/peering => grpc/public/services/peerstream}/subscription_state_test.go (99%) rename agent/{rpc/peering => grpc/public/services/peerstream}/subscription_view.go (99%) rename agent/{rpc/peering => grpc/public/services/peerstream}/subscription_view_test.go (99%) create mode 100644 agent/grpc/public/services/peerstream/testing.go delete mode 100644 proto/pbpeering/generate.go create mode 100644 proto/pbpeerstream/peerstream.go create mode 100644 proto/pbpeerstream/peerstream.pb.binary.go create mode 100644 proto/pbpeerstream/peerstream.pb.go create mode 100644 proto/pbpeerstream/peerstream.proto create mode 100644 proto/pbpeerstream/peerstream_grpc.pb.go rename proto/{pbpeering => pbpeerstream}/types.go (91%) diff --git a/agent/consul/leader_peering.go b/agent/consul/leader_peering.go index f698e48ec..48ce59d07 100644 --- a/agent/consul/leader_peering.go +++ b/agent/consul/leader_peering.go @@ -6,7 +6,6 @@ import ( "crypto/tls" "crypto/x509" "fmt" - "net" "github.com/hashicorp/go-hclog" "github.com/hashicorp/go-memdb" @@ -18,12 +17,12 @@ import ( "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/consul/state" - "github.com/hashicorp/consul/agent/pool" - "github.com/hashicorp/consul/agent/rpc/peering" + "github.com/hashicorp/consul/agent/grpc/public/services/peerstream" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/logging" "github.com/hashicorp/consul/proto/pbpeering" + "github.com/hashicorp/consul/proto/pbpeerstream" ) func (s *Server) startPeeringStreamSync(ctx context.Context) { @@ -86,7 +85,7 @@ func (s *Server) syncPeeringsAndBlock(ctx context.Context, logger hclog.Logger, // 3. accept new stream for [D] // 4. list peerings [A,B,C,D] // 5. terminate [] - connectedStreams := s.peeringService.ConnectedStreams() + connectedStreams := s.peerStreamServer.ConnectedStreams() state := s.fsm.State() @@ -132,7 +131,7 @@ func (s *Server) syncPeeringsAndBlock(ctx context.Context, logger hclog.Logger, continue } - status, found := s.peeringService.StreamStatus(peer.ID) + status, found := s.peerStreamServer.StreamStatus(peer.ID) // TODO(peering): If there is new peering data and a connected stream, should we tear down the stream? // If the data in the updated token is bad, the user wouldn't know until the old servers/certs become invalid. @@ -161,7 +160,7 @@ func (s *Server) syncPeeringsAndBlock(ctx context.Context, logger hclog.Logger, } } - logger.Trace("checking connected streams", "streams", s.peeringService.ConnectedStreams(), "sequence_id", seq) + logger.Trace("checking connected streams", "streams", s.peerStreamServer.ConnectedStreams(), "sequence_id", seq) // Clean up active streams of peerings that were deleted from the state store. // TODO(peering): This is going to trigger shutting down peerings we generated a token for. Is that OK? @@ -239,7 +238,6 @@ func (s *Server) establishStream(ctx context.Context, logger hclog.Logger, peer logger.Trace("dialing peer", "addr", addr) conn, err := grpc.DialContext(retryCtx, addr, - grpc.WithContextDialer(newPeerDialer(addr)), grpc.WithBlock(), tlsOption, ) @@ -248,24 +246,24 @@ func (s *Server) establishStream(ctx context.Context, logger hclog.Logger, peer } defer conn.Close() - client := pbpeering.NewPeeringServiceClient(conn) + client := pbpeerstream.NewPeerStreamServiceClient(conn) stream, err := client.StreamResources(retryCtx) if err != nil { return err } - streamReq := peering.HandleStreamRequest{ + streamReq := peerstream.HandleStreamRequest{ LocalID: peer.ID, RemoteID: peer.PeerID, PeerName: peer.Name, Partition: peer.Partition, Stream: stream, } - err = s.peeringService.HandleStream(streamReq) + err = s.peerStreamServer.HandleStream(streamReq) // A nil error indicates that the peering was deleted and the stream needs to be gracefully shutdown. if err == nil { stream.CloseSend() - s.peeringService.DrainStream(streamReq) + s.peerStreamServer.DrainStream(streamReq) // This will cancel the retry-er context, letting us break out of this loop when we want to shut down the stream. cancel() @@ -283,26 +281,6 @@ func (s *Server) establishStream(ctx context.Context, logger hclog.Logger, peer return nil } -func newPeerDialer(peerAddr string) func(context.Context, string) (net.Conn, error) { - return func(ctx context.Context, addr string) (net.Conn, error) { - d := net.Dialer{} - conn, err := d.DialContext(ctx, "tcp", peerAddr) - if err != nil { - return nil, err - } - - // TODO(peering): This is going to need to be revisited. This type uses the TLS settings configured on the agent, but - // for peering we never want mutual TLS because the client peer doesn't share its CA cert. - _, err = conn.Write([]byte{byte(pool.RPCGRPC)}) - if err != nil { - conn.Close() - return nil, err - } - - return conn, nil - } -} - func (s *Server) startPeeringDeferredDeletion(ctx context.Context) { s.leaderRoutineManager.Start(ctx, peeringDeletionRoutineName, s.runPeeringDeletions) } diff --git a/agent/consul/leader_peering_test.go b/agent/consul/leader_peering_test.go index 169ca833f..222b59279 100644 --- a/agent/consul/leader_peering_test.go +++ b/agent/consul/leader_peering_test.go @@ -59,7 +59,7 @@ func TestLeader_PeeringSync_Lifecycle_ClientDeletion(t *testing.T) { // S1 should not have a stream tracked for dc2 because s1 generated a token for baz, and therefore needs to wait to be dialed. time.Sleep(1 * time.Second) - _, found := s1.peeringService.StreamStatus(token.PeerID) + _, found := s1.peerStreamServer.StreamStatus(token.PeerID) require.False(t, found) var ( @@ -90,7 +90,7 @@ func TestLeader_PeeringSync_Lifecycle_ClientDeletion(t *testing.T) { require.NoError(t, s2.fsm.State().PeeringWrite(1000, p)) retry.Run(t, func(r *retry.R) { - status, found := s2.peeringService.StreamStatus(p.ID) + status, found := s2.peerStreamServer.StreamStatus(p.ID) require.True(r, found) require.True(r, status.Connected) }) @@ -105,7 +105,7 @@ func TestLeader_PeeringSync_Lifecycle_ClientDeletion(t *testing.T) { s2.logger.Trace("deleted peering for my-peer-s1") retry.Run(t, func(r *retry.R) { - _, found := s2.peeringService.StreamStatus(p.ID) + _, found := s2.peerStreamServer.StreamStatus(p.ID) require.False(r, found) }) @@ -186,7 +186,7 @@ func TestLeader_PeeringSync_Lifecycle_ServerDeletion(t *testing.T) { require.NoError(t, s2.fsm.State().PeeringWrite(1000, p)) retry.Run(t, func(r *retry.R) { - status, found := s2.peeringService.StreamStatus(p.ID) + status, found := s2.peerStreamServer.StreamStatus(p.ID) require.True(r, found) require.True(r, status.Connected) }) @@ -201,7 +201,7 @@ func TestLeader_PeeringSync_Lifecycle_ServerDeletion(t *testing.T) { s2.logger.Trace("deleted peering for my-peer-s1") retry.Run(t, func(r *retry.R) { - _, found := s1.peeringService.StreamStatus(p.PeerID) + _, found := s1.peerStreamServer.StreamStatus(p.PeerID) require.False(r, found) }) diff --git a/agent/consul/peering_backend.go b/agent/consul/peering_backend.go index 047569f11..30fda81f8 100644 --- a/agent/consul/peering_backend.go +++ b/agent/consul/peering_backend.go @@ -7,51 +7,56 @@ import ( "strconv" "sync" - "google.golang.org/grpc" - "github.com/hashicorp/consul/agent/consul/stream" + "github.com/hashicorp/consul/agent/grpc/public/services/peerstream" "github.com/hashicorp/consul/agent/rpc/peering" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/proto/pbpeering" ) -type peeringBackend struct { +type PeeringBackend struct { // TODO(peering): accept a smaller interface; maybe just funcs from the server that we actually need: DC, IsLeader, etc - srv *Server - connPool GRPCClientConner - apply *peeringApply - addr *leaderAddr + srv *Server + + leaderAddrLock sync.RWMutex + leaderAddr string } -var _ peering.Backend = (*peeringBackend)(nil) +var _ peering.Backend = (*PeeringBackend)(nil) +var _ peerstream.Backend = (*PeeringBackend)(nil) // NewPeeringBackend returns a peering.Backend implementation that is bound to the given server. -func NewPeeringBackend(srv *Server, connPool GRPCClientConner) peering.Backend { - return &peeringBackend{ - srv: srv, - connPool: connPool, - apply: &peeringApply{srv: srv}, - addr: &leaderAddr{}, +func NewPeeringBackend(srv *Server) *PeeringBackend { + return &PeeringBackend{ + srv: srv, } } -// Forward should not be used to initiate forwarding over bidirectional streams -func (b *peeringBackend) Forward(info structs.RPCInfo, f func(*grpc.ClientConn) error) (handled bool, err error) { - // Only forward the request if the dc in the request matches the server's datacenter. - if info.RequestDatacenter() != "" && info.RequestDatacenter() != b.srv.config.Datacenter { - return false, fmt.Errorf("requests to generate peering tokens cannot be forwarded to remote datacenters") - } - return b.srv.ForwardGRPC(b.connPool, info, f) +// SetLeaderAddress is called on a raft.LeaderObservation in a go routine +// in the consul server; see trackLeaderChanges() +func (b *PeeringBackend) SetLeaderAddress(addr string) { + b.leaderAddrLock.Lock() + b.leaderAddr = addr + b.leaderAddrLock.Unlock() +} + +// GetLeaderAddress provides the best hint for the current address of the +// leader. There is no guarantee that this is the actual address of the +// leader. +func (b *PeeringBackend) GetLeaderAddress() string { + b.leaderAddrLock.RLock() + defer b.leaderAddrLock.RUnlock() + return b.leaderAddr } // GetAgentCACertificates gets the server's raw CA data from its TLS Configurator. -func (b *peeringBackend) GetAgentCACertificates() ([]string, error) { +func (b *PeeringBackend) GetAgentCACertificates() ([]string, error) { // TODO(peering): handle empty CA pems return b.srv.tlsConfigurator.ManualCAPems(), nil } // GetServerAddresses looks up server node addresses from the state store. -func (b *peeringBackend) GetServerAddresses() ([]string, error) { +func (b *PeeringBackend) GetServerAddresses() ([]string, error) { state := b.srv.fsm.State() _, nodes, err := state.ServiceNodes(nil, "consul", structs.DefaultEnterpriseMetaInDefaultPartition(), structs.DefaultPeerKeyword) if err != nil { @@ -59,19 +64,23 @@ func (b *peeringBackend) GetServerAddresses() ([]string, error) { } var addrs []string for _, node := range nodes { - addrs = append(addrs, node.Address+":"+strconv.Itoa(node.ServicePort)) + grpcPortStr := node.ServiceMeta["grpc_port"] + if v, err := strconv.Atoi(grpcPortStr); err != nil || v < 1 { + continue // skip server that isn't exporting public gRPC properly + } + addrs = append(addrs, node.Address+":"+grpcPortStr) } return addrs, nil } // GetServerName returns the SNI to be returned in the peering token data which // will be used by peers when establishing peering connections over TLS. -func (b *peeringBackend) GetServerName() string { +func (b *PeeringBackend) GetServerName() string { return b.srv.tlsConfigurator.ServerSNI(b.srv.config.Datacenter, "") } // EncodeToken encodes a peering token as a bas64-encoded representation of JSON (for now). -func (b *peeringBackend) EncodeToken(tok *structs.PeeringToken) ([]byte, error) { +func (b *PeeringBackend) EncodeToken(tok *structs.PeeringToken) ([]byte, error) { jsonToken, err := json.Marshal(tok) if err != nil { return nil, fmt.Errorf("failed to marshal token: %w", err) @@ -80,7 +89,7 @@ func (b *peeringBackend) EncodeToken(tok *structs.PeeringToken) ([]byte, error) } // DecodeToken decodes a peering token from a base64-encoded JSON byte array (for now). -func (b *peeringBackend) DecodeToken(tokRaw []byte) (*structs.PeeringToken, error) { +func (b *PeeringBackend) DecodeToken(tokRaw []byte) (*structs.PeeringToken, error) { tokJSONRaw, err := base64.StdEncoding.DecodeString(string(tokRaw)) if err != nil { return nil, fmt.Errorf("failed to decode token: %w", err) @@ -92,59 +101,28 @@ func (b *peeringBackend) DecodeToken(tokRaw []byte) (*structs.PeeringToken, erro return &tok, nil } -func (s peeringBackend) Subscribe(req *stream.SubscribeRequest) (*stream.Subscription, error) { +func (s *PeeringBackend) Subscribe(req *stream.SubscribeRequest) (*stream.Subscription, error) { return s.srv.publisher.Subscribe(req) } -func (b *peeringBackend) Store() peering.Store { +func (b *PeeringBackend) Store() peering.Store { return b.srv.fsm.State() } -func (b *peeringBackend) Apply() peering.Apply { - return b.apply -} - -func (b *peeringBackend) LeaderAddress() peering.LeaderAddress { - return b.addr -} - -func (b *peeringBackend) EnterpriseCheckPartitions(partition string) error { +func (b *PeeringBackend) EnterpriseCheckPartitions(partition string) error { return b.enterpriseCheckPartitions(partition) } -func (b *peeringBackend) EnterpriseCheckNamespaces(namespace string) error { +func (b *PeeringBackend) EnterpriseCheckNamespaces(namespace string) error { return b.enterpriseCheckNamespaces(namespace) } -func (b *peeringBackend) IsLeader() bool { +func (b *PeeringBackend) IsLeader() bool { return b.srv.IsLeader() } -type leaderAddr struct { - lock sync.RWMutex - leaderAddr string -} - -func (m *leaderAddr) Set(addr string) { - m.lock.Lock() - defer m.lock.Unlock() - - m.leaderAddr = addr -} - -func (m *leaderAddr) Get() string { - m.lock.RLock() - defer m.lock.RUnlock() - - return m.leaderAddr -} - -type peeringApply struct { - srv *Server -} - -func (a *peeringApply) CheckPeeringUUID(id string) (bool, error) { - state := a.srv.fsm.State() +func (b *PeeringBackend) CheckPeeringUUID(id string) (bool, error) { + state := b.srv.fsm.State() if _, existing, err := state.PeeringReadByID(nil, id); err != nil { return false, err } else if existing != nil { @@ -154,31 +132,28 @@ func (a *peeringApply) CheckPeeringUUID(id string) (bool, error) { return true, nil } -func (a *peeringApply) PeeringWrite(req *pbpeering.PeeringWriteRequest) error { - _, err := a.srv.raftApplyProtobuf(structs.PeeringWriteType, req) +func (b *PeeringBackend) PeeringWrite(req *pbpeering.PeeringWriteRequest) error { + _, err := b.srv.raftApplyProtobuf(structs.PeeringWriteType, req) return err } // TODO(peering): This needs RPC metrics interceptor since it's not triggered by an RPC. -func (a *peeringApply) PeeringTerminateByID(req *pbpeering.PeeringTerminateByIDRequest) error { - _, err := a.srv.raftApplyProtobuf(structs.PeeringTerminateByIDType, req) +func (b *PeeringBackend) PeeringTerminateByID(req *pbpeering.PeeringTerminateByIDRequest) error { + _, err := b.srv.raftApplyProtobuf(structs.PeeringTerminateByIDType, req) return err } -func (a *peeringApply) PeeringTrustBundleWrite(req *pbpeering.PeeringTrustBundleWriteRequest) error { - _, err := a.srv.raftApplyProtobuf(structs.PeeringTrustBundleWriteType, req) +func (b *PeeringBackend) PeeringTrustBundleWrite(req *pbpeering.PeeringTrustBundleWriteRequest) error { + _, err := b.srv.raftApplyProtobuf(structs.PeeringTrustBundleWriteType, req) return err } -func (a *peeringApply) CatalogRegister(req *structs.RegisterRequest) error { - _, err := a.srv.leaderRaftApply("Catalog.Register", structs.RegisterRequestType, req) +func (b *PeeringBackend) CatalogRegister(req *structs.RegisterRequest) error { + _, err := b.srv.leaderRaftApply("Catalog.Register", structs.RegisterRequestType, req) return err } -func (a *peeringApply) CatalogDeregister(req *structs.DeregisterRequest) error { - _, err := a.srv.leaderRaftApply("Catalog.Deregister", structs.DeregisterRequestType, req) +func (b *PeeringBackend) CatalogDeregister(req *structs.DeregisterRequest) error { + _, err := b.srv.leaderRaftApply("Catalog.Deregister", structs.DeregisterRequestType, req) return err } - -var _ peering.Apply = (*peeringApply)(nil) -var _ peering.LeaderAddress = (*leaderAddr)(nil) diff --git a/agent/consul/peering_backend_oss.go b/agent/consul/peering_backend_oss.go index 412ce34a2..18d567b3c 100644 --- a/agent/consul/peering_backend_oss.go +++ b/agent/consul/peering_backend_oss.go @@ -8,14 +8,14 @@ import ( "strings" ) -func (b *peeringBackend) enterpriseCheckPartitions(partition string) error { +func (b *PeeringBackend) enterpriseCheckPartitions(partition string) error { if partition == "" || strings.EqualFold(partition, "default") { return nil } return fmt.Errorf("Partitions are a Consul Enterprise feature") } -func (b *peeringBackend) enterpriseCheckNamespaces(namespace string) error { +func (b *PeeringBackend) enterpriseCheckNamespaces(namespace string) error { if namespace == "" || strings.EqualFold(namespace, "default") { return nil } diff --git a/agent/consul/server.go b/agent/consul/server.go index ba198ce6b..5a9b20b8a 100644 --- a/agent/consul/server.go +++ b/agent/consul/server.go @@ -17,6 +17,7 @@ import ( "time" "github.com/armon/go-metrics" + "github.com/hashicorp/consul-net-rpc/net/rpc" connlimit "github.com/hashicorp/go-connlimit" "github.com/hashicorp/go-hclog" "github.com/hashicorp/go-memdb" @@ -29,8 +30,6 @@ import ( "golang.org/x/time/rate" "google.golang.org/grpc" - "github.com/hashicorp/consul-net-rpc/net/rpc" - "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/consul/authmethod" "github.com/hashicorp/consul/agent/consul/authmethod/ssoauth" @@ -44,6 +43,7 @@ import ( aclgrpc "github.com/hashicorp/consul/agent/grpc/public/services/acl" "github.com/hashicorp/consul/agent/grpc/public/services/connectca" "github.com/hashicorp/consul/agent/grpc/public/services/dataplane" + "github.com/hashicorp/consul/agent/grpc/public/services/peerstream" "github.com/hashicorp/consul/agent/grpc/public/services/serverdiscovery" "github.com/hashicorp/consul/agent/metadata" "github.com/hashicorp/consul/agent/pool" @@ -55,7 +55,6 @@ import ( "github.com/hashicorp/consul/lib" "github.com/hashicorp/consul/lib/routine" "github.com/hashicorp/consul/logging" - "github.com/hashicorp/consul/proto/pbpeering" "github.com/hashicorp/consul/proto/pbsubscribe" "github.com/hashicorp/consul/tlsutil" "github.com/hashicorp/consul/types" @@ -364,8 +363,13 @@ type Server struct { // this into the Deps struct and created it much earlier on. publisher *stream.EventPublisher - // peering is a service used to handle peering streams. - peeringService *peering.Service + // peeringBackend is shared between the public and private gRPC services for peering + peeringBackend *PeeringBackend + + // peerStreamServer is a server used to handle peering streams + peerStreamServer *peerstream.Server + peeringServer *peering.Server + peerStreamTracker *peerstream.Tracker // embedded struct to hold all the enterprise specific data EnterpriseServer @@ -717,6 +721,19 @@ func NewServer(config *Config, flat Deps, publicGRPCServer *grpc.Server) (*Serve Logger: logger.Named("grpc-api.server-discovery"), }).Register(s.publicGRPCServer) + s.peerStreamTracker = peerstream.NewTracker() + s.peeringBackend = NewPeeringBackend(s) + s.peerStreamServer = peerstream.NewServer(peerstream.Config{ + Backend: s.peeringBackend, + Tracker: s.peerStreamTracker, + GetStore: func() peerstream.StateStore { return s.FSM().State() }, + Logger: logger.Named("grpc-api.peerstream"), + ACLResolver: s.ACLResolver, + Datacenter: s.config.Datacenter, + ConnectEnabled: s.config.ConnectEnabled, + }) + s.peerStreamServer.Register(s.publicGRPCServer) + // Initialize private gRPC server. // // Note: some "public" gRPC services are also exposed on the private gRPC server @@ -757,15 +774,25 @@ func NewServer(config *Config, flat Deps, publicGRPCServer *grpc.Server) (*Serve } func newGRPCHandlerFromConfig(deps Deps, config *Config, s *Server) connHandler { - p := peering.NewService( - deps.Logger.Named("grpc-api.peering"), - peering.Config{ - Datacenter: config.Datacenter, - ConnectEnabled: config.ConnectEnabled, + if s.peeringBackend == nil { + panic("peeringBackend is required during construction") + } + + p := peering.NewServer(peering.Config{ + Backend: s.peeringBackend, + Tracker: s.peerStreamTracker, + Logger: deps.Logger.Named("grpc-api.peering"), + ForwardRPC: func(info structs.RPCInfo, fn func(*grpc.ClientConn) error) (bool, error) { + // Only forward the request if the dc in the request matches the server's datacenter. + if info.RequestDatacenter() != "" && info.RequestDatacenter() != config.Datacenter { + return false, fmt.Errorf("requests to generate peering tokens cannot be forwarded to remote datacenters") + } + return s.ForwardGRPC(s.grpcConnPool, info, fn) }, - NewPeeringBackend(s, deps.GRPCConnPool), - ) - s.peeringService = p + Datacenter: config.Datacenter, + ConnectEnabled: config.ConnectEnabled, + }) + s.peeringServer = p register := func(srv *grpc.Server) { if config.RPCConfig.EnableStreaming { @@ -773,7 +800,7 @@ func newGRPCHandlerFromConfig(deps Deps, config *Config, s *Server) connHandler &subscribeBackend{srv: s, connPool: deps.GRPCConnPool}, deps.Logger.Named("grpc-api.subscription"))) } - pbpeering.RegisterPeeringServiceServer(srv, s.peeringService) + s.peeringServer.Register(srv) s.registerEnterpriseGRPCServices(deps, srv) // Note: these public gRPC services are also exposed on the private server to @@ -1658,7 +1685,7 @@ func (s *Server) trackLeaderChanges() { } s.grpcLeaderForwarder.UpdateLeaderAddr(s.config.Datacenter, string(leaderObs.LeaderAddr)) - s.peeringService.Backend.LeaderAddress().Set(string(leaderObs.LeaderAddr)) + s.peeringBackend.SetLeaderAddress(string(leaderObs.LeaderAddr)) case <-s.shutdownCh: s.raft.DeregisterObserver(observer) return diff --git a/agent/consul/server_test.go b/agent/consul/server_test.go index 22b17d5c2..e165e979d 100644 --- a/agent/consul/server_test.go +++ b/agent/consul/server_test.go @@ -14,15 +14,14 @@ import ( "github.com/armon/go-metrics" "github.com/google/tcpproxy" + "github.com/hashicorp/consul-net-rpc/net/rpc" "github.com/hashicorp/go-hclog" + "github.com/hashicorp/go-uuid" "github.com/hashicorp/memberlist" "github.com/hashicorp/raft" - "google.golang.org/grpc" - - "github.com/hashicorp/go-uuid" + "github.com/stretchr/testify/require" "golang.org/x/time/rate" - - "github.com/hashicorp/consul-net-rpc/net/rpc" + "google.golang.org/grpc" "github.com/hashicorp/consul/agent/connect" "github.com/hashicorp/consul/agent/metadata" @@ -36,8 +35,6 @@ import ( "github.com/hashicorp/consul/testrpc" "github.com/hashicorp/consul/tlsutil" "github.com/hashicorp/consul/types" - - "github.com/stretchr/testify/require" ) const ( @@ -1999,7 +1996,7 @@ func TestServer_Peering_LeadershipCheck(t *testing.T) { // the actual tests // when leadership has been established s2 should have the address of s1 // in the peering service - peeringLeaderAddr := s2.peeringService.Backend.LeaderAddress().Get() + peeringLeaderAddr := s2.peeringBackend.GetLeaderAddress() require.Equal(t, s1.config.RPCAddr.String(), peeringLeaderAddr) // test corollary by transitivity to future-proof against any setup bugs diff --git a/agent/rpc/peering/health_snapshot.go b/agent/grpc/public/services/peerstream/health_snapshot.go similarity index 99% rename from agent/rpc/peering/health_snapshot.go rename to agent/grpc/public/services/peerstream/health_snapshot.go index 8d73dcea4..c6cb3243b 100644 --- a/agent/rpc/peering/health_snapshot.go +++ b/agent/grpc/public/services/peerstream/health_snapshot.go @@ -1,4 +1,4 @@ -package peering +package peerstream import ( "github.com/hashicorp/consul/agent/structs" diff --git a/agent/rpc/peering/health_snapshot_test.go b/agent/grpc/public/services/peerstream/health_snapshot_test.go similarity index 99% rename from agent/rpc/peering/health_snapshot_test.go rename to agent/grpc/public/services/peerstream/health_snapshot_test.go index 33f662750..74731b55f 100644 --- a/agent/rpc/peering/health_snapshot_test.go +++ b/agent/grpc/public/services/peerstream/health_snapshot_test.go @@ -1,4 +1,4 @@ -package peering +package peerstream import ( "testing" diff --git a/agent/grpc/public/services/peerstream/mock_ACLResolver.go b/agent/grpc/public/services/peerstream/mock_ACLResolver.go new file mode 100644 index 000000000..d0e672088 --- /dev/null +++ b/agent/grpc/public/services/peerstream/mock_ACLResolver.go @@ -0,0 +1,48 @@ +// Code generated by mockery v2.12.2. DO NOT EDIT. + +package peerstream + +import ( + acl "github.com/hashicorp/consul/acl" + mock "github.com/stretchr/testify/mock" + + resolver "github.com/hashicorp/consul/acl/resolver" + + testing "testing" +) + +// MockACLResolver is an autogenerated mock type for the ACLResolver type +type MockACLResolver struct { + mock.Mock +} + +// ResolveTokenAndDefaultMeta provides a mock function with given fields: _a0, _a1, _a2 +func (_m *MockACLResolver) ResolveTokenAndDefaultMeta(_a0 string, _a1 *acl.EnterpriseMeta, _a2 *acl.AuthorizerContext) (resolver.Result, error) { + ret := _m.Called(_a0, _a1, _a2) + + var r0 resolver.Result + if rf, ok := ret.Get(0).(func(string, *acl.EnterpriseMeta, *acl.AuthorizerContext) resolver.Result); ok { + r0 = rf(_a0, _a1, _a2) + } else { + r0 = ret.Get(0).(resolver.Result) + } + + var r1 error + if rf, ok := ret.Get(1).(func(string, *acl.EnterpriseMeta, *acl.AuthorizerContext) error); ok { + r1 = rf(_a0, _a1, _a2) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// NewMockACLResolver creates a new instance of MockACLResolver. It also registers the testing.TB interface on the mock and a cleanup function to assert the mocks expectations. +func NewMockACLResolver(t testing.TB) *MockACLResolver { + mock := &MockACLResolver{} + mock.Mock.Test(t) + + t.Cleanup(func() { mock.AssertExpectations(t) }) + + return mock +} diff --git a/agent/rpc/peering/replication.go b/agent/grpc/public/services/peerstream/replication.go similarity index 84% rename from agent/rpc/peering/replication.go rename to agent/grpc/public/services/peerstream/replication.go index aef8b4525..bbb54c408 100644 --- a/agent/rpc/peering/replication.go +++ b/agent/grpc/public/services/peerstream/replication.go @@ -1,4 +1,4 @@ -package peering +package peerstream import ( "errors" @@ -7,7 +7,6 @@ import ( "github.com/golang/protobuf/proto" "github.com/golang/protobuf/ptypes" - "github.com/hashicorp/consul/types" "github.com/hashicorp/go-hclog" "google.golang.org/genproto/googleapis/rpc/code" "google.golang.org/protobuf/types/known/anypb" @@ -15,8 +14,10 @@ import ( "github.com/hashicorp/consul/agent/cache" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/proto/pbpeering" + "github.com/hashicorp/consul/proto/pbpeerstream" "github.com/hashicorp/consul/proto/pbservice" "github.com/hashicorp/consul/proto/pbstatus" + "github.com/hashicorp/consul/types" ) /* @@ -37,7 +38,7 @@ import ( func makeServiceResponse( logger hclog.Logger, update cache.UpdateEvent, -) *pbpeering.ReplicationMessage { +) *pbpeerstream.ReplicationMessage { any, csn, err := marshalToProtoAny[*pbservice.IndexedCheckServiceNodes](update.Result) if err != nil { // Log the error and skip this response to avoid locking up peering due to a bad update event. @@ -55,14 +56,14 @@ func makeServiceResponse( // We don't distinguish when these three things occurred, but it's safe to send a DELETE Op in all cases, so we do that. // Case #1 is a no-op for the importing peer. if len(csn.Nodes) == 0 { - resp := &pbpeering.ReplicationMessage{ - Payload: &pbpeering.ReplicationMessage_Response_{ - Response: &pbpeering.ReplicationMessage_Response{ - ResourceURL: pbpeering.TypeURLService, + resp := &pbpeerstream.ReplicationMessage{ + Payload: &pbpeerstream.ReplicationMessage_Response_{ + Response: &pbpeerstream.ReplicationMessage_Response{ + ResourceURL: pbpeerstream.TypeURLService, // TODO(peering): Nonce management Nonce: "", ResourceID: serviceName, - Operation: pbpeering.ReplicationMessage_Response_DELETE, + Operation: pbpeerstream.Operation_OPERATION_DELETE, }, }, } @@ -70,14 +71,14 @@ func makeServiceResponse( } // If there are nodes in the response, we push them as an UPSERT operation. - resp := &pbpeering.ReplicationMessage{ - Payload: &pbpeering.ReplicationMessage_Response_{ - Response: &pbpeering.ReplicationMessage_Response{ - ResourceURL: pbpeering.TypeURLService, + resp := &pbpeerstream.ReplicationMessage{ + Payload: &pbpeerstream.ReplicationMessage_Response_{ + Response: &pbpeerstream.ReplicationMessage_Response{ + ResourceURL: pbpeerstream.TypeURLService, // TODO(peering): Nonce management Nonce: "", ResourceID: serviceName, - Operation: pbpeering.ReplicationMessage_Response_UPSERT, + Operation: pbpeerstream.Operation_OPERATION_UPSERT, Resource: any, }, }, @@ -88,7 +89,7 @@ func makeServiceResponse( func makeCARootsResponse( logger hclog.Logger, update cache.UpdateEvent, -) *pbpeering.ReplicationMessage { +) *pbpeerstream.ReplicationMessage { any, _, err := marshalToProtoAny[*pbpeering.PeeringTrustBundle](update.Result) if err != nil { // Log the error and skip this response to avoid locking up peering due to a bad update event. @@ -96,14 +97,14 @@ func makeCARootsResponse( return nil } - resp := &pbpeering.ReplicationMessage{ - Payload: &pbpeering.ReplicationMessage_Response_{ - Response: &pbpeering.ReplicationMessage_Response{ - ResourceURL: pbpeering.TypeURLRoots, + resp := &pbpeerstream.ReplicationMessage{ + Payload: &pbpeerstream.ReplicationMessage_Response_{ + Response: &pbpeerstream.ReplicationMessage_Response{ + ResourceURL: pbpeerstream.TypeURLRoots, // TODO(peering): Nonce management Nonce: "", ResourceID: "roots", - Operation: pbpeering.ReplicationMessage_Response_UPSERT, + Operation: pbpeerstream.Operation_OPERATION_UPSERT, Resource: any, }, }, @@ -128,12 +129,12 @@ func marshalToProtoAny[T proto.Message](in any) (*anypb.Any, T, error) { return any, typ, nil } -func (s *Service) processResponse( +func (s *Server) processResponse( peerName string, partition string, - resp *pbpeering.ReplicationMessage_Response, -) (*pbpeering.ReplicationMessage, error) { - if !pbpeering.KnownTypeURL(resp.ResourceURL) { + resp *pbpeerstream.ReplicationMessage_Response, +) (*pbpeerstream.ReplicationMessage, error) { + if !pbpeerstream.KnownTypeURL(resp.ResourceURL) { err := fmt.Errorf("received response for unknown resource type %q", resp.ResourceURL) return makeReply( resp.ResourceURL, @@ -144,7 +145,7 @@ func (s *Service) processResponse( } switch resp.Operation { - case pbpeering.ReplicationMessage_Response_UPSERT: + case pbpeerstream.Operation_OPERATION_UPSERT: if resp.Resource == nil { err := fmt.Errorf("received upsert response with no content") return makeReply( @@ -166,7 +167,7 @@ func (s *Service) processResponse( return makeReply(resp.ResourceURL, resp.Nonce, code.Code_OK, ""), nil - case pbpeering.ReplicationMessage_Response_DELETE: + case pbpeerstream.Operation_OPERATION_DELETE: if err := s.handleDelete(peerName, partition, resp.ResourceURL, resp.ResourceID); err != nil { return makeReply( resp.ResourceURL, @@ -179,7 +180,7 @@ func (s *Service) processResponse( default: var errMsg string - if op := pbpeering.ReplicationMessage_Response_Operation_name[int32(resp.Operation)]; op != "" { + if op := pbpeerstream.Operation_name[int32(resp.Operation)]; op != "" { errMsg = fmt.Sprintf("unsupported operation: %q", op) } else { errMsg = fmt.Sprintf("unsupported operation: %d", resp.Operation) @@ -193,7 +194,7 @@ func (s *Service) processResponse( } } -func (s *Service) handleUpsert( +func (s *Server) handleUpsert( peerName string, partition string, resourceURL string, @@ -201,7 +202,7 @@ func (s *Service) handleUpsert( resource *anypb.Any, ) error { switch resourceURL { - case pbpeering.TypeURLService: + case pbpeerstream.TypeURLService: sn := structs.ServiceNameFromString(resourceID) sn.OverridePartition(partition) @@ -212,7 +213,7 @@ func (s *Service) handleUpsert( return s.handleUpdateService(peerName, partition, sn, csn) - case pbpeering.TypeURLRoots: + case pbpeerstream.TypeURLRoots: roots := &pbpeering.PeeringTrustBundle{} if err := ptypes.UnmarshalAny(resource, roots); err != nil { return fmt.Errorf("failed to unmarshal resource: %w", err) @@ -233,14 +234,14 @@ func (s *Service) handleUpsert( // On a DELETE event: // - A reconciliation against nil or empty input pbNodes leads to deleting all stored catalog resources // associated with the service name. -func (s *Service) handleUpdateService( +func (s *Server) handleUpdateService( peerName string, partition string, sn structs.ServiceName, pbNodes *pbservice.IndexedCheckServiceNodes, ) error { // Capture instances in the state store for reconciliation later. - _, storedInstances, err := s.Backend.Store().CheckServiceNodes(nil, sn.Name, &sn.EnterpriseMeta, peerName) + _, storedInstances, err := s.GetStore().CheckServiceNodes(nil, sn.Name, &sn.EnterpriseMeta, peerName) if err != nil { return fmt.Errorf("failed to read imported services: %w", err) } @@ -256,14 +257,14 @@ func (s *Service) handleUpdateService( for _, nodeSnap := range snap.Nodes { // First register the node req := nodeSnap.Node.ToRegisterRequest() - if err := s.Backend.Apply().CatalogRegister(&req); err != nil { + if err := s.Backend.CatalogRegister(&req); err != nil { return fmt.Errorf("failed to register node: %w", err) } // Then register all services on that node for _, svcSnap := range nodeSnap.Services { req.Service = svcSnap.Service - if err := s.Backend.Apply().CatalogRegister(&req); err != nil { + if err := s.Backend.CatalogRegister(&req); err != nil { return fmt.Errorf("failed to register service: %w", err) } } @@ -278,7 +279,7 @@ func (s *Service) handleUpdateService( } req.Checks = chks - if err := s.Backend.Apply().CatalogRegister(&req); err != nil { + if err := s.Backend.CatalogRegister(&req); err != nil { return fmt.Errorf("failed to register check: %w", err) } } @@ -315,7 +316,7 @@ func (s *Service) handleUpdateService( // instance is not in the snapshot either, since a service instance can't // exist without a node. // This will also delete all service checks. - err := s.Backend.Apply().CatalogDeregister(&structs.DeregisterRequest{ + err := s.Backend.CatalogDeregister(&structs.DeregisterRequest{ Node: csn.Node.Node, ServiceID: csn.Service.ID, EnterpriseMeta: csn.Service.EnterpriseMeta, @@ -335,7 +336,7 @@ func (s *Service) handleUpdateService( // Delete the service instance if not in the snapshot. sid := csn.Service.CompoundServiceID() if _, ok := snap.Nodes[csn.Node.ID].Services[sid]; !ok { - err := s.Backend.Apply().CatalogDeregister(&structs.DeregisterRequest{ + err := s.Backend.CatalogDeregister(&structs.DeregisterRequest{ Node: csn.Node.Node, ServiceID: csn.Service.ID, EnterpriseMeta: csn.Service.EnterpriseMeta, @@ -369,7 +370,7 @@ func (s *Service) handleUpdateService( // If the check isn't a node check then it's a service check. // Service checks that were not present can be deleted immediately because // checks for a given service ID will only be attached to a single CheckServiceNode. - err := s.Backend.Apply().CatalogDeregister(&structs.DeregisterRequest{ + err := s.Backend.CatalogDeregister(&structs.DeregisterRequest{ Node: chk.Node, CheckID: chk.CheckID, EnterpriseMeta: chk.EnterpriseMeta, @@ -387,7 +388,7 @@ func (s *Service) handleUpdateService( // Delete all deduplicated node checks. for chk := range deletedNodeChecks { nodeMeta := structs.NodeEnterpriseMetaInPartition(sn.PartitionOrDefault()) - err := s.Backend.Apply().CatalogDeregister(&structs.DeregisterRequest{ + err := s.Backend.CatalogDeregister(&structs.DeregisterRequest{ Node: chk.node, CheckID: chk.checkID, EnterpriseMeta: *nodeMeta, @@ -402,7 +403,7 @@ func (s *Service) handleUpdateService( // Delete any nodes that do not have any other services registered on them. for node := range unusedNodes { nodeMeta := structs.NodeEnterpriseMetaInPartition(sn.PartitionOrDefault()) - _, ns, err := s.Backend.Store().NodeServices(nil, node, nodeMeta, peerName) + _, ns, err := s.GetStore().NodeServices(nil, node, nodeMeta, peerName) if err != nil { return fmt.Errorf("failed to query services on node: %w", err) } @@ -412,7 +413,7 @@ func (s *Service) handleUpdateService( } // All services on the node were deleted, so the node is also cleaned up. - err = s.Backend.Apply().CatalogDeregister(&structs.DeregisterRequest{ + err = s.Backend.CatalogDeregister(&structs.DeregisterRequest{ Node: node, PeerName: peerName, EnterpriseMeta: *nodeMeta, @@ -425,7 +426,7 @@ func (s *Service) handleUpdateService( return nil } -func (s *Service) handleUpsertRoots( +func (s *Server) handleUpsertRoots( peerName string, partition string, trustBundle *pbpeering.PeeringTrustBundle, @@ -437,17 +438,17 @@ func (s *Service) handleUpsertRoots( req := &pbpeering.PeeringTrustBundleWriteRequest{ PeeringTrustBundle: trustBundle, } - return s.Backend.Apply().PeeringTrustBundleWrite(req) + return s.Backend.PeeringTrustBundleWrite(req) } -func (s *Service) handleDelete( +func (s *Server) handleDelete( peerName string, partition string, resourceURL string, resourceID string, ) error { switch resourceURL { - case pbpeering.TypeURLService: + case pbpeerstream.TypeURLService: sn := structs.ServiceNameFromString(resourceID) sn.OverridePartition(partition) return s.handleUpdateService(peerName, partition, sn, nil) @@ -457,7 +458,7 @@ func (s *Service) handleDelete( } } -func makeReply(resourceURL, nonce string, errCode code.Code, errMsg string) *pbpeering.ReplicationMessage { +func makeReply(resourceURL, nonce string, errCode code.Code, errMsg string) *pbpeerstream.ReplicationMessage { var rpcErr *pbstatus.Status if errCode != code.Code_OK || errMsg != "" { rpcErr = &pbstatus.Status{ @@ -467,9 +468,9 @@ func makeReply(resourceURL, nonce string, errCode code.Code, errMsg string) *pbp } // TODO: shouldn't this be response? - return &pbpeering.ReplicationMessage{ - Payload: &pbpeering.ReplicationMessage_Request_{ - Request: &pbpeering.ReplicationMessage_Request{ + return &pbpeerstream.ReplicationMessage{ + Payload: &pbpeerstream.ReplicationMessage_Request_{ + Request: &pbpeerstream.ReplicationMessage_Request{ ResourceURL: resourceURL, Nonce: nonce, Error: rpcErr, diff --git a/agent/grpc/public/services/peerstream/server.go b/agent/grpc/public/services/peerstream/server.go new file mode 100644 index 000000000..a71c30d31 --- /dev/null +++ b/agent/grpc/public/services/peerstream/server.go @@ -0,0 +1,101 @@ +package peerstream + +import ( + "github.com/hashicorp/go-hclog" + "github.com/hashicorp/go-memdb" + "google.golang.org/grpc" + + "github.com/hashicorp/consul/acl" + "github.com/hashicorp/consul/acl/resolver" + "github.com/hashicorp/consul/agent/consul/state" + "github.com/hashicorp/consul/agent/consul/stream" + "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/proto/pbpeering" + "github.com/hashicorp/consul/proto/pbpeerstream" +) + +// TODO(peering): fix up these interfaces to be more testable now that they are +// extracted from private peering + +type Server struct { + Config +} + +type Config struct { + Backend Backend + Tracker *Tracker + GetStore func() StateStore + Logger hclog.Logger + ACLResolver ACLResolver + // Datacenter of the Consul server this gRPC server is hosted on + Datacenter string + ConnectEnabled bool +} + +//go:generate mockery --name ACLResolver --inpackage +type ACLResolver interface { + ResolveTokenAndDefaultMeta(string, *acl.EnterpriseMeta, *acl.AuthorizerContext) (resolver.Result, error) +} + +func NewServer(cfg Config) *Server { + requireNotNil(cfg.Backend, "Backend") + requireNotNil(cfg.Tracker, "Tracker") + requireNotNil(cfg.GetStore, "GetStore") + requireNotNil(cfg.Logger, "Logger") + // requireNotNil(cfg.ACLResolver, "ACLResolver") // TODO(peering): reenable check when ACLs are required + if cfg.Datacenter == "" { + panic("Datacenter is required") + } + return &Server{ + Config: cfg, + } +} + +func requireNotNil(v interface{}, name string) { + if v == nil { + panic(name + " is required") + } +} + +var _ pbpeerstream.PeerStreamServiceServer = (*Server)(nil) + +func (s *Server) Register(grpcServer *grpc.Server) { + pbpeerstream.RegisterPeerStreamServiceServer(grpcServer, s) +} + +type Backend interface { + Subscribe(req *stream.SubscribeRequest) (*stream.Subscription, error) + + // IsLeader indicates whether the consul server is in a leader state or not. + IsLeader() bool + + // SetLeaderAddress is called on a raft.LeaderObservation in a go routine + // in the consul server; see trackLeaderChanges() + SetLeaderAddress(string) + + // GetLeaderAddress provides the best hint for the current address of the + // leader. There is no guarantee that this is the actual address of the + // leader. + GetLeaderAddress() string + + PeeringTerminateByID(req *pbpeering.PeeringTerminateByIDRequest) error + PeeringTrustBundleWrite(req *pbpeering.PeeringTrustBundleWriteRequest) error + CatalogRegister(req *structs.RegisterRequest) error + CatalogDeregister(req *structs.DeregisterRequest) error +} + +// StateStore provides a read-only interface for querying Peering data. +type StateStore interface { + PeeringRead(ws memdb.WatchSet, q state.Query) (uint64, *pbpeering.Peering, error) + PeeringReadByID(ws memdb.WatchSet, id string) (uint64, *pbpeering.Peering, error) + PeeringList(ws memdb.WatchSet, entMeta acl.EnterpriseMeta) (uint64, []*pbpeering.Peering, error) + PeeringTrustBundleRead(ws memdb.WatchSet, q state.Query) (uint64, *pbpeering.PeeringTrustBundle, error) + PeeringTrustBundleList(ws memdb.WatchSet, entMeta acl.EnterpriseMeta) (uint64, []*pbpeering.PeeringTrustBundle, error) + ExportedServicesForPeer(ws memdb.WatchSet, peerID, dc string) (uint64, *structs.ExportedServiceList, error) + ServiceDump(ws memdb.WatchSet, kind structs.ServiceKind, useKind bool, entMeta *acl.EnterpriseMeta, peerName string) (uint64, structs.CheckServiceNodes, error) + CheckServiceNodes(ws memdb.WatchSet, serviceName string, entMeta *acl.EnterpriseMeta, peerName string) (uint64, structs.CheckServiceNodes, error) + NodeServices(ws memdb.WatchSet, nodeNameOrID string, entMeta *acl.EnterpriseMeta, peerName string) (uint64, *structs.NodeServices, error) + CAConfig(ws memdb.WatchSet) (uint64, *structs.CAConfiguration, error) + TrustBundleListByService(ws memdb.WatchSet, service, dc string, entMeta acl.EnterpriseMeta) (uint64, []*pbpeering.PeeringTrustBundle, error) + AbandonCh() <-chan struct{} +} diff --git a/agent/grpc/public/services/peerstream/stream_resources.go b/agent/grpc/public/services/peerstream/stream_resources.go new file mode 100644 index 000000000..17a606e5b --- /dev/null +++ b/agent/grpc/public/services/peerstream/stream_resources.go @@ -0,0 +1,390 @@ +package peerstream + +import ( + "context" + "fmt" + "io" + "strings" + + "github.com/golang/protobuf/jsonpb" + "github.com/golang/protobuf/proto" + "github.com/hashicorp/go-hclog" + "google.golang.org/genproto/googleapis/rpc/code" + "google.golang.org/grpc/codes" + grpcstatus "google.golang.org/grpc/status" + + "github.com/hashicorp/consul/agent/connect" + "github.com/hashicorp/consul/agent/grpc/public" + "github.com/hashicorp/consul/proto/pbpeering" + "github.com/hashicorp/consul/proto/pbpeerstream" +) + +type BidirectionalStream interface { + Send(*pbpeerstream.ReplicationMessage) error + Recv() (*pbpeerstream.ReplicationMessage, error) + Context() context.Context +} + +// StreamResources handles incoming streaming connections. +func (s *Server) StreamResources(stream pbpeerstream.PeerStreamService_StreamResourcesServer) error { + logger := s.Logger.Named("stream-resources").With("request_id", public.TraceID()) + + logger.Trace("Started processing request") + defer logger.Trace("Finished processing request") + + if !s.Backend.IsLeader() { + // we are not the leader so we will hang up on the dialer + + logger.Error("cannot establish a peering stream on a follower node") + + st, err := grpcstatus.New(codes.FailedPrecondition, + "cannot establish a peering stream on a follower node").WithDetails( + &pbpeerstream.LeaderAddress{Address: s.Backend.GetLeaderAddress()}) + if err != nil { + logger.Error(fmt.Sprintf("failed to marshal the leader address in response; err: %v", err)) + return grpcstatus.Error(codes.FailedPrecondition, "cannot establish a peering stream on a follower node") + } else { + return st.Err() + } + } + + // Initial message on a new stream must be a new subscription request. + first, err := stream.Recv() + if err != nil { + logger.Error("failed to establish stream", "error", err) + return err + } + + // TODO(peering) Make request contain a list of resources, so that roots and services can be + // subscribed to with a single request. See: + // https://github.com/envoyproxy/data-plane-api/blob/main/envoy/service/discovery/v3/discovery.proto#L46 + req := first.GetRequest() + if req == nil { + return grpcstatus.Error(codes.InvalidArgument, "first message when initiating a peering must be a subscription request") + } + logger.Trace("received initial replication request from peer") + logTraceRecv(logger, req) + + if req.PeerID == "" { + return grpcstatus.Error(codes.InvalidArgument, "initial subscription request must specify a PeerID") + } + if req.Nonce != "" { + return grpcstatus.Error(codes.InvalidArgument, "initial subscription request must not contain a nonce") + } + if !pbpeerstream.KnownTypeURL(req.ResourceURL) { + return grpcstatus.Error(codes.InvalidArgument, fmt.Sprintf("subscription request to unknown resource URL: %s", req.ResourceURL)) + } + + _, p, err := s.GetStore().PeeringReadByID(nil, req.PeerID) + if err != nil { + logger.Error("failed to look up peer", "peer_id", req.PeerID, "error", err) + return grpcstatus.Error(codes.Internal, "failed to find PeerID: "+req.PeerID) + } + if p == nil { + return grpcstatus.Error(codes.InvalidArgument, "initial subscription for unknown PeerID: "+req.PeerID) + } + + // TODO(peering): If the peering is marked as deleted, send a Terminated message and return + // TODO(peering): Store subscription request so that an event publisher can separately handle pushing messages for it + logger.Info("accepted initial replication request from peer", "peer_id", p.ID) + + streamReq := HandleStreamRequest{ + LocalID: p.ID, + RemoteID: p.PeerID, + PeerName: p.Name, + Partition: p.Partition, + Stream: stream, + } + err = s.HandleStream(streamReq) + // A nil error indicates that the peering was deleted and the stream needs to be gracefully shutdown. + if err == nil { + s.DrainStream(streamReq) + return nil + } + + logger.Error("error handling stream", "peer_name", p.Name, "peer_id", req.PeerID, "error", err) + return err +} + +type HandleStreamRequest struct { + // LocalID is the UUID for the peering in the local Consul datacenter. + LocalID string + + // RemoteID is the UUID for the peering from the perspective of the peer. + RemoteID string + + // PeerName is the name of the peering. + PeerName string + + // Partition is the local partition associated with the peer. + Partition string + + // Stream is the open stream to the peer cluster. + Stream BidirectionalStream +} + +// DrainStream attempts to gracefully drain the stream when the connection is going to be torn down. +// Tearing down the connection too quickly can lead our peer receiving a context cancellation error before the stream termination message. +// Handling the termination message is important to set the expectation that the peering will not be reestablished unless recreated. +func (s *Server) DrainStream(req HandleStreamRequest) { + for { + // Ensure that we read until an error, or the peer has nothing more to send. + if _, err := req.Stream.Recv(); err != nil { + if err != io.EOF { + s.Logger.Warn("failed to tear down stream gracefully: peer may not have received termination message", + "peer_name", req.PeerName, "peer_id", req.LocalID, "error", err) + } + break + } + // Since the peering is being torn down we discard all replication messages without an error. + // We want to avoid importing new data at this point. + } +} + +// The localID provided is the locally-generated identifier for the peering. +// The remoteID is an identifier that the remote peer recognizes for the peering. +func (s *Server) HandleStream(req HandleStreamRequest) error { + // TODO: pass logger down from caller? + logger := s.Logger.Named("stream").With("peer_name", req.PeerName, "peer_id", req.LocalID) + logger.Trace("handling stream for peer") + + status, err := s.Tracker.Connected(req.LocalID) + if err != nil { + return fmt.Errorf("failed to register stream: %v", err) + } + + // TODO(peering) Also need to clear subscriptions associated with the peer + defer s.Tracker.Disconnected(req.LocalID) + + var trustDomain string + if s.ConnectEnabled { + // Read the TrustDomain up front - we do not allow users to change the ClusterID + // so reading it once at the beginning of the stream is sufficient. + trustDomain, err = getTrustDomain(s.GetStore(), logger) + if err != nil { + return err + } + } + + mgr := newSubscriptionManager( + req.Stream.Context(), + logger, + s.Config, + trustDomain, + s.Backend, + s.GetStore, + ) + subCh := mgr.subscribe(req.Stream.Context(), req.LocalID, req.PeerName, req.Partition) + + sub := &pbpeerstream.ReplicationMessage{ + Payload: &pbpeerstream.ReplicationMessage_Request_{ + Request: &pbpeerstream.ReplicationMessage_Request{ + ResourceURL: pbpeerstream.TypeURLService, + PeerID: req.RemoteID, + }, + }, + } + logTraceSend(logger, sub) + + if err := req.Stream.Send(sub); err != nil { + if err == io.EOF { + logger.Info("stream ended by peer") + status.TrackReceiveError(err.Error()) + return nil + } + // TODO(peering) Test error handling in calls to Send/Recv + status.TrackSendError(err.Error()) + return fmt.Errorf("failed to send to stream: %v", err) + } + + // TODO(peering): Should this be buffered? + recvChan := make(chan *pbpeerstream.ReplicationMessage) + go func() { + defer close(recvChan) + for { + msg, err := req.Stream.Recv() + if err == nil { + logTraceRecv(logger, msg) + recvChan <- msg + continue + } + + if err == io.EOF { + logger.Info("stream ended by peer") + status.TrackReceiveError(err.Error()) + return + } + logger.Error("failed to receive from stream", "error", err) + status.TrackReceiveError(err.Error()) + return + } + }() + + for { + select { + // When the doneCh is closed that means that the peering was deleted locally. + case <-status.Done(): + logger.Info("ending stream") + + term := &pbpeerstream.ReplicationMessage{ + Payload: &pbpeerstream.ReplicationMessage_Terminated_{ + Terminated: &pbpeerstream.ReplicationMessage_Terminated{}, + }, + } + logTraceSend(logger, term) + + if err := req.Stream.Send(term); err != nil { + status.TrackSendError(err.Error()) + return fmt.Errorf("failed to send to stream: %v", err) + } + + logger.Trace("deleting stream status") + s.Tracker.DeleteStatus(req.LocalID) + + return nil + + case msg, open := <-recvChan: + if !open { + logger.Trace("no longer receiving data on the stream") + return nil + } + + if !s.Backend.IsLeader() { + // we are not the leader anymore so we will hang up on the dialer + logger.Error("node is not a leader anymore; cannot continue streaming") + + st, err := grpcstatus.New(codes.FailedPrecondition, + "node is not a leader anymore; cannot continue streaming").WithDetails( + &pbpeerstream.LeaderAddress{Address: s.Backend.GetLeaderAddress()}) + if err != nil { + logger.Error(fmt.Sprintf("failed to marshal the leader address in response; err: %v", err)) + return grpcstatus.Error(codes.FailedPrecondition, "node is not a leader anymore; cannot continue streaming") + } else { + return st.Err() + } + } + + if req := msg.GetRequest(); req != nil { + switch { + case req.Nonce == "": + // TODO(peering): This can happen on a client peer since they don't try to receive subscriptions before entering HandleStream. + // Should change that behavior or only allow it that one time. + + case req.Error != nil && (req.Error.Code != int32(code.Code_OK) || req.Error.Message != ""): + logger.Warn("client peer was unable to apply resource", "code", req.Error.Code, "error", req.Error.Message) + status.TrackNack(fmt.Sprintf("client peer was unable to apply resource: %s", req.Error.Message)) + + default: + status.TrackAck() + } + + continue + } + + if resp := msg.GetResponse(); resp != nil { + // TODO(peering): Ensure there's a nonce + reply, err := s.processResponse(req.PeerName, req.Partition, resp) + if err != nil { + logger.Error("failed to persist resource", "resourceURL", resp.ResourceURL, "resourceID", resp.ResourceID) + status.TrackReceiveError(err.Error()) + } else { + status.TrackReceiveSuccess() + } + + logTraceSend(logger, reply) + if err := req.Stream.Send(reply); err != nil { + status.TrackSendError(err.Error()) + return fmt.Errorf("failed to send to stream: %v", err) + } + + continue + } + + if term := msg.GetTerminated(); term != nil { + logger.Info("peering was deleted by our peer: marking peering as terminated and cleaning up imported resources") + + // Once marked as terminated, a separate deferred deletion routine will clean up imported resources. + if err := s.Backend.PeeringTerminateByID(&pbpeering.PeeringTerminateByIDRequest{ID: req.LocalID}); err != nil { + logger.Error("failed to mark peering as terminated: %w", err) + } + return nil + } + + case update := <-subCh: + var resp *pbpeerstream.ReplicationMessage + switch { + case strings.HasPrefix(update.CorrelationID, subExportedService): + resp = makeServiceResponse(logger, update) + + case strings.HasPrefix(update.CorrelationID, subMeshGateway): + // TODO(Peering): figure out how to sync this separately + + case update.CorrelationID == subCARoot: + resp = makeCARootsResponse(logger, update) + + default: + logger.Warn("unrecognized update type from subscription manager: " + update.CorrelationID) + continue + } + if resp == nil { + continue + } + logTraceSend(logger, resp) + if err := req.Stream.Send(resp); err != nil { + status.TrackSendError(err.Error()) + return fmt.Errorf("failed to push data for %q: %w", update.CorrelationID, err) + } + } + } +} + +func getTrustDomain(store StateStore, logger hclog.Logger) (string, error) { + _, cfg, err := store.CAConfig(nil) + switch { + case err != nil: + logger.Error("failed to read Connect CA Config", "error", err) + return "", grpcstatus.Error(codes.Internal, "failed to read Connect CA Config") + case cfg == nil: + logger.Warn("cannot begin stream because Connect CA is not yet initialized") + return "", grpcstatus.Error(codes.FailedPrecondition, "Connect CA is not yet initialized") + } + return connect.SpiffeIDSigningForCluster(cfg.ClusterID).Host(), nil +} + +func (s *Server) StreamStatus(peer string) (resp Status, found bool) { + return s.Tracker.StreamStatus(peer) +} + +// ConnectedStreams returns a map of connected stream IDs to the corresponding channel for tearing them down. +func (s *Server) ConnectedStreams() map[string]chan struct{} { + return s.Tracker.ConnectedStreams() +} + +func logTraceRecv(logger hclog.Logger, pb proto.Message) { + logTraceProto(logger, pb, true) +} + +func logTraceSend(logger hclog.Logger, pb proto.Message) { + logTraceProto(logger, pb, false) +} + +func logTraceProto(logger hclog.Logger, pb proto.Message, received bool) { + if !logger.IsTrace() { + return + } + + dir := "sent" + if received { + dir = "received" + } + + m := jsonpb.Marshaler{ + Indent: " ", + } + out, err := m.MarshalToString(pb) + if err != nil { + out = "" + } + + logger.Trace("replication message", "direction", dir, "protobuf", out) +} diff --git a/agent/rpc/peering/stream_test.go b/agent/grpc/public/services/peerstream/stream_test.go similarity index 78% rename from agent/rpc/peering/stream_test.go rename to agent/grpc/public/services/peerstream/stream_test.go index 84b750723..7366f4213 100644 --- a/agent/rpc/peering/stream_test.go +++ b/agent/grpc/public/services/peerstream/stream_test.go @@ -1,10 +1,14 @@ -package peering +package peerstream + +// TODO: rename this file to replication_test.go import ( "context" "fmt" "io" + "net" "sort" + "sync" "testing" "time" @@ -26,34 +30,24 @@ import ( "github.com/hashicorp/consul/lib" "github.com/hashicorp/consul/proto/pbcommon" "github.com/hashicorp/consul/proto/pbpeering" + "github.com/hashicorp/consul/proto/pbpeerstream" "github.com/hashicorp/consul/proto/pbservice" "github.com/hashicorp/consul/proto/pbstatus" "github.com/hashicorp/consul/proto/prototest" + "github.com/hashicorp/consul/sdk/freeport" "github.com/hashicorp/consul/sdk/testutil" "github.com/hashicorp/consul/sdk/testutil/retry" "github.com/hashicorp/consul/types" ) func TestStreamResources_Server_Follower(t *testing.T) { - publisher := stream.NewEventPublisher(10 * time.Second) - store := newStateStore(t, publisher) - - srv := NewService( - testutil.Logger(t), - Config{ - Datacenter: "dc1", - ConnectEnabled: true, - }, - &testStreamBackend{ - store: store, - pub: publisher, - leader: func() bool { - return false - }, - leaderAddress: &leaderAddress{ - addr: "expected:address", - }, - }) + srv, _ := newTestServer(t, func(c *Config) { + backend := c.Backend.(*testStreamBackend) + backend.leader = func() bool { + return false + } + backend.leaderAddr = "expected:address" + }) client := NewMockClient(context.Background()) @@ -81,39 +75,27 @@ func TestStreamResources_Server_Follower(t *testing.T) { deets := st.Details() // expect a LeaderAddress message - exp := []interface{}{&pbpeering.LeaderAddress{Address: "expected:address"}} + exp := []interface{}{&pbpeerstream.LeaderAddress{Address: "expected:address"}} prototest.AssertDeepEqual(t, exp, deets) } // TestStreamResources_Server_LeaderBecomesFollower simulates a srv that is a leader when the // subscription request is sent but loses leadership status for subsequent messages. func TestStreamResources_Server_LeaderBecomesFollower(t *testing.T) { - publisher := stream.NewEventPublisher(10 * time.Second) - store := newStateStore(t, publisher) + srv, store := newTestServer(t, func(c *Config) { + backend := c.Backend.(*testStreamBackend) - first := true - leaderFunc := func() bool { - if first { - first = false - return true + first := true + backend.leader = func() bool { + if first { + first = false + return true + } + return false } - return false - } - srv := NewService( - testutil.Logger(t), - Config{ - Datacenter: "dc1", - ConnectEnabled: true, - }, - &testStreamBackend{ - store: store, - pub: publisher, - leader: leaderFunc, - leaderAddress: &leaderAddress{ - addr: "expected:address", - }, - }) + backend.leaderAddr = "expected:address" + }) client := NewMockClient(context.Background()) @@ -134,11 +116,11 @@ func TestStreamResources_Server_LeaderBecomesFollower(t *testing.T) { _, _ = writeInitialRootsAndCA(t, store) // Receive a subscription from a peer - sub := &pbpeering.ReplicationMessage{ - Payload: &pbpeering.ReplicationMessage_Request_{ - Request: &pbpeering.ReplicationMessage_Request{ + sub := &pbpeerstream.ReplicationMessage{ + Payload: &pbpeerstream.ReplicationMessage_Request_{ + Request: &pbpeerstream.ReplicationMessage_Request{ PeerID: peerID, - ResourceURL: pbpeering.TypeURLService, + ResourceURL: pbpeerstream.TypeURLService, }, }, } @@ -152,12 +134,12 @@ func TestStreamResources_Server_LeaderBecomesFollower(t *testing.T) { receiveRoots, err := client.Recv() require.NoError(t, err) require.NotNil(t, receiveRoots.GetResponse()) - require.Equal(t, pbpeering.TypeURLRoots, receiveRoots.GetResponse().ResourceURL) + require.Equal(t, pbpeerstream.TypeURLRoots, receiveRoots.GetResponse().ResourceURL) - input2 := &pbpeering.ReplicationMessage{ - Payload: &pbpeering.ReplicationMessage_Request_{ - Request: &pbpeering.ReplicationMessage_Request{ - ResourceURL: pbpeering.TypeURLService, + input2 := &pbpeerstream.ReplicationMessage{ + Payload: &pbpeerstream.ReplicationMessage_Request_{ + Request: &pbpeerstream.ReplicationMessage_Request{ + ResourceURL: pbpeerstream.TypeURLService, Nonce: "1", }, }, @@ -178,30 +160,19 @@ func TestStreamResources_Server_LeaderBecomesFollower(t *testing.T) { deets := st.Details() // expect a LeaderAddress message - exp := []interface{}{&pbpeering.LeaderAddress{Address: "expected:address"}} + exp := []interface{}{&pbpeerstream.LeaderAddress{Address: "expected:address"}} prototest.AssertDeepEqual(t, exp, deets) } func TestStreamResources_Server_FirstRequest(t *testing.T) { type testCase struct { name string - input *pbpeering.ReplicationMessage + input *pbpeerstream.ReplicationMessage wantErr error } run := func(t *testing.T, tc testCase) { - publisher := stream.NewEventPublisher(10 * time.Second) - store := newStateStore(t, publisher) - - srv := NewService( - testutil.Logger(t), - Config{ - Datacenter: "dc1", - ConnectEnabled: true, - }, &testStreamBackend{ - store: store, - pub: publisher, - }) + srv, _ := newTestServer(t, nil) client := NewMockClient(context.Background()) @@ -229,10 +200,10 @@ func TestStreamResources_Server_FirstRequest(t *testing.T) { tt := []testCase{ { name: "unexpected response", - input: &pbpeering.ReplicationMessage{ - Payload: &pbpeering.ReplicationMessage_Response_{ - Response: &pbpeering.ReplicationMessage_Response{ - ResourceURL: pbpeering.TypeURLService, + input: &pbpeerstream.ReplicationMessage{ + Payload: &pbpeerstream.ReplicationMessage_Response_{ + Response: &pbpeerstream.ReplicationMessage_Response{ + ResourceURL: pbpeerstream.TypeURLService, ResourceID: "api-service", Nonce: "2", }, @@ -242,18 +213,18 @@ func TestStreamResources_Server_FirstRequest(t *testing.T) { }, { name: "missing peer id", - input: &pbpeering.ReplicationMessage{ - Payload: &pbpeering.ReplicationMessage_Request_{ - Request: &pbpeering.ReplicationMessage_Request{}, + input: &pbpeerstream.ReplicationMessage{ + Payload: &pbpeerstream.ReplicationMessage_Request_{ + Request: &pbpeerstream.ReplicationMessage_Request{}, }, }, wantErr: status.Error(codes.InvalidArgument, "initial subscription request must specify a PeerID"), }, { name: "unexpected nonce", - input: &pbpeering.ReplicationMessage{ - Payload: &pbpeering.ReplicationMessage_Request_{ - Request: &pbpeering.ReplicationMessage_Request{ + input: &pbpeerstream.ReplicationMessage{ + Payload: &pbpeerstream.ReplicationMessage_Request_{ + Request: &pbpeerstream.ReplicationMessage_Request{ PeerID: "63b60245-c475-426b-b314-4588d210859d", Nonce: "1", }, @@ -263,9 +234,9 @@ func TestStreamResources_Server_FirstRequest(t *testing.T) { }, { name: "unknown resource", - input: &pbpeering.ReplicationMessage{ - Payload: &pbpeering.ReplicationMessage_Request_{ - Request: &pbpeering.ReplicationMessage_Request{ + input: &pbpeerstream.ReplicationMessage{ + Payload: &pbpeerstream.ReplicationMessage_Request_{ + Request: &pbpeerstream.ReplicationMessage_Request{ PeerID: "63b60245-c475-426b-b314-4588d210859d", ResourceURL: "nomad.Job", }, @@ -275,11 +246,11 @@ func TestStreamResources_Server_FirstRequest(t *testing.T) { }, { name: "unknown peer", - input: &pbpeering.ReplicationMessage{ - Payload: &pbpeering.ReplicationMessage_Request_{ - Request: &pbpeering.ReplicationMessage_Request{ + input: &pbpeerstream.ReplicationMessage{ + Payload: &pbpeerstream.ReplicationMessage_Request_{ + Request: &pbpeerstream.ReplicationMessage_Request{ PeerID: "63b60245-c475-426b-b314-4588d210859d", - ResourceURL: pbpeering.TypeURLService, + ResourceURL: pbpeerstream.TypeURLService, }, }, }, @@ -296,23 +267,13 @@ func TestStreamResources_Server_FirstRequest(t *testing.T) { } func TestStreamResources_Server_Terminate(t *testing.T) { - publisher := stream.NewEventPublisher(10 * time.Second) - store := newStateStore(t, publisher) - - srv := NewService( - testutil.Logger(t), - Config{ - Datacenter: "dc1", - ConnectEnabled: true, - }, &testStreamBackend{ - store: store, - pub: publisher, - }) - it := incrementalTime{ base: time.Date(2000, time.January, 1, 0, 0, 0, 0, time.UTC), } - srv.streams.timeNow = it.Now + + srv, store := newTestServer(t, func(c *Config) { + c.Tracker.SetClock(it.Now) + }) p := writeEstablishedPeering(t, store, 1, "my-peer") var ( @@ -331,7 +292,7 @@ func TestStreamResources_Server_Terminate(t *testing.T) { receiveRoots, err := client.Recv() require.NoError(t, err) require.NotNil(t, receiveRoots.GetResponse()) - require.Equal(t, pbpeering.TypeURLRoots, receiveRoots.GetResponse().ResourceURL) + require.Equal(t, pbpeerstream.TypeURLRoots, receiveRoots.GetResponse().ResourceURL) testutil.RunStep(t, "new stream gets tracked", func(t *testing.T) { retry.Run(t, func(r *retry.R) { @@ -353,32 +314,22 @@ func TestStreamResources_Server_Terminate(t *testing.T) { receivedTerm, err := client.Recv() require.NoError(t, err) - expect := &pbpeering.ReplicationMessage{ - Payload: &pbpeering.ReplicationMessage_Terminated_{ - Terminated: &pbpeering.ReplicationMessage_Terminated{}, + expect := &pbpeerstream.ReplicationMessage{ + Payload: &pbpeerstream.ReplicationMessage_Terminated_{ + Terminated: &pbpeerstream.ReplicationMessage_Terminated{}, }, } prototest.AssertDeepEqual(t, expect, receivedTerm) } func TestStreamResources_Server_StreamTracker(t *testing.T) { - publisher := stream.NewEventPublisher(10 * time.Second) - store := newStateStore(t, publisher) - - srv := NewService( - testutil.Logger(t), - Config{ - Datacenter: "dc1", - ConnectEnabled: true, - }, &testStreamBackend{ - store: store, - pub: publisher, - }) - it := incrementalTime{ base: time.Date(2000, time.January, 1, 0, 0, 0, 0, time.UTC), } - srv.streams.timeNow = it.Now + + srv, store := newTestServer(t, func(c *Config) { + c.Tracker.SetClock(it.Now) + }) // Set the initial roots and CA configuration. _, rootA := writeInitialRootsAndCA(t, store) @@ -403,11 +354,11 @@ func TestStreamResources_Server_StreamTracker(t *testing.T) { var lastSendSuccess time.Time testutil.RunStep(t, "ack tracked as success", func(t *testing.T) { - ack := &pbpeering.ReplicationMessage{ - Payload: &pbpeering.ReplicationMessage_Request_{ - Request: &pbpeering.ReplicationMessage_Request{ + ack := &pbpeerstream.ReplicationMessage{ + Payload: &pbpeerstream.ReplicationMessage_Request_{ + Request: &pbpeerstream.ReplicationMessage_Request{ PeerID: peerID, - ResourceURL: pbpeering.TypeURLService, + ResourceURL: pbpeerstream.TypeURLService, Nonce: "1", // Acks do not have an Error populated in the request @@ -420,7 +371,7 @@ func TestStreamResources_Server_StreamTracker(t *testing.T) { lastSendSuccess = it.base.Add(time.Duration(sequence) * time.Second).UTC() - expect := StreamStatus{ + expect := Status{ Connected: true, LastAck: lastSendSuccess, } @@ -436,11 +387,11 @@ func TestStreamResources_Server_StreamTracker(t *testing.T) { var lastNackMsg string testutil.RunStep(t, "nack tracked as error", func(t *testing.T) { - nack := &pbpeering.ReplicationMessage{ - Payload: &pbpeering.ReplicationMessage_Request_{ - Request: &pbpeering.ReplicationMessage_Request{ + nack := &pbpeerstream.ReplicationMessage{ + Payload: &pbpeerstream.ReplicationMessage_Request_{ + Request: &pbpeerstream.ReplicationMessage_Request{ PeerID: peerID, - ResourceURL: pbpeering.TypeURLService, + ResourceURL: pbpeerstream.TypeURLService, Nonce: "2", Error: &pbstatus.Status{ Code: int32(code.Code_UNAVAILABLE), @@ -456,7 +407,7 @@ func TestStreamResources_Server_StreamTracker(t *testing.T) { lastNackMsg = "client peer was unable to apply resource: bad bad not good" lastNack = it.base.Add(time.Duration(sequence) * time.Second).UTC() - expect := StreamStatus{ + expect := Status{ Connected: true, LastAck: lastSendSuccess, LastNack: lastNack, @@ -473,13 +424,13 @@ func TestStreamResources_Server_StreamTracker(t *testing.T) { var lastRecvSuccess time.Time testutil.RunStep(t, "response applied locally", func(t *testing.T) { - resp := &pbpeering.ReplicationMessage{ - Payload: &pbpeering.ReplicationMessage_Response_{ - Response: &pbpeering.ReplicationMessage_Response{ - ResourceURL: pbpeering.TypeURLService, + resp := &pbpeerstream.ReplicationMessage{ + Payload: &pbpeerstream.ReplicationMessage_Response_{ + Response: &pbpeerstream.ReplicationMessage_Response{ + ResourceURL: pbpeerstream.TypeURLService, ResourceID: "api", Nonce: "21", - Operation: pbpeering.ReplicationMessage_Response_UPSERT, + Operation: pbpeerstream.Operation_OPERATION_UPSERT, Resource: makeAnyPB(t, &pbservice.IndexedCheckServiceNodes{}), }, }, @@ -488,16 +439,16 @@ func TestStreamResources_Server_StreamTracker(t *testing.T) { require.NoError(t, err) sequence++ - expectRoots := &pbpeering.ReplicationMessage{ - Payload: &pbpeering.ReplicationMessage_Response_{ - Response: &pbpeering.ReplicationMessage_Response{ - ResourceURL: pbpeering.TypeURLRoots, + expectRoots := &pbpeerstream.ReplicationMessage{ + Payload: &pbpeerstream.ReplicationMessage_Response_{ + Response: &pbpeerstream.ReplicationMessage_Response{ + ResourceURL: pbpeerstream.TypeURLRoots, ResourceID: "roots", Resource: makeAnyPB(t, &pbpeering.PeeringTrustBundle{ TrustDomain: connect.TestTrustDomain, RootPEMs: []string{rootA.RootCert}, }), - Operation: pbpeering.ReplicationMessage_Response_UPSERT, + Operation: pbpeerstream.Operation_OPERATION_UPSERT, }, }, } @@ -509,10 +460,10 @@ func TestStreamResources_Server_StreamTracker(t *testing.T) { ack, err := client.Recv() require.NoError(t, err) - expectAck := &pbpeering.ReplicationMessage{ - Payload: &pbpeering.ReplicationMessage_Request_{ - Request: &pbpeering.ReplicationMessage_Request{ - ResourceURL: pbpeering.TypeURLService, + expectAck := &pbpeerstream.ReplicationMessage{ + Payload: &pbpeerstream.ReplicationMessage_Request_{ + Request: &pbpeerstream.ReplicationMessage_Request{ + ResourceURL: pbpeerstream.TypeURLService, Nonce: "21", }, }, @@ -521,7 +472,7 @@ func TestStreamResources_Server_StreamTracker(t *testing.T) { lastRecvSuccess = it.base.Add(time.Duration(sequence) * time.Second).UTC() - expect := StreamStatus{ + expect := Status{ Connected: true, LastAck: lastSendSuccess, LastNack: lastNack, @@ -540,15 +491,15 @@ func TestStreamResources_Server_StreamTracker(t *testing.T) { var lastRecvErrorMsg string testutil.RunStep(t, "response fails to apply locally", func(t *testing.T) { - resp := &pbpeering.ReplicationMessage{ - Payload: &pbpeering.ReplicationMessage_Response_{ - Response: &pbpeering.ReplicationMessage_Response{ - ResourceURL: pbpeering.TypeURLService, + resp := &pbpeerstream.ReplicationMessage{ + Payload: &pbpeerstream.ReplicationMessage_Response_{ + Response: &pbpeerstream.ReplicationMessage_Response{ + ResourceURL: pbpeerstream.TypeURLService, ResourceID: "web", Nonce: "24", // Unknown operation gets NACKed - Operation: pbpeering.ReplicationMessage_Response_Unknown, + Operation: pbpeerstream.Operation_OPERATION_UNSPECIFIED, }, }, } @@ -559,14 +510,14 @@ func TestStreamResources_Server_StreamTracker(t *testing.T) { ack, err := client.Recv() require.NoError(t, err) - expectNack := &pbpeering.ReplicationMessage{ - Payload: &pbpeering.ReplicationMessage_Request_{ - Request: &pbpeering.ReplicationMessage_Request{ - ResourceURL: pbpeering.TypeURLService, + expectNack := &pbpeerstream.ReplicationMessage{ + Payload: &pbpeerstream.ReplicationMessage_Request_{ + Request: &pbpeerstream.ReplicationMessage_Request{ + ResourceURL: pbpeerstream.TypeURLService, Nonce: "24", Error: &pbstatus.Status{ Code: int32(code.Code_INVALID_ARGUMENT), - Message: `unsupported operation: "Unknown"`, + Message: `unsupported operation: "OPERATION_UNSPECIFIED"`, }, }, }, @@ -574,9 +525,9 @@ func TestStreamResources_Server_StreamTracker(t *testing.T) { prototest.AssertDeepEqual(t, expectNack, ack) lastRecvError = it.base.Add(time.Duration(sequence) * time.Second).UTC() - lastRecvErrorMsg = `unsupported operation: "Unknown"` + lastRecvErrorMsg = `unsupported operation: "OPERATION_UNSPECIFIED"` - expect := StreamStatus{ + expect := Status{ Connected: true, LastAck: lastSendSuccess, LastNack: lastNack, @@ -602,7 +553,7 @@ func TestStreamResources_Server_StreamTracker(t *testing.T) { sequence++ disconnectTime := it.base.Add(time.Duration(sequence) * time.Second).UTC() - expect := StreamStatus{ + expect := Status{ Connected: false, LastAck: lastSendSuccess, LastNack: lastNack, @@ -622,8 +573,7 @@ func TestStreamResources_Server_StreamTracker(t *testing.T) { } func TestStreamResources_Server_ServiceUpdates(t *testing.T) { - publisher := stream.NewEventPublisher(10 * time.Second) - store := newStateStore(t, publisher) + srv, store := newTestServer(t, nil) // Create a peering var lastIdx uint64 = 1 @@ -632,15 +582,6 @@ func TestStreamResources_Server_ServiceUpdates(t *testing.T) { // Set the initial roots and CA configuration. _, _ = writeInitialRootsAndCA(t, store) - srv := NewService( - testutil.Logger(t), - Config{ - Datacenter: "dc1", - ConnectEnabled: true, - }, &testStreamBackend{ - store: store, - pub: publisher, - }) client := makeClient(t, srv, p.ID, p.PeerID) // Register a service that is not yet exported @@ -699,38 +640,38 @@ func TestStreamResources_Server_ServiceUpdates(t *testing.T) { require.NoError(t, store.EnsureConfigEntry(lastIdx, entry)) expectReplEvents(t, client, - func(t *testing.T, msg *pbpeering.ReplicationMessage) { - require.Equal(t, pbpeering.TypeURLRoots, msg.GetResponse().ResourceURL) + func(t *testing.T, msg *pbpeerstream.ReplicationMessage) { + require.Equal(t, pbpeerstream.TypeURLRoots, msg.GetResponse().ResourceURL) // Roots tested in TestStreamResources_Server_CARootUpdates }, - func(t *testing.T, msg *pbpeering.ReplicationMessage) { + func(t *testing.T, msg *pbpeerstream.ReplicationMessage) { // no mongo instances exist - require.Equal(t, pbpeering.TypeURLService, msg.GetResponse().ResourceURL) + require.Equal(t, pbpeerstream.TypeURLService, msg.GetResponse().ResourceURL) require.Equal(t, mongoSN, msg.GetResponse().ResourceID) - require.Equal(t, pbpeering.ReplicationMessage_Response_DELETE, msg.GetResponse().Operation) + require.Equal(t, pbpeerstream.Operation_OPERATION_DELETE, msg.GetResponse().Operation) require.Nil(t, msg.GetResponse().Resource) }, - func(t *testing.T, msg *pbpeering.ReplicationMessage) { + func(t *testing.T, msg *pbpeerstream.ReplicationMessage) { // proxies can't export because no mesh gateway exists yet - require.Equal(t, pbpeering.TypeURLService, msg.GetResponse().ResourceURL) + require.Equal(t, pbpeerstream.TypeURLService, msg.GetResponse().ResourceURL) require.Equal(t, mongoProxySN, msg.GetResponse().ResourceID) - require.Equal(t, pbpeering.ReplicationMessage_Response_DELETE, msg.GetResponse().Operation) + require.Equal(t, pbpeerstream.Operation_OPERATION_DELETE, msg.GetResponse().Operation) require.Nil(t, msg.GetResponse().Resource) }, - func(t *testing.T, msg *pbpeering.ReplicationMessage) { - require.Equal(t, pbpeering.TypeURLService, msg.GetResponse().ResourceURL) + func(t *testing.T, msg *pbpeerstream.ReplicationMessage) { + require.Equal(t, pbpeerstream.TypeURLService, msg.GetResponse().ResourceURL) require.Equal(t, mysqlSN, msg.GetResponse().ResourceID) - require.Equal(t, pbpeering.ReplicationMessage_Response_UPSERT, msg.GetResponse().Operation) + require.Equal(t, pbpeerstream.Operation_OPERATION_UPSERT, msg.GetResponse().Operation) var nodes pbservice.IndexedCheckServiceNodes require.NoError(t, ptypes.UnmarshalAny(msg.GetResponse().Resource, &nodes)) require.Len(t, nodes.Nodes, 1) }, - func(t *testing.T, msg *pbpeering.ReplicationMessage) { + func(t *testing.T, msg *pbpeerstream.ReplicationMessage) { // proxies can't export because no mesh gateway exists yet - require.Equal(t, pbpeering.TypeURLService, msg.GetResponse().ResourceURL) + require.Equal(t, pbpeerstream.TypeURLService, msg.GetResponse().ResourceURL) require.Equal(t, mysqlProxySN, msg.GetResponse().ResourceID) - require.Equal(t, pbpeering.ReplicationMessage_Response_DELETE, msg.GetResponse().Operation) + require.Equal(t, pbpeerstream.Operation_OPERATION_DELETE, msg.GetResponse().Operation) require.Nil(t, msg.GetResponse().Resource) }, ) @@ -749,10 +690,10 @@ func TestStreamResources_Server_ServiceUpdates(t *testing.T) { require.NoError(t, store.EnsureService(lastIdx, "mgw", gateway.Service)) expectReplEvents(t, client, - func(t *testing.T, msg *pbpeering.ReplicationMessage) { - require.Equal(t, pbpeering.TypeURLService, msg.GetResponse().ResourceURL) + func(t *testing.T, msg *pbpeerstream.ReplicationMessage) { + require.Equal(t, pbpeerstream.TypeURLService, msg.GetResponse().ResourceURL) require.Equal(t, mongoProxySN, msg.GetResponse().ResourceID) - require.Equal(t, pbpeering.ReplicationMessage_Response_UPSERT, msg.GetResponse().Operation) + require.Equal(t, pbpeerstream.Operation_OPERATION_UPSERT, msg.GetResponse().Operation) var nodes pbservice.IndexedCheckServiceNodes require.NoError(t, ptypes.UnmarshalAny(msg.GetResponse().Resource, &nodes)) @@ -766,10 +707,10 @@ func TestStreamResources_Server_ServiceUpdates(t *testing.T) { } require.Equal(t, spiffeIDs, pm.SpiffeID) }, - func(t *testing.T, msg *pbpeering.ReplicationMessage) { - require.Equal(t, pbpeering.TypeURLService, msg.GetResponse().ResourceURL) + func(t *testing.T, msg *pbpeerstream.ReplicationMessage) { + require.Equal(t, pbpeerstream.TypeURLService, msg.GetResponse().ResourceURL) require.Equal(t, mysqlProxySN, msg.GetResponse().ResourceID) - require.Equal(t, pbpeering.ReplicationMessage_Response_UPSERT, msg.GetResponse().Operation) + require.Equal(t, pbpeerstream.Operation_OPERATION_UPSERT, msg.GetResponse().Operation) var nodes pbservice.IndexedCheckServiceNodes require.NoError(t, ptypes.UnmarshalAny(msg.GetResponse().Resource, &nodes)) @@ -800,7 +741,7 @@ func TestStreamResources_Server_ServiceUpdates(t *testing.T) { retry.Run(t, func(r *retry.R) { msg, err := client.RecvWithTimeout(100 * time.Millisecond) require.NoError(r, err) - require.Equal(r, pbpeering.ReplicationMessage_Response_UPSERT, msg.GetResponse().Operation) + require.Equal(r, pbpeerstream.Operation_OPERATION_UPSERT, msg.GetResponse().Operation) require.Equal(r, mongo.Service.CompoundServiceName().String(), msg.GetResponse().ResourceID) var nodes pbservice.IndexedCheckServiceNodes @@ -832,7 +773,7 @@ func TestStreamResources_Server_ServiceUpdates(t *testing.T) { retry.Run(t, func(r *retry.R) { msg, err := client.RecvWithTimeout(100 * time.Millisecond) require.NoError(r, err) - require.Equal(r, pbpeering.ReplicationMessage_Response_DELETE, msg.GetResponse().Operation) + require.Equal(r, pbpeerstream.Operation_OPERATION_DELETE, msg.GetResponse().Operation) require.Equal(r, mysql.Service.CompoundServiceName().String(), msg.GetResponse().ResourceID) require.Nil(r, msg.GetResponse().Resource) }) @@ -846,7 +787,7 @@ func TestStreamResources_Server_ServiceUpdates(t *testing.T) { retry.Run(t, func(r *retry.R) { msg, err := client.RecvWithTimeout(100 * time.Millisecond) require.NoError(r, err) - require.Equal(r, pbpeering.ReplicationMessage_Response_DELETE, msg.GetResponse().Operation) + require.Equal(r, pbpeerstream.Operation_OPERATION_DELETE, msg.GetResponse().Operation) require.Equal(r, mongo.Service.CompoundServiceName().String(), msg.GetResponse().ResourceID) require.Nil(r, msg.GetResponse().Resource) }) @@ -854,24 +795,12 @@ func TestStreamResources_Server_ServiceUpdates(t *testing.T) { } func TestStreamResources_Server_CARootUpdates(t *testing.T) { - publisher := stream.NewEventPublisher(10 * time.Second) - - store := newStateStore(t, publisher) + srv, store := newTestServer(t, nil) // Create a peering var lastIdx uint64 = 1 p := writeEstablishedPeering(t, store, lastIdx, "my-peering") - srv := NewService( - testutil.Logger(t), - Config{ - Datacenter: "dc1", - ConnectEnabled: true, - }, &testStreamBackend{ - store: store, - pub: publisher, - }) - // Set the initial roots and CA configuration. clusterID, rootA := writeInitialRootsAndCA(t, store) @@ -879,10 +808,10 @@ func TestStreamResources_Server_CARootUpdates(t *testing.T) { testutil.RunStep(t, "initial CA Roots replication", func(t *testing.T) { expectReplEvents(t, client, - func(t *testing.T, msg *pbpeering.ReplicationMessage) { - require.Equal(t, pbpeering.TypeURLRoots, msg.GetResponse().ResourceURL) + func(t *testing.T, msg *pbpeerstream.ReplicationMessage) { + require.Equal(t, pbpeerstream.TypeURLRoots, msg.GetResponse().ResourceURL) require.Equal(t, "roots", msg.GetResponse().ResourceID) - require.Equal(t, pbpeering.ReplicationMessage_Response_UPSERT, msg.GetResponse().Operation) + require.Equal(t, pbpeerstream.Operation_OPERATION_UPSERT, msg.GetResponse().Operation) var trustBundle pbpeering.PeeringTrustBundle require.NoError(t, ptypes.UnmarshalAny(msg.GetResponse().Resource, &trustBundle)) @@ -908,10 +837,10 @@ func TestStreamResources_Server_CARootUpdates(t *testing.T) { require.NoError(t, err) expectReplEvents(t, client, - func(t *testing.T, msg *pbpeering.ReplicationMessage) { - require.Equal(t, pbpeering.TypeURLRoots, msg.GetResponse().ResourceURL) + func(t *testing.T, msg *pbpeerstream.ReplicationMessage) { + require.Equal(t, pbpeerstream.TypeURLRoots, msg.GetResponse().ResourceURL) require.Equal(t, "roots", msg.GetResponse().ResourceID) - require.Equal(t, pbpeering.ReplicationMessage_Response_UPSERT, msg.GetResponse().Operation) + require.Equal(t, pbpeerstream.Operation_OPERATION_UPSERT, msg.GetResponse().Operation) var trustBundle pbpeering.PeeringTrustBundle require.NoError(t, ptypes.UnmarshalAny(msg.GetResponse().Resource, &trustBundle)) @@ -928,7 +857,7 @@ func TestStreamResources_Server_CARootUpdates(t *testing.T) { // message handshake. func makeClient( t *testing.T, - srv pbpeering.PeeringServiceServer, + srv pbpeerstream.PeerStreamServiceServer, peerID string, remotePeerID string, ) *MockClient { @@ -948,11 +877,11 @@ func makeClient( }() // Issue a services subscription to server - init := &pbpeering.ReplicationMessage{ - Payload: &pbpeering.ReplicationMessage_Request_{ - Request: &pbpeering.ReplicationMessage_Request{ + init := &pbpeerstream.ReplicationMessage{ + Payload: &pbpeerstream.ReplicationMessage_Request_{ + Request: &pbpeerstream.ReplicationMessage_Request{ PeerID: peerID, - ResourceURL: pbpeering.TypeURLService, + ResourceURL: pbpeerstream.TypeURLService, }, }, } @@ -962,10 +891,10 @@ func makeClient( receivedSub, err := client.Recv() require.NoError(t, err) - expect := &pbpeering.ReplicationMessage{ - Payload: &pbpeering.ReplicationMessage_Request_{ - Request: &pbpeering.ReplicationMessage_Request{ - ResourceURL: pbpeering.TypeURLService, + expect := &pbpeerstream.ReplicationMessage{ + Payload: &pbpeerstream.ReplicationMessage_Request_{ + Request: &pbpeerstream.ReplicationMessage_Request{ + ResourceURL: pbpeerstream.TypeURLService, PeerID: remotePeerID, }, }, @@ -976,30 +905,15 @@ func makeClient( } type testStreamBackend struct { - pub state.EventPublisher - store *state.Store - applier *testApplier - leader func() bool - leaderAddress *leaderAddress + pub state.EventPublisher + store *state.Store + leader func() bool + + leaderAddrLock sync.Mutex + leaderAddr string } -var _ LeaderAddress = (*leaderAddress)(nil) - -type leaderAddress struct { - addr string -} - -func (l *leaderAddress) Set(addr string) { - // noop -} - -func (l *leaderAddress) Get() string { - return l.addr -} - -func (b *testStreamBackend) LeaderAddress() LeaderAddress { - return b.leaderAddress -} +var _ Backend = (*testStreamBackend)(nil) func (b *testStreamBackend) IsLeader() bool { if b.leader != nil { @@ -1008,91 +922,47 @@ func (b *testStreamBackend) IsLeader() bool { return true } +func (b *testStreamBackend) SetLeaderAddress(addr string) { + b.leaderAddrLock.Lock() + defer b.leaderAddrLock.Unlock() + b.leaderAddr = addr +} + +func (b *testStreamBackend) GetLeaderAddress() string { + b.leaderAddrLock.Lock() + defer b.leaderAddrLock.Unlock() + return b.leaderAddr +} + func (b *testStreamBackend) Subscribe(req *stream.SubscribeRequest) (*stream.Subscription, error) { return b.pub.Subscribe(req) } -func (b *testStreamBackend) Store() Store { - return b.store -} - -func (b *testStreamBackend) Forward(info structs.RPCInfo, f func(conn *grpc.ClientConn) error) (handled bool, err error) { - return true, nil -} - -func (b *testStreamBackend) GetAgentCACertificates() ([]string, error) { - return []string{}, nil -} - -func (b *testStreamBackend) GetServerAddresses() ([]string, error) { - return []string{}, nil -} - -func (b *testStreamBackend) GetServerName() string { - return "" -} - -func (b *testStreamBackend) EncodeToken(tok *structs.PeeringToken) ([]byte, error) { - return nil, nil -} - -func (b *testStreamBackend) DecodeToken([]byte) (*structs.PeeringToken, error) { - return nil, nil -} - -func (b *testStreamBackend) EnterpriseCheckPartitions(_ string) error { - return nil -} - -func (b *testStreamBackend) EnterpriseCheckNamespaces(_ string) error { - return nil -} - -func (b *testStreamBackend) Apply() Apply { - return b.applier -} - -type testApplier struct { - store *state.Store -} - -func (a *testApplier) CheckPeeringUUID(id string) (bool, error) { +func (b *testStreamBackend) PeeringTerminateByID(req *pbpeering.PeeringTerminateByIDRequest) error { panic("not implemented") } -func (a *testApplier) PeeringWrite(req *pbpeering.PeeringWriteRequest) error { - panic("not implemented") -} - -func (a *testApplier) PeeringDelete(req *pbpeering.PeeringDeleteRequest) error { - panic("not implemented") -} - -func (a *testApplier) PeeringTerminateByID(req *pbpeering.PeeringTerminateByIDRequest) error { - panic("not implemented") -} - -func (a *testApplier) PeeringTrustBundleWrite(req *pbpeering.PeeringTrustBundleWriteRequest) error { +func (b *testStreamBackend) PeeringTrustBundleWrite(req *pbpeering.PeeringTrustBundleWriteRequest) error { panic("not implemented") } // CatalogRegister mocks catalog registrations through Raft by copying the logic of FSM.applyRegister. -func (a *testApplier) CatalogRegister(req *structs.RegisterRequest) error { - return a.store.EnsureRegistration(1, req) +func (b *testStreamBackend) CatalogRegister(req *structs.RegisterRequest) error { + return b.store.EnsureRegistration(1, req) } // CatalogDeregister mocks catalog de-registrations through Raft by copying the logic of FSM.applyDeregister. -func (a *testApplier) CatalogDeregister(req *structs.DeregisterRequest) error { +func (b *testStreamBackend) CatalogDeregister(req *structs.DeregisterRequest) error { if req.ServiceID != "" { - if err := a.store.DeleteService(1, req.Node, req.ServiceID, &req.EnterpriseMeta, req.PeerName); err != nil { + if err := b.store.DeleteService(1, req.Node, req.ServiceID, &req.EnterpriseMeta, req.PeerName); err != nil { return err } } else if req.CheckID != "" { - if err := a.store.DeleteCheck(1, req.Node, req.CheckID, &req.EnterpriseMeta, req.PeerName); err != nil { + if err := b.store.DeleteCheck(1, req.Node, req.CheckID, &req.EnterpriseMeta, req.PeerName); err != nil { return err } } else { - if err := a.store.DeleteNode(1, req.Node, &req.EnterpriseMeta, req.PeerName); err != nil { + if err := b.store.DeleteNode(1, req.Node, &req.EnterpriseMeta, req.PeerName); err != nil { return err } } @@ -1102,23 +972,12 @@ func (a *testApplier) CatalogDeregister(req *structs.DeregisterRequest) error { func Test_processResponse_Validation(t *testing.T) { type testCase struct { name string - in *pbpeering.ReplicationMessage_Response - expect *pbpeering.ReplicationMessage + in *pbpeerstream.ReplicationMessage_Response + expect *pbpeerstream.ReplicationMessage wantErr bool } - publisher := stream.NewEventPublisher(10 * time.Second) - store := newStateStore(t, publisher) - - srv := NewService( - testutil.Logger(t), - Config{ - Datacenter: "dc1", - ConnectEnabled: true, - }, &testStreamBackend{ - store: store, - pub: publisher, - }) + srv, _ := newTestServer(t, nil) run := func(t *testing.T, tc testCase) { reply, err := srv.processResponse("", "", tc.in) @@ -1133,17 +992,17 @@ func Test_processResponse_Validation(t *testing.T) { tt := []testCase{ { name: "valid upsert", - in: &pbpeering.ReplicationMessage_Response{ - ResourceURL: pbpeering.TypeURLService, + in: &pbpeerstream.ReplicationMessage_Response{ + ResourceURL: pbpeerstream.TypeURLService, ResourceID: "api", Nonce: "1", - Operation: pbpeering.ReplicationMessage_Response_UPSERT, + Operation: pbpeerstream.Operation_OPERATION_UPSERT, Resource: makeAnyPB(t, &pbservice.IndexedCheckServiceNodes{}), }, - expect: &pbpeering.ReplicationMessage{ - Payload: &pbpeering.ReplicationMessage_Request_{ - Request: &pbpeering.ReplicationMessage_Request{ - ResourceURL: pbpeering.TypeURLService, + expect: &pbpeerstream.ReplicationMessage{ + Payload: &pbpeerstream.ReplicationMessage_Request_{ + Request: &pbpeerstream.ReplicationMessage_Request{ + ResourceURL: pbpeerstream.TypeURLService, Nonce: "1", }, }, @@ -1152,16 +1011,16 @@ func Test_processResponse_Validation(t *testing.T) { }, { name: "valid delete", - in: &pbpeering.ReplicationMessage_Response{ - ResourceURL: pbpeering.TypeURLService, + in: &pbpeerstream.ReplicationMessage_Response{ + ResourceURL: pbpeerstream.TypeURLService, ResourceID: "api", Nonce: "1", - Operation: pbpeering.ReplicationMessage_Response_DELETE, + Operation: pbpeerstream.Operation_OPERATION_DELETE, }, - expect: &pbpeering.ReplicationMessage{ - Payload: &pbpeering.ReplicationMessage_Request_{ - Request: &pbpeering.ReplicationMessage_Request{ - ResourceURL: pbpeering.TypeURLService, + expect: &pbpeerstream.ReplicationMessage{ + Payload: &pbpeerstream.ReplicationMessage_Request_{ + Request: &pbpeerstream.ReplicationMessage_Request{ + ResourceURL: pbpeerstream.TypeURLService, Nonce: "1", }, }, @@ -1170,14 +1029,14 @@ func Test_processResponse_Validation(t *testing.T) { }, { name: "invalid resource url", - in: &pbpeering.ReplicationMessage_Response{ + in: &pbpeerstream.ReplicationMessage_Response{ ResourceURL: "nomad.Job", Nonce: "1", - Operation: pbpeering.ReplicationMessage_Response_Unknown, + Operation: pbpeerstream.Operation_OPERATION_UNSPECIFIED, }, - expect: &pbpeering.ReplicationMessage{ - Payload: &pbpeering.ReplicationMessage_Request_{ - Request: &pbpeering.ReplicationMessage_Request{ + expect: &pbpeerstream.ReplicationMessage{ + Payload: &pbpeerstream.ReplicationMessage_Request_{ + Request: &pbpeerstream.ReplicationMessage_Request{ ResourceURL: "nomad.Job", Nonce: "1", Error: &pbstatus.Status{ @@ -1191,19 +1050,19 @@ func Test_processResponse_Validation(t *testing.T) { }, { name: "unknown operation", - in: &pbpeering.ReplicationMessage_Response{ - ResourceURL: pbpeering.TypeURLService, + in: &pbpeerstream.ReplicationMessage_Response{ + ResourceURL: pbpeerstream.TypeURLService, Nonce: "1", - Operation: pbpeering.ReplicationMessage_Response_Unknown, + Operation: pbpeerstream.Operation_OPERATION_UNSPECIFIED, }, - expect: &pbpeering.ReplicationMessage{ - Payload: &pbpeering.ReplicationMessage_Request_{ - Request: &pbpeering.ReplicationMessage_Request{ - ResourceURL: pbpeering.TypeURLService, + expect: &pbpeerstream.ReplicationMessage{ + Payload: &pbpeerstream.ReplicationMessage_Request_{ + Request: &pbpeerstream.ReplicationMessage_Request{ + ResourceURL: pbpeerstream.TypeURLService, Nonce: "1", Error: &pbstatus.Status{ Code: int32(code.Code_INVALID_ARGUMENT), - Message: `unsupported operation: "Unknown"`, + Message: `unsupported operation: "OPERATION_UNSPECIFIED"`, }, }, }, @@ -1212,15 +1071,15 @@ func Test_processResponse_Validation(t *testing.T) { }, { name: "out of range operation", - in: &pbpeering.ReplicationMessage_Response{ - ResourceURL: pbpeering.TypeURLService, + in: &pbpeerstream.ReplicationMessage_Response{ + ResourceURL: pbpeerstream.TypeURLService, Nonce: "1", - Operation: pbpeering.ReplicationMessage_Response_Operation(100000), + Operation: pbpeerstream.Operation(100000), }, - expect: &pbpeering.ReplicationMessage{ - Payload: &pbpeering.ReplicationMessage_Request_{ - Request: &pbpeering.ReplicationMessage_Request{ - ResourceURL: pbpeering.TypeURLService, + expect: &pbpeerstream.ReplicationMessage{ + Payload: &pbpeerstream.ReplicationMessage_Request_{ + Request: &pbpeerstream.ReplicationMessage_Request{ + ResourceURL: pbpeerstream.TypeURLService, Nonce: "1", Error: &pbstatus.Status{ Code: int32(code.Code_INVALID_ARGUMENT), @@ -1277,7 +1136,7 @@ func makeAnyPB(t *testing.T, pb proto.Message) *any.Any { return any } -func expectReplEvents(t *testing.T, client *MockClient, checkFns ...func(t *testing.T, got *pbpeering.ReplicationMessage)) { +func expectReplEvents(t *testing.T, client *MockClient, checkFns ...func(t *testing.T, got *pbpeerstream.ReplicationMessage)) { t.Helper() num := len(checkFns) @@ -1296,7 +1155,7 @@ func expectReplEvents(t *testing.T, client *MockClient, checkFns ...func(t *test const timeout = 10 * time.Second - var out []*pbpeering.ReplicationMessage + var out []*pbpeerstream.ReplicationMessage for len(out) < num { msg, err := client.RecvWithTimeout(timeout) if err == io.EOF && msg == nil { @@ -1322,14 +1181,14 @@ func expectReplEvents(t *testing.T, client *MockClient, checkFns ...func(t *test } switch a.GetPayload().(type) { - case *pbpeering.ReplicationMessage_Request_: + case *pbpeerstream.ReplicationMessage_Request_: reqA, reqB := a.GetRequest(), b.GetRequest() if reqA.ResourceURL != reqB.ResourceURL { return reqA.ResourceURL < reqB.ResourceURL } return reqA.Nonce < reqB.Nonce - case *pbpeering.ReplicationMessage_Response_: + case *pbpeerstream.ReplicationMessage_Response_: respA, respB := a.GetResponse(), b.GetResponse() if respA.ResourceURL != respB.ResourceURL { return respA.ResourceURL < respB.ResourceURL @@ -1339,7 +1198,7 @@ func expectReplEvents(t *testing.T, client *MockClient, checkFns ...func(t *test } return respA.Nonce < respB.Nonce - case *pbpeering.ReplicationMessage_Terminated_: + case *pbpeerstream.ReplicationMessage_Terminated_: return false default: @@ -1353,24 +1212,12 @@ func expectReplEvents(t *testing.T, client *MockClient, checkFns ...func(t *test } func TestHandleUpdateService(t *testing.T) { - publisher := stream.NewEventPublisher(10 * time.Second) - store := newStateStore(t, publisher) - - srv := NewService( - testutil.Logger(t), - Config{ - Datacenter: "dc1", - ConnectEnabled: true, - }, - &testStreamBackend{ - store: store, - applier: &testApplier{store: store}, - pub: publisher, - leader: func() bool { - return false - }, - }, - ) + srv, _ := newTestServer(t, func(c *Config) { + backend := c.Backend.(*testStreamBackend) + backend.leader = func() bool { + return false + } + }) type testCase struct { name string @@ -1390,7 +1237,7 @@ func TestHandleUpdateService(t *testing.T) { run := func(t *testing.T, tc testCase) { // Seed the local catalog with some data to reconcile against. for _, reg := range tc.seed { - require.NoError(t, srv.Backend.Apply().CatalogRegister(reg)) + require.NoError(t, srv.Backend.CatalogRegister(reg)) } // Simulate an update arriving for billing/api. @@ -1398,7 +1245,7 @@ func TestHandleUpdateService(t *testing.T) { for svc, expect := range tc.expect { t.Run(svc, func(t *testing.T) { - _, got, err := srv.Backend.Store().CheckServiceNodes(nil, svc, &defaultMeta, peerName) + _, got, err := srv.GetStore().CheckServiceNodes(nil, svc, &defaultMeta, peerName) require.NoError(t, err) requireEqualInstances(t, expect, got) }) @@ -2202,8 +2049,59 @@ func requireEqualInstances(t *testing.T, expect, got structs.CheckServiceNodes) } } +type testServer struct { + *Server +} + +func newTestServer(t *testing.T, configFn func(c *Config)) (*testServer, *state.Store) { + publisher := stream.NewEventPublisher(10 * time.Second) + store := newStateStore(t, publisher) + + ports := freeport.GetN(t, 1) // {grpc} + + cfg := Config{ + Backend: &testStreamBackend{ + store: store, + pub: publisher, + }, + Tracker: NewTracker(), + GetStore: func() StateStore { return store }, + Logger: testutil.Logger(t), + ACLResolver: nil, // TODO(peering): add something for acl testing + Datacenter: "dc1", + ConnectEnabled: true, + } + if configFn != nil { + configFn(&cfg) + } + + grpcServer := grpc.NewServer() + + srv := NewServer(cfg) + srv.Register(grpcServer) + + var ( + grpcPort = ports[0] + grpcAddr = fmt.Sprintf("127.0.0.1:%d", grpcPort) + ) + ln, err := net.Listen("tcp", grpcAddr) + require.NoError(t, err) + go func() { + _ = grpcServer.Serve(ln) + }() + t.Cleanup(grpcServer.Stop) + + return &testServer{ + Server: srv, + }, store +} + func testUUID(t *testing.T) string { v, err := lib.GenerateUUID(nil) require.NoError(t, err) return v } + +func noopForwardRPC(structs.RPCInfo, func(*grpc.ClientConn) error) (bool, error) { + return false, nil +} diff --git a/agent/rpc/peering/stream_tracker.go b/agent/grpc/public/services/peerstream/stream_tracker.go similarity index 66% rename from agent/rpc/peering/stream_tracker.go rename to agent/grpc/public/services/peerstream/stream_tracker.go index af2cbe1c2..5ec0f7ebf 100644 --- a/agent/rpc/peering/stream_tracker.go +++ b/agent/grpc/public/services/peerstream/stream_tracker.go @@ -1,4 +1,4 @@ -package peering +package peerstream import ( "fmt" @@ -6,86 +6,94 @@ import ( "time" ) -// streamTracker contains a map of (PeerID -> StreamStatus). +// Tracker contains a map of (PeerID -> Status). // As streams are opened and closed we track details about their status. -type streamTracker struct { +type Tracker struct { mu sync.RWMutex - streams map[string]*lockableStreamStatus + streams map[string]*MutableStatus // timeNow is a shim for testing. timeNow func() time.Time } -func newStreamTracker() *streamTracker { - return &streamTracker{ - streams: make(map[string]*lockableStreamStatus), +func NewTracker() *Tracker { + return &Tracker{ + streams: make(map[string]*MutableStatus), timeNow: time.Now, } } -// connected registers a stream for a given peer, and marks it as connected. +func (t *Tracker) SetClock(clock func() time.Time) { + if clock == nil { + t.timeNow = time.Now + } else { + t.timeNow = clock + } +} + +// Connected registers a stream for a given peer, and marks it as connected. // It also enforces that there is only one active stream for a peer. -func (t *streamTracker) connected(id string) (*lockableStreamStatus, error) { +func (t *Tracker) Connected(id string) (*MutableStatus, error) { t.mu.Lock() defer t.mu.Unlock() status, ok := t.streams[id] if !ok { - status = newLockableStreamStatus(t.timeNow) + status = newMutableStatus(t.timeNow) t.streams[id] = status return status, nil } - if status.connected() { + if status.IsConnected() { return nil, fmt.Errorf("there is an active stream for the given PeerID %q", id) } - status.trackConnected() + status.TrackConnected() return status, nil } -// disconnected ensures that if a peer id's stream status is tracked, it is marked as disconnected. -func (t *streamTracker) disconnected(id string) { +// Disconnected ensures that if a peer id's stream status is tracked, it is marked as disconnected. +func (t *Tracker) Disconnected(id string) { t.mu.Lock() defer t.mu.Unlock() if status, ok := t.streams[id]; ok { - status.trackDisconnected() + status.TrackDisconnected() } } -func (t *streamTracker) streamStatus(id string) (resp StreamStatus, found bool) { +func (t *Tracker) StreamStatus(id string) (resp Status, found bool) { t.mu.RLock() defer t.mu.RUnlock() s, ok := t.streams[id] if !ok { - return StreamStatus{}, false + return Status{}, false } - return s.status(), true + return s.GetStatus(), true } -func (t *streamTracker) connectedStreams() map[string]chan struct{} { +func (t *Tracker) ConnectedStreams() map[string]chan struct{} { t.mu.RLock() defer t.mu.RUnlock() resp := make(map[string]chan struct{}) for peer, status := range t.streams { - if status.connected() { + if status.IsConnected() { resp[peer] = status.doneCh } } return resp } -func (t *streamTracker) deleteStatus(id string) { +func (t *Tracker) DeleteStatus(id string) { t.mu.Lock() defer t.mu.Unlock() delete(t.streams, id) } -type lockableStreamStatus struct { +type MutableStatus struct { mu sync.RWMutex // timeNow is a shim for testing. @@ -95,12 +103,12 @@ type lockableStreamStatus struct { // to the peer before the stream's context is cancelled. doneCh chan struct{} - StreamStatus + Status } -// StreamStatus contains information about the replication stream to a peer cluster. +// Status contains information about the replication stream to a peer cluster. // TODO(peering): There's a lot of fields here... -type StreamStatus struct { +type Status struct { // Connected is true when there is an open stream for the peer. Connected bool @@ -136,9 +144,9 @@ type StreamStatus struct { LastReceiveErrorMessage string } -func newLockableStreamStatus(now func() time.Time) *lockableStreamStatus { - return &lockableStreamStatus{ - StreamStatus: StreamStatus{ +func newMutableStatus(now func() time.Time) *MutableStatus { + return &MutableStatus{ + Status: Status{ Connected: true, }, timeNow: now, @@ -146,54 +154,58 @@ func newLockableStreamStatus(now func() time.Time) *lockableStreamStatus { } } -func (s *lockableStreamStatus) trackAck() { +func (s *MutableStatus) Done() <-chan struct{} { + return s.doneCh +} + +func (s *MutableStatus) TrackAck() { s.mu.Lock() s.LastAck = s.timeNow().UTC() s.mu.Unlock() } -func (s *lockableStreamStatus) trackSendError(error string) { +func (s *MutableStatus) TrackSendError(error string) { s.mu.Lock() s.LastSendError = s.timeNow().UTC() s.LastSendErrorMessage = error s.mu.Unlock() } -func (s *lockableStreamStatus) trackReceiveSuccess() { +func (s *MutableStatus) TrackReceiveSuccess() { s.mu.Lock() s.LastReceiveSuccess = s.timeNow().UTC() s.mu.Unlock() } -func (s *lockableStreamStatus) trackReceiveError(error string) { +func (s *MutableStatus) TrackReceiveError(error string) { s.mu.Lock() s.LastReceiveError = s.timeNow().UTC() s.LastReceiveErrorMessage = error s.mu.Unlock() } -func (s *lockableStreamStatus) trackNack(msg string) { +func (s *MutableStatus) TrackNack(msg string) { s.mu.Lock() s.LastNack = s.timeNow().UTC() s.LastNackMessage = msg s.mu.Unlock() } -func (s *lockableStreamStatus) trackConnected() { +func (s *MutableStatus) TrackConnected() { s.mu.Lock() s.Connected = true s.DisconnectTime = time.Time{} s.mu.Unlock() } -func (s *lockableStreamStatus) trackDisconnected() { +func (s *MutableStatus) TrackDisconnected() { s.mu.Lock() s.Connected = false s.DisconnectTime = s.timeNow().UTC() s.mu.Unlock() } -func (s *lockableStreamStatus) connected() bool { +func (s *MutableStatus) IsConnected() bool { var resp bool s.mu.RLock() @@ -203,9 +215,9 @@ func (s *lockableStreamStatus) connected() bool { return resp } -func (s *lockableStreamStatus) status() StreamStatus { +func (s *MutableStatus) GetStatus() Status { s.mu.RLock() - copy := s.StreamStatus + copy := s.Status s.mu.RUnlock() return copy diff --git a/agent/rpc/peering/stream_tracker_test.go b/agent/grpc/public/services/peerstream/stream_tracker_test.go similarity index 68% rename from agent/rpc/peering/stream_tracker_test.go rename to agent/grpc/public/services/peerstream/stream_tracker_test.go index d6b49ef91..a698ccc6f 100644 --- a/agent/rpc/peering/stream_tracker_test.go +++ b/agent/grpc/public/services/peerstream/stream_tracker_test.go @@ -1,16 +1,17 @@ -package peering +package peerstream import ( "sort" "testing" "time" - "github.com/hashicorp/consul/sdk/testutil" "github.com/stretchr/testify/require" + + "github.com/hashicorp/consul/sdk/testutil" ) -func TestStreamTracker_EnsureConnectedDisconnected(t *testing.T) { - tracker := newStreamTracker() +func TestTracker_EnsureConnectedDisconnected(t *testing.T) { + tracker := NewTracker() peerID := "63b60245-c475-426b-b314-4588d210859d" it := incrementalTime{ @@ -19,25 +20,25 @@ func TestStreamTracker_EnsureConnectedDisconnected(t *testing.T) { tracker.timeNow = it.Now var ( - statusPtr *lockableStreamStatus + statusPtr *MutableStatus err error ) testutil.RunStep(t, "new stream", func(t *testing.T) { - statusPtr, err = tracker.connected(peerID) + statusPtr, err = tracker.Connected(peerID) require.NoError(t, err) - expect := StreamStatus{ + expect := Status{ Connected: true, } - status, ok := tracker.streamStatus(peerID) + status, ok := tracker.StreamStatus(peerID) require.True(t, ok) require.Equal(t, expect, status) }) testutil.RunStep(t, "duplicate gets rejected", func(t *testing.T) { - _, err := tracker.connected(peerID) + _, err := tracker.Connected(peerID) require.Error(t, err) require.Contains(t, err.Error(), `there is an active stream for the given PeerID "63b60245-c475-426b-b314-4588d210859d"`) }) @@ -46,14 +47,14 @@ func TestStreamTracker_EnsureConnectedDisconnected(t *testing.T) { var lastSuccess time.Time testutil.RunStep(t, "stream updated", func(t *testing.T) { - statusPtr.trackAck() + statusPtr.TrackAck() sequence++ - status, ok := tracker.streamStatus(peerID) + status, ok := tracker.StreamStatus(peerID) require.True(t, ok) lastSuccess = it.base.Add(time.Duration(sequence) * time.Second).UTC() - expect := StreamStatus{ + expect := Status{ Connected: true, LastAck: lastSuccess, } @@ -61,58 +62,58 @@ func TestStreamTracker_EnsureConnectedDisconnected(t *testing.T) { }) testutil.RunStep(t, "disconnect", func(t *testing.T) { - tracker.disconnected(peerID) + tracker.Disconnected(peerID) sequence++ - expect := StreamStatus{ + expect := Status{ Connected: false, DisconnectTime: it.base.Add(time.Duration(sequence) * time.Second).UTC(), LastAck: lastSuccess, } - status, ok := tracker.streamStatus(peerID) + status, ok := tracker.StreamStatus(peerID) require.True(t, ok) require.Equal(t, expect, status) }) testutil.RunStep(t, "re-connect", func(t *testing.T) { - _, err := tracker.connected(peerID) + _, err := tracker.Connected(peerID) require.NoError(t, err) - expect := StreamStatus{ + expect := Status{ Connected: true, LastAck: lastSuccess, // DisconnectTime gets cleared on re-connect. } - status, ok := tracker.streamStatus(peerID) + status, ok := tracker.StreamStatus(peerID) require.True(t, ok) require.Equal(t, expect, status) }) testutil.RunStep(t, "delete", func(t *testing.T) { - tracker.deleteStatus(peerID) + tracker.DeleteStatus(peerID) - status, ok := tracker.streamStatus(peerID) + status, ok := tracker.StreamStatus(peerID) require.False(t, ok) require.Zero(t, status) }) } -func TestStreamTracker_connectedStreams(t *testing.T) { +func TestTracker_connectedStreams(t *testing.T) { type testCase struct { name string - setup func(t *testing.T, s *streamTracker) + setup func(t *testing.T, s *Tracker) expect []string } run := func(t *testing.T, tc testCase) { - tracker := newStreamTracker() + tracker := NewTracker() if tc.setup != nil { tc.setup(t, tracker) } - streams := tracker.connectedStreams() + streams := tracker.ConnectedStreams() var keys []string for key := range streams { @@ -130,25 +131,25 @@ func TestStreamTracker_connectedStreams(t *testing.T) { }, { name: "all streams active", - setup: func(t *testing.T, s *streamTracker) { - _, err := s.connected("foo") + setup: func(t *testing.T, s *Tracker) { + _, err := s.Connected("foo") require.NoError(t, err) - _, err = s.connected("bar") + _, err = s.Connected("bar") require.NoError(t, err) }, expect: []string{"bar", "foo"}, }, { name: "mixed active and inactive", - setup: func(t *testing.T, s *streamTracker) { - status, err := s.connected("foo") + setup: func(t *testing.T, s *Tracker) { + status, err := s.Connected("foo") require.NoError(t, err) // Mark foo as disconnected to avoid showing it as an active stream - status.trackDisconnected() + status.TrackDisconnected() - _, err = s.connected("bar") + _, err = s.Connected("bar") require.NoError(t, err) }, expect: []string{"bar"}, diff --git a/agent/rpc/peering/subscription_blocking.go b/agent/grpc/public/services/peerstream/subscription_blocking.go similarity index 91% rename from agent/rpc/peering/subscription_blocking.go rename to agent/grpc/public/services/peerstream/subscription_blocking.go index c8f771e8b..c2720dcdb 100644 --- a/agent/rpc/peering/subscription_blocking.go +++ b/agent/grpc/public/services/peerstream/subscription_blocking.go @@ -1,4 +1,4 @@ -package peering +package peerstream import ( "context" @@ -21,7 +21,7 @@ import ( func (m *subscriptionManager) notifyExportedServicesForPeerID(ctx context.Context, state *subscriptionState, peerID string) { // syncSubscriptionsAndBlock ensures that the subscriptions to the subscription backend // match the list of services exported to the peer. - m.syncViaBlockingQuery(ctx, "exported-services", func(ctx context.Context, store Store, ws memdb.WatchSet) (interface{}, error) { + m.syncViaBlockingQuery(ctx, "exported-services", func(ctx context.Context, store StateStore, ws memdb.WatchSet) (interface{}, error) { // Get exported services for peer id _, list, err := store.ExportedServicesForPeer(ws, peerID, m.config.Datacenter) if err != nil { @@ -34,7 +34,7 @@ func (m *subscriptionManager) notifyExportedServicesForPeerID(ctx context.Contex // TODO: add a new streaming subscription type to list-by-kind-and-partition since we're getting evictions func (m *subscriptionManager) notifyMeshGatewaysForPartition(ctx context.Context, state *subscriptionState, partition string) { - m.syncViaBlockingQuery(ctx, "mesh-gateways", func(ctx context.Context, store Store, ws memdb.WatchSet) (interface{}, error) { + m.syncViaBlockingQuery(ctx, "mesh-gateways", func(ctx context.Context, store StateStore, ws memdb.WatchSet) (interface{}, error) { // Fetch our current list of all mesh gateways. entMeta := structs.DefaultEnterpriseMetaInPartition(partition) idx, nodes, err := store.ServiceDump(ws, structs.ServiceKindMeshGateway, true, entMeta, structs.DefaultPeerKeyword) @@ -61,7 +61,7 @@ func (m *subscriptionManager) notifyMeshGatewaysForPartition(ctx context.Context func (m *subscriptionManager) syncViaBlockingQuery( ctx context.Context, queryType string, - queryFn func(ctx context.Context, store Store, ws memdb.WatchSet) (interface{}, error), + queryFn func(ctx context.Context, store StateStore, ws memdb.WatchSet) (interface{}, error), correlationID string, updateCh chan<- cache.UpdateEvent, ) { @@ -77,7 +77,7 @@ func (m *subscriptionManager) syncViaBlockingQuery( logger = m.logger.With("queryType", queryType) } - store := m.backend.Store() + store := m.getStore() for { ws := memdb.NewWatchSet() diff --git a/agent/rpc/peering/subscription_manager.go b/agent/grpc/public/services/peerstream/subscription_manager.go similarity index 99% rename from agent/rpc/peering/subscription_manager.go rename to agent/grpc/public/services/peerstream/subscription_manager.go index 9dfa135b5..70813e845 100644 --- a/agent/rpc/peering/subscription_manager.go +++ b/agent/grpc/public/services/peerstream/subscription_manager.go @@ -1,4 +1,4 @@ -package peering +package peerstream import ( "context" @@ -29,7 +29,6 @@ type MaterializedViewStore interface { type SubscriptionBackend interface { Subscriber - Store() Store } // subscriptionManager handlers requests to subscribe to events from an events publisher. @@ -39,6 +38,7 @@ type subscriptionManager struct { trustDomain string viewStore MaterializedViewStore backend SubscriptionBackend + getStore func() StateStore } // TODO(peering): Maybe centralize so that there is a single manager per datacenter, rather than per peering. @@ -48,6 +48,7 @@ func newSubscriptionManager( config Config, trustDomain string, backend SubscriptionBackend, + getStore func() StateStore, ) *subscriptionManager { logger = logger.Named("subscriptions") store := submatview.NewStore(logger.Named("viewstore")) @@ -59,6 +60,7 @@ func newSubscriptionManager( trustDomain: trustDomain, viewStore: store, backend: backend, + getStore: getStore, } } @@ -347,7 +349,7 @@ func (m *subscriptionManager) subscribeCARoots( // following a snapshot restore) reset idx to ensure we don't skip over the // new store's events. select { - case <-m.backend.Store().AbandonCh(): + case <-m.getStore().AbandonCh(): idx = 0 default: } diff --git a/agent/rpc/peering/subscription_manager_test.go b/agent/grpc/public/services/peerstream/subscription_manager_test.go similarity index 99% rename from agent/rpc/peering/subscription_manager_test.go rename to agent/grpc/public/services/peerstream/subscription_manager_test.go index 58e00f078..8e555d3f5 100644 --- a/agent/rpc/peering/subscription_manager_test.go +++ b/agent/grpc/public/services/peerstream/subscription_manager_test.go @@ -1,4 +1,4 @@ -package peering +package peerstream import ( "context" @@ -35,7 +35,9 @@ func TestSubscriptionManager_RegisterDeregister(t *testing.T) { mgr := newSubscriptionManager(ctx, testutil.Logger(t), Config{ Datacenter: "dc1", ConnectEnabled: true, - }, connect.TestTrustDomain, backend) + }, connect.TestTrustDomain, backend, func() StateStore { + return backend.store + }) subCh := mgr.subscribe(ctx, id, "my-peering", partition) var ( @@ -479,7 +481,9 @@ func TestSubscriptionManager_InitialSnapshot(t *testing.T) { mgr := newSubscriptionManager(ctx, testutil.Logger(t), Config{ Datacenter: "dc1", ConnectEnabled: true, - }, connect.TestTrustDomain, backend) + }, connect.TestTrustDomain, backend, func() StateStore { + return backend.store + }) subCh := mgr.subscribe(ctx, id, "my-peering", partition) // Register two services that are not yet exported @@ -606,7 +610,9 @@ func TestSubscriptionManager_CARoots(t *testing.T) { mgr := newSubscriptionManager(ctx, testutil.Logger(t), Config{ Datacenter: "dc1", ConnectEnabled: true, - }, connect.TestTrustDomain, backend) + }, connect.TestTrustDomain, backend, func() StateStore { + return backend.store + }) subCh := mgr.subscribe(ctx, id, "my-peering", partition) testutil.RunStep(t, "initial events contain trust bundle", func(t *testing.T) { @@ -682,10 +688,6 @@ func newTestSubscriptionBackend(t *testing.T) *testSubscriptionBackend { return backend } -func (b *testSubscriptionBackend) Store() Store { - return b.store -} - func (b *testSubscriptionBackend) ensurePeering(t *testing.T, name string) (uint64, string) { b.lastIdx++ return b.lastIdx, setupTestPeering(t, b.store, name, b.lastIdx) diff --git a/agent/rpc/peering/subscription_state.go b/agent/grpc/public/services/peerstream/subscription_state.go similarity index 99% rename from agent/rpc/peering/subscription_state.go rename to agent/grpc/public/services/peerstream/subscription_state.go index dfb6942e2..58e631f70 100644 --- a/agent/rpc/peering/subscription_state.go +++ b/agent/grpc/public/services/peerstream/subscription_state.go @@ -1,4 +1,4 @@ -package peering +package peerstream import ( "context" diff --git a/agent/rpc/peering/subscription_state_test.go b/agent/grpc/public/services/peerstream/subscription_state_test.go similarity index 99% rename from agent/rpc/peering/subscription_state_test.go rename to agent/grpc/public/services/peerstream/subscription_state_test.go index e94459ac6..b1846da5f 100644 --- a/agent/rpc/peering/subscription_state_test.go +++ b/agent/grpc/public/services/peerstream/subscription_state_test.go @@ -1,4 +1,4 @@ -package peering +package peerstream import ( "context" diff --git a/agent/rpc/peering/subscription_view.go b/agent/grpc/public/services/peerstream/subscription_view.go similarity index 99% rename from agent/rpc/peering/subscription_view.go rename to agent/grpc/public/services/peerstream/subscription_view.go index 7b6f9583c..d8b17c76a 100644 --- a/agent/rpc/peering/subscription_view.go +++ b/agent/grpc/public/services/peerstream/subscription_view.go @@ -1,4 +1,4 @@ -package peering +package peerstream import ( "fmt" diff --git a/agent/rpc/peering/subscription_view_test.go b/agent/grpc/public/services/peerstream/subscription_view_test.go similarity index 99% rename from agent/rpc/peering/subscription_view_test.go rename to agent/grpc/public/services/peerstream/subscription_view_test.go index ae90c19ae..c96b19bb2 100644 --- a/agent/rpc/peering/subscription_view_test.go +++ b/agent/grpc/public/services/peerstream/subscription_view_test.go @@ -1,4 +1,4 @@ -package peering +package peerstream import ( "context" diff --git a/agent/grpc/public/services/peerstream/testing.go b/agent/grpc/public/services/peerstream/testing.go new file mode 100644 index 000000000..939c38dfa --- /dev/null +++ b/agent/grpc/public/services/peerstream/testing.go @@ -0,0 +1,128 @@ +package peerstream + +import ( + "context" + "io" + "sync" + "time" + + "google.golang.org/grpc/metadata" + + "github.com/hashicorp/consul/proto/pbpeerstream" +) + +type MockClient struct { + mu sync.Mutex + + ErrCh chan error + ReplicationStream *MockStream +} + +func (c *MockClient) Send(r *pbpeerstream.ReplicationMessage) error { + c.ReplicationStream.recvCh <- r + return nil +} + +func (c *MockClient) Recv() (*pbpeerstream.ReplicationMessage, error) { + select { + case err := <-c.ErrCh: + return nil, err + case r := <-c.ReplicationStream.sendCh: + return r, nil + case <-time.After(10 * time.Millisecond): + return nil, io.EOF + } +} + +func (c *MockClient) RecvWithTimeout(dur time.Duration) (*pbpeerstream.ReplicationMessage, error) { + select { + case err := <-c.ErrCh: + return nil, err + case r := <-c.ReplicationStream.sendCh: + return r, nil + case <-time.After(dur): + return nil, io.EOF + } +} + +func (c *MockClient) Close() { + close(c.ReplicationStream.recvCh) +} + +func NewMockClient(ctx context.Context) *MockClient { + return &MockClient{ + ReplicationStream: newTestReplicationStream(ctx), + } +} + +// MockStream mocks peering.PeeringService_StreamResourcesServer +type MockStream struct { + sendCh chan *pbpeerstream.ReplicationMessage + recvCh chan *pbpeerstream.ReplicationMessage + + ctx context.Context + mu sync.Mutex +} + +var _ pbpeerstream.PeerStreamService_StreamResourcesServer = (*MockStream)(nil) + +func newTestReplicationStream(ctx context.Context) *MockStream { + return &MockStream{ + sendCh: make(chan *pbpeerstream.ReplicationMessage, 1), + recvCh: make(chan *pbpeerstream.ReplicationMessage, 1), + ctx: ctx, + } +} + +// Send implements pbpeerstream.PeeringService_StreamResourcesServer +func (s *MockStream) Send(r *pbpeerstream.ReplicationMessage) error { + s.sendCh <- r + return nil +} + +// Recv implements pbpeerstream.PeeringService_StreamResourcesServer +func (s *MockStream) Recv() (*pbpeerstream.ReplicationMessage, error) { + r := <-s.recvCh + if r == nil { + return nil, io.EOF + } + return r, nil +} + +// Context implements grpc.ServerStream and grpc.ClientStream +func (s *MockStream) Context() context.Context { + return s.ctx +} + +// SendMsg implements grpc.ServerStream and grpc.ClientStream +func (s *MockStream) SendMsg(m interface{}) error { + return nil +} + +// RecvMsg implements grpc.ServerStream and grpc.ClientStream +func (s *MockStream) RecvMsg(m interface{}) error { + return nil +} + +// SetHeader implements grpc.ServerStream +func (s *MockStream) SetHeader(metadata.MD) error { + return nil +} + +// SendHeader implements grpc.ServerStream +func (s *MockStream) SendHeader(metadata.MD) error { + return nil +} + +// SetTrailer implements grpc.ServerStream +func (s *MockStream) SetTrailer(metadata.MD) {} + +type incrementalTime struct { + base time.Time + next uint64 +} + +func (t *incrementalTime) Now() time.Time { + t.next++ + return t.base.Add(time.Duration(t.next) * time.Second) +} diff --git a/agent/peering_endpoint_test.go b/agent/peering_endpoint_test.go index b9aee1ab4..545e4f5ec 100644 --- a/agent/peering_endpoint_test.go +++ b/agent/peering_endpoint_test.go @@ -107,7 +107,7 @@ func TestHTTP_Peering_GenerateToken(t *testing.T) { require.NoError(t, json.Unmarshal(tokenJSON, &token)) require.Nil(t, token.CA) - require.Equal(t, []string{fmt.Sprintf("127.0.0.1:%d", a.config.ServerPort)}, token.ServerAddresses) + require.Equal(t, []string{fmt.Sprintf("127.0.0.1:%d", a.config.GRPCPort)}, token.ServerAddresses) require.Equal(t, "server.dc1.consul", token.ServerName) // The PeerID in the token is randomly generated so we don't assert on its value. diff --git a/agent/rpc/peering/service.go b/agent/rpc/peering/service.go index 3720ec135..e4d5c2a4e 100644 --- a/agent/rpc/peering/service.go +++ b/agent/rpc/peering/service.go @@ -4,25 +4,21 @@ import ( "context" "errors" "fmt" - "io" "strings" "time" "github.com/armon/go-metrics" - "github.com/golang/protobuf/jsonpb" - "github.com/golang/protobuf/proto" "github.com/hashicorp/go-hclog" "github.com/hashicorp/go-memdb" - "google.golang.org/genproto/googleapis/rpc/code" "google.golang.org/grpc" "google.golang.org/grpc/codes" grpcstatus "google.golang.org/grpc/status" "github.com/hashicorp/consul/acl" - "github.com/hashicorp/consul/agent/connect" "github.com/hashicorp/consul/agent/consul/state" "github.com/hashicorp/consul/agent/consul/stream" "github.com/hashicorp/consul/agent/dns" + "github.com/hashicorp/consul/agent/grpc/public/services/peerstream" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/lib" "github.com/hashicorp/consul/proto/pbpeering" @@ -46,30 +42,45 @@ func (e *errPeeringInvalidServerAddress) Error() string { return fmt.Sprintf("%s is not a valid peering server address", e.addr) } +// Server implements pbpeering.PeeringService to provide RPC operations for +// managing peering relationships. +type Server struct { + Config +} + type Config struct { + Backend Backend + Tracker *peerstream.Tracker + Logger hclog.Logger + ForwardRPC func(structs.RPCInfo, func(*grpc.ClientConn) error) (bool, error) Datacenter string ConnectEnabled bool } -// Service implements pbpeering.PeeringService to provide RPC operations for -// managing peering relationships. -type Service struct { - Backend Backend - logger hclog.Logger - config Config - streams *streamTracker -} - -func NewService(logger hclog.Logger, cfg Config, backend Backend) *Service { - return &Service{ - Backend: backend, - logger: logger, - config: cfg, - streams: newStreamTracker(), +func NewServer(cfg Config) *Server { + requireNotNil(cfg.Backend, "Backend") + requireNotNil(cfg.Tracker, "Tracker") + requireNotNil(cfg.Logger, "Logger") + requireNotNil(cfg.ForwardRPC, "ForwardRPC") + if cfg.Datacenter == "" { + panic("Datacenter is required") + } + return &Server{ + Config: cfg, } } -var _ pbpeering.PeeringServiceServer = (*Service)(nil) +func requireNotNil(v interface{}, name string) { + if v == nil { + panic(name + " is required") + } +} + +var _ pbpeering.PeeringServiceServer = (*Server)(nil) + +func (s *Server) Register(grpcServer *grpc.Server) { + pbpeering.RegisterPeeringServiceServer(grpcServer, s) +} // Backend defines the core integrations the Peering endpoint depends on. A // functional implementation will integrate with various subcomponents of Consul @@ -77,9 +88,6 @@ var _ pbpeering.PeeringServiceServer = (*Service)(nil) // providing access to CA data and the RPC system for forwarding requests to // other servers. type Backend interface { - // Forward should forward the request to the leader when necessary. - Forward(info structs.RPCInfo, f func(*grpc.ClientConn) error) (handled bool, err error) - // GetAgentCACertificates returns the CA certificate to be returned in the peering token data GetAgentCACertificates() ([]string, error) @@ -105,22 +113,19 @@ type Backend interface { // IsLeader indicates whether the consul server is in a leader state or not. IsLeader() bool + // SetLeaderAddress is called on a raft.LeaderObservation in a go routine + // in the consul server; see trackLeaderChanges() + SetLeaderAddress(string) + + // GetLeaderAddress provides the best hint for the current address of the + // leader. There is no guarantee that this is the actual address of the + // leader. + GetLeaderAddress() string + + CheckPeeringUUID(id string) (bool, error) + PeeringWrite(req *pbpeering.PeeringWriteRequest) error + Store() Store - Apply() Apply - LeaderAddress() LeaderAddress -} - -// LeaderAddress provides a way for the consul server to update the peering service about -// the server's leadership status. -// Server addresses should look like: ip:port -type LeaderAddress interface { - // Set is called on a raft.LeaderObservation in a go routine in the consul server; - // see trackLeaderChanges() - Set(leaderAddr string) - - // Get provides the best hint for the current address of the leader. - // There is no guarantee that this is the actual address of the leader. - Get() string } // Store provides a read-only interface for querying Peering data. @@ -130,29 +135,13 @@ type Store interface { PeeringList(ws memdb.WatchSet, entMeta acl.EnterpriseMeta) (uint64, []*pbpeering.Peering, error) PeeringTrustBundleRead(ws memdb.WatchSet, q state.Query) (uint64, *pbpeering.PeeringTrustBundle, error) PeeringTrustBundleList(ws memdb.WatchSet, entMeta acl.EnterpriseMeta) (uint64, []*pbpeering.PeeringTrustBundle, error) - ExportedServicesForPeer(ws memdb.WatchSet, peerID, dc string) (uint64, *structs.ExportedServiceList, error) - ServiceDump(ws memdb.WatchSet, kind structs.ServiceKind, useKind bool, entMeta *acl.EnterpriseMeta, peerName string) (uint64, structs.CheckServiceNodes, error) - CheckServiceNodes(ws memdb.WatchSet, serviceName string, entMeta *acl.EnterpriseMeta, peerName string) (uint64, structs.CheckServiceNodes, error) - NodeServices(ws memdb.WatchSet, nodeNameOrID string, entMeta *acl.EnterpriseMeta, peerName string) (uint64, *structs.NodeServices, error) - CAConfig(ws memdb.WatchSet) (uint64, *structs.CAConfiguration, error) TrustBundleListByService(ws memdb.WatchSet, service, dc string, entMeta acl.EnterpriseMeta) (uint64, []*pbpeering.PeeringTrustBundle, error) - AbandonCh() <-chan struct{} -} - -// Apply provides a write-only interface for persisting Peering data. -type Apply interface { - CheckPeeringUUID(id string) (bool, error) - PeeringWrite(req *pbpeering.PeeringWriteRequest) error - PeeringTerminateByID(req *pbpeering.PeeringTerminateByIDRequest) error - PeeringTrustBundleWrite(req *pbpeering.PeeringTrustBundleWriteRequest) error - CatalogRegister(req *structs.RegisterRequest) error - CatalogDeregister(req *structs.DeregisterRequest) error } // GenerateToken implements the PeeringService RPC method to generate a // peering token which is the initial step in establishing a peering relationship // with other Consul clusters. -func (s *Service) GenerateToken( +func (s *Server) GenerateToken( ctx context.Context, req *pbpeering.GenerateTokenRequest, ) (*pbpeering.GenerateTokenResponse, error) { @@ -172,7 +161,7 @@ func (s *Service) GenerateToken( // TODO(peering): add tracing resp := &pbpeering.GenerateTokenResponse{} - handled, err := s.Backend.Forward(req, func(conn *grpc.ClientConn) error { + handled, err := s.ForwardRPC(req, func(conn *grpc.ClientConn) error { var err error resp, err = pbpeering.NewPeeringServiceClient(conn).GenerateToken(ctx, req) return err @@ -207,7 +196,7 @@ RETRY_ONCE: Meta: req.Meta, }, } - if err := s.Backend.Apply().PeeringWrite(&writeReq); err != nil { + if err := s.Backend.PeeringWrite(&writeReq); err != nil { // There's a possible race where two servers call Generate Token at the // same time with the same peer name for the first time. They both // generate an ID and try to insert and only one wins. This detects the @@ -251,7 +240,7 @@ RETRY_ONCE: // Establish implements the PeeringService RPC method to finalize peering // registration. Given a valid token output from a peer's GenerateToken endpoint, // a peering is registered. -func (s *Service) Establish( +func (s *Server) Establish( ctx context.Context, req *pbpeering.EstablishRequest, ) (*pbpeering.EstablishResponse, error) { @@ -272,7 +261,7 @@ func (s *Service) Establish( } resp := &pbpeering.EstablishResponse{} - handled, err := s.Backend.Forward(req, func(conn *grpc.ClientConn) error { + handled, err := s.ForwardRPC(req, func(conn *grpc.ClientConn) error { var err error resp, err = pbpeering.NewPeeringServiceClient(conn).Establish(ctx, req) return err @@ -312,20 +301,20 @@ func (s *Service) Establish( State: pbpeering.PeeringState_ESTABLISHING, }, } - if err = s.Backend.Apply().PeeringWrite(writeReq); err != nil { + if err = s.Backend.PeeringWrite(writeReq); err != nil { return nil, fmt.Errorf("failed to write peering: %w", err) } // resp.Status == 0 return resp, nil } -func (s *Service) PeeringRead(ctx context.Context, req *pbpeering.PeeringReadRequest) (*pbpeering.PeeringReadResponse, error) { +func (s *Server) PeeringRead(ctx context.Context, req *pbpeering.PeeringReadRequest) (*pbpeering.PeeringReadResponse, error) { if err := s.Backend.EnterpriseCheckPartitions(req.Partition); err != nil { return nil, grpcstatus.Error(codes.InvalidArgument, err.Error()) } var resp *pbpeering.PeeringReadResponse - handled, err := s.Backend.Forward(req, func(conn *grpc.ClientConn) error { + handled, err := s.ForwardRPC(req, func(conn *grpc.ClientConn) error { var err error resp, err = pbpeering.NewPeeringServiceClient(conn).PeeringRead(ctx, req) return err @@ -352,13 +341,13 @@ func (s *Service) PeeringRead(ctx context.Context, req *pbpeering.PeeringReadReq return &pbpeering.PeeringReadResponse{Peering: cp}, nil } -func (s *Service) PeeringList(ctx context.Context, req *pbpeering.PeeringListRequest) (*pbpeering.PeeringListResponse, error) { +func (s *Server) PeeringList(ctx context.Context, req *pbpeering.PeeringListRequest) (*pbpeering.PeeringListResponse, error) { if err := s.Backend.EnterpriseCheckPartitions(req.Partition); err != nil { return nil, grpcstatus.Error(codes.InvalidArgument, err.Error()) } var resp *pbpeering.PeeringListResponse - handled, err := s.Backend.Forward(req, func(conn *grpc.ClientConn) error { + handled, err := s.ForwardRPC(req, func(conn *grpc.ClientConn) error { var err error resp, err = pbpeering.NewPeeringServiceClient(conn).PeeringList(ctx, req) return err @@ -388,8 +377,8 @@ func (s *Service) PeeringList(ctx context.Context, req *pbpeering.PeeringListReq // TODO(peering): Maybe get rid of this when actually monitoring the stream health // reconciledStreamStateHint peaks into the streamTracker and determines whether a peering should be marked // as PeeringState.Active or not -func (s *Service) reconciledStreamStateHint(pID string, pState pbpeering.PeeringState) pbpeering.PeeringState { - streamState, found := s.streams.streamStatus(pID) +func (s *Server) reconciledStreamStateHint(pID string, pState pbpeering.PeeringState) pbpeering.PeeringState { + streamState, found := s.Tracker.StreamStatus(pID) if found && streamState.Connected { return pbpeering.PeeringState_ACTIVE @@ -401,13 +390,13 @@ func (s *Service) reconciledStreamStateHint(pID string, pState pbpeering.Peering // TODO(peering): As of writing, this method is only used in tests to set up Peerings in the state store. // Consider removing if we can find another way to populate state store in peering_endpoint_test.go -func (s *Service) PeeringWrite(ctx context.Context, req *pbpeering.PeeringWriteRequest) (*pbpeering.PeeringWriteResponse, error) { +func (s *Server) PeeringWrite(ctx context.Context, req *pbpeering.PeeringWriteRequest) (*pbpeering.PeeringWriteResponse, error) { if err := s.Backend.EnterpriseCheckPartitions(req.Peering.Partition); err != nil { return nil, grpcstatus.Error(codes.InvalidArgument, err.Error()) } var resp *pbpeering.PeeringWriteResponse - handled, err := s.Backend.Forward(req, func(conn *grpc.ClientConn) error { + handled, err := s.ForwardRPC(req, func(conn *grpc.ClientConn) error { var err error resp, err = pbpeering.NewPeeringServiceClient(conn).PeeringWrite(ctx, req) return err @@ -430,20 +419,20 @@ func (s *Service) PeeringWrite(ctx context.Context, req *pbpeering.PeeringWriteR req.Peering.ID = id // TODO(peering): handle blocking queries - err = s.Backend.Apply().PeeringWrite(req) + err = s.Backend.PeeringWrite(req) if err != nil { return nil, err } return &pbpeering.PeeringWriteResponse{}, nil } -func (s *Service) PeeringDelete(ctx context.Context, req *pbpeering.PeeringDeleteRequest) (*pbpeering.PeeringDeleteResponse, error) { +func (s *Server) PeeringDelete(ctx context.Context, req *pbpeering.PeeringDeleteRequest) (*pbpeering.PeeringDeleteResponse, error) { if err := s.Backend.EnterpriseCheckPartitions(req.Partition); err != nil { return nil, grpcstatus.Error(codes.InvalidArgument, err.Error()) } var resp *pbpeering.PeeringDeleteResponse - handled, err := s.Backend.Forward(req, func(conn *grpc.ClientConn) error { + handled, err := s.ForwardRPC(req, func(conn *grpc.ClientConn) error { var err error resp, err = pbpeering.NewPeeringServiceClient(conn).PeeringDelete(ctx, req) return err @@ -486,20 +475,20 @@ func (s *Service) PeeringDelete(ctx context.Context, req *pbpeering.PeeringDelet DeletedAt: structs.TimeToProto(time.Now().UTC()), }, } - err = s.Backend.Apply().PeeringWrite(writeReq) + err = s.Backend.PeeringWrite(writeReq) if err != nil { return nil, err } return &pbpeering.PeeringDeleteResponse{}, nil } -func (s *Service) TrustBundleRead(ctx context.Context, req *pbpeering.TrustBundleReadRequest) (*pbpeering.TrustBundleReadResponse, error) { +func (s *Server) TrustBundleRead(ctx context.Context, req *pbpeering.TrustBundleReadRequest) (*pbpeering.TrustBundleReadResponse, error) { if err := s.Backend.EnterpriseCheckPartitions(req.Partition); err != nil { return nil, grpcstatus.Error(codes.InvalidArgument, err.Error()) } var resp *pbpeering.TrustBundleReadResponse - handled, err := s.Backend.Forward(req, func(conn *grpc.ClientConn) error { + handled, err := s.ForwardRPC(req, func(conn *grpc.ClientConn) error { var err error resp, err = pbpeering.NewPeeringServiceClient(conn).TrustBundleRead(ctx, req) return err @@ -528,7 +517,7 @@ func (s *Service) TrustBundleRead(ctx context.Context, req *pbpeering.TrustBundl } // TODO(peering): rename rpc & request/response to drop the "service" part -func (s *Service) TrustBundleListByService(ctx context.Context, req *pbpeering.TrustBundleListByServiceRequest) (*pbpeering.TrustBundleListByServiceResponse, error) { +func (s *Server) TrustBundleListByService(ctx context.Context, req *pbpeering.TrustBundleListByServiceRequest) (*pbpeering.TrustBundleListByServiceResponse, error) { if err := s.Backend.EnterpriseCheckPartitions(req.Partition); err != nil { return nil, grpcstatus.Error(codes.InvalidArgument, err.Error()) } @@ -537,7 +526,7 @@ func (s *Service) TrustBundleListByService(ctx context.Context, req *pbpeering.T } var resp *pbpeering.TrustBundleListByServiceResponse - handled, err := s.Backend.Forward(req, func(conn *grpc.ClientConn) error { + handled, err := s.ForwardRPC(req, func(conn *grpc.ClientConn) error { var err error resp, err = pbpeering.NewPeeringServiceClient(conn).TrustBundleListByService(ctx, req) return err @@ -560,7 +549,7 @@ func (s *Service) TrustBundleListByService(ctx context.Context, req *pbpeering.T switch { case req.ServiceName != "": - idx, bundles, err = s.Backend.Store().TrustBundleListByService(nil, req.ServiceName, s.config.Datacenter, entMeta) + idx, bundles, err = s.Backend.Store().TrustBundleListByService(nil, req.ServiceName, s.Datacenter, entMeta) case req.Kind == string(structs.ServiceKindMeshGateway): idx, bundles, err = s.Backend.Store().PeeringTrustBundleList(nil, entMeta) case req.Kind != "": @@ -575,332 +564,7 @@ func (s *Service) TrustBundleListByService(ctx context.Context, req *pbpeering.T return &pbpeering.TrustBundleListByServiceResponse{Index: idx, Bundles: bundles}, nil } -type BidirectionalStream interface { - Send(*pbpeering.ReplicationMessage) error - Recv() (*pbpeering.ReplicationMessage, error) - Context() context.Context -} - -// StreamResources handles incoming streaming connections. -func (s *Service) StreamResources(stream pbpeering.PeeringService_StreamResourcesServer) error { - if !s.Backend.IsLeader() { - // we are not the leader so we will hang up on the dialer - - s.logger.Error("cannot establish a peering stream on a follower node") - - st, err := grpcstatus.New(codes.FailedPrecondition, - "cannot establish a peering stream on a follower node").WithDetails( - &pbpeering.LeaderAddress{Address: s.Backend.LeaderAddress().Get()}) - if err != nil { - s.logger.Error(fmt.Sprintf("failed to marshal the leader address in response; err: %v", err)) - return grpcstatus.Error(codes.FailedPrecondition, "cannot establish a peering stream on a follower node") - } else { - return st.Err() - } - } - - // Initial message on a new stream must be a new subscription request. - first, err := stream.Recv() - if err != nil { - s.logger.Error("failed to establish stream", "error", err) - return err - } - - // TODO(peering) Make request contain a list of resources, so that roots and services can be - // subscribed to with a single request. See: - // https://github.com/envoyproxy/data-plane-api/blob/main/envoy/service/discovery/v3/discovery.proto#L46 - req := first.GetRequest() - if req == nil { - return grpcstatus.Error(codes.InvalidArgument, "first message when initiating a peering must be a subscription request") - } - s.logger.Trace("received initial replication request from peer") - logTraceRecv(s.logger, req) - - if req.PeerID == "" { - return grpcstatus.Error(codes.InvalidArgument, "initial subscription request must specify a PeerID") - } - if req.Nonce != "" { - return grpcstatus.Error(codes.InvalidArgument, "initial subscription request must not contain a nonce") - } - if !pbpeering.KnownTypeURL(req.ResourceURL) { - return grpcstatus.Error(codes.InvalidArgument, fmt.Sprintf("subscription request to unknown resource URL: %s", req.ResourceURL)) - } - - _, p, err := s.Backend.Store().PeeringReadByID(nil, req.PeerID) - if err != nil { - s.logger.Error("failed to look up peer", "peer_id", req.PeerID, "error", err) - return grpcstatus.Error(codes.Internal, "failed to find PeerID: "+req.PeerID) - } - if p == nil { - return grpcstatus.Error(codes.InvalidArgument, "initial subscription for unknown PeerID: "+req.PeerID) - } - - // TODO(peering): If the peering is marked as deleted, send a Terminated message and return - // TODO(peering): Store subscription request so that an event publisher can separately handle pushing messages for it - s.logger.Info("accepted initial replication request from peer", "peer_id", p.ID) - - streamReq := HandleStreamRequest{ - LocalID: p.ID, - RemoteID: p.PeerID, - PeerName: p.Name, - Partition: p.Partition, - Stream: stream, - } - err = s.HandleStream(streamReq) - // A nil error indicates that the peering was deleted and the stream needs to be gracefully shutdown. - if err == nil { - s.DrainStream(streamReq) - return nil - } - - s.logger.Error("error handling stream", "peer_name", p.Name, "peer_id", req.PeerID, "error", err) - return err -} - -type HandleStreamRequest struct { - // LocalID is the UUID for the peering in the local Consul datacenter. - LocalID string - - // RemoteID is the UUID for the peering from the perspective of the peer. - RemoteID string - - // PeerName is the name of the peering. - PeerName string - - // Partition is the local partition associated with the peer. - Partition string - - // Stream is the open stream to the peer cluster. - Stream BidirectionalStream -} - -// DrainStream attempts to gracefully drain the stream when the connection is going to be torn down. -// Tearing down the connection too quickly can lead our peer receiving a context cancellation error before the stream termination message. -// Handling the termination message is important to set the expectation that the peering will not be reestablished unless recreated. -func (s *Service) DrainStream(req HandleStreamRequest) { - for { - // Ensure that we read until an error, or the peer has nothing more to send. - if _, err := req.Stream.Recv(); err != nil { - if err != io.EOF { - s.logger.Warn("failed to tear down stream gracefully: peer may not have received termination message", - "peer_name", req.PeerName, "peer_id", req.LocalID, "error", err) - } - break - } - // Since the peering is being torn down we discard all replication messages without an error. - // We want to avoid importing new data at this point. - } -} - -// The localID provided is the locally-generated identifier for the peering. -// The remoteID is an identifier that the remote peer recognizes for the peering. -func (s *Service) HandleStream(req HandleStreamRequest) error { - logger := s.logger.Named("stream").With("peer_name", req.PeerName, "peer_id", req.LocalID) - logger.Trace("handling stream for peer") - - status, err := s.streams.connected(req.LocalID) - if err != nil { - return fmt.Errorf("failed to register stream: %v", err) - } - - // TODO(peering) Also need to clear subscriptions associated with the peer - defer s.streams.disconnected(req.LocalID) - - var trustDomain string - if s.config.ConnectEnabled { - // Read the TrustDomain up front - we do not allow users to change the ClusterID - // so reading it once at the beginning of the stream is sufficient. - trustDomain, err = getTrustDomain(s.Backend.Store(), logger) - if err != nil { - return err - } - } - - mgr := newSubscriptionManager( - req.Stream.Context(), - logger, - s.config, - trustDomain, - s.Backend, - ) - subCh := mgr.subscribe(req.Stream.Context(), req.LocalID, req.PeerName, req.Partition) - - sub := &pbpeering.ReplicationMessage{ - Payload: &pbpeering.ReplicationMessage_Request_{ - Request: &pbpeering.ReplicationMessage_Request{ - ResourceURL: pbpeering.TypeURLService, - PeerID: req.RemoteID, - }, - }, - } - logTraceSend(logger, sub) - - if err := req.Stream.Send(sub); err != nil { - if err == io.EOF { - logger.Info("stream ended by peer") - status.trackReceiveError(err.Error()) - return nil - } - // TODO(peering) Test error handling in calls to Send/Recv - status.trackSendError(err.Error()) - return fmt.Errorf("failed to send to stream: %v", err) - } - - // TODO(peering): Should this be buffered? - recvChan := make(chan *pbpeering.ReplicationMessage) - go func() { - defer close(recvChan) - for { - msg, err := req.Stream.Recv() - if err == nil { - logTraceRecv(logger, msg) - recvChan <- msg - continue - } - - if err == io.EOF { - logger.Info("stream ended by peer") - status.trackReceiveError(err.Error()) - return - } - logger.Error("failed to receive from stream", "error", err) - status.trackReceiveError(err.Error()) - return - } - }() - - for { - select { - // When the doneCh is closed that means that the peering was deleted locally. - case <-status.doneCh: - logger.Info("ending stream") - - term := &pbpeering.ReplicationMessage{ - Payload: &pbpeering.ReplicationMessage_Terminated_{ - Terminated: &pbpeering.ReplicationMessage_Terminated{}, - }, - } - logTraceSend(logger, term) - - if err := req.Stream.Send(term); err != nil { - status.trackSendError(err.Error()) - return fmt.Errorf("failed to send to stream: %v", err) - } - - logger.Trace("deleting stream status") - s.streams.deleteStatus(req.LocalID) - - return nil - - case msg, open := <-recvChan: - if !open { - logger.Trace("no longer receiving data on the stream") - return nil - } - - if !s.Backend.IsLeader() { - // we are not the leader anymore so we will hang up on the dialer - logger.Error("node is not a leader anymore; cannot continue streaming") - - st, err := grpcstatus.New(codes.FailedPrecondition, - "node is not a leader anymore; cannot continue streaming").WithDetails( - &pbpeering.LeaderAddress{Address: s.Backend.LeaderAddress().Get()}) - if err != nil { - s.logger.Error(fmt.Sprintf("failed to marshal the leader address in response; err: %v", err)) - return grpcstatus.Error(codes.FailedPrecondition, "node is not a leader anymore; cannot continue streaming") - } else { - return st.Err() - } - } - - if req := msg.GetRequest(); req != nil { - switch { - case req.Nonce == "": - // TODO(peering): This can happen on a client peer since they don't try to receive subscriptions before entering HandleStream. - // Should change that behavior or only allow it that one time. - - case req.Error != nil && (req.Error.Code != int32(code.Code_OK) || req.Error.Message != ""): - logger.Warn("client peer was unable to apply resource", "code", req.Error.Code, "error", req.Error.Message) - status.trackNack(fmt.Sprintf("client peer was unable to apply resource: %s", req.Error.Message)) - - default: - status.trackAck() - } - - continue - } - - if resp := msg.GetResponse(); resp != nil { - // TODO(peering): Ensure there's a nonce - reply, err := s.processResponse(req.PeerName, req.Partition, resp) - if err != nil { - logger.Error("failed to persist resource", "resourceURL", resp.ResourceURL, "resourceID", resp.ResourceID) - status.trackReceiveError(err.Error()) - } else { - status.trackReceiveSuccess() - } - - logTraceSend(logger, reply) - if err := req.Stream.Send(reply); err != nil { - status.trackSendError(err.Error()) - return fmt.Errorf("failed to send to stream: %v", err) - } - - continue - } - - if term := msg.GetTerminated(); term != nil { - logger.Info("peering was deleted by our peer: marking peering as terminated and cleaning up imported resources") - - // Once marked as terminated, a separate deferred deletion routine will clean up imported resources. - if err := s.Backend.Apply().PeeringTerminateByID(&pbpeering.PeeringTerminateByIDRequest{ID: req.LocalID}); err != nil { - logger.Error("failed to mark peering as terminated: %w", err) - } - return nil - } - - case update := <-subCh: - var resp *pbpeering.ReplicationMessage - switch { - case strings.HasPrefix(update.CorrelationID, subExportedService): - resp = makeServiceResponse(logger, update) - - case strings.HasPrefix(update.CorrelationID, subMeshGateway): - // TODO(Peering): figure out how to sync this separately - - case update.CorrelationID == subCARoot: - resp = makeCARootsResponse(logger, update) - - default: - logger.Warn("unrecognized update type from subscription manager: " + update.CorrelationID) - continue - } - if resp == nil { - continue - } - logTraceSend(logger, resp) - if err := req.Stream.Send(resp); err != nil { - status.trackSendError(err.Error()) - return fmt.Errorf("failed to push data for %q: %w", update.CorrelationID, err) - } - } - } -} - -func getTrustDomain(store Store, logger hclog.Logger) (string, error) { - _, cfg, err := store.CAConfig(nil) - switch { - case err != nil: - logger.Error("failed to read Connect CA Config", "error", err) - return "", grpcstatus.Error(codes.Internal, "failed to read Connect CA Config") - case cfg == nil: - logger.Warn("cannot begin stream because Connect CA is not yet initialized") - return "", grpcstatus.Error(codes.FailedPrecondition, "Connect CA is not yet initialized") - } - return connect.SpiffeIDSigningForCluster(cfg.ClusterID).Host(), nil -} - -func (s *Service) getExistingOrCreateNewPeerID(peerName, partition string) (string, error) { +func (s *Server) getExistingOrCreateNewPeerID(peerName, partition string) (string, error) { q := state.Query{ Value: strings.ToLower(peerName), EnterpriseMeta: *structs.NodeEnterpriseMetaInPartition(partition), @@ -913,51 +577,13 @@ func (s *Service) getExistingOrCreateNewPeerID(peerName, partition string) (stri return peering.ID, nil } - id, err := lib.GenerateUUID(s.Backend.Apply().CheckPeeringUUID) + id, err := lib.GenerateUUID(s.Backend.CheckPeeringUUID) if err != nil { return "", err } return id, nil } -func (s *Service) StreamStatus(peer string) (resp StreamStatus, found bool) { - return s.streams.streamStatus(peer) -} - -// ConnectedStreams returns a map of connected stream IDs to the corresponding channel for tearing them down. -func (s *Service) ConnectedStreams() map[string]chan struct{} { - return s.streams.connectedStreams() -} - -func logTraceRecv(logger hclog.Logger, pb proto.Message) { - logTraceProto(logger, pb, true) -} - -func logTraceSend(logger hclog.Logger, pb proto.Message) { - logTraceProto(logger, pb, false) -} - -func logTraceProto(logger hclog.Logger, pb proto.Message, received bool) { - if !logger.IsTrace() { - return - } - - dir := "sent" - if received { - dir = "received" - } - - m := jsonpb.Marshaler{ - Indent: " ", - } - out, err := m.MarshalToString(pb) - if err != nil { - out = "" - } - - logger.Trace("replication message", "direction", dir, "protobuf", out) -} - func copyPeeringWithNewState(p *pbpeering.Peering, state pbpeering.PeeringState) *pbpeering.Peering { return &pbpeering.Peering{ ID: p.ID, diff --git a/agent/rpc/peering/service_test.go b/agent/rpc/peering/service_test.go index ca9737f65..26aa84daa 100644 --- a/agent/rpc/peering/service_test.go +++ b/agent/rpc/peering/service_test.go @@ -14,9 +14,7 @@ import ( "github.com/hashicorp/go-hclog" "github.com/hashicorp/go-uuid" "github.com/stretchr/testify/require" - "golang.org/x/sync/errgroup" gogrpc "google.golang.org/grpc" - "google.golang.org/protobuf/types/known/anypb" "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/consul" @@ -30,10 +28,8 @@ import ( "github.com/hashicorp/consul/agent/rpc/peering" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/agent/token" - "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/lib" "github.com/hashicorp/consul/proto/pbpeering" - "github.com/hashicorp/consul/proto/pbservice" "github.com/hashicorp/consul/proto/prototest" "github.com/hashicorp/consul/sdk/freeport" "github.com/hashicorp/consul/sdk/testutil" @@ -70,8 +66,6 @@ func TestPeeringService_GenerateToken(t *testing.T) { ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) t.Cleanup(cancel) - expectedAddr := s.Server.Listener.Addr().String() - // TODO(peering): for more failure cases, consider using a table test // check meta tags reqE := pbpeering.GenerateTokenRequest{PeerName: "peerB", Datacenter: "dc1", Meta: generateTooManyMetaKeys()} @@ -90,7 +84,7 @@ func TestPeeringService_GenerateToken(t *testing.T) { require.NoError(t, json.Unmarshal(tokenJSON, token)) require.Equal(t, "server.dc1.consul", token.ServerName) require.Len(t, token.ServerAddresses, 1) - require.Equal(t, expectedAddr, token.ServerAddresses[0]) + require.Equal(t, s.PublicGRPCAddr, token.ServerAddresses[0]) require.Equal(t, []string{ca}, token.CA) require.NotEmpty(t, token.PeerID) @@ -501,387 +495,6 @@ func TestPeeringService_TrustBundleListByService(t *testing.T) { require.Equal(t, []string{"foo-root-1"}, resp.Bundles[1].RootPEMs) } -func Test_StreamHandler_UpsertServices(t *testing.T) { - if testing.Short() { - t.Skip("too slow for testing.Short") - } - - type testCase struct { - name string - msg *pbpeering.ReplicationMessage_Response - input structs.CheckServiceNodes - expect structs.CheckServiceNodes - } - - s := newTestServer(t, nil) - testrpc.WaitForLeader(t, s.Server.RPC, "dc1") - testrpc.WaitForActiveCARoot(t, s.Server.RPC, "dc1", nil) - - srv := peering.NewService( - testutil.Logger(t), - peering.Config{ - Datacenter: "dc1", - ConnectEnabled: true, - }, - consul.NewPeeringBackend(s.Server, nil), - ) - - require.NoError(t, s.Server.FSM().State().PeeringWrite(0, &pbpeering.Peering{ - ID: testUUID(t), - Name: "my-peer", - })) - - _, p, err := s.Server.FSM().State().PeeringRead(nil, state.Query{Value: "my-peer"}) - require.NoError(t, err) - - client := peering.NewMockClient(context.Background()) - - errCh := make(chan error, 1) - client.ErrCh = errCh - - go func() { - // Pass errors from server handler into ErrCh so that they can be seen by the client on Recv(). - // This matches gRPC's behavior when an error is returned by a server. - err := srv.StreamResources(client.ReplicationStream) - if err != nil { - errCh <- err - } - }() - - sub := &pbpeering.ReplicationMessage{ - Payload: &pbpeering.ReplicationMessage_Request_{ - Request: &pbpeering.ReplicationMessage_Request{ - PeerID: p.ID, - ResourceURL: pbpeering.TypeURLService, - }, - }, - } - require.NoError(t, client.Send(sub)) - - // Receive subscription request from peer for our services - _, err = client.Recv() - require.NoError(t, err) - - // Receive first roots replication message - receiveRoots, err := client.Recv() - require.NoError(t, err) - require.NotNil(t, receiveRoots.GetResponse()) - require.Equal(t, pbpeering.TypeURLRoots, receiveRoots.GetResponse().ResourceURL) - - remoteEntMeta := structs.DefaultEnterpriseMetaInPartition("remote-partition") - localEntMeta := acl.DefaultEnterpriseMeta() - localPeerName := "my-peer" - - // Scrub data we don't need for the assertions below. - scrubCheckServiceNodes := func(instances structs.CheckServiceNodes) { - for _, csn := range instances { - csn.Node.RaftIndex = structs.RaftIndex{} - - csn.Service.TaggedAddresses = nil - csn.Service.Weights = nil - csn.Service.RaftIndex = structs.RaftIndex{} - csn.Service.Proxy = structs.ConnectProxyConfig{} - - for _, c := range csn.Checks { - c.RaftIndex = structs.RaftIndex{} - c.Definition = structs.HealthCheckDefinition{} - } - } - } - - run := func(t *testing.T, tc testCase) { - pbCSN := &pbservice.IndexedCheckServiceNodes{} - for _, csn := range tc.input { - pbCSN.Nodes = append(pbCSN.Nodes, pbservice.NewCheckServiceNodeFromStructs(&csn)) - } - - any, err := anypb.New(pbCSN) - require.NoError(t, err) - tc.msg.Resource = any - - resp := &pbpeering.ReplicationMessage{ - Payload: &pbpeering.ReplicationMessage_Response_{ - Response: tc.msg, - }, - } - require.NoError(t, client.Send(resp)) - - msg, err := client.RecvWithTimeout(1 * time.Second) - require.NoError(t, err) - - req := msg.GetRequest() - require.NotNil(t, req) - require.Equal(t, tc.msg.Nonce, req.Nonce) - require.Nil(t, req.Error) - - _, got, err := s.Server.FSM().State().CombinedCheckServiceNodes(nil, structs.NewServiceName("api", nil), localPeerName) - require.NoError(t, err) - - scrubCheckServiceNodes(got) - require.Equal(t, tc.expect, got) - } - - // NOTE: These test cases do not run against independent state stores, they show sequential updates for a given service. - // Every new upsert must replace the data from the previous case. - tt := []testCase{ - { - name: "upsert an instance on a node", - msg: &pbpeering.ReplicationMessage_Response{ - ResourceURL: pbpeering.TypeURLService, - ResourceID: "api", - Nonce: "1", - Operation: pbpeering.ReplicationMessage_Response_UPSERT, - }, - input: structs.CheckServiceNodes{ - { - Node: &structs.Node{ - ID: "112e2243-ab62-4e8a-9317-63306972183c", - Node: "node-1", - Address: "10.0.0.1", - Datacenter: "dc1", - Partition: remoteEntMeta.PartitionOrEmpty(), - }, - Service: &structs.NodeService{ - Kind: "", - ID: "api-1", - Service: "api", - Port: 8080, - EnterpriseMeta: *remoteEntMeta, - }, - Checks: []*structs.HealthCheck{ - { - CheckID: "node-1-check", - Node: "node-1", - Status: api.HealthPassing, - EnterpriseMeta: *remoteEntMeta, - }, - { - CheckID: "api-1-check", - ServiceID: "api-1", - ServiceName: "api", - Node: "node-1", - Status: api.HealthCritical, - EnterpriseMeta: *remoteEntMeta, - }, - }, - }, - }, - expect: structs.CheckServiceNodes{ - { - Node: &structs.Node{ - ID: "112e2243-ab62-4e8a-9317-63306972183c", - Node: "node-1", - Address: "10.0.0.1", - Datacenter: "dc1", - Partition: localEntMeta.PartitionOrEmpty(), - PeerName: localPeerName, - }, - Service: &structs.NodeService{ - Kind: "", - ID: "api-1", - Service: "api", - Port: 8080, - EnterpriseMeta: *localEntMeta, - PeerName: localPeerName, - }, - Checks: []*structs.HealthCheck{ - { - CheckID: "node-1-check", - Node: "node-1", - Status: api.HealthPassing, - EnterpriseMeta: *localEntMeta, - PeerName: localPeerName, - }, - { - CheckID: "api-1-check", - ServiceID: "api-1", - ServiceName: "api", - Node: "node-1", - Status: api.HealthCritical, - EnterpriseMeta: *localEntMeta, - PeerName: localPeerName, - }, - }, - }, - }, - }, - { - name: "upsert two instances on the same node", - msg: &pbpeering.ReplicationMessage_Response{ - ResourceURL: pbpeering.TypeURLService, - ResourceID: "api", - Nonce: "2", - Operation: pbpeering.ReplicationMessage_Response_UPSERT, - }, - input: structs.CheckServiceNodes{ - { - Node: &structs.Node{ - ID: "112e2243-ab62-4e8a-9317-63306972183c", - Node: "node-1", - Address: "10.0.0.1", - Datacenter: "dc1", - Partition: remoteEntMeta.PartitionOrEmpty(), - }, - Service: &structs.NodeService{ - Kind: "", - ID: "api-1", - Service: "api", - Port: 8080, - EnterpriseMeta: *remoteEntMeta, - }, - Checks: []*structs.HealthCheck{ - { - CheckID: "node-1-check", - Node: "node-1", - Status: api.HealthPassing, - EnterpriseMeta: *remoteEntMeta, - }, - { - CheckID: "api-1-check", - ServiceID: "api-1", - ServiceName: "api", - Node: "node-1", - Status: api.HealthCritical, - EnterpriseMeta: *remoteEntMeta, - }, - }, - }, - { - Node: &structs.Node{ - ID: "112e2243-ab62-4e8a-9317-63306972183c", - Node: "node-1", - Address: "10.0.0.1", - Datacenter: "dc1", - Partition: remoteEntMeta.PartitionOrEmpty(), - }, - Service: &structs.NodeService{ - Kind: "", - ID: "api-2", - Service: "api", - Port: 9090, - EnterpriseMeta: *remoteEntMeta, - }, - Checks: []*structs.HealthCheck{ - { - CheckID: "node-1-check", - Node: "node-1", - Status: api.HealthPassing, - EnterpriseMeta: *remoteEntMeta, - }, - { - CheckID: "api-2-check", - ServiceID: "api-2", - ServiceName: "api", - Node: "node-1", - Status: api.HealthWarning, - EnterpriseMeta: *remoteEntMeta, - }, - }, - }, - }, - expect: structs.CheckServiceNodes{ - { - Node: &structs.Node{ - ID: "112e2243-ab62-4e8a-9317-63306972183c", - Node: "node-1", - Address: "10.0.0.1", - Datacenter: "dc1", - Partition: localEntMeta.PartitionOrEmpty(), - PeerName: localPeerName, - }, - Service: &structs.NodeService{ - Kind: "", - ID: "api-1", - Service: "api", - Port: 8080, - EnterpriseMeta: *localEntMeta, - PeerName: localPeerName, - }, - Checks: []*structs.HealthCheck{ - { - CheckID: "node-1-check", - Node: "node-1", - Status: api.HealthPassing, - EnterpriseMeta: *localEntMeta, - PeerName: localPeerName, - }, - { - CheckID: "api-1-check", - ServiceID: "api-1", - ServiceName: "api", - Node: "node-1", - Status: api.HealthCritical, - EnterpriseMeta: *localEntMeta, - PeerName: localPeerName, - }, - }, - }, - { - Node: &structs.Node{ - ID: "112e2243-ab62-4e8a-9317-63306972183c", - Node: "node-1", - Address: "10.0.0.1", - Datacenter: "dc1", - Partition: localEntMeta.PartitionOrEmpty(), - PeerName: localPeerName, - }, - Service: &structs.NodeService{ - Kind: "", - ID: "api-2", - Service: "api", - Port: 9090, - EnterpriseMeta: *localEntMeta, - PeerName: localPeerName, - }, - Checks: []*structs.HealthCheck{ - { - CheckID: "node-1-check", - Node: "node-1", - Status: api.HealthPassing, - EnterpriseMeta: *localEntMeta, - PeerName: localPeerName, - }, - { - CheckID: "api-2-check", - ServiceID: "api-2", - ServiceName: "api", - Node: "node-1", - Status: api.HealthWarning, - EnterpriseMeta: *localEntMeta, - PeerName: localPeerName, - }, - }, - }, - }, - }, - } - for _, tc := range tt { - testutil.RunStep(t, tc.name, func(t *testing.T) { - run(t, tc) - }) - } - - // call PeeringRead and look at the peering state; the peering state must be active - { - ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) - t.Cleanup(cancel) - - resp, err := srv.PeeringRead(ctx, &pbpeering.PeeringReadRequest{Name: localPeerName}) - require.NoError(t, err) - require.Equal(t, pbpeering.PeeringState_ACTIVE, resp.Peering.State) - } - - // call PeeringList and look at the peering state; the peering state must be active - { - ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) - t.Cleanup(cancel) - - resp, err := srv.PeeringList(ctx, &pbpeering.PeeringListRequest{}) - require.NoError(t, err) - require.Equal(t, pbpeering.PeeringState_ACTIVE, resp.Peerings[0].State) - } -} - // newTestServer is copied from partition/service_test.go, with the addition of certs/cas. // TODO(peering): these are endpoint tests and should live in the agent/consul // package. Instead, these can be written around a mock client (see testing.go) @@ -891,7 +504,7 @@ func newTestServer(t *testing.T, cb func(conf *consul.Config)) testingServer { conf := consul.DefaultConfig() dir := testutil.TempDir(t, "consul") - ports := freeport.GetN(t, 3) // {rpc, serf_lan, serf_wan} + ports := freeport.GetN(t, 4) // {rpc, serf_lan, serf_wan, grpc} conf.Bootstrap = true conf.Datacenter = "dc1" @@ -912,6 +525,8 @@ func newTestServer(t *testing.T, cb func(conf *consul.Config)) testingServer { conf.PrimaryDatacenter = "dc1" conf.ConnectEnabled = true + conf.GRPCPort = ports[3] + nodeID, err := uuid.GenerateUUID() if err != nil { t.Fatal(err) @@ -929,45 +544,31 @@ func newTestServer(t *testing.T, cb func(conf *consul.Config)) testingServer { conf.ACLResolverSettings.Datacenter = conf.Datacenter conf.ACLResolverSettings.EnterpriseMeta = *conf.AgentEnterpriseMeta() + publicGRPCServer := gogrpc.NewServer() + deps := newDefaultDeps(t, conf) - server, err := consul.NewServer(conf, deps, gogrpc.NewServer()) + server, err := consul.NewServer(conf, deps, publicGRPCServer) require.NoError(t, err) t.Cleanup(func() { require.NoError(t, server.Shutdown()) }) + // Normally the gRPC server listener is created at the agent level and + // passed down into the Server creation. + grpcAddr := fmt.Sprintf("127.0.0.1:%d", conf.GRPCPort) + + ln, err := net.Listen("tcp", grpcAddr) + require.NoError(t, err) + go func() { + _ = publicGRPCServer.Serve(ln) + }() + t.Cleanup(publicGRPCServer.Stop) + testrpc.WaitForLeader(t, server.RPC, conf.Datacenter) - backend := consul.NewPeeringBackend(server, deps.GRPCConnPool) - handler := peering.NewService(testutil.Logger(t), peering.Config{ - Datacenter: "dc1", - ConnectEnabled: true, - }, backend) - - grpcServer := gogrpc.NewServer() - pbpeering.RegisterPeeringServiceServer(grpcServer, handler) - - lis, err := net.Listen("tcp", "127.0.0.1:0") - require.NoError(t, err) - t.Cleanup(func() { lis.Close() }) - - g := new(errgroup.Group) - g.Go(func() error { - return grpcServer.Serve(lis) - }) - t.Cleanup(func() { - if grpcServer.Stop(); err != nil { - t.Logf("grpc server shutdown: %v", err) - } - if err := g.Wait(); err != nil { - t.Logf("grpc server error: %v", err) - } - }) - return testingServer{ - Server: server, - Backend: backend, - Addr: lis.Addr(), + Server: server, + PublicGRPCAddr: grpcAddr, } } @@ -976,16 +577,38 @@ func (s testingServer) ClientConn(t *testing.T) *gogrpc.ClientConn { ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) t.Cleanup(cancel) - conn, err := gogrpc.DialContext(ctx, s.Addr.String(), gogrpc.WithInsecure()) + rpcAddr := s.Server.Listener.Addr().String() + + conn, err := gogrpc.DialContext(ctx, rpcAddr, + gogrpc.WithContextDialer(newServerDialer(rpcAddr)), + gogrpc.WithInsecure(), + gogrpc.WithBlock()) require.NoError(t, err) t.Cleanup(func() { conn.Close() }) return conn } +func newServerDialer(serverAddr string) func(context.Context, string) (net.Conn, error) { + return func(ctx context.Context, addr string) (net.Conn, error) { + d := net.Dialer{} + conn, err := d.DialContext(ctx, "tcp", serverAddr) + if err != nil { + return nil, err + } + + _, err = conn.Write([]byte{byte(pool.RPCGRPC)}) + if err != nil { + conn.Close() + return nil, err + } + + return conn, nil + } +} + type testingServer struct { - Server *consul.Server - Addr net.Addr - Backend peering.Backend + Server *consul.Server + PublicGRPCAddr string } // TODO(peering): remove duplication between this and agent/consul tests @@ -1056,3 +679,7 @@ func testUUID(t *testing.T) string { require.NoError(t, err) return v } + +func noopForwardRPC(structs.RPCInfo, func(*gogrpc.ClientConn) error) (bool, error) { + return false, nil +} diff --git a/agent/rpc/peering/testing.go b/agent/rpc/peering/testing.go index 312b92720..de64dda7a 100644 --- a/agent/rpc/peering/testing.go +++ b/agent/rpc/peering/testing.go @@ -1,13 +1,6 @@ package peering import ( - "context" - "io" - "sync" - "time" - - "google.golang.org/grpc/metadata" - "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/proto/pbpeering" ) @@ -73,119 +66,3 @@ func TestPeeringToken(peerID string) structs.PeeringToken { PeerID: peerID, } } - -type MockClient struct { - mu sync.Mutex - - ErrCh chan error - ReplicationStream *MockStream -} - -func (c *MockClient) Send(r *pbpeering.ReplicationMessage) error { - c.ReplicationStream.recvCh <- r - return nil -} - -func (c *MockClient) Recv() (*pbpeering.ReplicationMessage, error) { - select { - case err := <-c.ErrCh: - return nil, err - case r := <-c.ReplicationStream.sendCh: - return r, nil - case <-time.After(10 * time.Millisecond): - return nil, io.EOF - } -} - -func (c *MockClient) RecvWithTimeout(dur time.Duration) (*pbpeering.ReplicationMessage, error) { - select { - case err := <-c.ErrCh: - return nil, err - case r := <-c.ReplicationStream.sendCh: - return r, nil - case <-time.After(dur): - return nil, io.EOF - } -} - -func (c *MockClient) Close() { - close(c.ReplicationStream.recvCh) -} - -func NewMockClient(ctx context.Context) *MockClient { - return &MockClient{ - ReplicationStream: newTestReplicationStream(ctx), - } -} - -// MockStream mocks peering.PeeringService_StreamResourcesServer -type MockStream struct { - sendCh chan *pbpeering.ReplicationMessage - recvCh chan *pbpeering.ReplicationMessage - - ctx context.Context - mu sync.Mutex -} - -var _ pbpeering.PeeringService_StreamResourcesServer = (*MockStream)(nil) - -func newTestReplicationStream(ctx context.Context) *MockStream { - return &MockStream{ - sendCh: make(chan *pbpeering.ReplicationMessage, 1), - recvCh: make(chan *pbpeering.ReplicationMessage, 1), - ctx: ctx, - } -} - -// Send implements pbpeering.PeeringService_StreamResourcesServer -func (s *MockStream) Send(r *pbpeering.ReplicationMessage) error { - s.sendCh <- r - return nil -} - -// Recv implements pbpeering.PeeringService_StreamResourcesServer -func (s *MockStream) Recv() (*pbpeering.ReplicationMessage, error) { - r := <-s.recvCh - if r == nil { - return nil, io.EOF - } - return r, nil -} - -// Context implements grpc.ServerStream and grpc.ClientStream -func (s *MockStream) Context() context.Context { - return s.ctx -} - -// SendMsg implements grpc.ServerStream and grpc.ClientStream -func (s *MockStream) SendMsg(m interface{}) error { - return nil -} - -// RecvMsg implements grpc.ServerStream and grpc.ClientStream -func (s *MockStream) RecvMsg(m interface{}) error { - return nil -} - -// SetHeader implements grpc.ServerStream -func (s *MockStream) SetHeader(metadata.MD) error { - return nil -} - -// SendHeader implements grpc.ServerStream -func (s *MockStream) SendHeader(metadata.MD) error { - return nil -} - -// SetTrailer implements grpc.ServerStream -func (s *MockStream) SetTrailer(metadata.MD) {} - -type incrementalTime struct { - base time.Time - next uint64 -} - -func (t *incrementalTime) Now() time.Time { - t.next++ - return t.base.Add(time.Duration(t.next) * time.Second) -} diff --git a/proto/pbpeering/generate.go b/proto/pbpeering/generate.go deleted file mode 100644 index 1f060a6cf..000000000 --- a/proto/pbpeering/generate.go +++ /dev/null @@ -1,9 +0,0 @@ -// TODO: files generated from this go:generate may fail the CI check because of relative source. -// Figure out a way to robustly use this file. -//go:generate protoc --gofast_out=. --gofast_opt=paths=source_relative --go-binary_out=. peering.proto -// requires: -// - protoc -// - github.com/gogo/protobuf/protoc-gen-gofast -// - github.com/hashicorp/protoc-gen-go-binary - -package pbpeering diff --git a/proto/pbpeering/peering.go b/proto/pbpeering/peering.go index cb26b2a56..5de1dc9bc 100644 --- a/proto/pbpeering/peering.go +++ b/proto/pbpeering/peering.go @@ -91,10 +91,6 @@ func (p *Peering) ShouldDial() bool { return len(p.PeerServerAddresses) > 0 } -func (x ReplicationMessage_Response_Operation) GoString() string { - return x.String() -} - func (x PeeringState) GoString() string { return x.String() } diff --git a/proto/pbpeering/peering.pb.binary.go b/proto/pbpeering/peering.pb.binary.go index c7e24ecf3..7b7941085 100644 --- a/proto/pbpeering/peering.pb.binary.go +++ b/proto/pbpeering/peering.pb.binary.go @@ -246,53 +246,3 @@ func (msg *EstablishResponse) MarshalBinary() ([]byte, error) { func (msg *EstablishResponse) UnmarshalBinary(b []byte) error { return proto.Unmarshal(b, msg) } - -// MarshalBinary implements encoding.BinaryMarshaler -func (msg *ReplicationMessage) MarshalBinary() ([]byte, error) { - return proto.Marshal(msg) -} - -// UnmarshalBinary implements encoding.BinaryUnmarshaler -func (msg *ReplicationMessage) UnmarshalBinary(b []byte) error { - return proto.Unmarshal(b, msg) -} - -// MarshalBinary implements encoding.BinaryMarshaler -func (msg *ReplicationMessage_Request) MarshalBinary() ([]byte, error) { - return proto.Marshal(msg) -} - -// UnmarshalBinary implements encoding.BinaryUnmarshaler -func (msg *ReplicationMessage_Request) UnmarshalBinary(b []byte) error { - return proto.Unmarshal(b, msg) -} - -// MarshalBinary implements encoding.BinaryMarshaler -func (msg *ReplicationMessage_Response) MarshalBinary() ([]byte, error) { - return proto.Marshal(msg) -} - -// UnmarshalBinary implements encoding.BinaryUnmarshaler -func (msg *ReplicationMessage_Response) UnmarshalBinary(b []byte) error { - return proto.Unmarshal(b, msg) -} - -// MarshalBinary implements encoding.BinaryMarshaler -func (msg *ReplicationMessage_Terminated) MarshalBinary() ([]byte, error) { - return proto.Marshal(msg) -} - -// UnmarshalBinary implements encoding.BinaryUnmarshaler -func (msg *ReplicationMessage_Terminated) UnmarshalBinary(b []byte) error { - return proto.Unmarshal(b, msg) -} - -// MarshalBinary implements encoding.BinaryMarshaler -func (msg *LeaderAddress) MarshalBinary() ([]byte, error) { - return proto.Marshal(msg) -} - -// UnmarshalBinary implements encoding.BinaryUnmarshaler -func (msg *LeaderAddress) UnmarshalBinary(b []byte) error { - return proto.Unmarshal(b, msg) -} diff --git a/proto/pbpeering/peering.pb.go b/proto/pbpeering/peering.pb.go index 98d1c4382..143dd0068 100644 --- a/proto/pbpeering/peering.pb.go +++ b/proto/pbpeering/peering.pb.go @@ -7,10 +7,8 @@ package pbpeering import ( - pbstatus "github.com/hashicorp/consul/proto/pbstatus" protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" - anypb "google.golang.org/protobuf/types/known/anypb" timestamppb "google.golang.org/protobuf/types/known/timestamppb" reflect "reflect" sync "sync" @@ -98,60 +96,6 @@ func (PeeringState) EnumDescriptor() ([]byte, []int) { return file_proto_pbpeering_peering_proto_rawDescGZIP(), []int{0} } -// Operation enumerates supported operations for replicated resources. -type ReplicationMessage_Response_Operation int32 - -const ( - ReplicationMessage_Response_Unknown ReplicationMessage_Response_Operation = 0 - // UPSERT represents a create or update event. - ReplicationMessage_Response_UPSERT ReplicationMessage_Response_Operation = 1 - // DELETE indicates the resource should be deleted. - // In DELETE operations no Resource will be returned. - // Deletion by an importing peer must be done with the type URL and ID. - ReplicationMessage_Response_DELETE ReplicationMessage_Response_Operation = 2 -) - -// Enum value maps for ReplicationMessage_Response_Operation. -var ( - ReplicationMessage_Response_Operation_name = map[int32]string{ - 0: "Unknown", - 1: "UPSERT", - 2: "DELETE", - } - ReplicationMessage_Response_Operation_value = map[string]int32{ - "Unknown": 0, - "UPSERT": 1, - "DELETE": 2, - } -) - -func (x ReplicationMessage_Response_Operation) Enum() *ReplicationMessage_Response_Operation { - p := new(ReplicationMessage_Response_Operation) - *p = x - return p -} - -func (x ReplicationMessage_Response_Operation) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (ReplicationMessage_Response_Operation) Descriptor() protoreflect.EnumDescriptor { - return file_proto_pbpeering_peering_proto_enumTypes[1].Descriptor() -} - -func (ReplicationMessage_Response_Operation) Type() protoreflect.EnumType { - return &file_proto_pbpeering_peering_proto_enumTypes[1] -} - -func (x ReplicationMessage_Response_Operation) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Use ReplicationMessage_Response_Operation.Descriptor instead. -func (ReplicationMessage_Response_Operation) EnumDescriptor() ([]byte, []int) { - return file_proto_pbpeering_peering_proto_rawDescGZIP(), []int{24, 1, 0} -} - // Peering defines a peering relationship between two disparate Consul clusters // // mog annotation: @@ -1685,356 +1629,6 @@ func (*EstablishResponse) Descriptor() ([]byte, []int) { return file_proto_pbpeering_peering_proto_rawDescGZIP(), []int{23} } -type ReplicationMessage struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Types that are assignable to Payload: - // *ReplicationMessage_Request_ - // *ReplicationMessage_Response_ - // *ReplicationMessage_Terminated_ - Payload isReplicationMessage_Payload `protobuf_oneof:"Payload"` -} - -func (x *ReplicationMessage) Reset() { - *x = ReplicationMessage{} - if protoimpl.UnsafeEnabled { - mi := &file_proto_pbpeering_peering_proto_msgTypes[24] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ReplicationMessage) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ReplicationMessage) ProtoMessage() {} - -func (x *ReplicationMessage) ProtoReflect() protoreflect.Message { - mi := &file_proto_pbpeering_peering_proto_msgTypes[24] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ReplicationMessage.ProtoReflect.Descriptor instead. -func (*ReplicationMessage) Descriptor() ([]byte, []int) { - return file_proto_pbpeering_peering_proto_rawDescGZIP(), []int{24} -} - -func (m *ReplicationMessage) GetPayload() isReplicationMessage_Payload { - if m != nil { - return m.Payload - } - return nil -} - -func (x *ReplicationMessage) GetRequest() *ReplicationMessage_Request { - if x, ok := x.GetPayload().(*ReplicationMessage_Request_); ok { - return x.Request - } - return nil -} - -func (x *ReplicationMessage) GetResponse() *ReplicationMessage_Response { - if x, ok := x.GetPayload().(*ReplicationMessage_Response_); ok { - return x.Response - } - return nil -} - -func (x *ReplicationMessage) GetTerminated() *ReplicationMessage_Terminated { - if x, ok := x.GetPayload().(*ReplicationMessage_Terminated_); ok { - return x.Terminated - } - return nil -} - -type isReplicationMessage_Payload interface { - isReplicationMessage_Payload() -} - -type ReplicationMessage_Request_ struct { - Request *ReplicationMessage_Request `protobuf:"bytes,1,opt,name=request,proto3,oneof"` -} - -type ReplicationMessage_Response_ struct { - Response *ReplicationMessage_Response `protobuf:"bytes,2,opt,name=response,proto3,oneof"` -} - -type ReplicationMessage_Terminated_ struct { - Terminated *ReplicationMessage_Terminated `protobuf:"bytes,3,opt,name=terminated,proto3,oneof"` -} - -func (*ReplicationMessage_Request_) isReplicationMessage_Payload() {} - -func (*ReplicationMessage_Response_) isReplicationMessage_Payload() {} - -func (*ReplicationMessage_Terminated_) isReplicationMessage_Payload() {} - -// LeaderAddress is sent when the peering service runs on a consul node -// that is not a leader. The node either lost leadership, or never was a leader. -type LeaderAddress struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // address is an ip:port best effort hint at what could be the cluster leader's address - Address string `protobuf:"bytes,1,opt,name=address,proto3" json:"address,omitempty"` -} - -func (x *LeaderAddress) Reset() { - *x = LeaderAddress{} - if protoimpl.UnsafeEnabled { - mi := &file_proto_pbpeering_peering_proto_msgTypes[25] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *LeaderAddress) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*LeaderAddress) ProtoMessage() {} - -func (x *LeaderAddress) ProtoReflect() protoreflect.Message { - mi := &file_proto_pbpeering_peering_proto_msgTypes[25] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use LeaderAddress.ProtoReflect.Descriptor instead. -func (*LeaderAddress) Descriptor() ([]byte, []int) { - return file_proto_pbpeering_peering_proto_rawDescGZIP(), []int{25} -} - -func (x *LeaderAddress) GetAddress() string { - if x != nil { - return x.Address - } - return "" -} - -// A Request requests to subscribe to a resource of a given type. -type ReplicationMessage_Request struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // An identifier for the peer making the request. - // This identifier is provisioned by the serving peer prior to the request from the dialing peer. - PeerID string `protobuf:"bytes,1,opt,name=PeerID,proto3" json:"PeerID,omitempty"` - // Nonce corresponding to that of the response being ACKed or NACKed. - // Initial subscription requests will have an empty nonce. - // The nonce is generated and incremented by the exporting peer. - Nonce string `protobuf:"bytes,2,opt,name=Nonce,proto3" json:"Nonce,omitempty"` - // The type URL for the resource being requested or ACK/NACKed. - ResourceURL string `protobuf:"bytes,3,opt,name=ResourceURL,proto3" json:"ResourceURL,omitempty"` - // The error if the previous response was not applied successfully. - // This field is empty in the first subscription request. - Error *pbstatus.Status `protobuf:"bytes,4,opt,name=Error,proto3" json:"Error,omitempty"` -} - -func (x *ReplicationMessage_Request) Reset() { - *x = ReplicationMessage_Request{} - if protoimpl.UnsafeEnabled { - mi := &file_proto_pbpeering_peering_proto_msgTypes[30] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ReplicationMessage_Request) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ReplicationMessage_Request) ProtoMessage() {} - -func (x *ReplicationMessage_Request) ProtoReflect() protoreflect.Message { - mi := &file_proto_pbpeering_peering_proto_msgTypes[30] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ReplicationMessage_Request.ProtoReflect.Descriptor instead. -func (*ReplicationMessage_Request) Descriptor() ([]byte, []int) { - return file_proto_pbpeering_peering_proto_rawDescGZIP(), []int{24, 0} -} - -func (x *ReplicationMessage_Request) GetPeerID() string { - if x != nil { - return x.PeerID - } - return "" -} - -func (x *ReplicationMessage_Request) GetNonce() string { - if x != nil { - return x.Nonce - } - return "" -} - -func (x *ReplicationMessage_Request) GetResourceURL() string { - if x != nil { - return x.ResourceURL - } - return "" -} - -func (x *ReplicationMessage_Request) GetError() *pbstatus.Status { - if x != nil { - return x.Error - } - return nil -} - -// A Response contains resources corresponding to a subscription request. -type ReplicationMessage_Response struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Nonce identifying a response in a stream. - Nonce string `protobuf:"bytes,1,opt,name=Nonce,proto3" json:"Nonce,omitempty"` - // The type URL of resource being returned. - ResourceURL string `protobuf:"bytes,2,opt,name=ResourceURL,proto3" json:"ResourceURL,omitempty"` - // An identifier for the resource being returned. - // This could be the SPIFFE ID of the service. - ResourceID string `protobuf:"bytes,3,opt,name=ResourceID,proto3" json:"ResourceID,omitempty"` - // The resource being returned. - Resource *anypb.Any `protobuf:"bytes,4,opt,name=Resource,proto3" json:"Resource,omitempty"` - // REQUIRED. The operation to be performed in relation to the resource. - Operation ReplicationMessage_Response_Operation `protobuf:"varint,5,opt,name=operation,proto3,enum=peering.ReplicationMessage_Response_Operation" json:"operation,omitempty"` -} - -func (x *ReplicationMessage_Response) Reset() { - *x = ReplicationMessage_Response{} - if protoimpl.UnsafeEnabled { - mi := &file_proto_pbpeering_peering_proto_msgTypes[31] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ReplicationMessage_Response) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ReplicationMessage_Response) ProtoMessage() {} - -func (x *ReplicationMessage_Response) ProtoReflect() protoreflect.Message { - mi := &file_proto_pbpeering_peering_proto_msgTypes[31] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ReplicationMessage_Response.ProtoReflect.Descriptor instead. -func (*ReplicationMessage_Response) Descriptor() ([]byte, []int) { - return file_proto_pbpeering_peering_proto_rawDescGZIP(), []int{24, 1} -} - -func (x *ReplicationMessage_Response) GetNonce() string { - if x != nil { - return x.Nonce - } - return "" -} - -func (x *ReplicationMessage_Response) GetResourceURL() string { - if x != nil { - return x.ResourceURL - } - return "" -} - -func (x *ReplicationMessage_Response) GetResourceID() string { - if x != nil { - return x.ResourceID - } - return "" -} - -func (x *ReplicationMessage_Response) GetResource() *anypb.Any { - if x != nil { - return x.Resource - } - return nil -} - -func (x *ReplicationMessage_Response) GetOperation() ReplicationMessage_Response_Operation { - if x != nil { - return x.Operation - } - return ReplicationMessage_Response_Unknown -} - -// Terminated is sent when a peering is deleted locally. -// This message signals to the peer that they should clean up their local state about the peering. -type ReplicationMessage_Terminated struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields -} - -func (x *ReplicationMessage_Terminated) Reset() { - *x = ReplicationMessage_Terminated{} - if protoimpl.UnsafeEnabled { - mi := &file_proto_pbpeering_peering_proto_msgTypes[32] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ReplicationMessage_Terminated) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ReplicationMessage_Terminated) ProtoMessage() {} - -func (x *ReplicationMessage_Terminated) ProtoReflect() protoreflect.Message { - mi := &file_proto_pbpeering_peering_proto_msgTypes[32] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ReplicationMessage_Terminated.ProtoReflect.Descriptor instead. -func (*ReplicationMessage_Terminated) Descriptor() ([]byte, []int) { - return file_proto_pbpeering_peering_proto_rawDescGZIP(), []int{24, 2} -} - var File_proto_pbpeering_peering_proto protoreflect.FileDescriptor var file_proto_pbpeering_peering_proto_rawDesc = []byte{ @@ -2042,311 +1636,259 @@ var file_proto_pbpeering_peering_proto_rawDesc = []byte{ 0x67, 0x2f, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x07, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, - 0x61, 0x6d, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x19, 0x67, 0x6f, 0x6f, 0x67, 0x6c, - 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x61, 0x6e, 0x79, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1b, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x73, 0x74, - 0x61, 0x74, 0x75, 0x73, 0x2f, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x22, 0xd9, 0x04, 0x0a, 0x07, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x12, 0x0e, 0x0a, - 0x02, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x49, 0x44, 0x12, 0x12, 0x0a, - 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, - 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, - 0x38, 0x0a, 0x09, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x64, 0x41, 0x74, 0x18, 0x04, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x09, - 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x64, 0x41, 0x74, 0x12, 0x2e, 0x0a, 0x04, 0x4d, 0x65, 0x74, - 0x61, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, - 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, - 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x2b, 0x0a, 0x05, 0x53, 0x74, 0x61, - 0x74, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x15, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, - 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, - 0x05, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x50, 0x65, 0x65, 0x72, 0x49, 0x44, - 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x50, 0x65, 0x65, 0x72, 0x49, 0x44, 0x12, 0x1e, - 0x0a, 0x0a, 0x50, 0x65, 0x65, 0x72, 0x43, 0x41, 0x50, 0x65, 0x6d, 0x73, 0x18, 0x08, 0x20, 0x03, - 0x28, 0x09, 0x52, 0x0a, 0x50, 0x65, 0x65, 0x72, 0x43, 0x41, 0x50, 0x65, 0x6d, 0x73, 0x12, 0x26, - 0x0a, 0x0e, 0x50, 0x65, 0x65, 0x72, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, - 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x50, 0x65, 0x65, 0x72, 0x53, 0x65, 0x72, 0x76, - 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x30, 0x0a, 0x13, 0x50, 0x65, 0x65, 0x72, 0x53, 0x65, - 0x72, 0x76, 0x65, 0x72, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x18, 0x0a, 0x20, - 0x03, 0x28, 0x09, 0x52, 0x13, 0x50, 0x65, 0x65, 0x72, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x41, - 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x12, 0x32, 0x0a, 0x14, 0x49, 0x6d, 0x70, 0x6f, - 0x72, 0x74, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74, - 0x18, 0x0d, 0x20, 0x01, 0x28, 0x04, 0x52, 0x14, 0x49, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x65, 0x64, - 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x32, 0x0a, 0x14, - 0x45, 0x78, 0x70, 0x6f, 0x72, 0x74, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x43, - 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x04, 0x52, 0x14, 0x45, 0x78, 0x70, 0x6f, - 0x72, 0x74, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74, - 0x12, 0x20, 0x0a, 0x0b, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x18, - 0x0b, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0b, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x49, 0x6e, 0x64, - 0x65, 0x78, 0x12, 0x20, 0x0a, 0x0b, 0x4d, 0x6f, 0x64, 0x69, 0x66, 0x79, 0x49, 0x6e, 0x64, 0x65, - 0x78, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0b, 0x4d, 0x6f, 0x64, 0x69, 0x66, 0x79, 0x49, - 0x6e, 0x64, 0x65, 0x78, 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, - 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, - 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xfe, 0x01, - 0x0a, 0x12, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, - 0x6e, 0x64, 0x6c, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x54, 0x72, 0x75, 0x73, 0x74, 0x44, 0x6f, 0x6d, - 0x61, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x54, 0x72, 0x75, 0x73, 0x74, - 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x12, 0x1a, 0x0a, 0x08, 0x50, 0x65, 0x65, 0x72, 0x4e, 0x61, - 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x50, 0x65, 0x65, 0x72, 0x4e, 0x61, - 0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, - 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, - 0x12, 0x1a, 0x0a, 0x08, 0x52, 0x6f, 0x6f, 0x74, 0x50, 0x45, 0x4d, 0x73, 0x18, 0x04, 0x20, 0x03, - 0x28, 0x09, 0x52, 0x08, 0x52, 0x6f, 0x6f, 0x74, 0x50, 0x45, 0x4d, 0x73, 0x12, 0x2c, 0x0a, 0x11, - 0x45, 0x78, 0x70, 0x6f, 0x72, 0x74, 0x65, 0x64, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, - 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x45, 0x78, 0x70, 0x6f, 0x72, 0x74, 0x65, - 0x64, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x20, 0x0a, 0x0b, 0x43, 0x72, - 0x65, 0x61, 0x74, 0x65, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x06, 0x20, 0x01, 0x28, 0x04, 0x52, - 0x0b, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x20, 0x0a, 0x0b, - 0x4d, 0x6f, 0x64, 0x69, 0x66, 0x79, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x07, 0x20, 0x01, 0x28, - 0x04, 0x52, 0x0b, 0x4d, 0x6f, 0x64, 0x69, 0x66, 0x79, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x22, 0x66, - 0x0a, 0x12, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, 0x71, - 0x75, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, - 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, - 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1e, 0x0a, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, - 0x6e, 0x74, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x44, 0x61, 0x74, 0x61, - 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x22, 0x41, 0x0a, 0x13, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, - 0x67, 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x2a, 0x0a, - 0x07, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x10, - 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, - 0x52, 0x07, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x22, 0x52, 0x0a, 0x12, 0x50, 0x65, 0x65, - 0x72, 0x69, 0x6e, 0x67, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, - 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1e, 0x0a, - 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x22, 0x43, 0x0a, - 0x13, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x73, 0x70, - 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x2c, 0x0a, 0x08, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x73, - 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, - 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x52, 0x08, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, - 0x67, 0x73, 0x22, 0xd6, 0x01, 0x0a, 0x13, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x57, 0x72, - 0x69, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x2a, 0x0a, 0x07, 0x50, 0x65, - 0x65, 0x72, 0x69, 0x6e, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x70, 0x65, - 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x52, 0x07, 0x50, - 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x12, 0x1e, 0x0a, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, - 0x6e, 0x74, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x44, 0x61, 0x74, 0x61, - 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x3a, 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x03, - 0x20, 0x03, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, - 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, - 0x74, 0x61, 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, - 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, - 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x16, 0x0a, 0x14, 0x50, - 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, - 0x6e, 0x73, 0x65, 0x22, 0x68, 0x0a, 0x14, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x44, 0x65, - 0x6c, 0x65, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x4e, - 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, - 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1e, 0x0a, - 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x22, 0x17, 0x0a, - 0x15, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x52, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0xb3, 0x01, 0x0a, 0x1f, 0x54, 0x72, 0x75, 0x73, 0x74, - 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x42, 0x79, 0x53, 0x65, 0x72, 0x76, - 0x69, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x20, 0x0a, 0x0b, 0x53, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x0b, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, - 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x09, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, + 0x61, 0x6d, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xd9, 0x04, 0x0a, 0x07, 0x50, 0x65, + 0x65, 0x72, 0x69, 0x6e, 0x67, 0x12, 0x0e, 0x0a, 0x02, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x02, 0x49, 0x44, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, + 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, + 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x38, 0x0a, 0x09, 0x44, 0x65, 0x6c, 0x65, 0x74, + 0x65, 0x64, 0x41, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, + 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, + 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x09, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x64, 0x41, + 0x74, 0x12, 0x2e, 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, + 0x1a, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, + 0x67, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, + 0x61, 0x12, 0x2b, 0x0a, 0x05, 0x53, 0x74, 0x61, 0x74, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0e, + 0x32, 0x15, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, + 0x6e, 0x67, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x05, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x16, + 0x0a, 0x06, 0x50, 0x65, 0x65, 0x72, 0x49, 0x44, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, + 0x50, 0x65, 0x65, 0x72, 0x49, 0x44, 0x12, 0x1e, 0x0a, 0x0a, 0x50, 0x65, 0x65, 0x72, 0x43, 0x41, + 0x50, 0x65, 0x6d, 0x73, 0x18, 0x08, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x50, 0x65, 0x65, 0x72, + 0x43, 0x41, 0x50, 0x65, 0x6d, 0x73, 0x12, 0x26, 0x0a, 0x0e, 0x50, 0x65, 0x65, 0x72, 0x53, 0x65, + 0x72, 0x76, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, + 0x50, 0x65, 0x65, 0x72, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x30, + 0x0a, 0x13, 0x50, 0x65, 0x65, 0x72, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x41, 0x64, 0x64, 0x72, + 0x65, 0x73, 0x73, 0x65, 0x73, 0x18, 0x0a, 0x20, 0x03, 0x28, 0x09, 0x52, 0x13, 0x50, 0x65, 0x65, + 0x72, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, + 0x12, 0x32, 0x0a, 0x14, 0x49, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, + 0x69, 0x63, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x04, 0x52, 0x14, + 0x49, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x43, + 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x32, 0x0a, 0x14, 0x45, 0x78, 0x70, 0x6f, 0x72, 0x74, 0x65, 0x64, + 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x0e, 0x20, 0x01, + 0x28, 0x04, 0x52, 0x14, 0x45, 0x78, 0x70, 0x6f, 0x72, 0x74, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, + 0x69, 0x63, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x20, 0x0a, 0x0b, 0x43, 0x72, 0x65, 0x61, + 0x74, 0x65, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0b, 0x43, + 0x72, 0x65, 0x61, 0x74, 0x65, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x20, 0x0a, 0x0b, 0x4d, 0x6f, + 0x64, 0x69, 0x66, 0x79, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x04, 0x52, + 0x0b, 0x4d, 0x6f, 0x64, 0x69, 0x66, 0x79, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x1a, 0x37, 0x0a, 0x09, + 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, + 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, + 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xfe, 0x01, 0x0a, 0x12, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, + 0x67, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x12, 0x20, 0x0a, 0x0b, + 0x54, 0x72, 0x75, 0x73, 0x74, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x0b, 0x54, 0x72, 0x75, 0x73, 0x74, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x12, 0x1a, + 0x0a, 0x08, 0x50, 0x65, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x08, 0x50, 0x65, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, - 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x4b, 0x69, 0x6e, 0x64, - 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4b, 0x69, 0x6e, 0x64, 0x12, 0x1e, 0x0a, 0x0a, - 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x22, 0x6f, 0x0a, 0x20, - 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x42, - 0x79, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, - 0x12, 0x14, 0x0a, 0x05, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, - 0x05, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x35, 0x0a, 0x07, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, - 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, - 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, - 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x07, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x22, 0x6a, 0x0a, - 0x16, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x65, 0x61, 0x64, - 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x50, - 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, - 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1e, 0x0a, 0x0a, 0x44, 0x61, 0x74, - 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x44, - 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x22, 0x64, 0x0a, 0x17, 0x54, 0x72, 0x75, - 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, 0x73, 0x70, - 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x04, 0x52, 0x05, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x33, 0x0a, 0x06, 0x42, 0x75, - 0x6e, 0x64, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x70, 0x65, 0x65, - 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x54, 0x72, 0x75, 0x73, - 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x06, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x22, - 0x2d, 0x0a, 0x1b, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x54, 0x65, 0x72, 0x6d, 0x69, 0x6e, - 0x61, 0x74, 0x65, 0x42, 0x79, 0x49, 0x44, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x0e, - 0x0a, 0x02, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x49, 0x44, 0x22, 0x1e, - 0x0a, 0x1c, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x54, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, - 0x74, 0x65, 0x42, 0x79, 0x49, 0x44, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x8d, - 0x01, 0x0a, 0x1e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, - 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, - 0x74, 0x12, 0x4b, 0x0a, 0x12, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x54, 0x72, 0x75, 0x73, - 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, - 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x54, - 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x12, 0x50, 0x65, 0x65, 0x72, - 0x69, 0x6e, 0x67, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x12, 0x1e, + 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1a, 0x0a, 0x08, 0x52, 0x6f, 0x6f, 0x74, + 0x50, 0x45, 0x4d, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x52, 0x6f, 0x6f, 0x74, + 0x50, 0x45, 0x4d, 0x73, 0x12, 0x2c, 0x0a, 0x11, 0x45, 0x78, 0x70, 0x6f, 0x72, 0x74, 0x65, 0x64, + 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x11, 0x45, 0x78, 0x70, 0x6f, 0x72, 0x74, 0x65, 0x64, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, + 0x6f, 0x6e, 0x12, 0x20, 0x0a, 0x0b, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x49, 0x6e, 0x64, 0x65, + 0x78, 0x18, 0x06, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0b, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x49, + 0x6e, 0x64, 0x65, 0x78, 0x12, 0x20, 0x0a, 0x0b, 0x4d, 0x6f, 0x64, 0x69, 0x66, 0x79, 0x49, 0x6e, + 0x64, 0x65, 0x78, 0x18, 0x07, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0b, 0x4d, 0x6f, 0x64, 0x69, 0x66, + 0x79, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x22, 0x66, 0x0a, 0x12, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, + 0x67, 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, + 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, + 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1e, + 0x0a, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x22, 0x41, + 0x0a, 0x13, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, 0x73, + 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x2a, 0x0a, 0x07, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, + 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x52, 0x07, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, + 0x67, 0x22, 0x52, 0x0a, 0x12, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x4c, 0x69, 0x73, 0x74, + 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, + 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, + 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1e, 0x0a, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, + 0x74, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, + 0x65, 0x6e, 0x74, 0x65, 0x72, 0x22, 0x43, 0x0a, 0x13, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, + 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x2c, 0x0a, 0x08, + 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x10, + 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, + 0x52, 0x08, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x73, 0x22, 0xd6, 0x01, 0x0a, 0x13, 0x50, + 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x12, 0x2a, 0x0a, 0x07, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, + 0x65, 0x72, 0x69, 0x6e, 0x67, 0x52, 0x07, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x12, 0x1e, 0x0a, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x22, 0x21, - 0x0a, 0x1f, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, - 0x6e, 0x64, 0x6c, 0x65, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, - 0x65, 0x22, 0x73, 0x0a, 0x1f, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x54, 0x72, 0x75, 0x73, - 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x52, 0x65, 0x71, - 0x75, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, - 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, - 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1e, 0x0a, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, - 0x6e, 0x74, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x44, 0x61, 0x74, 0x61, - 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x22, 0x22, 0x0a, 0x20, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, - 0x67, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x44, 0x65, 0x6c, 0x65, - 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0xfc, 0x01, 0x0a, 0x14, 0x47, - 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x71, 0x75, - 0x65, 0x73, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x50, 0x65, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x50, 0x65, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, - 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1e, 0x0a, - 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x14, 0x0a, - 0x05, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x54, 0x6f, - 0x6b, 0x65, 0x6e, 0x12, 0x3b, 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x05, 0x20, 0x03, 0x28, - 0x0b, 0x32, 0x27, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x47, 0x65, 0x6e, 0x65, - 0x72, 0x61, 0x74, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, - 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, - 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, - 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, - 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, - 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x3b, 0x0a, 0x15, 0x47, 0x65, 0x6e, - 0x65, 0x72, 0x61, 0x74, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, - 0x73, 0x65, 0x12, 0x22, 0x0a, 0x0c, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x54, 0x6f, 0x6b, - 0x65, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, - 0x67, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x22, 0x98, 0x02, 0x0a, 0x10, 0x45, 0x73, 0x74, 0x61, 0x62, - 0x6c, 0x69, 0x73, 0x68, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x50, + 0x28, 0x09, 0x52, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x3a, + 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x70, + 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x57, 0x72, + 0x69, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, + 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, + 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, + 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, + 0x02, 0x38, 0x01, 0x22, 0x16, 0x0a, 0x14, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x57, 0x72, + 0x69, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x68, 0x0a, 0x14, 0x50, + 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, + 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, + 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, + 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1e, 0x0a, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, + 0x74, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, + 0x65, 0x6e, 0x74, 0x65, 0x72, 0x22, 0x17, 0x0a, 0x15, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, + 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0xb3, + 0x01, 0x0a, 0x1f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x4c, 0x69, + 0x73, 0x74, 0x42, 0x79, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x12, 0x20, 0x0a, 0x0b, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4e, 0x61, 0x6d, + 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, + 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, + 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, + 0x63, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, + 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, + 0x12, 0x12, 0x0a, 0x04, 0x4b, 0x69, 0x6e, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, + 0x4b, 0x69, 0x6e, 0x64, 0x12, 0x1e, 0x0a, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, + 0x65, 0x72, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, + 0x6e, 0x74, 0x65, 0x72, 0x22, 0x6f, 0x0a, 0x20, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, + 0x64, 0x6c, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x42, 0x79, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, + 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x49, 0x6e, 0x64, 0x65, + 0x78, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x05, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x35, + 0x0a, 0x07, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, + 0x1b, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, + 0x67, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x07, 0x42, 0x75, + 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x22, 0x6a, 0x0a, 0x16, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, + 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, + 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, + 0x61, 0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, + 0x6e, 0x12, 0x1e, 0x0a, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, + 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, + 0x72, 0x22, 0x64, 0x0a, 0x17, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, + 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x14, 0x0a, 0x05, + 0x49, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x05, 0x49, 0x6e, 0x64, + 0x65, 0x78, 0x12, 0x33, 0x0a, 0x06, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, + 0x72, 0x69, 0x6e, 0x67, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, + 0x06, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x22, 0x2d, 0x0a, 0x1b, 0x50, 0x65, 0x65, 0x72, 0x69, + 0x6e, 0x67, 0x54, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x74, 0x65, 0x42, 0x79, 0x49, 0x44, 0x52, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x02, 0x49, 0x44, 0x22, 0x1e, 0x0a, 0x1c, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, + 0x67, 0x54, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x74, 0x65, 0x42, 0x79, 0x49, 0x44, 0x52, 0x65, + 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x8d, 0x01, 0x0a, 0x1e, 0x50, 0x65, 0x65, 0x72, 0x69, + 0x6e, 0x67, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x57, 0x72, 0x69, + 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x4b, 0x0a, 0x12, 0x50, 0x65, 0x65, + 0x72, 0x69, 0x6e, 0x67, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, + 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, + 0x6c, 0x65, 0x52, 0x12, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x54, 0x72, 0x75, 0x73, 0x74, + 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x12, 0x1e, 0x0a, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, + 0x6e, 0x74, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x44, 0x61, 0x74, 0x61, + 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x22, 0x21, 0x0a, 0x1f, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, + 0x67, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x57, 0x72, 0x69, 0x74, + 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x73, 0x0a, 0x1f, 0x50, 0x65, 0x65, + 0x72, 0x69, 0x6e, 0x67, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x44, + 0x65, 0x6c, 0x65, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, + 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, + 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1e, + 0x0a, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x22, 0x22, + 0x0a, 0x20, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, + 0x6e, 0x64, 0x6c, 0x65, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, + 0x73, 0x65, 0x22, 0xfc, 0x01, 0x0a, 0x14, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x54, + 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x50, 0x65, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x50, - 0x65, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x22, 0x0a, 0x0c, 0x50, 0x65, 0x65, 0x72, 0x69, - 0x6e, 0x67, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x50, - 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x1c, 0x0a, 0x09, 0x50, - 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, - 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1e, 0x0a, 0x0a, 0x44, 0x61, 0x74, - 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x44, - 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x14, 0x0a, 0x05, 0x54, 0x6f, 0x6b, - 0x65, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, - 0x37, 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x23, 0x2e, - 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x45, 0x73, 0x74, 0x61, 0x62, 0x6c, 0x69, 0x73, - 0x68, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, + 0x65, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, + 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, + 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1e, 0x0a, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, + 0x74, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, + 0x65, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x14, 0x0a, 0x05, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x04, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x3b, 0x0a, 0x04, 0x4d, + 0x65, 0x74, 0x61, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x70, 0x65, 0x65, 0x72, + 0x69, 0x6e, 0x67, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x54, 0x6f, 0x6b, 0x65, + 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, - 0x01, 0x22, 0x13, 0x0a, 0x11, 0x45, 0x73, 0x74, 0x61, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x52, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x94, 0x05, 0x0a, 0x12, 0x52, 0x65, 0x70, 0x6c, 0x69, - 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x12, 0x3f, 0x0a, - 0x07, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x23, - 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x2e, 0x52, 0x65, 0x71, 0x75, - 0x65, 0x73, 0x74, 0x48, 0x00, 0x52, 0x07, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x42, - 0x0a, 0x08, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x24, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x52, 0x65, 0x70, 0x6c, 0x69, - 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x2e, 0x52, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x48, 0x00, 0x52, 0x08, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, - 0x73, 0x65, 0x12, 0x48, 0x0a, 0x0a, 0x74, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x74, 0x65, 0x64, - 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, - 0x2e, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x73, - 0x61, 0x67, 0x65, 0x2e, 0x54, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x74, 0x65, 0x64, 0x48, 0x00, - 0x52, 0x0a, 0x74, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x74, 0x65, 0x64, 0x1a, 0x7f, 0x0a, 0x07, - 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x50, 0x65, 0x65, 0x72, 0x49, - 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x50, 0x65, 0x65, 0x72, 0x49, 0x44, 0x12, - 0x14, 0x0a, 0x05, 0x4e, 0x6f, 0x6e, 0x63, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, - 0x4e, 0x6f, 0x6e, 0x63, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, - 0x65, 0x55, 0x52, 0x4c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x52, 0x65, 0x73, 0x6f, - 0x75, 0x72, 0x63, 0x65, 0x55, 0x52, 0x4c, 0x12, 0x24, 0x0a, 0x05, 0x45, 0x72, 0x72, 0x6f, 0x72, - 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x2e, - 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x05, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x1a, 0x94, 0x02, - 0x0a, 0x08, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x4e, 0x6f, - 0x6e, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x4e, 0x6f, 0x6e, 0x63, 0x65, - 0x12, 0x20, 0x0a, 0x0b, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x55, 0x52, 0x4c, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x55, - 0x52, 0x4c, 0x12, 0x1e, 0x0a, 0x0a, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x44, - 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, - 0x49, 0x44, 0x12, 0x30, 0x0a, 0x08, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x04, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x41, 0x6e, 0x79, 0x52, 0x08, 0x52, 0x65, 0x73, 0x6f, - 0x75, 0x72, 0x63, 0x65, 0x12, 0x4c, 0x0a, 0x09, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2e, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, - 0x67, 0x2e, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, 0x73, - 0x73, 0x61, 0x67, 0x65, 0x2e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x2e, 0x4f, 0x70, - 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x09, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x22, 0x30, 0x0a, 0x09, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, - 0x0b, 0x0a, 0x07, 0x55, 0x6e, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, - 0x55, 0x50, 0x53, 0x45, 0x52, 0x54, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x44, 0x45, 0x4c, 0x45, - 0x54, 0x45, 0x10, 0x02, 0x1a, 0x0c, 0x0a, 0x0a, 0x54, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x74, - 0x65, 0x64, 0x42, 0x09, 0x0a, 0x07, 0x50, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x22, 0x29, 0x0a, - 0x0d, 0x4c, 0x65, 0x61, 0x64, 0x65, 0x72, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x18, - 0x0a, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x2a, 0x73, 0x0a, 0x0c, 0x50, 0x65, 0x65, 0x72, - 0x69, 0x6e, 0x67, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x0d, 0x0a, 0x09, 0x55, 0x4e, 0x44, 0x45, - 0x46, 0x49, 0x4e, 0x45, 0x44, 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07, 0x50, 0x45, 0x4e, 0x44, 0x49, - 0x4e, 0x47, 0x10, 0x01, 0x12, 0x10, 0x0a, 0x0c, 0x45, 0x53, 0x54, 0x41, 0x42, 0x4c, 0x49, 0x53, - 0x48, 0x49, 0x4e, 0x47, 0x10, 0x02, 0x12, 0x0a, 0x0a, 0x06, 0x41, 0x43, 0x54, 0x49, 0x56, 0x45, - 0x10, 0x03, 0x12, 0x0b, 0x0a, 0x07, 0x46, 0x41, 0x49, 0x4c, 0x49, 0x4e, 0x47, 0x10, 0x04, 0x12, - 0x0c, 0x0a, 0x08, 0x44, 0x45, 0x4c, 0x45, 0x54, 0x49, 0x4e, 0x47, 0x10, 0x05, 0x12, 0x0e, 0x0a, - 0x0a, 0x54, 0x45, 0x52, 0x4d, 0x49, 0x4e, 0x41, 0x54, 0x45, 0x44, 0x10, 0x06, 0x32, 0xed, 0x05, - 0x0a, 0x0e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, - 0x12, 0x4e, 0x0a, 0x0d, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x54, 0x6f, 0x6b, 0x65, - 0x6e, 0x12, 0x1d, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x47, 0x65, 0x6e, 0x65, - 0x72, 0x61, 0x74, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, - 0x1a, 0x1e, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, - 0x61, 0x74, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, - 0x12, 0x42, 0x0a, 0x09, 0x45, 0x73, 0x74, 0x61, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x12, 0x19, 0x2e, - 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x45, 0x73, 0x74, 0x61, 0x62, 0x6c, 0x69, 0x73, - 0x68, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1a, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, - 0x6e, 0x67, 0x2e, 0x45, 0x73, 0x74, 0x61, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x52, 0x65, 0x73, 0x70, - 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x48, 0x0a, 0x0b, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x52, - 0x65, 0x61, 0x64, 0x12, 0x1b, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, - 0x65, 0x72, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, + 0x01, 0x22, 0x3b, 0x0a, 0x15, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x54, 0x6f, 0x6b, + 0x65, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x22, 0x0a, 0x0c, 0x50, 0x65, + 0x65, 0x72, 0x69, 0x6e, 0x67, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x0c, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x22, 0x98, + 0x02, 0x0a, 0x10, 0x45, 0x73, 0x74, 0x61, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x52, 0x65, 0x71, 0x75, + 0x65, 0x73, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x50, 0x65, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x50, 0x65, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, + 0x22, 0x0a, 0x0c, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x54, 0x6f, + 0x6b, 0x65, 0x6e, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, + 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, + 0x6e, 0x12, 0x1e, 0x0a, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, + 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, + 0x72, 0x12, 0x14, 0x0a, 0x05, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x05, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x37, 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, + 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, + 0x45, 0x73, 0x74, 0x61, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, + 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, + 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, + 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, + 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, + 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x13, 0x0a, 0x11, 0x45, 0x73, 0x74, + 0x61, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x2a, 0x73, + 0x0a, 0x0c, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x0d, + 0x0a, 0x09, 0x55, 0x4e, 0x44, 0x45, 0x46, 0x49, 0x4e, 0x45, 0x44, 0x10, 0x00, 0x12, 0x0b, 0x0a, + 0x07, 0x50, 0x45, 0x4e, 0x44, 0x49, 0x4e, 0x47, 0x10, 0x01, 0x12, 0x10, 0x0a, 0x0c, 0x45, 0x53, + 0x54, 0x41, 0x42, 0x4c, 0x49, 0x53, 0x48, 0x49, 0x4e, 0x47, 0x10, 0x02, 0x12, 0x0a, 0x0a, 0x06, + 0x41, 0x43, 0x54, 0x49, 0x56, 0x45, 0x10, 0x03, 0x12, 0x0b, 0x0a, 0x07, 0x46, 0x41, 0x49, 0x4c, + 0x49, 0x4e, 0x47, 0x10, 0x04, 0x12, 0x0c, 0x0a, 0x08, 0x44, 0x45, 0x4c, 0x45, 0x54, 0x49, 0x4e, + 0x47, 0x10, 0x05, 0x12, 0x0e, 0x0a, 0x0a, 0x54, 0x45, 0x52, 0x4d, 0x49, 0x4e, 0x41, 0x54, 0x45, + 0x44, 0x10, 0x06, 0x32, 0x9c, 0x05, 0x0a, 0x0e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x53, + 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x4e, 0x0a, 0x0d, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, + 0x74, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x1d, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, + 0x67, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1e, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, + 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, + 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x42, 0x0a, 0x09, 0x45, 0x73, 0x74, 0x61, 0x62, 0x6c, + 0x69, 0x73, 0x68, 0x12, 0x19, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x45, 0x73, + 0x74, 0x61, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1a, + 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x45, 0x73, 0x74, 0x61, 0x62, 0x6c, 0x69, + 0x73, 0x68, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x48, 0x0a, 0x0b, 0x50, 0x65, + 0x65, 0x72, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x61, 0x64, 0x12, 0x1b, 0x2e, 0x70, 0x65, 0x65, 0x72, + 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x61, 0x64, 0x52, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, + 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, 0x73, 0x70, + 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x48, 0x0a, 0x0b, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x4c, + 0x69, 0x73, 0x74, 0x12, 0x1b, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, + 0x65, 0x72, 0x69, 0x6e, 0x67, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, - 0x6e, 0x67, 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x48, - 0x0a, 0x0b, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x4c, 0x69, 0x73, 0x74, 0x12, 0x1b, 0x2e, - 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x4c, - 0x69, 0x73, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1c, 0x2e, 0x70, 0x65, 0x65, - 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x4c, 0x69, 0x73, 0x74, - 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x4e, 0x0a, 0x0d, 0x50, 0x65, 0x65, 0x72, - 0x69, 0x6e, 0x67, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x12, 0x1d, 0x2e, 0x70, 0x65, 0x65, 0x72, - 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x44, 0x65, 0x6c, 0x65, 0x74, - 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1e, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, - 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, - 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x4b, 0x0a, 0x0c, 0x50, 0x65, 0x65, 0x72, - 0x69, 0x6e, 0x67, 0x57, 0x72, 0x69, 0x74, 0x65, 0x12, 0x1c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, - 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1d, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, - 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x73, - 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x6f, 0x0a, 0x18, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, - 0x6e, 0x64, 0x6c, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x42, 0x79, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, - 0x65, 0x12, 0x28, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x54, 0x72, 0x75, 0x73, + 0x6e, 0x67, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x4e, + 0x0a, 0x0d, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x12, + 0x1d, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, + 0x67, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1e, + 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, + 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x4b, + 0x0a, 0x0c, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x57, 0x72, 0x69, 0x74, 0x65, 0x12, 0x1c, + 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, + 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1d, 0x2e, 0x70, + 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x57, 0x72, + 0x69, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x6f, 0x0a, 0x18, 0x54, + 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x42, 0x79, + 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x28, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, + 0x67, 0x2e, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x4c, 0x69, 0x73, + 0x74, 0x42, 0x79, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, + 0x74, 0x1a, 0x29, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x42, 0x79, 0x53, 0x65, 0x72, - 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x29, 0x2e, 0x70, 0x65, - 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, - 0x65, 0x4c, 0x69, 0x73, 0x74, 0x42, 0x79, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x54, 0x0a, 0x0f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, - 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x65, 0x61, 0x64, 0x12, 0x1f, 0x2e, 0x70, 0x65, 0x65, 0x72, - 0x69, 0x6e, 0x67, 0x2e, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, - 0x65, 0x61, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x20, 0x2e, 0x70, 0x65, 0x65, - 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, - 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x4f, 0x0a, 0x0f, - 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, - 0x1b, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x1a, 0x1b, 0x2e, 0x70, - 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x28, 0x01, 0x30, 0x01, 0x42, 0x84, 0x01, - 0x0a, 0x0b, 0x63, 0x6f, 0x6d, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x42, 0x0c, 0x50, - 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2b, 0x67, - 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, - 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x2f, 0x70, 0x62, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0xa2, 0x02, 0x03, 0x50, 0x58, 0x58, - 0xaa, 0x02, 0x07, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0xca, 0x02, 0x07, 0x50, 0x65, 0x65, - 0x72, 0x69, 0x6e, 0x67, 0xe2, 0x02, 0x13, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x5c, 0x47, - 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x07, 0x50, 0x65, 0x65, - 0x72, 0x69, 0x6e, 0x67, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x54, 0x0a, 0x0f, + 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x65, 0x61, 0x64, 0x12, + 0x1f, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, + 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, + 0x1a, 0x20, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x54, 0x72, 0x75, 0x73, 0x74, + 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, + 0x73, 0x65, 0x42, 0x84, 0x01, 0x0a, 0x0b, 0x63, 0x6f, 0x6d, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, + 0x6e, 0x67, 0x42, 0x0c, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x50, 0x72, 0x6f, 0x74, 0x6f, + 0x50, 0x01, 0x5a, 0x2b, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, + 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0xa2, + 0x02, 0x03, 0x50, 0x58, 0x58, 0xaa, 0x02, 0x07, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0xca, + 0x02, 0x07, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0xe2, 0x02, 0x13, 0x50, 0x65, 0x65, 0x72, + 0x69, 0x6e, 0x67, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, + 0x02, 0x07, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x33, } var ( @@ -2361,90 +1903,74 @@ func file_proto_pbpeering_peering_proto_rawDescGZIP() []byte { return file_proto_pbpeering_peering_proto_rawDescData } -var file_proto_pbpeering_peering_proto_enumTypes = make([]protoimpl.EnumInfo, 2) -var file_proto_pbpeering_peering_proto_msgTypes = make([]protoimpl.MessageInfo, 33) +var file_proto_pbpeering_peering_proto_enumTypes = make([]protoimpl.EnumInfo, 1) +var file_proto_pbpeering_peering_proto_msgTypes = make([]protoimpl.MessageInfo, 28) var file_proto_pbpeering_peering_proto_goTypes = []interface{}{ - (PeeringState)(0), // 0: peering.PeeringState - (ReplicationMessage_Response_Operation)(0), // 1: peering.ReplicationMessage.Response.Operation - (*Peering)(nil), // 2: peering.Peering - (*PeeringTrustBundle)(nil), // 3: peering.PeeringTrustBundle - (*PeeringReadRequest)(nil), // 4: peering.PeeringReadRequest - (*PeeringReadResponse)(nil), // 5: peering.PeeringReadResponse - (*PeeringListRequest)(nil), // 6: peering.PeeringListRequest - (*PeeringListResponse)(nil), // 7: peering.PeeringListResponse - (*PeeringWriteRequest)(nil), // 8: peering.PeeringWriteRequest - (*PeeringWriteResponse)(nil), // 9: peering.PeeringWriteResponse - (*PeeringDeleteRequest)(nil), // 10: peering.PeeringDeleteRequest - (*PeeringDeleteResponse)(nil), // 11: peering.PeeringDeleteResponse - (*TrustBundleListByServiceRequest)(nil), // 12: peering.TrustBundleListByServiceRequest - (*TrustBundleListByServiceResponse)(nil), // 13: peering.TrustBundleListByServiceResponse - (*TrustBundleReadRequest)(nil), // 14: peering.TrustBundleReadRequest - (*TrustBundleReadResponse)(nil), // 15: peering.TrustBundleReadResponse - (*PeeringTerminateByIDRequest)(nil), // 16: peering.PeeringTerminateByIDRequest - (*PeeringTerminateByIDResponse)(nil), // 17: peering.PeeringTerminateByIDResponse - (*PeeringTrustBundleWriteRequest)(nil), // 18: peering.PeeringTrustBundleWriteRequest - (*PeeringTrustBundleWriteResponse)(nil), // 19: peering.PeeringTrustBundleWriteResponse - (*PeeringTrustBundleDeleteRequest)(nil), // 20: peering.PeeringTrustBundleDeleteRequest - (*PeeringTrustBundleDeleteResponse)(nil), // 21: peering.PeeringTrustBundleDeleteResponse - (*GenerateTokenRequest)(nil), // 22: peering.GenerateTokenRequest - (*GenerateTokenResponse)(nil), // 23: peering.GenerateTokenResponse - (*EstablishRequest)(nil), // 24: peering.EstablishRequest - (*EstablishResponse)(nil), // 25: peering.EstablishResponse - (*ReplicationMessage)(nil), // 26: peering.ReplicationMessage - (*LeaderAddress)(nil), // 27: peering.LeaderAddress - nil, // 28: peering.Peering.MetaEntry - nil, // 29: peering.PeeringWriteRequest.MetaEntry - nil, // 30: peering.GenerateTokenRequest.MetaEntry - nil, // 31: peering.EstablishRequest.MetaEntry - (*ReplicationMessage_Request)(nil), // 32: peering.ReplicationMessage.Request - (*ReplicationMessage_Response)(nil), // 33: peering.ReplicationMessage.Response - (*ReplicationMessage_Terminated)(nil), // 34: peering.ReplicationMessage.Terminated - (*timestamppb.Timestamp)(nil), // 35: google.protobuf.Timestamp - (*pbstatus.Status)(nil), // 36: status.Status - (*anypb.Any)(nil), // 37: google.protobuf.Any + (PeeringState)(0), // 0: peering.PeeringState + (*Peering)(nil), // 1: peering.Peering + (*PeeringTrustBundle)(nil), // 2: peering.PeeringTrustBundle + (*PeeringReadRequest)(nil), // 3: peering.PeeringReadRequest + (*PeeringReadResponse)(nil), // 4: peering.PeeringReadResponse + (*PeeringListRequest)(nil), // 5: peering.PeeringListRequest + (*PeeringListResponse)(nil), // 6: peering.PeeringListResponse + (*PeeringWriteRequest)(nil), // 7: peering.PeeringWriteRequest + (*PeeringWriteResponse)(nil), // 8: peering.PeeringWriteResponse + (*PeeringDeleteRequest)(nil), // 9: peering.PeeringDeleteRequest + (*PeeringDeleteResponse)(nil), // 10: peering.PeeringDeleteResponse + (*TrustBundleListByServiceRequest)(nil), // 11: peering.TrustBundleListByServiceRequest + (*TrustBundleListByServiceResponse)(nil), // 12: peering.TrustBundleListByServiceResponse + (*TrustBundleReadRequest)(nil), // 13: peering.TrustBundleReadRequest + (*TrustBundleReadResponse)(nil), // 14: peering.TrustBundleReadResponse + (*PeeringTerminateByIDRequest)(nil), // 15: peering.PeeringTerminateByIDRequest + (*PeeringTerminateByIDResponse)(nil), // 16: peering.PeeringTerminateByIDResponse + (*PeeringTrustBundleWriteRequest)(nil), // 17: peering.PeeringTrustBundleWriteRequest + (*PeeringTrustBundleWriteResponse)(nil), // 18: peering.PeeringTrustBundleWriteResponse + (*PeeringTrustBundleDeleteRequest)(nil), // 19: peering.PeeringTrustBundleDeleteRequest + (*PeeringTrustBundleDeleteResponse)(nil), // 20: peering.PeeringTrustBundleDeleteResponse + (*GenerateTokenRequest)(nil), // 21: peering.GenerateTokenRequest + (*GenerateTokenResponse)(nil), // 22: peering.GenerateTokenResponse + (*EstablishRequest)(nil), // 23: peering.EstablishRequest + (*EstablishResponse)(nil), // 24: peering.EstablishResponse + nil, // 25: peering.Peering.MetaEntry + nil, // 26: peering.PeeringWriteRequest.MetaEntry + nil, // 27: peering.GenerateTokenRequest.MetaEntry + nil, // 28: peering.EstablishRequest.MetaEntry + (*timestamppb.Timestamp)(nil), // 29: google.protobuf.Timestamp } var file_proto_pbpeering_peering_proto_depIdxs = []int32{ - 35, // 0: peering.Peering.DeletedAt:type_name -> google.protobuf.Timestamp - 28, // 1: peering.Peering.Meta:type_name -> peering.Peering.MetaEntry + 29, // 0: peering.Peering.DeletedAt:type_name -> google.protobuf.Timestamp + 25, // 1: peering.Peering.Meta:type_name -> peering.Peering.MetaEntry 0, // 2: peering.Peering.State:type_name -> peering.PeeringState - 2, // 3: peering.PeeringReadResponse.Peering:type_name -> peering.Peering - 2, // 4: peering.PeeringListResponse.Peerings:type_name -> peering.Peering - 2, // 5: peering.PeeringWriteRequest.Peering:type_name -> peering.Peering - 29, // 6: peering.PeeringWriteRequest.Meta:type_name -> peering.PeeringWriteRequest.MetaEntry - 3, // 7: peering.TrustBundleListByServiceResponse.Bundles:type_name -> peering.PeeringTrustBundle - 3, // 8: peering.TrustBundleReadResponse.Bundle:type_name -> peering.PeeringTrustBundle - 3, // 9: peering.PeeringTrustBundleWriteRequest.PeeringTrustBundle:type_name -> peering.PeeringTrustBundle - 30, // 10: peering.GenerateTokenRequest.Meta:type_name -> peering.GenerateTokenRequest.MetaEntry - 31, // 11: peering.EstablishRequest.Meta:type_name -> peering.EstablishRequest.MetaEntry - 32, // 12: peering.ReplicationMessage.request:type_name -> peering.ReplicationMessage.Request - 33, // 13: peering.ReplicationMessage.response:type_name -> peering.ReplicationMessage.Response - 34, // 14: peering.ReplicationMessage.terminated:type_name -> peering.ReplicationMessage.Terminated - 36, // 15: peering.ReplicationMessage.Request.Error:type_name -> status.Status - 37, // 16: peering.ReplicationMessage.Response.Resource:type_name -> google.protobuf.Any - 1, // 17: peering.ReplicationMessage.Response.operation:type_name -> peering.ReplicationMessage.Response.Operation - 22, // 18: peering.PeeringService.GenerateToken:input_type -> peering.GenerateTokenRequest - 24, // 19: peering.PeeringService.Establish:input_type -> peering.EstablishRequest - 4, // 20: peering.PeeringService.PeeringRead:input_type -> peering.PeeringReadRequest - 6, // 21: peering.PeeringService.PeeringList:input_type -> peering.PeeringListRequest - 10, // 22: peering.PeeringService.PeeringDelete:input_type -> peering.PeeringDeleteRequest - 8, // 23: peering.PeeringService.PeeringWrite:input_type -> peering.PeeringWriteRequest - 12, // 24: peering.PeeringService.TrustBundleListByService:input_type -> peering.TrustBundleListByServiceRequest - 14, // 25: peering.PeeringService.TrustBundleRead:input_type -> peering.TrustBundleReadRequest - 26, // 26: peering.PeeringService.StreamResources:input_type -> peering.ReplicationMessage - 23, // 27: peering.PeeringService.GenerateToken:output_type -> peering.GenerateTokenResponse - 25, // 28: peering.PeeringService.Establish:output_type -> peering.EstablishResponse - 5, // 29: peering.PeeringService.PeeringRead:output_type -> peering.PeeringReadResponse - 7, // 30: peering.PeeringService.PeeringList:output_type -> peering.PeeringListResponse - 11, // 31: peering.PeeringService.PeeringDelete:output_type -> peering.PeeringDeleteResponse - 9, // 32: peering.PeeringService.PeeringWrite:output_type -> peering.PeeringWriteResponse - 13, // 33: peering.PeeringService.TrustBundleListByService:output_type -> peering.TrustBundleListByServiceResponse - 15, // 34: peering.PeeringService.TrustBundleRead:output_type -> peering.TrustBundleReadResponse - 26, // 35: peering.PeeringService.StreamResources:output_type -> peering.ReplicationMessage - 27, // [27:36] is the sub-list for method output_type - 18, // [18:27] is the sub-list for method input_type - 18, // [18:18] is the sub-list for extension type_name - 18, // [18:18] is the sub-list for extension extendee - 0, // [0:18] is the sub-list for field type_name + 1, // 3: peering.PeeringReadResponse.Peering:type_name -> peering.Peering + 1, // 4: peering.PeeringListResponse.Peerings:type_name -> peering.Peering + 1, // 5: peering.PeeringWriteRequest.Peering:type_name -> peering.Peering + 26, // 6: peering.PeeringWriteRequest.Meta:type_name -> peering.PeeringWriteRequest.MetaEntry + 2, // 7: peering.TrustBundleListByServiceResponse.Bundles:type_name -> peering.PeeringTrustBundle + 2, // 8: peering.TrustBundleReadResponse.Bundle:type_name -> peering.PeeringTrustBundle + 2, // 9: peering.PeeringTrustBundleWriteRequest.PeeringTrustBundle:type_name -> peering.PeeringTrustBundle + 27, // 10: peering.GenerateTokenRequest.Meta:type_name -> peering.GenerateTokenRequest.MetaEntry + 28, // 11: peering.EstablishRequest.Meta:type_name -> peering.EstablishRequest.MetaEntry + 21, // 12: peering.PeeringService.GenerateToken:input_type -> peering.GenerateTokenRequest + 23, // 13: peering.PeeringService.Establish:input_type -> peering.EstablishRequest + 3, // 14: peering.PeeringService.PeeringRead:input_type -> peering.PeeringReadRequest + 5, // 15: peering.PeeringService.PeeringList:input_type -> peering.PeeringListRequest + 9, // 16: peering.PeeringService.PeeringDelete:input_type -> peering.PeeringDeleteRequest + 7, // 17: peering.PeeringService.PeeringWrite:input_type -> peering.PeeringWriteRequest + 11, // 18: peering.PeeringService.TrustBundleListByService:input_type -> peering.TrustBundleListByServiceRequest + 13, // 19: peering.PeeringService.TrustBundleRead:input_type -> peering.TrustBundleReadRequest + 22, // 20: peering.PeeringService.GenerateToken:output_type -> peering.GenerateTokenResponse + 24, // 21: peering.PeeringService.Establish:output_type -> peering.EstablishResponse + 4, // 22: peering.PeeringService.PeeringRead:output_type -> peering.PeeringReadResponse + 6, // 23: peering.PeeringService.PeeringList:output_type -> peering.PeeringListResponse + 10, // 24: peering.PeeringService.PeeringDelete:output_type -> peering.PeeringDeleteResponse + 8, // 25: peering.PeeringService.PeeringWrite:output_type -> peering.PeeringWriteResponse + 12, // 26: peering.PeeringService.TrustBundleListByService:output_type -> peering.TrustBundleListByServiceResponse + 14, // 27: peering.PeeringService.TrustBundleRead:output_type -> peering.TrustBundleReadResponse + 20, // [20:28] is the sub-list for method output_type + 12, // [12:20] is the sub-list for method input_type + 12, // [12:12] is the sub-list for extension type_name + 12, // [12:12] is the sub-list for extension extendee + 0, // [0:12] is the sub-list for field type_name } func init() { file_proto_pbpeering_peering_proto_init() } @@ -2741,79 +2267,14 @@ func file_proto_pbpeering_peering_proto_init() { return nil } } - file_proto_pbpeering_peering_proto_msgTypes[24].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ReplicationMessage); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_proto_pbpeering_peering_proto_msgTypes[25].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*LeaderAddress); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_proto_pbpeering_peering_proto_msgTypes[30].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ReplicationMessage_Request); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_proto_pbpeering_peering_proto_msgTypes[31].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ReplicationMessage_Response); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_proto_pbpeering_peering_proto_msgTypes[32].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ReplicationMessage_Terminated); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - file_proto_pbpeering_peering_proto_msgTypes[24].OneofWrappers = []interface{}{ - (*ReplicationMessage_Request_)(nil), - (*ReplicationMessage_Response_)(nil), - (*ReplicationMessage_Terminated_)(nil), } type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_proto_pbpeering_peering_proto_rawDesc, - NumEnums: 2, - NumMessages: 33, + NumEnums: 1, + NumMessages: 28, NumExtensions: 0, NumServices: 1, }, diff --git a/proto/pbpeering/peering.proto b/proto/pbpeering/peering.proto index 3e5d2397f..d00805c19 100644 --- a/proto/pbpeering/peering.proto +++ b/proto/pbpeering/peering.proto @@ -3,9 +3,6 @@ syntax = "proto3"; package peering; import "google/protobuf/timestamp.proto"; -import "google/protobuf/any.proto"; -// TODO(peering): Handle this some other way -import "proto/pbstatus/status.proto"; // PeeringService handles operations for establishing peering relationships // between disparate Consul clusters. @@ -24,13 +21,6 @@ service PeeringService { rpc TrustBundleListByService(TrustBundleListByServiceRequest) returns (TrustBundleListByServiceResponse); rpc TrustBundleRead(TrustBundleReadRequest) returns (TrustBundleReadResponse); - - // StreamResources opens an event stream for resources to share between peers, such as services. - // Events are streamed as they happen. - // buf:lint:ignore RPC_REQUEST_STANDARD_NAME - // buf:lint:ignore RPC_RESPONSE_STANDARD_NAME - // buf:lint:ignore RPC_REQUEST_RESPONSE_UNIQUE - rpc StreamResources(stream ReplicationMessage) returns (stream ReplicationMessage); } // PeeringState enumerates all the states a peering can be in @@ -328,73 +318,3 @@ message EstablishRequest { // output=peering.gen.go // name=API message EstablishResponse {} - -message ReplicationMessage { - oneof Payload { - Request request = 1; - Response response = 2; - Terminated terminated = 3; - } - - // A Request requests to subscribe to a resource of a given type. - message Request { - // An identifier for the peer making the request. - // This identifier is provisioned by the serving peer prior to the request from the dialing peer. - string PeerID = 1; - - // Nonce corresponding to that of the response being ACKed or NACKed. - // Initial subscription requests will have an empty nonce. - // The nonce is generated and incremented by the exporting peer. - string Nonce = 2; - - // The type URL for the resource being requested or ACK/NACKed. - string ResourceURL = 3; - - // The error if the previous response was not applied successfully. - // This field is empty in the first subscription request. - status.Status Error = 4; - } - - // A Response contains resources corresponding to a subscription request. - message Response { - // Nonce identifying a response in a stream. - string Nonce = 1; - - // The type URL of resource being returned. - string ResourceURL = 2; - - // An identifier for the resource being returned. - // This could be the SPIFFE ID of the service. - string ResourceID = 3; - - // The resource being returned. - google.protobuf.Any Resource = 4; - - // Operation enumerates supported operations for replicated resources. - enum Operation { - Unknown = 0; - - // UPSERT represents a create or update event. - UPSERT = 1; - - // DELETE indicates the resource should be deleted. - // In DELETE operations no Resource will be returned. - // Deletion by an importing peer must be done with the type URL and ID. - DELETE = 2; - } - - // REQUIRED. The operation to be performed in relation to the resource. - Operation operation = 5; - } - - // Terminated is sent when a peering is deleted locally. - // This message signals to the peer that they should clean up their local state about the peering. - message Terminated {} -} - -// LeaderAddress is sent when the peering service runs on a consul node -// that is not a leader. The node either lost leadership, or never was a leader. -message LeaderAddress { - // address is an ip:port best effort hint at what could be the cluster leader's address - string address = 1; -} diff --git a/proto/pbpeering/peering_grpc.pb.go b/proto/pbpeering/peering_grpc.pb.go index fb987fa28..a073b94fb 100644 --- a/proto/pbpeering/peering_grpc.pb.go +++ b/proto/pbpeering/peering_grpc.pb.go @@ -33,12 +33,6 @@ type PeeringServiceClient interface { // TODO(peering): Rename this to PeeredServiceRoots? or something like that? TrustBundleListByService(ctx context.Context, in *TrustBundleListByServiceRequest, opts ...grpc.CallOption) (*TrustBundleListByServiceResponse, error) TrustBundleRead(ctx context.Context, in *TrustBundleReadRequest, opts ...grpc.CallOption) (*TrustBundleReadResponse, error) - // StreamResources opens an event stream for resources to share between peers, such as services. - // Events are streamed as they happen. - // buf:lint:ignore RPC_REQUEST_STANDARD_NAME - // buf:lint:ignore RPC_RESPONSE_STANDARD_NAME - // buf:lint:ignore RPC_REQUEST_RESPONSE_UNIQUE - StreamResources(ctx context.Context, opts ...grpc.CallOption) (PeeringService_StreamResourcesClient, error) } type peeringServiceClient struct { @@ -121,37 +115,6 @@ func (c *peeringServiceClient) TrustBundleRead(ctx context.Context, in *TrustBun return out, nil } -func (c *peeringServiceClient) StreamResources(ctx context.Context, opts ...grpc.CallOption) (PeeringService_StreamResourcesClient, error) { - stream, err := c.cc.NewStream(ctx, &PeeringService_ServiceDesc.Streams[0], "/peering.PeeringService/StreamResources", opts...) - if err != nil { - return nil, err - } - x := &peeringServiceStreamResourcesClient{stream} - return x, nil -} - -type PeeringService_StreamResourcesClient interface { - Send(*ReplicationMessage) error - Recv() (*ReplicationMessage, error) - grpc.ClientStream -} - -type peeringServiceStreamResourcesClient struct { - grpc.ClientStream -} - -func (x *peeringServiceStreamResourcesClient) Send(m *ReplicationMessage) error { - return x.ClientStream.SendMsg(m) -} - -func (x *peeringServiceStreamResourcesClient) Recv() (*ReplicationMessage, error) { - m := new(ReplicationMessage) - if err := x.ClientStream.RecvMsg(m); err != nil { - return nil, err - } - return m, nil -} - // PeeringServiceServer is the server API for PeeringService service. // All implementations should embed UnimplementedPeeringServiceServer // for forward compatibility @@ -167,12 +130,6 @@ type PeeringServiceServer interface { // TODO(peering): Rename this to PeeredServiceRoots? or something like that? TrustBundleListByService(context.Context, *TrustBundleListByServiceRequest) (*TrustBundleListByServiceResponse, error) TrustBundleRead(context.Context, *TrustBundleReadRequest) (*TrustBundleReadResponse, error) - // StreamResources opens an event stream for resources to share between peers, such as services. - // Events are streamed as they happen. - // buf:lint:ignore RPC_REQUEST_STANDARD_NAME - // buf:lint:ignore RPC_RESPONSE_STANDARD_NAME - // buf:lint:ignore RPC_REQUEST_RESPONSE_UNIQUE - StreamResources(PeeringService_StreamResourcesServer) error } // UnimplementedPeeringServiceServer should be embedded to have forward compatible implementations. @@ -203,9 +160,6 @@ func (UnimplementedPeeringServiceServer) TrustBundleListByService(context.Contex func (UnimplementedPeeringServiceServer) TrustBundleRead(context.Context, *TrustBundleReadRequest) (*TrustBundleReadResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method TrustBundleRead not implemented") } -func (UnimplementedPeeringServiceServer) StreamResources(PeeringService_StreamResourcesServer) error { - return status.Errorf(codes.Unimplemented, "method StreamResources not implemented") -} // UnsafePeeringServiceServer may be embedded to opt out of forward compatibility for this service. // Use of this interface is not recommended, as added methods to PeeringServiceServer will @@ -362,32 +316,6 @@ func _PeeringService_TrustBundleRead_Handler(srv interface{}, ctx context.Contex return interceptor(ctx, in, info, handler) } -func _PeeringService_StreamResources_Handler(srv interface{}, stream grpc.ServerStream) error { - return srv.(PeeringServiceServer).StreamResources(&peeringServiceStreamResourcesServer{stream}) -} - -type PeeringService_StreamResourcesServer interface { - Send(*ReplicationMessage) error - Recv() (*ReplicationMessage, error) - grpc.ServerStream -} - -type peeringServiceStreamResourcesServer struct { - grpc.ServerStream -} - -func (x *peeringServiceStreamResourcesServer) Send(m *ReplicationMessage) error { - return x.ServerStream.SendMsg(m) -} - -func (x *peeringServiceStreamResourcesServer) Recv() (*ReplicationMessage, error) { - m := new(ReplicationMessage) - if err := x.ServerStream.RecvMsg(m); err != nil { - return nil, err - } - return m, nil -} - // PeeringService_ServiceDesc is the grpc.ServiceDesc for PeeringService service. // It's only intended for direct use with grpc.RegisterService, // and not to be introspected or modified (even as a copy) @@ -428,13 +356,6 @@ var PeeringService_ServiceDesc = grpc.ServiceDesc{ Handler: _PeeringService_TrustBundleRead_Handler, }, }, - Streams: []grpc.StreamDesc{ - { - StreamName: "StreamResources", - Handler: _PeeringService_StreamResources_Handler, - ServerStreams: true, - ClientStreams: true, - }, - }, + Streams: []grpc.StreamDesc{}, Metadata: "proto/pbpeering/peering.proto", } diff --git a/proto/pbpeerstream/peerstream.go b/proto/pbpeerstream/peerstream.go new file mode 100644 index 000000000..00bd690ae --- /dev/null +++ b/proto/pbpeerstream/peerstream.go @@ -0,0 +1,5 @@ +package pbpeerstream + +func (x Operation) GoString() string { + return x.String() +} diff --git a/proto/pbpeerstream/peerstream.pb.binary.go b/proto/pbpeerstream/peerstream.pb.binary.go new file mode 100644 index 000000000..39dbdb814 --- /dev/null +++ b/proto/pbpeerstream/peerstream.pb.binary.go @@ -0,0 +1,58 @@ +// Code generated by protoc-gen-go-binary. DO NOT EDIT. +// source: proto/pbpeerstream/peerstream.proto + +package pbpeerstream + +import ( + "github.com/golang/protobuf/proto" +) + +// MarshalBinary implements encoding.BinaryMarshaler +func (msg *ReplicationMessage) MarshalBinary() ([]byte, error) { + return proto.Marshal(msg) +} + +// UnmarshalBinary implements encoding.BinaryUnmarshaler +func (msg *ReplicationMessage) UnmarshalBinary(b []byte) error { + return proto.Unmarshal(b, msg) +} + +// MarshalBinary implements encoding.BinaryMarshaler +func (msg *ReplicationMessage_Request) MarshalBinary() ([]byte, error) { + return proto.Marshal(msg) +} + +// UnmarshalBinary implements encoding.BinaryUnmarshaler +func (msg *ReplicationMessage_Request) UnmarshalBinary(b []byte) error { + return proto.Unmarshal(b, msg) +} + +// MarshalBinary implements encoding.BinaryMarshaler +func (msg *ReplicationMessage_Response) MarshalBinary() ([]byte, error) { + return proto.Marshal(msg) +} + +// UnmarshalBinary implements encoding.BinaryUnmarshaler +func (msg *ReplicationMessage_Response) UnmarshalBinary(b []byte) error { + return proto.Unmarshal(b, msg) +} + +// MarshalBinary implements encoding.BinaryMarshaler +func (msg *ReplicationMessage_Terminated) MarshalBinary() ([]byte, error) { + return proto.Marshal(msg) +} + +// UnmarshalBinary implements encoding.BinaryUnmarshaler +func (msg *ReplicationMessage_Terminated) UnmarshalBinary(b []byte) error { + return proto.Unmarshal(b, msg) +} + +// MarshalBinary implements encoding.BinaryMarshaler +func (msg *LeaderAddress) MarshalBinary() ([]byte, error) { + return proto.Marshal(msg) +} + +// UnmarshalBinary implements encoding.BinaryUnmarshaler +func (msg *LeaderAddress) UnmarshalBinary(b []byte) error { + return proto.Unmarshal(b, msg) +} diff --git a/proto/pbpeerstream/peerstream.pb.go b/proto/pbpeerstream/peerstream.pb.go new file mode 100644 index 000000000..12afdd2d9 --- /dev/null +++ b/proto/pbpeerstream/peerstream.pb.go @@ -0,0 +1,635 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.26.0-rc.1 +// protoc (unknown) +// source: proto/pbpeerstream/peerstream.proto + +package pbpeerstream + +import ( + pbstatus "github.com/hashicorp/consul/proto/pbstatus" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + anypb "google.golang.org/protobuf/types/known/anypb" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// Operation enumerates supported operations for replicated resources. +type Operation int32 + +const ( + Operation_OPERATION_UNSPECIFIED Operation = 0 + // UPSERT represents a create or update event. + Operation_OPERATION_UPSERT Operation = 1 + // DELETE indicates the resource should be deleted. + // In DELETE operations no Resource will be returned. + // Deletion by an importing peer must be done with the type URL and ID. + Operation_OPERATION_DELETE Operation = 2 +) + +// Enum value maps for Operation. +var ( + Operation_name = map[int32]string{ + 0: "OPERATION_UNSPECIFIED", + 1: "OPERATION_UPSERT", + 2: "OPERATION_DELETE", + } + Operation_value = map[string]int32{ + "OPERATION_UNSPECIFIED": 0, + "OPERATION_UPSERT": 1, + "OPERATION_DELETE": 2, + } +) + +func (x Operation) Enum() *Operation { + p := new(Operation) + *p = x + return p +} + +func (x Operation) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (Operation) Descriptor() protoreflect.EnumDescriptor { + return file_proto_pbpeerstream_peerstream_proto_enumTypes[0].Descriptor() +} + +func (Operation) Type() protoreflect.EnumType { + return &file_proto_pbpeerstream_peerstream_proto_enumTypes[0] +} + +func (x Operation) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use Operation.Descriptor instead. +func (Operation) EnumDescriptor() ([]byte, []int) { + return file_proto_pbpeerstream_peerstream_proto_rawDescGZIP(), []int{0} +} + +type ReplicationMessage struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Types that are assignable to Payload: + // *ReplicationMessage_Request_ + // *ReplicationMessage_Response_ + // *ReplicationMessage_Terminated_ + Payload isReplicationMessage_Payload `protobuf_oneof:"Payload"` +} + +func (x *ReplicationMessage) Reset() { + *x = ReplicationMessage{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_pbpeerstream_peerstream_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ReplicationMessage) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ReplicationMessage) ProtoMessage() {} + +func (x *ReplicationMessage) ProtoReflect() protoreflect.Message { + mi := &file_proto_pbpeerstream_peerstream_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ReplicationMessage.ProtoReflect.Descriptor instead. +func (*ReplicationMessage) Descriptor() ([]byte, []int) { + return file_proto_pbpeerstream_peerstream_proto_rawDescGZIP(), []int{0} +} + +func (m *ReplicationMessage) GetPayload() isReplicationMessage_Payload { + if m != nil { + return m.Payload + } + return nil +} + +func (x *ReplicationMessage) GetRequest() *ReplicationMessage_Request { + if x, ok := x.GetPayload().(*ReplicationMessage_Request_); ok { + return x.Request + } + return nil +} + +func (x *ReplicationMessage) GetResponse() *ReplicationMessage_Response { + if x, ok := x.GetPayload().(*ReplicationMessage_Response_); ok { + return x.Response + } + return nil +} + +func (x *ReplicationMessage) GetTerminated() *ReplicationMessage_Terminated { + if x, ok := x.GetPayload().(*ReplicationMessage_Terminated_); ok { + return x.Terminated + } + return nil +} + +type isReplicationMessage_Payload interface { + isReplicationMessage_Payload() +} + +type ReplicationMessage_Request_ struct { + Request *ReplicationMessage_Request `protobuf:"bytes,1,opt,name=request,proto3,oneof"` +} + +type ReplicationMessage_Response_ struct { + Response *ReplicationMessage_Response `protobuf:"bytes,2,opt,name=response,proto3,oneof"` +} + +type ReplicationMessage_Terminated_ struct { + Terminated *ReplicationMessage_Terminated `protobuf:"bytes,3,opt,name=terminated,proto3,oneof"` +} + +func (*ReplicationMessage_Request_) isReplicationMessage_Payload() {} + +func (*ReplicationMessage_Response_) isReplicationMessage_Payload() {} + +func (*ReplicationMessage_Terminated_) isReplicationMessage_Payload() {} + +// LeaderAddress is sent when the peering service runs on a consul node +// that is not a leader. The node either lost leadership, or never was a leader. +type LeaderAddress struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // address is an ip:port best effort hint at what could be the cluster leader's address + Address string `protobuf:"bytes,1,opt,name=address,proto3" json:"address,omitempty"` +} + +func (x *LeaderAddress) Reset() { + *x = LeaderAddress{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_pbpeerstream_peerstream_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *LeaderAddress) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*LeaderAddress) ProtoMessage() {} + +func (x *LeaderAddress) ProtoReflect() protoreflect.Message { + mi := &file_proto_pbpeerstream_peerstream_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use LeaderAddress.ProtoReflect.Descriptor instead. +func (*LeaderAddress) Descriptor() ([]byte, []int) { + return file_proto_pbpeerstream_peerstream_proto_rawDescGZIP(), []int{1} +} + +func (x *LeaderAddress) GetAddress() string { + if x != nil { + return x.Address + } + return "" +} + +// A Request requests to subscribe to a resource of a given type. +type ReplicationMessage_Request struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // An identifier for the peer making the request. + // This identifier is provisioned by the serving peer prior to the request from the dialing peer. + PeerID string `protobuf:"bytes,1,opt,name=PeerID,proto3" json:"PeerID,omitempty"` + // Nonce corresponding to that of the response being ACKed or NACKed. + // Initial subscription requests will have an empty nonce. + // The nonce is generated and incremented by the exporting peer. + // TODO + Nonce string `protobuf:"bytes,2,opt,name=Nonce,proto3" json:"Nonce,omitempty"` + // The type URL for the resource being requested or ACK/NACKed. + ResourceURL string `protobuf:"bytes,3,opt,name=ResourceURL,proto3" json:"ResourceURL,omitempty"` + // The error if the previous response was not applied successfully. + // This field is empty in the first subscription request. + Error *pbstatus.Status `protobuf:"bytes,4,opt,name=Error,proto3" json:"Error,omitempty"` +} + +func (x *ReplicationMessage_Request) Reset() { + *x = ReplicationMessage_Request{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_pbpeerstream_peerstream_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ReplicationMessage_Request) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ReplicationMessage_Request) ProtoMessage() {} + +func (x *ReplicationMessage_Request) ProtoReflect() protoreflect.Message { + mi := &file_proto_pbpeerstream_peerstream_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ReplicationMessage_Request.ProtoReflect.Descriptor instead. +func (*ReplicationMessage_Request) Descriptor() ([]byte, []int) { + return file_proto_pbpeerstream_peerstream_proto_rawDescGZIP(), []int{0, 0} +} + +func (x *ReplicationMessage_Request) GetPeerID() string { + if x != nil { + return x.PeerID + } + return "" +} + +func (x *ReplicationMessage_Request) GetNonce() string { + if x != nil { + return x.Nonce + } + return "" +} + +func (x *ReplicationMessage_Request) GetResourceURL() string { + if x != nil { + return x.ResourceURL + } + return "" +} + +func (x *ReplicationMessage_Request) GetError() *pbstatus.Status { + if x != nil { + return x.Error + } + return nil +} + +// A Response contains resources corresponding to a subscription request. +type ReplicationMessage_Response struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Nonce identifying a response in a stream. + Nonce string `protobuf:"bytes,1,opt,name=Nonce,proto3" json:"Nonce,omitempty"` + // The type URL of resource being returned. + ResourceURL string `protobuf:"bytes,2,opt,name=ResourceURL,proto3" json:"ResourceURL,omitempty"` + // An identifier for the resource being returned. + // This could be the SPIFFE ID of the service. + ResourceID string `protobuf:"bytes,3,opt,name=ResourceID,proto3" json:"ResourceID,omitempty"` + // The resource being returned. + Resource *anypb.Any `protobuf:"bytes,4,opt,name=Resource,proto3" json:"Resource,omitempty"` + // REQUIRED. The operation to be performed in relation to the resource. + Operation Operation `protobuf:"varint,5,opt,name=operation,proto3,enum=peerstream.Operation" json:"operation,omitempty"` +} + +func (x *ReplicationMessage_Response) Reset() { + *x = ReplicationMessage_Response{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_pbpeerstream_peerstream_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ReplicationMessage_Response) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ReplicationMessage_Response) ProtoMessage() {} + +func (x *ReplicationMessage_Response) ProtoReflect() protoreflect.Message { + mi := &file_proto_pbpeerstream_peerstream_proto_msgTypes[3] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ReplicationMessage_Response.ProtoReflect.Descriptor instead. +func (*ReplicationMessage_Response) Descriptor() ([]byte, []int) { + return file_proto_pbpeerstream_peerstream_proto_rawDescGZIP(), []int{0, 1} +} + +func (x *ReplicationMessage_Response) GetNonce() string { + if x != nil { + return x.Nonce + } + return "" +} + +func (x *ReplicationMessage_Response) GetResourceURL() string { + if x != nil { + return x.ResourceURL + } + return "" +} + +func (x *ReplicationMessage_Response) GetResourceID() string { + if x != nil { + return x.ResourceID + } + return "" +} + +func (x *ReplicationMessage_Response) GetResource() *anypb.Any { + if x != nil { + return x.Resource + } + return nil +} + +func (x *ReplicationMessage_Response) GetOperation() Operation { + if x != nil { + return x.Operation + } + return Operation_OPERATION_UNSPECIFIED +} + +// Terminated is sent when a peering is deleted locally. +// This message signals to the peer that they should clean up their local state about the peering. +type ReplicationMessage_Terminated struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields +} + +func (x *ReplicationMessage_Terminated) Reset() { + *x = ReplicationMessage_Terminated{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_pbpeerstream_peerstream_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ReplicationMessage_Terminated) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ReplicationMessage_Terminated) ProtoMessage() {} + +func (x *ReplicationMessage_Terminated) ProtoReflect() protoreflect.Message { + mi := &file_proto_pbpeerstream_peerstream_proto_msgTypes[4] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ReplicationMessage_Terminated.ProtoReflect.Descriptor instead. +func (*ReplicationMessage_Terminated) Descriptor() ([]byte, []int) { + return file_proto_pbpeerstream_peerstream_proto_rawDescGZIP(), []int{0, 2} +} + +var File_proto_pbpeerstream_peerstream_proto protoreflect.FileDescriptor + +var file_proto_pbpeerstream_peerstream_proto_rawDesc = []byte{ + 0x0a, 0x23, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x70, 0x65, 0x65, 0x72, 0x73, 0x74, + 0x72, 0x65, 0x61, 0x6d, 0x2f, 0x70, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0a, 0x70, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, + 0x6d, 0x1a, 0x19, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, + 0x75, 0x66, 0x2f, 0x61, 0x6e, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1b, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x2f, 0x73, 0x74, 0x61, + 0x74, 0x75, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xd2, 0x04, 0x0a, 0x12, 0x52, 0x65, + 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, + 0x12, 0x42, 0x0a, 0x07, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x26, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x2e, 0x52, + 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, + 0x65, 0x2e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x48, 0x00, 0x52, 0x07, 0x72, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x12, 0x45, 0x0a, 0x08, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, + 0x65, 0x61, 0x6d, 0x2e, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, + 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x2e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x48, + 0x00, 0x52, 0x08, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x4b, 0x0a, 0x0a, 0x74, + 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x74, 0x65, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x29, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x2e, 0x52, 0x65, 0x70, + 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x2e, + 0x54, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x74, 0x65, 0x64, 0x48, 0x00, 0x52, 0x0a, 0x74, 0x65, + 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x74, 0x65, 0x64, 0x1a, 0x7f, 0x0a, 0x07, 0x52, 0x65, 0x71, 0x75, + 0x65, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x50, 0x65, 0x65, 0x72, 0x49, 0x44, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x06, 0x50, 0x65, 0x65, 0x72, 0x49, 0x44, 0x12, 0x14, 0x0a, 0x05, 0x4e, + 0x6f, 0x6e, 0x63, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x4e, 0x6f, 0x6e, 0x63, + 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x55, 0x52, 0x4c, + 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, + 0x55, 0x52, 0x4c, 0x12, 0x24, 0x0a, 0x05, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x18, 0x04, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x2e, 0x53, 0x74, 0x61, 0x74, + 0x75, 0x73, 0x52, 0x05, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x1a, 0xc9, 0x01, 0x0a, 0x08, 0x52, 0x65, + 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x4e, 0x6f, 0x6e, 0x63, 0x65, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x4e, 0x6f, 0x6e, 0x63, 0x65, 0x12, 0x20, 0x0a, 0x0b, + 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x55, 0x52, 0x4c, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x0b, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x55, 0x52, 0x4c, 0x12, 0x1e, + 0x0a, 0x0a, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x44, 0x18, 0x03, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x0a, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x44, 0x12, 0x30, + 0x0a, 0x08, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x14, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, + 0x75, 0x66, 0x2e, 0x41, 0x6e, 0x79, 0x52, 0x08, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, + 0x12, 0x33, 0x0a, 0x09, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x05, 0x20, + 0x01, 0x28, 0x0e, 0x32, 0x15, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, + 0x2e, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x09, 0x6f, 0x70, 0x65, 0x72, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0x0c, 0x0a, 0x0a, 0x54, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, + 0x74, 0x65, 0x64, 0x42, 0x09, 0x0a, 0x07, 0x50, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x22, 0x29, + 0x0a, 0x0d, 0x4c, 0x65, 0x61, 0x64, 0x65, 0x72, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, + 0x18, 0x0a, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x2a, 0x52, 0x0a, 0x09, 0x4f, 0x70, 0x65, + 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x19, 0x0a, 0x15, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, + 0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, + 0x00, 0x12, 0x14, 0x0a, 0x10, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55, + 0x50, 0x53, 0x45, 0x52, 0x54, 0x10, 0x01, 0x12, 0x14, 0x0a, 0x10, 0x4f, 0x50, 0x45, 0x52, 0x41, + 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x44, 0x45, 0x4c, 0x45, 0x54, 0x45, 0x10, 0x02, 0x32, 0x6a, 0x0a, + 0x11, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x53, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0x12, 0x55, 0x0a, 0x0f, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x52, 0x65, 0x73, 0x6f, + 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, 0x1e, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, + 0x61, 0x6d, 0x2e, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, + 0x73, 0x73, 0x61, 0x67, 0x65, 0x1a, 0x1e, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, + 0x61, 0x6d, 0x2e, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, + 0x73, 0x73, 0x61, 0x67, 0x65, 0x28, 0x01, 0x30, 0x01, 0x42, 0x99, 0x01, 0x0a, 0x0e, 0x63, 0x6f, + 0x6d, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x42, 0x0f, 0x50, 0x65, + 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, + 0x2e, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, + 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x70, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0xa2, + 0x02, 0x03, 0x50, 0x58, 0x58, 0xaa, 0x02, 0x0a, 0x50, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, + 0x61, 0x6d, 0xca, 0x02, 0x0a, 0x50, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0xe2, + 0x02, 0x16, 0x50, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x5c, 0x47, 0x50, 0x42, + 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x0a, 0x50, 0x65, 0x65, 0x72, 0x73, + 0x74, 0x72, 0x65, 0x61, 0x6d, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var ( + file_proto_pbpeerstream_peerstream_proto_rawDescOnce sync.Once + file_proto_pbpeerstream_peerstream_proto_rawDescData = file_proto_pbpeerstream_peerstream_proto_rawDesc +) + +func file_proto_pbpeerstream_peerstream_proto_rawDescGZIP() []byte { + file_proto_pbpeerstream_peerstream_proto_rawDescOnce.Do(func() { + file_proto_pbpeerstream_peerstream_proto_rawDescData = protoimpl.X.CompressGZIP(file_proto_pbpeerstream_peerstream_proto_rawDescData) + }) + return file_proto_pbpeerstream_peerstream_proto_rawDescData +} + +var file_proto_pbpeerstream_peerstream_proto_enumTypes = make([]protoimpl.EnumInfo, 1) +var file_proto_pbpeerstream_peerstream_proto_msgTypes = make([]protoimpl.MessageInfo, 5) +var file_proto_pbpeerstream_peerstream_proto_goTypes = []interface{}{ + (Operation)(0), // 0: peerstream.Operation + (*ReplicationMessage)(nil), // 1: peerstream.ReplicationMessage + (*LeaderAddress)(nil), // 2: peerstream.LeaderAddress + (*ReplicationMessage_Request)(nil), // 3: peerstream.ReplicationMessage.Request + (*ReplicationMessage_Response)(nil), // 4: peerstream.ReplicationMessage.Response + (*ReplicationMessage_Terminated)(nil), // 5: peerstream.ReplicationMessage.Terminated + (*pbstatus.Status)(nil), // 6: status.Status + (*anypb.Any)(nil), // 7: google.protobuf.Any +} +var file_proto_pbpeerstream_peerstream_proto_depIdxs = []int32{ + 3, // 0: peerstream.ReplicationMessage.request:type_name -> peerstream.ReplicationMessage.Request + 4, // 1: peerstream.ReplicationMessage.response:type_name -> peerstream.ReplicationMessage.Response + 5, // 2: peerstream.ReplicationMessage.terminated:type_name -> peerstream.ReplicationMessage.Terminated + 6, // 3: peerstream.ReplicationMessage.Request.Error:type_name -> status.Status + 7, // 4: peerstream.ReplicationMessage.Response.Resource:type_name -> google.protobuf.Any + 0, // 5: peerstream.ReplicationMessage.Response.operation:type_name -> peerstream.Operation + 1, // 6: peerstream.PeerStreamService.StreamResources:input_type -> peerstream.ReplicationMessage + 1, // 7: peerstream.PeerStreamService.StreamResources:output_type -> peerstream.ReplicationMessage + 7, // [7:8] is the sub-list for method output_type + 6, // [6:7] is the sub-list for method input_type + 6, // [6:6] is the sub-list for extension type_name + 6, // [6:6] is the sub-list for extension extendee + 0, // [0:6] is the sub-list for field type_name +} + +func init() { file_proto_pbpeerstream_peerstream_proto_init() } +func file_proto_pbpeerstream_peerstream_proto_init() { + if File_proto_pbpeerstream_peerstream_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_proto_pbpeerstream_peerstream_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ReplicationMessage); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_proto_pbpeerstream_peerstream_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*LeaderAddress); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_proto_pbpeerstream_peerstream_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ReplicationMessage_Request); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_proto_pbpeerstream_peerstream_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ReplicationMessage_Response); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_proto_pbpeerstream_peerstream_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ReplicationMessage_Terminated); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + file_proto_pbpeerstream_peerstream_proto_msgTypes[0].OneofWrappers = []interface{}{ + (*ReplicationMessage_Request_)(nil), + (*ReplicationMessage_Response_)(nil), + (*ReplicationMessage_Terminated_)(nil), + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_proto_pbpeerstream_peerstream_proto_rawDesc, + NumEnums: 1, + NumMessages: 5, + NumExtensions: 0, + NumServices: 1, + }, + GoTypes: file_proto_pbpeerstream_peerstream_proto_goTypes, + DependencyIndexes: file_proto_pbpeerstream_peerstream_proto_depIdxs, + EnumInfos: file_proto_pbpeerstream_peerstream_proto_enumTypes, + MessageInfos: file_proto_pbpeerstream_peerstream_proto_msgTypes, + }.Build() + File_proto_pbpeerstream_peerstream_proto = out.File + file_proto_pbpeerstream_peerstream_proto_rawDesc = nil + file_proto_pbpeerstream_peerstream_proto_goTypes = nil + file_proto_pbpeerstream_peerstream_proto_depIdxs = nil +} diff --git a/proto/pbpeerstream/peerstream.proto b/proto/pbpeerstream/peerstream.proto new file mode 100644 index 000000000..4ab0f6798 --- /dev/null +++ b/proto/pbpeerstream/peerstream.proto @@ -0,0 +1,91 @@ +syntax = "proto3"; + +package peerstream; + +import "google/protobuf/any.proto"; +// TODO(peering): Handle this some other way +import "proto/pbstatus/status.proto"; + +// TODO(peering): comments + +// TODO(peering): also duplicate the pbservice, some pbpeering, and ca stuff. + +service PeerStreamService { + // StreamResources opens an event stream for resources to share between peers, such as services. + // Events are streamed as they happen. + // buf:lint:ignore RPC_REQUEST_STANDARD_NAME + // buf:lint:ignore RPC_RESPONSE_STANDARD_NAME + // buf:lint:ignore RPC_REQUEST_RESPONSE_UNIQUE + rpc StreamResources(stream ReplicationMessage) returns (stream ReplicationMessage); +} + +message ReplicationMessage { + oneof Payload { + Request request = 1; + Response response = 2; + Terminated terminated = 3; + } + + // A Request requests to subscribe to a resource of a given type. + message Request { + // An identifier for the peer making the request. + // This identifier is provisioned by the serving peer prior to the request from the dialing peer. + string PeerID = 1; + + // Nonce corresponding to that of the response being ACKed or NACKed. + // Initial subscription requests will have an empty nonce. + // The nonce is generated and incremented by the exporting peer. + // TODO + string Nonce = 2; + + // The type URL for the resource being requested or ACK/NACKed. + string ResourceURL = 3; + + // The error if the previous response was not applied successfully. + // This field is empty in the first subscription request. + status.Status Error = 4; + } + + // A Response contains resources corresponding to a subscription request. + message Response { + // Nonce identifying a response in a stream. + string Nonce = 1; + + // The type URL of resource being returned. + string ResourceURL = 2; + + // An identifier for the resource being returned. + // This could be the SPIFFE ID of the service. + string ResourceID = 3; + + // The resource being returned. + google.protobuf.Any Resource = 4; + + // REQUIRED. The operation to be performed in relation to the resource. + Operation operation = 5; + } + + // Terminated is sent when a peering is deleted locally. + // This message signals to the peer that they should clean up their local state about the peering. + message Terminated {} +} + +// Operation enumerates supported operations for replicated resources. +enum Operation { + OPERATION_UNSPECIFIED = 0; + + // UPSERT represents a create or update event. + OPERATION_UPSERT = 1; + + // DELETE indicates the resource should be deleted. + // In DELETE operations no Resource will be returned. + // Deletion by an importing peer must be done with the type URL and ID. + OPERATION_DELETE = 2; +} + +// LeaderAddress is sent when the peering service runs on a consul node +// that is not a leader. The node either lost leadership, or never was a leader. +message LeaderAddress { + // address is an ip:port best effort hint at what could be the cluster leader's address + string address = 1; +} diff --git a/proto/pbpeerstream/peerstream_grpc.pb.go b/proto/pbpeerstream/peerstream_grpc.pb.go new file mode 100644 index 000000000..f62073ac9 --- /dev/null +++ b/proto/pbpeerstream/peerstream_grpc.pb.go @@ -0,0 +1,145 @@ +// Code generated by protoc-gen-go-grpc. DO NOT EDIT. +// versions: +// - protoc-gen-go-grpc v1.2.0 +// - protoc (unknown) +// source: proto/pbpeerstream/peerstream.proto + +package pbpeerstream + +import ( + context "context" + grpc "google.golang.org/grpc" + codes "google.golang.org/grpc/codes" + status "google.golang.org/grpc/status" +) + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the grpc package it is being compiled against. +// Requires gRPC-Go v1.32.0 or later. +const _ = grpc.SupportPackageIsVersion7 + +// PeerStreamServiceClient is the client API for PeerStreamService service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. +type PeerStreamServiceClient interface { + // StreamResources opens an event stream for resources to share between peers, such as services. + // Events are streamed as they happen. + // buf:lint:ignore RPC_REQUEST_STANDARD_NAME + // buf:lint:ignore RPC_RESPONSE_STANDARD_NAME + // buf:lint:ignore RPC_REQUEST_RESPONSE_UNIQUE + StreamResources(ctx context.Context, opts ...grpc.CallOption) (PeerStreamService_StreamResourcesClient, error) +} + +type peerStreamServiceClient struct { + cc grpc.ClientConnInterface +} + +func NewPeerStreamServiceClient(cc grpc.ClientConnInterface) PeerStreamServiceClient { + return &peerStreamServiceClient{cc} +} + +func (c *peerStreamServiceClient) StreamResources(ctx context.Context, opts ...grpc.CallOption) (PeerStreamService_StreamResourcesClient, error) { + stream, err := c.cc.NewStream(ctx, &PeerStreamService_ServiceDesc.Streams[0], "/peerstream.PeerStreamService/StreamResources", opts...) + if err != nil { + return nil, err + } + x := &peerStreamServiceStreamResourcesClient{stream} + return x, nil +} + +type PeerStreamService_StreamResourcesClient interface { + Send(*ReplicationMessage) error + Recv() (*ReplicationMessage, error) + grpc.ClientStream +} + +type peerStreamServiceStreamResourcesClient struct { + grpc.ClientStream +} + +func (x *peerStreamServiceStreamResourcesClient) Send(m *ReplicationMessage) error { + return x.ClientStream.SendMsg(m) +} + +func (x *peerStreamServiceStreamResourcesClient) Recv() (*ReplicationMessage, error) { + m := new(ReplicationMessage) + if err := x.ClientStream.RecvMsg(m); err != nil { + return nil, err + } + return m, nil +} + +// PeerStreamServiceServer is the server API for PeerStreamService service. +// All implementations should embed UnimplementedPeerStreamServiceServer +// for forward compatibility +type PeerStreamServiceServer interface { + // StreamResources opens an event stream for resources to share between peers, such as services. + // Events are streamed as they happen. + // buf:lint:ignore RPC_REQUEST_STANDARD_NAME + // buf:lint:ignore RPC_RESPONSE_STANDARD_NAME + // buf:lint:ignore RPC_REQUEST_RESPONSE_UNIQUE + StreamResources(PeerStreamService_StreamResourcesServer) error +} + +// UnimplementedPeerStreamServiceServer should be embedded to have forward compatible implementations. +type UnimplementedPeerStreamServiceServer struct { +} + +func (UnimplementedPeerStreamServiceServer) StreamResources(PeerStreamService_StreamResourcesServer) error { + return status.Errorf(codes.Unimplemented, "method StreamResources not implemented") +} + +// UnsafePeerStreamServiceServer may be embedded to opt out of forward compatibility for this service. +// Use of this interface is not recommended, as added methods to PeerStreamServiceServer will +// result in compilation errors. +type UnsafePeerStreamServiceServer interface { + mustEmbedUnimplementedPeerStreamServiceServer() +} + +func RegisterPeerStreamServiceServer(s grpc.ServiceRegistrar, srv PeerStreamServiceServer) { + s.RegisterService(&PeerStreamService_ServiceDesc, srv) +} + +func _PeerStreamService_StreamResources_Handler(srv interface{}, stream grpc.ServerStream) error { + return srv.(PeerStreamServiceServer).StreamResources(&peerStreamServiceStreamResourcesServer{stream}) +} + +type PeerStreamService_StreamResourcesServer interface { + Send(*ReplicationMessage) error + Recv() (*ReplicationMessage, error) + grpc.ServerStream +} + +type peerStreamServiceStreamResourcesServer struct { + grpc.ServerStream +} + +func (x *peerStreamServiceStreamResourcesServer) Send(m *ReplicationMessage) error { + return x.ServerStream.SendMsg(m) +} + +func (x *peerStreamServiceStreamResourcesServer) Recv() (*ReplicationMessage, error) { + m := new(ReplicationMessage) + if err := x.ServerStream.RecvMsg(m); err != nil { + return nil, err + } + return m, nil +} + +// PeerStreamService_ServiceDesc is the grpc.ServiceDesc for PeerStreamService service. +// It's only intended for direct use with grpc.RegisterService, +// and not to be introspected or modified (even as a copy) +var PeerStreamService_ServiceDesc = grpc.ServiceDesc{ + ServiceName: "peerstream.PeerStreamService", + HandlerType: (*PeerStreamServiceServer)(nil), + Methods: []grpc.MethodDesc{}, + Streams: []grpc.StreamDesc{ + { + StreamName: "StreamResources", + Handler: _PeerStreamService_StreamResources_Handler, + ServerStreams: true, + ClientStreams: true, + }, + }, + Metadata: "proto/pbpeerstream/peerstream.proto", +} diff --git a/proto/pbpeering/types.go b/proto/pbpeerstream/types.go similarity index 91% rename from proto/pbpeering/types.go rename to proto/pbpeerstream/types.go index 23847e46e..52f32487d 100644 --- a/proto/pbpeering/types.go +++ b/proto/pbpeerstream/types.go @@ -1,4 +1,4 @@ -package pbpeering +package pbpeerstream const ( TypeURLService = "type.googleapis.com/consul.api.Service" diff --git a/sdk/testutil/server.go b/sdk/testutil/server.go index 5f43bd998..77fd90e82 100644 --- a/sdk/testutil/server.go +++ b/sdk/testutil/server.go @@ -51,6 +51,7 @@ type TestPortConfig struct { SerfLan int `json:"serf_lan,omitempty"` SerfWan int `json:"serf_wan,omitempty"` Server int `json:"server,omitempty"` + GRPC int `json:"grpc,omitempty"` ProxyMinPort int `json:"proxy_min_port,omitempty"` ProxyMaxPort int `json:"proxy_max_port,omitempty"` } @@ -150,7 +151,7 @@ func defaultServerConfig(t TestingTB) *TestServerConfig { panic(err) } - ports, err := freeport.Take(6) + ports, err := freeport.Take(7) if err != nil { t.Fatalf("failed to take ports: %v", err) } @@ -176,6 +177,7 @@ func defaultServerConfig(t TestingTB) *TestServerConfig { SerfLan: ports[3], SerfWan: ports[4], Server: ports[5], + GRPC: ports[6], }, ReadyTimeout: 10 * time.Second, StopTimeout: 10 * time.Second, @@ -226,6 +228,7 @@ type TestServer struct { HTTPSAddr string LANAddr string WANAddr string + GRPCAddr string HTTPClient *http.Client @@ -306,6 +309,7 @@ func NewTestServerConfigT(t TestingTB, cb ServerConfigCallback) (*TestServer, er HTTPSAddr: fmt.Sprintf("127.0.0.1:%d", cfg.Ports.HTTPS), LANAddr: fmt.Sprintf("127.0.0.1:%d", cfg.Ports.SerfLan), WANAddr: fmt.Sprintf("127.0.0.1:%d", cfg.Ports.SerfWan), + GRPCAddr: fmt.Sprintf("127.0.0.1:%d", cfg.Ports.GRPC), HTTPClient: client, diff --git a/test/integration/connect/envoy/run-tests.sh b/test/integration/connect/envoy/run-tests.sh index adea350d7..21705a3ae 100755 --- a/test/integration/connect/envoy/run-tests.sh +++ b/test/integration/connect/envoy/run-tests.sh @@ -170,7 +170,8 @@ function start_consul { # an agent. # # When XDS_TARGET=client we'll start a Consul server with its gRPC port - # disabled, and a client agent with its gRPC port enabled. + # disabled (but only if REQUIRE_PEERS is not set), and a client agent with + # its gRPC port enabled. # # When XDS_TARGET=server (or anything else) we'll run a single Consul server # with its gRPC port enabled. @@ -196,6 +197,11 @@ function start_consul { docker_kill_rm consul-${DC}-server docker_kill_rm consul-${DC} + server_grpc_port="-1" + if is_set $REQUIRE_PEERS; then + server_grpc_port="8502" + fi + docker run -d --name envoy_consul-${DC}-server_1 \ --net=envoy-tests \ $WORKDIR_SNIPPET \ @@ -206,7 +212,7 @@ function start_consul { agent -dev -datacenter "${DC}" \ -config-dir "/workdir/${DC}/consul" \ -config-dir "/workdir/${DC}/consul-server" \ - -grpc-port -1 \ + -grpc-port $server_grpc_port \ -client "0.0.0.0" \ -bind "0.0.0.0" >/dev/null From 616a2da835a7f0d67b00dea57af0df4d32113f2c Mon Sep 17 00:00:00 2001 From: Kyle Havlovitz Date: Fri, 8 Jul 2022 13:21:05 -0700 Subject: [PATCH 714/785] Respect http2 protocol for upstreams of terminating gateways --- agent/proxycfg/testing_terminating_gateway.go | 119 ++++++++++++ agent/xds/clusters.go | 13 ++ agent/xds/clusters_test.go | 8 + ...teway-http2-upstream-subsets.latest.golden | 181 ++++++++++++++++++ ...ating-gateway-http2-upstream.latest.golden | 65 +++++++ 5 files changed, 386 insertions(+) create mode 100644 agent/xds/testdata/clusters/terminating-gateway-http2-upstream-subsets.latest.golden create mode 100644 agent/xds/testdata/clusters/terminating-gateway-http2-upstream.latest.golden diff --git a/agent/proxycfg/testing_terminating_gateway.go b/agent/proxycfg/testing_terminating_gateway.go index bac411fff..c9060df92 100644 --- a/agent/proxycfg/testing_terminating_gateway.go +++ b/agent/proxycfg/testing_terminating_gateway.go @@ -633,6 +633,125 @@ func TestConfigSnapshotTerminatingGatewaySNI(t testing.T) *ConfigSnapshot { }) } +func TestConfigSnapshotTerminatingGatewayHTTP2(t testing.T) *ConfigSnapshot { + web := structs.NewServiceName("web", nil) + + return TestConfigSnapshotTerminatingGateway(t, false, nil, []UpdateEvent{ + { + CorrelationID: gatewayServicesWatchID, + Result: &structs.IndexedGatewayServices{ + Services: []*structs.GatewayService{ + { + Service: web, + CAFile: "ca.cert.pem", + Protocol: "http2", + }, + }, + }, + }, + { + CorrelationID: serviceConfigIDPrefix + web.String(), + Result: &structs.ServiceConfigResponse{ + ProxyConfig: map[string]interface{}{"protocol": "http2"}, + }, + }, + { + CorrelationID: externalServiceIDPrefix + web.String(), + Result: &structs.IndexedCheckServiceNodes{ + Nodes: []structs.CheckServiceNode{ + { + Node: &structs.Node{ + ID: "external", + Node: "external", + Address: "web.external.service", + Datacenter: "dc1", + }, + Service: &structs.NodeService{ + Service: "web", + Port: 9090, + }, + }, + }, + }, + }, + }) +} + +func TestConfigSnapshotTerminatingGatewaySubsetsHTTP2(t testing.T) *ConfigSnapshot { + web := structs.NewServiceName("web", nil) + + return TestConfigSnapshotTerminatingGateway(t, false, nil, []UpdateEvent{ + { + CorrelationID: serviceResolverIDPrefix + web.String(), + Result: &structs.ConfigEntryResponse{ + Entry: &structs.ServiceResolverConfigEntry{ + Kind: structs.ServiceResolver, + Name: "web", + Subsets: map[string]structs.ServiceResolverSubset{ + "v1": { + Filter: "Service.Meta.version == 1", + }, + "v2": { + Filter: "Service.Meta.version == 2", + }, + }, + }, + }, + }, + { + CorrelationID: gatewayServicesWatchID, + Result: &structs.IndexedGatewayServices{ + Services: []*structs.GatewayService{ + { + Service: web, + CAFile: "ca.cert.pem", + Protocol: "http2", + }, + }, + }, + }, + { + CorrelationID: serviceConfigIDPrefix + web.String(), + Result: &structs.ServiceConfigResponse{ + ProxyConfig: map[string]interface{}{"protocol": "http2"}, + }, + }, + { + CorrelationID: externalServiceIDPrefix + web.String(), + Result: &structs.IndexedCheckServiceNodes{ + Nodes: []structs.CheckServiceNode{ + { + Node: &structs.Node{ + ID: "external", + Node: "external", + Address: "web.external.service", + Datacenter: "dc1", + }, + Service: &structs.NodeService{ + Service: "web", + Port: 9090, + Meta: map[string]string{"version": "1"}, + }, + }, + { + Node: &structs.Node{ + ID: "external2", + Node: "external2", + Address: "web.external2.service", + Datacenter: "dc1", + }, + Service: &structs.NodeService{ + Service: "web", + Port: 9091, + Meta: map[string]string{"version": "2"}, + }, + }, + }, + }, + }, + }) +} + func TestConfigSnapshotTerminatingGatewayHostnameSubsets(t testing.T) *ConfigSnapshot { var ( api = structs.NewServiceName("api", nil) diff --git a/agent/xds/clusters.go b/agent/xds/clusters.go index 3f2efdef7..75f0b2344 100644 --- a/agent/xds/clusters.go +++ b/agent/xds/clusters.go @@ -425,6 +425,14 @@ func (s *ResourceGenerator) makeGatewayServiceClusters( } clusters = append(clusters, cluster) + gatewaySvc, ok := cfgSnap.TerminatingGateway.GatewayServices[svc] + isHTTP2 := ok && gatewaySvc.Protocol == "http2" + if isHTTP2 { + if err := s.setHttp2ProtocolOptions(cluster); err != nil { + return nil, err + } + } + // If there is a service-resolver for this service then also setup a cluster for each subset for name, subset := range resolver.Subsets { subsetHostnameEndpoints, err := s.filterSubsetEndpoints(&subset, hostnameEndpoints) @@ -444,6 +452,11 @@ func (s *ResourceGenerator) makeGatewayServiceClusters( if err := s.injectGatewayServiceAddons(cfgSnap, cluster, svc, loadBalancer); err != nil { return nil, err } + if isHTTP2 { + if err := s.setHttp2ProtocolOptions(cluster); err != nil { + return nil, err + } + } clusters = append(clusters, cluster) } } diff --git a/agent/xds/clusters_test.go b/agent/xds/clusters_test.go index b3e85486b..49d333750 100644 --- a/agent/xds/clusters_test.go +++ b/agent/xds/clusters_test.go @@ -589,6 +589,14 @@ func TestClustersFromSnapshot(t *testing.T) { name: "terminating-gateway-sni", create: proxycfg.TestConfigSnapshotTerminatingGatewaySNI, }, + { + name: "terminating-gateway-http2-upstream", + create: proxycfg.TestConfigSnapshotTerminatingGatewayHTTP2, + }, + { + name: "terminating-gateway-http2-upstream-subsets", + create: proxycfg.TestConfigSnapshotTerminatingGatewaySubsetsHTTP2, + }, { name: "terminating-gateway-ignore-extra-resolvers", create: proxycfg.TestConfigSnapshotTerminatingGatewayIgnoreExtraResolvers, diff --git a/agent/xds/testdata/clusters/terminating-gateway-http2-upstream-subsets.latest.golden b/agent/xds/testdata/clusters/terminating-gateway-http2-upstream-subsets.latest.golden new file mode 100644 index 000000000..953a207e6 --- /dev/null +++ b/agent/xds/testdata/clusters/terminating-gateway-http2-upstream-subsets.latest.golden @@ -0,0 +1,181 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "v1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "type": "LOGICAL_DNS", + "connectTimeout": "5s", + "loadAssignment": { + "clusterName": "v1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "web.external.service", + "portValue": 9090 + } + } + }, + "healthStatus": "HEALTHY", + "loadBalancingWeight": 1 + } + ] + } + ] + }, + "typedExtensionProtocolOptions": { + "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": { + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions", + "explicitHttpConfig": { + "http2ProtocolOptions": { + + } + } + } + }, + "dnsRefreshRate": "10s", + "dnsLookupFamily": "V4_ONLY", + "outlierDetection": { + + }, + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "commonTlsContext": { + "tlsParams": { + + }, + "validationContext": { + "trustedCa": { + "filename": "ca.cert.pem" + } + } + } + } + } + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "v2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "type": "LOGICAL_DNS", + "connectTimeout": "5s", + "loadAssignment": { + "clusterName": "v2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "web.external2.service", + "portValue": 9091 + } + } + }, + "healthStatus": "HEALTHY", + "loadBalancingWeight": 1 + } + ] + } + ] + }, + "typedExtensionProtocolOptions": { + "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": { + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions", + "explicitHttpConfig": { + "http2ProtocolOptions": { + + } + } + } + }, + "dnsRefreshRate": "10s", + "dnsLookupFamily": "V4_ONLY", + "outlierDetection": { + + }, + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "commonTlsContext": { + "tlsParams": { + + }, + "validationContext": { + "trustedCa": { + "filename": "ca.cert.pem" + } + } + } + } + } + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "type": "LOGICAL_DNS", + "connectTimeout": "5s", + "loadAssignment": { + "clusterName": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "web.external.service", + "portValue": 9090 + } + } + }, + "healthStatus": "HEALTHY", + "loadBalancingWeight": 1 + } + ] + } + ] + }, + "typedExtensionProtocolOptions": { + "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": { + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions", + "explicitHttpConfig": { + "http2ProtocolOptions": { + + } + } + } + }, + "dnsRefreshRate": "10s", + "dnsLookupFamily": "V4_ONLY", + "outlierDetection": { + + }, + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "commonTlsContext": { + "tlsParams": { + + }, + "validationContext": { + "trustedCa": { + "filename": "ca.cert.pem" + } + } + } + } + } + } + ], + "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/terminating-gateway-http2-upstream.latest.golden b/agent/xds/testdata/clusters/terminating-gateway-http2-upstream.latest.golden new file mode 100644 index 000000000..9a8e2bdf4 --- /dev/null +++ b/agent/xds/testdata/clusters/terminating-gateway-http2-upstream.latest.golden @@ -0,0 +1,65 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "type": "LOGICAL_DNS", + "connectTimeout": "5s", + "loadAssignment": { + "clusterName": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "web.external.service", + "portValue": 9090 + } + } + }, + "healthStatus": "HEALTHY", + "loadBalancingWeight": 1 + } + ] + } + ] + }, + "typedExtensionProtocolOptions": { + "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": { + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions", + "explicitHttpConfig": { + "http2ProtocolOptions": { + + } + } + } + }, + "dnsRefreshRate": "10s", + "dnsLookupFamily": "V4_ONLY", + "outlierDetection": { + + }, + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "commonTlsContext": { + "tlsParams": { + + }, + "validationContext": { + "trustedCa": { + "filename": "ca.cert.pem" + } + } + } + } + } + } + ], + "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "nonce": "00000001" +} \ No newline at end of file From 3803195a4420170f45a4aeb40c26bc5e7587c00d Mon Sep 17 00:00:00 2001 From: Kyle Havlovitz Date: Fri, 8 Jul 2022 15:23:00 -0700 Subject: [PATCH 715/785] Add changelog note --- .changelog/13699.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 .changelog/13699.txt diff --git a/.changelog/13699.txt b/.changelog/13699.txt new file mode 100644 index 000000000..64cde8d97 --- /dev/null +++ b/.changelog/13699.txt @@ -0,0 +1,3 @@ +```release-note:bug +xds: Fix a bug where terminating gateway upstream clusters weren't configured properly when the service protocol was `http2`. +``` From 2d99304762eddfdaaf51d6f5c4768e646b3f9760 Mon Sep 17 00:00:00 2001 From: cskh Date: Mon, 11 Jul 2022 10:13:40 -0400 Subject: [PATCH 716/785] feat(cli): enable to delete config entry from an input file (#13677) * feat(cli): enable to delete config entry from an input file - A new flag to config delete to delete a config entry in a valid config file, e.g., config delete -filename intention-allow.hcl - Updated flag validation; -filename and -kind can't be set at the same time - Move decode config entry method from config_write.go to helpers.go for reusing ParseConfigEntry() - add changelog Co-authored-by: Dan Upton --- .changelog/13677.txt | 4 + command/config/delete/config_delete.go | 69 +- command/config/delete/config_delete_test.go | 75 +- command/config/write/config_write.go | 12 +- command/config/write/config_write_test.go | 3064 ---------------- .../{config/write => helpers}/decode_shim.go | 2 +- command/helpers/helpers.go | 77 + command/helpers/helpers_test.go | 3079 +++++++++++++++++ website/content/commands/config/delete.mdx | 4 + 9 files changed, 3288 insertions(+), 3098 deletions(-) create mode 100644 .changelog/13677.txt rename command/{config/write => helpers}/decode_shim.go (99%) create mode 100644 command/helpers/helpers_test.go diff --git a/.changelog/13677.txt b/.changelog/13677.txt new file mode 100644 index 000000000..639cc5eb1 --- /dev/null +++ b/.changelog/13677.txt @@ -0,0 +1,4 @@ +```release-note:feature +cli: A new flag for config delete to delete a config entry in a +valid config file, e.g., config delete -filename intention-allow.hcl +``` diff --git a/command/config/delete/config_delete.go b/command/config/delete/config_delete.go index 913d09e85..caa21c094 100644 --- a/command/config/delete/config_delete.go +++ b/command/config/delete/config_delete.go @@ -6,6 +6,7 @@ import ( "fmt" "github.com/hashicorp/consul/command/flags" + "github.com/hashicorp/consul/command/helpers" "github.com/mitchellh/cli" ) @@ -25,10 +26,13 @@ type cmd struct { name string cas bool modifyIndex uint64 + filename string } func (c *cmd) init() { c.flags = flag.NewFlagSet("", flag.ContinueOnError) + + c.flags.StringVar(&c.filename, "filename", "", "The filename of the config entry to delete") c.flags.StringVar(&c.kind, "kind", "", "The kind of configuration to delete.") c.flags.StringVar(&c.name, "name", "", "The name of configuration to delete.") c.flags.BoolVar(&c.cas, "cas", false, @@ -55,6 +59,25 @@ func (c *cmd) Run(args []string) int { return 1 } + kind := c.kind + name := c.name + var err error + if c.filename != "" { + data, err := helpers.LoadDataSourceNoRaw(c.filename, nil) + if err != nil { + c.UI.Error(fmt.Sprintf("Failed to load data: %v", err)) + return 1 + } + + entry, err := helpers.ParseConfigEntry(data) + if err != nil { + c.UI.Error(fmt.Sprintf("Failed to decode config entry input: %v", err)) + return 1 + } + kind = entry.GetKind() + name = entry.GetName() + } + client, err := c.http.APIClient() if err != nil { c.UI.Error(fmt.Sprintf("Error connect to Consul agent: %s", err)) @@ -64,33 +87,58 @@ func (c *cmd) Run(args []string) int { var deleted bool if c.cas { - deleted, _, err = entries.DeleteCAS(c.kind, c.name, c.modifyIndex, nil) + deleted, _, err = entries.DeleteCAS(kind, name, c.modifyIndex, nil) } else { - _, err = entries.Delete(c.kind, c.name, nil) + _, err = entries.Delete(kind, name, nil) deleted = err == nil } if err != nil { - c.UI.Error(fmt.Sprintf("Error deleting config entry %s/%s: %v", c.kind, c.name, err)) + c.UI.Error(fmt.Sprintf("Error deleting config entry %s/%s: %v", kind, name, err)) return 1 } if !deleted { - c.UI.Error(fmt.Sprintf("Config entry not deleted: %s/%s", c.kind, c.name)) + c.UI.Error(fmt.Sprintf("Config entry not deleted: %s/%s", kind, name)) return 1 } - c.UI.Info(fmt.Sprintf("Config entry deleted: %s/%s", c.kind, c.name)) + c.UI.Info(fmt.Sprintf("Config entry deleted: %s/%s", kind, name)) return 0 } func (c *cmd) validateArgs() error { - if c.kind == "" { - return errors.New("Must specify the -kind parameter") + count := 0 + if c.filename != "" { + count++ } - if c.name == "" { - return errors.New("Must specify the -name parameter") + if c.kind != "" { + count++ + } + + if c.name != "" { + count++ + } + + if count >= 3 { + return errors.New("filename can't be used with kind or name") + } else if count == 0 { + return errors.New("Must specify the -kind or -filename parameter") + } + + if c.filename != "" { + if count == 2 { + return errors.New("filename can't be used with kind or name") + } + } else { + if c.kind == "" { + return errors.New("Must specify the -kind parameter") + } + + if c.name == "" { + return errors.New("Must specify the -name parameter") + } } if c.cas && c.modifyIndex == 0 { @@ -115,12 +163,13 @@ func (c *cmd) Help() string { const ( synopsis = "Delete a centralized config entry" help = ` -Usage: consul config delete [options] -kind -name +Usage: consul config delete [options] ([-kind -name ] | [-f FILENAME]) Deletes the configuration entry specified by the kind and name. Example: $ consul config delete -kind service-defaults -name web + $ consul config delete -filename service-defaults-web.hcl ` ) diff --git a/command/config/delete/config_delete_test.go b/command/config/delete/config_delete_test.go index 01c00b549..d4f9b704e 100644 --- a/command/config/delete/config_delete_test.go +++ b/command/config/delete/config_delete_test.go @@ -6,6 +6,7 @@ import ( "github.com/hashicorp/consul/agent" "github.com/hashicorp/consul/api" + "github.com/hashicorp/consul/sdk/testutil" "github.com/mitchellh/cli" "github.com/stretchr/testify/require" ) @@ -30,11 +31,7 @@ func TestConfigDelete(t *testing.T) { ui := cli.NewMockUi() c := New(ui) - _, _, err := client.ConfigEntries().Set(&api.ServiceConfigEntry{ - Kind: api.ServiceDefaults, - Name: "web", - Protocol: "tcp", - }, nil) + err := createEntry(client) require.NoError(t, err) args := []string{ @@ -54,6 +51,15 @@ func TestConfigDelete(t *testing.T) { require.Nil(t, entry) } +func createEntry(client *api.Client) error { + _, _, err := client.ConfigEntries().Set(&api.ServiceConfigEntry{ + Kind: api.ServiceDefaults, + Name: "web", + Protocol: "tcp", + }, nil) + return err +} + func TestConfigDelete_CAS(t *testing.T) { if testing.Short() { t.Skip("too slow for testing.Short") @@ -65,11 +71,7 @@ func TestConfigDelete_CAS(t *testing.T) { defer a.Shutdown() client := a.Client() - _, _, err := client.ConfigEntries().Set(&api.ServiceConfigEntry{ - Kind: api.ServiceDefaults, - Name: "web", - Protocol: "tcp", - }, nil) + err := createEntry(client) require.NoError(t, err) entry, _, err := client.ConfigEntries().Get(api.ServiceDefaults, "web", nil) @@ -111,11 +113,44 @@ func TestConfigDelete_CAS(t *testing.T) { require.Contains(t, ui.OutputWriter.String(), "Config entry deleted: service-defaults/web") require.Empty(t, ui.ErrorWriter.String()) - entry, _, err := client.ConfigEntries().Get(api.ServiceDefaults, "web", nil) require.Error(t, err) require.Nil(t, entry) }) + + t.Run("delete from file with a valid modify index", func(t *testing.T) { + err := createEntry(client) + require.NoError(t, err) + entry, _, err := client.ConfigEntries().Get(api.ServiceDefaults, "web", nil) + require.NoError(t, err) + + ui := cli.NewMockUi() + c := New(ui) + f := testutil.TempFile(t, "config-write-svc-web.hcl") + _, err = f.WriteString(` + Kind = "service-defaults" + Name = "web" + Protocol = "tcp" + `) + require.NoError(t, err) + + args := []string{ + "-http-addr=" + a.HTTPAddr(), + "-filename=" + f.Name(), + "-cas", + "-modify-index=" + strconv.FormatUint(entry.GetModifyIndex(), 10), + } + + code := c.Run(args) + require.Equal(t, 0, code) + require.Contains(t, ui.OutputWriter.String(), + "Config entry deleted: service-defaults/web") + require.Empty(t, ui.ErrorWriter.String()) + + entry, _, err = client.ConfigEntries().Get(api.ServiceDefaults, "web", nil) + require.Error(t, err) + require.Nil(t, entry) + }) } func TestConfigDelete_InvalidArgs(t *testing.T) { @@ -125,8 +160,12 @@ func TestConfigDelete_InvalidArgs(t *testing.T) { args []string err string }{ - "no kind": { + "no kind or filename": { args: []string{}, + err: "Must specify the -kind or -filename parameter", + }, + "no kind": { + args: []string{"-name", "web"}, err: "Must specify the -kind parameter", }, "no name": { @@ -145,6 +184,18 @@ func TestConfigDelete_InvalidArgs(t *testing.T) { args: []string{"-kind", api.ServiceDefaults, "-name", "web", "-modify-index", "1"}, err: "Cannot specify -modify-index without -cas", }, + "kind and filename": { + args: []string{"-kind", api.ServiceDefaults, "-filename", "config-file.hcl"}, + err: "filename can't be used with kind or name", + }, + "name and filename": { + args: []string{"-name", "db", "-filename", "config-file.hcl"}, + err: "filename can't be used with kind or name", + }, + "kind, name, and filename": { + args: []string{"-kind", api.ServiceDefaults, "-name", "db", "-filename", "config-file.hcl"}, + err: "filename can't be used with kind or name", + }, } for name, tcase := range cases { diff --git a/command/config/write/config_write.go b/command/config/write/config_write.go index 9e08fde38..0c377e6c4 100644 --- a/command/config/write/config_write.go +++ b/command/config/write/config_write.go @@ -66,7 +66,7 @@ func (c *cmd) Run(args []string) int { return 1 } - entry, err := parseConfigEntry(data) + entry, err := helpers.ParseConfigEntry(data) if err != nil { c.UI.Error(fmt.Sprintf("Failed to decode config entry input: %v", err)) return 1 @@ -100,16 +100,6 @@ func (c *cmd) Run(args []string) int { return 0 } -func parseConfigEntry(data string) (api.ConfigEntry, error) { - // parse the data - var raw map[string]interface{} - if err := hclDecode(&raw, data); err != nil { - return nil, fmt.Errorf("Failed to decode config entry input: %v", err) - } - - return newDecodeConfigEntry(raw) -} - // There is a 'structs' variation of this in // agent/structs/config_entry.go:DecodeConfigEntry func newDecodeConfigEntry(raw map[string]interface{}) (api.ConfigEntry, error) { diff --git a/command/config/write/config_write_test.go b/command/config/write/config_write_test.go index 566e2ab9b..3ea5a8be2 100644 --- a/command/config/write/config_write_test.go +++ b/command/config/write/config_write_test.go @@ -5,9 +5,6 @@ import ( "io" "strings" "testing" - "time" - - "github.com/hashicorp/consul/agent/structs" "github.com/mitchellh/cli" "github.com/stretchr/testify/require" @@ -152,3068 +149,7 @@ http { }) } -// TestParseConfigEntry is the 'api' mirror image of -// agent/structs/config_entry_test.go:TestDecodeConfigEntry -func TestParseConfigEntry(t *testing.T) { - t.Parallel() - for _, tc := range []struct { - name string - camel, camelJSON string - snake, snakeJSON string - expect api.ConfigEntry - expectJSON api.ConfigEntry - expectErr string - }{ - { - name: "proxy-defaults: extra fields or typo", - snake: ` - kind = "proxy-defaults" - name = "main" - cornfig { - "foo" = 19 - } - `, - camel: ` - Kind = "proxy-defaults" - Name = "main" - Cornfig { - "foo" = 19 - } - `, - snakeJSON: ` - { - "kind": "proxy-defaults", - "name": "main", - "cornfig": { - "foo": 19 - } - } - `, - camelJSON: ` - { - "Kind": "proxy-defaults", - "Name": "main", - "Cornfig": { - "foo": 19 - } - } - `, - expectErr: `invalid config key "cornfig"`, - }, - { - name: "proxy-defaults", - snake: ` - kind = "proxy-defaults" - name = "main" - meta { - "foo" = "bar" - "gir" = "zim" - } - config { - "foo" = 19 - "bar" = "abc" - "moreconfig" { - "moar" = "config" - } - } - mesh_gateway { - mode = "remote" - } - mode = "direct" - transparent_proxy = { - outbound_listener_port = 10101 - dialed_directly = true - } - `, - camel: ` - Kind = "proxy-defaults" - Name = "main" - Meta { - "foo" = "bar" - "gir" = "zim" - } - Config { - "foo" = 19 - "bar" = "abc" - "moreconfig" { - "moar" = "config" - } - } - MeshGateway { - Mode = "remote" - } - Mode = "direct" - TransparentProxy = { - outbound_listener_port = 10101 - dialed_directly = true - } - `, - snakeJSON: ` - { - "kind": "proxy-defaults", - "name": "main", - "meta" : { - "foo": "bar", - "gir": "zim" - }, - "config": { - "foo": 19, - "bar": "abc", - "moreconfig": { - "moar": "config" - } - }, - "mesh_gateway": { - "mode": "remote" - }, - "mode": "direct", - "transparent_proxy": { - "outbound_listener_port": 10101, - "dialed_directly": true - } - } - `, - camelJSON: ` - { - "Kind": "proxy-defaults", - "Name": "main", - "Meta" : { - "foo": "bar", - "gir": "zim" - }, - "Config": { - "foo": 19, - "bar": "abc", - "moreconfig": { - "moar": "config" - } - }, - "MeshGateway": { - "Mode": "remote" - }, - "Mode": "direct", - "TransparentProxy": { - "OutboundListenerPort": 10101, - "DialedDirectly": true - } - } - `, - expect: &api.ProxyConfigEntry{ - Kind: "proxy-defaults", - Name: "main", - Meta: map[string]string{ - "foo": "bar", - "gir": "zim", - }, - Config: map[string]interface{}{ - "foo": 19, - "bar": "abc", - "moreconfig": map[string]interface{}{ - "moar": "config", - }, - }, - MeshGateway: api.MeshGatewayConfig{ - Mode: api.MeshGatewayModeRemote, - }, - Mode: api.ProxyModeDirect, - TransparentProxy: &api.TransparentProxyConfig{ - OutboundListenerPort: 10101, - DialedDirectly: true, - }, - }, - expectJSON: &api.ProxyConfigEntry{ - Kind: "proxy-defaults", - Name: "main", - Meta: map[string]string{ - "foo": "bar", - "gir": "zim", - }, - Config: map[string]interface{}{ - "foo": float64(19), // json decoding gives float64 instead of int here - "bar": "abc", - "moreconfig": map[string]interface{}{ - "moar": "config", - }, - }, - MeshGateway: api.MeshGatewayConfig{ - Mode: api.MeshGatewayModeRemote, - }, - Mode: api.ProxyModeDirect, - TransparentProxy: &api.TransparentProxyConfig{ - OutboundListenerPort: 10101, - DialedDirectly: true, - }, - }, - }, - { - name: "terminating-gateway", - snake: ` - kind = "terminating-gateway" - name = "terminating-gw-west" - namespace = "default" - meta { - "foo" = "bar" - "gir" = "zim" - } - services = [ - { - name = "billing" - namespace = "biz" - ca_file = "/etc/ca.crt" - cert_file = "/etc/client.crt" - key_file = "/etc/tls.key" - sni = "mydomain" - }, - { - name = "*" - namespace = "ops" - } - ] - `, - camel: ` - Kind = "terminating-gateway" - Name = "terminating-gw-west" - Namespace = "default" - Meta { - "foo" = "bar" - "gir" = "zim" - } - Services = [ - { - Name = "billing" - Namespace = "biz" - CAFile = "/etc/ca.crt" - CertFile = "/etc/client.crt" - KeyFile = "/etc/tls.key" - SNI = "mydomain" - }, - { - Name = "*" - Namespace = "ops" - } - ] - `, - snakeJSON: ` - { - "kind": "terminating-gateway", - "name": "terminating-gw-west", - "namespace": "default", - "meta" : { - "foo": "bar", - "gir": "zim" - }, - "services": [ - { - "name": "billing", - "namespace": "biz", - "ca_file": "/etc/ca.crt", - "cert_file": "/etc/client.crt", - "key_file": "/etc/tls.key", - "sni": "mydomain" - }, - { - "name": "*", - "namespace": "ops" - } - ] - } - `, - camelJSON: ` - { - "Kind": "terminating-gateway", - "Name": "terminating-gw-west", - "Namespace": "default", - "Meta" : { - "foo": "bar", - "gir": "zim" - }, - "Services": [ - { - "Name": "billing", - "Namespace": "biz", - "CAFile": "/etc/ca.crt", - "CertFile": "/etc/client.crt", - "KeyFile": "/etc/tls.key", - "SNI": "mydomain" - }, - { - "Name": "*", - "Namespace": "ops" - } - ] - } - `, - expect: &api.TerminatingGatewayConfigEntry{ - Kind: "terminating-gateway", - Name: "terminating-gw-west", - Namespace: "default", - Meta: map[string]string{ - "foo": "bar", - "gir": "zim", - }, - Services: []api.LinkedService{ - { - Name: "billing", - Namespace: "biz", - CAFile: "/etc/ca.crt", - CertFile: "/etc/client.crt", - KeyFile: "/etc/tls.key", - SNI: "mydomain", - }, - { - Name: "*", - Namespace: "ops", - }, - }, - }, - expectJSON: &api.TerminatingGatewayConfigEntry{ - Kind: "terminating-gateway", - Name: "terminating-gw-west", - Namespace: "default", - Meta: map[string]string{ - "foo": "bar", - "gir": "zim", - }, - Services: []api.LinkedService{ - { - Name: "billing", - Namespace: "biz", - CAFile: "/etc/ca.crt", - CertFile: "/etc/client.crt", - KeyFile: "/etc/tls.key", - SNI: "mydomain", - }, - { - Name: "*", - Namespace: "ops", - }, - }, - }, - }, - { - name: "service-defaults: kitchen sink (upstreams edition)", - snake: ` - kind = "service-defaults" - name = "main" - meta { - "foo" = "bar" - "gir" = "zim" - } - protocol = "http" - external_sni = "abc-123" - mesh_gateway { - mode = "remote" - } - mode = "direct" - transparent_proxy = { - outbound_listener_port = 10101 - dialed_directly = true - } - upstream_config { - overrides = [ - { - name = "redis" - passive_health_check { - max_failures = 3 - interval = "2s" - } - envoy_listener_json = "{ \"listener-foo\": 5 }" - envoy_cluster_json = "{ \"cluster-bar\": 5 }" - protocol = "grpc" - connect_timeout_ms = 6543 - }, - { - name = "finance--billing" - mesh_gateway { - mode = "remote" - } - limits { - max_connections = 1111 - max_pending_requests = 2222 - max_concurrent_requests = 3333 - } - } - ] - defaults { - envoy_cluster_json = "zip" - envoy_listener_json = "zop" - connect_timeout_ms = 5000 - protocol = "http" - limits { - max_connections = 3 - max_pending_requests = 4 - max_concurrent_requests = 5 - } - passive_health_check { - max_failures = 5 - interval = "4s" - } - } - } - `, - camel: ` - Kind = "service-defaults" - Name = "main" - Meta { - "foo" = "bar" - "gir" = "zim" - } - Protocol = "http" - ExternalSNI = "abc-123" - MeshGateway { - Mode = "remote" - } - Mode = "direct" - TransparentProxy = { - outbound_listener_port = 10101 - dialed_directly = true - } - UpstreamConfig { - Overrides = [ - { - Name = "redis" - PassiveHealthCheck { - MaxFailures = 3 - Interval = "2s" - } - EnvoyListenerJson = "{ \"listener-foo\": 5 }" - EnvoyClusterJson = "{ \"cluster-bar\": 5 }" - Protocol = "grpc" - ConnectTimeoutMs = 6543 - }, - { - Name = "finance--billing" - MeshGateway { - Mode = "remote" - } - Limits { - MaxConnections = 1111 - MaxPendingRequests = 2222 - MaxConcurrentRequests = 3333 - } - } - ] - Defaults { - EnvoyClusterJson = "zip" - EnvoyListenerJson = "zop" - ConnectTimeoutMs = 5000 - Protocol = "http" - Limits { - MaxConnections = 3 - MaxPendingRequests = 4 - MaxConcurrentRequests = 5 - } - PassiveHealthCheck { - MaxFailures = 5 - Interval = "4s" - } - } - } - `, - snakeJSON: ` - { - "kind": "service-defaults", - "name": "main", - "meta" : { - "foo": "bar", - "gir": "zim" - }, - "protocol": "http", - "external_sni": "abc-123", - "mesh_gateway": { - "mode": "remote" - }, - "mode": "direct", - "transparent_proxy": { - "outbound_listener_port": 10101, - "dialed_directly": true - }, - "upstream_config": { - "overrides": [ - { - "name": "redis", - "passive_health_check": { - "max_failures": 3, - "interval": "2s" - }, - "envoy_listener_json": "{ \"listener-foo\": 5 }", - "envoy_cluster_json": "{ \"cluster-bar\": 5 }", - "protocol": "grpc", - "connect_timeout_ms": 6543 - }, - { - "name": "finance--billing", - "mesh_gateway": { - "mode": "remote" - }, - "limits": { - "max_connections": 1111, - "max_pending_requests": 2222, - "max_concurrent_requests": 3333 - } - } - ], - "defaults": { - "envoy_cluster_json": "zip", - "envoy_listener_json": "zop", - "connect_timeout_ms": 5000, - "protocol": "http", - "limits": { - "max_connections": 3, - "max_pending_requests": 4, - "max_concurrent_requests": 5 - }, - "passive_health_check": { - "max_failures": 5, - "interval": "4s" - } - } - } - } - `, - camelJSON: ` - { - "Kind": "service-defaults", - "Name": "main", - "Meta" : { - "foo": "bar", - "gir": "zim" - }, - "Protocol": "http", - "ExternalSNI": "abc-123", - "MeshGateway": { - "Mode": "remote" - }, - "Mode": "direct", - "TransparentProxy": { - "OutboundListenerPort": 10101, - "DialedDirectly": true - }, - "UpstreamConfig": { - "Overrides": [ - { - "Name": "redis", - "PassiveHealthCheck": { - "MaxFailures": 3, - "Interval": "2s" - }, - "EnvoyListenerJson": "{ \"listener-foo\": 5 }", - "EnvoyClusterJson": "{ \"cluster-bar\": 5 }", - "Protocol": "grpc", - "ConnectTimeoutMs": 6543 - }, - { - "Name": "finance--billing", - "MeshGateway": { - "Mode": "remote" - }, - "Limits": { - "MaxConnections": 1111, - "MaxPendingRequests": 2222, - "MaxConcurrentRequests": 3333 - } - } - ], - "Defaults": { - "EnvoyClusterJson": "zip", - "EnvoyListenerJson": "zop", - "ConnectTimeoutMs": 5000, - "Protocol": "http", - "Limits": { - "MaxConnections": 3, - "MaxPendingRequests": 4, - "MaxConcurrentRequests": 5 - }, - "PassiveHealthCheck": { - "MaxFailures": 5, - "Interval": "4s" - } - } - } - } - `, - expect: &api.ServiceConfigEntry{ - Kind: "service-defaults", - Name: "main", - Meta: map[string]string{ - "foo": "bar", - "gir": "zim", - }, - Protocol: "http", - ExternalSNI: "abc-123", - MeshGateway: api.MeshGatewayConfig{ - Mode: api.MeshGatewayModeRemote, - }, - Mode: api.ProxyModeDirect, - TransparentProxy: &api.TransparentProxyConfig{ - OutboundListenerPort: 10101, - DialedDirectly: true, - }, - UpstreamConfig: &api.UpstreamConfiguration{ - Overrides: []*api.UpstreamConfig{ - { - Name: "redis", - PassiveHealthCheck: &api.PassiveHealthCheck{ - MaxFailures: 3, - Interval: 2 * time.Second, - }, - EnvoyListenerJSON: `{ "listener-foo": 5 }`, - EnvoyClusterJSON: `{ "cluster-bar": 5 }`, - Protocol: "grpc", - ConnectTimeoutMs: 6543, - }, - { - Name: "finance--billing", - MeshGateway: api.MeshGatewayConfig{ - Mode: "remote", - }, - Limits: &api.UpstreamLimits{ - MaxConnections: intPointer(1111), - MaxPendingRequests: intPointer(2222), - MaxConcurrentRequests: intPointer(3333), - }, - }, - }, - Defaults: &api.UpstreamConfig{ - EnvoyClusterJSON: "zip", - EnvoyListenerJSON: "zop", - Protocol: "http", - ConnectTimeoutMs: 5000, - Limits: &api.UpstreamLimits{ - MaxConnections: intPointer(3), - MaxPendingRequests: intPointer(4), - MaxConcurrentRequests: intPointer(5), - }, - PassiveHealthCheck: &api.PassiveHealthCheck{ - MaxFailures: 5, - Interval: 4 * time.Second, - }, - }, - }, - }, - }, - { - name: "service-defaults: kitchen sink (destination edition)", - snake: ` - kind = "service-defaults" - name = "main" - meta { - "foo" = "bar" - "gir" = "zim" - } - protocol = "grpc" - mesh_gateway { - mode = "remote" - } - mode = "transparent" - transparent_proxy = { - outbound_listener_port = 10101 - dialed_directly = true - } - destination = { - address = "10.0.0.0/16", - port = 443 - } - `, - camel: ` - Kind = "service-defaults" - Name = "main" - Meta { - "foo" = "bar" - "gir" = "zim" - } - Protocol = "grpc" - MeshGateway { - Mode = "remote" - } - Mode = "transparent" - TransparentProxy = { - outbound_listener_port = 10101 - dialed_directly = true - } - Destination = { - Address = "10.0.0.0/16", - Port = 443 - } - `, - snakeJSON: ` - { - "kind": "service-defaults", - "name": "main", - "meta" : { - "foo": "bar", - "gir": "zim" - }, - "protocol": "grpc", - "mesh_gateway": { - "mode": "remote" - }, - "mode": "transparent", - "transparent_proxy": { - "outbound_listener_port": 10101, - "dialed_directly": true - }, - "destination": { - "address": "10.0.0.0/16", - "port": 443 - } - } - `, - camelJSON: ` - { - "Kind": "service-defaults", - "Name": "main", - "Meta" : { - "foo": "bar", - "gir": "zim" - }, - "Protocol": "grpc", - "MeshGateway": { - "Mode": "remote" - }, - "Mode": "transparent", - "TransparentProxy": { - "OutboundListenerPort": 10101, - "DialedDirectly": true - }, - "Destination": { - "Address": "10.0.0.0/16", - "Port": 443 - } - } - `, - expect: &api.ServiceConfigEntry{ - Kind: "service-defaults", - Name: "main", - Meta: map[string]string{ - "foo": "bar", - "gir": "zim", - }, - Protocol: "grpc", - MeshGateway: api.MeshGatewayConfig{ - Mode: api.MeshGatewayModeRemote, - }, - Mode: api.ProxyModeTransparent, - TransparentProxy: &api.TransparentProxyConfig{ - OutboundListenerPort: 10101, - DialedDirectly: true, - }, - Destination: &api.DestinationConfig{ - Address: "10.0.0.0/16", - Port: 443, - }, - }, - }, - { - name: "service-router: kitchen sink", - snake: ` - kind = "service-router" - name = "main" - partition = "pepper" - meta { - "foo" = "bar" - "gir" = "zim" - } - routes = [ - { - match { - http { - path_exact = "/foo" - header = [ - { - name = "debug1" - present = true - }, - { - name = "debug2" - present = false - invert = true - }, - { - name = "debug3" - exact = "1" - }, - { - name = "debug4" - prefix = "aaa" - }, - { - name = "debug5" - suffix = "bbb" - }, - { - name = "debug6" - regex = "a.*z" - }, - ] - } - } - destination { - service = "carrot" - service_subset = "kale" - namespace = "leek" - partition = "chard" - prefix_rewrite = "/alternate" - request_timeout = "99s" - num_retries = 12345 - retry_on_connect_failure = true - retry_on_status_codes = [401, 209] - } - }, - { - match { - http { - path_prefix = "/foo" - methods = [ "GET", "DELETE" ] - query_param = [ - { - name = "hack1" - present = true - }, - { - name = "hack2" - exact = "1" - }, - { - name = "hack3" - regex = "a.*z" - }, - ] - } - } - }, - { - match { - http { - path_regex = "/foo" - } - } - }, - ] - `, - camel: ` - Kind = "service-router" - Name = "main" - Partition = "pepper" - Meta { - "foo" = "bar" - "gir" = "zim" - } - Routes = [ - { - Match { - HTTP { - PathExact = "/foo" - Header = [ - { - Name = "debug1" - Present = true - }, - { - Name = "debug2" - Present = false - Invert = true - }, - { - Name = "debug3" - Exact = "1" - }, - { - Name = "debug4" - Prefix = "aaa" - }, - { - Name = "debug5" - Suffix = "bbb" - }, - { - Name = "debug6" - Regex = "a.*z" - }, - ] - } - } - Destination { - Service = "carrot" - ServiceSubset = "kale" - Namespace = "leek" - Partition = "chard" - PrefixRewrite = "/alternate" - RequestTimeout = "99s" - NumRetries = 12345 - RetryOnConnectFailure = true - RetryOnStatusCodes = [401, 209] - } - }, - { - Match { - HTTP { - PathPrefix = "/foo" - Methods = [ "GET", "DELETE" ] - QueryParam = [ - { - Name = "hack1" - Present = true - }, - { - Name = "hack2" - Exact = "1" - }, - { - Name = "hack3" - Regex = "a.*z" - }, - ] - } - } - }, - { - Match { - HTTP { - PathRegex = "/foo" - } - } - }, - ] - `, - snakeJSON: ` - { - "kind": "service-router", - "name": "main", - "partition": "pepper", - "meta" : { - "foo": "bar", - "gir": "zim" - }, - "routes": [ - { - "match": { - "http": { - "path_exact": "/foo", - "header": [ - { - "name": "debug1", - "present": true - }, - { - "name": "debug2", - "present": false, - "invert": true - }, - { - "name": "debug3", - "exact": "1" - }, - { - "name": "debug4", - "prefix": "aaa" - }, - { - "name": "debug5", - "suffix": "bbb" - }, - { - "name": "debug6", - "regex": "a.*z" - } - ] - } - }, - "destination": { - "service": "carrot", - "service_subset": "kale", - "namespace": "leek", - "partition": "chard", - "prefix_rewrite": "/alternate", - "request_timeout": "99s", - "num_retries": 12345, - "retry_on_connect_failure": true, - "retry_on_status_codes": [ - 401, - 209 - ] - } - }, - { - "match": { - "http": { - "path_prefix": "/foo", - "methods": [ - "GET", - "DELETE" - ], - "query_param": [ - { - "name": "hack1", - "present": true - }, - { - "name": "hack2", - "exact": "1" - }, - { - "name": "hack3", - "regex": "a.*z" - } - ] - } - } - }, - { - "match": { - "http": { - "path_regex": "/foo" - } - } - } - ] - } - `, - camelJSON: ` - { - "Kind": "service-router", - "Name": "main", - "Partition": "pepper", - "Meta" : { - "foo": "bar", - "gir": "zim" - }, - "Routes": [ - { - "Match": { - "HTTP": { - "PathExact": "/foo", - "Header": [ - { - "Name": "debug1", - "Present": true - }, - { - "Name": "debug2", - "Present": false, - "Invert": true - }, - { - "Name": "debug3", - "Exact": "1" - }, - { - "Name": "debug4", - "Prefix": "aaa" - }, - { - "Name": "debug5", - "Suffix": "bbb" - }, - { - "Name": "debug6", - "Regex": "a.*z" - } - ] - } - }, - "Destination": { - "Service": "carrot", - "ServiceSubset": "kale", - "Namespace": "leek", - "Partition": "chard", - "PrefixRewrite": "/alternate", - "RequestTimeout": "99s", - "NumRetries": 12345, - "RetryOnConnectFailure": true, - "RetryOnStatusCodes": [ - 401, - 209 - ] - } - }, - { - "Match": { - "HTTP": { - "PathPrefix": "/foo", - "Methods": [ - "GET", - "DELETE" - ], - "QueryParam": [ - { - "Name": "hack1", - "Present": true - }, - { - "Name": "hack2", - "Exact": "1" - }, - { - "Name": "hack3", - "Regex": "a.*z" - } - ] - } - } - }, - { - "Match": { - "HTTP": { - "PathRegex": "/foo" - } - } - } - ] - } - `, - expect: &api.ServiceRouterConfigEntry{ - Kind: "service-router", - Name: "main", - Partition: "pepper", - Meta: map[string]string{ - "foo": "bar", - "gir": "zim", - }, - Routes: []api.ServiceRoute{ - { - Match: &api.ServiceRouteMatch{ - HTTP: &api.ServiceRouteHTTPMatch{ - PathExact: "/foo", - Header: []api.ServiceRouteHTTPMatchHeader{ - { - Name: "debug1", - Present: true, - }, - { - Name: "debug2", - Present: false, - Invert: true, - }, - { - Name: "debug3", - Exact: "1", - }, - { - Name: "debug4", - Prefix: "aaa", - }, - { - Name: "debug5", - Suffix: "bbb", - }, - { - Name: "debug6", - Regex: "a.*z", - }, - }, - }, - }, - Destination: &api.ServiceRouteDestination{ - Service: "carrot", - ServiceSubset: "kale", - Namespace: "leek", - Partition: "chard", - PrefixRewrite: "/alternate", - RequestTimeout: 99 * time.Second, - NumRetries: 12345, - RetryOnConnectFailure: true, - RetryOnStatusCodes: []uint32{401, 209}, - }, - }, - { - Match: &api.ServiceRouteMatch{ - HTTP: &api.ServiceRouteHTTPMatch{ - PathPrefix: "/foo", - Methods: []string{"GET", "DELETE"}, - QueryParam: []api.ServiceRouteHTTPMatchQueryParam{ - { - Name: "hack1", - Present: true, - }, - { - Name: "hack2", - Exact: "1", - }, - { - Name: "hack3", - Regex: "a.*z", - }, - }, - }, - }, - }, - { - Match: &api.ServiceRouteMatch{ - HTTP: &api.ServiceRouteHTTPMatch{ - PathRegex: "/foo", - }, - }, - }, - }, - }, - }, - { - name: "service-splitter: kitchen sink", - snake: ` - kind = "service-splitter" - name = "main" - partition = "east" - meta { - "foo" = "bar" - "gir" = "zim" - } - splits = [ - { - weight = 97.1 - service_subset = "v1" - }, - { - weight = 2 - service_subset = "v2" - }, - { - weight = 0.9 - service = "other" - namespace = "alt" - partition = "west" - }, - ] - `, - camel: ` - Kind = "service-splitter" - Name = "main" - Partition = "east" - Meta { - "foo" = "bar" - "gir" = "zim" - } - Splits = [ - { - Weight = 97.1 - ServiceSubset = "v1" - }, - { - Weight = 2, - ServiceSubset = "v2" - }, - { - Weight = 0.9 - Service = "other" - Namespace = "alt" - Partition = "west" - }, - ] - `, - snakeJSON: ` - { - "kind": "service-splitter", - "name": "main", - "partition": "east", - "meta" : { - "foo": "bar", - "gir": "zim" - }, - "splits": [ - { - "weight": 97.1, - "service_subset": "v1" - }, - { - "weight": 2, - "service_subset": "v2" - }, - { - "weight": 0.9, - "service": "other", - "namespace": "alt", - "partition": "west" - } - ] - } - `, - camelJSON: ` - { - "Kind": "service-splitter", - "Name": "main", - "Partition": "east", - "Meta" : { - "foo": "bar", - "gir": "zim" - }, - "Splits": [ - { - "Weight": 97.1, - "ServiceSubset": "v1" - }, - { - "Weight": 2, - "ServiceSubset": "v2" - }, - { - "Weight": 0.9, - "Service": "other", - "Namespace": "alt", - "Partition": "west" - } - ] - } - `, - expect: &api.ServiceSplitterConfigEntry{ - Kind: api.ServiceSplitter, - Name: "main", - Partition: "east", - Meta: map[string]string{ - "foo": "bar", - "gir": "zim", - }, - Splits: []api.ServiceSplit{ - { - Weight: 97.1, - ServiceSubset: "v1", - }, - { - Weight: 2, - ServiceSubset: "v2", - }, - { - Weight: 0.9, - Service: "other", - Namespace: "alt", - Partition: "west", - }, - }, - }, - }, - { - name: "service-resolver: subsets with failover", - snake: ` - kind = "service-resolver" - name = "main" - meta { - "foo" = "bar" - "gir" = "zim" - } - default_subset = "v1" - connect_timeout = "15s" - subsets = { - "v1" = { - filter = "Service.Meta.version == v1" - }, - "v2" = { - filter = "Service.Meta.version == v2" - only_passing = true - }, - } - failover = { - "v2" = { - service = "failcopy" - service_subset = "sure" - namespace = "neighbor" - datacenters = ["dc5", "dc14"] - }, - "*" = { - datacenters = ["dc7"] - } - }`, - camel: ` - Kind = "service-resolver" - Name = "main" - Meta { - "foo" = "bar" - "gir" = "zim" - } - DefaultSubset = "v1" - ConnectTimeout = "15s" - Subsets = { - "v1" = { - Filter = "Service.Meta.version == v1" - }, - "v2" = { - Filter = "Service.Meta.version == v2" - OnlyPassing = true - }, - } - Failover = { - "v2" = { - Service = "failcopy" - ServiceSubset = "sure" - Namespace = "neighbor" - Datacenters = ["dc5", "dc14"] - }, - "*" = { - Datacenters = ["dc7"] - } - }`, - snakeJSON: ` - { - "kind": "service-resolver", - "name": "main", - "meta" : { - "foo": "bar", - "gir": "zim" - }, - "default_subset": "v1", - "connect_timeout": "15s", - "subsets": { - "v1": { - "filter": "Service.Meta.version == v1" - }, - "v2": { - "filter": "Service.Meta.version == v2", - "only_passing": true - } - }, - "failover": { - "v2": { - "service": "failcopy", - "service_subset": "sure", - "namespace": "neighbor", - "datacenters": [ - "dc5", - "dc14" - ] - }, - "*": { - "datacenters": [ - "dc7" - ] - } - } - } - `, - camelJSON: ` - { - "Kind": "service-resolver", - "Name": "main", - "Meta" : { - "foo": "bar", - "gir": "zim" - }, - "DefaultSubset": "v1", - "ConnectTimeout": "15s", - "Subsets": { - "v1": { - "Filter": "Service.Meta.version == v1" - }, - "v2": { - "Filter": "Service.Meta.version == v2", - "OnlyPassing": true - } - }, - "Failover": { - "v2": { - "Service": "failcopy", - "ServiceSubset": "sure", - "Namespace": "neighbor", - "Datacenters": [ - "dc5", - "dc14" - ] - }, - "*": { - "Datacenters": [ - "dc7" - ] - } - } - } - `, - expect: &api.ServiceResolverConfigEntry{ - Kind: "service-resolver", - Name: "main", - Meta: map[string]string{ - "foo": "bar", - "gir": "zim", - }, - DefaultSubset: "v1", - ConnectTimeout: 15 * time.Second, - Subsets: map[string]api.ServiceResolverSubset{ - "v1": { - Filter: "Service.Meta.version == v1", - }, - "v2": { - Filter: "Service.Meta.version == v2", - OnlyPassing: true, - }, - }, - Failover: map[string]api.ServiceResolverFailover{ - "v2": { - Service: "failcopy", - ServiceSubset: "sure", - Namespace: "neighbor", - Datacenters: []string{"dc5", "dc14"}, - }, - "*": { - Datacenters: []string{"dc7"}, - }, - }, - }, - }, - { - name: "service-resolver: redirect", - snake: ` - kind = "service-resolver" - name = "main" - partition = "east" - redirect { - service = "other" - service_subset = "backup" - namespace = "alt" - partition = "west" - datacenter = "dc9" - } - `, - camel: ` - Kind = "service-resolver" - Name = "main" - Partition = "east" - Redirect { - Service = "other" - ServiceSubset = "backup" - Namespace = "alt" - Partition = "west" - Datacenter = "dc9" - } - `, - snakeJSON: ` - { - "kind": "service-resolver", - "name": "main", - "partition": "east", - "redirect": { - "service": "other", - "service_subset": "backup", - "namespace": "alt", - "partition": "west", - "datacenter": "dc9" - } - } - `, - camelJSON: ` - { - "Kind": "service-resolver", - "Name": "main", - "Partition": "east", - "Redirect": { - "Service": "other", - "ServiceSubset": "backup", - "Namespace": "alt", - "Partition": "west", - "Datacenter": "dc9" - } - } - `, - expect: &api.ServiceResolverConfigEntry{ - Kind: "service-resolver", - Name: "main", - Partition: "east", - Redirect: &api.ServiceResolverRedirect{ - Service: "other", - ServiceSubset: "backup", - Namespace: "alt", - Partition: "west", - Datacenter: "dc9", - }, - }, - }, - { - name: "service-resolver: default", - snake: ` - kind = "service-resolver" - name = "main" - `, - camel: ` - Kind = "service-resolver" - Name = "main" - `, - snakeJSON: ` - { - "kind": "service-resolver", - "name": "main" - } - `, - camelJSON: ` - { - "Kind": "service-resolver", - "Name": "main" - } - `, - expect: &api.ServiceResolverConfigEntry{ - Kind: "service-resolver", - Name: "main", - }, - }, - { - name: "service-resolver: envoy hash lb kitchen sink", - snake: ` - kind = "service-resolver" - name = "main" - load_balancer = { - policy = "ring_hash" - ring_hash_config = { - minimum_ring_size = 1 - maximum_ring_size = 2 - } - hash_policies = [ - { - field = "cookie" - field_value = "good-cookie" - cookie_config = { - ttl = "1s" - path = "/oven" - } - terminal = true - }, - { - field = "cookie" - field_value = "less-good-cookie" - cookie_config = { - session = true - path = "/toaster" - } - terminal = true - }, - { - field = "header" - field_value = "x-user-id" - }, - { - source_ip = true - } - ] - } - `, - camel: ` - Kind = "service-resolver" - Name = "main" - LoadBalancer = { - Policy = "ring_hash" - RingHashConfig = { - MinimumRingSize = 1 - MaximumRingSize = 2 - } - HashPolicies = [ - { - Field = "cookie" - FieldValue = "good-cookie" - CookieConfig = { - TTL = "1s" - Path = "/oven" - } - Terminal = true - }, - { - Field = "cookie" - FieldValue = "less-good-cookie" - CookieConfig = { - Session = true - Path = "/toaster" - } - Terminal = true - }, - { - Field = "header" - FieldValue = "x-user-id" - }, - { - SourceIP = true - } - ] - } - `, - snakeJSON: ` - { - "kind": "service-resolver", - "name": "main", - "load_balancer": { - "policy": "ring_hash", - "ring_hash_config": { - "minimum_ring_size": 1, - "maximum_ring_size": 2 - }, - "hash_policies": [ - { - "field": "cookie", - "field_value": "good-cookie", - "cookie_config": { - "ttl": "1s", - "path": "/oven" - }, - "terminal": true - }, - { - "field": "cookie", - "field_value": "less-good-cookie", - "cookie_config": { - "session": true, - "path": "/toaster" - }, - "terminal": true - }, - { - "field": "header", - "field_value": "x-user-id" - }, - { - "source_ip": true - } - ] - } - } - `, - camelJSON: ` - { - "Kind": "service-resolver", - "Name": "main", - "LoadBalancer": { - "Policy": "ring_hash", - "RingHashConfig": { - "MinimumRingSize": 1, - "MaximumRingSize": 2 - }, - "HashPolicies": [ - { - "Field": "cookie", - "FieldValue": "good-cookie", - "CookieConfig": { - "TTL": "1s", - "Path": "/oven" - }, - "Terminal": true - }, - { - "Field": "cookie", - "FieldValue": "less-good-cookie", - "CookieConfig": { - "Session": true, - "Path": "/toaster" - }, - "Terminal": true - }, - { - "Field": "header", - "FieldValue": "x-user-id" - }, - { - "SourceIP": true - } - ] - } - } - `, - expect: &api.ServiceResolverConfigEntry{ - Kind: "service-resolver", - Name: "main", - LoadBalancer: &api.LoadBalancer{ - Policy: structs.LBPolicyRingHash, - RingHashConfig: &api.RingHashConfig{ - MinimumRingSize: 1, - MaximumRingSize: 2, - }, - HashPolicies: []api.HashPolicy{ - { - Field: structs.HashPolicyCookie, - FieldValue: "good-cookie", - CookieConfig: &api.CookieConfig{ - TTL: 1 * time.Second, - Path: "/oven", - }, - Terminal: true, - }, - { - Field: structs.HashPolicyCookie, - FieldValue: "less-good-cookie", - CookieConfig: &api.CookieConfig{ - Session: true, - Path: "/toaster", - }, - Terminal: true, - }, - { - Field: structs.HashPolicyHeader, - FieldValue: "x-user-id", - }, - { - SourceIP: true, - }, - }, - }, - }, - }, - { - name: "service-resolver: envoy least request kitchen sink", - snake: ` - kind = "service-resolver" - name = "main" - load_balancer = { - policy = "least_request" - least_request_config = { - choice_count = 2 - } - } - `, - camel: ` - Kind = "service-resolver" - Name = "main" - LoadBalancer = { - Policy = "least_request" - LeastRequestConfig = { - ChoiceCount = 2 - } - } - `, - snakeJSON: ` - { - "kind": "service-resolver", - "name": "main", - "load_balancer": { - "policy": "least_request", - "least_request_config": { - "choice_count": 2 - } - } - } - `, - camelJSON: ` - { - "Kind": "service-resolver", - "Name": "main", - "LoadBalancer": { - "Policy": "least_request", - "LeastRequestConfig": { - "ChoiceCount": 2 - } - } - } - `, - expect: &api.ServiceResolverConfigEntry{ - Kind: "service-resolver", - Name: "main", - LoadBalancer: &api.LoadBalancer{ - Policy: structs.LBPolicyLeastRequest, - LeastRequestConfig: &api.LeastRequestConfig{ - ChoiceCount: 2, - }, - }, - }, - }, - { - name: "expose paths: kitchen sink proxy defaults", - snake: ` - kind = "proxy-defaults" - name = "global" - expose = { - checks = true - paths = [ - { - local_path_port = 8080 - listener_port = 21500 - path = "/healthz" - protocol = "http2" - }, - { - local_path_port = 8000 - listener_port = 21501 - path = "/metrics" - protocol = "http" - } - ] - }`, - camel: ` - Kind = "proxy-defaults" - Name = "global" - Expose = { - Checks = true - Paths = [ - { - LocalPathPort = 8080 - ListenerPort = 21500 - Path = "/healthz" - Protocol = "http2" - }, - { - LocalPathPort = 8000 - ListenerPort = 21501 - Path = "/metrics" - Protocol = "http" - } - ] - }`, - snakeJSON: ` - { - "kind": "proxy-defaults", - "name": "global", - "expose": { - "checks": true, - "paths": [ - { - "local_path_port": 8080, - "listener_port": 21500, - "path": "/healthz", - "protocol": "http2" - }, - { - "local_path_port": 8000, - "listener_port": 21501, - "path": "/metrics", - "protocol": "http" - } - ] - } - } - `, - camelJSON: ` - { - "Kind": "proxy-defaults", - "Name": "global", - "Expose": { - "Checks": true, - "Paths": [ - { - "LocalPathPort": 8080, - "ListenerPort": 21500, - "Path": "/healthz", - "Protocol": "http2" - }, - { - "LocalPathPort": 8000, - "ListenerPort": 21501, - "Path": "/metrics", - "Protocol": "http" - } - ] - } - } - `, - expect: &api.ProxyConfigEntry{ - Kind: "proxy-defaults", - Name: "global", - Expose: api.ExposeConfig{ - Checks: true, - Paths: []api.ExposePath{ - { - ListenerPort: 21500, - Path: "/healthz", - LocalPathPort: 8080, - Protocol: "http2", - }, - { - ListenerPort: 21501, - Path: "/metrics", - LocalPathPort: 8000, - Protocol: "http", - }, - }, - }, - }, - }, - { - name: "expose paths: kitchen sink service defaults", - snake: ` - kind = "service-defaults" - name = "web" - expose = { - checks = true - paths = [ - { - local_path_port = 8080 - listener_port = 21500 - path = "/healthz" - protocol = "http2" - }, - { - local_path_port = 8000 - listener_port = 21501 - path = "/metrics" - protocol = "http" - } - ] - }`, - camel: ` - Kind = "service-defaults" - Name = "web" - Expose = { - Checks = true - Paths = [ - { - LocalPathPort = 8080 - ListenerPort = 21500 - Path = "/healthz" - Protocol = "http2" - }, - { - LocalPathPort = 8000 - ListenerPort = 21501 - Path = "/metrics" - Protocol = "http" - } - ] - }`, - snakeJSON: ` - { - "kind": "service-defaults", - "name": "web", - "expose": { - "checks": true, - "paths": [ - { - "local_path_port": 8080, - "listener_port": 21500, - "path": "/healthz", - "protocol": "http2" - }, - { - "local_path_port": 8000, - "listener_port": 21501, - "path": "/metrics", - "protocol": "http" - } - ] - } - } - `, - camelJSON: ` - { - "Kind": "service-defaults", - "Name": "web", - "Expose": { - "Checks": true, - "Paths": [ - { - "LocalPathPort": 8080, - "ListenerPort": 21500, - "Path": "/healthz", - "Protocol": "http2" - }, - { - "LocalPathPort": 8000, - "ListenerPort": 21501, - "Path": "/metrics", - "Protocol": "http" - } - ] - } - } - `, - expect: &api.ServiceConfigEntry{ - Kind: "service-defaults", - Name: "web", - Expose: api.ExposeConfig{ - Checks: true, - Paths: []api.ExposePath{ - { - ListenerPort: 21500, - Path: "/healthz", - LocalPathPort: 8080, - Protocol: "http2", - }, - { - ListenerPort: 21501, - Path: "/metrics", - LocalPathPort: 8000, - Protocol: "http", - }, - }, - }, - }, - }, - { - // TODO(rb): test SDS stuff here in both places (global/service) - name: "ingress-gateway: kitchen sink", - snake: ` - kind = "ingress-gateway" - name = "ingress-web" - meta { - "foo" = "bar" - "gir" = "zim" - } - tls { - enabled = true - tls_min_version = "TLSv1_1" - tls_max_version = "TLSv1_2" - cipher_suites = [ - "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" - ] - } - listeners = [ - { - port = 8080 - protocol = "http" - services = [ - { - name = "web" - hosts = ["test.example.com"] - }, - { - name = "db" - namespace = "foo" - } - ] - } - ] - `, - camel: ` - Kind = "ingress-gateway" - Name = "ingress-web" - Meta { - "foo" = "bar" - "gir" = "zim" - } - Tls { - Enabled = true - TLSMinVersion = "TLSv1_1" - TLSMaxVersion = "TLSv1_2" - CipherSuites = [ - "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" - ] - } - Listeners = [ - { - Port = 8080 - Protocol = "http" - Services = [ - { - Name = "web" - Hosts = ["test.example.com"] - }, - { - Name = "db" - Namespace = "foo" - } - ] - } - ] - `, - snakeJSON: ` - { - "kind": "ingress-gateway", - "name": "ingress-web", - "meta" : { - "foo": "bar", - "gir": "zim" - }, - "tls": { - "enabled": true, - "tls_min_version": "TLSv1_1", - "tls_max_version": "TLSv1_2", - "cipher_suites": [ - "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" - ] - }, - "listeners": [ - { - "port": 8080, - "protocol": "http", - "services": [ - { - "name": "web", - "hosts": ["test.example.com"] - }, - { - "name": "db", - "namespace": "foo" - } - ] - } - ] - } - `, - camelJSON: ` - { - "Kind": "ingress-gateway", - "Name": "ingress-web", - "Meta" : { - "foo": "bar", - "gir": "zim" - }, - "TLS": { - "Enabled": true, - "TLSMinVersion": "TLSv1_1", - "TLSMaxVersion": "TLSv1_2", - "CipherSuites": [ - "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" - ] - }, - "Listeners": [ - { - "Port": 8080, - "Protocol": "http", - "Services": [ - { - "Name": "web", - "Hosts": ["test.example.com"] - }, - { - "Name": "db", - "Namespace": "foo" - } - ] - } - ] - } - `, - expect: &api.IngressGatewayConfigEntry{ - Kind: "ingress-gateway", - Name: "ingress-web", - Meta: map[string]string{ - "foo": "bar", - "gir": "zim", - }, - TLS: api.GatewayTLSConfig{ - Enabled: true, - TLSMinVersion: "TLSv1_1", - TLSMaxVersion: "TLSv1_2", - CipherSuites: []string{ - "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", - }, - }, - Listeners: []api.IngressListener{ - { - Port: 8080, - Protocol: "http", - Services: []api.IngressService{ - { - Name: "web", - Hosts: []string{"test.example.com"}, - }, - { - Name: "db", - Namespace: "foo", - }, - }, - }, - }, - }, - }, - { - name: "service-intentions: kitchen sink", - snake: ` - kind = "service-intentions" - name = "web" - meta { - "foo" = "bar" - "gir" = "zim" - } - sources = [ - { - name = "foo" - action = "deny" - type = "consul" - description = "foo desc" - }, - { - name = "bar" - action = "allow" - description = "bar desc" - }, - { - name = "l7" - permissions = [ - { - action = "deny" - http { - path_exact = "/admin" - header = [ - { - name = "hdr-present" - present = true - }, - { - name = "hdr-exact" - exact = "exact" - }, - { - name = "hdr-prefix" - prefix = "prefix" - }, - { - name = "hdr-suffix" - suffix = "suffix" - }, - { - name = "hdr-regex" - regex = "regex" - }, - { - name = "hdr-absent" - present = true - invert = true - } - ] - } - }, - { - action = "allow" - http { - path_prefix = "/v3/" - } - }, - { - action = "allow" - http { - path_regex = "/v[12]/.*" - methods = ["GET", "POST"] - } - } - ] - } - ] - sources { - name = "*" - action = "deny" - description = "wild desc" - } - `, - camel: ` - Kind = "service-intentions" - Name = "web" - Meta { - "foo" = "bar" - "gir" = "zim" - } - Sources = [ - { - Name = "foo" - Action = "deny" - Type = "consul" - Description = "foo desc" - }, - { - Name = "bar" - Action = "allow" - Description = "bar desc" - }, - { - Name = "l7" - Permissions = [ - { - Action = "deny" - HTTP { - PathExact = "/admin" - Header = [ - { - Name = "hdr-present" - Present = true - }, - { - Name = "hdr-exact" - Exact = "exact" - }, - { - Name = "hdr-prefix" - Prefix = "prefix" - }, - { - Name = "hdr-suffix" - Suffix = "suffix" - }, - { - Name = "hdr-regex" - Regex = "regex" - }, - { - Name = "hdr-absent" - Present = true - Invert = true - } - ] - } - }, - { - Action = "allow" - HTTP { - PathPrefix = "/v3/" - } - }, - { - Action = "allow" - HTTP { - PathRegex = "/v[12]/.*" - Methods = ["GET", "POST"] - } - } - ] - } - ] - Sources { - Name = "*" - Action = "deny" - Description = "wild desc" - } - `, - snakeJSON: ` - { - "kind": "service-intentions", - "name": "web", - "meta": { - "foo": "bar", - "gir": "zim" - }, - "sources": [ - { - "name": "foo", - "action": "deny", - "type": "consul", - "description": "foo desc" - }, - { - "name": "bar", - "action": "allow", - "description": "bar desc" - }, - { - "name": "l7", - "permissions": [ - { - "action": "deny", - "http": { - "path_exact": "/admin", - "header": [ - { - "name": "hdr-present", - "present": true - }, - { - "name": "hdr-exact", - "exact": "exact" - }, - { - "name": "hdr-prefix", - "prefix": "prefix" - }, - { - "name": "hdr-suffix", - "suffix": "suffix" - }, - { - "name": "hdr-regex", - "regex": "regex" - }, - { - "name": "hdr-absent", - "present": true, - "invert": true - } - ] - } - }, - { - "action": "allow", - "http": { - "path_prefix": "/v3/" - } - }, - { - "action": "allow", - "http": { - "path_regex": "/v[12]/.*", - "methods": [ - "GET", - "POST" - ] - } - } - ] - }, - { - "name": "*", - "action": "deny", - "description": "wild desc" - } - ] - } - `, - camelJSON: ` - { - "Kind": "service-intentions", - "Name": "web", - "Meta" : { - "foo": "bar", - "gir": "zim" - }, - "Sources": [ - { - "Name": "foo", - "Action": "deny", - "Type": "consul", - "Description": "foo desc" - }, - { - "Name": "bar", - "Action": "allow", - "Description": "bar desc" - }, - { - "Name": "l7", - "Permissions": [ - { - "Action": "deny", - "HTTP": { - "PathExact": "/admin", - "Header": [ - { - "Name": "hdr-present", - "Present": true - }, - { - "Name": "hdr-exact", - "Exact": "exact" - }, - { - "Name": "hdr-prefix", - "Prefix": "prefix" - }, - { - "Name": "hdr-suffix", - "Suffix": "suffix" - }, - { - "Name": "hdr-regex", - "Regex": "regex" - }, - { - "Name": "hdr-absent", - "Present": true, - "Invert": true - } - ] - } - }, - { - "Action": "allow", - "HTTP": { - "PathPrefix": "/v3/" - } - }, - { - "Action": "allow", - "HTTP": { - "PathRegex": "/v[12]/.*", - "Methods": [ - "GET", - "POST" - ] - } - } - ] - }, - { - "Name": "*", - "Action": "deny", - "Description": "wild desc" - } - ] - } - `, - expect: &api.ServiceIntentionsConfigEntry{ - Kind: "service-intentions", - Name: "web", - Meta: map[string]string{ - "foo": "bar", - "gir": "zim", - }, - Sources: []*api.SourceIntention{ - { - Name: "foo", - Action: "deny", - Type: "consul", - Description: "foo desc", - }, - { - Name: "bar", - Action: "allow", - Description: "bar desc", - }, - { - Name: "l7", - Permissions: []*api.IntentionPermission{ - { - Action: "deny", - HTTP: &api.IntentionHTTPPermission{ - PathExact: "/admin", - Header: []api.IntentionHTTPHeaderPermission{ - { - Name: "hdr-present", - Present: true, - }, - { - Name: "hdr-exact", - Exact: "exact", - }, - { - Name: "hdr-prefix", - Prefix: "prefix", - }, - { - Name: "hdr-suffix", - Suffix: "suffix", - }, - { - Name: "hdr-regex", - Regex: "regex", - }, - { - Name: "hdr-absent", - Present: true, - Invert: true, - }, - }, - }, - }, - { - Action: "allow", - HTTP: &api.IntentionHTTPPermission{ - PathPrefix: "/v3/", - }, - }, - { - Action: "allow", - HTTP: &api.IntentionHTTPPermission{ - PathRegex: "/v[12]/.*", - Methods: []string{"GET", "POST"}, - }, - }, - }, - }, - { - Name: "*", - Action: "deny", - Description: "wild desc", - }, - }, - }, - }, - { - name: "service-intentions: wildcard destination", - snake: ` - kind = "service-intentions" - name = "*" - sources { - name = "foo" - action = "deny" - # should be parsed, but we'll ignore it later - precedence = 6 - } - `, - camel: ` - Kind = "service-intentions" - Name = "*" - Sources { - Name = "foo" - Action = "deny" - # should be parsed, but we'll ignore it later - Precedence = 6 - } - `, - snakeJSON: ` - { - "kind": "service-intentions", - "name": "*", - "sources": [ - { - "name": "foo", - "action": "deny", - "precedence": 6 - } - ] - } - `, - camelJSON: ` - { - "Kind": "service-intentions", - "Name": "*", - "Sources": [ - { - "Name": "foo", - "Action": "deny", - "Precedence": 6 - } - ] - } - `, - expect: &api.ServiceIntentionsConfigEntry{ - Kind: "service-intentions", - Name: "*", - Sources: []*api.SourceIntention{ - { - Name: "foo", - Action: "deny", - Precedence: 6, - }, - }, - }, - }, - { - name: "mesh", - snake: ` - kind = "mesh" - meta { - "foo" = "bar" - "gir" = "zim" - } - transparent_proxy { - mesh_destinations_only = true - } - tls { - incoming { - tls_min_version = "TLSv1_1" - tls_max_version = "TLSv1_2" - cipher_suites = [ - "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" - ] - } - outgoing { - tls_min_version = "TLSv1_1" - tls_max_version = "TLSv1_2" - cipher_suites = [ - "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" - ] - } - } - `, - camel: ` - Kind = "mesh" - Meta { - "foo" = "bar" - "gir" = "zim" - } - TransparentProxy { - MeshDestinationsOnly = true - } - TLS { - Incoming { - TLSMinVersion = "TLSv1_1" - TLSMaxVersion = "TLSv1_2" - CipherSuites = [ - "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" - ] - } - Outgoing { - TLSMinVersion = "TLSv1_1" - TLSMaxVersion = "TLSv1_2" - CipherSuites = [ - "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" - ] - } - } - `, - snakeJSON: ` - { - "kind": "mesh", - "meta" : { - "foo": "bar", - "gir": "zim" - }, - "transparent_proxy": { - "mesh_destinations_only": true - }, - "tls": { - "incoming": { - "tls_min_version": "TLSv1_1", - "tls_max_version": "TLSv1_2", - "cipher_suites": [ - "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" - ] - }, - "outgoing": { - "tls_min_version": "TLSv1_1", - "tls_max_version": "TLSv1_2", - "cipher_suites": [ - "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" - ] - } - } - } - `, - camelJSON: ` - { - "Kind": "mesh", - "Meta" : { - "foo": "bar", - "gir": "zim" - }, - "TransparentProxy": { - "MeshDestinationsOnly": true - }, - "TLS": { - "Incoming": { - "TLSMinVersion": "TLSv1_1", - "TLSMaxVersion": "TLSv1_2", - "CipherSuites": [ - "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" - ] - }, - "Outgoing": { - "TLSMinVersion": "TLSv1_1", - "TLSMaxVersion": "TLSv1_2", - "CipherSuites": [ - "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" - ] - } - } - } - `, - expect: &api.MeshConfigEntry{ - Meta: map[string]string{ - "foo": "bar", - "gir": "zim", - }, - TransparentProxy: api.TransparentProxyMeshConfig{ - MeshDestinationsOnly: true, - }, - TLS: &api.MeshTLSConfig{ - Incoming: &api.MeshDirectionalTLSConfig{ - TLSMinVersion: "TLSv1_1", - TLSMaxVersion: "TLSv1_2", - CipherSuites: []string{ - "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", - }, - }, - Outgoing: &api.MeshDirectionalTLSConfig{ - TLSMinVersion: "TLSv1_1", - TLSMaxVersion: "TLSv1_2", - CipherSuites: []string{ - "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", - }, - }, - }, - }, - }, - { - name: "exported-services", - snake: ` - kind = "exported-services" - name = "foo" - meta { - "foo" = "bar" - "gir" = "zim" - } - services = [ - { - name = "web" - namespace = "foo" - consumers = [ - { - partition = "bar" - }, - { - partition = "baz" - }, - { - peer_name = "flarm" - } - ] - }, - { - name = "db" - namespace = "bar" - consumers = [ - { - partition = "zoo" - } - ] - } - ] - `, - camel: ` - Kind = "exported-services" - Name = "foo" - Meta { - "foo" = "bar" - "gir" = "zim" - } - Services = [ - { - Name = "web" - Namespace = "foo" - Consumers = [ - { - Partition = "bar" - }, - { - Partition = "baz" - }, - { - PeerName = "flarm" - } - ] - }, - { - Name = "db" - Namespace = "bar" - Consumers = [ - { - Partition = "zoo" - } - ] - } - ] - `, - snakeJSON: ` - { - "kind": "exported-services", - "name": "foo", - "meta": { - "foo": "bar", - "gir": "zim" - }, - "services": [ - { - "name": "web", - "namespace": "foo", - "consumers": [ - { - "partition": "bar" - }, - { - "partition": "baz" - }, - { - "peer_name": "flarm" - } - ] - }, - { - "name": "db", - "namespace": "bar", - "consumers": [ - { - "partition": "zoo" - } - ] - } - ] - } - `, - camelJSON: ` - { - "Kind": "exported-services", - "Name": "foo", - "Meta": { - "foo": "bar", - "gir": "zim" - }, - "Services": [ - { - "Name": "web", - "Namespace": "foo", - "Consumers": [ - { - "Partition": "bar" - }, - { - "Partition": "baz" - }, - { - "PeerName": "flarm" - } - ] - }, - { - "Name": "db", - "Namespace": "bar", - "Consumers": [ - { - "Partition": "zoo" - } - ] - } - ] - } - `, - expect: &api.ExportedServicesConfigEntry{ - Name: "foo", - Meta: map[string]string{ - "foo": "bar", - "gir": "zim", - }, - Services: []api.ExportedService{ - { - Name: "web", - Namespace: "foo", - Consumers: []api.ServiceConsumer{ - { - Partition: "bar", - }, - { - Partition: "baz", - }, - { - PeerName: "flarm", - }, - }, - }, - { - Name: "db", - Namespace: "bar", - Consumers: []api.ServiceConsumer{ - { - Partition: "zoo", - }, - }, - }, - }, - }, - }, - } { - tc := tc - - testbody := func(t *testing.T, body string, expect api.ConfigEntry) { - t.Helper() - got, err := parseConfigEntry(body) - if tc.expectErr != "" { - require.Nil(t, got) - require.Error(t, err) - requireContainsLower(t, err.Error(), tc.expectErr) - } else { - require.NoError(t, err) - require.Equal(t, expect, got) - } - } - - t.Run(tc.name+" (hcl snake case)", func(t *testing.T) { - testbody(t, tc.snake, tc.expect) - }) - t.Run(tc.name+" (hcl camel case)", func(t *testing.T) { - testbody(t, tc.camel, tc.expect) - }) - if tc.snakeJSON != "" { - t.Run(tc.name+" (json snake case)", func(t *testing.T) { - if tc.expectJSON != nil { - testbody(t, tc.snakeJSON, tc.expectJSON) - } else { - testbody(t, tc.snakeJSON, tc.expect) - } - }) - } - if tc.camelJSON != "" { - t.Run(tc.name+" (json camel case)", func(t *testing.T) { - if tc.expectJSON != nil { - testbody(t, tc.camelJSON, tc.expectJSON) - } else { - testbody(t, tc.camelJSON, tc.expect) - } - }) - } - } -} - func requireContainsLower(t *testing.T, haystack, needle string) { t.Helper() require.Contains(t, strings.ToLower(haystack), strings.ToLower(needle)) } - -func intPointer(v int) *int { - return &v -} diff --git a/command/config/write/decode_shim.go b/command/helpers/decode_shim.go similarity index 99% rename from command/config/write/decode_shim.go rename to command/helpers/decode_shim.go index c0ac6bf7f..e7465ed81 100644 --- a/command/config/write/decode_shim.go +++ b/command/helpers/decode_shim.go @@ -1,4 +1,4 @@ -package write +package helpers import ( "encoding/json" diff --git a/command/helpers/helpers.go b/command/helpers/helpers.go index 965f261bd..56ad6f7d3 100644 --- a/command/helpers/helpers.go +++ b/command/helpers/helpers.go @@ -6,6 +6,12 @@ import ( "io" "io/ioutil" "os" + "time" + + "github.com/hashicorp/consul/api" + "github.com/hashicorp/consul/lib/decode" + "github.com/hashicorp/go-multierror" + "github.com/mitchellh/mapstructure" ) func loadFromFile(path string) (string, error) { @@ -59,3 +65,74 @@ func LoadDataSourceNoRaw(data string, testStdin io.Reader) (string, error) { return loadFromFile(data) } + +func ParseConfigEntry(data string) (api.ConfigEntry, error) { + // parse the data + var raw map[string]interface{} + if err := hclDecode(&raw, data); err != nil { + return nil, fmt.Errorf("Failed to decode config entry input: %v", err) + } + + return newDecodeConfigEntry(raw) +} + +// There is a 'structs' variation of this in +// agent/structs/config_entry.go:DecodeConfigEntry +func newDecodeConfigEntry(raw map[string]interface{}) (api.ConfigEntry, error) { + var entry api.ConfigEntry + + kindVal, ok := raw["Kind"] + if !ok { + kindVal, ok = raw["kind"] + } + if !ok { + return nil, fmt.Errorf("Payload does not contain a kind/Kind key at the top level") + } + + if kindStr, ok := kindVal.(string); ok { + newEntry, err := api.MakeConfigEntry(kindStr, "") + if err != nil { + return nil, err + } + entry = newEntry + } else { + return nil, fmt.Errorf("Kind value in payload is not a string") + } + + var md mapstructure.Metadata + decodeConf := &mapstructure.DecoderConfig{ + DecodeHook: mapstructure.ComposeDecodeHookFunc( + decode.HookWeakDecodeFromSlice, + decode.HookTranslateKeys, + mapstructure.StringToTimeDurationHookFunc(), + mapstructure.StringToTimeHookFunc(time.RFC3339), + ), + Metadata: &md, + Result: &entry, + WeaklyTypedInput: true, + } + + decoder, err := mapstructure.NewDecoder(decodeConf) + if err != nil { + return nil, err + } + + if err := decoder.Decode(raw); err != nil { + return nil, err + } + + for _, k := range md.Unused { + switch k { + case "kind", "Kind": + // The kind field is used to determine the target, but doesn't need + // to exist on the target. + continue + } + err = multierror.Append(err, fmt.Errorf("invalid config key %q", k)) + } + if err != nil { + return nil, err + } + + return entry, nil +} diff --git a/command/helpers/helpers_test.go b/command/helpers/helpers_test.go new file mode 100644 index 000000000..82759159f --- /dev/null +++ b/command/helpers/helpers_test.go @@ -0,0 +1,3079 @@ +package helpers + +import ( + "strings" + "testing" + "time" + + "github.com/hashicorp/consul/agent/structs" + + "github.com/stretchr/testify/require" + + "github.com/hashicorp/consul/api" +) + +// TestParseConfigEntry is the 'api' mirror image of +// agent/structs/config_entry_test.go:TestDecodeConfigEntry +func TestParseConfigEntry(t *testing.T) { + t.Parallel() + for _, tc := range []struct { + name string + camel, camelJSON string + snake, snakeJSON string + expect api.ConfigEntry + expectJSON api.ConfigEntry + expectErr string + }{ + { + name: "proxy-defaults: extra fields or typo", + snake: ` + kind = "proxy-defaults" + name = "main" + cornfig { + "foo" = 19 + } + `, + camel: ` + Kind = "proxy-defaults" + Name = "main" + Cornfig { + "foo" = 19 + } + `, + snakeJSON: ` + { + "kind": "proxy-defaults", + "name": "main", + "cornfig": { + "foo": 19 + } + } + `, + camelJSON: ` + { + "Kind": "proxy-defaults", + "Name": "main", + "Cornfig": { + "foo": 19 + } + } + `, + expectErr: `invalid config key "cornfig"`, + }, + { + name: "proxy-defaults", + snake: ` + kind = "proxy-defaults" + name = "main" + meta { + "foo" = "bar" + "gir" = "zim" + } + config { + "foo" = 19 + "bar" = "abc" + "moreconfig" { + "moar" = "config" + } + } + mesh_gateway { + mode = "remote" + } + mode = "direct" + transparent_proxy = { + outbound_listener_port = 10101 + dialed_directly = true + } + `, + camel: ` + Kind = "proxy-defaults" + Name = "main" + Meta { + "foo" = "bar" + "gir" = "zim" + } + Config { + "foo" = 19 + "bar" = "abc" + "moreconfig" { + "moar" = "config" + } + } + MeshGateway { + Mode = "remote" + } + Mode = "direct" + TransparentProxy = { + outbound_listener_port = 10101 + dialed_directly = true + } + `, + snakeJSON: ` + { + "kind": "proxy-defaults", + "name": "main", + "meta" : { + "foo": "bar", + "gir": "zim" + }, + "config": { + "foo": 19, + "bar": "abc", + "moreconfig": { + "moar": "config" + } + }, + "mesh_gateway": { + "mode": "remote" + }, + "mode": "direct", + "transparent_proxy": { + "outbound_listener_port": 10101, + "dialed_directly": true + } + } + `, + camelJSON: ` + { + "Kind": "proxy-defaults", + "Name": "main", + "Meta" : { + "foo": "bar", + "gir": "zim" + }, + "Config": { + "foo": 19, + "bar": "abc", + "moreconfig": { + "moar": "config" + } + }, + "MeshGateway": { + "Mode": "remote" + }, + "Mode": "direct", + "TransparentProxy": { + "OutboundListenerPort": 10101, + "DialedDirectly": true + } + } + `, + expect: &api.ProxyConfigEntry{ + Kind: "proxy-defaults", + Name: "main", + Meta: map[string]string{ + "foo": "bar", + "gir": "zim", + }, + Config: map[string]interface{}{ + "foo": 19, + "bar": "abc", + "moreconfig": map[string]interface{}{ + "moar": "config", + }, + }, + MeshGateway: api.MeshGatewayConfig{ + Mode: api.MeshGatewayModeRemote, + }, + Mode: api.ProxyModeDirect, + TransparentProxy: &api.TransparentProxyConfig{ + OutboundListenerPort: 10101, + DialedDirectly: true, + }, + }, + expectJSON: &api.ProxyConfigEntry{ + Kind: "proxy-defaults", + Name: "main", + Meta: map[string]string{ + "foo": "bar", + "gir": "zim", + }, + Config: map[string]interface{}{ + "foo": float64(19), // json decoding gives float64 instead of int here + "bar": "abc", + "moreconfig": map[string]interface{}{ + "moar": "config", + }, + }, + MeshGateway: api.MeshGatewayConfig{ + Mode: api.MeshGatewayModeRemote, + }, + Mode: api.ProxyModeDirect, + TransparentProxy: &api.TransparentProxyConfig{ + OutboundListenerPort: 10101, + DialedDirectly: true, + }, + }, + }, + { + name: "terminating-gateway", + snake: ` + kind = "terminating-gateway" + name = "terminating-gw-west" + namespace = "default" + meta { + "foo" = "bar" + "gir" = "zim" + } + services = [ + { + name = "billing" + namespace = "biz" + ca_file = "/etc/ca.crt" + cert_file = "/etc/client.crt" + key_file = "/etc/tls.key" + sni = "mydomain" + }, + { + name = "*" + namespace = "ops" + } + ] + `, + camel: ` + Kind = "terminating-gateway" + Name = "terminating-gw-west" + Namespace = "default" + Meta { + "foo" = "bar" + "gir" = "zim" + } + Services = [ + { + Name = "billing" + Namespace = "biz" + CAFile = "/etc/ca.crt" + CertFile = "/etc/client.crt" + KeyFile = "/etc/tls.key" + SNI = "mydomain" + }, + { + Name = "*" + Namespace = "ops" + } + ] + `, + snakeJSON: ` + { + "kind": "terminating-gateway", + "name": "terminating-gw-west", + "namespace": "default", + "meta" : { + "foo": "bar", + "gir": "zim" + }, + "services": [ + { + "name": "billing", + "namespace": "biz", + "ca_file": "/etc/ca.crt", + "cert_file": "/etc/client.crt", + "key_file": "/etc/tls.key", + "sni": "mydomain" + }, + { + "name": "*", + "namespace": "ops" + } + ] + } + `, + camelJSON: ` + { + "Kind": "terminating-gateway", + "Name": "terminating-gw-west", + "Namespace": "default", + "Meta" : { + "foo": "bar", + "gir": "zim" + }, + "Services": [ + { + "Name": "billing", + "Namespace": "biz", + "CAFile": "/etc/ca.crt", + "CertFile": "/etc/client.crt", + "KeyFile": "/etc/tls.key", + "SNI": "mydomain" + }, + { + "Name": "*", + "Namespace": "ops" + } + ] + } + `, + expect: &api.TerminatingGatewayConfigEntry{ + Kind: "terminating-gateway", + Name: "terminating-gw-west", + Namespace: "default", + Meta: map[string]string{ + "foo": "bar", + "gir": "zim", + }, + Services: []api.LinkedService{ + { + Name: "billing", + Namespace: "biz", + CAFile: "/etc/ca.crt", + CertFile: "/etc/client.crt", + KeyFile: "/etc/tls.key", + SNI: "mydomain", + }, + { + Name: "*", + Namespace: "ops", + }, + }, + }, + expectJSON: &api.TerminatingGatewayConfigEntry{ + Kind: "terminating-gateway", + Name: "terminating-gw-west", + Namespace: "default", + Meta: map[string]string{ + "foo": "bar", + "gir": "zim", + }, + Services: []api.LinkedService{ + { + Name: "billing", + Namespace: "biz", + CAFile: "/etc/ca.crt", + CertFile: "/etc/client.crt", + KeyFile: "/etc/tls.key", + SNI: "mydomain", + }, + { + Name: "*", + Namespace: "ops", + }, + }, + }, + }, + { + name: "service-defaults: kitchen sink (upstreams edition)", + snake: ` + kind = "service-defaults" + name = "main" + meta { + "foo" = "bar" + "gir" = "zim" + } + protocol = "http" + external_sni = "abc-123" + mesh_gateway { + mode = "remote" + } + mode = "direct" + transparent_proxy = { + outbound_listener_port = 10101 + dialed_directly = true + } + upstream_config { + overrides = [ + { + name = "redis" + passive_health_check { + max_failures = 3 + interval = "2s" + } + envoy_listener_json = "{ \"listener-foo\": 5 }" + envoy_cluster_json = "{ \"cluster-bar\": 5 }" + protocol = "grpc" + connect_timeout_ms = 6543 + }, + { + name = "finance--billing" + mesh_gateway { + mode = "remote" + } + limits { + max_connections = 1111 + max_pending_requests = 2222 + max_concurrent_requests = 3333 + } + } + ] + defaults { + envoy_cluster_json = "zip" + envoy_listener_json = "zop" + connect_timeout_ms = 5000 + protocol = "http" + limits { + max_connections = 3 + max_pending_requests = 4 + max_concurrent_requests = 5 + } + passive_health_check { + max_failures = 5 + interval = "4s" + } + } + } + `, + camel: ` + Kind = "service-defaults" + Name = "main" + Meta { + "foo" = "bar" + "gir" = "zim" + } + Protocol = "http" + ExternalSNI = "abc-123" + MeshGateway { + Mode = "remote" + } + Mode = "direct" + TransparentProxy = { + outbound_listener_port = 10101 + dialed_directly = true + } + UpstreamConfig { + Overrides = [ + { + Name = "redis" + PassiveHealthCheck { + MaxFailures = 3 + Interval = "2s" + } + EnvoyListenerJson = "{ \"listener-foo\": 5 }" + EnvoyClusterJson = "{ \"cluster-bar\": 5 }" + Protocol = "grpc" + ConnectTimeoutMs = 6543 + }, + { + Name = "finance--billing" + MeshGateway { + Mode = "remote" + } + Limits { + MaxConnections = 1111 + MaxPendingRequests = 2222 + MaxConcurrentRequests = 3333 + } + } + ] + Defaults { + EnvoyClusterJson = "zip" + EnvoyListenerJson = "zop" + ConnectTimeoutMs = 5000 + Protocol = "http" + Limits { + MaxConnections = 3 + MaxPendingRequests = 4 + MaxConcurrentRequests = 5 + } + PassiveHealthCheck { + MaxFailures = 5 + Interval = "4s" + } + } + } + `, + snakeJSON: ` + { + "kind": "service-defaults", + "name": "main", + "meta" : { + "foo": "bar", + "gir": "zim" + }, + "protocol": "http", + "external_sni": "abc-123", + "mesh_gateway": { + "mode": "remote" + }, + "mode": "direct", + "transparent_proxy": { + "outbound_listener_port": 10101, + "dialed_directly": true + }, + "upstream_config": { + "overrides": [ + { + "name": "redis", + "passive_health_check": { + "max_failures": 3, + "interval": "2s" + }, + "envoy_listener_json": "{ \"listener-foo\": 5 }", + "envoy_cluster_json": "{ \"cluster-bar\": 5 }", + "protocol": "grpc", + "connect_timeout_ms": 6543 + }, + { + "name": "finance--billing", + "mesh_gateway": { + "mode": "remote" + }, + "limits": { + "max_connections": 1111, + "max_pending_requests": 2222, + "max_concurrent_requests": 3333 + } + } + ], + "defaults": { + "envoy_cluster_json": "zip", + "envoy_listener_json": "zop", + "connect_timeout_ms": 5000, + "protocol": "http", + "limits": { + "max_connections": 3, + "max_pending_requests": 4, + "max_concurrent_requests": 5 + }, + "passive_health_check": { + "max_failures": 5, + "interval": "4s" + } + } + } + } + `, + camelJSON: ` + { + "Kind": "service-defaults", + "Name": "main", + "Meta" : { + "foo": "bar", + "gir": "zim" + }, + "Protocol": "http", + "ExternalSNI": "abc-123", + "MeshGateway": { + "Mode": "remote" + }, + "Mode": "direct", + "TransparentProxy": { + "OutboundListenerPort": 10101, + "DialedDirectly": true + }, + "UpstreamConfig": { + "Overrides": [ + { + "Name": "redis", + "PassiveHealthCheck": { + "MaxFailures": 3, + "Interval": "2s" + }, + "EnvoyListenerJson": "{ \"listener-foo\": 5 }", + "EnvoyClusterJson": "{ \"cluster-bar\": 5 }", + "Protocol": "grpc", + "ConnectTimeoutMs": 6543 + }, + { + "Name": "finance--billing", + "MeshGateway": { + "Mode": "remote" + }, + "Limits": { + "MaxConnections": 1111, + "MaxPendingRequests": 2222, + "MaxConcurrentRequests": 3333 + } + } + ], + "Defaults": { + "EnvoyClusterJson": "zip", + "EnvoyListenerJson": "zop", + "ConnectTimeoutMs": 5000, + "Protocol": "http", + "Limits": { + "MaxConnections": 3, + "MaxPendingRequests": 4, + "MaxConcurrentRequests": 5 + }, + "PassiveHealthCheck": { + "MaxFailures": 5, + "Interval": "4s" + } + } + } + } + `, + expect: &api.ServiceConfigEntry{ + Kind: "service-defaults", + Name: "main", + Meta: map[string]string{ + "foo": "bar", + "gir": "zim", + }, + Protocol: "http", + ExternalSNI: "abc-123", + MeshGateway: api.MeshGatewayConfig{ + Mode: api.MeshGatewayModeRemote, + }, + Mode: api.ProxyModeDirect, + TransparentProxy: &api.TransparentProxyConfig{ + OutboundListenerPort: 10101, + DialedDirectly: true, + }, + UpstreamConfig: &api.UpstreamConfiguration{ + Overrides: []*api.UpstreamConfig{ + { + Name: "redis", + PassiveHealthCheck: &api.PassiveHealthCheck{ + MaxFailures: 3, + Interval: 2 * time.Second, + }, + EnvoyListenerJSON: `{ "listener-foo": 5 }`, + EnvoyClusterJSON: `{ "cluster-bar": 5 }`, + Protocol: "grpc", + ConnectTimeoutMs: 6543, + }, + { + Name: "finance--billing", + MeshGateway: api.MeshGatewayConfig{ + Mode: "remote", + }, + Limits: &api.UpstreamLimits{ + MaxConnections: intPointer(1111), + MaxPendingRequests: intPointer(2222), + MaxConcurrentRequests: intPointer(3333), + }, + }, + }, + Defaults: &api.UpstreamConfig{ + EnvoyClusterJSON: "zip", + EnvoyListenerJSON: "zop", + Protocol: "http", + ConnectTimeoutMs: 5000, + Limits: &api.UpstreamLimits{ + MaxConnections: intPointer(3), + MaxPendingRequests: intPointer(4), + MaxConcurrentRequests: intPointer(5), + }, + PassiveHealthCheck: &api.PassiveHealthCheck{ + MaxFailures: 5, + Interval: 4 * time.Second, + }, + }, + }, + }, + }, + { + name: "service-defaults: kitchen sink (destination edition)", + snake: ` + kind = "service-defaults" + name = "main" + meta { + "foo" = "bar" + "gir" = "zim" + } + protocol = "grpc" + mesh_gateway { + mode = "remote" + } + mode = "transparent" + transparent_proxy = { + outbound_listener_port = 10101 + dialed_directly = true + } + destination = { + address = "10.0.0.0/16", + port = 443 + } + `, + camel: ` + Kind = "service-defaults" + Name = "main" + Meta { + "foo" = "bar" + "gir" = "zim" + } + Protocol = "grpc" + MeshGateway { + Mode = "remote" + } + Mode = "transparent" + TransparentProxy = { + outbound_listener_port = 10101 + dialed_directly = true + } + Destination = { + Address = "10.0.0.0/16", + Port = 443 + } + `, + snakeJSON: ` + { + "kind": "service-defaults", + "name": "main", + "meta" : { + "foo": "bar", + "gir": "zim" + }, + "protocol": "grpc", + "mesh_gateway": { + "mode": "remote" + }, + "mode": "transparent", + "transparent_proxy": { + "outbound_listener_port": 10101, + "dialed_directly": true + }, + "destination": { + "address": "10.0.0.0/16", + "port": 443 + } + } + `, + camelJSON: ` + { + "Kind": "service-defaults", + "Name": "main", + "Meta" : { + "foo": "bar", + "gir": "zim" + }, + "Protocol": "grpc", + "MeshGateway": { + "Mode": "remote" + }, + "Mode": "transparent", + "TransparentProxy": { + "OutboundListenerPort": 10101, + "DialedDirectly": true + }, + "Destination": { + "Address": "10.0.0.0/16", + "Port": 443 + } + } + `, + expect: &api.ServiceConfigEntry{ + Kind: "service-defaults", + Name: "main", + Meta: map[string]string{ + "foo": "bar", + "gir": "zim", + }, + Protocol: "grpc", + MeshGateway: api.MeshGatewayConfig{ + Mode: api.MeshGatewayModeRemote, + }, + Mode: api.ProxyModeTransparent, + TransparentProxy: &api.TransparentProxyConfig{ + OutboundListenerPort: 10101, + DialedDirectly: true, + }, + Destination: &api.DestinationConfig{ + Address: "10.0.0.0/16", + Port: 443, + }, + }, + }, + { + name: "service-router: kitchen sink", + snake: ` + kind = "service-router" + name = "main" + partition = "pepper" + meta { + "foo" = "bar" + "gir" = "zim" + } + routes = [ + { + match { + http { + path_exact = "/foo" + header = [ + { + name = "debug1" + present = true + }, + { + name = "debug2" + present = false + invert = true + }, + { + name = "debug3" + exact = "1" + }, + { + name = "debug4" + prefix = "aaa" + }, + { + name = "debug5" + suffix = "bbb" + }, + { + name = "debug6" + regex = "a.*z" + }, + ] + } + } + destination { + service = "carrot" + service_subset = "kale" + namespace = "leek" + partition = "chard" + prefix_rewrite = "/alternate" + request_timeout = "99s" + num_retries = 12345 + retry_on_connect_failure = true + retry_on_status_codes = [401, 209] + } + }, + { + match { + http { + path_prefix = "/foo" + methods = [ "GET", "DELETE" ] + query_param = [ + { + name = "hack1" + present = true + }, + { + name = "hack2" + exact = "1" + }, + { + name = "hack3" + regex = "a.*z" + }, + ] + } + } + }, + { + match { + http { + path_regex = "/foo" + } + } + }, + ] + `, + camel: ` + Kind = "service-router" + Name = "main" + Partition = "pepper" + Meta { + "foo" = "bar" + "gir" = "zim" + } + Routes = [ + { + Match { + HTTP { + PathExact = "/foo" + Header = [ + { + Name = "debug1" + Present = true + }, + { + Name = "debug2" + Present = false + Invert = true + }, + { + Name = "debug3" + Exact = "1" + }, + { + Name = "debug4" + Prefix = "aaa" + }, + { + Name = "debug5" + Suffix = "bbb" + }, + { + Name = "debug6" + Regex = "a.*z" + }, + ] + } + } + Destination { + Service = "carrot" + ServiceSubset = "kale" + Namespace = "leek" + Partition = "chard" + PrefixRewrite = "/alternate" + RequestTimeout = "99s" + NumRetries = 12345 + RetryOnConnectFailure = true + RetryOnStatusCodes = [401, 209] + } + }, + { + Match { + HTTP { + PathPrefix = "/foo" + Methods = [ "GET", "DELETE" ] + QueryParam = [ + { + Name = "hack1" + Present = true + }, + { + Name = "hack2" + Exact = "1" + }, + { + Name = "hack3" + Regex = "a.*z" + }, + ] + } + } + }, + { + Match { + HTTP { + PathRegex = "/foo" + } + } + }, + ] + `, + snakeJSON: ` + { + "kind": "service-router", + "name": "main", + "partition": "pepper", + "meta" : { + "foo": "bar", + "gir": "zim" + }, + "routes": [ + { + "match": { + "http": { + "path_exact": "/foo", + "header": [ + { + "name": "debug1", + "present": true + }, + { + "name": "debug2", + "present": false, + "invert": true + }, + { + "name": "debug3", + "exact": "1" + }, + { + "name": "debug4", + "prefix": "aaa" + }, + { + "name": "debug5", + "suffix": "bbb" + }, + { + "name": "debug6", + "regex": "a.*z" + } + ] + } + }, + "destination": { + "service": "carrot", + "service_subset": "kale", + "namespace": "leek", + "partition": "chard", + "prefix_rewrite": "/alternate", + "request_timeout": "99s", + "num_retries": 12345, + "retry_on_connect_failure": true, + "retry_on_status_codes": [ + 401, + 209 + ] + } + }, + { + "match": { + "http": { + "path_prefix": "/foo", + "methods": [ + "GET", + "DELETE" + ], + "query_param": [ + { + "name": "hack1", + "present": true + }, + { + "name": "hack2", + "exact": "1" + }, + { + "name": "hack3", + "regex": "a.*z" + } + ] + } + } + }, + { + "match": { + "http": { + "path_regex": "/foo" + } + } + } + ] + } + `, + camelJSON: ` + { + "Kind": "service-router", + "Name": "main", + "Partition": "pepper", + "Meta" : { + "foo": "bar", + "gir": "zim" + }, + "Routes": [ + { + "Match": { + "HTTP": { + "PathExact": "/foo", + "Header": [ + { + "Name": "debug1", + "Present": true + }, + { + "Name": "debug2", + "Present": false, + "Invert": true + }, + { + "Name": "debug3", + "Exact": "1" + }, + { + "Name": "debug4", + "Prefix": "aaa" + }, + { + "Name": "debug5", + "Suffix": "bbb" + }, + { + "Name": "debug6", + "Regex": "a.*z" + } + ] + } + }, + "Destination": { + "Service": "carrot", + "ServiceSubset": "kale", + "Namespace": "leek", + "Partition": "chard", + "PrefixRewrite": "/alternate", + "RequestTimeout": "99s", + "NumRetries": 12345, + "RetryOnConnectFailure": true, + "RetryOnStatusCodes": [ + 401, + 209 + ] + } + }, + { + "Match": { + "HTTP": { + "PathPrefix": "/foo", + "Methods": [ + "GET", + "DELETE" + ], + "QueryParam": [ + { + "Name": "hack1", + "Present": true + }, + { + "Name": "hack2", + "Exact": "1" + }, + { + "Name": "hack3", + "Regex": "a.*z" + } + ] + } + } + }, + { + "Match": { + "HTTP": { + "PathRegex": "/foo" + } + } + } + ] + } + `, + expect: &api.ServiceRouterConfigEntry{ + Kind: "service-router", + Name: "main", + Partition: "pepper", + Meta: map[string]string{ + "foo": "bar", + "gir": "zim", + }, + Routes: []api.ServiceRoute{ + { + Match: &api.ServiceRouteMatch{ + HTTP: &api.ServiceRouteHTTPMatch{ + PathExact: "/foo", + Header: []api.ServiceRouteHTTPMatchHeader{ + { + Name: "debug1", + Present: true, + }, + { + Name: "debug2", + Present: false, + Invert: true, + }, + { + Name: "debug3", + Exact: "1", + }, + { + Name: "debug4", + Prefix: "aaa", + }, + { + Name: "debug5", + Suffix: "bbb", + }, + { + Name: "debug6", + Regex: "a.*z", + }, + }, + }, + }, + Destination: &api.ServiceRouteDestination{ + Service: "carrot", + ServiceSubset: "kale", + Namespace: "leek", + Partition: "chard", + PrefixRewrite: "/alternate", + RequestTimeout: 99 * time.Second, + NumRetries: 12345, + RetryOnConnectFailure: true, + RetryOnStatusCodes: []uint32{401, 209}, + }, + }, + { + Match: &api.ServiceRouteMatch{ + HTTP: &api.ServiceRouteHTTPMatch{ + PathPrefix: "/foo", + Methods: []string{"GET", "DELETE"}, + QueryParam: []api.ServiceRouteHTTPMatchQueryParam{ + { + Name: "hack1", + Present: true, + }, + { + Name: "hack2", + Exact: "1", + }, + { + Name: "hack3", + Regex: "a.*z", + }, + }, + }, + }, + }, + { + Match: &api.ServiceRouteMatch{ + HTTP: &api.ServiceRouteHTTPMatch{ + PathRegex: "/foo", + }, + }, + }, + }, + }, + }, + { + name: "service-splitter: kitchen sink", + snake: ` + kind = "service-splitter" + name = "main" + partition = "east" + meta { + "foo" = "bar" + "gir" = "zim" + } + splits = [ + { + weight = 97.1 + service_subset = "v1" + }, + { + weight = 2 + service_subset = "v2" + }, + { + weight = 0.9 + service = "other" + namespace = "alt" + partition = "west" + }, + ] + `, + camel: ` + Kind = "service-splitter" + Name = "main" + Partition = "east" + Meta { + "foo" = "bar" + "gir" = "zim" + } + Splits = [ + { + Weight = 97.1 + ServiceSubset = "v1" + }, + { + Weight = 2, + ServiceSubset = "v2" + }, + { + Weight = 0.9 + Service = "other" + Namespace = "alt" + Partition = "west" + }, + ] + `, + snakeJSON: ` + { + "kind": "service-splitter", + "name": "main", + "partition": "east", + "meta" : { + "foo": "bar", + "gir": "zim" + }, + "splits": [ + { + "weight": 97.1, + "service_subset": "v1" + }, + { + "weight": 2, + "service_subset": "v2" + }, + { + "weight": 0.9, + "service": "other", + "namespace": "alt", + "partition": "west" + } + ] + } + `, + camelJSON: ` + { + "Kind": "service-splitter", + "Name": "main", + "Partition": "east", + "Meta" : { + "foo": "bar", + "gir": "zim" + }, + "Splits": [ + { + "Weight": 97.1, + "ServiceSubset": "v1" + }, + { + "Weight": 2, + "ServiceSubset": "v2" + }, + { + "Weight": 0.9, + "Service": "other", + "Namespace": "alt", + "Partition": "west" + } + ] + } + `, + expect: &api.ServiceSplitterConfigEntry{ + Kind: api.ServiceSplitter, + Name: "main", + Partition: "east", + Meta: map[string]string{ + "foo": "bar", + "gir": "zim", + }, + Splits: []api.ServiceSplit{ + { + Weight: 97.1, + ServiceSubset: "v1", + }, + { + Weight: 2, + ServiceSubset: "v2", + }, + { + Weight: 0.9, + Service: "other", + Namespace: "alt", + Partition: "west", + }, + }, + }, + }, + { + name: "service-resolver: subsets with failover", + snake: ` + kind = "service-resolver" + name = "main" + meta { + "foo" = "bar" + "gir" = "zim" + } + default_subset = "v1" + connect_timeout = "15s" + subsets = { + "v1" = { + filter = "Service.Meta.version == v1" + }, + "v2" = { + filter = "Service.Meta.version == v2" + only_passing = true + }, + } + failover = { + "v2" = { + service = "failcopy" + service_subset = "sure" + namespace = "neighbor" + datacenters = ["dc5", "dc14"] + }, + "*" = { + datacenters = ["dc7"] + } + }`, + camel: ` + Kind = "service-resolver" + Name = "main" + Meta { + "foo" = "bar" + "gir" = "zim" + } + DefaultSubset = "v1" + ConnectTimeout = "15s" + Subsets = { + "v1" = { + Filter = "Service.Meta.version == v1" + }, + "v2" = { + Filter = "Service.Meta.version == v2" + OnlyPassing = true + }, + } + Failover = { + "v2" = { + Service = "failcopy" + ServiceSubset = "sure" + Namespace = "neighbor" + Datacenters = ["dc5", "dc14"] + }, + "*" = { + Datacenters = ["dc7"] + } + }`, + snakeJSON: ` + { + "kind": "service-resolver", + "name": "main", + "meta" : { + "foo": "bar", + "gir": "zim" + }, + "default_subset": "v1", + "connect_timeout": "15s", + "subsets": { + "v1": { + "filter": "Service.Meta.version == v1" + }, + "v2": { + "filter": "Service.Meta.version == v2", + "only_passing": true + } + }, + "failover": { + "v2": { + "service": "failcopy", + "service_subset": "sure", + "namespace": "neighbor", + "datacenters": [ + "dc5", + "dc14" + ] + }, + "*": { + "datacenters": [ + "dc7" + ] + } + } + } + `, + camelJSON: ` + { + "Kind": "service-resolver", + "Name": "main", + "Meta" : { + "foo": "bar", + "gir": "zim" + }, + "DefaultSubset": "v1", + "ConnectTimeout": "15s", + "Subsets": { + "v1": { + "Filter": "Service.Meta.version == v1" + }, + "v2": { + "Filter": "Service.Meta.version == v2", + "OnlyPassing": true + } + }, + "Failover": { + "v2": { + "Service": "failcopy", + "ServiceSubset": "sure", + "Namespace": "neighbor", + "Datacenters": [ + "dc5", + "dc14" + ] + }, + "*": { + "Datacenters": [ + "dc7" + ] + } + } + } + `, + expect: &api.ServiceResolverConfigEntry{ + Kind: "service-resolver", + Name: "main", + Meta: map[string]string{ + "foo": "bar", + "gir": "zim", + }, + DefaultSubset: "v1", + ConnectTimeout: 15 * time.Second, + Subsets: map[string]api.ServiceResolverSubset{ + "v1": { + Filter: "Service.Meta.version == v1", + }, + "v2": { + Filter: "Service.Meta.version == v2", + OnlyPassing: true, + }, + }, + Failover: map[string]api.ServiceResolverFailover{ + "v2": { + Service: "failcopy", + ServiceSubset: "sure", + Namespace: "neighbor", + Datacenters: []string{"dc5", "dc14"}, + }, + "*": { + Datacenters: []string{"dc7"}, + }, + }, + }, + }, + { + name: "service-resolver: redirect", + snake: ` + kind = "service-resolver" + name = "main" + partition = "east" + redirect { + service = "other" + service_subset = "backup" + namespace = "alt" + partition = "west" + datacenter = "dc9" + } + `, + camel: ` + Kind = "service-resolver" + Name = "main" + Partition = "east" + Redirect { + Service = "other" + ServiceSubset = "backup" + Namespace = "alt" + Partition = "west" + Datacenter = "dc9" + } + `, + snakeJSON: ` + { + "kind": "service-resolver", + "name": "main", + "partition": "east", + "redirect": { + "service": "other", + "service_subset": "backup", + "namespace": "alt", + "partition": "west", + "datacenter": "dc9" + } + } + `, + camelJSON: ` + { + "Kind": "service-resolver", + "Name": "main", + "Partition": "east", + "Redirect": { + "Service": "other", + "ServiceSubset": "backup", + "Namespace": "alt", + "Partition": "west", + "Datacenter": "dc9" + } + } + `, + expect: &api.ServiceResolverConfigEntry{ + Kind: "service-resolver", + Name: "main", + Partition: "east", + Redirect: &api.ServiceResolverRedirect{ + Service: "other", + ServiceSubset: "backup", + Namespace: "alt", + Partition: "west", + Datacenter: "dc9", + }, + }, + }, + { + name: "service-resolver: default", + snake: ` + kind = "service-resolver" + name = "main" + `, + camel: ` + Kind = "service-resolver" + Name = "main" + `, + snakeJSON: ` + { + "kind": "service-resolver", + "name": "main" + } + `, + camelJSON: ` + { + "Kind": "service-resolver", + "Name": "main" + } + `, + expect: &api.ServiceResolverConfigEntry{ + Kind: "service-resolver", + Name: "main", + }, + }, + { + name: "service-resolver: envoy hash lb kitchen sink", + snake: ` + kind = "service-resolver" + name = "main" + load_balancer = { + policy = "ring_hash" + ring_hash_config = { + minimum_ring_size = 1 + maximum_ring_size = 2 + } + hash_policies = [ + { + field = "cookie" + field_value = "good-cookie" + cookie_config = { + ttl = "1s" + path = "/oven" + } + terminal = true + }, + { + field = "cookie" + field_value = "less-good-cookie" + cookie_config = { + session = true + path = "/toaster" + } + terminal = true + }, + { + field = "header" + field_value = "x-user-id" + }, + { + source_ip = true + } + ] + } + `, + camel: ` + Kind = "service-resolver" + Name = "main" + LoadBalancer = { + Policy = "ring_hash" + RingHashConfig = { + MinimumRingSize = 1 + MaximumRingSize = 2 + } + HashPolicies = [ + { + Field = "cookie" + FieldValue = "good-cookie" + CookieConfig = { + TTL = "1s" + Path = "/oven" + } + Terminal = true + }, + { + Field = "cookie" + FieldValue = "less-good-cookie" + CookieConfig = { + Session = true + Path = "/toaster" + } + Terminal = true + }, + { + Field = "header" + FieldValue = "x-user-id" + }, + { + SourceIP = true + } + ] + } + `, + snakeJSON: ` + { + "kind": "service-resolver", + "name": "main", + "load_balancer": { + "policy": "ring_hash", + "ring_hash_config": { + "minimum_ring_size": 1, + "maximum_ring_size": 2 + }, + "hash_policies": [ + { + "field": "cookie", + "field_value": "good-cookie", + "cookie_config": { + "ttl": "1s", + "path": "/oven" + }, + "terminal": true + }, + { + "field": "cookie", + "field_value": "less-good-cookie", + "cookie_config": { + "session": true, + "path": "/toaster" + }, + "terminal": true + }, + { + "field": "header", + "field_value": "x-user-id" + }, + { + "source_ip": true + } + ] + } + } + `, + camelJSON: ` + { + "Kind": "service-resolver", + "Name": "main", + "LoadBalancer": { + "Policy": "ring_hash", + "RingHashConfig": { + "MinimumRingSize": 1, + "MaximumRingSize": 2 + }, + "HashPolicies": [ + { + "Field": "cookie", + "FieldValue": "good-cookie", + "CookieConfig": { + "TTL": "1s", + "Path": "/oven" + }, + "Terminal": true + }, + { + "Field": "cookie", + "FieldValue": "less-good-cookie", + "CookieConfig": { + "Session": true, + "Path": "/toaster" + }, + "Terminal": true + }, + { + "Field": "header", + "FieldValue": "x-user-id" + }, + { + "SourceIP": true + } + ] + } + } + `, + expect: &api.ServiceResolverConfigEntry{ + Kind: "service-resolver", + Name: "main", + LoadBalancer: &api.LoadBalancer{ + Policy: structs.LBPolicyRingHash, + RingHashConfig: &api.RingHashConfig{ + MinimumRingSize: 1, + MaximumRingSize: 2, + }, + HashPolicies: []api.HashPolicy{ + { + Field: structs.HashPolicyCookie, + FieldValue: "good-cookie", + CookieConfig: &api.CookieConfig{ + TTL: 1 * time.Second, + Path: "/oven", + }, + Terminal: true, + }, + { + Field: structs.HashPolicyCookie, + FieldValue: "less-good-cookie", + CookieConfig: &api.CookieConfig{ + Session: true, + Path: "/toaster", + }, + Terminal: true, + }, + { + Field: structs.HashPolicyHeader, + FieldValue: "x-user-id", + }, + { + SourceIP: true, + }, + }, + }, + }, + }, + { + name: "service-resolver: envoy least request kitchen sink", + snake: ` + kind = "service-resolver" + name = "main" + load_balancer = { + policy = "least_request" + least_request_config = { + choice_count = 2 + } + } + `, + camel: ` + Kind = "service-resolver" + Name = "main" + LoadBalancer = { + Policy = "least_request" + LeastRequestConfig = { + ChoiceCount = 2 + } + } + `, + snakeJSON: ` + { + "kind": "service-resolver", + "name": "main", + "load_balancer": { + "policy": "least_request", + "least_request_config": { + "choice_count": 2 + } + } + } + `, + camelJSON: ` + { + "Kind": "service-resolver", + "Name": "main", + "LoadBalancer": { + "Policy": "least_request", + "LeastRequestConfig": { + "ChoiceCount": 2 + } + } + } + `, + expect: &api.ServiceResolverConfigEntry{ + Kind: "service-resolver", + Name: "main", + LoadBalancer: &api.LoadBalancer{ + Policy: structs.LBPolicyLeastRequest, + LeastRequestConfig: &api.LeastRequestConfig{ + ChoiceCount: 2, + }, + }, + }, + }, + { + name: "expose paths: kitchen sink proxy defaults", + snake: ` + kind = "proxy-defaults" + name = "global" + expose = { + checks = true + paths = [ + { + local_path_port = 8080 + listener_port = 21500 + path = "/healthz" + protocol = "http2" + }, + { + local_path_port = 8000 + listener_port = 21501 + path = "/metrics" + protocol = "http" + } + ] + }`, + camel: ` + Kind = "proxy-defaults" + Name = "global" + Expose = { + Checks = true + Paths = [ + { + LocalPathPort = 8080 + ListenerPort = 21500 + Path = "/healthz" + Protocol = "http2" + }, + { + LocalPathPort = 8000 + ListenerPort = 21501 + Path = "/metrics" + Protocol = "http" + } + ] + }`, + snakeJSON: ` + { + "kind": "proxy-defaults", + "name": "global", + "expose": { + "checks": true, + "paths": [ + { + "local_path_port": 8080, + "listener_port": 21500, + "path": "/healthz", + "protocol": "http2" + }, + { + "local_path_port": 8000, + "listener_port": 21501, + "path": "/metrics", + "protocol": "http" + } + ] + } + } + `, + camelJSON: ` + { + "Kind": "proxy-defaults", + "Name": "global", + "Expose": { + "Checks": true, + "Paths": [ + { + "LocalPathPort": 8080, + "ListenerPort": 21500, + "Path": "/healthz", + "Protocol": "http2" + }, + { + "LocalPathPort": 8000, + "ListenerPort": 21501, + "Path": "/metrics", + "Protocol": "http" + } + ] + } + } + `, + expect: &api.ProxyConfigEntry{ + Kind: "proxy-defaults", + Name: "global", + Expose: api.ExposeConfig{ + Checks: true, + Paths: []api.ExposePath{ + { + ListenerPort: 21500, + Path: "/healthz", + LocalPathPort: 8080, + Protocol: "http2", + }, + { + ListenerPort: 21501, + Path: "/metrics", + LocalPathPort: 8000, + Protocol: "http", + }, + }, + }, + }, + }, + { + name: "expose paths: kitchen sink service defaults", + snake: ` + kind = "service-defaults" + name = "web" + expose = { + checks = true + paths = [ + { + local_path_port = 8080 + listener_port = 21500 + path = "/healthz" + protocol = "http2" + }, + { + local_path_port = 8000 + listener_port = 21501 + path = "/metrics" + protocol = "http" + } + ] + }`, + camel: ` + Kind = "service-defaults" + Name = "web" + Expose = { + Checks = true + Paths = [ + { + LocalPathPort = 8080 + ListenerPort = 21500 + Path = "/healthz" + Protocol = "http2" + }, + { + LocalPathPort = 8000 + ListenerPort = 21501 + Path = "/metrics" + Protocol = "http" + } + ] + }`, + snakeJSON: ` + { + "kind": "service-defaults", + "name": "web", + "expose": { + "checks": true, + "paths": [ + { + "local_path_port": 8080, + "listener_port": 21500, + "path": "/healthz", + "protocol": "http2" + }, + { + "local_path_port": 8000, + "listener_port": 21501, + "path": "/metrics", + "protocol": "http" + } + ] + } + } + `, + camelJSON: ` + { + "Kind": "service-defaults", + "Name": "web", + "Expose": { + "Checks": true, + "Paths": [ + { + "LocalPathPort": 8080, + "ListenerPort": 21500, + "Path": "/healthz", + "Protocol": "http2" + }, + { + "LocalPathPort": 8000, + "ListenerPort": 21501, + "Path": "/metrics", + "Protocol": "http" + } + ] + } + } + `, + expect: &api.ServiceConfigEntry{ + Kind: "service-defaults", + Name: "web", + Expose: api.ExposeConfig{ + Checks: true, + Paths: []api.ExposePath{ + { + ListenerPort: 21500, + Path: "/healthz", + LocalPathPort: 8080, + Protocol: "http2", + }, + { + ListenerPort: 21501, + Path: "/metrics", + LocalPathPort: 8000, + Protocol: "http", + }, + }, + }, + }, + }, + { + // TODO(rb): test SDS stuff here in both places (global/service) + name: "ingress-gateway: kitchen sink", + snake: ` + kind = "ingress-gateway" + name = "ingress-web" + meta { + "foo" = "bar" + "gir" = "zim" + } + tls { + enabled = true + tls_min_version = "TLSv1_1" + tls_max_version = "TLSv1_2" + cipher_suites = [ + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" + ] + } + listeners = [ + { + port = 8080 + protocol = "http" + services = [ + { + name = "web" + hosts = ["test.example.com"] + }, + { + name = "db" + namespace = "foo" + } + ] + } + ] + `, + camel: ` + Kind = "ingress-gateway" + Name = "ingress-web" + Meta { + "foo" = "bar" + "gir" = "zim" + } + Tls { + Enabled = true + TLSMinVersion = "TLSv1_1" + TLSMaxVersion = "TLSv1_2" + CipherSuites = [ + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" + ] + } + Listeners = [ + { + Port = 8080 + Protocol = "http" + Services = [ + { + Name = "web" + Hosts = ["test.example.com"] + }, + { + Name = "db" + Namespace = "foo" + } + ] + } + ] + `, + snakeJSON: ` + { + "kind": "ingress-gateway", + "name": "ingress-web", + "meta" : { + "foo": "bar", + "gir": "zim" + }, + "tls": { + "enabled": true, + "tls_min_version": "TLSv1_1", + "tls_max_version": "TLSv1_2", + "cipher_suites": [ + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" + ] + }, + "listeners": [ + { + "port": 8080, + "protocol": "http", + "services": [ + { + "name": "web", + "hosts": ["test.example.com"] + }, + { + "name": "db", + "namespace": "foo" + } + ] + } + ] + } + `, + camelJSON: ` + { + "Kind": "ingress-gateway", + "Name": "ingress-web", + "Meta" : { + "foo": "bar", + "gir": "zim" + }, + "TLS": { + "Enabled": true, + "TLSMinVersion": "TLSv1_1", + "TLSMaxVersion": "TLSv1_2", + "CipherSuites": [ + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" + ] + }, + "Listeners": [ + { + "Port": 8080, + "Protocol": "http", + "Services": [ + { + "Name": "web", + "Hosts": ["test.example.com"] + }, + { + "Name": "db", + "Namespace": "foo" + } + ] + } + ] + } + `, + expect: &api.IngressGatewayConfigEntry{ + Kind: "ingress-gateway", + Name: "ingress-web", + Meta: map[string]string{ + "foo": "bar", + "gir": "zim", + }, + TLS: api.GatewayTLSConfig{ + Enabled: true, + TLSMinVersion: "TLSv1_1", + TLSMaxVersion: "TLSv1_2", + CipherSuites: []string{ + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", + }, + }, + Listeners: []api.IngressListener{ + { + Port: 8080, + Protocol: "http", + Services: []api.IngressService{ + { + Name: "web", + Hosts: []string{"test.example.com"}, + }, + { + Name: "db", + Namespace: "foo", + }, + }, + }, + }, + }, + }, + { + name: "service-intentions: kitchen sink", + snake: ` + kind = "service-intentions" + name = "web" + meta { + "foo" = "bar" + "gir" = "zim" + } + sources = [ + { + name = "foo" + action = "deny" + type = "consul" + description = "foo desc" + }, + { + name = "bar" + action = "allow" + description = "bar desc" + }, + { + name = "l7" + permissions = [ + { + action = "deny" + http { + path_exact = "/admin" + header = [ + { + name = "hdr-present" + present = true + }, + { + name = "hdr-exact" + exact = "exact" + }, + { + name = "hdr-prefix" + prefix = "prefix" + }, + { + name = "hdr-suffix" + suffix = "suffix" + }, + { + name = "hdr-regex" + regex = "regex" + }, + { + name = "hdr-absent" + present = true + invert = true + } + ] + } + }, + { + action = "allow" + http { + path_prefix = "/v3/" + } + }, + { + action = "allow" + http { + path_regex = "/v[12]/.*" + methods = ["GET", "POST"] + } + } + ] + } + ] + sources { + name = "*" + action = "deny" + description = "wild desc" + } + `, + camel: ` + Kind = "service-intentions" + Name = "web" + Meta { + "foo" = "bar" + "gir" = "zim" + } + Sources = [ + { + Name = "foo" + Action = "deny" + Type = "consul" + Description = "foo desc" + }, + { + Name = "bar" + Action = "allow" + Description = "bar desc" + }, + { + Name = "l7" + Permissions = [ + { + Action = "deny" + HTTP { + PathExact = "/admin" + Header = [ + { + Name = "hdr-present" + Present = true + }, + { + Name = "hdr-exact" + Exact = "exact" + }, + { + Name = "hdr-prefix" + Prefix = "prefix" + }, + { + Name = "hdr-suffix" + Suffix = "suffix" + }, + { + Name = "hdr-regex" + Regex = "regex" + }, + { + Name = "hdr-absent" + Present = true + Invert = true + } + ] + } + }, + { + Action = "allow" + HTTP { + PathPrefix = "/v3/" + } + }, + { + Action = "allow" + HTTP { + PathRegex = "/v[12]/.*" + Methods = ["GET", "POST"] + } + } + ] + } + ] + Sources { + Name = "*" + Action = "deny" + Description = "wild desc" + } + `, + snakeJSON: ` + { + "kind": "service-intentions", + "name": "web", + "meta": { + "foo": "bar", + "gir": "zim" + }, + "sources": [ + { + "name": "foo", + "action": "deny", + "type": "consul", + "description": "foo desc" + }, + { + "name": "bar", + "action": "allow", + "description": "bar desc" + }, + { + "name": "l7", + "permissions": [ + { + "action": "deny", + "http": { + "path_exact": "/admin", + "header": [ + { + "name": "hdr-present", + "present": true + }, + { + "name": "hdr-exact", + "exact": "exact" + }, + { + "name": "hdr-prefix", + "prefix": "prefix" + }, + { + "name": "hdr-suffix", + "suffix": "suffix" + }, + { + "name": "hdr-regex", + "regex": "regex" + }, + { + "name": "hdr-absent", + "present": true, + "invert": true + } + ] + } + }, + { + "action": "allow", + "http": { + "path_prefix": "/v3/" + } + }, + { + "action": "allow", + "http": { + "path_regex": "/v[12]/.*", + "methods": [ + "GET", + "POST" + ] + } + } + ] + }, + { + "name": "*", + "action": "deny", + "description": "wild desc" + } + ] + } + `, + camelJSON: ` + { + "Kind": "service-intentions", + "Name": "web", + "Meta" : { + "foo": "bar", + "gir": "zim" + }, + "Sources": [ + { + "Name": "foo", + "Action": "deny", + "Type": "consul", + "Description": "foo desc" + }, + { + "Name": "bar", + "Action": "allow", + "Description": "bar desc" + }, + { + "Name": "l7", + "Permissions": [ + { + "Action": "deny", + "HTTP": { + "PathExact": "/admin", + "Header": [ + { + "Name": "hdr-present", + "Present": true + }, + { + "Name": "hdr-exact", + "Exact": "exact" + }, + { + "Name": "hdr-prefix", + "Prefix": "prefix" + }, + { + "Name": "hdr-suffix", + "Suffix": "suffix" + }, + { + "Name": "hdr-regex", + "Regex": "regex" + }, + { + "Name": "hdr-absent", + "Present": true, + "Invert": true + } + ] + } + }, + { + "Action": "allow", + "HTTP": { + "PathPrefix": "/v3/" + } + }, + { + "Action": "allow", + "HTTP": { + "PathRegex": "/v[12]/.*", + "Methods": [ + "GET", + "POST" + ] + } + } + ] + }, + { + "Name": "*", + "Action": "deny", + "Description": "wild desc" + } + ] + } + `, + expect: &api.ServiceIntentionsConfigEntry{ + Kind: "service-intentions", + Name: "web", + Meta: map[string]string{ + "foo": "bar", + "gir": "zim", + }, + Sources: []*api.SourceIntention{ + { + Name: "foo", + Action: "deny", + Type: "consul", + Description: "foo desc", + }, + { + Name: "bar", + Action: "allow", + Description: "bar desc", + }, + { + Name: "l7", + Permissions: []*api.IntentionPermission{ + { + Action: "deny", + HTTP: &api.IntentionHTTPPermission{ + PathExact: "/admin", + Header: []api.IntentionHTTPHeaderPermission{ + { + Name: "hdr-present", + Present: true, + }, + { + Name: "hdr-exact", + Exact: "exact", + }, + { + Name: "hdr-prefix", + Prefix: "prefix", + }, + { + Name: "hdr-suffix", + Suffix: "suffix", + }, + { + Name: "hdr-regex", + Regex: "regex", + }, + { + Name: "hdr-absent", + Present: true, + Invert: true, + }, + }, + }, + }, + { + Action: "allow", + HTTP: &api.IntentionHTTPPermission{ + PathPrefix: "/v3/", + }, + }, + { + Action: "allow", + HTTP: &api.IntentionHTTPPermission{ + PathRegex: "/v[12]/.*", + Methods: []string{"GET", "POST"}, + }, + }, + }, + }, + { + Name: "*", + Action: "deny", + Description: "wild desc", + }, + }, + }, + }, + { + name: "service-intentions: wildcard destination", + snake: ` + kind = "service-intentions" + name = "*" + sources { + name = "foo" + action = "deny" + # should be parsed, but we'll ignore it later + precedence = 6 + } + `, + camel: ` + Kind = "service-intentions" + Name = "*" + Sources { + Name = "foo" + Action = "deny" + # should be parsed, but we'll ignore it later + Precedence = 6 + } + `, + snakeJSON: ` + { + "kind": "service-intentions", + "name": "*", + "sources": [ + { + "name": "foo", + "action": "deny", + "precedence": 6 + } + ] + } + `, + camelJSON: ` + { + "Kind": "service-intentions", + "Name": "*", + "Sources": [ + { + "Name": "foo", + "Action": "deny", + "Precedence": 6 + } + ] + } + `, + expect: &api.ServiceIntentionsConfigEntry{ + Kind: "service-intentions", + Name: "*", + Sources: []*api.SourceIntention{ + { + Name: "foo", + Action: "deny", + Precedence: 6, + }, + }, + }, + }, + { + name: "mesh", + snake: ` + kind = "mesh" + meta { + "foo" = "bar" + "gir" = "zim" + } + transparent_proxy { + mesh_destinations_only = true + } + tls { + incoming { + tls_min_version = "TLSv1_1" + tls_max_version = "TLSv1_2" + cipher_suites = [ + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" + ] + } + outgoing { + tls_min_version = "TLSv1_1" + tls_max_version = "TLSv1_2" + cipher_suites = [ + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" + ] + } + } + `, + camel: ` + Kind = "mesh" + Meta { + "foo" = "bar" + "gir" = "zim" + } + TransparentProxy { + MeshDestinationsOnly = true + } + TLS { + Incoming { + TLSMinVersion = "TLSv1_1" + TLSMaxVersion = "TLSv1_2" + CipherSuites = [ + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" + ] + } + Outgoing { + TLSMinVersion = "TLSv1_1" + TLSMaxVersion = "TLSv1_2" + CipherSuites = [ + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" + ] + } + } + `, + snakeJSON: ` + { + "kind": "mesh", + "meta" : { + "foo": "bar", + "gir": "zim" + }, + "transparent_proxy": { + "mesh_destinations_only": true + }, + "tls": { + "incoming": { + "tls_min_version": "TLSv1_1", + "tls_max_version": "TLSv1_2", + "cipher_suites": [ + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" + ] + }, + "outgoing": { + "tls_min_version": "TLSv1_1", + "tls_max_version": "TLSv1_2", + "cipher_suites": [ + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" + ] + } + } + } + `, + camelJSON: ` + { + "Kind": "mesh", + "Meta" : { + "foo": "bar", + "gir": "zim" + }, + "TransparentProxy": { + "MeshDestinationsOnly": true + }, + "TLS": { + "Incoming": { + "TLSMinVersion": "TLSv1_1", + "TLSMaxVersion": "TLSv1_2", + "CipherSuites": [ + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" + ] + }, + "Outgoing": { + "TLSMinVersion": "TLSv1_1", + "TLSMaxVersion": "TLSv1_2", + "CipherSuites": [ + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" + ] + } + } + } + `, + expect: &api.MeshConfigEntry{ + Meta: map[string]string{ + "foo": "bar", + "gir": "zim", + }, + TransparentProxy: api.TransparentProxyMeshConfig{ + MeshDestinationsOnly: true, + }, + TLS: &api.MeshTLSConfig{ + Incoming: &api.MeshDirectionalTLSConfig{ + TLSMinVersion: "TLSv1_1", + TLSMaxVersion: "TLSv1_2", + CipherSuites: []string{ + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", + }, + }, + Outgoing: &api.MeshDirectionalTLSConfig{ + TLSMinVersion: "TLSv1_1", + TLSMaxVersion: "TLSv1_2", + CipherSuites: []string{ + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", + }, + }, + }, + }, + }, + { + name: "exported-services", + snake: ` + kind = "exported-services" + name = "foo" + meta { + "foo" = "bar" + "gir" = "zim" + } + services = [ + { + name = "web" + namespace = "foo" + consumers = [ + { + partition = "bar" + }, + { + partition = "baz" + }, + { + peer_name = "flarm" + } + ] + }, + { + name = "db" + namespace = "bar" + consumers = [ + { + partition = "zoo" + } + ] + } + ] + `, + camel: ` + Kind = "exported-services" + Name = "foo" + Meta { + "foo" = "bar" + "gir" = "zim" + } + Services = [ + { + Name = "web" + Namespace = "foo" + Consumers = [ + { + Partition = "bar" + }, + { + Partition = "baz" + }, + { + PeerName = "flarm" + } + ] + }, + { + Name = "db" + Namespace = "bar" + Consumers = [ + { + Partition = "zoo" + } + ] + } + ] + `, + snakeJSON: ` + { + "kind": "exported-services", + "name": "foo", + "meta": { + "foo": "bar", + "gir": "zim" + }, + "services": [ + { + "name": "web", + "namespace": "foo", + "consumers": [ + { + "partition": "bar" + }, + { + "partition": "baz" + }, + { + "peer_name": "flarm" + } + ] + }, + { + "name": "db", + "namespace": "bar", + "consumers": [ + { + "partition": "zoo" + } + ] + } + ] + } + `, + camelJSON: ` + { + "Kind": "exported-services", + "Name": "foo", + "Meta": { + "foo": "bar", + "gir": "zim" + }, + "Services": [ + { + "Name": "web", + "Namespace": "foo", + "Consumers": [ + { + "Partition": "bar" + }, + { + "Partition": "baz" + }, + { + "PeerName": "flarm" + } + ] + }, + { + "Name": "db", + "Namespace": "bar", + "Consumers": [ + { + "Partition": "zoo" + } + ] + } + ] + } + `, + expect: &api.ExportedServicesConfigEntry{ + Name: "foo", + Meta: map[string]string{ + "foo": "bar", + "gir": "zim", + }, + Services: []api.ExportedService{ + { + Name: "web", + Namespace: "foo", + Consumers: []api.ServiceConsumer{ + { + Partition: "bar", + }, + { + Partition: "baz", + }, + { + PeerName: "flarm", + }, + }, + }, + { + Name: "db", + Namespace: "bar", + Consumers: []api.ServiceConsumer{ + { + Partition: "zoo", + }, + }, + }, + }, + }, + }, + } { + tc := tc + + testbody := func(t *testing.T, body string, expect api.ConfigEntry) { + t.Helper() + got, err := ParseConfigEntry(body) + if tc.expectErr != "" { + require.Nil(t, got) + require.Error(t, err) + requireContainsLower(t, err.Error(), tc.expectErr) + } else { + require.NoError(t, err) + require.Equal(t, expect, got) + } + } + + t.Run(tc.name+" (hcl snake case)", func(t *testing.T) { + testbody(t, tc.snake, tc.expect) + }) + t.Run(tc.name+" (hcl camel case)", func(t *testing.T) { + testbody(t, tc.camel, tc.expect) + }) + if tc.snakeJSON != "" { + t.Run(tc.name+" (json snake case)", func(t *testing.T) { + if tc.expectJSON != nil { + testbody(t, tc.snakeJSON, tc.expectJSON) + } else { + testbody(t, tc.snakeJSON, tc.expect) + } + }) + } + if tc.camelJSON != "" { + t.Run(tc.name+" (json camel case)", func(t *testing.T) { + if tc.expectJSON != nil { + testbody(t, tc.camelJSON, tc.expectJSON) + } else { + testbody(t, tc.camelJSON, tc.expect) + } + }) + } + } +} + +func requireContainsLower(t *testing.T, haystack, needle string) { + t.Helper() + require.Contains(t, strings.ToLower(haystack), strings.ToLower(needle)) +} + +func intPointer(v int) *int { + return &v +} diff --git a/website/content/commands/config/delete.mdx b/website/content/commands/config/delete.mdx index bee966700..048832dda 100644 --- a/website/content/commands/config/delete.mdx +++ b/website/content/commands/config/delete.mdx @@ -56,6 +56,8 @@ Usage: `consul config delete [options]` `proxy-defaults` config entry must be `global`, and the name of the `mesh` config entry must be `mesh`. +- `-filename` - Specifies the file describing the config entry to delete. + - `-cas` - Perform a Check-And-Set operation. Specifying this value also requires the -modify-index flag to be set. The default value is false. @@ -67,3 +69,5 @@ Usage: `consul config delete [options]` $ consul config delete -kind service-defaults -name web $ consul config delete -kind service-defaults -name web -cas -modify-index 26 + + $ consul config delete -filename service-defaults-web.hcl From 626704fcda54399cfdf3c17526a0fa2de4a4ebd4 Mon Sep 17 00:00:00 2001 From: Nathan Coleman Date: Mon, 11 Jul 2022 11:26:04 -0400 Subject: [PATCH 717/785] Update website/content/docs/api-gateway/consul-api-gateway-install.mdx --- website/content/docs/api-gateway/consul-api-gateway-install.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/content/docs/api-gateway/consul-api-gateway-install.mdx b/website/content/docs/api-gateway/consul-api-gateway-install.mdx index a25564a4d..a72c5ae5d 100644 --- a/website/content/docs/api-gateway/consul-api-gateway-install.mdx +++ b/website/content/docs/api-gateway/consul-api-gateway-install.mdx @@ -27,7 +27,7 @@ Ensure that the environment you are deploying Consul API Gateway in meets the re $ kubectl apply --kustomize="github.com/hashicorp/consul-api-gateway/config/crd?ref=v$VERSION" ``` -1. Create a `values.yaml` file for your Consul API Gateway deployment by copying the following content and running it in the environment where you set the `VERSION` environment variable. The Consul Helm chart uses this `values.yaml` file to deploy the API Gateway. Available versions of the [Consul](https://hub.docker.com/r/hashicorp/consul/tags) and [Consul API Gateway](https://hub.docker.com/r/hashicorp/consul-api-gateway/tags) Docker images can be found on DockerHub, with additional context on version compatibility published in [GitHub releases](https://github.com/hashicorp/consul-api-gateway/releases). For more options to configure your Consul API Gateway deployment through the Helm chat, refer to [Helm Chart Configuration - apiGateway](https://www.consul.io/docs/k8s/helm#apigateway). +1. Create a `values.yaml` file for your Consul API Gateway deployment by copying the following content and running it in the environment where you set the `VERSION` environment variable. The Consul Helm chart uses this `values.yaml` file to deploy the API Gateway. Available versions of the [Consul](https://hub.docker.com/r/hashicorp/consul/tags) and [Consul API Gateway](https://hub.docker.com/r/hashicorp/consul-api-gateway/tags) Docker images can be found on DockerHub, with additional context on version compatibility published in [GitHub releases](https://github.com/hashicorp/consul-api-gateway/releases). For more options to configure your Consul API Gateway deployment through the Helm chart, refer to [Helm Chart Configuration - apiGateway](https://www.consul.io/docs/k8s/helm#apigateway). From 986f24ce529eb80af8ba2fb080473538f85b9149 Mon Sep 17 00:00:00 2001 From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com> Date: Mon, 11 Jul 2022 13:44:51 -0500 Subject: [PATCH 718/785] proto: ensure buf formatter has been applied to protobufs (#13709) --- .circleci/config.yml | 6 ++++-- proto/pbconfigentry/config_entry.pb.go | 12 ++++++------ proto/pbconfigentry/config_entry.proto | 8 ++++---- proto/pbsubscribe/subscribe.pb.go | 10 +++++----- proto/pbsubscribe/subscribe.proto | 2 +- 5 files changed, 20 insertions(+), 18 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index ec5d4388d..13ab71a29 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -241,7 +241,9 @@ jobs: - run: name: Install protobuf command: make proto-tools - + - run: + name: "Protobuf Format" + command: make proto-format - run: command: make --always-make proto - run: | @@ -249,7 +251,7 @@ jobs: echo "Generated code was not updated correctly" exit 1 fi - - run: + - run: name: "Protobuf Lint" command: make proto-lint diff --git a/proto/pbconfigentry/config_entry.pb.go b/proto/pbconfigentry/config_entry.pb.go index 43ae89f6a..f1f6b59ba 100644 --- a/proto/pbconfigentry/config_entry.pb.go +++ b/proto/pbconfigentry/config_entry.pb.go @@ -2254,12 +2254,12 @@ var file_proto_pbconfigentry_config_entry_proto_rawDesc = []byte{ 0x0a, 0x26, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0b, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, - 0x65, 0x6e, 0x74, 0x72, 0x79, 0x1a, 0x1b, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x63, - 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x62, 0x75, 0x66, 0x2f, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x62, 0x75, 0x66, 0x2f, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x2e, 0x70, 0x72, + 0x65, 0x6e, 0x74, 0x72, 0x79, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1b, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, + 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xde, 0x03, 0x0a, 0x0b, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x25, 0x0a, 0x04, 0x4b, 0x69, 0x6e, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x11, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, diff --git a/proto/pbconfigentry/config_entry.proto b/proto/pbconfigentry/config_entry.proto index 33cee0999..36e317703 100644 --- a/proto/pbconfigentry/config_entry.proto +++ b/proto/pbconfigentry/config_entry.proto @@ -1,10 +1,10 @@ syntax = "proto3"; -import "proto/pbcommon/common.proto"; +package configentry; + import "google/protobuf/duration.proto"; import "google/protobuf/timestamp.proto"; - -package configentry; +import "proto/pbcommon/common.proto"; enum Kind { KindUnknown = 0; @@ -240,7 +240,7 @@ message IngressListener { int32 Port = 1; string Protocol = 2; repeated IngressService Services = 3; - GatewayTLSConfig TLS = 4; + GatewayTLSConfig TLS = 4; } // mog annotation: diff --git a/proto/pbsubscribe/subscribe.pb.go b/proto/pbsubscribe/subscribe.pb.go index e3e992ea4..b4d699b6c 100644 --- a/proto/pbsubscribe/subscribe.pb.go +++ b/proto/pbsubscribe/subscribe.pb.go @@ -755,11 +755,11 @@ var File_proto_pbsubscribe_subscribe_proto protoreflect.FileDescriptor var file_proto_pbsubscribe_subscribe_proto_rawDesc = []byte{ 0x0a, 0x21, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x2f, 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x12, 0x09, 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x1a, 0x1a, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2f, - 0x6e, 0x6f, 0x64, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x26, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x2f, 0x70, 0x62, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2f, - 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x70, 0x72, 0x6f, + 0x6f, 0x74, 0x6f, 0x12, 0x09, 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x1a, 0x26, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, + 0x74, 0x72, 0x79, 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1a, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, + 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2f, 0x6e, 0x6f, 0x64, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x78, 0x0a, 0x0c, 0x4e, 0x61, 0x6d, 0x65, 0x64, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x4b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x4b, 0x65, 0x79, 0x12, 0x1c, 0x0a, 0x09, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, diff --git a/proto/pbsubscribe/subscribe.proto b/proto/pbsubscribe/subscribe.proto index f5bbcea9e..7808cc5bf 100644 --- a/proto/pbsubscribe/subscribe.proto +++ b/proto/pbsubscribe/subscribe.proto @@ -5,8 +5,8 @@ syntax = "proto3"; package subscribe; -import "proto/pbservice/node.proto"; import "proto/pbconfigentry/config_entry.proto"; +import "proto/pbservice/node.proto"; // StateChangeSubscription service allows consumers to subscribe to topics of // state change events. Events are streamed as they happen. From affae7ae8301c126af9e98c5d2cb3a9ee9589edc Mon Sep 17 00:00:00 2001 From: Michael Wilkerson <62034708+wilkermichael@users.noreply.github.com> Date: Mon, 11 Jul 2022 15:03:18 -0700 Subject: [PATCH 719/785] update docs (#13711) * update docs * Update website/content/docs/nia/enterprise/index.mdx Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> --- website/content/docs/nia/enterprise/index.mdx | 3 +++ 1 file changed, 3 insertions(+) diff --git a/website/content/docs/nia/enterprise/index.mdx b/website/content/docs/nia/enterprise/index.mdx index d5349cca2..38f8260f2 100644 --- a/website/content/docs/nia/enterprise/index.mdx +++ b/website/content/docs/nia/enterprise/index.mdx @@ -25,3 +25,6 @@ Enterprise features of CTS address organization complexities of collaboration, o | Governance | | [Sentinel](https://www.terraform.io/docs/cloud/sentinel/index.html) to enforce governance policies as code | The [Terraform Cloud driver](/docs/nia/configuration#terraform-cloud-driver) enables CTS Enterprise to integrate with Terraform Cloud or Terraform Enterprise. The [Terraform Cloud driver](/docs/nia/network-drivers/terraform-cloud) page provides an overview of how the integration works within CTS. + +## Consul Admin Partition Support +CTS subscribes to a Consul agent. Depending on the admin partition the Consul agent is a part of and the services within the admin partition, CTS will be able to subscribe to those services and support the automation workflow. As such, admin partitions are not relevant to the CTS workflow. We recommend deploying a single CTS instance that subscribes to services/KV within a single partition and using a different CTS instance (or instances) to subscribe to services/KV in another partition. From d25b02546867ccb1adfd7526f6e8ef2694a6b3b0 Mon Sep 17 00:00:00 2001 From: Michael Klein Date: Tue, 12 Jul 2022 13:02:45 +0200 Subject: [PATCH 720/785] ui: use environment variable for feature flagging peers (#13703) * ui: use environment variable for feature flagging peers * Add documentation for `features`-service * Allow setting feature flag for peers via bookmarklet * don't use features service for flagging peers * add ability for checking if peers feature is enabled * Use abilities to conditionally use peers feature * Remove unused features service --- ui/packages/consul-ui/app/abilities/peer.js | 12 +++++++----- ui/packages/consul-ui/app/adapters/node.js | 4 ++-- ui/packages/consul-ui/app/adapters/service.js | 4 ++-- .../app/components/hashicorp-consul/index.hbs | 2 +- ui/packages/consul-ui/app/helpers/feature-flag.js | 10 ---------- ui/packages/consul-ui/app/routes/dc/peers.js | 4 ++-- ui/packages/consul-ui/app/services/features.js | 13 ------------- ui/packages/consul-ui/app/utils/get-environment.js | 10 +++++++++- ui/packages/consul-ui/config/environment.js | 11 ++++------- ui/packages/consul-ui/docs/bookmarklets.mdx | 1 + 10 files changed, 28 insertions(+), 43 deletions(-) delete mode 100644 ui/packages/consul-ui/app/helpers/feature-flag.js delete mode 100644 ui/packages/consul-ui/app/services/features.js diff --git a/ui/packages/consul-ui/app/abilities/peer.js b/ui/packages/consul-ui/app/abilities/peer.js index acd09956b..89d5c0040 100644 --- a/ui/packages/consul-ui/app/abilities/peer.js +++ b/ui/packages/consul-ui/app/abilities/peer.js @@ -1,6 +1,9 @@ import BaseAbility from 'consul-ui/abilities/base'; +import { inject as service } from '@ember/service'; export default class PeerAbility extends BaseAbility { + @service('env') env; + resource = 'operator'; segmented = false; @@ -9,11 +12,10 @@ export default class PeerAbility extends BaseAbility { } get canDelete() { // TODO: Need to confirm these states - return ![ - 'DELETING', - 'TERMINATED', - 'UNDEFINED' - ].includes(this.item.State); + return !['DELETING', 'TERMINATED', 'UNDEFINED'].includes(this.item.State); } + get canUse() { + return this.env.var('CONSUL_PEERING_ENABLED'); + } } diff --git a/ui/packages/consul-ui/app/adapters/node.js b/ui/packages/consul-ui/app/adapters/node.js index 6df3b3b02..6e30108c7 100644 --- a/ui/packages/consul-ui/app/adapters/node.js +++ b/ui/packages/consul-ui/app/adapters/node.js @@ -11,12 +11,12 @@ import { inject as service } from '@ember/service'; // to the node. export default class NodeAdapter extends Adapter { - @service features; + @service abilities; get peeringQuery() { const query = {}; - if (this.features.isEnabled('peering')) { + if (this.abilities.can('use peers')) { query['with-peers'] = true; } diff --git a/ui/packages/consul-ui/app/adapters/service.js b/ui/packages/consul-ui/app/adapters/service.js index d0dda48e4..7507c41b6 100644 --- a/ui/packages/consul-ui/app/adapters/service.js +++ b/ui/packages/consul-ui/app/adapters/service.js @@ -2,12 +2,12 @@ import Adapter from './application'; import { inject as service } from '@ember/service'; export default class ServiceAdapter extends Adapter { - @service features; + @service abilities; get peeringQuery() { const query = {}; - if (this.features.isEnabled('peering')) { + if (this.abilities.can('use peers')) { query['with-peers'] = true; } diff --git a/ui/packages/consul-ui/app/components/hashicorp-consul/index.hbs b/ui/packages/consul-ui/app/components/hashicorp-consul/index.hbs index 2a98a7685..d19eadb3a 100644 --- a/ui/packages/consul-ui/app/components/hashicorp-consul/index.hbs +++ b/ui/packages/consul-ui/app/components/hashicorp-consul/index.hbs @@ -146,7 +146,7 @@ @partition={{@partition}} @nspace={{@nspace}} /> - {{#if (feature-flag "peering")}} + {{#if (can "use peers")}}
    • Organization
      • diff --git a/ui/packages/consul-ui/app/helpers/feature-flag.js b/ui/packages/consul-ui/app/helpers/feature-flag.js deleted file mode 100644 index bf5c27318..000000000 --- a/ui/packages/consul-ui/app/helpers/feature-flag.js +++ /dev/null @@ -1,10 +0,0 @@ -import Helper from '@ember/component/helper'; -import { inject as service } from '@ember/service'; - -export default class extends Helper { - @service features; - - compute([feature]) { - return this.features.isEnabled(feature); - } -} diff --git a/ui/packages/consul-ui/app/routes/dc/peers.js b/ui/packages/consul-ui/app/routes/dc/peers.js index 195d1e2a1..b09a9d4d0 100644 --- a/ui/packages/consul-ui/app/routes/dc/peers.js +++ b/ui/packages/consul-ui/app/routes/dc/peers.js @@ -2,10 +2,10 @@ import { inject as service } from '@ember/service'; import Route from '@ember/routing/route'; export default class PeersRoute extends Route { - @service features; + @service abilities; beforeModel() { - if (!this.features.isEnabled('peering')) { + if (!this.abilities.can('use peers')) { this.transitionTo('dc.services.index'); } } diff --git a/ui/packages/consul-ui/app/services/features.js b/ui/packages/consul-ui/app/services/features.js deleted file mode 100644 index bbfc53748..000000000 --- a/ui/packages/consul-ui/app/services/features.js +++ /dev/null @@ -1,13 +0,0 @@ -import Service, { inject as service } from '@ember/service'; - -export default class FeatureService extends Service { - @service env; - - get features() { - return this.env.var('features'); - } - - isEnabled(featureName) { - return !!this.features?.[featureName]; - } -} diff --git a/ui/packages/consul-ui/app/utils/get-environment.js b/ui/packages/consul-ui/app/utils/get-environment.js index 157eef2f8..d6dc699d6 100644 --- a/ui/packages/consul-ui/app/utils/get-environment.js +++ b/ui/packages/consul-ui/app/utils/get-environment.js @@ -124,13 +124,17 @@ export default function(config = {}, win = window, doc = document) { return typeof operatorConfig.PartitionsEnabled === 'undefined' ? false : operatorConfig.PartitionsEnabled; + case 'CONSUL_PEERING_ENABLED': + return typeof operatorConfig.PeeringEnabled === 'undefined' + ? false + : operatorConfig.PeeringEnabled; case 'CONSUL_DATACENTER_LOCAL': return operatorConfig.LocalDatacenter; case 'CONSUL_DATACENTER_PRIMARY': return operatorConfig.PrimaryDatacenter; case 'CONSUL_UI_CONFIG': dashboards = { - service: undefined + service: undefined, }; provider = env('CONSUL_METRICS_PROVIDER'); proxy = env('CONSUL_METRICS_PROXY_ENABLED'); @@ -209,6 +213,9 @@ export default function(config = {}, win = window, doc = document) { case 'CONSUL_METRICS_PROXY_ENABLE': prev['CONSUL_METRICS_PROXY_ENABLED'] = !!JSON.parse(String(value).toLowerCase()); break; + case 'CONSUL_PEERING_ENABLE': + prev['CONSUL_PEERING_ENABLED'] = !!JSON.parse(String(value).toLowerCase()); + break; case 'CONSUL_UI_CONFIG': prev['CONSUL_UI_CONFIG'] = JSON.parse(value); break; @@ -241,6 +248,7 @@ export default function(config = {}, win = window, doc = document) { case 'CONSUL_DATACENTER_PRIMARY': case 'CONSUL_ACLS_ENABLED': case 'CONSUL_NSPACES_ENABLED': + case 'CONSUL_PEERING_ENABLED': case 'CONSUL_SSO_ENABLED': case 'CONSUL_PARTITIONS_ENABLED': case 'CONSUL_METRICS_PROVIDER': diff --git a/ui/packages/consul-ui/config/environment.js b/ui/packages/consul-ui/config/environment.js index f62c13efc..b4b756271 100644 --- a/ui/packages/consul-ui/config/environment.js +++ b/ui/packages/consul-ui/config/environment.js @@ -82,6 +82,7 @@ module.exports = function(environment, $ = process.env) { ACLsEnabled: false, NamespacesEnabled: false, SSOEnabled: false, + PeeringEnabled: env('CONSUL_PEERING_ENABLED', false), PartitionsEnabled: false, LocalDatacenter: env('CONSUL_DATACENTER_LOCAL', 'dc1'), PrimaryDatacenter: env('CONSUL_DATACENTER_PRIMARY', 'dc1'), @@ -105,15 +106,13 @@ module.exports = function(environment, $ = process.env) { ACLsEnabled: env('CONSUL_ACLS_ENABLED', true), NamespacesEnabled: env('CONSUL_NSPACES_ENABLED', false), SSOEnabled: env('CONSUL_SSO_ENABLED', false), + // in testing peering feature is on by default + PeeringEnabled: env('CONSUL_PEERING_ENABLED', true), PartitionsEnabled: env('CONSUL_PARTITIONS_ENABLED', false), LocalDatacenter: env('CONSUL_DATACENTER_LOCAL', 'dc1'), PrimaryDatacenter: env('CONSUL_DATACENTER_PRIMARY', 'dc1'), }, - features: { - peering: true, - }, - '@hashicorp/ember-cli-api-double': { 'auto-import': false, enabled: true, @@ -134,15 +133,13 @@ module.exports = function(environment, $ = process.env) { autoboot: false, }), }); + break; case environment === 'development': ENV = Object.assign({}, ENV, { torii: { disableRedirectInitializer: true, }, - features: { - peering: true, - }, }); break; case environment === 'staging': diff --git a/ui/packages/consul-ui/docs/bookmarklets.mdx b/ui/packages/consul-ui/docs/bookmarklets.mdx index cc19f7217..4da4cec68 100644 --- a/ui/packages/consul-ui/docs/bookmarklets.mdx +++ b/ui/packages/consul-ui/docs/bookmarklets.mdx @@ -12,6 +12,7 @@ Below is a list of the most commonly used functions as bookmarklets followed by | [Enable ACLs](javascript:Scenario('CONSUL_ACLS_ENABLE=1')) | Enable ACLs | | [Enable TProxy](javascript:Scenario('CONSUL_TPROXY_ENABLE=1')) | Enable TProxy | | [Enable Nspaces](javascript:Scenario('CONSUL_NSPACES_ENABLE=1')) | Enable Namespace Support | +| [Enable Peers](javascript:Scenario('CONSUL_PEERING_ENABLE=1')) | Enable Peers Support | | [Enable Partitions](javascript:Scenario('CONSUL_PARTITIONS_ENABLE=1')) | Enable Admin Partition Support | | [Enable SSO](javascript:Scenario('CONSUL_SSO_ENABLE=1')) | Enable SSO Support | | [Enable Metrics](javascript:Scenario('CONSUL_METRICS_PROXY_ENABLE=1;CONSUL_METRICS_PROVIDER=prometheus')) | Enable all configuration required for viewing the full Metrics Visualization | From 9f5ab3ec10d9133fb7e0a498a5c452f44478ca59 Mon Sep 17 00:00:00 2001 From: "Chris S. Kim" Date: Tue, 12 Jul 2022 11:09:00 -0400 Subject: [PATCH 721/785] Return error if ServerAddresses is empty (#13714) --- agent/consul/peering_backend.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/agent/consul/peering_backend.go b/agent/consul/peering_backend.go index 30fda81f8..4447d962a 100644 --- a/agent/consul/peering_backend.go +++ b/agent/consul/peering_backend.go @@ -70,6 +70,9 @@ func (b *PeeringBackend) GetServerAddresses() ([]string, error) { } addrs = append(addrs, node.Address+":"+grpcPortStr) } + if len(addrs) == 0 { + return nil, fmt.Errorf("a grpc bind port must be specified in the configuration for all servers") + } return addrs, nil } From 4a62ef296d657b65b697acb8f7d32f8439285d98 Mon Sep 17 00:00:00 2001 From: Michael Klein Date: Tue, 12 Jul 2022 17:16:47 +0200 Subject: [PATCH 722/785] ui: peer permission handling (#13724) * Request peering permissions when peerings is active * Update peering ability to use peering resource * fix canDelete peer permission to check write permission * use super call in abilities.peer#canDelete --- ui/packages/consul-ui/app/abilities/peer.js | 4 ++-- .../app/services/repository/permission.js | 20 ++++++++++++++++++- 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/ui/packages/consul-ui/app/abilities/peer.js b/ui/packages/consul-ui/app/abilities/peer.js index 89d5c0040..43ec791ab 100644 --- a/ui/packages/consul-ui/app/abilities/peer.js +++ b/ui/packages/consul-ui/app/abilities/peer.js @@ -4,7 +4,7 @@ import { inject as service } from '@ember/service'; export default class PeerAbility extends BaseAbility { @service('env') env; - resource = 'operator'; + resource = 'peering'; segmented = false; get isLinkable() { @@ -12,7 +12,7 @@ export default class PeerAbility extends BaseAbility { } get canDelete() { // TODO: Need to confirm these states - return !['DELETING', 'TERMINATED', 'UNDEFINED'].includes(this.item.State); + return !['DELETING', 'TERMINATED', 'UNDEFINED'].includes(this.item.State) && super.canDelete; } get canUse() { diff --git a/ui/packages/consul-ui/app/services/repository/permission.js b/ui/packages/consul-ui/app/services/repository/permission.js index 08c96e3e4..8b15ddd1b 100644 --- a/ui/packages/consul-ui/app/services/repository/permission.js +++ b/ui/packages/consul-ui/app/services/repository/permission.js @@ -57,6 +57,16 @@ const REQUIRED_PERMISSIONS = [ Access: 'write', }, ]; +const PEERING_PERMISSIONS = [ + { + Resource: 'peering', + Access: 'read', + }, + { + Resource: 'peering', + Access: 'write', + }, +]; export default class PermissionService extends RepositoryService { @service('env') env; @service('abilities') _can; @@ -146,7 +156,7 @@ export default class PermissionService extends RepositoryService { @dataSource('/:partition/:nspace/:dc/permissions') async findAll(params) { - params.resources = REQUIRED_PERMISSIONS; + params.resources = this.permissionsToRequest; this.permissions = await this.findByPermissions(params); /**/ // Temporarily revert to pre-1.10 UI functionality by overwriting frontend @@ -162,4 +172,12 @@ export default class PermissionService extends RepositoryService { /**/ return this.permissions; } + + get permissionsToRequest() { + if (this._can.can('use peers')) { + return [...REQUIRED_PERMISSIONS, ...PEERING_PERMISSIONS]; + } else { + return REQUIRED_PERMISSIONS; + } + } } From 2c329475ce90b66a4b8c94e8483041b3d79a8a71 Mon Sep 17 00:00:00 2001 From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com> Date: Tue, 12 Jul 2022 11:03:41 -0500 Subject: [PATCH 723/785] state: prohibit exported discovery chains to have cross-datacenter or cross-partition references (#13726) Because peerings are pairwise, between two tuples of (datacenter, partition) having any exported reference via a discovery chain that crosses out of the peered datacenter or partition will ultimately not be able to work for various reasons. The biggest one is that there is no way in the ultimate destination to configure an intention that can allow an external SpiffeID to access a service. This PR ensures that a user simply cannot do this, so they won't run into weird situations like this. --- agent/consul/state/config_entry.go | 204 +++++++- agent/consul/state/config_entry_test.go | 458 ++++++++++-------- agent/consul/state/peering.go | 114 ++++- .../peerstream/subscription_manager_test.go | 6 +- agent/proxycfg/testing_mesh_gateway.go | 25 +- agent/xds/clusters.go | 8 + agent/xds/endpoints.go | 73 ++- ...ed-services-http-with-router.latest.golden | 133 +++-- ...ed-services-http-with-router.latest.golden | 68 --- ...ed-services-http-with-router.latest.golden | 17 - ...ed-services-http-with-router.latest.golden | 2 +- 11 files changed, 655 insertions(+), 453 deletions(-) diff --git a/agent/consul/state/config_entry.go b/agent/consul/state/config_entry.go index 02731d1b0..7da7b2176 100644 --- a/agent/consul/state/config_entry.go +++ b/agent/consul/state/config_entry.go @@ -138,7 +138,12 @@ func (s *Store) ConfigEntriesByKind(ws memdb.WatchSet, kind string, entMeta *acl return configEntriesByKindTxn(tx, ws, kind, entMeta) } -func listDiscoveryChainNamesTxn(tx ReadTxn, ws memdb.WatchSet, entMeta acl.EnterpriseMeta) (uint64, []structs.ServiceName, error) { +func listDiscoveryChainNamesTxn( + tx ReadTxn, + ws memdb.WatchSet, + overrides map[configentry.KindName]structs.ConfigEntry, + entMeta acl.EnterpriseMeta, +) (uint64, []structs.ServiceName, error) { // Get the index and watch for updates idx := maxIndexWatchTxn(tx, ws, tableConfigEntries) @@ -160,6 +165,15 @@ func listDiscoveryChainNamesTxn(tx ReadTxn, ws memdb.WatchSet, entMeta acl.Enter sn := structs.NewServiceName(entry.GetName(), entry.GetEnterpriseMeta()) seen[sn] = struct{}{} } + + for kn, entry := range overrides { + sn := structs.NewServiceName(kn.Name, &kn.EnterpriseMeta) + if entry != nil { + seen[sn] = struct{}{} + } else { + delete(seen, sn) + } + } } results := maps.SliceOfKeys(seen) @@ -506,7 +520,7 @@ var serviceGraphKinds = []string{ // discoveryChainTargets will return a list of services listed as a target for the input's discovery chain func (s *Store) discoveryChainTargetsTxn(tx ReadTxn, ws memdb.WatchSet, dc, service string, entMeta *acl.EnterpriseMeta) (uint64, []structs.ServiceName, error) { - idx, targets, err := s.discoveryChainOriginalTargetsTxn(tx, ws, dc, service, entMeta) + idx, targets, err := discoveryChainOriginalTargetsTxn(tx, ws, dc, service, entMeta) if err != nil { return 0, nil, err } @@ -524,7 +538,12 @@ func (s *Store) discoveryChainTargetsTxn(tx ReadTxn, ws memdb.WatchSet, dc, serv return idx, resp, nil } -func (s *Store) discoveryChainOriginalTargetsTxn(tx ReadTxn, ws memdb.WatchSet, dc, service string, entMeta *acl.EnterpriseMeta) (uint64, []*structs.DiscoveryTarget, error) { +func discoveryChainOriginalTargetsTxn( + tx ReadTxn, + ws memdb.WatchSet, + dc, service string, + entMeta *acl.EnterpriseMeta, +) (uint64, []*structs.DiscoveryTarget, error) { source := structs.NewServiceName(service, entMeta) req := discoverychain.CompileRequest{ ServiceName: source.Name, @@ -532,7 +551,7 @@ func (s *Store) discoveryChainOriginalTargetsTxn(tx ReadTxn, ws memdb.WatchSet, EvaluateInPartition: source.PartitionOrDefault(), EvaluateInDatacenter: dc, } - idx, chain, _, err := s.serviceDiscoveryChainTxn(tx, ws, source.Name, entMeta, req) + idx, chain, _, err := serviceDiscoveryChainTxn(tx, ws, source.Name, entMeta, req) if err != nil { return 0, nil, fmt.Errorf("failed to fetch discovery chain for %q: %v", source.String(), err) } @@ -579,7 +598,7 @@ func (s *Store) discoveryChainSourcesTxn(tx ReadTxn, ws memdb.WatchSet, dc strin EvaluateInPartition: sn.PartitionOrDefault(), EvaluateInDatacenter: dc, } - idx, chain, _, err := s.serviceDiscoveryChainTxn(tx, ws, sn.Name, &sn.EnterpriseMeta, req) + idx, chain, _, err := serviceDiscoveryChainTxn(tx, ws, sn.Name, &sn.EnterpriseMeta, req) if err != nil { return 0, nil, fmt.Errorf("failed to fetch discovery chain for %q: %v", sn.String(), err) } @@ -620,7 +639,28 @@ func validateProposedConfigEntryInServiceGraph( wildcardEntMeta := kindName.WithWildcardNamespace() switch kindName.Kind { - case structs.ExportedServices, structs.MeshConfig: + case structs.ExportedServices: + // This is the case for deleting a config entry + if newEntry == nil { + return nil + } + + entry := newEntry.(*structs.ExportedServicesConfigEntry) + + _, serviceList, err := listServicesExportedToAnyPeerByConfigEntry(nil, tx, entry, nil) + if err != nil { + return err + } + + for _, sn := range serviceList { + if err := validateChainIsPeerExportSafe(tx, sn, nil); err != nil { + return err + } + } + + return nil + + case structs.MeshConfig: // Exported services and mesh config do not influence discovery chains. return nil @@ -759,8 +799,9 @@ func validateProposedConfigEntryInServiceGraph( } var ( - svcProtocols = make(map[structs.ServiceID]string) - svcTopNodeType = make(map[structs.ServiceID]string) + svcProtocols = make(map[structs.ServiceID]string) + svcTopNodeType = make(map[structs.ServiceID]string) + exportedServicesByPartition = make(map[string]map[structs.ServiceName]struct{}) ) for chain := range checkChains { protocol, topNode, err := testCompileDiscoveryChain(tx, chain.ID, overrides, &chain.EnterpriseMeta) @@ -769,6 +810,27 @@ func validateProposedConfigEntryInServiceGraph( } svcProtocols[chain] = protocol svcTopNodeType[chain] = topNode.Type + + chainSvc := structs.NewServiceName(chain.ID, &chain.EnterpriseMeta) + + // Validate that we aren't adding a cross-datacenter or cross-partition + // reference to a peer-exported service's discovery chain by this pending + // edit. + partition := chain.PartitionOrDefault() + exportedServices, ok := exportedServicesByPartition[partition] + if !ok { + entMeta := structs.NodeEnterpriseMetaInPartition(partition) + _, exportedServices, err = listAllExportedServices(nil, tx, overrides, *entMeta) + if err != nil { + return err + } + exportedServicesByPartition[partition] = exportedServices + } + if _, exported := exportedServices[chainSvc]; exported { + if err := validateChainIsPeerExportSafe(tx, chainSvc, overrides); err != nil { + return err + } + } } // Now validate all of our ingress gateways. @@ -828,9 +890,75 @@ func validateProposedConfigEntryInServiceGraph( return nil } +func validateChainIsPeerExportSafe( + tx ReadTxn, + exportedSvc structs.ServiceName, + overrides map[configentry.KindName]structs.ConfigEntry, +) error { + _, chainEntries, err := readDiscoveryChainConfigEntriesTxn(tx, nil, exportedSvc.Name, overrides, &exportedSvc.EnterpriseMeta) + if err != nil { + return fmt.Errorf("error reading discovery chain for %q during config entry validation: %w", exportedSvc, err) + } + + emptyOrMatchesEntryPartition := func(entry structs.ConfigEntry, found string) bool { + if found == "" { + return true + } + return acl.EqualPartitions(entry.GetEnterpriseMeta().PartitionOrEmpty(), found) + } + + for _, e := range chainEntries.Routers { + for _, route := range e.Routes { + if route.Destination == nil { + continue + } + if !emptyOrMatchesEntryPartition(e, route.Destination.Partition) { + return fmt.Errorf("peer exported service %q contains cross-partition route destination", exportedSvc) + } + } + } + + for _, e := range chainEntries.Splitters { + for _, split := range e.Splits { + if !emptyOrMatchesEntryPartition(e, split.Partition) { + return fmt.Errorf("peer exported service %q contains cross-partition split destination", exportedSvc) + } + } + } + + for _, e := range chainEntries.Resolvers { + if e.Redirect != nil { + if e.Redirect.Datacenter != "" { + return fmt.Errorf("peer exported service %q contains cross-datacenter resolver redirect", exportedSvc) + } + if !emptyOrMatchesEntryPartition(e, e.Redirect.Partition) { + return fmt.Errorf("peer exported service %q contains cross-partition resolver redirect", exportedSvc) + } + } + if e.Failover != nil { + for _, failover := range e.Failover { + if len(failover.Datacenters) > 0 { + return fmt.Errorf("peer exported service %q contains cross-datacenter failover", exportedSvc) + } + } + } + } + + return nil +} + // testCompileDiscoveryChain speculatively compiles a discovery chain with // pending modifications to see if it would be valid. Also returns the computed // protocol and topmost discovery chain node. +// +// If provided, the overrides map will service reads of specific config entries +// instead of the state store if the config entry kind name is present in the +// map. A nil in the map implies that the config entry should be tombstoned +// during evaluation and treated as erased. +// +// The override map lets us speculatively compile a discovery chain to see if +// doing so would error, so we can ultimately block config entry writes from +// happening. func testCompileDiscoveryChain( tx ReadTxn, chainName string, @@ -871,10 +999,10 @@ func (s *Store) ServiceDiscoveryChain( tx := s.db.ReadTxn() defer tx.Abort() - return s.serviceDiscoveryChainTxn(tx, ws, serviceName, entMeta, req) + return serviceDiscoveryChainTxn(tx, ws, serviceName, entMeta, req) } -func (s *Store) serviceDiscoveryChainTxn( +func serviceDiscoveryChainTxn( tx ReadTxn, ws memdb.WatchSet, serviceName string, @@ -888,7 +1016,7 @@ func (s *Store) serviceDiscoveryChainTxn( } req.Entries = entries - _, config, err := s.CAConfig(ws) + _, config, err := caConfigTxn(tx, ws) if err != nil { return 0, nil, nil, err } else if config == nil { @@ -1268,7 +1396,9 @@ func anyKey(m map[structs.ServiceID]struct{}) (structs.ServiceID, bool) { // getProxyConfigEntryTxn is a convenience method for fetching a // proxy-defaults kind of config entry. // -// If an override is returned the index returned will be 0. +// If an override KEY is present for the requested config entry, the index +// returned will be 0. Any override VALUE (nil or otherwise) will be returned +// if there is a KEY match. func getProxyConfigEntryTxn( tx ReadTxn, ws memdb.WatchSet, @@ -1293,7 +1423,9 @@ func getProxyConfigEntryTxn( // getServiceConfigEntryTxn is a convenience method for fetching a // service-defaults kind of config entry. // -// If an override is returned the index returned will be 0. +// If an override KEY is present for the requested config entry, the index +// returned will be 0. Any override VALUE (nil or otherwise) will be returned +// if there is a KEY match. func getServiceConfigEntryTxn( tx ReadTxn, ws memdb.WatchSet, @@ -1318,7 +1450,9 @@ func getServiceConfigEntryTxn( // getRouterConfigEntryTxn is a convenience method for fetching a // service-router kind of config entry. // -// If an override is returned the index returned will be 0. +// If an override KEY is present for the requested config entry, the index +// returned will be 0. Any override VALUE (nil or otherwise) will be returned +// if there is a KEY match. func getRouterConfigEntryTxn( tx ReadTxn, ws memdb.WatchSet, @@ -1343,7 +1477,9 @@ func getRouterConfigEntryTxn( // getSplitterConfigEntryTxn is a convenience method for fetching a // service-splitter kind of config entry. // -// If an override is returned the index returned will be 0. +// If an override KEY is present for the requested config entry, the index +// returned will be 0. Any override VALUE (nil or otherwise) will be returned +// if there is a KEY match. func getSplitterConfigEntryTxn( tx ReadTxn, ws memdb.WatchSet, @@ -1368,7 +1504,9 @@ func getSplitterConfigEntryTxn( // getResolverConfigEntryTxn is a convenience method for fetching a // service-resolver kind of config entry. // -// If an override is returned the index returned will be 0. +// If an override KEY is present for the requested config entry, the index +// returned will be 0. Any override VALUE (nil or otherwise) will be returned +// if there is a KEY match. func getResolverConfigEntryTxn( tx ReadTxn, ws memdb.WatchSet, @@ -1393,7 +1531,9 @@ func getResolverConfigEntryTxn( // getServiceIntentionsConfigEntryTxn is a convenience method for fetching a // service-intentions kind of config entry. // -// If an override is returned the index returned will be 0. +// If an override KEY is present for the requested config entry, the index +// returned will be 0. Any override VALUE (nil or otherwise) will be returned +// if there is a KEY match. func getServiceIntentionsConfigEntryTxn( tx ReadTxn, ws memdb.WatchSet, @@ -1415,6 +1555,32 @@ func getServiceIntentionsConfigEntryTxn( return idx, ixn, nil } +// getExportedServicesConfigEntryTxn is a convenience method for fetching a +// exported-services kind of config entry. +// +// If an override KEY is present for the requested config entry, the index +// returned will be 0. Any override VALUE (nil or otherwise) will be returned +// if there is a KEY match. +func getExportedServicesConfigEntryTxn( + tx ReadTxn, + ws memdb.WatchSet, + overrides map[configentry.KindName]structs.ConfigEntry, + entMeta *acl.EnterpriseMeta, +) (uint64, *structs.ExportedServicesConfigEntry, error) { + idx, entry, err := configEntryWithOverridesTxn(tx, ws, structs.ExportedServices, entMeta.PartitionOrDefault(), overrides, entMeta) + if err != nil { + return 0, nil, err + } else if entry == nil { + return idx, nil, nil + } + + export, ok := entry.(*structs.ExportedServicesConfigEntry) + if !ok { + return 0, nil, fmt.Errorf("invalid service config type %T", entry) + } + return idx, export, nil +} + func configEntryWithOverridesTxn( tx ReadTxn, ws memdb.WatchSet, @@ -1443,12 +1609,12 @@ func protocolForService( svc structs.ServiceName, ) (uint64, string, error) { // Get the global proxy defaults (for default protocol) - maxIdx, proxyConfig, err := configEntryTxn(tx, ws, structs.ProxyDefaults, structs.ProxyConfigGlobal, &svc.EnterpriseMeta) + maxIdx, proxyConfig, err := getProxyConfigEntryTxn(tx, ws, structs.ProxyConfigGlobal, nil, &svc.EnterpriseMeta) if err != nil { return 0, "", err } - idx, serviceDefaults, err := configEntryTxn(tx, ws, structs.ServiceDefaults, svc.Name, &svc.EnterpriseMeta) + idx, serviceDefaults, err := getServiceConfigEntryTxn(tx, ws, svc.Name, nil, &svc.EnterpriseMeta) if err != nil { return 0, "", err } diff --git a/agent/consul/state/config_entry_test.go b/agent/consul/state/config_entry_test.go index b874f41af..92f2a8860 100644 --- a/agent/consul/state/config_entry_test.go +++ b/agent/consul/state/config_entry_test.go @@ -843,24 +843,75 @@ func TestStore_Service_TerminatingGateway_Kind_Service_Destination_Wildcard(t *t } func TestStore_ConfigEntry_GraphValidation(t *testing.T) { + ensureConfigEntry := func(s *Store, idx uint64, entry structs.ConfigEntry) error { + if err := entry.Normalize(); err != nil { + return err + } + if err := entry.Validate(); err != nil { + return err + } + return s.EnsureConfigEntry(0, entry) + } + type tcase struct { entries []structs.ConfigEntry - op func(t *testing.T, s *Store) error + opAdd structs.ConfigEntry + opDelete configentry.KindName expectErr string expectGraphErr bool } + + EMPTY_KN := configentry.KindName{} + + run := func(t *testing.T, tc tcase) { + s := testConfigStateStore(t) + for _, entry := range tc.entries { + require.NoError(t, ensureConfigEntry(s, 0, entry)) + } + + nOps := 0 + if tc.opAdd != nil { + nOps++ + } + if tc.opDelete != EMPTY_KN { + nOps++ + } + require.Equal(t, 1, nOps, "exactly one operation is required") + + var err error + switch { + case tc.opAdd != nil: + err = ensureConfigEntry(s, 0, tc.opAdd) + case tc.opDelete != EMPTY_KN: + kn := tc.opDelete + err = s.DeleteConfigEntry(0, kn.Kind, kn.Name, &kn.EnterpriseMeta) + default: + t.Fatal("not possible") + } + + if tc.expectErr != "" { + require.Error(t, err) + require.Contains(t, err.Error(), tc.expectErr) + _, ok := err.(*structs.ConfigEntryGraphError) + if tc.expectGraphErr { + require.True(t, ok, "%T is not a *ConfigEntryGraphError", err) + } else { + require.False(t, ok, "did not expect a *ConfigEntryGraphError here: %v", err) + } + } else { + require.NoError(t, err) + } + } + cases := map[string]tcase{ "splitter fails without default protocol": { entries: []structs.ConfigEntry{}, - op: func(t *testing.T, s *Store) error { - entry := &structs.ServiceSplitterConfigEntry{ - Kind: structs.ServiceSplitter, - Name: "main", - Splits: []structs.ServiceSplit{ - {Weight: 100}, - }, - } - return s.EnsureConfigEntry(0, entry) + opAdd: &structs.ServiceSplitterConfigEntry{ + Kind: structs.ServiceSplitter, + Name: "main", + Splits: []structs.ServiceSplit{ + {Weight: 100}, + }, }, expectErr: "does not permit advanced routing or splitting behavior", expectGraphErr: true, @@ -873,15 +924,12 @@ func TestStore_ConfigEntry_GraphValidation(t *testing.T) { Protocol: "tcp", }, }, - op: func(t *testing.T, s *Store) error { - entry := &structs.ServiceSplitterConfigEntry{ - Kind: structs.ServiceSplitter, - Name: "main", - Splits: []structs.ServiceSplit{ - {Weight: 100}, - }, - } - return s.EnsureConfigEntry(0, entry) + opAdd: &structs.ServiceSplitterConfigEntry{ + Kind: structs.ServiceSplitter, + Name: "main", + Splits: []structs.ServiceSplit{ + {Weight: 100}, + }, }, expectErr: "does not permit advanced routing or splitting behavior", expectGraphErr: true, @@ -914,17 +962,14 @@ func TestStore_ConfigEntry_GraphValidation(t *testing.T) { }, }, }, - op: func(t *testing.T, s *Store) error { - entry := &structs.ServiceSplitterConfigEntry{ - Kind: structs.ServiceSplitter, - Name: "main", - Splits: []structs.ServiceSplit{ - {Weight: 90, ServiceSubset: "v1"}, - {Weight: 10, ServiceSubset: "v2"}, - }, - EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(), - } - return s.EnsureConfigEntry(0, entry) + opAdd: &structs.ServiceSplitterConfigEntry{ + Kind: structs.ServiceSplitter, + Name: "main", + Splits: []structs.ServiceSplit{ + {Weight: 90, ServiceSubset: "v1"}, + {Weight: 10, ServiceSubset: "v2"}, + }, + EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(), }, }, "splitter works with http protocol (from proxy-defaults)": { @@ -949,16 +994,13 @@ func TestStore_ConfigEntry_GraphValidation(t *testing.T) { }, }, }, - op: func(t *testing.T, s *Store) error { - entry := &structs.ServiceSplitterConfigEntry{ - Kind: structs.ServiceSplitter, - Name: "main", - Splits: []structs.ServiceSplit{ - {Weight: 90, ServiceSubset: "v1"}, - {Weight: 10, ServiceSubset: "v2"}, - }, - } - return s.EnsureConfigEntry(0, entry) + opAdd: &structs.ServiceSplitterConfigEntry{ + Kind: structs.ServiceSplitter, + Name: "main", + Splits: []structs.ServiceSplit{ + {Weight: 90, ServiceSubset: "v1"}, + {Weight: 10, ServiceSubset: "v2"}, + }, }, }, "router fails with tcp protocol": { @@ -978,24 +1020,21 @@ func TestStore_ConfigEntry_GraphValidation(t *testing.T) { }, }, }, - op: func(t *testing.T, s *Store) error { - entry := &structs.ServiceRouterConfigEntry{ - Kind: structs.ServiceRouter, - Name: "main", - Routes: []structs.ServiceRoute{ - { - Match: &structs.ServiceRouteMatch{ - HTTP: &structs.ServiceRouteHTTPMatch{ - PathExact: "/other", - }, - }, - Destination: &structs.ServiceRouteDestination{ - ServiceSubset: "other", + opAdd: &structs.ServiceRouterConfigEntry{ + Kind: structs.ServiceRouter, + Name: "main", + Routes: []structs.ServiceRoute{ + { + Match: &structs.ServiceRouteMatch{ + HTTP: &structs.ServiceRouteHTTPMatch{ + PathExact: "/other", }, }, + Destination: &structs.ServiceRouteDestination{ + ServiceSubset: "other", + }, }, - } - return s.EnsureConfigEntry(0, entry) + }, }, expectErr: "does not permit advanced routing or splitting behavior", expectGraphErr: true, @@ -1012,24 +1051,21 @@ func TestStore_ConfigEntry_GraphValidation(t *testing.T) { }, }, }, - op: func(t *testing.T, s *Store) error { - entry := &structs.ServiceRouterConfigEntry{ - Kind: structs.ServiceRouter, - Name: "main", - Routes: []structs.ServiceRoute{ - { - Match: &structs.ServiceRouteMatch{ - HTTP: &structs.ServiceRouteHTTPMatch{ - PathExact: "/other", - }, - }, - Destination: &structs.ServiceRouteDestination{ - ServiceSubset: "other", + opAdd: &structs.ServiceRouterConfigEntry{ + Kind: structs.ServiceRouter, + Name: "main", + Routes: []structs.ServiceRoute{ + { + Match: &structs.ServiceRouteMatch{ + HTTP: &structs.ServiceRouteHTTPMatch{ + PathExact: "/other", }, }, + Destination: &structs.ServiceRouteDestination{ + ServiceSubset: "other", + }, }, - } - return s.EnsureConfigEntry(0, entry) + }, }, expectErr: "does not permit advanced routing or splitting behavior", expectGraphErr: true, @@ -1063,9 +1099,7 @@ func TestStore_ConfigEntry_GraphValidation(t *testing.T) { }, }, }, - op: func(t *testing.T, s *Store) error { - return s.DeleteConfigEntry(0, structs.ServiceDefaults, "main", nil) - }, + opDelete: configentry.NewKindName(structs.ServiceDefaults, "main", nil), expectErr: "does not permit advanced routing or splitting behavior", expectGraphErr: true, }, @@ -1099,9 +1133,7 @@ func TestStore_ConfigEntry_GraphValidation(t *testing.T) { }, }, }, - op: func(t *testing.T, s *Store) error { - return s.DeleteConfigEntry(0, structs.ProxyDefaults, structs.ProxyConfigGlobal, nil) - }, + opDelete: configentry.NewKindName(structs.ProxyDefaults, structs.ProxyConfigGlobal, nil), expectErr: "does not permit advanced routing or splitting behavior", expectGraphErr: true, }, @@ -1140,9 +1172,7 @@ func TestStore_ConfigEntry_GraphValidation(t *testing.T) { }, }, }, - op: func(t *testing.T, s *Store) error { - return s.DeleteConfigEntry(0, structs.ProxyDefaults, structs.ProxyConfigGlobal, nil) - }, + opDelete: configentry.NewKindName(structs.ProxyDefaults, structs.ProxyConfigGlobal, nil), }, "cannot change to tcp protocol after splitter created": { entries: []structs.ConfigEntry{ @@ -1172,13 +1202,10 @@ func TestStore_ConfigEntry_GraphValidation(t *testing.T) { }, }, }, - op: func(t *testing.T, s *Store) error { - entry := &structs.ServiceConfigEntry{ - Kind: structs.ServiceDefaults, - Name: "main", - Protocol: "tcp", - } - return s.EnsureConfigEntry(0, entry) + opAdd: &structs.ServiceConfigEntry{ + Kind: structs.ServiceDefaults, + Name: "main", + Protocol: "tcp", }, expectErr: "does not permit advanced routing or splitting behavior", expectGraphErr: true, @@ -1216,9 +1243,7 @@ func TestStore_ConfigEntry_GraphValidation(t *testing.T) { }, }, }, - op: func(t *testing.T, s *Store) error { - return s.DeleteConfigEntry(0, structs.ServiceDefaults, "main", nil) - }, + opDelete: configentry.NewKindName(structs.ServiceDefaults, "main", nil), expectErr: "does not permit advanced routing or splitting behavior", expectGraphErr: true, }, @@ -1255,13 +1280,10 @@ func TestStore_ConfigEntry_GraphValidation(t *testing.T) { }, }, }, - op: func(t *testing.T, s *Store) error { - entry := &structs.ServiceConfigEntry{ - Kind: structs.ServiceDefaults, - Name: "main", - Protocol: "tcp", - } - return s.EnsureConfigEntry(0, entry) + opAdd: &structs.ServiceConfigEntry{ + Kind: structs.ServiceDefaults, + Name: "main", + Protocol: "tcp", }, expectErr: "does not permit advanced routing or splitting behavior", expectGraphErr: true, @@ -1280,16 +1302,13 @@ func TestStore_ConfigEntry_GraphValidation(t *testing.T) { Protocol: "tcp", }, }, - op: func(t *testing.T, s *Store) error { - entry := &structs.ServiceSplitterConfigEntry{ - Kind: structs.ServiceSplitter, - Name: "main", - Splits: []structs.ServiceSplit{ - {Weight: 90}, - {Weight: 10, Service: "other"}, - }, - } - return s.EnsureConfigEntry(0, entry) + opAdd: &structs.ServiceSplitterConfigEntry{ + Kind: structs.ServiceSplitter, + Name: "main", + Splits: []structs.ServiceSplit{ + {Weight: 90}, + {Weight: 10, Service: "other"}, + }, }, expectErr: "uses inconsistent protocols", expectGraphErr: true, @@ -1307,24 +1326,21 @@ func TestStore_ConfigEntry_GraphValidation(t *testing.T) { Protocol: "tcp", }, }, - op: func(t *testing.T, s *Store) error { - entry := &structs.ServiceRouterConfigEntry{ - Kind: structs.ServiceRouter, - Name: "main", - Routes: []structs.ServiceRoute{ - { - Match: &structs.ServiceRouteMatch{ - HTTP: &structs.ServiceRouteHTTPMatch{ - PathExact: "/other", - }, - }, - Destination: &structs.ServiceRouteDestination{ - Service: "other", + opAdd: &structs.ServiceRouterConfigEntry{ + Kind: structs.ServiceRouter, + Name: "main", + Routes: []structs.ServiceRoute{ + { + Match: &structs.ServiceRouteMatch{ + HTTP: &structs.ServiceRouteHTTPMatch{ + PathExact: "/other", }, }, + Destination: &structs.ServiceRouteDestination{ + Service: "other", + }, }, - } - return s.EnsureConfigEntry(0, entry) + }, }, expectErr: "uses inconsistent protocols", expectGraphErr: true, @@ -1348,17 +1364,14 @@ func TestStore_ConfigEntry_GraphValidation(t *testing.T) { ConnectTimeout: 33 * time.Second, }, }, - op: func(t *testing.T, s *Store) error { - entry := &structs.ServiceResolverConfigEntry{ - Kind: structs.ServiceResolver, - Name: "main", - Failover: map[string]structs.ServiceResolverFailover{ - "*": { - Service: "other", - }, + opAdd: &structs.ServiceResolverConfigEntry{ + Kind: structs.ServiceResolver, + Name: "main", + Failover: map[string]structs.ServiceResolverFailover{ + "*": { + Service: "other", }, - } - return s.EnsureConfigEntry(0, entry) + }, }, expectErr: "uses inconsistent protocols", expectGraphErr: true, @@ -1381,15 +1394,12 @@ func TestStore_ConfigEntry_GraphValidation(t *testing.T) { ConnectTimeout: 33 * time.Second, }, }, - op: func(t *testing.T, s *Store) error { - entry := &structs.ServiceResolverConfigEntry{ - Kind: structs.ServiceResolver, - Name: "main", - Redirect: &structs.ServiceResolverRedirect{ - Service: "other", - }, - } - return s.EnsureConfigEntry(0, entry) + opAdd: &structs.ServiceResolverConfigEntry{ + Kind: structs.ServiceResolver, + Name: "main", + Redirect: &structs.ServiceResolverRedirect{ + Service: "other", + }, }, expectErr: "uses inconsistent protocols", expectGraphErr: true, @@ -1408,16 +1418,13 @@ func TestStore_ConfigEntry_GraphValidation(t *testing.T) { }, }, }, - op: func(t *testing.T, s *Store) error { - entry := &structs.ServiceResolverConfigEntry{ - Kind: structs.ServiceResolver, - Name: "main", - Redirect: &structs.ServiceResolverRedirect{ - Service: "other", - ServiceSubset: "v1", - }, - } - return s.EnsureConfigEntry(0, entry) + opAdd: &structs.ServiceResolverConfigEntry{ + Kind: structs.ServiceResolver, + Name: "main", + Redirect: &structs.ServiceResolverRedirect{ + Service: "other", + ServiceSubset: "v1", + }, }, }, "cannot redirect to a subset that does not exist": { @@ -1428,16 +1435,13 @@ func TestStore_ConfigEntry_GraphValidation(t *testing.T) { ConnectTimeout: 33 * time.Second, }, }, - op: func(t *testing.T, s *Store) error { - entry := &structs.ServiceResolverConfigEntry{ - Kind: structs.ServiceResolver, - Name: "main", - Redirect: &structs.ServiceResolverRedirect{ - Service: "other", - ServiceSubset: "v1", - }, - } - return s.EnsureConfigEntry(0, entry) + opAdd: &structs.ServiceResolverConfigEntry{ + Kind: structs.ServiceResolver, + Name: "main", + Redirect: &structs.ServiceResolverRedirect{ + Service: "other", + ServiceSubset: "v1", + }, }, expectErr: `does not have a subset named "v1"`, expectGraphErr: true, @@ -1453,15 +1457,12 @@ func TestStore_ConfigEntry_GraphValidation(t *testing.T) { }, }, }, - op: func(t *testing.T, s *Store) error { - entry := &structs.ServiceResolverConfigEntry{ - Kind: structs.ServiceResolver, - Name: "main", - Redirect: &structs.ServiceResolverRedirect{ - Service: "other", - }, - } - return s.EnsureConfigEntry(0, entry) + opAdd: &structs.ServiceResolverConfigEntry{ + Kind: structs.ServiceResolver, + Name: "main", + Redirect: &structs.ServiceResolverRedirect{ + Service: "other", + }, }, expectErr: `detected circular resolver redirect`, expectGraphErr: true, @@ -1483,45 +1484,102 @@ func TestStore_ConfigEntry_GraphValidation(t *testing.T) { }, }, }, - op: func(t *testing.T, s *Store) error { - entry := &structs.ServiceSplitterConfigEntry{ - Kind: "service-splitter", - Name: "main", - Splits: []structs.ServiceSplit{ - {Weight: 100, Service: "other"}, - }, - } - return s.EnsureConfigEntry(0, entry) + opAdd: &structs.ServiceSplitterConfigEntry{ + Kind: "service-splitter", + Name: "main", + Splits: []structs.ServiceSplit{ + {Weight: 100, Service: "other"}, + }, }, expectErr: `detected circular reference`, expectGraphErr: true, }, + ///////////////////////////////////////////////// + "cannot peer export cross-dc redirect": { + entries: []structs.ConfigEntry{ + &structs.ServiceResolverConfigEntry{ + Kind: "service-resolver", + Name: "main", + Redirect: &structs.ServiceResolverRedirect{ + Datacenter: "dc3", + }, + }, + }, + opAdd: &structs.ExportedServicesConfigEntry{ + Name: "default", + Services: []structs.ExportedService{{ + Name: "main", + Consumers: []structs.ServiceConsumer{{PeerName: "my-peer"}}, + }}, + }, + expectErr: `contains cross-datacenter resolver redirect`, + }, + "cannot peer export cross-dc redirect via wildcard": { + entries: []structs.ConfigEntry{ + &structs.ServiceResolverConfigEntry{ + Kind: "service-resolver", + Name: "main", + Redirect: &structs.ServiceResolverRedirect{ + Datacenter: "dc3", + }, + }, + }, + opAdd: &structs.ExportedServicesConfigEntry{ + Name: "default", + Services: []structs.ExportedService{{ + Name: "*", + Consumers: []structs.ServiceConsumer{{PeerName: "my-peer"}}, + }}, + }, + expectErr: `contains cross-datacenter resolver redirect`, + }, + "cannot peer export cross-dc failover": { + entries: []structs.ConfigEntry{ + &structs.ServiceResolverConfigEntry{ + Kind: "service-resolver", + Name: "main", + Failover: map[string]structs.ServiceResolverFailover{ + "*": { + Datacenters: []string{"dc3"}, + }, + }, + }, + }, + opAdd: &structs.ExportedServicesConfigEntry{ + Name: "default", + Services: []structs.ExportedService{{ + Name: "main", + Consumers: []structs.ServiceConsumer{{PeerName: "my-peer"}}, + }}, + }, + expectErr: `contains cross-datacenter failover`, + }, + "cannot peer export cross-dc failover via wildcard": { + entries: []structs.ConfigEntry{ + &structs.ServiceResolverConfigEntry{ + Kind: "service-resolver", + Name: "main", + Failover: map[string]structs.ServiceResolverFailover{ + "*": { + Datacenters: []string{"dc3"}, + }, + }, + }, + }, + opAdd: &structs.ExportedServicesConfigEntry{ + Name: "default", + Services: []structs.ExportedService{{ + Name: "*", + Consumers: []structs.ServiceConsumer{{PeerName: "my-peer"}}, + }}, + }, + expectErr: `contains cross-datacenter failover`, + }, } for name, tc := range cases { - name := name - tc := tc - t.Run(name, func(t *testing.T) { - s := testConfigStateStore(t) - for _, entry := range tc.entries { - require.NoError(t, entry.Normalize()) - require.NoError(t, s.EnsureConfigEntry(0, entry)) - } - - err := tc.op(t, s) - if tc.expectErr != "" { - require.Error(t, err) - require.Contains(t, err.Error(), tc.expectErr) - _, ok := err.(*structs.ConfigEntryGraphError) - if tc.expectGraphErr { - require.True(t, ok, "%T is not a *ConfigEntryGraphError", err) - } else { - require.False(t, ok, "did not expect a *ConfigEntryGraphError here: %v", err) - } - } else { - require.NoError(t, err) - } + run(t, tc) }) } } diff --git a/agent/consul/state/peering.go b/agent/consul/state/peering.go index af5098987..e48684923 100644 --- a/agent/consul/state/peering.go +++ b/agent/consul/state/peering.go @@ -10,6 +10,7 @@ import ( "github.com/hashicorp/go-memdb" "github.com/hashicorp/consul/acl" + "github.com/hashicorp/consul/agent/configentry" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/lib/maps" "github.com/hashicorp/consul/proto/pbpeering" @@ -154,10 +155,10 @@ func peeringReadTxn(tx ReadTxn, ws memdb.WatchSet, q Query) (uint64, *pbpeering. func (s *Store) PeeringList(ws memdb.WatchSet, entMeta acl.EnterpriseMeta) (uint64, []*pbpeering.Peering, error) { tx := s.db.ReadTxn() defer tx.Abort() - return s.peeringListTxn(ws, tx, entMeta) + return peeringListTxn(ws, tx, entMeta) } -func (s *Store) peeringListTxn(ws memdb.WatchSet, tx ReadTxn, entMeta acl.EnterpriseMeta) (uint64, []*pbpeering.Peering, error) { +func peeringListTxn(ws memdb.WatchSet, tx ReadTxn, entMeta acl.EnterpriseMeta) (uint64, []*pbpeering.Peering, error) { var ( iter memdb.ResultIterator err error @@ -322,21 +323,21 @@ func (s *Store) ExportedServicesForPeer(ws memdb.WatchSet, peerID string, dc str return 0, &structs.ExportedServiceList{}, nil } - return s.exportedServicesForPeerTxn(ws, tx, peering, dc) + return exportedServicesForPeerTxn(ws, tx, peering, dc) } func (s *Store) ExportedServicesForAllPeersByName(ws memdb.WatchSet, entMeta acl.EnterpriseMeta) (uint64, map[string]structs.ServiceList, error) { tx := s.db.ReadTxn() defer tx.Abort() - maxIdx, peerings, err := s.peeringListTxn(ws, tx, entMeta) + maxIdx, peerings, err := peeringListTxn(ws, tx, entMeta) if err != nil { return 0, nil, fmt.Errorf("failed to list peerings: %w", err) } out := make(map[string]structs.ServiceList) for _, peering := range peerings { - idx, list, err := s.exportedServicesForPeerTxn(ws, tx, peering, "") + idx, list, err := exportedServicesForPeerTxn(ws, tx, peering, "") if err != nil { return 0, nil, fmt.Errorf("failed to list exported services for peer %q: %w", peering.ID, err) } @@ -356,34 +357,31 @@ func (s *Store) ExportedServicesForAllPeersByName(ws memdb.WatchSet, entMeta acl // specific peering, and optionally include information about discovery chain // reachable targets for these exported services if the "dc" parameter is // specified. -func (s *Store) exportedServicesForPeerTxn(ws memdb.WatchSet, tx ReadTxn, peering *pbpeering.Peering, dc string) (uint64, *structs.ExportedServiceList, error) { +func exportedServicesForPeerTxn( + ws memdb.WatchSet, + tx ReadTxn, + peering *pbpeering.Peering, + dc string, +) (uint64, *structs.ExportedServiceList, error) { maxIdx := peering.ModifyIndex entMeta := structs.NodeEnterpriseMetaInPartition(peering.Partition) - idx, raw, err := configEntryTxn(tx, ws, structs.ExportedServices, entMeta.PartitionOrDefault(), entMeta) + idx, conf, err := getExportedServicesConfigEntryTxn(tx, ws, nil, entMeta) if err != nil { return 0, nil, fmt.Errorf("failed to fetch exported-services config entry: %w", err) } if idx > maxIdx { maxIdx = idx } - if raw == nil { + if conf == nil { return maxIdx, &structs.ExportedServiceList{}, nil } - conf, ok := raw.(*structs.ExportedServicesConfigEntry) - if !ok { - return 0, nil, fmt.Errorf("expected type *structs.ExportedServicesConfigEntry, got %T", raw) - } - var ( normalSet = make(map[structs.ServiceName]struct{}) discoSet = make(map[structs.ServiceName]struct{}) ) - // TODO(peering): filter the disco chain portion of the results to only be - // things reachable over the mesh to avoid replicating some clutter. - // // At least one of the following should be true for a name for it to // replicate: // @@ -426,7 +424,7 @@ func (s *Store) exportedServicesForPeerTxn(ws memdb.WatchSet, tx ReadTxn, peerin } // list all config entries of kind service-resolver, service-router, service-splitter? - idx, discoChains, err := listDiscoveryChainNamesTxn(tx, ws, svcMeta) + idx, discoChains, err := listDiscoveryChainNamesTxn(tx, ws, nil, svcMeta) if err != nil { return 0, nil, fmt.Errorf("failed to get discovery chain names: %w", err) } @@ -463,7 +461,7 @@ func (s *Store) exportedServicesForPeerTxn(ws memdb.WatchSet, tx ReadTxn, peerin if dc != "" && !structs.IsProtocolHTTPLike(protocol) { // We only need to populate the targets for replication purposes for L4 protocols, which // do not ultimately get intercepted by the mesh gateways. - idx, targets, err := s.discoveryChainOriginalTargetsTxn(tx, ws, dc, svc.Name, &svc.EnterpriseMeta) + idx, targets, err := discoveryChainOriginalTargetsTxn(tx, ws, dc, svc.Name, &svc.EnterpriseMeta) if err != nil { return fmt.Errorf("failed to get discovery chain targets for service %q: %w", svc, err) } @@ -504,6 +502,86 @@ func (s *Store) exportedServicesForPeerTxn(ws memdb.WatchSet, tx ReadTxn, peerin return maxIdx, list, nil } +func listAllExportedServices( + ws memdb.WatchSet, + tx ReadTxn, + overrides map[configentry.KindName]structs.ConfigEntry, + entMeta acl.EnterpriseMeta, +) (uint64, map[structs.ServiceName]struct{}, error) { + idx, export, err := getExportedServicesConfigEntryTxn(tx, ws, overrides, &entMeta) + if err != nil { + return 0, nil, err + } + + found := make(map[structs.ServiceName]struct{}) + if export == nil { + return idx, found, nil + } + + _, services, err := listServicesExportedToAnyPeerByConfigEntry(ws, tx, export, overrides) + if err != nil { + return 0, nil, err + } + for _, svc := range services { + found[svc] = struct{}{} + } + + return idx, found, nil +} + +func listServicesExportedToAnyPeerByConfigEntry( + ws memdb.WatchSet, + tx ReadTxn, + conf *structs.ExportedServicesConfigEntry, + overrides map[configentry.KindName]structs.ConfigEntry, +) (uint64, []structs.ServiceName, error) { + var ( + entMeta = conf.GetEnterpriseMeta() + found = make(map[structs.ServiceName]struct{}) + maxIdx uint64 + ) + + for _, svc := range conf.Services { + svcMeta := acl.NewEnterpriseMetaWithPartition(entMeta.PartitionOrDefault(), svc.Namespace) + + sawPeer := false + for _, consumer := range svc.Consumers { + if consumer.PeerName == "" { + continue + } + sawPeer = true + + sn := structs.NewServiceName(svc.Name, &svcMeta) + if _, ok := found[sn]; ok { + continue + } + + if svc.Name != structs.WildcardSpecifier { + found[sn] = struct{}{} + } + } + + if sawPeer && svc.Name == structs.WildcardSpecifier { + idx, discoChains, err := listDiscoveryChainNamesTxn(tx, ws, overrides, svcMeta) + if err != nil { + return 0, nil, fmt.Errorf("failed to get discovery chain names: %w", err) + } + if idx > maxIdx { + maxIdx = idx + } + for _, sn := range discoChains { + found[sn] = struct{}{} + } + } + } + + foundKeys := maps.SliceOfKeys(found) + + structs.ServiceList(foundKeys).Sort() + + return maxIdx, foundKeys, nil +} + // PeeringsForService returns the list of peerings that are associated with the service name provided in the query. // This is used to configure connect proxies for a given service. The result is generated by querying for exported // service config entries and filtering for those that match the given service. diff --git a/agent/grpc/public/services/peerstream/subscription_manager_test.go b/agent/grpc/public/services/peerstream/subscription_manager_test.go index 8e555d3f5..ea35eaccc 100644 --- a/agent/grpc/public/services/peerstream/subscription_manager_test.go +++ b/agent/grpc/public/services/peerstream/subscription_manager_test.go @@ -289,8 +289,7 @@ func TestSubscriptionManager_RegisterDeregister(t *testing.T) { Name: "mysql", Failover: map[string]structs.ServiceResolverFailover{ "*": { - Service: "failover", - Datacenters: []string{"dc2", "dc3"}, + Service: "failover", }, }, }) @@ -327,8 +326,7 @@ func TestSubscriptionManager_RegisterDeregister(t *testing.T) { }, SpiffeID: []string{ "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/mysql", - "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/failover", - "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc3/svc/failover", + "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/failover", }, Protocol: "tcp", }, diff --git a/agent/proxycfg/testing_mesh_gateway.go b/agent/proxycfg/testing_mesh_gateway.go index 2c81d85fe..388ac12b8 100644 --- a/agent/proxycfg/testing_mesh_gateway.go +++ b/agent/proxycfg/testing_mesh_gateway.go @@ -548,10 +548,19 @@ func TestConfigSnapshotPeeredMeshGateway(t testing.T, variant string, nsFn func( }, &structs.ServiceResolverConfigEntry{ Kind: structs.ServiceResolver, - Name: "api-dc2", + Name: "api", + Subsets: map[string]structs.ServiceResolverSubset{ + "v2": { + Filter: "Service.Meta.version == v2", + }, + }, + }, + &structs.ServiceResolverConfigEntry{ + Kind: structs.ServiceResolver, + Name: "api-v2", Redirect: &structs.ServiceResolverRedirect{ - Service: "api", - Datacenter: "dc2", + Service: "api", + ServiceSubset: "v2", }, }, &structs.ServiceSplitterConfigEntry{ @@ -576,7 +585,7 @@ func TestConfigSnapshotPeeredMeshGateway(t testing.T, variant string, nsFn func( Match: httpMatch(&structs.ServiceRouteHTTPMatch{ PathPrefix: "/api", }), - Destination: toService("api-dc2"), + Destination: toService("api-v2"), }, }, }, @@ -602,13 +611,7 @@ func TestConfigSnapshotPeeredMeshGateway(t testing.T, variant string, nsFn func( extraUpdates = append(extraUpdates, UpdateEvent{ CorrelationID: datacentersWatchID, - Result: &[]string{"dc1", "dc2"}, - }, - UpdateEvent{ - CorrelationID: "mesh-gateway:dc2", - Result: &structs.IndexedNodesWithGateways{ - Nodes: TestGatewayNodesDC2(t), - }, + Result: &[]string{"dc1"}, }, UpdateEvent{ CorrelationID: exportedServiceListWatchID, diff --git a/agent/xds/clusters.go b/agent/xds/clusters.go index 3f2efdef7..99cae180c 100644 --- a/agent/xds/clusters.go +++ b/agent/xds/clusters.go @@ -907,6 +907,14 @@ func (s *ResourceGenerator) makeUpstreamClustersForDiscoveryChain( target := chain.Targets[targetID] + if forMeshGateway && !cfgSnap.Locality.Matches(target.Datacenter, target.Partition) { + s.Logger.Warn("ignoring discovery chain target that crosses a datacenter or partition boundary in a mesh gateway", + "target", target, + "gatewayLocality", cfgSnap.Locality, + ) + continue + } + // Determine if we have to generate the entire cluster differently. failoverThroughMeshGateway := chain.WillFailoverThroughMeshGateway(node) && !forMeshGateway diff --git a/agent/xds/endpoints.go b/agent/xds/endpoints.go index aca8760d3..53e550132 100644 --- a/agent/xds/endpoints.go +++ b/agent/xds/endpoints.go @@ -177,7 +177,6 @@ func (s *ResourceGenerator) endpointsFromSnapshotMeshGateway(cfgSnap *proxycfg.C keys := cfgSnap.MeshGateway.GatewayKeys() resources := make([]proto.Message, 0, len(keys)+len(cfgSnap.MeshGateway.ServiceGroups)) - endpointsPerRemoteGateway := make(map[string]structs.CheckServiceNodes) for _, key := range keys { if key.Matches(cfgSnap.Datacenter, cfgSnap.ProxyID.PartitionOrDefault()) { continue // skip local @@ -194,8 +193,6 @@ func (s *ResourceGenerator) endpointsFromSnapshotMeshGateway(cfgSnap *proxycfg.C continue } - endpointsPerRemoteGateway[key.String()] = endpoints - { // standard connect clusterName := connect.GatewaySNI(key.Datacenter, key.Partition, cfgSnap.Roots.TrustDomain) @@ -274,7 +271,7 @@ func (s *ResourceGenerator) endpointsFromSnapshotMeshGateway(cfgSnap *proxycfg.C resources = append(resources, e...) // Generate the endpoints for exported discovery chain targets. - e, err = s.makeExportedUpstreamEndpointsForMeshGateway(cfgSnap, endpointsPerRemoteGateway) + e, err = s.makeExportedUpstreamEndpointsForMeshGateway(cfgSnap) if err != nil { return nil, err } @@ -479,6 +476,7 @@ func (s *ResourceGenerator) endpointsFromDiscoveryChain( gatewayEndpoints, targetID, gatewayKey, + forMeshGateway, ) if !valid { continue // skip the cluster if we're still populating the snapshot @@ -500,6 +498,7 @@ func (s *ResourceGenerator) endpointsFromDiscoveryChain( gatewayEndpoints, failTargetID, gatewayKey, + forMeshGateway, ) if !valid { continue // skip the failover target if we're still populating the snapshot @@ -519,10 +518,7 @@ func (s *ResourceGenerator) endpointsFromDiscoveryChain( return resources, nil } -func (s *ResourceGenerator) makeExportedUpstreamEndpointsForMeshGateway( - cfgSnap *proxycfg.ConfigSnapshot, - endpointsPerRemoteGateway map[string]structs.CheckServiceNodes, -) ([]proto.Message, error) { +func (s *ResourceGenerator) makeExportedUpstreamEndpointsForMeshGateway(cfgSnap *proxycfg.ConfigSnapshot) ([]proto.Message, error) { var resources []proto.Message populatedExportedClusters := make(map[string]struct{}) // key=clusterName @@ -531,41 +527,38 @@ func (s *ResourceGenerator) makeExportedUpstreamEndpointsForMeshGateway( chainEndpoints := make(map[string]structs.CheckServiceNodes) for _, target := range chain.Targets { - if cfgSnap.Locality.Matches(target.Datacenter, target.Partition) { - // served locally - targetSvc := target.ServiceName() + if !cfgSnap.Locality.Matches(target.Datacenter, target.Partition) { + s.Logger.Warn("ignoring discovery chain target that crosses a datacenter or partition boundary in a mesh gateway", + "target", target, + "gatewayLocality", cfgSnap.Locality, + ) + continue + } - endpoints, ok := cfgSnap.MeshGateway.ServiceGroups[targetSvc] + targetSvc := target.ServiceName() + + endpoints, ok := cfgSnap.MeshGateway.ServiceGroups[targetSvc] + if !ok { + continue // ignore; not ready + } + + if target.ServiceSubset == "" { + chainEndpoints[target.ID] = endpoints + } else { + resolver, ok := cfgSnap.MeshGateway.ServiceResolvers[targetSvc] + if !ok { + continue // ignore; not ready + } + subset, ok := resolver.Subsets[target.ServiceSubset] if !ok { continue // ignore; not ready } - if target.ServiceSubset == "" { - chainEndpoints[target.ID] = endpoints - } else { - resolver, ok := cfgSnap.MeshGateway.ServiceResolvers[targetSvc] - if !ok { - continue // ignore; not ready - } - subset, ok := resolver.Subsets[target.ServiceSubset] - if !ok { - continue // ignore; not ready - } - - subsetEndpoints, err := s.filterSubsetEndpoints(&subset, endpoints) - if err != nil { - return nil, err - } - chainEndpoints[target.ID] = subsetEndpoints + subsetEndpoints, err := s.filterSubsetEndpoints(&subset, endpoints) + if err != nil { + return nil, err } - } else { - // serve remotely - gk := proxycfg.GatewayKey{ - Datacenter: target.Datacenter, - Partition: target.Partition, - } - // TODO(peering): handle hostname endpoints logic - chainEndpoints[target.ID] = cfgSnap.GetMeshGatewayEndpoints(gk) + chainEndpoints[target.ID] = subsetEndpoints } } @@ -575,7 +568,7 @@ func (s *ResourceGenerator) makeExportedUpstreamEndpointsForMeshGateway( cfgSnap.Locality, nil, chainEndpoints, - endpointsPerRemoteGateway, + nil, true, ) if err != nil { @@ -652,6 +645,7 @@ func makeLoadAssignmentEndpointGroup( gatewayHealth map[string]structs.CheckServiceNodes, targetID string, localKey proxycfg.GatewayKey, + forMeshGateway bool, ) (loadAssignmentEndpointGroup, bool) { realEndpoints, ok := targetHealth[targetID] if !ok { @@ -666,12 +660,11 @@ func makeLoadAssignmentEndpointGroup( case structs.MeshGatewayModeRemote: gatewayKey.Datacenter = target.Datacenter gatewayKey.Partition = target.Partition - case structs.MeshGatewayModeLocal: gatewayKey = localKey } - if gatewayKey.IsEmpty() || localKey.Matches(target.Datacenter, target.Partition) { + if forMeshGateway || gatewayKey.IsEmpty() || localKey.Matches(target.Datacenter, target.Partition) { // Gateways are not needed if the request isn't for a remote DC or partition. return loadAssignmentEndpointGroup{ Endpoints: realEndpoints, diff --git a/agent/xds/testdata/clusters/mesh-gateway-with-exported-peered-services-http-with-router.latest.golden b/agent/xds/testdata/clusters/mesh-gateway-with-exported-peered-services-http-with-router.latest.golden index c65f4f9c1..8c85bbc82 100644 --- a/agent/xds/testdata/clusters/mesh-gateway-with-exported-peered-services-http-with-router.latest.golden +++ b/agent/xds/testdata/clusters/mesh-gateway-with-exported-peered-services-http-with-router.latest.golden @@ -35,23 +35,6 @@ } }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "name": "dc2.internal.11111111-2222-3333-4444-555555555555.consul", - "type": "EDS", - "edsClusterConfig": { - "edsConfig": { - "ads": { - - }, - "resourceApiVersion": "V3" - } - }, - "connectTimeout": "5s", - "outlierDetection": { - - } - }, { "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", "name": "exported~alt.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", @@ -110,64 +93,6 @@ } } }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "name": "exported~api.default.dc2.internal.11111111-2222-3333-4444-555555555555.consul", - "altStatName": "exported~api.default.dc2.internal.11111111-2222-3333-4444-555555555555.consul", - "type": "EDS", - "edsClusterConfig": { - "edsConfig": { - "ads": { - - }, - "resourceApiVersion": "V3" - } - }, - "connectTimeout": "5s", - "circuitBreakers": { - - }, - "outlierDetection": { - - }, - "commonLbConfig": { - "healthyPanicThreshold": { - - } - }, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsParams": { - - }, - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - }, - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/api" - } - ] - } - }, - "sni": "api.default.dc2.internal.11111111-2222-3333-4444-555555555555.consul" - } - } - }, { "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", "name": "exported~db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", @@ -225,6 +150,64 @@ "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } } + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "exported~v2.api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "altStatName": "exported~v2.api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "type": "EDS", + "edsClusterConfig": { + "edsConfig": { + "ads": { + + }, + "resourceApiVersion": "V3" + } + }, + "connectTimeout": "5s", + "circuitBreakers": { + + }, + "outlierDetection": { + + }, + "commonLbConfig": { + "healthyPanicThreshold": { + + } + }, + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "commonTlsContext": { + "tlsParams": { + + }, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" + }, + "matchSubjectAltNames": [ + { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/api" + } + ] + } + }, + "sni": "v2.api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + } + } } ], "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", diff --git a/agent/xds/testdata/endpoints/mesh-gateway-with-exported-peered-services-http-with-router.latest.golden b/agent/xds/testdata/endpoints/mesh-gateway-with-exported-peered-services-http-with-router.latest.golden index da1e19b7b..b993f6a71 100644 --- a/agent/xds/testdata/endpoints/mesh-gateway-with-exported-peered-services-http-with-router.latest.golden +++ b/agent/xds/testdata/endpoints/mesh-gateway-with-exported-peered-services-http-with-router.latest.golden @@ -69,40 +69,6 @@ } ] }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "dc2.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "198.18.1.1", - "portValue": 443 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "198.18.1.2", - "portValue": 443 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, { "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", "clusterName": "exported~alt.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", @@ -137,40 +103,6 @@ } ] }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "exported~api.default.dc2.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "198.18.1.1", - "portValue": 443 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "198.18.1.2", - "portValue": 443 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, { "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", "clusterName": "exported~db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", diff --git a/agent/xds/testdata/listeners/mesh-gateway-with-exported-peered-services-http-with-router.latest.golden b/agent/xds/testdata/listeners/mesh-gateway-with-exported-peered-services-http-with-router.latest.golden index b89506084..1ed34afb9 100644 --- a/agent/xds/testdata/listeners/mesh-gateway-with-exported-peered-services-http-with-router.latest.golden +++ b/agent/xds/testdata/listeners/mesh-gateway-with-exported-peered-services-http-with-router.latest.golden @@ -101,23 +101,6 @@ } } }, - { - "filterChainMatch": { - "serverNames": [ - "*.dc2.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "statPrefix": "mesh_gateway_remote.default.dc2", - "cluster": "dc2.internal.11111111-2222-3333-4444-555555555555.consul" - } - } - ] - }, { "filters": [ { diff --git a/agent/xds/testdata/routes/mesh-gateway-with-exported-peered-services-http-with-router.latest.golden b/agent/xds/testdata/routes/mesh-gateway-with-exported-peered-services-http-with-router.latest.golden index d504294d0..ce1c0ad2d 100644 --- a/agent/xds/testdata/routes/mesh-gateway-with-exported-peered-services-http-with-router.latest.golden +++ b/agent/xds/testdata/routes/mesh-gateway-with-exported-peered-services-http-with-router.latest.golden @@ -36,7 +36,7 @@ "prefix": "/api" }, "route": { - "cluster": "exported~api.default.dc2.internal.11111111-2222-3333-4444-555555555555.consul" + "cluster": "exported~v2.api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } }, { From ee5eb5a9607954b2d80479110656faf7ba5da320 Mon Sep 17 00:00:00 2001 From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com> Date: Tue, 12 Jul 2022 11:17:33 -0500 Subject: [PATCH 724/785] state: prohibit changing an exported tcp discovery chain in a way that would break SAN validation (#13727) For L4/tcp exported services the mesh gateways will not be terminating TLS. A caller in one peer will be directly establishing TLS connections to the ultimate exported service in the other peer. The caller will be doing SAN validation using the replicated SpiffeID values shipped from the exporting side. There are a class of discovery chain edits that could be done on the exporting side that would cause the introduction of a new SpiffeID value. In between the time of the config entry update on the exporting side and the importing side getting updated peer stream data requests to the exported service would fail due to SAN validation errors. This is unacceptable so instead prohibit the exporting peer from making changes that would break peering in this way. --- agent/consul/state/config_entry.go | 56 ++++++++++++++-- agent/consul/state/config_entry_test.go | 19 ++++++ .../peerstream/subscription_manager_test.go | 64 ++++--------------- 3 files changed, 83 insertions(+), 56 deletions(-) diff --git a/agent/consul/state/config_entry.go b/agent/consul/state/config_entry.go index 7da7b2176..af0fe2113 100644 --- a/agent/consul/state/config_entry.go +++ b/agent/consul/state/config_entry.go @@ -804,7 +804,7 @@ func validateProposedConfigEntryInServiceGraph( exportedServicesByPartition = make(map[string]map[structs.ServiceName]struct{}) ) for chain := range checkChains { - protocol, topNode, err := testCompileDiscoveryChain(tx, chain.ID, overrides, &chain.EnterpriseMeta) + protocol, topNode, newTargets, err := testCompileDiscoveryChain(tx, chain.ID, overrides, &chain.EnterpriseMeta) if err != nil { return err } @@ -830,6 +830,27 @@ func validateProposedConfigEntryInServiceGraph( if err := validateChainIsPeerExportSafe(tx, chainSvc, overrides); err != nil { return err } + + // If a TCP (L4) discovery chain is peer exported we have to take + // care to prohibit certain edits to service-resolvers. + if !structs.IsProtocolHTTPLike(protocol) { + _, _, oldTargets, err := testCompileDiscoveryChain(tx, chain.ID, nil, &chain.EnterpriseMeta) + if err != nil { + return fmt.Errorf("error compiling current discovery chain for %q: %w", chainSvc, err) + } + + // Ensure that you can't introduce any new targets that would + // produce a new SpiffeID for this L4 service. + oldSpiffeIDs := convertTargetsToTestSpiffeIDs(oldTargets) + newSpiffeIDs := convertTargetsToTestSpiffeIDs(newTargets) + for id, targetID := range newSpiffeIDs { + if _, exists := oldSpiffeIDs[id]; !exists { + return fmt.Errorf("peer exported service %q uses protocol=%q and cannot introduce new discovery chain targets like %q", + chainSvc, protocol, targetID, + ) + } + } + } } } @@ -964,10 +985,10 @@ func testCompileDiscoveryChain( chainName string, overrides map[configentry.KindName]structs.ConfigEntry, entMeta *acl.EnterpriseMeta, -) (string, *structs.DiscoveryGraphNode, error) { +) (string, *structs.DiscoveryGraphNode, map[string]*structs.DiscoveryTarget, error) { _, speculativeEntries, err := readDiscoveryChainConfigEntriesTxn(tx, nil, chainName, overrides, entMeta) if err != nil { - return "", nil, err + return "", nil, nil, err } // Note we use an arbitrary namespace and datacenter as those would not @@ -984,10 +1005,10 @@ func testCompileDiscoveryChain( } chain, err := discoverychain.Compile(req) if err != nil { - return "", nil, err + return "", nil, nil, err } - return chain.Protocol, chain.Nodes[chain.StartNode], nil + return chain.Protocol, chain.Nodes[chain.StartNode], chain.Targets, nil } func (s *Store) ServiceDiscoveryChain( @@ -1633,7 +1654,7 @@ func protocolForService( EvaluateInPartition: svc.PartitionOrDefault(), EvaluateInDatacenter: "dc1", // Use a dummy trust domain since that won't affect the protocol here. - EvaluateInTrustDomain: "b6fc9da3-03d4-4b5a-9134-c045e9b20152.consul", + EvaluateInTrustDomain: dummyTrustDomain, Entries: entries, } chain, err := discoverychain.Compile(req) @@ -1643,6 +1664,8 @@ func protocolForService( return maxIdx, chain.Protocol, nil } +const dummyTrustDomain = "b6fc9da3-03d4-4b5a-9134-c045e9b20152.consul" + func newConfigEntryQuery(c structs.ConfigEntry) configentry.KindName { return configentry.NewKindName(c.GetKind(), c.GetName(), c.GetEnterpriseMeta()) } @@ -1664,3 +1687,24 @@ func (q ConfigEntryKindQuery) NamespaceOrDefault() string { func (q ConfigEntryKindQuery) PartitionOrDefault() string { return q.EnterpriseMeta.PartitionOrDefault() } + +// convertTargetsToTestSpiffeIDs indexes the provided targets by their eventual +// spiffeid values using a dummy trust domain. Returns a map of SpiffeIDs to +// targetID values which can be used for error output. +func convertTargetsToTestSpiffeIDs(targets map[string]*structs.DiscoveryTarget) map[string]string { + out := make(map[string]string) + for tid, t := range targets { + testSpiffeID := connect.SpiffeIDService{ + Host: dummyTrustDomain, + Partition: t.Partition, + Namespace: t.Namespace, + Datacenter: t.Datacenter, + Service: t.Service, + } + uri := testSpiffeID.URI().String() + if _, ok := out[uri]; !ok { + out[uri] = tid + } + } + return out +} diff --git a/agent/consul/state/config_entry_test.go b/agent/consul/state/config_entry_test.go index 92f2a8860..78140d021 100644 --- a/agent/consul/state/config_entry_test.go +++ b/agent/consul/state/config_entry_test.go @@ -1575,6 +1575,25 @@ func TestStore_ConfigEntry_GraphValidation(t *testing.T) { }, expectErr: `contains cross-datacenter failover`, }, + "cannot redirect a peer exported tcp service": { + entries: []structs.ConfigEntry{ + &structs.ExportedServicesConfigEntry{ + Name: "default", + Services: []structs.ExportedService{{ + Name: "main", + Consumers: []structs.ServiceConsumer{{PeerName: "my-peer"}}, + }}, + }, + }, + opAdd: &structs.ServiceResolverConfigEntry{ + Kind: structs.ServiceResolver, + Name: "main", + Redirect: &structs.ServiceResolverRedirect{ + Service: "other", + }, + }, + expectErr: `cannot introduce new discovery chain targets like`, + }, } for name, tc := range cases { diff --git a/agent/grpc/public/services/peerstream/subscription_manager_test.go b/agent/grpc/public/services/peerstream/subscription_manager_test.go index ea35eaccc..82b1a7e5f 100644 --- a/agent/grpc/public/services/peerstream/subscription_manager_test.go +++ b/agent/grpc/public/services/peerstream/subscription_manager_test.go @@ -53,6 +53,19 @@ func TestSubscriptionManager_RegisterDeregister(t *testing.T) { checkEvent(t, got, gatewayCorrID, 0) }) + // Initially add in L4 failover so that later we can test removing it. We + // cannot do the other way around because it would fail validation to + // remove a target. + backend.ensureConfigEntry(t, &structs.ServiceResolverConfigEntry{ + Kind: structs.ServiceResolver, + Name: "mysql", + Failover: map[string]structs.ServiceResolverFailover{ + "*": { + Service: "failover", + }, + }, + }) + testutil.RunStep(t, "initial export syncs empty instance lists", func(t *testing.T) { backend.ensureConfigEntry(t, &structs.ExportedServicesConfigEntry{ Name: "default", @@ -262,6 +275,7 @@ func TestSubscriptionManager_RegisterDeregister(t *testing.T) { }, SpiffeID: []string{ "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/mysql", + "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/failover", }, Protocol: "tcp", }, @@ -287,60 +301,10 @@ func TestSubscriptionManager_RegisterDeregister(t *testing.T) { backend.ensureConfigEntry(t, &structs.ServiceResolverConfigEntry{ Kind: structs.ServiceResolver, Name: "mysql", - Failover: map[string]structs.ServiceResolverFailover{ - "*": { - Service: "failover", - }, - }, }) // ensure we get updated peer meta - expectEvents(t, subCh, - func(t *testing.T, got cache.UpdateEvent) { - require.Equal(t, mysqlProxyCorrID, got.CorrelationID) - res := got.Result.(*pbservice.IndexedCheckServiceNodes) - require.Equal(t, uint64(0), res.Index) - - require.Len(t, res.Nodes, 1) - prototest.AssertDeepEqual(t, &pbservice.CheckServiceNode{ - Node: pbNode("mgw", "10.1.1.1", partition), - Service: &pbservice.NodeService{ - Kind: "connect-proxy", - ID: "mysql-sidecar-proxy-instance-0", - Service: "mysql-sidecar-proxy", - Port: 8443, - Weights: &pbservice.Weights{ - Passing: 1, - Warning: 1, - }, - EnterpriseMeta: pbcommon.DefaultEnterpriseMeta, - Proxy: &pbservice.ConnectProxyConfig{ - DestinationServiceID: "mysql-instance-0", - DestinationServiceName: "mysql", - }, - Connect: &pbservice.ServiceConnect{ - PeerMeta: &pbservice.PeeringServiceMeta{ - SNI: []string{ - "mysql.default.default.my-peering.external.11111111-2222-3333-4444-555555555555.consul", - }, - SpiffeID: []string{ - "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/mysql", - "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/failover", - }, - Protocol: "tcp", - }, - }, - }, - }, res.Nodes[0]) - }, - ) - - // reset so the next subtest is valid - backend.deleteConfigEntry(t, structs.ServiceResolver, "mysql") - - // ensure we get peer meta is restored - expectEvents(t, subCh, func(t *testing.T, got cache.UpdateEvent) { require.Equal(t, mysqlProxyCorrID, got.CorrelationID) From 81764a565073767ead562959a4e691f837dbf897 Mon Sep 17 00:00:00 2001 From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com> Date: Tue, 12 Jul 2022 11:38:13 -0500 Subject: [PATCH 725/785] peering: always send the mesh gateway SpiffeID even for tcp services (#13728) If someone were to switch a peer-exported service from L4 to L7 there would be a brief SAN validation hiccup as traffic shifted to the mesh gateway for termination. This PR sends the mesh gateway SpiffeID down all the time so the clients always expect a switch. --- .../public/services/peerstream/stream_test.go | 1 + .../peerstream/subscription_manager.go | 19 ++++++++++--------- .../peerstream/subscription_manager_test.go | 2 ++ 3 files changed, 13 insertions(+), 9 deletions(-) diff --git a/agent/grpc/public/services/peerstream/stream_test.go b/agent/grpc/public/services/peerstream/stream_test.go index 7366f4213..8bf644c5b 100644 --- a/agent/grpc/public/services/peerstream/stream_test.go +++ b/agent/grpc/public/services/peerstream/stream_test.go @@ -720,6 +720,7 @@ func TestStreamResources_Server_ServiceUpdates(t *testing.T) { require.Equal(t, "tcp", pm.Protocol) spiffeIDs := []string{ "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/mysql", + "spiffe://11111111-2222-3333-4444-555555555555.consul/gateway/mesh/dc/dc1", } require.Equal(t, spiffeIDs, pm.SpiffeID) }, diff --git a/agent/grpc/public/services/peerstream/subscription_manager.go b/agent/grpc/public/services/peerstream/subscription_manager.go index 70813e845..65fd914e3 100644 --- a/agent/grpc/public/services/peerstream/subscription_manager.go +++ b/agent/grpc/public/services/peerstream/subscription_manager.go @@ -558,6 +558,12 @@ func createDiscoChainHealth( trustDomain, ) + gwSpiffeID := connect.SpiffeIDMeshGateway{ + Host: trustDomain, + Partition: sn.PartitionOrDefault(), + Datacenter: datacenter, + } + // Create common peer meta. // // TODO(peering): should this be replicated by service and not by instance? @@ -565,19 +571,14 @@ func createDiscoChainHealth( SNI: []string{sni}, SpiffeID: []string{ mainSpiffeIDString, + // Always include the gateway id here to facilitate error-free + // L4/L7 upgrade/downgrade scenarios. + gwSpiffeID.URI().String(), }, Protocol: info.Protocol, } - if structs.IsProtocolHTTPLike(info.Protocol) { - gwSpiffeID := connect.SpiffeIDMeshGateway{ - Host: trustDomain, - Partition: sn.PartitionOrDefault(), - Datacenter: datacenter, - } - - peerMeta.SpiffeID = append(peerMeta.SpiffeID, gwSpiffeID.URI().String()) - } else { + if !structs.IsProtocolHTTPLike(info.Protocol) { for _, target := range info.TCPTargets { targetSpiffeID := connect.SpiffeIDService{ Host: trustDomain, diff --git a/agent/grpc/public/services/peerstream/subscription_manager_test.go b/agent/grpc/public/services/peerstream/subscription_manager_test.go index 82b1a7e5f..cd12b2c22 100644 --- a/agent/grpc/public/services/peerstream/subscription_manager_test.go +++ b/agent/grpc/public/services/peerstream/subscription_manager_test.go @@ -275,6 +275,7 @@ func TestSubscriptionManager_RegisterDeregister(t *testing.T) { }, SpiffeID: []string{ "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/mysql", + "spiffe://11111111-2222-3333-4444-555555555555.consul/gateway/mesh/dc/dc1", "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/failover", }, Protocol: "tcp", @@ -335,6 +336,7 @@ func TestSubscriptionManager_RegisterDeregister(t *testing.T) { }, SpiffeID: []string{ "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/mysql", + "spiffe://11111111-2222-3333-4444-555555555555.consul/gateway/mesh/dc/dc1", }, Protocol: "tcp", }, From 54d8fe9032e5163e99cfd48bb0127f5faa3cb616 Mon Sep 17 00:00:00 2001 From: Kyle Havlovitz Date: Tue, 12 Jul 2022 14:38:44 -0700 Subject: [PATCH 726/785] Enable http2 options for grpc protocol --- agent/xds/clusters.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/agent/xds/clusters.go b/agent/xds/clusters.go index 75f0b2344..44f06984d 100644 --- a/agent/xds/clusters.go +++ b/agent/xds/clusters.go @@ -426,7 +426,7 @@ func (s *ResourceGenerator) makeGatewayServiceClusters( clusters = append(clusters, cluster) gatewaySvc, ok := cfgSnap.TerminatingGateway.GatewayServices[svc] - isHTTP2 := ok && gatewaySvc.Protocol == "http2" + isHTTP2 := ok && (gatewaySvc.Protocol == "http2" || gatewaySvc.Protocol == "grpc") if isHTTP2 { if err := s.setHttp2ProtocolOptions(cluster); err != nil { return nil, err From 0ac7de3bae292d2dabe9a500ab3c8ae5f024c434 Mon Sep 17 00:00:00 2001 From: Kyle Havlovitz Date: Tue, 12 Jul 2022 16:09:35 -0700 Subject: [PATCH 727/785] Use protocol from resolved config entry, not gateway service --- agent/proxycfg/testing_terminating_gateway.go | 10 ++++------ agent/xds/clusters.go | 14 ++++++++++++-- 2 files changed, 16 insertions(+), 8 deletions(-) diff --git a/agent/proxycfg/testing_terminating_gateway.go b/agent/proxycfg/testing_terminating_gateway.go index c9060df92..00771433b 100644 --- a/agent/proxycfg/testing_terminating_gateway.go +++ b/agent/proxycfg/testing_terminating_gateway.go @@ -642,9 +642,8 @@ func TestConfigSnapshotTerminatingGatewayHTTP2(t testing.T) *ConfigSnapshot { Result: &structs.IndexedGatewayServices{ Services: []*structs.GatewayService{ { - Service: web, - CAFile: "ca.cert.pem", - Protocol: "http2", + Service: web, + CAFile: "ca.cert.pem", }, }, }, @@ -703,9 +702,8 @@ func TestConfigSnapshotTerminatingGatewaySubsetsHTTP2(t testing.T) *ConfigSnapsh Result: &structs.IndexedGatewayServices{ Services: []*structs.GatewayService{ { - Service: web, - CAFile: "ca.cert.pem", - Protocol: "http2", + Service: web, + CAFile: "ca.cert.pem", }, }, }, diff --git a/agent/xds/clusters.go b/agent/xds/clusters.go index 44f06984d..ed634ce71 100644 --- a/agent/xds/clusters.go +++ b/agent/xds/clusters.go @@ -425,8 +425,18 @@ func (s *ResourceGenerator) makeGatewayServiceClusters( } clusters = append(clusters, cluster) - gatewaySvc, ok := cfgSnap.TerminatingGateway.GatewayServices[svc] - isHTTP2 := ok && (gatewaySvc.Protocol == "http2" || gatewaySvc.Protocol == "grpc") + svcConfig, ok := cfgSnap.TerminatingGateway.ServiceConfigs[svc] + isHTTP2 := false + if ok { + upstreamCfg, err := structs.ParseUpstreamConfig(svcConfig.ProxyConfig) + if err != nil { + // Don't hard fail on a config typo, just warn. The parse func returns + // default config if there is an error so it's safe to continue. + s.Logger.Warn("failed to parse", "upstream", svc, "error", err) + } + isHTTP2 = upstreamCfg.Protocol == "http2" || upstreamCfg.Protocol == "grpc" + } + if isHTTP2 { if err := s.setHttp2ProtocolOptions(cluster); err != nil { return nil, err From 51a89551032f43ad90fc79e7df9428cdcee4752b Mon Sep 17 00:00:00 2001 From: John Cowen Date: Wed, 13 Jul 2022 11:22:49 +0100 Subject: [PATCH 728/785] ui: Remove horizontal scrollbar from peering list rows (#13701) --- ui/packages/consul-ui/app/components/consul/peer/index.scss | 1 + .../routes/dc/peers => components/consul/peer/list}/index.scss | 2 +- ui/packages/consul-ui/app/styles/routes.scss | 1 - 3 files changed, 2 insertions(+), 2 deletions(-) rename ui/packages/consul-ui/app/{styles/routes/dc/peers => components/consul/peer/list}/index.scss (79%) diff --git a/ui/packages/consul-ui/app/components/consul/peer/index.scss b/ui/packages/consul-ui/app/components/consul/peer/index.scss index 9fdaee0ec..9f82e6a21 100644 --- a/ui/packages/consul-ui/app/components/consul/peer/index.scss +++ b/ui/packages/consul-ui/app/components/consul/peer/index.scss @@ -1,4 +1,5 @@ @import './components'; +@import './list'; @import './search-bar'; diff --git a/ui/packages/consul-ui/app/styles/routes/dc/peers/index.scss b/ui/packages/consul-ui/app/components/consul/peer/list/index.scss similarity index 79% rename from ui/packages/consul-ui/app/styles/routes/dc/peers/index.scss rename to ui/packages/consul-ui/app/components/consul/peer/list/index.scss index 1380b3ab1..a20a2cbcd 100644 --- a/ui/packages/consul-ui/app/styles/routes/dc/peers/index.scss +++ b/ui/packages/consul-ui/app/components/consul/peer/list/index.scss @@ -1,6 +1,6 @@ .peers__list__peer-detail { display: flex; align-content: center; - overflow-x: scroll; gap: 18px; } + diff --git a/ui/packages/consul-ui/app/styles/routes.scss b/ui/packages/consul-ui/app/styles/routes.scss index 0493242c3..624ff4570 100644 --- a/ui/packages/consul-ui/app/styles/routes.scss +++ b/ui/packages/consul-ui/app/styles/routes.scss @@ -5,4 +5,3 @@ @import 'routes/dc/intentions/index'; @import 'routes/dc/overview/serverstatus'; @import 'routes/dc/overview/license'; -@import 'routes/dc/peers'; From dc4302e23f8b1ae78048811b0780b247fe995d9a Mon Sep 17 00:00:00 2001 From: John Cowen Date: Wed, 13 Jul 2022 12:06:16 +0100 Subject: [PATCH 729/785] ui: Remove UNDEFINED state from being undeleteable (#13702) * ui: Remove UNDEFINED state from being undeleteable * Fixup node tests --- ui/packages/consul-ui/app/abilities/peer.js | 6 ++++-- ui/packages/consul-ui/node-tests/config/environment.js | 3 +++ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/ui/packages/consul-ui/app/abilities/peer.js b/ui/packages/consul-ui/app/abilities/peer.js index 43ec791ab..8bac06945 100644 --- a/ui/packages/consul-ui/app/abilities/peer.js +++ b/ui/packages/consul-ui/app/abilities/peer.js @@ -11,8 +11,10 @@ export default class PeerAbility extends BaseAbility { return this.canDelete; } get canDelete() { - // TODO: Need to confirm these states - return !['DELETING', 'TERMINATED', 'UNDEFINED'].includes(this.item.State) && super.canDelete; + return ![ + 'DELETING', + 'TERMINATED' + ].includes(this.item.State) && super.canDelete; } get canUse() { diff --git a/ui/packages/consul-ui/node-tests/config/environment.js b/ui/packages/consul-ui/node-tests/config/environment.js index 0a88fa02a..352444826 100644 --- a/ui/packages/consul-ui/node-tests/config/environment.js +++ b/ui/packages/consul-ui/node-tests/config/environment.js @@ -20,6 +20,7 @@ test( ACLsEnabled: true, NamespacesEnabled: false, SSOEnabled: false, + PeeringEnabled: true, PartitionsEnabled: false, LocalDatacenter: 'dc1', PrimaryDatacenter: 'dc1', @@ -35,6 +36,7 @@ test( ACLsEnabled: true, NamespacesEnabled: true, SSOEnabled: false, + PeeringEnabled: true, PartitionsEnabled: false, LocalDatacenter: 'dc1', PrimaryDatacenter: 'dc1', @@ -50,6 +52,7 @@ test( ACLsEnabled: true, NamespacesEnabled: false, SSOEnabled: true, + PeeringEnabled: true, PartitionsEnabled: false, LocalDatacenter: 'dc1', PrimaryDatacenter: 'dc1', From c880728ab4ad6e54fee71fa5e32aac86a831f409 Mon Sep 17 00:00:00 2001 From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com> Date: Wed, 13 Jul 2022 10:00:35 -0500 Subject: [PATCH 730/785] peerstream: some cosmetic refactors to make this easier to follow (#13732) - Use some protobuf construction helper methods for brevity. - Rename a local variable to avoid later shadowing. - Rename the Nonce field to be more like xDS's naming. - Be more explicit about which PeerID fields are empty. --- agent/consul/leader_peering.go | 4 + .../public/services/peerstream/replication.go | 121 +++++++++--------- .../services/peerstream/stream_resources.go | 92 ++++++++----- .../public/services/peerstream/stream_test.go | 108 ++++++++-------- proto/pbpeerstream/peerstream.pb.go | 107 ++++++++-------- proto/pbpeerstream/peerstream.proto | 4 +- 6 files changed, 240 insertions(+), 196 deletions(-) diff --git a/agent/consul/leader_peering.go b/agent/consul/leader_peering.go index 48ce59d07..a289412ea 100644 --- a/agent/consul/leader_peering.go +++ b/agent/consul/leader_peering.go @@ -252,6 +252,10 @@ func (s *Server) establishStream(ctx context.Context, logger hclog.Logger, peer return err } + if peer.PeerID == "" { + return fmt.Errorf("expected PeerID to be non empty; the wrong end of peering is being dialed") + } + streamReq := peerstream.HandleStreamRequest{ LocalID: peer.ID, RemoteID: peer.PeerID, diff --git a/agent/grpc/public/services/peerstream/replication.go b/agent/grpc/public/services/peerstream/replication.go index bbb54c408..f9f5ce76b 100644 --- a/agent/grpc/public/services/peerstream/replication.go +++ b/agent/grpc/public/services/peerstream/replication.go @@ -38,12 +38,10 @@ import ( func makeServiceResponse( logger hclog.Logger, update cache.UpdateEvent, -) *pbpeerstream.ReplicationMessage { +) (*pbpeerstream.ReplicationMessage_Response, error) { any, csn, err := marshalToProtoAny[*pbservice.IndexedCheckServiceNodes](update.Result) if err != nil { - // Log the error and skip this response to avoid locking up peering due to a bad update event. - logger.Error("failed to marshal", "error", err) - return nil + return nil, fmt.Errorf("failed to marshal: %w", err) } serviceName := strings.TrimPrefix(update.CorrelationID, subExportedService) @@ -56,60 +54,43 @@ func makeServiceResponse( // We don't distinguish when these three things occurred, but it's safe to send a DELETE Op in all cases, so we do that. // Case #1 is a no-op for the importing peer. if len(csn.Nodes) == 0 { - resp := &pbpeerstream.ReplicationMessage{ - Payload: &pbpeerstream.ReplicationMessage_Response_{ - Response: &pbpeerstream.ReplicationMessage_Response{ - ResourceURL: pbpeerstream.TypeURLService, - // TODO(peering): Nonce management - Nonce: "", - ResourceID: serviceName, - Operation: pbpeerstream.Operation_OPERATION_DELETE, - }, - }, - } - return resp + return &pbpeerstream.ReplicationMessage_Response{ + ResourceURL: pbpeerstream.TypeURLService, + // TODO(peering): Nonce management + Nonce: "", + ResourceID: serviceName, + Operation: pbpeerstream.Operation_OPERATION_DELETE, + }, nil } // If there are nodes in the response, we push them as an UPSERT operation. - resp := &pbpeerstream.ReplicationMessage{ - Payload: &pbpeerstream.ReplicationMessage_Response_{ - Response: &pbpeerstream.ReplicationMessage_Response{ - ResourceURL: pbpeerstream.TypeURLService, - // TODO(peering): Nonce management - Nonce: "", - ResourceID: serviceName, - Operation: pbpeerstream.Operation_OPERATION_UPSERT, - Resource: any, - }, - }, - } - return resp + return &pbpeerstream.ReplicationMessage_Response{ + ResourceURL: pbpeerstream.TypeURLService, + // TODO(peering): Nonce management + Nonce: "", + ResourceID: serviceName, + Operation: pbpeerstream.Operation_OPERATION_UPSERT, + Resource: any, + }, nil } func makeCARootsResponse( logger hclog.Logger, update cache.UpdateEvent, -) *pbpeerstream.ReplicationMessage { +) (*pbpeerstream.ReplicationMessage_Response, error) { any, _, err := marshalToProtoAny[*pbpeering.PeeringTrustBundle](update.Result) if err != nil { - // Log the error and skip this response to avoid locking up peering due to a bad update event. - logger.Error("failed to marshal", "error", err) - return nil + return nil, fmt.Errorf("failed to marshal: %w", err) } - resp := &pbpeerstream.ReplicationMessage{ - Payload: &pbpeerstream.ReplicationMessage_Response_{ - Response: &pbpeerstream.ReplicationMessage_Response{ - ResourceURL: pbpeerstream.TypeURLRoots, - // TODO(peering): Nonce management - Nonce: "", - ResourceID: "roots", - Operation: pbpeerstream.Operation_OPERATION_UPSERT, - Resource: any, - }, - }, - } - return resp + return &pbpeerstream.ReplicationMessage_Response{ + ResourceURL: pbpeerstream.TypeURLRoots, + // TODO(peering): Nonce management + Nonce: "", + ResourceID: "roots", + Operation: pbpeerstream.Operation_OPERATION_UPSERT, + Resource: any, + }, nil } // marshalToProtoAny takes any input and returns: @@ -136,7 +117,7 @@ func (s *Server) processResponse( ) (*pbpeerstream.ReplicationMessage, error) { if !pbpeerstream.KnownTypeURL(resp.ResourceURL) { err := fmt.Errorf("received response for unknown resource type %q", resp.ResourceURL) - return makeReply( + return makeNACKReply( resp.ResourceURL, resp.Nonce, code.Code_INVALID_ARGUMENT, @@ -148,7 +129,7 @@ func (s *Server) processResponse( case pbpeerstream.Operation_OPERATION_UPSERT: if resp.Resource == nil { err := fmt.Errorf("received upsert response with no content") - return makeReply( + return makeNACKReply( resp.ResourceURL, resp.Nonce, code.Code_INVALID_ARGUMENT, @@ -157,7 +138,7 @@ func (s *Server) processResponse( } if err := s.handleUpsert(peerName, partition, resp.ResourceURL, resp.ResourceID, resp.Resource); err != nil { - return makeReply( + return makeNACKReply( resp.ResourceURL, resp.Nonce, code.Code_INTERNAL, @@ -165,18 +146,18 @@ func (s *Server) processResponse( ), fmt.Errorf("upsert error: %w", err) } - return makeReply(resp.ResourceURL, resp.Nonce, code.Code_OK, ""), nil + return makeACKReply(resp.ResourceURL, resp.Nonce), nil case pbpeerstream.Operation_OPERATION_DELETE: if err := s.handleDelete(peerName, partition, resp.ResourceURL, resp.ResourceID); err != nil { - return makeReply( + return makeNACKReply( resp.ResourceURL, resp.Nonce, code.Code_INTERNAL, fmt.Sprintf("delete error, ResourceURL: %q, ResourceID: %q: %v", resp.ResourceURL, resp.ResourceID, err), ), fmt.Errorf("delete error: %w", err) } - return makeReply(resp.ResourceURL, resp.Nonce, code.Code_OK, ""), nil + return makeACKReply(resp.ResourceURL, resp.Nonce), nil default: var errMsg string @@ -185,7 +166,7 @@ func (s *Server) processResponse( } else { errMsg = fmt.Sprintf("unsupported operation: %d", resp.Operation) } - return makeReply( + return makeNACKReply( resp.ResourceURL, resp.Nonce, code.Code_INVALID_ARGUMENT, @@ -458,7 +439,14 @@ func (s *Server) handleDelete( } } -func makeReply(resourceURL, nonce string, errCode code.Code, errMsg string) *pbpeerstream.ReplicationMessage { +func makeACKReply(resourceURL, nonce string) *pbpeerstream.ReplicationMessage { + return makeReplicationRequest(&pbpeerstream.ReplicationMessage_Request{ + ResourceURL: resourceURL, + ResponseNonce: nonce, + }) +} + +func makeNACKReply(resourceURL, nonce string, errCode code.Code, errMsg string) *pbpeerstream.ReplicationMessage { var rpcErr *pbstatus.Status if errCode != code.Code_OK || errMsg != "" { rpcErr = &pbstatus.Status{ @@ -467,14 +455,27 @@ func makeReply(resourceURL, nonce string, errCode code.Code, errMsg string) *pbp } } - // TODO: shouldn't this be response? + return makeReplicationRequest(&pbpeerstream.ReplicationMessage_Request{ + ResourceURL: resourceURL, + ResponseNonce: nonce, + Error: rpcErr, + }) +} + +// makeReplicationRequest is a convenience method to make a Request-type ReplicationMessage. +func makeReplicationRequest(req *pbpeerstream.ReplicationMessage_Request) *pbpeerstream.ReplicationMessage { return &pbpeerstream.ReplicationMessage{ Payload: &pbpeerstream.ReplicationMessage_Request_{ - Request: &pbpeerstream.ReplicationMessage_Request{ - ResourceURL: resourceURL, - Nonce: nonce, - Error: rpcErr, - }, + Request: req, + }, + } +} + +// makeReplicationResponse is a convenience method to make a Response-type ReplicationMessage. +func makeReplicationResponse(resp *pbpeerstream.ReplicationMessage_Response) *pbpeerstream.ReplicationMessage { + return &pbpeerstream.ReplicationMessage{ + Payload: &pbpeerstream.ReplicationMessage_Response_{ + Response: resp, }, } } diff --git a/agent/grpc/public/services/peerstream/stream_resources.go b/agent/grpc/public/services/peerstream/stream_resources.go index 17a606e5b..f85da232f 100644 --- a/agent/grpc/public/services/peerstream/stream_resources.go +++ b/agent/grpc/public/services/peerstream/stream_resources.go @@ -32,6 +32,9 @@ func (s *Server) StreamResources(stream pbpeerstream.PeerStreamService_StreamRes logger.Trace("Started processing request") defer logger.Trace("Finished processing request") + // NOTE: this code should have similar error handling to the new-request + // handling code in HandleStream() + if !s.Backend.IsLeader() { // we are not the leader so we will hang up on the dialer @@ -68,11 +71,14 @@ func (s *Server) StreamResources(stream pbpeerstream.PeerStreamService_StreamRes if req.PeerID == "" { return grpcstatus.Error(codes.InvalidArgument, "initial subscription request must specify a PeerID") } - if req.Nonce != "" { + if req.ResponseNonce != "" { return grpcstatus.Error(codes.InvalidArgument, "initial subscription request must not contain a nonce") } + if req.Error != nil { + return grpcstatus.Error(codes.InvalidArgument, "initial subscription request must not contain an error") + } if !pbpeerstream.KnownTypeURL(req.ResourceURL) { - return grpcstatus.Error(codes.InvalidArgument, fmt.Sprintf("subscription request to unknown resource URL: %s", req.ResourceURL)) + return grpcstatus.Errorf(codes.InvalidArgument, "subscription request to unknown resource URL: %s", req.ResourceURL) } _, p, err := s.GetStore().PeeringReadByID(nil, req.PeerID) @@ -88,9 +94,13 @@ func (s *Server) StreamResources(stream pbpeerstream.PeerStreamService_StreamRes // TODO(peering): Store subscription request so that an event publisher can separately handle pushing messages for it logger.Info("accepted initial replication request from peer", "peer_id", p.ID) + if p.PeerID != "" { + return grpcstatus.Error(codes.InvalidArgument, "expected PeerID to be empty; the wrong end of peering is being dialed") + } + streamReq := HandleStreamRequest{ LocalID: p.ID, - RemoteID: p.PeerID, + RemoteID: "", PeerName: p.Name, Partition: p.Partition, Stream: stream, @@ -123,6 +133,10 @@ type HandleStreamRequest struct { Stream BidirectionalStream } +func (r HandleStreamRequest) WasDialed() bool { + return r.RemoteID == "" +} + // DrainStream attempts to gracefully drain the stream when the connection is going to be torn down. // Tearing down the connection too quickly can lead our peer receiving a context cancellation error before the stream termination message. // Handling the termination message is important to set the expectation that the peering will not be reestablished unless recreated. @@ -143,18 +157,21 @@ func (s *Server) DrainStream(req HandleStreamRequest) { // The localID provided is the locally-generated identifier for the peering. // The remoteID is an identifier that the remote peer recognizes for the peering. -func (s *Server) HandleStream(req HandleStreamRequest) error { +func (s *Server) HandleStream(streamReq HandleStreamRequest) error { // TODO: pass logger down from caller? - logger := s.Logger.Named("stream").With("peer_name", req.PeerName, "peer_id", req.LocalID) + logger := s.Logger.Named("stream"). + With("peer_name", streamReq.PeerName). + With("peer_id", streamReq.LocalID). + With("dialed", streamReq.WasDialed()) logger.Trace("handling stream for peer") - status, err := s.Tracker.Connected(req.LocalID) + status, err := s.Tracker.Connected(streamReq.LocalID) if err != nil { return fmt.Errorf("failed to register stream: %v", err) } // TODO(peering) Also need to clear subscriptions associated with the peer - defer s.Tracker.Disconnected(req.LocalID) + defer s.Tracker.Disconnected(streamReq.LocalID) var trustDomain string if s.ConnectEnabled { @@ -167,26 +184,22 @@ func (s *Server) HandleStream(req HandleStreamRequest) error { } mgr := newSubscriptionManager( - req.Stream.Context(), + streamReq.Stream.Context(), logger, s.Config, trustDomain, s.Backend, s.GetStore, ) - subCh := mgr.subscribe(req.Stream.Context(), req.LocalID, req.PeerName, req.Partition) + subCh := mgr.subscribe(streamReq.Stream.Context(), streamReq.LocalID, streamReq.PeerName, streamReq.Partition) - sub := &pbpeerstream.ReplicationMessage{ - Payload: &pbpeerstream.ReplicationMessage_Request_{ - Request: &pbpeerstream.ReplicationMessage_Request{ - ResourceURL: pbpeerstream.TypeURLService, - PeerID: req.RemoteID, - }, - }, - } + sub := makeReplicationRequest(&pbpeerstream.ReplicationMessage_Request{ + ResourceURL: pbpeerstream.TypeURLService, + PeerID: streamReq.RemoteID, + }) logTraceSend(logger, sub) - if err := req.Stream.Send(sub); err != nil { + if err := streamReq.Stream.Send(sub); err != nil { if err == io.EOF { logger.Info("stream ended by peer") status.TrackReceiveError(err.Error()) @@ -202,7 +215,7 @@ func (s *Server) HandleStream(req HandleStreamRequest) error { go func() { defer close(recvChan) for { - msg, err := req.Stream.Recv() + msg, err := streamReq.Stream.Recv() if err == nil { logTraceRecv(logger, msg) recvChan <- msg @@ -233,13 +246,13 @@ func (s *Server) HandleStream(req HandleStreamRequest) error { } logTraceSend(logger, term) - if err := req.Stream.Send(term); err != nil { + if err := streamReq.Stream.Send(term); err != nil { status.TrackSendError(err.Error()) return fmt.Errorf("failed to send to stream: %v", err) } logger.Trace("deleting stream status") - s.Tracker.DeleteStatus(req.LocalID) + s.Tracker.DeleteStatus(streamReq.LocalID) return nil @@ -249,6 +262,9 @@ func (s *Server) HandleStream(req HandleStreamRequest) error { return nil } + // NOTE: this code should have similar error handling to the + // initial handling code in StreamResources() + if !s.Backend.IsLeader() { // we are not the leader anymore so we will hang up on the dialer logger.Error("node is not a leader anymore; cannot continue streaming") @@ -265,8 +281,11 @@ func (s *Server) HandleStream(req HandleStreamRequest) error { } if req := msg.GetRequest(); req != nil { + if !pbpeerstream.KnownTypeURL(req.ResourceURL) { + return grpcstatus.Errorf(codes.InvalidArgument, "subscription request to unknown resource URL: %s", req.ResourceURL) + } switch { - case req.Nonce == "": + case req.ResponseNonce == "": // TODO(peering): This can happen on a client peer since they don't try to receive subscriptions before entering HandleStream. // Should change that behavior or only allow it that one time. @@ -283,7 +302,7 @@ func (s *Server) HandleStream(req HandleStreamRequest) error { if resp := msg.GetResponse(); resp != nil { // TODO(peering): Ensure there's a nonce - reply, err := s.processResponse(req.PeerName, req.Partition, resp) + reply, err := s.processResponse(streamReq.PeerName, streamReq.Partition, resp) if err != nil { logger.Error("failed to persist resource", "resourceURL", resp.ResourceURL, "resourceID", resp.ResourceID) status.TrackReceiveError(err.Error()) @@ -292,7 +311,7 @@ func (s *Server) HandleStream(req HandleStreamRequest) error { } logTraceSend(logger, reply) - if err := req.Stream.Send(reply); err != nil { + if err := streamReq.Stream.Send(reply); err != nil { status.TrackSendError(err.Error()) return fmt.Errorf("failed to send to stream: %v", err) } @@ -304,23 +323,33 @@ func (s *Server) HandleStream(req HandleStreamRequest) error { logger.Info("peering was deleted by our peer: marking peering as terminated and cleaning up imported resources") // Once marked as terminated, a separate deferred deletion routine will clean up imported resources. - if err := s.Backend.PeeringTerminateByID(&pbpeering.PeeringTerminateByIDRequest{ID: req.LocalID}); err != nil { + if err := s.Backend.PeeringTerminateByID(&pbpeering.PeeringTerminateByIDRequest{ID: streamReq.LocalID}); err != nil { logger.Error("failed to mark peering as terminated: %w", err) } return nil } case update := <-subCh: - var resp *pbpeerstream.ReplicationMessage + var resp *pbpeerstream.ReplicationMessage_Response switch { case strings.HasPrefix(update.CorrelationID, subExportedService): - resp = makeServiceResponse(logger, update) + resp, err = makeServiceResponse(logger, update) + if err != nil { + // Log the error and skip this response to avoid locking up peering due to a bad update event. + logger.Error("failed to create service response", "error", err) + continue + } case strings.HasPrefix(update.CorrelationID, subMeshGateway): // TODO(Peering): figure out how to sync this separately case update.CorrelationID == subCARoot: - resp = makeCARootsResponse(logger, update) + resp, err = makeCARootsResponse(logger, update) + if err != nil { + // Log the error and skip this response to avoid locking up peering due to a bad update event. + logger.Error("failed to create ca roots response", "error", err) + continue + } default: logger.Warn("unrecognized update type from subscription manager: " + update.CorrelationID) @@ -329,8 +358,11 @@ func (s *Server) HandleStream(req HandleStreamRequest) error { if resp == nil { continue } - logTraceSend(logger, resp) - if err := req.Stream.Send(resp); err != nil { + + replResp := makeReplicationResponse(resp) + + logTraceSend(logger, replResp) + if err := streamReq.Stream.Send(replResp); err != nil { status.TrackSendError(err.Error()) return fmt.Errorf("failed to push data for %q: %w", update.CorrelationID, err) } diff --git a/agent/grpc/public/services/peerstream/stream_test.go b/agent/grpc/public/services/peerstream/stream_test.go index 8bf644c5b..de1455a63 100644 --- a/agent/grpc/public/services/peerstream/stream_test.go +++ b/agent/grpc/public/services/peerstream/stream_test.go @@ -109,7 +109,8 @@ func TestStreamResources_Server_LeaderBecomesFollower(t *testing.T) { } }() - p := writeEstablishedPeering(t, store, 1, "my-peer") + p := writePeeringToBeDialed(t, store, 1, "my-peer") + require.Empty(t, p.PeerID, "should be empty if being dialed") peerID := p.ID // Set the initial roots and CA configuration. @@ -139,8 +140,8 @@ func TestStreamResources_Server_LeaderBecomesFollower(t *testing.T) { input2 := &pbpeerstream.ReplicationMessage{ Payload: &pbpeerstream.ReplicationMessage_Request_{ Request: &pbpeerstream.ReplicationMessage_Request{ - ResourceURL: pbpeerstream.TypeURLService, - Nonce: "1", + ResourceURL: pbpeerstream.TypeURLService, + ResponseNonce: "1", }, }, } @@ -225,8 +226,8 @@ func TestStreamResources_Server_FirstRequest(t *testing.T) { input: &pbpeerstream.ReplicationMessage{ Payload: &pbpeerstream.ReplicationMessage_Request_{ Request: &pbpeerstream.ReplicationMessage_Request{ - PeerID: "63b60245-c475-426b-b314-4588d210859d", - Nonce: "1", + PeerID: "63b60245-c475-426b-b314-4588d210859d", + ResponseNonce: "1", }, }, }, @@ -275,16 +276,14 @@ func TestStreamResources_Server_Terminate(t *testing.T) { c.Tracker.SetClock(it.Now) }) - p := writeEstablishedPeering(t, store, 1, "my-peer") - var ( - peerID = p.ID // for Send - remotePeerID = p.PeerID // for Recv - ) + p := writePeeringToBeDialed(t, store, 1, "my-peer") + require.Empty(t, p.PeerID, "should be empty if being dialed") + peerID := p.ID // Set the initial roots and CA configuration. _, _ = writeInitialRootsAndCA(t, store) - client := makeClient(t, srv, peerID, remotePeerID) + client := makeClient(t, srv, peerID) // TODO(peering): test fails if we don't drain the stream with this call because the // server gets blocked sending the termination message. Figure out a way to let @@ -334,13 +333,11 @@ func TestStreamResources_Server_StreamTracker(t *testing.T) { // Set the initial roots and CA configuration. _, rootA := writeInitialRootsAndCA(t, store) - p := writeEstablishedPeering(t, store, 1, "my-peer") - var ( - peerID = p.ID // for Send - remotePeerID = p.PeerID // for Recv - ) + p := writePeeringToBeDialed(t, store, 1, "my-peer") + require.Empty(t, p.PeerID, "should be empty if being dialed") + peerID := p.ID - client := makeClient(t, srv, peerID, remotePeerID) + client := makeClient(t, srv, peerID) testutil.RunStep(t, "new stream gets tracked", func(t *testing.T) { retry.Run(t, func(r *retry.R) { @@ -357,9 +354,9 @@ func TestStreamResources_Server_StreamTracker(t *testing.T) { ack := &pbpeerstream.ReplicationMessage{ Payload: &pbpeerstream.ReplicationMessage_Request_{ Request: &pbpeerstream.ReplicationMessage_Request{ - PeerID: peerID, - ResourceURL: pbpeerstream.TypeURLService, - Nonce: "1", + PeerID: peerID, + ResourceURL: pbpeerstream.TypeURLService, + ResponseNonce: "1", // Acks do not have an Error populated in the request }, @@ -390,9 +387,9 @@ func TestStreamResources_Server_StreamTracker(t *testing.T) { nack := &pbpeerstream.ReplicationMessage{ Payload: &pbpeerstream.ReplicationMessage_Request_{ Request: &pbpeerstream.ReplicationMessage_Request{ - PeerID: peerID, - ResourceURL: pbpeerstream.TypeURLService, - Nonce: "2", + PeerID: peerID, + ResourceURL: pbpeerstream.TypeURLService, + ResponseNonce: "2", Error: &pbstatus.Status{ Code: int32(code.Code_UNAVAILABLE), Message: "bad bad not good", @@ -463,8 +460,8 @@ func TestStreamResources_Server_StreamTracker(t *testing.T) { expectAck := &pbpeerstream.ReplicationMessage{ Payload: &pbpeerstream.ReplicationMessage_Request_{ Request: &pbpeerstream.ReplicationMessage_Request{ - ResourceURL: pbpeerstream.TypeURLService, - Nonce: "21", + ResourceURL: pbpeerstream.TypeURLService, + ResponseNonce: "21", }, }, } @@ -513,8 +510,8 @@ func TestStreamResources_Server_StreamTracker(t *testing.T) { expectNack := &pbpeerstream.ReplicationMessage{ Payload: &pbpeerstream.ReplicationMessage_Request_{ Request: &pbpeerstream.ReplicationMessage_Request{ - ResourceURL: pbpeerstream.TypeURLService, - Nonce: "24", + ResourceURL: pbpeerstream.TypeURLService, + ResponseNonce: "24", Error: &pbstatus.Status{ Code: int32(code.Code_INVALID_ARGUMENT), Message: `unsupported operation: "OPERATION_UNSPECIFIED"`, @@ -577,12 +574,13 @@ func TestStreamResources_Server_ServiceUpdates(t *testing.T) { // Create a peering var lastIdx uint64 = 1 - p := writeEstablishedPeering(t, store, lastIdx, "my-peering") + p := writePeeringToBeDialed(t, store, lastIdx, "my-peering") + require.Empty(t, p.PeerID, "should be empty if being dialed") // Set the initial roots and CA configuration. _, _ = writeInitialRootsAndCA(t, store) - client := makeClient(t, srv, p.ID, p.PeerID) + client := makeClient(t, srv, p.ID) // Register a service that is not yet exported mysql := &structs.CheckServiceNode{ @@ -800,12 +798,13 @@ func TestStreamResources_Server_CARootUpdates(t *testing.T) { // Create a peering var lastIdx uint64 = 1 - p := writeEstablishedPeering(t, store, lastIdx, "my-peering") + p := writePeeringToBeDialed(t, store, lastIdx, "my-peering") + require.Empty(t, p.PeerID, "should be empty if being dialed") // Set the initial roots and CA configuration. clusterID, rootA := writeInitialRootsAndCA(t, store) - client := makeClient(t, srv, p.ID, p.PeerID) + client := makeClient(t, srv, p.ID) testutil.RunStep(t, "initial CA Roots replication", func(t *testing.T) { expectReplEvents(t, client, @@ -856,12 +855,7 @@ func TestStreamResources_Server_CARootUpdates(t *testing.T) { // makeClient sets up a *MockClient with the initial subscription // message handshake. -func makeClient( - t *testing.T, - srv pbpeerstream.PeerStreamServiceServer, - peerID string, - remotePeerID string, -) *MockClient { +func makeClient(t *testing.T, srv pbpeerstream.PeerStreamServiceServer, peerID string) *MockClient { t.Helper() client := NewMockClient(context.Background()) @@ -896,7 +890,10 @@ func makeClient( Payload: &pbpeerstream.ReplicationMessage_Request_{ Request: &pbpeerstream.ReplicationMessage_Request{ ResourceURL: pbpeerstream.TypeURLService, - PeerID: remotePeerID, + // The PeerID field is only set for the messages coming FROM + // the establishing side and are going to be empty from the + // other side. + PeerID: "", }, }, } @@ -1003,8 +1000,8 @@ func Test_processResponse_Validation(t *testing.T) { expect: &pbpeerstream.ReplicationMessage{ Payload: &pbpeerstream.ReplicationMessage_Request_{ Request: &pbpeerstream.ReplicationMessage_Request{ - ResourceURL: pbpeerstream.TypeURLService, - Nonce: "1", + ResourceURL: pbpeerstream.TypeURLService, + ResponseNonce: "1", }, }, }, @@ -1021,8 +1018,8 @@ func Test_processResponse_Validation(t *testing.T) { expect: &pbpeerstream.ReplicationMessage{ Payload: &pbpeerstream.ReplicationMessage_Request_{ Request: &pbpeerstream.ReplicationMessage_Request{ - ResourceURL: pbpeerstream.TypeURLService, - Nonce: "1", + ResourceURL: pbpeerstream.TypeURLService, + ResponseNonce: "1", }, }, }, @@ -1038,8 +1035,8 @@ func Test_processResponse_Validation(t *testing.T) { expect: &pbpeerstream.ReplicationMessage{ Payload: &pbpeerstream.ReplicationMessage_Request_{ Request: &pbpeerstream.ReplicationMessage_Request{ - ResourceURL: "nomad.Job", - Nonce: "1", + ResourceURL: "nomad.Job", + ResponseNonce: "1", Error: &pbstatus.Status{ Code: int32(code.Code_INVALID_ARGUMENT), Message: `received response for unknown resource type "nomad.Job"`, @@ -1059,8 +1056,8 @@ func Test_processResponse_Validation(t *testing.T) { expect: &pbpeerstream.ReplicationMessage{ Payload: &pbpeerstream.ReplicationMessage_Request_{ Request: &pbpeerstream.ReplicationMessage_Request{ - ResourceURL: pbpeerstream.TypeURLService, - Nonce: "1", + ResourceURL: pbpeerstream.TypeURLService, + ResponseNonce: "1", Error: &pbstatus.Status{ Code: int32(code.Code_INVALID_ARGUMENT), Message: `unsupported operation: "OPERATION_UNSPECIFIED"`, @@ -1080,8 +1077,8 @@ func Test_processResponse_Validation(t *testing.T) { expect: &pbpeerstream.ReplicationMessage{ Payload: &pbpeerstream.ReplicationMessage_Request_{ Request: &pbpeerstream.ReplicationMessage_Request{ - ResourceURL: pbpeerstream.TypeURLService, - Nonce: "1", + ResourceURL: pbpeerstream.TypeURLService, + ResponseNonce: "1", Error: &pbstatus.Status{ Code: int32(code.Code_INVALID_ARGUMENT), Message: `unsupported operation: 100000`, @@ -1099,12 +1096,21 @@ func Test_processResponse_Validation(t *testing.T) { } } -// writeEstablishedPeering creates a peering with the provided name and ensures +// writePeeringToDialFrom creates a peering with the provided name and ensures // the PeerID field is set for the ID of the remote peer. -func writeEstablishedPeering(t *testing.T, store *state.Store, idx uint64, peerName string) *pbpeering.Peering { +func writePeeringToDialFrom(t *testing.T, store *state.Store, idx uint64, peerName string) *pbpeering.Peering { remotePeerID, err := uuid.GenerateUUID() require.NoError(t, err) + return writeTestPeering(t, store, idx, peerName, remotePeerID) +} +// writePeeringToBeDialed creates a peering with the provided name and ensures +// the PeerID field is NOT set for the ID of the remote peer. +func writePeeringToBeDialed(t *testing.T, store *state.Store, idx uint64, peerName string) *pbpeering.Peering { + return writeTestPeering(t, store, idx, peerName, "") +} + +func writeTestPeering(t *testing.T, store *state.Store, idx uint64, peerName, remotePeerID string) *pbpeering.Peering { peering := pbpeering.Peering{ ID: testUUID(t), Name: peerName, @@ -1187,7 +1193,7 @@ func expectReplEvents(t *testing.T, client *MockClient, checkFns ...func(t *test if reqA.ResourceURL != reqB.ResourceURL { return reqA.ResourceURL < reqB.ResourceURL } - return reqA.Nonce < reqB.Nonce + return reqA.ResponseNonce < reqB.ResponseNonce case *pbpeerstream.ReplicationMessage_Response_: respA, respB := a.GetResponse(), b.GetResponse() diff --git a/proto/pbpeerstream/peerstream.pb.go b/proto/pbpeerstream/peerstream.pb.go index 12afdd2d9..17d20ff4e 100644 --- a/proto/pbpeerstream/peerstream.pb.go +++ b/proto/pbpeerstream/peerstream.pb.go @@ -229,11 +229,11 @@ type ReplicationMessage_Request struct { // An identifier for the peer making the request. // This identifier is provisioned by the serving peer prior to the request from the dialing peer. PeerID string `protobuf:"bytes,1,opt,name=PeerID,proto3" json:"PeerID,omitempty"` - // Nonce corresponding to that of the response being ACKed or NACKed. + // ResponseNonce corresponding to that of the response being ACKed or NACKed. // Initial subscription requests will have an empty nonce. // The nonce is generated and incremented by the exporting peer. // TODO - Nonce string `protobuf:"bytes,2,opt,name=Nonce,proto3" json:"Nonce,omitempty"` + ResponseNonce string `protobuf:"bytes,2,opt,name=ResponseNonce,proto3" json:"ResponseNonce,omitempty"` // The type URL for the resource being requested or ACK/NACKed. ResourceURL string `protobuf:"bytes,3,opt,name=ResourceURL,proto3" json:"ResourceURL,omitempty"` // The error if the previous response was not applied successfully. @@ -280,9 +280,9 @@ func (x *ReplicationMessage_Request) GetPeerID() string { return "" } -func (x *ReplicationMessage_Request) GetNonce() string { +func (x *ReplicationMessage_Request) GetResponseNonce() string { if x != nil { - return x.Nonce + return x.ResponseNonce } return "" } @@ -436,7 +436,7 @@ var file_proto_pbpeerstream_peerstream_proto_rawDesc = []byte{ 0x6d, 0x1a, 0x19, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x61, 0x6e, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1b, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x2f, 0x73, 0x74, 0x61, - 0x74, 0x75, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xd2, 0x04, 0x0a, 0x12, 0x52, 0x65, + 0x74, 0x75, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xe3, 0x04, 0x0a, 0x12, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x12, 0x42, 0x0a, 0x07, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x2e, 0x52, @@ -451,54 +451,55 @@ var file_proto_pbpeerstream_peerstream_proto_rawDesc = []byte{ 0x29, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x2e, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x2e, 0x54, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x74, 0x65, 0x64, 0x48, 0x00, 0x52, 0x0a, 0x74, 0x65, - 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x74, 0x65, 0x64, 0x1a, 0x7f, 0x0a, 0x07, 0x52, 0x65, 0x71, 0x75, - 0x65, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x50, 0x65, 0x65, 0x72, 0x49, 0x44, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x06, 0x50, 0x65, 0x65, 0x72, 0x49, 0x44, 0x12, 0x14, 0x0a, 0x05, 0x4e, - 0x6f, 0x6e, 0x63, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x4e, 0x6f, 0x6e, 0x63, - 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x55, 0x52, 0x4c, - 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, - 0x55, 0x52, 0x4c, 0x12, 0x24, 0x0a, 0x05, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x18, 0x04, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x2e, 0x53, 0x74, 0x61, 0x74, - 0x75, 0x73, 0x52, 0x05, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x1a, 0xc9, 0x01, 0x0a, 0x08, 0x52, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x4e, 0x6f, 0x6e, 0x63, 0x65, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x4e, 0x6f, 0x6e, 0x63, 0x65, 0x12, 0x20, 0x0a, 0x0b, - 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x55, 0x52, 0x4c, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x0b, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x55, 0x52, 0x4c, 0x12, 0x1e, - 0x0a, 0x0a, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x44, 0x18, 0x03, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x0a, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x44, 0x12, 0x30, - 0x0a, 0x08, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x14, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, - 0x75, 0x66, 0x2e, 0x41, 0x6e, 0x79, 0x52, 0x08, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, - 0x12, 0x33, 0x0a, 0x09, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x05, 0x20, - 0x01, 0x28, 0x0e, 0x32, 0x15, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, - 0x2e, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x09, 0x6f, 0x70, 0x65, 0x72, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0x0c, 0x0a, 0x0a, 0x54, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, - 0x74, 0x65, 0x64, 0x42, 0x09, 0x0a, 0x07, 0x50, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x22, 0x29, - 0x0a, 0x0d, 0x4c, 0x65, 0x61, 0x64, 0x65, 0x72, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, - 0x18, 0x0a, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x2a, 0x52, 0x0a, 0x09, 0x4f, 0x70, 0x65, - 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x19, 0x0a, 0x15, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, - 0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, - 0x00, 0x12, 0x14, 0x0a, 0x10, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55, - 0x50, 0x53, 0x45, 0x52, 0x54, 0x10, 0x01, 0x12, 0x14, 0x0a, 0x10, 0x4f, 0x50, 0x45, 0x52, 0x41, - 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x44, 0x45, 0x4c, 0x45, 0x54, 0x45, 0x10, 0x02, 0x32, 0x6a, 0x0a, - 0x11, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x53, 0x65, 0x72, 0x76, 0x69, - 0x63, 0x65, 0x12, 0x55, 0x0a, 0x0f, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x52, 0x65, 0x73, 0x6f, - 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, 0x1e, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, - 0x61, 0x6d, 0x2e, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, - 0x73, 0x73, 0x61, 0x67, 0x65, 0x1a, 0x1e, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, - 0x61, 0x6d, 0x2e, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, - 0x73, 0x73, 0x61, 0x67, 0x65, 0x28, 0x01, 0x30, 0x01, 0x42, 0x99, 0x01, 0x0a, 0x0e, 0x63, 0x6f, - 0x6d, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x42, 0x0f, 0x50, 0x65, - 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, - 0x2e, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, - 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x70, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0xa2, - 0x02, 0x03, 0x50, 0x58, 0x58, 0xaa, 0x02, 0x0a, 0x50, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, - 0x61, 0x6d, 0xca, 0x02, 0x0a, 0x50, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0xe2, - 0x02, 0x16, 0x50, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x5c, 0x47, 0x50, 0x42, - 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x0a, 0x50, 0x65, 0x65, 0x72, 0x73, - 0x74, 0x72, 0x65, 0x61, 0x6d, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x74, 0x65, 0x64, 0x1a, 0x8f, 0x01, 0x0a, 0x07, 0x52, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x50, 0x65, 0x65, 0x72, 0x49, 0x44, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x50, 0x65, 0x65, 0x72, 0x49, 0x44, 0x12, 0x24, 0x0a, 0x0d, + 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x4e, 0x6f, 0x6e, 0x63, 0x65, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x0d, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x4e, 0x6f, 0x6e, + 0x63, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x55, 0x52, + 0x4c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, + 0x65, 0x55, 0x52, 0x4c, 0x12, 0x24, 0x0a, 0x05, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x18, 0x04, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x2e, 0x53, 0x74, 0x61, + 0x74, 0x75, 0x73, 0x52, 0x05, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x1a, 0xc9, 0x01, 0x0a, 0x08, 0x52, + 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x4e, 0x6f, 0x6e, 0x63, 0x65, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x4e, 0x6f, 0x6e, 0x63, 0x65, 0x12, 0x20, 0x0a, + 0x0b, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x55, 0x52, 0x4c, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x0b, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x55, 0x52, 0x4c, 0x12, + 0x1e, 0x0a, 0x0a, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x44, 0x18, 0x03, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x0a, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x44, 0x12, + 0x30, 0x0a, 0x08, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x14, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x62, 0x75, 0x66, 0x2e, 0x41, 0x6e, 0x79, 0x52, 0x08, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, + 0x65, 0x12, 0x33, 0x0a, 0x09, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x05, + 0x20, 0x01, 0x28, 0x0e, 0x32, 0x15, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, + 0x6d, 0x2e, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x09, 0x6f, 0x70, 0x65, + 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0x0c, 0x0a, 0x0a, 0x54, 0x65, 0x72, 0x6d, 0x69, 0x6e, + 0x61, 0x74, 0x65, 0x64, 0x42, 0x09, 0x0a, 0x07, 0x50, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x22, + 0x29, 0x0a, 0x0d, 0x4c, 0x65, 0x61, 0x64, 0x65, 0x72, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, + 0x12, 0x18, 0x0a, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x2a, 0x52, 0x0a, 0x09, 0x4f, 0x70, + 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x19, 0x0a, 0x15, 0x4f, 0x50, 0x45, 0x52, 0x41, + 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, + 0x10, 0x00, 0x12, 0x14, 0x0a, 0x10, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, + 0x55, 0x50, 0x53, 0x45, 0x52, 0x54, 0x10, 0x01, 0x12, 0x14, 0x0a, 0x10, 0x4f, 0x50, 0x45, 0x52, + 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x44, 0x45, 0x4c, 0x45, 0x54, 0x45, 0x10, 0x02, 0x32, 0x6a, + 0x0a, 0x11, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x53, 0x65, 0x72, 0x76, + 0x69, 0x63, 0x65, 0x12, 0x55, 0x0a, 0x0f, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x52, 0x65, 0x73, + 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, 0x1e, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, + 0x65, 0x61, 0x6d, 0x2e, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, + 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x1a, 0x1e, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, + 0x65, 0x61, 0x6d, 0x2e, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, + 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x28, 0x01, 0x30, 0x01, 0x42, 0x99, 0x01, 0x0a, 0x0e, 0x63, + 0x6f, 0x6d, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x42, 0x0f, 0x50, + 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, + 0x5a, 0x2e, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, + 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x70, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, + 0xa2, 0x02, 0x03, 0x50, 0x58, 0x58, 0xaa, 0x02, 0x0a, 0x50, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, + 0x65, 0x61, 0x6d, 0xca, 0x02, 0x0a, 0x50, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, + 0xe2, 0x02, 0x16, 0x50, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x5c, 0x47, 0x50, + 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x0a, 0x50, 0x65, 0x65, 0x72, + 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/proto/pbpeerstream/peerstream.proto b/proto/pbpeerstream/peerstream.proto index 4ab0f6798..47ea8f1ae 100644 --- a/proto/pbpeerstream/peerstream.proto +++ b/proto/pbpeerstream/peerstream.proto @@ -32,11 +32,11 @@ message ReplicationMessage { // This identifier is provisioned by the serving peer prior to the request from the dialing peer. string PeerID = 1; - // Nonce corresponding to that of the response being ACKed or NACKed. + // ResponseNonce corresponding to that of the response being ACKed or NACKed. // Initial subscription requests will have an empty nonce. // The nonce is generated and incremented by the exporting peer. // TODO - string Nonce = 2; + string ResponseNonce = 2; // The type URL for the resource being requested or ACK/NACKed. string ResourceURL = 3; From 34140ff3e0c07a795e6c3c7523c6f466dec3cc26 Mon Sep 17 00:00:00 2001 From: Dan Upton Date: Wed, 13 Jul 2022 16:33:48 +0100 Subject: [PATCH 731/785] grpc: rename public/private directories to external/internal (#13721) Previously, public referred to gRPC services that are both exposed on the dedicated gRPC port and have their definitions in the proto-public directory (so were considered usable by 3rd parties). Whereas private referred to services on the multiplexed server port that are only usable by agents and other servers. Now, we're splitting these definitions, such that external/internal refers to the port and public/private refers to whether they can be used by 3rd parties. This is necessary because the peering replication API needs to be exposed on the dedicated port, but is not (yet) suitable for use by 3rd parties. --- agent/agent.go | 20 ++--- agent/consul/client_test.go | 4 +- agent/consul/grpc_integration_test.go | 8 +- agent/consul/leader_peering.go | 2 +- agent/consul/peering_backend.go | 2 +- agent/consul/rpc_test.go | 2 +- agent/consul/server.go | 65 +++++++------- agent/consul/server_test.go | 11 +-- agent/consul/subscribe_backend.go | 2 +- agent/consul/subscribe_backend_test.go | 4 +- .../{grpc/public => grpc-external}/forward.go | 2 +- .../{grpc/public => grpc-external}/server.go | 6 +- .../services/acl/login.go | 4 +- .../services/acl/login_test.go | 2 +- .../services/acl/logout.go | 4 +- .../services/acl/logout_test.go | 2 +- .../services/acl/mock_Login.go | 0 .../services/acl/mock_TokenWriter.go | 0 .../services/acl/mock_Validator.go | 0 .../services/acl/server.go | 0 .../services/acl/server_test.go | 0 .../services/connectca/mock_ACLResolver.go | 0 .../services/connectca/mock_CAManager.go | 0 .../services/connectca/server.go | 0 .../services/connectca/server_test.go | 2 +- .../services/connectca/sign.go | 8 +- .../services/connectca/sign_test.go | 2 +- .../services/connectca/watch_roots.go | 6 +- .../services/connectca/watch_roots_test.go | 12 +-- .../get_envoy_boostrap_params_test.go | 12 +-- .../dataplane/get_envoy_bootstrap_params.go | 6 +- .../dataplane/get_supported_features.go | 6 +- .../dataplane/get_supported_features_test.go | 10 +-- .../services/dataplane/mock_ACLResolver.go | 0 .../services/dataplane/server.go | 0 .../services/dataplane/server_test.go | 2 +- .../services/peerstream/health_snapshot.go | 0 .../peerstream/health_snapshot_test.go | 0 .../services/peerstream/mock_ACLResolver.go | 0 .../services/peerstream/replication.go | 0 .../services/peerstream/server.go | 0 .../services/peerstream/stream_resources.go | 4 +- .../services/peerstream/stream_test.go | 0 .../services/peerstream/stream_tracker.go | 0 .../peerstream/stream_tracker_test.go | 0 .../peerstream/subscription_blocking.go | 0 .../peerstream/subscription_manager.go | 0 .../peerstream/subscription_manager_test.go | 0 .../services/peerstream/subscription_state.go | 0 .../peerstream/subscription_state_test.go | 0 .../services/peerstream/subscription_view.go | 0 .../peerstream/subscription_view_test.go | 0 .../services/peerstream/testing.go | 0 .../serverdiscovery/mock_ACLResolver.go | 0 .../services/serverdiscovery/server.go | 0 .../services/serverdiscovery/server_test.go | 2 +- .../services/serverdiscovery/watch_servers.go | 17 ++-- .../serverdiscovery/watch_servers_test.go | 10 +-- .../public => grpc-external}/testutils/acl.go | 0 .../public => grpc-external}/testutils/fsm.go | 0 .../testutils/server.go | 0 agent/{grpc/public => grpc-external}/token.go | 2 +- agent/{grpc/public => grpc-external}/utils.go | 2 +- .../{grpc/private => grpc-internal}/client.go | 2 +- .../private => grpc-internal}/client_test.go | 24 +++--- .../private => grpc-internal}/handler.go | 4 +- .../private => grpc-internal}/handler_test.go | 8 +- .../internal/testservice/simple.pb.binary.go | 2 +- .../internal/testservice/simple.pb.go | 4 +- .../internal/testservice/simple.proto | 2 +- .../resolver/registry.go | 0 .../resolver/resolver.go | 0 .../private => grpc-internal}/server_test.go | 4 +- .../services/subscribe/logger.go | 0 .../services/subscribe/subscribe.go | 0 .../services/subscribe/subscribe_test.go | 2 +- .../{grpc/private => grpc-internal}/stats.go | 2 +- .../private => grpc-internal}/stats_test.go | 7 +- .../recovery.go | 0 agent/metadata/server.go | 86 +++++++++---------- agent/metadata/server_test.go | 28 +++--- agent/pool/pool.go | 2 +- agent/rpc/peering/service.go | 2 +- agent/rpc/peering/service_test.go | 12 +-- agent/setup.go | 4 +- agent/submatview/store_integration_test.go | 2 +- agent/xds/delta.go | 4 +- agent/xds/server.go | 4 +- docs/rpc/README.md | 61 ++++++++----- docs/rpc/streaming/README.md | 2 +- .../main.go | 2 +- 91 files changed, 269 insertions(+), 244 deletions(-) rename agent/{grpc/public => grpc-external}/forward.go (93%) rename agent/{grpc/public => grpc-external}/server.go (86%) rename agent/{grpc/public => grpc-external}/services/acl/login.go (95%) rename agent/{grpc/public => grpc-external}/services/acl/login_test.go (99%) rename agent/{grpc/public => grpc-external}/services/acl/logout.go (93%) rename agent/{grpc/public => grpc-external}/services/acl/logout_test.go (99%) rename agent/{grpc/public => grpc-external}/services/acl/mock_Login.go (100%) rename agent/{grpc/public => grpc-external}/services/acl/mock_TokenWriter.go (100%) rename agent/{grpc/public => grpc-external}/services/acl/mock_Validator.go (100%) rename agent/{grpc/public => grpc-external}/services/acl/server.go (100%) rename agent/{grpc/public => grpc-external}/services/acl/server_test.go (100%) rename agent/{grpc/public => grpc-external}/services/connectca/mock_ACLResolver.go (100%) rename agent/{grpc/public => grpc-external}/services/connectca/mock_CAManager.go (100%) rename agent/{grpc/public => grpc-external}/services/connectca/server.go (100%) rename agent/{grpc/public => grpc-external}/services/connectca/server_test.go (95%) rename agent/{grpc/public => grpc-external}/services/connectca/sign.go (93%) rename agent/{grpc/public => grpc-external}/services/connectca/sign_test.go (99%) rename agent/{grpc/public => grpc-external}/services/connectca/watch_roots.go (96%) rename agent/{grpc/public => grpc-external}/services/connectca/watch_roots_test.go (95%) rename agent/{grpc/public => grpc-external}/services/dataplane/get_envoy_boostrap_params_test.go (95%) rename agent/{grpc/public => grpc-external}/services/dataplane/get_envoy_bootstrap_params.go (94%) rename agent/{grpc/public => grpc-external}/services/dataplane/get_supported_features.go (92%) rename agent/{grpc/public => grpc-external}/services/dataplane/get_supported_features_test.go (89%) rename agent/{grpc/public => grpc-external}/services/dataplane/mock_ACLResolver.go (100%) rename agent/{grpc/public => grpc-external}/services/dataplane/server.go (100%) rename agent/{grpc/public => grpc-external}/services/dataplane/server_test.go (89%) rename agent/{grpc/public => grpc-external}/services/peerstream/health_snapshot.go (100%) rename agent/{grpc/public => grpc-external}/services/peerstream/health_snapshot_test.go (100%) rename agent/{grpc/public => grpc-external}/services/peerstream/mock_ACLResolver.go (100%) rename agent/{grpc/public => grpc-external}/services/peerstream/replication.go (100%) rename agent/{grpc/public => grpc-external}/services/peerstream/server.go (100%) rename agent/{grpc/public => grpc-external}/services/peerstream/stream_resources.go (99%) rename agent/{grpc/public => grpc-external}/services/peerstream/stream_test.go (100%) rename agent/{grpc/public => grpc-external}/services/peerstream/stream_tracker.go (100%) rename agent/{grpc/public => grpc-external}/services/peerstream/stream_tracker_test.go (100%) rename agent/{grpc/public => grpc-external}/services/peerstream/subscription_blocking.go (100%) rename agent/{grpc/public => grpc-external}/services/peerstream/subscription_manager.go (100%) rename agent/{grpc/public => grpc-external}/services/peerstream/subscription_manager_test.go (100%) rename agent/{grpc/public => grpc-external}/services/peerstream/subscription_state.go (100%) rename agent/{grpc/public => grpc-external}/services/peerstream/subscription_state_test.go (100%) rename agent/{grpc/public => grpc-external}/services/peerstream/subscription_view.go (100%) rename agent/{grpc/public => grpc-external}/services/peerstream/subscription_view_test.go (100%) rename agent/{grpc/public => grpc-external}/services/peerstream/testing.go (100%) rename agent/{grpc/public => grpc-external}/services/serverdiscovery/mock_ACLResolver.go (100%) rename agent/{grpc/public => grpc-external}/services/serverdiscovery/server.go (100%) rename agent/{grpc/public => grpc-external}/services/serverdiscovery/server_test.go (97%) rename agent/{grpc/public => grpc-external}/services/serverdiscovery/watch_servers.go (95%) rename agent/{grpc/public => grpc-external}/services/serverdiscovery/watch_servers_test.go (96%) rename agent/{grpc/public => grpc-external}/testutils/acl.go (100%) rename agent/{grpc/public => grpc-external}/testutils/fsm.go (100%) rename agent/{grpc/public => grpc-external}/testutils/server.go (100%) rename agent/{grpc/public => grpc-external}/token.go (97%) rename agent/{grpc/public => grpc-external}/utils.go (94%) rename agent/{grpc/private => grpc-internal}/client.go (99%) rename agent/{grpc/private => grpc-internal}/client_test.go (94%) rename agent/{grpc/private => grpc-internal}/handler.go (97%) rename agent/{grpc/private => grpc-internal}/handler_test.go (89%) rename agent/{grpc/private => grpc-internal}/internal/testservice/simple.pb.binary.go (91%) rename agent/{grpc/private => grpc-internal}/internal/testservice/simple.pb.go (98%) rename agent/{grpc/private => grpc-internal}/internal/testservice/simple.proto (76%) rename agent/{grpc/private => grpc-internal}/resolver/registry.go (100%) rename agent/{grpc/private => grpc-internal}/resolver/resolver.go (100%) rename agent/{grpc/private => grpc-internal}/server_test.go (98%) rename agent/{grpc/private => grpc-internal}/services/subscribe/logger.go (100%) rename agent/{grpc/private => grpc-internal}/services/subscribe/subscribe.go (100%) rename agent/{grpc/private => grpc-internal}/services/subscribe/subscribe_test.go (99%) rename agent/{grpc/private => grpc-internal}/stats.go (99%) rename agent/{grpc/private => grpc-internal}/stats_test.go (97%) rename agent/{grpc/middleware => grpc-middleware}/recovery.go (100%) rename tools/{private-grpc-proxy => internal-grpc-proxy}/main.go (95%) diff --git a/agent/agent.go b/agent/agent.go index 326565688..3c0609a98 100644 --- a/agent/agent.go +++ b/agent/agent.go @@ -38,7 +38,7 @@ import ( "github.com/hashicorp/consul/agent/config" "github.com/hashicorp/consul/agent/consul" "github.com/hashicorp/consul/agent/dns" - publicgrpc "github.com/hashicorp/consul/agent/grpc/public" + external "github.com/hashicorp/consul/agent/grpc-external" "github.com/hashicorp/consul/agent/local" "github.com/hashicorp/consul/agent/proxycfg" proxycfgglue "github.com/hashicorp/consul/agent/proxycfg-glue" @@ -213,9 +213,9 @@ type Agent struct { // depending on the configuration delegate delegate - // publicGRPCServer is the gRPC server exposed on the dedicated gRPC port (as + // externalGRPCServer is the gRPC server exposed on the dedicated gRPC port (as // opposed to the multiplexed "server" port). - publicGRPCServer *grpc.Server + externalGRPCServer *grpc.Server // state stores a local representation of the node, // services and checks. Used for anti-entropy. @@ -539,7 +539,7 @@ func (a *Agent) Start(ctx context.Context) error { // This needs to happen after the initial auto-config is loaded, because TLS // can only be configured on the gRPC server at the point of creation. - a.buildPublicGRPCServer() + a.buildExternalGRPCServer() if err := a.startLicenseManager(ctx); err != nil { return err @@ -578,7 +578,7 @@ func (a *Agent) Start(ctx context.Context) error { // Setup either the client or the server. if c.ServerMode { - server, err := consul.NewServer(consulCfg, a.baseDeps.Deps, a.publicGRPCServer) + server, err := consul.NewServer(consulCfg, a.baseDeps.Deps, a.externalGRPCServer) if err != nil { return fmt.Errorf("Failed to start Consul server: %v", err) } @@ -760,13 +760,13 @@ func (a *Agent) Failed() <-chan struct{} { return a.apiServers.failed } -func (a *Agent) buildPublicGRPCServer() { +func (a *Agent) buildExternalGRPCServer() { // TLS is only enabled on the gRPC server if there's an HTTPS port configured. var tls *tlsutil.Configurator if a.config.HTTPSPort > 0 { tls = a.tlsConfigurator } - a.publicGRPCServer = publicgrpc.NewServer(a.logger.Named("grpc.public"), tls) + a.externalGRPCServer = external.NewServer(a.logger.Named("grpc.external"), tls) } func (a *Agent) listenAndServeGRPC() error { @@ -803,7 +803,7 @@ func (a *Agent) listenAndServeGRPC() error { }, a, ) - a.xdsServer.Register(a.publicGRPCServer) + a.xdsServer.Register(a.externalGRPCServer) ln, err := a.startListeners(a.config.GRPCAddrs) if err != nil { @@ -816,7 +816,7 @@ func (a *Agent) listenAndServeGRPC() error { "address", innerL.Addr().String(), "network", innerL.Addr().Network(), ) - err := a.publicGRPCServer.Serve(innerL) + err := a.externalGRPCServer.Serve(innerL) if err != nil { a.logger.Error("gRPC server failed", "error", err) } @@ -1494,7 +1494,7 @@ func (a *Agent) ShutdownAgent() error { } // Stop gRPC - a.publicGRPCServer.Stop() + a.externalGRPCServer.Stop() // Stop the proxy config manager if a.proxyConfig != nil { diff --git a/agent/consul/client_test.go b/agent/consul/client_test.go index e4dd39fb7..84135ee18 100644 --- a/agent/consul/client_test.go +++ b/agent/consul/client_test.go @@ -18,8 +18,8 @@ import ( msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" "github.com/hashicorp/consul/agent/consul/stream" - grpc "github.com/hashicorp/consul/agent/grpc/private" - "github.com/hashicorp/consul/agent/grpc/private/resolver" + grpc "github.com/hashicorp/consul/agent/grpc-internal" + "github.com/hashicorp/consul/agent/grpc-internal/resolver" "github.com/hashicorp/consul/agent/pool" "github.com/hashicorp/consul/agent/router" "github.com/hashicorp/consul/agent/rpc/middleware" diff --git a/agent/consul/grpc_integration_test.go b/agent/consul/grpc_integration_test.go index a96383285..c94156f96 100644 --- a/agent/consul/grpc_integration_test.go +++ b/agent/consul/grpc_integration_test.go @@ -9,7 +9,7 @@ import ( "github.com/hashicorp/consul/agent/connect" "github.com/hashicorp/consul/agent/consul/authmethod/testauth" - "github.com/hashicorp/consul/agent/grpc/public" + external "github.com/hashicorp/consul/agent/grpc-external" "github.com/hashicorp/consul/agent/structs" tokenStore "github.com/hashicorp/consul/agent/token" "github.com/hashicorp/consul/proto-public/pbacl" @@ -26,7 +26,7 @@ func TestGRPCIntegration_ConnectCA_Sign(t *testing.T) { // correctly wiring everything up in the server by: // // * Starting a cluster with multiple servers. - // * Making a request to a follower's public gRPC port. + // * Making a request to a follower's external gRPC port. // * Ensuring that the request is correctly forwarded to the leader. // * Ensuring we get a valid certificate back (so it went through the CAManager). server1, conn1, _ := testGRPCIntegrationServer(t, func(c *Config) { @@ -59,7 +59,7 @@ func TestGRPCIntegration_ConnectCA_Sign(t *testing.T) { ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) t.Cleanup(cancel) - ctx = public.ContextWithToken(ctx, TestDefaultInitialManagementToken) + ctx = external.ContextWithToken(ctx, TestDefaultInitialManagementToken) // This would fail if it wasn't forwarded to the leader. rsp, err := client.Sign(ctx, &pbconnectca.SignRequest{ @@ -96,7 +96,7 @@ func TestGRPCIntegration_ServerDiscovery_WatchServers(t *testing.T) { ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) t.Cleanup(cancel) - ctx = public.ContextWithToken(ctx, TestDefaultInitialManagementToken) + ctx = external.ContextWithToken(ctx, TestDefaultInitialManagementToken) serverStream, err := client.WatchServers(ctx, &pbserverdiscovery.WatchServersRequest{Wan: false}) require.NoError(t, err) diff --git a/agent/consul/leader_peering.go b/agent/consul/leader_peering.go index a289412ea..49369bbf7 100644 --- a/agent/consul/leader_peering.go +++ b/agent/consul/leader_peering.go @@ -17,7 +17,7 @@ import ( "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/consul/state" - "github.com/hashicorp/consul/agent/grpc/public/services/peerstream" + "github.com/hashicorp/consul/agent/grpc-external/services/peerstream" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/logging" diff --git a/agent/consul/peering_backend.go b/agent/consul/peering_backend.go index 4447d962a..4014bbdd2 100644 --- a/agent/consul/peering_backend.go +++ b/agent/consul/peering_backend.go @@ -8,7 +8,7 @@ import ( "sync" "github.com/hashicorp/consul/agent/consul/stream" - "github.com/hashicorp/consul/agent/grpc/public/services/peerstream" + "github.com/hashicorp/consul/agent/grpc-external/services/peerstream" "github.com/hashicorp/consul/agent/rpc/peering" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/proto/pbpeering" diff --git a/agent/consul/rpc_test.go b/agent/consul/rpc_test.go index 64da9a389..1e9239d92 100644 --- a/agent/consul/rpc_test.go +++ b/agent/consul/rpc_test.go @@ -32,7 +32,7 @@ import ( "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/connect" "github.com/hashicorp/consul/agent/consul/state" - agent_grpc "github.com/hashicorp/consul/agent/grpc/private" + agent_grpc "github.com/hashicorp/consul/agent/grpc-internal" "github.com/hashicorp/consul/agent/pool" "github.com/hashicorp/consul/agent/structs" tokenStore "github.com/hashicorp/consul/agent/token" diff --git a/agent/consul/server.go b/agent/consul/server.go index 5a9b20b8a..a5708e030 100644 --- a/agent/consul/server.go +++ b/agent/consul/server.go @@ -17,7 +17,6 @@ import ( "time" "github.com/armon/go-metrics" - "github.com/hashicorp/consul-net-rpc/net/rpc" connlimit "github.com/hashicorp/go-connlimit" "github.com/hashicorp/go-hclog" "github.com/hashicorp/go-memdb" @@ -30,6 +29,8 @@ import ( "golang.org/x/time/rate" "google.golang.org/grpc" + "github.com/hashicorp/consul-net-rpc/net/rpc" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/consul/authmethod" "github.com/hashicorp/consul/agent/consul/authmethod/ssoauth" @@ -38,13 +39,13 @@ import ( "github.com/hashicorp/consul/agent/consul/stream" "github.com/hashicorp/consul/agent/consul/usagemetrics" "github.com/hashicorp/consul/agent/consul/wanfed" - agentgrpc "github.com/hashicorp/consul/agent/grpc/private" - "github.com/hashicorp/consul/agent/grpc/private/services/subscribe" - aclgrpc "github.com/hashicorp/consul/agent/grpc/public/services/acl" - "github.com/hashicorp/consul/agent/grpc/public/services/connectca" - "github.com/hashicorp/consul/agent/grpc/public/services/dataplane" - "github.com/hashicorp/consul/agent/grpc/public/services/peerstream" - "github.com/hashicorp/consul/agent/grpc/public/services/serverdiscovery" + aclgrpc "github.com/hashicorp/consul/agent/grpc-external/services/acl" + "github.com/hashicorp/consul/agent/grpc-external/services/connectca" + "github.com/hashicorp/consul/agent/grpc-external/services/dataplane" + "github.com/hashicorp/consul/agent/grpc-external/services/peerstream" + "github.com/hashicorp/consul/agent/grpc-external/services/serverdiscovery" + agentgrpc "github.com/hashicorp/consul/agent/grpc-internal" + "github.com/hashicorp/consul/agent/grpc-internal/services/subscribe" "github.com/hashicorp/consul/agent/metadata" "github.com/hashicorp/consul/agent/pool" "github.com/hashicorp/consul/agent/router" @@ -241,19 +242,19 @@ type Server struct { // is only ever closed. leaveCh chan struct{} - // publicACLServer serves the ACL service exposed on the public gRPC port. - // It is also exposed on the private multiplexed "server" port to enable + // externalACLServer serves the ACL service exposed on the external gRPC port. + // It is also exposed on the internal multiplexed "server" port to enable // RPC forwarding. - publicACLServer *aclgrpc.Server + externalACLServer *aclgrpc.Server - // publicConnectCAServer serves the Connect CA service exposed on the public - // gRPC port. It is also exposed on the private multiplexed "server" port to + // externalConnectCAServer serves the Connect CA service exposed on the external + // gRPC port. It is also exposed on the internal multiplexed "server" port to // enable RPC forwarding. - publicConnectCAServer *connectca.Server + externalConnectCAServer *connectca.Server - // publicGRPCServer is the gRPC server exposed on the dedicated gRPC port, as + // externalGRPCServer is the gRPC server exposed on the dedicated gRPC port, as // opposed to the multiplexed "server" port which is served by grpcHandler. - publicGRPCServer *grpc.Server + externalGRPCServer *grpc.Server // router is used to map out Consul servers in the WAN and in Consul // Enterprise user-defined areas. @@ -363,7 +364,7 @@ type Server struct { // this into the Deps struct and created it much earlier on. publisher *stream.EventPublisher - // peeringBackend is shared between the public and private gRPC services for peering + // peeringBackend is shared between the external and internal gRPC services for peering peeringBackend *PeeringBackend // peerStreamServer is a server used to handle peering streams @@ -383,7 +384,7 @@ type connHandler interface { // NewServer is used to construct a new Consul server from the configuration // and extra options, potentially returning an error. -func NewServer(config *Config, flat Deps, publicGRPCServer *grpc.Server) (*Server, error) { +func NewServer(config *Config, flat Deps, externalGRPCServer *grpc.Server) (*Server, error) { logger := flat.Logger if err := config.CheckProtocolVersion(); err != nil { return nil, err @@ -429,7 +430,7 @@ func NewServer(config *Config, flat Deps, publicGRPCServer *grpc.Server) (*Serve reconcileCh: make(chan serf.Member, reconcileChSize), router: flat.Router, tlsConfigurator: flat.TLSConfigurator, - publicGRPCServer: publicGRPCServer, + externalGRPCServer: externalGRPCServer, reassertLeaderCh: make(chan chan error), sessionTimers: NewSessionTimers(), tombstoneGC: gc, @@ -676,8 +677,8 @@ func NewServer(config *Config, flat Deps, publicGRPCServer *grpc.Server) (*Serve s.overviewManager = NewOverviewManager(s.logger, s.fsm, s.config.MetricsReportingInterval) go s.overviewManager.Run(&lib.StopChannelContext{StopCh: s.shutdownCh}) - // Initialize public gRPC server - register services on public gRPC server. - s.publicACLServer = aclgrpc.NewServer(aclgrpc.Config{ + // Initialize external gRPC server - register services on external gRPC server. + s.externalACLServer = aclgrpc.NewServer(aclgrpc.Config{ ACLsEnabled: s.config.ACLsEnabled, ForwardRPC: func(info structs.RPCInfo, fn func(*grpc.ClientConn) error) (bool, error) { return s.ForwardGRPC(s.grpcConnPool, info, fn) @@ -693,9 +694,9 @@ func NewServer(config *Config, flat Deps, publicGRPCServer *grpc.Server) (*Serve PrimaryDatacenter: s.config.PrimaryDatacenter, ValidateEnterpriseRequest: s.validateEnterpriseRequest, }) - s.publicACLServer.Register(s.publicGRPCServer) + s.externalACLServer.Register(s.externalGRPCServer) - s.publicConnectCAServer = connectca.NewServer(connectca.Config{ + s.externalConnectCAServer = connectca.NewServer(connectca.Config{ Publisher: s.publisher, GetStore: func() connectca.StateStore { return s.FSM().State() }, Logger: logger.Named("grpc-api.connect-ca"), @@ -706,20 +707,20 @@ func NewServer(config *Config, flat Deps, publicGRPCServer *grpc.Server) (*Serve }, ConnectEnabled: s.config.ConnectEnabled, }) - s.publicConnectCAServer.Register(s.publicGRPCServer) + s.externalConnectCAServer.Register(s.externalGRPCServer) dataplane.NewServer(dataplane.Config{ GetStore: func() dataplane.StateStore { return s.FSM().State() }, Logger: logger.Named("grpc-api.dataplane"), ACLResolver: s.ACLResolver, Datacenter: s.config.Datacenter, - }).Register(s.publicGRPCServer) + }).Register(s.externalGRPCServer) serverdiscovery.NewServer(serverdiscovery.Config{ Publisher: s.publisher, ACLResolver: s.ACLResolver, Logger: logger.Named("grpc-api.server-discovery"), - }).Register(s.publicGRPCServer) + }).Register(s.externalGRPCServer) s.peerStreamTracker = peerstream.NewTracker() s.peeringBackend = NewPeeringBackend(s) @@ -732,11 +733,11 @@ func NewServer(config *Config, flat Deps, publicGRPCServer *grpc.Server) (*Serve Datacenter: s.config.Datacenter, ConnectEnabled: s.config.ConnectEnabled, }) - s.peerStreamServer.Register(s.publicGRPCServer) + s.peerStreamServer.Register(s.externalGRPCServer) - // Initialize private gRPC server. + // Initialize internal gRPC server. // - // Note: some "public" gRPC services are also exposed on the private gRPC server + // Note: some "external" gRPC services are also exposed on the internal gRPC server // to enable RPC forwarding. s.grpcHandler = newGRPCHandlerFromConfig(flat, config, s) s.grpcLeaderForwarder = flat.LeaderForwarder @@ -803,10 +804,10 @@ func newGRPCHandlerFromConfig(deps Deps, config *Config, s *Server) connHandler s.peeringServer.Register(srv) s.registerEnterpriseGRPCServices(deps, srv) - // Note: these public gRPC services are also exposed on the private server to + // Note: these external gRPC services are also exposed on the internal server to // enable RPC forwarding. - s.publicACLServer.Register(srv) - s.publicConnectCAServer.Register(srv) + s.externalACLServer.Register(srv) + s.externalConnectCAServer.Register(srv) } return agentgrpc.NewHandler(deps.Logger, config.RPCAddr, register) diff --git a/agent/consul/server_test.go b/agent/consul/server_test.go index e165e979d..77f761f68 100644 --- a/agent/consul/server_test.go +++ b/agent/consul/server_test.go @@ -14,7 +14,6 @@ import ( "github.com/armon/go-metrics" "github.com/google/tcpproxy" - "github.com/hashicorp/consul-net-rpc/net/rpc" "github.com/hashicorp/go-hclog" "github.com/hashicorp/go-uuid" "github.com/hashicorp/memberlist" @@ -23,6 +22,8 @@ import ( "golang.org/x/time/rate" "google.golang.org/grpc" + "github.com/hashicorp/consul-net-rpc/net/rpc" + "github.com/hashicorp/consul/agent/connect" "github.com/hashicorp/consul/agent/metadata" "github.com/hashicorp/consul/agent/rpc/middleware" @@ -241,14 +242,14 @@ func testServerWithConfig(t *testing.T, configOpts ...func(*Config)) (string, *S if srv.config.GRPCPort > 0 { // Normally the gRPC server listener is created at the agent level and // passed down into the Server creation. - publicGRPCAddr := fmt.Sprintf("127.0.0.1:%d", srv.config.GRPCPort) + externalGRPCAddr := fmt.Sprintf("127.0.0.1:%d", srv.config.GRPCPort) - ln, err := net.Listen("tcp", publicGRPCAddr) + ln, err := net.Listen("tcp", externalGRPCAddr) require.NoError(t, err) go func() { - _ = srv.publicGRPCServer.Serve(ln) + _ = srv.externalGRPCServer.Serve(ln) }() - t.Cleanup(srv.publicGRPCServer.Stop) + t.Cleanup(srv.externalGRPCServer.Stop) } return dir, srv diff --git a/agent/consul/subscribe_backend.go b/agent/consul/subscribe_backend.go index bddbb2e5f..a82bb98c0 100644 --- a/agent/consul/subscribe_backend.go +++ b/agent/consul/subscribe_backend.go @@ -5,7 +5,7 @@ import ( "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/consul/stream" - "github.com/hashicorp/consul/agent/grpc/private/services/subscribe" + "github.com/hashicorp/consul/agent/grpc-internal/services/subscribe" "github.com/hashicorp/consul/agent/structs" ) diff --git a/agent/consul/subscribe_backend_test.go b/agent/consul/subscribe_backend_test.go index a6ac36ca2..b7ea7e2d3 100644 --- a/agent/consul/subscribe_backend_test.go +++ b/agent/consul/subscribe_backend_test.go @@ -14,8 +14,8 @@ import ( "golang.org/x/sync/errgroup" gogrpc "google.golang.org/grpc" - grpc "github.com/hashicorp/consul/agent/grpc/private" - "github.com/hashicorp/consul/agent/grpc/private/resolver" + grpc "github.com/hashicorp/consul/agent/grpc-internal" + "github.com/hashicorp/consul/agent/grpc-internal/resolver" "github.com/hashicorp/consul/agent/router" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/proto/pbservice" diff --git a/agent/grpc/public/forward.go b/agent/grpc-external/forward.go similarity index 93% rename from agent/grpc/public/forward.go rename to agent/grpc-external/forward.go index 398d33d51..353490a59 100644 --- a/agent/grpc/public/forward.go +++ b/agent/grpc-external/forward.go @@ -1,4 +1,4 @@ -package public +package external import ( "context" diff --git a/agent/grpc/public/server.go b/agent/grpc-external/server.go similarity index 86% rename from agent/grpc/public/server.go rename to agent/grpc-external/server.go index c235fbd09..606dba642 100644 --- a/agent/grpc/public/server.go +++ b/agent/grpc-external/server.go @@ -1,4 +1,4 @@ -package public +package external import ( middleware "github.com/grpc-ecosystem/go-grpc-middleware" @@ -6,11 +6,11 @@ import ( "google.golang.org/grpc" "google.golang.org/grpc/credentials" - agentmiddleware "github.com/hashicorp/consul/agent/grpc/middleware" + agentmiddleware "github.com/hashicorp/consul/agent/grpc-middleware" "github.com/hashicorp/consul/tlsutil" ) -// NewServer constructs a gRPC server for the public gRPC port, to which +// NewServer constructs a gRPC server for the external gRPC port, to which // handlers can be registered. func NewServer(logger agentmiddleware.Logger, tls *tlsutil.Configurator) *grpc.Server { recoveryOpts := agentmiddleware.PanicHandlerMiddlewareOpts(logger) diff --git a/agent/grpc/public/services/acl/login.go b/agent/grpc-external/services/acl/login.go similarity index 95% rename from agent/grpc/public/services/acl/login.go rename to agent/grpc-external/services/acl/login.go index 1a68b1eb2..629ea093e 100644 --- a/agent/grpc/public/services/acl/login.go +++ b/agent/grpc-external/services/acl/login.go @@ -10,14 +10,14 @@ import ( "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/consul/auth" - "github.com/hashicorp/consul/agent/grpc/public" + external "github.com/hashicorp/consul/agent/grpc-external" "github.com/hashicorp/consul/proto-public/pbacl" ) // Login exchanges the presented bearer token for a Consul ACL token using a // configured auth method. func (s *Server) Login(ctx context.Context, req *pbacl.LoginRequest) (*pbacl.LoginResponse, error) { - logger := s.Logger.Named("login").With("request_id", public.TraceID()) + logger := s.Logger.Named("login").With("request_id", external.TraceID()) logger.Trace("request received") if err := s.requireACLsEnabled(logger); err != nil { diff --git a/agent/grpc/public/services/acl/login_test.go b/agent/grpc-external/services/acl/login_test.go similarity index 99% rename from agent/grpc/public/services/acl/login_test.go rename to agent/grpc-external/services/acl/login_test.go index 84b2693f4..3c681945f 100644 --- a/agent/grpc/public/services/acl/login_test.go +++ b/agent/grpc-external/services/acl/login_test.go @@ -16,7 +16,7 @@ import ( "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/consul/authmethod" - "github.com/hashicorp/consul/agent/grpc/public/testutils" + "github.com/hashicorp/consul/agent/grpc-external/testutils" structs "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/proto-public/pbacl" ) diff --git a/agent/grpc/public/services/acl/logout.go b/agent/grpc-external/services/acl/logout.go similarity index 93% rename from agent/grpc/public/services/acl/logout.go rename to agent/grpc-external/services/acl/logout.go index 4f7fc3767..a9fa60673 100644 --- a/agent/grpc/public/services/acl/logout.go +++ b/agent/grpc-external/services/acl/logout.go @@ -10,13 +10,13 @@ import ( "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/consul/auth" - "github.com/hashicorp/consul/agent/grpc/public" + external "github.com/hashicorp/consul/agent/grpc-external" "github.com/hashicorp/consul/proto-public/pbacl" ) // Logout destroys the given ACL token once the caller is done with it. func (s *Server) Logout(ctx context.Context, req *pbacl.LogoutRequest) (*pbacl.LogoutResponse, error) { - logger := s.Logger.Named("logout").With("request_id", public.TraceID()) + logger := s.Logger.Named("logout").With("request_id", external.TraceID()) logger.Trace("request received") if err := s.requireACLsEnabled(logger); err != nil { diff --git a/agent/grpc/public/services/acl/logout_test.go b/agent/grpc-external/services/acl/logout_test.go similarity index 99% rename from agent/grpc/public/services/acl/logout_test.go rename to agent/grpc-external/services/acl/logout_test.go index 461b6e249..dfe998f31 100644 --- a/agent/grpc/public/services/acl/logout_test.go +++ b/agent/grpc-external/services/acl/logout_test.go @@ -15,7 +15,7 @@ import ( "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/consul/auth" - "github.com/hashicorp/consul/agent/grpc/public/testutils" + "github.com/hashicorp/consul/agent/grpc-external/testutils" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/proto-public/pbacl" ) diff --git a/agent/grpc/public/services/acl/mock_Login.go b/agent/grpc-external/services/acl/mock_Login.go similarity index 100% rename from agent/grpc/public/services/acl/mock_Login.go rename to agent/grpc-external/services/acl/mock_Login.go diff --git a/agent/grpc/public/services/acl/mock_TokenWriter.go b/agent/grpc-external/services/acl/mock_TokenWriter.go similarity index 100% rename from agent/grpc/public/services/acl/mock_TokenWriter.go rename to agent/grpc-external/services/acl/mock_TokenWriter.go diff --git a/agent/grpc/public/services/acl/mock_Validator.go b/agent/grpc-external/services/acl/mock_Validator.go similarity index 100% rename from agent/grpc/public/services/acl/mock_Validator.go rename to agent/grpc-external/services/acl/mock_Validator.go diff --git a/agent/grpc/public/services/acl/server.go b/agent/grpc-external/services/acl/server.go similarity index 100% rename from agent/grpc/public/services/acl/server.go rename to agent/grpc-external/services/acl/server.go diff --git a/agent/grpc/public/services/acl/server_test.go b/agent/grpc-external/services/acl/server_test.go similarity index 100% rename from agent/grpc/public/services/acl/server_test.go rename to agent/grpc-external/services/acl/server_test.go diff --git a/agent/grpc/public/services/connectca/mock_ACLResolver.go b/agent/grpc-external/services/connectca/mock_ACLResolver.go similarity index 100% rename from agent/grpc/public/services/connectca/mock_ACLResolver.go rename to agent/grpc-external/services/connectca/mock_ACLResolver.go diff --git a/agent/grpc/public/services/connectca/mock_CAManager.go b/agent/grpc-external/services/connectca/mock_CAManager.go similarity index 100% rename from agent/grpc/public/services/connectca/mock_CAManager.go rename to agent/grpc-external/services/connectca/mock_CAManager.go diff --git a/agent/grpc/public/services/connectca/server.go b/agent/grpc-external/services/connectca/server.go similarity index 100% rename from agent/grpc/public/services/connectca/server.go rename to agent/grpc-external/services/connectca/server.go diff --git a/agent/grpc/public/services/connectca/server_test.go b/agent/grpc-external/services/connectca/server_test.go similarity index 95% rename from agent/grpc/public/services/connectca/server_test.go rename to agent/grpc-external/services/connectca/server_test.go index 2d58bccb7..824883fbd 100644 --- a/agent/grpc/public/services/connectca/server_test.go +++ b/agent/grpc-external/services/connectca/server_test.go @@ -9,7 +9,7 @@ import ( "github.com/hashicorp/consul/agent/consul/state" "github.com/hashicorp/consul/agent/consul/stream" - "github.com/hashicorp/consul/agent/grpc/public/testutils" + "github.com/hashicorp/consul/agent/grpc-external/testutils" structs "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/proto-public/pbconnectca" ) diff --git a/agent/grpc/public/services/connectca/sign.go b/agent/grpc-external/services/connectca/sign.go similarity index 93% rename from agent/grpc/public/services/connectca/sign.go rename to agent/grpc-external/services/connectca/sign.go index b3ace6d3d..edd48fe58 100644 --- a/agent/grpc/public/services/connectca/sign.go +++ b/agent/grpc-external/services/connectca/sign.go @@ -10,7 +10,7 @@ import ( "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/connect" - "github.com/hashicorp/consul/agent/grpc/public" + external "github.com/hashicorp/consul/agent/grpc-external" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/proto-public/pbconnectca" ) @@ -22,10 +22,10 @@ func (s *Server) Sign(ctx context.Context, req *pbconnectca.SignRequest) (*pbcon return nil, err } - logger := s.Logger.Named("sign").With("request_id", public.TraceID()) + logger := s.Logger.Named("sign").With("request_id", external.TraceID()) logger.Trace("request received") - token := public.TokenFromContext(ctx) + token := external.TokenFromContext(ctx) if req.Csr == "" { return nil, status.Error(codes.InvalidArgument, "CSR is required") @@ -48,7 +48,7 @@ func (s *Server) Sign(ctx context.Context, req *pbconnectca.SignRequest) (*pbcon var rsp *pbconnectca.SignResponse handled, err := s.ForwardRPC(&rpcInfo, func(conn *grpc.ClientConn) error { logger.Trace("forwarding RPC") - ctx := public.ForwardMetadataContext(ctx) + ctx := external.ForwardMetadataContext(ctx) var err error rsp, err = pbconnectca.NewConnectCAServiceClient(conn).Sign(ctx, req) return err diff --git a/agent/grpc/public/services/connectca/sign_test.go b/agent/grpc-external/services/connectca/sign_test.go similarity index 99% rename from agent/grpc/public/services/connectca/sign_test.go rename to agent/grpc-external/services/connectca/sign_test.go index aa20458f8..6bba0c197 100644 --- a/agent/grpc/public/services/connectca/sign_test.go +++ b/agent/grpc-external/services/connectca/sign_test.go @@ -16,7 +16,7 @@ import ( acl "github.com/hashicorp/consul/acl" resolver "github.com/hashicorp/consul/acl/resolver" "github.com/hashicorp/consul/agent/connect" - "github.com/hashicorp/consul/agent/grpc/public/testutils" + "github.com/hashicorp/consul/agent/grpc-external/testutils" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/proto-public/pbconnectca" ) diff --git a/agent/grpc/public/services/connectca/watch_roots.go b/agent/grpc-external/services/connectca/watch_roots.go similarity index 96% rename from agent/grpc/public/services/connectca/watch_roots.go rename to agent/grpc-external/services/connectca/watch_roots.go index bf455ce27..9c61f8bdd 100644 --- a/agent/grpc/public/services/connectca/watch_roots.go +++ b/agent/grpc-external/services/connectca/watch_roots.go @@ -15,7 +15,7 @@ import ( "github.com/hashicorp/consul/agent/connect" "github.com/hashicorp/consul/agent/consul/state" "github.com/hashicorp/consul/agent/consul/stream" - "github.com/hashicorp/consul/agent/grpc/public" + external "github.com/hashicorp/consul/agent/grpc-external" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/proto-public/pbconnectca" ) @@ -28,11 +28,11 @@ func (s *Server) WatchRoots(_ *pbconnectca.WatchRootsRequest, serverStream pbcon return err } - logger := s.Logger.Named("watch-roots").With("request_id", public.TraceID()) + logger := s.Logger.Named("watch-roots").With("request_id", external.TraceID()) logger.Trace("starting stream") defer logger.Trace("stream closed") - token := public.TokenFromContext(serverStream.Context()) + token := external.TokenFromContext(serverStream.Context()) // Serve the roots from an EventPublisher subscription. If the subscription is // closed due to an ACL change, we'll attempt to re-authorize and resume it to diff --git a/agent/grpc/public/services/connectca/watch_roots_test.go b/agent/grpc-external/services/connectca/watch_roots_test.go similarity index 95% rename from agent/grpc/public/services/connectca/watch_roots_test.go rename to agent/grpc-external/services/connectca/watch_roots_test.go index b65bc014b..2491417bb 100644 --- a/agent/grpc/public/services/connectca/watch_roots_test.go +++ b/agent/grpc-external/services/connectca/watch_roots_test.go @@ -17,8 +17,8 @@ import ( "github.com/hashicorp/consul/acl" resolver "github.com/hashicorp/consul/acl/resolver" "github.com/hashicorp/consul/agent/connect" - "github.com/hashicorp/consul/agent/grpc/public" - "github.com/hashicorp/consul/agent/grpc/public/testutils" + external "github.com/hashicorp/consul/agent/grpc-external" + "github.com/hashicorp/consul/agent/grpc-external/testutils" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/proto-public/pbconnectca" "github.com/hashicorp/consul/sdk/testutil" @@ -56,7 +56,7 @@ func TestWatchRoots_Success(t *testing.T) { aclResolver.On("ResolveTokenAndDefaultMeta", testACLToken, mock.Anything, mock.Anything). Return(testutils.TestAuthorizerServiceWriteAny(t), nil) - ctx := public.ContextWithToken(context.Background(), testACLToken) + ctx := external.ContextWithToken(context.Background(), testACLToken) server := NewServer(Config{ Publisher: publisher, @@ -104,7 +104,7 @@ func TestWatchRoots_InvalidACLToken(t *testing.T) { aclResolver.On("ResolveTokenAndDefaultMeta", mock.Anything, mock.Anything, mock.Anything). Return(resolver.Result{}, acl.ErrNotFound) - ctx := public.ContextWithToken(context.Background(), testACLToken) + ctx := external.ContextWithToken(context.Background(), testACLToken) server := NewServer(Config{ Publisher: publisher, @@ -142,7 +142,7 @@ func TestWatchRoots_ACLTokenInvalidated(t *testing.T) { aclResolver.On("ResolveTokenAndDefaultMeta", testACLToken, mock.Anything, mock.Anything). Return(testutils.TestAuthorizerServiceWriteAny(t), nil).Twice() - ctx := public.ContextWithToken(context.Background(), testACLToken) + ctx := external.ContextWithToken(context.Background(), testACLToken) server := NewServer(Config{ Publisher: publisher, @@ -210,7 +210,7 @@ func TestWatchRoots_StateStoreAbandoned(t *testing.T) { aclResolver.On("ResolveTokenAndDefaultMeta", testACLToken, mock.Anything, mock.Anything). Return(testutils.TestAuthorizerServiceWriteAny(t), nil) - ctx := public.ContextWithToken(context.Background(), testACLToken) + ctx := external.ContextWithToken(context.Background(), testACLToken) server := NewServer(Config{ Publisher: publisher, diff --git a/agent/grpc/public/services/dataplane/get_envoy_boostrap_params_test.go b/agent/grpc-external/services/dataplane/get_envoy_boostrap_params_test.go similarity index 95% rename from agent/grpc/public/services/dataplane/get_envoy_boostrap_params_test.go rename to agent/grpc-external/services/dataplane/get_envoy_boostrap_params_test.go index e3a9ce703..c3b4fd146 100644 --- a/agent/grpc/public/services/dataplane/get_envoy_boostrap_params_test.go +++ b/agent/grpc-external/services/dataplane/get_envoy_boostrap_params_test.go @@ -13,8 +13,8 @@ import ( acl "github.com/hashicorp/consul/acl" resolver "github.com/hashicorp/consul/acl/resolver" - "github.com/hashicorp/consul/agent/grpc/public" - "github.com/hashicorp/consul/agent/grpc/public/testutils" + external "github.com/hashicorp/consul/agent/grpc-external" + "github.com/hashicorp/consul/agent/grpc-external/testutils" structs "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/proto-public/pbdataplane" "github.com/hashicorp/consul/types" @@ -78,7 +78,7 @@ func TestGetEnvoyBootstrapParams_Success(t *testing.T) { aclResolver := &MockACLResolver{} aclResolver.On("ResolveTokenAndDefaultMeta", testToken, mock.Anything, mock.Anything). Return(testutils.TestAuthorizerServiceRead(t, tc.registerReq.Service.ID), nil) - ctx := public.ContextWithToken(context.Background(), testToken) + ctx := external.ContextWithToken(context.Background(), testToken) server := NewServer(Config{ GetStore: func() StateStore { return store }, @@ -148,7 +148,7 @@ func TestGetEnvoyBootstrapParams_Error(t *testing.T) { aclResolver.On("ResolveTokenAndDefaultMeta", testToken, mock.Anything, mock.Anything). Return(testutils.TestAuthorizerServiceRead(t, proxyServiceID), nil) - ctx := public.ContextWithToken(context.Background(), testToken) + ctx := external.ContextWithToken(context.Background(), testToken) store := testutils.TestStateStore(t, nil) registerReq := testRegisterRequestProxy(t) @@ -218,7 +218,7 @@ func TestGetEnvoyBootstrapParams_Unauthenticated(t *testing.T) { aclResolver := &MockACLResolver{} aclResolver.On("ResolveTokenAndDefaultMeta", mock.Anything, mock.Anything, mock.Anything). Return(resolver.Result{}, acl.ErrNotFound) - ctx := public.ContextWithToken(context.Background(), testToken) + ctx := external.ContextWithToken(context.Background(), testToken) store := testutils.TestStateStore(t, nil) server := NewServer(Config{ GetStore: func() StateStore { return store }, @@ -237,7 +237,7 @@ func TestGetEnvoyBootstrapParams_PermissionDenied(t *testing.T) { aclResolver := &MockACLResolver{} aclResolver.On("ResolveTokenAndDefaultMeta", testToken, mock.Anything, mock.Anything). Return(testutils.TestAuthorizerDenyAll(t), nil) - ctx := public.ContextWithToken(context.Background(), testToken) + ctx := external.ContextWithToken(context.Background(), testToken) store := testutils.TestStateStore(t, nil) registerReq := structs.TestRegisterRequestProxy(t) proxyServiceID := "web-sidecar-proxy" diff --git a/agent/grpc/public/services/dataplane/get_envoy_bootstrap_params.go b/agent/grpc-external/services/dataplane/get_envoy_bootstrap_params.go similarity index 94% rename from agent/grpc/public/services/dataplane/get_envoy_bootstrap_params.go rename to agent/grpc-external/services/dataplane/get_envoy_bootstrap_params.go index 1b534672c..bed302d12 100644 --- a/agent/grpc/public/services/dataplane/get_envoy_bootstrap_params.go +++ b/agent/grpc-external/services/dataplane/get_envoy_bootstrap_params.go @@ -11,18 +11,18 @@ import ( acl "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/consul/state" - "github.com/hashicorp/consul/agent/grpc/public" + external "github.com/hashicorp/consul/agent/grpc-external" structs "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/proto-public/pbdataplane" ) func (s *Server) GetEnvoyBootstrapParams(ctx context.Context, req *pbdataplane.GetEnvoyBootstrapParamsRequest) (*pbdataplane.GetEnvoyBootstrapParamsResponse, error) { - logger := s.Logger.Named("get-envoy-bootstrap-params").With("service_id", req.GetServiceId(), "request_id", public.TraceID()) + logger := s.Logger.Named("get-envoy-bootstrap-params").With("service_id", req.GetServiceId(), "request_id", external.TraceID()) logger.Trace("Started processing request") defer logger.Trace("Finished processing request") - token := public.TokenFromContext(ctx) + token := external.TokenFromContext(ctx) var authzContext acl.AuthorizerContext entMeta := acl.NewEnterpriseMetaWithPartition(req.GetPartition(), req.GetNamespace()) authz, err := s.ACLResolver.ResolveTokenAndDefaultMeta(token, &entMeta, &authzContext) diff --git a/agent/grpc/public/services/dataplane/get_supported_features.go b/agent/grpc-external/services/dataplane/get_supported_features.go similarity index 92% rename from agent/grpc/public/services/dataplane/get_supported_features.go rename to agent/grpc-external/services/dataplane/get_supported_features.go index cb4eff1e7..79041aa04 100644 --- a/agent/grpc/public/services/dataplane/get_supported_features.go +++ b/agent/grpc-external/services/dataplane/get_supported_features.go @@ -7,19 +7,19 @@ import ( "google.golang.org/grpc/status" acl "github.com/hashicorp/consul/acl" - "github.com/hashicorp/consul/agent/grpc/public" + external "github.com/hashicorp/consul/agent/grpc-external" structs "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/proto-public/pbdataplane" ) func (s *Server) GetSupportedDataplaneFeatures(ctx context.Context, req *pbdataplane.GetSupportedDataplaneFeaturesRequest) (*pbdataplane.GetSupportedDataplaneFeaturesResponse, error) { - logger := s.Logger.Named("get-supported-dataplane-features").With("request_id", public.TraceID()) + logger := s.Logger.Named("get-supported-dataplane-features").With("request_id", external.TraceID()) logger.Trace("Started processing request") defer logger.Trace("Finished processing request") // Require the given ACL token to have `service:write` on any service - token := public.TokenFromContext(ctx) + token := external.TokenFromContext(ctx) var authzContext acl.AuthorizerContext entMeta := structs.WildcardEnterpriseMetaInPartition(structs.WildcardSpecifier) authz, err := s.ACLResolver.ResolveTokenAndDefaultMeta(token, entMeta, &authzContext) diff --git a/agent/grpc/public/services/dataplane/get_supported_features_test.go b/agent/grpc-external/services/dataplane/get_supported_features_test.go similarity index 89% rename from agent/grpc/public/services/dataplane/get_supported_features_test.go rename to agent/grpc-external/services/dataplane/get_supported_features_test.go index bdcd0d455..822fd6b5b 100644 --- a/agent/grpc/public/services/dataplane/get_supported_features_test.go +++ b/agent/grpc-external/services/dataplane/get_supported_features_test.go @@ -12,8 +12,8 @@ import ( "github.com/hashicorp/consul/acl" resolver "github.com/hashicorp/consul/acl/resolver" - "github.com/hashicorp/consul/agent/grpc/public" - "github.com/hashicorp/consul/agent/grpc/public/testutils" + external "github.com/hashicorp/consul/agent/grpc-external" + "github.com/hashicorp/consul/agent/grpc-external/testutils" "github.com/hashicorp/consul/proto-public/pbdataplane" ) @@ -24,7 +24,7 @@ func TestSupportedDataplaneFeatures_Success(t *testing.T) { aclResolver := &MockACLResolver{} aclResolver.On("ResolveTokenAndDefaultMeta", testACLToken, mock.Anything, mock.Anything). Return(testutils.TestAuthorizerServiceWriteAny(t), nil) - ctx := public.ContextWithToken(context.Background(), testACLToken) + ctx := external.ContextWithToken(context.Background(), testACLToken) server := NewServer(Config{ Logger: hclog.NewNullLogger(), ACLResolver: aclResolver, @@ -53,7 +53,7 @@ func TestSupportedDataplaneFeatures_Unauthenticated(t *testing.T) { aclResolver := &MockACLResolver{} aclResolver.On("ResolveTokenAndDefaultMeta", mock.Anything, mock.Anything, mock.Anything). Return(resolver.Result{}, acl.ErrNotFound) - ctx := public.ContextWithToken(context.Background(), testACLToken) + ctx := external.ContextWithToken(context.Background(), testACLToken) server := NewServer(Config{ Logger: hclog.NewNullLogger(), ACLResolver: aclResolver, @@ -70,7 +70,7 @@ func TestSupportedDataplaneFeatures_PermissionDenied(t *testing.T) { aclResolver := &MockACLResolver{} aclResolver.On("ResolveTokenAndDefaultMeta", testACLToken, mock.Anything, mock.Anything). Return(testutils.TestAuthorizerDenyAll(t), nil) - ctx := public.ContextWithToken(context.Background(), testACLToken) + ctx := external.ContextWithToken(context.Background(), testACLToken) server := NewServer(Config{ Logger: hclog.NewNullLogger(), ACLResolver: aclResolver, diff --git a/agent/grpc/public/services/dataplane/mock_ACLResolver.go b/agent/grpc-external/services/dataplane/mock_ACLResolver.go similarity index 100% rename from agent/grpc/public/services/dataplane/mock_ACLResolver.go rename to agent/grpc-external/services/dataplane/mock_ACLResolver.go diff --git a/agent/grpc/public/services/dataplane/server.go b/agent/grpc-external/services/dataplane/server.go similarity index 100% rename from agent/grpc/public/services/dataplane/server.go rename to agent/grpc-external/services/dataplane/server.go diff --git a/agent/grpc/public/services/dataplane/server_test.go b/agent/grpc-external/services/dataplane/server_test.go similarity index 89% rename from agent/grpc/public/services/dataplane/server_test.go rename to agent/grpc-external/services/dataplane/server_test.go index fa0a24b91..5ca346a6e 100644 --- a/agent/grpc/public/services/dataplane/server_test.go +++ b/agent/grpc-external/services/dataplane/server_test.go @@ -4,7 +4,7 @@ import ( "context" "testing" - "github.com/hashicorp/consul/agent/grpc/public/testutils" + "github.com/hashicorp/consul/agent/grpc-external/testutils" "github.com/hashicorp/consul/proto-public/pbdataplane" "github.com/stretchr/testify/require" "google.golang.org/grpc" diff --git a/agent/grpc/public/services/peerstream/health_snapshot.go b/agent/grpc-external/services/peerstream/health_snapshot.go similarity index 100% rename from agent/grpc/public/services/peerstream/health_snapshot.go rename to agent/grpc-external/services/peerstream/health_snapshot.go diff --git a/agent/grpc/public/services/peerstream/health_snapshot_test.go b/agent/grpc-external/services/peerstream/health_snapshot_test.go similarity index 100% rename from agent/grpc/public/services/peerstream/health_snapshot_test.go rename to agent/grpc-external/services/peerstream/health_snapshot_test.go diff --git a/agent/grpc/public/services/peerstream/mock_ACLResolver.go b/agent/grpc-external/services/peerstream/mock_ACLResolver.go similarity index 100% rename from agent/grpc/public/services/peerstream/mock_ACLResolver.go rename to agent/grpc-external/services/peerstream/mock_ACLResolver.go diff --git a/agent/grpc/public/services/peerstream/replication.go b/agent/grpc-external/services/peerstream/replication.go similarity index 100% rename from agent/grpc/public/services/peerstream/replication.go rename to agent/grpc-external/services/peerstream/replication.go diff --git a/agent/grpc/public/services/peerstream/server.go b/agent/grpc-external/services/peerstream/server.go similarity index 100% rename from agent/grpc/public/services/peerstream/server.go rename to agent/grpc-external/services/peerstream/server.go diff --git a/agent/grpc/public/services/peerstream/stream_resources.go b/agent/grpc-external/services/peerstream/stream_resources.go similarity index 99% rename from agent/grpc/public/services/peerstream/stream_resources.go rename to agent/grpc-external/services/peerstream/stream_resources.go index f85da232f..611340082 100644 --- a/agent/grpc/public/services/peerstream/stream_resources.go +++ b/agent/grpc-external/services/peerstream/stream_resources.go @@ -14,7 +14,7 @@ import ( grpcstatus "google.golang.org/grpc/status" "github.com/hashicorp/consul/agent/connect" - "github.com/hashicorp/consul/agent/grpc/public" + external "github.com/hashicorp/consul/agent/grpc-external" "github.com/hashicorp/consul/proto/pbpeering" "github.com/hashicorp/consul/proto/pbpeerstream" ) @@ -27,7 +27,7 @@ type BidirectionalStream interface { // StreamResources handles incoming streaming connections. func (s *Server) StreamResources(stream pbpeerstream.PeerStreamService_StreamResourcesServer) error { - logger := s.Logger.Named("stream-resources").With("request_id", public.TraceID()) + logger := s.Logger.Named("stream-resources").With("request_id", external.TraceID()) logger.Trace("Started processing request") defer logger.Trace("Finished processing request") diff --git a/agent/grpc/public/services/peerstream/stream_test.go b/agent/grpc-external/services/peerstream/stream_test.go similarity index 100% rename from agent/grpc/public/services/peerstream/stream_test.go rename to agent/grpc-external/services/peerstream/stream_test.go diff --git a/agent/grpc/public/services/peerstream/stream_tracker.go b/agent/grpc-external/services/peerstream/stream_tracker.go similarity index 100% rename from agent/grpc/public/services/peerstream/stream_tracker.go rename to agent/grpc-external/services/peerstream/stream_tracker.go diff --git a/agent/grpc/public/services/peerstream/stream_tracker_test.go b/agent/grpc-external/services/peerstream/stream_tracker_test.go similarity index 100% rename from agent/grpc/public/services/peerstream/stream_tracker_test.go rename to agent/grpc-external/services/peerstream/stream_tracker_test.go diff --git a/agent/grpc/public/services/peerstream/subscription_blocking.go b/agent/grpc-external/services/peerstream/subscription_blocking.go similarity index 100% rename from agent/grpc/public/services/peerstream/subscription_blocking.go rename to agent/grpc-external/services/peerstream/subscription_blocking.go diff --git a/agent/grpc/public/services/peerstream/subscription_manager.go b/agent/grpc-external/services/peerstream/subscription_manager.go similarity index 100% rename from agent/grpc/public/services/peerstream/subscription_manager.go rename to agent/grpc-external/services/peerstream/subscription_manager.go diff --git a/agent/grpc/public/services/peerstream/subscription_manager_test.go b/agent/grpc-external/services/peerstream/subscription_manager_test.go similarity index 100% rename from agent/grpc/public/services/peerstream/subscription_manager_test.go rename to agent/grpc-external/services/peerstream/subscription_manager_test.go diff --git a/agent/grpc/public/services/peerstream/subscription_state.go b/agent/grpc-external/services/peerstream/subscription_state.go similarity index 100% rename from agent/grpc/public/services/peerstream/subscription_state.go rename to agent/grpc-external/services/peerstream/subscription_state.go diff --git a/agent/grpc/public/services/peerstream/subscription_state_test.go b/agent/grpc-external/services/peerstream/subscription_state_test.go similarity index 100% rename from agent/grpc/public/services/peerstream/subscription_state_test.go rename to agent/grpc-external/services/peerstream/subscription_state_test.go diff --git a/agent/grpc/public/services/peerstream/subscription_view.go b/agent/grpc-external/services/peerstream/subscription_view.go similarity index 100% rename from agent/grpc/public/services/peerstream/subscription_view.go rename to agent/grpc-external/services/peerstream/subscription_view.go diff --git a/agent/grpc/public/services/peerstream/subscription_view_test.go b/agent/grpc-external/services/peerstream/subscription_view_test.go similarity index 100% rename from agent/grpc/public/services/peerstream/subscription_view_test.go rename to agent/grpc-external/services/peerstream/subscription_view_test.go diff --git a/agent/grpc/public/services/peerstream/testing.go b/agent/grpc-external/services/peerstream/testing.go similarity index 100% rename from agent/grpc/public/services/peerstream/testing.go rename to agent/grpc-external/services/peerstream/testing.go diff --git a/agent/grpc/public/services/serverdiscovery/mock_ACLResolver.go b/agent/grpc-external/services/serverdiscovery/mock_ACLResolver.go similarity index 100% rename from agent/grpc/public/services/serverdiscovery/mock_ACLResolver.go rename to agent/grpc-external/services/serverdiscovery/mock_ACLResolver.go diff --git a/agent/grpc/public/services/serverdiscovery/server.go b/agent/grpc-external/services/serverdiscovery/server.go similarity index 100% rename from agent/grpc/public/services/serverdiscovery/server.go rename to agent/grpc-external/services/serverdiscovery/server.go diff --git a/agent/grpc/public/services/serverdiscovery/server_test.go b/agent/grpc-external/services/serverdiscovery/server_test.go similarity index 97% rename from agent/grpc/public/services/serverdiscovery/server_test.go rename to agent/grpc-external/services/serverdiscovery/server_test.go index 2ad8e5120..c946adaa8 100644 --- a/agent/grpc/public/services/serverdiscovery/server_test.go +++ b/agent/grpc-external/services/serverdiscovery/server_test.go @@ -12,7 +12,7 @@ import ( "github.com/hashicorp/consul/agent/consul/autopilotevents" "github.com/hashicorp/consul/agent/consul/state" "github.com/hashicorp/consul/agent/consul/stream" - "github.com/hashicorp/consul/agent/grpc/public/testutils" + "github.com/hashicorp/consul/agent/grpc-external/testutils" "github.com/hashicorp/consul/proto-public/pbserverdiscovery" ) diff --git a/agent/grpc/public/services/serverdiscovery/watch_servers.go b/agent/grpc-external/services/serverdiscovery/watch_servers.go similarity index 95% rename from agent/grpc/public/services/serverdiscovery/watch_servers.go rename to agent/grpc-external/services/serverdiscovery/watch_servers.go index 6ceda83ff..1a119148c 100644 --- a/agent/grpc/public/services/serverdiscovery/watch_servers.go +++ b/agent/grpc-external/services/serverdiscovery/watch_servers.go @@ -4,15 +4,16 @@ import ( "context" "errors" - "github.com/hashicorp/consul/acl" - "github.com/hashicorp/consul/agent/consul/autopilotevents" - "github.com/hashicorp/consul/agent/consul/stream" - "github.com/hashicorp/consul/agent/grpc/public" - "github.com/hashicorp/consul/agent/structs" - "github.com/hashicorp/consul/proto-public/pbserverdiscovery" "github.com/hashicorp/go-hclog" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" + + "github.com/hashicorp/consul/acl" + "github.com/hashicorp/consul/agent/consul/autopilotevents" + "github.com/hashicorp/consul/agent/consul/stream" + external "github.com/hashicorp/consul/agent/grpc-external" + "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/proto-public/pbserverdiscovery" ) // WatchServers provides a stream on which you can receive the list of servers @@ -20,12 +21,12 @@ import ( // current set of ready servers are sent immediately at the start of the // stream and new updates will be sent whenver the set of ready servers changes. func (s *Server) WatchServers(req *pbserverdiscovery.WatchServersRequest, serverStream pbserverdiscovery.ServerDiscoveryService_WatchServersServer) error { - logger := s.Logger.Named("watch-servers").With("request_id", public.TraceID()) + logger := s.Logger.Named("watch-servers").With("request_id", external.TraceID()) logger.Debug("starting stream") defer logger.Trace("stream closed") - token := public.TokenFromContext(serverStream.Context()) + token := external.TokenFromContext(serverStream.Context()) // Serve the ready servers from an EventPublisher subscription. If the subscription is // closed due to an ACL change, we'll attempt to re-authorize and resume it to diff --git a/agent/grpc/public/services/serverdiscovery/watch_servers_test.go b/agent/grpc-external/services/serverdiscovery/watch_servers_test.go similarity index 96% rename from agent/grpc/public/services/serverdiscovery/watch_servers_test.go rename to agent/grpc-external/services/serverdiscovery/watch_servers_test.go index a44520e55..1a73b0668 100644 --- a/agent/grpc/public/services/serverdiscovery/watch_servers_test.go +++ b/agent/grpc-external/services/serverdiscovery/watch_servers_test.go @@ -16,8 +16,8 @@ import ( resolver "github.com/hashicorp/consul/acl/resolver" "github.com/hashicorp/consul/agent/consul/autopilotevents" "github.com/hashicorp/consul/agent/consul/stream" - "github.com/hashicorp/consul/agent/grpc/public" - "github.com/hashicorp/consul/agent/grpc/public/testutils" + external "github.com/hashicorp/consul/agent/grpc-external" + "github.com/hashicorp/consul/agent/grpc-external/testutils" "github.com/hashicorp/consul/proto-public/pbserverdiscovery" "github.com/hashicorp/consul/proto/prototest" "github.com/hashicorp/consul/sdk/testutil" @@ -125,7 +125,7 @@ func TestWatchServers_StreamLifeCycle(t *testing.T) { Return(testutils.TestAuthorizerServiceWriteAny(t), nil).Twice() // add the token to the requests context - ctx := public.ContextWithToken(context.Background(), testACLToken) + ctx := external.ContextWithToken(context.Background(), testACLToken) // setup the server server := NewServer(Config{ @@ -198,7 +198,7 @@ func TestWatchServers_ACLToken_PermissionDenied(t *testing.T) { Return(testutils.TestAuthorizerDenyAll(t), nil).Once() // add the token to the requests context - ctx := public.ContextWithToken(context.Background(), testACLToken) + ctx := external.ContextWithToken(context.Background(), testACLToken) // setup the server server := NewServer(Config{ @@ -229,7 +229,7 @@ func TestWatchServers_ACLToken_Unauthenticated(t *testing.T) { Return(resolver.Result{}, acl.ErrNotFound).Once() // add the token to the requests context - ctx := public.ContextWithToken(context.Background(), testACLToken) + ctx := external.ContextWithToken(context.Background(), testACLToken) // setup the server server := NewServer(Config{ diff --git a/agent/grpc/public/testutils/acl.go b/agent/grpc-external/testutils/acl.go similarity index 100% rename from agent/grpc/public/testutils/acl.go rename to agent/grpc-external/testutils/acl.go diff --git a/agent/grpc/public/testutils/fsm.go b/agent/grpc-external/testutils/fsm.go similarity index 100% rename from agent/grpc/public/testutils/fsm.go rename to agent/grpc-external/testutils/fsm.go diff --git a/agent/grpc/public/testutils/server.go b/agent/grpc-external/testutils/server.go similarity index 100% rename from agent/grpc/public/testutils/server.go rename to agent/grpc-external/testutils/server.go diff --git a/agent/grpc/public/token.go b/agent/grpc-external/token.go similarity index 97% rename from agent/grpc/public/token.go rename to agent/grpc-external/token.go index 237317ee4..68006b254 100644 --- a/agent/grpc/public/token.go +++ b/agent/grpc-external/token.go @@ -1,4 +1,4 @@ -package public +package external import ( "context" diff --git a/agent/grpc/public/utils.go b/agent/grpc-external/utils.go similarity index 94% rename from agent/grpc/public/utils.go rename to agent/grpc-external/utils.go index 70d7d1abb..c2c77ace6 100644 --- a/agent/grpc/public/utils.go +++ b/agent/grpc-external/utils.go @@ -1,4 +1,4 @@ -package public +package external import "github.com/hashicorp/go-uuid" diff --git a/agent/grpc/private/client.go b/agent/grpc-internal/client.go similarity index 99% rename from agent/grpc/private/client.go rename to agent/grpc-internal/client.go index 8d10edd17..451a5236e 100644 --- a/agent/grpc/private/client.go +++ b/agent/grpc-internal/client.go @@ -1,4 +1,4 @@ -package private +package internal import ( "context" diff --git a/agent/grpc/private/client_test.go b/agent/grpc-internal/client_test.go similarity index 94% rename from agent/grpc/private/client_test.go rename to agent/grpc-internal/client_test.go index d414207ab..e36cd6aad 100644 --- a/agent/grpc/private/client_test.go +++ b/agent/grpc-internal/client_test.go @@ -1,4 +1,4 @@ -package private +package internal import ( "context" @@ -14,8 +14,8 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - "github.com/hashicorp/consul/agent/grpc/private/internal/testservice" - "github.com/hashicorp/consul/agent/grpc/private/resolver" + "github.com/hashicorp/consul/agent/grpc-internal/internal/testservice" + "github.com/hashicorp/consul/agent/grpc-internal/resolver" "github.com/hashicorp/consul/agent/metadata" "github.com/hashicorp/consul/ipaddr" "github.com/hashicorp/consul/sdk/freeport" @@ -145,9 +145,9 @@ func TestNewDialer_IntegrationWithTLSEnabledHandler(t *testing.T) { tlsConf, err := tlsutil.NewConfigurator(tlsutil.Config{ InternalRPC: tlsutil.ProtocolConfig{ VerifyIncoming: true, - CAFile: "../../../test/hostname/CertAuth.crt", - CertFile: "../../../test/hostname/Alice.crt", - KeyFile: "../../../test/hostname/Alice.key", + CAFile: "../../test/hostname/CertAuth.crt", + CertFile: "../../test/hostname/Alice.crt", + KeyFile: "../../test/hostname/Alice.key", VerifyOutgoing: true, }, }, hclog.New(nil)) @@ -192,9 +192,9 @@ func TestNewDialer_IntegrationWithTLSEnabledHandler_viaMeshGateway(t *testing.T) tlsConf, err := tlsutil.NewConfigurator(tlsutil.Config{ InternalRPC: tlsutil.ProtocolConfig{ VerifyIncoming: true, - CAFile: "../../../test/hostname/CertAuth.crt", - CertFile: "../../../test/hostname/Bob.crt", - KeyFile: "../../../test/hostname/Bob.key", + CAFile: "../../test/hostname/CertAuth.crt", + CertFile: "../../test/hostname/Bob.crt", + KeyFile: "../../test/hostname/Bob.key", VerifyOutgoing: true, VerifyServerHostname: true, }, @@ -222,9 +222,9 @@ func TestNewDialer_IntegrationWithTLSEnabledHandler_viaMeshGateway(t *testing.T) clientTLSConf, err := tlsutil.NewConfigurator(tlsutil.Config{ InternalRPC: tlsutil.ProtocolConfig{ VerifyIncoming: true, - CAFile: "../../../test/hostname/CertAuth.crt", - CertFile: "../../../test/hostname/Betty.crt", - KeyFile: "../../../test/hostname/Betty.key", + CAFile: "../../test/hostname/CertAuth.crt", + CertFile: "../../test/hostname/Betty.crt", + KeyFile: "../../test/hostname/Betty.key", VerifyOutgoing: true, VerifyServerHostname: true, }, diff --git a/agent/grpc/private/handler.go b/agent/grpc-internal/handler.go similarity index 97% rename from agent/grpc/private/handler.go rename to agent/grpc-internal/handler.go index 3cc103af2..b5e7d2573 100644 --- a/agent/grpc/private/handler.go +++ b/agent/grpc-internal/handler.go @@ -1,11 +1,11 @@ -package private +package internal import ( "fmt" "net" "time" - agentmiddleware "github.com/hashicorp/consul/agent/grpc/middleware" + agentmiddleware "github.com/hashicorp/consul/agent/grpc-middleware" middleware "github.com/grpc-ecosystem/go-grpc-middleware" recovery "github.com/grpc-ecosystem/go-grpc-middleware/recovery" diff --git a/agent/grpc/private/handler_test.go b/agent/grpc-internal/handler_test.go similarity index 89% rename from agent/grpc/private/handler_test.go rename to agent/grpc-internal/handler_test.go index 6edf82195..f53877301 100644 --- a/agent/grpc/private/handler_test.go +++ b/agent/grpc-internal/handler_test.go @@ -1,4 +1,4 @@ -package private +package internal import ( "bytes" @@ -13,8 +13,8 @@ import ( "google.golang.org/grpc/codes" "google.golang.org/grpc/status" - "github.com/hashicorp/consul/agent/grpc/private/internal/testservice" - "github.com/hashicorp/consul/agent/grpc/private/resolver" + "github.com/hashicorp/consul/agent/grpc-internal/internal/testservice" + "github.com/hashicorp/consul/agent/grpc-internal/resolver" ) func TestHandler_PanicRecoveryInterceptor(t *testing.T) { @@ -57,5 +57,5 @@ func TestHandler_PanicRecoveryInterceptor(t *testing.T) { // Checking the entire stack trace is not possible, let's // make sure that it contains a couple of expected strings. require.Contains(t, strLog, `[ERROR] panic serving grpc request: panic="panic from Something`) - require.Contains(t, strLog, `github.com/hashicorp/consul/agent/grpc/private.(*simplePanic).Something`) + require.Contains(t, strLog, `github.com/hashicorp/consul/agent/grpc-internal.(*simplePanic).Something`) } diff --git a/agent/grpc/private/internal/testservice/simple.pb.binary.go b/agent/grpc-internal/internal/testservice/simple.pb.binary.go similarity index 91% rename from agent/grpc/private/internal/testservice/simple.pb.binary.go rename to agent/grpc-internal/internal/testservice/simple.pb.binary.go index 2d65084bd..fd2d7e13f 100644 --- a/agent/grpc/private/internal/testservice/simple.pb.binary.go +++ b/agent/grpc-internal/internal/testservice/simple.pb.binary.go @@ -1,5 +1,5 @@ // Code generated by protoc-gen-go-binary. DO NOT EDIT. -// source: agent/grpc/private/internal/testservice/simple.proto +// source: agent/grpc-internal/internal/testservice/simple.proto package testservice diff --git a/agent/grpc/private/internal/testservice/simple.pb.go b/agent/grpc-internal/internal/testservice/simple.pb.go similarity index 98% rename from agent/grpc/private/internal/testservice/simple.pb.go rename to agent/grpc-internal/internal/testservice/simple.pb.go index 4f12adeb9..dfca35fa0 100644 --- a/agent/grpc/private/internal/testservice/simple.pb.go +++ b/agent/grpc-internal/internal/testservice/simple.pb.go @@ -2,7 +2,7 @@ // versions: // protoc-gen-go v1.23.0 // protoc v3.15.8 -// source: agent/grpc/private/internal/testservice/simple.proto +// source: agent/grpc-internal/internal/testservice/simple.proto package testservice @@ -376,5 +376,5 @@ var _Simple_serviceDesc = grpc.ServiceDesc{ ServerStreams: true, }, }, - Metadata: "agent/grpc/private/internal/testservice/simple.proto", + Metadata: "agent/grpc-internal/internal/testservice/simple.proto", } diff --git a/agent/grpc/private/internal/testservice/simple.proto b/agent/grpc-internal/internal/testservice/simple.proto similarity index 76% rename from agent/grpc/private/internal/testservice/simple.proto rename to agent/grpc-internal/internal/testservice/simple.proto index 31a53308f..bcace657a 100644 --- a/agent/grpc/private/internal/testservice/simple.proto +++ b/agent/grpc-internal/internal/testservice/simple.proto @@ -2,7 +2,7 @@ syntax = "proto3"; package testservice; -option go_package = "github.com/hashicorp/consul/agent/grpc/private/internal/testservice"; +option go_package = "github.com/hashicorp/consul/agent/grpc-internal/internal/testservice"; // Simple service is used to test gRPC plumbing. service Simple { diff --git a/agent/grpc/private/resolver/registry.go b/agent/grpc-internal/resolver/registry.go similarity index 100% rename from agent/grpc/private/resolver/registry.go rename to agent/grpc-internal/resolver/registry.go diff --git a/agent/grpc/private/resolver/resolver.go b/agent/grpc-internal/resolver/resolver.go similarity index 100% rename from agent/grpc/private/resolver/resolver.go rename to agent/grpc-internal/resolver/resolver.go diff --git a/agent/grpc/private/server_test.go b/agent/grpc-internal/server_test.go similarity index 98% rename from agent/grpc/private/server_test.go rename to agent/grpc-internal/server_test.go index c9873c222..45e1ad59f 100644 --- a/agent/grpc/private/server_test.go +++ b/agent/grpc-internal/server_test.go @@ -1,4 +1,4 @@ -package private +package internal import ( "context" @@ -15,7 +15,7 @@ import ( "golang.org/x/sync/errgroup" "google.golang.org/grpc" - "github.com/hashicorp/consul/agent/grpc/private/internal/testservice" + "github.com/hashicorp/consul/agent/grpc-internal/internal/testservice" "github.com/hashicorp/consul/agent/metadata" "github.com/hashicorp/consul/agent/pool" "github.com/hashicorp/consul/tlsutil" diff --git a/agent/grpc/private/services/subscribe/logger.go b/agent/grpc-internal/services/subscribe/logger.go similarity index 100% rename from agent/grpc/private/services/subscribe/logger.go rename to agent/grpc-internal/services/subscribe/logger.go diff --git a/agent/grpc/private/services/subscribe/subscribe.go b/agent/grpc-internal/services/subscribe/subscribe.go similarity index 100% rename from agent/grpc/private/services/subscribe/subscribe.go rename to agent/grpc-internal/services/subscribe/subscribe.go diff --git a/agent/grpc/private/services/subscribe/subscribe_test.go b/agent/grpc-internal/services/subscribe/subscribe_test.go similarity index 99% rename from agent/grpc/private/services/subscribe/subscribe_test.go rename to agent/grpc-internal/services/subscribe/subscribe_test.go index e5018ca38..26a8e148c 100644 --- a/agent/grpc/private/services/subscribe/subscribe_test.go +++ b/agent/grpc-internal/services/subscribe/subscribe_test.go @@ -21,7 +21,7 @@ import ( "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/consul/state" "github.com/hashicorp/consul/agent/consul/stream" - grpc "github.com/hashicorp/consul/agent/grpc/private" + grpc "github.com/hashicorp/consul/agent/grpc-internal" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/proto/pbcommon" diff --git a/agent/grpc/private/stats.go b/agent/grpc-internal/stats.go similarity index 99% rename from agent/grpc/private/stats.go rename to agent/grpc-internal/stats.go index 76293e851..ab5226cee 100644 --- a/agent/grpc/private/stats.go +++ b/agent/grpc-internal/stats.go @@ -1,4 +1,4 @@ -package private +package internal import ( "context" diff --git a/agent/grpc/private/stats_test.go b/agent/grpc-internal/stats_test.go similarity index 97% rename from agent/grpc/private/stats_test.go rename to agent/grpc-internal/stats_test.go index 0d7268e4e..a32ea5525 100644 --- a/agent/grpc/private/stats_test.go +++ b/agent/grpc-internal/stats_test.go @@ -1,4 +1,4 @@ -package private +package internal import ( "context" @@ -14,9 +14,10 @@ import ( "golang.org/x/sync/errgroup" "google.golang.org/grpc" - "github.com/hashicorp/consul/agent/grpc/private/internal/testservice" - "github.com/hashicorp/consul/proto/prototest" "github.com/hashicorp/go-hclog" + + "github.com/hashicorp/consul/agent/grpc-internal/internal/testservice" + "github.com/hashicorp/consul/proto/prototest" ) func noopRegister(*grpc.Server) {} diff --git a/agent/grpc/middleware/recovery.go b/agent/grpc-middleware/recovery.go similarity index 100% rename from agent/grpc/middleware/recovery.go rename to agent/grpc-middleware/recovery.go diff --git a/agent/metadata/server.go b/agent/metadata/server.go index 8d8c00f10..83997f7cd 100644 --- a/agent/metadata/server.go +++ b/agent/metadata/server.go @@ -23,26 +23,26 @@ func (k *Key) Equal(x *Key) bool { // Server is used to return details of a consul server type Server struct { - Name string // . - ShortName string // - ID string - Datacenter string - Segment string - Port int - SegmentAddrs map[string]string - SegmentPorts map[string]int - WanJoinPort int - LanJoinPort int - PublicGRPCPort int - Bootstrap bool - Expect int - Build version.Version - Version int - RaftVersion int - Addr net.Addr - Status serf.MemberStatus - ReadReplica bool - FeatureFlags map[string]int + Name string // . + ShortName string // + ID string + Datacenter string + Segment string + Port int + SegmentAddrs map[string]string + SegmentPorts map[string]int + WanJoinPort int + LanJoinPort int + ExternalGRPCPort int + Bootstrap bool + Expect int + Build version.Version + Version int + RaftVersion int + Addr net.Addr + Status serf.MemberStatus + ReadReplica bool + FeatureFlags map[string]int // If true, use TLS when connecting to this server UseTLS bool @@ -137,14 +137,14 @@ func IsConsulServer(m serf.Member) (bool, *Server) { } } - publicGRPCPort := 0 - publicGRPCPortStr, ok := m.Tags["grpc_port"] + externalGRPCPort := 0 + externalGRPCPortStr, ok := m.Tags["grpc_port"] if ok { - publicGRPCPort, err = strconv.Atoi(publicGRPCPortStr) + externalGRPCPort, err = strconv.Atoi(externalGRPCPortStr) if err != nil { return false, nil } - if publicGRPCPort < 1 { + if externalGRPCPort < 1 { return false, nil } } @@ -173,25 +173,25 @@ func IsConsulServer(m serf.Member) (bool, *Server) { addr := &net.TCPAddr{IP: m.Addr, Port: port} parts := &Server{ - Name: m.Name, - ShortName: strings.TrimSuffix(m.Name, "."+datacenter), - ID: m.Tags["id"], - Datacenter: datacenter, - Segment: segment, - Port: port, - SegmentAddrs: segmentAddrs, - SegmentPorts: segmentPorts, - WanJoinPort: wanJoinPort, - LanJoinPort: int(m.Port), - PublicGRPCPort: publicGRPCPort, - Bootstrap: bootstrap, - Expect: expect, - Addr: addr, - Build: *buildVersion, - Version: vsn, - RaftVersion: raftVsn, - Status: m.Status, - UseTLS: useTLS, + Name: m.Name, + ShortName: strings.TrimSuffix(m.Name, "."+datacenter), + ID: m.Tags["id"], + Datacenter: datacenter, + Segment: segment, + Port: port, + SegmentAddrs: segmentAddrs, + SegmentPorts: segmentPorts, + WanJoinPort: wanJoinPort, + LanJoinPort: int(m.Port), + ExternalGRPCPort: externalGRPCPort, + Bootstrap: bootstrap, + Expect: expect, + Addr: addr, + Build: *buildVersion, + Version: vsn, + RaftVersion: raftVsn, + Status: m.Status, + UseTLS: useTLS, // DEPRECATED - remove nonVoter check once support for that tag is removed ReadReplica: nonVoter || readReplica, FeatureFlags: featureFlags, diff --git a/agent/metadata/server_test.go b/agent/metadata/server_test.go index 373bad682..2f56bd7fd 100644 --- a/agent/metadata/server_test.go +++ b/agent/metadata/server_test.go @@ -82,19 +82,19 @@ func TestIsConsulServer(t *testing.T) { } expected := &metadata.Server{ - Name: "foo", - ShortName: "foo", - ID: "asdf", - Datacenter: "east-aws", - Segment: "", - Port: 10000, - SegmentAddrs: map[string]string{}, - SegmentPorts: map[string]int{}, - WanJoinPort: 1234, - LanJoinPort: 5454, - PublicGRPCPort: 9876, - Bootstrap: false, - Expect: 3, + Name: "foo", + ShortName: "foo", + ID: "asdf", + Datacenter: "east-aws", + Segment: "", + Port: 10000, + SegmentAddrs: map[string]string{}, + SegmentPorts: map[string]int{}, + WanJoinPort: 1234, + LanJoinPort: 5454, + ExternalGRPCPort: 9876, + Bootstrap: false, + Expect: 3, Addr: &net.TCPAddr{ IP: net.IP([]byte{127, 0, 0, 1}), Port: 10000, @@ -133,7 +133,7 @@ func TestIsConsulServer(t *testing.T) { expected.RaftVersion = 0 expected.Expect = 0 expected.WanJoinPort = 0 - expected.PublicGRPCPort = 0 + expected.ExternalGRPCPort = 0 case "feature-namespaces": m.Tags["ft_ns"] = "1" expected.FeatureFlags = map[string]int{"ns": 1} diff --git a/agent/pool/pool.go b/agent/pool/pool.go index acfe73065..fa223790d 100644 --- a/agent/pool/pool.go +++ b/agent/pool/pool.go @@ -451,7 +451,7 @@ func DialRPCViaMeshGateway( } if nextProto != ALPN_RPCGRPC { - // agent/grpc/private/client.go:dial() handles this in another way for gRPC + // agent/grpc-internal/client.go:dial() handles this in another way for gRPC if tcp, ok := rawConn.(*net.TCPConn); ok { _ = tcp.SetKeepAlive(true) _ = tcp.SetNoDelay(true) diff --git a/agent/rpc/peering/service.go b/agent/rpc/peering/service.go index e4d5c2a4e..94b7d73a3 100644 --- a/agent/rpc/peering/service.go +++ b/agent/rpc/peering/service.go @@ -18,7 +18,7 @@ import ( "github.com/hashicorp/consul/agent/consul/state" "github.com/hashicorp/consul/agent/consul/stream" "github.com/hashicorp/consul/agent/dns" - "github.com/hashicorp/consul/agent/grpc/public/services/peerstream" + "github.com/hashicorp/consul/agent/grpc-external/services/peerstream" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/lib" "github.com/hashicorp/consul/proto/pbpeering" diff --git a/agent/rpc/peering/service_test.go b/agent/rpc/peering/service_test.go index 26aa84daa..6a8f32915 100644 --- a/agent/rpc/peering/service_test.go +++ b/agent/rpc/peering/service_test.go @@ -20,8 +20,8 @@ import ( "github.com/hashicorp/consul/agent/consul" "github.com/hashicorp/consul/agent/consul/state" "github.com/hashicorp/consul/agent/consul/stream" - grpc "github.com/hashicorp/consul/agent/grpc/private" - "github.com/hashicorp/consul/agent/grpc/private/resolver" + grpc "github.com/hashicorp/consul/agent/grpc-internal" + "github.com/hashicorp/consul/agent/grpc-internal/resolver" "github.com/hashicorp/consul/agent/pool" "github.com/hashicorp/consul/agent/router" "github.com/hashicorp/consul/agent/rpc/middleware" @@ -544,10 +544,10 @@ func newTestServer(t *testing.T, cb func(conf *consul.Config)) testingServer { conf.ACLResolverSettings.Datacenter = conf.Datacenter conf.ACLResolverSettings.EnterpriseMeta = *conf.AgentEnterpriseMeta() - publicGRPCServer := gogrpc.NewServer() + externalGRPCServer := gogrpc.NewServer() deps := newDefaultDeps(t, conf) - server, err := consul.NewServer(conf, deps, publicGRPCServer) + server, err := consul.NewServer(conf, deps, externalGRPCServer) require.NoError(t, err) t.Cleanup(func() { require.NoError(t, server.Shutdown()) @@ -560,9 +560,9 @@ func newTestServer(t *testing.T, cb func(conf *consul.Config)) testingServer { ln, err := net.Listen("tcp", grpcAddr) require.NoError(t, err) go func() { - _ = publicGRPCServer.Serve(ln) + _ = externalGRPCServer.Serve(ln) }() - t.Cleanup(publicGRPCServer.Stop) + t.Cleanup(externalGRPCServer.Stop) testrpc.WaitForLeader(t, server.RPC, conf.Datacenter) diff --git a/agent/setup.go b/agent/setup.go index 1e094f754..9ac506ab6 100644 --- a/agent/setup.go +++ b/agent/setup.go @@ -18,8 +18,8 @@ import ( "github.com/hashicorp/consul/agent/consul/fsm" "github.com/hashicorp/consul/agent/consul/stream" "github.com/hashicorp/consul/agent/consul/usagemetrics" - grpc "github.com/hashicorp/consul/agent/grpc/private" - "github.com/hashicorp/consul/agent/grpc/private/resolver" + grpc "github.com/hashicorp/consul/agent/grpc-internal" + "github.com/hashicorp/consul/agent/grpc-internal/resolver" "github.com/hashicorp/consul/agent/local" "github.com/hashicorp/consul/agent/pool" "github.com/hashicorp/consul/agent/router" diff --git a/agent/submatview/store_integration_test.go b/agent/submatview/store_integration_test.go index 8804a5cbf..775b6f0b6 100644 --- a/agent/submatview/store_integration_test.go +++ b/agent/submatview/store_integration_test.go @@ -22,7 +22,7 @@ import ( "github.com/hashicorp/consul/agent/cache" "github.com/hashicorp/consul/agent/consul/state" "github.com/hashicorp/consul/agent/consul/stream" - "github.com/hashicorp/consul/agent/grpc/private/services/subscribe" + "github.com/hashicorp/consul/agent/grpc-internal/services/subscribe" "github.com/hashicorp/consul/agent/rpcclient/health" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/agent/submatview" diff --git a/agent/xds/delta.go b/agent/xds/delta.go index cdc6e53d6..701c04f2e 100644 --- a/agent/xds/delta.go +++ b/agent/xds/delta.go @@ -21,7 +21,7 @@ import ( "google.golang.org/grpc/codes" "google.golang.org/grpc/status" - "github.com/hashicorp/consul/agent/grpc/public" + external "github.com/hashicorp/consul/agent/grpc-external" "github.com/hashicorp/consul/agent/proxycfg" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/agent/xds/serverlessplugin" @@ -253,7 +253,7 @@ func (s *Server) processDelta(stream ADSDeltaStream, reqCh <-chan *envoy_discove // Start watching config for that proxy var err error - stateCh, watchCancel, err = s.CfgSrc.Watch(proxyID, nodeName, public.TokenFromContext(stream.Context())) + stateCh, watchCancel, err = s.CfgSrc.Watch(proxyID, nodeName, external.TokenFromContext(stream.Context())) if err != nil { return status.Errorf(codes.Internal, "failed to watch proxy service: %s", err) } diff --git a/agent/xds/server.go b/agent/xds/server.go index adbe9a62f..cc27f3fde 100644 --- a/agent/xds/server.go +++ b/agent/xds/server.go @@ -16,7 +16,7 @@ import ( "google.golang.org/grpc/status" "github.com/hashicorp/consul/acl" - "github.com/hashicorp/consul/agent/grpc/public" + external "github.com/hashicorp/consul/agent/grpc-external" "github.com/hashicorp/consul/agent/proxycfg" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/agent/xds/xdscommon" @@ -201,7 +201,7 @@ func (s *Server) authorize(ctx context.Context, cfgSnap *proxycfg.ConfigSnapshot return status.Errorf(codes.Unauthenticated, "unauthenticated: no config snapshot") } - authz, err := s.ResolveToken(public.TokenFromContext(ctx)) + authz, err := s.ResolveToken(external.TokenFromContext(ctx)) if acl.IsErrNotFound(err) { return status.Errorf(codes.Unauthenticated, "unauthenticated: %v", err) } else if acl.IsErrPermissionDenied(err) { diff --git a/docs/rpc/README.md b/docs/rpc/README.md index b10681e8f..adfa19459 100644 --- a/docs/rpc/README.md +++ b/docs/rpc/README.md @@ -1,26 +1,26 @@ # RPC -This section is a work in progress. +Consul uses two RPC systems for communication between components within the +cluster and with other clients such as Envoy: [gRPC](https://grpc.io/) +and Go's [`net/rpc`](https://pkg.go.dev/net/rpc) package. -The RPC subsystem is exclusicely in Server Agents. It is comprised of two main components: +Communication between client agents and servers uses a mix of both gRPC and +`net/rpc`. Generally, gRPC is preferred because it supports modern features +such as context deadlines/cancellation, streaming, and middleware - but Consul +has been around for a while so the majority of RPC endpoints still use `net/rpc`. -1. the "RPC Server" (for lack of a better term) handles multiplexing of many different - requests on a single TCP port. -2. RPC endpoints handle RPC requests and return responses. +## Multiplexed "Server" Port -The RPC subsystems handles requests from: +Most in-cluster communication happens over the multiplexed "server" TCP port +(default: 8300). Consul servers implement a custom protocol for serving +different kinds of traffic on the same port, whereby the first byte sent +indicates the protocol (e.g. gRPC, `net/rpc`, Raft). -1. Client Agents in the local DC -2. (if the server is a leader) other Server Agents in the local DC -3. Server Agents in other Datacenters -4. in-process requests from other components running in the same process (ex: the HTTP API - or DNS interface). +Servers also implement [TLS ALPN](https://en.wikipedia.org/wiki/Application-Layer_Protocol_Negotiation) +on this port, for situations where wrapping the real protocol with a byte prefix +isn't practical (e.g. cross-DC traffic over mesh gateways). -## Routing - -The "RPC Server" accepts requests to the [server port] and routes the requests based on -configuration of the Server and the the first byte in the request. The diagram below shows -all the possible routing flows. +The diagram below shows all the possible routing flows: [server port]: https://www.consul.io/docs/agent/config/config-files#server_rpc_port @@ -28,11 +28,10 @@ all the possible routing flows. [source](./routing.mmd) -The main entrypoint to RPC routing is `handleConn` in [agent/consul/rpc.go]. +The main entrypoint to connection routing is `handleConn` in [agent/consul/rpc.go]. [agent/consul/rpc.go]: https://github.com/hashicorp/consul/blob/main/agent/consul/rpc.go - ### Development Multiplexing several protocols over a single server port helps to reduce our @@ -44,13 +43,35 @@ development tools such as [grpcurl] difficult. You can get a "plain" TCP connection to the gRPC server using this proxy script: ``` -$ go run tools/private-grpc-proxy/main.go localhost:8300 -Proxying connections to Consul's private gRPC server +$ go run tools/internal-grpc-proxy/main.go localhost:8300 +Proxying connections to Consul's internal gRPC server Use this address: 127.0.0.1:64077 ``` Pass the returned proxy address to your tool of choice. +## Private vs Public vs Internal vs External +When working on Consul's gRPC endpoints you may notice we use private/public and +internal/external slightly differently. + +Private and public refer to whether an API is suitable for consumption by +clients other than Consul's core components. + +Private gRPC APIs are defined in the `proto` directory, and should only be used +by Consul servers and agents. Public gRPC APIs are defined in the `proto-public` +directory and may be used by 3rd-party applications. + +Internal and external refer to how the gRPC APIs are exposed. + +Internal gRPC APIs are exposed on the multiplexed "server" port, whereas +external APIs are exposed on a dedicated gRPC port (default: 8502). + +The reason for this differentiation is that some private APIs are exposed on the +external port, such as peer streaming/replication; this API isn't (yet) suitable +for consumption by 3rd-party applications but must be accessible from outside +the cluster, and present a TLS certificate signed by a public CA, which the +multiplexed port cannot. + ## RPC Endpoints This section is a work in progress, it will eventually cover topics like: diff --git a/docs/rpc/streaming/README.md b/docs/rpc/streaming/README.md index 3cd2ca6fe..dd6873cde 100644 --- a/docs/rpc/streaming/README.md +++ b/docs/rpc/streaming/README.md @@ -34,7 +34,7 @@ and sent to any active subscriptions. [rpcclient/health.Health]: https://github.com/hashicorp/consul/blob/main/agent/rpcclient/health/health.go [StreamingHealthServices cache-type]: https://github.com/hashicorp/consul/blob/main/agent/cache-types/streaming_health_services.go [materialized view]: https://github.com/hashicorp/consul/blob/main/agent/submatview/materializer.go -[SubscribeEndpoint]: https://github.com/hashicorp/consul/blob/main/agent/grpc/private/services/subscribe/subscribe.go +[SubscribeEndpoint]: https://github.com/hashicorp/consul/blob/main/agent/grpc-internal/services/subscribe/subscribe.go [EventPublisher]: https://github.com/hashicorp/consul/blob/main/agent/consul/stream/event_publisher.go [state.Store commits]: https://github.com/hashicorp/consul/blob/main/agent/consul/state/memdb.go diff --git a/tools/private-grpc-proxy/main.go b/tools/internal-grpc-proxy/main.go similarity index 95% rename from tools/private-grpc-proxy/main.go rename to tools/internal-grpc-proxy/main.go index 32a7633f6..f134bfc50 100644 --- a/tools/private-grpc-proxy/main.go +++ b/tools/internal-grpc-proxy/main.go @@ -24,7 +24,7 @@ func main() { } defer lis.Close() - fmt.Println("Proxying connections to Consul's private gRPC server") + fmt.Println("Proxying connections to Consul's internal gRPC server") fmt.Printf("Use this address: %s\n", lis.Addr()) for { From c8c648490517c35b3c44e75e462cca6bc1b7e636 Mon Sep 17 00:00:00 2001 From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com> Date: Wed, 13 Jul 2022 11:03:27 -0500 Subject: [PATCH 732/785] proto: add package prefixes for all proto files where it is safe (#13735) We cannot do this for "subscribe" and "partition" this easily without breakage so those are omitted. Any protobuf message passed around via an Any construct will have the fully qualified package name embedded in the protobuf as a string. Also RPC method dispatch will include the package of the service during serialization. - We will be passing pbservice and pbpeering through an Any as part of peer stream replication. - We will be exposing two new gRPC services via pbpeering and pbpeerstream. --- GNUmakefile | 12 + proto/pbacl/acl.pb.go | 34 +- proto/pbacl/acl.proto | 2 +- proto/pbautoconf/auto_config.pb.go | 111 ++- proto/pbautoconf/auto_config.proto | 2 +- proto/pbcommon/common.pb.go | 186 ++-- proto/pbcommon/common.proto | 2 +- proto/pbconfig/config.pb.go | 287 +++--- proto/pbconfig/config.proto | 2 +- proto/pbconfigentry/config_entry.pb.go | 1028 ++++++++++++---------- proto/pbconfigentry/config_entry.proto | 2 +- proto/pbconnect/connect.pb.go | 240 ++--- proto/pbconnect/connect.proto | 2 +- proto/pbpeering/peering.pb.go | 660 +++++++------- proto/pbpeering/peering.proto | 2 +- proto/pbpeering/peering_grpc.pb.go | 34 +- proto/pbpeerstream/peerstream.pb.go | 190 ++-- proto/pbpeerstream/peerstream.proto | 2 +- proto/pbpeerstream/peerstream_grpc.pb.go | 4 +- proto/pbservice/healthcheck.pb.go | 436 ++++----- proto/pbservice/healthcheck.proto | 2 +- proto/pbservice/node.pb.go | 277 +++--- proto/pbservice/node.proto | 2 +- proto/pbservice/service.pb.go | 469 +++++----- proto/pbservice/service.proto | 2 +- proto/pbstatus/status.pb.go | 50 +- proto/pbstatus/status.proto | 2 +- proto/pbsubscribe/subscribe.pb.go | 104 ++- proto/pbsubscribe/subscribe.proto | 9 +- 29 files changed, 2262 insertions(+), 1893 deletions(-) diff --git a/GNUmakefile b/GNUmakefile index 7fa86d234..6327ea579 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -376,6 +376,18 @@ proto-format: proto-tools proto-lint: proto-tools @buf lint --config proto/buf.yaml --path proto @buf lint --config proto-public/buf.yaml --path proto-public + @for fn in $$(find proto -name '*.proto'); do \ + if [[ "$$fn" = "proto/pbsubscribe/subscribe.proto" ]]; then \ + continue ; \ + elif [[ "$$fn" = "proto/pbpartition/partition.proto" ]]; then \ + continue ; \ + fi ; \ + pkg=$$(grep "^package " "$$fn" | sed 's/^package \(.*\);/\1/'); \ + if [[ "$$pkg" != hashicorp.consul.internal.* ]]; then \ + echo "ERROR: $$fn: is missing 'hashicorp.consul.internal' package prefix: $$pkg" >&2; \ + exit 1; \ + fi \ + done # utility to echo a makefile variable (i.e. 'make print-PROTOC_VERSION') print-% : ; @echo $($*) diff --git a/proto/pbacl/acl.pb.go b/proto/pbacl/acl.pb.go index 435a298b0..ede3fc3ba 100644 --- a/proto/pbacl/acl.pb.go +++ b/proto/pbacl/acl.pb.go @@ -80,17 +80,27 @@ var File_proto_pbacl_acl_proto protoreflect.FileDescriptor var file_proto_pbacl_acl_proto_rawDesc = []byte{ 0x0a, 0x15, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x61, 0x63, 0x6c, 0x2f, 0x61, 0x63, - 0x6c, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x03, 0x61, 0x63, 0x6c, 0x22, 0x2d, 0x0a, 0x07, - 0x41, 0x43, 0x4c, 0x4c, 0x69, 0x6e, 0x6b, 0x12, 0x0e, 0x0a, 0x02, 0x49, 0x44, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x02, 0x49, 0x44, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x42, 0x68, 0x0a, 0x07, 0x63, - 0x6f, 0x6d, 0x2e, 0x61, 0x63, 0x6c, 0x42, 0x08, 0x41, 0x63, 0x6c, 0x50, 0x72, 0x6f, 0x74, 0x6f, - 0x50, 0x01, 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, - 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x61, 0x63, 0x6c, 0xa2, 0x02, 0x03, 0x41, 0x58, - 0x58, 0xaa, 0x02, 0x03, 0x41, 0x63, 0x6c, 0xca, 0x02, 0x03, 0x41, 0x63, 0x6c, 0xe2, 0x02, 0x0f, - 0x41, 0x63, 0x6c, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, - 0x02, 0x03, 0x41, 0x63, 0x6c, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x6c, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x1d, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, + 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, + 0x61, 0x6c, 0x2e, 0x61, 0x63, 0x6c, 0x22, 0x2d, 0x0a, 0x07, 0x41, 0x43, 0x4c, 0x4c, 0x69, 0x6e, + 0x6b, 0x12, 0x0e, 0x0a, 0x02, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x49, + 0x44, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x42, 0xee, 0x01, 0x0a, 0x21, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, + 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, + 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x61, 0x63, 0x6c, 0x42, 0x08, 0x41, 0x63, 0x6c, + 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, + 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, + 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x61, 0x63, 0x6c, + 0xa2, 0x02, 0x04, 0x48, 0x43, 0x49, 0x41, 0xaa, 0x02, 0x1d, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, + 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, + 0x6e, 0x61, 0x6c, 0x2e, 0x41, 0x63, 0x6c, 0xca, 0x02, 0x1d, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, + 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74, 0x65, 0x72, + 0x6e, 0x61, 0x6c, 0x5c, 0x41, 0x63, 0x6c, 0xe2, 0x02, 0x29, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, + 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74, 0x65, 0x72, + 0x6e, 0x61, 0x6c, 0x5c, 0x41, 0x63, 0x6c, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, + 0x61, 0x74, 0x61, 0xea, 0x02, 0x20, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, + 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, + 0x6c, 0x3a, 0x3a, 0x41, 0x63, 0x6c, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -107,7 +117,7 @@ func file_proto_pbacl_acl_proto_rawDescGZIP() []byte { var file_proto_pbacl_acl_proto_msgTypes = make([]protoimpl.MessageInfo, 1) var file_proto_pbacl_acl_proto_goTypes = []interface{}{ - (*ACLLink)(nil), // 0: acl.ACLLink + (*ACLLink)(nil), // 0: hashicorp.consul.internal.acl.ACLLink } var file_proto_pbacl_acl_proto_depIdxs = []int32{ 0, // [0:0] is the sub-list for method output_type diff --git a/proto/pbacl/acl.proto b/proto/pbacl/acl.proto index 252d7bb51..299149c2e 100644 --- a/proto/pbacl/acl.proto +++ b/proto/pbacl/acl.proto @@ -1,6 +1,6 @@ syntax = "proto3"; -package acl; +package hashicorp.consul.internal.acl; message ACLLink { string ID = 1; diff --git a/proto/pbautoconf/auto_config.pb.go b/proto/pbautoconf/auto_config.pb.go index 41d2901e6..f93a4263d 100644 --- a/proto/pbautoconf/auto_config.pb.go +++ b/proto/pbautoconf/auto_config.pb.go @@ -214,46 +214,61 @@ var File_proto_pbautoconf_auto_config_proto protoreflect.FileDescriptor var file_proto_pbautoconf_auto_config_proto_rawDesc = []byte{ 0x0a, 0x22, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x61, 0x75, 0x74, 0x6f, 0x63, 0x6f, 0x6e, 0x66, 0x2f, 0x61, 0x75, 0x74, 0x6f, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x08, 0x61, 0x75, 0x74, 0x6f, 0x63, 0x6f, 0x6e, 0x66, 0x1a, 0x1b, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2f, 0x63, - 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1d, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x2f, 0x63, 0x6f, 0x6e, - 0x6e, 0x65, 0x63, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xc5, 0x01, 0x0a, 0x11, 0x41, - 0x75, 0x74, 0x6f, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, - 0x12, 0x1e, 0x0a, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, - 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x6f, 0x64, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, - 0x4e, 0x6f, 0x64, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x53, 0x65, 0x67, 0x6d, 0x65, 0x6e, 0x74, 0x18, - 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x53, 0x65, 0x67, 0x6d, 0x65, 0x6e, 0x74, 0x12, 0x1c, - 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x08, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x10, 0x0a, 0x03, - 0x4a, 0x57, 0x54, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x4a, 0x57, 0x54, 0x12, 0x20, - 0x0a, 0x0b, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x06, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x0b, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x54, 0x6f, 0x6b, 0x65, 0x6e, - 0x12, 0x10, 0x0a, 0x03, 0x43, 0x53, 0x52, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x43, - 0x53, 0x52, 0x22, 0xd1, 0x01, 0x0a, 0x12, 0x41, 0x75, 0x74, 0x6f, 0x43, 0x6f, 0x6e, 0x66, 0x69, - 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x26, 0x0a, 0x06, 0x43, 0x6f, 0x6e, - 0x66, 0x69, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x63, 0x6f, 0x6e, 0x66, - 0x69, 0x67, 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x06, 0x43, 0x6f, 0x6e, 0x66, 0x69, - 0x67, 0x12, 0x2a, 0x0a, 0x07, 0x43, 0x41, 0x52, 0x6f, 0x6f, 0x74, 0x73, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x2e, 0x43, 0x41, 0x52, - 0x6f, 0x6f, 0x74, 0x73, 0x52, 0x07, 0x43, 0x41, 0x52, 0x6f, 0x6f, 0x74, 0x73, 0x12, 0x35, 0x0a, - 0x0b, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x18, 0x03, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x2e, 0x49, 0x73, 0x73, - 0x75, 0x65, 0x64, 0x43, 0x65, 0x72, 0x74, 0x52, 0x0b, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, - 0x63, 0x61, 0x74, 0x65, 0x12, 0x30, 0x0a, 0x13, 0x45, 0x78, 0x74, 0x72, 0x61, 0x43, 0x41, 0x43, - 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, - 0x09, 0x52, 0x13, 0x45, 0x78, 0x74, 0x72, 0x61, 0x43, 0x41, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, - 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x42, 0x8d, 0x01, 0x0a, 0x0c, 0x63, 0x6f, 0x6d, 0x2e, 0x61, - 0x75, 0x74, 0x6f, 0x63, 0x6f, 0x6e, 0x66, 0x42, 0x0f, 0x41, 0x75, 0x74, 0x6f, 0x43, 0x6f, 0x6e, - 0x66, 0x69, 0x67, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2c, 0x67, 0x69, 0x74, 0x68, - 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, - 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, - 0x61, 0x75, 0x74, 0x6f, 0x63, 0x6f, 0x6e, 0x66, 0xa2, 0x02, 0x03, 0x41, 0x58, 0x58, 0xaa, 0x02, - 0x08, 0x41, 0x75, 0x74, 0x6f, 0x63, 0x6f, 0x6e, 0x66, 0xca, 0x02, 0x08, 0x41, 0x75, 0x74, 0x6f, - 0x63, 0x6f, 0x6e, 0x66, 0xe2, 0x02, 0x14, 0x41, 0x75, 0x74, 0x6f, 0x63, 0x6f, 0x6e, 0x66, 0x5c, - 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x08, 0x41, 0x75, - 0x74, 0x6f, 0x63, 0x6f, 0x6e, 0x66, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x22, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, + 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, + 0x61, 0x75, 0x74, 0x6f, 0x63, 0x6f, 0x6e, 0x66, 0x1a, 0x1b, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, + 0x70, 0x62, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1d, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x63, + 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x2f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x2e, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xc5, 0x01, 0x0a, 0x11, 0x41, 0x75, 0x74, 0x6f, 0x43, 0x6f, 0x6e, + 0x66, 0x69, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1e, 0x0a, 0x0a, 0x44, 0x61, + 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, + 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x6f, + 0x64, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x6f, 0x64, 0x65, 0x12, 0x18, + 0x0a, 0x07, 0x53, 0x65, 0x67, 0x6d, 0x65, 0x6e, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x07, 0x53, 0x65, 0x67, 0x6d, 0x65, 0x6e, 0x74, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, + 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, + 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x10, 0x0a, 0x03, 0x4a, 0x57, 0x54, 0x18, 0x05, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x03, 0x4a, 0x57, 0x54, 0x12, 0x20, 0x0a, 0x0b, 0x43, 0x6f, 0x6e, 0x73, + 0x75, 0x6c, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x43, + 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x10, 0x0a, 0x03, 0x43, 0x53, + 0x52, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x43, 0x53, 0x52, 0x22, 0x9f, 0x02, 0x0a, + 0x12, 0x41, 0x75, 0x74, 0x6f, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, + 0x6e, 0x73, 0x65, 0x12, 0x40, 0x0a, 0x06, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, + 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, + 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x06, 0x43, + 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x44, 0x0a, 0x07, 0x43, 0x41, 0x52, 0x6f, 0x6f, 0x74, 0x73, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, + 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, + 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x2e, 0x43, 0x41, 0x52, 0x6f, 0x6f, + 0x74, 0x73, 0x52, 0x07, 0x43, 0x41, 0x52, 0x6f, 0x6f, 0x74, 0x73, 0x12, 0x4f, 0x0a, 0x0b, 0x43, + 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x2d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, + 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, + 0x6e, 0x65, 0x63, 0x74, 0x2e, 0x49, 0x73, 0x73, 0x75, 0x65, 0x64, 0x43, 0x65, 0x72, 0x74, 0x52, + 0x0b, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x30, 0x0a, 0x13, + 0x45, 0x78, 0x74, 0x72, 0x61, 0x43, 0x41, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, + 0x74, 0x65, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, 0x13, 0x45, 0x78, 0x74, 0x72, 0x61, + 0x43, 0x41, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x42, 0x93, + 0x02, 0x0a, 0x26, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, + 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, + 0x2e, 0x61, 0x75, 0x74, 0x6f, 0x63, 0x6f, 0x6e, 0x66, 0x42, 0x0f, 0x41, 0x75, 0x74, 0x6f, 0x43, + 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2c, 0x67, 0x69, + 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, + 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, + 0x70, 0x62, 0x61, 0x75, 0x74, 0x6f, 0x63, 0x6f, 0x6e, 0x66, 0xa2, 0x02, 0x04, 0x48, 0x43, 0x49, + 0x41, 0xaa, 0x02, 0x22, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, + 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x41, 0x75, + 0x74, 0x6f, 0x63, 0x6f, 0x6e, 0x66, 0xca, 0x02, 0x22, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, + 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, + 0x61, 0x6c, 0x5c, 0x41, 0x75, 0x74, 0x6f, 0x63, 0x6f, 0x6e, 0x66, 0xe2, 0x02, 0x2e, 0x48, 0x61, + 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49, + 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5c, 0x41, 0x75, 0x74, 0x6f, 0x63, 0x6f, 0x6e, 0x66, + 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x25, 0x48, + 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, + 0x3a, 0x3a, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x3a, 0x3a, 0x41, 0x75, 0x74, 0x6f, + 0x63, 0x6f, 0x6e, 0x66, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -270,16 +285,16 @@ func file_proto_pbautoconf_auto_config_proto_rawDescGZIP() []byte { var file_proto_pbautoconf_auto_config_proto_msgTypes = make([]protoimpl.MessageInfo, 2) var file_proto_pbautoconf_auto_config_proto_goTypes = []interface{}{ - (*AutoConfigRequest)(nil), // 0: autoconf.AutoConfigRequest - (*AutoConfigResponse)(nil), // 1: autoconf.AutoConfigResponse - (*pbconfig.Config)(nil), // 2: config.Config - (*pbconnect.CARoots)(nil), // 3: connect.CARoots - (*pbconnect.IssuedCert)(nil), // 4: connect.IssuedCert + (*AutoConfigRequest)(nil), // 0: hashicorp.consul.internal.autoconf.AutoConfigRequest + (*AutoConfigResponse)(nil), // 1: hashicorp.consul.internal.autoconf.AutoConfigResponse + (*pbconfig.Config)(nil), // 2: hashicorp.consul.internal.config.Config + (*pbconnect.CARoots)(nil), // 3: hashicorp.consul.internal.connect.CARoots + (*pbconnect.IssuedCert)(nil), // 4: hashicorp.consul.internal.connect.IssuedCert } var file_proto_pbautoconf_auto_config_proto_depIdxs = []int32{ - 2, // 0: autoconf.AutoConfigResponse.Config:type_name -> config.Config - 3, // 1: autoconf.AutoConfigResponse.CARoots:type_name -> connect.CARoots - 4, // 2: autoconf.AutoConfigResponse.Certificate:type_name -> connect.IssuedCert + 2, // 0: hashicorp.consul.internal.autoconf.AutoConfigResponse.Config:type_name -> hashicorp.consul.internal.config.Config + 3, // 1: hashicorp.consul.internal.autoconf.AutoConfigResponse.CARoots:type_name -> hashicorp.consul.internal.connect.CARoots + 4, // 2: hashicorp.consul.internal.autoconf.AutoConfigResponse.Certificate:type_name -> hashicorp.consul.internal.connect.IssuedCert 3, // [3:3] is the sub-list for method output_type 3, // [3:3] is the sub-list for method input_type 3, // [3:3] is the sub-list for extension type_name diff --git a/proto/pbautoconf/auto_config.proto b/proto/pbautoconf/auto_config.proto index fc8d3cdef..c43f1c912 100644 --- a/proto/pbautoconf/auto_config.proto +++ b/proto/pbautoconf/auto_config.proto @@ -1,6 +1,6 @@ syntax = "proto3"; -package autoconf; +package hashicorp.consul.internal.autoconf; import "proto/pbconfig/config.proto"; import "proto/pbconnect/connect.proto"; diff --git a/proto/pbcommon/common.pb.go b/proto/pbcommon/common.pb.go index 7ccab8739..80010a7ab 100644 --- a/proto/pbcommon/common.pb.go +++ b/proto/pbcommon/common.pb.go @@ -594,85 +594,95 @@ var File_proto_pbcommon_common_proto protoreflect.FileDescriptor var file_proto_pbcommon_common_proto_rawDesc = []byte{ 0x0a, 0x1b, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, - 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x06, 0x63, - 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x4f, 0x0a, 0x09, 0x52, 0x61, 0x66, 0x74, 0x49, 0x6e, 0x64, - 0x65, 0x78, 0x12, 0x20, 0x0a, 0x0b, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x49, 0x6e, 0x64, 0x65, - 0x78, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0b, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x49, - 0x6e, 0x64, 0x65, 0x78, 0x12, 0x20, 0x0a, 0x0b, 0x4d, 0x6f, 0x64, 0x69, 0x66, 0x79, 0x49, 0x6e, - 0x64, 0x65, 0x78, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0b, 0x4d, 0x6f, 0x64, 0x69, 0x66, - 0x79, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x22, 0x32, 0x0a, 0x10, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, - 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x1e, 0x0a, 0x0a, 0x44, 0x61, - 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, - 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x22, 0x24, 0x0a, 0x0c, 0x57, 0x72, - 0x69, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x14, 0x0a, 0x05, 0x54, 0x6f, - 0x6b, 0x65, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x54, 0x6f, 0x6b, 0x65, 0x6e, - 0x22, 0x51, 0x0a, 0x0b, 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, - 0x14, 0x0a, 0x05, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, - 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x2c, 0x0a, 0x11, 0x52, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, - 0x43, 0x6f, 0x6e, 0x73, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, - 0x52, 0x11, 0x52, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x43, 0x6f, 0x6e, 0x73, 0x69, 0x73, 0x74, - 0x65, 0x6e, 0x74, 0x22, 0xec, 0x03, 0x0a, 0x0c, 0x51, 0x75, 0x65, 0x72, 0x79, 0x4f, 0x70, 0x74, - 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x14, 0x0a, 0x05, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x05, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x24, 0x0a, 0x0d, 0x4d, 0x69, - 0x6e, 0x51, 0x75, 0x65, 0x72, 0x79, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x04, 0x52, 0x0d, 0x4d, 0x69, 0x6e, 0x51, 0x75, 0x65, 0x72, 0x79, 0x49, 0x6e, 0x64, 0x65, 0x78, - 0x12, 0x3d, 0x0a, 0x0c, 0x4d, 0x61, 0x78, 0x51, 0x75, 0x65, 0x72, 0x79, 0x54, 0x69, 0x6d, 0x65, - 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x52, 0x0c, 0x4d, 0x61, 0x78, 0x51, 0x75, 0x65, 0x72, 0x79, 0x54, 0x69, 0x6d, 0x65, 0x12, - 0x1e, 0x0a, 0x0a, 0x41, 0x6c, 0x6c, 0x6f, 0x77, 0x53, 0x74, 0x61, 0x6c, 0x65, 0x18, 0x04, 0x20, - 0x01, 0x28, 0x08, 0x52, 0x0a, 0x41, 0x6c, 0x6c, 0x6f, 0x77, 0x53, 0x74, 0x61, 0x6c, 0x65, 0x12, + 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x20, 0x68, + 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, + 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x1a, + 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, + 0x2f, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, + 0x4f, 0x0a, 0x09, 0x52, 0x61, 0x66, 0x74, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x20, 0x0a, 0x0b, + 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x04, 0x52, 0x0b, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x20, + 0x0a, 0x0b, 0x4d, 0x6f, 0x64, 0x69, 0x66, 0x79, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x04, 0x52, 0x0b, 0x4d, 0x6f, 0x64, 0x69, 0x66, 0x79, 0x49, 0x6e, 0x64, 0x65, 0x78, + 0x22, 0x32, 0x0a, 0x10, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, + 0x6e, 0x74, 0x65, 0x72, 0x12, 0x1e, 0x0a, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, + 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, + 0x6e, 0x74, 0x65, 0x72, 0x22, 0x24, 0x0a, 0x0c, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x12, 0x14, 0x0a, 0x05, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x05, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x22, 0x51, 0x0a, 0x0b, 0x52, 0x65, + 0x61, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x14, 0x0a, 0x05, 0x54, 0x6f, 0x6b, + 0x65, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x2c, 0x0a, 0x11, 0x52, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x43, 0x6f, 0x6e, 0x73, 0x69, 0x73, - 0x74, 0x65, 0x6e, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x11, 0x52, 0x65, 0x71, 0x75, - 0x69, 0x72, 0x65, 0x43, 0x6f, 0x6e, 0x73, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x74, 0x12, 0x1a, 0x0a, - 0x08, 0x55, 0x73, 0x65, 0x43, 0x61, 0x63, 0x68, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x52, - 0x08, 0x55, 0x73, 0x65, 0x43, 0x61, 0x63, 0x68, 0x65, 0x12, 0x45, 0x0a, 0x10, 0x4d, 0x61, 0x78, - 0x53, 0x74, 0x61, 0x6c, 0x65, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x07, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x10, - 0x4d, 0x61, 0x78, 0x53, 0x74, 0x61, 0x6c, 0x65, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x12, 0x31, 0x0a, 0x06, 0x4d, 0x61, 0x78, 0x41, 0x67, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, + 0x74, 0x65, 0x6e, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x11, 0x52, 0x65, 0x71, 0x75, + 0x69, 0x72, 0x65, 0x43, 0x6f, 0x6e, 0x73, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x74, 0x22, 0xec, 0x03, + 0x0a, 0x0c, 0x51, 0x75, 0x65, 0x72, 0x79, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x14, + 0x0a, 0x05, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x54, + 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x24, 0x0a, 0x0d, 0x4d, 0x69, 0x6e, 0x51, 0x75, 0x65, 0x72, 0x79, + 0x49, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0d, 0x4d, 0x69, 0x6e, + 0x51, 0x75, 0x65, 0x72, 0x79, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x3d, 0x0a, 0x0c, 0x4d, 0x61, + 0x78, 0x51, 0x75, 0x65, 0x72, 0x79, 0x54, 0x69, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, - 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x06, 0x4d, 0x61, 0x78, - 0x41, 0x67, 0x65, 0x12, 0x26, 0x0a, 0x0e, 0x4d, 0x75, 0x73, 0x74, 0x52, 0x65, 0x76, 0x61, 0x6c, - 0x69, 0x64, 0x61, 0x74, 0x65, 0x18, 0x09, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x4d, 0x75, 0x73, - 0x74, 0x52, 0x65, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x12, 0x3d, 0x0a, 0x0c, 0x53, - 0x74, 0x61, 0x6c, 0x65, 0x49, 0x66, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x18, 0x0a, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0c, 0x53, 0x74, - 0x61, 0x6c, 0x65, 0x49, 0x66, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x16, 0x0a, 0x06, 0x46, 0x69, - 0x6c, 0x74, 0x65, 0x72, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x46, 0x69, 0x6c, 0x74, - 0x65, 0x72, 0x22, 0xee, 0x01, 0x0a, 0x09, 0x51, 0x75, 0x65, 0x72, 0x79, 0x4d, 0x65, 0x74, 0x61, - 0x12, 0x14, 0x0a, 0x05, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, - 0x05, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x3b, 0x0a, 0x0b, 0x4c, 0x61, 0x73, 0x74, 0x43, 0x6f, - 0x6e, 0x74, 0x61, 0x63, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, + 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0c, 0x4d, 0x61, 0x78, + 0x51, 0x75, 0x65, 0x72, 0x79, 0x54, 0x69, 0x6d, 0x65, 0x12, 0x1e, 0x0a, 0x0a, 0x41, 0x6c, 0x6c, + 0x6f, 0x77, 0x53, 0x74, 0x61, 0x6c, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x41, + 0x6c, 0x6c, 0x6f, 0x77, 0x53, 0x74, 0x61, 0x6c, 0x65, 0x12, 0x2c, 0x0a, 0x11, 0x52, 0x65, 0x71, + 0x75, 0x69, 0x72, 0x65, 0x43, 0x6f, 0x6e, 0x73, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x74, 0x18, 0x05, + 0x20, 0x01, 0x28, 0x08, 0x52, 0x11, 0x52, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x43, 0x6f, 0x6e, + 0x73, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x55, 0x73, 0x65, 0x43, 0x61, + 0x63, 0x68, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x55, 0x73, 0x65, 0x43, 0x61, + 0x63, 0x68, 0x65, 0x12, 0x45, 0x0a, 0x10, 0x4d, 0x61, 0x78, 0x53, 0x74, 0x61, 0x6c, 0x65, 0x44, + 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, + 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, + 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x10, 0x4d, 0x61, 0x78, 0x53, 0x74, 0x61, + 0x6c, 0x65, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x31, 0x0a, 0x06, 0x4d, 0x61, + 0x78, 0x41, 0x67, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, + 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x06, 0x4d, 0x61, 0x78, 0x41, 0x67, 0x65, 0x12, 0x26, 0x0a, + 0x0e, 0x4d, 0x75, 0x73, 0x74, 0x52, 0x65, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x18, + 0x09, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x4d, 0x75, 0x73, 0x74, 0x52, 0x65, 0x76, 0x61, 0x6c, + 0x69, 0x64, 0x61, 0x74, 0x65, 0x12, 0x3d, 0x0a, 0x0c, 0x53, 0x74, 0x61, 0x6c, 0x65, 0x49, 0x66, + 0x45, 0x72, 0x72, 0x6f, 0x72, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, - 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0b, 0x4c, 0x61, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x74, - 0x61, 0x63, 0x74, 0x12, 0x20, 0x0a, 0x0b, 0x4b, 0x6e, 0x6f, 0x77, 0x6e, 0x4c, 0x65, 0x61, 0x64, - 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b, 0x4b, 0x6e, 0x6f, 0x77, 0x6e, 0x4c, - 0x65, 0x61, 0x64, 0x65, 0x72, 0x12, 0x2a, 0x0a, 0x10, 0x43, 0x6f, 0x6e, 0x73, 0x69, 0x73, 0x74, - 0x65, 0x6e, 0x63, 0x79, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x10, 0x43, 0x6f, 0x6e, 0x73, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x63, 0x79, 0x4c, 0x65, 0x76, 0x65, - 0x6c, 0x12, 0x34, 0x0a, 0x15, 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x73, 0x46, 0x69, 0x6c, 0x74, - 0x65, 0x72, 0x65, 0x64, 0x42, 0x79, 0x41, 0x43, 0x4c, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, - 0x52, 0x15, 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x73, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x65, - 0x64, 0x42, 0x79, 0x41, 0x43, 0x4c, 0x73, 0x4a, 0x04, 0x08, 0x05, 0x10, 0x06, 0x4a, 0x04, 0x08, - 0x06, 0x10, 0x07, 0x22, 0x4c, 0x0a, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, - 0x65, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x1c, 0x0a, 0x09, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, - 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, - 0x61, 0x63, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, - 0x6e, 0x42, 0x7d, 0x0a, 0x0a, 0x63, 0x6f, 0x6d, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x42, - 0x0b, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2a, - 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, - 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x2f, 0x70, 0x62, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0xa2, 0x02, 0x03, 0x43, 0x58, 0x58, - 0xaa, 0x02, 0x06, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0xca, 0x02, 0x06, 0x43, 0x6f, 0x6d, 0x6d, - 0x6f, 0x6e, 0xe2, 0x02, 0x12, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5c, 0x47, 0x50, 0x42, 0x4d, - 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x06, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, - 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0c, 0x53, 0x74, 0x61, 0x6c, 0x65, 0x49, 0x66, 0x45, + 0x72, 0x72, 0x6f, 0x72, 0x12, 0x16, 0x0a, 0x06, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x18, 0x0b, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x22, 0xee, 0x01, 0x0a, + 0x09, 0x51, 0x75, 0x65, 0x72, 0x79, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x14, 0x0a, 0x05, 0x49, 0x6e, + 0x64, 0x65, 0x78, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x05, 0x49, 0x6e, 0x64, 0x65, 0x78, + 0x12, 0x3b, 0x0a, 0x0b, 0x4c, 0x61, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x63, 0x74, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x52, 0x0b, 0x4c, 0x61, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x63, 0x74, 0x12, 0x20, 0x0a, + 0x0b, 0x4b, 0x6e, 0x6f, 0x77, 0x6e, 0x4c, 0x65, 0x61, 0x64, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, + 0x28, 0x08, 0x52, 0x0b, 0x4b, 0x6e, 0x6f, 0x77, 0x6e, 0x4c, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12, + 0x2a, 0x0a, 0x10, 0x43, 0x6f, 0x6e, 0x73, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x63, 0x79, 0x4c, 0x65, + 0x76, 0x65, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x10, 0x43, 0x6f, 0x6e, 0x73, 0x69, + 0x73, 0x74, 0x65, 0x6e, 0x63, 0x79, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x12, 0x34, 0x0a, 0x15, 0x52, + 0x65, 0x73, 0x75, 0x6c, 0x74, 0x73, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x65, 0x64, 0x42, 0x79, + 0x41, 0x43, 0x4c, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x15, 0x52, 0x65, 0x73, 0x75, + 0x6c, 0x74, 0x73, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x65, 0x64, 0x42, 0x79, 0x41, 0x43, 0x4c, + 0x73, 0x4a, 0x04, 0x08, 0x05, 0x10, 0x06, 0x4a, 0x04, 0x08, 0x06, 0x10, 0x07, 0x22, 0x4c, 0x0a, + 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x12, + 0x1c, 0x0a, 0x09, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x09, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x1c, 0x0a, + 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x83, 0x02, 0x0a, 0x24, + 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, + 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, + 0x6d, 0x6d, 0x6f, 0x6e, 0x42, 0x0b, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x74, + 0x6f, 0x50, 0x01, 0x5a, 0x2a, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, + 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, + 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0xa2, + 0x02, 0x04, 0x48, 0x43, 0x49, 0x43, 0xaa, 0x02, 0x20, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, + 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, + 0x61, 0x6c, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0xca, 0x02, 0x20, 0x48, 0x61, 0x73, 0x68, + 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74, + 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5c, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0xe2, 0x02, 0x2c, 0x48, + 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, + 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5c, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5c, + 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x23, 0x48, 0x61, + 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, + 0x3a, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x3a, 0x3a, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, + 0x6e, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -689,21 +699,21 @@ func file_proto_pbcommon_common_proto_rawDescGZIP() []byte { var file_proto_pbcommon_common_proto_msgTypes = make([]protoimpl.MessageInfo, 7) var file_proto_pbcommon_common_proto_goTypes = []interface{}{ - (*RaftIndex)(nil), // 0: common.RaftIndex - (*TargetDatacenter)(nil), // 1: common.TargetDatacenter - (*WriteRequest)(nil), // 2: common.WriteRequest - (*ReadRequest)(nil), // 3: common.ReadRequest - (*QueryOptions)(nil), // 4: common.QueryOptions - (*QueryMeta)(nil), // 5: common.QueryMeta - (*EnterpriseMeta)(nil), // 6: common.EnterpriseMeta + (*RaftIndex)(nil), // 0: hashicorp.consul.internal.common.RaftIndex + (*TargetDatacenter)(nil), // 1: hashicorp.consul.internal.common.TargetDatacenter + (*WriteRequest)(nil), // 2: hashicorp.consul.internal.common.WriteRequest + (*ReadRequest)(nil), // 3: hashicorp.consul.internal.common.ReadRequest + (*QueryOptions)(nil), // 4: hashicorp.consul.internal.common.QueryOptions + (*QueryMeta)(nil), // 5: hashicorp.consul.internal.common.QueryMeta + (*EnterpriseMeta)(nil), // 6: hashicorp.consul.internal.common.EnterpriseMeta (*durationpb.Duration)(nil), // 7: google.protobuf.Duration } var file_proto_pbcommon_common_proto_depIdxs = []int32{ - 7, // 0: common.QueryOptions.MaxQueryTime:type_name -> google.protobuf.Duration - 7, // 1: common.QueryOptions.MaxStaleDuration:type_name -> google.protobuf.Duration - 7, // 2: common.QueryOptions.MaxAge:type_name -> google.protobuf.Duration - 7, // 3: common.QueryOptions.StaleIfError:type_name -> google.protobuf.Duration - 7, // 4: common.QueryMeta.LastContact:type_name -> google.protobuf.Duration + 7, // 0: hashicorp.consul.internal.common.QueryOptions.MaxQueryTime:type_name -> google.protobuf.Duration + 7, // 1: hashicorp.consul.internal.common.QueryOptions.MaxStaleDuration:type_name -> google.protobuf.Duration + 7, // 2: hashicorp.consul.internal.common.QueryOptions.MaxAge:type_name -> google.protobuf.Duration + 7, // 3: hashicorp.consul.internal.common.QueryOptions.StaleIfError:type_name -> google.protobuf.Duration + 7, // 4: hashicorp.consul.internal.common.QueryMeta.LastContact:type_name -> google.protobuf.Duration 5, // [5:5] is the sub-list for method output_type 5, // [5:5] is the sub-list for method input_type 5, // [5:5] is the sub-list for extension type_name diff --git a/proto/pbcommon/common.proto b/proto/pbcommon/common.proto index b4b47099e..1c6d9f260 100644 --- a/proto/pbcommon/common.proto +++ b/proto/pbcommon/common.proto @@ -1,6 +1,6 @@ syntax = "proto3"; -package common; +package hashicorp.consul.internal.common; import "google/protobuf/duration.proto"; diff --git a/proto/pbconfig/config.pb.go b/proto/pbconfig/config.pb.go index aea729fe3..80953c882 100644 --- a/proto/pbconfig/config.pb.go +++ b/proto/pbconfig/config.pb.go @@ -682,124 +682,145 @@ var File_proto_pbconfig_config_proto protoreflect.FileDescriptor var file_proto_pbconfig_config_proto_rawDesc = []byte{ 0x0a, 0x1b, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, - 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x06, 0x63, - 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x22, 0xcf, 0x02, 0x0a, 0x06, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, - 0x12, 0x1e, 0x0a, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, - 0x12, 0x2c, 0x0a, 0x11, 0x50, 0x72, 0x69, 0x6d, 0x61, 0x72, 0x79, 0x44, 0x61, 0x74, 0x61, 0x63, - 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x50, 0x72, 0x69, - 0x6d, 0x61, 0x72, 0x79, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x1a, - 0x0a, 0x08, 0x4e, 0x6f, 0x64, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x08, 0x4e, 0x6f, 0x64, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x53, 0x65, - 0x67, 0x6d, 0x65, 0x6e, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x0b, 0x53, 0x65, 0x67, 0x6d, 0x65, 0x6e, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, - 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1d, 0x0a, 0x03, 0x41, 0x43, - 0x4c, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0b, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, - 0x2e, 0x41, 0x43, 0x4c, 0x52, 0x03, 0x41, 0x43, 0x4c, 0x12, 0x35, 0x0a, 0x0b, 0x41, 0x75, 0x74, - 0x6f, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, - 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x41, 0x75, 0x74, 0x6f, 0x45, 0x6e, 0x63, 0x72, - 0x79, 0x70, 0x74, 0x52, 0x0b, 0x41, 0x75, 0x74, 0x6f, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, - 0x12, 0x26, 0x0a, 0x06, 0x47, 0x6f, 0x73, 0x73, 0x69, 0x70, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x0e, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x47, 0x6f, 0x73, 0x73, 0x69, 0x70, - 0x52, 0x06, 0x47, 0x6f, 0x73, 0x73, 0x69, 0x70, 0x12, 0x1d, 0x0a, 0x03, 0x54, 0x4c, 0x53, 0x18, - 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0b, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x54, - 0x4c, 0x53, 0x52, 0x03, 0x54, 0x4c, 0x53, 0x22, 0x66, 0x0a, 0x06, 0x47, 0x6f, 0x73, 0x73, 0x69, - 0x70, 0x12, 0x38, 0x0a, 0x0a, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x47, - 0x6f, 0x73, 0x73, 0x69, 0x70, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, - 0x0a, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x22, 0x0a, 0x0c, 0x52, - 0x65, 0x74, 0x72, 0x79, 0x4a, 0x6f, 0x69, 0x6e, 0x4c, 0x41, 0x4e, 0x18, 0x02, 0x20, 0x03, 0x28, - 0x09, 0x52, 0x0c, 0x52, 0x65, 0x74, 0x72, 0x79, 0x4a, 0x6f, 0x69, 0x6e, 0x4c, 0x41, 0x4e, 0x22, - 0x74, 0x0a, 0x10, 0x47, 0x6f, 0x73, 0x73, 0x69, 0x70, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, - 0x69, 0x6f, 0x6e, 0x12, 0x10, 0x0a, 0x03, 0x4b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x03, 0x4b, 0x65, 0x79, 0x12, 0x26, 0x0a, 0x0e, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x49, - 0x6e, 0x63, 0x6f, 0x6d, 0x69, 0x6e, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x56, - 0x65, 0x72, 0x69, 0x66, 0x79, 0x49, 0x6e, 0x63, 0x6f, 0x6d, 0x69, 0x6e, 0x67, 0x12, 0x26, 0x0a, - 0x0e, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x4f, 0x75, 0x74, 0x67, 0x6f, 0x69, 0x6e, 0x67, 0x18, - 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x4f, 0x75, 0x74, - 0x67, 0x6f, 0x69, 0x6e, 0x67, 0x22, 0xfa, 0x01, 0x0a, 0x03, 0x54, 0x4c, 0x53, 0x12, 0x26, 0x0a, - 0x0e, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x4f, 0x75, 0x74, 0x67, 0x6f, 0x69, 0x6e, 0x67, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x4f, 0x75, 0x74, - 0x67, 0x6f, 0x69, 0x6e, 0x67, 0x12, 0x32, 0x0a, 0x14, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x53, - 0x65, 0x72, 0x76, 0x65, 0x72, 0x48, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x08, 0x52, 0x14, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x53, 0x65, 0x72, 0x76, 0x65, - 0x72, 0x48, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x22, 0x0a, 0x0c, 0x43, 0x69, 0x70, - 0x68, 0x65, 0x72, 0x53, 0x75, 0x69, 0x74, 0x65, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x0c, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x53, 0x75, 0x69, 0x74, 0x65, 0x73, 0x12, 0x1e, 0x0a, - 0x0a, 0x4d, 0x69, 0x6e, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x0a, 0x4d, 0x69, 0x6e, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x53, 0x0a, - 0x23, 0x44, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x50, 0x72, 0x65, 0x66, - 0x65, 0x72, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x53, 0x75, - 0x69, 0x74, 0x65, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x42, 0x02, 0x18, 0x01, 0x52, 0x22, - 0x44, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x50, 0x72, 0x65, 0x66, 0x65, 0x72, - 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x53, 0x75, 0x69, 0x74, - 0x65, 0x73, 0x22, 0xbb, 0x03, 0x0a, 0x03, 0x41, 0x43, 0x4c, 0x12, 0x18, 0x0a, 0x07, 0x45, 0x6e, - 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x45, 0x6e, 0x61, - 0x62, 0x6c, 0x65, 0x64, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x54, 0x54, - 0x4c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x54, - 0x54, 0x4c, 0x12, 0x18, 0x0a, 0x07, 0x52, 0x6f, 0x6c, 0x65, 0x54, 0x54, 0x4c, 0x18, 0x03, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x07, 0x52, 0x6f, 0x6c, 0x65, 0x54, 0x54, 0x4c, 0x12, 0x1a, 0x0a, 0x08, - 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x54, 0x54, 0x4c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, - 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x54, 0x54, 0x4c, 0x12, 0x1e, 0x0a, 0x0a, 0x44, 0x6f, 0x77, 0x6e, - 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x44, 0x6f, - 0x77, 0x6e, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x24, 0x0a, 0x0d, 0x44, 0x65, 0x66, 0x61, - 0x75, 0x6c, 0x74, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x0d, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x30, - 0x0a, 0x13, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x4b, 0x65, 0x79, 0x4c, 0x69, 0x73, 0x74, 0x50, - 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x13, 0x45, 0x6e, 0x61, - 0x62, 0x6c, 0x65, 0x4b, 0x65, 0x79, 0x4c, 0x69, 0x73, 0x74, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, - 0x12, 0x29, 0x0a, 0x06, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x11, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x41, 0x43, 0x4c, 0x54, 0x6f, 0x6b, - 0x65, 0x6e, 0x73, 0x52, 0x06, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x12, 0x39, 0x0a, 0x16, 0x44, - 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x44, 0x69, 0x73, 0x61, 0x62, 0x6c, - 0x65, 0x64, 0x54, 0x54, 0x4c, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x42, 0x02, 0x18, 0x01, 0x52, - 0x15, 0x44, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x44, 0x69, 0x73, 0x61, 0x62, - 0x6c, 0x65, 0x64, 0x54, 0x54, 0x4c, 0x12, 0x36, 0x0a, 0x16, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, - 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x50, 0x65, 0x72, 0x73, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x63, 0x65, - 0x18, 0x0a, 0x20, 0x01, 0x28, 0x08, 0x52, 0x16, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x54, 0x6f, - 0x6b, 0x65, 0x6e, 0x50, 0x65, 0x72, 0x73, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x63, 0x65, 0x12, 0x30, - 0x0a, 0x13, 0x4d, 0x53, 0x50, 0x44, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x42, 0x6f, 0x6f, 0x74, - 0x73, 0x74, 0x72, 0x61, 0x70, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x08, 0x52, 0x13, 0x4d, 0x53, 0x50, - 0x44, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x42, 0x6f, 0x6f, 0x74, 0x73, 0x74, 0x72, 0x61, 0x70, - 0x22, 0x8a, 0x02, 0x0a, 0x09, 0x41, 0x43, 0x4c, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x12, 0x2c, - 0x0a, 0x11, 0x49, 0x6e, 0x69, 0x74, 0x69, 0x61, 0x6c, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, - 0x65, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x49, 0x6e, 0x69, 0x74, 0x69, - 0x61, 0x6c, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x12, 0x20, 0x0a, 0x0b, - 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x0b, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x24, - 0x0a, 0x0d, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x18, - 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x63, 0x6f, - 0x76, 0x65, 0x72, 0x79, 0x12, 0x18, 0x0a, 0x07, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x18, - 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x12, 0x14, - 0x0a, 0x05, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x41, - 0x67, 0x65, 0x6e, 0x74, 0x12, 0x57, 0x0a, 0x16, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x64, 0x53, - 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x18, 0x06, - 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x41, 0x43, - 0x4c, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, - 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x16, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x64, 0x53, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x22, 0x55, 0x0a, - 0x17, 0x41, 0x43, 0x4c, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x72, 0x6f, 0x76, 0x69, - 0x64, 0x65, 0x72, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x1e, 0x0a, 0x0a, 0x41, 0x63, 0x63, 0x65, - 0x73, 0x73, 0x6f, 0x72, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x41, 0x63, - 0x63, 0x65, 0x73, 0x73, 0x6f, 0x72, 0x49, 0x44, 0x12, 0x1a, 0x0a, 0x08, 0x53, 0x65, 0x63, 0x72, - 0x65, 0x74, 0x49, 0x44, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x53, 0x65, 0x63, 0x72, - 0x65, 0x74, 0x49, 0x44, 0x22, 0x69, 0x0a, 0x0b, 0x41, 0x75, 0x74, 0x6f, 0x45, 0x6e, 0x63, 0x72, - 0x79, 0x70, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x54, 0x4c, 0x53, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, - 0x52, 0x03, 0x54, 0x4c, 0x53, 0x12, 0x16, 0x0a, 0x06, 0x44, 0x4e, 0x53, 0x53, 0x41, 0x4e, 0x18, - 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x06, 0x44, 0x4e, 0x53, 0x53, 0x41, 0x4e, 0x12, 0x14, 0x0a, - 0x05, 0x49, 0x50, 0x53, 0x41, 0x4e, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x05, 0x49, 0x50, - 0x53, 0x41, 0x4e, 0x12, 0x1a, 0x0a, 0x08, 0x41, 0x6c, 0x6c, 0x6f, 0x77, 0x54, 0x4c, 0x53, 0x18, - 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x41, 0x6c, 0x6c, 0x6f, 0x77, 0x54, 0x4c, 0x53, 0x42, - 0x7d, 0x0a, 0x0a, 0x63, 0x6f, 0x6d, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x42, 0x0b, 0x43, - 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2a, 0x67, 0x69, - 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, - 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, - 0x70, 0x62, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0xa2, 0x02, 0x03, 0x43, 0x58, 0x58, 0xaa, 0x02, - 0x06, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0xca, 0x02, 0x06, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, - 0xe2, 0x02, 0x12, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, - 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x06, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x62, 0x06, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x20, 0x68, + 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, + 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x22, + 0xb7, 0x03, 0x0a, 0x06, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x1e, 0x0a, 0x0a, 0x44, 0x61, + 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, + 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x2c, 0x0a, 0x11, 0x50, 0x72, + 0x69, 0x6d, 0x61, 0x72, 0x79, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x50, 0x72, 0x69, 0x6d, 0x61, 0x72, 0x79, 0x44, 0x61, + 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x1a, 0x0a, 0x08, 0x4e, 0x6f, 0x64, 0x65, + 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x4e, 0x6f, 0x64, 0x65, + 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x53, 0x65, 0x67, 0x6d, 0x65, 0x6e, 0x74, 0x4e, + 0x61, 0x6d, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x53, 0x65, 0x67, 0x6d, 0x65, + 0x6e, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, + 0x69, 0x6f, 0x6e, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, + 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x37, 0x0a, 0x03, 0x41, 0x43, 0x4c, 0x18, 0x05, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x25, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, + 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, + 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x41, 0x43, 0x4c, 0x52, 0x03, 0x41, 0x43, 0x4c, 0x12, 0x4f, 0x0a, + 0x0b, 0x41, 0x75, 0x74, 0x6f, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x18, 0x06, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, + 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, + 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x41, 0x75, 0x74, 0x6f, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, + 0x74, 0x52, 0x0b, 0x41, 0x75, 0x74, 0x6f, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x12, 0x40, + 0x0a, 0x06, 0x47, 0x6f, 0x73, 0x73, 0x69, 0x70, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, + 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, + 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, + 0x67, 0x2e, 0x47, 0x6f, 0x73, 0x73, 0x69, 0x70, 0x52, 0x06, 0x47, 0x6f, 0x73, 0x73, 0x69, 0x70, + 0x12, 0x37, 0x0a, 0x03, 0x54, 0x4c, 0x53, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, + 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, + 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, + 0x2e, 0x54, 0x4c, 0x53, 0x52, 0x03, 0x54, 0x4c, 0x53, 0x22, 0x80, 0x01, 0x0a, 0x06, 0x47, 0x6f, + 0x73, 0x73, 0x69, 0x70, 0x12, 0x52, 0x0a, 0x0a, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, + 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, + 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, + 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x47, 0x6f, 0x73, 0x73, + 0x69, 0x70, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0a, 0x45, 0x6e, + 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x22, 0x0a, 0x0c, 0x52, 0x65, 0x74, 0x72, + 0x79, 0x4a, 0x6f, 0x69, 0x6e, 0x4c, 0x41, 0x4e, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, + 0x52, 0x65, 0x74, 0x72, 0x79, 0x4a, 0x6f, 0x69, 0x6e, 0x4c, 0x41, 0x4e, 0x22, 0x74, 0x0a, 0x10, + 0x47, 0x6f, 0x73, 0x73, 0x69, 0x70, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, + 0x12, 0x10, 0x0a, 0x03, 0x4b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x4b, + 0x65, 0x79, 0x12, 0x26, 0x0a, 0x0e, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x49, 0x6e, 0x63, 0x6f, + 0x6d, 0x69, 0x6e, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x56, 0x65, 0x72, 0x69, + 0x66, 0x79, 0x49, 0x6e, 0x63, 0x6f, 0x6d, 0x69, 0x6e, 0x67, 0x12, 0x26, 0x0a, 0x0e, 0x56, 0x65, + 0x72, 0x69, 0x66, 0x79, 0x4f, 0x75, 0x74, 0x67, 0x6f, 0x69, 0x6e, 0x67, 0x18, 0x03, 0x20, 0x01, + 0x28, 0x08, 0x52, 0x0e, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x4f, 0x75, 0x74, 0x67, 0x6f, 0x69, + 0x6e, 0x67, 0x22, 0xfa, 0x01, 0x0a, 0x03, 0x54, 0x4c, 0x53, 0x12, 0x26, 0x0a, 0x0e, 0x56, 0x65, + 0x72, 0x69, 0x66, 0x79, 0x4f, 0x75, 0x74, 0x67, 0x6f, 0x69, 0x6e, 0x67, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x08, 0x52, 0x0e, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x4f, 0x75, 0x74, 0x67, 0x6f, 0x69, + 0x6e, 0x67, 0x12, 0x32, 0x0a, 0x14, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x53, 0x65, 0x72, 0x76, + 0x65, 0x72, 0x48, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, + 0x52, 0x14, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x48, 0x6f, + 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x22, 0x0a, 0x0c, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, + 0x53, 0x75, 0x69, 0x74, 0x65, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x43, 0x69, + 0x70, 0x68, 0x65, 0x72, 0x53, 0x75, 0x69, 0x74, 0x65, 0x73, 0x12, 0x1e, 0x0a, 0x0a, 0x4d, 0x69, + 0x6e, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, + 0x4d, 0x69, 0x6e, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x53, 0x0a, 0x23, 0x44, 0x65, + 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x50, 0x72, 0x65, 0x66, 0x65, 0x72, 0x53, + 0x65, 0x72, 0x76, 0x65, 0x72, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x53, 0x75, 0x69, 0x74, 0x65, + 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x42, 0x02, 0x18, 0x01, 0x52, 0x22, 0x44, 0x65, 0x70, + 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x50, 0x72, 0x65, 0x66, 0x65, 0x72, 0x53, 0x65, 0x72, + 0x76, 0x65, 0x72, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x53, 0x75, 0x69, 0x74, 0x65, 0x73, 0x22, + 0xd5, 0x03, 0x0a, 0x03, 0x41, 0x43, 0x4c, 0x12, 0x18, 0x0a, 0x07, 0x45, 0x6e, 0x61, 0x62, 0x6c, + 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, + 0x64, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x54, 0x54, 0x4c, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x54, 0x54, 0x4c, 0x12, + 0x18, 0x0a, 0x07, 0x52, 0x6f, 0x6c, 0x65, 0x54, 0x54, 0x4c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x07, 0x52, 0x6f, 0x6c, 0x65, 0x54, 0x54, 0x4c, 0x12, 0x1a, 0x0a, 0x08, 0x54, 0x6f, 0x6b, + 0x65, 0x6e, 0x54, 0x54, 0x4c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x54, 0x6f, 0x6b, + 0x65, 0x6e, 0x54, 0x54, 0x4c, 0x12, 0x1e, 0x0a, 0x0a, 0x44, 0x6f, 0x77, 0x6e, 0x50, 0x6f, 0x6c, + 0x69, 0x63, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x44, 0x6f, 0x77, 0x6e, 0x50, + 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x24, 0x0a, 0x0d, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, + 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x44, 0x65, + 0x66, 0x61, 0x75, 0x6c, 0x74, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x30, 0x0a, 0x13, 0x45, + 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x4b, 0x65, 0x79, 0x4c, 0x69, 0x73, 0x74, 0x50, 0x6f, 0x6c, 0x69, + 0x63, 0x79, 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x13, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, + 0x4b, 0x65, 0x79, 0x4c, 0x69, 0x73, 0x74, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x43, 0x0a, + 0x06, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, + 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, + 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, + 0x2e, 0x41, 0x43, 0x4c, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x52, 0x06, 0x54, 0x6f, 0x6b, 0x65, + 0x6e, 0x73, 0x12, 0x39, 0x0a, 0x16, 0x44, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, + 0x5f, 0x44, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x54, 0x54, 0x4c, 0x18, 0x09, 0x20, 0x01, + 0x28, 0x09, 0x42, 0x02, 0x18, 0x01, 0x52, 0x15, 0x44, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, + 0x65, 0x64, 0x44, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x54, 0x54, 0x4c, 0x12, 0x36, 0x0a, + 0x16, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x50, 0x65, 0x72, 0x73, + 0x69, 0x73, 0x74, 0x65, 0x6e, 0x63, 0x65, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x08, 0x52, 0x16, 0x45, + 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x50, 0x65, 0x72, 0x73, 0x69, 0x73, + 0x74, 0x65, 0x6e, 0x63, 0x65, 0x12, 0x30, 0x0a, 0x13, 0x4d, 0x53, 0x50, 0x44, 0x69, 0x73, 0x61, + 0x62, 0x6c, 0x65, 0x42, 0x6f, 0x6f, 0x74, 0x73, 0x74, 0x72, 0x61, 0x70, 0x18, 0x0b, 0x20, 0x01, + 0x28, 0x08, 0x52, 0x13, 0x4d, 0x53, 0x50, 0x44, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x42, 0x6f, + 0x6f, 0x74, 0x73, 0x74, 0x72, 0x61, 0x70, 0x22, 0xa4, 0x02, 0x0a, 0x09, 0x41, 0x43, 0x4c, 0x54, + 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x12, 0x2c, 0x0a, 0x11, 0x49, 0x6e, 0x69, 0x74, 0x69, 0x61, 0x6c, + 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x11, 0x49, 0x6e, 0x69, 0x74, 0x69, 0x61, 0x6c, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, + 0x65, 0x6e, 0x74, 0x12, 0x20, 0x0a, 0x0b, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x24, 0x0a, 0x0d, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x52, 0x65, + 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x41, 0x67, + 0x65, 0x6e, 0x74, 0x52, 0x65, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x12, 0x18, 0x0a, 0x07, 0x44, + 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x44, 0x65, + 0x66, 0x61, 0x75, 0x6c, 0x74, 0x12, 0x14, 0x0a, 0x05, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x18, 0x05, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x12, 0x71, 0x0a, 0x16, 0x4d, + 0x61, 0x6e, 0x61, 0x67, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x72, 0x6f, + 0x76, 0x69, 0x64, 0x65, 0x72, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x68, 0x61, + 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, + 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x41, + 0x43, 0x4c, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, + 0x72, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x16, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x64, 0x53, + 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x22, 0x55, + 0x0a, 0x17, 0x41, 0x43, 0x4c, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x72, 0x6f, 0x76, + 0x69, 0x64, 0x65, 0x72, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x1e, 0x0a, 0x0a, 0x41, 0x63, 0x63, + 0x65, 0x73, 0x73, 0x6f, 0x72, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x41, + 0x63, 0x63, 0x65, 0x73, 0x73, 0x6f, 0x72, 0x49, 0x44, 0x12, 0x1a, 0x0a, 0x08, 0x53, 0x65, 0x63, + 0x72, 0x65, 0x74, 0x49, 0x44, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x53, 0x65, 0x63, + 0x72, 0x65, 0x74, 0x49, 0x44, 0x22, 0x69, 0x0a, 0x0b, 0x41, 0x75, 0x74, 0x6f, 0x45, 0x6e, 0x63, + 0x72, 0x79, 0x70, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x54, 0x4c, 0x53, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x08, 0x52, 0x03, 0x54, 0x4c, 0x53, 0x12, 0x16, 0x0a, 0x06, 0x44, 0x4e, 0x53, 0x53, 0x41, 0x4e, + 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x06, 0x44, 0x4e, 0x53, 0x53, 0x41, 0x4e, 0x12, 0x14, + 0x0a, 0x05, 0x49, 0x50, 0x53, 0x41, 0x4e, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x05, 0x49, + 0x50, 0x53, 0x41, 0x4e, 0x12, 0x1a, 0x0a, 0x08, 0x41, 0x6c, 0x6c, 0x6f, 0x77, 0x54, 0x4c, 0x53, + 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x41, 0x6c, 0x6c, 0x6f, 0x77, 0x54, 0x4c, 0x53, + 0x42, 0x83, 0x02, 0x0a, 0x24, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, + 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, + 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x42, 0x0b, 0x43, 0x6f, 0x6e, 0x66, 0x69, + 0x67, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2a, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, + 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, + 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x63, 0x6f, + 0x6e, 0x66, 0x69, 0x67, 0xa2, 0x02, 0x04, 0x48, 0x43, 0x49, 0x43, 0xaa, 0x02, 0x20, 0x48, 0x61, + 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x49, + 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0xca, 0x02, + 0x20, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, + 0x6c, 0x5c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5c, 0x43, 0x6f, 0x6e, 0x66, 0x69, + 0x67, 0xe2, 0x02, 0x2c, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, + 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5c, 0x43, 0x6f, + 0x6e, 0x66, 0x69, 0x67, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, + 0xea, 0x02, 0x23, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, + 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x3a, 0x3a, + 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -816,23 +837,23 @@ func file_proto_pbconfig_config_proto_rawDescGZIP() []byte { var file_proto_pbconfig_config_proto_msgTypes = make([]protoimpl.MessageInfo, 8) var file_proto_pbconfig_config_proto_goTypes = []interface{}{ - (*Config)(nil), // 0: config.Config - (*Gossip)(nil), // 1: config.Gossip - (*GossipEncryption)(nil), // 2: config.GossipEncryption - (*TLS)(nil), // 3: config.TLS - (*ACL)(nil), // 4: config.ACL - (*ACLTokens)(nil), // 5: config.ACLTokens - (*ACLServiceProviderToken)(nil), // 6: config.ACLServiceProviderToken - (*AutoEncrypt)(nil), // 7: config.AutoEncrypt + (*Config)(nil), // 0: hashicorp.consul.internal.config.Config + (*Gossip)(nil), // 1: hashicorp.consul.internal.config.Gossip + (*GossipEncryption)(nil), // 2: hashicorp.consul.internal.config.GossipEncryption + (*TLS)(nil), // 3: hashicorp.consul.internal.config.TLS + (*ACL)(nil), // 4: hashicorp.consul.internal.config.ACL + (*ACLTokens)(nil), // 5: hashicorp.consul.internal.config.ACLTokens + (*ACLServiceProviderToken)(nil), // 6: hashicorp.consul.internal.config.ACLServiceProviderToken + (*AutoEncrypt)(nil), // 7: hashicorp.consul.internal.config.AutoEncrypt } var file_proto_pbconfig_config_proto_depIdxs = []int32{ - 4, // 0: config.Config.ACL:type_name -> config.ACL - 7, // 1: config.Config.AutoEncrypt:type_name -> config.AutoEncrypt - 1, // 2: config.Config.Gossip:type_name -> config.Gossip - 3, // 3: config.Config.TLS:type_name -> config.TLS - 2, // 4: config.Gossip.Encryption:type_name -> config.GossipEncryption - 5, // 5: config.ACL.Tokens:type_name -> config.ACLTokens - 6, // 6: config.ACLTokens.ManagedServiceProvider:type_name -> config.ACLServiceProviderToken + 4, // 0: hashicorp.consul.internal.config.Config.ACL:type_name -> hashicorp.consul.internal.config.ACL + 7, // 1: hashicorp.consul.internal.config.Config.AutoEncrypt:type_name -> hashicorp.consul.internal.config.AutoEncrypt + 1, // 2: hashicorp.consul.internal.config.Config.Gossip:type_name -> hashicorp.consul.internal.config.Gossip + 3, // 3: hashicorp.consul.internal.config.Config.TLS:type_name -> hashicorp.consul.internal.config.TLS + 2, // 4: hashicorp.consul.internal.config.Gossip.Encryption:type_name -> hashicorp.consul.internal.config.GossipEncryption + 5, // 5: hashicorp.consul.internal.config.ACL.Tokens:type_name -> hashicorp.consul.internal.config.ACLTokens + 6, // 6: hashicorp.consul.internal.config.ACLTokens.ManagedServiceProvider:type_name -> hashicorp.consul.internal.config.ACLServiceProviderToken 7, // [7:7] is the sub-list for method output_type 7, // [7:7] is the sub-list for method input_type 7, // [7:7] is the sub-list for extension type_name diff --git a/proto/pbconfig/config.proto b/proto/pbconfig/config.proto index eb54e7d43..749bc65e5 100644 --- a/proto/pbconfig/config.proto +++ b/proto/pbconfig/config.proto @@ -1,6 +1,6 @@ syntax = "proto3"; -package config; +package hashicorp.consul.internal.config; message Config { string Datacenter = 1; diff --git a/proto/pbconfigentry/config_entry.pb.go b/proto/pbconfigentry/config_entry.pb.go index f1f6b59ba..9a34e8248 100644 --- a/proto/pbconfigentry/config_entry.pb.go +++ b/proto/pbconfigentry/config_entry.pb.go @@ -172,7 +172,7 @@ type ConfigEntry struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Kind Kind `protobuf:"varint,1,opt,name=Kind,proto3,enum=configentry.Kind" json:"Kind,omitempty"` + Kind Kind `protobuf:"varint,1,opt,name=Kind,proto3,enum=hashicorp.consul.internal.configentry.Kind" json:"Kind,omitempty"` Name string `protobuf:"bytes,2,opt,name=Name,proto3" json:"Name,omitempty"` EnterpriseMeta *pbcommon.EnterpriseMeta `protobuf:"bytes,3,opt,name=EnterpriseMeta,proto3" json:"EnterpriseMeta,omitempty"` RaftIndex *pbcommon.RaftIndex `protobuf:"bytes,4,opt,name=RaftIndex,proto3" json:"RaftIndex,omitempty"` @@ -1869,13 +1869,13 @@ type SourceIntention struct { Name string `protobuf:"bytes,1,opt,name=Name,proto3" json:"Name,omitempty"` // mog: func-to=intentionActionToStructs func-from=intentionActionFromStructs - Action IntentionAction `protobuf:"varint,2,opt,name=Action,proto3,enum=configentry.IntentionAction" json:"Action,omitempty"` + Action IntentionAction `protobuf:"varint,2,opt,name=Action,proto3,enum=hashicorp.consul.internal.configentry.IntentionAction" json:"Action,omitempty"` Permissions []*IntentionPermission `protobuf:"bytes,3,rep,name=Permissions,proto3" json:"Permissions,omitempty"` // mog: func-to=int func-from=int32 Precedence int32 `protobuf:"varint,4,opt,name=Precedence,proto3" json:"Precedence,omitempty"` LegacyID string `protobuf:"bytes,5,opt,name=LegacyID,proto3" json:"LegacyID,omitempty"` // mog: func-to=intentionSourceTypeToStructs func-from=intentionSourceTypeFromStructs - Type IntentionSourceType `protobuf:"varint,6,opt,name=Type,proto3,enum=configentry.IntentionSourceType" json:"Type,omitempty"` + Type IntentionSourceType `protobuf:"varint,6,opt,name=Type,proto3,enum=hashicorp.consul.internal.configentry.IntentionSourceType" json:"Type,omitempty"` Description string `protobuf:"bytes,7,opt,name=Description,proto3" json:"Description,omitempty"` LegacyMeta map[string]string `protobuf:"bytes,8,rep,name=LegacyMeta,proto3" json:"LegacyMeta,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` // mog: func-to=timeToStructs func-from=timeFromStructs @@ -2014,7 +2014,7 @@ type IntentionPermission struct { unknownFields protoimpl.UnknownFields // mog: func-to=intentionActionToStructs func-from=intentionActionFromStructs - Action IntentionAction `protobuf:"varint,1,opt,name=Action,proto3,enum=configentry.IntentionAction" json:"Action,omitempty"` + Action IntentionAction `protobuf:"varint,1,opt,name=Action,proto3,enum=hashicorp.consul.internal.configentry.IntentionAction" json:"Action,omitempty"` HTTP *IntentionHTTPPermission `protobuf:"bytes,2,opt,name=HTTP,proto3" json:"HTTP,omitempty"` } @@ -2253,176 +2253,215 @@ var File_proto_pbconfigentry_config_entry_proto protoreflect.FileDescriptor var file_proto_pbconfigentry_config_entry_proto_rawDesc = []byte{ 0x0a, 0x26, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x5f, 0x65, 0x6e, 0x74, - 0x72, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0b, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, - 0x65, 0x6e, 0x74, 0x72, 0x79, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1b, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, - 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x22, 0xde, 0x03, 0x0a, 0x0b, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x45, 0x6e, - 0x74, 0x72, 0x79, 0x12, 0x25, 0x0a, 0x04, 0x4b, 0x69, 0x6e, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x0e, 0x32, 0x11, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, - 0x4b, 0x69, 0x6e, 0x64, 0x52, 0x04, 0x4b, 0x69, 0x6e, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, - 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x3e, - 0x0a, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, - 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, - 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x52, 0x0e, - 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x2f, - 0x0a, 0x09, 0x52, 0x61, 0x66, 0x74, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x04, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x11, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x52, 0x61, 0x66, 0x74, 0x49, - 0x6e, 0x64, 0x65, 0x78, 0x52, 0x09, 0x52, 0x61, 0x66, 0x74, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x12, - 0x39, 0x0a, 0x0a, 0x4d, 0x65, 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x05, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, - 0x79, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x48, 0x00, 0x52, 0x0a, - 0x4d, 0x65, 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x48, 0x0a, 0x0f, 0x53, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x18, 0x06, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, - 0x79, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, - 0x72, 0x48, 0x00, 0x52, 0x0f, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x6f, - 0x6c, 0x76, 0x65, 0x72, 0x12, 0x45, 0x0a, 0x0e, 0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x47, - 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x63, - 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x49, 0x6e, 0x67, 0x72, 0x65, - 0x73, 0x73, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x48, 0x00, 0x52, 0x0e, 0x49, 0x6e, 0x67, - 0x72, 0x65, 0x73, 0x73, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x12, 0x4e, 0x0a, 0x11, 0x53, - 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x73, - 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, + 0x72, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x25, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, + 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, + 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x1a, + 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, + 0x2f, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, + 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, + 0x2f, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x1a, 0x1b, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, + 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x94, 0x05, + 0x0a, 0x0b, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x3f, 0x0a, + 0x04, 0x4b, 0x69, 0x6e, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2b, 0x2e, 0x68, 0x61, + 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, + 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, + 0x74, 0x72, 0x79, 0x2e, 0x4b, 0x69, 0x6e, 0x64, 0x52, 0x04, 0x4b, 0x69, 0x6e, 0x64, 0x12, 0x12, + 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, + 0x6d, 0x65, 0x12, 0x58, 0x0a, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, + 0x4d, 0x65, 0x74, 0x61, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, + 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, + 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, + 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x52, 0x0e, 0x45, 0x6e, + 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x49, 0x0a, 0x09, + 0x52, 0x61, 0x66, 0x74, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x2b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, + 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, + 0x6f, 0x6e, 0x2e, 0x52, 0x61, 0x66, 0x74, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x52, 0x09, 0x52, 0x61, + 0x66, 0x74, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x53, 0x0a, 0x0a, 0x4d, 0x65, 0x73, 0x68, 0x43, + 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68, 0x61, + 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, + 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, + 0x74, 0x72, 0x79, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x48, 0x00, + 0x52, 0x0a, 0x4d, 0x65, 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x62, 0x0a, 0x0f, + 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x18, + 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, + 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, + 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x65, + 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x48, 0x00, 0x52, + 0x0f, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, + 0x12, 0x5f, 0x0a, 0x0e, 0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x47, 0x61, 0x74, 0x65, 0x77, + 0x61, 0x79, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x35, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, + 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, + 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, + 0x2e, 0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x48, + 0x00, 0x52, 0x0e, 0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, + 0x79, 0x12, 0x68, 0x0a, 0x11, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x49, 0x6e, 0x74, 0x65, + 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, + 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, + 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x48, 0x00, 0x52, 0x11, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x42, 0x07, 0x0a, 0x05, 0x45, - 0x6e, 0x74, 0x72, 0x79, 0x22, 0xb0, 0x02, 0x0a, 0x0a, 0x4d, 0x65, 0x73, 0x68, 0x43, 0x6f, 0x6e, - 0x66, 0x69, 0x67, 0x12, 0x53, 0x0a, 0x10, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, - 0x6e, 0x74, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x27, 0x2e, - 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x54, 0x72, 0x61, 0x6e, - 0x73, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x65, 0x73, 0x68, - 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x10, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, - 0x65, 0x6e, 0x74, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x12, 0x2c, 0x0a, 0x03, 0x54, 0x4c, 0x53, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, - 0x74, 0x72, 0x79, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x54, 0x4c, 0x53, 0x43, 0x6f, 0x6e, 0x66, 0x69, - 0x67, 0x52, 0x03, 0x54, 0x4c, 0x53, 0x12, 0x2f, 0x0a, 0x04, 0x48, 0x54, 0x54, 0x50, 0x18, 0x03, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, - 0x72, 0x79, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x48, 0x54, 0x54, 0x50, 0x43, 0x6f, 0x6e, 0x66, 0x69, - 0x67, 0x52, 0x04, 0x48, 0x54, 0x54, 0x50, 0x12, 0x35, 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, - 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, - 0x74, 0x72, 0x79, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x4d, - 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x1a, 0x37, - 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, - 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, - 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, - 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x50, 0x0a, 0x1a, 0x54, 0x72, 0x61, 0x6e, 0x73, - 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x65, 0x73, 0x68, 0x43, - 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x32, 0x0a, 0x14, 0x4d, 0x65, 0x73, 0x68, 0x44, 0x65, 0x73, - 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x4f, 0x6e, 0x6c, 0x79, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x08, 0x52, 0x14, 0x4d, 0x65, 0x73, 0x68, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x4f, 0x6e, 0x6c, 0x79, 0x22, 0x95, 0x01, 0x0a, 0x0d, 0x4d, 0x65, - 0x73, 0x68, 0x54, 0x4c, 0x53, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x41, 0x0a, 0x08, 0x49, - 0x6e, 0x63, 0x6f, 0x6d, 0x69, 0x6e, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, + 0x6e, 0x74, 0x72, 0x79, 0x22, 0x98, 0x03, 0x0a, 0x0a, 0x4d, 0x65, 0x73, 0x68, 0x43, 0x6f, 0x6e, + 0x66, 0x69, 0x67, 0x12, 0x6d, 0x0a, 0x10, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, + 0x6e, 0x74, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x41, 0x2e, + 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, + 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, + 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, 0x6e, + 0x74, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x65, 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, + 0x52, 0x10, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x50, 0x72, 0x6f, + 0x78, 0x79, 0x12, 0x46, 0x0a, 0x03, 0x54, 0x4c, 0x53, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x34, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, + 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, + 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x54, 0x4c, 0x53, 0x43, + 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x03, 0x54, 0x4c, 0x53, 0x12, 0x49, 0x0a, 0x04, 0x48, 0x54, + 0x54, 0x50, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x35, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, + 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, + 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, + 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x48, 0x54, 0x54, 0x50, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, + 0x04, 0x48, 0x54, 0x54, 0x50, 0x12, 0x4f, 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x04, 0x20, + 0x03, 0x28, 0x0b, 0x32, 0x3b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, + 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4d, 0x65, 0x73, 0x68, - 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x54, 0x4c, 0x53, 0x43, 0x6f, - 0x6e, 0x66, 0x69, 0x67, 0x52, 0x08, 0x49, 0x6e, 0x63, 0x6f, 0x6d, 0x69, 0x6e, 0x67, 0x12, 0x41, - 0x0a, 0x08, 0x4f, 0x75, 0x74, 0x67, 0x6f, 0x69, 0x6e, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x25, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4d, - 0x65, 0x73, 0x68, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x54, 0x4c, - 0x53, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x08, 0x4f, 0x75, 0x74, 0x67, 0x6f, 0x69, 0x6e, - 0x67, 0x22, 0x8a, 0x01, 0x0a, 0x18, 0x4d, 0x65, 0x73, 0x68, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, - 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x54, 0x4c, 0x53, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x24, - 0x0a, 0x0d, 0x54, 0x4c, 0x53, 0x4d, 0x69, 0x6e, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x54, 0x4c, 0x53, 0x4d, 0x69, 0x6e, 0x56, 0x65, 0x72, - 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x24, 0x0a, 0x0d, 0x54, 0x4c, 0x53, 0x4d, 0x61, 0x78, 0x56, 0x65, - 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x54, 0x4c, 0x53, - 0x4d, 0x61, 0x78, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x22, 0x0a, 0x0c, 0x43, 0x69, - 0x70, 0x68, 0x65, 0x72, 0x53, 0x75, 0x69, 0x74, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, - 0x52, 0x0c, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x53, 0x75, 0x69, 0x74, 0x65, 0x73, 0x22, 0x54, - 0x0a, 0x0e, 0x4d, 0x65, 0x73, 0x68, 0x48, 0x54, 0x54, 0x50, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, - 0x12, 0x42, 0x0a, 0x1c, 0x53, 0x61, 0x6e, 0x69, 0x74, 0x69, 0x7a, 0x65, 0x58, 0x46, 0x6f, 0x72, + 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, + 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, + 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, + 0x50, 0x0a, 0x1a, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x50, 0x72, + 0x6f, 0x78, 0x79, 0x4d, 0x65, 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x32, 0x0a, + 0x14, 0x4d, 0x65, 0x73, 0x68, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x73, 0x4f, 0x6e, 0x6c, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x14, 0x4d, 0x65, 0x73, + 0x68, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x4f, 0x6e, 0x6c, + 0x79, 0x22, 0xc9, 0x01, 0x0a, 0x0d, 0x4d, 0x65, 0x73, 0x68, 0x54, 0x4c, 0x53, 0x43, 0x6f, 0x6e, + 0x66, 0x69, 0x67, 0x12, 0x5b, 0x0a, 0x08, 0x49, 0x6e, 0x63, 0x6f, 0x6d, 0x69, 0x6e, 0x67, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, + 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, + 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4d, 0x65, + 0x73, 0x68, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x54, 0x4c, 0x53, + 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x08, 0x49, 0x6e, 0x63, 0x6f, 0x6d, 0x69, 0x6e, 0x67, + 0x12, 0x5b, 0x0a, 0x08, 0x4f, 0x75, 0x74, 0x67, 0x6f, 0x69, 0x6e, 0x67, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x3f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, + 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, + 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x44, + 0x69, 0x72, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x54, 0x4c, 0x53, 0x43, 0x6f, 0x6e, + 0x66, 0x69, 0x67, 0x52, 0x08, 0x4f, 0x75, 0x74, 0x67, 0x6f, 0x69, 0x6e, 0x67, 0x22, 0x8a, 0x01, + 0x0a, 0x18, 0x4d, 0x65, 0x73, 0x68, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x61, + 0x6c, 0x54, 0x4c, 0x53, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x24, 0x0a, 0x0d, 0x54, 0x4c, + 0x53, 0x4d, 0x69, 0x6e, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x0d, 0x54, 0x4c, 0x53, 0x4d, 0x69, 0x6e, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, + 0x12, 0x24, 0x0a, 0x0d, 0x54, 0x4c, 0x53, 0x4d, 0x61, 0x78, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, + 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x54, 0x4c, 0x53, 0x4d, 0x61, 0x78, 0x56, + 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x22, 0x0a, 0x0c, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, + 0x53, 0x75, 0x69, 0x74, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x43, 0x69, + 0x70, 0x68, 0x65, 0x72, 0x53, 0x75, 0x69, 0x74, 0x65, 0x73, 0x22, 0x54, 0x0a, 0x0e, 0x4d, 0x65, + 0x73, 0x68, 0x48, 0x54, 0x54, 0x50, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x42, 0x0a, 0x1c, + 0x53, 0x61, 0x6e, 0x69, 0x74, 0x69, 0x7a, 0x65, 0x58, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, + 0x65, 0x64, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x43, 0x65, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x08, 0x52, 0x1c, 0x53, 0x61, 0x6e, 0x69, 0x74, 0x69, 0x7a, 0x65, 0x58, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x65, 0x64, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x43, 0x65, 0x72, 0x74, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x1c, 0x53, 0x61, 0x6e, 0x69, 0x74, 0x69, 0x7a, 0x65, - 0x58, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x65, 0x64, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, - 0x43, 0x65, 0x72, 0x74, 0x22, 0xc0, 0x05, 0x0a, 0x0f, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, - 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x12, 0x24, 0x0a, 0x0d, 0x44, 0x65, 0x66, 0x61, - 0x75, 0x6c, 0x74, 0x53, 0x75, 0x62, 0x73, 0x65, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x0d, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x53, 0x75, 0x62, 0x73, 0x65, 0x74, 0x12, 0x43, - 0x0a, 0x07, 0x53, 0x75, 0x62, 0x73, 0x65, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, - 0x29, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x2e, 0x53, 0x75, - 0x62, 0x73, 0x65, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x53, 0x75, 0x62, 0x73, - 0x65, 0x74, 0x73, 0x12, 0x40, 0x0a, 0x08, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x18, - 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, + 0x22, 0xf6, 0x06, 0x0a, 0x0f, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x6f, + 0x6c, 0x76, 0x65, 0x72, 0x12, 0x24, 0x0a, 0x0d, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x53, + 0x75, 0x62, 0x73, 0x65, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x44, 0x65, 0x66, + 0x61, 0x75, 0x6c, 0x74, 0x53, 0x75, 0x62, 0x73, 0x65, 0x74, 0x12, 0x5d, 0x0a, 0x07, 0x53, 0x75, + 0x62, 0x73, 0x65, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x43, 0x2e, 0x68, 0x61, + 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, + 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, + 0x74, 0x72, 0x79, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, + 0x76, 0x65, 0x72, 0x2e, 0x53, 0x75, 0x62, 0x73, 0x65, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, + 0x52, 0x07, 0x53, 0x75, 0x62, 0x73, 0x65, 0x74, 0x73, 0x12, 0x5a, 0x0a, 0x08, 0x52, 0x65, 0x64, + 0x69, 0x72, 0x65, 0x63, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x68, 0x61, + 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, + 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x52, 0x08, 0x52, 0x65, 0x64, - 0x69, 0x72, 0x65, 0x63, 0x74, 0x12, 0x46, 0x0a, 0x08, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, - 0x72, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, - 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, - 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x2e, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x45, 0x6e, - 0x74, 0x72, 0x79, 0x52, 0x08, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x12, 0x41, 0x0a, - 0x0e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, - 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x52, 0x0e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, - 0x12, 0x3d, 0x0a, 0x0c, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, - 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, - 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, - 0x72, 0x52, 0x0c, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x12, - 0x3a, 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x26, 0x2e, - 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x65, 0x72, 0x76, - 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x2e, 0x4d, 0x65, 0x74, 0x61, - 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x1a, 0x5e, 0x0a, 0x0c, 0x53, - 0x75, 0x62, 0x73, 0x65, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, - 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x38, 0x0a, - 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x63, - 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, - 0x63, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x53, 0x75, 0x62, 0x73, 0x65, 0x74, - 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x61, 0x0a, 0x0d, 0x46, - 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, - 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x3a, - 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, - 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x65, 0x72, 0x76, - 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x46, 0x61, 0x69, 0x6c, 0x6f, - 0x76, 0x65, 0x72, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x37, - 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, - 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, - 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, - 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x51, 0x0a, 0x15, 0x53, 0x65, 0x72, 0x76, 0x69, - 0x63, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x53, 0x75, 0x62, 0x73, 0x65, 0x74, - 0x12, 0x16, 0x0a, 0x06, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x06, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x12, 0x20, 0x0a, 0x0b, 0x4f, 0x6e, 0x6c, 0x79, - 0x50, 0x61, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b, 0x4f, - 0x6e, 0x6c, 0x79, 0x50, 0x61, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x22, 0xb5, 0x01, 0x0a, 0x17, 0x53, - 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x52, 0x65, - 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x12, 0x18, 0x0a, 0x07, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, - 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, - 0x12, 0x24, 0x0a, 0x0d, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x53, 0x75, 0x62, 0x73, 0x65, - 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, - 0x53, 0x75, 0x62, 0x73, 0x65, 0x74, 0x12, 0x1c, 0x0a, 0x09, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, - 0x61, 0x63, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x4e, 0x61, 0x6d, 0x65, 0x73, - 0x70, 0x61, 0x63, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, - 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, - 0x6f, 0x6e, 0x12, 0x1e, 0x0a, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, - 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, - 0x65, 0x72, 0x22, 0x99, 0x01, 0x0a, 0x17, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, - 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x12, 0x18, - 0x0a, 0x07, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x07, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x24, 0x0a, 0x0d, 0x53, 0x65, 0x72, 0x76, - 0x69, 0x63, 0x65, 0x53, 0x75, 0x62, 0x73, 0x65, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x0d, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x53, 0x75, 0x62, 0x73, 0x65, 0x74, 0x12, 0x1c, - 0x0a, 0x09, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x09, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x20, 0x0a, 0x0b, - 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, - 0x09, 0x52, 0x0b, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x73, 0x22, 0xf9, - 0x01, 0x0a, 0x0c, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x12, - 0x16, 0x0a, 0x06, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x06, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x43, 0x0a, 0x0e, 0x52, 0x69, 0x6e, 0x67, 0x48, - 0x61, 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x1b, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x52, 0x69, - 0x6e, 0x67, 0x48, 0x61, 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0e, 0x52, 0x69, - 0x6e, 0x67, 0x48, 0x61, 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x4f, 0x0a, 0x12, - 0x4c, 0x65, 0x61, 0x73, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x66, - 0x69, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, - 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4c, 0x65, 0x61, 0x73, 0x74, 0x52, 0x65, 0x71, 0x75, - 0x65, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x12, 0x4c, 0x65, 0x61, 0x73, 0x74, - 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x3b, 0x0a, - 0x0c, 0x48, 0x61, 0x73, 0x68, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x18, 0x04, 0x20, - 0x03, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, + 0x69, 0x72, 0x65, 0x63, 0x74, 0x12, 0x60, 0x0a, 0x08, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, + 0x72, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x44, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, + 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, + 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, + 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x2e, + 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x08, 0x46, + 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x12, 0x41, 0x0a, 0x0e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, + 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, + 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x43, 0x6f, 0x6e, 0x6e, + 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x57, 0x0a, 0x0c, 0x4c, 0x6f, + 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x33, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, + 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, + 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, + 0x61, 0x6e, 0x63, 0x65, 0x72, 0x52, 0x0c, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, + 0x63, 0x65, 0x72, 0x12, 0x54, 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x07, 0x20, 0x03, 0x28, + 0x0b, 0x32, 0x40, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, + 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, + 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, + 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, + 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x1a, 0x78, 0x0a, 0x0c, 0x53, 0x75, 0x62, + 0x73, 0x65, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x52, 0x0a, 0x05, 0x76, + 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x68, 0x61, 0x73, + 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, + 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, + 0x72, 0x79, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, + 0x65, 0x72, 0x53, 0x75, 0x62, 0x73, 0x65, 0x74, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, + 0x02, 0x38, 0x01, 0x1a, 0x7b, 0x0a, 0x0d, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x45, + 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x54, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, + 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, + 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x65, + 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x46, 0x61, 0x69, + 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, + 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, + 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, + 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, + 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x51, 0x0a, 0x15, 0x53, 0x65, 0x72, + 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x53, 0x75, 0x62, 0x73, + 0x65, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x06, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x12, 0x20, 0x0a, 0x0b, 0x4f, 0x6e, + 0x6c, 0x79, 0x50, 0x61, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, + 0x0b, 0x4f, 0x6e, 0x6c, 0x79, 0x50, 0x61, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x22, 0xb5, 0x01, 0x0a, + 0x17, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, + 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x12, 0x18, 0x0a, 0x07, 0x53, 0x65, 0x72, 0x76, + 0x69, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x53, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0x12, 0x24, 0x0a, 0x0d, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x53, 0x75, 0x62, + 0x73, 0x65, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x53, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0x53, 0x75, 0x62, 0x73, 0x65, 0x74, 0x12, 0x1c, 0x0a, 0x09, 0x4e, 0x61, 0x6d, 0x65, + 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x4e, 0x61, 0x6d, + 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, + 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, + 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1e, 0x0a, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, + 0x65, 0x72, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, + 0x6e, 0x74, 0x65, 0x72, 0x22, 0x99, 0x01, 0x0a, 0x17, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, + 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, + 0x12, 0x18, 0x0a, 0x07, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x07, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x24, 0x0a, 0x0d, 0x53, 0x65, + 0x72, 0x76, 0x69, 0x63, 0x65, 0x53, 0x75, 0x62, 0x73, 0x65, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x0d, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x53, 0x75, 0x62, 0x73, 0x65, 0x74, + 0x12, 0x1c, 0x0a, 0x09, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x03, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x09, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x20, + 0x0a, 0x0b, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x73, 0x18, 0x04, 0x20, + 0x03, 0x28, 0x09, 0x52, 0x0b, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x73, + 0x22, 0xc7, 0x02, 0x0a, 0x0c, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, + 0x72, 0x12, 0x16, 0x0a, 0x06, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x06, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x5d, 0x0a, 0x0e, 0x52, 0x69, 0x6e, + 0x67, 0x48, 0x61, 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x35, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, + 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, + 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x52, 0x69, 0x6e, 0x67, 0x48, 0x61, + 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0e, 0x52, 0x69, 0x6e, 0x67, 0x48, 0x61, + 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x69, 0x0a, 0x12, 0x4c, 0x65, 0x61, 0x73, + 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x03, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, + 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, + 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4c, 0x65, 0x61, + 0x73, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, + 0x12, 0x4c, 0x65, 0x61, 0x73, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x43, 0x6f, 0x6e, + 0x66, 0x69, 0x67, 0x12, 0x55, 0x0a, 0x0c, 0x48, 0x61, 0x73, 0x68, 0x50, 0x6f, 0x6c, 0x69, 0x63, + 0x69, 0x65, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68, 0x61, 0x73, 0x68, + 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, + 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x61, 0x73, 0x68, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x0c, 0x48, 0x61, 0x73, 0x68, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x22, 0x64, 0x0a, 0x0e, 0x52, 0x69, 0x6e, 0x67, 0x48, 0x61, 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x28, 0x0a, 0x0f, @@ -2434,184 +2473,223 @@ var file_proto_pbconfigentry_config_entry_proto_rawDesc = []byte{ 0x22, 0x36, 0x0a, 0x12, 0x4c, 0x65, 0x61, 0x73, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x20, 0x0a, 0x0b, 0x43, 0x68, 0x6f, 0x69, 0x63, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0b, 0x43, 0x68, 0x6f, - 0x69, 0x63, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x22, 0xb9, 0x01, 0x0a, 0x0a, 0x48, 0x61, 0x73, + 0x69, 0x63, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x22, 0xd3, 0x01, 0x0a, 0x0a, 0x48, 0x61, 0x73, 0x68, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x12, 0x1e, 0x0a, 0x0a, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x0a, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x3d, 0x0a, + 0x09, 0x52, 0x0a, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x57, 0x0a, 0x0c, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x03, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, - 0x79, 0x2e, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0c, - 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x1a, 0x0a, 0x08, - 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x50, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, - 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x50, 0x12, 0x1a, 0x0a, 0x08, 0x54, 0x65, 0x72, 0x6d, - 0x69, 0x6e, 0x61, 0x6c, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x54, 0x65, 0x72, 0x6d, - 0x69, 0x6e, 0x61, 0x6c, 0x22, 0x69, 0x0a, 0x0c, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x43, 0x6f, - 0x6e, 0x66, 0x69, 0x67, 0x12, 0x18, 0x0a, 0x07, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x2b, - 0x0a, 0x03, 0x54, 0x54, 0x4c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, - 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, - 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x03, 0x54, 0x54, 0x4c, 0x12, 0x12, 0x0a, 0x04, 0x50, - 0x61, 0x74, 0x68, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x50, 0x61, 0x74, 0x68, 0x22, - 0xf1, 0x01, 0x0a, 0x0e, 0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x47, 0x61, 0x74, 0x65, 0x77, - 0x61, 0x79, 0x12, 0x2f, 0x0a, 0x03, 0x54, 0x4c, 0x53, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x1d, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x47, 0x61, - 0x74, 0x65, 0x77, 0x61, 0x79, 0x54, 0x4c, 0x53, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x03, - 0x54, 0x4c, 0x53, 0x12, 0x3a, 0x0a, 0x09, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x73, - 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, - 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x4c, 0x69, 0x73, 0x74, - 0x65, 0x6e, 0x65, 0x72, 0x52, 0x09, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x73, 0x12, - 0x39, 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x25, 0x2e, - 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x49, 0x6e, 0x67, 0x72, - 0x65, 0x73, 0x73, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, - 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, - 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, - 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, - 0x02, 0x38, 0x01, 0x22, 0xd0, 0x01, 0x0a, 0x10, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x54, - 0x4c, 0x53, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x18, 0x0a, 0x07, 0x45, 0x6e, 0x61, 0x62, - 0x6c, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x45, 0x6e, 0x61, 0x62, 0x6c, - 0x65, 0x64, 0x12, 0x32, 0x0a, 0x03, 0x53, 0x44, 0x53, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x20, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x47, 0x61, - 0x74, 0x65, 0x77, 0x61, 0x79, 0x54, 0x4c, 0x53, 0x53, 0x44, 0x53, 0x43, 0x6f, 0x6e, 0x66, 0x69, - 0x67, 0x52, 0x03, 0x53, 0x44, 0x53, 0x12, 0x24, 0x0a, 0x0d, 0x54, 0x4c, 0x53, 0x4d, 0x69, 0x6e, - 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x54, - 0x4c, 0x53, 0x4d, 0x69, 0x6e, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x24, 0x0a, 0x0d, - 0x54, 0x4c, 0x53, 0x4d, 0x61, 0x78, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x0d, 0x54, 0x4c, 0x53, 0x4d, 0x61, 0x78, 0x56, 0x65, 0x72, 0x73, 0x69, - 0x6f, 0x6e, 0x12, 0x22, 0x0a, 0x0c, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x53, 0x75, 0x69, 0x74, - 0x65, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, - 0x53, 0x75, 0x69, 0x74, 0x65, 0x73, 0x22, 0x5b, 0x0a, 0x13, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, - 0x79, 0x54, 0x4c, 0x53, 0x53, 0x44, 0x53, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x20, 0x0a, - 0x0b, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x0b, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, - 0x22, 0x0a, 0x0c, 0x43, 0x65, 0x72, 0x74, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x43, 0x65, 0x72, 0x74, 0x52, 0x65, 0x73, 0x6f, 0x75, - 0x72, 0x63, 0x65, 0x22, 0xab, 0x01, 0x0a, 0x0f, 0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x4c, - 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x50, 0x6f, 0x72, 0x74, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x04, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x50, - 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x50, - 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x37, 0x0a, 0x08, 0x53, 0x65, 0x72, 0x76, 0x69, - 0x63, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x63, 0x6f, 0x6e, 0x66, - 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x53, - 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x08, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, - 0x12, 0x2f, 0x0a, 0x03, 0x54, 0x4c, 0x53, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, - 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x47, 0x61, 0x74, 0x65, - 0x77, 0x61, 0x79, 0x54, 0x4c, 0x53, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x03, 0x54, 0x4c, - 0x53, 0x22, 0xbc, 0x03, 0x0a, 0x0e, 0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, - 0x76, 0x69, 0x63, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x48, 0x6f, 0x73, 0x74, - 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x05, 0x48, 0x6f, 0x73, 0x74, 0x73, 0x12, 0x36, - 0x0a, 0x03, 0x54, 0x4c, 0x53, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x63, 0x6f, + 0x01, 0x28, 0x0b, 0x32, 0x33, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, + 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, + 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x43, 0x6f, 0x6f, 0x6b, + 0x69, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0c, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, + 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x1a, 0x0a, 0x08, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, + 0x49, 0x50, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, + 0x49, 0x50, 0x12, 0x1a, 0x0a, 0x08, 0x54, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x6c, 0x18, 0x05, + 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x54, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x6c, 0x22, 0x69, + 0x0a, 0x0c, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x18, + 0x0a, 0x07, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, + 0x07, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x2b, 0x0a, 0x03, 0x54, 0x54, 0x4c, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x52, 0x03, 0x54, 0x54, 0x4c, 0x12, 0x12, 0x0a, 0x04, 0x50, 0x61, 0x74, 0x68, 0x18, 0x03, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x04, 0x50, 0x61, 0x74, 0x68, 0x22, 0xbf, 0x02, 0x0a, 0x0e, 0x49, 0x6e, + 0x67, 0x72, 0x65, 0x73, 0x73, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x12, 0x49, 0x0a, 0x03, + 0x54, 0x4c, 0x53, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x37, 0x2e, 0x68, 0x61, 0x73, 0x68, + 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, + 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, + 0x79, 0x2e, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x54, 0x4c, 0x53, 0x43, 0x6f, 0x6e, 0x66, + 0x69, 0x67, 0x52, 0x03, 0x54, 0x4c, 0x53, 0x12, 0x54, 0x0a, 0x09, 0x4c, 0x69, 0x73, 0x74, 0x65, + 0x6e, 0x65, 0x72, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x68, 0x61, 0x73, + 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, + 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, + 0x72, 0x79, 0x2e, 0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, + 0x65, 0x72, 0x52, 0x09, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x73, 0x12, 0x53, 0x0a, + 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3f, 0x2e, 0x68, 0x61, + 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, + 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, + 0x74, 0x72, 0x79, 0x2e, 0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x47, 0x61, 0x74, 0x65, 0x77, + 0x61, 0x79, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, + 0x74, 0x61, 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, + 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, + 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xea, 0x01, 0x0a, 0x10, + 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x54, 0x4c, 0x53, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, + 0x12, 0x18, 0x0a, 0x07, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x08, 0x52, 0x07, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x12, 0x4c, 0x0a, 0x03, 0x53, 0x44, + 0x53, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, + 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, + 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, + 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x54, 0x4c, 0x53, 0x53, 0x44, 0x53, 0x43, 0x6f, 0x6e, + 0x66, 0x69, 0x67, 0x52, 0x03, 0x53, 0x44, 0x53, 0x12, 0x24, 0x0a, 0x0d, 0x54, 0x4c, 0x53, 0x4d, + 0x69, 0x6e, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x0d, 0x54, 0x4c, 0x53, 0x4d, 0x69, 0x6e, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x24, + 0x0a, 0x0d, 0x54, 0x4c, 0x53, 0x4d, 0x61, 0x78, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, + 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x54, 0x4c, 0x53, 0x4d, 0x61, 0x78, 0x56, 0x65, 0x72, + 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x22, 0x0a, 0x0c, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x53, 0x75, + 0x69, 0x74, 0x65, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x43, 0x69, 0x70, 0x68, + 0x65, 0x72, 0x53, 0x75, 0x69, 0x74, 0x65, 0x73, 0x22, 0x5b, 0x0a, 0x13, 0x47, 0x61, 0x74, 0x65, + 0x77, 0x61, 0x79, 0x54, 0x4c, 0x53, 0x53, 0x44, 0x53, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, + 0x20, 0x0a, 0x0b, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x4e, 0x61, 0x6d, + 0x65, 0x12, 0x22, 0x0a, 0x0c, 0x43, 0x65, 0x72, 0x74, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, + 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x43, 0x65, 0x72, 0x74, 0x52, 0x65, 0x73, + 0x6f, 0x75, 0x72, 0x63, 0x65, 0x22, 0xdf, 0x01, 0x0a, 0x0f, 0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, + 0x73, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x50, 0x6f, 0x72, + 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x04, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x1a, 0x0a, + 0x08, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x08, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x51, 0x0a, 0x08, 0x53, 0x65, 0x72, + 0x76, 0x69, 0x63, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x35, 0x2e, 0x68, 0x61, + 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, + 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, + 0x74, 0x72, 0x79, 0x2e, 0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0x52, 0x08, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x49, 0x0a, 0x03, + 0x54, 0x4c, 0x53, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x37, 0x2e, 0x68, 0x61, 0x73, 0x68, + 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, + 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, + 0x79, 0x2e, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x54, 0x4c, 0x53, 0x43, 0x6f, 0x6e, 0x66, + 0x69, 0x67, 0x52, 0x03, 0x54, 0x4c, 0x53, 0x22, 0xbe, 0x04, 0x0a, 0x0e, 0x49, 0x6e, 0x67, 0x72, + 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, + 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x14, + 0x0a, 0x05, 0x48, 0x6f, 0x73, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x05, 0x48, + 0x6f, 0x73, 0x74, 0x73, 0x12, 0x50, 0x0a, 0x03, 0x54, 0x4c, 0x53, 0x18, 0x03, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x3e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, + 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x54, 0x4c, 0x53, 0x43, 0x6f, 0x6e, 0x66, 0x69, - 0x67, 0x52, 0x03, 0x54, 0x4c, 0x53, 0x12, 0x48, 0x0a, 0x0e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, - 0x74, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x20, - 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, - 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x6f, 0x64, 0x69, 0x66, 0x69, 0x65, 0x72, 0x73, - 0x52, 0x0e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, - 0x12, 0x4a, 0x0a, 0x0f, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x48, 0x65, 0x61, 0x64, - 0x65, 0x72, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x63, 0x6f, 0x6e, 0x66, - 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, - 0x65, 0x72, 0x4d, 0x6f, 0x64, 0x69, 0x66, 0x69, 0x65, 0x72, 0x73, 0x52, 0x0f, 0x52, 0x65, 0x73, - 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x39, 0x0a, 0x04, - 0x4d, 0x65, 0x74, 0x61, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x63, 0x6f, 0x6e, - 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, - 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, - 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x3e, 0x0a, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, - 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x16, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, - 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x52, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, - 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, - 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, - 0x22, 0x4d, 0x0a, 0x17, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x53, 0x65, 0x72, 0x76, 0x69, - 0x63, 0x65, 0x54, 0x4c, 0x53, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x32, 0x0a, 0x03, 0x53, - 0x44, 0x53, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, - 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x54, 0x4c, - 0x53, 0x53, 0x44, 0x53, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x03, 0x53, 0x44, 0x53, 0x22, - 0x97, 0x02, 0x0a, 0x13, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x6f, - 0x64, 0x69, 0x66, 0x69, 0x65, 0x72, 0x73, 0x12, 0x3b, 0x0a, 0x03, 0x41, 0x64, 0x64, 0x18, 0x01, - 0x20, 0x03, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, - 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x6f, 0x64, - 0x69, 0x66, 0x69, 0x65, 0x72, 0x73, 0x2e, 0x41, 0x64, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, - 0x03, 0x41, 0x64, 0x64, 0x12, 0x3b, 0x0a, 0x03, 0x53, 0x65, 0x74, 0x18, 0x02, 0x20, 0x03, 0x28, - 0x0b, 0x32, 0x29, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, - 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x6f, 0x64, 0x69, 0x66, 0x69, - 0x65, 0x72, 0x73, 0x2e, 0x53, 0x65, 0x74, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x53, 0x65, - 0x74, 0x12, 0x16, 0x0a, 0x06, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x18, 0x03, 0x20, 0x03, 0x28, - 0x09, 0x52, 0x06, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x1a, 0x36, 0x0a, 0x08, 0x41, 0x64, 0x64, + 0x67, 0x52, 0x03, 0x54, 0x4c, 0x53, 0x12, 0x62, 0x0a, 0x0e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, + 0x74, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3a, + 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, + 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, + 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, + 0x72, 0x4d, 0x6f, 0x64, 0x69, 0x66, 0x69, 0x65, 0x72, 0x73, 0x52, 0x0e, 0x52, 0x65, 0x71, 0x75, + 0x65, 0x73, 0x74, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x64, 0x0a, 0x0f, 0x52, 0x65, + 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x05, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, + 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, + 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, + 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x6f, 0x64, 0x69, 0x66, 0x69, 0x65, 0x72, 0x73, 0x52, + 0x0f, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, + 0x12, 0x53, 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3f, + 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, + 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, + 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x53, 0x65, + 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, + 0x04, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x58, 0x0a, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, + 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, + 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, + 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, + 0x2e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x52, + 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x1a, + 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, + 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, + 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, + 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x67, 0x0a, 0x17, 0x47, 0x61, 0x74, 0x65, + 0x77, 0x61, 0x79, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x54, 0x4c, 0x53, 0x43, 0x6f, 0x6e, + 0x66, 0x69, 0x67, 0x12, 0x4c, 0x0a, 0x03, 0x53, 0x44, 0x53, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, + 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, + 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, + 0x54, 0x4c, 0x53, 0x53, 0x44, 0x53, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x03, 0x53, 0x44, + 0x53, 0x22, 0xcb, 0x02, 0x0a, 0x13, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, + 0x4d, 0x6f, 0x64, 0x69, 0x66, 0x69, 0x65, 0x72, 0x73, 0x12, 0x55, 0x0a, 0x03, 0x41, 0x64, 0x64, + 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x43, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, + 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, + 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, + 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x6f, 0x64, 0x69, 0x66, 0x69, 0x65, + 0x72, 0x73, 0x2e, 0x41, 0x64, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x41, 0x64, 0x64, + 0x12, 0x55, 0x0a, 0x03, 0x53, 0x65, 0x74, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x43, 0x2e, + 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, + 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, + 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, + 0x4d, 0x6f, 0x64, 0x69, 0x66, 0x69, 0x65, 0x72, 0x73, 0x2e, 0x53, 0x65, 0x74, 0x45, 0x6e, 0x74, + 0x72, 0x79, 0x52, 0x03, 0x53, 0x65, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x52, 0x65, 0x6d, 0x6f, 0x76, + 0x65, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x06, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x1a, + 0x36, 0x0a, 0x08, 0x41, 0x64, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, + 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, + 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, + 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x36, 0x0a, 0x08, 0x53, 0x65, 0x74, 0x45, 0x6e, + 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, + 0xf6, 0x01, 0x0a, 0x11, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x49, 0x6e, 0x74, 0x65, 0x6e, + 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x50, 0x0a, 0x07, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, + 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, + 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, + 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, + 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x07, + 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, 0x56, 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, + 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x42, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, + 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, + 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x65, + 0x72, 0x76, 0x69, 0x63, 0x65, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, + 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x1a, + 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, + 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, + 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, + 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xa6, 0x06, 0x0a, 0x0f, 0x53, 0x6f, 0x75, + 0x72, 0x63, 0x65, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, + 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, + 0x12, 0x4e, 0x0a, 0x06, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, + 0x32, 0x36, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, + 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, + 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, + 0x6f, 0x6e, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x06, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, + 0x12, 0x5c, 0x0a, 0x0b, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x18, + 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, + 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, + 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x49, 0x6e, + 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, + 0x6e, 0x52, 0x0b, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x1e, + 0x0a, 0x0a, 0x50, 0x72, 0x65, 0x63, 0x65, 0x64, 0x65, 0x6e, 0x63, 0x65, 0x18, 0x04, 0x20, 0x01, + 0x28, 0x05, 0x52, 0x0a, 0x50, 0x72, 0x65, 0x63, 0x65, 0x64, 0x65, 0x6e, 0x63, 0x65, 0x12, 0x1a, + 0x0a, 0x08, 0x4c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x49, 0x44, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x08, 0x4c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x49, 0x44, 0x12, 0x4e, 0x0a, 0x04, 0x54, 0x79, + 0x70, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, + 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, + 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, + 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, + 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x54, 0x79, 0x70, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x44, 0x65, + 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x0b, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x66, 0x0a, 0x0a, + 0x4c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x08, 0x20, 0x03, 0x28, 0x0b, + 0x32, 0x46, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, + 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, + 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, + 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x4c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x4d, + 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0a, 0x4c, 0x65, 0x67, 0x61, 0x63, 0x79, + 0x4d, 0x65, 0x74, 0x61, 0x12, 0x46, 0x0a, 0x10, 0x4c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x43, 0x72, + 0x65, 0x61, 0x74, 0x65, 0x54, 0x69, 0x6d, 0x65, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, + 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, + 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x10, 0x4c, 0x65, 0x67, 0x61, + 0x63, 0x79, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x54, 0x69, 0x6d, 0x65, 0x12, 0x46, 0x0a, 0x10, + 0x4c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x54, 0x69, 0x6d, 0x65, + 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, + 0x6d, 0x70, 0x52, 0x10, 0x4c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, + 0x54, 0x69, 0x6d, 0x65, 0x12, 0x58, 0x0a, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, + 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, + 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, + 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, + 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x52, 0x0e, + 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x12, + 0x0a, 0x04, 0x50, 0x65, 0x65, 0x72, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x50, 0x65, + 0x65, 0x72, 0x1a, 0x3d, 0x0a, 0x0f, 0x4c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, - 0x01, 0x1a, 0x36, 0x0a, 0x08, 0x53, 0x65, 0x74, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, - 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, - 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, - 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xc2, 0x01, 0x0a, 0x11, 0x53, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, - 0x36, 0x0a, 0x07, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, - 0x32, 0x1c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, - 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x07, - 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, 0x3c, 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, - 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, - 0x74, 0x72, 0x79, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x49, 0x6e, 0x74, 0x65, 0x6e, - 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, - 0x04, 0x4d, 0x65, 0x74, 0x61, 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, - 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xa4, - 0x05, 0x0a, 0x0f, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, - 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x34, 0x0a, 0x06, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, - 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x41, 0x63, - 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x06, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x42, 0x0a, 0x0b, - 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, - 0x0b, 0x32, 0x20, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, - 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, - 0x69, 0x6f, 0x6e, 0x52, 0x0b, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, - 0x12, 0x1e, 0x0a, 0x0a, 0x50, 0x72, 0x65, 0x63, 0x65, 0x64, 0x65, 0x6e, 0x63, 0x65, 0x18, 0x04, - 0x20, 0x01, 0x28, 0x05, 0x52, 0x0a, 0x50, 0x72, 0x65, 0x63, 0x65, 0x64, 0x65, 0x6e, 0x63, 0x65, - 0x12, 0x1a, 0x0a, 0x08, 0x4c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x49, 0x44, 0x18, 0x05, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x08, 0x4c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x49, 0x44, 0x12, 0x34, 0x0a, 0x04, - 0x54, 0x79, 0x70, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x20, 0x2e, 0x63, 0x6f, 0x6e, - 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, - 0x6f, 0x6e, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x54, 0x79, - 0x70, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, - 0x6e, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, - 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x4c, 0x0a, 0x0a, 0x4c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x4d, 0x65, - 0x74, 0x61, 0x18, 0x08, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, - 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x6e, 0x74, - 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x4c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x4d, 0x65, 0x74, - 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0a, 0x4c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x4d, 0x65, - 0x74, 0x61, 0x12, 0x46, 0x0a, 0x10, 0x4c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x43, 0x72, 0x65, 0x61, - 0x74, 0x65, 0x54, 0x69, 0x6d, 0x65, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, - 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, - 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x10, 0x4c, 0x65, 0x67, 0x61, 0x63, 0x79, - 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x54, 0x69, 0x6d, 0x65, 0x12, 0x46, 0x0a, 0x10, 0x4c, 0x65, - 0x67, 0x61, 0x63, 0x79, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x54, 0x69, 0x6d, 0x65, 0x18, 0x0a, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, - 0x52, 0x10, 0x4c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x54, 0x69, - 0x6d, 0x65, 0x12, 0x3e, 0x0a, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, - 0x4d, 0x65, 0x74, 0x61, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x63, 0x6f, 0x6d, - 0x6d, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, - 0x74, 0x61, 0x52, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, - 0x74, 0x61, 0x12, 0x12, 0x0a, 0x04, 0x50, 0x65, 0x65, 0x72, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x04, 0x50, 0x65, 0x65, 0x72, 0x1a, 0x3d, 0x0a, 0x0f, 0x4c, 0x65, 0x67, 0x61, 0x63, 0x79, - 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, - 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, - 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x85, 0x01, 0x0a, 0x13, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, - 0x69, 0x6f, 0x6e, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x34, 0x0a, - 0x06, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1c, 0x2e, - 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x49, 0x6e, 0x74, 0x65, - 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x06, 0x41, 0x63, 0x74, - 0x69, 0x6f, 0x6e, 0x12, 0x38, 0x0a, 0x04, 0x48, 0x54, 0x54, 0x50, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x24, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, + 0x01, 0x22, 0xb9, 0x01, 0x0a, 0x13, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x50, + 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x4e, 0x0a, 0x06, 0x41, 0x63, 0x74, + 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x36, 0x2e, 0x68, 0x61, 0x73, 0x68, + 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, + 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, + 0x79, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x41, 0x63, 0x74, 0x69, 0x6f, + 0x6e, 0x52, 0x06, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x52, 0x0a, 0x04, 0x48, 0x54, 0x54, + 0x50, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, + 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, + 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x54, 0x54, 0x50, 0x50, 0x65, 0x72, - 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x04, 0x48, 0x54, 0x54, 0x50, 0x22, 0xd3, 0x01, + 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x04, 0x48, 0x54, 0x54, 0x50, 0x22, 0xed, 0x01, 0x0a, 0x17, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x54, 0x54, 0x50, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x74, 0x68, 0x45, 0x78, 0x61, 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, @@ -2619,47 +2697,57 @@ var file_proto_pbconfigentry_config_entry_proto_rawDesc = []byte{ 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x50, 0x61, 0x74, 0x68, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x74, 0x68, 0x52, 0x65, 0x67, 0x65, 0x78, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x74, 0x68, - 0x52, 0x65, 0x67, 0x65, 0x78, 0x12, 0x42, 0x0a, 0x06, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x18, - 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, - 0x74, 0x72, 0x79, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x54, 0x54, - 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, - 0x6e, 0x52, 0x06, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12, 0x18, 0x0a, 0x07, 0x4d, 0x65, 0x74, - 0x68, 0x6f, 0x64, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x4d, 0x65, 0x74, 0x68, - 0x6f, 0x64, 0x73, 0x22, 0xc1, 0x01, 0x0a, 0x1d, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, - 0x6e, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x50, 0x65, 0x72, 0x6d, 0x69, - 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x50, 0x72, 0x65, - 0x73, 0x65, 0x6e, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x50, 0x72, 0x65, 0x73, - 0x65, 0x6e, 0x74, 0x12, 0x14, 0x0a, 0x05, 0x45, 0x78, 0x61, 0x63, 0x74, 0x18, 0x03, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x05, 0x45, 0x78, 0x61, 0x63, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x50, 0x72, 0x65, - 0x66, 0x69, 0x78, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x50, 0x72, 0x65, 0x66, 0x69, - 0x78, 0x12, 0x16, 0x0a, 0x06, 0x53, 0x75, 0x66, 0x66, 0x69, 0x78, 0x18, 0x05, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x06, 0x53, 0x75, 0x66, 0x66, 0x69, 0x78, 0x12, 0x14, 0x0a, 0x05, 0x52, 0x65, 0x67, - 0x65, 0x78, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x52, 0x65, 0x67, 0x65, 0x78, 0x12, - 0x16, 0x0a, 0x06, 0x49, 0x6e, 0x76, 0x65, 0x72, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, - 0x06, 0x49, 0x6e, 0x76, 0x65, 0x72, 0x74, 0x2a, 0x77, 0x0a, 0x04, 0x4b, 0x69, 0x6e, 0x64, 0x12, - 0x0f, 0x0a, 0x0b, 0x4b, 0x69, 0x6e, 0x64, 0x55, 0x6e, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x10, 0x00, - 0x12, 0x12, 0x0a, 0x0e, 0x4b, 0x69, 0x6e, 0x64, 0x4d, 0x65, 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, - 0x69, 0x67, 0x10, 0x01, 0x12, 0x17, 0x0a, 0x13, 0x4b, 0x69, 0x6e, 0x64, 0x53, 0x65, 0x72, 0x76, - 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x10, 0x02, 0x12, 0x16, 0x0a, - 0x12, 0x4b, 0x69, 0x6e, 0x64, 0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x47, 0x61, 0x74, 0x65, - 0x77, 0x61, 0x79, 0x10, 0x03, 0x12, 0x19, 0x0a, 0x15, 0x4b, 0x69, 0x6e, 0x64, 0x53, 0x65, 0x72, - 0x76, 0x69, 0x63, 0x65, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x10, 0x04, - 0x2a, 0x26, 0x0a, 0x0f, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x41, 0x63, 0x74, - 0x69, 0x6f, 0x6e, 0x12, 0x08, 0x0a, 0x04, 0x44, 0x65, 0x6e, 0x79, 0x10, 0x00, 0x12, 0x09, 0x0a, - 0x05, 0x41, 0x6c, 0x6c, 0x6f, 0x77, 0x10, 0x01, 0x2a, 0x21, 0x0a, 0x13, 0x49, 0x6e, 0x74, 0x65, - 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, - 0x0a, 0x0a, 0x06, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x10, 0x00, 0x42, 0xa0, 0x01, 0x0a, 0x0f, - 0x63, 0x6f, 0x6d, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x42, - 0x10, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x50, 0x72, 0x6f, 0x74, - 0x6f, 0x50, 0x01, 0x5a, 0x2f, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, - 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, - 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, - 0x6e, 0x74, 0x72, 0x79, 0xa2, 0x02, 0x03, 0x43, 0x58, 0x58, 0xaa, 0x02, 0x0b, 0x43, 0x6f, 0x6e, - 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0xca, 0x02, 0x0b, 0x43, 0x6f, 0x6e, 0x66, 0x69, - 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0xe2, 0x02, 0x17, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, - 0x6e, 0x74, 0x72, 0x79, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, - 0xea, 0x02, 0x0b, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x62, 0x06, + 0x52, 0x65, 0x67, 0x65, 0x78, 0x12, 0x5c, 0x0a, 0x06, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x18, + 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x44, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, + 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, + 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x49, 0x6e, + 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, + 0x72, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x06, 0x48, 0x65, 0x61, + 0x64, 0x65, 0x72, 0x12, 0x18, 0x0a, 0x07, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x73, 0x18, 0x05, + 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x73, 0x22, 0xc1, 0x01, + 0x0a, 0x1d, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x54, 0x54, 0x50, 0x48, + 0x65, 0x61, 0x64, 0x65, 0x72, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x12, + 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, + 0x61, 0x6d, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x50, 0x72, 0x65, 0x73, 0x65, 0x6e, 0x74, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x50, 0x72, 0x65, 0x73, 0x65, 0x6e, 0x74, 0x12, 0x14, 0x0a, + 0x05, 0x45, 0x78, 0x61, 0x63, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x45, 0x78, + 0x61, 0x63, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x04, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x06, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x16, 0x0a, 0x06, 0x53, + 0x75, 0x66, 0x66, 0x69, 0x78, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x53, 0x75, 0x66, + 0x66, 0x69, 0x78, 0x12, 0x14, 0x0a, 0x05, 0x52, 0x65, 0x67, 0x65, 0x78, 0x18, 0x06, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x05, 0x52, 0x65, 0x67, 0x65, 0x78, 0x12, 0x16, 0x0a, 0x06, 0x49, 0x6e, 0x76, + 0x65, 0x72, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x49, 0x6e, 0x76, 0x65, 0x72, + 0x74, 0x2a, 0x77, 0x0a, 0x04, 0x4b, 0x69, 0x6e, 0x64, 0x12, 0x0f, 0x0a, 0x0b, 0x4b, 0x69, 0x6e, + 0x64, 0x55, 0x6e, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x10, 0x00, 0x12, 0x12, 0x0a, 0x0e, 0x4b, 0x69, + 0x6e, 0x64, 0x4d, 0x65, 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x10, 0x01, 0x12, 0x17, + 0x0a, 0x13, 0x4b, 0x69, 0x6e, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, + 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x10, 0x02, 0x12, 0x16, 0x0a, 0x12, 0x4b, 0x69, 0x6e, 0x64, 0x49, + 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x10, 0x03, 0x12, + 0x19, 0x0a, 0x15, 0x4b, 0x69, 0x6e, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x49, 0x6e, + 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x10, 0x04, 0x2a, 0x26, 0x0a, 0x0f, 0x49, 0x6e, + 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x08, 0x0a, + 0x04, 0x44, 0x65, 0x6e, 0x79, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, 0x41, 0x6c, 0x6c, 0x6f, 0x77, + 0x10, 0x01, 0x2a, 0x21, 0x0a, 0x13, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x53, + 0x6f, 0x75, 0x72, 0x63, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0a, 0x0a, 0x06, 0x43, 0x6f, 0x6e, + 0x73, 0x75, 0x6c, 0x10, 0x00, 0x42, 0xa6, 0x02, 0x0a, 0x29, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, + 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, + 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, + 0x74, 0x72, 0x79, 0x42, 0x10, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x45, 0x6e, 0x74, 0x72, 0x79, + 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2f, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, + 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, + 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x63, 0x6f, 0x6e, + 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0xa2, 0x02, 0x04, 0x48, 0x43, 0x49, 0x43, 0xaa, + 0x02, 0x25, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, + 0x75, 0x6c, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x43, 0x6f, 0x6e, 0x66, + 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0xca, 0x02, 0x25, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, + 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74, 0x65, 0x72, + 0x6e, 0x61, 0x6c, 0x5c, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0xe2, + 0x02, 0x31, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, + 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5c, 0x43, 0x6f, 0x6e, 0x66, + 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, + 0x61, 0x74, 0x61, 0xea, 0x02, 0x28, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, + 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, + 0x6c, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } @@ -2678,104 +2766,104 @@ func file_proto_pbconfigentry_config_entry_proto_rawDescGZIP() []byte { var file_proto_pbconfigentry_config_entry_proto_enumTypes = make([]protoimpl.EnumInfo, 3) var file_proto_pbconfigentry_config_entry_proto_msgTypes = make([]protoimpl.MessageInfo, 37) var file_proto_pbconfigentry_config_entry_proto_goTypes = []interface{}{ - (Kind)(0), // 0: configentry.Kind - (IntentionAction)(0), // 1: configentry.IntentionAction - (IntentionSourceType)(0), // 2: configentry.IntentionSourceType - (*ConfigEntry)(nil), // 3: configentry.ConfigEntry - (*MeshConfig)(nil), // 4: configentry.MeshConfig - (*TransparentProxyMeshConfig)(nil), // 5: configentry.TransparentProxyMeshConfig - (*MeshTLSConfig)(nil), // 6: configentry.MeshTLSConfig - (*MeshDirectionalTLSConfig)(nil), // 7: configentry.MeshDirectionalTLSConfig - (*MeshHTTPConfig)(nil), // 8: configentry.MeshHTTPConfig - (*ServiceResolver)(nil), // 9: configentry.ServiceResolver - (*ServiceResolverSubset)(nil), // 10: configentry.ServiceResolverSubset - (*ServiceResolverRedirect)(nil), // 11: configentry.ServiceResolverRedirect - (*ServiceResolverFailover)(nil), // 12: configentry.ServiceResolverFailover - (*LoadBalancer)(nil), // 13: configentry.LoadBalancer - (*RingHashConfig)(nil), // 14: configentry.RingHashConfig - (*LeastRequestConfig)(nil), // 15: configentry.LeastRequestConfig - (*HashPolicy)(nil), // 16: configentry.HashPolicy - (*CookieConfig)(nil), // 17: configentry.CookieConfig - (*IngressGateway)(nil), // 18: configentry.IngressGateway - (*GatewayTLSConfig)(nil), // 19: configentry.GatewayTLSConfig - (*GatewayTLSSDSConfig)(nil), // 20: configentry.GatewayTLSSDSConfig - (*IngressListener)(nil), // 21: configentry.IngressListener - (*IngressService)(nil), // 22: configentry.IngressService - (*GatewayServiceTLSConfig)(nil), // 23: configentry.GatewayServiceTLSConfig - (*HTTPHeaderModifiers)(nil), // 24: configentry.HTTPHeaderModifiers - (*ServiceIntentions)(nil), // 25: configentry.ServiceIntentions - (*SourceIntention)(nil), // 26: configentry.SourceIntention - (*IntentionPermission)(nil), // 27: configentry.IntentionPermission - (*IntentionHTTPPermission)(nil), // 28: configentry.IntentionHTTPPermission - (*IntentionHTTPHeaderPermission)(nil), // 29: configentry.IntentionHTTPHeaderPermission - nil, // 30: configentry.MeshConfig.MetaEntry - nil, // 31: configentry.ServiceResolver.SubsetsEntry - nil, // 32: configentry.ServiceResolver.FailoverEntry - nil, // 33: configentry.ServiceResolver.MetaEntry - nil, // 34: configentry.IngressGateway.MetaEntry - nil, // 35: configentry.IngressService.MetaEntry - nil, // 36: configentry.HTTPHeaderModifiers.AddEntry - nil, // 37: configentry.HTTPHeaderModifiers.SetEntry - nil, // 38: configentry.ServiceIntentions.MetaEntry - nil, // 39: configentry.SourceIntention.LegacyMetaEntry - (*pbcommon.EnterpriseMeta)(nil), // 40: common.EnterpriseMeta - (*pbcommon.RaftIndex)(nil), // 41: common.RaftIndex + (Kind)(0), // 0: hashicorp.consul.internal.configentry.Kind + (IntentionAction)(0), // 1: hashicorp.consul.internal.configentry.IntentionAction + (IntentionSourceType)(0), // 2: hashicorp.consul.internal.configentry.IntentionSourceType + (*ConfigEntry)(nil), // 3: hashicorp.consul.internal.configentry.ConfigEntry + (*MeshConfig)(nil), // 4: hashicorp.consul.internal.configentry.MeshConfig + (*TransparentProxyMeshConfig)(nil), // 5: hashicorp.consul.internal.configentry.TransparentProxyMeshConfig + (*MeshTLSConfig)(nil), // 6: hashicorp.consul.internal.configentry.MeshTLSConfig + (*MeshDirectionalTLSConfig)(nil), // 7: hashicorp.consul.internal.configentry.MeshDirectionalTLSConfig + (*MeshHTTPConfig)(nil), // 8: hashicorp.consul.internal.configentry.MeshHTTPConfig + (*ServiceResolver)(nil), // 9: hashicorp.consul.internal.configentry.ServiceResolver + (*ServiceResolverSubset)(nil), // 10: hashicorp.consul.internal.configentry.ServiceResolverSubset + (*ServiceResolverRedirect)(nil), // 11: hashicorp.consul.internal.configentry.ServiceResolverRedirect + (*ServiceResolverFailover)(nil), // 12: hashicorp.consul.internal.configentry.ServiceResolverFailover + (*LoadBalancer)(nil), // 13: hashicorp.consul.internal.configentry.LoadBalancer + (*RingHashConfig)(nil), // 14: hashicorp.consul.internal.configentry.RingHashConfig + (*LeastRequestConfig)(nil), // 15: hashicorp.consul.internal.configentry.LeastRequestConfig + (*HashPolicy)(nil), // 16: hashicorp.consul.internal.configentry.HashPolicy + (*CookieConfig)(nil), // 17: hashicorp.consul.internal.configentry.CookieConfig + (*IngressGateway)(nil), // 18: hashicorp.consul.internal.configentry.IngressGateway + (*GatewayTLSConfig)(nil), // 19: hashicorp.consul.internal.configentry.GatewayTLSConfig + (*GatewayTLSSDSConfig)(nil), // 20: hashicorp.consul.internal.configentry.GatewayTLSSDSConfig + (*IngressListener)(nil), // 21: hashicorp.consul.internal.configentry.IngressListener + (*IngressService)(nil), // 22: hashicorp.consul.internal.configentry.IngressService + (*GatewayServiceTLSConfig)(nil), // 23: hashicorp.consul.internal.configentry.GatewayServiceTLSConfig + (*HTTPHeaderModifiers)(nil), // 24: hashicorp.consul.internal.configentry.HTTPHeaderModifiers + (*ServiceIntentions)(nil), // 25: hashicorp.consul.internal.configentry.ServiceIntentions + (*SourceIntention)(nil), // 26: hashicorp.consul.internal.configentry.SourceIntention + (*IntentionPermission)(nil), // 27: hashicorp.consul.internal.configentry.IntentionPermission + (*IntentionHTTPPermission)(nil), // 28: hashicorp.consul.internal.configentry.IntentionHTTPPermission + (*IntentionHTTPHeaderPermission)(nil), // 29: hashicorp.consul.internal.configentry.IntentionHTTPHeaderPermission + nil, // 30: hashicorp.consul.internal.configentry.MeshConfig.MetaEntry + nil, // 31: hashicorp.consul.internal.configentry.ServiceResolver.SubsetsEntry + nil, // 32: hashicorp.consul.internal.configentry.ServiceResolver.FailoverEntry + nil, // 33: hashicorp.consul.internal.configentry.ServiceResolver.MetaEntry + nil, // 34: hashicorp.consul.internal.configentry.IngressGateway.MetaEntry + nil, // 35: hashicorp.consul.internal.configentry.IngressService.MetaEntry + nil, // 36: hashicorp.consul.internal.configentry.HTTPHeaderModifiers.AddEntry + nil, // 37: hashicorp.consul.internal.configentry.HTTPHeaderModifiers.SetEntry + nil, // 38: hashicorp.consul.internal.configentry.ServiceIntentions.MetaEntry + nil, // 39: hashicorp.consul.internal.configentry.SourceIntention.LegacyMetaEntry + (*pbcommon.EnterpriseMeta)(nil), // 40: hashicorp.consul.internal.common.EnterpriseMeta + (*pbcommon.RaftIndex)(nil), // 41: hashicorp.consul.internal.common.RaftIndex (*durationpb.Duration)(nil), // 42: google.protobuf.Duration (*timestamppb.Timestamp)(nil), // 43: google.protobuf.Timestamp } var file_proto_pbconfigentry_config_entry_proto_depIdxs = []int32{ - 0, // 0: configentry.ConfigEntry.Kind:type_name -> configentry.Kind - 40, // 1: configentry.ConfigEntry.EnterpriseMeta:type_name -> common.EnterpriseMeta - 41, // 2: configentry.ConfigEntry.RaftIndex:type_name -> common.RaftIndex - 4, // 3: configentry.ConfigEntry.MeshConfig:type_name -> configentry.MeshConfig - 9, // 4: configentry.ConfigEntry.ServiceResolver:type_name -> configentry.ServiceResolver - 18, // 5: configentry.ConfigEntry.IngressGateway:type_name -> configentry.IngressGateway - 25, // 6: configentry.ConfigEntry.ServiceIntentions:type_name -> configentry.ServiceIntentions - 5, // 7: configentry.MeshConfig.TransparentProxy:type_name -> configentry.TransparentProxyMeshConfig - 6, // 8: configentry.MeshConfig.TLS:type_name -> configentry.MeshTLSConfig - 8, // 9: configentry.MeshConfig.HTTP:type_name -> configentry.MeshHTTPConfig - 30, // 10: configentry.MeshConfig.Meta:type_name -> configentry.MeshConfig.MetaEntry - 7, // 11: configentry.MeshTLSConfig.Incoming:type_name -> configentry.MeshDirectionalTLSConfig - 7, // 12: configentry.MeshTLSConfig.Outgoing:type_name -> configentry.MeshDirectionalTLSConfig - 31, // 13: configentry.ServiceResolver.Subsets:type_name -> configentry.ServiceResolver.SubsetsEntry - 11, // 14: configentry.ServiceResolver.Redirect:type_name -> configentry.ServiceResolverRedirect - 32, // 15: configentry.ServiceResolver.Failover:type_name -> configentry.ServiceResolver.FailoverEntry - 42, // 16: configentry.ServiceResolver.ConnectTimeout:type_name -> google.protobuf.Duration - 13, // 17: configentry.ServiceResolver.LoadBalancer:type_name -> configentry.LoadBalancer - 33, // 18: configentry.ServiceResolver.Meta:type_name -> configentry.ServiceResolver.MetaEntry - 14, // 19: configentry.LoadBalancer.RingHashConfig:type_name -> configentry.RingHashConfig - 15, // 20: configentry.LoadBalancer.LeastRequestConfig:type_name -> configentry.LeastRequestConfig - 16, // 21: configentry.LoadBalancer.HashPolicies:type_name -> configentry.HashPolicy - 17, // 22: configentry.HashPolicy.CookieConfig:type_name -> configentry.CookieConfig - 42, // 23: configentry.CookieConfig.TTL:type_name -> google.protobuf.Duration - 19, // 24: configentry.IngressGateway.TLS:type_name -> configentry.GatewayTLSConfig - 21, // 25: configentry.IngressGateway.Listeners:type_name -> configentry.IngressListener - 34, // 26: configentry.IngressGateway.Meta:type_name -> configentry.IngressGateway.MetaEntry - 20, // 27: configentry.GatewayTLSConfig.SDS:type_name -> configentry.GatewayTLSSDSConfig - 22, // 28: configentry.IngressListener.Services:type_name -> configentry.IngressService - 19, // 29: configentry.IngressListener.TLS:type_name -> configentry.GatewayTLSConfig - 23, // 30: configentry.IngressService.TLS:type_name -> configentry.GatewayServiceTLSConfig - 24, // 31: configentry.IngressService.RequestHeaders:type_name -> configentry.HTTPHeaderModifiers - 24, // 32: configentry.IngressService.ResponseHeaders:type_name -> configentry.HTTPHeaderModifiers - 35, // 33: configentry.IngressService.Meta:type_name -> configentry.IngressService.MetaEntry - 40, // 34: configentry.IngressService.EnterpriseMeta:type_name -> common.EnterpriseMeta - 20, // 35: configentry.GatewayServiceTLSConfig.SDS:type_name -> configentry.GatewayTLSSDSConfig - 36, // 36: configentry.HTTPHeaderModifiers.Add:type_name -> configentry.HTTPHeaderModifiers.AddEntry - 37, // 37: configentry.HTTPHeaderModifiers.Set:type_name -> configentry.HTTPHeaderModifiers.SetEntry - 26, // 38: configentry.ServiceIntentions.Sources:type_name -> configentry.SourceIntention - 38, // 39: configentry.ServiceIntentions.Meta:type_name -> configentry.ServiceIntentions.MetaEntry - 1, // 40: configentry.SourceIntention.Action:type_name -> configentry.IntentionAction - 27, // 41: configentry.SourceIntention.Permissions:type_name -> configentry.IntentionPermission - 2, // 42: configentry.SourceIntention.Type:type_name -> configentry.IntentionSourceType - 39, // 43: configentry.SourceIntention.LegacyMeta:type_name -> configentry.SourceIntention.LegacyMetaEntry - 43, // 44: configentry.SourceIntention.LegacyCreateTime:type_name -> google.protobuf.Timestamp - 43, // 45: configentry.SourceIntention.LegacyUpdateTime:type_name -> google.protobuf.Timestamp - 40, // 46: configentry.SourceIntention.EnterpriseMeta:type_name -> common.EnterpriseMeta - 1, // 47: configentry.IntentionPermission.Action:type_name -> configentry.IntentionAction - 28, // 48: configentry.IntentionPermission.HTTP:type_name -> configentry.IntentionHTTPPermission - 29, // 49: configentry.IntentionHTTPPermission.Header:type_name -> configentry.IntentionHTTPHeaderPermission - 10, // 50: configentry.ServiceResolver.SubsetsEntry.value:type_name -> configentry.ServiceResolverSubset - 12, // 51: configentry.ServiceResolver.FailoverEntry.value:type_name -> configentry.ServiceResolverFailover + 0, // 0: hashicorp.consul.internal.configentry.ConfigEntry.Kind:type_name -> hashicorp.consul.internal.configentry.Kind + 40, // 1: hashicorp.consul.internal.configentry.ConfigEntry.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta + 41, // 2: hashicorp.consul.internal.configentry.ConfigEntry.RaftIndex:type_name -> hashicorp.consul.internal.common.RaftIndex + 4, // 3: hashicorp.consul.internal.configentry.ConfigEntry.MeshConfig:type_name -> hashicorp.consul.internal.configentry.MeshConfig + 9, // 4: hashicorp.consul.internal.configentry.ConfigEntry.ServiceResolver:type_name -> hashicorp.consul.internal.configentry.ServiceResolver + 18, // 5: hashicorp.consul.internal.configentry.ConfigEntry.IngressGateway:type_name -> hashicorp.consul.internal.configentry.IngressGateway + 25, // 6: hashicorp.consul.internal.configentry.ConfigEntry.ServiceIntentions:type_name -> hashicorp.consul.internal.configentry.ServiceIntentions + 5, // 7: hashicorp.consul.internal.configentry.MeshConfig.TransparentProxy:type_name -> hashicorp.consul.internal.configentry.TransparentProxyMeshConfig + 6, // 8: hashicorp.consul.internal.configentry.MeshConfig.TLS:type_name -> hashicorp.consul.internal.configentry.MeshTLSConfig + 8, // 9: hashicorp.consul.internal.configentry.MeshConfig.HTTP:type_name -> hashicorp.consul.internal.configentry.MeshHTTPConfig + 30, // 10: hashicorp.consul.internal.configentry.MeshConfig.Meta:type_name -> hashicorp.consul.internal.configentry.MeshConfig.MetaEntry + 7, // 11: hashicorp.consul.internal.configentry.MeshTLSConfig.Incoming:type_name -> hashicorp.consul.internal.configentry.MeshDirectionalTLSConfig + 7, // 12: hashicorp.consul.internal.configentry.MeshTLSConfig.Outgoing:type_name -> hashicorp.consul.internal.configentry.MeshDirectionalTLSConfig + 31, // 13: hashicorp.consul.internal.configentry.ServiceResolver.Subsets:type_name -> hashicorp.consul.internal.configentry.ServiceResolver.SubsetsEntry + 11, // 14: hashicorp.consul.internal.configentry.ServiceResolver.Redirect:type_name -> hashicorp.consul.internal.configentry.ServiceResolverRedirect + 32, // 15: hashicorp.consul.internal.configentry.ServiceResolver.Failover:type_name -> hashicorp.consul.internal.configentry.ServiceResolver.FailoverEntry + 42, // 16: hashicorp.consul.internal.configentry.ServiceResolver.ConnectTimeout:type_name -> google.protobuf.Duration + 13, // 17: hashicorp.consul.internal.configentry.ServiceResolver.LoadBalancer:type_name -> hashicorp.consul.internal.configentry.LoadBalancer + 33, // 18: hashicorp.consul.internal.configentry.ServiceResolver.Meta:type_name -> hashicorp.consul.internal.configentry.ServiceResolver.MetaEntry + 14, // 19: hashicorp.consul.internal.configentry.LoadBalancer.RingHashConfig:type_name -> hashicorp.consul.internal.configentry.RingHashConfig + 15, // 20: hashicorp.consul.internal.configentry.LoadBalancer.LeastRequestConfig:type_name -> hashicorp.consul.internal.configentry.LeastRequestConfig + 16, // 21: hashicorp.consul.internal.configentry.LoadBalancer.HashPolicies:type_name -> hashicorp.consul.internal.configentry.HashPolicy + 17, // 22: hashicorp.consul.internal.configentry.HashPolicy.CookieConfig:type_name -> hashicorp.consul.internal.configentry.CookieConfig + 42, // 23: hashicorp.consul.internal.configentry.CookieConfig.TTL:type_name -> google.protobuf.Duration + 19, // 24: hashicorp.consul.internal.configentry.IngressGateway.TLS:type_name -> hashicorp.consul.internal.configentry.GatewayTLSConfig + 21, // 25: hashicorp.consul.internal.configentry.IngressGateway.Listeners:type_name -> hashicorp.consul.internal.configentry.IngressListener + 34, // 26: hashicorp.consul.internal.configentry.IngressGateway.Meta:type_name -> hashicorp.consul.internal.configentry.IngressGateway.MetaEntry + 20, // 27: hashicorp.consul.internal.configentry.GatewayTLSConfig.SDS:type_name -> hashicorp.consul.internal.configentry.GatewayTLSSDSConfig + 22, // 28: hashicorp.consul.internal.configentry.IngressListener.Services:type_name -> hashicorp.consul.internal.configentry.IngressService + 19, // 29: hashicorp.consul.internal.configentry.IngressListener.TLS:type_name -> hashicorp.consul.internal.configentry.GatewayTLSConfig + 23, // 30: hashicorp.consul.internal.configentry.IngressService.TLS:type_name -> hashicorp.consul.internal.configentry.GatewayServiceTLSConfig + 24, // 31: hashicorp.consul.internal.configentry.IngressService.RequestHeaders:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderModifiers + 24, // 32: hashicorp.consul.internal.configentry.IngressService.ResponseHeaders:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderModifiers + 35, // 33: hashicorp.consul.internal.configentry.IngressService.Meta:type_name -> hashicorp.consul.internal.configentry.IngressService.MetaEntry + 40, // 34: hashicorp.consul.internal.configentry.IngressService.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta + 20, // 35: hashicorp.consul.internal.configentry.GatewayServiceTLSConfig.SDS:type_name -> hashicorp.consul.internal.configentry.GatewayTLSSDSConfig + 36, // 36: hashicorp.consul.internal.configentry.HTTPHeaderModifiers.Add:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderModifiers.AddEntry + 37, // 37: hashicorp.consul.internal.configentry.HTTPHeaderModifiers.Set:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderModifiers.SetEntry + 26, // 38: hashicorp.consul.internal.configentry.ServiceIntentions.Sources:type_name -> hashicorp.consul.internal.configentry.SourceIntention + 38, // 39: hashicorp.consul.internal.configentry.ServiceIntentions.Meta:type_name -> hashicorp.consul.internal.configentry.ServiceIntentions.MetaEntry + 1, // 40: hashicorp.consul.internal.configentry.SourceIntention.Action:type_name -> hashicorp.consul.internal.configentry.IntentionAction + 27, // 41: hashicorp.consul.internal.configentry.SourceIntention.Permissions:type_name -> hashicorp.consul.internal.configentry.IntentionPermission + 2, // 42: hashicorp.consul.internal.configentry.SourceIntention.Type:type_name -> hashicorp.consul.internal.configentry.IntentionSourceType + 39, // 43: hashicorp.consul.internal.configentry.SourceIntention.LegacyMeta:type_name -> hashicorp.consul.internal.configentry.SourceIntention.LegacyMetaEntry + 43, // 44: hashicorp.consul.internal.configentry.SourceIntention.LegacyCreateTime:type_name -> google.protobuf.Timestamp + 43, // 45: hashicorp.consul.internal.configentry.SourceIntention.LegacyUpdateTime:type_name -> google.protobuf.Timestamp + 40, // 46: hashicorp.consul.internal.configentry.SourceIntention.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta + 1, // 47: hashicorp.consul.internal.configentry.IntentionPermission.Action:type_name -> hashicorp.consul.internal.configentry.IntentionAction + 28, // 48: hashicorp.consul.internal.configentry.IntentionPermission.HTTP:type_name -> hashicorp.consul.internal.configentry.IntentionHTTPPermission + 29, // 49: hashicorp.consul.internal.configentry.IntentionHTTPPermission.Header:type_name -> hashicorp.consul.internal.configentry.IntentionHTTPHeaderPermission + 10, // 50: hashicorp.consul.internal.configentry.ServiceResolver.SubsetsEntry.value:type_name -> hashicorp.consul.internal.configentry.ServiceResolverSubset + 12, // 51: hashicorp.consul.internal.configentry.ServiceResolver.FailoverEntry.value:type_name -> hashicorp.consul.internal.configentry.ServiceResolverFailover 52, // [52:52] is the sub-list for method output_type 52, // [52:52] is the sub-list for method input_type 52, // [52:52] is the sub-list for extension type_name diff --git a/proto/pbconfigentry/config_entry.proto b/proto/pbconfigentry/config_entry.proto index 36e317703..0a35f4ef1 100644 --- a/proto/pbconfigentry/config_entry.proto +++ b/proto/pbconfigentry/config_entry.proto @@ -1,6 +1,6 @@ syntax = "proto3"; -package configentry; +package hashicorp.consul.internal.configentry; import "google/protobuf/duration.proto"; import "google/protobuf/timestamp.proto"; diff --git a/proto/pbconnect/connect.pb.go b/proto/pbconnect/connect.pb.go index 65f086d19..5e6adf740 100644 --- a/proto/pbconnect/connect.pb.go +++ b/proto/pbconnect/connect.pb.go @@ -518,102 +518,120 @@ var File_proto_pbconnect_connect_proto protoreflect.FileDescriptor var file_proto_pbconnect_connect_proto_rawDesc = []byte{ 0x0a, 0x1d, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x2f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, - 0x07, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, - 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, - 0x61, 0x6d, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1b, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x2f, 0x70, 0x62, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xa7, 0x01, 0x0a, 0x07, 0x43, 0x41, 0x52, 0x6f, 0x6f, - 0x74, 0x73, 0x12, 0x22, 0x0a, 0x0c, 0x41, 0x63, 0x74, 0x69, 0x76, 0x65, 0x52, 0x6f, 0x6f, 0x74, - 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x41, 0x63, 0x74, 0x69, 0x76, 0x65, - 0x52, 0x6f, 0x6f, 0x74, 0x49, 0x44, 0x12, 0x20, 0x0a, 0x0b, 0x54, 0x72, 0x75, 0x73, 0x74, 0x44, - 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x54, 0x72, 0x75, - 0x73, 0x74, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x12, 0x25, 0x0a, 0x05, 0x52, 0x6f, 0x6f, 0x74, - 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, - 0x74, 0x2e, 0x43, 0x41, 0x52, 0x6f, 0x6f, 0x74, 0x52, 0x05, 0x52, 0x6f, 0x6f, 0x74, 0x73, 0x12, - 0x2f, 0x0a, 0x09, 0x51, 0x75, 0x65, 0x72, 0x79, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x04, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x51, 0x75, 0x65, 0x72, - 0x79, 0x4d, 0x65, 0x74, 0x61, 0x52, 0x09, 0x51, 0x75, 0x65, 0x72, 0x79, 0x4d, 0x65, 0x74, 0x61, - 0x22, 0xfd, 0x04, 0x0a, 0x06, 0x43, 0x41, 0x52, 0x6f, 0x6f, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x49, - 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x49, 0x44, 0x12, 0x12, 0x0a, 0x04, 0x4e, - 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, - 0x22, 0x0a, 0x0c, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x4e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, - 0x03, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0c, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x4e, 0x75, 0x6d, - 0x62, 0x65, 0x72, 0x12, 0x22, 0x0a, 0x0c, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x4b, 0x65, - 0x79, 0x49, 0x44, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x53, 0x69, 0x67, 0x6e, 0x69, - 0x6e, 0x67, 0x4b, 0x65, 0x79, 0x49, 0x44, 0x12, 0x30, 0x0a, 0x13, 0x45, 0x78, 0x74, 0x65, 0x72, - 0x6e, 0x61, 0x6c, 0x54, 0x72, 0x75, 0x73, 0x74, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x18, 0x05, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x13, 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x54, 0x72, - 0x75, 0x73, 0x74, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x12, 0x38, 0x0a, 0x09, 0x4e, 0x6f, 0x74, - 0x42, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, - 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, - 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x09, 0x4e, 0x6f, 0x74, 0x42, 0x65, 0x66, - 0x6f, 0x72, 0x65, 0x12, 0x36, 0x0a, 0x08, 0x4e, 0x6f, 0x74, 0x41, 0x66, 0x74, 0x65, 0x72, 0x18, - 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, - 0x70, 0x52, 0x08, 0x4e, 0x6f, 0x74, 0x41, 0x66, 0x74, 0x65, 0x72, 0x12, 0x1a, 0x0a, 0x08, 0x52, - 0x6f, 0x6f, 0x74, 0x43, 0x65, 0x72, 0x74, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x52, - 0x6f, 0x6f, 0x74, 0x43, 0x65, 0x72, 0x74, 0x12, 0x2c, 0x0a, 0x11, 0x49, 0x6e, 0x74, 0x65, 0x72, - 0x6d, 0x65, 0x64, 0x69, 0x61, 0x74, 0x65, 0x43, 0x65, 0x72, 0x74, 0x73, 0x18, 0x09, 0x20, 0x03, - 0x28, 0x09, 0x52, 0x11, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6d, 0x65, 0x64, 0x69, 0x61, 0x74, 0x65, - 0x43, 0x65, 0x72, 0x74, 0x73, 0x12, 0x20, 0x0a, 0x0b, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, - 0x43, 0x65, 0x72, 0x74, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x53, 0x69, 0x67, 0x6e, - 0x69, 0x6e, 0x67, 0x43, 0x65, 0x72, 0x74, 0x12, 0x1e, 0x0a, 0x0a, 0x53, 0x69, 0x67, 0x6e, 0x69, - 0x6e, 0x67, 0x4b, 0x65, 0x79, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x53, 0x69, 0x67, - 0x6e, 0x69, 0x6e, 0x67, 0x4b, 0x65, 0x79, 0x12, 0x16, 0x0a, 0x06, 0x41, 0x63, 0x74, 0x69, 0x76, - 0x65, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x41, 0x63, 0x74, 0x69, 0x76, 0x65, 0x12, - 0x3e, 0x0a, 0x0c, 0x52, 0x6f, 0x74, 0x61, 0x74, 0x65, 0x64, 0x4f, 0x75, 0x74, 0x41, 0x74, 0x18, - 0x0d, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, - 0x70, 0x52, 0x0c, 0x52, 0x6f, 0x74, 0x61, 0x74, 0x65, 0x64, 0x4f, 0x75, 0x74, 0x41, 0x74, 0x12, - 0x26, 0x0a, 0x0e, 0x50, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x54, 0x79, 0x70, - 0x65, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x50, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, - 0x4b, 0x65, 0x79, 0x54, 0x79, 0x70, 0x65, 0x12, 0x26, 0x0a, 0x0e, 0x50, 0x72, 0x69, 0x76, 0x61, - 0x74, 0x65, 0x4b, 0x65, 0x79, 0x42, 0x69, 0x74, 0x73, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x05, 0x52, - 0x0e, 0x50, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x42, 0x69, 0x74, 0x73, 0x12, - 0x2f, 0x0a, 0x09, 0x52, 0x61, 0x66, 0x74, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x10, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x52, 0x61, 0x66, 0x74, - 0x49, 0x6e, 0x64, 0x65, 0x78, 0x52, 0x09, 0x52, 0x61, 0x66, 0x74, 0x49, 0x6e, 0x64, 0x65, 0x78, - 0x22, 0xf5, 0x03, 0x0a, 0x0a, 0x49, 0x73, 0x73, 0x75, 0x65, 0x64, 0x43, 0x65, 0x72, 0x74, 0x12, - 0x22, 0x0a, 0x0c, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x4e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x4e, 0x75, 0x6d, - 0x62, 0x65, 0x72, 0x12, 0x18, 0x0a, 0x07, 0x43, 0x65, 0x72, 0x74, 0x50, 0x45, 0x4d, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x43, 0x65, 0x72, 0x74, 0x50, 0x45, 0x4d, 0x12, 0x24, 0x0a, - 0x0d, 0x50, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x50, 0x45, 0x4d, 0x18, 0x03, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x50, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, - 0x50, 0x45, 0x4d, 0x12, 0x18, 0x0a, 0x07, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x18, 0x04, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x1e, 0x0a, - 0x0a, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x55, 0x52, 0x49, 0x18, 0x05, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x0a, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x55, 0x52, 0x49, 0x12, 0x14, 0x0a, - 0x05, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x41, 0x67, - 0x65, 0x6e, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x55, 0x52, 0x49, 0x18, - 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x55, 0x52, 0x49, 0x12, - 0x12, 0x0a, 0x04, 0x4b, 0x69, 0x6e, 0x64, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4b, - 0x69, 0x6e, 0x64, 0x12, 0x18, 0x0a, 0x07, 0x4b, 0x69, 0x6e, 0x64, 0x55, 0x52, 0x49, 0x18, 0x0d, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x4b, 0x69, 0x6e, 0x64, 0x55, 0x52, 0x49, 0x12, 0x3a, 0x0a, - 0x0a, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x41, 0x66, 0x74, 0x65, 0x72, 0x18, 0x08, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x0a, 0x56, - 0x61, 0x6c, 0x69, 0x64, 0x41, 0x66, 0x74, 0x65, 0x72, 0x12, 0x3c, 0x0a, 0x0b, 0x56, 0x61, 0x6c, - 0x69, 0x64, 0x42, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, - 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, - 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x0b, 0x56, 0x61, 0x6c, 0x69, - 0x64, 0x42, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x12, 0x3e, 0x0a, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, - 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x16, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, - 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x52, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, - 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x2f, 0x0a, 0x09, 0x52, 0x61, 0x66, 0x74, 0x49, - 0x6e, 0x64, 0x65, 0x78, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x63, 0x6f, 0x6d, + 0x21, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, + 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, + 0x63, 0x74, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x62, 0x75, 0x66, 0x2f, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x1a, 0x1b, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x63, 0x6f, 0x6d, + 0x6d, 0x6f, 0x6e, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x22, 0xdb, 0x01, 0x0a, 0x07, 0x43, 0x41, 0x52, 0x6f, 0x6f, 0x74, 0x73, 0x12, 0x22, 0x0a, 0x0c, + 0x41, 0x63, 0x74, 0x69, 0x76, 0x65, 0x52, 0x6f, 0x6f, 0x74, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x0c, 0x41, 0x63, 0x74, 0x69, 0x76, 0x65, 0x52, 0x6f, 0x6f, 0x74, 0x49, 0x44, + 0x12, 0x20, 0x0a, 0x0b, 0x54, 0x72, 0x75, 0x73, 0x74, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x54, 0x72, 0x75, 0x73, 0x74, 0x44, 0x6f, 0x6d, 0x61, + 0x69, 0x6e, 0x12, 0x3f, 0x0a, 0x05, 0x52, 0x6f, 0x6f, 0x74, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, + 0x0b, 0x32, 0x29, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, + 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, + 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x2e, 0x43, 0x41, 0x52, 0x6f, 0x6f, 0x74, 0x52, 0x05, 0x52, 0x6f, + 0x6f, 0x74, 0x73, 0x12, 0x49, 0x0a, 0x09, 0x51, 0x75, 0x65, 0x72, 0x79, 0x4d, 0x65, 0x74, 0x61, + 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, + 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, + 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x51, 0x75, 0x65, 0x72, 0x79, 0x4d, + 0x65, 0x74, 0x61, 0x52, 0x09, 0x51, 0x75, 0x65, 0x72, 0x79, 0x4d, 0x65, 0x74, 0x61, 0x22, 0x97, + 0x05, 0x0a, 0x06, 0x43, 0x41, 0x52, 0x6f, 0x6f, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x49, 0x44, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x49, 0x44, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, + 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x22, 0x0a, + 0x0c, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x4e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x03, 0x20, + 0x01, 0x28, 0x04, 0x52, 0x0c, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x4e, 0x75, 0x6d, 0x62, 0x65, + 0x72, 0x12, 0x22, 0x0a, 0x0c, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x4b, 0x65, 0x79, 0x49, + 0x44, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, + 0x4b, 0x65, 0x79, 0x49, 0x44, 0x12, 0x30, 0x0a, 0x13, 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, + 0x6c, 0x54, 0x72, 0x75, 0x73, 0x74, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x18, 0x05, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x13, 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x54, 0x72, 0x75, 0x73, + 0x74, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x12, 0x38, 0x0a, 0x09, 0x4e, 0x6f, 0x74, 0x42, 0x65, + 0x66, 0x6f, 0x72, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, + 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, + 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x09, 0x4e, 0x6f, 0x74, 0x42, 0x65, 0x66, 0x6f, 0x72, + 0x65, 0x12, 0x36, 0x0a, 0x08, 0x4e, 0x6f, 0x74, 0x41, 0x66, 0x74, 0x65, 0x72, 0x18, 0x07, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, + 0x08, 0x4e, 0x6f, 0x74, 0x41, 0x66, 0x74, 0x65, 0x72, 0x12, 0x1a, 0x0a, 0x08, 0x52, 0x6f, 0x6f, + 0x74, 0x43, 0x65, 0x72, 0x74, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x52, 0x6f, 0x6f, + 0x74, 0x43, 0x65, 0x72, 0x74, 0x12, 0x2c, 0x0a, 0x11, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6d, 0x65, + 0x64, 0x69, 0x61, 0x74, 0x65, 0x43, 0x65, 0x72, 0x74, 0x73, 0x18, 0x09, 0x20, 0x03, 0x28, 0x09, + 0x52, 0x11, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6d, 0x65, 0x64, 0x69, 0x61, 0x74, 0x65, 0x43, 0x65, + 0x72, 0x74, 0x73, 0x12, 0x20, 0x0a, 0x0b, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x43, 0x65, + 0x72, 0x74, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, + 0x67, 0x43, 0x65, 0x72, 0x74, 0x12, 0x1e, 0x0a, 0x0a, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, + 0x4b, 0x65, 0x79, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x53, 0x69, 0x67, 0x6e, 0x69, + 0x6e, 0x67, 0x4b, 0x65, 0x79, 0x12, 0x16, 0x0a, 0x06, 0x41, 0x63, 0x74, 0x69, 0x76, 0x65, 0x18, + 0x0c, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x41, 0x63, 0x74, 0x69, 0x76, 0x65, 0x12, 0x3e, 0x0a, + 0x0c, 0x52, 0x6f, 0x74, 0x61, 0x74, 0x65, 0x64, 0x4f, 0x75, 0x74, 0x41, 0x74, 0x18, 0x0d, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, + 0x0c, 0x52, 0x6f, 0x74, 0x61, 0x74, 0x65, 0x64, 0x4f, 0x75, 0x74, 0x41, 0x74, 0x12, 0x26, 0x0a, + 0x0e, 0x50, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x54, 0x79, 0x70, 0x65, 0x18, + 0x0e, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x50, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, + 0x79, 0x54, 0x79, 0x70, 0x65, 0x12, 0x26, 0x0a, 0x0e, 0x50, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, + 0x4b, 0x65, 0x79, 0x42, 0x69, 0x74, 0x73, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0e, 0x50, + 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x42, 0x69, 0x74, 0x73, 0x12, 0x49, 0x0a, + 0x09, 0x52, 0x61, 0x66, 0x74, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x10, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x2b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, + 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x52, 0x61, 0x66, 0x74, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x52, 0x09, 0x52, - 0x61, 0x66, 0x74, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x42, 0x84, 0x01, 0x0a, 0x0b, 0x63, 0x6f, 0x6d, - 0x2e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x42, 0x0c, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, - 0x74, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2b, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, - 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, - 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x63, 0x6f, - 0x6e, 0x6e, 0x65, 0x63, 0x74, 0xa2, 0x02, 0x03, 0x43, 0x58, 0x58, 0xaa, 0x02, 0x07, 0x43, 0x6f, - 0x6e, 0x6e, 0x65, 0x63, 0x74, 0xca, 0x02, 0x07, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0xe2, - 0x02, 0x13, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, - 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x07, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x62, - 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x61, 0x66, 0x74, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x22, 0xa9, 0x04, 0x0a, 0x0a, 0x49, 0x73, 0x73, + 0x75, 0x65, 0x64, 0x43, 0x65, 0x72, 0x74, 0x12, 0x22, 0x0a, 0x0c, 0x53, 0x65, 0x72, 0x69, 0x61, + 0x6c, 0x4e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x53, + 0x65, 0x72, 0x69, 0x61, 0x6c, 0x4e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x18, 0x0a, 0x07, 0x43, + 0x65, 0x72, 0x74, 0x50, 0x45, 0x4d, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x43, 0x65, + 0x72, 0x74, 0x50, 0x45, 0x4d, 0x12, 0x24, 0x0a, 0x0d, 0x50, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, + 0x4b, 0x65, 0x79, 0x50, 0x45, 0x4d, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x50, 0x72, + 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x50, 0x45, 0x4d, 0x12, 0x18, 0x0a, 0x07, 0x53, + 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x53, 0x65, + 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x1e, 0x0a, 0x0a, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, + 0x55, 0x52, 0x49, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x53, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0x55, 0x52, 0x49, 0x12, 0x14, 0x0a, 0x05, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x18, 0x06, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x41, + 0x67, 0x65, 0x6e, 0x74, 0x55, 0x52, 0x49, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x41, + 0x67, 0x65, 0x6e, 0x74, 0x55, 0x52, 0x49, 0x12, 0x12, 0x0a, 0x04, 0x4b, 0x69, 0x6e, 0x64, 0x18, + 0x0c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4b, 0x69, 0x6e, 0x64, 0x12, 0x18, 0x0a, 0x07, 0x4b, + 0x69, 0x6e, 0x64, 0x55, 0x52, 0x49, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x4b, 0x69, + 0x6e, 0x64, 0x55, 0x52, 0x49, 0x12, 0x3a, 0x0a, 0x0a, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x41, 0x66, + 0x74, 0x65, 0x72, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, + 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, + 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x0a, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x41, 0x66, 0x74, 0x65, + 0x72, 0x12, 0x3c, 0x0a, 0x0b, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x42, 0x65, 0x66, 0x6f, 0x72, 0x65, + 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, + 0x6d, 0x70, 0x52, 0x0b, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x42, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x12, + 0x58, 0x0a, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, + 0x61, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, + 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, + 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, 0x74, 0x65, 0x72, + 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x52, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, + 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x49, 0x0a, 0x09, 0x52, 0x61, 0x66, + 0x74, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x68, + 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, + 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, + 0x52, 0x61, 0x66, 0x74, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x52, 0x09, 0x52, 0x61, 0x66, 0x74, 0x49, + 0x6e, 0x64, 0x65, 0x78, 0x42, 0x8a, 0x02, 0x0a, 0x25, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, + 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, + 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x42, 0x0c, + 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2b, + 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, + 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x2f, 0x70, 0x62, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0xa2, 0x02, 0x04, 0x48, 0x43, + 0x49, 0x43, 0xaa, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, + 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x43, + 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0xca, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, + 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, + 0x61, 0x6c, 0x5c, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0xe2, 0x02, 0x2d, 0x48, 0x61, 0x73, + 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, + 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5c, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x5c, 0x47, + 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x24, 0x48, 0x61, 0x73, + 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, + 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, + 0x74, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -630,25 +648,25 @@ func file_proto_pbconnect_connect_proto_rawDescGZIP() []byte { var file_proto_pbconnect_connect_proto_msgTypes = make([]protoimpl.MessageInfo, 3) var file_proto_pbconnect_connect_proto_goTypes = []interface{}{ - (*CARoots)(nil), // 0: connect.CARoots - (*CARoot)(nil), // 1: connect.CARoot - (*IssuedCert)(nil), // 2: connect.IssuedCert - (*pbcommon.QueryMeta)(nil), // 3: common.QueryMeta + (*CARoots)(nil), // 0: hashicorp.consul.internal.connect.CARoots + (*CARoot)(nil), // 1: hashicorp.consul.internal.connect.CARoot + (*IssuedCert)(nil), // 2: hashicorp.consul.internal.connect.IssuedCert + (*pbcommon.QueryMeta)(nil), // 3: hashicorp.consul.internal.common.QueryMeta (*timestamppb.Timestamp)(nil), // 4: google.protobuf.Timestamp - (*pbcommon.RaftIndex)(nil), // 5: common.RaftIndex - (*pbcommon.EnterpriseMeta)(nil), // 6: common.EnterpriseMeta + (*pbcommon.RaftIndex)(nil), // 5: hashicorp.consul.internal.common.RaftIndex + (*pbcommon.EnterpriseMeta)(nil), // 6: hashicorp.consul.internal.common.EnterpriseMeta } var file_proto_pbconnect_connect_proto_depIdxs = []int32{ - 1, // 0: connect.CARoots.Roots:type_name -> connect.CARoot - 3, // 1: connect.CARoots.QueryMeta:type_name -> common.QueryMeta - 4, // 2: connect.CARoot.NotBefore:type_name -> google.protobuf.Timestamp - 4, // 3: connect.CARoot.NotAfter:type_name -> google.protobuf.Timestamp - 4, // 4: connect.CARoot.RotatedOutAt:type_name -> google.protobuf.Timestamp - 5, // 5: connect.CARoot.RaftIndex:type_name -> common.RaftIndex - 4, // 6: connect.IssuedCert.ValidAfter:type_name -> google.protobuf.Timestamp - 4, // 7: connect.IssuedCert.ValidBefore:type_name -> google.protobuf.Timestamp - 6, // 8: connect.IssuedCert.EnterpriseMeta:type_name -> common.EnterpriseMeta - 5, // 9: connect.IssuedCert.RaftIndex:type_name -> common.RaftIndex + 1, // 0: hashicorp.consul.internal.connect.CARoots.Roots:type_name -> hashicorp.consul.internal.connect.CARoot + 3, // 1: hashicorp.consul.internal.connect.CARoots.QueryMeta:type_name -> hashicorp.consul.internal.common.QueryMeta + 4, // 2: hashicorp.consul.internal.connect.CARoot.NotBefore:type_name -> google.protobuf.Timestamp + 4, // 3: hashicorp.consul.internal.connect.CARoot.NotAfter:type_name -> google.protobuf.Timestamp + 4, // 4: hashicorp.consul.internal.connect.CARoot.RotatedOutAt:type_name -> google.protobuf.Timestamp + 5, // 5: hashicorp.consul.internal.connect.CARoot.RaftIndex:type_name -> hashicorp.consul.internal.common.RaftIndex + 4, // 6: hashicorp.consul.internal.connect.IssuedCert.ValidAfter:type_name -> google.protobuf.Timestamp + 4, // 7: hashicorp.consul.internal.connect.IssuedCert.ValidBefore:type_name -> google.protobuf.Timestamp + 6, // 8: hashicorp.consul.internal.connect.IssuedCert.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta + 5, // 9: hashicorp.consul.internal.connect.IssuedCert.RaftIndex:type_name -> hashicorp.consul.internal.common.RaftIndex 10, // [10:10] is the sub-list for method output_type 10, // [10:10] is the sub-list for method input_type 10, // [10:10] is the sub-list for extension type_name diff --git a/proto/pbconnect/connect.proto b/proto/pbconnect/connect.proto index 4dbb8bb5f..640987316 100644 --- a/proto/pbconnect/connect.proto +++ b/proto/pbconnect/connect.proto @@ -1,6 +1,6 @@ syntax = "proto3"; -package connect; +package hashicorp.consul.internal.connect; import "google/protobuf/timestamp.proto"; import "proto/pbcommon/common.proto"; diff --git a/proto/pbpeering/peering.pb.go b/proto/pbpeering/peering.pb.go index 143dd0068..336808b72 100644 --- a/proto/pbpeering/peering.pb.go +++ b/proto/pbpeering/peering.pb.go @@ -125,7 +125,7 @@ type Peering struct { // peering relationship. // // mog: func-to=PeeringStateToAPI func-from=PeeringStateFromAPI - State PeeringState `protobuf:"varint,6,opt,name=State,proto3,enum=peering.PeeringState" json:"State,omitempty"` + State PeeringState `protobuf:"varint,6,opt,name=State,proto3,enum=hashicorp.consul.internal.peering.PeeringState" json:"State,omitempty"` // PeerID is the ID that our peer assigned to this peering. // This ID is to be used when dialing the peer, so that it can know who dialed it. PeerID string `protobuf:"bytes,7,opt,name=PeerID,proto3" json:"PeerID,omitempty"` @@ -1634,261 +1634,315 @@ var File_proto_pbpeering_peering_proto protoreflect.FileDescriptor var file_proto_pbpeering_peering_proto_rawDesc = []byte{ 0x0a, 0x1d, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2f, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, - 0x07, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, - 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, - 0x61, 0x6d, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xd9, 0x04, 0x0a, 0x07, 0x50, 0x65, - 0x65, 0x72, 0x69, 0x6e, 0x67, 0x12, 0x0e, 0x0a, 0x02, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x02, 0x49, 0x44, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, - 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, - 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x38, 0x0a, 0x09, 0x44, 0x65, 0x6c, 0x65, 0x74, - 0x65, 0x64, 0x41, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, - 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, - 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x09, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x64, 0x41, - 0x74, 0x12, 0x2e, 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, - 0x1a, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, - 0x67, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, - 0x61, 0x12, 0x2b, 0x0a, 0x05, 0x53, 0x74, 0x61, 0x74, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0e, - 0x32, 0x15, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, - 0x6e, 0x67, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x05, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x16, - 0x0a, 0x06, 0x50, 0x65, 0x65, 0x72, 0x49, 0x44, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, - 0x50, 0x65, 0x65, 0x72, 0x49, 0x44, 0x12, 0x1e, 0x0a, 0x0a, 0x50, 0x65, 0x65, 0x72, 0x43, 0x41, - 0x50, 0x65, 0x6d, 0x73, 0x18, 0x08, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x50, 0x65, 0x65, 0x72, - 0x43, 0x41, 0x50, 0x65, 0x6d, 0x73, 0x12, 0x26, 0x0a, 0x0e, 0x50, 0x65, 0x65, 0x72, 0x53, 0x65, - 0x72, 0x76, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, - 0x50, 0x65, 0x65, 0x72, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x30, - 0x0a, 0x13, 0x50, 0x65, 0x65, 0x72, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x41, 0x64, 0x64, 0x72, - 0x65, 0x73, 0x73, 0x65, 0x73, 0x18, 0x0a, 0x20, 0x03, 0x28, 0x09, 0x52, 0x13, 0x50, 0x65, 0x65, - 0x72, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, - 0x12, 0x32, 0x0a, 0x14, 0x49, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, - 0x69, 0x63, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x04, 0x52, 0x14, - 0x49, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x43, - 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x32, 0x0a, 0x14, 0x45, 0x78, 0x70, 0x6f, 0x72, 0x74, 0x65, 0x64, - 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x0e, 0x20, 0x01, - 0x28, 0x04, 0x52, 0x14, 0x45, 0x78, 0x70, 0x6f, 0x72, 0x74, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, - 0x69, 0x63, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x20, 0x0a, 0x0b, 0x43, 0x72, 0x65, 0x61, - 0x74, 0x65, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0b, 0x43, - 0x72, 0x65, 0x61, 0x74, 0x65, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x20, 0x0a, 0x0b, 0x4d, 0x6f, - 0x64, 0x69, 0x66, 0x79, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x04, 0x52, - 0x0b, 0x4d, 0x6f, 0x64, 0x69, 0x66, 0x79, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x1a, 0x37, 0x0a, 0x09, - 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, - 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, - 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xfe, 0x01, 0x0a, 0x12, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, - 0x67, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x12, 0x20, 0x0a, 0x0b, - 0x54, 0x72, 0x75, 0x73, 0x74, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x0b, 0x54, 0x72, 0x75, 0x73, 0x74, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x12, 0x1a, - 0x0a, 0x08, 0x50, 0x65, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x08, 0x50, 0x65, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, - 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, - 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1a, 0x0a, 0x08, 0x52, 0x6f, 0x6f, 0x74, - 0x50, 0x45, 0x4d, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x52, 0x6f, 0x6f, 0x74, - 0x50, 0x45, 0x4d, 0x73, 0x12, 0x2c, 0x0a, 0x11, 0x45, 0x78, 0x70, 0x6f, 0x72, 0x74, 0x65, 0x64, - 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x11, 0x45, 0x78, 0x70, 0x6f, 0x72, 0x74, 0x65, 0x64, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, - 0x6f, 0x6e, 0x12, 0x20, 0x0a, 0x0b, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x49, 0x6e, 0x64, 0x65, - 0x78, 0x18, 0x06, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0b, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x49, - 0x6e, 0x64, 0x65, 0x78, 0x12, 0x20, 0x0a, 0x0b, 0x4d, 0x6f, 0x64, 0x69, 0x66, 0x79, 0x49, 0x6e, - 0x64, 0x65, 0x78, 0x18, 0x07, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0b, 0x4d, 0x6f, 0x64, 0x69, 0x66, - 0x79, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x22, 0x66, 0x0a, 0x12, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, - 0x67, 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, - 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, - 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1e, - 0x0a, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x22, 0x41, - 0x0a, 0x13, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, 0x73, - 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x2a, 0x0a, 0x07, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, - 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x52, 0x07, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, - 0x67, 0x22, 0x52, 0x0a, 0x12, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x4c, 0x69, 0x73, 0x74, - 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, - 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, - 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1e, 0x0a, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, - 0x74, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, - 0x65, 0x6e, 0x74, 0x65, 0x72, 0x22, 0x43, 0x0a, 0x13, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, - 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x2c, 0x0a, 0x08, - 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x10, + 0x21, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, + 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, + 0x6e, 0x67, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x62, 0x75, 0x66, 0x2f, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x22, 0x8d, 0x05, 0x0a, 0x07, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x12, + 0x0e, 0x0a, 0x02, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x49, 0x44, 0x12, + 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, + 0x61, 0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, + 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, + 0x6e, 0x12, 0x38, 0x0a, 0x09, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x64, 0x41, 0x74, 0x18, 0x04, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, + 0x52, 0x09, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x64, 0x41, 0x74, 0x12, 0x48, 0x0a, 0x04, 0x4d, + 0x65, 0x74, 0x61, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x68, 0x61, 0x73, 0x68, + 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, + 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, + 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, + 0x04, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x45, 0x0a, 0x05, 0x53, 0x74, 0x61, 0x74, 0x65, 0x18, 0x06, + 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, + 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, - 0x52, 0x08, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x73, 0x22, 0xd6, 0x01, 0x0a, 0x13, 0x50, - 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x12, 0x2a, 0x0a, 0x07, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, - 0x65, 0x72, 0x69, 0x6e, 0x67, 0x52, 0x07, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x12, 0x1e, - 0x0a, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x3a, - 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x70, - 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x57, 0x72, - 0x69, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, - 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, + 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x05, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x16, 0x0a, 0x06, + 0x50, 0x65, 0x65, 0x72, 0x49, 0x44, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x50, 0x65, + 0x65, 0x72, 0x49, 0x44, 0x12, 0x1e, 0x0a, 0x0a, 0x50, 0x65, 0x65, 0x72, 0x43, 0x41, 0x50, 0x65, + 0x6d, 0x73, 0x18, 0x08, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x50, 0x65, 0x65, 0x72, 0x43, 0x41, + 0x50, 0x65, 0x6d, 0x73, 0x12, 0x26, 0x0a, 0x0e, 0x50, 0x65, 0x65, 0x72, 0x53, 0x65, 0x72, 0x76, + 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x50, 0x65, + 0x65, 0x72, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x30, 0x0a, 0x13, + 0x50, 0x65, 0x65, 0x72, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, + 0x73, 0x65, 0x73, 0x18, 0x0a, 0x20, 0x03, 0x28, 0x09, 0x52, 0x13, 0x50, 0x65, 0x65, 0x72, 0x53, + 0x65, 0x72, 0x76, 0x65, 0x72, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x12, 0x32, + 0x0a, 0x14, 0x49, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, + 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x04, 0x52, 0x14, 0x49, 0x6d, + 0x70, 0x6f, 0x72, 0x74, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x43, 0x6f, 0x75, + 0x6e, 0x74, 0x12, 0x32, 0x0a, 0x14, 0x45, 0x78, 0x70, 0x6f, 0x72, 0x74, 0x65, 0x64, 0x53, 0x65, + 0x72, 0x76, 0x69, 0x63, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x04, + 0x52, 0x14, 0x45, 0x78, 0x70, 0x6f, 0x72, 0x74, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, + 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x20, 0x0a, 0x0b, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, + 0x49, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0b, 0x43, 0x72, 0x65, + 0x61, 0x74, 0x65, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x20, 0x0a, 0x0b, 0x4d, 0x6f, 0x64, 0x69, + 0x66, 0x79, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0b, 0x4d, + 0x6f, 0x64, 0x69, 0x66, 0x79, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, - 0x02, 0x38, 0x01, 0x22, 0x16, 0x0a, 0x14, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x57, 0x72, - 0x69, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x68, 0x0a, 0x14, 0x50, - 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, - 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, - 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, - 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1e, 0x0a, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, - 0x74, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, - 0x65, 0x6e, 0x74, 0x65, 0x72, 0x22, 0x17, 0x0a, 0x15, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, - 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0xb3, - 0x01, 0x0a, 0x1f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x4c, 0x69, - 0x73, 0x74, 0x42, 0x79, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x12, 0x20, 0x0a, 0x0b, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4e, 0x61, 0x6d, - 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, - 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, - 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, - 0x63, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, - 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, - 0x12, 0x12, 0x0a, 0x04, 0x4b, 0x69, 0x6e, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, - 0x4b, 0x69, 0x6e, 0x64, 0x12, 0x1e, 0x0a, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, - 0x65, 0x72, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, - 0x6e, 0x74, 0x65, 0x72, 0x22, 0x6f, 0x0a, 0x20, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, - 0x64, 0x6c, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x42, 0x79, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, - 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x49, 0x6e, 0x64, 0x65, - 0x78, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x05, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x35, - 0x0a, 0x07, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, - 0x1b, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, - 0x67, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x07, 0x42, 0x75, - 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x22, 0x6a, 0x0a, 0x16, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, - 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, - 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, - 0x61, 0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, - 0x6e, 0x12, 0x1e, 0x0a, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, - 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, - 0x72, 0x22, 0x64, 0x0a, 0x17, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, - 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x14, 0x0a, 0x05, - 0x49, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x05, 0x49, 0x6e, 0x64, - 0x65, 0x78, 0x12, 0x33, 0x0a, 0x06, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, - 0x72, 0x69, 0x6e, 0x67, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, - 0x06, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x22, 0x2d, 0x0a, 0x1b, 0x50, 0x65, 0x65, 0x72, 0x69, - 0x6e, 0x67, 0x54, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x74, 0x65, 0x42, 0x79, 0x49, 0x44, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x02, 0x49, 0x44, 0x22, 0x1e, 0x0a, 0x1c, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, - 0x67, 0x54, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x74, 0x65, 0x42, 0x79, 0x49, 0x44, 0x52, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x8d, 0x01, 0x0a, 0x1e, 0x50, 0x65, 0x65, 0x72, 0x69, - 0x6e, 0x67, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x57, 0x72, 0x69, - 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x4b, 0x0a, 0x12, 0x50, 0x65, 0x65, - 0x72, 0x69, 0x6e, 0x67, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, - 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, - 0x6c, 0x65, 0x52, 0x12, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x54, 0x72, 0x75, 0x73, 0x74, - 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x12, 0x1e, 0x0a, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, - 0x6e, 0x74, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x44, 0x61, 0x74, 0x61, - 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x22, 0x21, 0x0a, 0x1f, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, - 0x67, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x57, 0x72, 0x69, 0x74, - 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x73, 0x0a, 0x1f, 0x50, 0x65, 0x65, - 0x72, 0x69, 0x6e, 0x67, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x44, - 0x65, 0x6c, 0x65, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, - 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, - 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1e, - 0x0a, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x22, 0x22, - 0x0a, 0x20, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, - 0x6e, 0x64, 0x6c, 0x65, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, - 0x73, 0x65, 0x22, 0xfc, 0x01, 0x0a, 0x14, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x54, - 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x50, - 0x65, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x50, - 0x65, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, - 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, - 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1e, 0x0a, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, - 0x74, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, - 0x65, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x14, 0x0a, 0x05, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x04, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x3b, 0x0a, 0x04, 0x4d, - 0x65, 0x74, 0x61, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x70, 0x65, 0x65, 0x72, - 0x69, 0x6e, 0x67, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x54, 0x6f, 0x6b, 0x65, - 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, - 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, - 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, - 0x01, 0x22, 0x3b, 0x0a, 0x15, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x54, 0x6f, 0x6b, - 0x65, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x22, 0x0a, 0x0c, 0x50, 0x65, - 0x65, 0x72, 0x69, 0x6e, 0x67, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x0c, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x22, 0x98, - 0x02, 0x0a, 0x10, 0x45, 0x73, 0x74, 0x61, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x52, 0x65, 0x71, 0x75, - 0x65, 0x73, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x50, 0x65, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x50, 0x65, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, - 0x22, 0x0a, 0x0c, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x54, 0x6f, - 0x6b, 0x65, 0x6e, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, - 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, - 0x6e, 0x12, 0x1e, 0x0a, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, - 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, - 0x72, 0x12, 0x14, 0x0a, 0x05, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x05, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x37, 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, - 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, - 0x45, 0x73, 0x74, 0x61, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, + 0x02, 0x38, 0x01, 0x22, 0xfe, 0x01, 0x0a, 0x12, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x54, + 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x54, 0x72, + 0x75, 0x73, 0x74, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x0b, 0x54, 0x72, 0x75, 0x73, 0x74, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x12, 0x1a, 0x0a, 0x08, + 0x50, 0x65, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, + 0x50, 0x65, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, + 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, + 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1a, 0x0a, 0x08, 0x52, 0x6f, 0x6f, 0x74, 0x50, 0x45, + 0x4d, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x52, 0x6f, 0x6f, 0x74, 0x50, 0x45, + 0x4d, 0x73, 0x12, 0x2c, 0x0a, 0x11, 0x45, 0x78, 0x70, 0x6f, 0x72, 0x74, 0x65, 0x64, 0x50, 0x61, + 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x45, + 0x78, 0x70, 0x6f, 0x72, 0x74, 0x65, 0x64, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, + 0x12, 0x20, 0x0a, 0x0b, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x18, + 0x06, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0b, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x49, 0x6e, 0x64, + 0x65, 0x78, 0x12, 0x20, 0x0a, 0x0b, 0x4d, 0x6f, 0x64, 0x69, 0x66, 0x79, 0x49, 0x6e, 0x64, 0x65, + 0x78, 0x18, 0x07, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0b, 0x4d, 0x6f, 0x64, 0x69, 0x66, 0x79, 0x49, + 0x6e, 0x64, 0x65, 0x78, 0x22, 0x66, 0x0a, 0x12, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x52, + 0x65, 0x61, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, + 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1c, + 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1e, 0x0a, 0x0a, + 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x22, 0x5b, 0x0a, 0x13, + 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, + 0x6e, 0x73, 0x65, 0x12, 0x44, 0x0a, 0x07, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, + 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, + 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, + 0x52, 0x07, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x22, 0x52, 0x0a, 0x12, 0x50, 0x65, 0x65, + 0x72, 0x69, 0x6e, 0x67, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, + 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1e, 0x0a, + 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x22, 0x5d, 0x0a, + 0x13, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x73, 0x70, + 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x46, 0x0a, 0x08, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x73, + 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, + 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, + 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, + 0x6e, 0x67, 0x52, 0x08, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x73, 0x22, 0x8a, 0x02, 0x0a, + 0x13, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x12, 0x44, 0x0a, 0x07, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, + 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, + 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, + 0x67, 0x52, 0x07, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x12, 0x1e, 0x0a, 0x0a, 0x44, 0x61, + 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, + 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x54, 0x0a, 0x04, 0x4d, 0x65, + 0x74, 0x61, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x40, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, + 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, + 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, + 0x72, 0x69, 0x6e, 0x67, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, - 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x13, 0x0a, 0x11, 0x45, 0x73, 0x74, - 0x61, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x2a, 0x73, - 0x0a, 0x0c, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x0d, - 0x0a, 0x09, 0x55, 0x4e, 0x44, 0x45, 0x46, 0x49, 0x4e, 0x45, 0x44, 0x10, 0x00, 0x12, 0x0b, 0x0a, - 0x07, 0x50, 0x45, 0x4e, 0x44, 0x49, 0x4e, 0x47, 0x10, 0x01, 0x12, 0x10, 0x0a, 0x0c, 0x45, 0x53, - 0x54, 0x41, 0x42, 0x4c, 0x49, 0x53, 0x48, 0x49, 0x4e, 0x47, 0x10, 0x02, 0x12, 0x0a, 0x0a, 0x06, - 0x41, 0x43, 0x54, 0x49, 0x56, 0x45, 0x10, 0x03, 0x12, 0x0b, 0x0a, 0x07, 0x46, 0x41, 0x49, 0x4c, - 0x49, 0x4e, 0x47, 0x10, 0x04, 0x12, 0x0c, 0x0a, 0x08, 0x44, 0x45, 0x4c, 0x45, 0x54, 0x49, 0x4e, - 0x47, 0x10, 0x05, 0x12, 0x0e, 0x0a, 0x0a, 0x54, 0x45, 0x52, 0x4d, 0x49, 0x4e, 0x41, 0x54, 0x45, - 0x44, 0x10, 0x06, 0x32, 0x9c, 0x05, 0x0a, 0x0e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x53, - 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x4e, 0x0a, 0x0d, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, - 0x74, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x1d, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, - 0x67, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1e, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, - 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x42, 0x0a, 0x09, 0x45, 0x73, 0x74, 0x61, 0x62, 0x6c, - 0x69, 0x73, 0x68, 0x12, 0x19, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x45, 0x73, - 0x74, 0x61, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1a, - 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x45, 0x73, 0x74, 0x61, 0x62, 0x6c, 0x69, - 0x73, 0x68, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x48, 0x0a, 0x0b, 0x50, 0x65, - 0x65, 0x72, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x61, 0x64, 0x12, 0x1b, 0x2e, 0x70, 0x65, 0x65, 0x72, - 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x61, 0x64, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, - 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, 0x73, 0x70, - 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x48, 0x0a, 0x0b, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x4c, - 0x69, 0x73, 0x74, 0x12, 0x1b, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, - 0x65, 0x72, 0x69, 0x6e, 0x67, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, - 0x1a, 0x1c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, - 0x6e, 0x67, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x4e, - 0x0a, 0x0d, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x12, - 0x1d, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, - 0x67, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1e, - 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, - 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x4b, - 0x0a, 0x0c, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x57, 0x72, 0x69, 0x74, 0x65, 0x12, 0x1c, - 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, - 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1d, 0x2e, 0x70, - 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x57, 0x72, - 0x69, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x6f, 0x0a, 0x18, 0x54, + 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x16, 0x0a, 0x14, 0x50, 0x65, 0x65, + 0x72, 0x69, 0x6e, 0x67, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, + 0x65, 0x22, 0x68, 0x0a, 0x14, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x44, 0x65, 0x6c, 0x65, + 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, + 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1c, 0x0a, + 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1e, 0x0a, 0x0a, 0x44, + 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x22, 0x17, 0x0a, 0x15, 0x50, + 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, + 0x6f, 0x6e, 0x73, 0x65, 0x22, 0xb3, 0x01, 0x0a, 0x1f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, + 0x6e, 0x64, 0x6c, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x42, 0x79, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, + 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x20, 0x0a, 0x0b, 0x53, 0x65, 0x72, 0x76, + 0x69, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x53, + 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x4e, 0x61, + 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x4e, + 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, + 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, + 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x4b, 0x69, 0x6e, 0x64, 0x18, 0x04, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4b, 0x69, 0x6e, 0x64, 0x12, 0x1e, 0x0a, 0x0a, 0x44, 0x61, + 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, + 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x22, 0x89, 0x01, 0x0a, 0x20, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x42, 0x79, - 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x28, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, - 0x67, 0x2e, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x4c, 0x69, 0x73, - 0x74, 0x42, 0x79, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, - 0x74, 0x1a, 0x29, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x54, 0x72, 0x75, 0x73, - 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x42, 0x79, 0x53, 0x65, 0x72, - 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x54, 0x0a, 0x0f, - 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x65, 0x61, 0x64, 0x12, - 0x1f, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, + 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, + 0x14, 0x0a, 0x05, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x05, + 0x49, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x4f, 0x0a, 0x07, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, + 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x35, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, + 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, + 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, + 0x6e, 0x67, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x07, 0x42, + 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x22, 0x6a, 0x0a, 0x16, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, - 0x1a, 0x20, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x54, 0x72, 0x75, 0x73, 0x74, - 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, - 0x73, 0x65, 0x42, 0x84, 0x01, 0x0a, 0x0b, 0x63, 0x6f, 0x6d, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, - 0x6e, 0x67, 0x42, 0x0c, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x50, 0x72, 0x6f, 0x74, 0x6f, - 0x50, 0x01, 0x5a, 0x2b, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, - 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0xa2, - 0x02, 0x03, 0x50, 0x58, 0x58, 0xaa, 0x02, 0x07, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0xca, - 0x02, 0x07, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0xe2, 0x02, 0x13, 0x50, 0x65, 0x65, 0x72, - 0x69, 0x6e, 0x67, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, - 0x02, 0x07, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x33, + 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, + 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, + 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, + 0x6f, 0x6e, 0x12, 0x1e, 0x0a, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, + 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, + 0x65, 0x72, 0x22, 0x7e, 0x0a, 0x17, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, + 0x65, 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x14, 0x0a, + 0x05, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x05, 0x49, 0x6e, + 0x64, 0x65, 0x78, 0x12, 0x4d, 0x0a, 0x06, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x35, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, + 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, + 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x54, + 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x06, 0x42, 0x75, 0x6e, 0x64, + 0x6c, 0x65, 0x22, 0x2d, 0x0a, 0x1b, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x54, 0x65, 0x72, + 0x6d, 0x69, 0x6e, 0x61, 0x74, 0x65, 0x42, 0x79, 0x49, 0x44, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, + 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x49, + 0x44, 0x22, 0x1e, 0x0a, 0x1c, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x54, 0x65, 0x72, 0x6d, + 0x69, 0x6e, 0x61, 0x74, 0x65, 0x42, 0x79, 0x49, 0x44, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, + 0x65, 0x22, 0xa7, 0x01, 0x0a, 0x1e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x54, 0x72, 0x75, + 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x12, 0x65, 0x0a, 0x12, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x54, + 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x35, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, + 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, + 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x54, 0x72, 0x75, 0x73, + 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x12, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, + 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x12, 0x1e, 0x0a, 0x0a, 0x44, + 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x22, 0x21, 0x0a, 0x1f, 0x50, + 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, + 0x65, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x73, + 0x0a, 0x1f, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, + 0x6e, 0x64, 0x6c, 0x65, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, + 0x74, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, + 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, + 0x69, 0x6f, 0x6e, 0x12, 0x1e, 0x0a, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, + 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, + 0x74, 0x65, 0x72, 0x22, 0x22, 0x0a, 0x20, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x54, 0x72, + 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x52, + 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x96, 0x02, 0x0a, 0x14, 0x47, 0x65, 0x6e, 0x65, + 0x72, 0x61, 0x74, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, + 0x12, 0x1a, 0x0a, 0x08, 0x50, 0x65, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x08, 0x50, 0x65, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, + 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1e, 0x0a, 0x0a, 0x44, 0x61, + 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, + 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x14, 0x0a, 0x05, 0x54, 0x6f, + 0x6b, 0x65, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x54, 0x6f, 0x6b, 0x65, 0x6e, + 0x12, 0x55, 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x41, + 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, + 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, + 0x6e, 0x67, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, + 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, + 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, + 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, + 0x22, 0x3b, 0x0a, 0x15, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x54, 0x6f, 0x6b, 0x65, + 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x22, 0x0a, 0x0c, 0x50, 0x65, 0x65, + 0x72, 0x69, 0x6e, 0x67, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x0c, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x22, 0xb2, 0x02, + 0x0a, 0x10, 0x45, 0x73, 0x74, 0x61, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x50, 0x65, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x50, 0x65, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x22, + 0x0a, 0x0c, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x54, 0x6f, 0x6b, + 0x65, 0x6e, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, + 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, + 0x12, 0x1e, 0x0a, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x04, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, + 0x12, 0x14, 0x0a, 0x05, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x05, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x51, 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x06, + 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, + 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, + 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x45, 0x73, 0x74, 0x61, 0x62, 0x6c, 0x69, + 0x73, 0x68, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, + 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, + 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, + 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, + 0x38, 0x01, 0x22, 0x13, 0x0a, 0x11, 0x45, 0x73, 0x74, 0x61, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x52, + 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x2a, 0x73, 0x0a, 0x0c, 0x50, 0x65, 0x65, 0x72, 0x69, + 0x6e, 0x67, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x0d, 0x0a, 0x09, 0x55, 0x4e, 0x44, 0x45, 0x46, + 0x49, 0x4e, 0x45, 0x44, 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07, 0x50, 0x45, 0x4e, 0x44, 0x49, 0x4e, + 0x47, 0x10, 0x01, 0x12, 0x10, 0x0a, 0x0c, 0x45, 0x53, 0x54, 0x41, 0x42, 0x4c, 0x49, 0x53, 0x48, + 0x49, 0x4e, 0x47, 0x10, 0x02, 0x12, 0x0a, 0x0a, 0x06, 0x41, 0x43, 0x54, 0x49, 0x56, 0x45, 0x10, + 0x03, 0x12, 0x0b, 0x0a, 0x07, 0x46, 0x41, 0x49, 0x4c, 0x49, 0x4e, 0x47, 0x10, 0x04, 0x12, 0x0c, + 0x0a, 0x08, 0x44, 0x45, 0x4c, 0x45, 0x54, 0x49, 0x4e, 0x47, 0x10, 0x05, 0x12, 0x0e, 0x0a, 0x0a, + 0x54, 0x45, 0x52, 0x4d, 0x49, 0x4e, 0x41, 0x54, 0x45, 0x44, 0x10, 0x06, 0x32, 0xc0, 0x08, 0x0a, + 0x0e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, + 0x82, 0x01, 0x0a, 0x0d, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x54, 0x6f, 0x6b, 0x65, + 0x6e, 0x12, 0x37, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, + 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x65, + 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x54, 0x6f, + 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x38, 0x2e, 0x68, 0x61, 0x73, + 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, + 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x47, + 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x73, 0x70, + 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x76, 0x0a, 0x09, 0x45, 0x73, 0x74, 0x61, 0x62, 0x6c, 0x69, 0x73, + 0x68, 0x12, 0x33, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, + 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x65, + 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x45, 0x73, 0x74, 0x61, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x52, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x34, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, + 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, + 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x45, 0x73, 0x74, 0x61, 0x62, + 0x6c, 0x69, 0x73, 0x68, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x7c, 0x0a, 0x0b, + 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x61, 0x64, 0x12, 0x35, 0x2e, 0x68, 0x61, + 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, + 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, + 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x1a, 0x36, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, + 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, + 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x52, 0x65, + 0x61, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x7c, 0x0a, 0x0b, 0x50, 0x65, + 0x65, 0x72, 0x69, 0x6e, 0x67, 0x4c, 0x69, 0x73, 0x74, 0x12, 0x35, 0x2e, 0x68, 0x61, 0x73, 0x68, + 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, + 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, + 0x65, 0x72, 0x69, 0x6e, 0x67, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, + 0x1a, 0x36, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, + 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, + 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x4c, 0x69, 0x73, 0x74, + 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x82, 0x01, 0x0a, 0x0d, 0x50, 0x65, 0x65, + 0x72, 0x69, 0x6e, 0x67, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x12, 0x37, 0x2e, 0x68, 0x61, 0x73, + 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, + 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, + 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, + 0x65, 0x73, 0x74, 0x1a, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, + 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, + 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x44, + 0x65, 0x6c, 0x65, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x7f, 0x0a, + 0x0c, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x57, 0x72, 0x69, 0x74, 0x65, 0x12, 0x36, 0x2e, + 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, + 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, + 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x37, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, + 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, + 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, + 0x67, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0xa3, + 0x01, 0x0a, 0x18, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x4c, 0x69, + 0x73, 0x74, 0x42, 0x79, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x42, 0x2e, 0x68, 0x61, + 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, + 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, + 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x42, + 0x79, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, + 0x43, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, + 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, + 0x69, 0x6e, 0x67, 0x2e, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x4c, + 0x69, 0x73, 0x74, 0x42, 0x79, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x70, + 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x88, 0x01, 0x0a, 0x0f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, + 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x65, 0x61, 0x64, 0x12, 0x39, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, + 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, + 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x54, 0x72, 0x75, + 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, 0x71, 0x75, + 0x65, 0x73, 0x74, 0x1a, 0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, + 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, + 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, + 0x64, 0x6c, 0x65, 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, + 0x8a, 0x02, 0x0a, 0x25, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, + 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, + 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x42, 0x0c, 0x50, 0x65, 0x65, 0x72, 0x69, + 0x6e, 0x67, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2b, 0x67, 0x69, 0x74, 0x68, 0x75, + 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, + 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x70, + 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0xa2, 0x02, 0x04, 0x48, 0x43, 0x49, 0x50, 0xaa, 0x02, 0x21, + 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, + 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, + 0x67, 0xca, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, + 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5c, 0x50, 0x65, + 0x65, 0x72, 0x69, 0x6e, 0x67, 0xe2, 0x02, 0x2d, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, + 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, + 0x6c, 0x5c, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, + 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x24, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, + 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x49, 0x6e, 0x74, 0x65, 0x72, + 0x6e, 0x61, 0x6c, 0x3a, 0x3a, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x62, 0x06, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -1906,66 +1960,66 @@ func file_proto_pbpeering_peering_proto_rawDescGZIP() []byte { var file_proto_pbpeering_peering_proto_enumTypes = make([]protoimpl.EnumInfo, 1) var file_proto_pbpeering_peering_proto_msgTypes = make([]protoimpl.MessageInfo, 28) var file_proto_pbpeering_peering_proto_goTypes = []interface{}{ - (PeeringState)(0), // 0: peering.PeeringState - (*Peering)(nil), // 1: peering.Peering - (*PeeringTrustBundle)(nil), // 2: peering.PeeringTrustBundle - (*PeeringReadRequest)(nil), // 3: peering.PeeringReadRequest - (*PeeringReadResponse)(nil), // 4: peering.PeeringReadResponse - (*PeeringListRequest)(nil), // 5: peering.PeeringListRequest - (*PeeringListResponse)(nil), // 6: peering.PeeringListResponse - (*PeeringWriteRequest)(nil), // 7: peering.PeeringWriteRequest - (*PeeringWriteResponse)(nil), // 8: peering.PeeringWriteResponse - (*PeeringDeleteRequest)(nil), // 9: peering.PeeringDeleteRequest - (*PeeringDeleteResponse)(nil), // 10: peering.PeeringDeleteResponse - (*TrustBundleListByServiceRequest)(nil), // 11: peering.TrustBundleListByServiceRequest - (*TrustBundleListByServiceResponse)(nil), // 12: peering.TrustBundleListByServiceResponse - (*TrustBundleReadRequest)(nil), // 13: peering.TrustBundleReadRequest - (*TrustBundleReadResponse)(nil), // 14: peering.TrustBundleReadResponse - (*PeeringTerminateByIDRequest)(nil), // 15: peering.PeeringTerminateByIDRequest - (*PeeringTerminateByIDResponse)(nil), // 16: peering.PeeringTerminateByIDResponse - (*PeeringTrustBundleWriteRequest)(nil), // 17: peering.PeeringTrustBundleWriteRequest - (*PeeringTrustBundleWriteResponse)(nil), // 18: peering.PeeringTrustBundleWriteResponse - (*PeeringTrustBundleDeleteRequest)(nil), // 19: peering.PeeringTrustBundleDeleteRequest - (*PeeringTrustBundleDeleteResponse)(nil), // 20: peering.PeeringTrustBundleDeleteResponse - (*GenerateTokenRequest)(nil), // 21: peering.GenerateTokenRequest - (*GenerateTokenResponse)(nil), // 22: peering.GenerateTokenResponse - (*EstablishRequest)(nil), // 23: peering.EstablishRequest - (*EstablishResponse)(nil), // 24: peering.EstablishResponse - nil, // 25: peering.Peering.MetaEntry - nil, // 26: peering.PeeringWriteRequest.MetaEntry - nil, // 27: peering.GenerateTokenRequest.MetaEntry - nil, // 28: peering.EstablishRequest.MetaEntry + (PeeringState)(0), // 0: hashicorp.consul.internal.peering.PeeringState + (*Peering)(nil), // 1: hashicorp.consul.internal.peering.Peering + (*PeeringTrustBundle)(nil), // 2: hashicorp.consul.internal.peering.PeeringTrustBundle + (*PeeringReadRequest)(nil), // 3: hashicorp.consul.internal.peering.PeeringReadRequest + (*PeeringReadResponse)(nil), // 4: hashicorp.consul.internal.peering.PeeringReadResponse + (*PeeringListRequest)(nil), // 5: hashicorp.consul.internal.peering.PeeringListRequest + (*PeeringListResponse)(nil), // 6: hashicorp.consul.internal.peering.PeeringListResponse + (*PeeringWriteRequest)(nil), // 7: hashicorp.consul.internal.peering.PeeringWriteRequest + (*PeeringWriteResponse)(nil), // 8: hashicorp.consul.internal.peering.PeeringWriteResponse + (*PeeringDeleteRequest)(nil), // 9: hashicorp.consul.internal.peering.PeeringDeleteRequest + (*PeeringDeleteResponse)(nil), // 10: hashicorp.consul.internal.peering.PeeringDeleteResponse + (*TrustBundleListByServiceRequest)(nil), // 11: hashicorp.consul.internal.peering.TrustBundleListByServiceRequest + (*TrustBundleListByServiceResponse)(nil), // 12: hashicorp.consul.internal.peering.TrustBundleListByServiceResponse + (*TrustBundleReadRequest)(nil), // 13: hashicorp.consul.internal.peering.TrustBundleReadRequest + (*TrustBundleReadResponse)(nil), // 14: hashicorp.consul.internal.peering.TrustBundleReadResponse + (*PeeringTerminateByIDRequest)(nil), // 15: hashicorp.consul.internal.peering.PeeringTerminateByIDRequest + (*PeeringTerminateByIDResponse)(nil), // 16: hashicorp.consul.internal.peering.PeeringTerminateByIDResponse + (*PeeringTrustBundleWriteRequest)(nil), // 17: hashicorp.consul.internal.peering.PeeringTrustBundleWriteRequest + (*PeeringTrustBundleWriteResponse)(nil), // 18: hashicorp.consul.internal.peering.PeeringTrustBundleWriteResponse + (*PeeringTrustBundleDeleteRequest)(nil), // 19: hashicorp.consul.internal.peering.PeeringTrustBundleDeleteRequest + (*PeeringTrustBundleDeleteResponse)(nil), // 20: hashicorp.consul.internal.peering.PeeringTrustBundleDeleteResponse + (*GenerateTokenRequest)(nil), // 21: hashicorp.consul.internal.peering.GenerateTokenRequest + (*GenerateTokenResponse)(nil), // 22: hashicorp.consul.internal.peering.GenerateTokenResponse + (*EstablishRequest)(nil), // 23: hashicorp.consul.internal.peering.EstablishRequest + (*EstablishResponse)(nil), // 24: hashicorp.consul.internal.peering.EstablishResponse + nil, // 25: hashicorp.consul.internal.peering.Peering.MetaEntry + nil, // 26: hashicorp.consul.internal.peering.PeeringWriteRequest.MetaEntry + nil, // 27: hashicorp.consul.internal.peering.GenerateTokenRequest.MetaEntry + nil, // 28: hashicorp.consul.internal.peering.EstablishRequest.MetaEntry (*timestamppb.Timestamp)(nil), // 29: google.protobuf.Timestamp } var file_proto_pbpeering_peering_proto_depIdxs = []int32{ - 29, // 0: peering.Peering.DeletedAt:type_name -> google.protobuf.Timestamp - 25, // 1: peering.Peering.Meta:type_name -> peering.Peering.MetaEntry - 0, // 2: peering.Peering.State:type_name -> peering.PeeringState - 1, // 3: peering.PeeringReadResponse.Peering:type_name -> peering.Peering - 1, // 4: peering.PeeringListResponse.Peerings:type_name -> peering.Peering - 1, // 5: peering.PeeringWriteRequest.Peering:type_name -> peering.Peering - 26, // 6: peering.PeeringWriteRequest.Meta:type_name -> peering.PeeringWriteRequest.MetaEntry - 2, // 7: peering.TrustBundleListByServiceResponse.Bundles:type_name -> peering.PeeringTrustBundle - 2, // 8: peering.TrustBundleReadResponse.Bundle:type_name -> peering.PeeringTrustBundle - 2, // 9: peering.PeeringTrustBundleWriteRequest.PeeringTrustBundle:type_name -> peering.PeeringTrustBundle - 27, // 10: peering.GenerateTokenRequest.Meta:type_name -> peering.GenerateTokenRequest.MetaEntry - 28, // 11: peering.EstablishRequest.Meta:type_name -> peering.EstablishRequest.MetaEntry - 21, // 12: peering.PeeringService.GenerateToken:input_type -> peering.GenerateTokenRequest - 23, // 13: peering.PeeringService.Establish:input_type -> peering.EstablishRequest - 3, // 14: peering.PeeringService.PeeringRead:input_type -> peering.PeeringReadRequest - 5, // 15: peering.PeeringService.PeeringList:input_type -> peering.PeeringListRequest - 9, // 16: peering.PeeringService.PeeringDelete:input_type -> peering.PeeringDeleteRequest - 7, // 17: peering.PeeringService.PeeringWrite:input_type -> peering.PeeringWriteRequest - 11, // 18: peering.PeeringService.TrustBundleListByService:input_type -> peering.TrustBundleListByServiceRequest - 13, // 19: peering.PeeringService.TrustBundleRead:input_type -> peering.TrustBundleReadRequest - 22, // 20: peering.PeeringService.GenerateToken:output_type -> peering.GenerateTokenResponse - 24, // 21: peering.PeeringService.Establish:output_type -> peering.EstablishResponse - 4, // 22: peering.PeeringService.PeeringRead:output_type -> peering.PeeringReadResponse - 6, // 23: peering.PeeringService.PeeringList:output_type -> peering.PeeringListResponse - 10, // 24: peering.PeeringService.PeeringDelete:output_type -> peering.PeeringDeleteResponse - 8, // 25: peering.PeeringService.PeeringWrite:output_type -> peering.PeeringWriteResponse - 12, // 26: peering.PeeringService.TrustBundleListByService:output_type -> peering.TrustBundleListByServiceResponse - 14, // 27: peering.PeeringService.TrustBundleRead:output_type -> peering.TrustBundleReadResponse + 29, // 0: hashicorp.consul.internal.peering.Peering.DeletedAt:type_name -> google.protobuf.Timestamp + 25, // 1: hashicorp.consul.internal.peering.Peering.Meta:type_name -> hashicorp.consul.internal.peering.Peering.MetaEntry + 0, // 2: hashicorp.consul.internal.peering.Peering.State:type_name -> hashicorp.consul.internal.peering.PeeringState + 1, // 3: hashicorp.consul.internal.peering.PeeringReadResponse.Peering:type_name -> hashicorp.consul.internal.peering.Peering + 1, // 4: hashicorp.consul.internal.peering.PeeringListResponse.Peerings:type_name -> hashicorp.consul.internal.peering.Peering + 1, // 5: hashicorp.consul.internal.peering.PeeringWriteRequest.Peering:type_name -> hashicorp.consul.internal.peering.Peering + 26, // 6: hashicorp.consul.internal.peering.PeeringWriteRequest.Meta:type_name -> hashicorp.consul.internal.peering.PeeringWriteRequest.MetaEntry + 2, // 7: hashicorp.consul.internal.peering.TrustBundleListByServiceResponse.Bundles:type_name -> hashicorp.consul.internal.peering.PeeringTrustBundle + 2, // 8: hashicorp.consul.internal.peering.TrustBundleReadResponse.Bundle:type_name -> hashicorp.consul.internal.peering.PeeringTrustBundle + 2, // 9: hashicorp.consul.internal.peering.PeeringTrustBundleWriteRequest.PeeringTrustBundle:type_name -> hashicorp.consul.internal.peering.PeeringTrustBundle + 27, // 10: hashicorp.consul.internal.peering.GenerateTokenRequest.Meta:type_name -> hashicorp.consul.internal.peering.GenerateTokenRequest.MetaEntry + 28, // 11: hashicorp.consul.internal.peering.EstablishRequest.Meta:type_name -> hashicorp.consul.internal.peering.EstablishRequest.MetaEntry + 21, // 12: hashicorp.consul.internal.peering.PeeringService.GenerateToken:input_type -> hashicorp.consul.internal.peering.GenerateTokenRequest + 23, // 13: hashicorp.consul.internal.peering.PeeringService.Establish:input_type -> hashicorp.consul.internal.peering.EstablishRequest + 3, // 14: hashicorp.consul.internal.peering.PeeringService.PeeringRead:input_type -> hashicorp.consul.internal.peering.PeeringReadRequest + 5, // 15: hashicorp.consul.internal.peering.PeeringService.PeeringList:input_type -> hashicorp.consul.internal.peering.PeeringListRequest + 9, // 16: hashicorp.consul.internal.peering.PeeringService.PeeringDelete:input_type -> hashicorp.consul.internal.peering.PeeringDeleteRequest + 7, // 17: hashicorp.consul.internal.peering.PeeringService.PeeringWrite:input_type -> hashicorp.consul.internal.peering.PeeringWriteRequest + 11, // 18: hashicorp.consul.internal.peering.PeeringService.TrustBundleListByService:input_type -> hashicorp.consul.internal.peering.TrustBundleListByServiceRequest + 13, // 19: hashicorp.consul.internal.peering.PeeringService.TrustBundleRead:input_type -> hashicorp.consul.internal.peering.TrustBundleReadRequest + 22, // 20: hashicorp.consul.internal.peering.PeeringService.GenerateToken:output_type -> hashicorp.consul.internal.peering.GenerateTokenResponse + 24, // 21: hashicorp.consul.internal.peering.PeeringService.Establish:output_type -> hashicorp.consul.internal.peering.EstablishResponse + 4, // 22: hashicorp.consul.internal.peering.PeeringService.PeeringRead:output_type -> hashicorp.consul.internal.peering.PeeringReadResponse + 6, // 23: hashicorp.consul.internal.peering.PeeringService.PeeringList:output_type -> hashicorp.consul.internal.peering.PeeringListResponse + 10, // 24: hashicorp.consul.internal.peering.PeeringService.PeeringDelete:output_type -> hashicorp.consul.internal.peering.PeeringDeleteResponse + 8, // 25: hashicorp.consul.internal.peering.PeeringService.PeeringWrite:output_type -> hashicorp.consul.internal.peering.PeeringWriteResponse + 12, // 26: hashicorp.consul.internal.peering.PeeringService.TrustBundleListByService:output_type -> hashicorp.consul.internal.peering.TrustBundleListByServiceResponse + 14, // 27: hashicorp.consul.internal.peering.PeeringService.TrustBundleRead:output_type -> hashicorp.consul.internal.peering.TrustBundleReadResponse 20, // [20:28] is the sub-list for method output_type 12, // [12:20] is the sub-list for method input_type 12, // [12:12] is the sub-list for extension type_name diff --git a/proto/pbpeering/peering.proto b/proto/pbpeering/peering.proto index d00805c19..62679bbca 100644 --- a/proto/pbpeering/peering.proto +++ b/proto/pbpeering/peering.proto @@ -1,6 +1,6 @@ syntax = "proto3"; -package peering; +package hashicorp.consul.internal.peering; import "google/protobuf/timestamp.proto"; diff --git a/proto/pbpeering/peering_grpc.pb.go b/proto/pbpeering/peering_grpc.pb.go index a073b94fb..0eb3c734a 100644 --- a/proto/pbpeering/peering_grpc.pb.go +++ b/proto/pbpeering/peering_grpc.pb.go @@ -45,7 +45,7 @@ func NewPeeringServiceClient(cc grpc.ClientConnInterface) PeeringServiceClient { func (c *peeringServiceClient) GenerateToken(ctx context.Context, in *GenerateTokenRequest, opts ...grpc.CallOption) (*GenerateTokenResponse, error) { out := new(GenerateTokenResponse) - err := c.cc.Invoke(ctx, "/peering.PeeringService/GenerateToken", in, out, opts...) + err := c.cc.Invoke(ctx, "/hashicorp.consul.internal.peering.PeeringService/GenerateToken", in, out, opts...) if err != nil { return nil, err } @@ -54,7 +54,7 @@ func (c *peeringServiceClient) GenerateToken(ctx context.Context, in *GenerateTo func (c *peeringServiceClient) Establish(ctx context.Context, in *EstablishRequest, opts ...grpc.CallOption) (*EstablishResponse, error) { out := new(EstablishResponse) - err := c.cc.Invoke(ctx, "/peering.PeeringService/Establish", in, out, opts...) + err := c.cc.Invoke(ctx, "/hashicorp.consul.internal.peering.PeeringService/Establish", in, out, opts...) if err != nil { return nil, err } @@ -63,7 +63,7 @@ func (c *peeringServiceClient) Establish(ctx context.Context, in *EstablishReque func (c *peeringServiceClient) PeeringRead(ctx context.Context, in *PeeringReadRequest, opts ...grpc.CallOption) (*PeeringReadResponse, error) { out := new(PeeringReadResponse) - err := c.cc.Invoke(ctx, "/peering.PeeringService/PeeringRead", in, out, opts...) + err := c.cc.Invoke(ctx, "/hashicorp.consul.internal.peering.PeeringService/PeeringRead", in, out, opts...) if err != nil { return nil, err } @@ -72,7 +72,7 @@ func (c *peeringServiceClient) PeeringRead(ctx context.Context, in *PeeringReadR func (c *peeringServiceClient) PeeringList(ctx context.Context, in *PeeringListRequest, opts ...grpc.CallOption) (*PeeringListResponse, error) { out := new(PeeringListResponse) - err := c.cc.Invoke(ctx, "/peering.PeeringService/PeeringList", in, out, opts...) + err := c.cc.Invoke(ctx, "/hashicorp.consul.internal.peering.PeeringService/PeeringList", in, out, opts...) if err != nil { return nil, err } @@ -81,7 +81,7 @@ func (c *peeringServiceClient) PeeringList(ctx context.Context, in *PeeringListR func (c *peeringServiceClient) PeeringDelete(ctx context.Context, in *PeeringDeleteRequest, opts ...grpc.CallOption) (*PeeringDeleteResponse, error) { out := new(PeeringDeleteResponse) - err := c.cc.Invoke(ctx, "/peering.PeeringService/PeeringDelete", in, out, opts...) + err := c.cc.Invoke(ctx, "/hashicorp.consul.internal.peering.PeeringService/PeeringDelete", in, out, opts...) if err != nil { return nil, err } @@ -90,7 +90,7 @@ func (c *peeringServiceClient) PeeringDelete(ctx context.Context, in *PeeringDel func (c *peeringServiceClient) PeeringWrite(ctx context.Context, in *PeeringWriteRequest, opts ...grpc.CallOption) (*PeeringWriteResponse, error) { out := new(PeeringWriteResponse) - err := c.cc.Invoke(ctx, "/peering.PeeringService/PeeringWrite", in, out, opts...) + err := c.cc.Invoke(ctx, "/hashicorp.consul.internal.peering.PeeringService/PeeringWrite", in, out, opts...) if err != nil { return nil, err } @@ -99,7 +99,7 @@ func (c *peeringServiceClient) PeeringWrite(ctx context.Context, in *PeeringWrit func (c *peeringServiceClient) TrustBundleListByService(ctx context.Context, in *TrustBundleListByServiceRequest, opts ...grpc.CallOption) (*TrustBundleListByServiceResponse, error) { out := new(TrustBundleListByServiceResponse) - err := c.cc.Invoke(ctx, "/peering.PeeringService/TrustBundleListByService", in, out, opts...) + err := c.cc.Invoke(ctx, "/hashicorp.consul.internal.peering.PeeringService/TrustBundleListByService", in, out, opts...) if err != nil { return nil, err } @@ -108,7 +108,7 @@ func (c *peeringServiceClient) TrustBundleListByService(ctx context.Context, in func (c *peeringServiceClient) TrustBundleRead(ctx context.Context, in *TrustBundleReadRequest, opts ...grpc.CallOption) (*TrustBundleReadResponse, error) { out := new(TrustBundleReadResponse) - err := c.cc.Invoke(ctx, "/peering.PeeringService/TrustBundleRead", in, out, opts...) + err := c.cc.Invoke(ctx, "/hashicorp.consul.internal.peering.PeeringService/TrustBundleRead", in, out, opts...) if err != nil { return nil, err } @@ -182,7 +182,7 @@ func _PeeringService_GenerateToken_Handler(srv interface{}, ctx context.Context, } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/peering.PeeringService/GenerateToken", + FullMethod: "/hashicorp.consul.internal.peering.PeeringService/GenerateToken", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(PeeringServiceServer).GenerateToken(ctx, req.(*GenerateTokenRequest)) @@ -200,7 +200,7 @@ func _PeeringService_Establish_Handler(srv interface{}, ctx context.Context, dec } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/peering.PeeringService/Establish", + FullMethod: "/hashicorp.consul.internal.peering.PeeringService/Establish", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(PeeringServiceServer).Establish(ctx, req.(*EstablishRequest)) @@ -218,7 +218,7 @@ func _PeeringService_PeeringRead_Handler(srv interface{}, ctx context.Context, d } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/peering.PeeringService/PeeringRead", + FullMethod: "/hashicorp.consul.internal.peering.PeeringService/PeeringRead", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(PeeringServiceServer).PeeringRead(ctx, req.(*PeeringReadRequest)) @@ -236,7 +236,7 @@ func _PeeringService_PeeringList_Handler(srv interface{}, ctx context.Context, d } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/peering.PeeringService/PeeringList", + FullMethod: "/hashicorp.consul.internal.peering.PeeringService/PeeringList", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(PeeringServiceServer).PeeringList(ctx, req.(*PeeringListRequest)) @@ -254,7 +254,7 @@ func _PeeringService_PeeringDelete_Handler(srv interface{}, ctx context.Context, } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/peering.PeeringService/PeeringDelete", + FullMethod: "/hashicorp.consul.internal.peering.PeeringService/PeeringDelete", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(PeeringServiceServer).PeeringDelete(ctx, req.(*PeeringDeleteRequest)) @@ -272,7 +272,7 @@ func _PeeringService_PeeringWrite_Handler(srv interface{}, ctx context.Context, } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/peering.PeeringService/PeeringWrite", + FullMethod: "/hashicorp.consul.internal.peering.PeeringService/PeeringWrite", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(PeeringServiceServer).PeeringWrite(ctx, req.(*PeeringWriteRequest)) @@ -290,7 +290,7 @@ func _PeeringService_TrustBundleListByService_Handler(srv interface{}, ctx conte } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/peering.PeeringService/TrustBundleListByService", + FullMethod: "/hashicorp.consul.internal.peering.PeeringService/TrustBundleListByService", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(PeeringServiceServer).TrustBundleListByService(ctx, req.(*TrustBundleListByServiceRequest)) @@ -308,7 +308,7 @@ func _PeeringService_TrustBundleRead_Handler(srv interface{}, ctx context.Contex } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/peering.PeeringService/TrustBundleRead", + FullMethod: "/hashicorp.consul.internal.peering.PeeringService/TrustBundleRead", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(PeeringServiceServer).TrustBundleRead(ctx, req.(*TrustBundleReadRequest)) @@ -320,7 +320,7 @@ func _PeeringService_TrustBundleRead_Handler(srv interface{}, ctx context.Contex // It's only intended for direct use with grpc.RegisterService, // and not to be introspected or modified (even as a copy) var PeeringService_ServiceDesc = grpc.ServiceDesc{ - ServiceName: "peering.PeeringService", + ServiceName: "hashicorp.consul.internal.peering.PeeringService", HandlerType: (*PeeringServiceServer)(nil), Methods: []grpc.MethodDesc{ { diff --git a/proto/pbpeerstream/peerstream.pb.go b/proto/pbpeerstream/peerstream.pb.go index 17d20ff4e..e9da9cc56 100644 --- a/proto/pbpeerstream/peerstream.pb.go +++ b/proto/pbpeerstream/peerstream.pb.go @@ -317,7 +317,7 @@ type ReplicationMessage_Response struct { // The resource being returned. Resource *anypb.Any `protobuf:"bytes,4,opt,name=Resource,proto3" json:"Resource,omitempty"` // REQUIRED. The operation to be performed in relation to the resource. - Operation Operation `protobuf:"varint,5,opt,name=operation,proto3,enum=peerstream.Operation" json:"operation,omitempty"` + Operation Operation `protobuf:"varint,5,opt,name=operation,proto3,enum=hashicorp.consul.internal.peerstream.Operation" json:"operation,omitempty"` } func (x *ReplicationMessage_Response) Reset() { @@ -432,74 +432,96 @@ var File_proto_pbpeerstream_peerstream_proto protoreflect.FileDescriptor var file_proto_pbpeerstream_peerstream_proto_rawDesc = []byte{ 0x0a, 0x23, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x70, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x2f, 0x70, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0a, 0x70, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, - 0x6d, 0x1a, 0x19, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, - 0x75, 0x66, 0x2f, 0x61, 0x6e, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1b, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x2f, 0x73, 0x74, 0x61, - 0x74, 0x75, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xe3, 0x04, 0x0a, 0x12, 0x52, 0x65, - 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, - 0x12, 0x42, 0x0a, 0x07, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x26, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x2e, 0x52, - 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, - 0x65, 0x2e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x48, 0x00, 0x52, 0x07, 0x72, 0x65, 0x71, - 0x75, 0x65, 0x73, 0x74, 0x12, 0x45, 0x0a, 0x08, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, - 0x65, 0x61, 0x6d, 0x2e, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, - 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x2e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x48, - 0x00, 0x52, 0x08, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x4b, 0x0a, 0x0a, 0x74, - 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x74, 0x65, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x29, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x2e, 0x52, 0x65, 0x70, - 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x2e, - 0x54, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x74, 0x65, 0x64, 0x48, 0x00, 0x52, 0x0a, 0x74, 0x65, - 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x74, 0x65, 0x64, 0x1a, 0x8f, 0x01, 0x0a, 0x07, 0x52, 0x65, 0x71, - 0x75, 0x65, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x50, 0x65, 0x65, 0x72, 0x49, 0x44, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x50, 0x65, 0x65, 0x72, 0x49, 0x44, 0x12, 0x24, 0x0a, 0x0d, - 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x4e, 0x6f, 0x6e, 0x63, 0x65, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x0d, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x4e, 0x6f, 0x6e, - 0x63, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x55, 0x52, - 0x4c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, - 0x65, 0x55, 0x52, 0x4c, 0x12, 0x24, 0x0a, 0x05, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x18, 0x04, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x2e, 0x53, 0x74, 0x61, - 0x74, 0x75, 0x73, 0x52, 0x05, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x1a, 0xc9, 0x01, 0x0a, 0x08, 0x52, - 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x4e, 0x6f, 0x6e, 0x63, 0x65, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x4e, 0x6f, 0x6e, 0x63, 0x65, 0x12, 0x20, 0x0a, - 0x0b, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x55, 0x52, 0x4c, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x0b, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x55, 0x52, 0x4c, 0x12, - 0x1e, 0x0a, 0x0a, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x44, 0x18, 0x03, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x0a, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x44, 0x12, - 0x30, 0x0a, 0x08, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x14, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x62, 0x75, 0x66, 0x2e, 0x41, 0x6e, 0x79, 0x52, 0x08, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, - 0x65, 0x12, 0x33, 0x0a, 0x09, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x05, - 0x20, 0x01, 0x28, 0x0e, 0x32, 0x15, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, - 0x6d, 0x2e, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x09, 0x6f, 0x70, 0x65, - 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0x0c, 0x0a, 0x0a, 0x54, 0x65, 0x72, 0x6d, 0x69, 0x6e, - 0x61, 0x74, 0x65, 0x64, 0x42, 0x09, 0x0a, 0x07, 0x50, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x22, - 0x29, 0x0a, 0x0d, 0x4c, 0x65, 0x61, 0x64, 0x65, 0x72, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, - 0x12, 0x18, 0x0a, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x2a, 0x52, 0x0a, 0x09, 0x4f, 0x70, - 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x19, 0x0a, 0x15, 0x4f, 0x50, 0x45, 0x52, 0x41, - 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, - 0x10, 0x00, 0x12, 0x14, 0x0a, 0x10, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, - 0x55, 0x50, 0x53, 0x45, 0x52, 0x54, 0x10, 0x01, 0x12, 0x14, 0x0a, 0x10, 0x4f, 0x50, 0x45, 0x52, - 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x44, 0x45, 0x4c, 0x45, 0x54, 0x45, 0x10, 0x02, 0x32, 0x6a, - 0x0a, 0x11, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x53, 0x65, 0x72, 0x76, - 0x69, 0x63, 0x65, 0x12, 0x55, 0x0a, 0x0f, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x52, 0x65, 0x73, - 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, 0x1e, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, - 0x65, 0x61, 0x6d, 0x2e, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, - 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x1a, 0x1e, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, - 0x65, 0x61, 0x6d, 0x2e, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, - 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x28, 0x01, 0x30, 0x01, 0x42, 0x99, 0x01, 0x0a, 0x0e, 0x63, - 0x6f, 0x6d, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x42, 0x0f, 0x50, - 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, - 0x5a, 0x2e, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, - 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x70, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, - 0xa2, 0x02, 0x03, 0x50, 0x58, 0x58, 0xaa, 0x02, 0x0a, 0x50, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, - 0x65, 0x61, 0x6d, 0xca, 0x02, 0x0a, 0x50, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, - 0xe2, 0x02, 0x16, 0x50, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x5c, 0x47, 0x50, - 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x0a, 0x50, 0x65, 0x65, 0x72, - 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x24, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, + 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, + 0x2e, 0x70, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x1a, 0x19, 0x67, 0x6f, 0x6f, + 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x61, 0x6e, 0x79, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1b, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, + 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x2f, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x22, 0xe5, 0x05, 0x0a, 0x12, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x12, 0x5c, 0x0a, 0x07, 0x72, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x40, 0x2e, 0x68, 0x61, + 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, + 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, + 0x61, 0x6d, 0x2e, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, + 0x73, 0x73, 0x61, 0x67, 0x65, 0x2e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x48, 0x00, 0x52, + 0x07, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x5f, 0x0a, 0x08, 0x72, 0x65, 0x73, 0x70, + 0x6f, 0x6e, 0x73, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x41, 0x2e, 0x68, 0x61, 0x73, + 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, + 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, + 0x6d, 0x2e, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, 0x73, + 0x73, 0x61, 0x67, 0x65, 0x2e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x48, 0x00, 0x52, + 0x08, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x65, 0x0a, 0x0a, 0x74, 0x65, 0x72, + 0x6d, 0x69, 0x6e, 0x61, 0x74, 0x65, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x43, 0x2e, + 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, + 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x73, 0x74, + 0x72, 0x65, 0x61, 0x6d, 0x2e, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x2e, 0x54, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x74, + 0x65, 0x64, 0x48, 0x00, 0x52, 0x0a, 0x74, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x74, 0x65, 0x64, + 0x1a, 0xa9, 0x01, 0x0a, 0x07, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06, + 0x50, 0x65, 0x65, 0x72, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x50, 0x65, + 0x65, 0x72, 0x49, 0x44, 0x12, 0x24, 0x0a, 0x0d, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, + 0x4e, 0x6f, 0x6e, 0x63, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x52, 0x65, 0x73, + 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x4e, 0x6f, 0x6e, 0x63, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x52, 0x65, + 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x55, 0x52, 0x4c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x0b, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x55, 0x52, 0x4c, 0x12, 0x3e, 0x0a, 0x05, + 0x45, 0x72, 0x72, 0x6f, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x68, 0x61, + 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, + 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x2e, 0x53, + 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x05, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x1a, 0xe3, 0x01, 0x0a, + 0x08, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x4e, 0x6f, 0x6e, + 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x4e, 0x6f, 0x6e, 0x63, 0x65, 0x12, + 0x20, 0x0a, 0x0b, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x55, 0x52, 0x4c, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x55, 0x52, + 0x4c, 0x12, 0x1e, 0x0a, 0x0a, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x44, 0x18, + 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, + 0x44, 0x12, 0x30, 0x0a, 0x08, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x04, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x41, 0x6e, 0x79, 0x52, 0x08, 0x52, 0x65, 0x73, 0x6f, 0x75, + 0x72, 0x63, 0x65, 0x12, 0x4d, 0x0a, 0x09, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x18, 0x05, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, + 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, + 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x2e, 0x4f, 0x70, + 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x09, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x1a, 0x0c, 0x0a, 0x0a, 0x54, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x74, 0x65, 0x64, + 0x42, 0x09, 0x0a, 0x07, 0x50, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x22, 0x29, 0x0a, 0x0d, 0x4c, + 0x65, 0x61, 0x64, 0x65, 0x72, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x18, 0x0a, 0x07, + 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x61, + 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x2a, 0x52, 0x0a, 0x09, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x12, 0x19, 0x0a, 0x15, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, + 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x14, + 0x0a, 0x10, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x50, 0x53, 0x45, + 0x52, 0x54, 0x10, 0x01, 0x12, 0x14, 0x0a, 0x10, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, 0x49, 0x4f, + 0x4e, 0x5f, 0x44, 0x45, 0x4c, 0x45, 0x54, 0x45, 0x10, 0x02, 0x32, 0x9f, 0x01, 0x0a, 0x11, 0x50, + 0x65, 0x65, 0x72, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, + 0x12, 0x89, 0x01, 0x0a, 0x0f, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x52, 0x65, 0x73, 0x6f, 0x75, + 0x72, 0x63, 0x65, 0x73, 0x12, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, + 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, + 0x2e, 0x70, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x2e, 0x52, 0x65, 0x70, 0x6c, + 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x1a, 0x38, + 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, + 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x73, + 0x74, 0x72, 0x65, 0x61, 0x6d, 0x2e, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x28, 0x01, 0x30, 0x01, 0x42, 0x9f, 0x02, 0x0a, + 0x28, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, + 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, + 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x42, 0x0f, 0x50, 0x65, 0x65, 0x72, 0x73, + 0x74, 0x72, 0x65, 0x61, 0x6d, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2e, 0x67, 0x69, + 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, + 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, + 0x70, 0x62, 0x70, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0xa2, 0x02, 0x04, 0x48, + 0x43, 0x49, 0x50, 0xaa, 0x02, 0x24, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, + 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, + 0x50, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0xca, 0x02, 0x24, 0x48, 0x61, 0x73, + 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, + 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5c, 0x50, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, + 0x6d, 0xe2, 0x02, 0x30, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, + 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5c, 0x50, 0x65, + 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, + 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x27, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, + 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, + 0x61, 0x6c, 0x3a, 0x3a, 0x50, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x62, 0x06, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -517,24 +539,24 @@ func file_proto_pbpeerstream_peerstream_proto_rawDescGZIP() []byte { var file_proto_pbpeerstream_peerstream_proto_enumTypes = make([]protoimpl.EnumInfo, 1) var file_proto_pbpeerstream_peerstream_proto_msgTypes = make([]protoimpl.MessageInfo, 5) var file_proto_pbpeerstream_peerstream_proto_goTypes = []interface{}{ - (Operation)(0), // 0: peerstream.Operation - (*ReplicationMessage)(nil), // 1: peerstream.ReplicationMessage - (*LeaderAddress)(nil), // 2: peerstream.LeaderAddress - (*ReplicationMessage_Request)(nil), // 3: peerstream.ReplicationMessage.Request - (*ReplicationMessage_Response)(nil), // 4: peerstream.ReplicationMessage.Response - (*ReplicationMessage_Terminated)(nil), // 5: peerstream.ReplicationMessage.Terminated - (*pbstatus.Status)(nil), // 6: status.Status + (Operation)(0), // 0: hashicorp.consul.internal.peerstream.Operation + (*ReplicationMessage)(nil), // 1: hashicorp.consul.internal.peerstream.ReplicationMessage + (*LeaderAddress)(nil), // 2: hashicorp.consul.internal.peerstream.LeaderAddress + (*ReplicationMessage_Request)(nil), // 3: hashicorp.consul.internal.peerstream.ReplicationMessage.Request + (*ReplicationMessage_Response)(nil), // 4: hashicorp.consul.internal.peerstream.ReplicationMessage.Response + (*ReplicationMessage_Terminated)(nil), // 5: hashicorp.consul.internal.peerstream.ReplicationMessage.Terminated + (*pbstatus.Status)(nil), // 6: hashicorp.consul.internal.status.Status (*anypb.Any)(nil), // 7: google.protobuf.Any } var file_proto_pbpeerstream_peerstream_proto_depIdxs = []int32{ - 3, // 0: peerstream.ReplicationMessage.request:type_name -> peerstream.ReplicationMessage.Request - 4, // 1: peerstream.ReplicationMessage.response:type_name -> peerstream.ReplicationMessage.Response - 5, // 2: peerstream.ReplicationMessage.terminated:type_name -> peerstream.ReplicationMessage.Terminated - 6, // 3: peerstream.ReplicationMessage.Request.Error:type_name -> status.Status - 7, // 4: peerstream.ReplicationMessage.Response.Resource:type_name -> google.protobuf.Any - 0, // 5: peerstream.ReplicationMessage.Response.operation:type_name -> peerstream.Operation - 1, // 6: peerstream.PeerStreamService.StreamResources:input_type -> peerstream.ReplicationMessage - 1, // 7: peerstream.PeerStreamService.StreamResources:output_type -> peerstream.ReplicationMessage + 3, // 0: hashicorp.consul.internal.peerstream.ReplicationMessage.request:type_name -> hashicorp.consul.internal.peerstream.ReplicationMessage.Request + 4, // 1: hashicorp.consul.internal.peerstream.ReplicationMessage.response:type_name -> hashicorp.consul.internal.peerstream.ReplicationMessage.Response + 5, // 2: hashicorp.consul.internal.peerstream.ReplicationMessage.terminated:type_name -> hashicorp.consul.internal.peerstream.ReplicationMessage.Terminated + 6, // 3: hashicorp.consul.internal.peerstream.ReplicationMessage.Request.Error:type_name -> hashicorp.consul.internal.status.Status + 7, // 4: hashicorp.consul.internal.peerstream.ReplicationMessage.Response.Resource:type_name -> google.protobuf.Any + 0, // 5: hashicorp.consul.internal.peerstream.ReplicationMessage.Response.operation:type_name -> hashicorp.consul.internal.peerstream.Operation + 1, // 6: hashicorp.consul.internal.peerstream.PeerStreamService.StreamResources:input_type -> hashicorp.consul.internal.peerstream.ReplicationMessage + 1, // 7: hashicorp.consul.internal.peerstream.PeerStreamService.StreamResources:output_type -> hashicorp.consul.internal.peerstream.ReplicationMessage 7, // [7:8] is the sub-list for method output_type 6, // [6:7] is the sub-list for method input_type 6, // [6:6] is the sub-list for extension type_name diff --git a/proto/pbpeerstream/peerstream.proto b/proto/pbpeerstream/peerstream.proto index 47ea8f1ae..ee19a2df7 100644 --- a/proto/pbpeerstream/peerstream.proto +++ b/proto/pbpeerstream/peerstream.proto @@ -1,6 +1,6 @@ syntax = "proto3"; -package peerstream; +package hashicorp.consul.internal.peerstream; import "google/protobuf/any.proto"; // TODO(peering): Handle this some other way diff --git a/proto/pbpeerstream/peerstream_grpc.pb.go b/proto/pbpeerstream/peerstream_grpc.pb.go index f62073ac9..dcaebed92 100644 --- a/proto/pbpeerstream/peerstream_grpc.pb.go +++ b/proto/pbpeerstream/peerstream_grpc.pb.go @@ -39,7 +39,7 @@ func NewPeerStreamServiceClient(cc grpc.ClientConnInterface) PeerStreamServiceCl } func (c *peerStreamServiceClient) StreamResources(ctx context.Context, opts ...grpc.CallOption) (PeerStreamService_StreamResourcesClient, error) { - stream, err := c.cc.NewStream(ctx, &PeerStreamService_ServiceDesc.Streams[0], "/peerstream.PeerStreamService/StreamResources", opts...) + stream, err := c.cc.NewStream(ctx, &PeerStreamService_ServiceDesc.Streams[0], "/hashicorp.consul.internal.peerstream.PeerStreamService/StreamResources", opts...) if err != nil { return nil, err } @@ -130,7 +130,7 @@ func (x *peerStreamServiceStreamResourcesServer) Recv() (*ReplicationMessage, er // It's only intended for direct use with grpc.RegisterService, // and not to be introspected or modified (even as a copy) var PeerStreamService_ServiceDesc = grpc.ServiceDesc{ - ServiceName: "peerstream.PeerStreamService", + ServiceName: "hashicorp.consul.internal.peerstream.PeerStreamService", HandlerType: (*PeerStreamServiceServer)(nil), Methods: []grpc.MethodDesc{}, Streams: []grpc.StreamDesc{ diff --git a/proto/pbservice/healthcheck.pb.go b/proto/pbservice/healthcheck.pb.go index 964ee2257..ff05cc67e 100644 --- a/proto/pbservice/healthcheck.pb.go +++ b/proto/pbservice/healthcheck.pb.go @@ -817,196 +817,218 @@ var File_proto_pbservice_healthcheck_proto protoreflect.FileDescriptor var file_proto_pbservice_healthcheck_proto_rawDesc = []byte{ 0x0a, 0x21, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2f, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x12, 0x07, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x1a, 0x1e, 0x67, 0x6f, - 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x75, - 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1b, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x63, 0x6f, 0x6d, - 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xb0, 0x04, 0x0a, 0x0b, 0x48, 0x65, - 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x6f, 0x64, - 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x6f, 0x64, 0x65, 0x12, 0x18, 0x0a, - 0x07, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x49, 0x44, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, - 0x43, 0x68, 0x65, 0x63, 0x6b, 0x49, 0x44, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, - 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x53, - 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x53, 0x74, 0x61, - 0x74, 0x75, 0x73, 0x12, 0x14, 0x0a, 0x05, 0x4e, 0x6f, 0x74, 0x65, 0x73, 0x18, 0x05, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x05, 0x4e, 0x6f, 0x74, 0x65, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x4f, 0x75, 0x74, - 0x70, 0x75, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x4f, 0x75, 0x74, 0x70, 0x75, - 0x74, 0x12, 0x1c, 0x0a, 0x09, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x49, 0x44, 0x18, 0x07, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x49, 0x44, 0x12, - 0x20, 0x0a, 0x0b, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x08, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4e, 0x61, 0x6d, - 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x54, 0x61, 0x67, 0x73, - 0x18, 0x09, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0b, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x54, - 0x61, 0x67, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, 0x18, 0x0c, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x04, 0x54, 0x79, 0x70, 0x65, 0x12, 0x3e, 0x0a, 0x0a, 0x44, 0x65, 0x66, 0x69, 0x6e, - 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x73, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, - 0x6b, 0x44, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0a, 0x44, 0x65, 0x66, - 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x2f, 0x0a, 0x09, 0x52, 0x61, 0x66, 0x74, 0x49, - 0x6e, 0x64, 0x65, 0x78, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x63, 0x6f, 0x6d, - 0x6d, 0x6f, 0x6e, 0x2e, 0x52, 0x61, 0x66, 0x74, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x52, 0x09, 0x52, - 0x61, 0x66, 0x74, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x3e, 0x0a, 0x0e, 0x45, 0x6e, 0x74, 0x65, - 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x16, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, - 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x52, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, - 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x20, 0x0a, 0x0b, 0x45, 0x78, 0x70, 0x6f, - 0x73, 0x65, 0x64, 0x50, 0x6f, 0x72, 0x74, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0b, 0x45, - 0x78, 0x70, 0x6f, 0x73, 0x65, 0x64, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x49, 0x6e, - 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x49, 0x6e, - 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, 0x18, 0x0a, 0x07, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, - 0x74, 0x18, 0x10, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, - 0x12, 0x1a, 0x0a, 0x08, 0x50, 0x65, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x11, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x08, 0x50, 0x65, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x22, 0x23, 0x0a, 0x0b, - 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x56, - 0x61, 0x6c, 0x75, 0x65, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x05, 0x56, 0x61, 0x6c, 0x75, - 0x65, 0x22, 0xc0, 0x07, 0x0a, 0x15, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, - 0x6b, 0x44, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x48, - 0x54, 0x54, 0x50, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x48, 0x54, 0x54, 0x50, 0x12, - 0x24, 0x0a, 0x0d, 0x54, 0x4c, 0x53, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, - 0x18, 0x13, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x54, 0x4c, 0x53, 0x53, 0x65, 0x72, 0x76, 0x65, - 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x24, 0x0a, 0x0d, 0x54, 0x4c, 0x53, 0x53, 0x6b, 0x69, 0x70, - 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0d, 0x54, 0x4c, - 0x53, 0x53, 0x6b, 0x69, 0x70, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x12, 0x42, 0x0a, 0x06, 0x48, - 0x65, 0x61, 0x64, 0x65, 0x72, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x73, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, - 0x6b, 0x44, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x48, 0x65, 0x61, 0x64, - 0x65, 0x72, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12, - 0x16, 0x0a, 0x06, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x06, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x42, 0x6f, 0x64, 0x79, 0x18, - 0x12, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x42, 0x6f, 0x64, 0x79, 0x12, 0x2a, 0x0a, 0x10, 0x44, - 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x73, 0x18, - 0x16, 0x20, 0x01, 0x28, 0x08, 0x52, 0x10, 0x44, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x52, 0x65, - 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x73, 0x12, 0x10, 0x0a, 0x03, 0x54, 0x43, 0x50, 0x18, 0x05, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x54, 0x43, 0x50, 0x12, 0x10, 0x0a, 0x03, 0x55, 0x44, 0x50, - 0x18, 0x17, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x55, 0x44, 0x50, 0x12, 0x35, 0x0a, 0x08, 0x49, - 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, - 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, - 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x08, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, - 0x61, 0x6c, 0x12, 0x24, 0x0a, 0x0d, 0x4f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x4d, 0x61, 0x78, 0x53, - 0x69, 0x7a, 0x65, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0d, 0x4f, 0x75, 0x74, 0x70, 0x75, - 0x74, 0x4d, 0x61, 0x78, 0x53, 0x69, 0x7a, 0x65, 0x12, 0x33, 0x0a, 0x07, 0x54, 0x69, 0x6d, 0x65, - 0x6f, 0x75, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, - 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x07, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x61, 0x0a, - 0x1e, 0x44, 0x65, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x43, 0x72, 0x69, 0x74, 0x69, - 0x63, 0x61, 0x6c, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x41, 0x66, 0x74, 0x65, 0x72, 0x18, - 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x52, 0x1e, 0x44, 0x65, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x43, 0x72, 0x69, 0x74, - 0x69, 0x63, 0x61, 0x6c, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x41, 0x66, 0x74, 0x65, 0x72, - 0x12, 0x1e, 0x0a, 0x0a, 0x53, 0x63, 0x72, 0x69, 0x70, 0x74, 0x41, 0x72, 0x67, 0x73, 0x18, 0x0a, - 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x53, 0x63, 0x72, 0x69, 0x70, 0x74, 0x41, 0x72, 0x67, 0x73, - 0x12, 0x2c, 0x0a, 0x11, 0x44, 0x6f, 0x63, 0x6b, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, - 0x6e, 0x65, 0x72, 0x49, 0x44, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x44, 0x6f, 0x63, - 0x6b, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x49, 0x44, 0x12, 0x14, - 0x0a, 0x05, 0x53, 0x68, 0x65, 0x6c, 0x6c, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x53, - 0x68, 0x65, 0x6c, 0x6c, 0x12, 0x16, 0x0a, 0x06, 0x48, 0x32, 0x50, 0x49, 0x4e, 0x47, 0x18, 0x14, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x48, 0x32, 0x50, 0x49, 0x4e, 0x47, 0x12, 0x22, 0x0a, 0x0c, - 0x48, 0x32, 0x50, 0x69, 0x6e, 0x67, 0x55, 0x73, 0x65, 0x54, 0x4c, 0x53, 0x18, 0x15, 0x20, 0x01, - 0x28, 0x08, 0x52, 0x0c, 0x48, 0x32, 0x50, 0x69, 0x6e, 0x67, 0x55, 0x73, 0x65, 0x54, 0x4c, 0x53, - 0x12, 0x12, 0x0a, 0x04, 0x47, 0x52, 0x50, 0x43, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, - 0x47, 0x52, 0x50, 0x43, 0x12, 0x1e, 0x0a, 0x0a, 0x47, 0x52, 0x50, 0x43, 0x55, 0x73, 0x65, 0x54, - 0x4c, 0x53, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x47, 0x52, 0x50, 0x43, 0x55, 0x73, - 0x65, 0x54, 0x4c, 0x53, 0x12, 0x1c, 0x0a, 0x09, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x4e, 0x6f, 0x64, - 0x65, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x4e, 0x6f, - 0x64, 0x65, 0x12, 0x22, 0x0a, 0x0c, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x53, 0x65, 0x72, 0x76, 0x69, - 0x63, 0x65, 0x18, 0x10, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x53, - 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x2b, 0x0a, 0x03, 0x54, 0x54, 0x4c, 0x18, 0x11, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x03, - 0x54, 0x54, 0x4c, 0x1a, 0x4f, 0x0a, 0x0b, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x45, 0x6e, 0x74, - 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x03, 0x6b, 0x65, 0x79, 0x12, 0x2a, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x48, 0x65, - 0x61, 0x64, 0x65, 0x72, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, - 0x3a, 0x02, 0x38, 0x01, 0x22, 0xe2, 0x09, 0x0a, 0x09, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x54, 0x79, - 0x70, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x49, 0x44, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x07, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x49, 0x44, 0x12, 0x12, 0x0a, 0x04, - 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, - 0x12, 0x16, 0x0a, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x14, 0x0a, 0x05, 0x4e, 0x6f, 0x74, 0x65, - 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x4e, 0x6f, 0x74, 0x65, 0x73, 0x12, 0x1e, - 0x0a, 0x0a, 0x53, 0x63, 0x72, 0x69, 0x70, 0x74, 0x41, 0x72, 0x67, 0x73, 0x18, 0x05, 0x20, 0x03, - 0x28, 0x09, 0x52, 0x0a, 0x53, 0x63, 0x72, 0x69, 0x70, 0x74, 0x41, 0x72, 0x67, 0x73, 0x12, 0x12, - 0x0a, 0x04, 0x48, 0x54, 0x54, 0x50, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x48, 0x54, - 0x54, 0x50, 0x12, 0x36, 0x0a, 0x06, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x18, 0x14, 0x20, 0x03, - 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x43, 0x68, 0x65, - 0x63, 0x6b, 0x54, 0x79, 0x70, 0x65, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x45, 0x6e, 0x74, - 0x72, 0x79, 0x52, 0x06, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12, 0x16, 0x0a, 0x06, 0x4d, 0x65, - 0x74, 0x68, 0x6f, 0x64, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x4d, 0x65, 0x74, 0x68, - 0x6f, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x42, 0x6f, 0x64, 0x79, 0x18, 0x1a, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x04, 0x42, 0x6f, 0x64, 0x79, 0x12, 0x2a, 0x0a, 0x10, 0x44, 0x69, 0x73, 0x61, 0x62, 0x6c, - 0x65, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x73, 0x18, 0x1f, 0x20, 0x01, 0x28, 0x08, - 0x52, 0x10, 0x44, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, - 0x74, 0x73, 0x12, 0x10, 0x0a, 0x03, 0x54, 0x43, 0x50, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x03, 0x54, 0x43, 0x50, 0x12, 0x10, 0x0a, 0x03, 0x55, 0x44, 0x50, 0x18, 0x20, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x03, 0x55, 0x44, 0x50, 0x12, 0x35, 0x0a, 0x08, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, - 0x61, 0x6c, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, - 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x52, 0x08, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, 0x1c, 0x0a, - 0x09, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x4e, 0x6f, 0x64, 0x65, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x09, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x4e, 0x6f, 0x64, 0x65, 0x12, 0x22, 0x0a, 0x0c, 0x41, - 0x6c, 0x69, 0x61, 0x73, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x18, 0x0b, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x0c, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, - 0x2c, 0x0a, 0x11, 0x44, 0x6f, 0x63, 0x6b, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, - 0x65, 0x72, 0x49, 0x44, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x44, 0x6f, 0x63, 0x6b, - 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x49, 0x44, 0x12, 0x14, 0x0a, - 0x05, 0x53, 0x68, 0x65, 0x6c, 0x6c, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x53, 0x68, - 0x65, 0x6c, 0x6c, 0x12, 0x16, 0x0a, 0x06, 0x48, 0x32, 0x50, 0x49, 0x4e, 0x47, 0x18, 0x1c, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x06, 0x48, 0x32, 0x50, 0x49, 0x4e, 0x47, 0x12, 0x22, 0x0a, 0x0c, 0x48, - 0x32, 0x50, 0x69, 0x6e, 0x67, 0x55, 0x73, 0x65, 0x54, 0x4c, 0x53, 0x18, 0x1e, 0x20, 0x01, 0x28, - 0x08, 0x52, 0x0c, 0x48, 0x32, 0x50, 0x69, 0x6e, 0x67, 0x55, 0x73, 0x65, 0x54, 0x4c, 0x53, 0x12, - 0x12, 0x0a, 0x04, 0x47, 0x52, 0x50, 0x43, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x47, - 0x52, 0x50, 0x43, 0x12, 0x1e, 0x0a, 0x0a, 0x47, 0x52, 0x50, 0x43, 0x55, 0x73, 0x65, 0x54, 0x4c, - 0x53, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x47, 0x52, 0x50, 0x43, 0x55, 0x73, 0x65, - 0x54, 0x4c, 0x53, 0x12, 0x24, 0x0a, 0x0d, 0x54, 0x4c, 0x53, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, - 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x1b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x54, 0x4c, 0x53, 0x53, - 0x65, 0x72, 0x76, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x24, 0x0a, 0x0d, 0x54, 0x4c, 0x53, - 0x53, 0x6b, 0x69, 0x70, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x18, 0x10, 0x20, 0x01, 0x28, 0x08, - 0x52, 0x0d, 0x54, 0x4c, 0x53, 0x53, 0x6b, 0x69, 0x70, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x12, - 0x33, 0x0a, 0x07, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x11, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, - 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x07, 0x54, 0x69, 0x6d, - 0x65, 0x6f, 0x75, 0x74, 0x12, 0x2b, 0x0a, 0x03, 0x54, 0x54, 0x4c, 0x18, 0x12, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x03, 0x54, 0x54, - 0x4c, 0x12, 0x32, 0x0a, 0x14, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x42, 0x65, 0x66, 0x6f, - 0x72, 0x65, 0x50, 0x61, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x18, 0x15, 0x20, 0x01, 0x28, 0x05, 0x52, - 0x14, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x42, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x50, 0x61, - 0x73, 0x73, 0x69, 0x6e, 0x67, 0x12, 0x34, 0x0a, 0x15, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, - 0x73, 0x42, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x57, 0x61, 0x72, 0x6e, 0x69, 0x6e, 0x67, 0x18, 0x1d, - 0x20, 0x01, 0x28, 0x05, 0x52, 0x15, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x73, 0x42, 0x65, - 0x66, 0x6f, 0x72, 0x65, 0x57, 0x61, 0x72, 0x6e, 0x69, 0x6e, 0x67, 0x12, 0x36, 0x0a, 0x16, 0x46, - 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x73, 0x42, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x43, 0x72, 0x69, - 0x74, 0x69, 0x63, 0x61, 0x6c, 0x18, 0x16, 0x20, 0x01, 0x28, 0x05, 0x52, 0x16, 0x46, 0x61, 0x69, - 0x6c, 0x75, 0x72, 0x65, 0x73, 0x42, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x43, 0x72, 0x69, 0x74, 0x69, - 0x63, 0x61, 0x6c, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x48, 0x54, 0x54, 0x50, - 0x18, 0x17, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x48, 0x54, 0x54, - 0x50, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x47, 0x52, 0x50, 0x43, 0x18, 0x18, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x47, 0x52, 0x50, 0x43, 0x12, + 0x6f, 0x74, 0x6f, 0x12, 0x21, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, + 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x73, + 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1b, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, + 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x22, 0xfe, 0x04, 0x0a, 0x0b, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, + 0x65, 0x63, 0x6b, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x04, 0x4e, 0x6f, 0x64, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x43, 0x68, 0x65, 0x63, 0x6b, + 0x49, 0x44, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x49, + 0x44, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, + 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x14, 0x0a, + 0x05, 0x4e, 0x6f, 0x74, 0x65, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x4e, 0x6f, + 0x74, 0x65, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x4f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x18, 0x06, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x06, 0x4f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x12, 0x1c, 0x0a, 0x09, 0x53, + 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x49, 0x44, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, + 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x49, 0x44, 0x12, 0x20, 0x0a, 0x0b, 0x53, 0x65, 0x72, + 0x76, 0x69, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, + 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x53, + 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x54, 0x61, 0x67, 0x73, 0x18, 0x09, 0x20, 0x03, 0x28, 0x09, + 0x52, 0x0b, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x54, 0x61, 0x67, 0x73, 0x12, 0x12, 0x0a, + 0x04, 0x54, 0x79, 0x70, 0x65, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x54, 0x79, 0x70, + 0x65, 0x12, 0x58, 0x0a, 0x0a, 0x44, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, + 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, + 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, + 0x6c, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, + 0x43, 0x68, 0x65, 0x63, 0x6b, 0x44, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x52, + 0x0a, 0x44, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x49, 0x0a, 0x09, 0x52, + 0x61, 0x66, 0x74, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, + 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, + 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, + 0x6e, 0x2e, 0x52, 0x61, 0x66, 0x74, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x52, 0x09, 0x52, 0x61, 0x66, + 0x74, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x58, 0x0a, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, + 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, + 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, + 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, + 0x6e, 0x2e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, + 0x52, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, + 0x12, 0x20, 0x0a, 0x0b, 0x45, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x64, 0x50, 0x6f, 0x72, 0x74, 0x18, + 0x0e, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0b, 0x45, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x64, 0x50, 0x6f, + 0x72, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x0f, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, 0x18, + 0x0a, 0x07, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x10, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x07, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x50, 0x65, 0x65, 0x72, + 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x11, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x50, 0x65, 0x65, 0x72, + 0x4e, 0x61, 0x6d, 0x65, 0x22, 0x23, 0x0a, 0x0b, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x56, 0x61, + 0x6c, 0x75, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x01, 0x20, 0x03, + 0x28, 0x09, 0x52, 0x05, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x22, 0xf4, 0x07, 0x0a, 0x15, 0x48, 0x65, + 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x44, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, + 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x48, 0x54, 0x54, 0x50, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x04, 0x48, 0x54, 0x54, 0x50, 0x12, 0x24, 0x0a, 0x0d, 0x54, 0x4c, 0x53, 0x53, 0x65, + 0x72, 0x76, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x13, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, + 0x54, 0x4c, 0x53, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x24, 0x0a, + 0x0d, 0x54, 0x4c, 0x53, 0x53, 0x6b, 0x69, 0x70, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x08, 0x52, 0x0d, 0x54, 0x4c, 0x53, 0x53, 0x6b, 0x69, 0x70, 0x56, 0x65, 0x72, + 0x69, 0x66, 0x79, 0x12, 0x5c, 0x0a, 0x06, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x18, 0x03, 0x20, + 0x03, 0x28, 0x0b, 0x32, 0x44, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, + 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, + 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, + 0x65, 0x63, 0x6b, 0x44, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x48, 0x65, + 0x61, 0x64, 0x65, 0x72, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, 0x48, 0x65, 0x61, 0x64, 0x65, + 0x72, 0x12, 0x16, 0x0a, 0x06, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x06, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x42, 0x6f, 0x64, + 0x79, 0x18, 0x12, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x42, 0x6f, 0x64, 0x79, 0x12, 0x2a, 0x0a, + 0x10, 0x44, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, + 0x73, 0x18, 0x16, 0x20, 0x01, 0x28, 0x08, 0x52, 0x10, 0x44, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, + 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x73, 0x12, 0x10, 0x0a, 0x03, 0x54, 0x43, 0x50, + 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x54, 0x43, 0x50, 0x12, 0x10, 0x0a, 0x03, 0x55, + 0x44, 0x50, 0x18, 0x17, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x55, 0x44, 0x50, 0x12, 0x35, 0x0a, + 0x08, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, + 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x08, 0x49, 0x6e, 0x74, 0x65, + 0x72, 0x76, 0x61, 0x6c, 0x12, 0x24, 0x0a, 0x0d, 0x4f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x4d, 0x61, + 0x78, 0x53, 0x69, 0x7a, 0x65, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0d, 0x4f, 0x75, 0x74, + 0x70, 0x75, 0x74, 0x4d, 0x61, 0x78, 0x53, 0x69, 0x7a, 0x65, 0x12, 0x33, 0x0a, 0x07, 0x54, 0x69, + 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, + 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, + 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x07, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x61, 0x0a, 0x1e, 0x44, 0x65, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x43, 0x72, 0x69, 0x74, 0x69, 0x63, 0x61, 0x6c, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x41, 0x66, 0x74, 0x65, - 0x72, 0x18, 0x13, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, + 0x72, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x1e, 0x44, 0x65, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x43, 0x72, 0x69, 0x74, 0x69, 0x63, 0x61, 0x6c, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x41, 0x66, 0x74, - 0x65, 0x72, 0x12, 0x24, 0x0a, 0x0d, 0x4f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x4d, 0x61, 0x78, 0x53, - 0x69, 0x7a, 0x65, 0x18, 0x19, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0d, 0x4f, 0x75, 0x74, 0x70, 0x75, - 0x74, 0x4d, 0x61, 0x78, 0x53, 0x69, 0x7a, 0x65, 0x1a, 0x4f, 0x0a, 0x0b, 0x48, 0x65, 0x61, 0x64, - 0x65, 0x72, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x2a, 0x0a, 0x05, 0x76, 0x61, 0x6c, - 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, + 0x65, 0x72, 0x12, 0x1e, 0x0a, 0x0a, 0x53, 0x63, 0x72, 0x69, 0x70, 0x74, 0x41, 0x72, 0x67, 0x73, + 0x18, 0x0a, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x53, 0x63, 0x72, 0x69, 0x70, 0x74, 0x41, 0x72, + 0x67, 0x73, 0x12, 0x2c, 0x0a, 0x11, 0x44, 0x6f, 0x63, 0x6b, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x74, + 0x61, 0x69, 0x6e, 0x65, 0x72, 0x49, 0x44, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x44, + 0x6f, 0x63, 0x6b, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x49, 0x44, + 0x12, 0x14, 0x0a, 0x05, 0x53, 0x68, 0x65, 0x6c, 0x6c, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x05, 0x53, 0x68, 0x65, 0x6c, 0x6c, 0x12, 0x16, 0x0a, 0x06, 0x48, 0x32, 0x50, 0x49, 0x4e, 0x47, + 0x18, 0x14, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x48, 0x32, 0x50, 0x49, 0x4e, 0x47, 0x12, 0x22, + 0x0a, 0x0c, 0x48, 0x32, 0x50, 0x69, 0x6e, 0x67, 0x55, 0x73, 0x65, 0x54, 0x4c, 0x53, 0x18, 0x15, + 0x20, 0x01, 0x28, 0x08, 0x52, 0x0c, 0x48, 0x32, 0x50, 0x69, 0x6e, 0x67, 0x55, 0x73, 0x65, 0x54, + 0x4c, 0x53, 0x12, 0x12, 0x0a, 0x04, 0x47, 0x52, 0x50, 0x43, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x04, 0x47, 0x52, 0x50, 0x43, 0x12, 0x1e, 0x0a, 0x0a, 0x47, 0x52, 0x50, 0x43, 0x55, 0x73, + 0x65, 0x54, 0x4c, 0x53, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x47, 0x52, 0x50, 0x43, + 0x55, 0x73, 0x65, 0x54, 0x4c, 0x53, 0x12, 0x1c, 0x0a, 0x09, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x4e, + 0x6f, 0x64, 0x65, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x41, 0x6c, 0x69, 0x61, 0x73, + 0x4e, 0x6f, 0x64, 0x65, 0x12, 0x22, 0x0a, 0x0c, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x53, 0x65, 0x72, + 0x76, 0x69, 0x63, 0x65, 0x18, 0x10, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x41, 0x6c, 0x69, 0x61, + 0x73, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x2b, 0x0a, 0x03, 0x54, 0x54, 0x4c, 0x18, + 0x11, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x52, 0x03, 0x54, 0x54, 0x4c, 0x1a, 0x69, 0x0a, 0x0b, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x45, + 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x44, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, + 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, + 0x6c, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, + 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, + 0x22, 0x96, 0x0a, 0x0a, 0x09, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x54, 0x79, 0x70, 0x65, 0x12, 0x18, + 0x0a, 0x07, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x07, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x49, 0x44, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x16, 0x0a, 0x06, + 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x53, 0x74, + 0x61, 0x74, 0x75, 0x73, 0x12, 0x14, 0x0a, 0x05, 0x4e, 0x6f, 0x74, 0x65, 0x73, 0x18, 0x04, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x05, 0x4e, 0x6f, 0x74, 0x65, 0x73, 0x12, 0x1e, 0x0a, 0x0a, 0x53, 0x63, + 0x72, 0x69, 0x70, 0x74, 0x41, 0x72, 0x67, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, + 0x53, 0x63, 0x72, 0x69, 0x70, 0x74, 0x41, 0x72, 0x67, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x48, 0x54, + 0x54, 0x50, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x48, 0x54, 0x54, 0x50, 0x12, 0x50, + 0x0a, 0x06, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x18, 0x14, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x38, + 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, + 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0x2e, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x54, 0x79, 0x70, 0x65, 0x2e, 0x48, 0x65, 0x61, + 0x64, 0x65, 0x72, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, + 0x12, 0x16, 0x0a, 0x06, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x06, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x42, 0x6f, 0x64, 0x79, + 0x18, 0x1a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x42, 0x6f, 0x64, 0x79, 0x12, 0x2a, 0x0a, 0x10, + 0x44, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x73, + 0x18, 0x1f, 0x20, 0x01, 0x28, 0x08, 0x52, 0x10, 0x44, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x52, + 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x73, 0x12, 0x10, 0x0a, 0x03, 0x54, 0x43, 0x50, 0x18, + 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x54, 0x43, 0x50, 0x12, 0x10, 0x0a, 0x03, 0x55, 0x44, + 0x50, 0x18, 0x20, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x55, 0x44, 0x50, 0x12, 0x35, 0x0a, 0x08, + 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, + 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, + 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x08, 0x49, 0x6e, 0x74, 0x65, 0x72, + 0x76, 0x61, 0x6c, 0x12, 0x1c, 0x0a, 0x09, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x4e, 0x6f, 0x64, 0x65, + 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x4e, 0x6f, 0x64, + 0x65, 0x12, 0x22, 0x0a, 0x0c, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, + 0x65, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x53, 0x65, + 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x2c, 0x0a, 0x11, 0x44, 0x6f, 0x63, 0x6b, 0x65, 0x72, 0x43, + 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x49, 0x44, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x11, 0x44, 0x6f, 0x63, 0x6b, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, + 0x72, 0x49, 0x44, 0x12, 0x14, 0x0a, 0x05, 0x53, 0x68, 0x65, 0x6c, 0x6c, 0x18, 0x0d, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x05, 0x53, 0x68, 0x65, 0x6c, 0x6c, 0x12, 0x16, 0x0a, 0x06, 0x48, 0x32, 0x50, + 0x49, 0x4e, 0x47, 0x18, 0x1c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x48, 0x32, 0x50, 0x49, 0x4e, + 0x47, 0x12, 0x22, 0x0a, 0x0c, 0x48, 0x32, 0x50, 0x69, 0x6e, 0x67, 0x55, 0x73, 0x65, 0x54, 0x4c, + 0x53, 0x18, 0x1e, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0c, 0x48, 0x32, 0x50, 0x69, 0x6e, 0x67, 0x55, + 0x73, 0x65, 0x54, 0x4c, 0x53, 0x12, 0x12, 0x0a, 0x04, 0x47, 0x52, 0x50, 0x43, 0x18, 0x0e, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x04, 0x47, 0x52, 0x50, 0x43, 0x12, 0x1e, 0x0a, 0x0a, 0x47, 0x52, 0x50, + 0x43, 0x55, 0x73, 0x65, 0x54, 0x4c, 0x53, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x47, + 0x52, 0x50, 0x43, 0x55, 0x73, 0x65, 0x54, 0x4c, 0x53, 0x12, 0x24, 0x0a, 0x0d, 0x54, 0x4c, 0x53, + 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x1b, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x0d, 0x54, 0x4c, 0x53, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, + 0x24, 0x0a, 0x0d, 0x54, 0x4c, 0x53, 0x53, 0x6b, 0x69, 0x70, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, + 0x18, 0x10, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0d, 0x54, 0x4c, 0x53, 0x53, 0x6b, 0x69, 0x70, 0x56, + 0x65, 0x72, 0x69, 0x66, 0x79, 0x12, 0x33, 0x0a, 0x07, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, + 0x18, 0x11, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x52, 0x07, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x2b, 0x0a, 0x03, 0x54, 0x54, + 0x4c, 0x18, 0x12, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x52, 0x03, 0x54, 0x54, 0x4c, 0x12, 0x32, 0x0a, 0x14, 0x53, 0x75, 0x63, 0x63, 0x65, + 0x73, 0x73, 0x42, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x50, 0x61, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x18, + 0x15, 0x20, 0x01, 0x28, 0x05, 0x52, 0x14, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x42, 0x65, + 0x66, 0x6f, 0x72, 0x65, 0x50, 0x61, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x12, 0x34, 0x0a, 0x15, 0x46, + 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x73, 0x42, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x57, 0x61, 0x72, + 0x6e, 0x69, 0x6e, 0x67, 0x18, 0x1d, 0x20, 0x01, 0x28, 0x05, 0x52, 0x15, 0x46, 0x61, 0x69, 0x6c, + 0x75, 0x72, 0x65, 0x73, 0x42, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x57, 0x61, 0x72, 0x6e, 0x69, 0x6e, + 0x67, 0x12, 0x36, 0x0a, 0x16, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x73, 0x42, 0x65, 0x66, + 0x6f, 0x72, 0x65, 0x43, 0x72, 0x69, 0x74, 0x69, 0x63, 0x61, 0x6c, 0x18, 0x16, 0x20, 0x01, 0x28, + 0x05, 0x52, 0x16, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x73, 0x42, 0x65, 0x66, 0x6f, 0x72, + 0x65, 0x43, 0x72, 0x69, 0x74, 0x69, 0x63, 0x61, 0x6c, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x72, 0x6f, + 0x78, 0x79, 0x48, 0x54, 0x54, 0x50, 0x18, 0x17, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x72, + 0x6f, 0x78, 0x79, 0x48, 0x54, 0x54, 0x50, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x72, 0x6f, 0x78, 0x79, + 0x47, 0x52, 0x50, 0x43, 0x18, 0x18, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x72, 0x6f, 0x78, + 0x79, 0x47, 0x52, 0x50, 0x43, 0x12, 0x61, 0x0a, 0x1e, 0x44, 0x65, 0x72, 0x65, 0x67, 0x69, 0x73, + 0x74, 0x65, 0x72, 0x43, 0x72, 0x69, 0x74, 0x69, 0x63, 0x61, 0x6c, 0x53, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0x41, 0x66, 0x74, 0x65, 0x72, 0x18, 0x13, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, + 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, + 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x1e, 0x44, 0x65, 0x72, 0x65, 0x67, 0x69, + 0x73, 0x74, 0x65, 0x72, 0x43, 0x72, 0x69, 0x74, 0x69, 0x63, 0x61, 0x6c, 0x53, 0x65, 0x72, 0x76, + 0x69, 0x63, 0x65, 0x41, 0x66, 0x74, 0x65, 0x72, 0x12, 0x24, 0x0a, 0x0d, 0x4f, 0x75, 0x74, 0x70, + 0x75, 0x74, 0x4d, 0x61, 0x78, 0x53, 0x69, 0x7a, 0x65, 0x18, 0x19, 0x20, 0x01, 0x28, 0x05, 0x52, + 0x0d, 0x4f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x4d, 0x61, 0x78, 0x53, 0x69, 0x7a, 0x65, 0x1a, 0x69, + 0x0a, 0x0b, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, + 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, + 0x44, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2e, + 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, + 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x05, - 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x42, 0x88, 0x01, 0x0a, 0x0b, 0x63, 0x6f, - 0x6d, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x42, 0x10, 0x48, 0x65, 0x61, 0x6c, 0x74, - 0x68, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2b, 0x67, - 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, - 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x2f, 0x70, 0x62, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0xa2, 0x02, 0x03, 0x53, 0x58, 0x58, - 0xaa, 0x02, 0x07, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0xca, 0x02, 0x07, 0x53, 0x65, 0x72, - 0x76, 0x69, 0x63, 0x65, 0xe2, 0x02, 0x13, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5c, 0x47, - 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x07, 0x53, 0x65, 0x72, - 0x76, 0x69, 0x63, 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x42, 0x8e, 0x02, 0x0a, 0x25, 0x63, 0x6f, + 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, + 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x73, 0x65, 0x72, 0x76, + 0x69, 0x63, 0x65, 0x42, 0x10, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x63, 0x68, 0x65, 0x63, 0x6b, + 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2b, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, + 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, + 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x73, 0x65, 0x72, + 0x76, 0x69, 0x63, 0x65, 0xa2, 0x02, 0x04, 0x48, 0x43, 0x49, 0x53, 0xaa, 0x02, 0x21, 0x48, 0x61, + 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x49, + 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0xca, + 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, + 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5c, 0x53, 0x65, 0x72, 0x76, + 0x69, 0x63, 0x65, 0xe2, 0x02, 0x2d, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, + 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5c, + 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, + 0x61, 0x74, 0x61, 0xea, 0x02, 0x24, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, + 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, + 0x6c, 0x3a, 0x3a, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x33, } var ( @@ -1023,32 +1045,32 @@ func file_proto_pbservice_healthcheck_proto_rawDescGZIP() []byte { var file_proto_pbservice_healthcheck_proto_msgTypes = make([]protoimpl.MessageInfo, 6) var file_proto_pbservice_healthcheck_proto_goTypes = []interface{}{ - (*HealthCheck)(nil), // 0: service.HealthCheck - (*HeaderValue)(nil), // 1: service.HeaderValue - (*HealthCheckDefinition)(nil), // 2: service.HealthCheckDefinition - (*CheckType)(nil), // 3: service.CheckType - nil, // 4: service.HealthCheckDefinition.HeaderEntry - nil, // 5: service.CheckType.HeaderEntry - (*pbcommon.RaftIndex)(nil), // 6: common.RaftIndex - (*pbcommon.EnterpriseMeta)(nil), // 7: common.EnterpriseMeta + (*HealthCheck)(nil), // 0: hashicorp.consul.internal.service.HealthCheck + (*HeaderValue)(nil), // 1: hashicorp.consul.internal.service.HeaderValue + (*HealthCheckDefinition)(nil), // 2: hashicorp.consul.internal.service.HealthCheckDefinition + (*CheckType)(nil), // 3: hashicorp.consul.internal.service.CheckType + nil, // 4: hashicorp.consul.internal.service.HealthCheckDefinition.HeaderEntry + nil, // 5: hashicorp.consul.internal.service.CheckType.HeaderEntry + (*pbcommon.RaftIndex)(nil), // 6: hashicorp.consul.internal.common.RaftIndex + (*pbcommon.EnterpriseMeta)(nil), // 7: hashicorp.consul.internal.common.EnterpriseMeta (*durationpb.Duration)(nil), // 8: google.protobuf.Duration } var file_proto_pbservice_healthcheck_proto_depIdxs = []int32{ - 2, // 0: service.HealthCheck.Definition:type_name -> service.HealthCheckDefinition - 6, // 1: service.HealthCheck.RaftIndex:type_name -> common.RaftIndex - 7, // 2: service.HealthCheck.EnterpriseMeta:type_name -> common.EnterpriseMeta - 4, // 3: service.HealthCheckDefinition.Header:type_name -> service.HealthCheckDefinition.HeaderEntry - 8, // 4: service.HealthCheckDefinition.Interval:type_name -> google.protobuf.Duration - 8, // 5: service.HealthCheckDefinition.Timeout:type_name -> google.protobuf.Duration - 8, // 6: service.HealthCheckDefinition.DeregisterCriticalServiceAfter:type_name -> google.protobuf.Duration - 8, // 7: service.HealthCheckDefinition.TTL:type_name -> google.protobuf.Duration - 5, // 8: service.CheckType.Header:type_name -> service.CheckType.HeaderEntry - 8, // 9: service.CheckType.Interval:type_name -> google.protobuf.Duration - 8, // 10: service.CheckType.Timeout:type_name -> google.protobuf.Duration - 8, // 11: service.CheckType.TTL:type_name -> google.protobuf.Duration - 8, // 12: service.CheckType.DeregisterCriticalServiceAfter:type_name -> google.protobuf.Duration - 1, // 13: service.HealthCheckDefinition.HeaderEntry.value:type_name -> service.HeaderValue - 1, // 14: service.CheckType.HeaderEntry.value:type_name -> service.HeaderValue + 2, // 0: hashicorp.consul.internal.service.HealthCheck.Definition:type_name -> hashicorp.consul.internal.service.HealthCheckDefinition + 6, // 1: hashicorp.consul.internal.service.HealthCheck.RaftIndex:type_name -> hashicorp.consul.internal.common.RaftIndex + 7, // 2: hashicorp.consul.internal.service.HealthCheck.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta + 4, // 3: hashicorp.consul.internal.service.HealthCheckDefinition.Header:type_name -> hashicorp.consul.internal.service.HealthCheckDefinition.HeaderEntry + 8, // 4: hashicorp.consul.internal.service.HealthCheckDefinition.Interval:type_name -> google.protobuf.Duration + 8, // 5: hashicorp.consul.internal.service.HealthCheckDefinition.Timeout:type_name -> google.protobuf.Duration + 8, // 6: hashicorp.consul.internal.service.HealthCheckDefinition.DeregisterCriticalServiceAfter:type_name -> google.protobuf.Duration + 8, // 7: hashicorp.consul.internal.service.HealthCheckDefinition.TTL:type_name -> google.protobuf.Duration + 5, // 8: hashicorp.consul.internal.service.CheckType.Header:type_name -> hashicorp.consul.internal.service.CheckType.HeaderEntry + 8, // 9: hashicorp.consul.internal.service.CheckType.Interval:type_name -> google.protobuf.Duration + 8, // 10: hashicorp.consul.internal.service.CheckType.Timeout:type_name -> google.protobuf.Duration + 8, // 11: hashicorp.consul.internal.service.CheckType.TTL:type_name -> google.protobuf.Duration + 8, // 12: hashicorp.consul.internal.service.CheckType.DeregisterCriticalServiceAfter:type_name -> google.protobuf.Duration + 1, // 13: hashicorp.consul.internal.service.HealthCheckDefinition.HeaderEntry.value:type_name -> hashicorp.consul.internal.service.HeaderValue + 1, // 14: hashicorp.consul.internal.service.CheckType.HeaderEntry.value:type_name -> hashicorp.consul.internal.service.HeaderValue 15, // [15:15] is the sub-list for method output_type 15, // [15:15] is the sub-list for method input_type 15, // [15:15] is the sub-list for extension type_name diff --git a/proto/pbservice/healthcheck.proto b/proto/pbservice/healthcheck.proto index 6e00548a4..1149a0ac9 100644 --- a/proto/pbservice/healthcheck.proto +++ b/proto/pbservice/healthcheck.proto @@ -1,6 +1,6 @@ syntax = "proto3"; -package service; +package hashicorp.consul.internal.service; import "google/protobuf/duration.proto"; import "proto/pbcommon/common.proto"; diff --git a/proto/pbservice/node.pb.go b/proto/pbservice/node.pb.go index fee4534f8..6d0ebfacf 100644 --- a/proto/pbservice/node.pb.go +++ b/proto/pbservice/node.pb.go @@ -486,48 +486,61 @@ var File_proto_pbservice_node_proto protoreflect.FileDescriptor var file_proto_pbservice_node_proto_rawDesc = []byte{ 0x0a, 0x1a, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, - 0x65, 0x2f, 0x6e, 0x6f, 0x64, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x07, 0x73, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x1a, 0x1b, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x63, - 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x1a, 0x21, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x73, 0x65, 0x72, 0x76, - 0x69, 0x63, 0x65, 0x2f, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1d, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x73, - 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x61, 0x0a, 0x18, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x65, 0x64, 0x43, - 0x68, 0x65, 0x63, 0x6b, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4e, 0x6f, 0x64, 0x65, 0x73, - 0x12, 0x14, 0x0a, 0x05, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, - 0x05, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x2f, 0x0a, 0x05, 0x4e, 0x6f, 0x64, 0x65, 0x73, 0x18, - 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, + 0x65, 0x2f, 0x6e, 0x6f, 0x64, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x21, 0x68, 0x61, + 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, + 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x1a, + 0x1b, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, + 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x21, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2f, 0x68, 0x65, + 0x61, 0x6c, 0x74, 0x68, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, + 0x1d, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, + 0x2f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x7b, + 0x0a, 0x18, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x65, 0x64, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x53, 0x65, + 0x72, 0x76, 0x69, 0x63, 0x65, 0x4e, 0x6f, 0x64, 0x65, 0x73, 0x12, 0x14, 0x0a, 0x05, 0x49, 0x6e, + 0x64, 0x65, 0x78, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x05, 0x49, 0x6e, 0x64, 0x65, 0x78, + 0x12, 0x49, 0x0a, 0x05, 0x4e, 0x6f, 0x64, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, + 0x33, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, + 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x73, 0x65, 0x72, 0x76, + 0x69, 0x63, 0x65, 0x2e, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, + 0x4e, 0x6f, 0x64, 0x65, 0x52, 0x05, 0x4e, 0x6f, 0x64, 0x65, 0x73, 0x22, 0xe1, 0x01, 0x0a, 0x10, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4e, 0x6f, 0x64, 0x65, - 0x52, 0x05, 0x4e, 0x6f, 0x64, 0x65, 0x73, 0x22, 0x93, 0x01, 0x0a, 0x10, 0x43, 0x68, 0x65, 0x63, - 0x6b, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4e, 0x6f, 0x64, 0x65, 0x12, 0x21, 0x0a, 0x04, - 0x4e, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0d, 0x2e, 0x73, 0x65, 0x72, - 0x76, 0x69, 0x63, 0x65, 0x2e, 0x4e, 0x6f, 0x64, 0x65, 0x52, 0x04, 0x4e, 0x6f, 0x64, 0x65, 0x12, - 0x2e, 0x0a, 0x07, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x14, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x4e, 0x6f, 0x64, 0x65, 0x53, - 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x07, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, - 0x2c, 0x0a, 0x06, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, - 0x14, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, - 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x06, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x73, 0x22, 0xc7, 0x03, - 0x0a, 0x04, 0x4e, 0x6f, 0x64, 0x65, 0x12, 0x0e, 0x0a, 0x02, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x02, 0x49, 0x44, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x6f, 0x64, 0x65, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x6f, 0x64, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, - 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, - 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1a, 0x0a, 0x08, 0x50, 0x65, 0x65, 0x72, - 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x50, 0x65, 0x65, 0x72, - 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, - 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x1e, - 0x0a, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x04, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x4c, - 0x0a, 0x0f, 0x54, 0x61, 0x67, 0x67, 0x65, 0x64, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, - 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, - 0x65, 0x2e, 0x4e, 0x6f, 0x64, 0x65, 0x2e, 0x54, 0x61, 0x67, 0x67, 0x65, 0x64, 0x41, 0x64, 0x64, - 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0f, 0x54, 0x61, 0x67, - 0x67, 0x65, 0x64, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x12, 0x2b, 0x0a, 0x04, - 0x4d, 0x65, 0x74, 0x61, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x73, 0x65, 0x72, - 0x76, 0x69, 0x63, 0x65, 0x2e, 0x4e, 0x6f, 0x64, 0x65, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, - 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x2f, 0x0a, 0x09, 0x52, 0x61, 0x66, - 0x74, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x63, + 0x12, 0x3b, 0x0a, 0x04, 0x4e, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x27, + 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, + 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0x2e, 0x4e, 0x6f, 0x64, 0x65, 0x52, 0x04, 0x4e, 0x6f, 0x64, 0x65, 0x12, 0x48, 0x0a, + 0x07, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2e, + 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, + 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0x2e, 0x4e, 0x6f, 0x64, 0x65, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x07, + 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x46, 0x0a, 0x06, 0x43, 0x68, 0x65, 0x63, 0x6b, + 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, + 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, + 0x6e, 0x61, 0x6c, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x48, 0x65, 0x61, 0x6c, + 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x06, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x73, 0x22, + 0x95, 0x04, 0x0a, 0x04, 0x4e, 0x6f, 0x64, 0x65, 0x12, 0x0e, 0x0a, 0x02, 0x49, 0x44, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x49, 0x44, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x6f, 0x64, 0x65, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x6f, 0x64, 0x65, 0x12, 0x1c, 0x0a, 0x09, + 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1a, 0x0a, 0x08, 0x50, 0x65, + 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x50, 0x65, + 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, + 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, + 0x12, 0x1e, 0x0a, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x04, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, + 0x12, 0x66, 0x0a, 0x0f, 0x54, 0x61, 0x67, 0x67, 0x65, 0x64, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, + 0x73, 0x65, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x68, 0x61, 0x73, 0x68, + 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, + 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x4e, 0x6f, + 0x64, 0x65, 0x2e, 0x54, 0x61, 0x67, 0x67, 0x65, 0x64, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, + 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0f, 0x54, 0x61, 0x67, 0x67, 0x65, 0x64, 0x41, + 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x12, 0x45, 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, + 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, + 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, + 0x61, 0x6c, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x4e, 0x6f, 0x64, 0x65, 0x2e, + 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x12, + 0x49, 0x0a, 0x09, 0x52, 0x61, 0x66, 0x74, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x07, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, + 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x52, 0x61, 0x66, 0x74, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x52, 0x09, 0x52, 0x61, 0x66, 0x74, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x1a, 0x42, 0x0a, 0x14, 0x54, 0x61, 0x67, 0x67, 0x65, 0x64, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x45, 0x6e, 0x74, @@ -537,7 +550,7 @@ var file_proto_pbservice_node_proto_rawDesc = []byte{ 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, - 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xd9, 0x06, 0x0a, 0x0b, 0x4e, 0x6f, 0x64, 0x65, + 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xa9, 0x08, 0x0a, 0x0b, 0x4e, 0x6f, 0x64, 0x65, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x4b, 0x69, 0x6e, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4b, 0x69, 0x6e, 0x64, 0x12, 0x0e, 0x0a, 0x02, 0x49, 0x44, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x49, 0x44, 0x12, 0x18, 0x0a, 0x07, 0x53, @@ -545,61 +558,83 @@ var file_proto_pbservice_node_proto_rawDesc = []byte{ 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x54, 0x61, 0x67, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, 0x04, 0x54, 0x61, 0x67, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x41, 0x64, 0x64, 0x72, - 0x65, 0x73, 0x73, 0x12, 0x53, 0x0a, 0x0f, 0x54, 0x61, 0x67, 0x67, 0x65, 0x64, 0x41, 0x64, 0x64, - 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x18, 0x0f, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x73, - 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x4e, 0x6f, 0x64, 0x65, 0x53, 0x65, 0x72, 0x76, 0x69, - 0x63, 0x65, 0x2e, 0x54, 0x61, 0x67, 0x67, 0x65, 0x64, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, - 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0f, 0x54, 0x61, 0x67, 0x67, 0x65, 0x64, 0x41, - 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x12, 0x32, 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, - 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, - 0x2e, 0x4e, 0x6f, 0x64, 0x65, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x4d, 0x65, 0x74, - 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x12, 0x0a, 0x04, - 0x50, 0x6f, 0x72, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x05, 0x52, 0x04, 0x50, 0x6f, 0x72, 0x74, - 0x12, 0x1e, 0x0a, 0x0a, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x50, 0x61, 0x74, 0x68, 0x18, 0x11, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x50, 0x61, 0x74, 0x68, - 0x12, 0x2a, 0x0a, 0x07, 0x57, 0x65, 0x69, 0x67, 0x68, 0x74, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x10, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x57, 0x65, 0x69, 0x67, - 0x68, 0x74, 0x73, 0x52, 0x07, 0x57, 0x65, 0x69, 0x67, 0x68, 0x74, 0x73, 0x12, 0x2c, 0x0a, 0x11, - 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x54, 0x61, 0x67, 0x4f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, - 0x65, 0x18, 0x09, 0x20, 0x01, 0x28, 0x08, 0x52, 0x11, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x54, - 0x61, 0x67, 0x4f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x12, 0x31, 0x0a, 0x05, 0x50, 0x72, - 0x6f, 0x78, 0x79, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x73, 0x65, 0x72, 0x76, - 0x69, 0x63, 0x65, 0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x50, 0x72, 0x6f, 0x78, 0x79, - 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x05, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x12, 0x31, 0x0a, - 0x07, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, - 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, - 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x52, 0x07, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, - 0x12, 0x3e, 0x0a, 0x1a, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x6c, 0x79, 0x52, 0x65, 0x67, 0x69, 0x73, - 0x74, 0x65, 0x72, 0x65, 0x64, 0x41, 0x73, 0x53, 0x69, 0x64, 0x65, 0x63, 0x61, 0x72, 0x18, 0x0d, - 0x20, 0x01, 0x28, 0x08, 0x52, 0x1a, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x6c, 0x79, 0x52, 0x65, 0x67, + 0x65, 0x73, 0x73, 0x12, 0x6d, 0x0a, 0x0f, 0x54, 0x61, 0x67, 0x67, 0x65, 0x64, 0x41, 0x64, 0x64, + 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x18, 0x0f, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x43, 0x2e, 0x68, + 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, + 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, + 0x2e, 0x4e, 0x6f, 0x64, 0x65, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x54, 0x61, 0x67, + 0x67, 0x65, 0x64, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, + 0x79, 0x52, 0x0f, 0x54, 0x61, 0x67, 0x67, 0x65, 0x64, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, + 0x65, 0x73, 0x12, 0x4c, 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, + 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, + 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x73, 0x65, 0x72, + 0x76, 0x69, 0x63, 0x65, 0x2e, 0x4e, 0x6f, 0x64, 0x65, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, + 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, + 0x12, 0x12, 0x0a, 0x04, 0x50, 0x6f, 0x72, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x05, 0x52, 0x04, + 0x50, 0x6f, 0x72, 0x74, 0x12, 0x1e, 0x0a, 0x0a, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x50, 0x61, + 0x74, 0x68, 0x18, 0x11, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, + 0x50, 0x61, 0x74, 0x68, 0x12, 0x44, 0x0a, 0x07, 0x57, 0x65, 0x69, 0x67, 0x68, 0x74, 0x73, 0x18, + 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, + 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, + 0x6c, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x57, 0x65, 0x69, 0x67, 0x68, 0x74, + 0x73, 0x52, 0x07, 0x57, 0x65, 0x69, 0x67, 0x68, 0x74, 0x73, 0x12, 0x2c, 0x0a, 0x11, 0x45, 0x6e, + 0x61, 0x62, 0x6c, 0x65, 0x54, 0x61, 0x67, 0x4f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x18, + 0x09, 0x20, 0x01, 0x28, 0x08, 0x52, 0x11, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x54, 0x61, 0x67, + 0x4f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x12, 0x4b, 0x0a, 0x05, 0x50, 0x72, 0x6f, 0x78, + 0x79, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x35, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, + 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, + 0x6e, 0x61, 0x6c, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x43, 0x6f, 0x6e, 0x6e, + 0x65, 0x63, 0x74, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x05, + 0x50, 0x72, 0x6f, 0x78, 0x79, 0x12, 0x4b, 0x0a, 0x07, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, + 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, + 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, + 0x61, 0x6c, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x52, 0x07, 0x43, 0x6f, 0x6e, 0x6e, 0x65, + 0x63, 0x74, 0x12, 0x3e, 0x0a, 0x1a, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x6c, 0x79, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x65, 0x64, 0x41, 0x73, 0x53, 0x69, 0x64, 0x65, 0x63, 0x61, 0x72, - 0x12, 0x3e, 0x0a, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, - 0x74, 0x61, 0x18, 0x10, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, - 0x6e, 0x2e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, - 0x52, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, - 0x12, 0x1a, 0x0a, 0x08, 0x50, 0x65, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x12, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x08, 0x50, 0x65, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x2f, 0x0a, 0x09, - 0x52, 0x61, 0x66, 0x74, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x11, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x52, 0x61, 0x66, 0x74, 0x49, 0x6e, 0x64, - 0x65, 0x78, 0x52, 0x09, 0x52, 0x61, 0x66, 0x74, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x1a, 0x5b, 0x0a, - 0x14, 0x54, 0x61, 0x67, 0x67, 0x65, 0x64, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, - 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x2d, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, + 0x18, 0x0d, 0x20, 0x01, 0x28, 0x08, 0x52, 0x1a, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x6c, 0x79, 0x52, + 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x65, 0x64, 0x41, 0x73, 0x53, 0x69, 0x64, 0x65, 0x63, + 0x61, 0x72, 0x12, 0x58, 0x0a, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, + 0x4d, 0x65, 0x74, 0x61, 0x18, 0x10, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, + 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, + 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, + 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x52, 0x0e, 0x45, 0x6e, + 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x1a, 0x0a, 0x08, + 0x50, 0x65, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x12, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, + 0x50, 0x65, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x49, 0x0a, 0x09, 0x52, 0x61, 0x66, 0x74, + 0x49, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x68, 0x61, + 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, + 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x52, + 0x61, 0x66, 0x74, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x52, 0x09, 0x52, 0x61, 0x66, 0x74, 0x49, 0x6e, + 0x64, 0x65, 0x78, 0x1a, 0x75, 0x0a, 0x14, 0x54, 0x61, 0x67, 0x67, 0x65, 0x64, 0x41, 0x64, 0x64, + 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, + 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x47, 0x0a, + 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68, + 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, + 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, - 0x02, 0x38, 0x01, 0x42, 0x81, 0x01, 0x0a, 0x0b, 0x63, 0x6f, 0x6d, 0x2e, 0x73, 0x65, 0x72, 0x76, - 0x69, 0x63, 0x65, 0x42, 0x09, 0x4e, 0x6f, 0x64, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, - 0x5a, 0x2b, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, - 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0xa2, 0x02, 0x03, - 0x53, 0x58, 0x58, 0xaa, 0x02, 0x07, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0xca, 0x02, 0x07, - 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0xe2, 0x02, 0x13, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, - 0x65, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x07, - 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x02, 0x38, 0x01, 0x42, 0x87, 0x02, 0x0a, 0x25, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, + 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, + 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x42, 0x09, 0x4e, + 0x6f, 0x64, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2b, 0x67, 0x69, 0x74, 0x68, + 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, + 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, + 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0xa2, 0x02, 0x04, 0x48, 0x43, 0x49, 0x53, 0xaa, 0x02, + 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, + 0x6c, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0xca, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, + 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5c, 0x53, + 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0xe2, 0x02, 0x2d, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, + 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, + 0x61, 0x6c, 0x5c, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, + 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x24, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, + 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x49, 0x6e, 0x74, 0x65, + 0x72, 0x6e, 0x61, 0x6c, 0x3a, 0x3a, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x62, 0x06, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -616,38 +651,38 @@ func file_proto_pbservice_node_proto_rawDescGZIP() []byte { var file_proto_pbservice_node_proto_msgTypes = make([]protoimpl.MessageInfo, 8) var file_proto_pbservice_node_proto_goTypes = []interface{}{ - (*IndexedCheckServiceNodes)(nil), // 0: service.IndexedCheckServiceNodes - (*CheckServiceNode)(nil), // 1: service.CheckServiceNode - (*Node)(nil), // 2: service.Node - (*NodeService)(nil), // 3: service.NodeService - nil, // 4: service.Node.TaggedAddressesEntry - nil, // 5: service.Node.MetaEntry - nil, // 6: service.NodeService.TaggedAddressesEntry - nil, // 7: service.NodeService.MetaEntry - (*HealthCheck)(nil), // 8: service.HealthCheck - (*pbcommon.RaftIndex)(nil), // 9: common.RaftIndex - (*Weights)(nil), // 10: service.Weights - (*ConnectProxyConfig)(nil), // 11: service.ConnectProxyConfig - (*ServiceConnect)(nil), // 12: service.ServiceConnect - (*pbcommon.EnterpriseMeta)(nil), // 13: common.EnterpriseMeta - (*ServiceAddress)(nil), // 14: service.ServiceAddress + (*IndexedCheckServiceNodes)(nil), // 0: hashicorp.consul.internal.service.IndexedCheckServiceNodes + (*CheckServiceNode)(nil), // 1: hashicorp.consul.internal.service.CheckServiceNode + (*Node)(nil), // 2: hashicorp.consul.internal.service.Node + (*NodeService)(nil), // 3: hashicorp.consul.internal.service.NodeService + nil, // 4: hashicorp.consul.internal.service.Node.TaggedAddressesEntry + nil, // 5: hashicorp.consul.internal.service.Node.MetaEntry + nil, // 6: hashicorp.consul.internal.service.NodeService.TaggedAddressesEntry + nil, // 7: hashicorp.consul.internal.service.NodeService.MetaEntry + (*HealthCheck)(nil), // 8: hashicorp.consul.internal.service.HealthCheck + (*pbcommon.RaftIndex)(nil), // 9: hashicorp.consul.internal.common.RaftIndex + (*Weights)(nil), // 10: hashicorp.consul.internal.service.Weights + (*ConnectProxyConfig)(nil), // 11: hashicorp.consul.internal.service.ConnectProxyConfig + (*ServiceConnect)(nil), // 12: hashicorp.consul.internal.service.ServiceConnect + (*pbcommon.EnterpriseMeta)(nil), // 13: hashicorp.consul.internal.common.EnterpriseMeta + (*ServiceAddress)(nil), // 14: hashicorp.consul.internal.service.ServiceAddress } var file_proto_pbservice_node_proto_depIdxs = []int32{ - 1, // 0: service.IndexedCheckServiceNodes.Nodes:type_name -> service.CheckServiceNode - 2, // 1: service.CheckServiceNode.Node:type_name -> service.Node - 3, // 2: service.CheckServiceNode.Service:type_name -> service.NodeService - 8, // 3: service.CheckServiceNode.Checks:type_name -> service.HealthCheck - 4, // 4: service.Node.TaggedAddresses:type_name -> service.Node.TaggedAddressesEntry - 5, // 5: service.Node.Meta:type_name -> service.Node.MetaEntry - 9, // 6: service.Node.RaftIndex:type_name -> common.RaftIndex - 6, // 7: service.NodeService.TaggedAddresses:type_name -> service.NodeService.TaggedAddressesEntry - 7, // 8: service.NodeService.Meta:type_name -> service.NodeService.MetaEntry - 10, // 9: service.NodeService.Weights:type_name -> service.Weights - 11, // 10: service.NodeService.Proxy:type_name -> service.ConnectProxyConfig - 12, // 11: service.NodeService.Connect:type_name -> service.ServiceConnect - 13, // 12: service.NodeService.EnterpriseMeta:type_name -> common.EnterpriseMeta - 9, // 13: service.NodeService.RaftIndex:type_name -> common.RaftIndex - 14, // 14: service.NodeService.TaggedAddressesEntry.value:type_name -> service.ServiceAddress + 1, // 0: hashicorp.consul.internal.service.IndexedCheckServiceNodes.Nodes:type_name -> hashicorp.consul.internal.service.CheckServiceNode + 2, // 1: hashicorp.consul.internal.service.CheckServiceNode.Node:type_name -> hashicorp.consul.internal.service.Node + 3, // 2: hashicorp.consul.internal.service.CheckServiceNode.Service:type_name -> hashicorp.consul.internal.service.NodeService + 8, // 3: hashicorp.consul.internal.service.CheckServiceNode.Checks:type_name -> hashicorp.consul.internal.service.HealthCheck + 4, // 4: hashicorp.consul.internal.service.Node.TaggedAddresses:type_name -> hashicorp.consul.internal.service.Node.TaggedAddressesEntry + 5, // 5: hashicorp.consul.internal.service.Node.Meta:type_name -> hashicorp.consul.internal.service.Node.MetaEntry + 9, // 6: hashicorp.consul.internal.service.Node.RaftIndex:type_name -> hashicorp.consul.internal.common.RaftIndex + 6, // 7: hashicorp.consul.internal.service.NodeService.TaggedAddresses:type_name -> hashicorp.consul.internal.service.NodeService.TaggedAddressesEntry + 7, // 8: hashicorp.consul.internal.service.NodeService.Meta:type_name -> hashicorp.consul.internal.service.NodeService.MetaEntry + 10, // 9: hashicorp.consul.internal.service.NodeService.Weights:type_name -> hashicorp.consul.internal.service.Weights + 11, // 10: hashicorp.consul.internal.service.NodeService.Proxy:type_name -> hashicorp.consul.internal.service.ConnectProxyConfig + 12, // 11: hashicorp.consul.internal.service.NodeService.Connect:type_name -> hashicorp.consul.internal.service.ServiceConnect + 13, // 12: hashicorp.consul.internal.service.NodeService.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta + 9, // 13: hashicorp.consul.internal.service.NodeService.RaftIndex:type_name -> hashicorp.consul.internal.common.RaftIndex + 14, // 14: hashicorp.consul.internal.service.NodeService.TaggedAddressesEntry.value:type_name -> hashicorp.consul.internal.service.ServiceAddress 15, // [15:15] is the sub-list for method output_type 15, // [15:15] is the sub-list for method input_type 15, // [15:15] is the sub-list for extension type_name diff --git a/proto/pbservice/node.proto b/proto/pbservice/node.proto index b26bac51f..7431b836c 100644 --- a/proto/pbservice/node.proto +++ b/proto/pbservice/node.proto @@ -1,6 +1,6 @@ syntax = "proto3"; -package service; +package hashicorp.consul.internal.service; import "proto/pbcommon/common.proto"; import "proto/pbservice/healthcheck.proto"; diff --git a/proto/pbservice/service.pb.go b/proto/pbservice/service.pb.go index 89ff546dc..6ad9ea539 100644 --- a/proto/pbservice/service.pb.go +++ b/proto/pbservice/service.pb.go @@ -1114,96 +1114,109 @@ var File_proto_pbservice_service_proto protoreflect.FileDescriptor var file_proto_pbservice_service_proto_rawDesc = []byte{ 0x0a, 0x1d, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, - 0x07, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x1a, 0x1c, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, - 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x73, 0x74, 0x72, 0x75, 0x63, 0x74, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1b, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, - 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x1a, 0x21, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x73, 0x65, 0x72, - 0x76, 0x69, 0x63, 0x65, 0x2f, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x63, 0x68, 0x65, 0x63, 0x6b, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xc6, 0x04, 0x0a, 0x12, 0x43, 0x6f, 0x6e, 0x6e, 0x65, - 0x63, 0x74, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x36, 0x0a, - 0x16, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, - 0x69, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x16, 0x44, + 0x21, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, + 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0x1a, 0x1c, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x62, 0x75, 0x66, 0x2f, 0x73, 0x74, 0x72, 0x75, 0x63, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x1a, 0x1b, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, + 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x21, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2f, 0x68, + 0x65, 0x61, 0x6c, 0x74, 0x68, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x22, 0xae, 0x05, 0x0a, 0x12, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x50, 0x72, 0x6f, 0x78, + 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x36, 0x0a, 0x16, 0x44, 0x65, 0x73, 0x74, 0x69, + 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4e, 0x61, 0x6d, + 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x16, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12, + 0x32, 0x0a, 0x14, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, + 0x72, 0x76, 0x69, 0x63, 0x65, 0x49, 0x44, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x14, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, - 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x32, 0x0a, 0x14, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x49, 0x44, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x14, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x49, 0x44, 0x12, 0x30, 0x0a, 0x13, 0x4c, 0x6f, 0x63, - 0x61, 0x6c, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, - 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x13, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x53, 0x65, 0x72, - 0x76, 0x69, 0x63, 0x65, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x2a, 0x0a, 0x10, 0x4c, - 0x6f, 0x63, 0x61, 0x6c, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x6f, 0x72, 0x74, 0x18, - 0x04, 0x20, 0x01, 0x28, 0x05, 0x52, 0x10, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x53, 0x65, 0x72, 0x76, - 0x69, 0x63, 0x65, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x2f, 0x0a, 0x06, 0x43, 0x6f, 0x6e, 0x66, 0x69, - 0x67, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, - 0x52, 0x06, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x2f, 0x0a, 0x09, 0x55, 0x70, 0x73, 0x74, - 0x72, 0x65, 0x61, 0x6d, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x73, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x52, 0x09, - 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x73, 0x12, 0x3c, 0x0a, 0x0b, 0x4d, 0x65, 0x73, - 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, - 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, - 0x65, 0x77, 0x61, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0b, 0x4d, 0x65, 0x73, 0x68, - 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x12, 0x2d, 0x0a, 0x06, 0x45, 0x78, 0x70, 0x6f, 0x73, - 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, - 0x65, 0x2e, 0x45, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x06, - 0x45, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x4d, 0x6f, 0x64, 0x65, 0x18, 0x09, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x4b, 0x0a, 0x10, 0x54, 0x72, - 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x18, 0x0a, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x54, - 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x43, - 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x10, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, - 0x6e, 0x74, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x12, 0x36, 0x0a, 0x16, 0x4c, 0x6f, 0x63, 0x61, 0x6c, + 0x65, 0x49, 0x44, 0x12, 0x30, 0x0a, 0x13, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x53, 0x65, 0x72, 0x76, + 0x69, 0x63, 0x65, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x13, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x41, 0x64, + 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x2a, 0x0a, 0x10, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x53, 0x65, + 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x6f, 0x72, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x05, 0x52, + 0x10, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x6f, 0x72, + 0x74, 0x12, 0x2f, 0x0a, 0x06, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x05, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x52, 0x06, 0x43, 0x6f, 0x6e, 0x66, + 0x69, 0x67, 0x12, 0x49, 0x0a, 0x09, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x73, 0x18, + 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, + 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, + 0x6c, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, + 0x61, 0x6d, 0x52, 0x09, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x73, 0x12, 0x56, 0x0a, + 0x0b, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x18, 0x07, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, + 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x73, + 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, + 0x61, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0b, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, + 0x74, 0x65, 0x77, 0x61, 0x79, 0x12, 0x47, 0x0a, 0x06, 0x45, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x18, + 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, + 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, + 0x6c, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x45, 0x78, 0x70, 0x6f, 0x73, 0x65, + 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x06, 0x45, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x12, 0x12, + 0x0a, 0x04, 0x4d, 0x6f, 0x64, 0x65, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4d, 0x6f, + 0x64, 0x65, 0x12, 0x65, 0x0a, 0x10, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, 0x6e, + 0x74, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x68, + 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, + 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, + 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x50, 0x72, 0x6f, 0x78, + 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x10, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, + 0x72, 0x65, 0x6e, 0x74, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x12, 0x36, 0x0a, 0x16, 0x4c, 0x6f, 0x63, + 0x61, 0x6c, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x50, + 0x61, 0x74, 0x68, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x16, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x50, 0x61, 0x74, - 0x68, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x16, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x53, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x50, 0x61, 0x74, 0x68, 0x22, - 0xe7, 0x04, 0x0a, 0x08, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x12, 0x28, 0x0a, 0x0f, - 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x79, 0x70, 0x65, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x54, 0x79, 0x70, 0x65, 0x12, 0x32, 0x0a, 0x14, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x14, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x32, 0x0a, 0x14, 0x44, 0x65, - 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, - 0x6f, 0x6e, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x14, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x28, - 0x0a, 0x0f, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x65, 0x65, - 0x72, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x65, 0x65, 0x72, 0x12, 0x28, 0x0a, 0x0f, 0x44, 0x65, 0x73, 0x74, - 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x0f, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4e, 0x61, - 0x6d, 0x65, 0x12, 0x1e, 0x0a, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, - 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, - 0x65, 0x72, 0x12, 0x2a, 0x0a, 0x10, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x42, 0x69, 0x6e, 0x64, 0x41, - 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x10, 0x4c, 0x6f, - 0x63, 0x61, 0x6c, 0x42, 0x69, 0x6e, 0x64, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x24, - 0x0a, 0x0d, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x42, 0x69, 0x6e, 0x64, 0x50, 0x6f, 0x72, 0x74, 0x18, - 0x06, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0d, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x42, 0x69, 0x6e, 0x64, - 0x50, 0x6f, 0x72, 0x74, 0x12, 0x2f, 0x0a, 0x06, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x07, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x52, 0x06, 0x43, - 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x3c, 0x0a, 0x0b, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, - 0x65, 0x77, 0x61, 0x79, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x73, 0x65, 0x72, - 0x76, 0x69, 0x63, 0x65, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, - 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0b, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, - 0x77, 0x61, 0x79, 0x12, 0x30, 0x0a, 0x13, 0x43, 0x65, 0x6e, 0x74, 0x72, 0x61, 0x6c, 0x6c, 0x79, - 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x65, 0x64, 0x18, 0x09, 0x20, 0x01, 0x28, 0x08, - 0x52, 0x13, 0x43, 0x65, 0x6e, 0x74, 0x72, 0x61, 0x6c, 0x6c, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, - 0x67, 0x75, 0x72, 0x65, 0x64, 0x12, 0x30, 0x0a, 0x13, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x42, 0x69, - 0x6e, 0x64, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x50, 0x61, 0x74, 0x68, 0x18, 0x0a, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x13, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x42, 0x69, 0x6e, 0x64, 0x53, 0x6f, 0x63, - 0x6b, 0x65, 0x74, 0x50, 0x61, 0x74, 0x68, 0x12, 0x30, 0x0a, 0x13, 0x4c, 0x6f, 0x63, 0x61, 0x6c, - 0x42, 0x69, 0x6e, 0x64, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x4d, 0x6f, 0x64, 0x65, 0x18, 0x0b, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x13, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x42, 0x69, 0x6e, 0x64, 0x53, - 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x4d, 0x6f, 0x64, 0x65, 0x22, 0xab, 0x01, 0x0a, 0x0e, 0x53, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x12, 0x16, 0x0a, 0x06, - 0x4e, 0x61, 0x74, 0x69, 0x76, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x4e, 0x61, - 0x74, 0x69, 0x76, 0x65, 0x12, 0x42, 0x0a, 0x0e, 0x53, 0x69, 0x64, 0x65, 0x63, 0x61, 0x72, 0x53, - 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x73, - 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x44, 0x65, - 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x53, 0x69, 0x64, 0x65, 0x63, 0x61, - 0x72, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x37, 0x0a, 0x08, 0x50, 0x65, 0x65, 0x72, - 0x4d, 0x65, 0x74, 0x61, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x73, 0x65, 0x72, + 0x68, 0x22, 0x81, 0x05, 0x0a, 0x08, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x12, 0x28, + 0x0a, 0x0f, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x79, 0x70, + 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x79, 0x70, 0x65, 0x12, 0x32, 0x0a, 0x14, 0x44, 0x65, 0x73, 0x74, + 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x14, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x32, 0x0a, 0x14, + 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x61, 0x72, 0x74, 0x69, + 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x14, 0x44, 0x65, 0x73, 0x74, + 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, + 0x12, 0x28, 0x0a, 0x0f, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, + 0x65, 0x65, 0x72, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x44, 0x65, 0x73, 0x74, 0x69, + 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x65, 0x65, 0x72, 0x12, 0x28, 0x0a, 0x0f, 0x44, 0x65, + 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x0f, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1e, 0x0a, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, + 0x65, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, + 0x6e, 0x74, 0x65, 0x72, 0x12, 0x2a, 0x0a, 0x10, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x42, 0x69, 0x6e, + 0x64, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x10, + 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x42, 0x69, 0x6e, 0x64, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, + 0x12, 0x24, 0x0a, 0x0d, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x42, 0x69, 0x6e, 0x64, 0x50, 0x6f, 0x72, + 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0d, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x42, 0x69, + 0x6e, 0x64, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x2f, 0x0a, 0x06, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, + 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x52, + 0x06, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x56, 0x0a, 0x0b, 0x4d, 0x65, 0x73, 0x68, 0x47, + 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x68, + 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, + 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, + 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x43, 0x6f, 0x6e, 0x66, + 0x69, 0x67, 0x52, 0x0b, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x12, + 0x30, 0x0a, 0x13, 0x43, 0x65, 0x6e, 0x74, 0x72, 0x61, 0x6c, 0x6c, 0x79, 0x43, 0x6f, 0x6e, 0x66, + 0x69, 0x67, 0x75, 0x72, 0x65, 0x64, 0x18, 0x09, 0x20, 0x01, 0x28, 0x08, 0x52, 0x13, 0x43, 0x65, + 0x6e, 0x74, 0x72, 0x61, 0x6c, 0x6c, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x65, + 0x64, 0x12, 0x30, 0x0a, 0x13, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x42, 0x69, 0x6e, 0x64, 0x53, 0x6f, + 0x63, 0x6b, 0x65, 0x74, 0x50, 0x61, 0x74, 0x68, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x13, + 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x42, 0x69, 0x6e, 0x64, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x50, + 0x61, 0x74, 0x68, 0x12, 0x30, 0x0a, 0x13, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x42, 0x69, 0x6e, 0x64, + 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x4d, 0x6f, 0x64, 0x65, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x13, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x42, 0x69, 0x6e, 0x64, 0x53, 0x6f, 0x63, 0x6b, 0x65, + 0x74, 0x4d, 0x6f, 0x64, 0x65, 0x22, 0xdf, 0x01, 0x0a, 0x0e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, + 0x65, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x4e, 0x61, 0x74, 0x69, + 0x76, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x4e, 0x61, 0x74, 0x69, 0x76, 0x65, + 0x12, 0x5c, 0x0a, 0x0e, 0x53, 0x69, 0x64, 0x65, 0x63, 0x61, 0x72, 0x53, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, + 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, + 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x53, 0x65, 0x72, + 0x76, 0x69, 0x63, 0x65, 0x44, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, + 0x53, 0x69, 0x64, 0x65, 0x63, 0x61, 0x72, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x51, + 0x0a, 0x08, 0x50, 0x65, 0x65, 0x72, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x35, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, + 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x52, 0x08, 0x50, 0x65, 0x65, 0x72, 0x4d, 0x65, 0x74, 0x61, 0x4a, 0x04, 0x08, 0x02, 0x10, 0x03, 0x22, 0x5e, 0x0a, 0x12, 0x50, 0x65, 0x65, 0x72, 0x69, @@ -1212,103 +1225,127 @@ var file_proto_pbservice_service_proto_rawDesc = []byte{ 0x1a, 0x0a, 0x08, 0x53, 0x70, 0x69, 0x66, 0x66, 0x65, 0x49, 0x44, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x53, 0x70, 0x69, 0x66, 0x66, 0x65, 0x49, 0x44, 0x12, 0x1a, 0x0a, 0x08, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x50, - 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x22, 0x51, 0x0a, 0x0c, 0x45, 0x78, 0x70, 0x6f, 0x73, + 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x22, 0x6b, 0x0a, 0x0c, 0x45, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x16, 0x0a, 0x06, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x73, 0x12, - 0x29, 0x0a, 0x05, 0x50, 0x61, 0x74, 0x68, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x13, - 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x45, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x50, - 0x61, 0x74, 0x68, 0x52, 0x05, 0x50, 0x61, 0x74, 0x68, 0x73, 0x22, 0xb0, 0x01, 0x0a, 0x0a, 0x45, - 0x78, 0x70, 0x6f, 0x73, 0x65, 0x50, 0x61, 0x74, 0x68, 0x12, 0x22, 0x0a, 0x0c, 0x4c, 0x69, 0x73, - 0x74, 0x65, 0x6e, 0x65, 0x72, 0x50, 0x6f, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, - 0x0c, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x12, 0x0a, - 0x04, 0x50, 0x61, 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x50, 0x61, 0x74, - 0x68, 0x12, 0x24, 0x0a, 0x0d, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x50, 0x61, 0x74, 0x68, 0x50, 0x6f, - 0x72, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0d, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x50, - 0x61, 0x74, 0x68, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x50, 0x72, 0x6f, 0x74, 0x6f, - 0x63, 0x6f, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x50, 0x72, 0x6f, 0x74, 0x6f, - 0x63, 0x6f, 0x6c, 0x12, 0x28, 0x0a, 0x0f, 0x50, 0x61, 0x72, 0x73, 0x65, 0x64, 0x46, 0x72, 0x6f, - 0x6d, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0f, 0x50, 0x61, - 0x72, 0x73, 0x65, 0x64, 0x46, 0x72, 0x6f, 0x6d, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x22, 0x27, 0x0a, - 0x11, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x43, 0x6f, 0x6e, 0x66, - 0x69, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x4d, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x04, 0x4d, 0x6f, 0x64, 0x65, 0x22, 0x74, 0x0a, 0x16, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, - 0x61, 0x72, 0x65, 0x6e, 0x74, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, - 0x12, 0x32, 0x0a, 0x14, 0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4c, 0x69, 0x73, 0x74, - 0x65, 0x6e, 0x65, 0x72, 0x50, 0x6f, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x14, - 0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, - 0x50, 0x6f, 0x72, 0x74, 0x12, 0x26, 0x0a, 0x0e, 0x44, 0x69, 0x61, 0x6c, 0x65, 0x64, 0x44, 0x69, - 0x72, 0x65, 0x63, 0x74, 0x6c, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x44, 0x69, - 0x61, 0x6c, 0x65, 0x64, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x6c, 0x79, 0x22, 0xc4, 0x06, 0x0a, - 0x11, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x44, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, - 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x4b, 0x69, 0x6e, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x04, 0x4b, 0x69, 0x6e, 0x64, 0x12, 0x0e, 0x0a, 0x02, 0x49, 0x44, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x02, 0x49, 0x44, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x03, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x54, 0x61, - 0x67, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, 0x04, 0x54, 0x61, 0x67, 0x73, 0x12, 0x18, - 0x0a, 0x07, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x07, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x59, 0x0a, 0x0f, 0x54, 0x61, 0x67, 0x67, - 0x65, 0x64, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x18, 0x10, 0x20, 0x03, 0x28, - 0x0b, 0x32, 0x2f, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x53, 0x65, 0x72, 0x76, - 0x69, 0x63, 0x65, 0x44, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x54, 0x61, - 0x67, 0x67, 0x65, 0x64, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x45, 0x6e, 0x74, - 0x72, 0x79, 0x52, 0x0f, 0x54, 0x61, 0x67, 0x67, 0x65, 0x64, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, - 0x73, 0x65, 0x73, 0x12, 0x38, 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x06, 0x20, 0x03, 0x28, - 0x0b, 0x32, 0x24, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x53, 0x65, 0x72, 0x76, - 0x69, 0x63, 0x65, 0x44, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x4d, 0x65, - 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x12, 0x0a, - 0x04, 0x50, 0x6f, 0x72, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x05, 0x52, 0x04, 0x50, 0x6f, 0x72, - 0x74, 0x12, 0x1e, 0x0a, 0x0a, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x50, 0x61, 0x74, 0x68, 0x18, - 0x12, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x50, 0x61, 0x74, - 0x68, 0x12, 0x28, 0x0a, 0x05, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x12, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x43, 0x68, 0x65, 0x63, 0x6b, - 0x54, 0x79, 0x70, 0x65, 0x52, 0x05, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x12, 0x2a, 0x0a, 0x06, 0x43, - 0x68, 0x65, 0x63, 0x6b, 0x73, 0x18, 0x09, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x73, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x54, 0x79, 0x70, 0x65, 0x52, - 0x06, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x73, 0x12, 0x2a, 0x0a, 0x07, 0x57, 0x65, 0x69, 0x67, 0x68, - 0x74, 0x73, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, - 0x63, 0x65, 0x2e, 0x57, 0x65, 0x69, 0x67, 0x68, 0x74, 0x73, 0x52, 0x07, 0x57, 0x65, 0x69, 0x67, - 0x68, 0x74, 0x73, 0x12, 0x14, 0x0a, 0x05, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x0b, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x05, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x2c, 0x0a, 0x11, 0x45, 0x6e, 0x61, - 0x62, 0x6c, 0x65, 0x54, 0x61, 0x67, 0x4f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x18, 0x0c, - 0x20, 0x01, 0x28, 0x08, 0x52, 0x11, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x54, 0x61, 0x67, 0x4f, - 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x12, 0x31, 0x0a, 0x05, 0x50, 0x72, 0x6f, 0x78, 0x79, - 0x18, 0x0e, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, - 0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x43, 0x6f, 0x6e, - 0x66, 0x69, 0x67, 0x52, 0x05, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x12, 0x3e, 0x0a, 0x0e, 0x45, 0x6e, - 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x11, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, 0x74, 0x65, + 0x43, 0x0a, 0x05, 0x50, 0x61, 0x74, 0x68, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2d, + 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, + 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0x2e, 0x45, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x50, 0x61, 0x74, 0x68, 0x52, 0x05, 0x50, + 0x61, 0x74, 0x68, 0x73, 0x22, 0xb0, 0x01, 0x0a, 0x0a, 0x45, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x50, + 0x61, 0x74, 0x68, 0x12, 0x22, 0x0a, 0x0c, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x50, + 0x6f, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0c, 0x4c, 0x69, 0x73, 0x74, 0x65, + 0x6e, 0x65, 0x72, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x50, 0x61, 0x74, 0x68, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x50, 0x61, 0x74, 0x68, 0x12, 0x24, 0x0a, 0x0d, 0x4c, + 0x6f, 0x63, 0x61, 0x6c, 0x50, 0x61, 0x74, 0x68, 0x50, 0x6f, 0x72, 0x74, 0x18, 0x03, 0x20, 0x01, + 0x28, 0x05, 0x52, 0x0d, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x50, 0x61, 0x74, 0x68, 0x50, 0x6f, 0x72, + 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x04, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x08, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x28, 0x0a, + 0x0f, 0x50, 0x61, 0x72, 0x73, 0x65, 0x64, 0x46, 0x72, 0x6f, 0x6d, 0x43, 0x68, 0x65, 0x63, 0x6b, + 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0f, 0x50, 0x61, 0x72, 0x73, 0x65, 0x64, 0x46, 0x72, + 0x6f, 0x6d, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x22, 0x27, 0x0a, 0x11, 0x4d, 0x65, 0x73, 0x68, 0x47, + 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x12, 0x0a, 0x04, + 0x4d, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4d, 0x6f, 0x64, 0x65, + 0x22, 0x74, 0x0a, 0x16, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x50, + 0x72, 0x6f, 0x78, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x32, 0x0a, 0x14, 0x4f, 0x75, + 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x50, 0x6f, + 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x14, 0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, + 0x6e, 0x64, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x26, + 0x0a, 0x0e, 0x44, 0x69, 0x61, 0x6c, 0x65, 0x64, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x6c, 0x79, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x44, 0x69, 0x61, 0x6c, 0x65, 0x64, 0x44, 0x69, + 0x72, 0x65, 0x63, 0x74, 0x6c, 0x79, 0x22, 0xae, 0x08, 0x0a, 0x11, 0x53, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0x44, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, + 0x4b, 0x69, 0x6e, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4b, 0x69, 0x6e, 0x64, + 0x12, 0x0e, 0x0a, 0x02, 0x49, 0x44, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x49, 0x44, + 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, + 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x54, 0x61, 0x67, 0x73, 0x18, 0x04, 0x20, 0x03, + 0x28, 0x09, 0x52, 0x04, 0x54, 0x61, 0x67, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x41, 0x64, 0x64, 0x72, + 0x65, 0x73, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x41, 0x64, 0x64, 0x72, 0x65, + 0x73, 0x73, 0x12, 0x73, 0x0a, 0x0f, 0x54, 0x61, 0x67, 0x67, 0x65, 0x64, 0x41, 0x64, 0x64, 0x72, + 0x65, 0x73, 0x73, 0x65, 0x73, 0x18, 0x10, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x49, 0x2e, 0x68, 0x61, + 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, + 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, + 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x44, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, + 0x6e, 0x2e, 0x54, 0x61, 0x67, 0x67, 0x65, 0x64, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, + 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0f, 0x54, 0x61, 0x67, 0x67, 0x65, 0x64, 0x41, 0x64, + 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x12, 0x52, 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, + 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, + 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, + 0x6c, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, + 0x65, 0x44, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x4d, 0x65, 0x74, 0x61, + 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x12, 0x0a, 0x04, 0x50, + 0x6f, 0x72, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x05, 0x52, 0x04, 0x50, 0x6f, 0x72, 0x74, 0x12, + 0x1e, 0x0a, 0x0a, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x50, 0x61, 0x74, 0x68, 0x18, 0x12, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x0a, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x50, 0x61, 0x74, 0x68, 0x12, + 0x42, 0x0a, 0x05, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2c, + 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, + 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0x2e, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x54, 0x79, 0x70, 0x65, 0x52, 0x05, 0x43, 0x68, + 0x65, 0x63, 0x6b, 0x12, 0x44, 0x0a, 0x06, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x73, 0x18, 0x09, 0x20, + 0x03, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, + 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, + 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x54, 0x79, 0x70, + 0x65, 0x52, 0x06, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x73, 0x12, 0x44, 0x0a, 0x07, 0x57, 0x65, 0x69, + 0x67, 0x68, 0x74, 0x73, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x68, 0x61, 0x73, + 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, + 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x57, + 0x65, 0x69, 0x67, 0x68, 0x74, 0x73, 0x52, 0x07, 0x57, 0x65, 0x69, 0x67, 0x68, 0x74, 0x73, 0x12, + 0x14, 0x0a, 0x05, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, + 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x2c, 0x0a, 0x11, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x54, + 0x61, 0x67, 0x4f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x08, + 0x52, 0x11, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x54, 0x61, 0x67, 0x4f, 0x76, 0x65, 0x72, 0x72, + 0x69, 0x64, 0x65, 0x12, 0x4b, 0x0a, 0x05, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x18, 0x0e, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x35, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, + 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x73, + 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x50, 0x72, + 0x6f, 0x78, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x05, 0x50, 0x72, 0x6f, 0x78, 0x79, + 0x12, 0x58, 0x0a, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, + 0x74, 0x61, 0x18, 0x11, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, + 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, + 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x52, 0x0e, 0x45, 0x6e, 0x74, 0x65, - 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x31, 0x0a, 0x07, 0x43, 0x6f, - 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x73, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x43, 0x6f, 0x6e, - 0x6e, 0x65, 0x63, 0x74, 0x52, 0x07, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x1a, 0x5b, 0x0a, - 0x14, 0x54, 0x61, 0x67, 0x67, 0x65, 0x64, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, - 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x2d, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, - 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x52, - 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, - 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, - 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, - 0x02, 0x38, 0x01, 0x22, 0x3e, 0x0a, 0x0e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x41, 0x64, - 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, - 0x12, 0x0a, 0x04, 0x50, 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x04, 0x50, - 0x6f, 0x72, 0x74, 0x22, 0x3d, 0x0a, 0x07, 0x57, 0x65, 0x69, 0x67, 0x68, 0x74, 0x73, 0x12, 0x18, - 0x0a, 0x07, 0x50, 0x61, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, - 0x07, 0x50, 0x61, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x12, 0x18, 0x0a, 0x07, 0x57, 0x61, 0x72, 0x6e, - 0x69, 0x6e, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x07, 0x57, 0x61, 0x72, 0x6e, 0x69, - 0x6e, 0x67, 0x42, 0x84, 0x01, 0x0a, 0x0b, 0x63, 0x6f, 0x6d, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, - 0x63, 0x65, 0x42, 0x0c, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, - 0x50, 0x01, 0x5a, 0x2b, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, - 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0xa2, - 0x02, 0x03, 0x53, 0x58, 0x58, 0xaa, 0x02, 0x07, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0xca, - 0x02, 0x07, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0xe2, 0x02, 0x13, 0x53, 0x65, 0x72, 0x76, - 0x69, 0x63, 0x65, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, - 0x02, 0x07, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x33, + 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x4b, 0x0a, 0x07, 0x43, 0x6f, + 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68, 0x61, + 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, + 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, + 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x52, 0x07, + 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x1a, 0x75, 0x0a, 0x14, 0x54, 0x61, 0x67, 0x67, 0x65, + 0x64, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, + 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, + 0x79, 0x12, 0x47, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x31, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, + 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x73, 0x65, 0x72, + 0x76, 0x69, 0x63, 0x65, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x41, 0x64, 0x64, 0x72, + 0x65, 0x73, 0x73, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x37, + 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, + 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, + 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, + 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x3e, 0x0a, 0x0e, 0x53, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x41, 0x64, 0x64, + 0x72, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x41, 0x64, 0x64, 0x72, + 0x65, 0x73, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x50, 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x05, 0x52, 0x04, 0x50, 0x6f, 0x72, 0x74, 0x22, 0x3d, 0x0a, 0x07, 0x57, 0x65, 0x69, 0x67, 0x68, + 0x74, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x50, 0x61, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x05, 0x52, 0x07, 0x50, 0x61, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x12, 0x18, 0x0a, 0x07, + 0x57, 0x61, 0x72, 0x6e, 0x69, 0x6e, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x07, 0x57, + 0x61, 0x72, 0x6e, 0x69, 0x6e, 0x67, 0x42, 0x8a, 0x02, 0x0a, 0x25, 0x63, 0x6f, 0x6d, 0x2e, 0x68, + 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, + 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, + 0x42, 0x0c, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, + 0x5a, 0x2b, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, + 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0xa2, 0x02, 0x04, + 0x48, 0x43, 0x49, 0x53, 0xaa, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, + 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, + 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0xca, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, + 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74, 0x65, + 0x72, 0x6e, 0x61, 0x6c, 0x5c, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0xe2, 0x02, 0x2d, 0x48, + 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, + 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5c, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, + 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x24, 0x48, + 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, + 0x3a, 0x3a, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x3a, 0x3a, 0x53, 0x65, 0x72, 0x76, + 0x69, 0x63, 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -1325,43 +1362,43 @@ func file_proto_pbservice_service_proto_rawDescGZIP() []byte { var file_proto_pbservice_service_proto_msgTypes = make([]protoimpl.MessageInfo, 13) var file_proto_pbservice_service_proto_goTypes = []interface{}{ - (*ConnectProxyConfig)(nil), // 0: service.ConnectProxyConfig - (*Upstream)(nil), // 1: service.Upstream - (*ServiceConnect)(nil), // 2: service.ServiceConnect - (*PeeringServiceMeta)(nil), // 3: service.PeeringServiceMeta - (*ExposeConfig)(nil), // 4: service.ExposeConfig - (*ExposePath)(nil), // 5: service.ExposePath - (*MeshGatewayConfig)(nil), // 6: service.MeshGatewayConfig - (*TransparentProxyConfig)(nil), // 7: service.TransparentProxyConfig - (*ServiceDefinition)(nil), // 8: service.ServiceDefinition - (*ServiceAddress)(nil), // 9: service.ServiceAddress - (*Weights)(nil), // 10: service.Weights - nil, // 11: service.ServiceDefinition.TaggedAddressesEntry - nil, // 12: service.ServiceDefinition.MetaEntry + (*ConnectProxyConfig)(nil), // 0: hashicorp.consul.internal.service.ConnectProxyConfig + (*Upstream)(nil), // 1: hashicorp.consul.internal.service.Upstream + (*ServiceConnect)(nil), // 2: hashicorp.consul.internal.service.ServiceConnect + (*PeeringServiceMeta)(nil), // 3: hashicorp.consul.internal.service.PeeringServiceMeta + (*ExposeConfig)(nil), // 4: hashicorp.consul.internal.service.ExposeConfig + (*ExposePath)(nil), // 5: hashicorp.consul.internal.service.ExposePath + (*MeshGatewayConfig)(nil), // 6: hashicorp.consul.internal.service.MeshGatewayConfig + (*TransparentProxyConfig)(nil), // 7: hashicorp.consul.internal.service.TransparentProxyConfig + (*ServiceDefinition)(nil), // 8: hashicorp.consul.internal.service.ServiceDefinition + (*ServiceAddress)(nil), // 9: hashicorp.consul.internal.service.ServiceAddress + (*Weights)(nil), // 10: hashicorp.consul.internal.service.Weights + nil, // 11: hashicorp.consul.internal.service.ServiceDefinition.TaggedAddressesEntry + nil, // 12: hashicorp.consul.internal.service.ServiceDefinition.MetaEntry (*structpb.Struct)(nil), // 13: google.protobuf.Struct - (*CheckType)(nil), // 14: service.CheckType - (*pbcommon.EnterpriseMeta)(nil), // 15: common.EnterpriseMeta + (*CheckType)(nil), // 14: hashicorp.consul.internal.service.CheckType + (*pbcommon.EnterpriseMeta)(nil), // 15: hashicorp.consul.internal.common.EnterpriseMeta } var file_proto_pbservice_service_proto_depIdxs = []int32{ - 13, // 0: service.ConnectProxyConfig.Config:type_name -> google.protobuf.Struct - 1, // 1: service.ConnectProxyConfig.Upstreams:type_name -> service.Upstream - 6, // 2: service.ConnectProxyConfig.MeshGateway:type_name -> service.MeshGatewayConfig - 4, // 3: service.ConnectProxyConfig.Expose:type_name -> service.ExposeConfig - 7, // 4: service.ConnectProxyConfig.TransparentProxy:type_name -> service.TransparentProxyConfig - 13, // 5: service.Upstream.Config:type_name -> google.protobuf.Struct - 6, // 6: service.Upstream.MeshGateway:type_name -> service.MeshGatewayConfig - 8, // 7: service.ServiceConnect.SidecarService:type_name -> service.ServiceDefinition - 3, // 8: service.ServiceConnect.PeerMeta:type_name -> service.PeeringServiceMeta - 5, // 9: service.ExposeConfig.Paths:type_name -> service.ExposePath - 11, // 10: service.ServiceDefinition.TaggedAddresses:type_name -> service.ServiceDefinition.TaggedAddressesEntry - 12, // 11: service.ServiceDefinition.Meta:type_name -> service.ServiceDefinition.MetaEntry - 14, // 12: service.ServiceDefinition.Check:type_name -> service.CheckType - 14, // 13: service.ServiceDefinition.Checks:type_name -> service.CheckType - 10, // 14: service.ServiceDefinition.Weights:type_name -> service.Weights - 0, // 15: service.ServiceDefinition.Proxy:type_name -> service.ConnectProxyConfig - 15, // 16: service.ServiceDefinition.EnterpriseMeta:type_name -> common.EnterpriseMeta - 2, // 17: service.ServiceDefinition.Connect:type_name -> service.ServiceConnect - 9, // 18: service.ServiceDefinition.TaggedAddressesEntry.value:type_name -> service.ServiceAddress + 13, // 0: hashicorp.consul.internal.service.ConnectProxyConfig.Config:type_name -> google.protobuf.Struct + 1, // 1: hashicorp.consul.internal.service.ConnectProxyConfig.Upstreams:type_name -> hashicorp.consul.internal.service.Upstream + 6, // 2: hashicorp.consul.internal.service.ConnectProxyConfig.MeshGateway:type_name -> hashicorp.consul.internal.service.MeshGatewayConfig + 4, // 3: hashicorp.consul.internal.service.ConnectProxyConfig.Expose:type_name -> hashicorp.consul.internal.service.ExposeConfig + 7, // 4: hashicorp.consul.internal.service.ConnectProxyConfig.TransparentProxy:type_name -> hashicorp.consul.internal.service.TransparentProxyConfig + 13, // 5: hashicorp.consul.internal.service.Upstream.Config:type_name -> google.protobuf.Struct + 6, // 6: hashicorp.consul.internal.service.Upstream.MeshGateway:type_name -> hashicorp.consul.internal.service.MeshGatewayConfig + 8, // 7: hashicorp.consul.internal.service.ServiceConnect.SidecarService:type_name -> hashicorp.consul.internal.service.ServiceDefinition + 3, // 8: hashicorp.consul.internal.service.ServiceConnect.PeerMeta:type_name -> hashicorp.consul.internal.service.PeeringServiceMeta + 5, // 9: hashicorp.consul.internal.service.ExposeConfig.Paths:type_name -> hashicorp.consul.internal.service.ExposePath + 11, // 10: hashicorp.consul.internal.service.ServiceDefinition.TaggedAddresses:type_name -> hashicorp.consul.internal.service.ServiceDefinition.TaggedAddressesEntry + 12, // 11: hashicorp.consul.internal.service.ServiceDefinition.Meta:type_name -> hashicorp.consul.internal.service.ServiceDefinition.MetaEntry + 14, // 12: hashicorp.consul.internal.service.ServiceDefinition.Check:type_name -> hashicorp.consul.internal.service.CheckType + 14, // 13: hashicorp.consul.internal.service.ServiceDefinition.Checks:type_name -> hashicorp.consul.internal.service.CheckType + 10, // 14: hashicorp.consul.internal.service.ServiceDefinition.Weights:type_name -> hashicorp.consul.internal.service.Weights + 0, // 15: hashicorp.consul.internal.service.ServiceDefinition.Proxy:type_name -> hashicorp.consul.internal.service.ConnectProxyConfig + 15, // 16: hashicorp.consul.internal.service.ServiceDefinition.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta + 2, // 17: hashicorp.consul.internal.service.ServiceDefinition.Connect:type_name -> hashicorp.consul.internal.service.ServiceConnect + 9, // 18: hashicorp.consul.internal.service.ServiceDefinition.TaggedAddressesEntry.value:type_name -> hashicorp.consul.internal.service.ServiceAddress 19, // [19:19] is the sub-list for method output_type 19, // [19:19] is the sub-list for method input_type 19, // [19:19] is the sub-list for extension type_name diff --git a/proto/pbservice/service.proto b/proto/pbservice/service.proto index 9c7956a0d..690a3b82a 100644 --- a/proto/pbservice/service.proto +++ b/proto/pbservice/service.proto @@ -1,6 +1,6 @@ syntax = "proto3"; -package service; +package hashicorp.consul.internal.service; import "google/protobuf/struct.proto"; import "proto/pbcommon/common.proto"; diff --git a/proto/pbstatus/status.pb.go b/proto/pbstatus/status.pb.go index f97dbc773..c69c57cbf 100644 --- a/proto/pbstatus/status.pb.go +++ b/proto/pbstatus/status.pb.go @@ -115,24 +115,34 @@ var File_proto_pbstatus_status_proto protoreflect.FileDescriptor var file_proto_pbstatus_status_proto_rawDesc = []byte{ 0x0a, 0x1b, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, - 0x2f, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x06, 0x73, - 0x74, 0x61, 0x74, 0x75, 0x73, 0x1a, 0x19, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x61, 0x6e, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x22, 0x66, 0x0a, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x6f, - 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x04, 0x63, 0x6f, 0x64, 0x65, 0x12, 0x18, - 0x0a, 0x07, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x07, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x12, 0x2e, 0x0a, 0x07, 0x64, 0x65, 0x74, 0x61, - 0x69, 0x6c, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x67, 0x6f, 0x6f, 0x67, - 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x41, 0x6e, 0x79, 0x52, - 0x07, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x42, 0x7d, 0x0a, 0x0a, 0x63, 0x6f, 0x6d, 0x2e, - 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x42, 0x0b, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x50, 0x72, - 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2a, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, - 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, - 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x73, 0x74, 0x61, 0x74, 0x75, - 0x73, 0xa2, 0x02, 0x03, 0x53, 0x58, 0x58, 0xaa, 0x02, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, - 0xca, 0x02, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0xe2, 0x02, 0x12, 0x53, 0x74, 0x61, 0x74, - 0x75, 0x73, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, - 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x2f, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x20, 0x68, + 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, + 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x1a, + 0x19, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, + 0x2f, 0x61, 0x6e, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x66, 0x0a, 0x06, 0x53, 0x74, + 0x61, 0x74, 0x75, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x05, 0x52, 0x04, 0x63, 0x6f, 0x64, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x6d, 0x65, 0x73, 0x73, + 0x61, 0x67, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6d, 0x65, 0x73, 0x73, 0x61, + 0x67, 0x65, 0x12, 0x2e, 0x0a, 0x07, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x18, 0x03, 0x20, + 0x03, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x41, 0x6e, 0x79, 0x52, 0x07, 0x64, 0x65, 0x74, 0x61, 0x69, + 0x6c, 0x73, 0x42, 0x83, 0x02, 0x0a, 0x24, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, + 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, + 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x42, 0x0b, 0x53, 0x74, 0x61, + 0x74, 0x75, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2a, 0x67, 0x69, 0x74, 0x68, + 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, + 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, + 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0xa2, 0x02, 0x04, 0x48, 0x43, 0x49, 0x53, 0xaa, 0x02, 0x20, + 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, + 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, + 0xca, 0x02, 0x20, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, + 0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5c, 0x53, 0x74, 0x61, + 0x74, 0x75, 0x73, 0xe2, 0x02, 0x2c, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, + 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5c, + 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, + 0x74, 0x61, 0xea, 0x02, 0x23, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, + 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, + 0x3a, 0x3a, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -149,11 +159,11 @@ func file_proto_pbstatus_status_proto_rawDescGZIP() []byte { var file_proto_pbstatus_status_proto_msgTypes = make([]protoimpl.MessageInfo, 1) var file_proto_pbstatus_status_proto_goTypes = []interface{}{ - (*Status)(nil), // 0: status.Status + (*Status)(nil), // 0: hashicorp.consul.internal.status.Status (*anypb.Any)(nil), // 1: google.protobuf.Any } var file_proto_pbstatus_status_proto_depIdxs = []int32{ - 1, // 0: status.Status.details:type_name -> google.protobuf.Any + 1, // 0: hashicorp.consul.internal.status.Status.details:type_name -> google.protobuf.Any 1, // [1:1] is the sub-list for method output_type 1, // [1:1] is the sub-list for method input_type 1, // [1:1] is the sub-list for extension type_name diff --git a/proto/pbstatus/status.proto b/proto/pbstatus/status.proto index e483b1950..70fb3f58a 100644 --- a/proto/pbstatus/status.proto +++ b/proto/pbstatus/status.proto @@ -14,7 +14,7 @@ syntax = "proto3"; -package status; +package hashicorp.consul.internal.status; import "google/protobuf/any.proto"; diff --git a/proto/pbsubscribe/subscribe.pb.go b/proto/pbsubscribe/subscribe.pb.go index b4d699b6c..deb43bad4 100644 --- a/proto/pbsubscribe/subscribe.pb.go +++ b/proto/pbsubscribe/subscribe.pb.go @@ -7,6 +7,12 @@ // protoc (unknown) // source: proto/pbsubscribe/subscribe.proto +// TODO: ideally we would have prefixed this package as +// "hashicorp.consul.internal.subscribe" before releasing but now correcting this will +// require a grpc passthrough service shim since the package name is part of +// the rpc method dispatch and editing it naively would break backwards +// compatibility. + package pbsubscribe import ( @@ -814,53 +820,57 @@ var file_proto_pbsubscribe_subscribe_proto_rawDesc = []byte{ 0x36, 0x0a, 0x0a, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x42, 0x61, 0x74, 0x63, 0x68, 0x12, 0x28, 0x0a, 0x06, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x2e, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x52, - 0x06, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x22, 0x82, 0x01, 0x0a, 0x13, 0x53, 0x65, 0x72, 0x76, + 0x06, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x22, 0x9c, 0x01, 0x0a, 0x13, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x12, 0x24, 0x0a, 0x02, 0x4f, 0x70, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x14, 0x2e, 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x2e, 0x43, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x4f, - 0x70, 0x52, 0x02, 0x4f, 0x70, 0x12, 0x45, 0x0a, 0x10, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x53, 0x65, + 0x70, 0x52, 0x02, 0x4f, 0x70, 0x12, 0x5f, 0x0a, 0x10, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4e, 0x6f, 0x64, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x19, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x53, - 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4e, 0x6f, 0x64, 0x65, 0x52, 0x10, 0x43, 0x68, 0x65, 0x63, - 0x6b, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4e, 0x6f, 0x64, 0x65, 0x22, 0xaa, 0x01, 0x0a, - 0x11, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x55, 0x70, 0x64, 0x61, - 0x74, 0x65, 0x12, 0x35, 0x0a, 0x02, 0x4f, 0x70, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x25, - 0x2e, 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x69, - 0x67, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x2e, 0x55, 0x70, 0x64, - 0x61, 0x74, 0x65, 0x4f, 0x70, 0x52, 0x02, 0x4f, 0x70, 0x12, 0x3a, 0x0a, 0x0b, 0x43, 0x6f, 0x6e, - 0x66, 0x69, 0x67, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18, - 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x43, 0x6f, 0x6e, - 0x66, 0x69, 0x67, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0b, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, - 0x45, 0x6e, 0x74, 0x72, 0x79, 0x22, 0x22, 0x0a, 0x08, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x4f, - 0x70, 0x12, 0x0a, 0x0a, 0x06, 0x55, 0x70, 0x73, 0x65, 0x72, 0x74, 0x10, 0x00, 0x12, 0x0a, 0x0a, - 0x06, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x10, 0x01, 0x2a, 0x91, 0x01, 0x0a, 0x05, 0x54, 0x6f, - 0x70, 0x69, 0x63, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x6e, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x10, 0x00, - 0x12, 0x11, 0x0a, 0x0d, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x48, 0x65, 0x61, 0x6c, 0x74, - 0x68, 0x10, 0x01, 0x12, 0x18, 0x0a, 0x14, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x48, 0x65, - 0x61, 0x6c, 0x74, 0x68, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x10, 0x02, 0x12, 0x0e, 0x0a, - 0x0a, 0x4d, 0x65, 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x10, 0x03, 0x12, 0x13, 0x0a, - 0x0f, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, - 0x10, 0x04, 0x12, 0x12, 0x0a, 0x0e, 0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x47, 0x61, 0x74, - 0x65, 0x77, 0x61, 0x79, 0x10, 0x05, 0x12, 0x15, 0x0a, 0x11, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, - 0x65, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x10, 0x06, 0x2a, 0x29, 0x0a, - 0x09, 0x43, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x4f, 0x70, 0x12, 0x0c, 0x0a, 0x08, 0x52, 0x65, - 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x10, 0x00, 0x12, 0x0e, 0x0a, 0x0a, 0x44, 0x65, 0x72, 0x65, - 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x10, 0x01, 0x32, 0x59, 0x0a, 0x17, 0x53, 0x74, 0x61, 0x74, - 0x65, 0x43, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x53, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, - 0x69, 0x6f, 0x6e, 0x12, 0x3e, 0x0a, 0x09, 0x53, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, - 0x12, 0x1b, 0x2e, 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x2e, 0x53, 0x75, 0x62, - 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x10, 0x2e, - 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x2e, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x22, - 0x00, 0x30, 0x01, 0x42, 0x92, 0x01, 0x0a, 0x0d, 0x63, 0x6f, 0x6d, 0x2e, 0x73, 0x75, 0x62, 0x73, - 0x63, 0x72, 0x69, 0x62, 0x65, 0x42, 0x0e, 0x53, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, - 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2d, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, - 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, - 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x73, 0x75, 0x62, - 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0xa2, 0x02, 0x03, 0x53, 0x58, 0x58, 0xaa, 0x02, 0x09, 0x53, - 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0xca, 0x02, 0x09, 0x53, 0x75, 0x62, 0x73, 0x63, - 0x72, 0x69, 0x62, 0x65, 0xe2, 0x02, 0x15, 0x53, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, - 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x09, 0x53, - 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x33, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, + 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x73, 0x65, 0x72, 0x76, + 0x69, 0x63, 0x65, 0x2e, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, + 0x4e, 0x6f, 0x64, 0x65, 0x52, 0x10, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x53, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0x4e, 0x6f, 0x64, 0x65, 0x22, 0xc4, 0x01, 0x0a, 0x11, 0x43, 0x6f, 0x6e, 0x66, 0x69, + 0x67, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x12, 0x35, 0x0a, 0x02, + 0x4f, 0x70, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x25, 0x2e, 0x73, 0x75, 0x62, 0x73, 0x63, + 0x72, 0x69, 0x62, 0x65, 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x45, 0x6e, 0x74, 0x72, 0x79, + 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x4f, 0x70, 0x52, + 0x02, 0x4f, 0x70, 0x12, 0x54, 0x0a, 0x0b, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x45, 0x6e, 0x74, + 0x72, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, + 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, + 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, + 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0b, 0x43, 0x6f, + 0x6e, 0x66, 0x69, 0x67, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x22, 0x22, 0x0a, 0x08, 0x55, 0x70, 0x64, + 0x61, 0x74, 0x65, 0x4f, 0x70, 0x12, 0x0a, 0x0a, 0x06, 0x55, 0x70, 0x73, 0x65, 0x72, 0x74, 0x10, + 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x10, 0x01, 0x2a, 0x91, 0x01, + 0x0a, 0x05, 0x54, 0x6f, 0x70, 0x69, 0x63, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x6e, 0x6b, 0x6e, 0x6f, + 0x77, 0x6e, 0x10, 0x00, 0x12, 0x11, 0x0a, 0x0d, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x48, + 0x65, 0x61, 0x6c, 0x74, 0x68, 0x10, 0x01, 0x12, 0x18, 0x0a, 0x14, 0x53, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x10, + 0x02, 0x12, 0x0e, 0x0a, 0x0a, 0x4d, 0x65, 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x10, + 0x03, 0x12, 0x13, 0x0a, 0x0f, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x6f, + 0x6c, 0x76, 0x65, 0x72, 0x10, 0x04, 0x12, 0x12, 0x0a, 0x0e, 0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, + 0x73, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x10, 0x05, 0x12, 0x15, 0x0a, 0x11, 0x53, 0x65, + 0x72, 0x76, 0x69, 0x63, 0x65, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x10, + 0x06, 0x2a, 0x29, 0x0a, 0x09, 0x43, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x4f, 0x70, 0x12, 0x0c, + 0x0a, 0x08, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x10, 0x00, 0x12, 0x0e, 0x0a, 0x0a, + 0x44, 0x65, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x10, 0x01, 0x32, 0x59, 0x0a, 0x17, + 0x53, 0x74, 0x61, 0x74, 0x65, 0x43, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x53, 0x75, 0x62, 0x73, 0x63, + 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x3e, 0x0a, 0x09, 0x53, 0x75, 0x62, 0x73, 0x63, + 0x72, 0x69, 0x62, 0x65, 0x12, 0x1b, 0x2e, 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, + 0x2e, 0x53, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, + 0x74, 0x1a, 0x10, 0x2e, 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x2e, 0x45, 0x76, + 0x65, 0x6e, 0x74, 0x22, 0x00, 0x30, 0x01, 0x42, 0x92, 0x01, 0x0a, 0x0d, 0x63, 0x6f, 0x6d, 0x2e, + 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x42, 0x0e, 0x53, 0x75, 0x62, 0x73, 0x63, + 0x72, 0x69, 0x62, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2d, 0x67, 0x69, 0x74, + 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, + 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, + 0x62, 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0xa2, 0x02, 0x03, 0x53, 0x58, 0x58, + 0xaa, 0x02, 0x09, 0x53, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0xca, 0x02, 0x09, 0x53, + 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0xe2, 0x02, 0x15, 0x53, 0x75, 0x62, 0x73, 0x63, + 0x72, 0x69, 0x62, 0x65, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, + 0xea, 0x02, 0x09, 0x53, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x62, 0x06, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -887,8 +897,8 @@ var file_proto_pbsubscribe_subscribe_proto_goTypes = []interface{}{ (*EventBatch)(nil), // 6: subscribe.EventBatch (*ServiceHealthUpdate)(nil), // 7: subscribe.ServiceHealthUpdate (*ConfigEntryUpdate)(nil), // 8: subscribe.ConfigEntryUpdate - (*pbservice.CheckServiceNode)(nil), // 9: service.CheckServiceNode - (*pbconfigentry.ConfigEntry)(nil), // 10: configentry.ConfigEntry + (*pbservice.CheckServiceNode)(nil), // 9: hashicorp.consul.internal.service.CheckServiceNode + (*pbconfigentry.ConfigEntry)(nil), // 10: hashicorp.consul.internal.configentry.ConfigEntry } var file_proto_pbsubscribe_subscribe_proto_depIdxs = []int32{ 0, // 0: subscribe.SubscribeRequest.Topic:type_name -> subscribe.Topic @@ -898,9 +908,9 @@ var file_proto_pbsubscribe_subscribe_proto_depIdxs = []int32{ 8, // 4: subscribe.Event.ConfigEntry:type_name -> subscribe.ConfigEntryUpdate 5, // 5: subscribe.EventBatch.Events:type_name -> subscribe.Event 1, // 6: subscribe.ServiceHealthUpdate.Op:type_name -> subscribe.CatalogOp - 9, // 7: subscribe.ServiceHealthUpdate.CheckServiceNode:type_name -> service.CheckServiceNode + 9, // 7: subscribe.ServiceHealthUpdate.CheckServiceNode:type_name -> hashicorp.consul.internal.service.CheckServiceNode 2, // 8: subscribe.ConfigEntryUpdate.Op:type_name -> subscribe.ConfigEntryUpdate.UpdateOp - 10, // 9: subscribe.ConfigEntryUpdate.ConfigEntry:type_name -> configentry.ConfigEntry + 10, // 9: subscribe.ConfigEntryUpdate.ConfigEntry:type_name -> hashicorp.consul.internal.configentry.ConfigEntry 4, // 10: subscribe.StateChangeSubscription.Subscribe:input_type -> subscribe.SubscribeRequest 5, // 11: subscribe.StateChangeSubscription.Subscribe:output_type -> subscribe.Event 11, // [11:12] is the sub-list for method output_type diff --git a/proto/pbsubscribe/subscribe.proto b/proto/pbsubscribe/subscribe.proto index 7808cc5bf..4f1e092c4 100644 --- a/proto/pbsubscribe/subscribe.proto +++ b/proto/pbsubscribe/subscribe.proto @@ -3,6 +3,11 @@ Package event provides a service for subscribing to state change events. */ syntax = "proto3"; +// TODO: ideally we would have prefixed this package as +// "hashicorp.consul.internal.subscribe" before releasing but now correcting this will +// require a grpc passthrough service shim since the package name is part of +// the rpc method dispatch and editing it naively would break backwards +// compatibility. package subscribe; import "proto/pbconfigentry/config_entry.proto"; @@ -180,7 +185,7 @@ enum CatalogOp { message ServiceHealthUpdate { CatalogOp Op = 1; - service.CheckServiceNode CheckServiceNode = 2; + hashicorp.consul.internal.service.CheckServiceNode CheckServiceNode = 2; } message ConfigEntryUpdate { @@ -190,5 +195,5 @@ message ConfigEntryUpdate { } UpdateOp Op = 1; - configentry.ConfigEntry ConfigEntry = 2; + hashicorp.consul.internal.configentry.ConfigEntry ConfigEntry = 2; } From 0936942b2d72831a2c21e8c99684f6e1a2b5acdb Mon Sep 17 00:00:00 2001 From: "Chris S. Kim" Date: Wed, 13 Jul 2022 12:12:06 -0400 Subject: [PATCH 733/785] Scrub VirtualIPs before exporting --- .../services/peerstream/subscription_manager.go | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/agent/grpc-external/services/peerstream/subscription_manager.go b/agent/grpc-external/services/peerstream/subscription_manager.go index 65fd914e3..33726a216 100644 --- a/agent/grpc-external/services/peerstream/subscription_manager.go +++ b/agent/grpc-external/services/peerstream/subscription_manager.go @@ -169,13 +169,6 @@ func (m *subscriptionManager) handleEvent(ctx context.Context, state *subscripti // skip checks since we just generated one from scratch } - // Scrub raft indexes - for _, instance := range csn.Nodes { - instance.Node.RaftIndex = nil - instance.Service.RaftIndex = nil - // skip checks since we just generated one from scratch - } - id := servicePayloadIDPrefix + strings.TrimPrefix(u.CorrelationID, subExportedService) // Just ferry this one directly along to the destination. @@ -225,6 +218,9 @@ func (m *subscriptionManager) handleEvent(ctx context.Context, state *subscripti if instance.Service.Connect != nil || instance.Service.Proxy != nil { instance.Service.Connect = nil instance.Service.Proxy = nil + + // VirtualIPs assigned in this cluster won't make sense on the importing side + delete(instance.Service.TaggedAddresses, structs.TaggedAddressVirtualIP) } } @@ -286,6 +282,9 @@ func filterConnectReferences(orig *pbservice.IndexedCheckServiceNodes) { csn = proto.Clone(csn).(*pbservice.CheckServiceNode) csn.Service.Connect = nil csn.Service.Proxy = nil + + // VirtualIPs assigned in this cluster won't make sense on the importing side + delete(csn.Service.TaggedAddresses, structs.TaggedAddressVirtualIP) } newNodes = append(newNodes, csn) From 34c0093d446579ae916a58bd2fabc2c9afa9df5a Mon Sep 17 00:00:00 2001 From: "Chris S. Kim" Date: Wed, 13 Jul 2022 12:12:31 -0400 Subject: [PATCH 734/785] Add new watch.Map type to refactor proxycfg --- agent/proxycfg/internal/watch/watchmap.go | 108 +++++++++++++++++ .../proxycfg/internal/watch/watchmap_test.go | 113 ++++++++++++++++++ 2 files changed, 221 insertions(+) create mode 100644 agent/proxycfg/internal/watch/watchmap.go create mode 100644 agent/proxycfg/internal/watch/watchmap_test.go diff --git a/agent/proxycfg/internal/watch/watchmap.go b/agent/proxycfg/internal/watch/watchmap.go new file mode 100644 index 000000000..bbf42dc9a --- /dev/null +++ b/agent/proxycfg/internal/watch/watchmap.go @@ -0,0 +1,108 @@ +package watch + +import "context" + +// Map safely stores and retrieves values by validating that +// there is a live watch for a key. InitWatch must be called +// to associate a key with its cancel function before any +// Set's are called. +type Map[K comparable, V any] struct { + M map[K]watchedVal[V] +} + +type watchedVal[V any] struct { + Val *V + + // keeping cancel private has a beneficial side effect: + // copying Map with copystructure.Copy will zero out + // cancel, preventing it from being called by the + // receiver of a proxy config snapshot. + cancel context.CancelFunc +} + +func NewMap[K comparable, V any]() Map[K, V] { + return Map[K, V]{M: make(map[K]watchedVal[V])} +} + +// InitWatch associates a cancel function with a key, +// allowing Set to be called for the key. The cancel +// function is allowed to be nil. +// +// Any existing data for a key will be cancelled and +// overwritten. +func (m Map[K, V]) InitWatch(key K, cancel func()) { + if _, present := m.M[key]; present { + m.CancelWatch(key) + } + m.M[key] = watchedVal[V]{ + cancel: cancel, + } +} + +// CancelWatch first calls the cancel function +// associated with the key then deletes the key +// from the map. No-op if key is not present. +func (m Map[K, V]) CancelWatch(key K) { + if entry, ok := m.M[key]; ok { + if entry.cancel != nil { + entry.cancel() + } + delete(m.M, key) + } +} + +// IsWatched returns true if InitWatch has been +// called for key and has not been cancelled by +// CancelWatch. +func (m Map[K, V]) IsWatched(key K) bool { + if _, present := m.M[key]; present { + return true + } + return false +} + +// Set stores V if K exists in the map. +// No-op if the key never was initialized with InitWatch +// or if the entry got cancelled by CancelWatch. +func (m Map[K, V]) Set(key K, val V) bool { + if entry, ok := m.M[key]; ok { + entry.Val = &val + m.M[key] = entry + return true + } + return false +} + +// Get returns the underlying value for a key. +// If an entry has been set, returns (V, true). +// Otherwise, returns the zero value (V, false). +// +// Note that even if InitWatch has been called +// for a key, unless Set has been called this +// function will return false. +func (m Map[K, V]) Get(key K) (V, bool) { + if entry, ok := m.M[key]; ok { + if entry.Val != nil { + return *entry.Val, true + } + } + var empty V + return empty, false +} + +func (m Map[K, V]) Len() int { + return len(m.M) +} + +// ForEachKey iterates through the map, calling f +// for each iteration. It is up to the caller to +// Get the value and nil-check if required. +// Stops iterating if f returns false. +// Order of iteration is non-deterministic. +func (m Map[K, V]) ForEachKey(f func(K) bool) { + for k := range m.M { + if ok := f(k); !ok { + return + } + } +} diff --git a/agent/proxycfg/internal/watch/watchmap_test.go b/agent/proxycfg/internal/watch/watchmap_test.go new file mode 100644 index 000000000..590351853 --- /dev/null +++ b/agent/proxycfg/internal/watch/watchmap_test.go @@ -0,0 +1,113 @@ +package watch + +import ( + "testing" + + "github.com/stretchr/testify/require" +) + +func TestMap(t *testing.T) { + m := NewMap[string, string]() + + // Set without init is a no-op + { + m.Set("hello", "world") + require.Equal(t, 0, m.Len()) + } + + // Getting from empty map + { + got, ok := m.Get("hello") + require.False(t, ok) + require.Empty(t, got) + } + + var called bool + cancelMock := func() { + called = true + } + + // InitWatch successful + { + m.InitWatch("hello", cancelMock) + require.Equal(t, 1, m.Len()) + } + + // Get still returns false + { + got, ok := m.Get("hello") + require.False(t, ok) + require.Empty(t, got) + } + + // Set successful + { + require.True(t, m.Set("hello", "world")) + require.Equal(t, 1, m.Len()) + } + + // Get successful + { + got, ok := m.Get("hello") + require.True(t, ok) + require.Equal(t, "world", got) + } + + // CancelWatch successful + { + m.CancelWatch("hello") + require.Equal(t, 0, m.Len()) + require.True(t, called) + } + + // Get no-op + { + got, ok := m.Get("hello") + require.False(t, ok) + require.Empty(t, got) + } + + // Set no-op + { + require.False(t, m.Set("hello", "world")) + require.Equal(t, 0, m.Len()) + } +} + +func TestMap_ForEach(t *testing.T) { + type testType struct { + s string + } + + m := NewMap[string, any]() + inputs := map[string]any{ + "hello": 13, + "foo": struct{}{}, + "bar": &testType{s: "wow"}, + } + for k, v := range inputs { + m.InitWatch(k, nil) + m.Set(k, v) + } + require.Equal(t, 3, m.Len()) + + // returning true continues iteration + { + var count int + m.ForEachKey(func(k string) bool { + count++ + return true + }) + require.Equal(t, 3, count) + } + + // returning false exits loop + { + var count int + m.ForEachKey(func(k string) bool { + count++ + return false + }) + require.Equal(t, 1, count) + } +} From 5d890cdbb294ca21dcdaab0861da5298b7fc6bcd Mon Sep 17 00:00:00 2001 From: "Chris S. Kim" Date: Wed, 13 Jul 2022 12:14:57 -0400 Subject: [PATCH 735/785] Use new maps for proxycfg peered data --- agent/agent.go | 2 + agent/proxycfg/connect_proxy.go | 110 ++++++++++++- agent/proxycfg/data_sources.go | 2 + agent/proxycfg/manager_test.go | 9 +- agent/proxycfg/naming.go | 13 +- agent/proxycfg/snapshot.go | 27 +-- agent/proxycfg/state.go | 1 + agent/proxycfg/state_test.go | 280 +++++++++++++++++++++++++++++++- agent/proxycfg/testing.go | 3 + agent/proxycfg/upstreams.go | 20 +-- agent/xds/clusters.go | 12 +- agent/xds/endpoints.go | 4 +- 12 files changed, 430 insertions(+), 53 deletions(-) diff --git a/agent/agent.go b/agent/agent.go index 3c0609a98..765c1ab91 100644 --- a/agent/agent.go +++ b/agent/agent.go @@ -4113,6 +4113,8 @@ func (a *Agent) registerCache() { a.cache.RegisterType(cachetype.TrustBundleListName, &cachetype.TrustBundles{Client: a.rpcClientPeering}) + a.cache.RegisterType(cachetype.PeeredUpstreamsName, &cachetype.PeeredUpstreams{RPC: a}) + a.registerEntCache() } diff --git a/agent/proxycfg/connect_proxy.go b/agent/proxycfg/connect_proxy.go index ab86560bd..3221150db 100644 --- a/agent/proxycfg/connect_proxy.go +++ b/agent/proxycfg/connect_proxy.go @@ -6,6 +6,7 @@ import ( "strings" cachetype "github.com/hashicorp/consul/agent/cache-types" + "github.com/hashicorp/consul/agent/proxycfg/internal/watch" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/proto/pbpeering" ) @@ -22,8 +23,7 @@ func (s *handlerConnectProxy) initialize(ctx context.Context) (ConfigSnapshot, e snap.ConnectProxy.WatchedDiscoveryChains = make(map[UpstreamID]context.CancelFunc) snap.ConnectProxy.WatchedUpstreams = make(map[UpstreamID]map[string]context.CancelFunc) snap.ConnectProxy.WatchedUpstreamEndpoints = make(map[UpstreamID]map[string]structs.CheckServiceNodes) - snap.ConnectProxy.WatchedUpstreamPeerTrustBundles = make(map[string]context.CancelFunc) - snap.ConnectProxy.UpstreamPeerTrustBundles = make(map[string]*pbpeering.PeeringTrustBundle) + snap.ConnectProxy.UpstreamPeerTrustBundles = watch.NewMap[string, *pbpeering.PeeringTrustBundle]() snap.ConnectProxy.WatchedGateways = make(map[UpstreamID]map[string]context.CancelFunc) snap.ConnectProxy.WatchedGatewayEndpoints = make(map[UpstreamID]map[string]structs.CheckServiceNodes) snap.ConnectProxy.WatchedServiceChecks = make(map[structs.ServiceID][]structs.CheckType) @@ -31,7 +31,7 @@ func (s *handlerConnectProxy) initialize(ctx context.Context) (ConfigSnapshot, e snap.ConnectProxy.UpstreamConfig = make(map[UpstreamID]*structs.Upstream) snap.ConnectProxy.PassthroughUpstreams = make(map[UpstreamID]map[string]map[string]struct{}) snap.ConnectProxy.PassthroughIndices = make(map[string]indexedTarget) - snap.ConnectProxy.PeerUpstreamEndpoints = make(map[UpstreamID]structs.CheckServiceNodes) + snap.ConnectProxy.PeerUpstreamEndpoints = watch.NewMap[UpstreamID, structs.CheckServiceNodes]() snap.ConnectProxy.PeerUpstreamEndpointsUseHostnames = make(map[UpstreamID]struct{}) // Watch for root changes @@ -108,6 +108,14 @@ func (s *handlerConnectProxy) initialize(ctx context.Context) (ConfigSnapshot, e if err != nil { return snap, err } + err = s.dataSources.PeeredUpstreams.Notify(ctx, &structs.PartitionSpecificRequest{ + QueryOptions: structs.QueryOptions{Token: s.token}, + Datacenter: s.source.Datacenter, + EnterpriseMeta: s.proxyID.EnterpriseMeta, + }, peeredUpstreamsID, s.ch) + if err != nil { + return snap, err + } } // Watch for updates to service endpoints for all upstreams @@ -134,7 +142,8 @@ func (s *handlerConnectProxy) initialize(ctx context.Context) (ConfigSnapshot, e dc = u.Datacenter } if s.proxyCfg.Mode == structs.ProxyModeTransparent && (dc == "" || dc == s.source.Datacenter) { - // In transparent proxy mode, watches for upstreams in the local DC are handled by the IntentionUpstreams watch. + // In transparent proxy mode, watches for upstreams in the local DC + // are handled by the IntentionUpstreams and PeeredUpstreams watch. continue } @@ -183,8 +192,7 @@ func (s *handlerConnectProxy) initialize(ctx context.Context) (ConfigSnapshot, e s.logger.Trace("initializing watch of peered upstream", "upstream", uid) - // TODO(peering): We'll need to track a CancelFunc for this - // once the tproxy support lands. + snap.ConnectProxy.PeerUpstreamEndpoints.InitWatch(uid, nil) err := s.dataSources.Health.Notify(ctx, &structs.ServiceSpecificRequest{ PeerName: uid.Peer, Datacenter: dc, @@ -204,7 +212,7 @@ func (s *handlerConnectProxy) initialize(ctx context.Context) (ConfigSnapshot, e } // Check whether a watch for this peer exists to avoid duplicates. - if _, ok := snap.ConnectProxy.WatchedUpstreamPeerTrustBundles[uid.Peer]; !ok { + if _, ok := snap.ConnectProxy.UpstreamPeerTrustBundles.Get(uid.Peer); !ok { peerCtx, cancel := context.WithCancel(ctx) if err := s.dataSources.TrustBundle.Notify(peerCtx, &pbpeering.TrustBundleReadRequest{ Name: uid.Peer, @@ -214,7 +222,7 @@ func (s *handlerConnectProxy) initialize(ctx context.Context) (ConfigSnapshot, e return snap, fmt.Errorf("error while watching trust bundle for peer %q: %w", uid.Peer, err) } - snap.ConnectProxy.WatchedUpstreamPeerTrustBundles[uid.Peer] = cancel + snap.ConnectProxy.UpstreamPeerTrustBundles.InitWatch(uid.Peer, cancel) } continue } @@ -262,7 +270,7 @@ func (s *handlerConnectProxy) handleUpdate(ctx context.Context, u UpdateEvent, s } peer := strings.TrimPrefix(u.CorrelationID, peerTrustBundleIDPrefix) if resp.Bundle != nil { - snap.ConnectProxy.UpstreamPeerTrustBundles[peer] = resp.Bundle + snap.ConnectProxy.UpstreamPeerTrustBundles.Set(peer, resp.Bundle) } case u.CorrelationID == peeringTrustBundlesWatchID: @@ -283,6 +291,90 @@ func (s *handlerConnectProxy) handleUpdate(ctx context.Context, u UpdateEvent, s snap.ConnectProxy.Intentions = resp snap.ConnectProxy.IntentionsSet = true + case u.CorrelationID == peeredUpstreamsID: + resp, ok := u.Result.(*structs.IndexedPeeredServiceList) + if !ok { + return fmt.Errorf("invalid type for response %T", u.Result) + } + + seenUpstreams := make(map[UpstreamID]struct{}) + for _, psn := range resp.Services { + uid := NewUpstreamIDFromPeeredServiceName(psn) + + if _, ok := seenUpstreams[uid]; ok { + continue + } + seenUpstreams[uid] = struct{}{} + + s.logger.Trace("initializing watch of peered upstream", "upstream", uid) + + hctx, hcancel := context.WithCancel(ctx) + err := s.dataSources.Health.Notify(hctx, &structs.ServiceSpecificRequest{ + PeerName: uid.Peer, + Datacenter: s.source.Datacenter, + QueryOptions: structs.QueryOptions{ + Token: s.token, + }, + ServiceName: psn.ServiceName.Name, + Connect: true, + // Note that Identifier doesn't type-prefix for service any more as it's + // the default and makes metrics and other things much cleaner. It's + // simpler for us if we have the type to make things unambiguous. + Source: *s.source, + EnterpriseMeta: uid.EnterpriseMeta, + }, upstreamPeerWatchIDPrefix+uid.String(), s.ch) + if err != nil { + hcancel() + return fmt.Errorf("failed to watch health for %s: %v", uid, err) + } + snap.ConnectProxy.PeerUpstreamEndpoints.InitWatch(uid, hcancel) + + // Check whether a watch for this peer exists to avoid duplicates. + if _, ok := snap.ConnectProxy.UpstreamPeerTrustBundles.Get(uid.Peer); !ok { + peerCtx, cancel := context.WithCancel(ctx) + if err := s.dataSources.TrustBundle.Notify(peerCtx, &pbpeering.TrustBundleReadRequest{ + Name: uid.Peer, + Partition: uid.PartitionOrDefault(), + }, peerTrustBundleIDPrefix+uid.Peer, s.ch); err != nil { + cancel() + return fmt.Errorf("error while watching trust bundle for peer %q: %w", uid.Peer, err) + } + + snap.ConnectProxy.UpstreamPeerTrustBundles.InitWatch(uid.Peer, cancel) + } + } + snap.ConnectProxy.PeeredUpstreams = seenUpstreams + + // + // Clean up data + // + + validPeerNames := make(map[string]struct{}) + + // Iterate through all known endpoints and remove references to upstream IDs that weren't in the update + snap.ConnectProxy.PeerUpstreamEndpoints.ForEachKey(func(uid UpstreamID) bool { + // Peered upstream is explicitly defined in upstream config + if _, ok := snap.ConnectProxy.UpstreamConfig[uid]; ok { + validPeerNames[uid.Peer] = struct{}{} + return true + } + // Peered upstream came from dynamic source of imported services + if _, ok := seenUpstreams[uid]; ok { + validPeerNames[uid.Peer] = struct{}{} + return true + } + snap.ConnectProxy.PeerUpstreamEndpoints.CancelWatch(uid) + return true + }) + + // Iterate through all known trust bundles and remove references to any unseen peer names + snap.ConnectProxy.UpstreamPeerTrustBundles.ForEachKey(func(peerName PeerName) bool { + if _, ok := validPeerNames[peerName]; !ok { + snap.ConnectProxy.UpstreamPeerTrustBundles.CancelWatch(peerName) + } + return true + }) + case u.CorrelationID == intentionUpstreamsID: resp, ok := u.Result.(*structs.IndexedServiceList) if !ok { diff --git a/agent/proxycfg/data_sources.go b/agent/proxycfg/data_sources.go index 73c8b0637..310a4340e 100644 --- a/agent/proxycfg/data_sources.go +++ b/agent/proxycfg/data_sources.go @@ -69,6 +69,8 @@ type DataSources struct { // notification channel. LeafCertificate LeafCertificate + // PeeredUpstreams provides imported-service upstream updates on a + // notification channel. PeeredUpstreams PeeredUpstreams // PreparedQuery provides updates about the results of a prepared query. diff --git a/agent/proxycfg/manager_test.go b/agent/proxycfg/manager_test.go index 12d8c7919..184b62148 100644 --- a/agent/proxycfg/manager_test.go +++ b/agent/proxycfg/manager_test.go @@ -11,6 +11,7 @@ import ( cachetype "github.com/hashicorp/consul/agent/cache-types" "github.com/hashicorp/consul/agent/connect" "github.com/hashicorp/consul/agent/consul/discoverychain" + "github.com/hashicorp/consul/agent/proxycfg/internal/watch" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/proto/pbpeering" @@ -230,8 +231,8 @@ func TestManager_BasicLifecycle(t *testing.T) { }, PassthroughUpstreams: map[UpstreamID]map[string]map[string]struct{}{}, PassthroughIndices: map[string]indexedTarget{}, - UpstreamPeerTrustBundles: map[string]*pbpeering.PeeringTrustBundle{}, - PeerUpstreamEndpoints: map[UpstreamID]structs.CheckServiceNodes{}, + UpstreamPeerTrustBundles: watch.NewMap[PeerName, *pbpeering.PeeringTrustBundle](), + PeerUpstreamEndpoints: watch.NewMap[UpstreamID, structs.CheckServiceNodes](), PeerUpstreamEndpointsUseHostnames: map[UpstreamID]struct{}{}, }, PreparedQueryEndpoints: map[UpstreamID]structs.CheckServiceNodes{}, @@ -291,8 +292,8 @@ func TestManager_BasicLifecycle(t *testing.T) { }, PassthroughUpstreams: map[UpstreamID]map[string]map[string]struct{}{}, PassthroughIndices: map[string]indexedTarget{}, - UpstreamPeerTrustBundles: map[string]*pbpeering.PeeringTrustBundle{}, - PeerUpstreamEndpoints: map[UpstreamID]structs.CheckServiceNodes{}, + UpstreamPeerTrustBundles: watch.NewMap[PeerName, *pbpeering.PeeringTrustBundle](), + PeerUpstreamEndpoints: watch.NewMap[UpstreamID, structs.CheckServiceNodes](), PeerUpstreamEndpointsUseHostnames: map[UpstreamID]struct{}{}, }, PreparedQueryEndpoints: map[UpstreamID]structs.CheckServiceNodes{}, diff --git a/agent/proxycfg/naming.go b/agent/proxycfg/naming.go index 7b80d49a9..3bb0854b0 100644 --- a/agent/proxycfg/naming.go +++ b/agent/proxycfg/naming.go @@ -7,6 +7,8 @@ import ( "github.com/hashicorp/consul/agent/structs" ) +type PeerName = string + type UpstreamID struct { Type string Name string @@ -32,7 +34,16 @@ func NewUpstreamID(u *structs.Upstream) UpstreamID { return id } -// TODO(peering): confirm we don't need peername here +func NewUpstreamIDFromPeeredServiceName(psn structs.PeeredServiceName) UpstreamID { + id := UpstreamID{ + Name: psn.ServiceName.Name, + EnterpriseMeta: psn.ServiceName.EnterpriseMeta, + Peer: psn.Peer, + } + id.normalize() + return id +} + func NewUpstreamIDFromServiceName(sn structs.ServiceName) UpstreamID { id := UpstreamID{ Name: sn.Name, diff --git a/agent/proxycfg/snapshot.go b/agent/proxycfg/snapshot.go index c52a99a81..3835c2a01 100644 --- a/agent/proxycfg/snapshot.go +++ b/agent/proxycfg/snapshot.go @@ -9,6 +9,7 @@ import ( "github.com/mitchellh/copystructure" "github.com/hashicorp/consul/acl" + "github.com/hashicorp/consul/agent/proxycfg/internal/watch" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/lib" "github.com/hashicorp/consul/proto/pbpeering" @@ -44,13 +45,9 @@ type ConfigSnapshotUpstreams struct { // endpoints of an upstream. WatchedUpstreamEndpoints map[UpstreamID]map[string]structs.CheckServiceNodes - // WatchedUpstreamPeerTrustBundles is a map of (PeerName -> CancelFunc) in order to cancel - // watches for peer trust bundles any time the list of upstream peers changes. - WatchedUpstreamPeerTrustBundles map[string]context.CancelFunc - // UpstreamPeerTrustBundles is a map of (PeerName -> PeeringTrustBundle). // It is used to store trust bundles for upstream TLS transport sockets. - UpstreamPeerTrustBundles map[string]*pbpeering.PeeringTrustBundle + UpstreamPeerTrustBundles watch.Map[PeerName, *pbpeering.PeeringTrustBundle] // WatchedGateways is a map of UpstreamID -> (map of GatewayKey.String() -> // CancelFunc) in order to cancel watches for mesh gateways @@ -80,10 +77,16 @@ type ConfigSnapshotUpstreams struct { // This list only applies to proxies registered in 'transparent' mode. IntentionUpstreams map[UpstreamID]struct{} + // PeeredUpstreams is a set of all upstream targets in a local partition. + // + // This list only applies to proxies registered in 'transparent' mode. + PeeredUpstreams map[UpstreamID]struct{} + // PeerUpstreamEndpoints is a map of UpstreamID -> (set of IP addresses) // and used to determine the backing endpoints of an upstream in another // peer. - PeerUpstreamEndpoints map[UpstreamID]structs.CheckServiceNodes + PeerUpstreamEndpoints watch.Map[UpstreamID, structs.CheckServiceNodes] + PeerUpstreamEndpointsUseHostnames map[UpstreamID]struct{} } @@ -152,8 +155,7 @@ func (c *configSnapshotConnectProxy) isEmpty() bool { len(c.WatchedDiscoveryChains) == 0 && len(c.WatchedUpstreams) == 0 && len(c.WatchedUpstreamEndpoints) == 0 && - len(c.WatchedUpstreamPeerTrustBundles) == 0 && - len(c.UpstreamPeerTrustBundles) == 0 && + c.UpstreamPeerTrustBundles.Len() == 0 && len(c.WatchedGateways) == 0 && len(c.WatchedGatewayEndpoints) == 0 && len(c.WatchedServiceChecks) == 0 && @@ -161,9 +163,10 @@ func (c *configSnapshotConnectProxy) isEmpty() bool { len(c.UpstreamConfig) == 0 && len(c.PassthroughUpstreams) == 0 && len(c.IntentionUpstreams) == 0 && + len(c.PeeredUpstreams) == 0 && !c.InboundPeerTrustBundlesSet && !c.MeshConfigSet && - len(c.PeerUpstreamEndpoints) == 0 && + c.PeerUpstreamEndpoints.Len() == 0 && len(c.PeerUpstreamEndpointsUseHostnames) == 0 } @@ -715,7 +718,6 @@ func (s *ConfigSnapshot) Clone() (*ConfigSnapshot, error) { snap.ConnectProxy.WatchedUpstreams = nil snap.ConnectProxy.WatchedGateways = nil snap.ConnectProxy.WatchedDiscoveryChains = nil - snap.ConnectProxy.WatchedUpstreamPeerTrustBundles = nil case structs.ServiceKindTerminatingGateway: snap.TerminatingGateway.WatchedServices = nil snap.TerminatingGateway.WatchedIntentions = nil @@ -730,7 +732,6 @@ func (s *ConfigSnapshot) Clone() (*ConfigSnapshot, error) { snap.IngressGateway.WatchedUpstreams = nil snap.IngressGateway.WatchedGateways = nil snap.IngressGateway.WatchedDiscoveryChains = nil - snap.IngressGateway.WatchedUpstreamPeerTrustBundles = nil // only ingress-gateway snap.IngressGateway.LeafCertWatchCancel = nil } @@ -803,7 +804,7 @@ func (s *ConfigSnapshot) MeshConfigTLSOutgoing() *structs.MeshDirectionalTLSConf } func (u *ConfigSnapshotUpstreams) UpstreamPeerMeta(uid UpstreamID) structs.PeeringServiceMeta { - nodes := u.PeerUpstreamEndpoints[uid] + nodes, _ := u.PeerUpstreamEndpoints.Get(uid) if len(nodes) == 0 { return structs.PeeringServiceMeta{} } @@ -833,7 +834,7 @@ func (u *ConfigSnapshotUpstreams) PeeredUpstreamIDs() []UpstreamID { continue } - if _, ok := u.UpstreamPeerTrustBundles[uid.Peer]; uid.Peer != "" && !ok { + if _, ok := u.UpstreamPeerTrustBundles.Get(uid.Peer); !ok { // The trust bundle for this upstream is not available yet, skip for now. continue } diff --git a/agent/proxycfg/state.go b/agent/proxycfg/state.go index 9fc5c88f6..f9388cf48 100644 --- a/agent/proxycfg/state.go +++ b/agent/proxycfg/state.go @@ -36,6 +36,7 @@ const ( serviceResolverIDPrefix = "service-resolver:" serviceIntentionsIDPrefix = "service-intentions:" intentionUpstreamsID = "intention-upstreams" + peeredUpstreamsID = "peered-upstreams" upstreamPeerWatchIDPrefix = "upstream-peer:" exportedServiceListWatchID = "exported-service-list" meshConfigEntryID = "mesh" diff --git a/agent/proxycfg/state_test.go b/agent/proxycfg/state_test.go index 3a54d0314..36b641a69 100644 --- a/agent/proxycfg/state_test.go +++ b/agent/proxycfg/state_test.go @@ -131,6 +131,7 @@ func recordWatches(sc *stateConfig) *watchRecorder { IntentionUpstreams: typedWatchRecorder[*structs.ServiceSpecificRequest]{wr}, InternalServiceDump: typedWatchRecorder[*structs.ServiceDumpRequest]{wr}, LeafCertificate: typedWatchRecorder[*cachetype.ConnectCALeafRequest]{wr}, + PeeredUpstreams: typedWatchRecorder[*structs.PartitionSpecificRequest]{wr}, PreparedQuery: typedWatchRecorder[*structs.PreparedQueryExecuteRequest]{wr}, ResolvedServiceConfig: typedWatchRecorder[*structs.ServiceConfigRequest]{wr}, ServiceList: typedWatchRecorder[*structs.DCSpecificRequest]{wr}, @@ -321,6 +322,15 @@ func genVerifyServiceSpecificPeeredRequest(expectedService, expectedFilter, expe } } +func genVerifyPartitionSpecificRequest(expectedPartition, expectedDatacenter string) verifyWatchRequest { + return func(t testing.TB, request any) { + reqReal, ok := request.(*structs.PartitionSpecificRequest) + require.True(t, ok) + require.Equal(t, expectedDatacenter, reqReal.Datacenter) + require.Equal(t, expectedPartition, reqReal.PartitionOrDefault()) + } +} + func genVerifyGatewayServiceWatch(expectedService, expectedDatacenter string) verifyWatchRequest { return genVerifyServiceSpecificRequest(expectedService, "", expectedDatacenter, false) } @@ -404,9 +414,11 @@ func TestState_WatchesAndUpdates(t *testing.T) { dbUID = NewUpstreamIDFromServiceName(db) pqUID = UpstreamIDFromString("prepared_query:query") extApiUID = NewUpstreamIDFromServiceName(apiA) + extDBUID = NewUpstreamIDFromServiceName(db) ) // TODO(peering): NewUpstreamIDFromServiceName should take a PeerName extApiUID.Peer = "peer-a" + extDBUID.Peer = "peer-a" const peerTrustDomain = "1c053652-8512-4373-90cf-5a7f6263a994.consul" @@ -2509,6 +2521,253 @@ func TestState_WatchesAndUpdates(t *testing.T) { }, }, }, + "transparent-proxy-initial-with-peers": { + ns: structs.NodeService{ + Kind: structs.ServiceKindConnectProxy, + ID: "api-proxy", + Service: "api-proxy", + Address: "10.0.1.1", + Proxy: structs.ConnectProxyConfig{ + DestinationServiceName: "api", + Mode: structs.ProxyModeTransparent, + Upstreams: structs.Upstreams{ + { + DestinationName: "api-a", + DestinationPeer: "peer-a", + }, + }, + }, + }, + sourceDC: "dc1", + stages: []verificationStage{ + { + requiredWatches: map[string]verifyWatchRequest{ + peeringTrustBundlesWatchID: genVerifyTrustBundleListWatch("api"), + peeredUpstreamsID: genVerifyPartitionSpecificRequest(acl.DefaultEnterpriseMeta().PartitionOrDefault(), "dc1"), + meshConfigEntryID: genVerifyMeshConfigWatch("dc1"), + rootsWatchID: genVerifyDCSpecificWatch("dc1"), + leafWatchID: genVerifyLeafWatch("api", "dc1"), + }, + verifySnapshot: func(t testing.TB, snap *ConfigSnapshot) { + require.False(t, snap.Valid(), "proxy without roots/leaf/intentions is not valid") + require.True(t, snap.MeshGateway.isEmpty()) + require.True(t, snap.IngressGateway.isEmpty()) + require.True(t, snap.TerminatingGateway.isEmpty()) + + require.False(t, snap.ConnectProxy.isEmpty()) + + // This is explicitly defined from proxy config + expectUpstreams := map[UpstreamID]*structs.Upstream{ + extApiUID: { + DestinationName: "api-a", + DestinationNamespace: structs.IntentionDefaultNamespace, + DestinationPartition: structs.IntentionDefaultNamespace, + DestinationPeer: "peer-a", + }, + } + require.Equal(t, expectUpstreams, snap.ConnectProxy.UpstreamConfig) + }, + }, + { + // Initial events + events: []UpdateEvent{ + rootWatchEvent(), + { + CorrelationID: leafWatchID, + Result: issuedCert, + Err: nil, + }, + { + CorrelationID: intentionsWatchID, + Result: TestIntentions(), + Err: nil, + }, + { + CorrelationID: peeringTrustBundlesWatchID, + Result: peerTrustBundles, + }, + { + CorrelationID: peeredUpstreamsID, + Result: &structs.IndexedPeeredServiceList{ + Services: []structs.PeeredServiceName{ + { + ServiceName: apiA, + Peer: "peer-a", + }, + { + // This service is dynamic (not from static config) + ServiceName: db, + Peer: "peer-a", + }, + }, + }, + }, + { + CorrelationID: meshConfigEntryID, + Result: &structs.ConfigEntryResponse{ + Entry: nil, // no explicit config + }, + Err: nil, + }, + }, + verifySnapshot: func(t testing.TB, snap *ConfigSnapshot) { + require.True(t, snap.Valid(), "proxy with roots/leaf/intentions is valid") + require.Equal(t, indexedRoots, snap.Roots) + require.Equal(t, issuedCert, snap.Leaf()) + require.True(t, snap.MeshGateway.isEmpty()) + require.True(t, snap.IngressGateway.isEmpty()) + require.True(t, snap.TerminatingGateway.isEmpty()) + require.True(t, snap.ConnectProxy.MeshConfigSet) + require.Nil(t, snap.ConnectProxy.MeshConfig) + + // Check PeeredUpstream is populated + expect := map[UpstreamID]struct{}{ + extDBUID: {}, + extApiUID: {}, + } + require.Equal(t, expect, snap.ConnectProxy.PeeredUpstreams) + + require.True(t, snap.ConnectProxy.PeerUpstreamEndpoints.IsWatched(extApiUID)) + _, ok := snap.ConnectProxy.PeerUpstreamEndpoints.Get(extApiUID) + require.False(t, ok, "expected initialized but empty PeerUpstreamEndpoint") + + require.True(t, snap.ConnectProxy.PeerUpstreamEndpoints.IsWatched(extDBUID)) + _, ok = snap.ConnectProxy.PeerUpstreamEndpoints.Get(extDBUID) + require.False(t, ok, "expected initialized but empty PeerUpstreamEndpoint") + + require.True(t, snap.ConnectProxy.UpstreamPeerTrustBundles.IsWatched("peer-a")) + _, ok = snap.ConnectProxy.UpstreamPeerTrustBundles.Get("peer-a") + require.False(t, ok, "expected initialized but empty PeerTrustBundle") + }, + }, + { + // Peered upstream will have set up 3 more watches + requiredWatches: map[string]verifyWatchRequest{ + upstreamPeerWatchIDPrefix + extApiUID.String(): genVerifyServiceSpecificPeeredRequest("api-a", "", "dc1", "peer-a", true), + upstreamPeerWatchIDPrefix + extDBUID.String(): genVerifyServiceSpecificPeeredRequest("db", "", "dc1", "peer-a", true), + peerTrustBundleIDPrefix + "peer-a": genVerifyTrustBundleReadWatch("peer-a"), + }, + events: []UpdateEvent{ + { + CorrelationID: peerTrustBundleIDPrefix + "peer-a", + Result: &pbpeering.TrustBundleReadResponse{ + Bundle: peerTrustBundles.Bundles[0], + }, + }, + }, + verifySnapshot: func(t testing.TB, snap *ConfigSnapshot) { + require.True(t, snap.Valid(), "proxy with roots/leaf/intentions is valid") + require.Equal(t, indexedRoots, snap.Roots) + require.Equal(t, issuedCert, snap.Leaf()) + require.True(t, snap.MeshGateway.isEmpty()) + require.True(t, snap.IngressGateway.isEmpty()) + require.True(t, snap.TerminatingGateway.isEmpty()) + require.True(t, snap.ConnectProxy.MeshConfigSet) + require.Nil(t, snap.ConnectProxy.MeshConfig) + + // Check PeeredUpstream is populated + expect := map[UpstreamID]struct{}{ + extDBUID: {}, + extApiUID: {}, + } + require.Equal(t, expect, snap.ConnectProxy.PeeredUpstreams) + + // Expect two entries (DB and api-a) + require.Equal(t, 2, snap.ConnectProxy.PeerUpstreamEndpoints.Len()) + + // db does not have endpoints yet + ep, _ := snap.ConnectProxy.PeerUpstreamEndpoints.Get(extDBUID) + require.Nil(t, ep) + + // Expect a trust bundle + ptb, ok := snap.ConnectProxy.UpstreamPeerTrustBundles.Get("peer-a") + require.True(t, ok) + prototest.AssertDeepEqual(t, peerTrustBundles.Bundles[0], ptb) + + // Sanity check that local upstream maps are not populated + require.Empty(t, snap.ConnectProxy.WatchedUpstreamEndpoints[extDBUID]) + require.Empty(t, snap.ConnectProxy.PassthroughUpstreams[extDBUID]) + require.Empty(t, snap.ConnectProxy.PassthroughIndices) + }, + }, + { + // Add another instance of "api-a" service + events: []UpdateEvent{ + { + CorrelationID: upstreamPeerWatchIDPrefix + extDBUID.String(), + Result: &structs.IndexedCheckServiceNodes{ + Nodes: structs.CheckServiceNodes{ + { + Node: &structs.Node{ + Node: "node1", + Address: "127.0.0.1", + PeerName: "peer-a", + }, + Service: &structs.NodeService{ + ID: "db", + Service: "db", + PeerName: "peer-a", + Connect: structs.ServiceConnect{}, + }, + }, + }, + }, + }, + }, + verifySnapshot: func(t testing.TB, snap *ConfigSnapshot) { + require.True(t, snap.Valid(), "proxy with roots/leaf/intentions is valid") + + // Check PeeredUpstream is populated + expect := map[UpstreamID]struct{}{ + extApiUID: {}, + extDBUID: {}, + } + require.Equal(t, expect, snap.ConnectProxy.PeeredUpstreams) + + // Expect two entries (api-a, db) + require.Equal(t, 2, snap.ConnectProxy.PeerUpstreamEndpoints.Len()) + + // db has an endpoint now + ep, _ := snap.ConnectProxy.PeerUpstreamEndpoints.Get(extDBUID) + require.NotNil(t, ep) + require.Len(t, ep, 1) + + // Expect a trust bundle + ptb, ok := snap.ConnectProxy.UpstreamPeerTrustBundles.Get("peer-a") + require.True(t, ok) + prototest.AssertDeepEqual(t, peerTrustBundles.Bundles[0], ptb) + + // Sanity check that local upstream maps are not populated + require.Empty(t, snap.ConnectProxy.WatchedUpstreamEndpoints[extDBUID]) + require.Empty(t, snap.ConnectProxy.PassthroughUpstreams[extDBUID]) + require.Empty(t, snap.ConnectProxy.PassthroughIndices) + }, + }, + { + // Empty list of peered upstreams should clean up map keys + events: []UpdateEvent{ + { + CorrelationID: peeredUpstreamsID, + Result: &structs.IndexedPeeredServiceList{ + Services: []structs.PeeredServiceName{}, + }, + }, + }, + verifySnapshot: func(t testing.TB, snap *ConfigSnapshot) { + require.True(t, snap.Valid(), "proxy with roots/leaf/intentions is valid") + + require.Empty(t, snap.ConnectProxy.PeeredUpstreams) + + // db endpoint should have been cleaned up + require.False(t, snap.ConnectProxy.PeerUpstreamEndpoints.IsWatched(extDBUID)) + + // Expect only api-a endpoint + require.Equal(t, 1, snap.ConnectProxy.PeerUpstreamEndpoints.Len()) + require.Equal(t, 1, snap.ConnectProxy.UpstreamPeerTrustBundles.Len()) + }, + }, + }, + }, "connect-proxy": newConnectProxyCase(structs.MeshGatewayModeDefault), "connect-proxy-mesh-gateway-local": newConnectProxyCase(structs.MeshGatewayModeLocal), "connect-proxy-with-peers": { @@ -2564,10 +2823,15 @@ func TestState_WatchesAndUpdates(t *testing.T) { require.Len(t, snap.ConnectProxy.WatchedGateways, 0, "%+v", snap.ConnectProxy.WatchedGateways) require.Len(t, snap.ConnectProxy.WatchedGatewayEndpoints, 0, "%+v", snap.ConnectProxy.WatchedGatewayEndpoints) - require.Contains(t, snap.ConnectProxy.WatchedUpstreamPeerTrustBundles, "peer-a", "%+v", snap.ConnectProxy.WatchedUpstreamPeerTrustBundles) - require.Len(t, snap.ConnectProxy.UpstreamPeerTrustBundles, 0, "%+v", snap.ConnectProxy.UpstreamPeerTrustBundles) + // watch initialized + require.True(t, snap.ConnectProxy.UpstreamPeerTrustBundles.IsWatched("peer-a")) + _, ok := snap.ConnectProxy.UpstreamPeerTrustBundles.Get("peer-a") + require.False(t, ok) // but no data - require.Len(t, snap.ConnectProxy.PeerUpstreamEndpoints, 0, "%+v", snap.ConnectProxy.PeerUpstreamEndpoints) + // watch initialized + require.True(t, snap.ConnectProxy.PeerUpstreamEndpoints.IsWatched(extApiUID)) + _, ok = snap.ConnectProxy.PeerUpstreamEndpoints.Get(extApiUID) + require.False(t, ok) // but no data require.Len(t, snap.ConnectProxy.WatchedServiceChecks, 0, "%+v", snap.ConnectProxy.WatchedServiceChecks) require.Len(t, snap.ConnectProxy.PreparedQueryEndpoints, 0, "%+v", snap.ConnectProxy.PreparedQueryEndpoints) @@ -2655,11 +2919,13 @@ func TestState_WatchesAndUpdates(t *testing.T) { require.Len(t, snap.ConnectProxy.WatchedGateways, 1, "%+v", snap.ConnectProxy.WatchedGateways) require.Len(t, snap.ConnectProxy.WatchedGatewayEndpoints, 1, "%+v", snap.ConnectProxy.WatchedGatewayEndpoints) - require.Contains(t, snap.ConnectProxy.WatchedUpstreamPeerTrustBundles, "peer-a", "%+v", snap.ConnectProxy.WatchedUpstreamPeerTrustBundles) - require.Equal(t, peerTrustBundles.Bundles[0], snap.ConnectProxy.UpstreamPeerTrustBundles["peer-a"], "%+v", snap.ConnectProxy.WatchedUpstreamPeerTrustBundles) + tb, ok := snap.ConnectProxy.UpstreamPeerTrustBundles.Get("peer-a") + require.True(t, ok) + prototest.AssertDeepEqual(t, peerTrustBundles.Bundles[0], tb) - require.Len(t, snap.ConnectProxy.PeerUpstreamEndpoints, 1, "%+v", snap.ConnectProxy.PeerUpstreamEndpoints) - require.NotNil(t, snap.ConnectProxy.PeerUpstreamEndpoints[extApiUID]) + require.Equal(t, 1, snap.ConnectProxy.PeerUpstreamEndpoints.Len()) + ep, _ := snap.ConnectProxy.PeerUpstreamEndpoints.Get(extApiUID) + require.NotNil(t, ep) require.Len(t, snap.ConnectProxy.WatchedServiceChecks, 0, "%+v", snap.ConnectProxy.WatchedServiceChecks) require.Len(t, snap.ConnectProxy.PreparedQueryEndpoints, 0, "%+v", snap.ConnectProxy.PreparedQueryEndpoints) diff --git a/agent/proxycfg/testing.go b/agent/proxycfg/testing.go index c30435e37..744c17e18 100644 --- a/agent/proxycfg/testing.go +++ b/agent/proxycfg/testing.go @@ -745,6 +745,7 @@ func testConfigSnapshotFixture( IntentionUpstreams: &noopDataSource[*structs.ServiceSpecificRequest]{}, InternalServiceDump: &noopDataSource[*structs.ServiceDumpRequest]{}, LeafCertificate: &noopDataSource[*cachetype.ConnectCALeafRequest]{}, + PeeredUpstreams: &noopDataSource[*structs.PartitionSpecificRequest]{}, PreparedQuery: &noopDataSource[*structs.PreparedQueryExecuteRequest]{}, ResolvedServiceConfig: &noopDataSource[*structs.ServiceConfigRequest]{}, ServiceList: &noopDataSource[*structs.DCSpecificRequest]{}, @@ -971,6 +972,7 @@ type TestDataSources struct { IntentionUpstreams *TestDataSource[*structs.ServiceSpecificRequest, *structs.IndexedServiceList] InternalServiceDump *TestDataSource[*structs.ServiceDumpRequest, *structs.IndexedNodesWithGateways] LeafCertificate *TestDataSource[*cachetype.ConnectCALeafRequest, *structs.IssuedCert] + PeeredUpstreams *TestDataSource[*structs.PartitionSpecificRequest, *structs.IndexedPeeredServiceList] PreparedQuery *TestDataSource[*structs.PreparedQueryExecuteRequest, *structs.PreparedQueryExecuteResponse] ResolvedServiceConfig *TestDataSource[*structs.ServiceConfigRequest, *structs.ServiceConfigResponse] ServiceList *TestDataSource[*structs.DCSpecificRequest, *structs.IndexedServiceList] @@ -994,6 +996,7 @@ func (t *TestDataSources) ToDataSources() DataSources { IntentionUpstreams: t.IntentionUpstreams, InternalServiceDump: t.InternalServiceDump, LeafCertificate: t.LeafCertificate, + PeeredUpstreams: t.PeeredUpstreams, PreparedQuery: t.PreparedQuery, ResolvedServiceConfig: t.ResolvedServiceConfig, ServiceList: t.ServiceList, diff --git a/agent/proxycfg/upstreams.go b/agent/proxycfg/upstreams.go index 1f1251c42..4f41d7908 100644 --- a/agent/proxycfg/upstreams.go +++ b/agent/proxycfg/upstreams.go @@ -103,19 +103,15 @@ func (s *handlerUpstreams) handleUpdateUpstreams(ctx context.Context, u UpdateEv resp.Nodes, ) if len(filteredNodes) > 0 { - upstreamsSnapshot.PeerUpstreamEndpoints[uid] = filteredNodes - upstreamsSnapshot.PeerUpstreamEndpointsUseHostnames[uid] = struct{}{} + if set := upstreamsSnapshot.PeerUpstreamEndpoints.Set(uid, filteredNodes); set { + upstreamsSnapshot.PeerUpstreamEndpointsUseHostnames[uid] = struct{}{} + } } else { - upstreamsSnapshot.PeerUpstreamEndpoints[uid] = resp.Nodes - delete(upstreamsSnapshot.PeerUpstreamEndpointsUseHostnames, uid) + if set := upstreamsSnapshot.PeerUpstreamEndpoints.Set(uid, resp.Nodes); set { + delete(upstreamsSnapshot.PeerUpstreamEndpointsUseHostnames, uid) + } } - if s.kind != structs.ServiceKindConnectProxy || s.proxyCfg.Mode != structs.ProxyModeTransparent { - return nil - } - - s.logger.Warn("skipping transparent proxy update for peered upstream") - case strings.HasPrefix(u.CorrelationID, "upstream-target:"): resp, ok := u.Result.(*structs.IndexedCheckServiceNodes) if !ok { @@ -157,6 +153,10 @@ func (s *handlerUpstreams) handleUpdateUpstreams(ctx context.Context, u UpdateEv // Make sure to use an external address when crossing partition or DC boundaries. isRemote := !snap.Locality.Matches(node.Node.Datacenter, node.Node.PartitionOrDefault()) + // If node is peered it must be remote + if node.Node.PeerOrEmpty() != "" { + isRemote = true + } csnIdx, addr, _ := node.BestAddress(isRemote) existing := upstreamsSnapshot.PassthroughIndices[addr] diff --git a/agent/xds/clusters.go b/agent/xds/clusters.go index b00fcfeeb..0d5c14776 100644 --- a/agent/xds/clusters.go +++ b/agent/xds/clusters.go @@ -729,11 +729,12 @@ func (s *ResourceGenerator) makeUpstreamClusterForPeerService( }, } } else { + ep, _ := cfgSnap.ConnectProxy.PeerUpstreamEndpoints.Get(uid) configureClusterWithHostnames( s.Logger, c, "", /*TODO:make configurable?*/ - cfgSnap.ConnectProxy.PeerUpstreamEndpoints[uid], + ep, true, /*isRemote*/ false, /*onlyPassing*/ ) @@ -743,7 +744,8 @@ func (s *ResourceGenerator) makeUpstreamClusterForPeerService( rootPEMs := cfgSnap.RootPEMs() if uid.Peer != "" { - rootPEMs = cfgSnap.ConnectProxy.UpstreamPeerTrustBundles[uid.Peer].ConcatenatedRootPEMs() + tbs, _ := cfgSnap.ConnectProxy.UpstreamPeerTrustBundles.Get(uid.Peer) + rootPEMs = tbs.ConcatenatedRootPEMs() } // Enable TLS upstream with the configured client certificate. @@ -1077,13 +1079,9 @@ func (s *ResourceGenerator) makeUpstreamClustersForDiscoveryChain( } if configureTLS { - rootPEMs := cfgSnap.RootPEMs() - if uid.Peer != "" { - rootPEMs = cfgSnap.ConnectProxy.UpstreamPeerTrustBundles[uid.Peer].ConcatenatedRootPEMs() - } commonTLSContext := makeCommonTLSContext( cfgSnap.Leaf(), - rootPEMs, + cfgSnap.RootPEMs(), makeTLSParametersFromProxyTLSConfig(cfgSnap.MeshConfigTLSOutgoing()), ) diff --git a/agent/xds/endpoints.go b/agent/xds/endpoints.go index 53e550132..d305a85bd 100644 --- a/agent/xds/endpoints.go +++ b/agent/xds/endpoints.go @@ -47,7 +47,7 @@ func (s *ResourceGenerator) endpointsFromSnapshotConnectProxy(cfgSnap *proxycfg. // TODO: this estimate is wrong resources := make([]proto.Message, 0, len(cfgSnap.ConnectProxy.PreparedQueryEndpoints)+ - len(cfgSnap.ConnectProxy.PeerUpstreamEndpoints)+ + cfgSnap.ConnectProxy.PeerUpstreamEndpoints.Len()+ len(cfgSnap.ConnectProxy.WatchedUpstreamEndpoints)) // NOTE: Any time we skip a chain below we MUST also skip that discovery chain in clusters.go @@ -110,7 +110,7 @@ func (s *ResourceGenerator) endpointsFromSnapshotConnectProxy(cfgSnap *proxycfg. continue } - endpoints, ok := cfgSnap.ConnectProxy.PeerUpstreamEndpoints[uid] + endpoints, ok := cfgSnap.ConnectProxy.PeerUpstreamEndpoints.Get(uid) if ok { la := makeLoadAssignment( clusterName, From d12b3d286ea27368af7ce21c5c0a97a2f2fbdc92 Mon Sep 17 00:00:00 2001 From: "Chris S. Kim" Date: Wed, 13 Jul 2022 16:12:01 -0400 Subject: [PATCH 736/785] Check if an upstream is implicit from either intentions or peered services --- agent/proxycfg/snapshot.go | 6 ++++++ agent/proxycfg/upstreams.go | 3 ++- agent/xds/clusters.go | 8 ++++---- agent/xds/endpoints.go | 8 ++++---- agent/xds/listeners.go | 8 ++++---- agent/xds/routes.go | 3 ++- 6 files changed, 22 insertions(+), 14 deletions(-) diff --git a/agent/proxycfg/snapshot.go b/agent/proxycfg/snapshot.go index 3835c2a01..6a02aad1e 100644 --- a/agent/proxycfg/snapshot.go +++ b/agent/proxycfg/snapshot.go @@ -170,6 +170,12 @@ func (c *configSnapshotConnectProxy) isEmpty() bool { len(c.PeerUpstreamEndpointsUseHostnames) == 0 } +func (c *configSnapshotConnectProxy) IsImplicitUpstream(uid UpstreamID) bool { + _, intentionImplicit := c.IntentionUpstreams[uid] + _, peeringImplicit := c.PeeredUpstreams[uid] + return intentionImplicit || peeringImplicit +} + type configSnapshotTerminatingGateway struct { MeshConfig *structs.MeshConfigEntry MeshConfigSet bool diff --git a/agent/proxycfg/upstreams.go b/agent/proxycfg/upstreams.go index 4f41d7908..a47510543 100644 --- a/agent/proxycfg/upstreams.go +++ b/agent/proxycfg/upstreams.go @@ -71,7 +71,8 @@ func (s *handlerUpstreams) handleUpdateUpstreams(ctx context.Context, u UpdateEv case structs.ServiceKindConnectProxy: explicit := snap.ConnectProxy.UpstreamConfig[uid].HasLocalPortOrSocket() - if _, implicit := snap.ConnectProxy.IntentionUpstreams[uid]; !implicit && !explicit { + implicit := snap.ConnectProxy.IsImplicitUpstream(uid) + if !implicit && !explicit { // Discovery chain is not associated with a known explicit or implicit upstream so it is purged/skipped. // The associated watch was likely cancelled. delete(upstreamsSnapshot.DiscoveryChain, uid) diff --git a/agent/xds/clusters.go b/agent/xds/clusters.go index 0d5c14776..b4f4eea39 100644 --- a/agent/xds/clusters.go +++ b/agent/xds/clusters.go @@ -98,7 +98,8 @@ func (s *ResourceGenerator) clustersFromSnapshotConnectProxy(cfgSnap *proxycfg.C upstream := cfgSnap.ConnectProxy.UpstreamConfig[uid] explicit := upstream.HasLocalPortOrSocket() - if _, implicit := cfgSnap.ConnectProxy.IntentionUpstreams[uid]; !implicit && !explicit { + implicit := cfgSnap.ConnectProxy.IsImplicitUpstream(uid) + if !implicit && !explicit { // Discovery chain is not associated with a known explicit or implicit upstream so it is skipped. continue } @@ -129,13 +130,12 @@ func (s *ResourceGenerator) clustersFromSnapshotConnectProxy(cfgSnap *proxycfg.C // NOTE: Any time we skip an upstream below we MUST also skip that same // upstream in endpoints.go so that the sets of endpoints generated matches // the sets of clusters. - // - // TODO(peering): make this work for tproxy for _, uid := range cfgSnap.ConnectProxy.PeeredUpstreamIDs() { upstreamCfg := cfgSnap.ConnectProxy.UpstreamConfig[uid] explicit := upstreamCfg.HasLocalPortOrSocket() - if _, implicit := cfgSnap.ConnectProxy.IntentionUpstreams[uid]; !implicit && !explicit { + implicit := cfgSnap.ConnectProxy.IsImplicitUpstream(uid) + if !implicit && !explicit { // Not associated with a known explicit or implicit upstream so it is skipped. continue } diff --git a/agent/xds/endpoints.go b/agent/xds/endpoints.go index d305a85bd..2538914dd 100644 --- a/agent/xds/endpoints.go +++ b/agent/xds/endpoints.go @@ -56,7 +56,8 @@ func (s *ResourceGenerator) endpointsFromSnapshotConnectProxy(cfgSnap *proxycfg. upstream := cfgSnap.ConnectProxy.UpstreamConfig[uid] explicit := upstream.HasLocalPortOrSocket() - if _, implicit := cfgSnap.ConnectProxy.IntentionUpstreams[uid]; !implicit && !explicit { + implicit := cfgSnap.ConnectProxy.IsImplicitUpstream(uid) + if !implicit && !explicit { // Discovery chain is not associated with a known explicit or implicit upstream so it is skipped. continue } @@ -84,13 +85,12 @@ func (s *ResourceGenerator) endpointsFromSnapshotConnectProxy(cfgSnap *proxycfg. // NOTE: Any time we skip an upstream below we MUST also skip that same // upstream in clusters.go so that the sets of endpoints generated matches // the sets of clusters. - // - // TODO(peering): make this work for tproxy for _, uid := range cfgSnap.ConnectProxy.PeeredUpstreamIDs() { upstreamCfg := cfgSnap.ConnectProxy.UpstreamConfig[uid] explicit := upstreamCfg.HasLocalPortOrSocket() - if _, implicit := cfgSnap.ConnectProxy.IntentionUpstreams[uid]; !implicit && !explicit { + implicit := cfgSnap.ConnectProxy.IsImplicitUpstream(uid) + if !implicit && !explicit { // Not associated with a known explicit or implicit upstream so it is skipped. continue } diff --git a/agent/xds/listeners.go b/agent/xds/listeners.go index 1bf8e4e6c..2f3650aa7 100644 --- a/agent/xds/listeners.go +++ b/agent/xds/listeners.go @@ -110,7 +110,8 @@ func (s *ResourceGenerator) listenersFromSnapshotConnectProxy(cfgSnap *proxycfg. upstreamCfg := cfgSnap.ConnectProxy.UpstreamConfig[uid] explicit := upstreamCfg.HasLocalPortOrSocket() - if _, implicit := cfgSnap.ConnectProxy.IntentionUpstreams[uid]; !implicit && !explicit { + implicit := cfgSnap.ConnectProxy.IsImplicitUpstream(uid) + if !implicit && !explicit { // Discovery chain is not associated with a known explicit or implicit upstream so it is skipped. continue } @@ -228,13 +229,12 @@ func (s *ResourceGenerator) listenersFromSnapshotConnectProxy(cfgSnap *proxycfg. // Looping over explicit upstreams is only needed for cross-peer because // they do not have discovery chains. - // - // TODO(peering): make this work for tproxy for _, uid := range cfgSnap.ConnectProxy.PeeredUpstreamIDs() { upstreamCfg := cfgSnap.ConnectProxy.UpstreamConfig[uid] explicit := upstreamCfg.HasLocalPortOrSocket() - if _, implicit := cfgSnap.ConnectProxy.IntentionUpstreams[uid]; !implicit && !explicit { + implicit := cfgSnap.ConnectProxy.IsImplicitUpstream(uid) + if !implicit && !explicit { // Not associated with a known explicit or implicit upstream so it is skipped. continue } diff --git a/agent/xds/routes.go b/agent/xds/routes.go index 6f9e2214c..6faa1fa67 100644 --- a/agent/xds/routes.go +++ b/agent/xds/routes.go @@ -50,7 +50,8 @@ func (s *ResourceGenerator) routesForConnectProxy(cfgSnap *proxycfg.ConfigSnapsh } explicit := cfgSnap.ConnectProxy.UpstreamConfig[uid].HasLocalPortOrSocket() - if _, implicit := cfgSnap.ConnectProxy.IntentionUpstreams[uid]; !implicit && !explicit { + implicit := cfgSnap.ConnectProxy.IsImplicitUpstream(uid) + if !implicit && !explicit { // Discovery chain is not associated with a known explicit or implicit upstream so it is skipped. continue } From 276c834c6a4e06ce01fa052ad13a2850fcdf0843 Mon Sep 17 00:00:00 2001 From: Evan Culver Date: Wed, 13 Jul 2022 18:23:53 -0700 Subject: [PATCH 737/785] Add changelog entries from latest releases (#13746) --- CHANGELOG.md | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index f9f3c9f38..d77193026 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,41 @@ +## 1.12.3 (July 13, 2022) + +IMPROVEMENTS: + +* Support Vault namespaces in Connect CA by adding RootPKINamespace and +IntermediatePKINamespace fields to the config. [[GH-12904](https://github.com/hashicorp/consul/issues/12904)] +* connect: Update Envoy support matrix to latest patch releases (1.22.2, 1.21.3, 1.20.4, 1.19.5) [[GH-13431](https://github.com/hashicorp/consul/issues/13431)] +* dns: Added support for specifying admin partition in node lookups. [[GH-13421](https://github.com/hashicorp/consul/issues/13421)] +* telemetry: Added a `consul.server.isLeader` metric to track if a server is a leader or not. [[GH-13304](https://github.com/hashicorp/consul/issues/13304)] + +BUG FIXES: + +* agent: Fixed a bug in HTTP handlers where URLs were being decoded twice [[GH-13256](https://github.com/hashicorp/consul/issues/13256)] +* deps: Update go-grpc/grpc, resolving connection memory leak [[GH-13051](https://github.com/hashicorp/consul/issues/13051)] +* fix a bug that caused an error when creating `grpc` or `http2` ingress gateway listeners with multiple services [[GH-13127](https://github.com/hashicorp/consul/issues/13127)] +* ui: Fix incorrect text on certain page empty states [[GH-13409](https://github.com/hashicorp/consul/issues/13409)] +* xds: Fix a bug that resulted in Lambda services not using the payload-passthrough option as expected. [[GH-13607](https://github.com/hashicorp/consul/issues/13607)] +* xds: Fix a bug where terminating gateway upstream clusters weren't configured properly when the service protocol was `http2`. [[GH-13699](https://github.com/hashicorp/consul/issues/13699)] + +## 1.11.7 (July 13, 2022) + +IMPROVEMENTS: + +* connect: Update supported Envoy versions to 1.20.4, 1.19.5, 1.18.6, 1.17.4 [[GH-13434](https://github.com/hashicorp/consul/issues/13434)] + +BUG FIXES: + +* agent: Fixed a bug in HTTP handlers where URLs were being decoded twice [[GH-13265](https://github.com/hashicorp/consul/issues/13265)] +* fix a bug that caused an error when creating `grpc` or `http2` ingress gateway listeners with multiple services [[GH-13127](https://github.com/hashicorp/consul/issues/13127)] +* xds: Fix a bug where terminating gateway upstream clusters weren't configured properly when the service protocol was `http2`. [[GH-13699](https://github.com/hashicorp/consul/issues/13699)] + +## 1.10.12 (July 13, 2022) + +BUG FIXES: + +* agent: Fixed a bug in HTTP handlers where URLs were being decoded twice [[GH-13264](https://github.com/hashicorp/consul/issues/13264)] +* fix a bug that caused an error when creating `grpc` or `http2` ingress gateway listeners with multiple services [[GH-13127](https://github.com/hashicorp/consul/issues/13127)] + ## 1.13.0-alpha2 (June 21, 2022) IMPROVEMENTS: From 65eccb33cec1f63716d9e37de0e8e255e02b3ef8 Mon Sep 17 00:00:00 2001 From: John Cowen Date: Thu, 14 Jul 2022 09:30:07 +0100 Subject: [PATCH 738/785] ui: Make our old TabNav component easily usable with a state machine (#13705) * ui: Make our old TabNav component easily usable with a state machine * Add an event handler that receives an object --- .../app/components/tab-nav/README.mdx | 44 ++++++++++++++++--- .../app/components/tab-nav/index.hbs | 6 +++ 2 files changed, 44 insertions(+), 6 deletions(-) diff --git a/ui/packages/consul-ui/app/components/tab-nav/README.mdx b/ui/packages/consul-ui/app/components/tab-nav/README.mdx index 46fb498c5..49454df5d 100644 --- a/ui/packages/consul-ui/app/components/tab-nav/README.mdx +++ b/ui/packages/consul-ui/app/components/tab-nav/README.mdx @@ -11,14 +11,21 @@ Each item in the list should be a hash of `label`, `href` and `selected`. - `label`: The text to show - `href`: a href, probably generated via `href-to` - `selected`: whether the item is in the selected state or not, probably - generated via `is-href` + of the state to transition to. + +There are two similar event handlers, `@onclick` and `@onTabClick`. + +When using `@onclick`, the `item.label` is passed to the handler. When using +`@onTabClick` the entire 'item' is passed instead, therefore you can add +arbitrary properties to the 'item' to be used in the handler. + **Please note:** This component should probably be rebuilt using contextual -components, alternatively this could be hand built with native HTML using the -same `nav/ul/li/a` pattern and you could just use the CSS component to style -it. Unless there is a reason to do this, this component should be used pending -a refactor (please remove this note once refactored into contextual -components) +components, and real events. Alternatively this could be hand built with native +HTML using the same `nav/ul/li/a` pattern and you could just use the CSS +component to style it. Unless there is a reason to do this, this component +should be used pending a refactor (please remove this note once refactored into +contextual components) ```hbs preview-template
      @@ -36,6 +43,31 @@ components)
      ``` +A TabNav with using a `StateMachine.dispatch` + +```hbs +
      +
      A TabNav with using a StateMachine.dispatch
      + +
      +``` + ```css .tab-nav { @extend %tab-nav; diff --git a/ui/packages/consul-ui/app/components/tab-nav/index.hbs b/ui/packages/consul-ui/app/components/tab-nav/index.hbs index 818703e20..fc6da077b 100644 --- a/ui/packages/consul-ui/app/components/tab-nav/index.hbs +++ b/ui/packages/consul-ui/app/components/tab-nav/index.hbs @@ -36,6 +36,12 @@ as |select name|}} (noop) ) }} + {{on 'click' + (if @onTabClicked + (fn @onTabClicked item) + (noop) + ) + }} @href={{item.href}} > {{item.label}} From 6fce197908b7127bd167efd6f2d94b8330224a1c Mon Sep 17 00:00:00 2001 From: John Cowen Date: Thu, 14 Jul 2022 09:30:35 +0100 Subject: [PATCH 739/785] ui: Thread through data-source invalidate method (#13710) * ui: Thread through data-source invalidate method * Remove old invalidating state --- .../consul-ui/app/components/data-loader/README.mdx | 11 ++++++----- .../app/components/data-loader/chart.xstate.js | 6 ------ .../consul-ui/app/components/data-loader/index.hbs | 10 ++++++---- .../consul-ui/app/components/data-loader/index.js | 7 ------- .../consul-ui/app/components/data-source/README.mdx | 8 ++++++++ .../consul-ui/app/components/data-source/index.hbs | 1 + .../consul-ui/app/components/data-source/index.js | 4 +++- 7 files changed, 24 insertions(+), 23 deletions(-) diff --git a/ui/packages/consul-ui/app/components/data-loader/README.mdx b/ui/packages/consul-ui/app/components/data-loader/README.mdx index c2b6383e2..f9db81f24 100644 --- a/ui/packages/consul-ui/app/components/data-loader/README.mdx +++ b/ui/packages/consul-ui/app/components/data-loader/README.mdx @@ -48,12 +48,13 @@ as |loader|> | --- | --- | --- | --- | | `src` | `String` | | The source to subscribe to updates to, this should map to a string based URI | -## Exports +## Exported API -| Name | Description | -| --- | --- | -| `data` | The loaded dataset once any data has been loaded successfully | -| `error` | The error thrown if an error is encountered whilst loading data | +| Name | Type | Description | +| --- | --- | --- | +| `data` | `object` | The loaded dataset once any data has been loaded successfully | +| `error` | `Error` |The error thrown if an error is encountered whilst loading data | +| `invalidate` | `function` | Invalidate the data represented by the DataLoader, therefore forcing a re-request of data for the DataLoader | ## Slots diff --git a/ui/packages/consul-ui/app/components/data-loader/chart.xstate.js b/ui/packages/consul-ui/app/components/data-loader/chart.xstate.js index dde7c5349..94cc96131 100644 --- a/ui/packages/consul-ui/app/components/data-loader/chart.xstate.js +++ b/ui/packages/consul-ui/app/components/data-loader/chart.xstate.js @@ -17,15 +17,9 @@ export default { target: 'loading', }, ], - INVALIDATE: [ - { - target: 'invalidating', - }, - ], }, states: { load: {}, - invalidating: {}, loading: { on: { SUCCESS: { diff --git a/ui/packages/consul-ui/app/components/data-loader/index.hbs b/ui/packages/consul-ui/app/components/data-loader/index.hbs index 6f38827ab..6be3fd61c 100644 --- a/ui/packages/consul-ui/app/components/data-loader/index.hbs +++ b/ui/packages/consul-ui/app/components/data-loader/index.hbs @@ -7,7 +7,7 @@ {{#let (hash data=data error=error - invalidate=(action "invalidate") + invalidate=this.invalidate dispatchError=(queue (action (mut error) value="error.errors.firstObject") (action dispatch "ERROR")) ) as |api|}} @@ -17,7 +17,7 @@ {{! if we didn't specify any data}} {{#if (not items)}} {{! try and load the data if we aren't in an error state}} - + {{! but only if we only asked for a single load and we are in loading state}} {{#if (and src (or (not once) (state-matches state "loading")))}} + as |source|> + {{did-insert (set this 'invalidate' source.invalidate)}} + {{/if}} {{/if}} @@ -47,7 +49,7 @@ {{/yield-slot}} - + {{#if (not (eq error.status '401'))}} diff --git a/ui/packages/consul-ui/app/components/data-loader/index.js b/ui/packages/consul-ui/app/components/data-loader/index.js index 0039ba3d4..19967a12a 100644 --- a/ui/packages/consul-ui/app/components/data-loader/index.js +++ b/ui/packages/consul-ui/app/components/data-loader/index.js @@ -1,6 +1,5 @@ import Component from '@ember/component'; import { set } from '@ember/object'; -import { schedule } from '@ember/runloop'; import Slotted from 'block-slots'; import chart from './chart.xstate'; @@ -22,12 +21,6 @@ export default Component.extend(Slotted, { this.dispatch('LOAD'); }, actions: { - invalidate() { - this.dispatch('INVALIDATE'); - schedule('afterRender', () => { - this.dispatch('LOAD'); - }); - }, isLoaded: function() { return typeof this.items !== 'undefined' || typeof this.src === 'undefined'; }, diff --git a/ui/packages/consul-ui/app/components/data-source/README.mdx b/ui/packages/consul-ui/app/components/data-source/README.mdx index 559eff6bb..adc8fcba2 100644 --- a/ui/packages/consul-ui/app/components/data-source/README.mdx +++ b/ui/packages/consul-ui/app/components/data-source/README.mdx @@ -40,6 +40,14 @@ Please make sure you use the `uri` helper to specify src URIs, this ensures that | `onchange` | `Function` | | The action to fire when the data changes. Emits an Event-like object with a `data` property containing the data. | | `onerror` | `Function` | | The action to fire when an error occurs. Emits ErrorEvent object with an `error` property containing the Error. | +## Exported API + +| Name | Type | Description | +| --- | --- | --- | +| `data` | `object` | The loaded dataset once any data has been loaded successfully | +| `error` | `Error` |The error thrown if an error is encountered whilst loading data | +| `invalidate` | `function` | Invalidate the data represented by the datasource, therefore forcing a re-request of data for the DataSource | + The component takes a `src` or an identifier (a uri) for some data and then emits `onchange` events whenever that data changes. If an error occurs whilst listening for data changes, an `onerror` event is emitted. Setting `@loading="lazy"` uses `IntersectionObserver` to activate/deactive event emitting until the `` element is displayed in the DOM. This means you can use CSS `display: none|block;` to control the loading and stopping loading of data for usage with CSS based tabs and such-like. diff --git a/ui/packages/consul-ui/app/components/data-source/index.hbs b/ui/packages/consul-ui/app/components/data-source/index.hbs index de3b6c8de..d4b1e2613 100644 --- a/ui/packages/consul-ui/app/components/data-source/index.hbs +++ b/ui/packages/consul-ui/app/components/data-source/index.hbs @@ -17,6 +17,7 @@ {{yield (hash data=this.data error=this.error + invalidate=this.invalidate Source=(if this.data (component 'data-source' disabled=(not (eq this.error undefined))) '' diff --git a/ui/packages/consul-ui/app/components/data-source/index.js b/ui/packages/consul-ui/app/components/data-source/index.js index f854cc9f0..3d5d66ebd 100644 --- a/ui/packages/consul-ui/app/components/data-source/index.js +++ b/ui/packages/consul-ui/app/components/data-source/index.js @@ -1,3 +1,4 @@ +/* eslint no-console: ["error", { allow: ["debug"] }] */ import Component from '@glimmer/component'; import { inject as service } from '@ember/service'; import { tracked } from '@glimmer/tracking'; @@ -179,6 +180,7 @@ export default class DataSource extends Component { } } } + @action async invalidate() { this.source.readyState = 2; @@ -186,7 +188,7 @@ export default class DataSource extends Component { schedule('afterRender', () => { // TODO: Support lazy data-sources by keeping a reference to $el runInDebug(_ => - console.error( + console.debug( `Invalidation is only supported for non-lazy data sources. If you want to use this you should fixup support for lazy data sources` ) ); From 2b9250b00ba0aa44d670c5e1ca2d1435589bdc72 Mon Sep 17 00:00:00 2001 From: John Cowen Date: Thu, 14 Jul 2022 11:22:45 +0100 Subject: [PATCH 740/785] ui: Move peers to a subapplication (#13725) --- .circleci/config.yml | 2 +- ui/package.json | 2 +- .../consul/peer/address/list/index.hbs | 0 .../components/consul/peer/components.scss | 0 .../app/components/consul/peer/index.scss | 0 .../components/consul/peer/list/README.mdx | 0 .../app/components/consul/peer/list/index.hbs | 0 .../consul/peer/notifications/README.mdx | 0 .../consul/peer/notifications/index.hbs | 0 .../consul/peer/search-bar/README.mdx | 8 +++- .../consul/peer/search-bar/index.hbs | 2 +- .../consul/peer/search-bar/index.scss | 0 .../consul/peer/selector/README.mdx | 36 +++++++++++++++++ .../components/consul/peer/selector/index.hbs | 20 ++++++++++ .../app/templates/dc/peers/edit.hbs | 0 .../app/templates/dc/peers/edit/addresses.hbs | 0 .../app/templates/dc/peers/edit/index.hbs | 0 .../app/templates/dc/peers/index.hbs | 0 ui/packages/consul-peerings/package.json | 5 +++ .../vendor/consul-peerings/routes.js | 40 +++++++++++++++++++ .../vendor/consul-peerings/services.js | 9 +++++ ui/packages/consul-ui/.docfy-config.js | 6 +++ ui/packages/consul-ui/app/abilities/peer.js | 2 +- .../app/components/hashicorp-consul/index.hbs | 13 +++--- ui/packages/consul-ui/app/routes/dc/peers.js | 12 ------ .../consul-ui/app/routes/dc/peers/index.js | 16 -------- .../consul-ui/app/utils/get-environment.js | 8 ++-- ui/packages/consul-ui/config/environment.js | 5 ++- ui/packages/consul-ui/docs/bookmarklets.mdx | 2 +- ui/packages/consul-ui/ember-cli-build.js | 1 + .../lib/startup/templates/body.html.js | 5 +++ .../node-tests/config/environment.js | 7 ++-- ui/packages/consul-ui/package.json | 1 + .../consul-ui/vendor/consul-ui/routes.js | 18 --------- .../consul-ui/vendor/consul-ui/services.js | 3 ++ 35 files changed, 153 insertions(+), 70 deletions(-) rename ui/packages/{consul-ui => consul-peerings}/app/components/consul/peer/address/list/index.hbs (100%) rename ui/packages/{consul-ui => consul-peerings}/app/components/consul/peer/components.scss (100%) rename ui/packages/{consul-ui => consul-peerings}/app/components/consul/peer/index.scss (100%) rename ui/packages/{consul-ui => consul-peerings}/app/components/consul/peer/list/README.mdx (100%) rename ui/packages/{consul-ui => consul-peerings}/app/components/consul/peer/list/index.hbs (100%) rename ui/packages/{consul-ui => consul-peerings}/app/components/consul/peer/notifications/README.mdx (100%) rename ui/packages/{consul-ui => consul-peerings}/app/components/consul/peer/notifications/index.hbs (100%) rename ui/packages/{consul-ui => consul-peerings}/app/components/consul/peer/search-bar/README.mdx (80%) rename ui/packages/{consul-ui => consul-peerings}/app/components/consul/peer/search-bar/index.hbs (99%) rename ui/packages/{consul-ui => consul-peerings}/app/components/consul/peer/search-bar/index.scss (100%) create mode 100644 ui/packages/consul-peerings/app/components/consul/peer/selector/README.mdx create mode 100644 ui/packages/consul-peerings/app/components/consul/peer/selector/index.hbs rename ui/packages/{consul-ui => consul-peerings}/app/templates/dc/peers/edit.hbs (100%) rename ui/packages/{consul-ui => consul-peerings}/app/templates/dc/peers/edit/addresses.hbs (100%) rename ui/packages/{consul-ui => consul-peerings}/app/templates/dc/peers/edit/index.hbs (100%) rename ui/packages/{consul-ui => consul-peerings}/app/templates/dc/peers/index.hbs (100%) create mode 100644 ui/packages/consul-peerings/package.json create mode 100644 ui/packages/consul-peerings/vendor/consul-peerings/routes.js create mode 100644 ui/packages/consul-peerings/vendor/consul-peerings/services.js delete mode 100644 ui/packages/consul-ui/app/routes/dc/peers.js delete mode 100644 ui/packages/consul-ui/app/routes/dc/peers/index.js diff --git a/.circleci/config.yml b/.circleci/config.yml index 13ab71a29..a9c434b46 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -34,7 +34,7 @@ references: ember: &EMBER_IMAGE docker.mirror.hashicorp.services/circleci/node:14-browsers ubuntu: &UBUNTU_CI_IMAGE ubuntu-2004:202201-02 cache: - yarn: &YARN_CACHE_KEY consul-ui-v8-{{ checksum "ui/yarn.lock" }} + yarn: &YARN_CACHE_KEY consul-ui-v9-{{ checksum "ui/yarn.lock" }} steps: install-gotestsum: &install-gotestsum diff --git a/ui/package.json b/ui/package.json index edfb47355..1eb11e64f 100644 --- a/ui/package.json +++ b/ui/package.json @@ -11,7 +11,7 @@ "scripts": { "doc:toc": "doctoc README.md", "compliance": "npm-run-all compliance:*", - "compliance:licenses": "license-checker --summary --onlyAllow 'Python-2.0;Apache*;Apache License, Version 2.0;Apache-2.0;Apache 2.0;Artistic-2.0;BSD;BSD-3-Clause;CC-BY-3.0;CC-BY-4.0;CC0-1.0;ISC;MIT;MPL-2.0;Public Domain;Unicode-TOU;Unlicense;WTFPL' --excludePackages 'consul-ui@2.2.0;consul-acls@0.1.0;consul-lock-sessions@0.1.0;consul-partitions@0.1.0;consul-nspaces@0.1.0;consul-hcp@0.1.0'" + "compliance:licenses": "license-checker --summary --onlyAllow 'Python-2.0;Apache*;Apache License, Version 2.0;Apache-2.0;Apache 2.0;Artistic-2.0;BSD;BSD-3-Clause;CC-BY-3.0;CC-BY-4.0;CC0-1.0;ISC;MIT;MPL-2.0;Public Domain;Unicode-TOU;Unlicense;WTFPL' --excludePackages 'consul-ui@2.2.0;consul-acls@0.1.0;consul-lock-sessions@0.1.0;consul-partitions@0.1.0;consul-nspaces@0.1.0;consul-hcp@0.1.0;consul-peerings@0.1.0'" }, "devDependencies": { diff --git a/ui/packages/consul-ui/app/components/consul/peer/address/list/index.hbs b/ui/packages/consul-peerings/app/components/consul/peer/address/list/index.hbs similarity index 100% rename from ui/packages/consul-ui/app/components/consul/peer/address/list/index.hbs rename to ui/packages/consul-peerings/app/components/consul/peer/address/list/index.hbs diff --git a/ui/packages/consul-ui/app/components/consul/peer/components.scss b/ui/packages/consul-peerings/app/components/consul/peer/components.scss similarity index 100% rename from ui/packages/consul-ui/app/components/consul/peer/components.scss rename to ui/packages/consul-peerings/app/components/consul/peer/components.scss diff --git a/ui/packages/consul-ui/app/components/consul/peer/index.scss b/ui/packages/consul-peerings/app/components/consul/peer/index.scss similarity index 100% rename from ui/packages/consul-ui/app/components/consul/peer/index.scss rename to ui/packages/consul-peerings/app/components/consul/peer/index.scss diff --git a/ui/packages/consul-ui/app/components/consul/peer/list/README.mdx b/ui/packages/consul-peerings/app/components/consul/peer/list/README.mdx similarity index 100% rename from ui/packages/consul-ui/app/components/consul/peer/list/README.mdx rename to ui/packages/consul-peerings/app/components/consul/peer/list/README.mdx diff --git a/ui/packages/consul-ui/app/components/consul/peer/list/index.hbs b/ui/packages/consul-peerings/app/components/consul/peer/list/index.hbs similarity index 100% rename from ui/packages/consul-ui/app/components/consul/peer/list/index.hbs rename to ui/packages/consul-peerings/app/components/consul/peer/list/index.hbs diff --git a/ui/packages/consul-ui/app/components/consul/peer/notifications/README.mdx b/ui/packages/consul-peerings/app/components/consul/peer/notifications/README.mdx similarity index 100% rename from ui/packages/consul-ui/app/components/consul/peer/notifications/README.mdx rename to ui/packages/consul-peerings/app/components/consul/peer/notifications/README.mdx diff --git a/ui/packages/consul-ui/app/components/consul/peer/notifications/index.hbs b/ui/packages/consul-peerings/app/components/consul/peer/notifications/index.hbs similarity index 100% rename from ui/packages/consul-ui/app/components/consul/peer/notifications/index.hbs rename to ui/packages/consul-peerings/app/components/consul/peer/notifications/index.hbs diff --git a/ui/packages/consul-ui/app/components/consul/peer/search-bar/README.mdx b/ui/packages/consul-peerings/app/components/consul/peer/search-bar/README.mdx similarity index 80% rename from ui/packages/consul-ui/app/components/consul/peer/search-bar/README.mdx rename to ui/packages/consul-peerings/app/components/consul/peer/search-bar/README.mdx index 2171a91f5..02b3fecf5 100644 --- a/ui/packages/consul-ui/app/components/consul/peer/search-bar/README.mdx +++ b/ui/packages/consul-peerings/app/components/consul/peer/search-bar/README.mdx @@ -8,12 +8,16 @@ Searchbar tailored for searching Peers. Follows our more generic @search={{this.search}} @onsearch={{fn (mut this.search) value="target.value"}} - @sort={{hash - value='Name:asc' + @sort={{hash + value='State:asc' change=(noop) }} @filter={{hash + state=(hash + value=(array "PENDING") + change=(noop) + ) searchproperty=(hash value=(array) change=(noop) diff --git a/ui/packages/consul-ui/app/components/consul/peer/search-bar/index.hbs b/ui/packages/consul-peerings/app/components/consul/peer/search-bar/index.hbs similarity index 99% rename from ui/packages/consul-ui/app/components/consul/peer/search-bar/index.hbs rename to ui/packages/consul-peerings/app/components/consul/peer/search-bar/index.hbs index b7fbf40ff..17e75f5cd 100644 --- a/ui/packages/consul-ui/app/components/consul/peer/search-bar/index.hbs +++ b/ui/packages/consul-peerings/app/components/consul/peer/search-bar/index.hbs @@ -81,7 +81,7 @@ as |key value|}} {{#each (get (require '/models/peer' - path='schema' + export='schema' from='/components/consul/peer/search-bar' ) 'State.allowedValues' diff --git a/ui/packages/consul-ui/app/components/consul/peer/search-bar/index.scss b/ui/packages/consul-peerings/app/components/consul/peer/search-bar/index.scss similarity index 100% rename from ui/packages/consul-ui/app/components/consul/peer/search-bar/index.scss rename to ui/packages/consul-peerings/app/components/consul/peer/search-bar/index.scss diff --git a/ui/packages/consul-peerings/app/components/consul/peer/selector/README.mdx b/ui/packages/consul-peerings/app/components/consul/peer/selector/README.mdx new file mode 100644 index 000000000..e84829690 --- /dev/null +++ b/ui/packages/consul-peerings/app/components/consul/peer/selector/README.mdx @@ -0,0 +1,36 @@ +# Consul::Peer::Selector + +A conditional, autoloading, menu component specifically for navigating to peers. + +Please note: + +- Currently at least, you must add this inside of a `
        ` element. +- For the moment, make sure you have enabled peers using developer debug + cookies. + +```hbs preview-template +
          + +
        +``` + + +## Arguments + +| Argument/Attribute | Type | Default | Description | +| --- | --- | --- | --- | +| `dc` | `object` | | The current datacenter | +| `nspace` | `string` | | The name of the current namespace | +| `partition` | `string` | | The name of the current partition | + +## See + +- [Template Source Code](./index.hbs) + +--- diff --git a/ui/packages/consul-peerings/app/components/consul/peer/selector/index.hbs b/ui/packages/consul-peerings/app/components/consul/peer/selector/index.hbs new file mode 100644 index 000000000..bccfb683b --- /dev/null +++ b/ui/packages/consul-peerings/app/components/consul/peer/selector/index.hbs @@ -0,0 +1,20 @@ + +
      • + + Peers + +
        • + diff --git a/ui/packages/consul-ui/app/templates/dc/peers/edit.hbs b/ui/packages/consul-peerings/app/templates/dc/peers/edit.hbs similarity index 100% rename from ui/packages/consul-ui/app/templates/dc/peers/edit.hbs rename to ui/packages/consul-peerings/app/templates/dc/peers/edit.hbs diff --git a/ui/packages/consul-ui/app/templates/dc/peers/edit/addresses.hbs b/ui/packages/consul-peerings/app/templates/dc/peers/edit/addresses.hbs similarity index 100% rename from ui/packages/consul-ui/app/templates/dc/peers/edit/addresses.hbs rename to ui/packages/consul-peerings/app/templates/dc/peers/edit/addresses.hbs diff --git a/ui/packages/consul-ui/app/templates/dc/peers/edit/index.hbs b/ui/packages/consul-peerings/app/templates/dc/peers/edit/index.hbs similarity index 100% rename from ui/packages/consul-ui/app/templates/dc/peers/edit/index.hbs rename to ui/packages/consul-peerings/app/templates/dc/peers/edit/index.hbs diff --git a/ui/packages/consul-ui/app/templates/dc/peers/index.hbs b/ui/packages/consul-peerings/app/templates/dc/peers/index.hbs similarity index 100% rename from ui/packages/consul-ui/app/templates/dc/peers/index.hbs rename to ui/packages/consul-peerings/app/templates/dc/peers/index.hbs diff --git a/ui/packages/consul-peerings/package.json b/ui/packages/consul-peerings/package.json new file mode 100644 index 000000000..458d78a6e --- /dev/null +++ b/ui/packages/consul-peerings/package.json @@ -0,0 +1,5 @@ +{ + "name": "consul-peerings", + "version": "0.1.0", + "private": true +} diff --git a/ui/packages/consul-peerings/vendor/consul-peerings/routes.js b/ui/packages/consul-peerings/vendor/consul-peerings/routes.js new file mode 100644 index 000000000..93b029ad3 --- /dev/null +++ b/ui/packages/consul-peerings/vendor/consul-peerings/routes.js @@ -0,0 +1,40 @@ +(routes => routes({ + dc: { + peers: { + _options: { + path: '/peers' + }, + index: { + _options: { + path: '/', + queryParams: { + sortBy: 'sort', + state: 'state', + searchproperty: { + as: 'searchproperty', + empty: [['Name']], + }, + search: { + as: 'filter', + replace: true, + }, + }, + }, + }, + edit: { + _options: { + path: '/:name' + }, + addresses: { + _options: { + path: '/addresses', + }, + }, + }, + }, + }, +}))( + (json, data = (typeof document !== 'undefined' ? document.currentScript.dataset : module.exports)) => { + data[`routes`] = JSON.stringify(json); + } +); diff --git a/ui/packages/consul-peerings/vendor/consul-peerings/services.js b/ui/packages/consul-peerings/vendor/consul-peerings/services.js new file mode 100644 index 000000000..c5e069acc --- /dev/null +++ b/ui/packages/consul-peerings/vendor/consul-peerings/services.js @@ -0,0 +1,9 @@ +(services => services({ + "component:consul/peer/selector": { + "class": "consul-ui/components/consul/peer/selector" + } +}))( + (json, data = (typeof document !== 'undefined' ? document.currentScript.dataset : module.exports)) => { + data[`services`] = JSON.stringify(json); + } +); diff --git a/ui/packages/consul-ui/.docfy-config.js b/ui/packages/consul-ui/.docfy-config.js index 323469c84..0e1f6838a 100644 --- a/ui/packages/consul-ui/.docfy-config.js +++ b/ui/packages/consul-ui/.docfy-config.js @@ -112,6 +112,12 @@ module.exports = { urlSchema: 'auto', urlPrefix: 'docs/consul-lock-sessions', }, + { + root: `${path.dirname(require.resolve('consul-peerings/package.json'))}/app/components`, + pattern: '**/README.mdx', + urlSchema: 'auto', + urlPrefix: 'docs/consul-peerings', + }, { root: `${path.dirname(require.resolve('consul-partitions/package.json'))}/app/components`, pattern: '**/README.mdx', diff --git a/ui/packages/consul-ui/app/abilities/peer.js b/ui/packages/consul-ui/app/abilities/peer.js index 8bac06945..28b913a3e 100644 --- a/ui/packages/consul-ui/app/abilities/peer.js +++ b/ui/packages/consul-ui/app/abilities/peer.js @@ -18,6 +18,6 @@ export default class PeerAbility extends BaseAbility { } get canUse() { - return this.env.var('CONSUL_PEERING_ENABLED'); + return this.env.var('CONSUL_PEERINGS_ENABLED'); } } diff --git a/ui/packages/consul-ui/app/components/hashicorp-consul/index.hbs b/ui/packages/consul-ui/app/components/hashicorp-consul/index.hbs index d19eadb3a..07296d4fe 100644 --- a/ui/packages/consul-ui/app/components/hashicorp-consul/index.hbs +++ b/ui/packages/consul-ui/app/components/hashicorp-consul/index.hbs @@ -146,14 +146,11 @@ @partition={{@partition}} @nspace={{@nspace}} /> - {{#if (can "use peers")}} -
      • - Organization -
        • -
      • - Peers -
        • - {{/if}} +
      diff --git a/ui/packages/consul-ui/app/routes/dc/peers.js b/ui/packages/consul-ui/app/routes/dc/peers.js deleted file mode 100644 index b09a9d4d0..000000000 --- a/ui/packages/consul-ui/app/routes/dc/peers.js +++ /dev/null @@ -1,12 +0,0 @@ -import { inject as service } from '@ember/service'; -import Route from '@ember/routing/route'; - -export default class PeersRoute extends Route { - @service abilities; - - beforeModel() { - if (!this.abilities.can('use peers')) { - this.transitionTo('dc.services.index'); - } - } -} diff --git a/ui/packages/consul-ui/app/routes/dc/peers/index.js b/ui/packages/consul-ui/app/routes/dc/peers/index.js deleted file mode 100644 index 5281a07f5..000000000 --- a/ui/packages/consul-ui/app/routes/dc/peers/index.js +++ /dev/null @@ -1,16 +0,0 @@ -import Route from 'consul-ui/routing/route'; - -export default class PeersRoute extends Route { - queryParams = { - sortBy: 'sort', - state: 'state', - searchproperty: { - as: 'searchproperty', - empty: [['Name']], - }, - search: { - as: 'filter', - replace: true, - }, - }; -} diff --git a/ui/packages/consul-ui/app/utils/get-environment.js b/ui/packages/consul-ui/app/utils/get-environment.js index d6dc699d6..fd3757fbf 100644 --- a/ui/packages/consul-ui/app/utils/get-environment.js +++ b/ui/packages/consul-ui/app/utils/get-environment.js @@ -124,7 +124,7 @@ export default function(config = {}, win = window, doc = document) { return typeof operatorConfig.PartitionsEnabled === 'undefined' ? false : operatorConfig.PartitionsEnabled; - case 'CONSUL_PEERING_ENABLED': + case 'CONSUL_PEERINGS_ENABLED': return typeof operatorConfig.PeeringEnabled === 'undefined' ? false : operatorConfig.PeeringEnabled; @@ -213,8 +213,8 @@ export default function(config = {}, win = window, doc = document) { case 'CONSUL_METRICS_PROXY_ENABLE': prev['CONSUL_METRICS_PROXY_ENABLED'] = !!JSON.parse(String(value).toLowerCase()); break; - case 'CONSUL_PEERING_ENABLE': - prev['CONSUL_PEERING_ENABLED'] = !!JSON.parse(String(value).toLowerCase()); + case 'CONSUL_PEERINGS_ENABLE': + prev['CONSUL_PEERINGS_ENABLED'] = !!JSON.parse(String(value).toLowerCase()); break; case 'CONSUL_UI_CONFIG': prev['CONSUL_UI_CONFIG'] = JSON.parse(value); @@ -248,7 +248,7 @@ export default function(config = {}, win = window, doc = document) { case 'CONSUL_DATACENTER_PRIMARY': case 'CONSUL_ACLS_ENABLED': case 'CONSUL_NSPACES_ENABLED': - case 'CONSUL_PEERING_ENABLED': + case 'CONSUL_PEERINGS_ENABLED': case 'CONSUL_SSO_ENABLED': case 'CONSUL_PARTITIONS_ENABLED': case 'CONSUL_METRICS_PROVIDER': diff --git a/ui/packages/consul-ui/config/environment.js b/ui/packages/consul-ui/config/environment.js index b4b756271..a85b0093d 100644 --- a/ui/packages/consul-ui/config/environment.js +++ b/ui/packages/consul-ui/config/environment.js @@ -82,7 +82,7 @@ module.exports = function(environment, $ = process.env) { ACLsEnabled: false, NamespacesEnabled: false, SSOEnabled: false, - PeeringEnabled: env('CONSUL_PEERING_ENABLED', false), + PeeringEnabled: false, PartitionsEnabled: false, LocalDatacenter: env('CONSUL_DATACENTER_LOCAL', 'dc1'), PrimaryDatacenter: env('CONSUL_DATACENTER_PRIMARY', 'dc1'), @@ -107,7 +107,7 @@ module.exports = function(environment, $ = process.env) { NamespacesEnabled: env('CONSUL_NSPACES_ENABLED', false), SSOEnabled: env('CONSUL_SSO_ENABLED', false), // in testing peering feature is on by default - PeeringEnabled: env('CONSUL_PEERING_ENABLED', true), + PeeringEnabled: env('CONSUL_PEERINGS_ENABLED', true), PartitionsEnabled: env('CONSUL_PARTITIONS_ENABLED', false), LocalDatacenter: env('CONSUL_DATACENTER_LOCAL', 'dc1'), PrimaryDatacenter: env('CONSUL_DATACENTER_PRIMARY', 'dc1'), @@ -158,6 +158,7 @@ module.exports = function(environment, $ = process.env) { ACLsEnabled: env('CONSUL_ACLS_ENABLED', true), NamespacesEnabled: env('CONSUL_NSPACES_ENABLED', true), SSOEnabled: env('CONSUL_SSO_ENABLED', true), + PeeringEnabled: env('CONSUL_PEERINGS_ENABLED', true), PartitionsEnabled: env('CONSUL_PARTITIONS_ENABLED', true), LocalDatacenter: env('CONSUL_DATACENTER_LOCAL', 'dc1'), PrimaryDatacenter: env('CONSUL_DATACENTER_PRIMARY', 'dc1'), diff --git a/ui/packages/consul-ui/docs/bookmarklets.mdx b/ui/packages/consul-ui/docs/bookmarklets.mdx index 4da4cec68..0854dc633 100644 --- a/ui/packages/consul-ui/docs/bookmarklets.mdx +++ b/ui/packages/consul-ui/docs/bookmarklets.mdx @@ -12,7 +12,7 @@ Below is a list of the most commonly used functions as bookmarklets followed by | [Enable ACLs](javascript:Scenario('CONSUL_ACLS_ENABLE=1')) | Enable ACLs | | [Enable TProxy](javascript:Scenario('CONSUL_TPROXY_ENABLE=1')) | Enable TProxy | | [Enable Nspaces](javascript:Scenario('CONSUL_NSPACES_ENABLE=1')) | Enable Namespace Support | -| [Enable Peers](javascript:Scenario('CONSUL_PEERING_ENABLE=1')) | Enable Peers Support | +| [Enable Peers](javascript:Scenario('CONSUL_PEERINGS_ENABLE=1')) | Enable Peering Support | | [Enable Partitions](javascript:Scenario('CONSUL_PARTITIONS_ENABLE=1')) | Enable Admin Partition Support | | [Enable SSO](javascript:Scenario('CONSUL_SSO_ENABLE=1')) | Enable SSO Support | | [Enable Metrics](javascript:Scenario('CONSUL_METRICS_PROXY_ENABLE=1;CONSUL_METRICS_PROVIDER=prometheus')) | Enable all configuration required for viewing the full Metrics Visualization | diff --git a/ui/packages/consul-ui/ember-cli-build.js b/ui/packages/consul-ui/ember-cli-build.js index 8f2a92e15..576ea55ee 100644 --- a/ui/packages/consul-ui/ember-cli-build.js +++ b/ui/packages/consul-ui/ember-cli-build.js @@ -30,6 +30,7 @@ module.exports = function(defaults, $ = process.env) { 'consul-ui', 'consul-acls', 'consul-lock-sessions', + 'consul-peerings', 'consul-partitions', 'consul-nspaces', 'consul-hcp' diff --git a/ui/packages/consul-ui/lib/startup/templates/body.html.js b/ui/packages/consul-ui/lib/startup/templates/body.html.js index 0722a60d6..b4c46266e 100644 --- a/ui/packages/consul-ui/lib/startup/templates/body.html.js +++ b/ui/packages/consul-ui/lib/startup/templates/body.html.js @@ -59,6 +59,10 @@ ${ {{if .ACLsEnabled}} {{end}} +{{if .PeeringEnabled}} + + +{{end}} {{if .PartitionsEnabled}} @@ -87,6 +91,7 @@ ${ key => document.cookie.split('; ').find(item => item.startsWith(\`\${key}=\`)), { 'CONSUL_ACLS_ENABLE': 'consul-acls', + 'CONSUL_PEERINGS_ENABLE': 'consul-peerings', 'CONSUL_PARTITIONS_ENABLE': 'consul-partitions', 'CONSUL_NSPACES_ENABLE': 'consul-nspaces', 'CONSUL_HCP_ENABLE': 'consul-hcp' diff --git a/ui/packages/consul-ui/node-tests/config/environment.js b/ui/packages/consul-ui/node-tests/config/environment.js index 352444826..fc64faf94 100644 --- a/ui/packages/consul-ui/node-tests/config/environment.js +++ b/ui/packages/consul-ui/node-tests/config/environment.js @@ -20,8 +20,8 @@ test( ACLsEnabled: true, NamespacesEnabled: false, SSOEnabled: false, - PeeringEnabled: true, PartitionsEnabled: false, + PeeringEnabled: true, LocalDatacenter: 'dc1', PrimaryDatacenter: 'dc1', } @@ -36,8 +36,8 @@ test( ACLsEnabled: true, NamespacesEnabled: true, SSOEnabled: false, - PeeringEnabled: true, PartitionsEnabled: false, + PeeringEnabled: true, LocalDatacenter: 'dc1', PrimaryDatacenter: 'dc1', } @@ -52,8 +52,8 @@ test( ACLsEnabled: true, NamespacesEnabled: false, SSOEnabled: true, - PeeringEnabled: true, PartitionsEnabled: false, + PeeringEnabled: true, LocalDatacenter: 'dc1', PrimaryDatacenter: 'dc1', } @@ -66,6 +66,7 @@ test( NamespacesEnabled: true, SSOEnabled: true, PartitionsEnabled: true, + PeeringEnabled: true, LocalDatacenter: 'dc1', PrimaryDatacenter: 'dc1', } diff --git a/ui/packages/consul-ui/package.json b/ui/packages/consul-ui/package.json index e40b6fe28..e03887cab 100644 --- a/ui/packages/consul-ui/package.json +++ b/ui/packages/consul-ui/package.json @@ -82,6 +82,7 @@ "consul-hcp": "*", "consul-lock-sessions": "*", "consul-nspaces": "*", + "consul-peerings": "*", "consul-partitions": "*", "css.escape": "^1.5.1", "d3-array": "^2.8.0", diff --git a/ui/packages/consul-ui/vendor/consul-ui/routes.js b/ui/packages/consul-ui/vendor/consul-ui/routes.js index b8b20c60b..12552d42e 100644 --- a/ui/packages/consul-ui/vendor/consul-ui/routes.js +++ b/ui/packages/consul-ui/vendor/consul-ui/routes.js @@ -34,24 +34,6 @@ }, }, }, - peers: { - _options: { path: '/peers' }, - index: { - _options: { - path: '/', - }, - }, - edit: { - _options: { - path: '/:name' - }, - addresses: { - _options: { - path: '/addresses', - }, - }, - }, - }, services: { _options: { path: '/services' }, index: { diff --git a/ui/packages/consul-ui/vendor/consul-ui/services.js b/ui/packages/consul-ui/vendor/consul-ui/services.js index ff679e2d2..13f2f054b 100644 --- a/ui/packages/consul-ui/vendor/consul-ui/services.js +++ b/ui/packages/consul-ui/vendor/consul-ui/services.js @@ -15,6 +15,9 @@ 'component:consul/partition/selector': { class: '@glimmer/component', }, + 'component:consul/peer/selector': { + class: '@glimmer/component', + }, }))( ( json, From e29a43dc207c474b3692ff8900a8ace39c8f17c1 Mon Sep 17 00:00:00 2001 From: John Cowen Date: Thu, 14 Jul 2022 11:23:16 +0100 Subject: [PATCH 741/785] ui: Add additional API requests for peering establishment (#13734) --- .../consul-ui/app/services/repository/peer.js | 46 ++++++++++++++++++- 1 file changed, 45 insertions(+), 1 deletion(-) diff --git a/ui/packages/consul-ui/app/services/repository/peer.js b/ui/packages/consul-ui/app/services/repository/peer.js index fdd8b762f..1062ed2b6 100644 --- a/ui/packages/consul-ui/app/services/repository/peer.js +++ b/ui/packages/consul-ui/app/services/repository/peer.js @@ -7,6 +7,19 @@ export default class PeerService extends RepositoryService { return 'peer'; } + @dataSource('/:partition/:ns/:dc/peering/token-for/:name') + async fetchToken({dc, ns, partition, name}, configuration, request) { + return (await request` + POST /v1/peering/token + + ${{ + PeerName: name, + Datacenter: dc, + Partition: partition || undefined, + }} + `)((headers, body, cache) => body) + } + @dataSource('/:partition/:ns/:dc/peers') async fetchAll({ dc, ns, partition }, { uri }, request) { return (await request` @@ -71,10 +84,41 @@ export default class PeerService extends RepositoryService { }); } + async persist(item, request) { + // mark it as ESTABLISHING ourselves as the request is successful + // and we don't have blocking queries here to get immediate updates + return (await request` + POST /v1/peering/establish + + ${{ + PeerName: item.Name, + PeeringToken: item.PeeringToken, + Datacenter: item.Datacenter, + Partition: item.Partition || undefined, + }} + `)((headers, body, cache) => { + const partition = item.Partition; + const ns = item.Namespace; + const dc = item.Datacenter; + return { + meta: { + version: 2, + }, + body: cache( + { + ...item, + State: 'ESTABLISHING' + }, + uri => uri`peer:///${partition}/${ns}/${dc}/peer/${item.Name}` + ) + }; + }); + } + async remove(item, request) { // soft delete // we just return the item we want to delete - // but mark it as DELETING ourselves as the request is successfull + // but mark it as DELETING ourselves as the request is successful // and we don't have blocking queries here to get immediate updates return (await request` DELETE /v1/peering/${item.Name} From 9c0f2478b93d5f1f754c35eae3dd4d0a15d38cce Mon Sep 17 00:00:00 2001 From: Jared Kirschner Date: Fri, 1 Jul 2022 06:24:53 -0700 Subject: [PATCH 742/785] docs: add Envoy upgrade step to std upgrade docs --- website/content/docs/upgrading/index.mdx | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/website/content/docs/upgrading/index.mdx b/website/content/docs/upgrading/index.mdx index 08a79a8a0..e9a2a892c 100644 --- a/website/content/docs/upgrading/index.mdx +++ b/website/content/docs/upgrading/index.mdx @@ -34,15 +34,23 @@ Consul is A, and version B is released. there are no compatibility issues that will affect your workload. If there are plan accordingly before continuing. -2. On each server, install version B of Consul. +2. On each Consul server agent, install version B of Consul. -3. One server at a time, shut down version A via `consul leave` and restart with version B. Wait until - the server is healthy and has rejoined the cluster before moving on to the - next server. +3. One Consul server agent at a time, shut down version A via `consul leave` and restart with version B. Wait until + the server agent is healthy and has rejoined the cluster before moving on to the + next server agent. -4. Once all the servers are upgraded, begin a rollout of clients following +4. Once all the server agents are upgraded, begin a rollout of client agents following the same process. + -> **Upgrade Envoy proxies:** If a client agent has associated Envoy proxies (e.g., sidecars, gateways), + install a [compatible Envoy version](/docs/connect/proxies/envoy#supported-versions) + for Consul version B. + After stopping client agent version A, + stop its associated Envoy proxies. + After restarting the client agent with version B, + restart its associated Envoy proxies with the compatible Envoy version. + 5. Done! You are now running the latest Consul agent. You can verify this by running `consul members` to make sure all members have the latest build and highest protocol version. From 599f5e2207691e987cd07e6ecef159edc96b7b29 Mon Sep 17 00:00:00 2001 From: Daniel Upton Date: Tue, 12 Jul 2022 11:34:14 +0100 Subject: [PATCH 743/785] proxycfg-glue: server-local compiled discovery chain data source This is the OSS portion of enterprise PR 2236. Adds a local blocking query-based implementation of the proxycfg.CompiledDiscoveryChain interface. --- agent/agent.go | 2 + agent/proxycfg-glue/config_entry.go | 1 + agent/proxycfg-glue/discovery_chain.go | 95 ++++++++++++ agent/proxycfg-glue/discovery_chain_test.go | 114 +++++++++++++++ agent/proxycfg-glue/glue.go | 9 +- agent/proxycfg-glue/helpers_test.go | 34 +++++ .../proxycfg-glue/intention_upstreams_test.go | 25 +--- agent/proxycfg-glue/intentions_ent_test.go | 49 +++---- agent/proxycfg-glue/intentions_test.go | 137 +++++++++--------- 9 files changed, 345 insertions(+), 121 deletions(-) create mode 100644 agent/proxycfg-glue/discovery_chain.go create mode 100644 agent/proxycfg-glue/discovery_chain_test.go create mode 100644 agent/proxycfg-glue/helpers_test.go diff --git a/agent/agent.go b/agent/agent.go index 765c1ab91..c1381d0d2 100644 --- a/agent/agent.go +++ b/agent/agent.go @@ -4237,6 +4237,7 @@ func (a *Agent) proxyDataSources() proxycfg.DataSources { if server, ok := a.delegate.(*consul.Server); ok { deps := proxycfgglue.ServerDataSourceDeps{ + Datacenter: a.config.Datacenter, EventPublisher: a.baseDeps.EventPublisher, ViewStore: a.baseDeps.ViewStore, Logger: a.logger.Named("proxycfg.server-data-sources"), @@ -4245,6 +4246,7 @@ func (a *Agent) proxyDataSources() proxycfg.DataSources { } sources.ConfigEntry = proxycfgglue.ServerConfigEntry(deps) sources.ConfigEntryList = proxycfgglue.ServerConfigEntryList(deps) + sources.CompiledDiscoveryChain = proxycfgglue.ServerCompiledDiscoveryChain(deps, proxycfgglue.CacheCompiledDiscoveryChain(a.cache)) sources.Intentions = proxycfgglue.ServerIntentions(deps) sources.IntentionUpstreams = proxycfgglue.ServerIntentionUpstreams(deps) } diff --git a/agent/proxycfg-glue/config_entry.go b/agent/proxycfg-glue/config_entry.go index 8f85d5e13..138909369 100644 --- a/agent/proxycfg-glue/config_entry.go +++ b/agent/proxycfg-glue/config_entry.go @@ -19,6 +19,7 @@ import ( // ServerDataSourceDeps contains the dependencies needed for sourcing data from // server-local sources (e.g. materialized views). type ServerDataSourceDeps struct { + Datacenter string ViewStore *submatview.Store EventPublisher *stream.EventPublisher Logger hclog.Logger diff --git a/agent/proxycfg-glue/discovery_chain.go b/agent/proxycfg-glue/discovery_chain.go new file mode 100644 index 000000000..78e1f1653 --- /dev/null +++ b/agent/proxycfg-glue/discovery_chain.go @@ -0,0 +1,95 @@ +package proxycfgglue + +import ( + "context" + + "github.com/hashicorp/go-memdb" + + "github.com/hashicorp/consul/acl" + "github.com/hashicorp/consul/agent/cache" + cachetype "github.com/hashicorp/consul/agent/cache-types" + "github.com/hashicorp/consul/agent/consul/discoverychain" + "github.com/hashicorp/consul/agent/consul/watch" + "github.com/hashicorp/consul/agent/proxycfg" + "github.com/hashicorp/consul/agent/structs" +) + +// CacheCompiledDiscoveryChain satisfies the proxycfg.CompiledDiscoveryChain +// interface by sourcing data from the agent cache. +func CacheCompiledDiscoveryChain(c *cache.Cache) proxycfg.CompiledDiscoveryChain { + return &cacheProxyDataSource[*structs.DiscoveryChainRequest]{c, cachetype.CompiledDiscoveryChainName} +} + +// ServerCompiledDiscoveryChain satisfies the proxycfg.CompiledDiscoveryChain +// interface by sourcing data from a blocking query against the server's state +// store. +// +// Requests for services in remote datacenters will be delegated to the given +// remoteSource (i.e. CacheCompiledDiscoveryChain). +func ServerCompiledDiscoveryChain(deps ServerDataSourceDeps, remoteSource proxycfg.CompiledDiscoveryChain) proxycfg.CompiledDiscoveryChain { + return &serverCompiledDiscoveryChain{deps, remoteSource} +} + +type serverCompiledDiscoveryChain struct { + deps ServerDataSourceDeps + remoteSource proxycfg.CompiledDiscoveryChain +} + +func (s serverCompiledDiscoveryChain) Notify(ctx context.Context, req *structs.DiscoveryChainRequest, correlationID string, ch chan<- proxycfg.UpdateEvent) error { + if req.Datacenter != s.deps.Datacenter { + return s.remoteSource.Notify(ctx, req, correlationID, ch) + } + + entMeta := req.GetEnterpriseMeta() + + evalDC := req.EvaluateInDatacenter + if evalDC == "" { + evalDC = s.deps.Datacenter + } + + compileReq := discoverychain.CompileRequest{ + ServiceName: req.Name, + EvaluateInNamespace: entMeta.NamespaceOrDefault(), + EvaluateInPartition: entMeta.PartitionOrDefault(), + EvaluateInDatacenter: evalDC, + OverrideMeshGateway: req.OverrideMeshGateway, + OverrideProtocol: req.OverrideProtocol, + OverrideConnectTimeout: req.OverrideConnectTimeout, + } + + return watch.ServerLocalNotify(ctx, correlationID, s.deps.GetStore, + func(ws memdb.WatchSet, store Store) (uint64, *structs.DiscoveryChainResponse, error) { + var authzContext acl.AuthorizerContext + authz, err := s.deps.ACLResolver.ResolveTokenAndDefaultMeta(req.Token, req.GetEnterpriseMeta(), &authzContext) + if err != nil { + return 0, nil, err + } + if err := authz.ToAllowAuthorizer().ServiceReadAllowed(req.Name, &authzContext); err != nil { + // TODO(agentless): the agent cache handles acl.IsErrNotFound specially to + // prevent endlessly retrying if an ACL token is deleted. We should probably + // do this in watch.ServerLocalNotify too. + return 0, nil, err + } + + index, chain, entries, err := store.ServiceDiscoveryChain(ws, req.Name, entMeta, compileReq) + if err != nil { + return 0, nil, err + } + + rsp := &structs.DiscoveryChainResponse{ + Chain: chain, + QueryMeta: structs.QueryMeta{ + Backend: structs.QueryBackendBlocking, + Index: index, + }, + } + + // TODO(boxofrad): Check with @mkeeler that this is the correct thing to do. + if entries.IsEmpty() { + return index, rsp, watch.ErrorNotFound + } + return index, rsp, nil + }, + dispatchBlockingQueryUpdate[*structs.DiscoveryChainResponse](ch), + ) +} diff --git a/agent/proxycfg-glue/discovery_chain_test.go b/agent/proxycfg-glue/discovery_chain_test.go new file mode 100644 index 000000000..7207ffaf1 --- /dev/null +++ b/agent/proxycfg-glue/discovery_chain_test.go @@ -0,0 +1,114 @@ +package proxycfgglue + +import ( + "context" + "errors" + "fmt" + "testing" + + "github.com/stretchr/testify/mock" + "github.com/stretchr/testify/require" + + "github.com/hashicorp/consul/acl" + "github.com/hashicorp/consul/agent/consul/state" + "github.com/hashicorp/consul/agent/proxycfg" + "github.com/hashicorp/consul/agent/structs" +) + +func TestServerCompiledDiscoveryChain(t *testing.T) { + t.Run("remote queries are delegated to the remote source", func(t *testing.T) { + var ( + ctx = context.Background() + req = &structs.DiscoveryChainRequest{Datacenter: "dc2"} + correlationID = "correlation-id" + ch = make(chan<- proxycfg.UpdateEvent) + result = errors.New("KABOOM") + ) + + remoteSource := newMockCompiledDiscoveryChain(t) + remoteSource.On("Notify", ctx, req, correlationID, ch).Return(result) + + dataSource := ServerCompiledDiscoveryChain(ServerDataSourceDeps{Datacenter: "dc1"}, remoteSource) + err := dataSource.Notify(ctx, req, correlationID, ch) + require.Equal(t, result, err) + }) + + t.Run("local queries are served from the state store", func(t *testing.T) { + const ( + serviceName = "web" + datacenter = "dc1" + index = 123 + ) + + store := state.NewStateStore(nil) + require.NoError(t, store.CASetConfig(index, &structs.CAConfiguration{ClusterID: "cluster-id"})) + require.NoError(t, store.EnsureConfigEntry(index, &structs.ServiceConfigEntry{ + Name: serviceName, + Kind: structs.ServiceDefaults, + })) + + req := &structs.DiscoveryChainRequest{ + Name: serviceName, + Datacenter: datacenter, + } + + resolver := newStaticResolver( + policyAuthorizer(t, fmt.Sprintf(`service "%s" { policy = "read" }`, serviceName)), + ) + + dataSource := ServerCompiledDiscoveryChain(ServerDataSourceDeps{ + ACLResolver: resolver, + Datacenter: datacenter, + GetStore: func() Store { return store }, + }, nil) + + eventCh := make(chan proxycfg.UpdateEvent) + err := dataSource.Notify(context.Background(), req, "", eventCh) + require.NoError(t, err) + + // Check we get an event with the initial state. + result := getEventResult[*structs.DiscoveryChainResponse](t, eventCh) + require.NotNil(t, result.Chain) + + // Change the protocol to HTTP and check we get a recompiled chain. + require.NoError(t, store.EnsureConfigEntry(index+1, &structs.ServiceConfigEntry{ + Name: serviceName, + Kind: structs.ServiceDefaults, + Protocol: "http", + })) + + result = getEventResult[*structs.DiscoveryChainResponse](t, eventCh) + require.NotNil(t, result.Chain) + require.Equal(t, "http", result.Chain.Protocol) + + // Revoke access to the service. + resolver.SwapAuthorizer(acl.DenyAll()) + + // Write another config entry. + require.NoError(t, store.EnsureConfigEntry(index+2, &structs.ServiceConfigEntry{ + Name: serviceName, + Kind: structs.ServiceDefaults, + MaxInboundConnections: 1, + })) + + // Should no longer receive events for this service. + expectNoEvent(t, eventCh) + }) +} + +func newMockCompiledDiscoveryChain(t *testing.T) *mockCompiledDiscoveryChain { + mock := &mockCompiledDiscoveryChain{} + mock.Mock.Test(t) + + t.Cleanup(func() { mock.AssertExpectations(t) }) + + return mock +} + +type mockCompiledDiscoveryChain struct { + mock.Mock +} + +func (m *mockCompiledDiscoveryChain) Notify(ctx context.Context, req *structs.DiscoveryChainRequest, correlationID string, ch chan<- proxycfg.UpdateEvent) error { + return m.Called(ctx, req, correlationID, ch).Error(0) +} diff --git a/agent/proxycfg-glue/glue.go b/agent/proxycfg-glue/glue.go index 0fb0b7752..f06df2827 100644 --- a/agent/proxycfg-glue/glue.go +++ b/agent/proxycfg-glue/glue.go @@ -8,6 +8,8 @@ import ( "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/cache" cachetype "github.com/hashicorp/consul/agent/cache-types" + "github.com/hashicorp/consul/agent/configentry" + "github.com/hashicorp/consul/agent/consul/discoverychain" "github.com/hashicorp/consul/agent/consul/watch" "github.com/hashicorp/consul/agent/proxycfg" "github.com/hashicorp/consul/agent/rpcclient/health" @@ -20,6 +22,7 @@ type Store interface { watch.StateStore IntentionTopology(ws memdb.WatchSet, target structs.ServiceName, downstreams bool, defaultDecision acl.EnforcementDecision, intentionTarget structs.IntentionTargetType) (uint64, structs.ServiceList, error) + ServiceDiscoveryChain(ws memdb.WatchSet, serviceName string, entMeta *acl.EnterpriseMeta, req discoverychain.CompileRequest) (uint64, *structs.CompiledDiscoveryChain, *configentry.DiscoveryChainSet, error) } // CacheCARoots satisfies the proxycfg.CARoots interface by sourcing data from @@ -28,12 +31,6 @@ func CacheCARoots(c *cache.Cache) proxycfg.CARoots { return &cacheProxyDataSource[*structs.DCSpecificRequest]{c, cachetype.ConnectCARootName} } -// CacheCompiledDiscoveryChain satisfies the proxycfg.CompiledDiscoveryChain -// interface by sourcing data from the agent cache. -func CacheCompiledDiscoveryChain(c *cache.Cache) proxycfg.CompiledDiscoveryChain { - return &cacheProxyDataSource[*structs.DiscoveryChainRequest]{c, cachetype.CompiledDiscoveryChainName} -} - // CacheConfigEntry satisfies the proxycfg.ConfigEntry interface by sourcing // data from the agent cache. func CacheConfigEntry(c *cache.Cache) proxycfg.ConfigEntry { diff --git a/agent/proxycfg-glue/helpers_test.go b/agent/proxycfg-glue/helpers_test.go new file mode 100644 index 000000000..5528ed4a5 --- /dev/null +++ b/agent/proxycfg-glue/helpers_test.go @@ -0,0 +1,34 @@ +package proxycfgglue + +import ( + "testing" + "time" + + "github.com/stretchr/testify/require" + + "github.com/hashicorp/consul/agent/proxycfg" +) + +func getEventResult[ResultType any](t *testing.T, eventCh <-chan proxycfg.UpdateEvent) ResultType { + t.Helper() + + select { + case event := <-eventCh: + require.NoError(t, event.Err, "event should not have an error") + result, ok := event.Result.(ResultType) + require.Truef(t, ok, "unexpected result type: %T", event.Result) + return result + case <-time.After(100 * time.Millisecond): + t.Fatal("timeout waiting for event") + } + + panic("this should never be reached") +} + +func expectNoEvent(t *testing.T, eventCh <-chan proxycfg.UpdateEvent) { + select { + case <-eventCh: + t.Fatal("expected no event") + case <-time.After(100 * time.Millisecond): + } +} diff --git a/agent/proxycfg-glue/intention_upstreams_test.go b/agent/proxycfg-glue/intention_upstreams_test.go index 22d596109..22846f24d 100644 --- a/agent/proxycfg-glue/intention_upstreams_test.go +++ b/agent/proxycfg-glue/intention_upstreams_test.go @@ -3,7 +3,6 @@ package proxycfgglue import ( "context" "testing" - "time" "github.com/stretchr/testify/require" @@ -62,7 +61,7 @@ func TestServerIntentionUpstreams(t *testing.T) { authz := policyAuthorizer(t, `service "db" { policy = "read" }`) dataSource := ServerIntentionUpstreams(ServerDataSourceDeps{ - ACLResolver: staticResolver{authz}, + ACLResolver: newStaticResolver(authz), GetStore: func() Store { return store }, }) @@ -70,28 +69,16 @@ func TestServerIntentionUpstreams(t *testing.T) { err := dataSource.Notify(ctx, &structs.ServiceSpecificRequest{ServiceName: serviceName}, "", ch) require.NoError(t, err) - select { - case event := <-ch: - result, ok := event.Result.(*structs.IndexedServiceList) - require.Truef(t, ok, "expected IndexedServiceList, got: %T", event.Result) - require.Len(t, result.Services, 0) - case <-time.After(100 * time.Millisecond): - t.Fatal("timeout waiting for event") - } + result := getEventResult[*structs.IndexedServiceList](t, ch) + require.Len(t, result.Services, 0) // Create an allow intention for the db service. This should *not* be filtered // out because the ACL token *does* have read access on it. createIntention("db") - select { - case event := <-ch: - result, ok := event.Result.(*structs.IndexedServiceList) - require.Truef(t, ok, "expected IndexedServiceList, got: %T", event.Result) - require.Len(t, result.Services, 1) - require.Equal(t, "db", result.Services[0].Name) - case <-time.After(100 * time.Millisecond): - t.Fatal("timeout waiting for event") - } + result = getEventResult[*structs.IndexedServiceList](t, ch) + require.Len(t, result.Services, 1) + require.Equal(t, "db", result.Services[0].Name) } func disableLegacyIntentions(t *testing.T, store *state.Store) { diff --git a/agent/proxycfg-glue/intentions_ent_test.go b/agent/proxycfg-glue/intentions_ent_test.go index 66f3d62cb..00eb37285 100644 --- a/agent/proxycfg-glue/intentions_ent_test.go +++ b/agent/proxycfg-glue/intentions_ent_test.go @@ -15,6 +15,7 @@ import ( "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/agent/submatview" "github.com/hashicorp/consul/proto/pbsubscribe" + "github.com/hashicorp/consul/sdk/testutil" ) func TestServerIntentions_Enterprise(t *testing.T) { @@ -39,7 +40,7 @@ func TestServerIntentions_Enterprise(t *testing.T) { go publisher.Run(ctx) intentions := ServerIntentions(ServerDataSourceDeps{ - ACLResolver: staticResolver{acl.ManageAll()}, + ACLResolver: newStaticResolver(acl.ManageAll()), ViewStore: store, EventPublisher: publisher, Logger: logger, @@ -51,37 +52,29 @@ func TestServerIntentions_Enterprise(t *testing.T) { ServiceName: serviceName, }, "", eventCh)) - // Wait for the initial snapshots. - select { - case <-eventCh: - case <-time.After(100 * time.Millisecond): - t.Fatal("timeout waiting for event") - } + testutil.RunStep(t, "initial snapshot", func(t *testing.T) { + getEventResult[structs.Intentions](t, eventCh) + }) - // Publish a namespace wildcard intention. - publisher.Publish([]stream.Event{ - { - Topic: pbsubscribe.Topic_ServiceIntentions, - Index: index + 1, - Payload: state.EventPayloadConfigEntry{ - Op: pbsubscribe.ConfigEntryUpdate_Upsert, - Value: &structs.ServiceIntentionsConfigEntry{ - Name: structs.WildcardSpecifier, - EnterpriseMeta: *acl.WildcardEnterpriseMeta(), - Sources: []*structs.SourceIntention{ - {Name: structs.WildcardSpecifier, Action: structs.IntentionActionAllow, Precedence: 1}, + testutil.RunStep(t, "publish a namespace-wildcard partition", func(t *testing.T) { + publisher.Publish([]stream.Event{ + { + Topic: pbsubscribe.Topic_ServiceIntentions, + Index: index + 1, + Payload: state.EventPayloadConfigEntry{ + Op: pbsubscribe.ConfigEntryUpdate_Upsert, + Value: &structs.ServiceIntentionsConfigEntry{ + Name: structs.WildcardSpecifier, + EnterpriseMeta: *acl.WildcardEnterpriseMeta(), + Sources: []*structs.SourceIntention{ + {Name: structs.WildcardSpecifier, Action: structs.IntentionActionAllow, Precedence: 1}, + }, }, }, }, - }, - }) + }) - select { - case event := <-eventCh: - result, ok := event.Result.(structs.Intentions) - require.Truef(t, ok, "expected Intentions, got: %T", event.Result) + result := getEventResult[structs.Intentions](t, eventCh) require.Len(t, result, 1) - case <-time.After(100 * time.Millisecond): - t.Fatal("timeout waiting for event") - } + }) } diff --git a/agent/proxycfg-glue/intentions_test.go b/agent/proxycfg-glue/intentions_test.go index 0284068bd..3597109f7 100644 --- a/agent/proxycfg-glue/intentions_test.go +++ b/agent/proxycfg-glue/intentions_test.go @@ -2,6 +2,7 @@ package proxycfgglue import ( "context" + "sync" "testing" "time" @@ -16,6 +17,7 @@ import ( "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/agent/submatview" "github.com/hashicorp/consul/proto/pbsubscribe" + "github.com/hashicorp/consul/sdk/testutil" ) func TestServerIntentions(t *testing.T) { @@ -39,7 +41,7 @@ func TestServerIntentions(t *testing.T) { go publisher.Run(ctx) intentions := ServerIntentions(ServerDataSourceDeps{ - ACLResolver: staticResolver{acl.ManageAll()}, + ACLResolver: newStaticResolver(acl.ManageAll()), ViewStore: store, EventPublisher: publisher, Logger: logger, @@ -51,64 +53,53 @@ func TestServerIntentions(t *testing.T) { EnterpriseMeta: *acl.DefaultEnterpriseMeta(), }, "", eventCh)) - // Wait for the initial snapshots. - select { - case <-eventCh: - case <-time.After(100 * time.Millisecond): - t.Fatal("timeout waiting for event") - } + testutil.RunStep(t, "initial snapshot", func(t *testing.T) { + getEventResult[structs.Intentions](t, eventCh) + }) - // Publish an explicit intention on the service. - publisher.Publish([]stream.Event{ - { - Topic: pbsubscribe.Topic_ServiceIntentions, - Index: index + 1, - Payload: state.EventPayloadConfigEntry{ - Op: pbsubscribe.ConfigEntryUpdate_Upsert, - Value: &structs.ServiceIntentionsConfigEntry{ - Name: serviceName, - Sources: []*structs.SourceIntention{ - {Name: "db", Action: structs.IntentionActionAllow, Precedence: 1}, + testutil.RunStep(t, "publishing an explicit intention", func(t *testing.T) { + publisher.Publish([]stream.Event{ + { + Topic: pbsubscribe.Topic_ServiceIntentions, + Index: index + 1, + Payload: state.EventPayloadConfigEntry{ + Op: pbsubscribe.ConfigEntryUpdate_Upsert, + Value: &structs.ServiceIntentionsConfigEntry{ + Name: serviceName, + Sources: []*structs.SourceIntention{ + {Name: "db", Action: structs.IntentionActionAllow, Precedence: 1}, + }, }, }, }, - }, - }) + }) - select { - case event := <-eventCh: - result, ok := event.Result.(structs.Intentions) - require.Truef(t, ok, "expected Intentions, got: %T", event.Result) + result := getEventResult[structs.Intentions](t, eventCh) require.Len(t, result, 1) intention := result[0] require.Equal(t, intention.DestinationName, serviceName) require.Equal(t, intention.SourceName, "db") - case <-time.After(100 * time.Millisecond): - t.Fatal("timeout waiting for event") - } + }) - // Publish a wildcard intention. - publisher.Publish([]stream.Event{ - { - Topic: pbsubscribe.Topic_ServiceIntentions, - Index: index + 2, - Payload: state.EventPayloadConfigEntry{ - Op: pbsubscribe.ConfigEntryUpdate_Upsert, - Value: &structs.ServiceIntentionsConfigEntry{ - Name: structs.WildcardSpecifier, - Sources: []*structs.SourceIntention{ - {Name: structs.WildcardSpecifier, Action: structs.IntentionActionAllow, Precedence: 0}, + testutil.RunStep(t, "publishing a wildcard intention", func(t *testing.T) { + publisher.Publish([]stream.Event{ + { + Topic: pbsubscribe.Topic_ServiceIntentions, + Index: index + 2, + Payload: state.EventPayloadConfigEntry{ + Op: pbsubscribe.ConfigEntryUpdate_Upsert, + Value: &structs.ServiceIntentionsConfigEntry{ + Name: structs.WildcardSpecifier, + Sources: []*structs.SourceIntention{ + {Name: structs.WildcardSpecifier, Action: structs.IntentionActionAllow, Precedence: 0}, + }, }, }, }, - }, - }) + }) - select { - case event := <-eventCh: - result, ok := event.Result.(structs.Intentions) - require.Truef(t, ok, "expected Intentions, got: %T", event.Result) + result := getEventResult[structs.Intentions](t, eventCh) require.Len(t, result, 2) a := result[0] @@ -118,38 +109,48 @@ func TestServerIntentions(t *testing.T) { b := result[1] require.Equal(t, b.DestinationName, structs.WildcardSpecifier) require.Equal(t, b.SourceName, structs.WildcardSpecifier) - case <-time.After(100 * time.Millisecond): - t.Fatal("timeout waiting for event") - } - - // Publish a delete event and observe the intention is removed from the results. - publisher.Publish([]stream.Event{ - { - Topic: pbsubscribe.Topic_ServiceIntentions, - Index: index + 3, - Payload: state.EventPayloadConfigEntry{ - Op: pbsubscribe.ConfigEntryUpdate_Delete, - Value: &structs.ServiceIntentionsConfigEntry{ - Name: serviceName, - }, - }, - }, }) - select { - case event := <-eventCh: - result, ok := event.Result.(structs.Intentions) - require.Truef(t, ok, "expected Intentions, got: %T", event.Result) + testutil.RunStep(t, "publishing a delete event", func(t *testing.T) { + publisher.Publish([]stream.Event{ + { + Topic: pbsubscribe.Topic_ServiceIntentions, + Index: index + 3, + Payload: state.EventPayloadConfigEntry{ + Op: pbsubscribe.ConfigEntryUpdate_Delete, + Value: &structs.ServiceIntentionsConfigEntry{ + Name: serviceName, + }, + }, + }, + }) + + result := getEventResult[structs.Intentions](t, eventCh) require.Len(t, result, 1) - case <-time.After(100 * time.Millisecond): - t.Fatal("timeout waiting for event") - } + }) + } type staticResolver struct { + mu sync.Mutex authorizer acl.Authorizer } -func (r staticResolver) ResolveTokenAndDefaultMeta(token string, entMeta *acl.EnterpriseMeta, authzContext *acl.AuthorizerContext) (resolver.Result, error) { +func newStaticResolver(authz acl.Authorizer) *staticResolver { + resolver := new(staticResolver) + resolver.SwapAuthorizer(authz) + return resolver +} + +func (r *staticResolver) SwapAuthorizer(authz acl.Authorizer) { + r.mu.Lock() + defer r.mu.Unlock() + + r.authorizer = authz +} + +func (r *staticResolver) ResolveTokenAndDefaultMeta(token string, entMeta *acl.EnterpriseMeta, authzContext *acl.AuthorizerContext) (resolver.Result, error) { + r.mu.Lock() + defer r.mu.Unlock() return resolver.Result{Authorizer: r.authorizer}, nil } From 688dfe31381c2ea74cb86a7811061db2a55a461e Mon Sep 17 00:00:00 2001 From: Daniel Upton Date: Tue, 12 Jul 2022 11:35:52 +0100 Subject: [PATCH 744/785] proxycfg-glue: server-local implementation of `ServiceList` This is the OSS portion of enterprise PR 2242. This PR introduces a server-local implementation of the proxycfg.ServiceList interface, backed by streaming events and a local materializer. --- agent/agent.go | 1 + agent/consul/fsm/fsm.go | 7 + agent/consul/state/catalog_events.go | 93 ++++++ agent/consul/state/catalog_events_test.go | 112 +++++++ agent/consul/state/events.go | 6 + agent/consul/state/memdb.go | 2 + agent/proxycfg-glue/config_entry.go | 23 +- agent/proxycfg-glue/glue.go | 6 - agent/proxycfg-glue/service_list.go | 124 +++++++ agent/proxycfg-glue/service_list_test.go | 140 ++++++++ proto/pbsubscribe/subscribe.pb.binary.go | 10 + proto/pbsubscribe/subscribe.pb.go | 380 +++++++++++++++------- proto/pbsubscribe/subscribe.proto | 19 ++ 13 files changed, 784 insertions(+), 139 deletions(-) create mode 100644 agent/proxycfg-glue/service_list.go create mode 100644 agent/proxycfg-glue/service_list_test.go diff --git a/agent/agent.go b/agent/agent.go index c1381d0d2..7aa42e3d9 100644 --- a/agent/agent.go +++ b/agent/agent.go @@ -4249,6 +4249,7 @@ func (a *Agent) proxyDataSources() proxycfg.DataSources { sources.CompiledDiscoveryChain = proxycfgglue.ServerCompiledDiscoveryChain(deps, proxycfgglue.CacheCompiledDiscoveryChain(a.cache)) sources.Intentions = proxycfgglue.ServerIntentions(deps) sources.IntentionUpstreams = proxycfgglue.ServerIntentionUpstreams(deps) + sources.ServiceList = proxycfgglue.ServerServiceList(deps, proxycfgglue.CacheServiceList(a.cache)) } a.fillEnterpriseProxyDataSources(&sources) diff --git a/agent/consul/fsm/fsm.go b/agent/consul/fsm/fsm.go index 8fa617b45..432e64631 100644 --- a/agent/consul/fsm/fsm.go +++ b/agent/consul/fsm/fsm.go @@ -324,4 +324,11 @@ func (c *FSM) registerStreamSnapshotHandlers() { if err != nil { panic(fmt.Errorf("fatal error encountered registering streaming snapshot handlers: %w", err)) } + + err = c.deps.Publisher.RegisterHandler(state.EventTopicServiceList, func(req stream.SubscribeRequest, buf stream.SnapshotAppender) (uint64, error) { + return c.State().ServiceListSnapshot(req, buf) + }, true) + if err != nil { + panic(fmt.Errorf("fatal error encountered registering streaming snapshot handlers: %w", err)) + } } diff --git a/agent/consul/state/catalog_events.go b/agent/consul/state/catalog_events.go index b4b498b98..06d6414af 100644 --- a/agent/consul/state/catalog_events.go +++ b/agent/consul/state/catalog_events.go @@ -9,6 +9,7 @@ import ( "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/consul/stream" "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/proto/pbcommon" "github.com/hashicorp/consul/proto/pbservice" "github.com/hashicorp/consul/proto/pbsubscribe" ) @@ -71,6 +72,39 @@ func (e EventPayloadCheckServiceNode) ToSubscriptionEvent(idx uint64) *pbsubscri } } +// EventPayloadServiceListUpdate is used as the Payload for a stream.Event when +// services (not service instances) are registered/deregistered. These events +// are used to materialize the list of services in a datacenter. +type EventPayloadServiceListUpdate struct { + Op pbsubscribe.CatalogOp + + Name string + EnterpriseMeta acl.EnterpriseMeta + PeerName string +} + +func (e *EventPayloadServiceListUpdate) ToSubscriptionEvent(idx uint64) *pbsubscribe.Event { + return &pbsubscribe.Event{ + Index: idx, + Payload: &pbsubscribe.Event_Service{ + Service: &pbsubscribe.ServiceListUpdate{ + Op: e.Op, + Name: e.Name, + EnterpriseMeta: pbcommon.NewEnterpriseMetaFromStructs(e.EnterpriseMeta), + PeerName: e.PeerName, + }, + }, + } +} + +func (e *EventPayloadServiceListUpdate) Subject() stream.Subject { return stream.SubjectNone } + +func (e *EventPayloadServiceListUpdate) HasReadPermission(authz acl.Authorizer) bool { + var authzContext acl.AuthorizerContext + e.EnterpriseMeta.FillAuthzContext(&authzContext) + return authz.ServiceRead(e.Name, &authzContext) == acl.Allow +} + // serviceHealthSnapshot returns a stream.SnapshotFunc that provides a snapshot // of stream.Events that describe the current state of a service health query. func (s *Store) ServiceHealthSnapshot(req stream.SubscribeRequest, buf stream.SnapshotAppender) (index uint64, err error) { @@ -156,6 +190,65 @@ type nodeTuple struct { var serviceChangeIndirect = serviceChange{changeType: changeIndirect} +// ServiceListUpdateEventsFromChanges returns events representing changes to +// the list of services from the given set of state store changes. +func ServiceListUpdateEventsFromChanges(tx ReadTxn, changes Changes) ([]stream.Event, error) { + var events []stream.Event + for _, change := range changes.Changes { + if change.Table != tableKindServiceNames { + continue + } + + kindName := changeObject(change).(*KindServiceName) + + // TODO(peering): make this peer-aware. + payload := &EventPayloadServiceListUpdate{ + Name: kindName.Service.Name, + EnterpriseMeta: kindName.Service.EnterpriseMeta, + } + + if change.Deleted() { + payload.Op = pbsubscribe.CatalogOp_Deregister + } else { + payload.Op = pbsubscribe.CatalogOp_Register + } + + events = append(events, stream.Event{ + Topic: EventTopicServiceList, + Index: changes.Index, + Payload: payload, + }) + } + return events, nil +} + +// ServiceListSnapshot is a stream.SnapshotFunc that returns a snapshot of +// all service names. +func (s *Store) ServiceListSnapshot(_ stream.SubscribeRequest, buf stream.SnapshotAppender) (uint64, error) { + index, names, err := s.ServiceNamesOfKind(nil, "") + if err != nil { + return 0, err + } + + if l := len(names); l > 0 { + events := make([]stream.Event, l) + for idx, name := range names { + events[idx] = stream.Event{ + Topic: EventTopicServiceList, + Index: index, + Payload: &EventPayloadServiceListUpdate{ + Op: pbsubscribe.CatalogOp_Register, + Name: name.Service.Name, + EnterpriseMeta: name.Service.EnterpriseMeta, + }, + } + } + buf.Append(events) + } + + return index, nil +} + // ServiceHealthEventsFromChanges returns all the service and Connect health // events that should be emitted given a set of changes to the state store. func ServiceHealthEventsFromChanges(tx ReadTxn, changes Changes) ([]stream.Event, error) { diff --git a/agent/consul/state/catalog_events_test.go b/agent/consul/state/catalog_events_test.go index 129b834b8..ef398ed6c 100644 --- a/agent/consul/state/catalog_events_test.go +++ b/agent/consul/state/catalog_events_test.go @@ -8,6 +8,7 @@ import ( "github.com/google/go-cmp/cmp/cmpopts" "github.com/stretchr/testify/require" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/consul/stream" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" @@ -2543,3 +2544,114 @@ func newPayloadCheckServiceNodeWithOverride( overrideNamespace: overrideNamespace, } } + +func TestServiceListUpdateSnapshot(t *testing.T) { + const index uint64 = 123 + + store := testStateStore(t) + require.NoError(t, store.EnsureRegistration(index, testServiceRegistration(t, "db"))) + + buf := &snapshotAppender{} + idx, err := store.ServiceListSnapshot(stream.SubscribeRequest{Subject: stream.SubjectNone}, buf) + require.NoError(t, err) + require.NotZero(t, idx) + + require.Len(t, buf.events, 1) + require.Len(t, buf.events[0], 1) + + payload := buf.events[0][0].Payload.(*EventPayloadServiceListUpdate) + require.Equal(t, pbsubscribe.CatalogOp_Register, payload.Op) + require.Equal(t, "db", payload.Name) +} + +func TestServiceListUpdateEventsFromChanges(t *testing.T) { + const changeIndex = 123 + + testCases := map[string]struct { + setup func(*Store, *txn) error + mutate func(*Store, *txn) error + events []stream.Event + }{ + "register new service": { + mutate: func(store *Store, tx *txn) error { + return store.ensureRegistrationTxn(tx, changeIndex, false, testServiceRegistration(t, "db"), false) + }, + events: []stream.Event{ + { + Topic: EventTopicServiceList, + Index: changeIndex, + Payload: &EventPayloadServiceListUpdate{ + Op: pbsubscribe.CatalogOp_Register, + Name: "db", + EnterpriseMeta: *acl.DefaultEnterpriseMeta(), + }, + }, + }, + }, + "service already registered": { + setup: func(store *Store, tx *txn) error { + return store.ensureRegistrationTxn(tx, changeIndex, false, testServiceRegistration(t, "db"), false) + }, + mutate: func(store *Store, tx *txn) error { + return store.ensureRegistrationTxn(tx, changeIndex, false, testServiceRegistration(t, "db"), false) + }, + events: nil, + }, + "deregister last instance of service": { + setup: func(store *Store, tx *txn) error { + return store.ensureRegistrationTxn(tx, changeIndex, false, testServiceRegistration(t, "db"), false) + }, + mutate: func(store *Store, tx *txn) error { + return store.deleteServiceTxn(tx, tx.Index, "node1", "db", nil, "") + }, + events: []stream.Event{ + { + Topic: EventTopicServiceList, + Index: changeIndex, + Payload: &EventPayloadServiceListUpdate{ + Op: pbsubscribe.CatalogOp_Deregister, + Name: "db", + EnterpriseMeta: *acl.DefaultEnterpriseMeta(), + }, + }, + }, + }, + "deregister (not the last) instance of service": { + setup: func(store *Store, tx *txn) error { + if err := store.ensureRegistrationTxn(tx, changeIndex, false, testServiceRegistration(t, "db"), false); err != nil { + return err + } + if err := store.ensureRegistrationTxn(tx, changeIndex, false, testServiceRegistration(t, "db", regNode2), false); err != nil { + return err + } + return nil + }, + mutate: func(store *Store, tx *txn) error { + return store.deleteServiceTxn(tx, tx.Index, "node1", "db", nil, "") + }, + events: nil, + }, + } + for desc, tc := range testCases { + t.Run(desc, func(t *testing.T) { + store := testStateStore(t) + + if tc.setup != nil { + tx := store.db.WriteTxn(0) + require.NoError(t, tc.setup(store, tx)) + require.NoError(t, tx.Commit()) + } + + tx := store.db.WriteTxn(0) + t.Cleanup(tx.Abort) + + if tc.mutate != nil { + require.NoError(t, tc.mutate(store, tx)) + } + + events, err := ServiceListUpdateEventsFromChanges(tx, Changes{Index: changeIndex, Changes: tx.Changes()}) + require.NoError(t, err) + require.Equal(t, tc.events, events) + }) + } +} diff --git a/agent/consul/state/events.go b/agent/consul/state/events.go index e59624511..2e74c44c9 100644 --- a/agent/consul/state/events.go +++ b/agent/consul/state/events.go @@ -43,6 +43,12 @@ func PBToStreamSubscribeRequest(req *pbsubscribe.SubscribeRequest, entMeta acl.E Name: named.Key, EnterpriseMeta: &entMeta, } + case EventTopicServiceList: + // Events on this topic are published to SubjectNone, but rather than + // exposing this in (and further complicating) the streaming API we rely + // on consumers passing WildcardSubject instead, which is functionally the + // same for this purpose. + return nil, fmt.Errorf("topic %s can only be consumed using WildcardSubject", EventTopicServiceList) default: return nil, fmt.Errorf("cannot construct subject for topic %s", req.Topic) } diff --git a/agent/consul/state/memdb.go b/agent/consul/state/memdb.go index 95a291061..751622977 100644 --- a/agent/consul/state/memdb.go +++ b/agent/consul/state/memdb.go @@ -184,6 +184,7 @@ var ( EventTopicServiceResolver = pbsubscribe.Topic_ServiceResolver EventTopicIngressGateway = pbsubscribe.Topic_IngressGateway EventTopicServiceIntentions = pbsubscribe.Topic_ServiceIntentions + EventTopicServiceList = pbsubscribe.Topic_ServiceList ) func processDBChanges(tx ReadTxn, changes Changes) ([]stream.Event, error) { @@ -192,6 +193,7 @@ func processDBChanges(tx ReadTxn, changes Changes) ([]stream.Event, error) { aclChangeUnsubscribeEvent, caRootsChangeEvents, ServiceHealthEventsFromChanges, + ServiceListUpdateEventsFromChanges, ConfigEntryEventsFromChanges, // TODO: add other table handlers here. } diff --git a/agent/proxycfg-glue/config_entry.go b/agent/proxycfg-glue/config_entry.go index 138909369..1f6fbf245 100644 --- a/agent/proxycfg-glue/config_entry.go +++ b/agent/proxycfg-glue/config_entry.go @@ -12,6 +12,7 @@ import ( "github.com/hashicorp/consul/agent/proxycfg" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/agent/submatview" + "github.com/hashicorp/consul/proto/pbcommon" "github.com/hashicorp/consul/proto/pbconfigentry" "github.com/hashicorp/consul/proto/pbsubscribe" ) @@ -194,7 +195,7 @@ func (v *configEntryListView) Result(index uint64) any { } func (v *configEntryListView) Update(events []*pbsubscribe.Event) error { - for _, event := range v.filterByEnterpriseMeta(events) { + for _, event := range filterByEnterpriseMeta(events, v.entMeta) { update := event.GetConfigEntry() configEntry := pbconfigentry.ConfigEntryToStructs(update.ConfigEntry) name := structs.NewServiceName(configEntry.GetName(), configEntry.GetEnterpriseMeta()).String() @@ -213,22 +214,26 @@ func (v *configEntryListView) Update(events []*pbsubscribe.Event) error { // don't match the request's enterprise meta - this is necessary because when // subscribing to a topic with SubjectWildcard we'll get events for resources // in all partitions and namespaces. -func (v *configEntryListView) filterByEnterpriseMeta(events []*pbsubscribe.Event) []*pbsubscribe.Event { - partition := v.entMeta.PartitionOrDefault() - namespace := v.entMeta.NamespaceOrDefault() +func filterByEnterpriseMeta(events []*pbsubscribe.Event, entMeta acl.EnterpriseMeta) []*pbsubscribe.Event { + partition := entMeta.PartitionOrDefault() + namespace := entMeta.NamespaceOrDefault() filtered := make([]*pbsubscribe.Event, 0, len(events)) for _, event := range events { - configEntry := event.GetConfigEntry().GetConfigEntry() - if configEntry == nil { + var eventEntMeta *pbcommon.EnterpriseMeta + switch payload := event.Payload.(type) { + case *pbsubscribe.Event_ConfigEntry: + eventEntMeta = payload.ConfigEntry.ConfigEntry.GetEnterpriseMeta() + case *pbsubscribe.Event_Service: + eventEntMeta = payload.Service.GetEnterpriseMeta() + default: continue } - entMeta := configEntry.GetEnterpriseMeta() - if partition != acl.WildcardName && !acl.EqualPartitions(partition, entMeta.GetPartition()) { + if partition != acl.WildcardName && !acl.EqualPartitions(partition, eventEntMeta.GetPartition()) { continue } - if namespace != acl.WildcardName && !acl.EqualNamespaces(namespace, entMeta.GetNamespace()) { + if namespace != acl.WildcardName && !acl.EqualNamespaces(namespace, eventEntMeta.GetNamespace()) { continue } diff --git a/agent/proxycfg-glue/glue.go b/agent/proxycfg-glue/glue.go index f06df2827..739cc7f64 100644 --- a/agent/proxycfg-glue/glue.go +++ b/agent/proxycfg-glue/glue.go @@ -103,12 +103,6 @@ func CacheResolvedServiceConfig(c *cache.Cache) proxycfg.ResolvedServiceConfig { return &cacheProxyDataSource[*structs.ServiceConfigRequest]{c, cachetype.ResolvedServiceConfigName} } -// CacheServiceList satisfies the proxycfg.ServiceList interface by sourcing -// data from the agent cache. -func CacheServiceList(c *cache.Cache) proxycfg.ServiceList { - return &cacheProxyDataSource[*structs.DCSpecificRequest]{c, cachetype.CatalogServiceListName} -} - // CacheTrustBundle satisfies the proxycfg.TrustBundle interface by sourcing // data from the agent cache. func CacheTrustBundle(c *cache.Cache) proxycfg.TrustBundle { diff --git a/agent/proxycfg-glue/service_list.go b/agent/proxycfg-glue/service_list.go new file mode 100644 index 000000000..14dc13f31 --- /dev/null +++ b/agent/proxycfg-glue/service_list.go @@ -0,0 +1,124 @@ +package proxycfgglue + +import ( + "context" + "sort" + + "github.com/hashicorp/consul/acl" + "github.com/hashicorp/consul/agent/cache" + cachetype "github.com/hashicorp/consul/agent/cache-types" + "github.com/hashicorp/consul/agent/proxycfg" + "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/agent/submatview" + "github.com/hashicorp/consul/proto/pbcommon" + "github.com/hashicorp/consul/proto/pbsubscribe" +) + +// CacheServiceList satisfies the proxycfg.ServiceList interface by sourcing +// data from the agent cache. +func CacheServiceList(c *cache.Cache) proxycfg.ServiceList { + return &cacheProxyDataSource[*structs.DCSpecificRequest]{c, cachetype.CatalogServiceListName} +} + +func ServerServiceList(deps ServerDataSourceDeps, remoteSource proxycfg.ServiceList) proxycfg.ServiceList { + return &serverServiceList{deps, remoteSource} +} + +type serverServiceList struct { + deps ServerDataSourceDeps + remoteSource proxycfg.ServiceList +} + +func (s *serverServiceList) Notify(ctx context.Context, req *structs.DCSpecificRequest, correlationID string, ch chan<- proxycfg.UpdateEvent) error { + if req.Datacenter != s.deps.Datacenter { + return s.remoteSource.Notify(ctx, req, correlationID, ch) + } + return s.deps.ViewStore.NotifyCallback( + ctx, + &serviceListRequest{s.deps, req}, + correlationID, + dispatchCacheUpdate(ch), + ) +} + +type serviceListRequest struct { + deps ServerDataSourceDeps + req *structs.DCSpecificRequest +} + +func (r *serviceListRequest) Request(index uint64) *pbsubscribe.SubscribeRequest { + return &pbsubscribe.SubscribeRequest{ + Topic: pbsubscribe.Topic_ServiceList, + Subject: &pbsubscribe.SubscribeRequest_WildcardSubject{WildcardSubject: true}, + Index: index, + Datacenter: r.req.Datacenter, + Token: r.req.QueryOptions.Token, + } +} + +func (r *serviceListRequest) CacheInfo() cache.RequestInfo { return r.req.CacheInfo() } + +func (r *serviceListRequest) NewMaterializer() (submatview.Materializer, error) { + return submatview.NewLocalMaterializer(submatview.LocalMaterializerDeps{ + Backend: r.deps.EventPublisher, + ACLResolver: r.deps.ACLResolver, + Deps: submatview.Deps{ + View: newServiceListView(r.req.EnterpriseMeta), + Logger: r.deps.Logger, + Request: r.Request, + }, + }), nil +} + +func (serviceListRequest) Type() string { return "proxycfgglue.ServiceList" } + +func newServiceListView(entMeta acl.EnterpriseMeta) *serviceListView { + view := &serviceListView{entMeta: entMeta} + view.Reset() + return view +} + +type serviceListView struct { + entMeta acl.EnterpriseMeta + state map[string]structs.ServiceName +} + +func (v *serviceListView) Reset() { v.state = make(map[string]structs.ServiceName) } + +func (v *serviceListView) Update(events []*pbsubscribe.Event) error { + for _, event := range filterByEnterpriseMeta(events, v.entMeta) { + update := event.GetService() + if update == nil { + continue + } + + var entMeta acl.EnterpriseMeta + pbcommon.EnterpriseMetaToStructs(update.EnterpriseMeta, &entMeta) + name := structs.NewServiceName(update.Name, &entMeta) + + switch update.Op { + case pbsubscribe.CatalogOp_Register: + v.state[name.String()] = name + case pbsubscribe.CatalogOp_Deregister: + delete(v.state, name.String()) + } + } + return nil +} + +func (v *serviceListView) Result(index uint64) any { + serviceList := make(structs.ServiceList, 0, len(v.state)) + for _, name := range v.state { + serviceList = append(serviceList, name) + } + sort.Slice(serviceList, func(a, b int) bool { + return serviceList[a].String() < serviceList[b].String() + }) + return &structs.IndexedServiceList{ + Services: serviceList, + QueryMeta: structs.QueryMeta{ + Backend: structs.QueryBackendStreaming, + Index: index, + }, + } +} diff --git a/agent/proxycfg-glue/service_list_test.go b/agent/proxycfg-glue/service_list_test.go new file mode 100644 index 000000000..eedb211b3 --- /dev/null +++ b/agent/proxycfg-glue/service_list_test.go @@ -0,0 +1,140 @@ +package proxycfgglue + +import ( + "context" + "errors" + "testing" + "time" + + "github.com/stretchr/testify/mock" + "github.com/stretchr/testify/require" + + "github.com/hashicorp/consul/acl" + "github.com/hashicorp/consul/agent/consul/state" + "github.com/hashicorp/consul/agent/consul/stream" + "github.com/hashicorp/consul/agent/proxycfg" + "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/agent/submatview" + "github.com/hashicorp/consul/proto/pbsubscribe" + "github.com/hashicorp/consul/sdk/testutil" +) + +func TestServerServiceList(t *testing.T) { + t.Run("remote queries are delegated to the remote source", func(t *testing.T) { + var ( + ctx = context.Background() + req = &structs.DCSpecificRequest{Datacenter: "dc2"} + correlationID = "correlation-id" + ch = make(chan<- proxycfg.UpdateEvent) + result = errors.New("KABOOM") + ) + + remoteSource := newMockServiceList(t) + remoteSource.On("Notify", ctx, req, correlationID, ch).Return(result) + + dataSource := ServerServiceList(ServerDataSourceDeps{Datacenter: "dc1"}, remoteSource) + err := dataSource.Notify(ctx, req, correlationID, ch) + require.Equal(t, result, err) + }) + + t.Run("local queries are served from a materialized view", func(t *testing.T) { + const ( + index uint64 = 123 + datacenter = "dc1" + ) + + logger := testutil.Logger(t) + + ctx, cancel := context.WithCancel(context.Background()) + t.Cleanup(cancel) + + store := submatview.NewStore(logger) + go store.Run(ctx) + + publisher := stream.NewEventPublisher(10 * time.Second) + publisher.RegisterHandler(pbsubscribe.Topic_ServiceList, + func(stream.SubscribeRequest, stream.SnapshotAppender) (uint64, error) { return index, nil }, + true) + go publisher.Run(ctx) + + dataSource := ServerServiceList(ServerDataSourceDeps{ + Datacenter: datacenter, + ACLResolver: newStaticResolver(acl.ManageAll()), + ViewStore: store, + EventPublisher: publisher, + Logger: logger, + }, nil) + + eventCh := make(chan proxycfg.UpdateEvent) + require.NoError(t, dataSource.Notify(ctx, &structs.DCSpecificRequest{Datacenter: datacenter}, "", eventCh)) + + testutil.RunStep(t, "initial state", func(t *testing.T) { + result := getEventResult[*structs.IndexedServiceList](t, eventCh) + require.Empty(t, result.Services) + }) + + testutil.RunStep(t, "register services", func(t *testing.T) { + publisher.Publish([]stream.Event{ + { + Index: index + 1, + Topic: pbsubscribe.Topic_ServiceList, + Payload: &state.EventPayloadServiceListUpdate{ + Op: pbsubscribe.CatalogOp_Register, + Name: "web", + }, + }, + { + Index: index + 1, + Topic: pbsubscribe.Topic_ServiceList, + Payload: &state.EventPayloadServiceListUpdate{ + Op: pbsubscribe.CatalogOp_Register, + Name: "db", + }, + }, + }) + + result := getEventResult[*structs.IndexedServiceList](t, eventCh) + require.Len(t, result.Services, 2) + + var names []string + for _, service := range result.Services { + names = append(names, service.Name) + } + require.ElementsMatch(t, names, []string{"web", "db"}) + }) + + testutil.RunStep(t, "deregister service", func(t *testing.T) { + publisher.Publish([]stream.Event{ + { + Index: index + 2, + Topic: pbsubscribe.Topic_ServiceList, + Payload: &state.EventPayloadServiceListUpdate{ + Op: pbsubscribe.CatalogOp_Deregister, + Name: "web", + }, + }, + }) + + result := getEventResult[*structs.IndexedServiceList](t, eventCh) + require.Len(t, result.Services, 1) + require.Equal(t, "db", result.Services[0].Name) + }) + }) +} + +func newMockServiceList(t *testing.T) *mockServiceList { + mock := &mockServiceList{} + mock.Mock.Test(t) + + t.Cleanup(func() { mock.AssertExpectations(t) }) + + return mock +} + +type mockServiceList struct { + mock.Mock +} + +func (m *mockServiceList) Notify(ctx context.Context, req *structs.DCSpecificRequest, correlationID string, ch chan<- proxycfg.UpdateEvent) error { + return m.Called(ctx, req, correlationID, ch).Error(0) +} diff --git a/proto/pbsubscribe/subscribe.pb.binary.go b/proto/pbsubscribe/subscribe.pb.binary.go index 7e0e74509..43b7c8f59 100644 --- a/proto/pbsubscribe/subscribe.pb.binary.go +++ b/proto/pbsubscribe/subscribe.pb.binary.go @@ -66,3 +66,13 @@ func (msg *ConfigEntryUpdate) MarshalBinary() ([]byte, error) { func (msg *ConfigEntryUpdate) UnmarshalBinary(b []byte) error { return proto.Unmarshal(b, msg) } + +// MarshalBinary implements encoding.BinaryMarshaler +func (msg *ServiceListUpdate) MarshalBinary() ([]byte, error) { + return proto.Marshal(msg) +} + +// UnmarshalBinary implements encoding.BinaryUnmarshaler +func (msg *ServiceListUpdate) UnmarshalBinary(b []byte) error { + return proto.Unmarshal(b, msg) +} diff --git a/proto/pbsubscribe/subscribe.pb.go b/proto/pbsubscribe/subscribe.pb.go index deb43bad4..5d209df9a 100644 --- a/proto/pbsubscribe/subscribe.pb.go +++ b/proto/pbsubscribe/subscribe.pb.go @@ -16,6 +16,7 @@ package pbsubscribe import ( + pbcommon "github.com/hashicorp/consul/proto/pbcommon" pbconfigentry "github.com/hashicorp/consul/proto/pbconfigentry" pbservice "github.com/hashicorp/consul/proto/pbservice" protoreflect "google.golang.org/protobuf/reflect/protoreflect" @@ -49,6 +50,12 @@ const ( Topic_IngressGateway Topic = 5 // ServiceIntentions topic contains events for changes to service intentions. Topic_ServiceIntentions Topic = 6 + // ServiceList topic contains events about services (not service instances) + // getting registered/deregistered. It can be used to materialize a list of + // the services in the given datacenter. + // + // Note: WildcardSubject is the only supported Subject on this topic. + Topic_ServiceList Topic = 7 ) // Enum value maps for Topic. @@ -61,6 +68,7 @@ var ( 4: "ServiceResolver", 5: "IngressGateway", 6: "ServiceIntentions", + 7: "ServiceList", } Topic_value = map[string]int32{ "Unknown": 0, @@ -70,6 +78,7 @@ var ( "ServiceResolver": 4, "IngressGateway": 5, "ServiceIntentions": 6, + "ServiceList": 7, } ) @@ -467,6 +476,7 @@ type Event struct { // *Event_EventBatch // *Event_ServiceHealth // *Event_ConfigEntry + // *Event_Service Payload isEvent_Payload `protobuf_oneof:"Payload"` } @@ -551,6 +561,13 @@ func (x *Event) GetConfigEntry() *ConfigEntryUpdate { return nil } +func (x *Event) GetService() *ServiceListUpdate { + if x, ok := x.GetPayload().(*Event_Service); ok { + return x.Service + } + return nil +} + type isEvent_Payload interface { isEvent_Payload() } @@ -589,6 +606,11 @@ type Event_ConfigEntry struct { ConfigEntry *ConfigEntryUpdate `protobuf:"bytes,11,opt,name=ConfigEntry,proto3,oneof"` } +type Event_Service struct { + // Service is used for ServiceList topic. + Service *ServiceListUpdate `protobuf:"bytes,12,opt,name=Service,proto3,oneof"` +} + func (*Event_EndOfSnapshot) isEvent_Payload() {} func (*Event_NewSnapshotToFollow) isEvent_Payload() {} @@ -599,6 +621,8 @@ func (*Event_ServiceHealth) isEvent_Payload() {} func (*Event_ConfigEntry) isEvent_Payload() {} +func (*Event_Service) isEvent_Payload() {} + type EventBatch struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -756,121 +780,211 @@ func (x *ConfigEntryUpdate) GetConfigEntry() *pbconfigentry.ConfigEntry { return nil } +type ServiceListUpdate struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Op CatalogOp `protobuf:"varint,1,opt,name=Op,proto3,enum=subscribe.CatalogOp" json:"Op,omitempty"` + Name string `protobuf:"bytes,2,opt,name=Name,proto3" json:"Name,omitempty"` + EnterpriseMeta *pbcommon.EnterpriseMeta `protobuf:"bytes,3,opt,name=EnterpriseMeta,proto3" json:"EnterpriseMeta,omitempty"` + PeerName string `protobuf:"bytes,4,opt,name=PeerName,proto3" json:"PeerName,omitempty"` +} + +func (x *ServiceListUpdate) Reset() { + *x = ServiceListUpdate{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_pbsubscribe_subscribe_proto_msgTypes[6] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ServiceListUpdate) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ServiceListUpdate) ProtoMessage() {} + +func (x *ServiceListUpdate) ProtoReflect() protoreflect.Message { + mi := &file_proto_pbsubscribe_subscribe_proto_msgTypes[6] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ServiceListUpdate.ProtoReflect.Descriptor instead. +func (*ServiceListUpdate) Descriptor() ([]byte, []int) { + return file_proto_pbsubscribe_subscribe_proto_rawDescGZIP(), []int{6} +} + +func (x *ServiceListUpdate) GetOp() CatalogOp { + if x != nil { + return x.Op + } + return CatalogOp_Register +} + +func (x *ServiceListUpdate) GetName() string { + if x != nil { + return x.Name + } + return "" +} + +func (x *ServiceListUpdate) GetEnterpriseMeta() *pbcommon.EnterpriseMeta { + if x != nil { + return x.EnterpriseMeta + } + return nil +} + +func (x *ServiceListUpdate) GetPeerName() string { + if x != nil { + return x.PeerName + } + return "" +} + var File_proto_pbsubscribe_subscribe_proto protoreflect.FileDescriptor var file_proto_pbsubscribe_subscribe_proto_rawDesc = []byte{ 0x0a, 0x21, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x2f, 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x12, 0x09, 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x1a, 0x26, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, - 0x74, 0x72, 0x79, 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1a, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, - 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2f, 0x6e, 0x6f, 0x64, 0x65, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x22, 0x78, 0x0a, 0x0c, 0x4e, 0x61, 0x6d, 0x65, 0x64, 0x53, 0x75, 0x62, 0x6a, 0x65, - 0x63, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x4b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x03, 0x4b, 0x65, 0x79, 0x12, 0x1c, 0x0a, 0x09, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, - 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, + 0x6f, 0x74, 0x6f, 0x12, 0x09, 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x1a, 0x1b, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x63, + 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x26, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, + 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x1a, 0x1a, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x73, 0x65, 0x72, + 0x76, 0x69, 0x63, 0x65, 0x2f, 0x6e, 0x6f, 0x64, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, + 0x78, 0x0a, 0x0c, 0x4e, 0x61, 0x6d, 0x65, 0x64, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, + 0x10, 0x0a, 0x03, 0x4b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x4b, 0x65, + 0x79, 0x12, 0x1c, 0x0a, 0x09, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, + 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1a, 0x0a, + 0x08, 0x50, 0x65, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x08, 0x50, 0x65, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x22, 0xe6, 0x02, 0x0a, 0x10, 0x53, 0x75, + 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x26, + 0x0a, 0x05, 0x54, 0x6f, 0x70, 0x69, 0x63, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x10, 0x2e, + 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x2e, 0x54, 0x6f, 0x70, 0x69, 0x63, 0x52, + 0x05, 0x54, 0x6f, 0x70, 0x69, 0x63, 0x12, 0x10, 0x0a, 0x03, 0x4b, 0x65, 0x79, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x03, 0x4b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x54, 0x6f, 0x6b, 0x65, + 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x14, + 0x0a, 0x05, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x04, 0x20, 0x01, 0x28, 0x04, 0x52, 0x05, 0x49, + 0x6e, 0x64, 0x65, 0x78, 0x12, 0x1e, 0x0a, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, + 0x65, 0x72, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, + 0x6e, 0x74, 0x65, 0x72, 0x12, 0x1c, 0x0a, 0x09, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, + 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, - 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, - 0x12, 0x1a, 0x0a, 0x08, 0x50, 0x65, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x04, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x08, 0x50, 0x65, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x22, 0xe6, 0x02, 0x0a, - 0x10, 0x53, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, - 0x74, 0x12, 0x26, 0x0a, 0x05, 0x54, 0x6f, 0x70, 0x69, 0x63, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, - 0x32, 0x10, 0x2e, 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x2e, 0x54, 0x6f, 0x70, - 0x69, 0x63, 0x52, 0x05, 0x54, 0x6f, 0x70, 0x69, 0x63, 0x12, 0x10, 0x0a, 0x03, 0x4b, 0x65, 0x79, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x4b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x54, - 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x54, 0x6f, 0x6b, 0x65, - 0x6e, 0x12, 0x14, 0x0a, 0x05, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x04, 0x20, 0x01, 0x28, 0x04, - 0x52, 0x05, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x1e, 0x0a, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, - 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x44, 0x61, 0x74, - 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x1c, 0x0a, 0x09, 0x4e, 0x61, 0x6d, 0x65, 0x73, - 0x70, 0x61, 0x63, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x4e, 0x61, 0x6d, 0x65, - 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, - 0x6f, 0x6e, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, - 0x69, 0x6f, 0x6e, 0x12, 0x1a, 0x0a, 0x08, 0x50, 0x65, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18, - 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x50, 0x65, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, - 0x2a, 0x0a, 0x0f, 0x57, 0x69, 0x6c, 0x64, 0x63, 0x61, 0x72, 0x64, 0x53, 0x75, 0x62, 0x6a, 0x65, - 0x63, 0x74, 0x18, 0x09, 0x20, 0x01, 0x28, 0x08, 0x48, 0x00, 0x52, 0x0f, 0x57, 0x69, 0x6c, 0x64, - 0x63, 0x61, 0x72, 0x64, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x3d, 0x0a, 0x0c, 0x4e, - 0x61, 0x6d, 0x65, 0x64, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x0a, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x17, 0x2e, 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x2e, 0x4e, 0x61, - 0x6d, 0x65, 0x64, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x48, 0x00, 0x52, 0x0c, 0x4e, 0x61, - 0x6d, 0x65, 0x64, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x42, 0x09, 0x0a, 0x07, 0x53, 0x75, - 0x62, 0x6a, 0x65, 0x63, 0x74, 0x22, 0xc7, 0x02, 0x0a, 0x05, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x12, - 0x14, 0x0a, 0x05, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x05, - 0x49, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x26, 0x0a, 0x0d, 0x45, 0x6e, 0x64, 0x4f, 0x66, 0x53, 0x6e, - 0x61, 0x70, 0x73, 0x68, 0x6f, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x48, 0x00, 0x52, 0x0d, - 0x45, 0x6e, 0x64, 0x4f, 0x66, 0x53, 0x6e, 0x61, 0x70, 0x73, 0x68, 0x6f, 0x74, 0x12, 0x32, 0x0a, - 0x13, 0x4e, 0x65, 0x77, 0x53, 0x6e, 0x61, 0x70, 0x73, 0x68, 0x6f, 0x74, 0x54, 0x6f, 0x46, 0x6f, - 0x6c, 0x6c, 0x6f, 0x77, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x48, 0x00, 0x52, 0x13, 0x4e, 0x65, + 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, + 0x12, 0x1a, 0x0a, 0x08, 0x50, 0x65, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x08, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x08, 0x50, 0x65, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x2a, 0x0a, 0x0f, + 0x57, 0x69, 0x6c, 0x64, 0x63, 0x61, 0x72, 0x64, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, + 0x09, 0x20, 0x01, 0x28, 0x08, 0x48, 0x00, 0x52, 0x0f, 0x57, 0x69, 0x6c, 0x64, 0x63, 0x61, 0x72, + 0x64, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x3d, 0x0a, 0x0c, 0x4e, 0x61, 0x6d, 0x65, + 0x64, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, + 0x2e, 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x2e, 0x4e, 0x61, 0x6d, 0x65, 0x64, + 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x48, 0x00, 0x52, 0x0c, 0x4e, 0x61, 0x6d, 0x65, 0x64, + 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x42, 0x09, 0x0a, 0x07, 0x53, 0x75, 0x62, 0x6a, 0x65, + 0x63, 0x74, 0x22, 0x81, 0x03, 0x0a, 0x05, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x14, 0x0a, 0x05, + 0x49, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x05, 0x49, 0x6e, 0x64, + 0x65, 0x78, 0x12, 0x26, 0x0a, 0x0d, 0x45, 0x6e, 0x64, 0x4f, 0x66, 0x53, 0x6e, 0x61, 0x70, 0x73, + 0x68, 0x6f, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x48, 0x00, 0x52, 0x0d, 0x45, 0x6e, 0x64, + 0x4f, 0x66, 0x53, 0x6e, 0x61, 0x70, 0x73, 0x68, 0x6f, 0x74, 0x12, 0x32, 0x0a, 0x13, 0x4e, 0x65, 0x77, 0x53, 0x6e, 0x61, 0x70, 0x73, 0x68, 0x6f, 0x74, 0x54, 0x6f, 0x46, 0x6f, 0x6c, 0x6c, 0x6f, - 0x77, 0x12, 0x37, 0x0a, 0x0a, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x42, 0x61, 0x74, 0x63, 0x68, 0x18, - 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, - 0x65, 0x2e, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x42, 0x61, 0x74, 0x63, 0x68, 0x48, 0x00, 0x52, 0x0a, - 0x45, 0x76, 0x65, 0x6e, 0x74, 0x42, 0x61, 0x74, 0x63, 0x68, 0x12, 0x46, 0x0a, 0x0d, 0x53, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x18, 0x0a, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x1e, 0x2e, 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x2e, 0x53, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x55, 0x70, 0x64, 0x61, 0x74, - 0x65, 0x48, 0x00, 0x52, 0x0d, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x48, 0x65, 0x61, 0x6c, - 0x74, 0x68, 0x12, 0x40, 0x0a, 0x0b, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x45, 0x6e, 0x74, 0x72, - 0x79, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, - 0x69, 0x62, 0x65, 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x55, - 0x70, 0x64, 0x61, 0x74, 0x65, 0x48, 0x00, 0x52, 0x0b, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x45, - 0x6e, 0x74, 0x72, 0x79, 0x42, 0x09, 0x0a, 0x07, 0x50, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x22, - 0x36, 0x0a, 0x0a, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x42, 0x61, 0x74, 0x63, 0x68, 0x12, 0x28, 0x0a, - 0x06, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x10, 0x2e, - 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x2e, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x52, - 0x06, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x22, 0x9c, 0x01, 0x0a, 0x13, 0x53, 0x65, 0x72, 0x76, - 0x69, 0x63, 0x65, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x12, - 0x24, 0x0a, 0x02, 0x4f, 0x70, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x14, 0x2e, 0x73, 0x75, - 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x2e, 0x43, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x4f, - 0x70, 0x52, 0x02, 0x4f, 0x70, 0x12, 0x5f, 0x0a, 0x10, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x53, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x4e, 0x6f, 0x64, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x33, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, - 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x73, 0x65, 0x72, 0x76, - 0x69, 0x63, 0x65, 0x2e, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, - 0x4e, 0x6f, 0x64, 0x65, 0x52, 0x10, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x53, 0x65, 0x72, 0x76, 0x69, - 0x63, 0x65, 0x4e, 0x6f, 0x64, 0x65, 0x22, 0xc4, 0x01, 0x0a, 0x11, 0x43, 0x6f, 0x6e, 0x66, 0x69, - 0x67, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x12, 0x35, 0x0a, 0x02, - 0x4f, 0x70, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x25, 0x2e, 0x73, 0x75, 0x62, 0x73, 0x63, - 0x72, 0x69, 0x62, 0x65, 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x45, 0x6e, 0x74, 0x72, 0x79, - 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x4f, 0x70, 0x52, - 0x02, 0x4f, 0x70, 0x12, 0x54, 0x0a, 0x0b, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x45, 0x6e, 0x74, - 0x72, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, - 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, - 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, - 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0b, 0x43, 0x6f, - 0x6e, 0x66, 0x69, 0x67, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x22, 0x22, 0x0a, 0x08, 0x55, 0x70, 0x64, - 0x61, 0x74, 0x65, 0x4f, 0x70, 0x12, 0x0a, 0x0a, 0x06, 0x55, 0x70, 0x73, 0x65, 0x72, 0x74, 0x10, - 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x10, 0x01, 0x2a, 0x91, 0x01, - 0x0a, 0x05, 0x54, 0x6f, 0x70, 0x69, 0x63, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x6e, 0x6b, 0x6e, 0x6f, - 0x77, 0x6e, 0x10, 0x00, 0x12, 0x11, 0x0a, 0x0d, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x48, - 0x65, 0x61, 0x6c, 0x74, 0x68, 0x10, 0x01, 0x12, 0x18, 0x0a, 0x14, 0x53, 0x65, 0x72, 0x76, 0x69, - 0x63, 0x65, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x10, - 0x02, 0x12, 0x0e, 0x0a, 0x0a, 0x4d, 0x65, 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x10, - 0x03, 0x12, 0x13, 0x0a, 0x0f, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x6f, - 0x6c, 0x76, 0x65, 0x72, 0x10, 0x04, 0x12, 0x12, 0x0a, 0x0e, 0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, - 0x73, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x10, 0x05, 0x12, 0x15, 0x0a, 0x11, 0x53, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x10, - 0x06, 0x2a, 0x29, 0x0a, 0x09, 0x43, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x4f, 0x70, 0x12, 0x0c, - 0x0a, 0x08, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x10, 0x00, 0x12, 0x0e, 0x0a, 0x0a, - 0x44, 0x65, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x10, 0x01, 0x32, 0x59, 0x0a, 0x17, - 0x53, 0x74, 0x61, 0x74, 0x65, 0x43, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x53, 0x75, 0x62, 0x73, 0x63, - 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x3e, 0x0a, 0x09, 0x53, 0x75, 0x62, 0x73, 0x63, - 0x72, 0x69, 0x62, 0x65, 0x12, 0x1b, 0x2e, 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, - 0x2e, 0x53, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, - 0x74, 0x1a, 0x10, 0x2e, 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x2e, 0x45, 0x76, - 0x65, 0x6e, 0x74, 0x22, 0x00, 0x30, 0x01, 0x42, 0x92, 0x01, 0x0a, 0x0d, 0x63, 0x6f, 0x6d, 0x2e, - 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x42, 0x0e, 0x53, 0x75, 0x62, 0x73, 0x63, - 0x72, 0x69, 0x62, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2d, 0x67, 0x69, 0x74, - 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, - 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, - 0x62, 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0xa2, 0x02, 0x03, 0x53, 0x58, 0x58, - 0xaa, 0x02, 0x09, 0x53, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0xca, 0x02, 0x09, 0x53, - 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0xe2, 0x02, 0x15, 0x53, 0x75, 0x62, 0x73, 0x63, - 0x72, 0x69, 0x62, 0x65, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, - 0xea, 0x02, 0x09, 0x53, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x62, 0x06, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x33, + 0x77, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x48, 0x00, 0x52, 0x13, 0x4e, 0x65, 0x77, 0x53, 0x6e, + 0x61, 0x70, 0x73, 0x68, 0x6f, 0x74, 0x54, 0x6f, 0x46, 0x6f, 0x6c, 0x6c, 0x6f, 0x77, 0x12, 0x37, + 0x0a, 0x0a, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x42, 0x61, 0x74, 0x63, 0x68, 0x18, 0x04, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x2e, 0x45, + 0x76, 0x65, 0x6e, 0x74, 0x42, 0x61, 0x74, 0x63, 0x68, 0x48, 0x00, 0x52, 0x0a, 0x45, 0x76, 0x65, + 0x6e, 0x74, 0x42, 0x61, 0x74, 0x63, 0x68, 0x12, 0x46, 0x0a, 0x0d, 0x53, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, + 0x2e, 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x48, 0x00, + 0x52, 0x0d, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x12, + 0x40, 0x0a, 0x0b, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x18, 0x0b, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, + 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x55, 0x70, 0x64, 0x61, + 0x74, 0x65, 0x48, 0x00, 0x52, 0x0b, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x45, 0x6e, 0x74, 0x72, + 0x79, 0x12, 0x38, 0x0a, 0x07, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x18, 0x0c, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x2e, 0x53, + 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, + 0x48, 0x00, 0x52, 0x07, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x42, 0x09, 0x0a, 0x07, 0x50, + 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x22, 0x36, 0x0a, 0x0a, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x42, + 0x61, 0x74, 0x63, 0x68, 0x12, 0x28, 0x0a, 0x06, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x01, + 0x20, 0x03, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, + 0x2e, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x52, 0x06, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x22, 0x9c, + 0x01, 0x0a, 0x13, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, + 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x12, 0x24, 0x0a, 0x02, 0x4f, 0x70, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x0e, 0x32, 0x14, 0x2e, 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x2e, 0x43, + 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x4f, 0x70, 0x52, 0x02, 0x4f, 0x70, 0x12, 0x5f, 0x0a, 0x10, + 0x43, 0x68, 0x65, 0x63, 0x6b, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4e, 0x6f, 0x64, 0x65, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x33, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, + 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, + 0x61, 0x6c, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x43, 0x68, 0x65, 0x63, 0x6b, + 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4e, 0x6f, 0x64, 0x65, 0x52, 0x10, 0x43, 0x68, 0x65, + 0x63, 0x6b, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4e, 0x6f, 0x64, 0x65, 0x22, 0xc4, 0x01, + 0x0a, 0x11, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x55, 0x70, 0x64, + 0x61, 0x74, 0x65, 0x12, 0x35, 0x0a, 0x02, 0x4f, 0x70, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, + 0x25, 0x2e, 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x2e, 0x43, 0x6f, 0x6e, 0x66, + 0x69, 0x67, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x2e, 0x55, 0x70, + 0x64, 0x61, 0x74, 0x65, 0x4f, 0x70, 0x52, 0x02, 0x4f, 0x70, 0x12, 0x54, 0x0a, 0x0b, 0x43, 0x6f, + 0x6e, 0x66, 0x69, 0x67, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, + 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, + 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x45, 0x6e, + 0x74, 0x72, 0x79, 0x52, 0x0b, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x45, 0x6e, 0x74, 0x72, 0x79, + 0x22, 0x22, 0x0a, 0x08, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x4f, 0x70, 0x12, 0x0a, 0x0a, 0x06, + 0x55, 0x70, 0x73, 0x65, 0x72, 0x74, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x44, 0x65, 0x6c, 0x65, + 0x74, 0x65, 0x10, 0x01, 0x22, 0xc3, 0x01, 0x0a, 0x11, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, + 0x4c, 0x69, 0x73, 0x74, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x12, 0x24, 0x0a, 0x02, 0x4f, 0x70, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x14, 0x2e, 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, + 0x62, 0x65, 0x2e, 0x43, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x4f, 0x70, 0x52, 0x02, 0x4f, 0x70, + 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, + 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x58, 0x0a, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, + 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, + 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, + 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, + 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x52, 0x0e, + 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x1a, + 0x0a, 0x08, 0x50, 0x65, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x08, 0x50, 0x65, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x2a, 0xa2, 0x01, 0x0a, 0x05, 0x54, + 0x6f, 0x70, 0x69, 0x63, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x6e, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x10, + 0x00, 0x12, 0x11, 0x0a, 0x0d, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x48, 0x65, 0x61, 0x6c, + 0x74, 0x68, 0x10, 0x01, 0x12, 0x18, 0x0a, 0x14, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x48, + 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x10, 0x02, 0x12, 0x0e, + 0x0a, 0x0a, 0x4d, 0x65, 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x10, 0x03, 0x12, 0x13, + 0x0a, 0x0f, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, + 0x72, 0x10, 0x04, 0x12, 0x12, 0x0a, 0x0e, 0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x47, 0x61, + 0x74, 0x65, 0x77, 0x61, 0x79, 0x10, 0x05, 0x12, 0x15, 0x0a, 0x11, 0x53, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x10, 0x06, 0x12, 0x0f, + 0x0a, 0x0b, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x10, 0x07, 0x2a, + 0x29, 0x0a, 0x09, 0x43, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x4f, 0x70, 0x12, 0x0c, 0x0a, 0x08, + 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x10, 0x00, 0x12, 0x0e, 0x0a, 0x0a, 0x44, 0x65, + 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x10, 0x01, 0x32, 0x59, 0x0a, 0x17, 0x53, 0x74, + 0x61, 0x74, 0x65, 0x43, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x53, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, + 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x3e, 0x0a, 0x09, 0x53, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, + 0x62, 0x65, 0x12, 0x1b, 0x2e, 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x2e, 0x53, + 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, + 0x10, 0x2e, 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x2e, 0x45, 0x76, 0x65, 0x6e, + 0x74, 0x22, 0x00, 0x30, 0x01, 0x42, 0x92, 0x01, 0x0a, 0x0d, 0x63, 0x6f, 0x6d, 0x2e, 0x73, 0x75, + 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x42, 0x0e, 0x53, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, + 0x62, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2d, 0x67, 0x69, 0x74, 0x68, 0x75, + 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, + 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x73, + 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0xa2, 0x02, 0x03, 0x53, 0x58, 0x58, 0xaa, 0x02, + 0x09, 0x53, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0xca, 0x02, 0x09, 0x53, 0x75, 0x62, + 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0xe2, 0x02, 0x15, 0x53, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, + 0x62, 0x65, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, + 0x09, 0x53, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x33, } var ( @@ -886,7 +1000,7 @@ func file_proto_pbsubscribe_subscribe_proto_rawDescGZIP() []byte { } var file_proto_pbsubscribe_subscribe_proto_enumTypes = make([]protoimpl.EnumInfo, 3) -var file_proto_pbsubscribe_subscribe_proto_msgTypes = make([]protoimpl.MessageInfo, 6) +var file_proto_pbsubscribe_subscribe_proto_msgTypes = make([]protoimpl.MessageInfo, 7) var file_proto_pbsubscribe_subscribe_proto_goTypes = []interface{}{ (Topic)(0), // 0: subscribe.Topic (CatalogOp)(0), // 1: subscribe.CatalogOp @@ -897,8 +1011,10 @@ var file_proto_pbsubscribe_subscribe_proto_goTypes = []interface{}{ (*EventBatch)(nil), // 6: subscribe.EventBatch (*ServiceHealthUpdate)(nil), // 7: subscribe.ServiceHealthUpdate (*ConfigEntryUpdate)(nil), // 8: subscribe.ConfigEntryUpdate - (*pbservice.CheckServiceNode)(nil), // 9: hashicorp.consul.internal.service.CheckServiceNode - (*pbconfigentry.ConfigEntry)(nil), // 10: hashicorp.consul.internal.configentry.ConfigEntry + (*ServiceListUpdate)(nil), // 9: subscribe.ServiceListUpdate + (*pbservice.CheckServiceNode)(nil), // 10: hashicorp.consul.internal.service.CheckServiceNode + (*pbconfigentry.ConfigEntry)(nil), // 11: hashicorp.consul.internal.configentry.ConfigEntry + (*pbcommon.EnterpriseMeta)(nil), // 12: hashicorp.consul.internal.common.EnterpriseMeta } var file_proto_pbsubscribe_subscribe_proto_depIdxs = []int32{ 0, // 0: subscribe.SubscribeRequest.Topic:type_name -> subscribe.Topic @@ -906,18 +1022,21 @@ var file_proto_pbsubscribe_subscribe_proto_depIdxs = []int32{ 6, // 2: subscribe.Event.EventBatch:type_name -> subscribe.EventBatch 7, // 3: subscribe.Event.ServiceHealth:type_name -> subscribe.ServiceHealthUpdate 8, // 4: subscribe.Event.ConfigEntry:type_name -> subscribe.ConfigEntryUpdate - 5, // 5: subscribe.EventBatch.Events:type_name -> subscribe.Event - 1, // 6: subscribe.ServiceHealthUpdate.Op:type_name -> subscribe.CatalogOp - 9, // 7: subscribe.ServiceHealthUpdate.CheckServiceNode:type_name -> hashicorp.consul.internal.service.CheckServiceNode - 2, // 8: subscribe.ConfigEntryUpdate.Op:type_name -> subscribe.ConfigEntryUpdate.UpdateOp - 10, // 9: subscribe.ConfigEntryUpdate.ConfigEntry:type_name -> hashicorp.consul.internal.configentry.ConfigEntry - 4, // 10: subscribe.StateChangeSubscription.Subscribe:input_type -> subscribe.SubscribeRequest - 5, // 11: subscribe.StateChangeSubscription.Subscribe:output_type -> subscribe.Event - 11, // [11:12] is the sub-list for method output_type - 10, // [10:11] is the sub-list for method input_type - 10, // [10:10] is the sub-list for extension type_name - 10, // [10:10] is the sub-list for extension extendee - 0, // [0:10] is the sub-list for field type_name + 9, // 5: subscribe.Event.Service:type_name -> subscribe.ServiceListUpdate + 5, // 6: subscribe.EventBatch.Events:type_name -> subscribe.Event + 1, // 7: subscribe.ServiceHealthUpdate.Op:type_name -> subscribe.CatalogOp + 10, // 8: subscribe.ServiceHealthUpdate.CheckServiceNode:type_name -> hashicorp.consul.internal.service.CheckServiceNode + 2, // 9: subscribe.ConfigEntryUpdate.Op:type_name -> subscribe.ConfigEntryUpdate.UpdateOp + 11, // 10: subscribe.ConfigEntryUpdate.ConfigEntry:type_name -> hashicorp.consul.internal.configentry.ConfigEntry + 1, // 11: subscribe.ServiceListUpdate.Op:type_name -> subscribe.CatalogOp + 12, // 12: subscribe.ServiceListUpdate.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta + 4, // 13: subscribe.StateChangeSubscription.Subscribe:input_type -> subscribe.SubscribeRequest + 5, // 14: subscribe.StateChangeSubscription.Subscribe:output_type -> subscribe.Event + 14, // [14:15] is the sub-list for method output_type + 13, // [13:14] is the sub-list for method input_type + 13, // [13:13] is the sub-list for extension type_name + 13, // [13:13] is the sub-list for extension extendee + 0, // [0:13] is the sub-list for field type_name } func init() { file_proto_pbsubscribe_subscribe_proto_init() } @@ -998,6 +1117,18 @@ func file_proto_pbsubscribe_subscribe_proto_init() { return nil } } + file_proto_pbsubscribe_subscribe_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ServiceListUpdate); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } } file_proto_pbsubscribe_subscribe_proto_msgTypes[1].OneofWrappers = []interface{}{ (*SubscribeRequest_WildcardSubject)(nil), @@ -1009,6 +1140,7 @@ func file_proto_pbsubscribe_subscribe_proto_init() { (*Event_EventBatch)(nil), (*Event_ServiceHealth)(nil), (*Event_ConfigEntry)(nil), + (*Event_Service)(nil), } type x struct{} out := protoimpl.TypeBuilder{ @@ -1016,7 +1148,7 @@ func file_proto_pbsubscribe_subscribe_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_proto_pbsubscribe_subscribe_proto_rawDesc, NumEnums: 3, - NumMessages: 6, + NumMessages: 7, NumExtensions: 0, NumServices: 1, }, diff --git a/proto/pbsubscribe/subscribe.proto b/proto/pbsubscribe/subscribe.proto index 4f1e092c4..e68a0cecc 100644 --- a/proto/pbsubscribe/subscribe.proto +++ b/proto/pbsubscribe/subscribe.proto @@ -10,6 +10,7 @@ syntax = "proto3"; // compatibility. package subscribe; +import "proto/pbcommon/common.proto"; import "proto/pbconfigentry/config_entry.proto"; import "proto/pbservice/node.proto"; @@ -62,6 +63,13 @@ enum Topic { // ServiceIntentions topic contains events for changes to service intentions. ServiceIntentions = 6; + + // ServiceList topic contains events about services (not service instances) + // getting registered/deregistered. It can be used to materialize a list of + // the services in the given datacenter. + // + // Note: WildcardSubject is the only supported Subject on this topic. + ServiceList = 7; } message NamedSubject { @@ -171,6 +179,9 @@ message Event { // ConfigEntry is used for config entry topics (e.g. MeshConfig). ConfigEntryUpdate ConfigEntry = 11; + + // Service is used for ServiceList topic. + ServiceListUpdate Service = 12; } } @@ -197,3 +208,11 @@ message ConfigEntryUpdate { UpdateOp Op = 1; hashicorp.consul.internal.configentry.ConfigEntry ConfigEntry = 2; } + +message ServiceListUpdate { + CatalogOp Op = 1; + + string Name = 2; + hashicorp.consul.internal.common.EnterpriseMeta EnterpriseMeta = 3; + string PeerName = 4; +} From 70f29942f4d3642f1a6fcf53d367b8bce754bcd7 Mon Sep 17 00:00:00 2001 From: Daniel Upton Date: Tue, 12 Jul 2022 11:37:48 +0100 Subject: [PATCH 745/785] proxycfg-glue: server-local implementation of the `Health` interface This is the OSS portion of enterprise PR 2249. This PR introduces an implementation of the proxycfg.Health interface based on a local materialized view of the health events. It reuses the view and request machinery from agent/rpcclient/health, which made it super straightforward. --- agent/agent.go | 3 +- agent/proxycfg-glue/glue.go | 20 ---- agent/proxycfg-glue/health.go | 82 +++++++++++++++ agent/proxycfg-glue/health_test.go | 149 ++++++++++++++++++++++++++++ agent/rpcclient/health/health.go | 4 +- agent/rpcclient/health/view.go | 16 +-- agent/rpcclient/health/view_test.go | 4 +- 7 files changed, 245 insertions(+), 33 deletions(-) create mode 100644 agent/proxycfg-glue/health.go create mode 100644 agent/proxycfg-glue/health_test.go diff --git a/agent/agent.go b/agent/agent.go index 7aa42e3d9..5aa591f14 100644 --- a/agent/agent.go +++ b/agent/agent.go @@ -4220,7 +4220,7 @@ func (a *Agent) proxyDataSources() proxycfg.DataSources { Datacenters: proxycfgglue.CacheDatacenters(a.cache), FederationStateListMeshGateways: proxycfgglue.CacheFederationStateListMeshGateways(a.cache), GatewayServices: proxycfgglue.CacheGatewayServices(a.cache), - Health: proxycfgglue.Health(a.rpcClientHealth), + Health: proxycfgglue.ClientHealth(a.rpcClientHealth), HTTPChecks: proxycfgglue.CacheHTTPChecks(a.cache), Intentions: proxycfgglue.CacheIntentions(a.cache), IntentionUpstreams: proxycfgglue.CacheIntentionUpstreams(a.cache), @@ -4247,6 +4247,7 @@ func (a *Agent) proxyDataSources() proxycfg.DataSources { sources.ConfigEntry = proxycfgglue.ServerConfigEntry(deps) sources.ConfigEntryList = proxycfgglue.ServerConfigEntryList(deps) sources.CompiledDiscoveryChain = proxycfgglue.ServerCompiledDiscoveryChain(deps, proxycfgglue.CacheCompiledDiscoveryChain(a.cache)) + sources.Health = proxycfgglue.ServerHealth(deps, proxycfgglue.ClientHealth(a.rpcClientHealth)) sources.Intentions = proxycfgglue.ServerIntentions(deps) sources.IntentionUpstreams = proxycfgglue.ServerIntentionUpstreams(deps) sources.ServiceList = proxycfgglue.ServerServiceList(deps, proxycfgglue.CacheServiceList(a.cache)) diff --git a/agent/proxycfg-glue/glue.go b/agent/proxycfg-glue/glue.go index 739cc7f64..e7924010a 100644 --- a/agent/proxycfg-glue/glue.go +++ b/agent/proxycfg-glue/glue.go @@ -12,7 +12,6 @@ import ( "github.com/hashicorp/consul/agent/consul/discoverychain" "github.com/hashicorp/consul/agent/consul/watch" "github.com/hashicorp/consul/agent/proxycfg" - "github.com/hashicorp/consul/agent/rpcclient/health" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/proto/pbpeering" ) @@ -139,25 +138,6 @@ func (c *cacheProxyDataSource[ReqType]) Notify( return c.c.NotifyCallback(ctx, c.t, req, correlationID, dispatchCacheUpdate(ch)) } -// Health wraps health.Client so that the proxycfg package doesn't need to -// reference cache.UpdateEvent directly. -func Health(client *health.Client) proxycfg.Health { - return &healthWrapper{client} -} - -type healthWrapper struct { - client *health.Client -} - -func (h *healthWrapper) Notify( - ctx context.Context, - req *structs.ServiceSpecificRequest, - correlationID string, - ch chan<- proxycfg.UpdateEvent, -) error { - return h.client.Notify(ctx, *req, correlationID, dispatchCacheUpdate(ch)) -} - func dispatchCacheUpdate(ch chan<- proxycfg.UpdateEvent) cache.Callback { return func(ctx context.Context, e cache.UpdateEvent) { u := proxycfg.UpdateEvent{ diff --git a/agent/proxycfg-glue/health.go b/agent/proxycfg-glue/health.go new file mode 100644 index 000000000..331c8012b --- /dev/null +++ b/agent/proxycfg-glue/health.go @@ -0,0 +1,82 @@ +package proxycfgglue + +import ( + "context" + + "github.com/hashicorp/consul/agent/cache" + "github.com/hashicorp/consul/agent/proxycfg" + "github.com/hashicorp/consul/agent/rpcclient/health" + "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/agent/submatview" +) + +// ClientHealth satisfies the proxycfg.Health interface by sourcing data from +// the given health.Client. +func ClientHealth(client *health.Client) proxycfg.Health { + return &clientHealth{client} +} + +type clientHealth struct { + client *health.Client +} + +func (h *clientHealth) Notify( + ctx context.Context, + req *structs.ServiceSpecificRequest, + correlationID string, + ch chan<- proxycfg.UpdateEvent, +) error { + return h.client.Notify(ctx, *req, correlationID, dispatchCacheUpdate(ch)) +} + +// ServerHealth satisfies the proxycfg.Health interface by sourcing data from +// a local materialized view (backed by an EventPublisher subscription). +// +// Requests for services in remote datacenters will be delegated to the given +// remoteSource (i.e. ClientHealth). +func ServerHealth(deps ServerDataSourceDeps, remoteSource proxycfg.Health) proxycfg.Health { + return &serverHealth{deps, remoteSource} +} + +type serverHealth struct { + deps ServerDataSourceDeps + remoteSource proxycfg.Health +} + +func (h *serverHealth) Notify(ctx context.Context, req *structs.ServiceSpecificRequest, correlationID string, ch chan<- proxycfg.UpdateEvent) error { + if req.Datacenter != h.deps.Datacenter { + return h.remoteSource.Notify(ctx, req, correlationID, ch) + } + + return h.deps.ViewStore.NotifyCallback( + ctx, + &healthRequest{h.deps, *req}, + correlationID, + dispatchCacheUpdate(ch), + ) +} + +type healthRequest struct { + deps ServerDataSourceDeps + req structs.ServiceSpecificRequest +} + +func (r *healthRequest) CacheInfo() cache.RequestInfo { return r.req.CacheInfo() } + +func (r *healthRequest) NewMaterializer() (submatview.Materializer, error) { + view, err := health.NewHealthView(r.req) + if err != nil { + return nil, err + } + return submatview.NewLocalMaterializer(submatview.LocalMaterializerDeps{ + Backend: r.deps.EventPublisher, + ACLResolver: r.deps.ACLResolver, + Deps: submatview.Deps{ + View: view, + Logger: r.deps.Logger, + Request: health.NewMaterializerRequest(r.req), + }, + }), nil +} + +func (r *healthRequest) Type() string { return "proxycfgglue.Health" } diff --git a/agent/proxycfg-glue/health_test.go b/agent/proxycfg-glue/health_test.go new file mode 100644 index 000000000..b4e6035ee --- /dev/null +++ b/agent/proxycfg-glue/health_test.go @@ -0,0 +1,149 @@ +package proxycfgglue + +import ( + "context" + "errors" + "testing" + "time" + + "github.com/stretchr/testify/mock" + "github.com/stretchr/testify/require" + + "github.com/hashicorp/consul/acl" + "github.com/hashicorp/consul/agent/consul/state" + "github.com/hashicorp/consul/agent/consul/stream" + "github.com/hashicorp/consul/agent/proxycfg" + "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/agent/submatview" + "github.com/hashicorp/consul/proto/pbsubscribe" + "github.com/hashicorp/consul/sdk/testutil" +) + +func TestServerHealth(t *testing.T) { + t.Run("remote queries are delegated to the remote source", func(t *testing.T) { + var ( + ctx = context.Background() + req = &structs.ServiceSpecificRequest{Datacenter: "dc2"} + correlationID = "correlation-id" + ch = make(chan<- proxycfg.UpdateEvent) + result = errors.New("KABOOM") + ) + + remoteSource := newMockHealth(t) + remoteSource.On("Notify", ctx, req, correlationID, ch).Return(result) + + dataSource := ServerHealth(ServerDataSourceDeps{Datacenter: "dc1"}, remoteSource) + err := dataSource.Notify(ctx, req, correlationID, ch) + require.Equal(t, result, err) + }) + + t.Run("local queries are served from a materialized view", func(t *testing.T) { + // Note: the view is tested more thoroughly in the agent/rpcclient/health + // package, so this is more of a high-level integration test with the local + // materializer. + const ( + index uint64 = 123 + datacenter = "dc1" + serviceName = "web" + ) + + logger := testutil.Logger(t) + + ctx, cancel := context.WithCancel(context.Background()) + t.Cleanup(cancel) + + store := submatview.NewStore(logger) + go store.Run(ctx) + + publisher := stream.NewEventPublisher(10 * time.Second) + publisher.RegisterHandler(pbsubscribe.Topic_ServiceHealth, + func(stream.SubscribeRequest, stream.SnapshotAppender) (uint64, error) { return index, nil }, + true) + go publisher.Run(ctx) + + dataSource := ServerHealth(ServerDataSourceDeps{ + Datacenter: datacenter, + ACLResolver: newStaticResolver(acl.ManageAll()), + ViewStore: store, + EventPublisher: publisher, + Logger: logger, + }, nil) + + eventCh := make(chan proxycfg.UpdateEvent) + require.NoError(t, dataSource.Notify(ctx, &structs.ServiceSpecificRequest{ + Datacenter: datacenter, + ServiceName: serviceName, + }, "", eventCh)) + + testutil.RunStep(t, "initial state", func(t *testing.T) { + result := getEventResult[*structs.IndexedCheckServiceNodes](t, eventCh) + require.Empty(t, result.Nodes) + }) + + testutil.RunStep(t, "register services", func(t *testing.T) { + publisher.Publish([]stream.Event{ + { + Index: index + 1, + Topic: pbsubscribe.Topic_ServiceHealth, + Payload: &state.EventPayloadCheckServiceNode{ + Op: pbsubscribe.CatalogOp_Register, + Value: &structs.CheckServiceNode{ + Node: &structs.Node{Node: "node1"}, + Service: &structs.NodeService{Service: serviceName}, + }, + }, + }, + { + Index: index + 1, + Topic: pbsubscribe.Topic_ServiceHealth, + Payload: &state.EventPayloadCheckServiceNode{ + Op: pbsubscribe.CatalogOp_Register, + Value: &structs.CheckServiceNode{ + Node: &structs.Node{Node: "node2"}, + Service: &structs.NodeService{Service: serviceName}, + }, + }, + }, + }) + + result := getEventResult[*structs.IndexedCheckServiceNodes](t, eventCh) + require.Len(t, result.Nodes, 2) + }) + + testutil.RunStep(t, "deregister service", func(t *testing.T) { + publisher.Publish([]stream.Event{ + { + Index: index + 2, + Topic: pbsubscribe.Topic_ServiceHealth, + Payload: &state.EventPayloadCheckServiceNode{ + Op: pbsubscribe.CatalogOp_Deregister, + Value: &structs.CheckServiceNode{ + Node: &structs.Node{Node: "node2"}, + Service: &structs.NodeService{Service: serviceName}, + }, + }, + }, + }) + + result := getEventResult[*structs.IndexedCheckServiceNodes](t, eventCh) + require.Len(t, result.Nodes, 1) + }) + }) +} + +func newMockHealth(t *testing.T) *mockHealth { + mock := &mockHealth{} + mock.Mock.Test(t) + + t.Cleanup(func() { mock.AssertExpectations(t) }) + + return mock +} + +type mockHealth struct { + mock.Mock +} + +func (m *mockHealth) Notify(ctx context.Context, req *structs.ServiceSpecificRequest, correlationID string, ch chan<- proxycfg.UpdateEvent) error { + return m.Called(ctx, req, correlationID, ch).Error(0) +} diff --git a/agent/rpcclient/health/health.go b/agent/rpcclient/health/health.go index dd4be64ce..a4bdae78a 100644 --- a/agent/rpcclient/health/health.go +++ b/agent/rpcclient/health/health.go @@ -136,14 +136,14 @@ func (r serviceRequest) Type() string { } func (r serviceRequest) NewMaterializer() (submatview.Materializer, error) { - view, err := newHealthView(r.ServiceSpecificRequest) + view, err := NewHealthView(r.ServiceSpecificRequest) if err != nil { return nil, err } deps := submatview.Deps{ View: view, Logger: r.deps.Logger, - Request: newMaterializerRequest(r.ServiceSpecificRequest), + Request: NewMaterializerRequest(r.ServiceSpecificRequest), } return submatview.NewRPCMaterializer(pbsubscribe.NewStateChangeSubscriptionClient(r.deps.Conn), deps), nil diff --git a/agent/rpcclient/health/view.go b/agent/rpcclient/health/view.go index fa591b7b7..fd19cb4a0 100644 --- a/agent/rpcclient/health/view.go +++ b/agent/rpcclient/health/view.go @@ -21,7 +21,7 @@ type MaterializerDeps struct { Logger hclog.Logger } -func newMaterializerRequest(srvReq structs.ServiceSpecificRequest) func(index uint64) *pbsubscribe.SubscribeRequest { +func NewMaterializerRequest(srvReq structs.ServiceSpecificRequest) func(index uint64) *pbsubscribe.SubscribeRequest { return func(index uint64) *pbsubscribe.SubscribeRequest { req := &pbsubscribe.SubscribeRequest{ Topic: pbsubscribe.Topic_ServiceHealth, @@ -44,29 +44,29 @@ func newMaterializerRequest(srvReq structs.ServiceSpecificRequest) func(index ui } } -func newHealthView(req structs.ServiceSpecificRequest) (*healthView, error) { +func NewHealthView(req structs.ServiceSpecificRequest) (*HealthView, error) { fe, err := newFilterEvaluator(req) if err != nil { return nil, err } - return &healthView{ + return &HealthView{ state: make(map[string]structs.CheckServiceNode), filter: fe, }, nil } -// healthView implements submatview.View for storing the view state +// HealthView implements submatview.View for storing the view state // of a service health result. We store it as a map to make updates and // deletions a little easier but we could just store a result type // (IndexedCheckServiceNodes) and update it in place for each event - that // involves re-sorting each time etc. though. -type healthView struct { +type HealthView struct { state map[string]structs.CheckServiceNode filter filterEvaluator } // Update implements View -func (s *healthView) Update(events []*pbsubscribe.Event) error { +func (s *HealthView) Update(events []*pbsubscribe.Event) error { for _, event := range events { serviceHealth := event.GetServiceHealth() if serviceHealth == nil { @@ -181,7 +181,7 @@ func sortCheckServiceNodes(serviceNodes *structs.IndexedCheckServiceNodes) { } // Result returns the structs.IndexedCheckServiceNodes stored by this view. -func (s *healthView) Result(index uint64) interface{} { +func (s *HealthView) Result(index uint64) interface{} { result := structs.IndexedCheckServiceNodes{ Nodes: make(structs.CheckServiceNodes, 0, len(s.state)), QueryMeta: structs.QueryMeta{ @@ -197,7 +197,7 @@ func (s *healthView) Result(index uint64) interface{} { return &result } -func (s *healthView) Reset() { +func (s *HealthView) Reset() { s.state = make(map[string]structs.CheckServiceNode) } diff --git a/agent/rpcclient/health/view_test.go b/agent/rpcclient/health/view_test.go index ddc2afc1a..8fcb50da3 100644 --- a/agent/rpcclient/health/view_test.go +++ b/agent/rpcclient/health/view_test.go @@ -602,14 +602,14 @@ type serviceRequestStub struct { } func (r serviceRequestStub) NewMaterializer() (submatview.Materializer, error) { - view, err := newHealthView(r.ServiceSpecificRequest) + view, err := NewHealthView(r.ServiceSpecificRequest) if err != nil { return nil, err } deps := submatview.Deps{ View: view, Logger: hclog.New(nil), - Request: newMaterializerRequest(r.ServiceSpecificRequest), + Request: NewMaterializerRequest(r.ServiceSpecificRequest), } return submatview.NewRPCMaterializer(r.streamClient, deps), nil } From a280c9a10b6d6688c5d30dd585bb56dbc95c0793 Mon Sep 17 00:00:00 2001 From: Daniel Upton Date: Tue, 12 Jul 2022 11:39:27 +0100 Subject: [PATCH 746/785] proxycfg-glue: server-local implementation of `TrustBundle` and `TrustBundleList` This is the OSS portion of enterprise PR 2250. This PR provides server-local implementations of the proxycfg.TrustBundle and proxycfg.TrustBundleList interfaces, based on local blocking queries. --- agent/agent.go | 2 + agent/proxycfg-glue/glue.go | 16 +-- agent/proxycfg-glue/trust_bundle.go | 103 +++++++++++++++ agent/proxycfg-glue/trust_bundle_test.go | 152 +++++++++++++++++++++++ 4 files changed, 261 insertions(+), 12 deletions(-) create mode 100644 agent/proxycfg-glue/trust_bundle.go create mode 100644 agent/proxycfg-glue/trust_bundle_test.go diff --git a/agent/agent.go b/agent/agent.go index 5aa591f14..4a95732d7 100644 --- a/agent/agent.go +++ b/agent/agent.go @@ -4251,6 +4251,8 @@ func (a *Agent) proxyDataSources() proxycfg.DataSources { sources.Intentions = proxycfgglue.ServerIntentions(deps) sources.IntentionUpstreams = proxycfgglue.ServerIntentionUpstreams(deps) sources.ServiceList = proxycfgglue.ServerServiceList(deps, proxycfgglue.CacheServiceList(a.cache)) + sources.TrustBundle = proxycfgglue.ServerTrustBundle(deps) + sources.TrustBundleList = proxycfgglue.ServerTrustBundleList(deps) } a.fillEnterpriseProxyDataSources(&sources) diff --git a/agent/proxycfg-glue/glue.go b/agent/proxycfg-glue/glue.go index e7924010a..2bfc8d580 100644 --- a/agent/proxycfg-glue/glue.go +++ b/agent/proxycfg-glue/glue.go @@ -10,6 +10,7 @@ import ( cachetype "github.com/hashicorp/consul/agent/cache-types" "github.com/hashicorp/consul/agent/configentry" "github.com/hashicorp/consul/agent/consul/discoverychain" + "github.com/hashicorp/consul/agent/consul/state" "github.com/hashicorp/consul/agent/consul/watch" "github.com/hashicorp/consul/agent/proxycfg" "github.com/hashicorp/consul/agent/structs" @@ -22,6 +23,9 @@ type Store interface { IntentionTopology(ws memdb.WatchSet, target structs.ServiceName, downstreams bool, defaultDecision acl.EnforcementDecision, intentionTarget structs.IntentionTargetType) (uint64, structs.ServiceList, error) ServiceDiscoveryChain(ws memdb.WatchSet, serviceName string, entMeta *acl.EnterpriseMeta, req discoverychain.CompileRequest) (uint64, *structs.CompiledDiscoveryChain, *configentry.DiscoveryChainSet, error) + PeeringTrustBundleRead(ws memdb.WatchSet, q state.Query) (uint64, *pbpeering.PeeringTrustBundle, error) + PeeringTrustBundleList(ws memdb.WatchSet, entMeta acl.EnterpriseMeta) (uint64, []*pbpeering.PeeringTrustBundle, error) + TrustBundleListByService(ws memdb.WatchSet, service, dc string, entMeta acl.EnterpriseMeta) (uint64, []*pbpeering.PeeringTrustBundle, error) } // CacheCARoots satisfies the proxycfg.CARoots interface by sourcing data from @@ -102,18 +106,6 @@ func CacheResolvedServiceConfig(c *cache.Cache) proxycfg.ResolvedServiceConfig { return &cacheProxyDataSource[*structs.ServiceConfigRequest]{c, cachetype.ResolvedServiceConfigName} } -// CacheTrustBundle satisfies the proxycfg.TrustBundle interface by sourcing -// data from the agent cache. -func CacheTrustBundle(c *cache.Cache) proxycfg.TrustBundle { - return &cacheProxyDataSource[*pbpeering.TrustBundleReadRequest]{c, cachetype.TrustBundleReadName} -} - -// CacheTrustBundleList satisfies the proxycfg.TrustBundleList interface by sourcing -// data from the agent cache. -func CacheTrustBundleList(c *cache.Cache) proxycfg.TrustBundleList { - return &cacheProxyDataSource[*pbpeering.TrustBundleListByServiceRequest]{c, cachetype.TrustBundleListName} -} - // CacheExportedPeeredServices satisfies the proxycfg.ExportedPeeredServices // interface by sourcing data from the agent cache. func CacheExportedPeeredServices(c *cache.Cache) proxycfg.ExportedPeeredServices { diff --git a/agent/proxycfg-glue/trust_bundle.go b/agent/proxycfg-glue/trust_bundle.go new file mode 100644 index 000000000..4ce42591b --- /dev/null +++ b/agent/proxycfg-glue/trust_bundle.go @@ -0,0 +1,103 @@ +package proxycfgglue + +import ( + "context" + "errors" + + "github.com/hashicorp/go-memdb" + + "github.com/hashicorp/consul/acl" + "github.com/hashicorp/consul/agent/cache" + cachetype "github.com/hashicorp/consul/agent/cache-types" + "github.com/hashicorp/consul/agent/consul/state" + "github.com/hashicorp/consul/agent/consul/watch" + "github.com/hashicorp/consul/agent/proxycfg" + "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/proto/pbpeering" +) + +// CacheTrustBundle satisfies the proxycfg.TrustBundle interface by sourcing +// data from the agent cache. +func CacheTrustBundle(c *cache.Cache) proxycfg.TrustBundle { + return &cacheProxyDataSource[*pbpeering.TrustBundleReadRequest]{c, cachetype.TrustBundleReadName} +} + +// ServerTrustBundle satisfies the proxycfg.TrustBundle interface by sourcing +// data from a blocking query against the server's state store. +func ServerTrustBundle(deps ServerDataSourceDeps) proxycfg.TrustBundle { + return &serverTrustBundle{deps} +} + +type serverTrustBundle struct { + deps ServerDataSourceDeps +} + +func (s *serverTrustBundle) Notify(ctx context.Context, req *pbpeering.TrustBundleReadRequest, correlationID string, ch chan<- proxycfg.UpdateEvent) error { + // TODO(peering): ACL check. + return watch.ServerLocalNotify(ctx, correlationID, s.deps.GetStore, + func(ws memdb.WatchSet, store Store) (uint64, *pbpeering.TrustBundleReadResponse, error) { + index, bundle, err := store.PeeringTrustBundleRead(ws, state.Query{ + Value: req.Name, + EnterpriseMeta: *structs.NodeEnterpriseMetaInPartition(req.Partition), + }) + if err != nil { + return 0, nil, err + } + return index, &pbpeering.TrustBundleReadResponse{ + Index: index, + Bundle: bundle, + }, nil + }, + dispatchBlockingQueryUpdate[*pbpeering.TrustBundleReadResponse](ch), + ) +} + +// CacheTrustBundleList satisfies the proxycfg.TrustBundleList interface by sourcing +// data from the agent cache. +func CacheTrustBundleList(c *cache.Cache) proxycfg.TrustBundleList { + return &cacheProxyDataSource[*pbpeering.TrustBundleListByServiceRequest]{c, cachetype.TrustBundleListName} +} + +// ServerTrustBundleList satisfies the proxycfg.TrustBundle interface by +// sourcing data from a blocking query against the server's state store. +func ServerTrustBundleList(deps ServerDataSourceDeps) proxycfg.TrustBundleList { + return &serverTrustBundleList{deps} +} + +type serverTrustBundleList struct { + deps ServerDataSourceDeps +} + +func (s *serverTrustBundleList) Notify(ctx context.Context, req *pbpeering.TrustBundleListByServiceRequest, correlationID string, ch chan<- proxycfg.UpdateEvent) error { + entMeta := acl.NewEnterpriseMetaWithPartition(req.Partition, req.Namespace) + + // TODO(peering): ACL check. + return watch.ServerLocalNotify(ctx, correlationID, s.deps.GetStore, + func(ws memdb.WatchSet, store Store) (uint64, *pbpeering.TrustBundleListByServiceResponse, error) { + var ( + index uint64 + bundles []*pbpeering.PeeringTrustBundle + err error + ) + switch { + case req.ServiceName != "": + index, bundles, err = store.TrustBundleListByService(ws, req.ServiceName, s.deps.Datacenter, entMeta) + case req.Kind == string(structs.ServiceKindMeshGateway): + index, bundles, err = store.PeeringTrustBundleList(ws, entMeta) + case req.Kind != "": + err = errors.New("kind must be mesh-gateway if set") + default: + err = errors.New("one of service or kind is required") + } + if err != nil { + return 0, nil, err + } + + return index, &pbpeering.TrustBundleListByServiceResponse{ + Index: index, + Bundles: bundles, + }, nil + }, + dispatchBlockingQueryUpdate[*pbpeering.TrustBundleListByServiceResponse](ch), + ) +} diff --git a/agent/proxycfg-glue/trust_bundle_test.go b/agent/proxycfg-glue/trust_bundle_test.go new file mode 100644 index 000000000..65c343a05 --- /dev/null +++ b/agent/proxycfg-glue/trust_bundle_test.go @@ -0,0 +1,152 @@ +package proxycfgglue + +import ( + "context" + "testing" + + "github.com/stretchr/testify/require" + + "github.com/hashicorp/consul/agent/consul/state" + "github.com/hashicorp/consul/agent/proxycfg" + "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/lib" + "github.com/hashicorp/consul/proto/pbpeering" + "github.com/hashicorp/consul/sdk/testutil" +) + +func TestServerTrustBundle(t *testing.T) { + const ( + index uint64 = 123 + peerName = "peer1" + ) + + store := state.NewStateStore(nil) + + require.NoError(t, store.PeeringTrustBundleWrite(index, &pbpeering.PeeringTrustBundle{ + PeerName: peerName, + TrustDomain: "before.com", + })) + + dataSource := ServerTrustBundle(ServerDataSourceDeps{ + GetStore: func() Store { return store }, + }) + + eventCh := make(chan proxycfg.UpdateEvent) + err := dataSource.Notify(context.Background(), &pbpeering.TrustBundleReadRequest{ + Name: peerName, + }, "", eventCh) + require.NoError(t, err) + + testutil.RunStep(t, "initial state", func(t *testing.T) { + result := getEventResult[*pbpeering.TrustBundleReadResponse](t, eventCh) + require.Equal(t, "before.com", result.Bundle.TrustDomain) + }) + + testutil.RunStep(t, "update trust bundle", func(t *testing.T) { + require.NoError(t, store.PeeringTrustBundleWrite(index+1, &pbpeering.PeeringTrustBundle{ + PeerName: peerName, + TrustDomain: "after.com", + })) + + result := getEventResult[*pbpeering.TrustBundleReadResponse](t, eventCh) + require.Equal(t, "after.com", result.Bundle.TrustDomain) + }) +} + +func TestServerTrustBundleList(t *testing.T) { + const index uint64 = 123 + + t.Run("list by service", func(t *testing.T) { + const ( + serviceName = "web" + us = "default" + them = "peer2" + ) + + store := state.NewStateStore(nil) + require.NoError(t, store.CASetConfig(index, &structs.CAConfiguration{ClusterID: "cluster-id"})) + + testutil.RunStep(t, "export service to peer", func(t *testing.T) { + require.NoError(t, store.PeeringWrite(index, &pbpeering.Peering{ + ID: testUUID(t), + Name: them, + State: pbpeering.PeeringState_ACTIVE, + })) + + require.NoError(t, store.PeeringTrustBundleWrite(index, &pbpeering.PeeringTrustBundle{ + PeerName: them, + })) + + require.NoError(t, store.EnsureConfigEntry(index, &structs.ExportedServicesConfigEntry{ + Name: us, + Services: []structs.ExportedService{ + { + Name: serviceName, + Consumers: []structs.ServiceConsumer{ + {PeerName: them}, + }, + }, + }, + })) + }) + + dataSource := ServerTrustBundleList(ServerDataSourceDeps{ + Datacenter: "dc1", + GetStore: func() Store { return store }, + }) + + eventCh := make(chan proxycfg.UpdateEvent) + err := dataSource.Notify(context.Background(), &pbpeering.TrustBundleListByServiceRequest{ + ServiceName: serviceName, + Partition: us, + }, "", eventCh) + require.NoError(t, err) + + testutil.RunStep(t, "initial state", func(t *testing.T) { + result := getEventResult[*pbpeering.TrustBundleListByServiceResponse](t, eventCh) + require.Len(t, result.Bundles, 1) + }) + + testutil.RunStep(t, "unexport the service", func(t *testing.T) { + require.NoError(t, store.EnsureConfigEntry(index+1, &structs.ExportedServicesConfigEntry{ + Name: us, + Services: []structs.ExportedService{}, + })) + + result := getEventResult[*pbpeering.TrustBundleListByServiceResponse](t, eventCh) + require.Len(t, result.Bundles, 0) + }) + }) + + t.Run("list for mesh gateway", func(t *testing.T) { + store := state.NewStateStore(nil) + require.NoError(t, store.CASetConfig(index, &structs.CAConfiguration{ClusterID: "cluster-id"})) + + require.NoError(t, store.PeeringTrustBundleWrite(index, &pbpeering.PeeringTrustBundle{ + PeerName: "peer1", + })) + require.NoError(t, store.PeeringTrustBundleWrite(index, &pbpeering.PeeringTrustBundle{ + PeerName: "peer2", + })) + + dataSource := ServerTrustBundleList(ServerDataSourceDeps{ + GetStore: func() Store { return store }, + }) + + eventCh := make(chan proxycfg.UpdateEvent) + err := dataSource.Notify(context.Background(), &pbpeering.TrustBundleListByServiceRequest{ + Kind: string(structs.ServiceKindMeshGateway), + Partition: "default", + }, "", eventCh) + require.NoError(t, err) + + result := getEventResult[*pbpeering.TrustBundleListByServiceResponse](t, eventCh) + require.Len(t, result.Bundles, 2) + }) +} + +func testUUID(t *testing.T) string { + v, err := lib.GenerateUUID(nil) + require.NoError(t, err) + return v +} From a5a6102a3b69e74f2fbbdc8317f77abf37d73883 Mon Sep 17 00:00:00 2001 From: Daniel Upton Date: Tue, 12 Jul 2022 11:41:29 +0100 Subject: [PATCH 747/785] proxycfg-glue: server-local implementation of `GatewayServices` This is the OSS portion of enterprise PR 2259. This PR provides a server-local implementation of the proxycfg.GatewayServices interface based on blocking queries. --- agent/agent.go | 1 + agent/proxycfg-glue/gateway_services.go | 63 ++++++++ agent/proxycfg-glue/gateway_services_test.go | 155 +++++++++++++++++++ agent/proxycfg-glue/glue.go | 7 +- agent/proxycfg-glue/helpers_test.go | 14 ++ 5 files changed, 234 insertions(+), 6 deletions(-) create mode 100644 agent/proxycfg-glue/gateway_services.go create mode 100644 agent/proxycfg-glue/gateway_services_test.go diff --git a/agent/agent.go b/agent/agent.go index 4a95732d7..59827e021 100644 --- a/agent/agent.go +++ b/agent/agent.go @@ -4247,6 +4247,7 @@ func (a *Agent) proxyDataSources() proxycfg.DataSources { sources.ConfigEntry = proxycfgglue.ServerConfigEntry(deps) sources.ConfigEntryList = proxycfgglue.ServerConfigEntryList(deps) sources.CompiledDiscoveryChain = proxycfgglue.ServerCompiledDiscoveryChain(deps, proxycfgglue.CacheCompiledDiscoveryChain(a.cache)) + sources.GatewayServices = proxycfgglue.ServerGatewayServices(deps) sources.Health = proxycfgglue.ServerHealth(deps, proxycfgglue.ClientHealth(a.rpcClientHealth)) sources.Intentions = proxycfgglue.ServerIntentions(deps) sources.IntentionUpstreams = proxycfgglue.ServerIntentionUpstreams(deps) diff --git a/agent/proxycfg-glue/gateway_services.go b/agent/proxycfg-glue/gateway_services.go new file mode 100644 index 000000000..8c90f949d --- /dev/null +++ b/agent/proxycfg-glue/gateway_services.go @@ -0,0 +1,63 @@ +package proxycfgglue + +import ( + "context" + + "github.com/hashicorp/go-memdb" + + "github.com/hashicorp/consul/acl" + "github.com/hashicorp/consul/agent/cache" + cachetype "github.com/hashicorp/consul/agent/cache-types" + "github.com/hashicorp/consul/agent/consul/watch" + "github.com/hashicorp/consul/agent/proxycfg" + "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/agent/structs/aclfilter" +) + +// CacheGatewayServices satisfies the proxycfg.GatewayServices interface by +// sourcing data from the agent cache. +func CacheGatewayServices(c *cache.Cache) proxycfg.GatewayServices { + return &cacheProxyDataSource[*structs.ServiceSpecificRequest]{c, cachetype.GatewayServicesName} +} + +// ServerGatewayServices satisfies the proxycfg.GatewayServices interface by +// sourcing data from a blocking query against the server's state store. +func ServerGatewayServices(deps ServerDataSourceDeps) proxycfg.GatewayServices { + return &serverGatewayServices{deps} +} + +type serverGatewayServices struct { + deps ServerDataSourceDeps +} + +func (s *serverGatewayServices) Notify(ctx context.Context, req *structs.ServiceSpecificRequest, correlationID string, ch chan<- proxycfg.UpdateEvent) error { + return watch.ServerLocalNotify(ctx, correlationID, s.deps.GetStore, + func(ws memdb.WatchSet, store Store) (uint64, *structs.IndexedGatewayServices, error) { + var authzContext acl.AuthorizerContext + authz, err := s.deps.ACLResolver.ResolveTokenAndDefaultMeta(req.Token, &req.EnterpriseMeta, &authzContext) + if err != nil { + return 0, nil, err + } + if err := authz.ToAllowAuthorizer().ServiceReadAllowed(req.ServiceName, &authzContext); err != nil { + return 0, nil, err + } + + index, services, err := store.GatewayServices(ws, req.ServiceName, &req.EnterpriseMeta) + if err != nil { + return 0, nil, err + } + + response := &structs.IndexedGatewayServices{ + Services: services, + QueryMeta: structs.QueryMeta{ + Backend: structs.QueryBackendBlocking, + Index: index, + }, + } + aclfilter.New(authz, s.deps.Logger).Filter(response) + + return index, response, nil + }, + dispatchBlockingQueryUpdate[*structs.IndexedGatewayServices](ch), + ) +} diff --git a/agent/proxycfg-glue/gateway_services_test.go b/agent/proxycfg-glue/gateway_services_test.go new file mode 100644 index 000000000..bb20f489d --- /dev/null +++ b/agent/proxycfg-glue/gateway_services_test.go @@ -0,0 +1,155 @@ +package proxycfgglue + +import ( + "context" + "testing" + + "github.com/stretchr/testify/require" + + "github.com/hashicorp/consul/acl" + "github.com/hashicorp/consul/agent/consul/state" + "github.com/hashicorp/consul/agent/proxycfg" + "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/sdk/testutil" +) + +func TestServerGatewayServices(t *testing.T) { + const index uint64 = 123 + + t.Run("ingress gateway", func(t *testing.T) { + store := state.NewStateStore(nil) + + authz := policyAuthorizer(t, ` + service "igw" { policy = "read" } + service "web" { policy = "read" } + service "db" { policy = "read" } + `) + + require.NoError(t, store.EnsureConfigEntry(index, &structs.IngressGatewayConfigEntry{ + Name: "igw", + Listeners: []structs.IngressListener{ + { + Protocol: "tcp", + Services: []structs.IngressService{ + {Name: "web"}, + }, + }, + { + Protocol: "tcp", + Services: []structs.IngressService{ + {Name: "db"}, + }, + }, + { + Protocol: "tcp", + Services: []structs.IngressService{ + {Name: "no-access"}, + }, + }, + }, + })) + + dataSource := ServerGatewayServices(ServerDataSourceDeps{ + ACLResolver: newStaticResolver(authz), + GetStore: func() Store { return store }, + }) + + eventCh := make(chan proxycfg.UpdateEvent) + require.NoError(t, dataSource.Notify(context.Background(), &structs.ServiceSpecificRequest{ServiceName: "igw"}, "", eventCh)) + + testutil.RunStep(t, "initial state", func(t *testing.T) { + result := getEventResult[*structs.IndexedGatewayServices](t, eventCh) + require.Len(t, result.Services, 2) + }) + + testutil.RunStep(t, "remove service mapping", func(t *testing.T) { + require.NoError(t, store.EnsureConfigEntry(index+1, &structs.IngressGatewayConfigEntry{ + Name: "igw", + Listeners: []structs.IngressListener{ + { + Protocol: "tcp", + Services: []structs.IngressService{ + {Name: "web"}, + }, + }, + }, + })) + + result := getEventResult[*structs.IndexedGatewayServices](t, eventCh) + require.Len(t, result.Services, 1) + }) + }) + + t.Run("terminating gateway", func(t *testing.T) { + store := state.NewStateStore(nil) + + authz := policyAuthorizer(t, ` + service "tgw" { policy = "read" } + service "web" { policy = "read" } + service "db" { policy = "read" } + `) + + require.NoError(t, store.EnsureConfigEntry(index, &structs.TerminatingGatewayConfigEntry{ + Name: "tgw", + Services: []structs.LinkedService{ + {Name: "web"}, + {Name: "db"}, + {Name: "no-access"}, + }, + })) + + dataSource := ServerGatewayServices(ServerDataSourceDeps{ + ACLResolver: newStaticResolver(authz), + GetStore: func() Store { return store }, + }) + + eventCh := make(chan proxycfg.UpdateEvent) + require.NoError(t, dataSource.Notify(context.Background(), &structs.ServiceSpecificRequest{ServiceName: "tgw"}, "", eventCh)) + + testutil.RunStep(t, "initial state", func(t *testing.T) { + result := getEventResult[*structs.IndexedGatewayServices](t, eventCh) + require.Len(t, result.Services, 2) + }) + + testutil.RunStep(t, "remove service mapping", func(t *testing.T) { + require.NoError(t, store.EnsureConfigEntry(index+1, &structs.TerminatingGatewayConfigEntry{ + Name: "tgw", + Services: []structs.LinkedService{ + {Name: "web"}, + }, + })) + + result := getEventResult[*structs.IndexedGatewayServices](t, eventCh) + require.Len(t, result.Services, 1) + }) + }) + + t.Run("no access to gateway", func(t *testing.T) { + store := state.NewStateStore(nil) + + authz := policyAuthorizer(t, ` + service "tgw" { policy = "deny" } + service "web" { policy = "read" } + service "db" { policy = "read" } + `) + + require.NoError(t, store.EnsureConfigEntry(index, &structs.TerminatingGatewayConfigEntry{ + Name: "tgw", + Services: []structs.LinkedService{ + {Name: "web"}, + {Name: "db"}, + }, + })) + + dataSource := ServerGatewayServices(ServerDataSourceDeps{ + ACLResolver: newStaticResolver(authz), + GetStore: func() Store { return store }, + }) + + eventCh := make(chan proxycfg.UpdateEvent) + require.NoError(t, dataSource.Notify(context.Background(), &structs.ServiceSpecificRequest{ServiceName: "tgw"}, "", eventCh)) + + err := getEventError(t, eventCh) + require.True(t, acl.IsErrPermissionDenied(err), "expected permission denied error") + }) +} diff --git a/agent/proxycfg-glue/glue.go b/agent/proxycfg-glue/glue.go index 2bfc8d580..9fb064890 100644 --- a/agent/proxycfg-glue/glue.go +++ b/agent/proxycfg-glue/glue.go @@ -21,6 +21,7 @@ import ( type Store interface { watch.StateStore + GatewayServices(ws memdb.WatchSet, gateway string, entMeta *acl.EnterpriseMeta) (uint64, structs.GatewayServices, error) IntentionTopology(ws memdb.WatchSet, target structs.ServiceName, downstreams bool, defaultDecision acl.EnforcementDecision, intentionTarget structs.IntentionTargetType) (uint64, structs.ServiceList, error) ServiceDiscoveryChain(ws memdb.WatchSet, serviceName string, entMeta *acl.EnterpriseMeta, req discoverychain.CompileRequest) (uint64, *structs.CompiledDiscoveryChain, *configentry.DiscoveryChainSet, error) PeeringTrustBundleRead(ws memdb.WatchSet, q state.Query) (uint64, *pbpeering.PeeringTrustBundle, error) @@ -58,12 +59,6 @@ func CacheFederationStateListMeshGateways(c *cache.Cache) proxycfg.FederationSta return &cacheProxyDataSource[*structs.DCSpecificRequest]{c, cachetype.FederationStateListMeshGatewaysName} } -// CacheGatewayServices satisfies the proxycfg.GatewayServices interface by -// sourcing data from the agent cache. -func CacheGatewayServices(c *cache.Cache) proxycfg.GatewayServices { - return &cacheProxyDataSource[*structs.ServiceSpecificRequest]{c, cachetype.GatewayServicesName} -} - // CacheHTTPChecks satisifies the proxycfg.HTTPChecks interface by sourcing // data from the agent cache. func CacheHTTPChecks(c *cache.Cache) proxycfg.HTTPChecks { diff --git a/agent/proxycfg-glue/helpers_test.go b/agent/proxycfg-glue/helpers_test.go index 5528ed4a5..7e3b9078e 100644 --- a/agent/proxycfg-glue/helpers_test.go +++ b/agent/proxycfg-glue/helpers_test.go @@ -32,3 +32,17 @@ func expectNoEvent(t *testing.T, eventCh <-chan proxycfg.UpdateEvent) { case <-time.After(100 * time.Millisecond): } } + +func getEventError(t *testing.T, eventCh <-chan proxycfg.UpdateEvent) error { + t.Helper() + + select { + case event := <-eventCh: + require.Error(t, event.Err) + return event.Err + case <-time.After(100 * time.Millisecond): + t.Fatal("timeout waiting for event") + } + + panic("this should never be reached") +} From 7f69e279269bdff0360ca4341e2b11a48b480ab3 Mon Sep 17 00:00:00 2001 From: Daniel Upton Date: Tue, 12 Jul 2022 11:43:42 +0100 Subject: [PATCH 748/785] proxycfg-glue: server-local implementation of `FederationStateListMeshGateways` This is the OSS portion of enterprise PR 2265. This PR provides a server-local implementation of the proxycfg.FederationStateListMeshGateways interface based on blocking queries. --- agent/agent.go | 1 + .../federation_state_list_mesh_gateways.go | 67 ++++++++++++ ...ederation_state_list_mesh_gateways_test.go | 103 ++++++++++++++++++ agent/proxycfg-glue/glue.go | 7 +- 4 files changed, 172 insertions(+), 6 deletions(-) create mode 100644 agent/proxycfg-glue/federation_state_list_mesh_gateways.go create mode 100644 agent/proxycfg-glue/federation_state_list_mesh_gateways_test.go diff --git a/agent/agent.go b/agent/agent.go index 59827e021..44157a91f 100644 --- a/agent/agent.go +++ b/agent/agent.go @@ -4247,6 +4247,7 @@ func (a *Agent) proxyDataSources() proxycfg.DataSources { sources.ConfigEntry = proxycfgglue.ServerConfigEntry(deps) sources.ConfigEntryList = proxycfgglue.ServerConfigEntryList(deps) sources.CompiledDiscoveryChain = proxycfgglue.ServerCompiledDiscoveryChain(deps, proxycfgglue.CacheCompiledDiscoveryChain(a.cache)) + sources.FederationStateListMeshGateways = proxycfgglue.ServerFederationStateListMeshGateways(deps) sources.GatewayServices = proxycfgglue.ServerGatewayServices(deps) sources.Health = proxycfgglue.ServerHealth(deps, proxycfgglue.ClientHealth(a.rpcClientHealth)) sources.Intentions = proxycfgglue.ServerIntentions(deps) diff --git a/agent/proxycfg-glue/federation_state_list_mesh_gateways.go b/agent/proxycfg-glue/federation_state_list_mesh_gateways.go new file mode 100644 index 000000000..ea3640ad9 --- /dev/null +++ b/agent/proxycfg-glue/federation_state_list_mesh_gateways.go @@ -0,0 +1,67 @@ +package proxycfgglue + +import ( + "context" + + "github.com/hashicorp/go-memdb" + + "github.com/hashicorp/consul/agent/cache" + cachetype "github.com/hashicorp/consul/agent/cache-types" + "github.com/hashicorp/consul/agent/consul/watch" + "github.com/hashicorp/consul/agent/proxycfg" + "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/agent/structs/aclfilter" +) + +// CacheFederationStateListMeshGateways satisfies the proxycfg.FederationStateListMeshGateways +// interface by sourcing data from the agent cache. +func CacheFederationStateListMeshGateways(c *cache.Cache) proxycfg.FederationStateListMeshGateways { + return &cacheProxyDataSource[*structs.DCSpecificRequest]{c, cachetype.FederationStateListMeshGatewaysName} +} + +// ServerFederationStateListMeshGateways satisfies the proxycfg.FederationStateListMeshGateways +// interface by sourcing data from a blocking query against the server's state +// store. +func ServerFederationStateListMeshGateways(deps ServerDataSourceDeps) proxycfg.FederationStateListMeshGateways { + return &serverFederationStateListMeshGateways{deps} +} + +type serverFederationStateListMeshGateways struct { + deps ServerDataSourceDeps +} + +func (s *serverFederationStateListMeshGateways) Notify(ctx context.Context, req *structs.DCSpecificRequest, correlationID string, ch chan<- proxycfg.UpdateEvent) error { + return watch.ServerLocalNotify(ctx, correlationID, s.deps.GetStore, + func(ws memdb.WatchSet, store Store) (uint64, *structs.DatacenterIndexedCheckServiceNodes, error) { + authz, err := s.deps.ACLResolver.ResolveTokenAndDefaultMeta(req.Token, &req.EnterpriseMeta, nil) + if err != nil { + return 0, nil, err + } + + index, fedStates, err := store.FederationStateList(ws) + if err != nil { + return 0, nil, err + } + + results := make(map[string]structs.CheckServiceNodes) + for _, fs := range fedStates { + if gws := fs.MeshGateways; len(gws) != 0 { + // Shallow clone to prevent ACL filtering manipulating the slice in memdb. + results[fs.Datacenter] = gws.ShallowClone() + } + } + + rsp := &structs.DatacenterIndexedCheckServiceNodes{ + DatacenterNodes: results, + QueryMeta: structs.QueryMeta{ + Index: index, + Backend: structs.QueryBackendBlocking, + }, + } + aclfilter.New(authz, s.deps.Logger).Filter(rsp) + + return index, rsp, nil + }, + dispatchBlockingQueryUpdate[*structs.DatacenterIndexedCheckServiceNodes](ch), + ) +} diff --git a/agent/proxycfg-glue/federation_state_list_mesh_gateways_test.go b/agent/proxycfg-glue/federation_state_list_mesh_gateways_test.go new file mode 100644 index 000000000..5c716d24c --- /dev/null +++ b/agent/proxycfg-glue/federation_state_list_mesh_gateways_test.go @@ -0,0 +1,103 @@ +package proxycfgglue + +import ( + "context" + "testing" + + "github.com/stretchr/testify/require" + + "github.com/hashicorp/consul/agent/consul/state" + "github.com/hashicorp/consul/agent/proxycfg" + "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/sdk/testutil" +) + +func TestServerFederationStateListMeshGateways(t *testing.T) { + const index uint64 = 123 + + store := state.NewStateStore(nil) + + authz := policyAuthorizer(t, ` + service_prefix "dc2-" { policy = "read" } + node_prefix "dc2-" { policy = "read" } + + service_prefix "dc3-" { policy = "read" } + node_prefix "dc3-" { policy = "read" } + `) + + require.NoError(t, store.FederationStateSet(index, &structs.FederationState{ + Datacenter: "dc2", + MeshGateways: structs.CheckServiceNodes{ + { + Service: &structs.NodeService{Service: "dc2-gw1"}, + Node: &structs.Node{Node: "dc2-gw1"}, + }, + }, + })) + + // No access to this DC, we shouldn't see it in results. + require.NoError(t, store.FederationStateSet(index, &structs.FederationState{ + Datacenter: "dc4", + MeshGateways: structs.CheckServiceNodes{ + { + Service: &structs.NodeService{Service: "dc4-gw1"}, + Node: &structs.Node{Node: "dc4-gw1"}, + }, + }, + })) + + dataSource := ServerFederationStateListMeshGateways(ServerDataSourceDeps{ + ACLResolver: newStaticResolver(authz), + GetStore: func() Store { return store }, + }) + + eventCh := make(chan proxycfg.UpdateEvent) + require.NoError(t, dataSource.Notify(context.Background(), &structs.DCSpecificRequest{Datacenter: "dc1"}, "", eventCh)) + + testutil.RunStep(t, "initial state", func(t *testing.T) { + result := getEventResult[*structs.DatacenterIndexedCheckServiceNodes](t, eventCh) + require.Equal(t, map[string]structs.CheckServiceNodes{ + "dc2": { + { + Service: &structs.NodeService{Service: "dc2-gw1"}, + Node: &structs.Node{Node: "dc2-gw1"}, + }, + }, + }, result.DatacenterNodes) + }) + + testutil.RunStep(t, "add new datacenter", func(t *testing.T) { + require.NoError(t, store.FederationStateSet(index+1, &structs.FederationState{ + Datacenter: "dc3", + MeshGateways: structs.CheckServiceNodes{ + { + Service: &structs.NodeService{Service: "dc3-gw1"}, + Node: &structs.Node{Node: "dc3-gw1"}, + }, + }, + })) + + result := getEventResult[*structs.DatacenterIndexedCheckServiceNodes](t, eventCh) + require.Equal(t, map[string]structs.CheckServiceNodes{ + "dc2": { + { + Service: &structs.NodeService{Service: "dc2-gw1"}, + Node: &structs.Node{Node: "dc2-gw1"}, + }, + }, + "dc3": { + { + Service: &structs.NodeService{Service: "dc3-gw1"}, + Node: &structs.Node{Node: "dc3-gw1"}, + }, + }, + }, result.DatacenterNodes) + }) + + testutil.RunStep(t, "delete datacenter", func(t *testing.T) { + require.NoError(t, store.FederationStateDelete(index+2, "dc3")) + + result := getEventResult[*structs.DatacenterIndexedCheckServiceNodes](t, eventCh) + require.NotContains(t, result.DatacenterNodes, "dc3") + }) +} diff --git a/agent/proxycfg-glue/glue.go b/agent/proxycfg-glue/glue.go index 9fb064890..06798939b 100644 --- a/agent/proxycfg-glue/glue.go +++ b/agent/proxycfg-glue/glue.go @@ -21,6 +21,7 @@ import ( type Store interface { watch.StateStore + FederationStateList(ws memdb.WatchSet) (uint64, []*structs.FederationState, error) GatewayServices(ws memdb.WatchSet, gateway string, entMeta *acl.EnterpriseMeta) (uint64, structs.GatewayServices, error) IntentionTopology(ws memdb.WatchSet, target structs.ServiceName, downstreams bool, defaultDecision acl.EnforcementDecision, intentionTarget structs.IntentionTargetType) (uint64, structs.ServiceList, error) ServiceDiscoveryChain(ws memdb.WatchSet, serviceName string, entMeta *acl.EnterpriseMeta, req discoverychain.CompileRequest) (uint64, *structs.CompiledDiscoveryChain, *configentry.DiscoveryChainSet, error) @@ -53,12 +54,6 @@ func CacheDatacenters(c *cache.Cache) proxycfg.Datacenters { return &cacheProxyDataSource[*structs.DatacentersRequest]{c, cachetype.CatalogDatacentersName} } -// CacheFederationStateListMeshGateways satisfies the proxycfg.FederationStateListMeshGateways -// interface by sourcing data from the agent cache. -func CacheFederationStateListMeshGateways(c *cache.Cache) proxycfg.FederationStateListMeshGateways { - return &cacheProxyDataSource[*structs.DCSpecificRequest]{c, cachetype.FederationStateListMeshGatewaysName} -} - // CacheHTTPChecks satisifies the proxycfg.HTTPChecks interface by sourcing // data from the agent cache. func CacheHTTPChecks(c *cache.Cache) proxycfg.HTTPChecks { From ac4ac1b0627d1e06bc2b4c2bf5969e8174df9afb Mon Sep 17 00:00:00 2001 From: Daniel Upton Date: Tue, 12 Jul 2022 11:50:48 +0100 Subject: [PATCH 749/785] Changelog entry --- .changelog/13722.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 .changelog/13722.txt diff --git a/.changelog/13722.txt b/.changelog/13722.txt new file mode 100644 index 000000000..2cf90aa37 --- /dev/null +++ b/.changelog/13722.txt @@ -0,0 +1,3 @@ +```release-note:feature +streaming: Added topic that can be used to consume updates about the list of services in a datacenter +``` From 8b9a1263864a0b902a77d8e7dc2b0df473df5222 Mon Sep 17 00:00:00 2001 From: Michael Klein Date: Thu, 14 Jul 2022 20:32:53 +0200 Subject: [PATCH 750/785] ui: remove with-peers query param (#13756) * Don't request nodes/services `with-peers` anymore This will be automatic - no need for the query-param anymore. * Return peering data based on feature flag mock-api services/nodes * Update tests to reflect removed with-peers query-param * setup cookie for turning peer feature flag on in mock-api in testing * Add missing `S` for renamed PEERING feature-flag cookie --- ui/packages/consul-ui/app/adapters/node.js | 14 -------------- ui/packages/consul-ui/app/adapters/service.js | 14 -------------- .../consul-ui/mock-api/v1/internal/ui/nodes | 2 +- .../consul-ui/mock-api/v1/internal/ui/services | 2 +- .../acceptance/dc/intentions/navigation.feature | 2 +- .../tests/acceptance/dc/nodes/index.feature | 2 +- .../tests/acceptance/dc/services/list.feature | 2 +- .../tests/acceptance/page-navigation.feature | 2 +- .../tests/acceptance/token-header.feature | 4 ++-- ui/packages/consul-ui/tests/helpers/set-cookies.js | 3 +++ .../tests/integration/adapters/node-test.js | 2 +- .../tests/integration/adapters/service-test.js | 2 +- 12 files changed, 13 insertions(+), 38 deletions(-) diff --git a/ui/packages/consul-ui/app/adapters/node.js b/ui/packages/consul-ui/app/adapters/node.js index 6e30108c7..de3f3c295 100644 --- a/ui/packages/consul-ui/app/adapters/node.js +++ b/ui/packages/consul-ui/app/adapters/node.js @@ -1,5 +1,4 @@ import Adapter from './application'; -import { inject as service } from '@ember/service'; // TODO: Update to use this.formatDatacenter() @@ -11,25 +10,12 @@ import { inject as service } from '@ember/service'; // to the node. export default class NodeAdapter extends Adapter { - @service abilities; - - get peeringQuery() { - const query = {}; - - if (this.abilities.can('use peers')) { - query['with-peers'] = true; - } - - return query; - } - requestForQuery(request, { dc, ns, partition, index, id, uri }) { return request` GET /v1/internal/ui/nodes?${{ dc }} X-Request-ID: ${uri} ${{ - ...this.peeringQuery, ns, partition, index, diff --git a/ui/packages/consul-ui/app/adapters/service.js b/ui/packages/consul-ui/app/adapters/service.js index 7507c41b6..ea69f0927 100644 --- a/ui/packages/consul-ui/app/adapters/service.js +++ b/ui/packages/consul-ui/app/adapters/service.js @@ -1,19 +1,6 @@ import Adapter from './application'; -import { inject as service } from '@ember/service'; export default class ServiceAdapter extends Adapter { - @service abilities; - - get peeringQuery() { - const query = {}; - - if (this.abilities.can('use peers')) { - query['with-peers'] = true; - } - - return query; - } - requestForQuery(request, { dc, ns, partition, index, gateway, uri }) { if (typeof gateway !== 'undefined') { return request` @@ -33,7 +20,6 @@ export default class ServiceAdapter extends Adapter { X-Request-ID: ${uri} ${{ - ...this.peeringQuery, ns, partition, index, diff --git a/ui/packages/consul-ui/mock-api/v1/internal/ui/nodes b/ui/packages/consul-ui/mock-api/v1/internal/ui/nodes index 30557b643..8b63b7997 100644 --- a/ui/packages/consul-ui/mock-api/v1/internal/ui/nodes +++ b/ui/packages/consul-ui/mock-api/v1/internal/ui/nodes @@ -17,7 +17,7 @@ { "ID":"${fake.random.uuid()}", "Node":"node-${i}", - ${location.search["with-peers"] ? peerNameString : ''} + ${env('CONSUL_PEERINGS_ENABLE') ? peerNameString : ''} "Address":"${fake.internet.ip()}", "TaggedAddresses":{ "lan":"${fake.internet.ip()}", diff --git a/ui/packages/consul-ui/mock-api/v1/internal/ui/services b/ui/packages/consul-ui/mock-api/v1/internal/ui/services index a9d0c98cc..1a4a73250 100644 --- a/ui/packages/consul-ui/mock-api/v1/internal/ui/services +++ b/ui/packages/consul-ui/mock-api/v1/internal/ui/services @@ -53,7 +53,7 @@ ${typeof location.search.ns !== 'undefined' ? ` ${typeof location.search.partition !== 'undefined' ? ` "Partition": "${fake.helpers.randomize([env('CONSUL_PARTITION_EXPORTER', location.search.partition), location.search.partition])}", ` : ``} - ${location.search['with-peers'] ? peerNameString : ''} + ${env('CONSUL_PEERINGS_ENABLE') ? peerNameString : ''} "Tags": [ ${ range( diff --git a/ui/packages/consul-ui/tests/acceptance/dc/intentions/navigation.feature b/ui/packages/consul-ui/tests/acceptance/dc/intentions/navigation.feature index 8c749634d..4b1bd2318 100644 --- a/ui/packages/consul-ui/tests/acceptance/dc/intentions/navigation.feature +++ b/ui/packages/consul-ui/tests/acceptance/dc/intentions/navigation.feature @@ -27,7 +27,7 @@ Feature: dc / intentions / navigation ID: 755b72bd-f5ab-4c92-90cc-bed0e7d8e9f0 --- When I click intention on the intentionList.intentions component - Then a GET request was made to "/v1/internal/ui/services?dc=dc-1&with-peers=true&ns=*" + Then a GET request was made to "/v1/internal/ui/services?dc=dc-1&ns=*" And I click "[data-test-back]" Then the url should be /dc-1/intentions Scenario: Clicking the create button and back again diff --git a/ui/packages/consul-ui/tests/acceptance/dc/nodes/index.feature b/ui/packages/consul-ui/tests/acceptance/dc/nodes/index.feature index a56758958..735c222e9 100644 --- a/ui/packages/consul-ui/tests/acceptance/dc/nodes/index.feature +++ b/ui/packages/consul-ui/tests/acceptance/dc/nodes/index.feature @@ -45,7 +45,7 @@ Feature: dc / nodes / index --- Then the url should be /dc-1/nodes And the title should be "Nodes - Consul" - And a GET request was made to "/v1/internal/ui/nodes?dc=dc-1&with-peers=true&ns=@namespace" + And a GET request was made to "/v1/internal/ui/nodes?dc=dc-1&ns=@namespace" Then I see 3 node models Scenario: Seeing the leader in node listing Given 3 node models from yaml diff --git a/ui/packages/consul-ui/tests/acceptance/dc/services/list.feature b/ui/packages/consul-ui/tests/acceptance/dc/services/list.feature index fe1682d25..60f6ed4b8 100644 --- a/ui/packages/consul-ui/tests/acceptance/dc/services/list.feature +++ b/ui/packages/consul-ui/tests/acceptance/dc/services/list.feature @@ -16,7 +16,7 @@ Feature: dc / services / list dc: dc-1 --- Then the url should be /dc-1/services - And a GET request was made to "/v1/internal/ui/services?dc=dc-1&with-peers=true&ns=@namespace" + And a GET request was made to "/v1/internal/ui/services?dc=dc-1&ns=@namespace" Then I see 3 service models diff --git a/ui/packages/consul-ui/tests/acceptance/page-navigation.feature b/ui/packages/consul-ui/tests/acceptance/page-navigation.feature index 62d259c76..3c064b1de 100644 --- a/ui/packages/consul-ui/tests/acceptance/page-navigation.feature +++ b/ui/packages/consul-ui/tests/acceptance/page-navigation.feature @@ -22,7 +22,7 @@ Feature: page-navigation Where: --------------------------------------------------------------------------------------------------- | Link | URL | Endpoint | - | nodes | /dc1/nodes | /v1/internal/ui/nodes?dc=dc1&with-peers=true&ns=@namespace | + | nodes | /dc1/nodes | /v1/internal/ui/nodes?dc=dc1&ns=@namespace | # FIXME # | kvs | /dc1/kv | /v1/kv/?keys&dc=dc1&separator=%2F&ns=@namespace | | tokens | /dc1/acls/tokens | /v1/acl/tokens?dc=dc1&ns=@namespace | diff --git a/ui/packages/consul-ui/tests/acceptance/token-header.feature b/ui/packages/consul-ui/tests/acceptance/token-header.feature index 948611441..4fd73cd62 100644 --- a/ui/packages/consul-ui/tests/acceptance/token-header.feature +++ b/ui/packages/consul-ui/tests/acceptance/token-header.feature @@ -11,7 +11,7 @@ Feature: token-header dc: dc1 --- Then the url should be /dc1/services - And a GET request was made to "/v1/internal/ui/services?dc=dc1&with-peers=true&ns=@namespace" from yaml + And a GET request was made to "/v1/internal/ui/services?dc=dc1&ns=@namespace" from yaml --- headers: X-Consul-Token: '' @@ -35,7 +35,7 @@ Feature: token-header dc: dc1 --- Then the url should be /dc1/services - And a GET request was made to "/v1/internal/ui/services?dc=dc1&with-peers=true&ns=@namespace" from yaml + And a GET request was made to "/v1/internal/ui/services?dc=dc1&ns=@namespace" from yaml --- headers: X-Consul-Token: [Token] diff --git a/ui/packages/consul-ui/tests/helpers/set-cookies.js b/ui/packages/consul-ui/tests/helpers/set-cookies.js index 053bd9090..1a02c4a10 100644 --- a/ui/packages/consul-ui/tests/helpers/set-cookies.js +++ b/ui/packages/consul-ui/tests/helpers/set-cookies.js @@ -5,6 +5,9 @@ export default function(type, value, doc = document) { if (!doc.cookie.includes('CONSUL_ACLS_ENABLE=0')) { obj['CONSUL_ACLS_ENABLE'] = 1; } + if (!doc.cookie.includes('CONSUL_PEERINGS_ENABLE=0')) { + obj['CONSUL_PEERINGS_ENABLE'] = 1; + } switch (type) { case 'dc': key = 'CONSUL_DATACENTER_COUNT'; diff --git a/ui/packages/consul-ui/tests/integration/adapters/node-test.js b/ui/packages/consul-ui/tests/integration/adapters/node-test.js index 5904fb3f5..32f1e8eac 100644 --- a/ui/packages/consul-ui/tests/integration/adapters/node-test.js +++ b/ui/packages/consul-ui/tests/integration/adapters/node-test.js @@ -14,7 +14,7 @@ module('Integration | Adapter | node', function(hooks) { const adapter = this.owner.lookup('adapter:node'); const client = this.owner.lookup('service:client/http'); const request = client.requestParams.bind(client); - const expected = `GET /v1/internal/ui/nodes?dc=${dc}&with-peers=true${ + const expected = `GET /v1/internal/ui/nodes?dc=${dc}${ shouldHaveNspace(nspace) ? `&ns=${nspace}` : `` }`; const actual = adapter.requestForQuery(request, { diff --git a/ui/packages/consul-ui/tests/integration/adapters/service-test.js b/ui/packages/consul-ui/tests/integration/adapters/service-test.js index 853ecbff8..adf46258d 100644 --- a/ui/packages/consul-ui/tests/integration/adapters/service-test.js +++ b/ui/packages/consul-ui/tests/integration/adapters/service-test.js @@ -14,7 +14,7 @@ module('Integration | Adapter | service', function(hooks) { const adapter = this.owner.lookup('adapter:service'); const client = this.owner.lookup('service:client/http'); const request = client.requestParams.bind(client); - const expected = `GET /v1/internal/ui/services?dc=${dc}&with-peers=true${ + const expected = `GET /v1/internal/ui/services?dc=${dc}${ shouldHaveNspace(nspace) ? `&ns=${nspace}` : `` }`; let actual = adapter.requestForQuery(request, { From 084f9d708420682254c9cdf7ca8d2444be3e73ad Mon Sep 17 00:00:00 2001 From: Dan Stough Date: Thu, 14 Jul 2022 14:45:51 -0400 Subject: [PATCH 751/785] feat: connect proxy xDS for destinations Signed-off-by: Dhia Ayachi --- agent/agent.go | 4 + agent/cache-types/service_gateways.go | 52 ++ agent/cache-types/service_gateways_test.go | 57 +++ agent/consul/internal_endpoint.go | 50 ++ agent/consul/internal_endpoint_test.go | 476 ++++++++++++++++++ agent/consul/state/catalog.go | 21 +- agent/consul/state/catalog_test.go | 395 +++++++++++++++ agent/proxycfg-glue/glue.go | 12 + agent/proxycfg/connect_proxy.go | 88 ++++ agent/proxycfg/data_sources.go | 21 +- agent/proxycfg/internal/watch/watchmap.go | 15 + .../proxycfg/internal/watch/watchmap_test.go | 41 ++ agent/proxycfg/manager_test.go | 4 + agent/proxycfg/snapshot.go | 5 + agent/proxycfg/state.go | 3 + agent/proxycfg/state_test.go | 217 +++++++- agent/proxycfg/testing.go | 43 +- agent/proxycfg/testing_terminating_gateway.go | 60 ++- agent/proxycfg/testing_tproxy.go | 115 +++++ agent/xds/clusters.go | 195 ++++--- agent/xds/clusters_test.go | 6 - agent/xds/endpoints.go | 19 +- agent/xds/listeners.go | 204 ++++---- agent/xds/listeners_test.go | 6 - agent/xds/rbac.go | 14 +- agent/xds/resources_test.go | 16 + agent/xds/routes.go | 105 ++-- ...ransparent-proxy-destination.latest.golden | 255 ++++++++++ ...ng-gateway-destinations-only.latest.golden | 105 +++- ...ransparent-proxy-destination.latest.golden | 119 +++++ ...ng-gateway-destinations-only.latest.golden | 5 + ...ransparent-proxy-destination.latest.golden | 185 +++++++ ...roxy-dial-instances-directly.latest.golden | 24 +- ...nsparent-proxy-http-upstream.latest.golden | 24 +- ...ng-gateway-destinations-only.latest.golden | 202 +++++++- .../listeners/transparent-proxy.latest.golden | 24 +- ...ransparent-proxy-destination.latest.golden | 5 + ...ng-gateway-destinations-only.latest.golden | 53 ++ 38 files changed, 2897 insertions(+), 348 deletions(-) create mode 100644 agent/cache-types/service_gateways.go create mode 100644 agent/cache-types/service_gateways_test.go create mode 100644 agent/xds/testdata/clusters/transparent-proxy-destination.latest.golden create mode 100644 agent/xds/testdata/endpoints/transparent-proxy-destination.latest.golden create mode 100644 agent/xds/testdata/endpoints/transparent-proxy-terminating-gateway-destinations-only.latest.golden create mode 100644 agent/xds/testdata/listeners/transparent-proxy-destination.latest.golden create mode 100644 agent/xds/testdata/routes/transparent-proxy-destination.latest.golden create mode 100644 agent/xds/testdata/routes/transparent-proxy-terminating-gateway-destinations-only.latest.golden diff --git a/agent/agent.go b/agent/agent.go index 44157a91f..5412436e5 100644 --- a/agent/agent.go +++ b/agent/agent.go @@ -4075,6 +4075,7 @@ func (a *Agent) registerCache() { a.cache.RegisterType(cachetype.IntentionMatchName, &cachetype.IntentionMatch{RPC: a}) a.cache.RegisterType(cachetype.IntentionUpstreamsName, &cachetype.IntentionUpstreams{RPC: a}) + a.cache.RegisterType(cachetype.IntentionUpstreamsDestinationName, &cachetype.IntentionUpstreamsDestination{RPC: a}) a.cache.RegisterType(cachetype.CatalogServicesName, &cachetype.CatalogServices{RPC: a}) @@ -4097,6 +4098,7 @@ func (a *Agent) registerCache() { a.cache.RegisterType(cachetype.CompiledDiscoveryChainName, &cachetype.CompiledDiscoveryChain{RPC: a}) a.cache.RegisterType(cachetype.GatewayServicesName, &cachetype.GatewayServices{RPC: a}) + a.cache.RegisterType(cachetype.ServiceGatewaysName, &cachetype.ServiceGateways{RPC: a}) a.cache.RegisterType(cachetype.ConfigEntryListName, &cachetype.ConfigEntryList{RPC: a}) @@ -4220,10 +4222,12 @@ func (a *Agent) proxyDataSources() proxycfg.DataSources { Datacenters: proxycfgglue.CacheDatacenters(a.cache), FederationStateListMeshGateways: proxycfgglue.CacheFederationStateListMeshGateways(a.cache), GatewayServices: proxycfgglue.CacheGatewayServices(a.cache), + ServiceGateways: proxycfgglue.CacheServiceGateways(a.cache), Health: proxycfgglue.ClientHealth(a.rpcClientHealth), HTTPChecks: proxycfgglue.CacheHTTPChecks(a.cache), Intentions: proxycfgglue.CacheIntentions(a.cache), IntentionUpstreams: proxycfgglue.CacheIntentionUpstreams(a.cache), + IntentionUpstreamsDestination: proxycfgglue.CacheIntentionUpstreamsDestination(a.cache), InternalServiceDump: proxycfgglue.CacheInternalServiceDump(a.cache), LeafCertificate: proxycfgglue.CacheLeafCertificate(a.cache), PeeredUpstreams: proxycfgglue.CachePeeredUpstreams(a.cache), diff --git a/agent/cache-types/service_gateways.go b/agent/cache-types/service_gateways.go new file mode 100644 index 000000000..1c7a8e855 --- /dev/null +++ b/agent/cache-types/service_gateways.go @@ -0,0 +1,52 @@ +package cachetype + +import ( + "fmt" + + "github.com/hashicorp/consul/agent/cache" + "github.com/hashicorp/consul/agent/structs" +) + +// Recommended name for registration. +const ServiceGatewaysName = "service-gateways" + +// GatewayUpstreams supports fetching upstreams for a given gateway name. +type ServiceGateways struct { + RegisterOptionsBlockingRefresh + RPC RPC +} + +func (g *ServiceGateways) Fetch(opts cache.FetchOptions, req cache.Request) (cache.FetchResult, error) { + var result cache.FetchResult + + // The request should be a ServiceSpecificRequest. + reqReal, ok := req.(*structs.ServiceSpecificRequest) + if !ok { + return result, fmt.Errorf( + "Internal cache failure: request wrong type: %T", req) + } + + // Lightweight copy this object so that manipulating QueryOptions doesn't race. + dup := *reqReal + reqReal = &dup + + // Set the minimum query index to our current index so we block + reqReal.QueryOptions.MinQueryIndex = opts.MinIndex + reqReal.QueryOptions.MaxQueryTime = opts.Timeout + + // Always allow stale - there's no point in hitting leader if the request is + // going to be served from cache and end up arbitrarily stale anyway. This + // allows cached service-discover to automatically read scale across all + // servers too. + reqReal.AllowStale = true + + // Fetch + var reply structs.IndexedCheckServiceNodes + if err := g.RPC.RPC("Internal.ServiceGateways", reqReal, &reply); err != nil { + return result, err + } + + result.Value = &reply + result.Index = reply.QueryMeta.Index + return result, nil +} diff --git a/agent/cache-types/service_gateways_test.go b/agent/cache-types/service_gateways_test.go new file mode 100644 index 000000000..39c6b474d --- /dev/null +++ b/agent/cache-types/service_gateways_test.go @@ -0,0 +1,57 @@ +package cachetype + +import ( + "testing" + "time" + + "github.com/hashicorp/consul/agent/cache" + "github.com/hashicorp/consul/agent/structs" + "github.com/stretchr/testify/mock" + "github.com/stretchr/testify/require" +) + +func TestServiceGateways(t *testing.T) { + rpc := TestRPC(t) + typ := &ServiceGateways{RPC: rpc} + + // Expect the proper RPC call. This also sets the expected value + // since that is return-by-pointer in the arguments. + var resp *structs.IndexedCheckServiceNodes + rpc.On("RPC", "Internal.ServiceGateways", mock.Anything, mock.Anything).Return(nil). + Run(func(args mock.Arguments) { + req := args.Get(1).(*structs.ServiceSpecificRequest) + require.Equal(t, uint64(24), req.QueryOptions.MinQueryIndex) + require.Equal(t, 1*time.Second, req.QueryOptions.MaxQueryTime) + require.True(t, req.AllowStale) + require.Equal(t, "foo", req.ServiceName) + + nodes := []structs.CheckServiceNode{ + { + Service: &structs.NodeService{ + Tags: req.ServiceTags, + }, + }, + } + + reply := args.Get(2).(*structs.IndexedCheckServiceNodes) + reply.Nodes = nodes + reply.QueryMeta.Index = 48 + resp = reply + }) + + // Fetch + resultA, err := typ.Fetch(cache.FetchOptions{ + MinIndex: 24, + Timeout: 1 * time.Second, + }, &structs.ServiceSpecificRequest{ + Datacenter: "dc1", + ServiceName: "foo", + }) + require.NoError(t, err) + require.Equal(t, cache.FetchResult{ + Value: resp, + Index: 48, + }, resultA) + + rpc.AssertExpectations(t) +} diff --git a/agent/consul/internal_endpoint.go b/agent/consul/internal_endpoint.go index a041c7eeb..8f44c0f7a 100644 --- a/agent/consul/internal_endpoint.go +++ b/agent/consul/internal_endpoint.go @@ -453,6 +453,56 @@ func (m *Internal) GatewayServiceDump(args *structs.ServiceSpecificRequest, repl return err } +// ServiceGateways returns all the nodes for services associated with a gateway along with their gateway config +func (m *Internal) ServiceGateways(args *structs.ServiceSpecificRequest, reply *structs.IndexedCheckServiceNodes) error { + if done, err := m.srv.ForwardRPC("Internal.ServiceGateways", args, reply); done { + return err + } + + // Verify the arguments + if args.ServiceName == "" { + return fmt.Errorf("Must provide gateway name") + } + + var authzContext acl.AuthorizerContext + authz, err := m.srv.ResolveTokenAndDefaultMeta(args.Token, &args.EnterpriseMeta, &authzContext) + if err != nil { + return err + } + + if err := m.srv.validateEnterpriseRequest(&args.EnterpriseMeta, false); err != nil { + return err + } + + // We need read access to the service we're trying to find gateways for, so check that first. + if err := authz.ToAllowAuthorizer().ServiceReadAllowed(args.ServiceName, &authzContext); err != nil { + return err + } + + err = m.srv.blockingQuery( + &args.QueryOptions, + &reply.QueryMeta, + func(ws memdb.WatchSet, state *state.Store) error { + var maxIdx uint64 + idx, gateways, err := state.ServiceGateways(ws, args.ServiceName, args.ServiceKind, args.EnterpriseMeta) + if err != nil { + return err + } + if idx > maxIdx { + maxIdx = idx + } + + reply.Index, reply.Nodes = maxIdx, gateways + + if err := m.srv.filterACL(args.Token, reply); err != nil { + return err + } + return nil + }) + + return err +} + // GatewayIntentions Match returns the set of intentions that match the given source/destination. func (m *Internal) GatewayIntentions(args *structs.IntentionQueryRequest, reply *structs.IndexedIntentions) error { // Forward if necessary diff --git a/agent/consul/internal_endpoint_test.go b/agent/consul/internal_endpoint_test.go index 7d7d421c8..f02150b8c 100644 --- a/agent/consul/internal_endpoint_test.go +++ b/agent/consul/internal_endpoint_test.go @@ -2811,3 +2811,479 @@ func TestInternal_PeeredUpstreams(t *testing.T) { } require.Equal(t, expect, out.Services) } + +func TestInternal_ServiceGatewayService_Terminating(t *testing.T) { + if testing.Short() { + t.Skip("too slow for testing.Short") + } + + t.Parallel() + dir1, s1 := testServer(t) + defer os.RemoveAll(dir1) + defer s1.Shutdown() + codec := rpcClient(t, s1) + defer codec.Close() + + testrpc.WaitForTestAgent(t, s1.RPC, "dc1") + + db := structs.NodeService{ + ID: "db2", + Service: "db", + } + + redis := structs.NodeService{ + ID: "redis", + Service: "redis", + } + + // Register gateway and two service instances that will be associated with it + { + arg := structs.RegisterRequest{ + Datacenter: "dc1", + Node: "foo", + Address: "10.1.2.2", + Service: &structs.NodeService{ + ID: "terminating-gateway-01", + Service: "terminating-gateway", + Kind: structs.ServiceKindTerminatingGateway, + Port: 443, + Address: "198.18.1.3", + }, + Check: &structs.HealthCheck{ + Name: "terminating connect", + Status: api.HealthPassing, + ServiceID: "terminating-gateway-01", + }, + } + var out struct{} + require.NoError(t, msgpackrpc.CallWithCodec(codec, "Catalog.Register", &arg, &out)) + + arg = structs.RegisterRequest{ + Datacenter: "dc1", + Node: "bar", + Address: "127.0.0.2", + Service: &structs.NodeService{ + ID: "db", + Service: "db", + }, + Check: &structs.HealthCheck{ + Name: "db-warning", + Status: api.HealthWarning, + ServiceID: "db", + }, + } + require.NoError(t, msgpackrpc.CallWithCodec(codec, "Catalog.Register", &arg, &out)) + + arg = structs.RegisterRequest{ + Datacenter: "dc1", + Node: "baz", + Address: "127.0.0.3", + Service: &db, + Check: &structs.HealthCheck{ + Name: "db2-passing", + Status: api.HealthPassing, + ServiceID: "db2", + }, + } + require.NoError(t, msgpackrpc.CallWithCodec(codec, "Catalog.Register", &arg, &out)) + } + + // Register terminating-gateway config entry, linking it to db and redis (dne) + { + args := &structs.TerminatingGatewayConfigEntry{ + Name: "terminating-gateway", + Kind: structs.TerminatingGateway, + Services: []structs.LinkedService{ + { + Name: "db", + }, + { + Name: "redis", + CAFile: "/etc/certs/ca.pem", + CertFile: "/etc/certs/cert.pem", + KeyFile: "/etc/certs/key.pem", + }, + }, + } + + req := structs.ConfigEntryRequest{ + Op: structs.ConfigEntryUpsert, + Datacenter: "dc1", + Entry: args, + } + var configOutput bool + require.NoError(t, msgpackrpc.CallWithCodec(codec, "ConfigEntry.Apply", &req, &configOutput)) + require.True(t, configOutput) + } + + var out structs.IndexedCheckServiceNodes + req := structs.ServiceSpecificRequest{ + Datacenter: "dc1", + ServiceName: "db", + ServiceKind: structs.ServiceKindTerminatingGateway, + } + require.NoError(t, msgpackrpc.CallWithCodec(codec, "Internal.ServiceGateways", &req, &out)) + + for _, n := range out.Nodes { + n.Node.RaftIndex = structs.RaftIndex{} + n.Service.RaftIndex = structs.RaftIndex{} + for _, m := range n.Checks { + m.RaftIndex = structs.RaftIndex{} + } + } + + expect := structs.CheckServiceNodes{ + structs.CheckServiceNode{ + Node: &structs.Node{ + Node: "foo", + RaftIndex: structs.RaftIndex{}, + Address: "10.1.2.2", + Datacenter: "dc1", + Partition: acl.DefaultPartitionName, + }, + Service: &structs.NodeService{ + Kind: structs.ServiceKindTerminatingGateway, + ID: "terminating-gateway-01", + Service: "terminating-gateway", + TaggedAddresses: map[string]structs.ServiceAddress{ + "consul-virtual:" + db.CompoundServiceName().String(): {Address: "240.0.0.1"}, + "consul-virtual:" + redis.CompoundServiceName().String(): {Address: "240.0.0.2"}, + }, + Weights: &structs.Weights{Passing: 1, Warning: 1}, + Port: 443, + Tags: []string{}, + Meta: map[string]string{}, + EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(), + RaftIndex: structs.RaftIndex{}, + Address: "198.18.1.3", + }, + Checks: structs.HealthChecks{ + &structs.HealthCheck{ + Name: "terminating connect", + Node: "foo", + CheckID: "terminating connect", + Status: api.HealthPassing, + ServiceID: "terminating-gateway-01", + ServiceName: "terminating-gateway", + EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(), + }, + }, + }, + } + + assert.Equal(t, expect, out.Nodes) +} + +func TestInternal_ServiceGatewayService_Terminating_ACL(t *testing.T) { + if testing.Short() { + t.Skip("too slow for testing.Short") + } + + t.Parallel() + dir1, s1 := testServerWithConfig(t, func(c *Config) { + c.PrimaryDatacenter = "dc1" + c.ACLsEnabled = true + c.ACLInitialManagementToken = "root" + c.ACLResolverSettings.ACLDefaultPolicy = "deny" + }) + defer os.RemoveAll(dir1) + defer s1.Shutdown() + codec := rpcClient(t, s1) + defer codec.Close() + + testrpc.WaitForTestAgent(t, s1.RPC, "dc1", testrpc.WithToken("root")) + + // Create the ACL. + token, err := upsertTestTokenWithPolicyRules(codec, "root", "dc1", ` + service "db" { policy = "read" } + service "terminating-gateway" { policy = "read" } + node_prefix "" { policy = "read" }`) + require.NoError(t, err) + + // Register gateway and two service instances that will be associated with it + { + arg := structs.RegisterRequest{ + Datacenter: "dc1", + Node: "foo", + Address: "127.0.0.1", + Service: &structs.NodeService{ + ID: "terminating-gateway", + Service: "terminating-gateway", + Kind: structs.ServiceKindTerminatingGateway, + Port: 443, + }, + Check: &structs.HealthCheck{ + Name: "terminating connect", + Status: api.HealthPassing, + ServiceID: "terminating-gateway", + }, + WriteRequest: structs.WriteRequest{Token: "root"}, + } + var out struct{} + require.NoError(t, msgpackrpc.CallWithCodec(codec, "Catalog.Register", &arg, &out)) + { + arg := structs.RegisterRequest{ + Datacenter: "dc1", + Node: "foo", + Address: "127.0.0.1", + Service: &structs.NodeService{ + ID: "terminating-gateway2", + Service: "terminating-gateway2", + Kind: structs.ServiceKindTerminatingGateway, + Port: 444, + }, + Check: &structs.HealthCheck{ + Name: "terminating connect", + Status: api.HealthPassing, + ServiceID: "terminating-gateway2", + }, + WriteRequest: structs.WriteRequest{Token: "root"}, + } + var out struct{} + require.NoError(t, msgpackrpc.CallWithCodec(codec, "Catalog.Register", &arg, &out)) + } + + arg = structs.RegisterRequest{ + Datacenter: "dc1", + Node: "bar", + Address: "127.0.0.2", + Service: &structs.NodeService{ + ID: "db", + Service: "db", + }, + Check: &structs.HealthCheck{ + Name: "db-warning", + Status: api.HealthWarning, + ServiceID: "db", + }, + WriteRequest: structs.WriteRequest{Token: "root"}, + } + require.NoError(t, msgpackrpc.CallWithCodec(codec, "Catalog.Register", &arg, &out)) + + arg = structs.RegisterRequest{ + Datacenter: "dc1", + Node: "baz", + Address: "127.0.0.3", + Service: &structs.NodeService{ + ID: "api", + Service: "api", + }, + Check: &structs.HealthCheck{ + Name: "api-passing", + Status: api.HealthPassing, + ServiceID: "api", + }, + WriteRequest: structs.WriteRequest{Token: "root"}, + } + require.NoError(t, msgpackrpc.CallWithCodec(codec, "Catalog.Register", &arg, &out)) + } + + // Register terminating-gateway config entry, linking it to db and api + { + args := &structs.TerminatingGatewayConfigEntry{ + Name: "terminating-gateway", + Kind: structs.TerminatingGateway, + Services: []structs.LinkedService{ + {Name: "db"}, + {Name: "api"}, + }, + } + + req := structs.ConfigEntryRequest{ + Op: structs.ConfigEntryUpsert, + Datacenter: "dc1", + Entry: args, + WriteRequest: structs.WriteRequest{Token: "root"}, + } + var out bool + require.NoError(t, msgpackrpc.CallWithCodec(codec, "ConfigEntry.Apply", &req, &out)) + require.True(t, out) + } + + // Register terminating-gateway config entry, linking it to db and api + { + args := &structs.TerminatingGatewayConfigEntry{ + Name: "terminating-gateway2", + Kind: structs.TerminatingGateway, + Services: []structs.LinkedService{ + {Name: "db"}, + {Name: "api"}, + }, + } + + req := structs.ConfigEntryRequest{ + Op: structs.ConfigEntryUpsert, + Datacenter: "dc1", + Entry: args, + WriteRequest: structs.WriteRequest{Token: "root"}, + } + var out bool + require.NoError(t, msgpackrpc.CallWithCodec(codec, "ConfigEntry.Apply", &req, &out)) + require.True(t, out) + } + + var out structs.IndexedCheckServiceNodes + + // Not passing a token with service:read on Gateway leads to PermissionDenied + req := structs.ServiceSpecificRequest{ + Datacenter: "dc1", + ServiceName: "db", + ServiceKind: structs.ServiceKindTerminatingGateway, + } + err = msgpackrpc.CallWithCodec(codec, "Internal.ServiceGateways", &req, &out) + require.Error(t, err, acl.ErrPermissionDenied) + + // Passing a token without service:read on api leads to it getting filtered out + req = structs.ServiceSpecificRequest{ + Datacenter: "dc1", + ServiceName: "db", + ServiceKind: structs.ServiceKindTerminatingGateway, + QueryOptions: structs.QueryOptions{Token: token.SecretID}, + } + require.NoError(t, msgpackrpc.CallWithCodec(codec, "Internal.ServiceGateways", &req, &out)) + + nodes := out.Nodes + require.Len(t, nodes, 1) + require.Equal(t, "foo", nodes[0].Node.Node) + require.Equal(t, structs.ServiceKindTerminatingGateway, nodes[0].Service.Kind) + require.Equal(t, "terminating-gateway", nodes[0].Service.Service) + require.Equal(t, "terminating-gateway", nodes[0].Service.ID) + require.True(t, out.QueryMeta.ResultsFilteredByACLs, "ResultsFilteredByACLs should be true") +} + +func TestInternal_ServiceGatewayService_Terminating_Destination(t *testing.T) { + if testing.Short() { + t.Skip("too slow for testing.Short") + } + + t.Parallel() + dir1, s1 := testServer(t) + defer os.RemoveAll(dir1) + defer s1.Shutdown() + codec := rpcClient(t, s1) + defer codec.Close() + + testrpc.WaitForTestAgent(t, s1.RPC, "dc1") + + google := structs.NodeService{ + ID: "google", + Service: "google", + } + + // Register service-default with conflicting destination address + { + arg := structs.ConfigEntryRequest{ + Op: structs.ConfigEntryUpsert, + Datacenter: "dc1", + Entry: &structs.ServiceConfigEntry{ + Name: "google", + Destination: &structs.DestinationConfig{Address: "www.google.com", Port: 443}, + EnterpriseMeta: *acl.DefaultEnterpriseMeta(), + }, + } + var configOutput bool + require.NoError(t, msgpackrpc.CallWithCodec(codec, "ConfigEntry.Apply", &arg, &configOutput)) + require.True(t, configOutput) + } + + // Register terminating-gateway config entry, linking it to google.com + { + arg := structs.RegisterRequest{ + Datacenter: "dc1", + Node: "foo", + Address: "127.0.0.1", + Service: &structs.NodeService{ + ID: "terminating-gateway", + Service: "terminating-gateway", + Kind: structs.ServiceKindTerminatingGateway, + Port: 443, + }, + Check: &structs.HealthCheck{ + Name: "terminating connect", + Status: api.HealthPassing, + ServiceID: "terminating-gateway", + }, + } + var out struct{} + require.NoError(t, msgpackrpc.CallWithCodec(codec, "Catalog.Register", &arg, &out)) + } + { + args := &structs.TerminatingGatewayConfigEntry{ + Name: "terminating-gateway", + Kind: structs.TerminatingGateway, + Services: []structs.LinkedService{ + { + Name: "google", + }, + }, + } + + req := structs.ConfigEntryRequest{ + Op: structs.ConfigEntryUpsert, + Datacenter: "dc1", + Entry: args, + } + var configOutput bool + require.NoError(t, msgpackrpc.CallWithCodec(codec, "ConfigEntry.Apply", &req, &configOutput)) + require.True(t, configOutput) + } + + var out structs.IndexedCheckServiceNodes + req := structs.ServiceSpecificRequest{ + Datacenter: "dc1", + ServiceName: "google", + ServiceKind: structs.ServiceKindTerminatingGateway, + } + require.NoError(t, msgpackrpc.CallWithCodec(codec, "Internal.ServiceGateways", &req, &out)) + + nodes := out.Nodes + + for _, n := range nodes { + n.Node.RaftIndex = structs.RaftIndex{} + n.Service.RaftIndex = structs.RaftIndex{} + for _, m := range n.Checks { + m.RaftIndex = structs.RaftIndex{} + } + } + + expect := structs.CheckServiceNodes{ + structs.CheckServiceNode{ + Node: &structs.Node{ + Node: "foo", + RaftIndex: structs.RaftIndex{}, + Address: "127.0.0.1", + Datacenter: "dc1", + Partition: acl.DefaultPartitionName, + }, + Service: &structs.NodeService{ + Kind: structs.ServiceKindTerminatingGateway, + ID: "terminating-gateway", + Service: "terminating-gateway", + Weights: &structs.Weights{Passing: 1, Warning: 1}, + Port: 443, + Tags: []string{}, + Meta: map[string]string{}, + EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(), + TaggedAddresses: map[string]structs.ServiceAddress{ + "consul-virtual:" + google.CompoundServiceName().String(): {Address: "240.0.0.1"}, + }, + RaftIndex: structs.RaftIndex{}, + Address: "", + }, + Checks: structs.HealthChecks{ + &structs.HealthCheck{ + Name: "terminating connect", + Node: "foo", + CheckID: "terminating connect", + Status: api.HealthPassing, + ServiceID: "terminating-gateway", + ServiceName: "terminating-gateway", + EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(), + }, + }, + }, + } + + assert.Len(t, nodes, 1) + assert.Equal(t, expect, nodes) +} diff --git a/agent/consul/state/catalog.go b/agent/consul/state/catalog.go index 2f116ab0f..622cccd35 100644 --- a/agent/consul/state/catalog.go +++ b/agent/consul/state/catalog.go @@ -2907,6 +2907,25 @@ func (s *Store) GatewayServices(ws memdb.WatchSet, gateway string, entMeta *acl. return lib.MaxUint64(maxIdx, idx), results, nil } +// TODO: Find a way to consolidate this with CheckIngressServiceNodes +// ServiceGateways is used to query all gateways associated with a service +func (s *Store) ServiceGateways(ws memdb.WatchSet, service string, kind structs.ServiceKind, entMeta acl.EnterpriseMeta) (uint64, structs.CheckServiceNodes, error) { + tx := s.db.Txn(false) + defer tx.Abort() + + // tableGatewayServices is not peer-aware, and the existence of TG/IG gateways is scrubbed during peer replication. + maxIdx, nodes, err := serviceGatewayNodes(tx, ws, service, kind, &entMeta, structs.DefaultPeerKeyword) + + // Watch for index changes to the gateway nodes + idx, chans := maxIndexAndWatchChsForServiceNodes(tx, nodes, false) + for _, ch := range chans { + ws.Add(ch) + } + maxIdx = lib.MaxUint64(maxIdx, idx) + + return parseCheckServiceNodes(tx, ws, maxIdx, nodes, &entMeta, structs.DefaultPeerKeyword, err) +} + func (s *Store) VirtualIPForService(psn structs.PeeredServiceName) (string, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -3862,7 +3881,7 @@ func (s *Store) collectGatewayServices(tx ReadTxn, ws memdb.WatchSet, iter memdb return maxIdx, results, nil } -// TODO(ingress): How to handle index rolling back when a config entry is +// TODO: How to handle index rolling back when a config entry is // deleted that references a service? // We might need something like the service_last_extinction index? func serviceGatewayNodes(tx ReadTxn, ws memdb.WatchSet, service string, kind structs.ServiceKind, entMeta *acl.EnterpriseMeta, peerName string) (uint64, structs.ServiceNodes, error) { diff --git a/agent/consul/state/catalog_test.go b/agent/consul/state/catalog_test.go index d2a970b07..fed3bd0ee 100644 --- a/agent/consul/state/catalog_test.go +++ b/agent/consul/state/catalog_test.go @@ -4,6 +4,7 @@ import ( "context" crand "crypto/rand" "fmt" + "github.com/hashicorp/consul/acl" "reflect" "sort" "strings" @@ -5346,6 +5347,400 @@ func TestStateStore_GatewayServices_Terminating(t *testing.T) { assert.Len(t, out, 0) } +func TestStateStore_ServiceGateways_Terminating(t *testing.T) { + s := testStateStore(t) + + // Listing with no results returns an empty list. + ws := memdb.NewWatchSet() + idx, nodes, err := s.GatewayServices(ws, "db", nil) + assert.Nil(t, err) + assert.Equal(t, uint64(0), idx) + assert.Len(t, nodes, 0) + + // Create some nodes + assert.Nil(t, s.EnsureNode(10, &structs.Node{Node: "foo", Address: "127.0.0.1"})) + assert.Nil(t, s.EnsureNode(11, &structs.Node{Node: "bar", Address: "127.0.0.2"})) + assert.Nil(t, s.EnsureNode(12, &structs.Node{Node: "baz", Address: "127.0.0.2"})) + + // Typical services and some consul services spread across two nodes + assert.Nil(t, s.EnsureService(13, "foo", &structs.NodeService{ID: "db", Service: "db", Tags: nil, Address: "", Port: 5000})) + assert.Nil(t, s.EnsureService(15, "bar", &structs.NodeService{ID: "api", Service: "api", Tags: nil, Address: "", Port: 5000})) + assert.Nil(t, s.EnsureService(16, "bar", &structs.NodeService{ID: "consul", Service: "consul", Tags: nil})) + assert.Nil(t, s.EnsureService(17, "bar", &structs.NodeService{ID: "consul", Service: "consul", Tags: nil})) + + // Add ingress gateway and a connect proxy, neither should get picked up by terminating gateway + ingressNS := &structs.NodeService{ + Kind: structs.ServiceKindIngressGateway, + ID: "ingress", + Service: "ingress", + Port: 8443, + } + assert.Nil(t, s.EnsureService(18, "baz", ingressNS)) + + proxyNS := &structs.NodeService{ + Kind: structs.ServiceKindConnectProxy, + ID: "db proxy", + Service: "db proxy", + Proxy: structs.ConnectProxyConfig{ + DestinationServiceName: "db", + }, + Port: 8000, + } + assert.Nil(t, s.EnsureService(19, "foo", proxyNS)) + + // Register a gateway + assert.Nil(t, s.EnsureService(20, "baz", &structs.NodeService{Kind: structs.ServiceKindTerminatingGateway, ID: "gateway", Service: "gateway", Port: 443})) + + // Associate gateway with db and api + assert.Nil(t, s.EnsureConfigEntry(21, &structs.TerminatingGatewayConfigEntry{ + Kind: "terminating-gateway", + Name: "gateway", + Services: []structs.LinkedService{ + { + Name: "db", + }, + { + Name: "api", + }, + }, + })) + assert.True(t, watchFired(ws)) + + // Read everything back. + ws = memdb.NewWatchSet() + idx, out, err := s.ServiceGateways(ws, "db", structs.ServiceKindTerminatingGateway, *structs.DefaultEnterpriseMetaInDefaultPartition()) + assert.Nil(t, err) + assert.Equal(t, uint64(21), idx) + assert.Len(t, out, 1) + + expect := structs.CheckServiceNodes{ + { + Node: &structs.Node{ + ID: "", + Address: "127.0.0.2", + Node: "baz", + Partition: acl.DefaultPartitionName, + RaftIndex: structs.RaftIndex{ + CreateIndex: 12, + ModifyIndex: 12, + }, + }, + Service: &structs.NodeService{ + Service: "gateway", + Kind: structs.ServiceKindTerminatingGateway, + ID: "gateway", + EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(), + Weights: &structs.Weights{Passing: 1, Warning: 1}, + Port: 443, + RaftIndex: structs.RaftIndex{ + CreateIndex: 20, + ModifyIndex: 20, + }, + }, + }, + } + assert.Equal(t, expect, out) + + // Check that we don't update on same exact config + assert.Nil(t, s.EnsureConfigEntry(21, &structs.TerminatingGatewayConfigEntry{ + Kind: "terminating-gateway", + Name: "gateway", + Services: []structs.LinkedService{ + { + Name: "db", + }, + { + Name: "api", + }, + }, + })) + assert.False(t, watchFired(ws)) + + idx, out, err = s.ServiceGateways(ws, "api", structs.ServiceKindTerminatingGateway, *structs.DefaultEnterpriseMetaInDefaultPartition()) + assert.Nil(t, err) + assert.Equal(t, uint64(21), idx) + assert.Len(t, out, 1) + + expect = structs.CheckServiceNodes{ + { + Node: &structs.Node{ + ID: "", + Address: "127.0.0.2", + Node: "baz", + Partition: acl.DefaultPartitionName, + RaftIndex: structs.RaftIndex{ + CreateIndex: 12, + ModifyIndex: 12, + }, + }, + Service: &structs.NodeService{ + Service: "gateway", + Kind: structs.ServiceKindTerminatingGateway, + ID: "gateway", + EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(), + Weights: &structs.Weights{Passing: 1, Warning: 1}, + Port: 443, + RaftIndex: structs.RaftIndex{ + CreateIndex: 20, + ModifyIndex: 20, + }, + }, + }, + } + assert.Equal(t, expect, out) + + // Associate gateway with a wildcard and add TLS config + assert.Nil(t, s.EnsureConfigEntry(22, &structs.TerminatingGatewayConfigEntry{ + Kind: "terminating-gateway", + Name: "gateway", + Services: []structs.LinkedService{ + { + Name: "api", + CAFile: "api/ca.crt", + CertFile: "api/client.crt", + KeyFile: "api/client.key", + SNI: "my-domain", + }, + { + Name: "db", + }, + { + Name: "*", + CAFile: "ca.crt", + CertFile: "client.crt", + KeyFile: "client.key", + SNI: "my-alt-domain", + }, + }, + })) + assert.True(t, watchFired(ws)) + + // Read everything back. + ws = memdb.NewWatchSet() + idx, out, err = s.ServiceGateways(ws, "db", structs.ServiceKindTerminatingGateway, *structs.DefaultEnterpriseMetaInDefaultPartition()) + assert.Nil(t, err) + assert.Equal(t, uint64(22), idx) + assert.Len(t, out, 1) + + expect = structs.CheckServiceNodes{ + { + Node: &structs.Node{ + ID: "", + Address: "127.0.0.2", + Node: "baz", + Partition: acl.DefaultPartitionName, + RaftIndex: structs.RaftIndex{ + CreateIndex: 12, + ModifyIndex: 12, + }, + }, + Service: &structs.NodeService{ + Service: "gateway", + Kind: structs.ServiceKindTerminatingGateway, + ID: "gateway", + EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(), + Weights: &structs.Weights{Passing: 1, Warning: 1}, + Port: 443, + RaftIndex: structs.RaftIndex{ + CreateIndex: 20, + ModifyIndex: 20, + }, + }, + }, + } + assert.Equal(t, expect, out) + + // Add a service covered by wildcard + assert.Nil(t, s.EnsureService(23, "bar", &structs.NodeService{ID: "redis", Service: "redis", Tags: nil, Address: "", Port: 6379})) + + ws = memdb.NewWatchSet() + idx, out, err = s.ServiceGateways(ws, "redis", structs.ServiceKindTerminatingGateway, *structs.DefaultEnterpriseMetaInDefaultPartition()) + assert.Nil(t, err) + assert.Equal(t, uint64(23), idx) + assert.Len(t, out, 1) + + expect = structs.CheckServiceNodes{ + { + Node: &structs.Node{ + ID: "", + Address: "127.0.0.2", + Node: "baz", + Partition: acl.DefaultPartitionName, + RaftIndex: structs.RaftIndex{ + CreateIndex: 12, + ModifyIndex: 12, + }, + }, + Service: &structs.NodeService{ + Service: "gateway", + Kind: structs.ServiceKindTerminatingGateway, + ID: "gateway", + EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(), + Weights: &structs.Weights{Passing: 1, Warning: 1}, + Port: 443, + RaftIndex: structs.RaftIndex{ + CreateIndex: 20, + ModifyIndex: 20, + }, + }, + }, + } + assert.Equal(t, expect, out) + + // Delete a service covered by wildcard + assert.Nil(t, s.DeleteService(24, "bar", "redis", structs.DefaultEnterpriseMetaInDefaultPartition(), "")) + assert.True(t, watchFired(ws)) + + ws = memdb.NewWatchSet() + idx, out, err = s.ServiceGateways(ws, "redis", structs.ServiceKindTerminatingGateway, *structs.DefaultEnterpriseMetaInDefaultPartition()) + assert.Nil(t, err) + // TODO: wildcards don't keep the same extinction index + assert.Equal(t, uint64(0), idx) + assert.Len(t, out, 0) + + // Update the entry that only leaves one service + assert.Nil(t, s.EnsureConfigEntry(25, &structs.TerminatingGatewayConfigEntry{ + Kind: "terminating-gateway", + Name: "gateway", + Services: []structs.LinkedService{ + { + Name: "db", + }, + }, + })) + assert.True(t, watchFired(ws)) + + ws = memdb.NewWatchSet() + idx, out, err = s.ServiceGateways(ws, "db", structs.ServiceKindTerminatingGateway, *structs.DefaultEnterpriseMetaInDefaultPartition()) + assert.Nil(t, err) + assert.Equal(t, uint64(25), idx) + assert.Len(t, out, 1) + + // previously associated services should not be present + expect = structs.CheckServiceNodes{ + { + Node: &structs.Node{ + ID: "", + Address: "127.0.0.2", + Node: "baz", + Partition: acl.DefaultPartitionName, + RaftIndex: structs.RaftIndex{ + CreateIndex: 12, + ModifyIndex: 12, + }, + }, + Service: &structs.NodeService{ + Service: "gateway", + Kind: structs.ServiceKindTerminatingGateway, + ID: "gateway", + EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(), + Weights: &structs.Weights{Passing: 1, Warning: 1}, + Port: 443, + RaftIndex: structs.RaftIndex{ + CreateIndex: 20, + ModifyIndex: 20, + }, + }, + }, + } + assert.Equal(t, expect, out) + + // Attempt to associate a different gateway with services that include db + assert.Nil(t, s.EnsureConfigEntry(26, &structs.TerminatingGatewayConfigEntry{ + Kind: "terminating-gateway", + Name: "gateway2", + Services: []structs.LinkedService{ + { + Name: "*", + }, + }, + })) + + // check that watchset fired for new terminating gateway node service + assert.Nil(t, s.EnsureService(20, "baz", &structs.NodeService{Kind: structs.ServiceKindTerminatingGateway, ID: "gateway2", Service: "gateway2", Port: 443})) + assert.True(t, watchFired(ws)) + + ws = memdb.NewWatchSet() + idx, out, err = s.ServiceGateways(ws, "db", structs.ServiceKindTerminatingGateway, *structs.DefaultEnterpriseMetaInDefaultPartition()) + assert.Nil(t, err) + assert.Equal(t, uint64(26), idx) + assert.Len(t, out, 2) + + expect = structs.CheckServiceNodes{ + { + Node: &structs.Node{ + ID: "", + Address: "127.0.0.2", + Node: "baz", + Partition: acl.DefaultPartitionName, + RaftIndex: structs.RaftIndex{ + CreateIndex: 12, + ModifyIndex: 12, + }, + }, + Service: &structs.NodeService{ + Service: "gateway", + Kind: structs.ServiceKindTerminatingGateway, + ID: "gateway", + EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(), + Weights: &structs.Weights{Passing: 1, Warning: 1}, + Port: 443, + RaftIndex: structs.RaftIndex{ + CreateIndex: 20, + ModifyIndex: 20, + }, + }, + }, + { + Node: &structs.Node{ + ID: "", + Address: "127.0.0.2", + Node: "baz", + Partition: acl.DefaultPartitionName, + RaftIndex: structs.RaftIndex{ + CreateIndex: 12, + ModifyIndex: 12, + }, + }, + Service: &structs.NodeService{ + Service: "gateway2", + Kind: structs.ServiceKindTerminatingGateway, + ID: "gateway2", + EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(), + Weights: &structs.Weights{Passing: 1, Warning: 1}, + Port: 443, + RaftIndex: structs.RaftIndex{ + CreateIndex: 20, + ModifyIndex: 20, + }, + }, + }, + } + assert.Equal(t, expect, out) + + // Deleting the all gateway's node services should trigger the watch and keep the raft index stable + assert.Nil(t, s.DeleteService(27, "baz", "gateway", structs.DefaultEnterpriseMetaInDefaultPartition(), structs.DefaultPeerKeyword)) + assert.True(t, watchFired(ws)) + assert.Nil(t, s.DeleteService(28, "baz", "gateway2", structs.DefaultEnterpriseMetaInDefaultPartition(), structs.DefaultPeerKeyword)) + + ws = memdb.NewWatchSet() + idx, out, err = s.ServiceGateways(ws, "db", structs.ServiceKindTerminatingGateway, *structs.DefaultEnterpriseMetaInDefaultPartition()) + assert.Nil(t, err) + assert.Equal(t, uint64(28), idx) + assert.Len(t, out, 0) + + // Deleting the config entry even with a node service should remove existing mappings + assert.Nil(t, s.EnsureService(29, "baz", &structs.NodeService{Kind: structs.ServiceKindTerminatingGateway, ID: "gateway", Service: "gateway", Port: 443})) + assert.Nil(t, s.DeleteConfigEntry(30, "terminating-gateway", "gateway", nil)) + assert.True(t, watchFired(ws)) + + idx, out, err = s.ServiceGateways(ws, "api", structs.ServiceKindTerminatingGateway, *structs.DefaultEnterpriseMetaInDefaultPartition()) + assert.Nil(t, err) + // TODO: similar to ingress, the index can backslide if the config is deleted. + assert.Equal(t, uint64(28), idx) + assert.Len(t, out, 0) +} + func TestStateStore_GatewayServices_ServiceDeletion(t *testing.T) { s := testStateStore(t) diff --git a/agent/proxycfg-glue/glue.go b/agent/proxycfg-glue/glue.go index 06798939b..7c3311f36 100644 --- a/agent/proxycfg-glue/glue.go +++ b/agent/proxycfg-glue/glue.go @@ -54,6 +54,12 @@ func CacheDatacenters(c *cache.Cache) proxycfg.Datacenters { return &cacheProxyDataSource[*structs.DatacentersRequest]{c, cachetype.CatalogDatacentersName} } +// CacheServiceGateways satisfies the proxycfg.ServiceGateways interface by +// sourcing data from the agent cache. +func CacheServiceGateways(c *cache.Cache) proxycfg.GatewayServices { + return &cacheProxyDataSource[*structs.ServiceSpecificRequest]{c, cachetype.ServiceGatewaysName} +} + // CacheHTTPChecks satisifies the proxycfg.HTTPChecks interface by sourcing // data from the agent cache. func CacheHTTPChecks(c *cache.Cache) proxycfg.HTTPChecks { @@ -66,6 +72,12 @@ func CacheIntentionUpstreams(c *cache.Cache) proxycfg.IntentionUpstreams { return &cacheProxyDataSource[*structs.ServiceSpecificRequest]{c, cachetype.IntentionUpstreamsName} } +// CacheIntentionUpstreamsDestination satisfies the proxycfg.IntentionUpstreamsDestination interface +// by sourcing data from the agent cache. +func CacheIntentionUpstreamsDestination(c *cache.Cache) proxycfg.IntentionUpstreams { + return &cacheProxyDataSource[*structs.ServiceSpecificRequest]{c, cachetype.IntentionUpstreamsDestinationName} +} + // CacheInternalServiceDump satisfies the proxycfg.InternalServiceDump // interface by sourcing data from the agent cache. func CacheInternalServiceDump(c *cache.Cache) proxycfg.InternalServiceDump { diff --git a/agent/proxycfg/connect_proxy.go b/agent/proxycfg/connect_proxy.go index 3221150db..823f7d9ef 100644 --- a/agent/proxycfg/connect_proxy.go +++ b/agent/proxycfg/connect_proxy.go @@ -28,10 +28,12 @@ func (s *handlerConnectProxy) initialize(ctx context.Context) (ConfigSnapshot, e snap.ConnectProxy.WatchedGatewayEndpoints = make(map[UpstreamID]map[string]structs.CheckServiceNodes) snap.ConnectProxy.WatchedServiceChecks = make(map[structs.ServiceID][]structs.CheckType) snap.ConnectProxy.PreparedQueryEndpoints = make(map[UpstreamID]structs.CheckServiceNodes) + snap.ConnectProxy.DestinationsUpstream = watch.NewMap[UpstreamID, *structs.ServiceConfigEntry]() snap.ConnectProxy.UpstreamConfig = make(map[UpstreamID]*structs.Upstream) snap.ConnectProxy.PassthroughUpstreams = make(map[UpstreamID]map[string]map[string]struct{}) snap.ConnectProxy.PassthroughIndices = make(map[string]indexedTarget) snap.ConnectProxy.PeerUpstreamEndpoints = watch.NewMap[UpstreamID, structs.CheckServiceNodes]() + snap.ConnectProxy.DestinationGateways = watch.NewMap[UpstreamID, structs.CheckServiceNodes]() snap.ConnectProxy.PeerUpstreamEndpointsUseHostnames = make(map[UpstreamID]struct{}) // Watch for root changes @@ -116,6 +118,16 @@ func (s *handlerConnectProxy) initialize(ctx context.Context) (ConfigSnapshot, e if err != nil { return snap, err } + // We also infer upstreams from destinations (egress points) + err = s.dataSources.IntentionUpstreamsDestination.Notify(ctx, &structs.ServiceSpecificRequest{ + Datacenter: s.source.Datacenter, + QueryOptions: structs.QueryOptions{Token: s.token}, + ServiceName: s.proxyCfg.DestinationServiceName, + EnterpriseMeta: s.proxyID.EnterpriseMeta, + }, intentionUpstreamsDestinationID, s.ch) + if err != nil { + return snap, err + } } // Watch for updates to service endpoints for all upstreams @@ -508,7 +520,83 @@ func (s *handlerConnectProxy) handleUpdate(ctx context.Context, u UpdateEvent, s delete(snap.ConnectProxy.DiscoveryChain, uid) } } + case u.CorrelationID == intentionUpstreamsDestinationID: + resp, ok := u.Result.(*structs.IndexedServiceList) + if !ok { + return fmt.Errorf("invalid type for response %T", u.Result) + } + seenUpstreams := make(map[UpstreamID]struct{}) + for _, svc := range resp.Services { + uid := NewUpstreamIDFromServiceName(svc) + seenUpstreams[uid] = struct{}{} + { + childCtx, cancel := context.WithCancel(ctx) + err := s.dataSources.ConfigEntry.Notify(childCtx, &structs.ConfigEntryQuery{ + Kind: structs.ServiceDefaults, + Name: svc.Name, + Datacenter: s.source.Datacenter, + QueryOptions: structs.QueryOptions{Token: s.token}, + EnterpriseMeta: svc.EnterpriseMeta, + }, DestinationConfigEntryID+svc.String(), s.ch) + if err != nil { + cancel() + return err + } + snap.ConnectProxy.DestinationsUpstream.InitWatch(uid, cancel) + } + { + childCtx, cancel := context.WithCancel(ctx) + err := s.dataSources.ServiceGateways.Notify(childCtx, &structs.ServiceSpecificRequest{ + ServiceName: svc.Name, + Datacenter: s.source.Datacenter, + QueryOptions: structs.QueryOptions{Token: s.token}, + EnterpriseMeta: svc.EnterpriseMeta, + ServiceKind: structs.ServiceKindTerminatingGateway, + }, DestinationGatewayID+svc.String(), s.ch) + if err != nil { + cancel() + return err + } + snap.ConnectProxy.DestinationGateways.InitWatch(uid, cancel) + } + } + snap.ConnectProxy.DestinationsUpstream.ForEachKey(func(uid UpstreamID) bool { + if _, ok := seenUpstreams[uid]; !ok { + snap.ConnectProxy.DestinationsUpstream.CancelWatch(uid) + } + return true + }) + + snap.ConnectProxy.DestinationGateways.ForEachKey(func(uid UpstreamID) bool { + if _, ok := seenUpstreams[uid]; !ok { + snap.ConnectProxy.DestinationGateways.CancelWatch(uid) + } + return true + }) + case strings.HasPrefix(u.CorrelationID, DestinationConfigEntryID): + resp, ok := u.Result.(*structs.ConfigEntryResponse) + if !ok { + return fmt.Errorf("invalid type for response: %T", u.Result) + } + + pq := strings.TrimPrefix(u.CorrelationID, DestinationConfigEntryID) + uid := UpstreamIDFromString(pq) + serviceConf, ok := resp.Entry.(*structs.ServiceConfigEntry) + if !ok { + return fmt.Errorf("invalid type for service default: %T", resp.Entry.GetName()) + } + + snap.ConnectProxy.DestinationsUpstream.Set(uid, serviceConf) + case strings.HasPrefix(u.CorrelationID, DestinationGatewayID): + resp, ok := u.Result.(*structs.IndexedCheckServiceNodes) + if !ok { + return fmt.Errorf("invalid type for response: %T", u.Result) + } + + pq := strings.TrimPrefix(u.CorrelationID, DestinationGatewayID) + uid := UpstreamIDFromString(pq) + snap.ConnectProxy.DestinationGateways.Set(uid, resp.Nodes) case strings.HasPrefix(u.CorrelationID, "upstream:"+preparedQueryIDPrefix): resp, ok := u.Result.(*structs.PreparedQueryExecuteResponse) if !ok { diff --git a/agent/proxycfg/data_sources.go b/agent/proxycfg/data_sources.go index 310a4340e..3bef5e347 100644 --- a/agent/proxycfg/data_sources.go +++ b/agent/proxycfg/data_sources.go @@ -47,6 +47,10 @@ type DataSources struct { // notification channel. GatewayServices GatewayServices + // ServiceGateways provides updates about a gateway's upstream services on a + // notification channel. + ServiceGateways ServiceGateways + // Health provides service health updates on a notification channel. Health Health @@ -61,6 +65,10 @@ type DataSources struct { // notification channel. IntentionUpstreams IntentionUpstreams + // IntentionUpstreamsDestination provides intention-inferred upstream updates on a + // notification channel. + IntentionUpstreamsDestination IntentionUpstreamsDestination + // InternalServiceDump provides updates about a (gateway) service on a // notification channel. InternalServiceDump InternalServiceDump @@ -115,7 +123,7 @@ type ConfigEntry interface { Notify(ctx context.Context, req *structs.ConfigEntryQuery, correlationID string, ch chan<- UpdateEvent) error } -// ConfigEntry is the interface used to consume updates about a list of config +// ConfigEntryList is the interface used to consume updates about a list of config // entries. type ConfigEntryList interface { Notify(ctx context.Context, req *structs.ConfigEntryQuery, correlationID string, ch chan<- UpdateEvent) error @@ -139,6 +147,11 @@ type GatewayServices interface { Notify(ctx context.Context, req *structs.ServiceSpecificRequest, correlationID string, ch chan<- UpdateEvent) error } +// ServiceGateways is the interface used to consume updates about a service terminating gateways +type ServiceGateways interface { + Notify(ctx context.Context, req *structs.ServiceSpecificRequest, correlationID string, ch chan<- UpdateEvent) error +} + // Health is the interface used to consume service health updates. type Health interface { Notify(ctx context.Context, req *structs.ServiceSpecificRequest, correlationID string, ch chan<- UpdateEvent) error @@ -162,6 +175,12 @@ type IntentionUpstreams interface { Notify(ctx context.Context, req *structs.ServiceSpecificRequest, correlationID string, ch chan<- UpdateEvent) error } +// IntentionUpstreamsDestination is the interface used to consume updates about upstreams destination +// inferred from service intentions. +type IntentionUpstreamsDestination interface { + Notify(ctx context.Context, req *structs.ServiceSpecificRequest, correlationID string, ch chan<- UpdateEvent) error +} + // InternalServiceDump is the interface used to consume updates about a (gateway) // service via the internal ServiceDump RPC. type InternalServiceDump interface { diff --git a/agent/proxycfg/internal/watch/watchmap.go b/agent/proxycfg/internal/watch/watchmap.go index bbf42dc9a..ec676bb8f 100644 --- a/agent/proxycfg/internal/watch/watchmap.go +++ b/agent/proxycfg/internal/watch/watchmap.go @@ -106,3 +106,18 @@ func (m Map[K, V]) ForEachKey(f func(K) bool) { } } } + +// ForEachKeyE iterates through the map, calling f +// for each iteration. It is up to the caller to +// Get the value and nil-check if required. +// If a non-nil error is returned by f, iterating +// stops and the error is returned. +// Order of iteration is non-deterministic. +func (m Map[K, V]) ForEachKeyE(f func(K) error) error { + for k := range m.M { + if err := f(k); err != nil { + return err + } + } + return nil +} diff --git a/agent/proxycfg/internal/watch/watchmap_test.go b/agent/proxycfg/internal/watch/watchmap_test.go index 590351853..deb7cea08 100644 --- a/agent/proxycfg/internal/watch/watchmap_test.go +++ b/agent/proxycfg/internal/watch/watchmap_test.go @@ -1,6 +1,7 @@ package watch import ( + "errors" "testing" "github.com/stretchr/testify/require" @@ -111,3 +112,43 @@ func TestMap_ForEach(t *testing.T) { require.Equal(t, 1, count) } } + +func TestMap_ForEachE(t *testing.T) { + type testType struct { + s string + } + + m := NewMap[string, any]() + inputs := map[string]any{ + "hello": 13, + "foo": struct{}{}, + "bar": &testType{s: "wow"}, + } + for k, v := range inputs { + m.InitWatch(k, nil) + m.Set(k, v) + } + require.Equal(t, 3, m.Len()) + + // returning nil error continues iteration + { + var count int + err := m.ForEachKeyE(func(k string) error { + count++ + return nil + }) + require.Equal(t, 3, count) + require.Nil(t, err) + } + + // returning an error should exit immediately + { + var count int + err := m.ForEachKeyE(func(k string) error { + count++ + return errors.New("boooo") + }) + require.Equal(t, 1, count) + require.Errorf(t, err, "boo") + } +} diff --git a/agent/proxycfg/manager_test.go b/agent/proxycfg/manager_test.go index 184b62148..2a3cdd15f 100644 --- a/agent/proxycfg/manager_test.go +++ b/agent/proxycfg/manager_test.go @@ -236,6 +236,8 @@ func TestManager_BasicLifecycle(t *testing.T) { PeerUpstreamEndpointsUseHostnames: map[UpstreamID]struct{}{}, }, PreparedQueryEndpoints: map[UpstreamID]structs.CheckServiceNodes{}, + DestinationsUpstream: watch.NewMap[UpstreamID, *structs.ServiceConfigEntry](), + DestinationGateways: watch.NewMap[UpstreamID, structs.CheckServiceNodes](), WatchedServiceChecks: map[structs.ServiceID][]structs.CheckType{}, Intentions: TestIntentions(), IntentionsSet: true, @@ -297,6 +299,8 @@ func TestManager_BasicLifecycle(t *testing.T) { PeerUpstreamEndpointsUseHostnames: map[UpstreamID]struct{}{}, }, PreparedQueryEndpoints: map[UpstreamID]structs.CheckServiceNodes{}, + DestinationsUpstream: watch.NewMap[UpstreamID, *structs.ServiceConfigEntry](), + DestinationGateways: watch.NewMap[UpstreamID, structs.CheckServiceNodes](), WatchedServiceChecks: map[structs.ServiceID][]structs.CheckType{}, Intentions: TestIntentions(), IntentionsSet: true, diff --git a/agent/proxycfg/snapshot.go b/agent/proxycfg/snapshot.go index 6a02aad1e..b04c67c26 100644 --- a/agent/proxycfg/snapshot.go +++ b/agent/proxycfg/snapshot.go @@ -142,6 +142,9 @@ type configSnapshotConnectProxy struct { // intentions. Intentions structs.Intentions IntentionsSet bool + + DestinationsUpstream watch.Map[UpstreamID, *structs.ServiceConfigEntry] + DestinationGateways watch.Map[UpstreamID, structs.CheckServiceNodes] } // isEmpty is a test helper @@ -163,6 +166,8 @@ func (c *configSnapshotConnectProxy) isEmpty() bool { len(c.UpstreamConfig) == 0 && len(c.PassthroughUpstreams) == 0 && len(c.IntentionUpstreams) == 0 && + c.DestinationGateways.Len() == 0 && + c.DestinationsUpstream.Len() == 0 && len(c.PeeredUpstreams) == 0 && !c.InboundPeerTrustBundlesSet && !c.MeshConfigSet && diff --git a/agent/proxycfg/state.go b/agent/proxycfg/state.go index f9388cf48..13b22c4fd 100644 --- a/agent/proxycfg/state.go +++ b/agent/proxycfg/state.go @@ -37,9 +37,12 @@ const ( serviceIntentionsIDPrefix = "service-intentions:" intentionUpstreamsID = "intention-upstreams" peeredUpstreamsID = "peered-upstreams" + intentionUpstreamsDestinationID = "intention-upstreams-destination" upstreamPeerWatchIDPrefix = "upstream-peer:" exportedServiceListWatchID = "exported-service-list" meshConfigEntryID = "mesh" + DestinationConfigEntryID = "destination:" + DestinationGatewayID = "dest-gateway:" svcChecksWatchIDPrefix = cachetype.ServiceHTTPChecksName + ":" preparedQueryIDPrefix = string(structs.UpstreamDestTypePreparedQuery) + ":" defaultPreparedQueryPollInterval = 30 * time.Second diff --git a/agent/proxycfg/state_test.go b/agent/proxycfg/state_test.go index 36b641a69..662596b9b 100644 --- a/agent/proxycfg/state_test.go +++ b/agent/proxycfg/state_test.go @@ -125,10 +125,12 @@ func recordWatches(sc *stateConfig) *watchRecorder { Datacenters: typedWatchRecorder[*structs.DatacentersRequest]{wr}, FederationStateListMeshGateways: typedWatchRecorder[*structs.DCSpecificRequest]{wr}, GatewayServices: typedWatchRecorder[*structs.ServiceSpecificRequest]{wr}, + ServiceGateways: typedWatchRecorder[*structs.ServiceSpecificRequest]{wr}, Health: typedWatchRecorder[*structs.ServiceSpecificRequest]{wr}, HTTPChecks: typedWatchRecorder[*cachetype.ServiceHTTPChecksRequest]{wr}, Intentions: typedWatchRecorder[*structs.ServiceSpecificRequest]{wr}, IntentionUpstreams: typedWatchRecorder[*structs.ServiceSpecificRequest]{wr}, + IntentionUpstreamsDestination: typedWatchRecorder[*structs.ServiceSpecificRequest]{wr}, InternalServiceDump: typedWatchRecorder[*structs.ServiceDumpRequest]{wr}, LeafCertificate: typedWatchRecorder[*cachetype.ConnectCALeafRequest]{wr}, PeeredUpstreams: typedWatchRecorder[*structs.PartitionSpecificRequest]{wr}, @@ -1738,11 +1740,12 @@ func TestState_WatchesAndUpdates(t *testing.T) { stages: []verificationStage{ { requiredWatches: map[string]verifyWatchRequest{ - intentionsWatchID: genVerifyIntentionWatch("api", "dc1"), - intentionUpstreamsID: genVerifyServiceSpecificRequest("api", "", "dc1", false), - meshConfigEntryID: genVerifyMeshConfigWatch("dc1"), - rootsWatchID: genVerifyDCSpecificWatch("dc1"), - leafWatchID: genVerifyLeafWatch("api", "dc1"), + intentionsWatchID: genVerifyIntentionWatch("api", "dc1"), + intentionUpstreamsID: genVerifyServiceSpecificRequest("api", "", "dc1", false), + intentionUpstreamsDestinationID: genVerifyServiceSpecificRequest("api", "", "dc1", false), + meshConfigEntryID: genVerifyMeshConfigWatch("dc1"), + rootsWatchID: genVerifyDCSpecificWatch("dc1"), + leafWatchID: genVerifyLeafWatch("api", "dc1"), }, verifySnapshot: func(t testing.TB, snap *ConfigSnapshot) { require.False(t, snap.Valid(), "proxy without roots/leaf/intentions is not valid") @@ -1823,11 +1826,12 @@ func TestState_WatchesAndUpdates(t *testing.T) { // Empty on initialization { requiredWatches: map[string]verifyWatchRequest{ - intentionsWatchID: genVerifyIntentionWatch("api", "dc1"), - intentionUpstreamsID: genVerifyServiceSpecificRequest("api", "", "dc1", false), - meshConfigEntryID: genVerifyMeshConfigWatch("dc1"), - rootsWatchID: genVerifyDCSpecificWatch("dc1"), - leafWatchID: genVerifyLeafWatch("api", "dc1"), + intentionsWatchID: genVerifyIntentionWatch("api", "dc1"), + intentionUpstreamsID: genVerifyServiceSpecificRequest("api", "", "dc1", false), + intentionUpstreamsDestinationID: genVerifyServiceSpecificRequest("api", "", "dc1", false), + meshConfigEntryID: genVerifyMeshConfigWatch("dc1"), + rootsWatchID: genVerifyDCSpecificWatch("dc1"), + leafWatchID: genVerifyLeafWatch("api", "dc1"), }, verifySnapshot: func(t testing.TB, snap *ConfigSnapshot) { require.False(t, snap.Valid(), "proxy without roots/leaf/intentions is not valid") @@ -1882,10 +1886,11 @@ func TestState_WatchesAndUpdates(t *testing.T) { // Receiving an intention should lead to spinning up a discovery chain watch { requiredWatches: map[string]verifyWatchRequest{ - intentionsWatchID: genVerifyIntentionWatch("api", "dc1"), - intentionUpstreamsID: genVerifyServiceSpecificRequest("api", "", "dc1", false), - rootsWatchID: genVerifyDCSpecificWatch("dc1"), - leafWatchID: genVerifyLeafWatch("api", "dc1"), + intentionsWatchID: genVerifyIntentionWatch("api", "dc1"), + intentionUpstreamsID: genVerifyServiceSpecificRequest("api", "", "dc1", false), + intentionUpstreamsDestinationID: genVerifyServiceSpecificRequest("api", "", "dc1", false), + rootsWatchID: genVerifyDCSpecificWatch("dc1"), + leafWatchID: genVerifyLeafWatch("api", "dc1"), }, events: []UpdateEvent{ { @@ -2313,10 +2318,11 @@ func TestState_WatchesAndUpdates(t *testing.T) { { // Empty list of upstreams should clean up map keys requiredWatches: map[string]verifyWatchRequest{ - intentionsWatchID: genVerifyIntentionWatch("api", "dc1"), - intentionUpstreamsID: genVerifyServiceSpecificRequest("api", "", "dc1", false), - rootsWatchID: genVerifyDCSpecificWatch("dc1"), - leafWatchID: genVerifyLeafWatch("api", "dc1"), + intentionsWatchID: genVerifyIntentionWatch("api", "dc1"), + intentionUpstreamsID: genVerifyServiceSpecificRequest("api", "", "dc1", false), + intentionUpstreamsDestinationID: genVerifyServiceSpecificRequest("api", "", "dc1", false), + rootsWatchID: genVerifyDCSpecificWatch("dc1"), + leafWatchID: genVerifyLeafWatch("api", "dc1"), }, events: []UpdateEvent{ { @@ -2344,6 +2350,169 @@ func TestState_WatchesAndUpdates(t *testing.T) { }, }, }, + "transparent-proxy-handle-update-destination": { + ns: structs.NodeService{ + Kind: structs.ServiceKindConnectProxy, + ID: "api-proxy", + Service: "api-proxy", + Address: "10.0.1.1", + Proxy: structs.ConnectProxyConfig{ + DestinationServiceName: "api", + Mode: structs.ProxyModeTransparent, + Upstreams: structs.Upstreams{ + { + CentrallyConfigured: true, + DestinationName: structs.WildcardSpecifier, + DestinationNamespace: structs.WildcardSpecifier, + Config: map[string]interface{}{ + "connect_timeout_ms": 6000, + }, + MeshGateway: structs.MeshGatewayConfig{Mode: structs.MeshGatewayModeRemote}, + }, + }, + }, + }, + sourceDC: "dc1", + stages: []verificationStage{ + // Empty on initialization + { + requiredWatches: map[string]verifyWatchRequest{ + intentionsWatchID: genVerifyIntentionWatch("api", "dc1"), + intentionUpstreamsID: genVerifyServiceSpecificRequest("api", "", "dc1", false), + intentionUpstreamsDestinationID: genVerifyServiceSpecificRequest("api", "", "dc1", false), + meshConfigEntryID: genVerifyMeshConfigWatch("dc1"), + rootsWatchID: genVerifyDCSpecificWatch("dc1"), + leafWatchID: genVerifyLeafWatch("api", "dc1"), + }, + verifySnapshot: func(t testing.TB, snap *ConfigSnapshot) { + require.False(t, snap.Valid(), "proxy without roots/leaf/intentions is not valid") + require.True(t, snap.MeshGateway.isEmpty()) + require.True(t, snap.IngressGateway.isEmpty()) + require.True(t, snap.TerminatingGateway.isEmpty()) + + // Centrally configured upstream defaults should be stored so that upstreams from intentions can inherit them + require.Len(t, snap.ConnectProxy.UpstreamConfig, 1) + + wc := structs.NewServiceName(structs.WildcardSpecifier, structs.WildcardEnterpriseMetaInDefaultPartition()) + wcUID := NewUpstreamIDFromServiceName(wc) + require.Contains(t, snap.ConnectProxy.UpstreamConfig, wcUID) + }, + }, + // Valid snapshot after roots, leaf, and intentions + { + events: []UpdateEvent{ + rootWatchEvent(), + { + CorrelationID: leafWatchID, + Result: issuedCert, + Err: nil, + }, + { + CorrelationID: intentionsWatchID, + Result: TestIntentions(), + Err: nil, + }, + { + CorrelationID: meshConfigEntryID, + Result: &structs.ConfigEntryResponse{ + Entry: &structs.MeshConfigEntry{ + TransparentProxy: structs.TransparentProxyMeshConfig{}, + }, + }, + Err: nil, + }, + }, + verifySnapshot: func(t testing.TB, snap *ConfigSnapshot) { + require.True(t, snap.Valid(), "proxy with roots/leaf/intentions is valid") + require.Equal(t, indexedRoots, snap.Roots) + require.Equal(t, issuedCert, snap.Leaf()) + require.Equal(t, TestIntentions(), snap.ConnectProxy.Intentions) + require.True(t, snap.MeshGateway.isEmpty()) + require.True(t, snap.IngressGateway.isEmpty()) + require.True(t, snap.TerminatingGateway.isEmpty()) + require.True(t, snap.ConnectProxy.MeshConfigSet) + require.NotNil(t, snap.ConnectProxy.MeshConfig) + }, + }, + // Receiving an intention should lead to spinning up a DestinationConfigEntryID + { + requiredWatches: map[string]verifyWatchRequest{ + intentionsWatchID: genVerifyIntentionWatch("api", "dc1"), + intentionUpstreamsID: genVerifyServiceSpecificRequest("api", "", "dc1", false), + intentionUpstreamsDestinationID: genVerifyServiceSpecificRequest("api", "", "dc1", false), + rootsWatchID: genVerifyDCSpecificWatch("dc1"), + leafWatchID: genVerifyLeafWatch("api", "dc1"), + }, + events: []UpdateEvent{ + { + CorrelationID: intentionUpstreamsDestinationID, + Result: &structs.IndexedServiceList{ + Services: structs.ServiceList{ + db, + }, + }, + Err: nil, + }, + }, + verifySnapshot: func(t testing.TB, snap *ConfigSnapshot) { + require.True(t, snap.Valid(), "should still be valid") + + // Watches have a key allocated even if the value is not set + require.Equal(t, 1, snap.ConnectProxy.DestinationsUpstream.Len()) + }, + }, + // DestinationConfigEntryID updates should be stored + { + requiredWatches: map[string]verifyWatchRequest{ + DestinationConfigEntryID + dbUID.String(): genVerifyConfigEntryWatch(structs.ServiceDefaults, db.Name, "dc1"), + }, + events: []UpdateEvent{ + { + CorrelationID: DestinationConfigEntryID + dbUID.String(), + Result: &structs.ConfigEntryResponse{ + Entry: &structs.ServiceConfigEntry{Name: "db", Destination: &structs.DestinationConfig{}}, + }, + Err: nil, + }, + { + CorrelationID: DestinationGatewayID + dbUID.String(), + Result: &structs.IndexedCheckServiceNodes{ + Nodes: structs.CheckServiceNodes{ + { + Node: &structs.Node{ + Node: "foo", + Partition: api.PartitionOrDefault(), + Datacenter: "dc1", + }, + Service: &structs.NodeService{ + Service: "gtwy1", + TaggedAddresses: map[string]structs.ServiceAddress{ + structs.ServiceGatewayVirtualIPTag(structs.ServiceName{Name: "db", EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition()}): {Address: "172.0.0.1", Port: 443}, + }, + }, + Checks: structs.HealthChecks{}, + }, + }, + }, + Err: nil, + }, + }, + verifySnapshot: func(t testing.TB, snap *ConfigSnapshot) { + require.True(t, snap.Valid(), "should still be valid") + require.Equal(t, 1, snap.ConnectProxy.DestinationsUpstream.Len()) + require.Equal(t, 1, snap.ConnectProxy.DestinationGateways.Len()) + snap.ConnectProxy.DestinationsUpstream.ForEachKey(func(uid UpstreamID) bool { + _, ok := snap.ConnectProxy.DestinationsUpstream.Get(uid) + require.True(t, ok) + return true + }) + dbDest, ok := snap.ConnectProxy.DestinationsUpstream.Get(dbUID) + require.True(t, ok) + require.Equal(t, structs.ServiceConfigEntry{Name: "db", Destination: &structs.DestinationConfig{}}, *dbDest) + }, + }, + }, + }, // Receiving an empty upstreams from Intentions list shouldn't delete explicit upstream watches "transparent-proxy-handle-update-explicit-cross-dc": { ns: structs.NodeService{ @@ -2379,9 +2548,10 @@ func TestState_WatchesAndUpdates(t *testing.T) { // Empty on initialization { requiredWatches: map[string]verifyWatchRequest{ - intentionsWatchID: genVerifyIntentionWatch("api", "dc1"), - intentionUpstreamsID: genVerifyServiceSpecificRequest("api", "", "dc1", false), - meshConfigEntryID: genVerifyMeshConfigWatch("dc1"), + intentionsWatchID: genVerifyIntentionWatch("api", "dc1"), + intentionUpstreamsID: genVerifyServiceSpecificRequest("api", "", "dc1", false), + intentionUpstreamsDestinationID: genVerifyServiceSpecificRequest("api", "", "dc1", false), + meshConfigEntryID: genVerifyMeshConfigWatch("dc1"), "discovery-chain:" + upstreamIDForDC2(dbUID).String(): genVerifyDiscoveryChainWatch(&structs.DiscoveryChainRequest{ Name: "db", EvaluateInDatacenter: "dc2", @@ -2479,8 +2649,9 @@ func TestState_WatchesAndUpdates(t *testing.T) { // be deleted from the snapshot. { requiredWatches: map[string]verifyWatchRequest{ - intentionsWatchID: genVerifyIntentionWatch("api", "dc1"), - intentionUpstreamsID: genVerifyServiceSpecificRequest("api", "", "dc1", false), + intentionsWatchID: genVerifyIntentionWatch("api", "dc1"), + intentionUpstreamsID: genVerifyServiceSpecificRequest("api", "", "dc1", false), + intentionUpstreamsDestinationID: genVerifyServiceSpecificRequest("api", "", "dc1", false), "discovery-chain:" + upstreamIDForDC2(dbUID).String(): genVerifyDiscoveryChainWatch(&structs.DiscoveryChainRequest{ Name: "db", EvaluateInDatacenter: "dc2", diff --git a/agent/proxycfg/testing.go b/agent/proxycfg/testing.go index 744c17e18..dfde519d1 100644 --- a/agent/proxycfg/testing.go +++ b/agent/proxycfg/testing.go @@ -739,10 +739,12 @@ func testConfigSnapshotFixture( Datacenters: &noopDataSource[*structs.DatacentersRequest]{}, FederationStateListMeshGateways: &noopDataSource[*structs.DCSpecificRequest]{}, GatewayServices: &noopDataSource[*structs.ServiceSpecificRequest]{}, + ServiceGateways: &noopDataSource[*structs.ServiceSpecificRequest]{}, Health: &noopDataSource[*structs.ServiceSpecificRequest]{}, HTTPChecks: &noopDataSource[*cachetype.ServiceHTTPChecksRequest]{}, Intentions: &noopDataSource[*structs.ServiceSpecificRequest]{}, IntentionUpstreams: &noopDataSource[*structs.ServiceSpecificRequest]{}, + IntentionUpstreamsDestination: &noopDataSource[*structs.ServiceSpecificRequest]{}, InternalServiceDump: &noopDataSource[*structs.ServiceDumpRequest]{}, LeafCertificate: &noopDataSource[*cachetype.ConnectCALeafRequest]{}, PeeredUpstreams: &noopDataSource[*structs.PartitionSpecificRequest]{}, @@ -946,6 +948,7 @@ func NewTestDataSources() *TestDataSources { HTTPChecks: NewTestDataSource[*cachetype.ServiceHTTPChecksRequest, []structs.CheckType](), Intentions: NewTestDataSource[*structs.ServiceSpecificRequest, structs.Intentions](), IntentionUpstreams: NewTestDataSource[*structs.ServiceSpecificRequest, *structs.IndexedServiceList](), + IntentionUpstreamsDestination: NewTestDataSource[*structs.ServiceSpecificRequest, *structs.IndexedServiceList](), InternalServiceDump: NewTestDataSource[*structs.ServiceDumpRequest, *structs.IndexedNodesWithGateways](), LeafCertificate: NewTestDataSource[*cachetype.ConnectCALeafRequest, *structs.IssuedCert](), PreparedQuery: NewTestDataSource[*structs.PreparedQueryExecuteRequest, *structs.PreparedQueryExecuteResponse](), @@ -966,10 +969,12 @@ type TestDataSources struct { FederationStateListMeshGateways *TestDataSource[*structs.DCSpecificRequest, *structs.DatacenterIndexedCheckServiceNodes] Datacenters *TestDataSource[*structs.DatacentersRequest, *[]string] GatewayServices *TestDataSource[*structs.ServiceSpecificRequest, *structs.IndexedGatewayServices] + ServiceGateways *TestDataSource[*structs.ServiceSpecificRequest, *structs.IndexedServiceNodes] Health *TestDataSource[*structs.ServiceSpecificRequest, *structs.IndexedCheckServiceNodes] HTTPChecks *TestDataSource[*cachetype.ServiceHTTPChecksRequest, []structs.CheckType] Intentions *TestDataSource[*structs.ServiceSpecificRequest, structs.Intentions] IntentionUpstreams *TestDataSource[*structs.ServiceSpecificRequest, *structs.IndexedServiceList] + IntentionUpstreamsDestination *TestDataSource[*structs.ServiceSpecificRequest, *structs.IndexedServiceList] InternalServiceDump *TestDataSource[*structs.ServiceDumpRequest, *structs.IndexedNodesWithGateways] LeafCertificate *TestDataSource[*cachetype.ConnectCALeafRequest, *structs.IssuedCert] PeeredUpstreams *TestDataSource[*structs.PartitionSpecificRequest, *structs.IndexedPeeredServiceList] @@ -984,24 +989,26 @@ type TestDataSources struct { func (t *TestDataSources) ToDataSources() DataSources { ds := DataSources{ - CARoots: t.CARoots, - CompiledDiscoveryChain: t.CompiledDiscoveryChain, - ConfigEntry: t.ConfigEntry, - ConfigEntryList: t.ConfigEntryList, - Datacenters: t.Datacenters, - GatewayServices: t.GatewayServices, - Health: t.Health, - HTTPChecks: t.HTTPChecks, - Intentions: t.Intentions, - IntentionUpstreams: t.IntentionUpstreams, - InternalServiceDump: t.InternalServiceDump, - LeafCertificate: t.LeafCertificate, - PeeredUpstreams: t.PeeredUpstreams, - PreparedQuery: t.PreparedQuery, - ResolvedServiceConfig: t.ResolvedServiceConfig, - ServiceList: t.ServiceList, - TrustBundle: t.TrustBundle, - TrustBundleList: t.TrustBundleList, + CARoots: t.CARoots, + CompiledDiscoveryChain: t.CompiledDiscoveryChain, + ConfigEntry: t.ConfigEntry, + ConfigEntryList: t.ConfigEntryList, + Datacenters: t.Datacenters, + GatewayServices: t.GatewayServices, + ServiceGateways: t.ServiceGateways, + Health: t.Health, + HTTPChecks: t.HTTPChecks, + Intentions: t.Intentions, + IntentionUpstreams: t.IntentionUpstreams, + IntentionUpstreamsDestination: t.IntentionUpstreamsDestination, + InternalServiceDump: t.InternalServiceDump, + LeafCertificate: t.LeafCertificate, + PeeredUpstreams: t.PeeredUpstreams, + PreparedQuery: t.PreparedQuery, + ResolvedServiceConfig: t.ResolvedServiceConfig, + ServiceList: t.ServiceList, + TrustBundle: t.TrustBundle, + TrustBundleList: t.TrustBundleList, } t.fillEnterpriseDataSources(&ds) return ds diff --git a/agent/proxycfg/testing_terminating_gateway.go b/agent/proxycfg/testing_terminating_gateway.go index 00771433b..64a624e70 100644 --- a/agent/proxycfg/testing_terminating_gateway.go +++ b/agent/proxycfg/testing_terminating_gateway.go @@ -328,8 +328,10 @@ func TestConfigSnapshotTerminatingGatewayDestinations(t testing.T, populateDesti roots, _ := TestCerts(t) var ( - externalIPTCP = structs.NewServiceName("external-IP-TCP", nil) - externalHostnameTCP = structs.NewServiceName("external-hostname-TCP", nil) + externalIPTCP = structs.NewServiceName("external-IP-TCP", nil) + externalHostnameTCP = structs.NewServiceName("external-hostname-TCP", nil) + externalIPHTTP = structs.NewServiceName("external-IP-HTTP", nil) + externalHostnameHTTP = structs.NewServiceName("external-hostname-HTTP", nil) ) baseEvents := []UpdateEvent{ @@ -357,6 +359,14 @@ func TestConfigSnapshotTerminatingGatewayDestinations(t testing.T, populateDesti Service: externalHostnameTCP, ServiceKind: structs.GatewayServiceKindDestination, }, + &structs.GatewayService{ + Service: externalIPHTTP, + ServiceKind: structs.GatewayServiceKindDestination, + }, + &structs.GatewayService{ + Service: externalHostnameHTTP, + ServiceKind: structs.GatewayServiceKindDestination, + }, ) baseEvents = testSpliceEvents(baseEvents, []UpdateEvent{ @@ -375,6 +385,14 @@ func TestConfigSnapshotTerminatingGatewayDestinations(t testing.T, populateDesti CorrelationID: serviceIntentionsIDPrefix + externalHostnameTCP.String(), Result: structs.Intentions{}, }, + { + CorrelationID: serviceIntentionsIDPrefix + externalIPHTTP.String(), + Result: structs.Intentions{}, + }, + { + CorrelationID: serviceIntentionsIDPrefix + externalHostnameHTTP.String(), + Result: structs.Intentions{}, + }, // ======== { CorrelationID: serviceLeafIDPrefix + externalIPTCP.String(), @@ -390,6 +408,20 @@ func TestConfigSnapshotTerminatingGatewayDestinations(t testing.T, populateDesti PrivateKeyPEM: "placeholder.key", }, }, + { + CorrelationID: serviceLeafIDPrefix + externalIPHTTP.String(), + Result: &structs.IssuedCert{ + CertPEM: "placeholder.crt", + PrivateKeyPEM: "placeholder.key", + }, + }, + { + CorrelationID: serviceLeafIDPrefix + externalHostnameHTTP.String(), + Result: &structs.IssuedCert{ + CertPEM: "placeholder.crt", + PrivateKeyPEM: "placeholder.key", + }, + }, // ======== { CorrelationID: serviceConfigIDPrefix + externalIPTCP.String(), @@ -408,11 +440,33 @@ func TestConfigSnapshotTerminatingGatewayDestinations(t testing.T, populateDesti Mode: structs.ProxyModeTransparent, ProxyConfig: map[string]interface{}{"protocol": "tcp"}, Destination: structs.DestinationConfig{ - Address: "*.hashicorp.com", + Address: "api.hashicorp.com", Port: 8089, }, }, }, + { + CorrelationID: serviceConfigIDPrefix + externalIPHTTP.String(), + Result: &structs.ServiceConfigResponse{ + Mode: structs.ProxyModeTransparent, + ProxyConfig: map[string]interface{}{"protocol": "http"}, + Destination: structs.DestinationConfig{ + Address: "192.168.0.2", + Port: 80, + }, + }, + }, + { + CorrelationID: serviceConfigIDPrefix + externalHostnameHTTP.String(), + Result: &structs.ServiceConfigResponse{ + Mode: structs.ProxyModeTransparent, + ProxyConfig: map[string]interface{}{"protocol": "http"}, + Destination: structs.DestinationConfig{ + Address: "httpbin.org", + Port: 80, + }, + }, + }, }) } diff --git a/agent/proxycfg/testing_tproxy.go b/agent/proxycfg/testing_tproxy.go index b93e6c970..ab55f3313 100644 --- a/agent/proxycfg/testing_tproxy.go +++ b/agent/proxycfg/testing_tproxy.go @@ -1,6 +1,7 @@ package proxycfg import ( + "github.com/hashicorp/consul/api" "time" "github.com/mitchellh/go-testing-interface" @@ -522,3 +523,117 @@ func TestConfigSnapshotTransparentProxyTerminatingGatewayCatalogDestinationsOnly }, }) } + +func TestConfigSnapshotTransparentProxyDestination(t testing.T) *ConfigSnapshot { + // DiscoveryChain without an UpstreamConfig should yield a + // filter chain when in transparent proxy mode + var ( + google = structs.NewServiceName("google", nil) + googleUID = NewUpstreamIDFromServiceName(google) + googleCE = structs.ServiceConfigEntry{Name: "google", Destination: &structs.DestinationConfig{Address: "www.google.com", Port: 443}} + + kafka = structs.NewServiceName("kafka", nil) + kafkaUID = NewUpstreamIDFromServiceName(kafka) + kafkaCE = structs.ServiceConfigEntry{Name: "kafka", Destination: &structs.DestinationConfig{Address: "192.168.2.1", Port: 9093}} + ) + + return TestConfigSnapshot(t, func(ns *structs.NodeService) { + ns.Proxy.Mode = structs.ProxyModeTransparent + }, []UpdateEvent{ + { + CorrelationID: meshConfigEntryID, + Result: &structs.ConfigEntryResponse{ + Entry: &structs.MeshConfigEntry{ + TransparentProxy: structs.TransparentProxyMeshConfig{ + MeshDestinationsOnly: true, + }, + }, + }, + }, + { + CorrelationID: intentionUpstreamsDestinationID, + Result: &structs.IndexedServiceList{ + Services: structs.ServiceList{ + google, + kafka, + }, + }, + }, + { + CorrelationID: DestinationConfigEntryID + googleUID.String(), + Result: &structs.ConfigEntryResponse{ + Entry: &googleCE, + }, + }, + { + CorrelationID: DestinationConfigEntryID + kafkaUID.String(), + Result: &structs.ConfigEntryResponse{ + Entry: &kafkaCE, + }, + }, + { + CorrelationID: DestinationGatewayID + googleUID.String(), + Result: &structs.IndexedCheckServiceNodes{ + Nodes: structs.CheckServiceNodes{ + { + Node: &structs.Node{ + Node: "node1", + Address: "172.168.0.1", + Datacenter: "dc1", + }, + Service: &structs.NodeService{ + ID: "tgtw1", + Address: "172.168.0.1", + Port: 8443, + Kind: structs.ServiceKindTerminatingGateway, + TaggedAddresses: map[string]structs.ServiceAddress{ + structs.TaggedAddressLANIPv4: {Address: "172.168.0.1", Port: 8443}, + structs.TaggedAddressVirtualIP: {Address: "240.0.0.1"}, + }, + }, + Checks: []*structs.HealthCheck{ + { + Node: "node1", + ServiceName: "tgtw", + Name: "force", + Status: api.HealthPassing, + }, + }, + }, + }, + }, + }, + { + CorrelationID: DestinationGatewayID + kafkaUID.String(), + Result: &structs.IndexedCheckServiceNodes{ + Nodes: structs.CheckServiceNodes{ + { + Node: &structs.Node{ + Node: "node1", + Address: "172.168.0.1", + Datacenter: "dc1", + }, + Service: &structs.NodeService{ + ID: "tgtw1", + Address: "172.168.0.1", + Port: 8443, + Kind: structs.ServiceKindTerminatingGateway, + TaggedAddresses: map[string]structs.ServiceAddress{ + structs.TaggedAddressLANIPv4: {Address: "172.168.0.1", Port: 8443}, + structs.TaggedAddressVirtualIP: {Address: "240.0.0.1"}, + }, + }, + Checks: []*structs.HealthCheck{ + { + Node: "node1", + ServiceName: "tgtw", + Name: "force", + Status: api.HealthPassing, + }, + }, + }, + }, + }, + }, + }) +} diff --git a/agent/xds/clusters.go b/agent/xds/clusters.go index b4f4eea39..562e7e692 100644 --- a/agent/xds/clusters.go +++ b/agent/xds/clusters.go @@ -9,8 +9,6 @@ import ( envoy_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" envoy_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3" - envoy_cluster_dynamic_forward_proxy_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/clusters/dynamic_forward_proxy/v3" - envoy_common_dynamic_forward_proxy_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/common/dynamic_forward_proxy/v3" envoy_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" envoy_upstreams_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/upstreams/http/v3" envoy_matcher_v3 "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3" @@ -29,12 +27,6 @@ import ( "github.com/hashicorp/consul/agent/structs" ) -const ( - dynamicForwardProxyClusterName = "dynamic_forward_proxy_cluster" - dynamicForwardProxyClusterTypeName = "envoy.clusters.dynamic_forward_proxy" - dynamicForwardProxyClusterDNSCacheName = "dynamic_forward_proxy_cache_config" -) - const ( meshGatewayExportedClusterNamePrefix = "exported~" ) @@ -247,28 +239,7 @@ func makePassthroughClusters(cfgSnap *proxycfg.ConfigSnapshot) ([]proto.Message, c.ConnectTimeout = durationpb.New(discoTarget.ConnectTimeout) } - spiffeID := connect.SpiffeIDService{ - Host: cfgSnap.Roots.TrustDomain, - Partition: uid.PartitionOrDefault(), - Namespace: uid.NamespaceOrDefault(), - Datacenter: cfgSnap.Datacenter, - Service: uid.Name, - } - - commonTLSContext := makeCommonTLSContext( - cfgSnap.Leaf(), - cfgSnap.RootPEMs(), - makeTLSParametersFromProxyTLSConfig(cfgSnap.MeshConfigTLSOutgoing()), - ) - err := injectSANMatcher(commonTLSContext, spiffeID.URI().String()) - if err != nil { - return nil, fmt.Errorf("failed to inject SAN matcher rules for cluster %q: %v", sni, err) - } - tlsContext := envoy_tls_v3.UpstreamTlsContext{ - CommonTlsContext: commonTLSContext, - Sni: sni, - } - transportSocket, err := makeUpstreamTLSTransportSocket(&tlsContext) + transportSocket, err := makeMTLSTransportSocket(cfgSnap, uid, sni) if err != nil { return nil, err } @@ -277,9 +248,84 @@ func makePassthroughClusters(cfgSnap *proxycfg.ConfigSnapshot) ([]proto.Message, } } + err := cfgSnap.ConnectProxy.DestinationsUpstream.ForEachKeyE(func(uid proxycfg.UpstreamID) error { + name := clusterNameForDestination(cfgSnap, uid.Name, uid.NamespaceOrDefault(), uid.PartitionOrDefault()) + + c := envoy_cluster_v3.Cluster{ + Name: name, + AltStatName: name, + ConnectTimeout: durationpb.New(5 * time.Second), + CommonLbConfig: &envoy_cluster_v3.Cluster_CommonLbConfig{ + HealthyPanicThreshold: &envoy_type_v3.Percent{ + Value: 0, // disable panic threshold + }, + }, + ClusterDiscoveryType: &envoy_cluster_v3.Cluster_Type{Type: envoy_cluster_v3.Cluster_EDS}, + EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + EdsConfig: &envoy_core_v3.ConfigSource{ + ResourceApiVersion: envoy_core_v3.ApiVersion_V3, + ConfigSourceSpecifier: &envoy_core_v3.ConfigSource_Ads{ + Ads: &envoy_core_v3.AggregatedConfigSource{}, + }, + }, + }, + // Endpoints are managed separately by EDS + // Having an empty config enables outlier detection with default config. + OutlierDetection: &envoy_cluster_v3.OutlierDetection{}, + } + + // Use the cluster name as the SNI to match on in the terminating gateway + transportSocket, err := makeMTLSTransportSocket(cfgSnap, uid, name) + if err != nil { + return err + } + c.TransportSocket = transportSocket + clusters = append(clusters, &c) + return nil + }) + if err != nil { + return nil, err + } + return clusters, nil } +func makeMTLSTransportSocket(cfgSnap *proxycfg.ConfigSnapshot, uid proxycfg.UpstreamID, sni string) (*envoy_core_v3.TransportSocket, error) { + spiffeID := connect.SpiffeIDService{ + Host: cfgSnap.Roots.TrustDomain, + Partition: uid.PartitionOrDefault(), + Namespace: uid.NamespaceOrDefault(), + Datacenter: cfgSnap.Datacenter, + Service: uid.Name, + } + + commonTLSContext := makeCommonTLSContext( + cfgSnap.Leaf(), + cfgSnap.RootPEMs(), + makeTLSParametersFromProxyTLSConfig(cfgSnap.MeshConfigTLSOutgoing()), + ) + err := injectSANMatcher(commonTLSContext, spiffeID.URI().String()) + if err != nil { + return nil, fmt.Errorf("failed to inject SAN matcher rules for cluster %q: %v", sni, err) + } + tlsContext := envoy_tls_v3.UpstreamTlsContext{ + CommonTlsContext: commonTLSContext, + Sni: sni, + } + transportSocket, err := makeUpstreamTLSTransportSocket(&tlsContext) + if err != nil { + return nil, err + } + return transportSocket, nil +} + +func clusterNameForDestination(cfgSnap *proxycfg.ConfigSnapshot, name string, namespace string, partition string) string { + sni := connect.ServiceSNI(name, "", namespace, partition, cfgSnap.Datacenter, cfgSnap.Roots.TrustDomain) + + // Prefixed with destination to distinguish from non-passthrough clusters for the same upstream. + return "destination~" + sni +} + // clustersFromSnapshotMeshGateway returns the xDS API representation of the "clusters" // for a mesh gateway. This will include 1 cluster per remote datacenter as well as // 1 cluster for each service subset. @@ -475,7 +521,6 @@ func (s *ResourceGenerator) makeGatewayServiceClusters( } func (s *ResourceGenerator) makeDestinationClusters(cfgSnap *proxycfg.ConfigSnapshot) ([]proto.Message, error) { - var createDynamicForwardProxy bool serviceConfigs := cfgSnap.TerminatingGateway.ServiceConfigs clusters := make([]proto.Message, 0, len(cfgSnap.TerminatingGateway.DestinationServices)) @@ -484,31 +529,17 @@ func (s *ResourceGenerator) makeDestinationClusters(cfgSnap *proxycfg.ConfigSnap svcConfig, _ := serviceConfigs[svcName] dest := svcConfig.Destination - // If IP, create a cluster with the fake name. - if dest.HasIP() { - opts := clusterOpts{ - name: connect.ServiceSNI(svcName.Name, "", svcName.NamespaceOrDefault(), svcName.PartitionOrDefault(), cfgSnap.Datacenter, cfgSnap.Roots.TrustDomain), - addressEndpoint: dest, - } - cluster := s.makeTerminatingIPCluster(cfgSnap, opts) - clusters = append(clusters, cluster) - continue - } - - // TODO (dans): clusters will need to be customized later when we figure out how to manage a TLS segment from the terminating gateway to the Destination. - createDynamicForwardProxy = true - } - - if createDynamicForwardProxy { opts := clusterOpts{ - name: dynamicForwardProxyClusterName, + name: clusterNameForDestination(cfgSnap, svcName.Name, svcName.NamespaceOrDefault(), svcName.PartitionOrDefault()), + addressEndpoint: dest, } - cluster := s.makeDynamicForwardProxyCluster(cfgSnap, opts) - // TODO (dans): might be relevant later for TLS addons like CA validation - // if err := s.injectGatewayServiceAddons(cfgSnap, cluster, svc, loadBalancer); err != nil { - // return nil, err - // } + var cluster *envoy_cluster_v3.Cluster + if dest.HasIP() { + cluster = s.makeTerminatingIPCluster(cfgSnap, opts) + } else { + cluster = s.makeTerminatingHostnameCluster(cfgSnap, opts) + } clusters = append(clusters, cluster) } return clusters, nil @@ -1360,7 +1391,7 @@ func configureClusterWithHostnames( } } -// makeGatewayCluster creates an Envoy cluster for a mesh or terminating gateway +// makeTerminatingIPCluster creates an Envoy cluster for a terminating gateway with an ip destination func (s *ResourceGenerator) makeTerminatingIPCluster(snap *proxycfg.ConfigSnapshot, opts clusterOpts) *envoy_cluster_v3.Cluster { cfg, err := ParseGatewayConfig(snap.Proxy.Config) if err != nil { @@ -1377,12 +1408,10 @@ func (s *ResourceGenerator) makeTerminatingIPCluster(snap *proxycfg.ConfigSnapsh ConnectTimeout: durationpb.New(opts.connectTimeout), // Having an empty config enables outlier detection with default config. - OutlierDetection: &envoy_cluster_v3.OutlierDetection{}, + OutlierDetection: &envoy_cluster_v3.OutlierDetection{}, + ClusterDiscoveryType: &envoy_cluster_v3.Cluster_Type{Type: envoy_cluster_v3.Cluster_STATIC}, } - discoveryType := envoy_cluster_v3.Cluster_Type{Type: envoy_cluster_v3.Cluster_STATIC} - cluster.ClusterDiscoveryType = &discoveryType - endpoints := []*envoy_endpoint_v3.LbEndpoint{ makeEndpoint(opts.addressEndpoint.Address, opts.addressEndpoint.Port), } @@ -1398,47 +1427,49 @@ func (s *ResourceGenerator) makeTerminatingIPCluster(snap *proxycfg.ConfigSnapsh return cluster } -// makeDynamicForwardProxyCluster creates an Envoy cluster for that routes based on the SNI header received at the listener -func (s *ResourceGenerator) makeDynamicForwardProxyCluster(snap *proxycfg.ConfigSnapshot, opts clusterOpts) *envoy_cluster_v3.Cluster { +// makeTerminatingHostnameCluster creates an Envoy cluster for a terminating gateway with a hostname destination +func (s *ResourceGenerator) makeTerminatingHostnameCluster(snap *proxycfg.ConfigSnapshot, opts clusterOpts) *envoy_cluster_v3.Cluster { cfg, err := ParseGatewayConfig(snap.Proxy.Config) if err != nil { // Don't hard fail on a config typo, just warn. The parse func returns // default config if there is an error so it's safe to continue. s.Logger.Warn("failed to parse gateway config", "error", err) } - if opts.connectTimeout <= 0 { - opts.connectTimeout = time.Duration(cfg.ConnectTimeoutMs) * time.Millisecond - } + opts.connectTimeout = time.Duration(cfg.ConnectTimeoutMs) * time.Millisecond cluster := &envoy_cluster_v3.Cluster{ Name: opts.name, ConnectTimeout: durationpb.New(opts.connectTimeout), + + // Having an empty config enables outlier detection with default config. + OutlierDetection: &envoy_cluster_v3.OutlierDetection{}, + ClusterDiscoveryType: &envoy_cluster_v3.Cluster_Type{Type: envoy_cluster_v3.Cluster_LOGICAL_DNS}, + DnsLookupFamily: envoy_cluster_v3.Cluster_AUTO, } - dynamicForwardProxyCluster, err := anypb.New(&envoy_cluster_dynamic_forward_proxy_v3.ClusterConfig{ - DnsCacheConfig: getCommonDNSCacheConfiguration(), - }) - if err != nil { - // we should never get here since this message is static - s.Logger.Error("failed serialize dynamic forward proxy cluster config", "error", err) - } + rate := 10 * time.Second + cluster.DnsRefreshRate = durationpb.New(rate) - cluster.LbPolicy = envoy_cluster_v3.Cluster_CLUSTER_PROVIDED - cluster.ClusterDiscoveryType = &envoy_cluster_v3.Cluster_ClusterType{ - ClusterType: &envoy_cluster_v3.Cluster_CustomClusterType{ - Name: dynamicForwardProxyClusterTypeName, - TypedConfig: dynamicForwardProxyCluster, + address := makeAddress(opts.addressEndpoint.Address, opts.addressEndpoint.Port) + + endpoints := []*envoy_endpoint_v3.LbEndpoint{ + { + HostIdentifier: &envoy_endpoint_v3.LbEndpoint_Endpoint{ + Endpoint: &envoy_endpoint_v3.Endpoint{ + Address: address, + }, + }, }, } - return cluster -} - -func getCommonDNSCacheConfiguration() *envoy_common_dynamic_forward_proxy_v3.DnsCacheConfig { - return &envoy_common_dynamic_forward_proxy_v3.DnsCacheConfig{ - Name: dynamicForwardProxyClusterDNSCacheName, - DnsLookupFamily: envoy_cluster_v3.Cluster_AUTO, + cluster.LoadAssignment = &envoy_endpoint_v3.ClusterLoadAssignment{ + ClusterName: cluster.Name, + Endpoints: []*envoy_endpoint_v3.LocalityLbEndpoints{{ + LbEndpoints: endpoints, + }}, } + + return cluster } func makeThresholdsIfNeeded(limits *structs.UpstreamLimits) []*envoy_cluster_v3.CircuitBreakers_Thresholds { diff --git a/agent/xds/clusters_test.go b/agent/xds/clusters_test.go index 49d333750..96e7615c7 100644 --- a/agent/xds/clusters_test.go +++ b/agent/xds/clusters_test.go @@ -621,12 +621,6 @@ func TestClustersFromSnapshot(t *testing.T) { name: "transparent-proxy-dial-instances-directly", create: proxycfg.TestConfigSnapshotTransparentProxyDialDirectly, }, - { - name: "transparent-proxy-terminating-gateway-destinations-only", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotTerminatingGatewayDestinations(t, true, nil) - }, - }, } latestEnvoyVersion := proxysupport.EnvoyVersions[0] diff --git a/agent/xds/endpoints.go b/agent/xds/endpoints.go index 2538914dd..edfe1c616 100644 --- a/agent/xds/endpoints.go +++ b/agent/xds/endpoints.go @@ -3,7 +3,6 @@ package xds import ( "errors" "fmt" - envoy_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" envoy_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3" @@ -149,6 +148,24 @@ func (s *ResourceGenerator) endpointsFromSnapshotConnectProxy(cfgSnap *proxycfg. } } + // Loop over potential destinations in the mesh, then grab the gateway nodes associated with each + cfgSnap.ConnectProxy.DestinationsUpstream.ForEachKey(func(uid proxycfg.UpstreamID) bool { + name := clusterNameForDestination(cfgSnap, uid.Name, uid.NamespaceOrDefault(), uid.PartitionOrDefault()) + + endpoints, ok := cfgSnap.ConnectProxy.DestinationGateways.Get(uid) + if ok { + la := makeLoadAssignment( + name, + []loadAssignmentEndpointGroup{ + {Endpoints: endpoints}, + }, + proxycfg.GatewayKey{ /*empty so it never matches*/ }, + ) + resources = append(resources, la) + } + return true + }) + return resources, nil } diff --git a/agent/xds/listeners.go b/agent/xds/listeners.go index 2f3650aa7..0ef16899f 100644 --- a/agent/xds/listeners.go +++ b/agent/xds/listeners.go @@ -22,7 +22,6 @@ import ( envoy_connection_limit_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/connection_limit/v3" envoy_http_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" envoy_sni_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/sni_cluster/v3" - envoy_sni_dynamic_forward_proxy_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/sni_dynamic_forward_proxy/v3" envoy_tcp_proxy_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/tcp_proxy/v3" envoy_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" envoy_type_v3 "github.com/envoyproxy/go-control-plane/envoy/type/v3" @@ -97,6 +96,7 @@ func (s *ResourceGenerator) listenersFromSnapshotConnectProxy(cfgSnap *proxycfg. outboundListener = makePortListener(OutboundListenerName, "127.0.0.1", port, envoy_core_v3.TrafficDirection_OUTBOUND) outboundListener.FilterChains = make([]*envoy_listener_v3.FilterChain, 0) + outboundListener.ListenerFilters = []*envoy_listener_v3.ListenerFilter{ // The original_dst filter is a listener filter that recovers the original destination // address before the iptables redirection. This filter is needed for transparent @@ -226,7 +226,44 @@ func (s *ResourceGenerator) listenersFromSnapshotConnectProxy(cfgSnap *proxycfg. outboundListener.FilterChains = append(outboundListener.FilterChains, filterChain) } } + hasDestination := false + err = cfgSnap.ConnectProxy.DestinationsUpstream.ForEachKeyE(func(uid proxycfg.UpstreamID) error { + destination, ok := cfgSnap.ConnectProxy.DestinationsUpstream.Get(uid) + + if ok && destination != nil { + upstreamCfg := cfgSnap.ConnectProxy.UpstreamConfig[uid] + cfg := s.getAndModifyUpstreamConfigForListener(uid, upstreamCfg, nil) + + clusterName := clusterNameForDestination(cfgSnap, uid.Name, uid.NamespaceOrDefault(), uid.PartitionOrDefault()) + filterChain, err := s.makeUpstreamFilterChain(filterChainOpts{ + routeName: uid.EnvoyID(), + clusterName: clusterName, + filterName: clusterName, + protocol: cfg.Protocol, + useRDS: cfg.Protocol != "tcp", + }) + if err != nil { + return err + } + filterChain.FilterChainMatch = makeFilterChainMatchFromAddressWithPort(destination.Destination.Address, destination.Destination.Port) + outboundListener.FilterChains = append(outboundListener.FilterChains, filterChain) + + hasDestination = len(filterChain.FilterChainMatch.ServerNames) != 0 || hasDestination + } + return nil + }) + if err != nil { + return nil, err + } + + if hasDestination { + tlsInspector, err := makeTLSInspectorListenerFilter() + if err != nil { + return nil, err + } + outboundListener.ListenerFilters = append(outboundListener.ListenerFilters, tlsInspector) + } // Looping over explicit upstreams is only needed for cross-peer because // they do not have discovery chains. for _, uid := range cfgSnap.ConnectProxy.PeeredUpstreamIDs() { @@ -325,8 +362,27 @@ func (s *ResourceGenerator) listenersFromSnapshotConnectProxy(cfgSnap *proxycfg. // Filter chains are stable sorted to avoid draining if the list is provided out of order sort.SliceStable(outboundListener.FilterChains, func(i, j int) bool { - return outboundListener.FilterChains[i].FilterChainMatch.PrefixRanges[0].AddressPrefix < - outboundListener.FilterChains[j].FilterChainMatch.PrefixRanges[0].AddressPrefix + si := "" + sj := "" + if len(outboundListener.FilterChains[i].FilterChainMatch.PrefixRanges) > 0 { + si += outboundListener.FilterChains[i].FilterChainMatch.PrefixRanges[0].AddressPrefix + + "/" + outboundListener.FilterChains[i].FilterChainMatch.PrefixRanges[0].PrefixLen.String() + + ":" + outboundListener.FilterChains[i].FilterChainMatch.DestinationPort.String() + } + if len(outboundListener.FilterChains[i].FilterChainMatch.ServerNames) > 0 { + si += outboundListener.FilterChains[i].FilterChainMatch.ServerNames[0] + } + + if len(outboundListener.FilterChains[j].FilterChainMatch.PrefixRanges) > 0 { + sj += outboundListener.FilterChains[j].FilterChainMatch.PrefixRanges[0].AddressPrefix + + "/" + outboundListener.FilterChains[j].FilterChainMatch.PrefixRanges[0].PrefixLen.String() + + ":" + outboundListener.FilterChains[j].FilterChainMatch.DestinationPort.String() + } + if len(outboundListener.FilterChains[j].FilterChainMatch.ServerNames) > 0 { + sj += outboundListener.FilterChains[j].FilterChainMatch.ServerNames[0] + } + + return si < sj }) // Add a catch-all filter chain that acts as a TCP proxy to destinations outside the mesh @@ -341,11 +397,11 @@ func (s *ResourceGenerator) listenersFromSnapshotConnectProxy(cfgSnap *proxycfg. if err != nil { return nil, err } - outboundListener.FilterChains = append(outboundListener.FilterChains, filterChain) + outboundListener.DefaultFilterChain = filterChain } // Only add the outbound listener if configured. - if len(outboundListener.FilterChains) > 0 { + if len(outboundListener.FilterChains) > 0 || outboundListener.DefaultFilterChain != nil { resources = append(resources, outboundListener) } } @@ -456,6 +512,32 @@ func makeFilterChainMatchFromAddrs(addrs map[string]struct{}) *envoy_listener_v3 } } +func makeFilterChainMatchFromAddressWithPort(address string, port int) *envoy_listener_v3.FilterChainMatch { + ranges := make([]*envoy_core_v3.CidrRange, 0) + + ip := net.ParseIP(address) + if ip == nil { + return &envoy_listener_v3.FilterChainMatch{ + ServerNames: []string{address}, + DestinationPort: &wrappers.UInt32Value{Value: uint32(port)}, + } + } + + pfxLen := uint32(32) + if ip.To4() == nil { + pfxLen = 128 + } + ranges = append(ranges, &envoy_core_v3.CidrRange{ + AddressPrefix: address, + PrefixLen: &wrappers.UInt32Value{Value: pfxLen}, + }) + + return &envoy_listener_v3.FilterChainMatch{ + PrefixRanges: ranges, + DestinationPort: &wrappers.UInt32Value{Value: uint32(port)}, + } +} + func parseCheckPath(check structs.CheckType) (structs.ExposePath, error) { var path structs.ExposePath @@ -1223,7 +1305,7 @@ func (s *ResourceGenerator) makeTerminatingGatewayListener( } for _, svc := range cfgSnap.TerminatingGateway.ValidDestinations() { - clusterName := connect.ServiceSNI(svc.Name, "", svc.NamespaceOrDefault(), svc.PartitionOrDefault(), cfgSnap.Datacenter, cfgSnap.Roots.TrustDomain) + clusterName := clusterNameForDestination(cfgSnap, svc.Name, svc.NamespaceOrDefault(), svc.PartitionOrDefault()) intentions := cfgSnap.TerminatingGateway.Intentions[svc] svcConfig := cfgSnap.TerminatingGateway.ServiceConfigs[svc] @@ -1240,11 +1322,7 @@ func (s *ResourceGenerator) makeTerminatingGatewayListener( } var dest *structs.DestinationConfig - if cfgSnap.TerminatingGateway.DestinationServices[svc].ServiceKind == structs.GatewayServiceKindDestination { - dest = &svcConfig.Destination - } else { - return nil, fmt.Errorf("invalid gateway service for destination %s", svc.Name) - } + dest = &svcConfig.Destination clusterChain, err := s.makeFilterChainTerminatingGateway(cfgSnap, clusterName, svc, intentions, cfg.Protocol, dest) if err != nil { return nil, fmt.Errorf("failed to make filter chain for cluster %q: %v", clusterName, err) @@ -1299,19 +1377,10 @@ func (s *ResourceGenerator) makeFilterChainTerminatingGateway(cfgSnap *proxycfg. return nil, err } - var filterChain *envoy_listener_v3.FilterChain - if dest != nil { - filterChain = &envoy_listener_v3.FilterChain{ - FilterChainMatch: makeDestinationFilterChainMatch(cluster, dest), - Filters: make([]*envoy_listener_v3.Filter, 0, 3), - TransportSocket: transportSocket, - } - } else { - filterChain = &envoy_listener_v3.FilterChain{ - FilterChainMatch: makeSNIFilterChainMatch(cluster), - Filters: make([]*envoy_listener_v3.Filter, 0, 3), - TransportSocket: transportSocket, - } + filterChain := &envoy_listener_v3.FilterChain{ + FilterChainMatch: makeSNIFilterChainMatch(cluster), + Filters: make([]*envoy_listener_v3.Filter, 0, 3), + TransportSocket: transportSocket, } // This controls if we do L4 or L7 intention checks. @@ -1335,28 +1404,16 @@ func (s *ResourceGenerator) makeFilterChainTerminatingGateway(cfgSnap *proxycfg. filterChain.Filters = append(filterChain.Filters, authFilter) } - // For Destinations of Hostname types, we use the dynamic forward proxy filter since this could be - // a wildcard match. We also send to the dynamic forward cluster - if dest != nil && dest.HasHostname() { - dynamicFilter, err := makeSNIDynamicForwardProxyFilter(dest.Port) - if err != nil { - return nil, err - } - filterChain.Filters = append(filterChain.Filters, dynamicFilter) - cluster = dynamicForwardProxyClusterName - } - // Lastly we setup the actual proxying component. For L4 this is a straight // tcp proxy. For L7 this is a very hands-off HTTP proxy just to inject an // HTTP filter to do intention checks here instead. opts := listenerFilterOpts{ - protocol: protocol, - filterName: fmt.Sprintf("%s.%s.%s.%s", service.Name, service.NamespaceOrDefault(), service.PartitionOrDefault(), cfgSnap.Datacenter), - routeName: cluster, // Set cluster name for route config since each will have its own - cluster: cluster, - statPrefix: "upstream.", - routePath: "", - useDynamicForwardProxy: dest != nil && dest.HasHostname(), + protocol: protocol, + filterName: fmt.Sprintf("%s.%s.%s.%s", service.Name, service.NamespaceOrDefault(), service.PartitionOrDefault(), cfgSnap.Datacenter), + routeName: cluster, // Set cluster name for route config since each will have its own + cluster: cluster, + statPrefix: "upstream.", + routePath: "", } if useHTTPFilter { @@ -1387,6 +1444,7 @@ func (s *ResourceGenerator) makeFilterChainTerminatingGateway(cfgSnap *proxycfg. filter, err := makeListenerFilter(opts) if err != nil { + s.Logger.Error("failed to make listener", "cluster", cluster, "error", err) return nil, err } filterChain.Filters = append(filterChain.Filters, filter) @@ -1394,23 +1452,6 @@ func (s *ResourceGenerator) makeFilterChainTerminatingGateway(cfgSnap *proxycfg. return filterChain, nil } -func makeDestinationFilterChainMatch(cluster string, dest *structs.DestinationConfig) *envoy_listener_v3.FilterChainMatch { - // For hostname and wildcard destinations, we match on the address. - - // For IP Destinations, use the alias SNI name to match - ip := net.ParseIP(dest.Address) - if ip != nil { - return &envoy_listener_v3.FilterChainMatch{ - ServerNames: []string{cluster}, - } - } - - // For hostname and wildcard destinations, we match on the address in the Destination - return &envoy_listener_v3.FilterChainMatch{ - ServerNames: []string{dest.Address}, - } -} - func (s *ResourceGenerator) makeMeshGatewayListener(name, addr string, port int, cfgSnap *proxycfg.ConfigSnapshot) (*envoy_listener_v3.Listener, error) { tlsInspector, err := makeTLSInspectorListenerFilter() if err != nil { @@ -1705,12 +1746,15 @@ func (s *ResourceGenerator) getAndModifyUpstreamConfigForListener( cfg.EnvoyListenerJSON = "" } } - protocol := cfg.Protocol - if protocol == "" { - protocol = chain.Protocol - } - if protocol == "" { + if chain != nil { + if protocol == "" { + protocol = chain.Protocol + } + if protocol == "" { + protocol = "tcp" + } + } else { protocol = "tcp" } @@ -1761,19 +1805,18 @@ func (s *ResourceGenerator) getAndModifyUpstreamConfigForPeeredListener( } type listenerFilterOpts struct { - useRDS bool - protocol string - filterName string - routeName string - cluster string - statPrefix string - routePath string - requestTimeoutMs *int - ingressGateway bool - httpAuthzFilter *envoy_http_v3.HttpFilter - forwardClientDetails bool - forwardClientPolicy envoy_http_v3.HttpConnectionManager_ForwardClientCertDetails - useDynamicForwardProxy bool + useRDS bool + protocol string + filterName string + routeName string + cluster string + statPrefix string + routePath string + requestTimeoutMs *int + ingressGateway bool + httpAuthzFilter *envoy_http_v3.HttpFilter + forwardClientDetails bool + forwardClientPolicy envoy_http_v3.HttpConnectionManager_ForwardClientCertDetails } func makeListenerFilter(opts listenerFilterOpts) (*envoy_listener_v3.Filter, error) { @@ -1806,13 +1849,6 @@ func makeSNIClusterFilter() (*envoy_listener_v3.Filter, error) { return makeFilter("envoy.filters.network.sni_cluster", &envoy_sni_cluster_v3.SniCluster{}) } -func makeSNIDynamicForwardProxyFilter(upstreamPort int) (*envoy_listener_v3.Filter, error) { - return makeFilter("envoy.filters.network.sni_dynamic_forward_proxy", &envoy_sni_dynamic_forward_proxy_v3.FilterConfig{ - DnsCacheConfig: getCommonDNSCacheConfiguration(), - PortSpecifier: &envoy_sni_dynamic_forward_proxy_v3.FilterConfig_PortValue{PortValue: uint32(upstreamPort)}, - }) -} - func makeTCPProxyFilter(filterName, cluster, statPrefix string) (*envoy_listener_v3.Filter, error) { cfg := &envoy_tcp_proxy_v3.TcpProxy{ StatPrefix: makeStatPrefix(statPrefix, filterName), diff --git a/agent/xds/listeners_test.go b/agent/xds/listeners_test.go index ca6750fb5..3055b4436 100644 --- a/agent/xds/listeners_test.go +++ b/agent/xds/listeners_test.go @@ -776,12 +776,6 @@ func TestListenersFromSnapshot(t *testing.T) { name: "transparent-proxy-terminating-gateway", create: proxycfg.TestConfigSnapshotTransparentProxyTerminatingGatewayCatalogDestinationsOnly, }, - { - name: "transparent-proxy-terminating-gateway-destinations-only", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotTerminatingGatewayDestinations(t, true, nil) - }, - }, } latestEnvoyVersion := proxysupport.EnvoyVersions[0] diff --git a/agent/xds/rbac.go b/agent/xds/rbac.go index 11b37fc32..cd1424ca9 100644 --- a/agent/xds/rbac.go +++ b/agent/xds/rbac.go @@ -24,10 +24,7 @@ func makeRBACNetworkFilter( localInfo rbacLocalInfo, peerTrustBundles []*pbpeering.PeeringTrustBundle, ) (*envoy_listener_v3.Filter, error) { - rules, err := makeRBACRules(intentions, intentionDefaultAllow, localInfo, false, peerTrustBundles) - if err != nil { - return nil, err - } + rules := makeRBACRules(intentions, intentionDefaultAllow, localInfo, false, peerTrustBundles) cfg := &envoy_network_rbac_v3.RBAC{ StatPrefix: "connect_authz", @@ -42,10 +39,7 @@ func makeRBACHTTPFilter( localInfo rbacLocalInfo, peerTrustBundles []*pbpeering.PeeringTrustBundle, ) (*envoy_http_v3.HttpFilter, error) { - rules, err := makeRBACRules(intentions, intentionDefaultAllow, localInfo, true, peerTrustBundles) - if err != nil { - return nil, err - } + rules := makeRBACRules(intentions, intentionDefaultAllow, localInfo, true, peerTrustBundles) cfg := &envoy_http_rbac_v3.RBAC{ Rules: rules, @@ -485,7 +479,7 @@ func makeRBACRules( localInfo rbacLocalInfo, isHTTP bool, peerTrustBundles []*pbpeering.PeeringTrustBundle, -) (*envoy_rbac_v3.RBAC, error) { +) *envoy_rbac_v3.RBAC { // TODO(banks,rb): Implement revocation list checking? // TODO(peering): mkeeler asked that these maps come from proxycfg instead of @@ -565,7 +559,7 @@ func makeRBACRules( if len(rbac.Policies) == 0 { rbac.Policies = nil } - return rbac, nil + return rbac } func optimizePrincipals(orig []*envoy_rbac_v3.Principal) []*envoy_rbac_v3.Principal { diff --git a/agent/xds/resources_test.go b/agent/xds/resources_test.go index 45070a8c1..983f1bb44 100644 --- a/agent/xds/resources_test.go +++ b/agent/xds/resources_test.go @@ -149,6 +149,7 @@ func TestAllResourcesFromSnapshot(t *testing.T) { create: proxycfg.TestConfigSnapshotPeering, }, } + tests = append(tests, getConnectProxyTransparentProxyGoldenTestCases()...) tests = append(tests, getMeshGatewayPeeringGoldenTestCases()...) tests = append(tests, getEnterpriseGoldenTestCases()...) @@ -166,6 +167,21 @@ func TestAllResourcesFromSnapshot(t *testing.T) { } } +func getConnectProxyTransparentProxyGoldenTestCases() []goldenTestCase { + return []goldenTestCase{ + { + name: "transparent-proxy-destination", + create: proxycfg.TestConfigSnapshotTransparentProxyDestination, + }, + { + name: "transparent-proxy-terminating-gateway-destinations-only", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotTerminatingGatewayDestinations(t, true, nil) + }, + }, + } +} + func getMeshGatewayPeeringGoldenTestCases() []goldenTestCase { return []goldenTestCase{ { diff --git a/agent/xds/routes.go b/agent/xds/routes.go index 6faa1fa67..dd0beacb2 100644 --- a/agent/xds/routes.go +++ b/agent/xds/routes.go @@ -86,47 +86,80 @@ func (s *ResourceGenerator) routesForTerminatingGateway(cfgSnap *proxycfg.Config var resources []proto.Message for _, svc := range cfgSnap.TerminatingGateway.ValidServices() { clusterName := connect.ServiceSNI(svc.Name, "", svc.NamespaceOrDefault(), svc.PartitionOrDefault(), cfgSnap.Datacenter, cfgSnap.Roots.TrustDomain) - resolver, hasResolver := cfgSnap.TerminatingGateway.ServiceResolvers[svc] - - svcConfig := cfgSnap.TerminatingGateway.ServiceConfigs[svc] - - cfg, err := ParseProxyConfig(svcConfig.ProxyConfig) + routes, err := s.makeRoutes(cfgSnap, svc, clusterName, true) if err != nil { - return nil, fmt.Errorf("failed to parse upstream config: %v", err) + return nil, err } - if !structs.IsProtocolHTTPLike(cfg.Protocol) { - // Routes can only be defined for HTTP services - continue - } - - if !hasResolver { - // Use a zero value resolver with no timeout and no subsets - resolver = &structs.ServiceResolverConfigEntry{} - } - - var lb *structs.LoadBalancer - if resolver.LoadBalancer != nil { - lb = resolver.LoadBalancer - } - route, err := makeNamedDefaultRouteWithLB(clusterName, lb, true) - if err != nil { - s.Logger.Error("failed to make route", "cluster", clusterName, "error", err) - continue - } - resources = append(resources, route) - - // If there is a service-resolver for this service then also setup routes for each subset - for name := range resolver.Subsets { - clusterName = connect.ServiceSNI(svc.Name, name, svc.NamespaceOrDefault(), svc.PartitionOrDefault(), cfgSnap.Datacenter, cfgSnap.Roots.TrustDomain) - route, err := makeNamedDefaultRouteWithLB(clusterName, lb, true) - if err != nil { - s.Logger.Error("failed to make route", "cluster", clusterName, "error", err) - continue - } - resources = append(resources, route) + if routes != nil { + resources = append(resources, routes...) } } + for _, svc := range cfgSnap.TerminatingGateway.ValidDestinations() { + clusterName := clusterNameForDestination(cfgSnap, svc.Name, svc.NamespaceOrDefault(), svc.PartitionOrDefault()) + routes, err := s.makeRoutes(cfgSnap, svc, clusterName, false) + if err != nil { + return nil, err + } + if routes != nil { + resources = append(resources, routes...) + } + } + + return resources, nil +} + +func (s *ResourceGenerator) makeRoutes( + cfgSnap *proxycfg.ConfigSnapshot, + svc structs.ServiceName, + clusterName string, + autoHostRewrite bool) ([]proto.Message, error) { + resolver, hasResolver := cfgSnap.TerminatingGateway.ServiceResolvers[svc] + + svcConfig := cfgSnap.TerminatingGateway.ServiceConfigs[svc] + + cfg, err := ParseProxyConfig(svcConfig.ProxyConfig) + if err != nil { + // Don't hard fail on a config typo, just warn. The parse func returns + // default config if there is an error so it's safe to continue. + s.Logger.Warn( + "failed to parse Proxy.Config", + "service", svc.String(), + "error", err, + ) + } + if !structs.IsProtocolHTTPLike(cfg.Protocol) { + // Routes can only be defined for HTTP services + return nil, nil + } + + if !hasResolver { + // Use a zero value resolver with no timeout and no subsets + resolver = &structs.ServiceResolverConfigEntry{} + } + + var resources []proto.Message + var lb *structs.LoadBalancer + if resolver.LoadBalancer != nil { + lb = resolver.LoadBalancer + } + route, err := makeNamedDefaultRouteWithLB(clusterName, lb, autoHostRewrite) + if err != nil { + s.Logger.Error("failed to make route", "cluster", clusterName, "error", err) + return nil, err + } + resources = append(resources, route) + + // If there is a service-resolver for this service then also setup routes for each subset + for name := range resolver.Subsets { + clusterName = connect.ServiceSNI(svc.Name, name, svc.NamespaceOrDefault(), svc.PartitionOrDefault(), cfgSnap.Datacenter, cfgSnap.Roots.TrustDomain) + route, err := makeNamedDefaultRouteWithLB(clusterName, lb, true) + if err != nil { + s.Logger.Error("failed to make route", "cluster", clusterName, "error", err) + return nil, err + } + resources = append(resources, route) + } return resources, nil } diff --git a/agent/xds/testdata/clusters/transparent-proxy-destination.latest.golden b/agent/xds/testdata/clusters/transparent-proxy-destination.latest.golden new file mode 100644 index 000000000..1a5311ab9 --- /dev/null +++ b/agent/xds/testdata/clusters/transparent-proxy-destination.latest.golden @@ -0,0 +1,255 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "type": "EDS", + "edsClusterConfig": { + "edsConfig": { + "ads": { + + }, + "resourceApiVersion": "V3" + } + }, + "connectTimeout": "5s", + "circuitBreakers": { + + }, + "outlierDetection": { + + }, + "commonLbConfig": { + "healthyPanicThreshold": { + + } + }, + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "commonTlsContext": { + "tlsParams": { + + }, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" + }, + "matchSubjectAltNames": [ + { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } + ] + } + }, + "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + } + } + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "destination~google.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "altStatName": "destination~google.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "type": "EDS", + "edsClusterConfig": { + "edsConfig": { + "ads": { + + }, + "resourceApiVersion": "V3" + } + }, + "connectTimeout": "5s", + "outlierDetection": { + + }, + "commonLbConfig": { + "healthyPanicThreshold": { + + } + }, + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "commonTlsContext": { + "tlsParams": { + + }, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" + }, + "matchSubjectAltNames": [ + { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/google" + } + ] + } + }, + "sni": "destination~google.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + } + } + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "destination~kafka.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "altStatName": "destination~kafka.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "type": "EDS", + "edsClusterConfig": { + "edsConfig": { + "ads": { + + }, + "resourceApiVersion": "V3" + } + }, + "connectTimeout": "5s", + "outlierDetection": { + + }, + "commonLbConfig": { + "healthyPanicThreshold": { + + } + }, + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "commonTlsContext": { + "tlsParams": { + + }, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" + }, + "matchSubjectAltNames": [ + { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/kafka" + } + ] + } + }, + "sni": "destination~kafka.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + } + } + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", + "type": "EDS", + "edsClusterConfig": { + "edsConfig": { + "ads": { + + }, + "resourceApiVersion": "V3" + } + }, + "connectTimeout": "5s", + "circuitBreakers": { + + }, + "outlierDetection": { + + }, + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "commonTlsContext": { + "tlsParams": { + + }, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" + }, + "matchSubjectAltNames": [ + { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + }, + { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } + ] + } + }, + "sni": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" + } + } + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "local_app", + "type": "STATIC", + "connectTimeout": "5s", + "loadAssignment": { + "clusterName": "local_app", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 8080 + } + } + } + } + ] + } + ] + } + } + ], + "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/transparent-proxy-terminating-gateway-destinations-only.latest.golden b/agent/xds/testdata/clusters/transparent-proxy-terminating-gateway-destinations-only.latest.golden index cd99d12dd..3cc818f59 100644 --- a/agent/xds/testdata/clusters/transparent-proxy-terminating-gateway-destinations-only.latest.golden +++ b/agent/xds/testdata/clusters/transparent-proxy-terminating-gateway-destinations-only.latest.golden @@ -3,26 +3,39 @@ "resources": [ { "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "name": "dynamic_forward_proxy_cluster", - "clusterType": { - "name": "envoy.clusters.dynamic_forward_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.clusters.dynamic_forward_proxy.v3.ClusterConfig", - "dnsCacheConfig": { - "name": "dynamic_forward_proxy_cache_config" - } - } - }, - "connectTimeout": "5s", - "lbPolicy": "CLUSTER_PROVIDED" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "name": "external-IP-TCP.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "name": "destination~external-IP-HTTP.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", "type": "STATIC", "connectTimeout": "5s", "loadAssignment": { - "clusterName": "external-IP-TCP.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "clusterName": "destination~external-IP-HTTP.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "192.168.0.2", + "portValue": 80 + } + } + } + } + ] + } + ] + }, + "outlierDetection": { + + } + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "destination~external-IP-TCP.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "type": "STATIC", + "connectTimeout": "5s", + "loadAssignment": { + "clusterName": "destination~external-IP-TCP.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", "endpoints": [ { "lbEndpoints": [ @@ -42,6 +55,64 @@ }, "outlierDetection": { + } + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "destination~external-hostname-HTTP.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "type": "LOGICAL_DNS", + "connectTimeout": "5s", + "loadAssignment": { + "clusterName": "destination~external-hostname-HTTP.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "httpbin.org", + "portValue": 80 + } + } + } + } + ] + } + ] + }, + "dnsRefreshRate": "10s", + "outlierDetection": { + + } + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "destination~external-hostname-TCP.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "type": "LOGICAL_DNS", + "connectTimeout": "5s", + "loadAssignment": { + "clusterName": "destination~external-hostname-TCP.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "api.hashicorp.com", + "portValue": 8089 + } + } + } + } + ] + } + ] + }, + "dnsRefreshRate": "10s", + "outlierDetection": { + } } ], diff --git a/agent/xds/testdata/endpoints/transparent-proxy-destination.latest.golden b/agent/xds/testdata/endpoints/transparent-proxy-destination.latest.golden new file mode 100644 index 000000000..d51ea93da --- /dev/null +++ b/agent/xds/testdata/endpoints/transparent-proxy-destination.latest.golden @@ -0,0 +1,119 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "10.10.1.1", + "portValue": 8080 + } + } + }, + "healthStatus": "HEALTHY", + "loadBalancingWeight": 1 + }, + { + "endpoint": { + "address": { + "socketAddress": { + "address": "10.10.1.2", + "portValue": 8080 + } + } + }, + "healthStatus": "HEALTHY", + "loadBalancingWeight": 1 + } + ] + } + ] + }, + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "destination~google.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "172.168.0.1", + "portValue": 8443 + } + } + }, + "healthStatus": "HEALTHY", + "loadBalancingWeight": 1 + } + ] + } + ] + }, + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "destination~kafka.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "172.168.0.1", + "portValue": 8443 + } + } + }, + "healthStatus": "HEALTHY", + "loadBalancingWeight": 1 + } + ] + } + ] + }, + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "10.10.1.1", + "portValue": 8080 + } + } + }, + "healthStatus": "HEALTHY", + "loadBalancingWeight": 1 + }, + { + "endpoint": { + "address": { + "socketAddress": { + "address": "10.20.1.2", + "portValue": 8080 + } + } + }, + "healthStatus": "HEALTHY", + "loadBalancingWeight": 1 + } + ] + } + ] + } + ], + "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/transparent-proxy-terminating-gateway-destinations-only.latest.golden b/agent/xds/testdata/endpoints/transparent-proxy-terminating-gateway-destinations-only.latest.golden new file mode 100644 index 000000000..8504dae2b --- /dev/null +++ b/agent/xds/testdata/endpoints/transparent-proxy-terminating-gateway-destinations-only.latest.golden @@ -0,0 +1,5 @@ +{ + "versionInfo": "00000001", + "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/transparent-proxy-destination.latest.golden b/agent/xds/testdata/listeners/transparent-proxy-destination.latest.golden new file mode 100644 index 000000000..c61302c5e --- /dev/null +++ b/agent/xds/testdata/listeners/transparent-proxy-destination.latest.golden @@ -0,0 +1,185 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "name": "db:127.0.0.1:9191", + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 9191 + } + }, + "filterChains": [ + { + "filters": [ + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.db.default.default.dc1", + "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + } + } + ] + } + ], + "trafficDirection": "OUTBOUND" + }, + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "name": "outbound_listener:127.0.0.1:15001", + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 15001 + } + }, + "filterChains": [ + { + "filterChainMatch": { + "destinationPort": 9093, + "prefixRanges": [ + { + "addressPrefix": "192.168.2.1", + "prefixLen": 32 + } + ] + }, + "filters": [ + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.destination~kafka.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "cluster": "destination~kafka.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + } + } + ] + }, + { + "filterChainMatch": { + "destinationPort": 443, + "serverNames": [ + "www.google.com" + ] + }, + "filters": [ + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.destination~google.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "cluster": "destination~google.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + } + } + ] + } + ], + "listenerFilters": [ + { + "name": "envoy.filters.listener.original_dst", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.listener.original_dst.v3.OriginalDst" + } + }, + { + "name": "envoy.filters.listener.tls_inspector", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" + } + } + ], + "trafficDirection": "OUTBOUND" + }, + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "name": "prepared_query:geo-cache:127.10.10.10:8181", + "address": { + "socketAddress": { + "address": "127.10.10.10", + "portValue": 8181 + } + }, + "filterChains": [ + { + "filters": [ + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.prepared_query_geo-cache", + "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" + } + } + ] + } + ], + "trafficDirection": "OUTBOUND" + }, + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "name": "public_listener:0.0.0.0:9999", + "address": { + "socketAddress": { + "address": "0.0.0.0", + "portValue": 9999 + } + }, + "filterChains": [ + { + "filters": [ + { + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": { + + }, + "statPrefix": "connect_authz" + } + }, + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "public_listener", + "cluster": "local_app" + } + } + ], + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", + "commonTlsContext": { + "tlsParams": { + + }, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" + } + } + }, + "requireClientCertificate": true + } + } + } + ], + "trafficDirection": "INBOUND" + } + ], + "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/transparent-proxy-dial-instances-directly.latest.golden b/agent/xds/testdata/listeners/transparent-proxy-dial-instances-directly.latest.golden index d6f3ea51d..ddfaa45d5 100644 --- a/agent/xds/testdata/listeners/transparent-proxy-dial-instances-directly.latest.golden +++ b/agent/xds/testdata/listeners/transparent-proxy-dial-instances-directly.latest.golden @@ -99,20 +99,20 @@ } } ] - }, - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "statPrefix": "upstream.original-destination", - "cluster": "original-destination" - } - } - ] } ], + "defaultFilterChain": { + "filters": [ + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.original-destination", + "cluster": "original-destination" + } + } + ] + }, "listenerFilters": [ { "name": "envoy.filters.listener.original_dst", diff --git a/agent/xds/testdata/listeners/transparent-proxy-http-upstream.latest.golden b/agent/xds/testdata/listeners/transparent-proxy-http-upstream.latest.golden index b6f00f2cd..7c4a0a622 100644 --- a/agent/xds/testdata/listeners/transparent-proxy-http-upstream.latest.golden +++ b/agent/xds/testdata/listeners/transparent-proxy-http-upstream.latest.golden @@ -92,20 +92,20 @@ } } ] - }, - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "statPrefix": "upstream.original-destination", - "cluster": "original-destination" - } - } - ] } ], + "defaultFilterChain": { + "filters": [ + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.original-destination", + "cluster": "original-destination" + } + } + ] + }, "listenerFilters": [ { "name": "envoy.filters.listener.original_dst", diff --git a/agent/xds/testdata/listeners/transparent-proxy-terminating-gateway-destinations-only.latest.golden b/agent/xds/testdata/listeners/transparent-proxy-terminating-gateway-destinations-only.latest.golden index 80bfab3c9..e281eb734 100644 --- a/agent/xds/testdata/listeners/transparent-proxy-terminating-gateway-destinations-only.latest.golden +++ b/agent/xds/testdata/listeners/transparent-proxy-terminating-gateway-destinations-only.latest.golden @@ -14,36 +14,54 @@ { "filterChainMatch": { "serverNames": [ - "*.hashicorp.com" + "destination~external-IP-HTTP.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" ] }, "filters": [ { - "name": "envoy.filters.network.rbac", + "name": "envoy.filters.network.http_connection_manager", "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", + "statPrefix": "upstream.external-IP-HTTP.default.default.dc1", + "rds": { + "configSource": { + "ads": { + }, + "resourceApiVersion": "V3" + }, + "routeConfigName": "destination~external-IP-HTTP.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" }, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.sni_dynamic_forward_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.sni_dynamic_forward_proxy.v3.FilterConfig", - "dnsCacheConfig": { - "name": "dynamic_forward_proxy_cache_config" + "httpFilters": [ + { + "name": "envoy.filters.http.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", + "rules": { + + } + } + }, + { + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } + } + ], + "tracing": { + "randomSampling": { + + } }, - "portValue": 8089 - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "statPrefix": "upstream.external-hostname-TCP.default.default.dc1", - "cluster": "dynamic_forward_proxy_cluster" + "forwardClientCertDetails": "APPEND_FORWARD", + "setCurrentClientCertDetails": { + "subject": true, + "cert": true, + "chain": true, + "dns": true, + "uri": true + } } } ], @@ -78,7 +96,7 @@ { "filterChainMatch": { "serverNames": [ - "external-IP-TCP.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "destination~external-IP-TCP.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" ] }, "filters": [ @@ -97,7 +115,143 @@ "typedConfig": { "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", "statPrefix": "upstream.external-IP-TCP.default.default.dc1", - "cluster": "external-IP-TCP.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "cluster": "destination~external-IP-TCP.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + } + } + ], + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", + "commonTlsContext": { + "tlsParams": { + + }, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "placeholder.crt\n" + }, + "privateKey": { + "inlineString": "placeholder.key\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" + } + } + }, + "requireClientCertificate": true + } + } + }, + { + "filterChainMatch": { + "serverNames": [ + "destination~external-hostname-HTTP.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + ] + }, + "filters": [ + { + "name": "envoy.filters.network.http_connection_manager", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", + "statPrefix": "upstream.external-hostname-HTTP.default.default.dc1", + "rds": { + "configSource": { + "ads": { + + }, + "resourceApiVersion": "V3" + }, + "routeConfigName": "destination~external-hostname-HTTP.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + }, + "httpFilters": [ + { + "name": "envoy.filters.http.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", + "rules": { + + } + } + }, + { + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } + } + ], + "tracing": { + "randomSampling": { + + } + }, + "forwardClientCertDetails": "APPEND_FORWARD", + "setCurrentClientCertDetails": { + "subject": true, + "cert": true, + "chain": true, + "dns": true, + "uri": true + } + } + } + ], + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", + "commonTlsContext": { + "tlsParams": { + + }, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "placeholder.crt\n" + }, + "privateKey": { + "inlineString": "placeholder.key\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" + } + } + }, + "requireClientCertificate": true + } + } + }, + { + "filterChainMatch": { + "serverNames": [ + "destination~external-hostname-TCP.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + ] + }, + "filters": [ + { + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": { + + }, + "statPrefix": "connect_authz" + } + }, + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.external-hostname-TCP.default.default.dc1", + "cluster": "destination~external-hostname-TCP.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } } ], diff --git a/agent/xds/testdata/listeners/transparent-proxy.latest.golden b/agent/xds/testdata/listeners/transparent-proxy.latest.golden index ca8b75eb2..ee4c90857 100644 --- a/agent/xds/testdata/listeners/transparent-proxy.latest.golden +++ b/agent/xds/testdata/listeners/transparent-proxy.latest.golden @@ -59,20 +59,20 @@ } } ] - }, - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "statPrefix": "upstream.original-destination", - "cluster": "original-destination" - } - } - ] } ], + "defaultFilterChain": { + "filters": [ + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.original-destination", + "cluster": "original-destination" + } + } + ] + }, "listenerFilters": [ { "name": "envoy.filters.listener.original_dst", diff --git a/agent/xds/testdata/routes/transparent-proxy-destination.latest.golden b/agent/xds/testdata/routes/transparent-proxy-destination.latest.golden new file mode 100644 index 000000000..9c050cbe6 --- /dev/null +++ b/agent/xds/testdata/routes/transparent-proxy-destination.latest.golden @@ -0,0 +1,5 @@ +{ + "versionInfo": "00000001", + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xds/testdata/routes/transparent-proxy-terminating-gateway-destinations-only.latest.golden b/agent/xds/testdata/routes/transparent-proxy-terminating-gateway-destinations-only.latest.golden new file mode 100644 index 000000000..5eb099010 --- /dev/null +++ b/agent/xds/testdata/routes/transparent-proxy-terminating-gateway-destinations-only.latest.golden @@ -0,0 +1,53 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "destination~external-IP-HTTP.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "virtualHosts": [ + { + "name": "destination~external-IP-HTTP.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "domains": [ + "*" + ], + "routes": [ + { + "match": { + "prefix": "/" + }, + "route": { + "cluster": "destination~external-IP-HTTP.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + } + } + ] + } + ], + "validateClusters": true + }, + { + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "destination~external-hostname-HTTP.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "virtualHosts": [ + { + "name": "destination~external-hostname-HTTP.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "domains": [ + "*" + ], + "routes": [ + { + "match": { + "prefix": "/" + }, + "route": { + "cluster": "destination~external-hostname-HTTP.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + } + } + ] + } + ], + "validateClusters": true + } + ], + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" +} \ No newline at end of file From 0ffcbf020e541c2770d00cbdda57d35c145939a4 Mon Sep 17 00:00:00 2001 From: Michele Degges Date: Thu, 14 Jul 2022 13:02:13 -0700 Subject: [PATCH 752/785] [CI-only] Support fossa scanning (#13694) --- .release/ci.hcl | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.release/ci.hcl b/.release/ci.hcl index e422a9ce2..ceb11f759 100644 --- a/.release/ci.hcl +++ b/.release/ci.hcl @@ -178,6 +178,15 @@ event "promote-dev-docker" { } } +event "fossa-scan" { + depends = ["promote-dev-docker"] + action "fossa-scan" { + organization = "hashicorp" + repository = "crt-workflows-common" + workflow = "fossa-scan" + } +} + ## These are promotion and post-publish events ## they should be added to the end of the file after the verify event stanza. From 17565a4fcaae3b3e648499ec12cecdbf677d735e Mon Sep 17 00:00:00 2001 From: Matt Keeler Date: Fri, 15 Jul 2022 10:07:07 -0400 Subject: [PATCH 753/785] Enable partition support for peering establishment (#13772) Prior to this the dialing side of the peering would only ever work within the default partition. This commit allows properly parsing the partition field out of the API struct request body, query param and header. --- agent/peering_endpoint.go | 8 ++++++++ api/peering.go | 6 ++++-- proto/pbpeering/peering.gen.go | 2 ++ 3 files changed, 14 insertions(+), 2 deletions(-) diff --git a/agent/peering_endpoint.go b/agent/peering_endpoint.go index 22f4fc1ae..0d120830e 100644 --- a/agent/peering_endpoint.go +++ b/agent/peering_endpoint.go @@ -130,6 +130,14 @@ func (s *HTTPHandlers) PeeringEstablish(resp http.ResponseWriter, req *http.Requ return nil, HTTPError{StatusCode: http.StatusBadRequest, Reason: "PeeringToken is required in the payload when establishing a peering."} } + var entMeta acl.EnterpriseMeta + if err := s.parseEntMetaPartition(req, &entMeta); err != nil { + return nil, err + } + if args.Partition == "" { + args.Partition = entMeta.PartitionOrEmpty() + } + out, err := s.agent.rpcClientPeering.Establish(req.Context(), args) if err != nil { return nil, err diff --git a/api/peering.go b/api/peering.go index 0cfbae9fd..b880380de 100644 --- a/api/peering.go +++ b/api/peering.go @@ -98,8 +98,10 @@ type PeeringEstablishRequest struct { PeerName string // The peering token returned from the peer's GenerateToken endpoint. PeeringToken string `json:",omitempty"` - Datacenter string `json:",omitempty"` - Token string `json:",omitempty"` + // Partition to be peered. + Partition string `json:",omitempty"` + Datacenter string `json:",omitempty"` + Token string `json:",omitempty"` // Meta is a mapping of some string value to any other string value Meta map[string]string `json:",omitempty"` } diff --git a/proto/pbpeering/peering.gen.go b/proto/pbpeering/peering.gen.go index f2194596f..3f3b400b4 100644 --- a/proto/pbpeering/peering.gen.go +++ b/proto/pbpeering/peering.gen.go @@ -10,6 +10,7 @@ func EstablishRequestToAPI(s *EstablishRequest, t *api.PeeringEstablishRequest) } t.PeerName = s.PeerName t.PeeringToken = s.PeeringToken + t.Partition = s.Partition t.Datacenter = s.Datacenter t.Token = s.Token t.Meta = s.Meta @@ -20,6 +21,7 @@ func EstablishRequestFromAPI(t *api.PeeringEstablishRequest, s *EstablishRequest } s.PeerName = t.PeerName s.PeeringToken = t.PeeringToken + s.Partition = t.Partition s.Datacenter = t.Datacenter s.Token = t.Token s.Meta = t.Meta From 7ae0c69729fff03e595a8edc07b68c982a542257 Mon Sep 17 00:00:00 2001 From: Matt Keeler Date: Fri, 15 Jul 2022 10:51:38 -0400 Subject: [PATCH 754/785] Use Node Name for peering healthSnapshot instead of ID (#13773) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit A Node ID is not a required field with Consul’s data model. Therefore we cannot reliably expect all uses to have it. However the node name is required and must be unique so its equally as good of a key for the internal healthSnapshot node tracking. --- .../services/peerstream/health_snapshot.go | 16 ++++++++++------ .../services/peerstream/health_snapshot_test.go | 16 ++++++++-------- .../services/peerstream/replication.go | 8 ++++---- 3 files changed, 22 insertions(+), 18 deletions(-) diff --git a/agent/grpc-external/services/peerstream/health_snapshot.go b/agent/grpc-external/services/peerstream/health_snapshot.go index c6cb3243b..a9f676827 100644 --- a/agent/grpc-external/services/peerstream/health_snapshot.go +++ b/agent/grpc-external/services/peerstream/health_snapshot.go @@ -8,7 +8,11 @@ import ( // healthSnapshot represents a normalized view of a set of CheckServiceNodes // meant for easy comparison to aid in differential synchronization type healthSnapshot struct { - Nodes map[types.NodeID]*nodeSnapshot + // Nodes is a map of a node name to a nodeSnapshot. Ideally we would be able to use + // the types.NodeID and assume they are UUIDs for the map key but Consul doesn't + // require a NodeID. Therefore we must key off of the only bit of ID material + // that is required which is the node name. + Nodes map[string]*nodeSnapshot } type nodeSnapshot struct { @@ -40,20 +44,20 @@ func newHealthSnapshot(all []structs.CheckServiceNode, partition, peerName strin } snap := &healthSnapshot{ - Nodes: make(map[types.NodeID]*nodeSnapshot), + Nodes: make(map[string]*nodeSnapshot), } for _, instance := range all { - if instance.Node.ID == "" { - panic("TODO(peering): data should always have a node ID") + if instance.Node.Node == "" { + panic("TODO(peering): data should always have a node name") } - nodeSnap, ok := snap.Nodes[instance.Node.ID] + nodeSnap, ok := snap.Nodes[instance.Node.Node] if !ok { nodeSnap = &nodeSnapshot{ Node: instance.Node, Services: make(map[structs.ServiceID]*serviceSnapshot), } - snap.Nodes[instance.Node.ID] = nodeSnap + snap.Nodes[instance.Node.Node] = nodeSnap } if instance.Service.ID == "" { diff --git a/agent/grpc-external/services/peerstream/health_snapshot_test.go b/agent/grpc-external/services/peerstream/health_snapshot_test.go index 74731b55f..afd83f220 100644 --- a/agent/grpc-external/services/peerstream/health_snapshot_test.go +++ b/agent/grpc-external/services/peerstream/health_snapshot_test.go @@ -69,8 +69,8 @@ func TestHealthSnapshot(t *testing.T) { }, }, expect: &healthSnapshot{ - Nodes: map[types.NodeID]*nodeSnapshot{ - "abc-123": { + Nodes: map[string]*nodeSnapshot{ + "abc": { Node: newNode("abc-123", "abc", "my-peer"), Services: map[structs.ServiceID]*serviceSnapshot{ structs.NewServiceID("xyz-123", nil): { @@ -88,14 +88,14 @@ func TestHealthSnapshot(t *testing.T) { name: "multiple", in: []structs.CheckServiceNode{ { - Node: newNode("abc-123", "abc", ""), + Node: newNode("", "abc", ""), Service: newService("xyz-123", 8080, ""), Checks: structs.HealthChecks{ newCheck("abc", "xyz-123", ""), }, }, { - Node: newNode("abc-123", "abc", ""), + Node: newNode("", "abc", ""), Service: newService("xyz-789", 8181, ""), Checks: structs.HealthChecks{ newCheck("abc", "xyz-789", ""), @@ -110,9 +110,9 @@ func TestHealthSnapshot(t *testing.T) { }, }, expect: &healthSnapshot{ - Nodes: map[types.NodeID]*nodeSnapshot{ - "abc-123": { - Node: newNode("abc-123", "abc", "my-peer"), + Nodes: map[string]*nodeSnapshot{ + "abc": { + Node: newNode("", "abc", "my-peer"), Services: map[structs.ServiceID]*serviceSnapshot{ structs.NewServiceID("xyz-123", nil): { Service: newService("xyz-123", 8080, "my-peer"), @@ -128,7 +128,7 @@ func TestHealthSnapshot(t *testing.T) { }, }, }, - "def-456": { + "def": { Node: newNode("def-456", "def", "my-peer"), Services: map[structs.ServiceID]*serviceSnapshot{ structs.NewServiceID("xyz-456", nil): { diff --git a/agent/grpc-external/services/peerstream/replication.go b/agent/grpc-external/services/peerstream/replication.go index f9f5ce76b..7ec58b5f4 100644 --- a/agent/grpc-external/services/peerstream/replication.go +++ b/agent/grpc-external/services/peerstream/replication.go @@ -290,8 +290,8 @@ func (s *Server) handleUpdateService( deletedNodeChecks = make(map[nodeCheckTuple]struct{}) ) for _, csn := range storedInstances { - if _, ok := snap.Nodes[csn.Node.ID]; !ok { - unusedNodes[string(csn.Node.ID)] = struct{}{} + if _, ok := snap.Nodes[csn.Node.Node]; !ok { + unusedNodes[csn.Node.Node] = struct{}{} // Since the node is not in the snapshot we can know the associated service // instance is not in the snapshot either, since a service instance can't @@ -316,7 +316,7 @@ func (s *Server) handleUpdateService( // Delete the service instance if not in the snapshot. sid := csn.Service.CompoundServiceID() - if _, ok := snap.Nodes[csn.Node.ID].Services[sid]; !ok { + if _, ok := snap.Nodes[csn.Node.Node].Services[sid]; !ok { err := s.Backend.CatalogDeregister(&structs.DeregisterRequest{ Node: csn.Node.Node, ServiceID: csn.Service.ID, @@ -335,7 +335,7 @@ func (s *Server) handleUpdateService( // Reconcile checks. for _, chk := range csn.Checks { - if _, ok := snap.Nodes[csn.Node.ID].Services[sid].Checks[chk.CheckID]; !ok { + if _, ok := snap.Nodes[csn.Node.Node].Services[sid].Checks[chk.CheckID]; !ok { // Checks without a ServiceID are node checks. // If the node exists but the check does not then the check was deleted. if chk.ServiceID == "" { From 28bf578b2d19773869d886caa9fce46d3d69c272 Mon Sep 17 00:00:00 2001 From: John Murret Date: Fri, 15 Jul 2022 10:35:42 -0600 Subject: [PATCH 755/785] Made changes based on Adams suggestions (#13490) * Made changes based on Adams suggestions * updating list layout in systems integration guide. updating wan federation docs. * fixing env vars on systems integration page * fixing h3 to h2 on enterprise license page * Changed `The following steps will be performed` to `Complete the following steps` * Replaced `These steps will be repeated for each datacenter` with `Repeat the following steps for each datacenter in the cluster` * Emphasizing that kv2 secrets only need to be stored once. * Move the sentence indicating where the vault path maps to the helm chart out of the -> Note callout * remaining suggestions * Removing store the secret in Vault from server-tls page * Making the Bootstrapping the Server PKI Engine sections the same on server-tls and webhook-cert pages * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Updating VAULT_ADDR on systems-integration to get it out of the shell. * Updating intro paragraph of Overview on systems-integration.mdx to what Adamsuggested. * Putting the GKE, AKS, AKS info into tabs on the systems integration page. * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> --- .../data-integration/bootstrap-token.mdx | 24 +- .../vault/data-integration/connect-ca.mdx | 18 +- .../data-integration/enterprise-license.mdx | 20 +- .../vault/data-integration/gossip.mdx | 26 +- .../vault/data-integration/index.mdx | 11 +- .../data-integration/partition-token.mdx | 22 +- .../data-integration/replication-token.mdx | 22 +- .../vault/data-integration/server-tls.mdx | 207 ++++++++-------- .../snapshot-agent-config.mdx | 24 +- .../vault/data-integration/webhook-certs.mdx | 232 ++++++++---------- .../vault/systems-integration.mdx | 124 +++++----- .../k8s/installation/vault/wan-federation.mdx | 38 ++- 12 files changed, 365 insertions(+), 403 deletions(-) diff --git a/website/content/docs/k8s/installation/vault/data-integration/bootstrap-token.mdx b/website/content/docs/k8s/installation/vault/data-integration/bootstrap-token.mdx index aa132e4b3..3d5a3d39a 100644 --- a/website/content/docs/k8s/installation/vault/data-integration/bootstrap-token.mdx +++ b/website/content/docs/k8s/installation/vault/data-integration/bootstrap-token.mdx @@ -9,14 +9,13 @@ description: >- This topic describes how to configure the Consul Helm chart to use an ACL bootstrap token stored in Vault. ## Overview -To use an ACL bootstrap token stored in Vault, we will follow the steps outlined in the [Data Integration](/docs/k8s/installation/vault/data-integration) section: - -### One time setup in Vault +To use an ACL bootstrap token stored in Vault, follow the steps outlined in the [Data Integration](/docs/k8s/installation/vault/data-integration) section. +Complete the following steps once: 1. Store the secret in Vault. 1. Create a Vault policy that authorizes the desired level of access to the secret. -### Setup per Consul datacenter +Repeat the following steps for each datacenter in the cluster: 1. Create Vault Kubernetes auth roles that link the policy to each Consul on Kubernetes service account that requires access. 1. Update the Consul on Kubernetes helm chart. @@ -24,20 +23,20 @@ To use an ACL bootstrap token stored in Vault, we will follow the steps outlined Prior to setting up the data integration between Vault and Consul on Kubernetes, you will need to have: 1. Read and completed the steps in the [Systems Integration](/docs/k8s/installation/vault/systems-integration) section of [Vault as a Secrets Backend](/docs/k8s/installation/vault). 2. Read the [Data Integration Overview](/docs/k8s/installation/vault/data-integration) section of [Vault as a Secrets Backend](/docs/k8s/installation/vault). -## One time setup in Vault -### Generate and Store the Secret in Vault -First, generate and store the ACL bootstrap token in Vault: +## Store the Secret in Vault + +First, generate and store the ACL bootstrap token in Vault. You will only need to perform this action once: ```shell-session $ vault kv put secret/consul/bootstrap-token token="$(uuidgen | tr '[:upper:]' '[:lower:]')" ``` -### Create a Vault policy that authorizes the desired level of access to the secret +## Create Vault policy --> **Note:** The secret path referenced by the Vault Policy below will be your `global.acls.bootstrapToken.secretName` Helm value. +Next, you will need to create a Vault policy that allows read access to this secret. -Next, you will need to create a Vault policy that allows read access to this secret: +The path to the secret referenced in the `path` resource is the same value that you will configure in the `global.acls.bootstrapToken.secretName` Helm configuration (refer to [Update Consul on Kubernetes Helm chart](#update-consul-on-kubernetes-helm-chart)). @@ -55,8 +54,7 @@ Apply the Vault policy by issuing the `vault policy write` CLI command: $ vault policy write bootstrap-token-policy bootstrap-token-policy.hcl ``` -## Setup per Consul datacenter -### Create Vault Kubernetes auth roles that link the policy to each Consul on Kubernetes service account that requires access +## Create Vault Authorization Roles for Consul Next, you will create Kubernetes auth roles for the Consul `server-acl-init` container that runs as part of the Consul server statefulset: @@ -75,7 +73,7 @@ you can run the following `helm template` command with your Consul on Kubernetes $ helm template --release-name ${RELEASE_NAME} -s templates/server-acl-init-serviceaccount.yaml hashicorp/consul ``` -### Update the Consul on Kubernetes helm chart +## Update Consul on Kubernetes Helm chart Now that you have configured Vault, you can configure the Consul Helm chart to use the ACL bootstrap token in Vault: diff --git a/website/content/docs/k8s/installation/vault/data-integration/connect-ca.mdx b/website/content/docs/k8s/installation/vault/data-integration/connect-ca.mdx index 121bb3ee2..46f53ec97 100644 --- a/website/content/docs/k8s/installation/vault/data-integration/connect-ca.mdx +++ b/website/content/docs/k8s/installation/vault/data-integration/connect-ca.mdx @@ -14,12 +14,12 @@ Consul allows using Kubernetes auth methods to configure Connect CA. This allows for automatic token rotation once the renewal is no longer possible. ## Overview -To use an Vault as the Service Mesh Certificate Provider on Kubernetes, we will need to modify the steps outlined in the [Data Integration](/docs/k8s/installation/vault/data-integration) section: +To use Vault as the service mesh certificate provider on Kubernetes, you will complete a modified version of the steps outlined in the [Data Integration](/docs/k8s/installation/vault/data-integration) section. -### One time setup in Vault +Complete the following steps once: 1. Create a Vault policy that authorizes the desired level of access to the secret. -### Setup per Consul datacenter +Repeat the following steps for each datacenter in the cluster: 1. Create Vault Kubernetes auth roles that link the policy to each Consul on Kubernetes service account that requires access. 1. Update the Consul on Kubernetes helm chart. @@ -28,20 +28,14 @@ Prior to setting up the data integration between Vault and Consul on Kubernetes, 1. Read and completed the steps in the [Systems Integration](/docs/k8s/installation/vault/systems-integration) section of [Vault as a Secrets Backend](/docs/k8s/installation/vault). 2. Read the [Data Integration Overview](/docs/k8s/installation/vault/data-integration) section of [Vault as a Secrets Backend](/docs/k8s/installation/vault). -## One time setup in Vault -### Store the secret in Vault - -This step is not valid to this use case as we are not storing any secrets for Service Mesh certificate, and we instead are Leveraging Vault CA as a provider to mint certificates on an ongoing basis. - -### Create a Vault policy that authorizes the desired level of access to the secret +## Create Vault policy To configure [Vault as the provider](/docs/connect/ca/vault) for the Consul service mesh certificates, you will first need to decide on the type of policy that is suitable for you. To see the permissions that Consul would need in Vault, please see [Vault ACL policies](/docs/connect/ca/vault#vault-acl-policies) documentation. -## Setup per Consul datacenter -### Create Vault Kubernetes auth roles that link the policy to each Consul on Kubernetes service account that requires access +## Create Vault Authorization Roles for Consul Next, you will create Kubernetes auth roles for the Consul servers: @@ -60,7 +54,7 @@ you can run: $ helm template --release-name ${RELEASE_NAME} --show-only templates/server-serviceaccount.yaml hashicorp/consul ``` -### Update the Consul on Kubernetes helm chart +## Update Consul on Kubernetes Helm chart Now you can configure the Consul Helm chart to use Vault as the Connect CA provider: diff --git a/website/content/docs/k8s/installation/vault/data-integration/enterprise-license.mdx b/website/content/docs/k8s/installation/vault/data-integration/enterprise-license.mdx index 4333a7162..08d7e16f1 100644 --- a/website/content/docs/k8s/installation/vault/data-integration/enterprise-license.mdx +++ b/website/content/docs/k8s/installation/vault/data-integration/enterprise-license.mdx @@ -9,13 +9,13 @@ description: >- This topic describes how to configure the Consul Helm chart to use an enterprise license stored in Vault. ## Overview -To use an enterprise license stored in Vault, we will follow the steps outlined in the [Data Integration](/docs/k8s/installation/vault/data-integration) section: +Complete the steps outlined in the [Data Integration](/docs/k8s/installation/vault/data-integration) section to use an enterprise license stored in Vault. -### One time setup in Vault +Complete the following steps once: 1. Store the secret in Vault. 1. Create a Vault policy that authorizes the desired level of access to the secret. -### Setup per Consul datacenter +Repeat the following steps for each datacenter in the cluster: 1. Create Vault Kubernetes auth roles that link the policy to each Consul on Kubernetes service account that requires access. 1. Update the Consul on Kubernetes helm chart. @@ -24,8 +24,7 @@ Prior to setting up the data integration between Vault and Consul on Kubernetes, 1. Read and completed the steps in the [Systems Integration](/docs/k8s/installation/vault/systems-integration) section of [Vault as a Secrets Backend](/docs/k8s/installation/vault). 2. Read the [Data Integration Overview](/docs/k8s/installation/vault/data-integration) section of [Vault as a Secrets Backend](/docs/k8s/installation/vault). -## One time setup in Vault -### Store the Secret in Vault +## Store the Secret in Vault First, store the enterprise license in Vault: @@ -33,11 +32,11 @@ First, store the enterprise license in Vault: $ vault kv put secret/consul/license key="" ``` -### Create a Vault policy that authorizes the desired level of access to the secret +## Create Vault policy --> **Note:** The secret path referenced by the Vault Policy below will be your `global.enterpriseLicense.secretName` Helm value. +Next, you will need to create a policy that allows read access to this secret. -Next, you will need to create a policy that allows read access to this secret: +The path to the secret referenced in the `path` resource is the same value that you will configure in the `global.enterpriseLicense.secretName` Helm configuration (refer to [Update Consul on Kubernetes Helm chart](#update-consul-on-kubernetes-helm-chart)). @@ -55,8 +54,7 @@ Apply the Vault policy by issuing the `vault policy write` CLI command: $ vault policy write license-policy license-policy.hcl ``` -## Setup per Consul datacenter -### Create Vault Kubernetes auth roles that link the policy to each Consul on Kubernetes service account that requires access +## Create Vault Authorization Roles for Consul Next, you will create Kubernetes auth roles for the Consul server and client: @@ -89,7 +87,7 @@ you can run the following `helm template` commands with your Consul on Kubernete $ helm template --release-name ${RELEASE_NAME} -s templates/client-serviceaccount.yaml hashicorp/consul ``` -### Update the Consul on Kubernetes helm chart. +## Update Consul on Kubernetes Helm chart. Now that you have configured Vault, you can configure the Consul Helm chart to use the enterprise enterprise license in Vault: diff --git a/website/content/docs/k8s/installation/vault/data-integration/gossip.mdx b/website/content/docs/k8s/installation/vault/data-integration/gossip.mdx index 57480a9ec..828b19307 100644 --- a/website/content/docs/k8s/installation/vault/data-integration/gossip.mdx +++ b/website/content/docs/k8s/installation/vault/data-integration/gossip.mdx @@ -7,14 +7,16 @@ description: >- # Storing Gossip Encryption Key in Vault -## Overview -To use a gossip encryption key stored in Vault, we will follow the steps outlined in the [Data Integration](/docs/k8s/installation/vault/data-integration) section: +This topic describes how to configure the Consul Helm chart to use TLS certificates issued by Vault in the Consul controller and connect inject webhooks. -### One time setup in Vault +## Overview +Complete the steps outlined in the [Data Integration](/docs/k8s/installation/vault/data-integration) section to use a gossip encryption key stored in Vault. + +Complete the following steps once: 1. Store the secret in Vault. 1. Create a Vault policy that authorizes the desired level of access to the secret. -### Setup per Consul datacenter +Repeat the following steps for each datacenter in the cluster: 1. Create Vault Kubernetes auth roles that link the policy to each Consul on Kubernetes service account that requires access. 1. Update the Consul on Kubernetes helm chart. @@ -23,18 +25,17 @@ Prior to setting up the data integration between Vault and Consul on Kubernetes, 1. Read and completed the steps in the [Systems Integration](/docs/k8s/installation/vault/systems-integration) section of [Vault as a Secrets Backend](/docs/k8s/installation/vault). 2. Read the [Data Integration Overview](/docs/k8s/installation/vault/data-integration) section of [Vault as a Secrets Backend](/docs/k8s/installation/vault). -## One time setup in Vault -### Store the Secret in Vault -First, generate and store the gossip key in Vault: +## Store the Secret in Vault +First, generate and store the gossip key in Vault. You will only need to perform this action once: ```shell-session $ vault kv put secret/consul/gossip key="$(consul keygen)" ``` -### Create a Vault policy that authorizes the desired level of access to the secret +## Create Vault policy --> **Note:** The secret path referenced by the Vault Policy below will be your `global.gossipEncryption.secretName` Helm value. +Next, create a policy that allows read access to this secret. -Next, we will need to create a policy that allows read access to this secret: +The path to the secret referenced in the `path` resource is the same value that you will configure in the `global.gossipEncryption.secretName` Helm configuration (refer to [Update Consul on Kubernetes Helm chart](#update-consul-on-kubernetes-helm-chart)). @@ -52,8 +53,7 @@ Apply the Vault policy by issuing the `vault policy write` CLI command: $ vault policy write gossip-policy gossip-policy.hcl ``` -## Setup per Consul datacenter -### Create Vault Kubernetes auth roles that link the policy to each Consul on Kubernetes service account that requires access +## Create Vault Authorization Roles for Consul Next, we will create Kubernetes auth roles for the Consul server and client: @@ -86,7 +86,7 @@ you can run the following `helm template` commands with your Consul on Kubernete $ helm template --release-name ${RELEASE_NAME} -s templates/client-serviceaccount.yaml hashicorp/consul ``` -### Update the Consul on Kubernetes helm chart +## Update Consul on Kubernetes Helm chart Now that we've configured Vault, you can configure the Consul Helm chart to use the gossip key in Vault: diff --git a/website/content/docs/k8s/installation/vault/data-integration/index.mdx b/website/content/docs/k8s/installation/vault/data-integration/index.mdx index 5007fcfe9..a7669f549 100644 --- a/website/content/docs/k8s/installation/vault/data-integration/index.mdx +++ b/website/content/docs/k8s/installation/vault/data-integration/index.mdx @@ -13,13 +13,13 @@ This topic describes an overview of how to configure Vault and Consul in order t ### General Integration Steps -Generally, for each secret you wish to store in Vault, the process to integrate the data between Vault and Consul on Kubernetes is: +You must complete two general procedures for each secret you wish to store in Vault. -#### One time setup in Vault +Complete the following steps once: 1. Store the secret in Vault. 1. Create a Vault policy that authorizes the desired level of access to the secret. -#### Setup per Consul datacenter +Repeat the following steps for each datacenter in the cluster: 1. Create Vault Kubernetes auth roles that link the policy to each Consul on Kubernetes service account that requires access. 1. Update the Consul on Kubernetes helm chart. @@ -31,14 +31,13 @@ Prior to setting up the data integration between Vault and Consul on Kubernetes, Following the general integration steps, a more detailed workflow for integration of the [Gossip encryption key](/docs/k8s/installation/vault/data-integration/gossip) with the Vault Secrets backend would like the following: -#### One time setup in Vault +Complete the following steps once: 1. Store the secret in Vault. - Save the gossip encryption key in Vault at the path `secret/consul/gossip`. 1. Create a Vault policy that authorizes the desired level of access to the secret. - Create a Vault policy that you name `gossip-policy` which allows `read` access to the path `secret/consul/gossip`. -#### Setup per Consul datacenter - +Repeat the following steps for each datacenter in the cluster: 1. Create Vault Kubernetes auth roles that link the policy to each Consul on Kubernetes service account that requires access. - Both Consul servers and Consul clients need access to the gossip encryption key, so you create two Vault Kubernetes: - A role called `consul-server` that maps the Kubernetes namespace and service account name for your consul servers to the `gossip-policy` created in [step 2](#one-time-setup-in-vault) of One time setup in Vault. diff --git a/website/content/docs/k8s/installation/vault/data-integration/partition-token.mdx b/website/content/docs/k8s/installation/vault/data-integration/partition-token.mdx index 2e7c7e68c..98c764fc5 100644 --- a/website/content/docs/k8s/installation/vault/data-integration/partition-token.mdx +++ b/website/content/docs/k8s/installation/vault/data-integration/partition-token.mdx @@ -10,13 +10,13 @@ description: >- This topic describes how to configure the Consul Helm chart to use an ACL partition token stored in Vault. ## Overview -To use an ACL partition token stored in Vault, we will follow the steps outlined in the [Data Integration](/docs/k8s/installation/vault/data-integration) section: +Complete the steps outlined in the [Data Integration](/docs/k8s/installation/vault/data-integration) section to use an ACL partition token stored in Vault. -### One time setup in Vault +Complete the following steps once: 1. Store the secret in Vault. 1. Create a Vault policy that authorizes the desired level of access to the secret. -### Setup per Consul datacenter +Repeat the following steps for each datacenter in the cluster: 1. Create Vault Kubernetes auth roles that link the policy to each Consul on Kubernetes service account that requires access. 1. Update the Consul on Kubernetes helm chart. @@ -25,20 +25,19 @@ Prior to setting up the data integration between Vault and Consul on Kubernetes, 1. Read and completed the steps in the [Systems Integration](/docs/k8s/installation/vault/systems-integration) section of [Vault as a Secrets Backend](/docs/k8s/installation/vault). 2. Read the [Data Integration Overview](/docs/k8s/installation/vault/data-integration) section of [Vault as a Secrets Backend](/docs/k8s/installation/vault). -## One time setup in Vault -### Generate and Store the Secret in Vault +## Store the Secret in Vault -First, generate and store the ACL partition token in Vault: +First, generate and store the ACL partition token in Vault. You will only need to perform this action once: ```shell-session $ vault kv put secret/consul/partition-token token="$(uuidgen | tr '[:upper:]' '[:lower:]')" ``` -### Create a Vault policy that authorizes the desired level of access to the secret +## Create Vault policy --> **Note:** The secret path referenced by the Vault Policy below will be your `global.acls.partitionToken.secretName` Helm value. +Next, you will need to create a policy that allows read access to this secret. -Next, you will need to create a policy that allows read access to this secret: +The path to the secret referenced in the `path` resource is the same value that you will configure in the `global.acls.partitionToken.secretName` Helm configuration (refer to [Update Consul on Kubernetes Helm chart](#update-consul-on-kubernetes-helm-chart)). @@ -56,8 +55,7 @@ Apply the Vault policy by issuing the `vault policy write` CLI command: $ vault policy write partition-token-policy partition-token-policy.hcl ``` -## Setup per Consul datacenter -### Create Vault Kubernetes auth roles that link the policy to each Consul on Kubernetes service account that requires access +## Create Vault Authorization Roles for Consul Next, you will create Kubernetes auth roles for the Consul `server-acl-init` job: @@ -76,7 +74,7 @@ you can run the following `helm template` command with your Consul on Kubernetes $ helm template --release-name ${RELEASE_NAME} -s templates/server-acl-init-serviceaccount.yaml hashicorp/consul ``` -### Update the Consul on Kubernetes helm chart +## Update Consul on Kubernetes Helm chart Now that you have configured Vault, you can configure the Consul Helm chart to use the ACL partition token key in Vault: diff --git a/website/content/docs/k8s/installation/vault/data-integration/replication-token.mdx b/website/content/docs/k8s/installation/vault/data-integration/replication-token.mdx index ed40fdea5..f17c3fcb7 100644 --- a/website/content/docs/k8s/installation/vault/data-integration/replication-token.mdx +++ b/website/content/docs/k8s/installation/vault/data-integration/replication-token.mdx @@ -9,13 +9,13 @@ description: >- This topic describes how to configure the Consul Helm chart to use an ACL replication token stored in Vault. ## Overview -To use an ACL replication token stored in Vault, we will follow the steps outlined in the [Data Integration](/docs/k8s/installation/vault/data-integration) section: +To use an ACL replication token stored in Vault, follow the steps outlined in the [Data Integration](/docs/k8s/installation/vault/data-integration) section. -### One time setup in Vault +Complete the following steps once: 1. Store the secret in Vault. 1. Create a Vault policy that authorizes the desired level of access to the secret. -### Setup per Consul datacenter +Repeat the following steps for each datacenter in the cluster: 1. Create Vault Kubernetes auth roles that link the policy to each Consul on Kubernetes service account that requires access. 1. Update the Consul on Kubernetes helm chart. @@ -24,20 +24,19 @@ Prior to setting up the data integration between Vault and Consul on Kubernetes, 1. Read and completed the steps in the [Systems Integration](/docs/k8s/installation/vault/systems-integration) section of [Vault as a Secrets Backend](/docs/k8s/installation/vault). 2. Read the [Data Integration Overview](/docs/k8s/installation/vault/data-integration) section of [Vault as a Secrets Backend](/docs/k8s/installation/vault). -## One time setup in Vault -### Generate and Store the Secret in Vault +## Store the Secret in Vault -First, generate and store the ACL replication token in Vault: +First, generate and store the ACL replication token in Vault. You will only need to perform this action once: ```shell-session $ vault kv put secret/consul/replication-token token="$(uuidgen | tr '[:upper:]' '[:lower:]')" ``` -### Create a Vault policy that authorizes the desired level of access to the secret +## Create Vault policy --> **Note:** The secret path referenced by the Vault Policy below will be your `global.acls.replicationToken.secretName` Helm value. +Next, you will need to create a policy that allows read access to this secret. -Next, you will need to create a policy that allows read access to this secret: +The path to the secret referenced in the `path` resource is the same value that you will configure in the `global.acls.replicationToken.secretName` Helm configuration (refer to [Update Consul on Kubernetes Helm chart](#update-consul-on-kubernetes-helm-chart)). @@ -55,8 +54,7 @@ Apply the Vault policy by issuing the `vault policy write` CLI command: $ vault policy write replication-token-policy replication-token-policy.hcl ``` -## Setup per Consul datacenter -### Create Vault Kubernetes auth roles that link the policy to each Consul on Kubernetes service account that requires access +## Create Vault Authorization Roles for Consul Next, you will create Kubernetes auth roles for the Consul `server-acl-init` job: @@ -75,7 +73,7 @@ you can run the following `helm template` command with your Consul on Kubernetes $ helm template --release-name ${RELEASE_NAME} -s templates/server-acl-init-serviceaccount.yaml hashicorp/consul ``` -### Update the Consul on Kubernetes helm chart +## Update Consul on Kubernetes Helm chart Now that you have configured Vault, you can configure the Consul Helm chart to use the ACL replication token key in Vault: diff --git a/website/content/docs/k8s/installation/vault/data-integration/server-tls.mdx b/website/content/docs/k8s/installation/vault/data-integration/server-tls.mdx index 38626c9dd..382a53ed9 100644 --- a/website/content/docs/k8s/installation/vault/data-integration/server-tls.mdx +++ b/website/content/docs/k8s/installation/vault/data-integration/server-tls.mdx @@ -8,12 +8,12 @@ description: >- # Vault as the Server TLS Certificate Provider on Kubernetes ## Overview -To use an Vault as the Server TLS Certificate Provider on Kubernetes, we will need to modify the steps outlined in the [Data Integration](/docs/k8s/installation/vault/data-integration) section: +To use Vault as the server TLS certificate provider on Kubernetes, complete a modified version of the steps outlined in the [Data Integration](/docs/k8s/installation/vault/data-integration) section. -### One time setup in Vault +Complete the following steps once: 1. Create a Vault policy that authorizes the desired level of access to the secret. -### Setup per Consul datacenter +Repeat the following steps for each datacenter in the cluster: 1. (Added) Configure allowed domains for PKI certificates 1. Create Vault Kubernetes auth roles that link the policy to each Consul on Kubernetes service account that requires access. 1. Update the Consul on Kubernetes helm chart. @@ -24,11 +24,10 @@ Prior to setting up the data integration between Vault and Consul on Kubernetes, 2. Read the [Data Integration Overview](/docs/k8s/installation/vault/data-integration) section of [Vault as a Secrets Backend](/docs/k8s/installation/vault). 3. Complete the [Bootstrapping the PKI Engine](#bootstrapping-the-pki-engine) section. -### Bootstrapping the PKI Engine +## Bootstrapping the PKI Engine -First, we need to bootstrap the Vault cluster by enabling and configuring the PKI Secrets Engine to be able to serve -TLS certificates to Consul. The process can be as simple as the following, or more complicated such as in this [example](https://learn.hashicorp.com/tutorials/consul/vault-pki-consul-secure-tls) -which also uses an intermediate signing authority. +Issue the following commands to enable and configure the PKI Secrets Engine to server +TLS certificates to Consul. * Enable the PKI Secrets Engine: @@ -51,142 +50,128 @@ which also uses an intermediate signing authority. common_name="dc1.consul" \ ttl=87600h ``` -## One time setup in Vault -### Store the secret in Vault - -This step is not valid to this use case because we are not storing a single secret. We are configuring Vault as a provider to mint certificates on an ongoing basis. - -### Create a Vault policy that authorizes the desired level of access to the secret +## Create Vault policies To use Vault to issue Server TLS certificates, you will need to create the following: -1. Vault Policies that will allow the Consul server to access the certificate issuing url. -1. Vault Policies that will allow the Consul components, e.g. ingress gateways, controller, to access the CA url. +1. Create a policy that allows `["create", "update"]` access to the + [certificate issuing URL](https://www.vaultproject.io/api/secret/pki#generate-certificate) so the Consul servers can + fetch a new certificate/key pair. -#### Create Vault Policies for the Server TLS Certificates + The path to the secret referenced in the `path` resource is the same value that you will configure in the `server.serverCert.secretName` Helm configuration (refer to [Update Consul on Kubernetes Helm chart](#update-consul-on-kubernetes-helm-chart)). --> **Note:** The PKI secret path referenced by the Vault Policy below will be your `server.serverCert.secretName` Helm value. + -Next we will create a policy that allows `["create", "update"]` access to the -[certificate issuing URL](https://www.vaultproject.io/api/secret/pki#generate-certificate) so the Consul servers can -fetch a new certificate/key pair. + ```HCL + path "pki/issue/consul-server" { + capabilities = ["create", "update"] + } + ``` - + -```HCL -path "pki/issue/consul-server" { - capabilities = ["create", "update"] -} -``` +1. Apply the Vault policy by issuing the `vault policy write` CLI command: - + ```shell-session + $ vault policy write consul-server consul-server-policy.hcl + ``` -Apply the Vault policy by issuing the `vault policy write` CLI command: - -```shell-session -$ vault policy write consul-server consul-server-policy.hcl -``` - -#### Create Vault Policies for the CA URL - -Next, we will create a policy that allows `["read"]` access to the [CA URL](https://www.vaultproject.io/api/secret/pki#read-certificate), +1. Create a policy that allows `["read"]` access to the [CA URL](https://www.vaultproject.io/api/secret/pki#read-certificate), this is required for the Consul components to communicate with the Consul servers in order to fetch their auto-encryption certificates. + + The path to the secret referenced in the `path` resource is the same value that you will configure in the `global.tls.caCert.secretName` Helm configuration (refer to [Update Consul on Kubernetes Helm chart](#update-consul-on-kubernetes-helm-chart)). - + -```HCL -path "pki/cert/ca" { - capabilities = ["read"] -} -``` + ```HCL + path "pki/cert/ca" { + capabilities = ["read"] + } + ``` - + -```shell-session -$ vault policy write ca-policy ca-policy.hcl -``` + ```shell-session + $ vault policy write ca-policy ca-policy.hcl + ``` --> **Note:** The PKI secret path referenced by the above Policy will be your `global.tls.caCert.secretName` Helm value. +1. Configure allowed domains for PKI certificates. -## Setup per Consul datacenter -### Configure allowed domains for PKI certificates + Next, a Vault role for the PKI engine will set the default certificate issuance parameters: -Next, a Vault role for the PKI engine will set the default certificate issuance parameters: + ```shell-session + $ vault write pki/roles/consul-server \ + allowed_domains="" \ + allow_subdomains=true \ + allow_bare_domains=true \ + allow_localhost=true \ + generate_lease=true \ + max_ttl="720h" + ``` -```shell-session -$ vault write pki/roles/consul-server \ - allowed_domains="" \ - allow_subdomains=true \ - allow_bare_domains=true \ - allow_localhost=true \ - generate_lease=true \ - max_ttl="720h" -``` + To generate the `` use the following script as a template: -To generate the `` use the following script as a template: + ```shell-session + #!/bin/sh -```shell-session -#!/bin/sh + # NAME is set to either the value from `global.name` from your Consul K8s value file, or your $HELM_RELEASE_NAME-consul + export NAME=consulk8s + # NAMESPACE is where the Consul on Kubernetes is installed + export NAMESPACE=consul + # DATACENTER is the value of `global.datacenter` from your Helm values config file + export DATACENTER=dc1 -# NAME is set to either the value from `global.name` from your Consul K8s value file, or your $HELM_RELEASE_NAME-consul -export NAME=consulk8s -# NAMESPACE is where the Consul on Kubernetes is installed -export NAMESPACE=consul -# DATACENTER is the value of `global.datacenter` from your Helm values config file -export DATACENTER=dc1 + echo allowed_domains=\"$DATACENTER.consul, $NAME-server, $NAME-server.$NAMESPACE, $NAME-server.$NAMESPACE.svc\" + ``` -echo allowed_domains=\"$DATACENTER.consul, $NAME-server, $NAME-server.$NAMESPACE, $NAME-server.$NAMESPACE.svc\" -``` +1. Finally, Kubernetes auth roles need to be created for servers, clients, and components. -### Link the Vault policies to Consul workloads -Create three Vault auth roles, one for the Consul servers, one for the Consul clients, and one for Consul components, that link the policy to each Consul workload on Kubernetes service account that requires access. + Role for Consul servers: + ```shell-session + $ vault write auth/kubernetes/role/consul-server \ + bound_service_account_names= \ + bound_service_account_namespaces= \ + policies=consul-server \ + ttl=1h + ``` -Role for Consul servers: -```shell-session -$ vault write auth/kubernetes/role/consul-server \ - bound_service_account_names= \ - bound_service_account_namespaces= \ - policies=consul-server \ - ttl=1h -``` + To find out the service account name of the Consul server, + you can run: -To find out the service account name of the Consul server, -you can run: + ```shell-session + $ helm template --release-name ${RELEASE_NAME} --show-only templates/server-serviceaccount.yaml hashicorp/consul + ``` -```shell-session - $ helm template --release-name ${RELEASE_NAME} --show-only templates/server-serviceaccount.yaml hashicorp/consul -``` + Role for Consul clients: -Role for Consul clients: + ```shell-session + $ vault write auth/kubernetes/role/consul-client \ + bound_service_account_names= \ + bound_service_account_namespaces=default \ + policies=ca-policy \ + ttl=1h + ``` -```shell-session -$ vault write auth/kubernetes/role/consul-client \ - bound_service_account_names= \ - bound_service_account_namespaces=default \ - policies=ca-policy \ - ttl=1h -``` + To find out the service account name of the Consul client, use the command below. + ```shell-session + $ helm template --release-name ${RELEASE_NAME} --show-only templates/client-serviceaccount.yaml hashicorp/consul + ``` -To find out the service account name of the Consul client, use the command below. -```shell-session - $ helm template --release-name ${RELEASE_NAME} --show-only templates/client-serviceaccount.yaml hashicorp/consul -``` + Role for CA components: + ```shell-session + $ vault write auth/kubernetes/role/consul-ca \ + bound_service_account_names="*" \ + bound_service_account_namespaces= \ + policies=ca-policy \ + ttl=1h + ``` -Role for CA components: -```shell-session -$ vault write auth/kubernetes/role/consul-ca \ - bound_service_account_names="*" \ - bound_service_account_namespaces= \ - policies=ca-policy \ - ttl=1h -``` + The above Vault Roles will now be your Helm values for `global.secretsBackend.vault.consulServerRole` and + `global.secretsBackend.vault.consulCARole` respectively. -The above Vault Roles will now be your Helm values for `global.secretsBackend.vault.consulServerRole` and -`global.secretsBackend.vault.consulCARole` respectively. +## Update Consul on Kubernetes Helm chart -### Update the Consul on Kubernetes helm chart - -Now that we've configured Vault, you can configure the Consul Helm chart to -use the Server TLS certificates from Vault: +Next, configure the Consul Helm chart to +use the server TLS certificates from Vault: diff --git a/website/content/docs/k8s/installation/vault/data-integration/snapshot-agent-config.mdx b/website/content/docs/k8s/installation/vault/data-integration/snapshot-agent-config.mdx index b8e4a1646..6a0d913cd 100644 --- a/website/content/docs/k8s/installation/vault/data-integration/snapshot-agent-config.mdx +++ b/website/content/docs/k8s/installation/vault/data-integration/snapshot-agent-config.mdx @@ -9,15 +9,13 @@ description: >- This topic describes how to configure the Consul Helm chart to use a snapshot agent config stored in Vault. ## Overview -To use an ACL replication token stored in Vault, we will follow the steps outlined in the [Data Integration](/docs/k8s/installation/vault/data-integration) section: - -### One time setup in Vault +To use an ACL replication token stored in Vault, follow the steps outlined in the [Data Integration](/docs/k8s/installation/vault/data-integration) section. +Complete the following steps once: 1. Store the secret in Vault. 1. Create a Vault policy that authorizes the desired level of access to the secret. -### Setup per Consul datacenter - +Repeat the following steps for each datacenter in the cluster: 1. Create Vault Kubernetes auth roles that link the policy to each Consul on Kubernetes service account that requires access. 1. Update the Consul on Kubernetes helm chart. @@ -26,8 +24,7 @@ Prior to setting up the data integration between Vault and Consul on Kubernetes, 1. Read and completed the steps in the [Systems Integration](/docs/k8s/installation/vault/systems-integration) section of [Vault as a Secrets Backend](/docs/k8s/installation/vault). 2. Read the [Data Integration Overview](/docs/k8s/installation/vault/data-integration) section of [Vault as a Secrets Backend](/docs/k8s/installation/vault). -## One time setup in Vault -### Store the Secret in Vault +## Store the Secret in Vault First, store the snapshot agent config in Vault: @@ -35,11 +32,11 @@ First, store the snapshot agent config in Vault: $ vault kv put secret/consul/snapshot-agent-config key="" ``` -### Create a Vault policy that authorizes the desired level of access to the secret +## Create Vault policy --> **Note:** The secret path referenced by the Vault Policy below will be your `client.snapshotAgent.configSecret.secretName` Helm value. +Next, you will need to create a policy that allows read access to this secret. -Next, you will need to create a policy that allows read access to this secret: +The path to the secret referenced in the `path` resource is the same values that you will configure in the `client.snapshotAgent.configSecret.secretName` Helm configuration (refer to [Update Consul on Kubernetes Helm chart](#update-consul-on-kubernetes-helm-chart)). @@ -57,8 +54,7 @@ Apply the Vault policy by issuing the `vault policy write` CLI command: $ vault policy write snapshot-agent-config-policy snapshot-agent-config-policy.hcl ``` -## Setup per Consul datacenter -### Create Vault Kubernetes auth roles that link the policy to each Consul on Kubernetes service account that requires access +## Create Vault Authorization Roles for Consul Next, you will create a Kubernetes auth role for the Consul snapshot agent: @@ -77,10 +73,10 @@ you can run the following `helm template` command with your Consul on Kubernetes $ helm template --release-name ${RELEASE_NAME} -s templates/client-snapshot-agent-serviceaccount.yaml hashicorp/consul ``` -### Update the Consul on Kubernetes helm chart +## Update Consul on Kubernetes Helm chart Now that you have configured Vault, you can configure the Consul Helm chart to -use the snapshot agent config in Vault: +use the snapshot agent configuration in Vault: diff --git a/website/content/docs/k8s/installation/vault/data-integration/webhook-certs.mdx b/website/content/docs/k8s/installation/vault/data-integration/webhook-certs.mdx index 028ebb496..4615a040c 100644 --- a/website/content/docs/k8s/installation/vault/data-integration/webhook-certs.mdx +++ b/website/content/docs/k8s/installation/vault/data-integration/webhook-certs.mdx @@ -21,7 +21,7 @@ When Vault is configured as the controller and connect inject Webhook Certificat To use Vault as the controller and connect inject Webhook Certificate Provider, we will need to modify the steps outlined in the [Data Integration](/docs/k8s/installation/vault/data-integration) section: -### Setup per Consul datacenter +These following steps will be repeated for each datacenter: 1. Create a Vault policy that authorizes the desired level of access to the secret. 1. (Added) Create Vault PKI roles for controller and connect inject each that establish the domains that each is allowed to issue certificates for. 1. Create Vault Kubernetes auth roles that link the policy to each Consul on Kubernetes service account that requires access. @@ -33,11 +33,9 @@ Complete the following prerequisites prior to implementing the integration descr 1. You should be familiar with the [Data Integration Overview](/docs/k8s/installation/vault/data-integration) section of [Vault as a Secrets Backend](/docs/k8s/installation/vault). 1. Configure [Vault as the Server TLS Certificate Provider on Kubernetes](/docs/k8s/installation/vault/data-integration/server-tls) 1. Configure [Vault as the Service Mesh Certificate Provider on Kubernetes](/docs/k8s/installation/vault/data-integration/connect-ca) -1. Complete the [Bootstrapping the PKI Engine for Controller and Connect Inject Webhooks](#bootstrapping-the-pki-engine-for-controller-and-connect-inject-webhooks) section. -### Bootstrapping the PKI Engine for Controller and Connect Inject Webhooks - -The first step is to bootstrap the Vault cluster. Issue the following commands to enable and configure the PKI Secrets Engine to serve TLS certificates for the controller and connect inject webhooks: +## Bootstrapping the PKI Engines +Issue the following commands to enable and configure the PKI Secrets Engine to serve TLS certificates for the controller and connect inject webhooks: * Mount the PKI Secrets Engine for each: @@ -72,138 +70,124 @@ The first step is to bootstrap the Vault cluster. Issue the following commands t common_name="-connect-injector" \ ttl=87600h ``` -## Setup per Consul datacenter -You will need to preform the following steps for each datacenter that you would like to manage controller and connect inject webhook certificates in Vault. You will want to take care to create different names per datacenter for every pki mount, role, and policy. +## Create Vault Policies +1. Create a policy that allows `["create", "update"]` access to the +[certificate issuing URL](https://www.vaultproject.io/api/secret/pki#generate-certificate) so Consul controller and connect inject can fetch a new certificate/key pair and provide it to the Kubernetes `mutatingwebhookconfiguration`. -### Create a Vault policy that authorizes the desired level of access to the secret -To use Vault to issue controller or connect inject webhook certificates, you will need to create the Vault policies that will allow either controller or connect inject to access its respective certificate-issuing URL. + The path to the secret referenced in the `path` resource is the same value that you will configure in the `global.secretsBackend.vault.controller.tlsCert.secretName` and `global.secretsBackend.vault.connectInject.tlsCert.secretName` Helm configuration (refer to [Update Consul on Kubernetes Helm chart](#update-consul-on-kubernetes-helm-chart)). -#### Create Vault Policies for the Controller and Connect Inject Webhook Certificates + ```shell-session + $ vault policy write controller-tls-policy - < **Note:** The PKI secret paths referenced by the Vault Policies below will be your `global.secretsBackend.vault.controller.tlsCert.secretName` and `global.secretsBackend.vault.connectInject.tlsCert.secretName` Helm values respectively. + ```shell-session + $ vault policy write connect-inject-policy - <` for each use the following script as a template: + + ```shell-session + #!/bin/sh + + # NAME is set to either the value from `global.name` from your Consul K8s value file, or your $HELM_RELEASE_NAME-consul + export NAME=consulk8s + # NAMESPACE is where the Consul on Kubernetes is installed + export NAMESPACE=consul + # DATACENTER is the value of `global.datacenter` from your Helm values config file + export DATACENTER=dc1 + + echo allowed_domains_controller=\"${NAME}-controller-webhook,${NAME}-controller-webhook.${NAMESPACE},${NAME}-controller-webhook.${NAMESPACE}.svc,${NAME}-controller-webhook.${NAMESPACE}.svc.cluster.local\"" + + echo allowed_domains_connect_inject=\"${NAME}-connect-injector,${NAME}-connect-injector.${NAMESPACE},${NAME}-connect-injector.${NAMESPACE}.svc,${NAME}-connect-injector.${NAMESPACE}.svc.cluster.local\"" + ``` + +1. Finally, Kubernetes auth roles need to be created for controller and connect inject webhooks. -```shell-session -$ vault policy write controller-tls-policy - < \ + bound_service_account_namespaces= \ + policies=controller-ca-policy \ + ttl=1h + ``` --> **Note:** The PKI secret paths referenced by the Vault Policies below will be your `global.secretsBackend.vault.controller.caCert.secretName` and `global.secretsBackend.vault.connectInject.caCert.secretName` Helm values respectively. + To find out the service account name of the Consul controller, + you can run: -Next, create a policy that allows `["read"]` access to the [CA URL](https://www.vaultproject.io/api/secret/pki#read-certificate). The policy is required so that Consul components can communicate with the Consul servers in order to fetch their auto-encryption certificates. Issue the following commands to create the policy: + ```shell-session + $ helm template --release-name ${RELEASE_NAME} --show-only templates/controller-serviceaccount.yaml hashicorp/consul + ``` -```shell-session -$ vault policy write controller-ca-policy - < \ + bound_service_account_namespaces= \ + policies=connect-inject-ca-policy \ + ttl=1h + ``` -Issue the following command to create a Vault role for the controller PKI engine and set the default parameters for issuing certificates: + To find out the service account name of the Consul connect inject, use the command below. + ```shell-session + $ helm template --release-name ${RELEASE_NAME} --show-only templates/connect-inject-serviceaccount.yaml hashicorp/consul + ``` -```shell-session -$ vault write controller/roles/controller-role \ - allowed_domains="" \ - allow_subdomains=true \ - allow_bare_domains=true \ - allow_localhost=true \ - generate_lease=true \ - max_ttl="720h" -``` - -Issue the following command to create a Vault role for the connect inject PKI engine and set the default parameters for issuing certificates: - -```shell-session -$ vault write connect-inject/roles/connect-inject-role \ - allowed_domains="" \ - allow_subdomains=true \ - allow_bare_domains=true \ - allow_localhost=true \ - generate_lease=true \ - max_ttl="720h" -``` - -To generate the `` for each use the following script as a template: - -```shell-session -#!/bin/sh - -# NAME is set to either the value from `global.name` from your Consul K8s value file, or your $HELM_RELEASE_NAME-consul -export NAME=consulk8s -# NAMESPACE is where the Consul on Kubernetes is installed -export NAMESPACE=consul -# DATACENTER is the value of `global.datacenter` from your Helm values config file -export DATACENTER=dc1 - -echo allowed_domains_controller=\"${NAME}-controller-webhook,${NAME}-controller-webhook.${NAMESPACE},${NAME}-controller-webhook.${NAMESPACE}.svc,${NAME}-controller-webhook.${NAMESPACE}.svc.cluster.local\"" - -echo allowed_domains_connect_inject=\"${NAME}-connect-injector,${NAME}-connect-injector.${NAMESPACE},${NAME}-connect-injector.${NAMESPACE}.svc,${NAME}-connect-injector.${NAMESPACE}.svc.cluster.local\"" -``` - -### Create a Vault auth roles that link the policy to each Consul on Kubernetes service account that requires access - --> **Note:** The Vault auth roles below will be your `global.secretsBackend.vault.controllerRole` and `global.secretsBackend.vault.connectInjectRole` Helm values respectively. - - -Finally, Kubernetes auth roles need to be created for controller and connect inject webhooks. - -Role for Consul controller webhooks: -```shell-session -$ vault write auth/kubernetes/role/controller-role \ - bound_service_account_names= \ - bound_service_account_namespaces= \ - policies=controller-ca-policy \ - ttl=1h -``` - -To find out the service account name of the Consul controller, -you can run: - -```shell-session - $ helm template --release-name ${RELEASE_NAME} --show-only templates/controller-serviceaccount.yaml hashicorp/consul -``` - -Role for Consul connect inject webhooks: - -```shell-session -$ vault write auth/kubernetes/role/connect-inject-role \ - bound_service_account_names= \ - bound_service_account_namespaces= \ - policies=connect-inject-ca-policy \ - ttl=1h -``` - -To find out the service account name of the Consul connect inject, use the command below. -```shell-session - $ helm template --release-name ${RELEASE_NAME} --show-only templates/connect-inject-serviceaccount.yaml hashicorp/consul -``` - -### Update the Consul on Kubernetes helm chart +## Update Consul on Kubernetes Helm chart Now that we've configured Vault, you can configure the Consul Helm chart to use the Server TLS certificates from Vault: diff --git a/website/content/docs/k8s/installation/vault/systems-integration.mdx b/website/content/docs/k8s/installation/vault/systems-integration.mdx index 02e01b971..a48bcdb45 100644 --- a/website/content/docs/k8s/installation/vault/systems-integration.mdx +++ b/website/content/docs/k8s/installation/vault/systems-integration.mdx @@ -8,24 +8,20 @@ description: >- # Vault as the Secrets Backend - Systems Integration ## Overview -At a high level, configuring a systems integration of Vault with Consul on Kubernetes consists of 1) a one time setup on Vault and 2) a setup of the secrets backend per Consul datacenter via Helm. +Integrating Vault with Consul on Kubernetes includes a one-time setup on Vault and setting up the secrets backend for each Consul datacenter via Helm. -### One time setup on Vault +Complete the following steps once: - Enabling Vault KV Secrets Engine - Version 2 to store arbitrary secrets - Enabling Vault PKI Engine if you are choosing to store and manage either [Consul Server TLS credentials](/docs/k8s/installation/vault/data-integration/server-tls) or [Service Mesh and Consul client TLS credentials](/docs/k8s/installation/vault/data-integration/connect-ca) -### Setup per Consul datacenter +Repeat the following steps for each datacenter in the cluster: - Installing the Vault Injector within the Consul datacenter installation - Configuring a Kubernetes Auth Method in Vault to authenticate and authorize operations from the Consul datacenter - Enable Vault as the Secrets Backend in the Consul datacenter -## One time setup on Vault - -A one time setup on a Vault deployment is necessary to enable both the Vault KV Secrets Engine and the Vault PKI Engine. These docs assume that you have already setup a Vault cluster for use with Consul on Kubernetes. - Please read [Run Vault on Kubernetes](https://www.vaultproject.io/docs/platform/k8s/helm/run) if instructions on setting up a Vault cluster are needed. -### Vault KV Secrets Engine - Version 2 +## Vault KV Secrets Engine - Version 2 The following secrets can be stored in Vault KV secrets engine, which is meant to handle arbitrary secrets: - ACL Bootstrap token ([`global.acls.bootstrapToken`](/docs/k8s/helm#v-global-acls-bootstraptoken)) @@ -41,7 +37,7 @@ In order to store any of these secrets, we must enable the [Vault KV secrets eng $ vault secrets enable -path=consul kv-v2 ``` -### Vault PKI Engine +## Vault PKI Engine The Vault PKI Engine must be enabled in order to leverage Vault for issuing Consul Server TLS certificates. More details for configuring the PKI Engine is found in [Bootstrapping the PKI Engine](/docs/k8s/installation/vault/data-integration/server-tls#bootstrapping-the-pki-engine) under the Server TLS section. @@ -49,61 +45,83 @@ The Vault PKI Engine must be enabled in order to leverage Vault for issuing Cons $ vault secrets enable pki ``` -## Setup per Consul datacenter - -After configuring Vault, Consul datacenters on Kubernetes must be deployed with the Vault Agent injector and configured to leverage the Vault Kubernetes Auth Method to read secrets from a Vault cluster. - -### Set Environment Variables to ensure integration consistency +## Set Environment Variables Before installing the Vault Injector and configuring the Vault Kubernetes Auth Method, some environment variables need to be set to better ensure consistent mapping between Vault and Consul on Kubernetes. -#### DATACENTER - - - **Recommended value:** value of `global.datacenter` in your Consul Helm values file. - ```shell-session - $ export DATACENTER=dc1 - ``` -#### VAULT_AUTH_METHOD_NAME - - - **Recommended value:** a concatenation of a `kubernetes-` prefix (to denote the auth method type) with `DATACENTER` environment variable. - ```shell-session - $ export VAULT_AUTH_METHOD_NAME=kubernetes-${DATACENTER} - ``` + - DATACENTER -#### VAULT_SERVER_HOST + We recommend using the value for `global.datacenter` in your Consul Helm values file for this variable. + ```shell-session + $ export DATACENTER=dc1 + ``` - - **Recommended value:** find the external IP address of your Vault cluster. - - If Vault is installed in a Kubernetes cluster, get the external IP or DNS name of the Vault server load balancer. - - On GKE or AKS, it'll be an IP: - ```shell-session - $ export VAULT_SERVER_HOST=$(kubectl get svc vault-dc1 -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - ``` - - On EKS, it'll be a hostname: - ```shell-session - $ export VAULT_SERVER_HOST=$(kubectl get svc vault-dc1 -o jsonpath='{.status.loadBalancer.ingress[0].hostname}') - ``` - - If Vault is not running on Kubernetes, utilize the `api_addr` as defined in the Vault [High Availability Parameters](https://www.vaultproject.io/docs/configuration#high-availability-parameters) configuration: - ```shell-session - $ export VAULT_SERVER_HOST= - ``` + - VAULT_AUTH_METHOD_NAME + + We recommend using a concatenation of a `kubernetes-` prefix (to denote the auth method type) with the `DATACENTER` environment variable for this variable. + ```shell-session + $ export VAULT_AUTH_METHOD_NAME=kubernetes-${DATACENTER} + ``` -#### VAULT_ADDR + - VAULT_SERVER_HOST + + We recommend using the external IP address of your Vault cluster for this variable. + + If Vault is installed in a Kubernetes cluster, get the external IP or DNS name of the Vault server load balancer. + + + + On EKS, you can get the hostname of the Vault server's load balancer with the following command: - - **Recommended value:** Connecting to port 8200 of the Vault server + ```shell-session + $ export VAULT_SERVER_HOST=$(kubectl get svc vault-dc1 -o jsonpath='{.status.loadBalancer.ingress[0].hostname}') + ``` + + + + + + On GKE, you can get the IP address of the Vault server's load balancer with the following command: + + ```shell-session + $ export VAULT_SERVER_HOST=$(kubectl get svc vault-dc1 -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + ``` + + + + + + On AKS, you can get the IP address of the Vault server's load balancer with the following command: + + ```shell-session + $ export VAULT_SERVER_HOST=$(kubectl get svc vault-dc1 --output jsonpath='{.status.loadBalancer.ingress[0].ip}') + ``` + + + + + If Vault is not running on Kubernetes, utilize the `api_addr` as defined in the Vault [High Availability Parameters](https://www.vaultproject.io/docs/configuration#high-availability-parameters) configuration: + ```shell-session + $ export VAULT_SERVER_HOST= + ``` + + - VAULT_AUTH_METHOD_NAME + + We recommend connecting to port 8200 of the Vault server. ```shell-session $ export VAULT_ADDR=http://${VAULT_SERVER_HOST}:8200 ``` - -> **Note:** If your vault installation is current exposed using SSL, this address will need to use `https` instead of `http`. You will also need to setup the [`VAULT_CACERT`](https://www.vaultproject.io/docs/commands#vault_cacert) environment variable. + If your vault installation is current exposed using SSL, this address will need to use `https` instead of `http`. You will also need to setup the [`VAULT_CACERT`](https://www.vaultproject.io/docs/commands#vault_cacert) environment variable. -#### VAULT_TOKEN - - - **Recommended value:** Your allocated Vault token. If running Vault in dev mode, this can be set to to `root`. + - VAULT_TOKEN + + We recommend using your allocated Vault token as the value for this variable. If running Vault in dev mode, this can be set to to `root`. ```shell-session - $ export VAULT_ADDR= + $ export VAULT_TOKEN= ``` -### Install Vault Injector in your Consul k8s cluster +## Install Vault Injector in Consul k8s cluster A minimal valid installation of Vault Kubernetes must include the Agent Injector which is utilized for accessing secrets from Vault. Vault servers could be deployed external to Vault on Kubernetes with the [`injector.externalVaultAddr`](https://www.vaultproject.io/docs/platform/k8s/helm/configuration#externalvaultaddr) value in the Vault Helm Configuration. @@ -125,9 +143,7 @@ Issue the Helm `install` command to install the Vault agent injector using the H $ helm install vault-${DATACENTER} -f vault-injector.yaml hashicorp/vault --wait ``` -### Configure the Kubernetes Auth Method in Vault for the datacenter - -#### Enable the Auth Method +## Configure the Kubernetes Auth Method in Vault Ensure that the Vault Kubernetes Auth method is enabled. @@ -135,8 +151,6 @@ Ensure that the Vault Kubernetes Auth method is enabled. $ vault auth enable -path=kubernetes-${DATACENTER} kubernetes ``` -#### Configure Auth Method with JWT token of service account - After enabling the Kubernetes auth method, in Vault, ensure that you have configured the Kubernetes Auth method properly as described in [Kubernetes Auth Method Configuration](https://www.vaultproject.io/docs/auth/kubernetes#configuration). First, while targeting your Consul cluster, get the externally reachable address of the Consul Kubernetes cluster. @@ -157,7 +171,7 @@ $ vault write auth/kubernetes/config \ kubernetes_ca_cert=@/var/run/secrets/kubernetes.io/serviceaccount/ca.crt ``` -#### Enable Vault as the Secrets Backend in the Consul datacenter +## Update Vault Helm chart Finally, you will configure the Consul on Kubernetes helm chart for the datacenter to expect to receive the following values (if you have configured them) to be retrieved from Vault: - ACL Bootstrap token ([`global.acls.bootstrapToken`](/docs/k8s/helm#v-global-acls-bootstraptoken)) - ACL Partition token ([`global.acls.partitionToken`](/docs/k8s/helm#v-global-acls-partitiontoken)) diff --git a/website/content/docs/k8s/installation/vault/wan-federation.mdx b/website/content/docs/k8s/installation/vault/wan-federation.mdx index b454dbec7..37a13d64e 100644 --- a/website/content/docs/k8s/installation/vault/wan-federation.mdx +++ b/website/content/docs/k8s/installation/vault/wan-federation.mdx @@ -78,7 +78,7 @@ In this setup, you will deploy Vault server in the primary datacenter (dc1) Kube - On EKS, you can get the IP address of the Vault server's load balancer with the following command: + On EKS, you can get the hostname of the Vault server's load balancer with the following command: ```shell-session $ export VAULT_SERVER_HOST=$(kubectl get svc vault-dc1 -o jsonpath='{.status.loadBalancer.ingress[0].hostname}') @@ -114,17 +114,18 @@ In this setup, you will deploy Vault server in the primary datacenter (dc1) Kube ``` ## Systems Integration -### Overview -To use Vault as the Service Mesh Certificate Provider in Kubernetes, you must complete following systems integration actions: +There are two main procedures to enable Vault as the service mesh certificate provider in Kubernetes. -- One time setup in Vault +Complete the following steps once: 1. Enabling Vault KV Secrets Engine - Version 2. 1. Enabling Vault PKI Engine. -- Setup per Consul datacenter + +Repeat the following steps for each datacenter in the cluster: 1. Installing the Vault Injector within the Consul datacenter installation 1. Configuring a Kubernetes Auth Method in Vault to authenticate and authorize operations from the Consul datacenter 1. Enable Vault as the Secrets Backend in the Consul datacenter -### One time setup on Vault + +### Configure Vault Secrets engines 1. Enable [Vault KV secrets engine - Version 2](https://www.vaultproject.io/docs/secrets/kv/kv-v2) in order to store the [Gossip Encryption Key](/docs/k8s/helm#v-global-acls-replicationtoken) and the ACL Replication token ([`global.acls.replicationToken`](/docs/k8s/helm#v-global-acls-replicationtoken)). ```shell-session @@ -141,8 +142,7 @@ To use Vault as the Service Mesh Certificate Provider in Kubernetes, you must co $ vault secrets tune -max-lease-ttl=87600h pki ``` -### Setup per Consul datacenter -#### Primary Datacenter (dc1) +### Primary Datacenter (dc1) 1. Install the Vault Injector in your Consul Kubernetes cluster (dc1), which is used for accessing secrets from Vault. -> **Note**: In the primary datacenter (dc1), you will not have to configure `injector.externalvaultaddr` value because the Vault server is in the same primary datacenter (dc1) cluster. @@ -198,7 +198,7 @@ To use Vault as the Service Mesh Certificate Provider in Kubernetes, you must co -#### Secondary Datacenter (dc2) +### Secondary Datacenter (dc2) 1. Install the Vault Injector in the secondary datacenter (dc2). In the secondary datacenter (dc2), you will configure the `externalvaultaddr` value point to the external address of the Vault server in the primary datacenter (dc1). @@ -300,18 +300,17 @@ To use Vault as the Service Mesh Certificate Provider in Kubernetes, you must co ## Data Integration -### Overview -To use Vault as the Service Mesh Certificate Provider in Kubernetes, you must complete following data integration actions: +There are two main procedures for using Vault as the service mesh certificate provider in Kubernetes. - -- One time setup in Vault +Complete the following steps once: 1. Store the secrets in Vault. 1. Create a Vault policy that authorizes the desired level of access to the secrets. -- Setup per Consul datacenter + +Repeat the following steps for each datacenter in the cluster: 1. Create Vault Kubernetes auth roles that link the policy to each Consul on Kubernetes service account that requires access. 1. Update the Consul on Kubernetes helm chart. -### One time setup in Vault +### Secrets and Policies 1. Store the ACL Replication Token, Gossip Encryption Key, and Root CA certificate secrets in Vault. ```shell-session @@ -351,13 +350,12 @@ To use Vault as the Service Mesh Certificate Provider in Kubernetes, you must co EOF ``` -### Setup per Consul datacenter -#### Pre-installation for Primary Datacenter (dc1) +### Pre-installation for Primary Datacenter (dc1) 1. Change your Kubernetes context to target the primary datacenter (dc1): ```shell-session $ kubectl config use-context ``` -#### Primary Datacenter (dc1) +### Primary Datacenter (dc1) 1. Create Server TLS and Service Mesh Cert Policies ```shell-session @@ -491,7 +489,7 @@ To use Vault as the Service Mesh Certificate Provider in Kubernetes, you must co $ helm install consul-dc1 --values consul-dc1.yaml hashicorp/consul ``` -#### Pre-installation for Secondary Datacenter (dc2) +### Pre-installation for Secondary Datacenter (dc2) 1. Update the Consul on Kubernetes helm chart. For secondary datacenter (dc2), you will need to get the address of the mesh gateway from the **primary datacenter (dc1)** cluster. Keep your Kubernetes context targeting dc1 and set the `MESH_GW_HOST` environment variable that you will use in the Consul Helm chart for secondary datacenter (dc2). @@ -532,7 +530,7 @@ To use Vault as the Service Mesh Certificate Provider in Kubernetes, you must co ```shell-session $ kubectl config use-context ``` -#### Secondary Datacenter (dc2) +### Secondary Datacenter (dc2) 1. Create Server TLS and Service Mesh Cert Policies From 5eaab0efcbbfe263a1efabd93e66eb5b9048f6de Mon Sep 17 00:00:00 2001 From: alex <8968914+acpana@users.noreply.github.com> Date: Fri, 15 Jul 2022 09:56:33 -0700 Subject: [PATCH 756/785] peering: add warning about AllowStaleRead (#13768) --- .../tools/proto-gen-rpc-glue/e2e/source.pb.go | 5 ++ .../e2e/source.rpcglue.pb.go.golden | 44 +++++++++++++++ internal/tools/proto-gen-rpc-glue/main.go | 55 +++++++++++++++++++ proto/pbpeering/peering.pb.go | 4 +- proto/pbpeering/peering.proto | 4 +- proto/pbpeering/peering.rpcglue.pb.go | 6 ++ 6 files changed, 114 insertions(+), 4 deletions(-) diff --git a/internal/tools/proto-gen-rpc-glue/e2e/source.pb.go b/internal/tools/proto-gen-rpc-glue/e2e/source.pb.go index 4d24ab328..f90deb206 100644 --- a/internal/tools/proto-gen-rpc-glue/e2e/source.pb.go +++ b/internal/tools/proto-gen-rpc-glue/e2e/source.pb.go @@ -43,6 +43,11 @@ type ExampleReadTODO struct { Value string } +// @consul-rpc-glue: LeaderReadTODO +type ExampleLeaderReadTODO struct { + Value string +} + // @consul-rpc-glue: WriteTODO type ExampleWriteTODO struct { Value string diff --git a/internal/tools/proto-gen-rpc-glue/e2e/source.rpcglue.pb.go.golden b/internal/tools/proto-gen-rpc-glue/e2e/source.rpcglue.pb.go.golden index c4c8e1e7f..4c7b1c361 100644 --- a/internal/tools/proto-gen-rpc-glue/e2e/source.rpcglue.pb.go.golden +++ b/internal/tools/proto-gen-rpc-glue/e2e/source.rpcglue.pb.go.golden @@ -308,6 +308,50 @@ func (msg *ExampleReadTODO) Token() string { return "" } +// IsRead implements structs.RPCInfo +func (msg *ExampleLeaderReadTODO) IsRead() bool { + // TODO(peering): figure out read semantics here + return true +} + +// AllowStaleRead implements structs.RPCInfo +func (msg *ExampleLeaderReadTODO) AllowStaleRead() bool { + // TODO(peering): figure out read semantics here + // TODO(peering): this needs to stay false for calls to head to the leader until we sync stream tracker information + // like ImportedServicesCount, ExportedServicesCount, as well as general Status fields thru raft to make available + // to followers as well + return false +} + +// HasTimedOut implements structs.RPCInfo +func (msg *ExampleLeaderReadTODO) HasTimedOut(start time.Time, rpcHoldTimeout time.Duration, a time.Duration, b time.Duration) (bool, error) { + // TODO(peering): figure out read semantics here + return time.Since(start) > rpcHoldTimeout, nil +} + +// Timeout implements structs.RPCInfo +func (msg *ExampleLeaderReadTODO) Timeout(rpcHoldTimeout time.Duration, a time.Duration, b time.Duration) time.Duration { + // TODO(peering): figure out read semantics here + return rpcHoldTimeout +} + +// SetTokenSecret implements structs.RPCInfo +func (msg *ExampleLeaderReadTODO) SetTokenSecret(s string) { + // TODO(peering): figure out read semantics here +} + +// TokenSecret implements structs.RPCInfo +func (msg *ExampleLeaderReadTODO) TokenSecret() string { + // TODO(peering): figure out read semantics here + return "" +} + +// Token implements structs.RPCInfo +func (msg *ExampleLeaderReadTODO) Token() string { + // TODO(peering): figure out read semantics here + return "" +} + // IsRead implements structs.RPCInfo func (msg *ExampleWriteTODO) IsRead() bool { // TODO(peering): figure out write semantics here diff --git a/internal/tools/proto-gen-rpc-glue/main.go b/internal/tools/proto-gen-rpc-glue/main.go index cbb334039..ec1f2d93c 100644 --- a/internal/tools/proto-gen-rpc-glue/main.go +++ b/internal/tools/proto-gen-rpc-glue/main.go @@ -108,6 +108,9 @@ func processFile(path string) error { if ann.ReadTODO != "" { log.Printf(" ReadTODO from %s", ann.ReadTODO) } + if ann.LeaderReadTODO != "" { + log.Printf(" LeaderReadTODO from %s", ann.ReadTODO) + } if ann.WriteTODO != "" { log.Printf(" WriteTODO from %s", ann.WriteTODO) } @@ -157,6 +160,9 @@ var _ time.Month if typ.Annotation.Datacenter != "" { buf.WriteString(fmt.Sprintf(tmplDatacenter, typ.Name, typ.Annotation.Datacenter)) } + if typ.Annotation.LeaderReadTODO != "" { + buf.WriteString(fmt.Sprintf(tmplLeaderOnlyReadTODO, typ.Name, typ.Annotation.ReadTODO)) + } if typ.Annotation.ReadTODO != "" { buf.WriteString(fmt.Sprintf(tmplReadTODO, typ.Name, typ.Annotation.ReadTODO)) } @@ -266,6 +272,7 @@ type Annotation struct { TargetDatacenter string Datacenter string ReadTODO string + LeaderReadTODO string WriteTODO string } @@ -319,6 +326,8 @@ func getAnnotation(doc []*ast.Comment) (Annotation, error) { ann.ReadTODO = "ReadTODO" case part == "WriteTODO": ann.WriteTODO = "WriteTODO" + case part == "LeaderReadTODO": + ann.LeaderReadTODO = "LeaderReadTODO" default: return Annotation{}, fmt.Errorf("unexpected annotation part: %s", part) @@ -463,6 +472,52 @@ func (msg *%[1]s) Token() string { } ` +const tmplLeaderOnlyReadTODO = ` +// IsRead implements structs.RPCInfo +func (msg *%[1]s) IsRead() bool { + // TODO(peering): figure out read semantics here + return true +} + +// AllowStaleRead implements structs.RPCInfo +func (msg *%[1]s) AllowStaleRead() bool { + // TODO(peering): figure out read semantics here + // TODO(peering): this needs to stay false for calls to head to the leader until we sync stream tracker information + // like ImportedServicesCount, ExportedServicesCount, as well as general Status fields thru raft to make available + // to followers as well + return false +} + +// HasTimedOut implements structs.RPCInfo +func (msg *%[1]s) HasTimedOut(start time.Time, rpcHoldTimeout time.Duration, a time.Duration, b time.Duration) (bool, error) { + // TODO(peering): figure out read semantics here + return time.Since(start) > rpcHoldTimeout, nil +} + +// Timeout implements structs.RPCInfo +func (msg *%[1]s) Timeout(rpcHoldTimeout time.Duration, a time.Duration, b time.Duration) time.Duration { + // TODO(peering): figure out read semantics here + return rpcHoldTimeout +} + +// SetTokenSecret implements structs.RPCInfo +func (msg *%[1]s) SetTokenSecret(s string) { + // TODO(peering): figure out read semantics here +} + +// TokenSecret implements structs.RPCInfo +func (msg *%[1]s) TokenSecret() string { + // TODO(peering): figure out read semantics here + return "" +} + +// Token implements structs.RPCInfo +func (msg *%[1]s) Token() string { + // TODO(peering): figure out read semantics here + return "" +} +` + const tmplReadTODO = ` // IsRead implements structs.RPCInfo func (msg *%[1]s) IsRead() bool { diff --git a/proto/pbpeering/peering.pb.go b/proto/pbpeering/peering.pb.go index 336808b72..8fc14b83e 100644 --- a/proto/pbpeering/peering.pb.go +++ b/proto/pbpeering/peering.pb.go @@ -379,7 +379,7 @@ func (x *PeeringTrustBundle) GetModifyIndex() uint64 { return 0 } -// @consul-rpc-glue: Datacenter,ReadTODO +// @consul-rpc-glue: Datacenter,LeaderReadTODO type PeeringReadRequest struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -490,7 +490,7 @@ func (x *PeeringReadResponse) GetPeering() *Peering { return nil } -// @consul-rpc-glue: Datacenter,ReadTODO +// @consul-rpc-glue: Datacenter,LeaderReadTODO type PeeringListRequest struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache diff --git a/proto/pbpeering/peering.proto b/proto/pbpeering/peering.proto index 62679bbca..44df1df15 100644 --- a/proto/pbpeering/peering.proto +++ b/proto/pbpeering/peering.proto @@ -136,7 +136,7 @@ message PeeringTrustBundle { uint64 ModifyIndex = 7; } -// @consul-rpc-glue: Datacenter,ReadTODO +// @consul-rpc-glue: Datacenter,LeaderReadTODO message PeeringReadRequest { string Name = 1; string Partition = 2; @@ -152,7 +152,7 @@ message PeeringReadResponse { //TODO(peering) query metadata } -// @consul-rpc-glue: Datacenter,ReadTODO +// @consul-rpc-glue: Datacenter,LeaderReadTODO message PeeringListRequest { string Partition = 1; diff --git a/proto/pbpeering/peering.rpcglue.pb.go b/proto/pbpeering/peering.rpcglue.pb.go index 33700e591..4c3c4dff0 100644 --- a/proto/pbpeering/peering.rpcglue.pb.go +++ b/proto/pbpeering/peering.rpcglue.pb.go @@ -29,6 +29,9 @@ func (msg *PeeringReadRequest) IsRead() bool { // AllowStaleRead implements structs.RPCInfo func (msg *PeeringReadRequest) AllowStaleRead() bool { // TODO(peering): figure out read semantics here + // TODO(peering): this needs to stay false for calls to head to the leader until we sync stream tracker information + // like ImportedServicesCount, ExportedServicesCount, as well as general Status fields thru raft to make available + // to followers as well return false } @@ -78,6 +81,9 @@ func (msg *PeeringListRequest) IsRead() bool { // AllowStaleRead implements structs.RPCInfo func (msg *PeeringListRequest) AllowStaleRead() bool { // TODO(peering): figure out read semantics here + // TODO(peering): this needs to stay false for calls to head to the leader until we sync stream tracker information + // like ImportedServicesCount, ExportedServicesCount, as well as general Status fields thru raft to make available + // to followers as well return false } From d9643ca4995285b72c46cf1f9b0c8d9b891bb4c5 Mon Sep 17 00:00:00 2001 From: Evan Culver Date: Fri, 15 Jul 2022 09:58:21 -0700 Subject: [PATCH 757/785] Latest submodule versions (#13750) --- api/go.mod | 2 +- go.mod | 4 ++-- test/integration/consul-container/go.mod | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/api/go.mod b/api/go.mod index 33d9c558c..5511d7d7e 100644 --- a/api/go.mod +++ b/api/go.mod @@ -6,7 +6,7 @@ replace github.com/hashicorp/consul/sdk => ../sdk require ( github.com/google/go-cmp v0.5.7 - github.com/hashicorp/consul/sdk v0.8.0 + github.com/hashicorp/consul/sdk v0.10.0 github.com/hashicorp/go-cleanhttp v0.5.1 github.com/hashicorp/go-hclog v0.12.0 github.com/hashicorp/go-rootcerts v1.0.2 diff --git a/go.mod b/go.mod index 0f71dff66..84e9d1d18 100644 --- a/go.mod +++ b/go.mod @@ -26,8 +26,8 @@ require ( github.com/google/tcpproxy v0.0.0-20180808230851-dfa16c61dad2 github.com/grpc-ecosystem/go-grpc-middleware v1.0.0 github.com/hashicorp/consul-net-rpc v0.0.0-20220307172752-3602954411b4 - github.com/hashicorp/consul/api v1.11.0 - github.com/hashicorp/consul/sdk v0.8.0 + github.com/hashicorp/consul/api v1.13.1 + github.com/hashicorp/consul/sdk v0.10.0 github.com/hashicorp/go-bexpr v0.1.2 github.com/hashicorp/go-checkpoint v0.5.0 github.com/hashicorp/go-cleanhttp v0.5.1 diff --git a/test/integration/consul-container/go.mod b/test/integration/consul-container/go.mod index 182ff2e3a..6290d8141 100644 --- a/test/integration/consul-container/go.mod +++ b/test/integration/consul-container/go.mod @@ -5,7 +5,7 @@ go 1.18 require ( github.com/docker/docker v20.10.11+incompatible github.com/hashicorp/consul/api v1.11.0 - github.com/hashicorp/consul/sdk v0.8.0 + github.com/hashicorp/consul/sdk v0.10.0 github.com/hashicorp/go-uuid v1.0.2 github.com/hashicorp/hcl v1.0.0 github.com/stretchr/testify v1.7.0 From 70ad4804b6be74ebcdc6eb5e4cb1ca640601a5a7 Mon Sep 17 00:00:00 2001 From: alex <8968914+acpana@users.noreply.github.com> Date: Fri, 15 Jul 2022 10:20:43 -0700 Subject: [PATCH 758/785] peering: track imported services (#13718) --- agent/consul/leader_peering_test.go | 277 +++++++++++++++++- .../services/peerstream/replication.go | 33 ++- .../services/peerstream/stream_resources.go | 2 +- .../services/peerstream/stream_test.go | 77 ++++- .../services/peerstream/stream_tracker.go | 33 ++- agent/rpc/peering/service.go | 43 ++- 6 files changed, 422 insertions(+), 43 deletions(-) diff --git a/agent/consul/leader_peering_test.go b/agent/consul/leader_peering_test.go index 222b59279..1587fc30c 100644 --- a/agent/consul/leader_peering_test.go +++ b/agent/consul/leader_peering_test.go @@ -17,6 +17,7 @@ import ( "github.com/hashicorp/consul/proto/pbpeering" "github.com/hashicorp/consul/sdk/testutil/retry" "github.com/hashicorp/consul/testrpc" + "github.com/hashicorp/consul/types" ) func TestLeader_PeeringSync_Lifecycle_ClientDeletion(t *testing.T) { @@ -309,11 +310,6 @@ func insertTestPeeringData(t *testing.T, store *state.Store, peer string, lastId Node: "aaa", PeerName: peer, }, - { - CheckID: structs.SerfCheckID, - Node: "aaa", - PeerName: peer, - }, }, })) @@ -336,11 +332,6 @@ func insertTestPeeringData(t *testing.T, store *state.Store, peer string, lastId Node: "bbb", PeerName: peer, }, - { - CheckID: structs.SerfCheckID, - Node: "bbb", - PeerName: peer, - }, }, })) @@ -363,13 +354,269 @@ func insertTestPeeringData(t *testing.T, store *state.Store, peer string, lastId Node: "ccc", PeerName: peer, }, - { - CheckID: structs.SerfCheckID, - Node: "ccc", - PeerName: peer, - }, }, })) return lastIdx } + +// TODO(peering): once we move away from leader only request for PeeringList, move this test to consul/server_test maybe +func TestLeader_Peering_ImportedServicesCount(t *testing.T) { + if testing.Short() { + t.Skip("too slow for testing.Short") + } + + // TODO(peering): Configure with TLS + _, s1 := testServerWithConfig(t, func(c *Config) { + c.NodeName = "s1.dc1" + c.Datacenter = "dc1" + c.TLSConfig.Domain = "consul" + }) + testrpc.WaitForLeader(t, s1.RPC, "dc1") + + // Create a peering by generating a token + ctx, cancel := context.WithTimeout(context.Background(), 60*time.Second) + t.Cleanup(cancel) + + conn, err := grpc.DialContext(ctx, s1.config.RPCAddr.String(), + grpc.WithContextDialer(newServerDialer(s1.config.RPCAddr.String())), + grpc.WithInsecure(), + grpc.WithBlock()) + require.NoError(t, err) + defer conn.Close() + + peeringClient := pbpeering.NewPeeringServiceClient(conn) + + req := pbpeering.GenerateTokenRequest{ + PeerName: "my-peer-s2", + } + resp, err := peeringClient.GenerateToken(ctx, &req) + require.NoError(t, err) + + tokenJSON, err := base64.StdEncoding.DecodeString(resp.PeeringToken) + require.NoError(t, err) + + var token structs.PeeringToken + require.NoError(t, json.Unmarshal(tokenJSON, &token)) + + var ( + s2PeerID = "cc56f0b8-3885-4e78-8d7b-614a0c45712d" + lastIdx = uint64(0) + ) + + // Bring up s2 and store s1's token so that it attempts to dial. + _, s2 := testServerWithConfig(t, func(c *Config) { + c.NodeName = "s2.dc2" + c.Datacenter = "dc2" + c.PrimaryDatacenter = "dc2" + }) + testrpc.WaitForLeader(t, s2.RPC, "dc2") + + // Simulate a peering initiation event by writing a peering with data from a peering token. + // Eventually the leader in dc2 should dial and connect to the leader in dc1. + p := &pbpeering.Peering{ + ID: s2PeerID, + Name: "my-peer-s1", + PeerID: token.PeerID, + PeerCAPems: token.CA, + PeerServerName: token.ServerName, + PeerServerAddresses: token.ServerAddresses, + } + require.True(t, p.ShouldDial()) + + lastIdx++ + require.NoError(t, s2.fsm.State().PeeringWrite(lastIdx, p)) + + /// add services to S1 to be synced to S2 + lastIdx++ + require.NoError(t, s1.FSM().State().EnsureRegistration(lastIdx, &structs.RegisterRequest{ + ID: types.NodeID(generateUUID()), + Node: "aaa", + Address: "10.0.0.1", + Service: &structs.NodeService{ + Service: "a-service", + ID: "a-service-1", + Port: 8080, + }, + Checks: structs.HealthChecks{ + { + CheckID: "a-service-1-check", + ServiceName: "a-service", + ServiceID: "a-service-1", + Node: "aaa", + }, + }, + })) + + lastIdx++ + require.NoError(t, s1.FSM().State().EnsureRegistration(lastIdx, &structs.RegisterRequest{ + ID: types.NodeID(generateUUID()), + + Node: "bbb", + Address: "10.0.0.2", + Service: &structs.NodeService{ + Service: "b-service", + ID: "b-service-1", + Port: 8080, + }, + Checks: structs.HealthChecks{ + { + CheckID: "b-service-1-check", + ServiceName: "b-service", + ServiceID: "b-service-1", + Node: "bbb", + }, + }, + })) + + lastIdx++ + require.NoError(t, s1.FSM().State().EnsureRegistration(lastIdx, &structs.RegisterRequest{ + ID: types.NodeID(generateUUID()), + + Node: "ccc", + Address: "10.0.0.3", + Service: &structs.NodeService{ + Service: "c-service", + ID: "c-service-1", + Port: 8080, + }, + Checks: structs.HealthChecks{ + { + CheckID: "c-service-1-check", + ServiceName: "c-service", + ServiceID: "c-service-1", + Node: "ccc", + }, + }, + })) + /// finished adding services + + type testCase struct { + name string + description string + exportedService structs.ExportedServicesConfigEntry + expectedImportedServicesCount uint64 + } + + testCases := []testCase{ + { + name: "wildcard", + description: "for a wildcard exported services, we want to see all services synced", + exportedService: structs.ExportedServicesConfigEntry{ + Name: "default", + Services: []structs.ExportedService{ + { + Name: structs.WildcardSpecifier, + Consumers: []structs.ServiceConsumer{ + { + PeerName: "my-peer-s2", + }, + }, + }, + }, + }, + expectedImportedServicesCount: 4, // 3 services from above + the "consul" service + }, + { + name: "no sync", + description: "update the config entry to allow no service sync", + exportedService: structs.ExportedServicesConfigEntry{ + Name: "default", + }, + expectedImportedServicesCount: 0, // we want to see this decremented from 4 --> 0 + }, + { + name: "just a, b services", + description: "export just two services", + exportedService: structs.ExportedServicesConfigEntry{ + Name: "default", + Services: []structs.ExportedService{ + { + Name: "a-service", + Consumers: []structs.ServiceConsumer{ + { + PeerName: "my-peer-s2", + }, + }, + }, + { + Name: "b-service", + Consumers: []structs.ServiceConsumer{ + { + PeerName: "my-peer-s2", + }, + }, + }, + }, + }, + expectedImportedServicesCount: 2, + }, + { + name: "unexport b service", + description: "by unexporting b we want to see the count decrement eventually", + exportedService: structs.ExportedServicesConfigEntry{ + Name: "default", + Services: []structs.ExportedService{ + { + Name: "a-service", + Consumers: []structs.ServiceConsumer{ + { + PeerName: "my-peer-s2", + }, + }, + }, + }, + }, + expectedImportedServicesCount: 1, + }, + { + name: "export c service", + description: "now export the c service and expect the count to increment", + exportedService: structs.ExportedServicesConfigEntry{ + Name: "default", + Services: []structs.ExportedService{ + { + Name: "a-service", + Consumers: []structs.ServiceConsumer{ + { + PeerName: "my-peer-s2", + }, + }, + }, + { + Name: "c-service", + Consumers: []structs.ServiceConsumer{ + { + PeerName: "my-peer-s2", + }, + }, + }, + }, + }, + expectedImportedServicesCount: 2, + }, + } + + conn2, err := grpc.DialContext(ctx, s2.config.RPCAddr.String(), + grpc.WithContextDialer(newServerDialer(s2.config.RPCAddr.String())), + grpc.WithInsecure(), + grpc.WithBlock()) + require.NoError(t, err) + defer conn2.Close() + + peeringClient2 := pbpeering.NewPeeringServiceClient(conn2) + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + lastIdx++ + require.NoError(t, s1.fsm.State().EnsureConfigEntry(lastIdx, &tc.exportedService)) + + retry.Run(t, func(r *retry.R) { + resp2, err := peeringClient2.PeeringList(ctx, &pbpeering.PeeringListRequest{}) + require.NoError(r, err) + require.NotEmpty(r, resp2.Peerings) + require.Equal(r, tc.expectedImportedServicesCount, resp2.Peerings[0].ImportedServiceCount) + }) + }) + } +} diff --git a/agent/grpc-external/services/peerstream/replication.go b/agent/grpc-external/services/peerstream/replication.go index 7ec58b5f4..e21b48a63 100644 --- a/agent/grpc-external/services/peerstream/replication.go +++ b/agent/grpc-external/services/peerstream/replication.go @@ -113,7 +113,9 @@ func marshalToProtoAny[T proto.Message](in any) (*anypb.Any, T, error) { func (s *Server) processResponse( peerName string, partition string, + mutableStatus *MutableStatus, resp *pbpeerstream.ReplicationMessage_Response, + logger hclog.Logger, ) (*pbpeerstream.ReplicationMessage, error) { if !pbpeerstream.KnownTypeURL(resp.ResourceURL) { err := fmt.Errorf("received response for unknown resource type %q", resp.ResourceURL) @@ -137,7 +139,7 @@ func (s *Server) processResponse( ), err } - if err := s.handleUpsert(peerName, partition, resp.ResourceURL, resp.ResourceID, resp.Resource); err != nil { + if err := s.handleUpsert(peerName, partition, mutableStatus, resp.ResourceURL, resp.ResourceID, resp.Resource, logger); err != nil { return makeNACKReply( resp.ResourceURL, resp.Nonce, @@ -149,7 +151,7 @@ func (s *Server) processResponse( return makeACKReply(resp.ResourceURL, resp.Nonce), nil case pbpeerstream.Operation_OPERATION_DELETE: - if err := s.handleDelete(peerName, partition, resp.ResourceURL, resp.ResourceID); err != nil { + if err := s.handleDelete(peerName, partition, mutableStatus, resp.ResourceURL, resp.ResourceID, logger); err != nil { return makeNACKReply( resp.ResourceURL, resp.Nonce, @@ -178,9 +180,11 @@ func (s *Server) processResponse( func (s *Server) handleUpsert( peerName string, partition string, + mutableStatus *MutableStatus, resourceURL string, resourceID string, resource *anypb.Any, + logger hclog.Logger, ) error { switch resourceURL { case pbpeerstream.TypeURLService: @@ -192,7 +196,16 @@ func (s *Server) handleUpsert( return fmt.Errorf("failed to unmarshal resource: %w", err) } - return s.handleUpdateService(peerName, partition, sn, csn) + err := s.handleUpdateService(peerName, partition, sn, csn) + if err != nil { + logger.Error("did not increment imported services count", "service_name", sn.String(), "error", err) + return err + } + + logger.Trace("incrementing imported services count", "service_name", sn.String()) + mutableStatus.TrackImportedService(sn) + + return nil case pbpeerstream.TypeURLRoots: roots := &pbpeering.PeeringTrustBundle{} @@ -425,14 +438,26 @@ func (s *Server) handleUpsertRoots( func (s *Server) handleDelete( peerName string, partition string, + mutableStatus *MutableStatus, resourceURL string, resourceID string, + logger hclog.Logger, ) error { switch resourceURL { case pbpeerstream.TypeURLService: sn := structs.ServiceNameFromString(resourceID) sn.OverridePartition(partition) - return s.handleUpdateService(peerName, partition, sn, nil) + + err := s.handleUpdateService(peerName, partition, sn, nil) + if err != nil { + logger.Error("did not decrement imported services count", "service_name", sn.String(), "error", err) + return err + } + + logger.Trace("decrementing imported services count", "service_name", sn.String()) + mutableStatus.RemoveImportedService(sn) + + return nil default: return fmt.Errorf("unexpected resourceURL: %s", resourceURL) diff --git a/agent/grpc-external/services/peerstream/stream_resources.go b/agent/grpc-external/services/peerstream/stream_resources.go index 611340082..eabd01141 100644 --- a/agent/grpc-external/services/peerstream/stream_resources.go +++ b/agent/grpc-external/services/peerstream/stream_resources.go @@ -302,7 +302,7 @@ func (s *Server) HandleStream(streamReq HandleStreamRequest) error { if resp := msg.GetResponse(); resp != nil { // TODO(peering): Ensure there's a nonce - reply, err := s.processResponse(streamReq.PeerName, streamReq.Partition, resp) + reply, err := s.processResponse(streamReq.PeerName, streamReq.Partition, status, resp, logger) if err != nil { logger.Error("failed to persist resource", "resourceURL", resp.ResourceURL, "resourceID", resp.ResourceID) status.TrackReceiveError(err.Error()) diff --git a/agent/grpc-external/services/peerstream/stream_test.go b/agent/grpc-external/services/peerstream/stream_test.go index de1455a63..612513158 100644 --- a/agent/grpc-external/services/peerstream/stream_test.go +++ b/agent/grpc-external/services/peerstream/stream_test.go @@ -475,6 +475,7 @@ func TestStreamResources_Server_StreamTracker(t *testing.T) { LastNack: lastNack, LastNackMessage: lastNackMsg, LastReceiveSuccess: lastRecvSuccess, + ImportedServices: map[string]struct{}{"api": {}}, } retry.Run(t, func(r *retry.R) { @@ -532,6 +533,7 @@ func TestStreamResources_Server_StreamTracker(t *testing.T) { LastReceiveSuccess: lastRecvSuccess, LastReceiveError: lastRecvError, LastReceiveErrorMessage: lastRecvErrorMsg, + ImportedServices: map[string]struct{}{"api": {}}, } retry.Run(t, func(r *retry.R) { @@ -559,6 +561,7 @@ func TestStreamResources_Server_StreamTracker(t *testing.T) { LastReceiveSuccess: lastRecvSuccess, LastReceiveErrorMessage: io.EOF.Error(), LastReceiveError: lastRecvError, + ImportedServices: map[string]struct{}{"api": {}}, } retry.Run(t, func(r *retry.R) { @@ -968,6 +971,9 @@ func (b *testStreamBackend) CatalogDeregister(req *structs.DeregisterRequest) er } func Test_processResponse_Validation(t *testing.T) { + peerName := "billing" + peerID := "1fabcd52-1d46-49b0-b1d8-71559aee47f5" + type testCase struct { name string in *pbpeerstream.ReplicationMessage_Response @@ -975,10 +981,18 @@ func Test_processResponse_Validation(t *testing.T) { wantErr bool } - srv, _ := newTestServer(t, nil) + srv, store := newTestServer(t, nil) + require.NoError(t, store.PeeringWrite(31, &pbpeering.Peering{ + ID: peerID, + Name: peerName}, + )) + + // connect the stream + mst, err := srv.Tracker.Connected(peerID) + require.NoError(t, err) run := func(t *testing.T, tc testCase) { - reply, err := srv.processResponse("", "", tc.in) + reply, err := srv.processResponse(peerName, "", mst, tc.in, srv.Logger) if tc.wantErr { require.Error(t, err) } else { @@ -1218,8 +1232,8 @@ func expectReplEvents(t *testing.T, client *MockClient, checkFns ...func(t *test } } -func TestHandleUpdateService(t *testing.T) { - srv, _ := newTestServer(t, func(c *Config) { +func Test_processResponse_handleUpsert_handleDelete(t *testing.T) { + srv, store := newTestServer(t, func(c *Config) { backend := c.Backend.(*testStreamBackend) backend.leader = func() bool { return false @@ -1227,13 +1241,15 @@ func TestHandleUpdateService(t *testing.T) { }) type testCase struct { - name string - seed []*structs.RegisterRequest - input *pbservice.IndexedCheckServiceNodes - expect map[string]structs.CheckServiceNodes + name string + seed []*structs.RegisterRequest + input *pbservice.IndexedCheckServiceNodes + expect map[string]structs.CheckServiceNodes + expectedImportedServicesCount int } peerName := "billing" + peerID := "1fabcd52-1d46-49b0-b1d8-71559aee47f5" remoteMeta := pbcommon.NewEnterpriseMetaFromStructs(*structs.DefaultEnterpriseMetaInPartition("billing-ap")) // "api" service is imported from the billing-ap partition, corresponding to the billing peer. @@ -1241,14 +1257,43 @@ func TestHandleUpdateService(t *testing.T) { defaultMeta := *acl.DefaultEnterpriseMeta() apiSN := structs.NewServiceName("api", &defaultMeta) + // create a peering in the state store + require.NoError(t, store.PeeringWrite(31, &pbpeering.Peering{ + ID: peerID, + Name: peerName}, + )) + + // connect the stream + mst, err := srv.Tracker.Connected(peerID) + require.NoError(t, err) + run := func(t *testing.T, tc testCase) { // Seed the local catalog with some data to reconcile against. + // and increment the tracker's imported services count for _, reg := range tc.seed { require.NoError(t, srv.Backend.CatalogRegister(reg)) + + mst.TrackImportedService(reg.Service.CompoundServiceName()) + } + + var op pbpeerstream.Operation + if len(tc.input.Nodes) == 0 { + op = pbpeerstream.Operation_OPERATION_DELETE + } else { + op = pbpeerstream.Operation_OPERATION_UPSERT + } + + in := &pbpeerstream.ReplicationMessage_Response{ + ResourceURL: pbpeerstream.TypeURLService, + ResourceID: apiSN.String(), + Nonce: "1", + Operation: op, + Resource: makeAnyPB(t, tc.input), } // Simulate an update arriving for billing/api. - require.NoError(t, srv.handleUpdateService(peerName, acl.DefaultPartitionName, apiSN, tc.input)) + _, err = srv.processResponse(peerName, acl.DefaultPartitionName, mst, in, srv.Logger) + require.NoError(t, err) for svc, expect := range tc.expect { t.Run(svc, func(t *testing.T) { @@ -1257,6 +1302,9 @@ func TestHandleUpdateService(t *testing.T) { requireEqualInstances(t, expect, got) }) } + + // assert the imported services count modifications + require.Equal(t, tc.expectedImportedServicesCount, mst.GetImportedServicesCount()) } tt := []testCase{ @@ -1390,6 +1438,7 @@ func TestHandleUpdateService(t *testing.T) { }, }, }, + expectedImportedServicesCount: 1, }, { name: "upsert two service instances to different nodes", @@ -1521,6 +1570,7 @@ func TestHandleUpdateService(t *testing.T) { }, }, }, + expectedImportedServicesCount: 1, }, { name: "receiving a nil input leads to deleting data in the catalog", @@ -1574,10 +1624,11 @@ func TestHandleUpdateService(t *testing.T) { }, }, }, - input: nil, + input: &pbservice.IndexedCheckServiceNodes{}, expect: map[string]structs.CheckServiceNodes{ "api": {}, }, + expectedImportedServicesCount: 0, }, { name: "deleting one service name from a node does not delete other service names", @@ -1632,7 +1683,7 @@ func TestHandleUpdateService(t *testing.T) { }, }, // Nil input is for the "api" service. - input: nil, + input: &pbservice.IndexedCheckServiceNodes{}, expect: map[string]structs.CheckServiceNodes{ "api": {}, // Existing redis service was not affected by deletion. @@ -1668,6 +1719,7 @@ func TestHandleUpdateService(t *testing.T) { }, }, }, + expectedImportedServicesCount: 1, }, { name: "service checks are cleaned up when not present in a response", @@ -1738,6 +1790,7 @@ func TestHandleUpdateService(t *testing.T) { }, }, }, + expectedImportedServicesCount: 2, }, { name: "node checks are cleaned up when not present in a response", @@ -1872,6 +1925,7 @@ func TestHandleUpdateService(t *testing.T) { }, }, }, + expectedImportedServicesCount: 2, }, { name: "replacing a service instance on a node cleans up the old instance", @@ -2019,6 +2073,7 @@ func TestHandleUpdateService(t *testing.T) { }, }, }, + expectedImportedServicesCount: 2, }, } diff --git a/agent/grpc-external/services/peerstream/stream_tracker.go b/agent/grpc-external/services/peerstream/stream_tracker.go index 5ec0f7ebf..4d4c8746c 100644 --- a/agent/grpc-external/services/peerstream/stream_tracker.go +++ b/agent/grpc-external/services/peerstream/stream_tracker.go @@ -4,9 +4,11 @@ import ( "fmt" "sync" "time" + + "github.com/hashicorp/consul/agent/structs" ) -// Tracker contains a map of (PeerID -> Status). +// Tracker contains a map of (PeerID -> MutableStatus). // As streams are opened and closed we track details about their status. type Tracker struct { mu sync.RWMutex @@ -142,6 +144,10 @@ type Status struct { // - The error message when we failed to store a resource replicated FROM the peer. // - The last error message when receiving from the stream. LastReceiveErrorMessage string + + // TODO(peering): consider keeping track of imported service counts thru raft + // ImportedServices is set that keeps track of which service names are imported for the peer + ImportedServices map[string]struct{} } func newMutableStatus(now func() time.Time) *MutableStatus { @@ -222,3 +228,28 @@ func (s *MutableStatus) GetStatus() Status { return copy } + +func (s *MutableStatus) RemoveImportedService(sn structs.ServiceName) { + s.mu.Lock() + defer s.mu.Unlock() + + delete(s.ImportedServices, sn.String()) +} + +func (s *MutableStatus) TrackImportedService(sn structs.ServiceName) { + s.mu.Lock() + defer s.mu.Unlock() + + if s.ImportedServices == nil { + s.ImportedServices = make(map[string]struct{}) + } + + s.ImportedServices[sn.String()] = struct{}{} +} + +func (s *MutableStatus) GetImportedServicesCount() int { + s.mu.RLock() + defer s.mu.RUnlock() + + return len(s.ImportedServices) +} diff --git a/agent/rpc/peering/service.go b/agent/rpc/peering/service.go index 94b7d73a3..47e39c2b7 100644 --- a/agent/rpc/peering/service.go +++ b/agent/rpc/peering/service.go @@ -337,7 +337,17 @@ func (s *Server) PeeringRead(ctx context.Context, req *pbpeering.PeeringReadRequ if peering == nil { return &pbpeering.PeeringReadResponse{Peering: nil}, nil } + cp := copyPeeringWithNewState(peering, s.reconciledStreamStateHint(peering.ID, peering.State)) + + // add imported services count + st, found := s.Tracker.StreamStatus(peering.ID) + if !found { + s.Logger.Trace("did not find peer in stream tracker when reading peer", "peerID", peering.ID) + } else { + cp.ImportedServiceCount = uint64(len(st.ImportedServices)) + } + return &pbpeering.PeeringReadResponse{Peering: cp}, nil } @@ -369,6 +379,15 @@ func (s *Server) PeeringList(ctx context.Context, req *pbpeering.PeeringListRequ var cPeerings []*pbpeering.Peering for _, p := range peerings { cp := copyPeeringWithNewState(p, s.reconciledStreamStateHint(p.ID, p.State)) + + // add imported services count + st, found := s.Tracker.StreamStatus(p.ID) + if !found { + s.Logger.Trace("did not find peer in stream tracker when listing peers", "peerID", p.ID) + } else { + cp.ImportedServiceCount = uint64(len(st.ImportedServices)) + } + cPeerings = append(cPeerings, cp) } return &pbpeering.PeeringListResponse{Peerings: cPeerings}, nil @@ -586,17 +605,19 @@ func (s *Server) getExistingOrCreateNewPeerID(peerName, partition string) (strin func copyPeeringWithNewState(p *pbpeering.Peering, state pbpeering.PeeringState) *pbpeering.Peering { return &pbpeering.Peering{ - ID: p.ID, - Name: p.Name, - Partition: p.Partition, - DeletedAt: p.DeletedAt, - Meta: p.Meta, - PeerID: p.PeerID, - PeerCAPems: p.PeerCAPems, - PeerServerAddresses: p.PeerServerAddresses, - PeerServerName: p.PeerServerName, - CreateIndex: p.CreateIndex, - ModifyIndex: p.ModifyIndex, + ID: p.ID, + Name: p.Name, + Partition: p.Partition, + DeletedAt: p.DeletedAt, + Meta: p.Meta, + PeerID: p.PeerID, + PeerCAPems: p.PeerCAPems, + PeerServerAddresses: p.PeerServerAddresses, + PeerServerName: p.PeerServerName, + CreateIndex: p.CreateIndex, + ModifyIndex: p.ModifyIndex, + ImportedServiceCount: p.ImportedServiceCount, + ExportedServiceCount: p.ExportedServiceCount, State: state, } From 61ebb380926cf809dab4090222be53461c40106c Mon Sep 17 00:00:00 2001 From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com> Date: Fri, 15 Jul 2022 13:15:50 -0500 Subject: [PATCH 759/785] server: ensure peer replication can successfully use TLS over external gRPC (#13733) Ensure that the peer stream replication rpc can successfully be used with TLS activated. Also: - If key material is configured for the gRPC port but HTTPS is not enabled now TLS will still be activated for the gRPC port. - peerstream replication stream opened by the establishing-side will now ignore grpc.WithBlock so that TLS errors will bubble up instead of being awkwardly delayed or suppressed --- agent/agent.go | 7 +- agent/consul/leader_peering.go | 19 ++- agent/consul/leader_peering_test.go | 152 +++++++++++++++++- agent/consul/peering_backend.go | 2 +- agent/consul/server_test.go | 4 +- .../services/peerstream/stream_tracker.go | 33 +++- agent/rpc/peering/service_test.go | 2 +- .../envoy/case-wanfed-gw/primary/common.hcl | 16 +- .../envoy/case-wanfed-gw/primary/server.hcl | 16 +- .../envoy/case-wanfed-gw/secondary/common.hcl | 16 +- tlsutil/config.go | 9 +- .../docs/agent/config/config-files.mdx | 2 - .../docs/upgrading/upgrade-specific.mdx | 12 ++ 13 files changed, 244 insertions(+), 46 deletions(-) diff --git a/agent/agent.go b/agent/agent.go index 5412436e5..4b78b69a9 100644 --- a/agent/agent.go +++ b/agent/agent.go @@ -761,12 +761,7 @@ func (a *Agent) Failed() <-chan struct{} { } func (a *Agent) buildExternalGRPCServer() { - // TLS is only enabled on the gRPC server if there's an HTTPS port configured. - var tls *tlsutil.Configurator - if a.config.HTTPSPort > 0 { - tls = a.tlsConfigurator - } - a.externalGRPCServer = external.NewServer(a.logger.Named("grpc.external"), tls) + a.externalGRPCServer = external.NewServer(a.logger.Named("grpc.external"), a.tlsConfigurator) } func (a *Agent) listenAndServeGRPC() error { diff --git a/agent/consul/leader_peering.go b/agent/consul/leader_peering.go index 49369bbf7..28a8397df 100644 --- a/agent/consul/leader_peering.go +++ b/agent/consul/leader_peering.go @@ -6,6 +6,7 @@ import ( "crypto/tls" "crypto/x509" "fmt" + "time" "github.com/hashicorp/go-hclog" "github.com/hashicorp/go-memdb" @@ -14,6 +15,7 @@ import ( "golang.org/x/time/rate" "google.golang.org/grpc" "google.golang.org/grpc/credentials" + "google.golang.org/grpc/keepalive" "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/consul/state" @@ -225,6 +227,11 @@ func (s *Server) establishStream(ctx context.Context, logger hclog.Logger, peer retryCtx, cancel := context.WithCancel(ctx) cancelFns[peer.ID] = cancel + streamStatus, err := s.peerStreamTracker.Register(peer.ID) + if err != nil { + return fmt.Errorf("failed to register stream: %v", err) + } + // Establish a stream-specific retry so that retrying stream/conn errors isn't dependent on state store changes. go retryLoopBackoff(retryCtx, func() error { // Try a new address on each iteration by advancing the ring buffer on errors. @@ -238,8 +245,15 @@ func (s *Server) establishStream(ctx context.Context, logger hclog.Logger, peer logger.Trace("dialing peer", "addr", addr) conn, err := grpc.DialContext(retryCtx, addr, - grpc.WithBlock(), + // TODO(peering): use a grpc.WithStatsHandler here?) tlsOption, + // For keep alive parameters there is a larger comment in ClientConnPool.dial about that. + grpc.WithKeepaliveParams(keepalive.ClientParameters{ + Time: 30 * time.Second, + Timeout: 10 * time.Second, + // send keepalive pings even if there is no active streams + PermitWithoutStream: true, + }), ) if err != nil { return fmt.Errorf("failed to dial: %w", err) @@ -277,8 +291,7 @@ func (s *Server) establishStream(ctx context.Context, logger hclog.Logger, peer return err }, func(err error) { - // TODO(peering): These errors should be reported in the peer status, otherwise they're only in the logs. - // Lockable status isn't available here though. Could report it via the peering.Service? + streamStatus.TrackSendError(err.Error()) logger.Error("error managing peering stream", "peer_id", peer.ID, "error", err) }) diff --git a/agent/consul/leader_peering_test.go b/agent/consul/leader_peering_test.go index 1587fc30c..33ef26d61 100644 --- a/agent/consul/leader_peering_test.go +++ b/agent/consul/leader_peering_test.go @@ -4,6 +4,7 @@ import ( "context" "encoding/base64" "encoding/json" + "io/ioutil" "testing" "time" @@ -21,15 +22,27 @@ import ( ) func TestLeader_PeeringSync_Lifecycle_ClientDeletion(t *testing.T) { + t.Run("without-tls", func(t *testing.T) { + testLeader_PeeringSync_Lifecycle_ClientDeletion(t, false) + }) + t.Run("with-tls", func(t *testing.T) { + testLeader_PeeringSync_Lifecycle_ClientDeletion(t, true) + }) +} +func testLeader_PeeringSync_Lifecycle_ClientDeletion(t *testing.T, enableTLS bool) { if testing.Short() { t.Skip("too slow for testing.Short") } - // TODO(peering): Configure with TLS _, s1 := testServerWithConfig(t, func(c *Config) { - c.NodeName = "s1.dc1" + c.NodeName = "bob" c.Datacenter = "dc1" c.TLSConfig.Domain = "consul" + if enableTLS { + c.TLSConfig.GRPC.CAFile = "../../test/hostname/CertAuth.crt" + c.TLSConfig.GRPC.CertFile = "../../test/hostname/Bob.crt" + c.TLSConfig.GRPC.KeyFile = "../../test/hostname/Bob.key" + } }) testrpc.WaitForLeader(t, s1.RPC, "dc1") @@ -69,9 +82,14 @@ func TestLeader_PeeringSync_Lifecycle_ClientDeletion(t *testing.T) { // Bring up s2 and store s1's token so that it attempts to dial. _, s2 := testServerWithConfig(t, func(c *Config) { - c.NodeName = "s2.dc2" + c.NodeName = "betty" c.Datacenter = "dc2" c.PrimaryDatacenter = "dc2" + if enableTLS { + c.TLSConfig.GRPC.CAFile = "../../test/hostname/CertAuth.crt" + c.TLSConfig.GRPC.CertFile = "../../test/hostname/Betty.crt" + c.TLSConfig.GRPC.KeyFile = "../../test/hostname/Betty.key" + } }) testrpc.WaitForLeader(t, s2.RPC, "dc2") @@ -121,15 +139,27 @@ func TestLeader_PeeringSync_Lifecycle_ClientDeletion(t *testing.T) { } func TestLeader_PeeringSync_Lifecycle_ServerDeletion(t *testing.T) { + t.Run("without-tls", func(t *testing.T) { + testLeader_PeeringSync_Lifecycle_ServerDeletion(t, false) + }) + t.Run("with-tls", func(t *testing.T) { + testLeader_PeeringSync_Lifecycle_ServerDeletion(t, true) + }) +} +func testLeader_PeeringSync_Lifecycle_ServerDeletion(t *testing.T, enableTLS bool) { if testing.Short() { t.Skip("too slow for testing.Short") } - // TODO(peering): Configure with TLS _, s1 := testServerWithConfig(t, func(c *Config) { - c.NodeName = "s1.dc1" + c.NodeName = "bob" c.Datacenter = "dc1" c.TLSConfig.Domain = "consul" + if enableTLS { + c.TLSConfig.GRPC.CAFile = "../../test/hostname/CertAuth.crt" + c.TLSConfig.GRPC.CertFile = "../../test/hostname/Bob.crt" + c.TLSConfig.GRPC.KeyFile = "../../test/hostname/Bob.key" + } }) testrpc.WaitForLeader(t, s1.RPC, "dc1") @@ -165,9 +195,14 @@ func TestLeader_PeeringSync_Lifecycle_ServerDeletion(t *testing.T) { // Bring up s2 and store s1's token so that it attempts to dial. _, s2 := testServerWithConfig(t, func(c *Config) { - c.NodeName = "s2.dc2" + c.NodeName = "betty" c.Datacenter = "dc2" c.PrimaryDatacenter = "dc2" + if enableTLS { + c.TLSConfig.GRPC.CAFile = "../../test/hostname/CertAuth.crt" + c.TLSConfig.GRPC.CertFile = "../../test/hostname/Betty.crt" + c.TLSConfig.GRPC.KeyFile = "../../test/hostname/Betty.key" + } }) testrpc.WaitForLeader(t, s2.RPC, "dc2") @@ -216,6 +251,111 @@ func TestLeader_PeeringSync_Lifecycle_ServerDeletion(t *testing.T) { }) } +func TestLeader_PeeringSync_FailsForTLSError(t *testing.T) { + if testing.Short() { + t.Skip("too slow for testing.Short") + } + + t.Run("server-name-validation", func(t *testing.T) { + testLeader_PeeringSync_failsForTLSError(t, func(p *pbpeering.Peering) { + p.PeerServerName = "wrong.name" + }, `transport: authentication handshake failed: x509: certificate is valid for server.dc1.consul, bob.server.dc1.consul, not wrong.name`) + }) + t.Run("bad-ca-roots", func(t *testing.T) { + wrongRoot, err := ioutil.ReadFile("../../test/client_certs/rootca.crt") + require.NoError(t, err) + + testLeader_PeeringSync_failsForTLSError(t, func(p *pbpeering.Peering) { + p.PeerCAPems = []string{string(wrongRoot)} + }, `transport: authentication handshake failed: x509: certificate signed by unknown authority`) + }) +} + +func testLeader_PeeringSync_failsForTLSError(t *testing.T, peerMutateFn func(p *pbpeering.Peering), expectErr string) { + require.NotNil(t, peerMutateFn) + + _, s1 := testServerWithConfig(t, func(c *Config) { + c.NodeName = "bob" + c.Datacenter = "dc1" + c.TLSConfig.Domain = "consul" + + c.TLSConfig.GRPC.CAFile = "../../test/hostname/CertAuth.crt" + c.TLSConfig.GRPC.CertFile = "../../test/hostname/Bob.crt" + c.TLSConfig.GRPC.KeyFile = "../../test/hostname/Bob.key" + }) + testrpc.WaitForLeader(t, s1.RPC, "dc1") + + // Create a peering by generating a token + ctx, cancel := context.WithTimeout(context.Background(), 3*time.Second) + t.Cleanup(cancel) + + conn, err := grpc.DialContext(ctx, s1.config.RPCAddr.String(), + grpc.WithContextDialer(newServerDialer(s1.config.RPCAddr.String())), + grpc.WithInsecure(), + grpc.WithBlock()) + require.NoError(t, err) + defer conn.Close() + + peeringClient := pbpeering.NewPeeringServiceClient(conn) + + req := pbpeering.GenerateTokenRequest{ + PeerName: "my-peer-s2", + } + resp, err := peeringClient.GenerateToken(ctx, &req) + require.NoError(t, err) + + tokenJSON, err := base64.StdEncoding.DecodeString(resp.PeeringToken) + require.NoError(t, err) + + var token structs.PeeringToken + require.NoError(t, json.Unmarshal(tokenJSON, &token)) + + // S1 should not have a stream tracked for dc2 because s1 generated a token + // for baz, and therefore needs to wait to be dialed. + time.Sleep(1 * time.Second) + _, found := s1.peerStreamServer.StreamStatus(token.PeerID) + require.False(t, found) + + var ( + s2PeerID = "cc56f0b8-3885-4e78-8d7b-614a0c45712d" + ) + + // Bring up s2 and store s1's token so that it attempts to dial. + _, s2 := testServerWithConfig(t, func(c *Config) { + c.NodeName = "betty" + c.Datacenter = "dc2" + c.PrimaryDatacenter = "dc2" + + c.TLSConfig.GRPC.CAFile = "../../test/hostname/CertAuth.crt" + c.TLSConfig.GRPC.CertFile = "../../test/hostname/Betty.crt" + c.TLSConfig.GRPC.KeyFile = "../../test/hostname/Betty.key" + }) + testrpc.WaitForLeader(t, s2.RPC, "dc2") + + // Simulate a peering initiation event by writing a peering with data from a peering token. + // Eventually the leader in dc2 should dial and connect to the leader in dc1. + p := &pbpeering.Peering{ + ID: s2PeerID, + Name: "my-peer-s1", + PeerID: token.PeerID, + PeerCAPems: token.CA, + PeerServerName: token.ServerName, + PeerServerAddresses: token.ServerAddresses, + } + peerMutateFn(p) + require.True(t, p.ShouldDial()) + + // We maintain a pointer to the peering on the write so that we can get the ID without needing to re-query the state store. + require.NoError(t, s2.fsm.State().PeeringWrite(1000, p)) + + retry.Run(t, func(r *retry.R) { + status, found := s2.peerStreamTracker.StreamStatus(p.ID) + require.True(r, found) + require.False(r, status.Connected) + require.Contains(r, status.LastSendErrorMessage, expectErr) + }) +} + func TestLeader_Peering_DeferredDeletion(t *testing.T) { if testing.Short() { t.Skip("too slow for testing.Short") diff --git a/agent/consul/peering_backend.go b/agent/consul/peering_backend.go index 4014bbdd2..589b4e95b 100644 --- a/agent/consul/peering_backend.go +++ b/agent/consul/peering_backend.go @@ -52,7 +52,7 @@ func (b *PeeringBackend) GetLeaderAddress() string { // GetAgentCACertificates gets the server's raw CA data from its TLS Configurator. func (b *PeeringBackend) GetAgentCACertificates() ([]string, error) { // TODO(peering): handle empty CA pems - return b.srv.tlsConfigurator.ManualCAPems(), nil + return b.srv.tlsConfigurator.GRPCManualCAPems(), nil } // GetServerAddresses looks up server node addresses from the state store. diff --git a/agent/consul/server_test.go b/agent/consul/server_test.go index 77f761f68..b9f9cc4f1 100644 --- a/agent/consul/server_test.go +++ b/agent/consul/server_test.go @@ -25,6 +25,7 @@ import ( "github.com/hashicorp/consul-net-rpc/net/rpc" "github.com/hashicorp/consul/agent/connect" + external "github.com/hashicorp/consul/agent/grpc-external" "github.com/hashicorp/consul/agent/metadata" "github.com/hashicorp/consul/agent/rpc/middleware" "github.com/hashicorp/consul/agent/structs" @@ -299,8 +300,7 @@ func newServerWithDeps(t *testing.T, c *Config, deps Deps) (*Server, error) { } } - srv, err := NewServer(c, deps, grpc.NewServer()) - + srv, err := NewServer(c, deps, external.NewServer(deps.Logger.Named("grpc.external"), deps.TLSConfigurator)) if err != nil { return nil, err } diff --git a/agent/grpc-external/services/peerstream/stream_tracker.go b/agent/grpc-external/services/peerstream/stream_tracker.go index 4d4c8746c..4244bbe09 100644 --- a/agent/grpc-external/services/peerstream/stream_tracker.go +++ b/agent/grpc-external/services/peerstream/stream_tracker.go @@ -33,16 +33,37 @@ func (t *Tracker) SetClock(clock func() time.Time) { } } +// Register a stream for a given peer but do not mark it as connected. +func (t *Tracker) Register(id string) (*MutableStatus, error) { + t.mu.Lock() + defer t.mu.Unlock() + status, _, err := t.registerLocked(id, false) + return status, err +} + +func (t *Tracker) registerLocked(id string, initAsConnected bool) (*MutableStatus, bool, error) { + status, ok := t.streams[id] + if !ok { + status = newMutableStatus(t.timeNow, initAsConnected) + t.streams[id] = status + return status, true, nil + } + return status, false, nil +} + // Connected registers a stream for a given peer, and marks it as connected. // It also enforces that there is only one active stream for a peer. func (t *Tracker) Connected(id string) (*MutableStatus, error) { t.mu.Lock() defer t.mu.Unlock() + return t.connectedLocked(id) +} - status, ok := t.streams[id] - if !ok { - status = newMutableStatus(t.timeNow) - t.streams[id] = status +func (t *Tracker) connectedLocked(id string) (*MutableStatus, error) { + status, newlyRegistered, err := t.registerLocked(id, true) + if err != nil { + return nil, err + } else if newlyRegistered { return status, nil } @@ -150,10 +171,10 @@ type Status struct { ImportedServices map[string]struct{} } -func newMutableStatus(now func() time.Time) *MutableStatus { +func newMutableStatus(now func() time.Time, connected bool) *MutableStatus { return &MutableStatus{ Status: Status{ - Connected: true, + Connected: connected, }, timeNow: now, doneCh: make(chan struct{}), diff --git a/agent/rpc/peering/service_test.go b/agent/rpc/peering/service_test.go index 6a8f32915..e4ab2947a 100644 --- a/agent/rpc/peering/service_test.go +++ b/agent/rpc/peering/service_test.go @@ -59,7 +59,7 @@ func TestPeeringService_GenerateToken(t *testing.T) { // TODO(peering): see note on newTestServer, refactor to not use this s := newTestServer(t, func(c *consul.Config) { c.SerfLANConfig.MemberlistConfig.AdvertiseAddr = "127.0.0.1" - c.TLSConfig.InternalRPC.CAFile = cafile + c.TLSConfig.GRPC.CAFile = cafile c.DataDir = dir }) client := pbpeering.NewPeeringServiceClient(s.ClientConn(t)) diff --git a/test/integration/connect/envoy/case-wanfed-gw/primary/common.hcl b/test/integration/connect/envoy/case-wanfed-gw/primary/common.hcl index c8c086fb4..d586b280b 100644 --- a/test/integration/connect/envoy/case-wanfed-gw/primary/common.hcl +++ b/test/integration/connect/envoy/case-wanfed-gw/primary/common.hcl @@ -1,6 +1,10 @@ -ca_file = "/workdir/primary/tls/consul-agent-ca.pem" -cert_file = "/workdir/primary/tls/primary-server-consul-0.pem" -key_file = "/workdir/primary/tls/primary-server-consul-0-key.pem" -verify_incoming = true -verify_outgoing = true -verify_server_hostname = true +tls { + internal_rpc { + ca_file = "/workdir/primary/tls/consul-agent-ca.pem" + cert_file = "/workdir/primary/tls/primary-server-consul-0.pem" + key_file = "/workdir/primary/tls/primary-server-consul-0-key.pem" + verify_incoming = true + verify_outgoing = true + verify_server_hostname = true + } +} diff --git a/test/integration/connect/envoy/case-wanfed-gw/primary/server.hcl b/test/integration/connect/envoy/case-wanfed-gw/primary/server.hcl index f3c0bc000..8dd5b39dc 100644 --- a/test/integration/connect/envoy/case-wanfed-gw/primary/server.hcl +++ b/test/integration/connect/envoy/case-wanfed-gw/primary/server.hcl @@ -3,9 +3,13 @@ connect { enabled = true enable_mesh_gateway_wan_federation = true } -ca_file = "/workdir/primary/tls/consul-agent-ca.pem" -cert_file = "/workdir/primary/tls/primary-server-consul-0.pem" -key_file = "/workdir/primary/tls/primary-server-consul-0-key.pem" -verify_incoming = true -verify_outgoing = true -verify_server_hostname = true +tls { + internal_rpc { + ca_file = "/workdir/primary/tls/consul-agent-ca.pem" + cert_file = "/workdir/primary/tls/primary-server-consul-0.pem" + key_file = "/workdir/primary/tls/primary-server-consul-0-key.pem" + verify_incoming = true + verify_outgoing = true + verify_server_hostname = true + } +} diff --git a/test/integration/connect/envoy/case-wanfed-gw/secondary/common.hcl b/test/integration/connect/envoy/case-wanfed-gw/secondary/common.hcl index 36bfc41c3..8e536a87a 100644 --- a/test/integration/connect/envoy/case-wanfed-gw/secondary/common.hcl +++ b/test/integration/connect/envoy/case-wanfed-gw/secondary/common.hcl @@ -1,6 +1,10 @@ -ca_file = "/workdir/secondary/tls/consul-agent-ca.pem" -cert_file = "/workdir/secondary/tls/secondary-server-consul-0.pem" -key_file = "/workdir/secondary/tls/secondary-server-consul-0-key.pem" -verify_incoming = true -verify_outgoing = true -verify_server_hostname = true +tls { + internal_rpc { + ca_file = "/workdir/secondary/tls/consul-agent-ca.pem" + cert_file = "/workdir/secondary/tls/secondary-server-consul-0.pem" + key_file = "/workdir/secondary/tls/secondary-server-consul-0-key.pem" + verify_incoming = true + verify_outgoing = true + verify_server_hostname = true + } +} diff --git a/tlsutil/config.go b/tlsutil/config.go index da85c2e72..7c9e6d2ad 100644 --- a/tlsutil/config.go +++ b/tlsutil/config.go @@ -88,7 +88,7 @@ type ProtocolConfig struct { // certificate authority. This is used to verify authenticity of server // nodes. // - // Note: this setting doesn't apply to the gRPC configuration, as Consul + // Note: this setting doesn't apply to the external gRPC configuration, as Consul // makes no outgoing connections using this protocol. VerifyOutgoing bool @@ -233,6 +233,13 @@ func (c *Configurator) ManualCAPems() []string { return c.internalRPC.manualCAPEMs } +// GRPCManualCAPems returns the currently loaded CAs for the gRPC in PEM format. +func (c *Configurator) GRPCManualCAPems() []string { + c.lock.RLock() + defer c.lock.RUnlock() + return c.grpc.manualCAPEMs +} + // Update updates the internal configuration which is used to generate // *tls.Config. // This function acquires a write lock because it writes the new config. diff --git a/website/content/docs/agent/config/config-files.mdx b/website/content/docs/agent/config/config-files.mdx index 5fb0c849c..4506d80ff 100644 --- a/website/content/docs/agent/config/config-files.mdx +++ b/website/content/docs/agent/config/config-files.mdx @@ -1998,8 +1998,6 @@ specially crafted certificate signed by the CA can be used to gain full access t - `grpc` ((#tls_grpc)) Provides settings for the gRPC/xDS interface. To enable the gRPC interface you must define a port via [`ports.grpc`](#grpc_port). - To enable TLS on the gRPC interface you also must define an HTTPS port via - [`ports.https`](#https_port). - `ca_file` ((#tls_grpc_ca_file)) Overrides [`tls.defaults.ca_file`](#tls_defaults_ca_file). diff --git a/website/content/docs/upgrading/upgrade-specific.mdx b/website/content/docs/upgrading/upgrade-specific.mdx index a9a72c3f9..ec0cf54d5 100644 --- a/website/content/docs/upgrading/upgrade-specific.mdx +++ b/website/content/docs/upgrading/upgrade-specific.mdx @@ -16,6 +16,18 @@ upgrade flow. ## Consul 1.13.0 +### gRPC TLS + +In prior Consul versions if HTTPS was enabled for the client API and exposed +via `ports { https = NUMBER }` then the same TLS material was used to encrypt +the gRPC port used for xDS. Now this is decoupled and activating TLS on the +gRPC endpoint is controlled solely with the gRPC section of the new +[`tls` stanza](/docs/agent/config/config-files#tls-configuration-reference). + +If you have not yet switched to the new `tls` stanza and were NOT using HTTPS +for the API then updating to Consul 1.13 will activate TLS for gRPC since the +deprecated TLS settings are used as defaults. + ### 1.9 Telemetry Compatibility #### Removing configuration options From 743cecc559139d4008ff5f8cbdd16ffa72acae43 Mon Sep 17 00:00:00 2001 From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com> Date: Fri, 15 Jul 2022 13:24:22 -0500 Subject: [PATCH 760/785] test: fix flaky test TestAPI_CatalogNodes (#13779) --- api/catalog_test.go | 58 +++++++++++++++++++-------------------------- 1 file changed, 25 insertions(+), 33 deletions(-) diff --git a/api/catalog_test.go b/api/catalog_test.go index 2639be6f4..2c926d199 100644 --- a/api/catalog_test.go +++ b/api/catalog_test.go @@ -36,43 +36,35 @@ func TestAPI_CatalogNodes(t *testing.T) { s.WaitForSerfCheck(t) catalog := c.Catalog() + retry.Run(t, func(r *retry.R) { nodes, meta, err := catalog.Nodes(nil) - // We're not concerned about the createIndex of an agent - // Hence we're setting it to the default value - nodes[0].CreateIndex = 0 - if err != nil { - r.Fatal(err) - } - if meta.LastIndex < 2 { - r.Fatal("Last index must be greater than 1") - } - want := []*Node{ - { - ID: s.Config.NodeID, - Node: s.Config.NodeName, - Partition: splitDefaultPartition, - Address: "127.0.0.1", - Datacenter: "dc1", - TaggedAddresses: map[string]string{ - "lan": "127.0.0.1", - "lan_ipv4": "127.0.0.1", - "wan": "127.0.0.1", - "wan_ipv4": "127.0.0.1", - }, - Meta: map[string]string{ - "consul-network-segment": "", - }, - // CreateIndex will never always be meta.LastIndex - 1 - // The purpose of this test is not to test CreateIndex value of an agent - // rather to check if the client agent can get the correct number - // of agents with a particular service, KV pair, etc... - // Hence reverting this to the default value here. - CreateIndex: 0, - ModifyIndex: meta.LastIndex, + require.NoError(r, err) + require.Len(r, nodes, 1) + require.True(r, meta.LastIndex >= 1, "Last index must be greater than 1") + + // The raft indexes are not relevant for this test. + got := nodes[0] + got.CreateIndex = 0 + got.ModifyIndex = 0 + + want := &Node{ + ID: s.Config.NodeID, + Node: s.Config.NodeName, + Partition: splitDefaultPartition, + Address: "127.0.0.1", + Datacenter: "dc1", + TaggedAddresses: map[string]string{ + "lan": "127.0.0.1", + "lan_ipv4": "127.0.0.1", + "wan": "127.0.0.1", + "wan_ipv4": "127.0.0.1", + }, + Meta: map[string]string{ + "consul-network-segment": "", }, } - require.Equal(r, want, nodes) + require.Equal(r, want, got) }) } From a8721c33c5cd785446421eb66cd981c7fbcc6665 Mon Sep 17 00:00:00 2001 From: Luke Kysow <1034429+lkysow@users.noreply.github.com> Date: Fri, 15 Jul 2022 11:58:33 -0700 Subject: [PATCH 761/785] peerstream: dialer should reconnect when stream closes (#13745) * peerstream: dialer should reconnect when stream closes If the stream is closed unexpectedly (i.e. when we haven't received a terminated message), the dialer should attempt to re-establish the stream. Previously, the `HandleStream` would return `nil` when the stream was closed. The caller then assumed the stream was terminated on purpose and so didn't reconnect when instead it was stopped unexpectedly and the dialer should have attempted to reconnect. --- agent/consul/leader_peering_test.go | 115 ++++++++++++++++++ .../services/peerstream/stream_resources.go | 9 +- 2 files changed, 122 insertions(+), 2 deletions(-) diff --git a/agent/consul/leader_peering_test.go b/agent/consul/leader_peering_test.go index 33ef26d61..aa720bd6b 100644 --- a/agent/consul/leader_peering_test.go +++ b/agent/consul/leader_peering_test.go @@ -16,6 +16,7 @@ import ( "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/proto/pbpeering" + "github.com/hashicorp/consul/sdk/freeport" "github.com/hashicorp/consul/sdk/testutil/retry" "github.com/hashicorp/consul/testrpc" "github.com/hashicorp/consul/types" @@ -423,6 +424,120 @@ func TestLeader_Peering_DeferredDeletion(t *testing.T) { }) } +// Test that the dialing peer attempts to reestablish connections when the accepting peer +// shuts down without sending a Terminated message. +// +// To test this, we start the two peer servers (accepting and dialing), set up peering, and then shut down +// the accepting peer. This terminates the connection without sending a Terminated message. +// We then restart the accepting peer (we actually spin up a new server with the same config and port) and then +// assert that the dialing peer reestablishes the connection. +func TestLeader_Peering_DialerReestablishesConnectionOnError(t *testing.T) { + if testing.Short() { + t.Skip("too slow for testing.Short") + } + + // Reserve a gRPC port so we can restart the accepting server with the same port. + ports := freeport.GetN(t, 1) + acceptingServerPort := ports[0] + + _, acceptingServer := testServerWithConfig(t, func(c *Config) { + c.NodeName = "acceptingServer.dc1" + c.Datacenter = "dc1" + c.TLSConfig.Domain = "consul" + c.GRPCPort = acceptingServerPort + }) + testrpc.WaitForLeader(t, acceptingServer.RPC, "dc1") + + // Create a peering by generating a token. + ctx, cancel := context.WithTimeout(context.Background(), 3*time.Second) + t.Cleanup(cancel) + + conn, err := grpc.DialContext(ctx, acceptingServer.config.RPCAddr.String(), + grpc.WithContextDialer(newServerDialer(acceptingServer.config.RPCAddr.String())), + grpc.WithInsecure(), + grpc.WithBlock()) + require.NoError(t, err) + defer conn.Close() + + peeringClient := pbpeering.NewPeeringServiceClient(conn) + req := pbpeering.GenerateTokenRequest{ + PeerName: "my-peer-dialing-server", + } + resp, err := peeringClient.GenerateToken(ctx, &req) + require.NoError(t, err) + tokenJSON, err := base64.StdEncoding.DecodeString(resp.PeeringToken) + require.NoError(t, err) + var token structs.PeeringToken + require.NoError(t, json.Unmarshal(tokenJSON, &token)) + + var ( + dialingServerPeerID = token.PeerID + acceptingServerPeerID = "cc56f0b8-3885-4e78-8d7b-614a0c45712d" + ) + + // Bring up dialingServer and store acceptingServer's token so that it attempts to dial. + _, dialingServer := testServerWithConfig(t, func(c *Config) { + c.NodeName = "dialing-server.dc2" + c.Datacenter = "dc2" + c.PrimaryDatacenter = "dc2" + }) + testrpc.WaitForLeader(t, dialingServer.RPC, "dc2") + p := &pbpeering.Peering{ + ID: acceptingServerPeerID, + Name: "my-peer-accepting-server", + PeerID: token.PeerID, + PeerCAPems: token.CA, + PeerServerName: token.ServerName, + PeerServerAddresses: token.ServerAddresses, + } + require.True(t, p.ShouldDial()) + require.NoError(t, dialingServer.fsm.State().PeeringWrite(1000, p)) + + // Wait for the stream to be connected. + retry.Run(t, func(r *retry.R) { + status, found := dialingServer.peerStreamServer.StreamStatus(p.ID) + require.True(r, found) + require.True(r, status.Connected) + }) + + // Wait until the dialing server has sent its roots over. This avoids a race condition where the accepting server + // shuts down, but the dialing server is still sending messages to the stream. When this happens, an error is raised + // which causes the stream to restart. + // In this test, we want to test what happens when the stream is closed when there are _no_ messages being sent. + retry.Run(t, func(r *retry.R) { + _, bundle, err := acceptingServer.fsm.State().PeeringTrustBundleRead(nil, state.Query{Value: "my-peer-dialing-server"}) + require.NoError(r, err) + require.NotNil(r, bundle) + }) + + // Shutdown the accepting server. + require.NoError(t, acceptingServer.Shutdown()) + // Have to manually shut down the gRPC server otherwise it stays bound to the port. + acceptingServer.externalGRPCServer.Stop() + + // Mimic the server restarting by starting a new server with the same config. + _, acceptingServerRestart := testServerWithConfig(t, func(c *Config) { + c.NodeName = "acceptingServer.dc1" + c.Datacenter = "dc1" + c.TLSConfig.Domain = "consul" + c.GRPCPort = acceptingServerPort + }) + testrpc.WaitForLeader(t, acceptingServerRestart.RPC, "dc1") + + // Re-insert the peering state. + require.NoError(t, acceptingServerRestart.fsm.State().PeeringWrite(2000, &pbpeering.Peering{ + ID: dialingServerPeerID, + Name: "my-peer-dialing-server", + State: pbpeering.PeeringState_PENDING, + })) + + // The dialing peer should eventually reconnect. + retry.Run(t, func(r *retry.R) { + connStreams := acceptingServerRestart.peerStreamServer.ConnectedStreams() + require.Contains(r, connStreams, dialingServerPeerID) + }) +} + func insertTestPeeringData(t *testing.T, store *state.Store, peer string, lastIdx uint64) uint64 { lastIdx++ require.NoError(t, store.PeeringTrustBundleWrite(lastIdx, &pbpeering.PeeringTrustBundle{ diff --git a/agent/grpc-external/services/peerstream/stream_resources.go b/agent/grpc-external/services/peerstream/stream_resources.go index eabd01141..57bc350c0 100644 --- a/agent/grpc-external/services/peerstream/stream_resources.go +++ b/agent/grpc-external/services/peerstream/stream_resources.go @@ -258,8 +258,13 @@ func (s *Server) HandleStream(streamReq HandleStreamRequest) error { case msg, open := <-recvChan: if !open { - logger.Trace("no longer receiving data on the stream") - return nil + // The only time we expect the stream to end is when we've received a "Terminated" message. + // We handle the case of receiving the Terminated message below and then this function exits. + // So if the channel is closed while this function is still running then we haven't received a Terminated + // message which means we want to try and reestablish the stream. + // It's the responsibility of the caller of this function to reestablish the stream on error and so that's + // why we return an error here. + return fmt.Errorf("stream ended unexpectedly") } // NOTE: this code should have similar error handling to the From 3968f21339c0f8a77bb504ad45988f3d5e58ddda Mon Sep 17 00:00:00 2001 From: Luke Kysow <1034429+lkysow@users.noreply.github.com> Date: Fri, 15 Jul 2022 12:23:05 -0700 Subject: [PATCH 762/785] Add docs for peerStreamServer vs peeringServer. (#13781) --- agent/consul/server.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/agent/consul/server.go b/agent/consul/server.go index a5708e030..d4753bb3f 100644 --- a/agent/consul/server.go +++ b/agent/consul/server.go @@ -367,8 +367,9 @@ type Server struct { // peeringBackend is shared between the external and internal gRPC services for peering peeringBackend *PeeringBackend - // peerStreamServer is a server used to handle peering streams - peerStreamServer *peerstream.Server + // peerStreamServer is a server used to handle peering streams from external clusters. + peerStreamServer *peerstream.Server + // peeringServer handles peering RPC requests internal to this cluster, like generating peering tokens. peeringServer *peering.Server peerStreamTracker *peerstream.Tracker From 7da65c02a6425477c37dfa92d6a937b126f9af05 Mon Sep 17 00:00:00 2001 From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com> Date: Fri, 15 Jul 2022 14:43:24 -0500 Subject: [PATCH 763/785] peerstream: fix test assertions (#13780) --- .../services/peerstream/stream_test.go | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/agent/grpc-external/services/peerstream/stream_test.go b/agent/grpc-external/services/peerstream/stream_test.go index 612513158..1074f5960 100644 --- a/agent/grpc-external/services/peerstream/stream_test.go +++ b/agent/grpc-external/services/peerstream/stream_test.go @@ -469,13 +469,17 @@ func TestStreamResources_Server_StreamTracker(t *testing.T) { lastRecvSuccess = it.base.Add(time.Duration(sequence) * time.Second).UTC() + api := structs.NewServiceName("api", nil) + expect := Status{ Connected: true, LastAck: lastSendSuccess, LastNack: lastNack, LastNackMessage: lastNackMsg, LastReceiveSuccess: lastRecvSuccess, - ImportedServices: map[string]struct{}{"api": {}}, + ImportedServices: map[string]struct{}{ + api.String(): {}, + }, } retry.Run(t, func(r *retry.R) { @@ -525,6 +529,8 @@ func TestStreamResources_Server_StreamTracker(t *testing.T) { lastRecvError = it.base.Add(time.Duration(sequence) * time.Second).UTC() lastRecvErrorMsg = `unsupported operation: "OPERATION_UNSPECIFIED"` + api := structs.NewServiceName("api", nil) + expect := Status{ Connected: true, LastAck: lastSendSuccess, @@ -533,7 +539,9 @@ func TestStreamResources_Server_StreamTracker(t *testing.T) { LastReceiveSuccess: lastRecvSuccess, LastReceiveError: lastRecvError, LastReceiveErrorMessage: lastRecvErrorMsg, - ImportedServices: map[string]struct{}{"api": {}}, + ImportedServices: map[string]struct{}{ + api.String(): {}, + }, } retry.Run(t, func(r *retry.R) { @@ -552,6 +560,8 @@ func TestStreamResources_Server_StreamTracker(t *testing.T) { sequence++ disconnectTime := it.base.Add(time.Duration(sequence) * time.Second).UTC() + api := structs.NewServiceName("api", nil) + expect := Status{ Connected: false, LastAck: lastSendSuccess, @@ -561,7 +571,9 @@ func TestStreamResources_Server_StreamTracker(t *testing.T) { LastReceiveSuccess: lastRecvSuccess, LastReceiveErrorMessage: io.EOF.Error(), LastReceiveError: lastRecvError, - ImportedServices: map[string]struct{}{"api": {}}, + ImportedServices: map[string]struct{}{ + api.String(): {}, + }, } retry.Run(t, func(r *retry.R) { From bec4df0679ac6d5f00199a8276b3c6ebcef318c4 Mon Sep 17 00:00:00 2001 From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com> Date: Fri, 15 Jul 2022 15:03:40 -0500 Subject: [PATCH 764/785] peerstream: require a resource subscription to receive updates of that type (#13767) This mimics xDS's discovery protocol where you must request a resource explicitly for the exporting side to send those events to you. As part of this I aligned the overall ResourceURL with the TypeURL that gets embedded into the encoded protobuf Any construct. The CheckServiceNodes is now wrapped in a better named "ExportedService" struct now. --- .../services/peerstream/replication.go | 51 +-- .../services/peerstream/stream_resources.go | 196 +++++++++-- .../services/peerstream/stream_test.go | 304 ++++++++++-------- .../peerstream/subscription_blocking.go | 14 + .../peerstream/subscription_manager.go | 37 ++- .../peerstream/subscription_manager_test.go | 23 +- .../services/peerstream/testing.go | 38 ++- proto/pbpeerstream/convert.go | 25 ++ proto/pbpeerstream/peerstream.pb.binary.go | 10 + proto/pbpeerstream/peerstream.pb.go | 289 ++++++++++------- proto/pbpeerstream/peerstream.proto | 6 + proto/pbpeerstream/types.go | 12 +- proto/pbservice/convert.go | 19 -- proto/prototest/testing.go | 57 ++++ 14 files changed, 736 insertions(+), 345 deletions(-) create mode 100644 proto/pbpeerstream/convert.go diff --git a/agent/grpc-external/services/peerstream/replication.go b/agent/grpc-external/services/peerstream/replication.go index e21b48a63..c69d705d3 100644 --- a/agent/grpc-external/services/peerstream/replication.go +++ b/agent/grpc-external/services/peerstream/replication.go @@ -5,10 +5,9 @@ import ( "fmt" "strings" - "github.com/golang/protobuf/proto" - "github.com/golang/protobuf/ptypes" "github.com/hashicorp/go-hclog" "google.golang.org/genproto/googleapis/rpc/code" + newproto "google.golang.org/protobuf/proto" "google.golang.org/protobuf/types/known/anypb" "github.com/hashicorp/consul/agent/cache" @@ -39,7 +38,16 @@ func makeServiceResponse( logger hclog.Logger, update cache.UpdateEvent, ) (*pbpeerstream.ReplicationMessage_Response, error) { - any, csn, err := marshalToProtoAny[*pbservice.IndexedCheckServiceNodes](update.Result) + csn, ok := update.Result.(*pbservice.IndexedCheckServiceNodes) + if !ok { + return nil, fmt.Errorf("invalid type for service response: %T", update.Result) + } + + export := &pbpeerstream.ExportedService{ + Nodes: csn.Nodes, + } + + any, err := anypb.New(export) if err != nil { return nil, fmt.Errorf("failed to marshal: %w", err) } @@ -53,9 +61,9 @@ func makeServiceResponse( // // We don't distinguish when these three things occurred, but it's safe to send a DELETE Op in all cases, so we do that. // Case #1 is a no-op for the importing peer. - if len(csn.Nodes) == 0 { + if len(export.Nodes) == 0 { return &pbpeerstream.ReplicationMessage_Response{ - ResourceURL: pbpeerstream.TypeURLService, + ResourceURL: pbpeerstream.TypeURLExportedService, // TODO(peering): Nonce management Nonce: "", ResourceID: serviceName, @@ -65,7 +73,7 @@ func makeServiceResponse( // If there are nodes in the response, we push them as an UPSERT operation. return &pbpeerstream.ReplicationMessage_Response{ - ResourceURL: pbpeerstream.TypeURLService, + ResourceURL: pbpeerstream.TypeURLExportedService, // TODO(peering): Nonce management Nonce: "", ResourceID: serviceName, @@ -84,7 +92,7 @@ func makeCARootsResponse( } return &pbpeerstream.ReplicationMessage_Response{ - ResourceURL: pbpeerstream.TypeURLRoots, + ResourceURL: pbpeerstream.TypeURLPeeringTrustBundle, // TODO(peering): Nonce management Nonce: "", ResourceID: "roots", @@ -97,13 +105,13 @@ func makeCARootsResponse( // the protobuf.Any type, the asserted T type, and any errors // during marshalling or type assertion. // `in` MUST be of type T or it returns an error. -func marshalToProtoAny[T proto.Message](in any) (*anypb.Any, T, error) { +func marshalToProtoAny[T newproto.Message](in any) (*anypb.Any, T, error) { typ, ok := in.(T) if !ok { var outType T return nil, typ, fmt.Errorf("input type is not %T: %T", outType, in) } - any, err := ptypes.MarshalAny(typ) + any, err := anypb.New(typ) if err != nil { return nil, typ, err } @@ -186,20 +194,23 @@ func (s *Server) handleUpsert( resource *anypb.Any, logger hclog.Logger, ) error { + if resource.TypeUrl != resourceURL { + return fmt.Errorf("mismatched resourceURL %q and Any typeUrl %q", resourceURL, resource.TypeUrl) + } + switch resourceURL { - case pbpeerstream.TypeURLService: + case pbpeerstream.TypeURLExportedService: sn := structs.ServiceNameFromString(resourceID) sn.OverridePartition(partition) - csn := &pbservice.IndexedCheckServiceNodes{} - if err := ptypes.UnmarshalAny(resource, csn); err != nil { + export := &pbpeerstream.ExportedService{} + if err := resource.UnmarshalTo(export); err != nil { return fmt.Errorf("failed to unmarshal resource: %w", err) } - err := s.handleUpdateService(peerName, partition, sn, csn) + err := s.handleUpdateService(peerName, partition, sn, export) if err != nil { - logger.Error("did not increment imported services count", "service_name", sn.String(), "error", err) - return err + return fmt.Errorf("did not increment imported services count for service=%q: %w", sn.String(), err) } logger.Trace("incrementing imported services count", "service_name", sn.String()) @@ -207,9 +218,9 @@ func (s *Server) handleUpsert( return nil - case pbpeerstream.TypeURLRoots: + case pbpeerstream.TypeURLPeeringTrustBundle: roots := &pbpeering.PeeringTrustBundle{} - if err := ptypes.UnmarshalAny(resource, roots); err != nil { + if err := resource.UnmarshalTo(roots); err != nil { return fmt.Errorf("failed to unmarshal resource: %w", err) } @@ -232,7 +243,7 @@ func (s *Server) handleUpdateService( peerName string, partition string, sn structs.ServiceName, - pbNodes *pbservice.IndexedCheckServiceNodes, + export *pbpeerstream.ExportedService, ) error { // Capture instances in the state store for reconciliation later. _, storedInstances, err := s.GetStore().CheckServiceNodes(nil, sn.Name, &sn.EnterpriseMeta, peerName) @@ -240,7 +251,7 @@ func (s *Server) handleUpdateService( return fmt.Errorf("failed to read imported services: %w", err) } - structsNodes, err := pbNodes.CheckServiceNodesToStruct() + structsNodes, err := export.CheckServiceNodesToStruct() if err != nil { return fmt.Errorf("failed to convert protobuf instances to structs: %w", err) } @@ -444,7 +455,7 @@ func (s *Server) handleDelete( logger hclog.Logger, ) error { switch resourceURL { - case pbpeerstream.TypeURLService: + case pbpeerstream.TypeURLExportedService: sn := structs.ServiceNameFromString(resourceID) sn.OverridePartition(partition) diff --git a/agent/grpc-external/services/peerstream/stream_resources.go b/agent/grpc-external/services/peerstream/stream_resources.go index 57bc350c0..26d5a7b00 100644 --- a/agent/grpc-external/services/peerstream/stream_resources.go +++ b/agent/grpc-external/services/peerstream/stream_resources.go @@ -9,7 +9,6 @@ import ( "github.com/golang/protobuf/jsonpb" "github.com/golang/protobuf/proto" "github.com/hashicorp/go-hclog" - "google.golang.org/genproto/googleapis/rpc/code" "google.golang.org/grpc/codes" grpcstatus "google.golang.org/grpc/status" @@ -99,11 +98,12 @@ func (s *Server) StreamResources(stream pbpeerstream.PeerStreamService_StreamRes } streamReq := HandleStreamRequest{ - LocalID: p.ID, - RemoteID: "", - PeerName: p.Name, - Partition: p.Partition, - Stream: stream, + LocalID: p.ID, + RemoteID: "", + PeerName: p.Name, + Partition: p.Partition, + InitialResourceURL: req.ResourceURL, + Stream: stream, } err = s.HandleStream(streamReq) // A nil error indicates that the peering was deleted and the stream needs to be gracefully shutdown. @@ -129,6 +129,9 @@ type HandleStreamRequest struct { // Partition is the local partition associated with the peer. Partition string + // InitialResourceURL is the ResourceURL from the initial Request. + InitialResourceURL string + // Stream is the open stream to the peer cluster. Stream BidirectionalStream } @@ -183,6 +186,13 @@ func (s *Server) HandleStream(streamReq HandleStreamRequest) error { } } + remoteSubTracker := newResourceSubscriptionTracker() + if streamReq.InitialResourceURL != "" { + if remoteSubTracker.Subscribe(streamReq.InitialResourceURL) { + logger.Info("subscribing to resource type", "resourceURL", streamReq.InitialResourceURL) + } + } + mgr := newSubscriptionManager( streamReq.Stream.Context(), logger, @@ -190,24 +200,31 @@ func (s *Server) HandleStream(streamReq HandleStreamRequest) error { trustDomain, s.Backend, s.GetStore, + remoteSubTracker, ) subCh := mgr.subscribe(streamReq.Stream.Context(), streamReq.LocalID, streamReq.PeerName, streamReq.Partition) - sub := makeReplicationRequest(&pbpeerstream.ReplicationMessage_Request{ - ResourceURL: pbpeerstream.TypeURLService, - PeerID: streamReq.RemoteID, - }) - logTraceSend(logger, sub) + // Subscribe to all relevant resource types. + for _, resourceURL := range []string{ + pbpeerstream.TypeURLExportedService, + pbpeerstream.TypeURLPeeringTrustBundle, + } { + sub := makeReplicationRequest(&pbpeerstream.ReplicationMessage_Request{ + ResourceURL: resourceURL, + PeerID: streamReq.RemoteID, + }) + logTraceSend(logger, sub) - if err := streamReq.Stream.Send(sub); err != nil { - if err == io.EOF { - logger.Info("stream ended by peer") - status.TrackReceiveError(err.Error()) - return nil + if err := streamReq.Stream.Send(sub); err != nil { + if err == io.EOF { + logger.Info("stream ended by peer") + status.TrackReceiveError(err.Error()) + return nil + } + // TODO(peering) Test error handling in calls to Send/Recv + status.TrackSendError(err.Error()) + return fmt.Errorf("failed to send subscription for %q to stream: %w", resourceURL, err) } - // TODO(peering) Test error handling in calls to Send/Recv - status.TrackSendError(err.Error()) - return fmt.Errorf("failed to send to stream: %v", err) } // TODO(peering): Should this be buffered? @@ -289,17 +306,86 @@ func (s *Server) HandleStream(streamReq HandleStreamRequest) error { if !pbpeerstream.KnownTypeURL(req.ResourceURL) { return grpcstatus.Errorf(codes.InvalidArgument, "subscription request to unknown resource URL: %s", req.ResourceURL) } - switch { - case req.ResponseNonce == "": - // TODO(peering): This can happen on a client peer since they don't try to receive subscriptions before entering HandleStream. - // Should change that behavior or only allow it that one time. - case req.Error != nil && (req.Error.Code != int32(code.Code_OK) || req.Error.Message != ""): + // There are different formats of requests depending upon where in the stream lifecycle we are. + // + // 1. Initial Request: This is the first request being received + // FROM the establishing peer. This is handled specially in + // (*Server).StreamResources BEFORE calling + // (*Server).HandleStream. This takes care of determining what + // the PeerID is for the stream. This is ALSO treated as (2) below. + // + // 2. Subscription Request: This is the first request for a + // given ResourceURL within a stream. The Initial Request (1) + // is always one of these as well. + // + // These must contain a valid ResourceURL with no Error or + // ResponseNonce set. + // + // It is valid to subscribe to the same ResourceURL twice + // within the lifetime of a stream, but all duplicate + // subscriptions are treated as no-ops upon receipt. + // + // 3. ACK Request: This is the message sent in reaction to an + // earlier Response to indicate that the response was processed + // by the other side successfully. + // + // These must contain a ResponseNonce and no Error. + // + // 4. NACK Request: This is the message sent in reaction to an + // earlier Response to indicate that the response was NOT + // processed by the other side successfully. + // + // These must contain a ResponseNonce and an Error. + // + if !remoteSubTracker.IsSubscribed(req.ResourceURL) { + // This must be a new subscription request to add a new + // resource type, vet it like a new request. + + if !streamReq.WasDialed() { + if req.PeerID != "" && req.PeerID != streamReq.RemoteID { + // Not necessary after the first request from the dialer, + // but if provided must match. + return grpcstatus.Errorf(codes.InvalidArgument, + "initial subscription requests for a resource type must have consistent PeerID values: got=%q expected=%q", + req.PeerID, + streamReq.RemoteID, + ) + } + } + if req.ResponseNonce != "" { + return grpcstatus.Error(codes.InvalidArgument, "initial subscription requests for a resource type must not contain a nonce") + } + if req.Error != nil { + return grpcstatus.Error(codes.InvalidArgument, "initial subscription request for a resource type must not contain an error") + } + + if remoteSubTracker.Subscribe(req.ResourceURL) { + logger.Info("subscribing to resource type", "resourceURL", req.ResourceURL) + } + status.TrackAck() + continue + } + + // At this point we have a valid ResourceURL and we are subscribed to it. + + switch { + case req.ResponseNonce == "" && req.Error != nil: + return grpcstatus.Error(codes.InvalidArgument, "initial subscription request for a resource type must not contain an error") + + case req.ResponseNonce != "" && req.Error == nil: // ACK + // TODO(peering): handle ACK fully + status.TrackAck() + + case req.ResponseNonce != "" && req.Error != nil: // NACK + // TODO(peering): handle NACK fully logger.Warn("client peer was unable to apply resource", "code", req.Error.Code, "error", req.Error.Message) status.TrackNack(fmt.Sprintf("client peer was unable to apply resource: %s", req.Error.Message)) default: - status.TrackAck() + // This branch might be dead code, but it could also happen + // during a stray 're-subscribe' so just ignore the + // message. } continue @@ -425,3 +511,63 @@ func logTraceProto(logger hclog.Logger, pb proto.Message, received bool) { logger.Trace("replication message", "direction", dir, "protobuf", out) } + +// resourceSubscriptionTracker is used to keep track of the ResourceURLs that a +// stream has subscribed to and can notify you when a subscription comes in by +// closing the channels returned by SubscribedChan. +type resourceSubscriptionTracker struct { + // notifierMap keeps track of a notification channel for each resourceURL. + // Keys may exist in here even when they do not exist in 'subscribed' as + // calling SubscribedChan has to possibly create and and hand out a + // notification channel in advance of any notification. + notifierMap map[string]chan struct{} + + // subscribed is a set that keeps track of resourceURLs that are currently + // subscribed to. Keys are never deleted. If a key is present in this map + // it is also present in 'notifierMap'. + subscribed map[string]struct{} +} + +func newResourceSubscriptionTracker() *resourceSubscriptionTracker { + return &resourceSubscriptionTracker{ + subscribed: make(map[string]struct{}), + notifierMap: make(map[string]chan struct{}), + } +} + +// IsSubscribed returns true if the given ResourceURL has an active subscription. +func (t *resourceSubscriptionTracker) IsSubscribed(resourceURL string) bool { + _, ok := t.subscribed[resourceURL] + return ok +} + +// Subscribe subscribes to the given ResourceURL. It will return true if this +// was the FIRST time a subscription occurred. It will also close the +// notification channel associated with this ResourceURL. +func (t *resourceSubscriptionTracker) Subscribe(resourceURL string) bool { + if _, ok := t.subscribed[resourceURL]; ok { + return false + } + t.subscribed[resourceURL] = struct{}{} + + // and notify + ch := t.ensureNotifierChan(resourceURL) + close(ch) + + return true +} + +// SubscribedChan returns a channel that will be closed when the ResourceURL is +// subscribed using the Subscribe method. +func (t *resourceSubscriptionTracker) SubscribedChan(resourceURL string) <-chan struct{} { + return t.ensureNotifierChan(resourceURL) +} + +func (t *resourceSubscriptionTracker) ensureNotifierChan(resourceURL string) chan struct{} { + if ch, ok := t.notifierMap[resourceURL]; ok { + return ch + } + ch := make(chan struct{}) + t.notifierMap[resourceURL] = ch + return ch +} diff --git a/agent/grpc-external/services/peerstream/stream_test.go b/agent/grpc-external/services/peerstream/stream_test.go index 1074f5960..1e3117ecc 100644 --- a/agent/grpc-external/services/peerstream/stream_test.go +++ b/agent/grpc-external/services/peerstream/stream_test.go @@ -12,15 +12,14 @@ import ( "testing" "time" - "github.com/golang/protobuf/proto" - "github.com/golang/protobuf/ptypes" - "github.com/golang/protobuf/ptypes/any" "github.com/hashicorp/go-uuid" "github.com/stretchr/testify/require" "google.golang.org/genproto/googleapis/rpc/code" "google.golang.org/grpc" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" + "google.golang.org/protobuf/proto" + "google.golang.org/protobuf/types/known/anypb" "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/connect" @@ -97,18 +96,6 @@ func TestStreamResources_Server_LeaderBecomesFollower(t *testing.T) { backend.leaderAddr = "expected:address" }) - client := NewMockClient(context.Background()) - - errCh := make(chan error, 1) - client.ErrCh = errCh - - go func() { - err := srv.StreamResources(client.ReplicationStream) - if err != nil { - errCh <- err - } - }() - p := writePeeringToBeDialed(t, store, 1, "my-peer") require.Empty(t, p.PeerID, "should be empty if being dialed") peerID := p.ID @@ -116,53 +103,73 @@ func TestStreamResources_Server_LeaderBecomesFollower(t *testing.T) { // Set the initial roots and CA configuration. _, _ = writeInitialRootsAndCA(t, store) - // Receive a subscription from a peer - sub := &pbpeerstream.ReplicationMessage{ - Payload: &pbpeerstream.ReplicationMessage_Request_{ - Request: &pbpeerstream.ReplicationMessage_Request{ - PeerID: peerID, - ResourceURL: pbpeerstream.TypeURLService, + client := NewMockClient(context.Background()) + + errCh := make(chan error, 1) + client.ErrCh = errCh + + go func() { + // Pass errors from server handler into ErrCh so that they can be seen by the client on Recv(). + // This matches gRPC's behavior when an error is returned by a server. + if err := srv.StreamResources(client.ReplicationStream); err != nil { + errCh <- err + } + }() + + // Receive a subscription from a peer. This message arrives while the + // server is a leader and should work. + testutil.RunStep(t, "send subscription request to leader and consume its two requests", func(t *testing.T) { + sub := &pbpeerstream.ReplicationMessage{ + Payload: &pbpeerstream.ReplicationMessage_Request_{ + Request: &pbpeerstream.ReplicationMessage_Request{ + PeerID: peerID, + ResourceURL: pbpeerstream.TypeURLExportedService, + }, }, - }, - } - err := client.Send(sub) - require.NoError(t, err) + } + err := client.Send(sub) + require.NoError(t, err) - msg, err := client.Recv() - require.NoError(t, err) - require.NotEmpty(t, msg) + msg1, err := client.Recv() + require.NoError(t, err) + require.NotEmpty(t, msg1) - receiveRoots, err := client.Recv() - require.NoError(t, err) - require.NotNil(t, receiveRoots.GetResponse()) - require.Equal(t, pbpeerstream.TypeURLRoots, receiveRoots.GetResponse().ResourceURL) + msg2, err := client.Recv() + require.NoError(t, err) + require.NotEmpty(t, msg2) + }) - input2 := &pbpeerstream.ReplicationMessage{ - Payload: &pbpeerstream.ReplicationMessage_Request_{ - Request: &pbpeerstream.ReplicationMessage_Request{ - ResourceURL: pbpeerstream.TypeURLService, - ResponseNonce: "1", + // The ACK will be a new request but at this point the server is not the + // leader in the test and this should fail. + testutil.RunStep(t, "ack fails with non leader", func(t *testing.T) { + ack := &pbpeerstream.ReplicationMessage{ + Payload: &pbpeerstream.ReplicationMessage_Request_{ + Request: &pbpeerstream.ReplicationMessage_Request{ + ResourceURL: pbpeerstream.TypeURLExportedService, + ResponseNonce: "1", + }, }, - }, - } + } - err2 := client.Send(input2) - require.NoError(t, err2) + err := client.Send(ack) + require.NoError(t, err) - // expect error - msg2, err2 := client.Recv() - require.Nil(t, msg2) - require.Error(t, err2) - require.EqualError(t, err2, "rpc error: code = FailedPrecondition desc = node is not a leader anymore; cannot continue streaming") + // expect error + msg, err := client.Recv() + require.Nil(t, msg) + require.Error(t, err) + require.EqualError(t, err, "rpc error: code = FailedPrecondition desc = node is not a leader anymore; cannot continue streaming") - // expect a status error - st, ok := status.FromError(err2) - require.True(t, ok, "need to get back a grpc status error") - deets := st.Details() + // expect a status error + st, ok := status.FromError(err) + require.True(t, ok, "need to get back a grpc status error") - // expect a LeaderAddress message - exp := []interface{}{&pbpeerstream.LeaderAddress{Address: "expected:address"}} - prototest.AssertDeepEqual(t, exp, deets) + // expect a LeaderAddress message + expect := []interface{}{ + &pbpeerstream.LeaderAddress{Address: "expected:address"}, + } + prototest.AssertDeepEqual(t, expect, st.Details()) + }) } func TestStreamResources_Server_FirstRequest(t *testing.T) { @@ -204,7 +211,7 @@ func TestStreamResources_Server_FirstRequest(t *testing.T) { input: &pbpeerstream.ReplicationMessage{ Payload: &pbpeerstream.ReplicationMessage_Response_{ Response: &pbpeerstream.ReplicationMessage_Response{ - ResourceURL: pbpeerstream.TypeURLService, + ResourceURL: pbpeerstream.TypeURLExportedService, ResourceID: "api-service", Nonce: "2", }, @@ -251,7 +258,7 @@ func TestStreamResources_Server_FirstRequest(t *testing.T) { Payload: &pbpeerstream.ReplicationMessage_Request_{ Request: &pbpeerstream.ReplicationMessage_Request{ PeerID: "63b60245-c475-426b-b314-4588d210859d", - ResourceURL: pbpeerstream.TypeURLService, + ResourceURL: pbpeerstream.TypeURLExportedService, }, }, }, @@ -291,7 +298,7 @@ func TestStreamResources_Server_Terminate(t *testing.T) { receiveRoots, err := client.Recv() require.NoError(t, err) require.NotNil(t, receiveRoots.GetResponse()) - require.Equal(t, pbpeerstream.TypeURLRoots, receiveRoots.GetResponse().ResourceURL) + require.Equal(t, pbpeerstream.TypeURLPeeringTrustBundle, receiveRoots.GetResponse().ResourceURL) testutil.RunStep(t, "new stream gets tracked", func(t *testing.T) { retry.Run(t, func(r *retry.R) { @@ -347,7 +354,6 @@ func TestStreamResources_Server_StreamTracker(t *testing.T) { }) }) - var sequence uint64 var lastSendSuccess time.Time testutil.RunStep(t, "ack tracked as success", func(t *testing.T) { @@ -355,18 +361,17 @@ func TestStreamResources_Server_StreamTracker(t *testing.T) { Payload: &pbpeerstream.ReplicationMessage_Request_{ Request: &pbpeerstream.ReplicationMessage_Request{ PeerID: peerID, - ResourceURL: pbpeerstream.TypeURLService, + ResourceURL: pbpeerstream.TypeURLExportedService, ResponseNonce: "1", // Acks do not have an Error populated in the request }, }, } + + lastSendSuccess = it.FutureNow(1) err := client.Send(ack) require.NoError(t, err) - sequence++ - - lastSendSuccess = it.base.Add(time.Duration(sequence) * time.Second).UTC() expect := Status{ Connected: true, @@ -388,7 +393,7 @@ func TestStreamResources_Server_StreamTracker(t *testing.T) { Payload: &pbpeerstream.ReplicationMessage_Request_{ Request: &pbpeerstream.ReplicationMessage_Request{ PeerID: peerID, - ResourceURL: pbpeerstream.TypeURLService, + ResourceURL: pbpeerstream.TypeURLExportedService, ResponseNonce: "2", Error: &pbstatus.Status{ Code: int32(code.Code_UNAVAILABLE), @@ -397,12 +402,12 @@ func TestStreamResources_Server_StreamTracker(t *testing.T) { }, }, } + + lastNack = it.FutureNow(1) err := client.Send(nack) require.NoError(t, err) - sequence++ lastNackMsg = "client peer was unable to apply resource: bad bad not good" - lastNack = it.base.Add(time.Duration(sequence) * time.Second).UTC() expect := Status{ Connected: true, @@ -424,22 +429,22 @@ func TestStreamResources_Server_StreamTracker(t *testing.T) { resp := &pbpeerstream.ReplicationMessage{ Payload: &pbpeerstream.ReplicationMessage_Response_{ Response: &pbpeerstream.ReplicationMessage_Response{ - ResourceURL: pbpeerstream.TypeURLService, + ResourceURL: pbpeerstream.TypeURLExportedService, ResourceID: "api", Nonce: "21", Operation: pbpeerstream.Operation_OPERATION_UPSERT, - Resource: makeAnyPB(t, &pbservice.IndexedCheckServiceNodes{}), + Resource: makeAnyPB(t, &pbpeerstream.ExportedService{}), }, }, } + lastRecvSuccess = it.FutureNow(1) err := client.Send(resp) require.NoError(t, err) - sequence++ expectRoots := &pbpeerstream.ReplicationMessage{ Payload: &pbpeerstream.ReplicationMessage_Response_{ Response: &pbpeerstream.ReplicationMessage_Response{ - ResourceURL: pbpeerstream.TypeURLRoots, + ResourceURL: pbpeerstream.TypeURLPeeringTrustBundle, ResourceID: "roots", Resource: makeAnyPB(t, &pbpeering.PeeringTrustBundle{ TrustDomain: connect.TestTrustDomain, @@ -460,15 +465,13 @@ func TestStreamResources_Server_StreamTracker(t *testing.T) { expectAck := &pbpeerstream.ReplicationMessage{ Payload: &pbpeerstream.ReplicationMessage_Request_{ Request: &pbpeerstream.ReplicationMessage_Request{ - ResourceURL: pbpeerstream.TypeURLService, + ResourceURL: pbpeerstream.TypeURLExportedService, ResponseNonce: "21", }, }, } prototest.AssertDeepEqual(t, expectAck, ack) - lastRecvSuccess = it.base.Add(time.Duration(sequence) * time.Second).UTC() - api := structs.NewServiceName("api", nil) expect := Status{ @@ -496,7 +499,7 @@ func TestStreamResources_Server_StreamTracker(t *testing.T) { resp := &pbpeerstream.ReplicationMessage{ Payload: &pbpeerstream.ReplicationMessage_Response_{ Response: &pbpeerstream.ReplicationMessage_Response{ - ResourceURL: pbpeerstream.TypeURLService, + ResourceURL: pbpeerstream.TypeURLExportedService, ResourceID: "web", Nonce: "24", @@ -505,9 +508,9 @@ func TestStreamResources_Server_StreamTracker(t *testing.T) { }, }, } + lastRecvError = it.FutureNow(1) err := client.Send(resp) require.NoError(t, err) - sequence++ ack, err := client.Recv() require.NoError(t, err) @@ -515,7 +518,7 @@ func TestStreamResources_Server_StreamTracker(t *testing.T) { expectNack := &pbpeerstream.ReplicationMessage{ Payload: &pbpeerstream.ReplicationMessage_Request_{ Request: &pbpeerstream.ReplicationMessage_Request{ - ResourceURL: pbpeerstream.TypeURLService, + ResourceURL: pbpeerstream.TypeURLExportedService, ResponseNonce: "24", Error: &pbstatus.Status{ Code: int32(code.Code_INVALID_ARGUMENT), @@ -526,7 +529,6 @@ func TestStreamResources_Server_StreamTracker(t *testing.T) { } prototest.AssertDeepEqual(t, expectNack, ack) - lastRecvError = it.base.Add(time.Duration(sequence) * time.Second).UTC() lastRecvErrorMsg = `unsupported operation: "OPERATION_UNSPECIFIED"` api := structs.NewServiceName("api", nil) @@ -552,14 +554,12 @@ func TestStreamResources_Server_StreamTracker(t *testing.T) { }) testutil.RunStep(t, "client disconnect marks stream as disconnected", func(t *testing.T) { + lastRecvError = it.FutureNow(1) + disconnectTime := it.FutureNow(2) + lastRecvErrorMsg = io.EOF.Error() + client.Close() - sequence++ - lastRecvError := it.base.Add(time.Duration(sequence) * time.Second).UTC() - - sequence++ - disconnectTime := it.base.Add(time.Duration(sequence) * time.Second).UTC() - api := structs.NewServiceName("api", nil) expect := Status{ @@ -569,8 +569,8 @@ func TestStreamResources_Server_StreamTracker(t *testing.T) { LastNackMessage: lastNackMsg, DisconnectTime: disconnectTime, LastReceiveSuccess: lastRecvSuccess, - LastReceiveErrorMessage: io.EOF.Error(), LastReceiveError: lastRecvError, + LastReceiveErrorMessage: lastRecvErrorMsg, ImportedServices: map[string]struct{}{ api.String(): {}, }, @@ -654,35 +654,35 @@ func TestStreamResources_Server_ServiceUpdates(t *testing.T) { expectReplEvents(t, client, func(t *testing.T, msg *pbpeerstream.ReplicationMessage) { - require.Equal(t, pbpeerstream.TypeURLRoots, msg.GetResponse().ResourceURL) + require.Equal(t, pbpeerstream.TypeURLPeeringTrustBundle, msg.GetResponse().ResourceURL) // Roots tested in TestStreamResources_Server_CARootUpdates }, func(t *testing.T, msg *pbpeerstream.ReplicationMessage) { // no mongo instances exist - require.Equal(t, pbpeerstream.TypeURLService, msg.GetResponse().ResourceURL) + require.Equal(t, pbpeerstream.TypeURLExportedService, msg.GetResponse().ResourceURL) require.Equal(t, mongoSN, msg.GetResponse().ResourceID) require.Equal(t, pbpeerstream.Operation_OPERATION_DELETE, msg.GetResponse().Operation) require.Nil(t, msg.GetResponse().Resource) }, func(t *testing.T, msg *pbpeerstream.ReplicationMessage) { // proxies can't export because no mesh gateway exists yet - require.Equal(t, pbpeerstream.TypeURLService, msg.GetResponse().ResourceURL) + require.Equal(t, pbpeerstream.TypeURLExportedService, msg.GetResponse().ResourceURL) require.Equal(t, mongoProxySN, msg.GetResponse().ResourceID) require.Equal(t, pbpeerstream.Operation_OPERATION_DELETE, msg.GetResponse().Operation) require.Nil(t, msg.GetResponse().Resource) }, func(t *testing.T, msg *pbpeerstream.ReplicationMessage) { - require.Equal(t, pbpeerstream.TypeURLService, msg.GetResponse().ResourceURL) + require.Equal(t, pbpeerstream.TypeURLExportedService, msg.GetResponse().ResourceURL) require.Equal(t, mysqlSN, msg.GetResponse().ResourceID) require.Equal(t, pbpeerstream.Operation_OPERATION_UPSERT, msg.GetResponse().Operation) - var nodes pbservice.IndexedCheckServiceNodes - require.NoError(t, ptypes.UnmarshalAny(msg.GetResponse().Resource, &nodes)) + var nodes pbpeerstream.ExportedService + require.NoError(t, msg.GetResponse().Resource.UnmarshalTo(&nodes)) require.Len(t, nodes.Nodes, 1) }, func(t *testing.T, msg *pbpeerstream.ReplicationMessage) { // proxies can't export because no mesh gateway exists yet - require.Equal(t, pbpeerstream.TypeURLService, msg.GetResponse().ResourceURL) + require.Equal(t, pbpeerstream.TypeURLExportedService, msg.GetResponse().ResourceURL) require.Equal(t, mysqlProxySN, msg.GetResponse().ResourceID) require.Equal(t, pbpeerstream.Operation_OPERATION_DELETE, msg.GetResponse().Operation) require.Nil(t, msg.GetResponse().Resource) @@ -704,12 +704,12 @@ func TestStreamResources_Server_ServiceUpdates(t *testing.T) { expectReplEvents(t, client, func(t *testing.T, msg *pbpeerstream.ReplicationMessage) { - require.Equal(t, pbpeerstream.TypeURLService, msg.GetResponse().ResourceURL) + require.Equal(t, pbpeerstream.TypeURLExportedService, msg.GetResponse().ResourceURL) require.Equal(t, mongoProxySN, msg.GetResponse().ResourceID) require.Equal(t, pbpeerstream.Operation_OPERATION_UPSERT, msg.GetResponse().Operation) - var nodes pbservice.IndexedCheckServiceNodes - require.NoError(t, ptypes.UnmarshalAny(msg.GetResponse().Resource, &nodes)) + var nodes pbpeerstream.ExportedService + require.NoError(t, msg.GetResponse().Resource.UnmarshalTo(&nodes)) require.Len(t, nodes.Nodes, 1) pm := nodes.Nodes[0].Service.Connect.PeerMeta @@ -721,12 +721,12 @@ func TestStreamResources_Server_ServiceUpdates(t *testing.T) { require.Equal(t, spiffeIDs, pm.SpiffeID) }, func(t *testing.T, msg *pbpeerstream.ReplicationMessage) { - require.Equal(t, pbpeerstream.TypeURLService, msg.GetResponse().ResourceURL) + require.Equal(t, pbpeerstream.TypeURLExportedService, msg.GetResponse().ResourceURL) require.Equal(t, mysqlProxySN, msg.GetResponse().ResourceID) require.Equal(t, pbpeerstream.Operation_OPERATION_UPSERT, msg.GetResponse().Operation) - var nodes pbservice.IndexedCheckServiceNodes - require.NoError(t, ptypes.UnmarshalAny(msg.GetResponse().Resource, &nodes)) + var nodes pbpeerstream.ExportedService + require.NoError(t, msg.GetResponse().Resource.UnmarshalTo(&nodes)) require.Len(t, nodes.Nodes, 1) pm := nodes.Nodes[0].Service.Connect.PeerMeta @@ -758,8 +758,8 @@ func TestStreamResources_Server_ServiceUpdates(t *testing.T) { require.Equal(r, pbpeerstream.Operation_OPERATION_UPSERT, msg.GetResponse().Operation) require.Equal(r, mongo.Service.CompoundServiceName().String(), msg.GetResponse().ResourceID) - var nodes pbservice.IndexedCheckServiceNodes - require.NoError(r, ptypes.UnmarshalAny(msg.GetResponse().Resource, &nodes)) + var nodes pbpeerstream.ExportedService + require.NoError(t, msg.GetResponse().Resource.UnmarshalTo(&nodes)) require.Len(r, nodes.Nodes, 1) }) }) @@ -824,12 +824,12 @@ func TestStreamResources_Server_CARootUpdates(t *testing.T) { testutil.RunStep(t, "initial CA Roots replication", func(t *testing.T) { expectReplEvents(t, client, func(t *testing.T, msg *pbpeerstream.ReplicationMessage) { - require.Equal(t, pbpeerstream.TypeURLRoots, msg.GetResponse().ResourceURL) + require.Equal(t, pbpeerstream.TypeURLPeeringTrustBundle, msg.GetResponse().ResourceURL) require.Equal(t, "roots", msg.GetResponse().ResourceID) require.Equal(t, pbpeerstream.Operation_OPERATION_UPSERT, msg.GetResponse().Operation) var trustBundle pbpeering.PeeringTrustBundle - require.NoError(t, ptypes.UnmarshalAny(msg.GetResponse().Resource, &trustBundle)) + require.NoError(t, msg.GetResponse().Resource.UnmarshalTo(&trustBundle)) require.ElementsMatch(t, []string{rootA.RootCert}, trustBundle.RootPEMs) expect := connect.SpiffeIDSigningForCluster(clusterID).Host() @@ -853,12 +853,12 @@ func TestStreamResources_Server_CARootUpdates(t *testing.T) { expectReplEvents(t, client, func(t *testing.T, msg *pbpeerstream.ReplicationMessage) { - require.Equal(t, pbpeerstream.TypeURLRoots, msg.GetResponse().ResourceURL) + require.Equal(t, pbpeerstream.TypeURLPeeringTrustBundle, msg.GetResponse().ResourceURL) require.Equal(t, "roots", msg.GetResponse().ResourceID) require.Equal(t, pbpeerstream.Operation_OPERATION_UPSERT, msg.GetResponse().Operation) var trustBundle pbpeering.PeeringTrustBundle - require.NoError(t, ptypes.UnmarshalAny(msg.GetResponse().Resource, &trustBundle)) + require.NoError(t, msg.GetResponse().Resource.UnmarshalTo(&trustBundle)) require.ElementsMatch(t, []string{rootB.RootCert, rootC.RootCert}, trustBundle.RootPEMs) expect := connect.SpiffeIDSigningForCluster(clusterID).Host() @@ -886,33 +886,57 @@ func makeClient(t *testing.T, srv pbpeerstream.PeerStreamServiceServer, peerID s } }() - // Issue a services subscription to server - init := &pbpeerstream.ReplicationMessage{ - Payload: &pbpeerstream.ReplicationMessage_Request_{ - Request: &pbpeerstream.ReplicationMessage_Request{ - PeerID: peerID, - ResourceURL: pbpeerstream.TypeURLService, + // Issue a services and roots subscription pair to server + for _, resourceURL := range []string{ + pbpeerstream.TypeURLExportedService, + pbpeerstream.TypeURLPeeringTrustBundle, + } { + init := &pbpeerstream.ReplicationMessage{ + Payload: &pbpeerstream.ReplicationMessage_Request_{ + Request: &pbpeerstream.ReplicationMessage_Request{ + PeerID: peerID, + ResourceURL: resourceURL, + }, }, - }, + } + require.NoError(t, client.Send(init)) } - require.NoError(t, client.Send(init)) - // Receive a services subscription from server - receivedSub, err := client.Recv() + // Receive a services and roots subscription request pair from server + receivedSub1, err := client.Recv() + require.NoError(t, err) + receivedSub2, err := client.Recv() require.NoError(t, err) - expect := &pbpeerstream.ReplicationMessage{ - Payload: &pbpeerstream.ReplicationMessage_Request_{ - Request: &pbpeerstream.ReplicationMessage_Request{ - ResourceURL: pbpeerstream.TypeURLService, - // The PeerID field is only set for the messages coming FROM - // the establishing side and are going to be empty from the - // other side. - PeerID: "", + expect := []*pbpeerstream.ReplicationMessage{ + { + Payload: &pbpeerstream.ReplicationMessage_Request_{ + Request: &pbpeerstream.ReplicationMessage_Request{ + ResourceURL: pbpeerstream.TypeURLExportedService, + // The PeerID field is only set for the messages coming FROM + // the establishing side and are going to be empty from the + // other side. + PeerID: "", + }, + }, + }, + { + Payload: &pbpeerstream.ReplicationMessage_Request_{ + Request: &pbpeerstream.ReplicationMessage_Request{ + ResourceURL: pbpeerstream.TypeURLPeeringTrustBundle, + // The PeerID field is only set for the messages coming FROM + // the establishing side and are going to be empty from the + // other side. + PeerID: "", + }, }, }, } - prototest.AssertDeepEqual(t, expect, receivedSub) + got := []*pbpeerstream.ReplicationMessage{ + receivedSub1, + receivedSub2, + } + prototest.AssertElementsMatch[*pbpeerstream.ReplicationMessage](t, expect, got) return client } @@ -1017,16 +1041,16 @@ func Test_processResponse_Validation(t *testing.T) { { name: "valid upsert", in: &pbpeerstream.ReplicationMessage_Response{ - ResourceURL: pbpeerstream.TypeURLService, + ResourceURL: pbpeerstream.TypeURLExportedService, ResourceID: "api", Nonce: "1", Operation: pbpeerstream.Operation_OPERATION_UPSERT, - Resource: makeAnyPB(t, &pbservice.IndexedCheckServiceNodes{}), + Resource: makeAnyPB(t, &pbpeerstream.ExportedService{}), }, expect: &pbpeerstream.ReplicationMessage{ Payload: &pbpeerstream.ReplicationMessage_Request_{ Request: &pbpeerstream.ReplicationMessage_Request{ - ResourceURL: pbpeerstream.TypeURLService, + ResourceURL: pbpeerstream.TypeURLExportedService, ResponseNonce: "1", }, }, @@ -1036,7 +1060,7 @@ func Test_processResponse_Validation(t *testing.T) { { name: "valid delete", in: &pbpeerstream.ReplicationMessage_Response{ - ResourceURL: pbpeerstream.TypeURLService, + ResourceURL: pbpeerstream.TypeURLExportedService, ResourceID: "api", Nonce: "1", Operation: pbpeerstream.Operation_OPERATION_DELETE, @@ -1044,7 +1068,7 @@ func Test_processResponse_Validation(t *testing.T) { expect: &pbpeerstream.ReplicationMessage{ Payload: &pbpeerstream.ReplicationMessage_Request_{ Request: &pbpeerstream.ReplicationMessage_Request{ - ResourceURL: pbpeerstream.TypeURLService, + ResourceURL: pbpeerstream.TypeURLExportedService, ResponseNonce: "1", }, }, @@ -1075,14 +1099,14 @@ func Test_processResponse_Validation(t *testing.T) { { name: "unknown operation", in: &pbpeerstream.ReplicationMessage_Response{ - ResourceURL: pbpeerstream.TypeURLService, + ResourceURL: pbpeerstream.TypeURLExportedService, Nonce: "1", Operation: pbpeerstream.Operation_OPERATION_UNSPECIFIED, }, expect: &pbpeerstream.ReplicationMessage{ Payload: &pbpeerstream.ReplicationMessage_Request_{ Request: &pbpeerstream.ReplicationMessage_Request{ - ResourceURL: pbpeerstream.TypeURLService, + ResourceURL: pbpeerstream.TypeURLExportedService, ResponseNonce: "1", Error: &pbstatus.Status{ Code: int32(code.Code_INVALID_ARGUMENT), @@ -1096,14 +1120,14 @@ func Test_processResponse_Validation(t *testing.T) { { name: "out of range operation", in: &pbpeerstream.ReplicationMessage_Response{ - ResourceURL: pbpeerstream.TypeURLService, + ResourceURL: pbpeerstream.TypeURLExportedService, Nonce: "1", Operation: pbpeerstream.Operation(100000), }, expect: &pbpeerstream.ReplicationMessage{ Payload: &pbpeerstream.ReplicationMessage_Request_{ Request: &pbpeerstream.ReplicationMessage_Request{ - ResourceURL: pbpeerstream.TypeURLService, + ResourceURL: pbpeerstream.TypeURLExportedService, ResponseNonce: "1", Error: &pbstatus.Status{ Code: int32(code.Code_INVALID_ARGUMENT), @@ -1163,8 +1187,8 @@ func writeInitialRootsAndCA(t *testing.T, store *state.Store) (string, *structs. return clusterID, rootA } -func makeAnyPB(t *testing.T, pb proto.Message) *any.Any { - any, err := ptypes.MarshalAny(pb) +func makeAnyPB(t *testing.T, pb proto.Message) *anypb.Any { + any, err := anypb.New(pb) require.NoError(t, err) return any } @@ -1255,7 +1279,7 @@ func Test_processResponse_handleUpsert_handleDelete(t *testing.T) { type testCase struct { name string seed []*structs.RegisterRequest - input *pbservice.IndexedCheckServiceNodes + input *pbpeerstream.ExportedService expect map[string]structs.CheckServiceNodes expectedImportedServicesCount int } @@ -1296,7 +1320,7 @@ func Test_processResponse_handleUpsert_handleDelete(t *testing.T) { } in := &pbpeerstream.ReplicationMessage_Response{ - ResourceURL: pbpeerstream.TypeURLService, + ResourceURL: pbpeerstream.TypeURLExportedService, ResourceID: apiSN.String(), Nonce: "1", Operation: op, @@ -1322,7 +1346,7 @@ func Test_processResponse_handleUpsert_handleDelete(t *testing.T) { tt := []testCase{ { name: "upsert two service instances to the same node", - input: &pbservice.IndexedCheckServiceNodes{ + input: &pbpeerstream.ExportedService{ Nodes: []*pbservice.CheckServiceNode{ { Node: &pbservice.Node{ @@ -1454,7 +1478,7 @@ func Test_processResponse_handleUpsert_handleDelete(t *testing.T) { }, { name: "upsert two service instances to different nodes", - input: &pbservice.IndexedCheckServiceNodes{ + input: &pbpeerstream.ExportedService{ Nodes: []*pbservice.CheckServiceNode{ { Node: &pbservice.Node{ @@ -1636,7 +1660,7 @@ func Test_processResponse_handleUpsert_handleDelete(t *testing.T) { }, }, }, - input: &pbservice.IndexedCheckServiceNodes{}, + input: &pbpeerstream.ExportedService{}, expect: map[string]structs.CheckServiceNodes{ "api": {}, }, @@ -1695,7 +1719,7 @@ func Test_processResponse_handleUpsert_handleDelete(t *testing.T) { }, }, // Nil input is for the "api" service. - input: &pbservice.IndexedCheckServiceNodes{}, + input: &pbpeerstream.ExportedService{}, expect: map[string]structs.CheckServiceNodes{ "api": {}, // Existing redis service was not affected by deletion. @@ -1761,7 +1785,7 @@ func Test_processResponse_handleUpsert_handleDelete(t *testing.T) { }, }, }, - input: &pbservice.IndexedCheckServiceNodes{ + input: &pbpeerstream.ExportedService{ Nodes: []*pbservice.CheckServiceNode{ { Node: &pbservice.Node{ @@ -1856,7 +1880,7 @@ func Test_processResponse_handleUpsert_handleDelete(t *testing.T) { }, }, }, - input: &pbservice.IndexedCheckServiceNodes{ + input: &pbpeerstream.ExportedService{ Nodes: []*pbservice.CheckServiceNode{ { Node: &pbservice.Node{ @@ -1991,7 +2015,7 @@ func Test_processResponse_handleUpsert_handleDelete(t *testing.T) { }, }, }, - input: &pbservice.IndexedCheckServiceNodes{ + input: &pbpeerstream.ExportedService{ Nodes: []*pbservice.CheckServiceNode{ { Node: &pbservice.Node{ diff --git a/agent/grpc-external/services/peerstream/subscription_blocking.go b/agent/grpc-external/services/peerstream/subscription_blocking.go index c2720dcdb..d11e03d55 100644 --- a/agent/grpc-external/services/peerstream/subscription_blocking.go +++ b/agent/grpc-external/services/peerstream/subscription_blocking.go @@ -19,6 +19,13 @@ import ( // streaming machinery instead to be cheaper. func (m *subscriptionManager) notifyExportedServicesForPeerID(ctx context.Context, state *subscriptionState, peerID string) { + // Wait until this is subscribed-to. + select { + case <-m.serviceSubReady: + case <-ctx.Done(): + return + } + // syncSubscriptionsAndBlock ensures that the subscriptions to the subscription backend // match the list of services exported to the peer. m.syncViaBlockingQuery(ctx, "exported-services", func(ctx context.Context, store StateStore, ws memdb.WatchSet) (interface{}, error) { @@ -34,6 +41,13 @@ func (m *subscriptionManager) notifyExportedServicesForPeerID(ctx context.Contex // TODO: add a new streaming subscription type to list-by-kind-and-partition since we're getting evictions func (m *subscriptionManager) notifyMeshGatewaysForPartition(ctx context.Context, state *subscriptionState, partition string) { + // Wait until this is subscribed-to. + select { + case <-m.serviceSubReady: + case <-ctx.Done(): + return + } + m.syncViaBlockingQuery(ctx, "mesh-gateways", func(ctx context.Context, store StateStore, ws memdb.WatchSet) (interface{}, error) { // Fetch our current list of all mesh gateways. entMeta := structs.DefaultEnterpriseMetaInPartition(partition) diff --git a/agent/grpc-external/services/peerstream/subscription_manager.go b/agent/grpc-external/services/peerstream/subscription_manager.go index 33726a216..0c69b0338 100644 --- a/agent/grpc-external/services/peerstream/subscription_manager.go +++ b/agent/grpc-external/services/peerstream/subscription_manager.go @@ -19,6 +19,7 @@ import ( "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/proto/pbcommon" "github.com/hashicorp/consul/proto/pbpeering" + "github.com/hashicorp/consul/proto/pbpeerstream" "github.com/hashicorp/consul/proto/pbservice" ) @@ -33,12 +34,14 @@ type SubscriptionBackend interface { // subscriptionManager handlers requests to subscribe to events from an events publisher. type subscriptionManager struct { - logger hclog.Logger - config Config - trustDomain string - viewStore MaterializedViewStore - backend SubscriptionBackend - getStore func() StateStore + logger hclog.Logger + config Config + trustDomain string + viewStore MaterializedViewStore + backend SubscriptionBackend + getStore func() StateStore + serviceSubReady <-chan struct{} + trustBundlesSubReady <-chan struct{} } // TODO(peering): Maybe centralize so that there is a single manager per datacenter, rather than per peering. @@ -49,18 +52,21 @@ func newSubscriptionManager( trustDomain string, backend SubscriptionBackend, getStore func() StateStore, + remoteSubTracker *resourceSubscriptionTracker, ) *subscriptionManager { logger = logger.Named("subscriptions") store := submatview.NewStore(logger.Named("viewstore")) go store.Run(ctx) return &subscriptionManager{ - logger: logger, - config: config, - trustDomain: trustDomain, - viewStore: store, - backend: backend, - getStore: getStore, + logger: logger, + config: config, + trustDomain: trustDomain, + viewStore: store, + backend: backend, + getStore: getStore, + serviceSubReady: remoteSubTracker.SubscribedChan(pbpeerstream.TypeURLExportedService), + trustBundlesSubReady: remoteSubTracker.SubscribedChan(pbpeerstream.TypeURLPeeringTrustBundle), } } @@ -297,6 +303,13 @@ func (m *subscriptionManager) notifyRootCAUpdatesForPartition( updateCh chan<- cache.UpdateEvent, partition string, ) { + // Wait until this is subscribed-to. + select { + case <-m.trustBundlesSubReady: + case <-ctx.Done(): + return + } + var idx uint64 // TODO(peering): retry logic; fail past a threshold for { diff --git a/agent/grpc-external/services/peerstream/subscription_manager_test.go b/agent/grpc-external/services/peerstream/subscription_manager_test.go index cd12b2c22..1a5269817 100644 --- a/agent/grpc-external/services/peerstream/subscription_manager_test.go +++ b/agent/grpc-external/services/peerstream/subscription_manager_test.go @@ -16,6 +16,7 @@ import ( "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/proto/pbcommon" "github.com/hashicorp/consul/proto/pbpeering" + "github.com/hashicorp/consul/proto/pbpeerstream" "github.com/hashicorp/consul/proto/pbservice" "github.com/hashicorp/consul/proto/prototest" "github.com/hashicorp/consul/sdk/testutil" @@ -32,12 +33,16 @@ func TestSubscriptionManager_RegisterDeregister(t *testing.T) { _, id := backend.ensurePeering(t, "my-peering") partition := acl.DefaultEnterpriseMeta().PartitionOrEmpty() + // Only configure a tracker for catalog events. + tracker := newResourceSubscriptionTracker() + tracker.Subscribe(pbpeerstream.TypeURLExportedService) + mgr := newSubscriptionManager(ctx, testutil.Logger(t), Config{ Datacenter: "dc1", ConnectEnabled: true, }, connect.TestTrustDomain, backend, func() StateStore { return backend.store - }) + }, tracker) subCh := mgr.subscribe(ctx, id, "my-peering", partition) var ( @@ -442,12 +447,16 @@ func TestSubscriptionManager_InitialSnapshot(t *testing.T) { _, id := backend.ensurePeering(t, "my-peering") partition := acl.DefaultEnterpriseMeta().PartitionOrEmpty() + // Only configure a tracker for catalog events. + tracker := newResourceSubscriptionTracker() + tracker.Subscribe(pbpeerstream.TypeURLExportedService) + mgr := newSubscriptionManager(ctx, testutil.Logger(t), Config{ Datacenter: "dc1", ConnectEnabled: true, }, connect.TestTrustDomain, backend, func() StateStore { return backend.store - }) + }, tracker) subCh := mgr.subscribe(ctx, id, "my-peering", partition) // Register two services that are not yet exported @@ -571,21 +580,21 @@ func TestSubscriptionManager_CARoots(t *testing.T) { _, id := backend.ensurePeering(t, "my-peering") partition := acl.DefaultEnterpriseMeta().PartitionOrEmpty() + // Only configure a tracker for CA roots events. + tracker := newResourceSubscriptionTracker() + tracker.Subscribe(pbpeerstream.TypeURLPeeringTrustBundle) + mgr := newSubscriptionManager(ctx, testutil.Logger(t), Config{ Datacenter: "dc1", ConnectEnabled: true, }, connect.TestTrustDomain, backend, func() StateStore { return backend.store - }) + }, tracker) subCh := mgr.subscribe(ctx, id, "my-peering", partition) testutil.RunStep(t, "initial events contain trust bundle", func(t *testing.T) { // events are ordered so we can expect a deterministic list expectEvents(t, subCh, - func(t *testing.T, got cache.UpdateEvent) { - // mesh-gateway assertions are done in other tests - require.Equal(t, subMeshGateway+partition, got.CorrelationID) - }, func(t *testing.T, got cache.UpdateEvent) { require.Equal(t, subCARoot, got.CorrelationID) roots, ok := got.Result.(*pbpeering.PeeringTrustBundle) diff --git a/agent/grpc-external/services/peerstream/testing.go b/agent/grpc-external/services/peerstream/testing.go index 939c38dfa..1f85b2b78 100644 --- a/agent/grpc-external/services/peerstream/testing.go +++ b/agent/grpc-external/services/peerstream/testing.go @@ -2,6 +2,7 @@ package peerstream import ( "context" + "fmt" "io" "sync" "time" @@ -24,14 +25,7 @@ func (c *MockClient) Send(r *pbpeerstream.ReplicationMessage) error { } func (c *MockClient) Recv() (*pbpeerstream.ReplicationMessage, error) { - select { - case err := <-c.ErrCh: - return nil, err - case r := <-c.ReplicationStream.sendCh: - return r, nil - case <-time.After(10 * time.Millisecond): - return nil, io.EOF - } + return c.RecvWithTimeout(10 * time.Millisecond) } func (c *MockClient) RecvWithTimeout(dur time.Duration) (*pbpeerstream.ReplicationMessage, error) { @@ -61,7 +55,6 @@ type MockStream struct { recvCh chan *pbpeerstream.ReplicationMessage ctx context.Context - mu sync.Mutex } var _ pbpeerstream.PeerStreamService_StreamResourcesServer = (*MockStream)(nil) @@ -117,12 +110,37 @@ func (s *MockStream) SendHeader(metadata.MD) error { // SetTrailer implements grpc.ServerStream func (s *MockStream) SetTrailer(metadata.MD) {} +// incrementalTime is an artificial clock used during testing. For those +// scenarios you would pass around the method pointer for `Now` in places where +// you would be using `time.Now`. type incrementalTime struct { base time.Time next uint64 + mu sync.Mutex } +// Now advances the internal clock by 1 second and returns that value. func (t *incrementalTime) Now() time.Time { + t.mu.Lock() + defer t.mu.Unlock() t.next++ - return t.base.Add(time.Duration(t.next) * time.Second) + + dur := time.Duration(t.next) * time.Second + + return t.base.Add(dur) +} + +// FutureNow will return a given future value of the Now() function. +// The numerical argument indicates which future Now value you wanted. The +// value must be > 0. +func (t *incrementalTime) FutureNow(n int) time.Time { + if n < 1 { + panic(fmt.Sprintf("argument must be > 1 but was %d", n)) + } + t.mu.Lock() + defer t.mu.Unlock() + + dur := time.Duration(t.next+uint64(n)) * time.Second + + return t.base.Add(dur) } diff --git a/proto/pbpeerstream/convert.go b/proto/pbpeerstream/convert.go new file mode 100644 index 000000000..b0df6c42a --- /dev/null +++ b/proto/pbpeerstream/convert.go @@ -0,0 +1,25 @@ +package pbpeerstream + +import ( + "fmt" + + "github.com/hashicorp/consul/agent/structs" + pbservice "github.com/hashicorp/consul/proto/pbservice" +) + +// CheckServiceNodesToStruct converts the contained CheckServiceNodes to their structs equivalent. +func (s *ExportedService) CheckServiceNodesToStruct() ([]structs.CheckServiceNode, error) { + if s == nil { + return nil, nil + } + + resp := make([]structs.CheckServiceNode, 0, len(s.Nodes)) + for _, pb := range s.Nodes { + instance, err := pbservice.CheckServiceNodeToStructs(pb) + if err != nil { + return resp, fmt.Errorf("failed to convert instance: %w", err) + } + resp = append(resp, *instance) + } + return resp, nil +} diff --git a/proto/pbpeerstream/peerstream.pb.binary.go b/proto/pbpeerstream/peerstream.pb.binary.go index 39dbdb814..c5d928949 100644 --- a/proto/pbpeerstream/peerstream.pb.binary.go +++ b/proto/pbpeerstream/peerstream.pb.binary.go @@ -56,3 +56,13 @@ func (msg *LeaderAddress) MarshalBinary() ([]byte, error) { func (msg *LeaderAddress) UnmarshalBinary(b []byte) error { return proto.Unmarshal(b, msg) } + +// MarshalBinary implements encoding.BinaryMarshaler +func (msg *ExportedService) MarshalBinary() ([]byte, error) { + return proto.Marshal(msg) +} + +// UnmarshalBinary implements encoding.BinaryUnmarshaler +func (msg *ExportedService) UnmarshalBinary(b []byte) error { + return proto.Unmarshal(b, msg) +} diff --git a/proto/pbpeerstream/peerstream.pb.go b/proto/pbpeerstream/peerstream.pb.go index e9da9cc56..8b71b4e8c 100644 --- a/proto/pbpeerstream/peerstream.pb.go +++ b/proto/pbpeerstream/peerstream.pb.go @@ -7,6 +7,7 @@ package pbpeerstream import ( + pbservice "github.com/hashicorp/consul/proto/pbservice" pbstatus "github.com/hashicorp/consul/proto/pbstatus" protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" @@ -220,6 +221,54 @@ func (x *LeaderAddress) GetAddress() string { return "" } +// ExportedService is one of the types of data returned via peer stream replication. +type ExportedService struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Nodes []*pbservice.CheckServiceNode `protobuf:"bytes,1,rep,name=Nodes,proto3" json:"Nodes,omitempty"` +} + +func (x *ExportedService) Reset() { + *x = ExportedService{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_pbpeerstream_peerstream_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ExportedService) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ExportedService) ProtoMessage() {} + +func (x *ExportedService) ProtoReflect() protoreflect.Message { + mi := &file_proto_pbpeerstream_peerstream_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ExportedService.ProtoReflect.Descriptor instead. +func (*ExportedService) Descriptor() ([]byte, []int) { + return file_proto_pbpeerstream_peerstream_proto_rawDescGZIP(), []int{2} +} + +func (x *ExportedService) GetNodes() []*pbservice.CheckServiceNode { + if x != nil { + return x.Nodes + } + return nil +} + // A Request requests to subscribe to a resource of a given type. type ReplicationMessage_Request struct { state protoimpl.MessageState @@ -244,7 +293,7 @@ type ReplicationMessage_Request struct { func (x *ReplicationMessage_Request) Reset() { *x = ReplicationMessage_Request{} if protoimpl.UnsafeEnabled { - mi := &file_proto_pbpeerstream_peerstream_proto_msgTypes[2] + mi := &file_proto_pbpeerstream_peerstream_proto_msgTypes[3] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -257,7 +306,7 @@ func (x *ReplicationMessage_Request) String() string { func (*ReplicationMessage_Request) ProtoMessage() {} func (x *ReplicationMessage_Request) ProtoReflect() protoreflect.Message { - mi := &file_proto_pbpeerstream_peerstream_proto_msgTypes[2] + mi := &file_proto_pbpeerstream_peerstream_proto_msgTypes[3] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -323,7 +372,7 @@ type ReplicationMessage_Response struct { func (x *ReplicationMessage_Response) Reset() { *x = ReplicationMessage_Response{} if protoimpl.UnsafeEnabled { - mi := &file_proto_pbpeerstream_peerstream_proto_msgTypes[3] + mi := &file_proto_pbpeerstream_peerstream_proto_msgTypes[4] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -336,7 +385,7 @@ func (x *ReplicationMessage_Response) String() string { func (*ReplicationMessage_Response) ProtoMessage() {} func (x *ReplicationMessage_Response) ProtoReflect() protoreflect.Message { - mi := &file_proto_pbpeerstream_peerstream_proto_msgTypes[3] + mi := &file_proto_pbpeerstream_peerstream_proto_msgTypes[4] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -398,7 +447,7 @@ type ReplicationMessage_Terminated struct { func (x *ReplicationMessage_Terminated) Reset() { *x = ReplicationMessage_Terminated{} if protoimpl.UnsafeEnabled { - mi := &file_proto_pbpeerstream_peerstream_proto_msgTypes[4] + mi := &file_proto_pbpeerstream_peerstream_proto_msgTypes[5] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -411,7 +460,7 @@ func (x *ReplicationMessage_Terminated) String() string { func (*ReplicationMessage_Terminated) ProtoMessage() {} func (x *ReplicationMessage_Terminated) ProtoReflect() protoreflect.Message { - mi := &file_proto_pbpeerstream_peerstream_proto_msgTypes[4] + mi := &file_proto_pbpeerstream_peerstream_proto_msgTypes[5] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -436,92 +485,99 @@ var file_proto_pbpeerstream_peerstream_proto_rawDesc = []byte{ 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x1a, 0x19, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x61, 0x6e, 0x79, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1b, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, - 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x2f, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x22, 0xe5, 0x05, 0x0a, 0x12, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x12, 0x5c, 0x0a, 0x07, 0x72, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x40, 0x2e, 0x68, 0x61, - 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, - 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, - 0x61, 0x6d, 0x2e, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, - 0x73, 0x73, 0x61, 0x67, 0x65, 0x2e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x48, 0x00, 0x52, - 0x07, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x5f, 0x0a, 0x08, 0x72, 0x65, 0x73, 0x70, - 0x6f, 0x6e, 0x73, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x41, 0x2e, 0x68, 0x61, 0x73, - 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, - 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, - 0x6d, 0x2e, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, 0x73, - 0x73, 0x61, 0x67, 0x65, 0x2e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x48, 0x00, 0x52, - 0x08, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x65, 0x0a, 0x0a, 0x74, 0x65, 0x72, - 0x6d, 0x69, 0x6e, 0x61, 0x74, 0x65, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x43, 0x2e, - 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, - 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x73, 0x74, - 0x72, 0x65, 0x61, 0x6d, 0x2e, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x2e, 0x54, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x74, - 0x65, 0x64, 0x48, 0x00, 0x52, 0x0a, 0x74, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x74, 0x65, 0x64, - 0x1a, 0xa9, 0x01, 0x0a, 0x07, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06, - 0x50, 0x65, 0x65, 0x72, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x50, 0x65, - 0x65, 0x72, 0x49, 0x44, 0x12, 0x24, 0x0a, 0x0d, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, - 0x4e, 0x6f, 0x6e, 0x63, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x52, 0x65, 0x73, - 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x4e, 0x6f, 0x6e, 0x63, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x52, 0x65, - 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x55, 0x52, 0x4c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x0b, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x55, 0x52, 0x4c, 0x12, 0x3e, 0x0a, 0x05, - 0x45, 0x72, 0x72, 0x6f, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x68, 0x61, - 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, - 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x2e, 0x53, - 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x05, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x1a, 0xe3, 0x01, 0x0a, - 0x08, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x4e, 0x6f, 0x6e, - 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x4e, 0x6f, 0x6e, 0x63, 0x65, 0x12, - 0x20, 0x0a, 0x0b, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x55, 0x52, 0x4c, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x55, 0x52, - 0x4c, 0x12, 0x1e, 0x0a, 0x0a, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x44, 0x18, - 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, - 0x44, 0x12, 0x30, 0x0a, 0x08, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x04, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x41, 0x6e, 0x79, 0x52, 0x08, 0x52, 0x65, 0x73, 0x6f, 0x75, - 0x72, 0x63, 0x65, 0x12, 0x4d, 0x0a, 0x09, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x18, 0x05, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1a, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, + 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2f, 0x6e, 0x6f, 0x64, 0x65, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x1a, 0x1b, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x73, 0x74, 0x61, 0x74, + 0x75, 0x73, 0x2f, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, + 0xe5, 0x05, 0x0a, 0x12, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, + 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x12, 0x5c, 0x0a, 0x07, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, + 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x40, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, + 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, + 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x2e, 0x52, + 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, + 0x65, 0x2e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x48, 0x00, 0x52, 0x07, 0x72, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x12, 0x5f, 0x0a, 0x08, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x41, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, - 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x2e, 0x4f, 0x70, - 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x09, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x1a, 0x0c, 0x0a, 0x0a, 0x54, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x74, 0x65, 0x64, - 0x42, 0x09, 0x0a, 0x07, 0x50, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x22, 0x29, 0x0a, 0x0d, 0x4c, - 0x65, 0x61, 0x64, 0x65, 0x72, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x18, 0x0a, 0x07, - 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x61, - 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x2a, 0x52, 0x0a, 0x09, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x12, 0x19, 0x0a, 0x15, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, - 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x14, - 0x0a, 0x10, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x50, 0x53, 0x45, - 0x52, 0x54, 0x10, 0x01, 0x12, 0x14, 0x0a, 0x10, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, 0x49, 0x4f, - 0x4e, 0x5f, 0x44, 0x45, 0x4c, 0x45, 0x54, 0x45, 0x10, 0x02, 0x32, 0x9f, 0x01, 0x0a, 0x11, 0x50, - 0x65, 0x65, 0x72, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, - 0x12, 0x89, 0x01, 0x0a, 0x0f, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x52, 0x65, 0x73, 0x6f, 0x75, - 0x72, 0x63, 0x65, 0x73, 0x12, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, + 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x2e, 0x52, 0x65, + 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, + 0x2e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x48, 0x00, 0x52, 0x08, 0x72, 0x65, 0x73, + 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x65, 0x0a, 0x0a, 0x74, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, + 0x74, 0x65, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x43, 0x2e, 0x68, 0x61, 0x73, 0x68, + 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, + 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, + 0x2e, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x73, + 0x61, 0x67, 0x65, 0x2e, 0x54, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x74, 0x65, 0x64, 0x48, 0x00, + 0x52, 0x0a, 0x74, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x74, 0x65, 0x64, 0x1a, 0xa9, 0x01, 0x0a, + 0x07, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x50, 0x65, 0x65, 0x72, + 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x50, 0x65, 0x65, 0x72, 0x49, 0x44, + 0x12, 0x24, 0x0a, 0x0d, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x4e, 0x6f, 0x6e, 0x63, + 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, + 0x65, 0x4e, 0x6f, 0x6e, 0x63, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, + 0x63, 0x65, 0x55, 0x52, 0x4c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x52, 0x65, 0x73, + 0x6f, 0x75, 0x72, 0x63, 0x65, 0x55, 0x52, 0x4c, 0x12, 0x3e, 0x0a, 0x05, 0x45, 0x72, 0x72, 0x6f, + 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, + 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, + 0x6e, 0x61, 0x6c, 0x2e, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x75, + 0x73, 0x52, 0x05, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x1a, 0xe3, 0x01, 0x0a, 0x08, 0x52, 0x65, 0x73, + 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x4e, 0x6f, 0x6e, 0x63, 0x65, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x4e, 0x6f, 0x6e, 0x63, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x52, + 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x55, 0x52, 0x4c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x0b, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x55, 0x52, 0x4c, 0x12, 0x1e, 0x0a, + 0x0a, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x44, 0x18, 0x03, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x0a, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x44, 0x12, 0x30, 0x0a, + 0x08, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x14, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, + 0x66, 0x2e, 0x41, 0x6e, 0x79, 0x52, 0x08, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, + 0x4d, 0x0a, 0x09, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, + 0x28, 0x0e, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, + 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, + 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x2e, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x52, 0x09, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0x0c, + 0x0a, 0x0a, 0x54, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x74, 0x65, 0x64, 0x42, 0x09, 0x0a, 0x07, + 0x50, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x22, 0x29, 0x0a, 0x0d, 0x4c, 0x65, 0x61, 0x64, 0x65, + 0x72, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x61, 0x64, 0x64, 0x72, + 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, + 0x73, 0x73, 0x22, 0x5c, 0x0a, 0x0f, 0x45, 0x78, 0x70, 0x6f, 0x72, 0x74, 0x65, 0x64, 0x53, 0x65, + 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x49, 0x0a, 0x05, 0x4e, 0x6f, 0x64, 0x65, 0x73, 0x18, 0x01, + 0x20, 0x03, 0x28, 0x0b, 0x32, 0x33, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, - 0x2e, 0x70, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x2e, 0x52, 0x65, 0x70, 0x6c, - 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x1a, 0x38, + 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x53, 0x65, + 0x72, 0x76, 0x69, 0x63, 0x65, 0x4e, 0x6f, 0x64, 0x65, 0x52, 0x05, 0x4e, 0x6f, 0x64, 0x65, 0x73, + 0x2a, 0x52, 0x0a, 0x09, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x19, 0x0a, + 0x15, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, + 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x14, 0x0a, 0x10, 0x4f, 0x50, 0x45, 0x52, + 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x50, 0x53, 0x45, 0x52, 0x54, 0x10, 0x01, 0x12, 0x14, + 0x0a, 0x10, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x44, 0x45, 0x4c, 0x45, + 0x54, 0x45, 0x10, 0x02, 0x32, 0x9f, 0x01, 0x0a, 0x11, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x72, + 0x65, 0x61, 0x6d, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x89, 0x01, 0x0a, 0x0f, 0x53, + 0x74, 0x72, 0x65, 0x61, 0x6d, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x2e, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x28, 0x01, 0x30, 0x01, 0x42, 0x9f, 0x02, 0x0a, - 0x28, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, - 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, - 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x42, 0x0f, 0x50, 0x65, 0x65, 0x72, 0x73, - 0x74, 0x72, 0x65, 0x61, 0x6d, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2e, 0x67, 0x69, - 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, - 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, - 0x70, 0x62, 0x70, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0xa2, 0x02, 0x04, 0x48, - 0x43, 0x49, 0x50, 0xaa, 0x02, 0x24, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, - 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, - 0x50, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0xca, 0x02, 0x24, 0x48, 0x61, 0x73, - 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, - 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5c, 0x50, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, - 0x6d, 0xe2, 0x02, 0x30, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, - 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5c, 0x50, 0x65, - 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, - 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x27, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, - 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, - 0x61, 0x6c, 0x3a, 0x3a, 0x50, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x62, 0x06, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x6e, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x1a, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, + 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, + 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x2e, + 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x73, 0x61, + 0x67, 0x65, 0x28, 0x01, 0x30, 0x01, 0x42, 0x9f, 0x02, 0x0a, 0x28, 0x63, 0x6f, 0x6d, 0x2e, 0x68, + 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, + 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, + 0x65, 0x61, 0x6d, 0x42, 0x0f, 0x50, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x50, + 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2e, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, + 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, + 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x70, 0x65, 0x65, 0x72, + 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0xa2, 0x02, 0x04, 0x48, 0x43, 0x49, 0x50, 0xaa, 0x02, 0x24, + 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, + 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x73, 0x74, + 0x72, 0x65, 0x61, 0x6d, 0xca, 0x02, 0x24, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, + 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, + 0x5c, 0x50, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0xe2, 0x02, 0x30, 0x48, 0x61, + 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49, + 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5c, 0x50, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, + 0x61, 0x6d, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, + 0x27, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, + 0x75, 0x6c, 0x3a, 0x3a, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x3a, 0x3a, 0x50, 0x65, + 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -537,31 +593,34 @@ func file_proto_pbpeerstream_peerstream_proto_rawDescGZIP() []byte { } var file_proto_pbpeerstream_peerstream_proto_enumTypes = make([]protoimpl.EnumInfo, 1) -var file_proto_pbpeerstream_peerstream_proto_msgTypes = make([]protoimpl.MessageInfo, 5) +var file_proto_pbpeerstream_peerstream_proto_msgTypes = make([]protoimpl.MessageInfo, 6) var file_proto_pbpeerstream_peerstream_proto_goTypes = []interface{}{ (Operation)(0), // 0: hashicorp.consul.internal.peerstream.Operation (*ReplicationMessage)(nil), // 1: hashicorp.consul.internal.peerstream.ReplicationMessage (*LeaderAddress)(nil), // 2: hashicorp.consul.internal.peerstream.LeaderAddress - (*ReplicationMessage_Request)(nil), // 3: hashicorp.consul.internal.peerstream.ReplicationMessage.Request - (*ReplicationMessage_Response)(nil), // 4: hashicorp.consul.internal.peerstream.ReplicationMessage.Response - (*ReplicationMessage_Terminated)(nil), // 5: hashicorp.consul.internal.peerstream.ReplicationMessage.Terminated - (*pbstatus.Status)(nil), // 6: hashicorp.consul.internal.status.Status - (*anypb.Any)(nil), // 7: google.protobuf.Any + (*ExportedService)(nil), // 3: hashicorp.consul.internal.peerstream.ExportedService + (*ReplicationMessage_Request)(nil), // 4: hashicorp.consul.internal.peerstream.ReplicationMessage.Request + (*ReplicationMessage_Response)(nil), // 5: hashicorp.consul.internal.peerstream.ReplicationMessage.Response + (*ReplicationMessage_Terminated)(nil), // 6: hashicorp.consul.internal.peerstream.ReplicationMessage.Terminated + (*pbservice.CheckServiceNode)(nil), // 7: hashicorp.consul.internal.service.CheckServiceNode + (*pbstatus.Status)(nil), // 8: hashicorp.consul.internal.status.Status + (*anypb.Any)(nil), // 9: google.protobuf.Any } var file_proto_pbpeerstream_peerstream_proto_depIdxs = []int32{ - 3, // 0: hashicorp.consul.internal.peerstream.ReplicationMessage.request:type_name -> hashicorp.consul.internal.peerstream.ReplicationMessage.Request - 4, // 1: hashicorp.consul.internal.peerstream.ReplicationMessage.response:type_name -> hashicorp.consul.internal.peerstream.ReplicationMessage.Response - 5, // 2: hashicorp.consul.internal.peerstream.ReplicationMessage.terminated:type_name -> hashicorp.consul.internal.peerstream.ReplicationMessage.Terminated - 6, // 3: hashicorp.consul.internal.peerstream.ReplicationMessage.Request.Error:type_name -> hashicorp.consul.internal.status.Status - 7, // 4: hashicorp.consul.internal.peerstream.ReplicationMessage.Response.Resource:type_name -> google.protobuf.Any - 0, // 5: hashicorp.consul.internal.peerstream.ReplicationMessage.Response.operation:type_name -> hashicorp.consul.internal.peerstream.Operation - 1, // 6: hashicorp.consul.internal.peerstream.PeerStreamService.StreamResources:input_type -> hashicorp.consul.internal.peerstream.ReplicationMessage - 1, // 7: hashicorp.consul.internal.peerstream.PeerStreamService.StreamResources:output_type -> hashicorp.consul.internal.peerstream.ReplicationMessage - 7, // [7:8] is the sub-list for method output_type - 6, // [6:7] is the sub-list for method input_type - 6, // [6:6] is the sub-list for extension type_name - 6, // [6:6] is the sub-list for extension extendee - 0, // [0:6] is the sub-list for field type_name + 4, // 0: hashicorp.consul.internal.peerstream.ReplicationMessage.request:type_name -> hashicorp.consul.internal.peerstream.ReplicationMessage.Request + 5, // 1: hashicorp.consul.internal.peerstream.ReplicationMessage.response:type_name -> hashicorp.consul.internal.peerstream.ReplicationMessage.Response + 6, // 2: hashicorp.consul.internal.peerstream.ReplicationMessage.terminated:type_name -> hashicorp.consul.internal.peerstream.ReplicationMessage.Terminated + 7, // 3: hashicorp.consul.internal.peerstream.ExportedService.Nodes:type_name -> hashicorp.consul.internal.service.CheckServiceNode + 8, // 4: hashicorp.consul.internal.peerstream.ReplicationMessage.Request.Error:type_name -> hashicorp.consul.internal.status.Status + 9, // 5: hashicorp.consul.internal.peerstream.ReplicationMessage.Response.Resource:type_name -> google.protobuf.Any + 0, // 6: hashicorp.consul.internal.peerstream.ReplicationMessage.Response.operation:type_name -> hashicorp.consul.internal.peerstream.Operation + 1, // 7: hashicorp.consul.internal.peerstream.PeerStreamService.StreamResources:input_type -> hashicorp.consul.internal.peerstream.ReplicationMessage + 1, // 8: hashicorp.consul.internal.peerstream.PeerStreamService.StreamResources:output_type -> hashicorp.consul.internal.peerstream.ReplicationMessage + 8, // [8:9] is the sub-list for method output_type + 7, // [7:8] is the sub-list for method input_type + 7, // [7:7] is the sub-list for extension type_name + 7, // [7:7] is the sub-list for extension extendee + 0, // [0:7] is the sub-list for field type_name } func init() { file_proto_pbpeerstream_peerstream_proto_init() } @@ -595,7 +654,7 @@ func file_proto_pbpeerstream_peerstream_proto_init() { } } file_proto_pbpeerstream_peerstream_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ReplicationMessage_Request); i { + switch v := v.(*ExportedService); i { case 0: return &v.state case 1: @@ -607,7 +666,7 @@ func file_proto_pbpeerstream_peerstream_proto_init() { } } file_proto_pbpeerstream_peerstream_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ReplicationMessage_Response); i { + switch v := v.(*ReplicationMessage_Request); i { case 0: return &v.state case 1: @@ -619,6 +678,18 @@ func file_proto_pbpeerstream_peerstream_proto_init() { } } file_proto_pbpeerstream_peerstream_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ReplicationMessage_Response); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_proto_pbpeerstream_peerstream_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*ReplicationMessage_Terminated); i { case 0: return &v.state @@ -642,7 +713,7 @@ func file_proto_pbpeerstream_peerstream_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_proto_pbpeerstream_peerstream_proto_rawDesc, NumEnums: 1, - NumMessages: 5, + NumMessages: 6, NumExtensions: 0, NumServices: 1, }, diff --git a/proto/pbpeerstream/peerstream.proto b/proto/pbpeerstream/peerstream.proto index ee19a2df7..54be6e4b7 100644 --- a/proto/pbpeerstream/peerstream.proto +++ b/proto/pbpeerstream/peerstream.proto @@ -3,6 +3,7 @@ syntax = "proto3"; package hashicorp.consul.internal.peerstream; import "google/protobuf/any.proto"; +import "proto/pbservice/node.proto"; // TODO(peering): Handle this some other way import "proto/pbstatus/status.proto"; @@ -89,3 +90,8 @@ message LeaderAddress { // address is an ip:port best effort hint at what could be the cluster leader's address string address = 1; } + +// ExportedService is one of the types of data returned via peer stream replication. +message ExportedService { + repeated hashicorp.consul.internal.service.CheckServiceNode Nodes = 1; +} diff --git a/proto/pbpeerstream/types.go b/proto/pbpeerstream/types.go index 52f32487d..df300cccd 100644 --- a/proto/pbpeerstream/types.go +++ b/proto/pbpeerstream/types.go @@ -1,10 +1,16 @@ package pbpeerstream const ( - TypeURLService = "type.googleapis.com/consul.api.Service" - TypeURLRoots = "type.googleapis.com/consul.api.CARoots" + apiTypePrefix = "type.googleapis.com/" + + TypeURLExportedService = apiTypePrefix + "hashicorp.consul.internal.peerstream.ExportedService" + TypeURLPeeringTrustBundle = apiTypePrefix + "hashicorp.consul.internal.peering.PeeringTrustBundle" ) func KnownTypeURL(s string) bool { - return s == TypeURLService || s == TypeURLRoots + switch s { + case TypeURLExportedService, TypeURLPeeringTrustBundle: + return true + } + return false } diff --git a/proto/pbservice/convert.go b/proto/pbservice/convert.go index 02895adf9..d5233dd99 100644 --- a/proto/pbservice/convert.go +++ b/proto/pbservice/convert.go @@ -1,8 +1,6 @@ package pbservice import ( - "fmt" - "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/proto/pbcommon" "github.com/hashicorp/consul/types" @@ -44,23 +42,6 @@ func NewMapHeadersFromStructs(t map[string][]string) map[string]*HeaderValue { return s } -// CheckServiceNodesToStruct converts the contained CheckServiceNodes to their structs equivalent. -func (s *IndexedCheckServiceNodes) CheckServiceNodesToStruct() ([]structs.CheckServiceNode, error) { - if s == nil { - return nil, nil - } - - resp := make([]structs.CheckServiceNode, 0, len(s.Nodes)) - for _, pb := range s.Nodes { - instance, err := CheckServiceNodeToStructs(pb) - if err != nil { - return resp, fmt.Errorf("failed to convert instance: %w", err) - } - resp = append(resp, *instance) - } - return resp, nil -} - // TODO: use mog once it supports pointers and slices func CheckServiceNodeToStructs(s *CheckServiceNode) (*structs.CheckServiceNode, error) { if s == nil { diff --git a/proto/prototest/testing.go b/proto/prototest/testing.go index c196d77b3..275d8502b 100644 --- a/proto/prototest/testing.go +++ b/proto/prototest/testing.go @@ -16,3 +16,60 @@ func AssertDeepEqual(t testing.TB, x, y interface{}, opts ...cmp.Option) { t.Fatalf("assertion failed: values are not equal\n--- expected\n+++ actual\n%v", diff) } } + +// AssertElementsMatch asserts that the specified listX(array, slice...) is +// equal to specified listY(array, slice...) ignoring the order of the +// elements. If there are duplicate elements, the number of appearances of each +// of them in both lists should match. +// +// prototest.AssertElementsMatch(t, [1, 3, 2, 3], [1, 3, 3, 2]) +func AssertElementsMatch[V any]( + t testing.TB, listX, listY []V, opts ...cmp.Option, +) { + t.Helper() + + if len(listX) == 0 && len(listY) == 0 { + return + } + + opts = append(opts, protocmp.Transform()) + + // dump into a map keyed by sliceID + mapX := make(map[int]V) + for i, val := range listX { + mapX[i] = val + } + + mapY := make(map[int]V) + for i, val := range listY { + mapY[i] = val + } + + var outX, outY []V + for i, itemX := range mapX { + for j, itemY := range mapY { + if diff := cmp.Diff(itemX, itemY, opts...); diff == "" { + outX = append(outX, itemX) + outY = append(outY, itemY) + delete(mapX, i) + delete(mapY, j) + } + } + } + + if len(outX) == len(outY) && len(outX) == len(listX) { + return // matches + } + + // dump remainder into the slice so we can generate a useful error + for _, itemX := range mapX { + outX = append(outX, itemX) + } + for _, itemY := range mapY { + outY = append(outY, itemY) + } + + if diff := cmp.Diff(outX, outY, opts...); diff != "" { + t.Fatalf("assertion failed: slices do not have matching elements\n--- expected\n+++ actual\n%v", diff) + } +} From b3488abc1154c9a36dc9164536137053bd3e8469 Mon Sep 17 00:00:00 2001 From: Michael Klein Date: Mon, 18 Jul 2022 14:22:17 +0200 Subject: [PATCH 765/785] ui: wan federation message dc-dropdown (#13753) * Only display dc dropdown when more than one dc is available * Add wan federation message to dc dropdown * Add test for conditionally displaying dc dropdown * Move single datacenter indicator into datacenter selector * Add `DATACENTERS` seperator dc dropdown * "fix" unnecessary margin-top in dc dropdown --- .../consul/datacenter/selector/index.hbs | 97 +++++++++++-------- .../app/components/hashicorp-consul/index.hbs | 12 +-- .../components/hashicorp-consul/index.scss | 11 +++ .../components/main-nav-vertical/layout.scss | 2 +- .../consul/datacenter/selector-test.js | 49 ++++++++++ .../components/hashicorp-consul-test.js | 3 +- 6 files changed, 123 insertions(+), 51 deletions(-) create mode 100644 ui/packages/consul-ui/tests/integration/components/consul/datacenter/selector-test.js diff --git a/ui/packages/consul-ui/app/components/consul/datacenter/selector/index.hbs b/ui/packages/consul-ui/app/components/consul/datacenter/selector/index.hbs index 97194bf29..f54b4606b 100644 --- a/ui/packages/consul-ui/app/components/consul/datacenter/selector/index.hbs +++ b/ui/packages/consul-ui/app/components/consul/datacenter/selector/index.hbs @@ -2,49 +2,60 @@ class="dcs" data-test-datacenter-menu > - - - {{@dc.Name}} - - - - - {{#each menu.items as |item|}} - - + + {{@dc.Name}} + + + +

      + Datacenters shown in this dropdown are available through WAN Federation. +

      + + + DATACENTERS + + {{#each menu.items as |item|}} + - {{item.Name}} - {{#if item.Primary}} - Primary - {{/if}} - {{#if item.Local}} - Local - {{/if}} -       -       - {{/each}} -       -       -       + + {{item.Name}} + {{#if item.Primary}} + Primary + {{/if}} + {{#if item.Local}} + Local + {{/if}} + + + {{/each}} + + + + {{else}} +
    • {{@dcs.firstObject.Name}}
      • + {{/if}} diff --git a/ui/packages/consul-ui/app/components/hashicorp-consul/index.hbs b/ui/packages/consul-ui/app/components/hashicorp-consul/index.hbs index 07296d4fe..4d7a040ff 100644 --- a/ui/packages/consul-ui/app/components/hashicorp-consul/index.hbs +++ b/ui/packages/consul-ui/app/components/hashicorp-consul/index.hbs @@ -87,12 +87,12 @@ <:main-nav>
        - + ul > [role='separator'] { margin-top: 0.7rem; padding-bottom: 0; } diff --git a/ui/packages/consul-ui/tests/integration/components/consul/datacenter/selector-test.js b/ui/packages/consul-ui/tests/integration/components/consul/datacenter/selector-test.js new file mode 100644 index 000000000..1a42372ce --- /dev/null +++ b/ui/packages/consul-ui/tests/integration/components/consul/datacenter/selector-test.js @@ -0,0 +1,49 @@ +import { module, test } from 'qunit'; +import { setupRenderingTest } from 'ember-qunit'; +import hbs from 'htmlbars-inline-precompile'; +import { render } from '@ember/test-helpers'; + +module('Integration | Component | consul datacenter selector', function(hooks) { + setupRenderingTest(hooks); + + test('it does not display a dropdown when only one dc is available', async function(assert) { + const dcs = [ + { + Name: 'dc-1', + }, + ]; + this.set('dcs', dcs); + this.set('dc', dcs[0]); + + await render(hbs``); + + assert + .dom('[data-test-datacenter-disclosure-menu]') + .doesNotExist('datacenter dropdown is not displayed in nav'); + + assert + .dom('[data-test-datacenter-single]') + .hasText('dc-1', 'Datecenter name is displayed in nav'); + }); + + test('it does displays a dropdown when more than one dc is available', async function(assert) { + const dcs = [ + { + Name: 'dc-1', + }, + { + Name: 'dc-2', + }, + ]; + this.set('dcs', dcs); + this.set('dc', dcs[0]); + + await render(hbs``); + + assert + .dom('[data-test-datacenter-single]') + .doesNotExist('we are displaying more than just the name of the first dc'); + + assert.dom('[data-test-datacenter-disclosure-menu]').exists('datacenter dropdown is displayed'); + }); +}); diff --git a/ui/packages/consul-ui/tests/integration/components/hashicorp-consul-test.js b/ui/packages/consul-ui/tests/integration/components/hashicorp-consul-test.js index 2f611c552..58a75c94b 100644 --- a/ui/packages/consul-ui/tests/integration/components/hashicorp-consul-test.js +++ b/ui/packages/consul-ui/tests/integration/components/hashicorp-consul-test.js @@ -1,6 +1,7 @@ -import { module, skip } from 'qunit'; +import { module, skip, test } from 'qunit'; import { setupRenderingTest } from 'ember-qunit'; import hbs from 'htmlbars-inline-precompile'; +import { render } from '@ember/test-helpers'; module('Integration | Component | hashicorp consul', function(hooks) { setupRenderingTest(hooks); From c474a369f6b75b24027b76a5744eb14d474dd6ad Mon Sep 17 00:00:00 2001 From: John Cowen Date: Mon, 18 Jul 2022 15:30:37 +0100 Subject: [PATCH 766/785] ui: Add a modal.opened property for inspecting whether the modal is open (#13723) * ui: Add a modal.opened property for inspecting whether the modal is open * merge isOpen setting into the exiting event handler * Revert to multiple listeners, plus comment to explain * Wrap close in an afterRender --- .../app/components/modal-dialog/README.mdx | 1 + .../app/components/modal-dialog/index.hbs | 3 +++ .../app/components/modal-dialog/index.js | 15 ++++++++++++--- 3 files changed, 16 insertions(+), 3 deletions(-) diff --git a/ui/packages/consul-ui/app/components/modal-dialog/README.mdx b/ui/packages/consul-ui/app/components/modal-dialog/README.mdx index c249255c0..8b414da5d 100644 --- a/ui/packages/consul-ui/app/components/modal-dialog/README.mdx +++ b/ui/packages/consul-ui/app/components/modal-dialog/README.mdx @@ -70,5 +70,6 @@ Then all modals will be rendered into the ``. | --- | --- | --- | | `open` | `Function` | Opens the modal dialog | | `close` | `Function` | Closes the modal dialog | +| `opened` | `boolean` | Whether the modal is currently open or not | diff --git a/ui/packages/consul-ui/app/components/modal-dialog/index.hbs b/ui/packages/consul-ui/app/components/modal-dialog/index.hbs index 9ad3cd6f3..6cb2f944f 100644 --- a/ui/packages/consul-ui/app/components/modal-dialog/index.hbs +++ b/ui/packages/consul-ui/app/components/modal-dialog/index.hbs @@ -30,6 +30,7 @@ {{yield (hash open=(action "open") close=(action "close") + opened=this.isOpen aria=aria )}} @@ -39,6 +40,7 @@ {{yield (hash open=(action "open") close=(action "close") + opened=this.isOpen aria=aria )}} @@ -48,6 +50,7 @@ {{yield (hash open=(action "open") close=(action "close") + opened=this.isOpen aria=aria )}} diff --git a/ui/packages/consul-ui/app/components/modal-dialog/index.js b/ui/packages/consul-ui/app/components/modal-dialog/index.js index c7e1776fe..c9025fc7d 100644 --- a/ui/packages/consul-ui/app/components/modal-dialog/index.js +++ b/ui/packages/consul-ui/app/components/modal-dialog/index.js @@ -1,18 +1,27 @@ import Component from '@ember/component'; +import { set } from '@ember/object'; import Slotted from 'block-slots'; import A11yDialog from 'a11y-dialog'; +import { schedule } from '@ember/runloop'; export default Component.extend(Slotted, { tagName: '', onclose: function() {}, onopen: function() {}, + isOpen: false, actions: { connect: function($el) { this.dialog = new A11yDialog($el); - this.dialog.on('hide', () => this.onclose({ target: $el })); - this.dialog.on('show', () => this.onopen({ target: $el })); + this.dialog.on('hide', () => { + schedule('afterRender', _ => set(this, 'isOpen', false)); + this.onclose({ target: $el }) + }); + this.dialog.on('show', () => { + set(this, 'isOpen', true) + this.onopen({ target: $el }) + }); if (this.open) { - this.dialog.show(); + this.actions.open.apply(this, []); } }, disconnect: function($el) { From 539abdf60f410cca94ad45536259609453cf404c Mon Sep 17 00:00:00 2001 From: John Cowen Date: Mon, 18 Jul 2022 17:39:22 +0100 Subject: [PATCH 767/785] ui: Adds Peer initiation form (#13754) --- .../consul/peer/form/initiate/README.mdx | 26 +++++++++ .../peer/form/initiate/actions/index.hbs | 7 +++ .../peer/form/initiate/fieldsets/index.hbs | 53 +++++++++++++++++++ .../consul/peer/form/initiate/index.hbs | 41 ++++++++++++++ .../consul-ui/translations/common/en-us.yaml | 9 ++++ 5 files changed, 136 insertions(+) create mode 100644 ui/packages/consul-peerings/app/components/consul/peer/form/initiate/README.mdx create mode 100644 ui/packages/consul-peerings/app/components/consul/peer/form/initiate/actions/index.hbs create mode 100644 ui/packages/consul-peerings/app/components/consul/peer/form/initiate/fieldsets/index.hbs create mode 100644 ui/packages/consul-peerings/app/components/consul/peer/form/initiate/index.hbs diff --git a/ui/packages/consul-peerings/app/components/consul/peer/form/initiate/README.mdx b/ui/packages/consul-peerings/app/components/consul/peer/form/initiate/README.mdx new file mode 100644 index 000000000..014456936 --- /dev/null +++ b/ui/packages/consul-peerings/app/components/consul/peer/form/initiate/README.mdx @@ -0,0 +1,26 @@ +# Consul::Peer::Form::Initiate + +```hbs preview-template + +{{#if source.data}} + + + + +{{/if}} + +``` diff --git a/ui/packages/consul-peerings/app/components/consul/peer/form/initiate/actions/index.hbs b/ui/packages/consul-peerings/app/components/consul/peer/form/initiate/actions/index.hbs new file mode 100644 index 000000000..555ddf3b0 --- /dev/null +++ b/ui/packages/consul-peerings/app/components/consul/peer/form/initiate/actions/index.hbs @@ -0,0 +1,7 @@ + + Add peer + diff --git a/ui/packages/consul-peerings/app/components/consul/peer/form/initiate/fieldsets/index.hbs b/ui/packages/consul-peerings/app/components/consul/peer/form/initiate/fieldsets/index.hbs new file mode 100644 index 000000000..f0f2fd5eb --- /dev/null +++ b/ui/packages/consul-peerings/app/components/consul/peer/form/initiate/fieldsets/index.hbs @@ -0,0 +1,53 @@ +
        + {{#let + (hash + help='Enter a name to locally identify the new peer.' + Name=(array + (hash + test=(t 'common.validations.dns-hostname.test') + error=(t 'common.validations.dns-hostname.error' name="Name") + ) + ) + ) + + (hash + help='Enter the token received from the operator of the desired peer.' + PeeringToken=(array) + ) + + as |Name PeeringToken|}} +

        + Enter a token generated in the desired peer. +

        + + +
        + + + {{yield (hash + valid=(not (state-matches fsm.state 'error')) + )}} +
        + +         + {{/let}} +
        diff --git a/ui/packages/consul-peerings/app/components/consul/peer/form/initiate/index.hbs b/ui/packages/consul-peerings/app/components/consul/peer/form/initiate/index.hbs new file mode 100644 index 000000000..a0b1294bf --- /dev/null +++ b/ui/packages/consul-peerings/app/components/consul/peer/form/initiate/index.hbs @@ -0,0 +1,41 @@ +
        + + +{{#let + (unique-id) +as |id|}} +
        + {{yield (hash + Fieldsets=(component "consul/peer/form/initiate/fieldsets" + item=@item + ) + Actions=(component "consul/peer/form/initiate/actions" + item=@item + id=id + ) + )}} +
        +{{/let}} +         +         +
        diff --git a/ui/packages/consul-ui/translations/common/en-us.yaml b/ui/packages/consul-ui/translations/common/en-us.yaml index d45545c3c..a096b0980 100644 --- a/ui/packages/consul-ui/translations/common/en-us.yaml +++ b/ui/packages/consul-ui/translations/common/en-us.yaml @@ -72,3 +72,12 @@ sort: status: asc: Unhealthy to Healthy desc: Healthy to Unhealthy +validations: + dns-hostname: + help: | + Must be a valid DNS hostname. Must contain 1-64 characters (numbers, letters, and hyphens), and must begin with a letter. + test: "^[a-zA-Z0-9]([a-zA-Z0-9-]'{0,62}'[a-zA-Z0-9])?$" + error: "{name} must be a valid DNS hostname." + immutable: + help: Once created, this cannot be changed. + From 987b6255fb60ac3005a60d8929964be817b807e0 Mon Sep 17 00:00:00 2001 From: John Cowen Date: Mon, 18 Jul 2022 17:39:52 +0100 Subject: [PATCH 768/785] ui: Add peer token generation form (#13755) * ui: Add peer token generation form --- .../consul/peer/form/generate/README.mdx | 28 ++++++++++ .../peer/form/generate/actions/index.hbs | 10 ++++ .../consul/peer/form/generate/chart.xstate.js | 26 +++++++++ .../peer/form/generate/fieldsets/index.hbs | 40 +++++++++++++ .../consul/peer/form/generate/index.hbs | 56 +++++++++++++++++++ 5 files changed, 160 insertions(+) create mode 100644 ui/packages/consul-peerings/app/components/consul/peer/form/generate/README.mdx create mode 100644 ui/packages/consul-peerings/app/components/consul/peer/form/generate/actions/index.hbs create mode 100644 ui/packages/consul-peerings/app/components/consul/peer/form/generate/chart.xstate.js create mode 100644 ui/packages/consul-peerings/app/components/consul/peer/form/generate/fieldsets/index.hbs create mode 100644 ui/packages/consul-peerings/app/components/consul/peer/form/generate/index.hbs diff --git a/ui/packages/consul-peerings/app/components/consul/peer/form/generate/README.mdx b/ui/packages/consul-peerings/app/components/consul/peer/form/generate/README.mdx new file mode 100644 index 000000000..6b791f391 --- /dev/null +++ b/ui/packages/consul-peerings/app/components/consul/peer/form/generate/README.mdx @@ -0,0 +1,28 @@ +# Consul::Peer::Form::Generate + +```hbs preview-template + + +{{#if source.data}} + + + + +{{/if}} + +``` diff --git a/ui/packages/consul-peerings/app/components/consul/peer/form/generate/actions/index.hbs b/ui/packages/consul-peerings/app/components/consul/peer/form/generate/actions/index.hbs new file mode 100644 index 000000000..5c7513233 --- /dev/null +++ b/ui/packages/consul-peerings/app/components/consul/peer/form/generate/actions/index.hbs @@ -0,0 +1,10 @@ + + Generate token + diff --git a/ui/packages/consul-peerings/app/components/consul/peer/form/generate/chart.xstate.js b/ui/packages/consul-peerings/app/components/consul/peer/form/generate/chart.xstate.js new file mode 100644 index 000000000..1c3b43f9d --- /dev/null +++ b/ui/packages/consul-peerings/app/components/consul/peer/form/generate/chart.xstate.js @@ -0,0 +1,26 @@ +export default { + id: 'consul-peer-generate-form', + initial: 'idle', + states: { + idle: { + on: { + LOAD: { + target: 'loading' + } + } + }, + loading: { + on: { + SUCCESS: { + target: 'success' + }, + ERROR: { + target: 'error' + } + } + }, + success: { + }, + error: {}, + }, +}; diff --git a/ui/packages/consul-peerings/app/components/consul/peer/form/generate/fieldsets/index.hbs b/ui/packages/consul-peerings/app/components/consul/peer/form/generate/fieldsets/index.hbs new file mode 100644 index 000000000..f6fd4fcbc --- /dev/null +++ b/ui/packages/consul-peerings/app/components/consul/peer/form/generate/fieldsets/index.hbs @@ -0,0 +1,40 @@ +
        + + {{#let + (hash + help=(concat + (t 'common.validations.dns-hostname.help') + (t 'common.validations.immutable.help') + ) + Name=(array + (hash + test=(t 'common.validations.dns-hostname.test') + error=(t 'common.validations.dns-hostname.error' name="Name") + ) + ) + ) + as |Name|}} +
        + + {{yield (hash + valid=(not (state-matches fsm.state 'error')) + )}} +
        + + {{/let}} +         +
        diff --git a/ui/packages/consul-peerings/app/components/consul/peer/form/generate/index.hbs b/ui/packages/consul-peerings/app/components/consul/peer/form/generate/index.hbs new file mode 100644 index 000000000..204906324 --- /dev/null +++ b/ui/packages/consul-peerings/app/components/consul/peer/form/generate/index.hbs @@ -0,0 +1,56 @@ +
        + + + {{#let + (unique-id) + as |id reset|}} +
        + + + {{yield (hash + Fieldsets=(component "consul/peer/form/generate/fieldsets" + item=@item + ) + Actions=(component "consul/peer/form/generate/actions" + item=@item + id=id + ) + )}} + + + + + + + + + +
        + {{/let}} + +         +
        From 4ff097c4cff75cacf15c1f80ee3d0ef9ec33152a Mon Sep 17 00:00:00 2001 From: alex <8968914+acpana@users.noreply.github.com> Date: Mon, 18 Jul 2022 10:20:04 -0700 Subject: [PATCH 769/785] peering: track exported services (#13784) Signed-off-by: acpana <8968914+acpana@users.noreply.github.com> --- agent/consul/leader_peering_test.go | 47 +++++++++++++----- .../services/peerstream/replication.go | 15 ++++-- .../services/peerstream/stream_resources.go | 2 +- .../services/peerstream/stream_test.go | 48 +++++++++++++++++++ .../services/peerstream/stream_tracker.go | 31 +++++++++++- agent/rpc/peering/service.go | 2 + 6 files changed, 126 insertions(+), 19 deletions(-) diff --git a/agent/consul/leader_peering_test.go b/agent/consul/leader_peering_test.go index aa720bd6b..c21156b42 100644 --- a/agent/consul/leader_peering_test.go +++ b/agent/consul/leader_peering_test.go @@ -616,7 +616,7 @@ func insertTestPeeringData(t *testing.T, store *state.Store, peer string, lastId } // TODO(peering): once we move away from leader only request for PeeringList, move this test to consul/server_test maybe -func TestLeader_Peering_ImportedServicesCount(t *testing.T) { +func TestLeader_Peering_ImportedExportedServicesCount(t *testing.T) { if testing.Short() { t.Skip("too slow for testing.Short") } @@ -747,10 +747,10 @@ func TestLeader_Peering_ImportedServicesCount(t *testing.T) { /// finished adding services type testCase struct { - name string - description string - exportedService structs.ExportedServicesConfigEntry - expectedImportedServicesCount uint64 + name string + description string + exportedService structs.ExportedServicesConfigEntry + expectedImportedExportedServicesCount uint64 // same count for a server that imports the services form a server that exports them } testCases := []testCase{ @@ -770,7 +770,7 @@ func TestLeader_Peering_ImportedServicesCount(t *testing.T) { }, }, }, - expectedImportedServicesCount: 4, // 3 services from above + the "consul" service + expectedImportedExportedServicesCount: 4, // 3 services from above + the "consul" service }, { name: "no sync", @@ -778,7 +778,7 @@ func TestLeader_Peering_ImportedServicesCount(t *testing.T) { exportedService: structs.ExportedServicesConfigEntry{ Name: "default", }, - expectedImportedServicesCount: 0, // we want to see this decremented from 4 --> 0 + expectedImportedExportedServicesCount: 0, // we want to see this decremented from 4 --> 0 }, { name: "just a, b services", @@ -804,7 +804,7 @@ func TestLeader_Peering_ImportedServicesCount(t *testing.T) { }, }, }, - expectedImportedServicesCount: 2, + expectedImportedExportedServicesCount: 2, }, { name: "unexport b service", @@ -822,7 +822,7 @@ func TestLeader_Peering_ImportedServicesCount(t *testing.T) { }, }, }, - expectedImportedServicesCount: 1, + expectedImportedExportedServicesCount: 1, }, { name: "export c service", @@ -848,7 +848,7 @@ func TestLeader_Peering_ImportedServicesCount(t *testing.T) { }, }, }, - expectedImportedServicesCount: 2, + expectedImportedExportedServicesCount: 2, }, } @@ -866,11 +866,34 @@ func TestLeader_Peering_ImportedServicesCount(t *testing.T) { lastIdx++ require.NoError(t, s1.fsm.State().EnsureConfigEntry(lastIdx, &tc.exportedService)) + // Check that imported services count on S2 are what we expect retry.Run(t, func(r *retry.R) { - resp2, err := peeringClient2.PeeringList(ctx, &pbpeering.PeeringListRequest{}) + // on Read + resp, err := peeringClient2.PeeringRead(ctx, &pbpeering.PeeringReadRequest{Name: "my-peer-s1"}) require.NoError(r, err) + require.NotNil(r, resp.Peering) + require.Equal(r, tc.expectedImportedExportedServicesCount, resp.Peering.ImportedServiceCount) + + // on List + resp2, err2 := peeringClient2.PeeringList(ctx, &pbpeering.PeeringListRequest{}) + require.NoError(r, err2) require.NotEmpty(r, resp2.Peerings) - require.Equal(r, tc.expectedImportedServicesCount, resp2.Peerings[0].ImportedServiceCount) + require.Equal(r, tc.expectedImportedExportedServicesCount, resp2.Peerings[0].ImportedServiceCount) + }) + + // Check that exported services count on S1 are what we expect + retry.Run(t, func(r *retry.R) { + // on Read + resp, err := peeringClient.PeeringRead(ctx, &pbpeering.PeeringReadRequest{Name: "my-peer-s2"}) + require.NoError(r, err) + require.NotNil(r, resp.Peering) + require.Equal(r, tc.expectedImportedExportedServicesCount, resp.Peering.ExportedServiceCount) + + // on List + resp2, err2 := peeringClient.PeeringList(ctx, &pbpeering.PeeringListRequest{}) + require.NoError(r, err2) + require.NotEmpty(r, resp2.Peerings) + require.Equal(r, tc.expectedImportedExportedServicesCount, resp2.Peerings[0].ExportedServiceCount) }) }) } diff --git a/agent/grpc-external/services/peerstream/replication.go b/agent/grpc-external/services/peerstream/replication.go index c69d705d3..938605cac 100644 --- a/agent/grpc-external/services/peerstream/replication.go +++ b/agent/grpc-external/services/peerstream/replication.go @@ -36,10 +36,14 @@ import ( // If there are no instances in the event, we consider that to be a de-registration. func makeServiceResponse( logger hclog.Logger, + mst *MutableStatus, update cache.UpdateEvent, ) (*pbpeerstream.ReplicationMessage_Response, error) { + serviceName := strings.TrimPrefix(update.CorrelationID, subExportedService) + sn := structs.ServiceNameFromString(serviceName) csn, ok := update.Result.(*pbservice.IndexedCheckServiceNodes) if !ok { + logger.Error("did not increment or decrement exported services count", "service_name", serviceName) return nil, fmt.Errorf("invalid type for service response: %T", update.Result) } @@ -51,9 +55,6 @@ func makeServiceResponse( if err != nil { return nil, fmt.Errorf("failed to marshal: %w", err) } - - serviceName := strings.TrimPrefix(update.CorrelationID, subExportedService) - // If no nodes are present then it's due to one of: // 1. The service is newly registered or exported and yielded a transient empty update. // 2. All instances of the service were de-registered. @@ -61,7 +62,10 @@ func makeServiceResponse( // // We don't distinguish when these three things occurred, but it's safe to send a DELETE Op in all cases, so we do that. // Case #1 is a no-op for the importing peer. - if len(export.Nodes) == 0 { + if len(csn.Nodes) == 0 { + logger.Trace("decrementing exported services count", "service_name", sn.String()) + mst.RemoveExportedService(sn) + return &pbpeerstream.ReplicationMessage_Response{ ResourceURL: pbpeerstream.TypeURLExportedService, // TODO(peering): Nonce management @@ -71,6 +75,9 @@ func makeServiceResponse( }, nil } + logger.Trace("incrementing exported services count", "service_name", sn.String()) + mst.TrackExportedService(sn) + // If there are nodes in the response, we push them as an UPSERT operation. return &pbpeerstream.ReplicationMessage_Response{ ResourceURL: pbpeerstream.TypeURLExportedService, diff --git a/agent/grpc-external/services/peerstream/stream_resources.go b/agent/grpc-external/services/peerstream/stream_resources.go index 26d5a7b00..c67f7da04 100644 --- a/agent/grpc-external/services/peerstream/stream_resources.go +++ b/agent/grpc-external/services/peerstream/stream_resources.go @@ -424,7 +424,7 @@ func (s *Server) HandleStream(streamReq HandleStreamRequest) error { var resp *pbpeerstream.ReplicationMessage_Response switch { case strings.HasPrefix(update.CorrelationID, subExportedService): - resp, err = makeServiceResponse(logger, update) + resp, err = makeServiceResponse(logger, status, update) if err != nil { // Log the error and skip this response to avoid locking up peering due to a bad update event. logger.Error("failed to create service response", "error", err) diff --git a/agent/grpc-external/services/peerstream/stream_test.go b/agent/grpc-external/services/peerstream/stream_test.go index 1e3117ecc..d5f9e2c36 100644 --- a/agent/grpc-external/services/peerstream/stream_test.go +++ b/agent/grpc-external/services/peerstream/stream_test.go @@ -22,6 +22,7 @@ import ( "google.golang.org/protobuf/types/known/anypb" "github.com/hashicorp/consul/acl" + "github.com/hashicorp/consul/agent/cache" "github.com/hashicorp/consul/agent/connect" "github.com/hashicorp/consul/agent/consul/state" "github.com/hashicorp/consul/agent/consul/stream" @@ -1006,6 +1007,53 @@ func (b *testStreamBackend) CatalogDeregister(req *structs.DeregisterRequest) er return nil } +func Test_makeServiceResponse_ExportedServicesCount(t *testing.T) { + peerName := "billing" + peerID := "1fabcd52-1d46-49b0-b1d8-71559aee47f5" + + srv, store := newTestServer(t, nil) + require.NoError(t, store.PeeringWrite(31, &pbpeering.Peering{ + ID: peerID, + Name: peerName}, + )) + + // connect the stream + mst, err := srv.Tracker.Connected(peerID) + require.NoError(t, err) + + testutil.RunStep(t, "simulate an update to export a service", func(t *testing.T) { + update := cache.UpdateEvent{ + CorrelationID: subExportedService + "api", + Result: &pbservice.IndexedCheckServiceNodes{ + Nodes: []*pbservice.CheckServiceNode{ + { + Service: &pbservice.NodeService{ + ID: "api-1", + Service: "api", + PeerName: peerName, + }, + }, + }, + }} + _, err := makeServiceResponse(srv.Logger, mst, update) + require.NoError(t, err) + + require.Equal(t, 1, mst.GetExportedServicesCount()) + }) + + testutil.RunStep(t, "simulate a delete for an exported service", func(t *testing.T) { + update := cache.UpdateEvent{ + CorrelationID: subExportedService + "api", + Result: &pbservice.IndexedCheckServiceNodes{ + Nodes: []*pbservice.CheckServiceNode{}, + }} + _, err := makeServiceResponse(srv.Logger, mst, update) + require.NoError(t, err) + + require.Equal(t, 0, mst.GetExportedServicesCount()) + }) +} + func Test_processResponse_Validation(t *testing.T) { peerName := "billing" peerID := "1fabcd52-1d46-49b0-b1d8-71559aee47f5" diff --git a/agent/grpc-external/services/peerstream/stream_tracker.go b/agent/grpc-external/services/peerstream/stream_tracker.go index 4244bbe09..40d8ecb63 100644 --- a/agent/grpc-external/services/peerstream/stream_tracker.go +++ b/agent/grpc-external/services/peerstream/stream_tracker.go @@ -166,9 +166,11 @@ type Status struct { // - The last error message when receiving from the stream. LastReceiveErrorMessage string - // TODO(peering): consider keeping track of imported service counts thru raft - // ImportedServices is set that keeps track of which service names are imported for the peer + // TODO(peering): consider keeping track of imported and exported services thru raft + // ImportedServices keeps track of which service names are imported for the peer ImportedServices map[string]struct{} + // ExportedServices keeps track of which service names a peer asks to export + ExportedServices map[string]struct{} } func newMutableStatus(now func() time.Time, connected bool) *MutableStatus { @@ -274,3 +276,28 @@ func (s *MutableStatus) GetImportedServicesCount() int { return len(s.ImportedServices) } + +func (s *MutableStatus) RemoveExportedService(sn structs.ServiceName) { + s.mu.Lock() + defer s.mu.Unlock() + + delete(s.ExportedServices, sn.String()) +} + +func (s *MutableStatus) TrackExportedService(sn structs.ServiceName) { + s.mu.Lock() + defer s.mu.Unlock() + + if s.ExportedServices == nil { + s.ExportedServices = make(map[string]struct{}) + } + + s.ExportedServices[sn.String()] = struct{}{} +} + +func (s *MutableStatus) GetExportedServicesCount() int { + s.mu.RLock() + defer s.mu.RUnlock() + + return len(s.ExportedServices) +} diff --git a/agent/rpc/peering/service.go b/agent/rpc/peering/service.go index 47e39c2b7..845818eb2 100644 --- a/agent/rpc/peering/service.go +++ b/agent/rpc/peering/service.go @@ -346,6 +346,7 @@ func (s *Server) PeeringRead(ctx context.Context, req *pbpeering.PeeringReadRequ s.Logger.Trace("did not find peer in stream tracker when reading peer", "peerID", peering.ID) } else { cp.ImportedServiceCount = uint64(len(st.ImportedServices)) + cp.ExportedServiceCount = uint64(len(st.ExportedServices)) } return &pbpeering.PeeringReadResponse{Peering: cp}, nil @@ -386,6 +387,7 @@ func (s *Server) PeeringList(ctx context.Context, req *pbpeering.PeeringListRequ s.Logger.Trace("did not find peer in stream tracker when listing peers", "peerID", p.ID) } else { cp.ImportedServiceCount = uint64(len(st.ImportedServices)) + cp.ExportedServiceCount = uint64(len(st.ExportedServices)) } cPeerings = append(cPeerings, cp) From 84b458149fad88e21d1cace0660cc6a29ee9d683 Mon Sep 17 00:00:00 2001 From: alex <8968914+acpana@users.noreply.github.com> Date: Mon, 18 Jul 2022 10:34:59 -0700 Subject: [PATCH 770/785] fix leader annotation (#13786) Signed-off-by: acpana <8968914+acpana@users.noreply.github.com> --- internal/tools/proto-gen-rpc-glue/main.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/internal/tools/proto-gen-rpc-glue/main.go b/internal/tools/proto-gen-rpc-glue/main.go index ec1f2d93c..22e1f8980 100644 --- a/internal/tools/proto-gen-rpc-glue/main.go +++ b/internal/tools/proto-gen-rpc-glue/main.go @@ -109,7 +109,7 @@ func processFile(path string) error { log.Printf(" ReadTODO from %s", ann.ReadTODO) } if ann.LeaderReadTODO != "" { - log.Printf(" LeaderReadTODO from %s", ann.ReadTODO) + log.Printf(" LeaderReadTODO from %s", ann.LeaderReadTODO) } if ann.WriteTODO != "" { log.Printf(" WriteTODO from %s", ann.WriteTODO) @@ -161,7 +161,7 @@ var _ time.Month buf.WriteString(fmt.Sprintf(tmplDatacenter, typ.Name, typ.Annotation.Datacenter)) } if typ.Annotation.LeaderReadTODO != "" { - buf.WriteString(fmt.Sprintf(tmplLeaderOnlyReadTODO, typ.Name, typ.Annotation.ReadTODO)) + buf.WriteString(fmt.Sprintf(tmplLeaderOnlyReadTODO, typ.Name, typ.Annotation.LeaderReadTODO)) } if typ.Annotation.ReadTODO != "" { buf.WriteString(fmt.Sprintf(tmplReadTODO, typ.Name, typ.Annotation.ReadTODO)) From 47c3a92711c70b142610974f819bec7f29cf5979 Mon Sep 17 00:00:00 2001 From: Jared Kirschner Date: Fri, 15 Jul 2022 16:05:53 -0700 Subject: [PATCH 771/785] Fix panic on acl token read with -self and -expanded --- .changelog/13787.txt | 3 +++ command/acl/token/read/token_read.go | 7 +++++++ 2 files changed, 10 insertions(+) create mode 100644 .changelog/13787.txt diff --git a/.changelog/13787.txt b/.changelog/13787.txt new file mode 100644 index 000000000..0682d70c4 --- /dev/null +++ b/.changelog/13787.txt @@ -0,0 +1,3 @@ +```release-note:bug +cli: when `acl token read` is used with the `-self` and `-expanded` flags, return an error instead of panicking +``` diff --git a/command/acl/token/read/token_read.go b/command/acl/token/read/token_read.go index 4e66d9ea7..e5a3b87b0 100644 --- a/command/acl/token/read/token_read.go +++ b/command/acl/token/read/token_read.go @@ -92,6 +92,13 @@ func (c *cmd) Run(args []string) int { return 1 } } else { + // TODO: consider updating this CLI command and underlying HTTP API endpoint + // to support expanded read of a "self" token, which is a much better user workflow. + if c.expanded { + c.UI.Error("Cannot use both -expanded and -self. Instead, use -expanded and -id=.") + return 1 + } + t, _, err = client.ACL().TokenReadSelf(nil) if err != nil { c.UI.Error(fmt.Sprintf("Error reading token: %v", err)) From eba682fc082b8cc37edc1eeb3a817440d165bc3e Mon Sep 17 00:00:00 2001 From: Luke Kysow <1034429+lkysow@users.noreply.github.com> Date: Mon, 18 Jul 2022 16:12:03 -0700 Subject: [PATCH 772/785] peerstream: set keepalive enforcement to 15s (#13796) The client is set to send keepalive pings every 30s. The server keepalive enforcement must be set to a number less than that, otherwise it will disconnect clients for sending pings too often. MinTime governs the minimum amount of time between pings. --- agent/grpc-external/server.go | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/agent/grpc-external/server.go b/agent/grpc-external/server.go index 606dba642..751cca91c 100644 --- a/agent/grpc-external/server.go +++ b/agent/grpc-external/server.go @@ -5,6 +5,8 @@ import ( recovery "github.com/grpc-ecosystem/go-grpc-middleware/recovery" "google.golang.org/grpc" "google.golang.org/grpc/credentials" + "google.golang.org/grpc/keepalive" + "time" agentmiddleware "github.com/hashicorp/consul/agent/grpc-middleware" "github.com/hashicorp/consul/tlsutil" @@ -25,6 +27,12 @@ func NewServer(logger agentmiddleware.Logger, tls *tlsutil.Configurator) *grpc.S // Add middlware interceptors to recover in case of panics. recovery.StreamServerInterceptor(recoveryOpts...), ), + grpc.KeepaliveEnforcementPolicy(keepalive.EnforcementPolicy{ + // This must be less than the keealive.ClientParameters Time setting, otherwise + // the server will disconnect the client for sending too many keepalive pings. + // Currently the client param is set to 30s. + MinTime: 15 * time.Second, + }), } if tls != nil && tls.GRPCTLSConfigured() { creds := credentials.NewTLS(tls.IncomingGRPCConfig()) From 7bfe4dd02078bd7facb751d46f52305c7b6916f1 Mon Sep 17 00:00:00 2001 From: Michael Klein Date: Tue, 19 Jul 2022 15:06:11 +0200 Subject: [PATCH 773/785] ui: chore - fix CI test-suite (#13799) * fix linting issue * Update datacenter selector page-object to not include separator. * change non-valid li to div for singe dc name --- .../app/components/consul/datacenter/selector/index.hbs | 5 ++++- .../consul-ui/app/components/hashicorp-consul/pageobject.js | 2 +- .../tests/integration/components/hashicorp-consul-test.js | 3 +-- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/ui/packages/consul-ui/app/components/consul/datacenter/selector/index.hbs b/ui/packages/consul-ui/app/components/consul/datacenter/selector/index.hbs index f54b4606b..be1c33da4 100644 --- a/ui/packages/consul-ui/app/components/consul/datacenter/selector/index.hbs +++ b/ui/packages/consul-ui/app/components/consul/datacenter/selector/index.hbs @@ -27,6 +27,7 @@ {{#each menu.items as |item|}} {{else}} -
      • {{@dcs.firstObject.Name}}
        • +
        + {{@dcs.firstObject.Name}} +
        {{/if}} diff --git a/ui/packages/consul-ui/app/components/hashicorp-consul/pageobject.js b/ui/packages/consul-ui/app/components/hashicorp-consul/pageobject.js index aa0e1d572..3bdada40e 100644 --- a/ui/packages/consul-ui/app/components/hashicorp-consul/pageobject.js +++ b/ui/packages/consul-ui/app/components/hashicorp-consul/pageobject.js @@ -50,7 +50,7 @@ export default (collection, clickable, attribute, is, authForm, emptyState) => s ':checked', '[data-test-nspace-menu] > input[type="checkbox"]' ); - page.navigation.dcs = collection('[data-test-datacenter-menu] li', { + page.navigation.dcs = collection('[data-test-datacenter-menu] [data-test-dc-item]', { name: clickable('a'), }); return page; diff --git a/ui/packages/consul-ui/tests/integration/components/hashicorp-consul-test.js b/ui/packages/consul-ui/tests/integration/components/hashicorp-consul-test.js index 58a75c94b..2f611c552 100644 --- a/ui/packages/consul-ui/tests/integration/components/hashicorp-consul-test.js +++ b/ui/packages/consul-ui/tests/integration/components/hashicorp-consul-test.js @@ -1,7 +1,6 @@ -import { module, skip, test } from 'qunit'; +import { module, skip } from 'qunit'; import { setupRenderingTest } from 'ember-qunit'; import hbs from 'htmlbars-inline-precompile'; -import { render } from '@ember/test-helpers'; module('Integration | Component | hashicorp consul', function(hooks) { setupRenderingTest(hooks); From a0640aa69699bdc44df8129a9eb49b014bbd1969 Mon Sep 17 00:00:00 2001 From: Luke Kysow <1034429+lkysow@users.noreply.github.com> Date: Tue, 19 Jul 2022 09:16:24 -0700 Subject: [PATCH 774/785] makefile: give better error for tool installed by wrong package (#13797) I had protoc-gen-go installed through `google.golang.org/protobuf` instead of `github.com/golang/protobuf` and `make proto` was failing silently. This change will ensure you get an error: ``` protoc-gen-go is already installed by module "google.golang.org/protobuf" but should be installed by module "github.com/golang/protobuf". Delete it and re-run to re-install. ``` --- build-support/scripts/devtools.sh | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/build-support/scripts/devtools.sh b/build-support/scripts/devtools.sh index 1d2078abc..7e1521502 100755 --- a/build-support/scripts/devtools.sh +++ b/build-support/scripts/devtools.sh @@ -188,8 +188,14 @@ function install_versioned_tool { fi if command -v "${command}" &>/dev/null ; then - got="$(go version -m $(which "${command}") | grep '\bmod\b' | grep "${module}" | - awk '{print $2 "@" $3}')" + mod_line="$(go version -m "$(which "${command}")" | grep '\smod\s')" + act_mod=$(echo "${mod_line}" | awk '{print $2}') + if [[ "$module" != "$act_mod" ]]; then + err "${command} is already installed by module \"${act_mod}\" but should be installed by module \"${module}\". Delete it and re-run to re-install." + return 1 + fi + + got="$(echo "${mod_line}" | grep "${module}" | awk '{print $2 "@" $3}')" if [[ "$expect" != "$got" ]]; then should_install=1 install_reason="upgrade" From 6b653fb82784e3ba4e55d13a6fc5b210b8d5a4ac Mon Sep 17 00:00:00 2001 From: Ranjandas Date: Wed, 20 Jul 2022 02:45:41 +1000 Subject: [PATCH 775/785] Update Single DC Multi K8S doc (#13278) * Updated note with details of various K8S CNI options Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> --- .../single-dc-multi-k8s.mdx | 109 ++++++++++-------- 1 file changed, 59 insertions(+), 50 deletions(-) diff --git a/website/content/docs/k8s/installation/deployment-configurations/single-dc-multi-k8s.mdx b/website/content/docs/k8s/installation/deployment-configurations/single-dc-multi-k8s.mdx index b6c680cb2..d27c23fed 100644 --- a/website/content/docs/k8s/installation/deployment-configurations/single-dc-multi-k8s.mdx +++ b/website/content/docs/k8s/installation/deployment-configurations/single-dc-multi-k8s.mdx @@ -6,15 +6,22 @@ description: Single Consul Datacenter deployed in multiple Kubernetes clusters # Single Consul Datacenter in Multiple Kubernetes Clusters --> Requires consul-helm v0.32.1 or higher. +This page describes deploying a single Consul datacenter in multiple Kubernetes clusters, +with servers and clients running in one cluster and only clients in the rest of the clusters. +This example uses two Kubernetes clusters, but this approach could be extended to using more than two. -This page describes how to deploy a single Consul datacenter in multiple Kubernetes clusters, -with both servers and clients running in one cluster, and only clients running in the rest of the clusters. -In this example, we will use two Kubernetes clusters, but this approach could be extended to using more than two. +## Requirements + +* Consul-Helm version `v0.32.1` or higher +* This deployment topology requires that the Kubernetes clusters have a flat network +for both pods and nodes so that pods or nodes from one cluster can connect +to pods or nodes in another. In many hosted Kubernetes environments, this may have to be explicitly configured based on the hosting provider's network. Refer to the following documentation for instructions: + * [Azure AKS CNI](https://docs.microsoft.com/en-us/azure/aks/concepts-network#azure-cni-advanced-networking) + * [AWS EKS CNI](https://docs.aws.amazon.com/eks/latest/userguide/pod-networking.html) + * [GKE VPC-native clusters](https://cloud.google.com/kubernetes-engine/docs/concepts/alias-ips). + +If a flat network is unavailable across all Kubernetes clusters, follow the instructions for using [Admin Partitions](/docs/enterprise/admin-partitions), which is a Consul Enterprise feature. -~> **Note:** This deployment topology requires that your Kubernetes clusters have a flat network -for both pods and nodes, so that pods or nodes from one cluster can connect -to pods or nodes in another. If a flat network is not available across all Kubernetes clusters, follow the instructions for using [Admin Partitions](/docs/enterprise/admin-partitions), which is a Consul Enterprise feature. ## Prepare Helm release name ahead of installs @@ -23,7 +30,7 @@ The Helm chart uses the Helm release name as a prefix for the ACL resources that it creates, such as tokens and auth methods. If the names of the Helm releases are identical, subsequent Consul on Kubernetes clusters overwrite existing ACL resources and cause the clusters to fail. -Before you proceed with installation, prepare the Helm release names as environment variables for both the server and client installs to use. +Before proceeding with installation, prepare the Helm release names as environment variables for both the server and client install. ```shell-session $ export HELM_RELEASE_SERVER=server @@ -34,8 +41,7 @@ Before you proceed with installation, prepare the Helm release names as environm ## Deploying Consul servers and clients in the first cluster -First, we will deploy the Consul servers with Consul clients in the first cluster. -For that, we will use the following Helm configuration: +First, deploy the first cluster with Consul Servers and Clients with the example Helm configuration below. @@ -61,30 +67,30 @@ ui: -Note that we are deploying in a secure configuration, with gossip encryption, -TLS for all components, and ACLs. We are enabling the Consul Service Mesh and the controller for CRDs -so that we can use them to later verify that our services can connect with each other across clusters. +Note that this will deploy a secure configuration with gossip encryption, +TLS for all components and ACLs. In addition, this will enable the Consul Service Mesh and the controller for CRDs +that can be used later to verify the connectivity of services across clusters. -We're also setting UI's service type to be `NodePort`. -This is needed so that we can connect to servers from another cluster without using the pod IPs of the servers, +The UI's service type is set to be `NodePort`. +This is needed to connect to servers from another cluster without using the pod IPs of the servers, which are likely going to change. -To deploy, first we need to generate the Gossip encryption key and save it as a Kubernetes secret. +To deploy, first generate the Gossip encryption key and save it as a Kubernetes secret. ```shell $ kubectl create secret generic consul-gossip-encryption-key --from-literal=key=$(consul keygen) ``` -Now we can install our Consul cluster with Helm: +Now install Consul cluster with Helm: ```shell-session $ helm install ${HELM_RELEASE_SERVER} --values cluster1-config.yaml hashicorp/consul ``` -Once the installation finishes and all components are running and ready, -we need to extract the gossip encryption key we've created, the CA certificate -and the ACL bootstrap token generated during installation, -so that we can apply them to our second Kubernetes cluster. +Once the installation finishes and all components are running and ready, the following information needs to be extracted (using the below command) and applied to the second Kubernetes cluster. + * The Gossip encryption key created + * The CA certificate generated during installation + * The ACL bootstrap token generated during installation ```shell-session $ kubectl get secret consul-gossip-encryption-key ${HELM_RELEASE_SERVER}-consul-ca-cert ${HELM_RELEASE_SERVER}-consul-bootstrap-acl-token --output yaml > cluster1-credentials.yaml @@ -93,15 +99,19 @@ $ kubectl get secret consul-gossip-encryption-key ${HELM_RELEASE_SERVER}-consul- ## Deploying Consul clients in the second cluster ~> **Note:** If multiple Kubernetes clusters will be joined to the Consul Datacenter, then the following instructions will need to be repeated for each additional Kubernetes cluster. -Now we can switch to the second Kubernetes cluster where we will deploy only the Consul clients +Switch to the second Kubernetes cluster where Consul clients will be deployed that will join the first Consul cluster. -First, we need to apply credentials we've extracted from the first cluster to the second cluster: +```shell-session +$ kubectl config use-context +``` + +First, apply the credentials extracted from the first cluster to the second cluster: ```shell-session $ kubectl apply --filename cluster1-credentials.yaml ``` -To deploy in the second cluster, we will use the following Helm configuration: +To deploy in the second cluster, the following example Helm configuration will be used: @@ -145,14 +155,12 @@ connectInject: -Note that we're referencing secrets from the first cluster in ACL, gossip, and TLS configuration. - -Next, we need to set up the `externalServers` configuration. +Note the references to the secrets extracted and applied from the first cluster in ACL, gossip, and TLS configuration. The `externalServers.hosts` and `externalServers.httpsPort` refer to the IP and port of the UI's NodePort service deployed in the first cluster. Set the `externalServers.hosts` to any Node IP of the first cluster, -which you can see by running `kubectl get nodes --output wide`. +which can be seen by running `kubectl get nodes --output wide`. Set `externalServers.httpsPort` to the `nodePort` of the `cluster1-consul-ui` service. In our example, the port is `31557`. @@ -162,37 +170,37 @@ NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE cluster1-consul-ui NodePort 10.0.240.80 443:31557/TCP 40h ``` -We set the `externalServer.tlsServerName` to `server.dc1.consul`. This the DNS SAN +Set the `externalServer.tlsServerName` to `server.dc1.consul`. This the DNS SAN (Subject Alternative Name) that is present in the Consul server's certificate. -We need to set it because we're connecting to the Consul servers over the node IP, +This is required because the connection to the Consul servers uses the node IP, but that IP isn't present in the server's certificate. -To make sure that the hostname verification succeeds during the TLS handshake, we need to set the TLS +To make sure that the hostname verification succeeds during the TLS handshake, set the TLS server name to a DNS name that *is* present in the certificate. -Next, we need to set `externalServers.k8sAuthMethodHost` to the address of the second Kubernetes API server. -This should be the address that is reachable from the first cluster, and so it cannot be the internal DNS +Next, set `externalServers.k8sAuthMethodHost` to the address of the second Kubernetes API server. +This should be the address that is reachable from the first cluster, so it cannot be the internal DNS available in each Kubernetes cluster. Consul needs it so that `consul login` with the Kubernetes auth method will work from the second cluster. More specifically, the Consul server will need to perform the verification of the Kubernetes service account -whenever `consul login` is called, and to verify service accounts from the second cluster it needs to +whenever `consul login` is called, and to verify service accounts from the second cluster, it needs to reach the Kubernetes API in that cluster. -The easiest way to get it is to set it from your `kubeconfig` by running `kubectl config view` and grabbing +The easiest way to get it is from the `kubeconfig` by running `kubectl config view` and grabbing the value of `cluster.server` for the second cluster. -Lastly, we need to set up the clients so that they can discover the servers in the first cluster. -For this, we will use Consul's cloud auto-join feature -for the [Kubernetes provider](/docs/install/cloud-auto-join#kubernetes-k8s). -To use it we need to provide a way for the Consul clients to reach the first Kubernetes cluster. -To do that, we need to save the `kubeconfig` for the first cluster as a Kubernetes secret in the second cluster -and reference it in the `clients.join` value. Note that we're making that secret available to the client pods +Lastly, set up the clients so that they can discover the servers in the first cluster. +For this, Consul's cloud auto-join feature +for the [Kubernetes provider](/docs/install/cloud-auto-join#kubernetes-k8s) can be used. + +This can be configured by saving the `kubeconfig` for the first cluster as a Kubernetes secret in the second cluster +and referencing it in the `clients.join` value. Note that the secret is made available to the client pods by setting it in `client.extraVolumes`. -~> **Note:** The kubeconfig you're providing to the client should have minimal permissions. +~> **Note:** The kubeconfig provided to the client should have minimal permissions. The cloud auto-join provider will only need permission to read pods. Please see [Kubernetes Cloud auto-join](/docs/install/cloud-auto-join#kubernetes-k8s) for more details. -Now we're ready to install! +Now, proceed with the installation of the second cluster. ```shell-session $ helm install ${HELM_RELEASE_CLIENT} --values cluster2-config.yaml hashicorp/consul @@ -200,12 +208,11 @@ $ helm install ${HELM_RELEASE_CLIENT} --values cluster2-config.yaml hashicorp/co ## Verifying the Consul Service Mesh works -~> When Transparent proxy is enabled, services in one Kubernetes cluster that need to communicate with a service in another Kubernetes cluster must have a explicit upstream configured through the ["consul.hashicorp.com/connect-service-upstreams"](/docs/k8s/annotations-and-labels#consul-hashicorp-com-connect-service-upstreams) annotation. +~> When Transparent proxy is enabled, services in one Kubernetes cluster that need to communicate with a service in another Kubernetes cluster must have an explicit upstream configured through the ["consul.hashicorp.com/connect-service-upstreams"](/docs/k8s/annotations-and-labels#consul-hashicorp-com-connect-service-upstreams) annotation. -Now that we have our Consul cluster in multiple k8s clusters up and running, we will -deploy two services and verify that they can connect to each other. +Now that the Consul cluster spanning across multiple k8s clusters is up and running, deploy two services in separate k8s clusters and verify that they can connect to each other. -First, we'll deploy `static-server` service in the first cluster: +First, deploy `static-server` service in the first cluster: @@ -271,9 +278,9 @@ spec: -Note that we're defining a Service intention so that our services are allowed to talk to each other. +Note that defining a Service intention is required so that our services are allowed to talk to each other. -Then we'll deploy `static-client` in the second cluster with the following configuration: +Next, deploy `static-client` in the second cluster with the following configuration: @@ -321,9 +328,11 @@ spec: -Once both services are up and running, we can connect to the `static-server` from `static-client`: +Once both services are up and running, try connecting to the `static-server` from `static-client`: ```shell-session $ kubectl exec deploy/static-client -- curl --silent localhost:1234 "hello world" ``` + +A successful installation would return `hello world` for the above curl command output. From 64b3705a3181be14c176f437f70edc0c0ffd2dd2 Mon Sep 17 00:00:00 2001 From: alex <8968914+acpana@users.noreply.github.com> Date: Tue, 19 Jul 2022 11:43:29 -0700 Subject: [PATCH 776/785] peering: refactor reconcile, cleanup (#13795) Signed-off-by: acpana <8968914+acpana@users.noreply.github.com> --- agent/consul/leader_peering_test.go | 32 +++++--- .../services/peerstream/replication.go | 6 -- .../services/peerstream/stream_tracker.go | 8 ++ agent/rpc/peering/service.go | 80 +++++++------------ api/peering_test.go | 4 +- 5 files changed, 59 insertions(+), 71 deletions(-) diff --git a/agent/consul/leader_peering_test.go b/agent/consul/leader_peering_test.go index c21156b42..c3196a54e 100644 --- a/agent/consul/leader_peering_test.go +++ b/agent/consul/leader_peering_test.go @@ -747,10 +747,11 @@ func TestLeader_Peering_ImportedExportedServicesCount(t *testing.T) { /// finished adding services type testCase struct { - name string - description string - exportedService structs.ExportedServicesConfigEntry - expectedImportedExportedServicesCount uint64 // same count for a server that imports the services form a server that exports them + name string + description string + exportedService structs.ExportedServicesConfigEntry + expectedImportedServsCount uint64 + expectedExportedServsCount uint64 } testCases := []testCase{ @@ -770,7 +771,8 @@ func TestLeader_Peering_ImportedExportedServicesCount(t *testing.T) { }, }, }, - expectedImportedExportedServicesCount: 4, // 3 services from above + the "consul" service + expectedImportedServsCount: 4, // 3 services from above + the "consul" service + expectedExportedServsCount: 4, // 3 services from above + the "consul" service }, { name: "no sync", @@ -778,7 +780,8 @@ func TestLeader_Peering_ImportedExportedServicesCount(t *testing.T) { exportedService: structs.ExportedServicesConfigEntry{ Name: "default", }, - expectedImportedExportedServicesCount: 0, // we want to see this decremented from 4 --> 0 + expectedImportedServsCount: 0, // we want to see this decremented from 4 --> 0 + expectedExportedServsCount: 0, // we want to see this decremented from 4 --> 0 }, { name: "just a, b services", @@ -804,7 +807,8 @@ func TestLeader_Peering_ImportedExportedServicesCount(t *testing.T) { }, }, }, - expectedImportedExportedServicesCount: 2, + expectedImportedServsCount: 2, + expectedExportedServsCount: 2, }, { name: "unexport b service", @@ -822,7 +826,8 @@ func TestLeader_Peering_ImportedExportedServicesCount(t *testing.T) { }, }, }, - expectedImportedExportedServicesCount: 1, + expectedImportedServsCount: 1, + expectedExportedServsCount: 1, }, { name: "export c service", @@ -848,7 +853,8 @@ func TestLeader_Peering_ImportedExportedServicesCount(t *testing.T) { }, }, }, - expectedImportedExportedServicesCount: 2, + expectedImportedServsCount: 2, + expectedExportedServsCount: 2, }, } @@ -872,13 +878,13 @@ func TestLeader_Peering_ImportedExportedServicesCount(t *testing.T) { resp, err := peeringClient2.PeeringRead(ctx, &pbpeering.PeeringReadRequest{Name: "my-peer-s1"}) require.NoError(r, err) require.NotNil(r, resp.Peering) - require.Equal(r, tc.expectedImportedExportedServicesCount, resp.Peering.ImportedServiceCount) + require.Equal(r, tc.expectedImportedServsCount, resp.Peering.ImportedServiceCount) // on List resp2, err2 := peeringClient2.PeeringList(ctx, &pbpeering.PeeringListRequest{}) require.NoError(r, err2) require.NotEmpty(r, resp2.Peerings) - require.Equal(r, tc.expectedImportedExportedServicesCount, resp2.Peerings[0].ImportedServiceCount) + require.Equal(r, tc.expectedExportedServsCount, resp2.Peerings[0].ImportedServiceCount) }) // Check that exported services count on S1 are what we expect @@ -887,13 +893,13 @@ func TestLeader_Peering_ImportedExportedServicesCount(t *testing.T) { resp, err := peeringClient.PeeringRead(ctx, &pbpeering.PeeringReadRequest{Name: "my-peer-s2"}) require.NoError(r, err) require.NotNil(r, resp.Peering) - require.Equal(r, tc.expectedImportedExportedServicesCount, resp.Peering.ExportedServiceCount) + require.Equal(r, tc.expectedImportedServsCount, resp.Peering.ExportedServiceCount) // on List resp2, err2 := peeringClient.PeeringList(ctx, &pbpeering.PeeringListRequest{}) require.NoError(r, err2) require.NotEmpty(r, resp2.Peerings) - require.Equal(r, tc.expectedImportedExportedServicesCount, resp2.Peerings[0].ExportedServiceCount) + require.Equal(r, tc.expectedExportedServsCount, resp2.Peerings[0].ExportedServiceCount) }) }) } diff --git a/agent/grpc-external/services/peerstream/replication.go b/agent/grpc-external/services/peerstream/replication.go index 938605cac..be79a23bd 100644 --- a/agent/grpc-external/services/peerstream/replication.go +++ b/agent/grpc-external/services/peerstream/replication.go @@ -43,7 +43,6 @@ func makeServiceResponse( sn := structs.ServiceNameFromString(serviceName) csn, ok := update.Result.(*pbservice.IndexedCheckServiceNodes) if !ok { - logger.Error("did not increment or decrement exported services count", "service_name", serviceName) return nil, fmt.Errorf("invalid type for service response: %T", update.Result) } @@ -63,7 +62,6 @@ func makeServiceResponse( // We don't distinguish when these three things occurred, but it's safe to send a DELETE Op in all cases, so we do that. // Case #1 is a no-op for the importing peer. if len(csn.Nodes) == 0 { - logger.Trace("decrementing exported services count", "service_name", sn.String()) mst.RemoveExportedService(sn) return &pbpeerstream.ReplicationMessage_Response{ @@ -75,7 +73,6 @@ func makeServiceResponse( }, nil } - logger.Trace("incrementing exported services count", "service_name", sn.String()) mst.TrackExportedService(sn) // If there are nodes in the response, we push them as an UPSERT operation. @@ -220,7 +217,6 @@ func (s *Server) handleUpsert( return fmt.Errorf("did not increment imported services count for service=%q: %w", sn.String(), err) } - logger.Trace("incrementing imported services count", "service_name", sn.String()) mutableStatus.TrackImportedService(sn) return nil @@ -468,11 +464,9 @@ func (s *Server) handleDelete( err := s.handleUpdateService(peerName, partition, sn, nil) if err != nil { - logger.Error("did not decrement imported services count", "service_name", sn.String(), "error", err) return err } - logger.Trace("decrementing imported services count", "service_name", sn.String()) mutableStatus.RemoveImportedService(sn) return nil diff --git a/agent/grpc-external/services/peerstream/stream_tracker.go b/agent/grpc-external/services/peerstream/stream_tracker.go index 40d8ecb63..c9d41e127 100644 --- a/agent/grpc-external/services/peerstream/stream_tracker.go +++ b/agent/grpc-external/services/peerstream/stream_tracker.go @@ -173,6 +173,14 @@ type Status struct { ExportedServices map[string]struct{} } +func (s *Status) GetImportedServicesCount() uint64 { + return uint64(len(s.ImportedServices)) +} + +func (s *Status) GetExportedServicesCount() uint64 { + return uint64(len(s.ExportedServices)) +} + func newMutableStatus(now func() time.Time, connected bool) *MutableStatus { return &MutableStatus{ Status: Status{ diff --git a/agent/rpc/peering/service.go b/agent/rpc/peering/service.go index 845818eb2..4b7d051bc 100644 --- a/agent/rpc/peering/service.go +++ b/agent/rpc/peering/service.go @@ -13,6 +13,7 @@ import ( "google.golang.org/grpc" "google.golang.org/grpc/codes" grpcstatus "google.golang.org/grpc/status" + "google.golang.org/protobuf/proto" "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/consul/state" @@ -338,17 +339,7 @@ func (s *Server) PeeringRead(ctx context.Context, req *pbpeering.PeeringReadRequ return &pbpeering.PeeringReadResponse{Peering: nil}, nil } - cp := copyPeeringWithNewState(peering, s.reconciledStreamStateHint(peering.ID, peering.State)) - - // add imported services count - st, found := s.Tracker.StreamStatus(peering.ID) - if !found { - s.Logger.Trace("did not find peer in stream tracker when reading peer", "peerID", peering.ID) - } else { - cp.ImportedServiceCount = uint64(len(st.ImportedServices)) - cp.ExportedServiceCount = uint64(len(st.ExportedServices)) - } - + cp := s.reconcilePeering(peering) return &pbpeering.PeeringReadResponse{Peering: cp}, nil } @@ -379,34 +370,38 @@ func (s *Server) PeeringList(ctx context.Context, req *pbpeering.PeeringListRequ // reconcile the actual peering state; need to copy over the ds for peering var cPeerings []*pbpeering.Peering for _, p := range peerings { - cp := copyPeeringWithNewState(p, s.reconciledStreamStateHint(p.ID, p.State)) - - // add imported services count - st, found := s.Tracker.StreamStatus(p.ID) - if !found { - s.Logger.Trace("did not find peer in stream tracker when listing peers", "peerID", p.ID) - } else { - cp.ImportedServiceCount = uint64(len(st.ImportedServices)) - cp.ExportedServiceCount = uint64(len(st.ExportedServices)) - } - + cp := s.reconcilePeering(p) cPeerings = append(cPeerings, cp) } + return &pbpeering.PeeringListResponse{Peerings: cPeerings}, nil } -// TODO(peering): Maybe get rid of this when actually monitoring the stream health -// reconciledStreamStateHint peaks into the streamTracker and determines whether a peering should be marked -// as PeeringState.Active or not -func (s *Server) reconciledStreamStateHint(pID string, pState pbpeering.PeeringState) pbpeering.PeeringState { - streamState, found := s.Tracker.StreamStatus(pID) +// TODO(peering): Get rid of this func when we stop using the stream tracker for imported/ exported services and the peering state +// reconcilePeering enriches the peering with the following information: +// -- PeeringState.Active if the peering is active +// -- ImportedServicesCount and ExportedServicesCount +// NOTE: we return a new peering with this additional data +func (s *Server) reconcilePeering(peering *pbpeering.Peering) *pbpeering.Peering { + streamState, found := s.Tracker.StreamStatus(peering.ID) + if !found { + s.Logger.Warn("did not find peer in stream tracker; cannot populate imported and"+ + " exported services count or reconcile peering state", "peerID", peering.ID) + return peering + } else { + cp := copyPeering(peering) - if found && streamState.Connected { - return pbpeering.PeeringState_ACTIVE + // reconcile pbpeering.PeeringState_Active + if streamState.Connected { + cp.State = pbpeering.PeeringState_ACTIVE + } + + // add imported & exported services counts + cp.ImportedServiceCount = streamState.GetImportedServicesCount() + cp.ExportedServiceCount = streamState.GetExportedServicesCount() + + return cp } - - // default, no reconciliation - return pState } // TODO(peering): As of writing, this method is only used in tests to set up Peerings in the state store. @@ -605,22 +600,9 @@ func (s *Server) getExistingOrCreateNewPeerID(peerName, partition string) (strin return id, nil } -func copyPeeringWithNewState(p *pbpeering.Peering, state pbpeering.PeeringState) *pbpeering.Peering { - return &pbpeering.Peering{ - ID: p.ID, - Name: p.Name, - Partition: p.Partition, - DeletedAt: p.DeletedAt, - Meta: p.Meta, - PeerID: p.PeerID, - PeerCAPems: p.PeerCAPems, - PeerServerAddresses: p.PeerServerAddresses, - PeerServerName: p.PeerServerName, - CreateIndex: p.CreateIndex, - ModifyIndex: p.ModifyIndex, - ImportedServiceCount: p.ImportedServiceCount, - ExportedServiceCount: p.ExportedServiceCount, +func copyPeering(p *pbpeering.Peering) *pbpeering.Peering { + var copyP pbpeering.Peering + proto.Merge(©P, p) - State: state, - } + return ©P } diff --git a/api/peering_test.go b/api/peering_test.go index 1c022a9cf..fcd7c5b3c 100644 --- a/api/peering_test.go +++ b/api/peering_test.go @@ -152,9 +152,7 @@ func TestAPI_Peering_GenerateToken_Read_Establish_Delete(t *testing.T) { }) defer s2.Stop() - testutil.RunStep(t, "register services to get synced dc2", func(t *testing.T) { - testNodeServiceCheckRegistrations(t, c2, "dc2") - }) + testNodeServiceCheckRegistrations(t, c2, "dc2") ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) defer cancel() From dcc230f6996d700c2a43fdae02310ed9936eb033 Mon Sep 17 00:00:00 2001 From: "Chris S. Kim" Date: Tue, 19 Jul 2022 14:56:28 -0400 Subject: [PATCH 777/785] Make envoy resources for inferred peered upstreams (#13758) Peered upstreams has a separate loop in xds from discovery chain upstreams. This PR adds similar but slightly modified code to add filters for peered upstream listeners, clusters, and endpoints in the case of transparent proxy. --- agent/proxycfg/connect_proxy.go | 4 +- agent/proxycfg/snapshot.go | 18 +- agent/proxycfg/testing_peering.go | 141 ++++++++++++ agent/xds/clusters.go | 5 +- agent/xds/clusters_test.go | 4 - agent/xds/endpoints.go | 1 + agent/xds/listeners.go | 50 ++++- agent/xds/listeners_test.go | 4 - agent/xds/resources_test.go | 8 + ...-proxy-with-peered-upstreams.latest.golden | 207 ++++++++++++++++++ ...-proxy-with-peered-upstreams.latest.golden | 60 +++++ .../endpoints/transparent-proxy.latest.golden | 106 +++++++++ ...-proxy-with-peered-upstreams.latest.golden | 176 +++++++++++++++ ...-proxy-with-peered-upstreams.latest.golden | 5 + .../routes/transparent-proxy.latest.golden | 5 + 15 files changed, 771 insertions(+), 23 deletions(-) create mode 100644 agent/xds/testdata/clusters/transparent-proxy-with-peered-upstreams.latest.golden create mode 100644 agent/xds/testdata/endpoints/transparent-proxy-with-peered-upstreams.latest.golden create mode 100644 agent/xds/testdata/endpoints/transparent-proxy.latest.golden create mode 100644 agent/xds/testdata/listeners/transparent-proxy-with-peered-upstreams.latest.golden create mode 100644 agent/xds/testdata/routes/transparent-proxy-with-peered-upstreams.latest.golden create mode 100644 agent/xds/testdata/routes/transparent-proxy.latest.golden diff --git a/agent/proxycfg/connect_proxy.go b/agent/proxycfg/connect_proxy.go index 823f7d9ef..9b0f3e54b 100644 --- a/agent/proxycfg/connect_proxy.go +++ b/agent/proxycfg/connect_proxy.go @@ -224,7 +224,7 @@ func (s *handlerConnectProxy) initialize(ctx context.Context) (ConfigSnapshot, e } // Check whether a watch for this peer exists to avoid duplicates. - if _, ok := snap.ConnectProxy.UpstreamPeerTrustBundles.Get(uid.Peer); !ok { + if ok := snap.ConnectProxy.UpstreamPeerTrustBundles.IsWatched(uid.Peer); !ok { peerCtx, cancel := context.WithCancel(ctx) if err := s.dataSources.TrustBundle.Notify(peerCtx, &pbpeering.TrustBundleReadRequest{ Name: uid.Peer, @@ -342,7 +342,7 @@ func (s *handlerConnectProxy) handleUpdate(ctx context.Context, u UpdateEvent, s snap.ConnectProxy.PeerUpstreamEndpoints.InitWatch(uid, hcancel) // Check whether a watch for this peer exists to avoid duplicates. - if _, ok := snap.ConnectProxy.UpstreamPeerTrustBundles.Get(uid.Peer); !ok { + if ok := snap.ConnectProxy.UpstreamPeerTrustBundles.IsWatched(uid.Peer); !ok { peerCtx, cancel := context.WithCancel(ctx) if err := s.dataSources.TrustBundle.Notify(peerCtx, &pbpeering.TrustBundleReadRequest{ Name: uid.Peer, diff --git a/agent/proxycfg/snapshot.go b/agent/proxycfg/snapshot.go index b04c67c26..b96994c21 100644 --- a/agent/proxycfg/snapshot.go +++ b/agent/proxycfg/snapshot.go @@ -838,19 +838,23 @@ func (u *ConfigSnapshotUpstreams) UpstreamPeerMeta(uid UpstreamID) structs.Peeri return *csn.Service.Connect.PeerMeta } +// PeeredUpstreamIDs returns a slice of peered UpstreamIDs from explicit config entries +// and implicit imported services. +// Upstreams whose trust bundles have not been stored in the snapshot are ignored. func (u *ConfigSnapshotUpstreams) PeeredUpstreamIDs() []UpstreamID { - out := make([]UpstreamID, 0, len(u.UpstreamConfig)) - for uid := range u.UpstreamConfig { - if uid.Peer == "" { - continue + out := make([]UpstreamID, 0, u.PeerUpstreamEndpoints.Len()) + u.PeerUpstreamEndpoints.ForEachKey(func(uid UpstreamID) bool { + if _, ok := u.PeerUpstreamEndpoints.Get(uid); !ok { + // uid might exist in the map but if Set hasn't been called, skip for now. + return true } if _, ok := u.UpstreamPeerTrustBundles.Get(uid.Peer); !ok { // The trust bundle for this upstream is not available yet, skip for now. - continue + return true } - out = append(out, uid) - } + return true + }) return out } diff --git a/agent/proxycfg/testing_peering.go b/agent/proxycfg/testing_peering.go index 9b1973c9a..0f20ad6ca 100644 --- a/agent/proxycfg/testing_peering.go +++ b/agent/proxycfg/testing_peering.go @@ -108,3 +108,144 @@ func TestConfigSnapshotPeering(t testing.T) *ConfigSnapshot { }, }) } + +func TestConfigSnapshotPeeringTProxy(t testing.T) *ConfigSnapshot { + // Test two explicitly defined upstreams api-a and noEndpoints + // as well as one implicitly inferred upstream db. + + var ( + noEndpointsUpstream = structs.Upstream{ + DestinationName: "no-endpoints", + DestinationPeer: "peer-a", + LocalBindPort: 1234, + } + noEndpoints = structs.PeeredServiceName{ + ServiceName: structs.NewServiceName("no-endpoints", nil), + Peer: "peer-a", + } + + apiAUpstream = structs.Upstream{ + DestinationName: "api-a", + DestinationPeer: "peer-a", + LocalBindPort: 9090, + } + apiA = structs.PeeredServiceName{ + ServiceName: structs.NewServiceName("api-a", nil), + Peer: "peer-a", + } + + db = structs.PeeredServiceName{ + ServiceName: structs.NewServiceName("db", nil), + Peer: "peer-a", + } + ) + + const peerTrustDomain = "1c053652-8512-4373-90cf-5a7f6263a994.consul" + + return TestConfigSnapshot(t, func(ns *structs.NodeService) { + ns.Proxy.Mode = structs.ProxyModeTransparent + ns.Proxy.Upstreams = []structs.Upstream{ + noEndpointsUpstream, + apiAUpstream, + } + }, []UpdateEvent{ + { + CorrelationID: meshConfigEntryID, + Result: &structs.ConfigEntryResponse{ + Entry: nil, + }, + }, + { + CorrelationID: peeredUpstreamsID, + Result: &structs.IndexedPeeredServiceList{ + Services: []structs.PeeredServiceName{ + apiA, + noEndpoints, + db, // implicitly added here + }, + }, + }, + { + CorrelationID: peerTrustBundleIDPrefix + "peer-a", + Result: &pbpeering.TrustBundleReadResponse{ + Bundle: TestPeerTrustBundles(t).Bundles[0], + }, + }, + { + CorrelationID: upstreamPeerWatchIDPrefix + NewUpstreamID(&noEndpointsUpstream).String(), + Result: &structs.IndexedCheckServiceNodes{ + Nodes: []structs.CheckServiceNode{}, + }, + }, + { + CorrelationID: upstreamPeerWatchIDPrefix + NewUpstreamID(&apiAUpstream).String(), + Result: &structs.IndexedCheckServiceNodes{ + Nodes: structs.CheckServiceNodes{ + { + Node: &structs.Node{ + Node: "node1", + Address: "127.0.0.1", + PeerName: "peer-a", + }, + Service: &structs.NodeService{ + ID: "api-a-1", + Service: "api-a", + PeerName: "peer-a", + Address: "1.2.3.4", + TaggedAddresses: map[string]structs.ServiceAddress{ + "virtual": {Address: "10.0.0.1"}, + structs.TaggedAddressVirtualIP: {Address: "240.0.0.1"}, + }, + Connect: structs.ServiceConnect{ + PeerMeta: &structs.PeeringServiceMeta{ + SNI: []string{ + "api-a.default.default.cloud.external." + peerTrustDomain, + }, + SpiffeID: []string{ + "spiffe://" + peerTrustDomain + "/ns/default/dc/cloud-dc/svc/api-a", + }, + Protocol: "tcp", + }, + }, + }, + }, + }, + }, + }, + { + CorrelationID: upstreamPeerWatchIDPrefix + NewUpstreamIDFromPeeredServiceName(db).String(), + Result: &structs.IndexedCheckServiceNodes{ + Nodes: structs.CheckServiceNodes{ + { + Node: &structs.Node{ + Node: "node1", + Address: "127.0.0.1", + PeerName: "peer-a", + }, + Service: &structs.NodeService{ + ID: "db-1", + Service: "db", + PeerName: "peer-a", + Address: "2.3.4.5", // Expect no endpoint or listener for this address + TaggedAddresses: map[string]structs.ServiceAddress{ + "virtual": {Address: "10.0.0.2"}, + structs.TaggedAddressVirtualIP: {Address: "240.0.0.2"}, + }, + Connect: structs.ServiceConnect{ + PeerMeta: &structs.PeeringServiceMeta{ + SNI: []string{ + "db.default.default.cloud.external." + peerTrustDomain, + }, + SpiffeID: []string{ + "spiffe://" + peerTrustDomain + "/ns/default/dc/cloud-dc/svc/db", + }, + Protocol: "tcp", + }, + }, + }, + }, + }, + }, + }, + }) +} diff --git a/agent/xds/clusters.go b/agent/xds/clusters.go index 562e7e692..ed7f8af1a 100644 --- a/agent/xds/clusters.go +++ b/agent/xds/clusters.go @@ -134,7 +134,7 @@ func (s *ResourceGenerator) clustersFromSnapshotConnectProxy(cfgSnap *proxycfg.C peerMeta := cfgSnap.ConnectProxy.UpstreamPeerMeta(uid) - upstreamCluster, err := s.makeUpstreamClusterForPeerService(upstreamCfg, peerMeta, cfgSnap) + upstreamCluster, err := s.makeUpstreamClusterForPeerService(uid, upstreamCfg, peerMeta, cfgSnap) if err != nil { return nil, err } @@ -693,6 +693,7 @@ func (s *ResourceGenerator) makeAppCluster(cfgSnap *proxycfg.ConfigSnapshot, nam } func (s *ResourceGenerator) makeUpstreamClusterForPeerService( + uid proxycfg.UpstreamID, upstream *structs.Upstream, peerMeta structs.PeeringServiceMeta, cfgSnap *proxycfg.ConfigSnapshot, @@ -702,8 +703,6 @@ func (s *ResourceGenerator) makeUpstreamClusterForPeerService( err error ) - uid := proxycfg.NewUpstreamID(upstream) - cfg := s.getAndModifyUpstreamConfigForPeeredListener(uid, upstream, peerMeta) if cfg.EnvoyClusterJSON != "" { c, err = makeClusterFromUserConfig(cfg.EnvoyClusterJSON) diff --git a/agent/xds/clusters_test.go b/agent/xds/clusters_test.go index 96e7615c7..a56853b81 100644 --- a/agent/xds/clusters_test.go +++ b/agent/xds/clusters_test.go @@ -609,10 +609,6 @@ func TestClustersFromSnapshot(t *testing.T) { name: "ingress-multiple-listeners-duplicate-service", create: proxycfg.TestConfigSnapshotIngress_MultipleListenersDuplicateService, }, - { - name: "transparent-proxy", - create: proxycfg.TestConfigSnapshotTransparentProxy, - }, { name: "transparent-proxy-catalog-destinations-only", create: proxycfg.TestConfigSnapshotTransparentProxyCatalogDestinationsOnly, diff --git a/agent/xds/endpoints.go b/agent/xds/endpoints.go index edfe1c616..8fda9adc2 100644 --- a/agent/xds/endpoints.go +++ b/agent/xds/endpoints.go @@ -3,6 +3,7 @@ package xds import ( "errors" "fmt" + envoy_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" envoy_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3" diff --git a/agent/xds/listeners.go b/agent/xds/listeners.go index 0ef16899f..5b7b0d61f 100644 --- a/agent/xds/listeners.go +++ b/agent/xds/listeners.go @@ -264,8 +264,9 @@ func (s *ResourceGenerator) listenersFromSnapshotConnectProxy(cfgSnap *proxycfg. } outboundListener.ListenerFilters = append(outboundListener.ListenerFilters, tlsInspector) } - // Looping over explicit upstreams is only needed for cross-peer because - // they do not have discovery chains. + + // Looping over explicit and implicit upstreams is only needed for cross-peer + // because they do not have discovery chains. for _, uid := range cfgSnap.ConnectProxy.PeeredUpstreamIDs() { upstreamCfg := cfgSnap.ConnectProxy.UpstreamConfig[uid] @@ -326,7 +327,50 @@ func (s *ResourceGenerator) listenersFromSnapshotConnectProxy(cfgSnap *proxycfg. // Below we create a filter chain per upstream, rather than a listener per upstream // as we do for explicit upstreams above. - // TODO(peering): tproxy + filterChain, err := s.makeUpstreamFilterChain(filterChainOpts{ + routeName: uid.EnvoyID(), + clusterName: clusterName, + filterName: uid.EnvoyID(), + protocol: cfg.Protocol, + useRDS: false, + }) + if err != nil { + return nil, err + } + + endpoints, _ := cfgSnap.ConnectProxy.PeerUpstreamEndpoints.Get(uid) + uniqueAddrs := make(map[string]struct{}) + + // Match on the virtual IP for the upstream service (identified by the chain's ID). + // We do not match on all endpoints here since it would lead to load balancing across + // all instances when any instance address is dialed. + for _, e := range endpoints { + if vip := e.Service.TaggedAddresses[structs.TaggedAddressVirtualIP]; vip.Address != "" { + uniqueAddrs[vip.Address] = struct{}{} + } + + // The virtualIPTag is used by consul-k8s to store the ClusterIP for a service. + // For services imported from a peer,the partition will be equal in all cases. + if acl.EqualPartitions(e.Node.PartitionOrDefault(), cfgSnap.ProxyID.PartitionOrDefault()) { + if vip := e.Service.TaggedAddresses[virtualIPTag]; vip.Address != "" { + uniqueAddrs[vip.Address] = struct{}{} + } + } + } + if len(uniqueAddrs) > 2 { + s.Logger.Debug("detected multiple virtual IPs for an upstream, all will be used to match traffic", + "upstream", uid, "ip_count", len(uniqueAddrs)) + } + + // For every potential address we collected, create the appropriate address prefix to match on. + // In this case we are matching on exact addresses, so the prefix is the address itself, + // and the prefix length is based on whether it's IPv4 or IPv6. + filterChain.FilterChainMatch = makeFilterChainMatchFromAddrs(uniqueAddrs) + + // Only attach the filter chain if there are addresses to match on + if filterChain.FilterChainMatch != nil && len(filterChain.FilterChainMatch.PrefixRanges) > 0 { + outboundListener.FilterChains = append(outboundListener.FilterChains, filterChain) + } } diff --git a/agent/xds/listeners_test.go b/agent/xds/listeners_test.go index 3055b4436..c51730074 100644 --- a/agent/xds/listeners_test.go +++ b/agent/xds/listeners_test.go @@ -756,10 +756,6 @@ func TestListenersFromSnapshot(t *testing.T) { name: "ingress-with-sds-service-level-mixed-no-tls", create: proxycfg.TestConfigSnapshotIngressGatewaySDS_MixedNoTLS, }, - { - name: "transparent-proxy", - create: proxycfg.TestConfigSnapshotTransparentProxy, - }, { name: "transparent-proxy-http-upstream", create: proxycfg.TestConfigSnapshotTransparentProxyHTTPUpstream, diff --git a/agent/xds/resources_test.go b/agent/xds/resources_test.go index 983f1bb44..1e3151e07 100644 --- a/agent/xds/resources_test.go +++ b/agent/xds/resources_test.go @@ -144,10 +144,18 @@ func TestAllResourcesFromSnapshot(t *testing.T) { }) }, }, + { + name: "transparent-proxy", + create: proxycfg.TestConfigSnapshotTransparentProxy, + }, { name: "connect-proxy-with-peered-upstreams", create: proxycfg.TestConfigSnapshotPeering, }, + { + name: "transparent-proxy-with-peered-upstreams", + create: proxycfg.TestConfigSnapshotPeeringTProxy, + }, } tests = append(tests, getConnectProxyTransparentProxyGoldenTestCases()...) tests = append(tests, getMeshGatewayPeeringGoldenTestCases()...) diff --git a/agent/xds/testdata/clusters/transparent-proxy-with-peered-upstreams.latest.golden b/agent/xds/testdata/clusters/transparent-proxy-with-peered-upstreams.latest.golden new file mode 100644 index 000000000..766a66d12 --- /dev/null +++ b/agent/xds/testdata/clusters/transparent-proxy-with-peered-upstreams.latest.golden @@ -0,0 +1,207 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "api-a.default.default.cloud.external.1c053652-8512-4373-90cf-5a7f6263a994.consul", + "altStatName": "api-a.default.default.cloud.external.1c053652-8512-4373-90cf-5a7f6263a994.consul", + "type": "EDS", + "edsClusterConfig": { + "edsConfig": { + "ads": { + + }, + "resourceApiVersion": "V3" + } + }, + "connectTimeout": "5s", + "circuitBreakers": { + + }, + "outlierDetection": { + + }, + "commonLbConfig": { + "healthyPanicThreshold": { + + } + }, + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "commonTlsContext": { + "tlsParams": { + + }, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICczCCAdwCCQC3BLnEmLCrSjANBgkqhkiG9w0BAQsFADB+MQswCQYDVQQGEwJV\nUzELMAkGA1UECAwCQVoxEjAQBgNVBAcMCUZsYWdzdGFmZjEMMAoGA1UECgwDRm9v\nMRAwDgYDVQQLDAdleGFtcGxlMQ8wDQYDVQQDDAZwZWVyLWExHTAbBgkqhkiG9w0B\nCQEWDmZvb0BwZWVyLWEuY29tMB4XDTIyMDUyNjAxMDQ0NFoXDTIzMDUyNjAxMDQ0\nNFowfjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkFaMRIwEAYDVQQHDAlGbGFnc3Rh\nZmYxDDAKBgNVBAoMA0ZvbzEQMA4GA1UECwwHZXhhbXBsZTEPMA0GA1UEAwwGcGVl\nci1hMR0wGwYJKoZIhvcNAQkBFg5mb29AcGVlci1hLmNvbTCBnzANBgkqhkiG9w0B\nAQEFAAOBjQAwgYkCgYEA2zFYGTbXDAntT5pLTpZ2+VTiqx4J63VRJH1kdu11f0FV\nc2jl1pqCuYDbQXknDU0Pv1Q5y0+nSAihD2KqGS571r+vHQiPtKYPYRqPEe9FzAhR\n2KhWH6v/tk5DG1HqOjV9/zWRKB12gdFNZZqnw/e7NjLNq3wZ2UAwxXip5uJ8uwMC\nAwEAATANBgkqhkiG9w0BAQsFAAOBgQC/CJ9Syf4aL91wZizKTejwouRYoWv4gRAk\nyto45ZcNMHfJ0G2z+XAMl9ZbQsLgXmzAx4IM6y5Jckq8pKC4PEijCjlKTktLHlEy\n0ggmFxtNB1tid2NC8dOzcQ3l45+gDjDqdILhAvLDjlAIebdkqVqb2CfFNW/I2CQH\nZAuKN1aoKA==\n-----END CERTIFICATE-----\n" + }, + "matchSubjectAltNames": [ + { + "exact": "spiffe://1c053652-8512-4373-90cf-5a7f6263a994.consul/ns/default/dc/cloud-dc/svc/api-a" + } + ] + } + }, + "sni": "api-a.default.default.cloud.external.1c053652-8512-4373-90cf-5a7f6263a994.consul" + } + } + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "db.default.default.cloud.external.1c053652-8512-4373-90cf-5a7f6263a994.consul", + "altStatName": "db.default.default.cloud.external.1c053652-8512-4373-90cf-5a7f6263a994.consul", + "type": "EDS", + "edsClusterConfig": { + "edsConfig": { + "ads": { + + }, + "resourceApiVersion": "V3" + } + }, + "connectTimeout": "5s", + "circuitBreakers": { + + }, + "outlierDetection": { + + }, + "commonLbConfig": { + "healthyPanicThreshold": { + + } + }, + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "commonTlsContext": { + "tlsParams": { + + }, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICczCCAdwCCQC3BLnEmLCrSjANBgkqhkiG9w0BAQsFADB+MQswCQYDVQQGEwJV\nUzELMAkGA1UECAwCQVoxEjAQBgNVBAcMCUZsYWdzdGFmZjEMMAoGA1UECgwDRm9v\nMRAwDgYDVQQLDAdleGFtcGxlMQ8wDQYDVQQDDAZwZWVyLWExHTAbBgkqhkiG9w0B\nCQEWDmZvb0BwZWVyLWEuY29tMB4XDTIyMDUyNjAxMDQ0NFoXDTIzMDUyNjAxMDQ0\nNFowfjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkFaMRIwEAYDVQQHDAlGbGFnc3Rh\nZmYxDDAKBgNVBAoMA0ZvbzEQMA4GA1UECwwHZXhhbXBsZTEPMA0GA1UEAwwGcGVl\nci1hMR0wGwYJKoZIhvcNAQkBFg5mb29AcGVlci1hLmNvbTCBnzANBgkqhkiG9w0B\nAQEFAAOBjQAwgYkCgYEA2zFYGTbXDAntT5pLTpZ2+VTiqx4J63VRJH1kdu11f0FV\nc2jl1pqCuYDbQXknDU0Pv1Q5y0+nSAihD2KqGS571r+vHQiPtKYPYRqPEe9FzAhR\n2KhWH6v/tk5DG1HqOjV9/zWRKB12gdFNZZqnw/e7NjLNq3wZ2UAwxXip5uJ8uwMC\nAwEAATANBgkqhkiG9w0BAQsFAAOBgQC/CJ9Syf4aL91wZizKTejwouRYoWv4gRAk\nyto45ZcNMHfJ0G2z+XAMl9ZbQsLgXmzAx4IM6y5Jckq8pKC4PEijCjlKTktLHlEy\n0ggmFxtNB1tid2NC8dOzcQ3l45+gDjDqdILhAvLDjlAIebdkqVqb2CfFNW/I2CQH\nZAuKN1aoKA==\n-----END CERTIFICATE-----\n" + }, + "matchSubjectAltNames": [ + { + "exact": "spiffe://1c053652-8512-4373-90cf-5a7f6263a994.consul/ns/default/dc/cloud-dc/svc/db" + } + ] + } + }, + "sni": "db.default.default.cloud.external.1c053652-8512-4373-90cf-5a7f6263a994.consul" + } + } + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "local_app", + "type": "STATIC", + "connectTimeout": "5s", + "loadAssignment": { + "clusterName": "local_app", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 8080 + } + } + } + } + ] + } + ] + } + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "no-endpoints?peer=peer-a", + "altStatName": "no-endpoints?peer=peer-a", + "type": "EDS", + "edsClusterConfig": { + "edsConfig": { + "ads": { + + }, + "resourceApiVersion": "V3" + } + }, + "connectTimeout": "5s", + "circuitBreakers": { + + }, + "outlierDetection": { + + }, + "commonLbConfig": { + "healthyPanicThreshold": { + + } + }, + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "commonTlsContext": { + "tlsParams": { + + }, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICczCCAdwCCQC3BLnEmLCrSjANBgkqhkiG9w0BAQsFADB+MQswCQYDVQQGEwJV\nUzELMAkGA1UECAwCQVoxEjAQBgNVBAcMCUZsYWdzdGFmZjEMMAoGA1UECgwDRm9v\nMRAwDgYDVQQLDAdleGFtcGxlMQ8wDQYDVQQDDAZwZWVyLWExHTAbBgkqhkiG9w0B\nCQEWDmZvb0BwZWVyLWEuY29tMB4XDTIyMDUyNjAxMDQ0NFoXDTIzMDUyNjAxMDQ0\nNFowfjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkFaMRIwEAYDVQQHDAlGbGFnc3Rh\nZmYxDDAKBgNVBAoMA0ZvbzEQMA4GA1UECwwHZXhhbXBsZTEPMA0GA1UEAwwGcGVl\nci1hMR0wGwYJKoZIhvcNAQkBFg5mb29AcGVlci1hLmNvbTCBnzANBgkqhkiG9w0B\nAQEFAAOBjQAwgYkCgYEA2zFYGTbXDAntT5pLTpZ2+VTiqx4J63VRJH1kdu11f0FV\nc2jl1pqCuYDbQXknDU0Pv1Q5y0+nSAihD2KqGS571r+vHQiPtKYPYRqPEe9FzAhR\n2KhWH6v/tk5DG1HqOjV9/zWRKB12gdFNZZqnw/e7NjLNq3wZ2UAwxXip5uJ8uwMC\nAwEAATANBgkqhkiG9w0BAQsFAAOBgQC/CJ9Syf4aL91wZizKTejwouRYoWv4gRAk\nyto45ZcNMHfJ0G2z+XAMl9ZbQsLgXmzAx4IM6y5Jckq8pKC4PEijCjlKTktLHlEy\n0ggmFxtNB1tid2NC8dOzcQ3l45+gDjDqdILhAvLDjlAIebdkqVqb2CfFNW/I2CQH\nZAuKN1aoKA==\n-----END CERTIFICATE-----\n" + } + } + } + } + } + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "original-destination", + "type": "ORIGINAL_DST", + "connectTimeout": "5s", + "lbPolicy": "CLUSTER_PROVIDED" + } + ], + "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/transparent-proxy-with-peered-upstreams.latest.golden b/agent/xds/testdata/endpoints/transparent-proxy-with-peered-upstreams.latest.golden new file mode 100644 index 000000000..220919da9 --- /dev/null +++ b/agent/xds/testdata/endpoints/transparent-proxy-with-peered-upstreams.latest.golden @@ -0,0 +1,60 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "api-a.default.default.cloud.external.1c053652-8512-4373-90cf-5a7f6263a994.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "1.2.3.4", + "portValue": 0 + } + } + }, + "healthStatus": "HEALTHY", + "loadBalancingWeight": 1 + } + ] + } + ] + }, + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "db.default.default.cloud.external.1c053652-8512-4373-90cf-5a7f6263a994.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "2.3.4.5", + "portValue": 0 + } + } + }, + "healthStatus": "HEALTHY", + "loadBalancingWeight": 1 + } + ] + } + ] + }, + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "no-endpoints?peer=peer-a", + "endpoints": [ + { + + } + ] + } + ], + "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/transparent-proxy.latest.golden b/agent/xds/testdata/endpoints/transparent-proxy.latest.golden new file mode 100644 index 000000000..fb13b6259 --- /dev/null +++ b/agent/xds/testdata/endpoints/transparent-proxy.latest.golden @@ -0,0 +1,106 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "10.10.1.1", + "portValue": 8080 + } + } + }, + "healthStatus": "HEALTHY", + "loadBalancingWeight": 1 + }, + { + "endpoint": { + "address": { + "socketAddress": { + "address": "10.10.1.2", + "portValue": 8080 + } + } + }, + "healthStatus": "HEALTHY", + "loadBalancingWeight": 1 + } + ] + } + ] + }, + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "10.10.1.1", + "portValue": 8080 + } + } + }, + "healthStatus": "HEALTHY", + "loadBalancingWeight": 1 + }, + { + "endpoint": { + "address": { + "socketAddress": { + "address": "10.20.1.2", + "portValue": 8080 + } + } + }, + "healthStatus": "HEALTHY", + "loadBalancingWeight": 1 + } + ] + } + ] + }, + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "google.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "9.9.9.9", + "portValue": 9090 + } + } + }, + "healthStatus": "HEALTHY", + "loadBalancingWeight": 1 + } + ] + } + ] + }, + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "no-endpoints.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "endpoints": [ + { + + } + ] + } + ], + "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/transparent-proxy-with-peered-upstreams.latest.golden b/agent/xds/testdata/listeners/transparent-proxy-with-peered-upstreams.latest.golden new file mode 100644 index 000000000..f9001c934 --- /dev/null +++ b/agent/xds/testdata/listeners/transparent-proxy-with-peered-upstreams.latest.golden @@ -0,0 +1,176 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "name": "api-a?peer=peer-a:127.0.0.1:9090", + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 9090 + } + }, + "filterChains": [ + { + "filters": [ + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.api-a?peer=peer-a", + "cluster": "api-a.default.default.cloud.external.1c053652-8512-4373-90cf-5a7f6263a994.consul" + } + } + ] + } + ], + "trafficDirection": "OUTBOUND" + }, + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "name": "no-endpoints?peer=peer-a:127.0.0.1:1234", + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 1234 + } + }, + "filterChains": [ + { + "filters": [ + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.no-endpoints?peer=peer-a", + "cluster": "no-endpoints?peer=peer-a" + } + } + ] + } + ], + "trafficDirection": "OUTBOUND" + }, + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "name": "outbound_listener:127.0.0.1:15001", + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 15001 + } + }, + "filterChains": [ + { + "filterChainMatch": { + "prefixRanges": [ + { + "addressPrefix": "10.0.0.2", + "prefixLen": 32 + }, + { + "addressPrefix": "240.0.0.2", + "prefixLen": 32 + } + ] + }, + "filters": [ + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.db?peer=peer-a", + "cluster": "db.default.default.cloud.external.1c053652-8512-4373-90cf-5a7f6263a994.consul" + } + } + ] + } + ], + "defaultFilterChain": { + "filters": [ + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.original-destination", + "cluster": "original-destination" + } + } + ] + }, + "listenerFilters": [ + { + "name": "envoy.filters.listener.original_dst", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.listener.original_dst.v3.OriginalDst" + } + } + ], + "trafficDirection": "OUTBOUND" + }, + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "name": "public_listener:0.0.0.0:9999", + "address": { + "socketAddress": { + "address": "0.0.0.0", + "portValue": 9999 + } + }, + "filterChains": [ + { + "filters": [ + { + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": { + + }, + "statPrefix": "connect_authz" + } + }, + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "public_listener", + "cluster": "local_app" + } + } + ], + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", + "commonTlsContext": { + "tlsParams": { + + }, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" + } + } + }, + "requireClientCertificate": true + } + } + } + ], + "trafficDirection": "INBOUND" + } + ], + "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xds/testdata/routes/transparent-proxy-with-peered-upstreams.latest.golden b/agent/xds/testdata/routes/transparent-proxy-with-peered-upstreams.latest.golden new file mode 100644 index 000000000..9c050cbe6 --- /dev/null +++ b/agent/xds/testdata/routes/transparent-proxy-with-peered-upstreams.latest.golden @@ -0,0 +1,5 @@ +{ + "versionInfo": "00000001", + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xds/testdata/routes/transparent-proxy.latest.golden b/agent/xds/testdata/routes/transparent-proxy.latest.golden new file mode 100644 index 000000000..9c050cbe6 --- /dev/null +++ b/agent/xds/testdata/routes/transparent-proxy.latest.golden @@ -0,0 +1,5 @@ +{ + "versionInfo": "00000001", + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" +} \ No newline at end of file From a9f17c0f99f2767ea453e6fc7ee6b5dcf178aae8 Mon Sep 17 00:00:00 2001 From: Paul Glass Date: Tue, 19 Jul 2022 15:26:44 -0600 Subject: [PATCH 778/785] Extract AWS auth implementation out of Consul (#13760) --- agent/consul/authmethod/awsauth/aws.go | 2 +- agent/consul/authmethod/awsauth/aws_test.go | 4 +- command/login/aws.go | 2 +- command/login/login_test.go | 2 +- go.mod | 3 +- go.sum | 2 + internal/iamauth/README.md | 2 - internal/iamauth/auth.go | 311 ------------ internal/iamauth/auth_test.go | 124 ----- internal/iamauth/config.go | 80 --- internal/iamauth/config_test.go | 150 ------ internal/iamauth/iamauthtest/testing.go | 187 ------- internal/iamauth/responses/arn.go | 94 ---- internal/iamauth/responses/responses.go | 96 ---- internal/iamauth/responses/responses_test.go | 293 ----------- internal/iamauth/responsestest/testing.go | 81 ---- internal/iamauth/token.go | 403 ---------------- internal/iamauth/token_test.go | 483 ------------------- internal/iamauth/util.go | 143 ------ lib/glob.go | 24 - lib/glob_test.go | 37 -- 21 files changed, 9 insertions(+), 2514 deletions(-) delete mode 100644 internal/iamauth/README.md delete mode 100644 internal/iamauth/auth.go delete mode 100644 internal/iamauth/auth_test.go delete mode 100644 internal/iamauth/config.go delete mode 100644 internal/iamauth/config_test.go delete mode 100644 internal/iamauth/iamauthtest/testing.go delete mode 100644 internal/iamauth/responses/arn.go delete mode 100644 internal/iamauth/responses/responses.go delete mode 100644 internal/iamauth/responses/responses_test.go delete mode 100644 internal/iamauth/responsestest/testing.go delete mode 100644 internal/iamauth/token.go delete mode 100644 internal/iamauth/token_test.go delete mode 100644 internal/iamauth/util.go delete mode 100644 lib/glob.go delete mode 100644 lib/glob_test.go diff --git a/agent/consul/authmethod/awsauth/aws.go b/agent/consul/authmethod/awsauth/aws.go index f3995cdc5..7c7758476 100644 --- a/agent/consul/authmethod/awsauth/aws.go +++ b/agent/consul/authmethod/awsauth/aws.go @@ -4,9 +4,9 @@ import ( "context" "fmt" + iamauth "github.com/hashicorp/consul-awsauth" "github.com/hashicorp/consul/agent/consul/authmethod" "github.com/hashicorp/consul/agent/structs" - "github.com/hashicorp/consul/internal/iamauth" "github.com/hashicorp/go-hclog" ) diff --git a/agent/consul/authmethod/awsauth/aws_test.go b/agent/consul/authmethod/awsauth/aws_test.go index 3025275cf..031cd035b 100644 --- a/agent/consul/authmethod/awsauth/aws_test.go +++ b/agent/consul/authmethod/awsauth/aws_test.go @@ -8,10 +8,10 @@ import ( "testing" "github.com/aws/aws-sdk-go/aws/credentials" + iamauth "github.com/hashicorp/consul-awsauth" + "github.com/hashicorp/consul-awsauth/iamauthtest" "github.com/hashicorp/consul/agent/consul/authmethod" "github.com/hashicorp/consul/agent/structs" - "github.com/hashicorp/consul/internal/iamauth" - "github.com/hashicorp/consul/internal/iamauth/iamauthtest" "github.com/hashicorp/go-hclog" "github.com/stretchr/testify/require" ) diff --git a/command/login/aws.go b/command/login/aws.go index bae90c943..c0d2212dc 100644 --- a/command/login/aws.go +++ b/command/login/aws.go @@ -9,8 +9,8 @@ import ( "github.com/aws/aws-sdk-go/aws/credentials" "github.com/aws/aws-sdk-go/aws/session" + iamauth "github.com/hashicorp/consul-awsauth" "github.com/hashicorp/consul/agent/consul/authmethod/awsauth" - "github.com/hashicorp/consul/internal/iamauth" "github.com/hashicorp/go-hclog" ) diff --git a/command/login/login_test.go b/command/login/login_test.go index 7eba6a403..6340d93f7 100644 --- a/command/login/login_test.go +++ b/command/login/login_test.go @@ -13,13 +13,13 @@ import ( "github.com/stretchr/testify/require" "gopkg.in/square/go-jose.v2/jwt" + "github.com/hashicorp/consul-awsauth/iamauthtest" "github.com/hashicorp/consul/agent" "github.com/hashicorp/consul/agent/consul/authmethod/kubeauth" "github.com/hashicorp/consul/agent/consul/authmethod/testauth" "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/command/acl" "github.com/hashicorp/consul/internal/go-sso/oidcauth/oidcauthtest" - "github.com/hashicorp/consul/internal/iamauth/iamauthtest" "github.com/hashicorp/consul/sdk/testutil" "github.com/hashicorp/consul/testrpc" ) diff --git a/go.mod b/go.mod index 84e9d1d18..cb048763d 100644 --- a/go.mod +++ b/go.mod @@ -25,6 +25,7 @@ require ( github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22 github.com/google/tcpproxy v0.0.0-20180808230851-dfa16c61dad2 github.com/grpc-ecosystem/go-grpc-middleware v1.0.0 + github.com/hashicorp/consul-awsauth v0.0.0-20220713182709-05ac1c5c2706 github.com/hashicorp/consul-net-rpc v0.0.0-20220307172752-3602954411b4 github.com/hashicorp/consul/api v1.13.1 github.com/hashicorp/consul/sdk v0.10.0 @@ -37,7 +38,6 @@ require ( github.com/hashicorp/go-memdb v1.3.2 github.com/hashicorp/go-multierror v1.1.1 github.com/hashicorp/go-raftchunking v0.6.2 - github.com/hashicorp/go-retryablehttp v0.6.7 github.com/hashicorp/go-sockaddr v1.0.2 github.com/hashicorp/go-syslog v1.0.0 github.com/hashicorp/go-uuid v1.0.2 @@ -133,6 +133,7 @@ require ( github.com/hashicorp/errwrap v1.0.0 // indirect github.com/hashicorp/go-immutable-radix v1.3.0 // indirect github.com/hashicorp/go-msgpack v0.5.5 // indirect + github.com/hashicorp/go-retryablehttp v0.6.7 // indirect github.com/hashicorp/go-rootcerts v1.0.2 // indirect github.com/hashicorp/mdns v1.0.4 // indirect github.com/hashicorp/raft-boltdb v0.0.0-20211202195631-7d34b9fb3f42 // indirect diff --git a/go.sum b/go.sum index 722d90784..5e859cc7a 100644 --- a/go.sum +++ b/go.sum @@ -294,6 +294,8 @@ github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmg github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= +github.com/hashicorp/consul-awsauth v0.0.0-20220713182709-05ac1c5c2706 h1:1ZEjnveDe20yFa6lSkfdQZm5BR/b271n0MsB5R2L3us= +github.com/hashicorp/consul-awsauth v0.0.0-20220713182709-05ac1c5c2706/go.mod h1:1Cs8FlmD1BfSQXJGcFLSV5FuIx1AbJP+EJGdxosoS2g= github.com/hashicorp/consul-net-rpc v0.0.0-20220307172752-3602954411b4 h1:Com/5n/omNSBusX11zdyIYtidiqewLIanchbm//McZA= github.com/hashicorp/consul-net-rpc v0.0.0-20220307172752-3602954411b4/go.mod h1:vWEAHAeAqfOwB3pSgHMQpIu8VH1jL+Ltg54Tw0wt/NI= github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA= diff --git a/internal/iamauth/README.md b/internal/iamauth/README.md deleted file mode 100644 index a9880a355..000000000 --- a/internal/iamauth/README.md +++ /dev/null @@ -1,2 +0,0 @@ -This is an internal package to house the AWS IAM auth method utilities for potential -future extraction from Consul. diff --git a/internal/iamauth/auth.go b/internal/iamauth/auth.go deleted file mode 100644 index aaf6bc657..000000000 --- a/internal/iamauth/auth.go +++ /dev/null @@ -1,311 +0,0 @@ -package iamauth - -import ( - "context" - "encoding/xml" - "fmt" - "io/ioutil" - "net/http" - "regexp" - "strings" - "time" - - "github.com/hashicorp/consul/internal/iamauth/responses" - "github.com/hashicorp/consul/lib" - "github.com/hashicorp/consul/lib/stringslice" - "github.com/hashicorp/go-cleanhttp" - "github.com/hashicorp/go-hclog" - "github.com/hashicorp/go-retryablehttp" -) - -const ( - // Retry configuration - retryWaitMin = 500 * time.Millisecond - retryWaitMax = 30 * time.Second -) - -type Authenticator struct { - config *Config - logger hclog.Logger -} - -type IdentityDetails struct { - EntityName string - EntityId string - AccountId string - - EntityPath string - EntityTags map[string]string -} - -func NewAuthenticator(config *Config, logger hclog.Logger) (*Authenticator, error) { - if err := config.Validate(); err != nil { - return nil, err - } - return &Authenticator{ - config: config, - logger: logger, - }, nil -} - -// ValidateLogin determines if the identity in the loginToken is permitted to login. -// If so, it returns details about the identity. Otherwise, an error is returned. -func (a *Authenticator) ValidateLogin(ctx context.Context, loginToken string) (*IdentityDetails, error) { - token, err := NewBearerToken(loginToken, a.config) - if err != nil { - return nil, err - } - - req, err := token.GetCallerIdentityRequest() - if err != nil { - return nil, err - } - - if a.config.ServerIDHeaderValue != "" { - err := validateHeaderValue(req.Header, a.config.ServerIDHeaderName, a.config.ServerIDHeaderValue) - if err != nil { - return nil, err - } - } - - callerIdentity, err := a.submitCallerIdentityRequest(ctx, req) - if err != nil { - return nil, err - } - a.logger.Debug("iamauth login attempt", "arn", callerIdentity.Arn) - - entity, err := responses.ParseArn(callerIdentity.Arn) - if err != nil { - return nil, err - } - - identityDetails := &IdentityDetails{ - EntityName: entity.FriendlyName, - // This could either be a "userID:SessionID" (in the case of an assumed role) or just a "userID" - // (in the case of an IAM user). - EntityId: strings.Split(callerIdentity.UserId, ":")[0], - AccountId: callerIdentity.Account, - } - clientArn := entity.CanonicalArn() - - // Fetch the IAM Role or IAM User, if configured. - // This requires the token to contain a signed iam:GetRole or iam:GetUser request. - if a.config.EnableIAMEntityDetails { - iamReq, err := token.GetEntityRequest() - if err != nil { - return nil, err - } - - if a.config.ServerIDHeaderValue != "" { - err := validateHeaderValue(iamReq.Header, a.config.ServerIDHeaderName, a.config.ServerIDHeaderValue) - if err != nil { - return nil, err - } - } - - iamEntityDetails, err := a.submitGetIAMEntityRequest(ctx, iamReq, token.entityRequestType) - if err != nil { - return nil, err - } - - // Only the CallerIdentity response is a guarantee of the client's identity. - // The role/user details must have a unique id match to the CallerIdentity before use. - if iamEntityDetails.EntityId() != identityDetails.EntityId { - return nil, fmt.Errorf("unique id mismatch in login token") - } - - // Use the full ARN with path from the Role/User details - clientArn = iamEntityDetails.EntityArn() - identityDetails.EntityPath = iamEntityDetails.EntityPath() - identityDetails.EntityTags = iamEntityDetails.EntityTags() - } - - if err := a.validateIdentity(clientArn); err != nil { - return nil, err - } - return identityDetails, nil -} - -// https://github.com/hashicorp/vault/blob/ba533d006f2244103648785ebfe8a9a9763d2b6e/builtin/credential/aws/path_login.go#L1321-L1361 -func (a *Authenticator) validateIdentity(clientArn string) error { - if stringslice.Contains(a.config.BoundIAMPrincipalARNs, clientArn) { - // Matches one of BoundIAMPrincipalARNs, so it is trusted - return nil - } - if a.config.EnableIAMEntityDetails { - for _, principalArn := range a.config.BoundIAMPrincipalARNs { - if strings.HasSuffix(principalArn, "*") && lib.GlobbedStringsMatch(principalArn, clientArn) { - // Wildcard match, so it is trusted - return nil - } - } - } - return fmt.Errorf("IAM principal %s is not trusted", clientArn) -} - -func (a *Authenticator) submitCallerIdentityRequest(ctx context.Context, req *http.Request) (*responses.GetCallerIdentityResult, error) { - responseBody, err := a.submitRequest(ctx, req) - if err != nil { - return nil, err - } - callerIdentityResponse, err := parseGetCallerIdentityResponse(responseBody) - if err != nil { - return nil, fmt.Errorf("error parsing STS response") - } - - if n := len(callerIdentityResponse.GetCallerIdentityResult); n != 1 { - return nil, fmt.Errorf("received %d identities in STS response but expected 1", n) - } - return &callerIdentityResponse.GetCallerIdentityResult[0], nil -} - -func (a *Authenticator) submitGetIAMEntityRequest(ctx context.Context, req *http.Request, reqType string) (responses.IAMEntity, error) { - responseBody, err := a.submitRequest(ctx, req) - if err != nil { - return nil, err - } - iamResponse, err := parseGetIAMEntityResponse(responseBody, reqType) - if err != nil { - return nil, fmt.Errorf("error parsing IAM response: %s", err) - } - return iamResponse, nil - -} - -// https://github.com/hashicorp/vault/blob/b17e3256dde937a6248c9a2fa56206aac93d07de/builtin/credential/aws/path_login.go#L1636 -func (a *Authenticator) submitRequest(ctx context.Context, req *http.Request) (string, error) { - retryableReq, err := retryablehttp.FromRequest(req) - if err != nil { - return "", err - } - retryableReq = retryableReq.WithContext(ctx) - client := cleanhttp.DefaultClient() - client.CheckRedirect = func(req *http.Request, via []*http.Request) error { - return http.ErrUseLastResponse - } - retryingClient := &retryablehttp.Client{ - HTTPClient: client, - RetryWaitMin: retryWaitMin, - RetryWaitMax: retryWaitMax, - RetryMax: a.config.MaxRetries, - CheckRetry: retryablehttp.DefaultRetryPolicy, - Backoff: retryablehttp.DefaultBackoff, - } - - response, err := retryingClient.Do(retryableReq) - if err != nil { - return "", fmt.Errorf("error making request: %w", err) - } - if response != nil { - defer response.Body.Close() - } - // Validate that the response type is XML - if ct := response.Header.Get("Content-Type"); ct != "text/xml" { - return "", fmt.Errorf("response body is invalid") - } - - // we check for status code afterwards to also print out response body - responseBody, err := ioutil.ReadAll(response.Body) - if err != nil { - return "", err - } - if response.StatusCode != 200 { - return "", fmt.Errorf("received error code %d: %s", response.StatusCode, string(responseBody)) - } - return string(responseBody), nil - -} - -// https://github.com/hashicorp/vault/blob/ba533d006f2244103648785ebfe8a9a9763d2b6e/builtin/credential/aws/path_login.go#L1625-L1634 -func parseGetCallerIdentityResponse(response string) (responses.GetCallerIdentityResponse, error) { - result := responses.GetCallerIdentityResponse{} - response = strings.TrimSpace(response) - if !strings.HasPrefix(response, " 2 { - return fmt.Errorf("found multiple SignedHeaders components") - } - signedHeaders := string(matches[1]) - return ensureHeaderIsSigned(signedHeaders, headerName) - } - // NOTE: If we support GET requests, then we need to parse the X-Amz-SignedHeaders - // argument out of the query string and search in there for the header value - return fmt.Errorf("missing Authorization header") -} - -func ensureHeaderIsSigned(signedHeaders, headerToSign string) error { - // Not doing a constant time compare here, the values aren't secret - for _, header := range strings.Split(signedHeaders, ";") { - if header == strings.ToLower(headerToSign) { - return nil - } - } - return fmt.Errorf("header wasn't signed") -} diff --git a/internal/iamauth/auth_test.go b/internal/iamauth/auth_test.go deleted file mode 100644 index 909b64509..000000000 --- a/internal/iamauth/auth_test.go +++ /dev/null @@ -1,124 +0,0 @@ -package iamauth - -import ( - "context" - "encoding/json" - "testing" - - "github.com/aws/aws-sdk-go/aws/credentials" - "github.com/hashicorp/consul/internal/iamauth/iamauthtest" - "github.com/hashicorp/consul/internal/iamauth/responses" - "github.com/hashicorp/consul/internal/iamauth/responsestest" - "github.com/hashicorp/go-hclog" - "github.com/stretchr/testify/require" -) - -func TestValidateLogin(t *testing.T) { - f := iamauthtest.MakeFixture() - - var ( - serverForRoleMismatchedIds = &iamauthtest.Server{ - GetCallerIdentityResponse: f.ServerForRole.GetCallerIdentityResponse, - GetRoleResponse: responsestest.MakeGetRoleResponse(f.RoleARN, "AAAAsomenonmatchingid", responses.Tags{}), - } - serverForUserMismatchedIds = &iamauthtest.Server{ - GetCallerIdentityResponse: f.ServerForUser.GetCallerIdentityResponse, - GetUserResponse: responsestest.MakeGetUserResponse(f.UserARN, "AAAAsomenonmatchingid", responses.Tags{}), - } - ) - - cases := map[string]struct { - config *Config - server *iamauthtest.Server - expIdent *IdentityDetails - expError string - }{ - "no bound principals": { - expError: "not trusted", - server: f.ServerForRole, - config: &Config{}, - }, - "no matching principal": { - expError: "not trusted", - server: f.ServerForUser, - config: &Config{ - BoundIAMPrincipalARNs: []string{ - "arn:aws:iam::1234567890:user/some-other-role", - "arn:aws:iam::1234567890:user/some-other-user", - }, - }, - }, - "mismatched server id header": { - expError: `expected "some-non-matching-value" but got "server.id.example.com"`, - server: f.ServerForRole, - config: &Config{ - BoundIAMPrincipalARNs: []string{f.CanonicalRoleARN}, - ServerIDHeaderValue: "some-non-matching-value", - ServerIDHeaderName: "X-Test-ServerID", - }, - }, - "role unique id mismatch": { - expError: "unique id mismatch in login token", - // The RoleId in the GetRole response must match the UserId in the GetCallerIdentity response - // during login. If not, the RoleId cannot be used. - server: serverForRoleMismatchedIds, - config: &Config{ - BoundIAMPrincipalARNs: []string{f.RoleARN}, - EnableIAMEntityDetails: true, - }, - }, - "user unique id mismatch": { - expError: "unique id mismatch in login token", - server: serverForUserMismatchedIds, - config: &Config{ - BoundIAMPrincipalARNs: []string{f.UserARN}, - EnableIAMEntityDetails: true, - }, - }, - } - logger := hclog.New(nil) - for name, c := range cases { - t.Run(name, func(t *testing.T) { - fakeAws := iamauthtest.NewTestServer(t, c.server) - - c.config.STSEndpoint = fakeAws.URL + "/sts" - c.config.IAMEndpoint = fakeAws.URL + "/iam" - setTestHeaderNames(c.config) - - // This bypasses NewAuthenticator, which bypasses config.Validate(). - auth := &Authenticator{config: c.config, logger: logger} - - loginInput := &LoginInput{ - Creds: credentials.NewStaticCredentials("fake", "fake", ""), - IncludeIAMEntity: c.config.EnableIAMEntityDetails, - STSEndpoint: c.config.STSEndpoint, - STSRegion: "fake-region", - Logger: logger, - ServerIDHeaderValue: "server.id.example.com", - } - setLoginInputHeaderNames(loginInput) - loginData, err := GenerateLoginData(loginInput) - require.NoError(t, err) - loginBytes, err := json.Marshal(loginData) - require.NoError(t, err) - - ident, err := auth.ValidateLogin(context.Background(), string(loginBytes)) - if c.expError != "" { - require.Error(t, err) - require.Contains(t, err.Error(), c.expError) - require.Nil(t, ident) - } else { - require.NoError(t, err) - require.Equal(t, c.expIdent, ident) - } - }) - } -} - -func setLoginInputHeaderNames(in *LoginInput) { - in.ServerIDHeaderName = "X-Test-ServerID" - in.GetEntityMethodHeader = "X-Test-Method" - in.GetEntityURLHeader = "X-Test-URL" - in.GetEntityHeadersHeader = "X-Test-Headers" - in.GetEntityBodyHeader = "X-Test-Body" -} diff --git a/internal/iamauth/config.go b/internal/iamauth/config.go deleted file mode 100644 index d3c722c55..000000000 --- a/internal/iamauth/config.go +++ /dev/null @@ -1,80 +0,0 @@ -package iamauth - -import ( - "fmt" - "strings" - - awsArn "github.com/aws/aws-sdk-go/aws/arn" -) - -type Config struct { - BoundIAMPrincipalARNs []string - EnableIAMEntityDetails bool - IAMEntityTags []string - ServerIDHeaderValue string - MaxRetries int - IAMEndpoint string - STSEndpoint string - AllowedSTSHeaderValues []string - - // Customizable header names - ServerIDHeaderName string - GetEntityMethodHeader string - GetEntityURLHeader string - GetEntityHeadersHeader string - GetEntityBodyHeader string -} - -func (c *Config) Validate() error { - if len(c.BoundIAMPrincipalARNs) == 0 { - return fmt.Errorf("BoundIAMPrincipalARNs is required and must have at least 1 entry") - } - - for _, arn := range c.BoundIAMPrincipalARNs { - if n := strings.Count(arn, "*"); n > 0 { - if !c.EnableIAMEntityDetails { - return fmt.Errorf("Must set EnableIAMEntityDetails=true to use wildcards in BoundIAMPrincipalARNs") - } - if n != 1 || !strings.HasSuffix(arn, "*") { - return fmt.Errorf("Only one wildcard is allowed at the end of the bound IAM principal ARN") - } - } - - if parsed, err := awsArn.Parse(arn); err != nil { - return fmt.Errorf("Invalid principal ARN: %q", arn) - } else if parsed.Service != "iam" && parsed.Service != "sts" { - return fmt.Errorf("Invalid principal ARN: %q", arn) - } - } - - if len(c.IAMEntityTags) > 0 && !c.EnableIAMEntityDetails { - return fmt.Errorf("Must set EnableIAMEntityDetails=true to use IAMUserTags") - } - - // If server id header checking is enabled, we need the header name. - if c.ServerIDHeaderValue != "" && c.ServerIDHeaderName == "" { - return fmt.Errorf("Must set ServerIDHeaderName to use a server ID value") - } - - if c.EnableIAMEntityDetails && (c.GetEntityBodyHeader == "" || - c.GetEntityHeadersHeader == "" || - c.GetEntityMethodHeader == "" || - c.GetEntityURLHeader == "") { - return fmt.Errorf("Must set all of GetEntityMethodHeader, GetEntityURLHeader, " + - "GetEntityHeadersHeader, and GetEntityBodyHeader when EnableIAMEntityDetails=true") - } - - if c.STSEndpoint != "" { - if _, err := parseUrl(c.STSEndpoint); err != nil { - return fmt.Errorf("STSEndpoint is invalid: %s", err) - } - } - - if c.IAMEndpoint != "" { - if _, err := parseUrl(c.IAMEndpoint); err != nil { - return fmt.Errorf("IAMEndpoint is invalid: %s", err) - } - } - - return nil -} diff --git a/internal/iamauth/config_test.go b/internal/iamauth/config_test.go deleted file mode 100644 index d23dc992a..000000000 --- a/internal/iamauth/config_test.go +++ /dev/null @@ -1,150 +0,0 @@ -package iamauth - -import ( - "fmt" - "testing" - - "github.com/stretchr/testify/require" -) - -func TestConfigValidate(t *testing.T) { - principalArn := "arn:aws:iam::000000000000:role/my-role" - - cases := map[string]struct { - expError string - configs []Config - - includeHeaderNames bool - }{ - "bound iam principals are required": { - expError: "BoundIAMPrincipalARNs is required and must have at least 1 entry", - configs: []Config{ - {BoundIAMPrincipalARNs: nil}, - {BoundIAMPrincipalARNs: []string{}}, - }, - }, - "entity tags require entity details": { - expError: "Must set EnableIAMEntityDetails=true to use IAMUserTags", - configs: []Config{ - { - BoundIAMPrincipalARNs: []string{principalArn}, - EnableIAMEntityDetails: false, - IAMEntityTags: []string{"some-tag"}, - }, - }, - }, - "entity details require all entity header names": { - expError: "Must set all of GetEntityMethodHeader, GetEntityURLHeader, " + - "GetEntityHeadersHeader, and GetEntityBodyHeader when EnableIAMEntityDetails=true", - configs: []Config{ - { - BoundIAMPrincipalARNs: []string{principalArn}, - EnableIAMEntityDetails: true, - }, - { - BoundIAMPrincipalARNs: []string{principalArn}, - EnableIAMEntityDetails: true, - GetEntityBodyHeader: "X-Test-Header", - }, - { - BoundIAMPrincipalARNs: []string{principalArn}, - EnableIAMEntityDetails: true, - GetEntityHeadersHeader: "X-Test-Header", - }, - { - BoundIAMPrincipalARNs: []string{principalArn}, - EnableIAMEntityDetails: true, - GetEntityURLHeader: "X-Test-Header", - }, - { - BoundIAMPrincipalARNs: []string{principalArn}, - EnableIAMEntityDetails: true, - GetEntityMethodHeader: "X-Test-Header", - }, - }, - }, - "wildcard principals require entity details": { - expError: "Must set EnableIAMEntityDetails=true to use wildcards in BoundIAMPrincipalARNs", - configs: []Config{ - {BoundIAMPrincipalARNs: []string{"arn:aws:iam::000000000000:role/*"}}, - {BoundIAMPrincipalARNs: []string{"arn:aws:iam::000000000000:role/path/*"}}, - }, - }, - "only one wildcard suffix is allowed": { - expError: "Only one wildcard is allowed at the end of the bound IAM principal ARN", - configs: []Config{ - { - BoundIAMPrincipalARNs: []string{"arn:aws:iam::000000000000:role/**"}, - EnableIAMEntityDetails: true, - }, - { - BoundIAMPrincipalARNs: []string{"arn:aws:iam::000000000000:role/*/*"}, - EnableIAMEntityDetails: true, - }, - { - BoundIAMPrincipalARNs: []string{"arn:aws:iam::000000000000:role/*/path"}, - EnableIAMEntityDetails: true, - }, - { - BoundIAMPrincipalARNs: []string{"arn:aws:iam::000000000000:role/*/path/*"}, - EnableIAMEntityDetails: true, - }, - }, - }, - "invalid principal arns are disallowed": { - expError: fmt.Sprintf("Invalid principal ARN"), - configs: []Config{ - {BoundIAMPrincipalARNs: []string{""}}, - {BoundIAMPrincipalARNs: []string{" "}}, - {BoundIAMPrincipalARNs: []string{"*"}, EnableIAMEntityDetails: true}, - {BoundIAMPrincipalARNs: []string{"arn:aws:iam:role/my-role"}}, - }, - }, - "valid principal arns are allowed": { - includeHeaderNames: true, - configs: []Config{ - {BoundIAMPrincipalARNs: []string{"arn:aws:sts::000000000000:assumed-role/my-role/some-session-name"}}, - {BoundIAMPrincipalARNs: []string{"arn:aws:iam::000000000000:user/my-user"}}, - {BoundIAMPrincipalARNs: []string{"arn:aws:iam::000000000000:role/my-role"}}, - {BoundIAMPrincipalARNs: []string{"arn:aws:iam::000000000000:*"}, EnableIAMEntityDetails: true}, - {BoundIAMPrincipalARNs: []string{"arn:aws:iam::000000000000:role/*"}, EnableIAMEntityDetails: true}, - {BoundIAMPrincipalARNs: []string{"arn:aws:iam::000000000000:role/path/*"}, EnableIAMEntityDetails: true}, - {BoundIAMPrincipalARNs: []string{"arn:aws:iam::000000000000:user/*"}, EnableIAMEntityDetails: true}, - {BoundIAMPrincipalARNs: []string{"arn:aws:iam::000000000000:user/path/*"}, EnableIAMEntityDetails: true}, - }, - }, - "server id header value requires service id header name": { - expError: "Must set ServerIDHeaderName to use a server ID value", - configs: []Config{ - { - BoundIAMPrincipalARNs: []string{principalArn}, - ServerIDHeaderValue: "consul.test.example.com", - }, - }, - }, - } - - for name, c := range cases { - t.Run(name, func(t *testing.T) { - for _, conf := range c.configs { - if c.includeHeaderNames { - setTestHeaderNames(&conf) - } - err := conf.Validate() - if c.expError != "" { - require.Error(t, err) - require.Contains(t, err.Error(), c.expError) - } else { - require.NoError(t, err) - } - } - }) - } -} - -func setTestHeaderNames(conf *Config) { - conf.GetEntityMethodHeader = "X-Test-Method" - conf.GetEntityURLHeader = "X-Test-URL" - conf.GetEntityHeadersHeader = "X-Test-Headers" - conf.GetEntityBodyHeader = "X-Test-Body" -} diff --git a/internal/iamauth/iamauthtest/testing.go b/internal/iamauth/iamauthtest/testing.go deleted file mode 100644 index b2e1fb37c..000000000 --- a/internal/iamauth/iamauthtest/testing.go +++ /dev/null @@ -1,187 +0,0 @@ -package iamauthtest - -import ( - "encoding/xml" - "fmt" - "io" - "net/http" - "net/http/httptest" - "sort" - "strings" - "testing" - - "github.com/hashicorp/consul/internal/iamauth/responses" - "github.com/hashicorp/consul/internal/iamauth/responsestest" -) - -// NewTestServer returns a fake AWS API server for local tests: -// It supports the following paths: -// /sts returns STS API responses -// /iam returns IAM API responses -func NewTestServer(t *testing.T, s *Server) *httptest.Server { - server := httptest.NewUnstartedServer(s) - t.Cleanup(server.Close) - server.Start() - return server -} - -// Server contains configuration for the fake AWS API server. -type Server struct { - GetCallerIdentityResponse responses.GetCallerIdentityResponse - GetRoleResponse responses.GetRoleResponse - GetUserResponse responses.GetUserResponse -} - -func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) { - if r.Method != "POST" { - writeError(w, http.StatusBadRequest, r) - return - } - - switch { - case strings.HasPrefix(r.URL.Path, "/sts"): - writeXML(w, s.GetCallerIdentityResponse) - case strings.HasPrefix(r.URL.Path, "/iam"): - if bodyBytes, err := io.ReadAll(r.Body); err == nil { - body := string(bodyBytes) - switch { - case strings.Contains(body, "Action=GetRole"): - writeXML(w, s.GetRoleResponse) - return - case strings.Contains(body, "Action=GetUser"): - writeXML(w, s.GetUserResponse) - return - } - } - writeError(w, http.StatusBadRequest, r) - default: - writeError(w, http.StatusNotFound, r) - } -} - -func writeXML(w http.ResponseWriter, val interface{}) { - str, err := xml.MarshalIndent(val, "", " ") - if err != nil { - w.WriteHeader(http.StatusInternalServerError) - fmt.Fprint(w, err.Error()) - return - } - w.Header().Add("Content-Type", "text/xml") - w.WriteHeader(http.StatusOK) - fmt.Fprint(w, string(str)) -} - -func writeError(w http.ResponseWriter, code int, r *http.Request) { - w.WriteHeader(code) - msg := fmt.Sprintf("%s %s", r.Method, r.URL) - fmt.Fprintf(w, ` - - Fake AWS Server Error: %s - -`, msg) -} - -type Fixture struct { - AssumedRoleARN string - CanonicalRoleARN string - RoleARN string - RoleARNWildcard string - RoleName string - RolePath string - RoleTags map[string]string - - EntityID string - EntityIDWithSession string - AccountID string - - UserARN string - UserARNWildcard string - UserName string - UserPath string - UserTags map[string]string - - ServerForRole *Server - ServerForUser *Server -} - -func MakeFixture() Fixture { - f := Fixture{ - AssumedRoleARN: "arn:aws:sts::1234567890:assumed-role/my-role/some-session", - CanonicalRoleARN: "arn:aws:iam::1234567890:role/my-role", - RoleARN: "arn:aws:iam::1234567890:role/some/path/my-role", - RoleARNWildcard: "arn:aws:iam::1234567890:role/some/path/*", - RoleName: "my-role", - RolePath: "some/path", - RoleTags: map[string]string{ - "service-name": "my-service", - "env": "my-env", - }, - - EntityID: "AAAsomeuniqueid", - EntityIDWithSession: "AAAsomeuniqueid:some-session", - AccountID: "1234567890", - - UserARN: "arn:aws:iam::1234567890:user/my-user", - UserARNWildcard: "arn:aws:iam::1234567890:user/*", - UserName: "my-user", - UserPath: "", - UserTags: map[string]string{"user-group": "my-group"}, - } - - f.ServerForRole = &Server{ - GetCallerIdentityResponse: responsestest.MakeGetCallerIdentityResponse( - f.AssumedRoleARN, f.EntityIDWithSession, f.AccountID, - ), - GetRoleResponse: responsestest.MakeGetRoleResponse( - f.RoleARN, f.EntityID, toTags(f.RoleTags), - ), - } - - f.ServerForUser = &Server{ - GetCallerIdentityResponse: responsestest.MakeGetCallerIdentityResponse( - f.UserARN, f.EntityID, f.AccountID, - ), - GetUserResponse: responsestest.MakeGetUserResponse( - f.UserARN, f.EntityID, toTags(f.UserTags), - ), - } - - return f -} - -func (f *Fixture) RoleTagKeys() []string { return keys(f.RoleTags) } -func (f *Fixture) UserTagKeys() []string { return keys(f.UserTags) } -func (f *Fixture) RoleTagValues() []string { return values(f.RoleTags) } -func (f *Fixture) UserTagValues() []string { return values(f.UserTags) } - -// toTags converts the map to a slice of responses.Tag -func toTags(tags map[string]string) responses.Tags { - members := []responses.TagMember{} - for k, v := range tags { - members = append(members, responses.TagMember{ - Key: k, - Value: v, - }) - } - return responses.Tags{Members: members} - -} - -// keys returns the keys in sorted order -func keys(tags map[string]string) []string { - result := []string{} - for k := range tags { - result = append(result, k) - } - sort.Strings(result) - return result -} - -// values returns values in tags, ordered by sorted keys -func values(tags map[string]string) []string { - result := []string{} - for _, k := range keys(tags) { // ensures sorted by key - result = append(result, tags[k]) - } - return result -} diff --git a/internal/iamauth/responses/arn.go b/internal/iamauth/responses/arn.go deleted file mode 100644 index ea5e541d3..000000000 --- a/internal/iamauth/responses/arn.go +++ /dev/null @@ -1,94 +0,0 @@ -package responses - -import ( - "fmt" - "strings" -) - -// https://github.com/hashicorp/vault/blob/ba533d006f2244103648785ebfe8a9a9763d2b6e/builtin/credential/aws/path_login.go#L1722-L1744 -type ParsedArn struct { - Partition string - AccountNumber string - Type string - Path string - FriendlyName string - SessionInfo string -} - -// https://github.com/hashicorp/vault/blob/ba533d006f2244103648785ebfe8a9a9763d2b6e/builtin/credential/aws/path_login.go#L1482-L1530 -// However, instance profiles are not support in Consul. -func ParseArn(iamArn string) (*ParsedArn, error) { - // iamArn should look like one of the following: - // 1. arn:aws:iam:::/ - // 2. arn:aws:sts:::assumed-role// - // if we get something like 2, then we want to transform that back to what - // most people would expect, which is arn:aws:iam:::role/ - var entity ParsedArn - fullParts := strings.Split(iamArn, ":") - if len(fullParts) != 6 { - return nil, fmt.Errorf("unrecognized arn: contains %d colon-separated parts, expected 6", len(fullParts)) - } - if fullParts[0] != "arn" { - return nil, fmt.Errorf("unrecognized arn: does not begin with \"arn:\"") - } - // normally aws, but could be aws-cn or aws-us-gov - entity.Partition = fullParts[1] - if entity.Partition == "" { - return nil, fmt.Errorf("unrecognized arn: %q is missing the partition", iamArn) - } - if fullParts[2] != "iam" && fullParts[2] != "sts" { - return nil, fmt.Errorf("unrecognized service: %v, not one of iam or sts", fullParts[2]) - } - // fullParts[3] is the region, which doesn't matter for AWS IAM entities - entity.AccountNumber = fullParts[4] - if entity.AccountNumber == "" { - return nil, fmt.Errorf("unrecognized arn: %q is missing the account number", iamArn) - } - // fullParts[5] would now be something like user/ or assumed-role// - parts := strings.Split(fullParts[5], "/") - if len(parts) < 2 { - return nil, fmt.Errorf("unrecognized arn: %q contains fewer than 2 slash-separated parts", fullParts[5]) - } - entity.Type = parts[0] - entity.Path = strings.Join(parts[1:len(parts)-1], "/") - entity.FriendlyName = parts[len(parts)-1] - // now, entity.FriendlyName should either be or - switch entity.Type { - case "assumed-role": - // Check for three parts for assumed role ARNs - if len(parts) < 3 { - return nil, fmt.Errorf("unrecognized arn: %q contains fewer than 3 slash-separated parts", fullParts[5]) - } - // Assumed roles don't have paths and have a slightly different format - // parts[2] is - entity.Path = "" - entity.FriendlyName = parts[1] - entity.SessionInfo = parts[2] - case "user": - case "role": - // case "instance-profile": - default: - return nil, fmt.Errorf("unrecognized principal type: %q", entity.Type) - } - - if entity.FriendlyName == "" { - return nil, fmt.Errorf("unrecognized arn: %q is missing the resource name", iamArn) - } - - return &entity, nil -} - -// CanonicalArn returns the canonical ARN for referring to an IAM entity -func (p *ParsedArn) CanonicalArn() string { - entityType := p.Type - // canonicalize "assumed-role" into "role" - if entityType == "assumed-role" { - entityType = "role" - } - // Annoyingly, the assumed-role entity type doesn't have the Path of the role which was assumed - // So, we "canonicalize" it by just completely dropping the path. The other option would be to - // make an AWS API call to look up the role by FriendlyName, which introduces more complexity to - // code and test, and it also breaks backwards compatibility in an area where we would really want - // it - return fmt.Sprintf("arn:%s:iam::%s:%s/%s", p.Partition, p.AccountNumber, entityType, p.FriendlyName) -} diff --git a/internal/iamauth/responses/responses.go b/internal/iamauth/responses/responses.go deleted file mode 100644 index ed57ca97b..000000000 --- a/internal/iamauth/responses/responses.go +++ /dev/null @@ -1,96 +0,0 @@ -package responses - -import "encoding/xml" - -type GetCallerIdentityResponse struct { - XMLName xml.Name `xml:"GetCallerIdentityResponse"` - GetCallerIdentityResult []GetCallerIdentityResult `xml:"GetCallerIdentityResult"` - ResponseMetadata []ResponseMetadata `xml:"ResponseMetadata"` -} - -type GetCallerIdentityResult struct { - Arn string `xml:"Arn"` - UserId string `xml:"UserId"` - Account string `xml:"Account"` -} - -type ResponseMetadata struct { - RequestId string `xml:"RequestId"` -} - -// IAMEntity is an interface for getting details from an IAM Role or User. -type IAMEntity interface { - EntityPath() string - EntityArn() string - EntityName() string - EntityId() string - EntityTags() map[string]string -} - -var _ IAMEntity = (*Role)(nil) -var _ IAMEntity = (*User)(nil) - -type GetRoleResponse struct { - XMLName xml.Name `xml:"GetRoleResponse"` - GetRoleResult []GetRoleResult `xml:"GetRoleResult"` - ResponseMetadata []ResponseMetadata `xml:"ResponseMetadata"` -} - -type GetRoleResult struct { - Role Role `xml:"Role"` -} - -type Role struct { - Arn string `xml:"Arn"` - Path string `xml:"Path"` - RoleId string `xml:"RoleId"` - RoleName string `xml:"RoleName"` - Tags Tags `xml:"Tags"` -} - -func (r *Role) EntityPath() string { return r.Path } -func (r *Role) EntityArn() string { return r.Arn } -func (r *Role) EntityName() string { return r.RoleName } -func (r *Role) EntityId() string { return r.RoleId } -func (r *Role) EntityTags() map[string]string { return tagsToMap(r.Tags) } - -type GetUserResponse struct { - XMLName xml.Name `xml:"GetUserResponse"` - GetUserResult []GetUserResult `xml:"GetUserResult"` - ResponseMetadata []ResponseMetadata `xml:"ResponseMetadata"` -} - -type GetUserResult struct { - User User `xml:"User"` -} - -type User struct { - Arn string `xml:"Arn"` - Path string `xml:"Path"` - UserId string `xml:"UserId"` - UserName string `xml:"UserName"` - Tags Tags `xml:"Tags"` -} - -func (u *User) EntityPath() string { return u.Path } -func (u *User) EntityArn() string { return u.Arn } -func (u *User) EntityName() string { return u.UserName } -func (u *User) EntityId() string { return u.UserId } -func (u *User) EntityTags() map[string]string { return tagsToMap(u.Tags) } - -type Tags struct { - Members []TagMember `xml:"member"` -} - -type TagMember struct { - Key string `xml:"Key"` - Value string `xml:"Value"` -} - -func tagsToMap(tags Tags) map[string]string { - result := map[string]string{} - for _, tag := range tags.Members { - result[tag.Key] = tag.Value - } - return result -} diff --git a/internal/iamauth/responses/responses_test.go b/internal/iamauth/responses/responses_test.go deleted file mode 100644 index a641be45a..000000000 --- a/internal/iamauth/responses/responses_test.go +++ /dev/null @@ -1,293 +0,0 @@ -package responses - -import ( - "encoding/xml" - "testing" - - "github.com/stretchr/testify/require" -) - -func TestParseArn(t *testing.T) { - cases := map[string]struct { - arn string - expArn *ParsedArn - }{ - "assumed-role": { - arn: "arn:aws:sts::000000000000:assumed-role/my-role/session-name", - expArn: &ParsedArn{ - Partition: "aws", - AccountNumber: "000000000000", - Type: "assumed-role", - Path: "", - FriendlyName: "my-role", - SessionInfo: "session-name", - }, - }, - "role": { - arn: "arn:aws:iam::000000000000:role/my-role", - expArn: &ParsedArn{ - Partition: "aws", - AccountNumber: "000000000000", - Type: "role", - Path: "", - FriendlyName: "my-role", - SessionInfo: "", - }, - }, - "user": { - arn: "arn:aws:iam::000000000000:user/my-user", - expArn: &ParsedArn{ - Partition: "aws", - AccountNumber: "000000000000", - Type: "user", - Path: "", - FriendlyName: "my-user", - SessionInfo: "", - }, - }, - "role with path": { - arn: "arn:aws:iam::000000000000:role/path/my-role", - expArn: &ParsedArn{ - Partition: "aws", - AccountNumber: "000000000000", - Type: "role", - Path: "path", - FriendlyName: "my-role", - SessionInfo: "", - }, - }, - "role with path 2": { - arn: "arn:aws:iam::000000000000:role/path/to/my-role", - expArn: &ParsedArn{ - Partition: "aws", - AccountNumber: "000000000000", - Type: "role", - Path: "path/to", - FriendlyName: "my-role", - SessionInfo: "", - }, - }, - "role with path 3": { - arn: "arn:aws:iam::000000000000:role/some/path/to/my-role", - expArn: &ParsedArn{ - Partition: "aws", - AccountNumber: "000000000000", - Type: "role", - Path: "some/path/to", - FriendlyName: "my-role", - SessionInfo: "", - }, - }, - "user with path": { - arn: "arn:aws:iam::000000000000:user/path/my-user", - expArn: &ParsedArn{ - Partition: "aws", - AccountNumber: "000000000000", - Type: "user", - Path: "path", - FriendlyName: "my-user", - SessionInfo: "", - }, - }, - - // Invalid cases - "empty string": {arn: ""}, - "wildcard": {arn: "*"}, - "missing prefix": {arn: ":aws:sts::000000000000:assumed-role/my-role/session-name"}, - "missing partition": {arn: "arn::sts::000000000000:assumed-role/my-role/session-name"}, - "missing service": {arn: "arn:aws:::000000000000:assumed-role/my-role/session-name"}, - "missing separator": {arn: "arn:aws:sts:000000000000:assumed-role/my-role/session-name"}, - "missing account id": {arn: "arn:aws:sts:::assumed-role/my-role/session-name"}, - "missing resource": {arn: "arn:aws:sts::000000000000:"}, - "assumed-role missing parts": {arn: "arn:aws:sts::000000000000:assumed-role/my-role"}, - "role missing parts": {arn: "arn:aws:sts::000000000000:role"}, - "role missing parts 2": {arn: "arn:aws:sts::000000000000:role/"}, - "user missing parts": {arn: "arn:aws:sts::000000000000:user"}, - "user missing parts 2": {arn: "arn:aws:sts::000000000000:user/"}, - "unsupported service": {arn: "arn:aws:ecs:us-east-1:000000000000:task/my-task/00000000000000000000000000000000"}, - } - - for name, c := range cases { - t.Run(name, func(t *testing.T) { - parsed, err := ParseArn(c.arn) - if c.expArn != nil { - require.NoError(t, err) - require.Equal(t, c.expArn, parsed) - } else { - require.Error(t, err) - require.Nil(t, parsed) - } - }) - } -} - -func TestCanonicalArn(t *testing.T) { - cases := map[string]struct { - arn string - expArn string - }{ - "assumed-role arn": { - arn: "arn:aws:sts::000000000000:assumed-role/my-role/session-name", - expArn: "arn:aws:iam::000000000000:role/my-role", - }, - "role arn": { - arn: "arn:aws:iam::000000000000:role/my-role", - expArn: "arn:aws:iam::000000000000:role/my-role", - }, - "role arn with path": { - arn: "arn:aws:iam::000000000000:role/path/to/my-role", - expArn: "arn:aws:iam::000000000000:role/my-role", - }, - "user arn": { - arn: "arn:aws:iam::000000000000:user/my-user", - expArn: "arn:aws:iam::000000000000:user/my-user", - }, - "user arn with path": { - arn: "arn:aws:iam::000000000000:user/path/to/my-user", - expArn: "arn:aws:iam::000000000000:user/my-user", - }, - } - - for name, c := range cases { - t.Run(name, func(t *testing.T) { - parsed, err := ParseArn(c.arn) - require.NoError(t, err) - require.Equal(t, c.expArn, parsed.CanonicalArn()) - }) - } -} - -func TestUnmarshalXML(t *testing.T) { - t.Run("user xml", func(t *testing.T) { - var resp GetUserResponse - err := xml.Unmarshal([]byte(rawUserXML), &resp) - require.NoError(t, err) - require.Equal(t, expectedParsedUserXML, resp) - }) - t.Run("role xml", func(t *testing.T) { - var resp GetRoleResponse - err := xml.Unmarshal([]byte(rawRoleXML), &resp) - require.NoError(t, err) - require.Equal(t, expectedParsedRoleXML, resp) - }) -} - -var ( - rawUserXML = ` - - - / - arn:aws:iam::000000000000:user/my-user - my-user - AIDAexampleuserid - 2021-01-01T00:01:02Z - - - some-value - some-tag - - - another-value - another-tag - - - third-value - third-tag - - - - - - 11815b96-cb16-4d33-b2cf-0042fa4db4cd - -` - - expectedParsedUserXML = GetUserResponse{ - XMLName: xml.Name{ - Space: "https://iam.amazonaws.com/doc/2010-05-08/", - Local: "GetUserResponse", - }, - GetUserResult: []GetUserResult{ - { - User: User{ - Arn: "arn:aws:iam::000000000000:user/my-user", - Path: "/", - UserId: "AIDAexampleuserid", - UserName: "my-user", - Tags: Tags{ - Members: []TagMember{ - {Key: "some-tag", Value: "some-value"}, - {Key: "another-tag", Value: "another-value"}, - {Key: "third-tag", Value: "third-value"}, - }, - }, - }, - }, - }, - ResponseMetadata: []ResponseMetadata{ - {RequestId: "11815b96-cb16-4d33-b2cf-0042fa4db4cd"}, - }, - } - - rawRoleXML = ` - - - / - some-json-document-that-we-ignore - 43200 - AROAsomeuniqueid - - 2022-01-01T01:02:03Z - us-east-1 - - my-role - arn:aws:iam::000000000000:role/my-role - 2020-01-01T00:00:01Z - - - some-value - some-key - - - another-value - another-key - - - a-third-value - third-key - - - - - - a9866067-c0e5-4b5e-86ba-429c1151e2fb - -` - - expectedParsedRoleXML = GetRoleResponse{ - XMLName: xml.Name{ - Space: "https://iam.amazonaws.com/doc/2010-05-08/", - Local: "GetRoleResponse", - }, - GetRoleResult: []GetRoleResult{ - { - Role: Role{ - Arn: "arn:aws:iam::000000000000:role/my-role", - Path: "/", - RoleId: "AROAsomeuniqueid", - RoleName: "my-role", - Tags: Tags{ - Members: []TagMember{ - {Key: "some-key", Value: "some-value"}, - {Key: "another-key", Value: "another-value"}, - {Key: "third-key", Value: "a-third-value"}, - }, - }, - }, - }, - }, - ResponseMetadata: []ResponseMetadata{ - {RequestId: "a9866067-c0e5-4b5e-86ba-429c1151e2fb"}, - }, - } -) diff --git a/internal/iamauth/responsestest/testing.go b/internal/iamauth/responsestest/testing.go deleted file mode 100644 index 7daec0517..000000000 --- a/internal/iamauth/responsestest/testing.go +++ /dev/null @@ -1,81 +0,0 @@ -package responsestest - -import ( - "strings" - - "github.com/hashicorp/consul/internal/iamauth/responses" -) - -func MakeGetCallerIdentityResponse(arn, userId, accountId string) responses.GetCallerIdentityResponse { - // Sanity check the UserId for unit tests. - parsed := parseArn(arn) - switch parsed.Type { - case "assumed-role": - if !strings.Contains(userId, ":") { - panic("UserId for assumed-role in GetCallerIdentity response must be ':'") - } - default: - if strings.Contains(userId, ":") { - panic("UserId in GetCallerIdentity must not contain ':'") - } - } - - return responses.GetCallerIdentityResponse{ - GetCallerIdentityResult: []responses.GetCallerIdentityResult{ - { - Arn: arn, - UserId: userId, - Account: accountId, - }, - }, - } -} - -func MakeGetRoleResponse(arn, id string, tags responses.Tags) responses.GetRoleResponse { - if strings.Contains(id, ":") { - panic("RoleId in GetRole response must not contain ':'") - } - parsed := parseArn(arn) - return responses.GetRoleResponse{ - GetRoleResult: []responses.GetRoleResult{ - { - Role: responses.Role{ - Arn: arn, - Path: parsed.Path, - RoleId: id, - RoleName: parsed.FriendlyName, - Tags: tags, - }, - }, - }, - } -} - -func MakeGetUserResponse(arn, id string, tags responses.Tags) responses.GetUserResponse { - if strings.Contains(id, ":") { - panic("UserId in GetUser resposne must not contain ':'") - } - parsed := parseArn(arn) - return responses.GetUserResponse{ - GetUserResult: []responses.GetUserResult{ - { - User: responses.User{ - Arn: arn, - Path: parsed.Path, - UserId: id, - UserName: parsed.FriendlyName, - Tags: tags, - }, - }, - }, - } -} - -func parseArn(arn string) *responses.ParsedArn { - parsed, err := responses.ParseArn(arn) - if err != nil { - // For testing, just fail immediately. - panic(err) - } - return parsed -} diff --git a/internal/iamauth/token.go b/internal/iamauth/token.go deleted file mode 100644 index 10422ca6c..000000000 --- a/internal/iamauth/token.go +++ /dev/null @@ -1,403 +0,0 @@ -package iamauth - -import ( - "encoding/base64" - "encoding/json" - "fmt" - "net/http" - "net/textproto" - "net/url" - "strings" - - "github.com/hashicorp/consul/lib/stringslice" -) - -const ( - amzHeaderPrefix = "X-Amz-" -) - -var defaultAllowedSTSRequestHeaders = []string{ - "X-Amz-Algorithm", - "X-Amz-Content-Sha256", - "X-Amz-Credential", - "X-Amz-Date", - "X-Amz-Security-Token", - "X-Amz-Signature", - "X-Amz-SignedHeaders", -} - -// BearerToken is a login "token" for an IAM auth method. It is a signed -// sts:GetCallerIdentity request in JSON format. Optionally, it can include a -// signed embedded iam:GetRole or iam:GetUser request in the headers. -type BearerToken struct { - config *Config - - getCallerIdentityMethod string - getCallerIdentityURL string - getCallerIdentityHeader http.Header - getCallerIdentityBody string - - getIAMEntityMethod string - getIAMEntityURL string - getIAMEntityHeader http.Header - getIAMEntityBody string - - entityRequestType string - parsedCallerIdentityURL *url.URL - parsedIAMEntityURL *url.URL -} - -var _ json.Unmarshaler = (*BearerToken)(nil) - -func NewBearerToken(loginToken string, config *Config) (*BearerToken, error) { - token := &BearerToken{config: config} - if err := json.Unmarshal([]byte(loginToken), &token); err != nil { - return nil, fmt.Errorf("invalid token: %s", err) - } - - if err := token.validate(); err != nil { - return nil, err - } - - if config.EnableIAMEntityDetails { - method, err := token.getHeader(token.config.GetEntityMethodHeader) - if err != nil { - return nil, err - } - - rawUrl, err := token.getHeader(token.config.GetEntityURLHeader) - if err != nil { - return nil, err - } - - headerJson, err := token.getHeader(token.config.GetEntityHeadersHeader) - if err != nil { - return nil, err - } - - var header http.Header - if err := json.Unmarshal([]byte(headerJson), &header); err != nil { - return nil, err - } - - body, err := token.getHeader(token.config.GetEntityBodyHeader) - if err != nil { - return nil, err - } - - parsedUrl, err := parseUrl(rawUrl) - if err != nil { - return nil, err - } - - token.getIAMEntityMethod = method - token.getIAMEntityBody = body - token.getIAMEntityURL = rawUrl - token.getIAMEntityHeader = header - token.parsedIAMEntityURL = parsedUrl - - if err := token.validateIAMHostname(); err != nil { - return nil, err - } - - reqType, err := token.validateIAMEntityBody() - if err != nil { - return nil, err - } - token.entityRequestType = reqType - } - return token, nil -} - -// https://github.com/hashicorp/vault/blob/b17e3256dde937a6248c9a2fa56206aac93d07de/builtin/credential/aws/path_login.go#L1178 -func (t *BearerToken) validate() error { - if t.getCallerIdentityMethod != "POST" { - return fmt.Errorf("iam_http_request_method must be POST") - } - if err := t.validateSTSHostname(); err != nil { - return err - } - if err := t.validateGetCallerIdentityBody(); err != nil { - return err - } - if err := t.validateAllowedSTSHeaderValues(); err != nil { - return err - } - return nil -} - -// validateSTSHostname checks the CallerIdentityURL in the BearerToken -// either matches the admin configured STSEndpoint or, if STSEndpoint is not set, -// that the URL matches a known Amazon AWS hostname for the STS service, one of: -// -// sts.amazonaws.com -// sts.*.amazonaws.com -// sts-fips.amazonaws.com -// sts-fips.*.amazonaws.com -// -// See https://docs.aws.amazon.com/general/latest/gr/sts.html -func (t *BearerToken) validateSTSHostname() error { - if t.config.STSEndpoint != "" { - // If an STS endpoint is configured, we (elsewhere) send the request to that endpoint. - return nil - } - if t.parsedCallerIdentityURL == nil { - return fmt.Errorf("invalid GetCallerIdentity URL: %v", t.getCallerIdentityURL) - } - - // Otherwise, validate the hostname looks like a known STS endpoint. - host := t.parsedCallerIdentityURL.Hostname() - if strings.HasSuffix(host, ".amazonaws.com") && - (strings.HasPrefix(host, "sts.") || strings.HasPrefix(host, "sts-fips.")) { - return nil - } - return fmt.Errorf("invalid STS hostname: %q", host) -} - -// validateIAMHostname checks the IAMEntityURL in the BearerToken -// either matches the admin configured IAMEndpoint or, if IAMEndpoint is not set, -// that the URL matches a known Amazon AWS hostname for the IAM service, one of: -// -// iam.amazonaws.com -// iam.*.amazonaws.com -// iam-fips.amazonaws.com -// iam-fips.*.amazonaws.com -// -// See https://docs.aws.amazon.com/general/latest/gr/iam-service.html -func (t *BearerToken) validateIAMHostname() error { - if t.config.IAMEndpoint != "" { - // If an IAM endpoint is configured, we (elsewhere) send the request to that endpoint. - return nil - } - if t.parsedIAMEntityURL == nil { - return fmt.Errorf("invalid IAM URL: %v", t.getIAMEntityURL) - } - - // Otherwise, validate the hostname looks like a known IAM endpoint. - host := t.parsedIAMEntityURL.Hostname() - if strings.HasSuffix(host, ".amazonaws.com") && - (strings.HasPrefix(host, "iam.") || strings.HasPrefix(host, "iam-fips.")) { - return nil - } - return fmt.Errorf("invalid IAM hostname: %q", host) -} - -// https://github.com/hashicorp/vault/blob/b17e3256dde937a6248c9a2fa56206aac93d07de/builtin/credential/aws/path_login.go#L1439 -func (t *BearerToken) validateGetCallerIdentityBody() error { - allowedValues := url.Values{ - "Action": []string{"GetCallerIdentity"}, - // Will assume for now that future versions don't change - // the semantics - "Version": nil, // any value is allowed - } - if _, err := parseRequestBody(t.getCallerIdentityBody, allowedValues); err != nil { - return fmt.Errorf("iam_request_body error: %s", err) - } - - return nil -} - -func (t *BearerToken) validateIAMEntityBody() (string, error) { - allowedValues := url.Values{ - "Action": []string{"GetRole", "GetUser"}, - "RoleName": nil, // any value is allowed - "UserName": nil, - "Version": nil, - } - body, err := parseRequestBody(t.getIAMEntityBody, allowedValues) - if err != nil { - return "", fmt.Errorf("iam_request_headers[%s] error: %s", t.config.GetEntityBodyHeader, err) - } - - // Disallow GetRole+UserName and GetUser+RoleName. - action := body["Action"][0] - _, hasRoleName := body["RoleName"] - _, hasUserName := body["UserName"] - if action == "GetUser" && hasUserName && !hasRoleName { - return action, nil - } else if action == "GetRole" && hasRoleName && !hasUserName { - return action, nil - } - return "", fmt.Errorf("iam_request_headers[%q] error: invalid request body %q", t.config.GetEntityBodyHeader, t.getIAMEntityBody) -} - -// parseRequestBody parses the AWS STS or IAM request body, such as 'Action=GetRole&RoleName=my-role'. -// It returns the parsed values, or an error if there are unexpected fields based on allowedValues. -// -// A key-value pair in the body is allowed if: -// - It is a single value (i.e. no bodies like 'Action=1&Action=2') -// - allowedValues[key] is an empty slice or nil (any value is allowed for the key) -// - allowedValues[key] is non-empty and contains the exact value -// This always requires an 'Action' field is present and non-empty. -func parseRequestBody(body string, allowedValues url.Values) (url.Values, error) { - qs, err := url.ParseQuery(body) - if err != nil { - return nil, err - } - - // Action field is always required. - if _, ok := qs["Action"]; !ok || len(qs["Action"]) == 0 || qs["Action"][0] == "" { - return nil, fmt.Errorf(`missing field "Action"`) - } - - // Ensure the body does not have extra fields and each - // field in the body matches the allowed values. - for k, v := range qs { - exp, ok := allowedValues[k] - if k != "Action" && !ok { - return nil, fmt.Errorf("unexpected field %q", k) - } - - if len(exp) == 0 { - // empty indicates any value is okay - continue - } else if len(v) != 1 || !stringslice.Contains(exp, v[0]) { - return nil, fmt.Errorf("unexpected value %s=%v", k, v) - } - } - - return qs, nil -} - -// https://github.com/hashicorp/vault/blob/861454e0ed1390d67ddaf1a53c1798e5e291728c/builtin/credential/aws/path_config_client.go#L349 -func (t *BearerToken) validateAllowedSTSHeaderValues() error { - for k := range t.getCallerIdentityHeader { - h := textproto.CanonicalMIMEHeaderKey(k) - if strings.HasPrefix(h, amzHeaderPrefix) && - !stringslice.Contains(defaultAllowedSTSRequestHeaders, h) && - !stringslice.Contains(t.config.AllowedSTSHeaderValues, h) { - return fmt.Errorf("invalid request header: %s", h) - } - } - return nil -} - -// UnmarshalJSON unmarshals the bearer token details which contains an HTTP -// request (a signed sts:GetCallerIdentity request). -func (t *BearerToken) UnmarshalJSON(data []byte) error { - var rawData struct { - Method string `json:"iam_http_request_method"` - UrlBase64 string `json:"iam_request_url"` - HeadersBase64 string `json:"iam_request_headers"` - BodyBase64 string `json:"iam_request_body"` - } - - if err := json.Unmarshal(data, &rawData); err != nil { - return err - } - - rawUrl, err := base64.StdEncoding.DecodeString(rawData.UrlBase64) - if err != nil { - return err - } - - headersJson, err := base64.StdEncoding.DecodeString(rawData.HeadersBase64) - if err != nil { - return err - } - - var headers http.Header - // This is a JSON-string in JSON - if err := json.Unmarshal(headersJson, &headers); err != nil { - return err - } - - body, err := base64.StdEncoding.DecodeString(rawData.BodyBase64) - if err != nil { - return err - } - - t.getCallerIdentityMethod = rawData.Method - t.getCallerIdentityBody = string(body) - t.getCallerIdentityHeader = headers - t.getCallerIdentityURL = string(rawUrl) - - parsedUrl, err := parseUrl(t.getCallerIdentityURL) - if err != nil { - return err - } - t.parsedCallerIdentityURL = parsedUrl - return nil -} - -func parseUrl(s string) (*url.URL, error) { - u, err := url.Parse(s) - if err != nil { - return nil, err - } - // url.Parse doesn't error on empty string - if u == nil || u.Scheme == "" || u.Host == "" { - return nil, fmt.Errorf("url is invalid: %q", s) - } - return u, nil -} - -// GetCallerIdentityRequest returns the sts:GetCallerIdentity request decoded -// from the bearer token. -func (t *BearerToken) GetCallerIdentityRequest() (*http.Request, error) { - // NOTE: We need to ensure we're calling STS, instead of acting as an unintended network proxy - // We validate up-front that t.getCallerIdentityURL is a known AWS STS hostname. - // Otherwise, we send to the admin-configured STSEndpoint. - endpoint := t.getCallerIdentityURL - if t.config.STSEndpoint != "" { - endpoint = t.config.STSEndpoint - } - - return buildHttpRequest( - t.getCallerIdentityMethod, - endpoint, - t.parsedCallerIdentityURL, - t.getCallerIdentityBody, - t.getCallerIdentityHeader, - ) -} - -// GetEntityRequest returns the iam:GetUser or iam:GetRole request from the request details, -// if present, embedded in the headers of the sts:GetCallerIdentity request. -func (t *BearerToken) GetEntityRequest() (*http.Request, error) { - endpoint := t.getIAMEntityURL - if t.config.IAMEndpoint != "" { - endpoint = t.config.IAMEndpoint - } - - return buildHttpRequest( - t.getIAMEntityMethod, - endpoint, - t.parsedIAMEntityURL, - t.getIAMEntityBody, - t.getIAMEntityHeader, - ) -} - -// getHeader returns the header from s.GetCallerIdentityHeader, or an error if -// the header is not found or is not a single value. -func (t *BearerToken) getHeader(name string) (string, error) { - values := t.getCallerIdentityHeader.Values(name) - if len(values) == 0 { - return "", fmt.Errorf("missing header %q", name) - } - if len(values) != 1 { - return "", fmt.Errorf("invalid value for header %q (expected 1 item)", name) - } - return values[0], nil -} - -// buildHttpRequest returns an HTTP request from the given details. -// This supports sending to a custom endpoint, but always preserves the -// Host header and URI path, which are signed and cannot be modified. -// There's a deeper explanation of this in the Vault source code. -// https://github.com/hashicorp/vault/blob/b17e3256dde937a6248c9a2fa56206aac93d07de/builtin/credential/aws/path_login.go#L1569 -func buildHttpRequest(method, endpoint string, parsedUrl *url.URL, body string, headers http.Header) (*http.Request, error) { - targetUrl := fmt.Sprintf("%s%s", endpoint, parsedUrl.RequestURI()) - request, err := http.NewRequest(method, targetUrl, strings.NewReader(body)) - if err != nil { - return nil, err - } - request.Host = parsedUrl.Host - for k, vals := range headers { - for _, val := range vals { - request.Header.Add(k, val) - } - } - return request, nil -} diff --git a/internal/iamauth/token_test.go b/internal/iamauth/token_test.go deleted file mode 100644 index 42f81151d..000000000 --- a/internal/iamauth/token_test.go +++ /dev/null @@ -1,483 +0,0 @@ -package iamauth - -import ( - "net/http" - "net/url" - "testing" - - "github.com/stretchr/testify/require" -) - -func TestNewBearerToken(t *testing.T) { - cases := map[string]struct { - tokenStr string - config Config - expToken BearerToken - expError string - }{ - "valid token": { - tokenStr: validBearerTokenJson, - expToken: validBearerTokenParsed, - }, - "valid token with role": { - tokenStr: validBearerTokenWithRoleJson, - config: Config{ - EnableIAMEntityDetails: true, - GetEntityMethodHeader: "X-Consul-IAM-GetEntity-Method", - GetEntityURLHeader: "X-Consul-IAM-GetEntity-URL", - GetEntityHeadersHeader: "X-Consul-IAM-GetEntity-Headers", - GetEntityBodyHeader: "X-Consul-IAM-GetEntity-Body", - STSEndpoint: validBearerTokenParsed.getCallerIdentityURL, - }, - expToken: validBearerTokenWithRoleParsed, - }, - - "empty json": { - tokenStr: `{}`, - expError: "unexpected end of JSON input", - }, - "missing iam_request_method field": { - tokenStr: tokenJsonMissingMethodField, - expError: "iam_http_request_method must be POST", - }, - "missing iam_request_url field": { - tokenStr: tokenJsonMissingUrlField, - expError: "url is invalid", - }, - "missing iam_request_headers field": { - tokenStr: tokenJsonMissingHeadersField, - expError: "unexpected end of JSON input", - }, - "missing iam_request_body field": { - tokenStr: tokenJsonMissingBodyField, - expError: "iam_request_body error", - }, - "invalid json": { - tokenStr: `{`, - expError: "unexpected end of JSON input", - }, - } - for name, c := range cases { - t.Run(name, func(t *testing.T) { - token, err := NewBearerToken(c.tokenStr, &c.config) - t.Logf("token = %+v", token) - if c.expError != "" { - require.Error(t, err) - require.Contains(t, err.Error(), c.expError) - require.Nil(t, token) - } else { - require.NoError(t, err) - c.expToken.config = &c.config - require.Equal(t, &c.expToken, token) - } - }) - } -} - -func TestParseRequestBody(t *testing.T) { - cases := map[string]struct { - body string - allowedValues url.Values - expValues url.Values - expError string - }{ - "one allowed field": { - body: "Action=GetCallerIdentity&Version=1234", - allowedValues: url.Values{"Version": []string{"1234"}}, - expValues: url.Values{ - "Action": []string{"GetCallerIdentity"}, - "Version": []string{"1234"}, - }, - }, - "many allowed fields": { - body: "Action=GetRole&RoleName=my-role&Version=1234", - allowedValues: url.Values{ - "Action": []string{"GetUser", "GetRole"}, - "UserName": nil, - "RoleName": nil, - "Version": nil, - }, - expValues: url.Values{ - "Action": []string{"GetRole"}, - "RoleName": []string{"my-role"}, - "Version": []string{"1234"}, - }, - }, - "action only": { - body: "Action=GetRole", - allowedValues: nil, - expValues: url.Values{"Action": []string{"GetRole"}}, - }, - - "empty body": { - expValues: url.Values{}, - expError: `missing field "Action"`, - }, - "disallowed field": { - body: "Action=GetRole&Version=1234&Extra=Abc", - allowedValues: url.Values{"Action": nil, "Version": nil}, - expError: `unexpected field "Extra"`, - }, - "mismatched action": { - body: "Action=GetRole", - allowedValues: url.Values{"Action": []string{"GetUser"}}, - expError: `unexpected value Action=[GetRole]`, - }, - "mismatched field": { - body: "Action=GetRole&Extra=1234", - allowedValues: url.Values{"Action": nil, "Extra": []string{"abc"}}, - expError: `unexpected value Extra=[1234]`, - }, - "multi-valued field": { - body: "Action=GetRole&Action=GetUser", - allowedValues: url.Values{"Action": []string{"GetRole", "GetUser"}}, - // only one value is allowed. - expError: `unexpected value Action=[GetRole GetUser]`, - }, - "empty action": { - body: "Action=", - allowedValues: nil, - expError: `missing field "Action"`, - }, - "missing action": { - body: "Version=1234", - allowedValues: url.Values{"Action": []string{"GetRole"}}, - expError: `missing field "Action"`, - }, - } - for name, c := range cases { - t.Run(name, func(t *testing.T) { - values, err := parseRequestBody(c.body, c.allowedValues) - if c.expError != "" { - require.Error(t, err) - require.Contains(t, err.Error(), c.expError) - require.Nil(t, values) - } else { - require.NoError(t, err) - require.Equal(t, c.expValues, values) - } - }) - } -} - -func TestValidateGetCallerIdentityBody(t *testing.T) { - cases := map[string]struct { - body string - expError string - }{ - "valid": {"Action=GetCallerIdentity&Version=1234", ""}, - "valid 2": {"Action=GetCallerIdentity", ""}, - "empty action": { - "Action=", - `iam_request_body error: missing field "Action"`, - }, - "invalid action": { - "Action=GetRole", - `iam_request_body error: unexpected value Action=[GetRole]`, - }, - "missing action": { - "Version=1234", - `iam_request_body error: missing field "Action"`, - }, - "empty": { - "", - `iam_request_body error: missing field "Action"`, - }, - } - for name, c := range cases { - t.Run(name, func(t *testing.T) { - token := &BearerToken{getCallerIdentityBody: c.body} - err := token.validateGetCallerIdentityBody() - if c.expError != "" { - require.Error(t, err) - require.Contains(t, err.Error(), c.expError) - } else { - require.NoError(t, err) - } - }) - } -} - -func TestValidateIAMEntityBody(t *testing.T) { - cases := map[string]struct { - body string - expReqType string - expError string - }{ - "valid role": { - body: "Action=GetRole&RoleName=my-role&Version=1234", - expReqType: "GetRole", - }, - "valid role without version": { - body: "Action=GetRole&RoleName=my-role", - expReqType: "GetRole", - }, - "valid user": { - body: "Action=GetUser&UserName=my-role&Version=1234", - expReqType: "GetUser", - }, - "valid user without version": { - body: "Action=GetUser&UserName=my-role", - expReqType: "GetUser", - }, - - "invalid action": { - body: "Action=GetCallerIdentity", - expError: `unexpected value Action=[GetCallerIdentity]`, - }, - "role missing action": { - body: "RoleName=my-role&Version=1234", - expError: `missing field "Action"`, - }, - "user missing action": { - body: "UserName=my-role&Version=1234", - expError: `missing field "Action"`, - }, - "empty": { - body: "", - expError: `missing field "Action"`, - }, - "empty action": { - body: "Action=", - expError: `missing field "Action"`, - }, - "role with user name": { - body: "Action=GetRole&UserName=my-role&Version=1234", - expError: `invalid request body`, - }, - "user with role name": { - body: "Action=GetUser&RoleName=my-role&Version=1234", - expError: `invalid request body`, - }, - } - for name, c := range cases { - t.Run(name, func(t *testing.T) { - token := &BearerToken{ - config: &Config{}, - getIAMEntityBody: c.body, - } - reqType, err := token.validateIAMEntityBody() - if c.expError != "" { - require.Error(t, err) - require.Contains(t, err.Error(), c.expError) - require.Equal(t, "", reqType) - } else { - require.NoError(t, err) - require.Equal(t, c.expReqType, reqType) - } - }) - } -} - -func TestValidateSTSHostname(t *testing.T) { - cases := []struct { - url string - ok bool - }{ - // https://docs.aws.amazon.com/general/latest/gr/sts.html - {"sts.us-east-2.amazonaws.com", true}, - {"sts-fips.us-east-2.amazonaws.com", true}, - {"sts.us-east-1.amazonaws.com", true}, - {"sts-fips.us-east-1.amazonaws.com", true}, - {"sts.us-west-1.amazonaws.com", true}, - {"sts-fips.us-west-1.amazonaws.com", true}, - {"sts.us-west-2.amazonaws.com", true}, - {"sts-fips.us-west-2.amazonaws.com", true}, - {"sts.af-south-1.amazonaws.com", true}, - {"sts.ap-east-1.amazonaws.com", true}, - {"sts.ap-southeast-3.amazonaws.com", true}, - {"sts.ap-south-1.amazonaws.com", true}, - {"sts.ap-northeast-3.amazonaws.com", true}, - {"sts.ap-northeast-2.amazonaws.com", true}, - {"sts.ap-southeast-1.amazonaws.com", true}, - {"sts.ap-southeast-2.amazonaws.com", true}, - {"sts.ap-northeast-1.amazonaws.com", true}, - {"sts.ca-central-1.amazonaws.com", true}, - {"sts.eu-central-1.amazonaws.com", true}, - {"sts.eu-west-1.amazonaws.com", true}, - {"sts.eu-west-2.amazonaws.com", true}, - {"sts.eu-south-1.amazonaws.com", true}, - {"sts.eu-west-3.amazonaws.com", true}, - {"sts.eu-north-1.amazonaws.com", true}, - {"sts.me-south-1.amazonaws.com", true}, - {"sts.sa-east-1.amazonaws.com", true}, - {"sts.us-gov-east-1.amazonaws.com", true}, - {"sts.us-gov-west-1.amazonaws.com", true}, - - // prefix must be either 'sts.' or 'sts-fips.' - {".amazonaws.com", false}, - {"iam.amazonaws.com", false}, - {"other.amazonaws.com", false}, - // suffix must be '.amazonaws.com' and not some other domain - {"stsamazonaws.com", false}, - {"sts-fipsamazonaws.com", false}, - {"sts.stsamazonaws.com", false}, - {"sts.notamazonaws.com", false}, - {"sts-fips.stsamazonaws.com", false}, - {"sts-fips.notamazonaws.com", false}, - {"sts.amazonaws.com.spoof", false}, - {"sts.amazonaws.spoof.com", false}, - {"xyz.sts.amazonaws.com", false}, - } - for _, c := range cases { - t.Run(c.url, func(t *testing.T) { - url := "https://" + c.url - parsedUrl, err := parseUrl(url) - require.NoError(t, err) - - token := &BearerToken{ - config: &Config{}, - getCallerIdentityURL: url, - parsedCallerIdentityURL: parsedUrl, - } - err = token.validateSTSHostname() - if c.ok { - require.NoError(t, err) - } else { - require.Error(t, err) - } - }) - } -} - -func TestValidateIAMHostname(t *testing.T) { - cases := []struct { - url string - ok bool - }{ - // https://docs.aws.amazon.com/general/latest/gr/iam-service.html - {"iam.amazonaws.com", true}, - {"iam-fips.amazonaws.com", true}, - {"iam.us-gov.amazonaws.com", true}, - {"iam-fips.us-gov.amazonaws.com", true}, - - // prefix must be either 'iam.' or 'aim-fips.' - {".amazonaws.com", false}, - {"sts.amazonaws.com", false}, - {"other.amazonaws.com", false}, - // suffix must be '.amazonaws.com' and not some other domain - {"iamamazonaws.com", false}, - {"iam-fipsamazonaws.com", false}, - {"iam.iamamazonaws.com", false}, - {"iam.notamazonaws.com", false}, - {"iam-fips.iamamazonaws.com", false}, - {"iam-fips.notamazonaws.com", false}, - {"iam.amazonaws.com.spoof", false}, - {"iam.amazonaws.spoof.com", false}, - {"xyz.iam.amazonaws.com", false}, - } - for _, c := range cases { - t.Run(c.url, func(t *testing.T) { - url := "https://" + c.url - parsedUrl, err := parseUrl(url) - require.NoError(t, err) - - token := &BearerToken{ - config: &Config{}, - getCallerIdentityURL: url, - parsedIAMEntityURL: parsedUrl, - } - err = token.validateIAMHostname() - if c.ok { - require.NoError(t, err) - } else { - require.Error(t, err) - } - }) - } -} - -var ( - validBearerTokenJson = `{ - "iam_http_request_method":"POST", - "iam_request_body":"QWN0aW9uPUdldENhbGxlcklkZW50aXR5JlZlcnNpb249MjAxMS0wNi0xNQ==", - "iam_request_headers":"eyJBdXRob3JpemF0aW9uIjpbIkFXUzQtSE1BQy1TSEEyNTYgQ3JlZGVudGlhbD1mYWtlLzIwMjIwMzIyL3VzLWVhc3QtMS9zdHMvYXdzNF9yZXF1ZXN0LCBTaWduZWRIZWFkZXJzPWNvbnRlbnQtbGVuZ3RoO2NvbnRlbnQtdHlwZTtob3N0O3gtYW16LWRhdGU7eC1hbXotc2VjdXJpdHktdG9rZW4sIFNpZ25hdHVyZT1lZmMzMjBiOTcyZDA3YjM4YjY1ZWIyNDI1NjgwNWUwMzE0OWRhNTg2ZDgwNGY4YzYzNjRjZTk4ZGViZTA4MGIxIl0sIkNvbnRlbnQtTGVuZ3RoIjpbIjQzIl0sIkNvbnRlbnQtVHlwZSI6WyJhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQ7IGNoYXJzZXQ9dXRmLTgiXSwiVXNlci1BZ2VudCI6WyJhd3Mtc2RrLWdvLzEuNDIuMzQgKGdvMS4xNy41OyBkYXJ3aW47IGFtZDY0KSJdLCJYLUFtei1EYXRlIjpbIjIwMjIwMzIyVDIxMTEwM1oiXSwiWC1BbXotU2VjdXJpdHktVG9rZW4iOlsiZmFrZSJdfQ==", - "iam_request_url":"aHR0cHM6Ly9zdHMuYW1hem9uYXdzLmNvbS8=" -}` - - validBearerTokenParsed = BearerToken{ - getCallerIdentityMethod: "POST", - getCallerIdentityURL: "https://sts.amazonaws.com/", - getCallerIdentityHeader: http.Header{ - "Authorization": []string{"AWS4-HMAC-SHA256 Credential=fake/20220322/us-east-1/sts/aws4_request, SignedHeaders=content-length;content-type;host;x-amz-date;x-amz-security-token, Signature=efc320b972d07b38b65eb24256805e03149da586d804f8c6364ce98debe080b1"}, - "Content-Length": []string{"43"}, - "Content-Type": []string{"application/x-www-form-urlencoded; charset=utf-8"}, - "User-Agent": []string{"aws-sdk-go/1.42.34 (go1.17.5; darwin; amd64)"}, - "X-Amz-Date": []string{"20220322T211103Z"}, - "X-Amz-Security-Token": []string{"fake"}, - }, - getCallerIdentityBody: "Action=GetCallerIdentity&Version=2011-06-15", - parsedCallerIdentityURL: &url.URL{ - Scheme: "https", - Host: "sts.amazonaws.com", - Path: "/", - }, - } - - validBearerTokenWithRoleJson = `{"iam_http_request_method":"POST","iam_request_body":"QWN0aW9uPUdldENhbGxlcklkZW50aXR5JlZlcnNpb249MjAxMS0wNi0xNQ==","iam_request_headers":"eyJBdXRob3JpemF0aW9uIjpbIkFXUzQtSE1BQy1TSEEyNTYgQ3JlZGVudGlhbD1mYWtlLWtleS1pZC8yMDIyMDMyMi9mYWtlLXJlZ2lvbi9zdHMvYXdzNF9yZXF1ZXN0LCBTaWduZWRIZWFkZXJzPWNvbnRlbnQtbGVuZ3RoO2NvbnRlbnQtdHlwZTtob3N0O3gtYW16LWRhdGU7eC1jb25zdWwtaWFtLWdldGVudGl0eS1ib2R5O3gtY29uc3VsLWlhbS1nZXRlbnRpdHktaGVhZGVyczt4LWNvbnN1bC1pYW0tZ2V0ZW50aXR5LW1ldGhvZDt4LWNvbnN1bC1pYW0tZ2V0ZW50aXR5LXVybCwgU2lnbmF0dXJlPTU2MWFjMzFiNWFkMDFjMTI0YzU0YzE2OGY3NmVhNmJmZDY0NWI4ZWM1MzQ1ZjgzNTc3MjljOWFhMGI0NzEzMzciXSwiQ29udGVudC1MZW5ndGgiOlsiNDMiXSwiQ29udGVudC1UeXBlIjpbImFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZDsgY2hhcnNldD11dGYtOCJdLCJVc2VyLUFnZW50IjpbImF3cy1zZGstZ28vMS40Mi4zNCAoZ28xLjE3LjU7IGRhcndpbjsgYW1kNjQpIl0sIlgtQW16LURhdGUiOlsiMjAyMjAzMjJUMjI1NzQyWiJdLCJYLUNvbnN1bC1JYW0tR2V0ZW50aXR5LUJvZHkiOlsiQWN0aW9uPUdldFJvbGVcdTAwMjZSb2xlTmFtZT1teS1yb2xlXHUwMDI2VmVyc2lvbj0yMDEwLTA1LTA4Il0sIlgtQ29uc3VsLUlhbS1HZXRlbnRpdHktSGVhZGVycyI6WyJ7XCJBdXRob3JpemF0aW9uXCI6W1wiQVdTNC1ITUFDLVNIQTI1NiBDcmVkZW50aWFsPWZha2Uta2V5LWlkLzIwMjIwMzIyL3VzLWVhc3QtMS9pYW0vYXdzNF9yZXF1ZXN0LCBTaWduZWRIZWFkZXJzPWNvbnRlbnQtbGVuZ3RoO2NvbnRlbnQtdHlwZTtob3N0O3gtYW16LWRhdGUsIFNpZ25hdHVyZT1hYTJhMTlkMGEzMDVkNzRiYmQwMDk3NzZiY2E4ODBlNTNjZmE5OTFlNDgzZTQwMzk0NzE4MWE0MWNjNDgyOTQwXCJdLFwiQ29udGVudC1MZW5ndGhcIjpbXCI1MFwiXSxcIkNvbnRlbnQtVHlwZVwiOltcImFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZDsgY2hhcnNldD11dGYtOFwiXSxcIlVzZXItQWdlbnRcIjpbXCJhd3Mtc2RrLWdvLzEuNDIuMzQgKGdvMS4xNy41OyBkYXJ3aW47IGFtZDY0KVwiXSxcIlgtQW16LURhdGVcIjpbXCIyMDIyMDMyMlQyMjU3NDJaXCJdfSJdLCJYLUNvbnN1bC1JYW0tR2V0ZW50aXR5LU1ldGhvZCI6WyJQT1NUIl0sIlgtQ29uc3VsLUlhbS1HZXRlbnRpdHktVXJsIjpbImh0dHBzOi8vaWFtLmFtYXpvbmF3cy5jb20vIl19","iam_request_url":"aHR0cDovLzEyNy4wLjAuMTo2MzY5Ni9zdHMv"}` - - validBearerTokenWithRoleParsed = BearerToken{ - getCallerIdentityMethod: "POST", - getCallerIdentityURL: "http://127.0.0.1:63696/sts/", - getCallerIdentityHeader: http.Header{ - "Authorization": []string{"AWS4-HMAC-SHA256 Credential=fake-key-id/20220322/fake-region/sts/aws4_request, SignedHeaders=content-length;content-type;host;x-amz-date;x-consul-iam-getentity-body;x-consul-iam-getentity-headers;x-consul-iam-getentity-method;x-consul-iam-getentity-url, Signature=561ac31b5ad01c124c54c168f76ea6bfd645b8ec5345f8357729c9aa0b471337"}, - "Content-Length": []string{"43"}, - "Content-Type": []string{"application/x-www-form-urlencoded; charset=utf-8"}, - "User-Agent": []string{"aws-sdk-go/1.42.34 (go1.17.5; darwin; amd64)"}, - "X-Amz-Date": []string{"20220322T225742Z"}, - "X-Consul-Iam-Getentity-Body": []string{"Action=GetRole&RoleName=my-role&Version=2010-05-08"}, - "X-Consul-Iam-Getentity-Headers": []string{`{"Authorization":["AWS4-HMAC-SHA256 Credential=fake-key-id/20220322/us-east-1/iam/aws4_request, SignedHeaders=content-length;content-type;host;x-amz-date, Signature=aa2a19d0a305d74bbd009776bca880e53cfa991e483e403947181a41cc482940"],"Content-Length":["50"],"Content-Type":["application/x-www-form-urlencoded; charset=utf-8"],"User-Agent":["aws-sdk-go/1.42.34 (go1.17.5; darwin; amd64)"],"X-Amz-Date":["20220322T225742Z"]}`}, - "X-Consul-Iam-Getentity-Method": []string{"POST"}, - "X-Consul-Iam-Getentity-Url": []string{"https://iam.amazonaws.com/"}, - }, - getCallerIdentityBody: "Action=GetCallerIdentity&Version=2011-06-15", - - // Fields parsed from headers above - getIAMEntityMethod: "POST", - getIAMEntityURL: "https://iam.amazonaws.com/", - getIAMEntityHeader: http.Header{ - "Authorization": []string{"AWS4-HMAC-SHA256 Credential=fake-key-id/20220322/us-east-1/iam/aws4_request, SignedHeaders=content-length;content-type;host;x-amz-date, Signature=aa2a19d0a305d74bbd009776bca880e53cfa991e483e403947181a41cc482940"}, - "Content-Length": []string{"50"}, - "Content-Type": []string{"application/x-www-form-urlencoded; charset=utf-8"}, - "User-Agent": []string{"aws-sdk-go/1.42.34 (go1.17.5; darwin; amd64)"}, - "X-Amz-Date": []string{"20220322T225742Z"}, - }, - getIAMEntityBody: "Action=GetRole&RoleName=my-role&Version=2010-05-08", - entityRequestType: "GetRole", - - parsedCallerIdentityURL: &url.URL{ - Scheme: "http", - Host: "127.0.0.1:63696", - Path: "/sts/", - }, - parsedIAMEntityURL: &url.URL{ - Scheme: "https", - Host: "iam.amazonaws.com", - Path: "/", - }, - } - - tokenJsonMissingMethodField = `{ - "iam_request_body":"QWN0aW9uPUdldENhbGxlcklkZW50aXR5JlZlcnNpb249MjAxMS0wNi0xNQ==", - "iam_request_headers":"eyJBdXRob3JpemF0aW9uIjpbIkFXUzQtSE1BQy1TSEEyNTYgQ3JlZGVudGlhbD1mYWtlLzIwMjIwMzIyL3VzLWVhc3QtMS9zdHMvYXdzNF9yZXF1ZXN0LCBTaWduZWRIZWFkZXJzPWNvbnRlbnQtbGVuZ3RoO2NvbnRlbnQtdHlwZTtob3N0O3gtYW16LWRhdGU7eC1hbXotc2VjdXJpdHktdG9rZW4sIFNpZ25hdHVyZT1lZmMzMjBiOTcyZDA3YjM4YjY1ZWIyNDI1NjgwNWUwMzE0OWRhNTg2ZDgwNGY4YzYzNjRjZTk4ZGViZTA4MGIxIl0sIkNvbnRlbnQtTGVuZ3RoIjpbIjQzIl0sIkNvbnRlbnQtVHlwZSI6WyJhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQ7IGNoYXJzZXQ9dXRmLTgiXSwiVXNlci1BZ2VudCI6WyJhd3Mtc2RrLWdvLzEuNDIuMzQgKGdvMS4xNy41OyBkYXJ3aW47IGFtZDY0KSJdLCJYLUFtei1EYXRlIjpbIjIwMjIwMzIyVDIxMTEwM1oiXSwiWC1BbXotU2VjdXJpdHktVG9rZW4iOlsiZmFrZSJdfQ==", - "iam_request_url":"aHR0cHM6Ly9zdHMuYW1hem9uYXdzLmNvbS8=" -}` - - tokenJsonMissingBodyField = `{ - "iam_http_request_method":"POST", - "iam_request_headers":"eyJBdXRob3JpemF0aW9uIjpbIkFXUzQtSE1BQy1TSEEyNTYgQ3JlZGVudGlhbD1mYWtlLzIwMjIwMzIyL3VzLWVhc3QtMS9zdHMvYXdzNF9yZXF1ZXN0LCBTaWduZWRIZWFkZXJzPWNvbnRlbnQtbGVuZ3RoO2NvbnRlbnQtdHlwZTtob3N0O3gtYW16LWRhdGU7eC1hbXotc2VjdXJpdHktdG9rZW4sIFNpZ25hdHVyZT1lZmMzMjBiOTcyZDA3YjM4YjY1ZWIyNDI1NjgwNWUwMzE0OWRhNTg2ZDgwNGY4YzYzNjRjZTk4ZGViZTA4MGIxIl0sIkNvbnRlbnQtTGVuZ3RoIjpbIjQzIl0sIkNvbnRlbnQtVHlwZSI6WyJhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQ7IGNoYXJzZXQ9dXRmLTgiXSwiVXNlci1BZ2VudCI6WyJhd3Mtc2RrLWdvLzEuNDIuMzQgKGdvMS4xNy41OyBkYXJ3aW47IGFtZDY0KSJdLCJYLUFtei1EYXRlIjpbIjIwMjIwMzIyVDIxMTEwM1oiXSwiWC1BbXotU2VjdXJpdHktVG9rZW4iOlsiZmFrZSJdfQ==", - "iam_request_url":"aHR0cHM6Ly9zdHMuYW1hem9uYXdzLmNvbS8=" -}` - - tokenJsonMissingHeadersField = `{ - "iam_http_request_method":"POST", - "iam_request_body":"QWN0aW9uPUdldENhbGxlcklkZW50aXR5JlZlcnNpb249MjAxMS0wNi0xNQ==", - "iam_request_url":"aHR0cHM6Ly9zdHMuYW1hem9uYXdzLmNvbS8=" -}` - - tokenJsonMissingUrlField = `{ - "iam_http_request_method":"POST", - "iam_request_body":"QWN0aW9uPUdldENhbGxlcklkZW50aXR5JlZlcnNpb249MjAxMS0wNi0xNQ==", - "iam_request_headers":"eyJBdXRob3JpemF0aW9uIjpbIkFXUzQtSE1BQy1TSEEyNTYgQ3JlZGVudGlhbD1mYWtlLzIwMjIwMzIyL3VzLWVhc3QtMS9zdHMvYXdzNF9yZXF1ZXN0LCBTaWduZWRIZWFkZXJzPWNvbnRlbnQtbGVuZ3RoO2NvbnRlbnQtdHlwZTtob3N0O3gtYW16LWRhdGU7eC1hbXotc2VjdXJpdHktdG9rZW4sIFNpZ25hdHVyZT1lZmMzMjBiOTcyZDA3YjM4YjY1ZWIyNDI1NjgwNWUwMzE0OWRhNTg2ZDgwNGY4YzYzNjRjZTk4ZGViZTA4MGIxIl0sIkNvbnRlbnQtTGVuZ3RoIjpbIjQzIl0sIkNvbnRlbnQtVHlwZSI6WyJhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQ7IGNoYXJzZXQ9dXRmLTgiXSwiVXNlci1BZ2VudCI6WyJhd3Mtc2RrLWdvLzEuNDIuMzQgKGdvMS4xNy41OyBkYXJ3aW47IGFtZDY0KSJdLCJYLUFtei1EYXRlIjpbIjIwMjIwMzIyVDIxMTEwM1oiXSwiWC1BbXotU2VjdXJpdHktVG9rZW4iOlsiZmFrZSJdfQ==" -}` -) diff --git a/internal/iamauth/util.go b/internal/iamauth/util.go deleted file mode 100644 index b92270cfd..000000000 --- a/internal/iamauth/util.go +++ /dev/null @@ -1,143 +0,0 @@ -package iamauth - -import ( - "encoding/base64" - "encoding/json" - "fmt" - "io/ioutil" - - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/aws/credentials" - "github.com/aws/aws-sdk-go/aws/endpoints" - "github.com/aws/aws-sdk-go/aws/request" - "github.com/aws/aws-sdk-go/aws/session" - "github.com/aws/aws-sdk-go/service/iam" - "github.com/aws/aws-sdk-go/service/sts" - "github.com/hashicorp/consul/internal/iamauth/responses" - "github.com/hashicorp/go-hclog" -) - -type LoginInput struct { - Creds *credentials.Credentials - IncludeIAMEntity bool - STSEndpoint string - STSRegion string - - Logger hclog.Logger - - ServerIDHeaderValue string - // Customizable header names - ServerIDHeaderName string - GetEntityMethodHeader string - GetEntityURLHeader string - GetEntityHeadersHeader string - GetEntityBodyHeader string -} - -// GenerateLoginData populates the necessary data to send for the bearer token. -// https://github.com/hashicorp/go-secure-stdlib/blob/main/awsutil/generate_credentials.go#L232-L301 -func GenerateLoginData(in *LoginInput) (map[string]interface{}, error) { - cfg := aws.Config{ - Credentials: in.Creds, - // These are empty strings by default (i.e. not enabled) - Region: aws.String(in.STSRegion), - Endpoint: aws.String(in.STSEndpoint), - STSRegionalEndpoint: endpoints.RegionalSTSEndpoint, - } - - stsSession, err := session.NewSessionWithOptions(session.Options{Config: cfg}) - if err != nil { - return nil, err - } - - svc := sts.New(stsSession) - stsRequest, _ := svc.GetCallerIdentityRequest(nil) - - // Include the iam:GetRole or iam:GetUser request in headers. - if in.IncludeIAMEntity { - entityRequest, err := formatSignedEntityRequest(svc, in) - if err != nil { - return nil, err - } - - headersJson, err := json.Marshal(entityRequest.HTTPRequest.Header) - if err != nil { - return nil, err - } - requestBody, err := ioutil.ReadAll(entityRequest.HTTPRequest.Body) - if err != nil { - return nil, err - } - - stsRequest.HTTPRequest.Header.Add(in.GetEntityMethodHeader, entityRequest.HTTPRequest.Method) - stsRequest.HTTPRequest.Header.Add(in.GetEntityURLHeader, entityRequest.HTTPRequest.URL.String()) - stsRequest.HTTPRequest.Header.Add(in.GetEntityHeadersHeader, string(headersJson)) - stsRequest.HTTPRequest.Header.Add(in.GetEntityBodyHeader, string(requestBody)) - } - - // Inject the required auth header value, if supplied, and then sign the request including that header - if in.ServerIDHeaderValue != "" { - stsRequest.HTTPRequest.Header.Add(in.ServerIDHeaderName, in.ServerIDHeaderValue) - } - - stsRequest.Sign() - - // Now extract out the relevant parts of the request - headersJson, err := json.Marshal(stsRequest.HTTPRequest.Header) - if err != nil { - return nil, err - } - requestBody, err := ioutil.ReadAll(stsRequest.HTTPRequest.Body) - if err != nil { - return nil, err - } - - return map[string]interface{}{ - "iam_http_request_method": stsRequest.HTTPRequest.Method, - "iam_request_url": base64.StdEncoding.EncodeToString([]byte(stsRequest.HTTPRequest.URL.String())), - "iam_request_headers": base64.StdEncoding.EncodeToString(headersJson), - "iam_request_body": base64.StdEncoding.EncodeToString(requestBody), - }, nil -} - -func formatSignedEntityRequest(svc *sts.STS, in *LoginInput) (*request.Request, error) { - // We need to retrieve the IAM user or role for the iam:GetRole or iam:GetUser request. - // GetCallerIdentity returns this and requires no permissions. - resp, err := svc.GetCallerIdentity(nil) - if err != nil { - return nil, err - } - - arn, err := responses.ParseArn(*resp.Arn) - if err != nil { - return nil, err - } - - iamSession, err := session.NewSessionWithOptions(session.Options{ - Config: aws.Config{ - Credentials: svc.Config.Credentials, - }, - }) - if err != nil { - return nil, err - } - iamSvc := iam.New(iamSession) - - var req *request.Request - switch arn.Type { - case "role", "assumed-role": - req, _ = iamSvc.GetRoleRequest(&iam.GetRoleInput{RoleName: &arn.FriendlyName}) - case "user": - req, _ = iamSvc.GetUserRequest(&iam.GetUserInput{UserName: &arn.FriendlyName}) - default: - return nil, fmt.Errorf("entity %s is not an IAM role or IAM user", arn.Type) - } - - // Inject the required auth header value, if supplied, and then sign the request including that header - if in.ServerIDHeaderValue != "" { - req.HTTPRequest.Header.Add(in.ServerIDHeaderName, in.ServerIDHeaderValue) - } - - req.Sign() - return req, nil -} diff --git a/lib/glob.go b/lib/glob.go deleted file mode 100644 index 969e3ab25..000000000 --- a/lib/glob.go +++ /dev/null @@ -1,24 +0,0 @@ -package lib - -import "strings" - -// GlobbedStringsMatch compares item to val with support for a leading and/or -// trailing wildcard '*' in item. -func GlobbedStringsMatch(item, val string) bool { - if len(item) < 2 { - return val == item - } - - hasPrefix := strings.HasPrefix(item, "*") - hasSuffix := strings.HasSuffix(item, "*") - - if hasPrefix && hasSuffix { - return strings.Contains(val, item[1:len(item)-1]) - } else if hasPrefix { - return strings.HasSuffix(val, item[1:]) - } else if hasSuffix { - return strings.HasPrefix(val, item[:len(item)-1]) - } - - return val == item -} diff --git a/lib/glob_test.go b/lib/glob_test.go deleted file mode 100644 index 6c29f5ef1..000000000 --- a/lib/glob_test.go +++ /dev/null @@ -1,37 +0,0 @@ -package lib - -import "testing" - -func TestGlobbedStringsMatch(t *testing.T) { - tests := []struct { - item string - val string - expect bool - }{ - {"", "", true}, - {"*", "*", true}, - {"**", "**", true}, - {"*t", "t", true}, - {"*t", "test", true}, - {"t*", "test", true}, - {"*test", "test", true}, - {"*test", "a test", true}, - {"test", "a test", false}, - {"*test", "tests", false}, - {"test*", "test", true}, - {"test*", "testsss", true}, - {"test**", "testsss", false}, - {"test**", "test*", true}, - {"**test", "*test", true}, - {"TEST", "test", false}, - {"test", "test", true}, - } - - for _, tt := range tests { - actual := GlobbedStringsMatch(tt.item, tt.val) - - if actual != tt.expect { - t.Fatalf("Bad testcase %#v, expected %t, got %t", tt, tt.expect, actual) - } - } -} From 285b4cef2b66a9962b66942323992b40ac972638 Mon Sep 17 00:00:00 2001 From: Evan Culver Date: Tue, 19 Jul 2022 14:51:04 -0700 Subject: [PATCH 779/785] connect: Add support for Envoy 1.23, remove 1.19 (#13807) --- .changelog/13807.txt | 6 ++++++ .circleci/config.yml | 7 ++++--- agent/xds/envoy_versioning.go | 2 +- agent/xds/envoy_versioning_test.go | 7 ++++--- agent/xds/proxysupport/proxysupport.go | 6 +++--- test/integration/connect/envoy/run-tests.sh | 2 +- 6 files changed, 19 insertions(+), 11 deletions(-) create mode 100644 .changelog/13807.txt diff --git a/.changelog/13807.txt b/.changelog/13807.txt new file mode 100644 index 000000000..d1cec75f7 --- /dev/null +++ b/.changelog/13807.txt @@ -0,0 +1,6 @@ +```release-note: improvement +connect: Add Envoy 1.23.0 to support matrix +``` +```release-note: breaking-change +connect: Removes support for Envoy 1.19 +``` diff --git a/.circleci/config.yml b/.circleci/config.yml index a9c434b46..de9620486 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -24,9 +24,10 @@ references: VAULT_BINARY_VERSION: 1.9.4 GO_VERSION: 1.18.1 envoy-versions: &supported_envoy_versions - - &default_envoy_version "1.19.5" - - "1.20.4" - - "1.21.3" + - &default_envoy_version "1.20.6" + - "1.21.4" + - "1.22.2" + - "1.23.0" images: # When updating the Go version, remember to also update the versions in the # workflows section for go-test-lib jobs. diff --git a/agent/xds/envoy_versioning.go b/agent/xds/envoy_versioning.go index e0face0bd..31955e28a 100644 --- a/agent/xds/envoy_versioning.go +++ b/agent/xds/envoy_versioning.go @@ -11,7 +11,7 @@ import ( var ( // minSupportedVersion is the oldest mainline version we support. This should always be // the zero'th point release of the last element of proxysupport.EnvoyVersions. - minSupportedVersion = version.Must(version.NewVersion("1.19.0")) + minSupportedVersion = version.Must(version.NewVersion("1.20.0")) specificUnsupportedVersions = []unsupportedVersion{} ) diff --git a/agent/xds/envoy_versioning_test.go b/agent/xds/envoy_versioning_test.go index 36c3831b1..4e446de1e 100644 --- a/agent/xds/envoy_versioning_test.go +++ b/agent/xds/envoy_versioning_test.go @@ -120,6 +120,7 @@ func TestDetermineSupportedProxyFeaturesFromString(t *testing.T) { "1.16.6": {expectErr: "Envoy 1.16.6 " + errTooOld}, "1.17.4": {expectErr: "Envoy 1.17.4 " + errTooOld}, "1.18.6": {expectErr: "Envoy 1.18.6 " + errTooOld}, + "1.19.5": {expectErr: "Envoy 1.19.5 " + errTooOld}, } // Insert a bunch of valid versions. @@ -134,10 +135,10 @@ func TestDetermineSupportedProxyFeaturesFromString(t *testing.T) { } */ for _, v := range []string{ - "1.19.0", "1.19.1", "1.19.2", "1.19.3", "1.19.4", "1.19.5", - "1.20.0", "1.20.1", "1.20.2", "1.20.3", "1.20.4", - "1.21.0", "1.21.1", "1.21.2", "1.21.3", + "1.20.0", "1.20.1", "1.20.2", "1.20.3", "1.20.4", "1.20.5", "1.20.6", + "1.21.0", "1.21.1", "1.21.2", "1.21.3", "1.21.4", "1.22.0", "1.22.1", "1.22.2", + "1.23.0", } { cases[v] = testcase{expect: supportedProxyFeatures{}} } diff --git a/agent/xds/proxysupport/proxysupport.go b/agent/xds/proxysupport/proxysupport.go index 22ddd15d8..bdb7cc864 100644 --- a/agent/xds/proxysupport/proxysupport.go +++ b/agent/xds/proxysupport/proxysupport.go @@ -7,8 +7,8 @@ package proxysupport // // see: https://www.consul.io/docs/connect/proxies/envoy#supported-versions var EnvoyVersions = []string{ + "1.23.0", "1.22.2", - "1.21.3", - "1.20.4", - "1.19.5", + "1.21.4", + "1.20.6", } diff --git a/test/integration/connect/envoy/run-tests.sh b/test/integration/connect/envoy/run-tests.sh index 21705a3ae..fc885f9a1 100755 --- a/test/integration/connect/envoy/run-tests.sh +++ b/test/integration/connect/envoy/run-tests.sh @@ -12,7 +12,7 @@ DEBUG=${DEBUG:-} XDS_TARGET=${XDS_TARGET:-server} # ENVOY_VERSION to run each test against -ENVOY_VERSION=${ENVOY_VERSION:-"1.22.2"} +ENVOY_VERSION=${ENVOY_VERSION:-"1.23.0"} export ENVOY_VERSION export DOCKER_BUILDKIT=1 From a9d3de8b3e2f3bf1a4d7406eade181d004432633 Mon Sep 17 00:00:00 2001 From: John Cowen Date: Wed, 20 Jul 2022 12:38:39 +0100 Subject: [PATCH 780/785] ui: Peer token use form (#13792) --- .../consul/peer/form/generate/index.hbs | 13 ++++ .../components/consul/peer/form/index.scss | 62 +++++++++++++++++++ .../consul/peer/form/token/actions/index.hbs | 18 ++++++ .../peer/form/token/fieldsets/index.hbs | 37 +++++++++++ .../app/styles/base/icons/icons/index.scss | 2 +- .../consul-ui/app/styles/components.scss | 1 + 6 files changed, 132 insertions(+), 1 deletion(-) create mode 100644 ui/packages/consul-peerings/app/components/consul/peer/form/index.scss create mode 100644 ui/packages/consul-peerings/app/components/consul/peer/form/token/actions/index.hbs create mode 100644 ui/packages/consul-peerings/app/components/consul/peer/form/token/fieldsets/index.hbs diff --git a/ui/packages/consul-peerings/app/components/consul/peer/form/generate/index.hbs b/ui/packages/consul-peerings/app/components/consul/peer/form/generate/index.hbs index 204906324..2d0667a65 100644 --- a/ui/packages/consul-peerings/app/components/consul/peer/form/generate/index.hbs +++ b/ui/packages/consul-peerings/app/components/consul/peer/form/generate/index.hbs @@ -47,6 +47,19 @@ + {{yield (hash + Fieldsets=(component "consul/peer/form/token/fieldsets" + item=@item + token=fsm.state.context.PeeringToken + regenerate=@regenerate + onclick=(queue (set @item 'Name' '')) + ) + Actions=(component "consul/peer/form/token/actions" + token=fsm.state.context.PeeringToken + item=@item + id=id + ) + )}} diff --git a/ui/packages/consul-peerings/app/components/consul/peer/form/index.scss b/ui/packages/consul-peerings/app/components/consul/peer/form/index.scss new file mode 100644 index 000000000..c23773be1 --- /dev/null +++ b/ui/packages/consul-peerings/app/components/consul/peer/form/index.scss @@ -0,0 +1,62 @@ + +.consul-peer-form-token-actions { + button:first-of-type { + @extend %primary-button; + } + button:last-of-type { + @extend %secondary-button; + } +} + +.consul-peer-form-generate { + & { + width: 416px; + min-height: 200px; + } + ol { + list-style-position: outside; + list-style-type: none; + counter-reset: hexagonal-counter; + position: relative; + } + ol::before { + content: ''; + border-left: var(--decor-border-100); + border-color: rgb(var(--tone-gray-300)); + height: 100%; + position: absolute; + left: 2rem; + } + li { + counter-increment: hexagonal-counter; + position: relative; + margin-left: 60px; + margin-bottom: 1rem; + } + li .copyable-code { + margin-top: 1rem; + } + li::before { + --icon-name: icon-hexagon; + --icon-size: icon-600; + content: ''; + position: absolute; + z-index: 2; + } + li::after { + content: counter(hexagonal-counter); + position: absolute; + top: 0px; + font-size: 14px; + font-weight: var(--typo-weight-bold); + background-color: rgb(var(--tone-gray-000)); + z-index: 1; + text-align: center; + } + li::before, + li::after { + left: -2.4rem; + width: 20px; + height: 20px; + } +} diff --git a/ui/packages/consul-peerings/app/components/consul/peer/form/token/actions/index.hbs b/ui/packages/consul-peerings/app/components/consul/peer/form/token/actions/index.hbs new file mode 100644 index 000000000..70cdb6d1d --- /dev/null +++ b/ui/packages/consul-peerings/app/components/consul/peer/form/token/actions/index.hbs @@ -0,0 +1,18 @@ +
        + + Copy token + + + Close + +
        diff --git a/ui/packages/consul-peerings/app/components/consul/peer/form/token/fieldsets/index.hbs b/ui/packages/consul-peerings/app/components/consul/peer/form/token/fieldsets/index.hbs new file mode 100644 index 000000000..b2a53bdd0 --- /dev/null +++ b/ui/packages/consul-peerings/app/components/consul/peer/form/token/fieldsets/index.hbs @@ -0,0 +1,37 @@ +{{#if @regenerate}} +

        + Token regenerated! Here’s what’s next: +

        +{{else}} +

        + Token generated! Here’s what’s next: +

        +{{/if}} +
          +
        1. + Copy the token
          + This token cannot be viewed again after creation. +
          + +
          2. +
        2. + Switch to the peer
          + Someone on your team should log into the Datacenter (OSS) or Admin Partition (Enterprise) that you want this one to connect with. +
          3. +
        3. + Initiate the peering
          + From there, initiate a new peering, name it, and paste this token in. +
          4. +
        +{{#if (not @regenerate)}} + + Generate another token + +{{/if}} + diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/index.scss index 74559e892..9d1a5efe3 100644 --- a/ui/packages/consul-ui/app/styles/base/icons/icons/index.scss +++ b/ui/packages/consul-ui/app/styles/base/icons/icons/index.scss @@ -382,7 +382,7 @@ // @import './heart-fill/index.scss'; // @import './heart-off/index.scss'; // @import './help/index.scss'; -// @import './hexagon/index.scss'; +@import './hexagon/index.scss'; // @import './hexagon-fill/index.scss'; @import './history/index.scss'; // @import './home/index.scss'; diff --git a/ui/packages/consul-ui/app/styles/components.scss b/ui/packages/consul-ui/app/styles/components.scss index 234b6793a..e6dca0229 100644 --- a/ui/packages/consul-ui/app/styles/components.scss +++ b/ui/packages/consul-ui/app/styles/components.scss @@ -108,3 +108,4 @@ @import 'consul-ui/components/peerings/badge'; @import 'consul-ui/components/consul/node/peer-info'; @import 'consul-ui/components/consul/service/peer-info'; +@import 'consul-ui/components/consul/peer/form'; From 9176d3ed338e10c80b0b6b8dfb02195773ca23f0 Mon Sep 17 00:00:00 2001 From: John Cowen Date: Wed, 20 Jul 2022 12:58:47 +0100 Subject: [PATCH 781/785] ui: Add Peer Form (#13794) --- .../components/consul/peer/form/README.mdx | 21 +++++++ .../consul/peer/form/chart.xstate.js | 20 ++++++ .../app/components/consul/peer/form/index.hbs | 63 +++++++++++++++++++ .../components/consul/peer/form/index.scss | 8 +++ .../app/components/consul/peer/index.scss | 1 + 5 files changed, 113 insertions(+) create mode 100644 ui/packages/consul-peerings/app/components/consul/peer/form/README.mdx create mode 100644 ui/packages/consul-peerings/app/components/consul/peer/form/chart.xstate.js create mode 100644 ui/packages/consul-peerings/app/components/consul/peer/form/index.hbs diff --git a/ui/packages/consul-peerings/app/components/consul/peer/form/README.mdx b/ui/packages/consul-peerings/app/components/consul/peer/form/README.mdx new file mode 100644 index 000000000..edd8ed012 --- /dev/null +++ b/ui/packages/consul-peerings/app/components/consul/peer/form/README.mdx @@ -0,0 +1,21 @@ +# Consul::Peer::Form + +```hbs preview-template + + + + + + +``` diff --git a/ui/packages/consul-peerings/app/components/consul/peer/form/chart.xstate.js b/ui/packages/consul-peerings/app/components/consul/peer/form/chart.xstate.js new file mode 100644 index 000000000..7f611fd32 --- /dev/null +++ b/ui/packages/consul-peerings/app/components/consul/peer/form/chart.xstate.js @@ -0,0 +1,20 @@ +export default { + id: 'consul-peer-form', + initial: 'generate', + on: { + INITIATE: [ + { + target: 'initiate', + }, + ], + GENERATE: [ + { + target: 'generate', + }, + ], + }, + states: { + initiate: {}, + generate: {}, + }, +}; diff --git a/ui/packages/consul-peerings/app/components/consul/peer/form/index.hbs b/ui/packages/consul-peerings/app/components/consul/peer/form/index.hbs new file mode 100644 index 000000000..374405b4a --- /dev/null +++ b/ui/packages/consul-peerings/app/components/consul/peer/form/index.hbs @@ -0,0 +1,63 @@ +
        + + + + + + + + {{yield (hash + Form=(component 'consul/peer/form/generate' + item=source.data + ) + ) + }} + + + + + + + + {{yield (hash + Form=(component 'consul/peer/form/initiate' + item=source.data + ) + ) + }} + + + + + + +
        diff --git a/ui/packages/consul-peerings/app/components/consul/peer/form/index.scss b/ui/packages/consul-peerings/app/components/consul/peer/form/index.scss index c23773be1..e4b96b461 100644 --- a/ui/packages/consul-peerings/app/components/consul/peer/form/index.scss +++ b/ui/packages/consul-peerings/app/components/consul/peer/form/index.scss @@ -1,3 +1,11 @@ +.consul-peer-form { + & { + width: 416px; + } + nav { + margin-bottom: 20px; + } +} .consul-peer-form-token-actions { button:first-of-type { diff --git a/ui/packages/consul-peerings/app/components/consul/peer/index.scss b/ui/packages/consul-peerings/app/components/consul/peer/index.scss index 9f82e6a21..8b1be7ce8 100644 --- a/ui/packages/consul-peerings/app/components/consul/peer/index.scss +++ b/ui/packages/consul-peerings/app/components/consul/peer/index.scss @@ -2,4 +2,5 @@ @import './list'; @import './search-bar'; +@import './form'; From 59b044f96d416b77b90790ae21f5fa234dae2781 Mon Sep 17 00:00:00 2001 From: Michael Klein Date: Wed, 20 Jul 2022 17:07:52 +0200 Subject: [PATCH 782/785] ui: no partition and peer in bucket-list at the same time (#13812) * don't show partition / peer at the same time in bucket-list * use bucket-list in intentions table * add bucket-list tests * Simplify bucket list - match old behavior Refactor the bucket-list component to be easier to grok and match how the old template based approach worked. I.e. do not surface partition or namespace when it matches the passed nspace or partition property. * Update docs for bucket-list * fix linting --- .../components/consul/bucket/list/README.mdx | 5 +- .../components/consul/bucket/list/index.js | 131 +++++---- .../consul/intention/list/table/index.hbs | 43 +-- .../components/consul/bucket/list-test.js | 255 ++++++++++++++++++ 4 files changed, 344 insertions(+), 90 deletions(-) create mode 100644 ui/packages/consul-ui/tests/integration/components/consul/bucket/list-test.js diff --git a/ui/packages/consul-ui/app/components/consul/bucket/list/README.mdx b/ui/packages/consul-ui/app/components/consul/bucket/list/README.mdx index d6bdc01c6..39d1703b2 100644 --- a/ui/packages/consul-ui/app/components/consul/bucket/list/README.mdx +++ b/ui/packages/consul-ui/app/components/consul/bucket/list/README.mdx @@ -11,6 +11,9 @@ the namespace will be displayed, whereas if the partition is different it will show both the partition and namespace (as a namespace called 'team-1' in `partition-1` is different to a namespace called 'team-1' in `partition-2`) +When the passed item contains a `PeerName`, this will be displayed in place of +the `Partition`. + Showing the service name is a tiny bit awkward (different boolean type, doesn't care about difference) and could be improved but we only use it for the read only view of intentions. @@ -89,7 +92,7 @@ At the time of writing, this is not currently used across the entire UI | Argument/Attribute | Type | Default | Description | | --- | --- | --- | --- | -| `item` | `array` | | A Consul object that could have both a `Partition` and a `Namespace` property | +| `item` | `object` | | A Consul object that could have a `Partition`, a `Namespace`, a `PeerName` and a `Service` property | | `nspace` | `string` | | The name of the current namespace | | `partition` | `string` | | The name of the current partition | | `service` | `boolean` | | Whether to show the service name on the end or not. Please note you must also pass a item.Service for it to show. We flag this incase an API request has a Service property but you don't want to show it | diff --git a/ui/packages/consul-ui/app/components/consul/bucket/list/index.js b/ui/packages/consul-ui/app/components/consul/bucket/list/index.js index 9c48f1bd9..c874ac91b 100644 --- a/ui/packages/consul-ui/app/components/consul/bucket/list/index.js +++ b/ui/packages/consul-ui/app/components/consul/bucket/list/index.js @@ -5,84 +5,105 @@ export default class ConsulBucketList extends Component { @service abilities; get itemsToDisplay() { - const { item, partition, nspace } = this.args; - const { abilities } = this; + const { peerOrPartitionPart, namespacePart, servicePart } = this; - let items = []; + return [...peerOrPartitionPart, ...namespacePart, ...servicePart]; + } + + get peerOrPartitionPart() { + const { peerPart, partitionPart } = this; + + if (peerPart.length) { + return peerPart; + } else { + return partitionPart; + } + } + + get partitionPart() { + const { item, partition } = this.args; + + const { abilities } = this; if (partition && abilities.can('use partitions')) { if (item.Partition !== partition) { - this._addPeer(items); - this._addPartition(items); - this._addNamespace(items); - this._addService(items); - } else { - this._addPeerInfo(items); + return [ + { + type: 'partition', + label: 'Admin Partition', + item: item.Partition, + }, + ]; } - } else if (nspace && abilities.can('use nspace')) { - if (item.Namespace !== nspace) { - this._addPeerInfo(items); - this._addService(items); - } else { - this._addPeerInfo(items); - } - } else { - this._addPeerInfo(items); } - return items; + return []; } - _addPeerInfo(items) { + get peerPart() { const { item } = this.args; if (item.PeerName) { - this._addPeer(items); - this._addNamespace(items); + return [ + { + type: 'peer', + label: 'Peer', + item: item.PeerName, + }, + ]; } + + return []; } - _addPartition(items) { - const { item } = this.args; + get namespacePart() { + const { item, nspace } = this.args; + const { abilities, partitionPart } = this; - items.push({ - type: 'partition', - label: 'Admin Partition', - item: item.Partition, - }); - } - - _addNamespace(items) { - const { item } = this.args; - - items.push({ + const nspaceItem = { type: 'nspace', label: 'Namespace', item: item.Namespace, - }); + }; + + // when we surface a partition - show a namespace with it + if (partitionPart.length) { + return [nspaceItem]; + } + + if (nspace && abilities.can('use nspaces')) { + if (item.Namespace !== nspace) { + return [ + { + type: 'nspace', + label: 'Namespace', + item: item.Namespace, + }, + ]; + } + } + + return []; } - _addService(items) { - const { service, item } = this.args; + get servicePart() { + const { item, service } = this.args; - if (service && item.Service) { - items.push({ - type: 'service', - label: 'Service', - item: item.Service, - }); + const { partitionPart, namespacePart } = this; + + // when we show partitionPart or namespacePart -> consider service part + if (partitionPart.length || namespacePart.length) { + if (item.Service && service) { + return [ + { + type: 'service', + label: 'Service', + item: item.Service, + }, + ]; + } } - } - _addPeer(items) { - const { item } = this.args; - - if (item?.PeerName) { - items.push({ - type: 'peer', - label: 'Peer', - item: item.PeerName, - }); - } + return []; } } diff --git a/ui/packages/consul-ui/app/components/consul/intention/list/table/index.hbs b/ui/packages/consul-ui/app/components/consul/intention/list/table/index.hbs index 4bb110a89..03e47c17e 100644 --- a/ui/packages/consul-ui/app/components/consul/intention/list/table/index.hbs +++ b/ui/packages/consul-ui/app/components/consul/intention/list/table/index.hbs @@ -24,43 +24,18 @@ as |item index|> {{else}} {{item.SourceName}} {{/if}} - {{#if (or (can 'use nspaces') (can 'use partitions'))}} {{! TODO: slugify }} - {{#if item.SourcePeer}} - - - - - - - - - {{item.SourcePeer}} - - {{else}} - - {{or item.SourcePartition 'default'}} - - {{/if}} - / - {{or item.SourceNS 'default'}} + - {{/if}} diff --git a/ui/packages/consul-ui/tests/integration/components/consul/bucket/list-test.js b/ui/packages/consul-ui/tests/integration/components/consul/bucket/list-test.js new file mode 100644 index 000000000..15d6b81ce --- /dev/null +++ b/ui/packages/consul-ui/tests/integration/components/consul/bucket/list-test.js @@ -0,0 +1,255 @@ +import { module, test } from 'qunit'; +import { setupRenderingTest } from 'ember-qunit'; +import hbs from 'htmlbars-inline-precompile'; +import { render } from '@ember/test-helpers'; +import Service from '@ember/service'; + +module('Integration | Component | consul bucket list', function(hooks) { + setupRenderingTest(hooks); + + module('without nspace or partition feature on', function(hooks) { + hooks.beforeEach(function() { + this.owner.register( + 'service:abilities', + class Stub extends Service { + can(permission) { + if (permission === 'use partitions') { + return false; + } + if (permission === 'use nspaces') { + return false; + } + + return false; + } + } + ); + }); + + test('it displays a peer when the item passed has a peer name', async function(assert) { + const PEER_NAME = 'Tomster'; + + this.set('peerName', PEER_NAME); + + await render(hbs` + + `); + + assert.dom('[data-test-bucket-item="peer"]').hasText(PEER_NAME, 'Peer name is displayed'); + assert.dom('[data-test-bucket-item="nspace"]').doesNotExist('namespace is not shown'); + assert.dom('[data-test-bucket-item="partition"]').doesNotExist('partition is not shown'); + }); + + test('it does not display a bucket list when item has no peer name', async function(assert) { + await render(hbs` + + `); + + assert.dom('[data-test-bucket-list]').doesNotExist('no bucket list displayed'); + }); + }); + + module('with partition feature on', function(hooks) { + hooks.beforeEach(function() { + this.owner.register( + 'service:abilities', + class Stub extends Service { + can(permission) { + if (permission === 'use partitions') { + return true; + } + if (permission === 'use nspaces') { + return true; + } + + return false; + } + } + ); + }); + + test("it displays a peer and nspace and service and no partition when item.Partition and partition don't match", async function(assert) { + const PEER_NAME = 'Tomster'; + const NAMESPACE_NAME = 'Mascot'; + const SERVICE_NAME = 'Ember.js'; + + this.set('peerName', PEER_NAME); + this.set('namespace', NAMESPACE_NAME); + this.set('service', SERVICE_NAME); + + await render(hbs` + + `); + + assert.dom('[data-test-bucket-item="peer"]').hasText(PEER_NAME, 'Peer is displayed'); + assert + .dom('[data-test-bucket-item="nspace"]') + .hasText(NAMESPACE_NAME, 'namespace is displayed'); + assert.dom('[data-test-bucket-item="service"]').hasText(SERVICE_NAME, 'service is displayed'); + assert.dom('[data-test-bucket-item="partition"]').doesNotExist('partition is not displayed'); + }); + + test("it displays partition and nspace and service when item.Partition and partition don't match and peer is not set", async function(assert) { + const PARTITION_NAME = 'Ember.js'; + const NAMESPACE_NAME = 'Mascot'; + const SERVICE_NAME = 'Consul'; + + this.set('partition', PARTITION_NAME); + this.set('namespace', NAMESPACE_NAME); + this.set('service', SERVICE_NAME); + + await render(hbs` + + `); + + assert.dom('[data-test-bucket-item="peer"]').doesNotExist('peer is not displayed'); + assert + .dom('[data-test-bucket-item="nspace"]') + .hasText(NAMESPACE_NAME, 'namespace is displayed'); + assert.dom('[data-test-bucket-item="service"]').hasText(SERVICE_NAME, 'service is displayed'); + assert + .dom('[data-test-bucket-item="partition"]') + .hasText(PARTITION_NAME, 'partition is displayed'); + }); + + test('it displays nspace and peer and service when item.Partition and partition match and peer is set', async function(assert) { + const PEER_NAME = 'Tomster'; + const PARTITION_NAME = 'Ember.js'; + const NAMESPACE_NAME = 'Mascot'; + const SERVICE_NAME = 'Ember.js'; + + this.set('peerName', PEER_NAME); + this.set('partition', PARTITION_NAME); + this.set('namespace', NAMESPACE_NAME); + this.set('service', SERVICE_NAME); + + await render(hbs` + + `); + + assert.dom('[data-test-bucket-item="peer"]').hasText(PEER_NAME, 'peer is displayed'); + assert + .dom('[data-test-bucket-item="nspace"]') + .hasText(NAMESPACE_NAME, 'namespace is displayed'); + assert.dom('[data-test-bucket-item="service"]').hasText(SERVICE_NAME, 'service is displayed'); + assert.dom('[data-test-bucket-item="partition"]').doesNotExist('partition is not displayed'); + }); + }); + + module('with nspace on but partition feature off', function(hooks) { + hooks.beforeEach(function() { + this.owner.register( + 'service:abilities', + class Stub extends Service { + can(permission) { + if (permission === 'use partitions') { + return false; + } + if (permission === 'use nspaces') { + return true; + } + + return false; + } + } + ); + }); + + test("it displays a peer and nspace and service when item.namespace and nspace don't match", async function(assert) { + const PEER_NAME = 'Tomster'; + const NAMESPACE_NAME = 'Mascot'; + const SERVICE_NAME = 'Ember.js'; + + this.set('peerName', PEER_NAME); + this.set('namespace', NAMESPACE_NAME); + this.set('service', SERVICE_NAME); + + await render(hbs` + + `); + + assert.dom('[data-test-bucket-item="peer"]').hasText(PEER_NAME, 'Peer is displayed'); + assert + .dom('[data-test-bucket-item="nspace"]') + .hasText(NAMESPACE_NAME, 'namespace is displayed'); + assert.dom('[data-test-bucket-item="service"]').hasText(SERVICE_NAME, 'service is displayed'); + assert.dom('[data-test-bucket-item="partition"]').doesNotExist('partition is not displayed'); + }); + + test('it displays a peer and no nspace and no service when item.namespace and nspace match', async function(assert) { + const PEER_NAME = 'Tomster'; + const NAMESPACE_NAME = 'Mascot'; + const SERVICE_NAME = 'Ember.js'; + + this.set('peerName', PEER_NAME); + this.set('namespace', NAMESPACE_NAME); + this.set('service', SERVICE_NAME); + + await render(hbs` + + `); + + assert.dom('[data-test-bucket-item="peer"]').hasText(PEER_NAME, 'Peer is displayed'); + assert.dom('[data-test-bucket-item="nspace"]').doesNotExist('namespace is not displayed'); + assert.dom('[data-test-bucket-item="service"]').doesNotExist('service is not displayed'); + assert.dom('[data-test-bucket-item="partition"]').doesNotExist('partition is not displayed'); + }); + }); +}); From 28dd74a9d1f7583fedeeb94da2b8f42804369603 Mon Sep 17 00:00:00 2001 From: Luke Kysow <1034429+lkysow@users.noreply.github.com> Date: Wed, 20 Jul 2022 11:31:02 -0700 Subject: [PATCH 783/785] Add heartbeat proto to peer stream (#13804) --- proto/pbpeerstream/peerstream.pb.binary.go | 10 + proto/pbpeerstream/peerstream.pb.go | 256 +++++++++++++-------- proto/pbpeerstream/peerstream.proto | 4 + 3 files changed, 180 insertions(+), 90 deletions(-) diff --git a/proto/pbpeerstream/peerstream.pb.binary.go b/proto/pbpeerstream/peerstream.pb.binary.go index c5d928949..926b40154 100644 --- a/proto/pbpeerstream/peerstream.pb.binary.go +++ b/proto/pbpeerstream/peerstream.pb.binary.go @@ -47,6 +47,16 @@ func (msg *ReplicationMessage_Terminated) UnmarshalBinary(b []byte) error { return proto.Unmarshal(b, msg) } +// MarshalBinary implements encoding.BinaryMarshaler +func (msg *ReplicationMessage_Heartbeat) MarshalBinary() ([]byte, error) { + return proto.Marshal(msg) +} + +// UnmarshalBinary implements encoding.BinaryUnmarshaler +func (msg *ReplicationMessage_Heartbeat) UnmarshalBinary(b []byte) error { + return proto.Unmarshal(b, msg) +} + // MarshalBinary implements encoding.BinaryMarshaler func (msg *LeaderAddress) MarshalBinary() ([]byte, error) { return proto.Marshal(msg) diff --git a/proto/pbpeerstream/peerstream.pb.go b/proto/pbpeerstream/peerstream.pb.go index 8b71b4e8c..c90be922d 100644 --- a/proto/pbpeerstream/peerstream.pb.go +++ b/proto/pbpeerstream/peerstream.pb.go @@ -86,6 +86,7 @@ type ReplicationMessage struct { // *ReplicationMessage_Request_ // *ReplicationMessage_Response_ // *ReplicationMessage_Terminated_ + // *ReplicationMessage_Heartbeat_ Payload isReplicationMessage_Payload `protobuf_oneof:"Payload"` } @@ -149,6 +150,13 @@ func (x *ReplicationMessage) GetTerminated() *ReplicationMessage_Terminated { return nil } +func (x *ReplicationMessage) GetHeartbeat() *ReplicationMessage_Heartbeat { + if x, ok := x.GetPayload().(*ReplicationMessage_Heartbeat_); ok { + return x.Heartbeat + } + return nil +} + type isReplicationMessage_Payload interface { isReplicationMessage_Payload() } @@ -165,12 +173,18 @@ type ReplicationMessage_Terminated_ struct { Terminated *ReplicationMessage_Terminated `protobuf:"bytes,3,opt,name=terminated,proto3,oneof"` } +type ReplicationMessage_Heartbeat_ struct { + Heartbeat *ReplicationMessage_Heartbeat `protobuf:"bytes,4,opt,name=heartbeat,proto3,oneof"` +} + func (*ReplicationMessage_Request_) isReplicationMessage_Payload() {} func (*ReplicationMessage_Response_) isReplicationMessage_Payload() {} func (*ReplicationMessage_Terminated_) isReplicationMessage_Payload() {} +func (*ReplicationMessage_Heartbeat_) isReplicationMessage_Payload() {} + // LeaderAddress is sent when the peering service runs on a consul node // that is not a leader. The node either lost leadership, or never was a leader. type LeaderAddress struct { @@ -476,6 +490,45 @@ func (*ReplicationMessage_Terminated) Descriptor() ([]byte, []int) { return file_proto_pbpeerstream_peerstream_proto_rawDescGZIP(), []int{0, 2} } +// Heartbeat is sent to verify that the connection is still active. +type ReplicationMessage_Heartbeat struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields +} + +func (x *ReplicationMessage_Heartbeat) Reset() { + *x = ReplicationMessage_Heartbeat{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_pbpeerstream_peerstream_proto_msgTypes[6] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ReplicationMessage_Heartbeat) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ReplicationMessage_Heartbeat) ProtoMessage() {} + +func (x *ReplicationMessage_Heartbeat) ProtoReflect() protoreflect.Message { + mi := &file_proto_pbpeerstream_peerstream_proto_msgTypes[6] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ReplicationMessage_Heartbeat.ProtoReflect.Descriptor instead. +func (*ReplicationMessage_Heartbeat) Descriptor() ([]byte, []int) { + return file_proto_pbpeerstream_peerstream_proto_rawDescGZIP(), []int{0, 3} +} + var File_proto_pbpeerstream_peerstream_proto protoreflect.FileDescriptor var file_proto_pbpeerstream_peerstream_proto_rawDesc = []byte{ @@ -489,7 +542,7 @@ var file_proto_pbpeerstream_peerstream_proto_rawDesc = []byte{ 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2f, 0x6e, 0x6f, 0x64, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1b, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x2f, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, - 0xe5, 0x05, 0x0a, 0x12, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, + 0xd6, 0x06, 0x0a, 0x12, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x12, 0x5c, 0x0a, 0x07, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x40, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, @@ -508,76 +561,84 @@ var file_proto_pbpeerstream_peerstream_proto_rawDesc = []byte{ 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x2e, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x2e, 0x54, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x74, 0x65, 0x64, 0x48, 0x00, - 0x52, 0x0a, 0x74, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x74, 0x65, 0x64, 0x1a, 0xa9, 0x01, 0x0a, - 0x07, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x50, 0x65, 0x65, 0x72, - 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x50, 0x65, 0x65, 0x72, 0x49, 0x44, - 0x12, 0x24, 0x0a, 0x0d, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x4e, 0x6f, 0x6e, 0x63, - 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, - 0x65, 0x4e, 0x6f, 0x6e, 0x63, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, - 0x63, 0x65, 0x55, 0x52, 0x4c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x52, 0x65, 0x73, - 0x6f, 0x75, 0x72, 0x63, 0x65, 0x55, 0x52, 0x4c, 0x12, 0x3e, 0x0a, 0x05, 0x45, 0x72, 0x72, 0x6f, - 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, - 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, - 0x6e, 0x61, 0x6c, 0x2e, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x75, - 0x73, 0x52, 0x05, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x1a, 0xe3, 0x01, 0x0a, 0x08, 0x52, 0x65, 0x73, - 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x4e, 0x6f, 0x6e, 0x63, 0x65, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x4e, 0x6f, 0x6e, 0x63, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x52, - 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x55, 0x52, 0x4c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x0b, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x55, 0x52, 0x4c, 0x12, 0x1e, 0x0a, - 0x0a, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x44, 0x18, 0x03, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x0a, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x44, 0x12, 0x30, 0x0a, - 0x08, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x14, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, - 0x66, 0x2e, 0x41, 0x6e, 0x79, 0x52, 0x08, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, - 0x4d, 0x0a, 0x09, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, - 0x28, 0x0e, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, - 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, - 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x2e, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x52, 0x09, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0x0c, - 0x0a, 0x0a, 0x54, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x74, 0x65, 0x64, 0x42, 0x09, 0x0a, 0x07, - 0x50, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x22, 0x29, 0x0a, 0x0d, 0x4c, 0x65, 0x61, 0x64, 0x65, - 0x72, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x61, 0x64, 0x64, 0x72, - 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, - 0x73, 0x73, 0x22, 0x5c, 0x0a, 0x0f, 0x45, 0x78, 0x70, 0x6f, 0x72, 0x74, 0x65, 0x64, 0x53, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x49, 0x0a, 0x05, 0x4e, 0x6f, 0x64, 0x65, 0x73, 0x18, 0x01, - 0x20, 0x03, 0x28, 0x0b, 0x32, 0x33, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, - 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, - 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x53, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x4e, 0x6f, 0x64, 0x65, 0x52, 0x05, 0x4e, 0x6f, 0x64, 0x65, 0x73, - 0x2a, 0x52, 0x0a, 0x09, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x19, 0x0a, - 0x15, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, - 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x14, 0x0a, 0x10, 0x4f, 0x50, 0x45, 0x52, - 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x50, 0x53, 0x45, 0x52, 0x54, 0x10, 0x01, 0x12, 0x14, - 0x0a, 0x10, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x44, 0x45, 0x4c, 0x45, - 0x54, 0x45, 0x10, 0x02, 0x32, 0x9f, 0x01, 0x0a, 0x11, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x72, - 0x65, 0x61, 0x6d, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x89, 0x01, 0x0a, 0x0f, 0x53, - 0x74, 0x72, 0x65, 0x61, 0x6d, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, 0x38, - 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, - 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x73, - 0x74, 0x72, 0x65, 0x61, 0x6d, 0x2e, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x1a, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, - 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, - 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x2e, - 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x73, 0x61, - 0x67, 0x65, 0x28, 0x01, 0x30, 0x01, 0x42, 0x9f, 0x02, 0x0a, 0x28, 0x63, 0x6f, 0x6d, 0x2e, 0x68, - 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, - 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, - 0x65, 0x61, 0x6d, 0x42, 0x0f, 0x50, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x50, - 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2e, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, - 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, - 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x70, 0x65, 0x65, 0x72, - 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0xa2, 0x02, 0x04, 0x48, 0x43, 0x49, 0x50, 0xaa, 0x02, 0x24, - 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, - 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x73, 0x74, - 0x72, 0x65, 0x61, 0x6d, 0xca, 0x02, 0x24, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, - 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, - 0x5c, 0x50, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0xe2, 0x02, 0x30, 0x48, 0x61, - 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49, - 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5c, 0x50, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, - 0x61, 0x6d, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, - 0x27, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, - 0x75, 0x6c, 0x3a, 0x3a, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x3a, 0x3a, 0x50, 0x65, - 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x52, 0x0a, 0x74, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x74, 0x65, 0x64, 0x12, 0x62, 0x0a, 0x09, + 0x68, 0x65, 0x61, 0x72, 0x74, 0x62, 0x65, 0x61, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x42, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, + 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, + 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x2e, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x2e, 0x48, 0x65, 0x61, 0x72, 0x74, 0x62, + 0x65, 0x61, 0x74, 0x48, 0x00, 0x52, 0x09, 0x68, 0x65, 0x61, 0x72, 0x74, 0x62, 0x65, 0x61, 0x74, + 0x1a, 0xa9, 0x01, 0x0a, 0x07, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06, + 0x50, 0x65, 0x65, 0x72, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x50, 0x65, + 0x65, 0x72, 0x49, 0x44, 0x12, 0x24, 0x0a, 0x0d, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, + 0x4e, 0x6f, 0x6e, 0x63, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x52, 0x65, 0x73, + 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x4e, 0x6f, 0x6e, 0x63, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x52, 0x65, + 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x55, 0x52, 0x4c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x0b, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x55, 0x52, 0x4c, 0x12, 0x3e, 0x0a, 0x05, + 0x45, 0x72, 0x72, 0x6f, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x68, 0x61, + 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, + 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x2e, 0x53, + 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x05, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x1a, 0xe3, 0x01, 0x0a, + 0x08, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x4e, 0x6f, 0x6e, + 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x4e, 0x6f, 0x6e, 0x63, 0x65, 0x12, + 0x20, 0x0a, 0x0b, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x55, 0x52, 0x4c, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x55, 0x52, + 0x4c, 0x12, 0x1e, 0x0a, 0x0a, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x44, 0x18, + 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, + 0x44, 0x12, 0x30, 0x0a, 0x08, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x04, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x41, 0x6e, 0x79, 0x52, 0x08, 0x52, 0x65, 0x73, 0x6f, 0x75, + 0x72, 0x63, 0x65, 0x12, 0x4d, 0x0a, 0x09, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x18, 0x05, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, + 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, + 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x2e, 0x4f, 0x70, + 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x09, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x1a, 0x0c, 0x0a, 0x0a, 0x54, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x74, 0x65, 0x64, + 0x1a, 0x0b, 0x0a, 0x09, 0x48, 0x65, 0x61, 0x72, 0x74, 0x62, 0x65, 0x61, 0x74, 0x42, 0x09, 0x0a, + 0x07, 0x50, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x22, 0x29, 0x0a, 0x0d, 0x4c, 0x65, 0x61, 0x64, + 0x65, 0x72, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x61, 0x64, 0x64, + 0x72, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x61, 0x64, 0x64, 0x72, + 0x65, 0x73, 0x73, 0x22, 0x5c, 0x0a, 0x0f, 0x45, 0x78, 0x70, 0x6f, 0x72, 0x74, 0x65, 0x64, 0x53, + 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x49, 0x0a, 0x05, 0x4e, 0x6f, 0x64, 0x65, 0x73, 0x18, + 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x33, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, + 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, + 0x6c, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x53, + 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4e, 0x6f, 0x64, 0x65, 0x52, 0x05, 0x4e, 0x6f, 0x64, 0x65, + 0x73, 0x2a, 0x52, 0x0a, 0x09, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x19, + 0x0a, 0x15, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x53, 0x50, + 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x14, 0x0a, 0x10, 0x4f, 0x50, 0x45, + 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x50, 0x53, 0x45, 0x52, 0x54, 0x10, 0x01, 0x12, + 0x14, 0x0a, 0x10, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x44, 0x45, 0x4c, + 0x45, 0x54, 0x45, 0x10, 0x02, 0x32, 0x9f, 0x01, 0x0a, 0x11, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, + 0x72, 0x65, 0x61, 0x6d, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x89, 0x01, 0x0a, 0x0f, + 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, + 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, + 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, + 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x2e, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x1a, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, + 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, + 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, + 0x2e, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x73, + 0x61, 0x67, 0x65, 0x28, 0x01, 0x30, 0x01, 0x42, 0x9f, 0x02, 0x0a, 0x28, 0x63, 0x6f, 0x6d, 0x2e, + 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, + 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x73, 0x74, + 0x72, 0x65, 0x61, 0x6d, 0x42, 0x0f, 0x50, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, + 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2e, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, + 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, + 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x70, 0x65, 0x65, + 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0xa2, 0x02, 0x04, 0x48, 0x43, 0x49, 0x50, 0xaa, 0x02, + 0x24, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, + 0x6c, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x73, + 0x74, 0x72, 0x65, 0x61, 0x6d, 0xca, 0x02, 0x24, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, + 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, + 0x6c, 0x5c, 0x50, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0xe2, 0x02, 0x30, 0x48, + 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, + 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5c, 0x50, 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, + 0x65, 0x61, 0x6d, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, + 0x02, 0x27, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, + 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x3a, 0x3a, 0x50, + 0x65, 0x65, 0x72, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x33, } var ( @@ -593,7 +654,7 @@ func file_proto_pbpeerstream_peerstream_proto_rawDescGZIP() []byte { } var file_proto_pbpeerstream_peerstream_proto_enumTypes = make([]protoimpl.EnumInfo, 1) -var file_proto_pbpeerstream_peerstream_proto_msgTypes = make([]protoimpl.MessageInfo, 6) +var file_proto_pbpeerstream_peerstream_proto_msgTypes = make([]protoimpl.MessageInfo, 7) var file_proto_pbpeerstream_peerstream_proto_goTypes = []interface{}{ (Operation)(0), // 0: hashicorp.consul.internal.peerstream.Operation (*ReplicationMessage)(nil), // 1: hashicorp.consul.internal.peerstream.ReplicationMessage @@ -602,25 +663,27 @@ var file_proto_pbpeerstream_peerstream_proto_goTypes = []interface{}{ (*ReplicationMessage_Request)(nil), // 4: hashicorp.consul.internal.peerstream.ReplicationMessage.Request (*ReplicationMessage_Response)(nil), // 5: hashicorp.consul.internal.peerstream.ReplicationMessage.Response (*ReplicationMessage_Terminated)(nil), // 6: hashicorp.consul.internal.peerstream.ReplicationMessage.Terminated - (*pbservice.CheckServiceNode)(nil), // 7: hashicorp.consul.internal.service.CheckServiceNode - (*pbstatus.Status)(nil), // 8: hashicorp.consul.internal.status.Status - (*anypb.Any)(nil), // 9: google.protobuf.Any + (*ReplicationMessage_Heartbeat)(nil), // 7: hashicorp.consul.internal.peerstream.ReplicationMessage.Heartbeat + (*pbservice.CheckServiceNode)(nil), // 8: hashicorp.consul.internal.service.CheckServiceNode + (*pbstatus.Status)(nil), // 9: hashicorp.consul.internal.status.Status + (*anypb.Any)(nil), // 10: google.protobuf.Any } var file_proto_pbpeerstream_peerstream_proto_depIdxs = []int32{ - 4, // 0: hashicorp.consul.internal.peerstream.ReplicationMessage.request:type_name -> hashicorp.consul.internal.peerstream.ReplicationMessage.Request - 5, // 1: hashicorp.consul.internal.peerstream.ReplicationMessage.response:type_name -> hashicorp.consul.internal.peerstream.ReplicationMessage.Response - 6, // 2: hashicorp.consul.internal.peerstream.ReplicationMessage.terminated:type_name -> hashicorp.consul.internal.peerstream.ReplicationMessage.Terminated - 7, // 3: hashicorp.consul.internal.peerstream.ExportedService.Nodes:type_name -> hashicorp.consul.internal.service.CheckServiceNode - 8, // 4: hashicorp.consul.internal.peerstream.ReplicationMessage.Request.Error:type_name -> hashicorp.consul.internal.status.Status - 9, // 5: hashicorp.consul.internal.peerstream.ReplicationMessage.Response.Resource:type_name -> google.protobuf.Any - 0, // 6: hashicorp.consul.internal.peerstream.ReplicationMessage.Response.operation:type_name -> hashicorp.consul.internal.peerstream.Operation - 1, // 7: hashicorp.consul.internal.peerstream.PeerStreamService.StreamResources:input_type -> hashicorp.consul.internal.peerstream.ReplicationMessage - 1, // 8: hashicorp.consul.internal.peerstream.PeerStreamService.StreamResources:output_type -> hashicorp.consul.internal.peerstream.ReplicationMessage - 8, // [8:9] is the sub-list for method output_type - 7, // [7:8] is the sub-list for method input_type - 7, // [7:7] is the sub-list for extension type_name - 7, // [7:7] is the sub-list for extension extendee - 0, // [0:7] is the sub-list for field type_name + 4, // 0: hashicorp.consul.internal.peerstream.ReplicationMessage.request:type_name -> hashicorp.consul.internal.peerstream.ReplicationMessage.Request + 5, // 1: hashicorp.consul.internal.peerstream.ReplicationMessage.response:type_name -> hashicorp.consul.internal.peerstream.ReplicationMessage.Response + 6, // 2: hashicorp.consul.internal.peerstream.ReplicationMessage.terminated:type_name -> hashicorp.consul.internal.peerstream.ReplicationMessage.Terminated + 7, // 3: hashicorp.consul.internal.peerstream.ReplicationMessage.heartbeat:type_name -> hashicorp.consul.internal.peerstream.ReplicationMessage.Heartbeat + 8, // 4: hashicorp.consul.internal.peerstream.ExportedService.Nodes:type_name -> hashicorp.consul.internal.service.CheckServiceNode + 9, // 5: hashicorp.consul.internal.peerstream.ReplicationMessage.Request.Error:type_name -> hashicorp.consul.internal.status.Status + 10, // 6: hashicorp.consul.internal.peerstream.ReplicationMessage.Response.Resource:type_name -> google.protobuf.Any + 0, // 7: hashicorp.consul.internal.peerstream.ReplicationMessage.Response.operation:type_name -> hashicorp.consul.internal.peerstream.Operation + 1, // 8: hashicorp.consul.internal.peerstream.PeerStreamService.StreamResources:input_type -> hashicorp.consul.internal.peerstream.ReplicationMessage + 1, // 9: hashicorp.consul.internal.peerstream.PeerStreamService.StreamResources:output_type -> hashicorp.consul.internal.peerstream.ReplicationMessage + 9, // [9:10] is the sub-list for method output_type + 8, // [8:9] is the sub-list for method input_type + 8, // [8:8] is the sub-list for extension type_name + 8, // [8:8] is the sub-list for extension extendee + 0, // [0:8] is the sub-list for field type_name } func init() { file_proto_pbpeerstream_peerstream_proto_init() } @@ -701,11 +764,24 @@ func file_proto_pbpeerstream_peerstream_proto_init() { return nil } } + file_proto_pbpeerstream_peerstream_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ReplicationMessage_Heartbeat); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } } file_proto_pbpeerstream_peerstream_proto_msgTypes[0].OneofWrappers = []interface{}{ (*ReplicationMessage_Request_)(nil), (*ReplicationMessage_Response_)(nil), (*ReplicationMessage_Terminated_)(nil), + (*ReplicationMessage_Heartbeat_)(nil), } type x struct{} out := protoimpl.TypeBuilder{ @@ -713,7 +789,7 @@ func file_proto_pbpeerstream_peerstream_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_proto_pbpeerstream_peerstream_proto_rawDesc, NumEnums: 1, - NumMessages: 6, + NumMessages: 7, NumExtensions: 0, NumServices: 1, }, diff --git a/proto/pbpeerstream/peerstream.proto b/proto/pbpeerstream/peerstream.proto index 54be6e4b7..cbd9e590b 100644 --- a/proto/pbpeerstream/peerstream.proto +++ b/proto/pbpeerstream/peerstream.proto @@ -25,6 +25,7 @@ message ReplicationMessage { Request request = 1; Response response = 2; Terminated terminated = 3; + Heartbeat heartbeat = 4; } // A Request requests to subscribe to a resource of a given type. @@ -69,6 +70,9 @@ message ReplicationMessage { // Terminated is sent when a peering is deleted locally. // This message signals to the peer that they should clean up their local state about the peering. message Terminated {} + + // Heartbeat is sent to verify that the connection is still active. + message Heartbeat {} } // Operation enumerates supported operations for replicated resources. From 7a58a4df96c2c237aec7404614f538485e8b775b Mon Sep 17 00:00:00 2001 From: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com> Date: Wed, 6 Jul 2022 18:24:03 -0400 Subject: [PATCH 784/785] docs: suggest using token header, not query param --- .../content/docs/agent/config/config-files.mdx | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/website/content/docs/agent/config/config-files.mdx b/website/content/docs/agent/config/config-files.mdx index 4506d80ff..a8eaba6d5 100644 --- a/website/content/docs/agent/config/config-files.mdx +++ b/website/content/docs/agent/config/config-files.mdx @@ -869,11 +869,12 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'." - `master` ((#acl_tokens_master)) **Renamed in Consul 1.11 to [`acl.tokens.initial_management`](#acl_tokens_initial_management).** - - `default` ((#acl_tokens_default)) - When provided, the agent will - use this token when making requests to the Consul servers. Clients can override - this token on a per-request basis by providing the "?token" query parameter. - When not provided, the empty token, which maps to the 'anonymous' ACL token, - is used. + - `default` ((#acl_tokens_default)) - When provided, this agent will + use this token by default when making requests to the Consul servers + instead of the [anonymous token](/docs/security/acl/acl-tokens#anonymous-token). + Consul HTTP API requests can provide an alternate token in their authorization header + to override the `default` or anonymous token on a per-request basis, + as described in [HTTP API Authentication](/api-docs#authentication). - `agent` ((#acl_tokens_agent)) - Used for clients and servers to perform internal operations. If this isn't specified, then the @@ -993,11 +994,7 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'." in the cache can be resolved during the outage using the replicated set of ACLs. - `acl_token` ((#acl_token_legacy)) - **Deprecated in Consul 1.4.0. See - the [`acl.tokens.default`](#acl_tokens_default) field instead.** When provided, - the agent will use this token when making requests to the Consul servers. Clients - can override this token on a per-request basis by providing the "?token" query - parameter. When not provided, the empty token, which maps to the 'anonymous' ACL - policy, is used. + the [`acl.tokens.default`](#acl_tokens_default) field instead.** - `acl_ttl` ((#acl_ttl_legacy)) - **Deprecated in Consul 1.4.0. See the [`acl.token_ttl`](#acl_token_ttl) field instead.**Used to control Time-To-Live From 4cec3bd9db99abc1055262d37741cf3e83695d14 Mon Sep 17 00:00:00 2001 From: Luke Kysow <1034429+lkysow@users.noreply.github.com> Date: Wed, 20 Jul 2022 15:48:18 -0700 Subject: [PATCH 785/785] Add send mutex to protect against concurrent sends (#13805) --- .../services/peerstream/stream_resources.go | 40 +++++++++++-------- 1 file changed, 24 insertions(+), 16 deletions(-) diff --git a/agent/grpc-external/services/peerstream/stream_resources.go b/agent/grpc-external/services/peerstream/stream_resources.go index c67f7da04..5c69d08a7 100644 --- a/agent/grpc-external/services/peerstream/stream_resources.go +++ b/agent/grpc-external/services/peerstream/stream_resources.go @@ -5,6 +5,7 @@ import ( "fmt" "io" "strings" + "sync" "github.com/golang/protobuf/jsonpb" "github.com/golang/protobuf/proto" @@ -204,6 +205,25 @@ func (s *Server) HandleStream(streamReq HandleStreamRequest) error { ) subCh := mgr.subscribe(streamReq.Stream.Context(), streamReq.LocalID, streamReq.PeerName, streamReq.Partition) + // We need a mutex to protect against simultaneous sends to the client. + var sendMutex sync.Mutex + + // streamSend is a helper function that sends msg over the stream + // respecting the send mutex. It also logs the send and calls status.TrackSendError + // on error. + streamSend := func(msg *pbpeerstream.ReplicationMessage) error { + logTraceSend(logger, msg) + + sendMutex.Lock() + err := streamReq.Stream.Send(msg) + sendMutex.Unlock() + + if err != nil { + status.TrackSendError(err.Error()) + } + return err + } + // Subscribe to all relevant resource types. for _, resourceURL := range []string{ pbpeerstream.TypeURLExportedService, @@ -213,16 +233,12 @@ func (s *Server) HandleStream(streamReq HandleStreamRequest) error { ResourceURL: resourceURL, PeerID: streamReq.RemoteID, }) - logTraceSend(logger, sub) - - if err := streamReq.Stream.Send(sub); err != nil { + if err := streamSend(sub); err != nil { if err == io.EOF { logger.Info("stream ended by peer") - status.TrackReceiveError(err.Error()) return nil } // TODO(peering) Test error handling in calls to Send/Recv - status.TrackSendError(err.Error()) return fmt.Errorf("failed to send subscription for %q to stream: %w", resourceURL, err) } } @@ -261,10 +277,7 @@ func (s *Server) HandleStream(streamReq HandleStreamRequest) error { Terminated: &pbpeerstream.ReplicationMessage_Terminated{}, }, } - logTraceSend(logger, term) - - if err := streamReq.Stream.Send(term); err != nil { - status.TrackSendError(err.Error()) + if err := streamSend(term); err != nil { return fmt.Errorf("failed to send to stream: %v", err) } @@ -401,9 +414,7 @@ func (s *Server) HandleStream(streamReq HandleStreamRequest) error { status.TrackReceiveSuccess() } - logTraceSend(logger, reply) - if err := streamReq.Stream.Send(reply); err != nil { - status.TrackSendError(err.Error()) + if err := streamSend(reply); err != nil { return fmt.Errorf("failed to send to stream: %v", err) } @@ -451,10 +462,7 @@ func (s *Server) HandleStream(streamReq HandleStreamRequest) error { } replResp := makeReplicationResponse(resp) - - logTraceSend(logger, replResp) - if err := streamReq.Stream.Send(replResp); err != nil { - status.TrackSendError(err.Error()) + if err := streamSend(replResp); err != nil { return fmt.Errorf("failed to push data for %q: %w", update.CorrelationID, err) } }